Use %q for quoted strings where appropriate (#15216)

* change '%s' to %q where single vs double quotes shouldn't matter * replace double quotes with %q in logs and errors
2022-08-03 12:32:45 -06:00 · 2022-08-03 12:32:45 -06:00 · 4632a26a09
parent fd1f581736
commit 4632a26a09
32 changed files with 70 additions and 70 deletions
--- a/api/client_test.go
+++ b/api/client_test.go
@ -299,7 +299,7 @@ func TestDefaulRetryPolicy(t *testing.T) {
 				t.Fatalf("expected to retry request: '%t', but actual result was: '%t'", test.expect, retry)
 			}
 			if err != test.expectErr {
-				t.Fatalf("expected error from retry policy: '%s', but actual result was: '%s'", err, test.expectErr)
+				t.Fatalf("expected error from retry policy: %q, but actual result was: %q", err, test.expectErr)
 			}
 		})
 	}
@ -1219,7 +1219,7 @@ func TestClientWithNamespace(t *testing.T) {
 		t.Fatalf("err: %s", err)
 	}
 	if ns != ogNS {
-		t.Fatalf("Expected namespace: \"%s\", got \"%s\"", ogNS, ns)
+		t.Fatalf("Expected namespace: %q, got %q", ogNS, ns)
 	}

 	// make a call with a temporary namespace
@ -1231,7 +1231,7 @@ func TestClientWithNamespace(t *testing.T) {
 		t.Fatalf("err: %s", err)
 	}
 	if ns != newNS {
-		t.Fatalf("Expected new namespace: \"%s\", got \"%s\"", newNS, ns)
+		t.Fatalf("Expected new namespace: %q, got %q", newNS, ns)
 	}
 	// ensure client has not been modified
 	_, err = client.rawRequestWithContext(
@ -1241,7 +1241,7 @@ func TestClientWithNamespace(t *testing.T) {
 		t.Fatalf("err: %s", err)
 	}
 	if ns != ogNS {
-		t.Fatalf("Expected original namespace: \"%s\", got \"%s\"", ogNS, ns)
+		t.Fatalf("Expected original namespace: %q, got %q", ogNS, ns)
 	}

 	// make call with empty ns
@ -1252,12 +1252,12 @@ func TestClientWithNamespace(t *testing.T) {
 		t.Fatalf("err: %s", err)
 	}
 	if ns != "" {
-		t.Fatalf("Expected no namespace, got \"%s\"", ns)
+		t.Fatalf("Expected no namespace, got %q", ns)
 	}

 	// ensure client has not been modified
 	if client.Namespace() != ogNS {
-		t.Fatalf("Expected original namespace: \"%s\", got \"%s\"", ogNS, client.Namespace())
+		t.Fatalf("Expected original namespace: %q, got %q", ogNS, client.Namespace())
 	}
 }

--- a/audit/format_json_test.go
+++ b/audit/format_json_test.go
@ -144,7 +144,7 @@ func TestFormatJSON_formatRequest(t *testing.T) {

 		if !strings.HasSuffix(strings.TrimSpace(buf.String()), string(expectedBytes)) {
 			t.Fatalf(
-				"bad: %s\nResult:\n\n'%s'\n\nExpected:\n\n'%s'",
+				"bad: %s\nResult:\n\n%q\n\nExpected:\n\n%q",
 				name, buf.String(), string(expectedBytes))
 		}
 	}
--- a/audit/format_jsonx_test.go
+++ b/audit/format_jsonx_test.go
@ -137,7 +137,7 @@ func TestFormatJSONx_formatRequest(t *testing.T) {

 		if !strings.HasSuffix(strings.TrimSpace(buf.String()), string(tc.ExpectedStr)) {
 			t.Fatalf(
-				"bad: %s\nResult:\n\n'%s'\n\nExpected:\n\n'%s'",
+				"bad: %s\nResult:\n\n%q\n\nExpected:\n\n%q",
 				name, strings.TrimSpace(buf.String()), string(tc.ExpectedStr))
 		}
 	}
--- a/builtin/credential/aws/backend_test.go
+++ b/builtin/credential/aws/backend_test.go
@ -1052,7 +1052,7 @@ func TestBackendAcc_LoginWithInstanceIdentityDocAndAccessListIdentity(t *testing
 		// This test case should be run only when certain env vars are set and
 		// executed as an acceptance test.
 		if os.Getenv(logicaltest.TestEnvVar) == "" {
-			t.Skip(fmt.Sprintf("Acceptance tests skipped unless env '%s' set", logicaltest.TestEnvVar))
+			t.Skip(fmt.Sprintf("Acceptance tests skipped unless env %q set", logicaltest.TestEnvVar))
 			return
 		}

@ -1515,7 +1515,7 @@ func TestBackendAcc_LoginWithCallerIdentity(t *testing.T) {
 	// This test case should be run only when certain env vars are set and
 	// executed as an acceptance test.
 	if os.Getenv(logicaltest.TestEnvVar) == "" {
-		t.Skip(fmt.Sprintf("Acceptance tests skipped unless env '%s' set", logicaltest.TestEnvVar))
+		t.Skip(fmt.Sprintf("Acceptance tests skipped unless env %q set", logicaltest.TestEnvVar))
 		return
 	}

--- a/builtin/credential/aws/path_role.go
+++ b/builtin/credential/aws/path_role.go
@ -897,7 +897,7 @@ func (b *backend) pathRoleCreateUpdate(ctx context.Context, req *logical.Request
 		return logical.ErrorResponse("ttl should be shorter than max ttl"), nil
 	}
 	if roleEntry.TokenPeriod > b.System().MaxLeaseTTL() {
-		return logical.ErrorResponse(fmt.Sprintf("period of '%s' is greater than the backend's maximum lease TTL of '%s'", roleEntry.TokenPeriod.String(), b.System().MaxLeaseTTL().String())), nil
+		return logical.ErrorResponse(fmt.Sprintf("period of %q is greater than the backend's maximum lease TTL of %q", roleEntry.TokenPeriod.String(), b.System().MaxLeaseTTL().String())), nil
 	}

 	roleTagStr, ok := data.GetOk("role_tag")
--- a/builtin/credential/ldap/backend.go
+++ b/builtin/credential/ldap/backend.go
@ -150,7 +150,7 @@ func (b *backend) Login(ctx context.Context, req *logical.Request, username stri
 	}
 	if len(ldapGroups) == 0 {
 		errString := fmt.Sprintf(
-			"no LDAP groups found in groupDN '%s'; only policies from locally-defined groups available",
+			"no LDAP groups found in groupDN %q; only policies from locally-defined groups available",
 			cfg.GroupDN)
 		ldapResponse.AddWarning(errString)
 	}
--- a/builtin/credential/ldap/backend_test.go
+++ b/builtin/credential/ldap/backend_test.go
@ -783,27 +783,27 @@ func TestBackend_configDefaultsAfterUpdate(t *testing.T) {
 					cfg := resp.Data
 					defaultGroupFilter := "(|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))"
 					if cfg["groupfilter"] != defaultGroupFilter {
-						t.Errorf("Default mismatch: groupfilter. Expected: '%s', received :'%s'", defaultGroupFilter, cfg["groupfilter"])
+						t.Errorf("Default mismatch: groupfilter. Expected: %q, received :%q", defaultGroupFilter, cfg["groupfilter"])
 					}

 					defaultGroupAttr := "cn"
 					if cfg["groupattr"] != defaultGroupAttr {
-						t.Errorf("Default mismatch: groupattr. Expected: '%s', received :'%s'", defaultGroupAttr, cfg["groupattr"])
+						t.Errorf("Default mismatch: groupattr. Expected: %q, received :%q", defaultGroupAttr, cfg["groupattr"])
 					}

 					defaultUserAttr := "cn"
 					if cfg["userattr"] != defaultUserAttr {
-						t.Errorf("Default mismatch: userattr. Expected: '%s', received :'%s'", defaultUserAttr, cfg["userattr"])
+						t.Errorf("Default mismatch: userattr. Expected: %q, received :%q", defaultUserAttr, cfg["userattr"])
 					}

 					defaultUserFilter := "({{.UserAttr}}={{.Username}})"
 					if cfg["userfilter"] != defaultUserFilter {
-						t.Errorf("Default mismatch: userfilter. Expected: '%s', received :'%s'", defaultUserFilter, cfg["userfilter"])
+						t.Errorf("Default mismatch: userfilter. Expected: %q, received :%q", defaultUserFilter, cfg["userfilter"])
 					}

