Fix golangci-lint errors (#10196)

* Fix golangci-lint errors

Signed-off-by: z1cheng <imchench@gmail.com>

* Fix dupl errors

Signed-off-by: z1cheng <imchench@gmail.com>

* Fix comments

Signed-off-by: z1cheng <imchench@gmail.com>

* Fix errcheck lint errors

Signed-off-by: z1cheng <imchench@gmail.com>

* Fix assert in e2e test

Signed-off-by: z1cheng <imchench@gmail.com>

* Not interrupt the waitForPodsReady

Signed-off-by: z1cheng <imchench@gmail.com>

* Replace string with constant

Signed-off-by: z1cheng <imchench@gmail.com>

* Fix comments

Signed-off-by: z1cheng <imchench@gmail.com>

* Revert write file permision

Signed-off-by: z1cheng <imchench@gmail.com>

---------

Signed-off-by: z1cheng <imchench@gmail.com>

test/e2e/annotations/affinity.go

@@ -32,6 +32,14 @@ import (
 	"k8s.io/ingress-nginx/test/e2e/framework"
 )
 
+const (
+	affinityAnnotation = "cookie"
+	cookieName         = "SERVERID"
+	enableAnnotation   = "true"
+	disableAnnotation  = "false"
+	defaultHost        = "foo.com"
+)
+
 var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
 	f := framework.NewDefaultFramework("affinity")
 
@@ -42,8 +50,8 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
 	ginkgo.It("should set sticky cookie SERVERID", func() {
 		host := "sticky.foo.com"
 		annotations := make(map[string]string)
-		annotations["nginx.ingress.kubernetes.io/affinity"] = "cookie"
-		annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = "SERVERID"
+		annotations["nginx.ingress.kubernetes.io/affinity"] = affinityAnnotation
+		annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = cookieName
 
 		ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations)
 		f.EnsureIngress(ing)
@@ -64,8 +72,8 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
 	ginkgo.It("should change cookie name on ingress definition change", func() {
 		host := "change.foo.com"
 		annotations := make(map[string]string)
-		annotations["nginx.ingress.kubernetes.io/affinity"] = "cookie"
-		annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = "SERVERID"
+		annotations["nginx.ingress.kubernetes.io/affinity"] = affinityAnnotation
+		annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = cookieName
 
 		ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations)
 		f.EnsureIngress(ing)
@@ -80,7 +88,7 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
 			WithHeader("Host", host).
 			Expect().
 			Status(http.StatusOK).
-			Header("Set-Cookie").Contains("SERVERID")
+			Header("Set-Cookie").Contains(cookieName)
 
 		ing.ObjectMeta.Annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = "OTHERCOOKIENAME"
 
@@ -99,8 +107,8 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
 	ginkgo.It("should set the path to /something on the generated cookie", func() {
 		host := "path.foo.com"
 		annotations := make(map[string]string)
-		annotations["nginx.ingress.kubernetes.io/affinity"] = "cookie"
-		annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = "SERVERID"
+		annotations["nginx.ingress.kubernetes.io/affinity"] = affinityAnnotation
+		annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = cookieName
 
 		ing := framework.NewSingleIngress(host, "/something", host, f.Namespace, framework.EchoService, 80, annotations)
 		f.EnsureIngress(ing)
@@ -122,8 +130,8 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
 		pathtype := networking.PathTypePrefix
 		host := "morethanonerule.foo.com"
 		annotations := make(map[string]string)
-		annotations["nginx.ingress.kubernetes.io/affinity"] = "cookie"
-		annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = "SERVERID"
+		annotations["nginx.ingress.kubernetes.io/affinity"] = affinityAnnotation
+		annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = cookieName
 
 		f.EnsureIngress(&networking.Ingress{
 			ObjectMeta: metav1.ObjectMeta{
@@ -194,7 +202,7 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
 	ginkgo.It("should set cookie with expires", func() {
 		host := "cookieexpires.foo.com"
 		annotations := make(map[string]string)
-		annotations["nginx.ingress.kubernetes.io/affinity"] = "cookie"
+		annotations["nginx.ingress.kubernetes.io/affinity"] = affinityAnnotation
 		annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = "ExpiresCookie"
 		annotations["nginx.ingress.kubernetes.io/session-cookie-expires"] = "172800"
 		annotations["nginx.ingress.kubernetes.io/session-cookie-max-age"] = "259200"
@@ -211,7 +219,8 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
 		assert.Nil(ginkgo.GinkgoT(), err, "loading GMT location")
 		assert.NotNil(ginkgo.GinkgoT(), local, "expected a location but none returned")
 
-		duration, _ := time.ParseDuration("48h")
+		duration, err := time.ParseDuration("48h")
+		assert.Nil(ginkgo.GinkgoT(), err, "parsing duration")
 		expected := time.Now().In(local).Add(duration).Format("Mon, 02-Jan-06 15:04")
 
 		f.HTTPTestClient().
@@ -225,7 +234,7 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
 	ginkgo.It("should set cookie with domain", func() {
 		host := "cookiedomain.foo.com"
 		annotations := make(map[string]string)
-		annotations["nginx.ingress.kubernetes.io/affinity"] = "cookie"
+		annotations["nginx.ingress.kubernetes.io/affinity"] = affinityAnnotation
 		annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = "DomainCookie"
 		annotations["nginx.ingress.kubernetes.io/session-cookie-domain"] = "foo.bar"
 
@@ -248,7 +257,7 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
 	ginkgo.It("should not set cookie without domain annotation", func() {
 		host := "cookienodomain.foo.com"
 		annotations := make(map[string]string)
-		annotations["nginx.ingress.kubernetes.io/affinity"] = "cookie"
+		annotations["nginx.ingress.kubernetes.io/affinity"] = affinityAnnotation
 		annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = "NoDomainCookie"
 
 		ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations)
@@ -270,9 +279,9 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
 	ginkgo.It("should work with use-regex annotation and session-cookie-path", func() {
 		host := "useregex.foo.com"
 		annotations := make(map[string]string)
-		annotations["nginx.ingress.kubernetes.io/affinity"] = "cookie"
-		annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = "SERVERID"
-		annotations["nginx.ingress.kubernetes.io/use-regex"] = "true"
+		annotations["nginx.ingress.kubernetes.io/affinity"] = affinityAnnotation
+		annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = cookieName
+		annotations["nginx.ingress.kubernetes.io/use-regex"] = enableAnnotation
 		annotations["nginx.ingress.kubernetes.io/session-cookie-path"] = "/foo/bar"
 
 		ing := framework.NewSingleIngress(host, "/foo/.*", host, f.Namespace, framework.EchoService, 80, annotations)
@@ -294,9 +303,9 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
 	ginkgo.It("should warn user when use-regex is true and session-cookie-path is not set", func() {
 		host := "useregexwarn.foo.com"
 		annotations := make(map[string]string)
-		annotations["nginx.ingress.kubernetes.io/affinity"] = "cookie"
-		annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = "SERVERID"
-		annotations["nginx.ingress.kubernetes.io/use-regex"] = "true"
+		annotations["nginx.ingress.kubernetes.io/affinity"] = affinityAnnotation
+		annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = cookieName
+		annotations["nginx.ingress.kubernetes.io/use-regex"] = enableAnnotation
 
 		ing := framework.NewSingleIngress(host, "/foo/.*", host, f.Namespace, framework.EchoService, 80, annotations)
 		f.EnsureIngress(ing)
@@ -321,7 +330,7 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
 		host := "separate.foo.com"
 
 		annotations := make(map[string]string)
-		annotations["nginx.ingress.kubernetes.io/affinity"] = "cookie"
+		annotations["nginx.ingress.kubernetes.io/affinity"] = affinityAnnotation
 
 		ing1 := framework.NewSingleIngress("ingress1", "/foo/bar", host, f.Namespace, framework.EchoService, 80, annotations)
 		f.EnsureIngress(ing1)
@@ -351,8 +360,8 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
 
 	ginkgo.It("should set sticky cookie without host", func() {
 		annotations := make(map[string]string)
-		annotations["nginx.ingress.kubernetes.io/affinity"] = "cookie"
-		annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = "SERVERID"
+		annotations["nginx.ingress.kubernetes.io/affinity"] = affinityAnnotation
+		annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = cookieName
 
 		ing := framework.NewSingleIngress("default-no-host", "/", "", f.Namespace, framework.EchoService, 80, annotations)
 		f.EnsureIngress(ing)
@@ -370,12 +379,12 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
 	})
 
 	ginkgo.It("should work with server-alias annotation", func() {
-		host := "foo.com"
+		host := defaultHost
 		alias1 := "a1.foo.com"
 		alias2 := "a2.foo.com"
 		annotations := make(map[string]string)
-		annotations["nginx.ingress.kubernetes.io/affinity"] = "cookie"
-		annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = "SERVERID"
+		annotations["nginx.ingress.kubernetes.io/affinity"] = affinityAnnotation
+		annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = cookieName
 		annotations["nginx.ingress.kubernetes.io/server-alias"] = fmt.Sprintf("%s,%s", alias1, alias2)
 
 		ing := framework.NewSingleIngress(host, "/bar", host, f.Namespace, framework.EchoService, 80, annotations)
@@ -383,7 +392,7 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
 
 		f.WaitForNginxServer(host,
 			func(server string) bool {
-				//server alias sort by sort.Strings(), see: internal/ingress/annotations/alias/main.go:60
+				// server alias sort by sort.Strings(), see: internal/ingress/annotations/alias/main.go:60
 				return strings.Contains(server, fmt.Sprintf("server_name %s %s %s ;", host, alias1, alias2))
 			})
 
@@ -410,11 +419,11 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
 	})
 
 	ginkgo.It("should set secure in cookie with provided true annotation on http", func() {
-		host := "foo.com"
+		host := defaultHost
 		annotations := make(map[string]string)
-		annotations["nginx.ingress.kubernetes.io/affinity"] = "cookie"
-		annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = "SERVERID"
-		annotations["nginx.ingress.kubernetes.io/session-cookie-secure"] = "true"
+		annotations["nginx.ingress.kubernetes.io/affinity"] = affinityAnnotation
+		annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = cookieName
+		annotations["nginx.ingress.kubernetes.io/session-cookie-secure"] = enableAnnotation
 
 		ing := framework.NewSingleIngress(host, "/bar", host, f.Namespace, framework.EchoService, 80, annotations)
 		f.EnsureIngress(ing)
@@ -433,11 +442,11 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
 	})
 
 	ginkgo.It("should not set secure in cookie with provided false annotation on http", func() {
-		host := "foo.com"
+		host := defaultHost
 		annotations := make(map[string]string)
-		annotations["nginx.ingress.kubernetes.io/affinity"] = "cookie"
-		annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = "SERVERID"
-		annotations["nginx.ingress.kubernetes.io/session-cookie-secure"] = "false"
+		annotations["nginx.ingress.kubernetes.io/affinity"] = affinityAnnotation
+		annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = cookieName
+		annotations["nginx.ingress.kubernetes.io/session-cookie-secure"] = disableAnnotation
 
 		ing := framework.NewSingleIngress(host, "/bar", host, f.Namespace, framework.EchoService, 80, annotations)
 		f.EnsureIngress(ing)
@@ -456,11 +465,11 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
 	})
 
 	ginkgo.It("should set secure in cookie with provided false annotation on https", func() {
-		host := "foo.com"
+		host := defaultHost
 		annotations := make(map[string]string)
-		annotations["nginx.ingress.kubernetes.io/affinity"] = "cookie"
-		annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = "SERVERID"
-		annotations["nginx.ingress.kubernetes.io/session-cookie-secure"] = "false"
+		annotations["nginx.ingress.kubernetes.io/affinity"] = affinityAnnotation
+		annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = cookieName
+		annotations["nginx.ingress.kubernetes.io/session-cookie-secure"] = disableAnnotation
 
 		f.EnsureIngress(framework.NewSingleIngressWithTLS(host, "/", host, []string{host}, f.Namespace, framework.EchoService, 80, annotations))
 
@@ -470,6 +479,7 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
 					strings.Contains(server, "listen 443")
 			})
 
+		//nolint:gosec // Ignore the gosec error in testing
 		f.HTTPTestClientWithTLSConfig(&tls.Config{ServerName: host, InsecureSkipVerify: true}).
 			GET("/").
 			WithURL(f.GetURL(framework.HTTPS)).

test/e2e/annotations/affinitymode.go

@@ -28,6 +28,8 @@ import (
 	"k8s.io/ingress-nginx/test/e2e/framework"
 )
 
+const sslRedirectValue = "false"
+
 var _ = framework.DescribeAnnotation("affinitymode", func() {
 	f := framework.NewDefaultFramework("affinity")
 
@@ -45,7 +47,7 @@ var _ = framework.DescribeAnnotation("affinitymode", func() {
 		annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = "hello-cookie"
 		annotations["nginx.ingress.kubernetes.io/session-cookie-expires"] = "172800"
 		annotations["nginx.ingress.kubernetes.io/session-cookie-max-age"] = "172800"
-		annotations["nginx.ingress.kubernetes.io/ssl-redirect"] = "false"
+		annotations["nginx.ingress.kubernetes.io/ssl-redirect"] = sslRedirectValue
 		annotations["nginx.ingress.kubernetes.io/affinity-mode"] = "balanced"
 		annotations["nginx.ingress.kubernetes.io/session-cookie-hash"] = "sha1"
 
@@ -78,7 +80,7 @@ var _ = framework.DescribeAnnotation("affinitymode", func() {
 		annotations["nginx.ingress.kubernetes.io/session-cookie-name"] = "hello-cookie"
 		annotations["nginx.ingress.kubernetes.io/session-cookie-expires"] = "172800"
 		annotations["nginx.ingress.kubernetes.io/session-cookie-max-age"] = "172800"
-		annotations["nginx.ingress.kubernetes.io/ssl-redirect"] = "false"
+		annotations["nginx.ingress.kubernetes.io/ssl-redirect"] = sslRedirectValue
 		annotations["nginx.ingress.kubernetes.io/affinity-mode"] = "persistent"
 		annotations["nginx.ingress.kubernetes.io/session-cookie-hash"] = "sha1"
 
@@ -106,7 +108,7 @@ var _ = framework.DescribeAnnotation("affinitymode", func() {
 		// Send new requests and add new backends. Check which backend responded to the sent request
 		cookies := getCookiesFromHeader(response.Header("Set-Cookie").Raw())
 		for sendRequestNumber := 0; sendRequestNumber < 10; sendRequestNumber++ {
-			replicas = replicas + 1
+			replicas++
 			err := framework.UpdateDeployment(f.KubeClientSet, f.Namespace, deploymentName, replicas, nil)
 			assert.Nil(ginkgo.GinkgoT(), err)
 			framework.Sleep()

test/e2e/annotations/alias.go

@@ -26,6 +26,8 @@ import (
 	"k8s.io/ingress-nginx/test/e2e/framework"
 )
 
+const fooHost = "foo"
+
 var _ = framework.DescribeAnnotation("server-alias", func() {
 	f := framework.NewDefaultFramework("alias")
 
@@ -34,7 +36,7 @@ var _ = framework.DescribeAnnotation("server-alias", func() {
 	})
 
 	ginkgo.It("should return status code 200 for host 'foo' and 404 for 'bar'", func() {
-		host := "foo"
+		host := fooHost
 
 		ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, nil)
 		f.EnsureIngress(ing)
@@ -60,7 +62,7 @@ var _ = framework.DescribeAnnotation("server-alias", func() {
 	})
 
 	ginkgo.It("should return status code 200 for host 'foo' and 'bar'", func() {
-		host := "foo"
+		host := fooHost
 		annotations := map[string]string{
 			"nginx.ingress.kubernetes.io/server-alias": "bar",
 		}
@@ -73,7 +75,7 @@ var _ = framework.DescribeAnnotation("server-alias", func() {
 				return strings.Contains(server, fmt.Sprintf("server_name %v", host))
 			})
 
-		hosts := []string{"foo", "bar"}
+		hosts := []string{fooHost, "bar"}
 		for _, host := range hosts {
 			f.HTTPTestClient().
 				GET("/").
@@ -85,7 +87,7 @@ var _ = framework.DescribeAnnotation("server-alias", func() {
 	})
 
 	ginkgo.It("should return status code 200 for hosts defined in two ingresses, different path with one alias", func() {
-		host := "foo"
+		host := fooHost
 
 		ing := framework.NewSingleIngress("app-a", "/app-a", host, f.Namespace, framework.EchoService, 80, nil)
 		f.EnsureIngress(ing)
@@ -101,7 +103,7 @@ var _ = framework.DescribeAnnotation("server-alias", func() {
 				return strings.Contains(server, fmt.Sprintf("server_name %v bar", host))
 			})
 
-		hosts := []string{"foo", "bar"}
+		hosts := []string{fooHost, "bar"}
 		for _, host := range hosts {
 			f.HTTPTestClient().
 				GET("/app-a").

test/e2e/annotations/auth.go

@@ -36,6 +36,12 @@ import (
 	"k8s.io/ingress-nginx/test/e2e/framework"
 )
 
+const (
+	differentHost = "different"
+	authHost      = "auth"
+	authURL       = "http://foo.bar.baz:5000/path"
+)
+
 var _ = framework.DescribeAnnotation("auth-*", func() {
 	f := framework.NewDefaultFramework("auth", framework.WithHTTPBunEnabled())
 
@@ -44,7 +50,7 @@ var _ = framework.DescribeAnnotation("auth-*", func() {
 	})
 
 	ginkgo.It("should return status code 200 when no authentication is configured", func() {
-		host := "auth"
+		host := authHost
 
 		ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, nil)
 		f.EnsureIngress(ing)
@@ -63,7 +69,7 @@ var _ = framework.DescribeAnnotation("auth-*", func() {
 	})
 
 	ginkgo.It("should return status code 503 when authentication is configured with an invalid secret", func() {
-		host := "auth"
+		host := authHost
 		annotations := map[string]string{
 			"nginx.ingress.kubernetes.io/auth-type":   "basic",
 			"nginx.ingress.kubernetes.io/auth-secret": "something",
@@ -87,9 +93,9 @@ var _ = framework.DescribeAnnotation("auth-*", func() {
 	})
 
 	ginkgo.It("should return status code 401 when authentication is configured but Authorization header is not configured", func() {
-		host := "auth"
+		host := authHost
 
-		s := f.EnsureSecret(buildSecret("foo", "bar", "test", f.Namespace))
+		s := f.EnsureSecret(buildSecret(fooHost, "bar", "test", f.Namespace))
 
 		annotations := map[string]string{
 			"nginx.ingress.kubernetes.io/auth-type":   "basic",
@@ -114,9 +120,9 @@ var _ = framework.DescribeAnnotation("auth-*", func() {
 	})
 
 	ginkgo.It("should return status code 401 when authentication is configured and Authorization header is sent with invalid credentials", func() {
-		host := "auth"
+		host := authHost
 
-		s := f.EnsureSecret(buildSecret("foo", "bar", "test", f.Namespace))
+		s := f.EnsureSecret(buildSecret(fooHost, "bar", "test", f.Namespace))
 
 		annotations := map[string]string{
 			"nginx.ingress.kubernetes.io/auth-type":   "basic",
@@ -142,9 +148,9 @@ var _ = framework.DescribeAnnotation("auth-*", func() {
 	})
 
 	ginkgo.It("should return status code 401 and cors headers when authentication and cors is configured but Authorization header is not configured", func() {
-		host := "auth"
+		host := authHost
 
-		s := f.EnsureSecret(buildSecret("foo", "bar", "test", f.Namespace))
+		s := f.EnsureSecret(buildSecret(fooHost, "bar", "test", f.Namespace))
 
 		annotations := map[string]string{
 			"nginx.ingress.kubernetes.io/auth-type":   "basic",
@@ -170,9 +176,9 @@ var _ = framework.DescribeAnnotation("auth-*", func() {
 	})
 
 	ginkgo.It("should return status code 200 when authentication is configured and Authorization header is sent", func() {
-		host := "auth"
+		host := authHost
 
-		s := f.EnsureSecret(buildSecret("foo", "bar", "test", f.Namespace))
+		s := f.EnsureSecret(buildSecret(fooHost, "bar", "test", f.Namespace))
 
 		annotations := map[string]string{
 			"nginx.ingress.kubernetes.io/auth-type":   "basic",
@@ -191,15 +197,15 @@ var _ = framework.DescribeAnnotation("auth-*", func() {
 		f.HTTPTestClient().
 			GET("/").
 			WithHeader("Host", host).
-			WithBasicAuth("foo", "bar").
+			WithBasicAuth(fooHost, "bar").
 			Expect().
 			Status(http.StatusOK)
 	})
 
 	ginkgo.It("should return status code 200 when authentication is configured with a map and Authorization header is sent", func() {
-		host := "auth"
+		host := authHost
 
