Skip to content

Commit 85cc531

Browse files
committed
use fmt.Errorf isntead of errors.Wrap
Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
1 parent f8c060e commit 85cc531

30 files changed

Lines changed: 125 additions & 124 deletions

File tree

agent/agent.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@ package agent
33
import (
44
"bytes"
55
"context"
6+
"fmt"
67
"math/rand"
78
"reflect"
89
"sync"
@@ -11,7 +12,6 @@ import (
1112
"github.com/moby/swarmkit/v2/agent/exec"
1213
"github.com/moby/swarmkit/v2/api"
1314
"github.com/moby/swarmkit/v2/log"
14-
"github.com/pkg/errors"
1515
)
1616

1717
const (
@@ -467,7 +467,7 @@ func (a *Agent) handleSessionMessage(ctx context.Context, message *api.SessionMe
467467
if !same {
468468
a.keys = message.NetworkBootstrapKeys
469469
if err := a.config.Executor.SetNetworkBootstrapKeys(a.keys); err != nil {
470-
return errors.Wrap(err, "configuring network key failed")
470+
return fmt.Errorf("configuring network key failed: %w", err)
471471
}
472472
}
473473
}

agent/exec/errors_test.go

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -3,17 +3,15 @@ package exec
33
import (
44
"fmt"
55
"testing"
6-
7-
"github.com/pkg/errors"
86
)
97

108
func TestIsTemporary(t *testing.T) {
119
err := fmt.Errorf("err")
1210
err1 := MakeTemporary(fmt.Errorf("err1: %w", err))
1311
err2 := fmt.Errorf("err2: %w", err1)
14-
err3 := errors.Wrap(err2, "err3")
12+
err3 := fmt.Errorf("err3: %w", err2)
1513
err4 := fmt.Errorf("err4: %w", err3)
16-
err5 := errors.Wrap(err4, "err5")
14+
err5 := fmt.Errorf("err5: %w", err4)
1715

1816
if IsTemporary(nil) {
1917
t.Error("expected error to not be a temporary error")

ca/certificates.go

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -199,13 +199,13 @@ func (rca *RootCA) Signer() (*LocalSigner, error) {
199199
func (rca *RootCA) IssueAndSaveNewCertificates(kw KeyWriter, cn, ou, org string) (*tls.Certificate, *IssuerInfo, error) {
200200
csr, key, err := GenerateNewCSR()
201201
if err != nil {
202-
return nil, nil, errors.Wrap(err, "error when generating new node certs")
202+
return nil, nil, fmt.Errorf("error when generating new node certs: %w", err)
203203
}
204204

205205
// Obtain a signed Certificate
206206
certChain, err := rca.ParseValidateAndSignCSR(csr, cn, ou, org)
207207
if err != nil {
208-
return nil, nil, errors.Wrap(err, "failed to sign node certificate")
208+
return nil, nil, fmt.Errorf("failed to sign node certificate: %w", err)
209209
}
210210
signer, err := rca.Signer()
211211
if err != nil { // should never happen, since if ParseValidateAndSignCSR did not fail this root CA must have a signer
@@ -235,7 +235,7 @@ func (rca *RootCA) RequestAndSaveNewCertificates(ctx context.Context, kw KeyWrit
235235
// Create a new key/pair and CSR
236236
csr, key, err := GenerateNewCSR()
237237
if err != nil {
238-
return nil, nil, errors.Wrap(err, "error when generating new node certs")
238+
return nil, nil, fmt.Errorf("error when generating new node certs: %w", err)
239239
}
240240

241241
// Get the remote manager to issue a CA signed certificate for this node
@@ -397,7 +397,7 @@ func (rca *RootCA) ParseValidateAndSignCSR(csrBytes []byte, cn, ou, org string)
397397
}
398398
cert, err := signer.Sign(signRequest)
399399
if err != nil {
400-
return nil, errors.Wrap(err, "failed to sign node certificate")
400+
return nil, fmt.Errorf("failed to sign node certificate: %w", err)
401401
}
402402

403403
return append(cert, rca.Intermediates...), nil
@@ -423,7 +423,7 @@ func (rca *RootCA) CrossSignCACertificate(otherCAPEM []byte) ([]byte, error) {
423423
template.SignatureAlgorithm = signer.parsedCert.SignatureAlgorithm // make sure we can sign with the signer key
424424
derBytes, err := x509.CreateCertificate(cryptorand.Reader, template, signer.parsedCert, template.PublicKey, signer.cryptoSigner)
425425
if err != nil {
426-
return nil, errors.Wrap(err, "could not cross-sign new CA certificate using old CA material")
426+
return nil, fmt.Errorf("could not cross-sign new CA certificate using old CA material: %w", err)
427427
}
428428

429429
return pem.EncodeToMemory(&pem.Block{
@@ -448,7 +448,7 @@ func NewRootCA(rootCertBytes, signCertBytes, signKeyBytes []byte, certExpiry tim
448448
// Parse all the certificates in the cert bundle
449449
parsedCerts, err := helpers.ParseCertificatesPEM(rootCertBytes)
450450
if err != nil {
451-
return RootCA{}, errors.Wrap(err, "invalid root certificates")
451+
return RootCA{}, fmt.Errorf("invalid root certificates: %w", err)
452452
}
453453
// Check to see if we have at least one valid cert
454454
if len(parsedCerts) < 1 {
@@ -465,7 +465,7 @@ func NewRootCA(rootCertBytes, signCertBytes, signKeyBytes []byte, certExpiry tim
465465
selfpool := x509.NewCertPool()
466466
selfpool.AddCert(cert)
467467
if _, err := cert.Verify(x509.VerifyOptions{Roots: selfpool}); err != nil {
468-
return RootCA{}, errors.Wrap(err, "error while validating Root CA Certificate")
468+
return RootCA{}, fmt.Errorf("error while validating Root CA Certificate: %w", err)
469469
}
470470
pool.AddCert(cert)
471471
}
@@ -480,7 +480,7 @@ func NewRootCA(rootCertBytes, signCertBytes, signKeyBytes []byte, certExpiry tim
480480
if len(intermediates) > 0 {
481481
parsedIntermediates, _, err = ValidateCertChain(pool, intermediates, false)
482482
if err != nil {
483-
return RootCA{}, errors.Wrap(err, "invalid intermediate chain")
483+
return RootCA{}, fmt.Errorf("invalid intermediate chain: %w", err)
484484
}
485485
intermediatePool = x509.NewCertPool()
486486
for _, cert := range parsedIntermediates {
@@ -616,7 +616,7 @@ func newLocalSigner(keyBytes, certBytes []byte, certExpiry time.Duration, rootPo
616616

617617
parsedCerts, err := helpers.ParseCertificatesPEM(certBytes)
618618
if err != nil {
619-
return nil, errors.Wrap(err, "invalid signing CA cert")
619+
return nil, fmt.Errorf("invalid signing CA cert: %w", err)
620620
}
621621
if len(parsedCerts) == 0 {
622622
return nil, errors.New("no valid signing CA certificates found")
@@ -629,13 +629,13 @@ func newLocalSigner(keyBytes, certBytes []byte, certExpiry time.Duration, rootPo
629629
Intermediates: intermediatePool,
630630
}
631631
if _, err := parsedCerts[0].Verify(opts); err != nil {
632-
return nil, errors.Wrap(err, "error while validating signing CA certificate against roots and intermediates")
632+
return nil, fmt.Errorf("error while validating signing CA certificate against roots and intermediates: %w", err)
633633
}
634634

635635
// The key should not be encrypted, but it could be in PKCS8 format rather than PKCS1
636636
priv, err := helpers.ParsePrivateKeyPEM(keyBytes)
637637
if err != nil {
638-
return nil, errors.Wrap(err, "malformed private key")
638+
return nil, fmt.Errorf("malformed private key: %w", err)
639639
}
640640

641641
// We will always use the first certificate inside of the root bundle as the active one
@@ -748,7 +748,7 @@ func GetRemoteCA(ctx context.Context, d digest.Digest, connBroker *connectionbro
748748
if d != "" {
749749
verifier := d.Verifier()
750750
if err != nil {
751-
return RootCA{}, errors.Wrap(err, "unexpected error getting digest verifier")
751+
return RootCA{}, fmt.Errorf("unexpected error getting digest verifier: %w", err)
752752
}
753753

754754
io.Copy(verifier, bytes.NewReader(response.Certificate))

ca/config.go

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -173,7 +173,7 @@ func validateRootCAAndTLSCert(rootCA *RootCA, tlsKeyPair *tls.Certificate) error
173173
for i, derBytes := range tlsKeyPair.Certificate {
174174
parsed, err := x509.ParseCertificate(derBytes)
175175
if err != nil {
176-
return errors.Wrap(err, "could not validate new root certificates due to parse error")
176+
return fmt.Errorf("could not validate new root certificates due to parse error: %w", err)
177177
}
178178
if i == 0 {
179179
leafCert = parsed
@@ -189,7 +189,7 @@ func validateRootCAAndTLSCert(rootCA *RootCA, tlsKeyPair *tls.Certificate) error
189189
Intermediates: intermediatePool,
190190
}
191191
if _, err := leafCert.Verify(opts); err != nil {
192-
return errors.Wrap(err, "new root CA does not match existing TLS credentials")
192+
return fmt.Errorf("new root CA does not match existing TLS credentials: %w", err)
193193
}
194194
return nil
195195
}
@@ -273,20 +273,20 @@ func (s *SecurityConfig) updateTLSCredentials(certificate *tls.Certificate, issu
273273
certs := []tls.Certificate{*certificate}
274274
clientConfig, err := NewClientTLSConfig(certs, s.rootCA.Pool, ManagerRole)
275275
if err != nil {
276-
return errors.Wrap(err, "failed to create a new client config using the new root CA")
276+
return fmt.Errorf("failed to create a new client config using the new root CA: %w", err)
277277
}
278278

279279
serverConfig, err := NewServerTLSConfig(certs, s.rootCA.Pool)
280280
if err != nil {
281-
return errors.Wrap(err, "failed to create a new server config using the new root CA")
281+
return fmt.Errorf("failed to create a new server config using the new root CA: %w", err)
282282
}
283283

284284
if err := s.ClientTLSCreds.loadNewTLSConfig(clientConfig); err != nil {
285-
return errors.Wrap(err, "failed to update the client credentials")
285+
return fmt.Errorf("failed to update the client credentials: %w", err)
286286
}
287287

288288
if err := s.ServerTLSCreds.loadNewTLSConfig(serverConfig); err != nil {
289-
return errors.Wrap(err, "failed to update the server TLS credentials")
289+
return fmt.Errorf("failed to update the server TLS credentials: %w", err)
290290
}
291291

292292
s.certificate = certificate

ca/external.go

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -115,7 +115,7 @@ func (eca *ExternalCA) Sign(ctx context.Context, req signer.SignRequest) (cert [
115115

116116
csrJSON, err := json.Marshal(req)
117117
if err != nil {
118-
return nil, errors.Wrap(err, "unable to JSON-encode CFSSL signing request")
118+
return nil, fmt.Errorf("unable to JSON-encode CFSSL signing request: %w", err)
119119
}
120120

121121
// Try each configured proxy URL. Return after the first success. If
@@ -187,14 +187,14 @@ func (eca *ExternalCA) CrossSignRootCA(ctx context.Context, rca RootCA) ([]byte,
187187
func makeExternalSignRequest(ctx context.Context, client *http.Client, url string, csrJSON []byte) (cert []byte, err error) {
188188
resp, err := ctxhttp.Post(ctx, client, url, "application/json", bytes.NewReader(csrJSON))
189189
if err != nil {
190-
return nil, recoverableErr{err: errors.Wrap(err, "unable to perform certificate signing request")}
190+
return nil, recoverableErr{err: fmt.Errorf("unable to perform certificate signing request: %w", err)}
191191
}
192192
defer resp.Body.Close()
193193

194194
b := io.LimitReader(resp.Body, CertificateMaxSize)
195195
body, err := io.ReadAll(b)
196196
if err != nil {
197-
return nil, recoverableErr{err: errors.Wrap(err, "unable to read CSR response body")}
197+
return nil, recoverableErr{err: fmt.Errorf("unable to read CSR response body: %w", err)}
198198
}
199199

200200
if resp.StatusCode != http.StatusOK {
@@ -204,7 +204,7 @@ func makeExternalSignRequest(ctx context.Context, client *http.Client, url strin
204204
var apiResponse api.Response
205205
if err := json.Unmarshal(body, &apiResponse); err != nil {
206206
log.G(ctx).Debugf("unable to JSON-parse CFSSL API response body: %s", string(body))
207-
return nil, recoverableErr{err: errors.Wrap(err, "unable to parse JSON response")}
207+
return nil, recoverableErr{err: fmt.Errorf("unable to parse JSON response: %w", err)}
208208
}
209209

210210
if !apiResponse.Success || apiResponse.Result == nil {

ca/keyreadwriter.go

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@ package ca
33
import (
44
"crypto/x509"
55
"encoding/pem"
6+
"fmt"
67
"os"
78
"path/filepath"
89
"strconv"
@@ -195,7 +196,7 @@ func (k *KeyReadWriter) Read() ([]byte, []byte, error) {
195196
if k.headersObj != nil {
196197
newHeaders, err := k.headersObj.UnmarshalHeaders(keyBlock.Headers, k.kekData)
197198
if err != nil {
198-
return nil, nil, errors.Wrap(err, "unable to read TLS key headers")
199+
return nil, nil, fmt.Errorf("unable to read TLS key headers: %w", err)
199200
}
200201
k.headersObj = newHeaders
201202
}

ca/reconciler.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -54,7 +54,7 @@ func IssuerFromAPIRootCA(rootCA *api.RootCA) (*IssuerInfo, error) {
5454
}
5555
issuerCerts, err := helpers.ParseCertificatesPEM(wantedIssuer)
5656
if err != nil {
57-
return nil, errors.Wrap(err, "invalid certificate in cluster root CA object")
57+
return nil, fmt.Errorf("invalid certificate in cluster root CA object: %w", err)
5858
}
5959
if len(issuerCerts) == 0 {
6060
return nil, errors.New("invalid certificate in cluster root CA object")
@@ -222,7 +222,7 @@ func (r *rootRotationReconciler) finishRootRotation(tx store.Tx, expectedRootCA
222222
updatedRootCA, err := NewRootCA(cluster.RootCA.RootRotation.CACert, signerCert, cluster.RootCA.RootRotation.CAKey,
223223
DefaultNodeCertExpiration, nil)
224224
if err != nil {
225-
return errors.Wrap(err, "invalid cluster root rotation object")
225+
return fmt.Errorf("invalid cluster root rotation object: %w", err)
226226
}
227227
cluster.RootCA = api.RootCA{
228228
CACert: cluster.RootCA.RootRotation.CACert,

ca/server.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -696,7 +696,7 @@ func (s *Server) UpdateRootCA(ctx context.Context, cluster *api.Cluster, reconci
696696
// Attempt to update our local RootCA with the new parameters
697697
updatedRootCA, err := RootCAFromAPI(rCA, expiry)
698698
if err != nil {
699-
return errors.Wrap(err, "invalid Root CA object in cluster")
699+
return fmt.Errorf("invalid Root CA object in cluster: %w", err)
700700
}
701701

702702
s.localRootCA = &updatedRootCA

ca/server_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -652,7 +652,7 @@ func (r *rootRotationTester) convergeRootCA(wantRootCA *api.RootCA, descr string
652652
require.NoError(r.t, r.tc.MemoryStore.Update(func(tx store.Tx) error {
653653
clusters, err := store.FindClusters(tx, store.All)
654654
if err != nil || len(clusters) != 1 {
655-
return errors.Wrap(err, "unable to find cluster")
655+
return fmt.Errorf("unable to find cluster: %w", err)
656656
}
657657
clusters[0].RootCA = *wantRootCA
658658
return store.UpdateCluster(tx, clusters[0])

ca/testutils/externalutils.go

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,6 @@ import (
1717
cfsslerrors "github.com/cloudflare/cfssl/errors"
1818
"github.com/cloudflare/cfssl/signer"
1919
"github.com/moby/swarmkit/v2/ca"
20-
"github.com/pkg/errors"
2120
)
2221

2322
var crossSignPolicy = config.SigningProfile{
@@ -56,7 +55,7 @@ func NewExternalSigningServer(rootCA ca.RootCA, basedir string) (*ExternalSignin
5655
}
5756
serverCert, _, err := rootCA.IssueAndSaveNewCertificates(ca.NewKeyReadWriter(serverPaths, nil, nil), serverCN, serverOU, "")
5857
if err != nil {
59-
return nil, errors.Wrap(err, "unable to get TLS server certificate")
58+
return nil, fmt.Errorf("unable to get TLS server certificate: %w", err)
6059
}
6160

6261
serverTLSConfig := &tls.Config{
@@ -67,7 +66,7 @@ func NewExternalSigningServer(rootCA ca.RootCA, basedir string) (*ExternalSignin
6766

6867
tlsListener, err := tls.Listen("tcp", "localhost:0", serverTLSConfig)
6968
if err != nil {
70-
return nil, errors.Wrap(err, "unable to create TLS connection listener")
69+
return nil, fmt.Errorf("unable to create TLS connection listener: %w", err)
7170
}
7271

7372
assignedPort := tlsListener.Addr().(*net.TCPAddr).Port

0 commit comments

Comments
 (0)