Skip to content

fix(limit-conn): use parent resource key for consumer isolation#13600

Open
DanielWu-star wants to merge 1 commit into
apache:masterfrom
DanielWu-star:fix/limit-conn-consumer-isolation
Open

fix(limit-conn): use parent resource key for consumer isolation#13600
DanielWu-star wants to merge 1 commit into
apache:masterfrom
DanielWu-star:fix/limit-conn-consumer-isolation

Conversation

@DanielWu-star

@DanielWu-star DanielWu-star commented Jun 23, 2026

Copy link
Copy Markdown

Previously, when limit-conn was configured at the consumer level, connection limits were applied per-route instead of globally per consumer. This occurred because the key generation concatenated ctx.conf_type and ctx.conf_version, which included route-specific information.

This commit fixes the issue by using conf._meta.parent.resource_key for key generation, consistent with the same fix already applied to limit-req (#13019) and limit-count plugins. Now consumer-level connection limits are properly shared across all routes accessed by the same consumer.

Changes:

  • Added gen_limit_key() function using parent.resource_key approach
  • Replaced key = key .. ctx.conf_type .. ctx.conf_version with gen_limit_key(conf, ctx, key) in run_limit_conn()
  • Updated test cases to match new key format
  • Added test cases (TEST 35-42) verifying consumer isolation across multiple routes

Description

Which issue(s) this PR fixes:

Fixes #13584

Checklist

  • I have explained the need for this PR and the problem it solves
  • I have explained the changes or the new features added to this PR
  • I have added tests corresponding to this change
  • I have updated the documentation to reflect this change
  • I have verified that this change is backward compatible (If not, please discuss on the APISIX mailing list first)

@DanielWu-star
fix(limit-conn): use parent resource key for consumer isolation
06a9058 
Previously, when limit-conn was configured at the consumer level,
connection limits were applied per-route instead of globally per
consumer. This occurred because the key generation concatenated
ctx.conf_type and ctx.conf_version, which included route-specific
information.

This commit fixes the issue by using conf._meta.parent.resource_key
for key generation, consistent with the same fix already applied to
limit-req (apache#13019) and limit-count plugins. Now consumer-level
connection limits are properly shared across all routes accessed by
the same consumer.

Fixes apache#13584

Changes:
- Added gen_limit_key() function using parent.resource_key approach
- Replaced key = key .. ctx.conf_type .. ctx.conf_version with
  gen_limit_key(conf, ctx, key) in run_limit_conn()
- Updated test cases to match new key format
- Added test cases (TEST 35-42) verifying consumer isolation across
  multiple routes
@dosubot dosubot Bot added size:L This PR changes 100-499 lines, ignoring generated files. bug Something isn't working labels Jun 23, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

bug Something isn't working size:L This PR changes 100-499 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

bug: Is it expected that per-consumer limit-conn is isolated per-route and per-pod?

1 participant

@DanielWu-star