chore(deps): update dependency golangci/golangci-lint to v2.5.0 (#1663)

* chore(deps): update dependency golangci/golangci-lint to v2.5.0

* chore(deps): update dependency golangci/golangci-lint to v2.5.0

Signed-off-by: Hristo Hristov <me@hhristov.info>

* chore(deps): update dependency golangci/golangci-lint to v2.5.0

Signed-off-by: Hristo Hristov <me@hhristov.info>

---------

Signed-off-by: Hristo Hristov <me@hhristov.info>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Hristo Hristov <me@hhristov.info>

.golangci.yaml

@@ -5,6 +5,7 @@ run:
 linters:
   default: all
   disable:
+    - godoclint
     - depguard
     - err113
     - exhaustruct

Makefile

@@ -384,7 +384,7 @@ nwa:
 	$(call go-install-tool,$(NWA),github.com/$(NWA_LOOKUP)@$(NWA_VERSION))
 
 GOLANGCI_LINT          := $(LOCALBIN)/golangci-lint
-GOLANGCI_LINT_VERSION  := v2.4.0
+GOLANGCI_LINT_VERSION  := v2.5.0
 GOLANGCI_LINT_LOOKUP   := golangci/golangci-lint
 golangci-lint: ## Download golangci-lint locally if necessary.
 	@test -s $(GOLANGCI_LINT) && $(GOLANGCI_LINT) -h | grep -q $(GOLANGCI_LINT_VERSION) || \

api/v1beta1/owner_list.go

@@ -19,7 +19,7 @@ func (in OwnerListSpec) FindOwner(name string, kind OwnerKind) (owner OwnerSpec)
 		return in[i]
 	}
 
-	return
+	return owner
 }
 
 type ByKindAndName OwnerListSpec

api/v1beta1/tenant_types.go

@@ -78,5 +78,5 @@ func (in *Tenant) GetNamespaces() (res []string) {
 
 	res = append(res, in.Status.Namespaces...)
 
-	return
+	return res
 }

api/v1beta2/owner_list.go

@@ -19,7 +19,7 @@ func (o OwnerListSpec) FindOwner(name string, kind OwnerKind) (owner OwnerSpec)
 		return o[i]
 	}
 
-	return
+	return owner
 }
 
 type ByKindAndName OwnerListSpec

api/v1beta2/resourcepool_func.go

@@ -247,7 +247,7 @@ func (r *ResourcePool) GetNamespaceClaims(namespace string) (claims map[string]*
 		}
 	}
 
-	return
+	return claims, claimedResources
 }
 
 // Calculate usage for each namespace.
@@ -272,5 +272,5 @@ func (r *ResourcePool) GetClaimedByNamespaceClaims() (claims map[string]corev1.R
 		}
 	}
 
-	return
+	return claims
 }

api/v1beta2/tenant_func.go

@@ -93,7 +93,7 @@ func (in *Tenant) GetSubjectsByClusterRoles(ignoreOwnerKind []OwnerKind) (rolePe
 		}
 	}
 
-	return
+	return rolePerms
 }
 
 // Get the permissions for a tenant ordered by groups and users.

api/v1beta2/tenant_labels.go

@@ -28,5 +28,5 @@ func GetTypeLabel(t metav1.Object) (label string, err error) {
 		err = fmt.Errorf("type %T is not mapped as Capsule label recognized", v)
 	}
 
-	return
+	return label, err
 }

api/v1beta2/tenant_types.go

@@ -94,7 +94,7 @@ func (in *Tenant) GetNamespaces() (res []string) {
 
 	res = append(res, in.Status.Namespaces...)
 
