Remove checkpoint code - less is more (#151)

checkpoint.go

@@ -1,94 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-package main
-
-import (
-	"context"
-	"fmt"
-	"log"
-	"path/filepath"
-
-	"github.com/hashicorp/go-checkpoint"
-	"github.com/placeholderplaceholderplaceholder/opentf/internal/command"
-	"github.com/placeholderplaceholderplaceholder/opentf/internal/command/cliconfig"
-	"go.opentelemetry.io/otel/codes"
-)
-
-func init() {
-	checkpointResult = make(chan *checkpoint.CheckResponse, 1)
-}
-
-var checkpointResult chan *checkpoint.CheckResponse
-
-// runCheckpoint runs a HashiCorp Checkpoint request. You can read about
-// Checkpoint here: https://github.com/hashicorp/go-checkpoint.
-func runCheckpoint(ctx context.Context, c *cliconfig.Config) {
-	// If the user doesn't want checkpoint at all, then return.
-	if c.DisableCheckpoint {
-		log.Printf("[INFO] Checkpoint disabled. Not running.")
-		checkpointResult <- nil
-		return
-	}
-
-	ctx, span := tracer.Start(ctx, "HashiCorp Checkpoint")
-	_ = ctx // prevent staticcheck from complaining to avoid a maintenence hazard of having the wrong ctx in scope here
-	defer span.End()
-
-	configDir, err := cliconfig.ConfigDir()
-	if err != nil {
-		log.Printf("[ERR] Checkpoint setup error: %s", err)
-		checkpointResult <- nil
-		return
-	}
-
-	version := Version
-	if VersionPrerelease != "" {
-		version += fmt.Sprintf("-%s", VersionPrerelease)
-	}
-
-	signaturePath := filepath.Join(configDir, "checkpoint_signature")
-	if c.DisableCheckpointSignature {
-		log.Printf("[INFO] Checkpoint signature disabled")
-		signaturePath = ""
-	}
-
-	resp, err := checkpoint.Check(&checkpoint.CheckParams{
-		Product:       "terraform",
-		Version:       version,
-		SignatureFile: signaturePath,
-		CacheFile:     filepath.Join(configDir, "checkpoint_cache"),
-	})
-	if err != nil {
-		log.Printf("[ERR] Checkpoint error: %s", err)
-		span.SetStatus(codes.Error, err.Error())
-		resp = nil
-	} else {
-		span.SetStatus(codes.Ok, "checkpoint request succeeded")
-	}
-
-	checkpointResult <- resp
-}
-
-// commandVersionCheck implements command.VersionCheckFunc and is used
-// as the version checker.
-func commandVersionCheck() (command.VersionCheckInfo, error) {
-	// Wait for the result to come through
-	info := <-checkpointResult
-	if info == nil {
-		var zero command.VersionCheckInfo
-		return zero, nil
-	}
-
-	// Build the alerts that we may have received about our version
-	alerts := make([]string, len(info.Alerts))
-	for i, a := range info.Alerts {
-		alerts[i] = a.Message
-	}
-
-	return command.VersionCheckInfo{
-		Outdated: info.Outdated,
-		Latest:   info.CurrentVersion,
-		Alerts:   alerts,
-	}, nil
-}

commands.go

@@ -305,7 +305,6 @@ func initCommands(
 				Version:           Version,
 				VersionPrerelease: VersionPrerelease,
 				Platform:          getproviders.CurrentPlatform,
-				CheckFunc:         commandVersionCheck,
 			}, nil
 		},
 

go.mod

@@ -34,7 +34,6 @@ require (
 	github.com/hashicorp/copywrite v0.16.3
 	github.com/hashicorp/errwrap v1.1.0
 	github.com/hashicorp/go-azure-helpers v0.43.0
-	github.com/hashicorp/go-checkpoint v0.5.0
 	github.com/hashicorp/go-cleanhttp v0.5.2
 	github.com/hashicorp/go-getter v1.7.2
 	github.com/hashicorp/go-hclog v1.4.0

