ci(test): fix helm testing and golint

Signed-off-by: Oliver Bähler <[email protected]>

Author: oliverbaehler

.golangci.yml

@@ -1,42 +1,56 @@
 linters-settings:
-  gci:
-    sections:
-      - standard
-      - default
-      - prefix(github.com/projectcapsule/capsule-proxy)
   dupl:
     threshold: 100
   goconst:
     min-len: 2
     min-occurrences: 2
   cyclop:
-    max-complexity: 17
-issues:
-  exclude-rules:
-    - path: (.+)_test.go
-      linters:
-        - revive
-      text: "^(dot-imports)"
+    max-complexity: 27
+  gocognit:
+    min-complexity: 50
+  gci:
+    sections:
+      - standard
+      - default
+      - prefix(github.com/projectcapsule/capsule-proxy)
+  gofumpt:
+    module-path: github.com/projectcapsule/capsule-proxy
+    extra-rules: false
+  inamedparam:
+    # Skips check for interface methods with only a single parameter.
+    # Default: false
+    skip-single-param: true
+  nakedret:
+    # Make an issue if func has more lines of code than this setting, and it has naked returns.
+    max-func-lines: 50
 linters:
   enable-all: true
   disable:
-    - errchkjson
-    - errname
-    - forcetypeassert
+    - err113
+    - depguard
+    - perfsprint
+    - funlen
+    - gochecknoinits
+    - lll
+    - gochecknoglobals
+    - mnd
+    - nilnil
+    - recvcheck
+    - unparam
+    - paralleltest
     - ireturn
+    - testpackage
     - varnamelen
     - wrapcheck
-    - gomnd
-    - lll
-    - nonamedreturns
-    - tparallel
-    - nilerr
     - exhaustruct
-    - depguard
-    - revive
-    - nilnil
-    - wsl
-    - perfsprint
-    - exportloopref
-    - execinquery
-    - forcetypeassert
+    - nonamedreturns
+issues:
+  exclude-files:
+    - "zz_.*\\.go$"
+    - ".+\\.generated.go"
+    - ".+_test.go"
+    - ".+_test_.+.go"
+run:
+  timeout: 3m
+  allow-parallel-runners: true
+  tests: false

Makefile

@@ -249,7 +249,7 @@ rbac-fix:
 # Run tests
 .PHONY: test
 test: test-clean generate manifests test-clean
-	@GO111MODULE=on go test -v ./... -coverprofile coverage.out
+	@GO111MODULE=on go test -v $(go list ./... | grep -v /e2e/) -coverprofile coverage.out
 
 .PHONY: test-clean
 test-clean: ## Clean tests cache

internal/controllers/role_bindings.go

@@ -75,8 +75,12 @@ func (r *RoleBindingReflector) GetUserNamespacesFromRequest(req request.Request)
 	}
 
 	for _, rb := range userRoleBindings {
-		rb := rb.(*rbacv1.RoleBinding)
-		namespaces.Insert(rb.GetNamespace())
+		rbt, ok := rb.(*rbacv1.RoleBinding)
+		if !ok {
+			return nil, fmt.Errorf("expected *rbacv1.RoleBinding but got %T", rb)
+		}
+
+		namespaces.Insert(rbt.GetNamespace())
 	}
 
 	for _, group := range groups {
@@ -86,8 +90,12 @@ func (r *RoleBindingReflector) GetUserNamespacesFromRequest(req request.Request)
 		}
 
 		for _, rb := range groupRoleBindings {
-			rb := rb.(*rbacv1.RoleBinding)
-			namespaces.Insert(rb.GetNamespace())
+			rbt, ok := rb.(*rbacv1.RoleBinding)
+			if !ok {
+				return nil, fmt.Errorf("expected *rbacv1.RoleBinding but got %T", rb)
+			}
+
+			namespaces.Insert(rbt.GetNamespace())
 		}
 	}
 
