diff --git a/doc/api_samples/limit-get-resp.json b/doc/api_samples/limit-get-resp.json
index e11c3ee8eaad..967633dfcb39 100644
--- a/doc/api_samples/limit-get-resp.json
+++ b/doc/api_samples/limit-get-resp.json
@@ -18,23 +18,23 @@
"limit": [
{
"next-available": "2012-11-27T17:22:18Z",
- "remaining": 10,
+ "remaining": 120,
"unit": "MINUTE",
- "value": 10,
+ "value": 120,
"verb": "POST"
},
{
"next-available": "2012-11-27T17:22:18Z",
- "remaining": 10,
+ "remaining": 120,
"unit": "MINUTE",
- "value": 10,
+ "value": 120,
"verb": "PUT"
},
{
"next-available": "2012-11-27T17:22:18Z",
- "remaining": 100,
+ "remaining": 120,
"unit": "MINUTE",
- "value": 100,
+ "value": 120,
"verb": "DELETE"
}
],
@@ -45,9 +45,9 @@
"limit": [
{
"next-available": "2012-11-27T17:22:18Z",
- "remaining": 50,
- "unit": "DAY",
- "value": 50,
+ "remaining": 120,
+ "unit": "MINUTE",
+ "value": 120,
"verb": "POST"
}
],
@@ -58,9 +58,9 @@
"limit": [
{
"next-available": "2012-11-27T17:22:18Z",
- "remaining": 3,
+ "remaining": 120,
"unit": "MINUTE",
- "value": 3,
+ "value": 120,
"verb": "GET"
}
],
@@ -72,7 +72,7 @@
{
"next-available": "2012-11-27T17:22:18Z",
"remaining": 12,
- "unit": "HOUR",
+ "unit": "MINUTE",
"value": 12,
"verb": "GET"
}
@@ -82,4 +82,4 @@
}
]
}
-}
\ No newline at end of file
+}
diff --git a/doc/api_samples/limit-get-resp.xml b/doc/api_samples/limit-get-resp.xml
index d8c197091982..02c96ed78205 100644
--- a/doc/api_samples/limit-get-resp.xml
+++ b/doc/api_samples/limit-get-resp.xml
@@ -2,18 +2,18 @@
-
-
-
+
+
+
-
+
-
+
-
+
@@ -29,4 +29,4 @@
-
\ No newline at end of file
+
diff --git a/doc/api_samples/os-used-limits-for-admin/usedlimitsforadmin-get-resp.json b/doc/api_samples/os-used-limits-for-admin/usedlimitsforadmin-get-resp.json
index c5593b7e7911..3522140ee8fc 100644
--- a/doc/api_samples/os-used-limits-for-admin/usedlimitsforadmin-get-resp.json
+++ b/doc/api_samples/os-used-limits-for-admin/usedlimitsforadmin-get-resp.json
@@ -23,23 +23,23 @@
"limit": [
{
"next-available": "2012-11-27T17:24:52Z",
- "remaining": 10,
+ "remaining": 120,
"unit": "MINUTE",
- "value": 10,
+ "value": 120,
"verb": "POST"
},
{
"next-available": "2012-11-27T17:24:52Z",
- "remaining": 10,
+ "remaining": 120,
"unit": "MINUTE",
- "value": 10,
+ "value": 120,
"verb": "PUT"
},
{
"next-available": "2012-11-27T17:24:52Z",
- "remaining": 100,
+ "remaining": 120,
"unit": "MINUTE",
- "value": 100,
+ "value": 120,
"verb": "DELETE"
}
],
@@ -50,9 +50,9 @@
"limit": [
{
"next-available": "2012-11-27T17:24:52Z",
- "remaining": 50,
- "unit": "DAY",
- "value": 50,
+ "remaining": 120,
+ "unit": "MINUTE",
+ "value": 120,
"verb": "POST"
}
],
@@ -63,9 +63,9 @@
"limit": [
{
"next-available": "2012-11-27T17:24:52Z",
- "remaining": 3,
+ "remaining": 120,
"unit": "MINUTE",
- "value": 3,
+ "value": 120,
"verb": "GET"
}
],
@@ -77,7 +77,7 @@
{
"next-available": "2012-11-27T17:24:52Z",
"remaining": 12,
- "unit": "HOUR",
+ "unit": "MINUTE",
"value": 12,
"verb": "GET"
}
@@ -87,4 +87,4 @@
}
]
}
-}
\ No newline at end of file
+}
diff --git a/doc/api_samples/os-used-limits-for-admin/usedlimitsforadmin-get-resp.xml b/doc/api_samples/os-used-limits-for-admin/usedlimitsforadmin-get-resp.xml
index c2b0572e5c51..a403c5eff507 100644
--- a/doc/api_samples/os-used-limits-for-admin/usedlimitsforadmin-get-resp.xml
