diff --git a/auth/workload/aws.go b/auth/workload/aws.go index 150b698f..fd7c700b 100644 --- a/auth/workload/aws.go +++ b/auth/workload/aws.go @@ -24,16 +24,16 @@ const ( // Environment Variable Reference: // https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html - // awsEnvRegion is the region to send requests to. It takes precendence of + // awsEnvRegion is the region to send requests to. It takes precedence of // default region. awsEnvRegion = "AWS_REGION" // awsEnvDefaultRegion is where requests will be sent to by default, if not - // overriden. + // overridden. awsEnvDefaultRegion = "AWS_DEFAULT_REGION" - // awsEnvAccessKeyId stores the AWS access key. - awsEnvAccessKeyId = "AWS_ACCESS_KEY_ID" + // awsEnvAccessKeyID stores the AWS access key. + awsEnvAccessKeyID = "AWS_ACCESS_KEY_ID" // awsEnvSecretAccessKeyId stores the secret key associated with the access key. awsEnvSecretAccessKey = "AWS_SECRET_ACCESS_KEY" @@ -56,11 +56,11 @@ const ( // https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-metadata-v2-how-it-works.html awsSessionTokenURL = "http://169.254.169.254/latest/api/token" - // awsIMDSv2SessionTtlHeader is used to configure the session token TTL. - awsIMDSv2SessionTtlHeader = "X-aws-ec2-metadata-token-ttl-seconds" + // awsIMDSv2SessionTTLHeader is used to configure the session token TTL. + awsIMDSv2SessionTTLHeader = "X-aws-ec2-metadata-token-ttl-seconds" - // awsIMDSv2SessionTtl is the session ttl we request. - awsIMDSv2SessionTtl = "300" + // awsIMDSv2SessionTTL is the session ttl we request. + awsIMDSv2SessionTTL = "300" // awsIMDSv2SessionTokenHeader is used to pass the short lived session // token to an IMDSv2 endpoint. @@ -272,7 +272,7 @@ func (s *awsRequestSigner) sourceEnvVars() { } // Try to get the AWS credentials - accessKey, accessKeyOk := os.LookupEnv(awsEnvAccessKeyId) + accessKey, accessKeyOk := os.LookupEnv(awsEnvAccessKeyID) secretKey, secretKeyOk := os.LookupEnv(awsEnvSecretAccessKey) sessionToken := os.Getenv(awsEnvSessionToken) if accessKeyOk && secretKeyOk { @@ -290,7 +290,7 @@ func (s *awsRequestSigner) getSessionToken(ctx context.Context) error { } // Configure the requested token TTL - req.Header.Add(awsIMDSv2SessionTtlHeader, awsIMDSv2SessionTtl) + req.Header.Add(awsIMDSv2SessionTTLHeader, awsIMDSv2SessionTTL) resp, err := s.client.Do(req) if err != nil { diff --git a/auth/workload/aws_test.go b/auth/workload/aws_test.go index c820b6aa..de8d2ced 100644 --- a/auth/workload/aws_test.go +++ b/auth/workload/aws_test.go @@ -214,7 +214,7 @@ func TestAWSCredentialSource_getCallerID(t *testing.T) { t.Setenv(awsEnvRegion, tt.region) } if tt.env.accessKeyID { - t.Setenv(awsEnvAccessKeyId, tt.accessKeyID) + t.Setenv(awsEnvAccessKeyID, tt.accessKeyID) } if tt.env.secretAccessKey { t.Setenv(awsEnvSecretAccessKey, tt.secretAccessKey) @@ -287,17 +287,18 @@ func (aws *testAwsServer) ServeHTTP(w http.ResponseWriter, r *http.Request) { validateSessionTTL := func(r *http.Request) { if aws.imdsv2SessionToken != "" { - headerValue := r.Header.Get(awsIMDSv2SessionTtlHeader) - if headerValue != awsIMDSv2SessionTtl { - aws.t.Errorf("%q = \n%q\n want \n%q", awsIMDSv2SessionTtlHeader, headerValue, awsIMDSv2SessionTtl) + headerValue := r.Header.Get(awsIMDSv2SessionTTLHeader) + if headerValue != awsIMDSv2SessionTTL { + aws.t.Errorf("%q = \n%q\n want \n%q", awsIMDSv2SessionTTLHeader, headerValue, awsIMDSv2SessionTTL) } } } + var err error switch p := r.URL.Path; p { case "/latest/meta-data/iam/security-credentials": validateSessionToken(r) - w.Write([]byte(aws.rolename)) + _, err = w.Write([]byte(aws.rolename)) case fmt.Sprintf("/latest/meta-data/iam/security-credentials/%s", aws.rolename): validateSessionToken(r) @@ -314,12 +315,16 @@ func (aws *testAwsServer) ServeHTTP(w http.ResponseWriter, r *http.Request) { } jsonCredentials, _ := json.Marshal(creds) - w.Write(jsonCredentials) + _, err = w.Write(jsonCredentials) case "/latest/meta-data/placement/region": validateSessionToken(r) - w.Write([]byte(aws.region)) + _, err = w.Write([]byte(aws.region)) case "/latest/api/token": validateSessionTTL(r) - w.Write([]byte(aws.imdsv2SessionToken)) + _, err = w.Write([]byte(aws.imdsv2SessionToken)) + } + + if err != nil { + aws.t.Fatalf("unexpected error: %v", err) } } diff --git a/auth/workload/env.go b/auth/workload/env.go index 468d57e8..aada12a7 100644 --- a/auth/workload/env.go +++ b/auth/workload/env.go @@ -26,8 +26,8 @@ func (ec *EnvironmentVariableCredentialSource) Validate() error { } // token retrieves the token from the environment variable -func (e *EnvironmentVariableCredentialSource) token() (string, error) { - value, ok := os.LookupEnv(e.Var) +func (ec *EnvironmentVariableCredentialSource) token() (string, error) { + value, ok := os.LookupEnv(ec.Var) if !ok { return "", fmt.Errorf("environment variable not found") } @@ -35,5 +35,5 @@ func (e *EnvironmentVariableCredentialSource) token() (string, error) { return "", fmt.Errorf("environment variable value is empty") } - return e.CredentialFormat.get([]byte(value)) + return ec.CredentialFormat.get([]byte(value)) } diff --git a/auth/workload/env_test.go b/auth/workload/env_test.go index 6844fc6d..d7a277e0 100644 --- a/auth/workload/env_test.go +++ b/auth/workload/env_test.go @@ -49,10 +49,6 @@ func TestEnvironmentVariableCredentialSource_Validate(t *testing.T) { } func TestEnvironmentVariableCredentialSource_token(t *testing.T) { - type fields struct { - Var string - CredentialFormat CredentialFormat - } tests := []struct { name string ec *EnvironmentVariableCredentialSource diff --git a/auth/workload/file.go b/auth/workload/file.go index bf5da828..3315828f 100644 --- a/auth/workload/file.go +++ b/auth/workload/file.go @@ -29,10 +29,10 @@ func (fc *FileCredentialSource) Validate() error { } // token retrieves the token from the specified file -func (f *FileCredentialSource) token() (string, error) { - credFile, err := os.Open(f.Path) +func (fc *FileCredentialSource) token() (string, error) { + credFile, err := os.Open(fc.Path) if err != nil { - return "", fmt.Errorf("failed to open credential file %q", f.Path) + return "", fmt.Errorf("failed to open credential file %q", fc.Path) } defer credFile.Close() @@ -47,5 +47,5 @@ func (f *FileCredentialSource) token() (string, error) { } value := bytes.TrimSpace(credBytes) - return f.CredentialFormat.get(value) + return fc.CredentialFormat.get(value) } diff --git a/auth/workload/provider_test.go b/auth/workload/provider_test.go index 9aebad84..b29a15a0 100644 --- a/auth/workload/provider_test.go +++ b/auth/workload/provider_test.go @@ -13,11 +13,6 @@ import ( ) func TestProvider_New(t *testing.T) { - type fields struct { - URL string - Headers map[string]string - CredentialFormat CredentialFormat - } tests := []struct { name string ipc *IdentityProviderConfig diff --git a/auth/workload/url_test.go b/auth/workload/url_test.go index aef8027d..bfa207e1 100644 --- a/auth/workload/url_test.go +++ b/auth/workload/url_test.go @@ -59,11 +59,6 @@ func TestURLCredentialSource_Validate(t *testing.T) { } func TestURLCredentialSource_token(t *testing.T) { - type fields struct { - URL string - Headers map[string]string - CredentialFormat CredentialFormat - } tests := []struct { name string uc *URLCredentialSource @@ -137,7 +132,8 @@ func TestURLCredentialSource_token(t *testing.T) { // Create an HTTP test server ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - w.Write([]byte(tt.respBody)) + _, err := w.Write([]byte(tt.respBody)) + require.NoError(err) })) defer ts.Close()