update success message of share secret

.github/workflows/build-staging-and-deploy-aws.yml

@@ -56,7 +56,7 @@ jobs:
           # Learn more about [Twingate Services](https://docs.twingate.com/docs/services)
           #
           # Required
-          service-key: ${{ secrets.TWINGATE_SERVICE_KEY }}
+          service-key: ${{ secrets.TWINGATE_GAMMA_SERVICE_KEY }}
       - name: Checkout code
         uses: actions/checkout@v2
       - name: Setup Node.js environment

.github/workflows/check-migration-file-edited.yml

@@ -1,25 +0,0 @@
-name: Check migration file edited
-
-on:
-  pull_request:
-    types: [opened, synchronize]
-    paths:
-      - 'backend/src/db/migrations/**'
-
-jobs:
-  rename:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Check out repository
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: Check any migration files are modified, renamed or duplicated.
-        run: |
-          git diff --name-status HEAD^ HEAD backend/src/db/migrations | grep '^M\|^R\|^C' || true | cut -f2 | xargs -r -n1 basename > edited_files.txt
-          if [ -s edited_files.txt ]; then
-            echo "Exiting migration files cannot be modified."
-            cat edited_files.txt
-            exit 1
-          fi

.github/workflows/update-be-new-migration-latest-timestamp.yml

@@ -19,16 +19,18 @@ jobs:
 
       - name: Get list of newly added files in migration folder
         run: |
-          git diff --name-status HEAD^ HEAD backend/src/db/migrations | grep '^A' || true | cut -f2 | xargs -r -n1 basename > added_files.txt
+          git diff --name-status HEAD^ HEAD backend/src/db/migrations | grep '^A' | cut -f2 | xargs -n1 basename > added_files.txt
           if [ ! -s added_files.txt ]; then
             echo "No new files added. Skipping"
-            exit 0
+            echo "SKIP_RENAME=true" >> $GITHUB_ENV
           fi
 
       - name: Script to rename migrations
+        if: env.SKIP_RENAME != 'true'
         run: python .github/resources/rename_migration_files.py
 
       - name: Commit and push changes
+        if: env.SKIP_RENAME != 'true'
         run: |
           git config user.name github-actions
           git config user.email github-actions@github.com

.infisicalignore

@@ -5,4 +5,3 @@ frontend/src/views/Project/MembersPage/components/MemberListTab/MemberRoleForm/M
 frontend/src/views/Project/MembersPage/components/MemberListTab/MemberRoleForm/SpecificPrivilegeSection.tsx:generic-api-key:292
 docs/self-hosting/configuration/envars.mdx:generic-api-key:106
 frontend/src/views/Project/MembersPage/components/MemberListTab/MemberRoleForm/SpecificPrivilegeSection.tsx:generic-api-key:451
-docs/mint.json:generic-api-key:651

backend/e2e-test/vitest-environment-knex.ts

@@ -3,6 +3,7 @@ import "ts-node/register";
 
 import dotenv from "dotenv";
 import jwt from "jsonwebtoken";
+import knex from "knex";
 import path from "path";
 
 import { seedData1 } from "@app/db/seed-data";
@@ -14,7 +15,6 @@ import { AuthMethod, AuthTokenType } from "@app/services/auth/auth-type";
 import { mockQueue } from "./mocks/queue";
 import { mockSmtpServer } from "./mocks/smtp";
 import { mockKeyStore } from "./mocks/keystore";
-import { initDbConnection } from "@app/db";
 
 dotenv.config({ path: path.join(__dirname, "../../.env.test"), debug: true });
 export default {
@@ -23,21 +23,23 @@ export default {
   async setup() {
     const logger = await initLogger();
     const cfg = initEnvConfig(logger);
-    const db = initDbConnection({
-      dbConnectionUri: cfg.DB_CONNECTION_URI,
-      dbRootCert: cfg.DB_ROOT_CERT
-    });
-
-    try {
-      await db.migrate.latest({
+    const db = knex({
+      client: "pg",
+      connection: cfg.DB_CONNECTION_URI,
+      migrations: {
         directory: path.join(__dirname, "../src/db/migrations"),
         extension: "ts",
         tableName: "infisical_migrations"
-      });
-      await db.seed.run({
+      },
+      seeds: {
         directory: path.join(__dirname, "../src/db/seeds"),
         extension: "ts"
-      });
+      }
+    });
+
+    try {
+      await db.migrate.latest();
+      await db.seed.run();
       const smtp = mockSmtpServer();
       const queue = mockQueue();
       const keyStore = mockKeyStore();
@@ -72,14 +74,7 @@ export default {
         // @ts-expect-error type
         delete globalThis.jwtToken;
         // called after all tests with this env have been run
-        await db.migrate.rollback(
-          {
-            directory: path.join(__dirname, "../src/db/migrations"),
-            extension: "ts",
-            tableName: "infisical_migrations"
-          },
-          true
-        );
+        await db.migrate.rollback({}, true);
         await db.destroy();
       }
     };

backend/package.json

@@ -72,7 +72,6 @@
   "dependencies": {
     "@aws-sdk/client-iam": "^3.525.0",
     "@aws-sdk/client-secrets-manager": "^3.504.0",
-    "@aws-sdk/client-sts": "^3.600.0",
     "@casl/ability": "^6.5.0",
     "@fastify/cookie": "^9.3.1",
     "@fastify/cors": "^8.5.0",

backend/scripts/create-migration.ts

@@ -2,14 +2,13 @@
 import { execSync } from "child_process";
 import path from "path";
 import promptSync from "prompt-sync";
-import slugify from "@sindresorhus/slugify"
 
 const prompt = promptSync({ sigint: true });
 
 const migrationName = prompt("Enter name for migration: ");
 
 // Remove spaces from migration name and replace with hyphens
-const formattedMigrationName = slugify(migrationName);
+const formattedMigrationName = migrationName.replace(/\s+/g, "-");
 
 execSync(
   `npx knex migrate:make --knexfile ${path.join(__dirname, "../src/db/knexfile.ts")} -x ts ${formattedMigrationName}`,

backend/src/@types/knex.d.ts

@@ -1,4 +1,4 @@
-import { Knex as KnexOriginal } from "knex";
+import { Knex } from "knex";
 
 import {
   TableName,
@@ -280,371 +280,318 @@ import {
   TWebhooksUpdate
 } from "@app/db/schemas";
 
-declare module "knex" {
-  namespace Knex {
-    interface QueryInterface {
-      primaryNode(): KnexOriginal;
-      replicaNode(): KnexOriginal;
-    }
-  }
-}
-
 declare module "knex/types/tables" {
   interface Tables {
-    [TableName.Users]: KnexOriginal.CompositeTableType<TUsers, TUsersInsert, TUsersUpdate>;
-    [TableName.Groups]: KnexOriginal.CompositeTableType<TGroups, TGroupsInsert, TGroupsUpdate>;
-    [TableName.CertificateAuthority]: KnexOriginal.CompositeTableType<
+    [TableName.Users]: Knex.CompositeTableType<TUsers, TUsersInsert, TUsersUpdate>;
+    [TableName.Groups]: Knex.CompositeTableType<TGroups, TGroupsInsert, TGroupsUpdate>;
+    [TableName.CertificateAuthority]: Knex.CompositeTableType<
       TCertificateAuthorities,
       TCertificateAuthoritiesInsert,
       TCertificateAuthoritiesUpdate
     >;
-    [TableName.CertificateAuthorityCert]: KnexOriginal.CompositeTableType<
+    [TableName.CertificateAuthorityCert]: Knex.CompositeTableType<
       TCertificateAuthorityCerts,
       TCertificateAuthorityCertsInsert,
       TCertificateAuthorityCertsUpdate
     >;
-    [TableName.CertificateAuthoritySecret]: KnexOriginal.CompositeTableType<
+    [TableName.CertificateAuthoritySecret]: Knex.CompositeTableType<
       TCertificateAuthoritySecret,
       TCertificateAuthoritySecretInsert,
       TCertificateAuthoritySecretUpdate
     >;
-    [TableName.CertificateAuthorityCrl]: KnexOriginal.CompositeTableType<
+    [TableName.CertificateAuthorityCrl]: Knex.CompositeTableType<
       TCertificateAuthorityCrl,
       TCertificateAuthorityCrlInsert,
       TCertificateAuthorityCrlUpdate
     >;
-    [TableName.Certificate]: KnexOriginal.CompositeTableType<TCertificates, TCertificatesInsert, TCertificatesUpdate>;
-    [TableName.CertificateBody]: KnexOriginal.CompositeTableType<
+    [TableName.Certificate]: Knex.CompositeTableType<TCertificates, TCertificatesInsert, TCertificatesUpdate>;
+    [TableName.CertificateBody]: Knex.CompositeTableType<
       TCertificateBodies,
       TCertificateBodiesInsert,
       TCertificateBodiesUpdate
     >;
-    [TableName.CertificateSecret]: KnexOriginal.CompositeTableType<
+    [TableName.CertificateSecret]: Knex.CompositeTableType<
       TCertificateSecrets,
       TCertificateSecretsInsert,
       TCertificateSecretsUpdate
     >;
-    [TableName.UserGroupMembership]: KnexOriginal.CompositeTableType<
+    [TableName.UserGroupMembership]: Knex.CompositeTableType<
       TUserGroupMembership,
       TUserGroupMembershipInsert,
       TUserGroupMembershipUpdate
     >;
-    [TableName.GroupProjectMembership]: KnexOriginal.CompositeTableType<
+    [TableName.GroupProjectMembership]: Knex.CompositeTableType<
       TGroupProjectMemberships,
       TGroupProjectMembershipsInsert,
       TGroupProjectMembershipsUpdate
     >;
-    [TableName.GroupProjectMembershipRole]: KnexOriginal.CompositeTableType<
+    [TableName.GroupProjectMembershipRole]: Knex.CompositeTableType<
       TGroupProjectMembershipRoles,
       TGroupProjectMembershipRolesInsert,
       TGroupProjectMembershipRolesUpdate
     >;
-    [TableName.UserAliases]: KnexOriginal.CompositeTableType<TUserAliases, TUserAliasesInsert, TUserAliasesUpdate>;
-    [TableName.UserEncryptionKey]: KnexOriginal.CompositeTableType<
+    [TableName.UserAliases]: Knex.CompositeTableType<TUserAliases, TUserAliasesInsert, TUserAliasesUpdate>;
+    [TableName.UserEncryptionKey]: Knex.CompositeTableType<
       TUserEncryptionKeys,
       TUserEncryptionKeysInsert,
       TUserEncryptionKeysUpdate
     >;
-    [TableName.AuthTokens]: KnexOriginal.CompositeTableType<TAuthTokens, TAuthTokensInsert, TAuthTokensUpdate>;
-    [TableName.AuthTokenSession]: KnexOriginal.CompositeTableType<
+    [TableName.AuthTokens]: Knex.CompositeTableType<TAuthTokens, TAuthTokensInsert, TAuthTokensUpdate>;
+    [TableName.AuthTokenSession]: Knex.CompositeTableType<
       TAuthTokenSessions,
       TAuthTokenSessionsInsert,
       TAuthTokenSessionsUpdate
     >;
-    [TableName.BackupPrivateKey]: KnexOriginal.CompositeTableType<
+    [TableName.BackupPrivateKey]: Knex.CompositeTableType<
       TBackupPrivateKey,
       TBackupPrivateKeyInsert,
       TBackupPrivateKeyUpdate
     >;
-    [TableName.Organization]: KnexOriginal.CompositeTableType<
-      TOrganizations,
-      TOrganizationsInsert,
-      TOrganizationsUpdate
-    >;
-    [TableName.OrgMembership]: KnexOriginal.CompositeTableType<
-      TOrgMemberships,
-      TOrgMembershipsInsert,
-      TOrgMembershipsUpdate
-    >;
-    [TableName.OrgRoles]: KnexOriginal.CompositeTableType<TOrgRoles, TOrgRolesInsert, TOrgRolesUpdate>;
-    [TableName.IncidentContact]: KnexOriginal.CompositeTableType<
+    [TableName.Organization]: Knex.CompositeTableType<TOrganizations, TOrganizationsInsert, TOrganizationsUpdate>;
+    [TableName.OrgMembership]: Knex.CompositeTableType<TOrgMemberships, TOrgMembershipsInsert, TOrgMembershipsUpdate>;
+    [TableName.OrgRoles]: Knex.CompositeTableType<TOrgRoles, TOrgRolesInsert, TOrgRolesUpdate>;
+    [TableName.IncidentContact]: Knex.CompositeTableType<
       TIncidentContacts,
       TIncidentContactsInsert,
       TIncidentContactsUpdate
     >;
-    [TableName.UserAction]: KnexOriginal.CompositeTableType<TUserActions, TUserActionsInsert, TUserActionsUpdate>;
-    [TableName.SuperAdmin]: KnexOriginal.CompositeTableType<TSuperAdmin, TSuperAdminInsert, TSuperAdminUpdate>;
-    [TableName.ApiKey]: KnexOriginal.CompositeTableType<TApiKeys, TApiKeysInsert, TApiKeysUpdate>;
-    [TableName.Project]: KnexOriginal.CompositeTableType<TProjects, TProjectsInsert, TProjectsUpdate>;
-    [TableName.ProjectMembership]: KnexOriginal.CompositeTableType<
+    [TableName.UserAction]: Knex.CompositeTableType<TUserActions, TUserActionsInsert, TUserActionsUpdate>;
+    [TableName.SuperAdmin]: Knex.CompositeTableType<TSuperAdmin, TSuperAdminInsert, TSuperAdminUpdate>;
+    [TableName.ApiKey]: Knex.CompositeTableType<TApiKeys, TApiKeysInsert, TApiKeysUpdate>;
+    [TableName.Project]: Knex.CompositeTableType<TProjects, TProjectsInsert, TProjectsUpdate>;
+    [TableName.ProjectMembership]: Knex.CompositeTableType<
       TProjectMemberships,
       TProjectMembershipsInsert,
       TProjectMembershipsUpdate
     >;
-    [TableName.Environment]: KnexOriginal.CompositeTableType<
+    [TableName.Environment]: Knex.CompositeTableType<
       TProjectEnvironments,
       TProjectEnvironmentsInsert,
       TProjectEnvironmentsUpdate
     >;
-    [TableName.ProjectBot]: KnexOriginal.CompositeTableType<TProjectBots, TProjectBotsInsert, TProjectBotsUpdate>;
-    [TableName.ProjectUserMembershipRole]: KnexOriginal.CompositeTableType<
+    [TableName.ProjectBot]: Knex.CompositeTableType<TProjectBots, TProjectBotsInsert, TProjectBotsUpdate>;
+    [TableName.ProjectUserMembershipRole]: Knex.CompositeTableType<
       TProjectUserMembershipRoles,
       TProjectUserMembershipRolesInsert,
       TProjectUserMembershipRolesUpdate
     >;
-    [TableName.ProjectRoles]: KnexOriginal.CompositeTableType<TProjectRoles, TProjectRolesInsert, TProjectRolesUpdate>;
-    [TableName.ProjectUserAdditionalPrivilege]: KnexOriginal.CompositeTableType<
+    [TableName.ProjectRoles]: Knex.CompositeTableType<TProjectRoles, TProjectRolesInsert, TProjectRolesUpdate>;
+    [TableName.ProjectUserAdditionalPrivilege]: Knex.CompositeTableType<
       TProjectUserAdditionalPrivilege,
       TProjectUserAdditionalPrivilegeInsert,
       TProjectUserAdditionalPrivilegeUpdate
     >;
-    [TableName.ProjectKeys]: KnexOriginal.CompositeTableType<TProjectKeys, TProjectKeysInsert, TProjectKeysUpdate>;
-    [TableName.Secret]: KnexOriginal.CompositeTableType<TSecrets, TSecretsInsert, TSecretsUpdate>;
-    [TableName.SecretReference]: KnexOriginal.CompositeTableType<
+    [TableName.ProjectKeys]: Knex.CompositeTableType<TProjectKeys, TProjectKeysInsert, TProjectKeysUpdate>;
+    [TableName.Secret]: Knex.CompositeTableType<TSecrets, TSecretsInsert, TSecretsUpdate>;
+    [TableName.SecretReference]: Knex.CompositeTableType<
       TSecretReferences,
       TSecretReferencesInsert,
       TSecretReferencesUpdate
     >;
-    [TableName.SecretBlindIndex]: KnexOriginal.CompositeTableType<
+    [TableName.SecretBlindIndex]: Knex.CompositeTableType<
       TSecretBlindIndexes,
       TSecretBlindIndexesInsert,
       TSecretBlindIndexesUpdate
     >;
-    [TableName.SecretVersion]: KnexOriginal.CompositeTableType<
-      TSecretVersions,
-      TSecretVersionsInsert,
-      TSecretVersionsUpdate
-    >;
-    [TableName.SecretFolder]: KnexOriginal.CompositeTableType<
-      TSecretFolders,
-      TSecretFoldersInsert,
-      TSecretFoldersUpdate
-    >;
-    [TableName.SecretFolderVersion]: KnexOriginal.CompositeTableType<
+    [TableName.SecretVersion]: Knex.CompositeTableType<TSecretVersions, TSecretVersionsInsert, TSecretVersionsUpdate>;
+    [TableName.SecretFolder]: Knex.CompositeTableType<TSecretFolders, TSecretFoldersInsert, TSecretFoldersUpdate>;
+    [TableName.SecretFolderVersion]: Knex.CompositeTableType<
       TSecretFolderVersions,
       TSecretFolderVersionsInsert,
       TSecretFolderVersionsUpdate
     >;
-    [TableName.SecretSharing]: KnexOriginal.CompositeTableType<
-      TSecretSharing,
-      TSecretSharingInsert,
-      TSecretSharingUpdate
-    >;
-    [TableName.RateLimit]: KnexOriginal.CompositeTableType<TRateLimit, TRateLimitInsert, TRateLimitUpdate>;
-    [TableName.SecretTag]: KnexOriginal.CompositeTableType<TSecretTags, TSecretTagsInsert, TSecretTagsUpdate>;
-    [TableName.SecretImport]: KnexOriginal.CompositeTableType<
-      TSecretImports,
-      TSecretImportsInsert,
-      TSecretImportsUpdate
-    >;
-    [TableName.Integration]: KnexOriginal.CompositeTableType<TIntegrations, TIntegrationsInsert, TIntegrationsUpdate>;
-    [TableName.Webhook]: KnexOriginal.CompositeTableType<TWebhooks, TWebhooksInsert, TWebhooksUpdate>;
-    [TableName.ServiceToken]: KnexOriginal.CompositeTableType<
-      TServiceTokens,
-      TServiceTokensInsert,
-      TServiceTokensUpdate
-    >;
-    [TableName.IntegrationAuth]: KnexOriginal.CompositeTableType<
+    [TableName.SecretSharing]: Knex.CompositeTableType<TSecretSharing, TSecretSharingInsert, TSecretSharingUpdate>;
+    [TableName.RateLimit]: Knex.CompositeTableType<TRateLimit, TRateLimitInsert, TRateLimitUpdate>;
+    [TableName.SecretTag]: Knex.CompositeTableType<TSecretTags, TSecretTagsInsert, TSecretTagsUpdate>;
+    [TableName.SecretImport]: Knex.CompositeTableType<TSecretImports, TSecretImportsInsert, TSecretImportsUpdate>;
+    [TableName.Integration]: Knex.CompositeTableType<TIntegrations, TIntegrationsInsert, TIntegrationsUpdate>;
+    [TableName.Webhook]: Knex.CompositeTableType<TWebhooks, TWebhooksInsert, TWebhooksUpdate>;
+    [TableName.ServiceToken]: Knex.CompositeTableType<TServiceTokens, TServiceTokensInsert, TServiceTokensUpdate>;
+    [TableName.IntegrationAuth]: Knex.CompositeTableType<
       TIntegrationAuths,
       TIntegrationAuthsInsert,
       TIntegrationAuthsUpdate
     >;
-    [TableName.Identity]: KnexOriginal.CompositeTableType<TIdentities, TIdentitiesInsert, TIdentitiesUpdate>;
-    [TableName.IdentityUniversalAuth]: KnexOriginal.CompositeTableType<
+    [TableName.Identity]: Knex.CompositeTableType<TIdentities, TIdentitiesInsert, TIdentitiesUpdate>;
+    [TableName.IdentityUniversalAuth]: Knex.CompositeTableType<
       TIdentityUniversalAuths,
       TIdentityUniversalAuthsInsert,
       TIdentityUniversalAuthsUpdate
     >;
-    [TableName.IdentityKubernetesAuth]: KnexOriginal.CompositeTableType<
+    [TableName.IdentityKubernetesAuth]: Knex.CompositeTableType<
       TIdentityKubernetesAuths,
       TIdentityKubernetesAuthsInsert,
       TIdentityKubernetesAuthsUpdate
     >;
-    [TableName.IdentityGcpAuth]: KnexOriginal.CompositeTableType<
+    [TableName.IdentityGcpAuth]: Knex.CompositeTableType<
       TIdentityGcpAuths,
       TIdentityGcpAuthsInsert,
       TIdentityGcpAuthsUpdate
     >;
-    [TableName.IdentityAwsAuth]: KnexOriginal.CompositeTableType<
+    [TableName.IdentityAwsAuth]: Knex.CompositeTableType<
       TIdentityAwsAuths,
       TIdentityAwsAuthsInsert,
       TIdentityAwsAuthsUpdate
     >;
-    [TableName.IdentityAzureAuth]: KnexOriginal.CompositeTableType<
+    [TableName.IdentityAzureAuth]: Knex.CompositeTableType<
       TIdentityAzureAuths,
       TIdentityAzureAuthsInsert,
       TIdentityAzureAuthsUpdate
     >;
-    [TableName.IdentityUaClientSecret]: KnexOriginal.CompositeTableType<
+    [TableName.IdentityUaClientSecret]: Knex.CompositeTableType<
       TIdentityUaClientSecrets,
       TIdentityUaClientSecretsInsert,
       TIdentityUaClientSecretsUpdate
     >;
-    [TableName.IdentityAccessToken]: KnexOriginal.CompositeTableType<
+    [TableName.IdentityAccessToken]: Knex.CompositeTableType<
       TIdentityAccessTokens,
       TIdentityAccessTokensInsert,
       TIdentityAccessTokensUpdate
     >;
-    [TableName.IdentityOrgMembership]: KnexOriginal.CompositeTableType<
+    [TableName.IdentityOrgMembership]: Knex.CompositeTableType<
       TIdentityOrgMemberships,
       TIdentityOrgMembershipsInsert,
       TIdentityOrgMembershipsUpdate
     >;
-    [TableName.IdentityProjectMembership]: KnexOriginal.CompositeTableType<
+    [TableName.IdentityProjectMembership]: Knex.CompositeTableType<
       TIdentityProjectMemberships,
       TIdentityProjectMembershipsInsert,
       TIdentityProjectMembershipsUpdate
     >;
-    [TableName.IdentityProjectMembershipRole]: KnexOriginal.CompositeTableType<
+    [TableName.IdentityProjectMembershipRole]: Knex.CompositeTableType<
       TIdentityProjectMembershipRole,
       TIdentityProjectMembershipRoleInsert,
       TIdentityProjectMembershipRoleUpdate
     >;
-    [TableName.IdentityProjectAdditionalPrivilege]: KnexOriginal.CompositeTableType<
+    [TableName.IdentityProjectAdditionalPrivilege]: Knex.CompositeTableType<
       TIdentityProjectAdditionalPrivilege,
       TIdentityProjectAdditionalPrivilegeInsert,
       TIdentityProjectAdditionalPrivilegeUpdate
     >;
 
-    [TableName.AccessApprovalPolicy]: KnexOriginal.CompositeTableType<
+    [TableName.AccessApprovalPolicy]: Knex.CompositeTableType<
       TAccessApprovalPolicies,
       TAccessApprovalPoliciesInsert,
       TAccessApprovalPoliciesUpdate
     >;
 
-    [TableName.AccessApprovalPolicyApprover]: KnexOriginal.CompositeTableType<
+    [TableName.AccessApprovalPolicyApprover]: Knex.CompositeTableType<
       TAccessApprovalPoliciesApprovers,
       TAccessApprovalPoliciesApproversInsert,
       TAccessApprovalPoliciesApproversUpdate
     >;
 
-    [TableName.AccessApprovalRequest]: KnexOriginal.CompositeTableType<
+    [TableName.AccessApprovalRequest]: Knex.CompositeTableType<
       TAccessApprovalRequests,
       TAccessApprovalRequestsInsert,
       TAccessApprovalRequestsUpdate
     >;
 
-    [TableName.AccessApprovalRequestReviewer]: KnexOriginal.CompositeTableType<
+    [TableName.AccessApprovalRequestReviewer]: Knex.CompositeTableType<
       TAccessApprovalRequestsReviewers,
       TAccessApprovalRequestsReviewersInsert,
       TAccessApprovalRequestsReviewersUpdate
     >;
 
-    [TableName.ScimToken]: KnexOriginal.CompositeTableType<TScimTokens, TScimTokensInsert, TScimTokensUpdate>;
-    [TableName.SecretApprovalPolicy]: KnexOriginal.CompositeTableType<
+    [TableName.ScimToken]: Knex.CompositeTableType<TScimTokens, TScimTokensInsert, TScimTokensUpdate>;
+    [TableName.SecretApprovalPolicy]: Knex.CompositeTableType<
       TSecretApprovalPolicies,
       TSecretApprovalPoliciesInsert,
       TSecretApprovalPoliciesUpdate
     >;
-    [TableName.SecretApprovalPolicyApprover]: KnexOriginal.CompositeTableType<
+    [TableName.SecretApprovalPolicyApprover]: Knex.CompositeTableType<
       TSecretApprovalPoliciesApprovers,
       TSecretApprovalPoliciesApproversInsert,
       TSecretApprovalPoliciesApproversUpdate
     >;
-    [TableName.SecretApprovalRequest]: KnexOriginal.CompositeTableType<
+    [TableName.SecretApprovalRequest]: Knex.CompositeTableType<
       TSecretApprovalRequests,
       TSecretApprovalRequestsInsert,
       TSecretApprovalRequestsUpdate
     >;
-    [TableName.SecretApprovalRequestReviewer]: KnexOriginal.CompositeTableType<
+    [TableName.SecretApprovalRequestReviewer]: Knex.CompositeTableType<
       TSecretApprovalRequestsReviewers,
       TSecretApprovalRequestsReviewersInsert,
       TSecretApprovalRequestsReviewersUpdate
     >;
-    [TableName.SecretApprovalRequestSecret]: KnexOriginal.CompositeTableType<
+    [TableName.SecretApprovalRequestSecret]: Knex.CompositeTableType<
       TSecretApprovalRequestsSecrets,
       TSecretApprovalRequestsSecretsInsert,
       TSecretApprovalRequestsSecretsUpdate
     >;
-    [TableName.SecretApprovalRequestSecretTag]: KnexOriginal.CompositeTableType<
+    [TableName.SecretApprovalRequestSecretTag]: Knex.CompositeTableType<
       TSecretApprovalRequestSecretTags,
       TSecretApprovalRequestSecretTagsInsert,
       TSecretApprovalRequestSecretTagsUpdate
     >;
-    [TableName.SecretRotation]: KnexOriginal.CompositeTableType<
+    [TableName.SecretRotation]: Knex.CompositeTableType<
       TSecretRotations,
       TSecretRotationsInsert,
       TSecretRotationsUpdate
     >;
-    [TableName.SecretRotationOutput]: KnexOriginal.CompositeTableType<
+    [TableName.SecretRotationOutput]: Knex.CompositeTableType<
       TSecretRotationOutputs,
       TSecretRotationOutputsInsert,
       TSecretRotationOutputsUpdate
     >;
-    [TableName.Snapshot]: KnexOriginal.CompositeTableType<
-      TSecretSnapshots,
-      TSecretSnapshotsInsert,
-      TSecretSnapshotsUpdate
-    >;
-    [TableName.SnapshotSecret]: KnexOriginal.CompositeTableType<
+    [TableName.Snapshot]: Knex.CompositeTableType<TSecretSnapshots, TSecretSnapshotsInsert, TSecretSnapshotsUpdate>;
+    [TableName.SnapshotSecret]: Knex.CompositeTableType<
       TSecretSnapshotSecrets,
       TSecretSnapshotSecretsInsert,
       TSecretSnapshotSecretsUpdate
     >;
-    [TableName.SnapshotFolder]: KnexOriginal.CompositeTableType<
+    [TableName.SnapshotFolder]: Knex.CompositeTableType<
       TSecretSnapshotFolders,
       TSecretSnapshotFoldersInsert,
       TSecretSnapshotFoldersUpdate
     >;
-    [TableName.DynamicSecret]: KnexOriginal.CompositeTableType<
-      TDynamicSecrets,
-      TDynamicSecretsInsert,
-      TDynamicSecretsUpdate
-    >;
-    [TableName.DynamicSecretLease]: KnexOriginal.CompositeTableType<
+    [TableName.DynamicSecret]: Knex.CompositeTableType<TDynamicSecrets, TDynamicSecretsInsert, TDynamicSecretsUpdate>;
+    [TableName.DynamicSecretLease]: Knex.CompositeTableType<
       TDynamicSecretLeases,
       TDynamicSecretLeasesInsert,
       TDynamicSecretLeasesUpdate
     >;
-    [TableName.SamlConfig]: KnexOriginal.CompositeTableType<TSamlConfigs, TSamlConfigsInsert, TSamlConfigsUpdate>;
-    [TableName.OidcConfig]: KnexOriginal.CompositeTableType<TOidcConfigs, TOidcConfigsInsert, TOidcConfigsUpdate>;
-    [TableName.LdapConfig]: KnexOriginal.CompositeTableType<TLdapConfigs, TLdapConfigsInsert, TLdapConfigsUpdate>;
-    [TableName.LdapGroupMap]: KnexOriginal.CompositeTableType<
-      TLdapGroupMaps,
-      TLdapGroupMapsInsert,
-      TLdapGroupMapsUpdate
-    >;
-    [TableName.OrgBot]: KnexOriginal.CompositeTableType<TOrgBots, TOrgBotsInsert, TOrgBotsUpdate>;
-    [TableName.AuditLog]: KnexOriginal.CompositeTableType<TAuditLogs, TAuditLogsInsert, TAuditLogsUpdate>;
-    [TableName.AuditLogStream]: KnexOriginal.CompositeTableType<
+    [TableName.SamlConfig]: Knex.CompositeTableType<TSamlConfigs, TSamlConfigsInsert, TSamlConfigsUpdate>;
+    [TableName.OidcConfig]: Knex.CompositeTableType<TOidcConfigs, TOidcConfigsInsert, TOidcConfigsUpdate>;
+    [TableName.LdapConfig]: Knex.CompositeTableType<TLdapConfigs, TLdapConfigsInsert, TLdapConfigsUpdate>;
+    [TableName.LdapGroupMap]: Knex.CompositeTableType<TLdapGroupMaps, TLdapGroupMapsInsert, TLdapGroupMapsUpdate>;
+    [TableName.OrgBot]: Knex.CompositeTableType<TOrgBots, TOrgBotsInsert, TOrgBotsUpdate>;
+    [TableName.AuditLog]: Knex.CompositeTableType<TAuditLogs, TAuditLogsInsert, TAuditLogsUpdate>;
+    [TableName.AuditLogStream]: Knex.CompositeTableType<
       TAuditLogStreams,
       TAuditLogStreamsInsert,
       TAuditLogStreamsUpdate
     >;
-    [TableName.GitAppInstallSession]: KnexOriginal.CompositeTableType<
+    [TableName.GitAppInstallSession]: Knex.CompositeTableType<
       TGitAppInstallSessions,
       TGitAppInstallSessionsInsert,
       TGitAppInstallSessionsUpdate
     >;
-    [TableName.GitAppOrg]: KnexOriginal.CompositeTableType<TGitAppOrg, TGitAppOrgInsert, TGitAppOrgUpdate>;
-    [TableName.SecretScanningGitRisk]: KnexOriginal.CompositeTableType<
+    [TableName.GitAppOrg]: Knex.CompositeTableType<TGitAppOrg, TGitAppOrgInsert, TGitAppOrgUpdate>;
+    [TableName.SecretScanningGitRisk]: Knex.CompositeTableType<
       TSecretScanningGitRisks,
       TSecretScanningGitRisksInsert,
       TSecretScanningGitRisksUpdate
     >;
-    [TableName.TrustedIps]: KnexOriginal.CompositeTableType<TTrustedIps, TTrustedIpsInsert, TTrustedIpsUpdate>;
+    [TableName.TrustedIps]: Knex.CompositeTableType<TTrustedIps, TTrustedIpsInsert, TTrustedIpsUpdate>;
     // Junction tables
-    [TableName.JnSecretTag]: KnexOriginal.CompositeTableType<
+    [TableName.JnSecretTag]: Knex.CompositeTableType<
       TSecretTagJunction,
       TSecretTagJunctionInsert,
       TSecretTagJunctionUpdate
     >;
-    [TableName.SecretVersionTag]: KnexOriginal.CompositeTableType<
+    [TableName.SecretVersionTag]: Knex.CompositeTableType<
       TSecretVersionTagJunction,
       TSecretVersionTagJunctionInsert,
       TSecretVersionTagJunctionUpdate
     >;
     // KMS service
-    [TableName.KmsServerRootConfig]: KnexOriginal.CompositeTableType<
+    [TableName.KmsServerRootConfig]: Knex.CompositeTableType<
       TKmsRootConfig,
       TKmsRootConfigInsert,
       TKmsRootConfigUpdate
     >;
-    [TableName.KmsKey]: KnexOriginal.CompositeTableType<TKmsKeys, TKmsKeysInsert, TKmsKeysUpdate>;
-    [TableName.KmsKeyVersion]: KnexOriginal.CompositeTableType<
-      TKmsKeyVersions,
-      TKmsKeyVersionsInsert,
-      TKmsKeyVersionsUpdate
-    >;
+    [TableName.KmsKey]: Knex.CompositeTableType<TKmsKeys, TKmsKeysInsert, TKmsKeysUpdate>;
+    [TableName.KmsKeyVersion]: Knex.CompositeTableType<TKmsKeyVersions, TKmsKeyVersionsInsert, TKmsKeyVersionsUpdate>;
   }
 }

backend/src/db/instance.ts

@@ -1,38 +1,8 @@
-import knex, { Knex } from "knex";
+import knex from "knex";
 
 export type TDbClient = ReturnType<typeof initDbConnection>;
-export const initDbConnection = ({
-  dbConnectionUri,
-  dbRootCert,
-  readReplicas = []
-}: {
-  dbConnectionUri: string;
-  dbRootCert?: string;
-  readReplicas?: {
-    dbConnectionUri: string;
-    dbRootCert?: string;
-  }[];
-}) => {
-  // akhilmhdh: the default Knex is knex.Knex<any, any[]>. but when assigned with knex({<config>}) the value is knex.Knex<any, unknown[]>
-  // this was causing issue with files like `snapshot-dal` `findRecursivelySnapshots` this i am explicitly putting the any and unknown[]
-  // eslint-disable-next-line
-  let db: Knex<any, unknown[]>;
-  // eslint-disable-next-line
-  let readReplicaDbs: Knex<any, unknown[]>[];
-  // @ts-expect-error the querybuilder type is expected but our intension is to return  a knex instance
-  knex.QueryBuilder.extend("primaryNode", () => {
-    return db;
-  });
-
-  // @ts-expect-error the querybuilder type is expected but our intension is to return  a knex instance
-  knex.QueryBuilder.extend("replicaNode", () => {
-    if (!readReplicaDbs.length) return db;
-
-    const selectedReplica = readReplicaDbs[Math.floor(Math.random() * readReplicaDbs.length)];
-    return selectedReplica;
-  });
-
-  db = knex({
+export const initDbConnection = ({ dbConnectionUri, dbRootCert }: { dbConnectionUri: string; dbRootCert?: string }) => {
+  const db = knex({
     client: "pg",
     connection: {
       connectionString: dbConnectionUri,
@@ -52,21 +22,5 @@ export const initDbConnection = ({
     }
   });
 
-  readReplicaDbs = readReplicas.map((el) => {
-    const replicaDbCertificate = el.dbRootCert || dbRootCert;
-    return knex({
-      client: "pg",
-      connection: {
-        connectionString: el.dbConnectionUri,
-        ssl: replicaDbCertificate
-          ? {
-              rejectUnauthorized: true,
-              ca: Buffer.from(replicaDbCertificate, "base64").toString("ascii")
-            }
-          : false
-      }
-    });
-  });
-
   return db;
 };

backend/src/db/migrations/20240626111536_integration-auth-aws-assume-role.ts

@@ -1,35 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-
-export async function up(knex: Knex): Promise<void> {
-  const hasAwsAssumeRoleCipherText = await knex.schema.hasColumn(
-    TableName.IntegrationAuth,
-    "awsAssumeIamRoleArnCipherText"
-  );
-  const hasAwsAssumeRoleIV = await knex.schema.hasColumn(TableName.IntegrationAuth, "awsAssumeIamRoleArnIV");
-  const hasAwsAssumeRoleTag = await knex.schema.hasColumn(TableName.IntegrationAuth, "awsAssumeIamRoleArnTag");
-  if (await knex.schema.hasTable(TableName.IntegrationAuth)) {
-    await knex.schema.alterTable(TableName.IntegrationAuth, (t) => {
-      if (!hasAwsAssumeRoleCipherText) t.text("awsAssumeIamRoleArnCipherText");
-      if (!hasAwsAssumeRoleIV) t.text("awsAssumeIamRoleArnIV");
-      if (!hasAwsAssumeRoleTag) t.text("awsAssumeIamRoleArnTag");
-    });
-  }
-}
-
-export async function down(knex: Knex): Promise<void> {
-  const hasAwsAssumeRoleCipherText = await knex.schema.hasColumn(
-    TableName.IntegrationAuth,
-    "awsAssumeIamRoleArnCipherText"
-  );
-  const hasAwsAssumeRoleIV = await knex.schema.hasColumn(TableName.IntegrationAuth, "awsAssumeIamRoleArnIV");
-  const hasAwsAssumeRoleTag = await knex.schema.hasColumn(TableName.IntegrationAuth, "awsAssumeIamRoleArnTag");
-  if (await knex.schema.hasTable(TableName.IntegrationAuth)) {
-    await knex.schema.alterTable(TableName.IntegrationAuth, (t) => {
-      if (hasAwsAssumeRoleCipherText) t.dropColumn("awsAssumeIamRoleArnCipherText");
-      if (hasAwsAssumeRoleIV) t.dropColumn("awsAssumeIamRoleArnIV");
-      if (hasAwsAssumeRoleTag) t.dropColumn("awsAssumeIamRoleArnTag");
-    });
-  }
-}

backend/src/db/migrations/20240626171758_add-ldap-unique-user-attribute.ts

@@ -1,19 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-
-export async function up(knex: Knex): Promise<void> {
-  if (!(await knex.schema.hasColumn(TableName.LdapConfig, "uniqueUserAttribute"))) {
-    await knex.schema.alterTable(TableName.LdapConfig, (tb) => {
-      tb.string("uniqueUserAttribute").notNullable().defaultTo("");
-    });
-  }
-}
-
-export async function down(knex: Knex): Promise<void> {
-  if (await knex.schema.hasColumn(TableName.LdapConfig, "uniqueUserAttribute")) {
-    await knex.schema.alterTable(TableName.LdapConfig, (t) => {
-      t.dropColumn("uniqueUserAttribute");
-    });
-  }
-}

backend/src/db/migrations/20240626171943_configurable-audit-log-retention.ts

@@ -1,19 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-
-export async function up(knex: Knex): Promise<void> {
-  if (!(await knex.schema.hasColumn(TableName.Project, "auditLogsRetentionDays"))) {
-    await knex.schema.alterTable(TableName.Project, (tb) => {
-      tb.integer("auditLogsRetentionDays").nullable();
-    });
-  }
-}
-
-export async function down(knex: Knex): Promise<void> {
-  if (await knex.schema.hasColumn(TableName.Project, "auditLogsRetentionDays")) {
-    await knex.schema.alterTable(TableName.Project, (t) => {
-      t.dropColumn("auditLogsRetentionDays");
-    });
-  }
-}

backend/src/db/migrations/20240627173239_add-oidc-updated-at-trigger.ts

@@ -1,12 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-import { createOnUpdateTrigger, dropOnUpdateTrigger } from "../utils";
-
-export async function up(knex: Knex): Promise<void> {
-  await createOnUpdateTrigger(knex, TableName.OidcConfig);
-}
-
-export async function down(knex: Knex): Promise<void> {
-  await dropOnUpdateTrigger(knex, TableName.OidcConfig);
-}

backend/src/db/migrations/20240701143900_member-project-favorite.ts

@@ -1,19 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-
-export async function up(knex: Knex): Promise<void> {
-  if (!(await knex.schema.hasColumn(TableName.OrgMembership, "projectFavorites"))) {
-    await knex.schema.alterTable(TableName.OrgMembership, (tb) => {
-      tb.specificType("projectFavorites", "text[]");
-    });
-  }
-}
-
-export async function down(knex: Knex): Promise<void> {
-  if (await knex.schema.hasColumn(TableName.OrgMembership, "projectFavorites")) {
-    await knex.schema.alterTable(TableName.OrgMembership, (t) => {
-      t.dropColumn("projectFavorites");
-    });
-  }
-}

backend/src/db/schemas/integration-auths.ts

@@ -29,10 +29,7 @@ export const IntegrationAuthsSchema = z.object({
   keyEncoding: z.string(),
   projectId: z.string(),
   createdAt: z.date(),
-  updatedAt: z.date(),
-  awsAssumeIamRoleArnCipherText: z.string().nullable().optional(),
-  awsAssumeIamRoleArnIV: z.string().nullable().optional(),
-  awsAssumeIamRoleArnTag: z.string().nullable().optional()
+  updatedAt: z.date()
 });
 
 export type TIntegrationAuths = z.infer<typeof IntegrationAuthsSchema>;

backend/src/db/schemas/ldap-configs.ts

@@ -26,8 +26,7 @@ export const LdapConfigsSchema = z.object({
   updatedAt: z.date(),
   groupSearchBase: z.string().default(""),
   groupSearchFilter: z.string().default(""),
-  searchFilter: z.string().default(""),
-  uniqueUserAttribute: z.string().default("")
+  searchFilter: z.string().default("")
 });
 
 export type TLdapConfigs = z.infer<typeof LdapConfigsSchema>;

backend/src/db/schemas/org-memberships.ts

@@ -16,8 +16,7 @@ export const OrgMembershipsSchema = z.object({
   updatedAt: z.date(),
   userId: z.string().uuid().nullable().optional(),
   orgId: z.string().uuid(),
-  roleId: z.string().uuid().nullable().optional(),
-  projectFavorites: z.string().array().nullable().optional()
+  roleId: z.string().uuid().nullable().optional()
 });
 
 export type TOrgMemberships = z.infer<typeof OrgMembershipsSchema>;

backend/src/db/schemas/projects.ts

@@ -18,8 +18,7 @@ export const ProjectsSchema = z.object({
   version: z.number().default(1),
   upgradeStatus: z.string().nullable().optional(),
   pitVersionLimit: z.number().default(10),
-  kmsCertificateKeyId: z.string().uuid().nullable().optional(),
-  auditLogsRetentionDays: z.number().nullable().optional()
+  kmsCertificateKeyId: z.string().uuid().nullable().optional()
 });
 
 export type TProjects = z.infer<typeof ProjectsSchema>;

backend/src/ee/routes/v1/ldap-router.ts

@@ -70,13 +70,10 @@ export const registerLdapRouter = async (server: FastifyZodProvider) => {
             groups = await searchGroups(ldapConfig, groupSearchFilter, ldapConfig.groupSearchBase);
           }
 
-          const externalId = ldapConfig.uniqueUserAttribute ? user[ldapConfig.uniqueUserAttribute] : user.uidNumber;
-          const username = ldapConfig.uniqueUserAttribute ? externalId : user.uid;
-
           const { isUserCompleted, providerAuthToken } = await server.services.ldap.ldapLogin({
-            externalId,
-            username,
             ldapConfigId: ldapConfig.id,
+            externalId: user.uidNumber,
+            username: user.uid,
             firstName: user.givenName ?? user.cn ?? "",
             lastName: user.sn ?? "",
             email: user.mail,
@@ -141,7 +138,6 @@ export const registerLdapRouter = async (server: FastifyZodProvider) => {
           url: z.string(),
           bindDN: z.string(),
           bindPass: z.string(),
-          uniqueUserAttribute: z.string(),
           searchBase: z.string(),
           searchFilter: z.string(),
           groupSearchBase: z.string(),
@@ -176,7 +172,6 @@ export const registerLdapRouter = async (server: FastifyZodProvider) => {
         url: z.string().trim(),
         bindDN: z.string().trim(),
         bindPass: z.string().trim(),
-        uniqueUserAttribute: z.string().trim().default("uidNumber"),
         searchBase: z.string().trim(),
         searchFilter: z.string().trim().default("(uid={{username}})"),
         groupSearchBase: z.string().trim(),
@@ -218,7 +213,6 @@ export const registerLdapRouter = async (server: FastifyZodProvider) => {
           url: z.string().trim(),
           bindDN: z.string().trim(),
           bindPass: z.string().trim(),
-          uniqueUserAttribute: z.string().trim(),
           searchBase: z.string().trim(),
           searchFilter: z.string().trim(),
           groupSearchBase: z.string().trim(),

backend/src/ee/services/access-approval-policy/access-approval-policy-dal.ts

@@ -32,7 +32,7 @@ export const accessApprovalPolicyDALFactory = (db: TDbClient) => {
 
   const findById = async (id: string, tx?: Knex) => {
     try {
-      const doc = await accessApprovalPolicyFindQuery(tx || db.replicaNode(), {
+      const doc = await accessApprovalPolicyFindQuery(tx || db, {
         [`${TableName.AccessApprovalPolicy}.id` as "id"]: id
       });
       const formatedDoc = mergeOneToManyRelation(
@@ -54,7 +54,7 @@ export const accessApprovalPolicyDALFactory = (db: TDbClient) => {
 
   const find = async (filter: TFindFilter<TAccessApprovalPolicies & { projectId: string }>, tx?: Knex) => {
     try {
-      const docs = await accessApprovalPolicyFindQuery(tx || db.replicaNode(), filter);
+      const docs = await accessApprovalPolicyFindQuery(tx || db, filter);
       const formatedDoc = mergeOneToManyRelation(
         docs,
         "id",

backend/src/ee/services/access-approval-request/access-approval-request-dal.ts

@@ -14,8 +14,7 @@ export const accessApprovalRequestDALFactory = (db: TDbClient) => {
 
   const findRequestsWithPrivilegeByPolicyIds = async (policyIds: string[]) => {
     try {
-      const docs = await db
-        .replicaNode()(TableName.AccessApprovalRequest)
+      const docs = await db(TableName.AccessApprovalRequest)
         .whereIn(`${TableName.AccessApprovalRequest}.policyId`, policyIds)
 
         .leftJoin(
@@ -171,7 +170,7 @@ export const accessApprovalRequestDALFactory = (db: TDbClient) => {
 
   const findById = async (id: string, tx?: Knex) => {
     try {
-      const sql = findQuery({ [`${TableName.AccessApprovalRequest}.id` as "id"]: id }, tx || db.replicaNode());
+      const sql = findQuery({ [`${TableName.AccessApprovalRequest}.id` as "id"]: id }, tx || db);
       const docs = await sql;
       const formatedDoc = sqlNestRelationships({
         data: docs,
@@ -208,8 +207,7 @@ export const accessApprovalRequestDALFactory = (db: TDbClient) => {
 
   const getCount = async ({ projectId }: { projectId: string }) => {
     try {
-      const accessRequests = await db
-        .replicaNode()(TableName.AccessApprovalRequest)
+      const accessRequests = await db(TableName.AccessApprovalRequest)
         .leftJoin(
           TableName.AccessApprovalPolicy,
           `${TableName.AccessApprovalRequest}.policyId`,

backend/src/ee/services/audit-log/audit-log-dal.ts

@@ -27,7 +27,7 @@ export const auditLogDALFactory = (db: TDbClient) => {
     tx?: Knex
   ) => {
     try {
-      const sqlQuery = (tx || db.replicaNode())(TableName.AuditLog)
+      const sqlQuery = (tx || db)(TableName.AuditLog)
         .where(
           stripUndefinedInWhere({
             projectId,

backend/src/ee/services/audit-log/audit-log-queue.ts

@@ -45,29 +45,18 @@ export const auditLogQueueServiceFactory = ({
     const { actor, event, ipAddress, projectId, userAgent, userAgentType } = job.data;
     let { orgId } = job.data;
     const MS_IN_DAY = 24 * 60 * 60 * 1000;
-    let project;
 
     if (!orgId) {
       // it will never be undefined for both org and project id
       // TODO(akhilmhdh): use caching here in dal to avoid db calls
-      project = await projectDAL.findById(projectId as string);
+      const project = await projectDAL.findById(projectId as string);
       orgId = project.orgId;
     }
 
     const plan = await licenseService.getPlan(orgId);
-    if (plan.auditLogsRetentionDays === 0) {
-      // skip inserting if audit log retention is 0 meaning its not supported
-      return;
-    }
-
-    // For project actions, set TTL to project-level audit log retention config
-    // This condition ensures that the plan's audit log retention days cannot be bypassed
-    const ttlInDays =
-      project?.auditLogsRetentionDays && project.auditLogsRetentionDays < plan.auditLogsRetentionDays
-        ? project.auditLogsRetentionDays
-        : plan.auditLogsRetentionDays;
-
-    const ttl = ttlInDays * MS_IN_DAY;
+    const ttl = plan.auditLogsRetentionDays * MS_IN_DAY;
+    // skip inserting if audit log retention is 0 meaning its not supported
+    if (ttl === 0) return;
 
     const auditLog = await auditLogDAL.create({
       actor: actor.type,

backend/src/ee/services/audit-log/audit-log-types.ts

@@ -65,31 +65,25 @@ export enum EventType {
   ADD_IDENTITY_UNIVERSAL_AUTH = "add-identity-universal-auth",
   UPDATE_IDENTITY_UNIVERSAL_AUTH = "update-identity-universal-auth",
   GET_IDENTITY_UNIVERSAL_AUTH = "get-identity-universal-auth",
-  REVOKE_IDENTITY_UNIVERSAL_AUTH = "revoke-identity-universal-auth",
   LOGIN_IDENTITY_KUBERNETES_AUTH = "login-identity-kubernetes-auth",
   ADD_IDENTITY_KUBERNETES_AUTH = "add-identity-kubernetes-auth",
   UPDATE_IDENTITY_KUBENETES_AUTH = "update-identity-kubernetes-auth",
   GET_IDENTITY_KUBERNETES_AUTH = "get-identity-kubernetes-auth",
-  REVOKE_IDENTITY_KUBERNETES_AUTH = "revoke-identity-kubernetes-auth",
   CREATE_IDENTITY_UNIVERSAL_AUTH_CLIENT_SECRET = "create-identity-universal-auth-client-secret",
   REVOKE_IDENTITY_UNIVERSAL_AUTH_CLIENT_SECRET = "revoke-identity-universal-auth-client-secret",
   GET_IDENTITY_UNIVERSAL_AUTH_CLIENT_SECRETS = "get-identity-universal-auth-client-secret",
-  GET_IDENTITY_UNIVERSAL_AUTH_CLIENT_SECRET_BY_ID = "get-identity-universal-auth-client-secret-by-id",
   LOGIN_IDENTITY_GCP_AUTH = "login-identity-gcp-auth",
   ADD_IDENTITY_GCP_AUTH = "add-identity-gcp-auth",
   UPDATE_IDENTITY_GCP_AUTH = "update-identity-gcp-auth",
-  REVOKE_IDENTITY_GCP_AUTH = "revoke-identity-gcp-auth",
   GET_IDENTITY_GCP_AUTH = "get-identity-gcp-auth",
   LOGIN_IDENTITY_AWS_AUTH = "login-identity-aws-auth",
   ADD_IDENTITY_AWS_AUTH = "add-identity-aws-auth",
   UPDATE_IDENTITY_AWS_AUTH = "update-identity-aws-auth",
-  REVOKE_IDENTITY_AWS_AUTH = "revoke-identity-aws-auth",
   GET_IDENTITY_AWS_AUTH = "get-identity-aws-auth",
   LOGIN_IDENTITY_AZURE_AUTH = "login-identity-azure-auth",
   ADD_IDENTITY_AZURE_AUTH = "add-identity-azure-auth",
   UPDATE_IDENTITY_AZURE_AUTH = "update-identity-azure-auth",
   GET_IDENTITY_AZURE_AUTH = "get-identity-azure-auth",
-  REVOKE_IDENTITY_AZURE_AUTH = "revoke-identity-azure-auth",
   CREATE_ENVIRONMENT = "create-environment",
   UPDATE_ENVIRONMENT = "update-environment",
   DELETE_ENVIRONMENT = "delete-environment",
@@ -440,13 +434,6 @@ interface GetIdentityUniversalAuthEvent {
   };
 }
 
-interface DeleteIdentityUniversalAuthEvent {
-  type: EventType.REVOKE_IDENTITY_UNIVERSAL_AUTH;
-  metadata: {
-    identityId: string;
-  };
-}
-
 interface LoginIdentityKubernetesAuthEvent {
   type: EventType.LOGIN_IDENTITY_KUBERNETES_AUTH;
   metadata: {
@@ -470,13 +457,6 @@ interface AddIdentityKubernetesAuthEvent {
   };
 }
 
-interface DeleteIdentityKubernetesAuthEvent {
-  type: EventType.REVOKE_IDENTITY_KUBERNETES_AUTH;
-  metadata: {
-    identityId: string;
-  };
-}
-
 interface UpdateIdentityKubernetesAuthEvent {
   type: EventType.UPDATE_IDENTITY_KUBENETES_AUTH;
   metadata: {
@@ -513,14 +493,6 @@ interface GetIdentityUniversalAuthClientSecretsEvent {
   };
 }
 
-interface GetIdentityUniversalAuthClientSecretByIdEvent {
-  type: EventType.GET_IDENTITY_UNIVERSAL_AUTH_CLIENT_SECRET_BY_ID;
-  metadata: {
-    identityId: string;
-    clientSecretId: string;
-  };
-}
-
 interface RevokeIdentityUniversalAuthClientSecretEvent {
   type: EventType.REVOKE_IDENTITY_UNIVERSAL_AUTH_CLIENT_SECRET;
   metadata: {
@@ -553,13 +525,6 @@ interface AddIdentityGcpAuthEvent {
   };
 }
 
-interface DeleteIdentityGcpAuthEvent {
-  type: EventType.REVOKE_IDENTITY_GCP_AUTH;
-  metadata: {
-    identityId: string;
-  };
-}
-
 interface UpdateIdentityGcpAuthEvent {
   type: EventType.UPDATE_IDENTITY_GCP_AUTH;
   metadata: {
@@ -605,13 +570,6 @@ interface AddIdentityAwsAuthEvent {
   };
 }
 
-interface DeleteIdentityAwsAuthEvent {
-  type: EventType.REVOKE_IDENTITY_AWS_AUTH;
-  metadata: {
-    identityId: string;
-  };
-}
-
 interface UpdateIdentityAwsAuthEvent {
   type: EventType.UPDATE_IDENTITY_AWS_AUTH;
   metadata: {
@@ -655,13 +613,6 @@ interface AddIdentityAzureAuthEvent {
   };
 }
 
-interface DeleteIdentityAzureAuthEvent {
-  type: EventType.REVOKE_IDENTITY_AZURE_AUTH;
-  metadata: {
-    identityId: string;
-  };
-}
-
 interface UpdateIdentityAzureAuthEvent {
   type: EventType.UPDATE_IDENTITY_AZURE_AUTH;
   metadata: {
@@ -1052,30 +1003,24 @@ export type Event =
   | LoginIdentityUniversalAuthEvent
   | AddIdentityUniversalAuthEvent
   | UpdateIdentityUniversalAuthEvent
-  | DeleteIdentityUniversalAuthEvent
   | GetIdentityUniversalAuthEvent
   | LoginIdentityKubernetesAuthEvent
-  | DeleteIdentityKubernetesAuthEvent
   | AddIdentityKubernetesAuthEvent
   | UpdateIdentityKubernetesAuthEvent
   | GetIdentityKubernetesAuthEvent
   | CreateIdentityUniversalAuthClientSecretEvent
   | GetIdentityUniversalAuthClientSecretsEvent
-  | GetIdentityUniversalAuthClientSecretByIdEvent
   | RevokeIdentityUniversalAuthClientSecretEvent
   | LoginIdentityGcpAuthEvent
   | AddIdentityGcpAuthEvent
-  | DeleteIdentityGcpAuthEvent
   | UpdateIdentityGcpAuthEvent
   | GetIdentityGcpAuthEvent
   | LoginIdentityAwsAuthEvent
   | AddIdentityAwsAuthEvent
   | UpdateIdentityAwsAuthEvent
   | GetIdentityAwsAuthEvent
-  | DeleteIdentityAwsAuthEvent
   | LoginIdentityAzureAuthEvent
   | AddIdentityAzureAuthEvent
-  | DeleteIdentityAzureAuthEvent
   | UpdateIdentityAzureAuthEvent
   | GetIdentityAzureAuthEvent
   | CreateEnvironmentEvent

backend/src/ee/services/dynamic-secret-lease/dynamic-secret-lease-dal.ts

@@ -12,10 +12,7 @@ export const dynamicSecretLeaseDALFactory = (db: TDbClient) => {
 
   const countLeasesForDynamicSecret = async (dynamicSecretId: string, tx?: Knex) => {
     try {
-      const doc = await (tx || db.replicaNode())(TableName.DynamicSecretLease)
-        .count("*")
-        .where({ dynamicSecretId })
-        .first();
+      const doc = await (tx || db)(TableName.DynamicSecretLease).count("*").where({ dynamicSecretId }).first();
       return parseInt(doc || "0", 10);
     } catch (error) {
       throw new DatabaseError({ error, name: "DynamicSecretCountLeases" });
@@ -24,7 +21,7 @@ export const dynamicSecretLeaseDALFactory = (db: TDbClient) => {
 
   const findById = async (id: string, tx?: Knex) => {
     try {
-      const doc = await (tx || db.replicaNode())(TableName.DynamicSecretLease)
+      const doc = await (tx || db)(TableName.DynamicSecretLease)
         .where({ [`${TableName.DynamicSecretLease}.id` as "id"]: id })
         .first()
         .join(

backend/src/ee/services/group/group-dal.ts

@@ -12,7 +12,7 @@ export const groupDALFactory = (db: TDbClient) => {
 
   const findGroups = async (filter: TFindFilter<TGroups>, { offset, limit, sort, tx }: TFindOpt<TGroups> = {}) => {
     try {
-      const query = (tx || db.replicaNode())(TableName.Groups)
+      const query = (tx || db)(TableName.Groups)
         // eslint-disable-next-line
         .where(buildFindFilter(filter))
         .select(selectAllTableCols(TableName.Groups));
@@ -32,7 +32,7 @@ export const groupDALFactory = (db: TDbClient) => {
 
   const findByOrgId = async (orgId: string, tx?: Knex) => {
     try {
-      const docs = await (tx || db.replicaNode())(TableName.Groups)
+      const docs = await (tx || db)(TableName.Groups)
         .where(`${TableName.Groups}.orgId`, orgId)
         .leftJoin(TableName.OrgRoles, `${TableName.Groups}.roleId`, `${TableName.OrgRoles}.id`)
         .select(selectAllTableCols(TableName.Groups))
@@ -74,12 +74,11 @@ export const groupDALFactory = (db: TDbClient) => {
     username?: string;
   }) => {
     try {
-      let query = db
-        .replicaNode()(TableName.OrgMembership)
+      let query = db(TableName.OrgMembership)
         .where(`${TableName.OrgMembership}.orgId`, orgId)
         .join(TableName.Users, `${TableName.OrgMembership}.userId`, `${TableName.Users}.id`)
-        .leftJoin(TableName.UserGroupMembership, (bd) => {
-          bd.on(`${TableName.UserGroupMembership}.userId`, "=", `${TableName.Users}.id`).andOn(
+        .leftJoin(TableName.UserGroupMembership, function () {
+          this.on(`${TableName.UserGroupMembership}.userId`, "=", `${TableName.Users}.id`).andOn(
             `${TableName.UserGroupMembership}.groupId`,
             "=",
             db.raw("?", [groupId])

backend/src/ee/services/group/user-group-membership-dal.ts

@@ -18,7 +18,7 @@ export const userGroupMembershipDALFactory = (db: TDbClient) => {
    */
   const filterProjectsByUserMembership = async (userId: string, groupId: string, projectIds: string[], tx?: Knex) => {
     try {
-      const userProjectMemberships: string[] = await (tx || db.replicaNode())(TableName.ProjectMembership)
+      const userProjectMemberships: string[] = await (tx || db)(TableName.ProjectMembership)
         .where(`${TableName.ProjectMembership}.userId`, userId)
         .whereIn(`${TableName.ProjectMembership}.projectId`, projectIds)
         .pluck(`${TableName.ProjectMembership}.projectId`);
@@ -43,8 +43,7 @@ export const userGroupMembershipDALFactory = (db: TDbClient) => {
   // special query
   const findUserGroupMembershipsInProject = async (usernames: string[], projectId: string) => {
     try {
-      const usernameDocs: string[] = await db
-        .replicaNode()(TableName.UserGroupMembership)
+      const usernameDocs: string[] = await db(TableName.UserGroupMembership)
         .join(
           TableName.GroupProjectMembership,
           `${TableName.UserGroupMembership}.groupId`,
@@ -74,7 +73,7 @@ export const userGroupMembershipDALFactory = (db: TDbClient) => {
     try {
       // get list of groups in the project with id [projectId]
       // that that are not the group with id [groupId]
-      const groups: string[] = await (tx || db.replicaNode())(TableName.GroupProjectMembership)
+      const groups: string[] = await (tx || db)(TableName.GroupProjectMembership)
         .where(`${TableName.GroupProjectMembership}.projectId`, projectId)
         .whereNot(`${TableName.GroupProjectMembership}.groupId`, groupId)
         .pluck(`${TableName.GroupProjectMembership}.groupId`);
@@ -84,8 +83,8 @@ export const userGroupMembershipDALFactory = (db: TDbClient) => {
         .where(`${TableName.UserGroupMembership}.groupId`, groupId)
         .where(`${TableName.UserGroupMembership}.isPending`, false)
         .join(TableName.Users, `${TableName.UserGroupMembership}.userId`, `${TableName.Users}.id`)
-        .leftJoin(TableName.ProjectMembership, (bd) => {
-          bd.on(`${TableName.Users}.id`, "=", `${TableName.ProjectMembership}.userId`).andOn(
+        .leftJoin(TableName.ProjectMembership, function () {
+          this.on(`${TableName.Users}.id`, "=", `${TableName.ProjectMembership}.userId`).andOn(
             `${TableName.ProjectMembership}.projectId`,
             "=",
             db.raw("?", [projectId])
@@ -108,9 +107,9 @@ export const userGroupMembershipDALFactory = (db: TDbClient) => {
           db.ref("publicKey").withSchema(TableName.UserEncryptionKey)
         )
         .where({ isGhost: false }) // MAKE SURE USER IS NOT A GHOST USER
-        .whereNotIn(`${TableName.UserGroupMembership}.userId`, (bd) => {
+        .whereNotIn(`${TableName.UserGroupMembership}.userId`, function () {
           // eslint-disable-next-line @typescript-eslint/no-floating-promises
-          bd.select(`${TableName.UserGroupMembership}.userId`)
+          this.select(`${TableName.UserGroupMembership}.userId`)
             .from(TableName.UserGroupMembership)
             .whereIn(`${TableName.UserGroupMembership}.groupId`, groups);
         });

backend/src/ee/services/ldap-config/ldap-config-service.ts

@@ -53,7 +53,7 @@ import {
   TTestLdapConnectionDTO,
   TUpdateLdapCfgDTO
 } from "./ldap-config-types";
-import { searchGroups, testLDAPConfig } from "./ldap-fns";
+import { testLDAPConfig } from "./ldap-fns";
 import { TLdapGroupMapDALFactory } from "./ldap-group-map-dal";
 
 type TLdapConfigServiceFactoryDep = {
@@ -122,7 +122,6 @@ export const ldapConfigServiceFactory = ({
     url,
     bindDN,
     bindPass,
-    uniqueUserAttribute,
     searchBase,
     searchFilter,
     groupSearchBase,
@@ -201,7 +200,6 @@ export const ldapConfigServiceFactory = ({
       encryptedBindPass,
       bindPassIV,
       bindPassTag,
-      uniqueUserAttribute,
       searchBase,
       searchFilter,
       groupSearchBase,
@@ -224,7 +222,6 @@ export const ldapConfigServiceFactory = ({
     url,
     bindDN,
     bindPass,
-    uniqueUserAttribute,
     searchBase,
     searchFilter,
     groupSearchBase,
@@ -247,8 +244,7 @@ export const ldapConfigServiceFactory = ({
       searchBase,
       searchFilter,
       groupSearchBase,
-      groupSearchFilter,
-      uniqueUserAttribute
+      groupSearchFilter
     };
 
     const orgBot = await orgBotDAL.findOne({ orgId });
@@ -286,7 +282,7 @@ export const ldapConfigServiceFactory = ({
     return ldapConfig;
   };
 
-  const getLdapCfg = async (filter: { orgId: string; isActive?: boolean; id?: string }) => {
+  const getLdapCfg = async (filter: { orgId: string; isActive?: boolean }) => {
     const ldapConfig = await ldapConfigDAL.findOne(filter);
     if (!ldapConfig) throw new BadRequestError({ message: "Failed to find organization LDAP data" });
 
@@ -349,7 +345,6 @@ export const ldapConfigServiceFactory = ({
       url: ldapConfig.url,
       bindDN,
       bindPass,
-      uniqueUserAttribute: ldapConfig.uniqueUserAttribute,
       searchBase: ldapConfig.searchBase,
       searchFilter: ldapConfig.searchFilter,
       groupSearchBase: ldapConfig.groupSearchBase,
@@ -386,7 +381,6 @@ export const ldapConfigServiceFactory = ({
         url: ldapConfig.url,
         bindDN: ldapConfig.bindDN,
         bindCredentials: ldapConfig.bindPass,
-        uniqueUserAttribute: ldapConfig.uniqueUserAttribute,
         searchBase: ldapConfig.searchBase,
         searchFilter: ldapConfig.searchFilter || "(uid={{username}})",
         // searchAttributes: ["uid", "uidNumber", "givenName", "sn", "mail"],
@@ -456,21 +450,6 @@ export const ldapConfigServiceFactory = ({
         }
       });
     } else {
-      const plan = await licenseService.getPlan(orgId);
-      if (plan?.memberLimit && plan.membersUsed >= plan.memberLimit) {
-        // limit imposed on number of members allowed / number of members used exceeds the number of members allowed
-        throw new BadRequestError({
-          message: "Failed to create new member via LDAP due to member limit reached. Upgrade plan to add more members."
-        });
-      }
-
-      if (plan?.identityLimit && plan.identitiesUsed >= plan.identityLimit) {
-        // limit imposed on number of identities allowed / number of identities used exceeds the number of identities allowed
-        throw new BadRequestError({
-          message: "Failed to create new member via LDAP due to member limit reached. Upgrade plan to add more members."
-        });
-      }
-
       userAlias = await userDAL.transaction(async (tx) => {
         let newUser: TUsers | undefined;
         if (serverCfg.trustSamlEmails) {
@@ -716,25 +695,11 @@ export const ldapConfigServiceFactory = ({
         message: "Failed to create LDAP group map due to plan restriction. Upgrade plan to create LDAP group map."
       });
 
-    const ldapConfig = await getLdapCfg({
-      orgId,
-      id: ldapConfigId
+    const ldapConfig = await ldapConfigDAL.findOne({
+      id: ldapConfigId,
+      orgId
     });
-
-    if (!ldapConfig.groupSearchBase) {
-      throw new BadRequestError({
-        message: "Configure a group search base in your LDAP configuration in order to proceed."
-      });
-    }
-
-    const groupSearchFilter = `(cn=${ldapGroupCN})`;
-    const groups = await searchGroups(ldapConfig, groupSearchFilter, ldapConfig.groupSearchBase);
-
-    if (!groups.some((g) => g.cn === ldapGroupCN)) {
-      throw new BadRequestError({
-        message: "Failed to find LDAP Group CN"
-      });
-    }
+    if (!ldapConfig) throw new BadRequestError({ message: "Failed to find organization LDAP data" });
 
     const group = await groupDAL.findOne({ slug: groupSlug, orgId });
     if (!group) throw new BadRequestError({ message: "Failed to find group" });

backend/src/ee/services/ldap-config/ldap-config-types.ts

@@ -7,7 +7,6 @@ export type TLDAPConfig = {
   url: string;
   bindDN: string;
   bindPass: string;
-  uniqueUserAttribute: string;
   searchBase: string;
   groupSearchBase: string;
   groupSearchFilter: string;
@@ -20,7 +19,6 @@ export type TCreateLdapCfgDTO = {
   url: string;
   bindDN: string;
   bindPass: string;
-  uniqueUserAttribute: string;
   searchBase: string;
   searchFilter: string;
   groupSearchBase: string;
@@ -35,7 +33,6 @@ export type TUpdateLdapCfgDTO = {
   url: string;
   bindDN: string;
   bindPass: string;
-  uniqueUserAttribute: string;
   searchBase: string;
   searchFilter: string;
   groupSearchBase: string;

backend/src/ee/services/ldap-config/ldap-group-map-dal.ts

@@ -10,8 +10,7 @@ export const ldapGroupMapDALFactory = (db: TDbClient) => {
 
   const findLdapGroupMapsByLdapConfigId = async (ldapConfigId: string) => {
     try {
-      const docs = await db
-        .replicaNode()(TableName.LdapGroupMap)
+      const docs = await db(TableName.LdapGroupMap)
         .where(`${TableName.LdapGroupMap}.ldapConfigId`, ldapConfigId)
         .join(TableName.Groups, `${TableName.LdapGroupMap}.groupId`, `${TableName.Groups}.id`)
         .select(selectAllTableCols(TableName.LdapGroupMap))

backend/src/ee/services/license/__mocks__/licence-fns.ts

@@ -7,8 +7,6 @@ export const getDefaultOnPremFeatures = () => {
     workspacesUsed: 0,
     memberLimit: null,
     membersUsed: 0,
-    identityLimit: null,
-    identitiesUsed: 0,
     environmentLimit: null,
     environmentsUsed: 0,
     secretVersioning: true,

backend/src/ee/services/license/licence-fns.ts

@@ -15,8 +15,6 @@ export const getDefaultOnPremFeatures = (): TFeatureSet => ({
   membersUsed: 0,
   environmentLimit: null,
   environmentsUsed: 0,
-  identityLimit: null,
-  identitiesUsed: 0,
   dynamicSecret: false,
   secretVersioning: true,
   pitRecovery: false,

backend/src/ee/services/license/license-dal.ts

@@ -9,7 +9,7 @@ export type TLicenseDALFactory = ReturnType<typeof licenseDALFactory>;
 export const licenseDALFactory = (db: TDbClient) => {
   const countOfOrgMembers = async (orgId: string | null, tx?: Knex) => {
     try {
-      const doc = await (tx || db.replicaNode())(TableName.OrgMembership)
+      const doc = await (tx || db)(TableName.OrgMembership)
         .where({ status: OrgMembershipStatus.Accepted })
         .andWhere((bd) => {
           if (orgId) {
@@ -19,44 +19,11 @@ export const licenseDALFactory = (db: TDbClient) => {
         .join(TableName.Users, `${TableName.OrgMembership}.userId`, `${TableName.Users}.id`)
         .where(`${TableName.Users}.isGhost`, false)
         .count();
-      return Number(doc?.[0].count);
+      return doc?.[0].count;
     } catch (error) {
       throw new DatabaseError({ error, name: "Count of Org Members" });
     }
   };
 
-  const countOrgUsersAndIdentities = async (orgId: string | null, tx?: Knex) => {
-    try {
-      // count org users
-      const userDoc = await (tx || db)(TableName.OrgMembership)
-        .where({ status: OrgMembershipStatus.Accepted })
-        .andWhere((bd) => {
-          if (orgId) {
-            void bd.where({ orgId });
-          }
-        })
-        .join(TableName.Users, `${TableName.OrgMembership}.userId`, `${TableName.Users}.id`)
-        .where(`${TableName.Users}.isGhost`, false)
-        .count();
-
-      const userCount = Number(userDoc?.[0].count);
-
-      // count org identities
-      const identityDoc = await (tx || db)(TableName.IdentityOrgMembership)
-        .where((bd) => {
-          if (orgId) {
-            void bd.where({ orgId });
-          }
-        })
-        .count();
-
-      const identityCount = Number(identityDoc?.[0].count);
-
-      return userCount + identityCount;
-    } catch (error) {
-      throw new DatabaseError({ error, name: "Count of Org Users + Identities" });
-    }
-  };
-
-  return { countOfOrgMembers, countOrgUsersAndIdentities };
+  return { countOfOrgMembers };
 };

backend/src/ee/services/license/license-service.ts

@@ -155,7 +155,6 @@ export const licenseServiceFactory = ({
           LICENSE_SERVER_CLOUD_PLAN_TTL,
           JSON.stringify(currentPlan)
         );
-
         return currentPlan;
       }
     } catch (error) {
@@ -205,22 +204,16 @@ export const licenseServiceFactory = ({
       const org = await orgDAL.findOrgById(orgId);
       if (!org) throw new BadRequestError({ message: "Org not found" });
 
-      const quantity = await licenseDAL.countOfOrgMembers(orgId);
-      const quantityIdentities = await licenseDAL.countOrgUsersAndIdentities(orgId);
+      const count = await licenseDAL.countOfOrgMembers(orgId);
       if (org?.customerId) {
         await licenseServerCloudApi.request.patch(`/api/license-server/v1/customers/${org.customerId}/cloud-plan`, {
-          quantity,
-          quantityIdentities
+          quantity: count
         });
       }
       await keyStore.deleteItem(FEATURE_CACHE_KEY(orgId));
     } else if (instanceType === InstanceType.EnterpriseOnPrem) {
       const usedSeats = await licenseDAL.countOfOrgMembers(null);
-      const usedIdentitySeats = await licenseDAL.countOrgUsersAndIdentities(null);
-      await licenseServerOnPremApi.request.patch(`/api/license/v1/license`, {
-        usedSeats,
-        usedIdentitySeats
-      });
+      await licenseServerOnPremApi.request.patch(`/api/license/v1/license`, { usedSeats });
     }
     await refreshPlan(orgId);
   };

backend/src/ee/services/license/license-types.ts

@@ -31,8 +31,6 @@ export type TFeatureSet = {
   dynamicSecret: false;
   memberLimit: null;
   membersUsed: 0;
-  identityLimit: null;
-  identitiesUsed: 0;
   environmentLimit: null;
   environmentsUsed: 0;
   secretVersioning: true;

backend/src/ee/services/permission/permission-dal.ts

@@ -10,8 +10,7 @@ export type TPermissionDALFactory = ReturnType<typeof permissionDALFactory>;
 export const permissionDALFactory = (db: TDbClient) => {
   const getOrgPermission = async (userId: string, orgId: string) => {
     try {
-      const membership = await db
-        .replicaNode()(TableName.OrgMembership)
+      const membership = await db(TableName.OrgMembership)
         .leftJoin(TableName.OrgRoles, `${TableName.OrgMembership}.roleId`, `${TableName.OrgRoles}.id`)
         .join(TableName.Organization, `${TableName.OrgMembership}.orgId`, `${TableName.Organization}.id`)
         .where("userId", userId)
@@ -29,8 +28,7 @@ export const permissionDALFactory = (db: TDbClient) => {
 
   const getOrgIdentityPermission = async (identityId: string, orgId: string) => {
     try {
-      const membership = await db
-        .replicaNode()(TableName.IdentityOrgMembership)
+      const membership = await db(TableName.IdentityOrgMembership)
         .leftJoin(TableName.OrgRoles, `${TableName.IdentityOrgMembership}.roleId`, `${TableName.OrgRoles}.id`)
         .join(TableName.Organization, `${TableName.IdentityOrgMembership}.orgId`, `${TableName.Organization}.id`)
         .where("identityId", identityId)
@@ -47,13 +45,11 @@ export const permissionDALFactory = (db: TDbClient) => {
 
   const getProjectPermission = async (userId: string, projectId: string) => {
     try {
-      const groups: string[] = await db
-        .replicaNode()(TableName.GroupProjectMembership)
+      const groups: string[] = await db(TableName.GroupProjectMembership)
         .where(`${TableName.GroupProjectMembership}.projectId`, projectId)
         .pluck(`${TableName.GroupProjectMembership}.groupId`);
 
-      const groupDocs = await db
-        .replicaNode()(TableName.UserGroupMembership)
+      const groupDocs = await db(TableName.UserGroupMembership)
         .where(`${TableName.UserGroupMembership}.userId`, userId)
         .whereIn(`${TableName.UserGroupMembership}.groupId`, groups)
         .join(
@@ -235,8 +231,7 @@ export const permissionDALFactory = (db: TDbClient) => {
 
   const getProjectIdentityPermission = async (identityId: string, projectId: string) => {
     try {
-      const docs = await db
-        .replicaNode()(TableName.IdentityProjectMembership)
+      const docs = await db(TableName.IdentityProjectMembership)
         .join(
           TableName.IdentityProjectMembershipRole,
           `${TableName.IdentityProjectMembershipRole}.projectMembershipId`,

backend/src/ee/services/saml-config/saml-config-dal.ts

@@ -10,8 +10,7 @@ export const samlConfigDALFactory = (db: TDbClient) => {
 
   const findEnforceableSamlCfg = async (orgId: string) => {
     try {
-      const samlCfg = await db
-        .replicaNode()(TableName.SamlConfig)
+      const samlCfg = await db(TableName.SamlConfig)
         .where({
           orgId,
           isActive: true

backend/src/ee/services/saml-config/saml-config-service.ts

@@ -380,21 +380,6 @@ export const samlConfigServiceFactory = ({
         return foundUser;
       });
     } else {
-      const plan = await licenseService.getPlan(orgId);
-      if (plan?.memberLimit && plan.membersUsed >= plan.memberLimit) {
-        // limit imposed on number of members allowed / number of members used exceeds the number of members allowed
-        throw new BadRequestError({
-          message: "Failed to create new member via SAML due to member limit reached. Upgrade plan to add more members."
-        });
-      }
-
-      if (plan?.identityLimit && plan.identitiesUsed >= plan.identityLimit) {
-        // limit imposed on number of identities allowed / number of identities used exceeds the number of identities allowed
-        throw new BadRequestError({
-          message: "Failed to create new member via SAML due to member limit reached. Upgrade plan to add more members."
-        });
-      }
-
       user = await userDAL.transaction(async (tx) => {
         let newUser: TUsers | undefined;
         if (serverCfg.trustSamlEmails) {

backend/src/ee/services/secret-approval-policy/secret-approval-policy-dal.ts

@@ -30,7 +30,7 @@ export const secretApprovalPolicyDALFactory = (db: TDbClient) => {
 
   const findById = async (id: string, tx?: Knex) => {
     try {
-      const doc = await sapFindQuery(tx || db.replicaNode(), {
+      const doc = await sapFindQuery(tx || db, {
         [`${TableName.SecretApprovalPolicy}.id` as "id"]: id
       });
       const formatedDoc = mergeOneToManyRelation(
@@ -52,7 +52,7 @@ export const secretApprovalPolicyDALFactory = (db: TDbClient) => {
 
   const find = async (filter: TFindFilter<TSecretApprovalPolicies & { projectId: string }>, tx?: Knex) => {
     try {
-      const docs = await sapFindQuery(tx || db.replicaNode(), filter);
+      const docs = await sapFindQuery(tx || db, filter);
       const formatedDoc = mergeOneToManyRelation(
         docs,
         "id",

backend/src/ee/services/secret-approval-request/secret-approval-request-dal.ts

@@ -62,7 +62,7 @@ export const secretApprovalRequestDALFactory = (db: TDbClient) => {
 
   const findById = async (id: string, tx?: Knex) => {
     try {
-      const sql = findQuery({ [`${TableName.SecretApprovalRequest}.id` as "id"]: id }, tx || db.replicaNode());
+      const sql = findQuery({ [`${TableName.SecretApprovalRequest}.id` as "id"]: id }, tx || db);
       const docs = await sql;
       const formatedDoc = sqlNestRelationships({
         data: docs,
@@ -102,7 +102,7 @@ export const secretApprovalRequestDALFactory = (db: TDbClient) => {
       const docs = await (tx || db)
         .with(
           "temp",
-          (tx || db.replicaNode())(TableName.SecretApprovalRequest)
+          (tx || db)(TableName.SecretApprovalRequest)
             .join(TableName.SecretFolder, `${TableName.SecretApprovalRequest}.folderId`, `${TableName.SecretFolder}.id`)
             .join(TableName.Environment, `${TableName.SecretFolder}.envId`, `${TableName.Environment}.id`)
             .join(
@@ -148,7 +148,7 @@ export const secretApprovalRequestDALFactory = (db: TDbClient) => {
     try {
       // akhilmhdh: If ever u wanted a 1 to so many relationship connected with pagination
       // this is the place u wanna look at.
-      const query = (tx || db.replicaNode())(TableName.SecretApprovalRequest)
+      const query = (tx || db)(TableName.SecretApprovalRequest)
         .join(TableName.SecretFolder, `${TableName.SecretApprovalRequest}.folderId`, `${TableName.SecretFolder}.id`)
         .join(TableName.Environment, `${TableName.SecretFolder}.envId`, `${TableName.Environment}.id`)
         .join(

backend/src/ee/services/secret-approval-request/secret-approval-request-secret-dal.ts

@@ -47,7 +47,7 @@ export const secretApprovalRequestSecretDALFactory = (db: TDbClient) => {
 
   const findByRequestId = async (requestId: string, tx?: Knex) => {
     try {
-      const doc = await (tx || db.replicaNode())({
+      const doc = await (tx || db)({
         secVerTag: TableName.SecretTag
       })
         .from(TableName.SecretApprovalRequestSecret)

backend/src/ee/services/secret-rotation/secret-rotation-dal.ts

@@ -41,7 +41,7 @@ export const secretRotationDALFactory = (db: TDbClient) => {
 
   const find = async (filter: TFindFilter<TSecretRotations & { projectId: string }>, tx?: Knex) => {
     try {
-      const data = await findQuery(filter, tx || db.replicaNode());
+      const data = await findQuery(filter, tx || db);
       return sqlNestRelationships({
         data,
         key: "id",
@@ -93,7 +93,7 @@ export const secretRotationDALFactory = (db: TDbClient) => {
 
   const findById = async (id: string, tx?: Knex) => {
     try {
-      const doc = await (tx || db.replicaNode())(TableName.SecretRotation)
+      const doc = await (tx || db)(TableName.SecretRotation)
         .join(TableName.Environment, `${TableName.SecretRotation}.envId`, `${TableName.Environment}.id`)
         .where({ [`${TableName.SecretRotation}.id` as "id"]: id })
         .select(selectAllTableCols(TableName.SecretRotation))

backend/src/ee/services/secret-snapshot/snapshot-dal.ts

@@ -21,7 +21,7 @@ export const snapshotDALFactory = (db: TDbClient) => {
 
   const findById = async (id: string, tx?: Knex) => {
     try {
-      const data = await (tx || db.replicaNode())(TableName.Snapshot)
+      const data = await (tx || db)(TableName.Snapshot)
         .where(`${TableName.Snapshot}.id`, id)
         .join(TableName.Environment, `${TableName.Snapshot}.envId`, `${TableName.Environment}.id`)
         .select(selectAllTableCols(TableName.Snapshot))
@@ -43,7 +43,7 @@ export const snapshotDALFactory = (db: TDbClient) => {
 
   const countOfSnapshotsByFolderId = async (folderId: string, tx?: Knex) => {
     try {
-      const doc = await (tx || db.replicaNode())(TableName.Snapshot)
+      const doc = await (tx || db)(TableName.Snapshot)
         .where({ folderId })
         .groupBy(["folderId"])
         .count("folderId")
@@ -56,7 +56,7 @@ export const snapshotDALFactory = (db: TDbClient) => {
 
   const findSecretSnapshotDataById = async (snapshotId: string, tx?: Knex) => {
     try {
-      const data = await (tx || db.replicaNode())(TableName.Snapshot)
+      const data = await (tx || db)(TableName.Snapshot)
         .where(`${TableName.Snapshot}.id`, snapshotId)
         .join(TableName.Environment, `${TableName.Snapshot}.envId`, `${TableName.Environment}.id`)
         .leftJoin(TableName.SnapshotSecret, `${TableName.Snapshot}.id`, `${TableName.SnapshotSecret}.snapshotId`)
@@ -309,7 +309,7 @@ export const snapshotDALFactory = (db: TDbClient) => {
   // when we need to rollback we will pull from these snapshots
   const findLatestSnapshotByFolderId = async (folderId: string, tx?: Knex) => {
     try {
-      const docs = await (tx || db.replicaNode())(TableName.Snapshot)
+      const docs = await (tx || db)(TableName.Snapshot)
         .where(`${TableName.Snapshot}.folderId`, folderId)
         .join<TSecretSnapshots>(
           (tx || db)(TableName.Snapshot).groupBy("folderId").max("createdAt").select("folderId").as("latestVersion"),

backend/src/lib/api-docs/constants.ts

@@ -42,13 +42,6 @@ export const IDENTITIES = {
   },
   DELETE: {
     identityId: "The ID of the identity to delete."
-  },
-  GET_BY_ID: {
-    identityId: "The ID of the identity to get details.",
-    orgId: "The ID of the org of the identity"
-  },
-  LIST: {
-    orgId: "The ID of the organization to list identities."
   }
 } as const;
 
@@ -72,9 +65,6 @@ export const UNIVERSAL_AUTH = {
   RETRIEVE: {
     identityId: "The ID of the identity to retrieve."
   },
-  REVOKE: {
-    identityId: "The ID of the identity to revoke."
-  },
   UPDATE: {
     identityId: "The ID of the identity to update.",
     clientSecretTrustedIps: "The new list of IPs or CIDR ranges that the Client Secret can be used from.",
@@ -93,10 +83,6 @@ export const UNIVERSAL_AUTH = {
   LIST_CLIENT_SECRETS: {
     identityId: "The ID of the identity to list client secrets for."
   },
-  GET_CLIENT_SECRET: {
-    identityId: "The ID of the identity to get the client secret from.",
-    clientSecretId: "The ID of the client secret to get details."
-  },
   REVOKE_CLIENT_SECRET: {
     identityId: "The ID of the identity to revoke the client secret from.",
     clientSecretId: "The ID of the client secret to revoke."
@@ -118,27 +104,6 @@ export const AWS_AUTH = {
     iamRequestBody:
       "The base64-encoded body of the signed request. Most likely, the base64-encoding of Action=GetCallerIdentity&Version=2011-06-15.",
     iamRequestHeaders: "The base64-encoded headers of the sts:GetCallerIdentity signed request."
-  },
-  REVOKE: {
-    identityId: "The ID of the identity to revoke."
-  }
-} as const;
-
-export const AZURE_AUTH = {
-  REVOKE: {
-    identityId: "The ID of the identity to revoke."
-  }
-} as const;
-
-export const GCP_AUTH = {
-  REVOKE: {
-    identityId: "The ID of the identity to revoke."
-  }
-} as const;
-
-export const KUBERNETES_AUTH = {
-  REVOKE: {
-    identityId: "The ID of the identity to revoke."
   }
 } as const;
 
@@ -692,7 +657,6 @@ export const INTEGRATION_AUTH = {
     integration: "The slug of integration for the auth object.",
     accessId: "The unique authorized access id of the external integration provider.",
     accessToken: "The unique authorized access token of the external integration provider.",
-    awsAssumeIamRoleArn: "The AWS IAM Role to be assumed by Infisical",
     url: "",
     namespace: "",
     refreshToken: "The refresh token for integration authorization."

backend/src/lib/config/env.ts

@@ -10,14 +10,6 @@ const zodStrBool = z
   .optional()
   .transform((val) => val === "true");
 
-const databaseReadReplicaSchema = z
-  .object({
-    DB_CONNECTION_URI: z.string().describe("Postgres read replica database connection string"),
-    DB_ROOT_CERT: zpStr(z.string().optional().describe("Postgres read replica database certificate string"))
-  })
-  .array()
-  .optional();
-
 const envSchema = z
   .object({
     PORT: z.coerce.number().default(4000),
@@ -37,7 +29,6 @@ const envSchema = z
     DB_USER: zpStr(z.string().describe("Postgres database username").optional()),
     DB_PASSWORD: zpStr(z.string().describe("Postgres database password").optional()),
     DB_NAME: zpStr(z.string().describe("Postgres database name").optional()),
-    DB_READ_REPLICAS: zpStr(z.string().describe("Postgres read replicas").optional()),
     BCRYPT_SALT_ROUND: z.number().default(12),
     NODE_ENV: z.enum(["development", "test", "production"]).default("production"),
     SALT_ROUNDS: z.coerce.number().default(10),
@@ -110,9 +101,6 @@ const envSchema = z
     // azure
     CLIENT_ID_AZURE: zpStr(z.string().optional()),
     CLIENT_SECRET_AZURE: zpStr(z.string().optional()),
-    // aws
-    CLIENT_ID_AWS_INTEGRATION: zpStr(z.string().optional()),
-    CLIENT_SECRET_AWS_INTEGRATION: zpStr(z.string().optional()),
     // gitlab
     CLIENT_ID_GITLAB: zpStr(z.string().optional()),
     CLIENT_SECRET_GITLAB: zpStr(z.string().optional()),
@@ -139,9 +127,6 @@ const envSchema = z
   })
   .transform((data) => ({
     ...data,
-    DB_READ_REPLICAS: data.DB_READ_REPLICAS
-      ? databaseReadReplicaSchema.parse(JSON.parse(data.DB_READ_REPLICAS))
-      : undefined,
     isCloud: Boolean(data.LICENSE_SERVER_KEY),
     isSmtpConfigured: Boolean(data.SMTP_HOST),
     isRedisConfigured: Boolean(data.REDIS_URL),

backend/src/lib/knex/index.ts

@@ -50,7 +50,7 @@ export const ormify = <DbOps extends object, Tname extends keyof Tables>(db: Kne
     }),
   findById: async (id: string, tx?: Knex) => {
     try {
-      const result = await (tx || db.replicaNode())(tableName)
+      const result = await (tx || db)(tableName)
         .where({ id } as never)
         .first("*");
       return result;
@@ -60,7 +60,7 @@ export const ormify = <DbOps extends object, Tname extends keyof Tables>(db: Kne
   },
   findOne: async (filter: Partial<Tables[Tname]["base"]>, tx?: Knex) => {
     try {
-      const res = await (tx || db.replicaNode())(tableName).where(filter).first("*");
+      const res = await (tx || db)(tableName).where(filter).first("*");
       return res;
     } catch (error) {
       throw new DatabaseError({ error, name: "Find one" });
@@ -71,7 +71,7 @@ export const ormify = <DbOps extends object, Tname extends keyof Tables>(db: Kne
     { offset, limit, sort, tx }: TFindOpt<Tables[Tname]["base"]> = {}
   ) => {
     try {
-      const query = (tx || db.replicaNode())(tableName).where(buildFindFilter(filter));
+      const query = (tx || db)(tableName).where(buildFindFilter(filter));
       if (limit) void query.limit(limit);
       if (offset) void query.offset(offset);
       if (sort) {

backend/src/lib/logger/logger.ts

@@ -58,8 +58,7 @@ const redactedKeys = [
   "decryptedSecret",
   "secrets",
   "key",
-  "password",
-  "config"
+  "password"
 ];
 
 export const initLogger = async () => {

backend/src/main.ts

@@ -15,11 +15,7 @@ const run = async () => {
   const appCfg = initEnvConfig(logger);
   const db = initDbConnection({
     dbConnectionUri: appCfg.DB_CONNECTION_URI,
-    dbRootCert: appCfg.DB_ROOT_CERT,
-    readReplicas: appCfg.DB_READ_REPLICAS?.map((el) => ({
-      dbRootCert: el.DB_ROOT_CERT,
-      dbConnectionUri: el.DB_CONNECTION_URI
-    }))
+    dbRootCert: appCfg.DB_ROOT_CERT
   });
 
   const smtp = smtpServiceFactory(formatSmtpConfig());

backend/src/server/routes/index.ts

@@ -415,10 +415,8 @@ export const registerRoutes = async (
     userAliasDAL,
     orgMembershipDAL,
     tokenService,
-    smtpService,
-    projectMembershipDAL
+    smtpService
   });
-
   const loginService = authLoginServiceFactory({ userDAL, smtpService, tokenService, orgDAL, tokenDAL: authTokenDAL });
   const passwordService = authPaswordServiceFactory({
     tokenService,
@@ -808,8 +806,7 @@ export const registerRoutes = async (
   const identityService = identityServiceFactory({
     permissionService,
     identityDAL,
-    identityOrgMembershipDAL,
-    licenseService
+    identityOrgMembershipDAL
   });
   const identityAccessTokenService = identityAccessTokenServiceFactory({
     identityAccessTokenDAL,

backend/src/server/routes/v1/identity-aws-iam-auth-router.ts

@@ -266,51 +266,4 @@ export const registerIdentityAwsAuthRouter = async (server: FastifyZodProvider)
       return { identityAwsAuth };
     }
   });
-
-  server.route({
-    method: "DELETE",
-    url: "/aws-auth/identities/:identityId",
-    config: {
-      rateLimit: writeLimit
-    },
-    onRequest: verifyAuth([AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]),
-    schema: {
-      description: "Delete AWS Auth configuration on identity",
-      security: [
-        {
-          bearerAuth: []
-        }
-      ],
-      params: z.object({
-        identityId: z.string().describe(AWS_AUTH.REVOKE.identityId)
-      }),
-      response: {
-        200: z.object({
-          identityAwsAuth: IdentityAwsAuthsSchema
-        })
-      }
-    },
-    handler: async (req) => {
-      const identityAwsAuth = await server.services.identityAwsAuth.revokeIdentityAwsAuth({
-        actor: req.permission.type,
-        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
-        actorOrgId: req.permission.orgId,
-        identityId: req.params.identityId
-      });
-
-      await server.services.auditLog.createAuditLog({
-        ...req.auditLogInfo,
-        orgId: identityAwsAuth.orgId,
-        event: {
-          type: EventType.REVOKE_IDENTITY_AWS_AUTH,
-          metadata: {
-            identityId: identityAwsAuth.identityId
-          }
-        }
-      });
-
-      return { identityAwsAuth };
-    }
-  });
 };

backend/src/server/routes/v1/identity-azure-auth-router.ts

@@ -2,7 +2,6 @@ import { z } from "zod";
 
 import { IdentityAzureAuthsSchema } from "@app/db/schemas";
 import { EventType } from "@app/ee/services/audit-log/audit-log-types";
-import { AZURE_AUTH } from "@app/lib/api-docs";
 import { readLimit, writeLimit } from "@app/server/config/rateLimiter";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { AuthMode } from "@app/services/auth/auth-type";
@@ -260,51 +259,4 @@ export const registerIdentityAzureAuthRouter = async (server: FastifyZodProvider
       return { identityAzureAuth };
     }
   });
-
-  server.route({
-    method: "DELETE",
-    url: "/azure-auth/identities/:identityId",
-    config: {
-      rateLimit: writeLimit
-    },
-    onRequest: verifyAuth([AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]),
-    schema: {
-      description: "Delete Azure Auth configuration on identity",
-      security: [
-        {
-          bearerAuth: []
-        }
-      ],
-      params: z.object({
-        identityId: z.string().describe(AZURE_AUTH.REVOKE.identityId)
-      }),
-      response: {
-        200: z.object({
-          identityAzureAuth: IdentityAzureAuthsSchema
-        })
-      }
-    },
-    handler: async (req) => {
-      const identityAzureAuth = await server.services.identityAzureAuth.revokeIdentityAzureAuth({
-        actor: req.permission.type,
-        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
-        actorOrgId: req.permission.orgId,
-        identityId: req.params.identityId
-      });
-
-      await server.services.auditLog.createAuditLog({
-        ...req.auditLogInfo,
-        orgId: identityAzureAuth.orgId,
-        event: {
-          type: EventType.REVOKE_IDENTITY_AZURE_AUTH,
-          metadata: {
-            identityId: identityAzureAuth.identityId
-          }
-        }
-      });
-
-      return { identityAzureAuth };
-    }
-  });
 };

backend/src/server/routes/v1/identity-gcp-auth-router.ts

@@ -2,7 +2,6 @@ import { z } from "zod";
 
 import { IdentityGcpAuthsSchema } from "@app/db/schemas";
 import { EventType } from "@app/ee/services/audit-log/audit-log-types";
-import { GCP_AUTH } from "@app/lib/api-docs";
 import { readLimit, writeLimit } from "@app/server/config/rateLimiter";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { AuthMode } from "@app/services/auth/auth-type";
@@ -266,51 +265,4 @@ export const registerIdentityGcpAuthRouter = async (server: FastifyZodProvider)
       return { identityGcpAuth };
     }
   });
-
-  server.route({
-    method: "DELETE",
-    url: "/gcp-auth/identities/:identityId",
-    config: {
-      rateLimit: writeLimit
-    },
-    onRequest: verifyAuth([AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]),
-    schema: {
-      description: "Delete GCP Auth configuration on identity",
-      security: [
-        {
-          bearerAuth: []
-        }
-      ],
-      params: z.object({
-        identityId: z.string().describe(GCP_AUTH.REVOKE.identityId)
-      }),
-      response: {
-        200: z.object({
-          identityGcpAuth: IdentityGcpAuthsSchema
-        })
-      }
-    },
-    handler: async (req) => {
-      const identityGcpAuth = await server.services.identityGcpAuth.revokeIdentityGcpAuth({
-        actor: req.permission.type,
-        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
-        actorOrgId: req.permission.orgId,
-        identityId: req.params.identityId
-      });
-
-      await server.services.auditLog.createAuditLog({
-        ...req.auditLogInfo,
-        orgId: identityGcpAuth.orgId,
-        event: {
-          type: EventType.REVOKE_IDENTITY_GCP_AUTH,
-          metadata: {
-            identityId: identityGcpAuth.identityId
-          }
-        }
-      });
-
-      return { identityGcpAuth };
-    }
-  });
 };

backend/src/server/routes/v1/identity-kubernetes-auth-router.ts

@@ -2,7 +2,6 @@ import { z } from "zod";
 
 import { IdentityKubernetesAuthsSchema } from "@app/db/schemas";
 import { EventType } from "@app/ee/services/audit-log/audit-log-types";
-import { KUBERNETES_AUTH } from "@app/lib/api-docs";
 import { readLimit, writeLimit } from "@app/server/config/rateLimiter";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { AuthMode } from "@app/services/auth/auth-type";
@@ -281,54 +280,4 @@ export const registerIdentityKubernetesRouter = async (server: FastifyZodProvide
       return { identityKubernetesAuth: IdentityKubernetesAuthResponseSchema.parse(identityKubernetesAuth) };
     }
   });
-
-  server.route({
-    method: "DELETE",
-    url: "/kubernetes-auth/identities/:identityId",
-    config: {
-      rateLimit: writeLimit
-    },
-    onRequest: verifyAuth([AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]),
-    schema: {
-      description: "Delete Kubernetes Auth configuration on identity",
-      security: [
-        {
-          bearerAuth: []
-        }
-      ],
-      params: z.object({
-        identityId: z.string().describe(KUBERNETES_AUTH.REVOKE.identityId)
-      }),
-      response: {
-        200: z.object({
-          identityKubernetesAuth: IdentityKubernetesAuthResponseSchema.omit({
-            caCert: true,
-            tokenReviewerJwt: true
-          })
-        })
-      }
-    },
-    handler: async (req) => {
-      const identityKubernetesAuth = await server.services.identityKubernetesAuth.revokeIdentityKubernetesAuth({
-        actor: req.permission.type,
-        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
-        actorOrgId: req.permission.orgId,
-        identityId: req.params.identityId
-      });
-
-      await server.services.auditLog.createAuditLog({
-        ...req.auditLogInfo,
-        orgId: identityKubernetesAuth.orgId,
-        event: {
-          type: EventType.REVOKE_IDENTITY_KUBERNETES_AUTH,
-          metadata: {
-            identityId: identityKubernetesAuth.identityId
-          }
-        }
-      });
-
-      return { identityKubernetesAuth };
-    }
-  });
 };

backend/src/server/routes/v1/identity-router.ts

@@ -1,9 +1,9 @@
 import { z } from "zod";
 
