Merge master

Makefile

@@ -9,17 +9,7 @@ VERSION ?= 1.0.0
 EPOCH ?= 1
 MAINTAINER ?= "Community"
 
-OBJECTS = activity-monitor \
+OBJECTS = $(shell find ./cmd -type d -maxdepth 1 -mindepth 1 | xargs basename)
-	admin-revoker \
-	boulder-ca \
-	boulder-ra \
-	boulder-sa \
-	boulder-va \
-	boulder-wfe \
-	expiration-mailer \
-	ocsp-updater \
-	ocsp-responder \
-	policy-loader
 
 # Build environment variables (referencing core/util.go)
 COMMIT_ID = $(shell git rev-parse --short HEAD)
@@ -40,8 +30,6 @@ build: $(OBJECTS)
 
 pre:
 	@mkdir -p $(OBJDIR)
-	@echo [go] lib/github.com/mattn/go-sqlite3
-	@go install ./Godeps/_workspace/src/github.com/mattn/go-sqlite3
 
 # Compile each of the binaries
 $(OBJECTS): pre
@@ -49,7 +37,7 @@ $(OBJECTS): pre
 	@go build -o ./bin/$@ -ldflags \
 		"-X $(BUILD_ID_VAR) '$(BUILD_ID)' -X $(BUILD_TIME_VAR) '$(BUILD_TIME)' \
 		 -X $(BUILD_HOST_VAR) '$(BUILD_HOST)'" \
-		cmd/$@/main.go
+		./cmd/$@/
 
 clean:
 	rm -f $(OBJDIR)/*

ca/certificate-authority-data.go

@@ -11,7 +11,6 @@ import (
 
 	"github.com/letsencrypt/boulder/core"
 	blog "github.com/letsencrypt/boulder/log"
-	"github.com/letsencrypt/boulder/sa"
 
 	gorp "github.com/letsencrypt/boulder/Godeps/_workspace/src/gopkg.in/gorp.v1"
 )
@@ -32,14 +31,9 @@ type SerialNumber struct {
 
 // NewCertificateAuthorityDatabaseImpl constructs a Database for the
 // Certificate Authority.
-func NewCertificateAuthorityDatabaseImpl(driver string, name string) (cadb core.CertificateAuthorityDatabase, err error) {
+func NewCertificateAuthorityDatabaseImpl(dbMap *gorp.DbMap) (cadb core.CertificateAuthorityDatabase, err error) {
 	logger := blog.GetAuditLogger()
 
-	dbMap, err := sa.NewDbMap(driver, name)
-	if err != nil {
-		return nil, err
-	}
-
 	dbMap.AddTableWithName(SerialNumber{}, "serialNumber").SetKeys(true, "ID")
 
 	cadb = &CertificateAuthorityDatabaseImpl{

ca/certificate-authority-data_test.go

@@ -8,39 +8,14 @@ package ca
 import (
 	"testing"
 
-	_ "github.com/letsencrypt/boulder/Godeps/_workspace/src/github.com/mattn/go-sqlite3"
+	"github.com/letsencrypt/boulder/core"
+	"github.com/letsencrypt/boulder/sa"
 	"github.com/letsencrypt/boulder/test"
 )
 
-const badDriver = "nothing"
-const badFilename = "/doesnotexist/nofile"
-const sqliteDriver = "sqlite3"
-const sqliteName = ":memory:"
-
-func TestConstruction(t *testing.T) {
-	// Successful case
-	_, err := NewCertificateAuthorityDatabaseImpl(sqliteDriver, sqliteName)
-	test.AssertNotError(t, err, "Could not construct CA DB")
-
-	// Covers "sql.Open" error
-	_, err = NewCertificateAuthorityDatabaseImpl(badDriver, sqliteName)
-	test.AssertError(t, err, "Should have failed construction")
-
-	// Covers "db.Ping" error
-	_, err = NewCertificateAuthorityDatabaseImpl(sqliteDriver, badFilename)
-	test.AssertError(t, err, "Should have failed construction")
-}
-
 func TestGetSetSequenceOutsideTx(t *testing.T) {
-	cadb, err := NewCertificateAuthorityDatabaseImpl(sqliteDriver, sqliteName)
+	cadb, cleanUp := caDBImpl(t)
-	test.AssertNotError(t, err, "Could not construct CA DB")
+	defer cleanUp()
-
-	err = cadb.CreateTablesIfNotExists()
-	test.AssertNotError(t, err, "Could not construct tables")
-
-	_, err = cadb.IncrementAndGetSerial(nil)
-	test.AssertError(t, err, "Not permitted")
-
 	tx, err := cadb.Begin()
 	test.AssertNotError(t, err, "Could not begin")
 	tx.Commit()
@@ -55,12 +30,8 @@ func TestGetSetSequenceOutsideTx(t *testing.T) {
 }
 
 func TestGetSetSequenceNumber(t *testing.T) {
-	cadb, err := NewCertificateAuthorityDatabaseImpl(sqliteDriver, sqliteName)
+	cadb, cleanUp := caDBImpl(t)
-	test.AssertNotError(t, err, "Could not construct CA DB")
+	defer cleanUp()
-
-	err = cadb.CreateTablesIfNotExists()
-	test.AssertNotError(t, err, "Could not construct tables")
-
 	tx, err := cadb.Begin()
 	test.AssertNotError(t, err, "Could not begin")
 
@@ -74,3 +45,45 @@ func TestGetSetSequenceNumber(t *testing.T) {
 	err = tx.Commit()
 	test.AssertNotError(t, err, "Could not commit")
 }
+
+func caDBImpl(t *testing.T) (core.CertificateAuthorityDatabase, func()) {
+	dbMap, err := sa.NewDbMap(dbConnStr)
+	if err != nil {
+		t.Fatalf("Could not construct dbMap: %s", err)
+	}
+
+	cadb, err := NewCertificateAuthorityDatabaseImpl(dbMap)
+	if err != nil {
+		t.Fatalf("Could not construct CA DB: %s", err)
+	}
+
+	// We intentionally call CreateTablesIfNotExists twice before
+	// returning because of the weird insert inside it. The
+	// CADatabaseImpl code expects the existence of a single row in
+	// its serialIds table or else it errors. CreateTablesIfNotExists
+	// currently inserts that row and TruncateTables will remove
+	// it. But we need to make sure the tables exist before
+	// TruncateTables can be called to reset the table. So, two calls
+	// to CreateTablesIfNotExists.
+
+	err = cadb.CreateTablesIfNotExists()
+	if err != nil {
+		t.Fatalf("Could not construct tables: %s", err)
+	}
+	err = dbMap.TruncateTables()
+	if err != nil {
+		t.Fatalf("Could not truncate tables: %s", err)
+	}
+	err = cadb.CreateTablesIfNotExists()
+	if err != nil {
+		t.Fatalf("Could not construct tables: %s", err)
+	}
+	cleanUp := func() {
+		if err := dbMap.TruncateTables(); err != nil {
+			t.Fatalf("Could not truncate tables after the test: %s", err)
+		}
+		dbMap.Db.Close()
+	}
+
+	return cadb, cleanUp
+}

ca/certificate-authority.go

@@ -120,7 +120,7 @@ func NewCertificateAuthorityImpl(cadb core.CertificateAuthorityDatabase, config
 		return nil, err
 	}
 
-	pa, err := policy.NewPolicyAuthorityImpl(paConfig.DBDriver, paConfig.DBConnect, paConfig.EnforcePolicyWhitelist)
+	pa, err := policy.NewPolicyAuthorityImpl(paConfig.DBConnect, paConfig.EnforcePolicyWhitelist)
 	if err != nil {
 		return nil, err
 	}

ca/certificate-authority_test.go

@@ -11,13 +11,11 @@ import (
 	"encoding/asn1"
 	"encoding/hex"
 	"fmt"
-	"os"
 	"testing"
 	"time"
 
 	cfsslConfig "github.com/letsencrypt/boulder/Godeps/_workspace/src/github.com/cloudflare/cfssl/config"
 	ocspConfig "github.com/letsencrypt/boulder/Godeps/_workspace/src/github.com/cloudflare/cfssl/ocsp/config"
-	_ "github.com/letsencrypt/boulder/Godeps/_workspace/src/github.com/mattn/go-sqlite3"
 	"github.com/letsencrypt/boulder/cmd"
 	"github.com/letsencrypt/boulder/mocks"
 