-	return
+	return res
 }
 
 // +kubebuilder:object:root=true

controllers/config/manager.go

@@ -42,5 +42,5 @@ func (c *Manager) Reconcile(ctx context.Context, request reconcile.Request) (res
 
 	c.Log.Info("CapsuleConfiguration reconciliation finished", "request.name", request.Name)
 
-	return
+	return res, err
 }

controllers/rbac/manager.go

@@ -74,7 +74,7 @@ func (r *Manager) SetupWithManager(ctx context.Context, mgr ctrl.Manager, config
 		err = errors.Join(err, crbErr)
 	}
 
-	return
+	return err
 }
 
 // Reconcile serves both required ClusterRole and ClusterRoleBinding resources: that's ok, we're watching for multiple
@@ -99,7 +99,7 @@ func (r *Manager) Reconcile(ctx context.Context, request reconcile.Request) (res
 		}
 	}
 
-	return
+	return res, err
 }
 
 func (r *Manager) EnsureClusterRoleBindingsProvisioner(ctx context.Context) error {
@@ -168,7 +168,7 @@ func (r *Manager) EnsureClusterRole(ctx context.Context, roleName string) (err e
 		return nil
 	})
 
-	return
+	return err
 }
 
 // Start is the Runnable function triggered upon Manager start-up to perform the first RBAC reconciliation

controllers/resourcepools/claim_controller.go

@@ -61,7 +61,7 @@ func (r resourceClaimController) Reconcile(ctx context.Context, request ctrl.Req
 
 		log.Error(err, "Error reading the object")
 
-		return
+		return result, err
 	}
 
 	// Ensuring the Quota Status
@@ -291,5 +291,5 @@ func updateStatusAndEmitEvent(
 		claim.Status.Condition.Message,
 	)
 
-	return
+	return err
 }

controllers/resourcepools/pool_controller.go

@@ -85,7 +85,7 @@ func (r resourcePoolController) Reconcile(ctx context.Context, request ctrl.Requ
 
 		log.Error(err, "Error reading the object")
 
-		return
+		return result, err
 	}
 
 	// ResourceQuota Reconciliation
@@ -298,7 +298,7 @@ func (r *resourcePoolController) canClaimWithinNamespace(
 		}
 	}
 
-	return
+	return res
 }
 
 // Handles exhaustions when a exhaustion was already declared in the given map.
@@ -336,7 +336,7 @@ func (r *resourcePoolController) handleClaimOrderedExhaustion(
 		return queued, updateStatusAndEmitEvent(ctx, r.Client, r.recorder, claim, cond)
 	}
 
-	return
+	return queued, err
 }
 
 func (r *resourcePoolController) handleClaimResourceExhaustion(
@@ -399,12 +399,12 @@ func (r *resourcePoolController) handleClaimToPoolBinding(
 	cond.Message = "Claimed resources"
 
 	if err = updateStatusAndEmitEvent(ctx, r.Client, r.recorder, claim, cond); err != nil {
-		return
+		return err
 	}
 
 	pool.AddClaimToStatus(claim)
 
-	return
+	return err
 }
 
 // Attempts to garbage collect a ResourceQuota resource.
@@ -571,7 +571,7 @@ func (r *resourcePoolController) gatherMatchingNamespaces(
 	seenNamespaces := make(map[string]struct{})
 
 	if !pool.DeletionTimestamp.IsZero() {
-		return
+		return namespaces, err
 	}
 
 	for _, selector := range pool.Spec.Selectors {
@@ -597,7 +597,7 @@ func (r *resourcePoolController) gatherMatchingNamespaces(
 		}
 	}
 
-	return
+	return namespaces, err
 }
 
 // Get Currently selected claims for the resourcepool.

controllers/tenant/manager.go

@@ -43,7 +43,6 @@ func (r *Manager) SetupWithManager(mgr ctrl.Manager) error {
 		Complete(r)
 }
 
-//nolint:nakedret
 func (r Manager) Reconcile(ctx context.Context, request ctrl.Request) (result ctrl.Result, err error) {
 	r.Log = r.Log.WithValues("Request.Name", request.Name)
 	// Fetch the Tenant instance
@@ -60,7 +59,7 @@ func (r Manager) Reconcile(ctx context.Context, request ctrl.Request) (result ct
 
 		r.Log.Error(err, "Error reading the object")
 
-		return
+		return result, err
 	}
 
 	preRecNamespaces := instance.Status.Namespaces
@@ -69,13 +68,13 @@ func (r Manager) Reconcile(ctx context.Context, request ctrl.Request) (result ct
 	if err = r.updateTenantStatus(ctx, instance); err != nil {
 		r.Log.Error(err, "Cannot update Tenant status")
 
-		return
+		return result, err
 	}
 	// Ensuring Metadata
 	if err = r.ensureMetadata(ctx, instance); err != nil {
 		r.Log.Error(err, "Cannot ensure metadata")
 
-		return
+		return result, err
 	}
 
 	// Ensuring ResourceQuota
@@ -84,7 +83,7 @@ func (r Manager) Reconcile(ctx context.Context, request ctrl.Request) (result ct
 	if err = r.syncCustomResourceQuotaUsages(ctx, instance); err != nil {
 		r.Log.Error(err, "Cannot count limited resources")
 
-		return
+		return result, err
 	}
 	// Ensuring all namespaces are collected
 	r.Log.Info("Ensuring all Namespaces are collected")
@@ -92,7 +91,7 @@ func (r Manager) Reconcile(ctx context.Context, request ctrl.Request) (result ct
 	if err = r.collectNamespaces(ctx, instance); err != nil {
 		r.Log.Error(err, "Cannot collect Namespace resources")
 
-		return
+		return result, err
 	}
 	// Ensuring Status metrics are exposed
 	r.Log.Info("Ensuring all status metrics are exposed")
@@ -104,7 +103,7 @@ func (r Manager) Reconcile(ctx context.Context, request ctrl.Request) (result ct
 	if err = r.syncNamespaces(ctx, instance); err != nil {
 		r.Log.Error(err, "Cannot sync Namespace items")
 
-		return
+		return result, err
 	}
 	// Ensuring NetworkPolicy resources
 	r.Log.Info("Starting processing of Network Policies")
@@ -112,7 +111,7 @@ func (r Manager) Reconcile(ctx context.Context, request ctrl.Request) (result ct
 	if err = r.syncNetworkPolicies(ctx, instance); err != nil {
 		r.Log.Error(err, "Cannot sync NetworkPolicy items")
 
-		return
+		return result, err
 	}
 	// Ensuring LimitRange resources
 	r.Log.Info("Starting processing of Limit Ranges", "items", len(instance.Spec.LimitRanges.Items))
@@ -120,7 +119,7 @@ func (r Manager) Reconcile(ctx context.Context, request ctrl.Request) (result ct
 	if err = r.syncLimitRanges(ctx, instance); err != nil {
 		r.Log.Error(err, "Cannot sync LimitRange items")
 
-		return
+		return result, err
 	}
 	// Ensuring ResourceQuota resources
 	r.Log.Info("Starting processing of Resource Quotas", "items", len(instance.Spec.ResourceQuota.Items))
@@ -128,7 +127,7 @@ func (r Manager) Reconcile(ctx context.Context, request ctrl.Request) (result ct
 	if err = r.syncResourceQuotas(ctx, instance); err != nil {
 		r.Log.Error(err, "Cannot sync ResourceQuota items")
 
-		return
+		return result, err
 	}
 	// Ensuring RoleBinding resources
 	r.Log.Info("Ensuring RoleBindings for Owners and Tenant")
@@ -136,7 +135,7 @@ func (r Manager) Reconcile(ctx context.Context, request ctrl.Request) (result ct
 	if err = r.syncRoleBindings(ctx, instance); err != nil {
 		r.Log.Error(err, "Cannot sync RoleBindings items")
 
-		return
+		return result, err
 	}
 	// Ensuring Namespace count
 	r.Log.Info("Ensuring Namespace count")
@@ -144,7 +143,7 @@ func (r Manager) Reconcile(ctx context.Context, request ctrl.Request) (result ct
 	if err = r.ensureNamespaceCount(ctx, instance); err != nil {
 		r.Log.Error(err, "Cannot sync Namespace count")
 
-		return
+		return result, err
 	}
 
 	r.Log.Info("Tenant reconciling completed")

controllers/tenant/namespaces.go

@@ -41,7 +41,7 @@ func (r *Manager) syncNamespaces(ctx context.Context, tenant *capsulev1beta2.Ten
 		err = fmt.Errorf("cannot sync Namespaces: %w", err)
 	}
 
-	return
+	return err
 }
 
 func (r *Manager) syncNamespaceMetadata(ctx context.Context, namespace string, tnt *capsulev1beta2.Tenant) (err error) {
@@ -170,7 +170,7 @@ func (r *Manager) collectNamespaces(ctx context.Context, tenant *capsulev1beta2.
 			Selector: fields.OneTermEqualSelector(".metadata.ownerReferences[*].capsule", tenant.GetName()),
 		})
 		if err != nil {
-			return
+			return err
 		}
 
 		_, err = controllerutil.CreateOrUpdate(ctx, r.Client, tenant.DeepCopy(), func() error {
@@ -179,7 +179,7 @@ func (r *Manager) collectNamespaces(ctx context.Context, tenant *capsulev1beta2.
 			return r.Client.Status().Update(ctx, tenant, &client.SubResourceUpdateOptions{})
 		})
 
-		return
+		return err
 	})
 }
 

controllers/tenant/resourcequotas.go

@@ -39,7 +39,6 @@ import (
 //
 // In case of Namespace-scoped Resource Budget, we're just replicating the resources across all registered Namespaces.
 
-//nolint:nakedret
 func (r *Manager) syncResourceQuotas(ctx context.Context, tenant *capsulev1beta2.Tenant) (err error) { //nolint:gocognit
 	// getting ResourceQuota labels for the mutateFn
 	var tenantLabel, typeLabel string
@@ -175,16 +174,16 @@ func (r *Manager) syncResourceQuotas(ctx context.Context, tenant *capsulev1beta2
 					if scopeErr = r.resourceQuotasUpdate(ctx, name, quantity, toKeep, resourceQuota.Hard[name], list.Items...); scopeErr != nil {
 						r.Log.Error(scopeErr, "cannot proceed with outer ResourceQuota")
 
-						return
+						return scopeErr
 					}
 				}
 
-				return
+				return scopeErr
 			})
 		}
 		// Waiting the update of all ResourceQuotas
 		if err = group.Wait(); err != nil {
-			return
+			return err
 		}
 	}
 	// getting requested ResourceQuota keys
@@ -207,7 +206,6 @@ func (r *Manager) syncResourceQuotas(ctx context.Context, tenant *capsulev1beta2
 	return group.Wait()
 }
 
-//nolint:nakedret
 func (r *Manager) syncResourceQuota(ctx context.Context, tenant *capsulev1beta2.Tenant, namespace string, keys []string) (err error) {
 	// getting ResourceQuota labels for the mutateFn
 	var tenantLabel, typeLabel string
@@ -264,7 +262,7 @@ func (r *Manager) syncResourceQuota(ctx context.Context, tenant *capsulev1beta2.
 		r.Log.Info("Resource Quota sync result: "+string(res), "name", target.Name, "namespace", target.Namespace)
 
 		if err != nil {
-			return
+			return err
 		}
 	}
 
@@ -295,7 +293,7 @@ func (r *Manager) resourceQuotasUpdate(ctx context.Context, resourceName corev1.
 		group.Go(func() (err error) {
 			found := &corev1.ResourceQuota{}
 			if err = r.Get(ctx, types.NamespacedName{Namespace: rq.Namespace, Name: rq.Name}, found); err != nil {
-				return
+				return err
 			}
 
 			return retry.RetryOnConflict(retry.DefaultBackoff, func() (retryErr error) {

controllers/tenant/resourcequotas_quota.go

@@ -71,7 +71,7 @@ func (r *Manager) syncCustomResourceQuotaUsages(ctx context.Context, tenant *cap
 			err := retry.RetryOnConflict(retry.DefaultBackoff, func() (retryErr error) {
 				tnt := &capsulev1beta2.Tenant{}
 				if retryErr = r.Get(ctx, types.NamespacedName{Name: tenant.GetName()}, tnt); retryErr != nil {
-					return
+					return retryErr
 				}
 
 				if tnt.GetAnnotations() == nil {
@@ -123,7 +123,7 @@ func (r *Manager) syncCustomResourceQuotaUsages(ctx context.Context, tenant *cap
 				usedMap[key] += used
 			}
 
-			return
+			return scopeErr
 		})
 	}
 

controllers/tenant/rolebindings.go

@@ -91,20 +91,19 @@ func (r *Manager) syncRoleBindings(ctx context.Context, tenant *capsulev1beta2.T
 	return group.Wait()
 }
 
-//nolint:nakedret
 func (r *Manager) syncAdditionalRoleBinding(ctx context.Context, tenant *capsulev1beta2.Tenant, ns string, keys []string, hashFn func(binding api.AdditionalRoleBindingsSpec) string) (err error) {
 	var tenantLabel, roleBindingLabel string
 
 	if tenantLabel, err = utils.GetTypeLabel(&capsulev1beta2.Tenant{}); err != nil {
-		return
+		return err
 	}
 
 	if roleBindingLabel, err = utils.GetTypeLabel(&rbacv1.RoleBinding{}); err != nil {
-		return
+		return err
 	}
 
 	if err = r.pruningResources(ctx, ns, keys, &rbacv1.RoleBinding{}); err != nil {
-		return
+		return err
 	}
 
 	var roleBindings []api.AdditionalRoleBindingsSpec
@@ -155,7 +154,7 @@ func (r *Manager) syncAdditionalRoleBinding(ctx context.Context, tenant *capsule
 		r.Log.Info(fmt.Sprintf("RoleBinding sync result: %s", string(res)), "name", target.Name, "namespace", target.Namespace)
 
 		if err != nil {
-			return
+			return err
 		}
 	}
 

controllers/tenant/utils.go

@@ -23,7 +23,7 @@ func (r *Manager) pruningResources(ctx context.Context, ns string, keys []string
 	var capsuleLabel string
 
 	if capsuleLabel, err = capsulev1beta2.GetTypeLabel(obj); err != nil {
-		return
+		return err
 	}
 
 	selector := labels.NewSelector()
@@ -31,7 +31,7 @@ func (r *Manager) pruningResources(ctx context.Context, ns string, keys []string
 	var exists *labels.Requirement
 
 	if exists, err = labels.NewRequirement(capsuleLabel, selection.Exists, []string{}); err != nil {
-		return
+		return err
 	}
 
 	selector = selector.Add(*exists)

pkg/api/allowed_list.go

@@ -79,7 +79,7 @@ func (in *AllowedListSpec) ExactMatch(value string) (ok bool) {
 		ok = i < len(in.Exact) && in.Exact[i] == value
 	}
 
-	return
+	return ok
 }
 
 func (in *AllowedListSpec) RegexMatch(value string) (ok bool) {
@@ -87,7 +87,7 @@ func (in *AllowedListSpec) RegexMatch(value string) (ok bool) {
 		ok = regexp.MustCompile(in.Regex).MatchString(value)
 	}
 
-	return
+	return ok
 }
 
 // +kubebuilder:object:generate=true

pkg/api/forbidden_list.go

@@ -35,7 +35,7 @@ func (in ForbiddenListSpec) ExactMatch(value string) (ok bool) {
 		ok = i < len(in.Exact) && in.Exact[i] == value
 	}
 
-	return
+	return ok
 }
 
 func (in ForbiddenListSpec) RegexMatch(value string) (ok bool) {
@@ -43,7 +43,7 @@ func (in ForbiddenListSpec) RegexMatch(value string) (ok bool) {
 		ok = regexp.MustCompile(in.Regex).MatchString(value)
 	}
 
-	return
+	return ok
 }
 
 type ForbiddenError struct {
@@ -76,7 +76,7 @@ func (f *ForbiddenError) appendForbiddenError() (append string) {
 		append += fmt.Sprintf("matching the regex %s", f.spec.Regex)
 	}
 
-	return
+	return append
 }
 
 func ValidateForbidden(metadata map[string]string, forbiddenList ForbiddenListSpec) error {

pkg/cert/ca.go

@@ -46,7 +46,7 @@ func (c CapsuleCA) CACertificatePem() (b *bytes.Buffer, err error) {
 
 	crtBytes, err = x509.CreateCertificate(rand.Reader, c.certificate, c.certificate, &c.key.PublicKey, c.key)
 	if err != nil {
-		return
+		return b, err
 	}
 
 	b = new(bytes.Buffer)
@@ -111,7 +111,7 @@ func GenerateCertificateAuthority() (s *CapsuleCA, err error) {
 		return nil, err
 	}
 
-	return
+	return s, err
 }
 
 func GetCertificateFromBytes(certBytes []byte) (*x509.Certificate, error) {
@@ -144,7 +144,6 @@ func GetCertificateWithPrivateKeyFromBytes(certBytes, keyBytes []byte) (*x509.Ce
 	return cert, key, nil
 }
 
