Upgrade dependencies

[Danielius1922]

Summary by CodeRabbit

• New Features

  • Added new linters and updated settings for code quality improvement.
  • Updated external dependencies to enhance functionality and compatibility.
  • Introduced error handling improvements across various services for better error management.
  • Enhanced device management with getter methods for consistent and safe access to device properties.

• Bug Fixes

  • Fixed inconsistencies in device ID access across tests and services.
  • Corrected parameter usage and function signatures in GRPC and HTTP services to align with best practices.
  • Improved resource management by ensuring proper closure of response bodies in HTTP tests.

• Refactor

  • Streamlined authentication functions for clarity and efficiency.
  • Simplified GRPC and HTTP service interfaces by removing unused parameters.
  • Updated error creation from fmt.Errorf to errors.New for more concise error handling.

• Chores

  • Updated Go version for compatibility and performance.
  • Removed unused import statements to clean up codebase.

[coderabbitai]

Walkthrough

This comprehensive update spans multiple areas, focusing on enhancing code quality, security, and maintainability. It includes updates to dependencies, the introduction of new linting rules, and improvements in error handling and code consistency. The changes aim to streamline development practices, enforce better coding standards, and ensure the project's components are up-to-date with the latest versions.

Changes

Files	Change Summary
.github/actions/cleanup-stale/action.yaml	Updated delete-untagged-ghcr-action from v3 to v4
.golangci.yml service/grpc/... service/http/... service/device/... service/config/config.go	Enhanced linters, updated Go version, improved error handling, code consistency with getters
dependency/googleapis	Updated commit hash
pb/get_configuration.go service/grpc/getConfiguration.go	Replaced direct field access with getter methods
service/grpc/clearCache.go service/grpc/clearCache_test.go ...	Adjusted function parameters, updated device ID access, simplified function signatures

Possibly related issues

• Dependency Dashboard hub#418: The updates to dependencies and the Go version in .golangci.yml align with the objectives of updating module versions and Docker tags.
• plgd-dev/device-provisioning-service#217: The updates in dependencies might address the objectives related to updating google.golang.org/grpc and google.golang.org/protobuf.

🐰✨📝
In fields of code, where linting rules dance,
Updates bloom, and errors stand no chance.
With getters set, and versions new,
A rabbit hops, leaving bugs few.
🌟🐾

• @coderabbitai

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

---

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger a review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/coderabbit-overrides.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[sonarqubecloud]

Quality Gate failed

Failed conditions
41.7% Coverage on New Code (required ≥ 75%)

See analysis details on SonarCloud

[coderabbitai]

Actionable comments posted: 56

Review Status

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between 0870d2c and 7d23f27.

Files ignored due to path filters (2)

• go.mod is excluded by !**/*.mod
• go.sum is excluded by !**/*.sum

Files selected for processing (45)

• .github/actions/cleanup-stale/action.yaml (1 hunks)
• .golangci.yml (3 hunks)
• dependency/googleapis (1 hunks)
• pb/get_configuration.go (2 hunks)
• service/config/config.go (3 hunks)
• service/device/authenticationPreSharedKey.go (3 hunks)
• service/device/authenticationX509.go (4 hunks)
• service/device/service.go (4 hunks)
• service/grpc/clearCache.go (1 hunks)
• service/grpc/clearCache_test.go (5 hunks)
• service/grpc/createDeleteResource_test.go (2 hunks)
• service/grpc/disownDevice.go (1 hunks)
• service/grpc/getConfiguration.go (1 hunks)
• service/grpc/getDeviceResourceLinks_test.go (1 hunks)
• service/grpc/getDevice_test.go (4 hunks)
• service/grpc/getDevices.go (7 hunks)
• service/grpc/getDevices_test.go (4 hunks)
• service/grpc/getIdentityCertificate.go (1 hunks)
• service/grpc/getJSONWebKeys.go (2 hunks)
• service/grpc/getResource_test.go (3 hunks)
• service/grpc/jsonWebKeyCache.go (2 hunks)
• service/grpc/onboardDevice.go (2 hunks)
• service/grpc/ownDevice.go (3 hunks)
• service/grpc/ownDevice_test.go (2 hunks)
• service/grpc/reset.go (1 hunks)
• service/grpc/server.go (1 hunks)
• service/grpc/service.go (2 hunks)
• service/grpc/updateJSONWebKeys.go (2 hunks)
• service/grpc/updateResource_test.go (4 hunks)
• service/http/clearCache_test.go (5 hunks)
• service/http/createDeleteResource_test.go (2 hunks)
• service/http/getDeviceResourceLinks_test.go (1 hunks)
• service/http/getDevice_test.go (2 hunks)
• service/http/getDevices_test.go (1 hunks)
• service/http/getJSONWebKeys_test.go (1 hunks)
• service/http/getResource_test.go (3 hunks)
• service/http/onboardDevice_test.go (4 hunks)
• service/http/ownDevice_test.go (5 hunks)
• service/http/pskInitialize_test.go (3 hunks)
• service/http/remoteInitialize_test.go (9 hunks)
• service/http/reset_test.go (1 hunks)
• service/http/service.go (2 hunks)
• service/http/updateResource_test.go (4 hunks)
• service/service.go (2 hunks)
• test/test.go (1 hunks)

