git-server-git.apps.pok.os.sepia.ceph.com Git

rgw: add accurate Retry-After header to rate-limit responses

When RGW rejects an S3 request with -ERR_RATE_LIMITED, return an HTTP
Retry-After header that tells the client how many seconds to wait before
retrying. The value is computed from the current token-bucket deficit and
replenishment rate, so a polite client that honors the header will retry
right around when its tokens recover.

The delay is threaded out of the rate limiter through req_state and onto
the response in abort_early(). The rate-limit check now returns int64_t
seconds (0 = allowed) instead of bool, with a 1-second floor on the
rejected path.

The seconds-to-recover calculation is factored into a small static helper
RateLimiterEntry::compute_delay(limit, needed, interval) so it can be
unit-tested directly. Each dimension (ops, bytes) calls it independently
and the caller takes the max, leaving room for additional limit
dimensions in the future.

The user-facing documentation is updated to describe the new header and
to suggest proxy-layer remapping for operators who need 429 instead of
the existing 503.

Tracker: https://tracker.ceph.com/issues/64083
Tracker: https://tracker.ceph.com/issues/67655
Signed-off-by: Lumir Sliva <61183145+lumir-sliva@users.noreply.github.com>

author	Lumir Sliva <lumir.sliva@firma.seznam.cz>
	Fri, 3 Apr 2026 21:56:41 +0000 (23:56 +0200)
committer	Lumir Sliva <61183145+lumir-sliva@users.noreply.github.com>
	Wed, 8 Apr 2026 15:57:01 +0000 (17:57 +0200)
commit	3dae903c9a31fe5161058a4bb1cfe4092839eb29
tree	1cb5e4ffd0956283099ee4aec9702c3adaacc481	tree \| snapshot
parent	fa54c4911cc9d1b8977778bc311ff7d635889d8f	commit \| diff

doc/radosgw/admin.rst		diff \| blob \| history
src/rgw/rgw_common.h		diff \| blob \| history
src/rgw/rgw_process.cc		diff \| blob \| history
src/rgw/rgw_ratelimit.h		diff \| blob \| history
src/rgw/rgw_rest.cc		diff \| blob \| history
src/test/rgw/test_rgw_ratelimit.cc		diff \| blob \| history