Skip to content

Commit

Permalink
Remove github.com/zeebo/errs dependency (#5716)
Browse files Browse the repository at this point in the history
* Remove github.com/zeebo/errs dependency

We don't really use this dependency for much other than to group some
errors together with a common error message prefix. The same can now
be accomplished with a couple custom error types and the `errors`
standard library package.

This package also wasn't consistently adopted throughout the project, so
at this point it's probably better to just rely on the standard library
functionality, since it's sufficient for the project's use cases.

Signed-off-by: Ryan Turner <ryan.turner253@icloud.com>
  • Loading branch information
rturner3 authored Jan 14, 2025
1 parent 649411e commit 6a22b99
Showing 46 changed files with 627 additions and 439 deletions.
5 changes: 2 additions & 3 deletions cmd/spire-server/cli/bundle/common.go
Original file line number Diff line number Diff line change
@@ -17,7 +17,6 @@ import (
"github.com/spiffe/spire-api-sdk/proto/spire/api/types"
"github.com/spiffe/spire/cmd/spire-server/util"
"github.com/spiffe/spire/pkg/common/jwtutil"
"github.com/zeebo/errs"
)

const (
@@ -78,7 +77,7 @@ func printBundle(out io.Writer, bundle *types.Bundle) error {

docBytes, err := b.Marshal()
if err != nil {
return errs.Wrap(err)
return err
}

var o bytes.Buffer
@@ -87,7 +86,7 @@ func printBundle(out io.Writer, bundle *types.Bundle) error {
}

if _, err := fmt.Fprintln(out, o.String()); err != nil {
return errs.Wrap(err)
return err
}

return nil
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
@@ -77,7 +77,6 @@ require (
github.com/stretchr/testify v1.10.0
github.com/uber-go/tally/v4 v4.1.16
github.com/valyala/fastjson v1.6.4
github.com/zeebo/errs v1.4.0
golang.org/x/crypto v0.32.0
golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56
golang.org/x/net v0.34.0
@@ -280,6 +279,7 @@ require (
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
github.com/yashtewari/glob-intersection v0.2.0 // indirect
github.com/yusufpapurcu/wmi v1.2.4 // indirect
github.com/zeebo/errs v1.4.0 // indirect
go.mongodb.org/mongo-driver v1.14.0 // indirect
go.opencensus.io v0.24.0 // indirect
go.opentelemetry.io/contrib/detectors/gcp v1.31.0 // indirect
9 changes: 4 additions & 5 deletions pkg/agent/attestor/node/node.go
Original file line number Diff line number Diff line change
@@ -28,7 +28,6 @@ import (
"github.com/spiffe/spire/pkg/common/tlspolicy"
"github.com/spiffe/spire/pkg/common/util"
"github.com/spiffe/spire/pkg/common/x509util"
"github.com/zeebo/errs"
"google.golang.org/grpc"
"google.golang.org/grpc/credentials"
)
@@ -101,7 +100,7 @@ func (a *attestor) Attest(ctx context.Context) (res *AttestationResult, err erro
// This is a bizarre case where we have an SVID but were unable to
// load a bundle from the cache which suggests some tampering with the
// cache on disk.
return nil, errs.New("SVID loaded but no bundle in cache")
return nil, errors.New("SVID loaded but no bundle in cache")
default:
log.WithField(telemetry.SPIFFEID, svid[0].URIs[0].String()).Info("SVID loaded")
}
@@ -265,7 +264,7 @@ func (a *attestor) serverConn(ctx context.Context, bundle *spiffebundle.Bundle)
if !a.c.InsecureBootstrap {
// We shouldn't get here since loadBundle() should fail if the bundle
// is empty, but just in case...
return nil, errs.New("no bundle and not doing insecure bootstrap")
return nil, errors.New("no bundle and not doing insecure bootstrap")
}

// Insecure bootstrapping. Do not verify the server chain but rather do a
@@ -279,7 +278,7 @@ func (a *attestor) serverConn(ctx context.Context, bundle *spiffebundle.Bundle)
if len(rawCerts) == 0 {
// This is not really possible without a catastrophic bug
// creeping into the TLS stack.
return errs.New("server chain is unexpectedly empty")
return errors.New("server chain is unexpectedly empty")
}

expectedServerID, err := idutil.ServerID(a.c.TrustDomain)
@@ -292,7 +291,7 @@ func (a *attestor) serverConn(ctx context.Context, bundle *spiffebundle.Bundle)
return err
}
if len(serverCert.URIs) != 1 || serverCert.URIs[0].String() != expectedServerID.String() {
return errs.New("expected server SPIFFE ID %q; got %q", expectedServerID, serverCert.URIs)
return fmt.Errorf("expected server SPIFFE ID %q; got %q", expectedServerID, serverCert.URIs)
}
return nil
},
9 changes: 4 additions & 5 deletions pkg/agent/endpoints/sdsv3/handler.go
Original file line number Diff line number Diff line change
@@ -22,7 +22,6 @@ import (
"github.com/spiffe/spire/pkg/common/pemutil"
"github.com/spiffe/spire/pkg/common/telemetry"
"github.com/spiffe/spire/proto/spire/common"
"github.com/zeebo/errs"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"
"google.golang.org/protobuf/types/known/anypb"
@@ -99,7 +98,7 @@ func (h *Handler) StreamSecrets(stream secret_v3.SecretDiscoveryService_StreamSe
}()

var versionCounter int64
var versionInfo = strconv.FormatInt(versionCounter, 10)
versionInfo := strconv.FormatInt(versionCounter, 10)
var lastNonce string
var lastNode *core_v3.Node
var upd *cache.WorkloadUpdate
@@ -150,7 +149,7 @@ func (h *Handler) StreamSecrets(stream secret_v3.SecretDiscoveryService_StreamSe

// We need to send updates if the requested resource list has changed
// either explicitly, or implicitly because this is the first request.
var sendUpdates = lastReq == nil || subListChanged(lastReq.ResourceNames, newReq.ResourceNames)
sendUpdates := lastReq == nil || subListChanged(lastReq.ResourceNames, newReq.ResourceNames)

// save request so that all future workload updates lead to SDS updates for the last request
lastReq = newReq
@@ -206,7 +205,7 @@ func subListChanged(oldSubs []string, newSubs []string) (b bool) {
if len(oldSubs) != len(newSubs) {
return true
}
var subMap = make(map[string]bool)
subMap := make(map[string]bool)
for _, sub := range oldSubs {
subMap[sub] = true
}
@@ -582,7 +581,7 @@ func nextNonce() (string, error) {
b := make([]byte, 4)
_, err := rand.Read(b)
if err != nil {
return "", errs.Wrap(err)
return "", err
}
return hex.EncodeToString(b), nil
}
5 changes: 2 additions & 3 deletions pkg/agent/endpoints/workload/handler.go
Original file line number Diff line number Diff line change
@@ -22,7 +22,6 @@ import (
"github.com/spiffe/spire/pkg/common/telemetry"
"github.com/spiffe/spire/pkg/common/x509util"
"github.com/spiffe/spire/proto/spire/common"
"github.com/zeebo/errs"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"
"google.golang.org/protobuf/encoding/protojson"
@@ -512,12 +511,12 @@ func keyStoreFromBundles(bundles []*spiffebundle.Bundle) (jwtsvid.KeyStore, erro
func structFromValues(values map[string]any) (*structpb.Struct, error) {
valuesJSON, err := json.Marshal(values)
if err != nil {
return nil, errs.Wrap(err)
return nil, err
}

s := new(structpb.Struct)
if err := protojson.Unmarshal(valuesJSON, s); err != nil {
return nil, errs.Wrap(err)
return nil, err
}

return s, nil
6 changes: 3 additions & 3 deletions pkg/agent/plugin/nodeattestor/k8spsat/psat.go
Original file line number Diff line number Diff line change
@@ -3,6 +3,7 @@ package k8spsat
import (
"context"
"encoding/json"
"fmt"
"os"
"sync"