-//nolint:nakedret
 func (c *CapsuleCA) GenerateCertificate(opts CertificateOptions) (certificatePem *bytes.Buffer, certificateKey *bytes.Buffer, err error) {
 	var certPrivKey *rsa.PrivateKey
 
@@ -185,7 +184,7 @@ func (c *CapsuleCA) GenerateCertificate(opts CertificateOptions) (certificatePem
 		Bytes: certBytes,
 	})
 	if err != nil {
-		return
+		return certificatePem, certificateKey, err
 	}
 
 	certificateKey = new(bytes.Buffer)
@@ -195,8 +194,8 @@ func (c *CapsuleCA) GenerateCertificate(opts CertificateOptions) (certificatePem
 		Bytes: x509.MarshalPKCS1PrivateKey(certPrivKey),
 	})
 	if err != nil {
-		return
+		return certificatePem, certificateKey, err
 	}
 
-	return
+	return certificatePem, certificateKey, err
 }

pkg/configuration/client.go

@@ -36,6 +36,7 @@ func NewCapsuleConfiguration(ctx context.Context, client client.Client, name str
 					},
 				}
 			}
+
 			panic(errors.Wrap(err, "Cannot retrieve Capsule configuration with name "+name))
 		}
 

pkg/indexer/ingress/hostname_path.go

@@ -50,6 +50,6 @@ func (s HostnamePath) Func() client.IndexerFunc {
 			}
 		}
 
-		return
+		return entries
 	}
 }

pkg/utils/owner.go

@@ -14,5 +14,5 @@ func GetOwnersWithKinds(tenant *capsulev1beta2.Tenant) (owners []string) {
 		owners = append(owners, fmt.Sprintf("%s:%s", owner.Kind.String(), owner.Name))
 	}
 
-	return
+	return owners
 }

pkg/utils/tenant_labels.go

@@ -37,5 +37,5 @@ func GetTypeLabel(t runtime.Object) (label string, err error) {
 		err = fmt.Errorf("type %T is not mapped as Capsule label recognized", v)
 	}
 
-	return
+	return label, err
 }

pkg/utils/user_group.go

@@ -30,5 +30,5 @@ func (u userGroupList) Find(needle string) (found bool) {
 
 	found = i < len(u) && u[i] == needle
 
-	return
+	return found
 }

pkg/webhook/ingress/errors.go

@@ -112,5 +112,5 @@ func appendHostnameError(spec api.AllowedListSpec) (append string) {
 		append += fmt.Sprintf(", or matching the regex %s", spec.Regex)
 	}
 
-	return
+	return append
 }

pkg/webhook/ingress/types.go

@@ -43,7 +43,7 @@ func (n NetworkingV1) IngressClass() (res *string) {
 		}
 	}
 
-	return
+	return res
 }
 
 func (n NetworkingV1) SetIngressClass(ingressClassName string) {
@@ -113,7 +113,7 @@ func (n NetworkingV1Beta1) IngressClass() (res *string) {
 		}
 	}
 
-	return
+	return res
 }
 
 func (n NetworkingV1Beta1) SetIngressClass(ingressClassName string) {
@@ -187,7 +187,7 @@ func (e Extension) IngressClass() (res *string) {
 		}
 	}
 
-	return
+	return res
 }
 
 func (e Extension) SetIngressClass(ingressClassName string) {
@@ -252,5 +252,5 @@ func (h HostnamesList) IsStringInList(value string) (ok bool) {
 	i := sort.SearchStrings(h, value)
 	ok = i < h.Len() && h[i] == value
 
-	return
+	return ok
 }

pkg/webhook/ingress/utils.go

@@ -38,7 +38,7 @@ func FromRequest(req admission.Request, decoder admission.Decoder) (ingress Ingr
 		if req.Kind.Version == "v1" {
 			ingressObj := &networkingv1.Ingress{}
 			if err = decoder.Decode(req, ingressObj); err != nil {
-				return
+				return ingress, err
 			}
 
 			ingress = NetworkingV1{Ingress: ingressObj}
@@ -48,14 +48,14 @@ func FromRequest(req admission.Request, decoder admission.Decoder) (ingress Ingr
 
