From b5961beba9f2004a351e58a646f755c8acf8a166 Mon Sep 17 00:00:00 2001 From: Herman Slatman Date: Wed, 21 Dec 2022 16:02:26 +0100 Subject: [PATCH] Fix and/or ignore linting issues --- ca/bootstrap.go | 6 ++--- ca/client.go | 44 ++++++++++++++++++------------------- ca/tls.go | 4 ++-- cas/stepcas/issuer.go | 5 +++-- cas/stepcas/issuer_test.go | 3 ++- cas/stepcas/jwk_issuer.go | 9 ++++---- cas/stepcas/stepcas.go | 4 ++-- cas/stepcas/stepcas_test.go | 2 +- 8 files changed, 40 insertions(+), 37 deletions(-) diff --git a/ca/bootstrap.go b/ca/bootstrap.go index 430f2e31..78b94ec9 100644 --- a/ca/bootstrap.go +++ b/ca/bootstrap.go @@ -61,7 +61,7 @@ func Bootstrap(token string) (*Client, error) { // } // resp, err := client.Get("https://internal.smallstep.com") func BootstrapClient(ctx context.Context, token string, options ...TLSOption) (*http.Client, error) { - b, err := createBootstrap(token) + b, err := createBootstrap(token) //nolint:contextcheck // deeply nested context; temporary if err != nil { return nil, err } @@ -120,7 +120,7 @@ func BootstrapServer(ctx context.Context, token string, base *http.Server, optio return nil, errors.New("server TLSConfig is already set") } - b, err := createBootstrap(token) + b, err := createBootstrap(token) //nolint:contextcheck // deeply nested context; temporary if err != nil { return nil, err } @@ -169,7 +169,7 @@ func BootstrapServer(ctx context.Context, token string, base *http.Server, optio // ... // register services // srv.Serve(lis) func BootstrapListener(ctx context.Context, token string, inner net.Listener, options ...TLSOption) (net.Listener, error) { - b, err := createBootstrap(token) + b, err := createBootstrap(token) //nolint:contextcheck // deeply nested context; temporary if err != nil { return nil, err } diff --git a/ca/client.go b/ca/client.go index c6a7def2..7321f82f 100644 --- a/ca/client.go +++ b/ca/client.go @@ -607,7 +607,7 @@ retry: return nil, clientError(err) } if resp.StatusCode >= 400 { - if !retried && c.retryOnError(resp) { + if !retried && c.retryOnError(resp) { //nolint:contextcheck // deeply nested context; retry using the same context retried = true goto retry } @@ -637,7 +637,7 @@ retry: return nil, clientError(err) } if resp.StatusCode >= 400 { - if !retried && c.retryOnError(resp) { + if !retried && c.retryOnError(resp) { //nolint:contextcheck // deeply nested context; retry using the same context retried = true goto retry } @@ -672,7 +672,7 @@ retry: return nil, clientError(err) } if resp.StatusCode >= 400 { - if !retried && c.retryOnError(resp) { + if !retried && c.retryOnError(resp) { //nolint:contextcheck // deeply nested context; retry using the same context retried = true goto retry } @@ -711,7 +711,7 @@ retry: return nil, clientError(err) } if resp.StatusCode >= 400 { - if !retried && c.retryOnError(resp) { + if !retried && c.retryOnError(resp) { //nolint:contextcheck // deeply nested context; retry using the same context retried = true goto retry } @@ -750,7 +750,7 @@ retry: return nil, clientError(err) } if resp.StatusCode >= 400 { - if !retried && c.retryOnError(resp) { + if !retried && c.retryOnError(resp) { //nolint:contextcheck // deeply nested context; retry using the same context retried = true goto retry } @@ -787,7 +787,7 @@ retry: return nil, clientError(err) } if resp.StatusCode >= 400 { - if !retried && c.retryOnError(resp) { + if !retried && c.retryOnError(resp) { //nolint:contextcheck // deeply nested context; retry using the same context retried = true goto retry } @@ -827,7 +827,7 @@ retry: return nil, clientError(err) } if resp.StatusCode >= 400 { - if !retried && c.retryOnError(resp) { + if !retried && c.retryOnError(resp) { //nolint:contextcheck // deeply nested context; retry using the same context retried = true goto retry } @@ -868,7 +868,7 @@ retry: return nil, clientError(err) } if resp.StatusCode >= 400 { - if !retried && c.retryOnError(resp) { + if !retried && c.retryOnError(resp) { //nolint:contextcheck // deeply nested context; retry using the same context retried = true goto retry } @@ -911,7 +911,7 @@ retry: return nil, clientError(err) } if resp.StatusCode >= 400 { - if !retried && c.retryOnError(resp) { + if !retried && c.retryOnError(resp) { //nolint:contextcheck // deeply nested context; retry using the same context retried = true goto retry } @@ -943,7 +943,7 @@ retry: return nil, clientError(err) } if resp.StatusCode >= 400 { - if !retried && c.retryOnError(resp) { + if !retried && c.retryOnError(resp) { //nolint:contextcheck // deeply nested context; retry using the same context retried = true goto retry } @@ -973,7 +973,7 @@ retry: return nil, clientError(err) } if resp.StatusCode >= 400 { - if !retried && c.retryOnError(resp) { + if !retried && c.retryOnError(resp) { //nolint:contextcheck // deeply nested context; retry using the same context retried = true goto retry } @@ -1003,7 +1003,7 @@ retry: return nil, clientError(err) } if resp.StatusCode >= 400 { - if !retried && c.retryOnError(resp) { + if !retried && c.retryOnError(resp) { //nolint:contextcheck // deeply nested context; retry using the same context retried = true goto retry } @@ -1037,7 +1037,7 @@ retry: return nil, clientError(err) } if resp.StatusCode >= 400 { - if !retried && c.retryOnError(resp) { + if !retried && c.retryOnError(resp) { //nolint:contextcheck // deeply nested context; retry using the same context retried = true goto retry } @@ -1071,7 +1071,7 @@ retry: return nil, clientError(err) } if resp.StatusCode >= 400 { - if !retried && c.retryOnError(resp) { + if !retried && c.retryOnError(resp) { //nolint:contextcheck // deeply nested context; retry using the same context retried = true goto retry } @@ -1105,7 +1105,7 @@ retry: return nil, clientError(err) } if resp.StatusCode >= 400 { - if !retried && c.retryOnError(resp) { + if !retried && c.retryOnError(resp) { //nolint:contextcheck // deeply nested context; retry using the same context retried = true goto retry } @@ -1139,7 +1139,7 @@ retry: return nil, clientError(err) } if resp.StatusCode >= 400 { - if !retried && c.retryOnError(resp) { + if !retried && c.retryOnError(resp) { //nolint:contextcheck // deeply nested context; retry using the same context retried = true goto retry } @@ -1169,7 +1169,7 @@ retry: return nil, clientError(err) } if resp.StatusCode >= 400 { - if !retried && c.retryOnError(resp) { + if !retried && c.retryOnError(resp) { //nolint:contextcheck // deeply nested context; retry using the same context retried = true goto retry } @@ -1199,7 +1199,7 @@ retry: return nil, clientError(err) } if resp.StatusCode >= 400 { - if !retried && c.retryOnError(resp) { + if !retried && c.retryOnError(resp) { //nolint:contextcheck // deeply nested context; retry