fix ineffectual assign and related bugs

api/.golangci.yaml

@@ -8,6 +8,8 @@ linters:
     - govet
     - errorlint
     - exportloopref
+    - ineffassign
+
 linters-settings:
   depguard:
     rules:

api/cmd/portainer/main.go

@@ -455,6 +455,9 @@ func buildServer(flags *portainer.CLIFlags) portainer.Server {
 
 	dockerClientFactory := initDockerClientFactory(digitalSignatureService, reverseTunnelService)
 	kubernetesClientFactory, err := initKubernetesClientFactory(digitalSignatureService, reverseTunnelService, dataStore, instanceID, *flags.AddrHTTPS, settings.UserSessionTimeout)
+	if err != nil {
+		log.Fatal().Err(err).Msg("failed initializing kubernetes client factory")
+	}
 
 	authorizationService := authorization.NewService(dataStore)
 	authorizationService.K8sClientFactory = kubernetesClientFactory

api/datastore/migrator/migrate_dbversion20.go

@@ -1,6 +1,8 @@
 package migrator
 
 import (
+	"fmt"
+
 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/internal/authorization"
 
@@ -56,6 +58,9 @@ func (m *Migrator) updateUsersAndRolesToDBVersion22() error {
 	endpointAdministratorRole.Authorizations = authorization.DefaultEndpointAuthorizationsForEndpointAdministratorRole()
 
 	err = m.roleService.Update(endpointAdministratorRole.ID, endpointAdministratorRole)
+	if err != nil {
+		return fmt.Errorf("failed to update Administrator role: %w", err)
+	}
 
 	helpDeskRole, err := m.roleService.Read(portainer.RoleID(2))
 	if err != nil {
@@ -65,6 +70,9 @@ func (m *Migrator) updateUsersAndRolesToDBVersion22() error {
 	helpDeskRole.Authorizations = authorization.DefaultEndpointAuthorizationsForHelpDeskRole(settings.AllowVolumeBrowserForRegularUsers)
 
 	err = m.roleService.Update(helpDeskRole.ID, helpDeskRole)
+	if err != nil {
+		return fmt.Errorf("failed to update Help Desk role: %w", err)
+	}
 
 	standardUserRole, err := m.roleService.Read(portainer.RoleID(3))
 	if err != nil {
@@ -74,6 +82,9 @@ func (m *Migrator) updateUsersAndRolesToDBVersion22() error {
 	standardUserRole.Authorizations = authorization.DefaultEndpointAuthorizationsForStandardUserRole(settings.AllowVolumeBrowserForRegularUsers)
 
 	err = m.roleService.Update(standardUserRole.ID, standardUserRole)
+	if err != nil {
+		return fmt.Errorf("failed to update Standard User Role role: %w", err)
+	}
 
 	readOnlyUserRole, err := m.roleService.Read(portainer.RoleID(4))
 	if err != nil {
@@ -84,7 +95,7 @@ func (m *Migrator) updateUsersAndRolesToDBVersion22() error {
 
 	err = m.roleService.Update(readOnlyUserRole.ID, readOnlyUserRole)
 	if err != nil {
-		return err
+		return fmt.Errorf("failed to update Readonly User Role role: %w", err)
 	}
 
 	return m.authorizationService.UpdateUsersAuthorizations()

api/http/security/bouncer_test.go

@@ -344,6 +344,7 @@ func Test_apiKeyLookup(t *testing.T) {
 		req.Header.Add("x-api-key", rawAPIKey)
 
 		token, err := bouncer.apiKeyLookup(req)
+		is.NoError(err)
 
 		expectedToken := &portainer.TokenData{ID: user.ID, Username: user.Username, Role: portainer.StandardUserRole}
 		is.Equal(expectedToken, token)
@@ -358,6 +359,7 @@ func Test_apiKeyLookup(t *testing.T) {
 		req.Header.Add("x-api-key", rawAPIKey)
 
 		token, err := bouncer.apiKeyLookup(req)
+		is.NoError(err)
 
 		expectedToken := &portainer.TokenData{ID: user.ID, Username: user.Username, Role: portainer.StandardUserRole}
 		is.Equal(expectedToken, token)
@@ -372,6 +374,7 @@ func Test_apiKeyLookup(t *testing.T) {
 		req.Header.Add("x-api-key", rawAPIKey)
 
 		token, err := bouncer.apiKeyLookup(req)
+		is.NoError(err)
 
 		expectedToken := &portainer.TokenData{ID: user.ID, Username: user.Username, Role: portainer.StandardUserRole}
 		is.Equal(expectedToken, token)

api/kubernetes/cli/client.go

@@ -242,6 +242,10 @@ func (factory *ClientFactory) buildEdgeConfig(endpoint *portainer.Endpoint) (*re
 	}
 
 	signature, err := factory.signatureService.CreateSignature(portainer.PortainerAgentSignatureMessage)
+	if err != nil {
+		return nil, err
+	}
+
 	config.Insecure = true
 	config.QPS = DefaultKubeClientQPS
 	config.Burst = DefaultKubeClientBurst