Update to github.com/golangci/golangci-lint/cmd/golangci-lint@v1.44.2

- Two of the linters changed their names
- Updated code and nolint comments to make all linters pass with 1.44.2
- Added a new hack/install-linter.sh script to help developers install
  the expected version of the linter for local development
This commit is contained in:
Ryan Richard 2022-03-08 12:28:09 -08:00
parent 61a4f265ac
commit 996822858a
22 changed files with 55 additions and 39 deletions

View File

@ -34,7 +34,7 @@ linters:
- godot
- goheader
- goimports
- golint
- revive
- goprintffuncname
- gosec
- misspell
@ -44,7 +44,7 @@ linters:
- nolintlint
- prealloc
- rowserrcheck
- scopelint
- exportloopref
- sqlclosecheck
- unconvert
- whitespace

View File

@ -1,4 +1,4 @@
// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
package cmd
@ -170,7 +170,6 @@ func kubeconfigCommand(deps kubeconfigDeps) *cobra.Command {
return cmd
}
//nolint:funlen
func runGetKubeconfig(ctx context.Context, out io.Writer, deps kubeconfigDeps, flags getKubeconfigParams) error {
ctx, cancel := context.WithTimeout(ctx, flags.timeout)
defer cancel()

16
hack/install-linter.sh Executable file
View File

@ -0,0 +1,16 @@
#!/usr/bin/env bash
# Copyright 2022 the Pinniped contributors. All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0
set -euo pipefail
ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )/.." && pwd )"
cd "${ROOT}"
# Install the same version of the linter that is used in the CI pipelines
# so you can get the same results when running the linter locally.
# Whenever the linter is updated in the CI pipelines, it should also be
# updated here to make local development more convenient.
go install -v github.com/golangci/golangci-lint/cmd/golangci-lint@v1.44.2
golangci-lint --version

View File

@ -1,4 +1,4 @@
// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
package concierge
@ -26,7 +26,6 @@ type DiscoveryInfoSpec struct {
}
// APIConfigSpec contains configuration knobs for the Pinniped API.
//nolint: golint
type APIConfigSpec struct {
ServingCertificateConfig ServingCertificateConfigSpec `json:"servingCertificate"`
}

View File

@ -1,4 +1,4 @@
// Copyright 2021 the Pinniped contributors. All Rights Reserved.
// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
package impersonatorconfig
@ -51,7 +51,7 @@ import (
func TestImpersonatorConfigControllerOptions(t *testing.T) {
spec.Run(t, "options", func(t *testing.T, when spec.G, it spec.S) {
const installedInNamespace = "some-namespace"
const credentialIssuerResourceName = "some-credential-issuer-resource-name"
const credentialIssuerResourceName = "some-credential-issuer-resource-name" //nolint:gosec // this is not a credential
const generatedLoadBalancerServiceName = "some-service-resource-name"
const generatedClusterIPServiceName = "some-cluster-ip-resource-name"
const tlsSecretName = "some-tls-secret-name" //nolint:gosec // this is not a credential
@ -252,7 +252,7 @@ func TestImpersonatorConfigControllerSync(t *testing.T) {
name := t.Name()
spec.Run(t, "Sync", func(t *testing.T, when spec.G, it spec.S) {
const installedInNamespace = "some-namespace"
const credentialIssuerResourceName = "some-credential-issuer-resource-name"
const credentialIssuerResourceName = "some-credential-issuer-resource-name" //nolint:gosec // this is not a credential
const loadBalancerServiceName = "some-service-resource-name"
const clusterIPServiceName = "some-cluster-ip-resource-name"
const tlsSecretName = "some-tls-secret-name" //nolint:gosec // this is not a credential
@ -461,7 +461,7 @@ func TestImpersonatorConfigControllerSync(t *testing.T) {
rootCAs := x509.NewCertPool()
rootCAs.AppendCertsFromPEM(caCrt)
tr = &http.Transport{
TLSClientConfig: &tls.Config{
TLSClientConfig: &tls.Config{ //nolint:gosec // not concerned with TLS MinVersion here
// Server's TLS serving cert CA
RootCAs: rootCAs,
// Client cert which is supposed to work against the server's dynamic CAContentProvider

View File

@ -1,4 +1,4 @@
// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
package supervisorconfig
@ -51,7 +51,7 @@ const (
// generateKey is stubbed out for the purpose of testing. The default behavior is to generate an EC key.
//nolint:gochecknoglobals
var generateKey func(r io.Reader) (interface{}, error) = generateECKey
var generateKey = generateECKey
func generateECKey(r io.Reader) (interface{}, error) {
return ecdsa.GenerateKey(elliptic.P256(), r)