 					defaultDenyNullBind := true
 					if cfg["deny_null_bind"] != defaultDenyNullBind {
-						t.Errorf("Default mismatch: deny_null_bind. Expected: '%t', received :'%s'", defaultDenyNullBind, cfg["deny_null_bind"])
+						t.Errorf("Default mismatch: deny_null_bind. Expected: '%t', received :%q", defaultDenyNullBind, cfg["deny_null_bind"])
 					}

 					return nil
--- a/builtin/logical/aws/path_roles.go
+++ b/builtin/logical/aws/path_roles.go
@ -562,7 +562,7 @@ func (r *awsRoleEntry) validate() error {
 			errors = multierror.Append(errors, fmt.Errorf("user_path parameter only valid for %s credential type", iamUserCred))
 		}
 		if !userPathRegex.MatchString(r.UserPath) {
-			errors = multierror.Append(errors, fmt.Errorf("The specified value for user_path is invalid. It must match '%s' regexp", userPathRegex.String()))
+			errors = multierror.Append(errors, fmt.Errorf("The specified value for user_path is invalid. It must match %q regexp", userPathRegex.String()))
 		}
 	}

--- a/builtin/logical/aws/path_user.go
+++ b/builtin/logical/aws/path_user.go
@ -58,7 +58,7 @@ func (b *backend) pathCredsRead(ctx context.Context, req *logical.Request, d *fr
 	}
 	if role == nil {
 		return logical.ErrorResponse(fmt.Sprintf(
-			"Role '%s' not found", roleName)), nil
+			"Role %q not found", roleName)), nil
 	}

 	var ttl int64
--- a/builtin/logical/database/versioning_large_test.go
+++ b/builtin/logical/database/versioning_large_test.go
@ -290,7 +290,7 @@ func assertStringPrefix(expectedPrefix string) stringAssertion {
 	return func(t *testing.T, str string) {
 		t.Helper()
 		if !strings.HasPrefix(str, expectedPrefix) {
-			t.Fatalf("Missing prefix '%s': Actual: '%s'", expectedPrefix, str)
+			t.Fatalf("Missing prefix %q: Actual: %q", expectedPrefix, str)
 		}
 	}
 }
@ -299,7 +299,7 @@ func assertStringRegex(expectedRegex string) stringAssertion {
 	re := regexp.MustCompile(expectedRegex)
 	return func(t *testing.T, str string) {
 		if !re.MatchString(str) {
-			t.Fatalf("Actual: '%s' did not match regexp '%s'", str, expectedRegex)
+			t.Fatalf("Actual: %q did not match regexp %q", str, expectedRegex)
 		}
 	}
 }
--- a/builtin/logical/pki/cert_util.go
+++ b/builtin/logical/pki/cert_util.go
@ -1196,7 +1196,7 @@ func generateCreationBundle(b *backend, data *inputBundle, caSign *certutil.CAIn
 					parsedIP := net.ParseIP(v)
 					if parsedIP == nil {
 						return nil, errutil.UserError{Err: fmt.Sprintf(
-							"the value '%s' is not a valid IP address", v)}
+							"the value %q is not a valid IP address", v)}
 					}
 					ipAddresses = append(ipAddresses, parsedIP)
 				}
@ -1251,7 +1251,7 @@ func generateCreationBundle(b *backend, data *inputBundle, caSign *certutil.CAIn
 					if parsedURI == nil || err != nil {
 						return nil, errutil.UserError{
 							Err: fmt.Sprintf(
-								"the provided URI Subject Alternative Name '%s' is not a valid URI", uri),
+								"the provided URI Subject Alternative Name %q is not a valid URI", uri),
 						}
 					}

--- a/builtin/logical/rabbitmq/backend_test.go
+++ b/builtin/logical/rabbitmq/backend_test.go
@ -132,7 +132,7 @@ func TestBackend_roleCrud(t *testing.T) {

 func TestBackend_roleWithPasswordPolicy(t *testing.T) {
 	if os.Getenv(logicaltest.TestEnvVar) == "" {
-		t.Skip(fmt.Sprintf("Acceptance tests skipped unless env '%s' set", logicaltest.TestEnvVar))
+		t.Skip(fmt.Sprintf("Acceptance tests skipped unless env %q set", logicaltest.TestEnvVar))
 		return
 	}

