From 35b0abe8d9ae88e51b4d5a7b830278e861eab927 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Wed, 20 Mar 2024 17:12:09 +0100 Subject: [PATCH 1/3] Run go-makefile-maker --- .golangci.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.golangci.yaml b/.golangci.yaml index d4c01cf6..c3e5010f 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -76,8 +76,9 @@ linters-settings: # created file permissions are restricted by umask if necessary - G306 govet: - # Report about shadowed variables. - check-shadowing: true + enable-all: true + disable: + - fieldalignment nolintlint: require-specific: true stylecheck: From dbdd97a3f2ce57766258758fc56cfc9cdc927fb4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Wed, 20 Mar 2024 17:23:25 +0100 Subject: [PATCH 2/3] Fix lints --- go.mod | 3 --- go.sum | 6 ------ internal/api/api_test.go | 4 ++-- internal/api/events.go | 16 ++++++++-------- internal/api/server.go | 10 +++++----- internal/api/token.go | 6 +++--- internal/api/util.go | 2 +- internal/hermes/events.go | 2 +- internal/identity/interface.go | 6 +++--- internal/identity/keystone.go | 16 ++++++++-------- internal/identity/mock.go | 2 +- internal/policy/policy_test.go | 14 +++++++------- internal/storage/elasticsearch.go | 8 ++++---- internal/storage/interface.go | 2 +- internal/test/http.go | 12 ++++++------ internal/util/hacks.go | 12 ++++++------ main.go | 2 +- 17 files changed, 57 insertions(+), 66 deletions(-) diff --git a/go.mod b/go.mod index de08bc0b..8a08be0b 100644 --- a/go.mod +++ b/go.mod @@ -20,7 +20,6 @@ require ( require ( github.com/beorn7/perks v1.0.1 // indirect - github.com/catenacyber/perfsprint v0.7.1 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect @@ -43,10 +42,8 @@ require ( github.com/subosito/gotenv v1.6.0 // indirect go.uber.org/multierr v1.11.0 // indirect golang.org/x/exp v0.0.0-20240318143956-a85f2c67cd81 // indirect - golang.org/x/mod v0.16.0 // indirect golang.org/x/sys v0.18.0 // indirect golang.org/x/text v0.14.0 // indirect - golang.org/x/tools v0.19.0 // indirect google.golang.org/protobuf v1.33.0 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect diff --git a/go.sum b/go.sum index eb025c2f..9167af84 100644 --- a/go.sum +++ b/go.sum @@ -1,7 +1,5 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= -github.com/catenacyber/perfsprint v0.7.1 h1:PGW5G/Kxn+YrN04cRAZKC+ZuvlVwolYMrIyyTJ/rMmc= -github.com/catenacyber/perfsprint v0.7.1/go.mod h1:/wclWYompEyjUD2FuIIDVKNkqz7IgBIWXIH3V0Zol50= github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/databus23/goslo.policy v0.0.0-20210929125152-81bf2876dbdb h1:8JB2G8t3o1iCL8vCzssUj2Nn2qjqSab2/G3xXhvkpPQ= @@ -96,8 +94,6 @@ go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN8 golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/exp v0.0.0-20240318143956-a85f2c67cd81 h1:6R2FC06FonbXQ8pK11/PDFY6N6LWlf9KlzibaCapmqc= golang.org/x/exp v0.0.0-20240318143956-a85f2c67cd81/go.mod h1:CQ1k9gNrJ50XIzaKCRR2hssIjF07kZFEiieALBM/ARQ= -golang.org/x/mod v0.16.0 h1:QX4fJ0Rr5cPQCF7O9lh9Se4pmwfwskqZfq5moyldzic= -golang.org/x/mod v0.16.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -109,8 +105,6 @@ golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.19.0 h1:tfGCXNR1OsFG+sVdLAitlpjAvD/I6dHDKnYrpEZUHkw= -golang.org/x/tools v0.19.0/go.mod h1:qoJWxmGSIBmAeriMx19ogtrEPrGtDbPK634QFIcLAhc= google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/internal/api/api_test.go b/internal/api/api_test.go index 603e09e2..9beff93b 100644 --- a/internal/api/api_test.go +++ b/internal/api/api_test.go @@ -35,7 +35,7 @@ import ( ) func setupTest(t *testing.T) http.Handler { - //load test policy (where everything is allowed) + // load test policy (where