update gofumpt to 0.3.1 and reformat the repo (#17055)

* update gofumpt to 0.3.1 and reformat the repo * output the version of the formatter we're using
2025-11-01 11:08:10 +00:00 · 2022-09-07 17:31:20 -07:00
parent cccd1d7353
commit 03d2be4cb9
49 changed files with 228 additions and 177 deletions
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -121,7 +121,7 @@ jobs:
    - CIRCLECI_CLI_VERSION: 0.1.5546
    - GO_TAGS: ''
    - GO_VERSION: 1.19.1
-    - GOFUMPT_VERSION: 0.2.1
+    - GOFUMPT_VERSION: 0.3.1
    - GOTESTSUM_VERSION: 0.5.2
  test-go-remote-docker:
    docker:
@@ -352,6 +352,7 @@ jobs:
    - checkout
    - run:
        command: |
          echo "Using gofumpt version ${GOFUMPT_VERSION}"
          go install "mvdan.cc/gofumpt@v${GOFUMPT_VERSION}"
          make fmt
          if ! git diff --exit-code; then
@@ -363,7 +364,7 @@ jobs:
    - CIRCLECI_CLI_VERSION: 0.1.5546
    - GO_TAGS: ''
    - GO_VERSION: 1.19.1
-    - GOFUMPT_VERSION: 0.2.1
+    - GOFUMPT_VERSION: 0.3.1
    - GOTESTSUM_VERSION: 0.5.2
  test-go-race:
    docker:
@@ -849,7 +850,7 @@ jobs:
    - CIRCLECI_CLI_VERSION: 0.1.5546
    - GO_TAGS: ''
    - GO_VERSION: 1.19.1
-    - GOFUMPT_VERSION: 0.2.1
+    - GOFUMPT_VERSION: 0.3.1
    - GOTESTSUM_VERSION: 0.5.2
  test-go-race-remote-docker:
    docker:
--- a/.circleci/config/executors/@executors.yml
+++ b/.circleci/config/executors/@executors.yml
@@ -6,7 +6,7 @@ go-machine:
    CIRCLECI_CLI_VERSION: 0.1.5546 # Pin CircleCI CLI to patch version (ex: 1.2.3)
    GO_VERSION: 1.19.1 # Pin Go to patch version (ex: 1.2.3)
    GOTESTSUM_VERSION: 0.5.2 # Pin gotestsum to patch version (ex: 1.2.3)
-    GOFUMPT_VERSION: 0.2.1 # Pin gofumpt to patch version (ex: 1.2.3)
+    GOFUMPT_VERSION: 0.3.1 # Pin gofumpt to patch version (ex: 1.2.3)
    GO_TAGS: ""
  working_directory: /home/circleci/go/src/github.com/hashicorp/vault
 node:
--- a/.circleci/config/jobs/fmt.yml
+++ b/.circleci/config/jobs/fmt.yml
@@ -8,6 +8,7 @@ steps:
  - run:
      name: make fmt
      command: |
        echo "Using gofumpt version ${GOFUMPT_VERSION}"
        go install "mvdan.cc/gofumpt@v${GOFUMPT_VERSION}"
        make fmt
        if ! git diff --exit-code; then
--- a/api/auth/approle/approle_test.go
+++ b/api/auth/approle/approle_test.go
@@ -16,7 +16,8 @@ import (
 // testHTTPServer creates a test HTTP server that handles requests until
 // the listener returned is closed.
 func testHTTPServer(
-	t *testing.T, handler http.Handler) (*api.Config, net.Listener) {
+	t *testing.T, handler http.Handler,
 ) (*api.Config, net.Listener) {
 	ln, err := net.Listen("tcp", "127.0.0.1:0")
 	if err != nil {
 		t.Fatalf("err: %s", err)
--- a/api/auth/ldap/ldap_test.go
+++ b/api/auth/ldap/ldap_test.go
@@ -16,7 +16,8 @@ import (
 // testHTTPServer creates a test HTTP server that handles requests until
 // the listener returned is closed.
