{"host": "ms-fe2009.codfw.wmnet", "state": "core_diff", "description": "Differences to core resources", "diff": {"full": {"total": 3374, "only_in_self": [], "only_in_other": [], "resource_diffs": [{"resource": "Envoyproxy::Conf[cluster_ratelimit]"}, {"resource": "Envoyproxy::Listener[tls_terminator_443]"}, {"resource": "File[/etc/envoy/clusters.d/01-cluster_ratelimit.yaml]", "content": "--- /etc/envoy/clusters.d/01-cluster_ratelimit.yaml.orig\n+++ /etc/envoy/clusters.d/01-cluster_ratelimit.yaml\n@@ -1,5 +1,5 @@\n name: ratelimit\n-type: static\n+type: STRICT_DNS\n connect_timeout: 0.25s\n lb_policy: ROUND_ROBIN\n typed_extension_protocol_options:"}, {"resource": "File[/etc/envoy/listeners.d/00-tls_terminator_443.yaml]", "content": "--- /etc/envoy/listeners.d/00-tls_terminator_443.yaml.orig\n+++ /etc/envoy/listeners.d/00-tls_terminator_443.yaml\n@@ -41,26 +41,26 @@\n retry_policy:\n num_retries: 1\n retry_on: \"5xx\"\n- typed_per_filter_config:\n- envoy.filters.http.ratelimit.resp:\n- \"@type\": type.googleapis.com/envoy.extensions.filters.http.ratelimit.v3.RateLimitPerRoute\n- rate_limits:\n- - hits_addend:\n- format: \"%BYTES_SENT%\"\n- apply_on_stream_done: true\n- # NOTE: If one of the headers referenced below is not set, the rate limit is not applied.\n- actions:\n- # Provide the user's identity (x-client-ip is set at the edge) as the counter key\n- - request_headers:\n- descriptor_key: user_id\n- header_name: x-client-ip\n- # Hardcode the policy and user class for now\n- - generic_key:\n- descriptor_key: policy\n- descriptor_value: thumbnails\n- - generic_key:\n- descriptor_key: user_class\n- descriptor_value: anon\n+ typed_per_filter_config:\n+ envoy.filters.http.ratelimit.resp:\n+ \"@type\": type.googleapis.com/envoy.extensions.filters.http.ratelimit.v3.RateLimitPerRoute\n+ rate_limits:\n+ - hits_addend:\n+ format: \"%BYTES_SENT%\"\n+ apply_on_stream_done: true\n+ # NOTE: If one of the headers referenced below is not set, the rate limit is not applied.\n+ actions:\n+ # Provide the user's identity (x-client-ip is set at the edge) as the counter key\n+ - request_headers:\n+ descriptor_key: user_id\n+ header_name: x-client-ip\n+ # Hardcode the policy and user class for now\n+ - generic_key:\n+ descriptor_key: policy\n+ descriptor_value: thumbnails\n+ - generic_key:\n+ descriptor_key: user_class\n+ descriptor_value: anon\n http_filters:\n - name: envoy.filters.http.ratelimit.resp\n typed_config:\n@@ -68,7 +68,7 @@\n domain: upload\n request_type: both\n stage: 0\n- failure_type_deny: false # return 200 if rate limit service is unavailable\n+ failure_mode_deny: false # return 200 if rate limit service is unavailable\n enable_x_ratelimit_headers: DRAFT_VERSION_03\n rate_limit_service:\n transport_api_version: V3"}, {"resource": "Envoyproxy::Cluster[cluster_ratelimit]"}, {"resource": "Envoyproxy::Conf[tls_terminator_443]"}], "perc_changed": "0.18%"}, "core": {"total": 3374, "only_in_self": [], "only_in_other": [], "resource_diffs": [{"resource": "File[/etc/envoy/clusters.d/01-cluster_ratelimit.yaml]", "content": "--- /etc/envoy/clusters.d/01-cluster_ratelimit.yaml.orig\n+++ /etc/envoy/clusters.d/01-cluster_ratelimit.yaml\n@@ -1,5 +1,5 @@\n name: ratelimit\n-type: static\n+type: STRICT_DNS\n connect_timeout: 0.25s\n lb_policy: ROUND_ROBIN\n typed_extension_protocol_options:"}, {"resource": "File[/etc/envoy/listeners.d/00-tls_terminator_443.yaml]", "content": "--- /etc/envoy/listeners.d/00-tls_terminator_443.yaml.orig\n+++ /etc/envoy/listeners.d/00-tls_terminator_443.yaml\n@@ -41,26 +41,26 @@\n retry_policy:\n num_retries: 1\n retry_on: \"5xx\"\n- typed_per_filter_config:\n- envoy.filters.http.ratelimit.resp:\n- \"@type\": type.googleapis.com/envoy.extensions.filters.http.ratelimit.v3.RateLimitPerRoute\n- rate_limits:\n- - hits_addend:\n- format: \"%BYTES_SENT%\"\n- apply_on_stream_done: true\n- # NOTE: If one of the headers referenced below is not set, the rate limit is not applied.