Merge pull request #111 from inteon/fix_linters

Fix linters

.golangci.yaml

@@ -1,17 +1,10 @@
 issues:
   exclude-rules:
     - linters:
-        - errcheck
-        - gofmt
         - gosec
-        - staticcheck
-        - gocritic
         - prealloc
         - errorlint
-        - loggercheck
-        - gosimple
         - containedctx
-        - ginkgolinter
       text: ".*"
 linters:
   # Explicitly define all enabled linters

internal/approver/controller/controller_test.go

@@ -30,7 +30,7 @@ import (
 	apiequality "k8s.io/apimachinery/pkg/api/equality"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
-	"k8s.io/klog/v2/klogr"
+	"k8s.io/klog/v2/ktesting"
 	fakeclock "k8s.io/utils/clock/testing"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
@@ -79,7 +79,7 @@ func Test_Reconcile(t *testing.T) {
 					ObjectMeta: metav1.ObjectMeta{Namespace: "test-ns", Name: "test-cr", ResourceVersion: "11"},
 					Status: cmapi.CertificateRequestStatus{
 						Conditions: []cmapi.CertificateRequestCondition{
-							cmapi.CertificateRequestCondition{
+							{
 								Type:               cmapi.CertificateRequestConditionDenied,
 								Status:             cmmeta.ConditionTrue,
 								Reason:             "spiffe.csi.cert-manager.io",
@@ -109,7 +109,7 @@ func Test_Reconcile(t *testing.T) {
 					ObjectMeta: metav1.ObjectMeta{Namespace: "test-ns", Name: "test-cr", ResourceVersion: "11"},
 					Status: cmapi.CertificateRequestStatus{
 						Conditions: []cmapi.CertificateRequestCondition{
-							cmapi.CertificateRequestCondition{
+							{
 								Type:               cmapi.CertificateRequestConditionApproved,
 								Status:             cmmeta.ConditionTrue,
 								Reason:             "spiffe.csi.cert-manager.io",
@@ -136,16 +136,15 @@ func Test_Reconcile(t *testing.T) {
 			a := &approver{
 				client:    fakeclient,
 				lister:    fakeclient,
-				log:       klogr.New(),
+				log:       ktesting.NewLogger(t, ktesting.DefaultConfig),
 				evaluator: test.evaluator,
 			}
 
 			result, err := a.Reconcile(context.TODO(), ctrl.Request{NamespacedName: types.NamespacedName{Namespace: "test-ns", Name: "test-cr"}})
 			assert.Equalf(t, test.expError, err != nil, "%v", err)
 			assert.Equal(t, test.expResult, result)
 
-			for _, expectedObject := range test.expObjects {
-				expObj := expectedObject.(client.Object)
+			for _, expObj := range test.expObjects {
 				var actual client.Object
 				switch expObj.(type) {
 				case *cmapi.CertificateRequest:

internal/approver/controller/test/suite.go

@@ -26,7 +26,6 @@ import (
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
-	"k8s.io/klog/v2/klogr"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/metrics/server"
@@ -72,7 +71,7 @@ var _ = Context("Approval", func() {
 		}
 		Expect(cl.Create(ctx, &namespace)).NotTo(HaveOccurred())
 
-		log := klogr.New().WithName("testing")
+		log := GinkgoLogr
 		mgr, err := ctrl.NewManager(env.Config, ctrl.Options{
 			Scheme:         scheme,
 			LeaderElection: true,
@@ -93,7 +92,9 @@ var _ = Context("Approval", func() {
 		})).NotTo(HaveOccurred())
 
 		By("Running Approver controller")
-		go mgr.Start(ctx)
+		go func() {
+			Expect(mgr.Start(ctx)).NotTo(HaveOccurred())
+		}()
 
 		By("Waiting for Leader Election")
 		<-mgr.Elected()

internal/approver/evaluator/evaluator_test.go

@@ -26,7 +26,7 @@ import (
 	utilpki "github.com/cert-manager/cert-manager/pkg/util/pki"
 	"github.com/stretchr/testify/assert"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/utils/pointer"
+	"k8s.io/utils/ptr"
 )
 
 func Test_Evaluate(t *testing.T) {
@@ -231,7 +231,7 @@ func Test_Evaluate(t *testing.T) {
 				csr, err := utilpki.GenerateCSR(&cmapi.Certificate{
 					Spec: cmapi.CertificateSpec{
 						PrivateKey:            &cmapi.CertificatePrivateKey{Algorithm: cmapi.ECDSAKeyAlgorithm},
-						EncodeUsagesInRequest: pointer.Bool(true),
+						EncodeUsagesInRequest: ptr.To(true),
 						URIs:                  []string{"spiffe://foo.bar/ns/sandbox/sa/sleep"},
 						Usages: []cmapi.KeyUsage{
 							cmapi.UsageDigitalSignature, cmapi.UsageKeyEncipherment,

internal/approver/evaluator/extensions.go

@@ -97,7 +97,7 @@ func validateKeyUsageExtension(value []byte) error {
 	// Clear allowed usages bits from value
 	for _, usage := range allowedKeyUsages {
 		for i, b := range usage {
-			extValue[i] = extValue[i] &^ b
+			extValue[i] &^= b
 		}
 	}
 

internal/approver/evaluator/extensions_test.go

@@ -306,7 +306,6 @@ func powerset(set []interface{}) (subsets [][]interface{}) {
 
 	// Go through all possible combinations of objects
 	// from 1 (only first object in subset) to 2^length (all objects in subset)
-	//math.Pow(
 	for subsetBits := 1; subsetBits < (1 << length); subsetBits++ {
 		var subset []interface{}
 

internal/csi/app/app.go

@@ -65,7 +65,7 @@ func NewCommand(ctx context.Context) *cobra.Command {
 			annotations := map[string]string{}
 			for key, value := range opts.CertManager.CertificateRequestAnnotations {
 				if strings.HasPrefix(key, "spiffe.csi.cert-manager.io") {
-					log.Error(nil, "custom annotations must not begin with spiffe.csi.cert-manager.io, skipping %s", key)
+					log.Error(nil, "custom annotations must not begin with spiffe.csi.cert-manager.io", "annotation-key", key)
 				} else {
 					annotations[key] = value
 				}

internal/csi/driver/camanager_test.go

@@ -23,7 +23,7 @@ import (
 	"time"
 
 	"github.com/stretchr/testify/assert"
-	"k8s.io/klog/v2/klogr"
+	"k8s.io/klog/v2/ktesting"
 
 	"github.com/cert-manager/csi-driver-spiffe/internal/csi/rootca"
 )
@@ -37,7 +37,7 @@ func Test_manageCAFiles(t *testing.T) {
 	t.Log("starting manageCAFiles()")
 	rootCAsChan := make(chan []byte)
 	c := &camanager{
-		log:     klogr.New(),
+		log:     ktesting.NewLogger(t, ktesting.DefaultConfig),
 		rootCAs: rootca.NewMemory(ctx, rootCAsChan),
 	}
 	go func() {

internal/csi/driver/driver_test.go

@@ -43,7 +43,7 @@ func Test_writeKeyPair(t *testing.T) {
 	capk, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
 	require.NoError(t, err)
 
-	caTmpl, err := utilpki.GenerateTemplate(&cmapi.Certificate{Spec: cmapi.CertificateSpec{CommonName: "my-ca"}})
+	caTmpl, err := utilpki.CertificateTemplateFromCertificate(&cmapi.Certificate{Spec: cmapi.CertificateSpec{CommonName: "my-ca"}})
 	require.NoError(t, err)
 
 	caPEM, ca, err := utilpki.SignCertificate(caTmpl, caTmpl, capk.Public(), capk)
@@ -52,7 +52,7 @@ func Test_writeKeyPair(t *testing.T) {
 	leafpk, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
 	require.NoError(t, err)
 
-	leafTmpl, err := utilpki.GenerateTemplate(
+	leafTmpl, err := utilpki.CertificateTemplateFromCertificate(
 		&cmapi.Certificate{
 			Spec: cmapi.CertificateSpec{URIs: []string{"spiffe://cert-manager.io/ns/sandbox/sa/default"}},
 		},

internal/csi/rootca/file.go

@@ -95,7 +95,9 @@ func (f *file) start(ctx context.Context, watcher *fsnotify.Watcher) {
 			// Watch for remove events, since this is actually the syslink being
 			// changed in the volume mount.
 			if event.Op == fsnotify.Remove {
-				watcher.Remove(event.Name)
+				if err := watcher.Remove(event.Name); err != nil {
+					f.log.Error(err, "failed to remove file watch")
+				}
 				if err := watcher.Add(f.filepath); err != nil {
 					f.log.Error(err, "failed to add new file watch")
 				}

internal/csi/rootca/file_test.go

@@ -24,14 +24,14 @@ import (
 	"time"
 
 	"github.com/stretchr/testify/assert"
-	"k8s.io/klog/v2/klogr"
+	"k8s.io/klog/v2/ktesting"
 )
 
 func Test_NewFile(t *testing.T) {
 	filepath := filepath.Join(t.TempDir(), "test-file.pem")
 
 	t.Log("if no file exists, expect NewFile to error")
-	_, err := NewFile(context.TODO(), klogr.New(), filepath)
+	_, err := NewFile(context.TODO(), ktesting.NewLogger(t, ktesting.DefaultConfig), filepath)
 	assert.Error(t, err, "expect file to not exist")
 
 	t.Log("should return the contents of the file with CertificatesPEM()")
@@ -43,7 +43,7 @@ func Test_NewFile(t *testing.T) {
 		cancel()
 	})
 
-	f, err := NewFile(ctx, klogr.New(), filepath)
+	f, err := NewFile(ctx, ktesting.NewLogger(t, ktesting.DefaultConfig), filepath)
 	assert.NoError(t, err)
 
 	assert.Equal(t, []byte("test data"), f.CertificatesPEM())

internal/flags/flags.go

@@ -27,7 +27,6 @@ import (
 	"k8s.io/client-go/rest"
 	cliflag "k8s.io/component-base/cli/flag"
 	"k8s.io/klog/v2"
-	"k8s.io/klog/v2/klogr"
 
 	_ "k8s.io/client-go/plugin/pkg/client/auth"
 )
@@ -69,8 +68,10 @@ func (f *Flags) Prepare(cmd *cobra.Command) *Flags {
 
 func (f *Flags) Complete() error {
 	klog.InitFlags(nil)
-	f.Logr = klogr.New()
-	flag.Set("v", f.logLevel)
+	f.Logr = klog.TODO()
+	if err := flag.Set("v", f.logLevel); err != nil {
+		return fmt.Errorf("failed to set log level: %s", err)
+	}
 
 	var err error
 	f.RestConfig, err = f.kubeConfigFlags.ToRESTConfig()

test/e2e/suite/carotation/carotation.go

@@ -23,7 +23,7 @@ import (
 	corev1 "k8s.io/api/core/v1"
 	rbacv1 "k8s.io/api/rbac/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/utils/pointer"
+	"k8s.io/utils/ptr"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
 	"github.com/cert-manager/csi-driver-spiffe/test/e2e/framework"
@@ -83,24 +83,24 @@ var _ = framework.CasesDescribe("CA rotation", func() {
 				Namespace: f.Namespace.Name,
 			},
 			Spec: corev1.PodSpec{
-				Volumes: []corev1.Volume{corev1.Volume{
+				Volumes: []corev1.Volume{{
 					Name: "csi-driver-spiffe",
 					VolumeSource: corev1.VolumeSource{
 						CSI: &corev1.CSIVolumeSource{
 							Driver:   "spiffe.csi.cert-manager.io",
-							ReadOnly: pointer.Bool(true),
+							ReadOnly: ptr.To(true),
 						},
 					},
 				}},
 				ServiceAccountName: "test-pod",
 				Containers: []corev1.Container{
-					corev1.Container{
+					{
 						Name:            "my-container",
 						Image:           "docker.io/library/busybox:1.36.1-musl",
 						ImagePullPolicy: corev1.PullNever,
 						Command:         []string{"sleep", "10000"},
 						VolumeMounts: []corev1.VolumeMount{
-							corev1.VolumeMount{
+							{
 								Name:      "csi-driver-spiffe",
 								MountPath: "/var/run/secrets/my-pod",
 							},
@@ -142,7 +142,7 @@ var _ = framework.CasesDescribe("CA rotation", func() {
 			cmd := exec.Command(f.Config().KubectlBinPath, "exec", "-n"+f.Namespace.Name, podName, "-cmy-container", "--", "cat", "/var/run/secrets/my-pod/ca.crt")
 			cmd.Stdout = buf
 			cmd.Stderr = GinkgoWriter
-			cmd.Run()
+			Expect(cmd.Run()).ToNot(HaveOccurred())
 
 			Expect(caData).To(Equal(buf.Bytes()), "expected the Issuer CA bundle to equal the CA mounted to the pod file")
 		}

test/e2e/suite/fsgroup/fsgroup.go

@@ -23,7 +23,7 @@ import (
 	corev1 "k8s.io/api/core/v1"
 	rbacv1 "k8s.io/api/rbac/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/utils/pointer"
+	"k8s.io/utils/ptr"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
 	"github.com/cert-manager/csi-driver-spiffe/test/e2e/framework"
@@ -46,30 +46,30 @@ var _ = framework.CasesDescribe("FSGroup", func() {
 				Namespace:    f.Namespace.Name,
 			},
 			Spec: corev1.PodSpec{
-				Volumes: []corev1.Volume{corev1.Volume{
+				Volumes: []corev1.Volume{{
 					Name: "csi-driver-spiffe",
 					VolumeSource: corev1.VolumeSource{
 						CSI: &corev1.CSIVolumeSource{
 							Driver:   "spiffe.csi.cert-manager.io",
-							ReadOnly: pointer.Bool(true),
+							ReadOnly: ptr.To(true),
 							VolumeAttributes: map[string]string{
 								"spiffe.csi.cert-manager.io/fs-group": "1541",
 							},
 						},
 					},
 				}},
 				SecurityContext: &corev1.PodSecurityContext{
-					RunAsUser:  pointer.Int64(1321),
-					RunAsGroup: pointer.Int64(1541),
+					RunAsUser:  ptr.To(int64(1321)),
+					RunAsGroup: ptr.To(int64(1541)),
 				},
 				Containers: []corev1.Container{
-					corev1.Container{
+					{
 						Name:            "my-container",
 						Image:           "docker.io/library/busybox:1.36.1-musl",
 						ImagePullPolicy: corev1.PullNever,
 						Command:         []string{"sleep", "10000"},
 						VolumeMounts: []corev1.VolumeMount{
-							corev1.VolumeMount{
+							{
 								Name:      "csi-driver-spiffe",
 								MountPath: "/var/run/secrets/my-pod",
 							},
@@ -153,9 +153,9 @@ var _ = framework.CasesDescribe("FSGroup", func() {
 			cmd := exec.Command(f.Config().KubectlBinPath, "exec", "-n"+f.Namespace.Name, pod.Name, "-cmy-container", "--", "cat", "/var/run/secrets/my-pod/"+filename)
 			cmd.Stdout = buf
 			cmd.Stderr = GinkgoWriter
-			cmd.Run()
+			Expect(cmd.Run()).ToNot(HaveOccurred())
 
-			Expect(buf.Bytes()).NotTo(HaveLen(0), "expected the file to have a non-zero entry")
+			Expect(buf.Bytes()).NotTo(BeEmpty(), "expected the file to have a non-zero entry")
 		}
 		Expect(f.Client().Delete(f.Context(), &pod)).NotTo(HaveOccurred())
 	})
@@ -165,7 +165,7 @@ var _ = framework.CasesDescribe("FSGroup", func() {
 		badPod := *podTemplate.DeepCopy()
 		badPod.Namespace = f.Namespace.Name
 		badPod.Spec.ServiceAccountName = serviceAccount.Name
-		badPod.Spec.SecurityContext.RunAsGroup = pointer.Int64(123)
+		badPod.Spec.SecurityContext.RunAsGroup = ptr.To(int64(123))
 		Expect(f.Client().Create(f.Context(), &badPod)).NotTo(HaveOccurred())
 
 		By("Waiting for pod to become ready")
@@ -185,9 +185,9 @@ var _ = framework.CasesDescribe("FSGroup", func() {
 			cmd := exec.Command(f.Config().KubectlBinPath, "exec", "-n"+f.Namespace.Name, badPod.Name, "-cmy-container", "--", "cat", "/var/run/secrets/my-pod/"+filename)
 			cmd.Stdout = buf
 			cmd.Stderr = GinkgoWriter
-			cmd.Run()
+			Expect(cmd.Run()).To(HaveOccurred())
 
-			Expect(buf.Bytes()).To(HaveLen(0), "expected the file to have a zero entry")
+			Expect(buf.Bytes()).To(BeEmpty(), "expected the file to have a zero entry")
 		}
 		Expect(f.Client().Delete(f.Context(), &badPod)).NotTo(HaveOccurred())
 	})