 func testHTTPServer(
-	t *testing.T, handler http.Handler) (*api.Config, net.Listener) {
+	t *testing.T, handler http.Handler,
 ) (*api.Config, net.Listener) {
 	ln, err := net.Listen("tcp", "127.0.0.1:0")
 	if err != nil {
 		t.Fatalf("err: %s", err)
--- a/api/auth/userpass/userpass_test.go
+++ b/api/auth/userpass/userpass_test.go
@@ -16,7 +16,8 @@ import (
 // testHTTPServer creates a test HTTP server that handles requests until
 // the listener returned is closed.
 func testHTTPServer(
-	t *testing.T, handler http.Handler) (*api.Config, net.Listener) {
+	t *testing.T, handler http.Handler,
 ) (*api.Config, net.Listener) {
 	ln, err := net.Listen("tcp", "127.0.0.1:0")
 	if err != nil {
 		t.Fatalf("err: %s", err)
--- a/api/lifetime_watcher.go
+++ b/api/lifetime_watcher.go
@@ -69,7 +69,6 @@ const (
 //		}
 //	}
 //
 //
 // `DoneCh` will return if renewal fails, or if the remaining lease duration is
 // under a built-in threshold and either renewing is not extending it or
 // renewing is disabled.  In both cases, the caller should attempt a re-read of
@@ -251,7 +250,8 @@ func (r *LifetimeWatcher) doRenew() error {
 }
 func (r *LifetimeWatcher) doRenewWithOptions(tokenMode bool, nonRenewable bool, initLeaseDuration int, credString string,
-	renew renewFunc, initialRetryInterval time.Duration) error {
+	renew renewFunc, initialRetryInterval time.Duration,
 ) error {
 	if credString == "" ||
 		(nonRenewable && r.renewBehavior == RenewBehaviorErrorOnErrors) {
 		return r.errLifetimeWatcherNotRenewable
--- a/api/ssh_agent.go
+++ b/api/ssh_agent.go
@@ -85,11 +85,10 @@ func (c *SSHHelperConfig) SetTLSParameters(clientConfig *Config, certPool *x509.
 }
 // Returns true if any of the following conditions are true:
-//   * CA cert is configured
+//   - CA cert is configured
-//   * CA path is configured
+//   - CA path is configured
-//   * configured to skip certificate verification
+//   - configured to skip certificate verification
-//   * TLS server name is configured
+//   - TLS server name is configured
 //
 func (c *SSHHelperConfig) shouldSetTLSParameters() bool {
 	return c.CACert != "" || c.CAPath != "" || c.TLSServerName != "" || c.TLSSkipVerify
 }
--- a/api/sys_audit.go
+++ b/api/sys_audit.go
@@ -87,7 +87,8 @@ func (c *Sys) ListAuditWithContext(ctx context.Context) (map[string]*Audit, erro
 // DEPRECATED: Use EnableAuditWithOptions instead
 func (c *Sys) EnableAudit(
-	path string, auditType string, desc string, opts map[string]string) error {
+	path string, auditType string, desc string, opts map[string]string,
 ) error {
 	return c.EnableAuditWithOptions(path, &EnableAuditOptions{
 		Type:        auditType,
 		Description: desc,
--- a/builtin/credential/aws/backend_test.go
+++ b/builtin/credential/aws/backend_test.go
@@ -1021,7 +1021,9 @@ func TestBackend_PathBlacklistRoleTag(t *testing.T) {
 	}
 }
-/* This is an acceptance test.
+/*
 This is an acceptance test.
 	Requires the following env vars:
 	TEST_AWS_EC2_RSA2048
 	TEST_AWS_EC2_PKCS7
--- a/builtin/credential/aws/certificates.go
+++ b/builtin/credential/aws/certificates.go
@@ -26,7 +26,9 @@ func init() {
 // These certificates are for verifying PKCS#7 DSA signatures.
 // Copied from:
 //
 //	curl https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/verify-pkcs7.html | pcregrep -M -o -e '(?s)-----BEGIN CERTIFICATE-----[^>]*-----END CERTIFICATE-----'
 //
 // Last updated: 2022-05-31
 const pkcs7RawCerts = `-----BEGIN CERTIFICATE-----
 MIIC7TCCAq0CCQCWukjZ5V4aZzAJBgcqhkjOOAQDMFwxCzAJBgNVBAYTAlVTMRkw
--- a/builtin/credential/aws/path_role.go
+++ b/builtin/credential/aws/path_role.go
@@ -305,7 +305,8 @@ func (b *backend) roleInternal(ctx context.Context, s logical.Storage, roleName
 // setRole creates or updates a role in the storage. The caller must hold
 // the write lock.
 func (b *backend) setRole(ctx context.Context, s logical.Storage, roleName string,
-	roleEntry *awsRoleEntry) error {
+	roleEntry *awsRoleEntry,
 ) error {
 	if roleName == "" {
 		return fmt.Errorf("missing role name")
 	}
--- a/builtin/credential/aws/pkcs7/ber.go
+++ b/builtin/credential/aws/pkcs7/ber.go
@@ -106,12 +106,12 @@ func lengthLength(i int) (numBytes int) {
 // added to 0x80. The length is encoded in big endian encoding follow after
 //
 // Examples:
 //
 //	length | byte 1 | bytes n
 //	0      | 0x00   | -
 //	120    | 0x78   | -
 //	200    | 0x81   | 0xC8
 //	500    | 0x82   | 0x01 0xF4
 //
 func encodeLength(out *bytes.Buffer, length int) (err error) {
 	if length >= 128 {
 		l := lengthLength(length)
--- a/builtin/credential/cert/backend_test.go
+++ b/builtin/credential/cert/backend_test.go
@@ -1836,7 +1836,8 @@ func testAccStepLoginWithNameInvalid(t *testing.T, connState tls.ConnectionState
 }
 func testAccStepListCerts(
-	t *testing.T, certs []string) []logicaltest.TestStep {
+	t *testing.T, certs []string,
 ) []logicaltest.TestStep {
 	return []logicaltest.TestStep{
 		{
 			Operation: logical.ListOperation,
@@ -1893,7 +1894,8 @@ type allowed struct {
 }
 func testAccStepCert(
-	t *testing.T, name string, cert []byte, policies string, testData allowed, expectError bool) logicaltest.TestStep {
+	t *testing.T, name string, cert []byte, policies string, testData allowed, expectError bool,
 ) logicaltest.TestStep {
 	return logicaltest.TestStep{
 		Operation: logical.UpdateOperation,
 		Path:      "certs/" + name,
@@ -1922,7 +1924,8 @@ func testAccStepCert(
 }
 func testAccStepCertLease(
-	t *testing.T, name string, cert []byte, policies string) logicaltest.TestStep {
+	t *testing.T, name string, cert []byte, policies string,
 ) logicaltest.TestStep {
 	return logicaltest.TestStep{
 		Operation: logical.UpdateOperation,
 		Path:      "certs/" + name,
@@ -1936,7 +1939,8 @@ func testAccStepCertLease(
 }
 func testAccStepCertTTL(
-	t *testing.T, name string, cert []byte, policies string) logicaltest.TestStep {
+	t *testing.T, name string, cert []byte, policies string,
 ) logicaltest.TestStep {
 	return logicaltest.TestStep{
 		Operation: logical.UpdateOperation,
 		Path:      "certs/" + name,
@@ -1950,7 +1954,8 @@ func testAccStepCertTTL(
 }
 func testAccStepCertMaxTTL(
-	t *testing.T, name string, cert []byte, policies string) logicaltest.TestStep {
+	t *testing.T, name string, cert []byte, policies string,
 ) logicaltest.TestStep {
 	return logicaltest.TestStep{
 		Operation: logical.UpdateOperation,
 		Path:      "certs/" + name,
@@ -1965,7 +1970,8 @@ func testAccStepCertMaxTTL(
 }
 func testAccStepCertNoLease(
-	t *testing.T, name string, cert []byte, policies string) logicaltest.TestStep {
+	t *testing.T, name string, cert []byte, policies string,
 ) logicaltest.TestStep {
 	return logicaltest.TestStep{
 		Operation: logical.UpdateOperation,
 		Path:      "certs/" + name,