everything is allowed) policyBytes, err := os.ReadFile("../test/policy.json") if err != nil { t.Fatal(err) @@ -51,7 +51,7 @@ func setupTest(t *testing.T) http.Handler { } viper.Set("hermes.PolicyEnforcer", policyEnforcer) - //create test driver with the domains and projects from start-data.sql + // create test driver with the domains and projects from start-data.sql keystone := identity.Mock{} storageInterface := storage.Mock{} diff --git a/internal/api/events.go b/internal/api/events.go index 53fac09e..b15f3098 100644 --- a/internal/api/events.go +++ b/internal/api/events.go @@ -59,7 +59,7 @@ func (p *v1Provider) ListEvents(res http.ResponseWriter, req *http.Request) { limit, _ := strconv.ParseUint(req.FormValue("limit"), 10, 32) //nolint:errcheck // Parse the sort query string - //slice of a struct, key and direction. + // slice of a struct, key and direction. sortSpec := []hermes.FieldOrder{} validSortTopics := map[string]bool{ @@ -86,7 +86,7 @@ func (p *v1Provider) ListEvents(res http.ResponseWriter, req *http.Request) { if sortParam != "" { for _, sortElement := range strings.Split(sortParam, ",") { keyVal := strings.SplitN(sortElement, ":", 2) - //`time`, `source`, `resource_type`, `resource_name`, and `event_type`. + // `time`, `source`, `resource_type`, `resource_name`, and `event_type`. sortfield := keyVal[0] if !validSortTopics[sortfield] { err := fmt.Errorf("not a valid topic: %s, valid topics: %v", sortfield, reflect.ValueOf(validSortTopics).MapKeys()) @@ -223,8 +223,8 @@ func (p *v1Provider) GetEventDetails(res http.ResponseWriter, req *http.Request) } // Sanitize user input eventID := mux.Vars(req)["event_id"] - eventID = strings.Replace(eventID, "\n", "", -1) - eventID = strings.Replace(eventID, "\r", "", -1) + eventID = strings.ReplaceAll(eventID, "\n", "") + eventID = strings.ReplaceAll(eventID, "\r", "") // Validate if eventID is a valid UUID if _, err := uuid.Parse(eventID); err != nil { @@ -261,8 +261,8 @@ func (p *v1Provider) GetAttributes(res http.ResponseWriter, req *http.Request) { // Handle QueryParams, Sanitize user input queryName := mux.Vars(req)["attribute_name"] - queryName = strings.Replace(queryName, "\n", "", -1) - queryName = strings.Replace(queryName, "\r", "", -1) + queryName = strings.ReplaceAll(queryName, "\n", "") + queryName = strings.ReplaceAll(queryName, "\r", "") if queryName == "" { logg.Debug("attribute_name empty") return @@ -313,8 +313,8 @@ func getIndexID(token *Token, r *http.Request, w http.ResponseWriter) (string, e // Sanitize user input projectid := r.FormValue("project_id") - projectid = strings.Replace(projectid, "\n", "", -1) - projectid = strings.Replace(projectid, "\r", "", -1) + projectid = strings.ReplaceAll(projectid, "\n", "") + projectid = strings.ReplaceAll(projectid, "\r", "") // When the projectid argument is defined, check for the cluster_viewer rule if v := projectid; v != "" { if !token.Require(w, "cluster_viewer") { diff --git a/internal/api/server.go b/internal/api/server.go index 91feb9a6..5e252dfa 100644 --- a/internal/api/server.go +++ b/internal/api/server.go @@ -42,10 +42,10 @@ func Server(keystone identity.Identity, storageInterface storage.Storage) error fmt.Println("API") mainRouter := setupRouter(keystone, storageInterface) - //start HTTP server + // start HTTP server listenaddress := viper.GetString("API.ListenAddress") logg.Info("listening on %s", listenaddress) - //enable cors support + // enable cors support c := cors.New(cors.Options{ AllowedHeaders: []string{"X-Auth-Token", "Content-Type", "Accept"}, AllowedMethods: []string{"GET", "HEAD"}, @@ -59,12 +59,12 @@ func Server(keystone identity.Identity, storageInterface storage.Storage) error func