Skip to content

ROX-31236: Remove ROX_AUTH_MACHINE_TO_MACHINE feature flag#17239

Closed
vikin91 wants to merge 2 commits intomasterfrom
piotr/ROX-31236-remove-auth-m2m-flag
Closed

ROX-31236: Remove ROX_AUTH_MACHINE_TO_MACHINE feature flag#17239
vikin91 wants to merge 2 commits intomasterfrom
piotr/ROX-31236-remove-auth-m2m-flag

Conversation

@vikin91
Copy link
Contributor

@vikin91 vikin91 commented Oct 10, 2025
edited
Loading

Human here

This has been created fully by AI.
I have checked the code changes and the PR description.

Description

This PR removes the ROX_AUTH_MACHINE_TO_MACHINE feature flag which has been enabled by default since Release 4.3 (November 2023) - approximately 2 years in production.

📋 Detailed Implementation Plan:
REMOVAL_PLAN_AUTH_M2M.md

Why it's safe to remove:

  • Enabled since: Release 4.3 (November 2023) - 2 years ago
  • Stability: Single clean toggle, never reverted, no security issues
  • Feature maturity: M2M auth is now standard authentication option
  • Risk assessment: Medium-High (security-critical) but 2 years proven stable

Removal Sequence Justification

This is the second PR of 4 in the feature flag removal sequence.

Position in sequence: SECOND (Parallel track - independent)

Why this order:

Dependencies:

  • Depends on: None (independent)
  • Blocks: None (no other flags depend on M2M auth)

Reference: See attached REMOVAL_PLAN_AUTH_M2M.md for complete analysis.

Files modified:

  • pkg/features/list.go - removed flag definition
  • central/auth/service/service.go - removed conditional datastore init
  • central/auth/service/service_impl.go - removed flag checks in 6 API methods

Suggested reviewers: (AI got it wrong)

User-facing documentation

  • CHANGELOG.md is updated OR update is not needed
  • documentation PR is created and is linked above OR is not needed

Testing and quality

  • the change is production ready: the change is GA, or otherwise the functionality is gated by a feature flag
  • CI results are inspected

Automated testing

  • added unit tests
  • added e2e tests
  • added regression tests
  • added compatibility tests
  • modified existing tests

How I validated my change

  • Verified all feature flag checks removed from auth code
  • Confirmed M2M token exchange tests pass
  • Ran auth service integration tests
  • Verified API endpoints respond correctly
  • No security regressions identified
  • M2M authentication flow works end-to-end

@vikin91
ROX-31236: Remove ROX_AUTH_MACHINE_TO_MACHINE feature flag
0baf731 
This removes the ROX_AUTH_MACHINE_TO_MACHINE feature flag that has been
enabled by default since Release 4.3 (November 2023).

The flag enabled Machine-to-Machine authentication functionality allowing
services to exchange ID tokens for Central access tokens without user
interaction. This behavior is now the standard and only operational mode.

Changes:
- Removed feature flag definition from pkg/features/list.go
- Removed feature flag checks from 6 API methods in service_impl.go
- Removed conditional datastore initialization in service.go
- Removed unused m2mFeatureDisabledError() helper function
- Removed unused features package imports

All M2M authentication functionality remains fully operational.

Partially generated with AI assistance.
@openshift-ci
Copy link

openshift-ci bot commented Oct 10, 2025

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

sourcery-ai[bot]
sourcery-ai bot reviewed Oct 10, 2025
View reviewed changes
Copy link
Contributor

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey there - I've reviewed your changes and they look great!

Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

@rhacs-bot
Copy link
Contributor

rhacs-bot commented Oct 10, 2025
edited
Loading

Images are ready for the commit at 5ca8234.

To use with deploy scripts, first export MAIN_IMAGE_TAG=4.9.x-1044-g5ca823442d.

@codecov
Copy link

codecov bot commented Oct 10, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 0% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 48.84%. Comparing base (9598e78) to head (5ca8234).

Files with missing lines Patch % Lines
central/auth/service/service.go 0.00% 2 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #17239      +/-   ##
==========================================
+ Coverage   48.81%   48.84%   +0.03%     
==========================================
  Files        2717     2717              
  Lines      203219   203198      -21     
==========================================
+ Hits        99200    99258      +58     
+ Misses      96196    96131      -65     
+ Partials     7823     7809      -14
Flag Coverage Δ
go-unit-tests 48.84% <0.00%> (+0.03%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@vikin91 vikin91 mentioned this pull request Oct 10, 2025
Merged
9 tasks
@vikin91
Copy link
Contributor Author

vikin91 commented Oct 10, 2025

Closing in favor of #17234

@vikin91 vikin91 closed this Oct 10, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sourcery-ai sourcery-ai[bot] sourcery-ai[bot] left review comments

Assignees

No one assigned

Labels

99papercuts ai-assisted area/central do-not-merge/work-in-progress

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@vikin91 @rhacs-bot