ampproject · banaag · Aug 21, 2019 · Aug 20, 2019 · Aug 21, 2019 · Aug 21, 2019
diff --git a/packager/util/config.go b/packager/util/config.go
@@ -28,9 +28,13 @@ type Config struct {
 	Port		int
 	CertFile	string // This must be the full certificate chain.
 	KeyFile		string // Just for the first cert, obviously.
+
+	// NewCertFile will be read/write. CertFile and NewCertFile will be set when both
+	// are valid and that once CertFile becomes invalid, NewCertFile will replace it
+	// (CertFile = NewCertFile) and NewCertFile will be set to empty.  This will also
+	// apply to disk copies as well (which we may require to be some sort of shared
+	// filesystem, if multiple replicas of ammpackager are running).
 	NewCertFile	string // The new full certificate chain replacing the expired one.
-	NewKeyFile	string // For the first cert in NewCertFile.
-	AutoRenewCert	bool   // Should we auto-renew cert? Defaults to false.
 	OCSPCache	string
 	ForwardedRequestHeaders []string
 	URLSet		[]URLSet
@@ -55,13 +59,14 @@ type URLPattern struct {
 }
 
 type ACMEConfig struct {
-	Prod	*ACMEServerConfig
-	Staging	*ACMEServerConfig
+	Production	*ACMEServerConfig
+	Development	*ACMEServerConfig
 }
 
 type ACMEServerConfig struct {
-	DiscoURL	string // ACME Production Directory Resource URL
-	AccountURL	string // ACME Account URL
+	DiscoURL	string // ACME Directory Resource URL
+	AccountURL	string // ACME Account URL. If non-empty, we
+			       // will auto-renew cert via ACME.
 }
 
 // TODO(twifkak): Extract default values into a function separate from the one

diff --git a/packager/util/config_test.go b/packager/util/config_test.go
@@ -174,13 +174,11 @@ func TestInvalidQueryRE(t *testing.T) {
 	`))), "QueryRE must be a valid regexp")
 }
 
-func TestOptionalAutoRenewCertAndKey(t *testing.T) {
+func TestOptionalNewCert(t *testing.T) {
 	config, err := ReadConfig([]byte(`
 		CertFile = "cert.pem"
 		KeyFile = "key.pem"
 		NewCertFile = "newcert.pem"
-		NewKeyFile = "newkey.pem"
-		AutoRenewCert = false
 		OCSPCache = "/tmp/ocsp"
 		[[URLSet]]
 		  [URLSet.Sign]
@@ -192,8 +190,6 @@ func TestOptionalAutoRenewCertAndKey(t *testing.T) {
 		CertFile:  "cert.pem",
 		KeyFile:   "key.pem",
 		NewCertFile: "newcert.pem",
-		AutoRenewCert: false,
-		NewKeyFile: "newkey.pem",
 		OCSPCache: "/tmp/ocsp",
 		URLSet: []URLSet{{
 			Sign: &URLPattern{
@@ -215,12 +211,12 @@ func TestOptionalACMEConfig(t *testing.T) {
 		  [URLSet.Sign]
 		    Domain = "example.com"
 		[ACMEConfig]
-		  [ACMEConfig.Prod]
+		  [ACMEConfig.Production]
 		    DiscoURL = "prod.disco.url"
 		    AccountURL = "prod.account.url"
-		  [ACMEConfig.Staging]
-		    DiscoURL = "staging.disco.url"
-		    AccountURL = "staging.account.url"
+		  [ACMEConfig.Development]
+		    DiscoURL = "dev.disco.url"
+		    AccountURL = "dev.account.url"
 	`))
 	require.NoError(t, err)
 	assert.Equal(t, Config{
@@ -229,13 +225,13 @@ func TestOptionalACMEConfig(t *testing.T) {
 		KeyFile:   "key.pem",
 		OCSPCache: "/tmp/ocsp",
 		ACMEConfig: &ACMEConfig{
-			Prod: &ACMEServerConfig{
+			Production: &ACMEServerConfig{
 				DiscoURL: "prod.disco.url",
 				AccountURL: "prod.account.url",
 			},
-			Staging: &ACMEServerConfig{
-				DiscoURL: "staging.disco.url",
-				AccountURL: "staging.account.url",
+			Development: &ACMEServerConfig{
+				DiscoURL: "dev.disco.url",
+				AccountURL: "dev.account.url",
 			},
 		},
 		URLSet: []URLSet{{