coder · cmoog · Nov 4, 2020 · Nov 4, 2020 · Nov 4, 2020 · Nov 4, 2020
diff --git a/.golangci.yml b/.golangci.yml
@@ -7,7 +7,6 @@ linters-settings:
     min-complexity: 46
   nestif:
     min-complexity: 10
-  golint:
   govet:
     settings:
       printf:
@@ -17,6 +16,7 @@ linters-settings:
           - (cdr.dev/coder-cli/pkg/clog).Causef
 linters:
   disable-all: true
+  exclude-use-default: false
   enable:
     - megacheck
     - govet
@@ -44,3 +44,29 @@ linters:
     - rowserrcheck
     - scopelint
     - goprintffuncname
+    - gofmt
+    - godot
+    - ineffassign
+    - gocritic
+
+issues:
+  exclude-use-default: false
+  exclude:
+    # errcheck: Almost all programs ignore errors on these functions and in most cases it's ok
+    - Error return value of .((os\.)?std(out|err)\..*|.*Close|.*Flush|os\.Remove(All)?|.*printf?|os\.(Un)?Setenv). is not checked
+    # golint: False positive when tests are defined in package 'test'
+    - func name will be used as test\.Test.* by other packages, and that stutters; consider calling this
+    # govet: Common false positives
+    - (possible misuse of unsafe.Pointer|should have signature)
+    # staticcheck: Developers tend to write in C-style with an explicit 'break' in a 'switch', so it's ok to ignore
+    - ineffective break statement. Did you mean to break out of the outer loop
+    # gosec: Too many false-positives on 'unsafe' usage
+    - Use of unsafe calls should be audited
+    # gosec: Too many false-positives for parametrized shell calls
+    - Subprocess launch(ed with variable|ing should be audited)
+    # gosec: Duplicated errcheck checks
+    - G104
+    # gosec: Too many issues in popular repos
+    - (Expect directory permissions to be 0750 or less|Expect file permissions to be 0600 or less)
+    # gosec: False positive is triggered by 'src, err := ioutil.ReadFile(filename)'
+    - Potential file inclusion via variable
diff --git a/ci/integration/setup_test.go b/ci/integration/setup_test.go
@@ -13,10 +13,10 @@ import (
 	"golang.org/x/xerrors"
 )
 
-// binpath is populated during package initialization with a path to the coder binary
+// binpath is populated during package initialization with a path to the coder binary.
 var binpath string
 
-// initialize integration tests by building the coder-cli binary
+// initialize integration tests by building the coder-cli binary.
 func init() {
 	cwd, err := os.Getwd()
 	if err != nil {
@@ -30,7 +30,7 @@ func init() {
 	}
 }
 
-// build the coder-cli binary and move to the integration testing bin directory
+// build the coder-cli binary and move to the integration testing bin directory.
 func build(path string) error {
 	tar := "coder-cli-linux-amd64.tar.gz"
 	dir := filepath.Dir(path)
@@ -48,7 +48,7 @@ func build(path string) error {
 	return nil
 }
 
-// write session tokens to the given container runner
+// write session tokens to the given container runner.
 func headlessLogin(ctx context.Context, t *testing.T, runner *tcli.ContainerRunner) {
 	creds := login(ctx, t)
 	cmd := exec.CommandContext(ctx, "sh", "-c", "mkdir -p $HOME/.config/coder && cat > $HOME/.config/coder/session")

diff --git a/cmd/coder/main.go b/cmd/coder/main.go
@@ -17,7 +17,6 @@ import (
 
 func main() {
 	ctx, cancel := context.WithCancel(context.Background())
-	defer cancel()
 
 	// If requested, spin up the pprof webserver.
 	if os.Getenv("PPROF") != "" {
@@ -29,18 +28,23 @@ func main() {
 	stdoutState, err := xterminal.MakeOutputRaw(os.Stdout.Fd())
 	if err != nil {
 		clog.Log(clog.Fatal(fmt.Sprintf("set output to raw: %s", err)))
+		cancel()
 		os.Exit(1)
 	}
-	defer func() {
+	restoreTerminal := func() {
 		// Best effort. Would result in broken terminal on window but nothing we can do about it.
 		_ = xterminal.Restore(os.Stdout.Fd(), stdoutState)
-	}()
+	}
 
 	app := cmd.Make()
 	app.Version = fmt.Sprintf("%s %s %s/%s", version.Version, runtime.Version(), runtime.GOOS, runtime.GOARCH)
 
 	if err := app.ExecuteContext(ctx); err != nil {
 		clog.Log(err)
+		cancel()
+		restoreTerminal()
 		os.Exit(1)
 	}
+	cancel()
+	restoreTerminal()
 }
diff --git a/coder-sdk/client.go b/coder-sdk/client.go
@@ -6,10 +6,10 @@ import (
 	"net/url"
 )
 
-// Me is the route param to access resources of the authenticated user
+// Me is the route param to access resources of the authenticated user.
 const Me = "me"
 
-// Client wraps the Coder HTTP API
+// Client wraps the Coder HTTP API.
 type Client struct {
 	BaseURL *url.URL
 	Token   string

diff --git a/coder-sdk/config.go b/coder-sdk/config.go
@@ -5,6 +5,7 @@ import (
 	"net/http"
 )
 
+// AuthProviderType is an enum of each valid auth provider.
 type AuthProviderType string
 
 // AuthProviderType enum.
@@ -14,18 +15,21 @@ const (
 	AuthProviderOIDC    AuthProviderType = "oidc"
 )
 
+// ConfigAuth describes the authentication configuration for a Coder Enterprise deployment.
 type ConfigAuth struct {
 	ProviderType *AuthProviderType `json:"provider_type"`
 	OIDC         *ConfigOIDC       `json:"oidc"`
 	SAML         *ConfigSAML       `json:"saml"`
 }
 
+// ConfigOIDC describes the OIDC configuration for single-signon support in Coder Enterprise.
 type ConfigOIDC struct {
 	ClientID     *string `json:"client_id"`
 	ClientSecret *string `json:"client_secret"`
 	Issuer       *string `json:"issuer"`
 }
 
+// ConfigSAML describes the SAML configuration values.
 type ConfigSAML struct {
 	IdentityProviderMetadataURL *string `json:"idp_metadata_url"`
 	SignatureAlgorithm          *string `json:"signature_algorithm"`
@@ -34,28 +38,33 @@ type ConfigSAML struct {
 	PublicKeyCertificate        *string `json:"public_key_certificate"`
 }
 
+// ConfigOAuthBitbucketServer describes the Bitbucket integration configuration for a Coder Enterprise deployment.
 type ConfigOAuthBitbucketServer struct {
 	BaseURL string `json:"base_url" diff:"oauth.bitbucket_server.base_url"`
 }
 
+// ConfigOAuthGitHub describes the Github integration configuration for a Coder Enterprise deployment.
 type ConfigOAuthGitHub struct {
 	BaseURL      string `json:"base_url"`
 	ClientID     string `json:"client_id"`
 	ClientSecret string `json:"client_secret"`
 }
 
+// ConfigOAuthGitLab describes the GitLab integration configuration for a Coder Enterprise deployment.
 type ConfigOAuthGitLab struct {
 	BaseURL      string `json:"base_url"`
 	ClientID     string `json:"client_id" `
 	ClientSecret string `json:"client_secret"`
 }
 
+// ConfigOAuth describes the aggregate git integration configuration for a Coder Enterprise deployment.
 type ConfigOAuth struct {
 	BitbucketServer ConfigOAuthBitbucketServer `json:"bitbucket_server"`
 	GitHub          ConfigOAuthGitHub          `json:"github"`
 	GitLab          ConfigOAuthGitLab          `json:"gitlab"`
 }
 
+// SiteConfigAuth fetches the sitewide authentication configuration.
 func (c Client) SiteConfigAuth(ctx context.Context) (*ConfigAuth, error) {
 	var conf ConfigAuth
 	if err := c.requestBody(ctx, http.MethodGet, "/api/auth/config", nil, &conf); err != nil {
@@ -64,10 +73,12 @@ func (c Client) SiteConfigAuth(ctx context.Context) (*ConfigAuth, error) {
 	return &conf, nil
 }
 
+// PutSiteConfigAuth sets the sitewide authentication configuration.
 func (c Client) PutSiteConfigAuth(ctx context.Context, req ConfigAuth) error {
 	return c.requestBody(ctx, http.MethodPut, "/api/auth/config", req, nil)
 }
 
+// SiteConfigOAuth fetches the sitewide git provider OAuth configuration.
 func (c Client) SiteConfigOAuth(ctx context.Context) (*ConfigOAuth, error) {
 	var conf ConfigOAuth
 	if err := c.requestBody(ctx, http.MethodGet, "/api/oauth/config", nil, &conf); err != nil {
@@ -76,6 +87,7 @@ func (c Client) SiteConfigOAuth(ctx context.Context) (*ConfigOAuth, error) {
 	return &conf, nil
 }
 
+// PutSiteConfigOAuth sets the sitewide git provider OAuth configuration.
 func (c Client) PutSiteConfigOAuth(ctx context.Context, req ConfigOAuth) error {
 	return c.requestBody(ctx, http.MethodPut, "/api/oauth/config", req, nil)
 }
@@ -84,6 +96,7 @@ type configSetupMode struct {
 	SetupMode bool `json:"setup_mode"`
 }
 
+// SiteSetupModeEnabled fetches the current setup_mode state of a Coder Enterprise deployment.
 func (c Client) SiteSetupModeEnabled(ctx context.Context) (bool, error) {
 	var conf configSetupMode
 	if err := c.requestBody(ctx, http.MethodGet, "/api/config/setup-mode", nil, &conf); err != nil {
@@ -92,6 +105,7 @@ func (c Client) SiteSetupModeEnabled(ctx context.Context) (bool, error) {
 	return conf.SetupMode, nil
 }
 
+// ExtensionMarketplaceType is an enum of the valid extension marketplace configurations.
 type ExtensionMarketplaceType string
 
 // ExtensionMarketplaceType enum.
@@ -101,13 +115,16 @@ const (
 	ExtensionMarketplacePublic   ExtensionMarketplaceType = "public"
 )
 
+// MarketplaceExtensionPublicURL is the URL of the coder.com public marketplace that serves open source Code OSS extensions.
 const MarketplaceExtensionPublicURL = "https://extensions.coder.com/api"
 
+// ConfigExtensionMarketplace describes the sitewide extension marketplace configuration.
 type ConfigExtensionMarketplace struct {
 	URL  string                   `json:"url"`
 	Type ExtensionMarketplaceType `json:"type"`
 }
 
+// SiteConfigExtensionMarketplace fetches the extension marketplace configuration.
 func (c Client) SiteConfigExtensionMarketplace(ctx context.Context) (*ConfigExtensionMarketplace, error) {
 	var conf ConfigExtensionMarketplace
 	if err := c.requestBody(ctx, http.MethodGet, "/api/extensions/config", nil, &conf); err != nil {
@@ -116,6 +133,7 @@ func (c Client) SiteConfigExtensionMarketplace(ctx context.Context) (*ConfigExte
 	return &conf, nil
 }
 
+// PutSiteConfigExtensionMarketplace sets the extension marketplace configuration.
 func (c Client) PutSiteConfigExtensionMarketplace(ctx context.Context, req ConfigExtensionMarketplace) error {
 	return c.requestBody(ctx, http.MethodPut, "/api/extensions/config", req, nil)
 }
diff --git a/coder-sdk/env.go b/coder-sdk/env.go
@@ -10,7 +10,7 @@ import (
 	"nhooyr.io/websocket/wsjson"
 )
 
-// Environment describes a Coder environment
+// Environment describes a Coder environment.
 type Environment struct {
 	ID               string           `json:"id"                 table:"-"`
 	Name             string           `json:"name"               table:"Name"`
@@ -40,7 +40,7 @@ type RebuildMessage struct {
 	AutoOffThreshold Duration `json:"auto_off_threshold"`
 }
 
-// EnvironmentStat represents the state of an environment
+// EnvironmentStat represents the state of an environment.
 type EnvironmentStat struct {
 	Time            time.Time         `json:"time"`
 	LastOnline      time.Time         `json:"last_online"`
@@ -58,7 +58,7 @@ func (e EnvironmentStat) String() string { return string(e.ContainerStatus) }
 // EnvironmentStatus refers to the states of an environment.
 type EnvironmentStatus string
 
-// The following represent the possible environment container states
+// The following represent the possible environment container states.
 const (
 	EnvironmentCreating EnvironmentStatus = "CREATING"
 	EnvironmentOff      EnvironmentStatus = "OFF"
@@ -89,7 +89,7 @@ func (c Client) CreateEnvironment(ctx context.Context, orgID string, req CreateE
 }
 
 // Environments lists environments returned by the given filter.
-// TODO: add the filter options, explore performance issues
+// TODO: add the filter options, explore performance issue.
 func (c Client) Environments(ctx context.Context) ([]Environment, error) {
 	var envs []Environment
 	if err := c.requestBody(ctx, http.MethodGet, "/api/environments", nil, &envs); err != nil {
@@ -146,7 +146,7 @@ func (c Client) DialWsep(ctx context.Context, env *Environment) (*websocket.Conn
 	return c.dialWebsocket(ctx, "/proxy/environments/"+env.ID+"/wsep")
 }
 
-// DialIDEStatus opens a websocket connection for cpu load metrics on the environment
+// DialIDEStatus opens a websocket connection for cpu load metrics on the environment.
 func (c Client) DialIDEStatus(ctx context.Context, envID string) (*websocket.Conn, error) {
 	return c.dialWebsocket(ctx, "/proxy/environments/"+envID+"/ide/api/status")
 }
@@ -204,7 +204,7 @@ func (c Client) DialEnvironmentStats(ctx context.Context, envID string) (*websoc
 	return c.dialWebsocket(ctx, "/api/environments/"+envID+"/watch-stats")
 }
 
-// DialResourceLoad opens a websocket connection for cpu load metrics on the environment
+// DialResourceLoad opens a websocket connection for cpu load metrics on the environment.
 func (c Client) DialResourceLoad(ctx context.Context, envID string) (*websocket.Conn, error) {
 	return c.dialWebsocket(ctx, "/api/environments/"+envID+"/watch-resource-load")
 }
@@ -233,7 +233,7 @@ type buildLogMsg struct {
 	Type BuildLogType `json:"type"`
 }
 
-// WaitForEnvironmentReady will watch the build log and return when done
+// WaitForEnvironmentReady will watch the build log and return when done.
 func (c Client) WaitForEnvironmentReady(ctx context.Context, env *Environment) error {
 	conn, err := c.DialEnvironmentBuildLog(ctx, env.ID)
 	if err != nil {

diff --git a/coder-sdk/error.go b/coder-sdk/error.go
@@ -9,8 +9,14 @@ import (
 	"golang.org/x/xerrors"
 )
 
-// ErrNotFound describes an error case in which the requested resource could not be found
-var ErrNotFound = xerrors.Errorf("resource not found")
+// ErrNotFound describes an error case in which the requested resource could not be found.
+var ErrNotFound = xerrors.New("resource not found")
+
+// ErrPermissions describes an error case in which the requester has insufficient permissions to access the requested resource.
+var ErrPermissions = xerrors.New("insufficient permissions")
+
+// ErrAuthentication describes the error case in which the requester has invalid authentication.
+var ErrAuthentication = xerrors.New("invalid authentication")
 
 // APIError is the expected payload format for our errors.
 type APIError struct {

diff --git a/coder-sdk/image.go b/coder-sdk/image.go
@@ -5,7 +5,7 @@ import (
 	"net/http"
 )
 
-// Image describes a Coder Image
+// Image describes a Coder Image.
 type Image struct {
 	ID              string  `json:"id"`
 	OrganizationID  string  `json:"organization_id"`
@@ -18,15 +18,15 @@ type Image struct {
 	Deprecated      bool    `json:"deprecated"`
 }
 
-// NewRegistryRequest describes a docker registry used in importing an image
+// NewRegistryRequest describes a docker registry used in importing an image.
 type NewRegistryRequest struct {
 	FriendlyName string `json:"friendly_name"`
 	Registry     string `json:"registry"`
 	Username     string `json:"username"`
 	Password     string `json:"password"`
 }
 
-// ImportImageReq is used to import new images and registries into Coder
+// ImportImageReq is used to import new images and registries into Coder.
 type ImportImageReq struct {
 	RegistryID      *string             `json:"registry_id"`  // Used to import images to existing registries.
 	NewRegistry     *NewRegistryRequest `json:"new_registry"` // Used when adding a new registry.
@@ -39,7 +39,7 @@ type ImportImageReq struct {
 	URL             string              `json:"url"`
 }
 
-// ImportImage creates a new image and optionally a new registry
+// ImportImage creates a new image and optionally a new registry.
 func (c Client) ImportImage(ctx context.Context, orgID string, req ImportImageReq) (*Image, error) {
 	var img Image
 	if err := c.requestBody(ctx, http.MethodPost, "/api/orgs/"+orgID+"/images", req, &img); err != nil {