From b91affdd34ae30e6c6e3ef61ea2fa8ac30944aed Mon Sep 17 00:00:00 2001 From: max furman Date: Mon, 25 Apr 2022 10:23:07 -0700 Subject: [PATCH 1/7] exposing authority configuration for provisioner cli commands --- authority/admin/db.go | 46 +++++++++++++++++++++++++++++++++ authority/admins.go | 6 ++--- authority/authority.go | 26 ++++++++++++++++--- authority/provisioners.go | 8 +++--- ca/adminClient.go | 24 +++++++++--------- ca/client.go | 53 ++++++++++++++++++++------------------- 6 files changed, 115 insertions(+), 48 deletions(-) diff --git a/authority/admin/db.go b/authority/admin/db.go index bf34a3c2..6e4e7c49 100644 --- a/authority/admin/db.go +++ b/authority/admin/db.go @@ -71,6 +71,52 @@ type DB interface { DeleteAdmin(ctx context.Context, id string) error } +type NoDB struct{} + +func NewNoDB() *NoDB { + return &NoDB{} +} + +func (n *NoDB) CreateProvisioner(ctx context.Context, prov *linkedca.Provisioner) error { + return nil +} + +func (n *NoDB) GetProvisioner(ctx context.Context, id string) (*linkedca.Provisioner, error) { + return nil, nil +} + +func (n *NoDB) GetProvisioners(ctx context.Context) ([]*linkedca.Provisioner, error) { + return nil, nil +} + +func (n *NoDB) UpdateProvisioner(ctx context.Context, prov *linkedca.Provisioner) error { + return nil +} + +func (n *NoDB) DeleteProvisioner(ctx context.Context, id string) error { + return nil +} + +func (n *NoDB) CreateAdmin(ctx context.Context, admin *linkedca.Admin) error { + return nil +} + +func (n *NoDB) GetAdmin(ctx context.Context, id string) (*linkedca.Admin, error) { + return nil, nil +} + +func (n *NoDB) GetAdmins(ctx context.Context) ([]*linkedca.Admin, error) { + return nil, nil +} + +func (n *NoDB) UpdateAdmin(ctx context.Context, prov *linkedca.Admin) error { + return nil +} + +func (n *NoDB) DeleteAdmin(ctx context.Context, id string) error { + return nil +} + // MockDB is an implementation of the DB interface that should only be used as // a mock in tests. type MockDB struct { diff --git a/authority/admins.go b/authority/admins.go index b975297a..c8e1ac66 100644 --- a/authority/admins.go +++ b/authority/admins.go @@ -49,7 +49,7 @@ func (a *Authority) StoreAdmin(ctx context.Context, adm *linkedca.Admin, prov pr return admin.WrapErrorISE(err, "error creating admin") } if err := a.admins.Store(adm, prov); err != nil { - if err := a.reloadAdminResources(ctx); err != nil { + if err := a.ReloadAdminResources(ctx); err != nil { return admin.WrapErrorISE(err, "error reloading admin resources on failed admin store") } return admin.WrapErrorISE(err, "error storing admin in authority cache") @@ -66,7 +66,7 @@ func (a *Authority) UpdateAdmin(ctx context.Context, id string, nu *linkedca.Adm return nil, admin.WrapErrorISE(err, "error updating cached admin %s", id) } if err := a.adminDB.UpdateAdmin(ctx, adm); err != nil { - if err := a.reloadAdminResources(ctx); err != nil { + if err := a.ReloadAdminResources(ctx); err != nil { return nil, admin.WrapErrorISE(err, "error reloading admin resources on failed admin update") } return nil, admin.WrapErrorISE(err, "error updating admin %s", id) @@ -88,7 +88,7 @@ func (a *Authority) removeAdmin(ctx context.Context, id string) error { return admin.WrapErrorISE(err, "error removing admin %s from authority cache", id) } if err := a.adminDB.DeleteAdmin(ctx, id); err != nil { - if err := a.reloadAdminResources(ctx); err != nil { + if err := a.ReloadAdminResources(ctx); err != nil { return admin.WrapErrorISE(err, "error reloading admin resources on failed admin remove") } return admin.WrapErrorISE(err, "error deleting admin %s", id) diff --git a/authority/authority.go b/authority/authority.go index 9db38e14..2c10b626 100644 --- a/authority/authority.go +++ b/authority/authority.go @@ -115,6 +115,20 @@ func New(cfg *config.Config, opts ...Option) (*Authority, error) { return a, nil } +// FromOptions creates an Authority exclusively using the passed in options +// and does not intialize the Authority. +func FromOptions(opts ...Option) (*Authority, error) { + var a = new(Authority) + + // Apply options. + for _, fn := range opts { + if err := fn(a); err != nil { + return nil, err + } + } + return a, nil +} + // NewEmbedded initializes an authority that can be embedded in a different // project without the limitations of the config. func NewEmbedded(opts ...Option) (*Authority, error) { @@ -153,8 +167,8 @@ func NewEmbedded(opts ...Option) (*Authority, error) { return a, nil } -// reloadAdminResources reloads admins and provisioners from the DB. -func (a *Authority) reloadAdminResources(ctx context.Context) error { +// ReloadAdminResources reloads admins and provisioners from the DB. +func (a *Authority) ReloadAdminResources(ctx context.Context) error { var ( provList provisioner.List adminList []*linkedca.Admin @@ -551,7 +565,7 @@ func (a *Authority) init() error { } // Load Provisioners and Admins - if err := a.reloadAdminResources(context.Background()); err != nil { + if err := a.ReloadAdminResources(context.Background()); err != nil { return err } @@ -587,6 +601,12 @@ func (a *Authority) GetAdminDatabase() admin.DB { return a.adminDB } +// GetConfig returns the config. +func (a *Authority) GetConfig() *config.Config { + return a.config +} + +// GetInfo returns information about the authority. func (a *Authority) GetInfo() Info { ai := Info{ StartTime: a.startTime, diff --git a/authority/provisioners.go b/authority/provisioners.go index 63fb630b..5944f007 100644 --- a/authority/provisioners.go +++ b/authority/provisioners.go @@ -145,7 +145,7 @@ func (a *Authority) generateProvisionerConfig(ctx context.Context) (provisioner. } -// StoreProvisioner stores an provisioner.Interface to the authority. +// StoreProvisioner stores a provisioner to the authority. func (a *Authority) StoreProvisioner(ctx context.Context, prov *linkedca.Provisioner) error { a.adminMutex.Lock() defer a.adminMutex.Unlock() @@ -191,7 +191,7 @@ func (a *Authority) StoreProvisioner(ctx context.Context, prov *linkedca.Provisi } if err := a.provisioners.Store(certProv); err != nil { - if err := a.reloadAdminResources(ctx); err != nil { + if err := a.ReloadAdminResources(ctx); err != nil { return admin.WrapErrorISE(err, "error reloading admin resources on failed provisioner store") } return admin.WrapErrorISE(err, "error storing provisioner in authority cache") @@ -223,7 +223,7 @@ func (a *Authority) UpdateProvisioner(ctx context.Context, nu *linkedca.Provisio return admin.WrapErrorISE(err, "error updating provisioner '%s' in authority cache", nu.Name) } if err := a.adminDB.UpdateProvisioner(ctx, nu); err != nil { - if err := a.reloadAdminResources(ctx); err != nil { + if err := a.ReloadAdminResources(ctx); err != nil { return admin.WrapErrorISE(err, "error reloading admin resources on failed provisioner update") } return admin.WrapErrorISE(err, "error updating provisioner '%s'", nu.Name) @@ -267,7 +267,7 @@ func (a *Authority) RemoveProvisioner(ctx context.Context, id string) error { } // Remove provisioner from database. if err := a.adminDB.DeleteProvisioner(ctx, provID); err != nil { - if err := a.reloadAdminResources(ctx); err != nil { + if err := a.ReloadAdminResources(ctx); err != nil { return admin.WrapErrorISE(err, "error reloading admin resources on failed provisioner remove") } return admin.WrapErrorISE(err, "error deleting provisioner %s", provName) diff --git a/ca/adminClient.go b/ca/adminClient.go index 72f62dd8..e898a898 100644 --- a/ca/adminClient.go +++ b/ca/adminClient.go @@ -363,19 +363,19 @@ retry: // GetProvisioner performs the GET /admin/provisioners/{name} request to the CA. func (c *AdminClient) GetProvisioner(opts ...ProvisionerOption) (*linkedca.Provisioner, error) { var retried bool - o := new(provisionerOptions) - if err := o.apply(opts); err != nil { + o := new(ProvisionerOptions) + if err := o.Apply(opts); err != nil { return nil, err } var u *url.URL switch { - case len(o.id) > 0: + case len(o.ID) > 0: u = c.endpoint.ResolveReference(&url.URL{ Path: "/admin/provisioners/id", RawQuery: o.rawQuery(), }) - case len(o.name) > 0: - u = c.endpoint.ResolveReference(&url.URL{Path: path.Join(adminURLPrefix, "provisioners", o.name)}) + case len(o.Name) > 0: + u = c.endpoint.ResolveReference(&url.URL{Path: path.Join(adminURLPrefix, "provisioners", o.Name)}) default: return nil, errors.New("must set either name or id in method options") } @@ -410,8 +410,8 @@ retry: // GetProvisionersPaginate performs the GET /admin/provisioners request to the CA. func (c *AdminClient) GetProvisionersPaginate(opts ...ProvisionerOption) (*adminAPI.GetProvisionersResponse, error) { var retried bool - o := new(provisionerOptions) - if err := o.apply(opts); err != nil { + o := new(ProvisionerOptions) + if err := o.Apply(opts); err != nil { return nil, err } u := c.endpoint.ResolveReference(&url.URL{ @@ -472,19 +472,19 @@ func (c *AdminClient) RemoveProvisioner(opts ...ProvisionerOption) error { retried bool ) - o := new(provisionerOptions) - if err := o.apply(opts); err != nil { + o := new(ProvisionerOptions) + if err := o.Apply(opts); err != nil { return err } switch { - case len(o.id) > 0: + case len(o.ID) > 0: u = c.endpoint.ResolveReference(&url.URL{ Path: path.Join(adminURLPrefix, "provisioners/id"), RawQuery: o.rawQuery(), }) - case len(o.name) > 0: - u = c.endpoint.ResolveReference(&url.URL{Path: path.Join(adminURLPrefix, "provisioners", o.name)}) + case len(o.Name) > 0: + u = c.endpoint.ResolveReference(&url.URL{Path: path.Join(adminURLPrefix, "provisioners", o.Name)}) default: return errors.New("must set either name or id in method options") } diff --git a/ca/client.go b/ca/client.go index 0bd93195..3871c749 100644 --- a/ca/client.go +++ b/ca/client.go @@ -425,16 +425,17 @@ func parseEndpoint(endpoint string) (*url.URL, error) { } // ProvisionerOption is the type of options passed to the Provisioner method. -type ProvisionerOption func(o *provisionerOptions) error +type ProvisionerOption func(o *ProvisionerOptions) error -type provisionerOptions struct { - cursor string - limit int - id string - name string +// ProvisionerOptions stores options for the provisioner CRUD API. +type ProvisionerOptions struct { + Cursor string + Limit int + ID string + Name string } -func (o *provisionerOptions) apply(opts []ProvisionerOption) (err error) { +func (o *ProvisionerOptions) Apply(opts []ProvisionerOption) (err error) { for _, fn := range opts { if err = fn(o); err != nil { return @@ -443,51 +444,51 @@ func (o *provisionerOptions) apply(opts []ProvisionerOption) (err error) { return } -func (o *provisionerOptions) rawQuery() string { +func (o *ProvisionerOptions) rawQuery() string { v := url.Values{} - if len(o.cursor) > 0 { - v.Set("cursor", o.cursor) + if len(o.Cursor) > 0 { + v.Set("cursor", o.Cursor) } - if o.limit > 0 { - v.Set("limit", strconv.Itoa(o.limit)) + if o.Limit > 0 { + v.Set("limit", strconv.Itoa(o.Limit)) } - if len(o.id) > 0 { - v.Set("id", o.id) + if len(o.ID) > 0 { + v.Set("id", o.ID) } - if len(o.name) > 0 { - v.Set("name", o.name) + if len(o.Name) > 0 { + v.Set("name", o.Name) } return v.Encode() } // WithProvisionerCursor will request the provisioners starting with the given cursor. func WithProvisionerCursor(cursor string) ProvisionerOption { - return func(o *provisionerOptions) error { - o.cursor = cursor + return func(o *ProvisionerOptions) error { + o.Cursor = cursor return nil } } // WithProvisionerLimit will request the given number of provisioners. func WithProvisionerLimit(limit int) ProvisionerOption { - return func(o *provisionerOptions) error { - o.limit = limit + return func(o *ProvisionerOptions) error { + o.Limit = limit return nil } } // WithProvisionerID will request the given provisioner. func WithProvisionerID(id string) ProvisionerOption { - return func(o *provisionerOptions) error { - o.id = id + return func(o *ProvisionerOptions) error { + o.ID = id return nil } } // WithProvisionerName will request the given provisioner. func WithProvisionerName(name string) ProvisionerOption { - return func(o *provisionerOptions) error { - o.name = name + return func(o *ProvisionerOptions) error { + o.Name = name return nil } } @@ -810,8 +811,8 @@ retry: // paginate the provisioners. func (c *Client) Provisioners(opts ...ProvisionerOption) (*api.ProvisionersResponse, error) { var retried bool - o := new(provisionerOptions) - if err := o.apply(opts); err != nil { + o := new(ProvisionerOptions) + if err := o.Apply(opts); err != nil { return nil, err } u := c.endpoint.ResolveReference(&url.URL{ From 4cb74e7d8ba5a70b2b5c6c00f3907ad0899524fe Mon Sep 17 00:00:00 2001 From: max furman Date: Sat, 30 Apr 2022 13:08:28 -0700 Subject: [PATCH 2/7] fix linter warnings --- authority/authority.go | 2 +- docs/GETTING_STARTED.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/authority/authority.go b/authority/authority.go index 2c10b626..63375351 100644 --- a/authority/authority.go +++ b/authority/authority.go @@ -116,7 +116,7 @@ func New(cfg *config.Config, opts ...Option) (*Authority, error) { } // FromOptions creates an Authority exclusively using the passed in options -// and does not intialize the Authority. +// and does not initialize the Authority. func FromOptions(opts ...Option) (*Authority, error) { var a = new(Authority) diff --git a/docs/GETTING_STARTED.md b/docs/GETTING_STARTED.md index 84e968ab..67c5673d 100644 --- a/docs/GETTING_STARTED.md +++ b/docs/GETTING_STARTED.md @@ -654,7 +654,7 @@ preferably not all - meaning it never leaves the server on which it was created. ### Passwords -When you intialize your PKI (`step ca init`) the root and intermediate +When you initialize your PKI (`step ca init`) the root and intermediate private keys will be encrypted with the same password. We recommend that you change the password with which the intermediate is encrypted at your earliest convenience. @@ -681,7 +681,7 @@ to divide the root private key password across a handful of trusted parties. ### Provisioners -When you intialize your PKI (`step ca init`) a default provisioner will be created +When you initialize your PKI (`step ca init`) a default provisioner will be created and it's private key will be encrypted using the same password used to encrypt the root private key. Before deploying the Step CA you should remove this provisioner and add new ones that are encrypted with new, secure, random passwords. From 25b8d196d84542c97a946a963782a4d20c3c9ca9 Mon Sep 17 00:00:00 2001 From: max furman Date: Wed, 11 May 2022 17:04:43 -0700 Subject: [PATCH 3/7] Couple changes in response to PR - add skipInit option to skip authority initialization - check admin API status when removing provisioners - no need to check admins when not using Admin API --- authority/authority.go | 32 +++++++++++++------------------- authority/options.go | 9 +++++++++ authority/provisioners.go | 30 ++++++++++++++++-------------- 3 