update gofumpt to 0.3.1 and reformat the repo (#17055)

* update gofumpt to 0.3.1 and reformat the repo * output the version of the formatter we're using
2025-10-30 10:12:35 +00:00 · 2022-09-07 17:31:20 -07:00
parent cccd1d7353
commit 03d2be4cb9
49 changed files with 228 additions and 177 deletions
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -121,7 +121,7 @@ jobs:
    - CIRCLECI_CLI_VERSION: 0.1.5546
    - GO_TAGS: ''
    - GO_VERSION: 1.19.1
-    - GOFUMPT_VERSION: 0.2.1
+    - GOFUMPT_VERSION: 0.3.1
    - GOTESTSUM_VERSION: 0.5.2
  test-go-remote-docker:
    docker:
@@ -352,6 +352,7 @@ jobs:
    - checkout
    - run:
        command: |
+          echo "Using gofumpt version ${GOFUMPT_VERSION}"
          go install "mvdan.cc/gofumpt@v${GOFUMPT_VERSION}"
          make fmt
          if ! git diff --exit-code; then
@@ -363,7 +364,7 @@ jobs:
    - CIRCLECI_CLI_VERSION: 0.1.5546
    - GO_TAGS: ''
    - GO_VERSION: 1.19.1
-    - GOFUMPT_VERSION: 0.2.1
+    - GOFUMPT_VERSION: 0.3.1
    - GOTESTSUM_VERSION: 0.5.2
  test-go-race:
    docker:
@@ -849,7 +850,7 @@ jobs:
    - CIRCLECI_CLI_VERSION: 0.1.5546
    - GO_TAGS: ''
    - GO_VERSION: 1.19.1
-    - GOFUMPT_VERSION: 0.2.1
+    - GOFUMPT_VERSION: 0.3.1
    - GOTESTSUM_VERSION: 0.5.2
  test-go-race-remote-docker:
    docker:
--- a/.circleci/config/executors/@executors.yml
+++ b/.circleci/config/executors/@executors.yml
@@ -6,7 +6,7 @@ go-machine:
    CIRCLECI_CLI_VERSION: 0.1.5546 # Pin CircleCI CLI to patch version (ex: 1.2.3)
    GO_VERSION: 1.19.1 # Pin Go to patch version (ex: 1.2.3)
    GOTESTSUM_VERSION: 0.5.2 # Pin gotestsum to patch version (ex: 1.2.3)
-    GOFUMPT_VERSION: 0.2.1 # Pin gofumpt to patch version (ex: 1.2.3)
+    GOFUMPT_VERSION: 0.3.1 # Pin gofumpt to patch version (ex: 1.2.3)
    GO_TAGS: ""
  working_directory: /home/circleci/go/src/github.com/hashicorp/vault
 node:
--- a/.circleci/config/jobs/fmt.yml
+++ b/.circleci/config/jobs/fmt.yml
@@ -8,6 +8,7 @@ steps:
  - run:
      name: make fmt
      command: |
+        echo "Using gofumpt version ${GOFUMPT_VERSION}"
        go install "mvdan.cc/gofumpt@v${GOFUMPT_VERSION}"
        make fmt
        if ! git diff --exit-code; then
--- a/api/auth/approle/approle_test.go
+++ b/api/auth/approle/approle_test.go
@@ -16,7 +16,8 @@ import (
 // testHTTPServer creates a test HTTP server that handles requests until
 // the listener returned is closed.
 func testHTTPServer(
-	t *testing.T, handler http.Handler) (*api.Config, net.Listener) {
+	t *testing.T, handler http.Handler,
+) (*api.Config, net.Listener) {
 	ln, err := net.Listen("tcp", "127.0.0.1:0")
 	if err != nil {
 		t.Fatalf("err: %s", err)
--- a/api/auth/ldap/ldap_test.go
+++ b/api/auth/ldap/ldap_test.go
@@ -16,7 +16,8 @@ import (
 // testHTTPServer creates a test HTTP server that handles requests until
 // the listener returned is closed.
 func testHTTPServer(
-	t *testing.T, handler http.Handler) (*api.Config, net.Listener) {
+	t *testing.T, handler http.Handler,
+) (*api.Config, net.Listener) {
 	ln, err := net.Listen("tcp", "127.0.0.1:0")
 	if err != nil {
 		t.Fatalf("err: %s", err)
--- a/api/auth/userpass/userpass_test.go
+++ b/api/auth/userpass/userpass_test.go
@@ -16,7 +16,8 @@ import (
 // testHTTPServer creates a test HTTP server that handles requests until
 // the listener returned is closed.
 func testHTTPServer(
-	t *testing.T, handler http.Handler) (*api.Config, net.Listener) {
+	t *testing.T, handler http.Handler,
+) (*api.Config, net.Listener) {
 	ln, err := net.Listen("tcp", "127.0.0.1:0")
 	if err != nil {
 		t.Fatalf("err: %s", err)
--- a/api/lifetime_watcher.go
+++ b/api/lifetime_watcher.go
@@ -69,7 +69,6 @@ const (
 //		}
 //	}
 //
-//
 // `DoneCh` will return if renewal fails, or if the remaining lease duration is
 // under a built-in threshold and either renewing is not extending it or
 // renewing is disabled.  In both cases, the caller should attempt a re-read of
@@ -251,7 +250,8 @@ func (r *LifetimeWatcher) doRenew() error {
 }

 func (r *LifetimeWatcher) doRenewWithOptions(tokenMode bool, nonRenewable bool, initLeaseDuration int, credString string,
-	renew renewFunc, initialRetryInterval time.Duration) error {
+	renew renewFunc, initialRetryInterval time.Duration,
+) error {
 	if credString == "" ||
 		(nonRenewable && r.renewBehavior == RenewBehaviorErrorOnErrors) {
 		return r.errLifetimeWatcherNotRenewable
--- a/api/ssh_agent.go
+++ b/api/ssh_agent.go
@@ -85,11 +85,10 @@ func (c *SSHHelperConfig) SetTLSParameters(clientConfig *Config, certPool *x509.
 }

 // Returns true if any of the following conditions are true:
-//   * CA cert is configured
-//   * CA path is configured
-//   * configured to skip certificate verification
-//   * TLS server name is configured
-//
+//   - CA cert is configured
+//   - CA path is configured
+//   - configured to skip certificate verification
+//   - TLS server name is configured
 func (c *SSHHelperConfig) shouldSetTLSParameters() bool {
 	return c.CACert != "" || c.CAPath != "" || c.TLSServerName != "" || c.TLSSkipVerify
 }
--- a/api/sys_audit.go
+++ b/api/sys_audit.go
@@ -87,7 +87,8 @@ func (c *Sys) ListAuditWithContext(ctx context.Context) (map[string]*Audit, erro

 // DEPRECATED: Use EnableAuditWithOptions instead
 func (c *Sys) EnableAudit(
-	path string, auditType string, desc string, opts map[string]string) error {
+	path string, auditType string, desc string, opts map[string]string,
+) error {
 	return c.EnableAuditWithOptions(path, &EnableAuditOptions{
 		Type:        auditType,
 		Description: desc,
--- a/builtin/credential/aws/backend_test.go
+++ b/builtin/credential/aws/backend_test.go
@@ -1021,7 +1021,9 @@ func TestBackend_PathBlacklistRoleTag(t *testing.T) {
 	}
 }

-/* This is an acceptance test.
+/*
+This is an acceptance test.
+
 	Requires the following env vars:
 	TEST_AWS_EC2_RSA2048
 	TEST_AWS_EC2_PKCS7
--- a/builtin/credential/aws/certificates.go
+++ b/builtin/credential/aws/certificates.go
@@ -26,7 +26,9 @@ func init() {

 // These certificates are for verifying PKCS#7 DSA signatures.
 // Copied from:
+//
 //	curl https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/verify-pkcs7.html | pcregrep -M -o -e '(?s)-----BEGIN CERTIFICATE-----[^>]*-----END CERTIFICATE-----'
+//
 // Last updated: 2022-05-31
 const pkcs7RawCerts = `-----BEGIN CERTIFICATE-----
 MIIC7TCCAq0CCQCWukjZ5V4aZzAJBgcqhkjOOAQDMFwxCzAJBgNVBAYTAlVTMRkw
--- a/builtin/credential/aws/path_role.go
+++ b/builtin/credential/aws/path_role.go
@@ -305,7 +305,8 @@ func (b *backend) roleInternal(ctx context.Context, s logical.Storage, roleName
 // setRole creates or updates a role in the storage. The caller must hold
 // the write lock.
 func (b *backend) setRole(ctx context.Context, s logical.Storage, roleName string,
-	roleEntry *awsRoleEntry) error {
+	roleEntry *awsRoleEntry,
+) error {
 	if roleName == "" {
 		return fmt.Errorf("missing role name")
 	}
--- a/builtin/credential/aws/pkcs7/ber.go
+++ b/builtin/credential/aws/pkcs7/ber.go
@@ -106,12 +106,12 @@ func lengthLength(i int) (numBytes int) {
 // added to 0x80. The length is encoded in big endian encoding follow after
 //
 // Examples:
+//
 //	length | byte 1 | bytes n
 //	0      | 0x00   | -
 //	120    | 0x78   | -
 //	200    | 0x81   | 0xC8
 //	500    | 0x82   | 0x01 0xF4
-//
 func encodeLength(out *bytes.Buffer, length int) (err error) {
 	if length >= 128 {
 		l := lengthLength(length)
--- a/builtin/credential/cert/backend_test.go
+++ b/builtin/credential/cert/backend_test.go
@@ -1836,7 +1836,8 @@ func testAccStepLoginWithNameInvalid(t *testing.T, connState tls.ConnectionState
 }

 func testAccStepListCerts(
-	t *testing.T, certs []string) []logicaltest.TestStep {
+	t *testing.T, certs []string,
+) []logicaltest.TestStep {
 	return []logicaltest.TestStep{
 		{
 			Operation: logical.ListOperation,
@@ -1893,7 +1894,8 @@ type allowed struct {
 }

 func testAccStepCert(
-	t *testing.T, name string, cert []byte, policies string, testData allowed, expectError bool) logicaltest.TestStep {
+	t *testing.T, name string, cert []byte, policies string, testData allowed, expectError bool,
+) logicaltest.TestStep {
 	return logicaltest.TestStep{
 		Operation: logical.UpdateOperation,
 		Path:      "certs/" + name,
@@ -1922,7 +1924,8 @@ func testAccStepCert(
 }

 func testAccStepCertLease(
-	t *testing.T, name string, cert []byte, policies string) logicaltest.TestStep {
+	t *testing.T, name string, cert []byte, policies string,
+) logicaltest.TestStep {
 	return logicaltest.TestStep{
 		Operation: logical.UpdateOperation,
 		Path:      "certs/" + name,
@@ -1936,7 +1939,8 @@ func testAccStepCertLease(
 }

 func testAccStepCertTTL(
-	t *testing.T, name string, cert []byte, policies string) logicaltest.TestStep {
+	t *testing.T, name string, cert []byte, policies string,
+) logicaltest.TestStep {
 	return logicaltest.TestStep{
 		Operation: logical.UpdateOperation,
 		Path:      "certs/" + name,
@@ -1950,7 +1954,8 @@ func testAccStepCertTTL(
 }

 func testAccStepCertMaxTTL(
-	t *testing.T, name string, cert []byte, policies string) logicaltest.TestStep {
+	t *testing.T, name string, cert []byte, policies string,
+) logicaltest.TestStep {
 	return logicaltest.TestStep{
 		Operation: logical.UpdateOperation,
 		Path:      "certs/" + name,
@@ -1965,7 +1970,8 @@ func testAccStepCertMaxTTL(
 }

 func testAccStepCertNoLease(
-	t *testing.T, name string, cert []byte, policies string) logicaltest.TestStep {
+	t *testing.T, name string, cert []byte, policies string,
+) logicaltest.TestStep {
 	return logicaltest.TestStep{
 		Operation: logical.UpdateOperation,
 		Path:      "certs/" + name,
--- a/builtin/credential/ldap/backend_test.go
+++ b/builtin/credential/ldap/backend_test.go
@@ -382,18 +382,18 @@ func TestLdapAuthBackend_UserPolicies(t *testing.T) {
 }

