xds: remove env var for security enable/disable (#10243)

xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java

@@ -69,10 +69,7 @@ final class ClusterImplLoadBalancer extends LoadBalancer {
   static boolean enableCircuitBreaking =
       Strings.isNullOrEmpty(System.getenv("GRPC_XDS_EXPERIMENTAL_CIRCUIT_BREAKING"))
           || Boolean.parseBoolean(System.getenv("GRPC_XDS_EXPERIMENTAL_CIRCUIT_BREAKING"));
-  @VisibleForTesting
+
-  static boolean enableSecurity =
-      Strings.isNullOrEmpty(System.getenv("GRPC_XDS_EXPERIMENTAL_SECURITY_SUPPORT"))
-          || Boolean.parseBoolean(System.getenv("GRPC_XDS_EXPERIMENTAL_SECURITY_SUPPORT"));
   private static final Attributes.Key<ClusterLocalityStats> ATTR_CLUSTER_LOCALITY_STATS =
       Attributes.Key.create("io.grpc.xds.ClusterImplLoadBalancer.clusterLocalityStats");
 
@@ -240,7 +237,7 @@ final class ClusterImplLoadBalancer extends LoadBalancer {
       for (EquivalentAddressGroup eag : addresses) {
         Attributes.Builder attrBuilder = eag.getAttributes().toBuilder().set(
             InternalXdsAttributes.ATTR_CLUSTER_NAME, cluster);
-        if (enableSecurity && sslContextProviderSupplier != null) {
+        if (sslContextProviderSupplier != null) {
           attrBuilder.set(
               InternalXdsAttributes.ATTR_SSL_CONTEXT_PROVIDER_SUPPLIER,
               sslContextProviderSupplier);

xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java

@@ -528,20 +528,8 @@ public class ClusterImplLoadBalancerTest {
     }
   }
 
-  @Test
-  public void endpointAddressesAttachedWithTlsConfig_disableSecurity() {
-    boolean originalEnableSecurity = ClusterImplLoadBalancer.enableSecurity;
-    ClusterImplLoadBalancer.enableSecurity = false;
-    subtest_endpointAddressesAttachedWithTlsConfig(false);
-    ClusterImplLoadBalancer.enableSecurity = originalEnableSecurity;
-  }
-
   @Test
   public void endpointAddressesAttachedWithTlsConfig_securityEnabledByDefault() {
-    subtest_endpointAddressesAttachedWithTlsConfig(true);
-  }
-
-  private void subtest_endpointAddressesAttachedWithTlsConfig(boolean enableSecurity) {
     UpstreamTlsContext upstreamTlsContext =
         CommonTlsContextTestsUtil.buildUpstreamTlsContext("google_cloud_private_spiffe", true);
     LoadBalancerProvider weightedTargetProvider = new WeightedTargetLoadBalancerProvider();
@@ -566,11 +554,7 @@ public class ClusterImplLoadBalancerTest {
     for (EquivalentAddressGroup eag : subchannel.getAllAddresses()) {
       SslContextProviderSupplier supplier =
           eag.getAttributes().get(InternalXdsAttributes.ATTR_SSL_CONTEXT_PROVIDER_SUPPLIER);
-      if (enableSecurity) {
+      assertThat(supplier.getTlsContext()).isEqualTo(upstreamTlsContext);
-        assertThat(supplier.getTlsContext()).isEqualTo(upstreamTlsContext);
-      } else {
-        assertThat(supplier).isNull();
-      }
     }
 
     // Removes UpstreamTlsContext from the config.
@@ -597,20 +581,14 @@ public class ClusterImplLoadBalancerTest {
     for (EquivalentAddressGroup eag : subchannel.getAllAddresses()) {
       SslContextProviderSupplier supplier =
           eag.getAttributes().get(InternalXdsAttributes.ATTR_SSL_CONTEXT_PROVIDER_SUPPLIER);
-      if (enableSecurity) {
+      assertThat(supplier.isShutdown()).isFalse();
-        assertThat(supplier.isShutdown()).isFalse();
+      assertThat(supplier.getTlsContext()).isEqualTo(upstreamTlsContext);
-        assertThat(supplier.getTlsContext()).isEqualTo(upstreamTlsContext);
-      } else {
-        assertThat(supplier).isNull();
-      }
     }
     loadBalancer.shutdown();
     for (EquivalentAddressGroup eag : subchannel.getAllAddresses()) {
       SslContextProviderSupplier supplier =
               eag.getAttributes().get(InternalXdsAttributes.ATTR_SSL_CONTEXT_PROVIDER_SUPPLIER);
-      if (enableSecurity) {
+      assertThat(supplier.isShutdown()).isTrue();
-        assertThat(supplier.isShutdown()).isTrue();
-      }
     }
     loadBalancer = null;
   }