[PM-26426] [PM-26427] Remove feature flag - policy validators/requirements refactor (#6674)

* chore: remove ff from PoliciesController, refs PM-26426 * chore: remove ff from public PoliciesController, refs PM-26426 * chore: remove ff from VerifyOrganizationDomainCommands, refs PM-26426 * chore: remove ff from SsoConfigService, refs PM-26426 * chore: remove ff from public PoliciesControllerTests, refs PM-26426 * chore: remove ff from PoliciesControllerTests, refs PM-26426 * chore: remove ff from VerifyOrganizationDomainCommandTests, refs PM-26426 * chore: remove ff from SsoConfigServiceTests, refs PM-26426 * chore: remove ff definition, refs PM-26427 * chore: dotnet format * chore: remove unused constructor parameters, refs PM-26426 * chore: fix failing tests for VerifyOrganizationDomainCommandTests and SsoConfigServiceTests, refs PM-26426
2025-12-06 00:03:34 +00:00 · 2025-12-03 10:42:54 -06:00
parent 1566a6d587
commit ded1c58c27
9 changed files with 65 additions and 218 deletions
--- a/src/Api/AdminConsole/Controllers/PoliciesController.cs
+++ b/src/Api/AdminConsole/Controllers/PoliciesController.cs
@@ -42,7 +42,6 @@ public class PoliciesController : Controller
    private readonly IDataProtectorTokenFactory<OrgUserInviteTokenable> _orgUserInviteTokenDataFactory;
    private readonly IPolicyRepository _policyRepository;
    private readonly IUserService _userService;
-    private readonly IFeatureService _featureService;
    private readonly ISavePolicyCommand _savePolicyCommand;
    private readonly IVNextSavePolicyCommand _vNextSavePolicyCommand;

@@ -55,7 +54,6 @@ public class PoliciesController : Controller
        IDataProtectorTokenFactory<OrgUserInviteTokenable> orgUserInviteTokenDataFactory,
        IOrganizationHasVerifiedDomainsQuery organizationHasVerifiedDomainsQuery,
        IOrganizationRepository organizationRepository,
-        IFeatureService featureService,
        ISavePolicyCommand savePolicyCommand,
        IVNextSavePolicyCommand vNextSavePolicyCommand)
    {
@@ -69,7 +67,6 @@ public class PoliciesController : Controller
        _organizationRepository = organizationRepository;
        _orgUserInviteTokenDataFactory = orgUserInviteTokenDataFactory;
        _organizationHasVerifiedDomainsQuery = organizationHasVerifiedDomainsQuery;
-        _featureService = featureService;
        _savePolicyCommand = savePolicyCommand;
        _vNextSavePolicyCommand = vNextSavePolicyCommand;
    }
@@ -221,9 +218,7 @@ public class PoliciesController : Controller
    {
        var savePolicyRequest = await model.ToSavePolicyModelAsync(orgId, type, _currentContext);

-        var policy = _featureService.IsEnabled(FeatureFlagKeys.PolicyValidatorsRefactor) ?
-            await _vNextSavePolicyCommand.SaveAsync(savePolicyRequest) :
-            await _savePolicyCommand.VNextSaveAsync(savePolicyRequest);
+        var policy = await _vNextSavePolicyCommand.SaveAsync(savePolicyRequest);

        return new PolicyResponseModel(policy);
    }
--- a/src/Api/AdminConsole/Public/Controllers/PoliciesController.cs
+++ b/src/Api/AdminConsole/Public/Controllers/PoliciesController.cs
@@ -5,15 +5,10 @@ using System.Net;
 using Bit.Api.AdminConsole.Public.Models.Request;
 using Bit.Api.AdminConsole.Public.Models.Response;
 using Bit.Api.Models.Public.Response;
-using Bit.Core;
-using Bit.Core.AdminConsole.Entities;
 using Bit.Core.AdminConsole.Enums;
-using Bit.Core.AdminConsole.OrganizationFeatures.Policies;
 using Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyUpdateEvents.Interfaces;
 using Bit.Core.AdminConsole.Repositories;
-using Bit.Core.AdminConsole.Services;
 using Bit.Core.Context;
-using Bit.Core.Services;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;

