From 9c1de040b36483fed1c331c438d8bce5fd8fab58 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Mon, 11 Jul 2022 10:03:44 -0400
Subject: Vendor in containers/(storage,image, common, buildah)

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
---
 .../boulder/features/featureflag_string.go         |  45 ++++++
 .../letsencrypt/boulder/features/features.go       | 158 +++++++++++++++++++++
 2 files changed, 203 insertions(+)
 create mode 100644 vendor/github.com/letsencrypt/boulder/features/featureflag_string.go
 create mode 100644 vendor/github.com/letsencrypt/boulder/features/features.go

(limited to 'vendor/github.com/letsencrypt/boulder/features')

diff --git a/vendor/github.com/letsencrypt/boulder/features/featureflag_string.go b/vendor/github.com/letsencrypt/boulder/features/featureflag_string.go
new file mode 100644
index 000000000..b3b68b705
--- /dev/null
+++ b/vendor/github.com/letsencrypt/boulder/features/featureflag_string.go
@@ -0,0 +1,45 @@
+// Code generated by "stringer -type=FeatureFlag"; DO NOT EDIT.
+
+package features
+
+import "strconv"
+
+func _() {
+	// An "invalid array index" compiler error signifies that the constant values have changed.
+	// Re-run the stringer command to generate them again.
+	var x [1]struct{}
+	_ = x[unused-0]
+	_ = x[PrecertificateRevocation-1]
+	_ = x[StripDefaultSchemePort-2]
+	_ = x[NonCFSSLSigner-3]
+	_ = x[StoreIssuerInfo-4]
+	_ = x[StreamlineOrderAndAuthzs-5]
+	_ = x[V1DisableNewValidations-6]
+	_ = x[CAAValidationMethods-7]
+	_ = x[CAAAccountURI-8]
+	_ = x[EnforceMultiVA-9]
+	_ = x[MultiVAFullResults-10]
+	_ = x[MandatoryPOSTAsGET-11]
+	_ = x[AllowV1Registration-12]
+	_ = x[StoreRevokerInfo-13]
+	_ = x[RestrictRSAKeySizes-14]
+	_ = x[FasterNewOrdersRateLimit-15]
+	_ = x[ECDSAForAll-16]
+	_ = x[ServeRenewalInfo-17]
+	_ = x[GetAuthzReadOnly-18]
+	_ = x[GetAuthzUseIndex-19]
+	_ = x[CheckFailedAuthorizationsFirst-20]
+	_ = x[AllowReRevocation-21]
+	_ = x[MozRevocationReasons-22]
+}
+
+const _FeatureFlag_name = "unusedPrecertificateRevocationStripDefaultSchemePortNonCFSSLSignerStoreIssuerInfoStreamlineOrderAndAuthzsV1DisableNewValidationsCAAValidationMethodsCAAAccountURIEnforceMultiVAMultiVAFullResultsMandatoryPOSTAsGETAllowV1RegistrationStoreRevokerInfoRestrictRSAKeySizesFasterNewOrdersRateLimitECDSAForAllServeRenewalInfoGetAuthzReadOnlyGetAuthzUseIndexCheckFailedAuthorizationsFirstAllowReRevocationMozRevocationReasons"
+
+var _FeatureFlag_index = [...]uint16{0, 6, 30, 52, 66, 81, 105, 128, 148, 161, 175, 193, 211, 230, 246, 265, 289, 300, 316, 332, 348, 378, 395, 415}
+
+func (i FeatureFlag) String() string {
+	if i < 0 || i >= FeatureFlag(len(_FeatureFlag_index)-1) {
+		return "FeatureFlag(" + strconv.FormatInt(int64(i), 10) + ")"
+	}
+	return _FeatureFlag_name[_FeatureFlag_index[i]:_FeatureFlag_index[i+1]]
+}
diff --git a/vendor/github.com/letsencrypt/boulder/features/features.go b/vendor/github.com/letsencrypt/boulder/features/features.go
new file mode 100644
index 000000000..4608d1d63
--- /dev/null
+++ b/vendor/github.com/letsencrypt/boulder/features/features.go
@@ -0,0 +1,158 @@
+//go:generate stringer -type=FeatureFlag
+
+package features
+
+import (
+	"fmt"
+	"sync"
+)
+
+type FeatureFlag int
+
+const (
+	unused FeatureFlag = iota // unused is used for testing
+	//   Deprecated features, these can be removed once stripped from production configs
+	PrecertificateRevocation
+	StripDefaultSchemePort
+	NonCFSSLSigner
+	StoreIssuerInfo
+	StreamlineOrderAndAuthzs
+	V1DisableNewValidations
+
+	//   Currently in-use features
+	// Check CAA and respect validationmethods parameter.
+	CAAValidationMethods
+	// Check CAA and respect accounturi parameter.
+	CAAAccountURI
+	// EnforceMultiVA causes the VA to block on remote VA PerformValidation
+	// requests in order to make a valid/invalid decision with the results.
+	EnforceMultiVA
+	// MultiVAFullResults will cause the main VA to wait for all of the remote VA
+	// results, not just the threshold required to make a decision.
+	MultiVAFullResults
+	// MandatoryPOSTAsGET forbids legacy unauthenticated GET requests for ACME
+	// resources.
+	MandatoryPOSTAsGET
+	// Allow creation of new registrations in ACMEv1.
+	AllowV1Registration
+	// StoreRevokerInfo enables storage of the revoker and a bool indicating if the row
+	// was checked for extant unrevoked certificates in the blockedKeys table.
+	StoreRevokerInfo
+	// RestrictRSAKeySizes enables restriction of acceptable RSA public key moduli to
+	// the common sizes (2048, 3072, and 4096 bits).
+	RestrictRSAKeySizes
+	// FasterNewOrdersRateLimit enables use of a separate table for counting the
+	// new orders rate limit.
+	FasterNewOrdersRateLimit
+	// ECDSAForAll enables all accounts, regardless of their presence in the CA's
+	// ecdsaAllowedAccounts config value, to get issuance from ECDSA issuers.
+	ECDSAForAll
+	// ServeRenewalInfo exposes the renewalInfo endpoint in the directory and for
+	// GET requests. WARNING: This feature is a draft and highly unstable.
+	ServeRenewalInfo
+	// GetAuthzReadOnly causes the SA to use its read-only database connection
+	// (which is generally pointed at a replica rather than the primary db) when
+	// querying the authz2 table.
+	GetAuthzReadOnly
+	// GetAuthzUseIndex causes the SA to use to add a USE INDEX hint when it
+	// queries the authz2 table.
+	GetAuthzUseIndex
+	// Check the failed authorization limit before doing authz reuse.
+	CheckFailedAuthorizationsFirst
+	// AllowReRevocation causes the RA to allow the revocation reason of an
+	// already-revoked certificate to be updated to `keyCompromise` from any
+	// other reason if that compromise is demonstrated by making the second
+	// revocation request signed by the certificate keypair.
+	AllowReRevocation
+	// MozRevocationReasons causes the RA to enforce the following upcoming
+	// Mozilla policies regarding revocation:
+	// - A subscriber can request that their certificate be revoked with reason
+	//   keyCompromise, even without demonstrating that compromise at the time.
+	//   However, the cert's pubkey will not be added to the blocked keys list.
+	// - When an applicant other than the original subscriber requests that a
+	//   certificate be revoked (by demonstrating control over all names in it),
+	//   the cert will be revoked with reason cessationOfOperation, regardless of
+	//   what revocation reason they request.
+	// - When anyone requests that a certificate be revoked by signing the request
+	//   with the certificate's keypair, the cert will be revoked with reason
+	//   keyCompromise, regardless of what revocation reason they request.
+	MozRevocationReasons
+)
+
+// List of features and their default value, protected by fMu
+var features = map[FeatureFlag]bool{
+	unused:                         false,
+	CAAValidationMethods:           false,
+	CAAAccountURI:                  false,
+	EnforceMultiVA:                 false,
+	MultiVAFullResults:             false,
+	MandatoryPOSTAsGET:             false,
+	AllowV1Registration:            true,
+	V1DisableNewValidations:        false,
+	PrecertificateRevocation:       false,
+	StripDefaultSchemePort:         false,
+	StoreIssuerInfo:                false,
+	StoreRevokerInfo:               false,
+	RestrictRSAKeySizes:            false,
+	FasterNewOrdersRateLimit:       false,
+	NonCFSSLSigner:                 false,
+	ECDSAForAll:                    false,
+	StreamlineOrderAndAuthzs:       false,
+	ServeRenewalInfo:               false,
+	GetAuthzReadOnly:               false,
+	GetAuthzUseIndex:               false,
+	CheckFailedAuthorizationsFirst: false,
+	AllowReRevocation:              false,
+	MozRevocationReasons:           false,
+}
+
+var fMu = new(sync.RWMutex)
+
+var initial = map[FeatureFlag]bool{}
+
+var nameToFeature = make(map[string]FeatureFlag, len(features))
+
+func init() {
+	for f, v := range features {
+		nameToFeature[f.String()] = f
+		initial[f] = v
+	}
+}
+
+// Set accepts a list of features and whether they should
+// be enabled or disabled, it will return a error if passed
+// a feature name that it doesn't know
+func Set(featureSet map[string]bool) error {
+	fMu.Lock()
+	defer fMu.Unlock()
+	for n, v := range featureSet {
+		f, present := nameToFeature[n]
+		if !present {
+			return fmt.Errorf("feature '%s' doesn't exist", n)
+		}
+		features[f] = v
+	}
+	return nil
+}
+
+// Enabled returns true if the feature is enabled or false
+// if it isn't, it will panic if passed a feature that it
+// doesn't know.
+func Enabled(n FeatureFlag) bool {
+	fMu.RLock()
+	defer fMu.RUnlock()
+	v, present := features[n]
+	if !present {
+		panic(fmt.Sprintf("feature '%s' doesn't exist", n.String()))
+	}
+	return v
+}
+
+// Reset resets the features to their initial state
+func Reset() {
+	fMu.Lock()
+	defer fMu.Unlock()
+	for k, v := range initial {
+		features[k] = v
+	}
+}
-- 
cgit v1.2.3-54-g00ecf