@@ -338,30 +336,44 @@ var log = mocks.UseMockLog()
 // CFSSL config
 const profileName = "ee"
 const caKeyFile = "../test/test-ca.key"
+const caCertFile = "../test/test-ca.pem"
 
 const issuerCert = "../test/test-ca.pem"
 
+// TODO(jmhodges): change this to boulder_ca_test database
+var dbConnStr = "mysql+tcp://boulder@localhost:3306/boulder_test"
 var exPA = cmd.PAConfig{
-	DBDriver:  "sqlite3",
+	DBConnect: dbConnStr,
-	DBConnect: ":memory:",
 }
 
-func TestMain(m *testing.M) {
+func setup(t *testing.T) (core.CertificateAuthorityDatabase, core.StorageAuthority, cmd.CAConfig, func()) {
-
-	os.Exit(m.Run())
-}
-
-func setup(t *testing.T) (cadb core.CertificateAuthorityDatabase, storageAuthority core.StorageAuthority, caConfig cmd.CAConfig) {
 	// Create an SA
-	ssa, err := sa.NewSQLStorageAuthority("sqlite3", ":memory:")
+	dbMap, err := sa.NewDbMap(dbConnStr)
-	test.AssertNotError(t, err, "Failed to create SA")
+	if err != nil {
-	ssa.CreateTablesIfNotExists()
+		t.Fatalf("Failed to create dbMap: %s", err)
-	storageAuthority = ssa
+	}
+	ssa, err := sa.NewSQLStorageAuthority(dbMap)
+	if err != nil {
+		t.Fatalf("Failed to create SA: %s", err)
+	}
+	if err = ssa.CreateTablesIfNotExists(); err != nil {
+		t.Fatalf("Failed to create tables: %s", err)
+	}
+	if err = dbMap.TruncateTables(); err != nil {
+		t.Fatalf("Failed to truncate tables: %s", err)
+	}
 
-	cadb, _ = mocks.NewMockCertificateAuthorityDatabase()
+	cadb, caDBCleanUp := caDBImpl(t)
+	cleanUp := func() {
+		if err = dbMap.TruncateTables(); err != nil {
+			t.Fatalf("Failed to truncate tables after the test: %s", err)
+		}
+		dbMap.Db.Close()
+		caDBCleanUp()
+	}
 
 	// Create a CA
-	caConfig = cmd.CAConfig{
+	caConfig := cmd.CAConfig{
 		Profile:      profileName,
 		SerialPrefix: 17,
 		Key: cmd.KeyConfig{
@@ -406,19 +418,22 @@ func setup(t *testing.T) (cadb core.CertificateAuthorityDatabase, storageAuthori
 			},
 		},
 	}
-	return cadb, storageAuthority, caConfig
+	return cadb, ssa, caConfig, cleanUp
 }
 
 func TestFailNoSerial(t *testing.T) {
-	cadb, _, caConfig := setup(t)
+	cadb, _, caConfig, cleanUp := setup(t)
+	defer cleanUp()
+
 	caConfig.SerialPrefix = 0
 	_, err := NewCertificateAuthorityImpl(cadb, caConfig, issuerCert, exPA)
 	test.AssertError(t, err, "CA should have failed with no SerialPrefix")
 }
 
 func TestRevoke(t *testing.T) {
-	cadb, storageAuthority, caConfig := setup(t)
+	cadb, storageAuthority, caConfig, cleanUp := setup(t)
-	ca, err := NewCertificateAuthorityImpl(cadb, caConfig, issuerCert, exPA)
+	defer cleanUp()
+	ca, err := NewCertificateAuthorityImpl(cadb, caConfig, caCertFile, exPA)
 	test.AssertNotError(t, err, "Failed to create CA")
 	if err != nil {
 		return
@@ -449,8 +464,9 @@ func TestRevoke(t *testing.T) {
 }
 
 func TestIssueCertificate(t *testing.T) {
-	cadb, storageAuthority, caConfig := setup(t)
+	cadb, storageAuthority, caConfig, cleanUp := setup(t)
-	ca, err := NewCertificateAuthorityImpl(cadb, caConfig, issuerCert, exPA)
+	defer cleanUp()
+	ca, err := NewCertificateAuthorityImpl(cadb, caConfig, caCertFile, exPA)
 	test.AssertNotError(t, err, "Failed to create CA")
 	ca.SA = storageAuthority
 	ca.MaxKeySize = 4096
@@ -525,8 +541,9 @@ func TestIssueCertificate(t *testing.T) {
 }
 
 func TestRejectNoName(t *testing.T) {
-	cadb, storageAuthority, caConfig := setup(t)
+	cadb, storageAuthority, caConfig, cleanUp := setup(t)
-	ca, err := NewCertificateAuthorityImpl(cadb, caConfig, issuerCert, exPA)
+	defer cleanUp()
+	ca, err := NewCertificateAuthorityImpl(cadb, caConfig, caCertFile, exPA)
 	test.AssertNotError(t, err, "Failed to create CA")
 	ca.SA = storageAuthority
 	ca.MaxKeySize = 4096
@@ -541,8 +558,9 @@ func TestRejectNoName(t *testing.T) {
 }
 
 func TestRejectTooManyNames(t *testing.T) {
-	cadb, storageAuthority, caConfig := setup(t)
+	cadb, storageAuthority, caConfig, cleanUp := setup(t)
-	ca, err := NewCertificateAuthorityImpl(cadb, caConfig, issuerCert, exPA)
+	defer cleanUp()
+	ca, err := NewCertificateAuthorityImpl(cadb, caConfig, caCertFile, exPA)
 	test.AssertNotError(t, err, "Failed to create CA")
 	ca.SA = storageAuthority
 
@@ -554,8 +572,9 @@ func TestRejectTooManyNames(t *testing.T) {
 }
 
 func TestDeduplication(t *testing.T) {
-	cadb, storageAuthority, caConfig := setup(t)
+	cadb, storageAuthority, caConfig, cleanUp := setup(t)
-	ca, err := NewCertificateAuthorityImpl(cadb, caConfig, issuerCert, exPA)
+	defer cleanUp()
+	ca, err := NewCertificateAuthorityImpl(cadb, caConfig, caCertFile, exPA)
 	test.AssertNotError(t, err, "Failed to create CA")
 	ca.SA = storageAuthority
 	ca.MaxKeySize = 4096
@@ -583,8 +602,9 @@ func TestDeduplication(t *testing.T) {
 }
 
 func TestRejectValidityTooLong(t *testing.T) {
-	cadb, storageAuthority, caConfig := setup(t)
+	cadb, storageAuthority, caConfig, cleanUp := setup(t)
-	ca, err := NewCertificateAuthorityImpl(cadb, caConfig, issuerCert, exPA)
+	defer cleanUp()
+	ca, err := NewCertificateAuthorityImpl(cadb, caConfig, caCertFile, exPA)
 	test.AssertNotError(t, err, "Failed to create CA")
 	ca.SA = storageAuthority
 	ca.MaxKeySize = 4096
@@ -604,8 +624,9 @@ func TestRejectValidityTooLong(t *testing.T) {
 }
 
 func TestShortKey(t *testing.T) {
-	cadb, storageAuthority, caConfig := setup(t)
+	cadb, storageAuthority, caConfig, cleanUp := setup(t)
-	ca, err := NewCertificateAuthorityImpl(cadb, caConfig, issuerCert, exPA)
+	defer cleanUp()
+	ca, err := NewCertificateAuthorityImpl(cadb, caConfig, caCertFile, exPA)
 	ca.SA = storageAuthority
 	ca.MaxKeySize = 4096
 
