Request Limiter listener config opt-out (#25098)

This commit introduces a new listener config option to allow disabling the request limiter per-listener.

http/handler.go

@@ -263,6 +263,10 @@ func handler(props *vault.HandlerProperties) http.Handler {
 		wrappedHandler = disableReplicationStatusEndpointWrapping(wrappedHandler)
 	}
 
+	if props.ListenerConfig != nil && props.ListenerConfig.DisableRequestLimiter {
+		wrappedHandler = wrapRequestLimiterHandler(wrappedHandler, props)
+	}
+
 	return wrappedHandler
 }
 
@@ -910,6 +914,15 @@ func forwardRequest(core *vault.Core, w http.ResponseWriter, r *http.Request) {
 }
 
 func acquireLimiterListener(core *vault.Core, rawReq *http.Request, r *logical.Request) (*limits.RequestListener, bool) {
+	var disable bool
+	disableRequestLimiter := rawReq.Context().Value(logical.CtxKeyDisableRequestLimiter{})
+	if disableRequestLimiter != nil {
+		disable = disableRequestLimiter.(bool)
+	}
+	if disable {
+		return &limits.RequestListener{}, true
+	}
+
 	lim := &limits.RequestLimiter{}
 	if r.PathLimited {
 		lim = core.GetRequestLimiter(limits.SpecialPathLimiter)

http/util.go

@@ -43,6 +43,19 @@ func wrapMaxRequestSizeHandler(handler http.Handler, props *vault.HandlerPropert
 	})
 }
 
+func wrapRequestLimiterHandler(handler http.Handler, props *vault.HandlerProperties) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		request := r.WithContext(
+			context.WithValue(
+				r.Context(),
+				logical.CtxKeyDisableRequestLimiter{},
+				props.ListenerConfig.DisableRequestLimiter,
+			),
+		)
+		handler.ServeHTTP(w, request)
+	})
+}
+
 func rateLimitQuotaWrapping(handler http.Handler, core *vault.Core) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		ns, err := namespace.FromContext(r.Context())