fix linting issues

Signed-off-by: Jorge Turrado <[email protected]>

Author: JorTurFer

core/clients/key_flow.go

@@ -147,8 +147,8 @@ func (c *KeyFlow) Init(cfg *KeyFlowConfig) error {
 
 // SetToken can be used to set an access and refresh token manually in the client.
 // The other fields in the token field are determined by inspecting the token or setting default values.
-// Deprecated
-func (c *KeyFlow) SetToken(accessToken, refreshToken string) error {
+// Deprecated This method will be removed in future versions. Access tokens are now automatically managed by the client.
+func (c *KeyFlow) SetToken(accessToken, _ string) error {
 	// We can safely use ParseUnverified because we are not authenticating the user,
 	// We are parsing the token just to get the expiration time claim
 	parsedAccessToken, _, err := jwt.NewParser().ParseUnverified(accessToken, &jwt.RegisteredClaims{})

core/clients/key_flow_continuous_refresh_test.go

@@ -138,7 +138,7 @@ type fakeAuthFlow struct {
 	accessToken                   string
 }
 
-func (f *fakeAuthFlow) RoundTrip(req *http.Request) (*http.Response, error) {
+func (f *fakeAuthFlow) RoundTrip(_ *http.Request) (*http.Response, error) {
 	return nil, nil
 }
 func (f *fakeAuthFlow) GetAccessToken() (string, error) {

core/clients/workload_identity_flow.go

@@ -15,14 +15,14 @@ import (
 
 const (
 	clientIDEnv           = "STACKIT_SERVICE_ACCOUNT_EMAIL"
-	FederatedTokenFileEnv = "STACKIT_FEDERATED_TOKEN_FILE"
-	wifTokenEndpointEnv   = "STACKIT_IDP_ENDPOINT"
-	wifTokenExpirationEnv = "STACKIT_IDP_EXPIRATION_SECONDS"
+	FederatedTokenFileEnv = "STACKIT_FEDERATED_TOKEN_FILE"   //nolint:gosec // This is not a secret, just the env variable name
+	wifTokenEndpointEnv   = "STACKIT_IDP_ENDPOINT"           //nolint:gosec // This is not a secret, just the env variable name
+	wifTokenExpirationEnv = "STACKIT_IDP_EXPIRATION_SECONDS" //nolint:gosec // This is not a secret, just the env variable name
 
 	wifClientAssertionType    = "urn:schwarz:params:oauth:client-assertion-type:workload-jwt"
 	wifGrantType              = "client_credentials"
-	defaultWifTokenEndpoint   = "https://accounts.stackit.cloud/oauth/v2/token"
-	defaultFederatedTokenPath = "/var/run/secrets/stackit.cloud/serviceaccount/token"
+	defaultWifTokenEndpoint   = "https://accounts.stackit.cloud/oauth/v2/token"       //nolint:gosec // This is not a secret, just the public endpoint for default value
+	defaultFederatedTokenPath = "/var/run/secrets/stackit.cloud/serviceaccount/token" //nolint:gosec // This is not a secret, just the default path for workload identity token
 	defaultWifExpirationToken = "1h"
 )
 

core/clients/workload_identity_flow_test.go

@@ -95,13 +95,21 @@ func TestWorkloadIdentityFlowInit(t *testing.T) {
 				if err != nil {
 					log.Fatal(err)
 				}
-				defer os.Remove(file.Name())
+				defer func() {
+					err := os.Remove(file.Name())
+					if err != nil {
+						t.Fatalf("Removing temporary file: %s", err)
+					}
+				}()
 				if tt.validAssertion {
 					token, err := signTokenWithSubject("subject", time.Minute)
 					if err != nil {
 						t.Fatalf("failed to create token: %v", err)
 					}
-					os.WriteFile(file.Name(), []byte(token), os.ModeAppend)
+					err = os.WriteFile(file.Name(), []byte(token), os.ModeAppend)
+					if err != nil {
+						t.Fatalf("writing temporary file: %s", err)
+					}
 				}
 				if tt.tokenFilePathAsEnv {
 					t.Setenv("STACKIT_FEDERATED_TOKEN_FILE", file.Name())
@@ -184,7 +192,10 @@ func TestWorkloadIdentityFlowRoundTrip(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			authServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-				r.ParseForm()
+				err := r.ParseForm()
+				if err != nil {
+					t.Fatalf("failed to parse form: %v", err)
+				}
 				assertionType := r.PostForm.Get("client_assertion_type")
 				if assertionType != "urn:schwarz:params:oauth:client-assertion-type:workload-jwt" {
 					t.Fatalf("invalid assertion type: %s", assertionType)
@@ -224,7 +235,10 @@ func TestWorkloadIdentityFlowRoundTrip(t *testing.T) {
 
 				w.Header().Set("Content-Type", "application/json")
 				w.WriteHeader(http.StatusOK)
-				w.Write(payload)
+				_, err = w.Write(payload)
+				if err != nil {
+					t.Fatalf("writing response: %s", err)
+				}
 			}))
 			t.Cleanup(authServer.Close)
 
@@ -268,9 +282,17 @@ func TestWorkloadIdentityFlowRoundTrip(t *testing.T) {
 				if err != nil {
 					log.Fatal(err)
 				}
-				defer os.Remove(file.Name())
+				defer func() {
+					err := os.Remove(file.Name())
+					if err != nil {
+						t.Fatalf("Removing temporary file: %s", err)
+					}
+				}()
 				flowConfig.FederatedTokenFilePath = file.Name()
-				os.WriteFile(file.Name(), []byte(token), os.ModeAppend)
+				err = os.WriteFile(file.Name(), []byte(token), os.ModeAppend)
+				if err != nil {
+					t.Fatalf("writing temporary file: %s", err)
+				}
 			}
 
 			if err := flow.Init(flowConfig); err != nil {
@@ -287,6 +309,9 @@ func TestWorkloadIdentityFlowRoundTrip(t *testing.T) {
 			if (err != nil || resp.StatusCode != http.StatusOK) && !tt.wantErr {
 				t.Fatalf("failed request to protected resource: %v", err)
 			}
+			if err := resp.Body.Close(); err != nil {
+				t.Errorf("resp.Body.Close() error = %v", err)
+			}
 		})
 	}
 }