Skip to content

Add int-type Authz ID proto fields alongside any string-type proto fields #8754

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
ezekiel wants to merge 12 commits into
base: main
Choose a base branch
from
Open

Add int-type Authz ID proto fields alongside any string-type proto fields #8754

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
145ce0a
Add int-type Authz ID fields alongside any string-type fields
ezekiel May 19, 2026
5910cff
Merge branch 'main' into ezekiel/unify-authzid-type-stage1
ezekiel May 20, 2026
04ab12c
Merge remote-tracking branch 'upstream/main' into ezekiel/unify-authz…
ezekiel May 22, 2026
61cd8e5
Merge remote-tracking branch 'upstream/main' into ezekiel/unify-authz…
ezekiel May 29, 2026
c8f4162
Restore core.Authorization struct.
ezekiel May 29, 2026
98395ad
Fix variable use in va error.
ezekiel May 29, 2026
103fd77
Improve conditional for consuming a protobuf Id and IdInt
ezekiel May 29, 2026
cee06ea
Improve Authz PB field logic. Delete unused proto messages.
ezekiel Jun 1, 2026
a9fec4e
Undo my strange word replacement in RA ISE message.
ezekiel Jun 1, 2026
b3a7699
Undo my strange blank line addition to the RA.
ezekiel Jun 1, 2026
bb7957b
load-generator: pass authz URL between functions
ezekiel Jun 3, 2026
c576651
Merge remote-tracking branch 'upstream/main' into ezekiel/unify-authz…
ezekiel Jun 3, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion core/objects.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -269,7 +269,7 @@ func (ch Challenge) StringID() string {
type Authorization struct {
// An identifier for this authorization, unique across
// authorizations and certificates within this instance.
ID string `json:"-"`
ID int64 `json:"-"`

// The identifier for which authorization is being given
Identifier identifier.ACMEIdentifier `json:"identifier"`
Expand Down
139 changes: 74 additions & 65 deletions core/proto/core.pb.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 3 additions & 2 deletions core/proto/core.proto
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -93,9 +93,10 @@ message Registration {
}

message Authorization {
// Next unused field number: 12
// Next unused field number: 13
reserved 5, 7, 8;
string id = 1;
string id = 1; // TODO(#8722): reserve
int64 idInt = 12; // TODO(#8722): rename
int64 registrationID = 3;
// Fields specified by RFC 8555, Section 7.1.4
reserved 2; // Previously dnsName
Expand Down
18 changes: 16 additions & 2 deletions grpc/pb-marshalling.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ package grpc
import (
"fmt"
"net/netip"
"strconv"
"time"

"github.com/go-jose/go-jose/v4"
Expand Down Expand Up @@ -291,7 +292,8 @@ func AuthzToPB(authz core.Authorization) (*corepb.Authorization, error) {
}

return &corepb.Authorization{
Id: authz.ID,
Id: fmt.Sprintf("%d", authz.ID),
IdInt: authz.ID,
Identifier: authz.Identifier.ToProto(),
RegistrationID: authz.RegistrationID,
Status: string(authz.Status),
Expand All @@ -315,8 +317,20 @@ func PBToAuthz(pb *corepb.Authorization) (core.Authorization, error) {
c := pb.Expires.AsTime()
expires = &c
}

// TODO(#8722): remove this series of checks when pb.Id is int64-only
var authzIDInt int64
if pb.IdInt != 0 {
authzIDInt = pb.IdInt
} else if pb.Id != "" {
parsed, err := strconv.ParseInt(pb.Id, 10, 64)
if err != nil {
return core.Authorization{}, ErrInvalidParameters
}
authzIDInt = parsed
}

@aarongable aarongable Jun 3, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
}
} else {
return core.Authorization{}, ErrMissingParameters
}

@ezekiel ezekiel Jun 4, 2026
edited
Loading

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This particular spot is very interesting - it did not historically have any protection against zero-values. When added, it causes other test failures. I'll re-add the error return here and see if there's something obvious to fix because I'd rather have the protection than not.

authz := core.Authorization{
ID: pb.Id,
ID: authzIDInt,
Identifier: identifier.FromProto(pb.Identifier),
RegistrationID: pb.RegistrationID,
Status: core.AcmeStatus(pb.Status),
Expand Down
4 changes: 2 additions & 2 deletions grpc/pb-marshalling_test.go
View file
Open in desktop

@aarongable aarongable Jun 3, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This test file probably needs more updates than this: there should be tests for PBToAuthz with a string input, an int input, both, and neither.

Original file line number Diff line number Diff line change
Expand Up @@ -216,7 +216,7 @@ func TestAuthz(t *testing.T) {
Token: "asd2",
}
inAuthz := core.Authorization{
ID: "1",
ID: 1,
Identifier: ident,
RegistrationID: 5,
Status: core.StatusPending,
Expand All @@ -230,7 +230,7 @@ func TestAuthz(t *testing.T) {
test.AssertDeepEquals(t, inAuthz, outAuthz)

inAuthzNilExpires := core.Authorization{
ID: "1",
ID: 1,
Identifier: ident,
RegistrationID: 5,
Status: core.StatusPending,
Expand Down
Loading