Run a more strict formatter over the code (#11312)

* Update tooling

* Run gofumpt

* go mod vendor

Makefile

@@ -210,7 +210,7 @@ fmtcheck:
 #@sh -c "'$(CURDIR)/scripts/gofmtcheck.sh'"
 
 fmt:
-	goimports -w $(GOFMT_FILES)
+	find . -name '*.go' | grep -v pb.go | grep -v vendor | xargs gofumpt -w
 
 assetcheck:
 	@echo "==> Checking compiled UI assets..."

api/client.go

@@ -25,26 +25,30 @@ import (
 	"golang.org/x/time/rate"
 )
 
-const EnvVaultAddress = "VAULT_ADDR"
+const (
-const EnvVaultAgentAddr = "VAULT_AGENT_ADDR"
+	EnvVaultAddress       = "VAULT_ADDR"
-const EnvVaultCACert = "VAULT_CACERT"
+	EnvVaultAgentAddr     = "VAULT_AGENT_ADDR"
-const EnvVaultCAPath = "VAULT_CAPATH"
+	EnvVaultCACert        = "VAULT_CACERT"
-const EnvVaultClientCert = "VAULT_CLIENT_CERT"
+	EnvVaultCAPath        = "VAULT_CAPATH"
-const EnvVaultClientKey = "VAULT_CLIENT_KEY"
+	EnvVaultClientCert    = "VAULT_CLIENT_CERT"
-const EnvVaultClientTimeout = "VAULT_CLIENT_TIMEOUT"
+	EnvVaultClientKey     = "VAULT_CLIENT_KEY"
-const EnvVaultSRVLookup = "VAULT_SRV_LOOKUP"
+	EnvVaultClientTimeout = "VAULT_CLIENT_TIMEOUT"
-const EnvVaultSkipVerify = "VAULT_SKIP_VERIFY"
+	EnvVaultSRVLookup     = "VAULT_SRV_LOOKUP"
-const EnvVaultNamespace = "VAULT_NAMESPACE"
+	EnvVaultSkipVerify    = "VAULT_SKIP_VERIFY"
-const EnvVaultTLSServerName = "VAULT_TLS_SERVER_NAME"
+	EnvVaultNamespace     = "VAULT_NAMESPACE"
-const EnvVaultWrapTTL = "VAULT_WRAP_TTL"
+	EnvVaultTLSServerName = "VAULT_TLS_SERVER_NAME"
-const EnvVaultMaxRetries = "VAULT_MAX_RETRIES"
+	EnvVaultWrapTTL       = "VAULT_WRAP_TTL"
-const EnvVaultToken = "VAULT_TOKEN"
+	EnvVaultMaxRetries    = "VAULT_MAX_RETRIES"
-const EnvVaultMFA = "VAULT_MFA"
+	EnvVaultToken         = "VAULT_TOKEN"
-const EnvRateLimit = "VAULT_RATE_LIMIT"
+	EnvVaultMFA           = "VAULT_MFA"
+	EnvRateLimit          = "VAULT_RATE_LIMIT"
+)
 
 // Deprecated values
-const EnvVaultAgentAddress = "VAULT_AGENT_ADDR"
+const (
-const EnvVaultInsecure = "VAULT_SKIP_VERIFY"
+	EnvVaultAgentAddress = "VAULT_AGENT_ADDR"
+	EnvVaultInsecure     = "VAULT_SKIP_VERIFY"
+)
 
 // WrappingLookupFunc is a function that, given an HTTP verb and a path,
 // returns an optional string duration to be used for response wrapping (e.g.
@@ -359,7 +363,6 @@ func (c *Config) ReadEnvironment() error {
 }
 
 func parseRateLimit(val string) (rate float64, burst int, err error) {
-
 	_, err = fmt.Sscanf(val, "%f:%d", &rate, &burst)
 	if err != nil {
 		rate, err = strconv.ParseFloat(val, 64)
@@ -370,7 +373,6 @@ func parseRateLimit(val string) (rate float64, burst int, err error) {
 	}
 
 	return rate, burst, err
-
 }
 
 // Client is the client to the Vault API. Create a client with NewClient.
@@ -793,7 +795,7 @@ func (c *Client) NewRequest(method, requestPath string) *Request {
 	policyOverride := c.policyOverride
 	c.modifyLock.RUnlock()
 
-	var host = addr.Host
+	host := addr.Host
 	// if SRV records exist (see https://tools.ietf.org/html/draft-andrews-http-srv-02), lookup the SRV
 	// record and take the highest match; this is not designed for high-availability, just discovery
 	// Internet Draft specifies that the SRV record is ignored if a port is given
@@ -985,8 +987,10 @@ START:
 	return result, nil
 }
 
-type RequestCallback func(*Request)
+type (
-type ResponseCallback func(*Response)
+	RequestCallback  func(*Request)
+	ResponseCallback func(*Response)
+)
 
 // WithRequestCallbacks makes a shallow clone of Client, modifies it to use
 // the given callbacks, and returns it.  Each of the callbacks will be invoked

api/client_test.go

@@ -369,8 +369,8 @@ func TestParsingRateOnly(t *testing.T) {
 }
 
 func TestParsingErrorCase(t *testing.T) {
-	var incorrectFormat = "foobar"
+	incorrectFormat := "foobar"
-	var _, _, err = parseRateLimit(incorrectFormat)
+	_, _, err := parseRateLimit(incorrectFormat)
 	if err == nil {
 		t.Error("Expected error, found no error")
 	}

api/lifetime_watcher.go

@@ -380,5 +380,7 @@ func (r *LifetimeWatcher) calculateGrace(leaseDuration time.Duration) {
 	r.grace = time.Duration(jitterMax) + time.Duration(uint64(r.random.Int63())%uint64(jitterMax))
 }
 
-type Renewer = LifetimeWatcher
+type (
-type RenewerInput = LifetimeWatcherInput
+	Renewer      = LifetimeWatcher
+	RenewerInput = LifetimeWatcherInput
+)

api/output_string.go

@@ -11,9 +11,7 @@ const (
 	ErrOutputStringRequest = "output a string, please"
 )
 
-var (
+var LastOutputStringError *OutputStringError
-	LastOutputStringError *OutputStringError
-)
 
 type OutputStringError struct {
 	*retryablehttp.Request

api/plugin_helpers.go

@@ -82,7 +82,7 @@ func VaultPluginTLSProvider(apiTLSConfig *TLSConfig) func() (*tls.Config, error)
 			return nil, errwrap.Wrapf("error parsing wrapping token: {{err}}", err)
 		}
 
-		var allClaims = make(map[string]interface{})
+		allClaims := make(map[string]interface{})
 		if err = parsedJWT.UnsafeClaimsWithoutVerification(&allClaims); err != nil {
 			return nil, errwrap.Wrapf("error parsing claims from wrapping token: {{err}}", err)
 		}

api/ssh_agent_test.go

@@ -33,7 +33,7 @@ func TestSSH_CreateTLSClient(t *testing.T) {
 
 func TestSSH_CreateTLSClient_tlsServerName(t *testing.T) {
 	// Ensure that the HTTP client is associated with the configured TLS server name.
-	var tlsServerName = "tls.server.name"
+	tlsServerName := "tls.server.name"
 
 	config, err := ParseSSHHelperConfig(fmt.Sprintf(`
 vault_addr = "1.2.3.4"
@@ -93,13 +93,12 @@ nope = "bad"
 }
 
 func TestParseSSHHelperConfig_tlsServerName(t *testing.T) {
-	var tlsServerName = "tls.server.name"
+	tlsServerName := "tls.server.name"
 
 	config, err := ParseSSHHelperConfig(fmt.Sprintf(`
 vault_addr = "1.2.3.4"
 tls_server_name = "%s"
 `, tlsServerName))
-
 	if err != nil {
 		t.Fatal(err)
 	}

api/sys_audit.go

@@ -52,7 +52,6 @@ func (c *Sys) ListAudit() (map[string]*Audit, error) {
 	ctx, cancelFunc := context.WithCancel(context.Background())
 	defer cancelFunc()
 	resp, err := c.c.RawRequestWithContext(ctx, r)
-
 	if err != nil {
 		return nil, err
 	}
@@ -94,7 +93,6 @@ func (c *Sys) EnableAuditWithOptions(path string, options *EnableAuditOptions) e
 	ctx, cancelFunc := context.WithCancel(context.Background())
 	defer cancelFunc()
 	resp, err := c.c.RawRequestWithContext(ctx, r)
-
 	if err != nil {
 		return err
 	}

api/sys_auth.go

@@ -74,7 +74,9 @@ func (c *Sys) DisableAuth(path string) error {
 }
 
 // Rather than duplicate, we can use modern Go's type aliasing
-type EnableAuthOptions = MountInput
+type (
-type AuthConfigInput = MountConfigInput
+	EnableAuthOptions = MountInput
-type AuthMount = MountOutput
+	AuthConfigInput   = MountConfigInput
-type AuthConfigOutput = MountConfigOutput
+	AuthMount         = MountOutput
+	AuthConfigOutput  = MountConfigOutput
+)

api/sys_plugins.go

@@ -109,7 +109,6 @@ func (c *Sys) ListPlugins(i *ListPluginsInput) (*ListPluginsResponse, error) {
 			for i, nameIfc := range pluginsIfc {
 				name, ok := nameIfc.(string)
 				if !ok {
-
 				}
 				plugins[i] = name
 			}
@@ -323,7 +322,6 @@ func (c *Sys) ReloadPluginStatus(reloadStatusInput *ReloadPluginStatusInput) (*R
 		return &r, nil
 	}
 	return nil, nil
-
 }
 
 // catalogPathByType is a helper to construct the proper API path by plugin type

audit/format_json_test.go

@@ -4,14 +4,12 @@ import (
 	"bytes"
 	"context"
 	"encoding/json"
+	"errors"
+	"fmt"
 	"strings"
 	"testing"
 	"time"
 
-	"errors"
-
-	"fmt"
-
 	"github.com/hashicorp/vault/helper/namespace"
 	"github.com/hashicorp/vault/sdk/helper/jsonutil"
 	"github.com/hashicorp/vault/sdk/helper/salt"
@@ -61,7 +59,7 @@ func TestFormatJSON_formatRequest(t *testing.T) {
 					TTL: 60 * time.Second,
 				},
 				Headers: map[string][]string{
-					"foo": []string{"bar"},
+					"foo": {"bar"},
 				},
 			},
 			errors.New("this is an error"),
@@ -92,7 +90,7 @@ func TestFormatJSON_formatRequest(t *testing.T) {
 					TTL: 60 * time.Second,
 				},
 				Headers: map[string][]string{
-					"foo": []string{"bar"},
+					"foo": {"bar"},
 				},
 			},
 			errors.New("this is an error"),
@@ -125,14 +123,14 @@ func TestFormatJSON_formatRequest(t *testing.T) {
 			t.Fatalf("no prefix: %s \n log: %s\nprefix: %s", name, expectedResultStr, tc.Prefix)
 		}
 
-		var expectedjson = new(AuditRequestEntry)
+		expectedjson := new(AuditRequestEntry)
 
 		if err := jsonutil.DecodeJSON([]byte(expectedResultStr), &expectedjson); err != nil {
 			t.Fatalf("bad json: %s", err)
 		}
 		expectedjson.Request.Namespace = &AuditNamespace{ID: "root"}
 
-		var actualjson = new(AuditRequestEntry)
+		actualjson := new(AuditRequestEntry)
 		if err := jsonutil.DecodeJSON([]byte(buf.String())[len(tc.Prefix):], &actualjson); err != nil {
 			t.Fatalf("bad json: %s", err)
 		}

audit/format_jsonx_test.go

@@ -3,14 +3,12 @@ package audit
 import (
 	"bytes"
 	"context"
+	"errors"
+	"fmt"
 	"strings"
 	"testing"
 	"time"
 
-	"errors"
-
-	"fmt"
-
 	"github.com/hashicorp/vault/helper/namespace"
 	"github.com/hashicorp/vault/sdk/helper/salt"
 	"github.com/hashicorp/vault/sdk/logical"
@@ -63,7 +61,7 @@ func TestFormatJSONx_formatRequest(t *testing.T) {
 					TTL: 60 * time.Second,
 				},
 				Headers: map[string][]string{
-					"foo": []string{"bar"},
+					"foo": {"bar"},
 				},
 				PolicyOverride: true,
 			},
@@ -100,7 +98,7 @@ func TestFormatJSONx_formatRequest(t *testing.T) {
 					TTL: 60 * time.Second,
 				},
 				Headers: map[string][]string{
-					"foo": []string{"bar"},
+					"foo": {"bar"},
 				},
 				PolicyOverride: true,
 			},

builtin/audit/file/backend.go

@@ -73,7 +73,7 @@ func Factory(ctx context.Context, conf *audit.BackendConfig) (audit.Backend, err
 	}
 
 	// Check if mode is provided
-	mode := os.FileMode(0600)
+	mode := os.FileMode(0o600)
 	if modeRaw, ok := conf.Config["mode"]; ok {
 		m, err := strconv.ParseUint(modeRaw, 8, 32)
 		if err != nil {

builtin/audit/file/backend_test.go

@@ -61,7 +61,7 @@ func TestAuditFile_fileModeExisting(t *testing.T) {
 	}
 	defer os.Remove(f.Name())
 
-	err = os.Chmod(f.Name(), 0777)
+	err = os.Chmod(f.Name(), 0o777)
 	if err != nil {
 		t.Fatalf("Failure to chmod temp file for testing.")
 	}
@@ -88,7 +88,7 @@ func TestAuditFile_fileModeExisting(t *testing.T) {
 	if err != nil {
 		t.Fatalf("cannot retrieve file mode from `Stat`")
 	}
-	if info.Mode() != os.FileMode(0600) {
+	if info.Mode() != os.FileMode(0o600) {
 		t.Fatalf("File mode does not match.")
 	}
 }
@@ -126,7 +126,7 @@ func BenchmarkAuditFile_request(b *testing.B) {
 				TTL: 60 * time.Second,
 			},
 			Headers: map[string][]string{
-				"foo": []string{"bar"},
+				"foo": {"bar"},
 			},
 		},
 	}

builtin/credential/app-id/backend.go

@@ -26,12 +26,12 @@ func Backend(conf *logical.BackendConfig) (*backend, error) {
 		PathMap: framework.PathMap{
 			Name: "app-id",
 			Schema: map[string]*framework.FieldSchema{
-				"display_name": &framework.FieldSchema{
+				"display_name": {
 					Type:        framework.TypeString,
 					Description: "A name to map to this app ID for logs.",
 				},
 
-				"value": &framework.FieldSchema{
+				"value": {
 					Type:        framework.TypeString,
 					Description: "Policies for the app ID.",
 				},
@@ -43,12 +43,12 @@ func Backend(conf *logical.BackendConfig) (*backend, error) {
 	b.MapUserId = &framework.PathMap{
 		Name: "user-id",
 		Schema: map[string]*framework.FieldSchema{
-			"cidr_block": &framework.FieldSchema{
+			"cidr_block": {
 				Type:        framework.TypeString,
 				Description: "If not blank, restricts auth by this CIDR block",
 			},
 
-			"value": &framework.FieldSchema{
+			"value": {
 				Type:        framework.TypeString,
 				Description: "App IDs that this user associates with.",
 			},

builtin/credential/app-id/path_login.go

@@ -19,12 +19,12 @@ func pathLoginWithAppIDPath(b *backend) *framework.Path {
 	return &framework.Path{
 		Pattern: "login/(?P<app_id>.+)",
 		Fields: map[string]*framework.FieldSchema{
-			"app_id": &framework.FieldSchema{
+			"app_id": {
 				Type:        framework.TypeString,
 				Description: "The unique app ID",
 			},
 
-			"user_id": &framework.FieldSchema{
+			"user_id": {
 				Type:        framework.TypeString,
 				Description: "The unique user ID",
 			},
@@ -43,12 +43,12 @@ func pathLogin(b *backend) *framework.Path {
 	return &framework.Path{
 		Pattern: "login$",
 		Fields: map[string]*framework.FieldSchema{
-			"app_id": &framework.FieldSchema{
+			"app_id": {
 				Type:        framework.TypeString,
 				Description: "The unique app ID",
 			},
 
