Remove unused code. Clean up code complexity.

.github/workflows/testing.yaml

@@ -0,0 +1,26 @@
+name: Go unit tests
+
+on: [push, workflow_dispatch]
+
+permissions:
+  checks: write
+  contents: read
+
+jobs:
+  run-tests:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Clone repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
+      - name: Run GolangCI-Lint
+        uses: golangci/golangci-lint-action@v6
+        with:
+          version: v1.60
+      - name: Test application
+        run: go test -short -v ./...

.golangci.yaml

@@ -0,0 +1,115 @@
+run:
+  tests: false
+  concurrency: 5
+  timeout: 3m
+
+linters:
+  disable-all: true
+  enable:
+    - gosimple
+    - govet
+    - ineffassign
+    - staticcheck
+    - unused
+    - asasalint
+    - asciicheck
+    - bidichk
+    - bodyclose
+    - contextcheck
+    - decorder
+    - dogsled
+    - dupl
+    - dupword
+    - durationcheck
+    - errchkjson
+    - errname
+    - errorlint
+    - exhaustive
+    - copyloopvar
+    - forcetypeassert
+    - ginkgolinter
+    - gocheckcompilerdirectives
+    - gochecksumtype
+    - gocritic
+    - gocyclo
+    - gofmt
+    - gofumpt
+    - goheader
+    - goimports
+    - gomodguard
+    - goprintffuncname
+    - gosec
+    - gosmopolitan
+    - grouper
+    - importas
+    - inamedparam
+    - interfacebloat
+    - ireturn
+    - loggercheck
+    - makezero
+    - mirror
+    - misspell
+    - musttag
+    - nakedret
+    - nilerr
+    - nilnil
+    - noctx
+    - nolintlint
+    - nonamedreturns
+    - nosprintfhostport
+    - paralleltest
+    - perfsprint
+    - prealloc
+    - predeclared
+    - promlinter
+    - protogetter
+    - reassign
+    - revive
+    - rowserrcheck
+    - sloglint
+    - spancheck
+    - sqlclosecheck
+    - stylecheck
+    - tenv
+    - testableexamples
+    - testifylint
+    - testpackage
+    - thelper
+    - tparallel
+    - unconvert
+    - unparam
+    - usestdlibvars
+    - wastedassign
+    - whitespace
+    - wrapcheck
+    - zerologlint
+
+linters-settings:
+  perfsprint:
+    int-conversion: false
+    err-error: false
+    errorf: true
+    sprintf1: true
+    strconcat: false
+
+  ireturn:
+    allow:
+      - ssh.PublicKey
+      - tea.Model
+      - error
+
+  gosec:
+    confidence: medium
+    excludes:
+      - G107 # Potential HTTP request made with variable url: these are often false positives or intentional
+      - G110 # Decompression bombs: we can check these manually when submitting code
+      - G306 # Poor file permissions used when creating a directory: we can check these manually when submitting code
+      - G404 # Use of weak random number generator (math/rand instead of crypto/rand): we can live with these
+
+  stylecheck:
+    checks:
+      - "all"
+      - "-ST1003" # this is covered by a different linter
+
+  gocyclo:
+    min-complexity: 60

README.md

@@ -15,7 +15,7 @@ At this time, it only supports running Vault using Raft storage with either 1 or
 ## Usage
 
 ```bash
-❯ vault-handler unseal -h
+$ vault-handler unseal -h
 Unseal a vault instance
 
 Usage:

cmd/root.go

@@ -1,39 +1,19 @@
 package cmd
 
 import (
-	"os"
-
 	"github.com/spf13/cobra"
 )
 
-// rootCmd represents the base command when called without any subcommands
-var rootCmd = &cobra.Command{
-	Use:   "vault-handler",
-	Short: "An application to assist with managing Vault",
-	Long: `An application to assist with managing Vault, especially useful in cases where
-there is no option for things like KMS auto unseal, etc.`,
-	// Uncomment the following line if your bare application
-	// has an action associated with it:
-	// Run: func(cmd *cobra.Command, args []string) { },
-}
-
-// Execute adds all child commands to the root command and sets flags appropriately.
-// This is called by main.main(). It only needs to happen once to the rootCmd.
-func Execute() {
-	err := rootCmd.Execute()
-	if err != nil {
-		os.Exit(1)
+func Run() error {
+	rootCmd := &cobra.Command{
+		Use:   "vault-handler",
+		Short: "An application to assist with managing Vault",
+		Long:  `An application to assist with managing Vault, especially useful in cases where there is no option for things like KMS auto unseal, etc.`,
 	}
-}
 
-func init() {
-	// Here you will define your flags and configuration settings.
-	// Cobra supports persistent flags, which, if defined here,
-	// will be global for your application.
+	rootCmd.Flags().BoolP("toggle", "t", false, "Help message for toggle")
 
-	// rootCmd.PersistentFlags().StringVar(&cfgFile, "config", "", "config file (default is $HOME/.vault-handler.yaml)")
+	rootCmd.AddCommand(getUnsealCommand())
 
-	// Cobra also supports local flags, which will only run
-	// when this action is called directly.
-	rootCmd.Flags().BoolP("toggle", "t", false, "Help message for toggle")
+	return rootCmd.Execute() //nolint:wrapcheck // it's our errors returned
 }

cmd/unseal.go

@@ -4,41 +4,45 @@ Copyright © 2023 NAME HERE <EMAIL ADDRESS>
 package cmd
 
 import (
-	kubernetesinternal "github.com/kubefirst/vault-handler/internal/kubernetes"
+	"fmt"
+
+	"github.com/kubefirst/vault-handler/internal/kubernetes"
 	vault "github.com/kubefirst/vault-handler/internal/vault"
 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 )
 
-var (
-	vaultUnsealOpts *vault.VaultUnsealExecutionOptions = &vault.VaultUnsealExecutionOptions{}
-)
+func getUnsealCommand() *cobra.Command {
+	var opts vault.UnsealOptions
 
-// unsealCmd represents the unseal command
-var unsealCmd = &cobra.Command{
-	Use:   "unseal",
-	Short: "Unseal a vault instance",
-	Long:  `Unseal a vault instance`,
-	Run: func(cmd *cobra.Command, args []string) {
-		vaultClient := &vault.Conf
-		restconfig, clientset, _ := kubernetesinternal.CreateKubeConfig(true)
-		err := vaultClient.UnsealRaftLeader(clientset, restconfig)
-		if err != nil {
-			log.Fatalf("error unsealing vault raft leader: %s", err)
-		}
-		if !vaultUnsealOpts.UnsealLeaderOnly {
-			err = vaultClient.UnsealRaftFollowers(clientset, restconfig)
+	unsealCmd := &cobra.Command{
+		Use:   "unseal",
+		Short: "Unseal a vault instance",
+		RunE: func(_ *cobra.Command, _ []string) error {
+			kube, err := kubernetes.New(true)
 			if err != nil {
-				log.Fatalf("error unsealing vault raft followers: %s", err)
+				return fmt.Errorf("error creating kubernetes client: %w", err)
 			}
-		}
-		log.Info("vault initialized and unsealed successfully!")
-	},
-}
 
-func init() {
-	rootCmd.AddCommand(unsealCmd)
+			vault := vault.New(kube)
+
+			if err := vault.UnsealRaftLeader(); err != nil {
+				return fmt.Errorf("error unsealing vault raft leader: %w", err)
+			}
+
+			if !opts.UnsealLeaderOnly {
+				if err := vault.UnsealRaftFollowers(); err != nil {
+					return fmt.Errorf("error unsealing vault raft followers: %w", err)
+				}
+			}
+
+			log.Info("vault initialized and unsealed successfully!")
+			return nil
+		},
+	}
+
+	unsealCmd.Flags().BoolVar(&opts.UnsealLeaderOnly, "leader-only", false, "unseal only the raft leader - false (default) - true to only init and unseal vault-0")
+	unsealCmd.Flags().BoolVar(&opts.KubeInClusterConfig, "use-kubeconfig-in-cluster", true, "kube config type - in-cluster (default), set to false to use local")
 
-	unsealCmd.Flags().BoolVar(&vaultUnsealOpts.UnsealLeaderOnly, "leader-only", false, "unseal only the raft leader - false (default) - true to only init and unseal vault-0")
-	unsealCmd.Flags().BoolVar(&vaultUnsealOpts.KubeInClusterConfig, "use-kubeconfig-in-cluster", true, "kube config type - in-cluster (default), set to false to use local")
+	return unsealCmd
 }