Fix and/or ignore linting issues
This commit is contained in:
parent
319333f936
commit
b5961beba9
8 changed files with 40 additions and 37 deletions
|
@ -61,7 +61,7 @@ func Bootstrap(token string) (*Client, error) {
|
|||
// }
|
||||
// resp, err := client.Get("https://internal.smallstep.com")
|
||||
func BootstrapClient(ctx context.Context, token string, options ...TLSOption) (*http.Client, error) {
|
||||
b, err := createBootstrap(token)
|
||||
b, err := createBootstrap(token) //nolint:contextcheck // deeply nested context; temporary
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
@ -120,7 +120,7 @@ func BootstrapServer(ctx context.Context, token string, base *http.Server, optio
|
|||
return nil, errors.New("server TLSConfig is already set")
|
||||
}
|
||||
|
||||
b, err := createBootstrap(token)
|
||||
b, err := createBootstrap(token) //nolint:contextcheck // deeply nested context; temporary
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
@ -169,7 +169,7 @@ func BootstrapServer(ctx context.Context, token string, base *http.Server, optio
|
|||
// ... // register services
|
||||
// srv.Serve(lis)
|
||||
func BootstrapListener(ctx context.Context, token string, inner net.Listener, options ...TLSOption) (net.Listener, error) {
|
||||
b, err := createBootstrap(token)
|
||||
b, err := createBootstrap(token) //nolint:contextcheck // deeply nested context; temporary
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
44
ca/client.go
44
ca/client.go
|
@ -607,7 +607,7 @@ retry:
|
|||
return nil, clientError(err)
|
||||
}
|
||||
if resp.StatusCode >= 400 {
|
||||
if !retried && c.retryOnError(resp) {
|
||||
if !retried && c.retryOnError(resp) { //nolint:contextcheck // deeply nested context; retry using the same context
|
||||
retried = true
|
||||
goto retry
|
||||
}
|
||||
|
@ -637,7 +637,7 @@ retry:
|
|||
return nil, clientError(err)
|
||||
}
|
||||
if resp.StatusCode >= 400 {
|
||||
if !retried && c.retryOnError(resp) {
|
||||
if !retried && c.retryOnError(resp) { //nolint:contextcheck // deeply nested context; retry using the same context
|
||||
retried = true
|
||||
goto retry
|
||||
}
|
||||
|
@ -672,7 +672,7 @@ retry:
|
|||
return nil, clientError(err)
|
||||
}
|
||||
if resp.StatusCode >= 400 {
|
||||
if !retried && c.retryOnError(resp) {
|
||||
if !retried && c.retryOnError(resp) { //nolint:contextcheck // deeply nested context; retry using the same context
|
||||
retried = true
|
||||
goto retry
|
||||
}
|
||||
|
@ -711,7 +711,7 @@ retry:
|
|||
return nil, clientError(err)
|
||||
}
|
||||
if resp.StatusCode >= 400 {
|
||||
if !retried && c.retryOnError(resp) {
|
||||
if !retried && c.retryOnError(resp) { //nolint:contextcheck // deeply nested context; retry using the same context
|
||||
retried = true
|
||||
goto retry
|
||||
}
|
||||
|
@ -750,7 +750,7 @@ retry:
|
|||
return nil, clientError(err)
|
||||
}
|
||||
if resp.StatusCode >= 400 {
|
||||
if !retried && c.retryOnError(resp) {
|
||||
if !retried && c.retryOnError(resp) { //nolint:contextcheck // deeply nested context; retry using the same context
|
||||
retried = true
|
||||
goto retry
|
||||
}
|
||||
|
@ -787,7 +787,7 @@ retry:
|
|||
return nil, clientError(err)
|
||||
}
|
||||
if resp.StatusCode >= 400 {
|
||||
if !retried && c.retryOnError(resp) {
|
||||
if !retried && c.retryOnError(resp) { //nolint:contextcheck // deeply nested context; retry using the same context
