diff --git a/helper/keysutil/policy.go b/helper/keysutil/policy.go index 9899c7f223..a45b1a772b 100644 --- a/helper/keysutil/policy.go +++ b/helper/keysutil/policy.go @@ -953,8 +953,6 @@ func (p *Policy) VerifySignature(context, input []byte, sig, algorithm string) ( default: return false, errutil.InternalError{Err: fmt.Sprintf("unsupported key type %v", p.Type)} } - - return false, errutil.InternalError{Err: "no valid key type found"} } func (p *Policy) Rotate(ctx context.Context, storage logical.Storage) error { diff --git a/helper/proxyutil/proxyutil.go b/helper/proxyutil/proxyutil.go index 5ff59b1f1c..06371b29e5 100644 --- a/helper/proxyutil/proxyutil.go +++ b/helper/proxyutil/proxyutil.go @@ -36,7 +36,7 @@ func (p *ProxyProtoConfig) SetAuthorizedAddrs(addrs interface{}) error { for _, v := range addrs.([]interface{}) { stringAddr, ok := v.(string) if !ok { - return fmt.Errorf("error parsing %q as string") + return fmt.Errorf("error parsing %v as string", v) } stringAddrs = append(stringAddrs, stringAddr) } diff --git a/helper/strutil/strutil_test.go b/helper/strutil/strutil_test.go index 87feb4a352..e0196a660a 100644 --- a/helper/strutil/strutil_test.go +++ b/helper/strutil/strutil_test.go @@ -349,7 +349,7 @@ func TestGlobbedStringsMatch(t *testing.T) { actual := GlobbedStringsMatch(tc.item, tc.val) if actual != tc.expect { - t.Fatalf("Bad testcase %#v, expected %b, got %b", tc, tc.expect, actual) + t.Fatalf("Bad testcase %#v, expected %t, got %t", tc, tc.expect, actual) } } } diff --git a/http/sys_wrapping_test.go b/http/sys_wrapping_test.go index 7ab2143b17..b353707e6d 100644 --- a/http/sys_wrapping_test.go +++ b/http/sys_wrapping_test.go @@ -310,7 +310,7 @@ func TestHTTP_Wrapping(t *testing.T) { // Check for correct CreationPath before rewrap if wrapInfo.CreationPath != "secret/foo" { - t.Fatal("error on wrapInfo.CreationPath: expected: secret/foo, got: %s", wrapInfo.CreationPath) + t.Fatalf("error on wrapInfo.CreationPath: expected: secret/foo, got: %s", wrapInfo.CreationPath) } // Test rewrapping @@ -323,7 +323,7 @@ func TestHTTP_Wrapping(t *testing.T) { // Check for correct Creation path after rewrap if wrapInfo.CreationPath != "secret/foo" { - t.Fatal("error on wrapInfo.CreationPath: expected: secret/foo, got: %s", wrapInfo.CreationPath) + t.Fatalf("error on wrapInfo.CreationPath: expected: secret/foo, got: %s", wrapInfo.CreationPath) } // Should be expired and fail diff --git a/logical/framework/path_map_test.go b/logical/framework/path_map_test.go index 11f459b4a6..b1cce0923f 100644 --- a/logical/framework/path_map_test.go +++ b/logical/framework/path_map_test.go @@ -271,7 +271,7 @@ func testSalting(t *testing.T, ctx context.Context, storage logical.Storage, sal Value: []byte(`{"foo": "bar"}`), }) if err != nil { - t.Fatal("err: %v", err) + t.Fatalf("err: %v", err) } // A read should transparently upgrade resp, err = b.HandleRequest(ctx, &logical.Request{ diff --git a/logical/plugin/pb/translation_test.go b/logical/plugin/pb/translation_test.go index bee6553daf..f829f687d6 100644 --- a/logical/plugin/pb/translation_test.go +++ b/logical/plugin/pb/translation_test.go @@ -31,7 +31,7 @@ func TestTranslation_Errors(t *testing.T) { e := ProtoErrToErr(pe) if !reflect.DeepEqual(e, err) { - t.Fatal("Errs did not match: %#v, %#v", e, err) + t.Fatalf("Errs did not match: %#v, %#v", e, err) } } } @@ -49,7 +49,7 @@ func TestTranslation_StorageEntry(t *testing.T) { e := ProtoStorageEntryToLogicalStorageEntry(p) if !reflect.DeepEqual(c, e) { - t.Fatal("Entries did not match: %#v, %#v", e, c) + t.Fatalf("Entries did not match: %#v, %#v", e, c) } } } diff --git a/physical/inmem/inmem_ha.go b/physical/inmem/inmem_ha.go index d322da229e..5dcacb7cd2 100644 --- a/physical/inmem/inmem_ha.go +++ b/physical/inmem/inmem_ha.go @@ -11,7 +11,7 @@ import ( type InmemHABackend struct { physical.Backend locks map[string]string - l sync.Mutex + l *sync.Mutex cond *sync.Cond logger log.Logger } @@ -32,8 +32,9 @@ func NewInmemHA(_ map[string]string, logger log.Logger) (physical.Backend, error Backend: be, locks: make(map[string]string), logger: logger, + l: new(sync.Mutex), } - in.cond = sync.NewCond(&in.l) + in.cond = sync.NewCond(in.l) return in, nil } @@ -46,13 +47,14 @@ func NewTransactionalInmemHA(_ map[string]string, logger log.Logger) (physical.B Backend: transInmem, locks: make(map[string]string), logger: logger, + l: new(sync.Mutex), } in := &TransactionalInmemHABackend{ InmemHABackend: inmemHA, Transactional: transInmem.(physical.Transactional), } - in.cond = sync.NewCond(&in.l) + in.cond = sync.NewCond(in.l) return in, nil } diff --git a/vault/cluster.go b/vault/cluster.go index 4464061741..a95c1daba8 100644 --- a/vault/cluster.go +++ b/vault/cluster.go @@ -343,31 +343,26 @@ func (c *Core) ClusterTLSConfig(ctx context.Context) (*tls.Config, error) { // of clustering as connections come and go serverLookup := func(clientHello *tls.ClientHelloInfo) (*tls.Certificate, error) { - switch { - default: - var localCert bytes.Buffer + var localCert bytes.Buffer - c.clusterParamsLock.RLock() - localCert.Write(c.localClusterCert) - localSigner := c.localClusterPrivateKey - parsedCert := c.localClusterParsedCert - c.clusterParamsLock.RUnlock() - - if localCert.Len() == 0 { - return nil, fmt.Errorf("got forwarding connection but no local cert") - } - - //c.logger.Trace("core: performing cert name lookup", "hello_server_name", clientHello.ServerName, "local_cluster_cert_name", parsedCert.Subject.CommonName) - - return &tls.Certificate{ - Certificate: [][]byte{localCert.Bytes()}, - PrivateKey: localSigner, - Leaf: parsedCert, - }, nil + c.clusterParamsLock.RLock() + localCert.Write(c.localClusterCert) + localSigner := c.localClusterPrivateKey + parsedCert := c.localClusterParsedCert + c.clusterParamsLock.RUnlock() + if localCert.Len() == 0 { + return nil, fmt.Errorf("got forwarding connection but no local cert") } - return nil, nil + //c.logger.Trace("core: performing cert name lookup", "hello_server_name", clientHello.ServerName, "local_cluster_cert_name", parsedCert.Subject.CommonName) + + return &tls.Certificate{ + Certificate: [][]byte{localCert.Bytes()}, + PrivateKey: localSigner, + Leaf: parsedCert, + }, nil + } clientLookup := func(requestInfo *tls.CertificateRequestInfo) (*tls.Certificate, error) {