chore: format Go more aggressively

2025-07-03 16:13:58 +00:00 · 2023-02-18 18:32:09 -06:00
parent 19ae411f05
commit f05609b4da
97 changed files with 411 additions and 413 deletions
--- a/coderd/rbac/authz_test.go
+++ b/coderd/rbac/authz_test.go
@ -118,7 +118,7 @@ func BenchmarkRBACAuthorize(b *testing.B) {
 			b.ResetTimer()
 			for i := 0; i < b.N; i++ {
 				allowed := authorizer.Authorize(context.Background(), c.Actor, rbac.ActionRead, objects[b.N%len(objects)])
-				var _ = allowed
+				_ = allowed
 			}
 		})
 	}
@ -170,7 +170,7 @@ func BenchmarkRBACAuthorizeGroups(b *testing.B) {
 			b.ResetTimer()
 			for i := 0; i < b.N; i++ {
 				allowed := authorizer.Authorize(context.Background(), c.Actor, neverMatchAction, objects[b.N%len(objects)])
-				var _ = allowed
+				_ = allowed
 			}
 		})
 	}
@ -206,7 +206,7 @@ func BenchmarkRBACFilter(b *testing.B) {
 			b.ResetTimer()
 			allowed, err := rbac.Filter(context.Background(), authorizer, c.Actor, rbac.ActionRead, objects)
 			require.NoError(b, err)
-			var _ = allowed
+			_ = allowed
 		})
 	}
 }
--- a/coderd/rbac/builtin.go
+++ b/coderd/rbac/builtin.go
@ -62,188 +62,185 @@ func RoleOrgMember(organizationID uuid.UUID) string {
 	return roleName(orgMember, organizationID.String())
 }

-var (
-	// builtInRoles are just a hard coded set for now. Ideally we store these in
-	// the database. Right now they are functions because the org id should scope
-	// certain roles. When we store them in the database, each organization should
-	// create the roles that are assignable in the org. This isn't a hard problem to solve,
-	// it's just easier as a function right now.
-	//
-	// This map will be replaced by database storage defined by this ticket.
-	// https://github.com/coder/coder/issues/1194
-	builtInRoles = map[string]func(orgID string) Role{
-		// admin grants all actions to all resources.
-		owner: func(_ string) Role {
-			return Role{
-				Name:        owner,
-				DisplayName: "Owner",
-				Site: Permissions(map[string][]Action{
-					ResourceWildcard.Type: {WildcardSymbol},
-				}),
-				Org:  map[string][]Permission{},
-				User: []Permission{},
-			}
-		},
+// builtInRoles are just a hard coded set for now. Ideally we store these in
+// the database. Right now they are functions because the org id should scope
+// certain roles. When we store them in the database, each organization should
+// create the roles that are assignable in the org. This isn't a hard problem to solve,
+// it's just easier as a function right now.
+//
+// This map will be replaced by database storage defined by this ticket.
+// https://github.com/coder/coder/issues/1194
+var builtInRoles = map[string]func(orgID string) Role{
+	// admin grants all actions to all resources.
+	owner: func(_ string) Role {
+		return Role{
+			Name:        owner,
+			DisplayName: "Owner",
+			Site: Permissions(map[string][]Action{
+				ResourceWildcard.Type: {WildcardSymbol},
+			}),
+			Org:  map[string][]Permission{},
+			User: []Permission{},
+		}
+	},

-		// member grants all actions to all resources owned by the user
-		member: func(_ string) Role {
-			return Role{
-				Name:        member,
-				DisplayName: "",
-				Site: Permissions(map[string][]Action{
-					// All users can read all other users and know they exist.
-					ResourceUser.Type:           {ActionRead},
-					ResourceRoleAssignment.Type: {ActionRead},
-					// All users can see the provisioner daemons.
-					ResourceProvisionerDaemon.Type: {ActionRead},
-				}),
-				Org: map[string][]Permission{},
-				User: Permissions(map[string][]Action{
-					ResourceWildcard.Type: {WildcardSymbol},
-				}),
-			}
-		},
+	// member grants all actions to all resources owned by the user
+	member: func(_ string) Role {
+		return Role{
+			Name:        member,
+			DisplayName: "",
+			Site: Permissions(map[string][]Action{
+				// All users can read all other users and know they exist.
+				ResourceUser.Type:           {ActionRead},
+				ResourceRoleAssignment.Type: {ActionRead},
+				// All users can see the provisioner daemons.
+				ResourceProvisionerDaemon.Type: {ActionRead},
+			}),
+			Org: map[string][]Permission{},
+			User: Permissions(map[string][]Action{
+				ResourceWildcard.Type: {WildcardSymbol},
+			}),
+		}
+	},

-		// auditor provides all permissions required to effectively read and understand
-		// audit log events.
-		// TODO: Finish the auditor as we add resources.
-		auditor: func(_ string) Role {
-			return Role{
-				Name:        auditor,
-				DisplayName: "Auditor",
-				Site: Permissions(map[string][]Action{
-					// Should be able to read all template details, even in orgs they
-					// are not in.
-					ResourceTemplate.Type: {ActionRead},
-					ResourceAuditLog.Type: {ActionRead},
-				}),
-				Org:  map[string][]Permission{},
-				User: []Permission{},
-			}
-		},
+	// auditor provides all permissions required to effectively read and understand
+	// audit log events.
+	// TODO: Finish the auditor as we add resources.
+	auditor: func(_ string) Role {
+		return Role{
+			Name:        auditor,
+			DisplayName: "Auditor",
+			Site: Permissions(map[string][]Action{
+				// Should be able to read all template details, even in orgs they
+				// are not in.
+				ResourceTemplate.Type: {ActionRead},
+				ResourceAuditLog.Type: {ActionRead},
+			}),
+			Org:  map[string][]Permission{},
+			User: []Permission{},
+		}
+	},

-		templateAdmin: func(_ string) Role {
-			return Role{
-				Name:        templateAdmin,
-				DisplayName: "Template Admin",
-				Site: Permissions(map[string][]Action{
-					ResourceTemplate.Type: {ActionCreate, ActionRead, ActionUpdate, ActionDelete},
-					// CRUD all files, even those they did not upload.
-					ResourceFile.Type:      {ActionCreate, ActionRead, ActionUpdate, ActionDelete},
-					ResourceWorkspace.Type: {ActionRead},
-					// CRUD to provisioner daemons for now.
-					ResourceProvisionerDaemon.Type: {ActionCreate, ActionRead, ActionUpdate, ActionDelete},
-					// Needs to read all organizations since
-					ResourceOrganization.Type: {ActionRead},
-				}),
-				Org:  map[string][]Permission{},
-				User: []Permission{},
-			}
-		},
+	templateAdmin: func(_ string) Role {
+		return Role{
+			Name:        templateAdmin,
+			DisplayName: "Template Admin",
+			Site: Permissions(map[string][]Action{
+				ResourceTemplate.Type: {ActionCreate, ActionRead, ActionUpdate, ActionDelete},
+				// CRUD all files, even those they did not upload.
+				ResourceFile.Type:      {ActionCreate, ActionRead, ActionUpdate, ActionDelete},
+				ResourceWorkspace.Type: {ActionRead},
+				// CRUD to provisioner daemons for now.
+				ResourceProvisionerDaemon.Type: {ActionCreate, ActionRead, ActionUpdate, ActionDelete},
+				// Needs to read all organizations since
+				ResourceOrganization.Type: {ActionRead},
+			}),
+			Org:  map[string][]Permission{},
+			User: []Permission{},
+		}
+	},

-		userAdmin: func(_ string) Role {
-			return Role{
-				Name:        userAdmin,
-				DisplayName: "User Admin",
-				Site: Permissions(map[string][]Action{
-					ResourceRoleAssignment.Type: {ActionCreate, ActionRead, ActionUpdate, ActionDelete},
-					ResourceUser.Type:           {ActionCreate, ActionRead, ActionUpdate, ActionDelete},
-					// Full perms to manage org members
-					ResourceOrganizationMember.Type: {ActionCreate, ActionRead, ActionUpdate, ActionDelete},
-					ResourceGroup.Type:              {ActionCreate, ActionRead, ActionUpdate, ActionDelete},
-				}),
-				Org:  map[string][]Permission{},
-				User: []Permission{},
-			}
-		},
+	userAdmin: func(_ string) Role {
+		return Role{
+			Name:        userAdmin,
+			DisplayName: "User Admin",
+			Site: Permissions(map[string][]Action{
+				ResourceRoleAssignment.Type: {ActionCreate, ActionRead, ActionUpdate, ActionDelete},
+				ResourceUser.Type:           {ActionCreate, ActionRead, ActionUpdate, ActionDelete},
+				// Full perms to manage org members
+				ResourceOrganizationMember.Type: {ActionCreate, ActionRead, ActionUpdate, ActionDelete},
+				ResourceGroup.Type:              {ActionCreate, ActionRead, ActionUpdate, ActionDelete},
+			}),
+			Org:  map[string][]Permission{},
+			User: []Permission{},
+		}
+	},

