From eb121a91f2c164b75ff84dddfc3aa74758337df3 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 30 Jun 2025 13:41:40 +0300 Subject: [PATCH] chore(deps): update dependency golangci/golangci-lint to v2.2.1 (#1521) * chore(deps): update dependency golangci/golangci-lint to v2.2.1 * chore(deps): update github/codeql-action action to v3.29.1 (#1519) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update github/codeql-action digest to 4c57370 (#1518) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update dependency b1nary-gr0up/nwa to v0.7.4 (#1520) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update dependency golangci/golangci-lint to v2.2.1 chore(deps): update dependency golangci/golangci-lint to v2.2.1 Signed-off-by: Hristo Hristov --------- Signed-off-by: Hristo Hristov Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Hristo Hristov --- .golangci.yaml | 2 ++ Makefile | 2 +- api/v1beta1/tenant_types.go | 3 ++- api/v1beta2/capsuleconfiguration_types.go | 3 ++- api/v1beta2/resourcepool_status.go | 1 + api/v1beta2/resourcepool_types.go | 3 ++- api/v1beta2/resourcepoolclaim_types.go | 3 ++- api/v1beta2/tenant_types.go | 3 ++- api/v1beta2/tenantresource_global.go | 8 +++++--- api/v1beta2/tenantresource_namespaced.go | 3 ++- api/v1beta2/tenantresource_types.go | 2 ++ api/v1beta2/zz_generated.deepcopy.go | 2 +- controllers/pod/metadata.go | 2 +- controllers/rbac/manager.go | 1 - controllers/resourcepools/claim_controller.go | 1 + controllers/resourcepools/pool_controller.go | 2 +- controllers/resources/processor.go | 1 + controllers/servicelabels/abstract.go | 2 +- controllers/tenant/limitranges.go | 1 + controllers/tenant/manager.go | 1 + controllers/tenant/networkpolicies.go | 1 + controllers/tenant/rolebindings.go | 1 + controllers/tls/manager.go | 1 + pkg/api/allowed_list.go | 6 ++++-- pkg/api/forbidden_list.go | 1 + pkg/api/status.go | 9 ++++----- pkg/webhook/ingress/validate_collision.go | 1 - pkg/webhook/ingress/validate_hostnames.go | 1 - pkg/webhook/node/user_metadata.go | 2 ++ pkg/webhook/tenant/custom_resource_quota.go | 2 -- 30 files changed, 45 insertions(+), 26 deletions(-) diff --git a/.golangci.yaml b/.golangci.yaml index 9ec935ee..1c29dba5 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -23,6 +23,8 @@ linters: - unparam - varnamelen - wrapcheck + - noinlineerr + - revive settings: cyclop: max-complexity: 27 diff --git a/Makefile b/Makefile index 2b0401e4..8dc2741a 100644 --- a/Makefile +++ b/Makefile @@ -383,7 +383,7 @@ nwa: $(call go-install-tool,$(NWA),github.com/$(NWA_LOOKUP)@$(NWA_VERSION)) GOLANGCI_LINT := $(LOCALBIN)/golangci-lint -GOLANGCI_LINT_VERSION := v2.1.6 +GOLANGCI_LINT_VERSION := v2.2.1 GOLANGCI_LINT_LOOKUP := golangci/golangci-lint golangci-lint: ## Download golangci-lint locally if necessary. @test -s $(GOLANGCI_LINT) && $(GOLANGCI_LINT) -h | grep -q $(GOLANGCI_LINT_VERSION) || \ diff --git a/api/v1beta1/tenant_types.go b/api/v1beta1/tenant_types.go index 86a939b5..1cf0e481 100644 --- a/api/v1beta1/tenant_types.go +++ b/api/v1beta1/tenant_types.go @@ -65,7 +65,8 @@ func (in *Tenant) Hub() {} type TenantList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` - Items []Tenant `json:"items"` + + Items []Tenant `json:"items"` } func init() { diff --git a/api/v1beta2/capsuleconfiguration_types.go b/api/v1beta2/capsuleconfiguration_types.go index 9f1f2e3d..f425def2 100644 --- a/api/v1beta2/capsuleconfiguration_types.go +++ b/api/v1beta2/capsuleconfiguration_types.go @@ -71,7 +71,8 @@ type CapsuleConfiguration struct { type CapsuleConfigurationList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` - Items []CapsuleConfiguration `json:"items"` + + Items []CapsuleConfiguration `json:"items"` } func init() { diff --git a/api/v1beta2/resourcepool_status.go b/api/v1beta2/resourcepool_status.go index 5442e0f6..f093ee5f 100644 --- a/api/v1beta2/resourcepool_status.go +++ b/api/v1beta2/resourcepool_status.go @@ -59,6 +59,7 @@ func (r *ResourcePoolClaimsList) GetClaimByUID(uid types.UID) *ResourcePoolClaim type ResourcePoolClaimsItem struct { // Reference to the GlobalQuota being claimed from api.StatusNameUID `json:",inline"` + // Claimed resources Claims corev1.ResourceList `json:"claims,omitempty"` } diff --git a/api/v1beta2/resourcepool_types.go b/api/v1beta2/resourcepool_types.go index c411aee9..554c841b 100644 --- a/api/v1beta2/resourcepool_types.go +++ b/api/v1beta2/resourcepool_types.go @@ -68,7 +68,8 @@ type ResourcePool struct { type ResourcePoolList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` - Items []ResourcePool `json:"items"` + + Items []ResourcePool `json:"items"` } func init() { diff --git a/api/v1beta2/resourcepoolclaim_types.go b/api/v1beta2/resourcepoolclaim_types.go index afe6ce98..85a096f2 100644 --- a/api/v1beta2/resourcepoolclaim_types.go +++ b/api/v1beta2/resourcepoolclaim_types.go @@ -50,7 +50,8 @@ type ResourcePoolClaim struct { type ResourcePoolClaimList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` - Items []ResourcePoolClaim `json:"items"` + + Items []ResourcePoolClaim `json:"items"` } func init() { diff --git a/api/v1beta2/tenant_types.go b/api/v1beta2/tenant_types.go index bfc95597..dae975ef 100644 --- a/api/v1beta2/tenant_types.go +++ b/api/v1beta2/tenant_types.go @@ -102,7 +102,8 @@ func (in *Tenant) GetNamespaces() (res []string) { type TenantList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` - Items []Tenant `json:"items"` + + Items []Tenant `json:"items"` } func init() { diff --git a/api/v1beta2/tenantresource_global.go b/api/v1beta2/tenantresource_global.go index 2b7f724a..163a9d75 100644 --- a/api/v1beta2/tenantresource_global.go +++ b/api/v1beta2/tenantresource_global.go @@ -10,9 +10,10 @@ import ( // GlobalTenantResourceSpec defines the desired state of GlobalTenantResource. type GlobalTenantResourceSpec struct { - // Defines the Tenant selector used target the tenants on which resources must be propagated. - TenantSelector metav1.LabelSelector `json:"tenantSelector,omitempty"` TenantResourceSpec `json:",inline"` + + // Defines the Tenant selector used target the tenants on which resources must be propagated. + TenantSelector metav1.LabelSelector `json:"tenantSelector,omitempty"` } // GlobalTenantResourceStatus defines the observed state of GlobalTenantResource. @@ -54,7 +55,8 @@ type GlobalTenantResource struct { type GlobalTenantResourceList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` - Items []GlobalTenantResource `json:"items"` + + Items []GlobalTenantResource `json:"items"` } func init() { diff --git a/api/v1beta2/tenantresource_namespaced.go b/api/v1beta2/tenantresource_namespaced.go index 027da759..e3a22858 100644 --- a/api/v1beta2/tenantresource_namespaced.go +++ b/api/v1beta2/tenantresource_namespaced.go @@ -69,7 +69,8 @@ type TenantResource struct { type TenantResourceList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` - Items []TenantResource `json:"items"` + + Items []TenantResource `json:"items"` } func init() { diff --git a/api/v1beta2/tenantresource_types.go b/api/v1beta2/tenantresource_types.go index e5cedd36..8803c1ec 100644 --- a/api/v1beta2/tenantresource_types.go +++ b/api/v1beta2/tenantresource_types.go @@ -23,6 +23,7 @@ type ObjectReferenceAbstract struct { type