NASP/rpki
64
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

20260623 细化ROA cache CRL gate

Browse Source
This commit is contained in:
yuyr 2026-06-24 00:05:14 +08:00
parent 574e40a4d4
commit 8c4a677ffa
9 changed files with 1031 additions and 338 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
scripts/soak/publish_remote231.sh
View File

@ -5,11 +5,11 @@ SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
REPO_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
REMOTE_HOST="${REMOTE_HOST:-root@47.251.127.231}"
REMOTE_ROOT="${REMOTE_ROOT:-/root/rpki_20260608_2_feature062_24h_20260608T075547Z/portable-soak}"
REMOTE_ROOT="${REMOTE_ROOT:-/root/ours-rp-continuous/portable-soak}"
PACKAGE_ARCHIVE="${PACKAGE_ARCHIVE:-}"
MODE="${MODE:-dry-run}"
RESTART_QUERY_SERVICE="${RESTART_QUERY_SERVICE:-0}"
QUERY_SERVICE_PID_PATTERN="${QUERY_SERVICE_PID_PATTERN:-rpki_query_service --query-db /root/rpki_20260616_query_service_deploy/query-db}"
QUERY_SERVICE_PID_PATTERN="${QUERY_SERVICE_PID_PATTERN:-$REMOTE_ROOT/bin/rpki_query_service}"
usage() {
cat <<'USAGE'
@ -27,7 +27,7 @@ Default mode is dry-run. Use --execute to apply changes.
Environment overrides:
REMOTE_HOST=root@47.251.127.231
REMOTE_ROOT=/root/rpki_20260608_2_feature062_24h_20260608T075547Z/portable-soak
REMOTE_ROOT=/root/ours-rp-continuous/portable-soak
RESTART_QUERY_SERVICE=0|1
USAGE
}
@ -433,17 +433,18 @@ if [[ "$restart_query_service" == "1" ]]; then
terminate_matching -TERM "$query_pattern"
sleep 2
fi
nohup /root/rpki_20260616_query_service_deploy/bin/rpki_query_service \
--query-db /root/rpki_20260616_query_service_deploy/query-db \
nohup "$remote_root/bin/rpki_query_service" \
--query-db "$remote_root/state/query-db" \
--repo-bytes-db "$remote_root/state/db/repo-bytes.db" \
--export-root /root/rpki_20260616_query_service_deploy/query-exports \
--export-root "$remote_root/state/query-exports" \
--listen 0.0.0.0:9560 \
--watch-run-root "$remote_root" \
--watch-interval-secs 60 \
--watch-min-run-seq "$next_index" \
--retain-indexed-runs 10 \
--indexer-bin /root/rpki_20260616_query_service_deploy/bin/rpki_query_indexer \
> /root/rpki_20260616_query_service_deploy/query-service.publish-${timestamp}.log 2>&1 &
--indexer-bin "$remote_root/bin/rpki_query_indexer" \
--projection-entry-limit 20 \
> "$remote_root/logs/query-service.publish-${timestamp}.log" 2>&1 &
log "restarted query service"
else
log "would restart query service to reopen repo-bytes db"

