Admin: stub out override and pausing methods for dry-run (#8579)

Dry run stubs for the SA's override and pausing methods were not added
when this functionality was added to the admin tool. This means that
attempts to run these subcommands in dry-run mode result in nil pointer
exceptions when it tries to call unimplemented methods on the dryRunSAC.

Fixes #8577

Author: aarongable

cmd/admin/admin.go

@@ -6,6 +6,8 @@ import (
 	"fmt"
 
 	"github.com/jmhodges/clock"
+	"google.golang.org/grpc"
+	"google.golang.org/protobuf/types/known/emptypb"
 
 	"github.com/letsencrypt/boulder/cmd"
 	"github.com/letsencrypt/boulder/features"
@@ -18,14 +20,29 @@ import (
 // admin holds all of the external connections necessary to perform admin
 // actions on a boulder deployment.
 type admin struct {
-	rac   rapb.RegistrationAuthorityClient
-	sac   sapb.StorageAuthorityClient
+	rac   adminRAClient
+	sac   adminSAClient
 	saroc sapb.StorageAuthorityReadOnlyClient
 
 	clk clock.Clock
 	log blog.Logger
 }
 
+// adminRAClient defines the subset of RA methods that the admin tool relies on.
+type adminRAClient interface {
+	AdministrativelyRevokeCertificate(context.Context, *rapb.AdministrativelyRevokeCertificateRequest, ...grpc.CallOption) (*emptypb.Empty, error)
+}
+
+// adminSAClient defines the subset of SA methods that the admin tool relies on.
+type adminSAClient interface {
+	AddBlockedKey(context.Context, *sapb.AddBlockedKeyRequest, ...grpc.CallOption) (*emptypb.Empty, error)
+	AddRateLimitOverride(context.Context, *sapb.AddRateLimitOverrideRequest, ...grpc.CallOption) (*sapb.AddRateLimitOverrideResponse, error)
+	DisableRateLimitOverride(context.Context, *sapb.DisableRateLimitOverrideRequest, ...grpc.CallOption) (*emptypb.Empty, error)
+	EnableRateLimitOverride(context.Context, *sapb.EnableRateLimitOverrideRequest, ...grpc.CallOption) (*emptypb.Empty, error)
+	PauseIdentifiers(context.Context, *sapb.PauseRequest, ...grpc.CallOption) (*sapb.PauseIdentifiersResponse, error)
+	UnpauseAccount(context.Context, *sapb.RegistrationID, ...grpc.CallOption) (*sapb.Count, error)
+}
+
 // newAdmin constructs a new admin object on the heap and returns a pointer to
 // it.
 func newAdmin(configFile string, dryRun bool) (*admin, error) {
@@ -51,7 +68,7 @@ func newAdmin(configFile string, dryRun bool) (*admin, error) {
 		return nil, fmt.Errorf("loading TLS config: %w", err)
 	}
 
-	var rac rapb.RegistrationAuthorityClient = dryRunRAC{log: logger}
+	var rac adminRAClient = dryRunRAC{log: logger}
 	if !dryRun {
 		raConn, err := bgrpc.ClientSetup(c.Admin.RAService, tlsConfig, scope, clk)
 		if err != nil {
@@ -66,7 +83,7 @@ func newAdmin(configFile string, dryRun bool) (*admin, error) {
 	}
 	saroc := sapb.NewStorageAuthorityReadOnlyClient(saConn)
 
