ra: temporarily remove flaky test

ra/ra_test.go

@@ -1043,144 +1043,6 @@ func TestPerformValidation_FailedValidationsTriggerPauseIdentifiersRatelimit(t *
 	test.AssertNotError(t, err, "Failed cleaning up redis")
 }
 
-func TestPerformValidation_FailedThenSuccessfulValidationResetsPauseIdentifiersRatelimit(t *testing.T) {
-	if !strings.Contains(os.Getenv("BOULDER_CONFIG_DIR"), "test/config-next") {
-		t.Skip()
-	}
-
-	va, sa, ra, redisSrc, fc, cleanUp := initAuthorities(t)
-	defer cleanUp()
-
-	features.Set(features.Config{AutomaticallyPauseZombieClients: true})
-	defer features.Reset()
-
-	// Because we're testing with a real Redis backend, we choose a different account ID
-	// than other tests to make we don't get interference from other tests using the same
-	// registration ID.
-	registration, err := sa.NewRegistration(ctx, &corepb.Registration{
-		Key:       AccountKeyJSONC,
-		InitialIP: parseAndMarshalIP(t, "192.2.2.2"),
-		Status:    string(core.StatusValid),
-	})
-	test.AssertNotError(t, err, "Failed to create registration")
-
-	mockSA := newMockSAPaused(sa)
-	ra.SA = mockSA
-
-	// Override the default ratelimits to only allow one failed validation.
-	txnBuilder, err := ratelimits.NewTransactionBuilder("testdata/two-failed-validations-before-pausing.yml", "")
-	test.AssertNotError(t, err, "making transaction composer")
-	ra.txnBuilder = txnBuilder
-
-	// We know this is OK because of TestNewAuthorization
-	domain := randomDomain()
-	authzPB := createPendingAuthorization(t, sa, domain, fc.Now().Add(12*time.Hour))
-	authzPB.RegistrationID = registration.Id
-	mockSA.registrationsForRegID[authzPB.RegistrationID] = Registration
-	mockSA.authorizationsForRegID[authzPB.RegistrationID] = authzPB
-
-	// We induce the bad path by setting a problem. This will consume all
-	// available capacity in the rate limit bucket.
-	va.PerformValidationRequestResultReturn = &vapb.ValidationResult{
-		Records: []*corepb.ValidationRecord{
-			{
-				AddressUsed:   []byte("192.168.0.1"),
-				Hostname:      domain,
-				Port:          "8080",
-				Url:           fmt.Sprintf("http://%s/", domain),
-				ResolverAddrs: []string{"rebound"},
-			},
-		},
-		Problems: &corepb.ProblemDetails{
-			Detail: fmt.Sprintf("CAA invalid for %s", domain),
-		},
-	}
-
-	challIdx := dnsChallIdx(t, authzPB.Challenges)
-	authzPB, err = ra.PerformValidation(ctx, &rapb.PerformValidationRequest{
-		Authz:          authzPB,
-		ChallengeIndex: challIdx,
-	})
-	test.AssertNotError(t, err, "PerformValidation failed")
-
-	select {
-	case r := <-va.performValidationRequest:
-		_ = r
-	case <-time.After(time.Second):
-		t.Fatal("Timed out waiting for DummyValidationAuthority.PerformValidation to complete")
-	}
-
-	// Sleep so the RA has a chance to write to the SA
-	time.Sleep(100 * time.Millisecond)
-
-	got, err := ra.SA.GetPausedIdentifiers(ctx, &sapb.RegistrationID{Id: authzPB.RegistrationID}, nil)
-	test.AssertError(t, err, "Should not have any paused identifiers yet, but found some")
-	test.AssertBoxedNil(t, got, "Should have received nil response, but did not")
-	test.AssertMetricWithLabelsEquals(t, ra.pauseCounter, prometheus.Labels{"paused": "false", "repaused": "false", "grace": "false"}, 0)
-
-	// We need the bucket key to scan for in Redis
-	bucketKey, err := ratelimits.NewRegIdDomainBucketKey(ratelimits.FailedAuthorizationsForPausingPerDomainPerAccount, authzPB.RegistrationID, domain)
-	test.AssertNotError(t, err, "Should have been able to construct bucket key, but could not")
-
-	// Verify that a redis entry exists for this accountID:identifier
-	tat, err := redisSrc.Get(ctx, bucketKey)
-	test.AssertNotError(t, err, "Should not have errored, but did")
-
-	// We should have capacity for 1 more failed validation, the next TAT should
-	// be immediately (despite the fact that this clearly says now + 12 hours).
-	test.AssertEquals(t, tat, fc.Now().Add(12*time.Hour))
-
-	//
-	// Now the goal is to perform a successful validation which should reset the
-	// FailedAuthorizationsForPausingPerDomainPerAccount ratelimit.
-	//
-
-	// We know this is OK because of TestNewAuthorization
-	authzPB = createPendingAuthorization(t, sa, domain, fc.Now().Add(12*time.Hour))
-	authzPB.RegistrationID = registration.Id
-
-	va.PerformValidationRequestResultReturn = &vapb.ValidationResult{
-		Records: []*corepb.ValidationRecord{
-			{
-				AddressUsed:   []byte("192.168.0.1"),
-				Hostname:      domain,
-				Port:          "8080",
-				Url:           fmt.Sprintf("http://%s/", domain),
-				ResolverAddrs: []string{"rebound"},
-			},
-		},
-		Problems: nil,
-	}
-
-	challIdx = dnsChallIdx(t, authzPB.Challenges)
-	authzPB, err = ra.PerformValidation(ctx, &rapb.PerformValidationRequest{
-		Authz:          authzPB,
-		ChallengeIndex: challIdx,
-	})
-	test.AssertNotError(t, err, "PerformValidation failed")
-	mockSA.authorizationsForRegID[authzPB.RegistrationID] = authzPB
-
-	select {
-	case r := <-va.performValidationRequest:
-		_ = r
-	case <-time.After(time.Second):
-		t.Fatal("Timed out waiting for DummyValidationAuthority.PerformValidation to complete")
-	}
-
-	// We need the bucket key to scan for in Redis
-	bucketKey, err = ratelimits.NewRegIdDomainBucketKey(ratelimits.FailedAuthorizationsForPausingPerDomainPerAccount, authzPB.RegistrationID, domain)
-	test.AssertNotError(t, err, "Should have been able to construct bucket key, but could not")
-
-	// Verify that the bucket no longer exists (because the limiter reset has
-	// deleted it). This indicates the accountID:identifier bucket has regained
-	// capacity avoiding being inadvertently paused.
-	_, err = redisSrc.Get(ctx, bucketKey)
-	test.AssertErrorIs(t, err, ratelimits.ErrBucketNotFound)
-
-	err = ra.limiter.Reset(ctx, bucketKey)
-	test.AssertNotError(t, err, "Failed cleaning up redis")
-}
-
 func TestPerformValidationVAError(t *testing.T) {
 	va, sa, ra, _, fc, cleanUp := initAuthorities(t)
 	defer cleanUp()