diff --git a/build.assets/tooling/lib/logging/hashicorpLoggerAdapter.go b/build.assets/tooling/lib/logging/hashicorpLoggerAdapter.go index 64801b1d26859..bcb26306cae32 100644 --- a/build.assets/tooling/lib/logging/hashicorpLoggerAdapter.go +++ b/build.assets/tooling/lib/logging/hashicorpLoggerAdapter.go @@ -133,7 +133,7 @@ func (h *HCLogLogrusAdapter) Name() string { // Create a logger that will prepend the name string on the front of all messages. // If the logger already has a name, the new value will be appended to the current -// name. That way, a major subsystem can use this to decorate all it's own logs +// name. That way, a major subsystem can use this to decorate all its own logs // without losing context. func (h *HCLogLogrusAdapter) Named(name string) hclog.Logger { if h.name != "" { diff --git a/integration/kube_integration_test.go b/integration/kube_integration_test.go index 94f4beda4f137..50123e486251d 100644 --- a/integration/kube_integration_test.go +++ b/integration/kube_integration_test.go @@ -656,7 +656,7 @@ func testKubeTrustedClustersClientCert(t *testing.T, suite *KubeSuite) { auxRole, err := types.NewRole("aux-kube", types.RoleSpecV6{ Allow: types.RoleConditions{ Logins: []string{username}, - // Note that main cluster can pass it's kubernetes groups + // Note that main cluster can pass its kubernetes groups // to the remote cluster, and remote cluster // can choose to use them by using special variable KubeGroups: auxKubeGroups, @@ -935,7 +935,7 @@ func testKubeTrustedClustersSNI(t *testing.T, suite *KubeSuite) { KubernetesLabels: types.Labels{ types.Wildcard: []string{types.Wildcard}, }, - // Note that main cluster can pass it's kubernetes groups + // Note that main cluster can pass its kubernetes groups // to the remote cluster, and remote cluster // can choose to use them by using special variable KubeGroups: auxKubeGroups, diff --git a/integration/proxy/proxy_tunnel_strategy_test.go b/integration/proxy/proxy_tunnel_strategy_test.go index bf89cf46506e9..da833e999d513 100644 --- a/integration/proxy/proxy_tunnel_strategy_test.go +++ b/integration/proxy/proxy_tunnel_strategy_test.go @@ -325,7 +325,7 @@ func (p *proxyTunnelStrategy) makeAuth(t *testing.T) { } // makeProxy bootstraps a new teleport proxy instance. -// It's public address points to a load balancer. +// Its public address points to a load balancer. func (p *proxyTunnelStrategy) makeProxy(t *testing.T) { proxy := helpers.NewInstance(t, helpers.InstanceConfig{ ClusterName: p.cluster, diff --git a/integrations/event-handler/README.md b/integrations/event-handler/README.md index 20638e43d9c64..001a23c2d6d8a 100644 --- a/integrations/event-handler/README.md +++ b/integrations/event-handler/README.md @@ -9,7 +9,7 @@ See the [Export Events with FluentD Guide](https://goteleport.com/docs/managemen ## How it works * `teleport-event-handler` takes the Audit Log event stream from Teleport. It loads events in batches of 20 by default. Every event gets sent to fluentd. -* Once event is successfully received by fluentd, it's ID is saved to the `teleport-event-handler` state. In case `teleport-event-handler` crashes, it will pick the stream up from a latest successful event. +* Once event is successfully received by fluentd, its ID is saved to the `teleport-event-handler` state. In case `teleport-event-handler` crashes, it will pick the stream up from a latest successful event. * Once all events are sent, `teleport-event-handler` starts polling for new evetns. It happens every 5 seconds by default. * If storage directory gets lost, you may specify latest event id value. `teleport-event-handler` will