chore: update golangci-lint to v1.52.2 (#1115)

* chore: update golangci-lint to v1.52.2

Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

* chore: fix lint errors

Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

---------

Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

pkg/auth/auth.go

@@ -138,7 +138,7 @@ func NewConfig(
 }
 
 // GetAuthorizer returns an Azure authorizer based on the provided azure identity
-func (c Config) GetAuthorizer(ctx context.Context, podName, podNamespace, resource, aadEndpoint, tenantID, nmiPort string) (autorest.Authorizer, error) {
+func (c Config) GetAuthorizer(podName, podNamespace, resource, aadEndpoint, tenantID, nmiPort string) (autorest.Authorizer, error) {
 	var cred azcore.TokenCredential
 	var err error
 
@@ -147,11 +147,11 @@ func (c Config) GetAuthorizer(ctx context.Context, podName, podNamespace, resour
 	case c.UsePodIdentity:
 		cred, err = getAuthorizerForPodIdentity(podName, podNamespace, resource, tenantID, nmiPort)
 	case c.UseVMManagedIdentity:
-		cred, err = getAuthorizerForManagedIdentity(resource, c.UserAssignedIdentityID)
+		cred, err = getAuthorizerForManagedIdentity(c.UserAssignedIdentityID)
 	case len(c.AADClientSecret) > 0 && len(c.AADClientID) > 0:
-		cred, err = getAuthorizerForServicePrincipal(c.AADClientID, c.AADClientSecret, resource, aadEndpoint, tenantID)
+		cred, err = getAuthorizerForServicePrincipal(c.AADClientID, c.AADClientSecret, aadEndpoint, tenantID)
 	case len(c.WorkloadIdentityClientID) > 0 && len(c.WorkloadIdentityToken) > 0:
-		cred, err = getAuthorizerForWorkloadIdentity(ctx, c.WorkloadIdentityClientID, c.WorkloadIdentityToken, resource, aadEndpoint, tenantID)
+		cred, err = getAuthorizerForWorkloadIdentity(c.WorkloadIdentityClientID, c.WorkloadIdentityToken, aadEndpoint, tenantID)
 	default:
 		return nil, fmt.Errorf("no identity mode is enabled")
 	}
@@ -181,7 +181,7 @@ func (w *workloadIdentityCredential) getAssertion(context.Context) (string, erro
 	return w.assertion, nil
 }
 
-func getAuthorizerForWorkloadIdentity(ctx context.Context, clientID, signedAssertion, resource, aadEndpoint, tenantID string) (azcore.TokenCredential, error) {
+func getAuthorizerForWorkloadIdentity(clientID, signedAssertion, aadEndpoint, tenantID string) (azcore.TokenCredential, error) {
 	opts := &workloadIdentityCredentialOptions{
 		ClientOptions: azcore.ClientOptions{
 			Cloud: cloud.Configuration{
@@ -192,7 +192,7 @@ func getAuthorizerForWorkloadIdentity(ctx context.Context, clientID, signedAsser
 	return newWorkloadIdentityCredential(tenantID, clientID, signedAssertion, opts)
 }
 
-func getAuthorizerForServicePrincipal(clientID, secret, resource, aadEndpoint, tenantID string) (azcore.TokenCredential, error) {
+func getAuthorizerForServicePrincipal(clientID, secret, aadEndpoint, tenantID string) (azcore.TokenCredential, error) {
 	opts := &azidentity.ClientSecretCredentialOptions{
 		ClientOptions: azcore.ClientOptions{
 			Cloud: cloud.Configuration{
@@ -203,14 +203,14 @@ func getAuthorizerForServicePrincipal(clientID, secret, resource, aadEndpoint, t
 	return azidentity.NewClientSecretCredential(tenantID, clientID, secret, opts)
 }
 
-func getAuthorizerForManagedIdentity(resource, identityClientID string) (azcore.TokenCredential, error) {
+func getAuthorizerForManagedIdentity(identityClientID string) (azcore.TokenCredential, error) {
 	opts := &azidentity.ManagedIdentityCredentialOptions{
 		ID: azidentity.ClientID(identityClientID),
 	}
 	return azidentity.NewManagedIdentityCredential(opts)
 }
 
-func (c *podIdentityCredential) GetToken(ctx context.Context, opts policy.TokenRequestOptions) (azcore.AccessToken, error) {
+func (c *podIdentityCredential) GetToken(ctx context.Context, _ policy.TokenRequestOptions) (azcore.AccessToken, error) {
 	// For usePodIdentity mode, the CSI driver makes an authorization request to fetch token for a resource from the NMI host endpoint (http://127.0.0.1:2579/host/token/).
 	// The request includes the pod namespace `podns` and the pod name `podname` in the request header and the resource endpoint of the resource requesting the token.
 	// The NMI server identifies the pod based on the `podns` and `podname` in the request header and then queries k8s (through MIC) for a matching azure identity.
@@ -225,6 +225,8 @@ func (c *podIdentityCredential) GetToken(ctx context.Context, opts policy.TokenR
 	}
 	req.Header.Add(podNamespaceHeader, c.podNamespace)
 	req.Header.Add(podNameHeader, c.podName)
+	req = req.WithContext(ctx)
+
 	resp, err := client.Do(req)
 	if err != nil {
 		return azcore.AccessToken{}, err

pkg/provider/provider.go

@@ -37,7 +37,7 @@ import (
 
 // Provider implements the secrets-store-csi-driver provider interface
 type Interface interface {
-	GetSecretsStoreObjectContent(ctx context.Context, attrib, secrets map[string]string, targetPath string, defaultFilePermission os.FileMode) ([]types.SecretFile, error)
+	GetSecretsStoreObjectContent(ctx context.Context, attrib, secrets map[string]string, defaultFilePermission os.FileMode) ([]types.SecretFile, error)
 }
 
 type provider struct {
@@ -90,7 +90,7 @@ func ParseAzureEnvironment(cloudName string) (*azure.Environment, error) {
 	return &env, err
 }
 
-func (mc *mountConfig) initializeKvClient(ctx context.Context) (*kv.BaseClient, error) {
+func (mc *mountConfig) initializeKvClient() (*kv.BaseClient, error) {
 	kvClient := kv.New()
 	kvEndpoint := strings.TrimSuffix(mc.azureCloudEnvironment.KeyVaultEndpoint, "/")
 
@@ -99,7 +99,7 @@ func (mc *mountConfig) initializeKvClient(ctx context.Context) (*kv.BaseClient,
 		return nil, errors.Wrapf(err, "failed to add user agent to keyvault client")
 	}
 
-	kvClient.Authorizer, err = mc.GetAuthorizer(ctx, kvEndpoint)
+	kvClient.Authorizer, err = mc.GetAuthorizer(kvEndpoint)
 	if err != nil {
 		return nil, errors.Wrapf(err, "failed to get authorizer for keyvault client")
 	}
@@ -123,13 +123,13 @@ func (mc *mountConfig) getVaultURL() (vaultURL *string, err error) {
 }
 
 // GetAuthorizer returns an Azure authorizer based on the provided azure identity
-func (mc *mountConfig) GetAuthorizer(ctx context.Context, resource string) (autorest.Authorizer, error) {
-	return mc.authConfig.GetAuthorizer(ctx, mc.podName, mc.podNamespace, resource, mc.azureCloudEnvironment.ActiveDirectoryEndpoint, mc.tenantID, types.PodIdentityNMIPort)
+func (mc *mountConfig) GetAuthorizer(resource string) (autorest.Authorizer, error) {
+	return mc.authConfig.GetAuthorizer(mc.podName, mc.podNamespace, resource, mc.azureCloudEnvironment.ActiveDirectoryEndpoint, mc.tenantID, types.PodIdentityNMIPort)
 }
 
 // GetSecretsStoreObjectContent gets the objects (secret, key, certificate) from keyvault and returns the content
 // to the CSI driver. The driver will write the content to the file system.
-func (p *provider) GetSecretsStoreObjectContent(ctx context.Context, attrib, secrets map[string]string, targetPath string, defaultFilePermission os.FileMode) ([]types.SecretFile, error) {
+func (p *provider) GetSecretsStoreObjectContent(ctx context.Context, attrib, secrets map[string]string, defaultFilePermission os.FileMode) ([]types.SecretFile, error) {
 	keyvaultName := types.GetKeyVaultName(attrib)
 	cloudName := types.GetCloudName(attrib)
 	userAssignedIdentityID := types.GetUserAssignedIdentityID(attrib)
@@ -231,7 +231,7 @@ func (p *provider) GetSecretsStoreObjectContent(ctx context.Context, attrib, sec
 	klog.V(2).InfoS("vault url", "vaultName", mc.keyvaultName, "vaultURL", *vaultURL, "pod", klog.ObjectRef{Namespace: podNamespace, Name: podName})
 
 	// the keyvault name is per SPC and we don't need to recreate the client for every single keyvault object defined
-	kvClient, err := mc.initializeKvClient(ctx)
+	kvClient, err := mc.initializeKvClient()
 	if err != nil {
 		return nil, errors.Wrap(err, "failed to get keyvault client")
 	}

pkg/provider/provider_test.go

@@ -878,7 +878,7 @@ func TestInitializeKVClient(t *testing.T) {
 		version.BuildDate = "Now"
 		version.Vcs = "hash"
 