-import { IdentitiesSchema, IdentityOrgMembershipsSchema, OrgMembershipRole, OrgRolesSchema } from "@app/db/schemas";
+import { IdentitiesSchema, OrgMembershipRole } from "@app/db/schemas";
 import { EventType } from "@app/ee/services/audit-log/audit-log-types";
 import { IDENTITIES } from "@app/lib/api-docs";
-import { creationLimit, readLimit, writeLimit } from "@app/server/config/rateLimiter";
+import { creationLimit, writeLimit } from "@app/server/config/rateLimiter";
 import { getTelemetryDistinctId } from "@app/server/lib/telemetry";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { AuthMode } from "@app/services/auth/auth-type";
@@ -170,94 +170,4 @@ export const registerIdentityRouter = async (server: FastifyZodProvider) => {
       return { identity };
     }
   });
-
-  server.route({
-    method: "GET",
-    url: "/:identityId",
-    config: {
-      rateLimit: readLimit
-    },
-    onRequest: verifyAuth([AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]),
-    schema: {
-      description: "Get an identity by id",
-      security: [
-        {
-          bearerAuth: []
-        }
-      ],
-      params: z.object({
-        identityId: z.string().describe(IDENTITIES.GET_BY_ID.identityId)
-      }),
-      response: {
-        200: z.object({
-          identity: IdentityOrgMembershipsSchema.extend({
-            customRole: OrgRolesSchema.pick({
-              id: true,
-              name: true,
-              slug: true,
-              permissions: true,
-              description: true
-            }).optional(),
-            identity: IdentitiesSchema.pick({ name: true, id: true, authMethod: true })
-          })
-        })
-      }
-    },
-    handler: async (req) => {
-      const identity = await server.services.identity.getIdentityById({
-        actor: req.permission.type,
-        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
-        actorOrgId: req.permission.orgId,
-        id: req.params.identityId
-      });
-
-      return { identity };
-    }
-  });
-
-  server.route({
-    method: "GET",
-    url: "/",
-    config: {
-      rateLimit: writeLimit
-    },
-    onRequest: verifyAuth([AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]),
-    schema: {
-      description: "List identities",
-      security: [
-        {
-          bearerAuth: []
-        }
-      ],
-      querystring: z.object({
-        orgId: z.string().describe(IDENTITIES.LIST.orgId)
-      }),
-      response: {
-        200: z.object({
-          identities: IdentityOrgMembershipsSchema.extend({
-            customRole: OrgRolesSchema.pick({
-              id: true,
-              name: true,
-              slug: true,
-              permissions: true,
-              description: true
-            }).optional(),
-            identity: IdentitiesSchema.pick({ name: true, id: true, authMethod: true })
-          }).array()
-        })
-      }
-    },
-    handler: async (req) => {
-      const identities = await server.services.identity.listOrgIdentities({
-        actor: req.permission.type,
-        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
-        actorOrgId: req.permission.orgId,
-        orgId: req.query.orgId
-      });
-
-      return { identities };
-    }
-  });
 };

backend/src/server/routes/v1/identity-ua.ts

@@ -134,7 +134,7 @@ export const registerIdentityUaRouter = async (server: FastifyZodProvider) => {
       }
     },
     handler: async (req) => {
-      const identityUniversalAuth = await server.services.identityUa.attachUniversalAuth({
+      const identityUniversalAuth = await server.services.identityUa.attachUa({
         actor: req.permission.type,
         actorId: req.permission.id,
         actorOrgId: req.permission.orgId,
@@ -219,7 +219,7 @@ export const registerIdentityUaRouter = async (server: FastifyZodProvider) => {
       }
     },
     handler: async (req) => {
-      const identityUniversalAuth = await server.services.identityUa.updateUniversalAuth({
+      const identityUniversalAuth = await server.services.identityUa.updateUa({
         actor: req.permission.type,
         actorId: req.permission.id,
         actorOrgId: req.permission.orgId,
@@ -272,7 +272,7 @@ export const registerIdentityUaRouter = async (server: FastifyZodProvider) => {
       }
     },
     handler: async (req) => {
-      const identityUniversalAuth = await server.services.identityUa.getIdentityUniversalAuth({
+      const identityUniversalAuth = await server.services.identityUa.getIdentityUa({
         actor: req.permission.type,
         actorId: req.permission.id,
         actorAuthMethod: req.permission.authMethod,
@@ -295,53 +295,6 @@ export const registerIdentityUaRouter = async (server: FastifyZodProvider) => {
     }
   });
 
-  server.route({
-    method: "DELETE",
-    url: "/universal-auth/identities/:identityId",
-    config: {
-      rateLimit: writeLimit
-    },
-    onRequest: verifyAuth([AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]),
-    schema: {
-      description: "Delete Universal Auth configuration on identity",
-      security: [
-        {
-          bearerAuth: []
-        }
-      ],
-      params: z.object({
-        identityId: z.string().describe(UNIVERSAL_AUTH.REVOKE.identityId)
-      }),
-      response: {
-        200: z.object({
-          identityUniversalAuth: IdentityUniversalAuthsSchema
-        })
-      }
-    },
-    handler: async (req) => {
-      const identityUniversalAuth = await server.services.identityUa.revokeIdentityUniversalAuth({
-        actor: req.permission.type,
-        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
-        actorOrgId: req.permission.orgId,
-        identityId: req.params.identityId
-      });
-
-      await server.services.auditLog.createAuditLog({
-        ...req.auditLogInfo,
-        orgId: identityUniversalAuth.orgId,
-        event: {
-          type: EventType.REVOKE_IDENTITY_UNIVERSAL_AUTH,
-          metadata: {
-            identityId: identityUniversalAuth.identityId
-          }
-        }
-      });
-
-      return { identityUniversalAuth };
-    }
-  });
-
   server.route({
     method: "POST",
     url: "/universal-auth/identities/:identityId/client-secrets",
@@ -372,15 +325,14 @@ export const registerIdentityUaRouter = async (server: FastifyZodProvider) => {
       }
     },
     handler: async (req) => {
-      const { clientSecret, clientSecretData, orgId } =
-        await server.services.identityUa.createUniversalAuthClientSecret({
-          actor: req.permission.type,
-          actorId: req.permission.id,
-          actorAuthMethod: req.permission.authMethod,
-          actorOrgId: req.permission.orgId,
-          identityId: req.params.identityId,
-          ...req.body
-        });
+      const { clientSecret, clientSecretData, orgId } = await server.services.identityUa.createUaClientSecret({
+        actor: req.permission.type,
+        actorId: req.permission.id,
+        actorAuthMethod: req.permission.authMethod,
+        actorOrgId: req.permission.orgId,
+        identityId: req.params.identityId,
+        ...req.body
+      });
 
       await server.services.auditLog.createAuditLog({
         ...req.auditLogInfo,
@@ -422,15 +374,13 @@ export const registerIdentityUaRouter = async (server: FastifyZodProvider) => {
       }
     },
     handler: async (req) => {
-      const { clientSecrets: clientSecretData, orgId } = await server.services.identityUa.getUniversalAuthClientSecrets(
-        {
-          actor: req.permission.type,
-          actorId: req.permission.id,
-          actorAuthMethod: req.permission.authMethod,
-          actorOrgId: req.permission.orgId,
-          identityId: req.params.identityId
-        }
-      );
+      const { clientSecrets: clientSecretData, orgId } = await server.services.identityUa.getUaClientSecrets({
+        actor: req.permission.type,
+        actorId: req.permission.id,
+        actorAuthMethod: req.permission.authMethod,
+        actorOrgId: req.permission.orgId,
+        identityId: req.params.identityId
+      });
 
       await server.services.auditLog.createAuditLog({
         ...req.auditLogInfo,
@@ -446,56 +396,6 @@ export const registerIdentityUaRouter = async (server: FastifyZodProvider) => {
     }
   });
 
-  server.route({
-    method: "GET",
-    url: "/universal-auth/identities/:identityId/client-secrets/:clientSecretId",
-    config: {
-      rateLimit: readLimit
-    },
-    onRequest: verifyAuth([AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]),
-    schema: {
-      description: "Get Universal Auth Client Secret for identity",
-      security: [
-        {
-          bearerAuth: []
-        }
-      ],
-      params: z.object({
-        identityId: z.string().describe(UNIVERSAL_AUTH.GET_CLIENT_SECRET.identityId),
-        clientSecretId: z.string().describe(UNIVERSAL_AUTH.GET_CLIENT_SECRET.clientSecretId)
-      }),
-      response: {
-        200: z.object({
-          clientSecretData: sanitizedClientSecretSchema
-        })
-      }
-    },
-    handler: async (req) => {
-      const clientSecretData = await server.services.identityUa.getUniversalAuthClientSecretById({
-        actor: req.permission.type,
-        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
-        actorOrgId: req.permission.orgId,
-        identityId: req.params.identityId,
-        clientSecretId: req.params.clientSecretId
-      });
-
-      await server.services.auditLog.createAuditLog({
-        ...req.auditLogInfo,
-        orgId: clientSecretData.orgId,
-        event: {
-          type: EventType.REVOKE_IDENTITY_UNIVERSAL_AUTH_CLIENT_SECRET,
-          metadata: {
-            identityId: clientSecretData.identityId,
-            clientSecretId: clientSecretData.id
-          }
-        }
-      });
-
-      return { clientSecretData };
-    }
-  });
-
   server.route({
     method: "POST",
     url: "/universal-auth/identities/:identityId/client-secrets/:clientSecretId/revoke",
@@ -521,7 +421,7 @@ export const registerIdentityUaRouter = async (server: FastifyZodProvider) => {
       }
     },
     handler: async (req) => {
-      const clientSecretData = await server.services.identityUa.revokeUniversalAuthClientSecret({
+      const clientSecretData = await server.services.identityUa.revokeUaClientSecret({
         actor: req.permission.type,
         actorId: req.permission.id,
         actorAuthMethod: req.permission.authMethod,

backend/src/server/routes/v1/index.ts

@@ -9,7 +9,7 @@ import { registerIdentityAzureAuthRouter } from "./identity-azure-auth-router";
 import { registerIdentityGcpAuthRouter } from "./identity-gcp-auth-router";
 import { registerIdentityKubernetesRouter } from "./identity-kubernetes-auth-router";
 import { registerIdentityRouter } from "./identity-router";
-import { registerIdentityUaRouter } from "./identity-universal-auth-router";
+import { registerIdentityUaRouter } from "./identity-ua";
 import { registerIntegrationAuthRouter } from "./integration-auth-router";
 import { registerIntegrationRouter } from "./integration-router";
 import { registerInviteOrgRouter } from "./invite-org-router";

backend/src/server/routes/v1/integration-auth-router.ts

@@ -240,12 +240,6 @@ export const registerIntegrationAuthRouter = async (server: FastifyZodProvider)
         integration: z.string().trim().describe(INTEGRATION_AUTH.CREATE_ACCESS_TOKEN.integration),
         accessId: z.string().trim().optional().describe(INTEGRATION_AUTH.CREATE_ACCESS_TOKEN.accessId),
         accessToken: z.string().trim().optional().describe(INTEGRATION_AUTH.CREATE_ACCESS_TOKEN.accessToken),
-        awsAssumeIamRoleArn: z
-          .string()
-          .url()
-          .trim()
-          .optional()
-          .describe(INTEGRATION_AUTH.CREATE_ACCESS_TOKEN.awsAssumeIamRoleArn),
         url: z.string().url().trim().optional().describe(INTEGRATION_AUTH.CREATE_ACCESS_TOKEN.url),
         namespace: z.string().trim().optional().describe(INTEGRATION_AUTH.CREATE_ACCESS_TOKEN.namespace),
         refreshToken: z.string().trim().optional().describe(INTEGRATION_AUTH.CREATE_ACCESS_TOKEN.refreshToken)

backend/src/server/routes/v1/project-router.ts

@@ -372,44 +372,6 @@ export const registerProjectRouter = async (server: FastifyZodProvider) => {
     }
   });
 
-  server.route({
-    method: "PUT",
-    url: "/:workspaceSlug/audit-logs-retention",
-    config: {
-      rateLimit: writeLimit
-    },
-    schema: {
-      params: z.object({
-        workspaceSlug: z.string().trim()
-      }),
-      body: z.object({
-        auditLogsRetentionDays: z.number().min(0)
-      }),
-      response: {
-        200: z.object({
-          message: z.string(),
-          workspace: ProjectsSchema
-        })
-      }
-    },
-    onRequest: verifyAuth([AuthMode.JWT]),
-    handler: async (req) => {
-      const workspace = await server.services.project.updateAuditLogsRetention({
-        actorId: req.permission.id,
-        actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
-        actorOrgId: req.permission.orgId,
-        workspaceSlug: req.params.workspaceSlug,
-        auditLogsRetentionDays: req.body.auditLogsRetentionDays
-      });
-
-      return {
-        message: "Successfully updated project's audit logs retention period",
-        workspace
-      };
-    }
-  });
-
   server.route({
     method: "GET",
     url: "/:workspaceId/integrations",

backend/src/server/routes/v1/user-router.ts

@@ -3,7 +3,7 @@ import { z } from "zod";
 import { UserEncryptionKeysSchema, UsersSchema } from "@app/db/schemas";
 import { getConfig } from "@app/lib/config/env";
 import { logger } from "@app/lib/logger";
-import { authRateLimit, readLimit, writeLimit } from "@app/server/config/rateLimiter";
+import { authRateLimit, readLimit } from "@app/server/config/rateLimiter";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { AuthMode } from "@app/services/auth/auth-type";
 
@@ -90,48 +90,4 @@ export const registerUserRouter = async (server: FastifyZodProvider) => {
       return res.redirect(`${appCfg.SITE_URL}/login`);
     }
   });
-
-  server.route({
-    method: "GET",
-    url: "/me/project-favorites",
-    config: {
-      rateLimit: readLimit
-    },
-    schema: {
-      querystring: z.object({
-        orgId: z.string().trim()
-      }),
-      response: {
-        200: z.object({
-          projectFavorites: z.string().array()
-        })
-      }
-    },
-    onRequest: verifyAuth([AuthMode.JWT]),
-    handler: async (req) => {
-      return server.services.user.getUserProjectFavorites(req.permission.id, req.query.orgId);
-    }
-  });
-
-  server.route({
-    method: "PUT",
-    url: "/me/project-favorites",
-    config: {
-      rateLimit: writeLimit
-    },
-    schema: {
-      body: z.object({
-        orgId: z.string().trim(),
-        projectFavorites: z.string().array()
-      })
-    },
-    onRequest: verifyAuth([AuthMode.JWT]),
-    handler: async (req) => {
-      return server.services.user.updateUserProjectFavorites(
-        req.permission.id,
-        req.body.orgId,
-        req.body.projectFavorites
-      );
-    }
-  });
 };

backend/src/services/auth-token/auth-token-dal.ts

@@ -14,7 +14,7 @@ export const tokenDALFactory = (db: TDbClient) => {
 
   const findOneTokenSession = async (filter: Partial<TAuthTokenSessions>): Promise<TAuthTokenSessions | undefined> => {
     try {
-      const doc = await db.replicaNode()(TableName.AuthTokenSession).where(filter).first();
+      const doc = await db(TableName.AuthTokenSession).where(filter).first();
       return doc;
     } catch (error) {
       throw new DatabaseError({ error, name: "FindOneTokenSession" });
@@ -44,7 +44,7 @@ export const tokenDALFactory = (db: TDbClient) => {
 
   const findTokenSessions = async (filter: Partial<TAuthTokenSessions>, tx?: Knex) => {
     try {
-      const sessions = await (tx || db.replicaNode())(TableName.AuthTokenSession).where(filter);
+      const sessions = await (tx || db)(TableName.AuthTokenSession).where(filter);
       return sessions;
     } catch (error) {
       throw new DatabaseError({ name: "Find all token session", error });

backend/src/services/certificate-authority/certificate-authority-dal.ts

@@ -16,7 +16,6 @@ export const certificateAuthorityDALFactory = (db: TDbClient) => {
         parentCaId?: string;
         encryptedCertificate: Buffer;
       }[] = await db
-        .replicaNode()
         .withRecursive("cte", (cte) => {
           void cte
             .select("ca.id as caId", "ca.parentCaId", "cert.encryptedCertificate")

backend/src/services/certificate/certificate-dal.ts

@@ -14,8 +14,7 @@ export const certificateDALFactory = (db: TDbClient) => {
         count: string;
       }
 
-      const count = await db
-        .replicaNode()(TableName.Certificate)
+      const count = await db(TableName.Certificate)
         .join(TableName.CertificateAuthority, `${TableName.Certificate}.caId`, `${TableName.CertificateAuthority}.id`)
         .join(TableName.Project, `${TableName.CertificateAuthority}.projectId`, `${TableName.Project}.id`)
         .where(`${TableName.Project}.id`, projectId)

backend/src/services/group-project/group-project-dal.ts

@@ -12,7 +12,7 @@ export const groupProjectDALFactory = (db: TDbClient) => {
 
   const findByProjectId = async (projectId: string, tx?: Knex) => {
     try {
-      const docs = await (tx || db.replicaNode())(TableName.GroupProjectMembership)
+      const docs = await (tx || db)(TableName.GroupProjectMembership)
         .where(`${TableName.GroupProjectMembership}.projectId`, projectId)
         .join(TableName.Groups, `${TableName.GroupProjectMembership}.groupId`, `${TableName.Groups}.id`)
         .join(

backend/src/services/identity-access-token/identity-access-token-dal.ts

@@ -12,7 +12,7 @@ export const identityAccessTokenDALFactory = (db: TDbClient) => {
 
   const findOne = async (filter: Partial<TIdentityAccessTokens>, tx?: Knex) => {
     try {
-      const doc = await (tx || db.replicaNode())(TableName.IdentityAccessToken)
+      const doc = await (tx || db)(TableName.IdentityAccessToken)
         .where(filter)
         .join(TableName.Identity, `${TableName.Identity}.id`, `${TableName.IdentityAccessToken}.identityId`)
         .leftJoin(TableName.IdentityUaClientSecret, (qb) => {

backend/src/services/identity-aws-auth/identity-aws-auth-service.ts

@@ -7,12 +7,11 @@ import { IdentityAuthMethod } from "@app/db/schemas";
 import { TLicenseServiceFactory } from "@app/ee/services/license/license-service";
 import { OrgPermissionActions, OrgPermissionSubjects } from "@app/ee/services/permission/org-permission";
 import { TPermissionServiceFactory } from "@app/ee/services/permission/permission-service";
-import { isAtLeastAsPrivileged } from "@app/lib/casl";
 import { getConfig } from "@app/lib/config/env";
-import { BadRequestError, ForbiddenRequestError, UnauthorizedError } from "@app/lib/errors";
+import { BadRequestError, UnauthorizedError } from "@app/lib/errors";
 import { extractIPDetails, isValidIpOrCidr } from "@app/lib/ip";
 
-import { ActorType, AuthTokenType } from "../auth/auth-type";
+import { AuthTokenType } from "../auth/auth-type";
 import { TIdentityDALFactory } from "../identity/identity-dal";
 import { TIdentityOrgDALFactory } from "../identity/identity-org-dal";
 import { TIdentityAccessTokenDALFactory } from "../identity-access-token/identity-access-token-dal";
@@ -25,13 +24,12 @@ import {
   TGetAwsAuthDTO,
   TGetCallerIdentityResponse,
   TLoginAwsAuthDTO,
-  TRevokeAwsAuthDTO,
   TUpdateAwsAuthDTO
 } from "./identity-aws-auth-types";
 
 type TIdentityAwsAuthServiceFactoryDep = {
   identityAccessTokenDAL: Pick<TIdentityAccessTokenDALFactory, "create">;
-  identityAwsAuthDAL: Pick<TIdentityAwsAuthDALFactory, "findOne" | "transaction" | "create" | "updateById" | "delete">;
+  identityAwsAuthDAL: Pick<TIdentityAwsAuthDALFactory, "findOne" | "transaction" | "create" | "updateById">;
   identityOrgMembershipDAL: Pick<TIdentityOrgDALFactory, "findOne">;
   identityDAL: Pick<TIdentityDALFactory, "updateById">;
   licenseService: Pick<TLicenseServiceFactory, "getPlan">;
@@ -303,54 +301,10 @@ export const identityAwsAuthServiceFactory = ({
     return { ...awsIdentityAuth, orgId: identityMembershipOrg.orgId };
   };
 
-  const revokeIdentityAwsAuth = async ({
-    identityId,
-    actorId,
-    actor,
-    actorAuthMethod,
-    actorOrgId
-  }: TRevokeAwsAuthDTO) => {
-    const identityMembershipOrg = await identityOrgMembershipDAL.findOne({ identityId });
-    if (!identityMembershipOrg) throw new BadRequestError({ message: "Failed to find identity" });
-    if (identityMembershipOrg.identity?.authMethod !== IdentityAuthMethod.AWS_AUTH)
-      throw new BadRequestError({
-        message: "The identity does not have aws auth"
-      });
-    const { permission } = await permissionService.getOrgPermission(
-      actor,
-      actorId,
-      identityMembershipOrg.orgId,
-      actorAuthMethod,
-      actorOrgId
-    );
-    ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Edit, OrgPermissionSubjects.Identity);
-
-    const { permission: rolePermission } = await permissionService.getOrgPermission(
-      ActorType.IDENTITY,
-      identityMembershipOrg.identityId,
-      identityMembershipOrg.orgId,
-      actorAuthMethod,
-      actorOrgId
-    );
-    const hasPriviledge = isAtLeastAsPrivileged(permission, rolePermission);
-    if (!hasPriviledge)
-      throw new ForbiddenRequestError({
-        message: "Failed to revoke aws auth of identity with more privileged role"
-      });
-
-    const revokedIdentityAwsAuth = await identityAwsAuthDAL.transaction(async (tx) => {
-      const deletedAwsAuth = await identityAwsAuthDAL.delete({ identityId }, tx);
-      await identityDAL.updateById(identityId, { authMethod: null }, tx);
-      return { ...deletedAwsAuth?.[0], orgId: identityMembershipOrg.orgId };
-    });
-    return revokedIdentityAwsAuth;
-  };
-
   return {
     login,
     attachAwsAuth,
     updateAwsAuth,
-    getAwsAuth,
-    revokeIdentityAwsAuth
+    getAwsAuth
   };
 };

backend/src/services/identity-aws-auth/identity-aws-auth-types.ts

@@ -52,7 +52,3 @@ export type TGetCallerIdentityResponse = {
     ResponseMetadata: { RequestId: string };
   };
 };
-
-export type TRevokeAwsAuthDTO = {
-  identityId: string;
-} & Omit<TProjectPermission, "projectId">;

backend/src/services/identity-azure-auth/identity-azure-auth-service.ts

@@ -5,12 +5,11 @@ import { IdentityAuthMethod } from "@app/db/schemas";
 import { TLicenseServiceFactory } from "@app/ee/services/license/license-service";
 import { OrgPermissionActions, OrgPermissionSubjects } from "@app/ee/services/permission/org-permission";
 import { TPermissionServiceFactory } from "@app/ee/services/permission/permission-service";
-import { isAtLeastAsPrivileged } from "@app/lib/casl";
 import { getConfig } from "@app/lib/config/env";
-import { BadRequestError, ForbiddenRequestError, UnauthorizedError } from "@app/lib/errors";
+import { BadRequestError, UnauthorizedError } from "@app/lib/errors";
 import { extractIPDetails, isValidIpOrCidr } from "@app/lib/ip";
 