-		s := f.EnsureSecret(buildMapSecret("foo", "bar", "test", f.Namespace))
+		s := f.EnsureSecret(buildMapSecret(fooHost, "bar", "test", f.Namespace))
 
 		annotations := map[string]string{
 			"nginx.ingress.kubernetes.io/auth-type":        "basic",
@@ -219,13 +225,13 @@ var _ = framework.DescribeAnnotation("auth-*", func() {
 		f.HTTPTestClient().
 			GET("/").
 			WithHeader("Host", host).
-			WithBasicAuth("foo", "bar").
+			WithBasicAuth(fooHost, "bar").
 			Expect().
 			Status(http.StatusOK)
 	})
 
 	ginkgo.It("should return status code 401 when authentication is configured with invalid content and Authorization header is sent", func() {
-		host := "auth"
+		host := authHost
 
 		s := f.EnsureSecret(
 			&corev1.Secret{
@@ -258,13 +264,13 @@ var _ = framework.DescribeAnnotation("auth-*", func() {
 		f.HTTPTestClient().
 			GET("/").
 			WithHeader("Host", host).
-			WithBasicAuth("foo", "bar").
+			WithBasicAuth(fooHost, "bar").
 			Expect().
 			Status(http.StatusUnauthorized)
 	})
 
 	ginkgo.It(`should set snippet "proxy_set_header My-Custom-Header 42;" when external auth is configured`, func() {
-		host := "auth"
+		host := authHost
 
 		annotations := map[string]string{
 			"nginx.ingress.kubernetes.io/auth-url": "http://foo.bar/basic-auth/user/password",
@@ -282,7 +288,7 @@ var _ = framework.DescribeAnnotation("auth-*", func() {
 	})
 
 	ginkgo.It(`should not set snippet "proxy_set_header My-Custom-Header 42;" when external auth is not configured`, func() {
-		host := "auth"
+		host := authHost
 
 		annotations := map[string]string{
 			"nginx.ingress.kubernetes.io/auth-snippet": `
@@ -299,7 +305,7 @@ var _ = framework.DescribeAnnotation("auth-*", func() {
 	})
 
 	ginkgo.It(`should set "proxy_set_header 'My-Custom-Header' '42';" when auth-headers are set`, func() {
-		host := "auth"
+		host := authHost
 
 		annotations := map[string]string{
 			"nginx.ingress.kubernetes.io/auth-url":               "http://foo.bar/basic-auth/user/password",
@@ -320,11 +326,11 @@ var _ = framework.DescribeAnnotation("auth-*", func() {
 	})
 
 	ginkgo.It(`should set cache_key when external auth cache is configured`, func() {
-		host := "auth"
+		host := authHost
 
 		annotations := map[string]string{
 			"nginx.ingress.kubernetes.io/auth-url":            "http://foo.bar/basic-auth/user/password",
-			"nginx.ingress.kubernetes.io/auth-cache-key":      "foo",
+			"nginx.ingress.kubernetes.io/auth-cache-key":      fooHost,
 			"nginx.ingress.kubernetes.io/auth-cache-duration": "200 202 401 30m",
 		}
 
@@ -337,7 +343,6 @@ var _ = framework.DescribeAnnotation("auth-*", func() {
 			func(server string) bool {
 				return cacheRegex.MatchString(server) &&
 					strings.Contains(server, `proxy_cache_valid 200 202 401 30m;`)
-
 			})
 	})
 
@@ -405,7 +410,6 @@ http {
 			f.WaitForNginxServer(host, func(server string) bool {
 				return strings.Contains(server, "server_name "+host)
 			})
-
 		})
 
 		ginkgo.It("user retains cookie by default", func() {
@@ -431,7 +435,7 @@ http {
 		})
 
 		ginkgo.It("user with annotated ingress retains cookie if upstream returns error status code", func() {
-			annotations["nginx.ingress.kubernetes.io/auth-always-set-cookie"] = "true"
+			annotations["nginx.ingress.kubernetes.io/auth-always-set-cookie"] = enableAnnotation
 			f.UpdateIngress(ing1)
 			f.UpdateIngress(ing2)
 
@@ -451,7 +455,7 @@ http {
 	})
 
 	ginkgo.Context("when external authentication is configured", func() {
-		host := "auth"
+		host := authHost
 		var annotations map[string]string
 		var ing *networking.Ingress
 
@@ -495,7 +499,7 @@ http {
 			annotations["nginx.ingress.kubernetes.io/auth-realm"] = "test auth"
 			f.UpdateIngress(ing)
 
-			anotherHost := "different"
+			anotherHost := differentHost
 			anotherAnnotations := map[string]string{}
 
 			anotherIng := framework.NewSingleIngress(anotherHost, "/", anotherHost, f.Namespace, framework.EchoService, 80, anotherAnnotations)
@@ -544,12 +548,12 @@ http {
 			// Sleep a while just to guarantee that the configmap is applied
 			framework.Sleep()
 
-			annotations["nginx.ingress.kubernetes.io/auth-url"] = "http://foo.bar.baz:5000/path"
+			annotations["nginx.ingress.kubernetes.io/auth-url"] = authURL
 			f.UpdateIngress(ing)
 
 			f.WaitForNginxServer("",
 				func(server string) bool {
-					return strings.Contains(server, "http://foo.bar.baz:5000/path") &&
+					return strings.Contains(server, authURL) &&
 						!strings.Contains(server, `upstream auth-external-auth`)
 				})
 		})
@@ -582,19 +586,19 @@ http {
 			// Sleep a while just to guarantee that the configmap is applied
 			framework.Sleep()
 
-			annotations["nginx.ingress.kubernetes.io/auth-url"] = "http://foo.bar.baz:5000/path"
+			annotations["nginx.ingress.kubernetes.io/auth-url"] = authURL
 			annotations["nginx.ingress.kubernetes.io/auth-keepalive"] = "-1"
 			f.UpdateIngress(ing)
 
 			f.WaitForNginxServer("",
 				func(server string) bool {
-					return strings.Contains(server, "http://foo.bar.baz:5000/path") &&
+					return strings.Contains(server, authURL) &&
 						!strings.Contains(server, `upstream auth-external-auth`)
 				})
 		})
 
 		ginkgo.It(`should not create additional upstream block when auth-keepalive is set with HTTP/2`, func() {
-			annotations["nginx.ingress.kubernetes.io/auth-url"] = "http://foo.bar.baz:5000/path"
+			annotations["nginx.ingress.kubernetes.io/auth-url"] = authURL
 			annotations["nginx.ingress.kubernetes.io/auth-keepalive"] = "123"
 			annotations["nginx.ingress.kubernetes.io/auth-keepalive-requests"] = "456"
 			annotations["nginx.ingress.kubernetes.io/auth-keepalive-timeout"] = "789"
@@ -602,7 +606,7 @@ http {
 
 			f.WaitForNginxServer("",
 				func(server string) bool {
-					return strings.Contains(server, "http://foo.bar.baz:5000/path") &&
+					return strings.Contains(server, authURL) &&
 						!strings.Contains(server, `upstream auth-external-auth`)
 				})
 		})
@@ -657,7 +661,7 @@ http {
 			framework.Sleep()
 
 			annotations["nginx.ingress.kubernetes.io/auth-keepalive"] = "10"
-			annotations["nginx.ingress.kubernetes.io/auth-keepalive-share-vars"] = "true"
+			annotations["nginx.ingress.kubernetes.io/auth-keepalive-share-vars"] = enableAnnotation
 			f.UpdateIngress(ing)
 
 			f.WaitForNginxServer("",
@@ -670,7 +674,7 @@ http {
 	})
 
 	ginkgo.Context("when external authentication is configured with a custom redirect param", func() {
-		host := "auth"
+		host := authHost
 		var annotations map[string]string
 		var ing *networking.Ingress
 
@@ -715,7 +719,7 @@ http {
 			annotations["nginx.ingress.kubernetes.io/auth-realm"] = "test auth"
 			f.UpdateIngress(ing)
 
-			anotherHost := "different"
+			anotherHost := differentHost
 			anotherAnnotations := map[string]string{}
 
 			anotherIng := framework.NewSingleIngress(anotherHost, "/", anotherHost, f.Namespace, framework.EchoService, 80, anotherAnnotations)
@@ -735,8 +739,8 @@ http {
 	})
 
 	ginkgo.Context("when external authentication with caching is configured", func() {
-		thisHost := "auth"
-		thatHost := "different"
+		thisHost := authHost
+		thatHost := differentHost
 
 		fooPath := "/foo"
 		barPath := "/bar"
@@ -858,7 +862,7 @@ http {
 	})
 
 	ginkgo.Context("with invalid auth-url should deny whole location", func() {
-		host := "auth"
+		host := authHost
 		var annotations map[string]string
 		var ing *networking.Ingress
 
@@ -898,7 +902,6 @@ http {
 //   Auth error
 
 func buildSecret(username, password, name, namespace string) *corev1.Secret {
-	//out, err := exec.Command("openssl", "passwd", "-crypt", password).CombinedOutput()
 	out, err := bcrypt.GenerateFromPassword([]byte(password), 14)
 	encpass := fmt.Sprintf("%v:%s\n", username, out)
 	assert.Nil(ginkgo.GinkgoT(), err)
@@ -917,7 +920,6 @@ func buildSecret(username, password, name, namespace string) *corev1.Secret {
 }
 
 func buildMapSecret(username, password, name, namespace string) *corev1.Secret {
-	//out, err := exec.Command("openssl", "passwd", "-crypt", password).CombinedOutput()
 	out, err := bcrypt.GenerateFromPassword([]byte(password), 14)
 	assert.Nil(ginkgo.GinkgoT(), err)
 
@@ -928,7 +930,7 @@ func buildMapSecret(username, password, name, namespace string) *corev1.Secret {
 			DeletionGracePeriodSeconds: framework.NewInt64(1),
 		},
 		Data: map[string][]byte{
-			username: []byte(out),
+			username: out,
 		},
 		Type: corev1.SecretTypeOpaque,
 	}

test/e2e/annotations/authtls.go

@@ -26,6 +26,8 @@ import (
 	"k8s.io/ingress-nginx/test/e2e/framework"
 )
 
+const authTLSFooHost = "authtls.foo.com"
+
 var _ = framework.DescribeAnnotation("auth-tls-*", func() {
 	f := framework.NewDefaultFramework("authtls")
 
@@ -34,7 +36,7 @@ var _ = framework.DescribeAnnotation("auth-tls-*", func() {
 	})
 
 	ginkgo.It("should set sslClientCertificate, sslVerifyClient and sslVerifyDepth with auth-tls-secret", func() {
-		host := "authtls.foo.com"
+		host := authTLSFooHost
 		nameSpace := f.Namespace
 
 		clientConfig, err := framework.CreateIngressMASecret(
@@ -82,7 +84,7 @@ var _ = framework.DescribeAnnotation("auth-tls-*", func() {
 	})
 
 	ginkgo.It("should set valid auth-tls-secret, sslVerify to off, and sslVerifyDepth to 2", func() {
-		host := "authtls.foo.com"
+		host := authTLSFooHost
 		nameSpace := f.Namespace
 
