bad-key-revoker: Require maxExpectedReplicationLag (#8693)

jprenken · web-flow · commit dd8ce81d0fe9 · 2026-04-06T13:59:26.000-07:00
#8301 introduced the `maxExpectedReplicationLag` parameter. Let's Encrypt has now deployed it, so we should make it mandatory, removing the interim default value that made it deploy-safe.
diff --git a/cmd/bad-key-revoker/main.go b/cmd/bad-key-revoker/main.go
@@ -379,12 +379,10 @@ func main() {
 		bkr.backoffIntervalBase = time.Second
 	}
 
-	// If `MaxExpectedReplicationLag` was not set via the config, then set
-	// `bkr.maxExpectedReplicationLag` to a default 22 seconds. This is based on
-	// ProxySQL's max_replication_lag for bad-key-revoker (10s), times two, plus
-	// two seconds.
+	// If `MaxExpectedReplicationLag` was not set via the config, fail. We can't
+	// safely assume or anticipate its value for any given Boulder deployment.
 	if bkr.maxExpectedReplicationLag == 0 {
-		bkr.maxExpectedReplicationLag = time.Second * 22
+		cmd.Fail("maxExpectedReplicationLag must be provided.")
 	}
 
 	// Run bad-key-revoker in a loop. Backoff if no work or errors.

Original file line number	Diff line number	Diff line change
`@@ -379,12 +379,10 @@ func main() {`
`379`	`379`	`bkr.backoffIntervalBase = time.Second`
`380`	`380`	`}`
`381`	`381`
`382`		- // If `MaxExpectedReplicationLag` was not set via the config, then set
`383`		- // `bkr.maxExpectedReplicationLag` to a default 22 seconds. This is based on
`384`		`- // ProxySQL's max_replication_lag for bad-key-revoker (10s), times two, plus`
`385`		`- // two seconds.`
	`382`	+ // If `MaxExpectedReplicationLag` was not set via the config, fail. We can't
	`383`	`+ // safely assume or anticipate its value for any given Boulder deployment.`
`386`	`384`	`if bkr.maxExpectedReplicationLag == 0 {`
`387`		`- bkr.maxExpectedReplicationLag = time.Second * 22`
	`385`	`+ cmd.Fail("maxExpectedReplicationLag must be provided.")`
`388`	`386`	`}`
`389`	`387`
`390`	`388`	`// Run bad-key-revoker in a loop. Backoff if no work or errors.`