Merge pull request #1837 from flant/bump-golangci-lint-and-fix-some-linters

fix: Bump golangci-lint version and fix some linter's problems
2020-10-18 16:05:57 +02:00 · 2020-10-18 16:05:57 +02:00 · c82d21b155
commit c82d21b155
parent 28b2350cd2 1d83e4749d
23 changed files with 195 additions and 175 deletions
--- a/.golangci.yml
+++ b/.golangci.yml
@ -8,27 +8,38 @@ linters-settings:
    local-prefixes: github.com/dexidp/dex

 linters:
-    enable-all: true
-    disable:
-        - funlen
-        - maligned
-        - wsl
-
-        # TODO: fix me
-        - unparam
-        - golint
-        - goconst
-        - staticcheck
-        - nakedret
-        - errcheck
-        - gosec
+  disable-all: true
+  enable:
+  - bodyclose
+  - deadcode
+  - depguard
+  - dogsled
  - gochecknoinits
-        - gochecknoglobals
-        - prealloc
-        - scopelint
-        - lll
-        - dupl
+  - gofmt
+  - goimports
+  - golint
+  - gosimple
  - gocritic
-        - gocyclo
-        - gocognit
-        - godox
+  - govet
+  - ineffassign
+  - interfacer
+  - misspell
+  - nakedret
+  - staticcheck
+  - structcheck
+  - stylecheck
+  - typecheck
+  - unconvert
+  - unused
+  - varcheck
+  - whitespace
+
+  # TODO: fix linter errors before enabling
+  # - unparam
+  # - scopelint
+  # - gosec
+  # - gocyclo
+  # - lll
+  # - goconst
+  # - errcheck
+  # - dupl
--- a/2
+++ b/2
@ -18,7 +18,7 @@ export GOBIN=$(PWD)/bin
 LD_FLAGS="-w -X $(REPO_PATH)/version.Version=$(VERSION)"

 # Dependency versions
-GOLANGCI_VERSION = 1.21.0
+GOLANGCI_VERSION = 1.31.0

 build: bin/dex

--- a/connector/atlassiancrowd/atlassiancrowd.go
+++ b/connector/atlassiancrowd/atlassiancrowd.go
@ -111,7 +111,7 @@ func (c *crowdConnector) Login(ctx context.Context, s connector.Scopes, username

 	// We want to return a different error if the user's password is incorrect vs
 	// if there was an error.
-	incorrectPass := false
+	var incorrectPass bool
 	var user crowdUser

 	client := c.crowdAPIClient()
--- a/connector/authproxy/authproxy.go
+++ b/connector/authproxy/authproxy.go
@ -34,7 +34,7 @@ func (m *callback) LoginURL(s connector.Scopes, callbackURL, state string) (stri
 	if err != nil {
 		return "", fmt.Errorf("failed to parse callbackURL %q: %v", callbackURL, err)
 	}
-	u.Path = u.Path + m.pathSuffix
+	u.Path += m.pathSuffix
 	v := u.Query()
 	v.Set("state", state)
 	u.RawQuery = v.Encode()
--- a/connector/github/github.go
+++ b/connector/github/github.go
@ -334,11 +334,12 @@ func (c *githubConnector) Refresh(ctx context.Context, s connector.Scopes, ident

 // getGroups retrieves GitHub orgs and teams a user is in, if any.
 func (c *githubConnector) getGroups(ctx context.Context, client *http.Client, groupScope bool, userLogin string) ([]string, error) {
-	if len(c.orgs) > 0 {
+	switch {
+	case len(c.orgs) > 0:
 		return c.groupsForOrgs(ctx, client, userLogin)
-	} else if c.org != "" {
+	case c.org != "":
 		return c.teamsForOrg(ctx, client, c.org)
-	} else if groupScope && c.loadAllGroups {
+	case groupScope && c.loadAllGroups:
 		return c.userGroups(ctx, client)
 	}
 	return nil, nil
--- a/connector/google/google.go
+++ b/connector/google/google.go
@ -13,6 +13,7 @@ import (
 	"golang.org/x/oauth2"
 	"golang.org/x/oauth2/google"
 	admin "google.golang.org/api/admin/directory/v1"
+	"google.golang.org/api/option"

 	"github.com/dexidp/dex/connector"
 	pkg_groups "github.com/dexidp/dex/pkg/groups"
@ -289,7 +290,7 @@ func createDirectoryService(serviceAccountFilePath string, email string) (*admin
 	ctx := context.Background()
 	client := config.Client(ctx)

-	srv, err := admin.New(client)
+	srv, err := admin.NewService(ctx, option.WithHTTPClient(client))
 	if err != nil {
 		return nil, fmt.Errorf("unable to create directory service %v", err)
 	}
--- a/connector/ldap/ldap.go
+++ b/connector/ldap/ldap.go
@ -56,6 +56,7 @@ import (
 //         nameAttr: name
 //

+// UserMatcher holds information about user and group matching.
 type UserMatcher struct {
 	UserAttr  string `json:"userAttr"`
 	GroupAttr string `json:"groupAttr"`
@ -187,7 +188,7 @@ func parseScope(s string) (int, bool) {
 // See "Config.GroupSearch.UserMatchers" comments for the details
 func (c *ldapConnector) userMatchers() []UserMatcher {
 	if len(c.GroupSearch.UserMatchers) > 0 && c.GroupSearch.UserMatchers[0].UserAttr != "" {
-		return c.GroupSearch.UserMatchers[:]
+		return c.GroupSearch.UserMatchers
 	}

 	return []UserMatcher{
@ -244,9 +245,9 @@ func (c *Config) openConnector(logger log.Logger) (*ldapConnector, error) {
 	if host, _, err = net.SplitHostPort(c.Host); err != nil {
 		host = c.Host
 		if c.InsecureNoSSL {
-			c.Host = c.Host + ":389"
+			c.Host += ":389"
 		} else {
-			c.Host = c.Host + ":636"
+			c.Host += ":636"
 		}
 	}

@ -303,7 +304,7 @@ var (
 // do initializes a connection to the LDAP directory and passes it to the
 // provided function. It then performs appropriate teardown or reuse before
 // returning.
-func (c *ldapConnector) do(ctx context.Context, f func(c *ldap.Conn) error) error {
+func (c *ldapConnector) do(_ context.Context, f func(c *ldap.Conn) error) error {
 	// TODO(ericchiang): support context here
 	var (
 		conn *ldap.Conn
--- a/connector/saml/saml.go
+++ b/connector/saml/saml.go
@ -11,6 +11,7 @@ import (
 	"fmt"
 	"io/ioutil"
 	"strings"
+	"sync"
 	"time"

 	"github.com/beevik/etree"
@ -60,20 +61,9 @@ var (
 		nameIDformatTransient,
 	}
 	nameIDFormatLookup = make(map[string]string)
-)

-func init() {
-	suffix := func(s, sep string) string {
-		if i := strings.LastIndex(s, sep); i > 0 {
-			return s[i+1:]
-		}
-		return s
-	}
-	for _, format := range nameIDFormats {
-		nameIDFormatLookup[suffix(format, ":")] = format
-		nameIDFormatLookup[format] = format
-	}
-}
+	lookupOnce sync.Once
+)

 // Config represents configuration options for the SAML provider.
 type Config struct {
@ -176,6 +166,19 @@ func (c *Config) openConnector(logger log.Logger) (*provider, error) {
 	if p.nameIDPolicyFormat == "" {
 		p.nameIDPolicyFormat = nameIDFormatPersistent
 	} else {
+		lookupOnce.Do(func() {
+			suffix := func(s, sep string) string {
+				if i := strings.LastIndex(s, sep); i > 0 {
+					return s[i+1:]
+				}
+				return s
+			}
+			for _, format := range nameIDFormats {
+				nameIDFormatLookup[suffix(format, ":")] = format
+				nameIDFormatLookup[format] = format
+			}
+		})
+
 		if format, ok := nameIDFormatLookup[p.nameIDPolicyFormat]; ok {
 			p.nameIDPolicyFormat = format
 		} else {
@ -364,7 +367,7 @@ func (p *provider) HandlePOST(s connector.Scopes, samlResponse, inResponseTo str
 	switch {
 	case subject.NameID != nil:
 		if ident.UserID = subject.NameID.Value; ident.UserID == "" {
-			return ident, fmt.Errorf("NameID element does not contain a value")
+			return ident, fmt.Errorf("element NameID does not contain a value")
 		}
 	default:
 		return ident, fmt.Errorf("subject does not contain an NameID element")
@ -488,7 +491,7 @@ func (p *provider) validateSubject(subject *subject, inResponseTo string) error

 			data := c.SubjectConfirmationData
 			if data == nil {
-				return fmt.Errorf("SubjectConfirmation contained no SubjectConfirmationData")
+				return fmt.Errorf("no SubjectConfirmationData field found in SubjectConfirmation")
 			}
 			if data.InResponseTo != inResponseTo {
 				return fmt.Errorf("expected SubjectConfirmationData InResponseTo value %q, got %q", inResponseTo, data.InResponseTo)
--- a/server/deviceflowhandlers_test.go
+++ b/server/deviceflowhandlers_test.go
@ -24,7 +24,7 @@ func TestDeviceVerificationURI(t *testing.T) {
 	defer cancel()
 	// Setup a dex server.
 	httpServer, s := newTestServer(ctx, t, func(c *Config) {
-		c.Issuer = c.Issuer + "/non-root-path"
+		c.Issuer += "/non-root-path"
 		c.Now = now
 	})
 	defer httpServer.Close()
@ -76,7 +76,7 @@ func TestHandleDeviceCode(t *testing.T) {

 			// Setup a dex server.
 			httpServer, s := newTestServer(ctx, t, func(c *Config) {
-				c.Issuer = c.Issuer + "/non-root-path"
+				c.Issuer += "/non-root-path"
 				c.Now = now
 			})
 			defer httpServer.Close()
@ -506,7 +506,7 @@ func TestDeviceTokenResponse(t *testing.T) {

 			// Setup a dex server.
 			httpServer, s := newTestServer(ctx, t, func(c *Config) {
-				c.Issuer = c.Issuer + "/non-root-path"
+				c.Issuer += "/non-root-path"
 				c.Now = now
 			})
 			defer httpServer.Close()
@ -546,7 +546,7 @@ func TestDeviceTokenResponse(t *testing.T) {
 				t.Errorf("Could read token response %v", err)
 			}
 			if tc.expectedResponseCode == http.StatusBadRequest || tc.expectedResponseCode == http.StatusUnauthorized {
-				expectJsonErrorResponse(tc.testName, body, tc.expectedServerResponse, t)
+				expectJSONErrorResponse(tc.testName, body, tc.expectedServerResponse, t)
 			} else if string(body) != tc.expectedServerResponse {
 				t.Errorf("Unexpected Server Response.  Expected %v got %v", tc.expectedServerResponse, string(body))
 			}
@ -554,7 +554,7 @@ func TestDeviceTokenResponse(t *testing.T) {
 	}
 }

-func expectJsonErrorResponse(testCase string, body []byte, expectedError string, t *testing.T) {
+func expectJSONErrorResponse(testCase string, body []byte, expectedError string, t *testing.T) {
 	jsonMap := make(map[string]interface{})
 	err := json.Unmarshal(body, &jsonMap)
 	if err != nil {
@ -637,7 +637,7 @@ func TestVerifyCodeResponse(t *testing.T) {

 			// Setup a dex server.
 			httpServer, s := newTestServer(ctx, t, func(c *Config) {
-				c.Issuer = c.Issuer + "/non-root-path"
+				c.Issuer += "/non-root-path"
 				c.Now = now
 			})
 			defer httpServer.Close()
--- a/server/handlers.go
+++ b/server/handlers.go
@ -274,7 +274,7 @@ func (s *Server) handleAuthorization(w http.ResponseWriter, r *http.Request) {
 		}
 	}

-	if err := s.templates.login(r, w, connectorInfos, r.URL.Path); err != nil {
+	if err := s.templates.login(r, w, connectorInfos); err != nil {
 		s.logger.Errorf("Server template error: %v", err)
 	}
 }
@ -335,7 +335,7 @@ func (s *Server) handleConnectorLogin(w http.ResponseWriter, r *http.Request) {
 			}
 			http.Redirect(w, r, callbackURL, http.StatusFound)
 		case connector.PasswordConnector:
-			if err := s.templates.password(r, w, r.URL.String(), "", usernamePrompt(conn), false, showBacklink, r.URL.Path); err != nil {
+			if err := s.templates.password(r, w, r.URL.String(), "", usernamePrompt(conn), false, showBacklink); err != nil {
 				s.logger.Errorf("Server template error: %v", err)
 			}
 		case connector.SAMLConnector:
@ -383,7 +383,7 @@ func (s *Server) handleConnectorLogin(w http.ResponseWriter, r *http.Request) {
 			return
 		}
 		if !ok {
-			if err := s.templates.password(r, w, r.URL.String(), username, usernamePrompt(passwordConnector), true, showBacklink, r.URL.Path); err != nil {
+			if err := s.templates.password(r, w, r.URL.String(), username, usernamePrompt(passwordConnector), true, showBacklink); err != nil {
 				s.logger.Errorf("Server template error: %v", err)
 			}
 			return
@ -505,7 +505,7 @@ func (s *Server) finalizeLogin(identity connector.Identity, authReq storage.Auth

 	email := claims.Email
 	if !claims.EmailVerified {
-		email = email + " (unverified)"
+		email += " (unverified)"
 	}

 	s.logger.Infof("login successful: connector %q, username=%q, preferred_username=%q, email=%q, groups=%q",
@ -518,7 +518,8 @@ func (s *Server) finalizeLogin(identity connector.Identity, authReq storage.Auth
 	}

 	// Try to retrieve an existing OfflineSession object for the corresponding user.
-	if session, err := s.storage.GetOfflineSessions(identity.UserID, authReq.ConnectorID); err != nil {
+	session, err := s.storage.GetOfflineSessions(identity.UserID, authReq.ConnectorID)
+	if err != nil {
 		if err != storage.ErrNotFound {
 			s.logger.Errorf("failed to get offline session: %v", err)
 			return "", err
@ -536,7 +537,10 @@ func (s *Server) finalizeLogin(identity connector.Identity, authReq storage.Auth
 			s.logger.Errorf("failed to create offline session: %v", err)
 			return "", err
 		}
-	} else {
+
+		return returnURL, nil
+	}
+
 	// Update existing OfflineSession obj with new RefreshTokenRef.
 	if err := s.storage.UpdateOfflineSessions(session.UserID, session.ConnID, func(old storage.OfflineSessions) (storage.OfflineSessions, error) {
 		if len(identity.ConnectorData) > 0 {
@ -547,7 +551,6 @@ func (s *Server) finalizeLogin(identity connector.Identity, authReq storage.Auth
 		s.logger.Errorf("failed to update offline session: %v", err)
 		return "", err
 	}
-	}

 	return returnURL, nil
 }
@ -577,7 +580,7 @@ func (s *Server) handleApproval(w http.ResponseWriter, r *http.Request) {
 			s.renderError(r, w, http.StatusInternalServerError, "Failed to retrieve client.")
 			return
 		}
-		if err := s.templates.approval(r, w, authReq.ID, authReq.Claims.Username, client.Name, authReq.Scopes, r.URL.Path); err != nil {
+		if err := s.templates.approval(r, w, authReq.ID, authReq.Claims.Username, client.Name, authReq.Scopes); err != nil {
 			s.logger.Errorf("Server template error: %v", err)
 		}
 	case http.MethodPost:
@ -650,7 +653,7 @@ func (s *Server) sendCodeResponse(w http.ResponseWriter, r *http.Request, authRe
 			// Implicit and hybrid flows that try to use the OOB redirect URI are
 			// rejected earlier. If we got here we're using the code flow.
 			if authReq.RedirectURI == redirectURIOOB {
-				if err := s.templates.oob(r, w, code.ID, r.URL.Path); err != nil {
+				if err := s.templates.oob(r, w, code.ID); err != nil {
 					s.logger.Errorf("Server template error: %v", err)
 				}
 				return
@ -1017,15 +1020,18 @@ func (s *Server) handleRefreshToken(w http.ResponseWriter, r *http.Request, clie
 	}

 	var connectorData []byte
-	if session, err := s.storage.GetOfflineSessions(refresh.Claims.UserID, refresh.ConnectorID); err != nil {
+
+	session, err := s.storage.GetOfflineSessions(refresh.Claims.UserID, refresh.ConnectorID)
+	switch {
+	case err != nil:
 		if err != storage.ErrNotFound {
 			s.logger.Errorf("failed to get offline session: %v", err)
 			return
 		}
-	} else if len(refresh.ConnectorData) > 0 {
+	case len(refresh.ConnectorData) > 0:
 		// Use the old connector data if it exists, should be deleted once used
 		connectorData = refresh.ConnectorData
-	} else {
+	default:
 		connectorData = session.ConnectorData
 	}

--- a/server/server.go
+++ b/server/server.go
@ -305,7 +305,7 @@ func newServer(ctx context.Context, c Config, rotationStrategy rotationStrategy)
 		}
 		r.Handle(path.Join(issuerURL.Path, p), instrumentHandlerCounter(p, handler))
 	}
-	r.NotFoundHandler = http.HandlerFunc(http.NotFound)
+	r.NotFoundHandler = http.NotFoundHandler()

 	discoveryHandler, err := s.discoveryHandler()
 	if err != nil {
--- a/server/server_test.go
+++ b/server/server_test.go
@ -177,7 +177,7 @@ func TestDiscovery(t *testing.T) {
 	defer cancel()

 	httpServer, _ := newTestServer(ctx, t, func(c *Config) {
-		c.Issuer = c.Issuer + "/non-root-path"
+		c.Issuer += "/non-root-path"
 	})
 	defer httpServer.Close()

@ -504,7 +504,7 @@ func TestOAuth2CodeFlow(t *testing.T) {

 			// Setup a dex server.
 			httpServer, s := newTestServer(ctx, t, func(c *Config) {
-				c.Issuer = c.Issuer + "/non-root-path"
+				c.Issuer += "/non-root-path"
 				c.Now = now
 				c.IDTokensValidFor = idTokensValidFor
 			})
@ -766,7 +766,7 @@ func TestCrossClientScopes(t *testing.T) {
 	defer cancel()

 	httpServer, s := newTestServer(ctx, t, func(c *Config) {
-		c.Issuer = c.Issuer + "/non-root-path"
+		c.Issuer += "/non-root-path"
 	})
 	defer httpServer.Close()

@ -889,7 +889,7 @@ func TestCrossClientScopesWithAzpInAudienceByDefault(t *testing.T) {
 	defer cancel()

 	httpServer, s := newTestServer(ctx, t, func(c *Config) {
-		c.Issuer = c.Issuer + "/non-root-path"
+		c.Issuer += "/non-root-path"
 	})
 	defer httpServer.Close()

@ -1180,7 +1180,7 @@ type oauth2Client struct {
 // that only valid refresh tokens can be used to refresh an expired token.
 func TestRefreshTokenFlow(t *testing.T) {
 	state := "state"
-	now := func() time.Time { return time.Now() }
+	now := time.Now
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()

@ -1300,7 +1300,7 @@ func TestOAuth2DeviceFlow(t *testing.T) {

 			// Setup a dex server.
 			httpServer, s := newTestServer(ctx, t, func(c *Config) {
-				c.Issuer = c.Issuer + "/non-root-path"
+				c.Issuer += "/non-root-path"
 				c.Now = now
 				c.IDTokensValidFor = idTokensValidFor
 			})
--- a/server/templates.go
+++ b/server/templates.go
@ -78,7 +78,7 @@ func dirExists(dir string) error {
 //    |  |- (theme name)
 //    |- templates
 //
-func loadWebConfig(c webConfig) (static, theme http.Handler, templates *templates, err error) {
+func loadWebConfig(c webConfig) (http.Handler, http.Handler, *templates, error) {
 	if c.theme == "" {
 		c.theme = "coreos"
 	}
@ -106,11 +106,11 @@ func loadWebConfig(c webConfig) (static, theme http.Handler, templates *template
 		}
 	}

-	static = http.FileServer(http.Dir(staticDir))
-	theme = http.FileServer(http.Dir(themeDir))
+	static := http.FileServer(http.Dir(staticDir))
+	theme := http.FileServer(http.Dir(themeDir))

-	templates, err = loadTemplates(c, templatesDir)
-	return
+	templates, err := loadTemplates(c, templatesDir)
+	return static, theme, templates, err
 }

 // loadTemplates parses the expected templates from the provided directory.
@ -219,8 +219,7 @@ func relativeURL(serverPath, reqPath, assetPath string) string {
 	server, req, asset := splitPath(serverPath), splitPath(reqPath), splitPath(assetPath)

 	// Remove common prefix of request path with server path
-	// nolint: ineffassign
-	server, req = stripCommonParts(server, req)
+	_, req = stripCommonParts(server, req)

 	// Remove common prefix of request path with asset path
 	asset, req = stripCommonParts(asset, req)
@ -276,7 +275,7 @@ func (t *templates) deviceSuccess(r *http.Request, w http.ResponseWriter, client
 	return renderTemplate(w, t.deviceSuccessTmpl, data)
 }

-func (t *templates) login(r *http.Request, w http.ResponseWriter, connectors []connectorInfo, reqPath string) error {
+func (t *templates) login(r *http.Request, w http.ResponseWriter, connectors []connectorInfo) error {
 	sort.Sort(byName(connectors))
 	data := struct {
 		Connectors []connectorInfo
@ -285,7 +284,7 @@ func (t *templates) login(r *http.Request, w http.ResponseWriter, connectors []c
 	return renderTemplate(w, t.loginTmpl, data)
 }

-func (t *templates) password(r *http.Request, w http.ResponseWriter, postURL, lastUsername, usernamePrompt string, lastWasInvalid, showBacklink bool, reqPath string) error {
+func (t *templates) password(r *http.Request, w http.ResponseWriter, postURL, lastUsername, usernamePrompt string, lastWasInvalid, showBacklink bool) error {
 	data := struct {
 		PostURL        string
 		BackLink       bool
@ -297,7 +296,7 @@ func (t *templates) password(r *http.Request, w http.ResponseWriter, postURL, la
 	return renderTemplate(w, t.passwordTmpl, data)
 }

-func (t *templates) approval(r *http.Request, w http.ResponseWriter, authReqID, username, clientName string, scopes []string, reqPath string) error {
+func (t *templates) approval(r *http.Request, w http.ResponseWriter, authReqID, username, clientName string, scopes []string) error {
 	accesses := []string{}
 	for _, scope := range scopes {
 		access, ok := scopeDescriptions[scope]
@ -316,7 +315,7 @@ func (t *templates) approval(r *http.Request, w http.ResponseWriter, authReqID,
 	return renderTemplate(w, t.approvalTmpl, data)
 }

-func (t *templates) oob(r *http.Request, w http.ResponseWriter, code string, reqPath string) error {
+func (t *templates) oob(r *http.Request, w http.ResponseWriter, code string) error {
 	data := struct {
 		Code    string
 		ReqPath string
@ -332,7 +331,7 @@ func (t *templates) err(r *http.Request, w http.ResponseWriter, errCode int, err
 		ReqPath string
 	}{http.StatusText(errCode), errMsg, r.URL.Path}
 	if err := t.errorTmpl.Execute(w, data); err != nil {
-		return fmt.Errorf("Error rendering template %s: %s", t.errorTmpl.Name(), err)
+		return fmt.Errorf("rendering template %s failed: %s", t.errorTmpl.Name(), err)
 	}
 	return nil
 }
@ -355,7 +354,7 @@ func renderTemplate(w http.ResponseWriter, tmpl *template.Template, data interfa
 			// TODO(ericchiang): replace with better internal server error.
 			http.Error(w, "Internal server error", http.StatusInternalServerError)
 		}
-		return fmt.Errorf("Error rendering template %s: %s", tmpl.Name(), err)
+		return fmt.Errorf("rendering template %s failed: %s", tmpl.Name(), err)
 	}
 	return nil
 }
--- a/storage/conformance/conformance.go
+++ b/storage/conformance/conformance.go
@ -763,11 +763,9 @@ func testGC(t *testing.T, s storage.Storage) {
 		result, err := s.GarbageCollect(expiry.Add(-time.Hour).In(tz))
 		if err != nil {
 			t.Errorf("garbage collection failed: %v", err)
-		} else {
-			if result.AuthCodes != 0 || result.AuthRequests != 0 {
+		} else if result.AuthCodes != 0 || result.AuthRequests != 0 {
 			t.Errorf("expected no garbage collection results, got %#v", result)
 		}
-		}
 		if _, err := s.GetAuthCode(c.ID); err != nil {
 			t.Errorf("expected to be able to get auth code after GC: %v", err)
 		}
@ -815,11 +813,9 @@ func testGC(t *testing.T, s storage.Storage) {
 		result, err := s.GarbageCollect(expiry.Add(-time.Hour).In(tz))
 		if err != nil {
 			t.Errorf("garbage collection failed: %v", err)
-		} else {
-			if result.AuthCodes != 0 || result.AuthRequests != 0 {
+		} else if result.AuthCodes != 0 || result.AuthRequests != 0 {
 			t.Errorf("expected no garbage collection results, got %#v", result)
 		}
-		}
 		if _, err := s.GetAuthRequest(a.ID); err != nil {
 			t.Errorf("expected to be able to get auth request after GC: %v", err)
 		}
@ -859,11 +855,9 @@ func testGC(t *testing.T, s storage.Storage) {
 		result, err := s.GarbageCollect(expiry.Add(-time.Hour).In(tz))
 		if err != nil {
 			t.Errorf("garbage collection failed: %v", err)
-		} else {
-			if result.DeviceRequests != 0 {
+		} else if result.DeviceRequests != 0 {
 			t.Errorf("expected no device garbage collection results, got %#v", result)
 		}
-		}
 		if _, err := s.GetDeviceRequest(d.UserCode); err != nil {
 			t.Errorf("expected to be able to get auth request after GC: %v", err)
 		}
@ -897,11 +891,9 @@ func testGC(t *testing.T, s storage.Storage) {
 		result, err := s.GarbageCollect(expiry.Add(-time.Hour).In(tz))
 		if err != nil {
 			t.Errorf("garbage collection failed: %v", err)
-		} else {
-			if result.DeviceTokens != 0 {
+		} else if result.DeviceTokens != 0 {
 			t.Errorf("expected no device token garbage collection results, got %#v", result)
 		}
-		}
 		if _, err := s.GetDeviceToken(dt.DeviceCode); err != nil {
 			t.Errorf("expected to be able to get device token after GC: %v", err)
 		}
--- a/storage/kubernetes/k8sapi/client.go
+++ b/storage/kubernetes/k8sapi/client.go
@ -24,7 +24,7 @@ type Config struct {
 	// Legacy field from pkg/api/types.go TypeMeta.
 	// TODO(jlowdermilk): remove this after eliminating downstream dependencies.
 	Kind string `json:"kind,omitempty"`
-	// DEPRECATED: APIVersion is the preferred api version for communicating with the kubernetes cluster (v1, v2, etc).
+	// Deprecated: APIVersion is the preferred api version for communicating with the kubernetes cluster (v1, v2, etc).
 	// Because a cluster can run multiple API groups and potentially multiple versions of each, it no longer makes sense to specify
 	// a single value for the cluster version.
 	// This field isn't really needed anyway, so we are deprecating it without replacement.
--- a/storage/kubernetes/types.go
+++ b/storage/kubernetes/types.go
@ -679,7 +679,7 @@ type DeviceRequest struct {
 	Expiry       time.Time `json:"expiry"`
 }

-// AuthRequestList is a list of AuthRequests.
+// DeviceRequestList is a list of DeviceRequests.
 type DeviceRequestList struct {
 	k8sapi.TypeMeta `json:",inline"`
 	k8sapi.ListMeta `json:"metadata,omitempty"`
--- a/storage/sql/config.go
+++ b/storage/sql/config.go
@ -289,16 +289,19 @@ func (s *MySQL) open(logger log.Logger) (*conn, error) {
 			cfg.Addr = s.Host
 		}
 	}
-	if s.SSL.CAFile != "" || s.SSL.CertFile != "" || s.SSL.KeyFile != "" {
+
+	switch {
+	case s.SSL.CAFile != "" || s.SSL.CertFile != "" || s.SSL.KeyFile != "":
 		if err := s.makeTLSConfig(); err != nil {
 			return nil, fmt.Errorf("failed to make TLS config: %v", err)
 		}
 		cfg.TLSConfig = mysqlSSLCustom
-	} else if s.SSL.Mode == "" {
+	case s.SSL.Mode == "":
 		cfg.TLSConfig = mysqlSSLTrue
-	} else {
+	default:
 		cfg.TLSConfig = s.SSL.Mode
 	}
+
 	for k, v := range s.params {
 		cfg.Params[k] = v
 	}
--- a/storage/sql/crud.go
+++ b/storage/sql/crud.go
@ -84,7 +84,9 @@ type scanner interface {
 	Scan(dest ...interface{}) error
 }

-func (c *conn) GarbageCollect(now time.Time) (result storage.GCResult, err error) {
+func (c *conn) GarbageCollect(now time.Time) (storage.GCResult, error) {
+	result := storage.GCResult{}
+
 	r, err := c.Exec(`delete from auth_request where expiry < $1`, now)
 	if err != nil {
 		return result, fmt.Errorf("gc auth_request: %v", err)
@ -117,7 +119,7 @@ func (c *conn) GarbageCollect(now time.Time) (result storage.GCResult, err error
 		result.DeviceTokens = n
 	}

-	return
+	return result, err
 }

 func (c *conn) CreateAuthRequest(a storage.AuthRequest) error {
--- a/storage/storage.go
+++ b/storage/storage.go
@ -401,6 +401,7 @@ type DeviceRequest struct {
 	Expiry time.Time
 }

+// DeviceToken is a structure which represents the actual token of an authorized device and its rotation parameters
 type DeviceToken struct {
 	DeviceCode          string
 	Status              string