letsencrypt
/
boulder
mirror of https://github.com/letsencrypt/boulder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

va: log account ID in multi VA differential JSON. (#4521) 

This will reduce the amount of analysis time required to identify
large integrators that aren't compatible with multi VA.
This commit is contained in:
Daniel McCarney 2019-10-31 13:12:28 -04:00 committed by GitHub
parent e5eb8f8736
commit 7b60b57c33
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 27 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
va/va.go
View File

@ -443,6 +443,7 @@ func (va *ValidationAuthorityImpl) performRemoteValidation(
// remote VAs but is more performant. // remote VAs but is more performant.
func (va *ValidationAuthorityImpl) processRemoteResults( func (va *ValidationAuthorityImpl) processRemoteResults(
domain string, domain string,
acctID int64,
challengeType string, challengeType string,
primaryResult *probs.ProblemDetails, primaryResult *probs.ProblemDetails,
remoteResultsChan chan *remoteValidationResult, remoteResultsChan chan *remoteValidationResult,
@ -503,7 +504,12 @@ func (va *ValidationAuthorityImpl) processRemoteResults(
// If we are using `features.MultiVAFullResults` then we haven't returned // If we are using `features.MultiVAFullResults` then we haven't returned
// early and can now log the differential between what the primary VA saw and // early and can now log the differential between what the primary VA saw and
// what all of the remote VAs saw. // what all of the remote VAs saw.
va.logRemoteValidationDifferentials(domain, challengeType, primaryResult, remoteResults) va.logRemoteValidationDifferentials(
domain,
acctID,
challengeType,
primaryResult,
remoteResults)
// Based on the threshold of good/bad return nil or a problem. // Based on the threshold of good/bad return nil or a problem.
if good >= required { if good >= required {
@ -523,6 +529,7 @@ func (va *ValidationAuthorityImpl) processRemoteResults(
// that contains the primary VA result and the results each remote VA returned. // that contains the primary VA result and the results each remote VA returned.
func (va *ValidationAuthorityImpl) logRemoteValidationDifferentials( func (va *ValidationAuthorityImpl) logRemoteValidationDifferentials(
domain string, domain string,
acctID int64,
challengeType string, challengeType string,
primaryResult *probs.ProblemDetails, primaryResult *probs.ProblemDetails,
remoteResults []*remoteValidationResult) { remoteResults []*remoteValidationResult) {
@ -556,12 +563,14 @@ func (va *ValidationAuthorityImpl) logRemoteValidationDifferentials(
logOb := struct { logOb := struct {
Domain string Domain string
AccountID int64
ChallengeType string ChallengeType string
PrimaryResult *probs.ProblemDetails PrimaryResult *probs.ProblemDetails
RemoteSuccesses int RemoteSuccesses int
RemoteFailures []*remoteValidationResult RemoteFailures []*remoteValidationResult
}{ }{
Domain: domain, Domain: domain,
AccountID: acctID,
ChallengeType: challengeType, ChallengeType: challengeType,
PrimaryResult: primaryResult, PrimaryResult: primaryResult,
RemoteSuccesses: len(successes), RemoteSuccesses: len(successes),
@ -624,14 +633,26 @@ func (va *ValidationAuthorityImpl) PerformValidation(ctx context.Context, domain
// differentials then collect and log the remote results in a separate go // differentials then collect and log the remote results in a separate go
// routine to avoid blocking the primary VA. // routine to avoid blocking the primary VA.
go func() { go func() {
_ = va.processRemoteResults(domain, string(challenge.Type), prob, remoteResults, len(va.remoteVAs)) _ = va.processRemoteResults(
domain,
authz.RegistrationID,
string(challenge.Type),
prob,
remoteResults,
len(va.remoteVAs))
}() }()
// Since prob was nil and we're not enforcing the results from // Since prob was nil and we're not enforcing the results from
// `processRemoteResults` set the challenge status to valid so the // `processRemoteResults` set the challenge status to valid so the
// validationTime metrics increment has the correct result label. // validationTime metrics increment has the correct result label.
challenge.Status = core.StatusValid challenge.Status = core.StatusValid
} else if features.Enabled(features.EnforceMultiVA) { } else if features.Enabled(features.EnforceMultiVA) {
remoteProb := va.processRemoteResults(domain, string(challenge.Type), prob, remoteResults, len(va.remoteVAs)) remoteProb := va.processRemoteResults(
domain,
authz.RegistrationID,
string(challenge.Type),
prob,
remoteResults,
len(va.remoteVAs))
// We consider the multi VA result skippable even though we are enforcing // We consider the multi VA result skippable even though we are enforcing
// multi VA if the domain or the account has multi-VA disabled by policy. // multi VA if the domain or the account has multi-VA disabled by policy.

