lint fixes, change fleetdb reference to main

.golangci.yml

@@ -3,11 +3,14 @@
 service:
   golangci-lint-version: 1.55.2 # use the fixed version to not introduce new linters unexpectedly
 
+run:
+  build-tags:
+    - testtools
+
 linters-settings:
   govet:
     enable:
     auto-fix: true
-    check-shadowing: true
     settings:
       printf:
         funcs:
@@ -60,7 +63,7 @@ linters:
     # additional linters
     - bodyclose
     - gocritic
-    - goerr113
+    - err113
     - goimports
     - revive
     - misspell
@@ -70,12 +73,9 @@ linters:
   enable-all: false
   disable-all: true
 
-run:
-  #  build-tags:
-  skip-dirs:
-    - internal/fixtures
-
 issues:
+  exclude-dirs:
+    - internal/fixtures
   exclude-rules:
     - linters:
         - gosec
@@ -108,3 +108,5 @@ issues:
     # EXC0010 gosec: False positive is triggered by 'src, err := ioutil.ReadFile(filename)'
     - Potential file inclusion via variable
 exclude-use-default: false
+
+shadow: true

Makefile

@@ -6,7 +6,7 @@ lint:
 
 ## Go test
 test: lint
-	CGO_ENABLED=0 go test -timeout 1m -v -covermode=atomic ./...
+	CGO_ENABLED=0 go test -tags testtools -timeout 2m -v -covermode=atomic ./...
 
 ## Generate mocks
 gen-mock:

ginauth/errors.go

@@ -35,7 +35,7 @@ type AuthError struct {
 func NewAuthenticationError(msg string) *AuthError {
 	return &AuthError{
 		HTTPErrorCode: http.StatusUnauthorized,
-		// nolint:err113
+		//nolint:err113 // it must be dynamic here
 		err: errors.New(msg),
 	}
 }
@@ -46,8 +46,7 @@ func NewAuthenticationError(msg string) *AuthError {
 func NewAuthenticationErrorFrom(err error) *AuthError {
 	return &AuthError{
 		HTTPErrorCode: http.StatusUnauthorized,
-		// nolint:goerr113
-		err: err,
+		err:           err,
 	}
 }
 
@@ -56,7 +55,7 @@ func NewAuthenticationErrorFrom(err error) *AuthError {
 func NewAuthorizationError(msg string) *AuthError {
 	return &AuthError{
 		HTTPErrorCode: http.StatusForbidden,
-		// nolint:err113
+		//nolint:err113 // it must be dynamic here
 		err: errors.New(msg),
 	}
 }

ginauth/multitokenmiddleware_test.go

@@ -209,7 +209,7 @@ func TestMultitokenMiddlewareValidatesTokens(t *testing.T) {
 			})
 
 			w := httptest.NewRecorder()
-			req := httptest.NewRequest("GET", "http://test/", nil)
+			req := httptest.NewRequest("GET", "http://test/", http.NoBody)
 
 			signer := ginjwt.TestHelperMustMakeSigner(jose.RS256, tt.signingKeyID, tt.signingKey)
 			rawToken := ginjwt.TestHelperGetToken(signer, tt.claims, "scope", strings.Join(tt.claimScopes, " "))
@@ -270,7 +270,7 @@ func TestMultitokenInvalidAuthHeader(t *testing.T) {
 			})
 
 			w := httptest.NewRecorder()
-			req := httptest.NewRequest("GET", "http://test/", nil)
+			req := httptest.NewRequest("GET", "http://test/", http.NoBody)
 
 			req.Header.Set("Authorization", tt.authHeader)
 			r.ServeHTTP(w, req)

ginauth/remote_test.go

@@ -30,11 +30,13 @@ func getNewTestRemoteAuthServer(resp *ginauth.AuthResponseV1, forcedSleep time.D
 		c.JSON(statusResp, resp)
 	})
 
+	//nolint:gosec // its a test, we dont care
 	listener, err := net.Listen("tcp", ":0")
 	if err != nil {
 		panic(err)
 	}
 