@@ -12,7 +13,6 @@ import (
"github.com/spiffe/spire/pkg/common/catalog"
"github.com/spiffe/spire/pkg/common/plugin/k8s"
"github.com/spiffe/spire/pkg/common/pluginconf"
"github.com/zeebo/errs"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"
)
@@ -145,10 +145,10 @@ func (p *AttestorPlugin) getConfig() (*attestorConfig, error) {
func loadTokenFromFile(path string) (string, error) {
data, err := os.ReadFile(path)
if err != nil {
return "", errs.Wrap(err)
return "", err
}
if len(data) == 0 {
return "", errs.New("%q is empty", path)
return "", fmt.Errorf("%q is empty", path)
}
return string(data), nil
}
5 changes: 2 additions & 3 deletions pkg/agent/plugin/nodeattestor/k8ssat/sat.go
Original file line number Diff line number Diff line change
@@ -14,7 +14,6 @@ import (
"github.com/spiffe/spire/pkg/common/catalog"
"github.com/spiffe/spire/pkg/common/plugin/k8s"
"github.com/spiffe/spire/pkg/common/pluginconf"
"github.com/zeebo/errs"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"
)
@@ -148,10 +147,10 @@ func (p *AttestorPlugin) getConfig() (*attestorConfig, error) {
func loadTokenFromFile(path string) (string, error) {
data, err := os.ReadFile(path)
if err != nil {
return "", errs.Wrap(err)
return "", err
}
if len(data) == 0 {
return "", errs.New("%q is empty", path)
return "", fmt.Errorf("%q is empty", path)
}
return string(data), nil
}
13 changes: 6 additions & 7 deletions pkg/common/bundleutil/unmarshal.go
Original file line number Diff line number Diff line change
@@ -8,7 +8,6 @@ import (

"github.com/spiffe/go-spiffe/v2/bundle/spiffebundle"
"github.com/spiffe/go-spiffe/v2/spiffeid"
"github.com/zeebo/errs"
)

func Decode(trustDomain spiffeid.TrustDomain, r io.Reader) (*spiffebundle.Bundle, error) {
@@ -22,7 +21,7 @@ func Decode(trustDomain spiffeid.TrustDomain, r io.Reader) (*spiffebundle.Bundle
func Unmarshal(trustDomain spiffeid.TrustDomain, data []byte) (*spiffebundle.Bundle, error) {
doc := new(bundleDoc)
if err := json.Unmarshal(data, doc); err != nil {
return nil, errs.Wrap(err)
return nil, err
}
return unmarshal(trustDomain, doc)
}
@@ -35,20 +34,20 @@ func unmarshal(trustDomain spiffeid.TrustDomain, doc *bundleDoc) (*spiffebundle.
switch key.Use {
case x509SVIDUse:
if len(key.Certificates) != 1 {
return nil, errs.New("expected a single certificate in x509-svid entry %d; got %d", i, len(key.Certificates))
return nil, fmt.Errorf("expected a single certificate in x509-svid entry %d; got %d", i, len(key.Certificates))
}
bundle.AddX509Authority(key.Certificates[0])
case jwtSVIDUse:
if key.KeyID == "" {
return nil, errs.New("missing key ID in jwt-svid entry %d", i)
return nil, fmt.Errorf("missing key ID in jwt-svid entry %d", i)
}
if err := bundle.AddJWTAuthority(key.KeyID, key.Key); err != nil {
return nil, errs.New("failed to add jwt-svid entry %d: %v", i, err)
return nil, fmt.Errorf("failed to add jwt-svid entry %d: %w", i, err)
}
case "":
return nil, errs.New("missing use for key entry %d", i)
return nil, fmt.Errorf("missing use for key entry %d", i)
default:
return nil, errs.New("unrecognized use %q for key entry %d", key.Use, i)
return nil, fmt.Errorf("unrecognized use %q for key entry %d", key.Use, i)
}
}

3 changes: 1 addition & 2 deletions pkg/common/catalog/builtin.go
Original file line number Diff line number Diff line change
@@ -11,7 +11,6 @@ import (
"github.com/spiffe/spire-plugin-sdk/pluginsdk"
"github.com/spiffe/spire-plugin-sdk/private"
"github.com/spiffe/spire/pkg/common/log"
"github.com/zeebo/errs"
"google.golang.org/grpc"
"google.golang.org/grpc/credentials/insecure"
)
@@ -147,7 +146,7 @@ func startPipeServer(server *grpc.Server, log logrus.FieldLogger) (_ *pipeConn,
// Dial the server
conn, err := grpc.Dial("IGNORED", grpc.WithBlock(), grpc.WithTransportCredentials(insecure.NewCredentials()), grpc.WithContextDialer(pipeNet.DialContext)) //nolint: staticcheck // It is going to be resolved on #5152
if err != nil {
return nil, errs.Wrap(err)
return nil, err
}
closers = append(closers, conn)

