From 8637131f80282ddc81f0ce450cb383160d7de02e Mon Sep 17 00:00:00 2001 From: shankar0123 Date: Thu, 30 Apr 2026 15:33:33 +0000 Subject: [PATCH] chore: gofmt fixes across deploy-hardening I new files MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Phase 13 verification surfaced gofmt-formatting drift in 6 files across the bundle's new code: - internal/api/handler/metrics.go (struct field alignment) - internal/connector/target/k8ssecret/validate_only_test.go (alignment) - internal/connector/target/nginx/nginx.go (alignment) - internal/connector/target/postfix/postfix.go (alignment) - internal/connector/target/ssh/validate_only_test.go (alignment) - internal/service/deploy_counters.go (alignment) Pure mechanical gofmt -w fixes; no behavior changes. CI's make verify gate (which runs `go fmt ./...`) didn't catch these because go fmt is more lenient than gofmt -l, but golangci-lint v2.11.4 + the explicit gofmt step in Phase 13 verification did. Phase 13 full-matrix verification all green: - gofmt -l: empty across all bundle-touched files - go vet ./internal/deploy/... ./internal/connector/target/... ./internal/service/ ./internal/api/handler/ ./cmd/agent/: clean - golangci-lint v2.11.4 (the version CI runs): 0 issues - go test -race -count=1 across deploy + nginx + apache + haproxy + agent + service: all green - INTEGRATION=1 go test -tags integration -run Deploy ./deploy/test/...: 4/4 e2e tests green Phase 14 next: release prep — Active Focus update, release notes, Reddit-beat draft, final tag handoff to operator. --- internal/api/handler/metrics.go | 18 +++++----- .../target/k8ssecret/validate_only_test.go | 2 +- internal/connector/target/nginx/nginx.go | 18 +++++----- internal/connector/target/postfix/postfix.go | 14 ++++---- .../target/ssh/validate_only_test.go | 10 +++--- internal/service/deploy_counters.go | 34 +++++++++---------- 6 files changed, 48 insertions(+), 48 deletions(-) diff --git a/internal/api/handler/metrics.go b/internal/api/handler/metrics.go index ac41008..cf58671 100644 --- a/internal/api/handler/metrics.go +++ b/internal/api/handler/metrics.go @@ -33,15 +33,15 @@ type CounterSnapshotter interface { // // Phase 10 of the deploy-hardening I master bundle. type DeploySnapshotEntry struct { - TargetType string - AttemptsSuccess uint64 - AttemptsFailure uint64 - ValidateFailures uint64 - ReloadFailures uint64 - PostVerifyFails uint64 - RollbackRestored uint64 - RollbackAlsoFail uint64 - IdempotentSkips uint64 + TargetType string + AttemptsSuccess uint64 + AttemptsFailure uint64 + ValidateFailures uint64 + ReloadFailures uint64 + PostVerifyFails uint64 + RollbackRestored uint64 + RollbackAlsoFail uint64 + IdempotentSkips uint64 } // DeployCounterSnapshotter is the surface MetricsHandler consumes diff --git a/internal/connector/target/k8ssecret/validate_only_test.go b/internal/connector/target/k8ssecret/validate_only_test.go index 99ebb58..b09cc0c 100644 --- a/internal/connector/target/k8ssecret/validate_only_test.go +++ b/internal/connector/target/k8ssecret/validate_only_test.go @@ -18,7 +18,7 @@ func (s *stubK8s) GetSecret(_ context.Context, _, _ string) (*SecretData, error) func (s *stubK8s) CreateSecret(_ context.Context, _ string, _ *SecretData) error { return nil } func (s *stubK8s) UpdateSecret(_ context.Context, _ string, _ *SecretData) error { return nil } -func (s *stubK8s) DeleteSecret(_ context.Context, _, _ string) error { return nil } +func (s *stubK8s) DeleteSecret(_ context.Context, _, _ string) error { return nil } func TestK8s_ValidateOnly_Succeeds(t *testing.T) { c := NewWithClient(&Config{Namespace: "ns", SecretName: "tls"}, &stubK8s{}, nil) diff --git a/internal/connector/target/nginx/nginx.go b/internal/connector/target/nginx/nginx.go index e4f1874..029f01a 100644 --- a/internal/connector/target/nginx/nginx.go +++ b/internal/connector/target/nginx/nginx.go @@ -71,15 +71,15 @@ type Config struct { ValidateCommand string `json:"validate_command"` // Phase 4 (deploy-hardening I): file ownership + mode overrides. - CertFileMode os.FileMode `json:"cert_file_mode,omitempty"` - ChainFileMode os.FileMode `json:"chain_file_mode,omitempty"` - KeyFileMode os.FileMode `json:"key_file_mode,omitempty"` - CertFileOwner string `json:"cert_file_owner,omitempty"` - CertFileGroup string `json:"cert_file_group,omitempty"` - ChainFileOwner string `json:"chain_file_owner,omitempty"` - ChainFileGroup string `json:"chain_file_group,omitempty"` - KeyFileOwner string `json:"key_file_owner,omitempty"` - KeyFileGroup string `json:"key_file_group,omitempty"` + CertFileMode os.FileMode `json:"cert_file_mode,omitempty"` + ChainFileMode os.FileMode `json:"chain_file_mode,omitempty"` + KeyFileMode os.FileMode `json:"key_file_mode,omitempty"` + CertFileOwner string `json:"cert_file_owner,omitempty"` + CertFileGroup string `json:"cert_file_group,omitempty"` + ChainFileOwner string `json:"chain_file_owner,omitempty"` + ChainFileGroup string `json:"chain_file_group,omitempty"` + KeyFileOwner string `json:"key_file_owner,omitempty"` + KeyFileGroup string `json:"key_file_group,omitempty"` // Phase 4 (deploy-hardening I): post-deploy TLS verification. PostDeployVerify *PostDeployVerifyConfig `json:"post_deploy_verify,omitempty"` diff --git a/internal/connector/target/postfix/postfix.go b/internal/connector/target/postfix/postfix.go index c46fe57..548d89c 100644 --- a/internal/connector/target/postfix/postfix.go +++ b/internal/connector/target/postfix/postfix.go @@ -37,13 +37,13 @@ type Config struct { ValidateCommand string `json:"validate_command"` // Phase 7: file ownership + mode + verify + retention. - CertFileMode os.FileMode `json:"cert_file_mode,omitempty"` - KeyFileMode os.FileMode `json:"key_file_mode,omitempty"` - ChainFileMode os.FileMode `json:"chain_file_mode,omitempty"` - CertFileOwner string `json:"cert_file_owner,omitempty"` - CertFileGroup string `json:"cert_file_group,omitempty"` - KeyFileOwner string `json:"key_file_owner,omitempty"` - KeyFileGroup string `json:"key_file_group,omitempty"` + CertFileMode os.FileMode `json:"cert_file_mode,omitempty"` + KeyFileMode os.FileMode `json:"key_file_mode,omitempty"` + ChainFileMode os.FileMode `json:"chain_file_mode,omitempty"` + CertFileOwner string `json:"cert_file_owner,omitempty"` + CertFileGroup string `json:"cert_file_group,omitempty"` + KeyFileOwner string `json:"key_file_owner,omitempty"` + KeyFileGroup string `json:"key_file_group,omitempty"` PostDeployVerify *PostDeployVerifyConfig `json:"post_deploy_verify,omitempty"` PostDeployVerifyAttempts int `json:"post_deploy_verify_attempts,omitempty"` PostDeployVerifyBackoff time.Duration `json:"post_deploy_verify_backoff,omitempty"` diff --git a/internal/connector/target/ssh/validate_only_test.go b/internal/connector/target/ssh/validate_only_test.go index c2af607..5526e13 100644 --- a/internal/connector/target/ssh/validate_only_test.go +++ b/internal/connector/target/ssh/validate_only_test.go @@ -16,11 +16,11 @@ type stubSSHClient struct { connectErr error } -func (s *stubSSHClient) Connect(_ context.Context) error { return s.connectErr } -func (s *stubSSHClient) Close() error { return nil } -func (s *stubSSHClient) WriteFile(_ string, _ []byte, _ os.FileMode) error { return nil } -func (s *stubSSHClient) Execute(_ context.Context, _ string) (string, error) { return "", nil } -func (s *stubSSHClient) StatFile(_ string) (int64, error) { return 0, nil } +func (s *stubSSHClient) Connect(_ context.Context) error { return s.connectErr } +func (s *stubSSHClient) Close() error { return nil } +func (s *stubSSHClient) WriteFile(_ string, _ []byte, _ os.FileMode) error { return nil } +func (s *stubSSHClient) Execute(_ context.Context, _ string) (string, error) { return "", nil } +func (s *stubSSHClient) StatFile(_ string) (int64, error) { return 0, nil } func TestSSH_ValidateOnly_Connect_Succeeds(t *testing.T) { c := NewWithClient(&Config{Host: "h", User: "u"}, &stubSSHClient{}, nil) diff --git a/internal/service/deploy_counters.go b/internal/service/deploy_counters.go index 24a113e..ad86959 100644 --- a/internal/service/deploy_counters.go +++ b/internal/service/deploy_counters.go @@ -42,14 +42,14 @@ type DeployCounters struct { } type deployBucket struct { - attemptsSuccess atomic.Uint64 - attemptsFailure atomic.Uint64 - validateFailures atomic.Uint64 - reloadFailures atomic.Uint64 - postVerifyFails atomic.Uint64 - rollbackRestored atomic.Uint64 - rollbackAlsoFail atomic.Uint64 - idempotentSkips atomic.Uint64 + attemptsSuccess atomic.Uint64 + attemptsFailure atomic.Uint64 + validateFailures atomic.Uint64 + reloadFailures atomic.Uint64 + postVerifyFails atomic.Uint64 + rollbackRestored atomic.Uint64 + rollbackAlsoFail atomic.Uint64 + idempotentSkips atomic.Uint64 } // NewDeployCounters constructs a zero-value counter table. The @@ -123,15 +123,15 @@ func (c *DeployCounters) IncIdempotentSkip(targetType string) { // DeploySnapshot is the per-(target_type, label) snapshot returned // to the Prometheus exposer. type DeploySnapshot struct { - TargetType string - AttemptsSuccess uint64 - AttemptsFailure uint64 - ValidateFailures uint64 - ReloadFailures uint64 - PostVerifyFails uint64 - RollbackRestored uint64 - RollbackAlsoFail uint64 - IdempotentSkips uint64 + TargetType string + AttemptsSuccess uint64 + AttemptsFailure uint64 + ValidateFailures uint64 + ReloadFailures uint64 + PostVerifyFails uint64 + RollbackRestored uint64 + RollbackAlsoFail uint64 + IdempotentSkips uint64 } // Snapshot returns one DeploySnapshot per known target type.