-			"user_id": &framework.FieldSchema{
+			"user_id": {
 				Type:        framework.TypeString,
 				Description: "The unique user ID",
 			},

builtin/credential/approle/path_login.go

@@ -17,11 +17,11 @@ func pathLogin(b *backend) *framework.Path {
 	return &framework.Path{
 		Pattern: "login$",
 		Fields: map[string]*framework.FieldSchema{
-			"role_id": &framework.FieldSchema{
+			"role_id": {
 				Type:        framework.TypeString,
 				Description: "Unique identifier of the Role. Required to be supplied when the 'bind_secret_id' constraint is set.",
 			},
-			"secret_id": &framework.FieldSchema{
+			"secret_id": {
 				Type:        framework.TypeString,
 				Default:     "",
 				Description: "SecretID belong to the App role",
@@ -54,7 +54,6 @@ func (b *backend) pathLoginUpdateAliasLookahead(ctx context.Context, req *logica
 // Returns the Auth object indicating the authentication and authorization information
 // if the credentials provided are validated by the backend.
 func (b *backend) pathLoginUpdate(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
-
 	// RoleID must be supplied during every login
 	roleID := strings.TrimSpace(data.Get("role_id").(string))
 	if roleID == "" {

builtin/credential/approle/path_role.go

@@ -110,58 +110,58 @@ func rolePaths(b *backend) []*framework.Path {
 	p := &framework.Path{
 		Pattern: "role/" + framework.GenericNameRegex("role_name"),
 		Fields: map[string]*framework.FieldSchema{
-			"role_name": &framework.FieldSchema{
+			"role_name": {
 				Type:        framework.TypeString,
 				Description: "Name of the role.",
 			},
-			"bind_secret_id": &framework.FieldSchema{
+			"bind_secret_id": {
 				Type:        framework.TypeBool,
 				Default:     true,
 				Description: "Impose secret_id to be presented when logging in using this role. Defaults to 'true'.",
 			},
 
-			"bound_cidr_list": &framework.FieldSchema{
+			"bound_cidr_list": {
 				Type:        framework.TypeCommaStringSlice,
 				Description: `Use "secret_id_bound_cidrs" instead.`,
 				Deprecated:  true,
 			},
 
-			"secret_id_bound_cidrs": &framework.FieldSchema{
+			"secret_id_bound_cidrs": {
 				Type: framework.TypeCommaStringSlice,
 				Description: `Comma separated string or list of CIDR blocks. If set, specifies the blocks of
 IP addresses which can perform the login operation.`,
 			},
 
-			"policies": &framework.FieldSchema{
+			"policies": {
 				Type:        framework.TypeCommaStringSlice,
 				Description: tokenutil.DeprecationText("token_policies"),
 				Deprecated:  true,
 			},
 
-			"secret_id_num_uses": &framework.FieldSchema{
+			"secret_id_num_uses": {
 				Type: framework.TypeInt,
 				Description: `Number of times a SecretID can access the role, after which the SecretID
 will expire. Defaults to 0 meaning that the the secret_id is of unlimited use.`,
 			},
 
-			"secret_id_ttl": &framework.FieldSchema{
+			"secret_id_ttl": {
 				Type: framework.TypeDurationSecond,
 				Description: `Duration in seconds after which the issued SecretID should expire. Defaults
 to 0, meaning no expiration.`,
 			},
 
-			"period": &framework.FieldSchema{
+			"period": {
 				Type:        framework.TypeDurationSecond,
 				Description: tokenutil.DeprecationText("token_period"),
 				Deprecated:  true,
 			},
 
-			"role_id": &framework.FieldSchema{
+			"role_id": {
 				Type:        framework.TypeString,
 				Description: "Identifier of the role. Defaults to a UUID.",
 			},
 
-			"local_secret_ids": &framework.FieldSchema{
+			"local_secret_ids": {
 				Type: framework.TypeBool,
 				Description: `If set, the secret IDs generated using this role will be cluster local. This
 can only be set during role creation and once set, it can't be reset later.`,
@@ -182,7 +182,7 @@ can only be set during role creation and once set, it can't be reset later.`,
 
 	return []*framework.Path{
 		p,
-		&framework.Path{
+		{
 			Pattern: "role/?",
 			Callbacks: map[logical.Operation]framework.OperationFunc{
 				logical.ListOperation: b.pathRoleList,
@@ -190,10 +190,10 @@ can only be set during role creation and once set, it can't be reset later.`,
 			HelpSynopsis:    strings.TrimSpace(roleHelp["role-list"][0]),
 			HelpDescription: strings.TrimSpace(roleHelp["role-list"][1]),
 		},
-		&framework.Path{
+		{
 			Pattern: "role/" + framework.GenericNameRegex("role_name") + "/local-secret-ids$",
 			Fields: map[string]*framework.FieldSchema{
-				"role_name": &framework.FieldSchema{
+				"role_name": {
 					Type:        framework.TypeString,
 					Description: "Name of the role.",
 				},
@@ -204,19 +204,19 @@ can only be set during role creation and once set, it can't be reset later.`,
 			HelpSynopsis:    strings.TrimSpace(roleHelp["role-local-secret-ids"][0]),
 			HelpDescription: strings.TrimSpace(roleHelp["role-local-secret-ids"][1]),
 		},
-		&framework.Path{
+		{
 			Pattern: "role/" + framework.GenericNameRegex("role_name") + "/policies$",
 			Fields: map[string]*framework.FieldSchema{
-				"role_name": &framework.FieldSchema{
+				"role_name": {
 					Type:        framework.TypeString,
 					Description: "Name of the role.",
 				},
-				"policies": &framework.FieldSchema{
+				"policies": {
 					Type:        framework.TypeCommaStringSlice,
 					Description: tokenutil.DeprecationText("token_policies"),
 					Deprecated:  true,
 				},
-				"token_policies": &framework.FieldSchema{
+				"token_policies": {
 					Type:        framework.TypeCommaStringSlice,
 					Description: defTokenFields["token_policies"].Description,
 				},
@@ -229,14 +229,14 @@ can only be set during role creation and once set, it can't be reset later.`,
 			HelpSynopsis:    strings.TrimSpace(roleHelp["role-policies"][0]),
 			HelpDescription: strings.TrimSpace(roleHelp["role-policies"][1]),
 		},
-		&framework.Path{
+		{
 			Pattern: "role/" + framework.GenericNameRegex("role_name") + "/bound-cidr-list$",
 			Fields: map[string]*framework.FieldSchema{
-				"role_name": &framework.FieldSchema{
+				"role_name": {
 					Type:        framework.TypeString,
 					Description: "Name of the role.",
 				},
-				"bound_cidr_list": &framework.FieldSchema{
+				"bound_cidr_list": {
 					Type: framework.TypeCommaStringSlice,
 					Description: `Deprecated: Please use "secret_id_bound_cidrs" instead. Comma separated string or list 
 of CIDR blocks. If set, specifies the blocks of IP addresses which can perform the login operation.`,
@@ -250,14 +250,14 @@ of CIDR blocks. If set, specifies the blocks of IP addresses which can perform t
 			HelpSynopsis:    strings.TrimSpace(roleHelp["role-bound-cidr-list"][0]),
 			HelpDescription: strings.TrimSpace(roleHelp["role-bound-cidr-list"][1]),
 		},
-		&framework.Path{
+		{
 			Pattern: "role/" + framework.GenericNameRegex("role_name") + "/secret-id-bound-cidrs$",
 			Fields: map[string]*framework.FieldSchema{
-				"role_name": &framework.FieldSchema{
+				"role_name": {
 					Type:        framework.TypeString,
 					Description: "Name of the role.",
 				},
-				"secret_id_bound_cidrs": &framework.FieldSchema{
+				"secret_id_bound_cidrs": {
 					Type: framework.TypeCommaStringSlice,
 					Description: `Comma separated string or list of CIDR blocks. If set, specifies the blocks of
 IP addresses which can perform the login operation.`,
@@ -271,14 +271,14 @@ IP addresses which can perform the login operation.`,
 			HelpSynopsis:    strings.TrimSpace(roleHelp["secret-id-bound-cidrs"][0]),
 			HelpDescription: strings.TrimSpace(roleHelp["secret-id-bound-cidrs"][1]),
 		},
-		&framework.Path{
+		{
 			Pattern: "role/" + framework.GenericNameRegex("role_name") + "/token-bound-cidrs$",
 			Fields: map[string]*framework.FieldSchema{
-				"role_name": &framework.FieldSchema{
+				"role_name": {
 					Type:        framework.TypeString,
 					Description: "Name of the role.",
 				},
-				"token_bound_cidrs": &framework.FieldSchema{
+				"token_bound_cidrs": {
 					Type:        framework.TypeCommaStringSlice,
 					Description: defTokenFields["token_bound_cidrs"].Description,
 				},
@@ -291,14 +291,14 @@ IP addresses which can perform the login operation.`,
 			HelpSynopsis:    strings.TrimSpace(roleHelp["token-bound-cidrs"][0]),
 			HelpDescription: strings.TrimSpace(roleHelp["token-bound-cidrs"][1]),
 		},
-		&framework.Path{
+		{
 			Pattern: "role/" + framework.GenericNameRegex("role_name") + "/bind-secret-id$",
 			Fields: map[string]*framework.FieldSchema{
-				"role_name": &framework.FieldSchema{
+				"role_name": {
 					Type:        framework.TypeString,
 					Description: "Name of the role.",
 				},
-				"bind_secret_id": &framework.FieldSchema{
+				"bind_secret_id": {
 					Type:        framework.TypeBool,
 					Default:     true,
 					Description: "Impose secret_id to be presented when logging in using this role.",
@@ -312,14 +312,14 @@ IP addresses which can perform the login operation.`,
 			HelpSynopsis:    strings.TrimSpace(roleHelp["role-bind-secret-id"][0]),
 			HelpDescription: strings.TrimSpace(roleHelp["role-bind-secret-id"][1]),
 		},
-		&framework.Path{
+		{
 			Pattern: "role/" + framework.GenericNameRegex("role_name") + "/secret-id-num-uses$",
 			Fields: map[string]*framework.FieldSchema{
-				"role_name": &framework.FieldSchema{
+				"role_name": {
 					Type:        framework.TypeString,
 					Description: "Name of the role.",
 				},
-				"secret_id_num_uses": &framework.FieldSchema{
+				"secret_id_num_uses": {
 					Type:        framework.TypeInt,
 					Description: "Number of times a SecretID can access the role, after which the SecretID will expire.",
 				},
@@ -332,14 +332,14 @@ IP addresses which can perform the login operation.`,
 			HelpSynopsis:    strings.TrimSpace(roleHelp["role-secret-id-num-uses"][0]),
 			HelpDescription: strings.TrimSpace(roleHelp["role-secret-id-num-uses"][1]),
 		},
-		&framework.Path{
+		{
 			Pattern: "role/" + framework.GenericNameRegex("role_name") + "/secret-id-ttl$",
 			Fields: map[string]*framework.FieldSchema{
-				"role_name": &framework.FieldSchema{
+				"role_name": {
 					Type:        framework.TypeString,
 					Description: "Name of the role.",
 				},
-				"secret_id_ttl": &framework.FieldSchema{
+				"secret_id_ttl": {
 					Type: framework.TypeDurationSecond,
 					Description: `Duration in seconds after which the issued SecretID should expire. Defaults
 to 0, meaning no expiration.`,
@@ -353,19 +353,19 @@ to 0, meaning no expiration.`,
 			HelpSynopsis:    strings.TrimSpace(roleHelp["role-secret-id-ttl"][0]),
 			HelpDescription: strings.TrimSpace(roleHelp["role-secret-id-ttl"][1]),
 		},
-		&framework.Path{
+		{
 			Pattern: "role/" + framework.GenericNameRegex("role_name") + "/period$",
 			Fields: map[string]*framework.FieldSchema{
-				"role_name": &framework.FieldSchema{
+				"role_name": {
 					Type:        framework.TypeString,
 					Description: "Name of the role.",
 				},
-				"period": &framework.FieldSchema{
+				"period": {
 					Type:        framework.TypeDurationSecond,
 					Description: tokenutil.DeprecationText("token_period"),
 					Deprecated:  true,
 				},
-				"token_period": &framework.FieldSchema{
+				"token_period": {
 					Type:        framework.TypeDurationSecond,
 					Description: defTokenFields["token_period"].Description,
 				},
@@ -378,14 +378,14 @@ to 0, meaning no expiration.`,
 			HelpSynopsis:    strings.TrimSpace(roleHelp["role-period"][0]),
 			HelpDescription: strings.TrimSpace(roleHelp["role-period"][1]),
 		},
-		&framework.Path{
+		{
 			Pattern: "role/" + framework.GenericNameRegex("role_name") + "/token-num-uses$",
 			Fields: map[string]*framework.FieldSchema{
-				"role_name": &framework.FieldSchema{
+				"role_name": {
 					Type:        framework.TypeString,
 					Description: "Name of the role.",
 				},
-				"token_num_uses": &framework.FieldSchema{
+				"token_num_uses": {
 					Type:        framework.TypeInt,
 					Description: defTokenFields["token_num_uses"].Description,
 				},
@@ -398,14 +398,14 @@ to 0, meaning no expiration.`,
 			HelpSynopsis:    strings.TrimSpace(roleHelp["role-token-num-uses"][0]),
 			HelpDescription: strings.TrimSpace(roleHelp["role-token-num-uses"][1]),
 		},
-		&framework.Path{
+		{
 			Pattern: "role/" + framework.GenericNameRegex("role_name") + "/token-ttl$",
 			Fields: map[string]*framework.FieldSchema{
-				"role_name": &framework.FieldSchema{
+				"role_name": {
 					Type:        framework.TypeString,
 					Description: "Name of the role.",
 				},
-				"token_ttl": &framework.FieldSchema{
+				"token_ttl": {
 					Type:        framework.TypeDurationSecond,
 					Description: defTokenFields["token_ttl"].Description,
 				},
@@ -418,14 +418,14 @@ to 0, meaning no expiration.`,
 			HelpSynopsis:    strings.TrimSpace(roleHelp["role-token-ttl"][0]),
 			HelpDescription: strings.TrimSpace(roleHelp["role-token-ttl"][1]),
 		},
-		&framework.Path{
+		{
 			Pattern: "role/" + framework.GenericNameRegex("role_name") + "/token-max-ttl$",
 			Fields: map[string]*framework.FieldSchema{
-				"role_name": &framework.FieldSchema{
+				"role_name": {
 					Type:        framework.TypeString,
 					Description: "Name of the role.",
 				},
-				"token_max_ttl": &framework.FieldSchema{
+				"token_max_ttl": {
 					Type:        framework.TypeDurationSecond,
 					Description: defTokenFields["token_max_ttl"].Description,
 				},
@@ -438,14 +438,14 @@ to 0, meaning no expiration.`,
 			HelpSynopsis:    strings.TrimSpace(roleHelp["role-token-max-ttl"][0]),
 			HelpDescription: strings.TrimSpace(roleHelp["role-token-max-ttl"][1]),
 		},
-		&framework.Path{
+		{
 			Pattern: "role/" + framework.GenericNameRegex("role_name") + "/role-id$",
 			Fields: map[string]*framework.FieldSchema{
-				"role_name": &framework.FieldSchema{
+				"role_name": {
 					Type:        framework.TypeString,
 					Description: "Name of the role.",
 				},
-				"role_id": &framework.FieldSchema{
+				"role_id": {
 					Type:        framework.TypeString,
 					Description: "Identifier of the role. Defaults to a UUID.",
 				},
@@ -457,26 +457,26 @@ to 0, meaning no expiration.`,
 			HelpSynopsis:    strings.TrimSpace(roleHelp["role-id"][0]),
 			HelpDescription: strings.TrimSpace(roleHelp["role-id"][1]),
 		},
-		&framework.Path{
+		{
 			Pattern: "role/" + framework.GenericNameRegex("role_name") + "/secret-id/?$",
 			Fields: map[string]*framework.FieldSchema{
-				"role_name": &framework.FieldSchema{
+				"role_name": {
 					Type:        framework.TypeString,
 					Description: "Name of the role.",
 				},
-				"metadata": &framework.FieldSchema{
+				"metadata": {
 					Type: framework.TypeString,
 					Description: `Metadata to be tied to the SecretID. This should be a JSON
 formatted string containing the metadata in key value pairs.`,
 				},
-				"cidr_list": &framework.FieldSchema{
+				"cidr_list": {
 					Type: framework.TypeCommaStringSlice,
 					Description: `Comma separated string or list of CIDR blocks enforcing secret IDs to be used from
 specific set of IP addresses. If 'bound_cidr_list' is set on the role, then the
 list of CIDR blocks listed here should be a subset of the CIDR blocks listed on
 the role.`,
 				},
-				"token_bound_cidrs": &framework.FieldSchema{
+				"token_bound_cidrs": {
 					Type:        framework.TypeCommaStringSlice,
 					Description: defTokenFields["token_bound_cidrs"].Description,
 				},
@@ -488,14 +488,14 @@ the role.`,
 			HelpSynopsis:    strings.TrimSpace(roleHelp["role-secret-id"][0]),
 			HelpDescription: strings.TrimSpace(roleHelp["role-secret-id"][1]),
 		},
-		&framework.Path{
+		{
 			Pattern: "role/" + framework.GenericNameRegex("role_name") + "/secret-id/lookup/?$",
 			Fields: map[string]*framework.FieldSchema{
-				"role_name": &framework.FieldSchema{
+				"role_name": {
 					Type:        framework.TypeString,
 					Description: "Name of the role.",
 				},
-				"secret_id": &framework.FieldSchema{
+				"secret_id": {
 					Type:        framework.TypeString,
 					Description: "SecretID attached to the role.",
 				},
@@ -506,14 +506,14 @@ the role.`,
 			HelpSynopsis:    strings.TrimSpace(roleHelp["role-secret-id-lookup"][0]),
 			HelpDescription: strings.TrimSpace(roleHelp["role-secret-id-lookup"][1]),
 		},
-		&framework.Path{
+		{
 			Pattern: "role/" + framework.GenericNameRegex("role_name") + "/secret-id/destroy/?$",
 			Fields: map[string]*framework.FieldSchema{
-				"role_name": &framework.FieldSchema{
+				"role_name": {
 					Type:        framework.TypeString,
 					Description: "Name of the role.",
 				},
-				"secret_id": &framework.FieldSchema{
+				"secret_id": {
 					Type:        framework.TypeString,
 					Description: "SecretID attached to the role.",
 				},
@@ -525,14 +525,14 @@ the role.`,
 			HelpSynopsis:    strings.TrimSpace(roleHelp["role-secret-id-destroy"][0]),
 			HelpDescription: strings.TrimSpace(roleHelp["role-secret-id-destroy"][1]),
 		},
-		&framework.Path{
+		{
 			Pattern: "role/" + framework.GenericNameRegex("role_name") + "/secret-id-accessor/lookup/?$",
 			Fields: map[string]*framework.FieldSchema{
-				"role_name": &framework.FieldSchema{
+				"role_name": {
 					Type:        framework.TypeString,
 					Description: "Name of the role.",
 				},
-				"secret_id_accessor": &framework.FieldSchema{
+				"secret_id_accessor": {
 					Type:        framework.TypeString,
 					Description: "Accessor of the SecretID",
 				},
@@ -543,14 +543,14 @@ the role.`,
 			HelpSynopsis:    strings.TrimSpace(roleHelp["role-secret-id-accessor"][0]),
 			HelpDescription: strings.TrimSpace(roleHelp["role-secret-id-accessor"][1]),
 		},
-		&framework.Path{
+		{
 			Pattern: "role/" + framework.GenericNameRegex("role_name") + "/secret-id-accessor/destroy/?$",
 			Fields: map[string]*framework.FieldSchema{
-				"role_name": &framework.FieldSchema{
+				"role_name": {
 					Type:        framework.TypeString,
 					Description: "Name of the role.",
 				},
-				"secret_id_accessor": &framework.FieldSchema{
+				"secret_id_accessor": {
 					Type:        framework.TypeString,
 					Description: "Accessor of the SecretID",
 				},
@@ -562,30 +562,30 @@ the role.`,
 			HelpSynopsis:    strings.TrimSpace(roleHelp["role-secret-id-accessor"][0]),
 			HelpDescription: strings.TrimSpace(roleHelp["role-secret-id-accessor"][1]),
 		},
-		&framework.Path{
+		{
 			Pattern: "role/" + framework.GenericNameRegex("role_name") + "/custom-secret-id$",
 			Fields: map[string]*framework.FieldSchema{
-				"role_name": &framework.FieldSchema{
+				"role_name": {
 					Type:        framework.TypeString,
 					Description: "Name of the role.",
 				},
-				"secret_id": &framework.FieldSchema{
+				"secret_id": {
 					Type:        framework.TypeString,
 					Description: "SecretID to be attached to the role.",
 				},
-				"metadata": &framework.FieldSchema{
+				"metadata": {
 					Type: framework.TypeString,
 					Description: `Metadata to be tied to the SecretID. This should be a JSON
 formatted string containing metadata in key value pairs.`,
 				},
-				"cidr_list": &framework.FieldSchema{
+				"cidr_list": {
 					Type: framework.TypeCommaStringSlice,
 					Description: `Comma separated string or list of CIDR blocks enforcing secret IDs to be used from
 specific set of IP addresses. If 'bound_cidr_list' is set on the role, then the
 list of CIDR blocks listed here should be a subset of the CIDR blocks listed on
 the role.`,
 				},
-				"token_bound_cidrs": &framework.FieldSchema{
+				"token_bound_cidrs": {
 					Type: framework.TypeCommaStringSlice,
 					Description: `Comma separated string or list of CIDR blocks. If set, specifies the blocks of
 IP addresses which can use the returned token. Should be a subset of the token CIDR blocks listed on the role, if any.`,
@@ -2513,11 +2513,13 @@ that are generated against the role using 'role/<role_name>/secret-id' or
 	"role-secret-id-lookup": {
 		"Read the properties of an issued secret_id",
 		`This endpoint is used to read the properties of a secret_id associated to a
-role.`},
+role.`,
+	},
 	"role-secret-id-destroy": {
 		"Invalidate an issued secret_id",
 		`This endpoint is used to delete the properties of a secret_id associated to a
-role.`},
+role.`,
+	},
 	"role-secret-id-accessor-lookup": {
 		"Read an issued secret_id, using its accessor",
 		`This is particularly useful to lookup the non-expiring 'secret_id's.

builtin/credential/approle/path_role_test.go

@@ -1890,7 +1890,6 @@ func TestAppRole_TokenutilUpgrade(t *testing.T) {
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-
 			// Construct the storage entry object based on our test case.
 			tokenTypeKV := ""
 			if !tt.storageValMissing {

builtin/credential/approle/path_tidy_user_id.go

@@ -45,7 +45,6 @@ func (b *backend) tidySecretID(ctx context.Context, req *logical.Request) (*logi
 	resp := &logical.Response{}
 	resp.AddWarning("Tidy operation successfully started. Any information from the operation will be printed to Vault's server logs.")
 	return logical.RespondWithStatusCode(resp, req, http.StatusAccepted)
-
 }
 
 type tidyHelperSecretIDAccessor struct {
@@ -197,7 +196,7 @@ func (b *backend) tidySecretIDinternal(s logical.Storage) {
 			// roles without having a lock while doing so.  Because
 			// accHashesByLockID was populated previously, at worst this may
 			// mean that we fail to clean up something we ought to.
-			var allSecretIDHMACs = make(map[string]struct{})
+			allSecretIDHMACs := make(map[string]struct{})
 			for _, roleNameHMAC := range roleNameHMACs {
 				secretIDHMACs, err := s.List(ctx, secretIDPrefixToUse+roleNameHMAC)
 				if err != nil {
@@ -265,7 +264,9 @@ func (b *backend) pathTidySecretIDUpdate(ctx context.Context, req *logical.Reque
 	return b.tidySecretID(ctx, req)
 }
 
-const pathTidySecretIDSyn = "Trigger the clean-up of expired SecretID entries."
+const (
-const pathTidySecretIDDesc = `SecretIDs will have expiration time attached to them. The periodic function
+	pathTidySecretIDSyn  = "Trigger the clean-up of expired SecretID entries."
+	pathTidySecretIDDesc = `SecretIDs will have expiration time attached to them. The periodic function
 of the backend will look for expired entries and delete them. This happens once in a minute. Invoking
 this endpoint will trigger the clean-up action, without waiting for the backend's periodic function.`
+)

builtin/credential/aws/backend.go

@@ -26,7 +26,8 @@ var defaultAllowedSTSRequestHeaders = []string{
 	"X-Amz-Date",
 	"X-Amz-Security-Token",
 	"X-Amz-Signature",
-	"X-Amz-SignedHeaders"}
+	"X-Amz-SignedHeaders",
+}
 
 func Factory(ctx context.Context, conf *logical.BackendConfig) (logical.Backend, error) {
 	b, err := Backend(conf)

builtin/credential/aws/backend_e2e_test.go

@@ -14,7 +14,6 @@ import (
 )
 
 func TestBackend_E2E_Initialize(t *testing.T) {
-
 	ctx := context.Background()
 
 	// Set up the cluster.  This will trigger an Initialize(); we sleep briefly
@@ -62,7 +61,8 @@ func TestBackend_E2E_Initialize(t *testing.T) {
 	data := map[string]interface{}{
 		"auth_type":       "ec2",
 		"policies":        "default",
-		"bound_subnet_id": "subnet-abcdef"}
+		"bound_subnet_id": "subnet-abcdef",
+	}
 	if _, err := core.Client.Logical().Write("auth/aws/role/test-role", data); err != nil {
 		t.Fatal(err)
 	}
@@ -100,7 +100,6 @@ func TestBackend_E2E_Initialize(t *testing.T) {
 }
 
 func setupAwsTestCluster(t *testing.T, _ context.Context) *vault.TestCluster {
-
 	// create a cluster with the aws auth backend built-in
 	logger := logging.NewVaultLogger(hclog.Trace)
 	coreConfig := &vault.CoreConfig{

builtin/credential/aws/backend_test.go

@@ -20,9 +20,11 @@ import (
 	"github.com/hashicorp/vault/sdk/logical"
 )
 
-const testVaultHeaderValue = "VaultAcceptanceTesting"
+const (
-const testValidRoleName = "valid-role"
+	testVaultHeaderValue = "VaultAcceptanceTesting"
-const testInvalidRoleName = "invalid-role"
+	testValidRoleName    = "valid-role"
+	testInvalidRoleName  = "invalid-role"
+)
 
 func TestBackend_CreateParseVerifyRoleTag(t *testing.T) {
 	// create a backend
@@ -479,7 +481,8 @@ func TestBackend_ConfigClient(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	data := map[string]interface{}{"access_key": "AKIAJBRHKV6EVTTNXDHA",
+	data := map[string]interface{}{
+		"access_key": "AKIAJBRHKV6EVTTNXDHA",
 		"secret_key": "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",
 	}
 
@@ -495,7 +498,8 @@ func TestBackend_ConfigClient(t *testing.T) {
 		Data:      data,
 	}
 
-	data3 := map[string]interface{}{"access_key": "",
+	data3 := map[string]interface{}{
+		"access_key": "",
 		"secret_key": "mCtSM8ZUEQ3mOFVZYPBQkf2sO6F/W7a5TVzrl3Oj",
 	}
 	stepInvalidAccessKey := logicaltest.TestStep{
@@ -505,7 +509,8 @@ func TestBackend_ConfigClient(t *testing.T) {
 		ErrorOk:   true,
 	}
 
-	data4 := map[string]interface{}{"access_key": "accesskey",
+	data4 := map[string]interface{}{
+		"access_key": "accesskey",
 		"secret_key": "",
 	}
 	stepInvalidSecretKey := logicaltest.TestStep{
@@ -554,7 +559,7 @@ func TestBackend_ConfigClient(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	//test existence check returning true
+	// test existence check returning true
 	checkFound, exists, err = b.HandleExistenceCheck(context.Background(), &logical.Request{
 		Operation: logical.CreateOperation,
 		Path:      "config/client",
@@ -907,7 +912,6 @@ func TestBackend_PathRoleTag(t *testing.T) {
 }
 
 func TestBackend_PathBlacklistRoleTag(t *testing.T) {
-
 	for _, path := range []string{"roletag-blacklist/", "roletag-denylist/"} {
 		// create the backend
 		storage := &logical.InmemStorage{}
@@ -1483,7 +1487,8 @@ func TestBackendAcc_LoginWithCallerIdentity(t *testing.T) {
 	// potentially pick up credentials from the ~/.config files), but probably
 	// good enough rather than having to muck around in the low-level details
 	for _, envvar := range []string{
-		"AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SECURITY_TOKEN", "AWS_SESSION_TOKEN"} {
+		"AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SECURITY_TOKEN", "AWS_SESSION_TOKEN",
+	} {
 		// Skip test if any of the required env vars are missing
 		testEnvVar := os.Getenv("TEST_" + envvar)
 		if testEnvVar == "" {

builtin/credential/aws/cli.go

@@ -128,7 +128,6 @@ func (h *CLIHandler) Auth(c *api.Client, m map[string]string) (*api.Secret, erro
 	loginData["role"] = role
 	path := fmt.Sprintf("auth/%s/login", mount)
 	secret, err := c.Logical().Write(path, loginData)
-
 	if err != nil {
 		return nil, err
 	}

builtin/credential/aws/client.go

@@ -83,7 +83,6 @@ func (b *backend) getRawClientConfig(ctx context.Context, s logical.Storage, reg
 // stsRole is a non-empty string, it will use AssumeRole to obtain a set of assumed
 // credentials. The credentials will expire after 15 minutes but will auto-refresh.
 func (b *backend) getClientConfig(ctx context.Context, s logical.Storage, region, stsRole, accountID, clientType string) (*aws.Config, error) {
-
 	config, err := b.getRawClientConfig(ctx, s, region, clientType)
 	if err != nil {
 		return nil, err
@@ -144,7 +143,7 @@ func (b *backend) getClientConfig(ctx context.Context, s logical.Storage, region
 // acquired for write operation before calling this method.
 func (b *backend) flushCachedEC2Clients() {
 	// deleting items in map during iteration is safe
-	for region, _ := range b.EC2ClientsMap {
+	for region := range b.EC2ClientsMap {
 		delete(b.EC2ClientsMap, region)
 	}
 }
@@ -155,7 +154,7 @@ func (b *backend) flushCachedEC2Clients() {
 // lock should be acquired for write operation before calling this method.
 func (b *backend) flushCachedIAMClients() {
 	// deleting items in map during iteration is safe
-	for region, _ := range b.IAMClientsMap {
+	for region := range b.IAMClientsMap {
 		delete(b.IAMClientsMap, region)
 	}
 }

builtin/credential/aws/path_config_certificate.go

@@ -442,9 +442,11 @@ corresponding regions should be registered using this endpoint. PKCS#7 is verifi
 using a collection of certificates containing the default certificate and all the
 certificates that are registered using this endpoint.
 `
+
 const pathListCertificatesHelpSyn = `
 Lists all the AWS public certificates that are registered with the backend.
 `
+
 const pathListCertificatesHelpDesc = `
 Certificates will be listed by their respective names that were used during registration.
 `

builtin/credential/aws/path_config_identity.go

@@ -178,11 +178,13 @@ type identityConfig struct {
 	EC2AuthMetadataHandler *authmetadata.Handler `json:"ec2_auth_metadata_handler"`
 }
 
-const identityAliasIAMUniqueID = "unique_id"
+const (
-const identityAliasIAMFullArn = "full_arn"
+	identityAliasIAMUniqueID   = "unique_id"
-const identityAliasEC2InstanceID = "instance_id"
+	identityAliasIAMFullArn    = "full_arn"
-const identityAliasEC2ImageID = "image_id"
+	identityAliasEC2InstanceID = "instance_id"
-const identityAliasRoleID = "role_id"
+	identityAliasEC2ImageID    = "image_id"
+	identityAliasRoleID        = "role_id"
+)
 
 const pathConfigIdentityHelpSyn = `
 Configure the way the AWS auth method interacts with the identity store

builtin/credential/aws/path_config_sts.go

@@ -250,6 +250,7 @@ by assumption of these STS roles.
 The environment in which the Vault server resides must have access to assume the
 given STS roles.
 `
+
 const pathListStsHelpSyn = `
 List all the AWS account/STS role relationships registered with Vault.
 `

builtin/credential/aws/path_config_tidy_identity_accesslist.go

@@ -18,7 +18,7 @@ func (b *backend) pathConfigTidyIdentityAccessList() *framework.Path {
 		Fields: map[string]*framework.FieldSchema{
 			"safety_buffer": {
 				Type:    framework.TypeDurationSecond,
-				Default: 259200, //72h
+				Default: 259200, // 72h
 				Description: `The amount of extra time that must have passed beyond the identity's
 expiration, before it is removed from the backend storage.`,
 			},
@@ -152,6 +152,7 @@ type tidyWhitelistIdentityConfig struct {
 const pathConfigTidyIdentityAccessListHelpSyn = `
 Configures the periodic tidying operation of the access list identity entries.
 `
+
 const pathConfigTidyIdentityAccessListHelpDesc = `
 By default, the expired entries in the access list will be attempted to be removed
 periodically. This operation will look for expired items in the list and purges them.

builtin/credential/aws/path_config_tidy_roletag_denylist.go

@@ -17,7 +17,7 @@ func (b *backend) pathConfigTidyRoletagDenyList() *framework.Path {
 		Fields: map[string]*framework.FieldSchema{
 			"safety_buffer": {
 				Type:    framework.TypeDurationSecond,
-				Default: 15552000, //180d
+				Default: 15552000, // 180d
 				Description: `The amount of extra time that must have passed beyond the roletag
 expiration, before it is removed from the backend storage.
 Defaults to 4320h (180 days).`,
@@ -152,6 +152,7 @@ type tidyDenyListRoleTagConfig struct {
 const pathConfigTidyRoletagDenyListHelpSyn = `
 Configures the periodic tidying operation of the deny listed role tag entries.
 `
+
 const pathConfigTidyRoletagDenyListHelpDesc = `
 By default, the expired entries in the deny list will be attempted to be removed
 periodically. This operation will look for expired items in the list and purges them.

