From ee4b207f0baf85c21597a23fb7a373712e26ca7c Mon Sep 17 00:00:00 2001
From: Matthew McPherrin <mattm@letsencrypt.org>
Date: Mon, 16 Jan 2023 12:04:41 -0500
Subject: [PATCH] WIP: Script to check all shards with local dynamo

---
 check-le-all.sh               | 42 +++++++++++++++++++++++++++++++++++
 db/run_db_integration_test.sh | 11 +--------
 db/run_local_dynamo.sh        | 17 ++++++++++++++
 3 files changed, 60 insertions(+), 10 deletions(-)
 create mode 100755 check-le-all.sh
 create mode 100755 db/run_local_dynamo.sh

diff --git a/check-le-all.sh b/check-le-all.sh
new file mode 100755
index 0000000..589f174
--- /dev/null
+++ b/check-le-all.sh
@@ -0,0 +1,42 @@
+#!/bin/bash
+
+set -eux
+
+#
+#  Check all of Let's Encrypt CRL shards
+
+check() {
+  for SHARD in $(seq 0 127); do
+    S3_CRL_OBJECT=$1/$SHARD.crl \
+    S3_CRL_BUCKET=$2 \
+    BOULDER_BASE_URL=$3 \
+     go run cmd/checker/checker.go
+  done
+}
+
+# TODO: r3/e1 might be backwards
+R3STG="4169287449788112"
+E1STG="58367272336442518"
+R3PROD="20506757847264211"
+E1PROD="67430855296768143"
+
+STGBUCKET="le-crl-stg"
+PRODBUCKET="le-crl-prod"
+
+export DYNAMO_ENDPOINT="http://localhost:8000"
+export DYNAMO_TABLE="unseen-certificates"
+
+STGURL="https://acme-staging-v02.api.letsencrypt.org/acme/cert"
+PRODURL="https://acme-v02.api.letsencrypt.org/acme/cert"
+
+export BOULDER_MAX_FETCH=500
+export ISSUER_PATHS="checker/testdata/r3.pem:checker/testdata/e1.pem:checker/testdata/stg-e1.pem:checker/testdata/stg-r3.pem"
+
+./db/run_local_dynamo.sh &
+dynamopid=$!
+trap 'kill $dynamopid' EXIT
+
+check $R3STG $STGBUCKET $STGURL
+check $E1STG $STGBUCKET $STGURL
+check $R3PROD $PRODBUCKET $PRODURL
+check $E1PROD $PRODBUCKET $PRODURL
diff --git a/db/run_db_integration_test.sh b/db/run_db_integration_test.sh
index 43a7213..45fddbb 100755
--- a/db/run_db_integration_test.sh
+++ b/db/run_db_integration_test.sh
@@ -4,16 +4,7 @@ set -eux
 SCRIPT_PATH=${0%/*}
 cd "$SCRIPT_PATH"
 
-# Fetch the local DynamoDB if there isn't one here already
-if ! [ -d dynamodb_local ]; then
-  mkdir dynamodb_local
-  curl -sSL https://s3.us-west-2.amazonaws.com/dynamodb-local/dynamodb_local_latest.tar.gz \
-    | tar -xzf - -C dynamodb_local
-else
-  echo "using existing DynamoDBLocal.jar"
-fi
-
-java -Djava.library.path=./dynamodb_local/DynamoDBLocal_lib -jar ./dynamodb_local/DynamoDBLocal.jar -sharedDb -inMemory &
+./run_local_dynamo.sh &
 dynamopid=$!
 trap 'kill $dynamopid' EXIT
 
diff --git a/db/run_local_dynamo.sh b/db/run_local_dynamo.sh
new file mode 100755
index 0000000..32a9a20
--- /dev/null
+++ b/db/run_local_dynamo.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+set -eu
+
+SCRIPT_PATH=${0%/*}
+cd "$SCRIPT_PATH" || exit
+
+# Fetch the local DynamoDB if there isn't one here already
+if ! [ -d dynamodb_local ]; then
+  mkdir dynamodb_local
+  curl -sSL https://s3.us-west-2.amazonaws.com/dynamodb-local/dynamodb_local_latest.tar.gz \
+    | tar -xzf - -C dynamodb_local
+else
+  echo "using existing DynamoDBLocal.jar"
+fi
+
+exec java -Djava.library.path=./dynamodb_local/DynamoDBLocal_lib -jar ./dynamodb_local/DynamoDBLocal.jar -sharedDb -inMemory
\ No newline at end of file