Make perspective and RIR optional but check them if they are configured

letsencrypt · Dec 6, 2024 · 78aa24b · 78aa24b
1 parent 9faa26c
commit 78aa24b
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 6 deletions.
diff --git a/cmd/boulder-va/main.go b/cmd/boulder-va/main.go
@@ -30,7 +30,9 @@ type RemoteVAGRPCClientConfig struct {
 	// Requirement 2.7 ("Multi-Perspective Issuance Corroboration attempts
 	// from each Network Perspective"). It should uniquely identify a group
 	// of RVAs deployed in the same datacenter.
-	Perspective string `validate:"required"`
+	//
+	// TODO(#7615): Make mandatory.
+	Perspective string `validate:"omitempty"`
 
 	// RIR indicates the Regional Internet Registry where this RVA is
 	// located. This field is used to identify the RIR region from which a
@@ -42,7 +44,9 @@ type RemoteVAGRPCClientConfig struct {
 	//   - APNIC
 	//   - LACNIC
 	//   - AFRINIC
-	RIR string `validate:"required,oneof=ARIN RIPE APNIC LACNIC AFRINIC"`
+	//
+	// TODO(#7615): Make mandatory.
+	RIR string `validate:"omitempty,oneof=ARIN RIPE APNIC LACNIC AFRINIC"`
 }
 
 type Config struct {

diff --git a/cmd/remoteva/main.go b/cmd/remoteva/main.go
@@ -25,7 +25,9 @@ type Config struct {
 		// Requirement 2.7 ("Multi-Perspective Issuance Corroboration attempts
 		// from each Network Perspective"). It should uniquely identify a group
 		// of RVAs deployed in the same datacenter.
-		Perspective string `validate:"required"`
+		//
+		// TODO(#7615): Make mandatory.
+		Perspective string `omitempty:"omitempty"`
 
 		// RIR indicates the Regional Internet Registry where this RVA is
 		// located. This field is used to identify the RIR region from which a
@@ -37,7 +39,9 @@ type Config struct {
 		//   - APNIC
 		//   - LACNIC
 		//   - AFRINIC
-		RIR string `validate:"required,oneof=ARIN RIPE APNIC LACNIC AFRINIC"`
+		//
+		// TODO(#7615): Make mandatory.
+		RIR string `validate:"omitempty,oneof=ARIN RIPE APNIC LACNIC AFRINIC"`
 
 		// SkipGRPCClientCertVerification, when disabled as it should typically
 		// be, will cause the remoteva server (which receives gRPCs from a

diff --git a/va/va.go b/va/va.go
@@ -241,7 +241,8 @@ func NewValidationAuthorityImpl(
 
 	for i, va1 := range remoteVAs {
 		for j, va2 := range remoteVAs {
-			if i != j && va1.Perspective == va2.Perspective {
+			// TODO(#7615): Remove the != "" check once perspective is required.
+			if i != j && va1.Perspective == va2.Perspective && va1.Perspective != "" {
 				return nil, fmt.Errorf("duplicate remote VA perspective %q", va1.Perspective)
 			}
 		}
@@ -507,7 +508,8 @@ func (va *ValidationAuthorityImpl) performRemoteOperation(ctx context.Context, o
 				responses <- &response{rva.Address, rva.Perspective, rva.RIR, res, err}
 				return
 			}
-			if res.GetPerspective() != rva.Perspective || res.GetRir() != rva.RIR {
+			// TODO(#7615): Remove the != "" check once perspective and rir is required.
+			if (rva.Perspective != "" && res.GetPerspective() != rva.Perspective) || (rva.RIR != "" && res.GetRir() != rva.RIR) {
 				err = fmt.Errorf(
 					"Expected perspective %q (%q) but got reply from %q (%q) - misconfiguration likely", rva.Perspective, rva.RIR, res.GetPerspective(), res.GetRir(),
 				)