diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 000000000..b1b78acd1 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,29 @@ +root = true + +[*] +charset = utf-8 +end_of_line = lf +insert_final_newline = true +trim_trailing_whitespace = true + +# Go +# https://golang.org/cmd/gofmt/ +[{go.mod,*.go}] +indent_style = tab + +# Shell +# https://google.github.io/styleguide/shell.xml#Indentation +[*.{bash,sh,zsh}] +indent_size = 2 +indent_style = space + +# GNU make +# https://www.gnu.org/software/make/manual/html_node/Recipe-Syntax.html +[Makefile] +indent_style = tab + +# YAML +# http://yaml.org/spec/1.2/2009-07-21/spec.html#id2576668 +[*.{yaml,yml}] +indent_size = 2 +indent_style = space diff --git a/.github/workflows/all.yml b/.github/workflows/all.yml index b684a4b26..c09d531ca 100644 --- a/.github/workflows/all.yml +++ b/.github/workflows/all.yml @@ -2,7 +2,7 @@ name: all-ci on: push: - branches: + branches: - '*' # matches every branch that doesn't contain a '/' - '*/*' # matches every branch containing a single '/' - '**' # matches every branch @@ -10,14 +10,14 @@ on: pull_request: branches: [ '!main' ] -env: +env: KUBEBUILDER_VERSION: 2.3.1 jobs: build: name: Build - container: + container: image: golang:1.15 runs-on: ubuntu-latest @@ -25,22 +25,28 @@ jobs: - name: Check out code into the Go module directory uses: actions/checkout@v2 - - name: Get dependencies - run: | - go get -v -t -d ./... - + - name: Set up Go + uses: actions/setup-go@v2 + with: + go-version: '~1.15' + - name: Add kubebuilder run: | curl -L https://github.com/kubernetes-sigs/kubebuilder/releases/download/v${{env.KUBEBUILDER_VERSION}}/kubebuilder_${{env.KUBEBUILDER_VERSION}}_linux_amd64.tar.gz > kubebuilder_${{env.KUBEBUILDER_VERSION}}_linux_amd64.tar.gz tar -xvf kubebuilder_${{env.KUBEBUILDER_VERSION}}_linux_amd64.tar.gz mv kubebuilder_${{env.KUBEBUILDER_VERSION}}_linux_amd64 /usr/local/kubebuilder - - name: Vet and Build - run: make manager + - name: Lint + run: | + make lint-install + make lint + + - name: Build + run: make build test: name: Test - container: + container: image: golang:1.15 runs-on: ubuntu-latest @@ -48,10 +54,11 @@ jobs: - name: Check out code into the Go module directory uses: actions/checkout@v2 - - name: Get dependencies - run: | - go get -v -t -d ./... - + - name: Set up Go + uses: actions/setup-go@v2 + with: + go-version: '~1.15' + - name: Add kubebuilder run: | curl -L https://github.com/kubernetes-sigs/kubebuilder/releases/download/v${{env.KUBEBUILDER_VERSION}}/kubebuilder_${{env.KUBEBUILDER_VERSION}}_linux_amd64.tar.gz > kubebuilder_${{env.KUBEBUILDER_VERSION}}_linux_amd64.tar.gz @@ -71,4 +78,4 @@ jobs: file: ./cover.out # flags: unittests # optional name: external-secrets - fail_ci_if_error: false \ No newline at end of file + fail_ci_if_error: false diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index ac88fc34b..41fac71ca 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -8,14 +8,14 @@ on: pull_request: branches: [ main ] -env: +env: KUBEBUILDER_VERSION: 2.3.1 jobs: build: name: Build - container: + container: image: golang:1.15 runs-on: ubuntu-latest @@ -23,22 +23,28 @@ jobs: - name: Check out code into the Go module directory uses: actions/checkout@v2 - - name: Get dependencies - run: | - go get -v -t -d ./... - + - name: Set up Go + uses: actions/setup-go@v2 + with: + go-version: '~1.15' + - name: Add kubebuilder run: | curl -L https://github.com/kubernetes-sigs/kubebuilder/releases/download/v${{env.KUBEBUILDER_VERSION}}/kubebuilder_${{env.KUBEBUILDER_VERSION}}_linux_amd64.tar.gz > kubebuilder_${{env.KUBEBUILDER_VERSION}}_linux_amd64.tar.gz tar -xvf kubebuilder_${{env.KUBEBUILDER_VERSION}}_linux_amd64.tar.gz mv kubebuilder_${{env.KUBEBUILDER_VERSION}}_linux_amd64 /usr/local/kubebuilder - - name: Vet and Build - run: make manager + - name: Lint + run: | + make lint-install + make lint + + - name: Build + run: make build test: name: Test - container: + container: image: golang:1.15 runs-on: ubuntu-latest @@ -46,10 +52,11 @@ jobs: - name: Check out code into the Go module directory uses: actions/checkout@v2 - - name: Get dependencies - run: | - go get -v -t -d ./... - + - name: Set up Go + uses: actions/setup-go@v2 + with: + go-version: '~1.15' + - name: Add kubebuilder run: | curl -L https://github.com/kubernetes-sigs/kubebuilder/releases/download/v${{env.KUBEBUILDER_VERSION}}/kubebuilder_${{env.KUBEBUILDER_VERSION}}_linux_amd64.tar.gz > kubebuilder_${{env.KUBEBUILDER_VERSION}}_linux_amd64.tar.gz @@ -66,7 +73,7 @@ jobs: file: ./cover.out # flags: unittests # optional name: external-secrets - fail_ci_if_error: true + fail_ci_if_error: true docker: name: Docker @@ -111,7 +118,7 @@ jobs: - name: Check out the repo uses: actions/checkout@v2 - + - name: Set up QEMU id: qemu uses: docker/setup-qemu-action@v1 @@ -121,7 +128,7 @@ jobs: - name: Set up Docker Buildx id: buildx uses: docker/setup-buildx-action@v1 - + - name: Login to Github Packages id: docker-login uses: docker/login-action@v1 @@ -145,6 +152,6 @@ jobs: org.opencontainers.image.source=${{ steps.prep.outputs.repo_url }} org.opencontainers.image.created=${{ steps.prep.outputs.created }} org.opencontainers.image.revision=${{ github.sha }} - + - name: Image digest - run: echo ${{ steps.docker_build.outputs.digest }} \ No newline at end of file + run: echo ${{ steps.docker_build.outputs.digest }} diff --git a/.gitignore b/.gitignore index f40563154..eb7ef50af 100644 --- a/.gitignore +++ b/.gitignore @@ -23,4 +23,4 @@ bin *~ # Code test output -cover.out \ No newline at end of file +cover.out diff --git a/.golangci.yaml b/.golangci.yaml new file mode 100644 index 000000000..f3bbdf103 --- /dev/null +++ b/.golangci.yaml @@ -0,0 +1,89 @@ +run: + timeout: 5m + +linters-settings: + gci: + local-prefixes: github.com/external-secrets/external-secrets + goconst: + min-len: 3 + min-occurrences: 3 + gocritic: + enabled-tags: + - diagnostic + - experimental + - opinionated + - performance + - style + disabled-checks: + - dupImport + - ifElseChain + - octalLiteral + - whyNoLint + - wrapperFunc + - importShadow + - unnamedResult + - unnecessaryBlock + settings: + rangeValCopy: + sizeThreshold: 512 + hugeParam: + sizeThreshold: 512 + gocyclo: + min-complexity: 16 + golint: + min-confidence: 0 + govet: + check-shadowing: false + lll: + line-length: 300 + maligned: + suggest-new: true + misspell: + locale: US + +linters: + disable-all: true + enable: + - asciicheck + - bodyclose + - deadcode + - depguard + - dogsled + - dupl + - errcheck + - errorlint + - exhaustive + - exportloopref + - gci + - goconst + - gocritic + - godot + - gofmt + - golint + - goprintffuncname + - gosec + - gosimple + - govet + - ineffassign + - interfacer + - lll + - maligned + - misspell + - nakedret + - nolintlint + - prealloc + - rowserrcheck + - scopelint + - sqlclosecheck + - staticcheck + - structcheck + - stylecheck + - typecheck + - unconvert + - unparam + - unused + - varcheck + - whitespace + +service: + golangci-lint-version: 1.33.x diff --git a/Makefile b/Makefile index df6e7ad3d..403b86e98 100644 --- a/Makefile +++ b/Makefile @@ -1,3 +1,7 @@ +MAKEFLAGS += --warn-undefined-variables +SHELL := /bin/bash +.SHELLFLAGS := -euo pipefail -c +.DEFAULT_GOAL := all # Image URL to use all building/pushing image targets IMG ?= controller:latest @@ -11,18 +15,18 @@ else GOBIN=$(shell go env GOBIN) endif -all: manager +all: build -# Run tests -test: generate fmt vet manifests +.PHONY: test +test: generate manifests ## Run tests go test ./... -coverprofile cover.out -# Build manager binary -manager: generate fmt vet +.PHONY: build +build: generate fmt ## Build binary go build -o bin/manager main.go # Run against the configured Kubernetes cluster in ~/.kube/config -run: generate fmt vet manifests +run: generate fmt manifests go run ./main.go # Install CRDs into a cluster @@ -33,33 +37,44 @@ install: manifests uninstall: manifests kustomize build config/crd | kubectl delete -f - -# Deploy controller in the configured Kubernetes cluster in ~/.kube/config -deploy: manifests +.PHONY: deploy +deploy: manifests ## Deploy controller in the Kubernetes cluster of current context cd config/manager && kustomize edit set image controller=${IMG} kustomize build config/default | kubectl apply -f - -# Generate manifests e.g. CRD, RBAC etc. -manifests: controller-gen +manifests: controller-gen ## Generate manifests e.g. CRD, RBAC etc. $(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases -# Run go fmt against code -fmt: +lint/check: # Check install of golanci-lint + @if ! golangci-lint --version > /dev/null 2>&1; then \ + echo -e "\033[0;33mgolangci-lint is not installed: run \`\033[0;32mmake lint-install\033[0m\033[0;33m\` or install it from https://golangci-lint.run\033[0m"; \ + exit 1; \ + fi + +lint-install: # installs golangci-lint to the go bin dir + @if ! golangci-lint --version > /dev/null 2>&1; then \ + echo "Installing golangci-lint"; \ + curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s -- -b $(GOBIN) v1.33.0; \ + fi + +lint: lint/check ## run golangci-lint + @if ! golangci-lint run; then \ + echo -e "\033[0;33mgolangci-lint failed: some checks can be fixed with \`\033[0;32mmake fmt\033[0m\033[0;33m\`\033[0m"; \ + exit 1; \ + fi + +fmt: lint/check ## ensure consistent code style + go mod tidy go fmt ./... + golangci-lint run --fix > /dev/null 2>&1 || true -# Run go vet against code -vet: - go vet ./... - -# Generate code -generate: controller-gen +generate: controller-gen ## Generate code $(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..." -# Build the docker image -docker-build: test +docker-build: test ## Build the docker image docker build . -t ${IMG} -# Push the docker image -docker-push: +docker-push: ## Push the docker image docker push ${IMG} # find or download controller-gen @@ -78,3 +93,8 @@ CONTROLLER_GEN=$(GOBIN)/controller-gen else CONTROLLER_GEN=$(shell which controller-gen) endif + +help: ## displays this help message + @awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_\/-]+:.*?## / {printf "\033[34m%-18s\033[0m %s\n", $$1, $$2}' $(MAKEFILE_LIST) | \ + sort | \ + grep -v '#' diff --git a/api/v1alpha1/externalsecret_types.go b/api/v1alpha1/externalsecret_types.go index 261af31a1..076aaee01 100644 --- a/api/v1alpha1/externalsecret_types.go +++ b/api/v1alpha1/externalsecret_types.go @@ -19,7 +19,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) -// SecretStoreRef defines which SecretStore to fetch the ExternalSecret data +// SecretStoreRef defines which SecretStore to fetch the ExternalSecret data. type SecretStoreRef struct { // Name of the SecretStore resource Name string `json:"name"` @@ -30,21 +30,21 @@ type SecretStoreRef struct { Kind string `json:"kind,omitempty"` } -// ExternalSecretCreationPolicy defines rules on how to create the resulting Secret +// ExternalSecretCreationPolicy defines rules on how to create the resulting Secret. type ExternalSecretCreationPolicy string const ( - // Owner creates the Secret and sets .metadata.ownerReferences to the ExternalSecret resource + // Owner creates the Secret and sets .metadata.ownerReferences to the ExternalSecret resource. Owner ExternalSecretCreationPolicy = "Owner" - // Merge does not create the Secret, but merges the data fields to the Secret + // Merge does not create the Secret, but merges the data fields to the Secret. Merge ExternalSecretCreationPolicy = "Merge" - // None does not create a Secret (future use with injector) + // None does not create a Secret (future use with injector). None ExternalSecretCreationPolicy = "None" ) -// ExternalSecretTemplateMetadata defines metadata fields for the Secret blueprint +// ExternalSecretTemplateMetadata defines metadata fields for the Secret blueprint. type ExternalSecretTemplateMetadata struct { // +optional Annotations map[string]string `json:"annotations,omitempty"` @@ -53,7 +53,7 @@ type ExternalSecretTemplateMetadata struct { Labels map[string]string `json:"labels,omitempty"` } -// ExternalSecretTemplate defines a blueprint for the created Secret resource +// ExternalSecretTemplate defines a blueprint for the created Secret resource. type ExternalSecretTemplate struct { // +optional Type corev1.SecretType `json:"type,omitempty"` @@ -63,7 +63,7 @@ type ExternalSecretTemplate struct { } // ExternalSecretTarget defines the Kubernetes Secret to be created -// There can be only one target per ExternalSecret +// There can be only one target per ExternalSecret. type ExternalSecretTarget struct { // Name defines the name of the Secret resource to be managed // This field is immutable @@ -77,14 +77,14 @@ type ExternalSecretTarget struct { CreationPolicy ExternalSecretCreationPolicy `json:"creationPolicy,omitempty"` } -// ExternalSecretData defines the connection between the Kubernetes Secret key (spec.data.) and the Provider data +// ExternalSecretData defines the connection between the Kubernetes Secret key (spec.data.) and the Provider data. type ExternalSecretData struct { SecretKey string `json:"secretKey"` RemoteRef ExternalSecretDataRemoteRef `json:"remoteRef"` } -// ExternalSecretDataRemoteRef defines Provider data location +// ExternalSecretDataRemoteRef defines Provider data location. type ExternalSecretDataRemoteRef struct { // Key is the key used in the Provider, mandatory Key string `json:"key"` @@ -98,7 +98,7 @@ type