Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WFE/nonce: Add NonceHMACKey field #7793

Merged
merged 11 commits into from
Nov 13, 2024
Merged

WFE/nonce: Add NonceHMACKey field #7793

merged 11 commits into from
Nov 13, 2024

Conversation

jprenken
Copy link
Contributor

@jprenken jprenken commented Nov 8, 2024

Add a new WFE & nonce config field, NonceHMACKey, which uses the new cmd.HMACKeyConfig type. Deprecate the NoncePrefixKey config field.

Generalize the error message when validating HMACKeyConfig in config.

Remove the deprecated UseDerivablePrefix config field, which is no longer used anywhere.

Part of #7632

@jprenken jprenken requested a review from a team as a code owner November 8, 2024 06:20
Copy link
Contributor

github-actions bot commented Nov 8, 2024

@jprenken, this PR appears to contain configuration and/or SQL schema changes. Please ensure that a corresponding deployment ticket has been filed with the new values.

@letsencrypt letsencrypt deleted a comment from github-actions bot Nov 8, 2024
Copy link
Contributor

@aarongable aarongable left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM modulo the type stuff we were talking about in standup

cmd/boulder-wfe2/main.go Outdated Show resolved Hide resolved
cmd/nonce-service/main.go Outdated Show resolved Hide resolved
test/integration/nonce_test.go Outdated Show resolved Hide resolved
jprenken and others added 2 commits November 12, 2024 13:01
This case was added to work around a test case that didn't fill it out;
instead, fill DNSNames for that test case.
@beautifulentropy beautifulentropy merged commit 0a27cba into main Nov 13, 2024
13 checks passed
@beautifulentropy beautifulentropy deleted the nonceprefixkey branch November 13, 2024 15:31
jprenken added a commit that referenced this pull request Nov 19, 2024
Remove the deprecated WFE & nonce config field `NoncePrefixKey`, which has been replaced by `NonceHMACKey`.

DO NOT MERGE until:
- #7793 (in `release-2024-11-18`) has been deployed, AND:
- `NoncePrefixKey` has been removed from all running configs.

Fixes #7632
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants