Backport of remove: hcp related code in agent for HCP consul EoL into release/1.22.x

agent/agent.go

@@ -26,15 +26,13 @@ import (
 	"github.com/armon/go-metrics/prometheus"
 	"github.com/rboyer/safeio"
 	"golang.org/x/net/http2"
-	"golang.org/x/net/http2/h2c"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/keepalive"
 
 	"github.com/hashicorp/go-connlimit"
 	"github.com/hashicorp/go-hclog"
 	"github.com/hashicorp/go-memdb"
 	"github.com/hashicorp/go-multierror"
-	"github.com/hashicorp/hcp-scada-provider/capability"
 	"github.com/hashicorp/raft"
 	"github.com/hashicorp/serf/serf"
 
@@ -51,7 +49,6 @@ import (
 	external "github.com/hashicorp/consul/agent/grpc-external"
 	grpcDNS "github.com/hashicorp/consul/agent/grpc-external/services/dns"
 	middleware "github.com/hashicorp/consul/agent/grpc-middleware"
-	"github.com/hashicorp/consul/agent/hcp/scada"
 	"github.com/hashicorp/consul/agent/leafcert"
 	"github.com/hashicorp/consul/agent/local"
 	"github.com/hashicorp/consul/agent/netutil"
@@ -432,10 +429,6 @@ type Agent struct {
 	// xdsServer serves the XDS protocol for configuring Envoy proxies.
 	xdsServer *xds.Server
 
-	// scadaProvider is set when HashiCorp Cloud Platform integration is configured and exposes the agent's API over
-	// an encrypted session to HCP
-	scadaProvider scada.Provider
-
 	// enterpriseAgent embeds fields that we only access in consul-enterprise builds
 	enterpriseAgent
 
@@ -492,7 +485,6 @@ func New(bd BaseDeps) (*Agent, error) {
 		cache:           bd.Cache,
 		leafCertManager: bd.LeafCertManager,
 		routineManager:  routine.NewManager(bd.Logger),
-		scadaProvider:   bd.HCP.Provider,
 	}
 
 	// TODO: create rpcClientHealth in BaseDeps once NetRPC is available without Agent
@@ -1109,12 +1101,6 @@ func (a *Agent) startListeners(addrs []net.Addr) ([]net.Listener, error) {
 			}
 			l = &tcpKeepAliveListener{l.(*net.TCPListener)}
 
-		case *capability.Addr:
-			l, err = a.scadaProvider.Listen(x.Capability())
-			if err != nil {
-				return nil, err
-			}
-
 		default:
 			closeAll()
 			return nil, fmt.Errorf("unsupported address type %T", addr)
@@ -1173,11 +1159,6 @@ func (a *Agent) listenHTTP() ([]apiServer, error) {
 				MaxHeaderBytes: a.config.HTTPMaxHeaderBytes,
 			}
 
-			if scada.IsCapability(l.Addr()) {
-				// wrap in http2 server handler
-				httpServer.Handler = h2c.NewHandler(srv.handler(), &http2.Server{})
-			}
-
 			// Load the connlimit helper into the server
 			connLimitFn := a.httpConnLimiter.HTTPConnStateFuncWithDefault429Handler(10 * time.Millisecond)
 
@@ -1195,9 +1176,6 @@ func (a *Agent) listenHTTP() ([]apiServer, error) {
 	}
 
 	httpAddrs := a.config.HTTPAddrs
-	if a.config.IsCloudEnabled() && a.scadaProvider != nil {
-		httpAddrs = append(httpAddrs, scada.CAPCoreAPI)
-	}
 
 	if err := start("http", httpAddrs); err != nil {
 		closeListeners(ln)
@@ -1601,8 +1579,6 @@ func newConsulConfig(runtimeCfg *config.RuntimeConfig, logger hclog.Logger) (*co
 	cfg.RequestLimitsWriteRate = runtimeCfg.RequestLimitsWriteRate
 	cfg.Locality = runtimeCfg.StructLocality()
 
-	cfg.Cloud = runtimeCfg.Cloud
-
 	cfg.Reporting.License.Enabled = runtimeCfg.Reporting.License.Enabled
 	cfg.Reporting.SnapshotRetentionTime = runtimeCfg.Reporting.SnapshotRetentionTime
 
@@ -1782,11 +1758,6 @@ func (a *Agent) ShutdownAgent() error {
 	a.rpcClientHealth.Close()
 	a.rpcClientConfigEntry.Close()
 
