Merge pull request #139 from open-policy-agent/upgrade-linting

Upgrade frameworks version of golangci-lint

.github/workflows/workflow.yml

@@ -7,23 +7,14 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 5
     steps:
-      - name: Check out code into the Go module directory
-        uses: actions/checkout@v2
-        with:
-          path: go/src/github.com/open-policy-agent/frameworks
-
-      - name: Install golangci-lint
-        run: |
-          mkdir -p $GITHUB_WORKSPACE/bin
-          echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH
-          curl -sfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $GITHUB_WORKSPACE/bin v${GOLANGCILINT_VERSION}
-        env:
-          GOLANGCILINT_VERSION: 1.32.2
-
-      - name: Make lint
-        run: |
-          make lint
-        working-directory: go/src/github.com/open-policy-agent/frameworks/constraint
+    - uses: actions/checkout@v2
+      # source: https://github.com/golangci/golangci-lint-action
+    - name: golangci-lint
+      uses: golangci/golangci-lint-action@v2
+      with:
+        # version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version
+        version: v1.42.1
+        working-directory: constraint
 
   test:
     name: "Unit test"

constraint/.golangci.yaml

@@ -1,25 +1,44 @@
-linter-settings:
+run:
+  timeout: 5m
+
+linters-settings:
+  gocritic:
+    enabled-tags:
+    - performance
+  gosec:
+    excludes:
+    - G108
   lll:
     line-length: 200
 
   misspell:
     locale: US
+  staticcheck:
+    # Select the Go version to target. The default is '1.13'.
+    go: "1.17"
 
 linters:
   disable-all: true
   enable:
-    - errcheck
-    - govet
-    - ineffassign
-    - golint
-    - goconst
-    - gofmt
-    - goimports
-    - unused
-    - varcheck
-    - deadcode
-    - misspell
-    - typecheck
-    - structcheck
-    - staticcheck
-    - gosimple
+  - deadcode
+  - errcheck
+  - exportloopref
+  - forcetypeassert
+  - gocritic
+  - goconst
+  - godot
+  - gofmt
+  - gofumpt
+  - goimports
+  - gosec
+  - gosimple
+  - govet
+  - ineffassign
+  - misspell
+  - revive # replacement for golint
+  - staticcheck
+  - structcheck
+  - typecheck
+  - unused
+  - varcheck
+  - whitespace

constraint/README.md

@@ -5,7 +5,7 @@
 ### What is a Constraint?
 
 A constraint is a declaration that its author wants a system to meet a given set of
-requirements. For example, if I have a system with objects that can be labeled and
+requirements. For example, if I have a system with objects that can be labeled, and
 I want to make sure that every object has a `billing` label, I might write the
 following constraint YAML:
 
@@ -34,7 +34,7 @@ multiple places in a workflow, improving likelihood of compliance.
 ### What is a Constraint Template?
 
 Constraint Templates allow people to declare new constraints. They can provide the
-expected input parameters and the underlying Rego necessary to enforce their
+expected input parameters, and the underlying Rego necessary to enforce their
 intent. For example, to define the `FooSystemRequiredLabel` constraint kind
 implemented above, I might write the following template YAML:
 
@@ -130,7 +130,7 @@ in the same validation context. This is probably best illustrated by a few examp
 ##### Kubernetes Admission Webhooks Create a Target
 
 All Kubernetes resources are defined by `group`, `version` and `kind`. They can
-additionally be grouped by namespace, or by using label selectors. Therefore they
+additionally be grouped by namespace, or by using label selectors. Therefore, they
 have a common naming and selection scheme. All Kubernetes resources declaratively
 configure the state of a Kubernetes cluster, therefore they share a purpose.
 Finally, they are all can be evaluated using a [Validating Admission Webhook](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/).
@@ -141,15 +141,15 @@ Kubernetes admission webhooks a potential target.
 
 All Kubernetes requests can be defined by their type (e.g. `CREATE`, `UPDATE`,
 `WATCH`) and therefore have a common selection scheme. All Kubernetes requests
-broadcast the requestor's intent to modify the Kubernetes cluster. Therefore they
+broadcast the requestor's intent to modify the Kubernetes cluster. Therefore, they
 have a common purpose. All requests can be evaluated by an [authorization webhook](https://kubernetes.io/docs/reference/access-authn-authz/webhook/)
 and therefore they share a common evaluation schema.
 
 #### How Do I Know if [X] Should be a Target?
 
-Currently there are no hard and fast litmus tests for determining a good boundary
+Currently, there are no hard and fast litmus tests for determining a good boundary
 for a target, much like there are no hard and fast rules for what should be in a
-function or a class, just guidelines, ideology and the notion of orthoganality and
+function or a class, just guidelines, ideology and the notion of orthogonality and
 testability (among others). Chances are, if you can come up with a set of rules for
 a new system that could be useful, you may have a good candidate for a new target.
 
@@ -200,10 +200,10 @@ The most interesting fields here are `HandleReview()`, `MatchSchema()`, and `Lib
 
 ### `HandleReview()`
 
-`HandleReview()` determinines whether and how a target handler is involved with a
+`HandleReview()` determines whether and how a target handler is involved with a
 `Review()` request (which checks to make sure an input complies with all
 constraints). It returns `true` if the target should be involved with reviewing the
-object and the second return value defines the schema of the `input.review` object
+object, and the second return value defines the schema of the `input.review` object
 available to all constraint rules.
 
 ### `MatchSchema()`

constraint/cmd/rewrite-compatibility/main.go

@@ -7,7 +7,6 @@ import (
 
 	"github.com/golang/glog"
 	_ "github.com/golang/glog"
-	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
 
@@ -67,10 +66,10 @@ func compileSrcs(
 	oldRoot string,
 	newRoot string) error {
 	if len(cts) == 0 && len(libs) == 0 {
-		return errors.Errorf("must specify --ct or --lib or both")
+		return fmt.Errorf("must specify --ct or --lib or both")
 	}
 	if (oldRoot == "") != (newRoot == "") {
-		return errors.Errorf("--input and --output must be empty or non empty together")
+		return fmt.Errorf("--input and --output must be empty or non empty together")
 	}
 
 	regoRewriter, err := regorewriter.New(
@@ -82,7 +81,6 @@ func compileSrcs(
 			"data.inventory",
 		},
 	)
-
 	if err != nil {
 		return err
 	}

constraint/pkg/apis/apis.go

@@ -24,10 +24,10 @@ import (
 	"k8s.io/apimachinery/pkg/runtime"
 )
 
-// AddToSchemes may be used to add all resources defined in the project to a Scheme
+// AddToSchemes may be used to add all resources defined in the project to a Scheme.
 var AddToSchemes runtime.SchemeBuilder
 
-// AddToScheme adds all Resources to the Scheme
+// AddToScheme adds all Resources to the Scheme.
 func AddToScheme(s *runtime.Scheme) error {
 	return AddToSchemes.AddToScheme(s)
 }

constraint/pkg/apis/templates/crd_schema.go

@@ -9,6 +9,8 @@ import (
 	"sigs.k8s.io/yaml"
 )
 
+// ConstraintTemplateSchemas are the per-version structural schemas for
+// ConstraintTemplates.
 var ConstraintTemplateSchemas map[string]*schema.Structural
 
 func initializeCTSchemaMap() {

constraint/pkg/apis/templates/scheme.go

@@ -6,6 +6,7 @@ import (
 	"k8s.io/apimachinery/pkg/runtime"
 )
 
+// Scheme is the global schema used for transforming Templates between API Versions.
 var Scheme *runtime.Scheme
 
 func initializeScheme() {

constraint/pkg/apis/templates/transform.go

@@ -46,7 +46,8 @@ func AddPreserveUnknownFields(sch *apiextensionsv1.JSONSchemaProps) error {
 	}
 
 	if sch.Properties != nil {
-		for k, v := range sch.Properties {
+		for k := range sch.Properties {
+			v := sch.Properties[k]
 			if err := AddPreserveUnknownFields(&v); err != nil {
 				return err
 			}

constraint/pkg/apis/templates/v1/constrainttemplate_types.go

@@ -23,7 +23,7 @@ import (
 // EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
 // NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
 
-// ConstraintTemplateSpec defines the desired state of ConstraintTemplate
+// ConstraintTemplateSpec defines the desired state of ConstraintTemplate.
 type ConstraintTemplateSpec struct {
 	CRD     CRD      `json:"crd,omitempty"`
 	Targets []Target `json:"targets,omitempty"`
@@ -76,7 +76,7 @@ type ByPodStatus struct {
 	Errors             []CreateCRDError `json:"errors,omitempty"`
 }
 
