luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Clean up error string formatting (#4304)

This commit is contained in:
Becca Petrin 2018-04-09 11:35:21 -07:00 committed by Jeff Mitchell
parent 2bb3ecea33
commit abb621752f
29 changed files with 141 additions and 141 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
builtin/credential/aws/path_login.go
View File

@ -1353,7 +1353,7 @@ func parseIamArn(iamArn string) (*iamEntity, error) {
return nil, fmt.Errorf("unrecognized arn: contains %d colon-separated parts, expected 6", len(fullParts))
}
if fullParts[0] != "arn" {
return nil, fmt.Errorf("unrecognized arn: does not begin with arn:")
return nil, fmt.Errorf("unrecognized arn: does not begin with \"arn:\"")
}
// normally aws, but could be aws-cn or aws-us-gov
entity.Partition = fullParts[1]

4
builtin/credential/ldap/backend_test.go
View File

@ -677,7 +677,7 @@ func testAccStepGroupList(t *testing.T, groups []string) logicaltest.TestStep {
Path: "groups",
Check: func(resp *logical.Response) error {
if resp.IsError() {
return fmt.Errorf("Got error response: %#v", *resp)
return fmt.Errorf("got error response: %#v", *resp)
}
expected := make([]string, len(groups))
@ -702,7 +702,7 @@ func testAccStepUserList(t *testing.T, users []string) logicaltest.TestStep {
Path: "users",
Check: func(resp *logical.Response) error {
if resp.IsError() {
return fmt.Errorf("Got error response: %#v", *resp)
return fmt.Errorf("got error response: %#v", *resp)
}
expected := make([]string, len(users))

2
builtin/credential/okta/backend_test.go
View File

@ -125,7 +125,7 @@ func testConfigRead(t *testing.T, token string, d map[string]interface{}) logica
}
if resp.Data["organization"] != d["organization"] {
return fmt.Errorf("Org mismatch expected %s but got %s", d["organization"], resp.Data["Org"])
return fmt.Errorf("org mismatch expected %s but got %s", d["organization"], resp.Data["Org"])
}
if resp.Data["base_url"] != d["base_url"] {

2
builtin/credential/radius/backend_test.go
View File

@ -212,7 +212,7 @@ func testStepUserList(t *testing.T, users []string) logicaltest.TestStep {
Path: "users",
Check: func(resp *logical.Response) error {
if resp.IsError() {
return fmt.Errorf("Got error response: %#v", *resp)
return fmt.Errorf("got error response: %#v", *resp)
}
if !reflect.DeepEqual(users, resp.Data["keys"].([]string)) {

4
builtin/credential/token/cli.go
View File

@ -66,8 +66,8 @@ func (h *CLIHandler) Auth(c *api.Client, m map[string]string) (*api.Secret, erro
if token == "" {
return nil, fmt.Errorf(
"A token must be passed to auth. Please view the help for more " +
"information.")
"a token must be passed to auth, please view the help for more " +
"information")
}
// If the user declined verification, return now. Note that we will not have

6
builtin/credential/userpass/backend_test.go
View File

@ -233,7 +233,7 @@ func testUsersWrite(t *testing.T, user string, data map[string]interface{}, expe
ErrorOk: true,
Check: func(resp *logical.Response) error {
if resp == nil && expectError {
return fmt.Errorf("Expected error but received nil")
return fmt.Errorf("expected error but received nil")
}
return nil
},
@ -248,7 +248,7 @@ func testLoginWrite(t *testing.T, user string, data map[string]interface{}, expe
ErrorOk: true,
Check: func(resp *logical.Response) error {
if resp == nil && expectError {
return fmt.Errorf("Expected error but received nil")
return fmt.Errorf("expected error but received nil")
}
return nil
},
@ -261,7 +261,7 @@ func testAccStepList(t *testing.T, users []string) logicaltest.TestStep {
Path: "users",
Check: func(resp *logical.Response) error {
if resp.IsError() {
return fmt.Errorf("Got error response: %#v", *resp)
return fmt.Errorf("got error response: %#v", *resp)
}
exp := []string{"web", "web2", "web3"}

4
builtin/logical/aws/path_roles.go
View File

@ -103,10 +103,10 @@ func useInlinePolicy(d *framework.FieldData) (bool, error) {
ba := d.Get("arn").(string) != ""
if !bp && !ba {
return false, errors.New("Either policy or arn must be provided")
return false, errors.New("either policy or arn must be provided")
}
if bp && ba {
return false, errors.New("Only one of policy or arn should be provided")
return false, errors.New("only one of policy or arn should be provided")
}
return bp, nil
}

2
builtin/logical/mongodb/backend_test.go
View File

@ -203,7 +203,7 @@ func testAccStepConfig(d map[string]interface{}, expectError bool) logicaltest.T
return err
}
if len(e.Error) == 0 {
return fmt.Errorf("expected error, but write succeeded.")
return fmt.Errorf("expected error, but write succeeded")
}
return nil
} else if resp != nil && resp.IsError() {

80
builtin/logical/pki/backend_test.go
View File

@ -414,7 +414,7 @@ func TestBackend_ECRoles_CSR(t *testing.T) {
func checkCertsAndPrivateKey(keyType string, key crypto.Signer, usage x509.KeyUsage, extUsage x509.ExtKeyUsage, validity time.Duration, certBundle *certutil.CertBundle) (*certutil.ParsedCertBundle, error) {
parsedCertBundle, err := certBundle.ToParsedCertBundle()
if err != nil {
return nil, fmt.Errorf("Error parsing cert bundle: %s", err)
return nil, fmt.Errorf("error parsing cert bundle: %s", err)
}
if key != nil {
@ -428,69 +428,69 @@ func checkCertsAndPrivateKey(keyType string, key crypto.Signer, usage x509.KeyUs
parsedCertBundle.PrivateKey = key
parsedCertBundle.PrivateKeyBytes, err = x509.MarshalECPrivateKey(key.(*ecdsa.PrivateKey))
if err != nil {
return nil, fmt.Errorf("Error parsing EC key: %s", err)
return nil, fmt.Errorf("error parsing EC key: %s", err)
}
}
}
switch {
case parsedCertBundle.Certificate == nil:
return nil, fmt.Errorf("Did not find a certificate in the cert bundle")
return nil, fmt.Errorf("did not find a certificate in the cert bundle")
case len(parsedCertBundle.CAChain) == 0 || parsedCertBundle.CAChain[0].Certificate == nil:
return nil, fmt.Errorf("Did not find a CA in the cert bundle")
return nil, fmt.Errorf("did not find a CA in the cert bundle")
case parsedCertBundle.PrivateKey == nil:
return nil, fmt.Errorf("Did not find a private key in the cert bundle")
return nil, fmt.Errorf("did not find a private key in the cert bundle")
case parsedCertBundle.PrivateKeyType == certutil.UnknownPrivateKey:
return nil, fmt.Errorf("Could not figure out type of private key")
return nil, fmt.Errorf("could not figure out type of private key")
}
switch {
case parsedCertBundle.PrivateKeyType == certutil.RSAPrivateKey && keyType != "rsa":
fallthrough
case parsedCertBundle.PrivateKeyType == certutil.ECPrivateKey && keyType != "ec":
return nil, fmt.Errorf("Given key type does not match type found in bundle")
return nil, fmt.Errorf("given key type does not match type found in bundle")
}
cert := parsedCertBundle.Certificate
if usage != cert.KeyUsage {
return nil, fmt.Errorf("Expected usage of %#v, got %#v; ext usage is %#v", usage, cert.KeyUsage, cert.ExtKeyUsage)
return nil, fmt.Errorf("expected usage of %#v, got %#v; ext usage is %#v", usage, cert.KeyUsage, cert.ExtKeyUsage)
}
// There should only be one ext usage type, because only one is requested
// in the tests
if len(cert.ExtKeyUsage) != 1 {
return nil, fmt.Errorf("Got wrong size key usage in generated cert; expected 1, values are %#v", cert.ExtKeyUsage)
return nil, fmt.Errorf("got wrong size key usage in generated cert; expected 1, values are %#v", cert.ExtKeyUsage)
}
switch extUsage {
case x509.ExtKeyUsageEmailProtection:
if cert.ExtKeyUsage[0] != x509.ExtKeyUsageEmailProtection {
return nil, fmt.Errorf("Bad extended key usage")
return nil, fmt.Errorf("bad extended key usage")
}
case x509.ExtKeyUsageServerAuth:
if cert.ExtKeyUsage[0] != x509.ExtKeyUsageServerAuth {
return nil, fmt.Errorf("Bad extended key usage")
return nil, fmt.Errorf("bad extended key usage")
}
case x509.ExtKeyUsageClientAuth:
if cert.ExtKeyUsage[0] != x509.ExtKeyUsageClientAuth {
return nil, fmt.Errorf("Bad extended key usage")
return nil, fmt.Errorf("bad extended key usage")
}
case x509.ExtKeyUsageCodeSigning:
if cert.ExtKeyUsage[0] != x509.ExtKeyUsageCodeSigning {
return nil, fmt.Errorf("Bad extended key usage")
return nil, fmt.Errorf("bad extended key usage")
}
}
// 40 seconds since we add 30 second slack for clock skew
if math.Abs(float64(time.Now().Unix()-cert.NotBefore.Unix())) > 40 {
return nil, fmt.Errorf("Validity period starts out of range")
return nil, fmt.Errorf("validity period starts out of range")
}
if !cert.NotBefore.Before(time.Now().Add(-10 * time.Second)) {
return nil, fmt.Errorf("Validity period not far enough in the past")
return nil, fmt.Errorf("validity period not far enough in the past")
}
if math.Abs(float64(time.Now().Add(validity).Unix()-cert.NotAfter.Unix())) > 20 {
return nil, fmt.Errorf("Certificate validity end: %s; expected within 20 seconds of %s", cert.NotAfter.Format(time.RFC3339), time.Now().Add(validity).Format(time.RFC3339))
return nil, fmt.Errorf("certificate validity end: %s; expected within 20 seconds of %s", cert.NotAfter.Format(time.RFC3339), time.Now().Add(validity).Format(time.RFC3339))
}
return parsedCertBundle, nil
@ -853,7 +853,7 @@ func generateCATestingSteps(t *testing.T, caCert, caKey, otherCaCert string, int
return fmt.Errorf("CA certificate:\n%#v\ndoes not match original:\n%#v\n", rawBytes, []byte(caCert))
}
if resp.Data["http_content_type"].(string) != "application/pkix-cert" {
return fmt.Errorf("Expected application/pkix-cert as content-type, but got %s", resp.Data["http_content_type"].(string))
return fmt.Errorf("expected application/pkix-cert as content-type, but got %s", resp.Data["http_content_type"].(string))
}
return nil
},
@ -873,7 +873,7 @@ func generateCATestingSteps(t *testing.T, caCert, caKey, otherCaCert string, int
return fmt.Errorf("CA certificate:\n%s\ndoes not match original:\n%s\n", pemBytes, caCert)
}
if resp.Data["http_content_type"].(string) != "application/pkix-cert" {
return fmt.Errorf("Expected application/pkix-cert as content-type, but got %s", resp.Data["http_content_type"].(string))
return fmt.Errorf("expected application/pkix-cert as content-type, but got %s", resp.Data["http_content_type"].(string))
}
return nil
},
@ -934,7 +934,7 @@ func generateCATestingSteps(t *testing.T, caCert, caKey, otherCaCert string, int
return fmt.Errorf("CA certificate:\n%s\ndoes not match original:\n%s\n", string(rawBytes), caCert)
}
if resp.Data["http_content_type"].(string) != "application/pkix-cert" {
return fmt.Errorf("Expected application/pkix-cert as content-type, but got %s", resp.Data["http_content_type"].(string))
return fmt.Errorf("expected application/pkix-cert as content-type, but got %s", resp.Data["http_content_type"].(string))
}
return nil
},
@ -954,7 +954,7 @@ func generateCATestingSteps(t *testing.T, caCert, caKey, otherCaCert string, int
return fmt.Errorf("CA certificate:\n%s\ndoes not match original:\n%s\n", pemBytes, caCert)
}
if resp.Data["http_content_type"].(string) != "application/pkix-cert" {
return fmt.Errorf("Expected application/pkix-cert as content-type, but got %s", resp.Data["http_content_type"].(string))
return fmt.Errorf("expected application/pkix-cert as content-type, but got %s", resp.Data["http_content_type"].(string))
}
return nil
},
@ -1540,7 +1540,7 @@ func generateRoleSteps(t *testing.T, useCSRs bool) []logicaltest.TestStep {
if resp.IsError() {
return nil
}
return fmt.Errorf("Expected an error, but did not seem to get one")
return fmt.Errorf("expected an error, but did not seem to get one")
}
// Adds tests with the currently configured issue/role information
@ -1573,13 +1573,13 @@ func generateRoleSteps(t *testing.T, useCSRs bool) []logicaltest.TestStep {
}
parsedCertBundle, err := certBundle.ToParsedCertBundle()
if err != nil {
return fmt.Errorf("Error checking generated certificate: %s", err)
return fmt.Errorf("error checking generated certificate: %s", err)
}
cert := parsedCertBundle.Certificate
expected := strutil.RemoveDuplicates(role.Country, true)
if !reflect.DeepEqual(cert.Subject.Country, expected) {
return fmt.Errorf("Error: returned certificate has Country of %s but %s was specified in the role.", cert.Subject.Country, expected)
return fmt.Errorf("error: returned certificate has Country of %s but %s was specified in the role", cert.Subject.Country, expected)
}
return nil
}
@ -1594,13 +1594,13 @@ func generateRoleSteps(t *testing.T, useCSRs bool) []logicaltest.TestStep {
}
parsedCertBundle, err := certBundle.ToParsedCertBundle()
if err != nil {
return fmt.Errorf("Error checking generated certificate: %s", err)
return fmt.Errorf("error checking generated certificate: %s", err)
}
cert := parsedCertBundle.Certificate
expected := strutil.RemoveDuplicates(role.OU, true)
if !reflect.DeepEqual(cert.Subject.OrganizationalUnit, expected) {
return fmt.Errorf("Error: returned certificate has OU of %s but %s was specified in the role.", cert.Subject.OrganizationalUnit, expected)
return fmt.Errorf("error: returned certificate has OU of %s but %s was specified in the role", cert.Subject.OrganizationalUnit, expected)
}
return nil
}
@ -1615,13 +1615,13 @@ func generateRoleSteps(t *testing.T, useCSRs bool) []logicaltest.TestStep {
}
parsedCertBundle, err := certBundle.ToParsedCertBundle()
if err != nil {
return fmt.Errorf("Error checking generated certificate: %s", err)
return fmt.Errorf("error checking generated certificate: %s", err)
}
cert := parsedCertBundle.Certificate
expected := strutil.RemoveDuplicates(role.Organization, true)
if !reflect.DeepEqual(cert.Subject.Organization, expected) {
return fmt.Errorf("Error: returned certificate has Organization of %s but %s was specified in the role.", cert.Subject.Organization, expected)
return fmt.Errorf("error: returned certificate has Organization of %s but %s was specified in the role", cert.Subject.Organization, expected)
}
return nil
}
@ -1636,13 +1636,13 @@ func generateRoleSteps(t *testing.T, useCSRs bool) []logicaltest.TestStep {
}
parsedCertBundle, err := certBundle.ToParsedCertBundle()
if err != nil {
return fmt.Errorf("Error checking generated certificate: %s", err)
return fmt.Errorf("error checking generated certificate: %s", err)
}
cert := parsedCertBundle.Certificate
expected := strutil.RemoveDuplicates(role.Locality, true)
if !reflect.DeepEqual(cert.Subject.Locality, expected) {
return fmt.Errorf("Error: returned certificate has Locality of %s but %s was specified in the role.", cert.Subject.Locality, expected)
return fmt.Errorf("error: returned certificate has Locality of %s but %s was specified in the role", cert.Subject.Locality, expected)
}
return nil
}
@ -1657,13 +1657,13 @@ func generateRoleSteps(t *testing.T, useCSRs bool) []logicaltest.TestStep {
}
parsedCertBundle, err := certBundle.ToParsedCertBundle()
if err != nil {
return fmt.Errorf("Error checking generated certificate: %s", err)
return fmt.Errorf("error checking generated certificate: %s", err)
}
cert := parsedCertBundle.Certificate
expected := strutil.RemoveDuplicates(role.Province, true)
if !reflect.DeepEqual(cert.Subject.Province, expected) {
return fmt.Errorf("Error: returned certificate has Province of %s but %s was specified in the role.", cert.Subject.Province, expected)
return fmt.Errorf("error: returned certificate has Province of %s but %s was specified in the role", cert.Subject.Province, expected)
}
return nil
}
@ -1678,13 +1678,13 @@ func generateRoleSteps(t *testing.T, useCSRs bool) []logicaltest.TestStep {
}
parsedCertBundle, err := certBundle.ToParsedCertBundle()
if err != nil {
return fmt.Errorf("Error checking generated certificate: %s", err)
return fmt.Errorf("error checking generated certificate: %s", err)
}
cert := parsedCertBundle.Certificate
expected := strutil.RemoveDuplicates(role.StreetAddress, true)
if !reflect.DeepEqual(cert.Subject.StreetAddress, expected) {
return fmt.Errorf("Error: returned certificate has StreetAddress of %s but %s was specified in the role.", cert.Subject.StreetAddress, expected)
return fmt.Errorf("error: returned certificate has StreetAddress of %s but %s was specified in the role", cert.Subject.StreetAddress, expected)
}
return nil
}
@ -1699,13 +1699,13 @@ func generateRoleSteps(t *testing.T, useCSRs bool) []logicaltest.TestStep {
}
parsedCertBundle, err := certBundle.ToParsedCertBundle()
if err != nil {
return fmt.Errorf("Error checking generated certificate: %s", err)
return fmt.Errorf("error checking generated certificate: %s", err)
}
cert := parsedCertBundle.Certificate
expected := strutil.RemoveDuplicates(role.PostalCode, true)
if !reflect.DeepEqual(cert.Subject.PostalCode, expected) {
return fmt.Errorf("Error: returned certificate has PostalCode of %s but %s was specified in the role.", cert.Subject.PostalCode, expected)
return fmt.Errorf("error: returned certificate has PostalCode of %s but %s was specified in the role", cert.Subject.PostalCode, expected)
}
return nil
}
@ -1722,19 +1722,19 @@ func generateRoleSteps(t *testing.T, useCSRs bool) []logicaltest.TestStep {
}
parsedCertBundle, err := checkCertsAndPrivateKey(role.KeyType, key, usage, extUsage, validity, &certBundle)
if err != nil {
return fmt.Errorf("Error checking generated certificate: %s", err)
return fmt.Errorf("error checking generated certificate: %s", err)
}
cert := parsedCertBundle.Certificate
if cert.Subject.CommonName != name {
return fmt.Errorf("Error: returned certificate has CN of %s but %s was requested", cert.Subject.CommonName, name)
return fmt.Errorf("error: returned certificate has CN of %s but %s was requested", cert.Subject.CommonName, name)
}
if strings.Contains(cert.Subject.CommonName, "@") {
if len(cert.DNSNames) != 0 || len(cert.EmailAddresses) != 1 {
return fmt.Errorf("Error: found more than one DNS SAN or not one Email SAN but only one was requested, cert.DNSNames = %#v, cert.EmailAddresses = %#v", cert.DNSNames, cert.EmailAddresses)
return fmt.Errorf("error: found more than one DNS SAN or not one Email SAN but only one was requested, cert.DNSNames = %#v, cert.EmailAddresses = %#v", cert.DNSNames, cert.EmailAddresses)
}
} else {
if len(cert.DNSNames) != 1 || len(cert.EmailAddresses) != 0 {
return fmt.Errorf("Error: found more than one Email SAN or not one DNS SAN but only one was requested, cert.DNSNames = %#v, cert.EmailAddresses = %#v", cert.DNSNames, cert.EmailAddresses)
return fmt.Errorf("error: found more than one Email SAN or not one DNS SAN but only one was requested, cert.DNSNames = %#v, cert.EmailAddresses = %#v", cert.DNSNames, cert.EmailAddresses)
}
}
var retName string
@ -1755,7 +1755,7 @@ func generateRoleSteps(t *testing.T, useCSRs bool) []logicaltest.TestStep {
t.Fatal(err)
}
if converted != name {
return fmt.Errorf("Error: returned certificate has a DNS SAN of %s (from idna: %s) but %s was requested", retName, converted, name)
return fmt.Errorf("error: returned certificate has a DNS SAN of %s (from idna: %s) but %s was requested", retName, converted, name)
}
}
return nil

8
builtin/logical/postgresql/backend_test.go
View File

@ -285,7 +285,7 @@ func testAccStepConfig(t *testing.T, d map[string]interface{}, expectError bool)
return err
}
if len(e.Error) == 0 {
return fmt.Errorf("expected error, but write succeeded.")
return fmt.Errorf("expected error, but write succeeded")
}
return nil
} else if resp != nil && resp.IsError() {
@ -396,7 +396,7 @@ func testAccStepReadCreds(t *testing.T, b logical.Backend, s logical.Storage, na
}
if resp != nil {
if resp.IsError() {
return fmt.Errorf("Error on resp: %#v", *resp)
return fmt.Errorf("error on resp: %#v", *resp)
}
}
@ -457,7 +457,7 @@ func testAccStepCreateTable(t *testing.T, b logical.Backend, s logical.Storage,
}
if resp != nil {
if resp.IsError() {
return fmt.Errorf("Error on resp: %#v", *resp)
return fmt.Errorf("error on resp: %#v", *resp)
}
}
@ -512,7 +512,7 @@ func testAccStepDropTable(t *testing.T, b logical.Backend, s logical.Storage, na
}
if resp != nil {
if resp.IsError() {
return fmt.Errorf("Error on resp: %#v", *resp)
return fmt.Errorf("error on resp: %#v", *resp)
}
}

2
builtin/logical/rabbitmq/backend_test.go
View File

@ -201,7 +201,7 @@ func testAccStepReadCreds(t *testing.T, b logical.Backend, uri, name string) log
}
if resp != nil {
if resp.IsError() {
return fmt.Errorf("Error on resp: %#v", *resp)
return fmt.Errorf("error on resp: %#v", *resp)
}
}

40
builtin/logical/ssh/backend_test.go
View File

@ -751,7 +751,7 @@ func TestBackend_DisallowUserProvidedKeyIDs(t *testing.T) {
ErrorOk: true,
Check: func(resp *logical.Response) error {
if resp.Data["error"] != "setting key_id is not allowed by role" {
return errors.New("Custom user key id was allowed even when 'allow_user_key_ids' is false.")
return errors.New("custom user key id was allowed even when 'allow_user_key_ids' is false")
}
return nil
},
@ -795,12 +795,12 @@ func signCertificateStep(
serialNumber := resp.Data["serial_number"].(string)
if serialNumber == "" {
return errors.New("No serial number in response")
return errors.New("no serial number in response")
}
signedKey := strings.TrimSpace(resp.Data["signed_key"].(string))
if signedKey == "" {
return errors.New("No signed key in response")
return errors.New("no signed key in response")
}
key, _ := base64.StdEncoding.DecodeString(strings.Split(signedKey, " ")[1])
@ -819,28 +819,28 @@ func validateSSHCertificate(cert *ssh.Certificate, keyId string, certType int, v
ttl time.Duration) error {
if cert.KeyId != keyId {
return fmt.Errorf("Incorrect KeyId: %v, wanted %v", cert.KeyId, keyId)
return fmt.Errorf("incorrect KeyId: %v, wanted %v", cert.KeyId, keyId)
}
if cert.CertType != uint32(certType) {
return fmt.Errorf("Incorrect CertType: %v", cert.CertType)
return fmt.Errorf("incorrect CertType: %v", cert.CertType)
}
if time.Unix(int64(cert.ValidAfter), 0).After(time.Now()) {
return fmt.Errorf("Incorrect ValidAfter: %v", cert.ValidAfter)
return fmt.Errorf("incorrect ValidAfter: %v", cert.ValidAfter)
}
if time.Unix(int64(cert.ValidBefore), 0).Before(time.Now()) {
return fmt.Errorf("Incorrect ValidBefore: %v", cert.ValidBefore)
return fmt.Errorf("incorrect ValidBefore: %v", cert.ValidBefore)
}
actualTtl := time.Unix(int64(cert.ValidBefore), 0).Add(-30 * time.Second).Sub(time.Unix(int64(cert.ValidAfter), 0))
if actualTtl != ttl {
return fmt.Errorf("Incorrect ttl: expected: %v, actualL %v", ttl, actualTtl)
return fmt.Errorf("incorrect ttl: expected: %v, actualL %v", ttl, actualTtl)
}
if !reflect.DeepEqual(cert.ValidPrincipals, validPrincipals) {
return fmt.Errorf("Incorrect ValidPrincipals: expected: %#v actual: %#v", validPrincipals, cert.ValidPrincipals)
return fmt.Errorf("incorrect ValidPrincipals: expected: %#v actual: %#v", validPrincipals, cert.ValidPrincipals)
}
publicSigningKey, err := getSigningPublicKey()
@ -848,19 +848,19 @@ func validateSSHCertificate(cert *ssh.Certificate, keyId string, certType int, v
return err
}
if !reflect.DeepEqual(cert.SignatureKey, publicSigningKey) {
return fmt.Errorf("Incorrect SignatureKey: %v", cert.SignatureKey)
return fmt.Errorf("incorrect SignatureKey: %v", cert.SignatureKey)
}
if cert.Signature == nil {
return fmt.Errorf("Incorrect Signature: %v", cert.Signature)
return fmt.Errorf("incorrect Signature: %v", cert.Signature)
}
if !reflect.DeepEqual(cert.Permissions.Extensions, extensionPermissions) {
return fmt.Errorf("Incorrect Permissions.Extensions: Expected: %v, Actual: %v", extensionPermissions, cert.Permissions.Extensions)
return fmt.Errorf("incorrect Permissions.Extensions: Expected: %v, Actual: %v", extensionPermissions, cert.Permissions.Extensions)
}
if !reflect.DeepEqual(cert.Permissions.CriticalOptions, criticalOptionPermissions) {
return fmt.Errorf("Incorrect Permissions.CriticalOptions: %v", cert.Permissions.CriticalOptions)
return fmt.Errorf("incorrect Permissions.CriticalOptions: %v", cert.Permissions.CriticalOptions)
}
return nil
@ -935,7 +935,7 @@ func testVerifyWrite(t *testing.T, data map[string]interface{}, expected map[str
}
if !reflect.DeepEqual(ac, ex) {
return fmt.Errorf("Invalid response")
return fmt.Errorf("invalid response")
}
return nil
},
@ -966,7 +966,7 @@ func testLookupRead(t *testing.T, data map[string]interface{}, expected []string
Data: data,
Check: func(resp *logical.Response) error {
if resp.Data == nil || resp.Data["roles"] == nil {
return fmt.Errorf("Missing roles information")
return fmt.Errorf("missing roles information")
}
if !reflect.DeepEqual(resp.Data["roles"].([]string), expected) {
return fmt.Errorf("Invalid response: \nactual:%#v\nexpected:%#v", resp.Data["roles"].([]string), expected)
@ -1060,7 +1060,7 @@ func testCredsWrite(t *testing.T, roleName string, data map[string]interface{},
return err
}
if len(e.Error) == 0 {
return fmt.Errorf("expected error, but write succeeded.")
return fmt.Errorf("expected error, but write succeeded")
}
return nil
}
@ -1072,19 +1072,19 @@ func testCredsWrite(t *testing.T, roleName string, data map[string]interface{},
return err
}
if d.Key == "" {
return fmt.Errorf("Generated key is an empty string")
return fmt.Errorf("generated key is an empty string")
}
// Checking only for a parsable key
_, err := ssh.ParsePrivateKey([]byte(d.Key))
if err != nil {
return fmt.Errorf("Generated key is invalid")
return fmt.Errorf("generated key is invalid")
}
} else {
if resp.Data["key_type"] != KeyTypeOTP {
return fmt.Errorf("Incorrect key_type")
return fmt.Errorf("incorrect key_type")
}
if resp.Data["key"] == nil {
return fmt.Errorf("Invalid key")
return fmt.Errorf("invalid key")
}
}
return nil

6
builtin/logical/transit/backend_test.go
View File

@ -475,7 +475,7 @@ func testAccStepDeleteNotDisabledPolicy(t *testing.T, name string) logicaltest.T
ErrorOk: true,
Check: func(resp *logical.Response) error {
if resp == nil {
return fmt.Errorf("Got nil response instead of error")
return fmt.Errorf("got nil response instead of error")
}
if resp.IsError() {
return nil
@ -677,10 +677,10 @@ func testAccStepRewrap(
verString := splitStrings[1][1:]
ver, err := strconv.Atoi(verString)
if err != nil {
return fmt.Errorf("Error pulling out version from verString '%s', ciphertext was %s", verString, d.Ciphertext)
return fmt.Errorf("error pulling out version from verString '%s', ciphertext was %s", verString, d.Ciphertext)
}
if ver != expectedVer {
return fmt.Errorf("Did not get expected version")
return fmt.Errorf("did not get expected version")
}
decryptData["ciphertext"] = d.Ciphertext
return nil

2
builtin/logical/transit/path_export.go
View File

@ -208,7 +208,7 @@ func keyEntryToECPrivateKey(k *keysutil.KeyEntry, curve elliptic.Curve) (string,
return "", err
}
if ecder == nil {
return "", errors.New("No data returned when marshalling to private key")
return "", errors.New("no data returned when marshalling to private key")
}
block := pem.Block{

4
command/format.go
View File

@ -138,7 +138,7 @@ func (t TableFormatter) Output(ui cli.Ui, secret *api.Secret, data interface{})
t.OutputMap(ui, data.(map[string]interface{}))
return nil
default:
return errors.New("Cannot use the table formatter for this type")
return errors.New("cannot use the table formatter for this type")
}
}
@ -151,7 +151,7 @@ func (t TableFormatter) OutputList(ui cli.Ui, secret *api.Secret, data interface
ui.Output(tableOutput(data.([]string), nil))
return nil
default:
return errors.New("Error: table formatter cannot output list for this data type")
return errors.New("error: table formatter cannot output list for this data type")
}
list := data.([]interface{})

2
command/kv_helpers.go
View File

@ -159,7 +159,7 @@ func kvDeleteRequest(client *api.Client, path string) (*api.Secret, error) {
func addPrefixToVKVPath(p, apiPrefix string) (string, error) {
parts := strings.SplitN(p, "/", 2)
if len(parts) != 2 {
return "", errors.New("Invalid path")
return "", errors.New("invalid path")
}
return path.Join(parts[0], apiPrefix, parts[1]), nil

76
helper/certutil/certutil_test.go
View File

@ -152,93 +152,93 @@ func TestCertBundleParsing(t *testing.T) {
func compareCertBundleToParsedCertBundle(cbut *CertBundle, pcbut *ParsedCertBundle) error {
if cbut == nil {
return fmt.Errorf("Got nil bundle")
return fmt.Errorf("got nil bundle")
}
if pcbut == nil {
return fmt.Errorf("Got nil parsed bundle")
return fmt.Errorf("got nil parsed bundle")
}
switch {
case pcbut.Certificate == nil:
return fmt.Errorf("Parsed bundle has nil certificate")
return fmt.Errorf("parsed bundle has nil certificate")
case pcbut.PrivateKey == nil:
return fmt.Errorf("Parsed bundle has nil private key")
return fmt.Errorf("parsed bundle has nil private key")
}
switch cbut.PrivateKey {
case privRSAKeyPem:
if pcbut.PrivateKeyType != RSAPrivateKey {
return fmt.Errorf("Parsed bundle has wrong private key type: %v, should be 'rsa' (%v)", pcbut.PrivateKeyType, RSAPrivateKey)
return fmt.Errorf("parsed bundle has wrong private key type: %v, should be 'rsa' (%v)", pcbut.PrivateKeyType, RSAPrivateKey)
}
case privRSA8KeyPem:
if pcbut.PrivateKeyType != RSAPrivateKey {
return fmt.Errorf("Parsed bundle has wrong pkcs8 private key type: %v, should be 'rsa' (%v)", pcbut.PrivateKeyType, RSAPrivateKey)
return fmt.Errorf("parsed bundle has wrong pkcs8 private key type: %v, should be 'rsa' (%v)", pcbut.PrivateKeyType, RSAPrivateKey)
}
case privECKeyPem:
if pcbut.PrivateKeyType != ECPrivateKey {
return fmt.Errorf("Parsed bundle has wrong private key type: %v, should be 'ec' (%v)", pcbut.PrivateKeyType, ECPrivateKey)
return fmt.Errorf("parsed bundle has wrong private key type: %v, should be 'ec' (%v)", pcbut.PrivateKeyType, ECPrivateKey)
}
case privEC8KeyPem:
if pcbut.PrivateKeyType != ECPrivateKey {
return fmt.Errorf("Parsed bundle has wrong pkcs8 private key type: %v, should be 'ec' (%v)", pcbut.PrivateKeyType, ECPrivateKey)
return fmt.Errorf("parsed bundle has wrong pkcs8 private key type: %v, should be 'ec' (%v)", pcbut.PrivateKeyType, ECPrivateKey)
}
default:
return fmt.Errorf("Parsed bundle has unknown private key type")
return fmt.Errorf("parsed bundle has unknown private key type")
}
subjKeyID, err := GetSubjKeyID(pcbut.PrivateKey)
if err != nil {
return fmt.Errorf("Error when getting subject key id: %s", err)
return fmt.Errorf("error when getting subject key id: %s", err)
}
if bytes.Compare(subjKeyID, pcbut.Certificate.SubjectKeyId) != 0 {
return fmt.Errorf("Parsed bundle private key does not match subject key id\nGot\n%#v\nExpected\n%#v\nCert\n%#v", subjKeyID, pcbut.Certificate.SubjectKeyId, *pcbut.Certificate)
return fmt.Errorf("parsed bundle private key does not match subject key id\nGot\n%#v\nExpected\n%#v\nCert\n%#v", subjKeyID, pcbut.Certificate.SubjectKeyId, *pcbut.Certificate)
}
switch {
case len(pcbut.CAChain) > 0 && len(cbut.CAChain) == 0:
return fmt.Errorf("Parsed bundle ca chain has certs when cert bundle does not")
return fmt.Errorf("parsed bundle ca chain has certs when cert bundle does not")
case len(pcbut.CAChain) == 0 && len(cbut.CAChain) > 0:
return fmt.Errorf("Cert bundle ca chain has certs when parsed cert bundle does not")
return fmt.Errorf("cert bundle ca chain has certs when parsed cert bundle does not")
}
cb, err := pcbut.ToCertBundle()
if err != nil {
return fmt.Errorf("Thrown error during parsed bundle conversion: %s\n\nInput was: %#v", err, *pcbut)
return fmt.Errorf("thrown error during parsed bundle conversion: %s\n\nInput was: %#v", err, *pcbut)
}
switch {
case len(cb.Certificate) == 0:
return fmt.Errorf("Bundle has nil certificate")
return fmt.Errorf("bundle has nil certificate")
case len(cb.PrivateKey) == 0:
return fmt.Errorf("Bundle has nil private key")
return fmt.Errorf("bundle has nil private key")
case len(cb.CAChain[0]) == 0:
return fmt.Errorf("Bundle has nil issuing CA")
return fmt.Errorf("bundle has nil issuing CA")
}
switch pcbut.PrivateKeyType {
case RSAPrivateKey:
if cb.PrivateKey != privRSAKeyPem && cb.PrivateKey != privRSA8KeyPem {
return fmt.Errorf("Bundle private key does not match")
return fmt.Errorf("bundle private key does not match")
}
case ECPrivateKey:
if cb.PrivateKey != privECKeyPem && cb.PrivateKey != privEC8KeyPem {
return fmt.Errorf("Bundle private key does not match")
return fmt.Errorf("bundle private key does not match")
}
default:
return fmt.Errorf("CertBundle has unknown private key type")
return fmt.Errorf("certBundle has unknown private key type")
}
if cb.SerialNumber != GetHexFormatted(pcbut.Certificate.SerialNumber.Bytes(), ":") {
return fmt.Errorf("Bundle serial number does not match")
return fmt.Errorf("bundle serial number does not match")
}
switch {
case len(pcbut.CAChain) > 0 && len(cb.CAChain) == 0:
return fmt.Errorf("Parsed bundle ca chain has certs when cert bundle does not")
return fmt.Errorf("parsed bundle ca chain has certs when cert bundle does not")
case len(pcbut.CAChain) == 0 && len(cb.CAChain) > 0:
return fmt.Errorf("Cert bundle ca chain has certs when parsed cert bundle does not")
return fmt.Errorf("cert bundle ca chain has certs when parsed cert bundle does not")
case !reflect.DeepEqual(cbut.CAChain, cb.CAChain):
return fmt.Errorf("Cert bundle ca chain does not match: %#v\n\n%#v", cbut.CAChain, cb.CAChain)
return fmt.Errorf("cert bundle ca chain does not match: %#v\n\n%#v", cbut.CAChain, cb.CAChain)
}
return nil
@ -275,30 +275,30 @@ func TestCSRBundleConversion(t *testing.T) {
func compareCSRBundleToParsedCSRBundle(csrbut *CSRBundle, pcsrbut *ParsedCSRBundle) error {
if csrbut == nil {
return fmt.Errorf("Got nil bundle")
return fmt.Errorf("got nil bundle")
}
if pcsrbut == nil {
return fmt.Errorf("Got nil parsed bundle")
return fmt.Errorf("got nil parsed bundle")
}
switch {
case pcsrbut.CSR == nil:
return fmt.Errorf("Parsed bundle has nil csr")
return fmt.Errorf("parsed bundle has nil csr")
case pcsrbut.PrivateKey == nil:
return fmt.Errorf("Parsed bundle has nil private key")
return fmt.Errorf("parsed bundle has nil private key")
}
switch csrbut.PrivateKey {
case privRSAKeyPem:
if pcsrbut.PrivateKeyType != RSAPrivateKey {
return fmt.Errorf("Parsed bundle has wrong private key type")
return fmt.Errorf("parsed bundle has wrong private key type")
}
case privECKeyPem:
if pcsrbut.PrivateKeyType != ECPrivateKey {
return fmt.Errorf("Parsed bundle has wrong private key type")
return fmt.Errorf("parsed bundle has wrong private key type")
}
default:
return fmt.Errorf("Parsed bundle has unknown private key type")
return fmt.Errorf("parsed bundle has unknown private key type")
}
csrb, err := pcsrbut.ToCSRBundle()
@ -308,28 +308,28 @@ func compareCSRBundleToParsedCSRBundle(csrbut *CSRBundle, pcsrbut *ParsedCSRBund
switch {
case len(csrb.CSR) == 0:
return fmt.Errorf("Bundle has nil certificate")
return fmt.Errorf("bundle has nil certificate")
case len(csrb.PrivateKey) == 0:
return fmt.Errorf("Bundle has nil private key")
return fmt.Errorf("bundle has nil private key")
}
switch csrb.PrivateKeyType {
case "rsa":
if pcsrbut.PrivateKeyType != RSAPrivateKey {
return fmt.Errorf("Bundle has wrong private key type")
return fmt.Errorf("bundle has wrong private key type")
}
if csrb.PrivateKey != privRSAKeyPem {
return fmt.Errorf("Bundle rsa private key does not match\nGot\n%#v\nExpected\n%#v", csrb.PrivateKey, privRSAKeyPem)
return fmt.Errorf("bundle rsa private key does not match\nGot\n%#v\nExpected\n%#v", csrb.PrivateKey, privRSAKeyPem)
}
case "ec":
if pcsrbut.PrivateKeyType != ECPrivateKey {
return fmt.Errorf("Bundle has wrong private key type")
return fmt.Errorf("bundle has wrong private key type")
}
if csrb.PrivateKey != privECKeyPem {
return fmt.Errorf("Bundle ec private key does not match")
return fmt.Errorf("bundle ec private key does not match")
}
default:
return fmt.Errorf("Bundle has unknown private key type")
return fmt.Errorf("bundle has unknown private key type")
}
return nil

2
helper/keysutil/encrypted_key_storage.go
View File

@ -179,7 +179,7 @@ func (s *encryptedKeyStorage) List(ctx context.Context, prefix string) ([]string
decoded := Base62Decode(k)
if len(decoded) == 0 {
return nil, errors.New("Could not decode key")
return nil, errors.New("could not decode key")
}
// Decrypt the data with the object's key policy.

2
helper/reload/reload.go
View File

@ -49,7 +49,7 @@ func (cg *CertificateGetter) Reload(_ map[string]interface{}) error {
// Check for encrypted pem block
keyBlock, _ := pem.Decode(keyPEMBlock)
if keyBlock == nil {
return errors.New("Decoded PEM is blank")
return errors.New("decoded PEM is blank")
}
if x509.IsEncryptedPEMBlock(keyBlock) {

2
http/handler_test.go
View File

@ -362,7 +362,7 @@ func TestHandler_sealed(t *testing.T) {
func TestHandler_error(t *testing.T) {
w := httptest.NewRecorder()
respondError(w, 500, errors.New("Test Error"))
respondError(w, 500, errors.New("test Error"))
if w.Code != 500 {
t.Fatalf("expected 500, got %d", w.Code)

2
logical/plugin/plugin.go
View File

@ -139,7 +139,7 @@ func newPluginClient(ctx context.Context, sys pluginutil.RunnerUtil, pluginRunne
backend = raw.(*backendGRPCPluginClient)
transport = "gRPC"
default:
return nil, errors.New("Unsupported plugin client type")
return nil, errors.New("unsupported plugin client type")
}
// Wrap the backend in a tracing middleware

4
logical/storage.go
View File

@ -13,11 +13,11 @@ import (
// ErrReadOnly is returned when a backend does not support
// writing. This can be caused by a read-only replica or secondary
// cluster operation.
var ErrReadOnly = errors.New("Cannot write to readonly storage")
var ErrReadOnly = errors.New("cannot write to readonly storage")
// ErrSetupReadOnly is returned when a write operation is attempted on a
// storage while the backend is still being setup.
var ErrSetupReadOnly = errors.New("Cannot write to storage during setup")
var ErrSetupReadOnly = errors.New("cannot write to storage during setup")
// Storage is the way that logical backends are able read/write data.
type Storage interface {

2
physical/cassandra/cassandra.go
View File

@ -115,7 +115,7 @@ func NewCassandraBackend(conf map[string]string, logger log.Logger) (physical.Ba
if username, ok := conf["username"]; ok {
if cluster.ProtoVersion < 2 {
return nil, fmt.Errorf("Authentication is not supported with protocol version < 2")
return nil, fmt.Errorf("authentication is not supported with protocol version < 2")
}
authenticator := gocql.PasswordAuthenticator{Username: username}
if password, ok := conf["password"]; ok {

2
physical/consul/consul.go
View File

@ -175,7 +175,7 @@ func NewConsulBackend(conf map[string]string, logger log.Logger) (physical.Backe
min, _ := lib.DurationMinusBufferDomain(d, checkMinBuffer, checkJitterFactor)
if min < checkMinBuffer {
return nil, fmt.Errorf("Consul check_timeout must be greater than %v", min)
return nil, fmt.Errorf("consul check_timeout must be greater than %v", min)
}
checkTimeout = d

2
physical/couchdb/couchdb_test.go
View File

@ -87,7 +87,7 @@ func prepareCouchdbDBTestContainer(t *testing.T) (cleanup func(), retAddress, us
return err
}
if resp.StatusCode != http.StatusOK {
return fmt.Errorf("Expected couchdb to return status code 200, got (%s) instead.", resp.Status)
return fmt.Errorf("expected couchdb to return status code 200, got (%s) instead.", resp.Status)
}
return nil
}); err != nil {

2
physical/dynamodb/dynamodb_test.go
View File

@ -256,7 +256,7 @@ func prepareDynamoDBTestContainer(t *testing.T) (cleanup func(), retAddress stri
return err
}
if resp.StatusCode != 400 {
return fmt.Errorf("Expected DynamoDB to return status code 400, got (%s) instead.", resp.Status)
return fmt.Errorf("expected DynamoDB to return status code 400, got (%s) instead", resp.Status)
}
return nil
}); err != nil {

4
vault/barrier_aes_gcm.go
View File

@ -107,7 +107,7 @@ func (b *AESGCMBarrier) Initialize(ctx context.Context, key []byte) error {
// Verify the key size
min, max := b.KeyLength()
if len(key) < min || len(key) > max {
return fmt.Errorf("Key size must be %d or %d", min, max)
return fmt.Errorf("key size must be %d or %d", min, max)
}
// Check if already initialized
@ -626,7 +626,7 @@ func (b *AESGCMBarrier) updateMasterKeyCommon(key []byte) (*Keyring, error) {
// Verify the key size
min, max := b.KeyLength()
if len(key) < min || len(key) > max {
return nil, fmt.Errorf("Key size must be %d or %d", min, max)
return nil, fmt.Errorf("key size must be %d or %d", min, max)
}
return b.keyring.SetMasterKey(key), nil

2
vault/cors.go
View File

@ -91,7 +91,7 @@ func (c *Core) loadCORSConfig(ctx context.Context) error {
// cross-origin requests to Vault.
func (c *CORSConfig) Enable(ctx context.Context, urls []string, headers []string) error {
if len(urls) == 0 {
return errors.New("at least one origin or the wildcard must be provided.")
return errors.New("at least one origin or the wildcard must be provided")
}
if strutil.StrListContains(urls, "*") && len(urls) > 1 {

10
vault/testing.go
View File

@ -484,14 +484,14 @@ var testCredentialBackends = map[string]logical.Factory{}
func StartSSHHostTestServer() (string, error) {
pubKey, _, _, _, err := ssh.ParseAuthorizedKey([]byte(testSharedPublicKey))
if err != nil {
return "", fmt.Errorf("Error parsing public key")
return "", fmt.Errorf("error parsing public key")
}
serverConfig := &ssh.ServerConfig{
PublicKeyCallback: func(conn ssh.ConnMetadata, key ssh.PublicKey) (*ssh.Permissions, error) {
if bytes.Compare(pubKey.Marshal(), key.Marshal()) == 0 {
return &ssh.Permissions{}, nil
} else {
return nil, fmt.Errorf("Key does not match")
return nil, fmt.Errorf("key does not match")
}
},
}
@ -503,7 +503,7 @@ func StartSSHHostTestServer() (string, error) {
soc, err := net.Listen("tcp", "127.0.0.1:0")
if err != nil {
return "", fmt.Errorf("Error listening to connection")
return "", fmt.Errorf("error listening to connection")
}
go func() {
@ -587,10 +587,10 @@ func AddTestCredentialBackend(name string, factory logical.Factory) error {
// invoked before the test core is created.
func AddTestLogicalBackend(name string, factory logical.Factory) error {
if name == "" {
return fmt.Errorf("Missing backend name")
return fmt.Errorf("missing backend name")
}
if factory == nil {
return fmt.Errorf("Missing backend factory function")
return fmt.Errorf("missing backend factory function")
}
testLogicalBackends[name] = factory
return nil