From 144985ee5a3059882d34a0a3bd464cd3655f344a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Charles-Edouard=20Br=C3=A9t=C3=A9ch=C3=A9?= Date: Wed, 24 Aug 2022 15:08:24 +0200 Subject: [PATCH] chore: fix golangcilint timeout (#4388) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * chore: fix golangcilint timeout Signed-off-by: Charles-Edouard Brétéché * fix commit sha Signed-off-by: Charles-Edouard Brétéché * add .gitattributes Signed-off-by: Charles-Edouard Brétéché Signed-off-by: Charles-Edouard Brétéché --- .gitattributes | 1 + .github/workflows/tests.yaml | 23 +++-------- .golangci.yml | 3 +- api/kyverno/v1/common_types.go | 2 +- api/kyverno/v1beta1/register.go | 4 +- .../v1alpha2/policyreport_types.go | 10 ++--- cmd/cli/kubectl-kyverno/test/test_command.go | 12 ++---- .../kubectl-kyverno/utils/common/common.go | 5 +-- cmd/cli/kubectl-kyverno/utils/common/fetch.go | 12 +++--- cmd/kyverno/main.go | 4 +- pkg/autogen/autogen.go | 9 +++-- pkg/background/generate/generate.go | 1 + pkg/controllers/config/log.go | 6 ++- pkg/cosign/cosign.go | 5 +-- pkg/dclient/discovery.go | 1 - pkg/dclient/fake.go | 1 + pkg/engine/background.go | 3 +- pkg/engine/common/pattern.go | 2 +- pkg/engine/imageVerify.go | 9 ++--- .../mutate/patch/strategicPreprocessing.go | 2 +- pkg/engine/utils.go | 18 +++++---- pkg/engine/variables/operator/notin.go | 2 +- pkg/event/controller.go | 2 +- pkg/event/fake.go | 4 +- pkg/metrics/init.go | 4 +- pkg/metrics/metrics.go | 9 +++-- .../policyExecutionDuration.go | 4 +- pkg/metrics/policyresults/policyResults.go | 4 +- pkg/openapi/fake.go | 3 +- pkg/policy/validate.go | 1 - pkg/policyreport/changerequestcreator.go | 2 +- pkg/policyreport/fake.go | 7 +--- pkg/policyreport/reportcontroller.go | 3 +- pkg/registryclient/client.go | 2 +- pkg/testrunner/scenario.go | 2 +- pkg/utils/kube/cert.go | 7 ++-- pkg/utils/util.go | 1 - pkg/webhookconfig/monitor.go | 2 - pkg/webhookconfig/registration.go | 6 ++- pkg/webhooks/resource/fake.go | 6 +-- pkg/webhooks/server.go | 7 ++-- pkg/webhooks/updaterequest/fake.go | 3 +- test/e2e/framework/client/client.go | 1 + test/e2e/framework/framework.go | 3 ++ test/e2e/generate/config.go | 3 +- test/e2e/generate/helpers.go | 38 ++++++++++--------- 46 files changed, 123 insertions(+), 136 deletions(-) create mode 100644 .gitattributes diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000000..d207b1802b --- /dev/null +++ b/.gitattributes @@ -0,0 +1 @@ +*.go text eol=lf diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 2336754388..9192cdf168 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -19,27 +19,21 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # pin@v2.4.0 + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # pin@v3 # see https://michaelheap.com/ensure-github-actions-pinned-sha/ - name: Ensure SHA pinned actions uses: zgosalvez/github-actions-ensure-sha-pinned-actions@6ca5574367befbc9efdb2fa25978084159c5902d # pin@v1.3.0 - - name: Unshallow - run: git fetch --prune --unshallow - - - name: Set up Go - uses: actions/setup-go@424fc82d43fa5a37540bae62709ddcc23d9520d4 # pin@v2.1.5 + - name: Setup go + uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # pin@v3 with: go-version: 1.17 - - name: Cache Go modules - uses: actions/cache@d9747005de0f7240e5d35a68dca96b3f41b8b340 # pin@v1.2.0 + - name: golangci-lint + uses: golangci/golangci-lint-action@537aa1903e5d359d0b27dbc19ddd22c5087f3fbc # pin@v3 with: - path: ~/go/pkg/mod - key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - restore-keys: | - ${{ runner.os }}-go- + version: v1.48 - name: gofmt check run: | @@ -61,11 +55,6 @@ jobs: exit 1 fi - - name: golangci-lint - uses: reviewdog/action-golangci-lint@02bcf8c1a9febe8620f1ca523b18dd64f82296db # pin@v1.25.0 - with: - fail_on_error: true - - name: Checking unused pkgs using go mod tidy run: | make unused-package-check diff --git a/.golangci.yml b/.golangci.yml index ec9d97791e..e1c9b382d3 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -21,7 +21,6 @@ linters: - gosimple - govet - grouper - - ifshort - importas - ineffassign - makezero @@ -43,7 +42,7 @@ linters: - whitespace run: - timeout: 5m + timeout: 10m skip-files: - ".+_test.go" - ".+_test_.+.go" diff --git a/api/kyverno/v1/common_types.go b/api/kyverno/v1/common_types.go index 28b3bc31c6..23c8c650cc 100644 --- a/api/kyverno/v1/common_types.go +++ b/api/kyverno/v1/common_types.go @@ -18,7 +18,7 @@ const ( Fail FailurePolicyType = "Fail" ) -// ApplyRulesType controls whether processing stops after one rule is applied or all rules are applied. +// ApplyRulesType controls whether processing stops after one rule is applied or all rules are applied. // +kubebuilder:validation:Enum=All;One type ApplyRulesType string diff --git a/api/kyverno/v1beta1/register.go b/api/kyverno/v1beta1/register.go index a912ee590d..bf92bc0c76 100644 --- a/api/kyverno/v1beta1/register.go +++ b/api/kyverno/v1beta1/register.go @@ -15,8 +15,8 @@ limitations under the License. */ // Package v1beta1 contains API Schema definitions for the kyverno.io v1beta1 API group -//+kubebuilder:object:generate=true -//+groupName=kyverno.io +// +kubebuilder:object:generate=true +// +groupName=kyverno.io package v1beta1 import ( diff --git a/api/policyreport/v1alpha2/policyreport_types.go