diff --git a/.circleci/config.yml b/.circleci/config.yml index c0a59e597f..af761abd29 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -121,7 +121,7 @@ jobs: - CIRCLECI_CLI_VERSION: 0.1.5546 - GO_TAGS: '' - GO_VERSION: 1.19.1 - - GOFUMPT_VERSION: 0.2.1 + - GOFUMPT_VERSION: 0.3.1 - GOTESTSUM_VERSION: 0.5.2 test-go-remote-docker: docker: @@ -352,6 +352,7 @@ jobs: - checkout - run: command: | + echo "Using gofumpt version ${GOFUMPT_VERSION}" go install "mvdan.cc/gofumpt@v${GOFUMPT_VERSION}" make fmt if ! git diff --exit-code; then @@ -363,7 +364,7 @@ jobs: - CIRCLECI_CLI_VERSION: 0.1.5546 - GO_TAGS: '' - GO_VERSION: 1.19.1 - - GOFUMPT_VERSION: 0.2.1 + - GOFUMPT_VERSION: 0.3.1 - GOTESTSUM_VERSION: 0.5.2 test-go-race: docker: @@ -849,7 +850,7 @@ jobs: - CIRCLECI_CLI_VERSION: 0.1.5546 - GO_TAGS: '' - GO_VERSION: 1.19.1 - - GOFUMPT_VERSION: 0.2.1 + - GOFUMPT_VERSION: 0.3.1 - GOTESTSUM_VERSION: 0.5.2 test-go-race-remote-docker: docker: diff --git a/.circleci/config/executors/@executors.yml b/.circleci/config/executors/@executors.yml index 4c7e8ae71b..27fbc959db 100644 --- a/.circleci/config/executors/@executors.yml +++ b/.circleci/config/executors/@executors.yml @@ -6,7 +6,7 @@ go-machine: CIRCLECI_CLI_VERSION: 0.1.5546 # Pin CircleCI CLI to patch version (ex: 1.2.3) GO_VERSION: 1.19.1 # Pin Go to patch version (ex: 1.2.3) GOTESTSUM_VERSION: 0.5.2 # Pin gotestsum to patch version (ex: 1.2.3) - GOFUMPT_VERSION: 0.2.1 # Pin gofumpt to patch version (ex: 1.2.3) + GOFUMPT_VERSION: 0.3.1 # Pin gofumpt to patch version (ex: 1.2.3) GO_TAGS: "" working_directory: /home/circleci/go/src/github.com/hashicorp/vault node: diff --git a/.circleci/config/jobs/fmt.yml b/.circleci/config/jobs/fmt.yml index 29a8a70d76..c92ce617aa 100644 --- a/.circleci/config/jobs/fmt.yml +++ b/.circleci/config/jobs/fmt.yml @@ -8,6 +8,7 @@ steps: - run: name: make fmt command: | + echo "Using gofumpt version ${GOFUMPT_VERSION}" go install "mvdan.cc/gofumpt@v${GOFUMPT_VERSION}" make fmt if ! git diff --exit-code; then diff --git a/api/auth/approle/approle_test.go b/api/auth/approle/approle_test.go index 9367e54bb7..f2628c695c 100644 --- a/api/auth/approle/approle_test.go +++ b/api/auth/approle/approle_test.go @@ -16,7 +16,8 @@ import ( // testHTTPServer creates a test HTTP server that handles requests until // the listener returned is closed. func testHTTPServer( - t *testing.T, handler http.Handler) (*api.Config, net.Listener) { + t *testing.T, handler http.Handler, +) (*api.Config, net.Listener) { ln, err := net.Listen("tcp", "127.0.0.1:0") if err != nil { t.Fatalf("err: %s", err) diff --git a/api/auth/ldap/ldap_test.go b/api/auth/ldap/ldap_test.go index cd656febb6..8633c4dfac 100644 --- a/api/auth/ldap/ldap_test.go +++ b/api/auth/ldap/ldap_test.go @@ -16,7 +16,8 @@ import ( // testHTTPServer creates a test HTTP server that handles requests until // the listener returned is closed. func testHTTPServer( - t *testing.T, handler http.Handler) (*api.Config, net.Listener) { + t *testing.T, handler http.Handler, +) (*api.Config, net.Listener) { ln, err := net.Listen("tcp", "127.0.0.1:0") if err != nil { t.Fatalf("err: %s", err) diff --git a/api/auth/userpass/userpass_test.go b/api/auth/userpass/userpass_test.go index eb62499aa7..0728117a1e 100644 --- a/api/auth/userpass/userpass_test.go +++ b/api/auth/userpass/userpass_test.go @@ -16,7 +16,8 @@ import ( // testHTTPServer creates a test HTTP server that handles requests until // the listener returned is closed. func testHTTPServer( - t *testing.T, handler http.Handler) (*api.Config, net.Listener) { + t *testing.T, handler http.Handler, +) (*api.Config, net.Listener) { ln, err := net.Listen("tcp", "127.0.0.1:0") if err != nil { t.Fatalf("err: %s", err) diff --git a/api/lifetime_watcher.go b/api/lifetime_watcher.go index f06263526f..5f3eadbffd 100644 --- a/api/lifetime_watcher.go +++ b/api/lifetime_watcher.go @@ -50,25 +50,24 @@ const ( // LifetimeWatcher is a process for watching lifetime of a secret. // -// watcher, err := client.NewLifetimeWatcher(&LifetimeWatcherInput{ -// Secret: mySecret, -// }) -// go watcher.Start() -// defer watcher.Stop() +// watcher, err := client.NewLifetimeWatcher(&LifetimeWatcherInput{ +// Secret: mySecret, +// }) +// go watcher.Start() +// defer watcher.Stop() // -// for { -// select { -// case err := <-watcher.DoneCh(): -// if err != nil { -// log.Fatal(err) -// } -// -// // Renewal is now over -// case renewal := <-watcher.RenewCh(): -// log.Printf("Successfully renewed: %#v", renewal) -// } -// } +// for { +// select { +// case err := <-watcher.DoneCh(): +// if err != nil { +// log.Fatal(err) +// } // +// // Renewal is now over +// case renewal := <-watcher.RenewCh(): +// log.Printf("Successfully renewed: %#v", renewal) +// } +// } // // `DoneCh` will return if renewal fails, or if the remaining lease duration is // under a built-in threshold and either renewing is not extending it or @@ -251,7 +250,8 @@ func (r *LifetimeWatcher) doRenew() error { } func (r *LifetimeWatcher) doRenewWithOptions(tokenMode bool, nonRenewable bool, initLeaseDuration int, credString string, - renew renewFunc, initialRetryInterval time.Duration) error { + renew renewFunc, initialRetryInterval time.Duration, +) error { if credString == "" || (nonRenewable && r.renewBehavior == RenewBehaviorErrorOnErrors) { return r.errLifetimeWatcherNotRenewable diff --git a/api/ssh_agent.go b/api/ssh_agent.go index 505519b04e..03fe2bea53 100644 --- a/api/ssh_agent.go +++ b/api/ssh_agent.go @@ -85,11 +85,10 @@ func (c *SSHHelperConfig) SetTLSParameters(clientConfig *Config, certPool *x509. } // Returns true if any of the following conditions are true: -// * CA cert is configured -// * CA path is configured -// * configured to skip certificate verification -// * TLS server name is configured -// +// - CA cert is configured +// - CA path is configured +// - configured to skip certificate verification +// - TLS server name is configured func (c *SSHHelperConfig) shouldSetTLSParameters() bool { return c.CACert != "" || c.CAPath != "" || c.TLSServerName != "" || c.TLSSkipVerify } diff --git a/api/sys_audit.go b/api/sys_audit.go index 7020256f41..82d9aab0b7 100644 --- a/api/sys_audit.go +++ b/api/sys_audit.go @@ -87,7 +87,8 @@ func (c *Sys) ListAuditWithContext(ctx context.Context) (map[string]*Audit, erro // DEPRECATED: Use EnableAuditWithOptions instead func (c *Sys) EnableAudit( - path string, auditType string, desc string, opts map[string]string) error { + path string, auditType string, desc string, opts map[string]string, +) error { return c.EnableAuditWithOptions(path, &EnableAuditOptions{ Type: auditType, Description: desc, diff --git a/builtin/credential/aws/backend_test.go b/builtin/credential/aws/backend_test.go index 209317ed21..5b435d3e3a 100644 --- a/builtin/credential/aws/backend_test.go +++ b/builtin/credential/aws/backend_test.go @@ -1021,31 +1021,33 @@ func TestBackend_PathBlacklistRoleTag(t *testing.T) { } } -/* This is an acceptance test. - Requires the following env vars: - TEST_AWS_EC2_RSA2048 - TEST_AWS_EC2_PKCS7 - TEST_AWS_EC2_IDENTITY_DOCUMENT - TEST_AWS_EC2_IDENTITY_DOCUMENT_SIG - TEST_AWS_EC2_AMI_ID - TEST_AWS_EC2_ACCOUNT_ID - TEST_AWS_EC2_IAM_ROLE_ARN +/* +This is an acceptance test. - If this is being run on an EC2 instance, you can set the environment vars using this bash snippet: + Requires the following env vars: + TEST_AWS_EC2_RSA2048 + TEST_AWS_EC2_PKCS7 + TEST_AWS_EC2_IDENTITY_DOCUMENT + TEST_AWS_EC2_IDENTITY_DOCUMENT_SIG + TEST_AWS_EC2_AMI_ID + TEST_AWS_EC2_ACCOUNT_ID + TEST_AWS_EC2_IAM_ROLE_ARN - export TEST_AWS_EC2_RSA2048=$(curl -s http://169.254.169.254/latest/dynamic/instance-identity/rsa2048) - export TEST_AWS_EC2_PKCS7=$(curl -s http://169.254.169.254/latest/dynamic/instance-identity/pkcs7) - export TEST_AWS_EC2_IDENTITY_DOCUMENT=$(curl -s http://169.254.169.254/latest/dynamic/instance-identity/document | base64 -w 0) - export TEST_AWS_EC2_IDENTITY_DOCUMENT_SIG=$(curl -s http://169.254.169.254/latest/dynamic/instance-identity/signature | tr -d '\n') - export TEST_AWS_EC2_AMI_ID=$(curl -s http://169.254.169.254/latest/meta-data/ami-id) - export TEST_AWS_EC2_IAM_ROLE_ARN=$(aws iam get-role --role-name $(curl -q http://169.254.169.254/latest/meta-data/iam/security-credentials/ -S -s) --query Role.Arn --output text) - export TEST_AWS_EC2_ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text) + If this is being run on an EC2 instance, you can set the environment vars using this bash snippet: - If the test is not being run on an EC2 instance that has access to - credentials using EC2RoleProvider, on top of the above vars, following - needs to be set: - TEST_AWS_SECRET_KEY - TEST_AWS_ACCESS_KEY + export TEST_AWS_EC2_RSA2048=$(curl -s http://169.254.169.254/latest/dynamic/instance-identity/rsa2048) + export TEST_AWS_EC2_PKCS7=$(curl -s http://169.254.169.254/latest/dynamic/instance-identity/pkcs7) + export TEST_AWS_EC2_IDENTITY_DOCUMENT=$(curl -s http://169.254.169.254/latest/dynamic/instance-identity/document | base64 -w 0) + export TEST_AWS_EC2_IDENTITY_DOCUMENT_SIG=$(curl -s http://169.254.169.254/latest/dynamic/instance-identity/signature | tr -d '\n') + export TEST_AWS_EC2_AMI_ID=$(curl -s http://169.254.169.254/latest/meta-data/ami-id) + export TEST_AWS_EC2_IAM_ROLE_ARN=$(aws iam get-role --role-name $(curl -q http://169.254.169.254/latest/meta-data/iam/security-credentials/ -S -s) --query Role.Arn --output text) + export TEST_AWS_EC2_ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text) + + If the test is not being run on an EC2 instance that has access to + credentials using EC2RoleProvider, on top of the above vars, following + needs to be set: + TEST_AWS_SECRET_KEY + TEST_AWS_ACCESS_KEY */ func TestBackendAcc_LoginWithInstanceIdentityDocAndAccessListIdentity(t *testing.T) { for _, path := range []string{"identity-whitelist/", "identity-accesslist/"} { diff --git a/builtin/credential/aws/certificates.go b/builtin/credential/aws/certificates.go index 066cdb3410..c745ad2b3f 100644 --- a/builtin/credential/aws/certificates.go +++ b/builtin/credential/aws/certificates.go @@ -26,7 +26,9 @@ func init() { // These certificates are for verifying PKCS#7 DSA signatures. // Copied from: -// curl https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/verify-pkcs7.html | pcregrep -M -o -e '(?s)-----BEGIN CERTIFICATE-----[^>]*-----END CERTIFICATE-----' +// +// curl https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/verify-pkcs7.html | pcregrep -M -o -e '(?s)-----BEGIN CERTIFICATE-----[^>]*-----END CERTIFICATE-----' +// // Last updated: 2022-05-31 const pkcs7RawCerts = `-----BEGIN CERTIFICATE----- MIIC7TCCAq0CCQCWukjZ5V4aZzAJBgcqhkjOOAQDMFwxCzAJBgNVBAYTAlVTMRkw diff --git a/builtin/credential/aws/path_role.go b/builtin/credential/aws/path_role.go index 2e7f89fd68..12a4c7d0f2 100644 --- a/builtin/credential/aws/path_role.go +++ b/builtin/credential/aws/path_role.go @@ -305,7 +305,8 @@ func (b *backend) roleInternal(ctx context.Context, s logical.Storage, roleName // setRole creates or updates a role in the storage. The caller must hold // the write lock. func (b *backend) setRole(ctx context.Context, s logical.Storage, roleName string, - roleEntry *awsRoleEntry) error { + roleEntry *awsRoleEntry, +) error { if roleName == "" { return fmt.Errorf("missing role name") } diff --git a/builtin/credential/aws/pkcs7/ber.go b/builtin/credential/aws/pkcs7/ber.go index 9b736af2d7..0b18a6c8d3 100644 --- a/builtin/credential/aws/pkcs7/ber.go +++ b/builtin/credential/aws/pkcs7/ber.go @@ -106,12 +106,12 @@ func lengthLength(i int) (numBytes int) { // added to 0x80. The length is encoded in big endian encoding follow after // // Examples: -// length | byte 1 | bytes n -// 0 | 0x00 | - -// 120 | 0x78 | - -// 200 | 0x81 | 0xC8 -// 500 | 0x82 | 0x01 0xF4 // +// length | byte 1 | bytes n +// 0 | 0x00 | - +// 120 | 0x78 | - +// 200 | 0x81 | 0xC8 +// 500 | 0x82 | 0x01 0xF4 func encodeLength(out *bytes.Buffer, length int) (err error) { if length >= 128 { l := lengthLength(length) diff --git a/builtin/credential/aws/pkcs7/encrypt.go b/builtin/credential/aws/pkcs7/encrypt.go index 6b2655708c..90da67e4ee 100644 --- a/builtin/credential/aws/pkcs7/encrypt.go +++ b/builtin/credential/aws/pkcs7/encrypt.go @@ -256,7 +256,7 @@ func encryptAESCBC(content []byte, key []byte) ([]byte, *encryptedContentInfo, e // value is EncryptionAlgorithmDESCBC. To use a different algorithm, change the // value before calling Encrypt(). For example: // -// ContentEncryptionAlgorithm = EncryptionAlgorithmAES128GCM +// ContentEncryptionAlgorithm = EncryptionAlgorithmAES128GCM // // TODO(fullsailor): Add support for encrypting content with other algorithms func Encrypt(content []byte, recipients []*x509.Certificate) ([]byte, error) { diff --git a/builtin/credential/cert/backend_test.go b/builtin/credential/cert/backend_test.go index 3c6948a3e8..062fc156bc 100644 --- a/builtin/credential/cert/backend_test.go +++ b/builtin/credential/cert/backend_test.go @@ -1836,7 +1836,8 @@ func testAccStepLoginWithNameInvalid(t *testing.T, connState tls.ConnectionState } func testAccStepListCerts( - t *testing.T, certs []string) []logicaltest.TestStep { + t *testing.T, certs []string, +) []logicaltest.TestStep { return []logicaltest.TestStep{ { Operation: logical.ListOperation, @@ -1893,7 +1894,8 @@ type allowed struct { } func testAccStepCert( - t *testing.T, name string, cert []byte, policies string, testData allowed, expectError bool) logicaltest.TestStep { + t *testing.T, name string, cert []byte, policies string, testData allowed, expectError bool, +) logicaltest.TestStep { return logicaltest.TestStep{ Operation: logical.UpdateOperation, Path: "certs/" + name, @@ -1922,7 +1924,8 @@ func testAccStepCert( } func testAccStepCertLease( - t *testing.T, name string, cert []byte, policies string) logicaltest.TestStep { + t *testing.T, name string, cert []byte, policies string, +) logicaltest.TestStep { return logicaltest.TestStep{ Operation: logical.UpdateOperation, Path: "certs/" + name, @@ -1936,7 +1939,8 @@ func testAccStepCertLease( } func testAccStepCertTTL( - t *testing.T, name string, cert []byte, policies string) logicaltest.TestStep { + t *testing.T, name string, cert []byte, policies string, +) logicaltest.TestStep { return logicaltest.TestStep{ Operation: logical.UpdateOperation, Path: "certs/" + name, @@ -1950,7 +1954,8 @@ func testAccStepCertTTL( } func testAccStepCertMaxTTL( - t *testing.T, name string, cert []byte, policies string) logicaltest.TestStep { + t *testing.T, name string, cert []byte, policies string, +) logicaltest.TestStep { return logicaltest.TestStep{ Operation: logical.UpdateOperation, Path: "certs/" + name, @@ -1965,7 +1970,8 @@ func testAccStepCertMaxTTL( } func testAccStepCertNoLease( - t *testing.T, name string, cert []byte, policies string) logicaltest.TestStep { + t *testing.T, name string, cert []byte, policies string, +) logicaltest.TestStep { return logicaltest.TestStep{ Operation: logical.UpdateOperation, Path: "certs/" + name, diff --git a/builtin/credential/ldap/backend_test.go b/builtin/credential/ldap/backend_test.go index d9d6482df0..74b4e18a17 100644 --- a/builtin/credential/ldap/backend_test.go +++ b/builtin/credential/ldap/backend_test.go @@ -382,19 +382,19 @@ func TestLdapAuthBackend_UserPolicies(t *testing.T) { } /* - * Acceptance test for LDAP Auth Method - * - * The tests here rely on a docker LDAP server: - * [https://github.com/rroemhild/docker-test-openldap] - * - * ...as well as existence of a person object, `cn=Hermes Conrad,dc=example,dc=com`, - * which is a member of a group, `cn=admin_staff,ou=people,dc=example,dc=com` - * - * Querying the server from the command line: - * $ docker run --privileged -d -p 389:389 --name ldap --rm rroemhild/test-openldap - * $ ldapsearch -x -H ldap://localhost -b dc=planetexpress,dc=com -s sub uid=hermes - * $ ldapsearch -x -H ldap://localhost -b dc=planetexpress,dc=com -s sub \ - 'member=cn=Hermes Conrad,ou=people,dc=planetexpress,dc=com' +* Acceptance test for LDAP Auth Method +* +* The tests here rely on a docker LDAP server: +* [https://github.com/rroemhild/docker-test-openldap] +* +* ...as well as existence of a person object, `cn=Hermes Conrad,dc=example,dc=com`, +* which is a member of a group, `cn=admin_staff,ou=people,dc=example,dc=com` +* + - Querying the server from the command line: + - $ docker run --privileged -d -p 389:389 --name ldap --rm rroemhild/test-openldap + - $ ldapsearch -x -H ldap://localhost -b dc=planetexpress,dc=com -s sub uid=hermes + - $ ldapsearch -x -H ldap://localhost -b dc=planetexpress,dc=com -s sub \ + 'member=cn=Hermes Conrad,ou=people,dc=planetexpress,dc=com' */ func factory(t *testing.T) logical.Backend { defaultLeaseTTLVal := time.Hour * 24 diff --git a/builtin/credential/radius/backend_test.go b/builtin/credential/radius/backend_test.go index 23d7213958..de90b3b79d 100644 --- a/builtin/credential/radius/backend_test.go +++ b/builtin/credential/radius/backend_test.go @@ -339,7 +339,8 @@ func testStepUserList(t *testing.T, users []string) logicaltest.TestStep { } func testStepUpdateUser( - t *testing.T, name string, policies string) logicaltest.TestStep { + t *testing.T, name string, policies string, +) logicaltest.TestStep { return logicaltest.TestStep{ Operation: logical.UpdateOperation, Path: "users/" + name, diff --git a/builtin/credential/userpass/backend_test.go b/builtin/credential/userpass/backend_test.go index 546b9d1554..83f79db9a4 100644 --- a/builtin/credential/userpass/backend_test.go +++ b/builtin/credential/userpass/backend_test.go @@ -300,7 +300,8 @@ func testAccStepLogin(t *testing.T, user string, pass string, policies []string) } func testUserCreateOperation( - t *testing.T, name string, password string, policies string) logicaltest.TestStep { + t *testing.T, name string, password string, policies string, +) logicaltest.TestStep { return logicaltest.TestStep{ Operation: logical.CreateOperation, Path: "users/" + name, @@ -312,7 +313,8 @@ func testUserCreateOperation( } func testAccStepUser( - t *testing.T, name string, password string, policies string) logicaltest.TestStep { + t *testing.T, name string, password string, policies string, +) logicaltest.TestStep { return logicaltest.TestStep{ Operation: logical.UpdateOperation, Path: "users/" + name, diff --git a/builtin/credential/userpass/stepwise_test.go b/builtin/credential/userpass/stepwise_test.go index 3748ed1cea..90820b883d 100644 --- a/builtin/credential/userpass/stepwise_test.go +++ b/builtin/credential/userpass/stepwise_test.go @@ -32,7 +32,8 @@ func TestAccBackend_stepwise_UserCrud(t *testing.T) { } func testAccStepwiseUser( - t *testing.T, name string, password string, policies string) stepwise.Step { + t *testing.T, name string, password string, policies string, +) stepwise.Step { return stepwise.Step{ Operation: stepwise.UpdateOperation, Path: "users/" + name, diff --git a/builtin/logical/aws/iam_policies_test.go b/builtin/logical/aws/iam_policies_test.go index 5e8ae6feb6..ddba67f6b8 100644 --- a/builtin/logical/aws/iam_policies_test.go +++ b/builtin/logical/aws/iam_policies_test.go @@ -207,7 +207,7 @@ func Test_combinePolicyDocuments(t *testing.T) { `{"Version": "2012-10-17", "Statement": [{"Effect": "Allow", "NotAction": "ec2:DescribeAvailabilityZones", "Resource": "*"}]}`, }, expectedOutput: `{"Version": "2012-10-17","Statement":[{"Effect": "Allow","NotAction": "ec2:DescribeAvailabilityZones", "Resource": "*"}]}`, - expectedErr: false, + expectedErr: false, }, { description: "one blank policy", diff --git a/builtin/logical/aws/secret_access_keys.go b/builtin/logical/aws/secret_access_keys.go index 7f5492ee5a..c70386d681 100644 --- a/builtin/logical/aws/secret_access_keys.go +++ b/builtin/logical/aws/secret_access_keys.go @@ -278,7 +278,8 @@ func (b *backend) secretAccessKeysCreate( ctx context.Context, s logical.Storage, displayName, policyName string, - role *awsRoleEntry) (*logical.Response, error) { + role *awsRoleEntry, +) (*logical.Response, error) { iamClient, err := b.clientIAM(ctx, s) if err != nil { return logical.ErrorResponse(err.Error()), nil diff --git a/builtin/logical/database/rollback_test.go b/builtin/logical/database/rollback_test.go index 7e3fd458b7..dc061ae99a 100644 --- a/builtin/logical/database/rollback_test.go +++ b/builtin/logical/database/rollback_test.go @@ -20,9 +20,9 @@ const ( // Tests that the WAL rollback function rolls back the database password. // The database password should be rolled back when: -// - A WAL entry exists -// - Password has been altered on the database -// - Password has not been updated in storage +// - A WAL entry exists +// - Password has been altered on the database +// - Password has not been updated in storage func TestBackend_RotateRootCredentials_WAL_rollback(t *testing.T) { cluster, sys := getCluster(t) defer cluster.Cleanup() @@ -163,9 +163,9 @@ func TestBackend_RotateRootCredentials_WAL_rollback(t *testing.T) { // Tests that the WAL rollback function does not roll back the database password. // The database password should not be rolled back when: -// - A WAL entry exists -// - Password has not been altered on the database -// - Password has not been updated in storage +// - A WAL entry exists +// - Password has not been altered on the database +// - Password has not been updated in storage func TestBackend_RotateRootCredentials_WAL_no_rollback_1(t *testing.T) { cluster, sys := getCluster(t) defer cluster.Cleanup() @@ -267,9 +267,9 @@ func TestBackend_RotateRootCredentials_WAL_no_rollback_1(t *testing.T) { // Tests that the WAL rollback function does not roll back the database password. // The database password should not be rolled back when: -// - A WAL entry exists -// - Password has been altered on the database -// - Password has been updated in storage +// - A WAL entry exists +// - Password has been altered on the database +// - Password has been updated in storage func TestBackend_RotateRootCredentials_WAL_no_rollback_2(t *testing.T) { cluster, sys := getCluster(t) defer cluster.Cleanup() diff --git a/builtin/logical/database/rotation.go b/builtin/logical/database/rotation.go index 0aee4756b1..5ae2756f27 100644 --- a/builtin/logical/database/rotation.go +++ b/builtin/logical/database/rotation.go @@ -312,12 +312,12 @@ type setStaticAccountOutput struct { // - verifies role exists and is in the allowed roles list // - loads an existing WAL entry if WALID input is given, otherwise creates a // new WAL entry -// - gets a database connection -// - accepts an input credential, otherwise generates a new one for -// the role's credential type -// - sets new credential for the static account -// - uses WAL for ensuring new credentials are not lost if storage to Vault fails, -// resulting in a partial failure. +// - gets a database connection +// - accepts an input credential, otherwise generates a new one for +// the role's credential type +// - sets new credential for the static account +// - uses WAL for ensuring new credentials are not lost if storage to Vault fails, +// resulting in a partial failure. // // This method does not perform any operations on the priority queue. Those // tasks must be handled outside of this method. diff --git a/builtin/logical/pki/ocsp_test.go b/builtin/logical/pki/ocsp_test.go index d14914cf56..edae1eb490 100644 --- a/builtin/logical/pki/ocsp_test.go +++ b/builtin/logical/pki/ocsp_test.go @@ -316,8 +316,9 @@ func TestOcsp_RevokedCertHasIssuerWithoutAKey(t *testing.T) { // the response to the caller on its behalf. // // NOTE: This test is a bit at the mercy of iteration order of the issuer ids. -// If it becomes flaky, most likely something is wrong in the code -// and not the test. +// +// If it becomes flaky, most likely something is wrong in the code +// and not the test. func TestOcsp_MultipleMatchingIssuersOneWithoutSigningUsage(t *testing.T) { b, s, testEnv := setupOcspEnv(t, "ec") diff --git a/builtin/logical/ssh/backend_test.go b/builtin/logical/ssh/backend_test.go index 25c0256421..27934d42af 100644 --- a/builtin/logical/ssh/backend_test.go +++ b/builtin/logical/ssh/backend_test.go @@ -2120,7 +2120,8 @@ func testDefaultUserTemplate(t *testing.T, testDefaultUserTemplate string, func testAllowedPrincipalsTemplate(t *testing.T, testAllowedDomainsTemplate