diff --git a/Makefile b/Makefile index 2e9e797f9..471d871d4 100644 --- a/Makefile +++ b/Makefile @@ -503,7 +503,7 @@ run-lint: $(GOLANGCI-LINT) ## Run lint tests $(GOLANGCI-LINT) run $(GOLANGCI-LINT): - curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(PROJECT_PATH)/bin v1.54.2 + curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(PROJECT_PATH)/bin v1.62.0 .PHONY: golangci-lint golangci-lint: $(GOLANGCI-LINT) ## Download golangci-lint locally if necessary. diff --git a/controllers/auth_policy_status_updater.go b/controllers/auth_policy_status_updater.go index 324f416cf..deebffb4c 100644 --- a/controllers/auth_policy_status_updater.go +++ b/controllers/auth_policy_status_updater.go @@ -59,7 +59,7 @@ func (r *AuthPolicyStatusUpdater) Subscription() controller.Subscription { func (r *AuthPolicyStatusUpdater) UpdateStatus(ctx context.Context, _ []controller.ResourceEvent, topology *machinery.Topology, _ error, state *sync.Map) error { logger := controller.LoggerFromContext(ctx).WithName("AuthPolicyStatusUpdater") - policies := lo.FilterMap(topology.Policies().Items(), func(item machinery.Policy, index int) (*kuadrantv1.AuthPolicy, bool) { + policies := lo.FilterMap(topology.Policies().Items(), func(item machinery.Policy, _ int) (*kuadrantv1.AuthPolicy, bool) { p, ok := item.(*kuadrantv1.AuthPolicy) return p, ok }) @@ -222,13 +222,13 @@ func (r *AuthPolicyStatusUpdater) enforcedCondition(policy *kuadrantv1.AuthPolic case istioGatewayControllerName: // EnvoyFilter istioAuthClustersModifiedGateways, _ := state.Load(StateIstioAuthClustersModified) - componentsToSync = append(componentsToSync, gatewayComponentsToSync(g.gateway, kuadrantistio.EnvoyFilterGroupKind, istioAuthClustersModifiedGateways, topology, func(obj machinery.Object) bool { + componentsToSync = append(componentsToSync, gatewayComponentsToSync(g.gateway, kuadrantistio.EnvoyFilterGroupKind, istioAuthClustersModifiedGateways, topology, func(_ machinery.Object) bool { // return meta.IsStatusConditionTrue(lo.Map(obj.(*controller.RuntimeObject).Object.(*istioclientgonetworkingv1alpha3.EnvoyFilter).Status.Conditions, kuadrantistio.ConditionToProperConditionFunc), "Ready") return true // Istio won't ever populate the status stanza of EnvoyFilter resources, so we cannot expect to find a given a condition there })...) // WasmPlugin istioExtensionsModifiedGateways, _ := state.Load(StateIstioExtensionsModified) - componentsToSync = append(componentsToSync, gatewayComponentsToSync(g.gateway, kuadrantistio.WasmPluginGroupKind, istioExtensionsModifiedGateways, topology, func(obj machinery.Object) bool { + componentsToSync = append(componentsToSync, gatewayComponentsToSync(g.gateway, kuadrantistio.WasmPluginGroupKind, istioExtensionsModifiedGateways, topology, func(_ machinery.Object) bool { // return meta.IsStatusConditionTrue(lo.Map(obj.(*controller.RuntimeObject).Object.(*istioclientgoextensionv1alpha1.WasmPlugin).Status.Conditions, kuadrantistio.ConditionToProperConditionFunc), "Ready") return true // Istio won't ever populate the status stanza of WasmPlugin resources, so we cannot expect to find a given a condition there })...) diff --git a/controllers/auth_workflow_helpers.go b/controllers/auth_workflow_helpers.go index 67be530d7..f474e5a7d 100644 --- a/controllers/auth_workflow_helpers.go +++ b/controllers/auth_workflow_helpers.go @@ -3,6 +3,7 @@ package controllers import ( "crypto/sha256" "encoding/hex" + "errors" "fmt" "sync" @@ -17,7 +18,7 @@ import ( kuadrantv1 "github.com/kuadrant/kuadrant-operator/api/v1" kuadrantv1beta1 "github.com/kuadrant/kuadrant-operator/api/v1beta1" - kuadrant "github.com/kuadrant/kuadrant-operator/pkg/kuadrant" + "github.com/kuadrant/kuadrant-operator/pkg/kuadrant" "github.com/kuadrant/kuadrant-operator/pkg/wasm" ) @@ -166,7 +167,7 @@ func authPolicyAcceptedStatus(policy machinery.Policy) (accepted bool, err error if condition := meta.FindStatusCondition(p.Status.Conditions, string(gatewayapiv1alpha2.PolicyConditionAccepted)); condition != nil { accepted = condition.Status == metav1.ConditionTrue if !accepted { - err = fmt.Errorf(condition.Message) + err = errors.New(condition.Message) } return } diff --git a/controllers/common.go b/controllers/common.go index eccf23714..57ccc9ff0 100644 --- a/controllers/common.go +++ b/controllers/common.go @@ -41,7 +41,7 @@ func PolicyAffectedCondition(policyKind string, policies []machinery.Policy) met Type: PolicyAffectedConditionType(policyKind), Status: metav1.ConditionTrue, Reason: string(gatewayapiv1alpha2.PolicyReasonAccepted), - Message: fmt.Sprintf("Object affected by %s %s", policyKind, lo.Map(policies, func(item machinery.Policy, index int) client.ObjectKey { + Message: fmt.Sprintf("Object affected by %s %s", policyKind, lo.Map(policies, func(item machinery.Policy, _ int) client.ObjectKey { return client.ObjectKey{Name: item.GetName(), Namespace: item.GetNamespace()} })), } diff --git a/controllers/dns_workflow.go b/controllers/dns_workflow.go index ced545c95..6ec58ff06 100644 --- a/controllers/dns_workflow.go +++ b/controllers/dns_workflow.go @@ -117,7 +117,7 @@ func dnsPolicyAcceptedStatus(policy machinery.Policy) (accepted bool, err error) if condition := meta.FindStatusCondition(p.Status.Conditions, string(gatewayapiv1alpha2.PolicyConditionAccepted)); condition != nil { accepted = condition.Status == metav1.ConditionTrue if !accepted { - err = fmt.Errorf(condition.Message) + err = errors.New(condition.Message) } return } diff --git a/controllers/dnspolicy_status_updater.go b/controllers/dnspolicy_status_updater.go index 38914f71e..172746816 100644 --- a/controllers/dnspolicy_status_updater.go +++ b/controllers/dnspolicy_status_updater.go @@ -4,6 +4,7 @@ import ( "context" "errors" "fmt" + "math" "slices" "strings" "sync" @@ -102,7 +103,12 @@ func (r *DNSPolicyStatusUpdater) updateStatus(ctx context.Context, _ []controlle propagateRecordConditions(policyRecords, newStatus) - newStatus.TotalRecords = int32(len(policyRecords)) + if len(policyRecords) > math.MaxInt32 { + pLogger.Error(fmt.Errorf("too many records: %d exceeds int32 limits", len(policyRecords)), "error setting total dns total records") + newStatus.TotalRecords = math.MaxInt32 + } else { + newStatus.TotalRecords = int32(len(policyRecords)) // #nosec G115 - false positive - operation is safe now with the check + } } equalStatus := equality.Semantic.DeepEqual(newStatus, policy.Status) diff --git a/controllers/effective_tls_policies_reconciler.go b/controllers/effective_tls_policies_reconciler.go index 8e47ed797..c2c907de7 100644 --- a/controllers/effective_tls_policies_reconciler.go +++ b/controllers/effective_tls_policies_reconciler.go @@ -162,7 +162,7 @@ func (t *EffectiveTLSPoliciesReconciler) reconcileCertificates(ctx context.Conte } func getCertificatesFromTopology(topology *machinery.Topology) []*certmanagerv1.Certificate { - return lo.FilterMap(topology.Objects().Items(), func(item machinery.Object, index int) (*certmanagerv1.Certificate, bool) { + return lo.FilterMap(topology.Objects().Items(), func(item machinery.Object, _ int) (*certmanagerv1.Certificate, bool) { r, ok := item.(*controller.RuntimeObject) if !ok { return nil, false @@ -173,7 +173,7 @@ func getCertificatesFromTopology(topology *machinery.Topology) []*certmanagerv1. } func getListenersFromTopology(topology *machinery.Topology) []*machinery.Listener { - return lo.FilterMap(topology.Targetables().Items(), func(item machinery.Targetable, index int) (*machinery.Listener, bool) { + return lo.FilterMap(topology.Targetables().Items(), func(item machinery.Targetable, _ int) (*machinery.Listener, bool) { l, ok := item.