Add REST API rate limits

The purpose is to protect the server against (inadvertent) excessive use
of the Gerrit REST API by singular users or user groups. Otherwise,
there are risks related to server overloading and cumbersome follow-up.

For example, the excessive use may stem from build jobs scheduled too
frequently or from external applications sending too many requests.
The REST API is also being used, when interacting with the Gerrit UI.
Users might see "exceeded rate limit" errors (HTTP error code 429)
and would have to wait some seconds or minutes before retrying.

The functionality is similar to and extends that of the git fetching
rate limits, introduced in Ie1ca2e19e9d8a9a525af534b7ee7d6d4164e27e9.
The configuration takes place in the quota.config stored in the
refs/meta/config branch of All-Projects. Without explicit configuration,
the default values of currently 3 seconds between subsequent requests
and at most 90 requests per burst (spending accumulated idle time)
per user group apply. Burst requests can be served at the very
beginning of a client interaction with the back-end server, as if idle
time would already have been accumulated. Please see the documentation
for more details.

Change-Id: Ie285d6687b163365a617af406c9b78c183ee13a9
9 files changed
tree: b76f3fbc806ff42dbdb1cf62e8a6af1c7a519489
  1. .settings/
  2. lib/
  3. src/
  4. .buckconfig
  5. .gitignore
  6. BUCK
  7. LICENSE
  8. pom.xml