 /*
- * Acceptance test for LDAP Auth Method
- *
- * The tests here rely on a docker LDAP server:
- * [https://github.com/rroemhild/docker-test-openldap]
- *
- * ...as well as existence of a person object, `cn=Hermes Conrad,dc=example,dc=com`,
- *    which is a member of a group, `cn=admin_staff,ou=people,dc=example,dc=com`
- *
- * Querying the server from the command line:
- *   $ docker run --privileged -d -p 389:389 --name ldap --rm rroemhild/test-openldap
- *   $ ldapsearch -x -H ldap://localhost -b dc=planetexpress,dc=com -s sub uid=hermes
- *   $ ldapsearch -x -H ldap://localhost -b dc=planetexpress,dc=com -s sub \
+* Acceptance test for LDAP Auth Method
+*
+* The tests here rely on a docker LDAP server:
+* [https://github.com/rroemhild/docker-test-openldap]
+*
+* ...as well as existence of a person object, `cn=Hermes Conrad,dc=example,dc=com`,
+*    which is a member of a group, `cn=admin_staff,ou=people,dc=example,dc=com`
+*
+  - Querying the server from the command line:
+  - $ docker run --privileged -d -p 389:389 --name ldap --rm rroemhild/test-openldap
+  - $ ldapsearch -x -H ldap://localhost -b dc=planetexpress,dc=com -s sub uid=hermes
+  - $ ldapsearch -x -H ldap://localhost -b dc=planetexpress,dc=com -s sub \
    'member=cn=Hermes Conrad,ou=people,dc=planetexpress,dc=com'
 */
 func factory(t *testing.T) logical.Backend {
--- a/builtin/credential/radius/backend_test.go
+++ b/builtin/credential/radius/backend_test.go
@@ -339,7 +339,8 @@ func testStepUserList(t *testing.T, users []string) logicaltest.TestStep {
 }

 func testStepUpdateUser(
-	t *testing.T, name string, policies string) logicaltest.TestStep {
+	t *testing.T, name string, policies string,
+) logicaltest.TestStep {
 	return logicaltest.TestStep{
 		Operation: logical.UpdateOperation,
 		Path:      "users/" + name,
--- a/builtin/credential/userpass/backend_test.go
+++ b/builtin/credential/userpass/backend_test.go
@@ -300,7 +300,8 @@ func testAccStepLogin(t *testing.T, user string, pass string, policies []string)
 }

 func testUserCreateOperation(
-	t *testing.T, name string, password string, policies string) logicaltest.TestStep {
+	t *testing.T, name string, password string, policies string,
+) logicaltest.TestStep {
 	return logicaltest.TestStep{
 		Operation: logical.CreateOperation,
 		Path:      "users/" + name,
@@ -312,7 +313,8 @@ func testUserCreateOperation(
 }

 func testAccStepUser(
-	t *testing.T, name string, password string, policies string) logicaltest.TestStep {
+	t *testing.T, name string, password string, policies string,
+) logicaltest.TestStep {
 	return logicaltest.TestStep{
 		Operation: logical.UpdateOperation,
 		Path:      "users/" + name,
--- a/builtin/credential/userpass/stepwise_test.go
+++ b/builtin/credential/userpass/stepwise_test.go
@@ -32,7 +32,8 @@ func TestAccBackend_stepwise_UserCrud(t *testing.T) {
 }

 func testAccStepwiseUser(
-	t *testing.T, name string, password string, policies string) stepwise.Step {
+	t *testing.T, name string, password string, policies string,
+) stepwise.Step {
 	return stepwise.Step{
 		Operation: stepwise.UpdateOperation,
 		Path:      "users/" + name,
--- a/builtin/logical/aws/secret_access_keys.go
+++ b/builtin/logical/aws/secret_access_keys.go
@@ -278,7 +278,8 @@ func (b *backend) secretAccessKeysCreate(
 	ctx context.Context,
 	s logical.Storage,
 	displayName, policyName string,
-	role *awsRoleEntry) (*logical.Response, error) {
+	role *awsRoleEntry,
+) (*logical.Response, error) {
 	iamClient, err := b.clientIAM(ctx, s)
 	if err != nil {
 		return logical.ErrorResponse(err.Error()), nil
--- a/builtin/logical/pki/ocsp_test.go
+++ b/builtin/logical/pki/ocsp_test.go
@@ -316,6 +316,7 @@ func TestOcsp_RevokedCertHasIssuerWithoutAKey(t *testing.T) {
 // the response to the caller on its behalf.
 //
 // NOTE: This test is a bit at the mercy of iteration order of the issuer ids.
+//
 //	If it becomes flaky, most likely something is wrong in the code
 //	and not the test.
 func TestOcsp_MultipleMatchingIssuersOneWithoutSigningUsage(t *testing.T) {
--- a/builtin/logical/ssh/backend_test.go
+++ b/builtin/logical/ssh/backend_test.go
@@ -2120,7 +2120,8 @@ func testDefaultUserTemplate(t *testing.T, testDefaultUserTemplate string,

