From 792400a24c1cdd976cd477a0f6bb530959987134 Mon Sep 17 00:00:00 2001
From: John-Michael Faircloth <fairclothjm@users.noreply.github.com>
Date: Mon, 1 Nov 2021 13:34:51 -0500
Subject: [PATCH] ensure errors are checked (#12989)

---
 command/agent/cache/lease_cache_test.go             | 1 +
 sdk/helper/ldaputil/client.go                       | 9 +++++----
 vault/external_tests/identity/oidc_provider_test.go | 1 +
 3 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/command/agent/cache/lease_cache_test.go b/command/agent/cache/lease_cache_test.go
index 0575c9d03..4dbe23392 100644
--- a/command/agent/cache/lease_cache_test.go
+++ b/command/agent/cache/lease_cache_test.go
@@ -972,6 +972,7 @@ func TestLeaseCache_PersistAndRestore_WithManyDependencies(t *testing.T) {
 	var processed int
 
 	leases, err := boltStorage.GetByType(context.Background(), cacheboltdb.LeaseType)
+	require.NoError(t, err)
 	for _, lease := range leases {
 		index, err := cachememdb.Deserialize(lease)
 		require.NoError(t, err)
diff --git a/sdk/helper/ldaputil/client.go b/sdk/helper/ldaputil/client.go
index 5babd9e34..2c3a17fb9 100644
--- a/sdk/helper/ldaputil/client.go
+++ b/sdk/helper/ldaputil/client.go
@@ -99,7 +99,6 @@ func (c *Client) DialLDAP(cfg *ConfigEntry) (Connection, error) {
  * user's attributes (if found)
  */
 func (c *Client) makeLdapSearchRequest(cfg *ConfigEntry, conn Connection, username string) (*ldap.SearchResult, error) {
-
 	// Note: The logic below drives the logic in ConfigEntry.Validate().
 	// If updated, please update there as well.
 	var err error
@@ -113,6 +112,9 @@ func (c *Client) makeLdapSearchRequest(cfg *ConfigEntry, conn Connection, userna
 	}
 
 	renderedFilter, err := c.RenderUserSearchFilter(cfg, username)
+	if err != nil {
+		return nil, err
+	}
 
 	if c.Logger.IsDebug() {
 		c.Logger.Debug("discovering user", "userdn", cfg.UserDN, "filter", renderedFilter)
@@ -121,14 +123,13 @@ func (c *Client) makeLdapSearchRequest(cfg *ConfigEntry, conn Connection, userna
 		BaseDN:    cfg.UserDN,
 		Scope:     ldap.ScopeWholeSubtree,
 		Filter:    renderedFilter,
-		SizeLimit: 2, //Should be only 1 result. Any number larger (2 or more) means access denied.
+		SizeLimit: 2, // Should be only 1 result. Any number larger (2 or more) means access denied.
 		Attributes: []string{
-			cfg.UserAttr, //Return only needed attributes
+			cfg.UserAttr, // Return only needed attributes
 		},
 	}
 
 	result, err := conn.Search(ldapRequest)
-
 	if err != nil {
 		return nil, err
 	}
diff --git a/vault/external_tests/identity/oidc_provider_test.go b/vault/external_tests/identity/oidc_provider_test.go
index 61cdd2c70..aeb5c0d17 100644
--- a/vault/external_tests/identity/oidc_provider_test.go
+++ b/vault/external_tests/identity/oidc_provider_test.go
@@ -290,6 +290,7 @@ func TestOIDC_Auth_Code_Flow_CAP_Client(t *testing.T) {
 			_, err = client.Logical().Write("identity/oidc/provider/test-provider", map[string]interface{}{
 				"allowed_client_ids": []string{clientID},
 			})
+			require.NoError(t, err)
 
 			// Create the client-side OIDC request state
 			oidcRequest, err := oidc.NewRequest(10*time.Minute, testRedirectURI, tt.args.options...)