-	// Shutdown SCADA provider
-	if a.scadaProvider != nil {
-		a.scadaProvider.Stop()
-	}
-
 	var err error
 	if a.delegate != nil {
 		err = a.delegate.Shutdown()

agent/agent_test.go

@@ -33,26 +33,22 @@ import (
 	"github.com/google/go-cmp/cmp"
 	"github.com/google/go-cmp/cmp/cmpopts"
 	"github.com/google/tcpproxy"
+	"github.com/hashicorp/go-hclog"
+	"github.com/hashicorp/serf/coordinate"
+	"github.com/hashicorp/serf/serf"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"golang.org/x/sync/errgroup"
 	"golang.org/x/time/rate"
 	"google.golang.org/grpc"
 	"google.golang.org/protobuf/encoding/protojson"
 
-	"github.com/hashicorp/go-hclog"
-	"github.com/hashicorp/hcp-scada-provider/capability"
-	"github.com/hashicorp/serf/coordinate"
-	"github.com/hashicorp/serf/serf"
-
 	"github.com/hashicorp/consul/agent/cache"
 	cachetype "github.com/hashicorp/consul/agent/cache-types"
 	"github.com/hashicorp/consul/agent/checks"
 	"github.com/hashicorp/consul/agent/config"
 	"github.com/hashicorp/consul/agent/connect"
 	"github.com/hashicorp/consul/agent/consul"
-	"github.com/hashicorp/consul/agent/hcp"
-	"github.com/hashicorp/consul/agent/hcp/scada"
 	"github.com/hashicorp/consul/agent/leafcert"
 	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/agent/token"
@@ -6389,69 +6385,6 @@ peering {
 	})
 }
 
-func TestAgent_startListeners_scada(t *testing.T) {
-	t.Parallel()
-	pvd := scada.NewMockProvider(t)
-	c := capability.NewAddr("testcap")
-	pvd.EXPECT().Listen(c.Capability()).Return(nil, nil).Once()
-	bd := BaseDeps{
-		Deps: consul.Deps{
-			Logger:       hclog.NewInterceptLogger(nil),
-			Tokens:       new(token.Store),
-			GRPCConnPool: &fakeGRPCConnPool{},
-			HCP: hcp.Deps{
-				Provider: pvd,
-			},
-			Registry: resource.NewRegistry(),
-		},
-		RuntimeConfig: &config.RuntimeConfig{},
-		Cache:         cache.New(cache.Options{}),
-		NetRPC:        &LazyNetRPC{},
-	}
-
-	bd.LeafCertManager = leafcert.NewManager(leafcert.Deps{
-		CertSigner:  leafcert.NewNetRPCCertSigner(bd.NetRPC),
-		RootsReader: leafcert.NewCachedRootsReader(bd.Cache, "dc1"),
-		Config:      leafcert.Config{},
-	})
-
-	cfg := config.RuntimeConfig{BuildDate: time.Date(2000, 1, 1, 0, 0, 1, 0, time.UTC)}
-	bd, err := initEnterpriseBaseDeps(bd, &cfg)
-	require.NoError(t, err)
-
-	agent, err := New(bd)
-	mockDelegate := delegateMock{}
-	mockDelegate.On("LicenseCheck").Return()
-	agent.delegate = &mockDelegate
-	require.NoError(t, err)
-
-	_, err = agent.startListeners([]net.Addr{c})
-	require.NoError(t, err)
-}
-
-func TestAgent_scadaProvider(t *testing.T) {
-	pvd := scada.NewMockProvider(t)
-
-	// this listener is used when mocking out the scada provider
-	l, err := net.Listen("tcp4", fmt.Sprintf("127.0.0.1:%d", freeport.GetOne(t)))
-	require.NoError(t, err)
-	defer require.NoError(t, l.Close())
-
-	pvd.EXPECT().Listen(scada.CAPCoreAPI.Capability()).Return(l, nil).Once()
-	pvd.EXPECT().Stop().Return(nil).Once()
-	a := TestAgent{
-		HCL: `cloud = { resource_id = "test-resource-id" client_id = "test-client-id" client_secret = "test-client-secret" }`,
-		OverrideDeps: func(deps *BaseDeps) {
-			deps.HCP.Provider = pvd
-		},
-	}
-	defer a.Shutdown()
-	require.NoError(t, a.Start(t))
-
-	_, err = api.NewClient(&api.Config{Address: l.Addr().String()})
-	require.NoError(t, err)
-}
-
 func TestAgent_checkServerLastSeen(t *testing.T) {
 	bd := BaseDeps{
 		Deps: consul.Deps{