@@ -24,25 +19,16 @@ namespace Bit.Api.AdminConsole.Public.Controllers;
 public class PoliciesController : Controller
 {
    private readonly IPolicyRepository _policyRepository;
-    private readonly IPolicyService _policyService;
    private readonly ICurrentContext _currentContext;
-    private readonly IFeatureService _featureService;
-    private readonly ISavePolicyCommand _savePolicyCommand;
    private readonly IVNextSavePolicyCommand _vNextSavePolicyCommand;

    public PoliciesController(
        IPolicyRepository policyRepository,
-        IPolicyService policyService,
        ICurrentContext currentContext,
-        IFeatureService featureService,
-        ISavePolicyCommand savePolicyCommand,
        IVNextSavePolicyCommand vNextSavePolicyCommand)
    {
        _policyRepository = policyRepository;
-        _policyService = policyService;
        _currentContext = currentContext;
-        _featureService = featureService;
-        _savePolicyCommand = savePolicyCommand;
        _vNextSavePolicyCommand = vNextSavePolicyCommand;
    }

@@ -96,18 +82,9 @@ public class PoliciesController : Controller
    [ProducesResponseType(typeof(ErrorResponseModel), (int)HttpStatusCode.BadRequest)]
    [ProducesResponseType((int)HttpStatusCode.NotFound)]
    public async Task<IActionResult> Put(PolicyType type, [FromBody] PolicyUpdateRequestModel model)
-    {
-        Policy policy;
-        if (_featureService.IsEnabled(FeatureFlagKeys.PolicyValidatorsRefactor))
    {
        var savePolicyModel = model.ToSavePolicyModel(_currentContext.OrganizationId!.Value, type);
-            policy = await _vNextSavePolicyCommand.SaveAsync(savePolicyModel);
-        }
-        else
-        {
-            var policyUpdate = model.ToPolicyUpdate(_currentContext.OrganizationId!.Value, type);
-            policy = await _savePolicyCommand.SaveAsync(policyUpdate);
-        }
+        var policy = await _vNextSavePolicyCommand.SaveAsync(savePolicyModel);

        var response = new PolicyResponseModel(policy);
        return new JsonResult(response);
--- a/src/Core/AdminConsole/OrganizationFeatures/OrganizationDomains/VerifyOrganizationDomainCommand.cs
+++ b/src/Core/AdminConsole/OrganizationFeatures/OrganizationDomains/VerifyOrganizationDomainCommand.cs
@@ -4,7 +4,6 @@
 using Bit.Core.AdminConsole.Enums;
 using Bit.Core.AdminConsole.Models.Data;
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationDomains.Interfaces;
-using Bit.Core.AdminConsole.OrganizationFeatures.Policies;
 using Bit.Core.AdminConsole.OrganizationFeatures.Policies.Models;
 using Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyUpdateEvents.Interfaces;
 using Bit.Core.Context;
@@ -25,8 +24,6 @@ public class VerifyOrganizationDomainCommand(
    IEventService eventService,
    IGlobalSettings globalSettings,
    ICurrentContext currentContext,
-    IFeatureService featureService,
-    ISavePolicyCommand savePolicyCommand,
    IVNextSavePolicyCommand vNextSavePolicyCommand,
    IMailService mailService,
    IOrganizationUserRepository organizationUserRepository,
@@ -144,16 +141,9 @@ public class VerifyOrganizationDomainCommand(
            PerformedBy = actingUser
        };

-        if (featureService.IsEnabled(FeatureFlagKeys.PolicyValidatorsRefactor))
-        {
        var savePolicyModel = new SavePolicyModel(policyUpdate, actingUser);
        await vNextSavePolicyCommand.SaveAsync(savePolicyModel);
    }
-        else
-        {
-            await savePolicyCommand.SaveAsync(policyUpdate);
-        }
-    }