go.sum

@@ -591,8 +591,6 @@ github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brv
 github.com/hashicorp/go-azure-helpers v0.12.0/go.mod h1:Zc3v4DNeX6PDdy7NljlYpnrdac1++qNW0I4U+ofGwpg=
 github.com/hashicorp/go-azure-helpers v0.43.0 h1:larj4ZgwO3hKzA9xIOTXRW4NBpI6F3K8wpig8eikNOw=
 github.com/hashicorp/go-azure-helpers v0.43.0/go.mod h1:ofh+59GPB8g/lWI08711STfrIPSPOlXQkuMc8rovpBk=
-github.com/hashicorp/go-checkpoint v0.5.0 h1:MFYpPZCnQqQTE18jFwSII6eUQrD/oxMFp3mlgcqk5mU=
-github.com/hashicorp/go-checkpoint v0.5.0/go.mod h1:7nfLNL10NsxqO4iWuW6tWW0HjZuDrwkBuEQsVcpCOgg=
 github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
 github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
 github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=

internal/command/cliconfig/cliconfig.go

@@ -39,9 +39,6 @@ type Config struct {
 	Providers    map[string]string
 	Provisioners map[string]string
 
-	DisableCheckpoint          bool `hcl:"disable_checkpoint"`
-	DisableCheckpointSignature bool `hcl:"disable_checkpoint_signature"`
-
 	// If set, enables local caching of plugins in this directory to
 	// avoid repeatedly re-downloading over the Internet.
 	PluginCacheDir string `hcl:"plugin_cache_dir"`
@@ -360,8 +357,6 @@ func (c *Config) Merge(c2 *Config) *Config {
 		}
 		result.Provisioners[k] = v
 	}
-	result.DisableCheckpoint = c.DisableCheckpoint || c2.DisableCheckpoint
-	result.DisableCheckpointSignature = c.DisableCheckpointSignature || c2.DisableCheckpointSignature
 
 	result.PluginCacheDir = c.PluginCacheDir
 	if result.PluginCacheDir == "" {

internal/command/cliconfig/cliconfig_test.go

@@ -511,41 +511,3 @@ func TestConfig_Merge(t *testing.T) {
 		t.Fatalf("wrong result\n%s", diff)
 	}
 }
-
-func TestConfig_Merge_disableCheckpoint(t *testing.T) {
-	c1 := &Config{
-		DisableCheckpoint: true,
-	}
-
-	c2 := &Config{}
-
-	expected := &Config{
-		Providers:         map[string]string{},
-		Provisioners:      map[string]string{},
-		DisableCheckpoint: true,
-	}
-
-	actual := c1.Merge(c2)
-	if !reflect.DeepEqual(actual, expected) {
-		t.Fatalf("bad: %#v", actual)
-	}
-}
-
-func TestConfig_Merge_disableCheckpointSignature(t *testing.T) {
-	c1 := &Config{
-		DisableCheckpointSignature: true,
-	}
-
-	c2 := &Config{}
-
-	expected := &Config{
-		Providers:                  map[string]string{},
-		Provisioners:               map[string]string{},
-		DisableCheckpointSignature: true,
-	}
-
-	actual := c1.Merge(c2)
-	if !reflect.DeepEqual(actual, expected) {
-		t.Fatalf("bad: %#v", actual)
-	}
-}

internal/command/version.go

@@ -21,7 +21,6 @@ type VersionCommand struct {
 
 	Version           string
 	VersionPrerelease string
-	CheckFunc         VersionCheckFunc
 	Platform          getproviders.Platform
 }
 
@@ -29,13 +28,8 @@ type VersionOutput struct {
 	Version            string            `json:"terraform_version"`
 	Platform           string            `json:"platform"`
 	ProviderSelections map[string]string `json:"provider_selections"`
-	Outdated           bool              `json:"terraform_outdated"`
 }
 
-// VersionCheckFunc is the callback called by the Version command to
-// check if there is a new version of Terraform.
-type VersionCheckFunc func() (VersionCheckInfo, error)
-
 // VersionCheckInfo is the return value for the VersionCheckFunc callback
 // and tells the Version command information about the latest version
 // of Terraform.
@@ -105,21 +99,6 @@ func (c *VersionCommand) Run(args []string) int {
 		}
 	}
 
