Fix golangci-lint errors (#10196)

* Fix golangci-lint errors Signed-off-by: z1cheng <imchench@gmail.com> * Fix dupl errors Signed-off-by: z1cheng <imchench@gmail.com> * Fix comments Signed-off-by: z1cheng <imchench@gmail.com> * Fix errcheck lint errors Signed-off-by: z1cheng <imchench@gmail.com> * Fix assert in e2e test Signed-off-by: z1cheng <imchench@gmail.com> * Not interrupt the waitForPodsReady Signed-off-by: z1cheng <imchench@gmail.com> * Replace string with constant Signed-off-by: z1cheng <imchench@gmail.com> * Fix comments Signed-off-by: z1cheng <imchench@gmail.com> * Revert write file permision Signed-off-by: z1cheng <imchench@gmail.com> --------- Signed-off-by: z1cheng <imchench@gmail.com>
2023-08-31 15:36:48 +08:00 · 2023-08-31 15:36:48 +08:00 · b3060bfbd0
commit b3060bfbd0
parent 46d87d3462
253 changed files with 2434 additions and 2113 deletions
--- a/internal/ingress/annotations/authtls/main.go
+++ b/internal/ingress/annotations/authtls/main.go
@ -18,11 +18,10 @@ package authtls

 import (
 	"fmt"
+	"regexp"

 	networking "k8s.io/api/networking/v1"

-	"regexp"
-
 	"k8s.io/ingress-nginx/internal/ingress/annotations/parser"
 	ing_errors "k8s.io/ingress-nginx/internal/ingress/errors"
 	"k8s.io/ingress-nginx/internal/ingress/resolver"
@ -45,20 +44,20 @@ var (
 	regexChars            = regexp.QuoteMeta(`()|=`)
 	authVerifyClientRegex = regexp.MustCompile(`on|off|optional|optional_no_ca`)
 	commonNameRegex       = regexp.MustCompile(`^CN=[/\-.\_\~a-zA-Z0-9` + regexChars + `]*$`)
-	redirectRegex         = regexp.MustCompile(`^((https?://)?[A-Za-z0-9\-\.]*(:[0-9]+)?/[A-Za-z0-9\-\.]*)?$`)
+	redirectRegex         = regexp.MustCompile(`^((https?://)?[A-Za-z0-9\-.]*(:\d+)?/[A-Za-z0-9\-.]*)?$`)
 )

 var authTLSAnnotations = parser.Annotation{
 	Group: "authentication",
 	Annotations: parser.AnnotationFields{
 		annotationAuthTLSSecret: {
-			Validator:     parser.ValidateRegex(*parser.BasicCharsRegex, true),
+			Validator:     parser.ValidateRegex(parser.BasicCharsRegex, true),
 			Scope:         parser.AnnotationScopeLocation,
 			Risk:          parser.AnnotationRiskMedium, // Medium as it allows a subset of chars
 			Documentation: `This annotation defines the secret that contains the certificate chain of allowed certs`,
 		},
 		annotationAuthTLSVerifyClient: {
-			Validator:     parser.ValidateRegex(*authVerifyClientRegex, true),
+			Validator:     parser.ValidateRegex(authVerifyClientRegex, true),
 			Scope:         parser.AnnotationScopeLocation,
 			Risk:          parser.AnnotationRiskMedium, // Medium as it allows a subset of chars
 			Documentation: `This annotation enables verification of client certificates. Can be "on", "off", "optional" or "optional_no_ca"`,
@ -70,7 +69,7 @@ var authTLSAnnotations = parser.Annotation{
 			Documentation: `This annotation defines validation depth between the provided client certificate and the Certification Authority chain.`,
 		},
 		annotationAuthTLSErrorPage: {
-			Validator:     parser.ValidateRegex(*redirectRegex, true),
+			Validator:     parser.ValidateRegex(redirectRegex, true),
 			Scope:         parser.AnnotationScopeLocation,
 			Risk:          parser.AnnotationRiskHigh,
 			Documentation: `This annotation defines the URL/Page that user should be redirected in case of a Certificate Authentication Error`,
@ -82,7 +81,7 @@ var authTLSAnnotations = parser.Annotation{
 			Documentation: `This annotation defines if the received certificates should be passed or not to the upstream server in the header "ssl-client-cert"`,
 		},
 		annotationAuthTLSMatchCN: {
-			Validator:     parser.ValidateRegex(*commonNameRegex, true),
+			Validator:     parser.ValidateRegex(commonNameRegex, true),
 			Scope:         parser.AnnotationScopeLocation,
 			Risk:          parser.AnnotationRiskHigh,
 			Documentation: `This annotation adds a sanity check for the CN of the client certificate that is sent over using a string / regex starting with "CN="`,
@ -130,9 +129,9 @@ func (assl1 *Config) Equal(assl2 *Config) bool {
 }