208
src/storage.rs
View File

@ -759,6 +759,94 @@ mod serde_byte_vec {
}
}
mod serde_optional_byte_vec {
pub(super) fn serialize<S>(value: &Option<Vec<u8>>, serializer: S) -> Result<S::Ok, S::Error>
where
S: serde::Serializer,
{
match value {
Some(bytes) => serializer.serialize_some(bytes),
None => serializer.serialize_none(),
}
}
pub(super) fn deserialize<'de, D>(deserializer: D) -> Result<Option<Vec<u8>>, D::Error>
where
D: serde::Deserializer<'de>,
{
struct OptionalByteVecVisitor;
impl<'de> serde::de::Visitor<'de> for OptionalByteVecVisitor {
type Value = Option<Vec<u8>>;
fn expecting(&self, formatter: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
formatter.write_str("optional byte vector")
}
fn visit_none<E>(self) -> Result<Self::Value, E>
where
E: serde::de::Error,
{
Ok(None)
}
fn visit_some<D>(self, deserializer: D) -> Result<Self::Value, D::Error>
where
D: serde::Deserializer<'de>,
{
deserializer
.deserialize_bytes(super::ByteVecVisitor)
.map(Some)
}
}
deserializer.deserialize_option(OptionalByteVecVisitor)
}
}
mod serde_optional_bytes_32 {
pub(super) fn serialize<S>(value: &Option<[u8; 32]>, serializer: S) -> Result<S::Ok, S::Error>
where
S: serde::Serializer,
{
match value {
Some(bytes) => serializer.serialize_some(bytes.as_slice()),
None => serializer.serialize_none(),
}
}
pub(super) fn deserialize<'de, D>(deserializer: D) -> Result<Option<[u8; 32]>, D::Error>
where
D: serde::Deserializer<'de>,
{
struct OptionalBytes32Visitor;
impl<'de> serde::de::Visitor<'de> for OptionalBytes32Visitor {
type Value = Option<[u8; 32]>;
fn expecting(&self, formatter: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
formatter.write_str("optional 32-byte array")
}
fn visit_none<E>(self) -> Result<Self::Value, E>
where
E: serde::de::Error,
{
Ok(None)
}
fn visit_some<D>(self, deserializer: D) -> Result<Self::Value, D::Error>
where
D: serde::Deserializer<'de>,
{
super::deserialize_fixed_bytes::<D, 32>(deserializer).map(Some)
}
}
deserializer.deserialize_option(OptionalBytes32Visitor)
}
}
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
#[serde(rename_all = "snake_case")]
pub enum VcirLocalOutputPayload {
@ -934,6 +1022,21 @@ impl RoaCacheCrlProjection {
}
}
#[derive(Clone, Debug, PartialEq, Eq)]
pub struct RoaCacheObjectMeta {
pub source_object_uri: String,
pub source_object_hash: [u8; 32],
pub ee_serial: Vec<u8>,
pub crl_uri: String,
}
#[derive(Clone, Debug, PartialEq, Eq)]
pub struct RoaCacheProjectionContext {
pub parent_context_digest: [u8; 32],
pub policy_fingerprint: [u8; 32],
pub object_meta: Vec<RoaCacheObjectMeta>,
}
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub struct RoaCacheLocalOutputProjection {
#[serde(rename = "e")]
@ -985,6 +1088,11 @@ pub struct RoaCacheObjectProjection {
#[serde(rename = "h")]
#[serde(with = "serde_bytes_32")]
pub source_object_hash: [u8; 32],
#[serde(rename = "s", default, skip_serializing_if = "Option::is_none")]
#[serde(with = "serde_optional_byte_vec")]
pub ee_serial: Option<Vec<u8>>,
#[serde(rename = "c", default, skip_serializing_if = "Option::is_none")]
pub crl_uri: Option<String>,
#[serde(rename = "o")]
pub outputs: Vec<RoaCacheLocalOutputProjection>,
}
@ -995,6 +1103,17 @@ impl RoaCacheObjectProjection {
"roa_cache_projection.entries[].source_object_uri",
&self.source_object_uri,
)?;
if let Some(serial) = &self.ee_serial {
