Skip to content

Make delete members API rate limit configurable

Abdul Wadood requested to merge 420321-configurable-member-deletion-rate-limit into master

What does this MR do and why?

In !118296 (merged), we rate limited the delete member API but the limit for too low for some self-managed users. So here we're making it configurable.

We have also introduced a JSONB column here to store all the application settings in a single column so we can move all the rate limit columns to a single column. See Move rate limits to application_settings.rate_l... (#423404).

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

image

Migration output

up 
bin/rails db:migrate
main: == [advisory_lock_connection] object_id: 183100, pg_backend_pid: 78758
main: == 20240110085226 AddRateLimitsToApplicationSettings: migrating ===============
main: -- add_column(:application_settings, :rate_limits, :jsonb, {:default=>{}, :null=>false})
main:    -> 0.0031s
main: == 20240110085226 AddRateLimitsToApplicationSettings: migrated (0.0062s) ======

main: == [advisory_lock_connection] object_id: 183100, pg_backend_pid: 78758
ci: == [advisory_lock_connection] object_id: 183400, pg_backend_pid: 78760
ci: == 20240110085226 AddRateLimitsToApplicationSettings: migrating ===============
ci: -- add_column(:application_settings, :rate_limits, :jsonb, {:default=>{}, :null=>false})
ci:    -> 0.0041s
ci: == 20240110085226 AddRateLimitsToApplicationSettings: migrated (0.0143s) ======

ci: == [advisory_lock_connection] object_id: 183400, pg_backend_pid: 78760
down 
VERSION=20240110085226 bin/rails db:rollback:main && bin/rails db:rollback:ci
main: == [advisory_lock_connection] object_id: 182680, pg_backend_pid: 77890
main: == 20240110085226 AddRateLimitsToApplicationSettings: reverting ===============
main: -- remove_column(:application_settings, :rate_limits, :jsonb, {:default=>{}, :null=>false})
main:    -> 0.0027s
main: == 20240110085226 AddRateLimitsToApplicationSettings: reverted (0.0077s) ======

main: == [advisory_lock_connection] object_id: 182680, pg_backend_pid: 77890
ci: == [advisory_lock_connection] object_id: 182620, pg_backend_pid: 78323
ci: == 20240110085226 AddRateLimitsToApplicationSettings: reverting ===============
ci: -- remove_column(:application_settings, :rate_limits, :jsonb, {:default=>{}, :null=>false})
ci:    -> 0.0031s
ci: == 20240110085226 AddRateLimitsToApplicationSettings: reverted (0.0145s) ======

ci: == [advisory_lock_connection] object_id: 182620, pg_backend_pid: 78323

How to set up and validate locally

  1. Follow the steps given in the doc added in this MR doc/administration/settings/rate_limit_on_members_api.md.
  2. Updating the rate limit should update the application settings value: ApplicationSetting.last.members_delete_limit.
  3. Check the ApplicationSetting.last.members_delete_limit value in the rails console.

Related to #420321 (closed)

Edited by Abdul Wadood

Merge request reports