chore: bumped golangci to 1.59.0 (#1519)

.github/workflows/ci.yaml

@@ -12,7 +12,7 @@ on:
 
 env:
   GO_VERSION: "1.22.3"
-  GOLANGCI_LINT_VERSION: "v1.57.2"
+  GOLANGCI_LINT_VERSION: "v1.59.0"
   HELM_VERSION: "3.14.1"
   KUBECONFORM_VERSION: "0.6.4"
   KUBERNETES_API_VERSION: "1.27.0"

.golangci.yaml

@@ -10,23 +10,15 @@ linters:
     - wrapcheck
     - ireturn
     - exhaustruct
-    - exhaustivestruct
     - testpackage
     - paralleltest
     - nolintlint
     - tparallel
     - depguard
     - zerologlint
-    # deprecated
-    - interfacer
-    - varcheck
-    - deadcode
-    - nosnakecase
-    - structcheck
-    - maligned
-    - scopelint
-    - ifshort
-    - golint
+    # depricated
+    - gomnd
+    - execinquery
 
 issues:
   exclude-rules:
@@ -36,9 +28,11 @@ issues:
         - maintidx
         - cyclop
         - gocognit
-        - goerr113
+        - err113
         - lll
         - errcheck
+        - canonicalheader
+        - mnd
 
 linters-settings:
   exhaustive:
@@ -83,3 +77,8 @@ linters-settings:
       # to avoid having a CVE in the used version
       - golang.org/x/net
       - golang.org/x/text
+  mnd:
+    ignored-functions:
+      - '^make'
+      - '^math\.'
+      - '^time\.*'

cmd/validate/ruleset.go

@@ -18,6 +18,7 @@ package validate
 
 import (
 	"context"
+	"errors"
 	"os"
 
 	"github.com/rs/zerolog"
@@ -31,6 +32,8 @@ import (
 	"github.com/dadrus/heimdall/internal/rules/rule"
 )
 
+var errFunctionNotSupported = errors.New("function not supported")
+
 // NewValidateRulesCommand represents the "validate rules" command.
 func NewValidateRulesCommand() *cobra.Command {
 	cmd := &cobra.Command{
@@ -99,7 +102,9 @@ func validateRuleSet(cmd *cobra.Command, args []string) error {
 
 type noopRepository struct{}
 
-func (*noopRepository) FindRule(_ heimdall.Context) (rule.Rule, error) { return nil, nil }
-func (*noopRepository) AddRuleSet(_ string, _ []rule.Rule) error       { return nil }
-func (*noopRepository) UpdateRuleSet(_ string, _ []rule.Rule) error    { return nil }
-func (*noopRepository) DeleteRuleSet(_ string) error                   { return nil }
+func (*noopRepository) FindRule(_ heimdall.Context) (rule.Rule, error) {
+	return nil, errFunctionNotSupported
+}
+func (*noopRepository) AddRuleSet(_ string, _ []rule.Rule) error    { return nil }
+func (*noopRepository) UpdateRuleSet(_ string, _ []rule.Rule) error { return errFunctionNotSupported }
+func (*noopRepository) DeleteRuleSet(_ string) error                { return errFunctionNotSupported }

internal/cache/redis/cluster.go

@@ -36,7 +36,7 @@ func NewClusterCache(conf map[string]any, cw watcher.Watcher) (cache.Cache, erro
 	}
 
 	cfg := Config{
-		baseConfig: baseConfig{ClientCache: clientCache{TTL: 5 * time.Minute}}, //nolint:gomnd
+		baseConfig: baseConfig{ClientCache: clientCache{TTL: 5 * time.Minute}}, //nolint:mnd
 	}
 
 	err := decodeConfig(conf, &cfg)

internal/cache/redis/sentinel.go

@@ -40,7 +40,7 @@ func NewSentinelCache(conf map[string]any, cw watcher.Watcher) (cache.Cache, err
 	}
 
 	cfg := Config{
-		baseConfig: baseConfig{ClientCache: clientCache{TTL: 5 * time.Minute}}, //nolint:gomnd
+		baseConfig: baseConfig{ClientCache: clientCache{TTL: 5 * time.Minute}}, //nolint:mnd
 	}
 
 	err := decodeConfig(conf, &cfg)

internal/cache/redis/standalone.go

@@ -37,7 +37,7 @@ func NewStandaloneCache(conf map[string]any, cw watcher.Watcher) (cache.Cache, e
 	}
 
 	cfg := Config{
-		baseConfig: baseConfig{ClientCache: clientCache{TTL: 5 * time.Minute}}, //nolint:gomnd
+		baseConfig: baseConfig{ClientCache: clientCache{TTL: 5 * time.Minute}}, //nolint:mnd
 	}
 