-import { ActorType, AuthTokenType } from "../auth/auth-type";
+import { AuthTokenType } from "../auth/auth-type";
 import { TIdentityDALFactory } from "../identity/identity-dal";
 import { TIdentityOrgDALFactory } from "../identity/identity-org-dal";
 import { TIdentityAccessTokenDALFactory } from "../identity-access-token/identity-access-token-dal";
@@ -21,15 +20,11 @@ import {
   TAttachAzureAuthDTO,
   TGetAzureAuthDTO,
   TLoginAzureAuthDTO,
-  TRevokeAzureAuthDTO,
   TUpdateAzureAuthDTO
 } from "./identity-azure-auth-types";
 
 type TIdentityAzureAuthServiceFactoryDep = {
-  identityAzureAuthDAL: Pick<
-    TIdentityAzureAuthDALFactory,
-    "findOne" | "transaction" | "create" | "updateById" | "delete"
-  >;
+  identityAzureAuthDAL: Pick<TIdentityAzureAuthDALFactory, "findOne" | "transaction" | "create" | "updateById">;
   identityOrgMembershipDAL: Pick<TIdentityOrgDALFactory, "findOne">;
   identityAccessTokenDAL: Pick<TIdentityAccessTokenDALFactory, "create">;
   identityDAL: Pick<TIdentityDALFactory, "updateById">;
@@ -282,54 +277,10 @@ export const identityAzureAuthServiceFactory = ({
     return { ...identityAzureAuth, orgId: identityMembershipOrg.orgId };
   };
 
-  const revokeIdentityAzureAuth = async ({
-    identityId,
-    actorId,
-    actor,
-    actorAuthMethod,
-    actorOrgId
-  }: TRevokeAzureAuthDTO) => {
-    const identityMembershipOrg = await identityOrgMembershipDAL.findOne({ identityId });
-    if (!identityMembershipOrg) throw new BadRequestError({ message: "Failed to find identity" });
-    if (identityMembershipOrg.identity?.authMethod !== IdentityAuthMethod.AZURE_AUTH)
-      throw new BadRequestError({
-        message: "The identity does not have azure auth"
-      });
-    const { permission } = await permissionService.getOrgPermission(
-      actor,
-      actorId,
-      identityMembershipOrg.orgId,
-      actorAuthMethod,
-      actorOrgId
-    );
-    ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Edit, OrgPermissionSubjects.Identity);
-
-    const { permission: rolePermission } = await permissionService.getOrgPermission(
-      ActorType.IDENTITY,
-      identityMembershipOrg.identityId,
-      identityMembershipOrg.orgId,
-      actorAuthMethod,
-      actorOrgId
-    );
-    const hasPriviledge = isAtLeastAsPrivileged(permission, rolePermission);
-    if (!hasPriviledge)
-      throw new ForbiddenRequestError({
-        message: "Failed to revoke azure auth of identity with more privileged role"
-      });
-
-    const revokedIdentityAzureAuth = await identityAzureAuthDAL.transaction(async (tx) => {
-      const deletedAzureAuth = await identityAzureAuthDAL.delete({ identityId }, tx);
-      await identityDAL.updateById(identityId, { authMethod: null }, tx);
-      return { ...deletedAzureAuth?.[0], orgId: identityMembershipOrg.orgId };
-    });
-    return revokedIdentityAzureAuth;
-  };
-
   return {
     login,
     attachAzureAuth,
     updateAzureAuth,
-    getAzureAuth,
-    revokeIdentityAzureAuth
+    getAzureAuth
   };
 };

backend/src/services/identity-azure-auth/identity-azure-auth-types.ts

@@ -118,7 +118,3 @@ export type TDecodedAzureAuthJwt = {
     [key: string]: string;
   };
 };
-
-export type TRevokeAzureAuthDTO = {
-  identityId: string;
-} & Omit<TProjectPermission, "projectId">;

backend/src/services/identity-gcp-auth/identity-gcp-auth-service.ts

@@ -5,12 +5,11 @@ import { IdentityAuthMethod } from "@app/db/schemas";
 import { TLicenseServiceFactory } from "@app/ee/services/license/license-service";
 import { OrgPermissionActions, OrgPermissionSubjects } from "@app/ee/services/permission/org-permission";
 import { TPermissionServiceFactory } from "@app/ee/services/permission/permission-service";
-import { isAtLeastAsPrivileged } from "@app/lib/casl";
 import { getConfig } from "@app/lib/config/env";
-import { BadRequestError, ForbiddenRequestError, UnauthorizedError } from "@app/lib/errors";
+import { BadRequestError, UnauthorizedError } from "@app/lib/errors";
 import { extractIPDetails, isValidIpOrCidr } from "@app/lib/ip";
 
-import { ActorType, AuthTokenType } from "../auth/auth-type";
+import { AuthTokenType } from "../auth/auth-type";
 import { TIdentityDALFactory } from "../identity/identity-dal";
 import { TIdentityOrgDALFactory } from "../identity/identity-org-dal";
 import { TIdentityAccessTokenDALFactory } from "../identity-access-token/identity-access-token-dal";
@@ -22,12 +21,11 @@ import {
   TGcpIdentityDetails,
   TGetGcpAuthDTO,
   TLoginGcpAuthDTO,
-  TRevokeGcpAuthDTO,
   TUpdateGcpAuthDTO
 } from "./identity-gcp-auth-types";
 
 type TIdentityGcpAuthServiceFactoryDep = {
-  identityGcpAuthDAL: Pick<TIdentityGcpAuthDALFactory, "findOne" | "transaction" | "create" | "updateById" | "delete">;
+  identityGcpAuthDAL: Pick<TIdentityGcpAuthDALFactory, "findOne" | "transaction" | "create" | "updateById">;
   identityOrgMembershipDAL: Pick<TIdentityOrgDALFactory, "findOne">;
   identityAccessTokenDAL: Pick<TIdentityAccessTokenDALFactory, "create">;
   identityDAL: Pick<TIdentityDALFactory, "updateById">;
@@ -317,54 +315,10 @@ export const identityGcpAuthServiceFactory = ({
     return { ...identityGcpAuth, orgId: identityMembershipOrg.orgId };
   };
 
-  const revokeIdentityGcpAuth = async ({
-    identityId,
-    actorId,
-    actor,
-    actorAuthMethod,
-    actorOrgId
-  }: TRevokeGcpAuthDTO) => {
-    const identityMembershipOrg = await identityOrgMembershipDAL.findOne({ identityId });
-    if (!identityMembershipOrg) throw new BadRequestError({ message: "Failed to find identity" });
-    if (identityMembershipOrg.identity?.authMethod !== IdentityAuthMethod.GCP_AUTH)
-      throw new BadRequestError({
-        message: "The identity does not have gcp auth"
-      });
-    const { permission } = await permissionService.getOrgPermission(
-      actor,
-      actorId,
-      identityMembershipOrg.orgId,
-      actorAuthMethod,
-      actorOrgId
-    );
-    ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Edit, OrgPermissionSubjects.Identity);
-
-    const { permission: rolePermission } = await permissionService.getOrgPermission(
-      ActorType.IDENTITY,
-      identityMembershipOrg.identityId,
-      identityMembershipOrg.orgId,
-      actorAuthMethod,
-      actorOrgId
-    );
-    const hasPriviledge = isAtLeastAsPrivileged(permission, rolePermission);
-    if (!hasPriviledge)
-      throw new ForbiddenRequestError({
-        message: "Failed to revoke gcp auth of identity with more privileged role"
-      });
-
-    const revokedIdentityGcpAuth = await identityGcpAuthDAL.transaction(async (tx) => {
-      const deletedGcpAuth = await identityGcpAuthDAL.delete({ identityId }, tx);
-      await identityDAL.updateById(identityId, { authMethod: null }, tx);
-      return { ...deletedGcpAuth?.[0], orgId: identityMembershipOrg.orgId };
-    });
-    return revokedIdentityGcpAuth;
-  };
-
   return {
     login,
     attachGcpAuth,
     updateGcpAuth,
-    getGcpAuth,
-    revokeIdentityGcpAuth
+    getGcpAuth
   };
 };

backend/src/services/identity-gcp-auth/identity-gcp-auth-types.ts

@@ -76,7 +76,3 @@ export type TDecodedGcpIamAuthJwt = {
     [key: string]: string;
   };
 };
-
-export type TRevokeGcpAuthDTO = {
-  identityId: string;
-} & Omit<TProjectPermission, "projectId">;

backend/src/services/identity-kubernetes-auth/identity-kubernetes-auth-service.ts

@@ -7,7 +7,6 @@ import { IdentityAuthMethod, SecretKeyEncoding, TIdentityKubernetesAuthsUpdate }
 import { TLicenseServiceFactory } from "@app/ee/services/license/license-service";
 import { OrgPermissionActions, OrgPermissionSubjects } from "@app/ee/services/permission/org-permission";
 import { TPermissionServiceFactory } from "@app/ee/services/permission/permission-service";
-import { isAtLeastAsPrivileged } from "@app/lib/casl";
 import { getConfig } from "@app/lib/config/env";
 import {
   decryptSymmetric,
@@ -17,11 +16,11 @@ import {
   infisicalSymmetricDecrypt,
   infisicalSymmetricEncypt
 } from "@app/lib/crypto/encryption";
-import { BadRequestError, ForbiddenRequestError, UnauthorizedError } from "@app/lib/errors";
+import { BadRequestError, UnauthorizedError } from "@app/lib/errors";
 import { extractIPDetails, isValidIpOrCidr } from "@app/lib/ip";
 import { TOrgBotDALFactory } from "@app/services/org/org-bot-dal";
 
-import { ActorType, AuthTokenType } from "../auth/auth-type";
+import { AuthTokenType } from "../auth/auth-type";
 import { TIdentityDALFactory } from "../identity/identity-dal";
 import { TIdentityOrgDALFactory } from "../identity/identity-org-dal";
 import { TIdentityAccessTokenDALFactory } from "../identity-access-token/identity-access-token-dal";
@@ -33,14 +32,13 @@ import {
   TCreateTokenReviewResponse,
   TGetKubernetesAuthDTO,
   TLoginKubernetesAuthDTO,
-  TRevokeKubernetesAuthDTO,
   TUpdateKubernetesAuthDTO
 } from "./identity-kubernetes-auth-types";
 
 type TIdentityKubernetesAuthServiceFactoryDep = {
   identityKubernetesAuthDAL: Pick<
     TIdentityKubernetesAuthDALFactory,
-    "create" | "findOne" | "transaction" | "updateById" | "delete"
+    "create" | "findOne" | "transaction" | "updateById"
   >;
   identityAccessTokenDAL: Pick<TIdentityAccessTokenDALFactory, "create">;
   identityOrgMembershipDAL: Pick<TIdentityOrgDALFactory, "findOne" | "findById">;
@@ -535,54 +533,10 @@ export const identityKubernetesAuthServiceFactory = ({
     return { ...identityKubernetesAuth, caCert, tokenReviewerJwt, orgId: identityMembershipOrg.orgId };
   };
 
-  const revokeIdentityKubernetesAuth = async ({
-    identityId,
-    actorId,
-    actor,
-    actorAuthMethod,
-    actorOrgId
-  }: TRevokeKubernetesAuthDTO) => {
-    const identityMembershipOrg = await identityOrgMembershipDAL.findOne({ identityId });
-    if (!identityMembershipOrg) throw new BadRequestError({ message: "Failed to find identity" });
-    if (identityMembershipOrg.identity?.authMethod !== IdentityAuthMethod.KUBERNETES_AUTH)
-      throw new BadRequestError({
-        message: "The identity does not have kubenetes auth"
-      });
-    const { permission } = await permissionService.getOrgPermission(
-      actor,
-      actorId,
-      identityMembershipOrg.orgId,
-      actorAuthMethod,
-      actorOrgId
-    );
-    ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Edit, OrgPermissionSubjects.Identity);
-
-    const { permission: rolePermission } = await permissionService.getOrgPermission(
-      ActorType.IDENTITY,
-      identityMembershipOrg.identityId,
-      identityMembershipOrg.orgId,
-      actorAuthMethod,
-      actorOrgId
-    );
-    const hasPriviledge = isAtLeastAsPrivileged(permission, rolePermission);
-    if (!hasPriviledge)
-      throw new ForbiddenRequestError({
-        message: "Failed to revoke kubenetes auth of identity with more privileged role"
-      });
-
-    const revokedIdentityKubernetesAuth = await identityKubernetesAuthDAL.transaction(async (tx) => {
-      const deletedKubernetesAuth = await identityKubernetesAuthDAL.delete({ identityId }, tx);
-      await identityDAL.updateById(identityId, { authMethod: null }, tx);
-      return { ...deletedKubernetesAuth?.[0], orgId: identityMembershipOrg.orgId };
-    });
-    return revokedIdentityKubernetesAuth;
-  };
-
   return {
     login,
     attachKubernetesAuth,
     updateKubernetesAuth,
-    getKubernetesAuth,
-    revokeIdentityKubernetesAuth
+    getKubernetesAuth
   };
 };

backend/src/services/identity-kubernetes-auth/identity-kubernetes-auth-types.ts

@@ -59,7 +59,3 @@ export type TCreateTokenReviewResponse = {
   };
   status: TCreateTokenReviewSuccessResponse | TCreateTokenReviewErrorResponse;
 };
-
-export type TRevokeKubernetesAuthDTO = {
-  identityId: string;
-} & Omit<TProjectPermission, "projectId">;

backend/src/services/identity-project/identity-project-dal.ts

@@ -12,7 +12,7 @@ export const identityProjectDALFactory = (db: TDbClient) => {
 
   const findByProjectId = async (projectId: string, filter: { identityId?: string } = {}, tx?: Knex) => {
     try {
-      const docs = await (tx || db.replicaNode())(TableName.IdentityProjectMembership)
+      const docs = await (tx || db)(TableName.IdentityProjectMembership)
         .where(`${TableName.IdentityProjectMembership}.projectId`, projectId)
         .join(TableName.Identity, `${TableName.IdentityProjectMembership}.identityId`, `${TableName.Identity}.id`)
         .where((qb) => {

backend/src/services/identity-ua/identity-ua-service.ts

@@ -25,9 +25,7 @@ import {
   TCreateUaClientSecretDTO,
   TGetUaClientSecretsDTO,
   TGetUaDTO,
-  TGetUniversalAuthClientSecretByIdDTO,
   TRevokeUaClientSecretDTO,
-  TRevokeUaDTO,
   TUpdateUaDTO
 } from "./identity-ua-types";
 
@@ -138,7 +136,7 @@ export const identityUaServiceFactory = ({
     return { accessToken, identityUa, validClientSecretInfo, identityAccessToken, identityMembershipOrg };
   };
 
-  const attachUniversalAuth = async ({
+  const attachUa = async ({
     accessTokenMaxTTL,
     identityId,
     accessTokenNumUsesLimit,
@@ -229,7 +227,7 @@ export const identityUaServiceFactory = ({
     return { ...identityUa, orgId: identityMembershipOrg.orgId };
   };
 
-  const updateUniversalAuth = async ({
+  const updateUa = async ({
     accessTokenMaxTTL,
     identityId,
     accessTokenNumUsesLimit,
@@ -314,7 +312,7 @@ export const identityUaServiceFactory = ({
     return { ...updatedUaAuth, orgId: identityMembershipOrg.orgId };
   };
 
-  const getIdentityUniversalAuth = async ({ identityId, actorId, actor, actorAuthMethod, actorOrgId }: TGetUaDTO) => {
+  const getIdentityUa = async ({ identityId, actorId, actor, actorAuthMethod, actorOrgId }: TGetUaDTO) => {
     const identityMembershipOrg = await identityOrgMembershipDAL.findOne({ identityId });
     if (!identityMembershipOrg) throw new BadRequestError({ message: "Failed to find identity" });
     if (identityMembershipOrg.identity?.authMethod !== IdentityAuthMethod.Univeral)
@@ -335,50 +333,7 @@ export const identityUaServiceFactory = ({
     return { ...uaIdentityAuth, orgId: identityMembershipOrg.orgId };
   };
 
-  const revokeIdentityUniversalAuth = async ({
-    identityId,
-    actorId,
-    actor,
-    actorAuthMethod,
-    actorOrgId
-  }: TRevokeUaDTO) => {
-    const identityMembershipOrg = await identityOrgMembershipDAL.findOne({ identityId });
-    if (!identityMembershipOrg) throw new BadRequestError({ message: "Failed to find identity" });
-    if (identityMembershipOrg.identity?.authMethod !== IdentityAuthMethod.Univeral)
-      throw new BadRequestError({
-        message: "The identity does not have universal auth"
-      });
-    const { permission } = await permissionService.getOrgPermission(
-      actor,
-      actorId,
-      identityMembershipOrg.orgId,
-      actorAuthMethod,
-      actorOrgId
-    );
-    ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Edit, OrgPermissionSubjects.Identity);
-
-    const { permission: rolePermission } = await permissionService.getOrgPermission(
-      ActorType.IDENTITY,
-      identityMembershipOrg.identityId,
-      identityMembershipOrg.orgId,
-      actorAuthMethod,
-      actorOrgId
-    );
-    const hasPriviledge = isAtLeastAsPrivileged(permission, rolePermission);
-    if (!hasPriviledge)
-      throw new ForbiddenRequestError({
-        message: "Failed to revoke universal auth of identity with more privileged role"
-      });
-
-    const revokedIdentityUniversalAuth = await identityUaDAL.transaction(async (tx) => {
-      const deletedUniversalAuth = await identityUaDAL.delete({ identityId }, tx);
-      await identityDAL.updateById(identityId, { authMethod: null }, tx);
-      return { ...deletedUniversalAuth?.[0], orgId: identityMembershipOrg.orgId };
-    });
-    return revokedIdentityUniversalAuth;
-  };
-
-  const createUniversalAuthClientSecret = async ({
+  const createUaClientSecret = async ({
     actor,
     actorId,
     actorOrgId,
@@ -441,7 +396,7 @@ export const identityUaServiceFactory = ({
     };
   };
 
-  const getUniversalAuthClientSecrets = async ({
+  const getUaClientSecrets = async ({
     actor,
     actorId,
     actorOrgId,
@@ -487,47 +442,7 @@ export const identityUaServiceFactory = ({
     return { clientSecrets, orgId: identityMembershipOrg.orgId };
   };
 
-  const getUniversalAuthClientSecretById = async ({
-    identityId,
-    actorId,
-    actor,
-    actorOrgId,
-    actorAuthMethod,
-    clientSecretId
-  }: TGetUniversalAuthClientSecretByIdDTO) => {
-    const identityMembershipOrg = await identityOrgMembershipDAL.findOne({ identityId });
-    if (!identityMembershipOrg) throw new BadRequestError({ message: "Failed to find identity" });
-    if (identityMembershipOrg.identity?.authMethod !== IdentityAuthMethod.Univeral)
-      throw new BadRequestError({
-        message: "The identity does not have universal auth"
-      });
-    const { permission } = await permissionService.getOrgPermission(
-      actor,
-      actorId,
-      identityMembershipOrg.orgId,
-      actorAuthMethod,
-      actorOrgId
-    );
-    ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Read, OrgPermissionSubjects.Identity);
-
-    const { permission: rolePermission } = await permissionService.getOrgPermission(
-      ActorType.IDENTITY,
-      identityMembershipOrg.identityId,
-      identityMembershipOrg.orgId,
-      actorAuthMethod,
-      actorOrgId
-    );
-    const hasPriviledge = isAtLeastAsPrivileged(permission, rolePermission);
-    if (!hasPriviledge)
-      throw new ForbiddenRequestError({
-        message: "Failed to read identity client secret of project with more privileged role"
-      });
-
-    const clientSecret = await identityUaClientSecretDAL.findById(clientSecretId);
-    return { ...clientSecret, identityId, orgId: identityMembershipOrg.orgId };
-  };
-
-  const revokeUniversalAuthClientSecret = async ({
+  const revokeUaClientSecret = async ({
     identityId,
     actorId,
     actor,
@@ -560,7 +475,7 @@ export const identityUaServiceFactory = ({
     const hasPriviledge = isAtLeastAsPrivileged(permission, rolePermission);
     if (!hasPriviledge)
       throw new ForbiddenRequestError({
-        message: "Failed to revoke identity client secret with more privileged role"
+        message: "Failed to add identity to project with more privileged role"
       });
 
     const clientSecret = await identityUaClientSecretDAL.updateById(clientSecretId, {
@@ -571,13 +486,11 @@ export const identityUaServiceFactory = ({
 
   return {
     login,
-    attachUniversalAuth,
-    updateUniversalAuth,
-    getIdentityUniversalAuth,
-    revokeIdentityUniversalAuth,
-    createUniversalAuthClientSecret,
-    getUniversalAuthClientSecrets,
-    revokeUniversalAuthClientSecret,
-    getUniversalAuthClientSecretById
+    attachUa,
+    updateUa,
+    getIdentityUa,
+    createUaClientSecret,
+    getUaClientSecrets,
+    revokeUaClientSecret
   };
 };

backend/src/services/identity-ua/identity-ua-types.ts

@@ -22,10 +22,6 @@ export type TGetUaDTO = {
   identityId: string;
 } & Omit<TProjectPermission, "projectId">;
 
-export type TRevokeUaDTO = {
-  identityId: string;
-} & Omit<TProjectPermission, "projectId">;
-
 export type TCreateUaClientSecretDTO = {
   identityId: string;
   description: string;
@@ -41,8 +37,3 @@ export type TRevokeUaClientSecretDTO = {
   identityId: string;
   clientSecretId: string;
 } & Omit<TProjectPermission, "projectId">;
-
-export type TGetUniversalAuthClientSecretByIdDTO = {
-  identityId: string;
-  clientSecretId: string;
-} & Omit<TProjectPermission, "projectId">;

backend/src/services/identity/identity-org-dal.ts

@@ -12,7 +12,7 @@ export const identityOrgDALFactory = (db: TDbClient) => {
 
   const findOne = async (filter: Partial<TIdentityOrgMemberships>, tx?: Knex) => {
     try {
-      const [data] = await (tx || db.replicaNode())(TableName.IdentityOrgMembership)
+      const [data] = await (tx || db)(TableName.IdentityOrgMembership)
         .where(filter)
         .join(TableName.Identity, `${TableName.IdentityOrgMembership}.identityId`, `${TableName.Identity}.id`)
         .select(selectAllTableCols(TableName.IdentityOrgMembership))
@@ -27,10 +27,10 @@ export const identityOrgDALFactory = (db: TDbClient) => {
     }
   };
 
-  const find = async (filter: Partial<TIdentityOrgMemberships>, tx?: Knex) => {
+  const findByOrgId = async (orgId: string, tx?: Knex) => {
     try {
-      const docs = await (tx || db.replicaNode())(TableName.IdentityOrgMembership)
-        .where(filter)
+      const docs = await (tx || db)(TableName.IdentityOrgMembership)
+        .where(`${TableName.IdentityOrgMembership}.orgId`, orgId)
         .join(TableName.Identity, `${TableName.IdentityOrgMembership}.identityId`, `${TableName.Identity}.id`)
         .leftJoin(TableName.OrgRoles, `${TableName.IdentityOrgMembership}.roleId`, `${TableName.OrgRoles}.id`)
         .select(selectAllTableCols(TableName.IdentityOrgMembership))
@@ -79,5 +79,5 @@ export const identityOrgDALFactory = (db: TDbClient) => {
     }
   };
 
-  return { ...identityOrgOrm, find, findOne };
+  return { ...identityOrgOrm, findOne, findByOrgId };
 };

backend/src/services/identity/identity-service.ts

@@ -1,7 +1,6 @@
 import { ForbiddenError } from "@casl/ability";
 
-import { OrgMembershipRole, TableName, TOrgRoles } from "@app/db/schemas";
-import { TLicenseServiceFactory } from "@app/ee/services/license/license-service";
+import { OrgMembershipRole, TOrgRoles } from "@app/db/schemas";
 import { OrgPermissionActions, OrgPermissionSubjects } from "@app/ee/services/permission/org-permission";
 import { TPermissionServiceFactory } from "@app/ee/services/permission/permission-service";
 import { isAtLeastAsPrivileged } from "@app/lib/casl";
@@ -11,13 +10,12 @@ import { TOrgPermission } from "@app/lib/types";
 import { ActorType } from "../auth/auth-type";
 import { TIdentityDALFactory } from "./identity-dal";
 import { TIdentityOrgDALFactory } from "./identity-org-dal";
-import { TCreateIdentityDTO, TDeleteIdentityDTO, TGetIdentityByIdDTO, TUpdateIdentityDTO } from "./identity-types";
+import { TCreateIdentityDTO, TDeleteIdentityDTO, TUpdateIdentityDTO } from "./identity-types";
 
 type TIdentityServiceFactoryDep = {
   identityDAL: TIdentityDALFactory;
   identityOrgMembershipDAL: TIdentityOrgDALFactory;
   permissionService: Pick<TPermissionServiceFactory, "getOrgPermission" | "getOrgPermissionByRole">;
-  licenseService: Pick<TLicenseServiceFactory, "getPlan" | "updateSubscriptionOrgMemberCount">;
 };
 
 export type TIdentityServiceFactory = ReturnType<typeof identityServiceFactory>;
@@ -25,8 +23,7 @@ export type TIdentityServiceFactory = ReturnType<typeof identityServiceFactory>;
 export const identityServiceFactory = ({
   identityDAL,
   identityOrgMembershipDAL,
-  permissionService,
-  licenseService
+  permissionService
 }: TIdentityServiceFactoryDep) => {
   const createIdentity = async ({
     name,
@@ -48,14 +45,6 @@ export const identityServiceFactory = ({
     const hasRequiredPriviledges = isAtLeastAsPrivileged(permission, rolePermission);
     if (!hasRequiredPriviledges) throw new BadRequestError({ message: "Failed to create a more privileged identity" });
 
