const (
// CertificatesPerName is the name of the CertificatesPerName rate limit
// when referenced in metric labels.
CertificatesPerName = "certificates_per_domain_per_account"
// RegistrationsPerIP is the name of the RegistrationsPerIP rate limit when
// referenced in metric labels.
RegistrationsPerIP = "registrations_per_ip"
// RegistrationsPerIPRange is the name of the RegistrationsPerIPRange rate
// limit when referenced in metric labels.
RegistrationsPerIPRange = "registrations_per_ipv6_range"
// PendingAuthorizationsPerAccount is the name of the
// PendingAuthorizationsPerAccount rate limit when referenced in metric
// labels.
PendingAuthorizationsPerAccount = "pending_authorizations_per_account"
// InvalidAuthorizationsPerAccount is the name of the
// InvalidAuthorizationsPerAccount rate limit when referenced in metric
// labels.
InvalidAuthorizationsPerAccount = "failed_authorizations_per_account"
// CertificatesPerFQDNSet is the name of the CertificatesPerFQDNSet rate
// limit when referenced in metric labels.
CertificatesPerFQDNSet = "certificates_per_fqdn_set_per_account"
// CertificatesPerFQDNSetFast is the name of the CertificatesPerFQDNSetFast
// rate limit when referenced in metric labels.
CertificatesPerFQDNSetFast = "certificates_per_fqdn_set_per_account_fast"
// NewOrdersPerAccount is the name of the NewOrdersPerAccount rate limit
// when referenced in metric labels.
NewOrdersPerAccount = "new_orders_per_account"
)
Limits is defined to allow mock implementations be provided during unit testing
type Limits interface {
CertificatesPerName() RateLimitPolicy
RegistrationsPerIP() RateLimitPolicy
RegistrationsPerIPRange() RateLimitPolicy
PendingAuthorizationsPerAccount() RateLimitPolicy
InvalidAuthorizationsPerAccount() RateLimitPolicy
CertificatesPerFQDNSet() RateLimitPolicy
CertificatesPerFQDNSetFast() RateLimitPolicy
NewOrdersPerAccount() RateLimitPolicy
LoadPolicies(contents []byte) error
}
func New() Limits
RateLimitPolicy describes a general limiting policy
type RateLimitPolicy struct {
// How long to count items for
Window config.Duration `yaml:"window"`
// The max number of items that can be present before triggering the rate
// limit. Zero means "no limit."
Threshold int64 `yaml:"threshold"`
// A per-key override setting different limits than the default (higher or lower).
// The key is defined on a per-limit basis and should match the key it counts on.
// For instance, a rate limit on the number of certificates per name uses name as
// a key, while a rate limit on the number of registrations per IP subnet would
// use subnet as a key. Note that a zero entry in the overrides map does not
// mean "no limit," it means a limit of zero. An entry of -1 means
// "no limit", only for the pending authorizations rate limit.
Overrides map[string]int64 `yaml:"overrides"`
// A per-registration override setting. This can be used, e.g. if there are
// hosting providers that we would like to grant a higher rate of issuance
// than the default. If both key-based and registration-based overrides are
// available, whichever is larger takes priority. Note that a zero entry in
// the overrides map does not mean "no limit", it means a limit of zero.
RegistrationOverrides map[int64]int64 `yaml:"registrationOverrides"`
}
func (rlp *RateLimitPolicy) Enabled() bool
Enabled returns true iff the RateLimitPolicy is enabled.
func (rlp *RateLimitPolicy) GetThreshold(key string, regID int64) (int64, string)
GetThreshold returns the threshold for this rate limit and the override Id/Key if that threshold is the result of an override for the default limit, empty-string otherwise. The threshold returned takes into account any overrides for `key` or `regID`. If both `key` and `regID` have an override the largest of the two will be used.
func (rlp *RateLimitPolicy) WindowBegin(windowEnd time.Time) time.Time
WindowBegin returns the time that a RateLimitPolicy's window begins, given a particular end time (typically the current time).