Describe the bug
When deleting a context with microcks context <name> --delete, the CLI removes the context and server entries but does not remove the associated user credentials when the context was created with a custom name via login --name.
login stores users under the server URL (users[].name), while contexts use the context name (contexts[].name) and reference the user through contexts[].user.
However, deleteContext calls RemoveUser(context) using the context name. For a named context like dev, the actual user entry is keyed by http://localhost:8080, so cleanup silently fails.
This can leave OAuth tokens and related auth records in ~/.config/microcks/config even after the user is told Context 'dev' deleted.
Expected behavior
After microcks context dev --delete:
- The
dev context entry is removed from contexts
- The related
servers, users auth-token / refresh-token, and auths entries for that Microcks instance are removed
- No OAuth tokens or Keycloak client credentials remain on disk for that deleted context
Actual behavior
After deleting a named context:
- The
contexts entry is removed
- The related
servers entry is removed
- The related
users entry remains, including auth-token and refresh-token
- The CLI prints
Context 'dev' deleted with no warning that credentials were left behind
How to Reproduce?
Reproducer:
- Create a temporary config:
mkdir -p /tmp/microcks-cli-verify
cat > /tmp/microcks-cli-verify/config <<'EOF'
current-context: staging
contexts:
- name: dev
server: http://localhost:8080
user: http://localhost:8080
instance: ""
- name: staging
server: http://localhost:8083
user: http://localhost:8083
instance: ""
servers:
- server: http://localhost:8080
insecureTLS: true
keycloakEnable: true
- server: http://localhost:8083
insecureTLS: true
keycloakEnable: true
users:
- name: http://localhost:8080
auth-token: LEAKED-TOKEN
refresh-token: LEAKED-REFRESH
- name: http://localhost:8083
auth-token: ""
refresh-token: ""
auths:
- server: http://localhost:8080
clientId: my-client
clientSecret: my-secret
EOF
chmod 600 /tmp/microcks-cli-verify/config
- Delete the named context:
./build/dist/microcks context dev --delete --config /tmp/microcks-cli-verify/config
- Inspect the config:
cat /tmp/microcks-cli-verify/config
Microcks version or git rev
Microcks-CLI 1.0.2
Install method (docker-compose, helm chart, operator, docker-desktop extension,...)
No response
Additional information
No response
Describe the bug
When deleting a context with
microcks context <name> --delete, the CLI removes the context and server entries but does not remove the associated user credentials when the context was created with a custom name vialogin --name.loginstores users under the server URL (users[].name), while contexts use the context name (contexts[].name) and reference the user throughcontexts[].user.However,
deleteContextcallsRemoveUser(context)using the context name. For a named context likedev, the actual user entry is keyed byhttp://localhost:8080, so cleanup silently fails.This can leave OAuth tokens and related auth records in
~/.config/microcks/configeven after the user is toldContext 'dev' deleted.Expected behavior
After
microcks context dev --delete:devcontext entry is removed fromcontextsservers,usersauth-token / refresh-token, andauthsentries for that Microcks instance are removedActual behavior
After deleting a named context:
contextsentry is removedserversentry is removedusersentry remains, includingauth-tokenandrefresh-tokenContext 'dev' deletedwith no warning that credentials were left behindHow to Reproduce?
Reproducer:
Microcks version or git rev
Microcks-CLI 1.0.2
Install method (
docker-compose,helm chart,operator,docker-desktop extension,...)No response
Additional information
No response