 func testAllowedPrincipalsTemplate(t *testing.T, testAllowedDomainsTemplate string,
 	expectedValidPrincipal string, testEntityMetadata map[string]string,
-	roleConfigPayload map[string]interface{}, signingPayload map[string]interface{}) {
+	roleConfigPayload map[string]interface{}, signingPayload map[string]interface{},
+) {
 	cluster, userpassToken := getSshCaTestCluster(t, testUserName)
 	defer cluster.Cleanup()
 	client := cluster.Cores[0].Client
@@ -2169,7 +2170,8 @@ func testAllowedPrincipalsTemplate(t *testing.T, testAllowedDomainsTemplate stri
 }

 func testAllowedUsersTemplate(t *testing.T, testAllowedUsersTemplate string,
-	expectedValidPrincipal string, testEntityMetadata map[string]string) {
+	expectedValidPrincipal string, testEntityMetadata map[string]string,
+) {
 	testAllowedPrincipalsTemplate(
 		t, testAllowedUsersTemplate,
 		expectedValidPrincipal, testEntityMetadata,
--- a/builtin/logical/transit/backend_test.go
+++ b/builtin/logical/transit/backend_test.go
@@ -623,7 +623,8 @@ func testAccStepReadPolicyWithVersions(t *testing.T, name string, expectNone, de
 }

 func testAccStepEncrypt(
-	t *testing.T, name, plaintext string, decryptData map[string]interface{}) logicaltest.TestStep {
+	t *testing.T, name, plaintext string, decryptData map[string]interface{},
+) logicaltest.TestStep {
 	return logicaltest.TestStep{
 		Operation: logical.UpdateOperation,
 		Path:      "encrypt/" + name,
@@ -647,7 +648,8 @@ func testAccStepEncrypt(
 }

 func testAccStepEncryptUpsert(
-	t *testing.T, name, plaintext string, decryptData map[string]interface{}) logicaltest.TestStep {
+	t *testing.T, name, plaintext string, decryptData map[string]interface{},
+) logicaltest.TestStep {
 	return logicaltest.TestStep{
 		Operation: logical.CreateOperation,
 		Path:      "encrypt/" + name,
@@ -671,7 +673,8 @@ func testAccStepEncryptUpsert(
 }

 func testAccStepEncryptContext(
-	t *testing.T, name, plaintext, context string, decryptData map[string]interface{}) logicaltest.TestStep {
+	t *testing.T, name, plaintext, context string, decryptData map[string]interface{},
+) logicaltest.TestStep {
 	return logicaltest.TestStep{
 		Operation: logical.UpdateOperation,
 		Path:      "encrypt/" + name,
@@ -697,7 +700,8 @@ func testAccStepEncryptContext(
 }

 func testAccStepDecrypt(
-	t *testing.T, name, plaintext string, decryptData map[string]interface{}) logicaltest.TestStep {
+	t *testing.T, name, plaintext string, decryptData map[string]interface{},
+) logicaltest.TestStep {
 	return logicaltest.TestStep{
 		Operation: logical.UpdateOperation,
 		Path:      "decrypt/" + name,
@@ -725,7 +729,8 @@ func testAccStepDecrypt(
 }

 func testAccStepRewrap(
-	t *testing.T, name string, decryptData map[string]interface{}, expectedVer int) logicaltest.TestStep {
+	t *testing.T, name string, decryptData map[string]interface{}, expectedVer int,
+) logicaltest.TestStep {
 	return logicaltest.TestStep{
 		Operation: logical.UpdateOperation,
 		Path:      "rewrap/" + name,
@@ -757,7 +762,8 @@ func testAccStepRewrap(

