ory · alnr · Jun 15, 2023 · Jun 13, 2023 · Jun 13, 2023
@@ -3,14 +3,12 @@ linters:
   enable:
     - gosec
     - goimports
-    - deadcode
     - errcheck
     - gosimple
     - ineffassign
     - staticcheck
     - typecheck
     - unused
-    - varcheck
 
 linters-settings:
   goimports:

@@ -35,7 +35,7 @@ const (
 
 	EnvReadRemote  = "KETO_READ_REMOTE"
 	EnvWriteRemote = "KETO_WRITE_REMOTE"
-	EnvAuthToken   = "KETO_BEARER_TOKEN" // nosec G101 -- just the key, not the value
+	EnvAuthToken   = "KETO_BEARER_TOKEN" //nolint:gosec // just the key, not the value
 	EnvAuthority   = "KETO_AUTHORITY"
 
 	ContextKeyTimeout contextKeys = "timeout"
@@ -51,7 +51,8 @@ func (d *connectionDetails) dialOptions() (opts []grpc.DialOption) {
 	if d.token != "" {
 		opts = append(opts,
 			grpc.WithPerRPCCredentials(
-				oauth.NewOauthAccess(&oauth2.Token{AccessToken: d.token})))
+				oauth.TokenSource{oauth2.StaticTokenSource(&oauth2.Token{AccessToken: d.token})},
+			))
 	}
 	if d.authority != "" {
 		opts = append(opts, grpc.WithAuthority(d.authority))
@@ -63,7 +64,7 @@ func (d *connectionDetails) dialOptions() (opts []grpc.DialOption) {
 		opts = append(opts, grpc.WithTransportCredentials(insecure.NewCredentials()))
 	case d.skipHostVerification:
 		opts = append(opts, grpc.WithTransportCredentials(credentials.NewTLS(&tls.Config{
-			// nolint explicity set through scary flag
+			//nolint:gosec // explicity set through scary flag
 			InsecureSkipVerify: true,
 		})))
 	default:

@@ -10,6 +10,8 @@ import "github.com/ory/herodot"
 // The standard Ory JSON API error format.
 //
 // swagger:model errorGeneric
+//
+//lint:ignore U1000 Used to generate Swagger and OpenAPI definitions
 type errorGeneric struct {
 	// Contains error details
 	//
@@ -20,5 +22,6 @@ type errorGeneric struct {
 // An empty response
 //
 // swagger:response emptyResponse
-// nolint:deadcode,unused
+//
+//lint:ignore U1000 Used to generate Swagger and OpenAPI definitions
 type emptyResponse struct{}
@@ -246,7 +246,7 @@ func TestEngine(t *testing.T) {
 
 		insertFixtures(t, reg.RelationTupleManager(), tuples)
 		e := check.NewEngine(reg)
-		reg.Config(ctx).Set(config.KeyLimitMaxReadDepth, 5)
+		require.NoError(t, reg.Config(ctx).Set(config.KeyLimitMaxReadDepth, 5))
 
 		cases := []struct {
 			tuple string

@@ -112,7 +112,8 @@ func (h *Handler) getCheckNoStatus(w http.ResponseWriter, r *http.Request, _ htt
 // Check Permission Or Error Request Parameters
 //
 // swagger:parameters checkPermissionOrError
-// nolint:deadcode,unused
+//
+//lint:ignore U1000 Used to generate Swagger and OpenAPI definitions
 type checkPermissionOrError struct {
 	// in: query
 	MaxDepth int `json:"max-depth"`
@@ -177,7 +178,8 @@ func (h *Handler) getCheck(ctx context.Context, q url.Values) (bool, error) {
 // Check Permission using Post Request Parameters
 //
 // swagger:parameters postCheckPermission
-// nolint:deadcode,unused
+//
+//lint:ignore U1000 Used to generate Swagger and OpenAPI definitions
 type postCheckPermission struct {
 	// in: query
 	MaxDepth int `json:"max-depth"`
@@ -189,7 +191,8 @@ type postCheckPermission struct {
 // Check Permission using Post Request Body
 //
 // swagger:model postCheckPermissionBody
-// nolint:deadcode,unused
+//
+//lint:ignore U1000 Used to generate Swagger and OpenAPI definitions
 type postCheckPermissionBody struct {
 	ketoapi.RelationQuery
 }
@@ -224,9 +227,9 @@ func (h *Handler) postCheckNoStatus(w http.ResponseWriter, r *http.Request, _ ht
 // Post Check Permission Or Error Request Parameters
 //
 // swagger:parameters postCheckPermissionOrError
-// nolint:deadcode,unused
+//
+//lint:ignore U1000 Used to generate Swagger and OpenAPI definitions
 type postCheckPermissionOrError struct {
-	// nolint:deadcode,unused
 	// in: query
 	MaxDepth int `json:"max-depth"`
 
@@ -237,7 +240,8 @@ type postCheckPermissionOrError struct {
 // Post Check Permission Or Error Body
 //
 // swagger:model postCheckPermissionOrErrorBody
-// nolint:deadcode,unused
+//
+//lint:ignore U1000 Used to generate Swagger and OpenAPI definitions
 type postCheckPermissionOrErrorBody struct {
 	ketoapi.RelationQuery
 }

@@ -45,7 +45,9 @@ func (s *memoryNamespaceManager) GetNamespaceByConfigID(_ context.Context, id in
 	defer s.RUnlock()
 
 	for _, n := range s.byName {
-		if n.ID == id { // nolint ignore deprecated method
+		//lint:ignore SA1019 backwards compatibility
+		//nolint:staticcheck
+		if n.ID == id {
 			return n, nil
 		}
 	}

@@ -229,7 +229,9 @@ func (nw *NamespaceWatcher) GetNamespaceByConfigID(_ context.Context, id int32)
 	defer nw.RUnlock()
 
 	for _, nspace := range nw.namespaces {
-		if nspace.namespace.ID == id { // nolint ignore deprecated ID
+		//lint:ignore SA1019 backwards compatibility
+		//nolint:staticcheck
+		if nspace.namespace.ID == id {
 			return nspace.namespace, nil
 		}
 	}

@@ -187,7 +187,7 @@ func (r *RegistryDefault) serveOPLSyntax(ctx context.Context, done chan<- struct
 func (r *RegistryDefault) serveMetrics(ctx context.Context, done chan<- struct{}) func() error {
 	ctx, cancel := context.WithCancel(ctx)
 
-	// nolint: gosec,G112 graceful.WithDefaults already sets a timeout
+	//nolint:gosec // graceful.WithDefaults already sets a timeout
 	s := graceful.WithDefaults(&http.Server{
 		Handler: r.metricsRouter(ctx),
 		Addr:    r.Config(ctx).MetricsListenOn(),
@@ -237,7 +237,7 @@ func multiplexPort(ctx context.Context, log *logrusx.Logger, addr string, router
 	grpcL := m.MatchWithWriters(cmux.HTTP2MatchHeaderFieldSendSettings("content-type", "application/grpc"))
 	httpL := m.Match(cmux.HTTP1())
 
-	// nolint: gosec,G112 graceful.WithDefaults already sets a timeout
+	//nolint:gosec // graceful.WithDefaults already sets a timeout
 	restS := graceful.WithDefaults(&http.Server{
 		Handler: router,
 	})

@@ -344,3 +344,11 @@ func (r *RegistryDefault) Init(ctx context.Context) (err error) {
 	})
 	return
 }
+
+var _ x.TransactorProvider = (*RegistryDefault)(nil)
+
+func (r *RegistryDefault) Transactor() interface {
+	Transaction(ctx context.Context, f func(ctx context.Context) error) error
+} {
+	return r.Persister()
+}
@@ -22,6 +22,7 @@ type (
 
 		Connection(ctx context.Context) *pop.Connection
 		NetworkID(ctx context.Context) uuid.UUID
+		Transaction(ctx context.Context, f func(ctx context.Context) error) error
 	}
 	Migrator interface {
 		MigrationBox(ctx context.Context) (*popx.MigrationBox, error)

@@ -158,7 +158,8 @@ func TestMigrations(t *testing.T) {
 					var oldRTs []*tuplesBeforeUUID
 					require.NoError(t, p.Connection(ctx).
 						Select("subject_id", "object").
-						// lint:ignore SA1019
+						//lint:ignore SA1019 backwards compatibility
+						//nolint:staticcheck
 						Where("namespace_id = ?", namespaces[1].ID).
 						All(&oldRTs))
 					assert.Equalf(t, "user", oldRTs[0].SubjectID.String, "%+v", oldRTs[0])
@@ -180,7 +181,8 @@ func TestMigrations(t *testing.T) {
 					for i := 0; i < len(oldRTs); i++ {
 						oldRTs[i] = tuplesBeforeUUID{
 							NetworkID: p.NetworkID(ctx),
-							// lint:ignore SA1019
+							//lint:ignore SA1019 backwards compatibility
+							//nolint:staticcheck
 							NamespaceID: namespaces[1].ID,
 							Object:      "object-" + strconv.Itoa(i),
 							Relation:    "pagination-works",

@@ -20,7 +20,7 @@ import (
 	"github.com/ory/keto/internal/namespace"
 )
 
-// lint:file-ignore SA1019 as we migrate legacy stuff
+//lint:file-ignore SA1019 as we migrate legacy stuff
 
 // We copy the definitions of OldRelationTuple and UUIDMapping here so that the
 // migration will always work on the same definitions.
@@ -123,14 +123,15 @@ func (rt *OldRelationTuple) ToUUID(s string) uuid.UUID {
 }
 
 func namespaceIDtoName(n namespace.Manager, id int32) (string, error) {
+	//nolint:staticcheck
 	ns, err := n.GetNamespaceByConfigID(context.Background(), id)
 	if err != nil {
 		return "", err
 	}
 	return ns.Name, nil
 }
 
-func (rt *OldRelationTuple) ToNew(n namespace.Manager) (err error, newRT *NewRelationTuple, objectMapping *UUIDMapping, subjectMapping *UUIDMapping) {
+func (rt *OldRelationTuple) ToNew(n namespace.Manager) (newRT *NewRelationTuple, objectMapping *UUIDMapping, subjectMapping *UUIDMapping, err error) {
 	newRT = &NewRelationTuple{
 		ID:        rt.ID,
 		NetworkID: rt.NetworkID,
@@ -209,7 +210,7 @@ var (
 						mappings := make([]*UUIDMapping, len(relationTuples)*2)
 						newTuples := make([]*NewRelationTuple, len(relationTuples))
 						for i := range relationTuples {
-							err, newTuples[i], mappings[i*2], mappings[i*2+1] = relationTuples[i].ToNew(namespaces)
+							newTuples[i], mappings[i*2], mappings[i*2+1], err = relationTuples[i].ToNew(namespaces)
 							if err != nil {
 								return errors.WithStack(err)
 							}
@@ -273,13 +274,14 @@ var (
 							if err != nil {
 								return fmt.Errorf("could not get namespace: %w", err)
 							}
-							ot.NamespaceID = namespace.ID
+							ot.NamespaceID = namespace.ID //nolint:staticcheck
 
 							if rt.SubjectSetNamespace.Valid {
 								subjectSetNamespace, err := namespaces.GetNamespaceByName(ctx, rt.SubjectSetNamespace.String)
 								if err != nil {
 									return fmt.Errorf("could not get subject namespace: %w", err)
 								}
+								//nolint:staticcheck
 								if err = ot.SubjectSetNamespaceID.Scan(subjectSetNamespace.ID); err != nil {
 									return err
 								}

@@ -92,8 +92,8 @@ func (p *Persister) queryWithNetwork(ctx context.Context) *pop.Query {
 	return p.Connection(ctx).Where("nid = ?", p.NetworkID(ctx))
 }
 
-func (p *Persister) transaction(ctx context.Context, f func(ctx context.Context, c *pop.Connection) error) error {
-	return popx.Transaction(ctx, p.conn.WithContext(ctx), f)
+func (p *Persister) Transaction(ctx context.Context, f func(ctx context.Context) error) error {
+	return popx.Transaction(ctx, p.conn.WithContext(ctx), func(ctx context.Context, _ *pop.Connection) error { return f(ctx) })
 }
 
 func (p *Persister) NetworkID(ctx context.Context) uuid.UUID {