@@ -101,6 +109,7 @@ func (r *RoleBindingReflector) Start(ctx context.Context) error {
 }
 
 func OwnerRoleBindingsIndexFunc(obj interface{}) (result []string, err error) {
+	//nolint:forcetypeassert
 	rb := obj.(*rbacv1.RoleBinding)
 
 	for _, subject := range rb.Subjects {

internal/controllers/watchdog/crds_watcher.go

@@ -163,6 +163,7 @@ func (c *CRDWatcher) SetupWithManager(ctx context.Context, mgr manager.Manager)
 	return ctrl.NewControllerManagedBy(mgr).
 		WatchesRawSource(source.Channel(c.requeue, &handler.EnqueueRequestForObject{})).
 		For(&apiextensionsv1.CustomResourceDefinition{}, builder.WithPredicates(predicate.NewPredicateFuncs(func(object client.Object) bool {
+			//nolint:forcetypeassert
 			crd := object.(*apiextensionsv1.CustomResourceDefinition)
 
 			return crd.Spec.Scope == apiextensionsv1.NamespaceScoped

internal/controllers/watchdog/namespaced_watcher.go

@@ -117,11 +117,11 @@ func (c *NamespacedWatcher) SetupWithManager(mgr manager.Manager, gvk metav1.Gro
 
 				return false
 			},
-			DeleteFunc: func(e event.DeleteEvent) bool {
+			DeleteFunc: func(_ event.DeleteEvent) bool {
 				// Ignore delete events
 				return false
 			},
-			GenericFunc: func(e event.GenericEvent) bool {
+			GenericFunc: func(_ event.GenericEvent) bool {
 				// Ignore generic events
 				return false
 			},

internal/indexer/global_proxy_setting.go

@@ -29,6 +29,7 @@ func (p GlobalProxySetting) Field() string {
 
 func (p GlobalProxySetting) Func() client.IndexerFunc {
 	return func(object client.Object) (owners []string) {
+		//nolint:forcetypeassert
 		proxySetting := object.(*v1beta1.GlobalProxySettings)
 
 		for _, owner := range proxySetting.Spec.Rules {

internal/indexer/proxy_setting.go

@@ -29,6 +29,7 @@ func (p ProxySetting) Field() string {
 
 func (p ProxySetting) Func() client.IndexerFunc {
 	return func(object client.Object) (owners []string) {
+		//nolint:forcetypeassert
 		proxySetting := object.(*v1beta1.ProxySetting)
 
 		for _, owner := range proxySetting.Spec.Subjects {

internal/modules/errors/bad_request.go

@@ -10,6 +10,7 @@ import (
 	"k8s.io/apimachinery/pkg/runtime/schema"
 )
 
+//nolint:errname
 type badRequest struct {
 	message string
 	details *metav1.StatusDetails

internal/modules/ingressclass/utils.go

@@ -62,7 +62,7 @@ func getIngressClasses(request *http.Request, proxyTenants []*tenant.ProxyTenant
 		requirements = append(requirements, reqs...)
 	}
 
-	sort.SliceStable(exact, func(i, j int) bool {
+	sort.SliceStable(exact, func(i, _ int) bool {
 		return exact[i] < exact[0]
 	})
 

internal/modules/lease/get.go

@@ -67,6 +67,7 @@ func (g get) Handle(proxyTenants []*tenant.ProxyTenant, proxyRequest request.Req
 	name := mux.Vars(httpRequest)["name"]
 
 	node := &corev1.Node{}
+	//nolint:nilerr
 	if err = g.client.Get(httpRequest.Context(), types.NamespacedName{Name: name}, node); err != nil {
 		// offload failure to Kubernetes API due to missing RBAC
 		return nil, nil

internal/modules/pod/get.go

@@ -67,6 +67,7 @@ func (g get) Handle(proxyTenants []*tenant.ProxyTenant, proxyRequest request.Req
 
 	var fieldSelector labels.Selector
 
+	//nolint:nilerr
 	if fieldSelector, err = labels.Parse(rawFieldSelector[0]); err != nil {
 		// not valid labels, offloading Kubernetes to deal with the failure
 		return nil, nil

internal/modules/priorityclass/utils.go

@@ -59,7 +59,7 @@ func getPriorityClass(req *http.Request, proxyTenants []*tenant.ProxyTenant) (al
 		requirements = append(requirements, reqs...)
 	}
 
-	sort.SliceStable(exact, func(i, j int) bool {
+	sort.SliceStable(exact, func(i, _ int) bool {
 		return exact[i] < exact[0]
 	})
 

internal/modules/storageclass/utils.go

@@ -59,7 +59,7 @@ func getStorageClasses(req *http.Request, proxyTenants []*tenant.ProxyTenant) (a
 		requirements = append(requirements, reqs...)
 	}
 
