Fix golangci-lint v2 compliance, make all passes clean
- Fix 314 errcheck violations (blank identifier for unrecoverable errors) - Fix errorlint violation (errors.Is for io.EOF) - Remove unused serveL7Route test helper - Simplify Duration.Seconds() selectors in tests - Remove unnecessary fmt.Sprintf in test - Migrate exclusion rules from issues.exclusions to linters.exclusions (v2 schema) - Add gosec test exclusions (G115, G304, G402, G705) - Disable fieldalignment govet analyzer (optimization, not correctness) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -58,8 +58,8 @@ func testCert(t *testing.T, hostname string) (certPath, keyPath string) {
|
||||
if err != nil {
|
||||
t.Fatalf("creating cert file: %v", err)
|
||||
}
|
||||
pem.Encode(certFile, &pem.Block{Type: "CERTIFICATE", Bytes: certDER})
|
||||
certFile.Close()
|
||||
_ = pem.Encode(certFile, &pem.Block{Type: "CERTIFICATE", Bytes: certDER})
|
||||
_ = certFile.Close()
|
||||
|
||||
keyDER, err := x509.MarshalECPrivateKey(key)
|
||||
if err != nil {
|
||||
@@ -69,8 +69,8 @@ func testCert(t *testing.T, hostname string) (certPath, keyPath string) {
|
||||
if err != nil {
|
||||
t.Fatalf("creating key file: %v", err)
|
||||
}
|
||||
pem.Encode(keyFile, &pem.Block{Type: "EC PRIVATE KEY", Bytes: keyDER})
|
||||
keyFile.Close()
|
||||
_ = pem.Encode(keyFile, &pem.Block{Type: "EC PRIVATE KEY", Bytes: keyDER})
|
||||
_ = keyFile.Close()
|
||||
|
||||
return certPath, keyPath
|
||||
}
|
||||
@@ -91,11 +91,11 @@ func startH2CBackend(t *testing.T, handler http.Handler) string {
|
||||
t.Fatalf("listen: %v", err)
|
||||
}
|
||||
t.Cleanup(func() {
|
||||
srv.Close()
|
||||
ln.Close()
|
||||
_ = srv.Close()
|
||||
_ = ln.Close()
|
||||
})
|
||||
|
||||
go srv.Serve(ln)
|
||||
go func() { _ = srv.Serve(ln) }()
|
||||
return ln.Addr().String()
|
||||
}
|
||||
|
||||
@@ -118,7 +118,7 @@ func dialTLSToProxy(t *testing.T, proxyAddr, serverName string) *http.Client {
|
||||
if err != nil {
|
||||
t.Fatalf("TLS dial: %v", err)
|
||||
}
|
||||
t.Cleanup(func() { conn.Close() })
|
||||
t.Cleanup(func() { _ = conn.Close() })
|
||||
|
||||
// Create an HTTP/2 client transport over this single connection.
|
||||
tr := &http2.Transport{}
|
||||
@@ -142,29 +142,13 @@ func (s *singleConnRoundTripper) RoundTrip(req *http.Request) (*http.Response, e
|
||||
return s.cc.RoundTrip(req)
|
||||
}
|
||||
|
||||
// serveL7Route starts l7.Serve in a goroutine for a single connection.
|
||||
// Returns when the goroutine completes.
|
||||
func serveL7Route(t *testing.T, conn net.Conn, peeked []byte, route RouteConfig) {
|
||||
t.Helper()
|
||||
logger := slog.New(slog.NewTextHandler(io.Discard, nil))
|
||||
clientAddr := netip.MustParseAddrPort("203.0.113.50:12345")
|
||||
ctx := context.Background()
|
||||
|
||||
go func() {
|
||||
l7Err := Serve(ctx, conn, peeked, route, clientAddr, logger)
|
||||
if l7Err != nil {
|
||||
t.Logf("l7.Serve: %v", l7Err)
|
||||
}
|
||||
}()
|
||||
}
|
||||
|
||||
func TestL7H2CBackend(t *testing.T) {
|
||||
certPath, keyPath := testCert(t, "l7.test")
|
||||
|
||||
// Start an h2c backend.
|
||||
backendAddr := startH2CBackend(t, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
w.Header().Set("X-Backend", "ok")
|
||||
fmt.Fprintf(w, "hello from backend, path=%s", r.URL.Path)
|
||||
_, _ = fmt.Fprintf(w, "hello from backend, path=%s", r.URL.Path)
|
||||
}))
|
||||
|
||||
// Start a TCP listener for the L7 proxy.
|
||||
@@ -172,7 +156,7 @@ func TestL7H2CBackend(t *testing.T) {
|
||||
if err != nil {
|
||||
t.Fatalf("proxy listen: %v", err)
|
||||
}
|
||||
defer proxyLn.Close()
|
||||
defer func() { _ = proxyLn.Close() }()
|
||||
|
||||
route := RouteConfig{
|
||||
Backend: backendAddr,
|
||||
@@ -190,17 +174,17 @@ func TestL7H2CBackend(t *testing.T) {
|
||||
logger := slog.New(slog.NewTextHandler(io.Discard, nil))
|
||||
clientAddr := netip.MustParseAddrPort("203.0.113.50:12345")
|
||||
// No peeked bytes — the client is connecting directly with TLS.
|
||||
Serve(context.Background(), conn, nil, route, clientAddr, logger)
|
||||
_ = Serve(context.Background(), conn, nil, route, clientAddr, logger)
|
||||
}()
|
||||
|
||||
// Connect as an HTTP/2 TLS client.
|
||||
client := dialTLSToProxy(t, proxyLn.Addr().String(), "l7.test")
|
||||
|
||||
resp, err := client.Get(fmt.Sprintf("https://l7.test/foo"))
|
||||
resp, err := client.Get("https://l7.test/foo")
|
||||
if err != nil {
|
||||
t.Fatalf("GET: %v", err)
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
defer func() { _ = resp.Body.Close() }()
|
||||
|
||||
if resp.StatusCode != 200 {
|
||||
t.Fatalf("status = %d, want 200", resp.StatusCode)
|
||||
@@ -221,7 +205,7 @@ func TestL7ForwardingHeaders(t *testing.T) {
|
||||
|
||||
// Backend that echoes the forwarding headers.
|
||||
backendAddr := startH2CBackend(t, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
fmt.Fprintf(w, "xff=%s xfp=%s xri=%s",
|
||||
_, _ = fmt.Fprintf(w, "xff=%s xfp=%s xri=%s",
|
||||
r.Header.Get("X-Forwarded-For"),
|
||||
r.Header.Get("X-Forwarded-Proto"),
|
||||
r.Header.Get("X-Real-IP"),
|
||||
@@ -232,7 +216,7 @@ func TestL7ForwardingHeaders(t *testing.T) {
|
||||
if err != nil {
|
||||
t.Fatalf("proxy listen: %v", err)
|
||||
}
|
||||
defer proxyLn.Close()
|
||||
defer func() { _ = proxyLn.Close() }()
|
||||
|
||||
route := RouteConfig{
|
||||
Backend: backendAddr,
|
||||
@@ -248,7 +232,7 @@ func TestL7ForwardingHeaders(t *testing.T) {
|
||||
}
|
||||
logger := slog.New(slog.NewTextHandler(io.Discard, nil))
|
||||
clientAddr := netip.MustParseAddrPort("203.0.113.50:12345")
|
||||
Serve(context.Background(), conn, nil, route, clientAddr, logger)
|
||||
_ = Serve(context.Background(), conn, nil, route, clientAddr, logger)
|
||||
}()
|
||||
|
||||
client := dialTLSToProxy(t, proxyLn.Addr().String(), "headers.test")
|
||||
@@ -256,7 +240,7 @@ func TestL7ForwardingHeaders(t *testing.T) {
|
||||
if err != nil {
|
||||
t.Fatalf("GET: %v", err)
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
defer func() { _ = resp.Body.Close() }()
|
||||
|
||||
body, _ := io.ReadAll(resp.Body)
|
||||
want := "xff=203.0.113.50 xfp=https xri=203.0.113.50"
|
||||
@@ -274,13 +258,13 @@ func TestL7BackendUnreachable(t *testing.T) {