    private async Task SendVerifiedDomainUserEmailAsync(OrganizationDomain domain)
    {
--- a/src/Core/Auth/Services/Implementations/SsoConfigService.cs
+++ b/src/Core/Auth/Services/Implementations/SsoConfigService.cs
@@ -5,7 +5,6 @@ using Bit.Core.AdminConsole.Entities;
 using Bit.Core.AdminConsole.Enums;
 using Bit.Core.AdminConsole.Models.Data;
 using Bit.Core.AdminConsole.Models.Data.Organizations.Policies;
-using Bit.Core.AdminConsole.OrganizationFeatures.Policies;
 using Bit.Core.AdminConsole.OrganizationFeatures.Policies.Models;
 using Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyUpdateEvents.Interfaces;
 using Bit.Core.AdminConsole.Repositories;
@@ -26,8 +25,6 @@ public class SsoConfigService : ISsoConfigService
    private readonly IOrganizationRepository _organizationRepository;
    private readonly IOrganizationUserRepository _organizationUserRepository;
    private readonly IEventService _eventService;
-    private readonly IFeatureService _featureService;
-    private readonly ISavePolicyCommand _savePolicyCommand;
    private readonly IVNextSavePolicyCommand _vNextSavePolicyCommand;

    public SsoConfigService(
@@ -36,8 +33,6 @@ public class SsoConfigService : ISsoConfigService
        IOrganizationRepository organizationRepository,
        IOrganizationUserRepository organizationUserRepository,
        IEventService eventService,
-        IFeatureService featureService,
-        ISavePolicyCommand savePolicyCommand,
        IVNextSavePolicyCommand vNextSavePolicyCommand)
    {
        _ssoConfigRepository = ssoConfigRepository;
@@ -45,8 +40,6 @@ public class SsoConfigService : ISsoConfigService
        _organizationRepository = organizationRepository;
        _organizationUserRepository = organizationUserRepository;
        _eventService = eventService;
-        _featureService = featureService;
-        _savePolicyCommand = savePolicyCommand;
        _vNextSavePolicyCommand = vNextSavePolicyCommand;
    }

@@ -97,20 +90,11 @@ public class SsoConfigService : ISsoConfigService
                Enabled = true
            };

-            if (_featureService.IsEnabled(FeatureFlagKeys.PolicyValidatorsRefactor))
-            {
            var performedBy = new SystemUser(EventSystemUser.Unknown);
            await _vNextSavePolicyCommand.SaveAsync(new SavePolicyModel(singleOrgPolicy, performedBy));
            await _vNextSavePolicyCommand.SaveAsync(new SavePolicyModel(resetPasswordPolicy, performedBy));
            await _vNextSavePolicyCommand.SaveAsync(new SavePolicyModel(requireSsoPolicy, performedBy));
        }
-            else
-            {
-                await _savePolicyCommand.SaveAsync(singleOrgPolicy);
-                await _savePolicyCommand.SaveAsync(resetPasswordPolicy);
-                await _savePolicyCommand.SaveAsync(requireSsoPolicy);
-            }
-        }

        await LogEventsAsync(config, oldConfig);
        await _ssoConfigRepository.UpsertAsync(config);
--- a/src/Core/Constants.cs
+++ b/src/Core/Constants.cs
@@ -141,7 +141,6 @@ public static class FeatureFlagKeys
    public const string AutomaticConfirmUsers = "pm-19934-auto-confirm-organization-users";
    public const string PM23845_VNextApplicationCache = "pm-24957-refactor-memory-application-cache";
    public const string BlockClaimedDomainAccountCreation = "pm-28297-block-uninvited-claimed-domain-registration";
-    public const string PolicyValidatorsRefactor = "pm-26423-refactor-policy-side-effects";
    public const string IncreaseBulkReinviteLimitForCloud = "pm-28251-increase-bulk-reinvite-limit-for-cloud";

