fix: linter issues in agent/consul (#22651)

Author: sreeram77

.golangci.yml

@@ -103,7 +103,6 @@ linters:
       - third_party$
       - builtin$
       - examples$
-      - agent/consul
 formatters:
   enable:
     - gofmt

agent/consul/acl_ce.go

@@ -34,19 +34,19 @@ func (r *ACLResolver) resolveEnterpriseDefaultsForIdentity(identity structs.ACLI
 }
 
 // resolveEnterpriseIdentityAndRoles will resolve an enterprise identity to an additional set of roles
-func (_ *ACLResolver) resolveEnterpriseIdentityAndRoles(_ structs.ACLIdentity) (structs.ACLIdentity, structs.ACLRoles, error) {
+func (*ACLResolver) resolveEnterpriseIdentityAndRoles(_ structs.ACLIdentity) (structs.ACLIdentity, structs.ACLRoles, error) {
 	// this function does nothing in CE
 	return nil, nil, nil
 }
 
 // resolveEnterpriseIdentityAndPolicies will resolve an enterprise identity to an additional set of policies
-func (_ *ACLResolver) resolveEnterpriseIdentityAndPolicies(_ structs.ACLIdentity) (structs.ACLIdentity, structs.ACLPolicies, error) {
+func (*ACLResolver) resolveEnterpriseIdentityAndPolicies(_ structs.ACLIdentity) (structs.ACLIdentity, structs.ACLPolicies, error) {
 	// this function does nothing in CE
 	return nil, nil, nil
 }
 
 // resolveLocallyManagedEnterpriseToken will resolve a managed service provider token to an identity and authorizer
-func (_ *ACLResolver) resolveLocallyManagedEnterpriseToken(_ string) (structs.ACLIdentity, acl.Authorizer, bool) {
+func (*ACLResolver) resolveLocallyManagedEnterpriseToken(_ string) (structs.ACLIdentity, acl.Authorizer, bool) {
 	return nil, nil, false
 }
 

agent/consul/acl_endpoint.go

@@ -325,7 +325,7 @@ func (a *ACL) TokenRead(args *structs.ACLTokenGetRequest, reply *structs.ACLToke
 				return fmt.Errorf("token has expired: %w", acl.ErrNotFound)
 			} else if token == nil {
 				// token does not exist
-				if ns := args.EnterpriseMeta.NamespaceOrEmpty(); ns != "" {
+				if ns := args.NamespaceOrEmpty(); ns != "" {
 					return fmt.Errorf("token not found in namespace %s: %w", ns, acl.ErrNotFound)
 				}
 				return fmt.Errorf("token does not exist: %w", acl.ErrNotFound)
@@ -485,7 +485,7 @@ func (a *ACL) TokenClone(args *structs.ACLTokenSetRequest, reply *structs.ACLTok
 	if err != nil {
 		return err
 	} else if token == nil {
-		if ns := args.ACLToken.EnterpriseMeta.NamespaceOrEmpty(); ns != "" {
+		if ns := args.ACLToken.NamespaceOrEmpty(); ns != "" {
 			return fmt.Errorf("token not found in namespace %s: %w", ns, acl.ErrNotFound)
 		}
 		return fmt.Errorf("token does not exist: %w", acl.ErrNotFound)
@@ -630,7 +630,7 @@ func (a *ACL) TokenDelete(args *structs.ACLTokenDeleteRequest, reply *string) er
 		return a.srv.forwardDC("ACL.TokenDelete", a.srv.config.PrimaryDatacenter, args, reply)
 	} else {
 		// in Primary Datacenter but the token does not exist - return early indicating it wasn't found.
-		if ns := args.EnterpriseMeta.NamespaceOrEmpty(); ns != "" {
+		if ns := args.NamespaceOrEmpty(); ns != "" {
 			return fmt.Errorf("token not found in namespace %s: %w", ns, acl.ErrNotFound)
 		}
 		return fmt.Errorf("token does not exist: %w", acl.ErrNotFound)
@@ -646,7 +646,7 @@ func (a *ACL) TokenDelete(args *structs.ACLTokenDeleteRequest, reply *string) er
 	}
 
