Lower rate limits error level from implicit audit to warn

letsencrypt · Aug 15, 2024 · 9616e33 · 9616e33
1 parent 08170d7
commit 9616e33
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 10 deletions.
diff --git a/ra/ra.go b/ra/ra.go
@@ -1311,13 +1311,13 @@ func (ra *RegistrationAuthorityImpl) countCertificateIssued(ctx context.Context,
 	var transactions []ratelimits.Transaction
 	txns, err := ra.txnBuilder.CertificatesPerDomainSpendOnlyTransactions(regId, orderDomains)
 	if err != nil {
-		ra.log.Errf("building rate limit transactions at finalize: %s", err)
+		ra.log.Warningf("building rate limit transactions at finalize: %s", err)
 	}
 	transactions = append(transactions, txns...)
 
 	txn, err := ra.txnBuilder.CertificatesPerFQDNSetSpendOnlyTransaction(orderDomains)
 	if err != nil {
-		ra.log.Errf("building rate limit transaction at finalize: %s", err)
+		ra.log.Warningf("building rate limit transaction at finalize: %s", err)
 	}
 	transactions = append(transactions, txn)
 
@@ -1326,7 +1326,7 @@ func (ra *RegistrationAuthorityImpl) countCertificateIssued(ctx context.Context,
 		if errors.Is(err, context.Canceled) || errors.Is(err, context.DeadlineExceeded) {
 			return
 		}
-		ra.log.Errf("spending against rate limits at finalize: %s", err)
+		ra.log.Warningf("spending against rate limits at finalize: %s", err)
 	}
 }
 
@@ -1861,15 +1861,15 @@ func (ra *RegistrationAuthorityImpl) countFailedValidation(ctx context.Context,
 
 	txn, err := ra.txnBuilder.FailedAuthorizationsPerDomainPerAccountSpendOnlyTransaction(regId, name)
 	if err != nil {
-		ra.log.Errf("building rate limit transaction for the %s rate limit: %s", ratelimits.FailedAuthorizationsPerDomainPerAccount, err)
+		ra.log.Warningf("building rate limit transaction for the %s rate limit: %s", ratelimits.FailedAuthorizationsPerDomainPerAccount, err)
 	}
 
 	_, err = ra.limiter.Spend(ctx, txn)
 	if err != nil {
 		if errors.Is(err, context.Canceled) || errors.Is(err, context.DeadlineExceeded) {
 			return
 		}
-		ra.log.Errf("spending against the %s rate limit: %s", ratelimits.FailedAuthorizationsPerDomainPerAccount, err)
+		ra.log.Warningf("spending against the %s rate limit: %s", ratelimits.FailedAuthorizationsPerDomainPerAccount, err)
 	}
 }
 

diff --git a/wfe2/wfe.go b/wfe2/wfe.go
@@ -662,14 +662,14 @@ func (wfe *WebFrontEndImpl) checkNewAccountLimits(ctx context.Context, ip net.IP
 
 	_, err = wfe.limiter.BatchSpend(ctx, txns)
 	if err != nil {
-		wfe.log.Errf("checking newAccount limits: %s", err)
+		wfe.log.Warningf("checking newAccount limits: %s", err)
 		return nil
 	}
 
 	return func() {
 		_, err := wfe.limiter.BatchRefund(ctx, txns)
 		if err != nil {
-			wfe.log.Errf("refunding newAccount limits: %s", err)
+			wfe.log.Warningf("refunding newAccount limits: %s", err)
 		}
 	}
 }
@@ -2038,7 +2038,7 @@ func (wfe *WebFrontEndImpl) checkNewOrderLimits(ctx context.Context, regId int64
 
 	txns, err := wfe.txnBuilder.NewOrderLimitTransactions(regId, names, isRenewal)
 	if err != nil {
-		wfe.log.Errf("building new order limit transactions: %v", err)
+		wfe.log.Warningf("building new order limit transactions: %v", err)
 		return nil
 	}
 
@@ -2047,14 +2047,14 @@ func (wfe *WebFrontEndImpl) checkNewOrderLimits(ctx context.Context, regId int64
 		if errors.Is(err, context.Canceled) || errors.Is(err, context.DeadlineExceeded) {
 			return nil
 		}
-		wfe.log.Errf("checking newOrder limits: %s", err)
+		wfe.log.Warningf("checking newOrder limits: %s", err)
 		return nil
 	}
 
 	return func() {
 		_, err := wfe.limiter.BatchRefund(ctx, txns)
 		if err != nil {
-			wfe.log.Errf("refunding newOrder limits: %s", err)
+			wfe.log.Warningf("refunding newOrder limits: %s", err)
 		}
 	}
 }