Merge pull request #5180 from dmcgowan/lint-enforce-comments

Fix exported comments enforcer in CI
containerd · Mar 15, 2021 · a113818 · a113818
2 parents fad66f9 + 8cf669c
commit a113818
Show file tree

Hide file tree

Showing 32 changed files with 148 additions and 46 deletions.
diff --git a/.golangci.yml b/.golangci.yml
@@ -14,6 +14,10 @@ linters:
   disable:
     - errcheck
 
+issues:
+  include:
+    - EXC0002
+
 run:
   timeout: 3m
   skip-dirs:

diff --git a/client.go b/client.go
@@ -720,10 +720,12 @@ func (c *Client) Version(ctx context.Context) (Version, error) {
 	}, nil
 }
 
+// ServerInfo represents the introspected server information
 type ServerInfo struct {
 	UUID string
 }
 
+// Server returns server information from the introspection service
 func (c *Client) Server(ctx context.Context) (ServerInfo, error) {
 	c.connMu.Lock()
 	if c.conn == nil {
@@ -789,6 +791,8 @@ func CheckRuntime(current, expected string) bool {
 	return true
 }
 
+// GetSnapshotterSupportedPlatforms returns a platform matchers which represents the
+// supported platforms for the given snapshotters
 func (c *Client) GetSnapshotterSupportedPlatforms(ctx context.Context, snapshotterName string) (platforms.MatchComparer, error) {
 	filters := []string{fmt.Sprintf("type==%s, id==%s", plugin.SnapshotPlugin, snapshotterName)}
 	in := c.IntrospectionService()

diff --git a/cmd/ctr/commands/content/fetch.go b/cmd/ctr/commands/content/fetch.go
@@ -198,6 +198,8 @@ func Fetch(ctx context.Context, client *containerd.Client, ref string, config *F
 	return img, nil
 }
 
+// ShowProgress continuously updates the output with job progress
+// by checking status in the content store.
 func ShowProgress(ctx context.Context, ongoing *Jobs, cs content.Store, out io.Writer) {
 	var (
 		ticker   = time.NewTicker(100 * time.Millisecond)
@@ -328,13 +330,15 @@ type Jobs struct {
 	resolved bool
 }
 
+// NewJobs creates a new instance of the job status tracker
 func NewJobs(name string) *Jobs {
 	return &Jobs{
 		name:  name,
 		added: map[digest.Digest]struct{}{},
 	}
 }
 
+// Add adds a descriptor to be tracked
 func (j *Jobs) Add(desc ocispec.Descriptor) {
 	j.mu.Lock()
 	defer j.mu.Unlock()
@@ -347,6 +351,7 @@ func (j *Jobs) Add(desc ocispec.Descriptor) {
 	j.added[desc.Digest] = struct{}{}
 }
 
+// Jobs returns a list of all tracked descriptors
 func (j *Jobs) Jobs() []ocispec.Descriptor {
 	j.mu.Lock()
 	defer j.mu.Unlock()
@@ -355,6 +360,7 @@ func (j *Jobs) Jobs() []ocispec.Descriptor {
 	return append(descs, j.descs...)
 }
 
+// IsResolved checks whether a descriptor has been resolved
 func (j *Jobs) IsResolved() bool {
 	j.mu.Lock()
 	defer j.mu.Unlock()

diff --git a/cmd/ctr/commands/oci/oci.go b/cmd/ctr/commands/oci/oci.go
@@ -25,6 +25,7 @@ import (
 	"github.com/containerd/containerd/oci"
 )
 
+// Command is the parent for all OCI related tools under 'oci'
 var Command = cli.Command{
 	Name:  "oci",
 	Usage: "OCI tools",

diff --git a/content/adaptor.go b/content/adaptor.go
@@ -22,7 +22,7 @@ import (
 	"github.com/containerd/containerd/filters"
 )
 
-// AdoptInfo returns `filters.Adaptor` that handles `content.Info`.
+// AdaptInfo returns `filters.Adaptor` that handles `content.Info`.
 func AdaptInfo(info Info) filters.Adaptor {
 	return filters.AdapterFunc(func(fieldpath []string) (string, bool) {
 		if len(fieldpath) == 0 {

diff --git a/contrib/apparmor/apparmor.go b/contrib/apparmor/apparmor.go
@@ -81,7 +81,7 @@ func LoadDefaultProfile(name string) error {
 	return nil
 }
 
-// DumpDefaultProfiles dumps the default profile with the given name.
+// DumpDefaultProfile dumps the default profile with the given name.
 func DumpDefaultProfile(name string) (string, error) {
 	p, err := loadData(name)
 	if err != nil {

diff --git a/diff/stream.go b/diff/stream.go
@@ -168,6 +168,10 @@ func (c *compressedProcessor) Close() error {
 	return c.rc.Close()
 }
 
+// BinaryHandler creates a new stream processor handler which calls out to the given binary.
+// The id is used to identify the stream processor and allows the caller to send
+// payloads specific for that stream processor (i.e. decryption keys for decrypt stream processor).
+// The binary will be called for the provided mediaTypes and return the given media type.
 func BinaryHandler(id, returnsMediaType string, mediaTypes []string, path string, args, env []string) Handler {
 	set := make(map[string]struct{}, len(mediaTypes))
 	for _, m := range mediaTypes {

diff --git a/images/converter/default.go b/images/converter/default.go
@@ -348,6 +348,7 @@ func clearDockerV1DummyID(cfg DualConfig) (bool, error) {
 	return modified, nil
 }
 
+// ObjectWithMediaType represents an object with a MediaType field
 type ObjectWithMediaType struct {
 	// MediaType appears on Docker manifests and manifest lists.
 	// MediaType does not appear on OCI manifests and index

diff --git a/images/converter/uncompress/uncompress.go b/images/converter/uncompress/uncompress.go
@@ -91,6 +91,8 @@ func LayerConvertFunc(ctx context.Context, cs content.Store, desc ocispec.Descri
 	return &newDesc, nil
 }
 
+// IsUncompressedType returns whether the provided media type is considered
+// an uncompressed layer type
 func IsUncompressedType(mt string) bool {
 	switch mt {
 	case

diff --git a/integration/remote/remote_runtime.go b/integration/remote/remote_runtime.go
@@ -551,6 +551,7 @@ func (r *RuntimeService) ContainerStats(containerID string) (*runtimeapi.Contain
 	return resp.GetStats(), nil
 }
 
+// ListContainerStats lists all container stats given the provided filter
 func (r *RuntimeService) ListContainerStats(filter *runtimeapi.ContainerStatsFilter) ([]*runtimeapi.ContainerStats, error) {
 	klog.V(10).Infof("[RuntimeService] ListContainerStats (filter=%v)", filter)
 	// Do not set timeout, because writable layer stats collection takes time.
@@ -570,6 +571,7 @@ func (r *RuntimeService) ListContainerStats(filter *runtimeapi.ContainerStatsFil
 	return resp.GetStats(), nil
 }
 
+// ReopenContainerLog reopens the container log for the given container ID
 func (r *RuntimeService) ReopenContainerLog(containerID string) error {
 	klog.V(10).Infof("[RuntimeService] ReopenContainerLog (containerID=%v, timeout=%v)", containerID, r.timeout)
 	ctx, cancel := getContextWithTimeout(r.timeout)

diff --git a/mount/losetup_linux.go b/mount/losetup_linux.go
@@ -186,7 +186,7 @@ func removeLoop(loopdev string) error {
 	return err
 }
 
-// Attach a specified backing file to a loop device
+// AttachLoopDevice attaches a specified backing file to a loop device
 func AttachLoopDevice(backingFile string) (string, error) {
 	file, err := setupLoop(backingFile, LoopParams{})
 	if err != nil {
@@ -196,7 +196,7 @@ func AttachLoopDevice(backingFile string) (string, error) {
 	return file.Name(), nil
 }
 