b/api/policyreport/v1alpha2/policyreport_types.go index 3ab5a17353..90da7f7f0d 100644 --- a/api/policyreport/v1alpha2/policyreport_types.go +++ b/api/policyreport/v1alpha2/policyreport_types.go @@ -82,11 +82,11 @@ func (prs PolicyReportSummary) ToMap() map[string]interface{} { type PolicyResult string // PolicySeverity has one of the following values: -// - critical -// - high -// - low -// - medium -// - info +// - critical +// - high +// - low +// - medium +// - info // +kubebuilder:validation:Enum=critical;high;low;medium;info type PolicySeverity string diff --git a/cmd/cli/kubectl-kyverno/test/test_command.go b/cmd/cli/kubectl-kyverno/test/test_command.go index 7b54ef50aa..99cc257636 100644 --- a/cmd/cli/kubectl-kyverno/test/test_command.go +++ b/cmd/cli/kubectl-kyverno/test/test_command.go @@ -557,8 +557,8 @@ func buildPolicyResults(engineResponses []*response.EngineResponse, testResults if test.Resources != nil { if test.Policy == policyName { - // results[].namespace value implict set same as metadata.namespace until and unless - // user provides explict values for results[].namespace in test yaml file. + // results[].namespace value implicit set same as metadata.namespace until and unless + // user provides explicit values for results[].namespace in test yaml file. if test.Namespace == "" { test.Namespace = resourceNamespace testResults[i].Namespace = resourceNamespace @@ -903,7 +903,7 @@ func applyPoliciesFromPath(fs billy.Filesystem, policyBytes []byte, isGit bool, } } - var ruleToCloneSourceResource = map[string]string{} + ruleToCloneSourceResource := map[string]string{} for _, p := range filteredPolicies { filteredRules := []kyvernov1.Rule{} @@ -1036,7 +1036,7 @@ func printTestResult(resps map[string]policyreportv1alpha2.PolicyReportResult, t boldYellow := color.New(color.FgYellow).Add(color.Bold) boldFgCyan := color.New(color.FgCyan).Add(color.Bold) - countDeprecatedResource := 0 + var countDeprecatedResource int for i, v := range testResults { res := new(Table) res.ID = i + 1 @@ -1046,7 +1046,6 @@ func printTestResult(resps map[string]policyreportv1alpha2.PolicyReportResult, t } else { res.Policy = v.Policy res.Rule = v.Rule - } if v.Resources != nil { @@ -1055,7 +1054,6 @@ func printTestResult(resps map[string]policyreportv1alpha2.PolicyReportResult, t res.Resource = boldFgCyan.Sprintf(v.Namespace) + "/" + boldFgCyan.Sprintf(v.Kind) + "/" + boldFgCyan.Sprintf(resource) } else { res.Resource = v.Namespace + "/" + v.Kind + "/" + resource - } var ruleNameInResultKey string if v.AutoGeneratedRule != "" { @@ -1078,7 +1076,6 @@ func printTestResult(resps map[string]policyreportv1alpha2.PolicyReportResult, t } else { res.Policy = ns + "/" + v.Policy res.Resource = v.Namespace + "/" + v.Kind + "/" + resource - } } else if v.Namespace != "" { if !removeColor { @@ -1173,7 +1170,6 @@ func printTestResult(resps map[string]policyreportv1alpha2.PolicyReportResult, t res.Resource = boldFgCyan.Sprintf(v.Namespace) + "/" + boldFgCyan.Sprintf(v.Kind) + "/" + boldFgCyan.Sprintf(v.Resource) } else { res.Resource = v.Namespace + "/" + v.Kind + "/" + v.Resource - } resultKey = fmt.Sprintf("%s-%s-%s-%s-%s", v.Policy, ruleNameInResultKey, v.Namespace, v.Kind, v.Resource) } diff --git a/cmd/cli/kubectl-kyverno/utils/common/common.go b/cmd/cli/kubectl-kyverno/utils/common/common.go index 3a35ce7e20..d9cf7c6bdf 100644 --- a/cmd/cli/kubectl-kyverno/utils/common/common.go +++ b/cmd/cli/kubectl-kyverno/utils/common/common.go @@ -297,7 +297,6 @@ func GetVariable(variablesString, valuesFile string, fs billy.Filesystem, isGit values.GlobalValues = make(map[string]string) values.GlobalValues["request.operation"] = "CREATE" log.Log.V(3).Info("Defaulting request.operation to CREATE") - } else { if val, ok := values.GlobalValues["request.operation"]; ok { if val == "" { @@ -1003,7 +1002,7 @@ func GetKindsFromPolicy(policy kyvernov1.PolicyInterface) map[string]struct{} { return kindOnwhichPolicyIsApplied } -//GetResourceFromPath - get patchedResource and generatedResource from given path +// GetResourceFromPath - get patchedResource and generatedResource from given path func GetResourceFromPath(fs billy.Filesystem, path string, isGit bool, policyResourcePath string, resourceType string) (unstructured.Unstructured, error) { var resourceBytes []byte var resource unstructured.Unstructured @@ -1049,7 +1048,7 @@ func initializeMockController(objects []runtime.Object) (*generate.GenerateContr // handleGeneratePolicy returns a new RuleResponse with the Kyverno generated resource configuration by applying the generate rule. func handleGeneratePolicy(generateResponse *response.EngineResponse, policyContext engine.PolicyContext, ruleToCloneSourceResource map[string]string) ([]response.RuleResponse, error) { objects := []runtime.Object{&policyContext.NewResource} - var resources = []*unstructured.Unstructured{} + resources := []*unstructured.Unstructured{} for _, rule := range generateResponse.PolicyResponse.Rules { if path, ok := ruleToCloneSourceResource[rule.Name]; ok { resourceBytes, err := getFileBytes(path) diff --git a/cmd/cli/kubectl-kyverno/utils/common/fetch.go b/cmd/cli/kubectl-kyverno/utils/common/fetch.go index 77fd8cb9f4..1832fbacd9 100644 --- a/cmd/cli/kubectl-kyverno/utils/common/fetch.go +++ b/cmd/cli/kubectl-kyverno/utils/common/fetch.go @@ -15,6 +15,8 @@ import ( "github.com/kyverno/kyverno/pkg/dclient" engineutils "github.com/kyverno/kyverno/pkg/engine/utils" yamlutils "github.com/kyverno/kyverno/pkg/utils/yaml" + "golang.org/x/text/cases" + "golang.org/x/text/language" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/client-go/kubernetes/scheme" @@ -293,9 +295,9 @@ func GetKindsFromRule(rule kyvernov1.Rule) map[string]bool { for _, kind := range rule.MatchResources.Kinds { if strings.Contains(kind, "/") { lastElement := kind[strings.LastIndex(kind, "/")+1:] - resourceTypesMap[strings.Title(lastElement)] = true + resourceTypesMap[cases.Title(language.Und, cases.NoLower).String(lastElement)] = true } - resourceTypesMap[strings.Title(kind)] = true + resourceTypesMap[cases.Title(language.Und, cases.NoLower).String(kind)] = true } if rule.MatchResources.Any != nil { @@ -303,7 +305,7 @@ func GetKindsFromRule(rule kyvernov1.Rule) map[string]bool { for _, kind := range resFilter.ResourceDescription.Kinds { if strings.Contains(kind, "/") { lastElement := kind[strings.LastIndex(kind, "/")+1:] - resourceTypesMap[strings.Title(lastElement)] = true + resourceTypesMap[cases.Title(language.Und, cases.NoLower).String(lastElement)] = true } resourceTypesMap[kind] = true } @@ -315,9 +317,9 @@ func GetKindsFromRule(rule kyvernov1.Rule) map[string]bool { for _, kind := range resFilter.ResourceDescription.Kinds { if strings.Contains(kind, "/") { lastElement := kind[strings.LastIndex(kind, "/")+1:] - resourceTypesMap[strings.Title(lastElement)] = true + resourceTypesMap[cases.Title(language.Und, cases.NoLower).String(lastElement)] = true } - resourceTypesMap[strings.Title(kind)] = true + resourceTypesMap[cases.Title(language.Und, cases.NoLower).String(kind)] = true } } } diff --git a/cmd/kyverno/main.go b/cmd/kyverno/main.go index e357dd871a..b3769ca4a6 100644 --- a/cmd/kyverno/main.go +++ b/cmd/kyverno/main.go @@ -11,8 +11,6 @@ import ( "strings" "time" - _ "go.uber.org/automaxprocs" // #nosec - "github.com/kyverno/kyverno/pkg/background" generatecleanup "github.com/kyverno/kyverno/pkg/background/generate/cleanup" kyvernoclient "github.com/kyverno/kyverno/pkg/client/clientset/versioned" @@ -43,6 +41,7 @@ import ( webhookspolicy "github.com/kyverno/kyverno/pkg/webhooks/policy" webhooksresource "github.com/kyverno/kyverno/pkg/webhooks/resource" webhookgenerate "github.com/kyverno/kyverno/pkg/webhooks/updaterequest" + _ "go.uber.org/automaxprocs" // #nosec kubeinformers "k8s.io/client-go/informers" "k8s.io/client-go/kubernetes" "k8s.io/client-go/rest" @@ -307,7 +306,6 @@ func main() { if err := http.ListenAndServe(metricsAddr, metricsServerMux); err != nil { setupLog.Error(err, "failed to enable metrics", "address", metricsAddr) } - }() } diff --git a/pkg/autogen/autogen.go b/pkg/autogen/autogen.go index 2812e60868..2ec7629f66 100644 --- a/pkg/autogen/autogen.go +++ b/pkg/autogen/autogen.go @@ -62,10 +62,11 @@ func stripCronJob(controllers string) string { // CanAutoGen checks whether the rule(s) (in policy) can be applied to Pod controllers // returns controllers as: // - "" if: -// - name or selector is defined -// - mixed kinds (Pod + pod controller) is defined -// - Pod and PodControllers are not defined -// - mutate.Patches/mutate.PatchesJSON6902/validate.deny/generate rule is defined +// - name or selector is defined +// - mixed kinds (Pod + pod controller) is defined +// - Pod and PodControllers are not defined +// - mutate.Patches/mutate.PatchesJSON6902/validate.deny/generate rule is defined +// // - otherwise it returns all pod controllers func CanAutoGen(spec *kyvernov1.Spec) (applyAutoGen bool, controllers string) { needed := false diff --git a/pkg/background/generate/generate.go b/pkg/background/generate/generate.go index 5b5aab240d..304c9cb234 100644 --- a/pkg/background/generate/generate.go +++ b/pkg/background/generate/generate.go @@ -660,6 +660,7 @@ func (c *GenerateController) GetUnstrResource(genResourceSpec kyvernov1.Resource } return resource, nil } + func deleteGeneratedResources(log logr.Logger, client dclient.Interface, ur kyvernov1beta1.UpdateRequest) error { for _, genResource := range ur.Status.GeneratedResources { err := client.DeleteResource("", genResource.Kind, genResource.Namespace, genResource.Name, false) diff --git a/pkg/controllers/config/log.go b/pkg/controllers/config/log.go index efb4311a63..b718012076 100644 --- a/pkg/controllers/config/log.go +++ b/pkg/controllers/config/log.go @@ -2,5 +2,7 @@ package config import "sigs.k8s.io/controller-runtime/pkg/log" -var controllerName = "config-controller" -var logger = log.Log.WithName(controllerName) +var ( + controllerName = "config-controller" + logger = log.Log.WithName(controllerName) +) diff --git a/pkg/cosign/cosign.go b/pkg/cosign/cosign.go index 266d36eecc..6d745be3d2 100644 --- a/pkg/cosign/cosign.go +++ b/pkg/cosign/cosign.go @@ -53,8 +53,7 @@ type Response struct { Statements []map[string]interface{} } -type CosignError struct { -} +type CosignError struct{} func Verify(opts Options) (*Response, error) { if opts.FetchAttestations { @@ -159,7 +158,7 @@ func buildCosignOptions(opts Options) (*cosign.CheckOpts, error) { // load cert and optionally a cert chain as a verifier cert, err := loadCert([]byte(opts.Cert)) if err != nil { - return nil, errors.Wrapf(err, "failed to load certificate from %s", string(opts.Cert)) + return nil, errors.Wrapf(err, "failed to load certificate from %s", opts.Cert) } if opts.CertChain == "" { diff --git a/pkg/dclient/discovery.go b/pkg/dclient/discovery.go index 501f47327b..244e269218 100644 --- a/pkg/dclient/discovery.go +++ b/pkg/dclient/discovery.go @@ -62,7 +62,6 @@ func (c serverPreferredResources) Poll(resync time.Duration, stopCh <-chan struc // OpenAPISchema returns the API server OpenAPI schema document func (c serverPreferredResources) OpenAPISchema() (*openapiv2.Document, error) { return c.cachedClient.OpenAPISchema() - } // GetGVRFromKind get the Group Version Resource from kind diff --git a/pkg/dclient/fake.go b/pkg/dclient/fake.go index 950b4bb7ef..00d3280dc5 100644 --- a/pkg/dclient/fake.go +++ b/pkg/dclient/fake.go @@ -92,6 +92,7 @@ func (c *fakeDiscoveryClient) OpenAPISchema() (*openapiv2.Document, error) { func (c *fakeDiscoveryClient) DiscoveryCache() discovery.CachedDiscoveryInterface { return nil } + func (c *fakeDiscoveryClient) DiscoveryInterface() discovery.DiscoveryInterface { return nil } diff --git a/pkg/engine/background.go b/pkg/engine/background.go index 818be6d23c..152d2bf493 100644 --- a/pkg/engine/background.go +++ b/pkg/engine/background.go @@ -13,7 +13,8 @@ import ( // ApplyBackgroundChecks checks for validity of generate and mutateExisting rules on the resource // 1. validate variables to be substitute in the general ruleInfo (match,exclude,condition) -// - the caller has to check the ruleResponse to determine whether the path exist +// - the caller has to check the ruleResponse to determine whether the path exist +// // 2. returns the list of rules that are applicable on this policy and resource, if 1 succeed func ApplyBackgroundChecks(policyContext *PolicyContext) (resp *response.EngineResponse) { policyStartTime := time.Now() diff --git a/pkg/engine/common/pattern.go b/pkg/engine/common/pattern.go index b8617954df..b87b4a1b4e 100644 --- a/pkg/engine/common/pattern.go +++ b/pkg/engine/common/pattern.go @@ -264,7 +264,7 @@ func validateString(log logr.Logger, value interface{}, pattern string, operator } // validateNumberWithStr compares quantity if pattern type is quantity -// or a wildcard match to pattern string +// or a wildcard match to pattern string func validateNumberWithStr(log logr.Logger, value interface{}, pattern string, operator operator.Operator) bool { typedValue, err := convertNumberToString(value) if err != nil { diff --git a/pkg/engine/imageVerify.go b/pkg/engine/imageVerify.go index af3717a839..9fdde9efcd 100644 --- a/pkg/engine/imageVerify.go +++ b/pkg/engine/imageVerify.go @@ -197,7 +197,6 @@ func (iv *imageVerifier) verify(imageVerify kyvernov1.ImageVerification, images ruleResp.Patches = append(ruleResp.Patches, patch) imageInfo.Digest = retrievedDigest image = imageInfo.String() - digest = retrievedDigest } } @@ -307,8 +306,8 @@ func (iv *imageVerifier) verifyImage(imageVerify kyvernov1.ImageVerification, im } func (iv *imageVerifier) verifyAttestorSet(attestorSet kyvernov1.AttestorSet, imageVerify kyvernov1.ImageVerification, - imageInfo apiutils.ImageInfo, path string) (*cosign.Response, error) { - + imageInfo apiutils.ImageInfo, path string, +) (*cosign.Response, error) { var errorList []error verifiedCount := 0 attestorSet = expandStaticKeys(attestorSet) @@ -530,8 +529,8 @@ func evaluateConditions( conditions []kyvernov1.AnyAllConditions, ctx context.Interface, s map[string]interface{}, - log logr.Logger) (bool, error) { - + log logr.Logger, +) (bool, error) { predicate, ok := s["predicate"].(map[string]interface{}) if !ok { return false, fmt.Errorf("failed to extract predicate from statement: %v", s) diff --git a/pkg/engine/mutate/patch/strategicPreprocessing.go b/pkg/engine/mutate/patch/strategicPreprocessing.go index e68028aad0..73612757fc 100644 --- a/pkg/engine/mutate/patch/strategicPreprocessing.go +++ b/pkg/engine/mutate/patch/strategicPreprocessing.go @@ -296,7 +296,7 @@ func hasAnchor(key string) bool { } func hasAnchors(pattern *yaml.RNode, isAnchor func(key string) bool) bool { - ynode := pattern.YNode() // nolint:ifshort + ynode := pattern.YNode() //nolint:ifshort if ynode.Kind == yaml.MappingNode { fields, err := pattern.Fields() if err != nil { diff --git a/pkg/engine/utils.go b/pkg/engine/utils.go index 3876e4eef4..43826dc573 100644 --- a/pkg/engine/utils.go +++ b/pkg/engine/utils.go @@ -125,14 +125,18 @@ func checkSelector(labelSelector *metav1.LabelSelector, resourceLabels map[strin // doesResourceMatchConditionBlock filters the resource with defined conditions // for a match / exclude block, it has the following attributes: // ResourceDescription: -// Kinds []string -// Name string -// Namespaces []string -// Selector +// +// Kinds []string +// Name string +// Namespaces []string +// Selector +// // UserInfo: -// Roles []string -// ClusterRoles []string -// Subjects []rbacv1.Subject +// +// Roles []string +// ClusterRoles []string +// Subjects []rbacv1.Subject +// // To filter out the targeted resources with ResourceDescription, the check // should be: AND across attributes but an OR inside attributes that of type list // To filter out the targeted