From 5e432b62840414ea45704208f1b423f5e0194ac7 Mon Sep 17 00:00:00 2001 From: David Gogl <1381862+kengou@users.noreply.github.com> Date: Tue, 3 Sep 2024 18:33:34 +0200 Subject: [PATCH] fix golangci-lint warnings --- cmd/git-cert-shim/main.go | 2 +- controllers/git_controller.go | 9 +++++---- pkg/certificate/certificate.go | 2 +- pkg/certificate/secret.go | 7 ++++--- pkg/git/exec.go | 6 +++--- pkg/git/git.go | 7 +++++-- pkg/git/options.go | 2 +- pkg/git/syncer.go | 1 + pkg/util/util.go | 2 +- pkg/vault/client.go | 10 +++++----- 10 files changed, 27 insertions(+), 21 deletions(-) diff --git a/cmd/git-cert-shim/main.go b/cmd/git-cert-shim/main.go index 38a8905..5707a07 100644 --- a/cmd/git-cert-shim/main.go +++ b/cmd/git-cert-shim/main.go @@ -21,7 +21,7 @@ import ( "flag" "fmt" "net/http" - _ "net/http/pprof" + _ "net/http/pprof" //nolint:gosec "os" "time" diff --git a/controllers/git_controller.go b/controllers/git_controller.go index 10bc235..7d5801f 100644 --- a/controllers/git_controller.go +++ b/controllers/git_controller.go @@ -18,6 +18,7 @@ package controllers import ( "context" + "errors" "fmt" "path/filepath" "strings" @@ -150,7 +151,7 @@ func (g *GitController) checkCertificate(cert *certificate.Certificate) error { // If the certmanager.certificate is not ready, we abort here and check again later. // Once it is ready, the secret contains the tls certificate and private key. if !isCertificateReady(c) { - return fmt.Errorf("certificate not (yet) ready. re-adding to queue") + return errors.New("certificate not (yet) ready. re-adding to queue") } tlsSecret, err := k8sutils.GetSecret(ctx, g.client, g.ControllerOptions.Namespace, cert.GetSecretName()) @@ -182,20 +183,20 @@ func (g *GitController) checkCertificate(cert *certificate.Certificate) error { g.mtx.Lock() defer g.mtx.Unlock() - certFileName := filepath.Join(cert.OutFolder, fmt.Sprintf("%s.pem", cert.CommonName)) + certFileName := filepath.Join(cert.OutFolder, cert.CommonName+".pem") certFileName = strings.ReplaceAll(certFileName, "*", "wildcard") if err := util.WriteToFileIfNotEmpty(certFileName, certByte); err != nil { return err } - keyFileName := filepath.Join(cert.OutFolder, fmt.Sprintf("%s-key.pem", cert.CommonName)) + keyFileName := filepath.Join(cert.OutFolder, cert.CommonName+"-key.pem") keyFileName = strings.ReplaceAll(keyFileName, "*", "wildcard") if err := util.WriteToFileIfNotEmpty(keyFileName, keyByte); err != nil { return err } err = g.repositorySyncer.AddFilesAndCommit( - fmt.Sprintf("added certificate for %s", cert.CommonName), certFileName, keyFileName, + "added certificate for "+cert.CommonName, certFileName, keyFileName, ) if err != nil { return err diff --git a/pkg/certificate/certificate.go b/pkg/certificate/certificate.go index efaf25c..ffa75ba 100644 --- a/pkg/certificate/certificate.go +++ b/pkg/certificate/certificate.go @@ -25,7 +25,7 @@ func (c *Certificate) GetName() string { } func (c *Certificate) GetSecretName() string { - return fmt.Sprintf("tls-%s", c.GetName()) + return "tls-" + c.GetName() } func ReadCertificateConfig(filePath string) ([]*Certificate, error) { diff --git a/pkg/certificate/secret.go b/pkg/certificate/secret.go index 1798db7..529ab12 100644 --- a/pkg/certificate/secret.go +++ b/pkg/certificate/secret.go @@ -13,20 +13,21 @@ const ( tlsKey = "tls.key" ) -func ExtractCAAndCertificateAndPrivateKeyFromSecret(tlsSecret *corev1.Secret) ([]byte, []byte, []byte, error) { +func ExtractCAAndCertificateAndPrivateKeyFromSecret(tlsSecret *corev1.Secret) (ca, cert, key []byte, err error) { + //nolint:gosimple if tlsSecret.Data == nil || len(tlsSecret.Data) == 0 { return nil, nil, nil, errors.New("secret is empty") } // Optional. - ca, _ := tlsSecret.Data[caCrt] + ca = tlsSecret.Data[caCrt] cert, ok := tlsSecret.Data[tlsCrt] if !ok { return nil, nil, nil, fmt.Errorf("%s missing in secret data", tlsCrt) } - key, ok := tlsSecret.Data[tlsKey] + key, ok = tlsSecret.Data[tlsKey] if !ok { return nil, nil, nil, fmt.Errorf("%s missing in secret data", tlsKey) } diff --git a/pkg/git/exec.go b/pkg/git/exec.go index a91af3d..51be15b 100644 --- a/pkg/git/exec.go +++ b/pkg/git/exec.go @@ -45,12 +45,12 @@ func newCommand(cmd string, defaultArgs ...string) (*command, error) { timeout: 10 * time.Minute, defaultArgs: defaultArgs, } - return c, c.verify() + return c, c.verify() //nolint:gocritic } // Run starts the command, waits until it finished and returns stdOut or an error containing the stdError message. func (c *command) run(args ...string) (string, error) { - cmd := exec.Command(c.cmd, append(c.defaultArgs, args...)...) + cmd := exec.Command(c.cmd, append(c.defaultArgs, args...)...) //nolint:gosec if v, ok := os.LookupEnv("DEBUG"); ok && v == "true" { fmt.Println("running: ", cmd.String()) @@ -78,7 +78,7 @@ func (c *command) run(args ...string) (string, error) { fmt.Println("failed to kill command: ", err.Error()) return strings.TrimSpace(stdOut.String()), err } - return "", fmt.Errorf("command timed out after %s: %s\n", time.Since(start).String(), cmd.String()) + return "", fmt.Errorf("command timed out after %s: %s", time.Since(start).String(), cmd.String()) case err := <-done: if stdErr.Len() > 0 { fmt.Println("Output:", strings.TrimSpace(stdErr.String())) diff --git a/pkg/git/git.go b/pkg/git/git.go index 60219ac..63cb73a 100644 --- a/pkg/git/git.go +++ b/pkg/git/git.go @@ -64,8 +64,11 @@ func (g *Git) GetRemoteHEADCommitHash() (string, error) { // PullRebase pulls and rebases. func (g *Git) PullRebase() error { - g.run("rebase", "--abort") - _, err := g.run( + _, err := g.run("rebase", "--abort") + if err != nil { + return errors.Wrap(err, "git rebase --abort failed") + } + _, err = g.run( "-c", fmt.Sprintf(`user.name="%s"`, g.AuthorName), "-c", fmt.Sprintf(`user.email="%s"`, g.AuthorEmail), "pull", diff --git a/pkg/git/options.go b/pkg/git/options.go index b0a4b52..db8fdcd 100644 --- a/pkg/git/options.go +++ b/pkg/git/options.go @@ -12,7 +12,7 @@ import ( const ( gitRemoteURLEnvVarkey = "GIT_REMOTE_URL" - gitTokenEnvVarKey = "GIT_API_TOKEN" + gitTokenEnvVarKey = "GIT_API_TOKEN" //nolint:gosec gitSSHPrivkeyFileEnvVarKey = "GIT_SSH_PRIVKEY_FILE" ) diff --git a/pkg/git/syncer.go b/pkg/git/syncer.go index 2c1a3a2..4cfb3a6 100644 --- a/pkg/git/syncer.go +++ b/pkg/git/syncer.go @@ -123,6 +123,7 @@ func (r *RepositorySyncer) syncWithRetry() error { defer r.mtx.Unlock() err := retry.OnError(retry.DefaultBackoff, + //nolint:gocritic func(err error) bool { // Retry the sync, if a git pull --rebase can help. return isErrFailedToPushSomeRefs(err) diff --git a/pkg/util/util.go b/pkg/util/util.go index 2f1b5ca..d366ec6 100644 --- a/pkg/util/util.go +++ b/pkg/util/util.go @@ -30,7 +30,7 @@ func EnsureDir(path string, isEnsureEmptyDir bool) error { if isEnsureEmptyDir { p := path if !strings.HasSuffix(p, "/") { - p = p + "/" + p += "/" } if err := os.RemoveAll(p); os.IsNotExist(err) { return err diff --git a/pkg/vault/client.go b/pkg/vault/client.go index b05bb46..120118c 100644 --- a/pkg/vault/client.go +++ b/pkg/vault/client.go @@ -73,7 +73,7 @@ func NewClientIfSelected(opts Options) (*Client, error) { return nil, err } - //authenticate once immediately to check correctness of credentials + // authenticate once immediately to check correctness of credentials c := &Client{client: client, Options: opts, authValidUntil: time.Now().Add(-1 * time.Hour)} err = c.authenticateIfNecessary() if err != nil { @@ -86,12 +86,12 @@ func (c *Client) authenticateIfNecessary() error { c.authMutex.Lock() defer c.authMutex.Unlock() - //use existing token if possible + // use existing token if possible if c.authValidUntil.After(time.Now()) { return nil } - //perform approle authentication + // perform approle authentication resp, err := c.client.Logical().Write("auth/approle/login", map[string]interface{}{ "role_id": c.Options.authRoleID, "secret_id": c.Options.authSecretID, @@ -123,14 +123,14 @@ func (c *Client) UpdateCertificate(data CertificateData) error { "private-key": string(data.KeyBytes), } - //we only want to write the secret and therefore produce a new version when actually necessary + // we only want to write the secret and therefore produce a new version when actually necessary secret, err := c.client.Logical().Read(fullSecretPath) if err != nil { return err } needsWrite := false if secret == nil { - needsWrite = true //secret does not exist yet + needsWrite = true // secret does not exist yet } else { needsWrite = !reflect.DeepEqual(secret.Data["data"], payload) }