Merge branch 'main' of gitlab.com:gitlab-community/gitlab-shell into 797-console-lint

cffbe11b · Archish · bc3cf860 · 6b65a4ca · cffbe11b · cffbe11b
Commit cffbe11b authored 5 months ago by Archish
--- a/internal/command/shared/disallowedcommand/disallowedcommand.go
+++ b/internal/command/shared/disallowedcommand/disallowedcommand.go
+// Package disallowedcommand provides an error for handling disallowed commands.
 package disallowedcommand

 import "errors"

 var (
-	Error = errors.New("Disallowed command")
+	// Error is returned when a disallowed command is encountered.
+	Error = errors.New("Disallowed command") //nolint:stylecheck // Used to display the error message to the user.
 )
--- a/internal/command/uploadarchive/gitalycall_test.go
+++ b/internal/command/uploadarchive/gitalycall_test.go
@@ -21,7 +21,7 @@ func TestUploadArchive(t *testing.T) {
 	for _, network := range []string{"unix", "tcp", "dns"} {
 		t.Run(fmt.Sprintf("via %s network", network), func(t *testing.T) {
 			gitalyAddress, testServer := testserver.StartGitalyServer(t, network)
-			t.Log(fmt.Sprintf("Server address: %s", gitalyAddress))
+			t.Logf("Server address: %s", gitalyAddress)

 			requests := requesthandlers.BuildAllowedWithGitalyHandlers(t, gitalyAddress)
 			url := testserver.StartHTTPServer(t, requests)
@@ -29,7 +29,7 @@ func TestUploadArchive(t *testing.T) {
 			output := &bytes.Buffer{}
 			input := &bytes.Buffer{}

-			userId := "1"
+			userID := "1"
 			repo := "group/repo"

 			env := sshenv.Env{
@@ -39,7 +39,7 @@ func TestUploadArchive(t *testing.T) {
 			}

 			args := &commandargs.Shell{
-				GitlabKeyId: userId,
+				GitlabKeyId: userID,
 				CommandType: commandargs.UploadArchive,
 				SshArgs:     []string{"git-upload-archive", repo},
 				Env:         env,

--- a/internal/gitlabnet/git/client_test.go
+++ b/internal/gitlabnet/git/client_test.go
@@ -7,6 +7,7 @@ import (
 	"net/http"
 	"testing"

+	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	httpclient "gitlab.com/gitlab-org/gitlab-shell/v14/client"
 	"gitlab.com/gitlab-org/gitlab-shell/v14/client/testserver"
@@ -16,6 +17,7 @@ var customHeaders = map[string]string{
 	"Authorization": "Bearer: token",
 	"Header-One":    "Value-Two",
 }
+var refsBody = "0032want 0a53e9ddeaddad63ad106860237bbf53411d11a7\n"

 func TestInfoRefs(t *testing.T) {
 	client := setup(t)
@@ -53,7 +55,6 @@ func TestReceivePack(t *testing.T) {
 func TestUploadPack(t *testing.T) {
 	client := setup(t)

-	refsBody := "0032want 0a53e9ddeaddad63ad106860237bbf53411d11a7\n"
 	response, err := client.UploadPack(context.Background(), bytes.NewReader([]byte(refsBody)))
 	require.NoError(t, err)
 	defer response.Body.Close()
@@ -67,7 +68,6 @@ func TestUploadPack(t *testing.T) {
 func TestSSHUploadPack(t *testing.T) {
 	client := setup(t)

-	refsBody := "0032want 0a53e9ddeaddad63ad106860237bbf53411d11a7\n"
 	response, err := client.SSHUploadPack(context.Background(), bytes.NewReader([]byte(refsBody)))
 	require.NoError(t, err)
 	defer response.Body.Close()
@@ -81,7 +81,6 @@ func TestSSHUploadPack(t *testing.T) {
 func TestSSHReceivePack(t *testing.T) {
 	client := setup(t)

-	refsBody := "0032want 0a53e9ddeaddad63ad106860237bbf53411d11a7\n"
 	response, err := client.SSHReceivePack(context.Background(), bytes.NewReader([]byte(refsBody)))
 	require.NoError(t, err)
 	defer response.Body.Close()
@@ -157,8 +156,8 @@ func setup(t *testing.T) *Client {
 		{
 			Path: "/info/refs",
 			Handler: func(w http.ResponseWriter, r *http.Request) {
-				require.Equal(t, customHeaders["Authorization"], r.Header.Get("Authorization"))
-				require.Equal(t, customHeaders["Header-One"], r.Header.Get("Header-One"))
+				assert.Equal(t, customHeaders["Authorization"], r.Header.Get("Authorization"))
+				assert.Equal(t, customHeaders["Header-One"], r.Header.Get("Header-One"))

 				w.Write([]byte(r.URL.Query().Get("service")))
 			},
@@ -166,13 +165,13 @@ func setup(t *testing.T) *Client {
 		{
 			Path: "/git-receive-pack",
 			Handler: func(w http.ResponseWriter, r *http.Request) {
-				require.Equal(t, customHeaders["Authorization"], r.Header.Get("Authorization"))
-				require.Equal(t, customHeaders["Header-One"], r.Header.Get("Header-One"))
-				require.Equal(t, "application/x-git-receive-pack-request", r.Header.Get("Content-Type"))
-				require.Equal(t, "application/x-git-receive-pack-result", r.Header.Get("Accept"))
+				assert.Equal(t, customHeaders["Authorization"], r.Header.Get("Authorization"))
+				assert.Equal(t, customHeaders["Header-One"], r.Header.Get("Header-One"))
+				assert.Equal(t, "application/x-git-receive-pack-request", r.Header.Get("Content-Type"))
+				assert.Equal(t, "application/x-git-receive-pack-result", r.Header.Get("Accept"))

 				body, err := io.ReadAll(r.Body)
-				require.NoError(t, err)
+				assert.NoError(t, err)
 				defer r.Body.Close()

 				w.Write([]byte("git-receive-pack: "))
@@ -182,13 +181,13 @@ func setup(t *testing.T) *Client {
 		{
 			Path: "/git-upload-pack",
 			Handler: func(w http.ResponseWriter, r *http.Request) {
-				require.Equal(t, customHeaders["Authorization"], r.Header.Get("Authorization"))
-				require.Equal(t, customHeaders["Header-One"], r.Header.Get("Header-One"))
-				require.Equal(t, "application/x-git-upload-pack-request", r.Header.Get("Content-Type"))
-				require.Equal(t, "application/x-git-upload-pack-result", r.Header.Get("Accept"))
+				assert.Equal(t, customHeaders["Authorization"], r.Header.Get("Authorization"))
+				assert.Equal(t, customHeaders["Header-One"], r.Header.Get("Header-One"))
+				assert.Equal(t, "application/x-git-upload-pack-request", r.Header.Get("Content-Type"))
+				assert.Equal(t, "application/x-git-upload-pack-result", r.Header.Get("Accept"))

 				_, err := io.ReadAll(r.Body)
-				require.NoError(t, err)
+				assert.NoError(t, err)
 				defer r.Body.Close()

 				w.Write([]byte("git-upload-pack: content"))
@@ -197,11 +196,11 @@ func setup(t *testing.T) *Client {
 		{
 			Path: sshUploadPackPath,
 			Handler: func(w http.ResponseWriter, r *http.Request) {
-				require.Equal(t, customHeaders["Authorization"], r.Header.Get("Authorization"))
-				require.Equal(t, customHeaders["Header-One"], r.Header.Get("Header-One"))
+				assert.Equal(t, customHeaders["Authorization"], r.Header.Get("Authorization"))
+				assert.Equal(t, customHeaders["Header-One"], r.Header.Get("Header-One"))

 				_, err := io.ReadAll(r.Body)
-				require.NoError(t, err)
+				assert.NoError(t, err)
 				defer r.Body.Close()

 				w.Write([]byte("ssh-upload-pack: content"))
@@ -210,11 +209,11 @@ func setup(t *testing.T) *Client {
 		{
 			Path: sshReceivePackPath,
 			Handler: func(w http.ResponseWriter, r *http.Request) {
-				require.Equal(t, customHeaders["Authorization"], r.Header.Get("Authorization"))
-				require.Equal(t, customHeaders["Header-One"], r.Header.Get("Header-One"))
+				assert.Equal(t, customHeaders["Authorization"], r.Header.Get("Authorization"))
+				assert.Equal(t, customHeaders["Header-One"], r.Header.Get("Header-One"))

 				_, err := io.ReadAll(r.Body)
-				require.NoError(t, err)
+				assert.NoError(t, err)
 				defer r.Body.Close()

 				w.Write([]byte("ssh-receive-pack: content"))

--- a/internal/gitlabnet/lfsauthenticate/client_test.go
+++ b/internal/gitlabnet/lfsauthenticate/client_test.go
@@ -7,6 +7,7 @@ import (
 	"net/http"
 	"testing"

+	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"

 	"gitlab.com/gitlab-org/gitlab-shell/v14/client/testserver"
@@ -26,10 +27,10 @@ func setup(t *testing.T) []testserver.TestRequestHandler {
 			Handler: func(w http.ResponseWriter, r *http.Request) {
 				b, err := io.ReadAll(r.Body)
 				defer r.Body.Close()
-				require.NoError(t, err)
+				assert.NoError(t, err)

 				var request *Request
-				require.NoError(t, json.Unmarshal(b, &request))
+				assert.NoError(t, json.Unmarshal(b, &request))

 				switch request.KeyID {
 				case keyID:
@@ -39,7 +40,7 @@ func setup(t *testing.T) []testserver.TestRequestHandler {
 						"repository_http_path": "https://gitlab.com/repo/path",
 						"expires_in":           1800,
 					}
-					require.NoError(t, json.NewEncoder(w).Encode(body))
+					assert.NoError(t, json.NewEncoder(w).Encode(body))
 				case "forbidden":
 					w.WriteHeader(http.StatusForbidden)
 				case "broken":
@@ -88,7 +89,7 @@ func TestFailedRequests(t *testing.T) {
 			_, err = client.Authenticate(context.Background(), operation, repo, "")
 			require.Error(t, err)

-			require.Equal(t, tc.expectedOutput, err.Error())
+			assert.Equal(t, tc.expectedOutput, err.Error())
 		})
 	}
 }
@@ -128,7 +129,7 @@ func TestSuccessfulRequests(t *testing.T) {
 				ExpiresIn: 1800,
 			}

-			require.Equal(t, expectedResponse, response)
+			assert.Equal(t, expectedResponse, response)
 		})
 	}
 }
--- a/internal/gitlabnet/lfstransfer/client.go
+++ b/internal/gitlabnet/lfstransfer/client.go
+// Package lfstransfer provides functionality for handling LFS (Large File Storage) transfers.
 package lfstransfer

 import (
@@ -17,6 +18,7 @@ import (
 	"gitlab.com/gitlab-org/gitlab-shell/v14/internal/gitlabnet"
 )

+// Client holds configuration, arguments, and authentication details for the client.
 type Client struct {
 	config *config.Config
 	args   *commandargs.Shell
@@ -25,6 +27,7 @@ type Client struct {
 	header string
 }

+// BatchAction represents an action for a batch operation with metadata.
 type BatchAction struct {
 	Href      string            `json:"href"`
 	Header    map[string]string `json:"header,omitempty"`
@@ -32,6 +35,7 @@ type BatchAction struct {
 	ExpiresIn int               `json:"expires_in,omitempty"`
 }

+// BatchObject represents an object in a batch operation with its metadata and actions.
 type BatchObject struct {
 	Oid           string                  `json:"oid,omitempty"`
 	Size          int64                   `json:"size"`
@@ -50,6 +54,7 @@ type batchRequest struct {
 	HashAlgorithm string         `json:"hash_algo,omitempty"`
 }

+// BatchResponse contains batch operation results and the hash algorithm used.
 type BatchResponse struct {
 	Objects       []*BatchObject `json:"objects"`
 	HashAlgorithm string         `json:"hash_algo,omitempty"`
@@ -79,10 +84,12 @@ type listLocksVerifyRequest struct {
 	Ref    *batchRef `json:"ref,omitempty"`
 }

+// LockOwner represents the owner of a lock.
 type LockOwner struct {
 	Name string `json:"name"`
 }

+// Lock represents a lock with its ID, path, timestamp, and owner details.
 type Lock struct {
 	ID       string     `json:"id"`
 	Path     string     `json:"path"`
@@ -90,19 +97,23 @@ type Lock struct {
 	Owner    *LockOwner `json:"owner"`
 }