--- a/builtin/credential/ldap/backend_test.go
+++ b/builtin/credential/ldap/backend_test.go
@@ -390,10 +390,10 @@ func TestLdapAuthBackend_UserPolicies(t *testing.T) {
 * ...as well as existence of a person object, `cn=Hermes Conrad,dc=example,dc=com`,
 *    which is a member of a group, `cn=admin_staff,ou=people,dc=example,dc=com`
 *
- * Querying the server from the command line:
+  - Querying the server from the command line:
- *   $ docker run --privileged -d -p 389:389 --name ldap --rm rroemhild/test-openldap
+  - $ docker run --privileged -d -p 389:389 --name ldap --rm rroemhild/test-openldap
- *   $ ldapsearch -x -H ldap://localhost -b dc=planetexpress,dc=com -s sub uid=hermes
+  - $ ldapsearch -x -H ldap://localhost -b dc=planetexpress,dc=com -s sub uid=hermes
- *   $ ldapsearch -x -H ldap://localhost -b dc=planetexpress,dc=com -s sub \
+  - $ ldapsearch -x -H ldap://localhost -b dc=planetexpress,dc=com -s sub \
    'member=cn=Hermes Conrad,ou=people,dc=planetexpress,dc=com'
 */
 func factory(t *testing.T) logical.Backend {
--- a/builtin/credential/radius/backend_test.go
+++ b/builtin/credential/radius/backend_test.go
@@ -339,7 +339,8 @@ func testStepUserList(t *testing.T, users []string) logicaltest.TestStep {
 }
 func testStepUpdateUser(
-	t *testing.T, name string, policies string) logicaltest.TestStep {
+	t *testing.T, name string, policies string,
 ) logicaltest.TestStep {
 	return logicaltest.TestStep{
 		Operation: logical.UpdateOperation,
 		Path:      "users/" + name,
--- a/builtin/credential/userpass/backend_test.go
+++ b/builtin/credential/userpass/backend_test.go
@@ -300,7 +300,8 @@ func testAccStepLogin(t *testing.T, user string, pass string, policies []string)
 }
 func testUserCreateOperation(
-	t *testing.T, name string, password string, policies string) logicaltest.TestStep {
+	t *testing.T, name string, password string, policies string,
 ) logicaltest.TestStep {
 	return logicaltest.TestStep{
 		Operation: logical.CreateOperation,
 		Path:      "users/" + name,
@@ -312,7 +313,8 @@ func testUserCreateOperation(
 }
 func testAccStepUser(
-	t *testing.T, name string, password string, policies string) logicaltest.TestStep {
+	t *testing.T, name string, password string, policies string,
 ) logicaltest.TestStep {
 	return logicaltest.TestStep{
 		Operation: logical.UpdateOperation,
 		Path:      "users/" + name,
--- a/builtin/credential/userpass/stepwise_test.go
+++ b/builtin/credential/userpass/stepwise_test.go
@@ -32,7 +32,8 @@ func TestAccBackend_stepwise_UserCrud(t *testing.T) {
 }
 func testAccStepwiseUser(
-	t *testing.T, name string, password string, policies string) stepwise.Step {
+	t *testing.T, name string, password string, policies string,
 ) stepwise.Step {
 	return stepwise.Step{
 		Operation: stepwise.UpdateOperation,
 		Path:      "users/" + name,
--- a/builtin/logical/aws/secret_access_keys.go
+++ b/builtin/logical/aws/secret_access_keys.go
@@ -278,7 +278,8 @@ func (b *backend) secretAccessKeysCreate(
 	ctx context.Context,
 	s logical.Storage,
 	displayName, policyName string,
-	role *awsRoleEntry) (*logical.Response, error) {
+	role *awsRoleEntry,
 ) (*logical.Response, error) {
 	iamClient, err := b.clientIAM(ctx, s)
 	if err != nil {
 		return logical.ErrorResponse(err.Error()), nil
--- a/builtin/logical/pki/ocsp_test.go
+++ b/builtin/logical/pki/ocsp_test.go
@@ -316,6 +316,7 @@ func TestOcsp_RevokedCertHasIssuerWithoutAKey(t *testing.T) {
 // the response to the caller on its behalf.
 //
 // NOTE: This test is a bit at the mercy of iteration order of the issuer ids.
