Clean up cache on logout and add test

silv-io · silv-io · commit 21ef0464f3f1 · 2026-04-10T10:35:14.000+02:00
diff --git a/cmd/logout.go b/cmd/logout.go
@@ -43,7 +43,8 @@ func newLogoutCmd(cfg *env.Env, tel *telemetry.Client, logger log.Logger) *cobra
 			if err != nil {
 				return fmt.Errorf("failed to initialize token storage: %w", err)
 			}
-			a := auth.New(sink, platformClient, tokenStorage, cfg.AuthToken, "", false)
+			licenseFilePath, _ := config.LicenseFilePath()
+			a := auth.New(sink, platformClient, tokenStorage, cfg.AuthToken, "", false, licenseFilePath)
 			if err := a.Logout(); err != nil {
 				if errors.Is(err, auth.ErrNotLoggedIn) {
 					return nil
diff --git a/internal/auth/auth.go b/internal/auth/auth.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"os"
 
 	"github.com/localstack/lstk/internal/api"
 	"github.com/localstack/lstk/internal/output"
@@ -12,20 +13,22 @@ import (
 var ErrNotLoggedIn = errors.New("not logged in")
 
 type Auth struct {
-	tokenStorage AuthTokenStorage
-	login        LoginProvider
-	sink         output.Sink
-	authToken    string
-	allowLogin   bool
+	tokenStorage    AuthTokenStorage
+	login           LoginProvider
+	sink            output.Sink
+	authToken       string
+	allowLogin      bool
+	licenseFilePath string
 }
 
-func New(sink output.Sink, platform api.PlatformAPI, storage AuthTokenStorage, authToken, webAppURL string, allowLogin bool) *Auth {
+func New(sink output.Sink, platform api.PlatformAPI, storage AuthTokenStorage, authToken, webAppURL string, allowLogin bool, licenseFilePath string) *Auth {
 	return &Auth{
-		tokenStorage: storage,
-		login:        newLoginProvider(sink, platform, webAppURL),
-		sink:         sink,
-		authToken:    authToken,
-		allowLogin:   allowLogin,
+		tokenStorage:    storage,
+		login:           newLoginProvider(sink, platform, webAppURL),
+		sink:            sink,
+		authToken:       authToken,
+		allowLogin:      allowLogin,
+		licenseFilePath: licenseFilePath,
 	}
 }
 
@@ -83,6 +86,10 @@ func (a *Auth) Logout() error {
 		return fmt.Errorf("failed to delete auth token: %w", err)
 	}
 
+	if a.licenseFilePath != "" {
+		_ = os.Remove(a.licenseFilePath)
+	}
+
 	output.EmitSpinnerStop(a.sink)
 	output.EmitSuccess(a.sink, "Logged out successfully")
 	return nil
diff --git a/internal/container/start.go b/internal/container/start.go
@@ -81,7 +81,7 @@ func Start(ctx context.Context, rt runtime.Runtime, sink output.Sink, opts Start
 	if err != nil {
 		return fmt.Errorf("failed to initialize token storage: %w", err)
 	}
-	a := auth.New(sink, opts.PlatformClient, tokenStorage, opts.AuthToken, opts.WebAppURL, interactive)
+	a := auth.New(sink, opts.PlatformClient, tokenStorage, opts.AuthToken, opts.WebAppURL, interactive, "")
 
 	token, err := a.GetToken(ctx)
 	if err != nil {
diff --git a/internal/ui/run_login.go b/internal/ui/run_login.go
@@ -27,7 +27,7 @@ func RunLogin(parentCtx context.Context, version string, platformClient api.Plat
 			p.Send(runErrMsg{err: err})
 			return
 		}
-		a := auth.New(output.NewTUISink(programSender{p: p}), platformClient, tokenStorage, authToken, webAppURL, true)
+		a := auth.New(output.NewTUISink(programSender{p: p}), platformClient, tokenStorage, authToken, webAppURL, true, "")
 
