letsencrypt
/
boulder
mirror of https://github.com/letsencrypt/boulder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

sa: Remove DnsNames from NewOrderRequest (#8101) 

Remove the deprecated `DnsNames` field from the `NewOrderRequest`
struct. All users of this struct use `Identifier` instead.

Part of #7311
This commit is contained in:
James Renken 2025-04-08 15:27:08 -04:00 committed by GitHub
parent b9f93b386f
commit c426fc71f6
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
7 changed files with 587 additions and 695 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
mocks/sa.go
View File

@ -324,7 +324,6 @@ func (sa *StorageAuthority) NewOrderAndAuthzs(_ context.Context, req *sapb.NewOr
// Fields from the input new order request.
RegistrationID: req.NewOrder.RegistrationID,
Expires: req.NewOrder.Expires,
DnsNames: req.NewOrder.DnsNames,
Identifiers: req.NewOrder.Identifiers,
V2Authorizations: req.NewOrder.V2Authorizations,
// Mock new fields generated by the database transaction.

3
ra/ra.go
View File

@ -2514,7 +2514,6 @@ func (ra *RegistrationAuthorityImpl) NewOrder(ctx context.Context, req *rapb.New
newOrder := &sapb.NewOrderRequest{
RegistrationID: req.RegistrationID,
DnsNames: dnsNames,
Identifiers: idents.ToProtoSlice(),
CertificateProfileName: req.CertificateProfileName,
Replaces: req.Replaces,
@ -2533,7 +2532,7 @@ func (ra *RegistrationAuthorityImpl) NewOrder(ctx context.Context, req *rapb.New
return nil, err
}
if core.IsAnyNilOrZero(storedOrder.Id, storedOrder.Status, storedOrder.RegistrationID, identifier.FromProtoSliceWithDefault(storedOrder), storedOrder.Created, storedOrder.Expires) {
if core.IsAnyNilOrZero(storedOrder.Id, storedOrder.Status, storedOrder.RegistrationID, storedOrder.Identifiers, storedOrder.Created, storedOrder.Expires) {
return nil, errIncompleteGRPCResponse
}
ra.orderAges.WithLabelValues("NewOrder").Observe(0)

