Run a more strict formatter over the code (#11312)

* Update tooling

* Run gofumpt

* go mod vendor

Makefile

@@ -210,7 +210,7 @@ fmtcheck:
 #@sh -c "'$(CURDIR)/scripts/gofmtcheck.sh'"
 
 fmt:
-	goimports -w $(GOFMT_FILES)
+	find . -name '*.go' | grep -v pb.go | grep -v vendor | xargs gofumpt -w
 
 assetcheck:
 	@echo "==> Checking compiled UI assets..."

api/client.go

@@ -25,26 +25,30 @@ import (
 	"golang.org/x/time/rate"
 )
 
-const EnvVaultAddress = "VAULT_ADDR"
-const EnvVaultAgentAddr = "VAULT_AGENT_ADDR"
-const EnvVaultCACert = "VAULT_CACERT"
-const EnvVaultCAPath = "VAULT_CAPATH"
-const EnvVaultClientCert = "VAULT_CLIENT_CERT"
-const EnvVaultClientKey = "VAULT_CLIENT_KEY"
-const EnvVaultClientTimeout = "VAULT_CLIENT_TIMEOUT"
-const EnvVaultSRVLookup = "VAULT_SRV_LOOKUP"
-const EnvVaultSkipVerify = "VAULT_SKIP_VERIFY"
-const EnvVaultNamespace = "VAULT_NAMESPACE"
-const EnvVaultTLSServerName = "VAULT_TLS_SERVER_NAME"
-const EnvVaultWrapTTL = "VAULT_WRAP_TTL"
-const EnvVaultMaxRetries = "VAULT_MAX_RETRIES"
-const EnvVaultToken = "VAULT_TOKEN"
-const EnvVaultMFA = "VAULT_MFA"
-const EnvRateLimit = "VAULT_RATE_LIMIT"
+const (
+	EnvVaultAddress       = "VAULT_ADDR"
+	EnvVaultAgentAddr     = "VAULT_AGENT_ADDR"
+	EnvVaultCACert        = "VAULT_CACERT"
+	EnvVaultCAPath        = "VAULT_CAPATH"
+	EnvVaultClientCert    = "VAULT_CLIENT_CERT"
+	EnvVaultClientKey     = "VAULT_CLIENT_KEY"
+	EnvVaultClientTimeout = "VAULT_CLIENT_TIMEOUT"
+	EnvVaultSRVLookup     = "VAULT_SRV_LOOKUP"
+	EnvVaultSkipVerify    = "VAULT_SKIP_VERIFY"
+	EnvVaultNamespace     = "VAULT_NAMESPACE"
+	EnvVaultTLSServerName = "VAULT_TLS_SERVER_NAME"
+	EnvVaultWrapTTL       = "VAULT_WRAP_TTL"
+	EnvVaultMaxRetries    = "VAULT_MAX_RETRIES"
+	EnvVaultToken         = "VAULT_TOKEN"
+	EnvVaultMFA           = "VAULT_MFA"
+	EnvRateLimit          = "VAULT_RATE_LIMIT"
+)
 
 // Deprecated values
-const EnvVaultAgentAddress = "VAULT_AGENT_ADDR"
-const EnvVaultInsecure = "VAULT_SKIP_VERIFY"
+const (
+	EnvVaultAgentAddress = "VAULT_AGENT_ADDR"
+	EnvVaultInsecure     = "VAULT_SKIP_VERIFY"
+)
 
 // WrappingLookupFunc is a function that, given an HTTP verb and a path,
 // returns an optional string duration to be used for response wrapping (e.g.
@@ -359,7 +363,6 @@ func (c *Config) ReadEnvironment() error {
 }
 
 func parseRateLimit(val string) (rate float64, burst int, err error) {
-
 	_, err = fmt.Sscanf(val, "%f:%d", &rate, &burst)
 	if err != nil {
 		rate, err = strconv.ParseFloat(val, 64)
@@ -370,7 +373,6 @@ func parseRateLimit(val string) (rate float64, burst int, err error) {
 	}
 
 	return rate, burst, err
-
 }
 
 // Client is the client to the Vault API. Create a client with NewClient.
@@ -793,7 +795,7 @@ func (c *Client) NewRequest(method, requestPath string) *Request {
 	policyOverride := c.policyOverride
 	c.modifyLock.RUnlock()
 
