WIP

letsencrypt · Nov 21, 2024 · 23bc405 · 23bc405
1 parent 01c1488
commit 23bc405
Show file tree

Hide file tree

Showing 5 changed files with 459 additions and 312 deletions.
diff --git a/cmd/boulder-va/main.go b/cmd/boulder-va/main.go
@@ -18,7 +18,7 @@ import (
 type Config struct {
 	VA struct {
 		vaConfig.Common
-		RemoteVAs []cmd.GRPCClientConfig `validate:"omitempty,dive"`
+		RemoteVAs []cmd.RemoteVAGRPCClientConfig `validate:"omitempty,dive"`
 		// Deprecated and ignored
 		MaxRemoteValidationFailures int `validate:"omitempty,min=0,required_with=RemoteVAs"`
 		Features                    features.Config
@@ -92,7 +92,7 @@ func main() {
 	if len(c.VA.RemoteVAs) > 0 {
 		for _, rva := range c.VA.RemoteVAs {
 			rva := rva
-			vaConn, err := bgrpc.ClientSetup(&rva, tlsConfig, scope, clk)
+			vaConn, err := bgrpc.ClientSetup(&rva.GRPCClientConfig, tlsConfig, scope, clk)
 			cmd.FailOnError(err, "Unable to create remote VA client")
 			remotes = append(
 				remotes,
@@ -101,7 +101,9 @@ func main() {
 						VAClient:  vapb.NewVAClient(vaConn),
 						CAAClient: vapb.NewCAAClient(vaConn),
 					},
-					Address: rva.ServerAddress,
+					Address:     rva.ServerAddress,
+					Perspective: rva.Perspective,
+					RIR:         rva.RIR,
 				},
 			)
 		}

diff --git a/cmd/config.go b/cmd/config.go
@@ -442,6 +442,40 @@ func (c *GRPCClientConfig) makeSRVScheme() (string, error) {
 	return c.SRVResolver, nil
 }
 
+// RemoteVAGRPCClientConfig  contains the information necessary to setup a gRPC
+// client connection. The following GRPC client configuration field combinations
+// are allowed:
+//
+// ServerIPAddresses, [Timeout]
+// ServerAddress, DNSAuthority, [Timeout], [HostOverride]
+// SRVLookup, DNSAuthority, [Timeout], [HostOverride], [SRVResolver]
+// SRVLookups, DNSAuthority, [Timeout], [HostOverride], [SRVResolver]
+type RemoteVAGRPCClientConfig struct {
+	GRPCClientConfig
+	// Perspective uniquely identifies the Network Perspective used to
+	// perform the validation, as specified in BRs Section 5.4.1,
+	// Requirement 2.7 ("Multi-Perspective Issuance Corroboration attempts
+	// from each Network Perspective"). It should uniquely identify a group
+	// of RVAs deployed in the same datacenter.
+	//
+	// TODO(#7615): Make mandatory.
+	Perspective string `validate:"omitempty"`
+
+	// RIR indicates the Regional Internet Registry where this RVA is
+	// located. This field is used to identify the RIR region from which a
+	// given validation was performed, as specified in the "Phased
+	// Implementation Timeline" in BRs Section 3.2.2.9. It must be one of
+	// the following values:
+	//   - ARIN
+	//   - RIPE
+	//   - APNIC
+	//   - LACNIC
+	//   - AfriNIC
+	//
+	// TODO(#7615): Make mandatory.
+	RIR string `validate:"omitempty,oneof=ARIN RIPE APNIC LACNIC AfriNIC"`
+}
+
 // GRPCServerConfig contains the information needed to start a gRPC server.
 type GRPCServerConfig struct {
 	Address string `json:"address" validate:"omitempty,hostname_port"`