if serial.is_empty() {
return Err(StorageError::InvalidData {
entity: "roa_cache_projection.entries[].ee_serial",
detail: "must not be empty when present".to_string(),
});
}
}
if let Some(crl_uri) = &self.crl_uri {
validate_non_empty("roa_cache_projection.entries[].crl_uri", crl_uri)?;
}
if self.outputs.is_empty() {
return Err(StorageError::InvalidData {
entity: "roa_cache_projection.entries[]",
@ -1016,6 +1135,12 @@ pub struct RoaCacheProjection {
pub instance_effective_until: PackTime,
#[serde(rename = "i")]
pub issuer_ca_sha256_hex: Option<String>,
#[serde(rename = "p", default, skip_serializing_if = "Option::is_none")]
#[serde(with = "serde_optional_bytes_32")]
pub parent_context_digest: Option<[u8; 32]>,
#[serde(rename = "f", default, skip_serializing_if = "Option::is_none")]
#[serde(with = "serde_optional_bytes_32")]
pub policy_fingerprint: Option<[u8; 32]>,
#[serde(rename = "c")]
pub crl_sha256_by_uri: Vec<RoaCacheCrlProjection>,
#[serde(rename = "r")]
@ -1466,6 +1591,13 @@ impl PublicationPointCacheProjection {
impl RoaCacheProjection {
pub fn from_vcir(vcir: &ValidatedCaInstanceResult) -> StorageResult<Option<Self>> {
Self::from_vcir_with_context(vcir, None)
}
pub fn from_vcir_with_context(
vcir: &ValidatedCaInstanceResult,
context: Option<&RoaCacheProjectionContext>,
) -> StorageResult<Option<Self>> {
let mut issuer_ca_sha256_hex = None;
let mut crl_sha256_by_uri = Vec::new();
for artifact in &vcir.related_artifacts {
@ -1492,6 +1624,13 @@ impl RoaCacheProjection {
}
crl_sha256_by_uri.sort_by(|left, right| left.uri.cmp(&right.uri));
let meta_by_uri = context.map(|context| {
context
.object_meta
.iter()
.map(|meta| (meta.source_object_uri.as_str(), meta))
.collect::<HashMap<_, _>>()
});
let mut entries: Vec<RoaCacheObjectProjection> = Vec::new();
let mut entry_index_by_uri: HashMap<String, usize> = HashMap::new();
for output in &vcir.local_outputs {
@ -1499,6 +1638,23 @@ impl RoaCacheProjection {
else {
continue;
};
let meta = meta_by_uri
.as_ref()
.and_then(|meta| meta.get(output.source_object_uri.as_str()).copied());
if context.is_some() && meta.is_none() {
continue;
}
if let Some(meta) = meta {
if meta.source_object_hash != output.source_object_hash {
return Err(StorageError::InvalidData {
entity: "roa_cache_projection.entries[]",
detail: format!(
"metadata source object hash mismatch for {}",
output.source_object_uri
),
});
}
}
if let Some(entry_index) = entry_index_by_uri.get(output.source_object_uri.as_str()) {
let entry = &mut entries[*entry_index];
if entry.source_object_hash != output.source_object_hash {
@ -1516,6 +1672,8 @@ impl RoaCacheProjection {
entries.push(RoaCacheObjectProjection {
source_object_uri: output.source_object_uri.clone(),
source_object_hash: output.source_object_hash,
ee_serial: meta.map(|meta| meta.ee_serial.clone()),
crl_uri: meta.map(|meta| meta.crl_uri.clone()),
outputs: vec![projected_output],
});
}
@ -1529,6 +1687,8 @@ impl RoaCacheProjection {
manifest_rsync_uri: vcir.manifest_rsync_uri.clone(),
instance_effective_until: vcir.instance_gate.instance_effective_until.clone(),
issuer_ca_sha256_hex,
parent_context_digest: context.map(|context| context.parent_context_digest),
policy_fingerprint: context.map(|context| context.policy_fingerprint),
crl_sha256_by_uri,
entries,
};
@ -1548,6 +1708,13 @@ impl RoaCacheProjection {
