Merge pull request #145 from iits-consulting/Ninja243/neatening

Cleanup

cmd/root.go

@@ -425,8 +425,7 @@ func setupRootCmd() {
 		&temporaryAccessTokenDurationSeconds,
 		temporaryAccessTokenDurationSecondsFlag,
 		temporaryAccessTokenDurationSecondsShortFlag,
-		//nolint:mnd // default key pair lifetime is 15 minutes
-		15*60,
+		tempAccessTokenLifetime,
 		temporaryAccessTokenDurationSecondsUsage,
 	)
 	tempAccessTokenCreateCmd.Flags().BoolVarP(&printAkSk, printAkSkFlag, printAkSkShortFlag,
@@ -578,7 +577,7 @@ var (
 	}
 )
 
-//nolint:lll // The long lines represent
+//nolint:lll // Long lines required for formatting reasons
 const (
 	loginCmdHelp       = "Login to the Open Telekom Cloud and receive an unscoped token"
 	loginIamCmdHelp    = "Login to the Open Telekom Cloud through its Identity and Access Management system and receive an unscoped token"
@@ -649,12 +648,12 @@ $ export OS_DOMAIN_NAME=MyDomain
 $ export OS_PROJECT_NAME=MyProject
 $ otc-auth cce get-kube-config`
 
-	//nolint:gosec // This is not a hardcoded credential but a help message containing ak/sk
+	//nolint:gosec // This is not a hardcoded credential but a help message containing "ak/sk"
 	accessTokenCmdHelp = "Manage AK/SK"
-	//nolint:gosec // This is not a hardcoded credential but a help message containing ak/sk
+	//nolint:gosec // This is not a hardcoded credential but a help message containing "ak/sk"
 	accessTokenCreateCmdHelp = "Create new AK/SK"
 
-	//nolint:gosec // This is not a hardcoded credential but a help message containing ak/sk
+	//nolint:gosec // This is not a hardcoded credential but a help message containing "ak/sk"
 	accessTokenCreateCmdExample = `$ otc-auth access-token create --description "Custom token description"
 
 $ otc-auth access-token create
@@ -663,7 +662,7 @@ $ export OS_DOMAIN_NAME=MyDomain
 $ otc-auth access-token create`
 	accessTokenListCmdHelp   = "List existing AK/SKs"
 	accessTokenDeleteCmdHelp = "Delete existing AK/SKs"
-	//nolint:gosec // This is not a hardcoded credential but a help message containing ak/sk
+	//nolint:gosec // This is not a hardcoded credential but a help message containing "ak/sk"
 	accessTokenDeleteCmdExample = `$ otc-auth access-token delete --token YourToken
 
 $ export OS_DOMAIN_NAME=YourDomain
@@ -773,4 +772,6 @@ $ otc-auth access-token delete --token YourToken --os-domain-name YourDomain`
 	openstackConfigCreateConfigLocationFlag      = "config-location"
 	openstackConfigCreateConfigLocationShortFlag = "l"
 	openstackConfigCreateConfigLocationUsage     = "Where the config should be saved"
+
+	tempAccessTokenLifetime = 15 * 60 // 15 minutes
 )

common/http_client.go

@@ -1,6 +1,7 @@
 package common
 
 import (
+	"context"
 	"crypto/tls"
 	"fmt"
 	"io"
@@ -25,7 +26,7 @@ func HTTPClientMakeRequest(request *http.Request, skipTLS bool) *http.Response {
 }
 
 func GetRequest(method string, url string, body io.Reader) *http.Request {
-	request, err := http.NewRequest(method, url, body) //nolint:noctx // This method will be removed soon anyway
+	request, err := http.NewRequestWithContext(context.Background(), method, url, body)
 	if err != nil {
 		ThrowError(fmt.Errorf(
 			"fatal: error building %s request for url %s\ntrace: %w",

go.sum

@@ -215,14 +215,10 @@ gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-k8s.io/api v0.31.0 h1:b9LiSjR2ym/SzTOlfMHm1tr7/21aD7fSkqgD/CVJBCo=
-k8s.io/api v0.31.0/go.mod h1:0YiFF+JfFxMM6+1hQei8FY8M7s1Mth+z/q7eF1aJkTE=
-k8s.io/apimachinery v0.31.0 h1:m9jOiSr3FoSSL5WO9bjm1n6B9KROYYgNZOb4tyZ1lBc=
-k8s.io/apimachinery v0.31.0/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo=
+k8s.io/api v0.31.3 h1:umzm5o8lFbdN/hIXbrK9oRpOproJO62CV1zqxXrLgk8=
+k8s.io/api v0.31.3/go.mod h1:UJrkIp9pnMOI9K2nlL6vwpxRzzEX5sWgn8kGQe92kCE=
 k8s.io/apimachinery v0.31.3 h1:6l0WhcYgasZ/wk9ktLq5vLaoXJJr5ts6lkaQzgeYPq4=
 k8s.io/apimachinery v0.31.3/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo=
-k8s.io/client-go v0.31.0 h1:QqEJzNjbN2Yv1H79SsS+SWnXkBgVu4Pj3CJQgbx0gI8=
-k8s.io/client-go v0.31.0/go.mod h1:Y9wvC76g4fLjmU0BA+rV+h2cncoadjvjjkkIGoTLcGU=
 k8s.io/client-go v0.31.3 h1:CAlZuM+PH2cm+86LOBemaJI/lQ5linJ6UFxKX/SoG+4=
 k8s.io/client-go v0.31.3/go.mod h1:2CgjPUTpv3fE5dNygAr2NcM8nhHzXvxB8KL5gYc3kJs=
 k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=

oidc/oidc.go

@@ -2,7 +2,6 @@ package oidc
 
 import (
 	"fmt"
-	"io"
 	"net/http"
 	"strings"
 
@@ -37,15 +36,10 @@ func authenticateWithServiceProvider(oidcCredentials common.OidcCredentialsRespo
 		headers.Authorization, oidcCredentials.BearerToken,
 	)
 
-	response := common.HTTPClientMakeRequest(request, skipTLS) //nolint:bodyclose,lll // Works fine for now, this method will be replaced soon
+	response := common.HTTPClientMakeRequest(request, skipTLS) //nolint:bodyclose,lll // The body IS being closed in GetCloudCredentialsFromResponseOrThrow after being read, which might be worth refactoring later
 
 	tokenResponse = common.GetCloudCredentialsFromResponseOrThrow(response)
 	tokenResponse.Token.User.Name = oidcCredentials.Claims.PreferredUsername
-	defer func(Body io.ReadCloser) {
-		err := Body.Close()
-		if err != nil {
-			common.ThrowError(err)
-		}
-	}(response.Body)
+
 	return tokenResponse
 }

oidc/server.go

@@ -19,7 +19,7 @@ import (
 	"golang.org/x/oauth2"
 )
 
-//nolint:gochecknoglobals // This file will be removed soon
+//nolint:gochecknoglobals // Works for now but needs a rewrite
 var (
 	backgroundCtx = context.Background()
 

oidc/service_account.go

@@ -39,7 +39,7 @@ func authenticateServiceAccountWithIdp(params common.AuthInfo, skipTLS bool) com
 		common.ThrowError(err)
 	}
 	request := createServiceAccountAuthenticateRequest(idpTokenURL, params.ClientID, params.ClientSecret)
-	response := common.HTTPClientMakeRequest(request, skipTLS) //nolint:bodyclose,lll // Works fine for now, this method will be replaced soon
+	response := common.HTTPClientMakeRequest(request, skipTLS)
 	bodyBytes := common.GetBodyBytesFromResponse(response)
 
 	var result ServiceAccountResponse
@@ -52,5 +52,9 @@ func authenticateServiceAccountWithIdp(params common.AuthInfo, skipTLS bool) com
 	serviceAccountCreds.BearerToken = result.IDToken
 	serviceAccountCreds.Claims.PreferredUsername = "ServiceAccount"
 
+	err = response.Body.Close()
+	if err != nil {
+		common.ThrowError(err)
+	}
 	return serviceAccountCreds
 }

saml/saml.go

@@ -4,7 +4,6 @@ import (
 	"bytes"
 	"encoding/xml"
 	"fmt"
-	"io"
 	"net/http"
 
 	"otc-auth/common"
@@ -27,16 +26,9 @@ func AuthenticateAndGetUnscopedToken(authInfo common.AuthInfo, skipTLS bool) (to
 		common.ThrowError(fmt.Errorf("fatal: error deserializing xml.\ntrace: %w", err))
 	}
 
-	response := validateAuthenticationWithServiceProvider(assertionResult, bodyBytes, skipTLS) //nolint:bodyclose,lll // Works fine for now, this method will be replaced soon
+	response := validateAuthenticationWithServiceProvider(assertionResult, bodyBytes, skipTLS) //nolint:bodyclose,lll // The body IS closed later on after being read in GetCloudCredentialsFromResponseOrThrow. This isn't super neat and might be worth refactoring
 	tokenResponse = common.GetCloudCredentialsFromResponseOrThrow(response)
 
-	defer func(Body io.ReadCloser) {
-		errClose := Body.Close()
-		if errClose != nil {
-			common.ThrowError(errClose)
-		}
-	}(response.Body)
-
 	return tokenResponse
 }