[CI] golang linter configuration + bootstrapper fixes

.github/workflows/golang-linter.yaml

@@ -0,0 +1,30 @@
+name: golangci-lint
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+permissions:
+  contents: read
+  pull-requests: read
+
+jobs:
+  lint-bootstrapper:
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          # token: ${{ secrets.CI_PAT }}
+          submodules: recursive
+          fetch-depth: "0"
+      - uses: actions/setup-go@v4
+        with:
+          go-version: '1.21'
+          cache: false
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v3
+        with:
+          version: v1.55
+          only-new-issues: true
+          working-directory: deepfence_bootstrapper

.golangci.yml

@@ -0,0 +1,11 @@
+linters:
+  enable:
+  - stylecheck
+  - gocritic
+  # - dupl
+  - durationcheck
+  # - goconst
+  - gofmt
+  - goimports
+  # - misspell
+  # - nestif

deepfence_bootstrapper/cgroups/cgroups.go

@@ -14,12 +14,12 @@ import (
 )
 
 var (
-	cgroups1            = map[string]cgroup1.Cgroup{}
-	cgroups2            = map[string]*cgroup2.Manager{}
-	FailUpdateError     = errors.New("Failed to update")
-	FailCreateError     = errors.New("Failed to create")
-	CgroupNotExistError = errors.New("Cgroup does not exist")
-	cgroupV2            bool
+	cgroups1          = map[string]cgroup1.Cgroup{}
+	cgroups2          = map[string]*cgroup2.Manager{}
+	ErrFailUpdate     = errors.New("failed to update")
+	ErrFailCreate     = errors.New("failed to create")
+	ErrCgroupNotExist = errors.New("cgroup does not exist")
+	cgroupV2          bool
 )
 
 func init() {
@@ -39,7 +39,7 @@ func LoadCgroup(name string, cpulimit int64, memlimit int64) error {
 					Shares: &shares,
 				},
 			}); err != nil {
-				return FailUpdateError
+				return ErrFailUpdate
 			}
 		} else {
 			control, err = cgroup1.New(path, &specs.LinuxResources{
@@ -52,14 +52,14 @@ func LoadCgroup(name string, cpulimit int64, memlimit int64) error {
 			})
 			if err != nil {
 				log.Error().Err(err).Msg("create")
-				return FailCreateError
+				return ErrFailCreate
 			}
 		}
 		cgroups1[name] = control
 	} else {
 		cpuperiod := uint64(100000) // 100 ms
-		total_cpu := int64(1000000 * runtime.NumCPU())
-		cpulimit *= total_cpu
+		totalCPU := int64(1000000 * runtime.NumCPU())
+		cpulimit *= totalCPU
 		cpulimit /= 100
 
 		res := cgroup2.Resources{
@@ -95,13 +95,13 @@ func AttachProcessToCgroup(name string, pid int) error {
 	if !cgroupV2 {
 		control, has := cgroups1[name]
 		if !has {
-			return CgroupNotExistError
+			return ErrCgroupNotExist
 		}
 		return control.Add(cgroup1.Process{Pid: pid})
 	} else {
 		m, has := cgroups2[name]
 		if !has {
-			return CgroupNotExistError
+			return ErrCgroupNotExist
 		}
 		return m.AddProc(uint64(pid))
 	}

deepfence_bootstrapper/config/ini.go

@@ -37,26 +37,26 @@ func NewIniConfig(input []byte) (Config, error) {
 	processEntries := []ProcessEntry{}
 	cgroupEntries := []CgroupEntry{}
 	for _, section := range cfg.Sections() {
-		type_name := strings.Split(section.Name(), ":")
-		if len(type_name) != 2 {
+		typeName := strings.Split(section.Name(), ":")
+		if len(typeName) != 2 {
 			log.Warn().Msgf("Illformed section name: %s", section.Name())
 			continue
 		}
-		if type_name[0] == "process" {
+		if typeName[0] == "process" {
 			processEntries = append(processEntries, ProcessEntry{
 				Autorestart: section.Key("autorestart").MustBool(),
 				Autostart:   section.Key("autostart").MustBool(),
 				Path:        section.Key("path").String(),
 				Cgroup:      section.Key("cgroup").String(),
 				Command:     section.Key("command").String(),
 				Env:         section.Key("environment").String(),
-				Name:        type_name[1],
+				Name:        typeName[1],
 			})
-		} else if type_name[0] == "cgroup" {
+		} else if typeName[0] == "cgroup" {
 			cgroupEntries = append(cgroupEntries, CgroupEntry{
 				MaxCPU: section.Key("maxcpu").MustInt(),
 				MaxMem: section.Key("maxmem").MustInt(),
-				Name:   type_name[1],
+				Name:   typeName[1],
 			})
 		}
 	}

deepfence_bootstrapper/controls/controls.go

@@ -17,17 +17,19 @@ import (
 	linuxScannerUtil "github.com/deepfence/compliance/util"
 )
 