    /* Architecture */
--- a/test/Api.Test/AdminConsole/Public/Controllers/PoliciesControllerTests.cs
+++ b/test/Api.Test/AdminConsole/Public/Controllers/PoliciesControllerTests.cs
@@ -1,14 +1,11 @@
 using Bit.Api.AdminConsole.Public.Controllers;
 using Bit.Api.AdminConsole.Public.Models.Request;
-using Bit.Core;
 using Bit.Core.AdminConsole.Entities;
 using Bit.Core.AdminConsole.Enums;
 using Bit.Core.AdminConsole.Models.Data;
-using Bit.Core.AdminConsole.OrganizationFeatures.Policies;
 using Bit.Core.AdminConsole.OrganizationFeatures.Policies.Models;
 using Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyUpdateEvents.Interfaces;
 using Bit.Core.Context;
-using Bit.Core.Services;
 using Bit.Test.Common.AutoFixture;
 using Bit.Test.Common.AutoFixture.Attributes;
 using NSubstitute;
@@ -22,7 +19,7 @@ public class PoliciesControllerTests
 {
    [Theory]
    [BitAutoData]
-    public async Task Put_WhenPolicyValidatorsRefactorEnabled_UsesVNextSavePolicyCommand(
+    public async Task Put_UsesVNextSavePolicyCommand(
        Guid organizationId,
        PolicyType policyType,
        PolicyUpdateRequestModel model,
@@ -33,9 +30,6 @@ public class PoliciesControllerTests
        policy.Data = null;
        sutProvider.GetDependency<ICurrentContext>()
            .OrganizationId.Returns(organizationId);
-        sutProvider.GetDependency<IFeatureService>()
-            .IsEnabled(FeatureFlagKeys.PolicyValidatorsRefactor)
-            .Returns(true);
        sutProvider.GetDependency<IVNextSavePolicyCommand>()
            .SaveAsync(Arg.Any<SavePolicyModel>())
            .Returns(policy);
@@ -52,36 +46,4 @@ public class PoliciesControllerTests
                m.PolicyUpdate.Enabled == model.Enabled.GetValueOrDefault() &&
                m.PerformedBy is SystemUser));
    }
-
-    [Theory]
-    [BitAutoData]
-    public async Task Put_WhenPolicyValidatorsRefactorDisabled_UsesLegacySavePolicyCommand(
-        Guid organizationId,
-        PolicyType policyType,
-        PolicyUpdateRequestModel model,
-        Policy policy,
-        SutProvider<PoliciesController> sutProvider)
-    {
-        // Arrange
-        policy.Data = null;
-        sutProvider.GetDependency<ICurrentContext>()
-            .OrganizationId.Returns(organizationId);
-        sutProvider.GetDependency<IFeatureService>()
-            .IsEnabled(FeatureFlagKeys.PolicyValidatorsRefactor)
-            .Returns(false);
-        sutProvider.GetDependency<ISavePolicyCommand>()
-            .SaveAsync(Arg.Any<PolicyUpdate>())
-            .Returns(policy);
-
-        // Act
-        await sutProvider.Sut.Put(policyType, model);
-
-        // Assert
-        await sutProvider.GetDependency<ISavePolicyCommand>()
-            .Received(1)
-            .SaveAsync(Arg.Is<PolicyUpdate>(p =>
-                p.OrganizationId == organizationId &&
-                p.Type == policyType &&
-                p.Enabled == model.Enabled));
-    }
 }
--- a/test/Api.Test/Controllers/PoliciesControllerTests.cs
+++ b/test/Api.Test/Controllers/PoliciesControllerTests.cs
@@ -3,7 +3,6 @@ using System.Text.Json;
 using Bit.Api.AdminConsole.Controllers;
 using Bit.Api.AdminConsole.Models.Request;
 using Bit.Api.AdminConsole.Models.Response.Organizations;
-using Bit.Core;
 using Bit.Core.AdminConsole.Entities;
 using Bit.Core.AdminConsole.Enums;
 using Bit.Core.AdminConsole.Models.Data.Organizations.Policies;
@@ -302,7 +301,8 @@ public class PoliciesControllerTests
        var decryptedToken = Substitute.For<OrgUserInviteTokenable>();
        decryptedToken.Valid.Returns(false);

-        var orgUserInviteTokenDataFactory = sutProvider.GetDependency<IDataProtectorTokenFactory<OrgUserInviteTokenable>>();
+        var orgUserInviteTokenDataFactory =
+            sutProvider.GetDependency<IDataProtectorTokenFactory<OrgUserInviteTokenable>>();

        orgUserInviteTokenDataFactory.TryUnprotect(token, out Arg.Any<OrgUserInviteTokenable>())
            .Returns(x =>
@@ -338,7 +338,8 @@ public class PoliciesControllerTests
        decryptedToken.OrgUserId = organizationUserId;
        decryptedToken.OrgUserEmail = email;