 		_, err := framework.CreateIngressMASecret(
@@ -112,7 +114,7 @@ var _ = framework.DescribeAnnotation("auth-tls-*", func() {
 	})
 
 	ginkgo.It("should 302 redirect to error page instead of 400 when auth-tls-error-page is set", func() {
-		host := "authtls.foo.com"
+		host := authTLSFooHost
 		nameSpace := f.Namespace
 
 		errorPath := "/error"
@@ -159,7 +161,7 @@ var _ = framework.DescribeAnnotation("auth-tls-*", func() {
 	})
 
 	ginkgo.It("should pass URL-encoded certificate to upstream", func() {
-		host := "authtls.foo.com"
+		host := authTLSFooHost
 		nameSpace := f.Namespace
 
 		clientConfig, err := framework.CreateIngressMASecret(
@@ -204,7 +206,7 @@ var _ = framework.DescribeAnnotation("auth-tls-*", func() {
 	})
 
 	ginkgo.It("should validate auth-tls-verify-client", func() {
-		host := "authtls.foo.com"
+		host := authTLSFooHost
 		nameSpace := f.Namespace
 
 		clientConfig, err := framework.CreateIngressMASecret(
@@ -260,11 +262,10 @@ var _ = framework.DescribeAnnotation("auth-tls-*", func() {
 			WithHeader("Host", host).
 			Expect().
 			Status(http.StatusOK)
-
 	})
 
 	ginkgo.It("should return 403 using auth-tls-match-cn with no matching CN from client", func() {
-		host := "authtls.foo.com"
+		host := authTLSFooHost
 		nameSpace := f.Namespace
 
 		clientConfig, err := framework.CreateIngressMASecret(
@@ -293,7 +294,7 @@ var _ = framework.DescribeAnnotation("auth-tls-*", func() {
 	})
 
 	ginkgo.It("should return 200 using auth-tls-match-cn with matching CN from client", func() {
-		host := "authtls.foo.com"
+		host := authTLSFooHost
 		nameSpace := f.Namespace
 
 		clientConfig, err := framework.CreateIngressMASecret(
@@ -322,7 +323,7 @@ var _ = framework.DescribeAnnotation("auth-tls-*", func() {
 	})
 
 	ginkgo.It("should return 200 using auth-tls-match-cn where atleast one of the regex options matches CN from client", func() {
-		host := "authtls.foo.com"
+		host := authTLSFooHost
 		nameSpace := f.Namespace
 
 		clientConfig, err := framework.CreateIngressMASecret(
@@ -351,7 +352,8 @@ var _ = framework.DescribeAnnotation("auth-tls-*", func() {
 	})
 })
 
-func assertSslClientCertificateConfig(f *framework.Framework, host string, verifyClient string, verifyDepth string) {
+//nolint:unparam // Ignore the invariant param: host
+func assertSslClientCertificateConfig(f *framework.Framework, host, verifyClient, verifyDepth string) {
 	sslClientCertDirective := fmt.Sprintf("ssl_client_certificate /etc/ingress-controller/ssl/%s-%s.pem;", f.Namespace, host)
 	sslVerify := fmt.Sprintf("ssl_verify_client %s;", verifyClient)
 	sslVerifyDepth := fmt.Sprintf("ssl_verify_depth %s;", verifyDepth)

test/e2e/annotations/backendprotocol.go

@@ -24,6 +24,8 @@ import (
 	"k8s.io/ingress-nginx/test/e2e/framework"
 )
 
+const backendProtocolHost = "backendprotocol.foo.com"
+
 var _ = framework.DescribeAnnotation("backend-protocol", func() {
 	f := framework.NewDefaultFramework("backendprotocol")
 
@@ -32,7 +34,7 @@ var _ = framework.DescribeAnnotation("backend-protocol", func() {
 	})
 
 	ginkgo.It("should set backend protocol to https:// and use proxy_pass", func() {
-		host := "backendprotocol.foo.com"
+		host := backendProtocolHost
 		annotations := map[string]string{
 			"nginx.ingress.kubernetes.io/backend-protocol": "HTTPS",
 		}
@@ -47,7 +49,7 @@ var _ = framework.DescribeAnnotation("backend-protocol", func() {
 	})
 
 	ginkgo.It("should set backend protocol to $scheme:// and use proxy_pass", func() {
-		host := "backendprotocol.foo.com"
+		host := backendProtocolHost
 		annotations := map[string]string{
 			"nginx.ingress.kubernetes.io/backend-protocol": "AUTO_HTTP",
 		}
@@ -62,7 +64,7 @@ var _ = framework.DescribeAnnotation("backend-protocol", func() {
 	})
 
 	ginkgo.It("should set backend protocol to grpc:// and use grpc_pass", func() {
-		host := "backendprotocol.foo.com"
+		host := backendProtocolHost
 		annotations := map[string]string{
 			"nginx.ingress.kubernetes.io/backend-protocol": "GRPC",
 		}
@@ -77,7 +79,7 @@ var _ = framework.DescribeAnnotation("backend-protocol", func() {
 	})
 
 	ginkgo.It("should set backend protocol to grpcs:// and use grpc_pass", func() {
-		host := "backendprotocol.foo.com"
+		host := backendProtocolHost
 		annotations := map[string]string{
 			"nginx.ingress.kubernetes.io/backend-protocol": "GRPCS",
 		}
@@ -92,7 +94,7 @@ var _ = framework.DescribeAnnotation("backend-protocol", func() {
 	})
 
 	ginkgo.It("should set backend protocol to '' and use fastcgi_pass", func() {
-		host := "backendprotocol.foo.com"
+		host := backendProtocolHost
 		annotations := map[string]string{
 			"nginx.ingress.kubernetes.io/backend-protocol": "FCGI",
 		}

test/e2e/annotations/canary.go

@@ -43,7 +43,7 @@ var _ = framework.DescribeAnnotation("canary-*", func() {
 
 	ginkgo.Context("when canary is created", func() {
 		ginkgo.It("should response with a 200 status from the mainline upstream when requests are made to the mainline ingress", func() {
-			host := "foo"
+			host := fooHost
 			annotations := map[string]string{}
 
 			f.EnsureIngress(framework.NewSingleIngress(
@@ -87,7 +87,7 @@ var _ = framework.DescribeAnnotation("canary-*", func() {
 		})
 
 		ginkgo.It("should return 404 status for requests to the canary if no matching ingress is found", func() {
-			host := "foo"
+			host := fooHost
 
 			canaryAnnotations := map[string]string{
 				"nginx.ingress.kubernetes.io/canary":           "true",
@@ -118,7 +118,7 @@ var _ = framework.DescribeAnnotation("canary-*", func() {
 			TODO: This test needs improvements made to the e2e framework so that deployment updates work in order to successfully run
 
 			It("should return the correct status codes when endpoints are unavailable", func() {
-				host := "foo"
+				host := fooHost
 				annotations := map[string]string{}
 
 				ing := framework.NewSingleIngress(host, "/info", host, f.Namespace, framework.HTTPBunService, 80, annotations)
@@ -172,7 +172,7 @@ var _ = framework.DescribeAnnotation("canary-*", func() {
 		*/
 
 		ginkgo.It("should route requests to the correct upstream if mainline ingress is created before the canary ingress", func() {
-			host := "foo"
+			host := fooHost
 			annotations := map[string]string{}
 
 			f.EnsureIngress(framework.NewSingleIngress(
@@ -230,7 +230,7 @@ var _ = framework.DescribeAnnotation("canary-*", func() {
 		})
 
 		ginkgo.It("should route requests to the correct upstream if mainline ingress is created after the canary ingress", func() {
-			host := "foo"
+			host := fooHost
 
 			canaryAnnotations := map[string]string{
 				"nginx.ingress.kubernetes.io/canary":           "true",
@@ -287,7 +287,7 @@ var _ = framework.DescribeAnnotation("canary-*", func() {
 		})
 
 		ginkgo.It("should route requests to the correct upstream if the mainline ingress is modified", func() {
-			host := "foo"
+			host := fooHost
 			annotations := map[string]string{}
 
 			f.EnsureIngress(framework.NewSingleIngress(
@@ -321,7 +321,7 @@ var _ = framework.DescribeAnnotation("canary-*", func() {
 				canaryAnnotations))
 
 			modAnnotations := map[string]string{
-				"foo": "bar",
+				fooHost: "bar",
 			}
 
 			f.UpdateIngress(framework.NewSingleIngress(
@@ -361,7 +361,7 @@ var _ = framework.DescribeAnnotation("canary-*", func() {
 		})
 
 		ginkgo.It("should route requests to the correct upstream if the canary ingress is modified", func() {
-			host := "foo"
+			host := fooHost
 			annotations := map[string]string{}
 
 			f.EnsureIngress(framework.NewSingleIngress(
@@ -443,7 +443,7 @@ var _ = framework.DescribeAnnotation("canary-*", func() {
 
 	ginkgo.Context("when canaried by header with no value", func() {
 		ginkgo.It("should route requests to the correct upstream", func() {
-			host := "foo"
+			host := fooHost
 
 			f.EnsureIngress(framework.NewSingleIngress(
 				host,
@@ -511,7 +511,7 @@ var _ = framework.DescribeAnnotation("canary-*", func() {
 
 	ginkgo.Context("when canaried by header with value", func() {
 		ginkgo.It("should route requests to the correct upstream", func() {
-			host := "foo"
+			host := fooHost
 			annotations := map[string]string{}
 
 			f.EnsureIngress(framework.NewSingleIngress(
@@ -592,7 +592,7 @@ var _ = framework.DescribeAnnotation("canary-*", func() {
 
 	ginkgo.Context("when canaried by header with value and pattern", func() {
 		ginkgo.It("should route requests to the correct upstream", func() {
-			host := "foo"
+			host := fooHost
 			annotations := map[string]string{}
 
 			f.EnsureIngress(framework.NewSingleIngress(
@@ -645,7 +645,7 @@ var _ = framework.DescribeAnnotation("canary-*", func() {
 				Body().Contains(framework.HTTPBunService).NotContains(canaryService)
 		})
 		ginkgo.It("should route requests to the correct upstream", func() {
-			host := "foo"
+			host := fooHost
 			annotations := map[string]string{}
 
 			f.EnsureIngress(framework.NewSingleIngress(
@@ -690,7 +690,7 @@ var _ = framework.DescribeAnnotation("canary-*", func() {
 				Body().Contains(framework.HTTPBunService).NotContains(canaryService)
 		})
 		ginkgo.It("should routes to mainline upstream when the given Regex causes error", func() {
-			host := "foo"
+			host := fooHost
 			annotations := map[string]string{}
 
 			f.EnsureIngress(framework.NewSingleIngress(
@@ -739,7 +739,7 @@ var _ = framework.DescribeAnnotation("canary-*", func() {
 
 	ginkgo.Context("when canaried by header with value and cookie", func() {
 		ginkgo.It("should route requests to the correct upstream", func() {
-			host := "foo"
+			host := fooHost
 			annotations := map[string]string{}
 
 			f.EnsureIngress(framework.NewSingleIngress(
@@ -788,7 +788,7 @@ var _ = framework.DescribeAnnotation("canary-*", func() {
 
 	ginkgo.Context("when canaried by cookie", func() {
 		ginkgo.It("respects always and never values", func() {
-			host := "foo"
+			host := fooHost
 			annotations := map[string]string{}
 
 			f.EnsureIngress(framework.NewSingleIngress(
@@ -860,7 +860,7 @@ var _ = framework.DescribeAnnotation("canary-*", func() {
 
 	ginkgo.Context("when canaried by weight", func() {
 		ginkgo.It("should route requests only to mainline if canary weight is 0", func() {
-			host := "foo"
+			host := fooHost
 			annotations := map[string]string{}
 
