mirror of
https://github.com/optim-enterprises-bv/vault.git
synced 2025-11-03 20:17:59 +00:00
go vet fixes
This commit is contained in:
Jeff Mitchell
@@ -287,7 +287,7 @@ func TestBackend_ConfigTidyIdentities(t *testing.T) {
|
||||
t.Fatalf("failed to read config/tidy/identity-whitelist endpoint")
|
||||
}
|
||||
if resp.Data["safety_buffer"].(int) != 60 || !resp.Data["disable_periodic_tidy"].(bool) {
|
||||
t.Fatalf("bad: expected: safety_buffer:60 disable_periodic_tidy:true actual: safety_buffer:%s disable_periodic_tidy:%t\n", resp.Data["safety_buffer"].(int), resp.Data["disable_periodic_tidy"].(bool))
|
||||
t.Fatalf("bad: expected: safety_buffer:60 disable_periodic_tidy:true actual: safety_buffer:%d disable_periodic_tidy:%t\n", resp.Data["safety_buffer"].(int), resp.Data["disable_periodic_tidy"].(bool))
|
||||
}
|
||||
|
||||
// test delete operation
|
||||
@@ -342,7 +342,7 @@ func TestBackend_ConfigTidyRoleTags(t *testing.T) {
|
||||
t.Fatalf("failed to read config/tidy/roletag-blacklist endpoint")
|
||||
}
|
||||
if resp.Data["safety_buffer"].(int) != 60 || !resp.Data["disable_periodic_tidy"].(bool) {
|
||||
t.Fatalf("bad: expected: safety_buffer:60 disable_periodic_tidy:true actual: safety_buffer:%s disable_periodic_tidy:%t\n", resp.Data["safety_buffer"].(int), resp.Data["disable_periodic_tidy"].(bool))
|
||||
t.Fatalf("bad: expected: safety_buffer:60 disable_periodic_tidy:true actual: safety_buffer:%d disable_periodic_tidy:%t\n", resp.Data["safety_buffer"].(int), resp.Data["disable_periodic_tidy"].(bool))
|
||||
}
|
||||
|
||||
// test delete operation
|
||||
@@ -1587,7 +1587,7 @@ func TestBackendAcc_LoginWithCallerIdentity(t *testing.T) {
|
||||
// and ensure a renew no longer works
|
||||
resp, err = b.pathLoginRenew(context.Background(), renewReq, empty_login_fd)
|
||||
if err == nil || (resp != nil && !resp.IsError()) {
|
||||
t.Errorf("bad: expected failed renew due to changed AWS role ID: resp: %#v", resp, err)
|
||||
t.Errorf("bad: expected failed renew due to changed AWS role ID: resp: %#v", resp)
|
||||
}
|
||||
// Undo the fake resolver...
|
||||
b.resolveArnToUniqueIDFunc = b.resolveArnToRealUniqueId
|
||||
|
||||
@@ -1062,8 +1062,7 @@ func testConnState(certPath, keyPath, rootCertPath string) (tls.ConnectionState,
|
||||
InsecureSkipVerify: false,
|
||||
RootCAs: rootCAs,
|
||||
}
|
||||
dialConf := new(tls.Config)
|
||||
*dialConf = *listenConf
|
||||
dialConf := listenConf.Clone()
|
||||
// start a server
|
||||
list, err := tls.Listen("tcp", "127.0.0.1:0", listenConf)
|
||||
if err != nil {
|
||||
|
||||
@@ -261,7 +261,7 @@ func TestBackend_configDefaultsAfterUpdate(t *testing.T) {
|
||||
|
||||
defaultDenyNullBind := true
|
||||
if cfg["deny_null_bind"] != defaultDenyNullBind {
|
||||
t.Errorf("Default mismatch: deny_null_bind. Expected: '%s', received :'%s'", defaultDenyNullBind, cfg["deny_null_bind"])
|
||||
t.Errorf("Default mismatch: deny_null_bind. Expected: '%t', received :'%s'", defaultDenyNullBind, cfg["deny_null_bind"])
|
||||
}
|
||||
|
||||
return nil
|
||||
|
||||
@@ -143,7 +143,7 @@ func TestBackend_RoleUpgrade(t *testing.T) {
|
||||
}
|
||||
|
||||
if !reflect.DeepEqual(role, roleEnt) {
|
||||
t.Fatal("bad role %#v", role)
|
||||
t.Fatalf("bad role %#v", role)
|
||||
}
|
||||
|
||||
// Upgrade case
|
||||
@@ -162,7 +162,7 @@ func TestBackend_RoleUpgrade(t *testing.T) {
|
||||
}
|
||||
|
||||
if !reflect.DeepEqual(role, roleEnt) {
|
||||
t.Fatal("bad role %#v", role)
|
||||
t.Fatalf("bad role %#v", role)
