RVA: Add configurable MPIC metadata to config

letsencrypt · Oct 1, 2024 · dba1629 · dba1629
1 parent 61a9aa5
commit dba1629
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 2 deletions.
diff --git a/cmd/remoteva/main.go b/cmd/remoteva/main.go
@@ -20,6 +20,27 @@ type Config struct {
 	RVA struct {
 		vaConfig.Common
 
+		// Cluster specifies the cluster name that this RVA belongs to. The
+		// format is unrestricted, but it should uniquely identify a group of
+		// RVAs deployed in the same physical datacenter.
+		//
+		// TODO(#7615): Make mandatory once referenced in audit logs. Update the
+		// comment above.
+		Cluster string `validate:"omitempty"`
+
+		// RIR indicates the Regional Internet Registry where this RVA is
+		// located. This will be used to to identify which RIR a given
+		// validation was performed from. Must be one of the following values:
+		//   - ARIN
+		//   - RIPE
+		//   - APNIC
+		//   - LACNIC
+		//   - AfriNIC
+		//
+		// TODO(#7615): Make mandatory once referenced in audit logs. Update the
+		// comment above.
+		RIR string `validate:"omitempty,oneof=ARIN RIPE APNIC LACNIC AfriNIC"`
+
 		// SkipGRPCClientCertVerification, when disabled as it should typically
 		// be, will cause the remoteva server (which receives gRPCs from a
 		// boulder-va client) to use our default RequireAndVerifyClientCert

diff --git a/test/config-next/remoteva-a.json b/test/config-next/remoteva-a.json
@@ -36,7 +36,9 @@
 		"accountURIPrefixes": [
 			"http://boulder.service.consul:4000/acme/reg/",
 			"http://boulder.service.consul:4001/acme/acct/"
-		]
+		],
+		"cluster": "development",
+		"rir": "ARIN"
 	},
 	"syslog": {
 		"stdoutlevel": 4,

diff --git a/test/config-next/remoteva-b.json b/test/config-next/remoteva-b.json
@@ -36,7 +36,9 @@
 		"accountURIPrefixes": [
 			"http://boulder.service.consul:4000/acme/reg/",
 			"http://boulder.service.consul:4001/acme/acct/"
-		]
+		],
+		"cluster": "development",
+		"rir": "ARIN"
 	},
 	"syslog": {
 		"stdoutlevel": 4,