From cdcb8537f551492782b6fa1e7a1bfa9df13e5e38 Mon Sep 17 00:00:00 2001
From: Conrad Ludgate <conradludgate@gmail.com>
Date: Thu, 12 Sep 2024 17:57:59 +0100
Subject: [PATCH] delete dead code

---
 proxy/src/auth_proxy/backend.rs       | 46 ++-------------------------
 proxy/src/auth_proxy/backend/hacks.rs | 41 ------------------------
 proxy/src/auth_proxy/flow.rs          | 41 +-----------------------
 proxy/src/stream.rs                   | 38 ----------------------
 4 files changed, 3 insertions(+), 163 deletions(-)

diff --git a/proxy/src/auth_proxy/backend.rs b/proxy/src/auth_proxy/backend.rs
index a1d6874570..fed645c33d 100644
--- a/proxy/src/auth_proxy/backend.rs
+++ b/proxy/src/auth_proxy/backend.rs
@@ -8,8 +8,7 @@ use crate::auth::backend::{
 };
 use crate::auth::{self, ComputeUserInfoMaybeEndpoint};
 use crate::auth_proxy::validate_password_and_exchange;
-use crate::console::errors::GetAuthInfoError;
-use crate::console::provider::{CachedRoleSecret, ConsoleBackend};
+use crate::console::provider::ConsoleBackend;
 use crate::console::AuthSecret;
 use crate::context::RequestMonitoring;
 use crate::intern::EndpointIdInt;
@@ -18,11 +17,7 @@ use crate::scram;
 use crate::stream::AuthProxyStreamExt;
 use crate::{
     config::AuthenticationConfig,
-    console::{
-        self,
-        provider::{CachedAllowedIps, CachedNodeInfo},
-        Api,
-    },
+    console::{self, provider::CachedNodeInfo, Api},
 };
 
 use super::AuthProxyStream;
@@ -57,14 +52,6 @@ pub enum Backend<'a, T> {
     Console(MaybeOwned<'a, ConsoleBackend>, T),
 }
 
-#[cfg(test)]
-pub(crate) trait TestBackend: Send + Sync + 'static {
-    fn wake_compute(&self) -> Result<CachedNodeInfo, console::errors::WakeComputeError>;
-    fn get_allowed_ips_and_secret(
-        &self,
-    ) -> Result<(CachedAllowedIps, Option<CachedRoleSecret>), console::errors::GetAuthInfoError>;
-}
-
 impl std::fmt::Display for Backend<'_, ()> {
     fn fmt(&self, fmt: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
         match self {
@@ -103,15 +90,6 @@ impl<'a, T> Backend<'a, T> {
         }
     }
 }
-impl<'a, T, E> Backend<'a, Result<T, E>> {
-    /// Very similar to [`std::option::Option::transpose`].
-    /// This is most useful for error handling.
-    pub(crate) fn transpose(self) -> Result<Backend<'a, T>, E> {
-        match self {
-            Self::Console(c, x) => x.map(|x| Backend::Console(c, x)),
-        }
-    }
-}
 
 /// True to its name, this function encapsulates our current auth trade-offs.
 /// Here, we choose the appropriate auth flow based on circumstances.
@@ -231,26 +209,6 @@ impl<'a> Backend<'a, ComputeUserInfoMaybeEndpoint> {
     }
 }
 
