controller: support rate-limiting incoming requests

helps constraining resource usage and against flood attacks.

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>

pkg/api/config/config.go

@@ -47,6 +47,16 @@ type BearerConfig struct {
 	Cert    string
 }
 
+type MethodRatelimitConfig struct {
+	Method string
+	Rate   int
+}
+
+type RatelimitConfig struct {
+	Rate    *int                    // requests per second
+	Methods []MethodRatelimitConfig `mapstructure:",omitempty"`
+}
+
 type HTTPConfig struct {
 	Address          string
 	Port             string
@@ -54,8 +64,9 @@ type HTTPConfig struct {
 	Auth             *AuthConfig
 	RawAccessControl map[string]interface{} `mapstructure:"accessControl,omitempty"`
 	Realm            string
-	AllowReadAccess  bool `mapstructure:",omitempty"`
-	ReadOnly         bool `mapstructure:",omitempty"`
+	AllowReadAccess  bool             `mapstructure:",omitempty"`
+	ReadOnly         bool             `mapstructure:",omitempty"`
+	Ratelimit        *RatelimitConfig `mapstructure:",omitempty"`
 }
 
 type LDAPConfig struct {