Merge pull request #123 from authzed/add-linter

chore: add linter rules

Author: Verolop

.golangci.yaml

@@ -0,0 +1,61 @@
+---
+version: "2"
+run:
+  allow-parallel-runners: true
+  build-tags:
+    - "mage"
+linters:
+  enable:
+    - "bidichk"
+#    - "bodyclose"
+    - "errcheck"
+    - "errname"
+    - "errorlint"
+    - "gocritic"
+    - "goprintffuncname"
+    #    - "gosec"
+    - "govet"
+    - "importas"
+    - "ineffassign"
+    - "makezero"
+    - "prealloc"
+    - "predeclared"
+    - "promlinter"
+    #    - "revive"
+    - "rowserrcheck"
+    - "spancheck"
+    - "staticcheck"
+    - "tagalign"
+    - "testifylint"
+    - "tparallel"
+    - "unconvert"
+    #    - "usetesting"
+    - "wastedassign"
+    - "whitespace"
+    - "unused"
+  settings:
+    staticcheck:
+      checks:
+        - "all"
+        - "-ST1000" # at least one file in a package should have a package comment
+        - "-ST1003" # Poorly chosen identifier
+formatters:
+  enable:
+    - "gci"
+    - "gofmt"
+    - "gofumpt"
+    - "goimports"
+  settings:
+    gofmt:
+      rewrite-rules:
+        - pattern: "interface{}"
+          replacement: "any"
+    gci:
+      sections:
+        - "standard"
+        - "default"
+        - "prefix(github.com/authzed)"
+        - "localmodule"
+    goimports:
+      local-prefixes:
+        - "github.com/authzed/terraform-provider-authzed"

internal/client/cloud_client.go

@@ -118,6 +118,8 @@ type ResponseWithETag struct {
 	ETag     string
 }
 
+var _ HTTPResponder = (*ResponseWithETag)(nil)
+
 // RequestOption allows setting optional parameters for requests
 type RequestOption func(*http.Request)
 
@@ -273,13 +275,13 @@ func (c *CloudClient) waitForDeletion(endpoint string) error {
 	}
 }
 
-func backoffDelay(base, cap time.Duration, attempt int) time.Duration {
+func backoffDelay(base, capDelay time.Duration, attempt int) time.Duration {
 	if attempt < 1 {
 		attempt = 1
 	}
 	exp := time.Duration(float64(base) * math.Pow(2, float64(attempt-1)))
-	if exp > cap {
-		exp = cap
+	if exp > capDelay {
+		exp = capDelay
 	}
 	jitter := time.Duration(rand.Int63n(int64(exp) / 2))
 	return exp + jitter
@@ -482,7 +484,7 @@ func (c *CloudClient) CreateResourceWithFactoryAndRecovery(ctx context.Context,
 	if err != nil {
 		// Attempt idempotent recovery for ambiguous outcomes
 		if recovery != nil && isAmbiguousError(err) {
-			if bodyMap, ok := body.(map[string]interface{}); ok {
+			if bodyMap, ok := body.(map[string]any); ok {
 				if name, exists := bodyMap["name"].(string); exists {
 					if recovered, recErr := recovery.RecoverFromAmbiguousCreate(ctx, name, err); recErr == nil {
 						return recovered, nil

internal/client/errors.go

@@ -13,7 +13,6 @@ type HTTPResponder interface {
 	GetResponse() *http.Response
 }
 
-// Make http.Response implement HTTPResponder
 type HTTPResponseWrapper struct {
 	*http.Response
 }
@@ -22,7 +21,6 @@ func (r *HTTPResponseWrapper) GetResponse() *http.Response {
 	return r.Response
 }
 
-// Make ResponseWithETag implement HTTPResponder
 func (r *ResponseWithETag) GetResponse() *http.Response {
 	return r.Response
 }

internal/client/permission_system.go

@@ -33,7 +33,7 @@ func (ps *PermissionsSystemWithETag) SetETag(etag string) {
 }
 
 // GetResource returns the underlying permissions system
-func (ps *PermissionsSystemWithETag) GetResource() interface{} {
+func (ps *PermissionsSystemWithETag) GetResource() any {
 	return ps.PermissionsSystem
 }
 

internal/client/policy.go

@@ -33,7 +33,7 @@ func (p *PolicyWithETag) SetETag(etag string) {
 }
 
 // GetResource returns the underlying policy
-func (p *PolicyWithETag) GetResource() interface{} {
+func (p *PolicyWithETag) GetResource() any {
 	return p.Policy
 }
 

internal/client/retry.go

@@ -2,6 +2,7 @@ package client
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"math"
 	"math/rand"
@@ -84,7 +85,7 @@ func (rc *RetryConfig) RetryWithExponentialBackoff(
 					operationName, delay, attempt+1, rc.MaxRetries+1),
 			)
 
