From bf6fb8b716ed4e0f9caa2eeadc378800e570ba12 Mon Sep 17 00:00:00 2001 From: Jacob Hoffman-Andrews Date: Fri, 15 Nov 2024 11:57:09 -0800 Subject: [PATCH] ra: temporarily remove flaky test This test is flaking a lot on main. We'll restore it soon but in the meantime we shouldn't have flaky tests. --- ra/ra_test.go | 138 -------------------------------------------------- 1 file changed, 138 deletions(-) diff --git a/ra/ra_test.go b/ra/ra_test.go index a624b501f49..28b264c3e53 100644 --- a/ra/ra_test.go +++ b/ra/ra_test.go @@ -1043,144 +1043,6 @@ func TestPerformValidation_FailedValidationsTriggerPauseIdentifiersRatelimit(t * test.AssertNotError(t, err, "Failed cleaning up redis") } -func TestPerformValidation_FailedThenSuccessfulValidationResetsPauseIdentifiersRatelimit(t *testing.T) { - if !strings.Contains(os.Getenv("BOULDER_CONFIG_DIR"), "test/config-next") { - t.Skip() - } - - va, sa, ra, redisSrc, fc, cleanUp := initAuthorities(t) - defer cleanUp() - - features.Set(features.Config{AutomaticallyPauseZombieClients: true}) - defer features.Reset() - - // Because we're testing with a real Redis backend, we choose a different account ID - // than other tests to make we don't get interference from other tests using the same - // registration ID. - registration, err := sa.NewRegistration(ctx, &corepb.Registration{ - Key: AccountKeyJSONC, - InitialIP: parseAndMarshalIP(t, "192.2.2.2"), - Status: string(core.StatusValid), - }) - test.AssertNotError(t, err, "Failed to create registration") - - mockSA := newMockSAPaused(sa) - ra.SA = mockSA - - // Override the default ratelimits to only allow one failed validation. - txnBuilder, err := ratelimits.NewTransactionBuilder("testdata/two-failed-validations-before-pausing.yml", "") - test.AssertNotError(t, err, "making transaction composer") - ra.txnBuilder = txnBuilder - - // We know this is OK because of TestNewAuthorization - domain := randomDomain() - authzPB := createPendingAuthorization(t, sa, domain, fc.Now().Add(12*time.Hour)) - authzPB.RegistrationID = registration.Id - mockSA.registrationsForRegID[authzPB.RegistrationID] = Registration - mockSA.authorizationsForRegID[authzPB.RegistrationID] = authzPB - - // We induce the bad path by setting a problem. This will consume all - // available capacity in the rate limit bucket. - va.PerformValidationRequestResultReturn = &vapb.ValidationResult{ - Records: []*corepb.ValidationRecord{ - { - AddressUsed: []byte("192.168.0.1"), - Hostname: domain, - Port: "8080", - Url: fmt.Sprintf("http://%s/", domain), - ResolverAddrs: []string{"rebound"}, - }, - }, - Problems: &corepb.ProblemDetails{ - Detail: fmt.Sprintf("CAA invalid for %s", domain), - }, - } - - challIdx := dnsChallIdx(t, authzPB.Challenges) - authzPB, err = ra.PerformValidation(ctx, &rapb.PerformValidationRequest{ - Authz: authzPB, - ChallengeIndex: challIdx, - }) - test.AssertNotError(t, err, "PerformValidation failed") - - select { - case r := <-va.performValidationRequest: - _ = r - case <-time.After(time.Second): - t.Fatal("Timed out waiting for DummyValidationAuthority.PerformValidation to complete") - } - - // Sleep so the RA has a chance to write to the SA - time.Sleep(100 * time.Millisecond) - - got, err := ra.SA.GetPausedIdentifiers(ctx, &sapb.RegistrationID{Id: authzPB.RegistrationID}, nil) - test.AssertError(t, err, "Should not have any paused identifiers yet, but found some") - test.AssertBoxedNil(t, got, "Should have received nil response, but did not") - test.AssertMetricWithLabelsEquals(t, ra.pauseCounter, prometheus.Labels{"paused": "false", "repaused": "false", "grace": "false"}, 0) - - // We need the bucket key to scan for in Redis - bucketKey, err := ratelimits.NewRegIdDomainBucketKey(ratelimits.FailedAuthorizationsForPausingPerDomainPerAccount, authzPB.RegistrationID, domain) - test.AssertNotError(t, err, "Should have been able to construct bucket key, but could not") - - // Verify that a redis entry exists for this accountID:identifier - tat, err := redisSrc.Get(ctx, bucketKey) - test.AssertNotError(t, err, "Should not have errored, but did") - - // We should have capacity for 1 more failed validation, the next TAT should - // be immediately (despite the fact that this clearly says now + 12 hours). - test.AssertEquals(t, tat, fc.Now().Add(12*time.Hour)) - - // - // Now the goal is to perform a successful validation which should reset the - // FailedAuthorizationsForPausingPerDomainPerAccount ratelimit. - // - - // We know this is OK because of TestNewAuthorization - authzPB = createPendingAuthorization(t, sa, domain, fc.Now().Add(12*time.Hour)) - authzPB.RegistrationID = registration.Id - - va.PerformValidationRequestResultReturn = &vapb.ValidationResult{ - Records: []*corepb.ValidationRecord{ - { - AddressUsed: []byte("192.168.0.1"), - Hostname: domain, - Port: "8080", - Url: fmt.Sprintf("http://%s/", domain), - ResolverAddrs: []string{"rebound"}, - }, - }, - Problems: nil, - } - - challIdx = dnsChallIdx(t, authzPB.Challenges) - authzPB, err = ra.PerformValidation(ctx, &rapb.PerformValidationRequest{ - Authz: authzPB, - ChallengeIndex: challIdx, - }) - test.AssertNotError(t, err, "PerformValidation failed") - mockSA.authorizationsForRegID[authzPB.RegistrationID] = authzPB - - select { - case r := <-va.performValidationRequest: - _ = r - case <-time.After(time.Second): - t.Fatal("Timed out waiting for DummyValidationAuthority.PerformValidation to complete") - } - - // We need the bucket key to scan for in Redis - bucketKey, err = ratelimits.NewRegIdDomainBucketKey(ratelimits.FailedAuthorizationsForPausingPerDomainPerAccount, authzPB.RegistrationID, domain) - test.AssertNotError(t, err, "Should have been able to construct bucket key, but could not") - - // Verify that the bucket no longer exists (because the limiter reset has - // deleted it). This indicates the accountID:identifier bucket has regained - // capacity avoiding being inadvertently paused. - _, err = redisSrc.Get(ctx, bucketKey) - test.AssertErrorIs(t, err, ratelimits.ErrBucketNotFound) - - err = ra.limiter.Reset(ctx, bucketKey) - test.AssertNotError(t, err, "Failed cleaning up redis") -} - func TestPerformValidationVAError(t *testing.T) { va, sa, ra, _, fc, cleanUp := initAuthorities(t) defer cleanUp()