Fix linter issues

charts/plgd-hub/templates/device-provisioning-service/_helpers.tpl

@@ -99,7 +99,7 @@ app.kubernetes.io/managed-by: {{ .Release.Service }}
     {{- if $certificateAuthority.grpc }}
       {{- if $certificateAuthority.grpc.address }}
         {{- $ret = $certificateAuthority.grpc.address }}
-      {{- end}}
+      {{- end }}
     {{- end }}
   {{- end }}
   {{- if and (empty $ret) $.Values.certificateauthority }}

charts/plgd-hub/templates/device-provisioning-service/config.yaml

@@ -82,9 +82,9 @@ data:
         name: {{ .name  | quote }}
         {{- end }}
         attestationMechanism:
-          {{- $attestationMechanism := .attestationMechanism | default dict}}
+          {{- $attestationMechanism := .attestationMechanism | default dict }}
           x509:
-            {{- $attestationMechanismx509 := $attestationMechanism.x509 | default dict}}
+            {{- $attestationMechanismx509 := $attestationMechanism.x509 | default dict }}
             {{- $_ := required "The certificateChain for enrollment group attestation mechanism is required. Use deviceprovisioningservice.enrollmentGroups[0].attestationMechanism.x509.certificateChain  with the certificate chain in pem format (not base64 encoded) or .certificateChainFile" ( $attestationMechanismx509.certificateChainFile | default $attestationMechanismx509.certificateChain )  }}
             {{- if $attestationMechanismx509.certificateChainFile }}
             certificateChain: {{ $attestationMechanismx509.certificateChainFile | quote }}

charts/plgd-hub/templates/device-provisioning-service/deployment.yaml

@@ -38,7 +38,7 @@ spec:
       {{- with .Values.deviceprovisioningservice.image.imagePullSecrets }}
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- if .Values.deviceprovisioningservice.image.dockerConfigSecret}}
+      {{- if .Values.deviceprovisioningservice.image.dockerConfigSecret }}
         - name: {{ printf "%s-dockerconfig" .Release.Name }}
       {{- end }}
       {{- end }}
@@ -60,7 +60,7 @@ spec:
           {{- range .Values.deviceprovisioningservice.image.command  }}
             - {{ . | quote }}
           {{- end }}
-          {{- end}}
+          {{- end }}
           args:
             - "--config"
             - {{ printf "%s/%s" .Values.deviceprovisioningservice.config.mountPath .Values.deviceprovisioningservice.config.fileName | quote }}
@@ -106,7 +106,7 @@ spec:
             {{- toYaml . | nindent 12 }}
             {{- end }}
             {{- range $.Values.deviceprovisioningservice.enrollmentGroups }}
-            {{ $EG := . }}
+            {{ $eg := . }}
             {{- if .attestationMechanism }}{{ if .attestationMechanism.x509 }}{{ if .attestationMechanism.x509.certificateChain }}
             - name: {{ printf "x509-chain-%s-volume" .id }}
               mountPath: {{ printf "/secrets/enrollmentgroups/x509/%s" .id }}
@@ -126,12 +126,12 @@ spec:
             {{- if .hubs }}
             {{- range .hubs }}
             {{- if .caPool }}
-            - name: {{ printf "hub-ca-%s-volume" (or .id .hubID $EG.id) }}
-              mountPath: {{ printf "/secrets/enrollmentgroups/hubs/capools/%s" (or .id .hubID $EG.id)}}
+            - name: {{ printf "hub-ca-%s-volume" (or .id .hubID $eg.id) }}
+              mountPath: {{ printf "/secrets/enrollmentgroups/hubs/capools/%s" (or .id .hubID $eg.id) }}
             {{- end }}
             {{- if .authorization }}{{ if .authorization.provider }}{{ if .authorization.provider.clientSecret }}
-            - name: {{ printf "hub-oauth-%s-volume" (or .id .hubID $EG.id) }}
-              mountPath: {{ printf "/secrets/enrollmentgroups/hubs/oauth/%s" (or .id .hubID $EG.id) }}
+            - name: {{ printf "hub-oauth-%s-volume" (or .id .hubID $eg.id) }}
+              mountPath: {{ printf "/secrets/enrollmentgroups/hubs/oauth/%s" (or .id .hubID $eg.id) }}
             {{- end }}{{ end }}{{ end }}
             {{- end }}
             {{- end }}
@@ -158,7 +158,7 @@ spec:
         {{- toYaml . | nindent 8 }}
         {{- end }}
         {{- range $.Values.deviceprovisioningservice.enrollmentGroups }}
-        {{ $EG := . }}
+        {{ $eg := . }}
         {{- if .attestationMechanism }}{{ if .attestationMechanism.x509 }}{{ if .attestationMechanism.x509.certificateChain }}
         - name: {{ printf "x509-chain-%s-volume" .id }}
           secret:
@@ -181,14 +181,14 @@ spec:
         {{- if .hubs }}
         {{- range .hubs }}
         {{- if .caPool }}
-        - name: {{ printf "hub-ca-%s-volume" (or .id .hubID $EG.id) }}
+        - name: {{ printf "hub-ca-%s-volume" (or .id .hubID $eg.id) }}
           secret:
-            secretName: {{ printf "hub-ca-%s" (or .id .hubID $EG.id) }}
+            secretName: {{ printf "hub-ca-%s" (or .id .hubID $eg.id) }}
         {{- end }}
         {{- if .authorization }}{{ if .authorization.provider }}{{ if .authorization.provider.clientSecret }}
-        - name: {{ printf "hub-oauth-%s-volume" (or .id .hubID $EG.id) }}
+        - name: {{ printf "hub-oauth-%s-volume" (or .id .hubID $eg.id) }}
           secret:
-            secretName: {{ printf "hub-oauth-%s" (or .id .hubID $EG.id) }}
+            secretName: {{ printf "hub-oauth-%s" (or .id .hubID $eg.id) }}
         {{- end }}{{ end }}{{ end }}
         {{- end }}
         {{- end }}

charts/plgd-hub/templates/device-provisioning-service/dockerconfig-secret.yaml

@@ -1,4 +1,4 @@
-{{- if .Values.deviceProvisioningService.image.dockerConfigSecret }}
+{{- if .Values.deviceprovisioningservice.image.dockerConfigSecret }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -8,5 +8,5 @@ metadata:
     {{- include "plgd-hub.deviceprovisioningservice.labels" $ | nindent 4 }}
 type: kubernetes.io/dockerconfigjson
 data:
-  .dockerconfigjson: {{ .Values.deviceProvisioningService.image.dockerConfigSecret | b64enc }}
+  .dockerconfigjson: {{ .Values.deviceprovisioningservice.image.dockerConfigSecret | b64enc }}
 {{- end }}

charts/plgd-hub/templates/device-provisioning-service/hub-ca-secrets.yaml

@@ -3,8 +3,8 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  {{ $ID := (or .hub.id .hub.hubID .id ) }}
-  name: {{ printf "hub-ca-%s" $ID }}
+  {{ $id := (or .hub.id .hub.hubID .id ) }}
+  name: {{ printf "hub-ca-%s" $id }}
   namespace: {{ $.Release.Namespace }}
   labels:
     {{- include "plgd-hub.deviceprovisioningservice.labels" $ | nindent 4 }}

charts/plgd-hub/templates/device-provisioning-service/hub-oauth-secrets.yaml

@@ -3,8 +3,8 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  {{ $ID := (or .hub.id .hub.hubID .id) }}
-  name: {{ printf "hub-oauth-%s" $ID }}
+  {{ $id := (or .hub.id .hub.hubID .id) }}
+  name: {{ printf "hub-oauth-%s" $id }}
   namespace: {{ $.Release.Namespace }}
   labels:
     {{- include "plgd-hub.deviceprovisioningservice.labels" $ | nindent 4 }}

charts/plgd-hub/templates/device-provisioning-service/hubs-ca-secrets.yaml

@@ -1,13 +1,13 @@
 {{- range $.Values.deviceprovisioningservice.enrollmentGroups }}
-{{ $EG := .}}
+{{ $eg := . }}
 {{- if .hubs }}
-{{- range .hubs}}
+{{- range .hubs }}
 {{ if .caPool }}
 apiVersion: v1
 kind: Secret
 metadata:
-  {{ $ID := (or .id .hubID $EG.id ) }}
-  name: {{ printf "hub-ca-%s" $ID}}
+  {{ $id := (or .id .hubID $eg.id ) }}
+  name: {{ printf "hub-ca-%s" $id }}
   namespace: {{ $.Release.Namespace }}
   labels:
     {{- include "plgd-hub.deviceprovisioningservice.labels" $ | nindent 4 }}

