DELETE license API endpoint (#3697)

* DELETE license API endpoint

Signed-off-by: Spike Curtis <spike@coder.com>

* Fix new lint stuff

Signed-off-by: Spike Curtis <spike@coder.com>

Signed-off-by: Spike Curtis <spike@coder.com>

enterprise/coderd/auth_internal_test.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"crypto/ed25519"
 	"crypto/rand"
+	"fmt"
 	"net/http"
 	"testing"
 	"time"
@@ -55,10 +56,11 @@ func TestAuthorizeAllEndpoints(t *testing.T) {
 	}
 	lic, err := makeLicense(claims, privKey, keyID)
 	require.NoError(t, err)
-	_, err = a.Client.AddLicense(ctx, codersdk.AddLicenseRequest{
+	license, err := a.Client.AddLicense(ctx, codersdk.AddLicenseRequest{
 		License: lic,
 	})
 	require.NoError(t, err)
+	a.URLParams["licenses/{id}"] = fmt.Sprintf("licenses/%d", license.ID)
 
 	skipRoutes, assertRoute := coderdtest.AGPLRoutes(a)
 	assertRoute["POST:/api/v2/licenses"] = coderdtest.RouteCheck{
@@ -70,5 +72,9 @@ func TestAuthorizeAllEndpoints(t *testing.T) {
 		AssertAction: rbac.ActionRead,
 		AssertObject: rbac.ResourceLicense,
 	}
+	assertRoute["DELETE:/api/v2/licenses/{id}"] = coderdtest.RouteCheck{
+		AssertAction: rbac.ActionDelete,
+		AssertObject: rbac.ResourceLicense,
+	}
 	a.Test(ctx, assertRoute, skipRoutes)
 }

enterprise/coderd/licenses.go

@@ -9,6 +9,7 @@ import (
 	"encoding/base64"
 	"encoding/json"
 	"net/http"
+	"strconv"
 	"strings"
 	"time"
 
@@ -125,6 +126,7 @@ func newLicenseAPI(
 	a := &licenseAPI{router: r, logger: l, database: db, pubsub: ps, auth: auth}
 	r.Post("/", a.postLicense)
 	r.Get("/", a.licenses)
+	r.Delete("/{id}", a.delete)
 	return a
 }
 
@@ -265,3 +267,35 @@ func decodeClaims(l database.License) (jwt.MapClaims, error) {
 	err = d.Decode(&c)
 	return c, err
 }
+
+func (a *licenseAPI) delete(rw http.ResponseWriter, r *http.Request) {
+	if !a.auth.Authorize(r, rbac.ActionDelete, rbac.ResourceLicense) {
+		httpapi.Forbidden(rw)
+		return
+	}
+
+	idStr := chi.URLParam(r, "id")
+	id, err := strconv.ParseInt(idStr, 10, 32)
+	if err != nil {
+		httpapi.Write(rw, http.StatusNotFound, codersdk.Response{
+			Message: "License ID must be an integer",
+		})
+		return
+	}
+
+	_, err = a.database.DeleteLicense(r.Context(), int32(id))
+	if xerrors.Is(err, sql.ErrNoRows) {
+		httpapi.Write(rw, http.StatusNotFound, codersdk.Response{
+			Message: "Unknown license ID",
+		})
+		return
+	}
+	if err != nil {
+		httpapi.Write(rw, http.StatusInternalServerError, codersdk.Response{
+			Message: "Internal error deleting license",
+			Detail:  err.Error(),
+		})
+		return
+	}
+	rw.WriteHeader(http.StatusOK)
+}

enterprise/coderd/licenses_internal_test.go

@@ -5,6 +5,7 @@ import (
 	"crypto/ed25519"
 	"crypto/rand"
 	"encoding/json"
+	"net/http"
 	"testing"
 	"time"
 
@@ -212,6 +213,98 @@ func TestGetLicense(t *testing.T) {
 	})
 }
 
+// these tests patch the map of license keys, so cannot be run in parallel
+// nolint:paralleltest
+func TestDeleteLicense(t *testing.T) {
+	pubKey, privKey, err := ed25519.GenerateKey(rand.Reader)
+	require.NoError(t, err)
+	keyID := "testing"
+	oldKeys := keys
+	defer func() {
+		t.Log("restoring keys")
+		keys = oldKeys
+	}()
+	keys = map[string]ed25519.PublicKey{keyID: pubKey}
+
+	t.Run("DELETE_empty", func(t *testing.T) {
+		client := coderdtest.New(t, &coderdtest.Options{APIBuilder: NewEnterprise})
+		_ = coderdtest.CreateFirstUser(t, client)
+		ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
+		defer cancel()
+
+		err := client.DeleteLicense(ctx, 1)
+		errResp := &codersdk.Error{}
+		if xerrors.As(err, &errResp) {
+			assert.Equal(t, 404, errResp.StatusCode())
+		} else {
+			t.Error("expected to get error status 404")
+		}
+	})
+
+	t.Run("DELETE_bad_id", func(t *testing.T) {
+		client := coderdtest.New(t, &coderdtest.Options{APIBuilder: NewEnterprise})
+		_ = coderdtest.CreateFirstUser(t, client)
+		ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
+		defer cancel()
+
+		resp, err := client.Request(ctx, http.MethodDelete, "/api/v2/licenses/drivers", nil)
+		require.NoError(t, err)
+		assert.Equal(t, http.StatusNotFound, resp.StatusCode)
+		require.NoError(t, resp.Body.Close())
+	})
+
+	t.Run("DELETE", func(t *testing.T) {
+		client := coderdtest.New(t, &coderdtest.Options{APIBuilder: NewEnterprise})
+		_ = coderdtest.CreateFirstUser(t, client)
+		ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
+		defer cancel()
+
+		claims := &Claims{
+			RegisteredClaims: jwt.RegisteredClaims{
+				Issuer:    "test@coder.test",
+				IssuedAt:  jwt.NewNumericDate(time.Now()),
+				NotBefore: jwt.NewNumericDate(time.Now()),
+				ExpiresAt: jwt.NewNumericDate(time.Now().Add(2 * time.Hour)),
+			},
+			LicenseExpires: jwt.NewNumericDate(time.Now().Add(time.Hour)),
+			AccountType:    AccountTypeSalesforce,
+			AccountID:      "testing",
+			Version:        CurrentVersion,
+			Features: Features{
+				UserLimit: 0,
+				AuditLog:  1,
+			},
+		}
+		lic, err := makeLicense(claims, privKey, keyID)
+		require.NoError(t, err)
+		_, err = client.AddLicense(ctx, codersdk.AddLicenseRequest{
+			License: lic,
+		})
+		require.NoError(t, err)
+
+		// 2nd license
+		claims.AccountID = "testing2"
+		claims.Features.UserLimit = 200
+		lic2, err := makeLicense(claims, privKey, keyID)
+		require.NoError(t, err)
+		_, err = client.AddLicense(ctx, codersdk.AddLicenseRequest{
+			License: lic2,
+		})
+		require.NoError(t, err)
+
+		licenses, err := client.Licenses(ctx)
+		require.NoError(t, err)
+		assert.Len(t, licenses, 2)
+		for _, l := range licenses {
+			err = client.DeleteLicense(ctx, l.ID)
+			require.NoError(t, err)
+		}
+		licenses, err = client.Licenses(ctx)
+		require.NoError(t, err)
+		assert.Len(t, licenses, 0)
+	})
+}
+
 func makeLicense(c *Claims, privateKey ed25519.PrivateKey, keyID string) (string, error) {
 	tok := jwt.NewWithClaims(jwt.SigningMethodEdDSA, c)
 	tok.Header[HeaderKeyID] = keyID