-		// orgAdmin returns a role with all actions allows in a given
-		// organization scope.
-		orgAdmin: func(organizationID string) Role {
-			return Role{
-				Name:        roleName(orgAdmin, organizationID),
-				DisplayName: "Organization Admin",
-				Site:        []Permission{},
-				Org: map[string][]Permission{
-					organizationID: {
-						{
-							Negate:       false,
-							ResourceType: "*",
-							Action:       "*",
-						},
+	// orgAdmin returns a role with all actions allows in a given
+	// organization scope.
+	orgAdmin: func(organizationID string) Role {
+		return Role{
+			Name:        roleName(orgAdmin, organizationID),
+			DisplayName: "Organization Admin",
+			Site:        []Permission{},
+			Org: map[string][]Permission{
+				organizationID: {
+					{
+						Negate:       false,
+						ResourceType: "*",
+						Action:       "*",
 					},
 				},
-				User: []Permission{},
-			}
-		},
+			},
+			User: []Permission{},
+		}
+	},

-		// orgMember has an empty set of permissions, this just implies their membership
-		// in an organization.
-		orgMember: func(organizationID string) Role {
-			return Role{
-				Name:        roleName(orgMember, organizationID),
-				DisplayName: "",
-				Site:        []Permission{},
-				Org: map[string][]Permission{
-					organizationID: {
-						{
-							// All org members can read the other members in their org.
-							ResourceType: ResourceOrganizationMember.Type,
-							Action:       ActionRead,
-						},
-						{
-							// All org members can read the organization
-							ResourceType: ResourceOrganization.Type,
-							Action:       ActionRead,
-						},
-						{
-							// Can read available roles.
-							ResourceType: ResourceOrgRoleAssignment.Type,
-							Action:       ActionRead,
-						},
-						{
-							ResourceType: ResourceGroup.Type,
-							Action:       ActionRead,
-						},
+	// orgMember has an empty set of permissions, this just implies their membership
+	// in an organization.
+	orgMember: func(organizationID string) Role {
+		return Role{
+			Name:        roleName(orgMember, organizationID),
+			DisplayName: "",
+			Site:        []Permission{},
+			Org: map[string][]Permission{
+				organizationID: {
+					{
+						// All org members can read the other members in their org.
+						ResourceType: ResourceOrganizationMember.Type,
+						Action:       ActionRead,
+					},
+					{
+						// All org members can read the organization
+						ResourceType: ResourceOrganization.Type,
+						Action:       ActionRead,
+					},
+					{
+						// Can read available roles.
+						ResourceType: ResourceOrgRoleAssignment.Type,
+						Action:       ActionRead,
+					},
+					{
+						ResourceType: ResourceGroup.Type,
+						Action:       ActionRead,
 					},
 				},
-				User: []Permission{},
-			}
-		},
-	}
-)
+			},
+			User: []Permission{},
+		}
+	},
+}

-var (
-	// assignRoles is a map of roles that can be assigned if a user has a given
-	// role.
-	// The first key is the actor role, the second is the roles they can assign.
-	//	map[actor_role][assign_role]<can_assign>
-	assignRoles = map[string]map[string]bool{
-		"system": {
-			owner:     true,
-			member:    true,
-			orgAdmin:  true,
-			orgMember: true,
-		},
-		owner: {
-			owner:         true,
-			auditor:       true,
-			member:        true,
-			orgAdmin:      true,
-			orgMember:     true,
-			templateAdmin: true,
-			userAdmin:     true,
-		},
-		userAdmin: {
-			member:    true,
-			orgMember: true,
-		},
-		orgAdmin: {
-			orgAdmin:  true,
-			orgMember: true,
-		},
-	}
-)
+// assignRoles is a map of roles that can be assigned if a user has a given
+// role.
+// The first key is the actor role, the second is the roles they can assign.
+//
+//	map[actor_role][assign_role]<can_assign>
+var assignRoles = map[string]map[string]bool{
+	"system": {
+		owner:     true,
+		member:    true,
+		orgAdmin:  true,
+		orgMember: true,
+	},
+	owner: {
+		owner:         true,
+		auditor:       true,
+		member:        true,
+		orgAdmin:      true,
+		orgMember:     true,
+		templateAdmin: true,
+		userAdmin:     true,
+	},
+	userAdmin: {
+		member:    true,
+		orgMember: true,
+	},
+	orgAdmin: {
+		orgAdmin:  true,
+		orgMember: true,
+	},
+}

 // CanAssignRole is a helper function that returns true if the user can assign
 // the specified role. This also can be used for removing a role.
--- a/coderd/rbac/partial.go
+++ b/coderd/rbac/partial.go
@ -141,7 +141,6 @@ func (a RegoAuthorizer) newPartialAuthorizer(ctx context.Context, subject Subjec
 	}

 	partialQueries, err := a.partialQuery.Partial(ctx, rego.EvalParsedInput(input))
-
 	if err != nil {
 		return nil, xerrors.Errorf("prepare: %w", err)
 	}
--- a/coderd/rbac/regosql/acl_group_var.go
+++ b/coderd/rbac/regosql/acl_group_var.go
@ -10,8 +10,10 @@ import (
 	"github.com/coder/coder/coderd/rbac/regosql/sqltypes"
 )

-var _ sqltypes.VariableMatcher = ACLGroupVar{}
-var _ sqltypes.Node = ACLGroupVar{}
+var (
+	_ sqltypes.VariableMatcher = ACLGroupVar{}
+	_ sqltypes.Node            = ACLGroupVar{}
+)

 // ACLGroupVar is a variable matcher that handles group_acl and user_acl.
 // The sql type is a jsonb object with the following structure:
--- a/coderd/rbac/regosql/sqltypes/always_false.go
+++ b/coderd/rbac/regosql/sqltypes/always_false.go
@ -4,8 +4,10 @@ import (
 	"github.com/open-policy-agent/opa/ast"
 )

-var _ Node = alwaysFalse{}
-var _ VariableMatcher = alwaysFalse{}
+var (
+	_ Node            = alwaysFalse{}
+	_ VariableMatcher = alwaysFalse{}
+)

 type alwaysFalse struct {
 	Matcher VariableMatcher
@ -30,6 +32,7 @@ func AlwaysFalseNode(n Node) Node {

 // UseAs uses a type no one supports to always override with false.
 func (alwaysFalse) UseAs() Node { return alwaysFalse{} }
+
 func (f alwaysFalse) ConvertVariable(rego ast.Ref) (Node, bool) {
 	if f.Matcher != nil {
 		n, ok := f.Matcher.ConvertVariable(rego)
--- a/coderd/rbac/regosql/sqltypes/equality.go
+++ b/coderd/rbac/regosql/sqltypes/equality.go
@ -15,9 +15,11 @@ type SupportsEquality interface {
 	EqualsSQLString(cfg *SQLGenerator, not bool, other Node) (string, error)
 }

-var _ BooleanNode = equality{}
-var _ Node = equality{}
-var _ SupportsEquality = equality{}
+var (
+	_ BooleanNode      = equality{}
+	_ Node             = equality{}
+	_ SupportsEquality = equality{}
+)

 type equality struct {
 	Left  Node
--- a/coderd/rbac/regosql/sqltypes/member.go
+++ b/coderd/rbac/regosql/sqltypes/member.go
@ -16,9 +16,11 @@ type SupportsContainedIn interface {
 	ContainedInSQL(cfg *SQLGenerator, other Node) (string, error)
 }

-var _ BooleanNode = memberOf{}
-var _ Node = memberOf{}
-var _ SupportsEquality = memberOf{}
+var (
+	_ BooleanNode      = memberOf{}
+	_ Node             = memberOf{}
+	_ SupportsEquality = memberOf{}
+)

 type memberOf struct {
 	Needle   Node
--- a/coderd/rbac/regosql/sqltypes/variable.go
+++ b/coderd/rbac/regosql/sqltypes/variable.go
@ -68,8 +68,10 @@ func RegoVarPath(path []string, terms []*ast.Term) ([]*ast.Term, error) {
 	return terms[len(path):], nil
 }

-var _ VariableMatcher = astStringVar{}
-var _ Node = astStringVar{}
+var (
+	_ VariableMatcher = astStringVar{}
+	_ Node            = astStringVar{}
+)

 // astStringVar is any variable that represents a string.
 type astStringVar struct {