diff --git a/.github/workflows/dapr.yml b/.github/workflows/dapr.yml index 0f7d0df6544..632969b5b9f 100644 --- a/.github/workflows/dapr.yml +++ b/.github/workflows/dapr.yml @@ -22,7 +22,7 @@ jobs: runs-on: ${{ matrix.os }} env: GOVER: 1.15 - GOLANGCILINT_VER: 1.26.0 + GOLANGCILINT_VER: 1.31.0 GOOS: ${{ matrix.target_os }} GOARCH: ${{ matrix.target_arch }} GOPROXY: https://proxy.golang.org diff --git a/.golangci.yml b/.golangci.yml index fc119e4e8ef..37f85d8188c 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -175,6 +175,7 @@ linters-settings: - hugeParam - ifElseChain - singleCaseSwitch + - exitAfterDefer # Enable multiple checks by tags, run `GL_DEBUG=gocritic golangci-lint run` to see all tags and checks. # Empty list by default. See https://github.com/go-critic/go-critic#usage -> section "Tags". @@ -237,3 +238,8 @@ linters: - testpackage - goerr113 - nestif + - nlreturn + - exhaustive + - noctx + - gci + - gofumpt diff --git a/pkg/actors/actor_test.go b/pkg/actors/actor_test.go index eef070492bd..8a5b28179f4 100644 --- a/pkg/actors/actor_test.go +++ b/pkg/actors/actor_test.go @@ -53,7 +53,7 @@ func TestBusyChannel(t *testing.T) { testActor := newActor("testType", "testID") testActor.lock() - var channelClosed = false + channelClosed := false go func() { select { case <-time.After(10 * time.Second): diff --git a/pkg/actors/actors.go b/pkg/actors/actors.go index b973fe96993..ceeecb86c9a 100644 --- a/pkg/actors/actors.go +++ b/pkg/actors/actors.go @@ -305,7 +305,6 @@ func (a *actorsRuntime) callLocalActor(ctx context.Context, req *invokev1.Invoke req.Message().HttpExtension.Verb = commonv1pb.HTTPExtension_PUT } resp, err := a.appChannel.InvokeMethod(ctx, req) - if err != nil { return nil, err } @@ -698,7 +697,8 @@ func (a *actorsRuntime) evaluateReminders() { go func(wg *sync.WaitGroup, reminders []Reminder) { defer wg.Done() - for _, r := range reminders { + for i := range reminders { + r := reminders[i] // Make a copy since we will refer to this as a reference in this loop. targetActorAddress, _ := a.lookupActorAddress(r.ActorType, r.ActorID) if targetActorAddress == "" { continue @@ -1212,7 +1212,7 @@ func (a *actorsRuntime) DeleteTimer(ctx context.Context, req *DeleteTimerRequest } func (a *actorsRuntime) GetActiveActorsCount(ctx context.Context) []ActiveActorsCount { - var actorCountMap = map[string]int{} + actorCountMap := map[string]int{} a.actorsTable.Range(func(key, value interface{}) bool { actorType, _ := a.getActorTypeAndIDFromKey(key.(string)) actorCountMap[actorType]++ @@ -1220,7 +1220,7 @@ func (a *actorsRuntime) GetActiveActorsCount(ctx context.Context) []ActiveActors return true }) - var activeActorsCount = []ActiveActorsCount{} + activeActorsCount := []ActiveActorsCount{} for actorType, count := range actorCountMap { activeActorsCount = append(activeActorsCount, ActiveActorsCount{Type: actorType, Count: count}) } diff --git a/pkg/credentials/grpc.go b/pkg/credentials/grpc.go index 46c6befecdc..4d393586e14 100644 --- a/pkg/credentials/grpc.go +++ b/pkg/credentials/grpc.go @@ -23,6 +23,7 @@ func GetServerOptions(certChain *CertChain) ([]grpc.ServerOption, error) { return opts, nil } + // nolint:gosec config := &tls.Config{ ClientCAs: cp, // Require cert verification diff --git a/pkg/credentials/tls.go b/pkg/credentials/tls.go index a271f023fb2..ebf458ea7ab 100644 --- a/pkg/credentials/tls.go +++ b/pkg/credentials/tls.go @@ -12,6 +12,7 @@ func TLSConfigFromCertAndKey(certPem, keyPem []byte, serverName string, rootCA * return nil, err } + // nolint:gosec config := &tls.Config{ InsecureSkipVerify: false, RootCAs: rootCA, diff --git a/pkg/diagnostics/utils/metrics_utils_test.go b/pkg/diagnostics/utils/metrics_utils_test.go index 82691e37ad9..cc03c21c1ed 100644 --- a/pkg/diagnostics/utils/metrics_utils_test.go +++ b/pkg/diagnostics/utils/metrics_utils_test.go @@ -14,37 +14,37 @@ import ( func TestWithTags(t *testing.T) { t.Run("one tag", func(t *testing.T) { - var appKey = tag.MustNewKey("app_id") + appKey := tag.MustNewKey("app_id") mutators := WithTags(appKey, "test") assert.Equal(t, 1, len(mutators)) }) t.Run("two tags", func(t *testing.T) { - var appKey = tag.MustNewKey("app_id") - var operationKey = tag.MustNewKey("operation") + appKey := tag.MustNewKey("app_id") + operationKey := tag.MustNewKey("operation") mutators := WithTags(appKey, "test", operationKey, "op") assert.Equal(t, 2, len(mutators)) }) t.Run("three tags", func(t *testing.T) { - var appKey = tag.MustNewKey("app_id") - var operationKey = tag.MustNewKey("operation") - var methodKey = tag.MustNewKey("method") + appKey := tag.MustNewKey("app_id") + operationKey := tag.MustNewKey("operation") + methodKey := tag.MustNewKey("method") mutators := WithTags(appKey, "test", operationKey, "op", methodKey, "method") assert.Equal(t, 3, len(mutators)) }) t.Run("two tags with wrong value type", func(t *testing.T) { - var appKey = tag.MustNewKey("app_id") - var operationKey = tag.MustNewKey("operation") + appKey := tag.MustNewKey("app_id") + operationKey := tag.MustNewKey("operation") mutators := WithTags(appKey, "test", operationKey, 1) assert.Equal(t, 1, len(mutators)) }) t.Run("skip empty value key", func(t *testing.T) { - var appKey = tag.MustNewKey("app_id") - var operationKey = tag.MustNewKey("operation") - var methodKey = tag.MustNewKey("method") + appKey := tag.MustNewKey("app_id") + operationKey := tag.MustNewKey("operation") + methodKey := tag.MustNewKey("method") mutators := WithTags(appKey, "", operationKey, "op", methodKey, "method") assert.Equal(t, 2, len(mutators)) }) diff --git a/pkg/grpc/api.go b/pkg/grpc/api.go index 80c73564d5e..7fc2b902817 100644 --- a/pkg/grpc/api.go +++ b/pkg/grpc/api.go @@ -18,12 +18,10 @@ import ( "github.com/dapr/dapr/pkg/channel" "github.com/dapr/dapr/pkg/concurrency" "github.com/dapr/dapr/pkg/config" - "github.com/dapr/dapr/pkg/diagnostics" diag "github.com/dapr/dapr/pkg/diagnostics" diag_utils "github.com/dapr/dapr/pkg/diagnostics/utils" "github.com/dapr/dapr/pkg/messaging" invokev1 "github.com/dapr/dapr/pkg/messaging/v1" - "github.com/dapr/dapr/pkg/proto/common/v1" commonv1pb "github.com/dapr/dapr/pkg/proto/common/v1" internalv1pb "github.com/dapr/dapr/pkg/proto/internals/v1" runtimev1pb "github.com/dapr/dapr/pkg/proto/runtime/v1" @@ -118,7 +116,7 @@ func (a *api) CallLocal(ctx context.Context, in *internalv1pb.InternalInvokeRequ if a.accessControlList != nil { // An access control policy has been specified for the app. Apply the policies. operation := req.Message().Method - var httpVerb common.HTTPExtension_Verb + var httpVerb commonv1pb.HTTPExtension_Verb // Get the http verb in case the application protocol is http if a.appProtocol == config.HTTPProtocol && req.Metadata() != nil && len(req.Metadata()) > 0 { httpExt := req.Message().GetHttpExtension() @@ -141,7 +139,7 @@ func (a *api) CallLocal(ctx context.Context, in *internalv1pb.InternalInvokeRequ return resp.Proto(), err } -func (a *api) applyAccessControlPolicies(ctx context.Context, operation string, httpVerb common.HTTPExtension_Verb, appProtocol string) (bool, string) { +func (a *api) applyAccessControlPolicies(ctx context.Context, operation string, httpVerb commonv1pb.HTTPExtension_Verb, appProtocol string) (bool, string) { // Apply access control list filter spiffeID, err := config.GetAndParseSpiffeID(ctx) if err != nil { @@ -580,16 +578,16 @@ func emitACLMetrics(actionPolicy, appID, trustDomain, namespace, operation, verb if action { switch actionPolicy { case config.ActionPolicyApp: - diagnostics.DefaultMonitoring.RequestAllowedByAppAction(appID, trustDomain, namespace, operation, verb, action) + diag.DefaultMonitoring.RequestAllowedByAppAction(appID, trustDomain, namespace, operation, verb, action) case config.ActionPolicyGlobal: - diagnostics.DefaultMonitoring.RequestAllowedByGlobalAction(appID, trustDomain, namespace, operation, verb, action) + diag.DefaultMonitoring.RequestAllowedByGlobalAction(appID, trustDomain, namespace, operation, verb, action) } } else { switch actionPolicy { case config.ActionPolicyApp: - diagnostics.DefaultMonitoring.RequestBlockedByAppAction(appID, trustDomain, namespace, operation, verb, action) + diag.DefaultMonitoring.RequestBlockedByAppAction(appID, trustDomain, namespace, operation, verb, action) case config.ActionPolicyGlobal: - diagnostics.DefaultMonitoring.RequestBlockedByGlobalAction(appID, trustDomain, namespace, operation, verb, action) + diag.DefaultMonitoring.RequestBlockedByGlobalAction(appID, trustDomain, namespace, operation, verb, action) } } } diff --git a/pkg/grpc/api_test.go b/pkg/grpc/api_test.go index 6f2697a66d4..283e7b5c717 100644 --- a/pkg/grpc/api_test.go +++ b/pkg/grpc/api_test.go @@ -39,7 +39,6 @@ import ( "go.opencensus.io/trace" epb "google.golang.org/genproto/googleapis/rpc/errdetails" "google.golang.org/grpc" - grpc_go "google.golang.org/grpc" "google.golang.org/grpc/codes" "google.golang.org/grpc/metadata" "google.golang.org/grpc/status" @@ -113,7 +112,7 @@ func configureTestTraceExporter(meta exporters.Metadata) { exporter.Init("fakeID", "fakeAddress", meta) } -func startTestServerWithTracing(port int) (*grpc_go.Server, *string) { +func startTestServerWithTracing(port int) (*grpc.Server, *string) { lis, _ := net.Listen("tcp", fmt.Sprintf(":%d", port)) var buffer = "" @@ -125,8 +124,8 @@ func startTestServerWithTracing(port int) (*grpc_go.Server, *string) { }) spec := config.TracingSpec{SamplingRate: "1"} - server := grpc_go.NewServer( - grpc_go.UnaryInterceptor(grpc_middleware.ChainUnaryServer(diag.GRPCTraceUnaryServerInterceptor("id", spec))), + server := grpc.NewServer( + grpc.UnaryInterceptor(grpc_middleware.ChainUnaryServer(diag.GRPCTraceUnaryServerInterceptor("id", spec))), ) go func() { @@ -142,14 +141,14 @@ func startTestServerWithTracing(port int) (*grpc_go.Server, *string) { return server, &buffer } -func startTestServer(port int) *grpc_go.Server { +func startTestServer(port int) *grpc.Server { return startTestServerAPI(port, &mockGRPCAPI{}) } -func startTestServerAPI(port int, srv runtimev1pb.DaprServer) *grpc_go.Server { +func startTestServerAPI(port int, srv