if let Some(hash) = &self.issuer_ca_sha256_hex {
validate_sha256_hex("roa_cache_projection.issuer_ca_sha256_hex", hash)?;
}
if self.parent_context_digest.is_some() != self.policy_fingerprint.is_some() {
return Err(StorageError::InvalidData {
entity: "roa_cache_projection.context",
detail: "parent_context_digest and policy_fingerprint must be both present or both absent"
.to_string(),
});
}
let mut seen_crls = HashSet::with_capacity(self.crl_sha256_by_uri.len());
for crl in &self.crl_sha256_by_uri {
crl.validate_internal()?;
@ -2306,10 +2473,11 @@ fn write_roa_cache_projection_to_batch(
projection_cf: &ColumnFamily,
batch: &mut WriteBatch,
vcir: &ValidatedCaInstanceResult,
context: Option<&RoaCacheProjectionContext>,
timing: Option<&mut VcirReplaceTimingBreakdown>,
) -> StorageResult<()> {
let projection_key = roa_cache_projection_key(&vcir.manifest_rsync_uri);
let projection = RoaCacheProjection::from_vcir(vcir)?;
let projection = RoaCacheProjection::from_vcir_with_context(vcir, context)?;
match projection {
Some(projection) => {
let projection_value = encode_cbor(&projection, "roa_cache_projection")?;
@ -2761,6 +2929,15 @@ impl RocksStore {
&self,
vcir: &ValidatedCaInstanceResult,
publication_point_projection: Option<&PublicationPointCacheProjection>,
) -> StorageResult<()> {
self.put_vcir_with_projections(vcir, None, publication_point_projection)
}
pub fn put_vcir_with_projections(
&self,
vcir: &ValidatedCaInstanceResult,
roa_cache_context: Option<&RoaCacheProjectionContext>,
publication_point_projection: Option<&PublicationPointCacheProjection>,
) -> StorageResult<()> {
vcir.validate_internal()?;
let vcir_cf = self.cf(CF_VCIR)?;
@ -2776,7 +2953,13 @@ impl RocksStore {
let replay_key = manifest_replay_meta_key(&replay_meta.manifest_rsync_uri);
let replay_value = encode_cbor(&replay_meta, "manifest_replay_meta")?;
batch.put_cf(replay_cf, replay_key.as_bytes(), replay_value);
write_roa_cache_projection_to_batch(projection_cf, &mut batch, vcir, None)?;
write_roa_cache_projection_to_batch(
projection_cf,
&mut batch,
vcir,
roa_cache_context,
None,
)?;
write_publication_point_cache_projection_to_batch(
pp_projection_cf,
&mut batch,
@ -2799,6 +2982,19 @@ impl RocksStore {
&self,
vcir: &ValidatedCaInstanceResult,
publication_point_projection: Option<&PublicationPointCacheProjection>,
) -> StorageResult<VcirReplaceTimingBreakdown> {
self.replace_vcir_manifest_replay_meta_and_projections(
vcir,
None,
publication_point_projection,
)
}
pub fn replace_vcir_manifest_replay_meta_and_projections(
&self,
vcir: &ValidatedCaInstanceResult,
roa_cache_context: Option<&RoaCacheProjectionContext>,
publication_point_projection: Option<&PublicationPointCacheProjection>,
) -> StorageResult<VcirReplaceTimingBreakdown> {
let mut timing = VcirReplaceTimingBreakdown {
rss_before_kb: process_vm_rss_kb(),
@ -2837,7 +3033,13 @@ impl RocksStore {
timing.rss_after_replay_meta_encode_kb = process_vm_rss_kb();
let projection_encode_started = std::time::Instant::now();
write_roa_cache_projection_to_batch(projection_cf, &mut batch, vcir, Some(&mut timing))?;
write_roa_cache_projection_to_batch(
projection_cf,
&mut batch,
vcir,
roa_cache_context,
Some(&mut timing),
)?;
timing.roa_cache_projection_encode_ms =
projection_encode_started.elapsed().as_millis() as u64;
timing.rss_after_roa_cache_projection_encode_kb = process_vm_rss_kb();

