Add flake, fix integration tests (#33)

.envrc

@@ -0,0 +1 @@
+use flake

.github/dependabot.yml

@@ -0,0 +1,6 @@
+version: 2
+updates:
+- package-ecosystem: "github-actions"
+  directory: "/"
+  schedule:
+    interval: "monthly"

.github/workflows/go-ci.yaml

@@ -1,6 +1,6 @@
 name: Go CI
 
-'on':
+"on":
   push:
     branches:
       - main
@@ -14,75 +14,75 @@ jobs:
     needs: get_refs
     strategy:
       matrix:
-        go-version: [1.17.x, 1.18.x]
+        go-version: [1.19.x, 1.20.x]
         os:
-        - ubuntu-22.04
-        - macos-12
+          - ubuntu-22.04
+          - macos-12
         # - windows-2022 Can't install libzmq.
     runs-on: ${{ matrix.os }}
     steps:
-    - uses: actions/setup-go@v3
-      with:
-        go-version: ${{ matrix.go-version }}
-    - uses: actions/checkout@v3
-    - name: clone the tsp
-      uses: actions/checkout@v3
-      with:
-        repository: IronCoreLabs/tenant-security-proxy
-        ref: ${{ needs.get_refs.outputs.tenant-security-proxy }}
-        path: tenant-security-proxy
-        token: ${{ secrets.WORKFLOW_PAT }}
-    - uses: actions/cache@v2
-      with:
-        # In order:
-        # * Module download cache
-        # * Build cache (Linux)
-        # * Build cache (Mac)
-        # * Build cache (Windows)
-        # * Cargo registry
-        # * Cargo packages
-        # * TSP build
-        path: |
-          ~/go/pkg/mod
-          ~/.cache/go-build
-          ~/Library/Caches/go-build
-          ~\AppData\Local\go-build
-          ~/.cargo/registry
-          ~/.cargo/git
-          tenant-security-proxy/target
-        key: ${{ runner.os }}-go-${{ matrix.go-version }}-${{ hashFiles('**/go.sum') }}
-        restore-keys: |
-          ${{ runner.os }}-go-${{ matrix.go-version }}-
-    - name: Decrypt TSC integration keys
-      uses: IronCoreLabs/ironhide-actions/decrypt@v2
-      with:
-        keys: ${{ secrets.IRONHIDE_KEYS }}
-        input: .env.integration.iron
-    - name: install zmq (linux)
-      if: ${{ runner.os == 'Linux' }}
-      run: sudo apt update && sudo apt install -y --no-install-recommends libzmq3-dev
-    - name: install zmq (mac)
-      if: ${{ runner.os == 'macOS' }}
-      run: brew install zmq coreutils
-    - name: Build TSP
-      working-directory: tenant-security-proxy
-      run: cargo build --release
-    - name: Run tests
-      run: |
-        cd tenant-security-proxy && env $(cat ../.env.integration) cargo run --release &
-        timeout 700 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' localhost:9000/ready)" =~ ''[01346-9][0-9][0-9]'' ]]; do sleep 5; done' || false
-        env $(cat .env.integration) go test ./...
+      - uses: actions/setup-go@v4
+        with:
+          go-version: ${{ matrix.go-version }}
+      - uses: actions/checkout@v3
+      - name: clone the tsp
+        uses: actions/checkout@v3
+        with:
+          repository: IronCoreLabs/tenant-security-proxy
+          ref: ${{ needs.get_refs.outputs.tenant-security-proxy }}
+          path: tenant-security-proxy
+          token: ${{ secrets.WORKFLOW_PAT }}
+      - uses: actions/cache@v3
+        with:
+          # In order:
+          # * Module download cache
+          # * Build cache (Linux)
+          # * Build cache (Mac)
+          # * Build cache (Windows)
+          # * Cargo registry
+          # * Cargo packages
+          # * TSP build
+          path: |
+            ~/go/pkg/mod
+            ~/.cache/go-build
+            ~/Library/Caches/go-build
+            ~\AppData\Local\go-build
+            ~/.cargo/registry
+            ~/.cargo/git
+            tenant-security-proxy/target
+          key: ${{ runner.os }}-go-${{ matrix.go-version }}-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-go-${{ matrix.go-version }}-
+      - name: Decrypt TSC integration keys
+        uses: IronCoreLabs/ironhide-actions/decrypt@v3
+        with:
+          keys: ${{ secrets.IRONHIDE_KEYS }}
+          input: .env.integration.iron
+      - name: install zmq (linux)
+        if: ${{ runner.os == 'Linux' }}
+        run: sudo apt update && sudo apt install -y --no-install-recommends libzmq3-dev
+      - name: install zmq (mac)
+        if: ${{ runner.os == 'macOS' }}
+        run: brew install zmq coreutils
+      - name: Build TSP
+        working-directory: tenant-security-proxy
+        run: cargo build --release
+      - name: Run tests
+        run: |
+          cd tenant-security-proxy && env $(cat ../.env.integration) cargo run --release &
+          timeout 700 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' localhost:9000/ready)" =~ ''[01346-9][0-9][0-9]'' ]]; do sleep 5; done' || false
+          env $(cat .env.integration) go test ./... -v
 
-  check:
+  lint:
     runs-on: ubuntu-22.04
     steps:
-    - uses: actions/setup-go@v3
-      with:
-        go-version: ${{ matrix.go-version }}
-    - uses: actions/checkout@v3
-    - uses: golangci/golangci-lint-action@v3
-      with:
-        version: v1.46
+      - uses: actions/setup-go@v4
+        with:
+          go-version: 1.20.x
+      - uses: actions/checkout@v3
+      - uses: golangci/golangci-lint-action@v3
+        with:
+          version: v1.53
 
   # Look for a comment telling us what refs to use from the other repos we depend on.
   # To add additional repositories, add them to "outputs" and to the "Setup list of required repos" step.
@@ -144,14 +144,14 @@ jobs:
           done
       - name: Post a reaction (parsed your comment)
         if: steps.get_refs.outcome == 'success'
-        uses: peter-evans/create-or-update-comment@v2
+        uses: peter-evans/create-or-update-comment@v3
         with:
           issue-number: ${{ steps.get_pr.outputs.pr }}
           comment-id: ${{ steps.find_comment.outputs.comment-id }}
           reactions: eyes
       - name: Post a reaction (unparsed comment)
         if: steps.get_refs.outcome == 'failure'
-        uses: peter-evans/create-or-update-comment@v2
+        uses: peter-evans/create-or-update-comment@v3
         with:
           issue-number: ${{ steps.get_pr.outputs.pr }}
           comment-id: ${{ steps.find_comment.outputs.comment-id }}

.gitignore

@@ -1 +1,2 @@
 .env.integration
+.direnv

.golangci.yml

@@ -1,76 +1,72 @@
 linters:
   enable:
-    - asciicheck
-    - bidichk
-    - bodyclose
-    - containedctx
-    - contextcheck
-    - deadcode
-    - depguard
-    - dogsled
-    - dupl
-    - durationcheck
-    - errcheck
-    - errchkjson
-    - errname
-    - errorlint
-    - execinquery
-    - exhaustive
-    - exportloopref
-    - forbidigo
-    - forcetypeassert
-    - funlen
-    - gci
-    # - gochecknoglobals
-    # - gochecknoinits
-    - gocognit
-    - goconst
-    - gocritic
-    - gocyclo
-    - godot
-    - godox
-    - goerr113
-    - gofmt
-    - goimports
-    - gomnd
-    - gomoddirectives
-    - goprintffuncname
-    - gosec
-    - gosimple
-    - govet
-    - grouper
-    - importas
-    - ineffassign
-    - ireturn
-    - lll
-    - makezero
-    - misspell
-    - nakedret
-    - nilerr
-    - nilnil
-    - noctx
-    - nolintlint
-    - nonamedreturns
-    - nosprintfhostport
-    - prealloc
-    - predeclared
-    - promlinter
-    - revive
-    - rowserrcheck
-    - sqlclosecheck
-    - staticcheck
-    - structcheck
-    - stylecheck
-    - tagliatelle
-    - tenv
-    - thelper
-    - tparallel
-    - typecheck
-    - unconvert
-    - unparam
-    - unused
-    - varcheck
-    - varnamelen
-    - wastedassign
-    - whitespace
-    - wrapcheck
+  - asciicheck
+  - bidichk
+  - bodyclose
+  - containedctx
+  - contextcheck
+  - dogsled
+  - dupl
+  - durationcheck
+  - errcheck
+  - errchkjson
+  - errname
+  - errorlint
+  - execinquery
+  - exhaustive
+  - exportloopref
+  - forbidigo
+  - forcetypeassert
+  - funlen
+  - gci
+  # - gochecknoglobals
+  # - gochecknoinits
+  - gocognit
+  - goconst
+  - gocritic
+  - gocyclo
+  - godot
+  - godox
+  - goerr113
+  - gofmt
+  - goimports
+  - gomnd
+  - gomoddirectives
+  - goprintffuncname
+  - gosec
+  - gosimple
+  - govet
+  - grouper
+  - importas
+  - ineffassign
+  - ireturn
+  - lll
+  - makezero
+  - misspell
+  - nakedret
+  - nilerr
+  - nilnil
+  - noctx
+  - nolintlint
+  - nonamedreturns
+  - nosprintfhostport
+  - prealloc
+  - predeclared
+  - promlinter
+  - revive
+  - rowserrcheck
+  - sqlclosecheck
+  - staticcheck
+  - stylecheck
+  - tagliatelle
+  - tenv
+  - thelper
+  - tparallel
+  - typecheck
+  - unconvert
+  - unparam
+  - unused
+  - varnamelen
+  - wastedassign
+  - whitespace
+  - wrapcheck

CHANGELOG.md

@@ -1,5 +1,9 @@
 # Changelog
 
+## v0.3.0 (Unreleased)
+
+- Change minimum required Go version to 1.19
+
 ## v0.2.2
 
 - Retract v0.1.x of the tenant-security-client-go

CONTRIBUTING.md

@@ -0,0 +1,33 @@
+# Contributing to Tenant Security Client Go
+
+## Tests
+
+This client has both a set of unit tests as well an integration test suite. Because of the complexity of the various services required to run non-unit test suites, these tests require additional setup, which is explained below.
+
+### Unit Tests
+
+Tests that check functionality that is contained within the client.
+
+```
+go test ./...
+```
+
+#### Complete Integration Tests
+
+We've created a number of accounts within a Config Broker dev environment that have tenants set up for all the different KMS types that we support. This allows us to run a more complete suite of integration tests that exercise more parts of both the client as well as the Tenant Security Proxy. These tests are not runnable by the public. You can view the results of these test runs in [CI](https://github.com/IronCoreLabs/tenant-security-client-go/actions).
+
+The integration tests are run the same way as the regular tests, but require the `API_KEY` environment variable to be set. This value is stored encrypted in `.env.integration.iron`.
+
+## CI Automated Tests
+
+The CI job runs tests using the [tenant-security-proxy](https://github.com/IronCoreLabs/tenant-security-proxy) repo.
+If your tests don't build against the default branch of that repo, you can change it by adding a command to the pull request. The
+comment should contain the string `CI_branches` and a JSON object like
+`{"tenant-security-proxy": "some_branch"}`. You can include formatting, prose, or a haiku,
+but no `{` or `}` characters. Example:
+
+```
+CI_branches: `{"tenant-security-proxy": "some_branch"}`
+
+This new branch needs to build against some_branch.
+```

crypto_test.go

@@ -13,6 +13,7 @@ import (
 )
 
 // These values come from tenant-security-client-php for easy cross-SDK testing.
+//
 //nolint:lll
 const knownGoodEncryptedValueHexString string = "0349524f4e016c0a1c3130eaf8ff88c1a08df550095522aebfdc7b0d060d3adad8836fea7e1acb020ac80274656e616e74496474656e616e74496474656e616e74496474656e616e74496474656e616e74496474656e616e74496474656e616e74496474656e616e74496474656e616e74496474656e616e74496474656e616e74496474656e616e74496474656e616e74496474656e616e74496474656e616e74496474656e616e74496474656e616e74496474656e616e74496474656e616e74496474656e616e74496474656e616e74496474656e616e74496474656e616e74496474656e616e74496474656e616e74496474656e616e74496474656e616e74496474656e616e74496474656e616e74496474656e616e74496474656e616e74496474656e616e74496474656e616e74496474656e616e74496474656e616e74496474656e616e74496474656e616e74496474656e616e74496474656e616e74496474656e616e74496474656e616e744964bb54218111033f5c68c92feb8fae88c255cc56e902becdfde679defa2628950beb966e0e43d27f42dcdbd98587e8bf5f8458411760fb72ca4442ae79877da90dff7de6df43e549df3085aae5f55f05aa37cdd045ffa7"
 const knownDekString string = "3939393939393939393939393939393939393939393939393939393939393939"

error.go

@@ -100,8 +100,9 @@ func (e *Error) Is(target error) bool {
 	return e.Kind == t.Kind && (t.Code == 0 || e.Code == t.Code)
 }
 
-//nolint:wrapcheck // Because this function is called by json code, it should return a json error.
 // UnmarshalJSON will unmarshal the Code and Message, then set the error's Kind.
+//
+//nolint:wrapcheck // Because this function is called by json code, it should return a json error.
 func (e *Error) UnmarshalJSON(data []byte) error {
 	rawError := struct {
 		Code    ErrorCode `json:"code"`