Deprecate StoreKeyHashes flag (#4927)
The StoreKeyHashes feature flag controls whether rows are added to the keyHashToSerial table. This feature is now enabled everywhere, so the flag-protected code can be turned on unconditionally and the flag removed from configs. Related to #4895
This commit is contained in:
Aaron Gable
GitHub
parent
71df093042
commit
35c19c2e08
|
|
@ -16,25 +16,25 @@ func _() {
|
|||
_ = x[ParallelCheckFailedValidation-5]
|
||||
_ = x[DeleteUnusedChallenges-6]
|
||||
_ = x[BlockedKeyTable-7]
|
||||
_ = x[CAAValidationMethods-8]
|
||||
_ = x[CAAAccountURI-9]
|
||||
_ = x[EnforceMultiVA-10]
|
||||
_ = x[MultiVAFullResults-11]
|
||||
_ = x[MandatoryPOSTAsGET-12]
|
||||
_ = x[AllowV1Registration-13]
|
||||
_ = x[V1DisableNewValidations-14]
|
||||
_ = x[PrecertificateRevocation-15]
|
||||
_ = x[StripDefaultSchemePort-16]
|
||||
_ = x[StoreIssuerInfo-17]
|
||||
_ = x[StoreKeyHashes-18]
|
||||
_ = x[StoreKeyHashes-8]
|
||||
_ = x[CAAValidationMethods-9]
|
||||
_ = x[CAAAccountURI-10]
|
||||
_ = x[EnforceMultiVA-11]
|
||||
_ = x[MultiVAFullResults-12]
|
||||
_ = x[MandatoryPOSTAsGET-13]
|
||||
_ = x[AllowV1Registration-14]
|
||||
_ = x[V1DisableNewValidations-15]
|
||||
_ = x[PrecertificateRevocation-16]
|
||||
_ = x[StripDefaultSchemePort-17]
|
||||
_ = x[StoreIssuerInfo-18]
|
||||
_ = x[StoreRevokerInfo-19]
|
||||
_ = x[RestrictRSAKeySizes-20]
|
||||
_ = x[FasterNewOrdersRateLimit-21]
|
||||
}
|
||||
|
||||
const _FeatureFlag_name = "unusedWriteIssuedNamesPrecertHeadNonceStatusOKRemoveWFE2AccountIDCheckRenewalFirstParallelCheckFailedValidationDeleteUnusedChallengesBlockedKeyTableCAAValidationMethodsCAAAccountURIEnforceMultiVAMultiVAFullResultsMandatoryPOSTAsGETAllowV1RegistrationV1DisableNewValidationsPrecertificateRevocationStripDefaultSchemePortStoreIssuerInfoStoreKeyHashesStoreRevokerInfoRestrictRSAKeySizesFasterNewOrdersRateLimit"
|
||||
const _FeatureFlag_name = "unusedWriteIssuedNamesPrecertHeadNonceStatusOKRemoveWFE2AccountIDCheckRenewalFirstParallelCheckFailedValidationDeleteUnusedChallengesBlockedKeyTableStoreKeyHashesCAAValidationMethodsCAAAccountURIEnforceMultiVAMultiVAFullResultsMandatoryPOSTAsGETAllowV1RegistrationV1DisableNewValidationsPrecertificateRevocationStripDefaultSchemePortStoreIssuerInfoStoreRevokerInfoRestrictRSAKeySizesFasterNewOrdersRateLimit"
|
||||
|
||||
var _FeatureFlag_index = [...]uint16{0, 6, 29, 46, 65, 82, 111, 133, 148, 168, 181, 195, 213, 231, 250, 273, 297, 319, 334, 348, 364, 383, 407}
|
||||
var _FeatureFlag_index = [...]uint16{0, 6, 29, 46, 65, 82, 111, 133, 148, 162, 182, 195, 209, 227, 245, 264, 287, 311, 333, 348, 364, 383, 407}
|
||||
|
||||
func (i FeatureFlag) String() string {
|
||||
if i < 0 || i >= FeatureFlag(len(_FeatureFlag_index)-1) {
|
||||
|
|
|
|||
|
|
@ -19,6 +19,7 @@ const (
|
|||
ParallelCheckFailedValidation
|
||||
DeleteUnusedChallenges
|
||||
BlockedKeyTable
|
||||
StoreKeyHashes
|
||||
|
||||
// Currently in-use features
|
||||
// Check CAA and respect validationmethods parameter.
