From aae4175186b810dfa3c177b1ac500b751d6356db Mon Sep 17 00:00:00 2001 From: Phil Porada Date: Mon, 23 Jan 2023 20:56:15 -0500 Subject: [PATCH] Remove deprecated feature flags (#6566) Remove deprecated feature flags. Fixes #6559 --- features/featureflag_string.go | 50 +++++------------- features/features.go | 70 +++++-------------------- goodkey/good_key_test.go | 7 +-- test/config-next/expiration-mailer.json | 3 +- test/config-next/ra.json | 1 - test/config-next/wfe2.json | 2 +- test/config/ca-a.json | 4 +- test/config/ca-b.json | 4 +- test/config/ra.json | 8 +-- test/config/sa.json | 5 +- test/config/wfe2.json | 5 +- 11 files changed, 35 insertions(+), 124 deletions(-) diff --git a/features/featureflag_string.go b/features/featureflag_string.go index a5e470d44..8790bbe43 100644 --- a/features/featureflag_string.go +++ b/features/featureflag_string.go @@ -9,45 +9,23 @@ func _() { // Re-run the stringer command to generate them again. var x [1]struct{} _ = x[unused-0] - _ = x[PrecertificateRevocation-1] - _ = x[StripDefaultSchemePort-2] - _ = x[NonCFSSLSigner-3] - _ = x[StoreIssuerInfo-4] - _ = x[StreamlineOrderAndAuthzs-5] - _ = x[V1DisableNewValidations-6] - _ = x[ExpirationMailerDontLookTwice-7] - _ = x[OldTLSInbound-8] - _ = x[OldTLSOutbound-9] - _ = x[ROCSPStage1-10] - _ = x[ROCSPStage2-11] - _ = x[ROCSPStage3-12] - _ = x[GetAuthzReadOnly-13] - _ = x[GetAuthzUseIndex-14] - _ = x[CheckFailedAuthorizationsFirst-15] - _ = x[FasterNewOrdersRateLimit-16] - _ = x[AllowV1Registration-17] - _ = x[RestrictRSAKeySizes-18] - _ = x[AllowReRevocation-19] - _ = x[MozRevocationReasons-20] - _ = x[SHA1CSRs-21] - _ = x[RejectDuplicateCSRExtensions-22] - _ = x[StoreRevokerInfo-23] - _ = x[CAAValidationMethods-24] - _ = x[CAAAccountURI-25] - _ = x[EnforceMultiVA-26] - _ = x[MultiVAFullResults-27] - _ = x[MandatoryPOSTAsGET-28] - _ = x[ECDSAForAll-29] - _ = x[ServeRenewalInfo-30] - _ = x[AllowUnrecognizedFeatures-31] - _ = x[ROCSPStage6-32] - _ = x[ROCSPStage7-33] - _ = x[ExpirationMailerUsesJoin-34] + _ = x[StoreRevokerInfo-1] + _ = x[CAAValidationMethods-2] + _ = x[CAAAccountURI-3] + _ = x[EnforceMultiVA-4] + _ = x[MultiVAFullResults-5] + _ = x[MandatoryPOSTAsGET-6] + _ = x[ECDSAForAll-7] + _ = x[ServeRenewalInfo-8] + _ = x[AllowUnrecognizedFeatures-9] + _ = x[ROCSPStage6-10] + _ = x[ROCSPStage7-11] + _ = x[ExpirationMailerUsesJoin-12] } -const _FeatureFlag_name = "unusedPrecertificateRevocationStripDefaultSchemePortNonCFSSLSignerStoreIssuerInfoStreamlineOrderAndAuthzsV1DisableNewValidationsExpirationMailerDontLookTwiceOldTLSInboundOldTLSOutboundROCSPStage1ROCSPStage2ROCSPStage3GetAuthzReadOnlyGetAuthzUseIndexCheckFailedAuthorizationsFirstFasterNewOrdersRateLimitAllowV1RegistrationRestrictRSAKeySizesAllowReRevocationMozRevocationReasonsSHA1CSRsRejectDuplicateCSRExtensionsStoreRevokerInfoCAAValidationMethodsCAAAccountURIEnforceMultiVAMultiVAFullResultsMandatoryPOSTAsGETECDSAForAllServeRenewalInfoAllowUnrecognizedFeaturesROCSPStage6ROCSPStage7ExpirationMailerUsesJoin" +const _FeatureFlag_name = "unusedStoreRevokerInfoCAAValidationMethodsCAAAccountURIEnforceMultiVAMultiVAFullResultsMandatoryPOSTAsGETECDSAForAllServeRenewalInfoAllowUnrecognizedFeaturesROCSPStage6ROCSPStage7ExpirationMailerUsesJoin" -var _FeatureFlag_index = [...]uint16{0, 6, 30, 52, 66, 