46
ra/ra_test.go
View File

@ -85,7 +85,6 @@ func createPendingAuthorization(t *testing.T, sa sapb.StorageAuthorityClient, id
NewOrder: &sapb.NewOrderRequest{
RegistrationID: Registration.Id,
Expires: timestamppb.New(exp),
DnsNames: []string{ident.Value},
Identifiers: []*corepb.Identifier{ident.ToProto()},
},
NewAuthzs: []*sapb.NewAuthzRequest{
@ -871,7 +870,6 @@ func TestCertificateKeyNotEqualAccountKey(t *testing.T) {
NewOrder: &sapb.NewOrderRequest{
RegistrationID: Registration.Id,
Expires: timestamppb.New(exp),
DnsNames: []string{"www.example.com"},
Identifiers: []*corepb.Identifier{identifier.NewDNS("www.example.com").ToProto()},
V2Authorizations: []int64{authzID},
},
@ -1913,7 +1911,6 @@ func (msa *mockSAWithAuthzs) NewOrderAndAuthzs(ctx context.Context, req *sapb.Ne
// Fields from the input new order request.
RegistrationID: req.NewOrder.RegistrationID,
Expires: req.NewOrder.Expires,
DnsNames: req.NewOrder.DnsNames,
Identifiers: req.NewOrder.Identifiers,
V2Authorizations: authzIDs,
CertificateProfileName: req.NewOrder.CertificateProfileName,
@ -2326,7 +2323,6 @@ func TestFinalizeOrder(t *testing.T) {
NewOrder: &sapb.NewOrderRequest{
RegistrationID: Registration.Id,
Expires: timestamppb.New(exp),
DnsNames: []string{"not-example.com", "www.not-example.com"},
Identifiers: []*corepb.Identifier{
identifier.NewDNS("not-example.com").ToProto(),
identifier.NewDNS("www.not-example.com").ToProto(),
@ -2336,28 +2332,6 @@ func TestFinalizeOrder(t *testing.T) {
})
test.AssertNotError(t, err, "Could not add test order with finalized authz IDs, ready status")
validatedOrderNoIdents, err := sa.NewOrderAndAuthzs(context.Background(), &sapb.NewOrderAndAuthzsRequest{
NewOrder: &sapb.NewOrderRequest{
RegistrationID: Registration.Id,
Expires: timestamppb.New(exp),
DnsNames: []string{"not-example.com", "www.not-example.com"},
V2Authorizations: []int64{authzIDA, authzIDB},
},
})
test.AssertNotError(t, err, "Could not add test order without Identifiers")
validatedOrderNoDnsNames, err := sa.NewOrderAndAuthzs(context.Background(), &sapb.NewOrderAndAuthzsRequest{
NewOrder: &sapb.NewOrderRequest{
RegistrationID: Registration.Id,
Expires: timestamppb.New(exp),
Identifiers: []*corepb.Identifier{
identifier.NewDNS("not-example.com").ToProto(),
identifier.NewDNS("www.not-example.com").ToProto(),
},
V2Authorizations: []int64{authzIDA, authzIDB},
},
})
test.AssertNotError(t, err, "Could not add test order without DnsNames")
testCases := []struct {
Name string
OrderReq *rapb.FinalizeOrderRequest
@ -2548,22 +2522,6 @@ func TestFinalizeOrder(t *testing.T) {
},
ExpectIssuance: true,
},
{
Name: "Order with no Identifiers",
OrderReq: &rapb.FinalizeOrderRequest{
Order: validatedOrderNoIdents,
Csr: validCSR,
},
ExpectIssuance: true,
},
{
Name: "Order with no DnsNames",
OrderReq: &rapb.FinalizeOrderRequest{
Order: validatedOrderNoDnsNames,
Csr: validCSR,
},
ExpectIssuance: true,
},
}
for _, tc := range testCases {
@ -2608,7 +2566,6 @@ func TestFinalizeOrderWithMixedSANAndCN(t *testing.T) {
NewOrder: &sapb.NewOrderRequest{
RegistrationID: Registration.Id,
Expires: timestamppb.New(exp),
DnsNames: []string{"not-example.com", "www.not-example.com"},
Identifiers: []*corepb.Identifier{
identifier.NewDNS("not-example.com").ToProto(),
identifier.NewDNS("www.not-example.com").ToProto(),
@ -2951,7 +2908,6 @@ func TestIssueCertificateAuditLog(t *testing.T) {
NewOrder: &sapb.NewOrderRequest{
RegistrationID: Registration.Id,
Expires: timestamppb.New(exp),
DnsNames: names,
Identifiers: idents.ToProtoSlice(),
V2Authorizations: authzIDs,
},
@ -3087,7 +3043,6 @@ func TestIssueCertificateCAACheckLog(t *testing.T) {
NewOrder: &sapb.NewOrderRequest{
RegistrationID: Registration.Id,
Expires: timestamppb.New(exp),
DnsNames: names,
Identifiers: idents.ToProtoSlice(),
V2Authorizations: authzIDs,
},
@ -4015,7 +3970,6 @@ func (sa *mockNewOrderMustBeReplacementAuthority) NewOrderAndAuthzs(ctx context.
Expires: req.NewOrder.Expires,
Status: string(core.StatusPending),
Created: timestamppb.New(time.Now()),
DnsNames: req.NewOrder.DnsNames,
Identifiers: req.NewOrder.Identifiers,
}, nil
}

1165
sa/proto/sa.pb.go
View File

File diff suppressed because it is too large Load Diff

3
sa/proto/sa.proto
View File

@ -226,8 +226,7 @@ message NewOrderRequest {
int64 registrationID = 1;
reserved 2; // Previously expiresNS
google.protobuf.Timestamp expires = 5;
// TODO(#7311): dnsNames are being deprecated in favour of identifiers.
repeated string dnsNames = 3;
reserved 3; // Previously dnsNames
repeated core.Identifier identifiers = 9;
repeated int64 v2Authorizations = 4;
string certificateProfileName = 7;