\n- actions:\n- # Provide the user's identity (x-client-ip is set at the edge) as the counter key\n- - request_headers:\n- descriptor_key: user_id\n- header_name: x-client-ip\n- # Hardcode the policy and user class for now\n- - generic_key:\n- descriptor_key: policy\n- descriptor_value: thumbnails\n- - generic_key:\n- descriptor_key: user_class\n- descriptor_value: anon\n+ typed_per_filter_config:\n+ envoy.filters.http.ratelimit.resp:\n+ \"@type\": type.googleapis.com/envoy.extensions.filters.http.ratelimit.v3.RateLimitPerRoute\n+ rate_limits:\n+ - hits_addend:\n+ format: \"%BYTES_SENT%\"\n+ apply_on_stream_done: true\n+ # NOTE: If one of the headers referenced below is not set, the rate limit is not applied.\n+ actions:\n+ # Provide the user's identity (x-client-ip is set at the edge) as the counter key\n+ - request_headers:\n+ descriptor_key: user_id\n+ header_name: x-client-ip\n+ # Hardcode the policy and user class for now\n+ - generic_key:\n+ descriptor_key: policy\n+ descriptor_value: thumbnails\n+ - generic_key:\n+ descriptor_key: user_class\n+ descriptor_value: anon\n http_filters:\n - name: envoy.filters.http.ratelimit.resp\n typed_config:\n@@ -68,7 +68,7 @@\n domain: upload\n request_type: both\n stage: 0\n- failure_type_deny: false # return 200 if rate limit service is unavailable\n+ failure_mode_deny: false # return 200 if rate limit service is unavailable\n enable_x_ratelimit_headers: DRAFT_VERSION_03\n rate_limit_service:\n transport_api_version: V3"}], "perc_changed": "0.06%"}, "main": {"total": 3374, "only_in_self": [], "only_in_other": [], "resource_diffs": [{"resource": "File[/etc/envoy/clusters.d/01-cluster_ratelimit.yaml]", "content": "--- /etc/envoy/clusters.d/01-cluster_ratelimit.yaml.orig\n+++ /etc/envoy/clusters.d/01-cluster_ratelimit.yaml\n@@ -1,5 +1,5 @@\n name: ratelimit\n-type: static\n+type: STRICT_DNS\n connect_timeout: 0.25s\n lb_policy: ROUND_ROBIN\n typed_extension_protocol_options:"}, {"resource": "Envoyproxy::Conf[cluster_ratelimit]"}, {"resource": "File[/etc/envoy/listeners.d/00-tls_terminator_443.yaml]", "content": "--- /etc/envoy/listeners.d/00-tls_terminator_443.yaml.orig\n+++ /etc/envoy/listeners.d/00-tls_terminator_443.yaml\n@@ -41,26 +41,26 @@\n retry_policy:\n num_retries: 1\n retry_on: \"5xx\"\n- typed_per_filter_config:\n- envoy.filters.http.ratelimit.resp:\n- \"@type\": type.googleapis.com/envoy.extensions.filters.http.ratelimit.v3.RateLimitPerRoute\n- rate_limits:\n- - hits_addend:\n- format: \"%BYTES_SENT%\"\n- apply_on_stream_done: true\n- # NOTE: If one of the headers referenced below is not set, the rate limit is not applied.\n- actions:\n- # Provide the user's identity (x-client-ip is set at the edge) as the counter key\n- - request_headers:\n- descriptor_key: user_id\n- header_name: x-client-ip\n- # Hardcode the policy and user class for now\n- - generic_key:\n- descriptor_key: policy\n- descriptor_value: thumbnails\n- - generic_key:\n- descriptor_key: user_class\n- descriptor_value: anon\n+ typed_per_filter_config:\n+ envoy.filters.http.ratelimit.resp:\n+ \"@type\": type.googleapis.com/envoy.extensions.filters.http.ratelimit.v3.RateLimitPerRoute\n+ rate_limits:\n+ - hits_addend:\n+ format: \"%BYTES_SENT%\"\n+ apply_on_stream_done: true\n+ # NOTE: If one of the headers referenced below is not set, the rate limit is not applied.\n+ actions:\n+ # Provide the user's identity (x-client-ip is set at the edge) as the counter key\n+ - request_headers:\n+ descriptor_key: user_id\n+ header_name: x-client-ip\n+ # Hardcode the policy and user class for now\n+ - generic_key:\n+ descriptor_key: policy\n+ descriptor_value: thumbnails\n+ - generic_key:\n+ descriptor_key: user_class\n+ descriptor_value: anon\n http_filters:\n - name: envoy.filters.http.ratelimit.resp\n typed_config:\n@@ -68,7 +68,7 @@\n domain: upload\n request_type: both\n stage: 0\n- failure_type_deny: false # return 200 if rate limit service is unavailable\n+ failure_mode_deny: false # return 200 if rate limit service is unavailable\n enable_x_ratelimit_headers: DRAFT_VERSION_03\n rate_limit_service:\n transport_api_version: V3"}, {"resource": "Envoyproxy::Listener[tls_terminator_443]"}, {"resource": "Envoyproxy::Cluster[cluster_ratelimit]"}, {"resource": "Envoyproxy::Conf[tls_terminator_443]"}], "perc_changed": "0.18%"}}}