mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-06 06:37:02 +02:00
7ad778541e
This PR flips the logic for the Request Limiter, setting it to default disabled. We allow users to turn on the global Request Limiter, but leave the Listener configuration as a "disable per Listener".
59 lines
1.3 KiB
Go
59 lines
1.3 KiB
Go
// Copyright (c) HashiCorp, Inc.
|
|
// SPDX-License-Identifier: BUSL-1.1
|
|
|
|
package configutil
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
"github.com/hashicorp/go-multierror"
|
|
"github.com/hashicorp/go-secure-stdlib/parseutil"
|
|
"github.com/hashicorp/hcl"
|
|
"github.com/hashicorp/hcl/hcl/ast"
|
|
)
|
|
|
|
type RequestLimiter struct {
|
|
UnusedKeys UnusedKeyMap `hcl:",unusedKeyPositions"`
|
|
|
|
Disable bool `hcl:"-"`
|
|
DisableRaw interface{} `hcl:"disable"`
|
|
}
|
|
|
|
func (r *RequestLimiter) Validate(source string) []ConfigError {
|
|
return ValidateUnusedFields(r.UnusedKeys, source)
|
|
}
|
|
|
|
func (r *RequestLimiter) GoString() string {
|
|
return fmt.Sprintf("*%#v", *r)
|
|
}
|
|
|
|
var DefaultRequestLimiter = &RequestLimiter{
|
|
Disable: true,
|
|
}
|
|
|
|
func parseRequestLimiter(result *SharedConfig, list *ast.ObjectList) error {
|
|
if len(list.Items) > 1 {
|
|
return fmt.Errorf("only one 'request_limiter' block is permitted")
|
|
}
|
|
|
|
result.RequestLimiter = DefaultRequestLimiter
|
|
|
|
// Get our one item
|
|
item := list.Items[0]
|
|
|
|
if err := hcl.DecodeObject(&result.RequestLimiter, item.Val); err != nil {
|
|
return multierror.Prefix(err, "request_limiter:")
|
|
}
|
|
|
|
result.RequestLimiter.Disable = true
|
|
if result.RequestLimiter.DisableRaw != nil {
|
|
var err error
|
|
if result.RequestLimiter.Disable, err = parseutil.ParseBool(result.RequestLimiter.DisableRaw); err != nil {
|
|
return err
|
|
}
|
|
result.RequestLimiter.DisableRaw = nil
|
|
}
|
|
|
|
return nil
|
|
}
|