-        var orgUserInviteTokenDataFactory = sutProvider.GetDependency<IDataProtectorTokenFactory<OrgUserInviteTokenable>>();
+        var orgUserInviteTokenDataFactory =
+            sutProvider.GetDependency<IDataProtectorTokenFactory<OrgUserInviteTokenable>>();

        orgUserInviteTokenDataFactory.TryUnprotect(token, out Arg.Any<OrgUserInviteTokenable>())
            .Returns(x =>
@@ -379,7 +380,8 @@ public class PoliciesControllerTests
        decryptedToken.OrgUserId = organizationUserId;
        decryptedToken.OrgUserEmail = email;

-        var orgUserInviteTokenDataFactory = sutProvider.GetDependency<IDataProtectorTokenFactory<OrgUserInviteTokenable>>();
+        var orgUserInviteTokenDataFactory =
+            sutProvider.GetDependency<IDataProtectorTokenFactory<OrgUserInviteTokenable>>();

        orgUserInviteTokenDataFactory.TryUnprotect(token, out Arg.Any<OrgUserInviteTokenable>())
            .Returns(x =>
@@ -422,7 +424,8 @@ public class PoliciesControllerTests
        decryptedToken.OrgUserId = organizationUserId;
        decryptedToken.OrgUserEmail = email;

-        var orgUserInviteTokenDataFactory = sutProvider.GetDependency<IDataProtectorTokenFactory<OrgUserInviteTokenable>>();
+        var orgUserInviteTokenDataFactory =
+            sutProvider.GetDependency<IDataProtectorTokenFactory<OrgUserInviteTokenable>>();

        orgUserInviteTokenDataFactory.TryUnprotect(token, out Arg.Any<OrgUserInviteTokenable>())
            .Returns(x =>
@@ -463,7 +466,7 @@ public class PoliciesControllerTests

    [Theory]
    [BitAutoData]
-    public async Task PutVNext_WhenPolicyValidatorsRefactorEnabled_UsesVNextSavePolicyCommand(
+    public async Task PutVNext_UsesVNextSavePolicyCommand(
        SutProvider<PoliciesController> sutProvider, Guid orgId,
        SavePolicyRequest model, Policy policy, Guid userId)
    {
@@ -478,10 +481,6 @@ public class PoliciesControllerTests
            .OrganizationOwner(orgId)
            .Returns(true);

-        sutProvider.GetDependency<IFeatureService>()
-            .IsEnabled(FeatureFlagKeys.PolicyValidatorsRefactor)
-            .Returns(true);
-
        sutProvider.GetDependency<IVNextSavePolicyCommand>()
            .SaveAsync(Arg.Any<SavePolicyModel>())
            .Returns(policy);
@@ -492,8 +491,7 @@ public class PoliciesControllerTests
        // Assert
        await sutProvider.GetDependency<IVNextSavePolicyCommand>()
            .Received(1)
-            .SaveAsync(Arg.Is<SavePolicyModel>(
-                m => m.PolicyUpdate.OrganizationId == orgId &&
+            .SaveAsync(Arg.Is<SavePolicyModel>(m => m.PolicyUpdate.OrganizationId == orgId &&
                                                    m.PolicyUpdate.Type == policy.Type &&
                                                    m.PolicyUpdate.Enabled == model.Policy.Enabled &&
                                                    m.PerformedBy.UserId == userId &&
@@ -507,51 +505,4 @@ public class PoliciesControllerTests
        Assert.Equal(policy.Id, result.Id);
        Assert.Equal(policy.Type, result.Type);
    }
-
-    [Theory]
-    [BitAutoData]
-    public async Task PutVNext_WhenPolicyValidatorsRefactorDisabled_UsesSavePolicyCommand(
-        SutProvider<PoliciesController> sutProvider, Guid orgId,
-        SavePolicyRequest model, Policy policy, Guid userId)
-    {
-        // Arrange
-        policy.Data = null;
-
-        sutProvider.GetDependency<ICurrentContext>()
-            .UserId
-            .Returns(userId);
-
-        sutProvider.GetDependency<ICurrentContext>()
-            .OrganizationOwner(orgId)
-            .Returns(true);
-
-        sutProvider.GetDependency<IFeatureService>()
-            .IsEnabled(FeatureFlagKeys.PolicyValidatorsRefactor)
-            .Returns(false);
-
-        sutProvider.GetDependency<ISavePolicyCommand>()
-            .VNextSaveAsync(Arg.Any<SavePolicyModel>())
-            .Returns(policy);
-
-        // Act
-        var result = await sutProvider.Sut.PutVNext(orgId, policy.Type, model);
-
-        // Assert
-        await sutProvider.GetDependency<ISavePolicyCommand>()
-            .Received(1)
-            .VNextSaveAsync(Arg.Is<SavePolicyModel>(
-                m => m.PolicyUpdate.OrganizationId == orgId &&
-                     m.PolicyUpdate.Type == policy.Type &&
-                     m.PolicyUpdate.Enabled == model.Policy.Enabled &&
-                     m.PerformedBy.UserId == userId &&
-                     m.PerformedBy.IsOrganizationOwnerOrProvider == true));
-
-        await sutProvider.GetDependency<IVNextSavePolicyCommand>()
-            .DidNotReceiveWithAnyArgs()
-            .SaveAsync(default);
-
-        Assert.NotNull(result);
-        Assert.Equal(policy.Id, result.Id);
-        Assert.Equal(policy.Type, result.Type);
-    }
 }
--- a/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationDomains/VerifyOrganizationDomainCommandTests.cs
+++ b/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationDomains/VerifyOrganizationDomainCommandTests.cs
@@ -2,7 +2,6 @@
 using Bit.Core.AdminConsole.Enums;
 using Bit.Core.AdminConsole.Models.Data;
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationDomains;
-using Bit.Core.AdminConsole.OrganizationFeatures.Policies;
 using Bit.Core.AdminConsole.OrganizationFeatures.Policies.Models;
 using Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyUpdateEvents.Interfaces;
 using Bit.Core.Context;
@@ -183,17 +182,17 @@ public class VerifyOrganizationDomainCommandTests

