From 4e0777f6b164c944ddfd8795e88db3e6ad5bc55e Mon Sep 17 00:00:00 2001
From: Jacob Hoffman-Andrews <github@hoffman-andrews.com>
Date: Mon, 22 Jul 2019 10:28:47 -0700
Subject: [PATCH 1/5] Remove unused revokeAuthorizations functions.

---
 sa/authz.go | 28 ----------------------------
 sa/sa.go    | 14 --------------
 2 files changed, 42 deletions(-)

diff --git a/sa/authz.go b/sa/authz.go
index 31f973cd5dd1..30b4fdc3228f 100644
--- a/sa/authz.go
+++ b/sa/authz.go
@@ -36,31 +36,3 @@ func getAuthorizationIDsByDomain(db dbSelector, tableName string, ident string,
 	}
 	return allIDs, nil
 }
-
-func revokeAuthorizations(db dbExecer, tableName string, authIDs []string) (int64, error) {
-	stmtArgs := []interface{}{string(core.StatusRevoked)}
-	qmarks := []string{}
-	for _, id := range authIDs {
-		stmtArgs = append(stmtArgs, id)
-		qmarks = append(qmarks, "?")
-	}
-	idStmt := fmt.Sprintf("(%s)", strings.Join(qmarks, ", "))
-	result, err := db.Exec(
-		fmt.Sprintf(
-			`UPDATE %s
-       SET status = ?
-       WHERE id IN %s`,
-			tableName,
-			idStmt,
-		),
-		stmtArgs...,
-	)
-	if err != nil {
-		return 0, err
-	}
-	batchSize, err := result.RowsAffected()
-	if err != nil {
-		return 0, err
-	}
-	return batchSize, nil
-}
diff --git a/sa/sa.go b/sa/sa.go
index e7f9c1bea99f..15c21543a66e 100644
--- a/sa/sa.go
+++ b/sa/sa.go
@@ -706,20 +706,6 @@ func (ssa *SQLStorageAuthority) getAuthorizationIDsByDomain2(ctx context.Context
 	return ids, nil
 }
 
-func (ssa *SQLStorageAuthority) revokeAuthorizations2(ctx context.Context, ids []int64) error {
-	qmarks := []string{}
-	params := []interface{}{statusUint(core.StatusRevoked)}
-	for _, id := range ids {
-		qmarks = append(qmarks, "?")
-		params = append(params, id)
-	}
-	_, err := ssa.dbMap.Exec(
-		fmt.Sprintf(`UPDATE authz2 SET status = ? WHERE id IN (%s)`, strings.Join(qmarks, ",")),
-		params...,
-	)
-	return err
-}
-
 // AddCertificate stores an issued certificate and returns the digest as
 // a string, or an error if any occurred.
 func (ssa *SQLStorageAuthority) AddCertificate(

From 9474979958a522e4986c11a1fcf3e91397b2a441 Mon Sep 17 00:00:00 2001
From: Jacob Hoffman-Andrews <github@hoffman-andrews.com>
Date: Mon, 22 Jul 2019 10:38:39 -0700
Subject: [PATCH 2/5] Fix imports.

---
 sa/authz.go | 1 -
 1 file changed, 1 deletion(-)

diff --git a/sa/authz.go b/sa/authz.go
index 30b4fdc3228f..1444c850a835 100644
--- a/sa/authz.go
+++ b/sa/authz.go
@@ -2,7 +2,6 @@ package sa
 
 import (
 	"fmt"
-	"strings"
 	"time"
 
 	"github.com/letsencrypt/boulder/core"

From 6445c94857f9871c49d40ed9f99d38e0c3d4643a Mon Sep 17 00:00:00 2001
From: Jacob Hoffman-Andrews <github@hoffman-andrews.com>
Date: Mon, 5 Aug 2019 19:43:11 -0700
Subject: [PATCH 3/5] Integration test for DisableAuthz2Orders.

To make this work, I changed the twenty_days_ago setup to use
`config-next` when the main test phase is running `config`. That, in
turn, made the recheck_caa test fail, so I added a tweak to that.

I also moved the Authzv2 migrations into `db`. Without that change,
the integration test would fail during the twenty_days_ago setup because
Boulder would attempt to create authzv2 objects but the table wouldn't
exist yet.
---
 .../20190221140139_AddAuthz2.sql              |  0
 .../20190524120239_AddAuthz2ExpiresIndex.sql  |  0
 test/config/sa.json                           |  1 +
 test/integration-test.py                      |  2 ++
 test/v1_integration.py                        |  7 +++++
 test/v2_integration.py                        | 27 +++++++++++++++++++
 6 files changed, 37 insertions(+)
 rename sa/{_db-next/migrations => _db}/20190221140139_AddAuthz2.sql (100%)
 rename sa/{_db-next/migrations => _db}/20190524120239_AddAuthz2ExpiresIndex.sql (100%)

diff --git a/sa/_db-next/migrations/20190221140139_AddAuthz2.sql b/sa/_db/20190221140139_AddAuthz2.sql
similarity index 100%
rename from sa/_db-next/migrations/20190221140139_AddAuthz2.sql
rename to sa/_db/20190221140139_AddAuthz2.sql
diff --git a/sa/_db-next/migrations/20190524120239_AddAuthz2ExpiresIndex.sql b/sa/_db/20190524120239_AddAuthz2ExpiresIndex.sql
similarity index 100%
rename from sa/_db-next/migrations/20190524120239_AddAuthz2ExpiresIndex.sql
rename to sa/_db/20190524120239_AddAuthz2ExpiresIndex.sql
diff --git a/test/config/sa.json b/test/config/sa.json
index 52d5a4bc0695..7b3314aabb3c 100644
--- a/test/config/sa.json
+++ b/test/config/sa.json
@@ -24,6 +24,7 @@
       ]
     },
     "features": {
+      "DisableAuthz2Orders": true,
       "DeleteUnusedChallenges": true
     }
   },
diff --git a/test/integration-test.py b/test/integration-test.py
index f60e542bfe3f..fda2d03beb33 100644
--- a/test/integration-test.py
+++ b/test/integration-test.py
@@ -246,6 +246,8 @@ def main():
         config = default_config_dir
         if CONFIG_NEXT:
             config = "test/config"
+        else:
+            config = "test/config-next"
         now = datetime.datetime.utcnow()
         twenty_days_ago = now+datetime.timedelta(days=-20)
         if not startservers.start(race_detection=True, fakeclock=fakeclock(twenty_days_ago), config_dir=config):
diff --git a/test/v1_integration.py b/test/v1_integration.py
index 24869f216aa9..b2b65732cc76 100644
--- a/test/v1_integration.py
+++ b/test/v1_integration.py
@@ -449,6 +449,13 @@ def test_recheck_caa():
        was good. We'll set a new CAA record forbidding issuance; the CAA should
        recheck CAA and reject the request.
     """
+    # TODO(jsha): We can't do this test in non-CONFIG_NEXT mode
+    # because of authzv2. We do the twenty_days setup in CONFIG_NEXT
+    # mode (creating an authzv2), then restart Boulder with the authzv2
+    # flag disabled, which causes the authz to 404. Remove this check once
+    # authzv2 is live.
+    if not CONFIG_NEXT:
+        return
     if len(caa_recheck_authzs) == 0:
         raise Exception("CAA authzs not prepared for test_caa")
     domains = []
diff --git a/test/v2_integration.py b/test/v2_integration.py
index d1093b2f0857..5cc91b902bab 100644
--- a/test/v2_integration.py
+++ b/test/v2_integration.py
@@ -936,6 +936,33 @@ def test_z1_reuse():
     if len(authz_uris) != 0:
         raise Exception("Failed to reuse all authzs. Remaining: %s" % authz_uris)
 