 	// Purge the identity from the cache to prevent using the previous definition of the identity
-	a.srv.ACLResolver.cache.RemoveIdentityWithSecretToken(token.SecretID)
+	a.srv.cache.RemoveIdentityWithSecretToken(token.SecretID)
 
 	if reply != nil {
 		*reply = token.AccessorID
@@ -684,15 +684,15 @@ func (a *ACL) TokenList(args *structs.ACLTokenListRequest, reply *structs.ACLTok
 		return err
 	}
 	// merge the token default meta into the requests meta
-	args.EnterpriseMeta.Merge(&requestMeta)
-	args.EnterpriseMeta.FillAuthzContext(&authzContext)
+	args.Merge(&requestMeta)
+	args.FillAuthzContext(&authzContext)
 	if err := authz.ToAllowAuthorizer().ACLReadAllowed(&authzContext); err != nil {
 		return err
 	}
 
 	var methodMeta *acl.EnterpriseMeta
 	if args.AuthMethod != "" {
-		methodMeta = args.ACLAuthMethodEnterpriseMeta.ToEnterpriseMeta()
+		methodMeta = args.ToEnterpriseMeta()
 		// attempt to merge in the overall meta, wildcards will not be merged
 		methodMeta.MergeNoWildcard(&args.EnterpriseMeta)
 		// in the event that the meta above didn't merge due to being a wildcard
@@ -981,7 +981,7 @@ func (a *ACL) PolicySet(args *structs.ACLPolicySetRequest, reply *structs.ACLPol
 	}
 
 	// Remove from the cache to prevent stale cache usage
-	a.srv.ACLResolver.cache.RemovePolicy(policy.ID)
+	a.srv.cache.RemovePolicy(policy.ID)
 
 	if _, policy, err := a.srv.fsm.State().ACLPolicyGetByID(nil, policy.ID, &policy.EnterpriseMeta); err == nil && policy != nil {
 		*reply = *policy
@@ -1024,7 +1024,7 @@ func (a *ACL) PolicyDelete(args *structs.ACLPolicyDeleteRequest, reply *string)
 	}
 
 	if policy == nil {
-		if ns := args.EnterpriseMeta.NamespaceOrEmpty(); ns != "" {
+		if ns := args.NamespaceOrEmpty(); ns != "" {
 			return fmt.Errorf("policy not found in namespace %s: %w", ns, acl.ErrNotFound)
 		}
 		return fmt.Errorf("policy does not exist: %w", acl.ErrNotFound)
@@ -1043,7 +1043,7 @@ func (a *ACL) PolicyDelete(args *structs.ACLPolicyDeleteRequest, reply *string)
 		return fmt.Errorf("Failed to apply policy delete request: %v", err)
 	}
 
-	a.srv.ACLResolver.cache.RemovePolicy(policy.ID)
+	a.srv.cache.RemovePolicy(policy.ID)
 
 	*reply = policy.Name
 
@@ -1104,12 +1104,12 @@ func (a *ACL) PolicyResolve(args *structs.ACLPolicyBatchGetRequest, reply *struc
 	}
 
 	// get full list of policies for this token
-	identity, policies, err := a.srv.ACLResolver.resolveTokenToIdentityAndPolicies(args.Token)
+	identity, policies, err := a.srv.resolveTokenToIdentityAndPolicies(args.Token)
 	if err != nil {
 		return err
 	}
 
-	entIdentity, entPolicies, err := a.srv.ACLResolver.resolveEnterpriseIdentityAndPolicies(identity)
+	entIdentity, entPolicies, err := a.srv.resolveEnterpriseIdentityAndPolicies(identity)
 	if err != nil {
 		return err
 	}
@@ -1419,7 +1419,7 @@ func (a *ACL) RoleSet(args *structs.ACLRoleSetRequest, reply *structs.ACLRole) e
 	}
 
 	// Remove from the cache to prevent stale cache usage
-	a.srv.ACLResolver.cache.RemoveRole(role.ID)
+	a.srv.cache.RemoveRole(role.ID)
 
 	if _, role, err := a.srv.fsm.State().ACLRoleGetByID(nil, role.ID, &role.EnterpriseMeta); err == nil && role != nil {
 		*reply = *role
@@ -1462,7 +1462,7 @@ func (a *ACL) RoleDelete(args *structs.ACLRoleDeleteRequest, reply *string) erro
 	}
 
 	if role == nil {
-		if ns := args.EnterpriseMeta.NamespaceOrEmpty(); ns != "" {
+		if ns := args.NamespaceOrEmpty(); ns != "" {
 			return fmt.Errorf("role not found in namespace %s: %w", ns, acl.ErrNotFound)
 		}
 		return fmt.Errorf("role does not exist: %w", acl.ErrNotFound)
@@ -1477,7 +1477,7 @@ func (a *ACL) RoleDelete(args *structs.ACLRoleDeleteRequest, reply *string) erro
 		return fmt.Errorf("Failed to apply role delete request: %v", err)
 	}
 
