Delete sa.GetMaxExpiration and sa.GetRevokedCerts (#8401)

These two SA methods were used only by the crl-updater's temporal
(notAfter-based) sharding code. We now exclusively use explicit
(CRLDP-based) sharding, and these methods have no callers.

Fixes #8399
Part of #8322

Author: aarongable

crl/updater/updater_test.go

@@ -64,10 +64,6 @@ func (f *fakeSAC) GetRevokedCertsByShard(ctx context.Context, req *sapb.GetRevok
 	return &f.revokedCerts, nil
 }
 
-func (f *fakeSAC) GetMaxExpiration(_ context.Context, req *emptypb.Empty, _ ...grpc.CallOption) (*timestamppb.Timestamp, error) {
-	return timestamppb.New(f.maxNotAfter), nil
-}
-
 func (f *fakeSAC) LeaseCRLShard(_ context.Context, req *sapb.LeaseCRLShardRequest, _ ...grpc.CallOption) (*sapb.LeaseCRLShardResponse, error) {
 	if f.leaseError != nil {
 		return nil, f.leaseError

docs/CRLS.md

@@ -39,8 +39,7 @@ contains an entry for every certificate, explicitly recording that newly-issued
 certificates are not revoked. The latter is less explicit but more scalable,
 containing rows only for certificates which have been revoked.
 
-The SA exposes the two different types of recordkeeping in two different ways:
-`GetRevokedCerts` returns revoked certificates whose NotAfter dates fall within
-a requested range. `GetRevokedCertsByShard` returns revoked certificates whose
-`shardIdx` matches the requested shard. The crl-updater uses only the latter
-method, and the former will be removed in the future.
+The SA only exposes the latter of these two mechanisms via the
+`GetRevokedCertsByShard` method, which returns revoked certificates whose
+`shardIdx` matches the requested shard. The `certificateStatus` table will be
+removed in the near future.

mocks/sa.go

@@ -246,26 +246,11 @@ func (sa *StorageAuthority) GetPausedIdentifiers(_ context.Context, _ *sapb.Regi
 	return nil, nil
 }
 
-// GetRevokedCerts is a mock
-func (sa *StorageAuthorityReadOnly) GetRevokedCerts(ctx context.Context, _ *sapb.GetRevokedCertsRequest, _ ...grpc.CallOption) (sapb.StorageAuthorityReadOnly_GetRevokedCertsClient, error) {
-	return &ServerStreamClient[corepb.CRLEntry]{}, nil
-}
-
-// GetRevokedCerts is a mock
-func (sa *StorageAuthority) GetRevokedCerts(ctx context.Context, _ *sapb.GetRevokedCertsRequest, _ ...grpc.CallOption) (sapb.StorageAuthority_GetRevokedCertsClient, error) {
-	return &ServerStreamClient[corepb.CRLEntry]{}, nil
-}
-
 // GetRevokedCertsByShard is a mock
 func (sa *StorageAuthorityReadOnly) GetRevokedCertsByShard(ctx context.Context, _ *sapb.GetRevokedCertsByShardRequest, _ ...grpc.CallOption) (grpc.ServerStreamingClient[corepb.CRLEntry], error) {
 	return &ServerStreamClient[corepb.CRLEntry]{}, nil
 }
 
-// GetMaxExpiration is a mock
-func (sa *StorageAuthorityReadOnly) GetMaxExpiration(_ context.Context, req *emptypb.Empty, _ ...grpc.CallOption) (*timestamppb.Timestamp, error) {
-	return nil, nil
-}
-
 // AddRateLimitOverride is a mock
 func (sa *StorageAuthority) AddRateLimitOverride(_ context.Context, req *sapb.AddRateLimitOverrideRequest, _ ...grpc.CallOption) (*sapb.AddRateLimitOverrideResponse, error) {
 	return nil, nil