+// ListLocksResponse contains a list of locks and a cursor for pagination.
 type ListLocksResponse struct {
 	Locks      []*Lock `json:"locks,omitempty"`
 	NextCursor string  `json:"next_cursor,omitempty"`
 }

+// ListLocksVerifyResponse provides lists of locks for "ours" and "theirs" with a cursor for pagination.
 type ListLocksVerifyResponse struct {
 	Ours       []*Lock `json:"ours,omitempty"`
 	Theirs     []*Lock `json:"theirs,omitempty"`
 	NextCursor string  `json:"next_cursor,omitempty"`
 }

+// ClientHeader specifies the content type for Git LFS JSON requests.
 var ClientHeader = "application/vnd.git-lfs+json"

+// NewClient creates a new Client instance using the provided configuration and credentials.
 func NewClient(config *config.Config, args *commandargs.Shell, href string, auth string) (*Client, error) {
 	return &Client{config: config, args: args, href: href, auth: auth, header: ClientHeader}, nil
 }
@@ -121,6 +132,7 @@ func newHTTPClient() *retryablehttp.Client {
 	return client
 }

+// Batch performs a batch operation on objects and returns the result.
 func (c *Client) Batch(operation string, reqObjects []*BatchObject, ref string, reqHashAlgo string) (*BatchResponse, error) {
 	// FIXME: This causes tests to fail
 	// if ref == "" {
@@ -211,6 +223,7 @@ func (c *Client) PutObject(_, href string, headers map[string]string, r io.Reade
 	return nil
 }

+// Lock acquires a lock for the specified path with an optional reference name.
 func (c *Client) Lock(path, refname string) (*Lock, error) {
 	var ref *batchRef
 	if refname != "" {
@@ -268,6 +281,7 @@ func (c *Client) Lock(path, refname string) (*Lock, error) {
 	}
 }

+// Unlock releases the lock with the given id, optionally forcing the unlock.
 func (c *Client) Unlock(id string, force bool, refname string) (*Lock, error) {
 	var ref *batchRef
 	if refname != "" {
@@ -318,6 +332,7 @@ func (c *Client) Unlock(id string, force bool, refname string) (*Lock, error) {
 	}
 }

+// ListLocksVerify retrieves locks for the given path and id, with optional pagination.
 func (c *Client) ListLocksVerify(path, id, cursor string, limit int, ref string) (*ListLocksVerifyResponse, error) {
 	url, err := url.Parse(c.href)
 	if err != nil {

--- a/internal/gitlabnet/personalaccesstoken/client_test.go
+++ b/internal/gitlabnet/personalaccesstoken/client_test.go
@@ -7,6 +7,7 @@ import (
 	"net/http"
 	"testing"

+	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"gitlab.com/gitlab-org/gitlab-shell/v14/client"
 	"gitlab.com/gitlab-org/gitlab-shell/v14/client/testserver"
@@ -27,7 +28,7 @@ func initialize(t *testing.T) {
 				b, err := io.ReadAll(r.Body)
 				defer r.Body.Close()

-				require.NoError(t, err)
+				assert.NoError(t, err)

 				var requestBody *RequestBody
 				json.Unmarshal(b, &requestBody)

--- a/internal/logger/logger.go
+++ b/internal/logger/logger.go
+// Package logger provides logging configuration utilities for the gitlab-shell
 package logger

 import (
@@ -52,7 +53,7 @@ func buildOpts(cfg *config.Config) []log.LoggerOption {
 // opened for writing.
 func Configure(cfg *config.Config) io.Closer {
 	var closer io.Closer = io.NopCloser(nil)
-	err := fmt.Errorf("No logfile specified")
+	err := fmt.Errorf("no logfile specified")

 	if cfg.LogFile != "" {
 		closer, err = log.Initialize(buildOpts(cfg)...)
@@ -66,7 +67,7 @@ func Configure(cfg *config.Config) io.Closer {
 			syslogLogger.Print(msg)
 		} else {
 			msg := fmt.Sprintf("%s: Unable to configure logging: %v, %v\n", progName, err.Error(), syslogLoggerErr.Error())
-			fmt.Fprintf(os.Stderr, msg)
+			fmt.Fprintln(os.Stderr, msg)
 		}

 		cfg.LogFile = "/dev/null"

--- a/internal/metrics/metrics.go
+++ b/internal/metrics/metrics.go
+// Package metrics provides Prometheus metrics for monitoring gitlab-shell components.
 package metrics

 import (
@@ -34,6 +35,7 @@ const (
 )

 var (
+	// SshdSessionDuration is a histogram of latencies for connections to gitlab-shell sshd.
 	SshdSessionDuration = promauto.NewHistogram(
 		prometheus.HistogramOpts{
 			Namespace: namespace,
@@ -48,6 +50,7 @@ var (
 		},
 	)

+	// SshdSessionEstablishedDuration is a histogram of latencies until session established to gitlab-shell sshd.
 	SshdSessionEstablishedDuration = promauto.NewHistogram(
 		prometheus.HistogramOpts{
 			Namespace: namespace,
@@ -62,6 +65,7 @@ var (
 		},
 	)

+	// SshdConnectionsInFlight is a gauge of connections currently being served by gitlab-shell sshd.
 	SshdConnectionsInFlight = promauto.NewGauge(
 		prometheus.GaugeOpts{
 			Namespace: namespace,
@@ -71,6 +75,7 @@ var (
 		},
 	)

+	// SshdHitMaxSessions is the number of times the concurrent sessions limit was hit in gitlab-shell sshd.
 	SshdHitMaxSessions = promauto.NewCounter(
 		prometheus.CounterOpts{
 			Namespace: namespace,
@@ -80,6 +85,7 @@ var (
 		},
 	)

+	// SliSshdSessionsTotal is the number of SSH sessions that have been established.
 	SliSshdSessionsTotal = promauto.NewCounter(
 		prometheus.CounterOpts{
 			Name: sliSshdSessionsTotalName,
@@ -87,6 +93,7 @@ var (
 		},
 	)

