spiffe · c4rlo · Dec 20, 2024
@@ -23,6 +23,7 @@ linters:
     - unparam
     - whitespace
     - gocritic
+    - copyloopvar
     - nolintlint
 
 linters-settings:

@@ -123,8 +123,6 @@ func TestDownloadTrustBundle(t *testing.T) {
 	}
 
 	for _, testCase := range cases {
-		testCase := testCase
-
 		t.Run(testCase.msg, func(t *testing.T) {
 			testServer := httptest.NewServer(http.HandlerFunc(
 				func(w http.ResponseWriter, r *http.Request) {
@@ -629,8 +627,6 @@ func TestMergeInput(t *testing.T) {
 	cases = append(cases, mergeInputCasesOS()...)
 
 	for _, testCase := range cases {
-		testCase := testCase
-
 		fileInput := &Config{Agent: &agentConfig{}}
 		cliInput := &agentConfig{}
 
@@ -1042,8 +1038,6 @@ func TestNewAgentConfig(t *testing.T) {
 	}
 	cases = append(cases, newAgentConfigCasesOS(t)...)
 	for _, testCase := range cases {
-		testCase := testCase
-
 		input := defaultValidConfig()
 
 		testCase.input(input)
@@ -1206,8 +1200,6 @@ func TestWarnOnUnknownConfig(t *testing.T) {
 	}
 
 	for _, testCase := range cases {
-		testCase := testCase
-
 		c, err := ParseFile(filepath.Join(testFileDir, testCase.confFile), false)
 		require.NoError(t, err)
 

@@ -45,7 +45,6 @@ func TestParseEntryJSON(t *testing.T) {
 	}
 
 	for _, testCase := range testCases {
-		testCase := testCase
 		t.Run(testCase.name, func(t *testing.T) {
 			p := testCase.testDataPath
 

@@ -53,7 +53,6 @@ Launch Level : info
 			expectedError: errors.New("internal error: unexpected type *types.Entry returned; please report this as a bug"),
 		},
 	} {
-		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
 			tt.env = &commoncli.Env{
 				Stdout: &tt.outWriter,

@@ -470,8 +470,6 @@ func TestMergeInput(t *testing.T) {
 	cases = append(cases, mergeInputCasesOS(t)...)
 
 	for _, testCase := range cases {
-		testCase := testCase
-
 		fileInput := &Config{Server: &serverConfig{}}
 
 		testCase.fileInput(fileInput)
@@ -1213,8 +1211,6 @@ func TestNewServerConfig(t *testing.T) {
 	cases = append(cases, newServerConfigCasesOS(t)...)
 
 	for _, testCase := range cases {
-		testCase := testCase
-
 		input := defaultValidConfig()
 
 		testCase.input(input)
@@ -1337,7 +1333,6 @@ func TestValidateConfig(t *testing.T) {
 	}
 
 	for _, testCase := range testCases {
-		testCase := testCase
 		t.Run(testCase.name, func(t *testing.T) {
 			conf := defaultValidConfig()
 			testCase.applyConf(conf)
@@ -1550,8 +1545,6 @@ func TestWarnOnUnknownConfig(t *testing.T) {
 	}
 
 	for _, testCase := range cases {
-		testCase := testCase
-
 		c, err := ParseFile(filepath.Join(testFileDir, testCase.confFile), false)
 		require.NoError(t, err)
 
@@ -1759,7 +1752,6 @@ func TestHasCompatibleTTLs(t *testing.T) {
 	}
 
 	for _, testCase := range cases {
-		testCase := testCase
 		if testCase.caTTL == 0 {
 			testCase.caTTL = credtemplate.DefaultX509CATTL
 		}

@@ -189,7 +189,6 @@ func TestGetInfo(t *testing.T) {
 			err:  "failed to verify agent SVID: x509svid: could not get leaf SPIFFE ID: certificate contains no URI SAN",
 		},
 	} {
-		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
 			test := setupServiceTest(t)
 			defer test.Cleanup()