 func testAccStepEncryptVX(
 	t *testing.T, name, plaintext string, decryptData map[string]interface{},
-	ver int, encryptHistory map[int]map[string]interface{}) logicaltest.TestStep {
+	ver int, encryptHistory map[int]map[string]interface{},
+) logicaltest.TestStep {
 	return logicaltest.TestStep{
 		Operation: logical.UpdateOperation,
 		Path:      "encrypt/" + name,
@@ -788,7 +794,8 @@ func testAccStepEncryptVX(

 func testAccStepLoadVX(
 	t *testing.T, name string, decryptData map[string]interface{},
-	ver int, encryptHistory map[int]map[string]interface{}) logicaltest.TestStep {
+	ver int, encryptHistory map[int]map[string]interface{},
+) logicaltest.TestStep {
 	// This is really a no-op to allow us to do data manip in the check function
 	return logicaltest.TestStep{
 		Operation: logical.ReadOperation,
@@ -801,7 +808,8 @@ func testAccStepLoadVX(
 }

 func testAccStepDecryptExpectFailure(
-	t *testing.T, name, plaintext string, decryptData map[string]interface{}) logicaltest.TestStep {
+	t *testing.T, name, plaintext string, decryptData map[string]interface{},
+) logicaltest.TestStep {
 	return logicaltest.TestStep{
 		Operation: logical.UpdateOperation,
 		Path:      "decrypt/" + name,
@@ -825,7 +833,8 @@ func testAccStepRotate(t *testing.T, name string) logicaltest.TestStep {

 func testAccStepWriteDatakey(t *testing.T, name string,
 	noPlaintext bool, bits int,
-	dataKeyInfo map[string]interface{}) logicaltest.TestStep {
+	dataKeyInfo map[string]interface{},
+) logicaltest.TestStep {
 	data := map[string]interface{}{}
 	subPath := "plaintext"
 	if noPlaintext {
@@ -869,7 +878,8 @@ func testAccStepWriteDatakey(t *testing.T, name string,
 }

 func testAccStepDecryptDatakey(t *testing.T, name string,
-	dataKeyInfo map[string]interface{}) logicaltest.TestStep {
+	dataKeyInfo map[string]interface{},
+) logicaltest.TestStep {
 	return logicaltest.TestStep{
 		Operation: logical.UpdateOperation,
 		Path:      "decrypt/" + name,
--- a/builtin/logical/transit/stepwise_test.go
+++ b/builtin/logical/transit/stepwise_test.go
@@ -162,7 +162,8 @@ func testAccStepwiseReadPolicyWithVersions(t *testing.T, name string, expectNone
 }

 func testAccStepwiseEncryptContext(
-	t *testing.T, name, plaintext, context string, decryptData map[string]interface{}) stepwise.Step {
+	t *testing.T, name, plaintext, context string, decryptData map[string]interface{},
+) stepwise.Step {
 	return stepwise.Step{
 		Operation: stepwise.UpdateOperation,
 		Path:      "encrypt/" + name,
@@ -188,7 +189,8 @@ func testAccStepwiseEncryptContext(
 }

 func testAccStepwiseDecrypt(
-	t *testing.T, name, plaintext string, decryptData map[string]interface{}) stepwise.Step {
+	t *testing.T, name, plaintext string, decryptData map[string]interface{},
+) stepwise.Step {
 	return stepwise.Step{
 		Operation: stepwise.UpdateOperation,
 		Path:      "decrypt/" + name,
--- a/command/agent/auth/alicloud/alicloud.go
+++ b/command/agent/auth/alicloud/alicloud.go
@@ -18,13 +18,11 @@ import (
 )

 /*
-
-	Creds can be inferred from instance metadata, and those creds
-	expire every 60 minutes, so we're going to need to poll for new
-	creds. Since we're polling anyways, let's poll once a minute so
-	all changes can be picked up rather quickly. This is configurable,
-	however.
-
+Creds can be inferred from instance metadata, and those creds
+expire every 60 minutes, so we're going to need to poll for new
+creds. Since we're polling anyways, let's poll once a minute so
+all changes can be picked up rather quickly. This is configurable,
+however.
 */
 const defaultCredCheckFreqSeconds = 60