-// Detach a loop device
+// DetachLoopDevice detaches the provided loop devices
 func DetachLoopDevice(devices ...string) error {
 	for _, dev := range devices {
 		if err := removeLoop(dev); err != nil {

diff --git a/oci/spec_opts.go b/oci/spec_opts.go
@@ -1172,8 +1172,6 @@ func WithLinuxDevices(devices []specs.LinuxDevice) SpecOpts {
 	}
 }
 
-var ErrNotADevice = errors.New("not a device node")
-
 // WithLinuxDevice adds the device specified by path to the spec
 func WithLinuxDevice(path, permissions string) SpecOpts {
 	return func(_ context.Context, _ Client, _ *containers.Container, s *Spec) error {

diff --git a/oci/spec_opts_linux.go b/oci/spec_opts_linux.go
@@ -27,6 +27,7 @@ import (
 	"github.com/containerd/containerd/containers"
 	"github.com/containerd/containerd/pkg/cap"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/pkg/errors"
 	"golang.org/x/sys/unix"
 )
 
@@ -42,6 +43,8 @@ func WithHostDevices(_ context.Context, _ Client, _ *containers.Container, s *Sp
 	return nil
 }
 
+var errNotADevice = errors.New("not a device node")
+
 func getDevices(path string) ([]specs.LinuxDevice, error) {
 	files, err := ioutil.ReadDir(path)
 	if err != nil {
@@ -70,7 +73,7 @@ func getDevices(path string) ([]specs.LinuxDevice, error) {
 		}
 		device, err := deviceFromPath(filepath.Join(path, f.Name()), "rwm")
 		if err != nil {
-			if err == ErrNotADevice {
+			if err == errNotADevice {
 				continue
 			}
 			if os.IsNotExist(err) {
@@ -96,7 +99,7 @@ func deviceFromPath(path, permissions string) (*specs.LinuxDevice, error) {
 		minor     = unix.Minor(devNumber)
 	)
 	if major == 0 {
-		return nil, ErrNotADevice
+		return nil, errNotADevice
 	}
 
 	var (

diff --git a/oci/spec_opts_unix.go b/oci/spec_opts_unix.go
@@ -26,6 +26,7 @@ import (
 
 	"github.com/containerd/containerd/containers"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/pkg/errors"
 	"golang.org/x/sys/unix"
 )
 
@@ -41,6 +42,8 @@ func WithHostDevices(_ context.Context, _ Client, _ *containers.Container, s *Sp
 	return nil
 }
 
+var errNotADevice = errors.New("not a device node")
+
 func getDevices(path string) ([]specs.LinuxDevice, error) {
 	files, err := ioutil.ReadDir(path)
 	if err != nil {
@@ -69,7 +72,7 @@ func getDevices(path string) ([]specs.LinuxDevice, error) {
 		}
 		device, err := deviceFromPath(filepath.Join(path, f.Name()), "rwm")
 		if err != nil {
-			if err == ErrNotADevice {
+			if err == errNotADevice {
 				continue
 			}
 			if os.IsNotExist(err) {
@@ -94,7 +97,7 @@ func deviceFromPath(path, permissions string) (*specs.LinuxDevice, error) {
 		minor     = unix.Minor(devNumber)
 	)
 	if major == 0 {
-		return nil, ErrNotADevice
+		return nil, errNotADevice
 	}
 
 	var (

diff --git a/pkg/apparmor/apparmor.go b/pkg/apparmor/apparmor.go
@@ -1,5 +1,3 @@
-// +build linux
-
 /*
    Copyright The containerd Authors.
 