charts/plgd-hub/templates/device-provisioning-service/hubs-oauth-secrets.yaml

@@ -1,4 +1,4 @@
-{{- range $.Values.deviceProvisioningService.enrollmentGroups }}
+{{- range $.Values.deviceprovisioningservice.enrollmentGroups }}
 {{- $EG := . }}
 {{- if .hubs }}
 {{- range .hubs }}
@@ -8,8 +8,8 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  {{ $ID := (or .id .hubID $EG.id ) }}
-  name: {{ printf "hub-oauth-%s" $ID }}
+  {{ $id := (or .id .hubID $EG.id ) }}
+  name: {{ printf "hub-oauth-%s" $id }}
   namespace: {{ $.Release.Namespace }}
   labels:
     {{- include "plgd-hub.deviceprovisioningservice.labels" $ | nindent 4 }}

charts/plgd-hub/templates/device-provisioning-service/psk-secrets.yaml

@@ -1,4 +1,4 @@
-{{- range $.Values.deviceProvisioningService.enrollmentGroups }}
+{{- range $.Values.deviceprovisioningservice.enrollmentGroups }}
 {{- if .preSharedKey }}
 apiVersion: v1
 kind: Secret

test/device-provisioning-service/Dockerfile

@@ -1,5 +1,5 @@
 FROM golang:1.22.3-alpine AS build
-RUN apk add --no-cache curl git build-base
+RUN apk add --no-cache build-base curl git
 WORKDIR $GOPATH/src/github.com/plgd-dev/hub
 COPY go.mod go.sum ./
 RUN go mod download
@@ -15,12 +15,6 @@ RUN go build \
 	-ldflags "-linkmode external -extldflags -static" \
 	-o /go/bin/cert-tool
 
-# WORKDIR /
-# RUN cd "$GOPATH"/pkg/mod/github.com/plgd-dev/kit/v2* \
-# 	&& go build \
-# 	-ldflags "-linkmode external -extldflags -static" \
-# 	-o /go/bin/certificate-generator ./cmd/certificate-generator
-
 ARG DPS_DIRECTORY=$ROOT_DIRECTORY/device-provisioning-service
 
 WORKDIR $DPS_DIRECTORY/service
@@ -48,28 +42,26 @@ RUN apkArch="$(apk --print-arch)"; \
 	x86_64) ARCH='amd64' ;; \
 	*) echo >&2 "error: unsupported architecture: $apkArch"; exit 1 ;; \
 	esac; \
-	curl -L https://github.com/nats-io/nats-server/releases/download/v2.3.1/nats-server-v2.3.1-linux-${ARCH}.zip -o ./nats-server.zip ; \
-	curl -L https://github.com/nats-io/natscli/releases/download/0.0.24/nats-0.0.24-linux-${ARCH}.zip -o ./nats.zip
-RUN mkdir -p ./nats-server
-RUN unzip ./nats-server.zip -d ./nats-server
-RUN cp ./nats-server/*/nats-server /go/bin/nats-server
-
-RUN mkdir -p ./nats
-RUN unzip ./nats.zip -d ./nats
-RUN cp ./nats/*/nats /go/bin/nats
+	curl -L --proto "=https" https://github.com/nats-io/nats-server/releases/download/v2.3.1/nats-server-v2.3.1-linux-${ARCH}.zip -o ./nats-server.zip \
+	&& curl -L --proto "=https" https://github.com/nats-io/natscli/releases/download/0.0.24/nats-0.0.24-linux-${ARCH}.zip -o ./nats.zip \
+	&& mkdir -p ./nats-server \
+	&& unzip ./nats-server.zip -d ./nats-server \
+	&& cp ./nats-server/*/nats-server /go/bin/nats-server \
+	&& mkdir -p ./nats \
+	&& unzip ./nats.zip -d ./nats \
+	&& cp ./nats/*/nats /go/bin/nats
 
 FROM ubuntu:22.04 AS service
-RUN apt update && \
-	DEBIAN_FRONTEND=noninteractive apt-get --no-install-recommends install -y ca-certificates curl gnupg iproute2 lsb-release netcat-traditional openssl systemctl wget \
-	&& apt-get clean
-RUN wget -qO - https://www.mongodb.org/static/pgp/server-6.0.asc | gpg --dearmor | tee /usr/share/keyrings/mongodb.gpg > /dev/null
-RUN ARCH="$(dpkg --print-architecture)" ; \
-	wget https://github.com/mikefarah/yq/releases/download/v4.6.3/yq_linux_${ARCH} -O /usr/bin/yq && chmod +x /usr/bin/yq ; \
-	echo "deb [ arch=${ARCH} signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/6.0 multiverse" | tee /etc/apt/sources.list.d/mongodb-org-6.0.list
-RUN curl -fsSL https://download.docker.com/linux/ubuntu/gpg | /usr/bin/gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
-RUN echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list
-RUN apt update && \
-	DEBIAN_FRONTEND=noninteractive apt-get --no-install-recommends install -y docker-ce mongodb-org mongodb-org-server \
+RUN apt update \
+	&& DEBIAN_FRONTEND=noninteractive apt-get --no-install-recommends install -y ca-certificates curl gnupg iproute2 lsb-release netcat-traditional openssl systemctl \
+	&& curl -L --proto "=https" https://www.mongodb.org/static/pgp/server-6.0.asc | gpg --dearmor | tee /usr/share/keyrings/mongodb.gpg > /dev/null \
+	&& ARCH="$(dpkg --print-architecture)" ; curl -L --proto "=https" https://github.com/mikefarah/yq/releases/download/v4.6.3/yq_linux_${ARCH} -o /usr/bin/yq \
+	&& chmod +x /usr/bin/yq \
+	&& echo "deb [ arch=${ARCH} signed-by=/usr/share/keyrings/mongodb.gpg ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/6.0 multiverse" | tee /etc/apt/sources.list.d/mongodb-org-6.0.list \
+	&& curl -fsSL --proto "=https" https://download.docker.com/linux/ubuntu/gpg | /usr/bin/gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg \
+	&& echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list \
+	&& apt update  \
+	&& DEBIAN_FRONTEND=noninteractive apt-get --no-install-recommends install -y docker-ce mongodb-org mongodb-org-server \
 	&& apt-get clean
 COPY --from=build /go/bin/cert-tool /usr/local/bin/cert-tool
 COPY --from=build /go/bin/dps-service.test /usr/local/bin/dps-service.test

test/helm/mock.plgd.cloud.yaml

@@ -80,12 +80,12 @@ mockoauthserver:
       clientSecret: "test"
       grantType: "clientCredentials"
       redirectURL: "https://primary.mock.plgd.cloud/things"
-      scopes: ['openid']
+      scopes: ["openid"]
     - name: "plgd.web"
       clientID: "test"
       clientSecret: "test"
       redirectURL: "https://primary.mock.plgd.cloud/things"
-      scopes: ['openid']
+      scopes: ["openid"]
       useInUi: true
 identitystore:
   log:
@@ -134,7 +134,7 @@ resourceaggregate:
 resourcedirectory:
   publicConfiguration:
     coapGateway: "coaps+tcp://primary.mock.plgd.cloud:15684"
-deviceProvisioningService:
+deviceprovisioningservice:
   log:
     dumpBody: true
     level: "DEBUG"
@@ -191,4 +191,4 @@ m2moauthserver:
           enabled: true
           authorization:
             audience:
-            endpoints:
+            endpoints:

test/helm/try.plgd.cloud.yaml

@@ -12,19 +12,19 @@ global:
       -----END EC PRIVATE KEY-----
   oauth:
     device:
-    - name: "plgd.dps"
-      clientID: "..."
-      clientSecret: "..."
-      grantType: clientCredentials
-      redirectURL: "cloud.plgd.mobile://login-callback"
-      scopes: ['openid']
-      useInUi: false
-    - name: "plgd.web"
-      clientID: "..."
-      clientSecret: "..."
-      scopes: ["offline_access"]
-      redirectURL: "https://try.plgd.cloud/devices"
-      useInUi: true
+      - name: "plgd.dps"
+        clientID: "..."
+        clientSecret: "..."
+        grantType: clientCredentials
+        redirectURL: "cloud.plgd.mobile://login-callback"
+        scopes: ["openid"]
+        useInUi: false
+      - name: "plgd.web"
+        clientID: "..."
+        clientSecret: "..."
+        scopes: ["offline_access"]
+        redirectURL: "https://try.plgd.cloud/devices"
+        useInUi: true
     web:
       clientID: "..."
       scopes: ["openid"]
@@ -53,7 +53,7 @@ snippetservice:
 coapgateway:
   log:
     dumpBody: true
-    level: 'DEBUG'
+    level: "DEBUG"
   service:
     type: NodePort
     tcp:
@@ -64,15 +64,15 @@ coapgateway:
     coap:
       requireBatchObserveEnabled: false
       protocols:
-       - "udp"
-       - "tcp"
+        - "udp"
+        - "tcp"
       tls:
         clientCertificateRequired: false
-deviceProvisioningService:
+deviceprovisioningservice:
   apiDomain: "dps.try.plgd.cloud"
   log:
     dumpBody: true
-    level: 'DEBUG'
+    level: "DEBUG"
   apis:
     http:
       enabled: true
@@ -122,4 +122,4 @@ deviceProvisioningService:
             name: "plgd.dps"
             clientId: "..."
             clientSecret: "..."
-            scopes: ["openid"]
+            scopes: ["openid"]