Merge pull request #4986 from jinlinGuan/issue-4985

feat!: Remove consul dependency

.gitignore

@@ -31,9 +31,6 @@ cmd/security-bootstrapper/security-bootstrapper
 cmd/security-proxy-auth/security-proxy-auth
 cmd/security-spiffe-token-provider/security-spiffe-token-provider
 
-internal/security/bootstrapper/command/setupacl/test1/bootstrap_token.json
-internal/security/bootstrapper/command/setupacl/test2/bootstrap_token.json
-
 docs/_build/
 
 # log dirs

cmd/core-common-config-bootstrapper/res/configuration.yaml

@@ -13,8 +13,6 @@ all-services:
         # Common Security Service Metrics
         SecuritySecretsRequested: false
         SecuritySecretsStored: false
-        SecurityConsulTokensRequested: false
-        SecurityConsulTokenDuration: false
         SecurityRuntimeSecretTokenDuration: false
         SecurityGetSecretDuration: false
 #     Tags: # Contains the service level tags to be attached to all the service's metrics

cmd/security-bootstrapper/Dockerfile

@@ -67,9 +67,6 @@ COPY --from=builder /edgex-go/cmd/security-bootstrapper/res-bootstrap-postgres/c
 # needed for bootstrapping mosquitto
 COPY --from=builder /edgex-go/cmd/security-bootstrapper/res-bootstrap-mosquitto/configuration.yaml ${BOOTSTRAP_MOSQUITTO_DIR}/res/
 
-# copy Consul ACL related configs
-COPY --from=builder /edgex-go/cmd/security-bootstrapper/consul-acl/ ${SECURITY_INIT_STAGING}/consul-bootstrapper/
-
 # setup entry point script
 COPY --from=builder /edgex-go/cmd/security-bootstrapper/entrypoint.sh /
 RUN chmod +x /entrypoint.sh

cmd/security-bootstrapper/res/configuration.yaml

@@ -13,46 +13,6 @@ StageGate:
     Host: edgex-postgres
     Port: 5432
     ReadyPort: 54323
-  Registry:  # this is intended to be the same as Registry.Host/.Port for other services
-    Host: edgex-core-keeper
-    Port: 59890
-    ReadyPort: 54324
-    ACL:
-      Protocol: http
-      # this is the filepath for the generated Consul management token from ACL bootstrap
-      BootstrapTokenPath: /tmp/edgex/secrets/consul-acl-token/bootstrap_token.json
-      # this is the filepath for the Vault token created from secretstore-setup
-      SecretsAdminTokenPath: /tmp/edgex/secrets/edgex-consul/admin/token.json
-      # this is the filepath for the sentinel file to indicate the registry ACL is set up successfully
-      SentinelFilePath: /edgex-init/consul-bootstrapper/consul_acl_done
-      # this is the filepath for the created Consul management token
-      ManagementTokenPath: /tmp/edgex/secrets/consul-acl-token/mgmt_token.json
-
-      # this section contains the list of registry roles for EdgeX services
-      # the service keys are the role names
-      Roles:
-        app-rules-engine:
-          Description: role for application service of rules engine
-        core-data:
-          Description: role for coredata
-        core-metadata:
-          Description: role for metadata
-        core-command:
-          Description: role for command
-        core-common-config-bootstrapper:
-          Description: role for common config
-        support-notifications:
-          Description: role for notifications
-        support-cron-scheduler:
-          Description: role for cron-scheduler
-        device-virtual:
-          Description: role for device virtual service
-        device-rest:
-          Description: role for device rest service
-        security-proxy-auth:
-          Description: role for NGINX auth proxy backend service
-        security-spiffe-token-provider:
-          Description: role for device security-spiffe-token-provider service
   WaitFor:
     Timeout: 10s
     RetryInterval: 1s

cmd/security-proxy-setup/entrypoint.sh

@@ -294,17 +294,6 @@ server {
       auth_request_set   \$auth_status \$upstream_status;
     }
 
-    # Note: Consul implements its own authentication mechanism (only allow API, /v1, through)
-    set \$upstream_core_consul edgex-core-consul;
-    location /consul/v1 {
-`cat "${corssnippet}"`
-      rewrite            /consul/(.*) /\$1 break;
-      resolver           127.0.0.11 valid=30s;
-      proxy_pass         http://\$upstream_core_consul:8500;
-      proxy_redirect     off;
-      proxy_set_header   Host \$host;
-    }
-
     # Note: OpenBao login API does not require authentication at the gateway for obvious reasons
     set \$upstream_secret_store edgex-secret-store;
     location /vault/v1/auth/userpass/login {

cmd/security-secretstore-setup/res/configuration.yaml

@@ -37,7 +37,6 @@ SecretStore:
   PasswordProvider: ""
   PasswordProviderArgs: []
   RevokeRootTokens: true
-  ConsulSecretsAdminTokenPath: /tmp/edgex/secrets/edgex-consul/admin/token.json
 Database:
   Host: "localhost"
   Port: 5432

go.mod

@@ -4,11 +4,11 @@ go 1.23
 
 require (
 	github.com/eclipse/paho.mqtt.golang v1.5.0
-	github.com/edgexfoundry/go-mod-bootstrap/v4 v4.0.0-dev.1
-	github.com/edgexfoundry/go-mod-configuration/v4 v4.0.0-dev.1
+	github.com/edgexfoundry/go-mod-bootstrap/v4 v4.0.0-dev.2
+	github.com/edgexfoundry/go-mod-configuration/v4 v4.0.0-dev.3
 	github.com/edgexfoundry/go-mod-core-contracts/v4 v4.0.0-dev.2
-	github.com/edgexfoundry/go-mod-messaging/v4 v4.0.0-dev.2
-	github.com/edgexfoundry/go-mod-secrets/v4 v4.0.0-dev.1
+	github.com/edgexfoundry/go-mod-messaging/v4 v4.0.0-dev.3
+	github.com/edgexfoundry/go-mod-secrets/v4 v4.0.0-dev.2
 	github.com/fxamacker/cbor/v2 v2.7.0
 	github.com/go-co-op/gocron/v2 v2.12.1
 	github.com/gomodule/redigo v1.9.2
@@ -22,19 +22,15 @@ require (
 	github.com/spiffe/go-spiffe/v2 v2.4.0
 	github.com/stretchr/testify v1.9.0
 	golang.org/x/crypto v0.28.0
-	gopkg.in/eapache/queue.v1 v1.1.0
 	gopkg.in/yaml.v3 v3.0.1
 )
 
 require (
 	github.com/Microsoft/go-winio v0.6.2 // indirect
-	github.com/armon/go-metrics v0.4.1 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
-	github.com/cenkalti/backoff v2.2.1+incompatible // indirect
 	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
-	github.com/edgexfoundry/go-mod-registry/v4 v4.0.0-dev.1 // indirect
-	github.com/fatih/color v1.16.0 // indirect
+	github.com/edgexfoundry/go-mod-registry/v4 v4.0.0-dev.2 // indirect
 	github.com/fsnotify/fsnotify v1.7.0 // indirect
 	github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa // indirect
 	github.com/gabriel-vasile/mimetype v1.4.3 // indirect
@@ -66,15 +62,8 @@ require (
 	github.com/gorilla/schema v1.4.1 // indirect
 	github.com/gorilla/securecookie v1.1.2 // indirect
 	github.com/gorilla/websocket v1.5.3 // indirect
-	github.com/hashicorp/consul/api v1.29.4 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
-	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
-	github.com/hashicorp/go-hclog v1.5.0 // indirect
-	github.com/hashicorp/go-immutable-radix v1.3.1 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
-	github.com/hashicorp/go-rootcerts v1.0.2 // indirect
-	github.com/hashicorp/golang-lru v0.5.4 // indirect
-	github.com/hashicorp/serf v0.10.1 // indirect
 	github.com/jackc/pgpassfile v1.0.0 // indirect
 	github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect
 	github.com/jackc/puddle/v2 v2.2.2 // indirect
@@ -91,9 +80,7 @@ require (
 	github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect
 	github.com/michaelquigley/pfxlog v0.6.10 // indirect
 	github.com/miekg/pkcs11 v1.1.1 // indirect
-	github.com/mitchellh/consulstructure v0.0.0-20190329231841-56fdc4d2da54 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
-	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/mitchellh/go-ps v1.0.0 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect