From dacde35fc724df15fa3bf000a2307f524fc328fd Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Thu, 23 May 2024 09:38:32 +0200 Subject: [PATCH 01/21] fix gci linter Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .golangci.yaml | 1 - cmd/trust-manager/app/options/options.go | 3 ++- pkg/bundle/internal/ssa_client/bundle_status.go | 3 ++- pkg/bundle/sync.go | 4 ++-- test/env/data.go | 6 +++--- test/env/ginkgo.go | 1 - test/integration/bundle/integration.go | 6 +++--- test/integration/bundle/suite.go | 8 ++++---- test/smoke/smoke_test.go | 6 +++--- test/smoke/suite_test.go | 6 +++--- 10 files changed, 22 insertions(+), 22 deletions(-) diff --git a/.golangci.yaml b/.golangci.yaml index f3d10224..c19edf53 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -9,7 +9,6 @@ issues: - promlinter - prealloc - containedctx - - gci - errorlint - gosec - unparam diff --git a/cmd/trust-manager/app/options/options.go b/cmd/trust-manager/app/options/options.go index edaea20e..ea8f3c84 100644 --- a/cmd/trust-manager/app/options/options.go +++ b/cmd/trust-manager/app/options/options.go @@ -26,12 +26,13 @@ import ( "github.com/spf13/cobra" "github.com/spf13/pflag" "k8s.io/cli-runtime/pkg/genericclioptions" - _ "k8s.io/client-go/plugin/pkg/client/auth" "k8s.io/client-go/rest" cliflag "k8s.io/component-base/cli/flag" "k8s.io/klog/v2" "github.com/cert-manager/trust-manager/pkg/bundle" + + _ "k8s.io/client-go/plugin/pkg/client/auth" ) // Options is a struct to hold options for trust-manager diff --git a/pkg/bundle/internal/ssa_client/bundle_status.go b/pkg/bundle/internal/ssa_client/bundle_status.go index 07bc20db..a43e38c3 100644 --- a/pkg/bundle/internal/ssa_client/bundle_status.go +++ b/pkg/bundle/internal/ssa_client/bundle_status.go @@ -19,10 +19,11 @@ package ssa_client import ( "encoding/json" - trustapi "github.com/cert-manager/trust-manager/pkg/apis/trust/v1alpha1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" v1 "k8s.io/client-go/applyconfigurations/meta/v1" "sigs.k8s.io/controller-runtime/pkg/client" + + trustapi "github.com/cert-manager/trust-manager/pkg/apis/trust/v1alpha1" ) type bundleStatusApplyConfiguration struct { diff --git a/pkg/bundle/sync.go b/pkg/bundle/sync.go index 9054462f..029a0114 100644 --- a/pkg/bundle/sync.go +++ b/pkg/bundle/sync.go @@ -26,6 +26,8 @@ import ( "fmt" "strings" + "github.com/go-logr/logr" + jks "github.com/pavlo-v-chernykh/keystore-go/v4" corev1 "k8s.io/api/core/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -42,8 +44,6 @@ import ( trustapi "github.com/cert-manager/trust-manager/pkg/apis/trust/v1alpha1" "github.com/cert-manager/trust-manager/pkg/bundle/internal/ssa_client" "github.com/cert-manager/trust-manager/pkg/util" - "github.com/go-logr/logr" - jks "github.com/pavlo-v-chernykh/keystore-go/v4" ) const ( diff --git a/test/env/data.go b/test/env/data.go index bbb3459a..1d97b5d6 100644 --- a/test/env/data.go +++ b/test/env/data.go @@ -22,9 +22,6 @@ import ( "fmt" "strings" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" - jks "github.com/pavlo-v-chernykh/keystore-go/v4" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -35,6 +32,9 @@ import ( "github.com/cert-manager/trust-manager/pkg/bundle" "github.com/cert-manager/trust-manager/pkg/util" "github.com/cert-manager/trust-manager/test/dummy" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" ) const ( diff --git a/test/env/ginkgo.go b/test/env/ginkgo.go index e0601703..2a25e16c 100644 --- a/test/env/ginkgo.go +++ b/test/env/ginkgo.go @@ -24,7 +24,6 @@ import ( "time" "github.com/onsi/ginkgo/v2" - "github.com/onsi/gomega" "k8s.io/apimachinery/pkg/util/wait" ) diff --git a/test/integration/bundle/integration.go b/test/integration/bundle/integration.go index 7a28751f..665c368d 100644 --- a/test/integration/bundle/integration.go +++ b/test/integration/bundle/integration.go @@ -19,15 +19,15 @@ package test import ( "os" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" "k8s.io/utils/ptr" - "sigs.k8s.io/controller-runtime/pkg/envtest" logf "sigs.k8s.io/controller-runtime/pkg/log" "sigs.k8s.io/controller-runtime/pkg/log/zap" trustapi "github.com/cert-manager/trust-manager/pkg/apis/trust/v1alpha1" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" ) var ( diff --git a/test/integration/bundle/suite.go b/test/integration/bundle/suite.go index e528885a..c611bb12 100644 --- a/test/integration/bundle/suite.go +++ b/test/integration/bundle/suite.go @@ -23,10 +23,6 @@ import ( "os" "time" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" - . "github.com/onsi/gomega/gstruct" - "github.com/go-logr/logr" corev1 "k8s.io/api/core/v1" apiequality "k8s.io/apimachinery/pkg/api/equality" @@ -45,6 +41,10 @@ import ( "github.com/cert-manager/trust-manager/pkg/fspkg" "github.com/cert-manager/trust-manager/test/dummy" testenv "github.com/cert-manager/trust-manager/test/env" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + . "github.com/onsi/gomega/gstruct" ) const ( diff --git a/test/smoke/smoke_test.go b/test/smoke/smoke_test.go index 6f80d35c..24c25b92 100644 --- a/test/smoke/smoke_test.go +++ b/test/smoke/smoke_test.go @@ -20,11 +20,11 @@ import ( "flag" "testing" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" - "github.com/cert-manager/trust-manager/test/env" "github.com/cert-manager/trust-manager/test/smoke/config" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" ) var ( diff --git a/test/smoke/suite_test.go b/test/smoke/suite_test.go index 6ee93e71..35fb70fe 100644 --- a/test/smoke/suite_test.go +++ b/test/smoke/suite_test.go @@ -19,9 +19,6 @@ package smoke import ( "context" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" - "github.com/go-logr/logr" corev1 "k8s.io/api/core/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" @@ -34,6 +31,9 @@ import ( "github.com/cert-manager/trust-manager/pkg/bundle" "github.com/cert-manager/trust-manager/test/dummy" "github.com/cert-manager/trust-manager/test/env" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" ) const ( From 82f0913e8eb9d3abebe8d128b390a50e43634d93 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Thu, 23 May 2024 09:39:26 +0200 Subject: [PATCH 02/21] fix mirror linter Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .golangci.yaml | 1 - pkg/bundle/sync.go | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/.golangci.yaml b/.golangci.yaml index c19edf53..23e02c60 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -16,7 +16,6 @@ issues: - gofmt - unconvert - misspell - - mirror - wastedassign - ineffassign - unused diff --git a/pkg/bundle/sync.go b/pkg/bundle/sync.go index 029a0114..af4d679d 100644 --- a/pkg/bundle/sync.go +++ b/pkg/bundle/sync.go @@ -233,7 +233,7 @@ func (b *bundle) secretBundle(ctx context.Context, ref *trustapi.SourceObjectKey if !ok { return "", notFoundError{fmt.Errorf("no data found in Secret %s/%s at key %q", secret.Namespace, secret.Name, ref.Key)} } - results.WriteString(string(data)) + results.Write(data) results.WriteByte('\n') } return results.String(), nil From 0858127b6c37658013e8663c40ea324834aadbfa Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Thu, 23 May 2024 09:40:01 +0200 Subject: [PATCH 03/21] fix misspell linter Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .golangci.yaml | 1 - pkg/util/pem.go | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/.golangci.yaml b/.golangci.yaml index 23e02c60..a047bd14 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -15,7 +15,6 @@ issues: - gocritic - gofmt - unconvert - - misspell - wastedassign - ineffassign - unused diff --git a/pkg/util/pem.go b/pkg/util/pem.go index a957e9aa..4a0fde0a 100644 --- a/pkg/util/pem.go +++ b/pkg/util/pem.go @@ -27,7 +27,7 @@ import ( // only valid CERTIFICATE PEM blocks. If successful, returns the validated PEM blocks with any // comments or extra data stripped. -// This validation is broadly similar to the standard library funtion +// This validation is broadly similar to the standard library function // crypto/x509.CertPool.AppendCertsFromPEM - that is, we decode each PEM block at a time and parse // it as a certificate. From c7b19506318f73e1946551b68166431565599741 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Thu, 23 May 2024 09:41:09 +0200 Subject: [PATCH 04/21] fix unused linter Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .golangci.yaml | 1 - pkg/webhook/validation.go | 3 --- 2 files changed, 4 deletions(-) diff --git a/.golangci.yaml b/.golangci.yaml index a047bd14..e81ae0ed 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -17,7 +17,6 @@ issues: - unconvert - wastedassign - ineffassign - - unused - dupword text: ".*" linters: diff --git a/pkg/webhook/validation.go b/pkg/webhook/validation.go index 5e0c98e7..790c9c1c 100644 --- a/pkg/webhook/validation.go +++ b/pkg/webhook/validation.go @@ -20,7 +20,6 @@ import ( "context" "fmt" "strconv" - "sync" "github.com/go-logr/logr" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -34,8 +33,6 @@ import ( // validator validates against trust.cert-manager.io resources. type validator struct { log logr.Logger - - lock sync.RWMutex } var _ admission.CustomValidator = &validator{} From b272cf4db25239ae57ef6a7eb9f45e6ee929b874 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Thu, 23 May 2024 09:41:40 +0200 Subject: [PATCH 05/21] fix gofmt linter Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .golangci.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.golangci.yaml b/.golangci.yaml index e81ae0ed..e88f8a80 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -13,7 +13,6 @@ issues: - gosec - unparam - gocritic - - gofmt - unconvert - wastedassign - ineffassign From 2b1e726e6e972631310f5820de372d475826eb1f Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Thu, 23 May 2024 09:42:14 +0200 Subject: [PATCH 06/21] fix unconvert linter Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .golangci.yaml | 1 - pkg/bundle/sync.go | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/.golangci.yaml b/.golangci.yaml index e88f8a80..16a77bdd 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -13,7 +13,6 @@ issues: - gosec - unparam - gocritic - - unconvert - wastedassign - ineffassign - dupword diff --git a/pkg/bundle/sync.go b/pkg/bundle/sync.go index af4d679d..cd461e41 100644 --- a/pkg/bundle/sync.go +++ b/pkg/bundle/sync.go @@ -753,7 +753,7 @@ func deduplicateBundles(bundles []string) ([]string, error) { LOOP: for { - block, certBytes = pem.Decode([]byte(certBytes)) + block, certBytes = pem.Decode(certBytes) if block == nil { break LOOP } From e02f0910b4c909dd47339aac5c79e5a34a02f549 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Thu, 23 May 2024 09:43:32 +0200 Subject: [PATCH 07/21] fix gocritic linter Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .golangci.yaml | 1 - pkg/util/cert_pool.go | 6 +++--- test/env/data.go | 7 ++++--- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.golangci.yaml b/.golangci.yaml index 16a77bdd..968b9793 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -12,7 +12,6 @@ issues: - errorlint - gosec - unparam - - gocritic - wastedassign - ineffassign - dupword diff --git a/pkg/util/cert_pool.go b/pkg/util/cert_pool.go index d25326c4..5d3394d7 100644 --- a/pkg/util/cert_pool.go +++ b/pkg/util/cert_pool.go @@ -38,14 +38,14 @@ func newCertPool(filterExpired bool) *certPool { } // Append certificate to a pool -func (cp *certPool) appendCertFromPEM(PEMdata []byte) error { - if PEMdata == nil { +func (cp *certPool) appendCertFromPEM(pemData []byte) error { + if pemData == nil { return fmt.Errorf("certificate data can't be nil") } for { var block *pem.Block - block, PEMdata = pem.Decode(PEMdata) + block, pemData = pem.Decode(pemData) if block == nil { break diff --git a/test/env/data.go b/test/env/data.go index 1d97b5d6..f26bc543 100644 --- a/test/env/data.go +++ b/test/env/data.go @@ -162,19 +162,20 @@ func checkBundleSyncedInternal(ctx context.Context, cl client.Client, bundleName Expect(cl.Get(ctx, client.ObjectKey{Name: bundleName}, &bundle)).NotTo(HaveOccurred()) gotData := "" - if bundle.Spec.Target.ConfigMap != nil { + switch { + case bundle.Spec.Target.ConfigMap != nil: var configMap corev1.ConfigMap if err := cl.Get(ctx, client.ObjectKey{Namespace: namespace, Name: bundle.Name}, &configMap); err != nil { return fmt.Errorf("failed to get configMap %s/%s when