pick streaming up from the next event after it. diff --git a/integrations/event-handler/legacy_events_watcher.go b/integrations/event-handler/legacy_events_watcher.go index 29addd7b2397d..b297533bcf567 100644 --- a/integrations/event-handler/legacy_events_watcher.go +++ b/integrations/event-handler/legacy_events_watcher.go @@ -162,7 +162,7 @@ func (t *LegacyEventsWatcher) fetch(ctx context.Context) error { pos := 0 - // If last known id is not empty, let's try to find it's pos + // If last known id is not empty, let's try to find its pos if t.id != "" { for i, e := range t.batch { if e.ID == t.id { diff --git a/integrations/lib/http.go b/integrations/lib/http.go index 9126ec2eb80d9..dbb279913a5bd 100644 --- a/integrations/lib/http.go +++ b/integrations/lib/http.go @@ -44,7 +44,7 @@ type TLSConfig struct { } // HTTPConfig stores configuration of an HTTP service -// including it's public address, listen host and port, +// including its public address, listen host and port, // TLS certificate and key path, and extra TLS configuration // options, represented as TLSConfig. type HTTPConfig struct { diff --git a/integrations/operator/crdgen/schemagen.go b/integrations/operator/crdgen/schemagen.go index 9862780b66d27..3d6ecd5f80fe2 100644 --- a/integrations/operator/crdgen/schemagen.go +++ b/integrations/operator/crdgen/schemagen.go @@ -322,7 +322,7 @@ func handleEmptyJSONTag(schema *Schema, message *Message, field *Field) bool { return false } - // Handle MaxAge as a special case. It's type is a message that is embedded. + // Handle MaxAge as a special case. Its type is a message that is embedded. // Because the message is embedded, MaxAge itself explicitly sets its json // name to an empty string, but the embedded message type has a single field // with a json name, so use that instead. diff --git a/lib/auth/auth_with_roles.go b/lib/auth/auth_with_roles.go index 15c186f54e0c2..931dd4178a1e1 100644 --- a/lib/auth/auth_with_roles.go +++ b/lib/auth/auth_with_roles.go @@ -520,7 +520,7 @@ func (a *ServerWithRoles) UpdateSessionTracker(ctx context.Context, req *proto.U // AuthenticateWebUser authenticates web user, creates and returns a web session // in case authentication is successful func (a *ServerWithRoles) AuthenticateWebUser(ctx context.Context, req authclient.AuthenticateUserRequest) (types.WebSession, error) { - // authentication request has it's own authentication, however this limits the requests + // authentication request has its own authentication, however this limits the requests // types to proxies to make it harder to break if !a.hasBuiltinRole(types.RoleProxy) { return nil, trace.AccessDenied("this request can be only executed by a proxy") @@ -531,7 +531,7 @@ func (a *ServerWithRoles) AuthenticateWebUser(ctx context.Context, req authclien // AuthenticateSSHUser authenticates SSH console user, creates and returns a pair of signed TLS and SSH // short lived certificates as a result func (a *ServerWithRoles) AuthenticateSSHUser(ctx context.Context, req authclient.AuthenticateSSHRequest) (*authclient.SSHLoginResponse, error) { - // authentication request has it's own authentication, however this limits the requests + // authentication request has its own authentication, however this limits the requests // types to proxies to make it harder to break if !a.hasBuiltinRole(types.RoleProxy) { return nil, trace.AccessDenied("this request can be only executed by a proxy") @@ -3345,7 +3345,7 @@ func (a *ServerWithRoles) GetResetPasswordToken(ctx context.Context, tokenID str // ChangeUserAuthentication is implemented by AuthService.ChangeUserAuthentication. func (a *ServerWithRoles) ChangeUserAuthentication(ctx context.Context, req *proto.ChangeUserAuthenticationRequest) (*proto.ChangeUserAuthenticationResponse, error) { - // Token is it's own authentication, no need to double check. + // Token is its own authentication, no need to double check. resp, err := a.authServer.ChangeUserAuthentication(ctx, req) if err != nil { return nil, trace.Wrap(err) @@ -3586,7 +3586,7 @@ func (a *ServerWithRoles) GetOIDCAuthRequest(ctx context.Context, id string) (*t } func (a *ServerWithRoles) ValidateOIDCAuthCallback(ctx context.Context, q url.Values) (*authclient.OIDCAuthResponse, error) { - // auth callback is it's own authz, no need to check extra permissions + // auth callback is its own authz, no need to check extra permissions resp, err := a.authServer.ValidateOIDCAuthCallback(ctx, q) if err != nil { return nil, trace.Wrap(err) @@ -3741,7 +3741,7 @@ func (a *ServerWithRoles) ValidateSAMLResponse(ctx context.Context, samlResponse clientIP = "" // We only trust IP information coming from the Proxy. } - // auth callback is it's own authz, no need to check extra permissions + // auth callback is its own authz, no need to check extra permissions resp, err := a.authServer.ValidateSAMLResponse(ctx, samlResponse, connectorID, clientIP) if err != nil { return nil, trace.Wrap(err) @@ -3958,7 +3958,7 @@ func (a *ServerWithRoles) GetGithubAuthRequest(ctx context.Context, stateToken s } func (a *ServerWithRoles) ValidateGithubAuthCallback(ctx context.Context, q url.Values) (*authclient.GithubAuthResponse, error) { - // auth callback is it's own authz, no need to check extra permissions + // auth callback is its own authz, no need to check extra permissions resp, err := a.authServer.ValidateGithubAuthCallback(ctx, q) if err != nil { return nil, trace.Wrap(err) @@ -4924,7 +4924,7 @@ func (a *ServerWithRoles) ValidateTrustedCluster(ctx context.Context, validateRe return nil, trace.NotImplemented("leaf clusters cannot be added to cloud tenants") } - // the token provides it's own authorization and authentication + // the token provides its own authorization and authentication return a.authServer.validateTrustedCluster(ctx, validateRequest) } diff --git a/lib/auth/session_access.go b/lib/auth/session_access.go index 9604d791a6ab6..420021d34127b 100644 --- a/lib/auth/session_access.go +++ b/lib/auth/session_access.go @@ -209,7 +209,7 @@ func (e *SessionAccessEvaluator) CanJoin(user SessionAccessContext) []types.Sess var modes []types.SessionParticipantMode - // Loop over every allow policy attached the participant and check it's applicability. + // Loop over every allow policy attached the participant and check its applicability. // This code serves to merge the permissions of all applicable join policies. for _, allowPolicy := range getAllowPolicies(user) { // If the policy is applicable and allows joining the session, add the allowed modes to the list of modes. diff --git a/lib/auth/sessions.go b/lib/auth/sessions.go index e93ac15133d11..cd2af5d3f212c 100644 --- a/lib/auth/sessions.go +++ b/lib/auth/sessions.go @@ -477,7 +477,7 @@ func (a *Server) CreateAppSession(ctx context.Context, req *proto.CreateAppSessi Roles: roles, Traits: traits, AccessRequests: identity.ActiveRequests, - // If the user's current identity is attested as a "web_session", it's secrets are only + // If the user's current identity is attested as a "web_session", its secrets are only // available to the Proxy and Auth roles, meaning this request is coming from the Proxy // service on behalf of the user's Web Session. We can safely attest this child app session // as a "web_session" as a result. diff --git a/lib/config/configuration.go b/lib/config/configuration.go index 87c41b8986b6f..17539b6c5fdac 100644 --- a/lib/config/configuration.go +++ b/lib/config/configuration.go @@ -2360,7 +2360,7 @@ func Configure(clf *CommandLineFlags, cfg *servicecfg.Config, legacyAppFlags boo // pass the value of --insecure flag to the runtime lib.SetInsecureDevMode(clf.InsecureMode) - // load /etc/teleport.yaml and apply it's values: + // load /etc/teleport.yaml and apply its values: fileConf, err := ReadConfigFile(clf.ConfigFile) if err != nil { return trace.Wrap(err) diff --git a/lib/defaults/defaults.go b/lib/defaults/defaults.go index df8061d6743bb..30f7e924105b7 100644 --- a/lib/defaults/defaults.go +++ b/lib/defaults/defaults.go @@ -724,7 +724,7 @@ const ( ) // The following are cryptographic primitives Teleport does not support in -// it's default configuration. +// its default configuration. const ( DiffieHellmanGroup14SHA1 = "diffie-hellman-group14-sha1" DiffieHellmanGroup1SHA1 = "diffie-hellman-group1-sha1" diff --git a/lib/events/dynamoevents/dynamoevents.go b/lib/events/dynamoevents/dynamoevents.go index 0437d5f1231d4..bb4d9aa7bc0b2 100644 --- a/lib/events/dynamoevents/dynamoevents.go +++ b/lib/events/dynamoevents/dynamoevents.go @@ -906,7 +906,7 @@ func getCheckpointFromStartKey(startKey string) (checkpointKey, error) { if startKey == "" { return checkpoint, nil } - // If a checkpoint key is provided, unmarshal it so we can work with it's parts. + // If a checkpoint key is provided, unmarshal it so we can work with its parts. if err := json.Unmarshal([]byte(startKey), &checkpoint); err != nil { return checkpointKey{}, trace.Wrap(err) } diff --git a/lib/events/s3sessions/s3handler.go b/lib/events/s3sessions/s3handler.go index 7690a71e0d52c..3aec6ab233774 100644 --- a/lib/events/s3sessions/s3handler.go +++ b/lib/events/s3sessions/s3handler.go @@ -335,7 +335,7 @@ func (h *Handler) getOldestVersion(ctx context.Context, bucket string, prefix st return versions[0].ID, nil } -// delete bucket deletes bucket and all it's contents and is used in tests +// deleteBucket deletes the bucket and all its contents and is used in tests func (h *Handler) deleteBucket(ctx context.Context) error { // first, list and delete all the objects in the bucket paginator := s3.NewListObjectVersionsPaginator(h.client, &s3.ListObjectVersionsInput{ diff --git a/lib/kube/proxy/streamproto/proto.go b/lib/kube/proxy/streamproto/proto.go index cda73384bfb5e..e2ee646dfe2b7 100644 --- a/lib/kube/proxy/streamproto/proto.go +++ b/lib/kube/proxy/streamproto/proto.go @@ -43,7 +43,7 @@ type metaMessage struct { ServerHandshake *ServerHandshake `json:"server_handshake,omitempty"` } -// ClientHandshake is the first message sent by a client to inform a server of it's intentions. +// ClientHandshake is the first message sent by a client to inform a server of its intentions. type ClientHandshake struct { Mode types.SessionParticipantMode `json:"mode"` } diff --git a/lib/pam/pam_test.go b/lib/pam/pam_test.go index 16c2169ca61a5..6d25eb639f8d6 100644 --- a/lib/pam/pam_test.go +++ b/lib/pam/pam_test.go @@ -57,7 +57,7 @@ func TestMain(m *testing.M) { // The PAM module used, pam_teleport.so is called from the policy file // teleport-acct-echo. The policy file instructs pam_teleport.so to echo the // contents of TELEPORT_* to stdout where this test can read, parse, and -// validate it's output. +// validate its output. func TestEcho(t *testing.T) { t.Parallel() checkTestModule(t, "teleport-acct-echo") diff --git a/lib/proxy/peer/credentials.go b/lib/proxy/peer/credentials.go index 5ed14d22ef6ae..eab77df29aa29 100644 --- a/lib/proxy/peer/credentials.go +++ b/lib/proxy/peer/credentials.go @@ -51,7 +51,7 @@ func newClientCredentials(peerID, peerAddr string, log *slog.Logger, creds crede } // ClientHandshake performs the TLS handshake and then verifies that the -// server is a Proxy and that it's UUID matches the expected id of the peer. +// server is a Proxy and that its UUID matches the expected id of the peer. func (c *clientCredentials) ClientHandshake(ctx context.Context, laddr string, conn net.Conn) (_ net.Conn, _ credentials.AuthInfo, err error) { conn, authInfo, err := c.TransportCredentials.ClientHandshake(ctx, laddr, conn) if err != nil { diff --git a/lib/service/service_test.go b/lib/service/service_test.go index ec596200d1edc..40fcc672a2157 100644 --- a/lib/service/service_test.go +++ b/lib/service/service_test.go @@ -383,7 +383,7 @@ func TestServiceCheckPrincipals(t *testing.T) { inDNS: []string{}, outRegenerate: false, }, - // Don't regenerate certificate if the node does not know it's own address. + // Don't regenerate certificate if the node does not know its own address. { inPrincipals: []string{"0.0.0.0"}, inDNS: []string{}, diff --git a/lib/services/local/presence.go b/lib/services/local/presence.go index 4c609180e1304..43fd2b4ae73df 100644 --- a/lib/services/local/presence.go +++ b/lib/services/local/presence.go @@ -498,7 +498,7 @@ func (s *PresenceService) GetReverseTunnels(ctx context.Context) ([]types.Revers return tunnels, nil } -// DeleteReverseTunnel deletes reverse tunnel by it's cluster name +// DeleteReverseTunnel deletes reverse tunnel by its cluster name func (s *PresenceService) DeleteReverseTunnel(ctx context.Context, clusterName string) error { err := s.Delete(ctx, backend.NewKey(reverseTunnelsPrefix, clusterName)) return trace.Wrap(err) diff --git a/lib/services/local/users.go b/lib/services/local/users.go index 0efa92d691593..aedb29de7035e 100644 --- a/lib/services/local/users.go +++ b/lib/services/local/users.go @@ -661,7 +661,7 @@ func (s *IdentityService) upsertLocalAuthSecrets(ctx context.Context, user strin return nil } -// GetUserByOIDCIdentity returns a user by it's specified OIDC Identity, returns first +// GetUserByOIDCIdentity returns a user by its specified OIDC Identity, returns first // user specified with this identity func (s *IdentityService) GetUserByOIDCIdentity(id types.ExternalIdentity) (types.User, error) { users, err := s.GetUsers(context.TODO(), false) @@ -678,7 +678,7 @@ func (s *IdentityService) GetUserByOIDCIdentity(id types.ExternalIdentity) (type return nil, trace.NotFound("user with identity %q not found", &id) } -// GetUserBySAMLIdentity returns a user by it's specified OIDC Identity, returns +// GetUserBySAMLIdentity returns a user by its specified OIDC Identity, returns // first user specified with this identity. func (s *IdentityService) GetUserBySAMLIdentity(id types.ExternalIdentity) (types.User, error) { users, err := s.GetUsers(context.TODO(), false) diff --git a/lib/services/presence.go b/lib/services/presence.go index d69bfb8eed6d0..450d4946eb0ff 100644 --- a/lib/services/presence.go +++ b/lib/services/presence.go @@ -117,7 +117,7 @@ type Presence interface { // Deprecated: use ListReverseTunnels GetReverseTunnels(ctx context.Context) ([]types.ReverseTunnel, error) - // DeleteReverseTunnel deletes reverse tunnel by it's domain name + // DeleteReverseTunnel deletes reverse tunnel by its domain name DeleteReverseTunnel(ctx context.Context, domainName string) error // DeleteAllReverseTunnels deletes all reverse tunnels diff --git a/lib/session/session.go b/lib/session/session.go index c145823e5f79b..4205845168c8f 100644 --- a/lib/session/session.go +++ b/lib/session/session.go @@ -149,7 +149,7 @@ func (s *Session) Participants() []string { return participants } -// RemoveParty helper allows to remove a party by it's ID from the +// RemoveParty helper allows to remove a party by its ID from the // session's list. Returns 'false' if pid couldn't be found func (s *Session) RemoveParty(pid ID) bool { for i := range s.Parties { diff --git a/lib/srv/desktop/rdp/rdpclient/src/rdpdr/filesystem.rs b/lib/srv/desktop/rdp/rdpclient/src/rdpdr/filesystem.rs index a954af5d0571e..3e10831740e89 100644 --- a/lib/srv/desktop/rdp/rdpclient/src/rdpdr/filesystem.rs +++ b/lib/srv/desktop/rdp/rdpclient/src/rdpdr/filesystem.rs @@ -1695,7 +1695,7 @@ impl FileCacheObject { /// FileCacheObject is used as an iterator for the implementation of /// IRP_MJ_DIRECTORY_CONTROL, which requires that we iterate through /// all the files of a directory one by one. In this case, the directory -/// is the FileCacheObject itself, with it's own fso field representing +/// is the FileCacheObject itself, with its own fso field representing /// the directory, and its contents being represented by tdp::FileSystemObject's /// in its contents field. /// diff --git a/lib/srv/exec_linux_test.go b/lib/srv/exec_linux_test.go index 47eeeea3e8459..a11aeb323ed1f 100644 --- a/lib/srv/exec_linux_test.go +++ b/lib/srv/exec_linux_test.go @@ -129,7 +129,7 @@ func TestOSCommandPrep(t *testing.T) { require.Equal(t, syscall.SIGKILL, cmd.SysProcAttr.Pdeathsig) // Missing home directory - HOME should still be set to the given - // home dir, but the command should set it's CWD to root instead. + // home dir, but the command should set its CWD to root instead. changeHomeDir(t, username, "/wrong/place") usr.HomeDir = "/wrong/place" root := string(os.PathSeparator) diff --git a/lib/tbot/identity/artifact.go b/lib/tbot/identity/artifact.go index 82c3a10504ffa..a6e2ffd6fbea0 100644 --- a/lib/tbot/identity/artifact.go +++ b/lib/tbot/identity/artifact.go @@ -44,7 +44,7 @@ type Artifact struct { } // Matches returns true if this artifact's Kind matches any one of the given -// kinds or if it's kind is KindAlways +// kinds or if its kind is KindAlways func (a *Artifact) Matches(kinds ...ArtifactKind) bool { if a.Kind == KindAlways { return true diff --git a/lib/tbot/service_spiffe_workload_api_sds.go b/lib/tbot/service_spiffe_workload_api_sds.go index cfb035b69d1ff..1cd2a252530aa 100644 --- a/lib/tbot/service_spiffe_workload_api_sds.go +++ b/lib/tbot/service_spiffe_workload_api_sds.go @@ -391,7 +391,7 @@ func (s *spiffeSDSHandler) generateResponse( // Now we need to filter the SVIDs down to those requested by the // client. // There's a special case here, if they've requested the default SVID, - // we want to ensure that the first SVID is returned and it's name + // we want to ensure that the first SVID is returned and its name // overrridden. switch { diff --git a/lib/utils/broadcaster.go b/lib/utils/broadcaster.go index 33359be3b0175..b1119d78ed2ea 100644 --- a/lib/utils/broadcaster.go +++ b/lib/utils/broadcaster.go @@ -31,13 +31,13 @@ func NewCloseBroadcaster() *CloseBroadcaster { // CloseBroadcaster is a helper struct // that implements io.Closer and uses channel -// to broadcast it's closed state once called +// to broadcast its closed state once called type CloseBroadcaster struct { sync.Once C chan struct{} } -// Close closes channel (once) to start broadcasting it's closed state +// Close closes channel (once) to start broadcasting its closed state func (b *CloseBroadcaster) Close() error { b.Do(func() { close(b.C)