diff --git a/cmd/agent/main.go b/cmd/agent/main.go index 1c6d0f8..9b4bdae 100644 --- a/cmd/agent/main.go +++ b/cmd/agent/main.go @@ -70,9 +70,8 @@ func main() { // launch the watcher if err := metadataWatcher.Run(); err != nil { log.Fatal("Failed to run watcher... %v", err) - } else { - log.Info("Watcher finished") } + log.Info("Watcher finished") } func handleShutdown(bgJobsCancel context.CancelFunc, metadataWatcher watcher.MetadataWatcher, infoUpdater updater.AgentInfoUpdater, sshMgr *sysaccess.SSHManager) { diff --git a/internal/log/mutelog.go b/internal/log/mutelog.go index 8640854..bc8e0fd 100644 --- a/internal/log/mutelog.go +++ b/internal/log/mutelog.go @@ -19,6 +19,6 @@ func Mute() { type muteLogger struct{} -func (*muteLogger) Output(calldepth int, s string) error { +func (*muteLogger) Output(_ int, _ string) error { return nil } diff --git a/internal/metadata/actioner/do_managed_keys_actioner.go b/internal/metadata/actioner/do_managed_keys_actioner.go index 1a1e520..aa2c447 100644 --- a/internal/metadata/actioner/do_managed_keys_actioner.go +++ b/internal/metadata/actioner/do_managed_keys_actioner.go @@ -50,8 +50,8 @@ func (da *doManagedKeysActioner) do(metadata *metadata.Metadata) { da.sshMgr.DisableManagedDropletKeys() } // prepare ssh keys - for _, kRaw := range metadata.PublicKeys { - k, e := da.keyParser.FromPublicKey(kRaw) + for _, keyRaw := range metadata.PublicKeys { + k, e := da.keyParser.FromPublicKey(keyRaw) if e != nil { log.Error("[DO-Managed Keys Actioner] invalid public key object. %v", e) continue @@ -59,8 +59,8 @@ func (da *doManagedKeysActioner) do(metadata *metadata.Metadata) { sshKeys = append(sshKeys, k) } // prepare dotty keys - for _, kRaw := range metadata.DOTTYKeys { - k, e := da.keyParser.FromDOTTYKey(kRaw) + for _, keyRaw := range metadata.DOTTYKeys { + k, e := da.keyParser.FromDOTTYKey(keyRaw) if e != nil { log.Error("[DO-Managed Keys Actioner] invalid ssh key object. %v", e) continue diff --git a/internal/metadata/watcher/common.go b/internal/metadata/watcher/common.go index 0364a31..644019b 100644 --- a/internal/metadata/watcher/common.go +++ b/internal/metadata/watcher/common.go @@ -10,7 +10,7 @@ const ( maxShutdownWaitTimeSeconds = 5 ) -//Possible Errors +// Possible Errors var ( ErrFetchMetadataFailed = errors.New("failed to fetch rmetadata") ErrNoRegisteredActioner = errors.New("no registered actioners") diff --git a/internal/metadata/watcher/fetcher.go b/internal/metadata/watcher/fetcher.go index 12ba6b9..21101d8 100644 --- a/internal/metadata/watcher/fetcher.go +++ b/internal/metadata/watcher/fetcher.go @@ -5,7 +5,7 @@ package watcher import ( "encoding/json" "fmt" - "io/ioutil" + "io" "net/http" "github.com/digitalocean/droplet-agent/internal/metadata" @@ -32,7 +32,7 @@ func (m *metadataFetcherImpl) fetchMetadata() (*metadata.Metadata, error) { _ = metaResp.Body.Close() }() - metadataRaw, err := ioutil.ReadAll(metaResp.Body) + metadataRaw, err := io.ReadAll(metaResp.Body) if err != nil { return nil, fmt.Errorf("%w:%v", ErrFetchMetadataFailed, err) } diff --git a/internal/metadata/watcher/web_watcher.go b/internal/metadata/watcher/web_watcher.go index 2e22e9f..48d8da4 100644 --- a/internal/metadata/watcher/web_watcher.go +++ b/internal/metadata/watcher/web_watcher.go @@ -64,8 +64,9 @@ func (w *webBasedWatcher) Run() error { }) w.server = &http.Server{ - Addr: webAddr, - Handler: r, + Addr: webAddr, + Handler: r, + ReadHeaderTimeout: 3 * time.Second, } if err := w.server.ListenAndServe(); err != nil { if errors.Is(err, http.ErrServerClosed) { diff --git a/internal/mockutils/http_matcher.go b/internal/mockutils/http_matcher.go index ddfbb8c..55b6308 100644 --- a/internal/mockutils/http_matcher.go +++ b/internal/mockutils/http_matcher.go @@ -5,7 +5,7 @@ package mockutils import ( "bytes" "fmt" - "io/ioutil" + "io" "net/http" "github.com/golang/mock/gomock" @@ -50,12 +50,12 @@ func (m *HTTPRequestMatcher) Matches(x interface{}) bool { actualBodyReader := actual.Body expectedBodyReader := m.ExpectedRequest.Body - actualBody, err := ioutil.ReadAll(actualBodyReader) + actualBody, err := io.ReadAll(actualBodyReader) if err != nil { return false } - expectedBody, err := ioutil.ReadAll(expectedBodyReader) + expectedBody, err := io.ReadAll(expectedBodyReader) if err != nil { return false } diff --git a/internal/sysaccess/authorized_keys_file_updater.go b/internal/sysaccess/authorized_keys_file_updater.go index e516e01..45e23cc 100644 --- a/internal/sysaccess/authorized_keys_file_updater.go +++ b/internal/sysaccess/authorized_keys_file_updater.go @@ -54,10 +54,7 @@ func (u *updaterImpl) updateAuthorizedKeysFile(osUsername string, managedKeys [] localKeys = strings.Split(strings.TrimRight(string(localKeysRaw), "\n"), "\n") } updatedKeys := u.sshMgr.prepareAuthorizedKeys(localKeys, managedKeys) - if err = u.do(authorizedKeysFile, osUser, updatedKeys, fileExist); err != nil { - return err - } - return nil + return u.do(authorizedKeysFile, osUser, updatedKeys, fileExist) } func (u *updaterImpl) do(authorizedKeysFile string, user *sysutil.User, lines []string, srcFileExist bool) (retErr error) { diff --git a/internal/sysaccess/ssh_helper.go b/internal/sysaccess/ssh_helper.go index d3a1adf..2c29c9a 100644 --- a/internal/sysaccess/ssh_helper.go +++ b/internal/sysaccess/ssh_helper.go @@ -56,10 +56,10 @@ func (s *sshHelperImpl) authorizedKeysFile(user *sysutil.User) string { // prepareAuthorizedKeys prepares the authorized keys that will be updated to filesystem // NOTE: setting managedKeys to nil or empty slice will result in different behaviors -// - managedKeys = nil: will result in all temporary keys (keys with a TTL) being removed, -// but all permanent DO managed droplet keys will be preserved -// - managedKeys = []*SSHKey{}: means the droplet no longer has any DO managed keys (neither Droplet Keys nor DoTTY Keys), -// therefore, all DigitalOcean managed keys will be removed +// - managedKeys = nil: will result in all temporary keys (keys with a TTL) being removed, +// but all permanent DO managed droplet keys will be preserved +// - managedKeys = []*SSHKey{}: means the droplet no longer has any DO managed keys (neither Droplet Keys nor DoTTY Keys), +// therefore, all DigitalOcean managed keys will be removed func (s *sshHelperImpl) prepareAuthorizedKeys(localKeys []string, managedKeys []*SSHKey) []string { managedDropletKeysEnabled := atomic.LoadUint32(&s.mgr.manageDropletKeys) == manageDropletKeysEnabled managedKeysQuickCheck := make(map[string]bool) diff --git a/internal/sysaccess/ssh_helper_sshd_config_unix.go b/internal/sysaccess/ssh_helper_sshd_config_unix.go index 82b7a4c..4b195d8 100644 --- a/internal/sysaccess/ssh_helper_sshd_config_unix.go +++ b/internal/sysaccess/ssh_helper_sshd_config_unix.go @@ -1,5 +1,6 @@ // SPDX-License-Identifier: Apache-2.0 +//go:build !windows // +build !windows package sysaccess diff --git a/internal/sysaccess/sshmgr.go b/internal/sysaccess/sshmgr.go index ccfb433..3015e05 