resources with UserInfo, the check diff --git a/pkg/engine/variables/operator/notin.go b/pkg/engine/variables/operator/notin.go index 514b5f05eb..0549b9ae29 100644 --- a/pkg/engine/variables/operator/notin.go +++ b/pkg/engine/variables/operator/notin.go @@ -7,7 +7,7 @@ import ( "github.com/kyverno/kyverno/pkg/engine/context" ) -//NewNotInHandler returns handler to manage NotIn operations +// NewNotInHandler returns handler to manage NotIn operations // // Deprecated: Use `NewAllNotInHandler` or `NewAnyNotInHandler` instead func NewNotInHandler(log logr.Logger, ctx context.EvalInterface) OperatorHandler { diff --git a/pkg/event/controller.go b/pkg/event/controller.go index 9317343589..9e16ba151a 100644 --- a/pkg/event/controller.go +++ b/pkg/event/controller.go @@ -46,7 +46,7 @@ type Interface interface { Add(infoList ...Info) } -//NewEventGenerator to generate a new event controller +// NewEventGenerator to generate a new event controller func NewEventGenerator(client dclient.Interface, cpInformer kyvernov1informers.ClusterPolicyInformer, pInformer kyvernov1informers.PolicyInformer, maxQueuedEvents int, log logr.Logger) *Generator { gen := Generator{ client: client, diff --git a/pkg/event/fake.go b/pkg/event/fake.go index 6d475fe3b5..8ad4534187 100644 --- a/pkg/event/fake.go +++ b/pkg/event/fake.go @@ -4,9 +4,7 @@ func NewFake() Interface { return &fakeEventGenerator{} } -type fakeEventGenerator struct { -} +type fakeEventGenerator struct{} func (f *fakeEventGenerator) Add(infoList ...Info) { - } diff --git a/pkg/metrics/init.go b/pkg/metrics/init.go index 0f7e81e8a3..d24ca6e907 100644 --- a/pkg/metrics/init.go +++ b/pkg/metrics/init.go @@ -17,8 +17,8 @@ func InitMetrics( metricsConfigData *config.MetricsConfigData, transportCreds string, kubeClient kubernetes.Interface, - log logr.Logger) (*MetricsConfig, *http.ServeMux, *controller.Controller, error) { - + log logr.Logger, +) (*MetricsConfig, *http.ServeMux, *controller.Controller, error) { var metricsConfig *MetricsConfig var err error var metricsServerMux *http.ServeMux diff --git a/pkg/metrics/metrics.go b/pkg/metrics/metrics.go index 9bb429cb9e..7f47c62d69 100644 --- a/pkg/metrics/metrics.go +++ b/pkg/metrics/metrics.go @@ -222,7 +222,8 @@ func NewPrometheusConfig(metricsConfigData *kconfig.MetricsConfigData, func (m *MetricsConfig) RecordPolicyResults(policyValidationMode PolicyValidationMode, policyType PolicyType, policyBackgroundMode PolicyBackgroundMode, policyNamespace string, policyName string, resourceKind string, resourceNamespace string, resourceRequestOperation ResourceRequestOperation, ruleName string, ruleResult RuleResult, ruleType RuleType, - ruleExecutionCause RuleExecutionCause) { + ruleExecutionCause RuleExecutionCause, +) { ctx := context.Background() commonLabels := []attribute.KeyValue{ @@ -259,7 +260,8 @@ func (m *MetricsConfig) RecordPolicyChanges(policyValidationMode PolicyValidatio } func (m *MetricsConfig) RecordPolicyRuleInfo(policyValidationMode PolicyValidationMode, policyType PolicyType, policyBackgroundMode PolicyBackgroundMode, policyNamespace string, policyName string, - ruleName string, ruleType RuleType, status string, metricValue float64) { + ruleName string, ruleType RuleType, status string, metricValue float64, +) { ctx := context.Background() commonLabels := []attribute.KeyValue{ attribute.String("policy_validation_mode", string(policyValidationMode)), @@ -289,7 +291,8 @@ func (m MetricsConfig) RecordAdmissionRequests(resourceKind string, resourceName func (m *MetricsConfig) RecordPolicyExecutionDuration(policyValidationMode PolicyValidationMode, policyType PolicyType, policyBackgroundMode PolicyBackgroundMode, policyNamespace string, policyName string, resourceKind string, resourceNamespace string, resourceRequestOperation ResourceRequestOperation, ruleName string, ruleResult RuleResult, ruleType RuleType, - ruleExecutionCause RuleExecutionCause, generalRuleLatencyType string, ruleExecutionLatency float64) { + ruleExecutionCause RuleExecutionCause, generalRuleLatencyType string, ruleExecutionLatency float64, +) { ctx := context.Background() commonLabels := []attribute.KeyValue{ diff --git a/pkg/metrics/policyexecutionduration/policyExecutionDuration.go b/pkg/metrics/policyexecutionduration/policyExecutionDuration.go index 8dfee6d30d..5cca7a066f 100644 --- a/pkg/metrics/policyexecutionduration/policyExecutionDuration.go +++ b/pkg/metrics/policyexecutionduration/policyExecutionDuration.go @@ -45,8 +45,8 @@ func registerPolicyExecutionDurationMetric( return nil } -//policy - policy related data -//engineResponse - resource and rule related data +// policy - policy related data +// engineResponse - resource and rule related data func ProcessEngineResponse(m *metrics.MetricsConfig, policy kyvernov1.PolicyInterface, engineResponse response.EngineResponse, executionCause metrics.RuleExecutionCause, generateRuleLatencyType string, resourceRequestOperation metrics.ResourceRequestOperation) error { name, namespace, policyType, backgroundMode, validationMode, err := metrics.GetPolicyInfos(policy) if err != nil { diff --git a/pkg/metrics/policyresults/policyResults.go b/pkg/metrics/policyresults/policyResults.go index 40a79e0c05..4d360401dc 100644 --- a/pkg/metrics/policyresults/policyResults.go +++ b/pkg/metrics/policyresults/policyResults.go @@ -40,8 +40,8 @@ func registerPolicyResultsMetric( return nil } -//policy - policy related data -//engineResponse - resource and rule related data +// policy - policy related data +// engineResponse - resource and rule related data func ProcessEngineResponse(m *metrics.MetricsConfig, policy kyvernov1.PolicyInterface, engineResponse response.EngineResponse, executionCause metrics.RuleExecutionCause, resourceRequestOperation metrics.ResourceRequestOperation) error { name, namespace, policyType, backgroundMode, validationMode, err := metrics.GetPolicyInfos(policy) if err != nil { diff --git a/pkg/openapi/fake.go b/pkg/openapi/fake.go index 2f34703d03..728978b90e 100644 --- a/pkg/openapi/fake.go +++ b/pkg/openapi/fake.go @@ -6,8 +6,7 @@ func NewFake() ValidateInterface { return &fakeValidation{} } -type fakeValidation struct { -} +type fakeValidation struct{} func (f *fakeValidation) ValidateResource(resource unstructured.Unstructured, apiVersion, kind string) error { return nil diff --git a/pkg/policy/validate.go b/pkg/policy/validate.go index 3c5dd4c937..05f581bc78 100644 --- a/pkg/policy/validate.go +++ b/pkg/policy/validate.go @@ -564,7 +564,6 @@ func validateMatchKindHelper(rule kyvernov1.Rule) error { // isLabelAndAnnotationsString :- Validate if labels and annotations contains only string values func isLabelAndAnnotationsString(rule kyvernov1.Rule) bool { - checkLabelAnnotation := func(metaKey map[string]interface{}) bool { for mk := range metaKey { if mk == "labels" { diff --git a/pkg/policyreport/changerequestcreator.go b/pkg/policyreport/changerequestcreator.go index d4f8f9b9db..fa018d2ac1 100644 --- a/pkg/policyreport/changerequestcreator.go +++ b/pkg/policyreport/changerequestcreator.go @@ -124,7 +124,7 @@ func (c *changeRequestCreator) run(stopChan <-chan struct{}) { for { select { case <-ticker.C: - requests := []*unstructured.Unstructured{} + var requests []*unstructured.Unstructured var size int if c.splitPolicyReport { requests, size = c.mergeRequestsPerPolicy() diff --git a/pkg/policyreport/fake.go b/pkg/policyreport/fake.go index 32db0c5059..e0870eeb4a 100644 --- a/pkg/policyreport/fake.go +++ b/pkg/policyreport/fake.go @@ -4,21 +4,16 @@ func NewFake() GeneratorInterface { return &fakeReporter{} } -type fakeReporter struct { -} +type fakeReporter struct{} func (f *fakeReporter) Add(infos ...Info) { - } func (f *fakeReporter) MapperReset(string) { - } func (f *fakeReporter) MapperInactive(string) { - } func (f *fakeReporter) MapperInvalidate() { - } diff --git a/pkg/policyreport/reportcontroller.go b/pkg/policyreport/reportcontroller.go index 4c9d03835a..29f6cd8645 100644 --- a/pkg/policyreport/reportcontroller.go +++ b/pkg/policyreport/reportcontroller.go @@ -524,7 +524,6 @@ func (g *ReportGenerator) removeFromClusterPolicyReport(policyName, ruleName str } func (g *ReportGenerator) removeFromPolicyReport(policyName, ruleName string) error { - namespaces, err := g.client.ListResource("", "Namespace", "", nil) if err != nil { return fmt.Errorf("unable to list namespace %v", err) @@ -589,7 +588,7 @@ func (g *ReportGenerator) aggregateReports(namespace, policyName string) ( g.log.Error(err, "failed to get Kyverno namespace, policy reports will not be garbage collected upon termination") } - selector := labels.NewSelector() + var selector labels.Selector if namespace == "" { if toggle.SplitPolicyReport() { selector = labels.SelectorFromSet(labels.Set(map[string]string{appVersion: version.BuildVersion, policyLabel: TrimmedName(policyName)})) diff --git a/pkg/registryclient/client.go b/pkg/registryclient/client.go index 342d6e1b48..40f535f988 100644 --- a/pkg/registryclient/client.go +++ b/pkg/registryclient/client.go @@ -95,7 +95,7 @@ func WithKeychainPullSecrets(kubClient kubernetes.Interface, namespace, serviceA // WithKeychainPullSecrets provides initialize registry client option that allows to use insecure registries. func WithAllowInsecureRegistry() Option { return func(c *client) error { - c.transport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true} + c.transport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true} //nolint:gosec return nil } } diff --git a/pkg/testrunner/scenario.go b/pkg/testrunner/scenario.go index d68b2227dd..2eefcdd315 100644 --- a/pkg/testrunner/scenario.go +++ b/pkg/testrunner/scenario.go @@ -71,7 +71,7 @@ type Generation struct { // It assumes that the project directory is 2 levels up. This means if this function is moved // it may not work as expected. func RootDir() string { - _, b, _, _ := runtime.Caller(0) // nolint:dogsled + _, b, _, _ := runtime.Caller(0) //nolint:dogsled d := ospath.Join(ospath.Dir(b)) d = filepath.Dir(d) return filepath.Dir(d) diff --git a/pkg/utils/kube/cert.go b/pkg/utils/kube/cert.go index b2252a7dca..1ff6e6e991 100644 --- a/pkg/utils/kube/cert.go +++ b/pkg/utils/kube/cert.go @@ -7,15 +7,16 @@ import ( "github.com/kyverno/kyverno/pkg/config" "google.golang.org/grpc/credentials" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/kubernetes" ) func FetchCert( ctx context.Context, certs string, - kubeClient kubernetes.Interface) (credentials.TransportCredentials, error) { - secret, err := kubeClient.CoreV1().Secrets(config.KyvernoNamespace()).Get(ctx, certs, v1.GetOptions{}) + kubeClient