Merge pull request #42 from synadia-io/fix-scope-deletion

[FIX] scope deletion doesn't update the target account

account_signingkeys.go

@@ -97,6 +97,10 @@ func (as *accountSigningKeys) Delete(key string) (bool, error) {
 	if ok {
 		delete(as.data.Claim.SigningKeys, key)
 		as.data.Operator.DeletedKeys = append(as.data.Operator.DeletedKeys, key)
+		err := as.data.update()
+		if err != nil {
+			return ok, err
+		}
 	}
 	err := as.data.Operator.update()
 	return ok, err

tests/accounts_test.go

@@ -435,6 +435,46 @@ func (t *ProviderSuite) Test_ScopeRotation() {
 	t.Nil(scope2)
 }
 
+func (t *ProviderSuite) Test_ScopeDeletion() {
+	auth, err := authb.NewAuth(t.Provider)
+	t.NoError(err)
+	o, err := auth.Operators().Add("O")
+	t.NoError(err)
+
+	a, err := o.Accounts().Add("A")
+	t.NoError(err)
+
+	scope, err := a.ScopedSigningKeys().AddScope("admin")
+	t.NoError(err)
+	t.NotNil(scope)
+	key := scope.Key()
+
+	t.NoError(auth.Commit())
+	t.NoError(auth.Reload())
+
+	o, err = auth.Operators().Get("O")
+	t.NoError(err)
+	a, err = o.Accounts().Get("A")
+	t.NoError(err)
+	ok, err := a.ScopedSigningKeys().Delete(key)
+	t.NoError(err)
+	t.True(ok)
+
+	t.Empty(a.ScopedSigningKeys().ListRoles())
+	t.Empty(a.ScopedSigningKeys().List())
+
+	t.NoError(auth.Commit())
+	t.NoError(auth.Reload())
+
+	o, err = auth.Operators().Get("O")
+	t.NoError(err)
+	a, err = o.Accounts().Get("A")
+	t.NoError(err)
+
+	t.Empty(a.ScopedSigningKeys().List())
+	t.Empty(a.ScopedSigningKeys().ListRoles())
+}
+
 func (t *ProviderSuite) Test_SigningKeyRotation() {
 	auth, err := authb.NewAuth(t.Provider)
 	t.NoError(err)

tests/operator_test.go

@@ -304,7 +304,7 @@ func (t *ProviderSuite) Test_Export() {
 
 	data, err := json.MarshalIndent(auth, "", "  ")
 	t.NoError(err)
-	t.T().Log(string(data))
+	// t.T().Log(string(data))
 
 	sdir, err := os.MkdirTemp("/tmp", "stores")
 	t.NoError(err)