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -192,7 +192,7 @@ func TestIdentityStore_Integ_GroupAliases(t *testing.T) {
|
||||
}
|
||||
}
|
||||
if !found {
|
||||
t.Fatalf("expected entity ID %q to be part of Italians group")
|
||||
t.Fatalf("expected entity ID %q to be part of Italians group", entityID)
|
||||
}
|
||||
|
||||
secret, err = client.Logical().Read("identity/group/id/" + scientistsGroupID)
|
||||
@@ -207,7 +207,7 @@ func TestIdentityStore_Integ_GroupAliases(t *testing.T) {
|
||||
}
|
||||
}
|
||||
if !found {
|
||||
t.Fatalf("expected entity ID %q to be part of Scientists group")
|
||||
t.Fatalf("expected entity ID %q to be part of Scientists group", entityID)
|
||||
}
|
||||
|
||||
secret, err = client.Logical().Read("identity/group/id/" + devopsGroupID)
|
||||
@@ -222,7 +222,7 @@ func TestIdentityStore_Integ_GroupAliases(t *testing.T) {
|
||||
}
|
||||
}
|
||||
if !found {
|
||||
t.Fatalf("expected entity ID %q to be part of devops group")
|
||||
t.Fatalf("expected entity ID %q to be part of devops group", entityID)
|
||||
}
|
||||
|
||||
identityStore := cores[0].IdentityStore()
|
||||
@@ -308,7 +308,7 @@ func TestIdentityStore_Integ_GroupAliases(t *testing.T) {
|
||||
}
|
||||
}
|
||||
if !found {
|
||||
t.Fatalf("expected entity ID %q to be part of Italians group")
|
||||
t.Fatalf("expected entity ID %q to be part of Italians group", entityID)
|
||||
}
|
||||
|
||||
secret, err = client.Logical().Read("identity/group/id/" + scientistsGroupID)
|
||||
@@ -323,7 +323,7 @@ func TestIdentityStore_Integ_GroupAliases(t *testing.T) {
|
||||
}
|
||||
}
|
||||
if !found {
|
||||
t.Fatalf("expected entity ID %q to be part of Italians group")
|
||||
t.Fatalf("expected entity ID %q to be part of scientists group", entityID)
|
||||
}
|
||||
|
||||
secret, err = client.Logical().Read("identity/group/id/" + devopsGroupID)
|
||||
@@ -339,7 +339,7 @@ func TestIdentityStore_Integ_GroupAliases(t *testing.T) {
|
||||
}
|
||||
}
|
||||
if !found {
|
||||
t.Fatalf("expected entity ID %q to be part of devops group")
|
||||
t.Fatalf("expected entity ID %q to be part of devops group", entityID)
|
||||
}
|
||||
|
||||
// Remove user tesla from the devops group in LDAP backend
|
||||
|
||||
@@ -36,7 +36,7 @@ func TestTCPListener_tls(t *testing.T) {
|
||||
wd, _ := os.Getwd()
|
||||
wd += "/test-fixtures/reload/"
|
||||
|
||||
td, err := ioutil.TempDir("", fmt.Sprintf("vault-test-%d", rand.New(rand.NewSource(time.Now().Unix())).Int63))
|
||||
td, err := ioutil.TempDir("", fmt.Sprintf("vault-test-%d", rand.New(rand.NewSource(time.Now().Unix())).Int63()))
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
@@ -52,12 +52,12 @@ func ParseHexFormatted(in, sep string) []byte {
|
||||
// of the marshaled public key
|
||||
func GetSubjKeyID(privateKey crypto.Signer) ([]byte, error) {
|
||||
if privateKey == nil {
|
||||
return nil, errutil.InternalError{"passed-in private key is nil"}
|
||||
return nil, errutil.InternalError{Err: "passed-in private key is nil"}
|
||||
}
|
||||
|
||||
marshaledKey, err := x509.MarshalPKIXPublicKey(privateKey.Public())
|
||||
if err != nil {
|
||||
return nil, errutil.InternalError{fmt.Sprintf("error marshalling public key: %s", err)}
|
||||
return nil, errutil.InternalError{Err: fmt.Sprintf("error marshalling public key: %s", err)}
|
||||
}
|
||||
|
||||
subjKeyID := sha1.Sum(marshaledKey)
|
||||
@@ -71,7 +71,7 @@ func ParsePKIMap(data map[string]interface{}) (*ParsedCertBundle, error) {
|
||||
result := &CertBundle{}
|
||||
err := mapstructure.Decode(data, result)
|
||||
if err != nil {
|
||||
return nil, errutil.UserError{err.Error()}
|
||||
return nil, errutil.UserError{Err: err.Error()}
|
||||
}
|
||||
|
||||
return result.ToParsedCertBundle()
|
||||
@@ -97,7 +97,7 @@ func ParsePKIJSON(input []byte) (*ParsedCertBundle, error) {
|
||||
return ParsePKIMap(secret.Data)
|
||||
}
|
||||
|
||||
return nil, errutil.UserError{"unable to parse out of either secret data or a secret object"}
|
||||
return nil, errutil.UserError{Err: "unable to parse out of either secret data or a secret object"}
|
||||
}
|
||||
|
||||
// ParsePEMBundle takes a string of concatenated PEM-format certificate
|
||||
@@ -106,7 +106,7 @@ func ParsePKIJSON(input []byte) (*ParsedCertBundle, error) {
|
||||
// certificates may follow. There must be at most one private key.
|
||||
func ParsePEMBundle(pemBundle string) (*ParsedCertBundle, error) {
|
||||
if len(pemBundle) == 0 {
|
||||
return nil, errutil.UserError{"empty pem bundle"}
|
||||
return nil, errutil.UserError{Err: "empty pem bundle"}
|
||||
}
|
||||
|
||||
pemBundle = strings.TrimSpace(pemBundle)
|
||||
@@ -119,12 +119,12 @@ func ParsePEMBundle(pemBundle string) (*ParsedCertBundle, error) {
|
||||
for len(pemBytes) > 0 {
|
||||
pemBlock, pemBytes = pem.Decode(pemBytes)
|
||||
if pemBlock == nil {
|
||||
return nil, errutil.UserError{"no data found"}
|
||||
return nil, errutil.UserError{Err: "no data found"}
|
||||
}
|
||||
|
||||
if signer, err := x509.ParseECPrivateKey(pemBlock.Bytes); err == nil {
|
||||
if parsedBundle.PrivateKeyType != UnknownPrivateKey {
|
||||
return nil, errutil.UserError{"more than one private key given; provide only one private key in the bundle"}
|
||||
return nil, errutil.UserError{Err: "more than one private key given; provide only one private key in the bundle"}
|
||||
}
|
||||
parsedBundle.PrivateKeyFormat = ECBlock
|
||||
parsedBundle.PrivateKeyType = ECPrivateKey
|
||||
@@ -133,7 +133,7 @@ func ParsePEMBundle(pemBundle string) (*ParsedCertBundle, error) {
|
||||
|
||||
} else if signer, err := x509.ParsePKCS1PrivateKey(pemBlock.Bytes); err == nil {
|
||||
if parsedBundle.PrivateKeyType != UnknownPrivateKey {
|
||||
return nil, errutil.UserError{"more than one private key given; provide only one private key in the bundle"}
|
||||
return nil, errutil.UserError{Err: "more than one private key given; provide only one private key in the bundle"}
|
||||
}
|
||||
parsedBundle.PrivateKeyType = RSAPrivateKey
|
||||
parsedBundle.PrivateKeyFormat = PKCS1Block
|
||||
@@ -143,7 +143,7 @@ func ParsePEMBundle(pemBundle string) (*ParsedCertBundle, error) {
|
||||
parsedBundle.PrivateKeyFormat = PKCS8Block
|
||||
|
||||
if parsedBundle.PrivateKeyType != UnknownPrivateKey {
|
||||
return nil, errutil.UserError{"More than one private key given; provide only one private key in the bundle"}
|
||||
return nil, errutil.UserError{Err: "More than one private key given; provide only one private key in the bundle"}
|
||||
}
|
||||
switch signer := signer.(type) {
|
||||
case *rsa.PrivateKey:
|
||||
|
||||
@@ -147,7 +147,7 @@ func (c *CertBundle) ToParsedCertBundle() (*ParsedCertBundle, error) {
|
||||
if len(c.PrivateKey) > 0 {
|
||||
pemBlock, _ = pem.Decode([]byte(c.PrivateKey))
|
||||
if pemBlock == nil {
|
||||
return nil, errutil.UserError{"Error decoding private key from cert bundle"}
|
||||
return nil, errutil.UserError{Err: "Error decoding private key from cert bundle"}
|
||||
}
|
||||
|
||||
result.PrivateKeyBytes = pemBlock.Bytes
|
||||
@@ -161,7 +161,7 @@ func (c *CertBundle) ToParsedCertBundle() (*ParsedCertBundle, error) {
|
||||
case PKCS8Block:
|
||||
t, err := getPKCS8Type(pemBlock.Bytes)
|
||||
if err != nil {
|
||||
return nil, errutil.UserError{fmt.Sprintf("Error getting key type from pkcs#8: %v", err)}
|
||||
return nil, errutil.UserError{Err: fmt.Sprintf("Error getting key type from pkcs#8: %v", err)}
|
||||
}
|
||||
result.PrivateKeyType = t
|
||||
switch t {
|
||||
@@ -171,24 +171,24 @@ func (c *CertBundle) ToParsedCertBundle() (*ParsedCertBundle, error) {
|
||||
c.PrivateKeyType = RSAPrivateKey
|
||||
}
|
||||
default:
|
||||
return nil, errutil.UserError{fmt.Sprintf("Unsupported key block type: %s", pemBlock.Type)}
|
||||
return nil, errutil.UserError{Err: fmt.Sprintf("Unsupported key block type: %s", pemBlock.Type)}
|
||||
}
|
||||
|
||||
result.PrivateKey, err = result.getSigner()
|
||||
if err != nil {
|
||||
return nil, errutil.UserError{fmt.Sprintf("Error getting signer: %s", err)}
|
||||
return nil, errutil.UserError{Err: fmt.Sprintf("Error getting signer: %s", err)}
|
||||
}
|
||||
}
|
||||
|
||||
if len(c.Certificate) > 0 {
|
||||
pemBlock, _ = pem.Decode([]byte(c.Certificate))
|
||||
if pemBlock == nil {
|
||||
return nil, errutil.UserError{"Error decoding certificate from cert bundle"}
|
||||
return nil, errutil.UserError{Err: "Error decoding certificate from cert bundle"}
|
||||
}
|
||||
result.CertificateBytes = pemBlock.Bytes
|
||||
result.Certificate, err = x509.ParseCertificate(result.CertificateBytes)
|
||||
if err != nil {
|
||||
return nil, errutil.UserError{"Error encountered parsing certificate bytes from raw bundle"}
|
||||
return nil, errutil.UserError{Err: "Error encountered parsing certificate bytes from raw bundle"}
|
||||
}
|
||||
}
|
||||
switch {
|
||||
@@ -196,12 +196,12 @@ func (c *CertBundle) ToParsedCertBundle() (*ParsedCertBundle, error) {
|
||||
for _, cert := range c.CAChain {
|
||||
pemBlock, _ := pem.Decode([]byte(cert))
|
||||
if pemBlock == nil {
|
||||
return nil, errutil.UserError{"Error decoding certificate from cert bundle"}
|
||||
return nil, errutil.UserError{Err: "Error decoding certificate from cert bundle"}
|
||||
}
|
||||
|
||||
parsedCert, err := x509.ParseCertificate(pemBlock.Bytes)
|
||||
if err != nil {
|
||||
return nil, errutil.UserError{"Error encountered parsing certificate bytes from raw bundle"}
|
||||
return nil, errutil.UserError{Err: "Error encountered parsing certificate bytes from raw bundle"}
|
||||
}
|
||||
|
||||
certBlock := &CertBlock{
|
||||
@@ -215,12 +215,12 @@ func (c *CertBundle) ToParsedCertBundle() (*ParsedCertBundle, error) {
|
||||
case len(c.IssuingCA) > 0:
|
||||
pemBlock, _ = pem.Decode([]byte(c.IssuingCA))
|
||||
if pemBlock == nil {
|
||||
return nil, errutil.UserError{"Error decoding ca certificate from cert bundle"}
|
||||
return nil, errutil.UserError{Err: "Error decoding ca certificate from cert bundle"}
|
||||
}
|
||||
|
||||
parsedCert, err := x509.ParseCertificate(pemBlock.Bytes)
|
||||
if err != nil {
|
||||
return nil, errutil.UserError{"Error encountered parsing certificate bytes from raw bundle3"}
|
||||
return nil, errutil.UserError{Err: "Error encountered parsing certificate bytes from raw bundle3"}
|
||||
}
|
||||
|
||||
result.SerialNumber = result.Certificate.SerialNumber
|
||||
@@ -343,20 +343,20 @@ func (p *ParsedCertBundle) getSigner() (crypto.Signer, error) {
|
||||
var err error
|
||||
|
||||
if p.PrivateKeyBytes == nil || len(p.PrivateKeyBytes) == 0 {
|
||||
return nil, errutil.UserError{"Given parsed cert bundle does not have private key information"}
|
||||
return nil, errutil.UserError{Err: "Given parsed cert bundle does not have private key information"}
|
||||
}
|
||||
|
||||
switch p.PrivateKeyFormat {
|
||||
case ECBlock:
|
||||
signer, err = x509.ParseECPrivateKey(p.PrivateKeyBytes)
|
||||
if err != nil {
|
||||
return nil, errutil.UserError{fmt.Sprintf("Unable to parse CA's private EC key: %s", err)}
|
||||
return nil, errutil.UserError{Err: fmt.Sprintf("Unable to parse CA's private EC key: %s", err)}
|
||||
}
|
||||
|
||||
case PKCS1Block:
|
||||
signer, err = x509.ParsePKCS1PrivateKey(p.PrivateKeyBytes)
|
||||
if err != nil {
|
||||
return nil, errutil.UserError{fmt.Sprintf("Unable to parse CA's private RSA key: %s", err)}
|
||||
return nil, errutil.UserError{Err: fmt.Sprintf("Unable to parse CA's private RSA key: %s", err)}
|
||||
}
|
||||
|
||||
case PKCS8Block:
|
||||
@@ -365,12 +365,12 @@ func (p *ParsedCertBundle) getSigner() (crypto.Signer, error) {
|
||||
case *rsa.PrivateKey, *ecdsa.PrivateKey:
|
||||
return k.(crypto.Signer), nil
|
||||
default:
|
||||
return nil, errutil.UserError{"Found unknown private key type in pkcs#8 wrapping"}
|
||||
return nil, errutil.UserError{Err: "Found unknown private key type in pkcs#8 wrapping"}
|
||||
}
|
||||
}
|
||||
return nil, errutil.UserError{fmt.Sprintf("Failed to parse pkcs#8 key: %v", err)}
|
||||
return nil, errutil.UserError{Err: fmt.Sprintf("Failed to parse pkcs#8 key: %v", err)}
|
||||
default:
|
||||
return nil, errutil.UserError{"Unable to determine type of private key; only RSA and EC are supported"}
|
||||
return nil, errutil.UserError{Err: "Unable to determine type of private key; only RSA and EC are supported"}
|
||||
}
|
||||
return signer, nil
|
||||
}
|
||||
@@ -385,7 +385,7 @@ func (p *ParsedCertBundle) SetParsedPrivateKey(privateKey crypto.Signer, private
|
||||
func getPKCS8Type(bs []byte) (PrivateKeyType, error) {
|
||||
k, err := x509.ParsePKCS8PrivateKey(bs)
|
||||
if err != nil {
|
||||
return UnknownPrivateKey, errutil.UserError{fmt.Sprintf("Failed to parse pkcs#8 key: %v", err)}
|
||||
return UnknownPrivateKey, errutil.UserError{Err: fmt.Sprintf("Failed to parse pkcs#8 key: %v", err)}
|
||||
}
|
||||
|
||||
switch k.(type) {
|
||||
@@ -394,7 +394,7 @@ func getPKCS8Type(bs []byte) (PrivateKeyType, error) {
|
||||
case *rsa.PrivateKey:
|
||||
return RSAPrivateKey, nil
|
||||
default:
|
||||
return UnknownPrivateKey, errutil.UserError{"Found unknown private key type in pkcs#8 wrapping"}
|
||||
return UnknownPrivateKey, errutil.UserError{Err: "Found unknown private key type in pkcs#8 wrapping"}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -408,7 +408,7 @@ func (c *CSRBundle) ToParsedCSRBundle() (*ParsedCSRBundle, error) {
|
||||
if len(c.PrivateKey) > 0 {
|
||||
pemBlock, _ = pem.Decode([]byte(c.PrivateKey))
|
||||
if pemBlock == nil {
|
||||
return nil, errutil.UserError{"Error decoding private key from cert bundle"}
|
||||
return nil, errutil.UserError{Err: "Error decoding private key from cert bundle"}
|
||||
}
|
||||
result.PrivateKeyBytes = pemBlock.Bytes
|
||||
|
||||
@@ -426,25 +426,25 @@ func (c *CSRBundle) ToParsedCSRBundle() (*ParsedCSRBundle, error) {
|
||||
result.PrivateKeyType = RSAPrivateKey
|
||||
c.PrivateKeyType = "rsa"
|
||||
} else {
|
||||
return nil, errutil.UserError{fmt.Sprintf("Unknown private key type in bundle: %s", c.PrivateKeyType)}
|
||||
