Fix golangci-lint errors (#10196)
* Fix golangci-lint errors Signed-off-by: z1cheng <imchench@gmail.com> * Fix dupl errors Signed-off-by: z1cheng <imchench@gmail.com> * Fix comments Signed-off-by: z1cheng <imchench@gmail.com> * Fix errcheck lint errors Signed-off-by: z1cheng <imchench@gmail.com> * Fix assert in e2e test Signed-off-by: z1cheng <imchench@gmail.com> * Not interrupt the waitForPodsReady Signed-off-by: z1cheng <imchench@gmail.com> * Replace string with constant Signed-off-by: z1cheng <imchench@gmail.com> * Fix comments Signed-off-by: z1cheng <imchench@gmail.com> * Revert write file permision Signed-off-by: z1cheng <imchench@gmail.com> --------- Signed-off-by: z1cheng <imchench@gmail.com>
This commit is contained in:
Chen Chen
GitHub
parent
46d87d3462
commit
b3060bfbd0
253 changed files with 2434 additions and 2113 deletions
|
|
@ -52,17 +52,15 @@ import (
|
|||
// certificate generated by the ingress controller
|
||||
var FakeSSLCertificateUID = "00000000-0000-0000-0000-000000000000"
|
||||
|
||||
var (
|
||||
oidExtensionSubjectAltName = asn1.ObjectIdentifier{2, 5, 29, 17}
|
||||
)
|
||||
var oidExtensionSubjectAltName = asn1.ObjectIdentifier{2, 5, 29, 17}
|
||||
|
||||
const (
|
||||
fakeCertificateName = "default-fake-certificate"
|
||||
)
|
||||
|
||||
// getPemFileName returns absolute file path and file name of pem cert related to given fullSecretName
|
||||
func getPemFileName(fullSecretName string) (string, string) {
|
||||
pemName := fmt.Sprintf("%v.pem", fullSecretName)
|
||||
func getPemFileName(fullSecretName string) (filePath, pemName string) {
|
||||
pemName = fmt.Sprintf("%v.pem", fullSecretName)
|
||||
return fmt.Sprintf("%v/%v", file.DefaultSSLDirectory, pemName), pemName
|
||||
}
|
||||
|
||||
|
|
@ -192,7 +190,7 @@ func StoreSSLCertOnDisk(name string, sslCert *ingress.SSLCert) (string, error) {
|
|||
|
||||
// ConfigureCACertWithCertAndKey appends ca into existing PEM file consisting of cert and key
|
||||
// and sets relevant fields in sslCert object
|
||||
func ConfigureCACertWithCertAndKey(name string, ca []byte, sslCert *ingress.SSLCert) error {
|
||||
func ConfigureCACertWithCertAndKey(_ string, ca []byte, sslCert *ingress.SSLCert) error {
|
||||
var buffer bytes.Buffer
|
||||
|
||||
_, err := buffer.WriteString(sslCert.PemCertKey)
|
||||
|
|
@ -210,12 +208,12 @@ func ConfigureCACertWithCertAndKey(name string, ca []byte, sslCert *ingress.SSLC
|
|||
return fmt.Errorf("could not write ca data to cert file %v: %v", sslCert.CAFileName, err)
|
||||
}
|
||||
|
||||
return os.WriteFile(sslCert.CAFileName, buffer.Bytes(), 0644)
|
||||
//nolint:gosec // Not change permission to avoid possible issues
|
||||
return os.WriteFile(sslCert.CAFileName, buffer.Bytes(), 0o644)
|
||||
}
|
||||
|
||||
// ConfigureCRL creates a CRL file and append it into the SSLCert
|
||||
func ConfigureCRL(name string, crl []byte, sslCert *ingress.SSLCert) error {
|
||||
|
||||
crlName := fmt.Sprintf("crl-%v.pem", name)
|
||||
crlFileName := fmt.Sprintf("%v/%v", file.DefaultSSLDirectory, crlName)
|
||||
|
||||
|
|
@ -230,10 +228,11 @@ func ConfigureCRL(name string, crl []byte, sslCert *ingress.SSLCert) error {
|
|||
|
||||
_, err := x509.ParseRevocationList(pemCRLBlock.Bytes)
|
||||
if err != nil {
|
||||
return fmt.Errorf(err.Error())
|
||||
return err
|
||||
}
|
||||
|
||||
err = os.WriteFile(crlFileName, crl, 0644)
|
||||
//nolint:gosec // Not change permission to avoid possible issues
|
||||
err = os.WriteFile(crlFileName, crl, 0o644)
|
||||
if err != nil {
|
||||
return fmt.Errorf("could not write CRL file %v: %v", crlFileName, err)
|
||||
}
|
||||
|
|
@ -242,7 +241,6 @@ func ConfigureCRL(name string, crl []byte, sslCert *ingress.SSLCert) error {
|
|||
sslCert.CRLSHA = file.SHA1(crlFileName)
|
||||
|
||||
return nil
|
||||
|
||||
}
|
||||
|
||||
// ConfigureCACert is similar to ConfigureCACertWithCertAndKey but it creates a separate file