100644 --- a/internal/sysaccess/sshmgr.go +++ b/internal/sysaccess/sshmgr.go @@ -130,10 +130,7 @@ func (s *SSHManager) RemoveExpiredKeys() (err error) { return nil }) } - if err := eg.Wait(); err != nil { - return err - } - return nil + return eg.Wait() } // UpdateKeys updates the given ssh keys to corresponding authorized_keys files. @@ -218,10 +215,7 @@ func (s *SSHManager) RemoveDOTTYKeys() error { return nil }) } - if err := eg.Wait(); err != nil { - return err - } - return nil + return eg.Wait() } // SSHDPort returns the port sshd is binding to @@ -286,15 +280,16 @@ func (s *SSHManager) Close() error { } // parseSSHDConfig parses the sshd_config file and retrieves configurations needed by the agent, which are: -// - AuthorizedKeysFile : to know how to locate the authorized_keys file -// - Port | ListenAddress : to know which port sshd is currently binding to +// - AuthorizedKeysFile : to know how to locate the authorized_keys file +// - Port | ListenAddress : to know which port sshd is currently binding to +// // NOTES: -// - the port specified in the command line arguments (--sshd_port) when launching the agent has the highest priority, -// if given, parseSSHDConfig will skip parsing port numbers specified in the sshd_config -// - only 1 port is currently supported, if there are multiple ports presented, for example, multiple "Port" entries -// or more ports are found from `ListenAddress` entry/entries, the agent will only take the first one found, and this -// *MAY NOT* be the right one. If this happens to be the case, please explicit specify which port the agent should -// watch via the command line argument "--sshd_port" +// - the port specified in the command line arguments (--sshd_port) when launching the agent has the highest priority, +// if given, parseSSHDConfig will skip parsing port numbers specified in the sshd_config +// - only 1 port is currently supported, if there are multiple ports presented, for example, multiple "Port" entries +// or more ports are found from `ListenAddress` entry/entries, the agent will only take the first one found, and this +// *MAY NOT* be the right one. If this happens to be the case, please explicit specify which port the agent should +// watch via the command line argument "--sshd_port" func (s *SSHManager) parseSSHDConfig() error { defer func() { if s.authorizedKeysFilePattern == "" { diff --git a/internal/sysutil/os_operations_unix.go b/internal/sysutil/os_operations_unix.go index 4ea418b..9c0a861 100644 --- a/internal/sysutil/os_operations_unix.go +++ b/internal/sysutil/os_operations_unix.go @@ -1,5 +1,6 @@ // SPDX-License-Identifier: Apache-2.0 +//go:build !windows // +build !windows package sysutil @@ -7,7 +8,6 @@ package sysutil import ( "fmt" "io" - "io/ioutil" "os" "strconv" "strings" @@ -15,7 +15,7 @@ import ( func newOSOperator() osOperator { return &osOperatorImpl{ - readFileFn: ioutil.ReadFile, + readFileFn: os.ReadFile, osStatFn: os.Stat, osMkDir: os.MkdirAll, osChown: os.Chown, diff --git a/internal/sysutil/sysmanager.go b/internal/sysutil/sysmanager.go index cc9d920..71a7f2a 100644 --- a/internal/sysutil/sysmanager.go +++ b/internal/sysutil/sysmanager.go @@ -7,7 +7,6 @@ import ( "errors" "fmt" "io" - "io/ioutil" "os" "os/exec" "time" @@ -27,7 +26,7 @@ type SysManager struct { // ReadFile reads a file func (s *SysManager) ReadFile(filename string) ([]byte, error) { - return ioutil.ReadFile(filename) + return os.ReadFile(filename) } // RenameFile renames a file