(*machinery.Listener) return l, ok }) diff --git a/controllers/httproute_policy_discoverability_reconciler.go b/controllers/httproute_policy_discoverability_reconciler.go index 438d77eb1..44719adce 100644 --- a/controllers/httproute_policy_discoverability_reconciler.go +++ b/controllers/httproute_policy_discoverability_reconciler.go @@ -47,7 +47,7 @@ func (r *HTTPRoutePolicyDiscoverabilityReconciler) Subscription() *controller.Su func (r *HTTPRoutePolicyDiscoverabilityReconciler) reconcile(ctx context.Context, _ []controller.ResourceEvent, topology *machinery.Topology, _ error, s *sync.Map) error { logger := controller.LoggerFromContext(ctx).WithName("HTTPRoutePolicyDiscoverabilityReconciler").WithName("reconcile") - httpRoutes := lo.FilterMap(topology.Targetables().Items(), func(item machinery.Targetable, index int) (*machinery.HTTPRoute, bool) { + httpRoutes := lo.FilterMap(topology.Targetables().Items(), func(item machinery.Targetable, _ int) (*machinery.HTTPRoute, bool) { ob, ok := item.(*machinery.HTTPRoute) return ob, ok }) @@ -59,7 +59,7 @@ func (r *HTTPRoutePolicyDiscoverabilityReconciler) reconcile(ctx context.Context for _, policyKind := range policyKinds { path := getRoutePath(topology, route) - gateways := lo.FilterMap(path, func(item machinery.Targetable, index int) (*machinery.Gateway, bool) { + gateways := lo.FilterMap(path, func(item machinery.Targetable, _ int) (*machinery.Gateway, bool) { ob, ok := item.(*machinery.Gateway) return ob, ok }) diff --git a/controllers/ratelimit_policy_status_updater.go b/controllers/ratelimit_policy_status_updater.go index 2256199dd..90a585009 100644 --- a/controllers/ratelimit_policy_status_updater.go +++ b/controllers/ratelimit_policy_status_updater.go @@ -55,7 +55,7 @@ func (r *RateLimitPolicyStatusUpdater) Subscription() controller.Subscription { func (r *RateLimitPolicyStatusUpdater) UpdateStatus(ctx context.Context, _ []controller.ResourceEvent, topology *machinery.Topology, _ error, state *sync.Map) error { logger := controller.LoggerFromContext(ctx).WithName("RateLimitPolicyStatusUpdater") - policies := lo.FilterMap(topology.Policies().Items(), func(item machinery.Policy, index int) (*kuadrantv1.RateLimitPolicy, bool) { + policies := lo.FilterMap(topology.Policies().Items(), func(item machinery.Policy, _ int) (*kuadrantv1.RateLimitPolicy, bool) { p, ok := item.(*kuadrantv1.RateLimitPolicy) return p, ok }) @@ -192,13 +192,13 @@ func (r *RateLimitPolicyStatusUpdater) enforcedCondition(policy *kuadrantv1.Rate case istioGatewayControllerName: // EnvoyFilter istioRateLimitClustersModifiedGateways, _ := state.Load(StateIstioRateLimitClustersModified) - componentsToSync = append(componentsToSync, gatewayComponentsToSync(g.gateway, kuadrantistio.EnvoyFilterGroupKind, istioRateLimitClustersModifiedGateways, topology, func(obj machinery.Object) bool { + componentsToSync = append(componentsToSync, gatewayComponentsToSync(g.gateway, kuadrantistio.EnvoyFilterGroupKind, istioRateLimitClustersModifiedGateways, topology, func(_ machinery.Object) bool { // return meta.IsStatusConditionTrue(lo.Map(obj.(*controller.RuntimeObject).Object.(*istioclientgonetworkingv1alpha3.EnvoyFilter).Status.Conditions, kuadrantistio.ConditionToProperConditionFunc), "Ready") return true // Istio won't ever populate the status stanza of EnvoyFilter resources, so we cannot expect to find a given a condition there })...) // WasmPlugin istioExtensionsModifiedGateways, _ := state.Load(StateIstioExtensionsModified) - componentsToSync = append(componentsToSync, gatewayComponentsToSync(g.gateway, kuadrantistio.WasmPluginGroupKind, istioExtensionsModifiedGateways, topology, func(obj machinery.Object) bool { + componentsToSync = append(componentsToSync, gatewayComponentsToSync(g.gateway, kuadrantistio.WasmPluginGroupKind, istioExtensionsModifiedGateways, topology, func(_ machinery.Object) bool { // return meta.IsStatusConditionTrue(lo.Map(obj.(*controller.RuntimeObject).Object.