-		kvBaseClient, err := mc.initializeKvClient(context.TODO())
+		kvBaseClient, err := mc.initializeKvClient()
 		assert.NoError(t, err)
 		assert.NotNil(t, kvBaseClient)
 		assert.NotNil(t, kvBaseClient.Authorizer)
@@ -1033,10 +1033,7 @@ func TestGetSecretsStoreObjectContent(t *testing.T) {
 		t.Run(tc.desc, func(t *testing.T) {
 			p := NewProvider(false, false)
 
-			tmpDir, err := os.MkdirTemp("", "ut")
-			assert.NoError(t, err)
-
-			_, err = p.GetSecretsStoreObjectContent(context.TODO(), tc.parameters, tc.secrets, tmpDir, 0420)
+			_, err := p.GetSecretsStoreObjectContent(context.TODO(), tc.parameters, tc.secrets, 0420)
 			if tc.expectedErr {
 				assert.NotNil(t, err)
 			} else {

pkg/provider/validate.go

@@ -16,10 +16,7 @@ func validate(kv types.KeyVaultObject) error {
 	if err := validateObjectEncoding(kv.ObjectEncoding, kv.ObjectType); err != nil {
 		return err
 	}
-	if err := validateFileName(kv.GetFileName()); err != nil {
-		return err
-	}
-	return nil
+	return validateFileName(kv.GetFileName())
 }
 
 // validateObjectFormat checks if the object format is valid and is supported

pkg/server/healthz.go

@@ -41,7 +41,7 @@ func (h *HealthZ) Serve() {
 	}
 }
 
-func (h *HealthZ) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+func (h *HealthZ) ServeHTTP(w http.ResponseWriter, _ *http.Request) {
 	klog.V(5).Infof("Started health check")
 	ctx, cancel := context.WithTimeout(context.Background(), h.RPCTimeout)
 	defer cancel()

pkg/server/server.go

@@ -53,7 +53,7 @@ func (s *CSIDriverProviderServer) Mount(ctx context.Context, req *v1alpha1.Mount
 		return &v1alpha1.MountResponse{}, fmt.Errorf("failed to unmarshal file permission, error: %w", err)
 	}
 
-	files, err := s.provider.GetSecretsStoreObjectContent(ctx, attrib, secret, req.GetTargetPath(), defaultFilePermission)
+	files, err := s.provider.GetSecretsStoreObjectContent(ctx, attrib, secret, defaultFilePermission)
 	if err != nil {
 		klog.ErrorS(err, "failed to process mount request")
 		return &v1alpha1.MountResponse{}, fmt.Errorf("failed to mount objects, error: %w", err)
@@ -81,21 +81,21 @@ func (s *CSIDriverProviderServer) Mount(ctx context.Context, req *v1alpha1.Mount
 	}, nil
 }
 
-func (s *CSIDriverProviderServer) Version(ctx context.Context, req *v1alpha1.VersionRequest) (*v1alpha1.VersionResponse, error) {
+func (s *CSIDriverProviderServer) Version(_ context.Context, _ *v1alpha1.VersionRequest) (*v1alpha1.VersionResponse, error) {
 	return &v1alpha1.VersionResponse{
 		Version:        "v1alpha1",
 		RuntimeVersion: version.BuildVersion,
 		RuntimeName:    "secrets-store-csi-driver-provider-azure",
 	}, nil
 }
 
-func (s *CSIDriverProviderServer) Check(ctx context.Context, in *grpc_health_v1.HealthCheckRequest) (*grpc_health_v1.HealthCheckResponse, error) {
+func (s *CSIDriverProviderServer) Check(_ context.Context, _ *grpc_health_v1.HealthCheckRequest) (*grpc_health_v1.HealthCheckResponse, error) {
 	return &grpc_health_v1.HealthCheckResponse{
 		Status: grpc_health_v1.HealthCheckResponse_SERVING,
 	}, nil
 }
 
 // Watch for the serving status of the requested service.
-func (s *CSIDriverProviderServer) Watch(req *grpc_health_v1.HealthCheckRequest, w grpc_health_v1.Health_WatchServer) error {
+func (s *CSIDriverProviderServer) Watch(_ *grpc_health_v1.HealthCheckRequest, _ grpc_health_v1.Health_WatchServer) error {
 	return status.Error(codes.Unimplemented, "Watch is not supported")
 }

pkg/server/server_test.go

@@ -58,7 +58,7 @@ func TestMount(t *testing.T) {
 
 	testServer := &CSIDriverProviderServer{}
 	mockProvider := mock_provider.NewMockInterface(ctrl)
-	mockProvider.EXPECT().GetSecretsStoreObjectContent(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Return(
+	mockProvider.EXPECT().GetSecretsStoreObjectContent(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Return(
 		[]types.SecretFile{
 			{
 				Content: []byte("foo"),