-	// If we have a version check function, then let's check for
-	// the latest version as well.
-	if c.CheckFunc != nil {
-		// Check the latest version
-		info, err := c.CheckFunc()
-		if err != nil && !jsonOutput {
-			c.Ui.Error(fmt.Sprintf(
-				"\nError checking latest version: %s", err))
-		}
-		if info.Outdated {
-			outdated = true
-			latest = info.Latest
-		}
-	}
-
 	if jsonOutput {
 		selectionsOutput := make(map[string]string)
 		for providerAddr, lock := range providerLocks {
@@ -138,7 +117,6 @@ func (c *VersionCommand) Run(args []string) int {
 			Version:            versionOutput,
 			Platform:           c.Platform.String(),
 			ProviderSelections: selectionsOutput,
-			Outdated:           outdated,
 		}
 
 		jsonOutput, err := json.MarshalIndent(output, "", "  ")

internal/command/version_test.go

@@ -88,30 +88,6 @@ func TestVersion_flags(t *testing.T) {
 	}
 }
 
-func TestVersion_outdated(t *testing.T) {
-	ui := new(cli.MockUi)
-	m := Meta{
-		Ui: ui,
-	}
-
-	c := &VersionCommand{
-		Meta:      m,
-		Version:   "4.5.6",
-		CheckFunc: mockVersionCheckFunc(true, "4.5.7"),
-		Platform:  getproviders.Platform{OS: "aros", Arch: "riscv64"},
-	}
-
-	if code := c.Run([]string{}); code != 0 {
-		t.Fatalf("bad: \n%s", ui.ErrorWriter.String())
-	}
-
-	actual := strings.TrimSpace(ui.OutputWriter.String())
-	expected := "Terraform v4.5.6\non aros_riscv64\n\nYour version of Terraform is out of date! The latest version\nis 4.5.7. You can update by downloading from https://www.terraform.io/downloads.html"
-	if actual != expected {
-		t.Fatalf("wrong output\ngot: %#v\nwant: %#v", actual, expected)
-	}
-}
-
 func TestVersion_json(t *testing.T) {
 	td := t.TempDir()
 	defer testChdir(t, td)()
@@ -136,8 +112,7 @@ func TestVersion_json(t *testing.T) {
 {
   "terraform_version": "4.5.6",
   "platform": "aros_riscv64",
-  "provider_selections": {},
-  "terraform_outdated": false
+  "provider_selections": {}
 }
 `)
 	if diff := cmp.Diff(expected, actual); diff != "" {
@@ -186,8 +161,7 @@ func TestVersion_json(t *testing.T) {
   "provider_selections": {
     "registry.terraform.io/hashicorp/test1": "7.8.9-beta.2",
     "registry.terraform.io/hashicorp/test2": "1.2.3"
-  },
-  "terraform_outdated": false
+  }
 }
 `)
 	if diff := cmp.Diff(expected, actual); diff != "" {
@@ -195,37 +169,3 @@ func TestVersion_json(t *testing.T) {
 	}
 
 }
-
-func TestVersion_jsonoutdated(t *testing.T) {
-	ui := new(cli.MockUi)
-	m := Meta{
-		Ui: ui,
-	}
-
-	c := &VersionCommand{
-		Meta:      m,
-		Version:   "4.5.6",
-		CheckFunc: mockVersionCheckFunc(true, "4.5.7"),
-		Platform:  getproviders.Platform{OS: "aros", Arch: "riscv64"},
-	}
-
-	if code := c.Run([]string{"-json"}); code != 0 {
-		t.Fatalf("bad: \n%s", ui.ErrorWriter.String())
-	}
-
-	actual := strings.TrimSpace(ui.OutputWriter.String())
-	expected := "{\n  \"terraform_version\": \"4.5.6\",\n  \"platform\": \"aros_riscv64\",\n  \"provider_selections\": {},\n  \"terraform_outdated\": true\n}"
-	if actual != expected {
-		t.Fatalf("wrong output\ngot: %#v\nwant: %#v", actual, expected)
-	}
-}
-
-func mockVersionCheckFunc(outdated bool, latest string) VersionCheckFunc {
-	return func() (VersionCheckInfo, error) {
-		return VersionCheckInfo{
-			Outdated: outdated,
-			Latest:   latest,
-			// Alerts is not used by version command
-		}, nil
-	}
-}

internal/e2e/e2e.go

@@ -123,11 +123,6 @@ func (b *binary) Cmd(args ...string) *exec.Cmd {
 	cmd.Dir = b.workDir
 	cmd.Env = os.Environ()
 
