Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SA: Add feature flag DisableLegacyLimitWrites #7728

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
+16 −6
Open

SA: Add feature flag DisableLegacyLimitWrites #7728

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
f2a5ccd
SA: Add feature flag DisableLegacyLimitWrites
beautifulentropy Sep 27, 2024
aba2c28
Add certificatesPerName and fqdnSets
beautifulentropy Sep 27, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions features/features.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,13 @@ type Config struct {
// to be the authoritative source of rate limiting information for
// new-account callers and disables the legacy rate limiting checks.
UseKvLimitsForNewAccount bool

// DisableLegacyLimitWrites when enabled, disables writes to:
// - the newOrdersRL table at new-order time, and
// - the certificatesPerName table at finalize time.
//
// This flag should only be used in conjunction with UseKvLimitsForNewOrder.
DisableLegacyLimitWrites bool
}

var fMu = new(sync.RWMutex)
Expand Down
12 changes: 7 additions & 5 deletions sa/sa.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -380,7 +380,7 @@ func (ssa *SQLStorageAuthority) AddCertificate(ctx context.Context, req *sapb.Ad
_, rlTransactionErr := db.WithTransaction(ctx, ssa.dbMap, func(tx db.Executor) (interface{}, error) {
// Add to the rate limit table, but only for new certificates. Renewals
// don't count against the certificatesPerName limit.
if !isRenewal {
if !isRenewal && !features.Get().DisableLegacyLimitWrites {
timeToTheHour := parsedCertificate.NotBefore.Round(time.Hour)
err := ssa.addCertificatesPerName(ctx, tx, parsedCertificate.DNSNames, timeToTheHour)
if err != nil {
Expand Down Expand Up @@ -616,10 +616,12 @@ func (ssa *SQLStorageAuthority) NewOrderAndAuthzs(ctx context.Context, req *sapb
return nil, fmt.Errorf("casting error in NewOrderAndAuthzs")
}

// Increment the order creation count
err = addNewOrdersRateLimit(ctx, ssa.dbMap, req.NewOrder.RegistrationID, ssa.clk.Now().Truncate(time.Minute))
if err != nil {
return nil, err
if !features.Get().DisableLegacyLimitWrites {
// Increment the order creation count
err = addNewOrdersRateLimit(ctx, ssa.dbMap, req.NewOrder.RegistrationID, ssa.clk.Now().Truncate(time.Minute))
if err != nil {
return nil, err
}
}

return order, nil
Expand Down
3 changes: 2 additions & 1 deletion test/config-next/sa.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,8 @@
"healthCheckInterval": "4s",
"features": {
"MultipleCertificateProfiles": true,
"TrackReplacementCertificatesARI": true
"TrackReplacementCertificatesARI": true,
"DisableLegacyLimitWrites": true
}
},
"syslog": {
Expand Down
Loading