feat: implement rate limiting for API requests with token bucket (#1055)

* feat: implement rate limiting for API requests with token bucket algorithm

* refactor: replace custom rate limiter with golang.org/x/time/rate implementation

* chore: remove redundant comments from rate limiter implementation

* refactor: simplify rate limiting by removing wrapper class and using rate.Limiter directly

* chore: remove redundant comment for createRateLimiter function

* refactor: move rate limit default value to single location in HTTP client

* fix: handle rate limiter wait error in HTTP client request method

* style: add newline before rate limiter wait call in http client

* style: remove trailing whitespace in request function

* test: add rate limiter tests and refactor HTTP client test setup

* chore: remove redundant comment about rate limiting in client test

* refactor: simplify rate limiter tests to use HTTP client directly

* test: replace rate limiter config test with default rate limit test

* test: remove redundant burst request rate limit test case

* test: add rate limit queue and refresh test for HTTP client

* style: add newlines for improved code readability in test files

* style: remove trailing whitespace in http client test files

* refactor: update rate limiter to use time.Minute instead of per-second calculation

* refactor: simplify rate limiter creation by inlining function

* remove sleep in test

* refactor: update rate limiter configuration with accumulate rate and lower default limits

* feat: add rate limiting for AWS cloud configuration requests

* add empty lines

* fix linting error

* ci: add 15-minute timeout to Go test workflow step

* ci: increase test timeout to 20 minutes for both job and go test

Author: tomporat247

.github/workflows/ci.yml

@@ -1,75 +1,76 @@
-name: CI
-
-on:
-  pull_request:
-    types: [opened, synchronize]
-
-env:
-  ENV0_API_ENDPOINT: ${{ secrets.ENV0_API_ENDPOINT }}
-  ENV0_API_KEY: ${{ secrets.TF_PROVIDER_INTEGRATION_TEST_API_KEY }} # API Key for organization 'TF-provider-integration-tests' @ dev
-  ENV0_API_SECRET: ${{ secrets.TF_PROVIDER_INTEGRATION_TEST_API_SECRET }}
-  GO_VERSION: "1.24"
-  TERRAFORM_VERSION: 1.11.4
-
-jobs:
-  unit-tests:
-    name: Unit Tests
-    timeout-minutes: 15
-    runs-on: ubuntu-24.04
-    steps:
-      - name: Install Go
-        uses: actions/setup-go@v5
-        with:
-          go-version: ${{ env.GO_VERSION }}
-      - name: Checkout code
-        uses: actions/checkout@v4
-      - name: Generate mocks
-        run: |
-          go install go.uber.org/mock/[email protected]
-          go generate client/api_client.go
-      - name: Go fmt
-        run: |
-          ! go fmt ./... | read
-      - name: Go vet
-        run: |
-          ! go vet ./... | read
-      - name: Install Terraform
-        uses: hashicorp/setup-terraform@v3
-        with:
-          terraform_version: ${{ env.TERRAFORM_VERSION }}
-      - name: Verify Terraform installation
-        run: |
-          terraform version
-          which terraform
-          echo "TF_PATH=$(which terraform)" >> $GITHUB_ENV
-          # Make sure terraform is executable
