Document Vault algorithms (GEA-12682)

.github/workflows/ci.yml

@@ -4,6 +4,7 @@ on:
   push:
     branches:
       - main
+      - kenany/GEA-12682
 
   pull_request:
     types:
@@ -36,6 +37,25 @@ jobs:
           go-version: "1.22"
           cache-dependency-path: "**/*.sum"
 
+  lint:
+    needs: [prefetch]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4.1.1
+
+      - name: Setup Go
+        uses: actions/setup-go@v5.0.0
+        with:
+          go-version: "1.22"
+          cache-dependency-path: ./pangea-sdk/v3/go.sum
+
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v4.0.0
+        with:
+          version: v1.56.2
+          working-directory: ./pangea-sdk/v3
+
   test-unit:
     needs: [prefetch]
     runs-on: ubuntu-latest
@@ -91,7 +111,7 @@ jobs:
       # TODO: reorganize each individual example into their own directory to
       # enable tools like this.
       # - name: golangci-lint
-      #   uses: golangci/golangci-lint-action@v3.7.0
+      #   uses: golangci/golangci-lint-action@v4.0.0
       #   with:
-      #     version: v1.55.2
+      #     version: v1.56.2
       #     working-directory: ./examples/${{ matrix.example }}

CHANGELOG.md

@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Added
+
+- Documented Vault's asymmetric and symmetric key algorithms.
+
 ### Changed
 
 - Rewrote `README.md`.

go.work.sum

@@ -1,3 +1,4 @@
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
+golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=

pangea-sdk/v3/autogendoc/main.go

@@ -318,6 +318,5 @@ func gatherAstFieldList(fl []*ast.Field, fs *token.FileSet) []*AstField {
 func prettify(node interface{}, fs *token.FileSet) string {
 	var stringBuffer bytes.Buffer
 	printer.Fprint(&stringBuffer, fs, node)
-
-	return string(stringBuffer.Bytes())
+	return stringBuffer.String()
 }

pangea-sdk/v3/internal/pangeatesting/pangeatesting.go

@@ -42,11 +42,8 @@ func SetupServer() (mux *http.ServeMux, serverURL string, teardown func()) {
 func TestConfig(url string) *pangea.Config {
 	// Clean scheme. It will be adden after decide if it should be secure o insecure
 	// It only happens on testing because of local server
-	if strings.HasPrefix(url, "https://") {
-		url = strings.TrimPrefix(url, "https://")
-	} else if strings.HasPrefix(url, "http://") {
-		url = strings.TrimPrefix(url, "http://")
-	}
+	url = strings.TrimPrefix(url, "https://")
+	url = strings.TrimPrefix(url, "http://")
 
 	return &pangea.Config{
 		Token:      "TestToken",
@@ -95,9 +92,9 @@ func CreateFile(t *testing.T, contents []byte) *os.File {
 	tmpdir := t.TempDir()
 	file, err := os.CreateTemp(tmpdir, "*")
 	if err != nil {
-		t.Fatal("failed to creat temp file")
+		t.Fatal("failed to create temp file")
 	}
-	file.Write(contents)
+	file.Write(contents) //nolint:errcheck
 	return file
 }
 

pangea-sdk/v3/internal/pangeautil/pangeautil.go

@@ -18,7 +18,7 @@ func CanonicalizeStruct(v interface{}) ([]byte, error) {
 		return nil, err
 	}
 	// Order keys
-	json.Unmarshal(ebytes, &smap)
+	json.Unmarshal(ebytes, &smap) //nolint:errcheck
 	mbytes, err := json.Marshal(smap)
 	if err != nil {
 		return nil, err

pangea-sdk/v3/pangea/base_service.go

@@ -29,7 +29,7 @@ func NewBaseService(name string, baseCfg *Config) BaseService {
 
 func (bs *BaseService) PollResultByError(ctx context.Context, e AcceptedError) (*PangeaResponse[any], error) {
 	if e.RequestID == nil {
-		return nil, errors.New("Request ID is empty")
+		return nil, errors.New("request ID is empty")
 	}
 
 	resp, err := bs.PollResultByID(ctx, *e.RequestID, e.ResultField)

pangea-sdk/v3/pangea/error.go

@@ -45,9 +45,9 @@ func NewAPIError(err error, r *Response) *APIError {
 	errUnm := r.UnmarshalResult(&pa)
 	if errUnm != nil {
 		pa = PangeaErrors{}
-		errRes = fmt.Errorf("Error: %s. Unmarshall Error: %s.", err.Error(), errUnm.Error())
+		errRes = fmt.Errorf("Error: %s. Unmarshall Error: %s", err.Error(), errUnm.Error())
 	} else {
-		errRes = fmt.Errorf("Error: %s.", err.Error())
+		errRes = fmt.Errorf("Error: %s", err.Error())
 	}
 
 	return &APIError{

pangea-sdk/v3/pangea/pangea.go

@@ -229,7 +229,7 @@ func (c *Client) GetURL(path string) (string, error) {
 		endpoint = fmt.Sprintf("%s/%s", domain, path)
 	} else {
 		scheme := "https://"
-		if cfg.Insecure == true {
+		if cfg.Insecure {
 			scheme = "http://"
 		}
 		if cfg.Enviroment == "local" {
@@ -347,7 +347,7 @@ func (c *Client) GetPresignedURL(ctx context.Context, url string, input any) (*R
 
 func (c *Client) UploadFile(ctx context.Context, url string, tm TransferMethod, fd FileData) error {
 	if tm == TMputURL && fd.Details != nil {
-		return errors.New(fmt.Sprintf("Data param should be nil in order to use TransferMethod %s\n", TMputURL))
+		return fmt.Errorf("data param should be nil in order to use TransferMethod %s", TMputURL)
 	}
 
 	method := "POST"
@@ -374,7 +374,7 @@ func (c *Client) UploadFile(ctx context.Context, url string, tm TransferMethod,
 
 	if psURLr.StatusCode < 200 || psURLr.StatusCode >= 300 {
 		defer psURLr.Body.Close()
-		return errors.New("Presigned url upload failure")
+		return errors.New("presigned url upload failure")
 	}
 	return nil
 }
@@ -469,7 +469,7 @@ func (c *Client) NewRequestMultipart(method, url string, body any, fd FileData)
 
 	// Write request body
 	h := make(textproto.MIMEHeader)
-	h.Set("Content-Disposition", fmt.Sprintf(`form-data; name=request;`))
+	h.Set("Content-Disposition", "form-data; name=request;")
 	h.Set("Content-Type", "application/json")
 	if fw, err = w.CreatePart(h); err != nil {
 		return nil, err
@@ -686,8 +686,8 @@ func (c *Client) pollPresignedURL(ctx context.Context, ae *AcceptedError) (*Acce
 
 	for !aeLoop.AcceptedResult.HasUploadURL() && !c.reachTimeout(start) {
 		delay := c.getDelay(retry, start)
-		if pu.Sleep(delay, ctx) == false {
-			// If context closed, return inmediatly
+		if !pu.Sleep(delay, ctx) {
+			// If context closed, return immediately
 			return nil, errors.New("Context closed")
 		}
 
@@ -732,7 +732,7 @@ func (c *Client) handledQueued(ctx context.Context, r *Response) (*Response, err
 		return r, nil
 	}
 
-	if c.config.QueuedRetryEnabled == false || r == nil || r.HTTPResponse.StatusCode != http.StatusAccepted {
+	if !c.config.QueuedRetryEnabled || r == nil || r.HTTPResponse.StatusCode != http.StatusAccepted {
 		return r, nil
 	}
 
@@ -755,8 +755,8 @@ func (c *Client) handledQueued(ctx context.Context, r *Response) (*Response, err
 
 	for r.HTTPResponse.StatusCode == http.StatusAccepted && !c.reachTimeout(start) {
 		delay := c.getDelay(retry, start)
-		if pu.Sleep(delay, ctx) == false {
-			// If context closed, return inmediatly
+		if !pu.Sleep(delay, ctx) {
+			// If context closed, return immediately
 			return r, nil
 		}
 
@@ -859,10 +859,6 @@ func (c *Client) CheckResponse(r *Response, v any) error {
 	}
 }
 
-func configHeaderName(key string) string {
-	return fmt.Sprintf("x-pangea-%v-config-id", key)
-}
-
 // MergeIn merges the passed in configs into the existing config object.
 func (c *Config) MergeIn(cfgs ...*Config) {
 	for _, other := range cfgs {

pangea-sdk/v3/service/audit/api.go

@@ -301,7 +301,7 @@ func SearchAll(ctx context.Context, client Client, input *SearchInput) (*Root, S
 }
 
 func (a *audit) processLogBulkResult(ctx context.Context, br *LogBulkResult) error {
-	for i, _ := range br.Results {
+	for i := range br.Results {
 		err := a.processLogResult(ctx, &br.Results[i])
 		if err != nil {
 			return err

pangea-sdk/v3/service/file_scan/api.go

@@ -168,7 +168,7 @@ func GetUploadFileParams(file *os.File) (*FileScanFileParams, error) {
 	crc32c := crcHash.Sum32()
 