--- a/command/token/helper_external.go
+++ b/command/token/helper_external.go
@@ -46,10 +46,10 @@ var _ TokenHelper = (*ExternalTokenHelper)(nil)
 // BinaryPath is executed within a shell with environment Env. The last argument
 // appended will be the operation, which is:
 //
-//   * "get" - Read the value of the token and write it to stdout.
-//   * "store" - Store the value of the token which is on stdin. Output
+//   - "get" - Read the value of the token and write it to stdout.
+//   - "store" - Store the value of the token which is on stdin. Output
 //     nothing.
-//   * "erase" - Erase the contents stored. Output nothing.
+//   - "erase" - Erase the contents stored. Output nothing.
 //
 // Any errors can be written on stdout. If the helper exits with a non-zero
 // exit code then the stderr will be made part of the error value.
--- a/http/assets.go
+++ b/http/assets.go
@@ -9,6 +9,7 @@ import (
 )

 // content is our static web server content.
+//
 //go:embed web_ui/*
 var content embed.FS

--- a/internalshared/listenerutil/listener.go
+++ b/internalshared/listenerutil/listener.go
@@ -75,7 +75,8 @@ func UnixSocketListener(path string, unixSocketsConfig *UnixSocketsConfig) (net.
 func TLSConfig(
 	l *configutil.Listener,
 	props map[string]string,
-	ui cli.Ui) (*tls.Config, reloadutil.ReloadFunc, error) {
+	ui cli.Ui,
+) (*tls.Config, reloadutil.ReloadFunc, error) {
 	props["tls"] = "disabled"

 	if l.TLSDisable {
--- a/physical/gcs/gcs_ha.go
+++ b/physical/gcs/gcs_ha.go
@@ -321,6 +321,7 @@ OUTER:
 //
 // - lock does not exist
 //   - write the lock
+//
 // - lock exists
 //   - if key is empty or identity is the same or timestamp exceeds TTL
 //   - update the lock to self
--- a/physical/postgresql/postgresql.go
+++ b/physical/postgresql/postgresql.go
@@ -36,11 +36,9 @@ const (
 // Verify PostgreSQLBackend satisfies the correct interfaces
 var _ physical.Backend = (*PostgreSQLBackend)(nil)

-//
 // HA backend was implemented based on the DynamoDB backend pattern
 // With distinction using central postgres clock, hereby avoiding
 // possible issues with multiple clocks
-//
 var (
 	_ physical.HABackend = (*PostgreSQLBackend)(nil)
 	_ physical.Lock      = (*PostgreSQLLock)(nil)
--- a/physical/spanner/spanner_ha.go
+++ b/physical/spanner/spanner_ha.go
@@ -320,6 +320,7 @@ OUTER:
 //
 // - lock does not exist
 //   - write the lock
+//
 // - lock exists
 //   - if key is empty or identity is the same or timestamp exceeds TTL
 //   - update the lock to self
--- a/sdk/framework/openapi.go
+++ b/sdk/framework/openapi.go
@@ -734,6 +734,7 @@ func cleanResponse(resp *logical.Response) *cleanedResponse {
 // /sys/tools/random/{urlbytes} -> postSysToolsRandomUrlbytes
 //
 // In the unlikely case of a duplicate ids, a numeric suffix is added:
+//
 //	postSysToolsRandomUrlbytes_2
 //
 // An optional user-provided suffix ("context") may also be appended.
--- a/sdk/framework/secret.go
+++ b/sdk/framework/secret.go
@@ -42,7 +42,8 @@ func (s *Secret) Renewable() bool {
 }

 func (s *Secret) Response(
-	data, internal map[string]interface{}) *logical.Response {
+	data, internal map[string]interface{},
+) *logical.Response {
 	internalData := make(map[string]interface{})
 	for k, v := range internal {
 		internalData[k] = v
--- a/sdk/helper/keysutil/policy_test.go
+++ b/sdk/helper/keysutil/policy_test.go
@@ -834,7 +834,8 @@ func Test_RSA_PSS(t *testing.T) {
 	}