 	err := decodeConfig(conf, &cfg)

internal/handler/metrics/module.go

@@ -90,10 +90,10 @@ func newLifecycleManager(conf *config.Configuration, logger zerolog.Logger) life
 		ServiceAddress: cfg.Address(),
 		Server: &http.Server{
 			Handler:        mux,
-			ReadTimeout:    5 * time.Second,  // nolint: gomnd
-			WriteTimeout:   10 * time.Second, // nolint: gomnd
-			IdleTimeout:    90 * time.Second, // nolint: gomnd
-			MaxHeaderBytes: 4096,             // nolint: gomnd
+			ReadTimeout:    5 * time.Second,  // nolint: mnd
+			WriteTimeout:   10 * time.Second, // nolint: mnd
+			IdleTimeout:    90 * time.Second, // nolint: mnd
+			MaxHeaderBytes: 4096,             // nolint: mnd
 			ErrorLog:       loggeradapter.NewStdLogger(logger),
 		},
 		Logger: logger,

internal/handler/middleware/http/dump/handler.go

@@ -163,7 +163,7 @@ func writeStatusLine(bw *bytes.Buffer, proto string, code int, scratch []byte) {
 	bw.WriteString(proto + " ")
 
 	if text := http.StatusText(code); text != "" {
-		bw.Write(strconv.AppendInt(scratch[:0], int64(code), 10)) //nolint:gomnd
+		bw.Write(strconv.AppendInt(scratch[:0], int64(code), 10)) //nolint:mnd
 		bw.WriteByte(' ')
 		bw.WriteString(text)
 		bw.WriteString("\r\n")

internal/handler/profiling/module.go

@@ -61,8 +61,8 @@ func newLifecycleManager(conf *config.Configuration, logger zerolog.Logger) life
 		ServiceAddress: cfg.Address(),
 		Logger:         logger,
 		Server: &http.Server{
-			ReadHeaderTimeout: 5 * time.Second,  // nolint: gomnd
-			IdleTimeout:       90 * time.Second, // nolint: gomnd
+			ReadHeaderTimeout: 5 * time.Second,  // nolint: mnd
+			IdleTimeout:       90 * time.Second, // nolint: mnd
 			ErrorLog:          loggeradapter.NewStdLogger(logger),
 		},
 	}

internal/handler/proxy/request_context.go

@@ -56,15 +56,15 @@ func newContextFactory(
 		// is possible per upstream
 		Proxy: http.ProxyFromEnvironment,
 		DialContext: (&net.Dialer{
-			Timeout:   30 * time.Second, //nolint:gomnd
-			KeepAlive: 30 * time.Second, //nolint:gomnd
+			Timeout:   30 * time.Second, //nolint:mnd
+			KeepAlive: 30 * time.Second, //nolint:mnd
 		}).DialContext,
 		ResponseHeaderTimeout: cfg.Timeout.Read,
 		MaxIdleConns:          cfg.ConnectionsLimit.MaxIdle,
 		MaxIdleConnsPerHost:   cfg.ConnectionsLimit.MaxIdlePerHost,
 		MaxConnsPerHost:       cfg.ConnectionsLimit.MaxPerHost,
 		IdleConnTimeout:       cfg.Timeout.Idle,
-		TLSHandshakeTimeout:   10 * time.Second, //nolint:gomnd
+		TLSHandshakeTimeout:   10 * time.Second, //nolint:mnd
 		ExpectContinueTimeout: 1 * time.Second,
 		ForceAttemptHTTP2:     true,
 		TLSClientConfig:       tlsCfg,

internal/handler/proxy/service_test.go

@@ -983,7 +983,7 @@ func TestWebSocketSupport(t *testing.T) {
 	require.NoError(t, err)
 
 	upstreamSrv := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
-		require.Equal(t, "/bar", req.URL.Path)
+		assert.Equal(t, "/bar", req.URL.Path)
 
 		upgrader := websocket.Upgrader{
 			CheckOrigin: func(_ *http.Request) bool {
@@ -992,22 +992,22 @@ func TestWebSocketSupport(t *testing.T) {
 		}
 
 		con, err := upgrader.Upgrade(rw, req, nil)
-		require.NoError(t, err)
+		assert.NoError(t, err)
 
 		defer con.Close()
 
 		err = con.WriteMessage(websocket.TextMessage, []byte("ping 1"))
-		require.NoError(t, err)
+		assert.NoError(t, err)
 
 		_, message, err := con.ReadMessage()
-		require.NoError(t, err)
+		assert.NoError(t, err)
 		assert.Equal(t, []byte("ping 1"), message)
 
 		err = con.WriteMessage(websocket.TextMessage, []byte("ping 2"))
-		require.NoError(t, err)
+		assert.NoError(t, err)
 