@@ -617,8 +638,9 @@ func TestShortKey(t *testing.T) {
 }
 
 func TestRejectBadAlgorithm(t *testing.T) {
-	cadb, storageAuthority, caConfig := setup(t)
+	cadb, storageAuthority, caConfig, cleanUp := setup(t)
-	ca, err := NewCertificateAuthorityImpl(cadb, caConfig, issuerCert, exPA)
+	defer cleanUp()
+	ca, err := NewCertificateAuthorityImpl(cadb, caConfig, caCertFile, exPA)
 	ca.SA = storageAuthority
 	ca.MaxKeySize = 4096
 

cmd/admin-revoker/main.go

@@ -17,18 +17,12 @@ import (
 
 	"github.com/letsencrypt/boulder/Godeps/_workspace/src/github.com/cactus/go-statsd-client/statsd"
 	"github.com/letsencrypt/boulder/Godeps/_workspace/src/github.com/codegangsta/cli"
-
+	gorp "github.com/letsencrypt/boulder/Godeps/_workspace/src/gopkg.in/gorp.v1"
-	// Load both drivers to allow configuring either
-	_ "github.com/letsencrypt/boulder/Godeps/_workspace/src/github.com/go-sql-driver/mysql"
-	_ "github.com/letsencrypt/boulder/Godeps/_workspace/src/github.com/mattn/go-sqlite3"
-
 	"github.com/letsencrypt/boulder/cmd"
 	"github.com/letsencrypt/boulder/core"
 	blog "github.com/letsencrypt/boulder/log"
 	"github.com/letsencrypt/boulder/rpc"
 	"github.com/letsencrypt/boulder/sa"
-
-	gorp "github.com/letsencrypt/boulder/Godeps/_workspace/src/gopkg.in/gorp.v1"
 )
 
 var reasons = map[int]string{
@@ -76,7 +70,7 @@ func setupContext(context *cli.Context) (rpc.CertificateAuthorityClient, *blog.A
 	cac, err := rpc.NewCertificateAuthorityClient(caRPC)
 	cmd.FailOnError(err, "Unable to create CA client")
 
-	dbMap, err := sa.NewDbMap(c.Revoker.DBDriver, c.Revoker.DBConnect)
+	dbMap, err := sa.NewDbMap(c.Revoker.DBConnect)
 	cmd.FailOnError(err, "Couldn't setup database connection")
 
 	saRPC, err := rpc.NewAmqpRPCClient("AdminRevoker->SA", c.AMQP.SA.Server, ch)

cmd/boulder-ca/main.go

@@ -7,11 +7,11 @@ package main
 
 import (
 	"github.com/letsencrypt/boulder/Godeps/_workspace/src/github.com/cactus/go-statsd-client/statsd"
-
 	"github.com/letsencrypt/boulder/ca"
 	"github.com/letsencrypt/boulder/cmd"
 	blog "github.com/letsencrypt/boulder/log"
 	"github.com/letsencrypt/boulder/rpc"
+	"github.com/letsencrypt/boulder/sa"
 )
 
 func main() {
@@ -31,8 +31,10 @@ func main() {
 
 		go cmd.DebugServer(c.CA.DebugAddr)
 
-		cadb, err := ca.NewCertificateAuthorityDatabaseImpl(c.CA.DBDriver, c.CA.DBConnect)
+		dbMap, err := sa.NewDbMap(c.CA.DBConnect)
+		cmd.FailOnError(err, "Couldn't connect to CA database")
 
+		cadb, err := ca.NewCertificateAuthorityDatabaseImpl(dbMap)
 		cmd.FailOnError(err, "Failed to create CA database")
 
 		if c.SQL.CreateTables {

cmd/boulder-sa/main.go

@@ -31,8 +31,10 @@ func main() {
 
 		go cmd.DebugServer(c.SA.DebugAddr)
 
-		sai, err := sa.NewSQLStorageAuthority(c.SA.DBDriver, c.SA.DBConnect)
+		dbMap, err := sa.NewDbMap(c.SA.DBConnect)
+		cmd.FailOnError(err, "Couldn't connect to SA database")
 
+		sai, err := sa.NewSQLStorageAuthority(dbMap)
 		cmd.FailOnError(err, "Failed to create SA impl")
 		sai.SetSQLDebug(c.SQL.SQLDebug)
 

cmd/expiration-mailer/main.go

@@ -240,7 +240,7 @@ func main() {
 		go cmd.DebugServer(c.Mailer.DebugAddr)
 
 		// Configure DB
-		dbMap, err := sa.NewDbMap(c.Mailer.DBDriver, c.Mailer.DBConnect)
+		dbMap, err := sa.NewDbMap(c.Mailer.DBConnect)
 		cmd.FailOnError(err, "Could not connect to database")
 
 		ch, err := rpc.AmqpChannel(c)

cmd/expiration-mailer/main_test.go

@@ -140,11 +140,30 @@ var testKey = rsa.PrivateKey{
 	Primes:    []*big.Int{p, q},
 }
 
+// TODO(jmhodges): Turn this into boulder_sa_test
+var dbConnStr = "mysql+tcp://boulder@localhost:3306/boulder_test"
+
 func TestFindExpiringCertificates(t *testing.T) {
-	dbMap, err := sa.NewDbMap("sqlite3", ":memory:")
+	dbMap, err := sa.NewDbMap(dbConnStr)
-	test.AssertNotError(t, err, "Couldn't connect to SQLite")
+	if err != nil {
+		t.Fatalf("Couldn't connect the database: %s", err)
+	}
 	err = dbMap.CreateTablesIfNotExists()
-	test.AssertNotError(t, err, "Couldn't create tables")
+	if err != nil {
+		t.Fatalf("Couldn't create tables: %s", err)
+	}
+	err = dbMap.TruncateTables()
+	if err != nil {
+		t.Fatalf("Couldn't truncate tables: %s", err)
+	}
+	defer func() {
+		err = dbMap.TruncateTables()
+		if err != nil {
+			t.Fatalf("Couldn't truncate tables after the test: %s", err)
+		}
+		dbMap.Db.Close()
+	}()
+
 	tmpl, err := template.New("expiry-email").Parse(testTmpl)
 	test.AssertNotError(t, err, "Couldn't parse test email template")
 	stats, _ := statsd.NewNoopClient(nil)

cmd/external-cert-importer/main.go

@@ -159,7 +159,7 @@ func main() {
 		blog.SetAuditLogger(auditlogger)
 
 		// Configure DB
-		dbMap, err := sa.NewDbMap(c.PA.DBDriver, c.PA.DBConnect)
+		dbMap, err := sa.NewDbMap(c.PA.DBConnect)
 		cmd.FailOnError(err, "Could not connect to database")
 
 		dbMap.AddTableWithName(core.ExternalCert{}, "externalCerts").SetKeys(false, "SHA1")

cmd/ocsp-responder/main.go

@@ -134,7 +134,7 @@ func main() {
 		auditlogger.Info(app.VersionString())
 
 		// Configure DB
-		dbMap, err := sa.NewDbMap(c.OCSPResponder.DBDriver, c.OCSPResponder.DBConnect)
+		dbMap, err := sa.NewDbMap(c.OCSPResponder.DBConnect)
 		cmd.FailOnError(err, "Could not connect to database")
 		sa.SetSQLDebug(dbMap, c.SQL.SQLDebug)
 

cmd/ocsp-updater/main.go

@@ -214,7 +214,7 @@ func main() {
 		go cmd.DebugServer(c.OCSPUpdater.DebugAddr)
 