81, 105, 128, 157, 170, 184, 195, 206, 217, 233, 249, 279, 303, 322, 341, 358, 378, 386, 414, 430, 450, 463, 477, 495, 513, 524, 540, 565, 576, 587, 611} +var _FeatureFlag_index = [...]uint8{0, 6, 22, 42, 55, 69, 87, 105, 116, 132, 157, 168, 179, 203} func (i FeatureFlag) String() string { if i < 0 || i >= FeatureFlag(len(_FeatureFlag_index)-1) { diff --git a/features/features.go b/features/features.go index eba0479bc..bc9201a8a 100644 --- a/features/features.go +++ b/features/features.go @@ -13,28 +13,6 @@ type FeatureFlag int const ( unused FeatureFlag = iota // unused is used for testing // Deprecated features, these can be removed once stripped from production configs - PrecertificateRevocation - StripDefaultSchemePort - NonCFSSLSigner - StoreIssuerInfo - StreamlineOrderAndAuthzs - V1DisableNewValidations - ExpirationMailerDontLookTwice - OldTLSInbound - OldTLSOutbound - ROCSPStage1 - ROCSPStage2 - ROCSPStage3 - GetAuthzReadOnly - GetAuthzUseIndex - CheckFailedAuthorizationsFirst - FasterNewOrdersRateLimit - AllowV1Registration - RestrictRSAKeySizes - AllowReRevocation - MozRevocationReasons - SHA1CSRs - RejectDuplicateCSRExtensions StoreRevokerInfo // Currently in-use features @@ -79,41 +57,19 @@ const ( // List of features and their default value, protected by fMu var features = map[FeatureFlag]bool{ - unused: false, - CAAValidationMethods: false, - CAAAccountURI: false, - EnforceMultiVA: false, - MultiVAFullResults: false, - MandatoryPOSTAsGET: false, - AllowV1Registration: true, - V1DisableNewValidations: false, - PrecertificateRevocation: false, - StripDefaultSchemePort: false, - StoreIssuerInfo: false, - StoreRevokerInfo: false, - RestrictRSAKeySizes: false, - FasterNewOrdersRateLimit: false, - NonCFSSLSigner: false, - ECDSAForAll: false, - StreamlineOrderAndAuthzs: false, - ServeRenewalInfo: false, - GetAuthzReadOnly: false, - GetAuthzUseIndex: false, - CheckFailedAuthorizationsFirst: false, - AllowReRevocation: false, - MozRevocationReasons: false, - OldTLSOutbound: true, - OldTLSInbound: true, - SHA1CSRs: true, - AllowUnrecognizedFeatures: false, - ExpirationMailerDontLookTwice: false, - RejectDuplicateCSRExtensions: false, - ROCSPStage1: false, - ROCSPStage2: false, - ROCSPStage3: false, - ROCSPStage6: false, - ROCSPStage7: false, - ExpirationMailerUsesJoin: false, + unused: false, + CAAValidationMethods: false, + CAAAccountURI: false, + EnforceMultiVA: false, + MultiVAFullResults: false, + MandatoryPOSTAsGET: false, + StoreRevokerInfo: false, + ECDSAForAll: false, + ServeRenewalInfo: false, + AllowUnrecognizedFeatures: false, + ROCSPStage6: false, + ROCSPStage7: false, + ExpirationMailerUsesJoin: false, } var fMu = new(sync.RWMutex) diff --git a/goodkey/good_key_test.go b/goodkey/good_key_test.go index 0c8c15fce..d490a70a7 100644 --- a/goodkey/good_key_test.go +++ b/goodkey/good_key_test.go @@ -10,7 +10,6 @@ import ( "math/big" "testing" - "github.com/letsencrypt/boulder/features" sapb "github.com/letsencrypt/boulder/sa/proto" "github.com/letsencrypt/boulder/test" "google.golang.org/grpc" @@ -290,12 +289,8 @@ func TestDBBlocklistReject(t *testing.T) { } func TestRSAStrangeSize(t *testing.T) { - err := features.Set(map[string]bool{"RestrictRSAKeySizes": true}) - test.AssertNotError(t, err, "failed to set features") - defer