-          chmod +x $(which terraform)
-          ls -la $(which terraform)
-      - name: golangci-lint
-        uses: golangci/golangci-lint-action@v7
-        with:
-          version: v2.0
-      - name: Go Test
-        run: |
-          echo "Using Terraform at: $TF_PATH"
-          echo "Terraform version: $TERRAFORM_VERSION"
-          # Run tests with detailed logging
-          TF_LOG=DEBUG go test -v ./...
-        env:
-          TF_ACC: true
-          TF_ACC_TERRAFORM_PATH: ${{ env.TF_PATH }}
-          TF_ACC_TERRAFORM_VERSION: ${{ env.TERRAFORM_VERSION }}
-
-  # See terraform-provider-env0 README for integration tests prerequisites
-  integration-tests:
-    name: Integration Tests
-    runs-on: ubuntu-24.04
-    container: golang:1.24-alpine
-    timeout-minutes: 20
-    steps:
-      - name: Install Opentofu
-        run: apk add opentofu
-      - name: Checkout code
-        uses: actions/checkout@v4
-      - name: Run Harness tests
+name: CI
+
+on:
+  pull_request:
+    types: [opened, synchronize]
+
+env:
+  ENV0_API_ENDPOINT: ${{ secrets.ENV0_API_ENDPOINT }}
+  ENV0_API_KEY: ${{ secrets.TF_PROVIDER_INTEGRATION_TEST_API_KEY }} # API Key for organization 'TF-provider-integration-tests' @ dev
+  ENV0_API_SECRET: ${{ secrets.TF_PROVIDER_INTEGRATION_TEST_API_SECRET }}
+  GO_VERSION: "1.24"
+  TERRAFORM_VERSION: 1.11.4
+
+jobs:
+  unit-tests:
+    name: Unit Tests
+    timeout-minutes: 15
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: ${{ env.GO_VERSION }}
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Generate mocks
+        run: |
+          go install go.uber.org/mock/[email protected]
+          go generate client/api_client.go
+      - name: Go fmt
+        run: |
+          ! go fmt ./... | read
+      - name: Go vet
+        run: |
+          ! go vet ./... | read
+      - name: Install Terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: ${{ env.TERRAFORM_VERSION }}
+      - name: Verify Terraform installation
+        run: |
+          terraform version
+          which terraform
+          echo "TF_PATH=$(which terraform)" >> $GITHUB_ENV
+          # Make sure terraform is executable
+          chmod +x $(which terraform)
+          ls -la $(which terraform)
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v7
+        with:
+          version: v2.0
+      - name: Go Test
+        timeout-minutes: 20
+        run: |
+          echo "Using Terraform at: $TF_PATH"
+          echo "Terraform version: $TERRAFORM_VERSION"
+          # Run tests with detailed logging and increased timeout
+          TF_LOG=DEBUG go test -timeout 20m -v ./...
+        env:
+          TF_ACC: true
+          TF_ACC_TERRAFORM_PATH: ${{ env.TF_PATH }}
+          TF_ACC_TERRAFORM_VERSION: ${{ env.TERRAFORM_VERSION }}
+
+  # See terraform-provider-env0 README for integration tests prerequisites
+  integration-tests:
+    name: Integration Tests
+    runs-on: ubuntu-24.04
+    container: golang:1.24-alpine
+    timeout-minutes: 20
+    steps:
+      - name: Install Opentofu
+        run: apk add opentofu
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Run Harness tests
         run: go run tests/harness.go