-	var host = addr.Host
+	host := addr.Host
 	// if SRV records exist (see https://tools.ietf.org/html/draft-andrews-http-srv-02), lookup the SRV
 	// record and take the highest match; this is not designed for high-availability, just discovery
 	// Internet Draft specifies that the SRV record is ignored if a port is given
@@ -985,8 +987,10 @@ START:
 	return result, nil
 }
 
-type RequestCallback func(*Request)
-type ResponseCallback func(*Response)
+type (
+	RequestCallback  func(*Request)
+	ResponseCallback func(*Response)
+)
 
 // WithRequestCallbacks makes a shallow clone of Client, modifies it to use
 // the given callbacks, and returns it.  Each of the callbacks will be invoked

api/client_test.go

@@ -369,8 +369,8 @@ func TestParsingRateOnly(t *testing.T) {
 }
 
 func TestParsingErrorCase(t *testing.T) {
-	var incorrectFormat = "foobar"
-	var _, _, err = parseRateLimit(incorrectFormat)
+	incorrectFormat := "foobar"
+	_, _, err := parseRateLimit(incorrectFormat)
 	if err == nil {
 		t.Error("Expected error, found no error")
 	}

api/lifetime_watcher.go

@@ -380,5 +380,7 @@ func (r *LifetimeWatcher) calculateGrace(leaseDuration time.Duration) {
 	r.grace = time.Duration(jitterMax) + time.Duration(uint64(r.random.Int63())%uint64(jitterMax))
 }
 
-type Renewer = LifetimeWatcher
-type RenewerInput = LifetimeWatcherInput
+type (
+	Renewer      = LifetimeWatcher
+	RenewerInput = LifetimeWatcherInput
+)

api/output_string.go

@@ -11,9 +11,7 @@ const (
 	ErrOutputStringRequest = "output a string, please"
 )
 
-var (
-	LastOutputStringError *OutputStringError
-)
+var LastOutputStringError *OutputStringError
 
 type OutputStringError struct {
 	*retryablehttp.Request

api/plugin_helpers.go

@@ -82,7 +82,7 @@ func VaultPluginTLSProvider(apiTLSConfig *TLSConfig) func() (*tls.Config, error)
 			return nil, errwrap.Wrapf("error parsing wrapping token: {{err}}", err)
 		}
 
-		var allClaims = make(map[string]interface{})
+		allClaims := make(map[string]interface{})
 		if err = parsedJWT.UnsafeClaimsWithoutVerification(&allClaims); err != nil {
 			return nil, errwrap.Wrapf("error parsing claims from wrapping token: {{err}}", err)
 		}

api/ssh_agent_test.go

@@ -33,7 +33,7 @@ func TestSSH_CreateTLSClient(t *testing.T) {
 
 func TestSSH_CreateTLSClient_tlsServerName(t *testing.T) {
 	// Ensure that the HTTP client is associated with the configured TLS server name.
-	var tlsServerName = "tls.server.name"
+	tlsServerName := "tls.server.name"
 
 	config, err := ParseSSHHelperConfig(fmt.Sprintf(`
 vault_addr = "1.2.3.4"
@@ -93,13 +93,12 @@ nope = "bad"
 }
 
 func TestParseSSHHelperConfig_tlsServerName(t *testing.T) {
-	var tlsServerName = "tls.server.name"
+	tlsServerName := "tls.server.name"
 
 	config, err := ParseSSHHelperConfig(fmt.Sprintf(`
 vault_addr = "1.2.3.4"
 tls_server_name = "%s"
 `, tlsServerName))
-
 	if err != nil {
 		t.Fatal(err)
 	}

api/sys_audit.go

@@ -52,7 +52,6 @@ func (c *Sys) ListAudit() (map[string]*Audit, error) {
 	ctx, cancelFunc := context.WithCancel(context.Background())
 	defer cancelFunc()
 	resp, err := c.c.RawRequestWithContext(ctx, r)
-
 	if err != nil {
 		return nil, err
 	}
@@ -94,7 +93,6 @@ func (c *Sys) EnableAuditWithOptions(path string, options *EnableAuditOptions) e
 	ctx, cancelFunc := context.WithCancel(context.Background())
 	defer cancelFunc()
 	resp, err := c.c.RawRequestWithContext(ctx, r)
-
 	if err != nil {
 		return err
 	}

api/sys_auth.go

@@ -74,7 +74,9 @@ func (c *Sys) DisableAuth(path string) error {
 }
 
 // Rather than duplicate, we can use modern Go's type aliasing
-type EnableAuthOptions = MountInput
-type AuthConfigInput = MountConfigInput
-type AuthMount = MountOutput
-type AuthConfigOutput = MountConfigOutput
+type (
+	EnableAuthOptions = MountInput
+	AuthConfigInput   = MountConfigInput
+	AuthMount         = MountOutput
+	AuthConfigOutput  = MountConfigOutput
+)

api/sys_plugins.go

@@ -109,7 +109,6 @@ func (c *Sys) ListPlugins(i *ListPluginsInput) (*ListPluginsResponse, error) {
 			for i, nameIfc := range pluginsIfc {
 				name, ok := nameIfc.(string)
 				if !ok {
-
 				}
 				plugins[i] = name
 			}
@@ -323,7 +322,6 @@ func (c *Sys) ReloadPluginStatus(reloadStatusInput *ReloadPluginStatusInput) (*R
 		return &r, nil
 	}
 	return nil, nil
-
 }
 
 // catalogPathByType is a helper to construct the proper API path by plugin type

audit/format_json_test.go

@@ -4,14 +4,12 @@ import (
 	"bytes"
 	"context"
 	"encoding/json"
+	"errors"
+	"fmt"
 	"strings"
 	"testing"
 	"time"
 
-	"errors"
-
-	"fmt"
-
 	"github.com/hashicorp/vault/helper/namespace"
 	"github.com/hashicorp/vault/sdk/helper/jsonutil"
 	"github.com/hashicorp/vault/sdk/helper/salt"
@@ -61,7 +59,7 @@ func TestFormatJSON_formatRequest(t *testing.T) {
 					TTL: 60 * time.Second,
 				},
 				Headers: map[string][]string{
-					"foo": []string{"bar"},
+					"foo": {"bar"},
 				},
 			},
 			errors.New("this is an error"),
@@ -92,7 +90,7 @@ func TestFormatJSON_formatRequest(t *testing.T) {
 					TTL: 60 * time.Second,
 				},
 				Headers: map[string][]string{
-					"foo": []string{"bar"},
+					"foo": {"bar"},
 				},
 			},
 			errors.New("this is an error"),
@@ -125,14 +123,14 @@ func TestFormatJSON_formatRequest(t *testing.T) {
 			t.Fatalf("no prefix: %s \n log: %s\nprefix: %s", name, expectedResultStr, tc.Prefix)
 		}
 
-		var expectedjson = new(AuditRequestEntry)
+		expectedjson := new(AuditRequestEntry)
 
 		if err := jsonutil.DecodeJSON([]byte(expectedResultStr), &expectedjson); err != nil {
 			t.Fatalf("bad json: %s", err)
 		}
 		expectedjson.Request.Namespace = &AuditNamespace{ID: "root"}
 
-		var actualjson = new(AuditRequestEntry)
+		actualjson := new(AuditRequestEntry)
 		if err := jsonutil.DecodeJSON([]byte(buf.String())[len(tc.Prefix):], &actualjson); err != nil {
 			t.Fatalf("bad json: %s", err)
 		}

audit/format_jsonx_test.go

@@ -3,14 +3,12 @@ package audit
 import (
 	"bytes"
 	"context"
+	"errors"
+	"fmt"
 	"strings"
 	"testing"
 	"time"
 
