letsencrypt
/
boulder
mirror of https://github.com/letsencrypt/boulder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Deprecate cert-checker CLI flags (#5511) 

Throw away the result of parsing various command-line flags in
cert-checker. Leave the flags themselves in place to avoid breaking
any scripts which pass them, but only respect the values provided by
the config file.

Part of #5489
This commit is contained in:
Aaron Gable 2021-08-16 10:12:27 -07:00 committed by GitHub
parent f71a17add4
commit 8a70bff2b4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 11 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
cmd/cert-checker/main.go
View File

@ -332,11 +332,13 @@ type config struct {
func main() {
configFile := flag.String("config", "", "File path to the configuration file for this service")
workers := flag.Int("workers", runtime.NumCPU(), "The number of concurrent workers used to process certificates")
badResultsOnly := flag.Bool("bad-results-only", false, "Only collect and display bad results")
connect := flag.String("db-connect", "", "SQL URI if not provided in the configuration file")
cp := flag.Duration("check-period", time.Hour*2160, "How far back to check")
unexpiredOnly := flag.Bool("unexpired-only", false, "Only check currently unexpired certificates")
// TODO(#5489): Remove these deprecated flags.
_ = flag.Int("workers", runtime.NumCPU(), "The number of concurrent workers used to process certificates")
_ = flag.Bool("bad-results-only", false, "Only collect and display bad results")
_ = flag.String("db-connect", "", "SQL URI if not provided in the configuration file")
_ = flag.Duration("check-period", time.Hour*2160, "How far back to check")
_ = flag.Bool("unexpired-only", false, "Only check currently unexpired certificates")
flag.Parse()
if *configFile == "" {
@ -358,16 +360,6 @@ func main() {
err = blog.Set(logger)
cmd.FailOnError(err, "Failed to set audit logger")
if *connect != "" {
config.CertChecker.DB.DBConnect = *connect
}
if *workers != 0 {
config.CertChecker.Workers = *workers
}
config.CertChecker.UnexpiredOnly = *unexpiredOnly
config.CertChecker.BadResultsOnly = *badResultsOnly
config.CertChecker.CheckPeriod.Duration = *cp
avps := make(map[uint]bool)
if len(config.CertChecker.AcceptableValidityPeriods) == 0 {
// For backwards compatibility, assume only a single valid validity period

4
test/config/cert-checker.json
View File

@ -5,6 +5,10 @@
"maxOpenConns": 10
},
"hostnamePolicyFile": "test/hostname-policy.yaml",
"workers": 16,
"unexpiredOnly": true,
"badResultsOnly": true,
"checkPeriod": "72h",
"acceptableValidityPeriods": [7775999, 7776000],
"ignoredLints": [
"n_subject_common_name_included"