 //
 //	If it becomes flaky, most likely something is wrong in the code
 //	and not the test.
 func TestOcsp_MultipleMatchingIssuersOneWithoutSigningUsage(t *testing.T) {
--- a/builtin/logical/ssh/backend_test.go
+++ b/builtin/logical/ssh/backend_test.go
@@ -2120,7 +2120,8 @@ func testDefaultUserTemplate(t *testing.T, testDefaultUserTemplate string,
 func testAllowedPrincipalsTemplate(t *testing.T, testAllowedDomainsTemplate string,
 	expectedValidPrincipal string, testEntityMetadata map[string]string,
-	roleConfigPayload map[string]interface{}, signingPayload map[string]interface{}) {
+	roleConfigPayload map[string]interface{}, signingPayload map[string]interface{},
 ) {
 	cluster, userpassToken := getSshCaTestCluster(t, testUserName)
 	defer cluster.Cleanup()
 	client := cluster.Cores[0].Client
@@ -2169,7 +2170,8 @@ func testAllowedPrincipalsTemplate(t *testing.T, testAllowedDomainsTemplate stri
 }
 func testAllowedUsersTemplate(t *testing.T, testAllowedUsersTemplate string,
-	expectedValidPrincipal string, testEntityMetadata map[string]string) {
+	expectedValidPrincipal string, testEntityMetadata map[string]string,
 ) {
 	testAllowedPrincipalsTemplate(
 		t, testAllowedUsersTemplate,
 		expectedValidPrincipal, testEntityMetadata,
--- a/builtin/logical/transit/backend_test.go
+++ b/builtin/logical/transit/backend_test.go
@@ -623,7 +623,8 @@ func testAccStepReadPolicyWithVersions(t *testing.T, name string, expectNone, de
 }
 func testAccStepEncrypt(
-	t *testing.T, name, plaintext string, decryptData map[string]interface{}) logicaltest.TestStep {
+	t *testing.T, name, plaintext string, decryptData map[string]interface{},
 ) logicaltest.TestStep {
 	return logicaltest.TestStep{
 		Operation: logical.UpdateOperation,
 		Path:      "encrypt/" + name,
@@ -647,7 +648,8 @@ func testAccStepEncrypt(
 }
 func testAccStepEncryptUpsert(
-	t *testing.T, name, plaintext string, decryptData map[string]interface{}) logicaltest.TestStep {
+	t *testing.T, name, plaintext string, decryptData map[string]interface{},
 ) logicaltest.TestStep {
 	return logicaltest.TestStep{
 		Operation: logical.CreateOperation,
 		Path:      "encrypt/" + name,
@@ -671,7 +673,8 @@ func testAccStepEncryptUpsert(
 }
 func testAccStepEncryptContext(
-	t *testing.T, name, plaintext, context string, decryptData map[string]interface{}) logicaltest.TestStep {
+	t *testing.T, name, plaintext, context string, decryptData map[string]interface{},
 ) logicaltest.TestStep {
 	return logicaltest.TestStep{
 		Operation: logical.UpdateOperation,
 		Path:      "encrypt/" + name,
@@ -697,7 +700,8 @@ func testAccStepEncryptContext(
 }
 func testAccStepDecrypt(
-	t *testing.T, name, plaintext string, decryptData map[string]interface{}) logicaltest.TestStep {
+	t *testing.T, name, plaintext string, decryptData map[string]interface{},
 ) logicaltest.TestStep {
 	return logicaltest.TestStep{
 		Operation: logical.UpdateOperation,
 		Path:      "decrypt/" + name,
@@ -725,7 +729,8 @@ func testAccStepDecrypt(
 }
 func testAccStepRewrap(
-	t *testing.T, name string, decryptData map[string]interface{}, expectedVer int) logicaltest.TestStep {
+	t *testing.T, name string, decryptData map[string]interface{}, expectedVer int,
 ) logicaltest.TestStep {
 	return logicaltest.TestStep{
 		Operation: logical.UpdateOperation,
 		Path:      "rewrap/" + name,
@@ -757,7 +762,8 @@ func testAccStepRewrap(
 func testAccStepEncryptVX(
 	t *testing.T, name, plaintext string, decryptData map[string]interface{},
-	ver int, encryptHistory map[int]map[string]interface{}) logicaltest.TestStep {
