Add govet's nilness and golangci-lint nilnesserr (#33359)

These seemed easy to fix. And worth keeping the lint enabled moving
forward.

.golangci.yml

@@ -21,6 +21,7 @@ linters:
     - depguard
     - gosec
     - gocritic
+    - nilnesserr
     - govet
     - ineffassign
     - revive
@@ -37,6 +38,9 @@ linters:
           deny:
             - pkg: github.com/pkg/errors
               desc: "use ctxerr if a context.Context is available or stdlib errors.New / fmt.Errorf with the %w verb"
+    govet:
+      enable:
+        - nilness
 
     errcheck:
       check-type-assertions: false

cmd/fleetctl/fleetctl/api.go

@@ -394,7 +394,8 @@ func parseBodyFlags(flBody []string) (body any, headers map[string]string, err e
 				case '@':
 					// do a multipart file upload
 					if fileWriter, err := multipartWriter.CreateFormFile(k, path.Base(v[1:])); err == nil {
-						if fp, err := os.Open(v[1:]); err == nil {
+						fp, err := os.Open(v[1:])
+						if err == nil {
 							defer fp.Close()
 							_, err = io.Copy(fileWriter, fp)
 							if err != nil {

cmd/fleetctl/fleetctl/user.go

@@ -236,13 +236,13 @@ func createBulkUsersCommand() *cli.Command {
 				globalRoleString := record[4]
 				teamStrings := strings.Split(record[5], " ")
 				if ssoErr != nil {
-					return fmt.Errorf("SSO is not a vailed Boolean value: %w", err)
+					return fmt.Errorf("SSO is not a vailed Boolean value: %w", ssoErr)
 				}
 				if apiErr != nil {
-					return fmt.Errorf("API Only is not a vailed Boolean value: %w", err)
+					return fmt.Errorf("API Only is not a vailed Boolean value: %w", apiErr)
 				}
 				if passErr != nil {
-					return fmt.Errorf("not able to generate a random password: %w", err)
+					return fmt.Errorf("not able to generate a random password: %w", passErr)
 				}
 
 				var globalRole *string

ee/fleetctl/updates.go

@@ -781,16 +781,15 @@ func (p *passphraseHandler) checkPassphrase(store tuf.LocalStore, role string) e
 			// error as we do currently.
 			if ctxerr.Cause(err).Error() != decryptionFailedError {
 				return err
-			} else if err != nil {
-				if p.getPassphraseFromEnv(role) != nil {
-					// Fatal error if environment variable passphrase is
-					// incorrect
-					return fmt.Errorf("%s passphrase from %s is invalid", role, p.passphraseEnvName(role))
-				}
-
-				fmt.Printf("Failed to decrypt %s key. Try again.\n", role)
-				delete(p.cache, role)
 			}
+			if p.getPassphraseFromEnv(role) != nil {
+				// Fatal error if environment variable passphrase is
+				// incorrect
+				return fmt.Errorf("%s passphrase from %s is invalid", role, p.passphraseEnvName(role))
+			}
+
+			fmt.Printf("Failed to decrypt %s key. Try again.\n", role)
+			delete(p.cache, role)
 			continue
 		} else if len(keys) == 0 {
 			return fmt.Errorf("%s key not found", role)

orbit/pkg/packaging/windows.go

@@ -546,7 +546,7 @@ func extractZipFile(archiveReader *zip.File, destPath string) error {
 		}
 	} else {
 		// Create all needed directories
-		if os.MkdirAll(filepath.Dir(finalPath), 0o755) != nil {
+		if err := os.MkdirAll(filepath.Dir(finalPath), 0o755); err != nil {
 			return fmt.Errorf("could not create directory %s: %w", filepath.Dir(finalPath), err)
 		}
 

server/mdm/nanodep/storage/mysql/mysql.go

@@ -115,9 +115,6 @@ WHERE
 	if !consumerKey.Valid { // all auth token fields are set together
 		return nil, storage.ErrNotFound
 	}
-	if err != nil {
-		return nil, err
-	}
 	return &client.OAuth1Tokens{
 		ConsumerKey:       consumerKey.String,
 		ConsumerSecret:    consumerSecret.String,

server/service/apple_mdm.go

@@ -7071,10 +7071,7 @@ func (svc *Service) MDMAppleProcessOTAEnrollment(
 // EnsureMDMAppleServiceDiscovery checks if the service discovery URL is set up correctly with Apple
 // and assigns it if necessary.
 func EnsureMDMAppleServiceDiscovery(ctx context.Context, ds fleet.Datastore, depStorage storage.AllDEPStorage, logger kitlog.Logger, urlPrefix string) error {
-	var depSvc *apple_mdm.DEPService
-	if depSvc == nil {
-		depSvc = apple_mdm.NewDEPService(ds, depStorage, logger)
-	}
+	depSvc := apple_mdm.NewDEPService(ds, depStorage, logger)
 
 	ac, err := ds.AppConfig(ctx)
 	if err != nil {

server/service/hosts.go

@@ -1784,12 +1784,11 @@ func (svc *Service) MacadminsData(ctx context.Context, id uint) (*fleet.Macadmin
 	}
 
 	var munkiIssues []*fleet.HostMunkiIssue
-	switch issues, err := svc.ds.GetHostMunkiIssues(ctx, id); {
-	case err != nil:
+	issues, err := svc.ds.GetHostMunkiIssues(ctx, id)
+	if err != nil {
 		return nil, err
-	case err == nil:
-		munkiIssues = issues
 	}
+	munkiIssues = issues
 
 	if munkiInfo == nil && mdm == nil && len(munkiIssues) == 0 {
 		return nil, nil

server/service/team_policies.go

@@ -677,7 +677,7 @@ func (svc *Service) modifyPolicy(ctx context.Context, teamID *uint, id uint, p f
 	}
 
 	// Add a special case for handling "No Team" (teamID = 0) in ModifyTeamPolicy
-	if teamID != nil && *teamID == 0 {
+	if *teamID == 0 {
 		noTeamID := int64(0)
 		if err := svc.NewActivity(
 			ctx,
@@ -698,7 +698,7 @@ func (svc *Service) modifyPolicy(ctx context.Context, teamID *uint, id uint, p f
 	// rollback an action in the event of an error writing the associated activity
 
 	var teamName *string
-	if teamID != nil && *teamID != 0 {
+	if *teamID != 0 {
 		if svc.EnterpriseOverrides != nil && svc.EnterpriseOverrides.TeamByIDOrName != nil {
 			team, err := svc.EnterpriseOverrides.TeamByIDOrName(ctx, teamID, nil)
 			if err != nil {
@@ -710,10 +710,8 @@ func (svc *Service) modifyPolicy(ctx context.Context, teamID *uint, id uint, p f
 
 	// Convert *uint to *int64 for the activity
 	var activityTeamID *int64
-	if teamID != nil {
-		teamIDInt64 := int64(*teamID)
-		activityTeamID = &teamIDInt64
-	}
+	teamIDInt64 := int64(*teamID)
+	activityTeamID = &teamIDInt64
 
 	if err := svc.NewActivity(
 		ctx,

tools/tuf/download-artifacts/download-artifacts.go

@@ -230,7 +230,7 @@ func extractZipFile(archiveReader *zip.File, destPath string) error {
 		}
 	} else {
 		// Create all needed directories
-		if os.MkdirAll(filepath.Dir(finalPath), 0o755) != nil {
+		if err := os.MkdirAll(filepath.Dir(finalPath), 0o755); err != nil {
 			return fmt.Errorf("could not create directory %s: %w", filepath.Dir(finalPath), err)
 		}