Merge pull request #5080 from Infisical/chore/remove-pki-acme-feature-flg

chore: remove usages of pkiAcme feature flag
2026-01-05 05:34:17 -05:00 · 2025-12-26 03:42:08 -05:00
parent 2412d87ceb 30400691f7
commit 3c032f0a10
6 changed files with 5 additions and 90 deletions
--- a/backend/src/ee/services/pki-acme/pki-acme-service.ts
+++ b/backend/src/ee/services/pki-acme/pki-acme-service.ts
@@ -47,7 +47,6 @@ import { TProjectDALFactory } from "@app/services/project/project-dal";
 import { getProjectKmsCertificateKeyId } from "@app/services/project/project-fns";

 import { EventType, TAuditLogServiceFactory } from "../audit-log/audit-log-types";
-import { TLicenseServiceFactory } from "../license/license-service";
 import { TPkiAcmeAccountDALFactory } from "./pki-acme-account-dal";
 import { TPkiAcmeAuthDALFactory } from "./pki-acme-auth-dal";
 import { TPkiAcmeChallengeDALFactory } from "./pki-acme-challenge-dal";
@@ -61,7 +60,6 @@ import {
  AcmeMalformedError,
  AcmeOrderNotReadyError,
  AcmeServerInternalError,
-  AcmeUnauthorizedError,
  AcmeUnsupportedIdentifierError
 } from "./pki-acme-errors";
 import { buildUrl, extractAccountIdFromKid, validateDnsIdentifier } from "./pki-acme-fns";
@@ -129,7 +127,6 @@ type TPkiAcmeServiceFactoryDep = {
    TKmsServiceFactory,
    "decryptWithKmsKey" | "generateKmsKey" | "encryptWithKmsKey" | "createCipherPairWithDataKey"
  >;
-  licenseService: Pick<TLicenseServiceFactory, "getPlan">;
  certificateV3Service: Pick<TCertificateV3ServiceFactory, "signCertificateFromProfile">;
  certificateTemplateV2Service: Pick<TCertificateTemplateV2ServiceFactory, "validateCertificateRequest">;
  certificateRequestService: Pick<TCertificateRequestServiceFactory, "createCertificateRequest">;
@@ -152,7 +149,6 @@ export const pkiAcmeServiceFactory = ({
  acmeChallengeDAL,
  keyStore,
  kmsService,
-  licenseService,
  certificateV3Service,
  certificateTemplateV2Service,
  certificateRequestService,
@@ -169,12 +165,6 @@ export const pkiAcmeServiceFactory = ({
    if (profile.enrollmentType !== EnrollmentType.ACME) {
      throw new NotFoundError({ message: "Certificate profile is not configured for ACME enrollment" });
    }
-    const orgLicensePlan = await licenseService.getPlan(profile.project!.orgId);
-    if (!orgLicensePlan.pkiAcme) {
-      throw new AcmeUnauthorizedError({
-        message: "Failed to validate ACME profile: Plan restriction. Upgrade plan to continue"
-      });
-    }
    return profile;
  };

--- a/backend/src/server/routes/index.ts
+++ b/backend/src/server/routes/index.ts
@@ -1227,7 +1227,6 @@ export const registerRoutes = async (
    certificateAuthorityDAL,
    externalCertificateAuthorityDAL,
    permissionService,
-    licenseService,
    kmsService,
    projectDAL
  });
@@ -2340,7 +2339,6 @@ export const registerRoutes = async (
    acmeChallengeDAL,
    keyStore,
    kmsService,
-    licenseService,
    certificateV3Service,
    certificateTemplateV2Service,
    certificateRequestService,
--- a/backend/src/services/certificate-profile/certificate-profile-service.test.ts
+++ b/backend/src/services/certificate-profile/certificate-profile-service.test.ts
@@ -5,9 +5,8 @@
 import { ForbiddenError } from "@casl/ability";
 import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";

-import { TLicenseServiceFactory } from "@app/ee/services/license/license-service";
 import type { TPermissionServiceFactory } from "@app/ee/services/permission/permission-service-types";
-import { BadRequestError, ForbiddenRequestError, NotFoundError } from "@app/lib/errors";
+import { ForbiddenRequestError, NotFoundError } from "@app/lib/errors";

 import { ActorType, AuthMethod } from "../auth/auth-type";
 import type { TCertificateBodyDALFactory } from "../certificate/certificate-body-dal";
@@ -175,10 +174,6 @@ describe("CertificateProfileService", () => {
    })
  } as unknown as Pick<TPermissionServiceFactory, "getProjectPermission">;