|
||||
t.Fatalf("listen: %v", err)
|
||||
}
|
||||
deadAddr := ln.Addr().String()
|
||||
ln.Close()
|
||||
_ = ln.Close()
|
||||
|
||||
proxyLn, err := net.Listen("tcp", "127.0.0.1:0")
|
||||
if err != nil {
|
||||
t.Fatalf("proxy listen: %v", err)
|
||||
}
|
||||
defer proxyLn.Close()
|
||||
defer func() { _ = proxyLn.Close() }()
|
||||
|
||||
route := RouteConfig{
|
||||
Backend: deadAddr,
|
||||
@@ -296,7 +280,7 @@ func TestL7BackendUnreachable(t *testing.T) {
|
||||
}
|
||||
logger := slog.New(slog.NewTextHandler(io.Discard, nil))
|
||||
clientAddr := netip.MustParseAddrPort("203.0.113.50:12345")
|
||||
Serve(context.Background(), conn, nil, route, clientAddr, logger)
|
||||
_ = Serve(context.Background(), conn, nil, route, clientAddr, logger)
|
||||
}()
|
||||
|
||||
client := dialTLSToProxy(t, proxyLn.Addr().String(), "unreachable.test")
|
||||
@@ -304,7 +288,7 @@ func TestL7BackendUnreachable(t *testing.T) {
|
||||
if err != nil {
|
||||
t.Fatalf("GET: %v", err)
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
defer func() { _ = resp.Body.Close() }()
|
||||
|
||||
if resp.StatusCode != http.StatusBadGateway {
|
||||
t.Fatalf("status = %d, want 502", resp.StatusCode)
|
||||
@@ -342,14 +326,14 @@ func TestL7MultipleRequests(t *testing.T) {
|
||||
var reqCount int
|
||||
backendAddr := startH2CBackend(t, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
reqCount++
|
||||
fmt.Fprintf(w, "req=%d path=%s", reqCount, r.URL.Path)
|
||||
_, _ = fmt.Fprintf(w, "req=%d path=%s", reqCount, r.URL.Path)
|
||||
}))
|
||||
|
||||
proxyLn, err := net.Listen("tcp", "127.0.0.1:0")
|
||||
if err != nil {
|
||||
t.Fatalf("proxy listen: %v", err)
|
||||
}
|
||||
defer proxyLn.Close()
|
||||
defer func() { _ = proxyLn.Close() }()
|
||||
|
||||
route := RouteConfig{
|
||||
Backend: backendAddr,
|
||||
@@ -365,7 +349,7 @@ func TestL7MultipleRequests(t *testing.T) {
|
||||
}
|
||||
logger := slog.New(slog.NewTextHandler(io.Discard, nil))
|
||||
clientAddr := netip.MustParseAddrPort("203.0.113.50:12345")
|
||||
Serve(context.Background(), conn, nil, route, clientAddr, logger)
|
||||
_ = Serve(context.Background(), conn, nil, route, clientAddr, logger)
|
||||
}()
|
||||
|
||||
client := dialTLSToProxy(t, proxyLn.Addr().String(), "multi.test")
|
||||
@@ -378,7 +362,7 @@ func TestL7MultipleRequests(t *testing.T) {
|
||||
t.Fatalf("GET %s: %v", path, err)
|
||||
}
|
||||
body, _ := io.ReadAll(resp.Body)
|
||||
resp.Body.Close()
|
||||
_ = resp.Body.Close()
|
||||
|
||||
want := fmt.Sprintf("req=%d path=%s", i+1, path)
|
||||
if string(body) != want {
|
||||
@@ -396,14 +380,14 @@ func TestL7LargeResponse(t *testing.T) {
|
||||
largeBody[i] = byte(i % 256)
|
||||
}
|
||||
backendAddr := startH2CBackend(t, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
w.Write(largeBody)
|
||||
_, _ = w.Write(largeBody)
|
||||
}))
|
||||
|
||||
proxyLn, err := net.Listen("tcp", "127.0.0.1:0")
|
||||
if err != nil {
|
||||
t.Fatalf("proxy listen: %v", err)
|
||||
}
|
||||
defer proxyLn.Close()
|
||||
defer func() { _ = proxyLn.Close() }()