+var (
+	ErrMissingScanID = errors.New("missing scan id in the StopComplianceScanRequest")
+	ErrStopScan      = errors.New("failed to stop scan")
+)
+
 func SetClusterAgentControls(k8sClusterName string) {
-	err := router.RegisterControl(ctl.StartComplianceScan,
-		func(req ctl.StartComplianceScanRequest) error {
-			return StartComplianceScan(req)
-		})
+	err := router.RegisterControl(ctl.StartComplianceScan, StartComplianceScan)
 	if err != nil {
-		log.Error().Msgf("set controls: %v", err)
+		log.Error().Err(err).Msg("set controls")
 	}
 	_, err = exec.Command("/bin/sh", "/home/deepfence/token.sh").CombinedOutput()
 	if err != nil {
-		log.Error().Msgf("generate token: %v", err)
+		log.Error().Err(err).Msg("generate token")
 	} else {
 		log.Debug().Msg("Token generated successfully")
 	}
@@ -39,7 +41,7 @@ func SetClusterAgentControls(k8sClusterName string) {
 			return StartClusterAgentUpgrade(req)
 		})
 	if err != nil {
-		log.Error().Msgf("set controls: %v", err)
+		log.Error().Err(err).Msg("set controls")
 	}
 	err = router.RegisterControl(ctl.SendAgentDiagnosticLogs,
 		func(req ctl.SendAgentDiagnosticLogsRequest) error {
@@ -51,25 +53,19 @@ func SetClusterAgentControls(k8sClusterName string) {
 				[]string{})
 		})
 	if err != nil {
-		log.Error().Msgf("set controls: %v", err)
+		log.Error().Err(err).Msg("set controls")
 	}
 }
 
 func SetAgentControls() {
-	err := router.RegisterControl(ctl.StartVulnerabilityScan,
-		func(req ctl.StartVulnerabilityScanRequest) error {
-			return router.StartVulnerabilityScan(req)
-		})
+	err := router.RegisterControl(ctl.StartVulnerabilityScan, router.StartVulnerabilityScan)
 	if err != nil {
-		log.Error().Msgf("set controls: %v", err)
+		log.Error().Err(err).Msg("set controls")
 	}
 
-	err = router.RegisterControl(ctl.StartSecretScan,
-		func(req ctl.StartSecretScanRequest) error {
-			return router.StartSecretsScan(req)
-		})
+	err = router.RegisterControl(ctl.StartSecretScan, router.StartSecretsScan)
 	if err != nil {
-		log.Error().Msgf("set controls: %v", err)
+		log.Error().Err(err).Msg("set controls")
 	}
 	err = router.RegisterControl(ctl.StartComplianceScan,
 		func(req ctl.StartComplianceScanRequest) error {
@@ -87,25 +83,22 @@ func SetAgentControls() {
 			}
 
 			log.Info().Msg("StartComplianceScan Starting")
-			//We need to run this in a goroutine else it will block the
-			//fetch and execution of controls
+			// We need to run this in a goroutine else it will block the
+			// fetch and execution of controls
 			go func() {
 				err := scanner.RunComplianceScan()
 				if err != nil {
-					log.Error().Msgf("Error from RunComplianceScan: %+v", err)
+					log.Error().Err(err).Msg("Error from RunComplianceScan")
 				}
 			}()
 			return nil
 		})
 	if err != nil {
-		log.Error().Msgf("set controls: %v", err)
+		log.Error().Err(err).Msg("set controls")
 	}
-	err = router.RegisterControl(ctl.StartMalwareScan,
-		func(req ctl.StartMalwareScanRequest) error {
-			return router.StartMalwareScan(req)
-		})
+	err = router.RegisterControl(ctl.StartMalwareScan, router.StartMalwareScan)
 	if err != nil {
-		log.Error().Msgf("set controls: %v", err)
+		log.Error().Err(err).Msg("set controls")
 	}
 	err = router.RegisterControl(ctl.StartAgentUpgrade,
 		func(req ctl.StartAgentUpgradeRequest) error {
@@ -115,7 +108,7 @@ func SetAgentControls() {
 			return router.StartAgentUpgrade(req)
 		})
 	if err != nil {
-		log.Error().Msgf("set controls: %v", err)
+		log.Error().Err(err).Msg("set controls")
 	}
 	err = router.RegisterControl(ctl.StartAgentPlugin,
 		func(req ctl.EnableAgentPluginRequest) error {
@@ -129,15 +122,15 @@ func SetAgentControls() {
 			return supervisor.StartProcess(req.PluginName)
 		})
 	if err != nil {
-		log.Error().Msgf("set controls: %v", err)
+		log.Error().Err(err).Msg("set controls")
 	}
 	err = router.RegisterControl(ctl.StopAgentPlugin,
 		func(req ctl.DisableAgentPluginRequest) error {
 			log.Info().Msg("Stop Agent Plugin")
 			return supervisor.StopProcess(req.PluginName)
 		})
 	if err != nil {
-		log.Error().Msgf("set controls: %v", err)
+		log.Error().Err(err).Msg("set controls")
 	}
 	err = router.RegisterControl(ctl.SendAgentDiagnosticLogs,
 		func(req ctl.SendAgentDiagnosticLogsRequest) error {
@@ -147,17 +140,17 @@ func SetAgentControls() {
 				[]string{"/var/log/fenced/compliance/", "/var/log/fenced/malware-scan/", "/var/log/fenced/secret-scan/"})
 		})
 	if err != nil {
-		log.Error().Msgf("set controls: %v", err)
+		log.Error().Err(err).Msg("set controls")
 	}
 
-	//Register the stop scan controls
+	// Register the stop scan controls
 	err = router.RegisterControl(ctl.StopSecretScan,
 		func(req ctl.StopSecretScanRequest) error {
 			log.Info().Msg("StopSecretScanRequest called")
 			return router.StopSecretScan(req)
 		})
 	if err != nil {
-		log.Error().Msgf("set controls: %v", err)
+		log.Error().Err(err).Msg("set controls")
 	}
 
 	err = router.RegisterControl(ctl.StopMalwareScan,
@@ -166,7 +159,7 @@ func SetAgentControls() {
 			return router.StopMalwareScan(req)
 		})
 	if err != nil {
-		log.Error().Msgf("set controls: %v", err)
+		log.Error().Err(err).Msg("set controls")
 	}
 
 	err = router.RegisterControl(ctl.StopVulnerabilityScan,
@@ -175,25 +168,25 @@ func SetAgentControls() {
 			return router.StopVulnerabilityScan(req)
 		})
 	if err != nil {
-		log.Error().Msgf("set controls: %v", err)
+		log.Error().Err(err).Msg("set controls")
 	}
 
 	err = router.RegisterControl(ctl.StopComplianceScan,
 		func(req ctl.StopComplianceScanRequest) error {
 			log.Info().Msg("StopComplianceScanRequest called")
-			scanId, ok := req.BinArgs["scan_id"]
-			var err error
-			if ok {
-				retVal := linuxScanner.StopScan(scanId)
-				if !retVal {
-					err = errors.New("Failed to stop scan")
-				}
-			} else {
-				err = errors.New("Missing scan id in the StopComplianceScanRequest")
+			scanID, ok := req.BinArgs["scan_id"]
+
+			if !ok {
+				return ErrMissingScanID
+			}
+
+			if err := linuxScanner.StopScan(scanID); err != nil {
+				return fmt.Errorf("linuxScanner.StopScan: %w", err)
 			}
-			return err
+
+			return nil
 		})
 	if err != nil {
-		log.Error().Msgf("set controls: %v", err)
+		log.Error().Err(err).Msg("set controls")
 	}
 }

deepfence_bootstrapper/controls/diagnostic_logs.go

@@ -41,8 +41,8 @@ func SendAgentDiagnosticLogs(req ctl.SendAgentDiagnosticLogsRequest, pathsToZip
 	return publishDiagnosticLogsStatus(ctx, httpsClient.Client(), req.NodeId, utils.SCAN_STATUS_SUCCESS, "")
 }
 
-func publishDiagnosticLogsStatus(ctx context.Context, httpsClient *client.APIClient, nodeId string, status string, message string) error {
-	httpReq := httpsClient.DiagnosisAPI.UpdateAgentDiagnosticLogsStatus(ctx, nodeId)
+func publishDiagnosticLogsStatus(ctx context.Context, httpsClient *client.APIClient, nodeID string, status string, message string) error {
+	httpReq := httpsClient.DiagnosisAPI.UpdateAgentDiagnosticLogsStatus(ctx, nodeID)
 	httpReq = httpReq.DiagnosisDiagnosticLogsStatus(client.DiagnosisDiagnosticLogsStatus{
 		Message: &message,
 		Status:  status,