From 1e515ca08cc390b88e4692d9419cfd818335bbbd Mon Sep 17 00:00:00 2001 From: Anton Averchenkov <84287187+averche@users.noreply.github.com> Date: Fri, 22 Jul 2022 14:13:14 -0400 Subject: [PATCH] Fix linter issues in policy.go & acl.go (#16366) --- vault/acl.go | 8 ++------ vault/acl_test.go | 27 +++++++++++++++++---------- vault/policy.go | 12 +++++------- 3 files changed, 24 insertions(+), 23 deletions(-) diff --git a/vault/acl.go b/vault/acl.go index 5ea5489414..9dffe34f6d 100644 --- a/vault/acl.go +++ b/vault/acl.go @@ -250,9 +250,7 @@ func NewACL(ctx context.Context, policies []*Policy) (*ACL, error) { if existingPerms.MFAMethods == nil { existingPerms.MFAMethods = pc.Permissions.MFAMethods } else { - for _, method := range pc.Permissions.MFAMethods { - existingPerms.MFAMethods = append(existingPerms.MFAMethods, method) - } + existingPerms.MFAMethods = append(existingPerms.MFAMethods, pc.Permissions.MFAMethods...) } existingPerms.MFAMethods = strutil.RemoveDuplicates(existingPerms.MFAMethods, false) } @@ -264,9 +262,7 @@ func NewACL(ctx context.Context, policies []*Policy) (*ACL, error) { if existingPerms.ControlGroup == nil { existingPerms.ControlGroup = pc.Permissions.ControlGroup } else { - for _, authz := range pc.Permissions.ControlGroup.Factors { - existingPerms.ControlGroup.Factors = append(existingPerms.ControlGroup.Factors, authz) - } + existingPerms.ControlGroup.Factors = append(existingPerms.ControlGroup.Factors, pc.Permissions.ControlGroup.Factors...) } } } diff --git a/vault/acl_test.go b/vault/acl_test.go index c7fd0f64a4..5e621684bc 100644 --- a/vault/acl_test.go +++ b/vault/acl_test.go @@ -2,6 +2,7 @@ package vault import ( "context" + "fmt" "reflect" "sync" "testing" @@ -101,7 +102,7 @@ func TestACL_Capabilities(t *testing.T) { t.Run("root-ns", func(t *testing.T) { t.Parallel() policy := []*Policy{{Name: "root"}} - ctx := namespace.RootContext(nil) + ctx := namespace.RootContext(context.Background()) acl, err := NewACL(ctx, policy) if err != nil { t.Fatalf("err: %v", err) @@ -159,7 +160,7 @@ func testACLRoot(t *testing.T, ns *namespace.Namespace) { // Create the root policy ACL. Always create on root namespace regardless of // which namespace to ACL check on. policy := []*Policy{{Name: "root"}} - acl, err := NewACL(namespace.RootContext(nil), policy) + acl, err := NewACL(namespace.RootContext(context.Background()), policy) if err != nil { t.Fatalf("err: %v", err) } @@ -293,7 +294,7 @@ func TestACL_Layered(t *testing.T) { if err != nil { t.Fatalf("err: %v", err) } - acl, err := NewACL(namespace.RootContext(nil), []*Policy{policy1, policy2}) + acl, err := NewACL(namespace.RootContext(context.Background()), []*Policy{policy1, policy2}) if err != nil { t.Fatalf("err: %v", err) } @@ -820,25 +821,33 @@ func TestACL_CreationRace(t *testing.T) { } var wg sync.WaitGroup + errs := make(chan error) stopTime := time.Now().Add(20 * time.Second) for i := 0; i < 50; i++ { wg.Add(1) - go func() { + go func(i int) { defer wg.Done() for { if time.Now().After(stopTime) { return } - _, err := NewACL(namespace.RootContext(nil), []*Policy{policy}) + _, err := NewACL(namespace.RootContext(context.Background()), []*Policy{policy}) if err != nil { - t.Fatalf("err: %v", err) + errs <- fmt.Errorf("goroutine %d: %w", i, err) } } - }() + }(i) } - wg.Wait() + go func() { + wg.Wait() + close(errs) + }() + + for err := range errs { + t.Fatalf("err: %v", err) + } } func TestACLGrantingPolicies(t *testing.T) { @@ -1179,7 +1188,6 @@ var permissionsPolicy = ` name = "dev" path "dev/*" { policy = "write" - allowed_parameters = { "zip" = [] } @@ -1269,7 +1277,6 @@ var valuePermissionsPolicy = ` name = "op" path "dev/*" { policy = "write" - allowed_parameters = { "allow" = ["good"] } diff --git a/vault/policy.go b/vault/policy.go index da11f822f1..75084c4d88 100644 --- a/vault/policy.go +++ b/vault/policy.go @@ -438,15 +438,15 @@ func parsePaths(result *Policy, list *ast.ObjectList, performTemplating bool, en if pc.AllowedParametersHCL != nil { pc.Permissions.AllowedParameters = make(map[string][]interface{}, len(pc.AllowedParametersHCL)) - for key, val := range pc.AllowedParametersHCL { - pc.Permissions.AllowedParameters[strings.ToLower(key)] = val + for k, v := range pc.AllowedParametersHCL { + pc.Permissions.AllowedParameters[strings.ToLower(k)] = v } } if pc.DeniedParametersHCL != nil { pc.Permissions.DeniedParameters = make(map[string][]interface{}, len(pc.DeniedParametersHCL)) - for key, val := range pc.DeniedParametersHCL { - pc.Permissions.DeniedParameters[strings.ToLower(key)] = val + for k, v := range pc.DeniedParametersHCL { + pc.Permissions.DeniedParameters[strings.ToLower(k)] = v } } if pc.MinWrappingTTLHCL != nil { @@ -465,9 +465,7 @@ func parsePaths(result *Policy, list *ast.ObjectList, performTemplating bool, en } if pc.MFAMethodsHCL != nil { pc.Permissions.MFAMethods = make([]string, len(pc.MFAMethodsHCL)) - for idx, item := range pc.MFAMethodsHCL { - pc.Permissions.MFAMethods[idx] = item - } + copy(pc.Permissions.MFAMethods, pc.MFAMethodsHCL) } if pc.ControlGroupHCL != nil { pc.Permissions.ControlGroup = new(ControlGroup)