ObjectReferenceStatus struct { ObjectReferenceAbstract `json:",inline"` + // Name of the referent. // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names Name string `json:"name"` @@ -30,6 +31,7 @@ type ObjectReferenceStatus struct { type ObjectReference struct { ObjectReferenceAbstract `json:",inline"` + // Label selector used to select the given resources in the given Namespace. Selector metav1.LabelSelector `json:"selector"` } diff --git a/api/v1beta2/zz_generated.deepcopy.go b/api/v1beta2/zz_generated.deepcopy.go index 44c9dd6b..076cc316 100644 --- a/api/v1beta2/zz_generated.deepcopy.go +++ b/api/v1beta2/zz_generated.deepcopy.go @@ -237,8 +237,8 @@ func (in *GlobalTenantResourceList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *GlobalTenantResourceSpec) DeepCopyInto(out *GlobalTenantResourceSpec) { *out = *in - in.TenantSelector.DeepCopyInto(&out.TenantSelector) in.TenantResourceSpec.DeepCopyInto(&out.TenantResourceSpec) + in.TenantSelector.DeepCopyInto(&out.TenantSelector) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GlobalTenantResourceSpec. diff --git a/controllers/pod/metadata.go b/controllers/pod/metadata.go index 5822b019..ae46a728 100644 --- a/controllers/pod/metadata.go +++ b/controllers/pod/metadata.go @@ -42,8 +42,8 @@ func (m *MetadataReconciler) Reconcile(ctx context.Context, request ctrl.Request tenant, err := m.getTenant(ctx, request.NamespacedName, m.Client) if err != nil { noTenantObjError := &NonTenantObjectError{} - noPodMetaError := &NoPodMetadataError{} + noPodMetaError := &NoPodMetadataError{} if errors.As(err, &noTenantObjError) || errors.As(err, &noPodMetaError) { return reconcile.Result{}, nil } diff --git a/controllers/rbac/manager.go b/controllers/rbac/manager.go index 79fb9223..e0788be7 100644 --- a/controllers/rbac/manager.go +++ b/controllers/rbac/manager.go @@ -53,7 +53,6 @@ func (r *Manager) SetupWithManager(ctx context.Context, mgr ctrl.Manager, config } }, }).Complete(r) - if crbErr != nil { err = errors.Join(err, crbErr) } diff --git a/controllers/resourcepools/claim_controller.go b/controllers/resourcepools/claim_controller.go index 2b05b4ff..0e23b20e 100644 --- a/controllers/resourcepools/claim_controller.go +++ b/controllers/resourcepools/claim_controller.go @@ -29,6 +29,7 @@ import ( type resourceClaimController struct { client.Client + metrics *metrics.ClaimRecorder log logr.Logger recorder record.EventRecorder diff --git a/controllers/resourcepools/pool_controller.go b/controllers/resourcepools/pool_controller.go index 248778c7..62684bc7 100644 --- a/controllers/resourcepools/pool_controller.go +++ b/controllers/resourcepools/pool_controller.go @@ -33,6 +33,7 @@ import ( type resourcePoolController struct { client.Client + metrics *metrics.ResourcePoolRecorder log logr.Logger recorder record.EventRecorder @@ -103,7 +104,6 @@ func (r resourcePoolController) Reconcile(ctx context.Context, request ctrl.Requ return r.Client.Status().Update(ctx, current) }) - if reconcileErr != nil || err != nil { log.V(3).Info("Failed to reconcile ResourcePool", "error", err) diff --git a/controllers/resources/processor.go b/controllers/resources/processor.go index 538a72df..1a93622c 100644 --- a/controllers/resources/processor.go +++ b/controllers/resources/processor.go @@ -202,6 +202,7 @@ func (r *Processor) HandleSection(ctx context.Context, tnt capsulev1beta2.Tenant if opErr := r.createOrUpdate(ctx, &obj, objLabels, objAnnotations); opErr != nil { log.Error(opErr, "unable to sync namespacedItems", kv...) + errorsChan <- opErr return diff --git a/controllers/servicelabels/abstract.go b/controllers/servicelabels/abstract.go