+z2_disable_client = None
+z2_disable_authz = None
+z2_disable_order = None
+@register_twenty_days_ago
+def z2_disable_setup():
+    global z2_disable_client
+    global z2_disable_authz
+    global z2_disable_order
+    z2_disable_client = chisel2.make_client()
+    z2_disable_order = chisel2.auth_and_issue([random_domain()])
+    z2_disable_authz = z2_disable_order.authorizations[0]
+
+def test_z2_disable():
+    """Test the DisableAuthz2Orders feature flag."""
+    response = requests.get(z2_disable_authz.uri)
+    if response.status_code != 404:
+        raise Exception("Expected authorization to be disabled. Got %s" %
+            response)
+    response = requests.get(z2_disable_order.uri)
+    if response.status_code != 404:
+        raise Exception("Expected order to be disabled. Got %s" %
+            response)
+    o = z2_disable_client.new_order(
+        chisel2.make_csr([z2_disable_authz.body.identifier.value]))
+    if o.authorizations[0].uri == z2_disable_authz.uri:
+        raise Exception("Expected authzv2 authorization not to be reused")
+
 def test_new_order_policy_errs():
     """
     Test that creating an order with policy blocked identifiers returns

From 1c641195c543b404015ccc25aab892a87d65760e Mon Sep 17 00:00:00 2001
From: Jacob Hoffman-Andrews <github@hoffman-andrews.com>
Date: Thu, 8 Aug 2019 14:12:46 -0700
Subject: [PATCH 4/5] Fix migration location.

---
 sa/_db/{ => migrations}/20190221140139_AddAuthz2.sql             | 0
 sa/_db/{ => migrations}/20190524120239_AddAuthz2ExpiresIndex.sql | 0
 2 files changed, 0 insertions(+), 0 deletions(-)
 rename sa/_db/{ => migrations}/20190221140139_AddAuthz2.sql (100%)
 rename sa/_db/{ => migrations}/20190524120239_AddAuthz2ExpiresIndex.sql (100%)

diff --git a/sa/_db/20190221140139_AddAuthz2.sql b/sa/_db/migrations/20190221140139_AddAuthz2.sql
similarity index 100%
rename from sa/_db/20190221140139_AddAuthz2.sql
rename to sa/_db/migrations/20190221140139_AddAuthz2.sql
diff --git a/sa/_db/20190524120239_AddAuthz2ExpiresIndex.sql b/sa/_db/migrations/20190524120239_AddAuthz2ExpiresIndex.sql
similarity index 100%
rename from sa/_db/20190524120239_AddAuthz2ExpiresIndex.sql
rename to sa/_db/migrations/20190524120239_AddAuthz2ExpiresIndex.sql

From 6afcc91c2868e0eba7791a2213f6f7839b23adb3 Mon Sep 17 00:00:00 2001
From: Jacob Hoffman-Andrews <github@hoffman-andrews.com>
Date: Thu, 8 Aug 2019 14:40:52 -0700
Subject: [PATCH 5/5] Don't run in CONFIG_NEXT

---
 test/v2_integration.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/test/v2_integration.py b/test/v2_integration.py
index 5cc91b902bab..d547d1a9866e 100644
--- a/test/v2_integration.py
+++ b/test/v2_integration.py
@@ -949,7 +949,10 @@ def z2_disable_setup():
     z2_disable_authz = z2_disable_order.authorizations[0]
 
 def test_z2_disable():
-    """Test the DisableAuthz2Orders feature flag."""
+    """Test the DisableAuthz2Orders feature flag. Only runs when
+       that flag is set (that is, not in CONFIG_NEXT mode)."""
+    if CONFIG_NEXT:
+        return
     response = requests.get(z2_disable_authz.uri)
     if response.status_code != 404:
         raise Exception("Expected authorization to be disabled. Got %s" %