-			tflog.Warn(ctx, "conflict detected, retrying with exponential backoff", map[string]interface{}{
+			tflog.Warn(ctx, "conflict detected, retrying with exponential backoff", map[string]any{
 				"operation":    operationName,
 				"status_code":  resp.Response.StatusCode,
 				"attempt":      attempt + 1,
@@ -112,9 +113,10 @@ func (rc *RetryConfig) RetryWithExponentialBackoff(
 		// If there's an error, check if it's retryable
 		if lastErr != nil {
 			// Check if this is a retryable error (APIError with retryable status code)
-			if apiErr, ok := lastErr.(*APIError); ok && rc.ShouldRetry(apiErr.StatusCode) {
+			apiErr := &APIError{}
+			if errors.As(lastErr, &apiErr) && rc.ShouldRetry(apiErr.StatusCode) {
 				// This is a retryable error, continue the retry loop
-				tflog.Debug(ctx, "retryable error encountered, continuing retry loop", map[string]interface{}{
+				tflog.Debug(ctx, "retryable error encountered, continuing retry loop", map[string]any{
 					"operation":   operationName,
 					"status_code": apiErr.StatusCode,
 					"attempt":     attempt + 1,
@@ -138,7 +140,7 @@ func (rc *RetryConfig) RetryWithExponentialBackoff(
 						operationName, attempt),
 				)
 
-				tflog.Info(ctx, "retry succeeded", map[string]interface{}{
+				tflog.Info(ctx, "retry succeeded", map[string]any{
 					"operation":     operationName,
 					"final_attempt": attempt + 1,
 					"total_retries": attempt,
@@ -162,7 +164,7 @@ func (rc *RetryConfig) RetryWithExponentialBackoff(
 			rc.MaxRetries, operationName),
 	)
 
-	tflog.Error(ctx, "retries exhausted", map[string]interface{}{
+	tflog.Error(ctx, "retries exhausted", map[string]any{
 		"operation":    operationName,
 		"max_attempts": rc.MaxRetries + 1,
 		"final_status": resp.Response.StatusCode,
@@ -213,9 +215,10 @@ func (rc *RetryConfig) RetryWithExponentialBackoffLegacy(
 		// If there's an error, check if it's retryable
 		if lastErr != nil {
 			// Check if this is a retryable error (APIError with retryable status code)
-			if apiErr, ok := lastErr.(*APIError); ok && rc.ShouldRetry(apiErr.StatusCode) {
+			apiErr := &APIError{}
+			if errors.As(lastErr, &apiErr) && rc.ShouldRetry(apiErr.StatusCode) {
 				// This is a retryable error, continue the retry loop
-				tflog.Debug(ctx, "retryable error encountered, continuing retry loop", map[string]interface{}{
+				tflog.Debug(ctx, "retryable error encountered, continuing retry loop", map[string]any{
 					"operation":   operationName,
 					"status_code": apiErr.StatusCode,
 					"attempt":     attempt + 1,

internal/client/role.go

@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"context"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"io"
 	"net/http"
@@ -34,7 +35,7 @@ func (r *RoleWithETag) SetETag(etag string) {
 }
 
 // GetResource returns the underlying role
-func (r *RoleWithETag) GetResource() interface{} {
+func (r *RoleWithETag) GetResource() any {
 	return r.Role
 }
 
@@ -121,7 +122,8 @@ func (c *CloudClient) CreateRole(ctx context.Context, role *models.Role) (*RoleW
 	resource, err := c.CreateResourceWithFactoryAndRecovery(ctx, path, role, &createdRole, NewRoleResource, recovery)
 	if err != nil {
 		// Special handling for specific errors
-		if apiErr, ok := err.(*APIError); ok && apiErr.StatusCode == http.StatusInternalServerError {
+		apiErr := &APIError{}
+		if errors.As(err, &apiErr) && apiErr.StatusCode == http.StatusInternalServerError {
 			// Check if the error message indicates a duplicate name
 			if strings.Contains(string(apiErr.Body), "duplicate") || strings.Contains(string(apiErr.Body), "already exists") {
 				return nil, fmt.Errorf("role with name '%s' already exists in permission system '%s'", role.Name, role.PermissionsSystemID)

internal/client/service_account.go

@@ -6,9 +6,10 @@ import (
 	"fmt"
 	"io"
 	"net/http"
-	"terraform-provider-authzed/internal/models"
 
 	"github.com/hashicorp/terraform-plugin-framework/diag"
+
+	"terraform-provider-authzed/internal/models"
 )
 
 // ServiceAccountWithETag represents a service account resource with its ETag
@@ -33,7 +34,7 @@ func (sa *ServiceAccountWithETag) SetETag(etag string) {
 }
 
 // GetResource returns the underlying service account
-func (sa *ServiceAccountWithETag) GetResource() interface{} {
+func (sa *ServiceAccountWithETag) GetResource() any {
 	return sa.ServiceAccount
 }
 

internal/client/test/etag_test.go

@@ -6,10 +6,11 @@ import (
 	"net/http/httptest"
 	"testing"
 
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
 	"terraform-provider-authzed/internal/client"
 	"terraform-provider-authzed/internal/models"
-
-	"github.com/stretchr/testify/assert"
 )
 
 func TestETagSupport(t *testing.T) {
@@ -113,7 +114,7 @@ func TestETagSupport(t *testing.T) {
 		getRequestCount = 0
 
 		sa, err := c.GetServiceAccount(context.Background(), "ps-test123", "asa-test123")
-		assert.NoError(t, err)
+		require.NoError(t, err)
 		assert.Equal(t, testETag, sa.GetETag())
 	})
 

internal/client/test/fgam_error_test.go

@@ -3,9 +3,9 @@ package test
 import (
 	"testing"
 
-	"terraform-provider-authzed/internal/client"
-
 	"github.com/stretchr/testify/assert"
+
+	"terraform-provider-authzed/internal/client"
 )
 
 func TestFGAMErrorMessages(t *testing.T) {