cli: remove cockroach connect

`connect` was implemented as an experiment to allow bootstrapping nodes from other nodes CA's. The details are described here: https://github.com/aaron-crl/toy-secure-init-handshake/tree/n-way-join This implementation was never completed, and the visibility of this code can cause confusion. This PR removes all the code with the idea that we can bring it back later if necessary. Epic: none Release note (cli change): Removal of the `cockroach connect` functionality.
cockroachdb · Nov 13, 2023 · ad4350a · ad4350a
1 parent d9296a0
commit ad4350a
Show file tree

Hide file tree

Showing 34 changed files with 68 additions and 4,033 deletions.
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -123,7 +123,6 @@
 /pkg/cli/clisqlclient/       @cockroachdb/sql-foundations @cockroachdb/cli-prs
 /pkg/cli/clisqlexec/         @cockroachdb/sql-foundations @cockroachdb/cli-prs
 /pkg/cli/clisqlshell/        @cockroachdb/sql-foundations @cockroachdb/cli-prs
-/pkg/cli/connect*.go         @cockroachdb/prodsec        @cockroachdb/cli-prs
 /pkg/cli/context.go          @cockroachdb/cli-prs
 /pkg/cli/convert_url*        @cockroachdb/sql-foundations   @cockroachdb/cli-prs
 /pkg/cli/debug*.go           @cockroachdb/kv-prs         @cockroachdb/cli-prs
@@ -163,12 +162,10 @@
 # respective teams.
 #
 #!/pkg/server/                           @cockroachdb/unowned
-/pkg/server/addjoin*.go                  @cockroachdb/prodsec @cockroachdb/server-prs
 /pkg/server/admin*.go                    @cockroachdb/obs-inf-prs @cockroachdb/server-prs
 /pkg/server/api_v2*.go                   @cockroachdb/obs-inf-prs @cockroachdb/server-prs
 /pkg/server/api_v2_auth*.go              @cockroachdb/obs-inf-prs @cockroachdb/server-prs @cockroachdb/prodsec
 /pkg/server/authentication*.go           @cockroachdb/prodsec     @cockroachdb/server-prs
-/pkg/server/auto_tls_init*go             @cockroachdb/prodsec     @cockroachdb/server-prs
 /pkg/server/autoconfig/                  @cockroachdb/jobs-prs    @cockroachdb/multi-tenant
 /pkg/server/clock_monotonicity.go        @cockroachdb/kv-prs
 /pkg/server/combined_statement_stats*.go @cockroachdb/cluster-observability @cockroachdb/obs-inf-prs
@@ -186,7 +183,6 @@
 /pkg/server/import_ts*.go                @cockroachdb/obs-inf-prs @cockroachdb/server-prs  @cockroachdb/kv-prs
 /pkg/server/index_usage*.go              @cockroachdb/cluster-observability @cockroachdb/obs-inf-prs
 /pkg/server/init*.go                     @cockroachdb/kv-prs      @cockroachdb/server-prs
-/pkg/server/init_handshake*.go           @cockroachdb/prodsec     @cockroachdb/server-prs
 /pkg/server/intent_*.go                  @cockroachdb/kv-prs      @cockroachdb/server-prs
 /pkg/server/key_vis*                     @cockroachdb/cluster-observability @cockroachdb/obs-inf-prs
 /pkg/server/load_endpoint*               @cockroachdb/obs-inf-prs @cockroachdb/server-prs

diff --git a/docs/generated/http/full.md b/docs/generated/http/full.md
@@ -5333,94 +5333,6 @@ Support status: [reserved](#support-status)
 
 
 