kubernetes.Interface, +) (credentials.TransportCredentials, error) { + secret, err := kubeClient.CoreV1().Secrets(config.KyvernoNamespace()).Get(ctx, certs, metav1.GetOptions{}) if err != nil { return nil, fmt.Errorf("error fetching certificate from secret") } diff --git a/pkg/utils/util.go b/pkg/utils/util.go index 7df860500d..bec852faa3 100644 --- a/pkg/utils/util.go +++ b/pkg/utils/util.go @@ -346,7 +346,6 @@ func OverrideRuntimeErrorHandler() { runtime.ErrorHandlers[0] = func(err error) { logger.V(6).Info("runtime error: %s", err) } - } else { runtime.ErrorHandlers = []func(err error){ func(err error) { diff --git a/pkg/webhookconfig/monitor.go b/pkg/webhookconfig/monitor.go index e6e56ad58d..1444719c27 100644 --- a/pkg/webhookconfig/monitor.go +++ b/pkg/webhookconfig/monitor.go @@ -36,11 +36,9 @@ const ( // latestTimestamp is longer than idleCheckInterval, the monitor triggers an // annotation update; otherwise lastSeenRequestTime is updated to latestTimestamp. // -// // Webhook configurations are checked every tickerInterval across all instances. // Currently the check only queries for the expected resource name, and does // not compare other details like the webhook settings. -// type Monitor struct { // leaseClient is used to manage Kyverno lease leaseClient coordinationv1.LeaseInterface diff --git a/pkg/webhookconfig/registration.go b/pkg/webhookconfig/registration.go index f26d2e328a..da50916e1c 100644 --- a/pkg/webhookconfig/registration.go +++ b/pkg/webhookconfig/registration.go @@ -184,7 +184,8 @@ func (wrc *Register) ResetPolicyStatus(kyvernoInTermination bool, wg *sync.WaitG logger := wrc.log.WithName("ResetPolicyStatus") cpols, err := wrc.kyvernoClient.KyvernoV1().ClusterPolicies().List(context.TODO(), metav1.ListOptions{}) if err == nil { - for _, cpol := range cpols.Items { + for _, item := range cpols.Items { + cpol := item cpol.Status.SetReady(false) if _, err := wrc.kyvernoClient.KyvernoV1().ClusterPolicies().UpdateStatus(context.TODO(), &cpol, metav1.UpdateOptions{}); err != nil { logger.Error(err, "failed to set ClusterPolicy status READY=false", "name", cpol.GetName()) @@ -196,7 +197,8 @@ func (wrc *Register) ResetPolicyStatus(kyvernoInTermination bool, wg *sync.WaitG pols, err := wrc.kyvernoClient.KyvernoV1().Policies(metav1.NamespaceAll).List(context.TODO(), metav1.ListOptions{}) if err == nil { - for _, pol := range pols.Items { + for _, item := range pols.Items { + pol := item pol.Status.SetReady(false) if _, err := wrc.kyvernoClient.KyvernoV1().Policies(pol.GetNamespace()).UpdateStatus(context.TODO(), &pol, metav1.UpdateOptions{}); err != nil { logger.Error(err, "failed to set Policy status READY=false", "namespace", pol.GetNamespace(), "name", pol.GetName()) diff --git a/pkg/webhooks/resource/fake.go b/pkg/webhooks/resource/fake.go index 6b94817a78..40d8f7c34a 100644 --- a/pkg/webhooks/resource/fake.go +++ b/pkg/webhooks/resource/fake.go @@ -20,7 +20,6 @@ import ( ) func NewFakeHandlers(ctx context.Context, policyCache policycache.Cache) webhooks.Handlers { - client := fake.NewSimpleClientset() metricsConfig := metrics.NewFakeMetricsConfig(client) @@ -53,13 +52,10 @@ func newFakeAuditHandler() AuditHandler { return &fakeAuditHandler{} } -type fakeAuditHandler struct { -} +type fakeAuditHandler struct{} func (f *fakeAuditHandler) Add(request *admissionv1.AdmissionRequest) { - } func (f *fakeAuditHandler) Run(workers int, stopCh <-chan struct{}) { - } diff --git a/pkg/webhooks/server.go b/pkg/webhooks/server.go index 44f82273fc..dca90a778d 100644 --- a/pkg/webhooks/server.go +++ b/pkg/webhooks/server.go @@ -75,9 +75,10 @@ func NewServer( }, MinVersion: tls.VersionTLS12, }, - Handler: mux, - ReadTimeout: 30 * time.Second, - WriteTimeout: 30 * time.Second, + Handler: mux, + ReadTimeout: 30 * time.Second, + WriteTimeout: 30 * time.Second, + ReadHeaderTimeout: 30 * time.Second, }, webhookRegister: register, cleanUp: cleanUp, diff --git a/pkg/webhooks/updaterequest/fake.go b/pkg/webhooks/updaterequest/fake.go index d09fb9e19b..b5304c261f 100644 --- a/pkg/webhooks/updaterequest/fake.go +++ b/pkg/webhooks/updaterequest/fake.go @@ -9,8 +9,7 @@ func NewFake() Generator { return &fakeGenerator{} } -type fakeGenerator struct { -} +type fakeGenerator struct{} func (f *fakeGenerator) Apply(gr kyvernov1beta1.UpdateRequestSpec, action admissionv1.Operation) error { return nil diff --git a/test/e2e/framework/client/client.go b/test/e2e/framework/client/client.go index 1b2e00c006..dd93e945b5 100644 --- a/test/e2e/framework/client/client.go +++ b/test/e2e/framework/client/client.go @@ -27,6 +27,7 @@ type client struct { } func New(t *testing.T) Client { + t.Helper() c, err := e2e.NewE2EClient() gomega.Expect(err).NotTo(gomega.HaveOccurred()) return &client{t, c} diff --git a/test/e2e/framework/framework.go b/test/e2e/framework/framework.go index d90b1200c8..62dc3931a9 100644 --- a/test/e2e/framework/framework.go +++ b/test/e2e/framework/framework.go @@ -11,6 +11,7 @@ import ( ) func Setup(t *testing.T) { + t.Helper() gomega.RegisterTestingT(t) if os.Getenv("E2E") == "" { t.Skip("Skipping E2E Test") @@ -18,6 +19,7 @@ func Setup(t *testing.T) { } func RunTest(t *testing.T, steps ...step.Step) { + t.Helper() ginkgo.By("Creating client ...") client := client.New(t) for _, step := range steps { @@ -27,6 +29,7 @@ func RunTest(t *testing.T, steps ...step.Step) { } func RunSubTest(t *testing.T, name string, steps ...step.Step) { + t.Helper() t.Run(name, func(t *testing.T) { RunTest(t, steps...) }) diff --git a/test/e2e/generate/config.go b/test/e2e/generate/config.go index db4ae123f0..c76130d34e 100644 --- a/test/e2e/generate/config.go +++ b/test/e2e/generate/config.go @@ -4,10 +4,9 @@ import ( "time" "github.com/kyverno/kyverno/test/e2e" + . "github.com/onsi/gomega" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "sigs.k8s.io/yaml" - - . "github.com/onsi/gomega" ) var ( diff --git a/test/e2e/generate/helpers.go b/test/e2e/generate/helpers.go index bfc5e12e56..c4442d7d1a 100644 --- a/test/e2e/generate/helpers.go +++ b/test/e2e/generate/helpers.go @@ -7,13 +7,12 @@ import ( "time" "github.com/kyverno/kyverno/test/e2e" + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" apierrors "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/runtime/schema" "sigs.k8s.io/yaml" - - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" ) type resource struct { @@ -72,6 +71,7 @@ func expectation(id _id, expectations ...resourceExpectation) expectedResource { } func setup(t *testing.T) { + t.Helper() RegisterTestingT(t) if os.Getenv("E2E") == "" { t.Skip("Skipping E2E Test") @@ -86,7 +86,7 @@ func createClient() *e2e.E2EClient { func deleteClusteredResource(client *e2e.E2EClient, resource expectedResource) { By(fmt.Sprintf("Deleting %s : %s", resource.gvr.String(), resource.name)) - client.DeleteClusteredResource(resource.gvr, resource.name) + _ = client.DeleteClusteredResource(resource.gvr, resource.name) err := e2e.GetWithRetry(1*time.Second, 15, func() error { _, err := client.GetClusteredResource(resource.gvr, resource.name) if err == nil { @@ -102,7 +102,7 @@ func deleteClusteredResource(client *e2e.E2EClient, resource expectedResource) { func deleteNamespacedResource(client *e2e.E2EClient, resource expectedResource) { By(fmt.Sprintf("Deleting %s : %s/%s", resource.gvr.String(), resource.ns, resource.name)) - client.DeleteNamespacedResource(resource.gvr, resource.ns, resource.name) + _ = client.DeleteNamespacedResource(resource.gvr, resource.ns, resource.name) err := e2e.GetWithRetry(1*time.Second, 15, func() error { _, err := client.GetNamespacedResource(resource.gvr, resource.ns, resource.name) if err == nil { @@ -131,6 +131,7 @@ func deleteResources(client *e2e.E2EClient, resources ...expectedResource) { } func createClusteredResource(t *testing.T, client *e2e.E2EClient, resource resource) *unstructured.Unstructured { + t.Helper() var u unstructured.Unstructured Expect(yaml.Unmarshal(resource.raw, &u)).To(Succeed()) By(fmt.Sprintf("Creating %s : %s", resource.gvr.String(), u.GetName())) @@ -143,6 +144,7 @@ func createClusteredResource(t *testing.T, client *e2e.E2EClient, resource resou } func createNamespacedResource(t *testing.T, client *e2e.E2EClient, resource resource) *unstructured.Unstructured { + t.Helper() var u unstructured.Unstructured Expect(yaml.Unmarshal(resource.raw, &u)).To(Succeed()) By(fmt.Sprintf("Creating %s : %s/%s", resource.gvr.String(), resource.ns, u.GetName())) @@ -155,6 +157,7 @@ func createNamespacedResource(t *testing.T, client *e2e.E2EClient, resource reso } func createResource(t *testing.T, client *e2e.E2EClient, resource resource) *unstructured.Unstructured { + t.Helper() if resource.ns != "" { return createNamespacedResource(t, client, resource) } else { @@ -163,6 +166,7 @@ func createResource(t *testing.T, client *e2e.E2EClient, resource resource) *uns } func createResources(t *testing.T, client *e2e.E2EClient, resources ...resource) { + t.Helper() for _, resource := range resources { createResource(t, client, resource) } @@ -182,13 +186,13 @@ func getNamespacedResource(client *e2e.E2EClient, gvr schema.GroupVersionResourc return r } -func getResource(client *e2e.E2EClient, gvr schema.GroupVersionResource, ns, name string) *unstructured.Unstructured { - if ns != "" { - return getNamespacedResource(client, gvr, ns, name) - } else { - return getClusteredResource(client, gvr, name) - } -} +// func getResource(client *e2e.E2EClient, gvr schema.GroupVersionResource, ns, name string) *unstructured.Unstructured { +// if ns != "" { +// return getNamespacedResource(client, gvr, ns, name) +// } else { +// return getClusteredResource(client, gvr, name) +// } +// } func updateClusteredResource(client *e2e.E2EClient, gvr schema.GroupVersionResource, name string, m func(*unstructured.Unstructured) error) { r := getClusteredResource(client, gvr, name) @@ -297,11 +301,11 @@ func expectResourceNotExists(client *e2e.E2EClient, resource expectedResource) { } } -func expectResourcesNotExist(client *e2e.E2EClient, resources ...expectedResource) { - for _, resource := range resources { - expectResourceNotExists(client, resource) - } -} +// func expectResourcesNotExist(client *e2e.E2EClient, resources ...expectedResource) { +// for _, resource := range resources { +// expectResourceNotExists(client, resource) +// } +// } func expectClusteredResourceNotFound(client *e2e.E2EClient, resource expectedResource) { By(fmt.Sprintf("Expecting not found %s : %s", resource.gvr.String(), resource.name))