 		// Configure DB
-		dbMap, err := sa.NewDbMap(c.OCSPUpdater.DBDriver, c.OCSPUpdater.DBConnect)
+		dbMap, err := sa.NewDbMap(c.OCSPUpdater.DBConnect)
 		cmd.FailOnError(err, "Could not connect to database")
 
 		cac, closeChan := setupClients(c)

cmd/policy-loader/main.go

@@ -29,7 +29,7 @@ func setupContext(context *cli.Context) (*policy.PolicyAuthorityDatabaseImpl, st
 	err = json.Unmarshal(configJSON, &c)
 	cmd.FailOnError(err, "Couldn't unmarshal configuration object")
 
-	padb, err := policy.NewPolicyAuthorityDatabaseImpl(c.PA.DBDriver, c.PA.DBConnect)
+	padb, err := policy.NewPolicyAuthorityDatabaseImpl(c.PA.DBConnect)
 	cmd.FailOnError(err, "Could not connect to PADB")
 	return padb, context.GlobalString("rule-file")
 }

cmd/shell.go

@@ -90,7 +90,6 @@ type Config struct {
 	}
 
 	SA struct {
-		DBDriver  string
 		DBConnect string
 
 		// DebugAddr is the address to run the /debug handlers on.
@@ -121,7 +120,6 @@ type Config struct {
 	}
 
 	Revoker struct {
-		DBDriver  string
 		DBConnect string
 	}
 
@@ -131,7 +129,6 @@ type Config struct {
 		Username string
 		Password string
 
-		DBDriver  string
 		DBConnect string
 
 		CertLimit int
@@ -144,7 +141,6 @@ type Config struct {
 	}
 
 	OCSPResponder struct {
-		DBDriver      string
 		DBConnect     string
 		Path          string
 		ListenAddress string
@@ -154,7 +150,6 @@ type Config struct {
 	}
 
 	OCSPUpdater struct {
-		DBDriver        string
 		DBConnect       string
 		MinTimeToExpiry string
 		ResponseLimit   int
@@ -188,7 +183,6 @@ type Config struct {
 type CAConfig struct {
 	Profile      string
 	TestMode     bool
-	DBDriver     string
 	DBConnect    string
 	SerialPrefix int
 	Key          KeyConfig
@@ -207,7 +201,6 @@ type CAConfig struct {
 }
 
 type PAConfig struct {
-	DBDriver               string
 	DBConnect              string
 	EnforcePolicyWhitelist bool
 }

mocks/mocks.go

@@ -6,48 +6,14 @@
 package mocks
 
 import (
-	"database/sql"
 	"fmt"
 	"net"
 	"strings"
 	"time"
 
-	// Load SQLite3 for test purposes
-	_ "github.com/letsencrypt/boulder/Godeps/_workspace/src/github.com/mattn/go-sqlite3"
 	"github.com/letsencrypt/boulder/Godeps/_workspace/src/github.com/miekg/dns"
-	gorp "github.com/letsencrypt/boulder/Godeps/_workspace/src/gopkg.in/gorp.v1"
 )
 
-// MockCADatabase is a mock
-type MockCADatabase struct {
-	db    *gorp.DbMap
-	count int64
-}
-
-// NewMockCertificateAuthorityDatabase is a mock
-func NewMockCertificateAuthorityDatabase() (mock *MockCADatabase, err error) {
-	db, err := sql.Open("sqlite3", ":memory:")
-	dbmap := &gorp.DbMap{Db: db, Dialect: gorp.SqliteDialect{}}
-	mock = &MockCADatabase{db: dbmap, count: 1}
-	return mock, err
-}
-
-// Begin is a mock
-func (cadb *MockCADatabase) Begin() (*gorp.Transaction, error) {
-	return cadb.db.Begin()
-}
-
-// IncrementAndGetSerial is a mock
-func (cadb *MockCADatabase) IncrementAndGetSerial(*gorp.Transaction) (int64, error) {
-	cadb.count = cadb.count + 1
-	return cadb.count, nil
-}
-
-// CreateTablesIfNotExists is a mock
-func (cadb *MockCADatabase) CreateTablesIfNotExists() error {
-	return nil
-}
-
 // MockDNS is a mock
 type MockDNS struct {
 }

policy/policy-authority.go

@@ -24,14 +24,14 @@ type PolicyAuthorityImpl struct {
 }
 
 // NewPolicyAuthorityImpl constructs a Policy Authority.
-func NewPolicyAuthorityImpl(driver, connect string, enforceWhitelist bool) (*PolicyAuthorityImpl, error) {
+func NewPolicyAuthorityImpl(connect string, enforceWhitelist bool) (*PolicyAuthorityImpl, error) {
 	logger := blog.GetAuditLogger()
 	logger.Notice("Policy Authority Starting")
 
 	pa := PolicyAuthorityImpl{log: logger}
 
 	// Setup policy db
-	padb, err := NewPolicyAuthorityDatabaseImpl(driver, connect)
+	padb, err := NewPolicyAuthorityDatabaseImpl(connect)
 	if err != nil {
 		return nil, err
 	}

policy/policy-authority_test.go

@@ -14,6 +14,7 @@ import (
 )
 
 var log = mocks.UseMockLog()
+var dbConnStr = "mysql+tcp://boulder@localhost:3306/boulder_test"
 
 func TestWillingToIssue(t *testing.T) {
 	shouldBeSyntaxError := []string{
@@ -91,7 +92,7 @@ func TestWillingToIssue(t *testing.T) {
 		"www.zombo-.com",
 	}
 
-	pa, _ := NewPolicyAuthorityImpl("sqlite3", ":memory:", false)
+	pa, _ := NewPolicyAuthorityImpl(dbConnStr, false)
 	rules := []DomainRule{}
 	for _, b := range shouldBeBlacklisted {
 		rules = append(rules, DomainRule{Host: b, Type: blacklisted})
@@ -147,7 +148,7 @@ func TestWillingToIssue(t *testing.T) {
 }
 
 func TestChallengesFor(t *testing.T) {
-	pa, _ := NewPolicyAuthorityImpl("sqlite3", ":memory:", true)
+	pa, _ := NewPolicyAuthorityImpl(dbConnStr, true)
 
 	challenges, combinations := pa.ChallengesFor(core.AcmeIdentifier{})
 

policy/policy-data.go

@@ -41,9 +41,9 @@ type PolicyAuthorityDatabaseImpl struct {
 
 // NewPolicyAuthorityDatabaseImpl constructs a Policy Authority Database (and
 // creates tables if they are non-existent)
-func NewPolicyAuthorityDatabaseImpl(driver, name string) (padb *PolicyAuthorityDatabaseImpl, err error) {
+func NewPolicyAuthorityDatabaseImpl(name string) (padb *PolicyAuthorityDatabaseImpl, err error) {
 	logger := blog.GetAuditLogger()
-	dbMap, err := sa.NewDbMap(driver, name)
+	dbMap, err := sa.NewDbMap(name)
 	if err != nil {
 		return nil, err
 	}

policy/policy-data_test.go

@@ -23,7 +23,7 @@ var (
 )
 
 func TestLoadAndDump(t *testing.T) {
-	p, err := NewPolicyAuthorityDatabaseImpl("sqlite3", ":memory:")
+	p, err := NewPolicyAuthorityDatabaseImpl(dbConnStr)
 	test.AssertNotError(t, err, "Couldn't create PADB")
 
 	err = p.LoadRules([]DomainRule{rA, rB})
@@ -36,7 +36,7 @@ func TestLoadAndDump(t *testing.T) {
 }
 
 func TestGet(t *testing.T) {
-	p, err := NewPolicyAuthorityDatabaseImpl("sqlite3", ":memory:")
+	p, err := NewPolicyAuthorityDatabaseImpl(dbConnStr)
 	test.AssertNotError(t, err, "Couldn't create PADB")
 
 	err = p.LoadRules([]DomainRule{rA, rB})

