Skip to content

Prevent parallel validation attempts#8838

Open
aarongable wants to merge 1 commit into
mainfrom
validation-processing
Open

Prevent parallel validation attempts#8838
aarongable wants to merge 1 commit into
mainfrom
validation-processing

Conversation

@aarongable

@aarongable aarongable commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Add a new beganProcessing column to the authz2 table, which is a replica of the column of the same name in the orders table. Similarly add a new SA gRPC method which sets this column to true, or returns an error if it already has been set to true. The update is done in a transaction to ensure that multiple attempts to update the field don't all succeed. The error is specifically "conflict", so that the WFE will render it with HTTP status code 409.

In the RA, call the new SA method before kicking off validation. If it returns an error, bail out. Lock this behavior behind a feature flag to ensure it is not enabled before the necessary database changes have been made.

Add an integration test which kicks off two validations simultaneously and ensures that exactly one of them fails with reason "conflict".

Fixes #3036

IN-12842 tracks the corresponding SRE-side database and config changes

CPS Compliance Review: Neither the BRs nor our CP/CPS have anything to say about attempting validation multiple times. We will be in compliance both before and after this feature flag is enabled.

@aarongable aarongable marked this pull request as ready for review July 3, 2026 00:26
@aarongable aarongable requested a review from a team as a code owner July 3, 2026 00:26
@aarongable aarongable requested a review from ezekiel July 3, 2026 00:26
@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

@aarongable, this PR adds one or more new feature flags: SetAuthzProcessing. As such, this PR must be accompanied by a review of the Let's Encrypt CP/CPS to ensure that our behavior both before and after this flag is flipped is compliant with that document.

Please conduct such a review, then add your findings to the PR description in a paragraph beginning with "CPS Compliance Review:".

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Prevent parallel validations

1 participant