 			f.EnsureIngress(framework.NewSingleIngress(
@@ -908,7 +908,7 @@ var _ = framework.DescribeAnnotation("canary-*", func() {
 		})
 
 		ginkgo.It("should route requests only to canary if canary weight is 100", func() {
-			host := "foo"
+			host := fooHost
 			annotations := map[string]string{}
 
 			f.EnsureIngress(framework.NewSingleIngress(
@@ -950,7 +950,7 @@ var _ = framework.DescribeAnnotation("canary-*", func() {
 		})
 
 		ginkgo.It("should route requests only to canary if canary weight is equal to canary weight total", func() {
-			host := "foo"
+			host := fooHost
 			annotations := map[string]string{}
 
 			f.EnsureIngress(framework.NewSingleIngress(
@@ -993,7 +993,7 @@ var _ = framework.DescribeAnnotation("canary-*", func() {
 		})
 
 		ginkgo.It("should route requests split between mainline and canary if canary weight is 50", func() {
-			host := "foo"
+			host := fooHost
 			annotations := map[string]string{}
 
 			f.EnsureIngress(framework.NewSingleIngress(
@@ -1029,7 +1029,7 @@ var _ = framework.DescribeAnnotation("canary-*", func() {
 		})
 
 		ginkgo.It("should route requests split between mainline and canary if canary weight is 100 and weight total is 200", func() {
-			host := "foo"
+			host := fooHost
 			annotations := map[string]string{}
 
 			f.EnsureIngress(framework.NewSingleIngress(
@@ -1068,7 +1068,7 @@ var _ = framework.DescribeAnnotation("canary-*", func() {
 
 	ginkgo.Context("Single canary Ingress", func() {
 		ginkgo.It("should not use canary as a catch-all server", func() {
-			host := "foo"
+			host := fooHost
 			canaryIngName := fmt.Sprintf("%v-canary", host)
 			annotations := map[string]string{
 				"nginx.ingress.kubernetes.io/canary":           "true",
@@ -1102,7 +1102,7 @@ var _ = framework.DescribeAnnotation("canary-*", func() {
 		})
 
 		ginkgo.It("should not use canary with domain as a server", func() {
-			host := "foo"
+			host := fooHost
 			canaryIngName := fmt.Sprintf("%v-canary", host)
 			annotations := map[string]string{
 				"nginx.ingress.kubernetes.io/canary":           "true",
@@ -1136,7 +1136,7 @@ var _ = framework.DescribeAnnotation("canary-*", func() {
 	})
 
 	ginkgo.It("does not crash when canary ingress has multiple paths to the same non-matching backend", func() {
-		host := "foo"
+		host := fooHost
 		canaryIngName := fmt.Sprintf("%v-canary", host)
 		annotations := map[string]string{
 			"nginx.ingress.kubernetes.io/canary":           "true",
@@ -1168,7 +1168,7 @@ var _ = framework.DescribeAnnotation("canary-*", func() {
 	})
 
 	ginkgo.Context("canary affinity behavior", func() {
-		host := "foo"
+		host := fooHost
 		affinityCookieName := "aff"
 		canaryIngName := fmt.Sprintf("%v-canary", host)
 
@@ -1370,7 +1370,6 @@ var _ = framework.DescribeAnnotation("canary-*", func() {
 			TestMainlineCanaryDistribution(f, host)
 		})
 	})
-
 })
 
 // This method assumes canary weight being configured at 50%.
@@ -1407,12 +1406,12 @@ func TestMainlineCanaryDistribution(f *framework.Framework, host string) {
 
 	assert.GreaterOrEqual(
 		ginkgo.GinkgoT(),
-		int(replicaRequestCount[keys[0].String()]),
+		replicaRequestCount[keys[0].String()],
 		requestsNumberToTest,
 	)
 	assert.GreaterOrEqual(
 		ginkgo.GinkgoT(),
-		int(replicaRequestCount[keys[1].String()]),
+		replicaRequestCount[keys[1].String()],
 		requestsNumberToTest,
 	)
 }

test/e2e/annotations/clientbodybuffersize.go

@@ -25,6 +25,8 @@ import (
 	"k8s.io/ingress-nginx/test/e2e/framework"
 )
 
+const clientBodyBufferSizeHost = "client-body-buffer-size.com"
+
 var _ = framework.DescribeAnnotation("client-body-buffer-size", func() {
 	f := framework.NewDefaultFramework("clientbodybuffersize")
 
@@ -33,7 +35,7 @@ var _ = framework.DescribeAnnotation("client-body-buffer-size", func() {
 	})
 
 	ginkgo.It("should set client_body_buffer_size to 1000", func() {
-		host := "client-body-buffer-size.com"
+		host := clientBodyBufferSizeHost
 
 		clientBodyBufferSize := "1000"
 		annotations := make(map[string]string)
@@ -55,7 +57,7 @@ var _ = framework.DescribeAnnotation("client-body-buffer-size", func() {
 	})
 
 	ginkgo.It("should set client_body_buffer_size to 1K", func() {
-		host := "client-body-buffer-size.com"
+		host := clientBodyBufferSizeHost
 
 		clientBodyBufferSize := "1K"
 		annotations := make(map[string]string)
@@ -77,7 +79,7 @@ var _ = framework.DescribeAnnotation("client-body-buffer-size", func() {
 	})
 
 	ginkgo.It("should set client_body_buffer_size to 1k", func() {
-		host := "client-body-buffer-size.com"
+		host := clientBodyBufferSizeHost
 
 		clientBodyBufferSize := "1k"
 		annotations := make(map[string]string)
@@ -99,7 +101,7 @@ var _ = framework.DescribeAnnotation("client-body-buffer-size", func() {
 	})
 
 	ginkgo.It("should set client_body_buffer_size to 1m", func() {
-		host := "client-body-buffer-size.com"
+		host := clientBodyBufferSizeHost
 
 		clientBodyBufferSize := "1m"
 		annotations := make(map[string]string)
@@ -121,7 +123,7 @@ var _ = framework.DescribeAnnotation("client-body-buffer-size", func() {
 	})
 
 	ginkgo.It("should set client_body_buffer_size to 1M", func() {
-		host := "client-body-buffer-size.com"
+		host := clientBodyBufferSizeHost
 
 		clientBodyBufferSize := "1M"
 		annotations := make(map[string]string)
@@ -143,7 +145,7 @@ var _ = framework.DescribeAnnotation("client-body-buffer-size", func() {
 	})
 
 	ginkgo.It("should not set client_body_buffer_size to invalid 1b", func() {
-		host := "client-body-buffer-size.com"
+		host := clientBodyBufferSizeHost
 
 		clientBodyBufferSize := "1b"
 		annotations := make(map[string]string)

test/e2e/annotations/cors.go

@@ -25,6 +25,11 @@ import (
 	"k8s.io/ingress-nginx/test/e2e/framework"
 )
 
+const (
+	originHost = "http://origin.com:8080"
+	corsHost   = "cors.foo.com"
+)
+
 var _ = framework.DescribeAnnotation("cors-*", func() {
 	f := framework.NewDefaultFramework("cors")
 
@@ -33,7 +38,7 @@ var _ = framework.DescribeAnnotation("cors-*", func() {
 	})
 
 	ginkgo.It("should enable cors", func() {
-		host := "cors.foo.com"
+		host := corsHost
 		annotations := map[string]string{
 			"nginx.ingress.kubernetes.io/enable-cors": "true",
 		}
@@ -60,7 +65,7 @@ var _ = framework.DescribeAnnotation("cors-*", func() {
 	})
 
 	ginkgo.It("should set cors methods to only allow POST, GET", func() {
-		host := "cors.foo.com"
+		host := corsHost
 		annotations := map[string]string{
 			"nginx.ingress.kubernetes.io/enable-cors":        "true",
 			"nginx.ingress.kubernetes.io/cors-allow-methods": "POST, GET",
@@ -76,7 +81,7 @@ var _ = framework.DescribeAnnotation("cors-*", func() {
 	})
 
 	ginkgo.It("should set cors max-age", func() {
-		host := "cors.foo.com"
+		host := corsHost
 		annotations := map[string]string{
 			"nginx.ingress.kubernetes.io/enable-cors":  "true",
 			"nginx.ingress.kubernetes.io/cors-max-age": "200",
@@ -92,7 +97,7 @@ var _ = framework.DescribeAnnotation("cors-*", func() {
 	})
 
 	ginkgo.It("should disable cors allow credentials", func() {
-		host := "cors.foo.com"
+		host := corsHost
 		annotations := map[string]string{
 			"nginx.ingress.kubernetes.io/enable-cors":            "true",
 			"nginx.ingress.kubernetes.io/cors-allow-credentials": "false",
@@ -108,7 +113,7 @@ var _ = framework.DescribeAnnotation("cors-*", func() {
 	})
 
 	ginkgo.It("should allow origin for cors", func() {
-		host := "cors.foo.com"
+		host := corsHost
 		origin := "https://origin.cors.com:8080"
 		annotations := map[string]string{
 			"nginx.ingress.kubernetes.io/enable-cors":       "true",
@@ -135,7 +140,7 @@ var _ = framework.DescribeAnnotation("cors-*", func() {
 	})
 
 	ginkgo.It("should allow headers for cors", func() {
-		host := "cors.foo.com"
+		host := corsHost
 		annotations := map[string]string{
 			"nginx.ingress.kubernetes.io/enable-cors":        "true",
 			"nginx.ingress.kubernetes.io/cors-allow-headers": "DNT, User-Agent",
@@ -151,7 +156,7 @@ var _ = framework.DescribeAnnotation("cors-*", func() {
 	})
 
 	ginkgo.It("should expose headers for cors", func() {
-		host := "cors.foo.com"
+		host := corsHost
 		annotations := map[string]string{
 			"nginx.ingress.kubernetes.io/enable-cors":         "true",
 			"nginx.ingress.kubernetes.io/cors-expose-headers": "X-CustomResponseHeader, X-CustomSecondHeader",
@@ -167,7 +172,7 @@ var _ = framework.DescribeAnnotation("cors-*", func() {
 	})
 
 	ginkgo.It("should allow - single origin for multiple cors values", func() {
-		host := "cors.foo.com"
+		host := corsHost
 		origin := "https://origin.cors.com:8080"
 		annotations := map[string]string{
 			"nginx.ingress.kubernetes.io/enable-cors":       "true",
@@ -194,7 +199,7 @@ var _ = framework.DescribeAnnotation("cors-*", func() {
 	})
 
 	ginkgo.It("should not allow - single origin for multiple cors values", func() {
-		host := "cors.foo.com"
+		host := corsHost
 		origin := "http://no.origin.com"
 		annotations := map[string]string{
 			"nginx.ingress.kubernetes.io/enable-cors":       "true",
@@ -214,7 +219,7 @@ var _ = framework.DescribeAnnotation("cors-*", func() {
 	})
 
 	ginkgo.It("should allow correct origins - single origin for multiple cors values", func() {
-		host := "cors.foo.com"
+		host := corsHost
 		badOrigin := "origin.cors.com:8080"
 		origin1 := "https://origin2.cors.com"
 		origin2 := "https://origin.com"
@@ -265,7 +270,7 @@ var _ = framework.DescribeAnnotation("cors-*", func() {
 	})
 