setupRouter(keystone identity.Identity, storageInterface storage.Storage) http.Handler { mainRouter := mux.NewRouter() - //hook up the v1 API (this code is structured so that a newer API version can - //be added easily later) + // hook up the v1 API (this code is structured so that a newer API version can + // be added easily later) v1Router, v1VersionData := NewV1Handler(keystone, storageInterface) mainRouter.PathPrefix("/v1/").Handler(v1Router) - //add the version advertisement that lists all available API versions + // add the version advertisement that lists all available API versions mainRouter.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) { allVersions := struct { Versions []VersionData `json:"versions"` diff --git a/internal/api/token.go b/internal/api/token.go index 080b8e38..23338544 100644 --- a/internal/api/token.go +++ b/internal/api/token.go @@ -28,6 +28,7 @@ import ( policy "github.com/databus23/goslo.policy" "github.com/gophercloud/gophercloud" "github.com/gorilla/mux" + "github.com/sapcc/go-bits/errext" "github.com/sapcc/go-bits/logg" "github.com/spf13/viper" ) @@ -53,8 +54,7 @@ func (p *v1Provider) CheckToken(r *http.Request) *Token { t.context, t.err = p.keystone.ValidateToken(str) if t.err != nil { logg.Debug("Error connection to identity server %s", t.err) - switch t.err.(type) { //nolint:errorlint - case gophercloud.ErrDefault404: + if _, ok := errext.As[gophercloud.ErrDefault404](t.err); ok { // nolint: errcheck // type checking t.err = errors.New("X-Auth-Token is invalid or expired") } } @@ -82,7 +82,7 @@ func (t *Token) Require(w http.ResponseWriter, rule string) bool { } if os.Getenv("DEBUG") == "1" { - t.context.Logger = log.Printf //or any other function with the same signature + t.context.Logger = log.Printf // or any other function with the same signature } if !t.enforcer.Enforce(rule, t.context) { http.Error(w, "Forbidden", http.StatusForbidden) diff --git a/internal/api/util.go b/internal/api/util.go index 66b349e2..8c0bba1e 100644 --- a/internal/api/util.go +++ b/internal/api/util.go @@ -51,7 +51,7 @@ type versionLinkData struct { func ReturnJSON(w http.ResponseWriter, code int, data any) { payload, err := json.MarshalIndent(&data, "", " ") // Replaces & symbols properly in json within urls due to Elasticsearch - payload = bytes.Replace(payload, []byte("\\u0026"), []byte("&"), -1) + payload = bytes.ReplaceAll(payload, []byte("\\u0026"), []byte("&")) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return diff --git a/internal/hermes/events.go b/internal/hermes/events.go index ffee9767..b866e1c1 100644 --- a/internal/hermes/events.go +++ b/internal/hermes/events.go @@ -74,7 +74,7 @@ type EventFilter struct { // FieldOrder is an embedded struct for Event Filtering type FieldOrder struct { Fieldname string - Order string //asc or desc + Order string // asc or desc } // AttributeFilter maps to the filtering allowed by the API for Attributes diff --git a/internal/identity/interface.go b/internal/identity/interface.go index 335e11ef..7c9548f2 100644 --- a/internal/identity/interface.go +++ b/internal/identity/interface.go @@ -28,9 +28,9 @@ import ( // token checking of API users. Because it is an interface, the real implementation // can be mocked away in unit tests. type Identity interface { - //Return the main gophercloud client from which the respective service - //clients can be derived. For Mock drivers, this returns nil, so test code - //should be prepared to handle a nil Client() where appropriate. + // Return the main gophercloud client from which the respective service + // clients can be derived. For Mock drivers, this returns nil, so test code + // should be prepared to handle