Fix spelling errors (spiffe#4623)

Signed-off-by: Keegan Witt <[email protected]>

cmd/spire-server/cli/federation/create_test.go

@@ -18,7 +18,7 @@ import (
 	"google.golang.org/grpc/codes"
 )
 
-func TestCreatetHelp(t *testing.T) {
+func TestCreateHelp(t *testing.T) {
 	test := setupTest(t, newCreateCommand)
 	test.client.Help()
 

cmd/spire-server/cli/run/run.go

@@ -962,7 +962,7 @@ func keyTypeFromString(s string) (keymanager.KeyType, error) {
 }
 
 // hasCompatibleTTL checks if we can guarantee the configured SVID TTL given the
-// configurd CA TTL. If we detect that a new SVID TTL may be cut short due to
+// configured CA TTL. If we detect that a new SVID TTL may be cut short due to
 // a scheduled CA rotation, this function will return false. This method should
 // be called for each SVID TTL we may use
 func hasCompatibleTTL(caTTL time.Duration, svidTTL time.Duration) bool {

doc/plugin_server_datastore_sql.md

@@ -49,7 +49,7 @@ If you are compiling SPIRE from source, please see [SQLite and CGO](#sqlite-and-
 
 ### `database_type = "postgres"`
 
-The `connection_string` for the PostreSQL database connection consists of the number of configuration options separated by spaces.
+The `connection_string` for the PostgreSQL database connection consists of the number of configuration options separated by spaces.
 
 For example:
 

pkg/agent/api/debug/v1/service_test.go

@@ -69,7 +69,7 @@ func TestGetInfo(t *testing.T) {
 		SVID: svidWithIntermediate.Certificates,
 		Key:  svidWithIntermediate.PrivateKey.(*ecdsa.PrivateKey),
 	}
-	// Manually create SVID chain with intemediate
+	// Manually create SVID chain with intermediate
 	svidWithIntermediateChain := []*debugv1.GetInfoResponse_Cert{
 		{
 			Id:        &types.SPIFFEID{TrustDomain: "example.org", Path: "/spire/agent/bar"},

pkg/agent/manager/cache/cache.go

@@ -320,7 +320,7 @@ func (c *Cache) UpdateEntries(update *UpdateEntries, checkSVID func(*common.Regi
 		}
 
 		// If any selectors or federated bundles were changed, then make
-		// sure subscribers for the new and extisting entry selector sets
+		// sure subscribers for the new and existing entry selector sets
 		// are notified.
 		if selectorsChanged {
 			if existingEntry != nil {

pkg/agent/manager/cache/cache_test.go

@@ -330,7 +330,7 @@ func TestSubscriberNotifiedOnSVIDChanges(t *testing.T) {
 	})
 }
 
-func TestSubcriberNotificationsOnSelectorChanges(t *testing.T) {
+func TestSubscriberNotificationsOnSelectorChanges(t *testing.T) {
 	cache := newTestCache()
 
 	// initialize the cache with a FOO entry with selector A and an SVID
@@ -386,7 +386,7 @@ func newTestCache() *Cache {
 	return New(log, spiffeid.RequireTrustDomainFromString("domain.test"), bundleV1, telemetry.Blackhole{})
 }
 
-func TestSubcriberNotifiedWhenEntryDropped(t *testing.T) {
+func TestSubscriberNotifiedWhenEntryDropped(t *testing.T) {
 	cache := newTestCache()
 
 	subA := cache.subscribeToWorkloadUpdates(makeSelectors("A"))
@@ -447,7 +447,7 @@ func TestSubcriberNotifiedWhenEntryDropped(t *testing.T) {
 	assertNoWorkloadUpdate(t, subB)
 }
 
-func TestSubcriberOnlyGetsEntriesWithSVID(t *testing.T) {
+func TestSubscriberOnlyGetsEntriesWithSVID(t *testing.T) {
 	cache := newTestCache()
 
 	foo := makeRegistrationEntry("FOO", "A")

pkg/agent/manager/cache/lru_cache.go

@@ -339,7 +339,7 @@ func (c *LRUCache) UpdateEntries(update *UpdateEntries, checkSVID func(*common.R
 		}
 
 		// If any selectors or federated bundles were changed, then make
-		// sure subscribers for the new and extisting entry selector sets
+		// sure subscribers for the new and existing entry selector sets
 		// are notified.
 		if selectorsChanged {
 			if existingEntry != nil {

pkg/agent/manager/storecache/cache.go

@@ -13,7 +13,7 @@ import (
 	"github.com/spiffe/spire/proto/spire/common"
 )
 
-// Record holds the latests cached SVID with its context
+// Record holds the latest cached SVID with its context
 type Record struct {
 	// ID holds entry ID
 	ID string
@@ -53,9 +53,9 @@ type Cache struct {
 
 	mtx sync.RWMutex
 
-	// bundles holds the latests bundles
+	// bundles holds the latest bundles
 	bundles map[spiffeid.TrustDomain]*spiffebundle.Bundle
-	// records holds all the latests SVIDs with its entries
+	// records holds all the latest SVIDs with its entries
 	records map[string]*cachedRecord
 
 	// staleEntries holds stale registration entries
@@ -71,8 +71,8 @@ func New(config *Config) *Cache {
 	}
 }
 
-// UpdateEntries using `UpdateEntries` updates and validates latests entries,
-// record's revision number is incremented on each record baed on:
+// UpdateEntries using `UpdateEntries` updates and validates latest entries,
+// record's revision number is incremented on each record based on:
 // - Knowledge or when the SVID for that entry changes
 // - Knowledge when the bundle changes
 // - Knowledge when a federated bundle related to an storable entry changes
@@ -188,7 +188,7 @@ func (c *Cache) UpdateEntries(update *cache.UpdateEntries, checkSVID func(*commo
 	}
 }
 
-// UpdateSVIDs updates cache with latests SVIDs
+// UpdateSVIDs updates cache with latest SVIDs
 func (c *Cache) UpdateSVIDs(update *cache.UpdateSVIDs) {
 	c.mtx.Lock()
 	defer c.mtx.Unlock()
@@ -268,7 +268,7 @@ func (c *Cache) ReadyToStore() []*Record {
 	return records
 }
 
-// HandledRecord updates handled revision, and sets the latests processed entry
+// HandledRecord updates handled revision, and sets the latest processed entry
 func (c *Cache) HandledRecord(handledEntry *common.RegistrationEntry, revision int64) {
 	c.mtx.Lock()
 	defer c.mtx.Unlock()

pkg/agent/manager/storecache/cache_test.go

@@ -139,7 +139,7 @@ func TestUpdateEntriesWithMultipleEntries(t *testing.T) {
 		},
 	}
 
-	// Call update entries againt to update cache
+	// Call update entries again to update cache
 	c.UpdateEntries(update, nil)
 
 	expectedRecords = []*storecache.Record{
@@ -1075,7 +1075,7 @@ func TestCheckSVID(t *testing.T) {
 			"foh": entry,
 		},
 	}
-	// All new entries so no expeting previous entry or svid.
+	// All new entries so not expecting previous entry or svid.
 	c.UpdateEntries(update, func(re1, re2 *common.RegistrationEntry, xs *cache.X509SVID) bool {
 		assert.Nil(t, re1)
 		assert.Equal(t, entry, re2)
@@ -1093,7 +1093,7 @@ func TestCheckSVID(t *testing.T) {
 		},
 	})
 
-	// Creating new entry with same information instead of clonning and change revision
+	// Creating new entry with same information instead of cloning and change revision
 	updatedEntry := createTestEntry()
 	updatedEntry.RevisionNumber = 10
 	update = &cache.UpdateEntries{

pkg/agent/plugin/nodeattestor/tpmdevid/tpmutil/session.go

@@ -22,7 +22,7 @@ const EKCertificateHandleRSA = tpmutil.Handle(0x01c00002)
 const randomPasswordSize = 32
 
 // Session represents a TPM with loaded DevID credentials and exposes methods
-// to perfom cryptographyc operations relevant to the SPIRE node attestation
+// to perform cryptographic operations relevant to the SPIRE node attestation
 // workflow.
 type Session struct {
 	devID    *SigningKey

pkg/agent/plugin/workloadattestor/k8s/k8s.go

@@ -58,7 +58,7 @@ func builtin(p *Plugin) catalog.BuiltIn {
 // HCLConfig holds the configuration parsed from HCL
 type HCLConfig struct {
 	// KubeletReadOnlyPort defines the read only port for the kubelet
-	// (typically 10255). This option is mutally exclusive with
+	// (typically 10255). This option is mutually exclusive with
 	// KubeletSecurePort.
 	KubeletReadOnlyPort int `hcl:"kubelet_read_only_port"`
 

pkg/agent/plugin/workloadattestor/k8s/k8s_posix.go

@@ -57,7 +57,7 @@ func (h *containerHelper) Configure(config *HCLConfig, log hclog.Logger) error {
 func (h *containerHelper) GetOSSelectors(ctx context.Context, log hclog.Logger, containerStatus *corev1.ContainerStatus) ([]string, error) {
 	var selectors []string
 	if h.sigstoreClient != nil {
-		log.Debug("Attemping to get signature info for container", telemetry.ContainerName, containerStatus.Name)
+		log.Debug("Attempting to get signature info for container", telemetry.ContainerName, containerStatus.Name)
 		sigstoreSelectors, err := h.sigstoreClient.AttestContainerSignatures(ctx, containerStatus)
 		if err != nil {
 			log.Error("Error retrieving signature payload", "error", err)

pkg/agent/svid/store/service_test.go

@@ -161,7 +161,7 @@ func TestRunDeleteSecrets(t *testing.T) {
 		// readyRecords list of records that are ready to be stored
 		readyRecords []*storecache.Record
 		// stores is a list of configured SVIDStores,
-		// it contains the list of expecerd configurations to be send
+		// it contains the list of expected configurations to be send
 		stores map[string]*fakeSVIDStore
 		// logs is the list of expected logs
 		logs []spiretest.LogEntry

pkg/common/bundleutil/bundle_test.go

@@ -243,7 +243,7 @@ func TestSPIFFEBundleToProto(t *testing.T) {
 			},
 		},
 		{
-			name:   "fail with error marshaling jwt public key",
+			name:   "fail with error marshalling jwt public key",
 			bundle: bundleInvalidKey,
 			expErr: errors.New("failed to marshal public key: x509: unsupported public key type: string"),
 		},

pkg/common/catalog/catalog.go

@@ -26,7 +26,7 @@ type PluginRepo interface {
 	ServiceRepo
 
 	// Constraints returns the constraints required by the plugin repository.
-	// The Load funcion will ensure that these constraints are satisfied before
+	// The Load function will ensure that these constraints are satisfied before
 	// returning successfully.
 	Constraints() Constraints
 

pkg/common/catalog/config.go

@@ -89,7 +89,7 @@ func PluginConfigsFromHCLNode(pluginsNode ast.Node) (PluginConfigs, error) {
 		return nil, fmt.Errorf("failed to decode plugins config: %w", err)
 	}
 
-	// Santity check the length of the pluginsMapList and those found when
+	// Sanity check the length of the pluginsMapList and those found when
 	// determining order. If this mismatches, it's a bug.
 	if pluginsLen := pluginsMaps.Len(); pluginsLen != len(order) {
 		return nil, fmt.Errorf("bug: expected %d plugins but got %d", len(order), pluginsLen)

pkg/common/cli/flags.go

@@ -34,7 +34,7 @@ func (f *DurationFlag) Set(v string) error {
 	return nil
 }
 
-// StringsFlag faciliates setting multiple flags
+// StringsFlag facilitates setting multiple flags
 type StringsFlag []string
 
 func (s *StringsFlag) String() string {

pkg/common/health/cache.go

@@ -157,8 +157,8 @@ func (c *cache) setStatus(name string, prevState checkState, state checkState) {
 	c.mtx.Lock()
 	defer c.mtx.Unlock()
 
-	// We are sure that checker exist in this plase, to be able to check
-	// status of a subsytem we must call the checker inside this map
+	// We are sure that checker exist in this place, to be able to check
+	// status of a subsystem we must call the checker inside this map
 	c.checkerSubsystems[name].state = state
 }
 

pkg/common/peertracker/tracker_windows.go

@@ -71,7 +71,7 @@ func (t *windowsTracker) newWindowsWatcher(info CallerInfo, log logrus.FieldLogg
 
 	// This is a mitigation for attacks that leverage opening a
 	// named pipe through the local SMB server that set the PID
-	// attribute to 0xFEFF (65279). We wanto to prevent abusing
+	// attribute to 0xFEFF (65279). We want to to prevent abusing
 	// the fact that Windows reuses PID values and an attacker could
 	// cycle through process creation until it has a suitable process
 	// meeting the security check requirements from SMB server.

pkg/common/plugin/k8s/apiserver/client_test.go

@@ -296,7 +296,7 @@ func (s *ClientSuite) TestLoadClientFailsIfConfigCannotBeCreated() {
 	s.Nil(clientset)
 }
 
-func (s *ClientSuite) TestLoadClientSucceds() {
+func (s *ClientSuite) TestLoadClientSucceeds() {
 	kubeConfigPath := filepath.Join(s.dir, "config")
 	s.createSampleKubeConfigFile(kubeConfigPath)
 	clientset, err := loadClient(kubeConfigPath)

pkg/common/util/task.go

@@ -13,7 +13,7 @@ import (
 // returned. If all functions finish to completion successfully, RunTasks
 // returns nil. If the context passed to RunTasks is canceled then each
 // function is canceled and RunTasks returns ctx.Err(). Tasks passed to
-// RunTasks MUST support cancelation via the provided context for RunTasks to
+// RunTasks MUST support cancellation via the provided context for RunTasks to
 // work properly.
 func RunTasks(ctx context.Context, tasks ...func(context.Context) error) error {
 	var wg sync.WaitGroup
@@ -62,7 +62,7 @@ func RunTasks(ctx context.Context, tasks ...func(context.Context) error) error {
 // If all functions finish to completion successfully, SerialRun
 // returns nil. If the context passed to SerialRun is canceled
 // then each function is canceled and SerialRun returns ctx.Err().
-// Tasks passed to SerialRun MUST support cancelation via the provided
+// Tasks passed to SerialRun MUST support cancellation via the provided
 // context for SerialRun to work properly.
 func SerialRun(tasks ...func(context.Context) error) func(ctx context.Context) error {
 	return func(ctx context.Context) (err error) {

pkg/server/api/bundle/v1/service_test.go

@@ -1497,7 +1497,7 @@ func TestListFederatedBundles(t *testing.T) {
 		{
 			name: "page bundles",
 			// Returns only one element because server bundle is the first element
-			// returned by datastore, and we filter resutls on service
+			// returned by datastore, and we filter results on service
 			expectBundlePages: [][]*common.Bundle{
 				{b1},
 				{b2, b3},

pkg/server/api/debug/v1/service_test.go

@@ -139,13 +139,13 @@ func TestGetInfo(t *testing.T) {
 	}
 
 	// Parse federated  bundle into DER raw
-	federatedBudle, err := pemutil.ParseCertificate([]byte(federatedBundle))
+	federatedBundle, err := pemutil.ParseCertificate([]byte(federatedBundle))
 	require.NoError(t, err)
 	commonFederatedBundle := &common.Bundle{
 		TrustDomainId: "spiffe://domain.io",
 		RootCas: []*common.Certificate{
 			{
-				DerBytes: federatedBudle.Raw,
+				DerBytes: federatedBundle.Raw,
 			},
 		},
 	}
@@ -368,7 +368,7 @@ func TestGetInfo(t *testing.T) {
 			bundles: []*common.Bundle{
 				{
 					TrustDomainId: td.IDString(),
-					RootCas:       []*common.Certificate{{DerBytes: federatedBudle.Raw}},
+					RootCas:       []*common.Certificate{{DerBytes: federatedBundle.Raw}},
 				},
 			},
 			code:  codes.Internal,

pkg/server/api/middleware/ratelimit.go

@@ -74,7 +74,7 @@ func PerIPLimit(limit int) api.RateLimiter {
 }
 
 // WithRateLimits returns a middleware that performs rate limiting for the
-// group of methods descripted by the rateLimits map. It provides the
+// group of methods described by the rateLimits map. It provides the
 // configured rate limiter to the method handlers via the request context. If
 // the middleware is invoked for a method that is not described in the map, it
 // will fail the RPC with an INTERNAL error code, describing the RPC that was

pkg/server/bundle/client/client_test.go

@@ -42,7 +42,7 @@ func TestClient(t *testing.T) {
 			status: http.StatusOK,
 			// We don't need a really elaborate body here. this test just
 			// makes sure we unmarshal the body. The unmarshal tests will
-			// provide the coverage for unmarshaling code.
+			// provide the coverage for unmarshalling code.
 			body:       `{"spiffe_refresh_hint": 10}`,
 			serverID:   serverID,
 			expectedID: serverID,

pkg/server/ca/manager/manager.go

@@ -563,7 +563,7 @@ func (m *Manager) notify(ctx context.Context, event string, advise bool, pre fun
 	var allErrs errs.Group
 	for i := 0; i < len(notifiers); i++ {
 		// don't select on the ctx here as we can rely on the plugins to
-		// respond to context cancelation and return an error.
+		// respond to context cancellation and return an error.
 		if err := <-errsCh; err != nil {
 			allErrs.Add(err)
 		}

pkg/server/ca/manager/manager_test.go

@@ -658,7 +658,7 @@ func TestPreparationThresholdCap(t *testing.T) {
 	require.Equal(t, thirtyDays, notAfter.Sub(threshold))
 }
 
-func TestActivationThreshholdCap(t *testing.T) {
+func TestActivationThresholdCap(t *testing.T) {
 	issuedAt := time.Now()
 	notAfter := issuedAt.Add(365 * 24 * time.Hour)
 

pkg/server/cache/entrycache/fullcache_test.go

@@ -148,7 +148,7 @@ func TestCacheReturnsClonedEntries(t *testing.T) {
 	actual := cache.GetAuthorizedEntries(spiffeid.RequireFromString("spiffe://domain.test/node"))
 	spiretest.RequireProtoListEqual(t, []*types.Entry{expected}, actual)
 
-	// Now mutate the returned entry, refetch, and assert the cache copy was
+	// Now mutate the returned entry, re-fetch, and assert the cache copy was
 	// not altered.
 	actual[0].DnsNames = nil
 	actual = cache.GetAuthorizedEntries(spiffeid.RequireFromString("spiffe://domain.test/node"))

pkg/server/datastore/sqlstore/sqlstore_test.go

@@ -745,18 +745,18 @@ func (s *PluginSuite) TestRevokeX509CA() {
 	err = s.ds.RevokeX509CA(ctx, "spiffe://foo", s.cert.PublicKey)
 	require.NoError(t, err)
 
-	fetchedBunde, err := s.ds.FetchBundle(ctx, "spiffe://foo")
+	fetchedBundle, err := s.ds.FetchBundle(ctx, "spiffe://foo")
 	require.NoError(t, err)
 
 	expectedRootCAs := []*common.Certificate{
 		{DerBytes: s.cacert.Raw},
 	}
-	require.Equal(t, expectedRootCAs, fetchedBunde.RootCas)
+	require.Equal(t, expectedRootCAs, fetchedBundle.RootCas)
 
 	expectedTaintedKeys := []*common.X509TaintedKey{
 		{PublicKey: caCertPublicKeyRaw},
 	}
-	require.Equal(t, expectedTaintedKeys, fetchedBunde.X509TaintedKeys)
+	require.Equal(t, expectedTaintedKeys, fetchedBundle.X509TaintedKeys)
 }
 
 func (s *PluginSuite) TestTaintJWTKey() {

pkg/server/endpoints/bundle/server_test.go

@@ -199,7 +199,7 @@ func TestACMEAuth(t *testing.T) {
 
 	// Perform the initial challenge to obtain a new certificate but without
 	// the TOS being accepted. This should fail. We require the ToSAccepted
-	// configurable to be set in order to funcion.
+	// configurable to be set in order to function.
 	t.Run("new-account-tos-not-accepted", func(t *testing.T) {
 		log, hook := test.NewNullLogger()
 		addr, done := newTestServer(t, testGetter(bundle),

pkg/server/endpoints/entryfetcher_test.go

@@ -151,7 +151,7 @@ func TestRunRebuildCacheTask(t *testing.T) {
 		case <-ctx.Done():
 			return nil, ctx.Err()
 		}
-		// Wait for the test to provide the resultss
+		// Wait for the test to provide the results
 		select {
 		case result := <-resultCh:
 			return result.cache, result.err