 		ingressObj := &networkingv1beta1.Ingress{}
 		if err = decoder.Decode(req, ingressObj); err != nil {
-			return
+			return ingress, err
 		}
 
 		ingress = NetworkingV1Beta1{Ingress: ingressObj}
 	case "extensions":
 		ingressObj := &extensionsv1beta1.Ingress{}
 		if err = decoder.Decode(req, ingressObj); err != nil {
-			return
+			return ingress, err
 		}
 
 		ingress = Extension{Ingress: ingressObj}
@@ -63,5 +63,5 @@ func FromRequest(req admission.Request, decoder admission.Decoder) (ingress Ingr
 		err = fmt.Errorf("cannot recognize type %s", req.Kind.Group)
 	}
 
-	return
+	return ingress, err
 }

pkg/webhook/namespace/mutation/utils.go

@@ -227,7 +227,7 @@ func resolveServiceAccountActor(
 ) (tnt *capsulev1beta2.Tenant, err error) {
 	parts := strings.Split(userInfo.Username, ":")
 	if len(parts) != 4 {
-		return
+		return tnt, err
 	}
 
 	namespace, saName := parts[2], parts[3]
@@ -235,28 +235,28 @@ func resolveServiceAccountActor(
 	sa := &corev1.ServiceAccount{}
 	if err = clt.Get(ctx, client.ObjectKey{Namespace: namespace, Name: saName}, sa); err != nil {
 		if apierrors.IsNotFound(err) {
-			return
+			return tnt, err
 		}
 
-		return
+		return tnt, err
 	}
 
 	if meta.OwnerPromotionLabelTriggers(ns) {
-		return
+		return tnt, err
 	}
 
 	tntList := &capsulev1beta2.TenantList{}
 	if err = clt.List(ctx, tntList, client.MatchingFieldsSelector{
 		Selector: fields.OneTermEqualSelector(".status.namespaces", namespace),
 	}); err != nil {
-		return
+		return tnt, err
 	}
 
 	if len(tntList.Items) > 0 {
 		tnt = &tntList.Items[0]
 	}
 
-	return
+	return tnt, err
 }
 
 func validateNamespacePrefix(ns *corev1.Namespace, tenant *capsulev1beta2.Tenant) bool {

pkg/webhook/networkpolicy/validating.go

@@ -73,7 +73,7 @@ func (r *handler) handle(ctx context.Context, req admission.Request, client clie
 
 	objectLabel, err := capsuleutils.GetTypeLabel(&networkingv1.NetworkPolicy{})
 	if err != nil {
-		return
+		return allowed, err
 	}
 
 	labels := np.GetLabels()
@@ -81,5 +81,5 @@ func (r *handler) handle(ctx context.Context, req admission.Request, client clie
 		allowed = false
 	}
 
-	return
+	return allowed, err
 }

pkg/webhook/node/errors.go

@@ -24,7 +24,7 @@ func appendForbiddenError(spec *capsulev1beta2.ForbiddenListSpec) (append string
 		append += fmt.Sprintf("matching the regex %s", spec.Regex)
 	}
 
-	return
+	return append
 }
 
 type nodeLabelForbiddenError struct {

pkg/webhook/pod/containerregistry_errors.go

@@ -49,5 +49,5 @@ func (f registryClassForbiddenError) Error() (err string) {
 
 	err += strings.Join(extra, " or ")
 
-	return
+	return err
 }

pkg/webhook/tenant/custom_resource_quota.go

@@ -102,15 +102,15 @@ func (r *resourceCounterHandler) OnDelete(clt client.Client, _ admission.Decoder
 		err = retry.RetryOnConflict(retry.DefaultRetry, func() (retryErr error) {
 			tnt := &capsulev1beta2.Tenant{}
 			if retryErr = clt.Get(ctx, types.NamespacedName{Name: tntName}, tnt); err != nil {
-				return
+				return retryErr
 			}
 
 			if tnt.Annotations == nil {
-				return
+				return retryErr
 			}
 
 			if _, ok := tnt.Annotations[capsulev1beta2.UsedAnnotationForResource(kgv)]; !ok {
-				return
+				return retryErr
 			}
 
 			used, _ := capsulev1beta2.GetUsedResourceFromTenant(*tnt, kgv)