--- a/builtin/logical/transit/backend_test.go
+++ b/builtin/logical/transit/backend_test.go
@ -744,7 +744,7 @@ func testAccStepRewrap(
 			verString := splitStrings[1][1:]
 			ver, err := strconv.Atoi(verString)
 			if err != nil {
-				return fmt.Errorf("error pulling out version from verString '%s', ciphertext was %s", verString, d.Ciphertext)
+				return fmt.Errorf("error pulling out version from verString %q, ciphertext was %s", verString, d.Ciphertext)
 			}
 			if ver != expectedVer {
 				return fmt.Errorf("did not get expected version")
@ -856,7 +856,7 @@ func testAccStepWriteDatakey(t *testing.T, name string,
 				dataKeyInfo["plaintext"] = d.Plaintext
 				plainBytes, err := base64.StdEncoding.DecodeString(d.Plaintext)
 				if err != nil {
-					return fmt.Errorf("could not base64 decode plaintext string '%s'", d.Plaintext)
+					return fmt.Errorf("could not base64 decode plaintext string %q", d.Plaintext)
 				}
 				if len(plainBytes)*8 != bits {
 					return fmt.Errorf("returned key does not have correct bit length")
@ -883,7 +883,7 @@ func testAccStepDecryptDatakey(t *testing.T, name string,
 			}

 			if d.Plaintext != dataKeyInfo["plaintext"].(string) {
-				return fmt.Errorf("plaintext mismatch: got '%s', expected '%s', decryptData was %#v", d.Plaintext, dataKeyInfo["plaintext"].(string), resp.Data)
+				return fmt.Errorf("plaintext mismatch: got %q, expected %q, decryptData was %#v", d.Plaintext, dataKeyInfo["plaintext"].(string), resp.Data)
 			}
 			return nil
 		},
--- a/builtin/logical/transit/path_hmac_test.go
+++ b/builtin/logical/transit/path_hmac_test.go
@ -268,7 +268,7 @@ func TestTransit_batchHMAC(t *testing.T) {
 			t.Fatalf("Expected HMAC %s got %s in result %d", expected[i].HMAC, m.HMAC, i)
 		}
 		if expected[i].Error != "" && expected[i].Error != m.Error {
-			t.Fatalf("Expected Error '%s' got '%s' in result %d", expected[i].Error, m.Error, i)
+			t.Fatalf("Expected Error %q got %q in result %d", expected[i].Error, m.Error, i)
 		}
 	}

--- a/builtin/logical/transit/path_restore_test.go
+++ b/builtin/logical/transit/path_restore_test.go
@ -83,7 +83,7 @@ func TestTransit_Restore(t *testing.T) {
 		return &b
 	}

-	keyExitsError := fmt.Errorf("key \"%s\" already exists", keyName)
+	keyExitsError := fmt.Errorf("key %q already exists", keyName)

 	testCases := []struct {
 		Name string
--- a/command/agent.go
+++ b/command/agent.go
@ -962,7 +962,7 @@ func verifyRequestHeader(handler http.Handler) http.Handler {
 		if val, ok := r.Header[consts.RequestHeaderName]; !ok || len(val) != 1 || val[0] != "true" {
 			logical.RespondError(w,
 				http.StatusPreconditionFailed,
-				fmt.Errorf("missing '%s' header", consts.RequestHeaderName))
+				fmt.Errorf("missing %q header", consts.RequestHeaderName))
 			return
 		}

--- a/command/agent_test.go
+++ b/command/agent_test.go
@ -909,7 +909,7 @@ auto_auth {
 							continue
 						}
 						if string(c) != templateRendered(i)+suffix {
-							err = fmt.Errorf("expected='%s', got='%s'", templateRendered(i)+suffix, string(c))
+							err = fmt.Errorf("expected=%q, got=%q", templateRendered(i)+suffix, string(c))
 							continue
 						}
 					}
@ -1462,7 +1462,7 @@ template_config {
 						continue
 					}
 					if string(c) != templateRendered(0) {
-						err = fmt.Errorf("expected='%s', got='%s'", templateRendered(0), string(c))
+						err = fmt.Errorf("expected=%q, got=%q", templateRendered(0), string(c))
 						continue
 					}
 					return nil
@ -1982,7 +1982,7 @@ vault {
 						continue
 					}
 					if strings.TrimSpace(string(c)) != tc.expectTemplateRender {
-						err = fmt.Errorf("expected='%s', got='%s'", tc.expectTemplateRender, strings.TrimSpace(string(c)))
+						err = fmt.Errorf("expected=%q, got=%q", tc.expectTemplateRender, strings.TrimSpace(string(c)))
 						continue
 					}
 					return nil
--- a/command/operator_migrate.go
+++ b/command/operator_migrate.go
@ -332,11 +332,11 @@ func (c *OperatorMigrateCommand) loadMigratorConfig(path string) (*migratorConfi
 	for _, stanza := range []string{"storage_source", "storage_destination"} {
 		o := list.Filter(stanza)
 		if len(o.Items) != 1 {
-			return nil, fmt.Errorf("exactly one '%s' block is required", stanza)
+			return nil, fmt.Errorf("exactly one %q block is required", stanza)
 		}

