Merge pull request #5080 from Infisical/chore/remove-pki-acme-feature-flg

chore: remove usages of pkiAcme feature flag

backend/src/ee/services/pki-acme/pki-acme-service.ts

@@ -47,7 +47,6 @@ import { TProjectDALFactory } from "@app/services/project/project-dal";
 import { getProjectKmsCertificateKeyId } from "@app/services/project/project-fns";
 
 import { EventType, TAuditLogServiceFactory } from "../audit-log/audit-log-types";
-import { TLicenseServiceFactory } from "../license/license-service";
 import { TPkiAcmeAccountDALFactory } from "./pki-acme-account-dal";
 import { TPkiAcmeAuthDALFactory } from "./pki-acme-auth-dal";
 import { TPkiAcmeChallengeDALFactory } from "./pki-acme-challenge-dal";
@@ -61,7 +60,6 @@ import {
   AcmeMalformedError,
   AcmeOrderNotReadyError,
   AcmeServerInternalError,
-  AcmeUnauthorizedError,
   AcmeUnsupportedIdentifierError
 } from "./pki-acme-errors";
 import { buildUrl, extractAccountIdFromKid, validateDnsIdentifier } from "./pki-acme-fns";
@@ -129,7 +127,6 @@ type TPkiAcmeServiceFactoryDep = {
     TKmsServiceFactory,
     "decryptWithKmsKey" | "generateKmsKey" | "encryptWithKmsKey" | "createCipherPairWithDataKey"
   >;
-  licenseService: Pick<TLicenseServiceFactory, "getPlan">;
   certificateV3Service: Pick<TCertificateV3ServiceFactory, "signCertificateFromProfile">;
   certificateTemplateV2Service: Pick<TCertificateTemplateV2ServiceFactory, "validateCertificateRequest">;
   certificateRequestService: Pick<TCertificateRequestServiceFactory, "createCertificateRequest">;
@@ -152,7 +149,6 @@ export const pkiAcmeServiceFactory = ({
   acmeChallengeDAL,
   keyStore,
   kmsService,
-  licenseService,
   certificateV3Service,
   certificateTemplateV2Service,
   certificateRequestService,
@@ -169,12 +165,6 @@ export const pkiAcmeServiceFactory = ({
     if (profile.enrollmentType !== EnrollmentType.ACME) {
       throw new NotFoundError({ message: "Certificate profile is not configured for ACME enrollment" });
     }
-    const orgLicensePlan = await licenseService.getPlan(profile.project!.orgId);
-    if (!orgLicensePlan.pkiAcme) {
-      throw new AcmeUnauthorizedError({
-        message: "Failed to validate ACME profile: Plan restriction. Upgrade plan to continue"
-      });
-    }
     return profile;
   };
 

backend/src/server/routes/index.ts

@@ -1227,7 +1227,6 @@ export const registerRoutes = async (
     certificateAuthorityDAL,
     externalCertificateAuthorityDAL,
     permissionService,
-    licenseService,
     kmsService,
     projectDAL
   });
@@ -2340,7 +2339,6 @@ export const registerRoutes = async (
     acmeChallengeDAL,
     keyStore,
     kmsService,
-    licenseService,
     certificateV3Service,
     certificateTemplateV2Service,
     certificateRequestService,

backend/src/services/certificate-profile/certificate-profile-service.test.ts

@@ -5,9 +5,8 @@
 import { ForbiddenError } from "@casl/ability";
 import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
 
-import { TLicenseServiceFactory } from "@app/ee/services/license/license-service";
 import type { TPermissionServiceFactory } from "@app/ee/services/permission/permission-service-types";
-import { BadRequestError, ForbiddenRequestError, NotFoundError } from "@app/lib/errors";
+import { ForbiddenRequestError, NotFoundError } from "@app/lib/errors";
 
 import { ActorType, AuthMethod } from "../auth/auth-type";
 import type { TCertificateBodyDALFactory } from "../certificate/certificate-body-dal";
@@ -175,10 +174,6 @@ describe("CertificateProfileService", () => {
     })
   } as unknown as Pick<TPermissionServiceFactory, "getProjectPermission">;
 