string, expectedValidPrincipal string, testEntityMetadata map[string]string, - roleConfigPayload map[string]interface{}, signingPayload map[string]interface{}) { + roleConfigPayload map[string]interface{}, signingPayload map[string]interface{}, +) { cluster, userpassToken := getSshCaTestCluster(t, testUserName) defer cluster.Cleanup() client := cluster.Cores[0].Client @@ -2169,7 +2170,8 @@ func testAllowedPrincipalsTemplate(t *testing.T, testAllowedDomainsTemplate stri } func testAllowedUsersTemplate(t *testing.T, testAllowedUsersTemplate string, - expectedValidPrincipal string, testEntityMetadata map[string]string) { + expectedValidPrincipal string, testEntityMetadata map[string]string, +) { testAllowedPrincipalsTemplate( t, testAllowedUsersTemplate, expectedValidPrincipal, testEntityMetadata, diff --git a/builtin/logical/transit/backend_test.go b/builtin/logical/transit/backend_test.go index 09e51c57d0..c4d92a3ddb 100644 --- a/builtin/logical/transit/backend_test.go +++ b/builtin/logical/transit/backend_test.go @@ -623,7 +623,8 @@ func testAccStepReadPolicyWithVersions(t *testing.T, name string, expectNone, de } func testAccStepEncrypt( - t *testing.T, name, plaintext string, decryptData map[string]interface{}) logicaltest.TestStep { + t *testing.T, name, plaintext string, decryptData map[string]interface{}, +) logicaltest.TestStep { return logicaltest.TestStep{ Operation: logical.UpdateOperation, Path: "encrypt/" + name, @@ -647,7 +648,8 @@ func testAccStepEncrypt( } func testAccStepEncryptUpsert( - t *testing.T, name, plaintext string, decryptData map[string]interface{}) logicaltest.TestStep { + t *testing.T, name, plaintext string, decryptData map[string]interface{}, +) logicaltest.TestStep { return logicaltest.TestStep{ Operation: logical.CreateOperation, Path: "encrypt/" + name, @@ -671,7 +673,8 @@ func testAccStepEncryptUpsert( } func testAccStepEncryptContext( - t *testing.T, name, plaintext, context string, decryptData map[string]interface{}) logicaltest.TestStep { + t *testing.T, name, plaintext, context string, decryptData map[string]interface{}, +) logicaltest.TestStep { return logicaltest.TestStep{ Operation: logical.UpdateOperation, Path: "encrypt/" + name, @@ -697,7 +700,8 @@ func testAccStepEncryptContext( } func testAccStepDecrypt( - t *testing.T, name, plaintext string, decryptData map[string]interface{}) logicaltest.TestStep { + t *testing.T, name, plaintext string, decryptData map[string]interface{}, +) logicaltest.TestStep { return logicaltest.TestStep{ Operation: logical.UpdateOperation, Path: "decrypt/" + name, @@ -725,7 +729,8 @@ func testAccStepDecrypt( } func testAccStepRewrap( - t *testing.T, name string, decryptData map[string]interface{}, expectedVer int) logicaltest.TestStep { + t *testing.T, name string, decryptData map[string]interface{}, expectedVer int, +) logicaltest.TestStep { return logicaltest.TestStep{ Operation: logical.UpdateOperation, Path: "rewrap/" + name, @@ -757,7 +762,8 @@ func testAccStepRewrap( func testAccStepEncryptVX( t *testing.T, name, plaintext string, decryptData map[string]interface{}, - ver int, encryptHistory map[int]map[string]interface{}) logicaltest.TestStep { + ver int, encryptHistory map[int]map[string]interface{}, +) logicaltest.TestStep { return logicaltest.TestStep{ Operation: logical.UpdateOperation, Path: "encrypt/" + name, @@ -788,7 +794,8 @@ func testAccStepEncryptVX( func testAccStepLoadVX( t *testing.T, name string, decryptData map[string]interface{}, - ver int, encryptHistory map[int]map[string]interface{}) logicaltest.TestStep { + ver int, encryptHistory map[int]map[string]interface{}, +) logicaltest.TestStep { // This is really a no-op to allow us to do data manip in the check function return logicaltest.TestStep{ Operation: logical.ReadOperation, @@ -801,7 +808,8 @@ func testAccStepLoadVX( } func testAccStepDecryptExpectFailure( - t *testing.T, name, plaintext string, decryptData map[string]interface{}) logicaltest.TestStep { + t *testing.T, name, plaintext string, decryptData map[string]interface{}, +) logicaltest.TestStep { return logicaltest.TestStep{ Operation: logical.UpdateOperation, Path: "decrypt/" + name, @@ -825,7 +833,8 @@ func testAccStepRotate(t *testing.T, name string) logicaltest.TestStep { func testAccStepWriteDatakey(t *testing.T, name string, noPlaintext bool, bits int, - dataKeyInfo map[string]interface{}) logicaltest.TestStep { + dataKeyInfo map[string]interface{}, +) logicaltest.TestStep { data := map[string]interface{}{} subPath := "plaintext" if noPlaintext { @@ -869,7 +878,8 @@ func testAccStepWriteDatakey(t *testing.T, name string, } func testAccStepDecryptDatakey(t *testing.T, name string, - dataKeyInfo map[string]interface{}) logicaltest.TestStep { + dataKeyInfo map[string]interface{}, +) logicaltest.TestStep { return logicaltest.TestStep{ Operation: logical.UpdateOperation, Path: "decrypt/" + name, diff --git a/builtin/logical/transit/stepwise_test.go b/builtin/logical/transit/stepwise_test.go index 89e6cbe8f6..b64aca9861 100644 --- a/builtin/logical/transit/stepwise_test.go +++ b/builtin/logical/transit/stepwise_test.go @@ -162,7 +162,8 @@ func testAccStepwiseReadPolicyWithVersions(t *testing.T, name string, expectNone } func testAccStepwiseEncryptContext( - t *testing.T, name, plaintext, context string, decryptData map[string]interface{}) stepwise.Step { + t *testing.T, name, plaintext, context string, decryptData map[string]interface{}, +) stepwise.Step { return stepwise.Step{ Operation: stepwise.UpdateOperation, Path: "encrypt/" + name, @@ -188,7 +189,8 @@ func testAccStepwiseEncryptContext( } func testAccStepwiseDecrypt( - t *testing.T, name, plaintext string, decryptData map[string]interface{}) stepwise.Step { + t *testing.T, name, plaintext string, decryptData map[string]interface{}, +) stepwise.Step { return stepwise.Step{ Operation: stepwise.UpdateOperation, Path: "decrypt/" + name, diff --git a/command/agent/auth/alicloud/alicloud.go b/command/agent/auth/alicloud/alicloud.go index ff9a4341f2..6fc640c290 100644 --- a/command/agent/auth/alicloud/alicloud.go +++ b/command/agent/auth/alicloud/alicloud.go @@ -18,13 +18,11 @@ import ( ) /* - - Creds can be inferred from instance metadata, and those creds - expire every 60 minutes, so we're going to need to poll for new - creds. Since we're polling anyways, let's poll once a minute so - all changes can be picked up rather quickly. This is configurable, - however. - +Creds can be inferred from instance metadata, and those creds +expire every 60 minutes, so we're going to need to poll for new +creds. Since we're polling anyways, let's poll once a minute so +all changes can be picked up rather quickly. This is configurable, +however. */ const defaultCredCheckFreqSeconds = 60 diff --git a/command/token/helper_external.go b/command/token/helper_external.go index 7fd25b0614..83f5f89072 100644 --- a/command/token/helper_external.go +++ b/command/token/helper_external.go @@ -46,10 +46,10 @@ var _ TokenHelper = (*ExternalTokenHelper)(nil) // BinaryPath is executed within a shell with environment Env. The last argument // appended will be the operation, which is: // -// * "get" - Read the value of the token and write it to stdout. -// * "store" - Store the value of the token which is on stdin. Output -// nothing. -// * "erase" - Erase the contents stored. Output nothing. +// - "get" - Read the value of the token and write it to stdout. +// - "store" - Store the value of the token which is on stdin. Output +// nothing. +// - "erase" - Erase the contents stored. Output nothing. // // Any errors can be written on stdout. If the helper exits with a non-zero // exit code then the stderr will be made part of the error value. diff --git a/helper/constants/fips_build_check.go b/helper/constants/fips_build_check.go index aee3d0edba..1e865b499f 100644 --- a/helper/constants/fips_build_check.go +++ b/helper/constants/fips_build_check.go @@ -8,17 +8,17 @@ import "C" // without implementation in any imported or built library. This results in // a linker err if the above build constraints are satisfied: // -// /home/cipherboy/GitHub/cipherboy/vault-enterprise/helper/constants/fips_build_check.go:10: undefined reference to `github.com/hashicorp/vault/helper/constants.VaultFIPSBuildRequiresVersionAgnosticTagAndOneVersionTag' +// /home/cipherboy/GitHub/cipherboy/vault-enterprise/helper/constants/fips_build_check.go:10: undefined reference to `github.com/hashicorp/vault/helper/constants.VaultFIPSBuildRequiresVersionAgnosticTagAndOneVersionTag' // // This indicates that a build error has occurred due to mismatched tags. // // In particular, we use this to enforce the following restrictions on build // tags: // -// - If a versioned fips_140_* tag is specified, the unversioned tag must -// also be. -// - If the unversioned tag is specified, a versioned tag must be. -// - Both versioned flags cannot be specified at the same time. +// - If a versioned fips_140_* tag is specified, the unversioned tag must +// also be. +// - If the unversioned tag is specified, a versioned tag must be. +// - Both versioned flags cannot be specified at the same time. // // In the unlikely event that a FFI implementation for this function exists // in the future, it should be renamed to a new function which does not diff --git a/http/assets.go b/http/assets.go index 4c4b6c395e..c401f94910 100644 --- a/http/assets.go +++ b/http/assets.go @@ -9,6 +9,7 @@ import ( ) // content is our static web server content. +// //go:embed web_ui/* var content embed.FS diff --git a/http/handler.go b/http/handler.go index f40ec3d72b..5bf848db2d 100644 --- a/http/handler.go +++ b/http/handler.go @@ -1148,9 +1148,9 @@ func parseMFAHeader(req *logical.Request) error { // maintain backwards compatibility, this will err on the side of JSON. // The request will be considered a form only if: // -// 1. The content type is "application/x-www-form-urlencoded" -// 2. The start of the request doesn't look like JSON. For this test we -// we expect the body to begin with { or [, ignoring leading whitespace. +// 1. The content type is "application/x-www-form-urlencoded" +// 2. The start of the request doesn't look like JSON. For this test we +// we expect the body to begin with { or [, ignoring leading whitespace. func isForm(head []byte, contentType string) bool { contentType, _, err := mime.ParseMediaType(contentType) @@ -1221,8 +1221,8 @@ func oidcPermissionDenied(path string, err error) bool { // permission denied errors (expired token) on resources protected // by OIDC access tokens. Currently, the UserInfo Endpoint is the only // protected resource. See the following specifications for details: -// - https://openid.net/specs/openid-connect-core-1_0.html#UserInfoError -// - https://datatracker.ietf.org/doc/html/rfc6750#section-3.1 +// - https://openid.net/specs/openid-connect-core-1_0.html#UserInfoError +// - https://datatracker.ietf.org/doc/html/rfc6750#section-3.1 func respondOIDCPermissionDenied(w http.ResponseWriter) { errorCode := "invalid_token" errorDescription := logical.ErrPermissionDenied.Error() diff --git a/http/logical.go b/http/logical.go index b34e96fbea..6cdf6bb071 100644 --- a/http/logical.go +++ b/http/logical.go @@ -287,9 +287,9 @@ func buildLogicalRequest(core *vault.Core, w http.ResponseWriter, r *http.Reques // handleLogical returns a handler for processing logical requests. These requests // may or may not end up getting forwarded under certain scenarios if the node // is a performance standby. Some of these cases include: -// - Perf standby and token with limited use count. -// - Perf standby and token re-validation needed (e.g. due to invalid token). -// - Perf standby and control group error. +// - Perf standby and token with limited use count. +// - Perf standby and token re-validation needed (e.g. due to invalid token). +// - Perf standby and control group error. func handleLogical(core *vault.Core) http.Handler { return handleLogicalInternal(core, false, false) } diff --git a/internalshared/listenerutil/listener.go b/internalshared/listenerutil/listener.go index c5b77f287c..6095713be5 100644 --- a/internalshared/listenerutil/listener.go +++ b/internalshared/listenerutil/listener.go @@ -75,7 +75,8 @@ func UnixSocketListener(path string, unixSocketsConfig *UnixSocketsConfig) (net. func TLSConfig( l *configutil.Listener, props map[string]string, - ui cli.Ui) (*tls.Config, reloadutil.ReloadFunc, error) { + ui cli.Ui, +) (*tls.Config, reloadutil.ReloadFunc, error) { props["tls"] = "disabled" if l.TLSDisable { diff --git a/physical/cockroachdb/cockroachdb.go b/physical/cockroachdb/cockroachdb.go index e6bfc17416..385074d917 100644 --- a/physical/cockroachdb/cockroachdb.go +++ b/physical/cockroachdb/cockroachdb.go @@ -304,8 +304,8 @@ func (c *CockroachDBBackend) transaction(tx *sql.Tx, txns []*physical.TxnEntry) // https://www.cockroachlabs.com/docs/stable/keywords-and-identifiers.html#identifiers // // - All values that accept an identifier must: -// - Begin with a Unicode letter or an underscore (_). Subsequent characters can be letters, -// - underscores, digits (0-9), or dollar signs ($). +// - Begin with a Unicode letter or an underscore (_). Subsequent characters can be letters, +// - underscores, digits (0-9), or dollar signs ($). // - Not equal any SQL keyword unless the keyword is accepted by the element's syntax. For example, // name accepts Unreserved or Column Name keywords. // diff --git a/physical/gcs/gcs_ha.go b/physical/gcs/gcs_ha.go index 7ad57a0f48..3a8e45d981 100644 --- a/physical/gcs/gcs_ha.go +++ b/physical/gcs/gcs_ha.go @@ -321,9 +321,10 @@ OUTER: // // - lock does not exist // - write the lock +// // - lock exists // - if key is empty or identity is the same or timestamp exceeds TTL -// - update the lock to self +// - update the lock to self func (l *Lock) writeLock() (bool, error) { // Create a transaction to read and the update (maybe) ctx, cancel := context.WithCancel(context.Background()) diff --git a/physical/postgresql/postgresql.go b/physical/postgresql/postgresql.go index 7483999241..ed4c883440 100644 --- a/physical/postgresql/postgresql.go +++ b/physical/postgresql/postgresql.go @@ -36,11 +36,9 @@ const ( // Verify PostgreSQLBackend satisfies the correct interfaces var _ physical.Backend = (*PostgreSQLBackend)(nil) -// // HA backend was implemented based on the DynamoDB backend pattern // With distinction using central postgres clock, hereby avoiding // possible issues with multiple clocks -// var ( _ physical.HABackend = (*PostgreSQLBackend)(nil) _ physical.Lock = (*PostgreSQLLock)(nil) diff --git a/physical/spanner/spanner_ha.go b/physical/spanner/spanner_ha.go index f3284fc270..7aa4f8986d 100644 --- a/physical/spanner/spanner_ha.go +++ b/physical/spanner/spanner_ha.go @@ -320,9 +320,10 @@ OUTER: // // - lock does not exist // - write the lock +// // - lock exists // - if key is empty or identity is the same or timestamp exceeds TTL -// - update the lock to self +// - update the lock to self func (l *Lock) writeLock() (bool, error) { // Keep track of whether the lock was written lockWritten := false diff --git a/sdk/database/helper/dbutil/quoteidentifier.go b/sdk/database/helper/dbutil/quoteidentifier.go index cc54154a03..92c6fda8dc 100644 --- a/sdk/database/helper/dbutil/quoteidentifier.go +++ b/sdk/database/helper/dbutil/quoteidentifier.go @@ -28,10 +28,10 @@ import "strings" // QuoteIdentifier quotes an "identifier" (e.g. a table or a column name) to be // used as part of an SQL statement. For example: // -// tblname := "my_table" -// data := "my_data" -// quoted := pq.QuoteIdentifier(tblname) -// err := db.Exec(fmt.Sprintf("INSERT INTO %s VALUES ($1)", quoted), data) +// tblname := "my_table" +// data := "my_data" +// quoted := pq.QuoteIdentifier(tblname) +// err := db.Exec(fmt.Sprintf("INSERT INTO %s VALUES ($1)", quoted), data) // // Any double quotes in name will be escaped. The quoted identifier will be // case sensitive when used in a query. If the input string contains a zero diff --git a/sdk/framework/openapi.go b/sdk/framework/openapi.go index 6d720e222f..4659f7ae2f 100644 --- a/sdk/framework/openapi.go +++ b/sdk/framework/openapi.go @@ -734,7 +734,8 @@ func cleanResponse(resp *logical.Response) *cleanedResponse { // /sys/tools/random/{urlbytes} -> postSysToolsRandomUrlbytes // // In the unlikely case of a duplicate ids, a numeric suffix is added: -// postSysToolsRandomUrlbytes_2 +// +// postSysToolsRandomUrlbytes_2 // // An optional user-provided suffix ("context") may also be appended. func (d *OASDocument) CreateOperationIDs(context string) { diff --git a/sdk/framework/secret.go b/sdk/framework/secret.go index d338e06f03..0c8f0dfccc 100644 --- a/sdk/framework/secret.go +++ b/sdk/framework/secret.go @@ -42,7 +42,8 @@ func (s *Secret) Renewable() bool { } func (s *Secret) Response( - data, internal map[string]interface{}) *logical.Response { + data, internal map[string]interface{}, +) *logical.Response { internalData := make(map[string]interface{}) for k, v := range internal { internalData[k] = v diff --git a/sdk/helper/keysutil/policy_test.go b/sdk/helper/keysutil/policy_test.go index 44c85c87f0..91767cfd9d 100644 --- a/sdk/helper/keysutil/policy_test.go +++ b/sdk/helper/keysutil/policy_test.go @@ -834,7 +834,8 @@ func Test_RSA_PSS(t *testing.T) { } test_RSA_PSS := func(t *testing.T, p *Policy, rsaKey *rsa.PrivateKey, hashType HashType, - marshalingType MarshalingType) { + marshalingType MarshalingType, + ) { unsaltedOptions := SigningOptions{ HashAlgorithm: hashType, Marshaling: marshalingType, diff --git a/sdk/helper/locksutil/locks.go b/sdk/helper/locksutil/locks.go index 1c85402493..35ffcf739d 100644 --- a/sdk/helper/locksutil/locks.go +++ b/sdk/helper/locksutil/locks.go @@ -25,7 +25,6 @@ type LockEntry struct { // Lock B, Lock A // // Where process 1 is now deadlocked trying to lock B, and process 2 deadlocked trying to lock A -// func CreateLocks() []*LockEntry { ret := make([]*LockEntry, LockCount) for i := range ret { diff --git a/sdk/helper/template/template.go b/sdk/helper/template/template.go index 4ced1528fa..2918825b97 100644 --- a/sdk/helper/template/template.go +++ b/sdk/helper/template/template.go @@ -39,37 +39,48 @@ func