golangci-lint: upgrade to use v1.62.0 & address detected issues (#1044)

Signed-off-by: KevFan <[email protected]>

Makefile

@@ -503,7 +503,7 @@ run-lint: $(GOLANGCI-LINT) ## Run lint tests
 	$(GOLANGCI-LINT) run
 
 $(GOLANGCI-LINT):
-	curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(PROJECT_PATH)/bin v1.54.2
+	curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(PROJECT_PATH)/bin v1.62.0
 
 .PHONY: golangci-lint
 golangci-lint: $(GOLANGCI-LINT) ## Download golangci-lint locally if necessary.

controllers/auth_policy_status_updater.go

@@ -59,7 +59,7 @@ func (r *AuthPolicyStatusUpdater) Subscription() controller.Subscription {
 func (r *AuthPolicyStatusUpdater) UpdateStatus(ctx context.Context, _ []controller.ResourceEvent, topology *machinery.Topology, _ error, state *sync.Map) error {
 	logger := controller.LoggerFromContext(ctx).WithName("AuthPolicyStatusUpdater")
 
-	policies := lo.FilterMap(topology.Policies().Items(), func(item machinery.Policy, index int) (*kuadrantv1.AuthPolicy, bool) {
+	policies := lo.FilterMap(topology.Policies().Items(), func(item machinery.Policy, _ int) (*kuadrantv1.AuthPolicy, bool) {
 		p, ok := item.(*kuadrantv1.AuthPolicy)
 		return p, ok
 	})
@@ -222,13 +222,13 @@ func (r *AuthPolicyStatusUpdater) enforcedCondition(policy *kuadrantv1.AuthPolic
 		case istioGatewayControllerName:
 			// EnvoyFilter
 			istioAuthClustersModifiedGateways, _ := state.Load(StateIstioAuthClustersModified)
-			componentsToSync = append(componentsToSync, gatewayComponentsToSync(g.gateway, kuadrantistio.EnvoyFilterGroupKind, istioAuthClustersModifiedGateways, topology, func(obj machinery.Object) bool {
+			componentsToSync = append(componentsToSync, gatewayComponentsToSync(g.gateway, kuadrantistio.EnvoyFilterGroupKind, istioAuthClustersModifiedGateways, topology, func(_ machinery.Object) bool {
 				// return meta.IsStatusConditionTrue(lo.Map(obj.(*controller.RuntimeObject).Object.(*istioclientgonetworkingv1alpha3.EnvoyFilter).Status.Conditions, kuadrantistio.ConditionToProperConditionFunc), "Ready")
 				return true // Istio won't ever populate the status stanza of EnvoyFilter resources, so we cannot expect to find a given a condition there
 			})...)
 			// WasmPlugin
 			istioExtensionsModifiedGateways, _ := state.Load(StateIstioExtensionsModified)
-			componentsToSync = append(componentsToSync, gatewayComponentsToSync(g.gateway, kuadrantistio.WasmPluginGroupKind, istioExtensionsModifiedGateways, topology, func(obj machinery.Object) bool {
+			componentsToSync = append(componentsToSync, gatewayComponentsToSync(g.gateway, kuadrantistio.WasmPluginGroupKind, istioExtensionsModifiedGateways, topology, func(_ machinery.Object) bool {
 				// return meta.IsStatusConditionTrue(lo.Map(obj.(*controller.RuntimeObject).Object.(*istioclientgoextensionv1alpha1.WasmPlugin).Status.Conditions, kuadrantistio.ConditionToProperConditionFunc), "Ready")
 				return true // Istio won't ever populate the status stanza of WasmPlugin resources, so we cannot expect to find a given a condition there
 			})...)

controllers/auth_workflow_helpers.go

@@ -3,6 +3,7 @@ package controllers
 import (
 	"crypto/sha256"
 	"encoding/hex"
+	"errors"
 	"fmt"
 	"sync"
 
@@ -17,7 +18,7 @@ import (
 
 	kuadrantv1 "github.com/kuadrant/kuadrant-operator/api/v1"
 	kuadrantv1beta1 "github.com/kuadrant/kuadrant-operator/api/v1beta1"
-	kuadrant "github.com/kuadrant/kuadrant-operator/pkg/kuadrant"
+	"github.com/kuadrant/kuadrant-operator/pkg/kuadrant"
 	"github.com/kuadrant/kuadrant-operator/pkg/wasm"
 )
 
