Fix linting errors in authorizedcerts

- Add comments and refactor
- Update depguard configuration

Contributes to: https://gitlab.com/gitlab-org/gitlab-shell/-/issues/738

.golangci.yml

@@ -133,7 +133,15 @@ linters-settings:
     min-len: 3
     # minimal occurrences count to trigger, 3 by default
     min-occurrences: 3
-  # depguard:
+  depguard:
+    rules:
+      test:
+        files:
+          - $test
+        allow:
+          - $gostd
+          - github.com/stretchr/testify
+          - gitlab.com/gitlab-org/gitlab-shell
   #   list-type: blacklist
   #   include-go-root: false
   #   packages:

internal/gitlabnet/authorizedcerts/client.go

+// Package authorizedcerts implements functions for authorizing users with ssh certificates
 package authorizedcerts
 
 import (
@@ -11,30 +12,34 @@ import (
 )
 
 const (
-	AuthorizedCertsPath = "/authorized_certs"
+	authorizedCertsPath = "/authorized_certs"
 )
 
+// Client wraps a gitlab client and its associated config
 type Client struct {
 	config *config.Config
 	client *client.GitlabNetClient
 }
 
+// Response contains the json response from authorized_certs
 type Response struct {
 	Username  string `json:"username"`
 	Namespace string `json:"namespace"`
 }
 
+// NewClient instantiates a Client with config
 func NewClient(config *config.Config) (*Client, error) {
 	client, err := gitlabnet.GetClient(config)
 	if err != nil {
-		return nil, fmt.Errorf("Error creating http client: %v", err)
+		return nil, fmt.Errorf("error creating http client: %v", err)
 	}
 
 	return &Client{config: config, client: client}, nil
 }
 
-func (c *Client) GetByKey(ctx context.Context, userId, fingerprint string) (*Response, error) {
-	path, err := pathWithKey(userId, fingerprint)
+// GetByKey makes a request to authorized_certs for the namespace configured with a cert that matches fingerprint
+func (c *Client) GetByKey(ctx context.Context, userID, fingerprint string) (*Response, error) {
+	path, err := pathWithKey(userID, fingerprint)
 	if err != nil {
 		return nil, err
 	}
@@ -43,7 +48,9 @@ func (c *Client) GetByKey(ctx context.Context, userId, fingerprint string) (*Res
 	if err != nil {
 		return nil, err
 	}
-	defer response.Body.Close()
+	defer func() {
+		_ = response.Body.Close()
+	}()
 
 	parsedResponse := &Response{}
 	if err := gitlabnet.ParseJSON(response, parsedResponse); err != nil {
@@ -53,15 +60,15 @@ func (c *Client) GetByKey(ctx context.Context, userId, fingerprint string) (*Res
 	return parsedResponse, nil
 }
 
-func pathWithKey(userId, fingerprint string) (string, error) {
-	u, err := url.Parse(AuthorizedCertsPath)
+func pathWithKey(userID, fingerprint string) (string, error) {
+	u, err := url.Parse(authorizedCertsPath)
 	if err != nil {
 		return "", err
 	}
 
 	params := u.Query()
 	params.Set("key", fingerprint)
-	params.Set("user_identifier", userId)
+	params.Set("user_identifier", userID)
 	u.RawQuery = params.Encode()
 
 	return u.String(), nil

internal/gitlabnet/authorizedcerts/client_test.go

@@ -21,23 +21,24 @@ func init() {
 		{
 			Path: "/api/v4/internal/authorized_certs",
 			Handler: func(w http.ResponseWriter, r *http.Request) {
-				if r.URL.Query().Get("key") == "key" {
+				switch key := r.URL.Query().Get("key"); key {
+				case "key":
 					body := &Response{
 						Namespace: "group",
 						Username:  r.URL.Query().Get("user_identifier"),
 					}
 					json.NewEncoder(w).Encode(body)
-				} else if r.URL.Query().Get("key") == "broken-message" {
+				case "broken-message":
 					w.WriteHeader(http.StatusForbidden)
 					body := &client.ErrorResponse{
 						Message: "Not allowed!",
 					}
 					json.NewEncoder(w).Encode(body)
-				} else if r.URL.Query().Get("key") == "broken-json" {
+				case "broken-json":
 					w.Write([]byte("{ \"message\": \"broken json!\""))
-				} else if r.URL.Query().Get("key") == "broken-empty" {
+				case "broken-empty":
 					w.WriteHeader(http.StatusForbidden)
-				} else {
+				default:
 					w.WriteHeader(http.StatusNotFound)
 				}
 			},