return nil, errutil.UserError{Err: fmt.Sprintf("Unknown private key type in bundle: %s", c.PrivateKeyType)}
|
||||
}
|
||||
}
|
||||
|
||||
result.PrivateKey, err = result.getSigner()
|
||||
if err != nil {
|
||||
return nil, errutil.UserError{fmt.Sprintf("Error getting signer: %s", err)}
|
||||
return nil, errutil.UserError{Err: fmt.Sprintf("Error getting signer: %s", err)}
|
||||
}
|
||||
}
|
||||
|
||||
if len(c.CSR) > 0 {
|
||||
pemBlock, _ = pem.Decode([]byte(c.CSR))
|
||||
if pemBlock == nil {
|
||||
return nil, errutil.UserError{"Error decoding certificate from cert bundle"}
|
||||
return nil, errutil.UserError{Err: "Error decoding certificate from cert bundle"}
|
||||
}
|
||||
result.CSRBytes = pemBlock.Bytes
|
||||
result.CSR, err = x509.ParseCertificateRequest(result.CSRBytes)
|
||||
if err != nil {
|
||||
return nil, errutil.UserError{fmt.Sprintf("Error encountered parsing certificate bytes from raw bundle: %v", err)}
|
||||
return nil, errutil.UserError{Err: fmt.Sprintf("Error encountered parsing certificate bytes from raw bundle: %v", err)}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -474,7 +474,7 @@ func (p *ParsedCSRBundle) ToCSRBundle() (*CSRBundle, error) {
|
||||
result.PrivateKeyType = "ec"
|
||||
block.Type = "EC PRIVATE KEY"
|
||||
default:
|
||||
return nil, errutil.InternalError{"Could not determine private key type when creating block"}
|
||||
return nil, errutil.InternalError{Err: "Could not determine private key type when creating block"}
|
||||
}
|
||||
result.PrivateKey = strings.TrimSpace(string(pem.EncodeToMemory(&block)))
|
||||
}
|
||||
@@ -491,24 +491,24 @@ func (p *ParsedCSRBundle) getSigner() (crypto.Signer, error) {
|
||||
var err error
|
||||
|
||||
if p.PrivateKeyBytes == nil || len(p.PrivateKeyBytes) == 0 {
|
||||
return nil, errutil.UserError{"Given parsed cert bundle does not have private key information"}
|
||||
return nil, errutil.UserError{Err: "Given parsed cert bundle does not have private key information"}
|
||||
}
|
||||
|
||||
switch p.PrivateKeyType {
|
||||
case ECPrivateKey:
|
||||
signer, err = x509.ParseECPrivateKey(p.PrivateKeyBytes)
|
||||
if err != nil {
|
||||
return nil, errutil.UserError{fmt.Sprintf("Unable to parse CA's private EC key: %s", err)}
|
||||
return nil, errutil.UserError{Err: fmt.Sprintf("Unable to parse CA's private EC key: %s", err)}
|
||||
}
|
||||
|
||||
case RSAPrivateKey:
|
||||
signer, err = x509.ParsePKCS1PrivateKey(p.PrivateKeyBytes)
|
||||
if err != nil {
|
||||
return nil, errutil.UserError{fmt.Sprintf("Unable to parse CA's private RSA key: %s", err)}
|
||||
return nil, errutil.UserError{Err: fmt.Sprintf("Unable to parse CA's private RSA key: %s", err)}
|
||||
}
|
||||
|
||||
default:
|
||||
return nil, errutil.UserError{"Unable to determine type of private key; only RSA and EC are supported"}
|
||||
return nil, errutil.UserError{Err: "Unable to determine type of private key; only RSA and EC are supported"}
|
||||
}
|
||||
return signer, nil
|
||||
}
|
||||
|
||||
@@ -23,7 +23,7 @@ type ResponseWrapInfo struct {
|
||||
|
||||
// WrappedEntityID is the entity identifier of the caller who initiated the
|
||||
// wrapping request
|
||||
WrappedEntityID string `json:"wrapped_entity_id" structs:"wrapped_entity_id" mapstructure:"wrapped_entity_id sentinel:"""`
|
||||
WrappedEntityID string `json:"wrapped_entity_id" structs:"wrapped_entity_id" mapstructure:"wrapped_entity_id" sentinel:""`
|
||||
|
||||
// The format to use. This doesn't get returned, it's only internal.