@@ -166,7 +167,7 @@ func authPolicyAcceptedStatus(policy machinery.Policy) (accepted bool, err error
 	if condition := meta.FindStatusCondition(p.Status.Conditions, string(gatewayapiv1alpha2.PolicyConditionAccepted)); condition != nil {
 		accepted = condition.Status == metav1.ConditionTrue
 		if !accepted {
-			err = fmt.Errorf(condition.Message)
+			err = errors.New(condition.Message)
 		}
 		return
 	}

controllers/common.go

@@ -41,7 +41,7 @@ func PolicyAffectedCondition(policyKind string, policies []machinery.Policy) met
 		Type:   PolicyAffectedConditionType(policyKind),
 		Status: metav1.ConditionTrue,
 		Reason: string(gatewayapiv1alpha2.PolicyReasonAccepted),
-		Message: fmt.Sprintf("Object affected by %s %s", policyKind, lo.Map(policies, func(item machinery.Policy, index int) client.ObjectKey {
+		Message: fmt.Sprintf("Object affected by %s %s", policyKind, lo.Map(policies, func(item machinery.Policy, _ int) client.ObjectKey {
 			return client.ObjectKey{Name: item.GetName(), Namespace: item.GetNamespace()}
 		})),
 	}

controllers/dns_workflow.go

@@ -117,7 +117,7 @@ func dnsPolicyAcceptedStatus(policy machinery.Policy) (accepted bool, err error)
 	if condition := meta.FindStatusCondition(p.Status.Conditions, string(gatewayapiv1alpha2.PolicyConditionAccepted)); condition != nil {
 		accepted = condition.Status == metav1.ConditionTrue
 		if !accepted {
-			err = fmt.Errorf(condition.Message)
+			err = errors.New(condition.Message)
 		}
 		return
 	}

controllers/dnspolicy_status_updater.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"math"
 	"slices"
 	"strings"
 	"sync"
@@ -102,7 +103,12 @@ func (r *DNSPolicyStatusUpdater) updateStatus(ctx context.Context, _ []controlle
 
 			propagateRecordConditions(policyRecords, newStatus)
 
-			newStatus.TotalRecords = int32(len(policyRecords))
+			if len(policyRecords) > math.MaxInt32 {
+				pLogger.Error(fmt.Errorf("too many records: %d exceeds int32 limits", len(policyRecords)), "error setting total dns total records")
+				newStatus.TotalRecords = math.MaxInt32
+			} else {
+				newStatus.TotalRecords = int32(len(policyRecords)) // #nosec G115 - false positive - operation is safe now with the check
+			}
 		}
 
 		equalStatus := equality.Semantic.DeepEqual(newStatus, policy.Status)

controllers/effective_tls_policies_reconciler.go

@@ -162,7 +162,7 @@ func (t *EffectiveTLSPoliciesReconciler) reconcileCertificates(ctx context.Conte
 }
 
 func getCertificatesFromTopology(topology *machinery.Topology) []*certmanagerv1.Certificate {
-	return lo.FilterMap(topology.Objects().Items(), func(item machinery.Object, index int) (*certmanagerv1.Certificate, bool) {
+	return lo.FilterMap(topology.Objects().Items(), func(item machinery.Object, _ int) (*certmanagerv1.Certificate, bool) {
 		r, ok := item.(*controller.RuntimeObject)
 		if !ok {
 			return nil, false
@@ -173,7 +173,7 @@ func getCertificatesFromTopology(topology *machinery.Topology) []*certmanagerv1.
 }
 
 func getListenersFromTopology(topology *machinery.Topology) []*machinery.Listener {
-	return lo.FilterMap(topology.Targetables().Items(), func(item machinery.Targetable, index int) (*machinery.Listener, bool) {
+	return lo.FilterMap(topology.Targetables().Items(), func(item machinery.Targetable, _ int) (*machinery.Listener, bool) {
 		l, ok := item.(*machinery.Listener)
 		return l, ok
 	})

controllers/httproute_policy_discoverability_reconciler.go

@@ -47,7 +47,7 @@ func (r *HTTPRoutePolicyDiscoverabilityReconciler) Subscription() *controller.Su
 func (r *HTTPRoutePolicyDiscoverabilityReconciler) reconcile(ctx context.Context, _ []controller.ResourceEvent, topology *machinery.Topology, _ error, s *sync.Map) error {
 	logger := controller.LoggerFromContext(ctx).WithName("HTTPRoutePolicyDiscoverabilityReconciler").WithName("reconcile")
 
-	httpRoutes := lo.FilterMap(topology.Targetables().Items(), func(item machinery.Targetable, index int) (*machinery.HTTPRoute, bool) {
+	httpRoutes := lo.FilterMap(topology.Targetables().Items(), func(item machinery.Targetable, _ int) (*machinery.HTTPRoute, bool) {
 		ob, ok := item.(*machinery.HTTPRoute)
 		return ob, ok
 	})
@@ -59,7 +59,7 @@ func (r *HTTPRoutePolicyDiscoverabilityReconciler) reconcile(ctx context.Context
 
 		for _, policyKind := range policyKinds {
 			path := getRoutePath(topology, route)
-			gateways := lo.FilterMap(path, func(item machinery.Targetable, index int) (*machinery.Gateway, bool) {
+			gateways := lo.FilterMap(path, func(item machinery.Targetable, _ int) (*machinery.Gateway, bool) {
 				ob, ok := item.(*machinery.Gateway)
 				return ob, ok
 			})

controllers/ratelimit_policy_status_updater.go

@@ -55,7 +55,7 @@ func (r *RateLimitPolicyStatusUpdater) Subscription() controller.Subscription {
 func (r *RateLimitPolicyStatusUpdater) UpdateStatus(ctx context.Context, _ []controller.ResourceEvent, topology *machinery.Topology, _ error, state *sync.Map) error {
 	logger := controller.LoggerFromContext(ctx).WithName("RateLimitPolicyStatusUpdater")
 
-	policies := lo.FilterMap(topology.Policies().Items(), func(item machinery.Policy, index int) (*kuadrantv1.RateLimitPolicy, bool) {
+	policies := lo.FilterMap(topology.Policies().Items(), func(item machinery.Policy, _ int) (*kuadrantv1.RateLimitPolicy, bool) {
 		p, ok := item.(*kuadrantv1.RateLimitPolicy)
 		return p, ok
 	})
@@ -192,13 +192,13 @@ func (r *RateLimitPolicyStatusUpdater) enforcedCondition(policy *kuadrantv1.Rate
 		case istioGatewayControllerName:
 			// EnvoyFilter
 			istioRateLimitClustersModifiedGateways, _ := state.Load(StateIstioRateLimitClustersModified)
-			componentsToSync = append(componentsToSync, gatewayComponentsToSync(g.gateway, kuadrantistio.EnvoyFilterGroupKind, istioRateLimitClustersModifiedGateways, topology, func(obj machinery.Object) bool {
+			componentsToSync = append(componentsToSync, gatewayComponentsToSync(g.gateway, kuadrantistio.EnvoyFilterGroupKind, istioRateLimitClustersModifiedGateways, topology, func(_ machinery.Object) bool {
 				// return meta.IsStatusConditionTrue(lo.Map(obj.(*controller.RuntimeObject).Object.(*istioclientgonetworkingv1alpha3.EnvoyFilter).Status.Conditions, kuadrantistio.ConditionToProperConditionFunc), "Ready")
 				return true // Istio won't ever populate the status stanza of EnvoyFilter resources, so we cannot expect to find a given a condition there
 			})...)
 			// WasmPlugin
 			istioExtensionsModifiedGateways, _ := state.Load(StateIstioExtensionsModified)
-			componentsToSync = append(componentsToSync, gatewayComponentsToSync(g.gateway, kuadrantistio.WasmPluginGroupKind, istioExtensionsModifiedGateways, topology, func(obj machinery.Object) bool {
+			componentsToSync = append(componentsToSync, gatewayComponentsToSync(g.gateway, kuadrantistio.WasmPluginGroupKind, istioExtensionsModifiedGateways, topology, func(_ machinery.Object) bool {
 				// return meta.IsStatusConditionTrue(lo.Map(obj.(*controller.RuntimeObject).Object.(*istioclientgoextensionv1alpha1.WasmPlugin).Status.Conditions, kuadrantistio.ConditionToProperConditionFunc), "Ready")
 				return true // Istio won't ever populate the status stanza of WasmPlugin resources, so we cannot expect to find a given a condition there
 			})...)