runtimev1pb.DaprServer) *grpc.Server { lis, _ := net.Listen("tcp", fmt.Sprintf(":%d", port)) - server := grpc_go.NewServer() + server := grpc.NewServer() go func() { runtimev1pb.RegisterDaprServer(server, srv) if err := server.Serve(lis); err != nil { @@ -163,10 +162,10 @@ func startTestServerAPI(port int, srv runtimev1pb.DaprServer) *grpc_go.Server { return server } -func startInternalServer(port int, testAPIServer *api) *grpc_go.Server { +func startInternalServer(port int, testAPIServer *api) *grpc.Server { lis, _ := net.Listen("tcp", fmt.Sprintf(":%d", port)) - server := grpc_go.NewServer() + server := grpc.NewServer() go func() { internalv1pb.RegisterServiceInvocationServer(server, testAPIServer) if err := server.Serve(lis); err != nil { @@ -180,17 +179,17 @@ func startInternalServer(port int, testAPIServer *api) *grpc_go.Server { return server } -func startDaprAPIServer(port int, testAPIServer *api, token string) *grpc_go.Server { +func startDaprAPIServer(port int, testAPIServer *api, token string) *grpc.Server { lis, _ := net.Listen("tcp", fmt.Sprintf(":%d", port)) - opts := []grpc_go.ServerOption{} + opts := []grpc.ServerOption{} if token != "" { opts = append(opts, - grpc_go.UnaryInterceptor(setAPIAuthenticationMiddlewareUnary(token, "dapr-api-token")), + grpc.UnaryInterceptor(setAPIAuthenticationMiddlewareUnary(token, "dapr-api-token")), ) } - server := grpc_go.NewServer(opts...) + server := grpc.NewServer(opts...) go func() { runtimev1pb.RegisterDaprServer(server, testAPIServer) if err := server.Serve(lis); err != nil { @@ -204,10 +203,8 @@ func startDaprAPIServer(port int, testAPIServer *api, token string) *grpc_go.Ser return server } -func createTestClient(port int) *grpc_go.ClientConn { - var opts []grpc_go.DialOption - opts = append(opts, grpc_go.WithInsecure()) - conn, err := grpc_go.Dial(fmt.Sprintf("localhost:%d", port), opts...) +func createTestClient(port int) *grpc.ClientConn { + conn, err := grpc.Dial(fmt.Sprintf("localhost:%d", port), grpc.WithInsecure()) if err != nil { panic(err) } diff --git a/pkg/grpc/grpc.go b/pkg/grpc/grpc.go index e347fa1a6b3..340fdf117f2 100644 --- a/pkg/grpc/grpc.go +++ b/pkg/grpc/grpc.go @@ -97,6 +97,7 @@ func (g *Manager) GetGRPCConnection(address, id string, namespace string, skipTL serverName = fmt.Sprintf("%s.%s.svc.cluster.local", id, namespace) } + // nolint:gosec ta := credentials.NewTLS(&tls.Config{ ServerName: serverName, Certificates: []tls.Certificate{cert}, diff --git a/pkg/grpc/server.go b/pkg/grpc/server.go index 01e010d9518..67e9d839923 100644 --- a/pkg/grpc/server.go +++ b/pkg/grpc/server.go @@ -179,6 +179,7 @@ func (s *server) getGRPCServer() (*grpc_go.Server, error) { return nil, err } + // nolint:gosec tlsConfig := tls.Config{ ClientCAs: s.signedCert.TrustChain, ClientAuth: tls.RequireAndVerifyClientCert, diff --git a/pkg/http/api_test.go b/pkg/http/api_test.go index 18c2d979b3a..0d6fb805848 100644 --- a/pkg/http/api_test.go +++ b/pkg/http/api_test.go @@ -1319,7 +1319,8 @@ type fakeStateStore struct { } func (c fakeStateStore) BulkDelete(req []state.DeleteRequest) error { - for _, r := range req { + for i := range req { + r := req[i] // Make a copy since we will refer to this as a reference in this loop. err := c.Delete(&r) if err != nil { return err @@ -1330,7 +1331,8 @@ func (c fakeStateStore) BulkDelete(req []state.DeleteRequest) error { } func (c