|
||||
Format string `json:"format" structs:"format" mapstructure:"format" sentinel:""`
|
||||
|
||||
@@ -122,7 +122,7 @@ func TestHTTP_Wrapping(t *testing.T) {
|
||||
t.Fatalf("mistmatched ttls: %d vs %d", creationTTL, wrapInfo.TTL)
|
||||
}
|
||||
if secret.Data["creation_time"].(string) != wrapInfo.CreationTime.Format(time.RFC3339Nano) {
|
||||
t.Fatalf("mistmatched creation times: %d vs %d", secret.Data["creation_time"].(string), wrapInfo.CreationTime.Format(time.RFC3339Nano))
|
||||
t.Fatalf("mistmatched creation times: %q vs %q", secret.Data["creation_time"].(string), wrapInfo.CreationTime.Format(time.RFC3339Nano))
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -88,7 +88,13 @@ func NewZooKeeperBackend(conf map[string]string, logger log.Logger) (physical.Ba
|
||||
}
|
||||
}
|
||||
|
||||
acl := []zk.ACL{{zk.PermAll, schema, owner}}
|
||||
acl := []zk.ACL{
|
||||
{
|
||||
Perms: zk.PermAll,
|
||||
Scheme: schema,
|
||||
ID: owner,
|
||||
},
|
||||
}
|
||||
|
||||
// Authnetication info
|
||||
var schemaAndUser string
|
||||
|
||||
@@ -338,7 +338,6 @@ func testCluster_ForwardRequests(t *testing.T, c *TestClusterCore, rootToken, re
|
||||
// We need to call Leader as that refreshes the connection info
|
||||
isLeader, _, _, err := c.Leader()
|
||||
if err != nil {
|
||||
panic(err.Error())
|
||||
t.Fatal(err)
|
||||
}
|
||||
if isLeader {
|
||||
|
||||
@@ -1322,6 +1322,11 @@ func (i *IdentityStore) sanitizeAndUpsertGroup(group *identity.Group, memberGrou
|
||||
}
|
||||
|
||||
func (i *IdentityStore) validateMemberGroupID(groupID string, memberGroupID string) error {
|
||||
// Detect self loop
|
||||
if groupID == memberGroupID {
|
||||
return fmt.Errorf("member group ID %q is same as the ID of the group", groupID)
|
||||
}
|
||||
|
||||
group, err := i.MemDBGroupByID(groupID, true)
|
||||
if err != nil {
|
||||
return err
|
||||
@@ -1333,11 +1338,6 @@ func (i *IdentityStore) validateMemberGroupID(groupID string, memberGroupID stri
|
||||
return nil
|
||||
}
|
||||
|
||||
// Detect self loop
|
||||
if groupID == memberGroupID {
|
||||
fmt.Errorf("member group ID %q is same as the ID of the group")
|
||||
}
|
||||
|
||||
// If adding the memberGroupID to groupID creates a cycle, then groupID must
|
||||
// be a hop in that loop. Start a DFS traversal from memberGroupID and see if
|
||||
// it reaches back to groupID. If it does, then it's a loop.
|
||||
|
||||
Reference in New Issue
Block a user