builtin/credential/aws/path_login.go

@@ -193,7 +193,6 @@ func (b *backend) validateInstance(ctx context.Context, s logical.Storage, insta
 	}
 	if len(status.Reservations) == 0 {
 		return nil, fmt.Errorf("no reservations found in instance description")
-
 	}
 	if len(status.Reservations[0].Instances) == 0 {
 		return nil, fmt.Errorf("no instance details found in reservations")
@@ -511,7 +510,6 @@ func (b *backend) verifyInstanceMeetsRoleRequirements(ctx context.Context,
 		// Extract out the instance profile name from the instance
 		// profile ARN
 		iamInstanceProfileEntity, err := parseIamArn(iamInstanceProfileARN)
-
 		if err != nil {
 			return nil, errwrap.Wrapf(fmt.Sprintf("failed to parse IAM instance profile ARN %q: {{err}}", iamInstanceProfileARN), err)
 		}

builtin/credential/aws/path_role.go

@@ -16,9 +16,7 @@ import (
 	"github.com/mitchellh/copystructure"
 )
 
-var (
+var currentRoleStorageVersion = 3
-	currentRoleStorageVersion = 3
-)
 
 func (b *backend) pathRole() *framework.Path {
 	p := &framework.Path{
@@ -333,7 +331,6 @@ func (b *backend) setRole(ctx context.Context, s logical.Storage, roleName strin
 
 // initialize is used to initialize the AWS roles
 func (b *backend) initialize(ctx context.Context, req *logical.InitializationRequest) error {
-
 	// on standbys and DR secondaries we do not want to run any kind of upgrade logic
 	if b.System().ReplicationState().HasState(consts.ReplicationPerformanceStandby | consts.ReplicationDRSecondary) {
 		return nil

builtin/credential/aws/path_role_test.go

@@ -528,7 +528,6 @@ func TestBackend_pathRoleMixedTypes(t *testing.T) {
 	if !resp.IsError() {
 		t.Fatalf("allowed changing resolve_aws_unique_ids from true to false")
 	}
-
 }
 
 func TestAwsEc2_RoleCrud(t *testing.T) {
@@ -815,7 +814,6 @@ func TestRoleEntryUpgradeV(t *testing.T) {
 }
 
 func TestRoleInitialize(t *testing.T) {
-
 	config := logical.TestBackendConfig()
 	storage := &logical.InmemStorage{}
 	config.StorageView = storage
@@ -970,7 +968,6 @@ func TestRoleInitialize(t *testing.T) {
 }
 
 func TestAwsVersion(t *testing.T) {
-
 	before := awsVersion{
 		Version: 42,
 	}

builtin/credential/cert/backend_test.go

@@ -5,31 +5,30 @@ import (
 	"crypto/ecdsa"
 	"crypto/elliptic"
 	"crypto/rand"
+	"crypto/rsa"
+	"crypto/tls"
+	"crypto/x509"
+	"crypto/x509/pkix"
 	"encoding/pem"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"math/big"
 	mathrand "math/rand"
+	"net"
 	"net/http"
 	"net/url"
+	"os"
 	"path/filepath"
+	"reflect"
+	"testing"
+	"time"
 
 	"github.com/go-test/deep"
 	"github.com/hashicorp/go-sockaddr"
 
 	"golang.org/x/net/http2"
 
-	"crypto/rsa"
-	"crypto/tls"
-	"crypto/x509"
-	"crypto/x509/pkix"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"math/big"
-	"net"
-	"os"
-	"reflect"
-	"testing"
-	"time"
-
 	cleanhttp "github.com/hashicorp/go-cleanhttp"
 	log "github.com/hashicorp/go-hclog"
 	"github.com/hashicorp/vault/api"
@@ -98,7 +97,7 @@ func generateTestCertAndConnState(t *testing.T, template *x509.Certificate) (str
 		Type:  "CERTIFICATE",
 		Bytes: caBytes,
 	}
-	err = ioutil.WriteFile(filepath.Join(tempDir, "ca_cert.pem"), pem.EncodeToMemory(caCertPEMBlock), 0755)
+	err = ioutil.WriteFile(filepath.Join(tempDir, "ca_cert.pem"), pem.EncodeToMemory(caCertPEMBlock), 0o755)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -110,7 +109,7 @@ func generateTestCertAndConnState(t *testing.T, template *x509.Certificate) (str
 		Type:  "EC PRIVATE KEY",
 		Bytes: marshaledCAKey,
 	}
-	err = ioutil.WriteFile(filepath.Join(tempDir, "ca_key.pem"), pem.EncodeToMemory(caKeyPEMBlock), 0755)
+	err = ioutil.WriteFile(filepath.Join(tempDir, "ca_key.pem"), pem.EncodeToMemory(caKeyPEMBlock), 0o755)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -127,7 +126,7 @@ func generateTestCertAndConnState(t *testing.T, template *x509.Certificate) (str
 		Type:  "CERTIFICATE",
 		Bytes: certBytes,
 	}
-	err = ioutil.WriteFile(filepath.Join(tempDir, "cert.pem"), pem.EncodeToMemory(certPEMBlock), 0755)
+	err = ioutil.WriteFile(filepath.Join(tempDir, "cert.pem"), pem.EncodeToMemory(certPEMBlock), 0o755)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -139,7 +138,7 @@ func generateTestCertAndConnState(t *testing.T, template *x509.Certificate) (str
 		Type:  "EC PRIVATE KEY",
 		Bytes: marshaledKey,
 	}
-	err = ioutil.WriteFile(filepath.Join(tempDir, "key.pem"), pem.EncodeToMemory(keyPEMBlock), 0755)
+	err = ioutil.WriteFile(filepath.Join(tempDir, "key.pem"), pem.EncodeToMemory(keyPEMBlock), 0o755)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -1580,7 +1579,7 @@ func testAccStepLoginWithNameInvalid(t *testing.T, connState tls.ConnectionState
 func testAccStepListCerts(
 	t *testing.T, certs []string) []logicaltest.TestStep {
 	return []logicaltest.TestStep{
-		logicaltest.TestStep{
+		{
 			Operation: logical.ListOperation,
 			Path:      "certs",
 			Check: func(resp *logical.Response) error {
@@ -1599,7 +1598,7 @@ func testAccStepListCerts(
 				}
 				return nil
 			},
-		}, logicaltest.TestStep{
+		}, {
 			Operation: logical.ListOperation,
 			Path:      "certs/",
 			Check: func(resp *logical.Response) error {
@@ -1973,7 +1972,7 @@ func TestBackend_CertUpgrade(t *testing.T) {
 		Period:     time.Second,
 		TTL:        time.Second,
 		MaxTTL:     time.Second,
-		BoundCIDRs: []*sockaddr.SockAddrMarshaler{&sockaddr.SockAddrMarshaler{SockAddr: sockaddr.MustIPAddr("127.0.0.1")}},
+		BoundCIDRs: []*sockaddr.SockAddrMarshaler{{SockAddr: sockaddr.MustIPAddr("127.0.0.1")}},
 	}
 
 	entry, err := logical.StorageEntryJSON("cert/foo", foo)
@@ -1995,13 +1994,13 @@ func TestBackend_CertUpgrade(t *testing.T) {
 		Period:     time.Second,
 		TTL:        time.Second,
 		MaxTTL:     time.Second,
-		BoundCIDRs: []*sockaddr.SockAddrMarshaler{&sockaddr.SockAddrMarshaler{SockAddr: sockaddr.MustIPAddr("127.0.0.1")}},
+		BoundCIDRs: []*sockaddr.SockAddrMarshaler{{SockAddr: sockaddr.MustIPAddr("127.0.0.1")}},
 		TokenParams: tokenutil.TokenParams{
 			TokenPolicies:   []string{"foo"},
 			TokenPeriod:     time.Second,
 			TokenTTL:        time.Second,
 			TokenMaxTTL:     time.Second,
-			TokenBoundCIDRs: []*sockaddr.SockAddrMarshaler{&sockaddr.SockAddrMarshaler{SockAddr: sockaddr.MustIPAddr("127.0.0.1")}},
+			TokenBoundCIDRs: []*sockaddr.SockAddrMarshaler{{SockAddr: sockaddr.MustIPAddr("127.0.0.1")}},
 		},
 	}
 	if diff := deep.Equal(certEntry, exp); diff != nil {

builtin/credential/cert/path_certs.go

@@ -34,12 +34,12 @@ func pathCerts(b *backend) *framework.Path {
 	p := &framework.Path{
 		Pattern: "certs/" + framework.GenericNameRegex("name"),
 		Fields: map[string]*framework.FieldSchema{
-			"name": &framework.FieldSchema{
+			"name": {
 				Type:        framework.TypeString,
 				Description: "The name of the certificate",
 			},
 
-			"certificate": &framework.FieldSchema{
+			"certificate": {
 				Type: framework.TypeString,
 				Description: `The public certificate that should be trusted.
 Must be x509 PEM encoded.`,
@@ -48,7 +48,7 @@ Must be x509 PEM encoded.`,
 				},
 			},
 
-			"allowed_names": &framework.FieldSchema{
+			"allowed_names": {
 				Type: framework.TypeCommaStringSlice,
 				Description: `A comma-separated list of names.
 At least one must exist in either the Common Name or SANs. Supports globbing.  
@@ -59,7 +59,7 @@ allowed_email_sans, allowed_uri_sans.`,
 				},
 			},
 
-			"allowed_common_names": &framework.FieldSchema{
+			"allowed_common_names": {
 				Type: framework.TypeCommaStringSlice,
 				Description: `A comma-separated list of names.
 At least one must exist in the Common Name. Supports globbing.`,
@@ -68,7 +68,7 @@ At least one must exist in the Common Name. Supports globbing.`,
 				},
 			},
 
-			"allowed_dns_sans": &framework.FieldSchema{
+			"allowed_dns_sans": {
 				Type: framework.TypeCommaStringSlice,
 				Description: `A comma-separated list of DNS names.
 At least one must exist in the SANs. Supports globbing.`,
@@ -78,7 +78,7 @@ At least one must exist in the SANs. Supports globbing.`,
 				},
 			},
 
-			"allowed_email_sans": &framework.FieldSchema{
+			"allowed_email_sans": {
 				Type: framework.TypeCommaStringSlice,
 				Description: `A comma-separated list of Email Addresses.
 At least one must exist in the SANs. Supports globbing.`,
@@ -88,7 +88,7 @@ At least one must exist in the SANs. Supports globbing.`,
 				},
 			},
 
-			"allowed_uri_sans": &framework.FieldSchema{
+			"allowed_uri_sans": {
 				Type: framework.TypeCommaStringSlice,
 				Description: `A comma-separated list of URIs.
 At least one must exist in the SANs. Supports globbing.`,
@@ -98,7 +98,7 @@ At least one must exist in the SANs. Supports globbing.`,
 				},
 			},
 
-			"allowed_organizational_units": &framework.FieldSchema{
+			"allowed_organizational_units": {
 				Type: framework.TypeCommaStringSlice,
 				Description: `A comma-separated list of Organizational Units names.
 At least one must exist in the OU field.`,
@@ -107,50 +107,50 @@ At least one must exist in the OU field.`,
 				},
 			},
 
-			"required_extensions": &framework.FieldSchema{
+			"required_extensions": {
 				Type: framework.TypeCommaStringSlice,
 				Description: `A comma-separated string or array of extensions
 formatted as "oid:value". Expects the extension value to be some type of ASN1 encoded string.
 All values much match. Supports globbing on "value".`,
 			},
 
-			"display_name": &framework.FieldSchema{
+			"display_name": {
 				Type: framework.TypeString,
 				Description: `The display name to use for clients using this
 certificate.`,
 			},
 
-			"policies": &framework.FieldSchema{
+			"policies": {
 				Type:        framework.TypeCommaStringSlice,
 				Description: tokenutil.DeprecationText("token_policies"),
 				Deprecated:  true,
 			},
 
-			"lease": &framework.FieldSchema{
+			"lease": {
 				Type:        framework.TypeInt,
 				Description: tokenutil.DeprecationText("token_ttl"),
 				Deprecated:  true,
 			},
 
-			"ttl": &framework.FieldSchema{
+			"ttl": {
 				Type:        framework.TypeDurationSecond,
 				Description: tokenutil.DeprecationText("token_ttl"),
 				Deprecated:  true,
 			},
 
-			"max_ttl": &framework.FieldSchema{
+			"max_ttl": {
 				Type:        framework.TypeDurationSecond,
 				Description: tokenutil.DeprecationText("token_max_ttl"),
 				Deprecated:  true,
 			},
 
-			"period": &framework.FieldSchema{
+			"period": {
 				Type:        framework.TypeDurationSecond,
 				Description: tokenutil.DeprecationText("token_period"),
 				Deprecated:  true,
 			},
 
-			"bound_cidrs": &framework.FieldSchema{
+			"bound_cidrs": {
 				Type:        framework.TypeCommaStringSlice,
 				Description: tokenutil.DeprecationText("token_bound_cidrs"),
 				Deprecated:  true,

builtin/credential/cert/path_config.go

@@ -12,7 +12,7 @@ func pathConfig(b *backend) *framework.Path {
 	return &framework.Path{
 		Pattern: "config",
 		Fields: map[string]*framework.FieldSchema{
-			"disable_binding": &framework.FieldSchema{
+			"disable_binding": {
 				Type:        framework.TypeBool,
 				Default:     false,
 				Description: `If set, during renewal, skips the matching of presented client identity with the client identity used during login. Defaults to false.`,

builtin/credential/cert/path_crls.go

@@ -18,12 +18,12 @@ func pathCRLs(b *backend) *framework.Path {
 	return &framework.Path{
 		Pattern: "crls/" + framework.GenericNameRegex("name"),
 		Fields: map[string]*framework.FieldSchema{
-			"name": &framework.FieldSchema{
+			"name": {
 				Type:        framework.TypeString,
 				Description: "The name of the certificate",
 			},
 
-			"crl": &framework.FieldSchema{
+			"crl": {
 				Type: framework.TypeString,
 				Description: `The public certificate that should be trusted.
 May be DER or PEM encoded. Note: the expiration time
@@ -230,8 +230,7 @@ type CRLInfo struct {
 	Serials map[string]RevokedSerialInfo `json:"serials" structs:"serials" mapstructure:"serials"`
 }
 
-type RevokedSerialInfo struct {
+type RevokedSerialInfo struct{}
-}
 
 const pathCRLsHelpSyn = `
 Manage Certificate Revocation Lists checked during authentication.

builtin/credential/cert/path_login.go

@@ -31,7 +31,7 @@ func pathLogin(b *backend) *framework.Path {
 	return &framework.Path{
 		Pattern: "login",
 		Fields: map[string]*framework.FieldSchema{
-			"name": &framework.FieldSchema{
+			"name": {
 				Type:        framework.TypeString,
 				Description: "The name of the certificate role to authenticate against.",
 			},

builtin/credential/github/path_config.go

@@ -17,12 +17,12 @@ func pathConfig(b *backend) *framework.Path {
 	p := &framework.Path{
 		Pattern: "config",
 		Fields: map[string]*framework.FieldSchema{
-			"organization": &framework.FieldSchema{
+			"organization": {
 				Type:        framework.TypeString,
 				Description: "The organization users must be part of",
 			},
 
-			"base_url": &framework.FieldSchema{
+			"base_url": {
 				Type: framework.TypeString,
 				Description: `The API endpoint to use. Useful if you
 are running GitHub Enterprise or an
@@ -32,12 +32,12 @@ API-compatible authentication server.`,
 					Group: "GitHub Options",
 				},
 			},
-			"ttl": &framework.FieldSchema{
+			"ttl": {
 				Type:        framework.TypeDurationSecond,
 				Description: tokenutil.DeprecationText("token_ttl"),
 				Deprecated:  true,
 			},
-			"max_ttl": &framework.FieldSchema{
+			"max_ttl": {
 				Type:        framework.TypeDurationSecond,
 				Description: tokenutil.DeprecationText("token_max_ttl"),
 				Deprecated:  true,

builtin/credential/github/path_login.go

@@ -18,7 +18,7 @@ func pathLogin(b *backend) *framework.Path {
 	return &framework.Path{
 		Pattern: "login",
 		Fields: map[string]*framework.FieldSchema{
-			"token": &framework.FieldSchema{
+			"token": {
 				Type:        framework.TypeString,
 				Description: "GitHub personal API token",
 			},
@@ -248,13 +248,11 @@ func (b *backend) verifyCredentials(ctx context.Context, req *logical.Request, t
 	}
 
 	groupPoliciesList, err := b.TeamMap.Policies(ctx, req.Storage, teamNames...)
-
 	if err != nil {
 		return nil, nil, err
 	}
 
 	userPoliciesList, err := b.UserMap.Policies(ctx, req.Storage, []string{*user.Login}...)
-
 	if err != nil {
 		return nil, nil, err
 	}

builtin/credential/ldap/backend.go

@@ -61,7 +61,6 @@ type backend struct {
 }
 
 func (b *backend) Login(ctx context.Context, req *logical.Request, username string, password string) ([]string, *logical.Response, []string, error) {
-
 	cfg, err := b.Config(ctx, req)
 	if err != nil {
 		return nil, nil, nil, err

builtin/credential/ldap/backend_test.go

@@ -617,12 +617,12 @@ func TestBackend_configDefaultsAfterUpdate(t *testing.T) {
 	logicaltest.Test(t, logicaltest.TestCase{
 		CredentialBackend: b,
 		Steps: []logicaltest.TestStep{
-			logicaltest.TestStep{
+			{
 				Operation: logical.UpdateOperation,
 				Path:      "config",
 				Data:      map[string]interface{}{},
 			},
-			logicaltest.TestStep{
+			{
 				Operation: logical.ReadOperation,
 				Path:      "config",
 				Check: func(resp *logical.Response) error {
@@ -1032,5 +1032,4 @@ func TestLdapAuthBackend_ConfigUpgrade(t *testing.T) {
 	if diff := deep.Equal(exp, configEntry); diff != nil {
 		t.Fatal(diff)
 	}
-
 }

builtin/credential/ldap/path_login.go

@@ -14,12 +14,12 @@ func pathLogin(b *backend) *framework.Path {
 	return &framework.Path{
 		Pattern: `login/(?P<username>.+)`,
 		Fields: map[string]*framework.FieldSchema{
-			"username": &framework.FieldSchema{
+			"username": {
 				Type:        framework.TypeString,
 				Description: "DN (distinguished name) to be used for login.",
 			},
 
-			"password": &framework.FieldSchema{
+			"password": {
 				Type:        framework.TypeString,
 				Description: "Password for this user.",
 			},

builtin/credential/okta/backend_test.go

@@ -171,7 +171,6 @@ func testLoginWrite(t *testing.T, username, password, reason string, expectedTTL
 				}
 			} else if reason != "" {
 				return fmt.Errorf("expected error containing %q, got no error", reason)
-
 			}
 
 			if resp.Auth != nil {

builtin/credential/okta/path_config.go

@@ -25,53 +25,53 @@ func pathConfig(b *backend) *framework.Path {
 	p := &framework.Path{
 		Pattern: `config`,
 		Fields: map[string]*framework.FieldSchema{
-			"organization": &framework.FieldSchema{
+			"organization": {
 				Type:        framework.TypeString,
 				Description: "Use org_name instead.",
 				Deprecated:  true,
 			},
-			"org_name": &framework.FieldSchema{
+			"org_name": {
 				Type:        framework.TypeString,
 				Description: "Name of the organization to be used in the Okta API.",
 				DisplayAttrs: &framework.DisplayAttributes{
 					Name: "Organization Name",
 				},
 			},
-			"token": &framework.FieldSchema{
+			"token": {
 				Type:        framework.TypeString,
 				Description: "Use api_token instead.",
 				Deprecated:  true,
 			},
-			"api_token": &framework.FieldSchema{
+			"api_token": {
 				Type:        framework.TypeString,
 				Description: "Okta API key.",
 				DisplayAttrs: &framework.DisplayAttributes{
 					Name: "API Token",
 				},
 			},
-			"base_url": &framework.FieldSchema{
+			"base_url": {
 				Type:        framework.TypeString,
 				Description: `The base domain to use for the Okta API. When not specified in the configuration, "okta.com" is used.`,
 				DisplayAttrs: &framework.DisplayAttributes{
 					Name: "Base URL",
 				},
 			},
-			"production": &framework.FieldSchema{
+			"production": {
 				Type:        framework.TypeBool,
 				Description: `Use base_url instead.`,
 				Deprecated:  true,
 			},
-			"ttl": &framework.FieldSchema{
+			"ttl": {
 				Type:        framework.TypeDurationSecond,
 				Description: tokenutil.DeprecationText("token_ttl"),
 				Deprecated:  true,
 			},
-			"max_ttl": &framework.FieldSchema{
+			"max_ttl": {
 				Type:        framework.TypeDurationSecond,
 				Description: tokenutil.DeprecationText("token_max_ttl"),
 				Deprecated:  true,
 			},
-			"bypass_okta_mfa": &framework.FieldSchema{
+			"bypass_okta_mfa": {
 				Type:        framework.TypeBool,
 				Description: `When set true, requests by Okta for a MFA check will be bypassed. This also disallows certain status checks on the account, such as whether the password is expired.`,
 				DisplayAttrs: &framework.DisplayAttributes{

builtin/credential/okta/path_groups.go

@@ -68,7 +68,6 @@ func (b *backend) Group(ctx context.Context, s logical.Storage, n string) (*Grou
 		entries, err := groupList(ctx, s)
 		if err != nil {
 			return nil, "", err
-
 		}
 
 		for _, groupName := range entries {

builtin/credential/okta/path_login.go

@@ -152,11 +152,9 @@ func (b *backend) pathLoginRenew(ctx context.Context, req *logical.Request, d *f
 	}
 
 	return resp, nil
-
 }
 
 func (b *backend) getConfig(ctx context.Context, req *logical.Request) (*ConfigEntry, error) {
-
 	cfg, err := b.Config(ctx, req.Storage)
 	if err != nil {
 		return nil, err

builtin/credential/okta/path_users.go

@@ -28,17 +28,17 @@ func pathUsers(b *backend) *framework.Path {
 	return &framework.Path{
 		Pattern: `users/(?P<name>.+)`,
 		Fields: map[string]*framework.FieldSchema{
-			"name": &framework.FieldSchema{
+			"name": {
 				Type:        framework.TypeString,
 				Description: "Name of the user.",
 			},
 
-			"groups": &framework.FieldSchema{
+			"groups": {
 				Type:        framework.TypeCommaStringSlice,
 				Description: "List of groups associated with the user.",
 			},
 
-			"policies": &framework.FieldSchema{
+			"policies": {
 				Type:        framework.TypeCommaStringSlice,
 				Description: "List of policies associated with the user.",
 			},

builtin/credential/radius/backend_test.go

@@ -296,7 +296,7 @@ func testAccUserLoginPolicy(t *testing.T, user string, data map[string]interface
 		Data:            data,
 		ErrorOk:         expectError,
 		Unauthenticated: true,
-		//Check:           logicaltest.TestCheckAuth(policies),
+		// Check:           logicaltest.TestCheckAuth(policies),
 		Check: func(resp *logical.Response) error {
 			res := logicaltest.TestCheckAuth(policies)(resp)
 			if res != nil && expectError {

builtin/credential/radius/path_config.go

@@ -13,14 +13,14 @@ func pathConfig(b *backend) *framework.Path {
 	p := &framework.Path{
 		Pattern: "config",
 		Fields: map[string]*framework.FieldSchema{
-			"host": &framework.FieldSchema{
+			"host": {
 				Type:        framework.TypeString,
 				Description: "RADIUS server host",
 				DisplayAttrs: &framework.DisplayAttributes{
 					Name: "Host",
 				},
 			},
-			"port": &framework.FieldSchema{
+			"port": {
 				Type:        framework.TypeInt,
 				Default:     1812,
 				Description: "RADIUS server port (default: 1812)",
@@ -28,11 +28,11 @@ func pathConfig(b *backend) *framework.Path {
 					Value: 1812,
 				},
 			},
-			"secret": &framework.FieldSchema{
+			"secret": {
 				Type:        framework.TypeString,
 				Description: "Secret shared with the RADIUS server",
 			},
-			"unregistered_user_policies": &framework.FieldSchema{
+			"unregistered_user_policies": {
 				Type:        framework.TypeString,
 				Default:     "",
 				Description: "Comma-separated list of policies to grant upon successful RADIUS authentication of an unregisted user (default: empty)",
@@ -40,7 +40,7 @@ func pathConfig(b *backend) *framework.Path {
 					Name: "Policies for unregistered users",
 				},
 			},
-			"dial_timeout": &framework.FieldSchema{
+			"dial_timeout": {
 				Type:        framework.TypeDurationSecond,
 				Default:     10,
 				Description: "Number of seconds before connect times out (default: 10)",
@@ -48,7 +48,7 @@ func pathConfig(b *backend) *framework.Path {
 					Value: 10,
 				},
 			},
-			"read_timeout": &framework.FieldSchema{
+			"read_timeout": {
 				Type:        framework.TypeDurationSecond,
 				Default:     10,
 				Description: "Number of seconds before response times out (default: 10)",
@@ -56,7 +56,7 @@ func pathConfig(b *backend) *framework.Path {
 					Value: 10,
 				},
 			},
-			"nas_port": &framework.FieldSchema{
+			"nas_port": {
 				Type:        framework.TypeInt,
 				Default:     10,
 				Description: "RADIUS NAS port field (default: 10)",
@@ -65,7 +65,7 @@ func pathConfig(b *backend) *framework.Path {
 					Value: 10,
 				},
 			},
-			"nas_identifier": &framework.FieldSchema{
+			"nas_identifier": {
 				Type:        framework.TypeString,
 				Default:     "",
 				Description: "RADIUS NAS Identifier field (optional)",

builtin/credential/radius/path_login.go

@@ -21,17 +21,17 @@ func pathLogin(b *backend) *framework.Path {
 	return &framework.Path{
 		Pattern: "login" + framework.OptionalParamRegex("urlusername"),
 		Fields: map[string]*framework.FieldSchema{
-			"urlusername": &framework.FieldSchema{
+			"urlusername": {
 				Type:        framework.TypeString,
 				Description: "Username to be used for login. (URL parameter)",
 			},
 
-			"username": &framework.FieldSchema{
+			"username": {
 				Type:        framework.TypeString,
 				Description: "Username to be used for login. (POST request body)",
 			},
 
-			"password": &framework.FieldSchema{
+			"password": {
 				Type:        framework.TypeString,
 				Description: "Password for this user.",
 			},

builtin/credential/radius/path_users.go

@@ -31,12 +31,12 @@ func pathUsers(b *backend) *framework.Path {
 	return &framework.Path{
 		Pattern: `users/(?P<name>.+)`,
 		Fields: map[string]*framework.FieldSchema{
-			"name": &framework.FieldSchema{
+			"name": {
 				Type:        framework.TypeString,
 				Description: "Name of the RADIUS user.",
 			},
 
-			"policies": &framework.FieldSchema{
+			"policies": {
 				Type:        framework.TypeCommaStringSlice,
 				Description: "Comma-separated list of policies associated to the user.",
 			},
@@ -116,8 +116,7 @@ func (b *backend) pathUserRead(ctx context.Context, req *logical.Request, d *fra
 }
 
 func (b *backend) pathUserWrite(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
-
+	policies := policyutil.ParsePolicies(d.Get("policies"))
-	var policies = policyutil.ParsePolicies(d.Get("policies"))
 	for _, policy := range policies {
 		if policy == "root" {
 			return logical.ErrorResponse("root policy cannot be granted by an auth method"), nil

builtin/credential/token/cli.go

@@ -134,7 +134,6 @@ func (h *CLIHandler) Auth(c *api.Client, m map[string]string) (*api.Secret, erro
 			Renewable:     renewable,
 		},
 	}, nil
-
 }
 
 func (h *CLIHandler) Help() string {

builtin/credential/userpass/backend_test.go

@@ -2,13 +2,12 @@ package userpass
 
 import (
 	"context"
+	"crypto/tls"
 	"fmt"
 	"reflect"
 	"testing"
 	"time"
 
-	"crypto/tls"
-
 	"github.com/go-test/deep"
 	sockaddr "github.com/hashicorp/go-sockaddr"
 	logicaltest "github.com/hashicorp/vault/helper/testhelpers/logical"
@@ -78,7 +77,7 @@ func TestBackend_CRUD(t *testing.T) {
 	if diff := deep.Equal(resp.Data["token_policies"], []string{"foo"}); diff != nil {
 		t.Fatal(diff)
 	}
-	if diff := deep.Equal(resp.Data["token_bound_cidrs"], []*sockaddr.SockAddrMarshaler{&sockaddr.SockAddrMarshaler{localhostSockAddr}}); diff != nil {
+	if diff := deep.Equal(resp.Data["token_bound_cidrs"], []*sockaddr.SockAddrMarshaler{{localhostSockAddr}}); diff != nil {
 		t.Fatal(diff)
 	}
 
@@ -124,10 +123,10 @@ func TestBackend_CRUD(t *testing.T) {
 	if diff := deep.Equal(resp.Data["token_policies"], []string{"bar"}); diff != nil {
 		t.Fatal(diff)
 	}
-	if diff := deep.Equal(resp.Data["bound_cidrs"], []*sockaddr.SockAddrMarshaler{&sockaddr.SockAddrMarshaler{localhostSockAddr}}); diff != nil {
+	if diff := deep.Equal(resp.Data["bound_cidrs"], []*sockaddr.SockAddrMarshaler{{localhostSockAddr}}); diff != nil {
 		t.Fatal(diff)
 	}
-	if diff := deep.Equal(resp.Data["token_bound_cidrs"], []*sockaddr.SockAddrMarshaler{&sockaddr.SockAddrMarshaler{localhostSockAddr}}); diff != nil {
+	if diff := deep.Equal(resp.Data["token_bound_cidrs"], []*sockaddr.SockAddrMarshaler{{localhostSockAddr}}); diff != nil {
 		t.Fatal(diff)
 	}
 }
@@ -221,7 +220,6 @@ func TestBackend_passwordUpdate(t *testing.T) {
 			testAccStepLogin(t, "web", "newpassword", []string{"default", "foo"}),
 		},
 	})
-
 }
 
 func TestBackend_policiesUpdate(t *testing.T) {
@@ -247,7 +245,6 @@ func TestBackend_policiesUpdate(t *testing.T) {
 			testAccStepLogin(t, "web", "password", []string{"bar", "default", "foo"}),
 		},
 	})
-
 }
 
 func testUpdatePassword(t *testing.T, user, password string) logicaltest.TestStep {
@@ -382,7 +379,7 @@ func TestBackend_UserUpgrade(t *testing.T) {
 		Policies:   []string{"foo"},
 		TTL:        time.Second,
 		MaxTTL:     time.Second,
-		BoundCIDRs: []*sockaddr.SockAddrMarshaler{&sockaddr.SockAddrMarshaler{SockAddr: sockaddr.MustIPAddr("127.0.0.1")}},
+		BoundCIDRs: []*sockaddr.SockAddrMarshaler{{SockAddr: sockaddr.MustIPAddr("127.0.0.1")}},
 	}
 
 	entry, err := logical.StorageEntryJSON("user/foo", foo)
@@ -403,12 +400,12 @@ func TestBackend_UserUpgrade(t *testing.T) {
 		Policies:   []string{"foo"},
 		TTL:        time.Second,
 		MaxTTL:     time.Second,
-		BoundCIDRs: []*sockaddr.SockAddrMarshaler{&sockaddr.SockAddrMarshaler{SockAddr: sockaddr.MustIPAddr("127.0.0.1")}},
+		BoundCIDRs: []*sockaddr.SockAddrMarshaler{{SockAddr: sockaddr.MustIPAddr("127.0.0.1")}},
 		TokenParams: tokenutil.TokenParams{
 			TokenPolicies:   []string{"foo"},
 			TokenTTL:        time.Second,
 			TokenMaxTTL:     time.Second,
-			TokenBoundCIDRs: []*sockaddr.SockAddrMarshaler{&sockaddr.SockAddrMarshaler{SockAddr: sockaddr.MustIPAddr("127.0.0.1")}},
+			TokenBoundCIDRs: []*sockaddr.SockAddrMarshaler{{SockAddr: sockaddr.MustIPAddr("127.0.0.1")}},
 		},
 	}
 	if diff := deep.Equal(userEntry, exp); diff != nil {

builtin/credential/userpass/path_login.go

@@ -17,12 +17,12 @@ func pathLogin(b *backend) *framework.Path {
 	return &framework.Path{
 		Pattern: "login/" + framework.GenericNameRegex("username"),
 		Fields: map[string]*framework.FieldSchema{
-			"username": &framework.FieldSchema{
+			"username": {
 				Type:        framework.TypeString,
 				Description: "Username of the user.",
 			},
 
-			"password": &framework.FieldSchema{
+			"password": {
 				Type:        framework.TypeString,
 				Description: "Password for this user.",
 			},

builtin/credential/userpass/path_user_password.go

@@ -14,12 +14,12 @@ func pathUserPassword(b *backend) *framework.Path {
 	return &framework.Path{
 		Pattern: "users/" + framework.GenericNameRegex("username") + "/password$",
 		Fields: map[string]*framework.FieldSchema{
-			"username": &framework.FieldSchema{
+			"username": {
 				Type:        framework.TypeString,
 				Description: "Username for this user.",
 			},
 
-			"password": &framework.FieldSchema{
+			"password": {
 				Type:        framework.TypeString,
 				Description: "Password for this user.",
 			},

builtin/credential/userpass/path_user_policies.go

@@ -14,16 +14,16 @@ func pathUserPolicies(b *backend) *framework.Path {
 	return &framework.Path{
 		Pattern: "users/" + framework.GenericNameRegex("username") + "/policies$",
 		Fields: map[string]*framework.FieldSchema{
-			"username": &framework.FieldSchema{
+			"username": {
 				Type:        framework.TypeString,
 				Description: "Username for this user.",
 			},
-			"policies": &framework.FieldSchema{
+			"policies": {
 				Type:        framework.TypeCommaStringSlice,
 				Description: tokenutil.DeprecationText("token_policies"),
 				Deprecated:  true,
 			},
-			"token_policies": &framework.FieldSchema{
+			"token_policies": {
 				Type:        framework.TypeCommaStringSlice,
 				Description: "Comma-separated list of policies",
 			},

builtin/credential/userpass/path_users.go

@@ -33,12 +33,12 @@ func pathUsers(b *backend) *framework.Path {
 	p := &framework.Path{
 		Pattern: "users/" + framework.GenericNameRegex("username"),
 		Fields: map[string]*framework.FieldSchema{
-			"username": &framework.FieldSchema{
+			"username": {
 				Type:        framework.TypeString,
 				Description: "Username for this user.",
 			},
 
-			"password": &framework.FieldSchema{
+			"password": {
 				Type:        framework.TypeString,
 				Description: "Password for this user.",
 				DisplayAttrs: &framework.DisplayAttributes{
@@ -46,25 +46,25 @@ func pathUsers(b *backend) *framework.Path {
 				},
 			},
 
-			"policies": &framework.FieldSchema{
+			"policies": {
 				Type:        framework.TypeCommaStringSlice,
 				Description: tokenutil.DeprecationText("token_policies"),
 				Deprecated:  true,
 			},
 
-			"ttl": &framework.FieldSchema{
+			"ttl": {
 				Type:        framework.TypeDurationSecond,
 				Description: tokenutil.DeprecationText("token_ttl"),
 				Deprecated:  true,
 			},
 
-			"max_ttl": &framework.FieldSchema{
+			"max_ttl": {
 				Type:        framework.TypeDurationSecond,
 				Description: tokenutil.DeprecationText("token_max_ttl"),
 				Deprecated:  true,
 			},
 
-			"bound_cidrs": &framework.FieldSchema{
+			"bound_cidrs": {
 				Type:        framework.TypeCommaStringSlice,
 				Description: tokenutil.DeprecationText("token_bound_cidrs"),
 				Deprecated:  true,

builtin/logical/aws/backend_test.go

@@ -216,7 +216,6 @@ func getAccountID() (string, error) {
 
 	params := &sts.GetCallerIdentityInput{}
 	res, err := svc.GetCallerIdentity(params)
-
 	if err != nil {
 		return "", err
 	}
@@ -912,10 +911,12 @@ const testS3Policy = `{
     ]
 }`
 
-const adminAccessPolicyArn = "arn:aws:iam::aws:policy/AdministratorAccess"
+const (
-const ec2PolicyArn = "arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess"
+	adminAccessPolicyArn = "arn:aws:iam::aws:policy/AdministratorAccess"
-const iamPolicyArn = "arn:aws:iam::aws:policy/IAMReadOnlyAccess"
+	ec2PolicyArn         = "arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess"
-const dynamoPolicyArn = "arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess"
+	iamPolicyArn         = "arn:aws:iam::aws:policy/IAMReadOnlyAccess"
+	dynamoPolicyArn      = "arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess"
+)
 
 func testAccStepWriteRole(t *testing.T, name string, data map[string]interface{}) logicaltest.TestStep {
 	return logicaltest.TestStep{

builtin/logical/aws/iam_policies.go

@@ -113,7 +113,7 @@ func combinePolicyDocuments(policies ...string) (string, error) {
 	var policy string
 	var err error
 	var policyBytes []byte
-	var newPolicy = PolicyDocument{
+	newPolicy := PolicyDocument{
 		// 2012-10-17 is the current version of the AWS policy language:
 		// https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_version.html
 		Version: "2012-10-17",

builtin/logical/aws/path_config_lease.go

@@ -13,12 +13,12 @@ func pathConfigLease(b *backend) *framework.Path {
 	return &framework.Path{
 		Pattern: "config/lease",
 		Fields: map[string]*framework.FieldSchema{
-			"lease": &framework.FieldSchema{
+			"lease": {
 				Type:        framework.TypeString,
 				Description: "Default lease for roles.",
 			},
 
-			"lease_max": &framework.FieldSchema{
+			"lease_max": {
 				Type:        framework.TypeString,
 				Description: "Maximum time a credential is valid for.",
 			},
@@ -91,7 +91,6 @@ func (b *backend) pathLeaseWrite(ctx context.Context, req *logical.Request, d *f
 
 func (b *backend) pathLeaseRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
 	lease, err := b.Lease(ctx, req.Storage)
-
 	if err != nil {
 		return nil, err
 	}

builtin/logical/aws/path_config_root.go

@@ -12,29 +12,29 @@ func pathConfigRoot(b *backend) *framework.Path {
 	return &framework.Path{
 		Pattern: "config/root",
 		Fields: map[string]*framework.FieldSchema{
-			"access_key": &framework.FieldSchema{
+			"access_key": {
 				Type:        framework.TypeString,
 				Description: "Access key with permission to create new keys.",
 			},
 
-			"secret_key": &framework.FieldSchema{
+			"secret_key": {
 				Type:        framework.TypeString,
 				Description: "Secret key with permission to create new keys.",
 			},
 
-			"region": &framework.FieldSchema{
+			"region": {
 				Type:        framework.TypeString,
 				Description: "Region for API calls.",
 			},
-			"iam_endpoint": &framework.FieldSchema{
+			"iam_endpoint": {
 				Type:        framework.TypeString,
 				Description: "Endpoint to custom IAM server URL",
 			},
-			"sts_endpoint": &framework.FieldSchema{
+			"sts_endpoint": {
 				Type:        framework.TypeString,
 				Description: "Endpoint to custom STS server URL",
 			},
-			"max_retries": &framework.FieldSchema{
+			"max_retries": {
 				Type:        framework.TypeInt,
 				Default:     aws.UseServiceDefaultRetries,
 				Description: "Maximum number of retries for recoverable exceptions of AWS APIs",

builtin/logical/aws/path_roles.go

@@ -18,9 +18,7 @@ import (
 	"github.com/hashicorp/vault/sdk/logical"
 )
 
-var (
+var userPathRegex = regexp.MustCompile(`^\/([\x21-\x7F]{0,510}\/)?$`)
-	userPathRegex = regexp.MustCompile(`^\/([\x21-\x7F]{0,510}\/)?$`)
-)
 
 func pathListRoles(b *backend) *framework.Path {
 	return &framework.Path{
@@ -39,7 +37,7 @@ func pathRoles(b *backend) *framework.Path {
 	return &framework.Path{
 		Pattern: "roles/" + framework.GenericNameWithAtRegex("name"),
 		Fields: map[string]*framework.FieldSchema{
-			"name": &framework.FieldSchema{
+			"name": {
 				Type:        framework.TypeString,
 				Description: "Name of the policy",
 				DisplayAttrs: &framework.DisplayAttributes{
@@ -47,12 +45,12 @@ func pathRoles(b *backend) *framework.Path {
 				},
 			},
 
-			"credential_type": &framework.FieldSchema{
+			"credential_type": {
 				Type:        framework.TypeString,
 				Description: fmt.Sprintf("Type of credential to retrieve. Must be one of %s, %s, or %s", assumedRoleCred, iamUserCred, federationTokenCred),
 			},
 
-			"role_arns": &framework.FieldSchema{
+			"role_arns": {
 				Type:        framework.TypeCommaStringSlice,
 				Description: "ARNs of AWS roles allowed to be assumed. Only valid when credential_type is " + assumedRoleCred,
 				DisplayAttrs: &framework.DisplayAttributes{
@@ -60,7 +58,7 @@ func pathRoles(b *backend) *framework.Path {
 				},
 			},
 
-			"policy_arns": &framework.FieldSchema{
+			"policy_arns": {
 				Type: framework.TypeCommaStringSlice,
 				Description: fmt.Sprintf(`ARNs of AWS policies. Behavior varies by credential_type. When credential_type is
 %s, then it will attach the specified policies to the generated IAM user.
@@ -71,7 +69,7 @@ PolicyArns parameter, acting as a filter on permissions available.`, iamUserCred
 				},
 			},
 
-			"policy_document": &framework.FieldSchema{
+			"policy_document": {
 				Type: framework.TypeString,
 				Description: `JSON-encoded IAM policy document. Behavior varies by credential_type. When credential_type is
 iam_user, then it will attach the contents of the policy_document to the IAM
@@ -80,7 +78,7 @@ will be passed in as the Policy parameter to the AssumeRole or
 GetFederationToken API call, acting as a filter on permissions available.`,
 			},
 
-			"iam_groups": &framework.FieldSchema{
+			"iam_groups": {
 				Type: framework.TypeCommaStringSlice,
 				Description: `Names of IAM groups that generated IAM users will be added to. For a credential
 type of assumed_role or federation_token, the policies sent to the
@@ -93,7 +91,7 @@ and policy_arns parameters.`,
 				},
 			},
 
-			"iam_tags": &framework.FieldSchema{
+			"iam_tags": {
 				Type: framework.TypeKVPairs,
 				Description: `IAM tags to be set for any users created by this role. These must be presented
 as Key-Value pairs. This can be represented as a map or a list of equal sign
@@ -104,7 +102,7 @@ delimited key pairs.`,
 				},
 			},
 
-			"default_sts_ttl": &framework.FieldSchema{
+			"default_sts_ttl": {
 				Type:        framework.TypeDurationSecond,
 				Description: fmt.Sprintf("Default TTL for %s and %s credential types when no TTL is explicitly requested with the credentials", assumedRoleCred, federationTokenCred),
 				DisplayAttrs: &framework.DisplayAttributes{
@@ -112,7 +110,7 @@ delimited key pairs.`,
 				},
 			},
 
-			"max_sts_ttl": &framework.FieldSchema{
+			"max_sts_ttl": {
 				Type:        framework.TypeDurationSecond,
 				Description: fmt.Sprintf("Max allowed TTL for %s and %s credential types", assumedRoleCred, federationTokenCred),
 				DisplayAttrs: &framework.DisplayAttributes{
@@ -120,7 +118,7 @@ delimited key pairs.`,
 				},
 			},
 
-			"permissions_boundary_arn": &framework.FieldSchema{
+			"permissions_boundary_arn": {
 				Type:        framework.TypeString,
 				Description: "ARN of an IAM policy to attach as a permissions boundary on IAM user credentials; only valid when credential_type is" + iamUserCred,
 				DisplayAttrs: &framework.DisplayAttributes{
@@ -128,19 +126,19 @@ delimited key pairs.`,
 				},
 			},
 
-			"arn": &framework.FieldSchema{
+			"arn": {
 				Type:        framework.TypeString,
 				Description: `Use role_arns or policy_arns instead.`,
 				Deprecated:  true,
 			},
 
-			"policy": &framework.FieldSchema{
+			"policy": {
 				Type:        framework.TypeString,
 				Description: "Use policy_document instead.",
 				Deprecated:  true,
 			},
 
-			"user_path": &framework.FieldSchema{
+			"user_path": {
 				Type:        framework.TypeString,
 				Description: "Path for IAM User. Only valid when credential_type is " + iamUserCred,
 				DisplayAttrs: &framework.DisplayAttributes{

builtin/logical/aws/path_roles_test.go

@@ -159,7 +159,6 @@ func TestUpgradeLegacyPolicyEntry(t *testing.T) {
 }
 
 func TestUserPathValidity(t *testing.T) {
-
 	testCases := []struct {
 		description string
 		userPath    string
@@ -339,7 +338,7 @@ func TestRoleEntryValidationCredTypes(t *testing.T) {
 }
 
 func TestRoleEntryValidationIamUserCred(t *testing.T) {
-	var allowAllPolicyDocument = `{"Version": "2012-10-17", "Statement": [{"Sid": "AllowAll", "Effect": "Allow", "Action": "*", "Resource": "*"}]}`
+	allowAllPolicyDocument := `{"Version": "2012-10-17", "Statement": [{"Sid": "AllowAll", "Effect": "Allow", "Action": "*", "Resource": "*"}]}`
 	roleEntry := awsRoleEntry{
 		CredentialTypes:        []string{iamUserCred},
 		PolicyArns:             []string{adminAccessPolicyARN},
@@ -384,7 +383,7 @@ func TestRoleEntryValidationIamUserCred(t *testing.T) {
 }
 
 func TestRoleEntryValidationAssumedRoleCred(t *testing.T) {
-	var allowAllPolicyDocument = `{"Version": "2012-10-17", "Statement": [{"Sid": "AllowAll", "Effect": "Allow", "Action": "*", "Resource": "*"}]}`
+	allowAllPolicyDocument := `{"Version": "2012-10-17", "Statement": [{"Sid": "AllowAll", "Effect": "Allow", "Action": "*", "Resource": "*"}]}`
 	roleEntry := awsRoleEntry{
 		CredentialTypes: []string{assumedRoleCred},
 		RoleArns:        []string{"arn:aws:iam::123456789012:role/SomeRole"},
@@ -414,7 +413,7 @@ func TestRoleEntryValidationAssumedRoleCred(t *testing.T) {
 }
 
 func TestRoleEntryValidationFederationTokenCred(t *testing.T) {
-	var allowAllPolicyDocument = `{"Version": "2012-10-17", "Statement": [{"Sid": "AllowAll", "Effect": "Allow", "Action": "*", "Resource": "*"}]}`
+	allowAllPolicyDocument := `{"Version": "2012-10-17", "Statement": [{"Sid": "AllowAll", "Effect": "Allow", "Action": "*", "Resource": "*"}]}`
 	roleEntry := awsRoleEntry{
 		CredentialTypes: []string{federationTokenCred},
 		PolicyDocument:  allowAllPolicyDocument,
@@ -446,5 +445,4 @@ func TestRoleEntryValidationFederationTokenCred(t *testing.T) {
 	if roleEntry.validate() == nil {
 		t.Errorf("bad: invalid roleEntry with unrecognized PermissionsBoundary %#v passed validation", roleEntry)
 	}
-
 }

builtin/logical/aws/path_user.go

@@ -20,15 +20,15 @@ func pathUser(b *backend) *framework.Path {
 	return &framework.Path{
 		Pattern: "(creds|sts)/" + framework.GenericNameWithAtRegex("name"),
 		Fields: map[string]*framework.FieldSchema{
-			"name": &framework.FieldSchema{
+			"name": {
 				Type:        framework.TypeString,
 				Description: "Name of the role",
 			},
-			"role_arn": &framework.FieldSchema{
+			"role_arn": {
 				Type:        framework.TypeString,
 				Description: "ARN of role to assume when credential_type is " + assumedRoleCred,
 			},
-			"ttl": &framework.FieldSchema{
+			"ttl": {
 				Type:        framework.TypeDurationSecond,
 				Description: "Lifetime of the returned credentials in seconds",
 				Default:     3600,

builtin/logical/aws/secret_access_keys.go

@@ -23,16 +23,16 @@ func secretAccessKeys(b *backend) *framework.Secret {
 	return &framework.Secret{
 		Type: secretAccessKeyType,
 		Fields: map[string]*framework.FieldSchema{
-			"access_key": &framework.FieldSchema{
+			"access_key": {
 				Type:        framework.TypeString,
 				Description: "Access Key",
 			},
 
-			"secret_key": &framework.FieldSchema{
+			"secret_key": {
 				Type:        framework.TypeString,
 				Description: "Secret Key",
 			},
-			"security_token": &framework.FieldSchema{
+			"security_token": {
 				Type:        framework.TypeString,
 				Description: "Security Token",
 			},
@@ -112,7 +112,6 @@ func (b *backend) getFederationToken(ctx context.Context, s logical.Storage,
 	}
 
 	tokenResp, err := stsClient.GetFederationToken(getTokenInput)
-
 	if err != nil {
 		return logical.ErrorResponse("Error generating STS keys: %s", err), awsutil.CheckAWSError(err)
 	}
@@ -180,7 +179,6 @@ func (b *backend) assumeRole(ctx context.Context, s logical.Storage,
 		assumeRoleInput.SetPolicyArns(convertPolicyARNs(policyARNs))
 	}
 	tokenResp, err := stsClient.AssumeRole(assumeRoleInput)
-
 	if err != nil {
 		return logical.ErrorResponse("Error assuming role: %s", err), awsutil.CheckAWSError(err)
 	}
@@ -376,7 +374,6 @@ func (b *backend) secretAccessKeysRenew(ctx context.Context, req *logical.Reques
 }
 
 func (b *backend) secretAccessKeysRevoke(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
-
 	// STS cleans up after itself so we can skip this if is_sts internal data
 	// element set to true. If is_sts is not set, assumes old version
 	// and defaults to the IAM approach.