client/http/client.go

@@ -3,9 +3,11 @@ package http
 //go:generate mockgen -destination=client_mock.go -package=http . HttpClientInterface
 
 import (
+	"context"
 	"reflect"
 
 	"github.com/go-resty/resty/v2"
+	"golang.org/x/time/rate"
 )
 
 type HttpClientInterface interface {
@@ -17,31 +19,56 @@ type HttpClientInterface interface {
 }
 
 type HttpClient struct {
-	ApiKey    string
-	ApiSecret string
-	Endpoint  string
-	client    *resty.Client
+	ApiKey      string
+	ApiSecret   string
+	Endpoint    string
+	client      *resty.Client
+	rateLimiter *rate.Limiter
 }
 
 type HttpClientConfig struct {
-	ApiKey      string
-	ApiSecret   string
-	ApiEndpoint string
-	UserAgent   string
-	RestClient  *resty.Client
+	ApiKey                  string
+	ApiSecret               string
+	ApiEndpoint             string
+	UserAgent               string
+	RestClient              *resty.Client
+	RateLimitPerMinute      int // Optional, defaults to 500 if not specified
+	RateLimitAccumulateRate int // Optional, defaults to 8 if not specified
 }
 
 func NewHttpClient(config HttpClientConfig) (*HttpClient, error) {
+	rateLimitPerMinute := config.RateLimitPerMinute
+
+	if rateLimitPerMinute <= 0 {
+		rateLimitPerMinute = 500
+	}
+
+	rateLimitAccumulateRate := config.RateLimitAccumulateRate
+
+	if rateLimitAccumulateRate <= 0 {
+		rateLimitAccumulateRate = 8
+	}
+
 	httpClient := &HttpClient{
-		ApiKey:    config.ApiKey,
-		ApiSecret: config.ApiSecret,
-		client:    config.RestClient.SetBaseURL(config.ApiEndpoint).SetHeader("User-Agent", config.UserAgent),
+		ApiKey:      config.ApiKey,
+		ApiSecret:   config.ApiSecret,
+		client:      config.RestClient.SetBaseURL(config.ApiEndpoint).SetHeader("User-Agent", config.UserAgent),
+		rateLimiter: rate.NewLimiter(rate.Limit(rateLimitAccumulateRate), rateLimitPerMinute),
 	}
 
 	return httpClient, nil
 }
 
 func (client *HttpClient) request() *resty.Request {
+	if client.rateLimiter != nil {
+		ctx := context.Background()
+
+		err := client.rateLimiter.Wait(ctx)
+		if err != nil {
+			return client.client.R().SetError(err)
+		}
+	}
+
 	return client.client.R().SetBasicAuth(client.ApiKey, client.ApiSecret)
 }
 

client/http/client_test.go

@@ -2,6 +2,7 @@ package http_test
 
 import (
 	"encoding/json"
+	"errors"
 	"io"
 	"net/http"
 	"strconv"
@@ -50,10 +51,6 @@ var _ = BeforeSuite(func() {
 	httpmock.ActivateNonDefault(restClient.GetClient())
 })
 
-var _ = BeforeEach(func() {
-	httpmock.Reset()
-})
-
 var _ = AfterSuite(func() {
 	// unmock HTTP requests
 	httpmock.DeactivateAndReset()
@@ -66,19 +63,61 @@ func TestHttpClient(t *testing.T) {
 
 var _ = Describe("Http Client", func() {
 	var httpRequest *http.Request
+	var httpclient *httpModule.HttpClient
 
 	mockRequest := RequestBody{
-		Message: "I have a request",
+		Message: "Hello",
 	}
+
 	mockedResponse := ResponseType{
-		Id:   1,
-		Name: "I have a response",
+		Id:   123,
+		Name: "Test",
 	}
+
 	successURI := "/path/to/success"
 	failureURI := "/path/to/failure"
 	successUrl := BaseUrl + successURI
 	failureUrl := BaseUrl + failureURI
 
+	BeforeEach(func() {
+		// Create a new REST client for each test to avoid rate limiter interference
+		restClient := resty.New()
+		httpmock.ActivateNonDefault(restClient.GetClient())
+
+		config := httpModule.HttpClientConfig{
+			ApiKey:             ApiKey,
+			ApiSecret:          ApiSecret,
+			ApiEndpoint:        BaseUrl,
+			UserAgent:          UserAgent,
+			RestClient:         restClient,
+			RateLimitPerMinute: 1000000, // Set to a very high value to effectively disable rate limiting for tests
+		}
+		var err error
+		httpclient, err = httpModule.NewHttpClient(config)
+		Expect(err).To(BeNil())
+
+		httpRequest = nil
+		httpmock.RegisterNoResponder(func(req *http.Request) (*http.Response, error) {
+			httpRequest = req
+
+			return nil, errors.New("No responder found")
+		})
+
+		// Make calls to /path/to/success return 200, and calls to /path/to/failure return 500
+		for _, methodType := range []string{"GET", "POST", "PUT", "DELETE"} {
+			httpmock.RegisterResponder(methodType, successUrl, func(req *http.Request) (*http.Response, error) {
+				httpRequest = req
+
+				return httpmock.NewJsonResponse(200, mockedResponse)
+			})
+			httpmock.RegisterResponder(methodType, failureUrl, func(req *http.Request) (*http.Response, error) {
+				httpRequest = req
+
+				return httpmock.NewStringResponse(ErrorStatusCode, ErrorMessage), nil
+			})
+		}
+	})
+
 	AssertAuth := func() {
 		authorization := httpRequest.Header["Authorization"]
 		Expect(len(authorization)).To(Equal(1), "Should have authorization header")