+++ b/doc/api_samples/os-used-limits-for-admin/usedlimitsforadmin-get-resp.xml
@@ -2,18 +2,18 @@
-
-
-
+
+
+
-
+
-
+
-
+
@@ -34,4 +34,4 @@
-
\ No newline at end of file
+
diff --git a/doc/api_samples/os-used-limits/usedlimits-get-resp.json b/doc/api_samples/os-used-limits/usedlimits-get-resp.json
index c5593b7e7911..3522140ee8fc 100644
--- a/doc/api_samples/os-used-limits/usedlimits-get-resp.json
+++ b/doc/api_samples/os-used-limits/usedlimits-get-resp.json
@@ -23,23 +23,23 @@
"limit": [
{
"next-available": "2012-11-27T17:24:52Z",
- "remaining": 10,
+ "remaining": 120,
"unit": "MINUTE",
- "value": 10,
+ "value": 120,
"verb": "POST"
},
{
"next-available": "2012-11-27T17:24:52Z",
- "remaining": 10,
+ "remaining": 120,
"unit": "MINUTE",
- "value": 10,
+ "value": 120,
"verb": "PUT"
},
{
"next-available": "2012-11-27T17:24:52Z",
- "remaining": 100,
+ "remaining": 120,
"unit": "MINUTE",
- "value": 100,
+ "value": 120,
"verb": "DELETE"
}
],
@@ -50,9 +50,9 @@
"limit": [
{
"next-available": "2012-11-27T17:24:52Z",
- "remaining": 50,
- "unit": "DAY",
- "value": 50,
+ "remaining": 120,
+ "unit": "MINUTE",
+ "value": 120,
"verb": "POST"
}
],
@@ -63,9 +63,9 @@
"limit": [
{
"next-available": "2012-11-27T17:24:52Z",
- "remaining": 3,
+ "remaining": 120,
"unit": "MINUTE",
- "value": 3,
+ "value": 120,
"verb": "GET"
}
],
@@ -77,7 +77,7 @@
{
"next-available": "2012-11-27T17:24:52Z",
"remaining": 12,
- "unit": "HOUR",
+ "unit": "MINUTE",
"value": 12,
"verb": "GET"
}
@@ -87,4 +87,4 @@
}
]
}
-}
\ No newline at end of file
+}
diff --git a/doc/api_samples/os-used-limits/usedlimits-get-resp.xml b/doc/api_samples/os-used-limits/usedlimits-get-resp.xml
index c2b0572e5c51..a403c5eff507 100644
--- a/doc/api_samples/os-used-limits/usedlimits-get-resp.xml
+++ b/doc/api_samples/os-used-limits/usedlimits-get-resp.xml
@@ -2,18 +2,18 @@
-
-
-
+
+
+
-
+
-
+
-
+
@@ -34,4 +34,4 @@
-
\ No newline at end of file
+
diff --git a/nova/api/auth.py b/nova/api/auth.py
index cc82645675ff..6b85a9de6719 100644
--- a/nova/api/auth.py
+++ b/nova/api/auth.py
@@ -31,7 +31,7 @@ from nova import wsgi
auth_opts = [
cfg.BoolOpt('api_rate_limit',
default=True,
- help='whether to rate limit the api'),
+ help='whether to use per-user rate limiting for the api.'),
cfg.StrOpt('auth_strategy',
default='noauth',
help='The strategy to use for auth: noauth or keystone.'),
diff --git a/nova/api/openstack/compute/limits.py b/nova/api/openstack/compute/limits.py
index 107f40436d50..c69ca768244f 100644
--- a/nova/api/openstack/compute/limits.py
+++ b/nova/api/openstack/compute/limits.py
@@ -15,6 +15,17 @@
"""
Module dedicated functions/classes dealing with rate limiting requests.
+
+This module handles rate liming at a per-user level, so it should not be used
+to prevent intentional Denial of Service attacks, as we can assume a DOS can
+easily come through multiple user accounts. DOS protection should be done at a
+different layer. Instead this module should be used to protect against
+unintentional user actions. With that in mind the limits set here should be
+high enough as to not rate-limit any intentional actions.
+
+To find good rate-limit values, check how long requests are taking (see logs)
+in your environment to assess your capabilities and multiply out to get
+figures.