|
||||
|
|
@ -251,7 +249,8 @@ func ConfigureCACert(name string, ca []byte, sslCert *ingress.SSLCert) error {
|
|||
caName := fmt.Sprintf("ca-%v.pem", name)
|
||||
fileName := fmt.Sprintf("%v/%v", file.DefaultSSLDirectory, caName)
|
||||
|
||||
err := os.WriteFile(fileName, ca, 0644)
|
||||
//nolint:gosec // Not change permission to avoid possible issues
|
||||
err := os.WriteFile(fileName, ca, 0o644)
|
||||
if err != nil {
|
||||
return fmt.Errorf("could not write CA file %v: %v", fileName, err)
|
||||
}
|
||||
|
|
@ -293,14 +292,14 @@ func parseSANExtension(value []byte) (dnsNames, emailAddresses []string, ipAddre
|
|||
var seq asn1.RawValue
|
||||
var rest []byte
|
||||
if rest, err = asn1.Unmarshal(value, &seq); err != nil {
|
||||
return
|
||||
return dnsNames, emailAddresses, ipAddresses, err
|
||||
} else if len(rest) != 0 {
|
||||
err = errors.New("x509: trailing data after X.509 extension")
|
||||
return
|
||||
return dnsNames, emailAddresses, ipAddresses, err
|
||||
}
|
||||
if !seq.IsCompound || seq.Tag != 16 || seq.Class != 0 {
|
||||
err = asn1.StructuralError{Msg: "bad SAN sequence"}
|
||||
return
|
||||
return dnsNames, emailAddresses, ipAddresses, err
|
||||
}
|
||||
|
||||
rest = seq.Bytes
|
||||
|
|
@ -308,7 +307,7 @@ func parseSANExtension(value []byte) (dnsNames, emailAddresses []string, ipAddre
|
|||
var v asn1.RawValue
|
||||
rest, err = asn1.Unmarshal(rest, &v)
|
||||
if err != nil {
|
||||
return
|
||||
return dnsNames, emailAddresses, ipAddresses, err
|
||||
}
|
||||
switch v.Tag {
|
||||
case 1:
|
||||
|
|
@ -321,12 +320,12 @@ func parseSANExtension(value []byte) (dnsNames, emailAddresses []string, ipAddre
|
|||
ipAddresses = append(ipAddresses, v.Bytes)
|
||||
default:
|
||||
err = errors.New("x509: certificate contained IP address of length " + strconv.Itoa(len(v.Bytes)))
|
||||
return
|
||||
return dnsNames, emailAddresses, ipAddresses, err
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return
|
||||
return dnsNames, emailAddresses, ipAddresses, err
|
||||
}
|
||||
|
||||
// AddOrUpdateDHParam creates a dh parameters file with the specified name
|
||||
|
|
@ -396,7 +395,7 @@ func GetFakeSSLCert() *ingress.SSLCert {
|
|||
return sslCert
|
||||
}
|
||||
|
||||
func getFakeHostSSLCert(host string) ([]byte, []byte) {
|
||||
func getFakeHostSSLCert(host string) (cert, key []byte) {
|
||||
var priv interface{}
|
||||
var err error
|
||||
|
||||
|
|
@ -412,7 +411,6 @@ func getFakeHostSSLCert(host string) ([]byte, []byte) {
|
|||
|
||||
serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
|
||||
serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
|
||||
|
||||
if err != nil {
|
||||
klog.Fatalf("failed to generate fake serial number: %v", err)
|
||||
}
|
||||
|
|
@ -436,9 +434,9 @@ func getFakeHostSSLCert(host string) ([]byte, []byte) {
|
|||
klog.Fatalf("Failed to create fake certificate: %v", err)
|
||||
}
|
||||
|
||||
cert := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
|
||||
cert = pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
|
||||
|
||||
key := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv.(*rsa.PrivateKey))})
|
||||
key = pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv.(*rsa.PrivateKey))})
|
||||
|
||||
return cert, key
|
||||
}
|
||||
|
|
@ -508,9 +506,14 @@ func NewTLSListener(certificate, key string) *TLSListener {
|
|||
|
||||
l.load()
|
||||
|
||||
_, _ = file.NewFileWatcher(certificate, l.load)
|
||||
_, _ = file.NewFileWatcher(key, l.load)
|
||||
|
||||
_, err := file.NewFileWatcher(certificate, l.load)
|
||||
if err != nil {
|
||||
klog.Errorf("unexpected error: %v", err)
|
||||
}
|
||||
_, err = file.NewFileWatcher(key, l.load)
|
||||
if err != nil {
|
||||
klog.Errorf("unexpected error: %v", err)
|
||||
}
|
||||
return &l
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue