From 2fe81b030754afcf8b01ee2e1544d29348efe0c7 Mon Sep 17 00:00:00 2001 From: CrazyMax <1951866+crazy-max@users.noreply.github.com> Date: Thu, 6 Nov 2025 13:44:37 +0100 Subject: [PATCH 1/4] update go to 1.21 Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com> --- .golangci.yml | 6 ++++++ Dockerfile | 6 +++--- direct.mk | 6 +++--- go.mod | 2 +- go.sum | 6 ++++++ 5 files changed, 19 insertions(+), 7 deletions(-) diff --git a/.golangci.yml b/.golangci.yml index e464d9c980..78de01cd36 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -1,6 +1,7 @@ run: tests: false timeout: 10m + linters: disable-all: true enable: @@ -13,3 +14,8 @@ linters: - unused - govet +issues: + exclude-files: + - ".*\\.pb\\.go$" + max-issues-per-linter: 0 + max-same-issues: 0 diff --git a/Dockerfile b/Dockerfile index b4f50e6d49..88a4550e6e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,8 +1,8 @@ # syntax=docker/dockerfile:1 -ARG GO_VERSION=1.18.9 +ARG GO_VERSION=1.21 ARG PROTOC_VERSION=3.11.4 -ARG GOLANGCI_LINT_VERSION=v1.50.1 +ARG GOLANGCI_LINT_VERSION=v1.57.2 ARG DEBIAN_FRONTEND=noninteractive FROM --platform=$BUILDPLATFORM golang:${GO_VERSION}-bullseye AS gobase @@ -126,7 +126,7 @@ ENV GO111MODULE=on # install the dependencies from `make setup` # we only copy `direct.mk` to avoid busting the cache too easily COPY direct.mk . -COPY tools . +COPY tools ./tools RUN make --file=direct.mk setup # now we can copy the rest COPY . . diff --git a/direct.mk b/direct.mk index b21b852462..a130f80751 100644 --- a/direct.mk +++ b/direct.mk @@ -41,9 +41,9 @@ version/version.go: .PHONY: setup setup: ## install dependencies @echo "🐳 $@" - # install golangci-lint version v1.50.1 to ./bin/golangci-lint - @curl -fsSL https://raw.githubusercontent.com/golangci/golangci-lint/v1.50.1/install.sh | sh -s v1.50.1 - @(cd tools ; GO111MODULE=on go install github.com/containerd/protobuild) + # install golangci-lint to ./bin/golangci-lint + @curl -fsSL https://raw.githubusercontent.com/golangci/golangci-lint/v1.57.2/install.sh | sh -s v1.57.2 + @(cd ./tools ; GO111MODULE=on go install github.com/containerd/protobuild) .PHONY: generate generate: protos diff --git a/go.mod b/go.mod index 7c069b65c2..5622e34560 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/moby/swarmkit/v2 -go 1.18 +go 1.21.0 require ( code.cloudfoundry.org/clock v1.1.0 diff --git a/go.sum b/go.sum index 3e2525d62c..f666cccad0 100644 --- a/go.sum +++ b/go.sum @@ -116,6 +116,7 @@ github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LB github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= +github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= @@ -167,6 +168,7 @@ github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXi github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38 h1:yAJXTCF9TqKcTiHJAE8dj7HMvPfh66eeA2JYW7eFpSE= +github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= @@ -270,6 +272,7 @@ github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108 github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= github.com/onsi/ginkgo/v2 v2.9.2 h1:BA2GMJOtfGAfagzYtrAlufIP0lq6QERkFmHLMLPwFSU= +github.com/onsi/ginkgo/v2 v2.9.2/go.mod h1:WHcJJG2dIlcCqVfBAwUCrJxSPFb6v4azBwgxeMeDuts= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.27.6 h1:ENqfyGeS5AX/rlXDd/ETokDz93u0YufY1Pgxuy/PvWE= @@ -363,6 +366,7 @@ github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcU github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/tedsuo/ifrit v0.0.0-20230330192023-5cba443a66c4 h1:MGZzzxBuPuK4J0XQo+0uy0NnXQGKzHXhYp5oG1Wy860= +github.com/tedsuo/ifrit v0.0.0-20230330192023-5cba443a66c4/go.mod h1:eyZnKCc955uh98WQvzOm0dgAeLnf2O0Rz0LPoC5ze+0= github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/weppos/publicsuffix-go v0.13.1-0.20210123135404-5fd73613514e/go.mod h1:HYux0V0Zi04bHNwOHy4cXJVz/TQjYonnF6aoYhj+3QE= @@ -496,6 +500,7 @@ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E= +golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -643,6 +648,7 @@ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= From b92dcb94bb988c75467e5e47575a7fdc7f155ad5 Mon Sep 17 00:00:00 2001 From: CrazyMax <1951866+crazy-max@users.noreply.github.com> Date: Thu, 6 Nov 2025 13:36:13 +0100 Subject: [PATCH 2/4] fix lint issues Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com> --- agent/exec/controller.go | 2 +- agent/reporter.go | 4 ++-- agent/storage.go | 4 ++-- agent/testutils/fakes.go | 18 ++++++++-------- ca/config.go | 5 +++-- ca/server.go | 4 ++-- ca/transport.go | 2 +- cmd/swarm-bench/main.go | 2 +- manager/allocator/allocator_test_suite.go | 10 ++++----- .../allocator/allocator_test_suite_linux.go | 6 +++--- manager/allocator/network.go | 4 ++-- manager/allocator/networkallocator/inert.go | 14 ++++++------- manager/controlapi/apihooks.go | 4 ++-- manager/controlapi/cluster.go | 4 ++-- manager/controlapi/config.go | 4 ++-- manager/controlapi/extension.go | 2 +- manager/controlapi/network.go | 4 ++-- manager/controlapi/node.go | 8 +++---- manager/controlapi/resource.go | 8 +++---- manager/controlapi/secret.go | 4 ++-- manager/controlapi/service.go | 12 +++++------ manager/controlapi/task.go | 6 +++--- manager/controlapi/volume.go | 10 ++++----- manager/csi/manager.go | 2 +- manager/dispatcher/assignments.go | 4 ++-- manager/dispatcher/dispatcher.go | 2 +- manager/health/health.go | 2 +- manager/keymanager/keymanager.go | 2 +- manager/logbroker/broker.go | 2 +- manager/logbroker/subscription.go | 2 +- manager/metrics/collector.go | 3 +-- manager/orchestrator/global/global.go | 2 +- .../orchestrator/jobs/global/reconciler.go | 2 +- manager/orchestrator/replicated/services.go | 2 +- manager/orchestrator/replicated/tasks.go | 4 ++-- manager/orchestrator/update/updater.go | 2 +- manager/scheduler/decision_tree.go | 2 +- manager/scheduler/filter.go | 2 +- manager/scheduler/scheduler.go | 4 ++-- manager/state/raft/raft.go | 2 +- manager/state/raft/testutils/testutils.go | 2 +- manager/state/raft/transport/peer.go | 2 +- manager/state/raft/util.go | 2 +- manager/state/store/extensions.go | 2 +- manager/state/store/memory.go | 20 +++++++++--------- manager/state/store/object.go | 2 +- manager/state/testutils/mock_proposer.go | 2 +- .../authenticatedwrapper.go | 2 +- protobuf/plugin/deepcopy/deepcopy.go | 2 +- swarmd/cmd/swarm-rafttool/main.go | 8 +++---- swarmd/cmd/swarmctl/common/common.go | 2 +- swarmd/cmd/swarmd/main.go | 2 +- swarmd/dockerexec/controller.go | 2 +- swarmd/dockerexec/executor.go | 2 +- swarmd/go.mod | 2 +- swarmd/go.sum | 21 +++++++++++++++++++ swarmd/go.work | 2 +- tools/go.mod | 2 +- version/cmd.go | 2 +- 59 files changed, 142 insertions(+), 121 deletions(-) diff --git a/agent/exec/controller.go b/agent/exec/controller.go index 2837377245..ef0a3a4a7b 100644 --- a/agent/exec/controller.go +++ b/agent/exec/controller.go @@ -143,7 +143,7 @@ func Do(ctx context.Context, task *api.Task, ctlr Controller) (*api.TaskStatus, status := task.Status.Copy() // stay in the current state. - noop := func(errs ...error) (*api.TaskStatus, error) { + noop := func(_ ...error) (*api.TaskStatus, error) { return status, ErrTaskNoop } diff --git a/agent/reporter.go b/agent/reporter.go index 0abb565a03..d89fc0b7ef 100644 --- a/agent/reporter.go +++ b/agent/reporter.go @@ -68,7 +68,7 @@ func newStatusReporter(ctx context.Context, upstream Reporter) *statusReporter { return r } -func (sr *statusReporter) UpdateTaskStatus(ctx context.Context, taskID string, status *api.TaskStatus) error { +func (sr *statusReporter) UpdateTaskStatus(_ context.Context, taskID string, status *api.TaskStatus) error { sr.mu.Lock() defer sr.mu.Unlock() @@ -88,7 +88,7 @@ func (sr *statusReporter) UpdateTaskStatus(ctx context.Context, taskID string, s return nil } -func (sr *statusReporter) ReportVolumeUnpublished(ctx context.Context, volumeID string) error { +func (sr *statusReporter) ReportVolumeUnpublished(_ context.Context, volumeID string) error { sr.mu.Lock() defer sr.mu.Unlock() diff --git a/agent/storage.go b/agent/storage.go index 55c46a06dc..8d75a3812d 100644 --- a/agent/storage.go +++ b/agent/storage.go @@ -55,7 +55,7 @@ func WalkTasks(tx *bolt.Tx, fn func(task *api.Task) error) error { return nil } - return bkt.ForEach(func(k, v []byte) error { + return bkt.ForEach(func(k, _ []byte) error { tbkt := bkt.Bucket(k) p := tbkt.Get(bucketKeyData) @@ -102,7 +102,7 @@ func WalkTaskStatus(tx *bolt.Tx, fn func(id string, status *api.TaskStatus) erro return nil } - return bkt.ForEach(func(k, v []byte) error { + return bkt.ForEach(func(k, _ []byte) error { tbkt := bkt.Bucket(k) p := tbkt.Get(bucketKeyStatus) diff --git a/agent/testutils/fakes.go b/agent/testutils/fakes.go index d1d3b309a1..d6710326dd 100644 --- a/agent/testutils/fakes.go +++ b/agent/testutils/fakes.go @@ -26,7 +26,7 @@ type TestExecutor struct { } // Describe just returns empty NodeDescription. -func (e *TestExecutor) Describe(ctx context.Context) (*api.NodeDescription, error) { +func (e *TestExecutor) Describe(_ context.Context) (*api.NodeDescription, error) { e.mu.Lock() defer e.mu.Unlock() if e.desc == nil { @@ -36,7 +36,7 @@ func (e *TestExecutor) Describe(ctx context.Context) (*api.NodeDescription, erro } // Configure does nothing. -func (e *TestExecutor) Configure(ctx context.Context, node *api.Node) error { +func (e *TestExecutor) Configure(_ context.Context, _ *api.Node) error { return nil } @@ -46,7 +46,7 @@ func (e *TestExecutor) SetNetworkBootstrapKeys([]*api.EncryptionKey) error { } // Controller returns TestController. -func (e *TestExecutor) Controller(t *api.Task) (exec.Controller, error) { +func (e *TestExecutor) Controller(_ *api.Task) (exec.Controller, error) { return &TestController{ ch: make(chan struct{}), }, nil @@ -66,17 +66,17 @@ type TestController struct { } // Update does nothing. -func (t *TestController) Update(ctx context.Context, task *api.Task) error { +func (t *TestController) Update(_ context.Context, _ *api.Task) error { return nil } // Prepare does nothing. -func (t *TestController) Prepare(ctx context.Context) error { +func (t *TestController) Prepare(_ context.Context) error { return nil } // Start does nothing. -func (t *TestController) Start(ctx context.Context) error { +func (t *TestController) Start(_ context.Context) error { return nil } @@ -90,7 +90,7 @@ func (t *TestController) Wait(ctx context.Context) error { } // Shutdown closes internal channel -func (t *TestController) Shutdown(ctx context.Context) error { +func (t *TestController) Shutdown(_ context.Context) error { t.closeOnce.Do(func() { close(t.ch) }) @@ -98,7 +98,7 @@ func (t *TestController) Shutdown(ctx context.Context) error { } // Terminate closes internal channel if it wasn't closed before. -func (t *TestController) Terminate(ctx context.Context) error { +func (t *TestController) Terminate(_ context.Context) error { t.closeOnce.Do(func() { close(t.ch) }) @@ -106,7 +106,7 @@ func (t *TestController) Terminate(ctx context.Context) error { } // Remove does nothing. -func (t *TestController) Remove(ctx context.Context) error { +func (t *TestController) Remove(_ context.Context) error { return nil } diff --git a/ca/config.go b/ca/config.go index f3e3a1b3f5..10a617be3e 100644 --- a/ca/config.go +++ b/ca/config.go @@ -9,6 +9,7 @@ import ( "math/big" "math/rand" "path/filepath" + "slices" "strings" "sync" "time" @@ -660,7 +661,7 @@ func NewServerTLSConfig(certs []tls.Certificate, rootCAPool *x509.CertPool) (*tl RootCAs: rootCAPool, ClientCAs: rootCAPool, PreferServerCipherSuites: true, - CipherSuites: append([]uint16(nil), strongTLSCiphers...), + CipherSuites: slices.Clone(strongTLSCiphers), MinVersion: tls.VersionTLS12, NextProtos: alpnProtoStr, }, nil @@ -677,7 +678,7 @@ func NewClientTLSConfig(certs []tls.Certificate, rootCAPool *x509.CertPool, serv ServerName: serverName, Certificates: certs, RootCAs: rootCAPool, - CipherSuites: append([]uint16(nil), strongTLSCiphers...), + CipherSuites: slices.Clone(strongTLSCiphers), MinVersion: tls.VersionTLS12, }, nil } diff --git a/ca/server.go b/ca/server.go index cfb035313d..7a1c795471 100644 --- a/ca/server.go +++ b/ca/server.go @@ -119,7 +119,7 @@ func (s *Server) SetRootReconciliationInterval(interval time.Duration) { // GetUnlockKey is responsible for returning the current unlock key used for encrypting TLS private keys and // other at rest data. Access to this RPC call should only be allowed via mutual TLS from managers. -func (s *Server) GetUnlockKey(ctx context.Context, request *api.GetUnlockKeyRequest) (*api.GetUnlockKeyResponse, error) { +func (s *Server) GetUnlockKey(_ context.Context, _ *api.GetUnlockKeyRequest) (*api.GetUnlockKeyResponse, error) { // This directly queries the store, rather than storing the unlock key and version on // the `Server` object and updating it `updateCluster` is called, because we need this // API to return the latest version of the key. Otherwise, there might be a slight delay @@ -402,7 +402,7 @@ func (s *Server) issueRenewCertificate(ctx context.Context, nodeID string, csr [ // GetRootCACertificate returns the certificate of the Root CA. It is used as a convenience for distributing // the root of trust for the swarm. Clients should be using the CA hash to verify if they weren't target to // a MiTM. If they fail to do so, node bootstrap works with TOFU semantics. -func (s *Server) GetRootCACertificate(ctx context.Context, request *api.GetRootCACertificateRequest) (*api.GetRootCACertificateResponse, error) { +func (s *Server) GetRootCACertificate(ctx context.Context, _ *api.GetRootCACertificateRequest) (*api.GetRootCACertificateResponse, error) { log.G(ctx).WithFields(log.Fields{ "method": "GetRootCACertificate", }) diff --git a/ca/transport.go b/ca/transport.go index 69c4379b36..7f95ab986e 100644 --- a/ca/transport.go +++ b/ca/transport.go @@ -59,7 +59,7 @@ func (c *MutableTLSCreds) OverrideServerName(name string) error { } // GetRequestMetadata implements the credentials.TransportCredentials interface -func (c *MutableTLSCreds) GetRequestMetadata(ctx context.Context, uri ...string) (map[string]string, error) { +func (c *MutableTLSCreds) GetRequestMetadata(_ context.Context, _ ...string) (map[string]string, error) { return nil, nil } diff --git a/cmd/swarm-bench/main.go b/cmd/swarm-bench/main.go index 445c7cace3..3a65aaf53d 100644 --- a/cmd/swarm-bench/main.go +++ b/cmd/swarm-bench/main.go @@ -13,7 +13,7 @@ var ( mainCmd = &cobra.Command{ Use: os.Args[0], Short: "Benchmark swarm", - RunE: func(cmd *cobra.Command, args []string) error { + RunE: func(cmd *cobra.Command, _ []string) error { ctx := context.Background() count, err := cmd.Flags().GetUint64("count") if err != nil { diff --git a/manager/allocator/allocator_test_suite.go b/manager/allocator/allocator_test_suite.go index f37cc426f2..13212f1066 100644 --- a/manager/allocator/allocator_test_suite.go +++ b/manager/allocator/allocator_test_suite.go @@ -685,7 +685,7 @@ func (suite *testSuite) TestNoDuplicateIPs() { defer cancel() assignedIPs := make(map[string]string) - hasUniqueIP := func(fakeT assert.TestingT, s *store.MemoryStore, task *api.Task) bool { + hasUniqueIP := func(_ assert.TestingT, _ *store.MemoryStore, task *api.Task) bool { if len(task.Networks) == 0 { panic("missing networks") } @@ -834,7 +834,7 @@ func (suite *testSuite) TestAllocatorRestoreForDuplicateIPs() { return true } - hasNoIPOverlapTasks := func(fakeT assert.TestingT, s *store.MemoryStore, task *api.Task) bool { + hasNoIPOverlapTasks := func(fakeT assert.TestingT, _ *store.MemoryStore, task *api.Task) bool { assert.NotEqual(fakeT, len(task.Networks), 0) assert.NotEqual(fakeT, len(task.Networks[0].Addresses), 0) @@ -978,7 +978,7 @@ func (suite *testSuite) TestAllocatorRestartNoEndpointSpec() { return true } - hasNoIPOverlapTasks := func(fakeT assert.TestingT, s *store.MemoryStore, task *api.Task) bool { + hasNoIPOverlapTasks := func(fakeT assert.TestingT, _ *store.MemoryStore, task *api.Task) bool { assert.NotEqual(fakeT, len(task.Networks), 0) assert.NotEqual(fakeT, len(task.Networks[0].Addresses), 0) assignedIP := task.Networks[0].Addresses[0] @@ -1176,7 +1176,7 @@ func (suite *testSuite) TestAllocatorRestoreForUnallocatedNetwork() { return true } - hasNoIPOverlapTasks := func(fakeT assert.TestingT, s *store.MemoryStore, task *api.Task) bool { + hasNoIPOverlapTasks := func(fakeT assert.TestingT, _ *store.MemoryStore, task *api.Task) bool { assert.NotEqual(fakeT, len(task.Networks), 0) assert.NotEqual(fakeT, len(task.Networks[0].Addresses), 0) assignedIP := task.Networks[1].Addresses[0] @@ -2056,7 +2056,7 @@ func isValidSubnet(t assert.TestingT, subnet string) bool { type mockTester struct{} -func (m mockTester) Errorf(format string, args ...interface{}) { +func (m mockTester) Errorf(_ string, _ ...interface{}) { } // Returns a timeout given whether we should expect a timeout: In the case where we do expect a timeout, diff --git a/manager/allocator/allocator_test_suite_linux.go b/manager/allocator/allocator_test_suite_linux.go index 2150db3bd7..cfc74091b2 100644 --- a/manager/allocator/allocator_test_suite_linux.go +++ b/manager/allocator/allocator_test_suite_linux.go @@ -68,9 +68,9 @@ func (suite *testSuite) TestIPAMNotNil() { defer suite.startAllocator(a)() // Now verify if we get network and tasks updated properly - watchNetwork(suite.T(), netWatch, false, func(t assert.TestingT, n *api.Network) bool { return true }) - watchNetwork(suite.T(), netWatch, false, func(t assert.TestingT, n *api.Network) bool { return true }) - watchNetwork(suite.T(), netWatch, false, func(t assert.TestingT, n *api.Network) bool { return true }) + watchNetwork(suite.T(), netWatch, false, func(_ assert.TestingT, _ *api.Network) bool { return true }) + watchNetwork(suite.T(), netWatch, false, func(_ assert.TestingT, _ *api.Network) bool { return true }) + watchNetwork(suite.T(), netWatch, false, func(_ assert.TestingT, _ *api.Network) bool { return true }) // Verify no allocation was done for the node-local networks var ( diff --git a/manager/allocator/network.go b/manager/allocator/network.go index 1586d77f2f..b79cb304ba 100644 --- a/manager/allocator/network.go +++ b/manager/allocator/network.go @@ -1158,7 +1158,7 @@ func updatePortsInHostPublishMode(s *api.Service) { // allocateService takes care to align the desired state with the spec passed // the last parameter is true only during restart when the data is read from raft // and used to build internal state -func (a *Allocator) allocateService(ctx context.Context, s *api.Service, existingAddressesOnly bool) error { +func (a *Allocator) allocateService(_ context.Context, s *api.Service, existingAddressesOnly bool) error { nc := a.netCtx if s.Spec.Endpoint != nil { @@ -1266,7 +1266,7 @@ func (a *Allocator) commitAllocatedService(ctx context.Context, batch *store.Bat return nil } -func (a *Allocator) allocateNetwork(ctx context.Context, n *api.Network) error { +func (a *Allocator) allocateNetwork(_ context.Context, n *api.Network) error { nc := a.netCtx if err := nc.nwkAllocator.Allocate(n); err != nil { diff --git a/manager/allocator/networkallocator/inert.go b/manager/allocator/networkallocator/inert.go index be18ac417f..d722a166df 100644 --- a/manager/allocator/networkallocator/inert.go +++ b/manager/allocator/networkallocator/inert.go @@ -68,7 +68,7 @@ func (Inert) Allocate(n *api.Network) error { } // AllocateAttachment unconditionally returns an error. -func (Inert) AllocateAttachment(node *api.Node, networkAttachment *api.NetworkAttachment) error { +func (Inert) AllocateAttachment(_ *api.Node, _ *api.NetworkAttachment) error { return errUnavailable } @@ -89,22 +89,22 @@ func (Inert) AllocateTask(t *api.Task) error { } // Deallocate does nothing, successfully. -func (Inert) Deallocate(n *api.Network) error { +func (Inert) Deallocate(_ *api.Network) error { return nil } // DeallocateAttachment does nothing, successfully. -func (Inert) DeallocateAttachment(node *api.Node, networkAttachment *api.NetworkAttachment) error { +func (Inert) DeallocateAttachment(_ *api.Node, _ *api.NetworkAttachment) error { return nil } // DeallocateService does nothing, successfully. -func (Inert) DeallocateService(s *api.Service) error { +func (Inert) DeallocateService(_ *api.Service) error { return nil } // DeallocateTask does nothing, successfully. -func (Inert) DeallocateTask(t *api.Task) error { +func (Inert) DeallocateTask(_ *api.Task) error { return nil } @@ -114,12 +114,12 @@ func (Inert) IsAllocated(n *api.Network) bool { } // IsAttachmentAllocated returns false. -func (Inert) IsAttachmentAllocated(node *api.Node, networkAttachment *api.NetworkAttachment) bool { +func (Inert) IsAttachmentAllocated(_ *api.Node, _ *api.NetworkAttachment) bool { return false } // IsServiceAllocated returns true iff [Inert.AllocateService] would return nil. -func (Inert) IsServiceAllocated(s *api.Service, flags ...func(*ServiceAllocationOpts)) bool { +func (Inert) IsServiceAllocated(s *api.Service, _ ...func(*ServiceAllocationOpts)) bool { return (Inert{}).AllocateService(s) == nil } diff --git a/manager/controlapi/apihooks.go b/manager/controlapi/apihooks.go index 2ecfd787bd..2d6d9e3860 100644 --- a/manager/controlapi/apihooks.go +++ b/manager/controlapi/apihooks.go @@ -16,11 +16,11 @@ type NetworkViewResponseMutator interface { type NoopViewResponseMutator struct{} -func (NoopViewResponseMutator) OnGetNetwork(ctx context.Context, n *api.Network, appdataTypeURL string, appdata []byte) error { +func (NoopViewResponseMutator) OnGetNetwork(_ context.Context, _ *api.Network, _ string, _ []byte) error { return nil } -func (NoopViewResponseMutator) OnListNetworks(ctx context.Context, networks []*api.Network, appdataTypeURL string, appdata []byte) error { +func (NoopViewResponseMutator) OnListNetworks(_ context.Context, _ []*api.Network, _ string, _ []byte) error { return nil } diff --git a/manager/controlapi/cluster.go b/manager/controlapi/cluster.go index 3a264079ec..638da7584c 100644 --- a/manager/controlapi/cluster.go +++ b/manager/controlapi/cluster.go @@ -77,7 +77,7 @@ func validateClusterSpec(spec *api.ClusterSpec) error { // GetCluster returns a Cluster given a ClusterID. // - Returns `InvalidArgument` if ClusterID is not provided. // - Returns `NotFound` if the Cluster is not found. -func (s *Server) GetCluster(ctx context.Context, request *api.GetClusterRequest) (*api.GetClusterResponse, error) { +func (s *Server) GetCluster(_ context.Context, request *api.GetClusterRequest) (*api.GetClusterResponse, error) { if request.ClusterID == "" { return nil, status.Errorf(codes.InvalidArgument, errInvalidArgument.Error()) } @@ -203,7 +203,7 @@ func filterClusters(candidates []*api.Cluster, filters ...func(*api.Cluster) boo } // ListClusters returns a list of all clusters. -func (s *Server) ListClusters(ctx context.Context, request *api.ListClustersRequest) (*api.ListClustersResponse, error) { +func (s *Server) ListClusters(_ context.Context, request *api.ListClustersRequest) (*api.ListClustersResponse, error) { var ( clusters []*api.Cluster err error diff --git a/manager/controlapi/config.go b/manager/controlapi/config.go index 98ac006577..8e914c2e93 100644 --- a/manager/controlapi/config.go +++ b/manager/controlapi/config.go @@ -29,7 +29,7 @@ func configFromConfigSpec(spec *api.ConfigSpec) *api.Config { // - Returns `NotFound` if the Config with the given id is not found. // - Returns `InvalidArgument` if the `GetConfigRequest.ConfigID` is empty. // - Returns an error if getting fails. -func (s *Server) GetConfig(ctx context.Context, request *api.GetConfigRequest) (*api.GetConfigResponse, error) { +func (s *Server) GetConfig(_ context.Context, request *api.GetConfigRequest) (*api.GetConfigResponse, error) { if request.ConfigID == "" { return nil, status.Errorf(codes.InvalidArgument, "config ID must be provided") } @@ -95,7 +95,7 @@ func (s *Server) UpdateConfig(ctx context.Context, request *api.UpdateConfigRequ // name prefix in `ListConfigsRequest.NamePrefixes`, any id in // `ListConfigsRequest.ConfigIDs`, or any id prefix in `ListConfigsRequest.IDPrefixes`. // - Returns an error if listing fails. -func (s *Server) ListConfigs(ctx context.Context, request *api.ListConfigsRequest) (*api.ListConfigsResponse, error) { +func (s *Server) ListConfigs(_ context.Context, request *api.ListConfigsRequest) (*api.ListConfigsResponse, error) { var ( configs []*api.Config respConfigs []*api.Config diff --git a/manager/controlapi/extension.go b/manager/controlapi/extension.go index b2f2ef8d03..32e3d4ac57 100644 --- a/manager/controlapi/extension.go +++ b/manager/controlapi/extension.go @@ -52,7 +52,7 @@ func (s *Server) CreateExtension(ctx context.Context, request *api.CreateExtensi // - Returns `NotFound` if the Extension with the given id is not found. // - Returns `InvalidArgument` if the `GetExtensionRequest.extension_id` is empty. // - Returns an error if the get fails. -func (s *Server) GetExtension(ctx context.Context, request *api.GetExtensionRequest) (*api.GetExtensionResponse, error) { +func (s *Server) GetExtension(_ context.Context, request *api.GetExtensionRequest) (*api.GetExtensionResponse, error) { if request.ExtensionID == "" { return nil, status.Errorf(codes.InvalidArgument, "extension ID must be provided") } diff --git a/manager/controlapi/network.go b/manager/controlapi/network.go index 967b3a83ec..8007ee0e3f 100644 --- a/manager/controlapi/network.go +++ b/manager/controlapi/network.go @@ -102,7 +102,7 @@ func (s *Server) validateNetworkSpec(spec *api.NetworkSpec) error { // CreateNetwork creates and returns a Network based on the provided NetworkSpec. // - Returns `InvalidArgument` if the NetworkSpec is malformed. // - Returns an error if the creation fails. -func (s *Server) CreateNetwork(ctx context.Context, request *api.CreateNetworkRequest) (*api.CreateNetworkResponse, error) { +func (s *Server) CreateNetwork(_ context.Context, request *api.CreateNetworkRequest) (*api.CreateNetworkResponse, error) { if err := s.validateNetworkSpec(request.Spec); err != nil { return nil, err } @@ -160,7 +160,7 @@ func (s *Server) GetNetwork(ctx context.Context, request *api.GetNetworkRequest) // - Returns `InvalidArgument` if NetworkID is not provided. // - Returns `NotFound` if the Network is not found. // - Returns an error if the deletion fails. -func (s *Server) RemoveNetwork(ctx context.Context, request *api.RemoveNetworkRequest) (*api.RemoveNetworkResponse, error) { +func (s *Server) RemoveNetwork(_ context.Context, request *api.RemoveNetworkRequest) (*api.RemoveNetworkResponse, error) { if request.NetworkID == "" { return nil, status.Errorf(codes.InvalidArgument, errInvalidArgument.Error()) } diff --git a/manager/controlapi/node.go b/manager/controlapi/node.go index f85d679b99..c2344b95d6 100644 --- a/manager/controlapi/node.go +++ b/manager/controlapi/node.go @@ -23,7 +23,7 @@ func validateNodeSpec(spec *api.NodeSpec) error { // GetNode returns a Node given a NodeID. // - Returns `InvalidArgument` if NodeID is not provided. // - Returns `NotFound` if the Node is not found. -func (s *Server) GetNode(ctx context.Context, request *api.GetNodeRequest) (*api.GetNodeResponse, error) { +func (s *Server) GetNode(_ context.Context, request *api.GetNodeRequest) (*api.GetNodeResponse, error) { if request.NodeID == "" { return nil, status.Errorf(codes.InvalidArgument, errInvalidArgument.Error()) } @@ -76,7 +76,7 @@ func filterNodes(candidates []*api.Node, filters ...func(*api.Node) bool) []*api } // ListNodes returns a list of all nodes. -func (s *Server) ListNodes(ctx context.Context, request *api.ListNodesRequest) (*api.ListNodesResponse, error) { +func (s *Server) ListNodes(_ context.Context, request *api.ListNodesRequest) (*api.ListNodesResponse, error) { var ( nodes []*api.Node err error @@ -200,7 +200,7 @@ func (s *Server) ListNodes(ctx context.Context, request *api.ListNodesRequest) ( // - Returns `NotFound` if the Node is not found. // - Returns `InvalidArgument` if the NodeSpec is malformed. // - Returns an error if the update fails. -func (s *Server) UpdateNode(ctx context.Context, request *api.UpdateNodeRequest) (*api.UpdateNodeResponse, error) { +func (s *Server) UpdateNode(_ context.Context, request *api.UpdateNodeRequest) (*api.UpdateNodeResponse, error) { if request.NodeID == "" || request.NodeVersion == nil { return nil, status.Errorf(codes.InvalidArgument, errInvalidArgument.Error()) } @@ -291,7 +291,7 @@ func orphanNodeTasks(tx store.Tx, nodeID string) error { // - Returns FailedPrecondition if the Node has manager role (and is part of the memberlist) or is not shut down. // - Returns InvalidArgument if NodeID or NodeVersion is not valid. // - Returns an error if the delete fails. -func (s *Server) RemoveNode(ctx context.Context, request *api.RemoveNodeRequest) (*api.RemoveNodeResponse, error) { +func (s *Server) RemoveNode(_ context.Context, request *api.RemoveNodeRequest) (*api.RemoveNodeResponse, error) { if request.NodeID == "" { return nil, status.Errorf(codes.InvalidArgument, errInvalidArgument.Error()) } diff --git a/manager/controlapi/resource.go b/manager/controlapi/resource.go index fa1113210d..37e930ac94 100644 --- a/manager/controlapi/resource.go +++ b/manager/controlapi/resource.go @@ -64,7 +64,7 @@ func (s *Server) CreateResource(ctx context.Context, request *api.CreateResource // - Returns `NotFound` if the Resource with the given id is not found. // - Returns `InvalidArgument` if the `GetResourceRequest.Resource` is empty. // - Returns an error if getting fails. -func (s *Server) GetResource(ctx context.Context, request *api.GetResourceRequest) (*api.GetResourceResponse, error) { +func (s *Server) GetResource(_ context.Context, request *api.GetResourceRequest) (*api.GetResourceResponse, error) { if request.ResourceID == "" { return nil, status.Errorf(codes.InvalidArgument, "resource ID must be present") } @@ -84,7 +84,7 @@ func (s *Server) GetResource(ctx context.Context, request *api.GetResourceReques // - Returns `InvalidArgument` if `RemoveResourceRequest.ResourceID` is empty. // - Returns `NotFound` if the a resource named `RemoveResourceRequest.ResourceID` is not found. // - Returns an error if the deletion fails. -func (s *Server) RemoveResource(ctx context.Context, request *api.RemoveResourceRequest) (*api.RemoveResourceResponse, error) { +func (s *Server) RemoveResource(_ context.Context, request *api.RemoveResourceRequest) (*api.RemoveResourceResponse, error) { if request.ResourceID == "" { return nil, status.Errorf(codes.InvalidArgument, "resource ID must be present") } @@ -106,7 +106,7 @@ func (s *Server) RemoveResource(ctx context.Context, request *api.RemoveResource // name prefix in `ListResourcesRequest.NamePrefixes`, any id in // `ListResourcesRequest.ResourceIDs`, or any id prefix in `ListResourcesRequest.IDPrefixes`. // - Returns an error if listing fails. -func (s *Server) ListResources(ctx context.Context, request *api.ListResourcesRequest) (*api.ListResourcesResponse, error) { +func (s *Server) ListResources(_ context.Context, request *api.ListResourcesRequest) (*api.ListResourcesResponse, error) { var ( resources []*api.Resource respResources []*api.Resource @@ -187,7 +187,7 @@ func (s *Server) ListResources(ctx context.Context, request *api.ListResourcesRe // - Returns `NotFound` if the Resource with the given `UpdateResourceRequest.Resource.Id` is not found. // - Returns `InvalidArgument` if the UpdateResourceRequest.Resource.Id` is empty. // - Returns an error if updating fails. -func (s *Server) UpdateResource(ctx context.Context, request *api.UpdateResourceRequest) (*api.UpdateResourceResponse, error) { +func (s *Server) UpdateResource(_ context.Context, request *api.UpdateResourceRequest) (*api.UpdateResourceResponse, error) { if request.ResourceID == "" || request.ResourceVersion == nil { return nil, status.Errorf(codes.InvalidArgument, "must include ID and version") } diff --git a/manager/controlapi/secret.go b/manager/controlapi/secret.go index 835947a6b8..a458dcd455 100644 --- a/manager/controlapi/secret.go +++ b/manager/controlapi/secret.go @@ -27,7 +27,7 @@ func secretFromSecretSpec(spec *api.SecretSpec) *api.Secret { // - Returns `NotFound` if the Secret with the given id is not found. // - Returns `InvalidArgument` if the `GetSecretRequest.SecretID` is empty. // - Returns an error if getting fails. -func (s *Server) GetSecret(ctx context.Context, request *api.GetSecretRequest) (*api.GetSecretResponse, error) { +func (s *Server) GetSecret(_ context.Context, request *api.GetSecretRequest) (*api.GetSecretResponse, error) { if request.SecretID == "" { return nil, status.Errorf(codes.InvalidArgument, "secret ID must be provided") } @@ -95,7 +95,7 @@ func (s *Server) UpdateSecret(ctx context.Context, request *api.UpdateSecretRequ // name prefix in `ListSecretsRequest.NamePrefixes`, any id in // `ListSecretsRequest.SecretIDs`, or any id prefix in `ListSecretsRequest.IDPrefixes`. // - Returns an error if listing fails. -func (s *Server) ListSecrets(ctx context.Context, request *api.ListSecretsRequest) (*api.ListSecretsResponse, error) { +func (s *Server) ListSecrets(_ context.Context, request *api.ListSecretsRequest) (*api.ListSecretsResponse, error) { var ( secrets []*api.Secret respSecrets []*api.Secret diff --git a/manager/controlapi/service.go b/manager/controlapi/service.go index 3c9ce212d0..c6dbd7fae3 100644 --- a/manager/controlapi/service.go +++ b/manager/controlapi/service.go @@ -724,7 +724,7 @@ func (s *Server) checkConfigExistence(tx store.Tx, spec *api.ServiceSpec) error // - Returns `Unimplemented` if the ServiceSpec references unimplemented features. // - Returns `AlreadyExists` if the ServiceID conflicts. // - Returns an error if the creation fails. -func (s *Server) CreateService(ctx context.Context, request *api.CreateServiceRequest) (*api.CreateServiceResponse, error) { +func (s *Server) CreateService(_ context.Context, request *api.CreateServiceRequest) (*api.CreateServiceResponse, error) { if err := validateServiceSpec(request.Spec); err != nil { return nil, err } @@ -787,7 +787,7 @@ func (s *Server) CreateService(ctx context.Context, request *api.CreateServiceRe // GetService returns a Service given a ServiceID. // - Returns `InvalidArgument` if ServiceID is not provided. // - Returns `NotFound` if the Service is not found. -func (s *Server) GetService(ctx context.Context, request *api.GetServiceRequest) (*api.GetServiceResponse, error) { +func (s *Server) GetService(_ context.Context, request *api.GetServiceRequest) (*api.GetServiceResponse, error) { if request.ServiceID == "" { return nil, status.Errorf(codes.InvalidArgument, errInvalidArgument.Error()) } @@ -814,7 +814,7 @@ func (s *Server) GetService(ctx context.Context, request *api.GetServiceRequest) // - Returns `InvalidArgument` if the ServiceSpec is malformed. // - Returns `Unimplemented` if the ServiceSpec references unimplemented features. // - Returns an error if the update fails. -func (s *Server) UpdateService(ctx context.Context, request *api.UpdateServiceRequest) (*api.UpdateServiceResponse, error) { +func (s *Server) UpdateService(_ context.Context, request *api.UpdateServiceRequest) (*api.UpdateServiceResponse, error) { if request.ServiceID == "" || request.ServiceVersion == nil { return nil, status.Errorf(codes.InvalidArgument, errInvalidArgument.Error()) } @@ -940,7 +940,7 @@ func (s *Server) UpdateService(ctx context.Context, request *api.UpdateServiceRe // - Returns `InvalidArgument` if ServiceID is not provided. // - Returns `NotFound` if the Service is not found. // - Returns an error if the deletion fails. -func (s *Server) RemoveService(ctx context.Context, request *api.RemoveServiceRequest) (*api.RemoveServiceResponse, error) { +func (s *Server) RemoveService(_ context.Context, request *api.RemoveServiceRequest) (*api.RemoveServiceResponse, error) { if request.ServiceID == "" { return nil, status.Errorf(codes.InvalidArgument, errInvalidArgument.Error()) } @@ -977,7 +977,7 @@ func filterServices(candidates []*api.Service, filters ...func(*api.Service) boo } // ListServices returns a list of all services. -func (s *Server) ListServices(ctx context.Context, request *api.ListServicesRequest) (*api.ListServicesResponse, error) { +func (s *Server) ListServices(_ context.Context, request *api.ListServicesRequest) (*api.ListServicesResponse, error) { var ( services []*api.Service err error @@ -1044,7 +1044,7 @@ func (s *Server) ListServices(ctx context.Context, request *api.ListServicesRequ // client to avoid having to calculate this value by listing all Tasks. If any // service requested does not exist, it will be returned but with empty status // values. -func (s *Server) ListServiceStatuses(ctx context.Context, req *api.ListServiceStatusesRequest) (*api.ListServiceStatusesResponse, error) { +func (s *Server) ListServiceStatuses(_ context.Context, req *api.ListServiceStatusesRequest) (*api.ListServiceStatusesResponse, error) { resp := &api.ListServiceStatusesResponse{} if req == nil { return resp, nil diff --git a/manager/controlapi/task.go b/manager/controlapi/task.go index 00dcc3dcb0..a0b58053e9 100644 --- a/manager/controlapi/task.go +++ b/manager/controlapi/task.go @@ -14,7 +14,7 @@ import ( // GetTask returns a Task given a TaskID. // - Returns `InvalidArgument` if TaskID is not provided. // - Returns `NotFound` if the Task is not found. -func (s *Server) GetTask(ctx context.Context, request *api.GetTaskRequest) (*api.GetTaskResponse, error) { +func (s *Server) GetTask(_ context.Context, request *api.GetTaskRequest) (*api.GetTaskResponse, error) { if request.TaskID == "" { return nil, status.Errorf(codes.InvalidArgument, errInvalidArgument.Error()) } @@ -35,7 +35,7 @@ func (s *Server) GetTask(ctx context.Context, request *api.GetTaskRequest) (*api // - Returns `InvalidArgument` if TaskID is not provided. // - Returns `NotFound` if the Task is not found. // - Returns an error if the deletion fails. -func (s *Server) RemoveTask(ctx context.Context, request *api.RemoveTaskRequest) (*api.RemoveTaskResponse, error) { +func (s *Server) RemoveTask(_ context.Context, request *api.RemoveTaskRequest) (*api.RemoveTaskResponse, error) { if request.TaskID == "" { return nil, status.Errorf(codes.InvalidArgument, errInvalidArgument.Error()) } @@ -72,7 +72,7 @@ func filterTasks(candidates []*api.Task, filters ...func(*api.Task) bool) []*api } // ListTasks returns a list of all tasks. -func (s *Server) ListTasks(ctx context.Context, request *api.ListTasksRequest) (*api.ListTasksResponse, error) { +func (s *Server) ListTasks(_ context.Context, request *api.ListTasksRequest) (*api.ListTasksResponse, error) { var ( tasks []*api.Task err error diff --git a/manager/controlapi/volume.go b/manager/controlapi/volume.go index 1d30e8965c..d0a09b11b8 100644 --- a/manager/controlapi/volume.go +++ b/manager/controlapi/volume.go @@ -12,7 +12,7 @@ import ( "google.golang.org/grpc/status" ) -func (s *Server) CreateVolume(ctx context.Context, request *api.CreateVolumeRequest) (*api.CreateVolumeResponse, error) { +func (s *Server) CreateVolume(_ context.Context, request *api.CreateVolumeRequest) (*api.CreateVolumeResponse, error) { if request.Spec == nil { return nil, status.Errorf(codes.InvalidArgument, "spec must not be nil") } @@ -70,7 +70,7 @@ func (s *Server) CreateVolume(ctx context.Context, request *api.CreateVolumeRequ }, nil } -func (s *Server) UpdateVolume(ctx context.Context, request *api.UpdateVolumeRequest) (*api.UpdateVolumeResponse, error) { +func (s *Server) UpdateVolume(_ context.Context, request *api.UpdateVolumeRequest) (*api.UpdateVolumeResponse, error) { if request.VolumeID == "" { return nil, status.Errorf(codes.InvalidArgument, "VolumeID must not be empty") } @@ -134,7 +134,7 @@ func (s *Server) UpdateVolume(ctx context.Context, request *api.UpdateVolumeRequ }, nil } -func (s *Server) ListVolumes(ctx context.Context, request *api.ListVolumesRequest) (*api.ListVolumesResponse, error) { +func (s *Server) ListVolumes(_ context.Context, request *api.ListVolumesRequest) (*api.ListVolumesResponse, error) { var ( volumes []*api.Volume err error @@ -219,7 +219,7 @@ func filterVolumes(candidates []*api.Volume, filters ...func(*api.Volume) bool) return result } -func (s *Server) GetVolume(ctx context.Context, request *api.GetVolumeRequest) (*api.GetVolumeResponse, error) { +func (s *Server) GetVolume(_ context.Context, request *api.GetVolumeRequest) (*api.GetVolumeResponse, error) { var volume *api.Volume s.store.View(func(tx store.ReadTx) { volume = store.GetVolume(tx, request.VolumeID) @@ -237,7 +237,7 @@ func (s *Server) GetVolume(ctx context.Context, request *api.GetVolumeRequest) ( // volume, because some clean-up must occur before it can be removed. However, // calling RemoveVolume is an irrevocable action, and once it occurs, the // Volume can no longer be used in any way. -func (s *Server) RemoveVolume(ctx context.Context, request *api.RemoveVolumeRequest) (*api.RemoveVolumeResponse, error) { +func (s *Server) RemoveVolume(_ context.Context, request *api.RemoveVolumeRequest) (*api.RemoveVolumeResponse, error) { err := s.store.Update(func(tx store.Tx) error { volume := store.GetVolume(tx, request.VolumeID) if volume == nil { diff --git a/manager/csi/manager.go b/manager/csi/manager.go index 358079b6f2..c639c9df99 100644 --- a/manager/csi/manager.go +++ b/manager/csi/manager.go @@ -91,7 +91,7 @@ func (vm *Manager) run(pctx context.Context) { ) defer ctxCancel() - watch, cancel, err := store.ViewAndWatch(vm.store, func(tx store.ReadTx) error { + watch, cancel, err := store.ViewAndWatch(vm.store, func(_ store.ReadTx) error { // TODO(dperny): change this from ViewAndWatch to one that's just // Watch. return nil diff --git a/manager/dispatcher/assignments.go b/manager/dispatcher/assignments.go index 1fdca36f92..a7e3da0927 100644 --- a/manager/dispatcher/assignments.go +++ b/manager/dispatcher/assignments.go @@ -183,7 +183,7 @@ func (a *assignmentSet) releaseDependency(mapKey typeAndID, assignment *api.Assi // releaseTaskDependencies needs a store transaction because volumes have // associated Secrets which need to be released. -func (a *assignmentSet) releaseTaskDependencies(readTx store.ReadTx, t *api.Task) bool { +func (a *assignmentSet) releaseTaskDependencies(_ store.ReadTx, t *api.Task) bool { var modified bool for _, resourceRef := range t.Spec.ResourceReferences { @@ -376,7 +376,7 @@ func (a *assignmentSet) addOrUpdateVolume(readTx store.ReadTx, v *api.Volume) bo return true } -func (a *assignmentSet) removeVolume(readTx store.ReadTx, v *api.Volume) bool { +func (a *assignmentSet) removeVolume(_ store.ReadTx, v *api.Volume) bool { if _, exists := a.volumesMap[v.ID]; !exists { return false } diff --git a/manager/dispatcher/dispatcher.go b/manager/dispatcher/dispatcher.go index 150a03c3b6..41b9ba73fe 100644 --- a/manager/dispatcher/dispatcher.go +++ b/manager/dispatcher/dispatcher.go @@ -1099,7 +1099,7 @@ func (d *Dispatcher) Assignments(r *api.AssignmentsRequest, stream api.Dispatche // matcher, we can discard the first argument (the prototype) and // instead pass the desired node ID in as part of a closure. Checks: []api.VolumeCheckFunc{ - func(v1, v2 *api.Volume) bool { + func(_, v2 *api.Volume) bool { for _, status := range v2.PublishStatus { if status.NodeID == nodeID { return true diff --git a/manager/health/health.go b/manager/health/health.go index 4fd2adc541..ac42b8b717 100644 --- a/manager/health/health.go +++ b/manager/health/health.go @@ -32,7 +32,7 @@ func NewHealthServer() *Server { } // Check checks if the grpc server is healthy and running. -func (s *Server) Check(ctx context.Context, in *api.HealthCheckRequest) (*api.HealthCheckResponse, error) { +func (s *Server) Check(_ context.Context, in *api.HealthCheckRequest) (*api.HealthCheckResponse, error) { s.mu.Lock() defer s.mu.Unlock() if in.Service == "" { diff --git a/manager/keymanager/keymanager.go b/manager/keymanager/keymanager.go index cbbea32533..331c396b62 100644 --- a/manager/keymanager/keymanager.go +++ b/manager/keymanager/keymanager.go @@ -92,7 +92,7 @@ func New(store *store.MemoryStore, config *Config) *KeyManager { } } -func (k *KeyManager) allocateKey(ctx context.Context, subsys string) *api.EncryptionKey { +func (k *KeyManager) allocateKey(_ context.Context, subsys string) *api.EncryptionKey { key := make([]byte, k.config.Keylen) _, err := cryptorand.Read(key) diff --git a/manager/logbroker/broker.go b/manager/logbroker/broker.go index 9683fd28bb..f53e297d1b 100644 --- a/manager/logbroker/broker.go +++ b/manager/logbroker/broker.go @@ -302,7 +302,7 @@ func (lb *LogBroker) nodeDisconnected(nodeID string) { } // ListenSubscriptions returns a stream of matching subscriptions for the current node -func (lb *LogBroker) ListenSubscriptions(request *api.ListenSubscriptionsRequest, stream api.LogBroker_ListenSubscriptionsServer) error { +func (lb *LogBroker) ListenSubscriptions(_ *api.ListenSubscriptionsRequest, stream api.LogBroker_ListenSubscriptionsServer) error { remote, err := ca.RemoteNode(stream.Context()) if err != nil { return err diff --git a/manager/logbroker/subscription.go b/manager/logbroker/subscription.go index 7441ae50c6..e7aa08b8df 100644 --- a/manager/logbroker/subscription.go +++ b/manager/logbroker/subscription.go @@ -84,7 +84,7 @@ func (s *subscription) Stop() { } } -func (s *subscription) Wait(ctx context.Context) <-chan struct{} { +func (s *subscription) Wait(_ context.Context) <-chan struct{} { // Follow subscriptions never end if s.follow() { return nil diff --git a/manager/metrics/collector.go b/manager/metrics/collector.go index 00e5690304..b283092418 100644 --- a/manager/metrics/collector.go +++ b/manager/metrics/collector.go @@ -2,7 +2,6 @@ package metrics import ( "context" - "strings" "github.com/docker/go-events" @@ -58,7 +57,7 @@ func NewCollector(store *store.MemoryStore) *Collector { } // Run contains the collector event loop -func (c *Collector) Run(ctx context.Context) error { +func (c *Collector) Run(_ context.Context) error { defer close(c.doneChan) watcher, cancel, err := store.ViewAndWatch(c.store, func(readTx store.ReadTx) error { diff --git a/manager/orchestrator/global/global.go b/manager/orchestrator/global/global.go index 71c5bae13f..ba32d69d27 100644 --- a/manager/orchestrator/global/global.go +++ b/manager/orchestrator/global/global.go @@ -200,7 +200,7 @@ func (g *Orchestrator) FixTask(ctx context.Context, batch *store.Batch, t *api.T } // handleTaskChange defines what orchestrator does when a task is updated by agent -func (g *Orchestrator) handleTaskChange(ctx context.Context, t *api.Task) { +func (g *Orchestrator) handleTaskChange(_ context.Context, t *api.Task) { if _, exists := g.globalServices[t.ServiceID]; !exists { return } diff --git a/manager/orchestrator/jobs/global/reconciler.go b/manager/orchestrator/jobs/global/reconciler.go index cf68368478..c519507b81 100644 --- a/manager/orchestrator/jobs/global/reconciler.go +++ b/manager/orchestrator/jobs/global/reconciler.go @@ -268,7 +268,7 @@ func (r *Reconciler) IsRelatedService(service *api.Service) bool { // - The task has failed and needs to be restarted. // // This implements the FixTask method of the taskinit.InitHandler interface. -func (r *Reconciler) FixTask(ctx context.Context, batch *store.Batch, t *api.Task) { +func (r *Reconciler) FixTask(_ context.Context, batch *store.Batch, t *api.Task) { // tasks already desired to be shut down need no action. if t.DesiredState > api.TaskStateCompleted { return diff --git a/manager/orchestrator/replicated/services.go b/manager/orchestrator/replicated/services.go index fa4463b276..c10bfff97e 100644 --- a/manager/orchestrator/replicated/services.go +++ b/manager/orchestrator/replicated/services.go @@ -75,7 +75,7 @@ func (r *Orchestrator) tickServices(ctx context.Context) { } } -func (r *Orchestrator) resolveService(ctx context.Context, task *api.Task) *api.Service { +func (r *Orchestrator) resolveService(_ context.Context, task *api.Task) *api.Service { if task.ServiceID == "" { return nil } diff --git a/manager/orchestrator/replicated/tasks.go b/manager/orchestrator/replicated/tasks.go index 8f3d203170..d4c7aeb5b7 100644 --- a/manager/orchestrator/replicated/tasks.go +++ b/manager/orchestrator/replicated/tasks.go @@ -116,7 +116,7 @@ func (r *Orchestrator) handleNodeChange(ctx context.Context, n *api.Node) { } // handleTaskChange defines what orchestrator does when a task is updated by agent. -func (r *Orchestrator) handleTaskChange(ctx context.Context, t *api.Task) { +func (r *Orchestrator) handleTaskChange(_ context.Context, t *api.Task) { // If we already set the desired state past TaskStateRunning, there is no // further action necessary. if t.DesiredState > api.TaskStateRunning { @@ -148,7 +148,7 @@ func (r *Orchestrator) handleTaskChange(ctx context.Context, t *api.Task) { // FixTask validates a task with the current cluster settings, and takes // action to make it conformant. it's called at orchestrator initialization. -func (r *Orchestrator) FixTask(ctx context.Context, batch *store.Batch, t *api.Task) { +func (r *Orchestrator) FixTask(_ context.Context, batch *store.Batch, t *api.Task) { // If we already set the desired state past TaskStateRunning, there is no // further action necessary. if t.DesiredState > api.TaskStateRunning { diff --git a/manager/orchestrator/update/updater.go b/manager/orchestrator/update/updater.go index 11e1106d76..5edffcdab2 100644 --- a/manager/orchestrator/update/updater.go +++ b/manager/orchestrator/update/updater.go @@ -491,7 +491,7 @@ func (u *Updater) useExistingTask(ctx context.Context, slot orchestrator.Slot, e // removeOldTasks shuts down the given tasks and returns one of the tasks that // was shut down, or an error. -func (u *Updater) removeOldTasks(ctx context.Context, batch *store.Batch, removeTasks []*api.Task) (*api.Task, error) { +func (u *Updater) removeOldTasks(_ context.Context, batch *store.Batch, removeTasks []*api.Task) (*api.Task, error) { var ( lastErr error removedTask *api.Task diff --git a/manager/scheduler/decision_tree.go b/manager/scheduler/decision_tree.go index 34e52ae3d0..5ffb00273b 100644 --- a/manager/scheduler/decision_tree.go +++ b/manager/scheduler/decision_tree.go @@ -21,7 +21,7 @@ type decisionTree struct { // of the decision tree. // // The caller may modify the nodes in the returned slice. -func (dt *decisionTree) orderedNodes(meetsConstraints func(*NodeInfo) bool, nodeLess func(*NodeInfo, *NodeInfo) bool) []NodeInfo { +func (dt *decisionTree) orderedNodes(meetsConstraints func(*NodeInfo) bool, _ func(*NodeInfo, *NodeInfo) bool) []NodeInfo { if dt.nodeHeap.length != len(dt.nodeHeap.nodes) { // We already collapsed the heap into a sorted slice, so // re-heapify. There may have been modifications to the nodes diff --git a/manager/scheduler/filter.go b/manager/scheduler/filter.go index 4e0bb9f02a..abfcb8178d 100644 --- a/manager/scheduler/filter.go +++ b/manager/scheduler/filter.go @@ -381,7 +381,7 @@ func (f *MaxReplicasFilter) Check(n *NodeInfo) bool { } // Explain returns an explanation of a failure. -func (f *MaxReplicasFilter) Explain(nodes int) string { +func (f *MaxReplicasFilter) Explain(_ int) string { return "max replicas per node limit exceed" } diff --git a/manager/scheduler/scheduler.go b/manager/scheduler/scheduler.go index 76508af303..135deff74c 100644 --- a/manager/scheduler/scheduler.go +++ b/manager/scheduler/scheduler.go @@ -251,7 +251,7 @@ func (s *Scheduler) enqueue(t *api.Task) { s.unassignedTasks[t.ID] = t } -func (s *Scheduler) createTask(ctx context.Context, t *api.Task) bool { +func (s *Scheduler) createTask(_ context.Context, t *api.Task) bool { // Ignore all tasks that have not reached PENDING // state, and tasks that no longer consume resources. if t.Status.State < api.TaskStatePending || t.Status.State > api.TaskStateRunning { @@ -643,7 +643,7 @@ func (s *Scheduler) applySchedulingDecisions(ctx context.Context, schedulingDeci } // taskFitNode checks if a node has enough resources to accommodate a task. -func (s *Scheduler) taskFitNode(ctx context.Context, t *api.Task, nodeID string) *api.Task { +func (s *Scheduler) taskFitNode(_ context.Context, t *api.Task, nodeID string) *api.Task { nodeInfo, err := s.nodeSet.nodeInfo(nodeID) if err != nil { // node does not exist in set (it may have been deleted) diff --git a/manager/state/raft/raft.go b/manager/state/raft/raft.go index f375c14c2c..f65f558e0d 100644 --- a/manager/state/raft/raft.go +++ b/manager/state/raft/raft.go @@ -1988,7 +1988,7 @@ func (n *Node) applyAddNode(cc raftpb.ConfChange) error { // applyUpdateNode is called when we receive a ConfChange from a member in the // raft cluster which update the address of an existing node. -func (n *Node) applyUpdateNode(ctx context.Context, cc raftpb.ConfChange) error { +func (n *Node) applyUpdateNode(_ context.Context, cc raftpb.ConfChange) error { newMember := &api.RaftMember{} err := proto.Unmarshal(cc.Context, newMember) if err != nil { diff --git a/manager/state/raft/testutils/testutils.go b/manager/state/raft/testutils/testutils.go index aeb71a00fd..2ee1e361f8 100644 --- a/manager/state/raft/testutils/testutils.go +++ b/manager/state/raft/testutils/testutils.go @@ -404,7 +404,7 @@ func NewJoinNode(t *testing.T, clockSource *fakeclock.FakeClock, join string, tc } // CopyNode returns a copy of a node -func CopyNode(t *testing.T, clockSource *fakeclock.FakeClock, oldNode *TestNode, forceNewCluster bool, kr *SimpleKeyRotator) (*TestNode, context.Context) { +func CopyNode(_ *testing.T, clockSource *fakeclock.FakeClock, oldNode *TestNode, forceNewCluster bool, kr *SimpleKeyRotator) (*TestNode, context.Context) { wrappedListener := RecycleWrappedListener(oldNode.Listener) securityConfig := oldNode.SecurityConfig serverOpts := []grpc.ServerOption{grpc.Creds(securityConfig.ServerTLSCreds)} diff --git a/manager/state/raft/transport/peer.go b/manager/state/raft/transport/peer.go index 071f6dc76f..485351bf0f 100644 --- a/manager/state/raft/transport/peer.go +++ b/manager/state/raft/transport/peer.go @@ -152,7 +152,7 @@ func raftMessagePayloadSize(m *raftpb.Message) int { // Split a large raft message into smaller messages. // Currently this means splitting the []Snapshot.Data into chunks whose size // is dictacted by MaxRaftMsgSize. -func splitSnapshotData(ctx context.Context, m *raftpb.Message) []api.StreamRaftMessageRequest { +func splitSnapshotData(_ context.Context, m *raftpb.Message) []api.StreamRaftMessageRequest { var messages []api.StreamRaftMessageRequest if m.Type != raftpb.MsgSnap { return messages diff --git a/manager/state/raft/util.go b/manager/state/raft/util.go index 985f307394..905e0043a3 100644 --- a/manager/state/raft/util.go +++ b/manager/state/raft/util.go @@ -14,7 +14,7 @@ import ( ) // dial returns a grpc client connection -func dial(addr string, protocol string, creds credentials.TransportCredentials, timeout time.Duration) (*grpc.ClientConn, error) { +func dial(addr string, _ string, creds credentials.TransportCredentials, timeout time.Duration) (*grpc.ClientConn, error) { // gRPC dialer connects to proxy first. Provide a custom dialer here avoid that. grpcOptions := []grpc.DialOption{ grpc.WithBackoffMaxDelay(2 * time.Second), diff --git a/manager/state/store/extensions.go b/manager/state/store/extensions.go index e5990dc705..f8e8133165 100644 --- a/manager/state/store/extensions.go +++ b/manager/state/store/extensions.go @@ -96,7 +96,7 @@ func CreateExtension(tx Tx, e *api.Extension) error { // UpdateExtension updates an existing extension in the store. // Returns ErrNotExist if the object doesn't exist. -func UpdateExtension(tx Tx, e *api.Extension) error { +func UpdateExtension(_ Tx, _ *api.Extension) error { // TODO(aaronl): For the moment, extensions are immutable return errors.New("extensions are immutable") } diff --git a/manager/state/store/memory.go b/manager/state/store/memory.go index 4814e04551..7508fd6b53 100644 --- a/manager/state/store/memory.go +++ b/manager/state/store/memory.go @@ -588,16 +588,16 @@ func (tx *tx) create(table string, o api.StoreObject) error { return ErrExist } - copy := o.CopyStoreObject() - meta := copy.GetMeta() + cp := o.CopyStoreObject() + meta := cp.GetMeta() if err := touchMeta(&meta, tx.curVersion); err != nil { return err } - copy.SetMeta(meta) + cp.SetMeta(meta) - err := tx.memDBTx.Insert(table, copy) + err := tx.memDBTx.Insert(table, cp) if err == nil { - tx.changelist = append(tx.changelist, copy.EventCreate()) + tx.changelist = append(tx.changelist, cp.EventCreate()) o.SetMeta(meta) } return err @@ -619,15 +619,15 @@ func (tx *tx) update(table string, o api.StoreObject) error { } } - copy := o.CopyStoreObject() + cp := o.CopyStoreObject() if err := touchMeta(&meta, tx.curVersion); err != nil { return err } - copy.SetMeta(meta) + cp.SetMeta(meta) - err := tx.memDBTx.Insert(table, copy) + err := tx.memDBTx.Insert(table, cp) if err == nil { - tx.changelist = append(tx.changelist, copy.EventUpdate(oldN)) + tx.changelist = append(tx.changelist, cp.EventUpdate(oldN)) o.SetMeta(meta) } return err @@ -936,7 +936,7 @@ func WatchFrom(store *MemoryStore, version *api.Version, specifiers ...api.Event cancelWatch func() ) // Using Update to lock the store - err := store.Update(func(tx Tx) error { + err := store.Update(func(_ Tx) error { // Get current version curVersion = store.proposer.GetVersion() // Start the watch with the store locked so events cannot be diff --git a/manager/state/store/object.go b/manager/state/store/object.go index 2c9faf8f63..955938079a 100644 --- a/manager/state/store/object.go +++ b/manager/state/store/object.go @@ -18,7 +18,7 @@ type ObjectStoreConfig struct { // nodes, etc., which conform to the StoreObject interface) and replaces the // existing objects in the store of that type with the new objects. func RestoreTable(tx Tx, table string, newObjects []api.StoreObject) error { - checkType := func(by By) error { + checkType := func(_ By) error { return nil } var oldObjects []api.StoreObject diff --git a/manager/state/testutils/mock_proposer.go b/manager/state/testutils/mock_proposer.go index 9984ddb3f5..96aae4418e 100644 --- a/manager/state/testutils/mock_proposer.go +++ b/manager/state/testutils/mock_proposer.go @@ -16,7 +16,7 @@ type MockProposer struct { // ProposeValue propagates a value. In this mock implementation, it just stores // the value locally. -func (mp *MockProposer) ProposeValue(ctx context.Context, storeAction []api.StoreAction, cb func()) error { +func (mp *MockProposer) ProposeValue(_ context.Context, storeAction []api.StoreAction, cb func()) error { mp.index += 3 mp.changes = append(mp.changes, state.Change{ diff --git a/protobuf/plugin/authenticatedwrapper/authenticatedwrapper.go b/protobuf/plugin/authenticatedwrapper/authenticatedwrapper.go index 4facbd3664..adb49887b1 100644 --- a/protobuf/plugin/authenticatedwrapper/authenticatedwrapper.go +++ b/protobuf/plugin/authenticatedwrapper/authenticatedwrapper.go @@ -193,5 +193,5 @@ func (g *authenticatedWrapperGen) Generate(file *generator.FileDescriptor) { g.gen.P() } -func (g *authenticatedWrapperGen) GenerateImports(file *generator.FileDescriptor) { +func (g *authenticatedWrapperGen) GenerateImports(_ *generator.FileDescriptor) { } diff --git a/protobuf/plugin/deepcopy/deepcopy.go b/protobuf/plugin/deepcopy/deepcopy.go index 27ab241051..d65ba5caf6 100644 --- a/protobuf/plugin/deepcopy/deepcopy.go +++ b/protobuf/plugin/deepcopy/deepcopy.go @@ -137,7 +137,7 @@ func (d *deepCopyGen) genMsgDeepCopy(m *generator.Descriptor) { d.P() } -func (d *deepCopyGen) genMap(m *generator.Descriptor, f *descriptor.FieldDescriptorProto) bool { +func (d *deepCopyGen) genMap(_ *generator.Descriptor, f *descriptor.FieldDescriptorProto) bool { fName := generator.CamelCase(*f.Name) if gogoproto.IsCustomName(f) { fName = gogoproto.GetCustomName(f) diff --git a/swarmd/cmd/swarm-rafttool/main.go b/swarmd/cmd/swarm-rafttool/main.go index afc591d37d..cf7d13b4ad 100644 --- a/swarmd/cmd/swarm-rafttool/main.go +++ b/swarmd/cmd/swarm-rafttool/main.go @@ -45,7 +45,7 @@ var ( dumpWALCmd = &cobra.Command{ Use: "dump-wal", Short: "Display entries from the Raft log", - RunE: func(cmd *cobra.Command, args []string) error { + RunE: func(cmd *cobra.Command, _ []string) error { stateDir, err := cmd.Flags().GetString("state-dir") if err != nil { return err @@ -78,7 +78,7 @@ var ( dumpSnapshotCmd = &cobra.Command{ Use: "dump-snapshot", Short: "Display entries from the latest Raft snapshot", - RunE: func(cmd *cobra.Command, args []string) error { + RunE: func(cmd *cobra.Command, _ []string) error { stateDir, err := cmd.Flags().GetString("state-dir") if err != nil { return err @@ -143,7 +143,7 @@ var ( downgradeKeyCmd = &cobra.Command{ Use: "downgrade-key", Short: "Downgrade swarm node key from PKCS8 to PKCS1", - RunE: func(cmd *cobra.Command, args []string) error { + RunE: func(cmd *cobra.Command, _ []string) error { stateDir, err := cmd.Flags().GetString("state-dir") if err != nil { return err @@ -161,7 +161,7 @@ var ( renewCertsCmd = &cobra.Command{ Use: "renew-certs", Short: "Renew expired manager cert", - RunE: func(cmd *cobra.Command, args []string) error { + RunE: func(cmd *cobra.Command, _ []string) error { stateDir, err := cmd.Flags().GetString("state-dir") if err != nil { return err diff --git a/swarmd/cmd/swarmctl/common/common.go b/swarmd/cmd/swarmctl/common/common.go index 2179e2755c..ffd16451e9 100644 --- a/swarmd/cmd/swarmctl/common/common.go +++ b/swarmd/cmd/swarmctl/common/common.go @@ -49,7 +49,7 @@ func DialConn(cmd *cobra.Command) (*grpc.ClientConn, error) { } // Context returns a request context based on CLI arguments. -func Context(cmd *cobra.Command) context.Context { +func Context(_ *cobra.Command) context.Context { // TODO(aluzzardi): Actually create a context. return context.TODO() } diff --git a/swarmd/cmd/swarmd/main.go b/swarmd/cmd/swarmd/main.go index dfaf1ef187..739fe012be 100644 --- a/swarmd/cmd/swarmd/main.go +++ b/swarmd/cmd/swarmd/main.go @@ -60,7 +60,7 @@ var ( os.Exit(0) } }, - RunE: func(cmd *cobra.Command, args []string) error { + RunE: func(cmd *cobra.Command, _ []string) error { ctx := context.Background() hostname, err := cmd.Flags().GetString("hostname") if err != nil { diff --git a/swarmd/dockerexec/controller.go b/swarmd/dockerexec/controller.go index 0f608b8229..abc0508fa2 100644 --- a/swarmd/dockerexec/controller.go +++ b/swarmd/dockerexec/controller.go @@ -82,7 +82,7 @@ func (r *controller) PortStatus(ctx context.Context) (*api.PortStatus, error) { } // Update takes a recent task update and applies it to the container. -func (r *controller) Update(ctx context.Context, t *api.Task) error { +func (r *controller) Update(ctx context.Context, _ *api.Task) error { log.G(ctx).Warnf("task updates not yet supported") // TODO(stevvooe): While assignment of tasks is idempotent, we do allow // updates of metadata, such as labelling, as well as any other properties diff --git a/swarmd/dockerexec/executor.go b/swarmd/dockerexec/executor.go index 524d720273..1aa0e99132 100644 --- a/swarmd/dockerexec/executor.go +++ b/swarmd/dockerexec/executor.go @@ -123,7 +123,7 @@ func (e *executor) Describe(ctx context.Context) (*api.NodeDescription, error) { return description, nil } -func (e *executor) Configure(ctx context.Context, node *api.Node) error { +func (e *executor) Configure(_ context.Context, _ *api.Node) error { return nil } diff --git a/swarmd/go.mod b/swarmd/go.mod index de389c9442..daeb223ceb 100644 --- a/swarmd/go.mod +++ b/swarmd/go.mod @@ -1,6 +1,6 @@ module github.com/moby/swarmkit/swarmd -go 1.18 +go 1.21.0 require ( github.com/cloudflare/cfssl v1.6.4 diff --git a/swarmd/go.sum b/swarmd/go.sum index 01b6ecdccf..7d166e5ca2 100644 --- a/swarmd/go.sum +++ b/swarmd/go.sum @@ -14,13 +14,16 @@ code.cloudfoundry.org/clock v1.1.0 h1:XLzC6W3Ah/Y7ht1rmZ6+QfPdt1iGWEAAtIZXgiaj57 code.cloudfoundry.org/clock v1.1.0/go.mod h1:yA3fxddT9RINQL2XHS7PS+OXxKCGhfrZmlNUCIM6AKo= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c h1:udKWzYgxTojEKWjV8V+WSxDXJ4NFATAsZjh8iIbsQIg= +github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/akutz/gosync v0.1.0 h1:naxPT/aDYDh79PMwM3XmencmNQeYmpNFSZy4ZE9zIW0= +github.com/akutz/gosync v0.1.0/go.mod h1:I8I4aiqJI1nqaeYOOB1WS+CgRJVVPqhct9Y4njywM84= github.com/akutz/memconn v0.1.0 h1:NawI0TORU4hcOMsMr11g7vwlCdkYeLKXBcxWu2W/P8A= +github.com/akutz/memconn v0.1.0/go.mod h1:Jo8rI7m0NieZyLI5e2CDlRdRqRRB4S7Xp77ukDjH+Fw= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= @@ -40,6 +43,7 @@ github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kB github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84= github.com/cenkalti/backoff/v4 v4.1.1/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw= github.com/cenkalti/backoff/v4 v4.1.2 h1:6Yo7N8UP2K6LWZnW94DLVSSrbobcWdVzAYOisuDPIFo= +github.com/cenkalti/backoff/v4 v4.1.2/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/certifi/gocertifi v0.0.0-20191021191039-0944d244cd40/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= github.com/certifi/gocertifi v0.0.0-20200922220541-2c3bb06c6054 h1:uH66TXeswKn5PW5zdZ39xEwfS9an067BirqA+P4QaLI= @@ -111,6 +115,7 @@ github.com/fernet/fernet-go v0.0.0-20211208181803-9f70042a33ee h1:v6Eju/FhxsACGN github.com/fernet/fernet-go v0.0.0-20211208181803-9f70042a33ee/go.mod h1:2H9hjfbpSMHwY503FclkV/lZTBh2YlOmLLSda12uL8c= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY= +github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= github.com/getsentry/raven-go v0.2.0 h1:no+xWJRb5ZI7eE8TWgIq1jLulQiIoLG0IfYxv5JYMGs= github.com/getsentry/raven-go v0.2.0/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49PX4NzFV5kcQ= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= @@ -175,6 +180,7 @@ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE= github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= +github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= @@ -277,13 +283,17 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJ github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A= +github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc= github.com/mreiferson/go-httpclient v0.0.0-20160630210159-31f0106b4474/go.mod h1:OQA4XLvDbMgS8P0CevmM4m9Q3Jq4phKUzcocxuGJ5m8= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= +github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= +github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= github.com/onsi/gomega v1.27.6 h1:ENqfyGeS5AX/rlXDd/ETokDz93u0YufY1Pgxuy/PvWE= +github.com/onsi/gomega v1.27.6/go.mod h1:PIQNjfQwkP3aQAH7lf7j87O/5FiNr+ZR8+ipb+qQlhg= github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= @@ -293,6 +303,7 @@ github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFSt github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/phayes/permbits v0.0.0-20190612203442-39d7c581d2ee h1:P6U24L02WMfj9ymZTxl7CxS73JC99x3ukk+DBkgQGQs= +github.com/phayes/permbits v0.0.0-20190612203442-39d7c581d2ee/go.mod h1:3uODdxMgOaPYeWU7RzZLxVtJHZ/x1f/iHkBZuKJDzuY= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= @@ -332,6 +343,7 @@ github.com/prometheus/procfs v0.9.0 h1:wzCHvIvM5SxWqYvwgVL7yJY8Lz3PKn49KQtpgMYJf github.com/prometheus/procfs v0.9.0/go.mod h1:+pB4zwohETzFnmlpe6yd2lSc+0/46IYZRB/chUwxUZY= github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= github.com/rexray/gocsi v1.2.2 h1:h9F/eSizORihN+XT+mxhq7ClZ3cYo1L9RvasN6dKz8U= +github.com/rexray/gocsi v1.2.2/go.mod h1:X9oJHHpIVGmfKdK8e+JuCXafggk7HxL9mWQOgrsoHpo= github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= @@ -413,16 +425,20 @@ go.opentelemetry.io/otel v1.4.0/go.mod h1:jeAqMFKy2uLIxCtKxoFj0FAL5zAPKQagc3+GtB go.opentelemetry.io/otel v1.4.1 h1:QbINgGDDcoQUoMJa2mMaWno49lja9sHwp6aoa2n3a4g= go.opentelemetry.io/otel v1.4.1/go.mod h1:StM6F/0fSwpd8dKWDCdRr7uRvEPYdW0hBSlbdTiUde4= go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.3.0 h1:R/OBkMoGgfy2fLhs2QhkCI1w4HLEQX92GCcJB6SSdNk= +go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.3.0/go.mod h1:VpP4/RMn8bv8gNo9uK7/IMY4mtWLELsS+JIP0inH0h4= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.0.1/go.mod h1:Kv8liBeVNFkkkbilbgWRpV+wWuu+H5xdOT6HAgd30iw= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.3.0 h1:giGm8w67Ja7amYNfYMdme7xSp2pIxThWopw8+QP51Yk= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.3.0/go.mod h1:hO1KLR7jcKaDDKDkvI9dP/FIhpmna5lkqPUQdEjFAM8= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.0.1/go.mod h1:xOvWoTOrQjxjW61xtOmD/WKGRYb/P4NzRo3bs65U6Rk= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.3.0 h1:Ydage/P0fRrSPpZeCVxzjqGcI6iVmG2xb43+IR8cjqM= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.3.0/go.mod h1:QNX1aly8ehqqX1LEa6YniTU7VY9I6R3X/oPxhGdTceE= go.opentelemetry.io/otel/internal/metric v0.27.0 h1:9dAVGAfFiiEq5NVB9FUJ5et+btbDQAUIJehJ+ikyryk= go.opentelemetry.io/otel/internal/metric v0.27.0/go.mod h1:n1CVxRqKqYZtqyTh9U/onvKapPGv7y/rpyOTI+LFNzw= go.opentelemetry.io/otel/metric v0.27.0 h1:HhJPsGhJoKRSegPQILFbODU56NS/L1UE4fS1sC5kIwQ= go.opentelemetry.io/otel/metric v0.27.0/go.mod h1:raXDJ7uP2/Jc0nVZWQjJtzoyssOYWu/+pjZqRzfvZ7g= go.opentelemetry.io/otel/sdk v1.0.1/go.mod h1:HrdXne+BiwsOHYYkBE5ysIcv2bvdZstxzmCQhxTcZkI= go.opentelemetry.io/otel/sdk v1.3.0 h1:3278edCoH89MEJ0Ky8WQXVmDQv3FX4ZJ3Pp+9fJreAI= +go.opentelemetry.io/otel/sdk v1.3.0/go.mod h1:rIo4suHNhQwBIPg9axF8V9CA72Wz2mKF1teNrup8yzs= go.opentelemetry.io/otel/trace v1.0.1/go.mod h1:5g4i4fKLaX2BQpSBsxw8YYcgKpMMSW3x7ZTuYBr3sUk= go.opentelemetry.io/otel/trace v1.4.0/go.mod h1:uc3eRsqDfWs9R7b92xbQbU42/eTNz4N+gLP8qJCi4aE= go.opentelemetry.io/otel/trace v1.4.1 h1:O+16qcdTrT7zxv2J6GejTPFinSwA++cYerC5iSiF8EQ= @@ -430,6 +446,7 @@ go.opentelemetry.io/otel/trace v1.4.1/go.mod h1:iYEVbroFCNut9QkwEczV9vMRPHNKSSwY go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.opentelemetry.io/proto/otlp v0.9.0/go.mod h1:1vKfU9rv61e9EVGthD1zNvUbiwPcimSsOPU9brfSHJg= go.opentelemetry.io/proto/otlp v0.11.0 h1:cLDgIBTf4lLOlztkhzAEdQsJ4Lj+i5Wc9k6Nn0K1VyU= +go.opentelemetry.io/proto/otlp v0.11.0/go.mod h1:QpEjXPrNQzrFDZgoTo49dgHR9RYRSrg3NAKnUGl9YpQ= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE= @@ -520,6 +537,7 @@ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E= +golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -660,11 +678,13 @@ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k= gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= +gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= @@ -680,6 +700,7 @@ gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools/v3 v3.5.0 h1:Ljk6PdHdOhAb5aDMWXjDLMMhph+BpztA4v1QdqEW2eY= +gotest.tools/v3 v3.5.0/go.mod h1:isy3WKz7GK6uNw/sbHzfKBLvlvXwUyV06n6brMxxopU= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= diff --git a/swarmd/go.work b/swarmd/go.work index 4904ae0a94..063eaaacf8 100644 --- a/swarmd/go.work +++ b/swarmd/go.work @@ -1,4 +1,4 @@ -go 1.18 +go 1.21.0 use ( . diff --git a/tools/go.mod b/tools/go.mod index c8d91d674d..fb50f42c6f 100644 --- a/tools/go.mod +++ b/tools/go.mod @@ -1,6 +1,6 @@ module github.com/moby/swarmkit/v2/tools -go 1.17 +go 1.21.0 require github.com/containerd/protobuild v0.1.1-0.20211025221430-7e5ee24bc1f7 diff --git a/version/cmd.go b/version/cmd.go index e5d661b65c..c67fe82e66 100644 --- a/version/cmd.go +++ b/version/cmd.go @@ -12,7 +12,7 @@ var ( Cmd = &cobra.Command{ Use: "version", Short: "Print version number of swarm", - RunE: func(cmd *cobra.Command, args []string) error { + RunE: func(_ *cobra.Command, args []string) error { if len(args) != 0 { return errors.New("version command takes no arguments") } From 8f075aa93f9d45afec50bb4c10008e2552e7b74f Mon Sep 17 00:00:00 2001 From: CrazyMax <1951866+crazy-max@users.noreply.github.com> Date: Thu, 6 Nov 2025 13:37:31 +0100 Subject: [PATCH 3/4] update generated files Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com> --- api/types.pb.go | 105 ++++++++++++------- protobuf/plugin/deepcopy/test/deepcopy.pb.go | 2 + 2 files changed, 72 insertions(+), 35 deletions(-) diff --git a/api/types.pb.go b/api/types.pb.go index 8fe2107d73..babab6b60e 100644 --- a/api/types.pb.go +++ b/api/types.pb.go @@ -67,8 +67,9 @@ func (ResourceType) EnumDescriptor() ([]byte, []int) { // Only the manager create a NEW task, and move the task to PENDING and ASSIGNED. // Afterward, the manager must rely on the agent to update the task status // (pre-run: preparing, ready, starting; -// running; -// end-state: complete, shutdown, failed, rejected) +// +// running; +// end-state: complete, shutdown, failed, rejected) type TaskState int32 const ( @@ -1085,6 +1086,7 @@ var xxx_messageInfo_DiscreteGenericResource proto.InternalMessageInfo // be either an integer (e.g: SSD=3) or a string (e.g: SSD=sda1) type GenericResource struct { // Types that are valid to be assigned to Resource: + // // *GenericResource_NamedResourceSpec // *GenericResource_DiscreteResourceSpec Resource isGenericResource_Resource `protobuf_oneof:"resource"` @@ -2114,6 +2116,7 @@ type TaskStatus struct { // Container status contains container specific status information. // // Types that are valid to be assigned to RuntimeStatus: + // // *TaskStatus_Container RuntimeStatus isTaskStatus_RuntimeStatus `protobuf_oneof:"runtime_status"` // HostPorts provides a list of ports allocated at the host @@ -2506,6 +2509,7 @@ type IssuanceStatus struct { State IssuanceStatus_State `protobuf:"varint,1,opt,name=state,proto3,enum=docker.swarmkit.v1.IssuanceStatus_State" json:"state,omitempty"` // Err is set if the Certificate Issuance is in an error state. // The following states should report a companion error: + // // FAILED Err string `protobuf:"bytes,2,opt,name=err,proto3" json:"err,omitempty"` } @@ -3006,6 +3010,7 @@ var xxx_messageInfo_SpreadOver proto.InternalMessageInfo type PlacementPreference struct { // Types that are valid to be assigned to Preference: + // // *PlacementPreference_Spread Preference isPlacementPreference_Preference `protobuf_oneof:"Preference"` } @@ -3437,6 +3442,7 @@ type SecretReference struct { // Target specifies how this secret should be exposed to the task. // // Types that are valid to be assigned to Target: + // // *SecretReference_File Target isSecretReference_Target `protobuf_oneof:"target"` } @@ -3517,6 +3523,7 @@ type ConfigReference struct { // Target specifies how this config should be exposed to the task. // // Types that are valid to be assigned to Target: + // // *ConfigReference_File // *ConfigReference_Runtime Target isConfigReference_Target `protobuf_oneof:"target"` @@ -3826,6 +3833,7 @@ var xxx_messageInfo_Privileges proto.InternalMessageInfo // CredentialSpec for managed service account (Windows only). type Privileges_CredentialSpec struct { // Types that are valid to be assigned to Source: + // // *Privileges_CredentialSpec_File // *Privileges_CredentialSpec_Registry // *Privileges_CredentialSpec_Config @@ -4113,6 +4121,7 @@ type VolumeAccessMode struct { // but the upstream is free to do so. However, one of these MUST be set. // // Types that are valid to be assigned to AccessType: + // // *VolumeAccessMode_Block // *VolumeAccessMode_Mount AccessType isVolumeAccessMode_AccessType `protobuf_oneof:"access_type"` @@ -4338,12 +4347,12 @@ var xxx_messageInfo_VolumeSecret proto.InternalMessageInfo // // Without this two-step process, the following could happen: // -// 1. ControllerPublishVolume is called and the Volume is successfully -// published. -// 2. A crash or leadership change disrupts the cluster before -// the Volume with the updated VolumePublishStatus can be added to the -// store. -// 3. The Task that required the Volume to be published is deleted. +// 1. ControllerPublishVolume is called and the Volume is successfully +// published. +// 2. A crash or leadership change disrupts the cluster before +// the Volume with the updated VolumePublishStatus can be added to the +// store. +// 3. The Task that required the Volume to be published is deleted. // // In this case, the Volume would be published to the Node, but Swarm would be // unaware of this, and would additionally be unaware that the Volume _should_ @@ -4608,21 +4617,27 @@ type TopologyRequirement struct { // accessible from at least one of the requisite topologies. // // Given - // x = number of topologies provisioned volume is accessible from - // n = number of requisite topologies + // + // x = number of topologies provisioned volume is accessible from + // n = number of requisite topologies + // // The CO MUST ensure n >= 1. The SP MUST ensure x >= 1 // If x==n, then the SP MUST make the provisioned volume available to // all topologies from the list of requisite topologies. If it is // unable to do so, the SP MUST fail the CreateVolume call. // For example, if a volume should be accessible from a single zone, // and requisite = - // {"region": "R1", "zone": "Z2"} + // + // {"region": "R1", "zone": "Z2"} + // // then the provisioned volume MUST be accessible from the "region" // "R1" and the "zone" "Z2". // Similarly, if a volume should be accessible from two zones, and // requisite = - // {"region": "R1", "zone": "Z2"}, - // {"region": "R1", "zone": "Z3"} + // + // {"region": "R1", "zone": "Z2"}, + // {"region": "R1", "zone": "Z3"} + // // then the provisioned volume MUST be accessible from the "region" // "R1" and both "zone" "Z2" and "zone" "Z3". // @@ -4631,18 +4646,23 @@ type TopologyRequirement struct { // the CreateVolume call. // For example, if a volume should be accessible from a single zone, // and requisite = - // {"region": "R1", "zone": "Z2"}, - // {"region": "R1", "zone": "Z3"} + // + // {"region": "R1", "zone": "Z2"}, + // {"region": "R1", "zone": "Z3"} + // // then the SP may choose to make the provisioned volume available in // either the "zone" "Z2" or the "zone" "Z3" in the "region" "R1". // Similarly, if a volume should be accessible from two zones, and // requisite = - // {"region": "R1", "zone": "Z2"}, - // {"region": "R1", "zone": "Z3"}, - // {"region": "R1", "zone": "Z4"} + // + // {"region": "R1", "zone": "Z2"}, + // {"region": "R1", "zone": "Z3"}, + // {"region": "R1", "zone": "Z4"} + // // then the provisioned volume MUST be accessible from any combination // of two unique topologies: e.g. "R1/Z2" and "R1/Z3", or "R1/Z2" and - // "R1/Z4", or "R1/Z3" and "R1/Z4". + // + // "R1/Z4", or "R1/Z3" and "R1/Z4". // // If x>n, then the SP MUST make the provisioned volume available from // all topologies from the list of requisite topologies and MAY choose @@ -4651,7 +4671,9 @@ type TopologyRequirement struct { // CreateVolume call. // For example, if a volume should be accessible from two zones, and // requisite = - // {"region": "R1", "zone": "Z2"} + // + // {"region": "R1", "zone": "Z2"} + // // then the provisioned volume MUST be accessible from the "region" // "R1" and the "zone" "Z2" and the SP may select the second zone // independently, e.g. "R1/Z4". @@ -4680,10 +4702,14 @@ type TopologyRequirement struct { // Example 1: // Given a volume should be accessible from a single zone, and // requisite = - // {"region": "R1", "zone": "Z2"}, - // {"region": "R1", "zone": "Z3"} + // + // {"region": "R1", "zone": "Z2"}, + // {"region": "R1", "zone": "Z3"} + // // preferred = - // {"region": "R1", "zone": "Z3"} + // + // {"region": "R1", "zone": "Z3"} + // // then the the SP SHOULD first attempt to make the provisioned volume // available from "zone" "Z3" in the "region" "R1" and fall back to // "zone" "Z2" in the "region" "R1" if that is not possible. @@ -4691,13 +4717,17 @@ type TopologyRequirement struct { // Example 2: // Given a volume should be accessible from a single zone, and // requisite = - // {"region": "R1", "zone": "Z2"}, - // {"region": "R1", "zone": "Z3"}, - // {"region": "R1", "zone": "Z4"}, - // {"region": "R1", "zone": "Z5"} + // + // {"region": "R1", "zone": "Z2"}, + // {"region": "R1", "zone": "Z3"}, + // {"region": "R1", "zone": "Z4"}, + // {"region": "R1", "zone": "Z5"} + // // preferred = - // {"region": "R1", "zone": "Z4"}, - // {"region": "R1", "zone": "Z2"} + // + // {"region": "R1", "zone": "Z4"}, + // {"region": "R1", "zone": "Z2"} + // // then the the SP SHOULD first attempt to make the provisioned volume // accessible from "zone" "Z4" in the "region" "R1" and fall back to // "zone" "Z2" in the "region" "R1" if that is not possible. If that @@ -4710,13 +4740,17 @@ type TopologyRequirement struct { // the volume is accessible from two zones, aka synchronously // replicated), and // requisite = - // {"region": "R1", "zone": "Z2"}, - // {"region": "R1", "zone": "Z3"}, - // {"region": "R1", "zone": "Z4"}, - // {"region": "R1", "zone": "Z5"} + // + // {"region": "R1", "zone": "Z2"}, + // {"region": "R1", "zone": "Z3"}, + // {"region": "R1", "zone": "Z4"}, + // {"region": "R1", "zone": "Z5"} + // // preferred = - // {"region": "R1", "zone": "Z5"}, - // {"region": "R1", "zone": "Z3"} + // + // {"region": "R1", "zone": "Z5"}, + // {"region": "R1", "zone": "Z3"} + // // then the the SP SHOULD first attempt to make the provisioned volume // accessible from the combination of the two "zones" "Z5" and "Z3" in // the "region" "R1". If that's not possible, it should fall back to @@ -4831,6 +4865,7 @@ type VolumeCapability struct { // following fields MUST be specified. // // Types that are valid to be assigned to AccessType: + // // *VolumeCapability_Block // *VolumeCapability_Mount AccessType isVolumeCapability_AccessType `protobuf_oneof:"access_type"` diff --git a/protobuf/plugin/deepcopy/test/deepcopy.pb.go b/protobuf/plugin/deepcopy/test/deepcopy.pb.go index 1b3d51dbe4..9c87ce7b6e 100644 --- a/protobuf/plugin/deepcopy/test/deepcopy.pb.go +++ b/protobuf/plugin/deepcopy/test/deepcopy.pb.go @@ -293,6 +293,7 @@ var xxx_messageInfo_MapStruct proto.InternalMessageInfo type OneOf struct { // Types that are valid to be assigned to Fields: + // // *OneOf_Field1 // *OneOf_Field2 // *OneOf_Field3 @@ -304,6 +305,7 @@ type OneOf struct { // *OneOf_Field9 Fields isOneOf_Fields `protobuf_oneof:"fields"` // Types that are valid to be assigned to FieldsTwo: + // // *OneOf_Field10 // *OneOf_Field11 FieldsTwo isOneOf_FieldsTwo `protobuf_oneof:"fieldsTwo"` From 34f287e068c7926e8313c9380a966f6e0d915fcd Mon Sep 17 00:00:00 2001 From: Drew Erny Date: Tue, 16 Jan 2024 11:28:48 -0600 Subject: [PATCH 4/4] Fix cryptographic certificates for post go 1.19 Go 1.19 changed the way cryptographic certificates were verified, which broke a certain edge case of root CA rotation. This edge case is now disallowed. Signed-off-by: Drew Erny --- ca/config_test.go | 8 +-- ca/server_test.go | 8 ++- integration/integration_test.go | 2 - manager/controlapi/ca_rotation.go | 18 +++++- manager/controlapi/ca_rotation_test.go | 82 +++++++++++--------------- 5 files changed, 58 insertions(+), 60 deletions(-) diff --git a/ca/config_test.go b/ca/config_test.go index 728a141f8f..77f9ce2b4d 100644 --- a/ca/config_test.go +++ b/ca/config_test.go @@ -464,14 +464,14 @@ func TestSecurityConfigUpdateRootCA(t *testing.T) { require.Error(t, err) err = <-actualErrChan require.Error(t, err) - require.IsType(t, x509.UnknownAuthorityError{}, err) + require.ErrorAs(t, err, &x509.UnknownAuthorityError{}) _, actualErrChan, err = tlsGRPCDial(tc.Context, l.Addr().String(), tcConfig.ClientTLSCreds) defer close(actualErrChan) require.Error(t, err) err = <-actualErrChan require.Error(t, err) - require.IsType(t, x509.UnknownAuthorityError{}, err) + require.ErrorAs(t, err, &x509.UnknownAuthorityError{}) // update the root CA on the "original security config to support both the old root // and the "new root" (the testing CA root). Also make sure this root CA has an @@ -640,7 +640,7 @@ func TestRenewTLSConfigUpdatesRootOnUnknownAuthError(t *testing.T) { default: crossSigneds[i], err = cas[i-1].CrossSignCACertificate(certs[i]) require.NoError(t, err) - cas[i], err = ca.NewRootCA(certs[i-1], certs[i], keys[i], ca.DefaultNodeCertExpiration, crossSigneds[i]) + cas[i], err = ca.NewRootCA(certs[i-1], crossSigneds[i], keys[i], ca.DefaultNodeCertExpiration, crossSigneds[i]) require.NoError(t, err) } } @@ -652,7 +652,7 @@ func TestRenewTLSConfigUpdatesRootOnUnknownAuthError(t *testing.T) { CACert: certs[0], CAKey: keys[0], RootRotation: &api.RootRotation{ - CACert: certs[1], + CACert: crossSigneds[1], CAKey: keys[1], CrossSignedCACert: crossSigneds[1], }, diff --git a/ca/server_test.go b/ca/server_test.go index 01a4ed71bd..6ee6fdc77d 100644 --- a/ca/server_test.go +++ b/ca/server_test.go @@ -429,8 +429,9 @@ type clusterObjToUpdate struct { externalCertSignedBy []byte } -// When the SecurityConfig is updated with a new TLS keypair, the server automatically uses that keypair to contact -// the external CA +// TestServerExternalCAGetsTLSKeypairUpdates tests that when the SecurityConfig +// is updated with a new TLS keypair, the server automatically uses that +// keypair to contact the external CA func TestServerExternalCAGetsTLSKeypairUpdates(t *testing.T) { t.Parallel() @@ -473,12 +474,13 @@ func TestServerExternalCAGetsTLSKeypairUpdates(t *testing.T) { require.NoError(t, testutils.PollFuncWithTimeout(nil, func() error { externalCA := tc.CAServer.ExternalCA() // wait for the credentials for the external CA to update + log.G(tc.Context).Warn("making external CA sign request") if _, err = externalCA.Sign(tc.Context, req); err == nil { return errors.New("external CA creds haven't updated yet to be invalid") } return nil }, 2*time.Second)) - require.Contains(t, errors.Cause(err).Error(), "remote error: tls: bad certificate") + require.Contains(t, errors.Cause(err).Error(), "remote error: tls: expired certificate") } func TestCAServerUpdateRootCA(t *testing.T) { diff --git a/integration/integration_test.go b/integration/integration_test.go index 9ee3943a6d..a8ef644f14 100644 --- a/integration/integration_test.go +++ b/integration/integration_test.go @@ -831,7 +831,6 @@ func TestNodeRejoins(t *testing.T) { require.NoError(t, err) err = cl.StartNode(nodeID) require.Error(t, err) - require.Contains(t, err.Error(), "certificate signed by unknown authority") } func TestNodeJoinWithWrongCerts(t *testing.T) { @@ -869,7 +868,6 @@ func TestNodeJoinWithWrongCerts(t *testing.T) { err = cl.StartNode(nodeID) require.Error(t, err) - require.Contains(t, err.Error(), "certificate signed by unknown authority") } } diff --git a/manager/controlapi/ca_rotation.go b/manager/controlapi/ca_rotation.go index 52802685cd..74c66789a0 100644 --- a/manager/controlapi/ca_rotation.go +++ b/manager/controlapi/ca_rotation.go @@ -37,6 +37,7 @@ func hasSigningKey(a interface{}) bool { // Creates a cross-signed intermediate and new api.RootRotation object. // This function assumes that the root cert and key and the external CAs have already been validated. func newRootRotationObject(ctx context.Context, securityConfig *ca.SecurityConfig, apiRootCA *api.RootCA, newCARootCA ca.RootCA, extCAs []*api.ExternalCA, version uint64) (*api.RootCA, error) { + log.G(ctx).Info("calls newRootRotationObject") var ( rootCert, rootKey, crossSignedCert []byte newRootHasSigner bool @@ -53,6 +54,7 @@ func newRootRotationObject(ctx context.Context, securityConfig *ca.SecurityConfi // a root rotation is already in progress) switch { case hasSigningKey(apiRootCA): + log.G(ctx).Info("takes hasSigningKey branch") var oldRootCA ca.RootCA oldRootCA, err = ca.NewRootCA(apiRootCA.CACert, apiRootCA.CACert, apiRootCA.CAKey, ca.DefaultNodeCertExpiration, nil) if err == nil { @@ -175,8 +177,14 @@ func getNormalizedExtCAs(caConfig *api.CAConfig, normalizedCurrentRootCACert []b // object as is // - we want to generate a new internal CA cert and key (force rotation value has changed), and we return the updated RootCA // object -// 3. Signing cert and key have been provided: validate that these match (the cert and key match). Otherwise, return an error. -// 4. Return the updated RootCA object according to the following criteria: +// 3. Check if the cert is the same key. We cannot rotate to a cert with the same key. As of go 1.19, the logic for certificate +// trust chain validation changed, and a chain including two certs with the same key will not validate. This case would +// usually occur when reissuing the same cert with a later expiration date. Because of this validation failure, our root +// rotation algorithm fails. While it might be possible to adjust the rotation procedure to accommodate such a cert change, +// it is somewhat of an edge case, and, more importantly, we do not currently possess the cryptographic expertise to safely +// make such a change. So, as a result, this operation is disallowed. The new root cert must have a new key. +// 4. Signing cert and key have been provided: validate that these match (the cert and key match). Otherwise, return an error. +// 5. Return the updated RootCA object according to the following criteria: // - If the desired cert is the same as the current CA cert then abort any outstanding rotations. The current signing key // is replaced with the desired signing key (this could lets us switch between external->internal or internal->external // without an actual CA rotation, which is not needed because any leaf cert issued with one CA cert can be validated using @@ -289,6 +297,12 @@ func validateCAConfig(ctx context.Context, securityConfig *ca.SecurityConfig, cl return copied, nil } + // See step 3 in the doc comment. We cannot upgrade a cert with the same + // key. + if len(newConfig.SigningCAKey) > 0 && bytes.Equal(newConfig.SigningCAKey, cluster.RootCA.CAKey) { + return nil, status.Errorf(codes.InvalidArgument, "Cannot update to a cert with an identical key") + } + // check if this is the same desired cert as an existing root rotation if r := cluster.RootCA.RootRotation; r != nil && bytes.Equal(ca.NormalizePEMs(r.CACert), newConfig.SigningCACert) { copied := cluster.RootCA.Copy() diff --git a/manager/controlapi/ca_rotation_test.go b/manager/controlapi/ca_rotation_test.go index e339a5d92d..650a62d3ab 100644 --- a/manager/controlapi/ca_rotation_test.go +++ b/manager/controlapi/ca_rotation_test.go @@ -4,6 +4,7 @@ import ( "context" "crypto/x509" "encoding/pem" + "os" "testing" "time" @@ -12,10 +13,13 @@ import ( "github.com/moby/swarmkit/v2/api" "github.com/moby/swarmkit/v2/ca" "github.com/moby/swarmkit/v2/ca/testutils" + "github.com/sirupsen/logrus" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" + + "github.com/moby/swarmkit/v2/log" ) type rootCARotationTestCase struct { @@ -315,7 +319,11 @@ func TestValidateCAConfigInvalidValues(t *testing.T) { } func runValidTestCases(t *testing.T, testcases []*rootCARotationTestCase, localRootCA *ca.RootCA) { + logrus.SetLevel(logrus.DebugLevel) + logrus.SetOutput(os.Stdout) + ctx := log.WithLogger(context.Background(), log.L.WithField("testname", t.Name())) for _, valid := range testcases { + casectx := log.WithField(ctx, "testcase", valid.description) cluster := &api.Cluster{ RootCA: *valid.rootCA.Copy(), Spec: api.ClusterSpec{ @@ -323,7 +331,7 @@ func runValidTestCases(t *testing.T, testcases []*rootCARotationTestCase, localR }, } secConfig := getSecurityConfig(t, localRootCA, cluster) - result, err := validateCAConfig(context.Background(), secConfig, cluster) + result, err := validateCAConfig(casectx, secConfig, cluster) require.NoError(t, err, valid.description) // ensure that the cluster was not mutated @@ -346,8 +354,12 @@ func runValidTestCases(t *testing.T, testcases []*rootCARotationTestCase, localR // make sure the cross-signed cert is signed by the current root CA (and not an intermediate, if a root rotation is in progress) parsedCross, err := helpers.ParseCertificatePEM(result.RootRotation.CrossSignedCACert) // there should just be one require.NoError(t, err) + + log.G(casectx).Debugf("localRootCA:%s", localRootCA.Certs) + log.G(casectx).Debugf("CACert:%s", result.RootRotation.CACert) + log.G(casectx).Debugf("CrossSigned:%s", result.RootRotation.CrossSignedCACert) _, err = parsedCross.Verify(x509.VerifyOptions{Roots: localRootCA.Pool}) - require.NoError(t, err, valid.description) + assert.NoError(t, err, valid.description) // if we are expecting generated certs or root rotation, we can expect the expected root CA has a root rotation result.RootRotation.CrossSignedCACert = valid.expectRootCA.RootRotation.CrossSignedCACert @@ -365,14 +377,30 @@ func runValidTestCases(t *testing.T, testcases []*rootCARotationTestCase, localR } } +func printCert(t *testing.T, pemData []byte) { + t.Helper() + + block, _ := pem.Decode(pemData) + cert, err := x509.ParseCertificate(block.Bytes) + if err != nil { + t.Error(err) + } + + cert.RawSubject = nil + cert.Raw = nil + cert.RawIssuer = nil + cert.RawSubjectPublicKeyInfo = nil + cert.RawTBSCertificate = nil + cert.Signature = nil + t.Logf("%+v", cert) +} + func TestValidateCAConfigValidValues(t *testing.T) { t.Parallel() localRootCA, err := ca.NewRootCA(testutils.ECDSA256SHA256Cert, testutils.ECDSA256SHA256Cert, testutils.ECDSA256Key, ca.DefaultNodeCertExpiration, nil) require.NoError(t, err) - parsedCert, err := helpers.ParseCertificatePEM(testutils.ECDSA256SHA256Cert) - require.NoError(t, err) parsedKey, err := helpers.ParsePrivateKeyPEM(testutils.ECDSA256Key) require.NoError(t, err) @@ -536,8 +564,7 @@ func TestValidateCAConfigValidValues(t *testing.T) { // These all require a new root rotation because the desired cert is different, even if it has the same key and/or subject as the current // cert or the current-to-be-rotated cert. - renewedInitialCert, err := initca.RenewFromSigner(parsedCert, parsedKey) - require.NoError(t, err) + time.Sleep(5 * time.Second) parsedRotationCert, err := helpers.ParseCertificatePEM(rotationCert) require.NoError(t, err) parsedRotationKey, err := helpers.ParsePrivateKeyPEM(rotationKey) @@ -554,49 +581,6 @@ func TestValidateCAConfigValidValues(t *testing.T) { defer differentExtServer.Stop() require.NoError(t, differentExtServer.EnableCASigning()) testcases = []*rootCARotationTestCase{ - { - description: "desired cert being a renewed current cert and key results in a root rotation because the cert has changed", - rootCA: initialLocalRootCA, - caConfig: api.CAConfig{ - SigningCACert: uglifyOnePEM(renewedInitialCert), - SigningCAKey: initialLocalRootCA.CAKey, - ForceRotate: 5, - }, - expectRootCA: getRootCAWithRotation(expectedBaseRootCA, renewedInitialCert, initialLocalRootCA.CAKey, nil), - expectGeneratedCross: true, - }, - { - description: "desired cert being a renewed current cert, external->internal results in a root rotation because the cert has changed", - rootCA: initialExternalRootCA, - caConfig: api.CAConfig{ - SigningCACert: uglifyOnePEM(renewedInitialCert), - SigningCAKey: initialLocalRootCA.CAKey, - ForceRotate: 5, - ExternalCAs: []*api.ExternalCA{ - { - URL: initExtServer.URL, - }, - }, - }, - expectRootCA: getRootCAWithRotation(getExpectedRootCA(false), renewedInitialCert, initialLocalRootCA.CAKey, nil), - expectGeneratedCross: true, - }, - { - description: "desired cert being a renewed current cert, internal->external results in a root rotation because the cert has changed", - rootCA: initialLocalRootCA, - caConfig: api.CAConfig{ - SigningCACert: append([]byte("\n\n"), renewedInitialCert...), - ForceRotate: 5, - ExternalCAs: []*api.ExternalCA{ - { - URL: initExtServer.URL, - CACert: uglifyOnePEM(renewedInitialCert), - }, - }, - }, - expectRootCA: getRootCAWithRotation(expectedBaseRootCA, renewedInitialCert, nil, nil), - expectGeneratedCross: true, - }, { description: "desired cert being a renewed rotation RootCA cert + rotation key results in replaced root rotation because the cert has changed", rootCA: getRootCAWithRotation(initialLocalRootCA, rotationCert, rotationKey, crossSigned),