checking bundle sync: %w", namespace, bundle.Name, err) } gotData = configMap.Data[bundle.Spec.Target.ConfigMap.Key] - } else if bundle.Spec.Target.Secret != nil { + case bundle.Spec.Target.Secret != nil: var secret corev1.Secret if err := cl.Get(ctx, client.ObjectKey{Namespace: namespace, Name: bundle.Name}, &secret); err != nil { return fmt.Errorf("failed to get secret %s/%s when checking bundle sync: %w", namespace, bundle.Name, err) } gotData = string(secret.Data[bundle.Spec.Target.Secret.Key]) - } else { + default: return fmt.Errorf("invalid bundle spec targets: %v", bundle.Spec.Target) } From 951227e4208f67b2a8c24f555ad006d3a3ada27d Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Thu, 23 May 2024 09:44:38 +0200 Subject: [PATCH 08/21] fix ineffassign linter Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .golangci.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.golangci.yaml b/.golangci.yaml index 968b9793..dd303fef 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -13,7 +13,6 @@ issues: - gosec - unparam - wastedassign - - ineffassign - dupword text: ".*" linters: From ddfea7da729de4214cd722839c6358772320918e Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Thu, 23 May 2024 09:45:19 +0200 Subject: [PATCH 09/21] fix wastedassign linter Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .golangci.yaml | 1 - test/env/data.go | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/.golangci.yaml b/.golangci.yaml index dd303fef..0cc21cd3 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -12,7 +12,6 @@ issues: - errorlint - gosec - unparam - - wastedassign - dupword text: ".*" linters: diff --git a/test/env/data.go b/test/env/data.go index f26bc543..56727a94 100644 --- a/test/env/data.go +++ b/test/env/data.go @@ -161,7 +161,7 @@ func checkBundleSyncedInternal(ctx context.Context, cl client.Client, bundleName var bundle trustapi.Bundle Expect(cl.Get(ctx, client.ObjectKey{Name: bundleName}, &bundle)).NotTo(HaveOccurred()) - gotData := "" + var gotData string switch { case bundle.Spec.Target.ConfigMap != nil: var configMap corev1.ConfigMap From b48a6db9d9c1759261fcca4f211011275c62018b Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Thu, 23 May 2024 09:45:41 +0200 Subject: [PATCH 10/21] fix typecheck linter Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .golangci.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.golangci.yaml b/.golangci.yaml index 0cc21cd3..35a5d268 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -2,7 +2,6 @@ issues: exclude-rules: - linters: - errcheck - - typecheck - staticcheck - gosimple - contextcheck From e3d6738ea51514d762eb8c7e9bef46863199edff Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Thu, 23 May 2024 09:46:04 +0200 Subject: [PATCH 11/21] fix staticcheck linter Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .golangci.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.golangci.yaml b/.golangci.yaml index 35a5d268..8629b517 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -2,7 +2,6 @@ issues: exclude-rules: - linters: - errcheck - - staticcheck - gosimple - contextcheck - promlinter From d19a66f873f121a56280462688739d9b5b819019 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Thu, 23 May 2024 09:46:26 +0200 Subject: [PATCH 12/21] fix gosimple linter Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .golangci.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.golangci.yaml b/.golangci.yaml index 8629b517..e6fa9f64 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -2,7 +2,6 @@ issues: exclude-rules: - linters: - errcheck - - gosimple - contextcheck - promlinter - prealloc From 56a48e981d73baacf2bb8c90fa1c1ee661e0ad18 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Thu, 23 May 2024 09:46:57 +0200 Subject: [PATCH 13/21] fix prealloc linter Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .golangci.