 	ginkgo.It("should not break functionality", func() {
-		host := "cors.foo.com"
+		host := corsHost
 		annotations := map[string]string{
 			"nginx.ingress.kubernetes.io/enable-cors":       "true",
 			"nginx.ingress.kubernetes.io/cors-allow-origin": "*",
@@ -289,7 +294,7 @@ var _ = framework.DescribeAnnotation("cors-*", func() {
 	})
 
 	ginkgo.It("should not break functionality - without `*`", func() {
-		host := "cors.foo.com"
+		host := corsHost
 		annotations := map[string]string{
 			"nginx.ingress.kubernetes.io/enable-cors": "true",
 		}
@@ -312,7 +317,7 @@ var _ = framework.DescribeAnnotation("cors-*", func() {
 	})
 
 	ginkgo.It("should not break functionality with extra domain", func() {
-		host := "cors.foo.com"
+		host := corsHost
 		annotations := map[string]string{
 			"nginx.ingress.kubernetes.io/enable-cors":       "true",
 			"nginx.ingress.kubernetes.io/cors-allow-origin": "*, foo.bar.com",
@@ -336,7 +341,7 @@ var _ = framework.DescribeAnnotation("cors-*", func() {
 	})
 
 	ginkgo.It("should not match", func() {
-		host := "cors.foo.com"
+		host := corsHost
 		origin := "https://fooxbar.com"
 		annotations := map[string]string{
 			"nginx.ingress.kubernetes.io/enable-cors":       "true",
@@ -356,8 +361,8 @@ var _ = framework.DescribeAnnotation("cors-*", func() {
 	})
 
 	ginkgo.It("should allow - single origin with required port", func() {
-		host := "cors.foo.com"
-		origin := "http://origin.com:8080"
+		host := corsHost
+		origin := originHost
 		annotations := map[string]string{
 			"nginx.ingress.kubernetes.io/enable-cors":       "true",
 			"nginx.ingress.kubernetes.io/cors-allow-origin": "http://origin.cors.com:8080, http://origin.com:8080",
@@ -384,8 +389,8 @@ var _ = framework.DescribeAnnotation("cors-*", func() {
 	})
 
 	ginkgo.It("should not allow - single origin with port and origin without port", func() {
-		host := "cors.foo.com"
-		origin := "http://origin.com:8080"
+		host := corsHost
+		origin := originHost
 		annotations := map[string]string{
 			"nginx.ingress.kubernetes.io/enable-cors":       "true",
 			"nginx.ingress.kubernetes.io/cors-allow-origin": "https://origin2.cors.com, http://origin.com",
@@ -403,7 +408,7 @@ var _ = framework.DescribeAnnotation("cors-*", func() {
 	})
 
 	ginkgo.It("should not allow - single origin without port and origin with required port", func() {
-		host := "cors.foo.com"
+		host := corsHost
 		origin := "http://origin.com"
 		annotations := map[string]string{
 			"nginx.ingress.kubernetes.io/enable-cors":       "true",
@@ -423,7 +428,7 @@ var _ = framework.DescribeAnnotation("cors-*", func() {
 	})
 
 	ginkgo.It("should allow - matching origin with wildcard origin (2 subdomains)", func() {
-		host := "cors.foo.com"
+		host := corsHost
 		origin := "http://foo.origin.cors.com"
 		origin2 := "http://bar-foo.origin.cors.com"
 		annotations := map[string]string{
@@ -466,7 +471,7 @@ var _ = framework.DescribeAnnotation("cors-*", func() {
 	})
 
 	ginkgo.It("should not allow - unmatching origin with wildcard origin (2 subdomains)", func() {
-		host := "cors.foo.com"
+		host := corsHost
 		origin := "http://bar.foo.origin.cors.com"
 		annotations := map[string]string{
 			"nginx.ingress.kubernetes.io/enable-cors":       "true",
@@ -486,7 +491,7 @@ var _ = framework.DescribeAnnotation("cors-*", func() {
 	})
 
 	ginkgo.It("should allow - matching origin+port with wildcard origin", func() {
-		host := "cors.foo.com"
+		host := corsHost
 		origin := "http://abc.origin.com:8080"
 		annotations := map[string]string{
 			"nginx.ingress.kubernetes.io/enable-cors":       "true",
@@ -513,7 +518,7 @@ var _ = framework.DescribeAnnotation("cors-*", func() {
 	})
 
 	ginkgo.It("should not allow - portless origin with wildcard origin", func() {
-		host := "cors.foo.com"
+		host := corsHost
 		origin := "http://abc.origin.com"
 		annotations := map[string]string{
 			"nginx.ingress.kubernetes.io/enable-cors":       "true",
@@ -533,8 +538,8 @@ var _ = framework.DescribeAnnotation("cors-*", func() {
 	})
 
 	ginkgo.It("should allow correct origins - missing subdomain + origin with wildcard origin and correct origin", func() {
-		host := "cors.foo.com"
-		badOrigin := "http://origin.com:8080"
+		host := corsHost
+		badOrigin := originHost
 		origin := "http://bar.origin.com:8080"
 		annotations := map[string]string{
 			"nginx.ingress.kubernetes.io/enable-cors":       "true",
@@ -569,7 +574,7 @@ var _ = framework.DescribeAnnotation("cors-*", func() {
 	})
 
 	ginkgo.It("should allow - missing origins (should allow all origins)", func() {
-		host := "cors.foo.com"
+		host := corsHost
 		origin := "http://origin.com"
 		origin2 := "http://book.origin.com"
 		origin3 := "test.origin.com"

test/e2e/annotations/customhttperrors.go

@@ -27,7 +27,7 @@ import (
 	"k8s.io/ingress-nginx/test/e2e/framework"
 )
 
-func errorBlockName(upstreamName string, errorCode string) string {
+func errorBlockName(upstreamName, errorCode string) string {
 	return fmt.Sprintf("@custom_%s_%s", upstreamName, errorCode)
 }
 

test/e2e/annotations/default_backend.go

@@ -48,18 +48,18 @@ var _ = framework.DescribeAnnotation("default-backend", func() {
 					return strings.Contains(server, fmt.Sprintf("server_name %v", host))
 				})
 
-			requestId := "something-unique"
+			requestID := "something-unique"
 
 			f.HTTPTestClient().
 				GET("/alma/armud").
 				WithHeader("Host", host).
-				WithHeader("x-request-id", requestId).
+				WithHeader("x-request-id", requestID).
 				Expect().
 				Status(http.StatusOK).
 				Body().Contains("x-code=503").
 				Contains(fmt.Sprintf("x-ingress-name=%s", host)).
 				Contains("x-service-name=invalid").
-				Contains(fmt.Sprintf("x-request-id=%s", requestId))
+				Contains(fmt.Sprintf("x-request-id=%s", requestID))
 		})
 	})
 })

test/e2e/annotations/fromtowwwredirect.go

@@ -90,7 +90,7 @@ var _ = framework.DescribeAnnotation("from-to-www-redirect", func() {
 
 		ginkgo.By("sending request to www should redirect to domain")
 		f.HTTPTestClientWithTLSConfig(&tls.Config{
-			InsecureSkipVerify: true,
+			InsecureSkipVerify: true, //nolint:gosec // Ignore the gosec error in testing
 			ServerName:         toHost,
 		}).
 			GET("/").
@@ -102,7 +102,7 @@ var _ = framework.DescribeAnnotation("from-to-www-redirect", func() {
 
 		ginkgo.By("sending request to domain should not redirect to www")
 		f.HTTPTestClientWithTLSConfig(&tls.Config{
-			InsecureSkipVerify: true,
+			InsecureSkipVerify: true, //nolint:gosec // Ignore the gosec error in testing
 			ServerName:         fromHost,
 		}).
 			GET("/").

test/e2e/annotations/globalratelimit.go

@@ -47,7 +47,7 @@ var _ = framework.DescribeAnnotation("annotation-global-rate-limit", func() {
 
 		ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations)
 		ing = f.EnsureIngress(ing)
-		namespace := strings.Replace(string(ing.UID), "-", "", -1)
+		namespace := strings.ReplaceAll(string(ing.UID), "-", "")
 
 		serverConfig := ""
 		f.WaitForNginxServer(host, func(server string) bool {

test/e2e/annotations/grpc.go

@@ -17,12 +17,11 @@ limitations under the License.
 package annotations
 
 import (
+	"context"
 	"crypto/tls"
 	"fmt"
 	"strings"
 
-	"context"
-
 	pb "github.com/moul/pb/grpcbin/go-grpc"
 	"github.com/onsi/ginkgo/v2"
 	"github.com/stretchr/testify/assert"
@@ -36,6 +35,8 @@ import (
 	"k8s.io/ingress-nginx/test/e2e/framework"
 )
 
+const echoHost = "echo"
+
 var _ = framework.DescribeAnnotation("backend-protocol - GRPC", func() {
 	f := framework.NewDefaultFramework("grpc", framework.WithHTTPBunEnabled())
 
@@ -67,7 +68,7 @@ var _ = framework.DescribeAnnotation("backend-protocol - GRPC", func() {
 	ginkgo.It("should return OK for service with backend protocol GRPC", func() {
 		f.NewGRPCBinDeployment()
 
-		host := "echo"
+		host := echoHost
 
 		svc := &corev1.Service{
 			ObjectMeta: metav1.ObjectMeta{
@@ -102,14 +103,15 @@ var _ = framework.DescribeAnnotation("backend-protocol - GRPC", func() {
 				return strings.Contains(server, "grpc_pass grpc://upstream_balancer;")
 			})
 
-		conn, _ := grpc.Dial(f.GetNginxIP()+":443",
+		conn, err := grpc.Dial(f.GetNginxIP()+":443",
 			grpc.WithTransportCredentials(
 				credentials.NewTLS(&tls.Config{
-					ServerName:         "echo",
-					InsecureSkipVerify: true,
+					ServerName:         echoHost,
+					InsecureSkipVerify: true, //nolint:gosec // Ignore certificate validation in testing
 				}),
 			),
 		)
+		assert.Nil(ginkgo.GinkgoT(), err, "error creating a connection")
 		defer conn.Close()
 
 		client := pb.NewGRPCBinClient(conn)
@@ -125,7 +127,7 @@ var _ = framework.DescribeAnnotation("backend-protocol - GRPC", func() {
 
 	ginkgo.It("authorization metadata should be overwritten by external auth response headers", func() {
 		f.NewGRPCBinDeployment()
-		host := "echo"
+		host := echoHost
 
 		svc := &corev1.Service{
 			ObjectMeta: metav1.ObjectMeta{
@@ -162,14 +164,15 @@ var _ = framework.DescribeAnnotation("backend-protocol - GRPC", func() {
 				return strings.Contains(server, "grpc_pass grpc://upstream_balancer;")
 			})
 