3
sa/sa.go
View File

@ -594,7 +594,7 @@ func (ssa *SQLStorageAuthority) NewOrderAndAuthzs(ctx context.Context, req *sapb
}
// Fourth, insert the FQDNSet entry for the order.
err = addOrderFQDNSet(ctx, tx, identifier.FromProtoSliceWithDefault(req.NewOrder), orderID, req.NewOrder.RegistrationID, req.NewOrder.Expires.AsTime())
err = addOrderFQDNSet(ctx, tx, identifier.FromProtoSlice(req.NewOrder.Identifiers), orderID, req.NewOrder.RegistrationID, req.NewOrder.Expires.AsTime())
if err != nil {
return nil, err
}
@ -623,7 +623,6 @@ func (ssa *SQLStorageAuthority) NewOrderAndAuthzs(ctx context.Context, req *sapb
// These are carried over from the original request unchanged.
RegistrationID: req.NewOrder.RegistrationID,
Expires: req.NewOrder.Expires,
DnsNames: req.NewOrder.DnsNames,
Identifiers: req.NewOrder.Identifiers,
// This includes both reused and newly created authz IDs.
V2Authorizations: allAuthzIds,

61
sa/sa_test.go
View File

@ -985,7 +985,6 @@ func TestNewOrderAndAuthzs(t *testing.T) {
NewOrder: &sapb.NewOrderRequest{
RegistrationID: reg.Id,
Expires: timestamppb.New(expires),
DnsNames: []string{"a.com", "b.com", "c.com", "d.com"},
Identifiers: []*corepb.Identifier{
identifier.NewDNS("a.com").ToProto(),
identifier.NewDNS("b.com").ToProto(),
@ -1022,16 +1021,6 @@ func TestNewOrderAndAuthzs(t *testing.T) {
test.AssertNotError(t, err, "Failed to count orderToAuthz entries")
test.AssertEquals(t, len(authzIDs), 4)
test.AssertDeepEquals(t, authzIDs, []int64{1, 2, 3, 4})
reqNoIdentifiers := req
reqNoIdentifiers.NewOrder.Identifiers = nil
_, err = sa.NewOrderAndAuthzs(context.Background(), reqNoIdentifiers)
test.AssertNotError(t, err, "sa.NewOrderAndAuthzs failed without Identifiers")
reqNoDnsNames := req
reqNoDnsNames.NewOrder.DnsNames = nil
_, err = sa.NewOrderAndAuthzs(context.Background(), reqNoDnsNames)
test.AssertNotError(t, err, "sa.NewOrderAndAuthzs failed without DnsNames")
}
// TestNewOrderAndAuthzs_NonNilInnerOrder verifies that a nil
@ -1098,7 +1087,6 @@ func TestNewOrderAndAuthzs_NewAuthzExpectedFields(t *testing.T) {
NewOrder: &sapb.NewOrderRequest{
RegistrationID: reg.Id,
Expires: timestamppb.New(expires),
DnsNames: []string{domain},
Identifiers: []*corepb.Identifier{identifier.NewDNS(domain).ToProto()},
},
})
@ -1140,7 +1128,7 @@ func TestNewOrderAndAuthzs_Profile(t *testing.T) {
NewOrder: &sapb.NewOrderRequest{
RegistrationID: reg.Id,
Expires: timestamppb.New(expires),
DnsNames: []string{"example.com"},
Identifiers: []*corepb.Identifier{identifier.NewDNS("example.com").ToProto()},
CertificateProfileName: "test",
},
NewAuthzs: []*sapb.NewAuthzRequest{
@ -1194,7 +1182,6 @@ func TestSetOrderProcessing(t *testing.T) {
NewOrder: &sapb.NewOrderRequest{
RegistrationID: reg.Id,
Expires: timestamppb.New(expires1Year),
DnsNames: []string{"example.com"},
Identifiers: []*corepb.Identifier{identifier.NewDNS("example.com").ToProto()},
V2Authorizations: []int64{authzID},
},
@ -1235,7 +1222,6 @@ func TestFinalizeOrder(t *testing.T) {
NewOrder: &sapb.NewOrderRequest{
RegistrationID: reg.Id,
Expires: timestamppb.New(expires1Year),
DnsNames: []string{"example.com"},
Identifiers: []*corepb.Identifier{identifier.NewDNS("example.com").ToProto()},
V2Authorizations: []int64{authzID},
},
@ -1278,7 +1264,6 @@ func TestGetOrder(t *testing.T) {
inputOrder := &corepb.Order{
RegistrationID: reg.Id,
Expires: timestamppb.New(expires),
DnsNames: []string{"example.com"},
Identifiers: []*corepb.Identifier{ident.ToProto()},
V2Authorizations: []int64{authzID},
}
@ -1288,7 +1273,6 @@ func TestGetOrder(t *testing.T) {
NewOrder: &sapb.NewOrderRequest{
RegistrationID: inputOrder.RegistrationID,
Expires: inputOrder.Expires,
DnsNames: inputOrder.DnsNames,
Identifiers: inputOrder.Identifiers,
V2Authorizations: inputOrder.V2Authorizations,
},
@ -1302,7 +1286,7 @@ func TestGetOrder(t *testing.T) {
// input to NewOrderAndAuthzs
RegistrationID: inputOrder.RegistrationID,
V2Authorizations: inputOrder.V2Authorizations,
DnsNames: inputOrder.DnsNames,
DnsNames: []string{"example.com"},
Identifiers: inputOrder.Identifiers,
Expires: inputOrder.Expires,
// The ID should have been set to 1 by the SA
@ -1340,7 +1324,6 @@ func TestGetOrderWithProfile(t *testing.T) {
inputOrder := &corepb.Order{
RegistrationID: reg.Id,
Expires: timestamppb.New(expires),
DnsNames: []string{"example.com"},
Identifiers: []*corepb.Identifier{ident.ToProto()},
V2Authorizations: []int64{authzID},
CertificateProfileName: "tbiapb",
@ -1351,7 +1334,6 @@ func TestGetOrderWithProfile(t *testing.T) {
NewOrder: &sapb.NewOrderRequest{
RegistrationID: inputOrder.RegistrationID,
Expires: inputOrder.Expires,
DnsNames: inputOrder.DnsNames,
Identifiers: inputOrder.Identifiers,
V2Authorizations: inputOrder.V2Authorizations,
CertificateProfileName: inputOrder.CertificateProfileName,
@ -1366,7 +1348,7 @@ func TestGetOrderWithProfile(t *testing.T) {
// input to NewOrderAndAuthzs
RegistrationID: inputOrder.RegistrationID,
V2Authorizations: inputOrder.V2Authorizations,
DnsNames: inputOrder.DnsNames,
DnsNames: []string{"example.com"},
Identifiers: inputOrder.Identifiers,
Expires: inputOrder.Expires,
// The ID should have been set to 1 by the SA
@ -1475,7 +1457,6 @@ func TestFasterGetOrderForNames(t *testing.T) {
RegistrationID: reg.Id,
Expires: timestamppb.New(expires),
V2Authorizations: []int64{authzIDs},
DnsNames: []string{ident.Value},
Identifiers: []*corepb.Identifier{ident.ToProto()},
},
})
@ -1486,7 +1467,6 @@ func TestFasterGetOrderForNames(t *testing.T) {
RegistrationID: reg.Id,
Expires: timestamppb.New(expires),
V2Authorizations: []int64{authzIDs},
DnsNames: []string{ident.Value},
Identifiers: []*corepb.Identifier{ident.ToProto()},
},
})
@ -1549,7 +1529,6 @@ func TestGetOrderForNames(t *testing.T) {
RegistrationID: regA.Id,
Expires: timestamppb.New(expires),
V2Authorizations: []int64{authzIDA, authzIDB},
DnsNames: names,
Identifiers: idents.ToProtoSlice(),
},
})
@ -1617,7 +1596,6 @@ func TestGetOrderForNames(t *testing.T) {
RegistrationID: regA.Id,
Expires: timestamppb.New(expires),
V2Authorizations: []int64{authzIDC, authzIDD},
DnsNames: names,
Identifiers: idents.ToProtoSlice(),
},
})
@ -1689,7 +1667,6 @@ func TestStatusForOrder(t *testing.T) {
testCases := []struct {
Name string
AuthorizationIDs []int64
OrderNames []string
OrderIdents identifier.ACMEIdentifiers
OrderExpires *timestamppb.Timestamp
ExpectedStatus string
@ -1697,8 +1674,7 @@ func TestStatusForOrder(t *testing.T) {
Finalize bool
}{
{
Name: "Order with an invalid authz",
OrderNames: []string{"pending.your.order.is.up", "invalid.your.order.is.up", "deactivated.your.order.is.up", "valid.your.order.is.up"},
Name: "Order with an invalid authz",
OrderIdents: identifier.ACMEIdentifiers{
identifier.NewDNS("pending.your.order.is.up"),
identifier.NewDNS("invalid.your.order.is.up"),
@ -1709,8 +1685,7 @@ func TestStatusForOrder(t *testing.T) {
ExpectedStatus: string(core.StatusInvalid),
},
{
Name: "Order with an expired authz",
OrderNames: []string{"pending.your.order.is.up", "expired.your.order.is.up", "deactivated.your.order.is.up", "valid.your.order.is.up"},
Name: "Order with an expired authz",
OrderIdents: identifier.ACMEIdentifiers{
identifier.NewDNS("pending.your.order.is.up"),
identifier.NewDNS("expired.your.order.is.up"),
@ -1721,8 +1696,7 @@ func TestStatusForOrder(t *testing.T) {
ExpectedStatus: string(core.StatusInvalid),
},
{
Name: "Order with a deactivated authz",
OrderNames: []string{"pending.your.order.is.up", "deactivated.your.order.is.up", "valid.your.order.is.up"},
Name: "Order with a deactivated authz",
OrderIdents: identifier.ACMEIdentifiers{
identifier.NewDNS("pending.your.order.is.up"),
identifier.NewDNS("deactivated.your.order.is.up"),
@ -1732,8 +1706,7 @@ func TestStatusForOrder(t *testing.T) {
ExpectedStatus: string(core.StatusInvalid),
},
{
Name: "Order with a pending authz",
OrderNames: []string{"valid.your.order.is.up", "pending.your.order.is.up"},
Name: "Order with a pending authz",
OrderIdents: identifier.ACMEIdentifiers{
identifier.NewDNS("valid.your.order.is.up"),
identifier.NewDNS("pending.your.order.is.up"),
@ -1743,14 +1716,12 @@ func TestStatusForOrder(t *testing.T) {
},
{
Name: "Order with only valid authzs, not yet processed or finalized",
OrderNames: []string{"valid.your.order.is.up"},
OrderIdents: identifier.ACMEIdentifiers{identifier.NewDNS("valid.your.order.is.up")},
AuthorizationIDs: []int64{validID},
ExpectedStatus: string(core.StatusReady),
},
{
Name: "Order with only valid authzs, set processing",
OrderNames: []string{"valid.your.order.is.up"},
OrderIdents: identifier.ACMEIdentifiers{identifier.NewDNS("valid.your.order.is.up")},
AuthorizationIDs: []int64{validID},
SetProcessing: true,
@ -1758,14 +1729,12 @@ func TestStatusForOrder(t *testing.T) {
},
{
Name: "Order with only valid authzs, not yet processed or finalized, OrderReadyStatus feature flag",
OrderNames: []string{"valid.your.order.is.up"},
