use our own boulder rate limit file #9889
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ohemorange
previously approved these changes
Feb 7, 2024
| @@ -0,0 +1,54 @@ | |||
| # See cmd/shell.go for definitions of these rate limits. | |||
There was a problem hiding this comment.
Suggested change
| # See cmd/shell.go for definitions of these rate limits. | |
| # See https://github.com/letsencrypt/boulder/blob/main/cmd/shell.go for definitions of these rate limits. |
or
Suggested change
| # See cmd/shell.go for definitions of these rate limits. | |
| # See letsencrypt/boulder/cmd/shell.go for definitions of these rate limits. |
There was a problem hiding this comment.
Ah good idea! I blindly copied the deleted file without even reading it.
| os.rename(join(instance_path, 'test/rate-limit-policies-b.yml'), | ||
| join(instance_path, 'test/rate-limit-policies.yml')) | ||
| ref = importlib_resources.files("certbot_integration_tests") | ||
| ref = ref / "assets" / "boulder-rate-limit-policies.yml" |
Merged
bmw
added a commit
that referenced
this pull request
Feb 8, 2024
Fixes #9892 and https://github.com/certbot/certbot/security/dependabot Upgrading the base docker image has been done in previous PRs like #9415. Doing this was needed because the [newer versions of `cryptography` need a newer version of rust](https://dev.azure.com/certbot/certbot/_build/results?buildId=7451&view=logs&j=fdd3565a-f3c6-5154-eca9-9ae03666f7bd&t=5dbd9851-46a4-524f-73a8-4028241afcde&l=475). I ran the full test suite on this branch which you can see in the GitHub status checks below. The boulder tests should fail as they're to be fixed by #9889 but everything else should pass.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Our boulder tests started failing because letsencrypt/boulder#7201 deleted the alternate rate limit policy file. I expect us using our own copy of the file is pretty safe as the files rarely change.
I also tried just using their remaining default test rate limits file, but hit rate limits.
Finally, regardless of what file I used and even if I tried pinning back boulder, the overall docker config seems a bit slower now and requires a higher retry value before we time out waiting for boulder to start.
You can see tests passing with this change at https://dev.azure.com/certbot/certbot/_build/results?buildId=7460&view=results.