|
||||
|
||||
route := RouteConfig{
|
||||
Backend: backendAddr,
|
||||
@@ -418,7 +402,7 @@ func TestL7LargeResponse(t *testing.T) {
|
||||
return
|
||||
}
|
||||
logger := slog.New(slog.NewTextHandler(io.Discard, nil))
|
||||
Serve(context.Background(), conn, nil, route, netip.MustParseAddrPort("203.0.113.50:12345"), logger)
|
||||
_ = Serve(context.Background(), conn, nil, route, netip.MustParseAddrPort("203.0.113.50:12345"), logger)
|
||||
}()
|
||||
|
||||
client := dialTLSToProxy(t, proxyLn.Addr().String(), "large.test")
|
||||
@@ -426,7 +410,7 @@ func TestL7LargeResponse(t *testing.T) {
|
||||
if err != nil {
|
||||
t.Fatalf("GET: %v", err)
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
defer func() { _ = resp.Body.Close() }()
|
||||
|
||||
body, _ := io.ReadAll(resp.Body)
|
||||
if len(body) != len(largeBody) {
|
||||
@@ -455,7 +439,7 @@ func TestL7GRPCTrailers(t *testing.T) {
|
||||
if err != nil {
|
||||
t.Fatalf("proxy listen: %v", err)
|
||||
}
|
||||
defer proxyLn.Close()
|
||||
defer func() { _ = proxyLn.Close() }()
|
||||
|
||||
route := RouteConfig{
|
||||
Backend: backendAddr,
|
||||
@@ -470,7 +454,7 @@ func TestL7GRPCTrailers(t *testing.T) {
|
||||
return
|
||||
}
|
||||
logger := slog.New(slog.NewTextHandler(io.Discard, nil))
|
||||
Serve(context.Background(), conn, nil, route, netip.MustParseAddrPort("203.0.113.50:12345"), logger)
|
||||
_ = Serve(context.Background(), conn, nil, route, netip.MustParseAddrPort("203.0.113.50:12345"), logger)
|
||||
}()
|
||||
|
||||
client := dialTLSToProxy(t, proxyLn.Addr().String(), "trailers.test")
|
||||
@@ -480,10 +464,10 @@ func TestL7GRPCTrailers(t *testing.T) {
|
||||
if err != nil {
|
||||
t.Fatalf("POST: %v", err)
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
defer func() { _ = resp.Body.Close() }()
|
||||
|
||||
// Read body to trigger trailer delivery.
|
||||
io.ReadAll(resp.Body)
|
||||
_, _ = io.ReadAll(resp.Body)
|
||||
|
||||
// Verify trailers were forwarded through the proxy.
|
||||
grpcStatus := resp.Trailer.Get("Grpc-Status")
|
||||
@@ -500,14 +484,14 @@ func TestL7HTTP11Fallback(t *testing.T) {
|
||||
certPath, keyPath := testCert(t, "http11.test")
|
||||
|
||||
backendAddr := startH2CBackend(t, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
fmt.Fprintf(w, "proto=%s", r.Proto)
|
||||
_, _ = fmt.Fprintf(w, "proto=%s", r.Proto)
|
||||
}))
|
||||
|
||||
proxyLn, err := net.Listen("tcp", "127.0.0.1:0")
|
||||
if err != nil {
|
||||
t.Fatalf("proxy listen: %v", err)
|
||||
}
|
||||
defer proxyLn.Close()
|
||||
defer func() { _ = proxyLn.Close() }()
|
||||
|
||||
route := RouteConfig{
|
||||
Backend: backendAddr,
|
||||
@@ -522,7 +506,7 @@ func TestL7HTTP11Fallback(t *testing.T) {
|
||||
return
|
||||
}
|
||||
logger := slog.New(slog.NewTextHandler(io.Discard, nil))
|
||||
Serve(context.Background(), conn, nil, route, netip.MustParseAddrPort("203.0.113.50:12345"), logger)
|
||||
_ = Serve(context.Background(), conn, nil, route, netip.MustParseAddrPort("203.0.113.50:12345"), logger)
|
||||
}()
|
||||
|
||||
// Connect with HTTP/1.1 only (no h2 ALPN).