ExternalSecretDataRemoteRef struct { Property string `json:"property,omitempty"` } -// ExternalSecretSpec defines the desired state of ExternalSecret +// ExternalSecretSpec defines the desired state of ExternalSecret. type ExternalSecretSpec struct { SecretStoreRef SecretStoreRef `json:"secretStoreRef"` @@ -121,23 +121,23 @@ type ExternalSecretSpec struct { DataFrom []ExternalSecretDataRemoteRef `json:"dataFrom,omitempty"` } -// ExternalSecretStatusPhase represents the current phase of the Secret sync +// ExternalSecretStatusPhase represents the current phase of the Secret sync. type ExternalSecretStatusPhase string const ( - // ExternalSecret created, controller did not yet sync the ExternalSecret or other dependencies are missing (e.g. secret store or configmap template) + // ExternalSecret created, controller did not yet sync the ExternalSecret or other dependencies are missing (e.g. secret store or configmap template). ExternalSecretPending ExternalSecretStatusPhase = "Pending" - // ExternalSecret is being actively synced according to spec + // ExternalSecret is being actively synced according to spec. ExternalSecretSyncing ExternalSecretStatusPhase = "Syncing" - // ExternalSecret can not be synced, this might require user intervention + // ExternalSecret can not be synced, this might require user intervention. ExternalSecretFailing ExternalSecretStatusPhase = "Failing" - // ExternalSecret can not be synced right now and will not able to + // ExternalSecret can not be synced right now and will not able to. ExternalSecretFailed ExternalSecretStatusPhase = "Failed" - // ExternalSecret was synced successfully (one-time use only) + // ExternalSecret was synced successfully (one-time use only). ExternalSecretCompleted ExternalSecretStatusPhase = "Completed" ) @@ -174,7 +174,7 @@ type ExternalSecretStatus struct { // +kubebuilder:object:root=true -// ExternalSecret is the Schema for the externalsecrets API +// ExternalSecret is the Schema for the externalsecrets API. type ExternalSecret struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -185,7 +185,7 @@ type ExternalSecret struct { // +kubebuilder:object:root=true -// ExternalSecretList contains a list of ExternalSecret +// ExternalSecretList contains a list of ExternalSecret. type ExternalSecretList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` diff --git a/api/v1alpha1/generic_store.go b/api/v1alpha1/generic_store.go index 6b01ba7e8..85d833aa8 100644 --- a/api/v1alpha1/generic_store.go +++ b/api/v1alpha1/generic_store.go @@ -25,7 +25,7 @@ import ( // +k8s:deepcopy-gen=nil // GenericStore is a common interface for interacting with ClusterSecretStore -// or a namespaced SecretStore +// or a namespaced SecretStore. type GenericStore interface { runtime.Object metav1.Object @@ -36,12 +36,12 @@ type GenericStore interface { // +kubebuilder:object:generate:false var _ GenericStore = &SecretStore{} -// GetProvider returns the underlying provider +// GetProvider returns the underlying provider. func (c *SecretStore) GetProvider() *SecretStoreProvider { return c.Spec.Provider } -// Copy returns a DeepCopy of the Store +// Copy returns a DeepCopy of the Store. func (c *SecretStore) Copy() GenericStore { return c.DeepCopy() } diff --git a/api/v1alpha1/groupversion_info.go b/api/v1alpha1/groupversion_info.go index e5ef795f0..90f82e5f2 100644 --- a/api/v1alpha1/groupversion_info.go +++ b/api/v1alpha1/groupversion_info.go @@ -25,10 +25,10 @@ import ( ) var ( - // GroupVersion is group version used to register these objects + // GroupVersion is group version used to register these objects. GroupVersion = schema.GroupVersion{Group: "external-secrets.io", Version: "v1alpha1"} - // SchemeBuilder is used to add go types to the GroupVersionKind scheme + // SchemeBuilder is used to add go types to the GroupVersionKind scheme. SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} // AddToScheme adds the types in this group-version to the given scheme. diff --git a/api/v1alpha1/meta_types.go b/api/v1alpha1/meta_types.go index 422f8092e..4e8bfbc6a 100644 --- a/api/v1alpha1/meta_types.go +++ b/api/v1alpha1/meta_types.go @@ -14,7 +14,7 @@ limitations under the License. package v1alpha1 -// Refers to a Secret in Kubernetes +// Refers to a Secret in Kubernetes. type SecretKeySelector struct { Name string `json:"name"` Key string `json:"key"` diff --git a/api/v1alpha1/secretstore_awssm_types.go b/api/v1alpha1/secretstore_awssm_types.go index b0deaf1c3..6c526e8f5 100644 --- a/api/v1alpha1/secretstore_awssm_types.go +++ b/api/v1alpha1/secretstore_awssm_types.go @@ -28,7 +28,7 @@ type AWSSMAuthSecretRef struct { SecretAccessKey SecretKeySelector `json:"secretAccessKeySecretRef,omitempty"` } -// Configures a store to sync secrets using the AWS Secret Manager provider +// Configures a store to sync secrets using the AWS Secret Manager provider. type AWSSMProvider struct { // Auth defines the information necessary to authenticate against AWS Auth AWSSMAuth `json:"auth"` diff --git a/api/v1alpha1/secretstore_types.go b/api/v1alpha1/secretstore_types.go index 5204c0957..22d6b08d8 100644 --- a/api/v1alpha1/secretstore_types.go +++ b/api/v1alpha1/secretstore_types.go @@ -27,7 +27,7 @@ const ( Vault StoreProvider = "VAULT" ) -// SecretStoreSpec defines the desired state of SecretStore +// SecretStoreSpec defines the desired state of SecretStore. type SecretStoreSpec struct { // Used to select the correct KES controller (think: ingress.ingressClassName) // The KES controller is instantiated with a specific controller name and filters ES based on this property @@ -38,7 +38,7 @@ type SecretStoreSpec struct { Provider *SecretStoreProvider `json:"provider"` } -// SecretStoreProvider contains the provider-specific configration +// SecretStoreProvider contains the provider-specific configration. // +kubebuilder:validation:MinProperties=1 // +kubebuilder:validation:MaxProperties=1 type SecretStoreProvider struct { @@ -50,10 +50,10 @@ type SecretStoreProvider struct { type SecretStoreStatusPhase string const ( - // E.g. referenced Secret containing credentials is missing + // E.g. referenced Secret containing credentials is missing. SecretStorePending SecretStoreStatusPhase = "Pending" - // All dependencies are met, sync + // All dependencies are met, sync. SecretStoreRunning SecretStoreStatusPhase = "Running" ) @@ -77,7 +77,7 @@ type SecretStoreStatusCondition struct { LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"` } -// SecretStoreStatus defines the observed state of the SecretStore +// SecretStoreStatus defines the observed state of the SecretStore. type SecretStoreStatus struct { // +optional Phase SecretStoreStatusPhase `json:"phase"` @@ -88,7 +88,7 @@ type SecretStoreStatus struct { // +kubebuilder:object:root=true -// SecretStore is the Schema for the secretstores API +// SecretStore is the Schema for the secretstores API. type SecretStore struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -99,7 +99,7 @@ type SecretStore struct { // +kubebuilder:object:root=true -// SecretStoreList contains a list of SecretStore +// SecretStoreList contains a list of SecretStore. type SecretStoreList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` diff --git a/config/crd/bases/external-secrets.io_externalsecrets.yaml b/config/crd/bases/external-secrets.io_externalsecrets.yaml index 420437b7e..926af685c 100644 --- a/config/crd/bases/external-secrets.io_externalsecrets.yaml +++ b/config/crd/bases/external-secrets.io_externalsecrets.yaml @@ -19,7 +19,7 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: ExternalSecret is the Schema for the externalsecrets API + description: ExternalSecret is the Schema for the externalsecrets API. properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation @@ -34,18 +34,18 @@ spec: metadata: type: object spec: - description: ExternalSecretSpec defines the desired state of ExternalSecret + description: ExternalSecretSpec defines the desired state of ExternalSecret. properties: data: description: Data defines the connection between the Kubernetes Secret keys and the Provider data items: description: ExternalSecretData defines the connection between the - Kubernetes Secret key (spec.data.) and the Provider data + Kubernetes Secret key (spec.data.) and the Provider data. properties: remoteRef: description: ExternalSecretDataRemoteRef defines Provider data - location + location. properties: key: description: Key is the key used in the Provider, mandatory @@ -73,7 +73,7 @@ spec: Provider data If multiple entries are specified, the Secret keys are merged in the specified order items: - description: ExternalSecretDataRemoteRef defines Provider data location + description: ExternalSecretDataRemoteRef defines Provider data location. properties: key: description: Key is the key used in the Provider, mandatory @@ -99,7 +99,7 @@ spec: type: string secretStoreRef: description: SecretStoreRef defines