 		_, err = a.GetToken(ctx)
 		runErrCh <- err
diff --git a/internal/ui/run_login_test.go b/internal/ui/run_login_test.go
@@ -98,7 +98,7 @@ func TestLoginFlow_DeviceFlowSuccess(t *testing.T) {
 
 	errCh := make(chan error, 1)
 	go func() {
-		a := auth.New(output.NewTUISink(sender), platformClient, mockStorage, "", mockServer.URL, true)
+		a := auth.New(output.NewTUISink(sender), platformClient, mockStorage, "", mockServer.URL, true, "")
 		_, err := a.GetToken(ctx)
 		errCh <- err
 		if err != nil && !errors.Is(err, context.Canceled) {
@@ -146,7 +146,7 @@ func TestLoginFlow_DeviceFlowFailure_NotConfirmed(t *testing.T) {
 
 	errCh := make(chan error, 1)
 	go func() {
-		a := auth.New(output.NewTUISink(sender), platformClient, mockStorage, "", mockServer.URL, true)
+		a := auth.New(output.NewTUISink(sender), platformClient, mockStorage, "", mockServer.URL, true, "")
 		_, err := a.GetToken(ctx)
 		errCh <- err
 		if err != nil && !errors.Is(err, context.Canceled) {
@@ -195,7 +195,7 @@ func TestLoginFlow_DeviceFlowCancelWithCtrlC(t *testing.T) {
 
 	errCh := make(chan error, 1)
 	go func() {
-		a := auth.New(output.NewTUISink(sender), platformClient, mockStorage, "", mockServer.URL, true)
+		a := auth.New(output.NewTUISink(sender), platformClient, mockStorage, "", mockServer.URL, true, "")
 		_, err := a.GetToken(ctx)
 		errCh <- err
 		if err != nil && !errors.Is(err, context.Canceled) {
diff --git a/internal/ui/run_logout.go b/internal/ui/run_logout.go
@@ -33,7 +33,8 @@ func RunLogout(parentCtx context.Context, rt runtime.Runtime, platformClient api
 		}
 
 		sink := output.NewTUISink(programSender{p: p})
-		a := auth.New(sink, platformClient, tokenStorage, authToken, "", false)
+		licenseFilePath, _ := config.LicenseFilePath()
+		a := auth.New(sink, platformClient, tokenStorage, authToken, "", false, licenseFilePath)
 		err = a.Logout()
 		if err == nil && rt != nil {
 			if running, runningErr := container.AnyRunning(ctx, rt, containers); runningErr == nil && running {
diff --git a/test/integration/license_test.go b/test/integration/license_test.go
@@ -6,6 +6,8 @@ import (
 	"fmt"
 	"net/http"
 	"net/http/httptest"
+	"os"
+	"path/filepath"
 	"testing"
 
 	"github.com/docker/docker/api/types/container"
@@ -93,8 +95,50 @@ func TestLicenseValidationFailure(t *testing.T) {
 	assert.Error(t, err, "container should not exist after license failure")
 }
 