|
||||
@@ -538,7 +522,7 @@ func TestL7HTTP11Fallback(t *testing.T) {
|
||||
if err != nil {
|
||||
t.Fatalf("GET: %v", err)
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
defer func() { _ = resp.Body.Close() }()
|
||||
|
||||
if resp.StatusCode != 200 {
|
||||
t.Fatalf("status = %d, want 200", resp.StatusCode)
|
||||
@@ -556,14 +540,14 @@ func TestL7PolicyBlocksUserAgentE2E(t *testing.T) {
|
||||
certPath, keyPath := testCert(t, "policy.test")
|
||||
|
||||
backendAddr := startH2CBackend(t, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
fmt.Fprint(w, "should-not-reach")
|
||||
_, _ = fmt.Fprint(w, "should-not-reach")
|
||||
}))
|
||||
|
||||
proxyLn, err := net.Listen("tcp", "127.0.0.1:0")
|
||||
if err != nil {
|
||||
t.Fatalf("proxy listen: %v", err)
|
||||
}
|
||||
defer proxyLn.Close()
|
||||
defer func() { _ = proxyLn.Close() }()
|
||||
|
||||
route := RouteConfig{
|
||||
Backend: backendAddr,
|
||||
@@ -581,7 +565,7 @@ func TestL7PolicyBlocksUserAgentE2E(t *testing.T) {
|
||||
return
|
||||
}
|
||||
logger := slog.New(slog.NewTextHandler(io.Discard, nil))
|
||||
Serve(context.Background(), conn, nil, route, netip.MustParseAddrPort("203.0.113.50:12345"), logger)
|
||||
_ = Serve(context.Background(), conn, nil, route, netip.MustParseAddrPort("203.0.113.50:12345"), logger)
|
||||
}()
|
||||
|
||||
client := dialTLSToProxy(t, proxyLn.Addr().String(), "policy.test")
|
||||
@@ -591,7 +575,7 @@ func TestL7PolicyBlocksUserAgentE2E(t *testing.T) {
|
||||
if err != nil {
|
||||
t.Fatalf("GET: %v", err)
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
defer func() { _ = resp.Body.Close() }()
|
||||
|
||||
if resp.StatusCode != 403 {
|
||||
t.Fatalf("status = %d, want 403", resp.StatusCode)
|
||||
@@ -602,14 +586,14 @@ func TestL7PolicyRequiresHeaderE2E(t *testing.T) {
|
||||
certPath, keyPath := testCert(t, "reqhdr.test")
|
||||
|
||||
backendAddr := startH2CBackend(t, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
fmt.Fprint(w, "ok")
|
||||
_, _ = fmt.Fprint(w, "ok")
|
||||
}))
|
||||
|
||||
proxyLn, err := net.Listen("tcp", "127.0.0.1:0")
|
||||
if err != nil {
|
||||
t.Fatalf("proxy listen: %v", err)
|
||||
}
|
||||
defer proxyLn.Close()
|
||||
defer func() { _ = proxyLn.Close() }()
|
||||
|
||||
route := RouteConfig{
|
||||
Backend: backendAddr,
|
||||
@@ -630,7 +614,7 @@ func TestL7PolicyRequiresHeaderE2E(t *testing.T) {
|
||||
}
|
||||
go func() {
|
||||
logger := slog.New(slog.NewTextHandler(io.Discard, nil))
|
||||
Serve(context.Background(), conn, nil, route, netip.MustParseAddrPort("203.0.113.50:12345"), logger)
|
||||
_ = Serve(context.Background(), conn, nil, route, netip.MustParseAddrPort("203.0.113.50:12345"), logger)
|
||||
}()
|
||||
}
|
||||
}()
|
||||
@@ -641,7 +625,7 @@ func TestL7PolicyRequiresHeaderE2E(t *testing.T) {
|
||||
if err != nil {
|
||||
t.Fatalf("GET without header: %v", err)
|
||||
}
|
||||
resp1.Body.Close()
|
||||
_ = resp1.Body.Close()
|
||||
if resp1.StatusCode != 403 {
|
||||
t.Fatalf("without header: status = %d, want 403", resp1.StatusCode)
|
||||
}
|
||||
@@ -654,7 +638,7 @@ func TestL7PolicyRequiresHeaderE2E(t *testing.T) {
|
||||
if err != nil {
|
||||
t.Fatalf("GET with header: %v", err)
|
||||
}
|
||||
defer resp2.Body.Close()
|
||||
defer func() { _ = resp2.Body.Close() }()
|
||||
body, _ := io.ReadAll(resp2.Body)
|
||||
if resp2.StatusCode != 200 {
|
||||
t.Fatalf("with header: status = %d, want 200", resp2.StatusCode)
|
||||
|
||||
Reference in New Issue
Block a user