using the same context retried = true goto retry } @@ -1233,7 +1233,7 @@ retry: return nil, clientError(err) } if resp.StatusCode >= 400 { - if !retried && c.retryOnError(resp) { + if !retried && c.retryOnError(resp) { //nolint:contextcheck // deeply nested context; retry using the same context retried = true goto retry } @@ -1272,7 +1272,7 @@ retry: return nil, clientError(err) } if resp.StatusCode >= 400 { - if !retried && c.retryOnError(resp) { + if !retried && c.retryOnError(resp) { //nolint:contextcheck // deeply nested context; retry using the same context retried = true goto retry } @@ -1301,7 +1301,7 @@ retry: return nil, clientError(err) } if resp.StatusCode >= 400 { - if !retried && c.retryOnError(resp) { + if !retried && c.retryOnError(resp) { //nolint:contextcheck // deeply nested context; retry using the same context retried = true goto retry } @@ -1333,7 +1333,7 @@ retry: return nil, clientError(err) } if resp.StatusCode >= 400 { - if !retried && c.retryOnError(resp) { + if !retried && c.retryOnError(resp) { //nolint:contextcheck // deeply nested context; retry using the same context retried = true goto retry } diff --git a/ca/tls.go b/ca/tls.go index 7644b11f..d5d479f3 100644 --- a/ca/tls.go +++ b/ca/tls.go @@ -135,7 +135,7 @@ func (c *Client) getClientTLSConfig(ctx context.Context, sign *api.SignResponse, //nolint:staticcheck // Use mutable tls.Config on renew tr.DialTLS = c.buildDialTLS(tlsCtx) // tr.DialTLSContext = c.buildDialTLSContext(tlsCtx) - renewer.RenewCertificate = getRenewFunc(tlsCtx, c, tr, pk) + renewer.RenewCertificate = getRenewFunc(tlsCtx, c, tr, pk) //nolint:contextcheck // deeply nested context // Update client transport c.SetTransport(tr) @@ -183,7 +183,7 @@ func (c *Client) GetServerTLSConfig(ctx context.Context, sign *api.SignResponse, //nolint:staticcheck // Use mutable tls.Config on renew tr.DialTLS = c.buildDialTLS(tlsCtx) // tr.DialTLSContext = c.buildDialTLSContext(tlsCtx) - renewer.RenewCertificate = getRenewFunc(tlsCtx, c, tr, pk) + renewer.RenewCertificate = getRenewFunc(tlsCtx, c, tr, pk) //nolint:contextcheck // deeply nested context // Update client transport c.SetTransport(tr) diff --git a/cas/stepcas/issuer.go b/cas/stepcas/issuer.go index 07607caa..cf985974 100644 --- a/cas/stepcas/issuer.go +++ b/cas/stepcas/issuer.go @@ -1,6 +1,7 @@ package stepcas import ( + "context" "net/url" "strings" "time" @@ -37,7 +38,7 @@ type stepIssuer interface { } // newStepIssuer returns the configured step issuer. -func newStepIssuer(caURL *url.URL, client *ca.Client, iss *apiv1.CertificateIssuer) (stepIssuer, error) { +func newStepIssuer(ctx context.Context, caURL *url.URL, client *ca.Client, iss *apiv1.CertificateIssuer) (stepIssuer, error) { if err := validateCertificateIssuer(iss); err != nil { return nil, err } @@ -46,7 +47,7 @@ func newStepIssuer(caURL *url.URL, client *ca.Client, iss *apiv1.CertificateIssu case "x5c": return newX5CIssuer(caURL, iss) case "jwk": - return newJWKIssuer(caURL, client, iss) + return newJWKIssuer(ctx, caURL, client, iss) default: return nil, errors.Errorf("stepCAS `certificateIssuer.type` %s is not supported", iss.Type) } diff --git a/cas/stepcas/issuer_test.go b/cas/stepcas/issuer_test.go index 7d468e38..ff4f45f5 100644 --- a/cas/stepcas/issuer_test.go +++ b/cas/stepcas/issuer_test.go @@ -1,6 +1,7 @@ package stepcas import ( + "context" "net/url" "reflect" "testing" @@ -118,7 +119,7 @@ func Test_newStepIssuer(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - got, err := newStepIssuer(tt.args.caURL, tt.args.client, tt.args.iss) + got, err := newStepIssuer(context.TODO(), tt.args.caURL, tt.args.client, tt.args.iss) if (err != nil) != tt.wantErr { t.Errorf("newStepIssuer() error = %v, wantErr %v", err, tt.wantErr) return diff --git a/cas/stepcas/jwk_issuer.go b/cas/stepcas/jwk_issuer.go index 4ef4f541..5ef017a2 100644 --- a/cas/stepcas/jwk_issuer.go +++ b/cas/stepcas/jwk_issuer.go @@ -1,6 +1,7 @@ package stepcas import ( + "context" "crypto" "encoding/json" "net/url" @@ -21,13 +22,13 @@ type jwkIssuer struct { signer jose.Signer } -func newJWKIssuer(caURL *url.URL, client *ca.Client, cfg *apiv1.CertificateIssuer) (*jwkIssuer, error) { +func newJWKIssuer(ctx context.Context, caURL *url.URL, client *ca.Client, cfg *apiv1.CertificateIssuer) (*jwkIssuer, error) { var err error var signer jose.Signer // Read the key from the CA if not provided. // Or read it from a PEM file. if cfg.Key == "" { - p, err := findProvisioner(client, provisioner.TypeJWK, cfg.Provisioner) + p, err := findProvisioner(ctx, client, provisioner.TypeJWK, cfg.Provisioner) if err != nil { return nil, err } @@ -144,10 +145,10 @@ func newJWKSignerFromEncryptedKey(kid, key, password string) (jose.Signer, error return newJoseSigner(signer, so) } -func findProvisioner(client *ca.Client, typ provisioner.Type, name string) (provisioner.Interface, error) { +func findProvisioner(ctx context.Context, client *ca.Client, typ provisioner.Type, name string) (provisioner.Interface, error) { cursor := "" for { - ps, err := client.Provisioners(ca.WithProvisionerCursor(cursor)) + ps, err := client.ProvisionersWithContext(ctx, ca.WithProvisionerCursor(cursor)) if err != nil { return nil, err } diff --git a/cas/stepcas/stepcas.go b/cas/stepcas/stepcas.go index c64963e6..7c0dc86f 100644 --- a/cas/stepcas/stepcas.go +++ b/cas/stepcas/stepcas.go @@ -43,7 +43,7 @@ func New(ctx context.Context, opts apiv1.Options) (*StepCAS, error) { } // Create client. - client, err := ca.NewClient(opts.CertificateAuthority, ca.WithRootSHA256(opts.CertificateAuthorityFingerprint)) + client, err := ca.NewClient(opts.CertificateAuthority, ca.WithRootSHA256(opts.CertificateAuthorityFingerprint)) //nolint:contextcheck // deeply nested context if err != nil { return nil, err } @@ -52,7 +52,7 @@ func New(ctx context.Context, opts apiv1.Options) (*StepCAS, error) { // Create configured issuer unless we only want to use GetCertificateAuthority. // This avoid the request for the password if not provided. if !opts.IsCAGetter { - if iss, err = newStepIssuer(caURL, client, opts.CertificateIssuer); err != nil { + if iss, err = newStepIssuer(ctx, caURL, client, opts.CertificateIssuer); err != nil { return nil, err } } diff --git a/cas/stepcas/stepcas_test.go b/cas/stepcas/stepcas_test.go index 6691a4b4..b9dd9abd 100644 --- a/cas/stepcas/stepcas_test.go +++ b/cas/stepcas/stepcas_test.go @@ -245,7 +245,7 @@ func testJWKIssuer(t *testing.T, caURL *url.URL, password string) *jwkIssuer { key = testEncryptedKeyPath password = testPassword } - jwk, err := newJWKIssuer(caURL, client, &apiv1.CertificateIssuer{ + jwk, err := newJWKIssuer(context.TODO(), caURL, client, &apiv1.CertificateIssuer{ Type: "jwk", Provisioner: "ra@doe.org", Key: key,