        _ = await sutProvider.Sut.UserVerifyOrganizationDomainAsync(domain);

-        await sutProvider.GetDependency<ISavePolicyCommand>()
+        await sutProvider.GetDependency<IVNextSavePolicyCommand>()
            .Received(1)
-            .SaveAsync(Arg.Is<PolicyUpdate>(x => x.Type == PolicyType.SingleOrg &&
-                x.OrganizationId == domain.OrganizationId &&
-                x.Enabled &&
+            .SaveAsync(Arg.Is<SavePolicyModel>(x => x.PolicyUpdate.Type == PolicyType.SingleOrg &&
+                                                    x.PolicyUpdate.OrganizationId == domain.OrganizationId &&
+                                                    x.PolicyUpdate.Enabled &&
                x.PerformedBy is StandardUser &&
                x.PerformedBy.UserId == userId));
    }

    [Theory, BitAutoData]
-    public async Task UserVerifyOrganizationDomainAsync_WhenPolicyValidatorsRefactorFlagEnabled_UsesVNextSavePolicyCommand(
+    public async Task UserVerifyOrganizationDomainAsync_UsesVNextSavePolicyCommand(
        OrganizationDomain domain, Guid userId, SutProvider<VerifyOrganizationDomainCommand> sutProvider)
    {
        sutProvider.GetDependency<IOrganizationDomainRepository>()
@@ -207,10 +206,6 @@ public class VerifyOrganizationDomainCommandTests
        sutProvider.GetDependency<ICurrentContext>()
            .UserId.Returns(userId);

-        sutProvider.GetDependency<IFeatureService>()
-            .IsEnabled(FeatureFlagKeys.PolicyValidatorsRefactor)
-            .Returns(true);
-
        _ = await sutProvider.Sut.UserVerifyOrganizationDomainAsync(domain);

        await sutProvider.GetDependency<IVNextSavePolicyCommand>()
@@ -240,9 +235,9 @@ public class VerifyOrganizationDomainCommandTests

        _ = await sutProvider.Sut.UserVerifyOrganizationDomainAsync(domain);

-        await sutProvider.GetDependency<ISavePolicyCommand>()
+        await sutProvider.GetDependency<IVNextSavePolicyCommand>()
            .DidNotReceive()
-            .SaveAsync(Arg.Any<PolicyUpdate>());
+            .SaveAsync(Arg.Any<SavePolicyModel>());
    }