fakeStateStore) BulkSet(req []state.SetRequest) error { - for _, s := range req { + for i := range req { + s := req[i] // Make a copy since we will refer to this as a reference in this loop. err := c.Set(&s) if err != nil { return err diff --git a/pkg/injector/pod_patch.go b/pkg/injector/pod_patch.go index b599a6828e4..a66410c9d56 100644 --- a/pkg/injector/pod_patch.go +++ b/pkg/injector/pod_patch.go @@ -78,7 +78,7 @@ const ( defaultMtlsEnabled = true trueString = "true" - // Deprecated, remove in v1.0 + // Deprecated: remove in v1.0 idKey = "dapr.io/id" daprPortKey = "dapr.io/port" daprProfilingKey = "dapr.io/profiling" diff --git a/pkg/injector/pod_patch_test.go b/pkg/injector/pod_patch_test.go index e7f8fa193b6..35330414b6a 100644 --- a/pkg/injector/pod_patch_test.go +++ b/pkg/injector/pod_patch_test.go @@ -20,7 +20,7 @@ import ( func TestLogAsJSONEnabled(t *testing.T) { t.Run("dapr.io/log-as-json is true", func(t *testing.T) { - var fakeAnnotation = map[string]string{ + fakeAnnotation := map[string]string{ daprLogAsJSON: "true", } @@ -28,7 +28,7 @@ func TestLogAsJSONEnabled(t *testing.T) { }) t.Run("dapr.io/log-as-json is false", func(t *testing.T) { - var fakeAnnotation = map[string]string{ + fakeAnnotation := map[string]string{ daprLogAsJSON: "false", } @@ -36,14 +36,14 @@ func TestLogAsJSONEnabled(t *testing.T) { }) t.Run("dapr.io/log-as-json is not given", func(t *testing.T) { - var fakeAnnotation = map[string]string{} + fakeAnnotation := map[string]string{} assert.Equal(t, false, logAsJSONEnabled(fakeAnnotation)) }) } func TestFormatProbePath(t *testing.T) { - var testCases = []struct { + testCases := []struct { given []string expected string }{ @@ -96,7 +96,7 @@ func TestGetSideCarContainer(t *testing.T) { container, _ := getSidecarContainer(annotations, "app_id", "darpio/dapr", "dapr-system", "controlplane:9000", "placement:50000", nil, "", "", "", "sentry:50000", true, "pod_identity") - var expectedArgs = []string{ + expectedArgs := []string{ "--mode", "kubernetes", "--dapr-http-port", "3500", "--dapr-grpc-port", "50001", diff --git a/pkg/logger/options_test.go b/pkg/logger/options_test.go index ddd33ad227f..981d0001720 100644 --- a/pkg/logger/options_test.go +++ b/pkg/logger/options_test.go @@ -60,7 +60,7 @@ func TestApplyOptionsToLoggers(t *testing.T) { } // Create two loggers - var testLoggers = []Logger{ + testLoggers := []Logger{ NewLogger("testLogger0"), NewLogger("testLogger1"), } diff --git a/pkg/messaging/direct_messaging.go b/pkg/messaging/direct_messaging.go index 3c4d89b8890..29d85e87c5f 100644 --- a/pkg/messaging/direct_messaging.go +++ b/pkg/messaging/direct_messaging.go @@ -27,7 +27,6 @@ import ( "google.golang.org/grpc/status" invokev1 "github.com/dapr/dapr/pkg/messaging/v1" - v1 "github.com/dapr/dapr/pkg/messaging/v1" internalv1pb "github.com/dapr/dapr/pkg/proto/internals/v1" ) @@ -174,7 +173,7 @@ func (d *directMessaging) invokeRemote(ctx context.Context, appID, namespace, ap } func (d *directMessaging) addDestinationAppIDHeaderToMetadata(appID string, req *invokev1.InvokeMethodRequest) { - req.Metadata()[v1.DestinationIDHeader] = &internalv1pb.ListStringValue{ + req.Metadata()[invokev1.DestinationIDHeader] = &internalv1pb.ListStringValue{ Values: []string{appID}, } } diff --git a/pkg/messaging/direct_messaging_test.go b/pkg/messaging/direct_messaging_test.go index 455f14bf898..3f387ce2727 