-	a.srv.ACLResolver.cache.RemoveRole(role.ID)
+	a.srv.cache.RemoveRole(role.ID)
 
 	*reply = role.Name
 
@@ -1532,12 +1532,12 @@ func (a *ACL) RoleResolve(args *structs.ACLRoleBatchGetRequest, reply *structs.A
 	}
 
 	// get full list of roles for this token
-	identity, roles, err := a.srv.ACLResolver.resolveTokenToIdentityAndRoles(args.Token)
+	identity, roles, err := a.srv.resolveTokenToIdentityAndRoles(args.Token)
 	if err != nil {
 		return err
 	}
 
-	entIdentity, entRoles, err := a.srv.ACLResolver.resolveEnterpriseIdentityAndRoles(identity)
+	entIdentity, entRoles, err := a.srv.resolveEnterpriseIdentityAndRoles(identity)
 	if err != nil {
 		return err
 	}
@@ -1777,7 +1777,7 @@ func (a *ACL) BindingRuleDelete(args *structs.ACLBindingRuleDeleteRequest, reply
 	}
 
 	if rule == nil {
-		if ns := args.EnterpriseMeta.NamespaceOrEmpty(); ns != "" {
+		if ns := args.NamespaceOrEmpty(); ns != "" {
 			return fmt.Errorf("binding rule not found in namespace %s: %w", ns, acl.ErrNotFound)
 		}
 		return fmt.Errorf("binding rule does not exist: %w", acl.ErrNotFound)
@@ -2025,7 +2025,7 @@ func (a *ACL) AuthMethodDelete(args *structs.ACLAuthMethodDeleteRequest, reply *
 	}
 
 	if method == nil {
-		if ns := args.EnterpriseMeta.NamespaceOrEmpty(); ns != "" {
+		if ns := args.NamespaceOrEmpty(); ns != "" {
 			return fmt.Errorf("auth method not found in namespace %s: %w", ns, acl.ErrNotFound)
 		}
 		return fmt.Errorf("auth method does not exist: %w", acl.ErrNotFound)

agent/consul/acl_endpoint_test.go

@@ -5018,7 +5018,7 @@ func TestACLEndpoint_Login_with_MaxTokenTTL(t *testing.T) {
 		},
 		EnterpriseMeta: *defaultEntMeta,
 	}
-	expect.ACLAuthMethodEnterpriseMeta.FillWithEnterpriseMeta(defaultEntMeta)
+	expect.FillWithEnterpriseMeta(defaultEntMeta)
 	require.Equal(t, got, expect)
 }
 
@@ -5125,7 +5125,7 @@ func TestACLEndpoint_Login_with_TokenLocality(t *testing.T) {
 				},
 				EnterpriseMeta: *defaultEntMeta,
 			}
-			expect.ACLAuthMethodEnterpriseMeta.FillWithEnterpriseMeta(defaultEntMeta)
+			expect.FillWithEnterpriseMeta(defaultEntMeta)
 			require.Equal(t, got, expect)
 
 			// Now turn around and nuke it.

agent/consul/acl_replication_types.go

@@ -32,7 +32,7 @@ func (r *aclTokenReplicator) FetchRemote(srv *Server, lastRemoteIndex uint64) (i
 	}
 
 	r.remote = remote.Tokens
-	return len(remote.Tokens), remote.QueryMeta.Index, nil
+	return len(remote.Tokens), remote.Index, nil
 }
 
 func (r *aclTokenReplicator) FetchLocal(srv *Server) (int, uint64, error) {
@@ -142,7 +142,7 @@ func (r *aclPolicyReplicator) FetchRemote(srv *Server, lastRemoteIndex uint64) (
 	}
 
 	r.remote = remote.Policies
-	return len(remote.Policies), remote.QueryMeta.Index, nil
+	return len(remote.Policies), remote.Index, nil
 }
 
 func (r *aclPolicyReplicator) FetchLocal(srv *Server) (int, uint64, error) {
@@ -239,7 +239,7 @@ func (r *aclRoleReplicator) FetchRemote(srv *Server, lastRemoteIndex uint64) (in
 	}
 
 	r.remote = remote.Roles
-	return len(remote.Roles), remote.QueryMeta.Index, nil
+	return len(remote.Roles), remote.Index, nil
 }
 
 func (r *aclRoleReplicator) FetchLocal(srv *Server) (int, uint64, error) {

agent/consul/acl_server.go

@@ -217,7 +217,7 @@ func (s *Server) aclBinder() *auth.Binder {
 func (s *Server) aclTokenWriter() *auth.TokenWriter {
 	return auth.NewTokenWriter(auth.TokenWriterConfig{
 		RaftApply:           s.raftApply,
-		ACLCache:            s.ACLResolver.cache,
+		ACLCache:            s.cache,
 		Store:               s.fsm.State(),
 		CheckUUID:           s.checkTokenUUID,
 		MaxExpirationTTL:    s.config.ACLTokenMaxExpirationTTL,

agent/consul/acl_test.go

@@ -1534,9 +1534,8 @@ func TestACLResolver_Client(t *testing.T) {
 					return acl.ErrNotFound
 				}
 
-				select {
-				case <-readyCh:
-				}
+				<-readyCh
+
 				time.Sleep(100 * time.Millisecond)
 				return nil
 			},
@@ -2326,7 +2325,7 @@ func TestACLResolver_ResolveToken_UpdatesPurgeTheCache(t *testing.T) {
 	require.NoError(t, err)
 
 	testutil.RunStep(t, "first resolve", func(t *testing.T) {
-		authz, err := srv.ACLResolver.ResolveToken(token)
+		authz, err := srv.ResolveToken(token)
 		require.NoError(t, err)
 		require.NotNil(t, authz)
 		require.Equal(t, acl.Allow, authz.KeyRead("foo", nil))
@@ -2345,7 +2344,7 @@ func TestACLResolver_ResolveToken_UpdatesPurgeTheCache(t *testing.T) {
 		err := msgpackrpc.CallWithCodec(codec, "ACL.PolicySet", &reqPolicy, &structs.ACLPolicy{})
 		require.NoError(t, err)
 
-		authz, err := srv.ACLResolver.ResolveToken(token)
+		authz, err := srv.ResolveToken(token)
 		require.NoError(t, err)
 		require.NotNil(t, authz)
 		require.Equal(t, acl.Deny, authz.KeyRead("foo", nil))
@@ -2361,7 +2360,7 @@ func TestACLResolver_ResolveToken_UpdatesPurgeTheCache(t *testing.T) {
 		err := msgpackrpc.CallWithCodec(codec, "ACL.TokenDelete", &req, &resp)
 		require.NoError(t, err)
 
-		_, err = srv.ACLResolver.ResolveToken(token)
+		_, err = srv.ResolveToken(token)
 		require.True(t, acl.IsErrNotFound(err), "Error %v is not acl.ErrNotFound", err)
 	})
 }

agent/consul/acl_token_exp.go

@@ -111,7 +111,7 @@ func (s *Server) reapExpiredACLTokens(local, global bool) (int, error) {
 
 	// Purge the identities from the cache
 	for _, secretID := range secretIDs {
-		s.ACLResolver.cache.RemoveIdentityWithSecretToken(secretID)
+		s.cache.RemoveIdentityWithSecretToken(secretID)
 	}
 
 	return len(req.TokenIDs), nil

agent/consul/acl_token_exp_test.go

@@ -192,7 +192,7 @@ func testACLTokenReap_Primary(t *testing.T, local, global bool) {
 		})
 	})
 
-	time.Sleep(token3.ExpirationTime.Sub(time.Now()) + 10*time.Millisecond)
+	time.Sleep(time.Until(*token3.ExpirationTime) + 10*time.Millisecond)
 
 	t.Run("one should be reaped", func(t *testing.T) {
 		n, err := s1.reapExpiredACLTokens(local, global)
@@ -209,7 +209,7 @@ func testACLTokenReap_Primary(t *testing.T, local, global bool) {
 		})
 	})
 
-	time.Sleep(token4.ExpirationTime.Sub(time.Now()) + 10*time.Millisecond)
+	time.Sleep(time.Until(*token4.ExpirationTime) + 10*time.Millisecond)
 
 	t.Run("two should be reaped", func(t *testing.T) {
 		n, err := s1.reapExpiredACLTokens(local, global)

agent/consul/auth/login.go

@@ -51,7 +51,7 @@ func (l *Login) TokenForVerifiedIdentity(identity *authmethod.Identity, authMeth
 		Policies:          bindings.Policies,
 		EnterpriseMeta:    bindings.EnterpriseMeta,
 	}
-	token.ACLAuthMethodEnterpriseMeta.FillWithEnterpriseMeta(&authMethod.EnterpriseMeta)
+	token.FillWithEnterpriseMeta(&authMethod.EnterpriseMeta)
 
 	updated, err := l.writer.Create(token, true)
 	switch {