-    const plan = await licenseService.getPlan(orgId);
-    if (plan?.identityLimit && plan.identitiesUsed >= plan.identityLimit) {
-      // limit imposed on number of identities allowed / number of identities used exceeds the number of identities allowed
-      throw new BadRequestError({
-        message: "Failed to create identity due to identity limit reached. Upgrade plan to create more identities."
-      });
-    }
-
     const identity = await identityDAL.transaction(async (tx) => {
       const newIdentity = await identityDAL.create({ name }, tx);
       await identityOrgMembershipDAL.create(
@@ -69,7 +58,6 @@ export const identityServiceFactory = ({
       );
       return newIdentity;
     });
-    await licenseService.updateSubscriptionOrgMemberCount(orgId);
 
     return identity;
   };
@@ -127,7 +115,7 @@ export const identityServiceFactory = ({
           { identityId: id },
           {
             role: customRole ? OrgMembershipRole.Custom : role,
-            roleId: customRole?.id || null
+            roleId: customRole?.id
           },
           tx
         );
@@ -138,24 +126,6 @@ export const identityServiceFactory = ({
     return { ...identity, orgId: identityOrgMembership.orgId };
   };
 
-  const getIdentityById = async ({ id, actor, actorId, actorOrgId, actorAuthMethod }: TGetIdentityByIdDTO) => {
-    const doc = await identityOrgMembershipDAL.find({
-      [`${TableName.IdentityOrgMembership}.identityId` as "identityId"]: id
-    });
-    const identity = doc[0];
-    if (!identity) throw new BadRequestError({ message: `Failed to find identity with id ${id}` });
-
-    const { permission } = await permissionService.getOrgPermission(
-      actor,
-      actorId,
-      identity.orgId,
-      actorAuthMethod,
-      actorOrgId
-    );
-    ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Read, OrgPermissionSubjects.Identity);
-    return identity;
-  };
-
   const deleteIdentity = async ({ actorId, actor, actorOrgId, actorAuthMethod, id }: TDeleteIdentityDTO) => {
     const identityOrgMembership = await identityOrgMembershipDAL.findOne({ identityId: id });
     if (!identityOrgMembership) throw new BadRequestError({ message: `Failed to find identity with id ${id}` });
@@ -180,9 +150,6 @@ export const identityServiceFactory = ({
       throw new ForbiddenRequestError({ message: "Failed to delete more privileged identity" });
 
     const deletedIdentity = await identityDAL.deleteById(id);
-
-    await licenseService.updateSubscriptionOrgMemberCount(identityOrgMembership.orgId);
-
     return { ...deletedIdentity, orgId: identityOrgMembership.orgId };
   };
 
@@ -190,9 +157,7 @@ export const identityServiceFactory = ({
     const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorAuthMethod, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Read, OrgPermissionSubjects.Identity);
 
-    const identityMemberships = await identityOrgMembershipDAL.find({
-      [`${TableName.IdentityOrgMembership}.orgId` as "orgId"]: orgId
-    });
+    const identityMemberships = await identityOrgMembershipDAL.findByOrgId(orgId);
     return identityMemberships;
   };
 
@@ -200,7 +165,6 @@ export const identityServiceFactory = ({
     createIdentity,
     updateIdentity,
     deleteIdentity,
-    listOrgIdentities,
-    getIdentityById
+    listOrgIdentities
   };
 };

backend/src/services/identity/identity-types.ts

@@ -16,10 +16,6 @@ export type TDeleteIdentityDTO = {
   id: string;
 } & Omit<TOrgPermission, "orgId">;
 
-export type TGetIdentityByIdDTO = {
-  id: string;
-} & Omit<TOrgPermission, "orgId">;
-
 export interface TIdentityTrustedIp {
   ipAddress: string;
   type: IPType;

backend/src/services/integration-auth/integration-auth-service.ts

@@ -178,8 +178,7 @@ export const integrationAuthServiceFactory = ({
     actorAuthMethod,
     accessId,
     namespace,
-    accessToken,
-    awsAssumeIamRoleArn
+    accessToken
   }: TSaveIntegrationAccessTokenDTO) => {
     if (!Object.values(Integrations).includes(integration as Integrations))
       throw new BadRequestError({ message: "Invalid integration" });
@@ -231,7 +230,7 @@ export const integrationAuthServiceFactory = ({
       updateDoc.accessExpiresAt = tokenDetails.accessExpiresAt;
     }
 
-    if (!refreshToken && (accessId || accessToken || awsAssumeIamRoleArn)) {
+    if (!refreshToken && (accessId || accessToken)) {
       if (accessToken) {
         const accessEncToken = encryptSymmetric128BitHexKeyUTF8(accessToken, key);
         updateDoc.accessIV = accessEncToken.iv;
@@ -244,12 +243,6 @@ export const integrationAuthServiceFactory = ({
         updateDoc.accessIdTag = accessEncToken.tag;
         updateDoc.accessIdCiphertext = accessEncToken.ciphertext;
       }
-      if (awsAssumeIamRoleArn) {
-        const awsAssumeIamRoleArnEnc = encryptSymmetric128BitHexKeyUTF8(awsAssumeIamRoleArn, key);
-        updateDoc.awsAssumeIamRoleArnCipherText = awsAssumeIamRoleArnEnc.ciphertext;
-        updateDoc.awsAssumeIamRoleArnIV = awsAssumeIamRoleArnEnc.iv;
-        updateDoc.awsAssumeIamRoleArnTag = awsAssumeIamRoleArnEnc.tag;
-      }
     }
     return integrationAuthDAL.create(updateDoc);
   };
@@ -258,14 +251,6 @@ export const integrationAuthServiceFactory = ({
   const getIntegrationAccessToken = async (integrationAuth: TIntegrationAuths, botKey: string) => {
     let accessToken: string | undefined;
     let accessId: string | undefined;
-    // this means its not access token based
-    if (
-      integrationAuth.integration === Integrations.AWS_SECRET_MANAGER &&
-      integrationAuth.awsAssumeIamRoleArnCipherText
-    ) {
-      return { accessToken: "", accessId: "" };
-    }
-
     if (integrationAuth.accessTag && integrationAuth.accessIV && integrationAuth.accessCiphertext) {
       accessToken = decryptSymmetric128BitHexKeyUTF8({
         ciphertext: integrationAuth.accessCiphertext,

backend/src/services/integration-auth/integration-auth-types.ts

@@ -17,7 +17,6 @@ export type TSaveIntegrationAccessTokenDTO = {
   url?: string;
   namespace?: string;
   refreshToken?: string;
-  awsAssumeIamRoleArn?: string;
 } & TProjectPermission;
 
 export type TDeleteIntegrationAuthsDTO = TProjectPermission & {

backend/src/services/integration-auth/integration-sync-secret.ts

@@ -17,17 +17,14 @@ import {
   UntagResourceCommand,
   UpdateSecretCommand
 } from "@aws-sdk/client-secrets-manager";
-import { AssumeRoleCommand, STSClient } from "@aws-sdk/client-sts";
 import { Octokit } from "@octokit/rest";
 import AWS, { AWSError } from "aws-sdk";
 import { AxiosError } from "axios";
-import { randomUUID } from "crypto";
 import sodium from "libsodium-wrappers";
 import isEqual from "lodash.isequal";
 import { z } from "zod";
 
 import { SecretType, TIntegrationAuths, TIntegrations, TSecrets } from "@app/db/schemas";
-import { getConfig } from "@app/lib/config/env";
 import { request } from "@app/lib/config/request";
 import { BadRequestError } from "@app/lib/errors";
 import { logger } from "@app/lib/logger";
@@ -260,27 +257,14 @@ const syncSecretsGCPSecretManager = async ({
 const syncSecretsAzureKeyVault = async ({
   integration,
   secrets,
-  accessToken,
-  createManySecretsRawFn,
-  updateManySecretsRawFn
+  accessToken
 }: {
-  integration: TIntegrations & {
-    projectId: string;
-    environment: {
-      id: string;
-      name: string;
-      slug: string;
-    };
-    secretPath: string;
-  };
+  integration: TIntegrations;
   secrets: Record<string, { value: string; comment?: string }>;
   accessToken: string;
-  createManySecretsRawFn: (params: TCreateManySecretsRawFn) => Promise<Array<TSecrets & { _id: string }>>;
-  updateManySecretsRawFn: (params: TUpdateManySecretsRawFn) => Promise<Array<TSecrets & { _id: string }>>;
 }) => {
   interface GetAzureKeyVaultSecret {
     id: string; // secret URI
-    value: string;
     attributes: {
       enabled: true;
       created: number;
@@ -377,83 +361,6 @@ const syncSecretsAzureKeyVault = async ({
     }
   });
 
-  const secretsToAdd: { [key: string]: string } = {};
-  const secretsToUpdate: { [key: string]: string } = {};
-  const secretKeysToRemoveFromDelete = new Set<string>();
-
-  const metadata = IntegrationMetadataSchema.parse(integration.metadata);
-  if (!integration.lastUsed) {
-    Object.keys(res).forEach((key) => {
-      // first time using integration
-      const underscoredKey = key.replace(/-/g, "_");
-
-      // -> apply initial sync behavior
-      switch (metadata.initialSyncBehavior) {
-        case IntegrationInitialSyncBehavior.PREFER_TARGET: {
-          if (!(underscoredKey in secrets)) {
-            secretsToAdd[underscoredKey] = res[key].value;
-            setSecrets.push({
-              key,
-              value: res[key].value
-            });
-          } else if (secrets[underscoredKey]?.value !== res[key].value) {
-            secretsToUpdate[underscoredKey] = res[key].value;
-            const toEditSecretIndex = setSecrets.findIndex((secret) => secret.key === key);
-            if (toEditSecretIndex >= 0) {
-              setSecrets[toEditSecretIndex].value = res[key].value;
-            }
-          }
-
-          secretKeysToRemoveFromDelete.add(key);
-
-          break;
-        }
-        case IntegrationInitialSyncBehavior.PREFER_SOURCE: {
-          if (!(underscoredKey in secrets)) {
-            secretsToAdd[underscoredKey] = res[key].value;
-            setSecrets.push({
-              key,
-              value: res[key].value
-            });
-          }
-
-          secretKeysToRemoveFromDelete.add(key);
-          break;
-        }
-        default:
-          break;
-      }
-    });
-  }
-
-  if (Object.keys(secretsToUpdate).length) {
-    await updateManySecretsRawFn({
-      projectId: integration.projectId,
-      environment: integration.environment.slug,
-      path: integration.secretPath,
-      secrets: Object.keys(secretsToUpdate).map((key) => ({
-        secretName: key,
-        secretValue: secretsToUpdate[key],
-        type: SecretType.Shared,
-        secretComment: ""
-      }))
-    });
-  }
-
-  if (Object.keys(secretsToAdd).length) {
-    await createManySecretsRawFn({
-      projectId: integration.projectId,
-      environment: integration.environment.slug,
-      path: integration.secretPath,
-      secrets: Object.keys(secretsToAdd).map((key) => ({
-        secretName: key,
-        secretValue: secretsToAdd[key],
-        type: SecretType.Shared,
-        secretComment: ""
-      }))
-    });
-  }
-
   const setSecretAzureKeyVault = async ({
     key,
     value,
@@ -521,7 +428,7 @@ const syncSecretsAzureKeyVault = async ({
     });
   }
 
-  for await (const deleteSecret of deleteSecrets.filter((secret) => !secretKeysToRemoveFromDelete.has(secret.key))) {
+  for await (const deleteSecret of deleteSecrets) {
     const { key } = deleteSecret;
     await request.delete(`${integration.app}/secrets/${key}?api-version=7.3`, {
       headers: {
@@ -698,61 +605,24 @@ const syncSecretsAWSSecretManager = async ({
   integration,
   secrets,
   accessId,
-  accessToken,
-  awsAssumeRoleArn,
-  projectId
+  accessToken
 }: {
   integration: TIntegrations;
   secrets: Record<string, { value: string; comment?: string }>;
   accessId: string | null;
   accessToken: string;
-  awsAssumeRoleArn: string | null;
-  projectId?: string;
 }) => {
-  const appCfg = getConfig();
   const metadata = z.record(z.any()).parse(integration.metadata || {});
 
-  if (!accessId && !awsAssumeRoleArn) {
-    throw new Error("AWS access ID/AWS Assume Role is required");
-  }
-
-  let accessKeyId = "";
-  let secretAccessKey = "";
-  let sessionToken;
-  if (awsAssumeRoleArn) {
-    const client = new STSClient({
-      region: integration.region as string,
-      credentials:
-        appCfg.CLIENT_ID_AWS_INTEGRATION && appCfg.CLIENT_SECRET_AWS_INTEGRATION
-          ? {
-              accessKeyId: appCfg.CLIENT_ID_AWS_INTEGRATION,
-              secretAccessKey: appCfg.CLIENT_SECRET_AWS_INTEGRATION
-            }
-          : undefined
-    });
-    const command = new AssumeRoleCommand({
-      RoleArn: awsAssumeRoleArn,
-      RoleSessionName: `infisical-sm-${randomUUID()}`,
-      DurationSeconds: 900, // 15mins
-      ExternalId: projectId
-    });
-    const response = await client.send(command);
-    if (!response.Credentials?.AccessKeyId || !response.Credentials?.SecretAccessKey)
-      throw new Error("Failed to assume role");
-    accessKeyId = response.Credentials?.AccessKeyId;
-    secretAccessKey = response.Credentials?.SecretAccessKey;
-    sessionToken = response.Credentials?.SessionToken;
-  } else {
-    accessKeyId = accessId as string;
-    secretAccessKey = accessToken;
+  if (!accessId) {
+    throw new Error("AWS access ID is required");
   }
 
   const secretsManager = new SecretsManagerClient({
     region: integration.region as string,
     credentials: {
-      accessKeyId,
-      secretAccessKey,
-      sessionToken
+      accessKeyId: accessId,
+      secretAccessKey: accessToken
     }
   });
 
@@ -3608,9 +3478,7 @@ export const syncIntegrationSecrets = async ({
   secrets,
   accessId,
   accessToken,
-  awsAssumeRoleArn,
-  appendices,
-  projectId
+  appendices
 }: {
   createManySecretsRawFn: (params: TCreateManySecretsRawFn) => Promise<Array<TSecrets & { _id: string }>>;
   updateManySecretsRawFn: (params: TUpdateManySecretsRawFn) => Promise<Array<TSecrets & { _id: string }>>;
@@ -3627,10 +3495,8 @@ export const syncIntegrationSecrets = async ({
   integrationAuth: TIntegrationAuths;
   secrets: Record<string, { value: string; comment?: string }>;
   accessId: string | null;
-  awsAssumeRoleArn: string | null;
   accessToken: string;
   appendices?: { prefix: string; suffix: string };
-  projectId?: string;
 }) => {
   let response: { isSynced: boolean; syncMessage: string } | null = null;
 
@@ -3646,9 +3512,7 @@ export const syncIntegrationSecrets = async ({
       await syncSecretsAzureKeyVault({
         integration,
         secrets,
-        accessToken,
-        createManySecretsRawFn,
-        updateManySecretsRawFn
+        accessToken
       });
       break;
     case Integrations.AWS_PARAMETER_STORE:
@@ -3664,9 +3528,7 @@ export const syncIntegrationSecrets = async ({
         integration,
         secrets,
         accessId,
-        accessToken,
-        awsAssumeRoleArn,
-        projectId
+        accessToken
       });
       break;
     case Integrations.HEROKU:

backend/src/services/integration/integration-dal.ts

@@ -22,7 +22,7 @@ export const integrationDALFactory = (db: TDbClient) => {
 
   const find = async (filter: Partial<TIntegrations>, tx?: Knex) => {
     try {
-      const docs = await integrationFindQuery(tx || db.replicaNode(), filter);
+      const docs = await integrationFindQuery(tx || db, filter);
       return docs.map(({ envId, envSlug, envName, ...el }) => ({
         ...el,
         environment: {
@@ -38,7 +38,7 @@ export const integrationDALFactory = (db: TDbClient) => {
 
   const findOne = async (filter: Partial<TIntegrations>, tx?: Knex) => {
     try {
-      const doc = await integrationFindQuery(tx || db.replicaNode(), filter).first();
+      const doc = await integrationFindQuery(tx || db, filter).first();
       if (!doc) return;
 
       const { envName: name, envSlug: slug, envId: id, ...el } = doc;
@@ -50,7 +50,7 @@ export const integrationDALFactory = (db: TDbClient) => {
 
   const findById = async (id: string, tx?: Knex) => {
     try {
-      const doc = await integrationFindQuery(tx || db.replicaNode(), {
+      const doc = await integrationFindQuery(tx || db, {
         [`${TableName.Integration}.id` as "id"]: id
       }).first();
       if (!doc) return;
@@ -64,7 +64,7 @@ export const integrationDALFactory = (db: TDbClient) => {
 
   const findByProjectId = async (projectId: string, tx?: Knex) => {
     try {
-      const integrations = await (tx || db.replicaNode())(TableName.Integration)
+      const integrations = await (tx || db)(TableName.Integration)
         .where(`${TableName.Environment}.projectId`, projectId)
         .join(TableName.Environment, `${TableName.Integration}.envId`, `${TableName.Environment}.id`)
         .select(db.ref("name").withSchema(TableName.Environment).as("envName"))
@@ -90,7 +90,7 @@ export const integrationDALFactory = (db: TDbClient) => {
   // used for syncing secrets
   // this will populate integration auth also
   const findByProjectIdV2 = async (projectId: string, environment: string, tx?: Knex) => {
-    const docs = await (tx || db.replicaNode())(TableName.Integration)
+    const docs = await (tx || db)(TableName.Integration)
       .where(`${TableName.Environment}.projectId`, projectId)
       .where("isActive", true)
       .where(`${TableName.Environment}.slug`, environment)
@@ -120,10 +120,7 @@ export const integrationDALFactory = (db: TDbClient) => {
         db.ref("accessExpiresAt").withSchema(TableName.IntegrationAuth).as("accessExpiresAtAu"),
         db.ref("metadata").withSchema(TableName.IntegrationAuth).as("metadataAu"),
         db.ref("algorithm").withSchema(TableName.IntegrationAuth).as("algorithmAu"),
-        db.ref("keyEncoding").withSchema(TableName.IntegrationAuth).as("keyEncodingAu"),
-        db.ref("awsAssumeIamRoleArnCipherText").withSchema(TableName.IntegrationAuth),
-        db.ref("awsAssumeIamRoleArnIV").withSchema(TableName.IntegrationAuth),
-        db.ref("awsAssumeIamRoleArnTag").withSchema(TableName.IntegrationAuth)
+        db.ref("keyEncoding").withSchema(TableName.IntegrationAuth).as("keyEncodingAu")
       );
     return docs.map(
       ({
@@ -149,9 +146,6 @@ export const integrationDALFactory = (db: TDbClient) => {
         algorithmAu: algorithm,
         keyEncodingAu: keyEncoding,
         accessExpiresAtAu: accessExpiresAt,
-        awsAssumeIamRoleArnIV,
-        awsAssumeIamRoleArnCipherText,
-        awsAssumeIamRoleArnTag,
         ...el
       }) => ({
         ...el,
@@ -180,10 +174,7 @@ export const integrationDALFactory = (db: TDbClient) => {
           metadata,
           algorithm,
           keyEncoding,
-          accessExpiresAt,
-          awsAssumeIamRoleArnIV,
-          awsAssumeIamRoleArnCipherText,
-          awsAssumeIamRoleArnTag
+          accessExpiresAt
         }
       })
     );

backend/src/services/org/incident-contacts-dal.ts

@@ -16,7 +16,7 @@ export const incidentContactDALFactory = (db: TDbClient) => {
 
   const findByOrgId = async (orgId: string) => {
     try {
-      const incidentContacts = await db.replicaNode()(TableName.IncidentContact).where({ orgId });
+      const incidentContacts = await db(TableName.IncidentContact).where({ orgId });
       return incidentContacts;
     } catch (error) {
       throw new DatabaseError({ name: "Incident contact list", error });
@@ -25,8 +25,7 @@ export const incidentContactDALFactory = (db: TDbClient) => {
 
   const findOne = async (orgId: string, data: Partial<TIncidentContacts>) => {
     try {
-      const incidentContacts = await db
-        .replicaNode()(TableName.IncidentContact)
+      const incidentContacts = await db(TableName.IncidentContact)
         .where({ orgId, ...data })
         .first();
       return incidentContacts;

backend/src/services/org/org-dal.ts

@@ -20,7 +20,7 @@ export const orgDALFactory = (db: TDbClient) => {
 
   const findOrgById = async (orgId: string) => {
     try {
-      const org = await db.replicaNode()(TableName.Organization).where({ id: orgId }).first();
+      const org = await db(TableName.Organization).where({ id: orgId }).first();
       return org;
     } catch (error) {
       throw new DatabaseError({ error, name: "Find org by id" });
@@ -30,8 +30,7 @@ export const orgDALFactory = (db: TDbClient) => {
   // special query
   const findAllOrgsByUserId = async (userId: string): Promise<TOrganizations[]> => {
     try {
-      const org = await db
-        .replicaNode()(TableName.OrgMembership)
+      const org = await db(TableName.OrgMembership)
         .where({ userId })
         .join(TableName.Organization, `${TableName.OrgMembership}.orgId`, `${TableName.Organization}.id`)
         .select(selectAllTableCols(TableName.Organization));
@@ -43,8 +42,7 @@ export const orgDALFactory = (db: TDbClient) => {
 
   const findOrgByProjectId = async (projectId: string): Promise<TOrganizations> => {
     try {
-      const [org] = await db
-        .replicaNode()(TableName.Project)
+      const [org] = await db(TableName.Project)
         .where({ [`${TableName.Project}.id` as "id"]: projectId })
         .join(TableName.Organization, `${TableName.Project}.orgId`, `${TableName.Organization}.id`)
         .select(selectAllTableCols(TableName.Organization));
@@ -58,8 +56,7 @@ export const orgDALFactory = (db: TDbClient) => {
   // special query
   const findAllOrgMembers = async (orgId: string) => {
     try {
-      const members = await db
-        .replicaNode()(TableName.OrgMembership)
+      const members = await db(TableName.OrgMembership)
         .where(`${TableName.OrgMembership}.orgId`, orgId)
         .join(TableName.Users, `${TableName.OrgMembership}.userId`, `${TableName.Users}.id`)
         .leftJoin<TUserEncryptionKeys>(
@@ -98,8 +95,7 @@ export const orgDALFactory = (db: TDbClient) => {
         count: string;
       }
 
