config: remove unused databroker storage settings

Config options concerning the TLS connection from databroker to storage
backend are now unused. TLS options for this connection can instead be
set directly in the databroker storage connection string.

config/options.go

@@ -251,10 +251,6 @@ type Options struct {
 	// DataBrokerStorageConnectionString is the data source name for storage backend.
 	DataBrokerStorageConnectionString     string `mapstructure:"databroker_storage_connection_string" yaml:"databroker_storage_connection_string,omitempty"`
 	DataBrokerStorageConnectionStringFile string `mapstructure:"databroker_storage_connection_string_file" yaml:"databroker_storage_connection_string_file,omitempty"`
-	DataBrokerStorageCertFile             string `mapstructure:"databroker_storage_cert_file" yaml:"databroker_storage_cert_file,omitempty"`
-	DataBrokerStorageCertKeyFile          string `mapstructure:"databroker_storage_key_file" yaml:"databroker_storage_key_file,omitempty"`
-	DataBrokerStorageCAFile               string `mapstructure:"databroker_storage_ca_file" yaml:"databroker_storage_ca_file,omitempty"`
-	DataBrokerStorageCertSkipVerify       bool   `mapstructure:"databroker_storage_tls_skip_verify" yaml:"databroker_storage_tls_skip_verify,omitempty"`
 
 	// DownstreamMTLS holds all downstream mTLS settings.
 	DownstreamMTLS DownstreamMTLSSettings `mapstructure:"downstream_mtls" yaml:"downstream_mtls,omitempty"`
@@ -696,19 +692,6 @@ func (o *Options) Validate() error {
 		hasCert = true
 	}
 
-	if o.DataBrokerStorageCertFile != "" || o.DataBrokerStorageCertKeyFile != "" {
-		_, err := cryptutil.CertificateFromFile(o.DataBrokerStorageCertFile, o.DataBrokerStorageCertKeyFile)
-		if err != nil {
-			return fmt.Errorf("config: bad databroker cert file %w", err)
-		}
-	}
-
-	if o.DataBrokerStorageCAFile != "" {
-		if _, err := os.Stat(o.DataBrokerStorageCAFile); err != nil {
-			return fmt.Errorf("config: bad databroker ca file: %w", err)
-		}
-	}
-
 	if err := o.DownstreamMTLS.validate(); err != nil {
 		return fmt.Errorf("config: bad downstream mTLS settings: %w", err)
 	}
@@ -1076,15 +1059,6 @@ func (o *Options) HasAnyDownstreamMTLSClientCA() bool {
 	return false
 }
 
-// GetDataBrokerCertificate gets the optional databroker certificate. This method will return nil if no certificate is
-// specified.
-func (o *Options) GetDataBrokerCertificate() (*tls.Certificate, error) {
-	if o.DataBrokerStorageCertFile == "" || o.DataBrokerStorageCertKeyFile == "" {
-		return nil, nil
-	}
-	return cryptutil.CertificateFromFile(o.DataBrokerStorageCertFile, o.DataBrokerStorageCertKeyFile)
-}
-
 // GetDataBrokerStorageConnectionString gets the databroker storage connection string from either a file
 // or the config option directly. If from a file spaces are trimmed off the ends.
 func (o *Options) GetDataBrokerStorageConnectionString() (string, error) {
@@ -1558,7 +1532,6 @@ func (o *Options) ApplySettings(ctx context.Context, certsIndex *cryptutil.Certi
 	set(&o.DataBrokerInternalURLString, settings.DatabrokerInternalServiceUrl)
 	set(&o.DataBrokerStorageType, settings.DatabrokerStorageType)
 	set(&o.DataBrokerStorageConnectionString, settings.DatabrokerStorageConnectionString)
-	set(&o.DataBrokerStorageCertSkipVerify, settings.DatabrokerStorageTlsSkipVerify)
 	o.DownstreamMTLS.applySettingsProto(ctx, settings.DownstreamMtls)
 	set(&o.GoogleCloudServerlessAuthenticationServiceAccount, settings.GoogleCloudServerlessAuthenticationServiceAccount)
 	set(&o.UseProxyProtocol, settings.UseProxyProtocol)