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.golangci.yaml b/.golangci.yaml index e6fa9f64..fa81605c 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -4,7 +4,6 @@ issues: - errcheck - contextcheck - promlinter - - prealloc - containedctx - errorlint - gosec From be054d8a2dd3760dc2f47d65953e5c625141218a Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Thu, 23 May 2024 09:47:45 +0200 Subject: [PATCH 14/21] fix errorlint linter Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .golangci.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.golangci.yaml b/.golangci.yaml index fa81605c..7db3e31c 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -5,7 +5,6 @@ issues: - contextcheck - promlinter - containedctx - - errorlint - gosec - unparam - dupword From 3b0c6e96545b2aaacb226d862d7c4c991c55e642 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Thu, 23 May 2024 09:50:15 +0200 Subject: [PATCH 15/21] fix gosec linter Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .golangci.yaml | 1 - pkg/bundle/bundle.go | 2 +- pkg/util/pem_test.go | 2 ++ 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.golangci.yaml b/.golangci.yaml index 7db3e31c..ff2f5291 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -5,7 +5,6 @@ issues: - contextcheck - promlinter - containedctx - - gosec - unparam - dupword text: ".*" diff --git a/pkg/bundle/bundle.go b/pkg/bundle/bundle.go index 9c950910..3825502a 100644 --- a/pkg/bundle/bundle.go +++ b/pkg/bundle/bundle.go @@ -293,7 +293,7 @@ func (b *bundle) reconcileBundle(ctx context.Context, req ctrl.Request) (result continue } - if !metav1.IsControlledBy(&target, &bundle) { + if !metav1.IsControlledBy(&target, &bundle) /* #nosec G601 -- False positive. See https://github.com/golang/go/discussions/56010 */ { targetLog.V(2).Info("skipping sync for target as it is not controlled by bundle") continue } diff --git a/pkg/util/pem_test.go b/pkg/util/pem_test.go index b0ee609b..34fda82d 100644 --- a/pkg/util/pem_test.go +++ b/pkg/util/pem_test.go @@ -205,6 +205,8 @@ gySihG5glByO5ZajFBNBIhjOF6+yfN1Bo5XjJ7bGwVIhGoRPHCtbvsnfuQ5ySz95 CFD1BItRnQM= -----END CERTIFICATE-----` +// #nosec G101 -- This is a test PK, ideally we would dynamically +// generate this pair, but this should not be a security risk. const privateKey = `-----BEGIN EC PRIVATE KEY----- MHcCAQEEIHThSpdYMjW1k4K2r8RwhIGmknKrr0XKQLOJeL2fVoxToAoGCCqGSM49 AwEHoUQDQgAEoMocv03WW/kCmyYM7CN7Ge7J5NOhJOKUYjF15NRBevWbxd8GYsvj From 11263d4910c7949fd9435c18e94d1b4188e47ebc Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Thu, 23 May 2024 09:50:46 +0200 Subject: [PATCH 16/21] fix containedctx linter Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .golangci.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.golangci.yaml b/.golangci.yaml index ff2f5291..dfee1c8f 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -4,7 +4,6 @@ issues: - errcheck - contextcheck - promlinter - - containedctx - unparam - dupword text: ".*" From 434185e117d8d3eb70191a22a5b000f49775ae35 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Thu, 23 May 2024 09:51:44 +0200 Subject: [PATCH 17/21] fix contextcheck linter Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .golangci.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.golangci.yaml b/.golangci.yaml index dfee1c8f..b43858c7 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -2,7 +2,6 @@ issues: exclude-rules: - linters: - errcheck - - contextcheck - promlinter - unparam - dupword From a0378426751376bb9c806231e84ebe3d634a5744 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Thu, 23 May 2024 09:54:17 +0200 Subject: [PATCH 18/21] fix unparam linter Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .golangci.yaml | 1 - pkg/bundle/util.go | 2 +- pkg/webhook/validation.go | 6 +++--- pkg/webhook/validation_test.go | 4 ++-- test/env/data.go | 6 +++--- 5 files changed, 9 insertions(+), 10 deletions(-) diff --git a/.golangci.yaml b/.golangci.yaml index b43858c7..9a91dd82 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -3,7 +3,6 @@ issues: - linters: - errcheck - promlinter - - unparam - dupword text: ".*" linters: diff --git a/pkg/bundle/util.go b/pkg/bundle/util.go index 403638e7..5ccfcdc9 100644 --- a/pkg/bundle/util.go +++ b/pkg/bundle/util.go @@ -51,7 +51,7 @@ func (b *bundle) setBundleCondition( existingConditions []trustapi.BundleCondition, patchConditions *[]trustapi.BundleCondition, newCondition trustapi.BundleCondition, -) trustapi.BundleCondition { +) trustapi.BundleCondition { // nolint:unparam newCondition.LastTransitionTime = metav1.Time{Time: b.clock.Now()} // Reset the LastTransitionTime if the status hasn't changed diff --git a/pkg/webhook/validation.go b/pkg/webhook/validation.go index 790c9c1c..eb837116 100644 --- a/pkg/webhook/validation.go +++ b/pkg/webhook/validation.go @@ -38,7 +38,7 @@ type validator struct { var _ admission.CustomValidator = &validator{} func (v *validator) ValidateCreate(ctx context.Context, obj runtime.Object) (admission.Warnings, error) { - return v.validate(ctx, obj) + return v.validate(obj) } func (v *validator) ValidateUpdate(ctx context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) { @@ -65,7 +65,7 @@ func (v *validator) ValidateUpdate(ctx context.Context, oldObj, newObj runtime.O el = append(el, field.Invalid(path.Child("target", "secret"), "", "target secret removal is not allowed")) return nil, el.ToAggregate() } - return v.validate(ctx, newObj) + return v.validate(newObj) } func (v *validator) ValidateDelete(ctx context.Context, obj runtime.Object) (admission.Warnings, error) { @@ -73,7 +73,7 @@ func (v *validator) ValidateDelete(ctx context.Context, obj runtime.Object) (adm return nil, nil } -func (v *validator) validate(ctx context.Context, obj runtime.Object) (admission.Warnings, error) { +func (v *validator) validate(obj runtime.Object) (admission.Warnings, error) { bundle, ok := obj.(*trustapi.Bundle) if !ok { return nil, fmt.Errorf("expected a Bundle, but got a %T", obj) diff --git a/pkg/webhook/validation_test.go b/pkg/webhook/validation_test.go index 9f26ac91..1aab0a7c 100644 --- a/pkg/webhook/validation_test.go +++ b/pkg/webhook/validation_test.go @@ -394,9 +394,9 @@ func Test_validate(t *testing.T) { for name, test := range tests { t.Run(name, func(t *testing.T) { - log, ctx := ktesting.NewTestContext(t) + log, _ := ktesting.NewTestContext(t) v := &validator{log: log} - gotWarnings, gotErr := v.validate(ctx, test.bundle) + gotWarnings, gotErr := v.validate(test.bundle) if test.expErr == nil && gotErr != nil { t.Errorf("got an unexpected error: %v", gotErr) } else if test.expErr != nil && (gotErr == nil || *test.expErr != gotErr.Error()) { diff --git a/test/env/data.go b/test/env/data.go index 56727a94..c83fe5a4 100644 --- a/test/env/data.go +++ b/test/env/data.go @@ -230,7 +230,7 @@ func CheckBundleSyncedStartsWith(ctx context.Context, cl client.Client, name str }) } -func checkBundleSyncedAllNamespacesInternal(ctx context.Context, cl client.Client, bundleName string, checker func(namespace string) error) error { +func checkBundleSyncedAllNamespacesInternal(ctx context.Context, cl client.Client, checker func(namespace string) error) error { var namespaceList corev1.NamespaceList if err := cl.List(ctx, &namespaceList); err != nil { return fmt.Errorf("failed to list namespaces: %w", err) @@ -258,14 +258,14 @@ func checkBundleSyncedAllNamespacesInternal(ctx context.Context, cl client.Clien // CheckBundleSyncedAllNamespaces calls CheckBundleSynced for all namespaces and returns an error if any of them failed func CheckBundleSyncedAllNamespaces(ctx context.Context, cl client.Client, name string, expectedData string) error { - return checkBundleSyncedAllNamespacesInternal(ctx, cl, name, func(namespace string) error { + return checkBundleSyncedAllNamespacesInternal(ctx, cl, func(namespace string) error { return CheckBundleSynced(ctx, cl, name, namespace, expectedData) }) } // CheckBundleSyncedAllNamespacesStartsWith calls CheckBundleSyncedStartsWith for all namespaces and returns an error if any of them failed func CheckBundleSyncedAllNamespacesStartsWith(ctx context.Context, cl client.Client, name string, startingData string) error { - return checkBundleSyncedAllNamespacesInternal(ctx, cl, name, func(namespace string) error { + return checkBundleSyncedAllNamespacesInternal(ctx, cl, func(namespace string) error { return CheckBundleSyncedStartsWith(ctx, cl, name, namespace, startingData) }) } From 7b99dda4558fe3a0cb1eec16275c786f53f4b159 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Thu, 23 May 2024 09:55:44 +0200 Subject: [PATCH 19/21] fix errcheck linter Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .golangci.yaml | 1 - cmd/trust-manager/app/app.go | 10 +++++++--- pkg/webhook/webhook.go | 9 +++++---- 3 files changed, 12 insertions(+), 8 deletions(-) diff --git a/.golangci.yaml b/.golangci.yaml index 9a91dd82..97c197d2 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -1,7 +1,6 @@ issues: exclude-rules: - linters: - - errcheck - promlinter - dupword text: ".*" diff --git a/cmd/trust-manager/app/app.go b/cmd/trust-manager/app/app.go index e9567ecd..711e0b1d 100644 --- a/cmd/trust-manager/app/app.go +++ b/cmd/trust-manager/app/app.go @@ -140,12 +140,14 @@ func NewCommand() *cobra.Command { } // Add readiness check that the manager's informers have been synced. - mgr.AddReadyzCheck("informers_synced", func(req *http.Request) error { + if err := mgr.AddReadyzCheck("informers_synced", func(req *http.Request) error { if mgr.GetCache().WaitForCacheSync(req.Context()) { return nil } return errors.New("informers not synced") - }) + }); err != nil { + return fmt.Errorf("failed to add readiness check: %w", err) + } ctx := ctrl.SetupSignalHandler() @@ -155,7 +157,9 @@ func NewCommand() *cobra.Command { } // Register webhook handlers with manager. - webhook.Register(mgr, webhook.Options{Log: opts.Logr.WithName("webhook")}) + if err := webhook.Register(mgr, webhook.Options{Log: opts.Logr.WithName("webhook")}); err != nil { + return fmt.Errorf("failed to register webhook: %w", err) + } // Start all runnables and controller return mgr.Start(ctx) diff --git a/pkg/webhook/webhook.go b/pkg/webhook/webhook.go index 242f86c9..1a065461 100644 --- a/pkg/webhook/webhook.go +++ b/pkg/webhook/webhook.go @@ -35,13 +35,14 @@ type Options struct { func Register(mgr manager.Manager, opts Options) error { opts.Log.Info("registering webhook endpoints") validator := &validator{log: opts.Log.WithName("validation")} - err := builder.WebhookManagedBy(mgr). + if err := builder.WebhookManagedBy(mgr). For(&trustapi.Bundle{}). WithValidator(validator). - Complete() - if err != nil { + Complete(); err != nil { return fmt.Errorf("error registering webhook: %v", err) } - mgr.AddReadyzCheck("validator", mgr.GetWebhookServer().StartedChecker()) + if err := mgr.AddReadyzCheck("validator", mgr.GetWebhookServer().StartedChecker()); err != nil { + return fmt.Errorf("error adding ready check: %v", err) + } return nil } From 5a82d258506be064a945e25269e812103921a835 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Thu, 23 May 2024 09:56:14 +0200 Subject: [PATCH 20/21] fix promlinter linter Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .golangci.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.golangci.yaml b/.golangci.yaml index 97c197d2..6b8dcb1e 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -1,7 +1,6 @@ issues: exclude-rules: - linters: - - promlinter - dupword text: ".*" linters: From 91fe50f2d85511df830de92d83deb72f1b395a8f Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Thu, 23 May 2024 09:57:57 +0200 Subject: [PATCH 21/21] fix dupword linter Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .golangci.yaml | 5 ----- test/dummy/certificates.go | 1 + 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/.golangci.yaml b/.golangci.yaml index 6b8dcb1e..d7519e35 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -1,8 +1,3 @@ -issues: - exclude-rules: - - linters: - - dupword - text: ".*" linters: # Explicitly define all enabled linters disable-all: true diff --git a/test/dummy/certificates.go b/test/dummy/certificates.go index 06a295da..30fc7d60 100644 --- a/test/dummy/certificates.go +++ b/test/dummy/certificates.go @@ -78,6 +78,7 @@ MEUCIQCeN2/Z7jSJJK7m7kcZ/UgJIqbzKS1ktycUQ50+dhqNogIgaTYRjIxZFJ3u VhGzjAqH8YyuEObapwh4bTZkapwoDZQ= -----END CERTIFICATE-----` + // nolint: dupword // NB: TestCertificate2 is expected to have the following properties: // 1. Same Subject as TestCertificate1 // 2. Self signed (issuer == subject)