features

package

v0.0.0-...-94d1468 Latest Latest Go to latest Published: Apr 18, 2024 License: MPL-2.0 Imports: 1 Imported by: 72

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

Documentation ¶

Overview ¶

features provides the Config struct, which is used to define feature flags that can affect behavior across Boulder components. It also maintains a global singleton Config which can be referenced by arbitrary Boulder code without having to pass a collection of feature flags through the function call graph.

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func Reset ¶

func Reset()

Reset resets all features to their initial state (false).

func Set ¶

func Set(fs Config)

Set changes the global FeatureSet to match the input FeatureSet. This overrides any previous changes made to the global FeatureSet.

When used in tests, the caller must defer features.Reset() to avoid leaving dirty global state.

Types ¶

type Config ¶

type Config struct {
	// Deprecated features. Safe for removal once all references to them have
	// been removed from deployed configuration.
	CAAAfterValidation         bool
	AllowNoCommonName          bool
	SHA256SubjectKeyIdentifier bool

	// EnforceMultiVA causes the VA to block on remote VA PerformValidation
	// requests in order to make a valid/invalid decision with the results.
	EnforceMultiVA bool
	// MultiVAFullResults will cause the main VA to wait for all of the remote VA
	// results, not just the threshold required to make a decision.
	MultiVAFullResults bool

	// ECDSAForAll enables all accounts, regardless of their presence in the CA's
	// ecdsaAllowedAccounts config value, to get issuance from ECDSA issuers.
	ECDSAForAll bool

	// ServeRenewalInfo exposes the renewalInfo endpoint in the directory and for
	// GET requests. WARNING: This feature is a draft and highly unstable.
	ServeRenewalInfo bool

	// ExpirationMailerUsesJoin enables using a JOIN query in expiration-mailer
	// rather than a SELECT from certificateStatus followed by thousands of
	// one-row SELECTs from certificates.
	ExpirationMailerUsesJoin bool

	// CertCheckerChecksValidations enables an extra query for each certificate
	// checked, to find the relevant authzs. Since this query might be
	// expensive, we gate it behind a feature flag.
	CertCheckerChecksValidations bool

	// CertCheckerRequiresValidations causes cert-checker to fail if the
	// query enabled by CertCheckerChecksValidations didn't find corresponding
	// authorizations.
	CertCheckerRequiresValidations bool

	// CertCheckerRequiresCorrespondence enables an extra query for each certificate
	// checked, to find the linting precertificate in the `precertificates` table.
	// It then checks that the final certificate "corresponds" to the precertificate
	// using `precert.Correspond`.
	CertCheckerRequiresCorrespondence bool

	// AsyncFinalize enables the RA to return approximately immediately from
	// requests to finalize orders. This allows us to take longer getting SCTs,
	// issuing certs, and updating the database; it indirectly reduces the number
	// of issuances that fail due to timeouts during storage. However, it also
	// requires clients to properly implement polling the Order object to wait
	// for the cert URL to appear.
	AsyncFinalize bool

	// DOH enables DNS-over-HTTPS queries for validation
	DOH bool

	// EnforceMultiCAA causes the VA to kick off remote CAA rechecks when true.
	// When false, no remote CAA rechecks will be performed. The primary VA will
	// make a valid/invalid decision with the results. The primary VA will
	// return an early decision if MultiCAAFullResults is false.
	EnforceMultiCAA bool

	// MultiCAAFullResults will cause the main VA to block and wait for all of
	// the remote VA CAA recheck results instead of returning early if the
	// number of failures is greater than the configured
	// maxRemoteValidationFailures. Only used when EnforceMultiCAA is true.
	MultiCAAFullResults bool

	// TrackReplacementCertificatesARI, when enabled, triggers the following
	// behavior:
	//   - SA.NewOrderAndAuthzs: upon receiving a NewOrderRequest with a
	//     'replacesSerial' value, will create a new entry in the 'replacement
	//     Orders' table. This will occur inside of the new order transaction.
	//   - SA.FinalizeOrder will update the 'replaced' column of any row with
	//     a 'orderID' matching the finalized order to true. This will occur
	//     inside of the finalize (order) transaction.
	TrackReplacementCertificatesARI bool

	// MultipleCertificateProfiles, when enabled, triggers the following
	// behavior:
	//   - SA.NewOrderAndAuthzs: upon receiving a NewOrderRequest with a
	//     `certificateProfileName` value, will add that value to the database's
	//     `orders.certificateProfileName` column. Values in this column are
	//     allowed to be empty.
	MultipleCertificateProfiles bool
}

Config contains one boolean field for every Boulder feature flag. It can be included directly in an executable's Config struct to have feature flags be automatically parsed by the json config loader; executables that do so must then call features.Set(parsedConfig) to load the parsed struct into this package's global Config.

func Get ¶

func Get() Config

Get returns a copy of the current global FeatureSet, indicating which features are currently enabled (set to true). Expected caller behavior looks like:

if features.Get().FeatureName { ...

Source Files ¶

View all Source files

features.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL