Update to github.com/golangci/golangci-lint/cmd/golangci-lint@v1.44.2

- Two of the linters changed their names
- Updated code and nolint comments to make all linters pass with 1.44.2
- Added a new hack/install-linter.sh script to help developers install
  the expected version of the linter for local development
This commit is contained in:
Ryan Richard 2022-03-08 12:28:09 -08:00
parent 61a4f265ac
commit 996822858a
22 changed files with 55 additions and 39 deletions

View File

@ -34,7 +34,7 @@ linters:
- godot - godot
- goheader - goheader
- goimports - goimports
- golint - revive
- goprintffuncname - goprintffuncname
- gosec - gosec
- misspell - misspell
@ -44,7 +44,7 @@ linters:
- nolintlint - nolintlint
- prealloc - prealloc
- rowserrcheck - rowserrcheck
- scopelint - exportloopref
- sqlclosecheck - sqlclosecheck
- unconvert - unconvert
- whitespace - whitespace

View File

@ -1,4 +1,4 @@
// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. // Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0 // SPDX-License-Identifier: Apache-2.0
package cmd package cmd
@ -170,7 +170,6 @@ func kubeconfigCommand(deps kubeconfigDeps) *cobra.Command {
return cmd return cmd
} }
//nolint:funlen
func runGetKubeconfig(ctx context.Context, out io.Writer, deps kubeconfigDeps, flags getKubeconfigParams) error { func runGetKubeconfig(ctx context.Context, out io.Writer, deps kubeconfigDeps, flags getKubeconfigParams) error {
ctx, cancel := context.WithTimeout(ctx, flags.timeout) ctx, cancel := context.WithTimeout(ctx, flags.timeout)
defer cancel() defer cancel()

16
hack/install-linter.sh Executable file
View File

@ -0,0 +1,16 @@
#!/usr/bin/env bash
# Copyright 2022 the Pinniped contributors. All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0
set -euo pipefail
ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )/.." && pwd )"
cd "${ROOT}"
# Install the same version of the linter that is used in the CI pipelines
# so you can get the same results when running the linter locally.
# Whenever the linter is updated in the CI pipelines, it should also be
# updated here to make local development more convenient.
go install -v github.com/golangci/golangci-lint/cmd/golangci-lint@v1.44.2
golangci-lint --version

View File

@ -1,4 +1,4 @@
// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. // Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0 // SPDX-License-Identifier: Apache-2.0
package concierge package concierge
@ -26,7 +26,6 @@ type DiscoveryInfoSpec struct {
} }
// APIConfigSpec contains configuration knobs for the Pinniped API. // APIConfigSpec contains configuration knobs for the Pinniped API.
//nolint: golint
type APIConfigSpec struct { type APIConfigSpec struct {
ServingCertificateConfig ServingCertificateConfigSpec `json:"servingCertificate"` ServingCertificateConfig ServingCertificateConfigSpec `json:"servingCertificate"`
} }

View File

@ -1,4 +1,4 @@
// Copyright 2021 the Pinniped contributors. All Rights Reserved. // Copyright 2021-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0 // SPDX-License-Identifier: Apache-2.0
package impersonatorconfig package impersonatorconfig
@ -51,7 +51,7 @@ import (
func TestImpersonatorConfigControllerOptions(t *testing.T) { func TestImpersonatorConfigControllerOptions(t *testing.T) {
spec.Run(t, "options", func(t *testing.T, when spec.G, it spec.S) { spec.Run(t, "options", func(t *testing.T, when spec.G, it spec.S) {
const installedInNamespace = "some-namespace" const installedInNamespace = "some-namespace"
const credentialIssuerResourceName = "some-credential-issuer-resource-name" const credentialIssuerResourceName = "some-credential-issuer-resource-name" //nolint:gosec // this is not a credential
const generatedLoadBalancerServiceName = "some-service-resource-name" const generatedLoadBalancerServiceName = "some-service-resource-name"
const generatedClusterIPServiceName = "some-cluster-ip-resource-name" const generatedClusterIPServiceName = "some-cluster-ip-resource-name"
const tlsSecretName = "some-tls-secret-name" //nolint:gosec // this is not a credential const tlsSecretName = "some-tls-secret-name" //nolint:gosec // this is not a credential
@ -252,7 +252,7 @@ func TestImpersonatorConfigControllerSync(t *testing.T) {
name := t.Name() name := t.Name()
spec.Run(t, "Sync", func(t *testing.T, when spec.G, it spec.S) { spec.Run(t, "Sync", func(t *testing.T, when spec.G, it spec.S) {
const installedInNamespace = "some-namespace" const installedInNamespace = "some-namespace"
const credentialIssuerResourceName = "some-credential-issuer-resource-name" const credentialIssuerResourceName = "some-credential-issuer-resource-name" //nolint:gosec // this is not a credential
const loadBalancerServiceName = "some-service-resource-name" const loadBalancerServiceName = "some-service-resource-name"
const clusterIPServiceName = "some-cluster-ip-resource-name" const clusterIPServiceName = "some-cluster-ip-resource-name"
const tlsSecretName = "some-tls-secret-name" //nolint:gosec // this is not a credential const tlsSecretName = "some-tls-secret-name" //nolint:gosec // this is not a credential
@ -461,7 +461,7 @@ func TestImpersonatorConfigControllerSync(t *testing.T) {
rootCAs := x509.NewCertPool() rootCAs := x509.NewCertPool()
rootCAs.AppendCertsFromPEM(caCrt) rootCAs.AppendCertsFromPEM(caCrt)
tr = &http.Transport{ tr = &http.Transport{
TLSClientConfig: &tls.Config{ TLSClientConfig: &tls.Config{ //nolint:gosec // not concerned with TLS MinVersion here
// Server's TLS serving cert CA // Server's TLS serving cert CA
RootCAs: rootCAs, RootCAs: rootCAs,
// Client cert which is supposed to work against the server's dynamic CAContentProvider // Client cert which is supposed to work against the server's dynamic CAContentProvider

View File

@ -1,4 +1,4 @@
// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. // Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0 // SPDX-License-Identifier: Apache-2.0
package supervisorconfig package supervisorconfig
@ -51,7 +51,7 @@ const (
// generateKey is stubbed out for the purpose of testing. The default behavior is to generate an EC key. // generateKey is stubbed out for the purpose of testing. The default behavior is to generate an EC key.
//nolint:gochecknoglobals //nolint:gochecknoglobals
var generateKey func(r io.Reader) (interface{}, error) = generateECKey var generateKey = generateECKey
func generateECKey(r io.Reader) (interface{}, error) { func generateECKey(r io.Reader) (interface{}, error) {
return ecdsa.GenerateKey(elliptic.P256(), r) return ecdsa.GenerateKey(elliptic.P256(), r)

View File

@ -1,4 +1,4 @@
// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. // Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0 // SPDX-License-Identifier: Apache-2.0
// Package oidcupstreamwatcher implements a controller which watches OIDCIdentityProviders. // Package oidcupstreamwatcher implements a controller which watches OIDCIdentityProviders.
@ -52,7 +52,7 @@ const (
oidcValidatorCacheTTL = 15 * time.Minute oidcValidatorCacheTTL = 15 * time.Minute
// Constants related to conditions. // Constants related to conditions.
typeClientCredentialsValid = "ClientCredentialsValid" typeClientCredentialsValid = "ClientCredentialsValid" //nolint:gosec // this is not a credential
typeOIDCDiscoverySucceeded = "OIDCDiscoverySucceeded" typeOIDCDiscoverySucceeded = "OIDCDiscoverySucceeded"
reasonUnreachable = "Unreachable" reasonUnreachable = "Unreachable"

View File

@ -1,4 +1,4 @@
// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. // Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0 // SPDX-License-Identifier: Apache-2.0
package fositestorage package fositestorage
@ -15,7 +15,7 @@ const (
ErrInvalidRequestType = constable.Error("requester must be of type fosite.Request") ErrInvalidRequestType = constable.Error("requester must be of type fosite.Request")
ErrInvalidClientType = constable.Error("requester's client must be of type clientregistry.Client") ErrInvalidClientType = constable.Error("requester's client must be of type clientregistry.Client")
ErrInvalidSessionType = constable.Error("requester's session must be of type openid.DefaultSession") ErrInvalidSessionType = constable.Error("requester's session must be of type openid.DefaultSession")
StorageRequestIDLabelName = "storage.pinniped.dev/request-id" //nolint:gosec // this is not a credential StorageRequestIDLabelName = "storage.pinniped.dev/request-id"
) )
func ValidateAndExtractAuthorizeRequest(requester fosite.Requester) (*fosite.Request, error) { func ValidateAndExtractAuthorizeRequest(requester fosite.Requester) (*fosite.Request, error) {

View File

@ -1,4 +1,4 @@
// Copyright 2021 the Pinniped contributors. All Rights Reserved. // Copyright 2021-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0 // SPDX-License-Identifier: Apache-2.0
package kubeclient package kubeclient
@ -15,7 +15,7 @@ import (
) )
// defaultServerUrlFor was copied from k8s.io/client-go/rest/url_utils.go. // defaultServerUrlFor was copied from k8s.io/client-go/rest/url_utils.go.
//nolint: golint //nolint:revive
func defaultServerUrlFor(config *restclient.Config) (*url.URL, string, error) { func defaultServerUrlFor(config *restclient.Config) (*url.URL, string, error) {
hasCA := len(config.CAFile) != 0 || len(config.CAData) != 0 hasCA := len(config.CAFile) != 0 || len(config.CAData) != 0
hasCert := len(config.CertFile) != 0 || len(config.CertData) != 0 hasCert := len(config.CertFile) != 0 || len(config.CertData) != 0

View File

@ -1,4 +1,4 @@
// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. // Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0 // SPDX-License-Identifier: Apache-2.0
package callback package callback
@ -914,7 +914,7 @@ func TestCallbackEndpoint(t *testing.T) {
require.Empty(t, rsp.Body.String()) require.Empty(t, rsp.Body.String())
} }
if test.wantRedirectLocationRegexp != "" { //nolint:nestif // don't mind have several sequential if statements in this test if test.wantRedirectLocationRegexp != "" {
require.Len(t, rsp.Header().Values("Location"), 1) require.Len(t, rsp.Header().Values("Location"), 1)
oidctestutil.RequireAuthCodeRegexpMatch( oidctestutil.RequireAuthCodeRegexpMatch(
t, t,

View File

@ -1,4 +1,4 @@
// Copyright 2021 the Pinniped contributors. All Rights Reserved. // Copyright 2021-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0 // SPDX-License-Identifier: Apache-2.0
// Package formposthtml defines HTML templates used by the Supervisor. // Package formposthtml defines HTML templates used by the Supervisor.
@ -34,7 +34,7 @@ var parsedHTMLTemplate = template.Must(template.New("form_post.gohtml").Funcs(te
"minifiedJS": func() template.JS { return template.JS(minifiedJS) }, //nolint:gosec // This is 100% static input, not attacker-controlled. "minifiedJS": func() template.JS { return template.JS(minifiedJS) }, //nolint:gosec // This is 100% static input, not attacker-controlled.
}).Parse(rawHTMLTemplate)) }).Parse(rawHTMLTemplate))
// Generate the CSP header value once since it's effectively constant: // Generate the CSP header value once since it's effectively constant.
var cspValue = strings.Join([]string{ var cspValue = strings.Join([]string{
`default-src 'none'`, `default-src 'none'`,
`script-src '` + cspHash(minifiedJS) + `'`, `script-src '` + cspHash(minifiedJS) + `'`,

View File

@ -1,4 +1,4 @@
// Copyright 2021 the Pinniped contributors. All Rights Reserved. // Copyright 2021-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0 // SPDX-License-Identifier: Apache-2.0
// Package fakekubeapi contains a *very* simple httptest.Server that can be used to stand in for // Package fakekubeapi contains a *very* simple httptest.Server that can be used to stand in for
@ -190,7 +190,7 @@ func encodeObj(w http.ResponseWriter, r *http.Request, obj runtime.Object) error
return httperr.Newf(http.StatusInternalServerError, "unable to find serialier with content-type %s", mediaType) return httperr.Newf(http.StatusInternalServerError, "unable to find serialier with content-type %s", mediaType)
} }
data, err := runtime.Encode(serializerInfo.Serializer, obj.(runtime.Object)) data, err := runtime.Encode(serializerInfo.Serializer, obj)
if err != nil { if err != nil {
return httperr.Wrap(http.StatusInternalServerError, "decode obj", err) return httperr.Wrap(http.StatusInternalServerError, "decode obj", err)
} }

View File

@ -1,6 +1,7 @@
// Copyright 2020 the Pinniped contributors. All Rights Reserved. // Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0 // SPDX-License-Identifier: Apache-2.0
//nolint:goimports // not an import
// +build go1.14 // +build go1.14
package testutil package testutil

View File

@ -1,4 +1,4 @@
// Copyright 2021 the Pinniped contributors. All Rights Reserved. // Copyright 2021-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0 // SPDX-License-Identifier: Apache-2.0
package upstreamldap package upstreamldap
@ -1489,7 +1489,7 @@ func TestRealTLSDialing(t *testing.T) {
// Indirectly checking that the Dialer method constructed the ldap.Conn with isTLS set to true, // Indirectly checking that the Dialer method constructed the ldap.Conn with isTLS set to true,
// since this is always the correct behavior unless/until we want to support StartTLS. // since this is always the correct behavior unless/until we want to support StartTLS.
err := conn.(*ldap.Conn).StartTLS(&tls.Config{}) err := conn.(*ldap.Conn).StartTLS(&tls.Config{}) //nolint:gosec // not concerned with TLS MinVersion here
require.EqualError(t, err, `LDAP Result Code 200 "Network Error": ldap: already encrypted`) require.EqualError(t, err, `LDAP Result Code 200 "Network Error": ldap: already encrypted`)
} }
}) })

View File

@ -405,6 +405,7 @@ func oidcLoginCommand(ctx context.Context, t *testing.T, pinnipedExe string, ses
env := testlib.IntegrationEnv(t) env := testlib.IntegrationEnv(t)
callbackURL, err := url.Parse(env.CLIUpstreamOIDC.CallbackURL) callbackURL, err := url.Parse(env.CLIUpstreamOIDC.CallbackURL)
require.NoError(t, err) require.NoError(t, err)
//nolint:gosec // not worried about these potentially tainted inputs
cmd := exec.CommandContext(ctx, pinnipedExe, "login", "oidc", cmd := exec.CommandContext(ctx, pinnipedExe, "login", "oidc",
"--issuer", env.CLIUpstreamOIDC.Issuer, "--issuer", env.CLIUpstreamOIDC.Issuer,
"--client-id", env.CLIUpstreamOIDC.ClientID, "--client-id", env.CLIUpstreamOIDC.ClientID,

View File

@ -2051,7 +2051,7 @@ func requireDisabledStrategy(ctx context.Context, t *testing.T, env *testlib.Tes
// There will be other strategy types in the list, so ignore those. // There will be other strategy types in the list, so ignore those.
if strategy.Type == conciergev1alpha.ImpersonationProxyStrategyType && if strategy.Type == conciergev1alpha.ImpersonationProxyStrategyType &&
strategy.Status == conciergev1alpha.ErrorStrategyStatus && strategy.Status == conciergev1alpha.ErrorStrategyStatus &&
strategy.Reason == conciergev1alpha.DisabledStrategyReason { //nolint:nestif strategy.Reason == conciergev1alpha.DisabledStrategyReason {
return true, nil // found it, continue the test! return true, nil // found it, continue the test!
} else if strategy.Type == conciergev1alpha.ImpersonationProxyStrategyType { } else if strategy.Type == conciergev1alpha.ImpersonationProxyStrategyType {
t.Logf("Waiting for disabled impersonation proxy strategy on %s: found status %s with reason %s and message: %s", t.Logf("Waiting for disabled impersonation proxy strategy on %s: found status %s with reason %s and message: %s",
@ -2214,7 +2214,6 @@ func kubectlCommand(timeout context.Context, t *testing.T, kubeconfigPath string
t.Helper() t.Helper()
allArgs := append([]string{"--kubeconfig", kubeconfigPath}, args...) allArgs := append([]string{"--kubeconfig", kubeconfigPath}, args...)
//nolint:gosec // we are not performing malicious argument injection against ourselves
kubectlCmd := exec.CommandContext(timeout, "kubectl", allArgs...) kubectlCmd := exec.CommandContext(timeout, "kubectl", allArgs...)
var stdout, stderr syncBuffer var stdout, stderr syncBuffer
kubectlCmd.Stdout = &stdout kubectlCmd.Stdout = &stdout

View File

@ -1,4 +1,4 @@
// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. // Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0 // SPDX-License-Identifier: Apache-2.0
package integration package integration
@ -278,7 +278,7 @@ func TestSupervisorTLSTerminationWithDefaultCerts_Disruptive(t *testing.T) {
} }
func defaultTLSCertSecretName(env *testlib.TestEnv) string { func defaultTLSCertSecretName(env *testlib.TestEnv) string {
return env.SupervisorAppName + "-default-tls-certificate" //nolint:gosec // this is not a hardcoded credential return env.SupervisorAppName + "-default-tls-certificate"
} }
func createTLSCertificateSecret(ctx context.Context, t *testing.T, ns string, hostname string, ips []net.IP, secretName string, kubeClient kubernetes.Interface) *certauthority.CA { func createTLSCertificateSecret(ctx context.Context, t *testing.T, ns string, hostname string, ips []net.IP, secretName string, kubeClient kubernetes.Interface) *certauthority.CA {

View File

@ -1,4 +1,4 @@
// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. // Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0 // SPDX-License-Identifier: Apache-2.0
package integration package integration
@ -41,7 +41,7 @@ func TestSupervisorHealthz(t *testing.T) {
require.NoError(t, err) require.NoError(t, err)
httpClient := &http.Client{} httpClient := &http.Client{}
response, err := httpClient.Do(requestHealthEndpoint) //nolint:bodyclose response, err := httpClient.Do(requestHealthEndpoint)
require.NoError(t, err) require.NoError(t, err)
require.Equal(t, http.StatusOK, response.StatusCode) require.Equal(t, http.StatusOK, response.StatusCode)

View File

@ -1,4 +1,4 @@
// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. // Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0 // SPDX-License-Identifier: Apache-2.0
package integration package integration
@ -999,7 +999,7 @@ func testSupervisorLogin(
// Create an HTTP client that can reach the downstream discovery endpoint using the CA certs. // Create an HTTP client that can reach the downstream discovery endpoint using the CA certs.
httpClient := &http.Client{ httpClient := &http.Client{
Transport: &http.Transport{ Transport: &http.Transport{
TLSClientConfig: &tls.Config{RootCAs: ca.Pool()}, TLSClientConfig: &tls.Config{RootCAs: ca.Pool()}, //nolint:gosec // not concerned with TLS MinVersion here
Proxy: func(req *http.Request) (*url.URL, error) { Proxy: func(req *http.Request) (*url.URL, error) {
if strings.HasPrefix(req.URL.Host, "127.0.0.1") { if strings.HasPrefix(req.URL.Host, "127.0.0.1") {
// don't proxy requests to localhost to avoid proxying calls to our local callback listener // don't proxy requests to localhost to avoid proxying calls to our local callback listener

View File

@ -1,4 +1,4 @@
// Copyright 2021 the Pinniped contributors. All Rights Reserved. // Copyright 2021-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0 // SPDX-License-Identifier: Apache-2.0
package testlib package testlib
@ -30,7 +30,7 @@ type (
} }
) )
// loopTestingT implements require.TestingT: // loopTestingT implements require.TestingT.
var _ require.TestingT = (*loopTestingT)(nil) var _ require.TestingT = (*loopTestingT)(nil)
// Errorf is called by the assert.Assertions methods to record an error. // Errorf is called by the assert.Assertions methods to record an error.

View File

@ -99,7 +99,7 @@ type TestLDAPUpstream struct {
TestUserUniqueIDAttributeName string `json:"testUserUniqueIDAttributeName"` TestUserUniqueIDAttributeName string `json:"testUserUniqueIDAttributeName"`
TestUserUniqueIDAttributeValue string `json:"testUserUniqueIDAttributeValue"` TestUserUniqueIDAttributeValue string `json:"testUserUniqueIDAttributeValue"`
TestUserDirectGroupsCNs []string `json:"testUserDirectGroupsCNs"` TestUserDirectGroupsCNs []string `json:"testUserDirectGroupsCNs"`
TestUserDirectGroupsDNs []string `json:"testUserDirectGroupsDNs"` //nolint:golint // this is "distinguished names", not "DNS" TestUserDirectGroupsDNs []string `json:"testUserDirectGroupsDNs"` //nolint:revive // this is "distinguished names", not "DNS"
TestUserSAMAccountNameValue string `json:"testUserSAMAccountNameValue"` TestUserSAMAccountNameValue string `json:"testUserSAMAccountNameValue"`
TestUserPrincipalNameValue string `json:"testUserPrincipalNameValue"` TestUserPrincipalNameValue string `json:"testUserPrincipalNameValue"`
TestUserIndirectGroupsSAMAccountNames []string `json:"TestUserIndirectGroupsSAMAccountNames"` TestUserIndirectGroupsSAMAccountNames []string `json:"TestUserIndirectGroupsSAMAccountNames"`

View File

@ -1,6 +1,7 @@
// Copyright 2020 the Pinniped contributors. All Rights Reserved. // Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0 // SPDX-License-Identifier: Apache-2.0
//nolint:goimports // not an import
// +build go1.14 // +build go1.14
package testlib package testlib