-## RequestCA
-
-`GET /_join/v1/ca`
-
-
-
-Support status: [reserved](#support-status)
-
-#### Request Parameters
-
-
-
-
-CARequest requests the CA cert anchoring this service.
-
-
-
-
-
-
-
-
-#### Response Parameters
-
-
-
-
-CAResponse contains a PEM encoded copy of the CA cert for this service.
-
-
-| Field | Type | Label | Description | Support status |
-| ----- | ---- | ----- | ----------- | -------------- |
-| ca_cert | [bytes](#cockroach.server.serverpb.CAResponse-bytes) |  |  | [reserved](#support-status) |
-
-
-
-
-
-
-
-## RequestCertBundle
-
-`GET /_join/v1/requestbundle`
-
-
-
-Support status: [reserved](#support-status)
-
-#### Request Parameters
-
-
-
-
-CertBundleRequest requests the bundle of initialization CAs for a new node.
-It provides authentication in the form of a joinToken containing a
-sharedSecret.
-
-
-| Field | Type | Label | Description | Support status |
-| ----- | ---- | ----- | ----------- | -------------- |
-| token_id | [string](#cockroach.server.serverpb.CertBundleRequest-string) |  |  | [reserved](#support-status) |
-| shared_secret | [bytes](#cockroach.server.serverpb.CertBundleRequest-bytes) |  |  | [reserved](#support-status) |
-
-
-
-
-
-
-
-#### Response Parameters
-
-
-
-
-CertBundleResponse contains a copy of all CAs needed to initialize TLS for
-a new node.
-
-
-| Field | Type | Label | Description | Support status |
-| ----- | ---- | ----- | ----------- | -------------- |
-| bundle | [bytes](#cockroach.server.serverpb.CertBundleResponse-bytes) |  |  | [reserved](#support-status) |
-
-
-
-
-
-
-
 ## Users
 
 `GET /_admin/v1/users`

diff --git a/pkg/acceptance/generated_cli_test.go b/pkg/acceptance/generated_cli_test.go
diff --git a/pkg/cli/BUILD.bazel b/pkg/cli/BUILD.bazel
@@ -10,8 +10,6 @@ go_library(
         "cert.go",
         "cli.go",
         "client_url.go",
-        "connect.go",
-        "connect_join.go",
         "context.go",
         "convert_url.go",
         "debug.go",
@@ -139,7 +137,6 @@ go_library(
         "//pkg/security",
         "//pkg/security/certnames",
         "//pkg/security/clientsecopts",
-        "//pkg/security/securityassets",
         "//pkg/security/securitytest",
         "//pkg/security/username",
         "//pkg/server",
@@ -315,7 +312,6 @@ go_test(
         "cert_test.go",
         "cli_debug_test.go",
         "cli_test.go",
-        "connect_join_test.go",
         "convert_url_test.go",
         "debug_check_store_test.go",
         "debug_job_trace_test.go",

diff --git a/pkg/cli/cli.go b/pkg/cli/cli.go
@@ -245,7 +245,6 @@ func init() {
 	cockroachCmd.AddCommand(
 		startCmd,
 		startSingleNodeCmd,
-		connectCmd,
 		initCmd,
 		certCmd,
 

diff --git a/pkg/cli/cliflags/flags.go b/pkg/cli/cliflags/flags.go
@@ -832,36 +832,6 @@ certificate can only be used if an identity map has been configured server-side.
 		Description: `Prompt for the new user's password.`,
 	}
 
-	InitToken = FlagInfo{
-		Name: "init-token",
-		Description: `Shared token for initialization of node TLS certificates.
-
-This flag is optional for the 'start' command. When omitted, the 'start'
-command expects the operator to prepare TLS certificates beforehand using
-the 'cert' command.
-
-This flag must be combined with --num-expected-initial-nodes.`,
-	}
-
-	NumExpectedInitialNodes = FlagInfo{
-		Name: "num-expected-initial-nodes",
-		Description: `Number of expected nodes during TLS certificate creation,
-including the node where the connect command is run.
-
-This flag must be combined with --init-token.`,
-	}
-
-	SingleNode = FlagInfo{
-		Name: "single-node",
-		Description: `Prepare the certificates for a subsequent 'start-single-node'
-command. The 'connect' command only runs cursory checks on the network
-configuration and does not wait for peers to auto-negotiate a common
-set of credentials.
-
-The --single-node flag is exclusive with the --init-num-peers and --init-token
-flags.`,
-	}
-
 	CertsDir = FlagInfo{
 		Name:        "certs-dir",
 		EnvVar:      "COCKROACH_CERTS_DIR",

diff --git a/pkg/cli/connect.go b/pkg/cli/connect.go