 		if err := parseStorage(&result, o, stanza); err != nil {
-			return nil, fmt.Errorf("error parsing '%s': %w", stanza, err)
+			return nil, fmt.Errorf("error parsing %q: %w", stanza, err)
 		}
 	}
 	return &result, nil
--- a/command/operator_raft_join.go
+++ b/command/operator_raft_join.go
@ -169,7 +169,7 @@ func (c *OperatorRaftJoinCommand) Run(args []string) int {
 	}

 	if c.flagAutoJoinScheme != "" && (c.flagAutoJoinScheme != "http" && c.flagAutoJoinScheme != "https") {
-		c.UI.Error(fmt.Sprintf("invalid scheme '%s'; must either be http or https", c.flagAutoJoinScheme))
+		c.UI.Error(fmt.Sprintf("invalid scheme %q; must either be http or https", c.flagAutoJoinScheme))
 		return 1
 	}

--- a/helper/metricsutil/metricsutil.go
+++ b/helper/metricsutil/metricsutil.go
@ -105,7 +105,7 @@ func (m *MetricsHelper) ResponseForFormat(format string) *logical.Response {
 		return &logical.Response{
 			Data: map[string]interface{}{
 				logical.HTTPContentType: ErrorContentType,
-				logical.HTTPRawBody:     fmt.Sprintf("metric response format \"%s\" unknown", format),
+				logical.HTTPRawBody:     fmt.Sprintf("metric response format %q unknown", format),
 				logical.HTTPStatusCode:  http.StatusBadRequest,
 			},
 		}
--- a/helper/testhelpers/logical/testing.go
+++ b/helper/testhelpers/logical/testing.go
@ -120,7 +120,7 @@ func Test(tt TestT, c TestCase) {
 	// slow and generally require some outside configuration.
 	if c.AcceptanceTest && os.Getenv(TestEnvVar) == "" {
 		tt.Skip(fmt.Sprintf(
-			"Acceptance tests skipped unless env '%s' set",
+			"Acceptance tests skipped unless env %q set",
 			TestEnvVar))
 		return
 	}
--- a/http/sys_raft.go
+++ b/http/sys_raft.go
@ -68,7 +68,7 @@ func handleSysRaftJoinPost(core *vault.Core, w http.ResponseWriter, r *http.Requ
 	}

 	if req.AutoJoinScheme != "" && (req.AutoJoinScheme != "http" && req.AutoJoinScheme != "https") {
-		respondError(w, http.StatusBadRequest, fmt.Errorf("invalid scheme '%s'; must either be http or https", req.AutoJoinScheme))
+		respondError(w, http.StatusBadRequest, fmt.Errorf("invalid scheme %q; must either be http or https", req.AutoJoinScheme))
 		return
 	}

--- a/physical/foundationdb/foundationdb.go
+++ b/physical/foundationdb/foundationdb.go
@ -233,12 +233,12 @@ func NewFDBBackend(conf map[string]string, logger log.Logger) (physical.Backend,

 	db, err := fdb.Open(fdbClusterFile, []byte("DB"))
 	if err != nil {
-		return nil, fmt.Errorf("failed to open database with cluster file '%s': %w", fdbClusterFile, err)
+		return nil, fmt.Errorf("failed to open database with cluster file %q: %w", fdbClusterFile, err)
 	}

 	topDir, err := directory.CreateOrOpen(db, dirPath, nil)
 	if err != nil {
-		return nil, fmt.Errorf("failed to create/open top-level directory '%s': %w", path, err)
+		return nil, fmt.Errorf("failed to create/open top-level directory %q: %w", path, err)
 	}

 	// Setup the backend
--- a/physical/postgresql/postgresql_test.go
+++ b/physical/postgresql/postgresql_test.go
@ -106,7 +106,7 @@ func TestPostgreSQLBackendMaxIdleConnectionsParameter(t *testing.T) {
 	}
 	expectedErrStr := "failed parsing max_idle_connections parameter: strconv.Atoi: parsing \"bad param\": invalid syntax"
 	if err.Error() != expectedErrStr {
-		t.Errorf("Expected: \"%s\" but found \"%s\"", expectedErrStr, err.Error())
+		t.Errorf("Expected: %q but found %q", expectedErrStr, err.Error())
 	}
 }

@ -165,7 +165,7 @@ func TestConnectionURL(t *testing.T) {
 			got := connectionURL(tt.input.conf)

 			if got != tt.want {
-				t.Errorf("connectionURL(%s): want '%s', got '%s'", tt.input, tt.want, got)
+				t.Errorf("connectionURL(%s): want %q, got %q", tt.input, tt.want, got)
 			}
 		})
 	}
--- a/physical/raft/raft.go
+++ b/physical/raft/raft.go
@ -250,7 +250,7 @@ func (b *RaftBackend) JoinConfig() ([]*LeaderJoinInfo, error) {
 		}

 		if info.AutoJoinScheme != "" && (info.AutoJoinScheme != "http" && info.AutoJoinScheme != "https") {
-			return nil, fmt.Errorf("invalid scheme '%s'; must either be http or https", info.AutoJoinScheme)
+			return nil, fmt.Errorf("invalid scheme %q; must either be http or https", info.AutoJoinScheme)
 		}

 		info.Retry = true
--- a/physical/swift/swift_test.go
+++ b/physical/swift/swift_test.go
@ -50,7 +50,7 @@ func TestSwiftBackend(t *testing.T) {

 	err = cleaner.ContainerCreate(container, nil)
 	if nil != err {
-		t.Fatalf("Unable to create test container '%s': %v", container, err)
+		t.Fatalf("Unable to create test container %q: %v", container, err)
 	}
 	defer func() {
 		newObjects, err := cleaner.ObjectNamesAll(container, nil)
--- a/plugins/database/hana/hana_test.go
+++ b/plugins/database/hana/hana_test.go
@ -178,7 +178,7 @@ func TestHANA_UpdateUser(t *testing.T) {
 				if err == nil {
 					t.Fatalf("Able to login with new creds when expecting an issue")
 				} else if test.expectedErrMsg != "" && !strings.Contains(err.Error(), test.expectedErrMsg) {
-					t.Fatalf("Expected error message to contain \"%s\", received: %s", test.expectedErrMsg, err)
+					t.Fatalf("Expected error message to contain %q, received: %s", test.expectedErrMsg, err)
 				}
 			}
 			if !test.expectErrOnLogin && err != nil {
--- a/sdk/helper/pathmanager/pathmanager_test.go
+++ b/sdk/helper/pathmanager/pathmanager_test.go
@ -20,7 +20,7 @@ func TestPathManager(t *testing.T) {

 	for _, path := range paths {
 		if m.HasPath(path) {
-			t.Fatalf("path should not exist in filtered paths '%s'", path)
+			t.Fatalf("path should not exist in filtered paths %q", path)
 		}
 	}

@ -34,7 +34,7 @@ func TestPathManager(t *testing.T) {
 	}
 	for _, path := range paths {
 		if !m.HasPath(path) {
-			t.Fatalf("path should exist in filtered paths '%s'", path)
+			t.Fatalf("path should exist in filtered paths %q", path)
 		}
 	}

@ -43,7 +43,7 @@ func TestPathManager(t *testing.T) {

 	for _, path := range paths {
 		if m.HasPath(path) {
-			t.Fatalf("path should not exist in filtered paths '%s'", path)
+			t.Fatalf("path should not exist in filtered paths %q", path)
 		}
 	}
 }
@ -63,7 +63,7 @@ func TestPathManager_RemovePrefix(t *testing.T) {

 	for _, path := range paths {
 		if m.HasPath(path) {
-			t.Fatalf("path should not exist in filtered paths '%s'", path)
+			t.Fatalf("path should not exist in filtered paths %q", path)
 		}
 	}

@ -77,7 +77,7 @@ func TestPathManager_RemovePrefix(t *testing.T) {
 	}
 	for _, path := range paths {
 		if !m.HasPath(path) {
-			t.Fatalf("path should exist in filtered paths '%s'", path)
+			t.Fatalf("path should exist in filtered paths %q", path)
 		}
 	}

@ -90,7 +90,7 @@ func TestPathManager_RemovePrefix(t *testing.T) {

 	for _, path := range paths {
 		if m.HasPath(path) {
-			t.Fatalf("path should not exist in filtered paths '%s'", path)
+			t.Fatalf("path should not exist in filtered paths %q", path)
 		}
 	}
 }
--- a/vault/counters_test.go
+++ b/vault/counters_test.go
@ -14,7 +14,7 @@ func testParseTime(t *testing.T, format, timeval string) time.Time {
 	t.Helper()
 	tm, err := time.Parse(format, timeval)
 	if err != nil {
-		t.Fatalf("Error parsing time '%s': %v", timeval, err)
+		t.Fatalf("Error parsing time %q: %v", timeval, err)
 	}
 	return tm
 }
--- a/vault/logical_raw.go
+++ b/vault/logical_raw.go
@ -56,7 +56,7 @@ func (b *RawBackend) handleRawRead(ctx context.Context, req *logical.Request, da

 	encoding := data.Get("encoding").(string)
 	if encoding != "" && encoding != "base64" {
-		return logical.ErrorResponse("invalid encoding '%s'", encoding), logical.ErrInvalidRequest
+		return logical.ErrorResponse("invalid encoding %q", encoding), logical.ErrInvalidRequest
 	}

 	if b.recoveryMode {
@ -66,7 +66,7 @@ func (b *RawBackend) handleRawRead(ctx context.Context, req *logical.Request, da
 	// Prevent access of protected paths
 	for _, p := range protectedPaths {
 		if strings.HasPrefix(path, p) {
-			err := fmt.Sprintf("cannot read '%s'", path)
+			err := fmt.Sprintf("cannot read %q", path)
 			return logical.ErrorResponse(err), logical.ErrInvalidRequest
 		}
 	}
@ -74,7 +74,7 @@ func (b *RawBackend) handleRawRead(ctx context.Context, req *logical.Request, da
 	// Run additional checks if needed
 	if err := b.checkRaw(path); err != nil {
 		b.logger.Warn(err.Error(), "path", path)
-		return logical.ErrorResponse("cannot read '%s'", path), logical.ErrInvalidRequest
+		return logical.ErrorResponse("cannot read %q", path), logical.ErrInvalidRequest
 	}

 	entry, err := b.barrier.Get(ctx, path)
@ -127,7 +127,7 @@ func (b *RawBackend) handleRawWrite(ctx context.Context, req *logical.Request, d

 	encoding := data.Get("encoding").(string)
 	if encoding != "" && encoding != "base64" {
-		return logical.ErrorResponse("invalid encoding '%s'", encoding), logical.ErrInvalidRequest
+		return logical.ErrorResponse("invalid encoding %q", encoding), logical.ErrInvalidRequest
 	}

 	if b.recoveryMode {
@ -137,7 +137,7 @@ func (b *RawBackend) handleRawWrite(ctx context.Context, req *logical.Request, d
 	// Prevent access of protected paths
 	for _, p := range protectedPaths {
 		if strings.HasPrefix(path, p) {
-			err := fmt.Sprintf("cannot write '%s'", path)
+			err := fmt.Sprintf("cannot write %q", path)
 			return logical.ErrorResponse(err), logical.ErrInvalidRequest
 		}
 	}
@ -203,7 +203,7 @@ func (b *RawBackend) handleRawWrite(ctx context.Context, req *logical.Request, d
 			}
 			break
 		default:
-			err := fmt.Sprintf("invalid compression type '%s'", compressionType)
+			err := fmt.Sprintf("invalid compression type %q", compressionType)
 			return logical.ErrorResponse(err), logical.ErrInvalidRequest
 		}

@ -236,7 +236,7 @@ func (b *RawBackend) handleRawDelete(ctx context.Context, req *logical.Request,
 	// Prevent access of protected paths
 	for _, p := range protectedPaths {
 		if strings.HasPrefix(path, p) {
-			err := fmt.Sprintf("cannot delete '%s'", path)
+			err := fmt.Sprintf("cannot delete %q", path)
 			return logical.ErrorResponse(err), logical.ErrInvalidRequest
 		}
 	}
@ -261,7 +261,7 @@ func (b *RawBackend) handleRawList(ctx context.Context, req *logical.Request, da
 	// Prevent access of protected paths
 	for _, p := range protectedPaths {
 		if strings.HasPrefix(path, p) {
-			err := fmt.Sprintf("cannot list '%s'", path)
+			err := fmt.Sprintf("cannot list %q", path)
 			return logical.ErrorResponse(err), logical.ErrInvalidRequest
 		}
 	}
@ -269,7 +269,7 @@ func (b *RawBackend) handleRawList(ctx context.Context, req *logical.Request, da
 	// Run additional checks if needed
 	if err := b.checkRaw(path); err != nil {
 		b.logger.Warn(err.Error(), "path", path)
-		return logical.ErrorResponse("cannot list '%s'", path), logical.ErrInvalidRequest
+		return logical.ErrorResponse("cannot list %q", path), logical.ErrInvalidRequest
 	}

 	keys, err := b.barrier.List(ctx, path)
--- a/vault/logical_system_test.go
+++ b/vault/logical_system_test.go
@ -3530,7 +3530,7 @@ func TestSystemBackend_OpenAPI(t *testing.T) {

 	for _, path := range pathSamples {
 		if doc.Paths[path.path] == nil {
-			t.Fatalf("didn't find expected path '%s'.", path)
+			t.Fatalf("didn't find expected path %q.", path)
 		}
 		tag := doc.Paths[path.path].Get.Tags[0]
 		if tag != path.tag {
--- a/vault/token_store_test.go
+++ b/vault/token_store_test.go
@ -2732,7 +2732,7 @@ func TestTokenStore_HandleRequest_CreateToken_ExistingEntityAlias(t *testing.T)
 		t.Fatal("expected a response")
 	}
 	if resp.Auth.EntityID != entityID {
-		t.Fatalf("expected '%s' got '%s'", entityID, resp.Auth.EntityID)
+		t.Fatalf("expected %q got %q", entityID, resp.Auth.EntityID)
 	}

 	policyFound := false
@ -2742,7 +2742,7 @@ func TestTokenStore_HandleRequest_CreateToken_ExistingEntityAlias(t *testing.T)
 		}
 	}
 	if !policyFound {
-		t.Fatalf("Policy '%s' not derived by entity but should be. Auth %#v", testPolicyName, resp.Auth)
+		t.Fatalf("Policy %q not derived by entity but should be. Auth %#v", testPolicyName, resp.Auth)
 	}
 }

@ -2822,7 +2822,7 @@ func TestTokenStore_HandleRequest_CreateToken_ExistingEntityAliasMixedCase(t *te
 		t.Fatalf("error handling request: %v", err)
 	}
 	if respMixedCase.Auth.EntityID != entityID {
-		t.Fatalf("expected '%s' got '%s'", entityID, respMixedCase.Auth.EntityID)
+		t.Fatalf("expected %q got %q", entityID, respMixedCase.Auth.EntityID)
 	}

 	// lowercase entity alias should match a mixed case alias
@ -2841,7 +2841,7 @@ func TestTokenStore_HandleRequest_CreateToken_ExistingEntityAliasMixedCase(t *te
 	// A token created with the mixed case alias should return the same entity
 	// id as the normal case response.
 	if respLowerCase.Auth.EntityID != entityID {
-		t.Fatalf("expected '%s' got '%s'", entityID, respLowerCase.Auth.EntityID)
+		t.Fatalf("expected %q got %q", entityID, respLowerCase.Auth.EntityID)
 	}
 }

@ -2905,7 +2905,7 @@ func TestTokenStore_HandleRequest_CreateToken_NonExistingEntityAlias(t *testing.

 	// Validate
 	if alias.Name != entityAliasName {
-		t.Fatalf("alias name should be '%s' but is '%s'", entityAliasName, alias.Name)
+		t.Fatalf("alias name should be %q but is %q", entityAliasName, alias.Name)
 	}
 }

@ -2992,7 +2992,7 @@ func TestTokenStore_HandleRequest_CreateToken_GlobPatternWildcardEntityAlias(t *

 			// Validate
 			if alias.Name != test.aliasName {
-				t.Fatalf("alias name should be '%s' but is '%s'", test.aliasName, alias.Name)
+				t.Fatalf("alias name should be %q but is %q", test.aliasName, alias.Name)
 			}
 		})
 	}
@ -3403,7 +3403,7 @@ func TestTokenStore_RoleCRUD(t *testing.T) {
 		t.Fatalf("unexpected number of keys: %d", len(keys))
 	}
 	if keys[0] != "test" {
-		t.Fatalf("expected \"test\", got \"%s\"", keys[0])
+		t.Fatalf("expected \"test\", got %q", keys[0])
 	}

 	req.Operation = logical.DeleteOperation