-// ConstraintTemplateStatus defines the observed state of ConstraintTemplate
+// ConstraintTemplateStatus defines the observed state of ConstraintTemplate.
 type ConstraintTemplateStatus struct {
 	Created bool          `json:"created,omitempty"`
 	ByPod   []ByPodStatus `json:"byPod,omitempty"`
@@ -104,7 +104,7 @@ type ConstraintTemplate struct {
 
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 
-// ConstraintTemplateList contains a list of ConstraintTemplate
+// ConstraintTemplateList contains a list of ConstraintTemplate.
 type ConstraintTemplateList struct {
 	metav1.TypeMeta `json:",inline"`
 	metav1.ListMeta `json:"metadata,omitempty"`

constraint/pkg/apis/templates/v1/constrainttemplate_types_test.go

@@ -136,7 +136,7 @@ func TestTypeConversion(t *testing.T) {
 
 // TestValidationVersionConversionAndTransformation confirms that our custom conversion
 // function works, and also that it adds in the x-kubernetes-preserve-unknown-fields information
-// that we require for v1 CRD support
+// that we require for v1 CRD support.
 func TestValidationVersionConversionAndTransformation(t *testing.T) {
 	// The scheme is responsible for defaulting
 	scheme := runtime.NewScheme()

constraint/pkg/apis/templates/v1/conversion.go

@@ -23,7 +23,7 @@ import (
 	"k8s.io/apimachinery/pkg/conversion"
 )
 
-func Convert_v1_Validation_To_templates_Validation(in *Validation, out *coreTemplates.Validation, s conversion.Scope) error { //nolint:golint
+func Convert_v1_Validation_To_templates_Validation(in *Validation, out *coreTemplates.Validation, s conversion.Scope) error { // nolint:revive // Required exact function name.
 	inSchema := in.OpenAPIV3Schema
 
 	// legacySchema should allow for users to provide arbitrary parameters, regardless of whether the user specified them
@@ -44,7 +44,6 @@ func Convert_v1_Validation_To_templates_Validation(in *Validation, out *coreTemp
 		if err := apiextensionsv1.Convert_v1_JSONSchemaProps_To_apiextensions_JSONSchemaProps(inSchemaCopy, out.OpenAPIV3Schema, s); err != nil {
 			return err
 		}
-
 	} else {
 		out.OpenAPIV3Schema = nil
 	}

constraint/pkg/apis/templates/v1/defaults.go

@@ -12,7 +12,7 @@ func addDefaultingFuncs(scheme *runtime.Scheme) error {
 	return RegisterDefaults(scheme)
 }
 
-func SetDefaults_ConstraintTemplate(obj *ConstraintTemplate) { //nolint:golint
+func SetDefaults_ConstraintTemplate(obj *ConstraintTemplate) { // nolint:revive // Required exact function name.
 	// turn the CT into an unstructured
 	un, err := runtime.DefaultUnstructuredConverter.ToUnstructured(obj)
 	if err != nil {

constraint/pkg/apis/templates/v1/helpers.go

@@ -6,7 +6,7 @@ import (
 )
 
 // ToVersionless runs defaulting functions and then converts the ConstraintTemplate to the
-// versionless api representation
+// versionless api representation.
 func (versioned *ConstraintTemplate) ToVersionless() (*templates.ConstraintTemplate, error) {
 	if err := AddToScheme(apisTemplates.Scheme); err != nil {
 		return nil, err

constraint/pkg/apis/templates/v1/register.go

@@ -30,14 +30,15 @@ import (
 )
 
 var (
-	// SchemeGroupVersion is group version used to register these objects
+	// SchemeGroupVersion is group version used to register these objects.
 	SchemeGroupVersion = schema.GroupVersion{Group: "templates.gatekeeper.sh", Version: "v1"}
 
-	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
+	// SchemeBuilder is used to add go types to the GroupVersionKind scheme.
 	SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion}
 
 	localSchemeBuilder = runtime.NewSchemeBuilder(SchemeBuilder.AddToScheme, addDefaultingFuncs)
 
+	// AddToScheme adds templates/v1 types to a Scheme.
 	AddToScheme = localSchemeBuilder.AddToScheme
 )
 

constraint/pkg/apis/templates/v1/v1_suite_test.go

@@ -27,8 +27,10 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/envtest"
 )
 
-var cfg *rest.Config
-var c client.Client
+var (
+	cfg *rest.Config
+	c   client.Client
+)
 
 func TestMain(m *testing.M) {
 	t := &envtest.Environment{

constraint/pkg/apis/templates/v1alpha1/constrainttemplate_types.go

@@ -23,7 +23,7 @@ import (
 // EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
 // NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
 
-// ConstraintTemplateSpec defines the desired state of ConstraintTemplate
+// ConstraintTemplateSpec defines the desired state of ConstraintTemplate.
 type ConstraintTemplateSpec struct {
 	CRD     CRD      `json:"crd,omitempty"`
 	Targets []Target `json:"targets,omitempty"`
@@ -76,7 +76,7 @@ type ByPodStatus struct {
 	Errors             []CreateCRDError `json:"errors,omitempty"`
 }
 
-// ConstraintTemplateStatus defines the observed state of ConstraintTemplate
+// ConstraintTemplateStatus defines the observed state of ConstraintTemplate.
 type ConstraintTemplateStatus struct {
 	Created bool          `json:"created,omitempty"`
 	ByPod   []ByPodStatus `json:"byPod,omitempty"`
@@ -102,7 +102,7 @@ type ConstraintTemplate struct {
 
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 
-// ConstraintTemplateList contains a list of ConstraintTemplate
+// ConstraintTemplateList contains a list of ConstraintTemplate.
 type ConstraintTemplateList struct {
 	metav1.TypeMeta `json:",inline"`
 	metav1.ListMeta `json:"metadata,omitempty"`

constraint/pkg/apis/templates/v1alpha1/constrainttemplate_types_test.go

@@ -131,7 +131,7 @@ func TestTypeConversion(t *testing.T) {
 
 // TestValidationVersionConversionAndTransformation confirms that our custom conversion
 // function works, and also that it adds in the x-kubernetes-preserve-unknown-fields information
-// that we require for v1 CRD support
+// that we require for v1 CRD support.
 func TestValidationVersionConversionAndTransformation(t *testing.T) {
 	// The scheme is responsible for defaulting
 	scheme := runtime.NewScheme()

constraint/pkg/apis/templates/v1alpha1/conversion.go

@@ -23,7 +23,7 @@ import (
 	"k8s.io/apimachinery/pkg/conversion"
 )
 
-func Convert_v1alpha1_Validation_To_templates_Validation(in *Validation, out *coreTemplates.Validation, s conversion.Scope) error { //nolint:golint
+func Convert_v1alpha1_Validation_To_templates_Validation(in *Validation, out *coreTemplates.Validation, s conversion.Scope) error { // nolint:revive // Required exact function name.
 	inSchema := in.OpenAPIV3Schema
 
 	// legacySchema should allow for users to provide arbitrary parameters, regardless of whether the user specified them
@@ -44,7 +44,6 @@ func Convert_v1alpha1_Validation_To_templates_Validation(in *Validation, out *co
 		if err := apiextensionsv1.Convert_v1_JSONSchemaProps_To_apiextensions_JSONSchemaProps(inSchemaCopy, out.OpenAPIV3Schema, s); err != nil {
 			return err
 		}
-
 	} else {
 		out.OpenAPIV3Schema = nil
 	}

constraint/pkg/apis/templates/v1alpha1/defaults.go

@@ -12,7 +12,7 @@ func addDefaultingFuncs(scheme *runtime.Scheme) error {
 	return RegisterDefaults(scheme)
 }
 
-func SetDefaults_ConstraintTemplate(obj *ConstraintTemplate) { //nolint:golint
+func SetDefaults_ConstraintTemplate(obj *ConstraintTemplate) { // nolint:revive // Required exact function name.
 	// turn the CT into an unstructured
 	un, err := runtime.DefaultUnstructuredConverter.ToUnstructured(obj)
 	if err != nil {

constraint/pkg/apis/templates/v1alpha1/helpers.go

@@ -6,7 +6,7 @@ import (
 )
 
 // ToVersionless runs defaulting functions and then converts the ConstraintTemplate to the
-// versionless api representation
+// versionless api representation.
 func (versioned *ConstraintTemplate) ToVersionless() (*templates.ConstraintTemplate, error) {
 	if err := AddToScheme(apisTemplates.Scheme); err != nil {
 		return nil, err