-	"errors"
-
-	"fmt"
-
 	"github.com/hashicorp/vault/helper/namespace"
 	"github.com/hashicorp/vault/sdk/helper/salt"
 	"github.com/hashicorp/vault/sdk/logical"
@@ -63,7 +61,7 @@ func TestFormatJSONx_formatRequest(t *testing.T) {
 					TTL: 60 * time.Second,
 				},
 				Headers: map[string][]string{
-					"foo": []string{"bar"},
+					"foo": {"bar"},
 				},
 				PolicyOverride: true,
 			},
@@ -100,7 +98,7 @@ func TestFormatJSONx_formatRequest(t *testing.T) {
 					TTL: 60 * time.Second,
 				},
 				Headers: map[string][]string{
-					"foo": []string{"bar"},
+					"foo": {"bar"},
 				},
 				PolicyOverride: true,
 			},

builtin/audit/file/backend.go

@@ -73,7 +73,7 @@ func Factory(ctx context.Context, conf *audit.BackendConfig) (audit.Backend, err
 	}
 
 	// Check if mode is provided
-	mode := os.FileMode(0600)
+	mode := os.FileMode(0o600)
 	if modeRaw, ok := conf.Config["mode"]; ok {
 		m, err := strconv.ParseUint(modeRaw, 8, 32)
 		if err != nil {

builtin/audit/file/backend_test.go

@@ -61,7 +61,7 @@ func TestAuditFile_fileModeExisting(t *testing.T) {
 	}
 	defer os.Remove(f.Name())
 
-	err = os.Chmod(f.Name(), 0777)
+	err = os.Chmod(f.Name(), 0o777)
 	if err != nil {
 		t.Fatalf("Failure to chmod temp file for testing.")
 	}
@@ -88,7 +88,7 @@ func TestAuditFile_fileModeExisting(t *testing.T) {
 	if err != nil {
 		t.Fatalf("cannot retrieve file mode from `Stat`")
 	}
-	if info.Mode() != os.FileMode(0600) {
+	if info.Mode() != os.FileMode(0o600) {
 		t.Fatalf("File mode does not match.")
 	}
 }
@@ -126,7 +126,7 @@ func BenchmarkAuditFile_request(b *testing.B) {
 				TTL: 60 * time.Second,
 			},
 			Headers: map[string][]string{
-				"foo": []string{"bar"},
+				"foo": {"bar"},
 			},
 		},
 	}

builtin/credential/app-id/backend.go

@@ -26,12 +26,12 @@ func Backend(conf *logical.BackendConfig) (*backend, error) {
 		PathMap: framework.PathMap{
 			Name: "app-id",
 			Schema: map[string]*framework.FieldSchema{
-				"display_name": &framework.FieldSchema{
+				"display_name": {
 					Type:        framework.TypeString,
 					Description: "A name to map to this app ID for logs.",
 				},
 
-				"value": &framework.FieldSchema{
+				"value": {
 					Type:        framework.TypeString,
 					Description: "Policies for the app ID.",
 				},
@@ -43,12 +43,12 @@ func Backend(conf *logical.BackendConfig) (*backend, error) {
 	b.MapUserId = &framework.PathMap{
 		Name: "user-id",
 		Schema: map[string]*framework.FieldSchema{
-			"cidr_block": &framework.FieldSchema{
+			"cidr_block": {
 				Type:        framework.TypeString,
 				Description: "If not blank, restricts auth by this CIDR block",
 			},
 
-			"value": &framework.FieldSchema{
+			"value": {
 				Type:        framework.TypeString,
 				Description: "App IDs that this user associates with.",
 			},

builtin/credential/app-id/path_login.go

@@ -19,12 +19,12 @@ func pathLoginWithAppIDPath(b *backend) *framework.Path {
 	return &framework.Path{
 		Pattern: "login/(?P<app_id>.+)",
 		Fields: map[string]*framework.FieldSchema{
-			"app_id": &framework.FieldSchema{
+			"app_id": {
 				Type:        framework.TypeString,
 				Description: "The unique app ID",
 			},
 
-			"user_id": &framework.FieldSchema{
+			"user_id": {
 				Type:        framework.TypeString,
 				Description: "The unique user ID",
 			},
@@ -43,12 +43,12 @@ func pathLogin(b *backend) *framework.Path {
 	return &framework.Path{
 		Pattern: "login$",
 		Fields: map[string]*framework.FieldSchema{
-			"app_id": &framework.FieldSchema{
+			"app_id": {
 				Type:        framework.TypeString,
 				Description: "The unique app ID",
 			},
 
-			"user_id": &framework.FieldSchema{
+			"user_id": {
 				Type:        framework.TypeString,
 				Description: "The unique user ID",
 			},