machine-a-tron: Drop support for non-api PXE requests

[kensimon]

Description

Machine-a-tron has two modes for making PXE requests: Using the GetPxeInstructions gRPC API directly (use_pxe_api=true), and sending a direct HTTP request to the configured server (use_pxe_api=false).

The direct HTTP request method is broken due to its reliance on the X-Forwarded-For header for conveying the client IP address, but this header has never actually worked (it's only consulted if you use the InsecureClientIp axum extractor, which we've never used.) The only reason use_pxe_api=false worked in the past was because we were forwarding the machine_interface_id as part of the PXE request, but that was removed in #1572.

Rather than fixing this, we should probably just leave X-Forwarded-For unsupported anyway, since it's insecure (a client controls the headers, so they can spoof any machine's PXE script by setting the value to whatever they want) and the only thing that was trying to use it is machine-a-tron, which is only meant for mocks/testing.

By always using the gRPC API for getting the PXE instructions, we lose a small amount of "realism" to the machine-a-tron mocks, by not exercising the actual HTTP request path, but it's worth it to avoid requiring X-Forwarded-For in production just to make this use case work.

Our integration tests that use machine-a-tron have always used use_pxe_api=true so our actual test coverage has never included the "real" PXE HTTP request path anyway.

Type of Change

• Add - New feature or capability
• Change - Changes in existing functionality
• Fix - Bug fixes
• Remove - Removed features or deprecated functionality
• Internal - Internal changes (refactoring, tests, docs, etc.)

Related Issues (Optional)

#2331

Breaking Changes

• This PR contains breaking changes

Changes are not breaking because any configs using use_pxe_api=false will now be silently ignored. machine-a-tron always supports use_pxe_api=true, so this will not break anything, only change how the mocked PXE requests are performed.

Testing

• Unit tests added/updated
• Integration tests added/updated
• Manual testing performed
• No testing required (docs, internal refactor, etc.)

Additional Notes

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 15d74e5c-f918-4d85-ad92-3c74d6a896b3

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}