a nil Client() where appropriate. Client() (*gophercloud.ProviderClient, error) AuthOptions() *gophercloud.AuthOptions /********** requests to Keystone **********/ diff --git a/internal/identity/keystone.go b/internal/identity/keystone.go index ce9d0bb6..a970fd33 100644 --- a/internal/identity/keystone.go +++ b/internal/identity/keystone.go @@ -75,7 +75,7 @@ func (d Keystone) keystoneClient() (*gophercloud.ServiceClient, error) { } if providerClient == nil { var err error - //providerClient, err = openstack.NewClient(viper.GetString("Keystone.auth_url")) + // providerClient, err = openstack.NewClient(viper.GetString("Keystone.auth_url")) opts := d.AuthOptions() providerClient, err = openstack.AuthenticatedClient(*opts) if err != nil { @@ -115,11 +115,11 @@ func (d Keystone) ValidateToken(token string) (policy.Context, error) { response := tokens.Get(client, token) if response.Err != nil { - //this includes 4xx responses, so after this point, we can be sure that the token is valid + // this includes 4xx responses, so after this point, we can be sure that the token is valid return policy.Context{}, response.Err } - //use a custom token struct instead of tMap.Token which is way incomplete + // use a custom token struct instead of tMap.Token which is way incomplete var tokenData keystoneToken err = response.ExtractInto(&tokenData) if err != nil { @@ -137,10 +137,10 @@ func (d Keystone) Authenticate(credentials *gophercloud.AuthOptions) (policy.Con } response := tokens.Create(client, credentials) if response.Err != nil { - //this includes 4xx responses, so after this point, we can be sure that the token is valid + // this includes 4xx responses, so after this point, we can be sure that the token is valid return policy.Context{}, response.Err } - //use a custom token struct instead of tMap.Token which is way incomplete + // use a custom token struct instead of tMap.Token which is way incomplete var tokenData keystoneToken err = response.ExtractInto(&tokenData) if err != nil { @@ -400,10 +400,10 @@ func (t *keystoneToken) ToContext() policy.Context { // to fetch the initial token on startup. func (d Keystone) RefreshToken() error { //NOTE: This function is very similar to v3auth() in - //gophercloud/openstack/client.go, but with a few differences: + // gophercloud/openstack/client.go, but with a few differences: // - //1. thread-safe token renewal - //2. proper support for cross-domain scoping + // 1. thread-safe token renewal + // 2. proper support for cross-domain scoping logg.Debug("Getting service user Identity token...") diff --git a/internal/identity/mock.go b/internal/identity/mock.go index e5004f11..8f4b4739 100644 --- a/internal/identity/mock.go +++ b/internal/identity/mock.go @@ -28,7 +28,7 @@ import ( // Mock TODO: emnpty struct? Is there a better way? type Mock struct{} -//keystoneClient for mocking connection - unused re:golangci +// keystoneClient for mocking connection - unused re:golangci // func (d Mock) keystoneClient() (*gophercloud.ServiceClient, error) { // return nil, nil // } diff --git a/internal/policy/policy_test.go b/internal/policy/policy_test.go index 7284589e..a8afc631 100644 --- a/internal/policy/policy_test.go +++ b/internal/policy/policy_test.go @@ -53,7 +53,7 @@ func Test_Policy_AuditViewerTrue(t *testing.T) { }, // Auth will only have one entry Auth: map[string]string{ - //"domain_id": "ca1b267e149d4e44bf53d28d1c8d6bc9", + // "domain_id": "ca1b267e149d4e44bf53d28d1c8d6bc9", "project_id": "7a09c05926ec452ca7992af4aa03c31d", }, Request: map[string]string{ @@ -72,7 +72,7 @@ func Test_Policy_UnknownRoleFalse(t *testing.T) { }, Auth: map[string]string{ "domain_id": "ca1b267e149d4e44bf53d28d1c8d6bc9", - //"project_id": "7a09c05926ec452ca7992af4aa03c31d", + // "project_id": "7a09c05926ec452ca7992af4aa03c31d", }, Request: map[string]string{ "domain_id": "ca1b267e149d4e44bf53d28d1c8d6bc9", @@ -150,17 +150,17 @@ func TestPolicy(t *testing.T) { if enforcer.Enforce("non_existent_rule", serviceContext) { t.Error("Non existent rule should not pass") } - //if !enforcer.Enforce("cloud_admin", adminContext) { + // if !enforcer.Enforce("cloud_admin", adminContext) { // t.Error("cloud_admin check should pass") //} - //if !enforcer.Enforce("service_admin_or_owner", adminContext) { + // if !enforcer.Enforce("service_admin_or_owner", adminContext) { // t.Error("service_admin_or_owner should pass for admin") //} - //if !enforcer.Enforce("service_admin_or_owner", userContext) { + // if !enforcer.Enforce("service_admin_or_owner", userContext) { // t.Error("service_admin_or_owner should pass for owner") //} - //userContext.Request["user_id"] = "u-2" - //if enforcer.Enforce("service_admin_or_owner", userContext) { + // userContext.Request["user_id"] = "u-2" + // if enforcer.Enforce("service_admin_or_owner", userContext) { // t.Error("service_admin_or_owner should pass for non owning user") //} } diff --git a/internal/storage/elasticsearch.go b/internal/storage/elasticsearch.go index ca2f3d82..64a93215 100644 --- a/internal/storage/elasticsearch.go +++ b/internal/storage/elasticsearch.go @@ -129,7 +129,7 @@ func (es ElasticSearch) GetEvents(filter *EventFilter, tenantID string) ([]*cadf query := elastic.NewBoolQuery() if filter.ObserverType != "" { - //logg.Debug("Filtering on ObserverType %s", filter.ObserverType) + // logg.Debug("Filtering on ObserverType %s", filter.ObserverType) query = FilterQuery(filter.ObserverType, esFieldMapping["observer_type"], query) } if filter.TargetType != "" { @@ -202,7 +202,7 @@ func (es ElasticSearch) GetEvents(filter *EventFilter, tenantID string) ([]*cadf From(int(filter.Offset)).Size(int(filter.Limit)) searchResult, err := esSearch.Do(context.Background()) // execute - //errcheck already within an errchecek, this is for additional detail. + // errcheck already within an errchecek, this is for additional detail. if err != nil { e, _ := err.(*elastic.Error) //nolint:errcheck,errorlint errdetails, _ := json.Marshal(e.Details) //nolint:errcheck @@ -212,7 +212,7 @@ func (es ElasticSearch) GetEvents(filter *EventFilter, tenantID string) ([]*cadf logg.Debug("Got %d hits", searchResult.TotalHits()) - //Construct EventDetail array from search results + // Construct EventDetail array from search results var events []*cadf.Event for _, hit := range searchResult.Hits.Hits { var de cadf.Event @@ -276,7 +276,7 @@ func (es ElasticSearch) GetAttributes(filter *AttributeFilter, tenantID string) esSearch := es.client().Search().Index(index).Size(int(filter.Limit)).Aggregation("attributes", queryAgg) searchResult, err := esSearch.Do(context.Background()) - //errcheck already within an errcheck, this is for additional detail. + // errcheck already within an errcheck, this is for additional detail. if err != nil { e, _ := err.(*elastic.Error) //nolint:errcheck,errorlint errdetails, _ := json.Marshal(e.Details) //nolint:errcheck diff --git a/internal/storage/interface.go b/internal/storage/interface.go index 535b2cf4..611f1cdd 100644 --- a/internal/storage/interface.go +++ b/internal/storage/interface.go @@ -73,7 +73,7 @@ type Storage interface { // FieldOrder maps the sort Fieldname and Order type FieldOrder struct { Fieldname string - Order string //asc or desc + Order string // asc or desc } // EventFilter is similar to hermes.EventFilter, but using IDs instead of names diff --git a/internal/test/http.go b/internal/test/http.go