9 changes: 5 additions & 4 deletions pkg/common/catalog/closers.go
Original file line number Diff line number Diff line change
@@ -1,22 +1,23 @@
package catalog

import (
"errors"
"io"
"time"

"github.com/zeebo/errs"
"google.golang.org/grpc"
)

type closerGroup []io.Closer

func (cs closerGroup) Close() error {
// Close in reverse order.
var errs errs.Group
var errs error
for i := len(cs) - 1; i >= 0; i-- {
errs.Add(cs[i].Close())
errs = errors.Join(errs, cs[i].Close())
}
return errs.Err()

return errs
}

type closerFunc func()
3 changes: 1 addition & 2 deletions pkg/common/catalog/external.go
Original file line number Diff line number Diff line change
@@ -14,7 +14,6 @@ import (
"github.com/spiffe/spire-plugin-sdk/pluginsdk"
"github.com/spiffe/spire-plugin-sdk/private"
"github.com/spiffe/spire/pkg/common/log"
"github.com/zeebo/errs"
"google.golang.org/grpc"
)

@@ -154,7 +153,7 @@ func (p *hcClientPlugin) GRPCClient(ctx context.Context, b *goplugin.GRPCBroker,
// does not work yet anyway, so it is a moot point.
listener, err := b.Accept(private.HostServiceProviderID)
if err != nil {
return nil, errs.Wrap(err)
return nil, err
}

server := newHostServer(p.config.Log, p.config.Name, p.config.HostServices)
7 changes: 3 additions & 4 deletions pkg/common/cryptoutil/keys.go
Original file line number Diff line number Diff line change
@@ -7,7 +7,6 @@ import (
"fmt"

"github.com/go-jose/go-jose/v4"
"github.com/zeebo/errs"
)

func RSAPublicKeyEqual(a, b *rsa.PublicKey) bool {
@@ -58,7 +57,7 @@ func JoseAlgFromPublicKey(publicKey any) (jose.SignatureAlgorithm, error) {
case *rsa.PublicKey:
// Prevent the use of keys smaller than 2048 bits
if publicKey.Size() < 256 {
return "", errs.New("unsupported RSA key size: %d", publicKey.Size())
return "", fmt.Errorf("unsupported RSA key size: %d", publicKey.Size())
}
alg = jose.RS256
case *ecdsa.PublicKey:
@@ -69,10 +68,10 @@ func JoseAlgFromPublicKey(publicKey any) (jose.SignatureAlgorithm, error) {
case 384:
alg = jose.ES384
default:
return "", errs.New("unable to determine signature algorithm for EC public key size %d", params.BitSize)
return "", fmt.Errorf("unable to determine signature algorithm for EC public key size %d", params.BitSize)
}
default:
return "", errs.New("unable to determine signature algorithm for public key type %T", publicKey)
return "", fmt.Errorf("unable to determine signature algorithm for public key type %T", publicKey)
}
return alg, nil
}
5 changes: 2 additions & 3 deletions pkg/common/jwtsvid/common.go
Original file line number Diff line number Diff line change
@@ -5,18 +5,17 @@ import (
"time"

"github.com/go-jose/go-jose/v4/jwt"
"github.com/zeebo/errs"
)

func GetTokenExpiry(token string) (time.Time, time.Time, error) {
tok, err := jwt.ParseSigned(token, AllowedSignatureAlgorithms)
if err != nil {
return time.Time{}, time.Time{}, errs.Wrap(err)
return time.Time{}, time.Time{}, err
}

claims := jwt.Claims{}
if err := tok.UnsafeClaimsWithoutVerification(&claims); err != nil {
return time.Time{}, time.Time{}, errs.Wrap(err)
return time.Time{}, time.Time{}, err
}
if claims.IssuedAt == nil {
return time.Time{}, time.Time{}, errors.New("JWT missing iat claim")
Loading

0 comments on commit 6a22b99

Please sign in to comment.