mirror of
https://github.com/kemko/nomad.git
synced 2026-01-01 16:05:42 +03:00
lint: Enable and fix SA9004 constant type lint errors. (#26678)
When creating constants with a custom type, each definition should include the type definition. If only the first constant defines this, it will have a different type to the other constants. This change fixes occurances of this and enables SA9004 within CI linting to catch future problems while the change is in review.
This commit is contained in:
James Rasell
@@ -54,6 +54,7 @@ linters:
|
|||||||
checks:
|
checks:
|
||||||
- SA4029
|
- SA4029
|
||||||
- SA5008
|
- SA5008
|
||||||
|
- SA9004
|
||||||
- ST1016
|
- ST1016
|
||||||
- ST1020
|
- ST1020
|
||||||
exclusions:
|
exclusions:
|
||||||
|
|||||||
@@ -43,10 +43,10 @@ type RootKeyState string
|
|||||||
|
|
||||||
const (
|
const (
|
||||||
RootKeyStateInactive RootKeyState = "inactive"
|
RootKeyStateInactive RootKeyState = "inactive"
|
||||||
RootKeyStateActive = "active"
|
RootKeyStateActive RootKeyState = "active"
|
||||||
RootKeyStateRekeying = "rekeying"
|
RootKeyStateRekeying RootKeyState = "rekeying"
|
||||||
RootKeyStateDeprecated = "deprecated"
|
RootKeyStateDeprecated RootKeyState = "deprecated"
|
||||||
RootKeyStatePrepublished = "prepublished"
|
RootKeyStatePrepublished RootKeyState = "prepublished"
|
||||||
)
|
)
|
||||||
|
|
||||||
// List lists all the keyring metadata
|
// List lists all the keyring metadata
|
||||||
|
|||||||
@@ -363,7 +363,7 @@ func extraKeys(c *Config) error {
|
|||||||
|
|
||||||
helper.RemoveEqualFold(&c.ExtraKeysHCL, "keyring")
|
helper.RemoveEqualFold(&c.ExtraKeysHCL, "keyring")
|
||||||
for _, provider := range c.KEKProviders {
|
for _, provider := range c.KEKProviders {
|
||||||
helper.RemoveEqualFold(&c.ExtraKeysHCL, provider.Provider)
|
helper.RemoveEqualFold(&c.ExtraKeysHCL, provider.Provider.String())
|
||||||
}
|
}
|
||||||
|
|
||||||
// Remove reporting extra keys
|
// Remove reporting extra keys
|
||||||
|
|||||||
@@ -7,12 +7,12 @@ type RPCType byte
|
|||||||
|
|
||||||
const (
|
const (
|
||||||
RpcNomad RPCType = 0x01
|
RpcNomad RPCType = 0x01
|
||||||
RpcRaft = 0x02
|
RpcRaft RPCType = 0x02
|
||||||
RpcMultiplex = 0x03
|
RpcMultiplex RPCType = 0x03
|
||||||
RpcTLS = 0x04
|
RpcTLS RPCType = 0x04
|
||||||
RpcStreaming = 0x05
|
RpcStreaming RPCType = 0x05
|
||||||
|
|
||||||
// RpcMultiplexV2 allows a multiplexed connection to switch modes between
|
// RpcMultiplexV2 allows a multiplexed connection to switch modes between
|
||||||
// RpcNomad and RpcStreaming per opened stream.
|
// RpcNomad and RpcStreaming per opened stream.
|
||||||
RpcMultiplexV2 = 0x06
|
RpcMultiplexV2 RPCType = 0x06
|
||||||
)
|
)
|
||||||
|
|||||||
@@ -799,13 +799,13 @@ func (e *Encrypter) wrapRootKey(rootKey *structs.UnwrappedRootKey, isUpgraded bo
|
|||||||
}
|
}
|
||||||
|
|
||||||
switch {
|
switch {
|
||||||
case isUpgraded && provider.Provider == string(structs.KEKProviderAEAD):
|
case isUpgraded && provider.Provider == structs.KEKProviderAEAD:
|
||||||
// nothing to do but don't want to hit next case
|
// nothing to do but don't want to hit next case
|
||||||
|
|
||||||
case isUpgraded:
|
case isUpgraded:
|
||||||
wrappedKey.KeyEncryptionKey = nil
|
wrappedKey.KeyEncryptionKey = nil
|
||||||
|
|
||||||
case provider.Provider == string(structs.KEKProviderAEAD): // !isUpgraded
|
case provider.Provider == structs.KEKProviderAEAD: // !isUpgraded
|
||||||
kek := wrappedKey.KeyEncryptionKey
|
kek := wrappedKey.KeyEncryptionKey
|
||||||
wrappedKey.KeyEncryptionKey = nil
|
wrappedKey.KeyEncryptionKey = nil
|
||||||
e.writeKeyToDisk(rootKey.Meta, provider, wrappedKey, kek)
|
e.writeKeyToDisk(rootKey.Meta, provider, wrappedKey, kek)
|
||||||
@@ -830,7 +830,7 @@ func (e *Encrypter) encryptDEK(rootKey *structs.UnwrappedRootKey, provider *stru
|
|||||||
}
|
}
|
||||||
var kek []byte
|
var kek []byte
|
||||||
var err error
|
var err error
|
||||||
if provider.Provider == string(structs.KEKProviderAEAD) || provider.Provider == "" {
|
if provider.Provider == structs.KEKProviderAEAD || provider.Provider == "" {
|
||||||
kek, err = crypto.Bytes(32)
|
kek, err = crypto.Bytes(32)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("failed to generate key wrapper key: %w", err)
|
return nil, fmt.Errorf("failed to generate key wrapper key: %w", err)
|
||||||
@@ -847,7 +847,7 @@ func (e *Encrypter) encryptDEK(rootKey *structs.UnwrappedRootKey, provider *stru
|
|||||||
}
|
}
|
||||||
|
|
||||||
kekWrapper := &structs.WrappedKey{
|
kekWrapper := &structs.WrappedKey{
|
||||||
Provider: provider.Provider,
|
Provider: provider.Provider.String(),
|
||||||
ProviderID: provider.ID(),
|
ProviderID: provider.ID(),
|
||||||
WrappedDataEncryptionKey: rootBlob,
|
WrappedDataEncryptionKey: rootBlob,
|
||||||
WrappedRSAKey: &kms.BlobInfo{},
|
WrappedRSAKey: &kms.BlobInfo{},
|
||||||
|
|||||||
@@ -33,7 +33,7 @@ func getProviderConfigs(srv *Server) (map[string]*structs.KEKProviderConfig, err
|
|||||||
|
|
||||||
if len(srv.config.KEKProviderConfigs) == 0 {
|
if len(srv.config.KEKProviderConfigs) == 0 {
|
||||||
providerConfigs[string(structs.KEKProviderAEAD)] = &structs.KEKProviderConfig{
|
providerConfigs[string(structs.KEKProviderAEAD)] = &structs.KEKProviderConfig{
|
||||||
Provider: string(structs.KEKProviderAEAD),
|
Provider: structs.KEKProviderAEAD,
|
||||||
Active: true,
|
Active: true,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -274,19 +274,23 @@ type RootKeyMeta struct {
|
|||||||
// KEKProviderName enum are the built-in KEK providers.
|
// KEKProviderName enum are the built-in KEK providers.
|
||||||
type KEKProviderName string
|
type KEKProviderName string
|
||||||
|
|
||||||
|
// String returns the string representation of the KEKProviderName and satisfies
|
||||||
|
// the fmt.Stringer interface.
|
||||||
|
func (n KEKProviderName) String() string { return string(n) }
|
||||||
|
|
||||||
const (
|
const (
|
||||||
KEKProviderAEAD KEKProviderName = "aead"
|
KEKProviderAEAD KEKProviderName = "aead"
|
||||||
KEKProviderAWSKMS = "awskms"
|
KEKProviderAWSKMS KEKProviderName = "awskms"
|
||||||
KEKProviderAzureKeyVault = "azurekeyvault"
|
KEKProviderAzureKeyVault KEKProviderName = "azurekeyvault"
|
||||||
KEKProviderGCPCloudKMS = "gcpckms"
|
KEKProviderGCPCloudKMS KEKProviderName = "gcpckms"
|
||||||
KEKProviderVaultTransit = "transit"
|
KEKProviderVaultTransit KEKProviderName = "transit"
|
||||||
)
|
)
|
||||||
|
|
||||||
// KEKProviderConfig is the server configuration for an external KMS provider
|
// KEKProviderConfig is the server configuration for an external KMS provider
|
||||||
// the server will use as a Key Encryption Key (KEK) for encrypting/decrypting
|
// the server will use as a Key Encryption Key (KEK) for encrypting/decrypting
|
||||||
// the DEK.
|
// the DEK.
|
||||||
type KEKProviderConfig struct {
|
type KEKProviderConfig struct {
|
||||||
Provider string `hcl:",key"`
|
Provider KEKProviderName `hcl:",key"`
|
||||||
Name string `hcl:"name"`
|
Name string `hcl:"name"`
|
||||||
Active bool `hcl:"active"`
|
Active bool `hcl:"active"`
|
||||||
Config map[string]string `hcl:"-" json:"-"`
|
Config map[string]string `hcl:"-" json:"-"`
|
||||||
@@ -304,7 +308,7 @@ func (c *KEKProviderConfig) Validate() error {
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
switch KEKProviderName(c.Provider) {
|
switch c.Provider {
|
||||||
case KEKProviderAEAD, KEKProviderAWSKMS, KEKProviderAzureKeyVault,
|
case KEKProviderAEAD, KEKProviderAWSKMS, KEKProviderAzureKeyVault,
|
||||||
KEKProviderGCPCloudKMS, KEKProviderVaultTransit:
|
KEKProviderGCPCloudKMS, KEKProviderVaultTransit:
|
||||||
return nil
|
return nil
|
||||||
@@ -335,9 +339,9 @@ func (c *KEKProviderConfig) Merge(o *KEKProviderConfig) *KEKProviderConfig {
|
|||||||
|
|
||||||
func (c *KEKProviderConfig) ID() string {
|
func (c *KEKProviderConfig) ID() string {
|
||||||
if c.Name == "" {
|
if c.Name == "" {
|
||||||
return c.Provider
|
return c.Provider.String()
|
||||||
}
|
}
|
||||||
return c.Provider + "." + c.Name
|
return c.Provider.String() + "." + c.Name
|
||||||
}
|
}
|
||||||
|
|
||||||
// RootKeyState enum describes the lifecycle of a root key.
|
// RootKeyState enum describes the lifecycle of a root key.
|
||||||
@@ -345,14 +349,14 @@ type RootKeyState string
|
|||||||
|
|
||||||
const (
|
const (
|
||||||
RootKeyStateInactive RootKeyState = "inactive"
|
RootKeyStateInactive RootKeyState = "inactive"
|
||||||
RootKeyStateActive = "active"
|
RootKeyStateActive RootKeyState = "active"
|
||||||
RootKeyStateRekeying = "rekeying"
|
RootKeyStateRekeying RootKeyState = "rekeying"
|
||||||
RootKeyStatePrepublished = "prepublished"
|
RootKeyStatePrepublished RootKeyState = "prepublished"
|
||||||
|
|
||||||
// RootKeyStateDeprecated is, itself, deprecated and is no longer in
|
// RootKeyStateDeprecated is, itself, deprecated and is no longer in
|
||||||
// use. For backwards compatibility, any existing keys with this state will
|
// use. For backwards compatibility, any existing keys with this state will
|
||||||
// be treated as RootKeyStateInactive
|
// be treated as RootKeyStateInactive
|
||||||
RootKeyStateDeprecated = "deprecated"
|
RootKeyStateDeprecated RootKeyState = "deprecated"
|
||||||
)
|
)
|
||||||
|
|
||||||
// NewRootKeyMeta returns a new RootKeyMeta with default values
|
// NewRootKeyMeta returns a new RootKeyMeta with default values
|
||||||
|
|||||||
Reference in New Issue
Block a user