-	sort.SliceStable(exact, func(i, j int) bool {
+	sort.SliceStable(exact, func(i, _ int) bool {
 		return exact[i] < exact[0]
 	})
 

internal/request/error.go

@@ -3,6 +3,7 @@
 
 package request
 
+//nolint:errname
 type ErrUnauthorized struct {
 	message string
 }

internal/webserver/errors/panic.go

@@ -26,6 +26,7 @@ func HandleUnauthorized(w http.ResponseWriter, err error, message string) {
 
 	w.Header().Set("content-type", "application/json")
 
+	//nolint:errchkjson
 	b, _ := json.Marshal(status)
 	_, _ = w.Write(b)
 
@@ -45,6 +46,7 @@ func HandleError(w http.ResponseWriter, err error, message string) {
 
 	w.Header().Set("content-type", "application/json")
 
+	//nolint:errchkjson
 	b, _ := json.Marshal(status)
 	_, _ = w.Write(b)
 

internal/webserver/middleware/jwt.go

@@ -40,6 +40,7 @@ func CheckJWTMiddleware(client client.Writer) mux.MiddlewareFunc {
 				if err = client.Create(request.Context(), &tr); err != nil {
 					errors.HandleError(writer, err, "cannot create TokenReview")
 				}
+
 				if statusErr := tr.Status.Error; len(statusErr) > 0 {
 					invalidatedToken.Insert(token)
 

internal/webserver/middleware/user_in_group.go

@@ -47,6 +47,7 @@ func CheckUserInCapsuleGroupMiddleware(client client.Writer, log logr.Logger, cl
 			if err != nil {
 				log.Error(err, "Cannot retrieve username and group from request")
 			}
+
 			log.V(10).Info("request groups", "groups", groups)
 
 			for _, group := range groups {

internal/webserver/webserver.go

@@ -300,26 +300,32 @@ func (n *kubeFilter) registerModules(ctx context.Context, root *mux.Router) {
 		)
 		sr.HandleFunc("", func(writer http.ResponseWriter, request *http.Request) {
 			proxyRequest := req.NewHTTP(request, n.authTypes, n.usernameClaimField, n.writer, n.ignoredImpersonationGroups, n.impersonationGroupsRegexp, n.skipImpersonationReview)
+
 			username, groups, err := proxyRequest.GetUserAndGroups()
 			if err != nil {
 				server.HandleError(writer, err, "cannot retrieve user and group from the request")
 			}
+
 			proxyTenants, err := n.getTenantsForOwner(ctx, username, groups)
 			if err != nil {
 				server.HandleError(writer, err, "cannot list Tenant resources")
 			}
 
 			var selector labels.Selector
 			selector, err = mod.Handle(proxyTenants, proxyRequest)
+
 			switch {
 			case err != nil:
 				var t moderrors.Error
 				if errors.As(err, &t) {
 					writer.Header().Set("Content-Type", "application/json")
+
 					b, _ := json.Marshal(t.Status())
 					_, _ = writer.Write(b)
+
 					panic(err.Error())
 				}
+
 				server.HandleError(writer, err, err.Error())
 			case selector == nil:
 				// if there's no selector, let it pass to the
@@ -336,7 +342,7 @@ func (n *kubeFilter) Start(ctx context.Context) error {
 	r := mux.NewRouter()
 	r.Use(handlers.RecoveryHandler())
 
-	r.Path("/_healthz").Subrouter().HandleFunc("", func(writer http.ResponseWriter, request *http.Request) {
+	r.Path("/_healthz").Subrouter().HandleFunc("", func(writer http.ResponseWriter, _ *http.Request) {
 		writer.WriteHeader(http.StatusOK)
 		_, _ = writer.Write([]byte("ok"))
 	})

main.go

@@ -46,7 +46,7 @@ const (
 	WebhookLabler
 )
 
-//nolint:funlen,gocyclo,cyclop,maintidx,gocognit
+//nolint:funlen,gocyclo,cyclop,maintidx
 func main() {
 	scheme := runtime.NewScheme()
 	log := ctrl.Log.WithName("main")