ratelimit

package
v0.0.0-...-d64132e Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 28, 2024 License: MPL-2.0 Imports: 4 Imported by: 20

Documentation

Index

Constants

View Source
const (
	// CertificatesPerName is the name of the CertificatesPerName rate limit
	// when referenced in metric labels.
	CertificatesPerName = "certificates_per_domain"

	// RegistrationsPerIP is the name of the RegistrationsPerIP rate limit when
	// referenced in metric labels.
	RegistrationsPerIP = "registrations_per_ip"

	// RegistrationsPerIPRange is the name of the RegistrationsPerIPRange rate
	// limit when referenced in metric labels.
	RegistrationsPerIPRange = "registrations_per_ipv6_range"

	// PendingAuthorizationsPerAccount is the name of the
	// PendingAuthorizationsPerAccount rate limit when referenced in metric
	// labels.
	PendingAuthorizationsPerAccount = "pending_authorizations_per_account"

	// InvalidAuthorizationsPerAccount is the name of the
	// InvalidAuthorizationsPerAccount rate limit when referenced in metric
	// labels.
	InvalidAuthorizationsPerAccount = "failed_authorizations_per_account"

	// CertificatesPerFQDNSet is the name of the CertificatesPerFQDNSet rate
	// limit when referenced in metric labels.
	CertificatesPerFQDNSet = "certificates_per_fqdn_set"

	// CertificatesPerFQDNSetFast is the name of the CertificatesPerFQDNSetFast
	// rate limit when referenced in metric labels.
	CertificatesPerFQDNSetFast = "certificates_per_fqdn_set_fast"

	// NewOrdersPerAccount is the name of the NewOrdersPerAccount rate limit
	// when referenced in metric labels.
	NewOrdersPerAccount = "new_orders_per_account"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type Limits

type Limits interface {
	CertificatesPerName() RateLimitPolicy
	RegistrationsPerIP() RateLimitPolicy
	RegistrationsPerIPRange() RateLimitPolicy
	PendingAuthorizationsPerAccount() RateLimitPolicy
	InvalidAuthorizationsPerAccount() RateLimitPolicy
	CertificatesPerFQDNSet() RateLimitPolicy
	CertificatesPerFQDNSetFast() RateLimitPolicy
	NewOrdersPerAccount() RateLimitPolicy
	LoadPolicies(contents []byte) error
}

Limits is defined to allow mock implementations be provided during unit testing

func New

func New() Limits

type RateLimitPolicy

type RateLimitPolicy struct {
	// How long to count items for
	Window config.Duration `yaml:"window"`
	// The max number of items that can be present before triggering the rate
	// limit. Zero means "no limit."
	Threshold int64 `yaml:"threshold"`
	// A per-key override setting different limits than the default (higher or lower).
	// The key is defined on a per-limit basis and should match the key it counts on.
	// For instance, a rate limit on the number of certificates per name uses name as
	// a key, while a rate limit on the number of registrations per IP subnet would
	// use subnet as a key. Note that a zero entry in the overrides map does not
	// mean "no limit," it means a limit of zero. An entry of -1 means
	// "no limit", only for the pending authorizations rate limit.
	Overrides map[string]int64 `yaml:"overrides"`
	// A per-registration override setting. This can be used, e.g. if there are
	// hosting providers that we would like to grant a higher rate of issuance
	// than the default. If both key-based and registration-based overrides are
	// available, whichever is larger takes priority. Note that a zero entry in
	// the overrides map does not mean "no limit", it means a limit of zero.
	RegistrationOverrides map[int64]int64 `yaml:"registrationOverrides"`
}

RateLimitPolicy describes a general limiting policy

func (*RateLimitPolicy) Enabled

func (rlp *RateLimitPolicy) Enabled() bool

Enabled returns true iff the RateLimitPolicy is enabled.

func (*RateLimitPolicy) GetThreshold

func (rlp *RateLimitPolicy) GetThreshold(key string, regID int64) (int64, string)

GetThreshold returns the threshold for this rate limit and the override Id/Key if that threshold is the result of an override for the default limit, empty-string otherwise. The threshold returned takes into account any overrides for `key` or `regID`. If both `key` and `regID` have an override the largest of the two will be used.

func (*RateLimitPolicy) WindowBegin

func (rlp *RateLimitPolicy) WindowBegin(windowEnd time.Time) time.Time

WindowBegin returns the time that a RateLimitPolicy's window begins, given a particular end time (typically the current time).

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL