Fix swallowed errors in builtin (#2977)

builtin/audit/file/backend_test.go

@@ -15,8 +15,15 @@ import (
 func TestAuditFile_fileModeNew(t *testing.T) {
 	modeStr := "0777"
 	mode, err := strconv.ParseUint(modeStr, 8, 32)
+	if err != nil {
+		t.Fatal(err)
+	}
 
 	path, err := ioutil.TempDir("", "vault-test_audit_file-file_mode_new")
+	if err != nil {
+		t.Fatal(err)
+	}
+
 	defer os.RemoveAll(path)
 
 	file := filepath.Join(path, "auditTest.txt")

builtin/credential/approle/path_role_test.go

@@ -61,6 +61,9 @@ func TestAppRole_CIDRSubset(t *testing.T) {
 
 	secretIDData["cidr_list"] = "192.168.27.29/20,172.245.30.40/25,10.20.30.40/32"
 	resp, err = b.HandleRequest(secretIDReq)
+	if err != nil {
+		t.Fatal(err)
+	}
 	if resp != nil && resp.IsError() {
 		t.Fatalf("resp: %#v", resp)
 	}

builtin/credential/aws/backend_test.go

@@ -616,6 +616,9 @@ MlpCclZOR3JOOU4yZjZST2swazlLCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
 	certReq.Operation = logical.ReadOperation
 	// test read operation
 	resp, err = b.HandleRequest(certReq)
+	if err != nil {
+		t.Fatal(err)
+	}
 	expectedCert := `-----BEGIN CERTIFICATE-----
 MIIC7TCCAq0CCQCWukjZ5V4aZzAJBgcqhkjOOAQDMFwxCzAJBgNVBAYTAlVTMRkw
 FwYDVQQIExBXYXNoaW5ndG9uIFN0YXRlMRAwDgYDVQQHEwdTZWF0dGxlMSAwHgYD
@@ -732,6 +735,9 @@ func TestBackend_parseAndVerifyRoleTagValue(t *testing.T) {
 		Path:      "role/abcd-123",
 		Storage:   storage,
 	})
+	if err != nil {
+		t.Fatal(err)
+	}
 	if resp == nil {
 		t.Fatalf("expected an role entry for abcd-123")
 	}
@@ -1218,6 +1224,9 @@ func TestBackend_pathStsConfig(t *testing.T) {
 	stsReq.Operation = logical.ReadOperation
 	// test read operation
 	resp, err = b.HandleRequest(stsReq)
+	if err != nil {
+		t.Fatal(err)
+	}
 	expectedStsRole := "arn:aws:iam:account1:role/myRole"
 	if resp.Data["sts_role"].(string) != expectedStsRole {
 		t.Fatalf("bad: expected:%s\n got:%s\n", expectedStsRole, resp.Data["sts_role"].(string))

builtin/credential/aws/path_login.go

@@ -1423,6 +1423,9 @@ func submitCallerIdentityRequest(method, endpoint string, parsedUrl *url.URL, bo
 	}
 	// we check for status code afterwards to also print out response body
 	responseBody, err := ioutil.ReadAll(response.Body)
+	if err != nil {
+		return nil, err
+	}
 	if response.StatusCode != 200 {
 		return nil, fmt.Errorf("received error code %s from STS: %s", response.StatusCode, string(responseBody))
 	}

builtin/credential/aws/path_login_test.go

@@ -32,11 +32,17 @@ func TestBackend_pathLogin_getCallerIdentityResponse(t *testing.T) {
 	expectedRoleArn := "arn:aws:sts::123456789012:assumed-role/RoleName/RoleSessionName"
 
 	parsedUserResponse, err := parseGetCallerIdentityResponse(responseFromUser)
+	if err != nil {
+		t.Fatal(err)
+	}
 	if parsed_arn := parsedUserResponse.GetCallerIdentityResult[0].Arn; parsed_arn != expectedUserArn {
 		t.Errorf("expected to parse arn %#v, got %#v", expectedUserArn, parsed_arn)
 	}
 
 	parsedRoleResponse, err := parseGetCallerIdentityResponse(responseFromAssumedRole)
+	if err != nil {
+		t.Fatal(err)
+	}
 	if parsed_arn := parsedRoleResponse.GetCallerIdentityResult[0].Arn; parsed_arn != expectedRoleArn {
 		t.Errorf("expected to parn arn %#v; got %#v", expectedRoleArn, parsed_arn)
 	}

builtin/credential/aws/path_role_test.go

@@ -463,6 +463,9 @@ func TestBackend_pathRoleMixedTypes(t *testing.T) {
 		t.Fatalf("didn't allow creation of role resolving unique IDs")
 	}
 	resp, err = submitRequest("withInternalIdResolution", logical.ReadOperation)
+	if err != nil {
+		t.Fatal(err)
+	}
 	if resp.Data["bound_iam_principal_id"] != "FakeUniqueId1" {
 		t.Fatalf("expected fake unique ID of FakeUniqueId1, got %q", resp.Data["bound_iam_principal_id"])
 	}

builtin/credential/radius/path_login.go

@@ -142,6 +142,9 @@ func (b *backend) RadiusLogin(req *logical.Request, username string, password st
 	var policies []string
 	// Retrieve user entry from storage
 	user, err := b.user(req.Storage, username)
+	if err != nil {
+		return policies, logical.ErrorResponse("could not retrieve user entry from storage"), err
+	}
 	if user == nil {
 		// No user found, check if unregistered users are allowed (unregistered_user_policies not empty)
 		if len(policyutil.SanitizePolicies(cfg.UnregisteredUserPolicies, false)) == 0 {

