mirror of
https://github.com/openziti/zrok.git
synced 2024-11-25 01:23:49 +01:00
share_frontends implementation and testing (#650)
This commit is contained in:
parent
f174abd18f
commit
24777a77c8
@ -197,8 +197,14 @@ func (a *Agent) CanAccessShare(shrId int, trx *sqlx.Tx) (bool, error) {
|
|||||||
rc = scopeRc
|
rc = scopeRc
|
||||||
}
|
}
|
||||||
if rc.GetShareFrontends() > store.Unlimited {
|
if rc.GetShareFrontends() > store.Unlimited {
|
||||||
// TODO: Implement frontends+1 check
|
fes, err := a.str.FindFrontendsForPrivateShare(shr.Id, trx)
|
||||||
return true, nil
|
if err != nil {
|
||||||
|
return false, err
|
||||||
|
}
|
||||||
|
if len(fes)+1 > rc.GetShareFrontends() {
|
||||||
|
logrus.Infof("account '#%d' over frontends per share limit '%d'", *env.AccountId, rc.GetReservedShares())
|
||||||
|
return false, nil
|
||||||
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
return false, nil
|
return false, nil
|
||||||
|
@ -42,5 +42,5 @@ func (rcc *configResourceCountClass) GetShareFrontends() int {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (rcc *configResourceCountClass) String() string {
|
func (rcc *configResourceCountClass) String() string {
|
||||||
return fmt.Sprintf("Config<environments: %d, shares: %d, reservedShares: %d, uniqueNames: %d>", rcc.cfg.Environments, rcc.cfg.Shares, rcc.cfg.ReservedShares, rcc.cfg.UniqueNames)
|
return fmt.Sprintf("Config<environments: %d, shares: %d, reservedShares: %d, uniqueNames: %d, share_frontends: %d>", rcc.cfg.Environments, rcc.cfg.Shares, rcc.cfg.ReservedShares, rcc.cfg.UniqueNames, rcc.cfg.ShareFrontends)
|
||||||
}
|
}
|
||||||
|
@ -42,7 +42,6 @@ func (ul *userLimits) ignoreBackends(bwc store.BandwidthClass) map[sdk.BackendMo
|
|||||||
}
|
}
|
||||||
return ignoreBackends
|
return ignoreBackends
|
||||||
}
|
}
|
||||||
return nil
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func (a *Agent) getUserLimits(acctId int, trx *sqlx.Tx) (*userLimits, error) {
|
func (a *Agent) getUserLimits(acctId int, trx *sqlx.Tx) (*userLimits, error) {
|
||||||
@ -85,7 +84,7 @@ func (a *Agent) isResourceCountClass(alc *store.LimitClass) bool {
|
|||||||
if alc.BackendMode != nil {
|
if alc.BackendMode != nil {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
if alc.Environments == store.Unlimited && alc.Shares == store.Unlimited && alc.ReservedShares == store.Unlimited && alc.UniqueNames == store.Unlimited {
|
if alc.Environments == store.Unlimited && alc.Shares == store.Unlimited && alc.ReservedShares == store.Unlimited && alc.UniqueNames == store.Unlimited && alc.ShareFrontends == store.Unlimited {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
return true
|
return true
|
||||||
@ -95,7 +94,7 @@ func (a *Agent) isUnscopedBandwidthClass(alc *store.LimitClass) bool {
|
|||||||
if alc.BackendMode != nil {
|
if alc.BackendMode != nil {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
if alc.Environments > store.Unlimited || alc.Shares > store.Unlimited || alc.ReservedShares > store.Unlimited || alc.UniqueNames > store.Unlimited {
|
if alc.Environments > store.Unlimited || alc.Shares > store.Unlimited || alc.ReservedShares > store.Unlimited || alc.UniqueNames > store.Unlimited || alc.ShareFrontends > store.Unlimited {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
if alc.PeriodMinutes < 1 {
|
if alc.PeriodMinutes < 1 {
|
||||||
|
@ -128,7 +128,7 @@ func (lc LimitClass) String() string {
|
|||||||
out += fmt.Sprintf(", uniqueNames: %d", lc.UniqueNames)
|
out += fmt.Sprintf(", uniqueNames: %d", lc.UniqueNames)
|
||||||
}
|
}
|
||||||
if lc.ShareFrontends > Unlimited {
|
if lc.ShareFrontends > Unlimited {
|
||||||
out += fmt.Sprintf(", frontends: %d", lc.ShareFrontends)
|
out += fmt.Sprintf(", shareFrontends: %d", lc.ShareFrontends)
|
||||||
}
|
}
|
||||||
if lc.RxBytes > Unlimited || lc.TxBytes > Unlimited || lc.TotalBytes > Unlimited {
|
if lc.RxBytes > Unlimited || lc.TxBytes > Unlimited || lc.TotalBytes > Unlimited {
|
||||||
out += fmt.Sprintf(", periodMinutes: %d", lc.PeriodMinutes)
|
out += fmt.Sprintf(", periodMinutes: %d", lc.PeriodMinutes)
|
||||||
|
@ -20,7 +20,7 @@ The limits agent is responsible for controlling the number of resources in use (
|
|||||||
|
|
||||||
### Types of Limits
|
### Types of Limits
|
||||||
|
|
||||||
Limits can be specified that control the number of environments, shares, reserved shares, and unique names that can be created by an account. Limits that control the allowed number of resources are called _resource count limits_.