Files skipped from review due to trivial changes (3)

• .github/actions/cleanup-stale/action.yaml
• dependency/googleapis
• test/test.go

Additional comments not posted (65)

service/grpc/disownDevice.go (1)

43-43: The change to use GetOwnershipStatus() method instead of direct field access is a good practice for encapsulation and ensures that any necessary logic associated with getting the ownership status is encapsulated within the method.

service/grpc/getConfiguration.go (1)

26-42: The use of getter methods and checks for nil values before accessing fields in the GetConfiguration method enhances the robustness and maintainability of the code. This approach prevents potential nil pointer dereferences and encapsulates the logic for accessing fields within their respective getter methods.

service/http/getJSONWebKeys_test.go (1)

41-52: The addition of deferred closure statements to ensure the response body is closed after HTTP requests is a good practice. It helps prevent resource leaks and is particularly important in a testing environment where many requests might be made.

service/grpc/createDeleteResource_test.go (1)

47-47: The replacement of dev.Id with dev.GetId() enhances encapsulation by using getter methods.

Also applies to: 53-53, 58-58, 67-67, 73-73, 78-78

service/http/reset_test.go (2)

40-42: Properly closing response bodies using deferred closures is a good practice for resource management.

Also applies to: 47-49

---

57-59: The updated assertions provide clearer validation of the expected state after a reset operation.

service/grpc/getDevice_test.go (1)

51-51: The replacement of dev.Id with dev.GetId() enhances encapsulation by using getter methods.

Also applies to: 57-57, 63-63, 72-72, 81-81, 90-90

service/http/createDeleteResource_test.go (1)

43-43: The replacement of dev.Id with dev.GetId() in HTTP requests is consistent with best practices for encapsulation.

Also applies to: 53-53, 60-60, 67-67, 73-73

service/grpc/getDeviceResourceLinks_test.go (1)

55-55: The replacement of dev.Id with dev.GetId() for the DeviceId field in request and response structs is a good practice for encapsulation.

Also applies to: 59-59

service/grpc/ownDevice_test.go (1)

44-44: The replacement of dev.Id with dev.GetId() for the DeviceId field in request structs is consistent with best practices for encapsulation.

Also applies to: 49-49, 54-54, 76-76, 81-81, 86-86

service/grpc/updateJSONWebKeys.go (1)

51-53: The error handling for retrieving the owner from a token has been improved for clarity and specificity.

service/device/authenticationPreSharedKey.go (4)

71-71: Consider adding a comment explaining the rationale behind supporting only 16-byte PSKs, as this could be important for future maintainers or users of the code.

---

80-80: Ensure that returning nil and errPreSharedKeyAuthentication in DialTLS is the intended behavior, as this effectively disables TLS dialing for pre-shared key authentication.

---

97-97: Add a comment explaining why GetIdentityCSR returns nil and errPreSharedKeyAuthentication, to clarify that CSR generation is not supported for PSK authentication.

---

101-101: Similarly, add a comment for SetIdentityCertificate to explain the decision to return errPreSharedKeyAuthentication, indicating that setting identity certificates is not supported for PSK authentication.

service/grpc/getDevices_test.go (3)

46-46: Replace require.NotEmpty(t, srv.Devices) with a more specific assertion that checks for the expected number of devices, enhancing the test's precision.

---

57-57: Consider adding error messages to the require.NoError(t, err) assertions to provide more context in case of test failures.

---

76-76: Validate the parsed URL from device.GetEndpoints()[0] to ensure it is well-formed and meets expectations.

service/http/clearCache_test.go (1)

64-64: Ensure that the HTTP status code is checked before reading the response body to avoid processing responses from failed requests.

service/grpc/updateResource_test.go (4)

59-59: Ensure that the test case "doxm update" includes assertions to verify the expected behavior of the UpdateResource call.

---

80-80: For the "device resource - fail" test case, consider adding a comment explaining why the permission is denied, enhancing the test's readability.

---

114-114: In the "unknown href" test case, add assertions to validate that the error message or status code matches the expected outcome for an unknown resource.

---

131-131: For the "permission denied - cannot establish TLS connection" test case, it would be helpful to include a setup step that ensures TLS connection establishment fails, to make the test more self-contained and understandable.

service/http/updateResource_test.go (4)

63-63: Add assertions to the "doxm update" test case to verify the response content and status code match the expected outcomes.

---

81-81: In the "device resource" test case, provide more context in the test name or add a comment explaining why the operation is expected to be forbidden.

---

103-103: For the "unknown href" test case, ensure that the test validates the specific error returned for accessing an unknown resource.

---

114-114: In the "forbidden - cannot establish TLS connection" test case, clarify the setup conditions that lead to the inability to establish a TLS connection.

service/service.go (2)

55-56: Confirm that the removal of the ctx parameter from newGrpcService does not impact any asynchronous operations or cleanup tasks that might have relied on it.

---

118-118: Ensure that all calls to newGrpcService have been updated to reflect the change in its function signature.

Verification successful

---

The verification process has confirmed that all calls to newGrpcService within the codebase have been updated to reflect the change in its function signature. There are no outdated calls or discrepancies found in the provided context.

Scripts Executed

The following scripts were executed for the analysis:

---

Script:

#!/bin/bash
# Search for any outdated calls to newGrpcService with a context parameter.
rg --type go 'newGrpcService\('

Length of output: 384

pb/get_configuration.go (2)

38-38: Ensure that the getter method GetCsrChallengeStateExpiration is implemented and correctly returns the expected value.

---

105-105: Similarly, verify that GetRemoteProvisioning correctly retrieves the RemoteProvisioning instance, especially in cases where it might be nil.

service/http/onboardDevice_test.go (6)

65-65: Ensure that the GetId() method is implemented and correctly returns the device ID.

---

83-83: Verify that GetId() correctly retrieves the device ID and does not introduce any side effects.

---

143-147: Confirm that GetId() is used consistently throughout the codebase for accessing device IDs.

---

152-152: Double-check that GetId() provides the expected device ID in this context.

---

155-155: Ensure that GetId() method accurately fetches the device ID for the offboarding process.

---

162-162: Confirm the correctness and consistency of using GetId() for device identification in disowning operations.

service/http/service.go (1)

129-136: > 📝 NOTE

This review was outside the diff hunks, and no overlapping diff hunk was found. Original lines [140-140]

Be cautious when crafting HTTP redirects with user input to avoid open redirect vulnerabilities. Ensure that the redirect URL is validated against an allowlist or that user input is sanitized.

service/http/ownDevice_test.go (6)

57-57: Ensure that the GetId() method is implemented and correctly returns the device ID.

---

169-169: Verify that GetId() correctly retrieves the device ID and does not introduce any side effects.

---

183-183: Confirm that GetId() is used consistently throughout the codebase for accessing device IDs.

---

194-194: Double-check that GetId() provides the expected device ID in this context.

---

204-204: Ensure that GetId() method accurately fetches the device ID for the offboarding process.

---

212-212: Confirm the correctness and consistency of using GetId() for device identification in disowning operations.

.golangci.yml (4)

9-12: Adding govet settings for nilness and shadow enhances code quality by catching potential issues early.

---

55-129: > 📝 NOTE

This review was outside the diff hunks and was mapped to the diff hunk with the greatest overlap. Original lines [25-96]

Adding new linters and modifying existing ones broadens the scope of code quality checks, contributing to a more robust and error-free codebase.

---

138-147: Customizing excluded directories and rules for linters is a thoughtful approach to managing linting noise and focusing efforts where they are most beneficial.

---

150-150: Updating the Go version to "1.20" aligns with the objective of leveraging the latest language features and improvements.

service/http/remoteInitialize_test.go (12)

65-67: Using defer statements for closing response bodies is a best practice that helps prevent resource leaks.

---

81-83: Properly closing response bodies using defer statements enhances resource management and prevents leaks.

---

98-100: Employing defer statements to ensure response bodies are closed is crucial for effective resource management.

---

114-116: The addition of defer statements for closing response bodies is a good practice for managing resources efficiently.

---

121-123: Utilizing defer statements to close response bodies after HTTP requests is a commendable practice for resource conservation.

---

199-201: Incorporating defer statements for closing response bodies in tests is a best practice that aids in preventing resource leaks.

---

215-217: The use of defer statements to close response bodies after HTTP requests is a good practice for efficient resource management.

---

232-234: Adding defer statements to ensure response bodies are closed is crucial for effective resource management in tests.

---

243-245: Employing defer statements for closing response bodies in test functions is commendable for managing resources efficiently.

---

254-256: Utilizing defer statements to close response bodies after HTTP requests in tests is a good practice for resource conservation.

---

261-263: The addition of defer statements for closing response bodies in test functions is a best practice for resource management.

---

272-274: Incorporating defer statements to ensure response bodies are closed in tests aligns with best practices for preventing resource leaks.

service/device/service.go (2)

90-90: Replacing fmt.Errorf with errors.New is appropriate for simple error messages without formatting directives.

---

200-211: > 📝 NOTE

This review was outside the diff hunks and was mapped to the diff hunk with the greatest overlap. Original lines [186-208]

The replacement of fmt.Errorf with errors.New is correctly applied for simple error messages. Ensure consistency in error handling practices across the project.

service/grpc/getDevices.go (3)

175-175: Replacing fmt.Errorf with errors.New is appropriate for simple error messages without formatting directives.

---

260-260: The replacement of fmt.Errorf with errors.New for simple error messages is correctly applied.

---

563-563: The use of getter methods (GetUseCache, GetUseMulticast, GetUseEndpoints) instead of direct field access is a good practice for encapsulation and null safety.

Also applies to: 606-606