files changed, 38 insertions(+), 33 deletions(-) diff --git a/authority/authority.go b/authority/authority.go index 63375351..5b08ec40 100644 --- a/authority/authority.go +++ b/authority/authority.go @@ -78,8 +78,12 @@ type Authority struct { authorizeSSHRenewFunc provisioner.AuthorizeSSHRenewFunc adminMutex sync.RWMutex + + // Do Not initialize the authority + skipInit bool } +// Info contains information about the authority. type Info struct { StartTime time.Time RootX509Certs []*x509.Certificate @@ -107,25 +111,13 @@ func New(cfg *config.Config, opts ...Option) (*Authority, error) { } } - // Initialize authority from options or configuration. - if err := a.init(); err != nil { - return nil, err - } - - return a, nil -} - -// FromOptions creates an Authority exclusively using the passed in options -// and does not initialize the Authority. -func FromOptions(opts ...Option) (*Authority, error) { - var a = new(Authority) - - // Apply options. - for _, fn := range opts { - if err := fn(a); err != nil { + if !a.skipInit { + // Initialize authority from options or configuration. + if err := a.init(); err != nil { return nil, err } } + return a, nil } @@ -159,9 +151,11 @@ func NewEmbedded(opts ...Option) (*Authority, error) { // Initialize config required fields. a.config.Init() - // Initialize authority from options or configuration. - if err := a.init(); err != nil { - return nil, err + if !a.skipInit { + // Initialize authority from options or configuration. + if err := a.init(); err != nil { + return nil, err + } } return a, nil diff --git a/authority/options.go b/authority/options.go index 1c154577..b583bb89 100644 --- a/authority/options.go +++ b/authority/options.go @@ -284,6 +284,15 @@ func WithX509Enforcers(ces ...provisioner.CertificateEnforcer) Option { } } +// WithSkipInit is an option that allows the constructor to skip initializtion +// of the authority. +func WithSkipInit() Option { + return func(a *Authority) error { + a.skipInit = true + return nil + } +} + func readCertificateBundle(pemCerts []byte) ([]*x509.Certificate, error) { var block *pem.Block var certs []*x509.Certificate diff --git a/authority/provisioners.go b/authority/provisioners.go index 5944f007..642bb5b1 100644 --- a/authority/provisioners.go +++ b/authority/provisioners.go @@ -243,27 +243,29 @@ func (a *Authority) RemoveProvisioner(ctx context.Context, id string) error { } provName, provID := p.GetName(), p.GetID() - // Validate - // - Check that there will be SUPER_ADMINs that remain after we - // remove this provisioner. - if a.admins.SuperCount() == a.admins.SuperCountByProvisioner(provName) { - return admin.NewError(admin.ErrorBadRequestType, - "cannot remove provisioner %s because no super admins will remain", provName) - } + if a.IsAdminAPIEnabled() { + // Validate + // - Check that there will be SUPER_ADMINs that remain after we + // remove this provisioner. + if a.IsAdminAPIEnabled() && a.admins.SuperCount() == a.admins.SuperCountByProvisioner(provName) { + return admin.NewError(admin.ErrorBadRequestType, + "cannot remove provisioner %s because no super admins will remain", provName) + } - // Delete all admins associated with the provisioner. - admins, ok := a.admins.LoadByProvisioner(provName) - if ok { - for _, adm := range admins { - if err := a.removeAdmin(ctx, adm.Id); err != nil { - return admin.WrapErrorISE(err, "error deleting admin %s, as part of provisioner %s deletion", adm.Subject, provName) + // Delete all admins associated with the provisioner. + admins, ok := a.admins.LoadByProvisioner(provName) + if ok { + for _, adm := range admins { + if err := a.removeAdmin(ctx, adm.Id); err != nil { + return admin.WrapErrorISE(err, "error deleting admin %s, as