Merge remote-tracking branch 'origin/trust-but-verify' into trust-but…

…-verify-2
letsencrypt · Nov 22, 2024 · 64a9a3a · 64a9a3a
2 parents f75bb3e + 24148a9
commit 64a9a3a
Show file tree

Hide file tree

Showing 3 changed files with 42 additions and 38 deletions.
diff --git a/cmd/boulder-va/main.go b/cmd/boulder-va/main.go
@@ -15,10 +15,44 @@ import (
 	vapb "github.com/letsencrypt/boulder/va/proto"
 )
 
+// RemoteVAGRPCClientConfig  contains the information necessary to setup a gRPC
+// client connection. The following GRPC client configuration field combinations
+// are allowed:
+//
+// ServerIPAddresses, [Timeout]
+// ServerAddress, DNSAuthority, [Timeout], [HostOverride]
+// SRVLookup, DNSAuthority, [Timeout], [HostOverride], [SRVResolver]
+// SRVLookups, DNSAuthority, [Timeout], [HostOverride], [SRVResolver]
+type RemoteVAGRPCClientConfig struct {
+	cmd.GRPCClientConfig
+	// Perspective uniquely identifies the Network Perspective used to
+	// perform the validation, as specified in BRs Section 5.4.1,
+	// Requirement 2.7 ("Multi-Perspective Issuance Corroboration attempts
+	// from each Network Perspective"). It should uniquely identify a group
+	// of RVAs deployed in the same datacenter.
+	//
+	// TODO(#7615): Make mandatory.
+	Perspective string `validate:"omitempty"`
+
+	// RIR indicates the Regional Internet Registry where this RVA is
+	// located. This field is used to identify the RIR region from which a
+	// given validation was performed, as specified in the "Phased
+	// Implementation Timeline" in BRs Section 3.2.2.9. It must be one of
+	// the following values:
+	//   - ARIN
+	//   - RIPE
+	//   - APNIC
+	//   - LACNIC
+	//   - AfriNIC
+	//
+	// TODO(#7615): Make mandatory.
+	RIR string `validate:"omitempty,oneof=ARIN RIPE APNIC LACNIC AfriNIC"`
+}
+
 type Config struct {
 	VA struct {
 		vaConfig.Common
-		RemoteVAs []cmd.RemoteVAGRPCClientConfig `validate:"omitempty,dive"`
+		RemoteVAs []RemoteVAGRPCClientConfig `validate:"omitempty,dive"`
 		// Deprecated and ignored
 		MaxRemoteValidationFailures int `validate:"omitempty,min=0,required_with=RemoteVAs"`
 		Features                    features.Config

diff --git a/cmd/config.go b/cmd/config.go
@@ -442,36 +442,6 @@ func (c *GRPCClientConfig) makeSRVScheme() (string, error) {
 	return c.SRVResolver, nil
 }
 
-// RemoteVAGRPCClientConfig  contains the information necessary to setup a gRPC
-// client connection. The following GRPC client configuration field combinations
-// are allowed:
-//
-// ServerIPAddresses, [Timeout]
-// ServerAddress, DNSAuthority, [Timeout], [HostOverride]
-// SRVLookup, DNSAuthority, [Timeout], [HostOverride], [SRVResolver]
-// SRVLookups, DNSAuthority, [Timeout], [HostOverride], [SRVResolver]
-type RemoteVAGRPCClientConfig struct {
-	GRPCClientConfig
-	// Perspective uniquely identifies the Network Perspective used to
-	// perform the validation, as specified in BRs Section 5.4.1,
-	// Requirement 2.7 ("Multi-Perspective Issuance Corroboration attempts
-	// from each Network Perspective"). It should uniquely identify a group
-	// of RVAs deployed in the same datacenter.
-	Perspective string `validate:"required"`
-
-	// RIR indicates the Regional Internet Registry where this RVA is
-	// located. This field is used to identify the RIR region from which a
-	// given validation was performed, as specified in the "Phased
-	// Implementation Timeline" in BRs Section 3.2.2.9. It must be one of
-	// the following values:
-	//   - ARIN
-	//   - RIPE
-	//   - APNIC
-	//   - LACNIC
-	//   - AfriNIC
-	RIR string `validate:"required,oneof=ARIN RIPE APNIC LACNIC AfriNIC"`
-}
-
 // GRPCServerConfig contains the information needed to start a gRPC server.
 type GRPCServerConfig struct {
 	Address string `json:"address" validate:"omitempty,hostname_port"`

diff --git a/va/va_test.go b/va/va_test.go
@@ -231,7 +231,7 @@ type multiSrv struct {
 }
 
 const (
-	slow                  = "slow remote"
+	slowUA                = "slow remote"
 	slowRemoteSleepMillis = 1000
 )
 
@@ -243,7 +243,7 @@ func httpMultiSrv(t *testing.T, token string, allowedUAs map[string]bool) *multi
 	ms := &multiSrv{server, sync.Mutex{}, allowedUAs}
 
 	m.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
-		if r.UserAgent() == slow {
+		if r.UserAgent() == slowUA {
 			time.Sleep(slowRemoteSleepMillis)
 		}
 		ms.mu.Lock()
@@ -701,24 +701,24 @@ func TestMultiVAEarlyReturn(t *testing.T) {
 	}{
 		{
 			remoteConfs: []remoteConf{
-				{ua: slow, rir: arin},
+				{ua: slowUA, rir: arin},
 				{ua: pass, rir: ripe},
 				{ua: fail, rir: apnic},
 			},
 		},
 		{
 			remoteConfs: []remoteConf{
-				{ua: slow, rir: arin},
-				{ua: slow, rir: ripe},
+				{ua: slowUA, rir: arin},
+				{ua: slowUA, rir: ripe},
 				{ua: pass, rir: apnic},
 				{ua: pass, rir: arin},
 				{ua: fail, rir: ripe},
 			},
 		},
 		{
 			remoteConfs: []remoteConf{
-				{ua: slow, rir: arin},
-				{ua: slow, rir: ripe},
+				{ua: slowUA, rir: arin},
+				{ua: slowUA, rir: ripe},
 				{ua: pass, rir: apnic},
 				{ua: pass, rir: arin},
 				{ua: fail, rir: ripe},