+	//nolint:gosec // its a test, we dont care
 	s := &http.Server{
 		Handler: r,
 	}
@@ -118,7 +120,7 @@ func TestRemoteMiddleware(t *testing.T) {
 			})
 
 			w := httptest.NewRecorder()
-			req := httptest.NewRequest("GET", "http://test/", nil)
+			req := httptest.NewRequest("GET", "http://test/", http.NoBody)
 
 			// We'll be testing explicitly expected responses. It's up to the server to
 			// actually validate this token.

ginjwt/jwt.go

@@ -57,6 +57,8 @@ type AuthConfig struct {
 }
 
 // NewAuthMiddleware will return an auth middleware configured with the jwt parameters passed in
+//
+//nolint:gocritic // Not replacing cfg with a pointer, its an API, so would require us to fix its use in other repos
 func NewAuthMiddleware(cfg AuthConfig) (*Middleware, error) {
 	if cfg.RolesClaim == "" {
 		cfg.RolesClaim = "scope"
@@ -135,6 +137,8 @@ func (m *Middleware) VerifyTokenWithScopes(c *gin.Context, scopes []string) (gin
 
 // VerifyToken verifies a JWT token gotten from the gin.Context object. This does not validate roles claims/scopes.
 // This implements the GenericMiddleware interface
+//
+//nolint:gocyclo // we should reduce the complexity of this function at some point
 func (m *Middleware) VerifyToken(c *gin.Context) (ginauth.ClaimMetadata, error) {
 	authHeader := c.Request.Header.Get("Authorization")
 
@@ -144,7 +148,7 @@ func (m *Middleware) VerifyToken(c *gin.Context) (ginauth.ClaimMetadata, error)
 
 	authHeaderParts := strings.SplitN(authHeader, " ", expectedAuthHeaderParts)
 
-	if !(len(authHeaderParts) == expectedAuthHeaderParts && strings.ToLower(authHeaderParts[0]) == "bearer") {
+	if !(len(authHeaderParts) == expectedAuthHeaderParts && strings.EqualFold(authHeaderParts[0], "bearer")) {
 		return ginauth.ClaimMetadata{}, ginauth.NewAuthenticationError("invalid authorization header, expected format: \"Bearer token\"")
 	}
 
@@ -277,7 +281,7 @@ func (m *Middleware) refreshJWKS() error {
 		ctx = context.Background()
 	}
 
-	req, reqerr := http.NewRequestWithContext(ctx, http.MethodGet, m.config.JWKSURI, nil)
+	req, reqerr := http.NewRequestWithContext(ctx, http.MethodGet, m.config.JWKSURI, http.NoBody)
 	if reqerr != nil {
 		return reqerr
 	}

ginjwt/jwt_test.go

@@ -240,7 +240,7 @@ func TestMiddlewareValidatesTokensWithScopes(t *testing.T) {
 			})
 
 			w := httptest.NewRecorder()
-			req := httptest.NewRequest("GET", "http://test/", nil)
+			req := httptest.NewRequest("GET", "http://test/", http.NoBody)
 
 			signer := ginjwt.TestHelperMustMakeSigner(jose.RS256, tt.signingKeyID, tt.signingKey)
 			rawToken := ginjwt.TestHelperGetToken(signer, tt.claims, "scope", strings.Join(tt.claimScopes, " "))
@@ -404,7 +404,7 @@ func TestMiddlewareAuthRequired(t *testing.T) {
 			})
 
 			w := httptest.NewRecorder()
-			req := httptest.NewRequest("GET", "http://test/", nil)
+			req := httptest.NewRequest("GET", "http://test/", http.NoBody)
 
 			signer := ginjwt.TestHelperMustMakeSigner(jose.RS256, tt.signingKeyID, tt.signingKey)
 			rawToken := ginjwt.TestHelperGetToken(signer, tt.claims, "scope", strings.Join(tt.claimScopes, " "))
@@ -465,7 +465,7 @@ func TestInvalidAuthHeader(t *testing.T) {
 			})
 