|
||||
retried = true
|
||||
goto retry
|
||||
}
|
||||
|
@ -827,7 +827,7 @@ retry:
|
|||
return nil, clientError(err)
|
||||
}
|
||||
if resp.StatusCode >= 400 {
|
||||
if !retried && c.retryOnError(resp) {
|
||||
if !retried && c.retryOnError(resp) { //nolint:contextcheck // deeply nested context; retry using the same context
|
||||
retried = true
|
||||
goto retry
|
||||
}
|
||||
|
@ -868,7 +868,7 @@ retry:
|
|||
return nil, clientError(err)
|
||||
}
|
||||
if resp.StatusCode >= 400 {
|
||||
if !retried && c.retryOnError(resp) {
|
||||
if !retried && c.retryOnError(resp) { //nolint:contextcheck // deeply nested context; retry using the same context
|
||||
retried = true
|
||||
goto retry
|
||||
}
|
||||
|
@ -911,7 +911,7 @@ retry:
|
|||
return nil, clientError(err)
|
||||
}
|
||||
if resp.StatusCode >= 400 {
|
||||
if !retried && c.retryOnError(resp) {
|
||||
if !retried && c.retryOnError(resp) { //nolint:contextcheck // deeply nested context; retry using the same context
|
||||
retried = true
|
||||
goto retry
|
||||
}
|
||||
|
@ -943,7 +943,7 @@ retry:
|
|||
return nil, clientError(err)
|
||||
}
|
||||
if resp.StatusCode >= 400 {
|
||||
if !retried && c.retryOnError(resp) {
|
||||
if !retried && c.retryOnError(resp) { //nolint:contextcheck // deeply nested context; retry using the same context
|
||||
retried = true
|
||||
goto retry
|
||||
}
|
||||
|
@ -973,7 +973,7 @@ retry:
|
|||
return nil, clientError(err)
|
||||
}
|
||||
if resp.StatusCode >= 400 {
|
||||
if !retried && c.retryOnError(resp) {
|
||||
if !retried && c.retryOnError(resp) { //nolint:contextcheck // deeply nested context; retry using the same context
|
||||
retried = true
|
||||
goto retry
|
||||
}
|
||||
|
@ -1003,7 +1003,7 @@ retry:
|
|||
return nil, clientError(err)
|
||||
}
|
||||
if resp.StatusCode >= 400 {
|
||||
if !retried && c.retryOnError(resp) {
|
||||
if !retried && c.retryOnError(resp) { //nolint:contextcheck // deeply nested context; retry using the same context
|
||||
retried = true
|
||||
goto retry
|
||||
}
|
||||
|
@ -1037,7 +1037,7 @@ retry:
|
|||
return nil, clientError(err)
|
||||
}
|
||||
if resp.StatusCode >= 400 {
|
||||
if !retried && c.retryOnError(resp) {
|
||||
if !retried && c.retryOnError(resp) { //nolint:contextcheck // deeply nested context; retry using the same context
|
||||
retried = true
|
||||
goto retry
|
||||
}
|
||||
|
@ -1071,7 +1071,7 @@ retry:
|
|||
return nil, clientError(err)
|
||||
}
|
||||
if resp.StatusCode >= 400 {
|
||||
if !retried && c.retryOnError(resp) {
|
||||
if !retried && c.retryOnError(resp) { //nolint:contextcheck // deeply nested context; retry using the same context
|
||||
retried = true
|
||||
goto retry
|
||||
}
|
||||
|
@ -1105,7 +1105,7 @@ retry:
|
|||
return nil, clientError(err)
|
||||
}
|
||||
if resp.StatusCode >= 400 {
|
||||
if !retried && c.retryOnError(resp) {
|
||||
if !retried && c.retryOnError(resp) { //nolint:contextcheck // deeply nested context; retry using the same context
|
||||
retried = true
|
||||
goto retry
|
||||
}
|
||||
|
@ -1139,7 +1139,7 @@ retry:
|
|||
return nil, clientError(err)
|
||||
}
|
||||
if resp.StatusCode >= 400 {
|
||||
if !retried && c.retryOnError(resp) {
|
||||
if !retried && c.retryOnError(resp) { //nolint:contextcheck // deeply nested context; retry using the same context
|
||||