6
va/va_test.go
View File

@ -739,7 +739,7 @@ func TestLogRemoteValidationDifferentials(t *testing.T) {
&remoteValidationResult{Problem: nil, VAHostname: "remoteB"}, &remoteValidationResult{Problem: nil, VAHostname: "remoteB"},
&remoteValidationResult{Problem: egProbB, VAHostname: "remoteC"}, &remoteValidationResult{Problem: egProbB, VAHostname: "remoteC"},
}, },
expectedLog: `INFO: remoteVADifferentials JSON={"Domain":"example.com","ChallengeType":"blorpus-01","PrimaryResult":null,"RemoteSuccesses":1,"RemoteFailures":[{"VAHostname":"remoteA","Problem":{"type":"dns","detail":"root DNS servers closed at 4:30pm","status":400}},{"VAHostname":"remoteC","Problem":{"type":"orderNotReady","detail":"please take a number","status":403}}]}`, expectedLog: `INFO: remoteVADifferentials JSON={"Domain":"example.com","AccountID":1999,"ChallengeType":"blorpus-01","PrimaryResult":null,"RemoteSuccesses":1,"RemoteFailures":[{"VAHostname":"remoteA","Problem":{"type":"dns","detail":"root DNS servers closed at 4:30pm","status":400}},{"VAHostname":"remoteC","Problem":{"type":"orderNotReady","detail":"please take a number","status":403}}]}`,
}, },
{ {
name: "remote and primary differ (primary not nil)", name: "remote and primary differ (primary not nil)",
@ -749,7 +749,7 @@ func TestLogRemoteValidationDifferentials(t *testing.T) {
&remoteValidationResult{Problem: egProbB, VAHostname: "remoteB"}, &remoteValidationResult{Problem: egProbB, VAHostname: "remoteB"},
&remoteValidationResult{Problem: nil, VAHostname: "remoteC"}, &remoteValidationResult{Problem: nil, VAHostname: "remoteC"},
}, },
expectedLog: `INFO: remoteVADifferentials JSON={"Domain":"example.com","ChallengeType":"blorpus-01","PrimaryResult":{"type":"dns","detail":"root DNS servers closed at 4:30pm","status":400},"RemoteSuccesses":2,"RemoteFailures":[{"VAHostname":"remoteB","Problem":{"type":"orderNotReady","detail":"please take a number","status":403}}]}`, expectedLog: `INFO: remoteVADifferentials JSON={"Domain":"example.com","AccountID":1999,"ChallengeType":"blorpus-01","PrimaryResult":{"type":"dns","detail":"root DNS servers closed at 4:30pm","status":400},"RemoteSuccesses":2,"RemoteFailures":[{"VAHostname":"remoteB","Problem":{"type":"orderNotReady","detail":"please take a number","status":403}}]}`,
}, },
} }
@ -758,7 +758,7 @@ func TestLogRemoteValidationDifferentials(t *testing.T) {
mockLog.Clear() mockLog.Clear()
localVA.logRemoteValidationDifferentials( localVA.logRemoteValidationDifferentials(
"example.com", "blorpus-01", tc.primaryResult, tc.remoteProbs) "example.com", 1999, "blorpus-01", tc.primaryResult, tc.remoteProbs)
lines := mockLog.GetAllMatching("remoteVADifferentials JSON=.*") lines := mockLog.GetAllMatching("remoteVADifferentials JSON=.*")
if tc.expectedLog != "" { if tc.expectedLog != "" {