ra/registration-authority.go

@@ -43,7 +43,7 @@ func NewRegistrationAuthorityImpl(paConfig cmd.PAConfig) (ra RegistrationAuthori
 	logger.Notice("Registration Authority Starting")
 
 	ra.log = logger
-	pa, err := policy.NewPolicyAuthorityImpl(paConfig.DBDriver, paConfig.DBConnect, paConfig.EnforcePolicyWhitelist)
+	pa, err := policy.NewPolicyAuthorityImpl(paConfig.DBConnect, paConfig.EnforcePolicyWhitelist)
 	if err != nil {
 		return RegistrationAuthorityImpl{}, err
 	}

ra/registration-authority_test.go

@@ -21,7 +21,6 @@ import (
 	"github.com/letsencrypt/boulder/Godeps/_workspace/src/github.com/cloudflare/cfssl/ocsp"
 	"github.com/letsencrypt/boulder/Godeps/_workspace/src/github.com/cloudflare/cfssl/signer/local"
 	jose "github.com/letsencrypt/boulder/Godeps/_workspace/src/github.com/letsencrypt/go-jose"
-	_ "github.com/letsencrypt/boulder/Godeps/_workspace/src/github.com/mattn/go-sqlite3"
 	"github.com/letsencrypt/boulder/ca"
 	"github.com/letsencrypt/boulder/cmd"
 	"github.com/letsencrypt/boulder/core"
@@ -125,13 +124,14 @@ var (
 
 	log = mocks.UseMockLog()
 
+	// TODO(jmhodges): Turn this into boulder_sa_test
+	dbConnStr = "mysql+tcp://boulder@localhost:3306/boulder_test"
 	common    = cmd.PAConfig{
-		DBDriver:  "sqlite3",
+		DBConnect: dbConnStr,
-		DBConnect: ":memory:",
 	}
 )
 
-func initAuthorities(t *testing.T) (core.CertificateAuthority, *DummyValidationAuthority, *sa.SQLStorageAuthority, core.RegistrationAuthority) {
+func initAuthorities(t *testing.T) (core.CertificateAuthority, *DummyValidationAuthority, *sa.SQLStorageAuthority, *RegistrationAuthorityImpl, func()) {
 	err := json.Unmarshal(AccountKeyJSONA, &AccountKeyA)
 	test.AssertNotError(t, err, "Failed to unmarshal public JWK")
 	err = json.Unmarshal(AccountKeyJSONB, &AccountKeyB)
@@ -145,11 +145,22 @@ func initAuthorities(t *testing.T) (core.CertificateAuthority, *DummyValidationA
 	err = json.Unmarshal(ShortKeyJSON, &ShortKey)
 	test.AssertNotError(t, err, "Failed to unmarshall JWK")
 
-	sa, err := sa.NewSQLStorageAuthority("sqlite3", ":memory:")
+	dbMap, err := sa.NewDbMap(dbConnStr)
-	test.AssertNotError(t, err, "Failed to create SA")
-	err = sa.CreateTablesIfNotExists()
 	if err != nil {
-		t.Fatalf("unable to create tables: %s", err)
+		t.Fatalf("Failed to create dbMap: %s", err)
+	}
+	ssa, err := sa.NewSQLStorageAuthority(dbMap)
+	if err != nil {
+		t.Fatalf("Failed to create SA: %s", err)
+	}
+
+	err = ssa.CreateTablesIfNotExists()
+	if err != nil {
+		t.Fatalf("Failed to create SA tables: %s", err)
+	}
+
+	if err = dbMap.TruncateTables(); err != nil {
+		t.Fatalf("Failed to truncate SA tables: %s", err)
 	}
 
 	va := &DummyValidationAuthority{}
@@ -173,26 +184,36 @@ func initAuthorities(t *testing.T) (core.CertificateAuthority, *DummyValidationA
 	}
 	signer, _ := local.NewSigner(caKey, caCert, x509.SHA256WithRSA, basicPolicy)
 	ocspSigner, _ := ocsp.NewSigner(caCert, caCert, caKey, time.Hour)
-	pa, _ := policy.NewPolicyAuthorityImpl("sqlite3", ":memory:", false)
+	pa, err := policy.NewPolicyAuthorityImpl(dbConnStr, false)
-	cadb, _ := mocks.NewMockCertificateAuthorityDatabase()
+	test.AssertNotError(t, err, "Couldn't create PA")
+	cadb, caDBCleanUp := caDBImpl(t)
 	ca := ca.CertificateAuthorityImpl{
 		Signer:         signer,
 		OCSPSigner:     ocspSigner,
-		SA:             sa,
+		SA:             ssa,
 		PA:             pa,
 		DB:             cadb,
 		ValidityPeriod: time.Hour * 2190,
 		NotAfter:       time.Now().Add(time.Hour * 8761),
 		MaxKeySize:     4096,
 	}
+	cleanUp := func() {
+		if err = dbMap.TruncateTables(); err != nil {
+			t.Fatalf("Failed to truncate tables after the test: %s", err)
+		}
+		dbMap.Db.Close()
+		caDBCleanUp()
+	}
+
 	csrDER, _ := hex.DecodeString(CSRhex)
 	ExampleCSR, _ = x509.ParseCertificateRequest(csrDER)
 
 	// This registration implicitly gets ID = 1
-	Registration, _ = sa.NewRegistration(core.Registration{Key: AccountKeyA})
+	Registration, _ = ssa.NewRegistration(core.Registration{Key: AccountKeyA})
 
 	ra, err := NewRegistrationAuthorityImpl(common)
-	ra.SA = sa
+	test.AssertNotError(t, err, "Couldn't create RA")
+	ra.SA = ssa
 	ra.VA = va
 	ra.CA = &ca
 	ra.PA = pa
@@ -210,7 +231,55 @@ func initAuthorities(t *testing.T) (core.CertificateAuthority, *DummyValidationA
 	AuthzFinal.Expires = &exp
 	AuthzFinal.Challenges[0].Status = "valid"
 
-	return &ca, va, sa, &ra
+	return &ca, va, ssa, &ra, cleanUp
+}
+
+// This is an unfortunate bit of tech debt that is being taken on in
+// order to get the more important change of using MySQL/MariaDB in
+// all of our tests working without SQLite. We already had issues with
+// the RA here getting a real CertificateAuthority instead of a
+// CertificateAuthorityClient, so this is only marginally worse.
+// TODO(Issue #628): use a CAClient fake instead of a CAImpl instance
+func caDBImpl(t *testing.T) (core.CertificateAuthorityDatabase, func()) {
+	dbMap, err := sa.NewDbMap(dbConnStr)
+	if err != nil {
+		t.Fatalf("Could not construct dbMap: %s", err)
+	}
+
+	cadb, err := ca.NewCertificateAuthorityDatabaseImpl(dbMap)
+	if err != nil {
+		t.Fatalf("Could not construct CA DB: %s", err)
+	}
+
+	// We intentionally call CreateTablesIfNotExists twice before
+	// returning because of the weird insert inside it. The
+	// CADatabaseImpl code expects the existence of a single row in
+	// its serialIds table or else it errors. CreateTablesIfNotExists
+	// currently inserts that row and TruncateTables will remove
+	// it. But we need to make sure the tables exist before
+	// TruncateTables can be called to reset the table. So, two calls
+	// to CreateTablesIfNotExists.
+
+	err = cadb.CreateTablesIfNotExists()
+	if err != nil {
+		t.Fatalf("Could not construct tables: %s", err)
+	}
+	err = dbMap.TruncateTables()
+	if err != nil {
+		t.Fatalf("Could not truncate tables: %s", err)
+	}
+	err = cadb.CreateTablesIfNotExists()
+	if err != nil {
+		t.Fatalf("Could not construct tables: %s", err)
+	}
+	cleanUp := func() {
+		if err := dbMap.TruncateTables(); err != nil {
+			t.Fatalf("Could not truncate tables after the test: %s", err)
+		}
+		dbMap.Db.Close()
+	}
+
+	return cadb, cleanUp
 }
 