1014
src/validation/objects.rs
View File

File diff suppressed because it is too large Load Diff

3
src/validation/tree.rs
View File

@ -410,6 +410,7 @@ mod tests {
stats: ObjectsStats::default(),
audit: Vec::new(),
roa_cache_stats: crate::validation::objects::RoaValidationCacheStats::default(),
roa_cache_object_meta: Vec::new(),
},
audit: PublicationPointAudit::default(),
cir_fresh_objects: Vec::new(),
@ -496,6 +497,7 @@ mod tests {
audit: Vec::new(),
roa_cache_stats:
crate::validation::objects::RoaValidationCacheStats::default(),
roa_cache_object_meta: Vec::new(),
},
audit: PublicationPointAudit {
objects: vec![fresh_reject.clone(), cached.clone()],
@ -528,6 +530,7 @@ mod tests {
audit: Vec::new(),
roa_cache_stats:
crate::validation::objects::RoaValidationCacheStats::default(),
roa_cache_object_meta: Vec::new(),
},
audit: PublicationPointAudit {
objects: vec![fresh],

9
src/validation/tree_parallel.rs
View File

@ -1168,7 +1168,13 @@ fn stage_ready_publication_point(
None
};
let roa_cache = if runner.enable_roa_validation_cache && has_roa {
RoaValidationCacheInput::enabled(roa_cache_view.as_ref())
RoaValidationCacheInput::enabled_with_context(
roa_cache_view.as_ref(),
crate::validation::tree_runner::parent_context_digest_for_ca(&ready.node.handle),
crate::validation::tree_runner::publication_point_cache_policy_fingerprint(
runner.policy,
),
)
} else {
RoaValidationCacheInput::disabled()
};
@ -2316,6 +2322,7 @@ mod tests {
stats: ObjectsStats::default(),
audit: Vec::new(),
roa_cache_stats: crate::validation::objects::RoaValidationCacheStats::default(),
roa_cache_object_meta: Vec::new(),
},
audit: PublicationPointAudit::default(),
cir_fresh_objects: Vec::new(),