which SecretStore to fetch the - ExternalSecret data + ExternalSecret data. properties: kind: description: Kind of the SecretStore resource (SecretStore or @@ -113,7 +113,7 @@ spec: type: object target: description: ExternalSecretTarget defines the Kubernetes Secret to - be created There can be only one target per ExternalSecret + be created There can be only one target per ExternalSecret. properties: creationPolicy: description: CreationPolicy defines rules on how to create the @@ -155,7 +155,7 @@ spec: type: array phase: description: ExternalSecretStatusPhase represents the current phase - of the Secret sync + of the Secret sync. type: string type: object type: object diff --git a/config/crd/bases/external-secrets.io_secretstores.yaml b/config/crd/bases/external-secrets.io_secretstores.yaml index f8aba4ae4..24daa26fa 100644 --- a/config/crd/bases/external-secrets.io_secretstores.yaml +++ b/config/crd/bases/external-secrets.io_secretstores.yaml @@ -19,7 +19,7 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: SecretStore is the Schema for the secretstores API + description: SecretStore is the Schema for the secretstores API. properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation @@ -34,7 +34,7 @@ spec: metadata: type: object spec: - description: SecretStoreSpec defines the desired state of SecretStore + description: SecretStoreSpec defines the desired state of SecretStore. properties: controller: description: 'Used to select the correct KES controller (think: ingress.ingressClassName) @@ -103,7 +103,7 @@ spec: - provider type: object status: - description: SecretStoreStatus defines the observed state of the SecretStore + description: SecretStoreStatus defines the observed state of the SecretStore. properties: conditions: items: diff --git a/controllers/externalsecret_controller.go b/controllers/externalsecret_controller.go index 9b9bc16cb..beaefd4ce 100644 --- a/controllers/externalsecret_controller.go +++ b/controllers/externalsecret_controller.go @@ -25,7 +25,7 @@ import ( externalsecretsv1alpha1 "github.com/external-secrets/external-secrets/api/v1alpha1" ) -// ExternalSecretReconciler reconciles a ExternalSecret object +// ExternalSecretReconciler reconciles a ExternalSecret object. type ExternalSecretReconciler struct { client.Client Log logr.Logger diff --git a/controllers/secretstore_controller.go b/controllers/secretstore_controller.go index bee1eb516..58033ab3c 100644 --- a/controllers/secretstore_controller.go +++ b/controllers/secretstore_controller.go @@ -25,7 +25,7 @@ import ( externalsecretsv1alpha1 "github.com/external-secrets/external-secrets/api/v1alpha1" ) -// SecretStoreReconciler reconciles a SecretStore object +// SecretStoreReconciler reconciles a SecretStore object. type SecretStoreReconciler struct { client.Client Log logr.Logger diff --git a/controllers/suite_test.go b/controllers/suite_test.go index 550f54691..38c8ea3ea 100644 --- a/controllers/suite_test.go +++ b/controllers/suite_test.go @@ -29,7 +29,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/log/zap" externalsecretsv1alpha1 "github.com/external-secrets/external-secrets/api/v1alpha1" - // +kubebuilder:scaffold:imports ) // These tests use Ginkgo (BDD-style Go testing framework). Refer to diff --git a/main.go b/main.go index 4d02fd5d4..f52a49e2e 100644 --- a/main.go +++ b/main.go @@ -24,9 +24,9 @@ import ( ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/log/zap" + // +kubebuilder:scaffold:imports externalsecretsv1alpha1 "github.com/external-secrets/external-secrets/api/v1alpha1" "github.com/external-secrets/external-secrets/controllers" - // +kubebuilder:scaffold:imports ) var ( diff --git a/pkg/provider/aws/secretsmanager/secretsmanager.go b/pkg/provider/aws/secretsmanager/secretsmanager.go index 2fa119930..698129074 100644 --- a/pkg/provider/aws/secretsmanager/secretsmanager.go +++ b/pkg/provider/aws/secretsmanager/secretsmanager.go @@ -16,26 +16,27 @@ package secretsmanager import ( "context" + "sigs.k8s.io/controller-runtime/pkg/client" + esv1alpha1 "github.com/external-secrets/external-secrets/api/v1alpha1" "github.com/external-secrets/external-secrets/pkg/provider" "github.com/external-secrets/external-secrets/pkg/provider/schema" - "sigs.k8s.io/controller-runtime/pkg/client" ) -// SecretsManager is a provider for AWS SecretsManager +// SecretsManager is a provider for AWS SecretsManager. type SecretsManager struct{} -// New constructs a SecretsManager Provider +// New constructs a SecretsManager Provider. func (sm *SecretsManager) New(ctx context.Context, store esv1alpha1.SecretStoreProvider, kube client.Client, namespace string) (provider.Provider, error) { return sm, nil // stub } -// GetSecret returns a single secret from the provider +// GetSecret returns a single secret from the provider. func (sm *SecretsManager) GetSecret(ctx context.Context, ref esv1alpha1.ExternalSecretDataRemoteRef) ([]byte, error) { return []byte("NOOP"), nil } -// GetSecretMap returns multiple k/v pairs from the provider +// GetSecretMap returns multiple k/v pairs from the provider. func (sm *SecretsManager) GetSecretMap(ctx context.Context, ref esv1alpha1.ExternalSecretDataRemoteRef) (map[string][]byte, error) { return map[string][]byte{ "noop": []byte("NOOP"), diff --git a/pkg/provider/fake/fake.go b/pkg/provider/fake/fake.go index 46023aed9..0a3889b1b 100644 --- a/pkg/provider/fake/fake.go +++ b/pkg/provider/fake/fake.go @@ -17,16 +17,16 @@ package fake import ( "context" + "sigs.k8s.io/controller-runtime/pkg/client" + esv1alpha1 "github.com/external-secrets/external-secrets/api/v1alpha1" "github.com/external-secrets/external-secrets/pkg/provider" "github.com/external-secrets/external-secrets/pkg/provider/schema" - - "sigs.k8s.io/controller-runtime/pkg/client" ) var _ provider.Provider = &Client{} -// Client is a fake client for testing +// Client is a fake client for testing. type Client struct { NewFn func(context.Context, esv1alpha1.SecretStoreProvider, client.Client, string) (provider.Provider, error) @@ -34,7 +34,7 @@ type Client struct { GetSecretMapFn func(context.Context, esv1alpha1.ExternalSecretDataRemoteRef) (map[string][]byte, error) } -// New returns a fake client +// New returns a fake client. func New() *Client { v := &Client{ GetSecretFn: func(context.Context, esv1alpha1.ExternalSecretDataRemoteRef) ([]byte, error) { @@ -52,17 +52,17 @@ func New() *Client { return v } -// RegisterAs registers the fake client in the schema +// RegisterAs registers the fake client in the schema. func (v *Client) RegisterAs(provider *esv1alpha1.SecretStoreProvider) { schema.ForceRegister(v, provider) } -// GetSecret implements the provider.Provider interface +// GetSecret implements the provider.Provider interface. func (v *Client) GetSecret(ctx context.Context, ref esv1alpha1.ExternalSecretDataRemoteRef) ([]byte, error) { return v.GetSecretFn(ctx, ref) } -// WithGetSecret wraps secret data returned by this provider +// WithGetSecret wraps secret data returned by this provider. func (v *Client) WithGetSecret(secData []byte, err error) *Client { v.GetSecretFn = func(context.Context, esv1alpha1.ExternalSecretDataRemoteRef) ([]byte, error) { return secData, err @@ -70,12 +70,12 @@ func (v *Client) WithGetSecret(secData []byte, err error) *Client { return v } -// GetSecretMap imeplements the provider.Provider interface +// GetSecretMap imeplements the provider.Provider interface. func (v *Client) GetSecretMap(ctx context.Context, ref esv1alpha1.ExternalSecretDataRemoteRef) (map[string][]byte, error) { return v.GetSecretMapFn(ctx, ref) } -// WithGetSecretMap wraps the secret data map returned by this fake provider +// WithGetSecretMap wraps the secret data map returned by this fake provider. func (v *Client) WithGetSecretMap(secData map[string][]byte, err error) *Client { v.GetSecretMapFn = func(context.Context, esv1alpha1.ExternalSecretDataRemoteRef) (map[string][]byte, error) { return secData, err @@ -83,14 +83,14 @@ func (v *Client) WithGetSecretMap(secData map[string][]byte, err error) *Client return v } -// WithNew wraps the fake provider factory function +// WithNew wraps the fake provider factory function. func (v *Client) WithNew(f func(context.Context, esv1alpha1.SecretStoreProvider, client.Client, string) (provider.Provider, error)) *Client { v.NewFn = f return v } -// New returns a new fake provider +// New returns a new fake provider. func (v *Client) New(ctx context.Context, store esv1alpha1.SecretStoreProvider, kube client.Client, namespace string) (provider.Provider, error) { client, err := v.NewFn(ctx, store, kube, namespace) if err != nil { diff --git a/pkg/provider/provider.go b/pkg/provider/provider.go index aedff83d5..0e3264c24 100644 --- a/pkg/provider/provider.go +++ b/pkg/provider/provider.go @@ -17,12 +17,12 @@ package provider import ( "context" - esv1alpha1 "github.com/external-secrets/external-secrets/api/v1alpha1" - "sigs.k8s.io/controller-runtime/pkg/client" + + esv1alpha1 "github.com/external-secrets/external-secrets/api/v1alpha1" ) -// Provider is a common interface for interacting with secret backends +// Provider is a common interface for interacting with secret backends. type Provider interface { // New constructs a SecretsManager Provider New(ctx context.Context, store esv1alpha1.SecretStoreProvider, kube client.Client, namespace string) (Provider, error) diff --git a/pkg/provider/register/register.go b/pkg/provider/register/register.go index df3e0f06e..b3c780ca6 100644 --- a/pkg/provider/register/register.go +++ b/pkg/provider/register/register.go @@ -14,8 +14,9 @@ limitations under the License. package register -// packages imported here are registered to the controller schema +// packages imported here are registered to the controller schema. import ( - // register awssm provider + + // register awssm provider. _ "github.com/external-secrets/external-secrets/pkg/provider/aws/secretsmanager" ) diff --git a/pkg/provider/schema/schema.go b/pkg/provider/schema/schema.go index 052ae52fb..3978a892c 100644 --- a/pkg/provider/schema/schema.go +++ b/pkg/provider/schema/schema.go @@ -31,7 +31,7 @@ func init() { } // Register a store backend type. Register panics if a -// backend with the same store is already registered +// backend with the same store is already registered. func Register(s provider.Provider, storeSpec *esv1alpha1.SecretStoreProvider) { storeName, err := getProviderName(storeSpec) if err != nil { @@ -49,7 +49,7 @@ func Register(s provider.Provider, storeSpec *esv1alpha1.SecretStoreProvider) { } // ForceRegister adds to store schema, overwriting a store if -// already registered. Should only be used for testing +// already registered. Should only be used for testing. func ForceRegister(s provider.Provider, storeSpec *esv1alpha1.SecretStoreProvider) { storeName, err := getProviderName(storeSpec) if err != nil { @@ -61,7 +61,7 @@ func ForceRegister(s provider.Provider, storeSpec *esv1alpha1.SecretStoreProvide buildlock.Unlock() } -// GetProviderByName returns the provider implementation by name +// GetProviderByName returns the provider implementation by name. func GetProviderByName(name string) (provider.Provider, bool) { buildlock.RLock() f, ok := builder[name] @@ -69,7 +69,7 @@ func GetProviderByName(name string) (provider.Provider, bool) { return f, ok } -// GetProvider returns the provider from the generic store +// GetProvider returns the provider from the generic store. func GetProvider(s esv1alpha1.GenericStore) (provider.Provider, error) { provider := s.GetProvider() storeName, err := getProviderName(provider) @@ -89,7 +89,7 @@ func GetProvider(s esv1alpha1.GenericStore) (provider.Provider, error) { } // getProviderName returns the name of the configured provider -// or an error if the provider is not configured +// or an error if the provider is not configured. func getProviderName(storeSpec *esv1alpha1.SecretStoreProvider) (string, error) { storeBytes, err := json.Marshal(storeSpec) if err != nil { diff --git a/pkg/provider/schema/schema_test.go b/pkg/provider/schema/schema_test.go index 88fdd3b15..4cd703d2b 100644 --- a/pkg/provider/schema/schema_test.go +++ b/pkg/provider/schema/schema_test.go @@ -17,25 +17,26 @@ import ( "context" "testing" - esv1alpha1 "github.com/external-secrets/external-secrets/api/v1alpha1" - "github.com/external-secrets/external-secrets/pkg/provider" "github.com/stretchr/testify/assert" "sigs.k8s.io/controller-runtime/pkg/client" + + esv1alpha1 "github.com/external-secrets/external-secrets/api/v1alpha1" + "github.com/external-secrets/external-secrets/pkg/provider" ) type PP struct{} -// New constructs a SecretsManager Provider +// New constructs a SecretsManager Provider. func (p *PP) New(ctx context.Context, store esv1alpha1.SecretStoreProvider, kube client.Client, namespace string) (provider.Provider, error) { return p, nil } -// GetSecret returns a single secret from the provider +// GetSecret returns a single secret from the provider. func (p *PP) GetSecret(ctx context.Context, ref esv1alpha1.ExternalSecretDataRemoteRef) ([]byte, error) { return []byte("NOOP"), nil } -// GetSecretMap returns multiple k/v pairs from the provider +// GetSecretMap returns multiple k/v pairs from the provider. func (p *PP) GetSecretMap(ctx context.Context, ref esv1alpha1.ExternalSecretDataRemoteRef) (map[string][]byte, error) { return map[string][]byte{}, nil }