-impl Backend<'_, ComputeUserInfo> {
-    pub(crate) async fn get_role_secret(
-        &self,
-        ctx: &RequestMonitoring,
-    ) -> Result<CachedRoleSecret, GetAuthInfoError> {
-        match self {
-            Self::Console(api, user_info) => api.get_role_secret(ctx, user_info).await,
-        }
-    }
-
-    pub(crate) async fn get_allowed_ips_and_secret(
-        &self,
-        ctx: &RequestMonitoring,
-    ) -> Result<(CachedAllowedIps, Option<CachedRoleSecret>), GetAuthInfoError> {
-        match self {
-            Self::Console(api, user_info) => api.get_allowed_ips_and_secret(ctx, user_info).await,
-        }
-    }
-}
-
 #[async_trait::async_trait]
 impl ComputeConnectBackend for Backend<'_, ComputeCredentials> {
     async fn wake_compute(
diff --git a/proxy/src/auth_proxy/backend/hacks.rs b/proxy/src/auth_proxy/backend/hacks.rs
index 37e9bbb77c..373de39449 100644
--- a/proxy/src/auth_proxy/backend/hacks.rs
+++ b/proxy/src/auth_proxy/backend/hacks.rs
@@ -4,50 +4,9 @@ use super::{
 use crate::{
     auth,
     auth_proxy::{self, AuthFlow, AuthProxyStream},
-    config::AuthenticationConfig,
-    console::AuthSecret,
-    intern::EndpointIdInt,
-    sasl,
 };
 use tracing::{info, warn};
 
-/// Compared to [SCRAM](crate::scram), cleartext password auth saves
-/// one round trip and *expensive* computations (>= 4096 HMAC iterations).
-/// These properties are benefical for serverless JS workers, so we
-/// use this mechanism for websocket connections.
-pub(crate) async fn authenticate_cleartext(
-    info: ComputeUserInfo,
-    client: &mut AuthProxyStream,
-    secret: AuthSecret,
-    config: &'static AuthenticationConfig,
-) -> auth::Result<ComputeCredentials> {
-    warn!("cleartext auth flow override is enabled, proceeding");
-
-    let ep = EndpointIdInt::from(&info.endpoint);
-
-    let auth_flow = AuthFlow::new(client)
-        .begin(auth_proxy::CleartextPassword {
-            secret,
-            endpoint: ep,
-            pool: config.thread_pool.clone(),
-        })
-        .await?;
-    // cleartext auth is only allowed to the ws/http protocol.
-    // If we're here, we already received the password in the first message.
-    // Scram protocol will be executed on the proxy side.
-    let auth_outcome = auth_flow.authenticate().await?;
-
-    let keys = match auth_outcome {
-        sasl::Outcome::Success(key) => key,
-        sasl::Outcome::Failure(reason) => {
-            info!("auth backend failed with an error: {reason}");
-            return Err(auth::AuthError::auth_failed(&*info.user));
-        }
-    };
-
-    Ok(ComputeCredentials { info, keys })
-}
-
 /// Workaround for clients which don't provide an endpoint (project) name.
 /// Similar to [`authenticate_cleartext`], but there's a specific password format,
 /// and passwords are not yet validated (we don't know how to validate them!)
diff --git a/proxy/src/auth_proxy/flow.rs b/proxy/src/auth_proxy/flow.rs
index 0f9af13f03..d6fb4210ba 100644
--- a/proxy/src/auth_proxy/flow.rs
+++ b/proxy/src/auth_proxy/flow.rs
@@ -11,8 +11,8 @@ use crate::{
     stream::AuthProxyStreamExt,
 };
 use pq_proto::{BeAuthenticationSaslMessage, BeMessage, BeMessage as Be};
+use std::io;
 use tokio::task_local;
-use std::{io, sync::Arc};
 use tracing::info;
 
 /// Every authentication selector is supposed to implement this trait.
@@ -52,21 +52,6 @@ impl AuthMethod for PasswordHack {
     }
 }
 
-/// Use clear-text password auth called `password` in docs
-/// <https://www.postgresql.org/docs/current/auth-password.html>
-pub(crate) struct CleartextPassword {
-    pub(crate) pool: Arc<ThreadPool>,
-    pub(crate) endpoint: EndpointIdInt,
-    pub(crate) secret: AuthSecret,
-}
-
-impl AuthMethod for CleartextPassword {
-    #[inline(always)]
-    fn first_message(&self, _channel_binding: bool) -> BeMessage<'_> {
-        Be::AuthenticationCleartextPassword
-    }
-}
-
 /// This wrapper for [`PqStream`] performs client authentication.
 #[must_use]
 pub(crate) struct AuthFlow<'a, State> {
@@ -127,30 +112,6 @@ impl AuthFlow<'_, PasswordHack> {
     }
 }
 
-impl AuthFlow<'_, CleartextPassword> {
-    /// Perform user authentication. Raise an error in case authentication failed.
-    pub(crate) async fn authenticate(self) -> auth::Result<sasl::Outcome<ComputeCredentialKeys>> {
-        let msg = self.stream.read_password_message().await?;
-        let password = msg
-            .strip_suffix(&[0])
-            .ok_or(AuthErrorImpl::MalformedPassword("missing terminator"))?;
-
-        let outcome = validate_password_and_exchange(
-            &self.state.pool,
-            self.state.endpoint,
-            password,
-            self.state.secret,
-        )
-        .await?;
-
-        if let sasl::Outcome::Success(_) = &outcome {
-            self.stream.write_message_noflush(&Be::AuthenticationOk)?;
-        }
-
-        Ok(outcome)
-    }
-}
-
 /// Stream wrapper for handling [SCRAM](crate::scram) auth.
 impl AuthFlow<'_, Scram<'_>> {
     /// Perform user authentication. Raise an error in case authentication failed.
diff --git a/proxy/src/stream.rs b/proxy/src/stream.rs
index 0b9ad33a87..4175177adb 100644
--- a/proxy/src/stream.rs
+++ b/proxy/src/stream.rs
@@ -306,18 +306,6 @@ pub(crate) trait AuthProxyStreamExt {
     /// Write the message into an internal buffer and flush it.
     async fn write_message(&mut self, message: &BeMessage<'_>) -> io::Result<&mut Self>;
 
-    // /// Flush the output buffer into the underlying stream.
-    // async fn flush(&mut self) -> io::Result<&mut Self>;
-
-    /// Write the error message using [`Self::write_message`], then re-throw it.
-    /// Allowing string literals is safe under the assumption they might not contain any runtime info.
-    /// This method exists due to `&str` not implementing `Into<anyhow::Error>`.
-    async fn throw_error_str<T>(
-        &mut self,
-        msg: &'static str,
-        error_kind: ErrorKind,
-    ) -> Result<T, ReportedError>;
-
     /// Write the error message using [`Self::write_message`], then re-throw it.
     /// Trait [`UserFacingError`] acts as an allowlist for error types.
     async fn throw_error<T, E>(&mut self, error: E) -> Result<T, ReportedError>
@@ -350,32 +338,6 @@ impl AuthProxyStreamExt for AuthProxyStream {
         Ok(self)
     }
 
-    /// Write the error message using [`Self::write_message`], then re-throw it.
-    /// Allowing string literals is safe under the assumption they might not contain any runtime info.
-    /// This method exists due to `&str` not implementing `Into<anyhow::Error>`.
-    async fn throw_error_str<T>(
-        &mut self,
-        msg: &'static str,
-        error_kind: ErrorKind,
-    ) -> Result<T, ReportedError> {
-        tracing::info!(
-            kind = error_kind.to_metric_label(),
-            msg,
-            "forwarding error to user"
-        );
-
-        // already error case, ignore client IO error
-        self.write_message(&BeMessage::ErrorResponse(msg, None))
-            .await
-            .inspect_err(|e| debug!("write_message failed: {e}"))
-            .ok();
-
-        Err(ReportedError {
-            source: anyhow::anyhow!(msg),
-            error_kind,
-        })
-    }
-
     /// Write the error message using [`Self::write_message`], then re-throw it.
     /// Trait [`UserFacingError`] acts as an allowlist for error types.
     async fn throw_error<T, E>(&mut self, error: E) -> Result<T, ReportedError>