retried = true
|
||||
goto retry
|
||||
}
|
||||
|
@ -1169,7 +1169,7 @@ retry:
|
|||
return nil, clientError(err)
|
||||
}
|
||||
if resp.StatusCode >= 400 {
|
||||
if !retried && c.retryOnError(resp) {
|
||||
if !retried && c.retryOnError(resp) { //nolint:contextcheck // deeply nested context; retry using the same context
|
||||
retried = true
|
||||
goto retry
|
||||
}
|
||||
|
@ -1199,7 +1199,7 @@ retry:
|
|||
return nil, clientError(err)
|
||||
}
|
||||
if resp.StatusCode >= 400 {
|
||||
if !retried && c.retryOnError(resp) {
|
||||
if !retried && c.retryOnError(resp) { //nolint:contextcheck // deeply nested context; retry using the same context
|
||||
retried = true
|
||||
goto retry
|
||||
}
|
||||
|
@ -1233,7 +1233,7 @@ retry:
|
|||
return nil, clientError(err)
|
||||
}
|
||||
if resp.StatusCode >= 400 {
|
||||
if !retried && c.retryOnError(resp) {
|
||||
if !retried && c.retryOnError(resp) { //nolint:contextcheck // deeply nested context; retry using the same context
|
||||
retried = true
|
||||
goto retry
|
||||
}
|
||||
|
@ -1272,7 +1272,7 @@ retry:
|
|||
return nil, clientError(err)
|
||||
}
|
||||
if resp.StatusCode >= 400 {
|
||||
if !retried && c.retryOnError(resp) {
|
||||
if !retried && c.retryOnError(resp) { //nolint:contextcheck // deeply nested context; retry using the same context
|
||||
retried = true
|
||||
goto retry
|
||||
}
|
||||
|
@ -1301,7 +1301,7 @@ retry:
|
|||
return nil, clientError(err)
|
||||
}
|
||||
if resp.StatusCode >= 400 {
|
||||
if !retried && c.retryOnError(resp) {
|
||||
if !retried && c.retryOnError(resp) { //nolint:contextcheck // deeply nested context; retry using the same context
|
||||
retried = true
|
||||
goto retry
|
||||
}
|
||||
|
@ -1333,7 +1333,7 @@ retry:
|
|||
return nil, clientError(err)
|
||||
}
|
||||
if resp.StatusCode >= 400 {
|
||||
if !retried && c.retryOnError(resp) {
|
||||
if !retried && c.retryOnError(resp) { //nolint:contextcheck // deeply nested context; retry using the same context
|
||||
retried = true
|
||||
goto retry
|
||||
}
|
||||
|
|
|
@ -135,7 +135,7 @@ func (c *Client) getClientTLSConfig(ctx context.Context, sign *api.SignResponse,
|
|||
//nolint:staticcheck // Use mutable tls.Config on renew
|
||||
tr.DialTLS = c.buildDialTLS(tlsCtx)
|
||||
// tr.DialTLSContext = c.buildDialTLSContext(tlsCtx)
|
||||
renewer.RenewCertificate = getRenewFunc(tlsCtx, c, tr, pk)
|
||||
renewer.RenewCertificate = getRenewFunc(tlsCtx, c, tr, pk) //nolint:contextcheck // deeply nested context
|
||||
|
||||
// Update client transport
|
||||
c.SetTransport(tr)
|
||||
|
@ -183,7 +183,7 @@ func (c *Client) GetServerTLSConfig(ctx context.Context, sign *api.SignResponse,
|
|||
//nolint:staticcheck // Use mutable tls.Config on renew
|
||||
tr.DialTLS = c.buildDialTLS(tlsCtx)
|
||||
// tr.DialTLSContext = c.buildDialTLSContext(tlsCtx)
|
||||
renewer.RenewCertificate = getRenewFunc(tlsCtx, c, tr, pk)
|
||||
renewer.RenewCertificate = getRenewFunc(tlsCtx, c, tr, pk) //nolint:contextcheck // deeply nested context
|
||||
|
||||
// Update client transport
|
||||
c.SetTransport(tr)
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
package stepcas
|
||||
|
||||
import (
|
||||
"context"
|
||||
"net/url"
|
||||
"strings"
|
||||
"time"
|
||||
|
@ -37,7 +38,7 @@ type stepIssuer interface {
|
|||
}
|
||||
|
||||
// newStepIssuer returns the configured step issuer.