index 427bf954..b7a683d7 100644 --- a/controllers/servicelabels/abstract.go +++ b/controllers/servicelabels/abstract.go @@ -34,8 +34,8 @@ func (r *abstractServiceLabelsReconciler) Reconcile(ctx context.Context, request tenant, err := r.getTenant(ctx, request.NamespacedName, r.client) if err != nil { noTenantObjError := &NonTenantObjectError{} - noSvcMetaError := &NoServicesMetadataError{} + noSvcMetaError := &NoServicesMetadataError{} if errors.As(err, &noTenantObjError) || errors.As(err, &noSvcMetaError) { return reconcile.Result{}, nil } diff --git a/controllers/tenant/limitranges.go b/controllers/tenant/limitranges.go index f8301aea..c9056027 100644 --- a/controllers/tenant/limitranges.go +++ b/controllers/tenant/limitranges.go @@ -64,6 +64,7 @@ func (r *Manager) syncLimitRange(ctx context.Context, tenant *capsulev1beta2.Ten } var res controllerutil.OperationResult + res, err = controllerutil.CreateOrUpdate(ctx, r.Client, target, func() (err error) { labels := target.GetLabels() if labels == nil { diff --git a/controllers/tenant/manager.go b/controllers/tenant/manager.go index 9ae0bd32..0305a7ce 100644 --- a/controllers/tenant/manager.go +++ b/controllers/tenant/manager.go @@ -25,6 +25,7 @@ import ( type Manager struct { client.Client + Metrics *metrics.TenantRecorder Log logr.Logger Recorder record.EventRecorder diff --git a/controllers/tenant/networkpolicies.go b/controllers/tenant/networkpolicies.go index 1dd83601..85bf73ee 100644 --- a/controllers/tenant/networkpolicies.go +++ b/controllers/tenant/networkpolicies.go @@ -63,6 +63,7 @@ func (r *Manager) syncNetworkPolicy(ctx context.Context, tenant *capsulev1beta2. } var res controllerutil.OperationResult + res, err = controllerutil.CreateOrUpdate(ctx, r.Client, target, func() (err error) { labels := target.GetLabels() if labels == nil { diff --git a/controllers/tenant/rolebindings.go b/controllers/tenant/rolebindings.go index a37e6dae..566eda3b 100644 --- a/controllers/tenant/rolebindings.go +++ b/controllers/tenant/rolebindings.go @@ -128,6 +128,7 @@ func (r *Manager) syncAdditionalRoleBinding(ctx context.Context, tenant *capsule } var res controllerutil.OperationResult + res, err = controllerutil.CreateOrUpdate(ctx, r.Client, target, func() error { if target.Labels == nil { target.Labels = map[string]string{} diff --git a/controllers/tls/manager.go b/controllers/tls/manager.go index 5fd0e7ee..6a00f5d0 100644 --- a/controllers/tls/manager.go +++ b/controllers/tls/manager.go @@ -41,6 +41,7 @@ const ( type Reconciler struct { client.Client + Log logr.Logger Scheme *runtime.Scheme Namespace string diff --git a/pkg/api/allowed_list.go b/pkg/api/allowed_list.go index 52665e17..4e88f098 100644 --- a/pkg/api/allowed_list.go +++ b/pkg/api/allowed_list.go @@ -17,7 +17,8 @@ import ( type DefaultAllowedListSpec struct { SelectorAllowedListSpec `json:",inline"` - Default string `json:"default,omitempty"` + + Default string `json:"default,omitempty"` } func (in *DefaultAllowedListSpec) MatchDefault(value string) bool { @@ -92,7 +93,8 @@ func (in *AllowedListSpec) RegexMatch(value string) (ok bool) { // +kubebuilder:object:generate=true type SelectionListWithDefaultSpec struct { SelectionListWithSpec `json:",inline"` - Default string `json:"default,omitempty"` + + Default string `json:"default,omitempty"` } func (in *SelectionListWithDefaultSpec) MatchDefault(value string) bool { diff --git a/pkg/api/forbidden_list.go b/pkg/api/forbidden_list.go index cfd74286..cbac718f 100644 --- a/pkg/api/forbidden_list.go +++ b/pkg/api/forbidden_list.go @@ -86,6 +86,7 @@ func ValidateForbidden(metadata map[string]string, forbiddenList