View File

@ -1,4 +1,4 @@
// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Package oidcupstreamwatcher implements a controller which watches OIDCIdentityProviders.
@ -52,7 +52,7 @@ const (
oidcValidatorCacheTTL = 15 * time.Minute
// Constants related to conditions.
typeClientCredentialsValid = "ClientCredentialsValid"
typeClientCredentialsValid = "ClientCredentialsValid" //nolint:gosec // this is not a credential
typeOIDCDiscoverySucceeded = "OIDCDiscoverySucceeded"
reasonUnreachable = "Unreachable"

View File

@ -1,4 +1,4 @@
// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
package fositestorage
@ -15,7 +15,7 @@ const (
ErrInvalidRequestType = constable.Error("requester must be of type fosite.Request")
ErrInvalidClientType = constable.Error("requester's client must be of type clientregistry.Client")
ErrInvalidSessionType = constable.Error("requester's session must be of type openid.DefaultSession")
StorageRequestIDLabelName = "storage.pinniped.dev/request-id" //nolint:gosec // this is not a credential
StorageRequestIDLabelName = "storage.pinniped.dev/request-id"
)
func ValidateAndExtractAuthorizeRequest(requester fosite.Requester) (*fosite.Request, error) {

View File

@ -1,4 +1,4 @@
// Copyright 2021 the Pinniped contributors. All Rights Reserved.
// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
package kubeclient
@ -15,7 +15,7 @@ import (
)
// defaultServerUrlFor was copied from k8s.io/client-go/rest/url_utils.go.
//nolint: golint
//nolint:revive
func defaultServerUrlFor(config *restclient.Config) (*url.URL, string, error) {
hasCA := len(config.CAFile) != 0 || len(config.CAData) != 0
hasCert := len(config.CertFile) != 0 || len(config.CertData) != 0

View File

@ -1,4 +1,4 @@
// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
package callback
@ -914,7 +914,7 @@ func TestCallbackEndpoint(t *testing.T) {
require.Empty(t, rsp.Body.String())
}
if test.wantRedirectLocationRegexp != "" { //nolint:nestif // don't mind have several sequential if statements in this test
if test.wantRedirectLocationRegexp != "" {
require.Len(t, rsp.Header().Values("Location"), 1)
oidctestutil.RequireAuthCodeRegexpMatch(
t,

View File

@ -1,4 +1,4 @@
// Copyright 2021 the Pinniped contributors. All Rights Reserved.
// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Package formposthtml defines HTML templates used by the Supervisor.
@ -34,7 +34,7 @@ var parsedHTMLTemplate = template.Must(template.New("form_post.gohtml").Funcs(te
"minifiedJS": func() template.JS { return template.JS(minifiedJS) }, //nolint:gosec // This is 100% static input, not attacker-controlled.
}).Parse(rawHTMLTemplate))
// Generate the CSP header value once since it's effectively constant:
// Generate the CSP header value once since it's effectively constant.
var cspValue = strings.Join([]string{
`default-src 'none'`,
`script-src '` + cspHash(minifiedJS) + `'`,

View File

@ -1,4 +1,4 @@
// Copyright 2021 the Pinniped contributors. All Rights Reserved.
// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Package fakekubeapi contains a *very* simple httptest.Server that can be used to stand in for
@ -190,7 +190,7 @@ func encodeObj(w http.ResponseWriter, r *http.Request, obj runtime.Object) error
return httperr.Newf(http.StatusInternalServerError, "unable to find serialier with content-type %s", mediaType)
}
data, err := runtime.Encode(serializerInfo.Serializer, obj.(runtime.Object))
data, err := runtime.Encode(serializerInfo.Serializer, obj)
if err != nil {
return httperr.Wrap(http.StatusInternalServerError, "decode obj", err)
}

View File

@ -1,6 +1,7 @@
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
//nolint:goimports // not an import
// +build go1.14
package testutil

View File

@ -1,4 +1,4 @@
// Copyright 2021 the Pinniped contributors. All Rights Reserved.
// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
package upstreamldap
@ -1489,7 +1489,7 @@ func TestRealTLSDialing(t *testing.T) {
// Indirectly checking that the Dialer method constructed the ldap.Conn with isTLS set to true,
// since this is always the correct behavior unless/until we want to support StartTLS.
err := conn.(*ldap.Conn).StartTLS(&tls.Config{})
err := conn.(*ldap.Conn).StartTLS(&tls.Config{}) //nolint:gosec // not concerned with TLS MinVersion here
require.EqualError(t, err, `LDAP Result Code 200 "Network Error": ldap: already encrypted`)
}
})

View File

@ -405,6 +405,7 @@ func oidcLoginCommand(ctx context.Context, t *testing.T, pinnipedExe string, ses
env := testlib.IntegrationEnv(t)
callbackURL, err := url.Parse(env.CLIUpstreamOIDC.CallbackURL)
require.NoError(t, err)
//nolint:gosec // not worried about these potentially tainted inputs
cmd := exec.CommandContext(ctx, pinnipedExe, "login", "oidc",
"--issuer", env.CLIUpstreamOIDC.Issuer,
"--client-id", env.CLIUpstreamOIDC.ClientID,

