Draft
Conversation
Contributor
adombeck
commented
Mar 19, 2026
adombeck
commented
Running our tests with -v produces so much output that it makes it harder to inspect test failures, for example when viewing the logs of the "Run autopkgtests" CI job in GitHub. Running the tests without -v still prints the logs of the failed tests which should include all the information we need to debug test failures.
As suggested by reviewer. It's not implemented for now, warnings are always returned in English.
We don't need to load the bwrap-userns-restrict AppArmor profile for the bubblewrap tests to work. In fact, we even have to circumvent the AppArmor profile (if it's loaded) for the tests to work. This reverts commit 7b926c0.
Needed to run bubblewrap tests
Uses the same colors as systemctl etc.
Looks more polished and is consistent with other CLI tools like systemctl (see for example the output of `systemctl mask foo`).
It's possible that SetUserID returns an error but the UID was still changed, for example when an error occurred while trying to update the ownership of the home directory. In that case, make it clear to the user that the UID was changed. Also print a message when the home directory was updated.
As requested by reviewer, to make it more visible to the user that they have to manually update the ownership of files outside the user's home directory.
So we don't hide a programmer error.
Support setting the UID of a user via `authctl user set-uid <user> <uid>`. Also changes the owner and group of the user's home directory and all files in the home directory from the old UID and GID to the new UID and GID (if it is owned by the current user), same as `usermod` does when changing the UID of a user. Closes #630 UDENG-7717 UDENG-8720
Produces prettier docs
So that it can be imported by the docgen tool we're about to add.
Having the "This command requires root privileges." sentence after the `chown -R` command was confusing, it sounded like it was referring to that command instead of the authctl command.
To generate the CLI docs
The auto-generated Cobra markdown docs use headings starting at H2, not H1. That results in Sphinx printing warnings, which causes the build to fail in the CI (but not locally). Let's ignore these kind of warnings for now.
Some tests are very flaky when run on launchpad builders. This is not only causing issues for us when we try to publish a new release but can also cause issues for maintainers of packages which authd depends on, because authd's autopkgtests are also run when a new version of its dependencies is released. Let's skip known flaky tests in autopkgtests.
UDENG-9439
G101: Potential hardcoded credentials (gosec)
G703: Path traversal via taint analysis (gosec)
package-comments: should have a package comment (revive)
directive `//nolint:revive // See comment above` is unused for linter "revive" (nolintlint)
G118: context cancellation function returned by WithCancel/WithTimeout/WithDeadline is not called (gosec)
G115: integer overflow conversion int -> uint32 (gosec) directive `//nolint:gosec // G115 we set the GID above to values that are valid uint32` is unused for linter "gosec" (nolintlint)
G204: Subprocess launched with variable
G122: Filesystem operation in filepath.Walk/WalkDir callback uses race-prone path; consider root-scoped APIs (e.g. os.Root) to prevent symlink TOCTOU traversal (gosec)
G702: Command injection via taint analysis (gosec)
G705: XSS via taint analysis (gosec)
G120: Parsing form data without limiting request body size can allow memory exhaustion (use http.MaxBytesReader) (gosec)
Bumps the minor-updates group in /authd-oidc-brokers/tools with 2 updates: [github.com/golangci/golangci-lint/v2](https://github.com/golangci/golangci-lint) and [golang.org/x/mod](https://github.com/golang/mod). Updates `github.com/golangci/golangci-lint/v2` from 2.8.0 to 2.11.3 - [Release notes](https://github.com/golangci/golangci-lint/releases) - [Changelog](https://github.com/golangci/golangci-lint/blob/main/CHANGELOG.md) - [Commits](golangci/golangci-lint@v2.8.0...v2.11.3) Updates `golang.org/x/mod` from 0.32.0 to 0.33.0 - [Commits](golang/mod@v0.32.0...v0.33.0) --- updated-dependencies: - dependency-name: github.com/golangci/golangci-lint/v2 dependency-version: 2.11.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-updates - dependency-name: golang.org/x/mod dependency-version: 0.33.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-updates ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps the minor-updates group in /tools with 1 update: [github.com/golangci/golangci-lint/v2](https://github.com/golangci/golangci-lint). Updates `github.com/golangci/golangci-lint/v2` from 2.8.0 to 2.11.3 - [Release notes](https://github.com/golangci/golangci-lint/releases) - [Changelog](https://github.com/golangci/golangci-lint/blob/main/CHANGELOG.md) - [Commits](golangci/golangci-lint@v2.8.0...v2.11.3) --- updated-dependencies: - dependency-name: github.com/golangci/golangci-lint/v2 dependency-version: 2.11.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-updates ... Signed-off-by: dependabot[bot] <support@github.com>
As pointed out by gosec, filepath.WalkDir is susceptible to a symlink race and os.Root should be used for file operations to defend against it. See also golang/go#70007.
Replace `filepath.WalkDir` with `fs.WalkDir(r.FS(), ".")` to pass root-relative paths to `os.Root.Lchown()` in ChownRecursiveFrom
Bumps the minor-updates group with 4 updates in the / directory: [github.com/mattn/go-sqlite3](https://github.com/mattn/go-sqlite3), [golang.org/x/sys](https://github.com/golang/sys), [golang.org/x/term](https://github.com/golang/term) and [google.golang.org/grpc](https://github.com/grpc/grpc-go). Updates `github.com/mattn/go-sqlite3` from 1.14.33 to 1.14.34 - [Release notes](https://github.com/mattn/go-sqlite3/releases) - [Commits](mattn/go-sqlite3@v1.14.33...v1.14.34) Updates `golang.org/x/sys` from 0.40.0 to 0.41.0 - [Commits](golang/sys@v0.40.0...v0.41.0) Updates `golang.org/x/term` from 0.39.0 to 0.40.0 - [Commits](golang/term@v0.39.0...v0.40.0) Updates `google.golang.org/grpc` from 1.78.0 to 1.79.1 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.78.0...v1.79.1) --- updated-dependencies: - dependency-name: github.com/mattn/go-sqlite3 dependency-version: 1.14.34 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-updates - dependency-name: golang.org/x/sys dependency-version: 0.41.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-updates - dependency-name: golang.org/x/term dependency-version: 0.40.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-updates - dependency-name: google.golang.org/grpc dependency-version: 1.79.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-updates ... Signed-off-by: dependabot[bot] <support@github.com>
|
✅dependabot config looks good 👍 |
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## stable #1350 +/- ##
=========================================
Coverage ? 85.34%
=========================================
Files ? 119
Lines ? 7674
Branches ? 111
=========================================
Hits ? 6549
Misses ? 1069
Partials ? 56 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.