@@ -18,31 +16,12 @@
 
 package apparmor
 
-import (
-	"io/ioutil"
-	"os"
-	"sync"
-)
-
-var (
-	appArmorSupported bool
-	checkAppArmor     sync.Once
-)
-
-// HostSupports returns true if apparmor is enabled for the host, if
-// apparmor_parser is enabled, and if we are not running docker-in-docker.
+// HostSupports returns true if apparmor is enabled for the host, // On non-Linux returns false
+// On Linux returns true if apparmor_parser is enabled, and if we
+//  are not running docker-in-docker.
 //
-// It is a modified version of libcontainer/apparmor.IsEnabled(), which does not
-// check for apparmor_parser to be present, or if we're running docker-in-docker.
+//  It is a modified version of libcontainer/apparmor.IsEnabled(), which does not
+//  check for apparmor_parser to be present, or if we're running docker-in-docker.
 func HostSupports() bool {
-	checkAppArmor.Do(func() {
-		// see https://github.com/docker/docker/commit/de191e86321f7d3136ff42ff75826b8107399497
-		if _, err := os.Stat("/sys/kernel/security/apparmor"); err == nil && os.Getenv("container") == "" {
-			if _, err = os.Stat("/sbin/apparmor_parser"); err == nil {
-				buf, err := ioutil.ReadFile("/sys/module/apparmor/parameters/enabled")
-				appArmorSupported = err == nil && len(buf) > 1 && buf[0] == 'Y'
-			}
-		}
-	})
-	return appArmorSupported
+	return hostSupports()
 }
diff --git a/pkg/apparmor/apparmor_linux.go b/pkg/apparmor/apparmor_linux.go
@@ -0,0 +1,48 @@
+// +build linux
+
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package apparmor
+
+import (
+	"io/ioutil"
+	"os"
+	"sync"
+)
+
+var (
+	appArmorSupported bool
+	checkAppArmor     sync.Once
+)
+
+// hostSupports returns true if apparmor is enabled for the host, if
+// apparmor_parser is enabled, and if we are not running docker-in-docker.
+//
+// It is a modified version of libcontainer/apparmor.IsEnabled(), which does not
+// check for apparmor_parser to be present, or if we're running docker-in-docker.
+func hostSupports() bool {
+	checkAppArmor.Do(func() {
+		// see https://github.com/docker/docker/commit/de191e86321f7d3136ff42ff75826b8107399497
+		if _, err := os.Stat("/sys/kernel/security/apparmor"); err == nil && os.Getenv("container") == "" {
+			if _, err = os.Stat("/sbin/apparmor_parser"); err == nil {
+				buf, err := ioutil.ReadFile("/sys/module/apparmor/parameters/enabled")
+				appArmorSupported = err == nil && len(buf) > 1 && buf[0] == 'Y'
+			}
+		}
+	})
+	return appArmorSupported
+}
diff --git a/pkg/apparmor/apparmor_unsupported.go b/pkg/apparmor/apparmor_unsupported.go
@@ -18,7 +18,6 @@
 
 package apparmor
 
-//nolint: deadcode, unused
-func HostSupports() bool {
+func hostSupports() bool {
 	return false
 }
diff --git a/pkg/cap/cap_linux.go b/pkg/cap/cap_linux.go
@@ -65,7 +65,7 @@ type Type int
 const (
 	// Effective is CapEff
 	Effective Type = 1 << iota
-	// Effective is CapPrm
+	// Permitted is CapPrm
 	Permitted
 	// Inheritable is CapInh
 	Inheritable

diff --git a/pkg/cri/store/label/label.go b/pkg/cri/store/label/label.go
@@ -22,13 +22,15 @@ import (
 	"github.com/opencontainers/selinux/go-selinux"
 )
 
+// Store is used to store SELinux process labels
 type Store struct {
 	sync.Mutex
 	levels   map[string]int
 	Releaser func(string)
 	Reserver func(string)
 }
 
+// NewStore creates a new SELinux process label store
 func NewStore() *Store {
 	return &Store{
 		levels:   map[string]int{},
@@ -37,6 +39,8 @@ func NewStore() *Store {
 	}
 }
 
+// Reserve reserves the MLS/MCS level component of the specified label
+// and prevents multiple reserves for the same level
 func (s *Store) Reserve(label string) error {
 	s.Lock()
 	defer s.Unlock()
@@ -60,6 +64,9 @@ func (s *Store) Reserve(label string) error {
 	return nil
 }
 
+// Release un-reserves the MLS/MCS level component of the specified label,
+// allowing it to be used by another process once labels with the same
+// level have been released.
 func (s *Store) Release(label string) {
 	s.Lock()
 	defer s.Unlock()