Skip to content

feat: Implement bypass based on caller type in the regional frontend regional rate limiter#7662

Merged
fimanishi merged 9 commits intocadence-workflow:masterfrom
fimanishi:implement-frontend-ratelimiter-bypass-based-on-caller-type
Feb 4, 2026
Merged

feat: Implement bypass based on caller type in the regional frontend regional rate limiter#7662
fimanishi merged 9 commits intocadence-workflow:masterfrom
fimanishi:implement-frontend-ratelimiter-bypass-based-on-caller-type

Conversation

@fimanishi
Copy link
Member

@fimanishi fimanishi commented Jan 30, 2026

What changed?
Added bypass using callerType to regional frontend rate limiter #7654

Why?
Persistence rate limiter does discriminate between some call/caller types and provide specific quotas for that, but within user requests there is no discrimination. There may be situations that we need some requests to be allowed for debugging/mitigation purposes even if the rate limit has been reached. This change allows the definition of a list of caller type to be bypassed in the frontend regional rate limiter.

How did you test it?
Added tests to service/frontend/wrappers/ratelimited/ratelimit_test.go.

Potential risks

Release notes

Documentation Changes

Reviewer Validation

PR Description Quality (check these before reviewing code):

  • "What changed" provides a clear 1-2 line summary
    • Project Issue is linked
  • "Why" explains the full motivation with sufficient context
  • Testing is documented:
    • Unit test commands are included (with exact go test invocation)
    • Integration test setup/commands included (if integration tests were run)
    • Canary testing details included (if canary was mentioned)
  • Potential risks section is thoughtfully filled out (or legitimately N/A)
  • Release notes included if this completes a user-facing feature
  • Documentation needs are addressed (or noted if uncertain)

@fimanishi
feat: Implement bypass based on caller type in the regional frontend …
8d05af6 
…rate limiter

Signed-off-by: fimanishi <fimanishi@gmail.com>

# Conflicts:
#	common/dynamicconfig/dynamicproperties/constants.go
@fimanishi
Consolidate method and config
add80a1 
Signed-off-by: fimanishi <fimanishi@gmail.com>
@fimanishi
Consolidate method and config with the persistence rate limiter bypass
1eb05b0 
Signed-off-by: fimanishi <fimanishi@gmail.com>
@fimanishi fimanishi force-pushed the implement-frontend-ratelimiter-bypass-based-on-caller-type branch from 6b518d4 to 1eb05b0 Compare January 30, 2026 22:14
@fimanishi
Change signature for ShouldBypassRateLimit and regenerate files
71726c0 
Signed-off-by: fimanishi <fimanishi@gmail.com>
@fimanishi fimanishi marked this pull request as ready for review January 31, 2026 00:12
timl3136
timl3136 reviewed Feb 2, 2026
View reviewed changes
service/frontend/templates/ratelimited.tmpl Outdated
visibilityRateLimiter quotas.Policy,
asyncRateLimiter quotas.Policy,
maxWorkerPollDelay dynamicproperties.DurationPropertyFnWithDomainFilter,
dc *dynamicconfig.Collection,
Copy link
Member

@timl3136 timl3136 Feb 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it necessary to have the entire dynamicConfig inside the ratelimit? If we are only looking for a list of whitelist operations to bypass the ratelimiter, perhaps it makes more sense to only pass that list instead.

Copy link
Member

@natemort natemort Feb 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1, I think minimally we should align the way that we pass the maxWorkerPollDelay. Either pull both from the dynamicconfig or pass them both as functions.

natemort
natemort reviewed Feb 3, 2026
View reviewed changes
service/frontend/templates/ratelimited.tmpl Outdated
visibilityRateLimiter quotas.Policy,
asyncRateLimiter quotas.Policy,
maxWorkerPollDelay dynamicproperties.DurationPropertyFnWithDomainFilter,
dc *dynamicconfig.Collection,
Copy link
Member

@natemort natemort Feb 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1, I think minimally we should align the way that we pass the maxWorkerPollDelay. Either pull both from the dynamicconfig or pass them both as functions.

service/frontend/wrappers/ratelimited/ratelimit.go Outdated
}
}
if !policy.Allow(quotas.Info{Domain: domain}) {
callerInfo := types.GetCallerInfoFromContext(ctx)
Copy link
Member

@natemort natemort Feb 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there any way to move this logic into the Limiter/Policy to avoid repeating it here and in the persistence wrapper?

It might be really complicated to do, so "no" is a valid answer.

Copy link
Member Author

@fimanishi fimanishi Feb 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I could create a wrapper that does it, but I would have to create a wrapper for policy and for limiter, which would reduce duplication but still is specific to each one. Let me give it a try

Copy link
Member Author

@fimanishi fimanishi Feb 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Or I can try to just make this whole thing a method. It'll probably be better and I can use it for the wait as well

common/persistence/wrappers/templates/ratelimited.tmpl Outdated
if ok := c.rateLimiter.Allow(); !ok {
callerInfo := types.GetCallerInfoFromContext({{(index $method.Params 0).Name}})
if c.shouldBypassRateLimit(callerInfo.GetCallerType()) {
if c.dc != nil && types.ShouldBypassRateLimit(callerInfo.GetCallerType(), c.dc.GetListProperty(dynamicproperties.RateLimiterBypassCallerTypes)()) {
Copy link
Member

@natemort natemort Feb 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If possible, I'd prefer for this to be in a normal Go function rather than as part of a template. The generated code tends to be less tested and can be an easy source of bugs that we would normally catch.

@fimanishi
improve usage of dc and consolidate bypass methods
e082833 
Signed-off-by: fimanishi <fimanishi@gmail.com>
@fimanishi
add caller_bypass
4abfcf7 
Signed-off-by: fimanishi <fimanishi@gmail.com>
@fimanishi
remove addition of dc to service and use config instead
dc83c51 
Signed-off-by: fimanishi <fimanishi@gmail.com>
@fimanishi
fix config test
212a95b 
Signed-off-by: fimanishi <fimanishi@gmail.com>
@fimanishi
add one more test to TestCallerBypass_AllowPolicy
71ce6ad 
Signed-off-by: fimanishi <fimanishi@gmail.com>
@gitar-bot
Copy link

gitar-bot bot commented Feb 4, 2026
edited
Loading

Code Review ✅ Approved

Well-structured refactoring that consolidates rate limiter bypass logic into a reusable CallerBypass component. Clean separation of concerns with proper nil handling, unified config key, and comprehensive test coverage across both persistence and frontend rate limiters.

Options

Auto-apply is off → Gitar will not commit updates to this branch.
Display: compact → Showing less information.

Comment with these commands to change:

Auto-apply Compact 
gitar auto-apply:on         

gitar display:verbose

Was this helpful? React with 👍 / 👎 | Gitar

@fimanishi fimanishi merged commit 8fc0d0b into cadence-workflow:master Feb 4, 2026
42 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@timl3136 timl3136 timl3136 left review comments

@natemort natemort natemort approved these changes

@adhityamamallan adhityamamallan Awaiting requested review from adhityamamallan adhityamamallan is a code owner

@macrotim macrotim Awaiting requested review from macrotim macrotim is a code owner

@Assem-Uber Assem-Uber Awaiting requested review from Assem-Uber Assem-Uber is a code owner

@abhishekj720 abhishekj720 Awaiting requested review from abhishekj720 abhishekj720 is a code owner

@bowenxia bowenxia Awaiting requested review from bowenxia bowenxia is a code owner

@eleonoradgr eleonoradgr Awaiting requested review from eleonoradgr eleonoradgr is a code owner

@gazi-yestemirova gazi-yestemirova Awaiting requested review from gazi-yestemirova gazi-yestemirova is a code owner

@arzonus arzonus Awaiting requested review from arzonus arzonus is a code owner

@c-warren c-warren Awaiting requested review from c-warren c-warren is a code owner

@Shaddoll Shaddoll Awaiting requested review from Shaddoll Shaddoll is a code owner

@neil-xie neil-xie Awaiting requested review from neil-xie neil-xie is a code owner

@davidporter-id-au davidporter-id-au Awaiting requested review from davidporter-id-au davidporter-id-au is a code owner

@shijiesheng shijiesheng Awaiting requested review from shijiesheng shijiesheng is a code owner

@jakobht jakobht Awaiting requested review from jakobht jakobht is a code owner

@sankari165 sankari165 Awaiting requested review from sankari165 sankari165 is a code owner

@dkrotx dkrotx Awaiting requested review from dkrotx dkrotx is a code owner

@demirkayaender demirkayaender Awaiting requested review from demirkayaender demirkayaender is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@fimanishi @natemort @timl3136