Revise pr based on greptile review

backend/src/ee/services/ssh-host/ssh-host-schema.ts

@@ -14,7 +14,7 @@ export const sanitizedSshHost = SshHostsSchema.pick({
 });
 
 export const loginMappingSchema = z.object({
-  loginUser: z.string().trim(),
+  loginUser: z.string().trim().min(1).max(32),
   allowedPrincipals: z.object({
     usernames: z
       .array(z.string().trim())

backend/src/lib/api-docs/constants.ts

@@ -1735,6 +1735,15 @@ export const PKI_SUBSCRIBERS = {
     privateKey: "The private key of the issued certificate.",
     serialNumber: "The serial number of the issued certificate."
   },
+  SIGN_CERT: {
+    subscriberName: "The name of the PKI subscriber to sign the certificate for.",
+    projectId: "The ID of the project of the PKI subscriber to sign the certificate for.",
+    csr: "The CSR to be used to sign the certificate.",
+    certificate: "The signed certificate.",
+    issuingCaCertificate: "The certificate of the issuing CA.",
+    certificateChain: "The certificate chain of the signed certificate.",
+    serialNumber: "The serial number of the signed certificate."
+  },
   LIST_CERTS: {
     subscriberName: "The name of the PKI subscriber to list the certificates for.",
     projectId: "The ID of the project of the PKI subscriber to list the certificates for.",

backend/src/server/routes/v1/pki-subscriber-router.ts

@@ -361,17 +361,17 @@ export const registerPkiSubscriberRouter = async (server: FastifyZodProvider) =>
       tags: [ApiDocsTags.PkiSubscribers],
       description: "Sign certificate",
       params: z.object({
-        subscriberName: z.string().describe(PKI_SUBSCRIBERS.ISSUE_CERT.subscriberName)
+        subscriberName: z.string().describe(PKI_SUBSCRIBERS.SIGN_CERT.subscriberName)
       }),
       body: z.object({
-        projectId: z.string().trim().describe(PKI_SUBSCRIBERS.ISSUE_CERT.projectId),
-        csr: z.string().trim().min(1)
+        projectId: z.string().trim().describe(PKI_SUBSCRIBERS.SIGN_CERT.projectId),
+        csr: z.string().trim().min(1).max(3000).describe(PKI_SUBSCRIBERS.SIGN_CERT.csr)
       }),
       response: {
         200: z.object({
-          certificate: z.string().trim().describe(PKI_SUBSCRIBERS.ISSUE_CERT.certificate),
-          issuingCaCertificate: z.string().trim().describe(PKI_SUBSCRIBERS.ISSUE_CERT.issuingCaCertificate),
-          certificateChain: z.string().trim().describe(PKI_SUBSCRIBERS.ISSUE_CERT.certificateChain),
+          certificate: z.string().trim().describe(PKI_SUBSCRIBERS.SIGN_CERT.certificate),
+          issuingCaCertificate: z.string().trim().describe(PKI_SUBSCRIBERS.SIGN_CERT.issuingCaCertificate),
+          certificateChain: z.string().trim().describe(PKI_SUBSCRIBERS.SIGN_CERT.certificateChain),
           serialNumber: z.string().trim().describe(PKI_SUBSCRIBERS.ISSUE_CERT.serialNumber)
         })
       }
@@ -412,7 +412,7 @@ export const registerPkiSubscriberRouter = async (server: FastifyZodProvider) =>
       });
 
       return {
-        certificate: certificate.toString("pem"),
+        certificate,
         certificateChain,
         issuingCaCertificate,
         serialNumber

backend/src/server/routes/v2/project-router.ts

@@ -498,6 +498,8 @@ export const registerProjectRouter = async (server: FastifyZodProvider) => {
       rateLimit: readLimit
     },
     schema: {
+      hide: false,
+      tags: [ApiDocsTags.PkiSubscribers],
       params: z.object({
         projectId: z.string().trim().describe(PROJECTS.LIST_PKI_SUBSCRIBERS.projectId)
       }),

backend/src/services/pki-subscriber/pki-subscriber-service.ts

@@ -706,7 +706,7 @@ export const pkiSubscriberServiceFactory = ({
     });
 
     return {
-      certificate: leafCert,
+      certificate: leafCert.toString("pem"),
       certificateChain: `${issuingCaCertificate}\n${caCertChain}`.trim(),
       issuingCaCertificate,
       serialNumber,

docs/documentation/platform/pki/certificates.mdx

@@ -240,7 +240,7 @@ openssl verify -crl_check -CAfile chain.pem -CRLfile crl.pem cert.pem
 ```
 
 Note that you can also obtain the CRL from the certificate itself by
-referencing the CRL distribution point extension on the certificate itself.
+referencing the CRL distribution point extension on the certificate.
 
 To check a certificate against the CRL distribution point specified within it with OpenSSL, you can use the following command:
 

docs/documentation/platform/pki/subscribers.mdx

@@ -6,7 +6,7 @@ description: "Learn how to manage PKI subscribers and issue X.509 certificates f
 
 ## Concept
 
-In Infisical PKI, subscribers are logical representatiosn of entities such as devices, servers, applications that request and receive certificates from Certificate Authorities (CAs).
+In Infisical PKI, subscribers are logical representations of entities such as devices, servers, applications that request and receive certificates from Certificate Authorities (CAs).
 
 <div align="center">
 
@@ -109,7 +109,7 @@ openssl verify -crl_check -CAfile chain.pem -CRLfile crl.pem cert.pem
 ```
 
 Note that you can also obtain the CRL from the certificate itself by
-referencing the CRL distribution point extension on the certificate itself.
+referencing the CRL distribution point extension on the certificate.
 
 To check a certificate against the CRL distribution point specified within it with OpenSSL, you can use the following command:
 
@@ -125,7 +125,7 @@ openssl verify -verbose -crl_check -crl_download -CAfile chain.pem cert.pem
 <AccordionGroup>
   <Accordion title="What is the workflow for renewing a certificate?">
     To renew a certificate, you have to issue a new certificate for the same
-    subscriber The original certificate will continue to be valid through its
+    subscriber. The original certificate will continue to be valid through its
     original TTL unless explicitly revoked.
   </Accordion>
 </AccordionGroup>

frontend/src/pages/cert-manager/PkiSubscriberDetailsByIDPage/PkiSubscriberDetailsByIDPage.tsx

@@ -102,8 +102,7 @@ const Page = () => {
                       )}
                       onClick={() =>
                         handlePopUpOpen("deletePkiSubscriber", {
-                          subscriberId: data.id,
-                          name: data.name
+                          subscriberName: data.name
                         })
                       }
                       disabled={!isAllowed}
@@ -131,14 +130,14 @@ const Page = () => {
       <PkiSubscriberModal popUp={popUp} handlePopUpToggle={handlePopUpToggle} />
       <DeleteActionModal
         isOpen={popUp.deletePkiSubscriber.isOpen}
-        title={`Are you sure want to remove the PKI subscriber: ${
+        title={`Are you sure you want to remove the PKI subscriber: ${
           (popUp?.deletePkiSubscriber?.data as { name: string })?.name || ""
         }?`}
         onChange={(isOpen) => handlePopUpToggle("deletePkiSubscriber", isOpen)}
         deleteKey="confirm"
         onDeleteApproved={() =>
           onRemoveSubscriberSubmit(
-            (popUp?.deletePkiSubscriber?.data as { subscriberId: string })?.subscriberId
+            (popUp?.deletePkiSubscriber?.data as { subscriberName: string })?.subscriberName
           )
         }
       />

frontend/src/pages/cert-manager/PkiSubscriberDetailsByIDPage/components/PkiSubscriberDetailsSection.tsx

@@ -142,10 +142,9 @@ export const PkiSubscriberDetailsSection = ({ subscriberName, handlePopUpOpen }:
         </div>
         {canIssuePkiSubscriberCert && (
           <Button
-            isDisabled={!canIssuePkiSubscriberCert}
             className="mt-4 w-full"
             colorSchema="primary"
-            type="submit"
+            type="button"
             isLoading={isIssuingCert}
             onClick={() => {
               onIssuePkiSubscriberCert();

frontend/src/pages/cert-manager/PkiSubscribersPage/PkiSubscribersPage.tsx

@@ -13,7 +13,7 @@ export const PkiSubscribersPage = () => {
         <title>{t("common.head-title", { title: "PKI Subscribers" })}</title>
       </Helmet>
       <div className="h-full bg-bunker-800">
-        <div className="container mx-auto flex flex-col justify-between bg-bunker-800 text-white">
+        <div className="container mx-auto flex flex-col justify-between text-white">
           <div className="mx-auto mb-6 w-full max-w-7xl">
             <PageHeader
               title="Subscribers"

frontend/src/pages/cert-manager/PkiSubscribersPage/components/PkiSubscriberModal.tsx

@@ -165,16 +165,6 @@ export const PkiSubscriberModal = ({ popUp, handlePopUpToggle }: Props) => {
         return;
       }
 
-      console.log("onFormSubmitArgs: ", {
-        name,
-        caId,
-        commonName,
-        subjectAlternativeNames,
-        ttl,
-        keyUsages,
-        extendedKeyUsages
-      });
-
       // Check if there is already a different subscriber with the same name
       const existingNames =
         subscribers?.filter((s) => s.id !== pkiSubscriber?.id).map((s) => s.name) || [];

frontend/src/pages/cert-manager/PkiSubscribersPage/components/PkiSubscriberSection.tsx

@@ -68,7 +68,7 @@ export const PkiSubscriberSection = () => {
     } catch (err) {
       console.error(err);
       createNotification({
-        text: `Failed to ${status === PkiSubscriberStatus.ACTIVE ? "enabled" : "disabled"} subscriber`,
+        text: `Failed to ${status === PkiSubscriberStatus.ACTIVE ? "enable" : "disable"} subscriber`,
         type: "error"
       });
     }
@@ -123,7 +123,7 @@ export const PkiSubscriberSection = () => {
       <PkiSubscriberModal popUp={popUp} handlePopUpToggle={handlePopUpToggle} />
       <DeleteActionModal
         isOpen={popUp.pkiSubscriberStatus.isOpen}
-        title={`Are you sure want to ${isEnabling ? "enable" : "disable"} the subscriber ${subscriberName}?`}
+        title={`Are you sure you want to ${isEnabling ? "enable" : "disable"} the subscriber ${subscriberName}?`}
         subTitle={
           isEnabling
             ? "This action will allow issuing certificates for this subscriber again."