 func assertAuthzEqual(t *testing.T, a1, a2 core.Authorization) {
@@ -264,7 +333,8 @@ func TestValidateEmail(t *testing.T) {
 }
 
 func TestNewRegistration(t *testing.T) {
-	_, _, sa, ra := initAuthorities(t)
+	_, _, sa, ra, cleanUp := initAuthorities(t)
+	defer cleanUp()
 	mailto, _ := core.ParseAcmeURL("mailto:foo@letsencrypt.org")
 	input := core.Registration{
 		Contact: []*core.AcmeURL{mailto},
@@ -288,7 +358,8 @@ func TestNewRegistration(t *testing.T) {
 }
 
 func TestNewRegistrationNoFieldOverwrite(t *testing.T) {
-	_, _, _, ra := initAuthorities(t)
+	_, _, _, ra, cleanUp := initAuthorities(t)
+	defer cleanUp()
 	mailto, _ := core.ParseAcmeURL("mailto:foo@letsencrypt.org")
 	input := core.Registration{
 		ID:        23,
@@ -304,17 +375,19 @@ func TestNewRegistrationNoFieldOverwrite(t *testing.T) {
 	// TODO: Enable this test case once we validate terms agreement.
 	//test.Assert(t, result.Agreement != "I agreed", "Agreement shouldn't be set with invalid URL")
 
+	id := result.ID
 	result2, err := ra.UpdateRegistration(result, core.Registration{
 		ID:  33,
 		Key: ShortKey,
 	})
 	test.AssertNotError(t, err, "Could not update registration")
-	test.Assert(t, result2.ID != 33, "ID shouldn't be overwritten.")
+	test.Assert(t, result2.ID != 33, fmt.Sprintf("ID shouldn't be overwritten. expected %d, got %d", id, result2.ID))
 	test.Assert(t, !core.KeyDigestEquals(result2.Key, ShortKey), "Key shouldn't be overwritten")
 }
 
 func TestNewRegistrationBadKey(t *testing.T) {
-	_, _, _, ra := initAuthorities(t)
+	_, _, _, ra, cleanUp := initAuthorities(t)
+	defer cleanUp()
 	mailto, _ := core.ParseAcmeURL("mailto:foo@letsencrypt.org")
 	input := core.Registration{
 		Contact: []*core.AcmeURL{mailto},
@@ -326,8 +399,8 @@ func TestNewRegistrationBadKey(t *testing.T) {
 }
 
 func TestNewAuthorization(t *testing.T) {
-	_, _, sa, ra := initAuthorities(t)
+	_, _, sa, ra, cleanUp := initAuthorities(t)
-
+	defer cleanUp()
 	_, err := ra.NewAuthorization(AuthzRequest, 0)
 	test.AssertError(t, err, "Authorization cannot have registrationID == 0")
 
@@ -354,7 +427,8 @@ func TestNewAuthorization(t *testing.T) {
 }
 
 func TestUpdateAuthorization(t *testing.T) {
-	_, va, sa, ra := initAuthorities(t)
+	_, va, sa, ra, cleanUp := initAuthorities(t)
+	defer cleanUp()
 	AuthzInitial, _ = sa.NewPendingAuthorization(AuthzInitial)
 	sa.UpdatePendingAuthorization(AuthzInitial)
 
@@ -377,7 +451,8 @@ func TestUpdateAuthorization(t *testing.T) {
 }
 
 func TestOnValidationUpdate(t *testing.T) {
-	_, _, sa, ra := initAuthorities(t)
+	_, _, sa, ra, cleanUp := initAuthorities(t)
+	defer cleanUp()
 	AuthzUpdated, _ = sa.NewPendingAuthorization(AuthzUpdated)
 	sa.UpdatePendingAuthorization(AuthzUpdated)
 
@@ -399,7 +474,8 @@ func TestOnValidationUpdate(t *testing.T) {
 }
 
 func TestCertificateKeyNotEqualAccountKey(t *testing.T) {
-	_, _, sa, ra := initAuthorities(t)
+	_, _, sa, ra, cleanUp := initAuthorities(t)
+	defer cleanUp()
 	authz := core.Authorization{}
 	authz, _ = sa.NewPendingAuthorization(authz)
 	authz.Identifier = core.AcmeIdentifier{
@@ -430,7 +506,8 @@ func TestCertificateKeyNotEqualAccountKey(t *testing.T) {
 }
 
 func TestAuthorizationRequired(t *testing.T) {
-	_, _, sa, ra := initAuthorities(t)
+	_, _, sa, ra, cleanUp := initAuthorities(t)
+	defer cleanUp()
 	AuthzFinal.RegistrationID = 1
 	AuthzFinal, _ = sa.NewPendingAuthorization(AuthzFinal)
 	sa.UpdatePendingAuthorization(AuthzFinal)
@@ -449,7 +526,8 @@ func TestAuthorizationRequired(t *testing.T) {
 }
 
 func TestNewCertificate(t *testing.T) {
-	_, _, sa, ra := initAuthorities(t)
+	_, _, sa, ra, cleanUp := initAuthorities(t)
+	defer cleanUp()
 	AuthzFinal.RegistrationID = 1
 	AuthzFinal, _ = sa.NewPendingAuthorization(AuthzFinal)
 	sa.UpdatePendingAuthorization(AuthzFinal)

sa/database.go

@@ -11,39 +11,29 @@ import (
 	"net/url"
 	"strings"
 
-	// Load both drivers to allow configuring either
 	_ "github.com/letsencrypt/boulder/Godeps/_workspace/src/github.com/go-sql-driver/mysql"
-	_ "github.com/letsencrypt/boulder/Godeps/_workspace/src/github.com/mattn/go-sqlite3"
-
 	gorp "github.com/letsencrypt/boulder/Godeps/_workspace/src/gopkg.in/gorp.v1"
-
 	"github.com/letsencrypt/boulder/core"
 	blog "github.com/letsencrypt/boulder/log"
 )
 
-var dialectMap = map[string]interface{}{
-	"sqlite3":  gorp.SqliteDialect{},
-	"mysql":    gorp.MySQLDialect{Engine: "InnoDB", Encoding: "UTF8"},
-	"postgres": gorp.PostgresDialect{},
-}
-
 // NewDbMap creates the root gorp mapping object. Create one of these for each
 // database schema you wish to map. Each DbMap contains a list of mapped tables.
 // It automatically maps the tables for the primary parts of Boulder around the
 // Storage Authority. This may require some further work when we use a disjoint
 // schema, like that for `certificate-authority-data.go`.
-func NewDbMap(driver string, dbConnect string) (*gorp.DbMap, error) {
+func NewDbMap(dbConnect string) (*gorp.DbMap, error) {
 	logger := blog.GetAuditLogger()
 
-	if driver == "mysql" {
 	var err error
 	dbConnect, err = recombineURLForDB(dbConnect)
 	if err != nil {
 		return nil, err
 	}
-	}
 
-	db, err := sql.Open(driver, dbConnect)
+	logger.Debug("Connecting to database")
+
+	db, err := sql.Open("mysql", dbConnect)
 	if err != nil {
 		return nil, err
 	}
@@ -51,20 +41,13 @@ func NewDbMap(driver string, dbConnect string) (*gorp.DbMap, error) {
 		return nil, err
 	}
 
-	logger.Debug("Connecting to database")
+	dialect := gorp.MySQLDialect{Engine: "InnoDB", Encoding: "UTF8"}
-
-	dialect, ok := dialectMap[driver].(gorp.Dialect)
-	if !ok {
-		err = fmt.Errorf("Couldn't find dialect for %s", driver)
-		return nil, err
-	}
-
-	logger.Info("Connected to database")
-
 	dbmap := &gorp.DbMap{Db: db, Dialect: dialect, TypeConverter: BoulderTypeConverter{}}
 
 	initTables(dbmap)
 