-      const count = await db
-        .replicaNode()(TableName.OrgMembership)
+      const count = await db(TableName.OrgMembership)
         .where(`${TableName.OrgMembership}.orgId`, orgId)
         .count("*")
         .join(TableName.Users, `${TableName.OrgMembership}.userId`, `${TableName.Users}.id`)
@@ -114,8 +110,7 @@ export const orgDALFactory = (db: TDbClient) => {
 
   const findOrgMembersByUsername = async (orgId: string, usernames: string[]) => {
     try {
-      const members = await db
-        .replicaNode()(TableName.OrgMembership)
+      const members = await db(TableName.OrgMembership)
         .where(`${TableName.OrgMembership}.orgId`, orgId)
         .join(TableName.Users, `${TableName.OrgMembership}.userId`, `${TableName.Users}.id`)
         .leftJoin<TUserEncryptionKeys>(
@@ -150,8 +145,7 @@ export const orgDALFactory = (db: TDbClient) => {
 
   const findOrgGhostUser = async (orgId: string) => {
     try {
-      const member = await db
-        .replicaNode()(TableName.OrgMembership)
+      const member = await db(TableName.OrgMembership)
         .where({ orgId })
         .join(TableName.Users, `${TableName.OrgMembership}.userId`, `${TableName.Users}.id`)
         .leftJoin(TableName.UserEncryptionKey, `${TableName.UserEncryptionKey}.userId`, `${TableName.Users}.id`)
@@ -175,8 +169,7 @@ export const orgDALFactory = (db: TDbClient) => {
 
   const ghostUserExists = async (orgId: string) => {
     try {
-      const member = await db
-        .replicaNode()(TableName.OrgMembership)
+      const member = await db(TableName.OrgMembership)
         .where({ orgId })
         .join(TableName.Users, `${TableName.OrgMembership}.userId`, `${TableName.Users}.id`)
         .leftJoin(TableName.UserEncryptionKey, `${TableName.UserEncryptionKey}.userId`, `${TableName.Users}.id`)
@@ -264,7 +257,7 @@ export const orgDALFactory = (db: TDbClient) => {
     { offset, limit, sort, tx }: TFindOpt<TOrgMemberships> = {}
   ) => {
     try {
-      const query = (tx || db.replicaNode())(TableName.OrgMembership)
+      const query = (tx || db)(TableName.OrgMembership)
         // eslint-disable-next-line
         .where(buildFindFilter(filter))
         .join(TableName.Users, `${TableName.Users}.id`, `${TableName.OrgMembership}.userId`)

backend/src/services/org/org-service.ts

@@ -420,20 +420,13 @@ export const orgServiceFactory = ({
     }
 
     const plan = await licenseService.getPlan(orgId);
-    if (plan?.memberLimit && plan.membersUsed >= plan.memberLimit) {
-      // limit imposed on number of members allowed / number of members used exceeds the number of members allowed
+    if (plan.memberLimit !== null && plan.membersUsed >= plan.memberLimit) {
+      // case: limit imposed on number of members allowed
+      // case: number of members used exceeds the number of members allowed
       throw new BadRequestError({
         message: "Failed to invite member due to member limit reached. Upgrade plan to invite more members."
       });
     }
-
-    if (plan?.identityLimit && plan.identitiesUsed >= plan.identityLimit) {
-      // limit imposed on number of identities allowed / number of identities used exceeds the number of identities allowed
-      throw new BadRequestError({
-        message: "Failed to invite member due to member limit reached. Upgrade plan to invite more members."
-      });
-    }
-
     const invitee = await orgDAL.transaction(async (tx) => {
       const inviteeUser = await userDAL.findUserByUsername(inviteeEmail, tx);
       if (inviteeUser) {

backend/src/services/project-bot/project-bot-dal.ts

@@ -12,7 +12,7 @@ export const projectBotDALFactory = (db: TDbClient) => {
 
   const findOne = async (filter: Partial<TProjectBots>, tx?: Knex) => {
     try {
-      const bot = await (tx || db.replicaNode())(TableName.ProjectBot)
+      const bot = await (tx || db)(TableName.ProjectBot)
         .where(filter)
         .leftJoin(TableName.Users, `${TableName.ProjectBot}.senderId`, `${TableName.Users}.id`)
         .leftJoin(TableName.UserEncryptionKey, `${TableName.UserEncryptionKey}.userId`, `${TableName.Users}.id`)

backend/src/services/project-env/project-env-dal.ts

@@ -12,9 +12,7 @@ export const projectEnvDALFactory = (db: TDbClient) => {
 
   const findBySlugs = async (projectId: string, env: string[], tx?: Knex) => {
     try {
-      const envs = await (tx || db.replicaNode())(TableName.Environment)
-        .where("projectId", projectId)
-        .whereIn("slug", env);
+      const envs = await (tx || db)(TableName.Environment).where("projectId", projectId).whereIn("slug", env);
       return envs;
     } catch (error) {
       throw new DatabaseError({ error, name: "Find by slugs" });

backend/src/services/project-key/project-key-dal.ts

@@ -16,7 +16,7 @@ export const projectKeyDALFactory = (db: TDbClient) => {
     tx?: Knex
   ): Promise<(TProjectKeys & { sender: { publicKey: string } }) | undefined> => {
     try {
-      const projectKey = await (tx || db.replicaNode())(TableName.ProjectKeys)
+      const projectKey = await (tx || db)(TableName.ProjectKeys)
         .join(TableName.Users, `${TableName.ProjectKeys}.senderId`, `${TableName.Users}.id`)
         .join(TableName.UserEncryptionKey, `${TableName.UserEncryptionKey}.userId`, `${TableName.Users}.id`)
         .where({ projectId, receiverId: userId })
@@ -34,7 +34,7 @@ export const projectKeyDALFactory = (db: TDbClient) => {
 
   const findAllProjectUserPubKeys = async (projectId: string, tx?: Knex) => {
     try {
-      const pubKeys = await (tx || db.replicaNode())(TableName.ProjectMembership)
+      const pubKeys = await (tx || db)(TableName.ProjectMembership)
         .where({ projectId })
         .join(TableName.Users, `${TableName.ProjectMembership}.userId`, `${TableName.Users}.id`)
         .join(TableName.UserEncryptionKey, `${TableName.Users}.id`, `${TableName.UserEncryptionKey}.userId`)

backend/src/services/project-membership/project-membership-dal.ts

@@ -13,8 +13,7 @@ export const projectMembershipDALFactory = (db: TDbClient) => {
   // special query
   const findAllProjectMembers = async (projectId: string, filter: { usernames?: string[]; username?: string } = {}) => {
     try {
-      const docs = await db
-        .replicaNode()(TableName.ProjectMembership)
+      const docs = await db(TableName.ProjectMembership)
         .where({ [`${TableName.ProjectMembership}.projectId` as "projectId"]: projectId })
         .join(TableName.Users, `${TableName.ProjectMembership}.userId`, `${TableName.Users}.id`)
         .where((qb) => {
@@ -109,7 +108,7 @@ export const projectMembershipDALFactory = (db: TDbClient) => {
 
   const findProjectGhostUser = async (projectId: string, tx?: Knex) => {
     try {
-      const ghostUser = await (tx || db.replicaNode())(TableName.ProjectMembership)
+      const ghostUser = await (tx || db)(TableName.ProjectMembership)
         .where({ projectId })
         .join(TableName.Users, `${TableName.ProjectMembership}.userId`, `${TableName.Users}.id`)
         .select(selectAllTableCols(TableName.Users))
@@ -124,8 +123,7 @@ export const projectMembershipDALFactory = (db: TDbClient) => {
 
   const findMembershipsByUsername = async (projectId: string, usernames: string[]) => {
     try {
-      const members = await db
-        .replicaNode()(TableName.ProjectMembership)
+      const members = await db(TableName.ProjectMembership)
         .where({ projectId })
         .join(TableName.Users, `${TableName.ProjectMembership}.userId`, `${TableName.Users}.id`)
         .join<TUserEncryptionKeys>(
@@ -151,8 +149,7 @@ export const projectMembershipDALFactory = (db: TDbClient) => {
 
   const findProjectMembershipsByUserId = async (orgId: string, userId: string) => {
     try {
-      const memberships = await db
-        .replicaNode()(TableName.ProjectMembership)
+      const memberships = await db(TableName.ProjectMembership)
         .where({ userId })
         .join(TableName.Project, `${TableName.ProjectMembership}.projectId`, `${TableName.Project}.id`)
         .where({ [`${TableName.Project}.orgId` as "orgId"]: orgId })

backend/src/services/project/project-dal.ts

@@ -14,8 +14,7 @@ export const projectDALFactory = (db: TDbClient) => {
 
   const findAllProjects = async (userId: string) => {
     try {
-      const workspaces = await db
-        .replicaNode()(TableName.ProjectMembership)
+      const workspaces = await db(TableName.ProjectMembership)
         .where({ userId })
         .join(TableName.Project, `${TableName.ProjectMembership}.projectId`, `${TableName.Project}.id`)
         .leftJoin(TableName.Environment, `${TableName.Environment}.projectId`, `${TableName.Project}.id`)
@@ -84,7 +83,7 @@ export const projectDALFactory = (db: TDbClient) => {
 
   const findProjectGhostUser = async (projectId: string, tx?: Knex) => {
     try {
-      const ghostUser = await (tx || db.replicaNode())(TableName.ProjectMembership)
+      const ghostUser = await (tx || db)(TableName.ProjectMembership)
         .where({ projectId })
         .join(TableName.Users, `${TableName.ProjectMembership}.userId`, `${TableName.Users}.id`)
         .select(selectAllTableCols(TableName.Users))
@@ -110,8 +109,7 @@ export const projectDALFactory = (db: TDbClient) => {
 
   const findAllProjectsByIdentity = async (identityId: string) => {
     try {
-      const workspaces = await db
-        .replicaNode()(TableName.IdentityProjectMembership)
+      const workspaces = await db(TableName.IdentityProjectMembership)
         .where({ identityId })
         .join(TableName.Project, `${TableName.IdentityProjectMembership}.projectId`, `${TableName.Project}.id`)
         .leftJoin(TableName.Environment, `${TableName.Environment}.projectId`, `${TableName.Project}.id`)
@@ -153,8 +151,7 @@ export const projectDALFactory = (db: TDbClient) => {
 
   const findProjectById = async (id: string) => {
     try {
-      const workspaces = await db
-        .replicaNode()(TableName.Project)
+      const workspaces = await db(TableName.Project)
         .where(`${TableName.Project}.id`, id)
         .leftJoin(TableName.Environment, `${TableName.Environment}.projectId`, `${TableName.Project}.id`)
         .select(
@@ -201,8 +198,7 @@ export const projectDALFactory = (db: TDbClient) => {
         throw new BadRequestError({ message: "Organization ID is required when querying with slugs" });
       }
 
-      const projects = await db
-        .replicaNode()(TableName.Project)
+      const projects = await db(TableName.Project)
         .where(`${TableName.Project}.slug`, slug)
         .where(`${TableName.Project}.orgId`, orgId)
         .leftJoin(TableName.Environment, `${TableName.Environment}.projectId`, `${TableName.Project}.id`)

backend/src/services/project/project-service.ts

@@ -11,7 +11,7 @@ import { isAtLeastAsPrivileged } from "@app/lib/casl";
 import { getConfig } from "@app/lib/config/env";
 import { createSecretBlindIndex } from "@app/lib/crypto";
 import { infisicalSymmetricEncypt } from "@app/lib/crypto/encryption";
-import { BadRequestError, ForbiddenRequestError, NotFoundError } from "@app/lib/errors";
+import { BadRequestError, ForbiddenRequestError } from "@app/lib/errors";
 import { alphaNumericNanoId } from "@app/lib/nanoid";
 import { TProjectPermission } from "@app/lib/types";
 
@@ -41,7 +41,6 @@ import {
   TListProjectCasDTO,
   TListProjectCertsDTO,
   TToggleProjectAutoCapitalizationDTO,
-  TUpdateAuditLogsRetentionDTO,
   TUpdateProjectDTO,
   TUpdateProjectNameDTO,
   TUpdateProjectVersionLimitDTO,
@@ -447,43 +446,6 @@ export const projectServiceFactory = ({
     return projectDAL.updateById(project.id, { pitVersionLimit });
   };
 
-  const updateAuditLogsRetention = async ({
-    actor,
-    actorId,
-    actorOrgId,
-    actorAuthMethod,
-    auditLogsRetentionDays,
-    workspaceSlug
-  }: TUpdateAuditLogsRetentionDTO) => {
-    const project = await projectDAL.findProjectBySlug(workspaceSlug, actorOrgId);
-    if (!project) {
-      throw new NotFoundError({
-        message: "Project not found."
-      });
-    }
-
-    const { hasRole } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      project.id,
-      actorAuthMethod,
-      actorOrgId
-    );
-
-    if (!hasRole(ProjectMembershipRole.Admin)) {
-      throw new BadRequestError({ message: "Only admins are allowed to take this action" });
-    }
-
-    const plan = await licenseService.getPlan(project.orgId);
-    if (!plan.auditLogs || auditLogsRetentionDays > plan.auditLogsRetentionDays) {
-      throw new BadRequestError({
-        message: "Failed to update audit logs retention due to plan limit reached. Upgrade plan to increase."
-      });
-    }
-
-    return projectDAL.updateById(project.id, { auditLogsRetentionDays });
-  };
-
   const updateName = async ({
     projectId,
     actor,
@@ -659,7 +621,6 @@ export const projectServiceFactory = ({
     upgradeProject,
     listProjectCas,
     listProjectCertificates,
-    updateVersionLimit,
-    updateAuditLogsRetention
+    updateVersionLimit
   };
 };

backend/src/services/project/project-types.ts

@@ -49,11 +49,6 @@ export type TUpdateProjectVersionLimitDTO = {
   workspaceSlug: string;
 } & Omit<TProjectPermission, "projectId">;
 
-export type TUpdateAuditLogsRetentionDTO = {
-  auditLogsRetentionDays: number;
-  workspaceSlug: string;
-} & Omit<TProjectPermission, "projectId">;
-
 export type TUpdateProjectNameDTO = {
   name: string;
 } & TProjectPermission;

backend/src/services/secret-blind-index/secret-blind-index-dal.ts

@@ -12,7 +12,7 @@ export const secretBlindIndexDALFactory = (db: TDbClient) => {
 
   const countOfSecretsWithNullSecretBlindIndex = async (projectId: string, tx?: Knex) => {
     try {
-      const doc = await (tx || db.replicaNode())(TableName.Secret)
+      const doc = await (tx || db)(TableName.Secret)
         .leftJoin(TableName.SecretFolder, `${TableName.SecretFolder}.id`, `${TableName.Secret}.folderId`)
         .leftJoin(TableName.Environment, `${TableName.Environment}.id`, `${TableName.SecretFolder}.envId`)
         .where({ projectId })
@@ -26,7 +26,7 @@ export const secretBlindIndexDALFactory = (db: TDbClient) => {
 
   const findAllSecretsByProjectId = async (projectId: string, tx?: Knex) => {
     try {
-      const docs = await (tx || db.replicaNode())(TableName.Secret)
+      const docs = await (tx || db)(TableName.Secret)
         .leftJoin(TableName.SecretFolder, `${TableName.SecretFolder}.id`, `${TableName.Secret}.folderId`)
         .leftJoin(TableName.Environment, `${TableName.Environment}.id`, `${TableName.SecretFolder}.envId`)
         .where({ projectId })
@@ -43,7 +43,7 @@ export const secretBlindIndexDALFactory = (db: TDbClient) => {
 
   const findSecretsByProjectId = async (projectId: string, secretIds: string[], tx?: Knex) => {
     try {
-      const docs = await (tx || db.replicaNode())(TableName.Secret)
+      const docs = await (tx || db)(TableName.Secret)
         .leftJoin(TableName.SecretFolder, `${TableName.SecretFolder}.id`, `${TableName.Secret}.folderId`)
         .leftJoin(TableName.Environment, `${TableName.Environment}.id`, `${TableName.SecretFolder}.envId`)
         .where({ projectId })

backend/src/services/secret-folder/secret-folder-dal.ts

@@ -211,12 +211,7 @@ export const secretFolderDALFactory = (db: TDbClient) => {
 
   const findBySecretPath = async (projectId: string, environment: string, path: string, tx?: Knex) => {
     try {
-      const folder = await sqlFindFolderByPathQuery(
-        tx || db.replicaNode(),
-        projectId,
-        environment,
-        removeTrailingSlash(path)
-      )
+      const folder = await sqlFindFolderByPathQuery(tx || db, projectId, environment, removeTrailingSlash(path))
         .orderBy("depth", "desc")
         .first();
       if (folder && folder.path !== removeTrailingSlash(path)) {
@@ -235,12 +230,7 @@ export const secretFolderDALFactory = (db: TDbClient) => {
   // it will stop automatically at /path2
   const findClosestFolder = async (projectId: string, environment: string, path: string, tx?: Knex) => {
     try {
-      const folder = await sqlFindFolderByPathQuery(
-        tx || db.replicaNode(),
-        projectId,
-        environment,
-        removeTrailingSlash(path)
-      )
+      const folder = await sqlFindFolderByPathQuery(tx || db, projectId, environment, removeTrailingSlash(path))
         .orderBy("depth", "desc")
         .first();
       if (!folder) return;
@@ -257,7 +247,7 @@ export const secretFolderDALFactory = (db: TDbClient) => {
         envId,
         secretPath: removeTrailingSlash(secretPath)
       }));
-      const folders = await sqlFindMultipleFolderByEnvPathQuery(tx || db.replicaNode(), formatedQuery);
+      const folders = await sqlFindMultipleFolderByEnvPathQuery(tx || db, formatedQuery);
       return formatedQuery.map(({ envId, secretPath }) =>
         folders.find(({ path: targetPath, envId: targetEnvId }) => targetPath === secretPath && targetEnvId === envId)
       );
@@ -270,7 +260,7 @@ export const secretFolderDALFactory = (db: TDbClient) => {
   // that is instances in which for a given folderid find the secret path
   const findSecretPathByFolderIds = async (projectId: string, folderIds: string[], tx?: Knex) => {
     try {
-      const folders = await sqlFindSecretPathByFolderId(tx || db.replicaNode(), projectId, folderIds);
+      const folders = await sqlFindSecretPathByFolderId(tx || db, projectId, folderIds);
 
       //  travelling all the way from leaf node to root contains real path
       const rootFolders = groupBy(
@@ -309,7 +299,7 @@ export const secretFolderDALFactory = (db: TDbClient) => {
 
   const findById = async (id: string, tx?: Knex) => {
     try {
-      const folder = await (tx || db.replicaNode())(TableName.SecretFolder)
+      const folder = await (tx || db)(TableName.SecretFolder)
         .where({ [`${TableName.SecretFolder}.id` as "id"]: id })
         .join(TableName.Environment, `${TableName.SecretFolder}.envId`, `${TableName.Environment}.id`)
         .select(selectAllTableCols(TableName.SecretFolder))

backend/src/services/secret-folder/secret-folder-version-dal.ts

@@ -13,7 +13,7 @@ export const secretFolderVersionDALFactory = (db: TDbClient) => {
   // This will fetch all latest secret versions from a folder
   const findLatestVersionByFolderId = async (folderId: string, tx?: Knex) => {
     try {
-      const docs = await (tx || db.replicaNode())(TableName.SecretFolderVersion)
+      const docs = await (tx || db)(TableName.SecretFolderVersion)
         .join(TableName.SecretFolder, `${TableName.SecretFolderVersion}.folderId`, `${TableName.SecretFolder}.id`)
         .where({ parentId: folderId, isReserved: false })
         .join<TSecretFolderVersions>(
@@ -38,9 +38,7 @@ export const secretFolderVersionDALFactory = (db: TDbClient) => {
 
   const findLatestFolderVersions = async (folderIds: string[], tx?: Knex) => {
     try {
-      const docs: Array<TSecretFolderVersions & { max: number }> = await (tx || db.replicaNode())(
-        TableName.SecretFolderVersion
-      )
+      const docs: Array<TSecretFolderVersions & { max: number }> = await (tx || db)(TableName.SecretFolderVersion)
         .whereIn("folderId", folderIds)
         .join(
           (tx || db)(TableName.SecretFolderVersion)

backend/src/services/secret-import/secret-import-dal.ts

@@ -51,7 +51,7 @@ export const secretImportDALFactory = (db: TDbClient) => {
 
   const find = async (filter: Partial<TSecretImports & { projectId: string }>, tx?: Knex) => {
     try {
-      const docs = await (tx || db.replicaNode())(TableName.SecretImport)
+      const docs = await (tx || db)(TableName.SecretImport)
         .where(filter)
         .join(TableName.Environment, `${TableName.SecretImport}.importEnv`, `${TableName.Environment}.id`)
         .select(
@@ -72,7 +72,7 @@ export const secretImportDALFactory = (db: TDbClient) => {
 
   const findByFolderIds = async (folderIds: string[], tx?: Knex) => {
     try {
-      const docs = await (tx || db.replicaNode())(TableName.SecretImport)
+      const docs = await (tx || db)(TableName.SecretImport)
         .whereIn("folderId", folderIds)
         .where("isReplication", false)
         .join(TableName.Environment, `${TableName.SecretImport}.importEnv`, `${TableName.Environment}.id`)

backend/src/services/secret-tag/secret-tag-dal.ts

@@ -13,7 +13,7 @@ export const secretTagDALFactory = (db: TDbClient) => {
 
   const findManyTagsById = async (projectId: string, ids: string[], tx?: Knex) => {
     try {
-      const tags = await (tx || db.replicaNode())(TableName.SecretTag).where({ projectId }).whereIn("id", ids);
+      const tags = await (tx || db)(TableName.SecretTag).where({ projectId }).whereIn("id", ids);
       return tags;
     } catch (error) {
       throw new DatabaseError({ error, name: "Find all by ids" });

backend/src/services/secret/secret-dal.ts

@@ -114,7 +114,7 @@ export const secretDALFactory = (db: TDbClient) => {
         userId = undefined;
       }
 
-      const secs = await (tx || db.replicaNode())(TableName.Secret)
+      const secs = await (tx || db)(TableName.Secret)
         .where({ folderId })
         .where((bd) => {
           void bd.whereNull("userId").orWhere({ userId: userId || null });
@@ -152,7 +152,7 @@ export const secretDALFactory = (db: TDbClient) => {
 
   const getSecretTags = async (secretId: string, tx?: Knex) => {
     try {
-      const tags = await (tx || db.replicaNode())(TableName.JnSecretTag)
+      const tags = await (tx || db)(TableName.JnSecretTag)
         .join(TableName.SecretTag, `${TableName.JnSecretTag}.${TableName.SecretTag}Id`, `${TableName.SecretTag}.id`)
         .where({ [`${TableName.Secret}Id` as const]: secretId })
         .select(db.ref("id").withSchema(TableName.SecretTag).as("tagId"))
@@ -179,7 +179,7 @@ export const secretDALFactory = (db: TDbClient) => {
         userId = undefined;
       }
 
-      const secs = await (tx || db.replicaNode())(TableName.Secret)
+      const secs = await (tx || db)(TableName.Secret)
         .whereIn("folderId", folderIds)
         .where((bd) => {
           void bd.whereNull("userId").orWhere({ userId: userId || null });
@@ -223,7 +223,7 @@ export const secretDALFactory = (db: TDbClient) => {
   ) => {
     if (!blindIndexes.length) return [];
     try {
-      const secrets = await (tx || db.replicaNode())(TableName.Secret)
+      const secrets = await (tx || db)(TableName.Secret)
         .where({ folderId })
         .where((bd) => {
           blindIndexes.forEach((el) => {
@@ -278,7 +278,7 @@ export const secretDALFactory = (db: TDbClient) => {
 
   const findReferencedSecretReferences = async (projectId: string, envSlug: string, secretPath: string, tx?: Knex) => {
     try {
-      const docs = await (tx || db.replicaNode())(TableName.SecretReference)
+      const docs = await (tx || db)(TableName.SecretReference)
         .where({
           secretPath,
           environment: envSlug
@@ -298,7 +298,7 @@ export const secretDALFactory = (db: TDbClient) => {
   // special query to backfill secret value
   const findAllProjectSecretValues = async (projectId: string, tx?: Knex) => {
     try {
-      const docs = await (tx || db.replicaNode())(TableName.Secret)
+      const docs = await (tx || db)(TableName.Secret)
         .join(TableName.SecretFolder, `${TableName.Secret}.folderId`, `${TableName.SecretFolder}.id`)
         .join(TableName.Environment, `${TableName.SecretFolder}.envId`, `${TableName.Environment}.id`)
         .where("projectId", projectId)
@@ -313,7 +313,7 @@ export const secretDALFactory = (db: TDbClient) => {
 
   const findOneWithTags = async (filter: Partial<TSecrets>, tx?: Knex) => {
     try {
-      const rawDocs = await (tx || db.replicaNode())(TableName.Secret)
+      const rawDocs = await (tx || db)(TableName.Secret)
         .where(filter)
         .leftJoin(TableName.JnSecretTag, `${TableName.Secret}.id`, `${TableName.JnSecretTag}.${TableName.Secret}Id`)
         .leftJoin(TableName.SecretTag, `${TableName.JnSecretTag}.${TableName.SecretTag}Id`, `${TableName.SecretTag}.id`)

backend/src/services/secret/secret-queue.ts

@@ -525,18 +525,6 @@ export const secretQueueFactory = ({
 
       const botKey = await projectBotService.getBotKey(projectId);
       const { accessToken, accessId } = await integrationAuthService.getIntegrationAccessToken(integrationAuth, botKey);
-      const awsAssumeRoleArn =
-        integrationAuth.awsAssumeIamRoleArnTag &&
-        integrationAuth.awsAssumeIamRoleArnIV &&
-        integrationAuth.awsAssumeIamRoleArnCipherText
-          ? decryptSymmetric128BitHexKeyUTF8({
-              ciphertext: integrationAuth.awsAssumeIamRoleArnCipherText,
-              iv: integrationAuth.awsAssumeIamRoleArnIV,
-              tag: integrationAuth.awsAssumeIamRoleArnTag,
-              key: botKey
-            })
-          : null;
-
       const secrets = await getIntegrationSecrets({
         environment,
         projectId,
@@ -556,8 +544,6 @@ export const secretQueueFactory = ({
       }
 
       try {
-        // akhilmhdh: this needs to changed later to be more easier to use
-        // at present this is not at all extendable like to add a new parameter for just one integration need to modify multiple places
         const response = await syncIntegrationSecrets({
           createManySecretsRawFn,
           updateManySecretsRawFn,
@@ -566,9 +552,7 @@ export const secretQueueFactory = ({
           integrationAuth,
           secrets: Object.keys(suffixedSecrets).length !== 0 ? suffixedSecrets : secrets,
           accessId: accessId as string,
-          awsAssumeRoleArn,
           accessToken,
-          projectId,
           appendices: {
             prefix: metadata?.secretPrefix || "",
             suffix: metadata?.secretSuffix || ""