Function(name string, f interface{}) Opt { // - random // - Randomly generated characters. This uses the charset specified in RandomCharset. Must include a length. // Example: {{ rand 20 }} +// // - truncate // - Truncates the previous value to the specified length. Must include a maximum length. // Example: {{ .DisplayName | truncate 10 }} +// // - truncate_sha256 // - Truncates the previous value to the specified length. If the original length is greater than the length // specified, the remaining characters will be sha256 hashed and appended to the end. The hash will be only the first 8 characters The maximum length will // be no longer than the length specified. // Example: {{ .DisplayName | truncate_sha256 30 }} +// // - uppercase // - Uppercases the previous value. // Example: {{ .RoleName | uppercase }} +// // - lowercase // - Lowercases the previous value. // Example: {{ .DisplayName | lowercase }} +// // - replace // - Performs a string find & replace // Example: {{ .DisplayName | replace - _ }} +// // - sha256 // - SHA256 hashes the previous value. // Example: {{ .DisplayName | sha256 }} +// // - base64 // - base64 encodes the previous value. // Example: {{ .DisplayName | base64 }} +// // - unix_time // - Provides the current unix time in seconds. // Example: {{ unix_time }} +// // - unix_time_millis // - Provides the current unix time in milliseconds. // Example: {{ unix_time_millis }} +// // - timestamp // - Provides the current time. Must include a standard Go format string +// // - uuid // - Generates a UUID // Example: {{ uuid }} diff --git a/sdk/logical/request.go b/sdk/logical/request.go index 1edb51b3fc..d774fd176b 100644 --- a/sdk/logical/request.go +++ b/sdk/logical/request.go @@ -378,7 +378,6 @@ type MFACreds map[string][]string // InitializationRequest stores the parameters and context of an Initialize() // call being made to a logical.Backend. type InitializationRequest struct { - // Storage can be used to durably store and retrieve state. Storage Storage } diff --git a/serviceregistration/kubernetes/testing/testserver.go b/serviceregistration/kubernetes/testing/testserver.go index cb1c122775..50232a2e57 100644 --- a/serviceregistration/kubernetes/testing/testserver.go +++ b/serviceregistration/kubernetes/testing/testserver.go @@ -47,15 +47,15 @@ var ( // the test server. This must be done by the caller to avoid an import // cycle between the client and the testserver. Example usage: // -// client.Scheme = testConf.ClientScheme -// client.TokenFile = testConf.PathToTokenFile -// client.RootCAFile = testConf.PathToRootCAFile -// if err := os.Setenv(client.EnvVarKubernetesServiceHost, testConf.ServiceHost); err != nil { -// t.Fatal(err) -// } -// if err := os.Setenv(client.EnvVarKubernetesServicePort, testConf.ServicePort); err != nil { -// t.Fatal(err) -// } +// client.Scheme = testConf.ClientScheme +// client.TokenFile = testConf.PathToTokenFile +// client.RootCAFile = testConf.PathToRootCAFile +// if err := os.Setenv(client.EnvVarKubernetesServiceHost, testConf.ServiceHost); err != nil { +// t.Fatal(err) +// } +// if err := os.Setenv(client.EnvVarKubernetesServicePort, testConf.ServicePort); err != nil { +// t.Fatal(err) +// } type Conf struct { ClientScheme, PathToTokenFile, PathToRootCAFile, ServiceHost, ServicePort string } diff --git a/vault/expiration.go b/vault/expiration.go index 0038fc3f41..64a42d6383 100644 --- a/vault/expiration.go +++ b/vault/expiration.go @@ -1775,10 +1775,10 @@ func (m *ExpirationManager) uniquePoliciesGc() { // Acquiring a lock from a leaseEntry is a bad idea because it could change // between loading and acquiring the lock. So we only provide an ID-based map, and the // locking discipline should be: -// 1. Lock lease -// 2. Load, or attempt to load, leaseEntry -// 3. Modify leaseEntry and pendingMap (atomic wrt operations on this lease) -// 4. Unlock lease +// 1. Lock lease +// 2. Load, or attempt to load, leaseEntry +// 3. Modify leaseEntry and pendingMap (atomic wrt operations on this lease) +// 4. Unlock lease // // The lock must be removed from the map when the lease is deleted, or is // found to not exist in storage. loadEntry does this whenever it returns diff --git a/vault/external_tests/sealmigration/testshared.go b/vault/external_tests/sealmigration/testshared.go index e817af789c..fe440d78cc 100644 --- a/vault/external_tests/sealmigration/testshared.go +++ b/vault/external_tests/sealmigration/testshared.go @@ -334,7 +334,8 @@ func migrateFromShamirToTransit_Pre14(t *testing.T, logger hclog.Logger, storage } func validateMigration(t *testing.T, storage teststorage.ReusableStorage, - cluster *vault.TestCluster, leaderIdx int, f func(t *testing.T, core *vault.TestClusterCore)) { + cluster *vault.TestCluster, leaderIdx int, f func(t *testing.T, core *vault.TestClusterCore), +) { t.Helper() leader := cluster.Cores[leaderIdx] @@ -693,7 +694,8 @@ func runShamir(t *testing.T, logger hclog.Logger, storage teststorage.ReusableSt // initializeTransit initializes a brand new backend storage with Transit. func InitializeTransit(t *testing.T, logger hclog.Logger, storage teststorage.ReusableStorage, basePort int, - tss *sealhelper.TransitSealServer, sealKeyName string) (*vault.TestCluster, *vault.TestClusterOptions) { + tss *sealhelper.TransitSealServer, sealKeyName string, +) (*vault.TestCluster, *vault.TestClusterOptions) { t.Helper() baseClusterPort := basePort + 10 diff --git a/vault/identity_store_groups_test.go b/vault/identity_store_groups_test.go index 2e138e264f..3407e3a5eb 100644 --- a/vault/identity_store_groups_test.go +++ b/vault/identity_store_groups_test.go @@ -1083,11 +1083,12 @@ func TestIdentityStore_GroupMultiCase(t *testing.T) { /* Test groups hierarchy: - ------- eng(entityID3) ------- - | | - ----- vault ----- -- ops(entityID2) -- - | | | | - kube(entityID1) identity build deploy + + ------- eng(entityID3) ------- + | | + ----- vault ----- -- ops(entityID2) -- + | | | | + kube(entityID1) identity build deploy */ func TestIdentityStore_GroupHierarchyCases(t *testing.T) { var resp *logical.Response