Removed: user_management feature flag

internal/controlplane/handlers_authz.go

@@ -310,26 +310,24 @@
 		}
 	}
 
-	if flags.Bool(ctx, s.featureFlags, flags.UserManagement) {
-		// Add invitations, which are only stored in the Minder DB
-		projectInvites, err := s.store.ListInvitationsForProject(ctx, targetProject)
-		if err != nil {
-			// return the information we can and log the error
-			zerolog.Ctx(ctx).Error().Err(err).Msg("error getting invitations")
-		}
-		for _, i := range projectInvites {
-			invitations = append(invitations, &minder.Invitation{
-				Role:           i.Role,
-				Email:          i.Email,
-				Project:        targetProject.String(),
-				CreatedAt:      timestamppb.New(i.CreatedAt),
-				ExpiresAt:      invites.GetExpireIn7Days(i.UpdatedAt),
-				Expired:        invites.IsExpired(i.UpdatedAt),
-				Sponsor:        i.IdentitySubject,
-				SponsorDisplay: mapIdToDisplay[i.IdentitySubject],
-				// Code is explicitly not returned here
-			})
-		}
+	// Add invitations, which are only stored in the Minder DB
+	projectInvites, err := s.store.ListInvitationsForProject(ctx, targetProject)
+	if err != nil {
+		// return the information we can and log the error
+		zerolog.Ctx(ctx).Error().Err(err).Msg("error getting invitations")
+	}
+	for _, i := range projectInvites {
+		invitations = append(invitations, &minder.Invitation{
+			Role:           i.Role,
+			Email:          i.Email,
+			Project:        targetProject.String(),
+			CreatedAt:      timestamppb.New(i.CreatedAt),
+			ExpiresAt:      invites.GetExpireIn7Days(i.UpdatedAt),
+			Expired:        invites.IsExpired(i.UpdatedAt),
+			Sponsor:        i.IdentitySubject,
+			SponsorDisplay: mapIdToDisplay[i.IdentitySubject],
+			// Code is explicitly not returned here
+		})
 	}
 
 	return &minder.ListRoleAssignmentsResponse{
@@ -375,27 +373,25 @@
 
 	// Decide if it's an invitation or a role assignment
 	if sub == "" && inviteeEmail != "" {
-		if flags.Bool(ctx, s.featureFlags, flags.UserManagement) {
-			invitation, err := db.WithTransaction(s.store, func(qtx db.ExtendQuerier) (*minder.Invitation, error) {
-				return s.invites.CreateInvite(ctx, qtx, s.evt, s.cfg.Email, targetProject, authzRole, inviteeEmail)
-			})
-			if err != nil {
-				return nil, err
-			}
-
-			return &minder.AssignRoleResponse{
-				// Leaving the role assignment empty as it's an invitation
-				Invitation: invitation,
-			}, nil
+		invitation, err := db.WithTransaction(s.store, func(qtx db.ExtendQuerier) (*minder.Invitation, error) {
+			return s.invites.CreateInvite(ctx, qtx, s.evt, s.cfg.Email, targetProject, authzRole, inviteeEmail)
+		})
+		if err != nil {
+			return nil, err
 		}
+
+		return &minder.AssignRoleResponse{
+			// Leaving the role assignment empty as it's an invitation
+			Invitation: invitation,
+		}, nil
 		return nil, util.UserVisibleError(codes.Unimplemented, "user management is not enabled")
 	} else if sub != "" && inviteeEmail == "" {
 		identity, err := s.idClient.Resolve(ctx, sub)
 		if err != nil || identity == nil {
 			return nil, util.UserVisibleError(codes.NotFound, "could not find identity %q", sub)
 		}
 		isMachine := identity.Provider.String() != ""
-		if !isMachine && flags.Bool(ctx, s.featureFlags, flags.UserManagement) {
+		if !isMachine {
 			return nil, util.UserVisibleError(codes.Unimplemented, "human users may only be added by invitation")
 		}
 		if isMachine && !flags.Bool(ctx, s.featureFlags, flags.MachineAccounts) {
@@ -433,19 +429,18 @@
 
 	// Validate the subject and email - decide if it's about removing an invitation or a role assignment
 	if sub == "" && inviteeEmail != "" {
-		if flags.Bool(ctx, s.featureFlags, flags.UserManagement) {
-			deletedInvitation, err := db.WithTransaction(s.store, func(qtx db.ExtendQuerier) (*minder.Invitation, error) {
-				return s.invites.RemoveInvite(ctx, qtx, s.idClient, targetProject, authzRole, inviteeEmail)
-			})
-			if err != nil {
-				return nil, err
-			}
-
-			return &minder.RemoveRoleResponse{
-				Invitation: deletedInvitation,
-			}, nil
+		deletedInvitation, err := db.WithTransaction(s.store, func(qtx db.ExtendQuerier) (*minder.Invitation, error) {
+			return s.invites.RemoveInvite(ctx, qtx, s.idClient, targetProject, authzRole, inviteeEmail)
+		})
+		if err != nil {
+			return nil, err
 		}
+
+		return &minder.RemoveRoleResponse{
+			Invitation: deletedInvitation,
+		}, nil
+
 		return nil, util.UserVisibleError(codes.Unimplemented, "user management is not enabled")
 	} else if sub != "" && inviteeEmail == "" {
 		// If there's a subject, we assume it's a role assignment
 		deletedRoleAssignment, err := db.WithTransaction(s.store, func(qtx db.ExtendQuerier) (*minder.RoleAssignment, error) {
@@ -489,21 +484,20 @@
 
 	// Validate the subject and email - decide if it's about updating an invitation or a role assignment
 	if sub == "" && inviteeEmail != "" {
-		if flags.Bool(ctx, s.featureFlags, flags.UserManagement) {
-			updatedInvitation, err := db.WithTransaction(s.store, func(qtx db.ExtendQuerier) (*minder.Invitation, error) {
-				return s.invites.UpdateInvite(ctx, qtx, s.evt, s.cfg.Email, targetProject, authzRole, inviteeEmail)
-			})
-			if err != nil {
-				return nil, err
-			}
-
-			return &minder.UpdateRoleResponse{
-				Invitations: []*minder.Invitation{
-					updatedInvitation,
-				},
-			}, nil
+		updatedInvitation, err := db.WithTransaction(s.store, func(qtx db.ExtendQuerier) (*minder.Invitation, error) {
+			return s.invites.UpdateInvite(ctx, qtx, s.evt, s.cfg.Email, targetProject, authzRole, inviteeEmail)
+		})
+		if err != nil {
+			return nil, err
 		}
+
+		return &minder.UpdateRoleResponse{
+			Invitations: []*minder.Invitation{
+				updatedInvitation,
+			},
+		}, nil
+
 		return nil, util.UserVisibleError(codes.Unimplemented, "user management is not enabled")
 	} else if sub != "" && inviteeEmail == "" {
 		// If there's a subject, we assume it's a role assignment update
 		updatedAssignment, err := db.WithTransaction(s.store, func(qtx db.ExtendQuerier) (*minder.RoleAssignment, error) {

internal/controlplane/handlers_user.go

@@ -29,7 +29,6 @@ import (
 	"github.com/mindersec/minder/internal/projects"
 	"github.com/mindersec/minder/internal/util"
 	pb "github.com/mindersec/minder/pkg/api/protobuf/go/minder/v1"
-	"github.com/mindersec/minder/pkg/flags"
 )
 
 // CreateUser is a service for user self registration
@@ -307,10 +306,7 @@ func (s *Server) GetUser(ctx context.Context, _ *pb.GetUserRequest) (*pb.GetUser
 
 // ListInvitations is a service for listing invitations.
 func (s *Server) ListInvitations(ctx context.Context, _ *pb.ListInvitationsRequest) (*pb.ListInvitationsResponse, error) {
-	// Check if the UserManagement feature is enabled
-	if !flags.Bool(ctx, s.featureFlags, flags.UserManagement) {
-		return nil, status.Error(codes.Unimplemented, "feature not enabled")
-	}
+
 	invitations := make([]*pb.Invitation, 0)
 
 	// Extracts the user email from the token
@@ -367,10 +363,6 @@ func (s *Server) ListInvitations(ctx context.Context, _ *pb.ListInvitationsReque
 
 // ResolveInvitation is a service for resolving an invitation.
 func (s *Server) ResolveInvitation(ctx context.Context, req *pb.ResolveInvitationRequest) (*pb.ResolveInvitationResponse, error) {
-	// Check if the UserManagement feature is enabled
-	if !flags.Bool(ctx, s.featureFlags, flags.UserManagement) {
-		return nil, status.Error(codes.Unimplemented, "feature not enabled")
-	}
 
 	tx, err := s.store.BeginTransaction()
 	if err != nil {

pkg/flags/constants.go

@@ -4,8 +4,6 @@
 package flags
 
 const (
-	// UserManagement enables user management, i.e. invitations, role assignments, etc.
-	UserManagement Experiment = "user_management"
 	// DockerHubProvider enables the DockerHub provider.
 	DockerHubProvider Experiment = "dockerhub_provider"
 	// GitLabProvider enables the GitLab provider.