+	ver int, encryptHistory map[int]map[string]interface{},
 ) logicaltest.TestStep {
 	return logicaltest.TestStep{
 		Operation: logical.UpdateOperation,
 		Path:      "encrypt/" + name,
@@ -788,7 +794,8 @@ func testAccStepEncryptVX(
 func testAccStepLoadVX(
 	t *testing.T, name string, decryptData map[string]interface{},
-	ver int, encryptHistory map[int]map[string]interface{}) logicaltest.TestStep {
+	ver int, encryptHistory map[int]map[string]interface{},
 ) logicaltest.TestStep {
 	// This is really a no-op to allow us to do data manip in the check function
 	return logicaltest.TestStep{
 		Operation: logical.ReadOperation,
@@ -801,7 +808,8 @@ func testAccStepLoadVX(
 }
 func testAccStepDecryptExpectFailure(
-	t *testing.T, name, plaintext string, decryptData map[string]interface{}) logicaltest.TestStep {
+	t *testing.T, name, plaintext string, decryptData map[string]interface{},
 ) logicaltest.TestStep {
 	return logicaltest.TestStep{
 		Operation: logical.UpdateOperation,
 		Path:      "decrypt/" + name,
@@ -825,7 +833,8 @@ func testAccStepRotate(t *testing.T, name string) logicaltest.TestStep {
 func testAccStepWriteDatakey(t *testing.T, name string,
 	noPlaintext bool, bits int,
-	dataKeyInfo map[string]interface{}) logicaltest.TestStep {
+	dataKeyInfo map[string]interface{},
 ) logicaltest.TestStep {
 	data := map[string]interface{}{}
 	subPath := "plaintext"
 	if noPlaintext {
@@ -869,7 +878,8 @@ func testAccStepWriteDatakey(t *testing.T, name string,
 }
 func testAccStepDecryptDatakey(t *testing.T, name string,
-	dataKeyInfo map[string]interface{}) logicaltest.TestStep {
+	dataKeyInfo map[string]interface{},
 ) logicaltest.TestStep {
 	return logicaltest.TestStep{
 		Operation: logical.UpdateOperation,
 		Path:      "decrypt/" + name,
--- a/builtin/logical/transit/stepwise_test.go
+++ b/builtin/logical/transit/stepwise_test.go
@@ -162,7 +162,8 @@ func testAccStepwiseReadPolicyWithVersions(t *testing.T, name string, expectNone
 }
 func testAccStepwiseEncryptContext(
-	t *testing.T, name, plaintext, context string, decryptData map[string]interface{}) stepwise.Step {
+	t *testing.T, name, plaintext, context string, decryptData map[string]interface{},
 ) stepwise.Step {
 	return stepwise.Step{
 		Operation: stepwise.UpdateOperation,
 		Path:      "encrypt/" + name,
@@ -188,7 +189,8 @@ func testAccStepwiseEncryptContext(
 }
 func testAccStepwiseDecrypt(
-	t *testing.T, name, plaintext string, decryptData map[string]interface{}) stepwise.Step {
+	t *testing.T, name, plaintext string, decryptData map[string]interface{},
 ) stepwise.Step {
 	return stepwise.Step{
 		Operation: stepwise.UpdateOperation,
 		Path:      "decrypt/" + name,
--- a/command/agent/auth/alicloud/alicloud.go
+++ b/command/agent/auth/alicloud/alicloud.go
@@ -18,13 +18,11 @@ import (
 )
 /*
 Creds can be inferred from instance metadata, and those creds
 expire every 60 minutes, so we're going to need to poll for new
 creds. Since we're polling anyways, let's poll once a minute so
 all changes can be picked up rather quickly. This is configurable,
 however.
 */
 const defaultCredCheckFreqSeconds = 60
--- a/command/token/helper_external.go
+++ b/command/token/helper_external.go
@@ -46,10 +46,10 @@ var _ TokenHelper = (*ExternalTokenHelper)(nil)
 // BinaryPath is executed within a shell with environment Env. The last argument
 // appended will be the operation, which is:
 //
-//   * "get" - Read the value of the token and write it to stdout.
+//   - "get" - Read the value of the token and write it to stdout.