builtin/logical/aws/backend_test.go

@@ -196,6 +196,10 @@ func teardown() error {
 		RoleName:  aws.String(testRoleName), // Required
 	}
 	_, err := svc.DetachRolePolicy(attachment)
+	if err != nil {
+		log.Printf("[WARN] AWS DetachRolePolicy failed: %v", err)
+		return err
+	}
 
 	params := &iam.DeleteRoleInput{
 		RoleName: aws.String(testRoleName),
@@ -206,9 +210,10 @@ func teardown() error {
 
 	if err != nil {
 		log.Printf("[WARN] AWS DeleteRole failed: %v", err)
+		return err
 	}
 
-	return err
+	return nil
 }
 
 func testAccStepConfig(t *testing.T) logicaltest.TestStep {

builtin/logical/transit/backend_test.go

@@ -754,6 +754,9 @@ func testConvergentEncryptionCommon(t *testing.T, ver int) {
 			"context":   "pWZ6t/im3AORd0lVYE0zBdKpX6Bl3/SvFtoVTPWbdkzjG788XmMAnOlxandSdd7S",
 		}
 		resp, err = b.HandleRequest(req)
+		if err == nil {
+			t.Fatal("expected error, got nil")
+		}
 		if resp == nil {
 			t.Fatal("expected non-nil response")
 		}
@@ -779,6 +782,9 @@ func testConvergentEncryptionCommon(t *testing.T, ver int) {
 		"context":   "pWZ6t/im3AORd0lVYE0zBdKpX6Bl3/SvFtoVTPWbdkzjG788XmMAnOlxandSdd7S",
 	}
 	resp, err = b.HandleRequest(req)
+	if err != nil {
+		t.Fatal(err)
+	}
 	if resp == nil {
 		t.Fatal("expected non-nil response")
 	}
@@ -788,6 +794,9 @@ func testConvergentEncryptionCommon(t *testing.T, ver int) {
 	ciphertext1 := resp.Data["ciphertext"].(string)
 
 	resp, err = b.HandleRequest(req)
+	if err != nil {
+		t.Fatal(err)
+	}
 	if resp == nil {
 		t.Fatal("expected non-nil response")
 	}
@@ -813,6 +822,9 @@ func testConvergentEncryptionCommon(t *testing.T, ver int) {
 	}
 
 	resp, err = b.HandleRequest(req)
+	if err != nil {
+		t.Fatal(err)
+	}
 	if resp == nil {
 		t.Fatal("expected non-nil response")
 	}
@@ -822,6 +834,9 @@ func testConvergentEncryptionCommon(t *testing.T, ver int) {
 	ciphertext3 := resp.Data["ciphertext"].(string)
 
 	resp, err = b.HandleRequest(req)
+	if err != nil {
+		t.Fatal(err)
+	}
 	if resp == nil {
 		t.Fatal("expected non-nil response")
 	}
@@ -844,6 +859,9 @@ func testConvergentEncryptionCommon(t *testing.T, ver int) {
 		"context":   "qV4h9iQyvn+raODOer4JNAsOhkXBwdT4HZ677Ql4KLqXSU+Jk4C/fXBWbv6xkSYT",
 	}
 	resp, err = b.HandleRequest(req)
+	if err != nil {
+		t.Fatal(err)
+	}
 	if resp == nil {
 		t.Fatal("expected non-nil response")
 	}
@@ -853,6 +871,9 @@ func testConvergentEncryptionCommon(t *testing.T, ver int) {
 	ciphertext5 := resp.Data["ciphertext"].(string)
 
 	resp, err = b.HandleRequest(req)
+	if err != nil {
+		t.Fatal(err)
+	}
 	if resp == nil {
 		t.Fatal("expected non-nil response")
 	}
@@ -878,6 +899,9 @@ func testConvergentEncryptionCommon(t *testing.T, ver int) {
 		"context": "pWZ6t/im3AORd0lVYE0zBdKpX6Bl3/SvFtoVTPWbdkzjG788XmMAnOlxandSdd7S",
 	}
 	resp, err = b.HandleRequest(req)
+	if err == nil {
+		t.Fatal("expected error, got nil")
+	}
 	if resp == nil {
 		t.Fatal("expected non-nil response")
 	}
@@ -892,6 +916,9 @@ func testConvergentEncryptionCommon(t *testing.T, ver int) {
 		"context":   "pWZ6t/im3AORd0lVYE0zBdKpX6Bl3/SvFtoVTPWbdkzjG788XmMAnOlxandSdd7S",
 	}
 	resp, err = b.HandleRequest(req)
+	if err != nil {
+		t.Fatal(err)
+	}
 	if resp == nil {
 		t.Fatal("expected non-nil response")
 	}
@@ -901,6 +928,9 @@ func testConvergentEncryptionCommon(t *testing.T, ver int) {
 	ciphertext7 := resp.Data["ciphertext"].(string)
 
 	resp, err = b.HandleRequest(req)
+	if err != nil {
+		t.Fatal(err)
+	}
 	if resp == nil {
 		t.Fatal("expected non-nil response")
 	}