100644 --- a/pkg/messaging/direct_messaging_test.go +++ b/pkg/messaging/direct_messaging_test.go @@ -9,7 +9,6 @@ import ( "testing" invokev1 "github.com/dapr/dapr/pkg/messaging/v1" - v1 "github.com/dapr/dapr/pkg/messaging/v1" "github.com/stretchr/testify/assert" "github.com/valyala/fasthttp" ) @@ -26,7 +25,7 @@ func TestDestinationHeaders(t *testing.T) { dm := newDirectMessaging() dm.addDestinationAppIDHeaderToMetadata(appID, req) - md := req.Metadata()[v1.DestinationIDHeader] + md := req.Metadata()[invokev1.DestinationIDHeader] assert.Equal(t, appID, md.Values[0]) }) } diff --git a/pkg/messaging/v1/invoke_method_request.go b/pkg/messaging/v1/invoke_method_request.go index 1acb5fcbbd9..0d141fdbe57 100644 --- a/pkg/messaging/v1/invoke_method_request.go +++ b/pkg/messaging/v1/invoke_method_request.go @@ -98,7 +98,7 @@ func (imr *InvokeMethodRequest) WithHTTPExtension(verb string, querystring strin httpMethod = int32(commonv1pb.HTTPExtension_POST) } - var metadata = map[string]string{} + metadata := map[string]string{} if querystring != "" { params, _ := url.ParseQuery(querystring) diff --git a/pkg/operator/api/api.go b/pkg/operator/api/api.go index cf2c52ba7ba..bc83d7ade60 100644 --- a/pkg/operator/api/api.go +++ b/pkg/operator/api/api.go @@ -28,7 +28,7 @@ const serverPort = 6500 var log = logger.NewLogger("dapr.operator.api") -//Server runs the Dapr API server for components and configurations +// Server runs the Dapr API server for components and configurations type Server interface { Run(certChain *dapr_credentials.CertChain) OnComponentUpdated(component *componentsapi.Component) @@ -96,7 +96,8 @@ func (a *apiServer) ListComponents(ctx context.Context, in *empty.Empty) (*opera resp := &operatorv1pb.ListComponentResponse{ Components: [][]byte{}, } - for _, c := range components.Items { + for i := range components.Items { + c := components.Items[i] // Make a copy since we will refer to this as a reference in this loop. b, err := json.Marshal(&c) if err != nil { log.Warnf("error marshalling component: %s", err) @@ -116,7 +117,8 @@ func (a *apiServer) ListSubscriptions(ctx context.Context, in *empty.Empty) (*op resp := &operatorv1pb.ListSubscriptionsResponse{ Subscriptions: [][]byte{}, } - for _, s := range subs.Items { + for i := range subs.Items { + s := subs.Items[i] // Make a copy since we will refer to this as a reference in this loop. b, err := json.Marshal(&s) if err != nil { log.Warnf("error marshalling subscription: %s", err) diff --git a/pkg/operator/handlers/dapr_handler.go b/pkg/operator/handlers/dapr_handler.go index f0ed24798ee..a7bbac517ad 100644 --- a/pkg/operator/handlers/dapr_handler.go +++ b/pkg/operator/handlers/dapr_handler.go @@ -199,7 +199,8 @@ func (h *DaprHandler) ensureDaprServiceAbsent(ctx context.Context, deploymentKey log.Errorf("unable to list services, err: %s", err) return err } - for _, svc := range services.Items { + for i := range services.Items { + svc := services.Items[i] // Make a copy since we will refer to this as a reference in this loop. log.Debugf("deleting service: %s/%s", svc.Namespace, svc.Name) if err := h.Delete(ctx, &svc, client.PropagationPolicy(meta_v1.DeletePropagationBackground)); client.IgnoreNotFound(err) != nil { log.Errorf("unable to delete svc: %s/%s, err: %s", svc.Namespace, svc.Name, err) diff --git a/pkg/placement/placement.go b/pkg/placement/placement.go