Remove old-style gRPC TLS configs (#2495)

* Switch Publisher gRPC to use new "tls" block. * Remove old-style GRPC TLS configs. * Fix incorrect TLS blocks. * Remove more config.
2017-04-05 09:41:41 -07:00 · 2017-04-05 09:41:41 -07:00 · cef0a630b3
parent a46d30945c
commit cef0a630b3
5 changed files with 10 additions and 40 deletions
--- a/cmd/boulder-publisher/main.go
+++ b/cmd/boulder-publisher/main.go
@ -76,16 +76,6 @@ func main() {
 		bundle = append(bundle, ct.ASN1Cert(cert.Raw))
 	}

-	// TODO(jsha): Publisher is currently configured in production using old-style
-	// GRPC config fields. Remove this once production is switched over.
-	if c.Publisher.GRPC != nil && c.Publisher.TLS.CertFile == nil {
-		c.Publisher.TLS = cmd.TLSConfig{
-			CertFile:   &c.Publisher.GRPC.ServerCertificatePath,
-			KeyFile:    &c.Publisher.GRPC.ServerKeyPath,
-			CACertFile: &c.Publisher.GRPC.ClientIssuerPath,
-		}
-	}
-
 	var tls *tls.Config
 	if c.Publisher.TLS.CertFile != nil {
 		tls, err = c.Publisher.TLS.Load()
--- a/cmd/config.go
+++ b/cmd/config.go
@ -324,10 +324,6 @@ type LogDescription struct {
 type GRPCClientConfig struct {
 	ServerAddresses []string
 	Timeout         ConfigDuration
-	// Deprecated. Use TLSConfig instead. TODO(#2472): Delete these.
-	ServerIssuerPath      string
-	ClientCertificatePath string
-	ClientKeyPath         string
 }

 // GRPCServerConfig contains the information needed to run a gRPC service
@ -337,10 +333,6 @@ type GRPCServerConfig struct {
 	// (SANs). The server will reject clients that do not present a certificate
 	// with a SAN present on the `ClientNames` list.
 	ClientNames []string `json:"clientNames"`
-	// Deprecated. Use TLSConfig instead. TODO(#2472): Delete these.
-	ServerCertificatePath string `json:"serverCertificatePath"`
-	ServerKeyPath         string `json:"serverKeyPath"`
-	ClientIssuerPath      string `json:"clientIssuerPath"`
 }

 // PortConfig specifies what ports the VA should call to on the remote
--- a/cmd/ocsp-updater/main.go
+++ b/cmd/ocsp-updater/main.go
@ -729,16 +729,6 @@ func setupClients(c cmd.OCSPUpdaterConfig, stats metrics.Scope) (
 	core.Publisher,
 	core.StorageAuthority,
 ) {
-	// TODO(jsha): Publisher is currently configured in production using old-style
-	// GRPC config fields. Remove this once production is switched over.
-	if c.Publisher != nil && c.TLS.CertFile == nil {
-		c.TLS = cmd.TLSConfig{
-			CertFile:   &c.Publisher.ClientCertificatePath,
-			KeyFile:    &c.Publisher.ClientKeyPath,
-			CACertFile: &c.Publisher.ServerIssuerPath,
-		}
-	}
-
 	var tls *tls.Config
 	var err error
 	if c.TLS.CertFile != nil {
--- a/test/config-next/publisher.json
+++ b/test/config-next/publisher.json
@ -5,19 +5,18 @@
    "debugAddr": ":8009",
    "grpc": {
      "address": ":9091",
-      "clientIssuerPath": "test/grpc-creds/minica.pem",
-      "serverCertificatePath": "test/grpc-creds/publisher.boulder/cert.pem",
-      "serverKeyPath": "test/grpc-creds/publisher.boulder/key.pem",
      "clientNames": [
        "ra.boulder",
        "ocsp-updater.boulder"
      ]
    },
+    "tls": {
+      "caCertFile": "test/grpc-creds/minica.pem",
+      "certFile": "test/grpc-creds/publisher.boulder/cert.pem",
+      "keyFile": "test/grpc-creds/publisher.boulder/key.pem"
+    },
    "saService": {
      "serverAddresses": ["sa.boulder:19095"],
-      "serverIssuerPath": "test/grpc-creds/minica.pem",
-      "clientCertificatePath": "test/grpc-creds/publisher.boulder/cert.pem",
-      "clientKeyPath": "test/grpc-creds/publisher.boulder/key.pem",
      "timeout": "15s"
    }
  },
--- a/test/config/publisher.json
+++ b/test/config/publisher.json
@ -3,11 +3,13 @@
    "maxConcurrentRPCServerRequests": 100000,
    "submissionTimeout": "5s",
    "debugAddr": ":8009",
+    "tls": {
+      "caCertFile": "test/grpc-creds/minica.pem",
+      "certFile": "test/grpc-creds/publisher.boulder/cert.pem",
+      "keyFile": "test/grpc-creds/publisher.boulder/key.pem"
+    },
    "grpc": {
      "address": ":9091",
-      "clientIssuerPath": "test/grpc-creds/minica.pem",
-      "serverCertificatePath": "test/grpc-creds/publisher.boulder/cert.pem",
-      "serverKeyPath": "test/grpc-creds/publisher.boulder/key.pem",
      "clientNames": [
        "ra.boulder",
        "ocsp-updater.boulder"
@ -15,9 +17,6 @@
    },
    "saService": {
      "serverAddresses": ["sa.boulder:19095"],
-      "serverIssuerPath": "test/grpc-creds/minica.pem",
-      "clientCertificatePath": "test/grpc-creds/publisher.boulder/cert.pem",
-      "clientKeyPath": "test/grpc-creds/publisher.boulder/key.pem",
      "timeout": "15s"
    }
  },