-		conn, _ := grpc.Dial(f.GetNginxIP()+":443",
+		conn, err := grpc.Dial(f.GetNginxIP()+":443",
 			grpc.WithTransportCredentials(
 				credentials.NewTLS(&tls.Config{
-					ServerName:         "echo",
-					InsecureSkipVerify: true,
+					ServerName:         echoHost,
+					InsecureSkipVerify: true, //nolint:gosec // Ignore certificate validation in testing
 				}),
 			),
 		)
+		assert.Nil(ginkgo.GinkgoT(), err)
 		defer conn.Close()
 
 		client := pb.NewGRPCBinClient(conn)
@@ -180,13 +183,13 @@ var _ = framework.DescribeAnnotation("backend-protocol - GRPC", func() {
 		assert.Nil(ginkgo.GinkgoT(), err)
 
 		metadata := res.GetMetadata()
-		assert.Equal(ginkgo.GinkgoT(), "foo", metadata["authorization"].Values[0])
+		assert.Equal(ginkgo.GinkgoT(), fooHost, metadata["authorization"].Values[0])
 	})
 
 	ginkgo.It("should return OK for service with backend protocol GRPCS", func() {
 		f.NewGRPCBinDeployment()
 
-		host := "echo"
+		host := echoHost
 
 		svc := &corev1.Service{
 			ObjectMeta: metav1.ObjectMeta{
@@ -226,14 +229,15 @@ var _ = framework.DescribeAnnotation("backend-protocol - GRPC", func() {
 				return strings.Contains(server, "grpc_pass grpcs://upstream_balancer;")
 			})
 
-		conn, _ := grpc.Dial(f.GetNginxIP()+":443",
+		conn, err := grpc.Dial(f.GetNginxIP()+":443",
 			grpc.WithTransportCredentials(
 				credentials.NewTLS(&tls.Config{
-					ServerName:         "echo",
-					InsecureSkipVerify: true,
+					ServerName:         echoHost,
+					InsecureSkipVerify: true, //nolint:gosec // Ignore the gosec error in testing
 				}),
 			),
 		)
+		assert.Nil(ginkgo.GinkgoT(), err)
 		defer conn.Close()
 
 		client := pb.NewGRPCBinClient(conn)

test/e2e/annotations/modsecurity/modsecurity.go

@@ -25,6 +25,17 @@ import (
 	"k8s.io/ingress-nginx/test/e2e/framework"
 )
 
+const (
+	modSecurityFooHost = "modsecurity.foo.com"
+	defaultSnippet     = `SecRuleEngine On
+		SecRequestBodyAccess On
+		SecAuditEngine RelevantOnly
+		SecAuditLogParts ABIJDEFHZ
+		SecAuditLog /dev/stdout
+		SecAuditLogType Serial
+		SecRule REQUEST_HEADERS:User-Agent \"block-ua\" \"log,deny,id:107,status:403,msg:\'UA blocked\'\"`
+)
+
 var _ = framework.DescribeAnnotation("modsecurity owasp", func() {
 	f := framework.NewDefaultFramework("modsecuritylocation")
 
@@ -33,7 +44,7 @@ var _ = framework.DescribeAnnotation("modsecurity owasp", func() {
 	})
 
 	ginkgo.It("should enable modsecurity", func() {
-		host := "modsecurity.foo.com"
+		host := modSecurityFooHost
 		nameSpace := f.Namespace
 
 		annotations := map[string]string{
@@ -51,7 +62,7 @@ var _ = framework.DescribeAnnotation("modsecurity owasp", func() {
 	})
 
 	ginkgo.It("should enable modsecurity with transaction ID and OWASP rules", func() {
-		host := "modsecurity.foo.com"
+		host := modSecurityFooHost
 		nameSpace := f.Namespace
 
 		annotations := map[string]string{
@@ -72,7 +83,7 @@ var _ = framework.DescribeAnnotation("modsecurity owasp", func() {
 	})
 
 	ginkgo.It("should disable modsecurity", func() {
-		host := "modsecurity.foo.com"
+		host := modSecurityFooHost
 		nameSpace := f.Namespace
 
 		annotations := map[string]string{
@@ -89,7 +100,7 @@ var _ = framework.DescribeAnnotation("modsecurity owasp", func() {
 	})
 
 	ginkgo.It("should enable modsecurity with snippet", func() {
-		host := "modsecurity.foo.com"
+		host := modSecurityFooHost
 		nameSpace := f.Namespace
 
 		annotations := map[string]string{
@@ -109,10 +120,11 @@ var _ = framework.DescribeAnnotation("modsecurity owasp", func() {
 
 	ginkgo.It("should enable modsecurity without using 'modsecurity on;'", func() {
 		f.SetNginxConfigMapData(map[string]string{
-			"enable-modsecurity": "true"},
+			"enable-modsecurity": "true",
+		},
 		)
 
-		host := "modsecurity.foo.com"
+		host := modSecurityFooHost
 		nameSpace := f.Namespace
 
 		annotations := map[string]string{
@@ -131,10 +143,11 @@ var _ = framework.DescribeAnnotation("modsecurity owasp", func() {
 
 	ginkgo.It("should disable modsecurity using 'modsecurity off;'", func() {
 		f.SetNginxConfigMapData(map[string]string{
-			"enable-modsecurity": "true"},
+			"enable-modsecurity": "true",
+		},
 		)
 
-		host := "modsecurity.foo.com"
+		host := modSecurityFooHost
 		nameSpace := f.Namespace
 
 		annotations := map[string]string{
@@ -151,16 +164,10 @@ var _ = framework.DescribeAnnotation("modsecurity owasp", func() {
 	})
 
 	ginkgo.It("should enable modsecurity with snippet and block requests", func() {
-		host := "modsecurity.foo.com"
+		host := modSecurityFooHost
 		nameSpace := f.Namespace
 
-		snippet := `SecRuleEngine On
-		SecRequestBodyAccess On
-		SecAuditEngine RelevantOnly
-		SecAuditLogParts ABIJDEFHZ
-		SecAuditLog /dev/stdout
-		SecAuditLogType Serial
-		SecRule REQUEST_HEADERS:User-Agent \"block-ua\" \"log,deny,id:107,status:403,msg:\'UA blocked\'\"`
+		snippet := defaultSnippet
 
 		annotations := map[string]string{
 			"nginx.ingress.kubernetes.io/enable-modsecurity":  "true",
@@ -187,16 +194,10 @@ var _ = framework.DescribeAnnotation("modsecurity owasp", func() {
 	})
 
 	ginkgo.It("should enable modsecurity globally and with modsecurity-snippet block requests", func() {
-		host := "modsecurity.foo.com"
+		host := modSecurityFooHost
 		nameSpace := f.Namespace
 
-		snippet := `SecRuleEngine On
-		SecRequestBodyAccess On
-		SecAuditEngine RelevantOnly
-		SecAuditLogParts ABIJDEFHZ
-		SecAuditLog /dev/stdout
-		SecAuditLogType Serial
-		SecRule REQUEST_HEADERS:User-Agent \"block-ua\" \"log,deny,id:107,status:403,msg:\'UA blocked\'\"`
+		snippet := defaultSnippet
 
 		annotations := map[string]string{
 			"nginx.ingress.kubernetes.io/modsecurity-snippet": snippet,
@@ -223,16 +224,10 @@ var _ = framework.DescribeAnnotation("modsecurity owasp", func() {
 	})
 
 	ginkgo.It("should enable modsecurity when enable-owasp-modsecurity-crs is set to true", func() {
-		host := "modsecurity.foo.com"
+		host := modSecurityFooHost
 		nameSpace := f.Namespace
 
-		snippet := `SecRuleEngine On
-		SecRequestBodyAccess On
-		SecAuditEngine RelevantOnly
-		SecAuditLogParts ABIJDEFHZ
-		SecAuditLog /dev/stdout
-		SecAuditLogType Serial
-		SecRule REQUEST_HEADERS:User-Agent \"block-ua\" \"log,deny,id:107,status:403,msg:\'UA blocked\'\"`
+		snippet := defaultSnippet
 
 		annotations := map[string]string{
 			"nginx.ingress.kubernetes.io/modsecurity-snippet": snippet,
@@ -262,7 +257,7 @@ var _ = framework.DescribeAnnotation("modsecurity owasp", func() {
 	})
 
 	ginkgo.It("should enable modsecurity through the config map", func() {
-		host := "modsecurity.foo.com"
+		host := modSecurityFooHost
 		nameSpace := f.Namespace
 
 		snippet := `SecRequestBodyAccess On
@@ -303,7 +298,7 @@ var _ = framework.DescribeAnnotation("modsecurity owasp", func() {
 	})
 
 	ginkgo.It("should enable modsecurity through the config map but ignore snippet as disabled by admin", func() {
-		host := "modsecurity.foo.com"
+		host := modSecurityFooHost
 		nameSpace := f.Namespace
 
 		snippet := `SecRequestBodyAccess On
@@ -345,7 +340,7 @@ var _ = framework.DescribeAnnotation("modsecurity owasp", func() {
 	})
 
 	ginkgo.It("should disable default modsecurity conf setting when modsecurity-snippet is specified", func() {
-		host := "modsecurity.foo.com"
+		host := modSecurityFooHost
 		nameSpace := f.Namespace
 
 		snippet := `SecRuleEngine On

test/e2e/annotations/proxy.go

@@ -25,6 +25,8 @@ import (
 	"k8s.io/ingress-nginx/test/e2e/framework"
 )
 
+const proxyRedirectToHost = "goodbye.com"
+
 var _ = framework.DescribeAnnotation("proxy-*", func() {
 	f := framework.NewDefaultFramework("proxy")
 	host := "proxy.foo.com"
@@ -38,7 +40,7 @@ var _ = framework.DescribeAnnotation("proxy-*", func() {
 
 		annotations := make(map[string]string)
 		annotations["nginx.ingress.kubernetes.io/proxy-redirect-from"] = proxyRedirectFrom
-		annotations["nginx.ingress.kubernetes.io/proxy-redirect-to"] = "goodbye.com"
+		annotations["nginx.ingress.kubernetes.io/proxy-redirect-to"] = proxyRedirectToHost
 
 		ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations)
 		f.EnsureIngress(ing)
@@ -54,7 +56,7 @@ var _ = framework.DescribeAnnotation("proxy-*", func() {
 
 		annotations := make(map[string]string)
 		annotations["nginx.ingress.kubernetes.io/proxy-redirect-from"] = proxyRedirectFrom
-		annotations["nginx.ingress.kubernetes.io/proxy-redirect-to"] = "goodbye.com"
+		annotations["nginx.ingress.kubernetes.io/proxy-redirect-to"] = proxyRedirectToHost
 