 		_, message, err = con.ReadMessage()
-		require.NoError(t, err)
+		assert.NoError(t, err)
 		assert.Equal(t, []byte("ping 2"), message)
 	}))
 	defer upstreamSrv.Close()
@@ -1092,7 +1092,7 @@ func TestServerSentEventsSupport(t *testing.T) {
 	require.NoError(t, err)
 
 	upstreamSrv := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
-		require.Equal(t, "/bar", req.URL.Path)
+		assert.Equal(t, "/bar", req.URL.Path)
 
 		rw.Header().Set("Content-Type", "text/event-stream")
 		rw.Header().Set("Cache-Control", "no-cache")
@@ -1102,9 +1102,9 @@ func TestServerSentEventsSupport(t *testing.T) {
 
 		for i := range 5 {
 			_, err := rw.Write(stringx.ToBytes(strconv.Itoa(i)))
-			require.NoError(t, err)
+			assert.NoError(t, err)
 
-			require.NoError(t, rc.Flush())
+			assert.NoError(t, rc.Flush())
 
 			time.Sleep(50 * time.Millisecond)
 		}

internal/httpcache/round_tripper_test.go

@@ -46,7 +46,7 @@ func TestRoundTripperRoundTrip(t *testing.T) {
 		}
 
 		_, err := w.Write([]byte("foobar"))
-		require.NoError(t, err)
+		assert.NoError(t, err)
 	}))
 
 	defer srv.Close()

internal/rules/endpoint/authstrategy/client_credentials_test.go

@@ -90,7 +90,7 @@ func TestApplyClientCredentialsStrategy(t *testing.T) {
 
 		w.WriteHeader(code)
 		_, err = w.Write(rawResp)
-		require.NoError(t, err)
+		assert.NoError(t, err)
 	}))
 	defer srv.Close()
 

internal/rules/endpoint/endpoint_test.go

@@ -376,7 +376,7 @@ func TestEndpointSendRequest(t *testing.T) {
 
 		if serverResponse != nil {
 			_, err := w.Write(serverResponse)
-			require.NoError(t, err)
+			assert.NoError(t, err)
 		}
 
 		w.WriteHeader(statusCode)

internal/rules/mechanisms/authenticators/generic_authenticator_test.go

@@ -764,7 +764,7 @@ func TestGenericAuthenticatorExecute(t *testing.T) {
 			w.Header().Set("Content-Type", responseContentType)
 			w.Header().Set("Content-Length", strconv.Itoa(len(responseContent)))
 			_, err := w.Write(responseContent)
-			require.NoError(t, err)
+			assert.NoError(t, err)
 		}
 
 		w.WriteHeader(responseCode)

internal/rules/mechanisms/authenticators/jwt_authenticator_test.go

@@ -881,7 +881,7 @@ func TestJwtAuthenticatorExecute(t *testing.T) {
 		if jwksResponseContent != nil {
 			w.Header().Set("Content-Type", jwksResponseContentType)
 			_, err := w.Write(jwksResponseContent)
-			require.NoError(t, err)
+			assert.NoError(t, err)
 		} else {
 			w.WriteHeader(jwksResponseCode)
 		}
@@ -895,7 +895,7 @@ func TestJwtAuthenticatorExecute(t *testing.T) {
 		if metadataResponseContent != nil {
 			w.Header().Set("Content-Type", metadataResponseContentType)
 			_, err = w.Write(metadataResponseContent)
-			require.NoError(t, err)
+			assert.NoError(t, err)
 		} else {
 			w.WriteHeader(metadataResponseCode)
 		}

internal/rules/mechanisms/authenticators/oauth2_introspection_authenticator_test.go

@@ -642,7 +642,7 @@ func TestOauth2IntrospectionAuthenticatorExecute(t *testing.T) {
 		if introspectionResponseContent != nil {
 			w.Header().Set("Content-Type", introspectionResponseContentType)
 			_, err := w.Write(introspectionResponseContent)
-			require.NoError(t, err)
+			assert.NoError(t, err)
 		}
 
 		w.WriteHeader(introspectionResponseCode)
@@ -656,7 +656,7 @@ func TestOauth2IntrospectionAuthenticatorExecute(t *testing.T) {
 		if metadataResponseContent != nil {
 			w.Header().Set("Content-Type", metadataResponseContentType)
 			_, err := w.Write(metadataResponseContent)
-			require.NoError(t, err)
+			assert.NoError(t, err)
 		}
 
 		w.WriteHeader(metadataResponseCode)

