handle comments

lib/secretsscanner/authorizedkeys/authorized_keys.go

@@ -143,12 +143,12 @@ func (w *Watcher) start(ctx context.Context) error {
 	wg := sync.WaitGroup{}
 	defer wg.Wait()
 
-	watcher, err := fsnotify.NewWatcher()
+	fileWatcher, err := fsnotify.NewWatcher()
 	if err != nil {
 		return trace.Wrap(err)
 	}
 	defer func() {
-		if err := watcher.Close(); err != nil {
+		if err := fileWatcher.Close(); err != nil {
 			w.logger.WarnContext(ctx, "Failed to close watcher", "error", err)
 		}
 	}()
@@ -163,24 +163,24 @@ func (w *Watcher) start(ctx context.Context) error {
 			select {
 			case <-ctx.Done():
 				return
-			case <-watcher.Events:
+			case <-fileWatcher.Events:
 			innerLoop:
 				for {
 					select {
 					case <-ctx.Done():
 						return
-					case <-watcher.Events:
+					case <-fileWatcher.Events:
 					case reload <- struct{}{}:
 						break innerLoop
 					}
 				}
-			case err := <-watcher.Errors:
+			case err := <-fileWatcher.Errors:
 				w.logger.Warn("Error watching authorized_keys file", "error", err)
 			}
 		}
 	}()
 
-	if err := watcher.Add(w.usersAccountFile); err != nil {
+	if err := fileWatcher.Add(w.usersAccountFile); err != nil {
 		w.logger.Warn("Failed to add watcher for file", "error", err)
 	}
 
@@ -206,7 +206,7 @@ func (w *Watcher) start(ctx context.Context) error {
 	defer timer.Stop()
 	for {
 
-		if err := w.fetchAndReportAuthorizedKeys(ctx, stream, watcher); err != nil {
+		if err := w.fetchAndReportAuthorizedKeys(ctx, stream, fileWatcher); err != nil {
 			w.logger.Warn("Failed to report authorized keys", "error", err)
 		}
 
@@ -237,7 +237,7 @@ func (w *Watcher) isAuthorizedKeysReportEnabled(ctx context.Context) (bool, erro
 func (w *Watcher) fetchAndReportAuthorizedKeys(
 	ctx context.Context,
 	stream accessgraphsecretsv1pb.SecretsScannerService_ReportAuthorizedKeysClient,
-	watcher *fsnotify.Watcher,
+	fileWatcher *fsnotify.Watcher,
 ) error {
 	users, err := userList(ctx, w.logger, w.usersAccountFile)
 	if err != nil {
@@ -250,24 +250,26 @@ func (w *Watcher) fetchAndReportAuthorizedKeys(
 			continue
 		}
 
-		authorizedKeysPath := filepath.Join(u.HomeDir, ".ssh", "authorized_keys")
-		if fs, err := os.Stat(authorizedKeysPath); err != nil || fs.IsDir() {
-			continue
-		}
+		for _, file := range []string{"authorized_keys", "authorized_keys2"} {
+			authorizedKeysPath := filepath.Join(u.HomeDir, ".ssh", file)
+			if fs, err := os.Stat(authorizedKeysPath); err != nil || fs.IsDir() {
+				continue
+			}
 
-		hostKeys, err := w.parseAuthorizedKeysFile(u, authorizedKeysPath)
-		if errors.Is(err, os.ErrNotExist) {
-			continue
-		} else if err != nil {
-			w.logger.Warn("Failed to parse authorized_keys file", "error", err)
-			continue
-		}
+			hostKeys, err := w.parseAuthorizedKeysFile(u, authorizedKeysPath)
+			if errors.Is(err, os.ErrNotExist) {
+				continue
+			} else if err != nil {
+				w.logger.Warn("Failed to parse authorized_keys file", "error", err)
+				continue
+			}
 
-		// Add the file to the watcher. If file was already added, this is a no-op.
-		if err := watcher.Add(authorizedKeysPath); err != nil {
-			w.logger.Warn("Failed to add watcher for file", "error", err)
+			// Add the file to the watcher. If file was already added, this is a no-op.
+			if err := fileWatcher.Add(authorizedKeysPath); err != nil {
+				w.logger.Warn("Failed to add watcher for file", "error", err)
+			}
+			keys = append(keys, hostKeys...)
 		}
-		keys = append(keys, hostKeys...)
 	}
 
 	const maxKeysPerReport = 500