Cleanup stale logic around using service account credentials in cvd fetch calls.

- TODO(b/425716010).
- Follow up of #1230

Bug: b/425716010

Author: ser-io

.github/workflows/presubmit.yaml

@@ -392,10 +392,6 @@ jobs:
           fi
         done
         sudo podman rm -f tester
-        # Run create_with_gce_credentials_test
-        sudo podman run --name tester -d --privileged --pids-limit=8192 -v /tmp/cw_bazel:/tmp/cw_bazel -v .:/src/workspace -w /src/workspace/e2etests --add-host="metadata.google.internal:127.0.0.1" android-cuttlefish-e2etest:latest
-        sudo podman exec --user=testrunner -it tester bazel --output_user_root=/tmp/cw_bazel/output test //orchestration/create_with_gce_credentials_test:create_with_gce_credentials_test_test
-        sudo podman rm -f tester
         # Run verify_access_token_test
         sudo podman run --name tester -d  --privileged --pids-limit=8192 -v /tmp/cw_bazel:/tmp/cw_bazel -v .:/src/workspace -w /src/workspace/e2etests android-cuttlefish-e2etest:latest
         sleep 30s # Add delay before restarting cuttlefish-host_orchestrator service.

e2etests/orchestration/create_with_gce_credentials_test/BUILD.bazel

@@ -953,18 +953,6 @@ func getFetchCredentials(config BuildAPICredentialsConfig, r *http.Request) cvd.
 			UseGCEServiceAccountCredentials: true,
 		}
 	}
-	// TODO(b/425716010): Remove the following block, and use `config.UseGCEMetadata` instead
-	if isRunningOnGCE() {
-		log.Println("fetch credentials: running on gce")
-		if ok, err := hasServiceAccountAccessToken(); err != nil {
-			log.Printf("fetch credentials: service account token check failed: %s", err)
-		} else if ok {
-			log.Println("fetch credentials: using gce service account credentials")
-			return cvd.FetchCredentials{
-				UseGCEServiceAccountCredentials: true,
-			}
-		}
-	}
 	log.Println("fetch credentials: using no credentials")
 	return cvd.FetchCredentials{}
 }

e2etests/orchestration/create_with_gce_credentials_test/main_test.go

@@ -19,8 +19,6 @@ import (
 	"context"
 	"fmt"
 	"log"
-	"net"
-	"net/http"
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -242,23 +240,3 @@ func runAcloudSetup(execContext hoexec.ExecContext, artifactsRootDir, artifactsD
 	// Creates symbolic link `acloud_link` which points to the passed device artifacts directory.
 	go run(execContext(context.TODO(), "ln", "-s", artifactsDir, artifactsRootDir+"/acloud_link"))
 }
-
-func isRunningOnGCE() bool {
-	_, err := net.LookupIP("metadata.google.internal")
-	return err == nil
-}
-
-// For instances running on GCE, checks whether the instance was created with a service account having an access token.
-func hasServiceAccountAccessToken() (bool, error) {
-	req, err := http.NewRequest("GET", "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/token", nil)
-	if err != nil {
-		return false, err
-	}
-	req.Header.Set("Metadata-Flavor", "Google")
-	client := &http.Client{}
-	res, err := client.Do(req)
-	if err != nil {
-		return false, err
-	}
-	return res.StatusCode == http.StatusOK, nil
-}

frontend/src/host_orchestrator/orchestrator/controller.go

@@ -10,9 +10,6 @@ RUN groupadd kvm
 COPY tools/testutils/cw/setup.service /etc/systemd/system/setup.service
 RUN systemctl enable setup
 
-# Enabled with `podman run --add-host="metadata.google.internal:127.0.0.1"`
-COPY tools/testutils/cw/fake_gce_metadata_nginx.conf /etc/nginx/conf.d/fake_gce_metadata_nginx.conf
-
 FROM base AS with_bazel
 
 RUN --mount=source=.,target=/mnt,type=bind \