 			w := httptest.NewRecorder()
-			req := httptest.NewRequest("GET", "http://test/", nil)
+			req := httptest.NewRequest("GET", "http://test/", http.NoBody)
 
 			req.Header.Set("Authorization", tt.authHeader)
 			r.ServeHTTP(w, req)

ginjwt/multitokenmiddleware.go

@@ -14,8 +14,8 @@ func NewMultiTokenMiddlewareFromConfigs(cfgs ...AuthConfig) (*ginauth.MultiToken
 
 	mtm := &ginauth.MultiTokenMiddleware{}
 
-	for _, cfg := range cfgs {
-		middleware, err := NewAuthMiddleware(cfg)
+	for i := range cfgs {
+		middleware, err := NewAuthMiddleware(cfgs[i])
 		if err != nil {
 			return nil, err
 		}

ginjwt/testtools.go

@@ -89,11 +89,13 @@ func TestHelperJWKSProvider(keyIDs ...string) string {
 		c.JSON(http.StatusOK, keySet)
 	})
 
+	//nolint:gosec // its a test, we dont care
 	listener, err := net.Listen("tcp", ":0")
 	if err != nil {
 		panic(err)
 	}
 
+	//nolint:gosec // its a test, we dont care
 	s := &http.Server{
 		Handler: r,
 	}
@@ -108,6 +110,8 @@ func TestHelperJWKSProvider(keyIDs ...string) string {
 }
 
 // TestHelperGetToken will return a signed token
+//
+//nolint:gocritic // Not replacing cl with a pointer
 func TestHelperGetToken(signer jose.Signer, cl jwt.Claims, key string, value interface{}) string {
 	sc := map[string]interface{}{}
 

go.mod

@@ -5,43 +5,41 @@ go 1.22
 toolchain go1.22.2
 
 require (
-	github.com/bmc-toolbox/common v0.0.0-20240510143200-3db7cecbb5a6
+	github.com/bmc-toolbox/common v0.0.0-20240723142833-87832458b53b
+	github.com/gin-gonic/gin v1.10.0
 	github.com/google/uuid v1.6.0
 	github.com/hashicorp/go-multierror v1.1.1
-	github.com/metal-toolbox/conditionorc v1.0.9-0.20240716090543-6e7e9300b375
-	github.com/metal-toolbox/fleetdb v1.18.6
+	github.com/metal-toolbox/fleetdb v1.19.5-0.20240913163810-6a9703ca4111
 	github.com/nats-io/nats-server/v2 v2.10.12
 	github.com/nats-io/nats.go v1.36.0
 	github.com/pkg/errors v0.9.1
-	github.com/prometheus/client_golang v1.19.1
-	github.com/sirupsen/logrus v1.9.3
+	github.com/spf13/cobra v1.8.1
+	github.com/spf13/pflag v1.0.5
+	github.com/spf13/viper v1.19.0
 	github.com/stretchr/testify v1.9.0
-	go.opentelemetry.io/otel v1.27.0
-	go.opentelemetry.io/otel/sdk v1.27.0
-	go.opentelemetry.io/otel/trace v1.27.0
-	go.uber.org/goleak v1.3.0
-	golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8
+	go.opentelemetry.io/otel v1.28.0
+	go.opentelemetry.io/otel/sdk v1.28.0
+	go.opentelemetry.io/otel/trace v1.28.0
+	golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56
+	golang.org/x/net v0.28.0
+	gopkg.in/square/go-jose.v2 v2.6.0
 )
 