-//   * "store" - Store the value of the token which is on stdin. Output
+//   - "store" - Store the value of the token which is on stdin. Output
 //     nothing.
-//   * "erase" - Erase the contents stored. Output nothing.
+//   - "erase" - Erase the contents stored. Output nothing.
 //
 // Any errors can be written on stdout. If the helper exits with a non-zero
 // exit code then the stderr will be made part of the error value.
--- a/http/assets.go
+++ b/http/assets.go
@@ -9,6 +9,7 @@ import (
 )
 // content is our static web server content.
 //
 //go:embed web_ui/*
 var content embed.FS
--- a/internalshared/listenerutil/listener.go
+++ b/internalshared/listenerutil/listener.go
@@ -75,7 +75,8 @@ func UnixSocketListener(path string, unixSocketsConfig *UnixSocketsConfig) (net.
 func TLSConfig(
 	l *configutil.Listener,
 	props map[string]string,
-	ui cli.Ui) (*tls.Config, reloadutil.ReloadFunc, error) {
+	ui cli.Ui,
 ) (*tls.Config, reloadutil.ReloadFunc, error) {
 	props["tls"] = "disabled"
 	if l.TLSDisable {
--- a/physical/gcs/gcs_ha.go
+++ b/physical/gcs/gcs_ha.go
@@ -321,6 +321,7 @@ OUTER:
 //
 // - lock does not exist
 //   - write the lock
 //
 // - lock exists
 //   - if key is empty or identity is the same or timestamp exceeds TTL
 //   - update the lock to self
--- a/physical/postgresql/postgresql.go
+++ b/physical/postgresql/postgresql.go
@@ -36,11 +36,9 @@ const (
 // Verify PostgreSQLBackend satisfies the correct interfaces
 var _ physical.Backend = (*PostgreSQLBackend)(nil)
 //
 // HA backend was implemented based on the DynamoDB backend pattern
 // With distinction using central postgres clock, hereby avoiding
 // possible issues with multiple clocks
 //
 var (
 	_ physical.HABackend = (*PostgreSQLBackend)(nil)
 	_ physical.Lock      = (*PostgreSQLLock)(nil)
--- a/physical/spanner/spanner_ha.go
+++ b/physical/spanner/spanner_ha.go
@@ -320,6 +320,7 @@ OUTER:
 //
 // - lock does not exist
 //   - write the lock
 //
 // - lock exists
 //   - if key is empty or identity is the same or timestamp exceeds TTL
 //   - update the lock to self
--- a/sdk/framework/openapi.go
+++ b/sdk/framework/openapi.go
@@ -734,6 +734,7 @@ func cleanResponse(resp *logical.Response) *cleanedResponse {
 // /sys/tools/random/{urlbytes} -> postSysToolsRandomUrlbytes
 //
 // In the unlikely case of a duplicate ids, a numeric suffix is added:
 //
 //	postSysToolsRandomUrlbytes_2
 //
 // An optional user-provided suffix ("context") may also be appended.
--- a/sdk/framework/secret.go
+++ b/sdk/framework/secret.go
@@ -42,7 +42,8 @@ func (s *Secret) Renewable() bool {
 }
 func (s *Secret) Response(
-	data, internal map[string]interface{}) *logical.Response {
+	data, internal map[string]interface{},
 ) *logical.Response {
 	internalData := make(map[string]interface{})
 	for k, v := range internal {
 		internalData[k] = v
--- a/sdk/helper/keysutil/policy_test.go
+++ b/sdk/helper/keysutil/policy_test.go
@@ -834,7 +834,8 @@ func Test_RSA_PSS(t *testing.T) {
 	}
 	test_RSA_PSS := func(t *testing.T, p *Policy, rsaKey *rsa.PrivateKey, hashType HashType,
-		marshalingType MarshalingType) {
+		marshalingType MarshalingType,
 	) {
 		unsaltedOptions := SigningOptions{
 			HashAlgorithm: hashType,
 			Marshaling:    marshalingType,
--- a/sdk/helper/locksutil/locks.go
+++ b/sdk/helper/locksutil/locks.go
@@ -25,7 +25,6 @@ type LockEntry struct {
 // Lock B, Lock A
 //
 // Where process 1 is now deadlocked trying to lock B, and process 2 deadlocked trying to lock A
 //
 func CreateLocks() []*LockEntry {
 	ret := make([]*LockEntry, LockCount)
 	for i := range ret {
--- a/sdk/helper/template/template.go
+++ b/sdk/helper/template/template.go
@@ -39,37 +39,48 @@ func Function(name string, f interface{}) Opt {
 // - random
 //   - Randomly generated characters. This uses the charset specified in RandomCharset. Must include a length.
 //     Example: {{ rand 20 }}
 //
 // - truncate
 //   - Truncates the previous value to the specified length. Must include a maximum length.
 //     Example: {{ .DisplayName | truncate 10 }}
 //
 // - truncate_sha256
 //   - Truncates the previous value to the specified length. If the original length is greater than the length
 //     specified, the remaining characters will be sha256 hashed and appended to the end. The hash will be only the first 8 characters The maximum length will
 //     be no longer than the length specified.
 //     Example: {{ .DisplayName | truncate_sha256 30 }}
 //
 // - uppercase
 //   - Uppercases the previous value.
 //     Example: {{ .RoleName | uppercase }}
 //
 // - lowercase
 //   - Lowercases the previous value.
 //     Example: {{ .DisplayName | lowercase }}
 //
 // - replace
 //   - Performs a string find & replace
 //     Example: {{ .DisplayName | replace - _ }}
 //
 // - sha256
 //   - SHA256 hashes the previous value.
 //     Example: {{ .DisplayName | sha256 }}
 //
 // - base64
 //   - base64 encodes the previous value.
 //     Example: {{ .DisplayName | base64 }}
 //
 // - unix_time
 //   - Provides the current unix time in seconds.
 //     Example: {{ unix_time }}
 //
 // - unix_time_millis
 //   - Provides the current unix time in milliseconds.
 //     Example: {{ unix_time_millis }}
 //
 // - timestamp
 //   - Provides the current time. Must include a standard Go format string
 //
 // - uuid
 //   - Generates a UUID
 //     Example: {{ uuid }}
--- a/sdk/logical/request.go
+++ b/sdk/logical/request.go
@@ -378,7 +378,6 @@ type MFACreds map[string][]string
 // InitializationRequest stores the parameters and context of an Initialize()
 // call being made to a logical.Backend.
 type InitializationRequest struct {
 	// Storage can be used to durably store and retrieve state.
 	Storage Storage
 }
--- a/vault/external_tests/sealmigration/testshared.go
+++ b/vault/external_tests/sealmigration/testshared.go
@@ -334,7 +334,8 @@ func migrateFromShamirToTransit_Pre14(t *testing.T, logger hclog.Logger, storage
 }
 func validateMigration(t *testing.T, storage teststorage.ReusableStorage,
-	cluster *vault.TestCluster, leaderIdx int, f func(t *testing.T, core *vault.TestClusterCore)) {
+	cluster *vault.TestCluster, leaderIdx int, f func(t *testing.T, core *vault.TestClusterCore),
 ) {
 	t.Helper()
 	leader := cluster.Cores[leaderIdx]
@@ -693,7 +694,8 @@ func runShamir(t *testing.T, logger hclog.Logger, storage teststorage.ReusableSt
 // initializeTransit initializes a brand new backend storage with Transit.
 func InitializeTransit(t *testing.T, logger hclog.Logger, storage teststorage.ReusableStorage, basePort int,
-	tss *sealhelper.TransitSealServer, sealKeyName string) (*vault.TestCluster, *vault.TestClusterOptions) {
+	tss *sealhelper.TransitSealServer, sealKeyName string,
 ) (*vault.TestCluster, *vault.TestClusterOptions) {
 	t.Helper()
 	baseClusterPort := basePort + 10
--- a/vault/identity_store_groups_test.go
+++ b/vault/identity_store_groups_test.go
@@ -1083,6 +1083,7 @@ func TestIdentityStore_GroupMultiCase(t *testing.T) {
 /*
 Test groups hierarchy:
 	             ------- eng(entityID3) -------
 	             |                            |
 	      ----- vault -----        -- ops(entityID2) --