+	logger.Debug("Connected to database")
+
 	return dbmap, err
 }
 
@@ -98,6 +81,10 @@ func recombineURLForDB(dbConnect string) (string, error) {
 
 	dsnVals.Set("parseTime", "true")
 
+	// Required to make UPDATE return the number of rows matched,
+	// instead of the number of rows changed by the UPDATE.
+	dsnVals.Set("clientFoundRows", "true")
+
 	user := dbURL.User.Username()
 	passwd, hasPass := dbURL.User.Password()
 	dbConn := ""

sa/database_test.go

@@ -11,27 +11,7 @@ import (
 	"github.com/letsencrypt/boulder/test"
 )
 
-func TestNewDbMap(t *testing.T) {
-	_, err := NewDbMap("", "")
-	test.AssertError(t, err, "Nil not permitted.")
-
-	_, err = NewDbMap("sqlite3", "/not/a/file")
-	test.AssertError(t, err, "Shouldn't have found a DB.")
-
-	_, err = NewDbMap("sqlite3", ":memory:")
-	test.AssertNotError(t, err, "Should have constructed a DB.")
-}
-
-func TestForgottenDialect(t *testing.T) {
-	bkup := dialectMap["sqlite3"]
-	dialectMap["sqlite3"] = ""
-	defer func() { dialectMap["sqlite3"] = bkup }()
-
-	_, err := NewDbMap("sqlite3", ":memory:")
-	test.AssertError(t, err, "Shouldn't have found the dialect")
-}
-
 func TestInvalidDSN(t *testing.T) {
-	_, err := NewDbMap("mysql", "invalid")
+	_, err := NewDbMap("invalid")
 	test.AssertError(t, err, "DB connect string missing the slash separating the database name")
 }

sa/storage-authority.go

@@ -47,15 +47,12 @@ type authzModel struct {
 	Sequence int64 `db:"sequence"`
 }
 
-// NewSQLStorageAuthority provides persistence using a SQL backend for Boulder.
+// NewSQLStorageAuthority provides persistence using a SQL backend for
-func NewSQLStorageAuthority(driver string, dbConnect string) (*SQLStorageAuthority, error) {
+// Boulder. It will modify the given gorp.DbMap by adding relevent tables.
+func NewSQLStorageAuthority(dbMap *gorp.DbMap) (*SQLStorageAuthority, error) {
 	logger := blog.GetAuditLogger()
-	logger.Notice("Storage Authority Starting")
 
-	dbMap, err := NewDbMap(driver, dbConnect)
+	logger.Notice("Storage Authority Starting")
-	if err != nil {
-		return nil, err
-	}
 
 	ssa := &SQLStorageAuthority{
 		dbMap: dbMap,

sa/storage-authority_test.go

@@ -17,7 +17,6 @@ import (
 	"time"
 
 	jose "github.com/letsencrypt/boulder/Godeps/_workspace/src/github.com/letsencrypt/go-jose"
-	_ "github.com/letsencrypt/boulder/Godeps/_workspace/src/github.com/mattn/go-sqlite3"
 	"github.com/letsencrypt/boulder/core"
 	"github.com/letsencrypt/boulder/mocks"
 	"github.com/letsencrypt/boulder/test"
@@ -25,15 +24,33 @@ import (
 
 var log = mocks.UseMockLog()
 
-func initSA(t *testing.T) *SQLStorageAuthority {
+// TODO(jmhodges): change this to boulder_sa_test database
-	sa, err := NewSQLStorageAuthority("sqlite3", ":memory:")
+var dbConnStr = "mysql+tcp://boulder@localhost:3306/boulder_test"
+
+// initSA constructs a SQLStorageAuthority and a clean up function
+// that should be defer'ed to the end of the test.
+func initSA(t *testing.T) (*SQLStorageAuthority, func()) {
+	dbMap, err := NewDbMap(dbConnStr)
 	if err != nil {
-		t.Fatalf("Failed to create SA")
+		t.Fatalf("Failed to create dbMap: %s", err)
+	}
+
+	sa, err := NewSQLStorageAuthority(dbMap)
+	if err != nil {
+		t.Fatalf("Failed to create SA: %s", err)
 	}
 	if err = sa.CreateTablesIfNotExists(); err != nil {
-		t.Fatalf("Failed to create SA")
+		t.Fatalf("Failed to create tables: %s", err)
+	}
+	if err = sa.dbMap.TruncateTables(); err != nil {
+		t.Fatalf("Failed to truncate tables: %s", err)
+	}
+	return sa, func() {
+		if err = sa.dbMap.TruncateTables(); err != nil {
+			t.Fatalf("Failed to truncate tables after the test: %s", err)
+		}
+		sa.dbMap.Db.Close()
 	}
-	return sa
 }
 
 var (
@@ -50,7 +67,8 @@ var (
 )
 
 func TestAddRegistration(t *testing.T) {
-	sa := initSA(t)
+	sa, cleanUp := initSA(t)
+	defer cleanUp()
 
 	var jwk jose.JsonWebKey
 	err := json.Unmarshal([]byte(theKey), &jwk)
@@ -106,7 +124,8 @@ func TestAddRegistration(t *testing.T) {
 }
 
 func TestNoSuchRegistrationErrors(t *testing.T) {
-	sa := initSA(t)
+	sa, cleanUp := initSA(t)
+	defer cleanUp()
 
 	_, err := sa.GetRegistration(100)
 	if _, ok := err.(NoSuchRegistrationError); !ok {
@@ -128,7 +147,8 @@ func TestNoSuchRegistrationErrors(t *testing.T) {
 }
 
 func TestAddAuthorization(t *testing.T) {
-	sa := initSA(t)
+	sa, cleanUp := initSA(t)
+	defer cleanUp()
 
 	PA := core.Authorization{}
 
@@ -200,7 +220,8 @@ func CreateDomainAuth(t *testing.T, domainName string, sa *SQLStorageAuthority)
 
 // Ensure we get only valid authorization with correct RegID
 func TestGetLatestValidAuthorizationBasic(t *testing.T) {
-	sa := initSA(t)
+	sa, cleanUp := initSA(t)
+	defer cleanUp()
 
 	// attempt to get unauthorized domain
 	authz, err := sa.GetLatestValidAuthorization(0, core.AcmeIdentifier{Type: core.IdentifierDNS, Value: "example.org"})
@@ -229,7 +250,9 @@ func TestGetLatestValidAuthorizationBasic(t *testing.T) {
 
 // Ensure we get the latest valid authorization for an ident
 func TestGetLatestValidAuthorizationMultiple(t *testing.T) {
-	sa := initSA(t)
+	sa, cleanUp := initSA(t)
+	defer cleanUp()
+
 	domain := "example.org"
 	ident := core.AcmeIdentifier{Type: core.IdentifierDNS, Value: domain}
 	regID := int64(42)
@@ -282,7 +305,8 @@ func TestGetLatestValidAuthorizationMultiple(t *testing.T) {
 }
 
 func TestAddCertificate(t *testing.T) {
-	sa := initSA(t)
+	sa, cleanUp := initSA(t)
+	defer cleanUp()
 
 	// An example cert taken from EFF's website
 	certDER, err := ioutil.ReadFile("www.eff.org.der")
@@ -334,7 +358,8 @@ func TestAddCertificate(t *testing.T) {
 // TestGetCertificateByShortSerial tests some failure conditions for GetCertificate.
 // Success conditions are tested above in TestAddCertificate.
 func TestGetCertificateByShortSerial(t *testing.T) {
-	sa := initSA(t)
+	sa, cleanUp := initSA(t)
+	defer cleanUp()
 