68
src/validation/tree_runner.rs
View File

@ -26,9 +26,9 @@ use crate::replay::delta_archive::ReplayDeltaArchiveIndex;
use crate::report::{RfcRef, Warning};
use crate::storage::{
PackFile, PackTime, PublicationPointCacheChild, PublicationPointCacheOutput,
PublicationPointCacheProjection, RawByHashEntry, RocksStore, ValidatedCaInstanceResult,
VcirArtifactKind, VcirArtifactRole, VcirArtifactValidationStatus, VcirAuditSummary,
VcirCcrManifestProjection, VcirChildEntry, VcirInstanceGate, VcirLocalOutput,
PublicationPointCacheProjection, RawByHashEntry, RoaCacheProjectionContext, RocksStore,
ValidatedCaInstanceResult, VcirArtifactKind, VcirArtifactRole, VcirArtifactValidationStatus,
VcirAuditSummary, VcirCcrManifestProjection, VcirChildEntry, VcirInstanceGate, VcirLocalOutput,
VcirLocalOutputPayload, VcirOutputType, VcirRelatedArtifact, VcirReplaceTimingBreakdown,
VcirSourceObjectType, VcirSummary,
};
@ -1041,6 +1041,7 @@ impl<'a> Rpkiv1PublicationPointRunner<'a> {
// local_outputs_cache only exists to build/persist VCIR. Release it before the
// publication point result is retained for the rest of the run.
let _released_local_outputs = std::mem::take(&mut objects.local_outputs_cache);
let _released_roa_cache_object_meta = std::mem::take(&mut objects.roa_cache_object_meta);
let mut ccr_projection_build_ms = 0;
let mut ccr_append_ms = 0;
@ -1460,7 +1461,11 @@ impl<'a> PublicationPointRunner for Rpkiv1PublicationPointRunner<'a> {
None
};
let roa_cache = if self.enable_roa_validation_cache && has_roa {
RoaValidationCacheInput::enabled(roa_cache_view.as_ref())
RoaValidationCacheInput::enabled_with_context(
roa_cache_view.as_ref(),
parent_context_digest_for_ca(ca),
publication_point_cache_policy_fingerprint(self.policy),
)
} else {
RoaValidationCacheInput::disabled()
};
@ -1887,7 +1892,7 @@ fn ta_context_digest_for_ca(ca: &CaInstanceHandle) -> [u8; 32] {
])
}
fn parent_context_digest_for_ca(ca: &CaInstanceHandle) -> [u8; 32] {
pub(crate) fn parent_context_digest_for_ca(ca: &CaInstanceHandle) -> [u8; 32] {
hash_serialized_parts(&[
(
"version",
@ -1913,7 +1918,7 @@ fn parent_context_digest_for_ca(ca: &CaInstanceHandle) -> [u8; 32] {
])
}
fn publication_point_cache_policy_fingerprint(policy: &Policy) -> [u8; 32] {
pub(crate) fn publication_point_cache_policy_fingerprint(policy: &Policy) -> [u8; 32] {
hash_serialized_parts(&[
("version", b"publication-point-cache-policy-v1".to_vec()),
("policy", cbor_or_debug_bytes(policy)),
@ -3074,6 +3079,7 @@ fn empty_objects_output() -> crate::validation::objects::ObjectsOutput {
stats: crate::validation::objects::ObjectsStats::default(),
audit: Vec::new(),
roa_cache_stats: crate::validation::objects::RoaValidationCacheStats::default(),
roa_cache_object_meta: Vec::new(),
}
}
@ -4183,8 +4189,13 @@ fn persist_vcir_for_fresh_result_with_timing(
None
};
let replace_timing = store
.replace_vcir_manifest_replay_meta_and_publication_point_cache_projection(
.replace_vcir_manifest_replay_meta_and_projections(
&vcir,
Some(&RoaCacheProjectionContext {
parent_context_digest: parent_context_digest_for_ca(ca),
policy_fingerprint: publication_point_cache_policy_fingerprint(policy),
object_meta: objects.roa_cache_object_meta.clone(),
}),
publication_point_cache_projection.as_ref(),
)
.map_err(|e| format!("store VCIR and manifest replay meta failed: {e}"))?;
@ -4351,10 +4362,29 @@ fn take_or_build_vcir_local_outputs(
pack: &PublicationPointSnapshot,
objects: &mut crate::validation::objects::ObjectsOutput,
) -> Result<Vec<VcirLocalOutput>, String> {
if !objects.local_outputs_cache.is_empty() {
return Ok(std::mem::take(&mut objects.local_outputs_cache));
let mut cached_outputs = std::mem::take(&mut objects.local_outputs_cache);
if cached_outputs.is_empty() {
return build_vcir_local_outputs(ca, pack, objects);
}
build_vcir_local_outputs(ca, pack, objects)
let covered_roa_uris: HashSet<String> = cached_outputs
.iter()
.filter(|output| output.source_object_type == VcirSourceObjectType::Roa)
.map(|output| output.source_object_uri.clone())
.collect();
let covered_aspa_uris: HashSet<String> = cached_outputs
.iter()
.filter(|output| output.source_object_type == VcirSourceObjectType::Aspa)
.map(|output| output.source_object_uri.clone())
.collect();
cached_outputs.extend(build_vcir_local_outputs_excluding(
ca,
pack,
objects,
&covered_roa_uris,
&covered_aspa_uris,
)?);
Ok(cached_outputs)
}
fn build_vcir_ccr_manifest_projection_from_fresh(
@ -4454,10 +4484,16 @@ fn build_vcir_local_outputs(
pack: &PublicationPointSnapshot,
objects: &crate::validation::objects::ObjectsOutput,
) -> Result<Vec<VcirLocalOutput>, String> {
if !objects.local_outputs_cache.is_empty() {
return Ok(objects.local_outputs_cache.clone());
build_vcir_local_outputs_excluding(_ca, pack, objects, &HashSet::new(), &HashSet::new())
}
fn build_vcir_local_outputs_excluding(
_ca: &CaInstanceHandle,
pack: &PublicationPointSnapshot,
objects: &crate::validation::objects::ObjectsOutput,
covered_roa_uris: &HashSet<String>,
covered_aspa_uris: &HashSet<String>,
) -> Result<Vec<VcirLocalOutput>, String> {
let accepted_roa_uris: HashSet<&str> = objects
.audit
.iter()
@ -4476,7 +4512,9 @@ fn build_vcir_local_outputs(
let mut out = Vec::new();
for file in &pack.files {
let source_object_hash = sha256_hex_from_32(&file.sha256);
if accepted_roa_uris.contains(file.rsync_uri.as_str()) {
if accepted_roa_uris.contains(file.rsync_uri.as_str())
&& !covered_roa_uris.contains(file.rsync_uri.as_str())
{
let roa = RoaObject::decode_der(
file.bytes()
.map_err(|e| format!("load accepted ROA bytes for VCIR failed: {e}"))?,
@ -4512,7 +4550,9 @@ fn build_vcir_local_outputs(
rule_hash: sha256_hex_to_32(&rule_hash),
});
}
} else if accepted_aspa_uris.contains(file.rsync_uri.as_str()) {
} else if accepted_aspa_uris.contains(file.rsync_uri.as_str())
&& !covered_aspa_uris.contains(file.rsync_uri.as_str())
{
let aspa = AspaObject::decode_der(
file.bytes()
.map_err(|e| format!("load accepted ASPA bytes for VCIR failed: {e}"))?,