+	// SliSshdSessionsErrorsTotal is the number of SSH sessions that have failed.
 	SliSshdSessionsErrorsTotal = promauto.NewCounter(
 		prometheus.CounterOpts{
 			Name: sliSshdSessionsErrorsTotalName,
@@ -94,6 +101,7 @@ var (
 		},
 	)

+	// GitalyConnectionsTotal is a counter for the number of Gitaly connections that have been established,
 	GitalyConnectionsTotal = promauto.NewCounterVec(
 		prometheus.CounterOpts{
 			Namespace: namespace,
@@ -147,6 +155,7 @@ var (
 		},
 	)

+	// LfsHTTPConnectionsTotal is the number of LFS over HTTP connections that have been established.
 	LfsHTTPConnectionsTotal = promauto.NewCounter(
 		prometheus.CounterOpts{
 			Name: lfsHTTPConnectionsTotalName,
@@ -154,6 +163,7 @@ var (
 		},
 	)

+	// LfsSSHConnectionsTotal is the number of LFS over SSH connections that have been established.
 	LfsSSHConnectionsTotal = promauto.NewCounter(
 		prometheus.CounterOpts{
 			Name: lfsSSHConnectionsTotalName,
@@ -162,6 +172,7 @@ var (
 	)
 )

+// NewRoundTripper wraps an http.RoundTripper to instrument it with Prometheus metrics.
 func NewRoundTripper(next http.RoundTripper) promhttp.RoundTripperFunc {
 	rt := next


--- a/internal/pktline/pktline.go
+++ b/internal/pktline/pktline.go
+// Package pktline provides utility functions for working with the Git pkt-line format.
 package pktline

 // Utility functions for working with the Git pkt-line format. See
@@ -27,6 +28,7 @@ func NewScanner(r io.Reader) *bufio.Scanner {
 	return scanner
 }

+// IsRefRemoval checks if the packet represents a reference removal.
 func IsRefRemoval(pkt []byte) bool {
 	return branchRemovalPktRegexp.Match(pkt)
 }

--- a/internal/sshd/connection.go
+++ b/internal/sshd/connection.go
@@ -168,7 +168,15 @@ func (c *connection) sendKeepAliveMsg(ctx context.Context, sconn *ssh.ServerConn
 		case <-ticker.C:
 			ctxlog.Debug("connection: sendKeepAliveMsg: send keepalive message to a client")

-			_, _, _ = sconn.SendRequest(KeepAliveMsg, true, nil)
+			status, payload, err := sconn.SendRequest(KeepAliveMsg, true, nil)
+			if err != nil {
+				ctxlog.Errorf("Error occurred while sending request :%v", err)
+				return
+			}
+
+			if status {
+				ctxlog.Debugf("connection: sendKeepAliveMsg: payload: %v", string(payload))
+			}
 		}
 	}
 }

--- a/internal/sshd/connection_test.go
+++ b/internal/sshd/connection_test.go
@@ -78,7 +78,7 @@ func (f *fakeConn) SendRequest(name string, _ bool, _ []byte) (bool, []byte, err

 	f.sentRequestName = name

-	return true, nil, nil
+	return true, []byte("I am a response"), nil
 }

 func setup(newChannel *fakeNewChannel) (*connection, chan ssh.NewChannel) {

--- a/internal/sshd/gssapi_unsupported.go
+++ b/internal/sshd/gssapi_unsupported.go
@@ -8,6 +8,7 @@ import (
 	"gitlab.com/gitlab-org/gitlab-shell/v14/internal/config"
 )

+// NewGSSAPIServer initializes and returns a new OSGSSAPIServer.
 func NewGSSAPIServer(c *config.GSSAPIConfig) (*OSGSSAPIServer, error) {
 	s := &OSGSSAPIServer{
 		ServicePrincipalName: c.ServicePrincipalName,
@@ -16,18 +17,22 @@ func NewGSSAPIServer(c *config.GSSAPIConfig) (*OSGSSAPIServer, error) {
 	return s, nil
 }

+// OSGSSAPIServer represents a server that handles GSSAPI requests.
 type OSGSSAPIServer struct {
 	ServicePrincipalName string
 }

+// AcceptSecContext returns an error indicating that GSSAPI is unsupported.
 func (*OSGSSAPIServer) AcceptSecContext([]byte) ([]byte, string, bool, error) {
 	return []byte{}, "", false, errors.New("gssapi is unsupported")
 }

+// VerifyMIC returns an error indicating that GSSAPI is unsupported.
 func (*OSGSSAPIServer) VerifyMIC([]byte, []byte) error {
 	return errors.New("gssapi is unsupported")
 }

+// DeleteSecContext returns an error indicating that GSSAPI is unsupported.
 func (*OSGSSAPIServer) DeleteSecContext() error {
 	return errors.New("gssapi is unsupported")
 }
--- a/internal/sshd/server_config_test.go
+++ b/internal/sshd/server_config_test.go
@@ -60,8 +60,9 @@ func TestHostKeyAndCerts(t *testing.T) {
 	data, err := os.ReadFile(path.Join(testRoot, "certs/valid/server.pub"))
 	require.NoError(t, err)

-	publicKey, _, _, _, err := ssh.ParseAuthorizedKey(data)
+	publicKey, comment, _, _, err := ssh.ParseAuthorizedKey(data)
 	require.NoError(t, err)
+	require.NotNil(t, comment)
 	require.NotNil(t, publicKey)
 	cert, ok := cfg.hostKeyToCertMap[string(publicKey.Marshal())]
 	require.True(t, ok)

--- a/internal/sshd/sshd_test.go
+++ b/internal/sshd/sshd_test.go
@@ -12,6 +12,7 @@ import (
 	"time"

 	"github.com/pires/go-proxyproto"
+	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"golang.org/x/crypto/ssh"

@@ -409,16 +410,16 @@ func setupServerWithContext(ctx context.Context, t *testing.T, cfg *config.Confi
 			Handler: func(w http.ResponseWriter, r *http.Request) {
 				correlationID = r.Header.Get("X-Request-Id")

-				require.NotEmpty(t, correlationID)
-				require.Equal(t, xForwardedFor, r.Header.Get("X-Forwarded-For"))
+				assert.NotEmpty(t, correlationID)
+				assert.Equal(t, xForwardedFor, r.Header.Get("X-Forwarded-For"))

 				fmt.Fprint(w, `{"id": 1000, "key": "key"}`)
 			},
 		}, {
 			Path: "/api/v4/internal/discover",
 			Handler: func(w http.ResponseWriter, r *http.Request) {
-				require.Equal(t, correlationID, r.Header.Get("X-Request-Id"))
-				require.Equal(t, xForwardedFor, r.Header.Get("X-Forwarded-For"))
+				assert.Equal(t, correlationID, r.Header.Get("X-Request-Id"))
+				assert.Equal(t, xForwardedFor, r.Header.Get("X-Forwarded-For"))

 				fmt.Fprint(w, `{"id": 1000, "name": "Test User", "username": "test-user"}`)
 			},

--- a/support/lint_last_known_acceptable.txt
+++ b/support/lint_last_known_acceptable.txt
@@ -38,28 +38,8 @@ client/testserver/testserver.go:20:6: exported: exported type TestRequestHandler
 client/testserver/testserver.go:46:12: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec)
 client/testserver/testserver.go:52:17: Error return value of `server.Serve` is not checked (errcheck)
 client/testserver/testserver.go:117:18: G304: Potential file inclusion via variable (gosec)
-client/transport.go:58:1: exported: exported function DefaultTransport should have comment or be unexported (revive)
-client/transport.go:62:1: exported: exported function NewTransport should have comment or be unexported (revive)
 cmd/gitlab-shell-authorized-keys-check/main.go:40:14: Error return value of `fmt.Fprintf` is not checked (errcheck)
 cmd/gitlab-shell-authorized-keys-check/main.go:43:13: unnecessary conversion (unconvert)
-cmd/gitlab-shell-authorized-principals-check/command/command.go:1:1: package-comments: should have a package comment (revive)
-cmd/gitlab-shell-authorized-principals-check/command/command.go:12:1: exported: exported function New should have comment or be unexported (revive)
-cmd/gitlab-shell-authorized-principals-check/command/command.go:25:1: exported: exported function Parse should have comment or be unexported (revive)
-cmd/gitlab-shell-authorized-principals-check/main.go:1:1: package-comments: should have a package comment (revive)
-cmd/gitlab-shell-authorized-principals-check/main.go:34:15: Error return value of `fmt.Fprintln` is not checked (errcheck)
-cmd/gitlab-shell-authorized-principals-check/main.go:40:15: Error return value of `fmt.Fprintln` is not checked (errcheck)
-cmd/gitlab-shell-authorized-principals-check/main.go:45:23: Error return value of `logCloser.Close` is not checked (errcheck)
-cmd/gitlab-shell-authorized-principals-check/main.go:51:14: Error return value of `fmt.Fprintf` is not checked (errcheck)
-cmd/gitlab-shell-authorized-principals-check/main.go:52:3: exitAfterDefer: os.Exit will exit, and `defer logCloser.Close()` will not run (gocritic)
-cmd/gitlab-shell-authorized-principals-check/main.go:58:5: ineffectual assignment to ctx (ineffassign)
-cmd/gitlab-shell-check/main.go:1:1: package-comments: should have a package comment (revive)
-cmd/gitlab-shell-check/main.go:33:15: Error return value of `fmt.Fprintln` is not checked (errcheck)
-cmd/gitlab-shell-check/main.go:39:15: Error return value of `fmt.Fprintln` is not checked (errcheck)
-cmd/gitlab-shell-check/main.go:44:23: Error return value of `logCloser.Close` is not checked (errcheck)
-cmd/gitlab-shell-check/main.go:48:14: Error return value of `fmt.Fprintf` is not checked (errcheck)
-cmd/gitlab-shell-check/main.go:49:3: exitAfterDefer: os.Exit will exit, and `defer logCloser.Close()` will not run (gocritic)
-cmd/gitlab-shell-check/main.go:55:5: ineffectual assignment to ctx (ineffassign)
-cmd/gitlab-shell-check/main.go:56:14: Error return value of `fmt.Fprintf` is not checked (errcheck)
 cmd/gitlab-shell/command/command.go:74: cmd/gitlab-shell/command/command.go:74: Line contains TODO/BUG/FIXME/NOTE/OPTIMIZE/HACK: "FIXME: When 1.21+ only Golang is support..." (godox)
 cmd/gitlab-shell/main.go:1:1: package-comments: should have a package comment (revive)
 cmd/gitlab-shell/main.go:42:15: Error return value of `fmt.Fprintln` is not checked (errcheck)
@@ -73,21 +53,7 @@ cmd/gitlab-sshd/acceptance_test.go:132:5: go-require: do not use require in http
 cmd/gitlab-sshd/acceptance_test.go:135:5: go-require: do not use require in http handlers (testifylint)
 cmd/gitlab-sshd/acceptance_test.go:188:4: go-require: do not use require in http handlers (testifylint)
 cmd/gitlab-sshd/acceptance_test.go:498:4: go-require: do not use require in http handlers (testifylint)
-cmd/gitlab-sshd/main.go:1:1: package-comments: should have a package comment (revive)
-cmd/gitlab-sshd/main.go:30:5: var-naming: var gitlabUrl should be gitlabURL (revive)
-cmd/gitlab-sshd/main.go:44: Function 'main' is too long (73 > 60) (funlen)
-cmd/gitlab-sshd/main.go:70:23: Error return value of `logCloser.Close` is not checked (errcheck)
-cmd/gitlab-sshd/main.go:108:18: Error return value of `server.Shutdown` is not checked (errcheck)
-internal/command/authorizedkeys/authorized_keys.go:1:1: package-comments: should have a package comment (revive)
-internal/command/authorizedkeys/authorized_keys.go:15:6: exported: exported type Command should have comment or be unexported (revive)
-internal/command/authorizedkeys/authorized_keys.go:21:1: exported: exported method Command.Execute should have comment or be unexported (revive)
-internal/command/authorizedkeys/authorized_keys.go:26: internal/command/authorizedkeys/authorized_keys.go:26: Line contains TODO/BUG/FIXME/NOTE/OPTIMIZE/HACK: "TODO: Log this event once we have a cons..." (godox)
-internal/command/authorizedkeys/authorized_keys.go:41:15: Error return value of `fmt.Fprintln` is not checked (errcheck)
-internal/command/authorizedkeys/authorized_keys.go:50:14: Error return value of `fmt.Fprintln` is not checked (errcheck)
-internal/command/authorizedprincipals/authorized_principals.go:1:1: package-comments: should have a package comment (revive)
-internal/command/authorizedprincipals/authorized_principals.go:13:6: exported: exported type Command should have comment or be unexported (revive)
-internal/command/authorizedprincipals/authorized_principals.go:19:1: exported: exported method Command.Execute should have comment or be unexported (revive)
-internal/command/authorizedprincipals/authorized_principals.go:45:14: Error return value of `fmt.Fprintln` is not checked (errcheck)
+internal/command/authorizedkeys/authorized_keys.go:29: internal/command/authorizedkeys/authorized_keys.go:29: Line contains TODO/BUG/FIXME/NOTE/OPTIMIZE/HACK: "TODO: Log this event once we have a cons..." (godox)
 internal/command/command.go:1:1: package-comments: should have a package comment (revive)
 internal/command/command.go:15:6: exported: exported type Command should have comment or be unexported (revive)
 internal/command/command.go:19:6: exported: exported type LogMetadata should have comment or be unexported (revive)
@@ -124,19 +90,6 @@ internal/command/commandargs/shell.go:61:10: ST1005: error strings should not be
 internal/command/commandargs/shell.go:69:6: var-naming: var keyId should be keyID (revive)
 internal/command/commandargs/shell.go:98:6: var-naming: func tryParseKeyId should be tryParseKeyID (revive)
 internal/command/commandargs/shell.go:106:1: exported: exported method Shell.ParseCommand should have comment or be unexported (revive)
-internal/command/discover/discover.go:1:1: package-comments: should have a package comment (revive)
-internal/command/discover/discover.go:14:6: exported: exported type Command should have comment or be unexported (revive)
-internal/command/discover/discover.go:20:1: exported: exported method Command.Execute should have comment or be unexported (revive)
-internal/command/discover/discover.go:23:15: ST1005: error strings should not be capitalized (stylecheck)
-internal/command/discover/discover.go:29:14: Error return value of `fmt.Fprintf` is not checked (errcheck)
-internal/command/discover/discover.go:32:14: Error return value of `fmt.Fprintf` is not checked (errcheck)
-internal/command/discover/discover.go:35:20: context-keys-type: should not use basic type string as key in context.WithValue (revive)
-internal/command/healthcheck/healthcheck.go:1:1: package-comments: should have a package comment (revive)
-internal/command/healthcheck/healthcheck.go:17:6: exported: exported type Command should have comment or be unexported (revive)
-internal/command/healthcheck/healthcheck.go:22:1: exported: exported method Command.Execute should have comment or be unexported (revive)
-internal/command/healthcheck/healthcheck.go:28:13: Error return value of `fmt.Fprintf` is not checked (errcheck)
-internal/command/healthcheck/healthcheck.go:34:13: Error return value of `fmt.Fprintf` is not checked (errcheck)
-internal/command/healthcheck/healthcheck_test.go:37:41: unused-parameter: parameter 'r' seems to be unused, consider removing or renaming it as _ (revive)
 internal/command/lfsauthenticate/lfsauthenticate.go:87:13: Error return value of `fmt.Fprintf` is not checked (errcheck)
 internal/command/lfsauthenticate/lfsauthenticate_test.go:76:5: go-require: do not use require in http handlers (testifylint)
 internal/command/lfsauthenticate/lfsauthenticate_test.go:79:5: go-require: do not use require in http handlers (testifylint)
@@ -190,56 +143,11 @@ internal/command/lfstransfer/lfstransfer_test.go:1436:5: go-require: do not use
 internal/command/lfstransfer/lfstransfer_test.go:1451:5: go-require: do not use require in http handlers (testifylint)
 internal/command/lfstransfer/lfstransfer_test.go:1453:5: go-require: do not use require in http handlers (testifylint)
 internal/command/lfstransfer/lfstransfer_test.go:1454:5: go-require: do not use require in http handlers (testifylint)
-internal/command/personalaccesstoken/personalaccesstoken.go:1:1: package-comments: should have a package comment (revive)
-internal/command/personalaccesstoken/personalaccesstoken.go:25:6: exported: exported type Command should have comment or be unexported (revive)
-internal/command/personalaccesstoken/personalaccesstoken.go:38:1: exported: exported method Command.Execute should have comment or be unexported (revive)
-internal/command/personalaccesstoken/personalaccesstoken.go:53:12: Error return value of `fmt.Fprint` is not checked (errcheck)
-internal/command/personalaccesstoken/personalaccesstoken.go:54:12: Error return value of `fmt.Fprint` is not checked (errcheck)
-internal/command/personalaccesstoken/personalaccesstoken.go:55:12: Error return value of `fmt.Fprint` is not checked (errcheck)
-internal/command/personalaccesstoken/personalaccesstoken.go:62:10: ST1005: error strings should not be capitalized (stylecheck)
-internal/command/personalaccesstoken/personalaccesstoken.go:89:10: ST1005: error strings should not be capitalized (stylecheck)
-internal/command/personalaccesstoken/personalaccesstoken_test.go:31:5: go-require: do not use require in http handlers (testifylint)
-internal/command/personalaccesstoken/personalaccesstoken_test.go:180:62: `reposotory` is a misspelling of `repository` (misspell)
-internal/command/personalaccesstoken/personalaccesstoken_test.go:194:63: `reposotory` is a misspelling of `repository` (misspell)
-internal/command/personalaccesstoken/personalaccesstoken_test.go:202:74: `reposotory` is a misspelling of `repository` (misspell)
-internal/command/personalaccesstoken/personalaccesstoken_test.go:205:54: `reposotory` is a misspelling of `repository` (misspell)
 internal/command/readwriter/readwriter.go:1:1: package-comments: should have a package comment (revive)
 internal/command/readwriter/readwriter.go:7:6: exported: exported type ReadWriter should have comment or be unexported (revive)
 internal/command/receivepack/gitalycall_test.go:24:4: S1038: should use t.Logf(...) instead of t.Log(fmt.Sprintf(...)) (gosimple)
 internal/command/receivepack/gitalycall_test.go:31:5: var-naming: struct field keyId should be keyID (revive)
 internal/command/receivepack/gitalycall_test.go:98:5: expected-actual: need to reverse actual and expected values (testifylint)
-internal/command/shared/accessverifier/accessverifier.go:1:1: package-comments: should have a package comment (revive)
-internal/command/shared/accessverifier/accessverifier.go:14:6: exported: exported type Response should have comment or be unexported (revive)
-internal/command/shared/accessverifier/accessverifier.go:16:6: exported: exported type Command should have comment or be unexported (revive)
-internal/command/shared/accessverifier/accessverifier.go:22:1: exported: exported method Command.Verify should have comment or be unexported (revive)
-internal/command/shared/accessverifier/accessverifier_test.go:31:5: go-require: do not use require in http handlers (testifylint)
-internal/command/shared/accessverifier/accessverifier_test.go:35:5: go-require: do not use require in http handlers (testifylint)
-internal/command/shared/accessverifier/accessverifier_test.go:41:6: go-require: do not use require in http handlers (testifylint)
-internal/command/shared/accessverifier/accessverifier_test.go:47:6: go-require: do not use require in http handlers (testifylint)
-internal/command/shared/customaction/customaction_test.go:27:5: go-require: do not use require in http handlers (testifylint)
-internal/command/shared/customaction/customaction_test.go:30:5: go-require: do not use require in http handlers (testifylint)
-internal/command/shared/customaction/customaction_test.go:32:5: go-require: do not use require in http handlers (testifylint)
-internal/command/shared/customaction/customaction_test.go:33:5: go-require: do not use require in http handlers (testifylint)
-internal/command/shared/customaction/customaction_test.go:36:5: go-require: do not use require in http handlers (testifylint)
-internal/command/shared/customaction/customaction_test.go:43:5: go-require: do not use require in http handlers (testifylint)
-internal/command/shared/customaction/customaction_test.go:46:5: go-require: do not use require in http handlers (testifylint)
-internal/command/shared/customaction/customaction_test.go:48:5: go-require: do not use require in http handlers (testifylint)
-internal/command/shared/customaction/customaction_test.go:49:5: go-require: do not use require in http handlers (testifylint)
-internal/command/shared/customaction/customaction_test.go:52:5: go-require: do not use require in http handlers (testifylint)
-internal/command/shared/customaction/customaction_test.go:96:5: go-require: do not use require in http handlers (testifylint)
-internal/command/shared/customaction/customaction_test.go:99:5: go-require: do not use require in http handlers (testifylint)
-internal/command/shared/customaction/customaction_test.go:101:5: go-require: do not use require in http handlers (testifylint)
-internal/command/shared/customaction/customaction_test.go:102:5: go-require: do not use require in http handlers (testifylint)
-internal/command/shared/customaction/customaction_test.go:105:5: go-require: do not use require in http handlers (testifylint)
-internal/command/shared/customaction/customaction_test.go:112:5: go-require: do not use require in http handlers (testifylint)
-internal/command/shared/customaction/customaction_test.go:115:5: go-require: do not use require in http handlers (testifylint)
-internal/command/shared/customaction/customaction_test.go:117:5: go-require: do not use require in http handlers (testifylint)
-internal/command/shared/customaction/customaction_test.go:118:5: go-require: do not use require in http handlers (testifylint)
-internal/command/shared/customaction/customaction_test.go:121:5: go-require: do not use require in http handlers (testifylint)
-internal/command/shared/disallowedcommand/disallowedcommand.go:1:1: package-comments: should have a package comment (revive)
-internal/command/shared/disallowedcommand/disallowedcommand.go:6:2: exported: exported var Error should have comment or be unexported (revive)
-internal/command/uploadarchive/gitalycall_test.go:24:4: S1038: should use t.Logf(...) instead of t.Log(fmt.Sprintf(...)) (gosimple)
-internal/command/uploadarchive/gitalycall_test.go:32:4: var-naming: var userId should be userID (revive)
 internal/config/config.go:1:1: package-comments: should have a package comment (revive)
 internal/config/config.go:21:2: G101: Potential hardcoded credentials (gosec)
 internal/config/config.go:24:6: exported: exported type YamlDuration should have comment or be unexported (revive)
@@ -272,67 +180,10 @@ internal/gitlabnet/client.go:14:1: exported: exported function GetClient should
 internal/gitlabnet/client.go:21:15: ST1005: error strings should not be capitalized (stylecheck)
 internal/gitlabnet/client.go:27:1: exported: exported function ParseJSON should have comment or be unexported (revive)
 internal/gitlabnet/client.go:35:1: exported: exported function ParseIP should have comment or be unexported (revive)
-internal/gitlabnet/git/client_test.go:56:14: string `0032want 0a53e9ddeaddad63ad106860237bbf53411d11a7
-` has 3 occurrences, make it a constant (goconst)
-internal/gitlabnet/git/client_test.go:160:5: go-require: do not use require in http handlers (testifylint)
-internal/gitlabnet/git/client_test.go:161:5: go-require: do not use require in http handlers (testifylint)
-internal/gitlabnet/git/client_test.go:169:5: go-require: do not use require in http handlers (testifylint)
-internal/gitlabnet/git/client_test.go:170:5: go-require: do not use require in http handlers (testifylint)
-internal/gitlabnet/git/client_test.go:171:5: go-require: do not use require in http handlers (testifylint)
-internal/gitlabnet/git/client_test.go:172:5: go-require: do not use require in http handlers (testifylint)
-internal/gitlabnet/git/client_test.go:175:5: go-require: do not use require in http handlers (testifylint)
-internal/gitlabnet/git/client_test.go:185:5: go-require: do not use require in http handlers (testifylint)
-internal/gitlabnet/git/client_test.go:186:5: go-require: do not use require in http handlers (testifylint)
-internal/gitlabnet/git/client_test.go:187:5: go-require: do not use require in http handlers (testifylint)
-internal/gitlabnet/git/client_test.go:188:5: go-require: do not use require in http handlers (testifylint)
-internal/gitlabnet/git/client_test.go:191:5: go-require: do not use require in http handlers (testifylint)
-internal/gitlabnet/git/client_test.go:200:5: go-require: do not use require in http handlers (testifylint)
-internal/gitlabnet/git/client_test.go:201:5: go-require: do not use require in http handlers (testifylint)
-internal/gitlabnet/git/client_test.go:204:5: go-require: do not use require in http handlers (testifylint)
-internal/gitlabnet/git/client_test.go:213:5: go-require: do not use require in http handlers (testifylint)
-internal/gitlabnet/git/client_test.go:214:5: go-require: do not use require in http handlers (testifylint)
-internal/gitlabnet/git/client_test.go:217:5: go-require: do not use require in http handlers (testifylint)
 internal/gitlabnet/healthcheck/client_test.go:19:41: unused-parameter: parameter 'r' seems to be unused, consider removing or renaming it as _ (revive)
-internal/gitlabnet/lfsauthenticate/client_test.go:29:5: go-require: do not use require in http handlers (testifylint)
-internal/gitlabnet/lfsauthenticate/client_test.go:32:5: go-require: do not use require in http handlers (testifylint)
-internal/gitlabnet/lfsauthenticate/client_test.go:42:6: go-require: do not use require in http handlers (testifylint)
-internal/gitlabnet/lfstransfer/client.go:1:1: package-comments: should have a package comment (revive)
-internal/gitlabnet/lfstransfer/client.go:20:6: exported: exported type Client should have comment or be unexported (revive)
-internal/gitlabnet/lfstransfer/client.go:28:6: exported: exported type BatchAction should have comment or be unexported (revive)
-internal/gitlabnet/lfstransfer/client.go:35:6: exported: exported type BatchObject should have comment or be unexported (revive)
-internal/gitlabnet/lfstransfer/client.go:53:6: exported: exported type BatchResponse should have comment or be unexported (revive)
-internal/gitlabnet/lfstransfer/client.go:82:6: exported: exported type LockOwner should have comment or be unexported (revive)
-internal/gitlabnet/lfstransfer/client.go:86:6: exported: exported type Lock should have comment or be unexported (revive)
-internal/gitlabnet/lfstransfer/client.go:93:6: exported: exported type ListLocksResponse should have comment or be unexported (revive)
-internal/gitlabnet/lfstransfer/client.go:98:6: exported: exported type ListLocksVerifyResponse should have comment or be unexported (revive)
-internal/gitlabnet/lfstransfer/client.go:104:5: exported: exported var ClientHeader should have comment or be unexported (revive)
-internal/gitlabnet/lfstransfer/client.go:106:1: exported: exported function NewClient should have comment or be unexported (revive)
-internal/gitlabnet/lfstransfer/client.go:124:1: exported: exported method Client.Batch should have comment or be unexported (revive)
-internal/gitlabnet/lfstransfer/client.go:125: internal/gitlabnet/lfstransfer/client.go:125: Line contains TODO/BUG/FIXME/NOTE/OPTIMIZE/HACK: "FIXME: This causes tests to fail" (godox)
-internal/gitlabnet/lfstransfer/client.go:214:1: exported: exported method Client.Lock should have comment or be unexported (revive)
-internal/gitlabnet/lfstransfer/client.go:271:1: exported: exported method Client.Unlock should have comment or be unexported (revive)
-internal/gitlabnet/lfstransfer/client.go:321:1: exported: exported method Client.ListLocksVerify should have comment or be unexported (revive)
-internal/gitlabnet/personalaccesstoken/client_test.go:30:5: go-require: do not use require in http handlers (testifylint)
-internal/logger/logger.go:1:1: package-comments: should have a package comment (revive)
-internal/logger/logger.go:55:9: ST1005: error strings should not be capitalized (stylecheck)
-internal/logger/logger.go:69:27: printf: non-constant format string in call to fmt.Fprintf (govet)
-internal/metrics/metrics.go:1:1: package-comments: should have a package comment (revive)
-internal/metrics/metrics.go:37:2: exported: exported var SshdSessionDuration should have comment or be unexported (revive)
-internal/metrics/metrics.go:165:1: exported: exported function NewRoundTripper should have comment or be unexported (revive)
-internal/pktline/pktline.go:1:1: package-comments: should have a package comment (revive)
-internal/pktline/pktline.go:30:1: exported: exported function IsRefRemoval should have comment or be unexported (revive)
-internal/sshd/gssapi_unsupported.go:11:1: exported: exported function NewGSSAPIServer should have comment or be unexported (revive)
-internal/sshd/gssapi_unsupported.go:19:6: exported: exported type OSGSSAPIServer should have comment or be unexported (revive)
-internal/sshd/gssapi_unsupported.go:23:1: exported: exported method OSGSSAPIServer.AcceptSecContext should have comment or be unexported (revive)
-internal/sshd/gssapi_unsupported.go:27:1: exported: exported method OSGSSAPIServer.VerifyMIC should have comment or be unexported (revive)
-internal/sshd/gssapi_unsupported.go:31:1: exported: exported method OSGSSAPIServer.DeleteSecContext should have comment or be unexported (revive)
+internal/gitlabnet/lfstransfer/client.go:137: internal/gitlabnet/lfstransfer/client.go:137: Line contains TODO/BUG/FIXME/NOTE/OPTIMIZE/HACK: "FIXME: This causes tests to fail" (godox)
 internal/sshd/server_config_test.go:5:2: SA1019: "crypto/dsa" has been deprecated since Go 1.16 because it shouldn't be used: DSA is a legacy algorithm, and modern alternatives such as Ed25519 (implemented by package crypto/ed25519) should be used instead. Keys with 1024-bit moduli (L1024N160 parameters) are cryptographically weak, while bigger keys are not widely supported. Note that FIPS 186-5 no longer approves DSA for signature generation. (staticcheck)
-internal/sshd/server_config_test.go:63:2: declaration has 3 blank identifiers (dogsled)
 internal/sshd/sshd.go:268:6: func `extractDataFromContext` is unused (unused)
-internal/sshd/sshd_test.go:412:5: go-require: do not use require in http handlers (testifylint)
-internal/sshd/sshd_test.go:413:5: go-require: do not use require in http handlers (testifylint)
-internal/sshd/sshd_test.go:420:5: go-require: do not use require in http handlers (testifylint)
-internal/sshd/sshd_test.go:421:5: go-require: do not use require in http handlers (testifylint)
 internal/testhelper/requesthandlers/requesthandlers.go:25:5: go-require: do not use require in http handlers (testifylint)
 internal/testhelper/requesthandlers/requesthandlers.go:63:5: go-require: do not use require in http handlers (testifylint)
 internal/testhelper/requesthandlers/requesthandlers.go:90:5: go-require: do not use require in http handlers (testifylint)