index 0f8cc2449a2..c22fa17718f 100644 --- a/pkg/placement/placement.go +++ b/pkg/placement/placement.go @@ -53,7 +53,7 @@ func NewPlacementService() *Service { func (p *Service) ReportDaprStatus(srv placementv1pb.Placement_ReportDaprStatusServer) error { ctx := srv.Context() - var registeredMemberID = "" + var registeredMemberID string for { req, err := srv.Recv() diff --git a/pkg/runtime/runtime_test.go b/pkg/runtime/runtime_test.go index d8ce9a0c857..a526bd53362 100644 --- a/pkg/runtime/runtime_test.go +++ b/pkg/runtime/runtime_test.go @@ -36,7 +36,6 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/mock" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) const ( @@ -133,7 +132,7 @@ func getSubscriptionCustom(topic, route string) string { func testDeclarativeSubscription() subscriptionsapi.Subscription { return subscriptionsapi.Subscription{ - TypeMeta: v1.TypeMeta{ + TypeMeta: meta_v1.TypeMeta{ Kind: "Subscription", }, Spec: subscriptionsapi.SubscriptionSpec{ @@ -697,7 +696,7 @@ func TestMetadataItemsToPropertiesConversion(t *testing.T) { func TestPopulateSecretsConfiguration(t *testing.T) { t.Run("secret store configuration is populated", func(t *testing.T) { - //setup + // setup rt := NewTestDaprRuntime(modes.StandaloneMode) rt.globalConfig.Spec.Secrets.Scopes = []config.SecretsScope{ { @@ -706,10 +705,10 @@ func TestPopulateSecretsConfiguration(t *testing.T) { }, } - //act + // act rt.populateSecretsConfiguration() - //verify + // verify assert.Contains(t, rt.secretsConfiguration, "testMock", "Expected testMock secret store configuration to be populated") assert.Equal(t, config.AllowAccess, rt.secretsConfiguration["testMock"].DefaultAccess, "Expected default access as allow") assert.Empty(t, rt.secretsConfiguration["testMock"].DeniedSecrets, "Expected testMock deniedSecrets to not be populated") diff --git a/pkg/sentry/certs/config.go b/pkg/sentry/certs/config.go index 3bd0555ae64..cfe1eb9d0df 100644 --- a/pkg/sentry/certs/config.go +++ b/pkg/sentry/certs/config.go @@ -1,7 +1,7 @@ package certs const ( - //KubeScrtName is the name of the kubernetes secret that holds the trust bundle + // KubeScrtName is the name of the kubernetes secret that holds the trust bundle KubeScrtName = "dapr-trust-bundle" // TrustAnchorsEnvVar is the environment variable name for the trust anchors in the sidecar TrustAnchorsEnvVar = "DAPR_TRUST_ANCHORS" diff --git a/pkg/sentry/monitoring/metrics.go b/pkg/sentry/monitoring/metrics.go index 8f1ad6ee0e2..120df8845e6 100644 --- a/pkg/sentry/monitoring/metrics.go +++ b/pkg/sentry/monitoring/metrics.go @@ -76,7 +76,7 @@ func IssuerCertChanged() { // InitMetrics initializes metrics func InitMetrics() error { - var nilKey = []tag.Key{} + nilKey := []tag.Key{} return view.Register( diag_utils.NewMeasureView(csrReceivedTotal, nilKey, view.Count()), diag_utils.NewMeasureView(certSignSuccessTotal, nilKey, view.Count()), diff --git a/pkg/sentry/server/server.go b/pkg/sentry/server/server.go index e3e06de5e3e..9a38e50825b 100644 --- a/pkg/sentry/server/server.go +++ b/pkg/sentry/server/server.go @@ -69,6 +69,7 @@ func (s *server) Run(port int, trustBundler ca.TrustRootBundler) error { func (s *server) tlsServerOption(trustBundler ca.TrustRootBundler) grpc.ServerOption { cp := trustBundler.GetTrustAnchors() + // nolint:gosec config := &tls.Config{ ClientCAs: cp, // Require cert verification