-  const mockLicenseService = {
-    getPlan: vi.fn()
-  } as unknown as Pick<TLicenseServiceFactory, "getPlan">;
-
  const mockKmsService = {
    encryptWithKmsKey: vi
      .fn()
@@ -258,7 +253,6 @@ describe("CertificateProfileService", () => {
      certificateAuthorityDAL: mockCertificateAuthorityDAL,
      externalCertificateAuthorityDAL: mockExternalCertificateAuthorityDAL,
      permissionService: mockPermissionService,
-      licenseService: mockLicenseService,
      kmsService: mockKmsService,
      projectDAL: mockProjectDAL
    });
@@ -287,9 +281,6 @@ describe("CertificateProfileService", () => {
        id: "project-123",
        orgId: "org-123"
      });
-      (mockLicenseService.getPlan as any).mockResolvedValue({
-        pkiAcme: true
-      });
      (mockCertificateTemplateV2DAL.findById as any).mockResolvedValue(sampleTemplate);
      (mockCertificateProfileDAL.findByNameAndProjectId as any).mockResolvedValue(null);
      (mockCertificateProfileDAL.findBySlugAndProjectId as any).mockResolvedValue(null);
@@ -423,30 +414,6 @@ describe("CertificateProfileService", () => {
      expect(result).toEqual(sampleProfile);
      expect(mockCertificateTemplateV2DAL.findById).toHaveBeenCalledWith("template-123");
    });
-
-    it("should throw BadRequestError when plan does not support ACME", async () => {
-      (mockLicenseService.getPlan as any).mockResolvedValue({
-        pkiAcme: false
-      });
-
-      await expect(
-        service.createProfile({
-          ...mockActor,
-          projectId: "project-123",
-          data: {
-            ...validProfileData,
-            enrollmentType: EnrollmentType.ACME,
-            acmeConfig: {},
-            apiConfig: undefined,
-            estConfig: undefined
-          }
-        })
-      ).rejects.toThrowError(
-        new BadRequestError({
-          message: "Failed to create certificate profile: Plan restriction. Upgrade plan to continue"
-        })
-      );
-    });
  });

  describe("updateProfile", () => {
@@ -756,9 +723,6 @@ describe("CertificateProfileService", () => {
          id: "project-123",
          orgId: "org-123"
        });
-        (mockLicenseService.getPlan as any).mockResolvedValue({
-          pkiAcme: true
-        });
        (mockCertificateTemplateV2DAL.findById as any).mockResolvedValue(sampleTemplate);
        (mockCertificateProfileDAL.findByNameAndProjectId as any).mockResolvedValue(null);
        (mockCertificateProfileDAL.findBySlugAndProjectId as any).mockResolvedValue(null);
--- a/backend/src/services/certificate-profile/certificate-profile-service.ts
+++ b/backend/src/services/certificate-profile/certificate-profile-service.ts
@@ -2,7 +2,6 @@ import { ForbiddenError, subject } from "@casl/ability";
 import * as x509 from "@peculiar/x509";

 import { ActionProjectType } from "@app/db/schemas";
-import { TLicenseServiceFactory } from "@app/ee/services/license/license-service";
 import { TPermissionServiceFactory } from "@app/ee/services/permission/permission-service-types";
 import {
  ProjectPermissionCertificateActions,
@@ -233,7 +232,6 @@ type TCertificateProfileServiceFactoryDep = {
  certificateAuthorityDAL: Pick<TCertificateAuthorityDALFactory, "findById">;
  externalCertificateAuthorityDAL: Pick<TExternalCertificateAuthorityDALFactory, "findById" | "findOne">;
  permissionService: Pick<TPermissionServiceFactory, "getProjectPermission">;
-  licenseService: Pick<TLicenseServiceFactory, "getPlan">;
  kmsService: Pick<TKmsServiceFactory, "generateKmsKey" | "encryptWithKmsKey" | "decryptWithKmsKey">;
  projectDAL: Pick<TProjectDALFactory, "findProjectBySlug" | "findOne" | "updateById" | "findById" | "transaction">;
 };
@@ -271,7 +269,6 @@ export const certificateProfileServiceFactory = ({
  certificateAuthorityDAL,
  externalCertificateAuthorityDAL,
  permissionService,
-  licenseService,
  kmsService,
  projectDAL
 }: TCertificateProfileServiceFactoryDep) => {
@@ -309,12 +306,6 @@ export const certificateProfileServiceFactory = ({
    if (!project) {
      throw new NotFoundError({ message: "Project not found" });
    }
-    const plan = await licenseService.getPlan(project.orgId);
-    if (!plan.pkiAcme && data.enrollmentType === EnrollmentType.ACME) {
-      throw new BadRequestError({
-        message: "Failed to create certificate profile: Plan restriction. Upgrade plan to continue"
-      });
-    }

