Merge branch 'master' into dependabot/go_modules/google.golang.org/gr…

…pc-1.56.3

README.md

@@ -127,6 +127,13 @@ Note that to initialize our docker container, we use migrate-and-start, which co
 The SSAS can be tested by running `make unit-test`. You can also use the repo-wide command `make test`, which will run tests against the entire repo, including the SSAS code. Some tests are designed to be only run as needed, and are excluded from `make` by a build tag. To include
 one of these test suites, follow the instructions at the top of the test file.
 
+### **Running Single / Single-file Unit Tests**
+
+This step assumes that the user has installed VSCode, the Go language extension available [here](https://marketplace.visualstudio.com/items?itemName=golang.Go), and has successfully imported test data to their local database. 
+
+To run tests from within VSCode:
+In a FILENAME_test.go file, there will be a green arrow to the left of the method name, and clicking this arrow will run a single test locally. Tests should not be dependent upon other tests, but if a known-good test is failing, the user can run all tests in a given file by going to View -> Command Palette -> Go: Test Package, which will run all tests in a given file. Alternatively, in some instances, the init() method can be commented out to enable testing of single functions.
+
 # Integration Testing
 
 To run postman tests locally:

docker-compose.test.yml

@@ -7,6 +7,8 @@ services:
       dockerfile: Dockerfiles/Dockerfile.tests
       args:
         VERSION: latest
+    env_file:
+      - ./ssas/cfg/configs/local.env
     environment:
       - DB=postgresql://postgres:toor@db:5432
       - DATABASE_URL=postgresql://postgres:toor@db:5432/bcda?sslmode=disable
@@ -17,13 +19,9 @@ services:
       - SSAS_PUBLIC_PORT=:3003
       - SSAS_ADMIN_PORT=:3004
       - SSAS_HTTP_TO_HTTPS_PORT=:3005
-      - SSAS_READ_TIMEOUT=10
-      - SSAS_WRITE_TIMEOUT=20
-      - SSAS_IDLE_TIMEOUT=120
       - SSAS_HASH_ITERATIONS=130000
       - SSAS_HASH_KEY_LENGTH=64
       - SSAS_HASH_SALT_SIZE=32
-      - SSAS_DEFAULT_SYSTEM_SCOPE=bcda-api
       - SSAS_TOKEN_BLACKLIST_CACHE_CLEANUP_MINUTES=15
       - SSAS_TOKEN_BLACKLIST_CACHE_TIMEOUT_MINUTES=1440
       - SSAS_TOKEN_BLACKLIST_CACHE_REFRESH_MINUTES=5

docker-compose.yml

@@ -24,28 +24,26 @@ services:
       args:
         VERSION: latest
     image: bcda-ssas:latest
+    env_file:
+      - ./ssas/cfg/configs/local.env
     environment:
       - DATABASE_URL=postgresql://postgres:toor@db:5432/bcda?sslmode=disable
-      - DEBUG=true
-      - DEPLOYMENT_TARGET=local
       - ATO_PUBLIC_KEY_FILE=../shared_files/ATO_public.pem
       - ATO_PRIVATE_KEY_FILE=../shared_files/ATO_private.pem
       - HTTP_ONLY=true
       - BCDA_AUTH_PROVIDER=${BCDA_AUTH_PROVIDER}
       - BCDA_SSAS_CLIENT_ID=${BCDA_SSAS_CLIENT_ID}
       - BCDA_SSAS_SECRET=${BCDA_SSAS_SECRET}
+      - DEBUG=true
+      - DEPLOYMENT_TARGET=local
       - SSAS_ADMIN_SIGNING_KEY_PATH=../shared_files/ssas/admin_test_signing_key.pem
       - SSAS_PUBLIC_SIGNING_KEY_PATH=../shared_files/ssas/public_test_signing_key.pem
       - SSAS_ADMIN_PORT=:3004
       - SSAS_PUBLIC_PORT=:3003
       - SSAS_HTTP_TO_HTTPS_PORT=:3005
-      - SSAS_READ_TIMEOUT=10
-      - SSAS_WRITE_TIMEOUT=20
-      - SSAS_IDLE_TIMEOUT=120
       - SSAS_HASH_ITERATIONS=130000
       - SSAS_HASH_KEY_LENGTH=64
       - SSAS_HASH_SALT_SIZE=32
-      - SSAS_DEFAULT_SYSTEM_SCOPE=bcda-api
       - SSAS_TOKEN_BLACKLIST_CACHE_CLEANUP_MINUTES=15
       - SSAS_TOKEN_BLACKLIST_CACHE_TIMEOUT_MINUTES=1440
       - SSAS_TOKEN_BLACKLIST_CACHE_REFRESH_MINUTES=5

go.mod

@@ -12,7 +12,7 @@ require (
 	github.com/pborman/uuid v1.2.1
 	github.com/sirupsen/logrus v1.9.0
 	github.com/stretchr/testify v1.8.1
-	golang.org/x/crypto v0.8.0
+	golang.org/x/crypto v0.14.0
 	gopkg.in/macaroon.v2 v2.1.0
 	gorm.io/driver/postgres v1.5.2
 	gorm.io/gorm v1.25.0
@@ -31,9 +31,9 @@ require (
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/rogpeppe/go-internal v1.10.0 // indirect
 	github.com/stretchr/objx v0.5.0 // indirect
-	golang.org/x/net v0.9.0 // indirect
-	golang.org/x/sys v0.7.0 // indirect
-	golang.org/x/text v0.9.0 // indirect
+	golang.org/x/net v0.17.0 // indirect
+	golang.org/x/sys v0.13.0 // indirect
+	golang.org/x/text v0.13.0 // indirect
 	google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
 	google.golang.org/grpc v1.56.3 // indirect
 	google.golang.org/protobuf v1.30.0 // indirect

go.sum

@@ -101,8 +101,8 @@ go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqe
 golang.org/x/crypto v0.0.0-20180723164146-c126467f60eb/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.8.0 h1:pd9TJtTueMTVQXzk8E2XESSMQDj/U7OUu0PqJqPXQjQ=
-golang.org/x/crypto v0.8.0/go.mod h1:mRqEX+O9/h5TFCrQhkgjo2yKi0yYA+9ecGkdQoHrywE=
+golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc=
+golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
@@ -114,8 +114,8 @@ golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73r
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.9.0 h1:aWJ/m6xSmxWBx+V0XRHTlrYrPG56jKsLdTFmsSsCzOM=
-golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
+golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
+golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -127,11 +127,11 @@ golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5h
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.7.0 h1:3jlCCIQZPdOYu1h8BkNvLz8Kgwtae2cagcG/VamtZRU=
-golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
+golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE=
-golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k=
+golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
 golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=

ssas/cfg/configs/dev.env

@@ -0,0 +1,6 @@
+DEPLOYMENT_TARGET=dev
+SSAS_DEFAULT_SYSTEM_SCOPE=bcda-api
+SSAS_IDLE_TIMEOUT=120
+SSAS_LOG=/var/log/api/ssas.log
+SSAS_READ_TIMEOUT=10
+SSAS_WRITE_TIMEOUT=20

ssas/cfg/configs/local.env

@@ -0,0 +1,6 @@
+DEPLOYMENT_TARGET=local
+SSAS_DEFAULT_SYSTEM_SCOPE=bcda-api
+SSAS_IDLE_TIMEOUT=120
+SSAS_LOG=
+SSAS_READ_TIMEOUT=10
+SSAS_WRITE_TIMEOUT=20

ssas/cfg/configs/opensbx.env

@@ -0,0 +1,6 @@
+DEPLOYMENT_TARGET=opensbx
+SSAS_DEFAULT_SYSTEM_SCOPE=bcda-api
+SSAS_IDLE_TIMEOUT=120
+SSAS_LOG=/var/log/api/ssas.log
+SSAS_READ_TIMEOUT=10
+SSAS_WRITE_TIMEOUT=20

ssas/cfg/configs/prod.env

@@ -0,0 +1,6 @@
+DEPLOYMENT_TARGET=prod
+SSAS_DEFAULT_SYSTEM_SCOPE=bcda-api
+SSAS_IDLE_TIMEOUT=120
+SSAS_LOG=/var/log/api/ssas.log
+SSAS_READ_TIMEOUT=10
+SSAS_WRITE_TIMEOUT=20

ssas/cfg/configs/test.env

@@ -0,0 +1,6 @@
+DEPLOYMENT_TARGET=test
+SSAS_DEFAULT_SYSTEM_SCOPE=bcda-api
+SSAS_IDLE_TIMEOUT=120
+SSAS_LOG=/var/log/api/ssas.log
+SSAS_READ_TIMEOUT=10
+SSAS_WRITE_TIMEOUT=20

ssas/logger.go

@@ -103,6 +103,7 @@ func OperationCalled(data Event) {
 // OperationFailed should be called after an event's failure, and should always be preceded by
 // a call to OperationStarted
 func OperationFailed(data Event) {
+	// *TODO: refactor. Remove OperationFailed to prevent duplicate logging. Address areas affected by removal.
 	mergeNonEmpty(data).WithField("Event", "OperationFailed").Print(data.Help)
 }
 

ssas/service/api_common.go

@@ -26,6 +26,7 @@ func WriteHTTPSError(w http.ResponseWriter, e ssas.ErrorResponse, errorStatus in
 
 // Follow RFC 7591 format for input errors
 func JSONError(w http.ResponseWriter, errorStatus int, statusText string, statusDescription string) {
+	// *TODO: address duplicate logging. Remove logging from JSONError but make sure areas that rely on it for logging, still have logging after removal.
 	e := ssas.ErrorResponse{Error: statusText, ErrorDescription: statusDescription}
 
 	WriteHTTPSError(w, e, errorStatus)

ssas/service/main/main.go

@@ -1,14 +1,13 @@
 /*
  Package main System-to-System Authentication Service
-
+ 
  The System-to-System Authentication Service (SSAS) enables one software system to authenticate and authorize another software system. In this model, the Systems act automatically, independent of a human user identity. Human users are involved only to administer the Service, including establishing the identities and privileges of participating systems.
-
+ 
  For more details see our repository readme and Postman tests:
  - https://github.com/CMSgov/bcda-ssas-app
  - https://github.com/CMSgov/bcda-ssas-app/tree/master/test/postman_test
-
+ 
  If you have a Client ID and Secret you can use this page to explore the API.  To do this, click the green "Authorize" button below and enter your Client ID and secret in the Basic Authentication username and password boxes.
-
 Until you click logout your token will be presented with every request made.  To make requests click on the "Try it out" button for the desired endpoint.
 
      Version: 1.0.0
@@ -21,7 +20,7 @@ Until you click logout your token will be presented with every request made.  To
      SecurityDefinitions:
      basic_auth:
           type: basic
-
+ 
  swagger:meta
 */
 package main
@@ -316,7 +315,7 @@ func newAdminSystem(name string) {
 func listIPs() {
 	ips, err := ssas.GetAllIPs()
 	if err != nil {
-		panic("unable to get registered IPs")
+		ssas.Logger.Fatalf("unable to get registered IPs: %s", err)
 	}
 	listOfIps := strings.Join(ips, "\n")
 	fmt.Fprintln(output, listOfIps)

ssas/service/public/api.go

@@ -249,9 +249,10 @@ func token(w http.ResponseWriter, r *http.Request) {
 		service.JSONError(w, http.StatusUnauthorized, http.StatusText(http.StatusUnauthorized), "invalid client id")
 		return
 	}
-	err = ValidateSecret(system, secret, w, r)
+	err = ValidateSecret(system, secret, r)
 	if err != nil {
 		ssas.Logger.Error("The client id and secret cannot be validated: ", err.Error())
+		service.JSONError(w, http.StatusUnauthorized, http.StatusText(http.StatusUnauthorized), err.Error())
 		return
 	}
 
@@ -292,24 +293,16 @@ func token(w http.ResponseWriter, r *http.Request) {
 	render.JSON(w, r, m)
 }
 
-func ValidateSecret(system ssas.System, secret string, w http.ResponseWriter, r *http.Request) (err error) {
+func ValidateSecret(system ssas.System, secret string, r *http.Request) (err error) {
 	savedSecret, err := system.GetSecret(r.Context())
-	if err != nil {
-		ssas.Logger.Errorf("Error getting secret: %s", err.Error())
-		service.JSONError(w, http.StatusUnauthorized, http.StatusText(http.StatusUnauthorized), "Error getting secret")
-		return err
-	} else if !ssas.Hash(savedSecret.Hash).IsHashOf(secret) {
-		ssas.Logger.Errorf("The incoming client secret is invalid")
-		service.JSONError(w, http.StatusUnauthorized, http.StatusText(http.StatusUnauthorized), constants.InvalidClientSecret)
+	if !ssas.Hash(savedSecret.Hash).IsHashOf(secret) {
 		return errors.New(constants.InvalidClientSecret)
 	}
 
 	if savedSecret.IsExpired() {
-		ssas.Logger.Error("Credentials were expired")
-		service.JSONError(w, http.StatusUnauthorized, http.StatusText(http.StatusUnauthorized), "credentials expired")
-		return errors.New("The saved client secret is expired")
+		return errors.New("The saved client credendials are expired")
 	}
-	return nil
+	return err
 }
 
 func tokenV2(w http.ResponseWriter, r *http.Request) {

ssas/service/server.go

@@ -52,7 +52,7 @@ type Server struct {
 func ChooseSigningKey(signingKeyPath, signingKey string) (*rsa.PrivateKey, error) {
 	var key *rsa.PrivateKey = nil
 	var error error = nil
-
+	// *TODO: To prevent duplicate logging, remove error handling out of this function. Return error and log error outside of function.
 	if signingKey == "" && signingKeyPath != "" {
 		sk, err := GetPrivateKey(signingKeyPath)
 		if err != nil {
@@ -84,6 +84,7 @@ func ChooseSigningKey(signingKeyPath, signingKey string) (*rsa.PrivateKey, error
 
 // NewServer correctly initializes an instance of the Server type.
 func NewServer(name, port, version string, info interface{}, routes *chi.Mux, notSecure bool, useMTLS bool, signingKey *rsa.PrivateKey, ttl time.Duration, clientAssertAud string) *Server {
+
 	if signingKey == nil {
 		ssas.Logger.Error("Private Key is nil")
 		return nil
@@ -159,7 +160,8 @@ func (s *Server) LogRoutes() {
 	banner := fmt.Sprintf("Routes for %s at port %s: ", s.name, s.port)
 	routes, err := s.ListRoutes()
 	if err != nil {
-		ssas.Logger.Infof("%s routing error: %v", banner, err)
+		ssas.Logger.Errorf("%s routing error: %v", banner, err)
+		return
 	}
 	ssas.Logger.Infof("%s %v", banner, routes)
 }

ssas/systems.go

@@ -89,8 +89,8 @@ type ClientToken struct {
 }
 
 /*
-	SaveClientToken should be provided with a token label and token uuid, which will
-	be saved to the client tokens table and associated with the current system.
+SaveClientToken should be provided with a token label and token uuid, which will
+be saved to the client tokens table and associated with the current system.
 */
 func (system *System) SaveClientToken(ctx context.Context, label string, groupXData string, expiration time.Time) (*ClientToken, string, error) {
 	rk, err := NewRootKey(ctx, system.ID, expiration)
@@ -167,8 +167,8 @@ type AuthRegData struct {
 }
 
 /*
-	SaveSecret should be provided with a secret hashed with ssas.NewHash(), which will
-	be saved to the secrets table and associated with the current system.
+SaveSecret should be provided with a secret hashed with ssas.NewHash(), which will
+be saved to the secrets table and associated with the current system.
 */
 func (system *System) SaveSecret(ctx context.Context, hashedSecret string) error {
 	secret := Secret{
@@ -189,7 +189,7 @@ func (system *System) SaveSecret(ctx context.Context, hashedSecret string) error
 }
 
 /*
-	GetSecret will retrieve the hashed secret associated with the current system.
+GetSecret will retrieve the hashed secret associated with the current system.
 */
 func (system *System) GetSecret(ctx context.Context) (Secret, error) {
 	secret := Secret{}
@@ -220,7 +220,7 @@ func (system *System) SaveTokenTime(ctx context.Context) {
 }
 
 /*
-	RevokeSecret revokes a system's secret
+RevokeSecret revokes a system's secret
 */
 func (system *System) RevokeSecret(ctx context.Context, trackingID string) error {
 	revokeCredentialsEvent := Event{Op: "RevokeCredentials", TrackingID: trackingID, ClientID: system.ClientID}
@@ -246,7 +246,7 @@ func (system *System) RevokeSecret(ctx context.Context, trackingID string) error
 }
 
 /*
-	DeactivateSecrets soft deletes secrets associated with the system.
+DeactivateSecrets soft deletes secrets associated with the system.
 */
 func (system *System) deactivateSecrets(ctx context.Context) error {
 	err := Connection.WithContext(ctx).Where("system_id = ?", system.ID).Delete(&Secret{}).Error
@@ -257,7 +257,7 @@ func (system *System) deactivateSecrets(ctx context.Context) error {
 }
 
 /*
-	GetEncryptionKey retrieves the key associated with the current system.
+GetEncryptionKey retrieves the key associated with the current system.
 */
 func (system *System) GetEncryptionKey(ctx context.Context, trackingID string) (EncryptionKey, error) {
 	getKeyEvent := Event{Op: "GetEncryptionKey", TrackingID: trackingID, ClientID: system.ClientID}
@@ -275,7 +275,7 @@ func (system *System) GetEncryptionKey(ctx context.Context, trackingID string) (
 }
 
 /*
-	FindEncryptionKey retrieves the key by id associated with the current system.
+FindEncryptionKey retrieves the key by id associated with the current system.
 */
 func (system *System) FindEncryptionKey(ctx context.Context, trackingID string, keyId string) (EncryptionKey, error) {
 	findKeyEvent := Event{Op: "FindEncryptionKey", TrackingID: trackingID, ClientID: system.ClientID}
@@ -293,7 +293,7 @@ func (system *System) FindEncryptionKey(ctx context.Context, trackingID string,
 }
 
 /*
-	GetEncryptionKeys retrieves the keys associated with the current system.
+GetEncryptionKeys retrieves the keys associated with the current system.
 */
 func (system *System) GetEncryptionKeys(ctx context.Context, trackingID string) ([]EncryptionKey, error) {
 	getKeyEvent := Event{Op: "GetEncryptionKey", TrackingID: trackingID, ClientID: system.ClientID}
@@ -311,7 +311,7 @@ func (system *System) GetEncryptionKeys(ctx context.Context, trackingID string)
 }
 
 /*
-	DeleteEncryptionKey deletes the key associated with the current system.
+DeleteEncryptionKey deletes the key associated with the current system.
 */
 func (system *System) DeleteEncryptionKey(ctx context.Context, trackingID string, keyID string) error {
 	deleteKeyEvent := Event{Op: "DeleteEncryptionKey", TrackingID: trackingID, ClientID: system.ClientID}
@@ -334,8 +334,8 @@ func (system *System) DeleteEncryptionKey(ctx context.Context, trackingID string
 }
 
 /*
-	SavePublicKey should be provided with a public key in PEM format, which will be saved
-	to the encryption_keys table and associated with the current system.
+SavePublicKey should be provided with a public key in PEM format, which will be saved
+to the encryption_keys table and associated with the current system.
 */
 func (system *System) SavePublicKey(publicKey io.Reader, signature string) (*EncryptionKey, error) {
 	return system.SavePublicKeyDB(publicKey, signature, true, Connection)
@@ -400,8 +400,8 @@ type Credentials struct {
 }
 
 /*
-	RegisterSystem will save a new system and public key after verifying provided details for validity.  It returns
-	a ssas.Credentials struct including the generated clientID and secret.
+RegisterSystem will save a new system and public key after verifying provided details for validity.  It returns
+a ssas.Credentials struct including the generated clientID and secret.
 */
 func RegisterSystem(ctx context.Context, clientName string, groupID string, scope string, publicKeyPEM string, ips []string, trackingID string) (Credentials, error) {
 	systemInput := SystemInput{