part of provisioner %s deletion", adm.Subject, provName) + } } } } // Remove provisioner from authority caches. if err := a.provisioners.Remove(provID); err != nil { - return admin.WrapErrorISE(err, "error removing admin from authority cache") + return admin.WrapErrorISE(err, "error removing provisioner from authority cache") } // Remove provisioner from database. if err := a.adminDB.DeleteProvisioner(ctx, provID); err != nil { From bfb406bf703d716d98dc86c169acb92d49cb4cf4 Mon Sep 17 00:00:00 2001 From: max furman Date: Wed, 18 May 2022 09:43:32 -0700 Subject: [PATCH 4/7] Fixes for PR review --- authority/admin/db.go | 46 ------------------------------------------- authority/options.go | 8 ++++++++ ca/adminClient.go | 8 ++++---- ca/client.go | 7 ++++--- 4 files changed, 16 insertions(+), 53 deletions(-) diff --git a/authority/admin/db.go b/authority/admin/db.go index 6e4e7c49..bf34a3c2 100644 --- a/authority/admin/db.go +++ b/authority/admin/db.go @@ -71,52 +71,6 @@ type DB interface { DeleteAdmin(ctx context.Context, id string) error } -type NoDB struct{} - -func NewNoDB() *NoDB { - return &NoDB{} -} - -func (n *NoDB) CreateProvisioner(ctx context.Context, prov *linkedca.Provisioner) error { - return nil -} - -func (n *NoDB) GetProvisioner(ctx context.Context, id string) (*linkedca.Provisioner, error) { - return nil, nil -} - -func (n *NoDB) GetProvisioners(ctx context.Context) ([]*linkedca.Provisioner, error) { - return nil, nil -} - -func (n *NoDB) UpdateProvisioner(ctx context.Context, prov *linkedca.Provisioner) error { - return nil -} - -func (n *NoDB) DeleteProvisioner(ctx context.Context, id string) error { - return nil -} - -func (n *NoDB) CreateAdmin(ctx context.Context, admin *linkedca.Admin) error { - return nil -} - -func (n *NoDB) GetAdmin(ctx context.Context, id string) (*linkedca.Admin, error) { - return nil, nil -} - -func (n *NoDB) GetAdmins(ctx context.Context) ([]*linkedca.Admin, error) { - return nil, nil -} - -func (n *NoDB) UpdateAdmin(ctx context.Context, prov *linkedca.Admin) error { - return nil -} - -func (n *NoDB) DeleteAdmin(ctx context.Context, id string) error { - return nil -} - // MockDB is an implementation of the DB interface that should only be used as // a mock in tests. type MockDB struct { diff --git a/authority/options.go b/authority/options.go index b583bb89..755e0fbc 100644 --- a/authority/options.go +++ b/authority/options.go @@ -266,6 +266,14 @@ func WithAdminDB(d admin.DB) Option { } } +// WithProvisioners is an option to set the provisioner collection. +func WithProvisioners(ps *provisioner.Collection) Option { + return func(a *Authority) error { + a.provisioners = ps + return nil + } +} + // WithLinkedCAToken is an option to set the authentication token used to enable // linked ca. func WithLinkedCAToken(token string) Option { diff --git a/ca/adminClient.go b/ca/adminClient.go index e898a898..90b0ab1d 100644 --- a/ca/adminClient.go +++ b/ca/adminClient.go @@ -369,12 +369,12 @@ func (c *AdminClient) GetProvisioner(opts ...ProvisionerOption) (*linkedca.Provi } var u *url.URL switch { - case len(o.ID) > 0: + case o.ID != "": u = c.endpoint.ResolveReference(&url.URL{ Path: "/admin/provisioners/id", RawQuery: o.rawQuery(), }) - case len(o.Name) > 0: + case o.Name != "": u = c.endpoint.ResolveReference(&url.URL{Path: path.Join(adminURLPrefix, "provisioners", o.Name)}) default: return nil, errors.New("must set either name or id in method options") @@ -478,12 +478,12 @@ func (c *AdminClient) RemoveProvisioner(opts ...ProvisionerOption) error { } switch { - case len(o.ID) > 0: + case o.ID != "": u = c.endpoint.ResolveReference(&url.URL{ Path: path.Join(adminURLPrefix, "provisioners/id"), RawQuery: o.rawQuery(), }) - case len(o.Name) > 0: + case o.Name != "": u = c.endpoint.ResolveReference(&url.URL{Path: path.Join(adminURLPrefix, "provisioners", o.Name)}) default: return errors.New("must set either name or id in method options") diff --git a/ca/client.go b/ca/client.go index 3871c749..44961357 100644 --- a/ca/client.go +++ b/ca/client.go @@ -435,6 +435,7 @@ type ProvisionerOptions struct { Name string } +// Apply caches provisioner options on a struct for later use. func (o *ProvisionerOptions) Apply(opts []ProvisionerOption) (err error) { for _, fn := range opts { if err = fn(o); err != nil { @@ -446,16 +447,16 @@ func (o *ProvisionerOptions) Apply(opts []ProvisionerOption) (err error) { func (o *ProvisionerOptions) rawQuery() string { v := url.Values{} - if len(o.Cursor) > 0 { + if o.Cursor != "" { v.Set("cursor", o.Cursor) } if o.Limit > 0 { v.Set("limit", strconv.Itoa(o.Limit)) } - if len(o.ID) > 0 { + if o.ID != "" { v.Set("id", o.ID) } - if len(o.Name) > 0 { + if o.Name != "" { v.Set("name", o.Name) } return v.Encode() From 586e4fd3b5b9285ed0629ade4a121bf5ee65457c Mon Sep 17 00:00:00 2001 From: Max Date: Thu, 19 May 2022 22:26:20 -0700 Subject: [PATCH 5/7] Update authority/options.go Co-authored-by: Mariano Cano --- authority/options.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/authority/options.go b/authority/options.go index 755e0fbc..429ccb91 100644 --- a/authority/options.go +++ b/authority/options.go @@ -267,6 +267,8 @@ func WithAdminDB(d admin.DB) Option { } // WithProvisioners is an option to set the provisioner collection. +// +// Deprecated: provisioner collections will likely change func WithProvisioners(ps *provisioner.Collection) Option { return func(a *Authority) error { a.provisioners = ps From 8ca9442fe9f2f5dd1e8f48d7bf7270cff3a18c62 Mon Sep 17 00:00:00 2001 From: max furman Date: Thu, 19 May 2022 22:40:12 -0700 Subject: [PATCH 6/7] Add -s to make fmt and bump golangci-lint to 1.45.2 --- .github/workflows/release.yml | 2 +- .github/workflows/test.yml | 2 +- Makefile | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c90d949a..807cfdd6 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -33,7 +33,7 @@ jobs: uses: golangci/golangci-lint-action@v2 with: # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version - version: 'v1.45.0' + version: 'v1.45.2' # Optional: working directory, useful for monorepos # working-directory: somedir diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index b24426a0..046589af 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -33,7 +33,7 @@ jobs: uses: golangci/golangci-lint-action@v2 with: # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version - version: 'v1.45.0' + version: 'v1.45.2' # Optional: working directory, useful for monorepos # working-directory: somedir diff --git a/Makefile b/Makefile index 09e342df..906569f1 100644 --- a/Makefile +++ b/Makefile @@ -151,7 +151,7 @@ integration: bin/$(BINNAME) ######################################### fmt: - $Q gofmt -l -w $(SRC) + $Q gofmt -l -s -w $(SRC) lint: $Q golangci-lint run --timeout=30m From 5443aa073a40c64bb91b0b6535abec6cb1d0f735 Mon Sep 17 00:00:00 2001 From: max furman Date: Thu, 19 May 2022 22:46:25 -0700 Subject: [PATCH 7/7] gofmt -s --- authority/options.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/authority/options.go b/authority/options.go index 429ccb91..6e1949f5 100644 --- a/authority/options.go +++ b/authority/options.go @@ -267,7 +267,7 @@ func WithAdminDB(d admin.DB) Option { } // WithProvisioners is an option to set the provisioner collection. -// +// // Deprecated: provisioner collections will likely change func WithProvisioners(ps *provisioner.Collection) Option { return func(a *Authority) error {