OrderIdents: identifier.ACMEIdentifiers{identifier.NewDNS("valid.your.order.is.up")},
AuthorizationIDs: []int64{validID},
ExpectedStatus: string(core.StatusReady),
},
{
Name: "Order with only valid authzs, set processing",
OrderNames: []string{"valid.your.order.is.up"},
OrderIdents: identifier.ACMEIdentifiers{identifier.NewDNS("valid.your.order.is.up")},
AuthorizationIDs: []int64{validID},
SetProcessing: true,
@ -1773,16 +1742,6 @@ func TestStatusForOrder(t *testing.T) {
},
{
Name: "Order with only valid authzs, set processing and finalized",
OrderNames: []string{"valid.your.order.is.up"},
OrderIdents: identifier.ACMEIdentifiers{identifier.NewDNS("valid.your.order.is.up")},
AuthorizationIDs: []int64{validID},
SetProcessing: true,
Finalize: true,
ExpectedStatus: string(core.StatusValid),
},
{
Name: "Order with only valid authzs, set processing and finalized, Identifiers overriding DnsNames",
OrderNames: []string{"deactivated.your.order.is.up"},
OrderIdents: identifier.ACMEIdentifiers{identifier.NewDNS("valid.your.order.is.up")},
AuthorizationIDs: []int64{validID},
SetProcessing: true,
@ -1805,7 +1764,6 @@ func TestStatusForOrder(t *testing.T) {
RegistrationID: reg.Id,
Expires: orderExpiry,
V2Authorizations: tc.AuthorizationIDs,
DnsNames: tc.OrderNames,
Identifiers: tc.OrderIdents.ToProtoSlice(),
},
})
@ -2573,7 +2531,6 @@ func TestGetValidOrderAuthorizations2(t *testing.T) {
NewOrder: &sapb.NewOrderRequest{
RegistrationID: reg.Id,
Expires: timestamppb.New(orderExpr),
DnsNames: []string{"a.example.com", "b.example.com"},
Identifiers: []*corepb.Identifier{
identifier.NewDNS("a.example.com").ToProto(),
identifier.NewDNS("b.example.com").ToProto(),
@ -2764,7 +2721,6 @@ func TestGetOrderExpired(t *testing.T) {
NewOrder: &sapb.NewOrderRequest{
RegistrationID: reg.Id,
Expires: timestamppb.New(now.Add(-time.Hour)),
DnsNames: []string{"example.com"},
Identifiers: []*corepb.Identifier{identifier.NewDNS("example.com").ToProto()},
V2Authorizations: []int64{666},
},
@ -3699,7 +3655,6 @@ func TestReplacementOrderExists(t *testing.T) {
NewOrder: &sapb.NewOrderRequest{
RegistrationID: reg.Id,
Expires: timestamppb.New(expires1Year),
DnsNames: []string{"example.com"},
Identifiers: []*corepb.Identifier{identifier.NewDNS("example.com").ToProto()},
V2Authorizations: []int64{authzID},
},
@ -3720,7 +3675,6 @@ func TestReplacementOrderExists(t *testing.T) {
NewOrder: &sapb.NewOrderRequest{
RegistrationID: reg.Id,
Expires: timestamppb.New(expires1Year),
DnsNames: []string{"example.com"},
Identifiers: []*corepb.Identifier{identifier.NewDNS("example.com").ToProto()},
V2Authorizations: []int64{authzID},
ReplacesSerial: oldCertSerial,
@ -3758,7 +3712,6 @@ func TestReplacementOrderExists(t *testing.T) {
NewOrder: &sapb.NewOrderRequest{
RegistrationID: reg.Id,
Expires: timestamppb.New(expires1Year),
DnsNames: []string{"example.com"},
Identifiers: []*corepb.Identifier{identifier.NewDNS("example.com").ToProto()},
V2Authorizations: []int64{authzID},
ReplacesSerial: oldCertSerial,