test google secrets manager; use golangci-lint linter

Author: alexei-led

.golangci.yaml

@@ -0,0 +1,87 @@
+linters-settings:
+  govet:
+    check-shadowing: true
+  golint:
+    min-confidence: 0
+  gocyclo:
+    min-complexity: 15
+  maligned:
+    suggest-new: true
+  dupl:
+    threshold: 100
+  goconst:
+    min-len: 2
+    min-occurrences: 2
+  misspell:
+    locale: US
+  lll:
+    line-length: 140
+  goimports:
+    local-prefixes: github.com/golangci/golangci-lint
+  gocritic:
+    enabled-tags:
+      - diagnostic
+      - experimental
+      - opinionated
+      - performance
+      - style
+    disabled-checks:
+      - dupImport # https://github.com/go-critic/go-critic/issues/845
+      - ifElseChain
+      - octalLiteral
+      - rangeValCopy
+      - unnamedResult
+      - whyNoLint
+      - wrapperFunc
+  funlen:
+    lines: 100
+    statements: 50
+
+linters:
+  # please, do not use `enable-all`: it's deprecated and will be removed soon.
+  # inverted configuration with `enable-all` and `disable` is not scalable during updates of golangci-lint
+  disable-all: true
+  enable:
+    # - rowserrcheck
+    - bodyclose
+    - deadcode
+    - depguard
+    - dogsled
+    - dupl
+    - errcheck
+    - funlen
+    - goconst
+    - gocritic
+    - gocyclo
+    - gofmt
+    - goimports
+    - golint
+    - gosec
+    - gosimple
+    - govet
+    - ineffassign
+    - interfacer
+    - lll
+    - misspell
+    - nakedret
+    - scopelint
+    - staticcheck
+    - structcheck
+    - stylecheck
+    - typecheck
+    - unconvert
+    - unparam
+    - unused
+    - varcheck
+    - whitespace
+
+  # don't enable:
+  # - gochecknoglobals
+  # - gocognit
+  # - godox
+  # - maligned
+  # - prealloc
+
+issues:
+    exclude:
+        - Using the variable on range scope `tt` in function literal

Makefile

@@ -7,6 +7,8 @@ TESTPKGS = $(shell env GO111MODULE=on $(GO) list -f \
 			'{{ if or .TestGoFiles .XTestGoFiles }}{{ .ImportPath }}{{ end }}' \
 			$(PKGS))
 BIN      = $(CURDIR)/.bin
+GOLANGCI_LINT_CONFIG = $(CURDIR)/.golangci.yaml
+
 
 GO      = go
 TIMEOUT = 15
@@ -35,8 +37,8 @@ $(BIN)/%: | $(BIN) ; $(info $(M) building $(PACKAGE)…)
 		|| ret=$$?; \
 	   rm -rf $$tmp ; exit $$ret
 
-GOLINT = $(BIN)/golint
-$(BIN)/golint: PACKAGE=golang.org/x/lint/golint
+GOLANGCI_LINT = $(BIN)/golangci-lint
+$(BIN)/golangci-lint: PACKAGE=github.com/golangci/golangci-lint/cmd/golangci-lint
 
 GOCOV = $(BIN)/gocov
 $(BIN)/gocov: PACKAGE=github.com/axw/gocov/...
@@ -60,7 +62,7 @@ test-verbose: ARGS=-v            ## Run tests in verbose mode with coverage repo
 test-race:    ARGS=-race         ## Run tests with race detector
 $(TEST_TARGETS): NAME=$(MAKECMDGOALS:test-%=%)
 $(TEST_TARGETS): test
-check test tests: fmt lint ; $(info $(M) running $(NAME:%=% )tests…) @ ## Run tests
+check test tests: fmt ; $(info $(M) running $(NAME:%=% )tests…) @ ## Run tests
 	$Q $(GO) test -timeout $(TIMEOUT)s $(ARGS) $(TESTPKGS)
 
 test-xml: fmt lint | $(GO2XUNIT) ; $(info $(M) running xUnit tests…) @ ## Run tests with xUnit output
@@ -87,8 +89,9 @@ test-coverage: fmt lint test-coverage-tools ; $(info $(M) running coverage tests
 	$Q $(GOCOV) convert $(COVERAGE_PROFILE) | $(GOCOVXML) > $(COVERAGE_XML)
 
 .PHONY: lint
-lint: | $(GOLINT) ; $(info $(M) running golint…) @ ## Run golint
-	$Q $(GOLINT) -set_exit_status $(PKGS)
+lint: | $(GOLANGCI_LINT) ; $(info $(M) running golangci-lint…) @ ## Run golangci-lint
+	$Q $(GOLANGCI_LINT) run -v -c $(GOLANGCI_LINT_CONFIG) .
+
 
 .PHONY: fmt
 fmt: ; $(info $(M) running gofmt…) @ ## Run gofmt on all source files
@@ -99,6 +102,7 @@ mock: | $(GOMOCK) ; $(info $(M) generating mocks…) @ ## Run mockery
 	$Q $(GO) mod vendor -v
 	$Q $(GOMOCK) -name SecretsManagerAPI -dir vendor/github.com/aws/aws-sdk-go/service/secretsmanager/secretsmanageriface
 	$Q $(GOMOCK) -name SSMAPI -dir vendor/github.com/aws/aws-sdk-go/service/ssm/ssmiface
+	$Q $(GOMOCK) -name GoogleSecretsManagerAPI -dir pkg/secrets/google
 	$Q rm -rf vendor
 
 # Misc

go.mod

@@ -5,6 +5,7 @@ go 1.14
 require (
 	cloud.google.com/go v0.50.0
 	github.com/aws/aws-sdk-go v1.24.1
+	github.com/googleapis/gax-go/v2 v2.0.5
 	github.com/pkg/errors v0.9.1
 	github.com/sirupsen/logrus v1.4.2
 	github.com/stretchr/testify v1.4.0

main.go

@@ -70,7 +70,7 @@ func mainCmd(c *cli.Context) error {
 	if c.String("provider") == "aws" {
 		provider, err = aws.NewAwsSecretsProvider()
 	} else if c.String("provider") == "google" {
-		provider, err = google.NewGoogleSecretsProvider()
+		provider, err = google.NewGoogleSecretsProvider(ctx)
 	}
 	if err != nil {
 		log.WithField("provider", c.String("provider")).WithError(err).Error("failed to initialize secrets provider")
@@ -149,10 +149,15 @@ func run(ctx context.Context, provider secrets.Provider, commandSlice []string)
 	// Goroutine for signals forwarding
 	go func() {
 		for sig := range sigs {
-			// ignore SIGCHLD signals since these are only usefull for secrets-init
+			// ignore SIGCHLD signals since these are only useful for secrets-init
 			if sig != syscall.SIGCHLD {
 				// forward signal to the main process and its children
-				syscall.Kill(-cmd.Process.Pid, sig.(syscall.Signal))
+				e := syscall.Kill(-cmd.Process.Pid, sig.(syscall.Signal))
+				log.WithFields(log.Fields{
+					"pid":  cmd.Process.Pid,
+					"path": cmd.Path,
+					"args": cmd.Args,
+				}).WithError(e).Error("failed to kill process")
 			}
 		}
 	}()

mocks/GoogleSecretsManagerAPI.go

@@ -0,0 +1,12 @@
+package google
+
+import (
+	"context"
+
+	"github.com/googleapis/gax-go/v2"
+	secretspb "google.golang.org/genproto/googleapis/cloud/secrets/v1beta1"
+)
+
+type GoogleSecretsManagerAPI interface {
+	AccessSecretVersion(ctx context.Context, req *secretspb.AccessSecretVersionRequest, opts ...gax.CallOption) (*secretspb.AccessSecretVersionResponse, error)
+}

pkg/secrets/google/interface.go

@@ -11,11 +11,18 @@ import (
 )
 
 // SecretsProvider Google Cloud secrets provider
-type SecretsProvider struct{}
+type SecretsProvider struct {
+	sm GoogleSecretsManagerAPI
+}
 
 // NewGoogleSecretsProvider init Google Secrets Provider
-func NewGoogleSecretsProvider() (secrets.Provider, error) {
+func NewGoogleSecretsProvider(ctx context.Context) (secrets.Provider, error) {
 	sp := SecretsProvider{}
+	var err error
+	sp.sm, err = secretmanager.NewClient(ctx)
+	if err != nil {
+		return nil, errors.Wrap(err, "failed to initialize Google Cloud SDK")
+	}
 	return &sp, nil
 }
 
@@ -26,18 +33,10 @@ func NewGoogleSecretsProvider() (secrets.Provider, error) {
 //    `gcp:secretmanager:projects/{PROJECT_ID}/secrets/{SECRET_NAME}/versions/{VERSION|latest}`
 func (sp SecretsProvider) ResolveSecrets(ctx context.Context, vars []string) ([]string, error) {
 	var envs []string
-	var sm *secretmanager.Client
-	var err error
 	for _, env := range vars {
 		kv := strings.Split(env, "=")
 		key, value := kv[0], kv[1]
 		if strings.HasPrefix(value, "gcp:secretmanager:") {
-			if sm == nil {
-				sm, err = secretmanager.NewClient(ctx)
-				if err != nil {
-					return nil, errors.Wrap(err, "failed to initialize Google Cloud SDK")
-				}
-			}
 			// construct valid secret name
 			name := strings.TrimPrefix(value, "gcp:secretmanager:")
 			// if no version specified add latest
@@ -48,9 +47,9 @@ func (sp SecretsProvider) ResolveSecrets(ctx context.Context, vars []string) ([]
 			req := &secretspb.AccessSecretVersionRequest{
 				Name: name,
 			}
-			secret, err := sm.AccessSecretVersion(ctx, req)
+			secret, err := sp.sm.AccessSecretVersion(ctx, req)
 			if err != nil {
-				return nil, errors.Wrap(err, "failed to get secret from Google Secret Manager")
+				return vars, errors.Wrap(err, "failed to get secret from Google Secret Manager")
 			}
 			env = key + "=" + string(secret.Payload.GetData())
 		}