From 4c4bf93a1975c32e8481cce8b49095fc3ece48ee Mon Sep 17 00:00:00 2001 From: Angie Pinilla Date: Mon, 4 May 2020 01:07:30 -0400 Subject: [PATCH] enabled R009 linting rule and fixed affected resources --- GNUmakefile | 1 + aws/data_source_aws_iam_policy_document.go | 3 +- aws/iam_policy_model.go | 2 +- aws/opsworks_layers.go | 33 ++++++++++++------- aws/resource_aws_iam_user_login_profile.go | 16 +++++---- ...esource_aws_iam_user_login_profile_test.go | 16 +++++++-- aws/resource_aws_iam_user_test.go | 7 ++-- aws/resource_aws_opsworks_application.go | 20 +++++++---- aws/resource_aws_opsworks_stack.go | 10 ++++-- aws/resource_aws_security_group_rule.go | 1 + aws/tls.go | 15 +++++++++ 11 files changed, 91 insertions(+), 33 deletions(-) diff --git a/GNUmakefile b/GNUmakefile index 7aa4b3ad62be..d36e3f1c54ae 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -75,6 +75,7 @@ lint: -R006 \ -R007 \ -R008 \ + -R009 \ -R012 \ -R013 \ -R014 \ diff --git a/aws/data_source_aws_iam_policy_document.go b/aws/data_source_aws_iam_policy_document.go index 7bdc56302baf..49f267393b93 100644 --- a/aws/data_source_aws_iam_policy_document.go +++ b/aws/data_source_aws_iam_policy_document.go @@ -2,6 +2,7 @@ package aws import ( "encoding/json" + "errors" "fmt" "strconv" "strings" @@ -242,7 +243,7 @@ func dataSourceAwsIamPolicyDocumentReplaceVarsInList(in interface{}, version str } return out, nil default: - panic("dataSourceAwsIamPolicyDocumentReplaceVarsInList: input not string nor []string") + return nil, errors.New("dataSourceAwsIamPolicyDocumentReplaceVarsInList: input not string nor []string") } } diff --git a/aws/iam_policy_model.go b/aws/iam_policy_model.go index 79e38e21f75f..f2240079e95a 100644 --- a/aws/iam_policy_model.go +++ b/aws/iam_policy_model.go @@ -175,7 +175,7 @@ func (cs IAMPolicyStatementConditionSet) MarshalJSON() ([]byte, error) { case string: raw[c.Test][c.Variable] = i default: - panic("Unsupported data type for IAMPolicyStatementConditionSet") + return nil, fmt.Errorf("Unsupported data type for IAMPolicyStatementConditionSet: %s", i) } } diff --git a/aws/opsworks_layers.go b/aws/opsworks_layers.go index f4031dc3c66e..53df0fb35596 100644 --- a/aws/opsworks_layers.go +++ b/aws/opsworks_layers.go @@ -320,7 +320,10 @@ func (lt *opsworksLayerType) Read(d *schema.ResourceData, client *opsworks.OpsWo d.Set("custom_json", policy) } - lt.SetAttributeMap(d, layer.Attributes) + err = lt.SetAttributeMap(d, layer.Attributes) + if err != nil { + return err + } lt.SetLifecycleEventConfiguration(d, layer.LifecycleEventConfiguration) lt.SetCustomRecipes(d, layer.CustomRecipes) lt.SetVolumeConfigurations(d, layer.VolumeConfigurations) @@ -363,6 +366,10 @@ func (lt *opsworksLayerType) Read(d *schema.ResourceData, client *opsworks.OpsWo func (lt *opsworksLayerType) Create(d *schema.ResourceData, client *opsworks.OpsWorks, meta interface{}) error { ignoreTagsConfig := meta.(*AWSClient).IgnoreTagsConfig + attributes, err := lt.AttributeMap(d) + if err != nil { + return err + } req := &opsworks.CreateLayerInput{ AutoAssignElasticIps: aws.Bool(d.Get("auto_assign_elastic_ips").(bool)), AutoAssignPublicIps: aws.Bool(d.Get("auto_assign_public_ips").(bool)), @@ -377,7 +384,7 @@ func (lt *opsworksLayerType) Create(d *schema.ResourceData, client *opsworks.Ops Type: aws.String(lt.TypeName), StackId: aws.String(d.Get("stack_id").(string)), UseEbsOptimizedInstances: aws.Bool(d.Get("use_ebs_optimized_instances").(bool)), - Attributes: lt.AttributeMap(d), + Attributes: attributes, VolumeConfigurations: lt.VolumeConfigurations(d), } @@ -429,7 +436,10 @@ func (lt *opsworksLayerType) Create(d *schema.ResourceData, client *opsworks.Ops } func (lt *opsworksLayerType) Update(d *schema.ResourceData, client *opsworks.OpsWorks, ignoreTagsConfig *keyvaluetags.IgnoreConfig) error { - + attributes, err := lt.AttributeMap(d) + if err != nil { + return err + } req := &opsworks.UpdateLayerInput{ LayerId: aws.String(d.Id()), AutoAssignElasticIps: aws.Bool(d.Get("auto_assign_elastic_ips").(bool)), @@ -443,7 +453,7 @@ func (lt *opsworksLayerType) Update(d *schema.ResourceData, client *opsworks.Ops Name: aws.String(d.Get("name").(string)), Packages: expandStringSet(d.Get("system_packages").(*schema.Set)), UseEbsOptimizedInstances: aws.Bool(d.Get("use_ebs_optimized_instances").(bool)), - Attributes: lt.AttributeMap(d), + Attributes: attributes, VolumeConfigurations: lt.VolumeConfigurations(d), } @@ -486,7 +496,7 @@ func (lt *opsworksLayerType) Update(d *schema.ResourceData, client *opsworks.Ops } } - _, err := client.UpdateLayer(req) + _, err = client.UpdateLayer(req) if err != nil { return err } @@ -514,7 +524,7 @@ func (lt *opsworksLayerType) Delete(d *schema.ResourceData, client *opsworks.Ops return err } -func (lt *opsworksLayerType) AttributeMap(d *schema.ResourceData) map[string]*string { +func (lt *opsworksLayerType) AttributeMap(d *schema.ResourceData) (map[string]*string, error) { attrs := map[string]*string{} for key, def := range lt.Attributes { @@ -536,14 +546,14 @@ func (lt *opsworksLayerType) AttributeMap(d *schema.ResourceData) map[string]*st } default: // should never happen - panic(fmt.Errorf("Unsupported OpsWorks layer attribute type")) + return nil, fmt.Errorf("Unsupported OpsWorks layer attribute type: %s", def.Type) } } - return attrs + return attrs, nil } -func (lt *opsworksLayerType) SetAttributeMap(d *schema.ResourceData, attrs map[string]*string) { +func (lt *opsworksLayerType) SetAttributeMap(d *schema.ResourceData, attrs map[string]*string) error { for key, def := range lt.Attributes { // Ignore write-only attributes; we'll just keep what we already have stored. // (The AWS API returns garbage placeholder values for these.) @@ -573,14 +583,15 @@ func (lt *opsworksLayerType) SetAttributeMap(d *schema.ResourceData, attrs map[s d.Set(key, boolValue) default: // should never happen - panic(fmt.Errorf("Unsupported OpsWorks layer attribute type")) + return fmt.Errorf("Unsupported OpsWorks layer attribute type: %s", def.Type) } - return + return nil } else { d.Set(key, nil) } } + return nil } func (lt *opsworksLayerType) LifecycleEventConfiguration(d *schema.ResourceData) *opsworks.LifecycleEventConfiguration { diff --git a/aws/resource_aws_iam_user_login_profile.go b/aws/resource_aws_iam_user_login_profile.go index b56e4ee9d20c..38ff10a32773 100644 --- a/aws/resource_aws_iam_user_login_profile.go +++ b/aws/resource_aws_iam_user_login_profile.go @@ -3,6 +3,7 @@ package aws import ( "bytes" "crypto/rand" + "errors" "fmt" "log" "math/big" @@ -76,7 +77,7 @@ const ( // generateIAMPassword generates a random password of a given length, matching the // most restrictive iam password policy. -func generateIAMPassword(length int) string { +func generateIAMPassword(length int) (string, error) { const charset = charLower + charUpper + charNumbers + charSymbols result := make([]byte, length) @@ -93,10 +94,10 @@ func generateIAMPassword(length int) string { for i := range result { r, err := rand.Int(rand.Reader, charsetSize) if err != nil { - panic(err) + return "", err } if !r.IsInt64() { - panic("rand.Int() not representable as an Int64") + return "", errors.New("rand.Int() not representable as an Int64") } result[i] = charset[r.Int64()] @@ -106,10 +107,10 @@ func generateIAMPassword(length int) string { continue } - return string(result) + return string(result), nil } - panic("failed to generate acceptable password") + return "", errors.New("failed to generate acceptable password") } // Check the generated password contains all character classes listed in the @@ -132,7 +133,10 @@ func resourceAwsIamUserLoginProfileCreate(d *schema.ResourceData, meta interface passwordResetRequired := d.Get("password_reset_required").(bool) passwordLength := d.Get("password_length").(int) - initialPassword := generateIAMPassword(passwordLength) + initialPassword, err := generateIAMPassword(passwordLength) + if err != nil { + return err + } fingerprint, encrypted, err := encryption.EncryptValue(encryptionKey, initialPassword, "Password") if err != nil { diff --git a/aws/resource_aws_iam_user_login_profile_test.go b/aws/resource_aws_iam_user_login_profile_test.go index e7b42be88a94..9dbef6998a96 100644 --- a/aws/resource_aws_iam_user_login_profile_test.go +++ b/aws/resource_aws_iam_user_login_profile_test.go @@ -19,12 +19,18 @@ import ( ) func TestGenerateIAMPassword(t *testing.T) { - p := generateIAMPassword(6) + p, err := generateIAMPassword(6) + if err != nil { + t.Fatalf(err.Error()) + } if len(p) != 6 { t.Fatalf("expected a 6 character password, got: %q", p) } - p = generateIAMPassword(128) + p, err = generateIAMPassword(128) + if err != nil { + t.Fatalf(err.Error()) + } if len(p) != 128 { t.Fatalf("expected a 128 character password, got: %q", p) } @@ -257,9 +263,13 @@ func testDecryptPasswordAndTest(nProfile, nAccessKey, key string) resource.TestC return resource.Retry(2*time.Minute, func() *resource.RetryError { iamAsCreatedUser := iam.New(iamAsCreatedUserSession) + newPassword, err := generateIAMPassword(20) + if err != nil { + return resource.NonRetryableError(err) + } _, err = iamAsCreatedUser.ChangePassword(&iam.ChangePasswordInput{ OldPassword: aws.String(decryptedPassword.String()), - NewPassword: aws.String(generateIAMPassword(20)), + NewPassword: aws.String(newPassword), }) if err != nil { // EntityTemporarilyUnmodifiable: Login Profile for User XXX cannot be modified while login profile is being created. diff --git a/aws/resource_aws_iam_user_test.go b/aws/resource_aws_iam_user_test.go index fd8f467a5c63..2293ae9619fd 100644 --- a/aws/resource_aws_iam_user_test.go +++ b/aws/resource_aws_iam_user_test.go @@ -742,9 +742,12 @@ func testAccCheckAWSUserCreatesAccessKey(getUserOutput *iam.GetUserOutput) resou func testAccCheckAWSUserCreatesLoginProfile(getUserOutput *iam.GetUserOutput) resource.TestCheckFunc { return func(s *terraform.State) error { iamconn := testAccProvider.Meta().(*AWSClient).iamconn - + password, err := generateIAMPassword(32) + if err != nil { + return err + } input := &iam.CreateLoginProfileInput{ - Password: aws.String(generateIAMPassword(32)), + Password: aws.String(password), UserName: getUserOutput.User.UserName, } diff --git a/aws/resource_aws_opsworks_application.go b/aws/resource_aws_opsworks_application.go index 285f48a19d57..759ec59d18b7 100644 --- a/aws/resource_aws_opsworks_application.go +++ b/aws/resource_aws_opsworks_application.go @@ -293,8 +293,14 @@ func resourceAwsOpsworksApplicationRead(d *schema.ResourceData, meta interface{} d.Set("description", app.Description) d.Set("domains", flattenStringList(app.Domains)) d.Set("enable_ssl", app.EnableSsl) - resourceAwsOpsworksSetApplicationSsl(d, app.SslConfiguration) - resourceAwsOpsworksSetApplicationSource(d, app.AppSource) + err = resourceAwsOpsworksSetApplicationSsl(d, app.SslConfiguration) + if err != nil { + return err + } + err = resourceAwsOpsworksSetApplicationSource(d, app.AppSource) + if err != nil { + return err + } resourceAwsOpsworksSetApplicationDataSources(d, app.DataSources) resourceAwsOpsworksSetApplicationEnvironmentVariable(d, app.Environment) resourceAwsOpsworksSetApplicationAttributes(d, app.Attributes) @@ -446,7 +452,7 @@ func resourceAwsOpsworksApplicationSource(d *schema.ResourceData) *opsworks.Sour } } -func resourceAwsOpsworksSetApplicationSource(d *schema.ResourceData, v *opsworks.Source) { +func resourceAwsOpsworksSetApplicationSource(d *schema.ResourceData, v *opsworks.Source) error { nv := make([]interface{}, 0, 1) if v != nil { m := make(map[string]interface{}) @@ -475,8 +481,9 @@ func resourceAwsOpsworksSetApplicationSource(d *schema.ResourceData, v *opsworks err := d.Set("app_source", nv) if err != nil { // should never happen - panic(err) + return err } + return nil } func resourceAwsOpsworksApplicationDataSources(d *schema.ResourceData) []*opsworks.DataSource { @@ -523,7 +530,7 @@ func resourceAwsOpsworksApplicationSsl(d *schema.ResourceData) *opsworks.SslConf } } -func resourceAwsOpsworksSetApplicationSsl(d *schema.ResourceData, v *opsworks.SslConfiguration) { +func resourceAwsOpsworksSetApplicationSsl(d *schema.ResourceData, v *opsworks.SslConfiguration) error { nv := make([]interface{}, 0, 1) set := false if v != nil { @@ -548,8 +555,9 @@ func resourceAwsOpsworksSetApplicationSsl(d *schema.ResourceData, v *opsworks.Ss err := d.Set("ssl_configuration", nv) if err != nil { // should never happen - panic(err) + return err } + return nil } func resourceAwsOpsworksApplicationAttributes(d *schema.ResourceData) map[string]*string { diff --git a/aws/resource_aws_opsworks_stack.go b/aws/resource_aws_opsworks_stack.go index 6b1a1b307962..12ada7a149d6 100644 --- a/aws/resource_aws_opsworks_stack.go +++ b/aws/resource_aws_opsworks_stack.go @@ -235,7 +235,7 @@ func resourceAwsOpsworksStackCustomCookbooksSource(d *schema.ResourceData) *opsw } } -func resourceAwsOpsworksSetStackCustomCookbooksSource(d *schema.ResourceData, v *opsworks.Source) { +func resourceAwsOpsworksSetStackCustomCookbooksSource(d *schema.ResourceData, v *opsworks.Source) error { nv := make([]interface{}, 0, 1) if v != nil && v.Type != nil && *v.Type != "" { m := make(map[string]interface{}) @@ -264,8 +264,9 @@ func resourceAwsOpsworksSetStackCustomCookbooksSource(d *schema.ResourceData, v err := d.Set("custom_cookbooks_source", nv) if err != nil { // should never happen - panic(err) + return err } + return nil } func resourceAwsOpsworksStackRead(d *schema.ResourceData, meta interface{}) error { @@ -368,7 +369,10 @@ func resourceAwsOpsworksStackRead(d *schema.ResourceData, meta interface{}) erro d.Set("berkshelf_version", stack.ChefConfiguration.BerkshelfVersion) d.Set("manage_berkshelf", stack.ChefConfiguration.ManageBerkshelf) } - resourceAwsOpsworksSetStackCustomCookbooksSource(d, stack.CustomCookbooksSource) + err := resourceAwsOpsworksSetStackCustomCookbooksSource(d, stack.CustomCookbooksSource) + if err != nil { + return err + } tags, err := keyvaluetags.OpsworksListTags(client, arn) diff --git a/aws/resource_aws_security_group_rule.go b/aws/resource_aws_security_group_rule.go index fc3cb06c5c92..2f49a6d4b4c3 100644 --- a/aws/resource_aws_security_group_rule.go +++ b/aws/resource_aws_security_group_rule.go @@ -455,6 +455,7 @@ func (b ByGroupPair) Less(i, j int) bool { return *b[i].GroupName < *b[j].GroupName } + //lintignore:R009 panic("mismatched security group rules, may be a terraform bug") } diff --git a/aws/tls.go b/aws/tls.go index e91f9ecba779..8dc0eae06f88 100644 --- a/aws/tls.go +++ b/aws/tls.go @@ -27,6 +27,7 @@ func tlsRsaPrivateKeyPem(bits int) string { key, err := rsa.GenerateKey(rand.Reader, bits) if err != nil { + //lintignore:R009 panic(err) } @@ -47,12 +48,14 @@ func tlsRsaPublicKeyPem(keyPem string) string { key, err := x509.ParsePKCS1PrivateKey(keyBlock.Bytes) if err != nil { + //lintignore:R009 panic(err) } publicKeyBytes, err := x509.MarshalPKIXPublicKey(&key.PublicKey) if err != nil { + //lintignore:R009 panic(err) } @@ -73,6 +76,7 @@ func tlsRsaX509LocallySignedCertificatePem(caKeyPem, caCertificatePem, keyPem, c caCertificate, err := x509.ParseCertificate(caCertificateBlock.Bytes) if err != nil { + //lintignore:R009 panic(err) } @@ -81,6 +85,7 @@ func tlsRsaX509LocallySignedCertificatePem(caKeyPem, caCertificatePem, keyPem, c caKey, err := x509.ParsePKCS1PrivateKey(caKeyBlock.Bytes) if err != nil { + //lintignore:R009 panic(err) } @@ -89,12 +94,14 @@ func tlsRsaX509LocallySignedCertificatePem(caKeyPem, caCertificatePem, keyPem, c key, err := x509.ParsePKCS1PrivateKey(keyBlock.Bytes) if err != nil { + //lintignore:R009 panic(err) } serialNumber, err := rand.Int(rand.Reader, tlsX509CertificateSerialNumberLimit) if err != nil { + //lintignore:R009 panic(err) } @@ -114,6 +121,7 @@ func tlsRsaX509LocallySignedCertificatePem(caKeyPem, caCertificatePem, keyPem, c certificateBytes, err := x509.CreateCertificate(rand.Reader, certificate, caCertificate, &key.PublicKey, caKey) if err != nil { + //lintignore:R009 panic(err) } @@ -134,12 +142,14 @@ func tlsRsaX509SelfSignedCaCertificatePem(keyPem string) string { key, err := x509.ParsePKCS1PrivateKey(keyBlock.Bytes) if err != nil { + //lintignore:R009 panic(err) } publicKeyBytes, err := x509.MarshalPKIXPublicKey(&key.PublicKey) if err != nil { + //lintignore:R009 panic(err) } @@ -148,6 +158,7 @@ func tlsRsaX509SelfSignedCaCertificatePem(keyPem string) string { serialNumber, err := rand.Int(rand.Reader, tlsX509CertificateSerialNumberLimit) if err != nil { + //lintignore:R009 panic(err) } @@ -169,6 +180,7 @@ func tlsRsaX509SelfSignedCaCertificatePem(keyPem string) string { certificateBytes, err := x509.CreateCertificate(rand.Reader, certificate, certificate, &key.PublicKey, key) if err != nil { + //lintignore:R009 panic(err) } @@ -189,12 +201,14 @@ func tlsRsaX509SelfSignedCertificatePem(keyPem, commonName string) string { key, err := x509.ParsePKCS1PrivateKey(keyBlock.Bytes) if err != nil { + //lintignore:R009 panic(err) } serialNumber, err := rand.Int(rand.Reader, tlsX509CertificateSerialNumberLimit) if err != nil { + //lintignore:R009 panic(err) } @@ -214,6 +228,7 @@ func tlsRsaX509SelfSignedCertificatePem(keyPem, commonName string) string { certificateBytes, err := x509.CreateCertificate(rand.Reader, certificate, certificate, &key.PublicKey, key) if err != nil { + //lintignore:R009 panic(err) }