diff --git a/lib/auth/join_bound_keypair.go b/lib/auth/join_bound_keypair.go index 395c5c845f024..b86f477869dc6 100644 --- a/lib/auth/join_bound_keypair.go +++ b/lib/auth/join_bound_keypair.go @@ -35,7 +35,6 @@ import ( "github.com/gravitational/teleport/api/types" apievents "github.com/gravitational/teleport/api/types/events" "github.com/gravitational/teleport/lib/boundkeypair" - "github.com/gravitational/teleport/lib/boundkeypair/boundkeypairexperiment" "github.com/gravitational/teleport/lib/defaults" "github.com/gravitational/teleport/lib/events" "github.com/gravitational/teleport/lib/jwt" @@ -53,13 +52,6 @@ type createBoundKeypairValidator func(subject string, clusterName string, public // validateBoundKeypairTokenSpec performs some basic validation checks on a // bound_keypair-type join token. func validateBoundKeypairTokenSpec(spec *types.ProvisionTokenSpecV2BoundKeypair) error { - // Various constant checks, shared between creation and update. Many of - // these checks are temporary and will be removed alongside the experiment - // flag. - if !boundkeypairexperiment.Enabled() { - return trace.BadParameter("bound keypair joining experiment is not enabled") - } - if spec.Recovery == nil { return trace.BadParameter("spec.bound_keypair.recovery: field is required") } diff --git a/lib/auth/join_bound_keypair_test.go b/lib/auth/join_bound_keypair_test.go index cc7640e640f98..8c660ed50daa5 100644 --- a/lib/auth/join_bound_keypair_test.go +++ b/lib/auth/join_bound_keypair_test.go @@ -38,7 +38,6 @@ import ( "github.com/gravitational/teleport/api/types" "github.com/gravitational/teleport/lib/auth/testauthority" "github.com/gravitational/teleport/lib/boundkeypair" - "github.com/gravitational/teleport/lib/boundkeypair/boundkeypairexperiment" "github.com/gravitational/teleport/lib/cryptosuites" "github.com/gravitational/teleport/lib/sshutils" "github.com/gravitational/teleport/lib/tlsca" @@ -98,10 +97,9 @@ func parseJoinState(t *testing.T, state []byte) *boundkeypair.JoinState { } func TestServer_RegisterUsingBoundKeypairMethod(t *testing.T) { - ctx := context.Background() + t.Parallel() - // TODO: This prevents parallel execution; remove along with the experiment. - boundkeypairexperiment.SetEnabled(true) + ctx := context.Background() _, correctPublicKey := testBoundKeypair(t) _, rotatedPublicKey := testBoundKeypair(t) @@ -937,10 +935,9 @@ func testExtractBotParamsFromCerts(t *testing.T, certs *proto.Certs) (string, ui } func TestServer_RegisterUsingBoundKeypairMethod_GenerationCounter(t *testing.T) { - ctx := context.Background() + t.Parallel() - // TODO: This prevents parallel execution; remove along with the experiment. - boundkeypairexperiment.SetEnabled(true) + ctx := context.Background() sshPrivateKey, sshPublicKey, err := testauthority.New().GenerateKeyPair() require.NoError(t, err) @@ -1117,10 +1114,9 @@ func TestServer_RegisterUsingBoundKeypairMethod_GenerationCounter(t *testing.T) } func TestServer_RegisterUsingBoundKeypairMethod_JoinStateFailure(t *testing.T) { - ctx := context.Background() + t.Parallel() - // TODO: This prevents parallel execution; remove along with the experiment. - boundkeypairexperiment.SetEnabled(true) + ctx := context.Background() sshPrivateKey, sshPublicKey, err := testauthority.New().GenerateKeyPair() require.NoError(t, err) diff --git a/lib/boundkeypair/boundkeypairexperiment/experiment.go b/lib/boundkeypair/boundkeypairexperiment/experiment.go deleted file mode 100644 index 09c014cfeb140..0000000000000 --- a/lib/boundkeypair/boundkeypairexperiment/experiment.go +++ /dev/null @@ -1,43 +0,0 @@ -// Teleport -// Copyright (C) 2025 Gravitational, Inc. -// -// This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU Affero General Public License as published by -// the Free Software Foundation, either version 3 of the License, or -// (at your option) any later version. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU Affero General Public License for more details. -// -// You should have received a copy of the GNU Affero General Public License -// along with this program. If not, see . - -package boundkeypairexperiment - -import ( - "os" - "strconv" - "sync" -) - -var mu sync.Mutex - -var experimentEnabled, _ = strconv.ParseBool(os.Getenv("TELEPORT_UNSTABLE_BOUND_KEYPAIR_JOINING_EXPERIMENT")) - -// Enabled returns true if the bound keypair joining experiment is enabled. -func Enabled() bool { - mu.Lock() - defer mu.Unlock() - - return experimentEnabled -} - -// SetEnabled sets the experiment enabled flag. -func SetEnabled(enabled bool) { - mu.Lock() - defer mu.Unlock() - - experimentEnabled = enabled -} diff --git a/lib/web/join_tokens_test.go b/lib/web/join_tokens_test.go index 8f13deb3afb7e..68cfca4d3b67a 100644 --- a/lib/web/join_tokens_test.go +++ b/lib/web/join_tokens_test.go @@ -48,7 +48,6 @@ import ( "github.com/gravitational/teleport/lib/auth/authclient" "github.com/gravitational/teleport/lib/automaticupgrades" "github.com/gravitational/teleport/lib/boundkeypair" - "github.com/gravitational/teleport/lib/boundkeypair/boundkeypairexperiment" "github.com/gravitational/teleport/lib/defaults" "github.com/gravitational/teleport/lib/fixtures" "github.com/gravitational/teleport/lib/modules" @@ -481,9 +480,6 @@ func TestCreateTokenExpiry(t *testing.T) { }, }) - // TODO: Remove this once bound keypair experiment flag is removed. - boundkeypairexperiment.SetEnabled(true) - ctx := context.Background() username := "test-user@example.com" env := newWebPack(t, 1)