ForbiddenListSp for key := range metadata { var forbidden, matched bool + forbidden = forbiddenList.ExactMatch(key) matched = forbiddenList.RegexMatch(key) diff --git a/pkg/api/status.go b/pkg/api/status.go index 3f3b4def..1015e1fa 100644 --- a/pkg/api/status.go +++ b/pkg/api/status.go @@ -3,9 +3,7 @@ package api -import ( - k8stypes "k8s.io/apimachinery/pkg/types" -) +import k8stypes "k8s.io/apimachinery/pkg/types" // Name must be unique within a namespace. Is required when creating resources, although // some resources may allow a client to request the generation of an appropriate name @@ -23,10 +21,11 @@ func (n Name) String() string { } type StatusNameUID struct { + // UID of the tracked Tenant to pin point tracking + k8stypes.UID `json:"uid,omitempty" protobuf:"bytes,5,opt,name=uid"` + // Name Name Name `json:"name,omitempty"` // Namespace Namespace Name `json:"namespace,omitempty"` - // UID of the tracked Tenant to pin point tracking - k8stypes.UID `json:"uid,omitempty" protobuf:"bytes,5,opt,name=uid"` } diff --git a/pkg/webhook/ingress/validate_collision.go b/pkg/webhook/ingress/validate_collision.go index 0fde7f3e..9558fb38 100644 --- a/pkg/webhook/ingress/validate_collision.go +++ b/pkg/webhook/ingress/validate_collision.go @@ -74,7 +74,6 @@ func (r *collision) validate(ctx context.Context, client client.Client, req admi } var collisionErr *ingressHostnameCollisionError - if errors.As(err, &collisionErr) { recorder.Eventf(tenant, corev1.EventTypeWarning, "IngressHostnameCollision", "Ingress %s/%s hostname is colliding", ing.Namespace(), ing.Name()) } diff --git a/pkg/webhook/ingress/validate_hostnames.go b/pkg/webhook/ingress/validate_hostnames.go index a03db925..c62db954 100644 --- a/pkg/webhook/ingress/validate_hostnames.go +++ b/pkg/webhook/ingress/validate_hostnames.go @@ -80,7 +80,6 @@ func (r *hostnames) validate(ctx context.Context, client client.Client, req admi } var hostnameNotValidErr *ingressHostnameNotValidError - if errors.As(err, &hostnameNotValidErr) { recorder.Eventf(tenant, corev1.EventTypeWarning, "IngressHostnameNotValid", "Ingress %s/%s hostname is not valid", ingress.Namespace(), ingress.Name()) diff --git a/pkg/webhook/node/user_metadata.go b/pkg/webhook/node/user_metadata.go index fa75aba0..8c787684 100644 --- a/pkg/webhook/node/user_metadata.go +++ b/pkg/webhook/node/user_metadata.go @@ -97,6 +97,7 @@ func (r *userMetadataHandler) getForbiddenNodeLabels(node *corev1.Node) map[stri for label, value := range node.GetLabels() { var forbidden, matched bool + forbidden = forbiddenLabels.ExactMatch(label) matched = forbiddenLabels.RegexMatch(label) @@ -115,6 +116,7 @@ func (r *userMetadataHandler) getForbiddenNodeAnnotations(node *corev1.Node) map for annotation, value := range node.GetAnnotations() { var forbidden, matched bool + forbidden = forbiddenAnnotations.ExactMatch(annotation) matched = forbiddenAnnotations.RegexMatch(annotation) diff --git a/pkg/webhook/tenant/custom_resource_quota.go b/pkg/webhook/tenant/custom_resource_quota.go index 4f73e7e7..13c98beb 100644 --- a/pkg/webhook/tenant/custom_resource_quota.go +++ b/pkg/webhook/tenant/custom_resource_quota.go @@ -36,7 +36,6 @@ func (r *resourceCounterHandler) OnCreate(clt client.Client, _ admission.Decoder var tntName string var err error - if tntName, err = r.getTenantName(ctx, clt, req); err != nil { return utils.ErroredResponse(err) } @@ -90,7 +89,6 @@ func (r *resourceCounterHandler) OnDelete(clt client.Client, _ admission.Decoder var tntName string var err error - if tntName, err = r.getTenantName(ctx, clt, req); err != nil { return utils.ErroredResponse(err) }