diff --git a/cmd/pinniped/cmd/kubeconfig.go b/cmd/pinniped/cmd/kubeconfig.go index 5929ba41..e4e73f61 100644 --- a/cmd/pinniped/cmd/kubeconfig.go +++ b/cmd/pinniped/cmd/kubeconfig.go @@ -720,6 +720,7 @@ func validateKubeconfig(ctx context.Context, flags getKubeconfigParams, kubeconf func countCACerts(pemData []byte) int { pool := x509.NewCertPool() pool.AppendCertsFromPEM(pemData) + //nolint:staticcheck // since we're not using .Subjects() to access the system pool return len(pool.Subjects()) } diff --git a/internal/certauthority/certauthority_test.go b/internal/certauthority/certauthority_test.go index b0ad5daa..7109f669 100644 --- a/internal/certauthority/certauthority_test.go +++ b/internal/certauthority/certauthority_test.go @@ -1,4 +1,4 @@ -// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package certauthority @@ -206,6 +206,7 @@ func TestPool(t *testing.T) { require.NoError(t, err) pool := ca.Pool() + //nolint:staticcheck // since we're not using .Subjects() to access the system pool require.Len(t, pool.Subjects(), 1) } diff --git a/internal/dynamiccert/provider_test.go b/internal/dynamiccert/provider_test.go index 0125b2c2..df744fc0 100644 --- a/internal/dynamiccert/provider_test.go +++ b/internal/dynamiccert/provider_test.go @@ -1,4 +1,4 @@ -// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2021-2023 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package dynamiccert @@ -41,6 +41,7 @@ func TestProviderWithDynamicServingCertificateController(t *testing.T) { cert, err := tls.X509KeyPair(certPEM, keyPEM) require.NoError(t, err) + //nolint:staticcheck // since we're not using .Subjects() to access the system pool return pool.Subjects(), []tls.Certificate{cert} }, }, @@ -69,6 +70,7 @@ func TestProviderWithDynamicServingCertificateController(t *testing.T) { certKey.UnsetCertKeyContent() + //nolint:staticcheck // since we're not using .Subjects() to access the system pool return pool.Subjects(), []tls.Certificate{cert} }, }, @@ -87,6 +89,7 @@ func TestProviderWithDynamicServingCertificateController(t *testing.T) { cert, err := tls.X509KeyPair(certPEM, keyPEM) require.NoError(t, err) + //nolint:staticcheck // since we're not using .Subjects() to access the system pool return newCA.Pool().Subjects(), []tls.Certificate{cert} }, }, @@ -110,6 +113,7 @@ func TestProviderWithDynamicServingCertificateController(t *testing.T) { ok := pool.AppendCertsFromPEM(ca.CurrentCABundleContent()) require.True(t, ok, "should have valid non-empty CA bundle") + //nolint:staticcheck // since we're not using .Subjects() to access the system pool return pool.Subjects(), []tls.Certificate{cert} }, }, @@ -137,6 +141,7 @@ func TestProviderWithDynamicServingCertificateController(t *testing.T) { err = ca.SetCertKeyContent(newOtherCA.Bundle(), caKey) require.NoError(t, err) + //nolint:staticcheck // since we're not using .Subjects() to access the system pool return newOtherCA.Pool().Subjects(), []tls.Certificate{cert} }, }, @@ -221,6 +226,7 @@ func poolSubjects(pool *x509.CertPool) [][]byte { if pool == nil { return nil } + //nolint:staticcheck // since we're not using .Subjects() to access the system pool return pool.Subjects() } diff --git a/internal/kubeclient/kubeclient_test.go b/internal/kubeclient/kubeclient_test.go index 6c8269cf..f880118b 100644 --- a/internal/kubeclient/kubeclient_test.go +++ b/internal/kubeclient/kubeclient_test.go @@ -949,6 +949,7 @@ func TestUnwrap(t *testing.T) { server, restConfig := fakekubeapi.Start(t, nil) + //nolint:staticcheck // since we're not using .Subjects() to access the system pool serverSubjects := server.Client().Transport.(*http.Transport).TLSClientConfig.RootCAs.Subjects() t.Run("regular client", func(t *testing.T) { @@ -1089,6 +1090,7 @@ func testUnwrap(t *testing.T, client *Client, serverSubjects [][]byte) { require.Equal(t, secureTLSConfig.NextProtos, tlsConfig.NextProtos) // x509.CertPool has some embedded functions that make it hard to compare so just look at the subjects + //nolint:staticcheck // since we're not using .Subjects() to access the system pool require.Equal(t, serverSubjects, tlsConfig.RootCAs.Subjects()) }) }