deployment: throw away golanglint-ci defaults (#439)

* deployment: throw away golanglint-ci defaults

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>

.golangci.yml

@@ -59,7 +59,7 @@ linters-settings:
     check-shadowing: false
   golint:
     # minimal confidence for issues, default is 0.8
-    min-confidence: 0.0
+    min-confidence: 0.8
   gofmt:
     # simplify code: gofmt with `-s` option, true by default
     simplify: true
@@ -161,6 +161,29 @@ issues:
   # it can be disabled by `exclude-use-default: false`. To list all
   # excluded by default patterns execute `golangci-lint run --help`
   exclude:
+    ## Defaults we want from golangci-lint
+    # errcheck: Almost all programs ignore errors on these functions and in most cases it's ok
+    - Error return value of .((os\.)?std(out|err)\..*|.*Close|.*Flush|os\.Remove(All)?|.*printf?|os\.(Un)?Setenv). is not checked
+    # golint: False positive when tests are defined in package 'test'
+    - func name will be used as test\.Test.* by other packages, and that stutters; consider calling this
+    # govet: Common false positives
+    - (possible misuse of unsafe.Pointer|should have signature)
+    # staticcheck: Developers tend to write in C-style with an explicit 'break' in a 'switch', so it's ok to ignore
+    - ineffective break statement. Did you mean to break out of the outer loop
+    # gosec: Too many false-positives on 'unsafe' usage
+    - Use of unsafe calls should be audited
+    # gosec: Too many false-positives for parametrized shell calls
+    - Subprocess launch(ed with variable|ing should be audited)
+    # gosec: Duplicated errcheck checks
+    - G104
+    # gosec: Too many issues in popular repos
+    - (Expect directory permissions to be 0750 or less|Expect file permissions to be 0600 or less)
+    # gosec: False positive is triggered by 'src, err := ioutil.ReadFile(filename)'
+    - Potential file inclusion via variable
+
+    ##
+    ## Custom
+    ##
     # Mostly harmless buffer writes where we skip error checking
     # https://golang.org/pkg/bytes/#Buffer.Write
     - "Error return value of `w.Write` is not checked"
@@ -201,7 +224,7 @@ issues:
   # it can be disabled by this option. To list all
   # excluded by default patterns execute `golangci-lint run --help`.
   # Default value for this option is true.
-  exclude-use-default: true
+  exclude-use-default: false
 
   # Maximum issues count per one linter. Set to 0 to disable. Default is 50.
   max-per-linter: 0

authenticate/authenticate.go

@@ -1,3 +1,5 @@
+// Package authenticate is a pomerium service that handles user authentication
+// and refersh (AuthN).
 package authenticate // import "github.com/pomerium/pomerium/authenticate"
 
 import (

authorize/authorize.go

@@ -1,3 +1,5 @@
+// Package authorize is a pomerium service that is responsible for determining
+// if a given request should be authorized (AuthZ).
 package authorize // import "github.com/pomerium/pomerium/authorize"
 
 import (

cache/cache.go

@@ -1,3 +1,6 @@
+// Package cache is a pomerium service that handles the storage of user
+// session state. It communicates over RPC with other pomerium services,
+// and can be configured to use a number of different backend cache stores.
 package cache // import "github.com/pomerium/pomerium/cache"
 
 import (

config/doc.go

@@ -0,0 +1,3 @@
+// Package config is a configuration abstraction that facilitates enabling
+// Pomerium settings  forvarious encoding types (JSON/YAML/ENVARS) and methods.
+package config // import "github.com/pomerium/pomerium/config"

config/options.go

@@ -517,6 +517,9 @@ func (o *Options) Checksum() string {
 	return fmt.Sprintf("%x", hash)
 }
 
+// HandleConfigUpdate takes configuration file, an existing options struct, and
+// updates each service in the services slice OptionsUpdater with a new set of
+// options if any change is detected.
 func HandleConfigUpdate(configFile string, opt *Options, services []OptionsUpdater) *Options {
 	newOpt, err := NewOptionsFromConfig(configFile)
 	if err != nil {

internal/cryptutil/certificates.go

@@ -11,6 +11,7 @@ import (
 	"io/ioutil"
 )
 
+// CertifcateFromBase64 returns an X509 pair from a base64 encoded blob.
 func CertifcateFromBase64(cert, key string) (*tls.Certificate, error) {
 	decodedCert, err := base64.StdEncoding.DecodeString(cert)
 	if err != nil {
@@ -24,11 +25,15 @@ func CertifcateFromBase64(cert, key string) (*tls.Certificate, error) {
 	return &x509, err
 }
 
+// CertificateFromFile given a certificate, and key file path, returns a X509
+// keypair.
 func CertificateFromFile(certFile, keyFile string) (*tls.Certificate, error) {
 	cert, err := tls.LoadX509KeyPair(certFile, keyFile)
 	return &cert, err
 }
 
+// CertPoolFromBase64 takes a base64 encoded string and returns a new
+// X509 certificate pool.
 func CertPoolFromBase64(encPemCerts string) (*x509.CertPool, error) {
 	b, err := base64.StdEncoding.DecodeString(encPemCerts)
 	if err != nil {
@@ -37,6 +42,7 @@ func CertPoolFromBase64(encPemCerts string) (*x509.CertPool, error) {
 	return bytesToCertPool(b)
 }
 
+// CertPoolFromFile reads a file and returns an X509 certificate pool.
 func CertPoolFromFile(pemFile string) (*x509.CertPool, error) {
 	b, err := ioutil.ReadFile(pemFile)
 	if err != nil {

internal/cryptutil/doc.go

@@ -0,0 +1,3 @@
+// Package cryptutil provides cryptographic utility functions, complementing the
+// lower level abstractions found in the standard library.
+package cryptutil // import "github.com/pomerium/pomerium/internal/cryptutil"

internal/encoding/econding.go

@@ -1,3 +1,5 @@
+// Package encoding defines interfaces shared by other packages that
+// convert data to and from byte-level and textual representations.
 package encoding // import "github.com/pomerium/pomerium/internal/encoding"
 
 // MarshalUnmarshaler can both Marshal and Unmarshal a struct into and from a set of bytes.

internal/encoding/mock/mock_encoder.go

@@ -1,3 +1,4 @@
+// Package mock implements a mock implementation of MarshalUnmarshaler.
 package mock // import "github.com/pomerium/pomerium/internal/encoding/mock"
 
 import (

internal/fileutil/fileutil.go

@@ -1,3 +1,5 @@
+// Package fileutil provides file utility functions, complementing the
+// lower level abstractions found in the standard library.
 package fileutil // import "github.com/pomerium/pomerium/internal/fileutil"
 
 import (

internal/frontend/templates.go

@@ -1,5 +1,7 @@
 //go:generate statik -src=./assets -include=*.svg,*.html,*.css,*.js
 
+// Package frontend handles the generation, and instantiation of Pomerium's
+// html templates.
 package frontend // import "github.com/pomerium/pomerium/internal/frontend"
 
 import (

internal/grpc/authorize/client/authorize_client.go

@@ -1,3 +1,4 @@
+// Package client implements a gRPC client for the authorization service.
 package client
 
 import (

internal/grpc/cache/client/cache_client.go

@@ -1,3 +1,4 @@
+// Package client implements a gRPC client for the cache service.
 package client
 
 import (

internal/grpc/docs.go

@@ -0,0 +1,3 @@
+// Package grpc provides gRPC utility functions, complementing the more
+// common ones in the github.com/grpc/grpc-go package
+package grpc // import "github.com/pomerium/pomerium/internal/grpc"

internal/grpcutil/doc.go

@@ -0,0 +1,2 @@
+// Package grpcutil contains utility functions for working with gRPC.
+package grpcutil // import "github.com/pomerium/pomerium/internal/grpcutil"

internal/httputil/docs.go

@@ -0,0 +1,3 @@
+// Package httputil provides HTTP utility functions, complementing the more
+// common ones in the net/http package
+package httputil // import "github.com/pomerium/pomerium/internal/httputil"

internal/kv/autocache/autocache.go

@@ -1,3 +1,6 @@
+// Package autocache implements a key value store (kv.Store) using autocache
+// which combines functionality from groupcache, and memberlist libraries.
+// For more details, see https://github.com/pomerium/autocache
 package autocache
 
 import (

internal/kv/bolt/bolt.go

@@ -1,3 +1,5 @@
+// Package bolt implements a key value store (kv.Store) using bbolt.
+// For more details, see https://github.com/etcd-io/bbolt
 package bolt
 
 import (

internal/kv/redis/redis.go

@@ -1,3 +1,5 @@
+// Package redis implements a key value store (kv.Store) using redis.
+// For more details, see https://redis.io/
 package redis
 
 import (

internal/kv/store.go

@@ -1,3 +1,5 @@
+// Package kv defines a Store interfaces that can be implemented by
+// datastores to provide key value storage capabilities.
 package kv
 
 import "context"

internal/middleware/responsewriter/wrap_writer.go

@@ -1,3 +1,5 @@
+// Package responsewriter contains helper functions that useful for
+// hooking into various parts of a response.
 package responsewriter
 
 // The original work was derived from Goji's middleware, source:

internal/sessions/cache/cache_store.go

@@ -1,3 +1,5 @@
+// Package cache provides a remote cache based implementation of session store
+// and loader. See pomerium's cache service for more details.
 package cache // import "github.com/pomerium/pomerium/internal/sessions/cache"
 
 import (

internal/sessions/cookie/cookie_store.go

@@ -1,3 +1,4 @@
+// Package cookie provides a cookie based implementation of session store and loader.
 package cookie // import "github.com/pomerium/pomerium/internal/sessions/cookie"
 
 import (

internal/sessions/header/header_store.go

@@ -1,3 +1,5 @@
+// Package header provides a request header based implementation of a
+// session loader.
 package header // import "github.com/pomerium/pomerium/internal/sessions/header"
 
 import (

internal/sessions/mock/mock_store.go

@@ -1,3 +1,4 @@
+// Package mock provides a mock implementation of session store and loader.
 package mock // import "github.com/pomerium/pomerium/internal/sessions/mock"
 
 import (

internal/sessions/queryparam/query_store.go

@@ -1,3 +1,5 @@
+// Package queryparam provides a query param based implementation of a both
+// as session store and loader.
 package queryparam // import "github.com/pomerium/pomerium/internal/sessions/queryparam"
 
 import (

internal/sessions/store.go

@@ -1,3 +1,5 @@
+// Package sessions handles the storage, management, and validation
+// of pomerium user sessions.
 package sessions // import "github.com/pomerium/pomerium/internal/sessions"
 
 import (

internal/telemetry/metrics/doc.go

@@ -0,0 +1,2 @@
+// Package metrics contains support for OpenCensus distributed metrics.
+package metrics // import "github.com/pomerium/pomerium/internal/telemetry/metrics"

internal/telemetry/metrics/info.go

@@ -154,7 +154,7 @@ func SetBuildInfo(service string) {
 	registry.setBuildInfo(service)
 }
 
-// Register non-view based metrics registry globally for export
+// RegisterInfoMetrics registers non-view based metrics registry globally for export
 func RegisterInfoMetrics() {
 	metricproducer.GlobalManager().AddProducer(registry.registry)
 }

internal/telemetry/trace/doc.go

@@ -0,0 +1,2 @@
+// Package trace contains support for OpenCensus distributed tracing.
+package trace // import "github.com/pomerium/pomerium/internal/telemetry/trace"

internal/telemetry/trace/trace.go

@@ -11,6 +11,7 @@ import (
 )
 
 const (
+	// JaegerTracingProviderName is the name of the tracing provider Jaeger.
 	JaegerTracingProviderName = "jaeger"
 )
 
@@ -31,6 +32,7 @@ type TracingOptions struct {
 	JaegerAgentEndpoint string `mapstructure:"tracing_jaeger_agent_endpoint"`
 }
 
+// RegisterTracing creates a new trace exporter from TracingOptions.
 func RegisterTracing(opts *TracingOptions) error {
 	var err error
 	switch opts.Provider {

internal/tripper/roundtripper.go

@@ -1,3 +1,5 @@
+// Package tripper provides utility functions for working with the
+// http.RoundTripper interface.
 package tripper // import "github.com/pomerium/pomerium/internal/tripper"
 
 import (

internal/urlutil/url.go

@@ -1,3 +1,4 @@
+// Package urlutil provides utility functions for working with go urls.
 package urlutil // import "github.com/pomerium/pomerium/internal/urlutil"
 
 import (
@@ -60,6 +61,7 @@ func ValidateURL(u *url.URL) error {
 	return nil
 }
 
+// DeepCopy creates a deep copy of a *url.URL
 func DeepCopy(u *url.URL) (*url.URL, error) {
 	if u == nil {
 		return nil, nil

internal/version/version.go

@@ -1,3 +1,4 @@
+// Package version enables setting build-time version using ldflags.
 package version // import "github.com/pomerium/pomerium/internal/version"
 
 import (

proxy/proxy.go

@@ -1,3 +1,7 @@
+// Package proxy is a pomerium service that provides reverse proxying of
+// internal routes. The proxy packages interoperates with other pomerium
+// services over RPC in order to make access control decisions about a
+// given incoming request.
 package proxy // import "github.com/pomerium/pomerium/proxy"
 
 import (