Disable Request Limiter by default (#25442)

This PR flips the logic for the Request Limiter, setting it to default disabled. We allow users to turn on the global Request Limiter, but leave the Listener configuration as a "disable per Listener".
2025-11-02 19:47:54 +00:00 · 2024-02-16 17:50:18 -05:00
parent db957a50c5
commit 7ad778541e
6 changed files with 40 additions and 40 deletions
--- a/command/command_testonly/server_testonly_test.go
+++ b/command/command_testonly/server_testonly_test.go
@@ -85,31 +85,6 @@ func TestServer_ReloadRequestLimiter(t *testing.T) {
 		configAfter      string
 		expectedResponse *vault.RequestLimiterResponse
 	}{
-		{
-			"enable after default",
-			baseHCL + requestLimiterEnableHCL,
-			enabledResponse,
-		},
-		{
-			"enable after enable",
-			baseHCL + requestLimiterEnableHCL,
-			enabledResponse,
-		},
-		{
-			"disable after enable",
-			baseHCL + requestLimiterDisableHCL,
-			disabledResponse,
-		},
-		{
-			"default after disable",
-			baseHCL,
-			enabledResponse,
-		},
-		{
-			"default after default",
-			baseHCL,
-			enabledResponse,
-		},
 		{
 			"disable after default",
 			baseHCL + requestLimiterDisableHCL,
@@ -120,6 +95,31 @@ func TestServer_ReloadRequestLimiter(t *testing.T) {
 			baseHCL + requestLimiterDisableHCL,
 			disabledResponse,
 		},
+		{
+			"enable after disable",
+			baseHCL + requestLimiterEnableHCL,
+			enabledResponse,
+		},
+		{
+			"default after enable",
+			baseHCL,
+			disabledResponse,
+		},
+		{
+			"default after default",
+			baseHCL,
+			disabledResponse,
+		},
+		{
+			"enable after default",
+			baseHCL + requestLimiterEnableHCL,
+			enabledResponse,
+		},
+		{
+			"enable after enable",
+			baseHCL + requestLimiterEnableHCL,
+			enabledResponse,
+		},
 	}

 	ui, srv := command.TestServerCommand(t)
@@ -166,7 +166,7 @@ func TestServer_ReloadRequestLimiter(t *testing.T) {
 	cli.SetToken(initResp.RootToken)

 	output = ui.ErrorWriter.String() + ui.OutputWriter.String()
-	require.Contains(t, output, "Request Limiter: enabled")
+	require.Contains(t, output, "Request Limiter: disabled")

 	verifyLimiters := func(t *testing.T, expectedResponse *vault.RequestLimiterResponse) {
 		t.Helper()
@@ -187,8 +187,8 @@ func TestServer_ReloadRequestLimiter(t *testing.T) {
 		require.Equal(t, expectedResponse, limiters)
 	}

-	// Start off with default enabled
-	verifyLimiters(t, enabledResponse)
+	// Start off with default disabled
+	verifyLimiters(t, disabledResponse)

 	for _, tc := range cases {
 		t.Run(tc.name, func(t *testing.T) {