Skip to content

surisoft-io/capi-docker

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
imports
imports
 
 
README.md
README.md
 
 
docker-compose.yaml
docker-compose.yaml
 
 

Repository files navigation

How to run

Components in this docker compose

  • CAPI (2 instances)
  • Consul
  • Keycloak
  • Zipkin
  • Kafka
  • Protected Service (sample)
  • Public Service (sample)
$ docker compose up -d

You will probably see CAPI nodes restarting while Keycloak is not available.

Keycloak has already a realm capi for these tests, with 2 clients client1 and client2

To request the first token:

$ curl -v --location 'http://localhost:8080/realms/capi/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_secret=OWNxoSaCHmM3FFXbtjff2R6hwC7cf0HP' \
--data-urlencode 'client_id=client1' \
--data-urlencode 'grant_type=client_credentials'

Call CAPI protected service:

$ curl --location 'http://localhost:8380/capi/dev/protected-service/sample/item' \
--header 'Authorization: Bearer <token>'

For throttling CAPI uses Kafka for nodes to send messages to each other, in this example we have 2 CAPI nodes.

How throttling works

Theres are 2 types of throttling:

  • Global (CAPI will apply throttling to every incoming call authenticated and anonymous)
  • Per Consumer (CAPI will read the throttling information from the access token)

The protected-service has throttling enabled per consumer (client)

- spring.cloud.consul.discovery.metadata.throttle=true
- spring.cloud.consul.discovery.metadata.throttleGlobal=false
- spring.cloud.consul.discovery.metadata.throttleTotalCalls=3
- spring.cloud.consul.discovery.metadata.throttleDuration=20000

Since throttleGlobal is false CAPI will ignore the global metadata: throttleTotalCalls and throttleDuration and apply throttling with the expected token claims:

For client1 only 6 calls every 20 seconds are allowed.

{
  "exp": 1748595677,
  "iat": 1748595377,
  "jti": "0e7ec229-f8ed-4362-a114-875b8856c5d8",
  "iss": "http://localhost:8080/realms/capi",
  "azp": "client1",
  "scope": "throttleInfo subscriptions email profile",
  "subscriptions": [
    "/capi"
  ],
  "throttleDuration": 20000,
  "throttleTotalCalls": 6,
  "preferred_username": "service-account-client1"
}

For client2 only 3 calls every 10 seconds are allowed.

{
  "exp": 1748595799,
  "iat": 1748595499,
  "jti": "22273090-6d4f-4fba-82df-631b66cd872a",
  "iss": "http://localhost:8080/realms/capi",
  "azp": "client2",
  "scope": "subscriptions throttleInfo2 email profile",
  "subscriptions": [
    "/capi"
  ],
  "throttleDuration": 10000,
  "throttleTotalCalls": 3,
  "preferred_username": "service-account-client2"  
}

The public-service has global throttling enabled.

- spring.cloud.consul.discovery.metadata.throttle=true
- spring.cloud.consul.discovery.metadata.throttleGlobal=true
- spring.cloud.consul.discovery.metadata.throttleTotalCalls=3
- spring.cloud.consul.discovery.metadata.throttleDuration=20000

Since throttleGlobal is true CAPI will read the global metadata: throttleTotalCalls and throttleDuration and apply throttling globally.

About

Docker compose for testing

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors