fix: delete keys and seed only active ones

Ensure admin key deletion removes the DB record and returns a "deleted" status. Update seeder idempotency to count only active keys when deciding whether to skip or create new keys.
2026-01-13 17:47:51 +00:00 · 2026-01-10 01:18:04 +08:00
parent 5349c9c833
commit e7db9f319f
2 changed files with 31 additions and 9 deletions
--- a/cmd/seeder/seeder.go
+++ b/cmd/seeder/seeder.go
@@ -30,6 +30,19 @@ func (s *Seeder) matchesSeederPrefix(name string) bool {
 	return strings.HasPrefix(name, "demo-") || strings.HasPrefix(name, "seeder-") || strings.HasSuffix(name, "-demo")
 }

+func filterActiveKeys(keys []KeyResponse) []KeyResponse {
+	if len(keys) == 0 {
+		return nil
+	}
+	active := make([]KeyResponse, 0, len(keys))
+	for _, key := range keys {
+		if strings.EqualFold(strings.TrimSpace(key.Status), "active") {
+			active = append(active, key)
+		}
+	}
+	return active
+}
+
 func (s *Seeder) seedNamespaces() error {
 	gen := NewGenerator(s.rng, s.seederTag, s.cfg.Profile)
 	namespaces := gen.GenerateNamespaces(s.profile.Namespaces)
@@ -450,6 +463,8 @@ func (s *Seeder) seedKeys() error {
 			}
 		}

+		activeKeys := filterActiveKeys(existingKeys)
+
 		// For reset mode, delete existing keys that belong to seeder masters
 		if s.cfg.Reset && s.matchesSeederPrefix(master.Name) && len(existingKeys) > 0 {
 			for _, key := range existingKeys {
@@ -461,25 +476,27 @@ func (s *Seeder) seedKeys() error {
 				}
 			}
 			existingKeys = []KeyResponse{}
+			activeKeys = []KeyResponse{}
 		}

 		// Check if we already have enough keys (idempotency)
 		targetCount := s.profile.KeysPerMaster
-		if len(existingKeys) >= targetCount {
+		if len(activeKeys) >= targetCount {
 			if s.cfg.Verbose {
-				fmt.Printf("  ○ %s: %d keys (exists, skipped)\n", master.Name, len(existingKeys))
+				fmt.Printf("  ○ %s: %d keys (exists, skipped)\n", master.Name, len(activeKeys))
 			}
-			s.summary.Keys.Skipped += targetCount
-			seededKeys[master.ID] = existingKeys[:targetCount]
+			s.summary.Keys.Skipped += len(activeKeys)
+			seededKeys[master.ID] = activeKeys[:targetCount]
 			continue
 		}

 		// Create only the missing keys
-		keysToCreate := targetCount - len(existingKeys)
+		s.summary.Keys.Skipped += len(activeKeys)
+		keysToCreate := targetCount - len(activeKeys)
 		keys := gen.GenerateKeys(keysToCreate)

 		masterKeys := make([]KeyResponse, 0, targetCount)
-		masterKeys = append(masterKeys, existingKeys...)
+		masterKeys = append(masterKeys, activeKeys...)
 		createdCount := 0

 		for _, key := range keys {
--- a/internal/api/admin_handler.go
+++ b/internal/api/admin_handler.go
@@ -516,8 +516,8 @@ func (h *AdminHandler) ListKeysForMaster(c *gin.Context) {
 }

 // DeleteKeyForMaster godoc
-// @Summary      Delete (revoke) child key
-// @Description  Suspends a child key under the specified master
+// @Summary      Delete child key
+// @Description  Revokes and removes a child key under the specified master
 // @Tags         admin
 // @Produce      json
 // @Security     AdminAuth
@@ -561,5 +561,10 @@ func (h *AdminHandler) DeleteKeyForMaster(c *gin.Context) {
 		return
 	}

-	c.JSON(http.StatusOK, gin.H{"status": "revoked"})
+	if err := h.db.Delete(&k).Error; err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to delete token", "details": err.Error()})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{"status": "deleted"})
 }