 require github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 
 require (
-	github.com/banzaicloud/logrus-runtime-formatter v0.0.0-20190729070250-5ae5475bae5e // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
-	github.com/bytedance/sonic v1.11.9 // indirect
-	github.com/bytedance/sonic/loader v0.1.1 // indirect
+	github.com/bytedance/sonic v1.12.1 // indirect
+	github.com/bytedance/sonic/loader v0.2.0 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/cloudwego/base64x v0.1.4 // indirect
 	github.com/cloudwego/iasm v0.2.0 // indirect
 	github.com/cockroachdb/cockroach-go/v2 v2.3.8 // indirect
-	github.com/coreos/go-oidc v2.2.1+incompatible // indirect
 	github.com/ericlagergren/decimal v0.0.0-20240411145413-00de7ca16731 // indirect
-	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/friendsofgo/errors v0.9.2 // indirect
 	github.com/fsnotify/fsnotify v1.7.0 // indirect
-	github.com/gabriel-vasile/mimetype v1.4.4 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.5 // indirect
 	github.com/gin-contrib/sse v0.1.0 // indirect
-	github.com/gin-gonic/gin v1.10.0 // indirect
 	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
@@ -50,13 +48,10 @@ require (
 	github.com/goccy/go-json v0.10.3 // indirect
 	github.com/gofrs/uuid v4.4.0+incompatible // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
-	github.com/googleapis/gax-go/v2 v2.12.5 // indirect
-	github.com/gorilla/websocket v1.5.3 // indirect
+	github.com/googleapis/gax-go/v2 v2.13.0 // indirect
 	github.com/gosimple/slug v1.14.0 // indirect
 	github.com/gosimple/unidecode v1.0.1 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
-	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
-	github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/hetiansu5/urlquery v1.2.7 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
@@ -86,20 +81,16 @@ require (
 	github.com/nats-io/nuid v1.0.1 // indirect
 	github.com/pelletier/go-toml/v2 v2.2.2 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
-	github.com/pquerna/cachecontrol v0.2.0 // indirect
+	github.com/prometheus/client_golang v1.20.1 // indirect
 	github.com/prometheus/client_model v0.6.1 // indirect
 	github.com/prometheus/common v0.55.0 // indirect
 	github.com/prometheus/procfs v0.15.1 // indirect
 	github.com/rogpeppe/go-internal v1.12.0 // indirect
 	github.com/sagikazarmark/locafero v0.6.0 // indirect
 	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
-	github.com/slack-go/slack v0.13.0 // indirect
 	github.com/sourcegraph/conc v0.3.0 // indirect
 	github.com/spf13/afero v1.11.0 // indirect
 	github.com/spf13/cast v1.6.0 // indirect
-	github.com/spf13/cobra v1.8.1 // indirect
-	github.com/spf13/pflag v1.0.5 // indirect
-	github.com/spf13/viper v1.19.0 // indirect
 	github.com/stretchr/objx v0.5.2 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
@@ -113,23 +104,20 @@ require (
 	github.com/volatiletech/strmangle v0.0.6 // indirect
 	go.opencensus.io v0.24.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.52.0 // indirect
-	go.opentelemetry.io/otel/metric v1.27.0 // indirect
+	go.opentelemetry.io/otel/metric v1.28.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.27.0 // indirect
-	gocloud.dev v0.37.0 // indirect
-	golang.org/x/arch v0.8.0 // indirect
-	golang.org/x/crypto v0.24.0 // indirect
-	golang.org/x/net v0.26.0 // indirect
-	golang.org/x/oauth2 v0.21.0 // indirect
-	golang.org/x/sys v0.21.0 // indirect
-	golang.org/x/text v0.16.0 // indirect
+	gocloud.dev v0.38.0 // indirect
+	golang.org/x/arch v0.9.0 // indirect
+	golang.org/x/crypto v0.26.0 // indirect
+	golang.org/x/sys v0.24.0 // indirect
+	golang.org/x/text v0.17.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
-	golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect
-	google.golang.org/api v0.186.0 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240624140628-dc46fd24d27d // indirect
-	google.golang.org/grpc v1.64.0 // indirect
+	golang.org/x/xerrors v0.0.0-20240716161551-93cc26a95ae9 // indirect
+	google.golang.org/api v0.189.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240725223205-93522f1f2a9f // indirect
+	google.golang.org/grpc v1.65.0 // indirect
 	google.golang.org/protobuf v1.34.2 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
-	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )