From ed3fc96df1f99d08230b89d10eb5fdae34ca374a Mon Sep 17 00:00:00 2001 From: Jake Moshenko Date: Wed, 9 Mar 2016 17:02:43 -0500 Subject: [PATCH] Lint and fmt all of the things --- cmd/hmacproxy/main.go | 6 +++--- config/config.go | 17 +++++++++++------ credential/credential.go | 2 ++ credential/singlekey/singlekey.go | 10 +++++----- credential/store.go | 25 ++++++++++++++----------- handlers.go | 13 +++++++++---- hmac_v4.go | 2 +- 7 files changed, 45 insertions(+), 30 deletions(-) diff --git a/cmd/hmacproxy/main.go b/cmd/hmacproxy/main.go index aac38dc..2b2075b 100644 --- a/cmd/hmacproxy/main.go +++ b/cmd/hmacproxy/main.go @@ -63,7 +63,7 @@ func main() { log.Fatal(err) } - signingProxy, err := hmacproxy.CreateSigningProxy(signingDest, signingCredential) + signingProxy, err := hmacproxy.NewSigningProxy(signingDest, signingCredential) if err != nil { log.Fatal(err) } @@ -78,12 +78,12 @@ func main() { proxyConfig.Verifier.Upstream, ) - cs, err := credential.CreateCredentialStore(proxyConfig.Verifier.CredentialSource) + cs, err := credential.NewStore(proxyConfig.Verifier.CredentialSource) if err != nil { log.Fatal(err) } - verificationProxy, err := hmacproxy.CreateVerifyingProxy(proxyConfig.Verifier.Upstream.URL, cs) + verificationProxy, err := hmacproxy.NewVerifyingProxy(proxyConfig.Verifier.Upstream.URL, cs) if err != nil { log.Fatal(err) } diff --git a/config/config.go b/config/config.go index 10d1d26..19c1139 100644 --- a/config/config.go +++ b/config/config.go @@ -52,22 +52,25 @@ func (u URL) MarshalYAML() (interface{}, error) { return nil, nil } -// Config is the global configuration +// Represents a config file, which may have configuration for other programs +// as a top level key. type configFile struct { HmacProxy *Config } +// Config is the global configuration type Config struct { Signer *SignerConfig Verifier *VerifierConfig } -// Configuration used to enable and configure the signing half of the proxy +// SignerConfig is used to enable and configure the signing half of the proxy. type SignerConfig struct { ListenerAddr string Key *HMACKey } +// HMACKey represents a single hard coded credential. type HMACKey struct { ID string Secret string @@ -75,7 +78,8 @@ type HMACKey struct { Service string } -// Configuration used to enable and configure the verifier half of the proxy +// VerifierConfig is used to enable and configure the verifier half of the +// proxy. type VerifierConfig struct { ListenerAddr string Upstream URL @@ -84,8 +88,8 @@ type VerifierConfig struct { CredentialSource *CredentialSourceConfig } -// Configuration which when specified enables TLS(SSL), and optionally requires -// the use of client certificates +// TLSConfig enables TLS(SSL) when specified, and optionally requires the use +// of client certificates. type TLSConfig struct { CertFile string KeyFile string @@ -93,7 +97,8 @@ type TLSConfig struct { RequireClientCertificate string } -// Configuration options for a verifier credential source +// CredentialSourceConfig specified a credential source and the options +// required to instantiate it. type CredentialSourceConfig struct { Type string Options map[string]interface{} `yaml:",inline"` diff --git a/credential/credential.go b/credential/credential.go index 477e101..f19c798 100644 --- a/credential/credential.go +++ b/credential/credential.go @@ -14,6 +14,8 @@ package credential +// Credential represents a single identity used for signing or verifying +// requests. type Credential struct { ID string Secret string diff --git a/credential/singlekey/singlekey.go b/credential/singlekey/singlekey.go index 83d851d..652e9ac 100644 --- a/credential/singlekey/singlekey.go +++ b/credential/singlekey/singlekey.go @@ -23,23 +23,23 @@ import ( "github.com/coreos-inc/hmacproxy/credential" ) -type SingleAccessKey struct { +type singleAccessKey struct { credential.Credential } -func (s SingleAccessKey) LoadCredential(keyID, serviceName, regionName string) (*credential.Credential, error) { +func (s singleAccessKey) LoadCredential(keyID, serviceName, regionName string) (*credential.Credential, error) { if keyID != s.ID || serviceName != s.Service || regionName != s.Region { return nil, fmt.Errorf("Unknown key with key id: %s", keyID) } return &s.Credential, nil } -func constructor(cfg *config.CredentialSourceConfig) (credential.CredentialStore, error) { +func constructor(cfg *config.CredentialSourceConfig) (credential.Store, error) { reserialized, err := yaml.Marshal(cfg.Options) if err != nil { return nil, fmt.Errorf("unable to marshall configuration: %v", cfg.Options) } - var parsed SingleAccessKey + var parsed singleAccessKey err = yaml.Unmarshal(reserialized, &parsed) if err != nil { return nil, fmt.Errorf("unable to parse configuration: %v", reserialized) @@ -48,5 +48,5 @@ func constructor(cfg *config.CredentialSourceConfig) (credential.CredentialStore } func init() { - credential.RegisterCredentialStoreFacory("SingleCredential", constructor) + credential.RegisterStoreConstructor("SingleCredential", constructor) } diff --git a/credential/store.go b/credential/store.go index 429643d..f272fc0 100644 --- a/credential/store.go +++ b/credential/store.go @@ -20,30 +20,31 @@ import ( "github.com/coreos-inc/hmacproxy/config" ) -type CredentialStoreConstructor func(*config.CredentialSourceConfig) (CredentialStore, error) +// StoreConstructor is a function which is capable of instantiating a Store. +type StoreConstructor func(*config.CredentialSourceConfig) (Store, error) -var storeFactories = make(map[string]CredentialStoreConstructor) +var storeFactories = make(map[string]StoreConstructor) -// RegisterNotifier makes a Fetcher available by the provided name. -// If Register is called twice with the same name or if driver is nil, -// it panics. -func RegisterCredentialStoreFacory(name string, csf func(*config.CredentialSourceConfig) (CredentialStore, error)) { +// RegisterStoreConstructor allows one to register a new type of Store. +func RegisterStoreConstructor(name string, csf func(*config.CredentialSourceConfig) (Store, error)) { if name == "" { - panic("credentials: could not register a CredentialStore with an empty name") + panic("credentials: could not register a Store with an empty name") } if csf == nil { - panic("credentials: could not register a nil CredentialStore") + panic("credentials: could not register a nil Store") } if _, dup := storeFactories[name]; dup { - panic("credentials: RegisterCredentialStore called twice for " + name) + panic("credentials: RegisterStore called twice for " + name) } storeFactories[name] = csf } -func CreateCredentialStore(cfg *config.CredentialSourceConfig) (cs CredentialStore, err error) { +// NewStore instantiates and configures a new Store object using the specified +// configuration. +func NewStore(cfg *config.CredentialSourceConfig) (cs Store, err error) { constructor, found := storeFactories[cfg.Type] if !found { err = fmt.Errorf("credentials: Unable to find credential store constructor for %s", cfg.Type) @@ -54,6 +55,8 @@ func CreateCredentialStore(cfg *config.CredentialSourceConfig) (cs CredentialSto return } -type CredentialStore interface { +// Store is an interface for loading a Credential from a configurable data +// source. +type Store interface { LoadCredential(keyID, serviceName, regionName string) (*Credential, error) } diff --git a/handlers.go b/handlers.go index 4b367d8..14cc898 100644 --- a/handlers.go +++ b/handlers.go @@ -23,7 +23,9 @@ import ( "github.com/coreos-inc/hmacproxy/credential" ) -func CreateSigningProxy(target *url.URL, cred credential.Credential) (*httputil.ReverseProxy, error) { +// NewSigningProxy instantiates a new signing proxy with the target url and the +// statc credential specified. +func NewSigningProxy(target *url.URL, cred credential.Credential) (*httputil.ReverseProxy, error) { director := func(req *http.Request) { log.Printf("Proxying request %v", req) req.URL.Scheme = target.Scheme @@ -32,11 +34,14 @@ func CreateSigningProxy(target *url.URL, cred credential.Credential) (*httputil. return &httputil.ReverseProxy{Director: director}, nil } -func CreateVerifyingProxy(target *url.URL, cs credential.CredentialStore) (*httputil.ReverseProxy, error) { +// NewVerifyingProxy instantiates a new verifying proxy with the specified +// upstream URL and credential store, which will be used to verify incoming +// requests. +func NewVerifyingProxy(upstream *url.URL, cs credential.Store) (*httputil.ReverseProxy, error) { director := func(req *http.Request) { log.Printf("Proxying request %v", req) - req.URL.Scheme = target.Scheme - req.URL.Host = target.Host + req.URL.Scheme = upstream.Scheme + req.URL.Host = upstream.Host } return &httputil.ReverseProxy{Director: director}, nil } diff --git a/hmac_v4.go b/hmac_v4.go index 7c4149f..96e13f7 100644 --- a/hmac_v4.go +++ b/hmac_v4.go @@ -86,7 +86,7 @@ func Sign4(req *http.Request, cred credential.Credential) error { // service names. The maxSkew duration represents the time window within a signed request stays // valid. Verify4 returns true if the http.Request has been verified successfully, otherwise // the returned error contains the failure reason. -func Verify4(req *http.Request, creds credential.CredentialStore, maxSkew time.Duration) (bool, error) { +func Verify4(req *http.Request, creds credential.Store, maxSkew time.Duration) (bool, error) { // Shallow copy the request as we're going to modify its headers, // and make its Body a ReadSeekerCloser as AWS going to read it and http.Request must be able to // Close() it.