19
src/validation/tree_runner/tests.rs
View File

@ -755,10 +755,7 @@ fn build_vcir_local_outputs_prefers_cached_outputs() {
},
rule_hash: sha256_32(b"cached-rule"),
}];
let outputs = build_vcir_local_outputs(
&ca,
&pack,
&crate::validation::objects::ObjectsOutput {
let mut objects = crate::validation::objects::ObjectsOutput {
vrps: Vec::new(),
aspas: Vec::new(),
router_keys: Vec::new(),
@ -767,10 +764,12 @@ fn build_vcir_local_outputs_prefers_cached_outputs() {
stats: crate::validation::objects::ObjectsStats::default(),
audit: Vec::new(),
roa_cache_stats: crate::validation::objects::RoaValidationCacheStats::default(),
},
)
.expect("reuse cached outputs");
roa_cache_object_meta: Vec::new(),
};
let outputs =
take_or_build_vcir_local_outputs(&ca, &pack, &mut objects).expect("reuse cached outputs");
assert_eq!(outputs, cached);
assert!(objects.local_outputs_cache.is_empty());
}
#[test]
@ -1277,6 +1276,7 @@ fn build_vcir_related_artifacts_classifies_snapshot_files_and_audit_statuses() {
},
],
roa_cache_stats: crate::validation::objects::RoaValidationCacheStats::default(),
roa_cache_object_meta: Vec::new(),
};
let artifacts = build_vcir_related_artifacts(
&ca,
@ -2778,6 +2778,7 @@ fn build_publication_point_audit_emits_no_audit_entry_for_duplicate_pack_uri() {
stats: crate::validation::objects::ObjectsStats::default(),
audit: Vec::new(),
roa_cache_stats: crate::validation::objects::RoaValidationCacheStats::default(),
roa_cache_object_meta: Vec::new(),
};
let audit = build_publication_point_audit_from_snapshot(
@ -2847,6 +2848,7 @@ fn build_publication_point_audit_marks_invalid_crl_as_error_and_overlays_roa_aud
detail: None,
}],
roa_cache_stats: crate::validation::objects::RoaValidationCacheStats::default(),
roa_cache_object_meta: Vec::new(),
};
let audit = build_publication_point_audit_from_snapshot(
@ -3895,6 +3897,7 @@ fn build_publication_point_audit_from_vcir_uses_vcir_metadata_and_overlays_child
detail: Some("overridden from object audit".to_string()),
}],
roa_cache_stats: crate::validation::objects::RoaValidationCacheStats::default(),
roa_cache_object_meta: Vec::new(),
};
let child_audits = vec![ObjectAuditEntry {
rsync_uri: vcir.child_entries[0].child_cert_rsync_uri.clone(),
@ -3992,6 +3995,7 @@ fn build_publication_point_audit_from_vcir_failed_no_cache_keeps_current_reject_
detail: Some("manifest is not valid at validation_time".to_string()),
}],
roa_cache_stats: crate::validation::objects::RoaValidationCacheStats::default(),
roa_cache_object_meta: Vec::new(),
};
let audit = build_publication_point_audit_from_vcir(
@ -4129,6 +4133,7 @@ fn build_publication_point_audit_from_vcir_without_cached_inputs_returns_empty_l
stats: crate::validation::objects::ObjectsStats::default(),
audit: Vec::new(),
roa_cache_stats: crate::validation::objects::RoaValidationCacheStats::default(),
roa_cache_object_meta: Vec::new(),
},
&[],
&[],

2
tests/test_tree_failure_handling.rs
View File

@ -118,6 +118,7 @@ fn tree_continues_when_a_publication_point_fails() {
stats: ObjectsStats::default(),
audit: Vec::new(),
roa_cache_stats: Default::default(),
roa_cache_object_meta: Vec::new(),
},
audit: PublicationPointAudit::default(),
cir_fresh_objects: Vec::new(),
@ -147,6 +148,7 @@ fn tree_continues_when_a_publication_point_fails() {
stats: ObjectsStats::default(),
audit: Vec::new(),
roa_cache_stats: Default::default(),
roa_cache_object_meta: Vec::new(),
},
audit: PublicationPointAudit::default(),
cir_fresh_objects: Vec::new(),