(*istioclientgoextensionv1alpha1.WasmPlugin).Status.Conditions, kuadrantistio.ConditionToProperConditionFunc), "Ready") return true // Istio won't ever populate the status stanza of WasmPlugin resources, so we cannot expect to find a given a condition there })...) diff --git a/controllers/ratelimit_workflow_helpers.go b/controllers/ratelimit_workflow_helpers.go index b78858cb2..cc0f1f634 100644 --- a/controllers/ratelimit_workflow_helpers.go +++ b/controllers/ratelimit_workflow_helpers.go @@ -3,6 +3,7 @@ package controllers import ( "crypto/sha256" "encoding/hex" + "errors" "fmt" "sync" "unicode" @@ -20,7 +21,7 @@ import ( kuadrantv1 "github.com/kuadrant/kuadrant-operator/api/v1" kuadrantv1beta1 "github.com/kuadrant/kuadrant-operator/api/v1beta1" - kuadrant "github.com/kuadrant/kuadrant-operator/pkg/kuadrant" + "github.com/kuadrant/kuadrant-operator/pkg/kuadrant" kuadrantpolicymachinery "github.com/kuadrant/kuadrant-operator/pkg/policymachinery" "github.com/kuadrant/kuadrant-operator/pkg/wasm" ) @@ -234,7 +235,7 @@ func rateLimitPolicyAcceptedStatus(policy machinery.Policy) (accepted bool, err if condition := meta.FindStatusCondition(p.Status.Conditions, string(gatewayapiv1alpha2.PolicyConditionAccepted)); condition != nil { accepted = condition.Status == metav1.ConditionTrue if !accepted { - err = fmt.Errorf(condition.Message) + err = errors.New(condition.Message) } return } diff --git a/controllers/tls_workflow.go b/controllers/tls_workflow.go index df25b3290..7665e77c7 100644 --- a/controllers/tls_workflow.go +++ b/controllers/tls_workflow.go @@ -69,7 +69,7 @@ func LinkListenerToCertificateFunc(objs controller.Store) machinery.LinkFunc { return nil } - linkedListeners := lo.Filter(listeners, func(l *machinery.Listener, index int) bool { + linkedListeners := lo.Filter(listeners, func(l *machinery.Listener, _ int) bool { if l.TLS != nil && l.TLS.CertificateRefs != nil { for _, certRef := range l.TLS.CertificateRefs { certRefNS := "" @@ -87,7 +87,7 @@ func LinkListenerToCertificateFunc(objs controller.Store) machinery.LinkFunc { return false }) - return lo.Map(linkedListeners, func(l *machinery.Listener, index int) machinery.Object { + return lo.Map(linkedListeners, func(l *machinery.Listener, _ int) machinery.Object { return l }) }, @@ -106,7 +106,7 @@ func LinkTLSPolicyToIssuerFunc(objs controller.Store) machinery.LinkFunc { // Policies linked to Issuer // Issuer must be in the same namespace as the policy - linkedPolicies := lo.FilterMap(tlsPolicies, func(p *kuadrantv1.TLSPolicy, index int) (machinery.Object, bool) { + linkedPolicies := lo.FilterMap(tlsPolicies, func(p *kuadrantv1.TLSPolicy, _ int) (machinery.Object, bool) { return p, p.Spec.IssuerRef.Name == issuer.GetName() && p.GetNamespace() == issuer.GetNamespace() && p.Spec.IssuerRef.Kind == certmanagerv1.IssuerKind }) @@ -126,7 +126,7 @@ func LinkTLSPolicyToClusterIssuerFunc(objs controller.Store) machinery.LinkFunc clusterIssuer := o.Object.(*certmanagerv1.ClusterIssuer) // Policies linked to ClusterIssuer - linkedPolicies := lo.FilterMap(tlsPolicies, func(p *kuadrantv1.TLSPolicy, index int) (machinery.Object, bool) { + linkedPolicies := lo.FilterMap(tlsPolicies, func(p *kuadrantv1.TLSPolicy, _ int) (machinery.Object, bool) { return p, p.Spec.IssuerRef.Name == clusterIssuer.GetName() && p.Spec.IssuerRef.Kind == certmanagerv1.ClusterIssuerKind }) diff --git a/controllers/tlspolicy_status_updater.go b/controllers/tlspolicy_status_updater.go index 12ca40b22..61d2c2e29 100644 --- a/controllers/tlspolicy_status_updater.go +++ b/controllers/tlspolicy_status_updater.go @@ -172,7 +172,7 @@ func (t *TLSPolicyStatusUpdater) isCertificatesReady(p machinery.Policy, topolog } // Get all listeners where the gateway or listener contains this policy - listeners := lo.FilterMap(topology.Targetables().Items(), func(t machinery.Targetable, index int) (*machinery.Listener, bool) { + listeners := lo.FilterMap(topology.Targetables().Items(), func(t machinery.Targetable, _ int) (*machinery.Listener, bool) { l, ok := t.(*machinery.Listener) return l, ok && (lo.Contains(l.Policies(), p) || lo.Contains(l.Gateway.Policies(), p)) })