"""
import collections
@@ -210,13 +221,13 @@ class Limit(object):
# a regular-expression to match, value and unit of measure (PER_DAY, etc.)
DEFAULT_LIMITS = [
- Limit("POST", "*", ".*", 10, utils.TIME_UNITS['MINUTE']),
- Limit("POST", "*/servers", "^/servers", 50, utils.TIME_UNITS['DAY']),
- Limit("PUT", "*", ".*", 10, utils.TIME_UNITS['MINUTE']),
- Limit("GET", "*changes-since*", ".*changes-since.*", 3,
+ Limit("POST", "*", ".*", 120, utils.TIME_UNITS['MINUTE']),
+ Limit("POST", "*/servers", "^/servers", 120, utils.TIME_UNITS['MINUTE']),
+ Limit("PUT", "*", ".*", 120, utils.TIME_UNITS['MINUTE']),
+ Limit("GET", "*changes-since*", ".*changes-since.*", 120,
utils.TIME_UNITS['MINUTE']),
- Limit("DELETE", "*", ".*", 100, utils.TIME_UNITS['MINUTE']),
- Limit("GET", "*/os-fping", "^/os-fping", 12, utils.TIME_UNITS['HOUR']),
+ Limit("DELETE", "*", ".*", 120, utils.TIME_UNITS['MINUTE']),
+ Limit("GET", "*/os-fping", "^/os-fping", 12, utils.TIME_UNITS['MINUTE']),
]
diff --git a/nova/tests/integrated/api_samples/limit-get-resp.json.tpl b/nova/tests/integrated/api_samples/limit-get-resp.json.tpl
index a86d5faa277e..50565d1cd140 100644
--- a/nova/tests/integrated/api_samples/limit-get-resp.json.tpl
+++ b/nova/tests/integrated/api_samples/limit-get-resp.json.tpl
@@ -18,23 +18,23 @@
"limit": [
{
"next-available": "%(timestamp)s",
- "remaining": 10,
+ "remaining": 120,
"unit": "MINUTE",
- "value": 10,
+ "value": 120,
"verb": "POST"
},
{
"next-available": "%(timestamp)s",
- "remaining": 10,
+ "remaining": 120,
"unit": "MINUTE",
- "value": 10,
+ "value": 120,
"verb": "PUT"
},
{
"next-available": "%(timestamp)s",
- "remaining": 100,
+ "remaining": 120,
"unit": "MINUTE",
- "value": 100,
+ "value": 120,
"verb": "DELETE"
}
],
@@ -45,9 +45,9 @@
"limit": [
{
"next-available": "%(timestamp)s",
- "remaining": 50,
- "unit": "DAY",
- "value": 50,
+ "remaining": 120,
+ "unit": "MINUTE",
+ "value": 120,
"verb": "POST"
}
],
@@ -58,9 +58,9 @@
"limit": [
{
"next-available": "%(timestamp)s",
- "remaining": 3,
+ "remaining": 120,
"unit": "MINUTE",
- "value": 3,
+ "value": 120,
"verb": "GET"
}
],
@@ -72,7 +72,7 @@
{
"next-available": "%(timestamp)s",
"remaining": 12,
- "unit": "HOUR",
+ "unit": "MINUTE",
"value": 12,
"verb": "GET"
}
diff --git a/nova/tests/integrated/api_samples/limit-get-resp.xml.tpl b/nova/tests/integrated/api_samples/limit-get-resp.xml.tpl
index 6f92bcee6994..1e33d04b347f 100644
--- a/nova/tests/integrated/api_samples/limit-get-resp.xml.tpl
+++ b/nova/tests/integrated/api_samples/limit-get-resp.xml.tpl
@@ -2,18 +2,18 @@
-
-
-
+
+
+
-
+
-
+
-
+
diff --git a/nova/tests/integrated/api_samples/os-used-limits-for-admin/usedlimitsforadmin-get-resp.json.tpl b/nova/tests/integrated/api_samples/os-used-limits-for-admin/usedlimitsforadmin-get-resp.json.tpl
index d83dd87c31f5..fcf2f5200ef9 100644
--- a/nova/tests/integrated/api_samples/os-used-limits-for-admin/usedlimitsforadmin-get-resp.json.tpl
+++ b/nova/tests/integrated/api_samples/os-used-limits-for-admin/usedlimitsforadmin-get-resp.json.tpl
@@ -23,23 +23,23 @@
"limit": [
{
"next-available": "%(timestamp)s",
- "remaining": 10,