|
||||
|
|
@ -48,8 +49,6 @@ const (
|
|||
// StoreIssuerInfo enables storage of information identifying the issuer of
|
||||
// a certificate in the certificateStatus table.
|
||||
StoreIssuerInfo
|
||||
// StoreKeyHashes enables storage of SPKI hashes associated with certificates.
|
||||
StoreKeyHashes
|
||||
// StoreRevokerInfo enables storage of the revoker and a bool indicating if the row
|
||||
// was checked for extant unrevoked certificates in the blockedKeys table.
|
||||
StoreRevokerInfo
|
||||
|
|
|
|||
|
|
@ -12,7 +12,6 @@ import (
|
|||
corepb "github.com/letsencrypt/boulder/core/proto"
|
||||
"github.com/letsencrypt/boulder/db"
|
||||
berrors "github.com/letsencrypt/boulder/errors"
|
||||
"github.com/letsencrypt/boulder/features"
|
||||
bgrpc "github.com/letsencrypt/boulder/grpc"
|
||||
sapb "github.com/letsencrypt/boulder/sa/proto"
|
||||
)
|
||||
|
|
@ -111,10 +110,8 @@ func (ssa *SQLStorageAuthority) AddPrecertificate(ctx context.Context, req *sapb
|
|||
if err := addIssuedNames(txWithCtx, parsed, isRenewal); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if features.Enabled(features.StoreKeyHashes) {
|
||||
if err := addKeyHash(txWithCtx, parsed); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if err := addKeyHash(txWithCtx, parsed); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return nil, nil
|
||||
|
|
|
|||
|
|
@ -9,7 +9,6 @@ import (
|
|||
|
||||
"github.com/letsencrypt/boulder/db"
|
||||
berrors "github.com/letsencrypt/boulder/errors"
|
||||
"github.com/letsencrypt/boulder/features"
|
||||
sapb "github.com/letsencrypt/boulder/sa/proto"
|
||||
"github.com/letsencrypt/boulder/sa/satest"
|
||||
"github.com/letsencrypt/boulder/test"
|
||||
|
|
@ -108,13 +107,10 @@ func TestAddPrecertificateKeyHash(t *testing.T) {
|
|||
sa, _, cleanUp := initSA(t)
|
||||
defer cleanUp()
|
||||
reg := satest.CreateWorkingRegistration(t, sa)
|
||||
err := features.Set(map[string]bool{"StoreKeyHashes": true})
|
||||
test.AssertNotError(t, err, "failed to set features")
|
||||
defer features.Reset()
|
||||
|
||||
serial, testCert := test.ThrowAwayCert(t, 1)
|
||||
issued := testCert.NotBefore.UnixNano()
|
||||
_, err = sa.AddPrecertificate(ctx, &sapb.AddCertificateRequest{
|
||||
_, err := sa.AddPrecertificate(ctx, &sapb.AddCertificateRequest{
|
||||
Der: testCert.Raw,
|
||||
RegID: ®.ID,
|
||||
Ocsp: []byte{1, 2, 3},
|
||||
|
|
|
|||
|
|
@ -25,7 +25,6 @@
|
|||
},
|
||||
"features": {
|
||||
"StoreIssuerInfo": true,
|
||||
"StoreKeyHashes": true,
|
||||
"StoreRevokerInfo": true,
|
||||
"FasterNewOrdersRateLimit": true
|
||||
}
|
||||
|
|
|
|||
|
|
@ -25,7 +25,6 @@
|
|||
},
|
||||
"features": {
|
||||
"StoreIssuerInfo": true,
|
||||
"StoreKeyHashes": true,
|
||||
"StoreRevokerInfo": true
|
||||
}
|
||||
},
|
||||
|
|
|
|||
Loading…
Reference in New Issue