Tear down scaffolding for migrating to sessions w/ KMS contexts

**Why**: After #2787 is deployed, we won't be using contextless KMS for
session encryption anymore.

This should not be merged until after #2787 is deployed to production
and the feature flags have been adjusted to have the new instances write
sessions encrypted with KMS contexts.

app/services/encryption/encryptors/session_encryptor.rb

@@ -5,7 +5,7 @@ class SessionEncryptor
 
       def encrypt(plaintext)
         aes_ciphertext = AesEncryptor.new.encrypt(plaintext, aes_encryption_key)
-        kms_ciphertext = encrypt_with_kms(aes_ciphertext)
+        kms_ciphertext = KmsClient.new.encrypt(aes_ciphertext, 'context' => 'session-encryption')
         encode(kms_ciphertext)
       end
 
@@ -18,14 +18,6 @@ def decrypt(ciphertext)
 
       private
 
-      def encrypt_with_kms(ciphertext)
-        if FeatureManagement.use_kms_context_for_sessions?
-          KmsClient.new.encrypt(ciphertext, 'context' => 'session-encryption')
-        else
-          ContextlessKmsClient.new.encrypt(ciphertext)
-        end
-      end
-
       def aes_encryptor
         AesEncryptor.new
       end

config/application.yml.example

@@ -204,7 +204,6 @@ development:
   twilio_record_voice: 'true'
   use_dashboard_service_providers: 'true'
   use_kms: 'false'
-  use_kms_context_for_sessions: 'false'
   use_kms_contexts: 'false'
   usps_confirmation_max_days: '10'
   enable_load_testing_mode: 'false'
@@ -319,7 +318,6 @@ production:
   twilio_record_voice: 'false'
   twilio_verify_api_key: 'change-me'
   use_kms: 'true'
-  use_kms_context_for_sessions: 'false'
   use_kms_contexts: 'false'
   usps_confirmation_max_days: '30'
   enable_load_testing_mode: 'false'
@@ -438,7 +436,6 @@ test:
   twilio_record_voice: 'true'
   twilio_verify_api_key: 'secret'
   use_kms: 'false'
-  use_kms_context_for_sessions: 'true'
   use_kms_contexts: 'true'
   usps_confirmation_max_days: '10'
   enable_load_testing_mode: 'false'

lib/feature_management.rb

@@ -109,8 +109,4 @@ def self.use_kms_contexts?
   def self.write_2lkms_passwords?
     Figaro.env.write_2lkms_passwords == 'true'
   end
-
-  def self.use_kms_context_for_sessions?
-    Figaro.env.use_kms_context_for_sessions == 'true'
-  end
 end

spec/services/encryption/encryptors/session_encryptor_spec.rb

@@ -23,34 +23,14 @@
       expect(ciphertext).to eq(expected_ciphertext)
     end
 
-    context 'when use_kms_context_for_sessions is true' do
-      before do
-        allow(FeatureManagement).to receive(:use_kms_context_for_sessions?).and_return(true)
-      end
-
-      it 'sets an encryption context' do
-        client = instance_double(Encryption::KmsClient)
-        expect(client).to receive(:encrypt).with(
-          instance_of(String), 'context' => 'session-encryption'
-        ).and_return('kms_ciphertext')
-        allow(Encryption::KmsClient).to receive(:new).and_return(client)
-
-        subject.encrypt(plaintext)
-      end
-    end
-
-    context 'when use_kms_context_for_sessions is false' do
-      before do
-        allow(FeatureManagement).to receive(:use_kms_context_for_sessions?).and_return(false)
-      end
-
-      it 'does not set an encryption context' do
-        client = instance_double(Encryption::ContextlessKmsClient)
-        expect(client).to receive(:encrypt).with(instance_of(String)).and_return('kms_ciphertext')
-        allow(Encryption::ContextlessKmsClient).to receive(:new).and_return(client)
-
-        subject.encrypt(plaintext)
-      end
+    it 'sets an encryption context' do
+      client = instance_double(Encryption::KmsClient)
+      expect(client).to receive(:encrypt).with(
+        instance_of(String), 'context' => 'session-encryption'
+      ).and_return('kms_ciphertext')
+      allow(Encryption::KmsClient).to receive(:new).and_return(client)
+
+      subject.encrypt(plaintext)
     end
   end