 	_, err := sa.GetCertificateByShortSerial("")
 	test.AssertError(t, err, "Should've failed on empty serial")
@@ -352,14 +377,17 @@ func TestDeniedCSR(t *testing.T) {
 	csrBytes, _ := x509.CreateCertificateRequest(rand.Reader, template, key)
 	csr, _ := x509.ParseCertificateRequest(csrBytes)
 
-	sa := initSA(t)
+	sa, cleanUp := initSA(t)
+	defer cleanUp()
+
 	exists, err := sa.AlreadyDeniedCSR(append(csr.DNSNames, csr.Subject.CommonName))
 	test.AssertNotError(t, err, "AlreadyDeniedCSR failed")
 	test.Assert(t, !exists, "Found non-existent CSR")
 }
 
 func TestUpdateOCSP(t *testing.T) {
-	sa := initSA(t)
+	sa, cleanUp := initSA(t)
+	defer cleanUp()
 
 	// Add a cert to the DB to test with.
 	certDER, err := ioutil.ReadFile("www.eff.org.der")

test.sh

@@ -7,20 +7,7 @@ fi
 
 FAILURE=0
 
-TESTDIRS="analysis \
+TESTPATHS=$(go list -f '{{ .ImportPath }}' ./...)
-          ca \
-          core \
-          log \
-          policy \
-          ra \
-          rpc \
-          sa \
-          test \
-          va \
-          wfe \
-          cmd/expiration-mailer"
-          # cmd
-          # Godeps
 
 # We need to know, for github-pr-status, what the triggering commit is.
 # Assume first it's the travis commit (for builds of master), unless we're
@@ -117,8 +104,9 @@ function build_letsencrypt() {
 function run_unit_tests() {
   if [ "${TRAVIS}" == "true" ]; then
     # Run each test by itself for Travis, so we can get coverage
-    for dir in ${TESTDIRS}; do
+    for path in ${TESTPATHS}; do
-      run go test -race -cover -coverprofile=${dir}.coverprofile ./${dir}/
+      dir=$(basename $path)
+      run go test -race -cover -coverprofile=${dir}.coverprofile ${path}
     done
 
     # Gather all the coverprofiles
@@ -180,14 +168,15 @@ check_gofmt() {
 run_and_comment check_gofmt
 end_context #test/gofmt
 
+if [ "${TRAVIS}" == "true" ]; then
+  ./test/create_db.sh || die "unable to create the boulder database with test/create_db.sh"
+fi
+
 #
 # Unit Tests. These do not receive a context or status updates,
 # as they are reflected in our eventual exit code.
 #
 
-# Ensure SQLite is installed so we don't recompile it each time
-go install ./Godeps/_workspace/src/github.com/mattn/go-sqlite3
-
 if  [ "${SKIP_UNIT_TESTS}" == "1" ]; then
   echo "Skipping unit tests."
 else
@@ -208,10 +197,6 @@ if [ "${SKIP_INTEGRATION_TESTS}" = "1" ]; then
   exit ${FAILURE}
 fi
 
-if [ "${TRAVIS}" == "true" ]; then
-  ./test/create_db.sh || die "unable to create the boulder database with test/create_db.sh"
-fi
-
 #
 # Integration tests
 #

test/boulder-config.json

@@ -48,7 +48,6 @@
   "ca": {
     "serialPrefix": 255,
     "profile": "ee",
-    "dbDriver": "mysql",
     "dbConnect": "mysql+tcp://boulder@localhost:3306/boulder_test",
     "debugAddr": "localhost:8001",
     "testMode": true,
@@ -120,7 +119,6 @@
   },
 
   "sa": {
-    "dbDriver": "mysql",
     "dbConnect": "mysql+tcp://boulder@localhost:3306/boulder_test",
     "debugAddr": "localhost:8003"
   },
@@ -136,12 +134,10 @@
   },
 
   "revoker": {
-    "dbDriver": "mysql",
     "dbConnect": "mysql+tcp://boulder@localhost:3306/boulder_test"
   },
 
   "ocspResponder": {
-    "dbDriver": "mysql",
     "dbConnect": "mysql+tcp://boulder@localhost:3306/boulder_test",
     "path": "/",
     "listenAddress": "localhost:4001",
@@ -149,7 +145,6 @@
   },
 
   "ocspUpdater": {
-    "dbDriver": "mysql",
     "dbConnect": "mysql+tcp://boulder@localhost:3306/boulder_test",
     "minTimeToExpiry": "72h",
     "debugAddr": "localhost:8006"
@@ -164,7 +159,6 @@
     "port": "25",
     "username": "cert-master@example.com",
     "password": "password",
-    "dbDriver": "mysql",
     "dbConnect": "mysql+tcp://boulder@localhost:3306/boulder_test",
     "messageLimit": 0,
     "nagTimes": ["24h", "72h", "168h", "336h"],

test/boulder-pkcs11-example-config.json

@@ -42,8 +42,7 @@
   "ca": {
     "serialPrefix": 255,
     "profile": "ee",
-    "dbDriver": "sqlite3",
+    "dbConnect": "mysql+tcp://boulder@localhost:3306/boulder_test",
-    "dbConnect": ":memory:",
     "debugAddr": "localhost:8001",
     "testMode": true,
     "_comment": "This should only be present in testMode. In prod use an HSM.",
@@ -105,8 +104,7 @@
   },
 
   "sa": {
-    "dbDriver": "sqlite3",
+    "dbConnect": "mysql+tcp://boulder@localhost:3306/boulder_test",
-    "dbConnect": ":memory:",
     "debugAddr": "localhost:8003"
   },
 
@@ -121,21 +119,18 @@
   },
 
   "revoker": {
-    "dbDriver": "sqlite3",
+    "dbConnect": "mysql+tcp://boulder@localhost:3306/boulder_test"
-    "dbConnect": ":memory:"
   },
 
   "ocspResponder": {
-    "dbDriver": "sqlite3",
+    "dbConnect": "mysql+tcp://boulder@localhost:3306/boulder_test",
-    "dbConnect": ":memory:",
     "debugAddr": "localhost:8004",
     "path": "/",
     "listenAddress": "localhost:4001"
   },
 
   "ocspUpdater": {
-    "dbDriver": "sqlite3",
+    "dbConnect": "mysql+tcp://boulder@localhost:3306/boulder_test",
-    "dbConnect": ":memory:",
     "debugAddr": "localhost:8005",
     "minTimeToExpiry": "72h"
   },
@@ -149,8 +144,7 @@
     "port": "25",
     "username": "cert-master@example.com",
     "password": "password",
-    "dbDriver": "sqlite3",
+    "dbConnect": "mysql+tcp://boulder@localhost:3306/boulder_test",
-    "dbConnect": ":memory:",
     "messageLimit": 0,
     "nagTimes": ["24h", "72h", "168h", "336h"],
     "emailTemplate": "test/example-expiration-template",

wfe/web-front-end_test.go

@@ -128,6 +128,8 @@ wk6Oiadty3eQqSBJv0HnpmiEdQVffIK5Pg4M8Dd+aOBnEkbopAJOuA==
 		"d616e2d6578616d706c652e636f6d300b06092a864886f70d01010b0341008cf8" +
 		"f349efa6d2fadbaf8ed9ba67e5a9b98c3d5a13c06297c4cf36dc76f494e8887e3" +
 		"5dd9c885526136d810fc7640f5ba56281e2b75fa3ff7c91a7d23bab7fd4"
+
+	dbConnStr = "mysql+tcp://boulder@localhost:3306/boulder_test"
 )
 
 type MockSA struct {
@@ -514,8 +516,7 @@ func TestIssueCertificate(t *testing.T) {
 
 	// TODO: Use a mock RA so we can test various conditions of authorized, not authorized, etc.
 	common := cmd.PAConfig{
-		DBDriver:  "sqlite3",
+		DBConnect: dbConnStr,
-		DBConnect: ":memory:",
 	}
 	ra, _ := ra.NewRegistrationAuthorityImpl(common)
 	ra.SA = &MockSA{}