-	var sac sapb.StorageAuthorityClient = dryRunSAC{log: logger}
+	var sac adminSAClient = dryRunSAC{log: logger}
 	if !dryRun {
 		sac = sapb.NewStorageAuthorityClient(saConn)
 	}

cmd/admin/dryrun.go

@@ -13,10 +13,11 @@ import (
 )
 
 type dryRunRAC struct {
-	rapb.RegistrationAuthorityClient
 	log blog.Logger
 }
 
+var _ adminRAClient = (*dryRunRAC)(nil)
+
 func (d dryRunRAC) AdministrativelyRevokeCertificate(_ context.Context, req *rapb.AdministrativelyRevokeCertificateRequest, _ ...grpc.CallOption) (*emptypb.Empty, error) {
 	b, err := prototext.Marshal(req)
 	if err != nil {
@@ -27,11 +28,37 @@ func (d dryRunRAC) AdministrativelyRevokeCertificate(_ context.Context, req *rap
 }
 
 type dryRunSAC struct {
-	sapb.StorageAuthorityClient
 	log blog.Logger
 }
 
+var _ adminSAClient = (*dryRunSAC)(nil)
+
 func (d dryRunSAC) AddBlockedKey(_ context.Context, req *sapb.AddBlockedKeyRequest, _ ...grpc.CallOption) (*emptypb.Empty, error) {
 	d.log.Infof("dry-run: Block SPKI hash %x by %s %s", req.KeyHash, req.Comment, req.Source)
 	return &emptypb.Empty{}, nil
 }
+
+func (d dryRunSAC) AddRateLimitOverride(_ context.Context, req *sapb.AddRateLimitOverrideRequest, _ ...grpc.CallOption) (*sapb.AddRateLimitOverrideResponse, error) {
+	d.log.Infof("dry-run: Add override for %q (%s)", req.Override.BucketKey, req.Override.Comment)
+	return &sapb.AddRateLimitOverrideResponse{Inserted: true, Enabled: true}, nil
+}
+
+func (d dryRunSAC) DisableRateLimitOverride(_ context.Context, req *sapb.DisableRateLimitOverrideRequest, _ ...grpc.CallOption) (*emptypb.Empty, error) {
+	d.log.Infof("dry-run: Disable override for %q", req.BucketKey)
+	return &emptypb.Empty{}, nil
+}
+
+func (d dryRunSAC) EnableRateLimitOverride(_ context.Context, req *sapb.EnableRateLimitOverrideRequest, _ ...grpc.CallOption) (*emptypb.Empty, error) {
+	d.log.Infof("dry-run: Enable override for %q", req.BucketKey)
+	return &emptypb.Empty{}, nil
+}
+
+func (d dryRunSAC) PauseIdentifiers(_ context.Context, req *sapb.PauseRequest, _ ...grpc.CallOption) (*sapb.PauseIdentifiersResponse, error) {
+	d.log.Infof("dry-run: Pause identifiers %#v for account %d", req.Identifiers, req.RegistrationID)
+	return &sapb.PauseIdentifiersResponse{Paused: int64(len(req.Identifiers))}, nil
+}
+
+func (d dryRunSAC) UnpauseAccount(_ context.Context, req *sapb.RegistrationID, _ ...grpc.CallOption) (*sapb.Count, error) {
+	d.log.Infof("dry-run: Unpause account %d", req.Id)
+	return &sapb.Count{Count: 1}, nil
+}

cmd/admin/overrides_dump.go

@@ -7,9 +7,10 @@ import (
 	"fmt"
 	"io"
 
+	"google.golang.org/protobuf/types/known/emptypb"
+
 	"github.com/letsencrypt/boulder/config"
 	"github.com/letsencrypt/boulder/ratelimits"
-	"google.golang.org/protobuf/types/known/emptypb"
 )
 
 type subcommandDumpEnabledOverrides struct {
@@ -29,7 +30,7 @@ func (c *subcommandDumpEnabledOverrides) Run(ctx context.Context, a *admin) erro
 		return errors.New("--file is required")
 	}
 
-	stream, err := a.sac.GetEnabledRateLimitOverrides(ctx, &emptypb.Empty{})
+	stream, err := a.saroc.GetEnabledRateLimitOverrides(ctx, &emptypb.Empty{})
 	if err != nil {
 		return fmt.Errorf("fetching enabled overrides: %w", err)
 	}