internal/rules/mechanisms/authorizers/remote_authorizer_test.go

@@ -526,7 +526,7 @@ func TestRemoteAuthorizerExecute(t *testing.T) {
 			w.Header().Set("Content-Type", responseContentType)
 			w.Header().Set("Content-Length", strconv.Itoa(len(responseContent)))
 			_, err := w.Write(responseContent)
-			require.NoError(t, err)
+			assert.NoError(t, err)
 		}
 
 		w.WriteHeader(responseCode)

internal/rules/mechanisms/contextualizers/generic_contextualizer_test.go

@@ -516,7 +516,7 @@ func TestGenericContextualizerExecute(t *testing.T) {
 			w.Header().Set("Content-Type", responseContentType)
 			w.Header().Set("Content-Length", strconv.Itoa(len(responseContent)))
 			_, err := w.Write(responseContent)
-			require.NoError(t, err)
+			assert.NoError(t, err)
 		}
 
 		w.WriteHeader(responseCode)

internal/rules/mechanisms/finalizers/oauth2_client_credentials_finalizer_test.go

@@ -447,7 +447,7 @@ func TestClientCredentialsFinalizerExecute(t *testing.T) {
 
 		w.WriteHeader(code)
 		_, err = w.Write(rawResp)
-		require.NoError(t, err)
+		assert.NoError(t, err)
 	}))
 	defer srv.Close()
 

internal/rules/mechanisms/oauth2/metadata_endpoint.go

@@ -36,7 +36,7 @@ func (e *MetadataEndpoint) init() {
 	}
 
 	if e.HTTPCache == nil {
-		e.HTTPCache = &endpoint.HTTPCache{Enabled: true, DefaultTTL: 30 * time.Minute} //nolint:gomnd
+		e.HTTPCache = &endpoint.HTTPCache{Enabled: true, DefaultTTL: 30 * time.Minute} //nolint:mnd
 	}
 }
 

internal/rules/oauth2/clientcredentials/clientcredentials_test.go

@@ -83,7 +83,7 @@ func TestClientCredentialsToken(t *testing.T) {
 
 		w.WriteHeader(code)
 		_, err = w.Write(rawResp)
-		require.NoError(t, err)
+		assert.NoError(t, err)
 	}))
 	defer srv.Close()
 

internal/rules/provider/kubernetes/admissioncontroller/service.go

@@ -72,10 +72,10 @@ func newService(
 
 	return &http.Server{
 		Handler:        hc,
-		ReadTimeout:    5 * time.Second,      //nolint:gomnd
-		WriteTimeout:   10 * time.Second,     //nolint:gomnd
-		IdleTimeout:    90 * time.Second,     //nolint:gomnd
-		MaxHeaderBytes: int(4 * bytesize.KB), //nolint:gomnd
+		ReadTimeout:    5 * time.Second,      //nolint:mnd
+		WriteTimeout:   10 * time.Second,     //nolint:mnd
+		IdleTimeout:    90 * time.Second,     //nolint:mnd
+		MaxHeaderBytes: int(4 * bytesize.KB), //nolint:mnd
 		ErrorLog:       loggeradapter.NewStdLogger(log),
 	}
 }

internal/rules/provider/kubernetes/api/v1alpha4/client_test.go

@@ -106,7 +106,7 @@ func (s *ClientTestSuite) SetupSuite() {
 			_, err = w.Write([]byte(response))
 		}
 
-		s.Require().NoError(err)
+		s.NoError(err)
 
 		w.WriteHeader(http.StatusOK)
 	}))

internal/rules/provider/kubernetes/provider.go

@@ -406,7 +406,7 @@ func (p *provider) updateStatus(
 		p.l.Debug().Err(err).Msgf("New resource version available. Retrieving it.")
 
 		// to avoid cascading reads and writes
-		time.Sleep(time.Duration(2*rand.Intn(50)) * time.Millisecond) //nolint:gomnd,gosec
+		time.Sleep(time.Duration(2*rand.Intn(50)) * time.Millisecond) //nolint:mnd,gosec
 
 		rsKey := types.NamespacedName{Namespace: rs.Namespace, Name: rs.Name}
 		if rs, err = repository.Get(ctx, rsKey, metav1.GetOptions{}); err != nil {

internal/validation/validation.go

@@ -58,7 +58,7 @@ func init() {
 	}
 
 	validate.RegisterTagNameFunc(func(fld reflect.StructField) string {
-		return "'" + strings.SplitN(getTagValue(fld.Tag), ",", 2)[0] + "'" // nolint: gomnd
+		return "'" + strings.SplitN(getTagValue(fld.Tag), ",", 2)[0] + "'" // nolint: mnd
 	})
 }