builtin/logical/aws/secret_access_keys_test.go

@@ -5,7 +5,6 @@ import (
 )
 
 func TestNormalizeDisplayName_NormRequired(t *testing.T) {
-
 	invalidNames := map[string]string{
 		"^#$test name\nshould be normalized)(*": "___test_name_should_be_normalized___",
 		"^#$test name1 should be normalized)(*": "___test_name1_should_be_normalized___",
@@ -25,7 +24,6 @@ func TestNormalizeDisplayName_NormRequired(t *testing.T) {
 }
 
 func TestNormalizeDisplayName_NormNotRequired(t *testing.T) {
-
 	validNames := []string{
 		"test_name_should_normalize_to_itself@example.com",
 		"test1_name_should_normalize_to_itself@example.com",

builtin/logical/cassandra/backend.go

@@ -105,7 +105,6 @@ func (b *backend) DB(ctx context.Context, s logical.Storage) (*gocql.Session, er
 	b.session = session
 
 	return session, err
-
 }
 
 // ResetDB forces a connection next time DB() is called.

builtin/logical/cassandra/path_config_connection.go

@@ -14,47 +14,47 @@ func pathConfigConnection(b *backend) *framework.Path {
 	return &framework.Path{
 		Pattern: "config/connection",
 		Fields: map[string]*framework.FieldSchema{
-			"hosts": &framework.FieldSchema{
+			"hosts": {
 				Type:        framework.TypeString,
 				Description: "Comma-separated list of hosts",
 			},
 
-			"username": &framework.FieldSchema{
+			"username": {
 				Type:        framework.TypeString,
 				Description: "The username to use for connecting to the cluster",
 			},
 
-			"password": &framework.FieldSchema{
+			"password": {
 				Type:        framework.TypeString,
 				Description: "The password to use for connecting to the cluster",
 			},
 
-			"tls": &framework.FieldSchema{
+			"tls": {
 				Type: framework.TypeBool,
 				Description: `Whether to use TLS. If pem_bundle or pem_json are
 set, this is automatically set to true`,
 			},
 
-			"insecure_tls": &framework.FieldSchema{
+			"insecure_tls": {
 				Type: framework.TypeBool,
 				Description: `Whether to use TLS but skip verification; has no
 effect if a CA certificate is provided`,
 			},
 
 			// TLS 1.3 is not supported as this engine is deprecated. Please switch to the Cassandra database secrets engine
-			"tls_min_version": &framework.FieldSchema{
+			"tls_min_version": {
 				Type:        framework.TypeString,
 				Default:     "tls12",
 				Description: "Minimum TLS version to use. Accepted values are 'tls10', 'tls11' or 'tls12'. Defaults to 'tls12'",
 			},
 
-			"pem_bundle": &framework.FieldSchema{
+			"pem_bundle": {
 				Type: framework.TypeString,
 				Description: `PEM-format, concatenated unencrypted secret key
 and certificate, with optional CA certificate`,
 			},
 
-			"pem_json": &framework.FieldSchema{
+			"pem_json": {
 				Type: framework.TypeString,
 				Description: `JSON containing a PEM-format, unencrypted secret
 key and certificate, with optional CA certificate.
@@ -64,12 +64,12 @@ If both this and "pem_bundle" are specified, this will
 take precedence.`,
 			},
 
-			"protocol_version": &framework.FieldSchema{
+			"protocol_version": {
 				Type:        framework.TypeInt,
 				Description: `The protocol version to use. Defaults to 2.`,
 			},
 
-			"connect_timeout": &framework.FieldSchema{
+			"connect_timeout": {
 				Type:        framework.TypeDurationSecond,
 				Default:     5,
 				Description: `The connection timeout to use. Defaults to 5.`,

builtin/logical/cassandra/path_creds_create.go

@@ -17,7 +17,7 @@ func pathCredsCreate(b *backend) *framework.Path {
 	return &framework.Path{
 		Pattern: "creds/" + framework.GenericNameRegex("name"),
 		Fields: map[string]*framework.FieldSchema{
-			"name": &framework.FieldSchema{
+			"name": {
 				Type:        framework.TypeString,
 				Description: "Name of the role",
 			},

builtin/logical/cassandra/path_roles.go

@@ -20,12 +20,12 @@ func pathRoles(b *backend) *framework.Path {
 	return &framework.Path{
 		Pattern: "roles/" + framework.GenericNameRegex("name"),
 		Fields: map[string]*framework.FieldSchema{
-			"name": &framework.FieldSchema{
+			"name": {
 				Type:        framework.TypeString,
 				Description: "Name of the role",
 			},
 
-			"creation_cql": &framework.FieldSchema{
+			"creation_cql": {
 				Type:    framework.TypeString,
 				Default: defaultCreationCQL,
 				Description: `CQL to create a user and optionally grant
@@ -38,7 +38,7 @@ file. Valid template values are '{{username}}' and
 '{{password}}' -- the single quotes are important!`,
 			},
 
-			"rollback_cql": &framework.FieldSchema{
+			"rollback_cql": {
 				Type:    framework.TypeString,
 				Default: defaultRollbackCQL,
 				Description: `CQL to roll back an account operation. This will
@@ -51,13 +51,13 @@ template values are '{{username}}' and
 '{{password}}' -- the single quotes are important!`,
 			},
 
-			"lease": &framework.FieldSchema{
+			"lease": {
 				Type:        framework.TypeString,
 				Default:     "4h",
 				Description: "The lease length; defaults to 4 hours",
 			},
 
-			"consistency": &framework.FieldSchema{
+			"consistency": {
 				Type:        framework.TypeString,
 				Default:     "Quorum",
 				Description: "The consistency level for the operations; defaults to Quorum.",

builtin/logical/cassandra/secret_creds.go

@@ -16,12 +16,12 @@ func secretCreds(b *backend) *framework.Secret {
 	return &framework.Secret{
 		Type: SecretCredsType,
 		Fields: map[string]*framework.FieldSchema{
-			"username": &framework.FieldSchema{
+			"username": {
 				Type:        framework.TypeString,
 				Description: "Username",
 			},
 
-			"password": &framework.FieldSchema{
+			"password": {
 				Type:        framework.TypeString,
 				Description: "Password",
 			},

builtin/logical/consul/backend_test.go

@@ -198,7 +198,6 @@ func testBackendRenewRevoke(t *testing.T, version string) {
 	if err == nil {
 		t.Fatal("expected error")
 	}
-
 }
 
 func testBackendRenewRevoke14(t *testing.T, version string) {

builtin/logical/consul/path_config.go

@@ -13,12 +13,12 @@ func pathConfigAccess(b *backend) *framework.Path {
 	return &framework.Path{
 		Pattern: "config/access",
 		Fields: map[string]*framework.FieldSchema{
-			"address": &framework.FieldSchema{
+			"address": {
 				Type:        framework.TypeString,
 				Description: "Consul server address",
 			},
 
-			"scheme": &framework.FieldSchema{
+			"scheme": {
 				Type:        framework.TypeString,
 				Description: "URI scheme for the Consul address",
 
@@ -28,24 +28,24 @@ func pathConfigAccess(b *backend) *framework.Path {
 				Default: "http",
 			},
 
-			"token": &framework.FieldSchema{
+			"token": {
 				Type:        framework.TypeString,
 				Description: "Token for API calls",
 			},
 
-			"ca_cert": &framework.FieldSchema{
+			"ca_cert": {
 				Type: framework.TypeString,
 				Description: `CA certificate to use when verifying Consul server certificate,
 must be x509 PEM encoded.`,
 			},
 
-			"client_cert": &framework.FieldSchema{
+			"client_cert": {
 				Type: framework.TypeString,
 				Description: `Client certificate used for Consul's TLS communication,
 must be x509 PEM encoded and if this is set you need to also set client_key.`,
 			},
 
-			"client_key": &framework.FieldSchema{
+			"client_key": {
 				Type: framework.TypeString,
 				Description: `Client key used for Consul's TLS communication,
 must be x509 PEM encoded and if this is set you need to also set client_cert.`,

builtin/logical/consul/path_roles.go

@@ -24,30 +24,30 @@ func pathRoles(b *backend) *framework.Path {
 	return &framework.Path{
 		Pattern: "roles/" + framework.GenericNameRegex("name"),
 		Fields: map[string]*framework.FieldSchema{
-			"name": &framework.FieldSchema{
+			"name": {
 				Type:        framework.TypeString,
 				Description: "Name of the role",
 			},
 
-			"policy": &framework.FieldSchema{
+			"policy": {
 				Type: framework.TypeString,
 				Description: `Policy document, base64 encoded. Required
 for 'client' tokens. Required for Consul pre-1.4.`,
 			},
 
-			"policies": &framework.FieldSchema{
+			"policies": {
 				Type: framework.TypeCommaStringSlice,
 				Description: `List of policies to attach to the token. Required
 for Consul 1.4 or above.`,
 			},
 
-			"local": &framework.FieldSchema{
+			"local": {
 				Type: framework.TypeBool,
 				Description: `Indicates that the token should not be replicated globally 
 and instead be local to the current datacenter.  Available in Consul 1.4 and above.`,
 			},
 
-			"token_type": &framework.FieldSchema{
+			"token_type": {
 				Type:    framework.TypeString,
 				Default: "client",
 				Description: `Which type of token to create: 'client'
@@ -56,17 +56,17 @@ the "policy" parameter is not required.
 Defaults to 'client'.`,
 			},
 
-			"ttl": &framework.FieldSchema{
+			"ttl": {
 				Type:        framework.TypeDurationSecond,
 				Description: "TTL for the Consul token created from the role.",
 			},
 
-			"max_ttl": &framework.FieldSchema{
+			"max_ttl": {
 				Type:        framework.TypeDurationSecond,
 				Description: "Max TTL for the Consul token created from the role.",
 			},
 
-			"lease": &framework.FieldSchema{
+			"lease": {
 				Type:        framework.TypeDurationSecond,
 				Description: "Use ttl instead.",
 				Deprecated:  true,

builtin/logical/consul/path_token.go

@@ -19,7 +19,7 @@ func pathToken(b *backend) *framework.Path {
 	return &framework.Path{
 		Pattern: "creds/" + framework.GenericNameRegex("role"),
 		Fields: map[string]*framework.FieldSchema{
-			"role": &framework.FieldSchema{
+			"role": {
 				Type:        framework.TypeString,
 				Description: "Name of the role",
 			},
@@ -90,8 +90,8 @@ func (b *backend) pathTokenRead(ctx context.Context, req *logical.Request, d *fr
 		return s, nil
 	}
 
-	//Create an ACLToken for Consul 1.4 and above
+	// Create an ACLToken for Consul 1.4 and above
-	var policyLink = []*api.ACLTokenPolicyLink{}
+	policyLink := []*api.ACLTokenPolicyLink{}
 	for _, policyName := range result.Policies {
 		policyLink = append(policyLink, &api.ACLTokenPolicyLink{
 			Name: policyName,

builtin/logical/consul/secret_token.go

@@ -17,7 +17,7 @@ func secretToken(b *backend) *framework.Secret {
 	return &framework.Secret{
 		Type: SecretTokenType,
 		Fields: map[string]*framework.FieldSchema{
-			"token": &framework.FieldSchema{
+			"token": {
 				Type:        framework.TypeString,
 				Description: "Request token",
 			},

builtin/logical/database/backend_test.go

@@ -93,7 +93,6 @@ func TestBackend_PluginMain_MongoAtlas(t *testing.T) {
 }
 
 func TestBackend_RoleUpgrade(t *testing.T) {
-
 	storage := &logical.InmemStorage{}
 	backend := &databaseBackend{}
 
@@ -143,7 +142,6 @@ func TestBackend_RoleUpgrade(t *testing.T) {
 	if !reflect.DeepEqual(role, roleExpected) {
 		t.Fatalf("bad role %#v, %#v", role, roleExpected)
 	}
-
 }
 
 func TestBackend_config_connection(t *testing.T) {
@@ -1025,6 +1023,7 @@ func TestBackend_roleCrud(t *testing.T) {
 		t.Fatal("Expected response to be nil")
 	}
 }
+
 func TestBackend_allowedRoles(t *testing.T) {
 	cluster, sys := getCluster(t)
 	defer cluster.Cleanup()
@@ -1334,7 +1333,6 @@ func testCredsExist(t *testing.T, resp *logical.Response, connURL string) bool {
 	}
 	log.Printf("[TRACE] Generated credentials: %v", d)
 	conn, err := pq.ParseURL(connURL)
-
 	if err != nil {
 		t.Fatal(err)
 	}

builtin/logical/database/dbplugin/plugin_test.go

@@ -39,6 +39,7 @@ func (m *mockPlugin) CreateUser(_ context.Context, statements dbplugin.Statement
 
 	return usernameConf.DisplayName, "test", nil
 }
+
 func (m *mockPlugin) RenewUser(_ context.Context, statements dbplugin.Statements, username string, expiration time.Time) error {
 	err := errors.New("err")
 	if username == "" || expiration.IsZero() {
@@ -51,6 +52,7 @@ func (m *mockPlugin) RenewUser(_ context.Context, statements dbplugin.Statements
 
 	return nil
 }
+
 func (m *mockPlugin) RevokeUser(_ context.Context, statements dbplugin.Statements, username string) error {
 	err := errors.New("err")
 	if username == "" {
@@ -64,9 +66,11 @@ func (m *mockPlugin) RevokeUser(_ context.Context, statements dbplugin.Statement
 	delete(m.users, username)
 	return nil
 }
+
 func (m *mockPlugin) RotateRootCredentials(_ context.Context, statements []string) (map[string]interface{}, error) {
 	return nil, nil
 }
+
 func (m *mockPlugin) Init(_ context.Context, conf map[string]interface{}, _ bool) (map[string]interface{}, error) {
 	err := errors.New("err")
 	if len(conf) != 1 {
@@ -75,6 +79,7 @@ func (m *mockPlugin) Init(_ context.Context, conf map[string]interface{}, _ bool
 
 	return conf, nil
 }
+
 func (m *mockPlugin) Initialize(_ context.Context, conf map[string]interface{}, _ bool) error {
 	err := errors.New("err")
 	if len(conf) != 1 {
@@ -83,6 +88,7 @@ func (m *mockPlugin) Initialize(_ context.Context, conf map[string]interface{},
 
 	return nil
 }
+
 func (m *mockPlugin) Close() error {
 	m.users = nil
 	return nil

builtin/logical/database/path_config_connection.go

@@ -39,7 +39,7 @@ func pathResetConnection(b *databaseBackend) *framework.Path {
 	return &framework.Path{
 		Pattern: fmt.Sprintf("reset/%s", framework.GenericNameRegex("name")),
 		Fields: map[string]*framework.FieldSchema{
-			"name": &framework.FieldSchema{
+			"name": {
 				Type:        framework.TypeString,
 				Description: "Name of this database connection",
 			},
@@ -83,40 +83,40 @@ func pathConfigurePluginConnection(b *databaseBackend) *framework.Path {
 	return &framework.Path{
 		Pattern: fmt.Sprintf("config/%s", framework.GenericNameRegex("name")),
 		Fields: map[string]*framework.FieldSchema{
-			"name": &framework.FieldSchema{
+			"name": {
 				Type:        framework.TypeString,
 				Description: "Name of this database connection",
 			},
 
-			"plugin_name": &framework.FieldSchema{
+			"plugin_name": {
 				Type: framework.TypeString,
 				Description: `The name of a builtin or previously registered
 				plugin known to vault. This endpoint will create an instance of
 				that plugin type.`,
 			},
 
-			"verify_connection": &framework.FieldSchema{
+			"verify_connection": {
 				Type:    framework.TypeBool,
 				Default: true,
 				Description: `If true, the connection details are verified by
 				actually connecting to the database. Defaults to true.`,
 			},
 
-			"allowed_roles": &framework.FieldSchema{
+			"allowed_roles": {
 				Type: framework.TypeCommaStringSlice,
 				Description: `Comma separated string or array of the role names
 				allowed to get creds from this database connection. If empty no
 				roles are allowed. If "*" all roles are allowed.`,
 			},
 
-			"root_rotation_statements": &framework.FieldSchema{
+			"root_rotation_statements": {
 				Type: framework.TypeStringSlice,
 				Description: `Specifies the database statements to be executed
 				to rotate the root user's credentials. See the plugin's API 
 				page for more information on support and formatting for this 
 				parameter.`,
 			},
-			"password_policy": &framework.FieldSchema{
+			"password_policy": {
 				Type:        framework.TypeString,
 				Description: `Password policy to use when generating passwords.`,
 			},

builtin/logical/database/path_creds_create.go

@@ -13,10 +13,10 @@ import (
 
 func pathCredsCreate(b *databaseBackend) []*framework.Path {
 	return []*framework.Path{
-		&framework.Path{
+		{
 			Pattern: "creds/" + framework.GenericNameRegex("name"),
 			Fields: map[string]*framework.FieldSchema{
-				"name": &framework.FieldSchema{
+				"name": {
 					Type:        framework.TypeString,
 					Description: "Name of the role.",
 				},
@@ -29,10 +29,10 @@ func pathCredsCreate(b *databaseBackend) []*framework.Path {
 			HelpSynopsis:    pathCredsCreateReadHelpSyn,
 			HelpDescription: pathCredsCreateReadHelpDesc,
 		},
-		&framework.Path{
+		{
 			Pattern: "static-creds/" + framework.GenericNameRegex("name"),
 			Fields: map[string]*framework.FieldSchema{
-				"name": &framework.FieldSchema{
+				"name": {
 					Type:        framework.TypeString,
 					Description: "Name of the static role.",
 				},

builtin/logical/database/path_roles.go

@@ -16,7 +16,7 @@ import (
 
 func pathListRoles(b *databaseBackend) []*framework.Path {
 	return []*framework.Path{
-		&framework.Path{
+		{
 			Pattern: "roles/?$",
 