+ "remaining": 120,
"unit": "MINUTE",
- "value": 10,
+ "value": 120,
"verb": "POST"
},
{
"next-available": "%(timestamp)s",
- "remaining": 10,
+ "remaining": 120,
"unit": "MINUTE",
- "value": 10,
+ "value": 120,
"verb": "PUT"
},
{
"next-available": "%(timestamp)s",
- "remaining": 100,
+ "remaining": 120,
"unit": "MINUTE",
- "value": 100,
+ "value": 120,
"verb": "DELETE"
}
],
@@ -50,9 +50,9 @@
"limit": [
{
"next-available": "%(timestamp)s",
- "remaining": 50,
- "unit": "DAY",
- "value": 50,
+ "remaining": 120,
+ "unit": "MINUTE",
+ "value": 120,
"verb": "POST"
}
],
@@ -63,9 +63,9 @@
"limit": [
{
"next-available": "%(timestamp)s",
- "remaining": 3,
+ "remaining": 120,
"unit": "MINUTE",
- "value": 3,
+ "value": 120,
"verb": "GET"
}
],
@@ -77,7 +77,7 @@
{
"next-available": "%(timestamp)s",
"remaining": 12,
- "unit": "HOUR",
+ "unit": "MINUTE",
"value": 12,
"verb": "GET"
}
diff --git a/nova/tests/integrated/api_samples/os-used-limits-for-admin/usedlimitsforadmin-get-resp.xml.tpl b/nova/tests/integrated/api_samples/os-used-limits-for-admin/usedlimitsforadmin-get-resp.xml.tpl
index c1b9076704e8..7a5e41ef9888 100644
--- a/nova/tests/integrated/api_samples/os-used-limits-for-admin/usedlimitsforadmin-get-resp.xml.tpl
+++ b/nova/tests/integrated/api_samples/os-used-limits-for-admin/usedlimitsforadmin-get-resp.xml.tpl
@@ -2,18 +2,18 @@
-
-
-
+
+
+
-
+
-
+
-
+
diff --git a/nova/tests/integrated/api_samples/os-used-limits/usedlimits-get-resp.json.tpl b/nova/tests/integrated/api_samples/os-used-limits/usedlimits-get-resp.json.tpl
index d83dd87c31f5..fcf2f5200ef9 100644
--- a/nova/tests/integrated/api_samples/os-used-limits/usedlimits-get-resp.json.tpl
+++ b/nova/tests/integrated/api_samples/os-used-limits/usedlimits-get-resp.json.tpl
@@ -23,23 +23,23 @@
"limit": [
{
"next-available": "%(timestamp)s",
- "remaining": 10,
+ "remaining": 120,
"unit": "MINUTE",
- "value": 10,
+ "value": 120,
"verb": "POST"
},
{
"next-available": "%(timestamp)s",
- "remaining": 10,
+ "remaining": 120,
"unit": "MINUTE",
- "value": 10,
+ "value": 120,
"verb": "PUT"
},
{
"next-available": "%(timestamp)s",
- "remaining": 100,
+ "remaining": 120,
"unit": "MINUTE",
- "value": 100,
+ "value": 120,
"verb": "DELETE"
}
],
@@ -50,9 +50,9 @@
"limit": [
{
"next-available": "%(timestamp)s",
- "remaining": 50,
- "unit": "DAY",
- "value": 50,
+ "remaining": 120,
+ "unit": "MINUTE",
+ "value": 120,
"verb": "POST"
}
],
@@ -63,9 +63,9 @@
"limit": [
{
"next-available": "%(timestamp)s",
- "remaining": 3,
+ "remaining": 120,
"unit": "MINUTE",
- "value": 3,
+ "value": 120,
"verb": "GET"
}
],
@@ -77,7 +77,7 @@
{
"next-available": "%(timestamp)s",
"remaining": 12,
- "unit": "HOUR",
+ "unit": "MINUTE",
"value": 12,
"verb": "GET"
}
diff --git a/nova/tests/integrated/api_samples/os-used-limits/usedlimits-get-resp.xml.tpl b/nova/tests/integrated/api_samples/os-used-limits/usedlimits-get-resp.xml.tpl
index c1b9076704e8..7a5e41ef9888 100644
--- a/nova/tests/integrated/api_samples/os-used-limits/usedlimits-get-resp.xml.tpl
+++ b/nova/tests/integrated/api_samples/os-used-limits/usedlimits-get-resp.xml.tpl
@@ -2,18 +2,18 @@
-
-
-
+
+
+
-
+
-
+
-
+