@@ -321,7 +321,6 @@ func TestSubscribeToX509SVIDs(t *testing.T) {
 			expectMetrics: generateSubscribeToX509SVIDMetrics(),
 		},
 	} {
-		tt := tt
 		t.Run(tt.testName, func(t *testing.T) {
 			metrics := fakemetrics.New()
 			params := testParams{
@@ -423,7 +422,6 @@ func TestSubscribeToX509Bundles(t *testing.T) {
 			},
 		},
 	} {
-		tt := tt
 		t.Run(tt.testName, func(t *testing.T) {
 			params := testParams{
 				CA:           ca,
@@ -663,7 +661,6 @@ func TestFetchJWTSVIDs(t *testing.T) {
 			},
 		},
 	} {
-		tt := tt
 		t.Run(tt.testName, func(t *testing.T) {
 			params := testParams{
 				CA:           ca,
@@ -764,7 +761,6 @@ func TestSubscribeToJWTBundles(t *testing.T) {
 			},
 		},
 	} {
-		tt := tt
 		t.Run(tt.testName, func(t *testing.T) {
 			params := testParams{
 				CA:           ca,

@@ -84,7 +84,6 @@ func TestServiceCheck(t *testing.T) {
 			},
 		},
 	} {
-		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
 			log, logHook := test.NewNullLogger()
 

@@ -281,8 +281,6 @@ func TestAttestor(t *testing.T) {
 	}
 
 	for _, testCase := range testCases {
-		testCase := testCase
-
 		t.Run(testCase.name, func(t *testing.T) {
 			require := require.New(t)
 
@@ -527,7 +525,6 @@ func TestIsSVIDExpired(t *testing.T) {
 	}
 
 	for _, tt := range tests {
-		tt := tt
 		t.Run(tt.Desc, func(t *testing.T) {
 			isExpired := attestor.IsSVIDExpired(tt.SVID, func() time.Time { return now })
 			require.Equal(t, tt.ExpectExpired, isExpired)

@@ -403,7 +403,6 @@ func TestRenewSVID(t *testing.T) {
 			},
 		},
 	} {
-		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
 			logHook.Reset()
 			tc.agentServer.err = tt.agentErr
@@ -757,7 +756,6 @@ func TestFetchUpdatesReleaseConnectionIfItFailsToFetch(t *testing.T) {
 			err: "failed to fetch bundle: rpc error: code = Unknown desc = an error",
 		},
 	} {
-		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
 			client, tc := createClient(t)
 			tt.setupTest(tc)
@@ -969,7 +967,6 @@ func TestFetchJWTSVID(t *testing.T) {
 			fetchErr: status.Error(codes.Internal, "NewJWTSVID fails"),
 		},
 	} {
-		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
 			tt.setupTest(tt.fetchErr)
 			resp, err := client.NewJWTSVID(ctx, "entry-id", []string{"myAud"})

@@ -381,7 +381,6 @@ func TestVerify(t *testing.T) {
 	}
 
 	for _, tt := range tests {
-		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 

@@ -163,7 +163,6 @@ func TestEndpoints(t *testing.T) {
 			},
 		},
 	} {
-		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
 			log, hook := test.NewNullLogger()
 			metrics := fakemetrics.New()

@@ -266,7 +266,6 @@ func TestFetchX509SVID(t *testing.T) {
 			},
 		},
 	} {
-		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
 			params := testParams{
 				CA:         ca,
@@ -425,7 +424,6 @@ func TestFetchX509Bundles(t *testing.T) {
 			},
 		},
 	} {
-		tt := tt
 		t.Run(tt.testName, func(t *testing.T) {
 			params := testParams{
 				CA:                            ca,
@@ -837,7 +835,6 @@ func TestFetchJWTSVID(t *testing.T) {
 			},
 		},
 	} {
-		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
 			params := testParams{
 				CA:         ca,
@@ -1042,7 +1039,6 @@ func TestFetchJWTBundles(t *testing.T) {
 			},
 		},
 	} {
-		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
 			params := testParams{
 				CA:                            ca,
@@ -1476,7 +1472,6 @@ func TestValidateJWTSVID(t *testing.T) {
 			},
 		},
 	} {
-		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
 			params := testParams{
 				Updates:                 tt.updates,

@@ -201,7 +201,6 @@ func TestJWTSVIDCache(t *testing.T) {
 			},
 		},
 	} {
-		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
 			cache := NewJWTSVIDCache(log, fakeMetrics, 8)
 			if tt.setJWTSVIDsCached != nil {

@@ -523,8 +523,6 @@ func TestUpdateEntries(t *testing.T) {
 			},
 		},
 	} {
-		tt := tt
-
 		t.Run(tt.name, func(t *testing.T) {
 			log, hook := test.NewNullLogger()
 			log.Level = logrus.DebugLevel

@@ -263,7 +263,6 @@ func assertRSAKey(t *testing.T, key keymanager.Key, bits int) {
 
 func testSignCertificates(t *testing.T, key keymanager.Key, signatureAlgorithms []x509.SignatureAlgorithm) {
 	for _, signatureAlgorithm := range signatureAlgorithms {
-		signatureAlgorithm := signatureAlgorithm
 		t.Run("sign data "+signatureAlgorithm.String(), func(t *testing.T) {
 			assertSignCertificate(t, key, signatureAlgorithm)
 		})

@@ -72,7 +72,6 @@ func TestV1GenerateKey(t *testing.T) {
 			expectCode: codes.OK,
 		},
 	} {
-		tt := tt
 		t.Run(tt.test, func(t *testing.T) {
 			plugin := fakeV1Plugin{
 				generateKeyResponse: &keymanagerv1.GenerateKeyResponse{
@@ -137,7 +136,6 @@ func TestV1GetKey(t *testing.T) {
 			expectCode: codes.OK,
 		},
 	} {
-		tt := tt
 		t.Run(tt.test, func(t *testing.T) {
 			plugin := fakeV1Plugin{
 				getPublicKeyResponse: &keymanagerv1.GetPublicKeyResponse{
@@ -194,7 +192,6 @@ func TestV1GetKeys(t *testing.T) {
 			expectCode: codes.OK,
 		},
 	} {
-		tt := tt
 		t.Run(tt.test, func(t *testing.T) {
 			resp := &keymanagerv1.GetPublicKeysResponse{}
 			if tt.publicKey != nil {
@@ -291,7 +288,6 @@ func TestV1SignData(t *testing.T) {
 			expectCode:       codes.OK,
 		},
 	} {
-		tt := tt
 		t.Run(tt.test, func(t *testing.T) {
 			plugin := fakeV1Plugin{
 				expectSignerOpts: tt.expectSignerOpts,

@@ -160,7 +160,6 @@ func TestRetrieveIdentity(t *testing.T) {
 	}
 
 	for _, tt := range tests {
-		tt := tt // alias loop variable as it is used in the closure
 		t.Run(tt.msg, func(t *testing.T) {
 			url := tt.url
 			if tt.handleFunc != nil {

@@ -39,7 +39,6 @@ func TestConfigureCommon(t *testing.T) {
 	}
 
 	for _, tt := range tests {
-		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
 			plugin := newPlugin()
 
@@ -85,7 +84,6 @@ func TestAidAttestationFailures(t *testing.T) {
 		},
 	}
 	for _, tt := range tests {
-		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
 			var err error
 			p := loadAndConfigurePlugin(t, tt.trustDomain, tt.config)
@@ -194,7 +192,6 @@ func TestAidAttestationSucceeds(t *testing.T) {
 	}
 
 	for _, tt := range tests {
-		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
 			var err error
 			expectPayload, err := json.Marshal(&tt.attestationData)

@@ -166,7 +166,6 @@ func TestConfigureCommon(t *testing.T) {
 	}
 
 	for _, tt := range tests {
-		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
 			tpmdevid.AutoDetectTPMPath = func(string) (string, error) {
 				if isWindows {
@@ -265,7 +264,6 @@ func TestConfigurePosix(t *testing.T) {
 	}
 
 	for _, tt := range tests {
-		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
 			tpmdevid.AutoDetectTPMPath = func(string) (string, error) {
 				if tt.autoDetectTPMFails {
@@ -359,7 +357,6 @@ func TestConfigureWindows(t *testing.T) {
 	}
 
 	for _, tt := range tests {
-		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
 			tpmdevid.AutoDetectTPMPath = func(string) (string, error) {
 				return "", errors.New("autodetect is not supported on windows")
@@ -477,7 +474,6 @@ func TestAidAttestationFailures(t *testing.T) {
 	}
 
 	for _, tt := range tests {
-		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
 			sim := setupSimulator(t)
-Original file line number
+Diff line change
@@ Expand Up / @@ -84,7 +84,6 @@ func TestServiceCheck(t *testing.T) { @@
     			},
     		},
     	} {
-    		tt := tt
     		t.Run(tt.name, func(t *testing.T) {
     			log, logHook := test.NewNullLogger()
@@ Expand Down @@