features.Reset() - k := &rsa.PublicKey{N: big.NewInt(10)} - err = testingPolicy.GoodKey(context.Background(), k) + err := testingPolicy.GoodKey(context.Background(), k) test.AssertError(t, err, "expected GoodKey to fail") test.AssertEquals(t, err.Error(), "key size not supported: 4") } diff --git a/test/config-next/expiration-mailer.json b/test/config-next/expiration-mailer.json index 564a073ae..52e271d12 100644 --- a/test/config-next/expiration-mailer.json +++ b/test/config-next/expiration-mailer.json @@ -31,8 +31,7 @@ "SMTPTrustedRootFile": "test/mail-test-srv/minica.pem", "frequency": "1h", "features": { - "ExpirationMailerUsesJoin": true, - "ExpirationMailerDontLookTwice": true + "ExpirationMailerUsesJoin": true } }, diff --git a/test/config-next/ra.json b/test/config-next/ra.json index 96e93eed4..74cd02766 100644 --- a/test/config-next/ra.json +++ b/test/config-next/ra.json @@ -93,7 +93,6 @@ }, "features": { "StoreRevokerInfo": true, - "StreamlineOrderAndAuthzs": true, "ROCSPStage7": true }, "ctLogs": { diff --git a/test/config-next/wfe2.json b/test/config-next/wfe2.json index adfb5cf1d..fe90730d6 100644 --- a/test/config-next/wfe2.json +++ b/test/config-next/wfe2.json @@ -87,7 +87,7 @@ "authorizationLifetimeDays": 30, "pendingAuthorizationLifetimeDays": 7, "features": { - "PrecertificateRevocation": true, + "MandatoryPOSTAsGET": true, "ServeRenewalInfo": true } }, diff --git a/test/config/ca-a.json b/test/config/ca-a.json index 76ef261f3..79a12a1da 100644 --- a/test/config/ca-a.json +++ b/test/config/ca-a.json @@ -140,9 +140,7 @@ "ocspLogMaxLength": 4000, "ocspLogPeriod": "500ms", "ecdsaAllowListFilename": "test/config/ecdsaAllowList.yml", - "features": { - "RejectDuplicateCSRExtensions": true - } + "features": {} }, "pa": { diff --git a/test/config/ca-b.json b/test/config/ca-b.json index cf14941f0..a7e296310 100644 --- a/test/config/ca-b.json +++ b/test/config/ca-b.json @@ -140,9 +140,7 @@ "ocspLogMaxLength": 4000, "ocspLogPeriod": "500ms", "ecdsaAllowListFilename": "test/config/ecdsaAllowList.yml", - "features": { - "RejectDuplicateCSRExtensions": true - } + "features": {} }, "pa": { diff --git a/test/config/ra.json b/test/config/ra.json index af4674ffb..358c3e241 100644 --- a/test/config/ra.json +++ b/test/config/ra.json @@ -61,13 +61,7 @@ ] }, "features": { - "StoreRevokerInfo": true, - "RestrictRSAKeySizes": true, - "StreamlineOrderAndAuthzs": true, - "AllowReRevocation": true, - "MozRevocationReasons": true, - "SHA1CSRs": false, - "RejectDuplicateCSRExtensions": true + "StoreRevokerInfo": true }, "ctLogs": { "stagger": "500ms", diff --git a/test/config/sa.json b/test/config/sa.json index 4de562bc7..f979318d3 100644 --- a/test/config/sa.json +++ b/test/config/sa.json @@ -46,10 +46,7 @@ } }, "features": { - "FasterNewOrdersRateLimit": true, - "StoreRevokerInfo": true, - "GetAuthzReadOnly": true, - "GetAuthzUseIndex": true + "StoreRevokerInfo": true } }, diff --git a/test/config/wfe2.json b/test/config/wfe2.json index ecb19e49c..cb586ebbc 100644 --- a/test/config/wfe2.json +++ b/test/config/wfe2.json @@ -71,10 +71,7 @@ "staleTimeout": "5m", "authorizationLifetimeDays": 30, "pendingAuthorizationLifetimeDays": 7, - "features": { - "PrecertificateRevocation": true, - "StripDefaultSchemePort": true - } + "features": {} }, "syslog": {