Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Simplify GetValidOrderAuthorizations2 #7646

Merged
merged 4 commits into from
Aug 8, 2024
Merged

Simplify GetValidOrderAuthorizations2 #7646

merged 4 commits into from
Aug 8, 2024

Conversation

aarongable
Copy link
Contributor

@aarongable aarongable commented Aug 6, 2024
edited
Loading

Simplify SA.GetValidOrderAuthorizations2 so that it no longer conditions the query on the status, expiry, or registration ID of the authorization rows. This gives the query much better performance, because it no longer tries to use an overly-large index, and fall back to large row-scans when the query planner decides the index is too large.

While we're here, also improve the return type of GetValidOrderAuthorizations2, so that instead of returning a map of names to authorizations, it simply returns a list of authzs. This both reduces the size of the gRPC message (once the old map is fully removed), and improves its correctness because we cannot count on names to be unique across multiple identifier types.

Finally, improve the RA code which calls SA.GetValidOrderAuthorizations2 to handle this improved return type, to make fewer assumptions about identifier types, and to separate static authorization-checking from CAA rechecking.

Fixes #7645

@aarongable aarongable requested a review from a team as a code owner August 6, 2024 00:04
beautifulentropy
beautifulentropy requested changes Aug 7, 2024
View reviewed changes
sa/saro.go Show resolved Hide resolved
sa/saro.go Show resolved Hide resolved
@beautifulentropy beautifulentropy self-requested a review August 8, 2024 17:22
@aarongable aarongable merged commit 28f0934 into main Aug 8, 2024
12 checks passed
@aarongable aarongable deleted the better-check-finalize branch August 8, 2024 17:40
@aarongable aarongable mentioned this pull request Aug 8, 2024
Merged
aarongable added a commit that referenced this pull request Aug 9, 2024
@aarongable
Use new sapb.Authorizations.Authzs field in RA (#7650)
8380bb9 
This is a followup to #7646,
updating two other RA methods (RevokeCertByApplicant and NewOrder) which
call different SA methods (GetValidAuthorizations2 and
GetAuthorizations2) but receive the same return type
(sapb.Authorizations) from the SA to use that type's new field.
@aarongable aarongable mentioned this pull request Aug 9, 2024
Merged
aarongable added a commit that referenced this pull request Aug 15, 2024
@aarongable
Remove deprecated sapb.Authorizations.Authz "map" (#7658)
ced0117 
This field was deprecated in
#7646 and the last uses of it
were removed in #7650.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@beautifulentropy beautifulentropy beautifulentropy approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

GetValidOrderAuthorizations2 is slow and failing to use indices
2 participants
@aarongable @beautifulentropy