index 697e1244..783500b4 100644 --- a/internal/test/http.go +++ b/internal/test/http.go @@ -36,11 +36,11 @@ import ( type APIRequest struct { Method string Path string - RequestJSON any //if non-nil, will be encoded as JSON + RequestJSON any // if non-nil, will be encoded as JSON ExpectStatusCode int - ExpectBody *string //raw content (not a file path) - ExpectJSON string //path to JSON file - ExpectFile string //path to arbitrary file + ExpectBody *string // raw content (not a file path) + ExpectJSON string // path to JSON file + ExpectFile string // path to arbitrary file } // Check performs the HTTP request described by this APIRequest against the @@ -101,8 +101,8 @@ func (r APIRequest) Check(t *testing.T, handler http.Handler) { } func (r APIRequest) compareBodyToFixture(t *testing.T, fixturePath string, data []byte) { - //write actual content to file to make it easy to copy the computed result over - //to the fixture path when a new test is added or an existing one is modified + // write actual content to file to make it easy to copy the computed result over + // to the fixture path when a new test is added or an existing one is modified fixturePathAbs, err := filepath.Abs(fixturePath) if err != nil { t.Fatal(err) diff --git a/internal/util/hacks.go b/internal/util/hacks.go index 2aef93d8..8a056478 100644 --- a/internal/util/hacks.go +++ b/internal/util/hacks.go @@ -26,12 +26,12 @@ import ( ) func init() { - //I have some trouble getting hermes to connect to our staging OpenStack - //through mitmproxy (which is very useful for development and debugging) when - //TLS certificate verification is enabled. Therefore, allow to turn it off - //with an env variable. (It's very important that this is not the standard - //"DEBUG" variable. "DEBUG" is meant to be useful for production systems, - //where you definitely don't want to turn off certificate verification.) + // I have some trouble getting hermes to connect to our staging OpenStack + // through mitmproxy (which is very useful for development and debugging) when + // TLS certificate verification is enabled. Therefore, allow to turn it off + // with an env variable. (It's very important that this is not the standard + // "DEBUG" variable. "DEBUG" is meant to be useful for production systems, + // where you definitely don't want to turn off certificate verification.) if os.Getenv("HERMES_INSECURE") == "1" { tlsConf := &tls.Config{ InsecureSkipVerify: true, //nolint:gosec // intentional usage of InsecureSkipVerify diff --git a/main.go b/main.go index a744077a..5aad26f9 100644 --- a/main.go +++ b/main.go @@ -148,7 +148,7 @@ func configuredStorageDriver() storage.Storage { } func readPolicy() { - //load the policy file + // load the policy file policyEnforcer, err := util.LoadPolicyFile(viper.GetString("hermes.PolicyFilePath")) if err != nil { logg.Fatal(err.Error()) From dee0e9a361387c14e41dc4f62752bc32c9b74e09 Mon Sep 17 00:00:00 2001 From: Nathan Oyler Date: Wed, 20 Mar 2024 20:51:52 -0700 Subject: [PATCH 3/3] fix lint --- internal/api/token.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/api/token.go b/internal/api/token.go index 23338544..b509b734 100644 --- a/internal/api/token.go +++ b/internal/api/token.go @@ -54,7 +54,7 @@ func (p *v1Provider) CheckToken(r *http.Request) *Token { t.context, t.err = p.keystone.ValidateToken(str) if t.err != nil { logg.Debug("Error connection to identity server %s", t.err) - if _, ok := errext.As[gophercloud.ErrDefault404](t.err); ok { // nolint: errcheck // type checking + if _, ok := errext.As[gophercloud.ErrDefault404](t.err); ok { //nolint: errcheck // type checking t.err = errors.New("X-Auth-Token is invalid or expired") } }