diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 90ec8adcd0c2..e57ec7351362 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -85,7 +85,7 @@ jobs: name: Install node deps - name: Run golangci-lint if: ${{ github.ref_type != 'tag' }} - uses: golangci/golangci-lint-action@v8 + uses: golangci/golangci-lint-action@v9 env: GOGC: 100 with: diff --git a/driver/config/config.go b/driver/config/config.go index f7208215424d..06fe6b4410e9 100644 --- a/driver/config/config.go +++ b/driver/config/config.go @@ -26,7 +26,6 @@ import ( "github.com/pkg/errors" "github.com/rs/cors" "github.com/stretchr/testify/require" - "go.opentelemetry.io/otel/trace/noop" "golang.org/x/net/publicsuffix" "github.com/ory/kratos/x" @@ -451,10 +450,6 @@ func (p *Config) validateIdentitySchemas(ctx context.Context) error { httpx.ResilientClientWithLogger(p.l), httpx.ResilientClientWithMaxRetry(2), httpx.ResilientClientWithConnectionTimeout(30 * time.Second), - // Tracing still works correctly even though we pass a no-op tracer - // here, because the otelhttp package will preferentially use the - // tracer from the incoming request context over this one. - httpx.ResilientClientWithTracer(noop.NewTracerProvider().Tracer("github.com/ory/kratos/driver/config")), } if o, ok := ctx.Value(validateIdentitySchemasClientKey).([]httpx.ResilientOptions); ok { diff --git a/oryx/Makefile b/oryx/Makefile index c0a55b8b781f..31c098b37fed 100644 --- a/oryx/Makefile +++ b/oryx/Makefile @@ -13,7 +13,7 @@ format: .bin/ory node_modules npm exec -- prettier --write . .bin/golangci-lint: Makefile - curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b .bin v1.64.8 + curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b .bin v2.4.0 .bin/licenses: Makefile curl https://raw.githubusercontent.com/ory/ci/master/licenses/install | sh diff --git a/oryx/httpx/resilient_client.go b/oryx/httpx/resilient_client.go index 8e5b4537a081..cac80d74db71 100644 --- a/oryx/httpx/resilient_client.go +++ b/oryx/httpx/resilient_client.go @@ -10,7 +10,6 @@ import ( "net/http" "time" - "go.opentelemetry.io/otel/trace" "golang.org/x/oauth2" "github.com/hashicorp/go-retryablehttp" @@ -20,16 +19,12 @@ import ( type resilientOptions struct { c *http.Client - oauthConfig *oauth2.Config - oauthToken *oauth2.Token l interface{} retryWaitMin time.Duration retryWaitMax time.Duration retryMax int noInternalIPs bool internalIPExceptions []string - ipV6 bool - tracer trace.Tracer } func newResilientOptions() *resilientOptions { @@ -40,20 +35,12 @@ func newResilientOptions() *resilientOptions { retryWaitMax: 30 * time.Second, retryMax: 4, l: log.New(io.Discard, "", log.LstdFlags), - ipV6: true, } } // ResilientOptions is a set of options for the ResilientClient. type ResilientOptions func(o *resilientOptions) -// ResilientClientWithTracer wraps the http clients transport with a tracing instrumentation -func ResilientClientWithTracer(tracer trace.Tracer) ResilientOptions { - return func(o *resilientOptions) { - o.tracer = tracer - } -} - // ResilientClientWithMaxRetry sets the maximum number of retries. func ResilientClientWithMaxRetry(retryMax int) ResilientOptions { return func(o *resilientOptions) { @@ -104,12 +91,6 @@ func ResilientClientAllowInternalIPRequestsTo(urlGlobs ...string) ResilientOptio } } -func ResilientClientNoIPv6() ResilientOptions { - return func(o *resilientOptions) { - o.ipV6 = false - } -} - // NewResilientClient creates a new ResilientClient. func NewResilientClient(opts ...ResilientOptions) *retryablehttp.Client { o := newResilientOptions() @@ -119,12 +100,12 @@ func NewResilientClient(opts ...ResilientOptions) *retryablehttp.Client { if o.noInternalIPs { o.c.Transport = &noInternalIPRoundTripper{ - onWhitelist: ifelse(o.ipV6, allowInternalAllowIPv6, allowInternalProhibitIPv6), - notOnWhitelist: ifelse(o.ipV6, prohibitInternalAllowIPv6, prohibitInternalProhibitIPv6), + onWhitelist: allowInternalAllowIPv6, + notOnWhitelist: prohibitInternalAllowIPv6, internalIPExceptions: o.internalIPExceptions, } } else { - o.c.Transport = ifelse(o.ipV6, allowInternalAllowIPv6, allowInternalProhibitIPv6) + o.c.Transport = allowInternalAllowIPv6 } cl := retryablehttp.NewClient() @@ -155,10 +136,3 @@ func SetOAuth2(ctx context.Context, cl *retryablehttp.Client, c OAuth2Config, t type OAuth2Config interface { Client(context.Context, *oauth2.Token) *http.Client } - -func ifelse[A any](b bool, x, y A) A { - if b { - return x - } - return y -} diff --git a/oryx/httpx/ssrf.go b/oryx/httpx/ssrf.go index 44de1292aaa2..a217c7dd3c95 100644 --- a/oryx/httpx/ssrf.go +++ b/oryx/httpx/ssrf.go @@ -55,10 +55,8 @@ func (n noInternalIPRoundTripper) RoundTrip(request *http.Request) (*http.Respon } var ( - prohibitInternalAllowIPv6 http.RoundTripper - prohibitInternalProhibitIPv6 http.RoundTripper - allowInternalAllowIPv6 http.RoundTripper - allowInternalProhibitIPv6 http.RoundTripper + prohibitInternalAllowIPv6 http.RoundTripper + allowInternalAllowIPv6 http.RoundTripper ) func init() { @@ -79,7 +77,6 @@ func init() { t.DialContext = func(ctx context.Context, network, addr string) (net.Conn, error) { return d.DialContext(ctx, "tcp4", addr) } - prohibitInternalProhibitIPv6 = OTELTraceTransport(t) } func init() { @@ -122,7 +119,6 @@ func init() { t.DialContext = func(ctx context.Context, network, addr string) (net.Conn, error) { return d.DialContext(ctx, "tcp4", addr) } - allowInternalProhibitIPv6 = OTELTraceTransport(t) } func newDefaultTransport() (*http.Transport, *net.Dialer) { diff --git a/oryx/jsonnetsecure/jsonnet.go b/oryx/jsonnetsecure/jsonnet.go index 5559be5e2306..542d2b656287 100644 --- a/oryx/jsonnetsecure/jsonnet.go +++ b/oryx/jsonnetsecure/jsonnet.go @@ -65,6 +65,12 @@ func newVMOptions() *vmOptions { } } +func WithContext(ctx context.Context) Option { + return func(o *vmOptions) { + o.ctx = ctx + } +} + func WithProcessPool(p Pool) Option { return func(o *vmOptions) { pool, _ := p.(*pool) diff --git a/oryx/jsonnetsecure/provider.go b/oryx/jsonnetsecure/provider.go index cf78904d4ce3..1655091bcdbc 100644 --- a/oryx/jsonnetsecure/provider.go +++ b/oryx/jsonnetsecure/provider.go @@ -41,6 +41,7 @@ func NewTestProvider(t testing.TB) *TestProvider { func (p *TestProvider) JsonnetVM(ctx context.Context) (VM, error) { return MakeSecureVM( + WithContext(ctx), WithProcessPool(p.pool), WithJsonnetBinary(p.jsonnetBinary), ), nil @@ -52,6 +53,7 @@ func (p *DefaultProvider) JsonnetVM(ctx context.Context) (VM, error) { return nil, err } return MakeSecureVM( + WithContext(ctx), WithJsonnetBinary(self), WithProcessArgs(p.Subcommand), WithProcessPool(p.Pool), diff --git a/selfservice/strategy/password/validator.go b/selfservice/strategy/password/validator.go index d8789c500089..6638a7db3ea0 100644 --- a/selfservice/strategy/password/validator.go +++ b/selfservice/strategy/password/validator.go @@ -13,8 +13,6 @@ import ( "strings" "time" - "go.opentelemetry.io/otel/trace/noop" - "github.com/ory/kratos/text" "github.com/arbovm/levenshtein" @@ -85,10 +83,7 @@ func NewDefaultPasswordValidatorStrategy(reg validatorDependencies) (*DefaultPas return &DefaultPasswordValidator{ Client: httpx.NewResilientClient( httpx.ResilientClientWithConnectionTimeout(time.Second), - // Tracing still works correctly even though we pass a no-op tracer - // here, because the otelhttp package will preferentially use the - // tracer from the incoming request context over this one. - httpx.ResilientClientWithTracer(noop.NewTracerProvider().Tracer("github.com/ory/kratos/selfservice/strategy/password"))), + ), reg: reg, hashes: cache, minIdentifierPasswordDist: 5, maxIdentifierPasswordSubstrThreshold: 0.5,