|
Limits can be specified that control the number of environments, shares, reserved shares, unique names, and frontends per-share that can be created by an account. Limits that control the allowed number of resources are called _resource count limits_.
|
||||||
|
|
||||||
Limits can be specified to control the amount of data that can be transferred within a time period. Limits that control the amount of data that can be transferred are called _bandwidth limits_.
|
Limits can be specified to control the amount of data that can be transferred within a time period. Limits that control the amount of data that can be transferred are called _bandwidth limits_.
|
||||||
|
|
||||||
@ -40,6 +40,7 @@ limits:
|
|||||||
shares: -1
|
shares: -1
|
||||||
reserved_shares: -1
|
reserved_shares: -1
|
||||||
unique_names: -1
|
unique_names: -1
|
||||||
|
share_frontends: -1
|
||||||
bandwidth:
|
bandwidth:
|
||||||
period: 5m
|
period: 5m
|
||||||
warning:
|
warning:
|
||||||
@ -64,7 +65,7 @@ The `cycle` value controls how frequently the limits agent will evaluate enforce
|
|||||||
|
|
||||||
### Global Resouce Count Limits
|
### Global Resouce Count Limits
|
||||||
|
|
||||||
The `environments`, `shares`, `reserved_shares`, and `unique_names` specify the resource count limits, globally for the service instance.
|
The `environments`, `shares`, `reserved_shares`, `unique_names`, and `share_frontends` specify the resource count limits, globally for the service instance.
|
||||||
|
|
||||||
These resource counts will be applied to all users in the service instance by default.
|
These resource counts will be applied to all users in the service instance by default.
|
||||||
|
|
||||||
@ -96,6 +97,7 @@ CREATE TABLE public.limit_classes (
|
|||||||
shares integer DEFAULT '-1'::integer NOT NULL,
|
shares integer DEFAULT '-1'::integer NOT NULL,
|
||||||
reserved_shares integer DEFAULT '-1'::integer NOT NULL,
|
reserved_shares integer DEFAULT '-1'::integer NOT NULL,
|
||||||
unique_names integer DEFAULT '-1'::integer NOT NULL,
|
unique_names integer DEFAULT '-1'::integer NOT NULL,
|
||||||
|
share_frontends integer DEFAULT '-1'::integer NOT NULL,
|
||||||
period_minutes integer DEFAULT 1440 NOT NULL,
|
period_minutes integer DEFAULT 1440 NOT NULL,
|
||||||
rx_bytes bigint DEFAULT '-1'::integer NOT NULL,
|
rx_bytes bigint DEFAULT '-1'::integer NOT NULL,
|
||||||
tx_bytes bigint DEFAULT '-1'::integer NOT NULL,
|
tx_bytes bigint DEFAULT '-1'::integer NOT NULL,
|
||||||
@ -130,7 +132,7 @@ Create a row in this table linking the `account_id` to the `limit_class_id` to a
|
|||||||
To support overriding the resource count limits defined in the global limits configuration, a site administrator can create a limit class by inserting a row into the `limit_classes` table structured like this:
|
To support overriding the resource count limits defined in the global limits configuration, a site administrator can create a limit class by inserting a row into the `limit_classes` table structured like this:
|
||||||
|
|
||||||
```sql
|
```sql
|
||||||
insert into limit_classes (environments, shares, reserved_shares, unique_names) values (1, 1, 1, 1);
|
insert into limit_classes (environments, shares, reserved_shares, unique_names, share_frontends) values (1, 1, 1, 1, 1);
|
||||||
```
|
```
|
||||||
|
|
||||||
This creates a limit class that sets the `environments`, `shares`, `reserved_shares`, and `unique_names` all to `1`.
|
This creates a limit class that sets the `environments`, `shares`, `reserved_shares`, and `unique_names` all to `1`.
|
||||||
|
@ -83,6 +83,7 @@ limits:
|
|||||||
shares: -1
|
shares: -1
|
||||||
reserved_shares: -1
|
reserved_shares: -1
|
||||||
unique_names: -1
|
unique_names: -1
|
||||||
|
share_frontends: -1
|
||||||
bandwidth:
|
bandwidth:
|
||||||
period: 5m
|
period: 5m
|
||||||
warning:
|
warning:
|
||||||
|
Loading…
Reference in New Issue
Block a user