 			Callbacks: map[logical.Operation]framework.OperationFunc{
@@ -26,7 +26,7 @@ func pathListRoles(b *databaseBackend) []*framework.Path {
 			HelpSynopsis:    pathRoleHelpSyn,
 			HelpDescription: pathRoleHelpDesc,
 		},
-		&framework.Path{
+		{
 			Pattern: "static-roles/?$",
 
 			Callbacks: map[logical.Operation]framework.OperationFunc{
@@ -41,7 +41,7 @@ func pathListRoles(b *databaseBackend) []*framework.Path {
 
 func pathRoles(b *databaseBackend) []*framework.Path {
 	return []*framework.Path{
-		&framework.Path{
+		{
 			Pattern:        "roles/" + framework.GenericNameRegex("name"),
 			Fields:         fieldsForType(databaseRolePath),
 			ExistenceCheck: b.pathRoleExistenceCheck,
@@ -56,7 +56,7 @@ func pathRoles(b *databaseBackend) []*framework.Path {
 			HelpDescription: pathRoleHelpDesc,
 		},
 
-		&framework.Path{
+		{
 			Pattern:        "static-roles/" + framework.GenericNameRegex("name"),
 			Fields:         fieldsForType(databaseStaticRolePath),
 			ExistenceCheck: b.pathStaticRoleExistenceCheck,

builtin/logical/database/path_rotate_credentials.go

@@ -13,10 +13,10 @@ import (
 
 func pathRotateRootCredentials(b *databaseBackend) []*framework.Path {
 	return []*framework.Path{
-		&framework.Path{
+		{
 			Pattern: "rotate-root/" + framework.GenericNameRegex("name"),
 			Fields: map[string]*framework.FieldSchema{
-				"name": &framework.FieldSchema{
+				"name": {
 					Type:        framework.TypeString,
 					Description: "Name of this database connection",
 				},
@@ -33,10 +33,10 @@ func pathRotateRootCredentials(b *databaseBackend) []*framework.Path {
 			HelpSynopsis:    pathCredsCreateReadHelpSyn,
 			HelpDescription: pathCredsCreateReadHelpDesc,
 		},
-		&framework.Path{
+		{
 			Pattern: "rotate-role/" + framework.GenericNameRegex("name"),
 			Fields: map[string]*framework.FieldSchema{
-				"name": &framework.FieldSchema{
+				"name": {
 					Type:        framework.TypeString,
 					Description: "Name of the static role",
 				},
@@ -211,6 +211,7 @@ This path attempts to rotate the root credentials for the given database.
 const pathRotateRoleCredentialsUpdateHelpSyn = `
 Request to rotate the credentials for a static user account.
 `
+
 const pathRotateRoleCredentialsUpdateHelpDesc = `
 This path attempts to rotate the credentials for the given static user account.
 `

builtin/logical/database/version_wrapper.go

@@ -237,9 +237,7 @@ type passwordGenerator interface {
 	GeneratePasswordFromPolicy(ctx context.Context, policyName string) (password string, err error)
 }
 
-var (
+var defaultPasswordGenerator = random.DefaultStringGenerator
-	defaultPasswordGenerator = random.DefaultStringGenerator
-)
 
 // GeneratePassword either from the v4 database or by using the provided password policy. If using a v5 database
 // and no password policy is specified, this will have a reasonable default password generator.

builtin/logical/database/version_wrapper_test.go

@@ -927,9 +927,11 @@ func (f fakeStorage) Put(ctx context.Context, entry *logical.StorageEntry) error
 func (f fakeStorage) List(ctx context.Context, s string) ([]string, error) {
 	panic("list not implemented")
 }
+
 func (f fakeStorage) Get(ctx context.Context, s string) (*logical.StorageEntry, error) {
 	panic("get not implemented")
 }
+
 func (f fakeStorage) Delete(ctx context.Context, s string) error {
 	panic("delete not implemented")
 }

builtin/logical/mongodb/backend_test.go

@@ -14,9 +14,7 @@ import (
 	"github.com/mitchellh/mapstructure"
 )
 
-var (
+var testImagePull sync.Once
-	testImagePull sync.Once
-)
 
 func TestBackend_config_connection(t *testing.T) {
 	var resp *logical.Response
@@ -123,7 +121,6 @@ func TestBackend_leaseWriteRead(t *testing.T) {
 			testAccStepReadLease(),
 		},
 	})
-
 }
 
 func testAccStepConfig(d map[string]interface{}, expectError bool) logicaltest.TestStep {
@@ -265,5 +262,7 @@ func testAccStepReadLease() logicaltest.TestStep {
 	}
 }
 
-const testDb = "foo"
+const (
-const testMongoDBRoles = `["readWrite",{"role":"read","db":"bar"}]`
+	testDb           = "foo"
+	testMongoDBRoles = `["readWrite",{"role":"read","db":"bar"}]`
+)

builtin/logical/mongodb/path_config_lease.go

@@ -50,7 +50,6 @@ func (b *backend) pathConfigLeaseWrite(ctx context.Context, req *logical.Request
 
 func (b *backend) pathConfigLeaseRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
 	leaseConfig, err := b.LeaseConfig(ctx, req.Storage)
-
 	if err != nil {
 		return nil, err
 	}

builtin/logical/mssql/backend_test.go

@@ -105,7 +105,6 @@ func TestBackend_leaseWriteRead(t *testing.T) {
 			testAccStepReadLease(t),
 		},
 	})
-
 }
 
 func testAccPreCheckFunc(t *testing.T, connectionURL string) func() {

builtin/logical/mssql/path_config_connection.go

@@ -13,15 +13,15 @@ func pathConfigConnection(b *backend) *framework.Path {
 	return &framework.Path{
 		Pattern: "config/connection",
 		Fields: map[string]*framework.FieldSchema{
-			"connection_string": &framework.FieldSchema{
+			"connection_string": {
 				Type:        framework.TypeString,
 				Description: "DB connection parameters",
 			},
-			"max_open_connections": &framework.FieldSchema{
+			"max_open_connections": {
 				Type:        framework.TypeInt,
 				Description: "Maximum number of open connections to database",
 			},
-			"verify_connection": &framework.FieldSchema{
+			"verify_connection": {
 				Type:        framework.TypeBool,
 				Default:     true,
 				Description: "If set, connection_string is verified by actually connecting to the database",
@@ -74,7 +74,6 @@ func (b *backend) pathConnectionWrite(ctx context.Context, req *logical.Request,
 	if verifyConnection {
 		// Verify the string
 		db, err := sql.Open("mssql", connString)
-
 		if err != nil {
 			return logical.ErrorResponse(fmt.Sprintf(
 				"Error validating connection info: %s", err)), nil

builtin/logical/mssql/path_config_lease.go

@@ -13,18 +13,18 @@ func pathConfigLease(b *backend) *framework.Path {
 	return &framework.Path{
 		Pattern: "config/lease",
 		Fields: map[string]*framework.FieldSchema{
-			"ttl": &framework.FieldSchema{
+			"ttl": {
 				Type:        framework.TypeString,
 				Description: "Default ttl for roles.",
 			},
 
-			"ttl_max": &framework.FieldSchema{
+			"ttl_max": {
 				Type: framework.TypeString,
 				Description: `Deprecated: use "max_ttl" instead.  Maximum
 time a credential is valid for.`,
 			},
 
-			"max_ttl": &framework.FieldSchema{
+			"max_ttl": {
 				Type:        framework.TypeString,
 				Description: "Maximum time a credential is valid for.",
 			},
@@ -75,7 +75,6 @@ func (b *backend) pathConfigLeaseWrite(ctx context.Context, req *logical.Request
 
 func (b *backend) pathConfigLeaseRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
 	leaseConfig, err := b.LeaseConfig(ctx, req.Storage)
-
 	if err != nil {
 		return nil, err
 	}

builtin/logical/mssql/path_creds_create.go

@@ -16,7 +16,7 @@ func pathCredsCreate(b *backend) *framework.Path {
 	return &framework.Path{
 		Pattern: "creds/" + framework.GenericNameRegex("name"),
 		Fields: map[string]*framework.FieldSchema{
-			"name": &framework.FieldSchema{
+			"name": {
 				Type:        framework.TypeString,
 				Description: "Name of the role.",
 			},

builtin/logical/mssql/path_roles.go

@@ -27,12 +27,12 @@ func pathRoles(b *backend) *framework.Path {
 	return &framework.Path{
 		Pattern: "roles/" + framework.GenericNameRegex("name"),
 		Fields: map[string]*framework.FieldSchema{
-			"name": &framework.FieldSchema{
+			"name": {
 				Type:        framework.TypeString,
 				Description: "Name of the role.",
 			},
 
-			"sql": &framework.FieldSchema{
+			"sql": {
 				Type:        framework.TypeString,
 				Description: "SQL string to create a role. See help for more info.",
 			},

builtin/logical/mssql/secret_creds.go

@@ -17,12 +17,12 @@ func secretCreds(b *backend) *framework.Secret {
 	return &framework.Secret{
 		Type: SecretCredsType,
 		Fields: map[string]*framework.FieldSchema{
-			"username": &framework.FieldSchema{
+			"username": {
 				Type:        framework.TypeString,
 				Description: "Username",
 			},
 
-			"password": &framework.FieldSchema{
+			"password": {
 				Type:        framework.TypeString,
 				Description: "Password",
 			},
@@ -132,7 +132,6 @@ func (b *backend) secretCredsRevoke(ctx context.Context, req *logical.Request, d
 	// many permissions as possible right now
 	var lastStmtError error
 	for _, query := range revokeStmts {
-
 		if err := dbtxn.ExecuteDBQuery(ctx, db, nil, query); err != nil {
 			lastStmtError = err
 			continue

builtin/logical/mysql/backend_test.go

@@ -160,7 +160,6 @@ func TestBackend_leaseWriteRead(t *testing.T) {
 			testAccStepReadLease(t),
 		},
 	})
-
 }
 
 func testAccStepConfig(t *testing.T, d map[string]interface{}, expectError bool) logicaltest.TestStep {
@@ -193,7 +192,6 @@ func testAccStepConfig(t *testing.T, d map[string]interface{}, expectError bool)
 }
 
 func testAccStepRole(t *testing.T, wildCard bool) logicaltest.TestStep {
-
 	pathData := make(map[string]interface{})
 	if wildCard == true {
 		pathData = map[string]interface{}{
@@ -211,7 +209,6 @@ func testAccStepRole(t *testing.T, wildCard bool) logicaltest.TestStep {
 		Path:      "roles/web",
 		Data:      pathData,
 	}
-
 }
 
 func testAccStepDeleteRole(t *testing.T, n string) logicaltest.TestStep {
@@ -298,10 +295,12 @@ const testRoleWildCard = `
 CREATE USER '{{name}}'@'%' IDENTIFIED BY '{{password}}';
 GRANT SELECT ON *.* TO '{{name}}'@'%';
 `
+
 const testRoleHost = `
 CREATE USER '{{name}}'@'10.1.1.2' IDENTIFIED BY '{{password}}';
 GRANT SELECT ON *.* TO '{{name}}'@'10.1.1.2';
 `
+
 const testRevocationSQL = `
 REVOKE ALL PRIVILEGES, GRANT OPTION FROM '{{name}}'@'10.1.1.2'; 
 DROP USER '{{name}}'@'10.1.1.2';

builtin/logical/mysql/path_config_connection.go

@@ -14,24 +14,24 @@ func pathConfigConnection(b *backend) *framework.Path {
 	return &framework.Path{
 		Pattern: "config/connection",
 		Fields: map[string]*framework.FieldSchema{
-			"connection_url": &framework.FieldSchema{
+			"connection_url": {
 				Type:        framework.TypeString,
 				Description: "DB connection string",
 			},
-			"value": &framework.FieldSchema{
+			"value": {
 				Type: framework.TypeString,
 				Description: `DB connection string. Use 'connection_url' instead.
 This name is deprecated.`,
 			},
-			"max_open_connections": &framework.FieldSchema{
+			"max_open_connections": {
 				Type:        framework.TypeInt,
 				Description: "Maximum number of open connections to database",
 			},
-			"max_idle_connections": &framework.FieldSchema{
+			"max_idle_connections": {
 				Type:        framework.TypeInt,
 				Description: "Maximum number of idle connections to the database; a zero uses the value of max_open_connections and a negative value disables idle connections. If larger than max_open_connections it will be reduced to the same size.",
 			},
-			"verify_connection": &framework.FieldSchema{
+			"verify_connection": {
 				Type:        framework.TypeBool,
 				Default:     true,
 				Description: "If set, connection_url is verified by actually connecting to the database",
@@ -100,7 +100,6 @@ func (b *backend) pathConnectionWrite(ctx context.Context, req *logical.Request,
 	if verifyConnection {
 		// Verify the string
 		db, err := sql.Open("mysql", connURL)
-
 		if err != nil {
 			return logical.ErrorResponse(fmt.Sprintf(
 				"error validating connection info: %s", err)), nil

builtin/logical/mysql/path_config_lease.go

@@ -13,12 +13,12 @@ func pathConfigLease(b *backend) *framework.Path {
 	return &framework.Path{
 		Pattern: "config/lease",
 		Fields: map[string]*framework.FieldSchema{
-			"lease": &framework.FieldSchema{
+			"lease": {
 				Type:        framework.TypeString,
 				Description: "Default lease for roles.",
 			},
 
-			"lease_max": &framework.FieldSchema{
+			"lease_max": {
 				Type:        framework.TypeString,
 				Description: "Maximum time a credential is valid for.",
 			},
@@ -66,7 +66,6 @@ func (b *backend) pathLeaseWrite(ctx context.Context, req *logical.Request, d *f
 
 func (b *backend) pathLeaseRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
 	lease, err := b.Lease(ctx, req.Storage)
-
 	if err != nil {
 		return nil, err
 	}

builtin/logical/mysql/path_role_create.go

@@ -17,7 +17,7 @@ func pathRoleCreate(b *backend) *framework.Path {
 	return &framework.Path{
 		Pattern: "creds/" + framework.GenericNameRegex("name"),
 		Fields: map[string]*framework.FieldSchema{
-			"name": &framework.FieldSchema{
+			"name": {
 				Type:        framework.TypeString,
 				Description: "Name of the role.",
 			},

builtin/logical/mysql/secret_creds.go

@@ -26,12 +26,12 @@ func secretCreds(b *backend) *framework.Secret {
 	return &framework.Secret{
 		Type: SecretCredsType,
 		Fields: map[string]*framework.FieldSchema{
-			"username": &framework.FieldSchema{
+			"username": {
 				Type:        framework.TypeString,
 				Description: "Username",
 			},
 
-			"password": &framework.FieldSchema{
+			"password": {
 				Type:        framework.TypeString,
 				Description: "Password",
 			},

builtin/logical/nomad/backend_test.go

@@ -103,7 +103,6 @@ func prepareTestContainer(t *testing.T) (func(), *Config) {
 			Token:      nomadToken,
 		}, nil
 	})
-
 	if err != nil {
 		t.Fatalf("Could not start docker Nomad: %s", err)
 	}

builtin/logical/nomad/path_config_access.go

@@ -14,31 +14,31 @@ func pathConfigAccess(b *backend) *framework.Path {
 	return &framework.Path{
 		Pattern: "config/access",
 		Fields: map[string]*framework.FieldSchema{
-			"address": &framework.FieldSchema{
+			"address": {
 				Type:        framework.TypeString,
 				Description: "Nomad server address",
 			},
 
-			"token": &framework.FieldSchema{
+			"token": {
 				Type:        framework.TypeString,
 				Description: "Token for API calls",
 			},
 
-			"max_token_name_length": &framework.FieldSchema{
+			"max_token_name_length": {
 				Type:        framework.TypeInt,
 				Description: "Max length for name of generated Nomad tokens",
 			},
-			"ca_cert": &framework.FieldSchema{
+			"ca_cert": {
 				Type: framework.TypeString,
 				Description: `CA certificate to use when verifying Nomad server certificate,
 must be x509 PEM encoded.`,
 			},
-			"client_cert": &framework.FieldSchema{
+			"client_cert": {
 				Type: framework.TypeString,
 				Description: `Client certificate used for Nomad's TLS communication,
 must be x509 PEM encoded and if this is set you need to also set client_key.`,
 			},
-			"client_key": &framework.FieldSchema{
+			"client_key": {
 				Type: framework.TypeString,
 				Description: `Client key used for Nomad's TLS communication,
 must be x509 PEM encoded and if this is set you need to also set client_cert.`,