+func licenseFilePath(t *testing.T) string {
+	t.Helper()
+	cacheDir, err := os.UserCacheDir()
+	require.NoError(t, err)
+	return filepath.Join(cacheDir, "lstk", "license.json")
+}
+
 func cleanupLicense() {
 	ctx := context.Background()
 	_ = dockerClient.ContainerStop(ctx, containerName, container.StopOptions{})
 	_ = dockerClient.ContainerRemove(ctx, containerName, container.RemoveOptions{Force: true})
+	if cacheDir, err := os.UserCacheDir(); err == nil {
+		_ = os.Remove(filepath.Join(cacheDir, "lstk", "license.json"))
+	}
+}
+
+func TestLicenseCacheAndMount(t *testing.T) {
+	requireDocker(t)
+	env.Require(t, env.AuthToken)
+
+	cleanupLicense()
+	t.Cleanup(cleanupLicense)
+
+	licenseBody := `{"license":"test-license-data"}`
+	mockServer := createMockLicenseServerWithBody(licenseBody)
+	defer mockServer.Close()
+
+	ctx := testContext(t)
+	_, stderr, err := runLstk(t, ctx, "", env.With(env.APIEndpoint, mockServer.URL), "start")
+	require.NoError(t, err, "lstk start failed: %s", stderr)
+
+	data, err := os.ReadFile(licenseFilePath(t))
+	require.NoError(t, err, "license cache file should exist after successful start")
+	assert.Equal(t, licenseBody, string(data))
+
+	inspect, err := dockerClient.ContainerInspect(ctx, containerName)
+	require.NoError(t, err, "failed to inspect container")
+
+	var mounted bool
+	for _, m := range inspect.Mounts {
+		if m.Destination == "/etc/localstack/conf.d/license.json" {
+			mounted = true
+			break
+		}
+	}
+	assert.True(t, mounted, "license file should be mounted into container at /etc/localstack/conf.d/license.json")
 }
diff --git a/test/integration/main_test.go b/test/integration/main_test.go
@@ -289,3 +289,14 @@ func createMockLicenseServer(success bool) *httptest.Server {
 		w.WriteHeader(http.StatusNotFound)
 	}))
 }
+
+func createMockLicenseServerWithBody(body string) *httptest.Server {
+	return httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.Method == "POST" && r.URL.Path == "/v1/license/request" {
+			w.WriteHeader(http.StatusOK)
+			_, _ = w.Write([]byte(body))
+			return
+		}
+		w.WriteHeader(http.StatusNotFound)
+	}))
+}

Original file line number	Diff line number	Diff line change
`@@ -81,7 +81,7 @@ func Start(ctx context.Context, rt runtime.Runtime, sink output.Sink, opts Start`
`81`	`81`	`if err != nil {`
`82`	`82`	`return fmt.Errorf("failed to initialize token storage: %w", err)`
`83`	`83`	`}`
`84`		`- a := auth.New(sink, opts.PlatformClient, tokenStorage, opts.AuthToken, opts.WebAppURL, interactive)`
	`84`	`+ a := auth.New(sink, opts.PlatformClient, tokenStorage, opts.AuthToken, opts.WebAppURL, interactive, "")`
`85`	`85`
`86`	`86`	`token, err := a.GetToken(ctx)`
`87`	`87`	`if err != nil {`
Original file line number	Diff line number	Diff line change
`@@ -27,7 +27,7 @@ func RunLogin(parentCtx context.Context, version string, platformClient api.Plat`
`27`	`27`	`p.Send(runErrMsg{err: err})`
`28`	`28`	`return`
`29`	`29`	`}`
`30`		`- a := auth.New(output.NewTUISink(programSender{p: p}), platformClient, tokenStorage, authToken, webAppURL, true)`
	`30`	`+ a := auth.New(output.NewTUISink(programSender{p: p}), platformClient, tokenStorage, authToken, webAppURL, true, "")`
`31`	`31`
`32`	`32`	`_, err = a.GetToken(ctx)`
`33`	`33`	`runErrCh <- err`
Original file line number	Diff line number	Diff line change
`@@ -33,7 +33,8 @@ func RunLogout(parentCtx context.Context, rt runtime.Runtime, platformClient api`
`33`	`33`	`}`
`34`	`34`
`35`	`35`	`sink := output.NewTUISink(programSender{p: p})`
`36`		`- a := auth.New(sink, platformClient, tokenStorage, authToken, "", false)`
	`36`	`+ licenseFilePath, _ := config.LicenseFilePath()`
	`37`	`+ a := auth.New(sink, platformClient, tokenStorage, authToken, "", false, licenseFilePath)`
`37`	`38`	`err = a.Logout()`
`38`	`39`	`if err == nil && rt != nil {`
`39`	`40`	`if running, runningErr := container.AnyRunning(ctx, rt, containers); runningErr == nil && running {`