 	// Reset to be sent
-	file.Seek(0, 0)
+	file.Seek(0, 0) //nolint:errcheck
 
 	return &FileScanFileParams{
 		CRC:    strconv.FormatUint(uint64(crc32c), 16),
@@ -180,7 +180,7 @@ func GetUploadFileParams(file *os.File) (*FileScanFileParams, error) {
 
 func (fu *FileUploader) UploadFile(ctx context.Context, url string, tm pangea.TransferMethod, fd pangea.FileData) error {
 	if tm == pangea.TMmultipart {
-		return errors.New(fmt.Sprintf("%s is not supported in UploadFile. Use Scan() instead", tm))
+		return fmt.Errorf("%s is not supported in UploadFile. Use Scan() instead", tm)
 	}
 
 	fds := pangea.FileData{

pangea-sdk/v3/service/vault/common.go

@@ -21,42 +21,44 @@ const (
 	KPjwt        KeyPurpose = "jwt"
 )
 
+// Asymmetric key algorithm.
 type AsymmetricAlgorithm string
 
 const (
-	AAed25519                 AsymmetricAlgorithm = "ED25519"
-	AAes256                   AsymmetricAlgorithm = "ES256"
-	AAes384                   AsymmetricAlgorithm = "ES384"
-	AAes512                   AsymmetricAlgorithm = "ES512"
-	AArsa2048_pkcs1v15_sha256 AsymmetricAlgorithm = "RSA-PKCS1V15-2048-SHA256"
-	AArsa2048_oaep_sha256     AsymmetricAlgorithm = "RSA-OAEP-2048-SHA256"
-	AAes256K                  AsymmetricAlgorithm = "ES256K"
-	AArsa2048_oaep_sha1       AsymmetricAlgorithm = "RSA-OAEP-2048-SHA1"
-	AArsa2048_oaep_sha512     AsymmetricAlgorithm = "RSA-OAEP-2048-SHA512"
-	AArsa3072_oaep_sha1       AsymmetricAlgorithm = "RSA-OAEP-3072-SHA1"
-	AArsa3072_oaep_sha256     AsymmetricAlgorithm = "RSA-OAEP-3072-SHA256"
-	AArsa3072_oaep_sha512     AsymmetricAlgorithm = "RSA-OAEP-3072-SHA512"
-	AArsa4096_oaep_sha1       AsymmetricAlgorithm = "RSA-OAEP-4096-SHA1"
-	AArsa4096_oaep_sha256     AsymmetricAlgorithm = "RSA-OAEP-4096-SHA256"
-	AArsa4096_oaep_sha512     AsymmetricAlgorithm = "RSA-OAEP-4096-SHA512"
-	AArsa2048_pss_sha256      AsymmetricAlgorithm = "RSA-PSS-2048-SHA256"
-	AArsa3072_pss_sha256      AsymmetricAlgorithm = "RSA-PSS-3072-SHA256"
-	AA4096_pss_sha256         AsymmetricAlgorithm = "RSA-PSS-4096-SHA256"
-	AArsa4096_pss_sha512      AsymmetricAlgorithm = "RSA-PSS-4096-SHA512"
+	AAed25519                 AsymmetricAlgorithm = "ED25519"                  // Ed25519.
+	AAes256                   AsymmetricAlgorithm = "ES256"                    // ECDSA with SHA256 digest.
+	AAes384                   AsymmetricAlgorithm = "ES384"                    // ECDSA with SHA384 digest.
+	AAes512                   AsymmetricAlgorithm = "ES512"                    // ECDSA with SHA512 digest.
+	AArsa2048_pkcs1v15_sha256 AsymmetricAlgorithm = "RSA-PKCS1V15-2048-SHA256" // RSA 2048-bit key, PKCS#1v1.5 signature, SHA256 digest.
+	AArsa2048_oaep_sha256     AsymmetricAlgorithm = "RSA-OAEP-2048-SHA256"     // RSA 2048-bit key, OAEP padding, SHA256 digest.
+	AAes256K                  AsymmetricAlgorithm = "ES256K"                   // ECDSA with secp256k1 curve and SHA256 digest.
+	AArsa2048_oaep_sha1       AsymmetricAlgorithm = "RSA-OAEP-2048-SHA1"       // RSA 2048-bit key, OAEP padding, SHA1 digest.
+	AArsa2048_oaep_sha512     AsymmetricAlgorithm = "RSA-OAEP-2048-SHA512"     // RSA 2048-bit key, OAEP padding, SHA512 digest.
+	AArsa3072_oaep_sha1       AsymmetricAlgorithm = "RSA-OAEP-3072-SHA1"       // RSA 3072-bit key, OAEP padding, SHA1 digest.
+	AArsa3072_oaep_sha256     AsymmetricAlgorithm = "RSA-OAEP-3072-SHA256"     // RSA 3072-bit key, OAEP padding, SHA256 digest.
+	AArsa3072_oaep_sha512     AsymmetricAlgorithm = "RSA-OAEP-3072-SHA512"     // RSA 3072-bit key, OAEP padding, SHA512 digest.
+	AArsa4096_oaep_sha1       AsymmetricAlgorithm = "RSA-OAEP-4096-SHA1"       // RSA 4096-bit key, OAEP padding, SHA1 digest.
+	AArsa4096_oaep_sha256     AsymmetricAlgorithm = "RSA-OAEP-4096-SHA256"     // RSA 4096-bit key, OAEP padding, SHA256 digest.
+	AArsa4096_oaep_sha512     AsymmetricAlgorithm = "RSA-OAEP-4096-SHA512"     // RSA 4096-bit key, OAEP padding, SHA512 digest.
+	AArsa2048_pss_sha256      AsymmetricAlgorithm = "RSA-PSS-2048-SHA256"      // RSA 2048-bit key, PSS padding, SHA256 digest.
+	AArsa3072_pss_sha256      AsymmetricAlgorithm = "RSA-PSS-3072-SHA256"      // RSA 3072-bit key, PSS padding, SHA256 digest.
+	AA4096_pss_sha256         AsymmetricAlgorithm = "RSA-PSS-4096-SHA256"      // RSA 4096-bit key, PSS padding, SHA256 digest.
+	AArsa4096_pss_sha512      AsymmetricAlgorithm = "RSA-PSS-4096-SHA512"      // RSA 4096-bit key, PSS padding, SHA512 digest.
 	AArsa                     AsymmetricAlgorithm = "RSA-PKCS1V15-2048-SHA256" // deprecated, use AArsa2048_pkcs1v15_sha256 instead
 )
 
+// Symmetric key algorithm.
 type SymmetricAlgorithm string
 
 const (
-	SYAhs256      SymmetricAlgorithm = "HS256"
-	SYAhs384      SymmetricAlgorithm = "HS384"
-	SYAhs512      SymmetricAlgorithm = "HS512"
-	SYAaes128_cfb SymmetricAlgorithm = "AES-CFB-128"
-	SYAaes256_cfb SymmetricAlgorithm = "AES-CFB-256"
-	SYAaes256_gcm SymmetricAlgorithm = "AES-GCM-256"
-	SYAaes128_cbc SymmetricAlgorithm = "AES-CBC-128"
-	SYAaes256_cbc SymmetricAlgorithm = "AES-CBC-256"
+	SYAhs256      SymmetricAlgorithm = "HS256"       // HMAC with SHA256 digest.
+	SYAhs384      SymmetricAlgorithm = "HS384"       // HMAC with SHA384 digest.
+	SYAhs512      SymmetricAlgorithm = "HS512"       // HMAC with SHA512 digest.
+	SYAaes128_cfb SymmetricAlgorithm = "AES-CFB-128" // AES cipher feedback mode, 128-bit key.
+	SYAaes256_cfb SymmetricAlgorithm = "AES-CFB-256" // AES cipher feedback mode, 256-bit key.
+	SYAaes256_gcm SymmetricAlgorithm = "AES-GCM-256" // AES Galois/counter mode, 256-bit key.
+	SYAaes128_cbc SymmetricAlgorithm = "AES-CBC-128" // AES cipher block chaining mode, 128-bit key.
+	SYAaes256_cbc SymmetricAlgorithm = "AES-CBC-256" // AES cipher block chaining mode, 256-bit key.
 	SYAaes        SymmetricAlgorithm = "AES-CFB-128" // deprecated, use SYAaes128_cfb instead
 )