Which ACL permissions?
casper-hansen opened this issue · comments
Hi @alisaifee. I am using Redis with Flask-Limiter.
Which permissions are needed for an ACL configuration?
So far this is the user I have created:
user flasklimiter on >password +get +set +incr +expire +eval +evalsha +script +@scripting allkeys
I have received the following stacktrace:
newstrading-web-1 | Traceback (most recent call last):
newstrading-web-1 | File "/usr/local/lib/python3.11/site-packages/gunicorn/workers/base_async.py", line 55, in handle
newstrading-web-1 | self.handle_request(listener_name, req, client, addr)
newstrading-web-1 | File "/usr/local/lib/python3.11/site-packages/gunicorn/workers/ggevent.py", line 127, in handle_request
newstrading-web-1 | super().handle_request(listener_name, req, sock, addr)
newstrading-web-1 | File "/usr/local/lib/python3.11/site-packages/gunicorn/workers/base_async.py", line 108, in handle_request
newstrading-web-1 | respiter = self.wsgi(environ, resp.start_response)
newstrading-web-1 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
newstrading-web-1 | File "/usr/local/lib/python3.11/site-packages/flask/app.py", line 2548, in __call__
newstrading-web-1 | return self.wsgi_app(environ, start_response)
newstrading-web-1 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
newstrading-web-1 | File "/usr/local/lib/python3.11/site-packages/flask/app.py", line 2528, in wsgi_app
newstrading-web-1 | response = self.handle_exception(e)
newstrading-web-1 | ^^^^^^^^^^^^^^^^^^^^^^^^
newstrading-web-1 | File "/usr/local/lib/python3.11/site-packages/flask/app.py", line 2525, in wsgi_app
newstrading-web-1 | response = self.full_dispatch_request()
newstrading-web-1 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
newstrading-web-1 | File "/usr/local/lib/python3.11/site-packages/flask/app.py", line 1822, in full_dispatch_request
newstrading-web-1 | rv = self.handle_user_exception(e)
newstrading-web-1 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
newstrading-web-1 | File "/usr/local/lib/python3.11/site-packages/flask/app.py", line 1818, in full_dispatch_request
newstrading-web-1 | rv = self.preprocess_request()
newstrading-web-1 | ^^^^^^^^^^^^^^^^^^^^^^^^^
newstrading-web-1 | File "/usr/local/lib/python3.11/site-packages/flask/app.py", line 2309, in preprocess_request
newstrading-web-1 | rv = self.ensure_sync(before_func)()
newstrading-web-1 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
newstrading-web-1 | File "/usr/local/lib/python3.11/site-packages/flask_limiter/extension.py", line 1027, in _check_request_limit
newstrading-web-1 | raise e
newstrading-web-1 | File "/usr/local/lib/python3.11/site-packages/flask_limiter/extension.py", line 1008, in _check_request_limit
newstrading-web-1 | self.__evaluate_limits(endpoint, all_limits)
newstrading-web-1 | File "/usr/local/lib/python3.11/site-packages/flask_limiter/extension.py", line 959, in __evaluate_limits
newstrading-web-1 | if not method(lim.limit, *args, **kwargs):
newstrading-web-1 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
newstrading-web-1 | File "/usr/local/lib/python3.11/site-packages/limits/strategies.py", line 139, in hit
newstrading-web-1 | self.storage.incr(
newstrading-web-1 | File "/usr/local/lib/python3.11/site-packages/limits/storage/redis.py", line 186, in incr
newstrading-web-1 | return int(self.lua_incr_expire([key], [expiry, amount]))
newstrading-web-1 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
newstrading-web-1 | File "/usr/local/lib/python3.11/site-packages/redis/commands/core.py", line 5736, in __call__
newstrading-web-1 | return client.evalsha(self.sha, len(keys), *args)
newstrading-web-1 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
newstrading-web-1 | File "/usr/local/lib/python3.11/site-packages/redis/commands/core.py", line 5121, in evalsha
newstrading-web-1 | return self._evalsha("EVALSHA", sha, numkeys, *keys_and_args)
newstrading-web-1 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
newstrading-web-1 | File "/usr/local/lib/python3.11/site-packages/redis/commands/core.py", line 5105, in _evalsha
newstrading-web-1 | return self.execute_command(command, sha, numkeys, *keys_and_args)
newstrading-web-1 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
newstrading-web-1 | File "/usr/local/lib/python3.11/site-packages/redis/client.py", line 1258, in execute_command
newstrading-web-1 | return conn.retry.call_with_retry(
newstrading-web-1 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^
newstrading-web-1 | File "/usr/local/lib/python3.11/site-packages/redis/retry.py", line 46, in call_with_retry
newstrading-web-1 | return do()
newstrading-web-1 | ^^^^
newstrading-web-1 | File "/usr/local/lib/python3.11/site-packages/redis/client.py", line 1259, in <lambda>
newstrading-web-1 | lambda: self._send_command_parse_response(
newstrading-web-1 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
newstrading-web-1 | File "/usr/local/lib/python3.11/site-packages/redis/client.py", line 1235, in _send_command_parse_response
newstrading-web-1 | return self.parse_response(conn, command_name, **options)
newstrading-web-1 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
newstrading-web-1 | File "/usr/local/lib/python3.11/site-packages/redis/client.py", line 1275, in parse_response
newstrading-web-1 | response = connection.read_response()
newstrading-web-1 | ^^^^^^^^^^^^^^^^^^^^^^^^^^
newstrading-web-1 | File "/usr/local/lib/python3.11/site-packages/redis/connection.py", line 827, in read_response
newstrading-web-1 | raise response
newstrading-web-1 | redis.exceptions.ResponseError: Error running script (call to f_628bd136a573a06b346879695681af12ccef300f): @user_script:3: @user_script: 3: The user executing the script can't run this command or subcommand
Hi @casperbh96. If you're using the fixed-window strategy (which it appears you are) you'll additionally need to add +incrby (reference).
If you use moving-window which uses redis lists, you'll need the additional +lrange +lpush +ltrim +lindex
Closing due to inactivity.