gsadmin/certctl
1
0
Fork 0
mirror of https://github.com/shankar0123/certctl.git synced 2026-06-07 21:31:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(est): plumb context through ESTService.ReloadTrust to satisfy contextcheck

Browse Source 
CI golangci-lint v2.11.4 flagged internal/api/handler/admin_est.go:178:
the AdminESTServiceImpl.ReloadTrust method took ctx context.Context but
called svc.ReloadTrust() with no context, then the underlying
ESTService.ReloadTrust used context.Background() internally for the
audit RecordEvent call. That's the contextcheck linter's textbook
'context discarded at boundary' violation.

Fix: change ESTService.ReloadTrust signature to ReloadTrust(ctx
context.Context) and forward the caller-supplied ctx into
auditService.RecordEvent. AdminESTServiceImpl.ReloadTrust now passes
its received ctx through. The HTTP handler already forwards
r.Context() one layer up, so the request-scoped trace identifiers now
flow end-to-end into the audit row instead of being severed at the
service boundary.

Verified locally with golangci-lint v2.11.4 (the same version CI runs)
against ./internal/api/handler/... ./internal/service/... — '0
issues.' All cmd/* binaries build clean, go test -short -count=1
green for both packages.
This commit is contained in:
shankar0123
2026-04-30 01:59:04 +00:00
parent 67fadeb4e6
commit f52ae0b18c
2 changed files with 9 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/api/handler/admin_est.go
+2 -2
View File
@@ -170,12 +170,12 @@ func (s *AdminESTServiceImpl) Profiles(_ context.Context, now time.Time) ([]serv
}
// ReloadTrust implements AdminESTService.
func (s *AdminESTServiceImpl) ReloadTrust(_ context.Context, pathID string) error {
func (s *AdminESTServiceImpl) ReloadTrust(ctx context.Context, pathID string) error {
svc, ok := s.services[pathID]
if !ok {
return ErrAdminESTProfileNotFound
}
return svc.ReloadTrust()
return svc.ReloadTrust(ctx)
}
// Compile-time interface check.
internal/service/est_counters.go
+7 -3
View File
@@ -178,8 +178,12 @@ func (s *ESTService) Stats(now time.Time) ESTStatsSnapshot {
//
// Phase 11.3: emits AuditActionESTTrustAnchorReloaded on successful
// reload so operators have a typed grep target for "who rotated the
// trust bundle for which profile + when".
func (s *ESTService) ReloadTrust() error {
// trust bundle for which profile + when". The caller-supplied ctx is
// forwarded into RecordEvent so the audit row carries the same
// request-scoped trace identifiers as the rest of the admin pipeline,
// and so the contextcheck linter doesn't flag the admin handler for
// silently dropping its r.Context() at the service boundary.
func (s *ESTService) ReloadTrust(ctx context.Context) error {
if s.estTrustAnchor == nil {
return ErrESTMTLSDisabled
}
@@ -192,7 +196,7 @@ func (s *ESTService) ReloadTrust() error {
"trust_anchor_path": s.estTrustAnchor.Path(),
"protocol": "EST",
}
_ = s.auditService.RecordEvent(context.Background(), "est-admin", "system",
_ = s.auditService.RecordEvent(ctx, "est-admin", "system",
AuditActionESTTrustAnchorReloaded, "trust_anchor", s.estPathIDForLog, details)
}
return nil