 		ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations)
 		f.EnsureIngress(ing)
@@ -67,7 +69,7 @@ var _ = framework.DescribeAnnotation("proxy-*", func() {
 
 	ginkgo.It("should set proxy_redirect to hello.com goodbye.com", func() {
 		proxyRedirectFrom := "hello.com"
-		proxyRedirectTo := "goodbye.com"
+		proxyRedirectTo := proxyRedirectToHost
 
 		annotations := make(map[string]string)
 		annotations["nginx.ingress.kubernetes.io/proxy-redirect-from"] = proxyRedirectFrom
@@ -244,5 +246,4 @@ var _ = framework.DescribeAnnotation("proxy-*", func() {
 				return strings.Contains(server, fmt.Sprintf("proxy_http_version %s;", proxyHTTPVersion))
 			})
 	})
-
 })

test/e2e/annotations/proxyssl.go

@@ -27,6 +27,8 @@ import (
 	"k8s.io/ingress-nginx/test/e2e/framework"
 )
 
+const proxySSLHost = "proxyssl.foo.com"
+
 var _ = framework.DescribeAnnotation("proxy-ssl-*", func() {
 	f := framework.NewDefaultFramework("proxyssl")
 
@@ -35,7 +37,7 @@ var _ = framework.DescribeAnnotation("proxy-ssl-*", func() {
 	})
 
 	ginkgo.It("should set valid proxy-ssl-secret", func() {
-		host := "proxyssl.foo.com"
+		host := proxySSLHost
 		annotations := make(map[string]string)
 		annotations["nginx.ingress.kubernetes.io/proxy-ssl-secret"] = f.Namespace + "/" + host
 
@@ -62,7 +64,7 @@ var _ = framework.DescribeAnnotation("proxy-ssl-*", func() {
 	})
 
 	ginkgo.It("should set valid proxy-ssl-secret, proxy-ssl-verify to on, proxy-ssl-verify-depth to 2, and proxy-ssl-server-name to on", func() {
-		host := "proxyssl.foo.com"
+		host := proxySSLHost
 		annotations := make(map[string]string)
 		annotations["nginx.ingress.kubernetes.io/proxy-ssl-secret"] = f.Namespace + "/" + host
 		annotations["nginx.ingress.kubernetes.io/proxy-ssl-verify"] = "on"
@@ -90,9 +92,9 @@ var _ = framework.DescribeAnnotation("proxy-ssl-*", func() {
 			Expect().
 			Status(http.StatusOK)
 	})
-
+	//nolint:dupl // Ignore dupl errors for similar test case
 	ginkgo.It("should set valid proxy-ssl-secret, proxy-ssl-ciphers to HIGH:!AES", func() {
-		host := "proxyssl.foo.com"
+		host := proxySSLHost
 		annotations := make(map[string]string)
 		annotations["nginx.ingress.kubernetes.io/proxy-ssl-secret"] = f.Namespace + "/" + host
 		annotations["nginx.ingress.kubernetes.io/proxy-ssl-ciphers"] = "HIGH:!AES"
@@ -118,9 +120,9 @@ var _ = framework.DescribeAnnotation("proxy-ssl-*", func() {
 			Expect().
 			Status(http.StatusOK)
 	})
-
+	//nolint:dupl // Ignore dupl errors for similar test case
 	ginkgo.It("should set valid proxy-ssl-secret, proxy-ssl-protocols", func() {
-		host := "proxyssl.foo.com"
+		host := proxySSLHost
 		annotations := make(map[string]string)
 		annotations["nginx.ingress.kubernetes.io/proxy-ssl-secret"] = f.Namespace + "/" + host
 		annotations["nginx.ingress.kubernetes.io/proxy-ssl-protocols"] = "TLSv1.2 TLSv1.3"
@@ -195,7 +197,6 @@ var _ = framework.DescribeAnnotation("proxy-ssl-*", func() {
 				strings.Contains(server, "proxy_ssl_certificate_key"))
 		})
 	})
-
 })
 
 func assertProxySSL(f *framework.Framework, host, sslName, ciphers, protocols, verify string, depth int, proxySSLServerName string) {

test/e2e/annotations/rewrite.go

@@ -27,6 +27,8 @@ import (
 	"k8s.io/ingress-nginx/test/e2e/framework"
 )
 
+const rewriteHost = "rewrite.bar.com"
+
 var _ = framework.DescribeAnnotation("rewrite-target use-regex enable-rewrite-log", func() {
 	f := framework.NewDefaultFramework("rewrite")
 
@@ -37,7 +39,7 @@ var _ = framework.DescribeAnnotation("rewrite-target use-regex enable-rewrite-lo
 	ginkgo.It("should write rewrite logs", func() {
 		ginkgo.By("setting enable-rewrite-log annotation")
 
-		host := "rewrite.bar.com"
+		host := rewriteHost
 		annotations := map[string]string{
 			"nginx.ingress.kubernetes.io/rewrite-target":     "/",
 			"nginx.ingress.kubernetes.io/enable-rewrite-log": "true",
@@ -64,7 +66,7 @@ var _ = framework.DescribeAnnotation("rewrite-target use-regex enable-rewrite-lo
 	})
 
 	ginkgo.It("should use correct longest path match", func() {
-		host := "rewrite.bar.com"
+		host := rewriteHost
 
 		ginkgo.By("creating a regular ingress definition")
 		ing := framework.NewSingleIngress("kube-lego", "/.well-known/acme/challenge", host, f.Namespace, framework.EchoService, 80, nil)
@@ -109,10 +111,10 @@ var _ = framework.DescribeAnnotation("rewrite-target use-regex enable-rewrite-lo
 	})
 
 	ginkgo.It("should use ~* location modifier if regex annotation is present", func() {
-		host := "rewrite.bar.com"
+		host := rewriteHost
 
 		ginkgo.By("creating a regular ingress definition")
-		ing := framework.NewSingleIngress("foo", "/foo", host, f.Namespace, framework.EchoService, 80, nil)
+		ing := framework.NewSingleIngress(fooHost, "/foo", host, f.Namespace, framework.EchoService, 80, nil)
 		f.EnsureIngress(ing)
 
 		f.WaitForNginxServer(host,
@@ -156,10 +158,10 @@ var _ = framework.DescribeAnnotation("rewrite-target use-regex enable-rewrite-lo
 	})
 
 	ginkgo.It("should fail to use longest match for documented warning", func() {
-		host := "rewrite.bar.com"
+		host := rewriteHost
 
 		ginkgo.By("creating a regular ingress definition")
-		ing := framework.NewSingleIngress("foo", "/foo/bar/bar", host, f.Namespace, framework.EchoService, 80, nil)
+		ing := framework.NewSingleIngress(fooHost, "/foo/bar/bar", host, f.Namespace, framework.EchoService, 80, nil)
 		f.EnsureIngress(ing)
 
 		ginkgo.By(`creating an ingress definition with the use-regex annotation`)
@@ -188,7 +190,7 @@ var _ = framework.DescribeAnnotation("rewrite-target use-regex enable-rewrite-lo
 	})
 
 	ginkgo.It("should allow for custom rewrite parameters", func() {
-		host := "rewrite.bar.com"
+		host := rewriteHost
 
 		ginkgo.By(`creating an ingress definition with the use-regex annotation`)
 		annotations := map[string]string{

test/e2e/annotations/serversnippet.go

@@ -89,6 +89,5 @@ var _ = framework.DescribeAnnotation("server-snippet", func() {
 			Status(http.StatusOK).Headers().
 			NotContainsKey("Foo").
 			NotContainsKey("Xpto")
-
 	})
 })

test/e2e/annotations/serviceupstream.go

@@ -27,6 +27,8 @@ import (
 	"k8s.io/ingress-nginx/test/e2e/framework"
 )
 
+const dbgCmd = "/dbg backends all"
+
 var _ = framework.DescribeAnnotation("service-upstream", func() {
 	f := framework.NewDefaultFramework("serviceupstream")
 	host := "serviceupstream"
@@ -57,10 +59,9 @@ var _ = framework.DescribeAnnotation("service-upstream", func() {
 
 			ginkgo.By("checking if the Service Cluster IP and Port are used")
 			s := f.GetService(f.Namespace, framework.EchoService)
-			dbgCmd := "/dbg backends all"
 			output, err := f.ExecIngressPod(dbgCmd)
 			assert.Nil(ginkgo.GinkgoT(), err)
-			assert.Contains(ginkgo.GinkgoT(), output, fmt.Sprintf(`"address": "%s"`, s.Spec.ClusterIP))
+			assert.Contains(ginkgo.GinkgoT(), output, fmt.Sprintf(`"address": %q`, s.Spec.ClusterIP))
 		})
 	})
 
@@ -86,10 +87,9 @@ var _ = framework.DescribeAnnotation("service-upstream", func() {
 
 			ginkgo.By("checking if the Service Cluster IP and Port are used")
 			s := f.GetService(f.Namespace, framework.EchoService)
-			dbgCmd := "/dbg backends all"
 			output, err := f.ExecIngressPod(dbgCmd)
 			assert.Nil(ginkgo.GinkgoT(), err)
-			assert.Contains(ginkgo.GinkgoT(), output, fmt.Sprintf(`"address": "%s"`, s.Spec.ClusterIP))
+			assert.Contains(ginkgo.GinkgoT(), output, fmt.Sprintf(`"address": %q`, s.Spec.ClusterIP))
 		})
 	})
 
@@ -117,10 +117,9 @@ var _ = framework.DescribeAnnotation("service-upstream", func() {
 
 			ginkgo.By("checking if the Service Cluster IP and Port are not used")
 			s := f.GetService(f.Namespace, framework.EchoService)
-			dbgCmd := "/dbg backends all"
 			output, err := f.ExecIngressPod(dbgCmd)
 			assert.Nil(ginkgo.GinkgoT(), err)
-			assert.NotContains(ginkgo.GinkgoT(), output, fmt.Sprintf(`"address": "%s"`, s.Spec.ClusterIP))
+			assert.NotContains(ginkgo.GinkgoT(), output, fmt.Sprintf(`"address": %q`, s.Spec.ClusterIP))
 		})
 	})
 })

test/e2e/annotations/upstreamhashby.go

@@ -39,12 +39,13 @@ func startIngress(f *framework.Framework, annotations map[string]string) map[str
 			return strings.Contains(server, fmt.Sprintf("server_name %s ;", host))
 		})
 
+	//nolint:staticcheck // TODO: will replace it since wait.Poll is deprecated
 	err := wait.Poll(framework.Poll, framework.DefaultTimeout, func() (bool, error) {
-
 		resp := f.HTTPTestClient().
 			GET("/").
 			WithHeader("Host", host).
 			Expect().Raw()
+		defer resp.Body.Close()
 
 		if resp.StatusCode == http.StatusOK {
 			return true, nil
@@ -55,7 +56,9 @@ func startIngress(f *framework.Framework, annotations map[string]string) map[str
 
 	assert.Nil(ginkgo.GinkgoT(), err)
 
-	re, _ := regexp.Compile(fmt.Sprintf(`Hostname: %v.*`, framework.EchoService))
+	re, err := regexp.Compile(fmt.Sprintf(`Hostname: %v.*`, framework.EchoService))
+	assert.Nil(ginkgo.GinkgoT(), err, "error compiling regex")
+
 	podMap := map[string]bool{}
 
 	for i := 0; i < 100; i++ {