    [Theory, BitAutoData]
--- a/test/Core.Test/Auth/Services/SsoConfigServiceTests.cs
+++ b/test/Core.Test/Auth/Services/SsoConfigServiceTests.cs
@@ -2,7 +2,6 @@
 using Bit.Core.AdminConsole.Enums;
 using Bit.Core.AdminConsole.Models.Data;
 using Bit.Core.AdminConsole.Models.Data.Organizations.Policies;
-using Bit.Core.AdminConsole.OrganizationFeatures.Policies;
 using Bit.Core.AdminConsole.OrganizationFeatures.Policies.Models;
 using Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyUpdateEvents.Interfaces;
 using Bit.Core.AdminConsole.Repositories;
@@ -14,7 +13,6 @@ using Bit.Core.Auth.Services;
 using Bit.Core.Exceptions;
 using Bit.Core.Models.Data.Organizations.OrganizationUsers;
 using Bit.Core.Repositories;
-using Bit.Core.Services;
 using Bit.Test.Common.AutoFixture;
 using Bit.Test.Common.AutoFixture.Attributes;
 using NSubstitute;
@@ -342,26 +340,26 @@ public class SsoConfigServiceTests

        await sutProvider.Sut.SaveAsync(ssoConfig, organization);

-        await sutProvider.GetDependency<ISavePolicyCommand>().Received(1)
+        await sutProvider.GetDependency<IVNextSavePolicyCommand>().Received(1)
            .SaveAsync(
-                Arg.Is<PolicyUpdate>(t => t.Type == PolicyType.SingleOrg &&
-                    t.OrganizationId == organization.Id &&
-                    t.Enabled)
+                Arg.Is<SavePolicyModel>(t => t.PolicyUpdate.Type == PolicyType.SingleOrg &&
+                                             t.PolicyUpdate.OrganizationId == organization.Id &&
+                                             t.PolicyUpdate.Enabled)
            );

-        await sutProvider.GetDependency<ISavePolicyCommand>().Received(1)
+        await sutProvider.GetDependency<IVNextSavePolicyCommand>().Received(1)
            .SaveAsync(
-                Arg.Is<PolicyUpdate>(t => t.Type == PolicyType.ResetPassword &&
-                    t.GetDataModel<ResetPasswordDataModel>().AutoEnrollEnabled &&
-                    t.OrganizationId == organization.Id &&
-                    t.Enabled)
+                Arg.Is<SavePolicyModel>(t => t.PolicyUpdate.Type == PolicyType.ResetPassword &&
+                                             t.PolicyUpdate.GetDataModel<ResetPasswordDataModel>().AutoEnrollEnabled &&
+                                             t.PolicyUpdate.OrganizationId == organization.Id &&
+                                             t.PolicyUpdate.Enabled)
            );

-        await sutProvider.GetDependency<ISavePolicyCommand>().Received(1)
+        await sutProvider.GetDependency<IVNextSavePolicyCommand>().Received(1)
            .SaveAsync(
-                Arg.Is<PolicyUpdate>(t => t.Type == PolicyType.RequireSso &&
-                    t.OrganizationId == organization.Id &&
-                    t.Enabled)
+                Arg.Is<SavePolicyModel>(t => t.PolicyUpdate.Type == PolicyType.RequireSso &&
+                                             t.PolicyUpdate.OrganizationId == organization.Id &&
+                                             t.PolicyUpdate.Enabled)
            );

        await sutProvider.GetDependency<ISsoConfigRepository>().ReceivedWithAnyArgs()
@@ -369,7 +367,7 @@ public class SsoConfigServiceTests
    }

    [Theory, BitAutoData]
-    public async Task SaveAsync_Tde_WhenPolicyValidatorsRefactorEnabled_UsesVNextSavePolicyCommand(
+    public async Task SaveAsync_Tde_UsesVNextSavePolicyCommand(
        SutProvider<SsoConfigService> sutProvider, Organization organization)
    {
        var ssoConfig = new SsoConfig
@@ -383,10 +381,6 @@ public class SsoConfigServiceTests
            OrganizationId = organization.Id,
        };

-        sutProvider.GetDependency<IFeatureService>()
-            .IsEnabled(FeatureFlagKeys.PolicyValidatorsRefactor)
-            .Returns(true);
-
        await sutProvider.Sut.SaveAsync(ssoConfig, organization);

        await sutProvider.GetDependency<IVNextSavePolicyCommand>()