 // NewParser creates a new TLS authentication annotation parser
-func NewParser(resolver resolver.Resolver) parser.IngressAnnotation {
+func NewParser(r resolver.Resolver) parser.IngressAnnotation {
 	return authTLS{
-		r:                resolver,
+		r:                r,
 		annotationConfig: authTLSAnnotations,
 	}
 }
@ -169,7 +168,7 @@ func (a authTLS) Parse(ing *networking.Ingress) (interface{}, error) {
 	authCert, err := a.r.GetAuthCertificate(tlsauthsecret)
 	if err != nil {
 		e := fmt.Errorf("error obtaining certificate: %w", err)
-		return &Config{}, ing_errors.LocationDenied{Reason: e}
+		return &Config{}, ing_errors.LocationDeniedError{Reason: e}
 	}
 	config.AuthSSLCert = *authCert

--- a/internal/ingress/annotations/authtls/main_test.go
+++ b/internal/ingress/annotations/authtls/main_test.go
@ -27,6 +27,11 @@ import (
 	"k8s.io/ingress-nginx/internal/ingress/resolver"
 )

+const (
+	defaultDemoSecret = "default/demo-secret"
+	off               = "off"
+)
+
 func buildIngress() *networking.Ingress {
 	defaultBackend := networking.IngressBackend{
 		Service: &networking.IngressServiceBackend{
@ -77,23 +82,22 @@ type mockSecret struct {

 // GetAuthCertificate from mockSecret mocks the GetAuthCertificate for authTLS
 func (m mockSecret) GetAuthCertificate(name string) (*resolver.AuthSSLCert, error) {
-	if name != "default/demo-secret" {
+	if name != defaultDemoSecret {
 		return nil, errors.Errorf("there is no secret with name %v", name)
 	}

 	return &resolver.AuthSSLCert{
-		Secret:     "default/demo-secret",
+		Secret:     defaultDemoSecret,
 		CAFileName: "/ssl/ca.crt",
 		CASHA:      "abc",
 	}, nil
-
 }

 func TestAnnotations(t *testing.T) {
 	ing := buildIngress()
 	data := map[string]string{}

-	data[parser.GetAnnotationWithPrefix(annotationAuthTLSSecret)] = "default/demo-secret"
+	data[parser.GetAnnotationWithPrefix(annotationAuthTLSSecret)] = defaultDemoSecret

 	ing.SetAnnotations(data)

@ -108,7 +112,7 @@ func TestAnnotations(t *testing.T) {
 		t.Errorf("expected *Config but got %v", u)
 	}

-	secret, err := fakeSecret.GetAuthCertificate("default/demo-secret")
+	secret, err := fakeSecret.GetAuthCertificate(defaultDemoSecret)
 	if err != nil {
 		t.Errorf("unexpected error getting secret %v", err)
 	}
@ -132,7 +136,7 @@ func TestAnnotations(t *testing.T) {
 		t.Errorf("expected empty string, but got %v", u.MatchCN)
 	}

-	data[parser.GetAnnotationWithPrefix(annotationAuthTLSVerifyClient)] = "off"
+	data[parser.GetAnnotationWithPrefix(annotationAuthTLSVerifyClient)] = off
 	data[parser.GetAnnotationWithPrefix(annotationAuthTLSVerifyDepth)] = "2"
 	data[parser.GetAnnotationWithPrefix(annotationAuthTLSErrorPage)] = "ok.com/error"
 	data[parser.GetAnnotationWithPrefix(annotationAuthTLSPassCertToUpstream)] = "true"
@ -153,8 +157,8 @@ func TestAnnotations(t *testing.T) {
 	if u.AuthSSLCert.Secret != secret.Secret {
 		t.Errorf("expected %v but got %v", secret.Secret, u.AuthSSLCert.Secret)
 	}
-	if u.VerifyClient != "off" {
-		t.Errorf("expected %v but got %v", "off", u.VerifyClient)
+	if u.VerifyClient != off {
+		t.Errorf("expected %v but got %v", off, u.VerifyClient)
 	}
 	if u.ValidationDepth != 2 {
 		t.Errorf("expected %v but got %v", 2, u.ValidationDepth)
@ -262,28 +266,21 @@ func TestInvalidAnnotations(t *testing.T) {
 	if u.MatchCN != "" {
 		t.Errorf("expected empty string but got %v", u.MatchCN)
 	}
-
 }

 func TestEquals(t *testing.T) {
 	cfg1 := &Config{}
 	cfg2 := &Config{}

-	// Same config
-	result := cfg1.Equal(cfg1)
-	if result != true {
-		t.Errorf("Expected true")
-	}
-
 	// compare nil
-	result = cfg1.Equal(nil)
+	result := cfg1.Equal(nil)
 	if result != false {
 		t.Errorf("Expected false")
 	}

 	// Different Certs
 	sslCert1 := resolver.AuthSSLCert{
-		Secret:     "default/demo-secret",
+		Secret:     defaultDemoSecret,
 		CAFileName: "/ssl/ca.crt",
 		CASHA:      "abc",
 	}
@ -302,7 +299,7 @@ func TestEquals(t *testing.T) {

 	// Different Verify Client
 	cfg1.VerifyClient = "on"
-	cfg2.VerifyClient = "off"
+	cfg2.VerifyClient = off
 	result = cfg1.Equal(cfg2)
 	if result != false {
 		t.Errorf("Expected false")