diff --git a/cmd/agent/agent_test.go b/cmd/agent/agent_test.go index d07b39e..365618b 100644 --- a/cmd/agent/agent_test.go +++ b/cmd/agent/agent_test.go @@ -478,7 +478,7 @@ func TestCreateTargetConnector_NGINX(t *testing.T) { agent, _ := NewAgent(cfg, logger) configJSON := json.RawMessage(`{"cert_path":"/etc/nginx/cert.pem"}`) - connector, err := agent.createTargetConnector("NGINX", configJSON) + connector, err := agent.createTargetConnector(context.Background(), "NGINX", configJSON) if err != nil { t.Errorf("unexpected error: %v", err) @@ -499,7 +499,7 @@ func TestCreateTargetConnector_Unsupported(t *testing.T) { logger := slog.New(slog.NewTextHandler(io.Discard, nil)) agent, _ := NewAgent(cfg, logger) - _, err := agent.createTargetConnector("UnsupportedType", nil) + _, err := agent.createTargetConnector(context.Background(), "UnsupportedType", nil) if err == nil { t.Error("expected error for unsupported target type") @@ -987,7 +987,7 @@ func TestCreateTargetConnector_AllSupportedTypes(t *testing.T) { t.Fatalf("failed to marshal config: %v", err) } - connector, err := agent.createTargetConnector(tt.typeName, configJSON) + connector, err := agent.createTargetConnector(context.Background(), tt.typeName, configJSON) // Some connectors (like WinCertStore, IIS) may error on non-Windows platforms // or with insufficient validation. We accept either a valid connector or an error @@ -1039,7 +1039,7 @@ func TestCreateTargetConnector_InvalidJSON(t *testing.T) { for _, typeName := range tests { t.Run(typeName, func(t *testing.T) { - _, err := agent.createTargetConnector(typeName, invalidJSON) + _, err := agent.createTargetConnector(context.Background(), typeName, invalidJSON) if err == nil { t.Errorf("expected error for invalid JSON with type %s", typeName) @@ -1059,7 +1059,7 @@ func TestCreateTargetConnector_UnknownType(t *testing.T) { logger := slog.New(slog.NewTextHandler(io.Discard, nil)) agent, _ := NewAgent(cfg, logger) - _, err := agent.createTargetConnector("MagicBox", nil) + _, err := agent.createTargetConnector(context.Background(), "MagicBox", nil) if err == nil { t.Error("expected error for unsupported target type") @@ -1092,7 +1092,7 @@ func TestCreateTargetConnector_EmptyConfig(t *testing.T) { for _, typeName := range tests { t.Run(typeName, func(t *testing.T) { // Empty config should be handled gracefully (defaults applied) - connector, err := agent.createTargetConnector(typeName, nil) + connector, err := agent.createTargetConnector(context.Background(), typeName, nil) // Should not error on nil/empty config (defaults are applied) if err != nil { diff --git a/cmd/agent/main.go b/cmd/agent/main.go index a859c0e..3def9ba 100644 --- a/cmd/agent/main.go +++ b/cmd/agent/main.go @@ -687,7 +687,7 @@ func (a *Agent) executeDeploymentJob(ctx context.Context, job JobItem) { // Deploy to the target using the appropriate connector if job.TargetType != "" { - connector, err := a.createTargetConnector(job.TargetType, job.TargetConfig) + connector, err := a.createTargetConnector(ctx, job.TargetType, job.TargetConfig) if err != nil { a.logger.Error("failed to create target connector", "job_id", job.ID, @@ -768,7 +768,11 @@ func (a *Agent) executeDeploymentJob(ctx context.Context, job JobItem) { } // createTargetConnector instantiates the appropriate target connector based on type. -func (a *Agent) createTargetConnector(targetType string, configJSON json.RawMessage) (target.Connector, error) { +// ctx is threaded into SDK-driven connectors (AWSACM, AzureKeyVault) so credential +// resolution honors caller cancellation / deadlines instead of using a fresh +// context.Background() (the contextcheck linter enforces this — the original Rank 5 +// implementation used Background() and tripped CI on commit 502823d). +func (a *Agent) createTargetConnector(ctx context.Context, targetType string, configJSON json.RawMessage) (target.Connector, error) { switch targetType { case "NGINX": var cfg nginx.Config @@ -914,7 +918,7 @@ func (a *Agent) createTargetConnector(targetType string, configJSON json.RawMess return nil, fmt.Errorf("invalid AWSACM config: %w", err) } } - return awsacm.New(context.Background(), &cfg, a.logger) + return awsacm.New(ctx, &cfg, a.logger) case "AzureKeyVault": // Rank 5 of the 2026-05-03 Infisical deep-research deliverable. @@ -929,7 +933,7 @@ func (a *Agent) createTargetConnector(targetType string, configJSON json.RawMess return nil, fmt.Errorf("invalid AzureKeyVault config: %w", err) } } - return azurekv.New(context.Background(), &cfg, a.logger) + return azurekv.New(ctx, &cfg, a.logger) default: return nil, fmt.Errorf("unsupported target type: %s", targetType)