-  const mockLicenseService = {
-    getPlan: vi.fn()
-  } as unknown as Pick<TLicenseServiceFactory, "getPlan">;
-
   const mockKmsService = {
     encryptWithKmsKey: vi
       .fn()
@@ -258,7 +253,6 @@ describe("CertificateProfileService", () => {
       certificateAuthorityDAL: mockCertificateAuthorityDAL,
       externalCertificateAuthorityDAL: mockExternalCertificateAuthorityDAL,
       permissionService: mockPermissionService,
-      licenseService: mockLicenseService,
       kmsService: mockKmsService,
       projectDAL: mockProjectDAL
     });
@@ -287,9 +281,6 @@ describe("CertificateProfileService", () => {
         id: "project-123",
         orgId: "org-123"
       });
-      (mockLicenseService.getPlan as any).mockResolvedValue({
-        pkiAcme: true
-      });
       (mockCertificateTemplateV2DAL.findById as any).mockResolvedValue(sampleTemplate);
       (mockCertificateProfileDAL.findByNameAndProjectId as any).mockResolvedValue(null);
       (mockCertificateProfileDAL.findBySlugAndProjectId as any).mockResolvedValue(null);
@@ -423,30 +414,6 @@ describe("CertificateProfileService", () => {
       expect(result).toEqual(sampleProfile);
       expect(mockCertificateTemplateV2DAL.findById).toHaveBeenCalledWith("template-123");
     });
-
-    it("should throw BadRequestError when plan does not support ACME", async () => {
-      (mockLicenseService.getPlan as any).mockResolvedValue({
-        pkiAcme: false
-      });
-
-      await expect(
-        service.createProfile({
-          ...mockActor,
-          projectId: "project-123",
-          data: {
-            ...validProfileData,
-            enrollmentType: EnrollmentType.ACME,
-            acmeConfig: {},
-            apiConfig: undefined,
-            estConfig: undefined
-          }
-        })
-      ).rejects.toThrowError(
-        new BadRequestError({
-          message: "Failed to create certificate profile: Plan restriction. Upgrade plan to continue"
-        })
-      );
-    });
   });
 
   describe("updateProfile", () => {
@@ -756,9 +723,6 @@ describe("CertificateProfileService", () => {
           id: "project-123",
           orgId: "org-123"
         });
-        (mockLicenseService.getPlan as any).mockResolvedValue({
-          pkiAcme: true
-        });
         (mockCertificateTemplateV2DAL.findById as any).mockResolvedValue(sampleTemplate);
         (mockCertificateProfileDAL.findByNameAndProjectId as any).mockResolvedValue(null);
         (mockCertificateProfileDAL.findBySlugAndProjectId as any).mockResolvedValue(null);

backend/src/services/certificate-profile/certificate-profile-service.ts

@@ -2,7 +2,6 @@ import { ForbiddenError, subject } from "@casl/ability";
 import * as x509 from "@peculiar/x509";
 
 import { ActionProjectType } from "@app/db/schemas";
-import { TLicenseServiceFactory } from "@app/ee/services/license/license-service";
 import { TPermissionServiceFactory } from "@app/ee/services/permission/permission-service-types";
 import {
   ProjectPermissionCertificateActions,
@@ -233,7 +232,6 @@ type TCertificateProfileServiceFactoryDep = {
   certificateAuthorityDAL: Pick<TCertificateAuthorityDALFactory, "findById">;
   externalCertificateAuthorityDAL: Pick<TExternalCertificateAuthorityDALFactory, "findById" | "findOne">;
   permissionService: Pick<TPermissionServiceFactory, "getProjectPermission">;
-  licenseService: Pick<TLicenseServiceFactory, "getPlan">;
   kmsService: Pick<TKmsServiceFactory, "generateKmsKey" | "encryptWithKmsKey" | "decryptWithKmsKey">;
   projectDAL: Pick<TProjectDALFactory, "findProjectBySlug" | "findOne" | "updateById" | "findById" | "transaction">;
 };
@@ -271,7 +269,6 @@ export const certificateProfileServiceFactory = ({
   certificateAuthorityDAL,
   externalCertificateAuthorityDAL,
   permissionService,
-  licenseService,
   kmsService,
   projectDAL
 }: TCertificateProfileServiceFactoryDep) => {
@@ -309,12 +306,6 @@ export const certificateProfileServiceFactory = ({
     if (!project) {
       throw new NotFoundError({ message: "Project not found" });
     }
-    const plan = await licenseService.getPlan(project.orgId);
-    if (!plan.pkiAcme && data.enrollmentType === EnrollmentType.ACME) {
-      throw new BadRequestError({
-        message: "Failed to create certificate profile: Plan restriction. Upgrade plan to continue"
-      });
-    }
 
     // Validate that certificate template exists and belongs to the same project
     if (data.certificateTemplateId) {

frontend/src/pages/cert-manager/PoliciesPage/components/CertificateProfilesTab/CertificateProfilesTab.tsx

@@ -30,7 +30,7 @@ export const CertificateProfilesTab = () => {
   const [selectedProfile, setSelectedProfile] = useState<TCertificateProfileWithDetails | null>(
     null
   );
-  const { popUp, handlePopUpOpen, handlePopUpToggle } = usePopUp(["upgradePlan"] as const);
+  const { popUp, handlePopUpToggle } = usePopUp(["upgradePlan"] as const);
 
   const deleteProfile = useDeleteCertificateProfile();
 
@@ -105,11 +105,7 @@ export const CertificateProfilesTab = () => {
         onDeleteProfile={handleDeleteProfile}
       />
 
-      <CreateProfileModal
+      <CreateProfileModal isOpen={isCreateModalOpen} onClose={() => setIsCreateModalOpen(false)} />
-        isOpen={isCreateModalOpen}
-        onClose={() => setIsCreateModalOpen(false)}
-        handlePopUpOpen={handlePopUpOpen}
-      />
       <UpgradePlanModal
         isOpen={popUp.upgradePlan.isOpen}
         onOpenChange={(isOpen) => handlePopUpToggle("upgradePlan", isOpen)}
@@ -125,7 +121,6 @@ export const CertificateProfilesTab = () => {
               setIsEditModalOpen(false);
               setSelectedProfile(null);
             }}
-            handlePopUpOpen={handlePopUpOpen}
             profile={selectedProfile}
             mode="edit"
           />

frontend/src/pages/cert-manager/PoliciesPage/components/CertificateProfilesTab/CreateProfileModal.tsx

@@ -19,7 +19,7 @@ import {
   TextArea,
   Tooltip
 } from "@app/components/v2";
-import { useProject, useSubscription } from "@app/context";
+import { useProject } from "@app/context";
 import { CaType } from "@app/hooks/api/ca/enums";
 import { useGetAzureAdcsTemplates, useListCasByProjectId } from "@app/hooks/api/ca/queries";
 import {
@@ -32,7 +32,6 @@ import {
   useUpdateCertificateProfile
 } from "@app/hooks/api/certificateProfiles";
 import { useListCertificateTemplatesV2 } from "@app/hooks/api/certificateTemplates/queries";
-import { UsePopUpState } from "@app/hooks/usePopUp";
 
 const createSchema = z
   .object({
@@ -339,25 +338,12 @@ export type FormData = z.infer<typeof createSchema>;
 interface Props {
   isOpen: boolean;
   onClose: () => void;
-  handlePopUpOpen: (
-    popUpName: keyof UsePopUpState<["upgradePlan"]>,
-    data?: {
-      isEnterpriseFeature?: boolean;
-    }
-  ) => void;
   profile?: TCertificateProfileWithDetails;
   mode?: "create" | "edit";
 }
 
-export const CreateProfileModal = ({
+export const CreateProfileModal = ({ isOpen, onClose, profile, mode = "create" }: Props) => {
-  isOpen,
-  onClose,
-  handlePopUpOpen,
-  profile,
-  mode = "create"
-}: Props) => {
   const { currentProject } = useProject();
-  const { subscription } = useSubscription();
 
   const { data: allCaData } = useListCasByProjectId(currentProject?.id || "");
   const { data: templateData } = useListCertificateTemplatesV2({
@@ -532,15 +518,6 @@ export const CreateProfileModal = ({
   }, [isEdit, profile, isAzureAdcsCa, azureAdcsTemplatesData, setValue]);
 
   const onFormSubmit = async (data: FormData) => {
-    if (!isEdit && !subscription?.pkiAcme && data.enrollmentType === EnrollmentType.ACME) {
-      reset();
-      onClose();
-      handlePopUpOpen("upgradePlan", {
-        isEnterpriseFeature: true
-      });
-      return;
-    }
-
     if (!currentProject?.id && !isEdit) return;
 
     // Validate Azure ADCS template requirement