 	test_RSA_PSS := func(t *testing.T, p *Policy, rsaKey *rsa.PrivateKey, hashType HashType,
-		marshalingType MarshalingType) {
+		marshalingType MarshalingType,
+	) {
 		unsaltedOptions := SigningOptions{
 			HashAlgorithm: hashType,
 			Marshaling:    marshalingType,
--- a/sdk/helper/locksutil/locks.go
+++ b/sdk/helper/locksutil/locks.go
@@ -25,7 +25,6 @@ type LockEntry struct {
 // Lock B, Lock A
 //
 // Where process 1 is now deadlocked trying to lock B, and process 2 deadlocked trying to lock A
-//
 func CreateLocks() []*LockEntry {
 	ret := make([]*LockEntry, LockCount)
 	for i := range ret {
--- a/sdk/helper/template/template.go
+++ b/sdk/helper/template/template.go
@@ -39,37 +39,48 @@ func Function(name string, f interface{}) Opt {
 // - random
 //   - Randomly generated characters. This uses the charset specified in RandomCharset. Must include a length.
 //     Example: {{ rand 20 }}
+//
 // - truncate
 //   - Truncates the previous value to the specified length. Must include a maximum length.
 //     Example: {{ .DisplayName | truncate 10 }}
+//
 // - truncate_sha256
 //   - Truncates the previous value to the specified length. If the original length is greater than the length
 //     specified, the remaining characters will be sha256 hashed and appended to the end. The hash will be only the first 8 characters The maximum length will
 //     be no longer than the length specified.
 //     Example: {{ .DisplayName | truncate_sha256 30 }}
+//
 // - uppercase
 //   - Uppercases the previous value.
 //     Example: {{ .RoleName | uppercase }}
+//
 // - lowercase
 //   - Lowercases the previous value.
 //     Example: {{ .DisplayName | lowercase }}
+//
 // - replace
 //   - Performs a string find & replace
 //     Example: {{ .DisplayName | replace - _ }}
+//
 // - sha256
 //   - SHA256 hashes the previous value.
 //     Example: {{ .DisplayName | sha256 }}
+//
 // - base64
 //   - base64 encodes the previous value.
 //     Example: {{ .DisplayName | base64 }}
+//
 // - unix_time
 //   - Provides the current unix time in seconds.
 //     Example: {{ unix_time }}
+//
 // - unix_time_millis
 //   - Provides the current unix time in milliseconds.
 //     Example: {{ unix_time_millis }}
+//
 // - timestamp
 //   - Provides the current time. Must include a standard Go format string
+//
 // - uuid
 //   - Generates a UUID
 //     Example: {{ uuid }}
--- a/sdk/logical/request.go
+++ b/sdk/logical/request.go
@@ -378,7 +378,6 @@ type MFACreds map[string][]string
 // InitializationRequest stores the parameters and context of an Initialize()
 // call being made to a logical.Backend.
 type InitializationRequest struct {
-
 	// Storage can be used to durably store and retrieve state.
 	Storage Storage
 }
--- a/vault/external_tests/sealmigration/testshared.go
+++ b/vault/external_tests/sealmigration/testshared.go
@@ -334,7 +334,8 @@ func migrateFromShamirToTransit_Pre14(t *testing.T, logger hclog.Logger, storage
 }

 func validateMigration(t *testing.T, storage teststorage.ReusableStorage,
-	cluster *vault.TestCluster, leaderIdx int, f func(t *testing.T, core *vault.TestClusterCore)) {
+	cluster *vault.TestCluster, leaderIdx int, f func(t *testing.T, core *vault.TestClusterCore),
+) {
 	t.Helper()

 	leader := cluster.Cores[leaderIdx]
@@ -693,7 +694,8 @@ func runShamir(t *testing.T, logger hclog.Logger, storage teststorage.ReusableSt

 // initializeTransit initializes a brand new backend storage with Transit.
 func InitializeTransit(t *testing.T, logger hclog.Logger, storage teststorage.ReusableStorage, basePort int,
-	tss *sealhelper.TransitSealServer, sealKeyName string) (*vault.TestCluster, *vault.TestClusterOptions) {
+	tss *sealhelper.TransitSealServer, sealKeyName string,
+) (*vault.TestCluster, *vault.TestClusterOptions) {
 	t.Helper()

 	baseClusterPort := basePort + 10
--- a/vault/identity_store_groups_test.go
+++ b/vault/identity_store_groups_test.go
@@ -1083,6 +1083,7 @@ func TestIdentityStore_GroupMultiCase(t *testing.T) {

 /*
 Test groups hierarchy:
+
 	             ------- eng(entityID3) -------
 	             |                            |
 	      ----- vault -----        -- ops(entityID2) --