-	// Disable checkpoint since we don't want to harass that service when
-	// our tests run. (This does, of course, mean we can't actually do
-	// end-to-end testing of our Checkpoint interactions.)
-	cmd.Env = append(cmd.Env, "CHECKPOINT_DISABLE=1")
-
 	cmd.Env = append(cmd.Env, b.env...)
 
 	return cmd

main.go

@@ -249,9 +249,6 @@ func realMain() int {
 		initCommands(ctx, originalWd, streams, config, services, providerSrc, providerDevOverrides, unmanagedProviders)
 	}
 
-	// Run checkpoint
-	go runCheckpoint(ctx, config)
-
 	// Make sure we clean up any managed plugins at the end of this
 	defer plugin.CleanupClients()
 

website/docs/cli/commands/index.mdx

@@ -125,38 +125,3 @@ manually in the shell profile, run the following command:
 ```bash
 terraform -uninstall-autocomplete
 ```
-
-## Upgrade and Security Bulletin Checks
-
-The Terraform CLI commands interact with the HashiCorp service
-[Checkpoint](https://checkpoint.hashicorp.com/) to check for the availability
-of new versions and for critical security bulletins about the current version.
-
-One place where the effect of this can be seen is in `terraform version`, where
-it is used by default to indicate in the output when a newer version is
-available.
-
-Only anonymous information, which cannot be used to identify the user or host,
-is sent to Checkpoint. An anonymous ID is sent which helps de-duplicate warning
-messages. Both the anonymous id and the use of checkpoint itself are completely
-optional and can be disabled.
-
-Checkpoint itself can be entirely disabled for all HashiCorp products by
-setting the environment variable `CHECKPOINT_DISABLE` to any non-empty value.
-
-Alternatively, settings in
-[the CLI configuration file](/terraform/cli/config/config-file) can be used to
-disable checkpoint features. The following checkpoint-related settings are
-supported in this file:
-
-* `disable_checkpoint` - set to `true` to disable checkpoint calls
-  entirely. This is similar to the `CHECKPOINT_DISABLE` environment variable
-  described above.
-
-* `disable_checkpoint_signature` - set to `true` to disable the use of an
-  anonymous signature in checkpoint requests. This allows Terraform to check
-  for security bulletins but does not send the anonymous signature in these
-  requests.
-
-[The Checkpoint client code](https://github.com/hashicorp/go-checkpoint) used
-by Terraform is available for review by any interested party.

website/docs/cli/config/config-file.mdx

@@ -47,7 +47,6 @@ of each of these settings:
 
 ```hcl
 plugin_cache_dir   = "$HOME/.terraform.d/plugin-cache"
-disable_checkpoint = true
 ```
 
 ## Available Settings
@@ -62,14 +61,6 @@ The following settings can be set in the CLI configuration file:
   and retrieval of credentials for Terraform Cloud or Terraform Enterprise.
   See [Credentials Helpers](#credentials-helpers) below for more information.
 
-* `disable_checkpoint` — when set to `true`, disables
-  [upgrade and security bulletin checks](/terraform/cli/commands#upgrade-and-security-bulletin-checks)
-  that require reaching out to HashiCorp-provided network services.
-
-* `disable_checkpoint_signature` — when set to `true`, allows the upgrade and
-  security bulletin checks described above but disables the use of an anonymous
-  id used to de-duplicate warning messages.
-
 * `plugin_cache_dir` — enables
   [plugin caching](#provider-plugin-cache)
   and specifies, as a string, the location of the plugin cache directory.