controllers/ratelimit_workflow_helpers.go

@@ -3,6 +3,7 @@ package controllers
 import (
 	"crypto/sha256"
 	"encoding/hex"
+	"errors"
 	"fmt"
 	"sync"
 	"unicode"
@@ -20,7 +21,7 @@ import (
 
 	kuadrantv1 "github.com/kuadrant/kuadrant-operator/api/v1"
 	kuadrantv1beta1 "github.com/kuadrant/kuadrant-operator/api/v1beta1"
-	kuadrant "github.com/kuadrant/kuadrant-operator/pkg/kuadrant"
+	"github.com/kuadrant/kuadrant-operator/pkg/kuadrant"
 	kuadrantpolicymachinery "github.com/kuadrant/kuadrant-operator/pkg/policymachinery"
 	"github.com/kuadrant/kuadrant-operator/pkg/wasm"
 )
@@ -234,7 +235,7 @@ func rateLimitPolicyAcceptedStatus(policy machinery.Policy) (accepted bool, err
 	if condition := meta.FindStatusCondition(p.Status.Conditions, string(gatewayapiv1alpha2.PolicyConditionAccepted)); condition != nil {
 		accepted = condition.Status == metav1.ConditionTrue
 		if !accepted {
-			err = fmt.Errorf(condition.Message)
+			err = errors.New(condition.Message)
 		}
 		return
 	}

controllers/tls_workflow.go

@@ -69,7 +69,7 @@ func LinkListenerToCertificateFunc(objs controller.Store) machinery.LinkFunc {
 				return nil
 			}
 
-			linkedListeners := lo.Filter(listeners, func(l *machinery.Listener, index int) bool {
+			linkedListeners := lo.Filter(listeners, func(l *machinery.Listener, _ int) bool {
 				if l.TLS != nil && l.TLS.CertificateRefs != nil {
 					for _, certRef := range l.TLS.CertificateRefs {
 						certRefNS := ""
@@ -87,7 +87,7 @@ func LinkListenerToCertificateFunc(objs controller.Store) machinery.LinkFunc {
 				return false
 			})
 
-			return lo.Map(linkedListeners, func(l *machinery.Listener, index int) machinery.Object {
+			return lo.Map(linkedListeners, func(l *machinery.Listener, _ int) machinery.Object {
 				return l
 			})
 		},
@@ -106,7 +106,7 @@ func LinkTLSPolicyToIssuerFunc(objs controller.Store) machinery.LinkFunc {
 
 			// Policies linked to Issuer
 			// Issuer must be in the same namespace as the policy
-			linkedPolicies := lo.FilterMap(tlsPolicies, func(p *kuadrantv1.TLSPolicy, index int) (machinery.Object, bool) {
+			linkedPolicies := lo.FilterMap(tlsPolicies, func(p *kuadrantv1.TLSPolicy, _ int) (machinery.Object, bool) {
 				return p, p.Spec.IssuerRef.Name == issuer.GetName() && p.GetNamespace() == issuer.GetNamespace() && p.Spec.IssuerRef.Kind == certmanagerv1.IssuerKind
 			})
 
@@ -126,7 +126,7 @@ func LinkTLSPolicyToClusterIssuerFunc(objs controller.Store) machinery.LinkFunc
 			clusterIssuer := o.Object.(*certmanagerv1.ClusterIssuer)
 
 			// Policies linked to ClusterIssuer
-			linkedPolicies := lo.FilterMap(tlsPolicies, func(p *kuadrantv1.TLSPolicy, index int) (machinery.Object, bool) {
+			linkedPolicies := lo.FilterMap(tlsPolicies, func(p *kuadrantv1.TLSPolicy, _ int) (machinery.Object, bool) {
 				return p, p.Spec.IssuerRef.Name == clusterIssuer.GetName() && p.Spec.IssuerRef.Kind == certmanagerv1.ClusterIssuerKind
 			})
 

controllers/tlspolicy_status_updater.go

@@ -172,7 +172,7 @@ func (t *TLSPolicyStatusUpdater) isCertificatesReady(p machinery.Policy, topolog
 	}
 
 	// Get all listeners where the gateway or listener contains this policy
-	listeners := lo.FilterMap(topology.Targetables().Items(), func(t machinery.Targetable, index int) (*machinery.Listener, bool) {
+	listeners := lo.FilterMap(topology.Targetables().Items(), func(t machinery.Targetable, _ int) (*machinery.Listener, bool) {
 		l, ok := t.(*machinery.Listener)
 		return l, ok && (lo.Contains(l.Policies(), p) || lo.Contains(l.Gateway.Policies(), p))
 	})