View File

@ -2051,7 +2051,7 @@ func requireDisabledStrategy(ctx context.Context, t *testing.T, env *testlib.Tes
// There will be other strategy types in the list, so ignore those.
if strategy.Type == conciergev1alpha.ImpersonationProxyStrategyType &&
strategy.Status == conciergev1alpha.ErrorStrategyStatus &&
strategy.Reason == conciergev1alpha.DisabledStrategyReason { //nolint:nestif
strategy.Reason == conciergev1alpha.DisabledStrategyReason {
return true, nil // found it, continue the test!
} else if strategy.Type == conciergev1alpha.ImpersonationProxyStrategyType {
t.Logf("Waiting for disabled impersonation proxy strategy on %s: found status %s with reason %s and message: %s",
@ -2214,7 +2214,6 @@ func kubectlCommand(timeout context.Context, t *testing.T, kubeconfigPath string
t.Helper()
allArgs := append([]string{"--kubeconfig", kubeconfigPath}, args...)
//nolint:gosec // we are not performing malicious argument injection against ourselves
kubectlCmd := exec.CommandContext(timeout, "kubectl", allArgs...)
var stdout, stderr syncBuffer
kubectlCmd.Stdout = &stdout

View File

@ -1,4 +1,4 @@
// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
package integration
@ -278,7 +278,7 @@ func TestSupervisorTLSTerminationWithDefaultCerts_Disruptive(t *testing.T) {
}
func defaultTLSCertSecretName(env *testlib.TestEnv) string {
return env.SupervisorAppName + "-default-tls-certificate" //nolint:gosec // this is not a hardcoded credential
return env.SupervisorAppName + "-default-tls-certificate"
}
func createTLSCertificateSecret(ctx context.Context, t *testing.T, ns string, hostname string, ips []net.IP, secretName string, kubeClient kubernetes.Interface) *certauthority.CA {

View File

@ -1,4 +1,4 @@
// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
package integration
@ -41,7 +41,7 @@ func TestSupervisorHealthz(t *testing.T) {
require.NoError(t, err)
httpClient := &http.Client{}
response, err := httpClient.Do(requestHealthEndpoint) //nolint:bodyclose
response, err := httpClient.Do(requestHealthEndpoint)
require.NoError(t, err)
require.Equal(t, http.StatusOK, response.StatusCode)

View File

@ -1,4 +1,4 @@
// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
package integration
@ -999,7 +999,7 @@ func testSupervisorLogin(
// Create an HTTP client that can reach the downstream discovery endpoint using the CA certs.
httpClient := &http.Client{
Transport: &http.Transport{
TLSClientConfig: &tls.Config{RootCAs: ca.Pool()},
TLSClientConfig: &tls.Config{RootCAs: ca.Pool()}, //nolint:gosec // not concerned with TLS MinVersion here
Proxy: func(req *http.Request) (*url.URL, error) {
if strings.HasPrefix(req.URL.Host, "127.0.0.1") {
// don't proxy requests to localhost to avoid proxying calls to our local callback listener

View File

@ -1,4 +1,4 @@
// Copyright 2021 the Pinniped contributors. All Rights Reserved.
// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
package testlib
@ -30,7 +30,7 @@ type (
}
)
// loopTestingT implements require.TestingT:
// loopTestingT implements require.TestingT.
var _ require.TestingT = (*loopTestingT)(nil)
// Errorf is called by the assert.Assertions methods to record an error.

View File

@ -99,7 +99,7 @@ type TestLDAPUpstream struct {
TestUserUniqueIDAttributeName string `json:"testUserUniqueIDAttributeName"`
TestUserUniqueIDAttributeValue string `json:"testUserUniqueIDAttributeValue"`
TestUserDirectGroupsCNs []string `json:"testUserDirectGroupsCNs"`
TestUserDirectGroupsDNs []string `json:"testUserDirectGroupsDNs"` //nolint:golint // this is "distinguished names", not "DNS"
TestUserDirectGroupsDNs []string `json:"testUserDirectGroupsDNs"` //nolint:revive // this is "distinguished names", not "DNS"
TestUserSAMAccountNameValue string `json:"testUserSAMAccountNameValue"`
TestUserPrincipalNameValue string `json:"testUserPrincipalNameValue"`
TestUserIndirectGroupsSAMAccountNames []string `json:"TestUserIndirectGroupsSAMAccountNames"`

View File

@ -1,6 +1,7 @@
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
//nolint:goimports // not an import
// +build go1.14
package testlib