agent/config/builder.go

@@ -4,7 +4,6 @@
 package config
 
 import (
-	"crypto/tls"
 	"encoding/base64"
 	"encoding/json"
 	"errors"
@@ -37,7 +36,6 @@ import (
 	"github.com/hashicorp/consul/agent/consul/authmethod/ssoauth"
 	consulrate "github.com/hashicorp/consul/agent/consul/rate"
 	"github.com/hashicorp/consul/agent/consul/state"
-	hcpconfig "github.com/hashicorp/consul/agent/hcp/config"
 	"github.com/hashicorp/consul/agent/rpc/middleware"
 	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/agent/token"
@@ -1004,7 +1002,6 @@ func (b *builder) build() (rt RuntimeConfig, err error) {
 		AutoEncryptIPSAN:                       autoEncryptIPSAN,
 		AutoEncryptAllowTLS:                    autoEncryptAllowTLS,
 		AutoConfig:                             autoConfig,
-		Cloud:                                  b.cloudConfigVal(c),
 		ConnectEnabled:                         connectEnabled,
 		ConnectCAProvider:                      connectCAProvider,
 		ConnectCAConfig:                        connectCAConfig,
@@ -1135,8 +1132,7 @@ func (b *builder) build() (rt RuntimeConfig, err error) {
 		LocalProxyConfigResyncInterval:    30 * time.Second,
 	}
 
-	// host metrics are enabled if consul is configured with HashiCorp Cloud Platform integration
-	rt.Telemetry.EnableHostMetrics = boolValWithDefault(c.Telemetry.EnableHostMetrics, rt.IsCloudEnabled())
+	rt.Telemetry.EnableHostMetrics = boolValWithDefault(c.Telemetry.EnableHostMetrics, false)
 
 	rt.TLS, err = b.buildTLSConfig(rt, c.TLS)
 	if err != nil {
@@ -1979,7 +1975,6 @@ func (b *builder) uiConfigVal(v RawUIConfig) UIConfig {
 		MetricsProviderOptionsJSON: stringVal(v.MetricsProviderOptionsJSON),
 		MetricsProxy:               b.uiMetricsProxyVal(v.MetricsProxy),
 		DashboardURLTemplates:      v.DashboardURLTemplates,
-		HCPEnabled:                 os.Getenv("CONSUL_HCP_ENABLED") == "true",
 	}
 }
 
@@ -2610,75 +2605,6 @@ func validateAutoConfigAuthorizer(rt RuntimeConfig) error {
 	return nil
 }
 
-func (b *builder) cloudConfigVal(v Config) hcpconfig.CloudConfig {
-	// Load the same environment variables expected by hcp-sdk-go
-	envHostname, ok := os.LookupEnv("HCP_API_ADDRESS")
-	if !ok {
-		if legacyEnvHostname, ok := os.LookupEnv("HCP_API_HOST"); ok {
-			// Remove only https scheme prefixes from the deprecated environment
-			// variable for specifying the API host. Mirrors the same behavior as
-			// hcp-sdk-go.
-			if strings.HasPrefix(strings.ToLower(legacyEnvHostname), "https://") {
-				legacyEnvHostname = legacyEnvHostname[8:]
-			}
-			envHostname = legacyEnvHostname
-		}
-	}
-
-	var envTLSConfig *tls.Config
-	if os.Getenv("HCP_AUTH_TLS") == "insecure" ||
-		os.Getenv("HCP_SCADA_TLS") == "insecure" ||
-		os.Getenv("HCP_API_TLS") == "insecure" {
-		envTLSConfig = &tls.Config{InsecureSkipVerify: true}
-	}
-
-	val := hcpconfig.CloudConfig{
-		ResourceID:   os.Getenv("HCP_RESOURCE_ID"),
-		ClientID:     os.Getenv("HCP_CLIENT_ID"),
-		ClientSecret: os.Getenv("HCP_CLIENT_SECRET"),
-		AuthURL:      os.Getenv("HCP_AUTH_URL"),
-		Hostname:     envHostname,
-		ScadaAddress: os.Getenv("HCP_SCADA_ADDRESS"),
-		TLSConfig:    envTLSConfig,
-	}
-
-	// Node id might get overridden in setup.go:142
-	nodeID := stringVal(v.NodeID)
-	val.NodeID = types.NodeID(nodeID)
-	val.NodeName = b.nodeName(v.NodeName)
-
-	if v.Cloud == nil {
-		return val
-	}
-
-	// Load configuration file variables for anything not set by environment variables
-	if val.AuthURL == "" {
-		val.AuthURL = stringVal(v.Cloud.AuthURL)
-	}
-
-	if val.Hostname == "" {
-		val.Hostname = stringVal(v.Cloud.Hostname)
-	}
-
-	if val.ScadaAddress == "" {
-		val.ScadaAddress = stringVal(v.Cloud.ScadaAddress)
-	}
-
-	if val.ResourceID == "" {
-		val.ResourceID = stringVal(v.Cloud.ResourceID)
-	}
-
-	if val.ClientID == "" {
-		val.ClientID = stringVal(v.Cloud.ClientID)
-	}
-
-	if val.ClientSecret == "" {
-		val.ClientSecret = stringVal(v.Cloud.ClientSecret)
-	}
-
-	return val
-}
-
 // decodeBytes returns the encryption key decoded.
 func decodeBytes(key string) ([]byte, error) {
 	return base64.StdEncoding.DecodeString(key)