11
tests/test_tree_traversal_m14.rs
View File

@ -128,6 +128,7 @@ fn tree_enqueues_children_for_fresh_and_current_instance_vcir_results() {
stats: ObjectsStats::default(),
audit: Vec::new(),
roa_cache_stats: Default::default(),
roa_cache_object_meta: Vec::new(),
},
audit: PublicationPointAudit::default(),
cir_fresh_objects: Vec::new(),
@ -153,6 +154,7 @@ fn tree_enqueues_children_for_fresh_and_current_instance_vcir_results() {
stats: ObjectsStats::default(),
audit: Vec::new(),
roa_cache_stats: Default::default(),
roa_cache_object_meta: Vec::new(),
},
audit: PublicationPointAudit::default(),
cir_fresh_objects: Vec::new(),
@ -178,6 +180,7 @@ fn tree_enqueues_children_for_fresh_and_current_instance_vcir_results() {
stats: ObjectsStats::default(),
audit: Vec::new(),
roa_cache_stats: Default::default(),
roa_cache_object_meta: Vec::new(),
},
audit: PublicationPointAudit::default(),
cir_fresh_objects: Vec::new(),
@ -203,6 +206,7 @@ fn tree_enqueues_children_for_fresh_and_current_instance_vcir_results() {
stats: ObjectsStats::default(),
audit: Vec::new(),
roa_cache_stats: Default::default(),
roa_cache_object_meta: Vec::new(),
},
audit: PublicationPointAudit::default(),
cir_fresh_objects: Vec::new(),
@ -265,6 +269,7 @@ fn tree_respects_max_depth_and_max_instances() {
stats: ObjectsStats::default(),
audit: Vec::new(),
roa_cache_stats: Default::default(),
roa_cache_object_meta: Vec::new(),
},
audit: PublicationPointAudit::default(),
cir_fresh_objects: Vec::new(),
@ -290,6 +295,7 @@ fn tree_respects_max_depth_and_max_instances() {
stats: ObjectsStats::default(),
audit: Vec::new(),
roa_cache_stats: Default::default(),
roa_cache_object_meta: Vec::new(),
},
audit: PublicationPointAudit::default(),
cir_fresh_objects: Vec::new(),
@ -358,6 +364,7 @@ fn tree_audit_includes_parent_and_discovered_from_for_non_root_nodes() {
stats: ObjectsStats::default(),
audit: Vec::new(),
roa_cache_stats: Default::default(),
roa_cache_object_meta: Vec::new(),
},
audit: PublicationPointAudit::default(),
cir_fresh_objects: Vec::new(),
@ -383,6 +390,7 @@ fn tree_audit_includes_parent_and_discovered_from_for_non_root_nodes() {
stats: ObjectsStats::default(),
audit: Vec::new(),
roa_cache_stats: Default::default(),
roa_cache_object_meta: Vec::new(),
},
audit: PublicationPointAudit::default(),
cir_fresh_objects: Vec::new(),
@ -454,6 +462,7 @@ fn tree_aggregates_router_keys_from_publication_point_results() {
stats: ObjectsStats::default(),
audit: Vec::new(),
roa_cache_stats: Default::default(),
roa_cache_object_meta: Vec::new(),
},
audit: PublicationPointAudit::default(),
cir_fresh_objects: Vec::new(),
@ -498,6 +507,7 @@ fn tree_prefers_lexicographically_first_discovery_when_duplicate_manifest_is_que
stats: ObjectsStats::default(),
audit: Vec::new(),
roa_cache_stats: Default::default(),
roa_cache_object_meta: Vec::new(),
},
audit: PublicationPointAudit::default(),
cir_fresh_objects: Vec::new(),
@ -523,6 +533,7 @@ fn tree_prefers_lexicographically_first_discovery_when_duplicate_manifest_is_que
stats: ObjectsStats::default(),
audit: Vec::new(),
roa_cache_stats: Default::default(),
roa_cache_object_meta: Vec::new(),
},
audit: PublicationPointAudit::default(),
cir_fresh_objects: Vec::new(),