From 2fa9fbcd23fdaf45232708115c301afde95e04d1 Mon Sep 17 00:00:00 2001 From: Samantha Frank Date: Mon, 30 Sep 2024 14:09:40 -0400 Subject: [PATCH] SA: Add feature flag DisableLegacyLimitWrites (#7728) --- features/features.go | 7 +++++++ sa/sa.go | 12 +++++++----- test/config-next/sa.json | 3 ++- 3 files changed, 16 insertions(+), 6 deletions(-) diff --git a/features/features.go b/features/features.go index 262ce0933cf..f7b0f71f1bd 100644 --- a/features/features.go +++ b/features/features.go @@ -117,6 +117,13 @@ type Config struct { // to be the authoritative source of rate limiting information for // new-account callers and disables the legacy rate limiting checks. UseKvLimitsForNewAccount bool + + // DisableLegacyLimitWrites when enabled, disables writes to: + // - the newOrdersRL table at new-order time, and + // - the certificatesPerName table at finalize time. + // + // This flag should only be used in conjunction with UseKvLimitsForNewOrder. + DisableLegacyLimitWrites bool } var fMu = new(sync.RWMutex) diff --git a/sa/sa.go b/sa/sa.go index be87d471a19..ffbec0f13a0 100644 --- a/sa/sa.go +++ b/sa/sa.go @@ -380,7 +380,7 @@ func (ssa *SQLStorageAuthority) AddCertificate(ctx context.Context, req *sapb.Ad _, rlTransactionErr := db.WithTransaction(ctx, ssa.dbMap, func(tx db.Executor) (interface{}, error) { // Add to the rate limit table, but only for new certificates. Renewals // don't count against the certificatesPerName limit. - if !isRenewal { + if !isRenewal && !features.Get().DisableLegacyLimitWrites { timeToTheHour := parsedCertificate.NotBefore.Round(time.Hour) err := ssa.addCertificatesPerName(ctx, tx, parsedCertificate.DNSNames, timeToTheHour) if err != nil { @@ -616,10 +616,12 @@ func (ssa *SQLStorageAuthority) NewOrderAndAuthzs(ctx context.Context, req *sapb return nil, fmt.Errorf("casting error in NewOrderAndAuthzs") } - // Increment the order creation count - err = addNewOrdersRateLimit(ctx, ssa.dbMap, req.NewOrder.RegistrationID, ssa.clk.Now().Truncate(time.Minute)) - if err != nil { - return nil, err + if !features.Get().DisableLegacyLimitWrites { + // Increment the order creation count + err = addNewOrdersRateLimit(ctx, ssa.dbMap, req.NewOrder.RegistrationID, ssa.clk.Now().Truncate(time.Minute)) + if err != nil { + return nil, err + } } return order, nil diff --git a/test/config-next/sa.json b/test/config-next/sa.json index ed1eae2f4d9..5afcf09153b 100644 --- a/test/config-next/sa.json +++ b/test/config-next/sa.json @@ -50,7 +50,8 @@ "healthCheckInterval": "4s", "features": { "MultipleCertificateProfiles": true, - "TrackReplacementCertificatesARI": true + "TrackReplacementCertificatesARI": true, + "DisableLegacyLimitWrites": true } }, "syslog": {