Skip to content

Add an index on serials to the revokedCertificates table #8427

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 2, 2025
Merged

Add an index on serials to the revokedCertificates table #8427

merged 1 commit into from
Oct 2, 2025
+9 −0

Conversation

aarongable
Copy link
Contributor

@aarongable aarongable commented Oct 2, 2025
edited
Loading

Give the revokedCertificates table a non-unique index on the serial column. This exactly matches the existing index on the certificateStatus table.

We did not include this index initially because we were optimizing this table for the crl-updater's crawl-by-shard-and-expiration behavior, but this index is necessary to look up if a certificate has already been revoked when computing ARI windows and when processing revocation requests.

Part of #8322

IN-11835 tracks the corresponding production schema changes

@aarongable aarongable requested a review from a team as a code owner October 2, 2025 22:31
@aarongable aarongable requested a review from jsha October 2, 2025 22:31
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Oct 2, 2025

@aarongable, this PR appears to contain configuration and/or SQL schema changes. Please ensure that a corresponding deployment ticket has been filed with the new values.

@aarongable aarongable force-pushed the revoked-serial-index branch from 80156d2 to d8c5e81 Compare October 2, 2025 22:33
@aarongable aarongable mentioned this pull request Oct 2, 2025
Open
jsha
jsha approved these changes Oct 2, 2025
View reviewed changes
sa/db-next/boulder_sa/20251002000000_AddRevokedSerialsIndex.sql
-- +migrate Up
-- SQL in section 'Up' is executed when this migration is applied

ALTER TABLE `revokedCertificates` ADD KEY `serial` (`serial`);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note: I'd expected to see ADD UNIQUE KEY. But, if I'm remembering correctly, with partitioning we can't use UNIQUE KEYs other than the primary one. So for instance certificateStatus has a KEY on serial but not a UNIQUE one.

For certificateStatus we deal with that by using an UPDATE. That code also protects revokedCertificates from having duplicates. As we switch to revokedCertificates we'll want to make sure that revocations open a transaction, do a SELECT to make sure the row doesn't yet exist, and then INSERT.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep, and I'll do that handling in #8408

@aarongable aarongable mentioned this pull request Oct 2, 2025
Open
@aarongable aarongable requested a review from jprenken October 2, 2025 23:04
@aarongable aarongable merged commit 9365990 into main Oct 2, 2025
13 checks passed
@aarongable aarongable deleted the revoked-serial-index branch October 2, 2025 23:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jsha jsha jsha approved these changes

@jprenken jprenken jprenken approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@aarongable @jsha @jprenken