    // Validate that certificate template exists and belongs to the same project
    if (data.certificateTemplateId) {
--- a/frontend/src/pages/cert-manager/PoliciesPage/components/CertificateProfilesTab/CertificateProfilesTab.tsx
+++ b/frontend/src/pages/cert-manager/PoliciesPage/components/CertificateProfilesTab/CertificateProfilesTab.tsx
@@ -30,7 +30,7 @@ export const CertificateProfilesTab = () => {
  const [selectedProfile, setSelectedProfile] = useState<TCertificateProfileWithDetails | null>(
    null
  );
-  const { popUp, handlePopUpOpen, handlePopUpToggle } = usePopUp(["upgradePlan"] as const);
+  const { popUp, handlePopUpToggle } = usePopUp(["upgradePlan"] as const);

  const deleteProfile = useDeleteCertificateProfile();

@@ -105,11 +105,7 @@ export const CertificateProfilesTab = () => {
        onDeleteProfile={handleDeleteProfile}
      />

-      <CreateProfileModal
-        isOpen={isCreateModalOpen}
-        onClose={() => setIsCreateModalOpen(false)}
-        handlePopUpOpen={handlePopUpOpen}
-      />
+      <CreateProfileModal isOpen={isCreateModalOpen} onClose={() => setIsCreateModalOpen(false)} />
      <UpgradePlanModal
        isOpen={popUp.upgradePlan.isOpen}
        onOpenChange={(isOpen) => handlePopUpToggle("upgradePlan", isOpen)}
@@ -125,7 +121,6 @@ export const CertificateProfilesTab = () => {
              setIsEditModalOpen(false);
              setSelectedProfile(null);
            }}
-            handlePopUpOpen={handlePopUpOpen}
            profile={selectedProfile}
            mode="edit"
          />
--- a/frontend/src/pages/cert-manager/PoliciesPage/components/CertificateProfilesTab/CreateProfileModal.tsx
+++ b/frontend/src/pages/cert-manager/PoliciesPage/components/CertificateProfilesTab/CreateProfileModal.tsx
@@ -19,7 +19,7 @@ import {
  TextArea,
  Tooltip
 } from "@app/components/v2";
-import { useProject, useSubscription } from "@app/context";
+import { useProject } from "@app/context";
 import { CaType } from "@app/hooks/api/ca/enums";
 import { useGetAzureAdcsTemplates, useListCasByProjectId } from "@app/hooks/api/ca/queries";
 import {
@@ -32,7 +32,6 @@ import {
  useUpdateCertificateProfile
 } from "@app/hooks/api/certificateProfiles";
 import { useListCertificateTemplatesV2 } from "@app/hooks/api/certificateTemplates/queries";
-import { UsePopUpState } from "@app/hooks/usePopUp";

 const createSchema = z
  .object({
@@ -339,25 +338,12 @@ export type FormData = z.infer<typeof createSchema>;
 interface Props {
  isOpen: boolean;
  onClose: () => void;
-  handlePopUpOpen: (
-    popUpName: keyof UsePopUpState<["upgradePlan"]>,
-    data?: {
-      isEnterpriseFeature?: boolean;
-    }
-  ) => void;
  profile?: TCertificateProfileWithDetails;
  mode?: "create" | "edit";
 }

-export const CreateProfileModal = ({
-  isOpen,
-  onClose,
-  handlePopUpOpen,
-  profile,
-  mode = "create"
-}: Props) => {
+export const CreateProfileModal = ({ isOpen, onClose, profile, mode = "create" }: Props) => {
  const { currentProject } = useProject();
-  const { subscription } = useSubscription();

  const { data: allCaData } = useListCasByProjectId(currentProject?.id || "");
  const { data: templateData } = useListCertificateTemplatesV2({
@@ -532,15 +518,6 @@ export const CreateProfileModal = ({
  }, [isEdit, profile, isAzureAdcsCa, azureAdcsTemplatesData, setValue]);

  const onFormSubmit = async (data: FormData) => {
-    if (!isEdit && !subscription?.pkiAcme && data.enrollmentType === EnrollmentType.ACME) {
-      reset();
-      onClose();
-      handlePopUpOpen("upgradePlan", {
-        isEnterpriseFeature: true
-      });
-      return;
-    }
-
    if (!currentProject?.id && !isEdit) return;

    // Validate Azure ADCS template requirement