Use Go’s Native “errors” Package

app/safe/internal/bootstrap/persist.go

@@ -14,7 +14,7 @@ import (
  "context"
  "encoding/json"
 
- "github.com/pkg/errors"
+ "errors"
  v1 "k8s.io/api/core/v1"
  metaV1 "k8s.io/apimachinery/pkg/apis/meta/v1"
  "k8s.io/client-go/kubernetes"
@@ -41,12 +41,18 @@ import (
 func PersistRootKeysToRootKeyBackingStore(rkt crypto.RootKeyCollection) error {
  config, err := rest.InClusterConfig()
  if err != nil {
- return errors.Wrap(err, "Error creating client config")
+ return errors.Join(
+ err,
+ errors.New("error creating client config"),
+ )
  }
 
  k8sApi, err := kubernetes.NewForConfig(config)
  if err != nil {
- return errors.Wrap(err, "Error creating k8sApi")
+ return errors.Join(
+ err,
+ errors.New("error creating k8sApi"),
+ )
  }
 
  data := make(map[string][]byte)
@@ -66,7 +72,10 @@ func PersistRootKeysToRootKeyBackingStore(rkt crypto.RootKeyCollection) error {
  Data: data,
  })
  if err != nil {
- return errors.Wrap(err, "Error marshalling the secret")
+ return errors.Join(
+ err,
+ errors.New("error marshalling the secret"),
+ )
  }
 
  // Update the Secret in the cluster
@@ -102,7 +111,10 @@ func PersistRootKeysToRootKeyBackingStore(rkt crypto.RootKeyCollection) error {
  )
 
  if err != nil {
- return errors.Wrap(err, "Error creating the secret")
+ return errors.Join(
+ err,
+ errors.New("error creating the secret"),
+ )
  }
 
  crypto.SetRootKeyInMemory(keysCombined)

app/safe/internal/server/engine/server.go

@@ -14,7 +14,7 @@ import (
  "fmt"
  "net/http"
 
- "github.com/pkg/errors"
+ "errors"
  "github.com/spiffe/go-spiffe/v2/spiffeid"
  "github.com/spiffe/go-spiffe/v2/spiffetls/tlsconfig"
  "github.com/spiffe/go-spiffe/v2/workloadapi"
@@ -78,7 +78,10 @@ func Serve(source *workloadapi.X509Source, serverStarted chan<- bool) error {
  serverStarted <- true
 
  if err := server.ListenAndServeTLS("", ""); err != nil {
- return errors.Wrap(err, "serve: failed to listen and serve")
+ return errors.Join(
+ err,
+ errors.New("serve: failed to listen and serve"),
+ )
  }
 
  return nil

app/safe/internal/state/io/disk.go

@@ -19,7 +19,7 @@ import (
  "strconv"
  "sync"
 
- "github.com/pkg/errors"
+ "errors"
 
  "github.com/vmware-tanzu/secrets-manager/core/backoff"
  "github.com/vmware-tanzu/secrets-manager/core/crypto"
@@ -37,12 +37,18 @@ var lastBackupIndexLock = sync.Mutex{}
 func saveSecretToDisk(secret entity.SecretStored, dataPath string) error {
  data, err := json.Marshal(secret)
  if err != nil {
- return errors.Wrap(err, "saveSecretToDisk: failed to marshal secret")
+ return errors.Join(
+ err,
+ errors.New("saveSecretToDisk: failed to marshal secret"),
+ )
  }
 
  file, err := os.Create(dataPath)
  if err != nil {
- return errors.Wrap(err, "saveSecretToDisk: failed to create file")
+ return errors.Join(
+ err,
+ errors.New("saveSecretToDisk: failed to create file"),
+ )
  }
  defer func(f io.ReadCloser) {
  err := f.Close()

app/safe/internal/state/io/k8s.go

@@ -14,7 +14,7 @@ import (
  "context"
  "strings"
 
- "github.com/pkg/errors"
+ "errors"
  apiV1 "k8s.io/api/core/v1"
  kErrors "k8s.io/apimachinery/pkg/api/errors"
  metaV1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -49,7 +49,10 @@ import (
 func saveSecretToKubernetes(secret entity.SecretStored) error {
  config, err := rest.InClusterConfig()
  if err != nil {
- return errors.Wrap(err, "could not create client config")
+ return errors.Join(
+ err,
+ errors.New("could not create client config"),
+ )
  }
 
  // If the secret does not have the k8s: prefix, then it is not a k8s secret;
@@ -60,7 +63,10 @@ func saveSecretToKubernetes(secret entity.SecretStored) error {
 
  clientset, err := kubernetes.NewForConfig(config)
  if err != nil {
- return errors.Wrap(err, "could not create client")
+ return errors.Join(
+ err,
+ errors.New("could not create client"),
+ )
  }
 
  k8sSecretName := secret.Name
@@ -116,7 +122,10 @@ func saveSecretToKubernetes(secret entity.SecretStored) error {
  },
  )
  if err != nil {
- return errors.Wrap(err, "error creating the secret")
+ return errors.Join(
+ err,
+ errors.New("error creating the secret"),
+ )
  }
 
  continue
@@ -152,7 +161,10 @@ func saveSecretToKubernetes(secret entity.SecretStored) error {
  },
  )
  if err != nil {
- return errors.Wrap(err, "error updating the secret")
+ return errors.Join(
+ err,
+ errors.New("error updating the secret"),
+ )
  }
  }
 

app/safe/internal/state/io/read.go

@@ -13,7 +13,7 @@ package io
 import (
  "encoding/json"
 
- "github.com/pkg/errors"
+ "errors"
 
  "github.com/vmware-tanzu/secrets-manager/core/crypto"
  entity "github.com/vmware-tanzu/secrets-manager/core/entity/v1/data"
@@ -30,7 +30,7 @@ import (
 // locate the encrypted file on the disk which contains the secret's data.
 //
 // Returns:
-// - (*entity.SecretStored, error): This function returns a pointer to a
+// - '(*entity.SecretStored, error)': This function returns a pointer to a
 // SecretStored entity if the operation is successful. The SecretStored
 // entity represents the decrypted and deserialized secret. If any error
 // occurs during the process, a nil pointer and an error object are
@@ -39,13 +39,19 @@ import (
 func ReadFromDisk(key string) (*entity.SecretStored, error) {
  contents, err := crypto.DecryptDataFromDisk(key)
  if err != nil {
- return nil, errors.Wrap(err, "readFromDisk: error decrypting file")
+ return nil, errors.Join(
+ err,
+ errors.New("readFromDisk: error decrypting file"),
+ )
  }
 
  var secret entity.SecretStored
  err = json.Unmarshal(contents, &secret)
  if err != nil {
- return nil, errors.Wrap(err, "readFromDisk: Failed to unmarshal secret")
+ return nil, errors.Join(
+ err,
+ errors.New("readFromDisk: Failed to unmarshal secret"),
+ )
  }
 
  return &secret, nil

app/safe/internal/state/queue/queue_test.go

@@ -0,0 +1,11 @@
+/*
+| Protect your secrets, protect your sensitive data.
+: Explore VMware Secrets Manager docs at https://vsecm.com/
+</
+<>/ keep your secrets... secret
+>/
+<>/' Copyright 2023-present VMware Secrets Manager contributors.
+>/' SPDX-License-Identifier: BSD-2-Clause
+*/
+
+package queue

app/safe/internal/state/secret/collection/populate.go

@@ -15,7 +15,7 @@ import (
  "strings"
  "sync"
 
- "github.com/pkg/errors"
+ "errors"
 
  "github.com/vmware-tanzu/secrets-manager/app/safe/internal/state/io"
  "github.com/vmware-tanzu/secrets-manager/app/safe/internal/state/stats"
@@ -43,8 +43,10 @@ func populateSecretsFromFileStore(cid string) error {
  root := env.DataPathForSafe()
  files, err := os.ReadDir(root)
  if err != nil {
- return errors.Wrap(err,
- "populateSecrets: problem reading secrets directory")
+ return errors.Join(
+ err,
+ errors.New("populateSecrets: problem reading secrets directory"),
+ )
  }
 
  for _, file := range files {

app/sentinel/background/initialization/connectivity.go

@@ -13,7 +13,7 @@ package initialization
 import (
  "context"
 
- "github.com/pkg/errors"
+ "errors"
  "github.com/spiffe/go-spiffe/v2/workloadapi"
 
  "github.com/vmware-tanzu/secrets-manager/app/sentinel/internal/safe"
@@ -52,9 +52,11 @@ func ensureApiConnectivity(ctx context.Context, cid *string) {
  "RunInitCommands:CheckConnectivity: "+
  "failed to verify connection to safe:", err.Error())
 
- return errors.Wrap(err,
- "RunInitCommands:CheckConnectivity:"+
- " cannot establish connection to safe 001")
+ return errors.Join(
+ err,
+ errors.New("runInitCommands:CheckConnectivity:"+
+ " cannot establish connection to safe 001"),
+ )
  }
 
  log.TraceLn(cid, "RunInitCommands:CheckConnectivity: success")

app/sentinel/internal/oidc/safe/impl.go

@@ -17,7 +17,7 @@ import (
  "log"
  "net/http"
 
- "github.com/pkg/errors"
+ "errors"
  "github.com/spiffe/go-spiffe/v2/spiffeid"
  "github.com/spiffe/go-spiffe/v2/spiffetls/tlsconfig"
 

app/sentinel/internal/safe/action.go

@@ -14,22 +14,28 @@ import (
  "bytes"
  "net/http"
 
- "github.com/pkg/errors"
+ "errors"
 )
 
 func doDelete(cid *string, client *http.Client, p string, md []byte) error {
  req, err := http.NewRequest(http.MethodDelete, p, bytes.NewBuffer(md))
  if err != nil {
- return errors.Wrap(err,
- "Post:Delete: Problem connecting to VSecM Safe API endpoint URL.")
+ return errors.Join(
+ err,
+ errors.New("post:Delete: Problem connecting"+
+ " to VSecM Safe API endpoint URL"),
+ )
  }
 
  req.Header.Set("Content-Type", "application/json")
 
  r, err := client.Do(req)
  if err != nil {
- return errors.Wrap(err,
- "Post:Delete: Problem connecting to VSecM Safe API endpoint URL.")
+ return errors.Join(
+ err,
+ errors.New("post:Delete: Problem connecting"+
+ " to VSecM Safe API endpoint URL"),
+ )
  }
 
  respond(cid, r)
@@ -39,8 +45,10 @@ func doDelete(cid *string, client *http.Client, p string, md []byte) error {
 func doPost(cid *string, client *http.Client, p string, md []byte) error {
  r, err := client.Post(p, "application/json", bytes.NewBuffer(md))
  if err != nil {
- return errors.Wrap(err,
- "Post: Problem connecting to VSecM Safe API endpoint URL.")
+ return errors.Join(
+ err,
+ errors.New("post: Problem connecting to VSecM Safe API endpoint URL"),
+ )
  }
  respond(cid, r)
  return nil