mirror of
https://github.com/shankar0123/certctl.git
synced 2026-06-07 19:11:30 +00:00
fix(agent): thread ctx through createTargetConnector to satisfy contextcheck
CI run #428 (job 74148571711) failed on commit502823dwith: cmd/agent/main.go:690:44: Function `createTargetConnector` should pass the context parameter (contextcheck) Pre-existing on master since the Rank 5 commits (14fcc82Azure KV,54033aaAWS ACM) added two `case` branches in createTargetConnector that called `awsacm.New(context.Background(), &cfg, a.logger)` and `azurekv.New(context.Background(), &cfg, a.logger)` instead of threading the caller's ctx. The contextcheck linter (in .golangci.yml) flagged the call site at line 690 because the caller — the deploy path inside processJob — has a `ctx` in scope (used a few lines later for `a.reportJobStatus(ctx, ...)`). Why CI fix #15 (502823d) didn't catch this: that commit was scoped narrowly to fix go.mod / go.sum drift after Azure SDK transitive deps shifted; it didn't run the full lint gate locally because the sandbox disk-pressure path falls back to gofmt + go vet + go test -short, and contextcheck is part of golangci-lint (not vet). It surfaced once CI ran the full lint pipeline. Fix: - createTargetConnector signature: prepend `ctx context.Context` as the first parameter (matches the convention used everywhere else in the agent — heartbeat, processJob, reportJobStatus, etc.). - Inside the function, replace both `context.Background()` calls (AWSACM + AzureKeyVault cases) with `ctx`. SDK credential resolution now honors caller cancellation / deadlines. - Update the production call site at cmd/agent/main.go:690 to pass `ctx` (already in scope). - Update the 6 test call sites in cmd/agent/agent_test.go to pass `context.Background()` (test functions don't have a ctx in scope — Background() is the conventional zero-value for unit tests). Verified locally: - gofmt: 0 lines diff - go vet ./cmd/agent/...: exit 0 - go build ./cmd/agent/...: exit 0 - go test -short ./cmd/agent/...: ok 11.912s The contextcheck linter itself wasn't re-run locally (golangci-lint install needs ~300MB and the sandbox modcache + build cache already filled disk). The fix matches the linter's diagnosis verbatim: "should pass the context parameter" — call site now passes the parameter; signature now accepts it.
This commit is contained in:
shankar0123
@@ -478,7 +478,7 @@ func TestCreateTargetConnector_NGINX(t *testing.T) {
|
||||
agent, _ := NewAgent(cfg, logger)
|
||||
|
||||
configJSON := json.RawMessage(`{"cert_path":"/etc/nginx/cert.pem"}`)
|
||||
connector, err := agent.createTargetConnector("NGINX", configJSON)
|
||||
connector, err := agent.createTargetConnector(context.Background(), "NGINX", configJSON)
|
||||
|
||||
if err != nil {
|
||||
t.Errorf("unexpected error: %v", err)
|
||||
@@ -499,7 +499,7 @@ func TestCreateTargetConnector_Unsupported(t *testing.T) {
|
||||
logger := slog.New(slog.NewTextHandler(io.Discard, nil))
|
||||
agent, _ := NewAgent(cfg, logger)
|
||||
|
||||
_, err := agent.createTargetConnector("UnsupportedType", nil)
|
||||
_, err := agent.createTargetConnector(context.Background(), "UnsupportedType", nil)
|
||||
|
||||
if err == nil {
|
||||
t.Error("expected error for unsupported target type")
|
||||
@@ -987,7 +987,7 @@ func TestCreateTargetConnector_AllSupportedTypes(t *testing.T) {
|
||||
t.Fatalf("failed to marshal config: %v", err)
|
||||
}
|
||||
|
||||
connector, err := agent.createTargetConnector(tt.typeName, configJSON)
|
||||
connector, err := agent.createTargetConnector(context.Background(), tt.typeName, configJSON)
|
||||
|
||||
// Some connectors (like WinCertStore, IIS) may error on non-Windows platforms
|
||||
// or with insufficient validation. We accept either a valid connector or an error
|
||||
@@ -1039,7 +1039,7 @@ func TestCreateTargetConnector_InvalidJSON(t *testing.T) {
|
||||
|
||||
for _, typeName := range tests {
|
||||
t.Run(typeName, func(t *testing.T) {
|
||||
_, err := agent.createTargetConnector(typeName, invalidJSON)
|
||||
_, err := agent.createTargetConnector(context.Background(), typeName, invalidJSON)
|
||||
|
||||
if err == nil {
|
||||
t.Errorf("expected error for invalid JSON with type %s", typeName)
|
||||
@@ -1059,7 +1059,7 @@ func TestCreateTargetConnector_UnknownType(t *testing.T) {
|
||||
logger := slog.New(slog.NewTextHandler(io.Discard, nil))
|
||||
agent, _ := NewAgent(cfg, logger)
|
||||
|
||||
_, err := agent.createTargetConnector("MagicBox", nil)
|
||||
_, err := agent.createTargetConnector(context.Background(), "MagicBox", nil)
|
||||
|
||||
if err == nil {
|
||||
t.Error("expected error for unsupported target type")
|
||||
@@ -1092,7 +1092,7 @@ func TestCreateTargetConnector_EmptyConfig(t *testing.T) {
|
||||
for _, typeName := range tests {
|
||||
t.Run(typeName, func(t *testing.T) {
|
||||
// Empty config should be handled gracefully (defaults applied)
|
||||
connector, err := agent.createTargetConnector(typeName, nil)
|
||||
connector, err := agent.createTargetConnector(context.Background(), typeName, nil)
|
||||
|
||||
// Should not error on nil/empty config (defaults are applied)
|
||||
if err != nil {
|
||||
|
||||
+8
-4
@@ -687,7 +687,7 @@ func (a *Agent) executeDeploymentJob(ctx context.Context, job JobItem) {
|
||||
|
||||
// Deploy to the target using the appropriate connector
|
||||
if job.TargetType != "" {
|
||||
connector, err := a.createTargetConnector(job.TargetType, job.TargetConfig)
|
||||
connector, err := a.createTargetConnector(ctx, job.TargetType, job.TargetConfig)
|
||||
if err != nil {
|
||||
a.logger.Error("failed to create target connector",
|
||||
"job_id", job.ID,
|
||||
@@ -768,7 +768,11 @@ func (a *Agent) executeDeploymentJob(ctx context.Context, job JobItem) {
|
||||
}
|
||||
|
||||
// createTargetConnector instantiates the appropriate target connector based on type.
|
||||
func (a *Agent) createTargetConnector(targetType string, configJSON json.RawMessage) (target.Connector, error) {
|
||||
// ctx is threaded into SDK-driven connectors (AWSACM, AzureKeyVault) so credential
|
||||
// resolution honors caller cancellation / deadlines instead of using a fresh
|
||||
// context.Background() (the contextcheck linter enforces this — the original Rank 5
|
||||
// implementation used Background() and tripped CI on commit 502823d).
|
||||
func (a *Agent) createTargetConnector(ctx context.Context, targetType string, configJSON json.RawMessage) (target.Connector, error) {
|
||||
switch targetType {
|
||||
case "NGINX":
|
||||
var cfg nginx.Config
|
||||
@@ -914,7 +918,7 @@ func (a *Agent) createTargetConnector(targetType string, configJSON json.RawMess
|
||||
return nil, fmt.Errorf("invalid AWSACM config: %w", err)
|
||||
}
|
||||
}
|
||||
return awsacm.New(context.Background(), &cfg, a.logger)
|
||||
return awsacm.New(ctx, &cfg, a.logger)
|
||||
|
||||
case "AzureKeyVault":
|
||||
// Rank 5 of the 2026-05-03 Infisical deep-research deliverable.
|
||||
@@ -929,7 +933,7 @@ func (a *Agent) createTargetConnector(targetType string, configJSON json.RawMess
|
||||
return nil, fmt.Errorf("invalid AzureKeyVault config: %w", err)
|
||||
}
|
||||
}
|
||||
return azurekv.New(context.Background(), &cfg, a.logger)
|
||||
return azurekv.New(ctx, &cfg, a.logger)
|
||||
|
||||
default:
|
||||
return nil, fmt.Errorf("unsupported target type: %s", targetType)
|
||||
|
||||
Reference in New Issue
Block a user