gsadmin/certctl
1
0
Fork 0
mirror of https://github.com/shankar0123/certctl.git synced 2026-06-07 14:51:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore(lint): close 5 golangci-lint v2 findings surfaced by v2.1.0 release-gate Phase 1.3

Browse Source 
Five golangci-lint v2 findings surfaced when running the v2.1.0 release
gate (auth-bundle-2 → master pre-flight). Each is mechanical:

1. govet/printf-style misuse — internal/auth/oidc/service_test.go used
   integer literal 501 in http.Error; switched to http.StatusNotImplemented.

2. staticcheck SA1019 — internal/auth/breakglass/reflect_helper_test.go
   referenced reflect.Ptr; the canonical name since Go 1.18 is
   reflect.Pointer.

3. staticcheck ST1020 — internal/repository/postgres/auth.go
   ActorRoleRepository.Revoke had a doc comment that did not begin with
   the method name. Prepended 'Revoke drops actor_roles rows.' to the
   comment so it now starts with the method name.

4. staticcheck ST1022 — internal/api/handler/auth_session_oidc.go
   DefaultBCLVerifierMaxAge docstring was attached to the DefaultBCLVerifier
   type docstring. Moved the const docstring directly above the const
   declaration, separated by a blank line.

5. unused — internal/auth/session/bench_test.go declared
   benchSessionMinSamples and never referenced it; the bench loop relies
   on Go's default b.N scaling. Replaced the const block with a comment
   describing the rationale.

Lint clean (golangci-lint v2.12.2 with the .golangci.yml config) on the
five edited packages.
This commit is contained in:
shankar0123
2026-05-11 13:31:13 +00:00
parent 09bea664d5
commit 8aeeec93c0
5 changed files with 18 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/repository/postgres/auth.go
+7 -6
View File
@@ -406,12 +406,13 @@ func (r *ActorRoleRepository) Grant(ctx context.Context, ar *authdomain.ActorRol
return nil
}
// Audit 2026-05-11 A-4 — scope-aware revoke. The pre-fix SQL omitted
// (scope_type, scope_id) from the WHERE clause; combined with HIGH-10's
// UNIQUE (actor_id, actor_type, role_id, scope_type, scope_id, tenant_id)
// uniqueness extension, an operator who granted the same role to the
// same actor at two different scopes had no selective-revoke path —
// every Revoke call nuked both rows. The new behaviour:
// Revoke drops actor_roles rows. Audit 2026-05-11 A-4 — scope-aware
// revoke. The pre-fix SQL omitted (scope_type, scope_id) from the
// WHERE clause; combined with HIGH-10's UNIQUE (actor_id, actor_type,
// role_id, scope_type, scope_id, tenant_id) uniqueness extension, an
// operator who granted the same role to the same actor at two
// different scopes had no selective-revoke path — every Revoke call
// nuked both rows. The new behaviour:
//
// - opts.ScopeType == "" (legacy call shape): drop the scope from the
// WHERE clause; delete every variant. Zero-row delete is NOT an