|
||||
func newStepIssuer(caURL *url.URL, client *ca.Client, iss *apiv1.CertificateIssuer) (stepIssuer, error) {
|
||||
func newStepIssuer(ctx context.Context, caURL *url.URL, client *ca.Client, iss *apiv1.CertificateIssuer) (stepIssuer, error) {
|
||||
if err := validateCertificateIssuer(iss); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
@ -46,7 +47,7 @@ func newStepIssuer(caURL *url.URL, client *ca.Client, iss *apiv1.CertificateIssu
|
|||
case "x5c":
|
||||
return newX5CIssuer(caURL, iss)
|
||||
case "jwk":
|
||||
return newJWKIssuer(caURL, client, iss)
|
||||
return newJWKIssuer(ctx, caURL, client, iss)
|
||||
default:
|
||||
return nil, errors.Errorf("stepCAS `certificateIssuer.type` %s is not supported", iss.Type)
|
||||
}
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
package stepcas
|
||||
|
||||
import (
|
||||
"context"
|
||||
"net/url"
|
||||
"reflect"
|
||||
"testing"
|
||||
|
@ -118,7 +119,7 @@ func Test_newStepIssuer(t *testing.T) {
|
|||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
got, err := newStepIssuer(tt.args.caURL, tt.args.client, tt.args.iss)
|
||||
got, err := newStepIssuer(context.TODO(), tt.args.caURL, tt.args.client, tt.args.iss)
|
||||
if (err != nil) != tt.wantErr {
|
||||
t.Errorf("newStepIssuer() error = %v, wantErr %v", err, tt.wantErr)
|
||||
return
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
package stepcas
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto"
|
||||
"encoding/json"
|
||||
"net/url"
|
||||
|
@ -21,13 +22,13 @@ type jwkIssuer struct {
|
|||
signer jose.Signer
|
||||
}
|
||||
|
||||
func newJWKIssuer(caURL *url.URL, client *ca.Client, cfg *apiv1.CertificateIssuer) (*jwkIssuer, error) {
|
||||
func newJWKIssuer(ctx context.Context, caURL *url.URL, client *ca.Client, cfg *apiv1.CertificateIssuer) (*jwkIssuer, error) {
|
||||
var err error
|
||||
var signer jose.Signer
|
||||
// Read the key from the CA if not provided.
|
||||
// Or read it from a PEM file.
|
||||
if cfg.Key == "" {
|
||||
p, err := findProvisioner(client, provisioner.TypeJWK, cfg.Provisioner)
|
||||
p, err := findProvisioner(ctx, client, provisioner.TypeJWK, cfg.Provisioner)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
@ -144,10 +145,10 @@ func newJWKSignerFromEncryptedKey(kid, key, password string) (jose.Signer, error
|
|||
return newJoseSigner(signer, so)
|
||||
}
|
||||
|
||||
func findProvisioner(client *ca.Client, typ provisioner.Type, name string) (provisioner.Interface, error) {
|
||||
func findProvisioner(ctx context.Context, client *ca.Client, typ provisioner.Type, name string) (provisioner.Interface, error) {
|
||||
cursor := ""
|
||||
for {
|
||||
ps, err := client.Provisioners(ca.WithProvisionerCursor(cursor))
|
||||
ps, err := client.ProvisionersWithContext(ctx, ca.WithProvisionerCursor(cursor))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
|
@ -43,7 +43,7 @@ func New(ctx context.Context, opts apiv1.Options) (*StepCAS, error) {
|
|||
}
|
||||
|
||||
// Create client.
|
||||
client, err := ca.NewClient(opts.CertificateAuthority, ca.WithRootSHA256(opts.CertificateAuthorityFingerprint))
|
||||
client, err := ca.NewClient(opts.CertificateAuthority, ca.WithRootSHA256(opts.CertificateAuthorityFingerprint)) //nolint:contextcheck // deeply nested context
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
@ -52,7 +52,7 @@ func New(ctx context.Context, opts apiv1.Options) (*StepCAS, error) {
|
|||
// Create configured issuer unless we only want to use GetCertificateAuthority.
|
||||
// This avoid the request for the password if not provided.
|
||||
if !opts.IsCAGetter {
|
||||
if iss, err = newStepIssuer(caURL, client, opts.CertificateIssuer); err != nil {
|
||||
if iss, err = newStepIssuer(ctx, caURL, client, opts.CertificateIssuer); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
|
|
|
@ -245,7 +245,7 @@ func testJWKIssuer(t *testing.T, caURL *url.URL, password string) *jwkIssuer {
|
|||
key = testEncryptedKeyPath
|
||||
password = testPassword
|
||||
}
|
||||
jwk, err := newJWKIssuer(caURL, client, &apiv1.CertificateIssuer{
|
||||
jwk, err := newJWKIssuer(context.TODO(), caURL, client, &apiv1.CertificateIssuer{
|
||||
Type: "jwk",
|
||||
Provisioner: "ra@doe.org",
|
||||
Key: key,
|
||||
|
|
Loading…
Reference in a new issue