-
-
Notifications
You must be signed in to change notification settings - Fork 610
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Simplify RA and SA Registration-modifying codepaths #5554
Milestone
Comments
aarongable
modified the milestones:
Sprint 2024-10-22,
Sprint 2024-10-29,
Sprint 2024-11-05
Oct 29, 2024
aarongable
added a commit
that referenced
this issue
Dec 18, 2024
The RA's DeactivateAccount method expects the account provided to it by the WFE to still have status Valid. The new WFE deactivation code was hardcoding the status to Deactivated. Fix the WFE to pass the account's current status instead. Add an integration test to confirm both the breakage and the fix. Also leave behind some TODOs to simplify this codepath further, and not require the status to be provided at all. Part of #5554
jprenken
added a commit
that referenced
this issue
Jan 4, 2025
jprenken
added a commit
that referenced
this issue
Jan 14, 2025
This is the final stage of #5554: removing the old, combined `UpdateRegistration` flow, which has been replaced by `UpdateRegistrationContact` and `UpdateRegistrationKey`. Those new functions have their own tests. The RA's `UpdateRegistration` function no longer has any callers (as of #7827's deployment), so it is safely deployable to remove it from the SA too, and its request from gRPC. Fixes #5554 --------- Co-authored-by: Jacob Hoffman-Andrews <[email protected]> Co-authored-by: Aaron Gable <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Idea: Let's get rid of the
UpdateRegistration
RPCs entirely.According to RFC8555, there are only 3 ways that a client can initiate a change to their Account object:
status: Deactivated
(this deactivates the account)The first and second of these use the same client-facing endpoint.
But in our codebase, the second and third of these use the same RA and SA codepath (
UpdateRegistration
).We should instead have three wholly separate codepaths, so that we don't have to deal with generic functions like
mergeUpdate
which make it likely that we accidentally allow clients to modify accounts in ways they shouldn't be able to.The text was updated successfully, but these errors were encountered: