Add static analysis GitHub action

.github/workflows/lint.yml

@@ -0,0 +1,35 @@
+name: Go-static-analysis
+on: [push, pull_request]
+jobs:
+  golangci:
+    name: Lint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v2
+        with:
+          # Required: the version of golangci-lint is required and must be specified without patch version: we always use the latest patch version.
+          version: v1.29
+          # Adding additional linters beside the default set - See https://golangci-lint.run/usage/linters
+          args: --enable=golint,bodyclose,gosec,whitespace
+  shellcheck:
+    name: Shellcheck
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: Run ShellCheck
+      uses: ludeeus/action-shellcheck@master
+  hadolint:
+    runs-on: ubuntu-latest
+    name: Hadolint
+    steps:
+    - uses: actions/checkout@v2
+    - uses: brpaz/[email protected]
+      name: Run Hadolint
+      with:
+       dockerfile: Dockerfile
+    - uses: brpaz/[email protected]
+      with:
+        dockerfile: Dockerfile.rhel7
+

.golangci.yml

@@ -0,0 +1,118 @@
+# Tested with golangci-lint ver. 1.37
+linters-settings:
+  depguard:
+    list-type: blacklist
+    packages:
+      # logging is allowed only by logutils.Log, logrus
+      # is allowed to use only in logutils package
+      - github.com/sirupsen/logrus
+    packages-with-error-message:
+      - github.com/sirupsen/logrus: "logging is allowed only by logutils.Log"
+  dupl:
+    threshold: 100
+  funlen:
+    lines: 100
+    statements: 50
+  goconst:
+    min-len: 2
+    min-occurrences: 2
+  gocritic:
+    enabled-tags:
+      - diagnostic
+      - experimental
+      - opinionated
+      - performance
+      - style
+    disabled-checks:
+      - dupImport # https://github.com/go-critic/go-critic/issues/845
+      - ifElseChain
+      - octalLiteral
+      - whyNoLint
+      - wrapperFunc
+      - unnamedResult
+  gocyclo:
+    min-complexity: 15
+  goimports:
+    local-prefixes: github.com/k8snetworkplumbingwg/sriov-network-device-plugin
+  golint:
+    min-confidence: 0
+  gomnd:
+    settings:
+      mnd:
+        # don't include the "operation" and "assign"
+        checks: argument,case,condition,return
+  lll:
+    line-length: 140
+  misspell:
+    locale: US
+  prealloc:
+    # Report preallocation suggestions only on simple loops that have no returns/breaks/continues/gotos in them.
+    # True by default.
+    simple: true
+    range-loops: true # Report preallocation suggestions on range loops, true by default
+    for-loops: false # Report preallocation suggestions on for loops, false by default
+
+linters:
+  # please, do not use `enable-all`: it's deprecated and will be removed soon.
+  # inverted configuration with `enable-all` and `disable` is not scalable during updates of golangci-lint
+  disable-all: true
+  enable:
+    - bodyclose
+    - deadcode
+    - depguard
+    - dogsled
+    - dupl
+    - errcheck
+    - exportloopref
+    - exhaustive
+    - funlen
+      #- gochecknoinits
+    - goconst
+    - gocritic
+    - gocyclo
+    - gofmt
+    - goimports
+      #- golint
+    - gomnd
+    - goprintffuncname
+    - gosec
+    - gosimple
+      #- govet
+    - ineffassign
+    - lll
+    - misspell
+    - nakedret
+    - prealloc
+    - rowserrcheck
+      #- scopelint
+    - staticcheck
+    - structcheck
+    - stylecheck
+    - typecheck
+    - unconvert
+    - unparam
+    - unused
+    - varcheck
+    - whitespace
+
+issues:
+  # Excluding configuration per-path, per-linter, per-text and per-source
+  exclude-rules:
+    - path: _test\.go
+      linters:
+        - gomnd
+        - gosec
+        - dupl
+    - text: "Magic number: 2"
+      linters:
+        - gomnd
+    - text: "Magic number: 1024"
+      linters:
+        - gomnd
+run:
+  skip-dirs:
+    - .github/
+    - deployments/
+    - docs/
+    - images/
+    - scripts/

Dockerfile

@@ -15,7 +15,7 @@
 FROM golang:1.13-alpine as builder
 COPY . /usr/src/network-resources-injector
 WORKDIR /usr/src/network-resources-injector
-RUN apk add --update --virtual build-dependencies build-base bash && \
+RUN apk add --no-cache --virtual build-dependencies build-base bash && \
     make
 
 FROM alpine:3.11

Makefile

@@ -22,6 +22,9 @@ image :
 test :
 	scripts/test.sh
 
+lint :
+	scripts/lint.sh
+
 vendor :
 	go mod tidy && go mod vendor
 

cmd/installer/main.go

@@ -16,15 +16,26 @@ package main
 
 import (
 	"flag"
+
 	"github.com/golang/glog"
 	"github.com/k8snetworkplumbingwg/network-resources-injector/pkg/installer"
+	"github.com/k8snetworkplumbingwg/network-resources-injector/pkg/types"
 )
 
 func main() {
-	namespace := flag.String("namespace", "kube-system", "Namespace in which all Kubernetes resources will be created.")
-	prefix := flag.String("name", "network-resources-injector", "Prefix added to the names of all created resources.")
+	namespace := flag.String("namespace", "kube-system",
+		"Namespace in which all Kubernetes resources will be created.")
+	prefix := flag.String("name", "network-resources-injector",
+		"Prefix added to the names of all created resources.")
+	webhookPort := flag.Int("webhook-port", types.DefaultWebhookPort, "Port number which webhook will serve")
+	webhookSvcPort := flag.Int("webhook-service-port", types.DefaultServicePort, "Port number for webhook service")
+
+	if *webhookPort < 1024 || *webhookPort > 65535 {
+		glog.Fatalf("invalid port number. Choose between 1024 and 65535")
+	}
+
 	flag.Parse()
 
 	glog.Info("starting webhook installation")
-	installer.Install(*namespace, *prefix)
+	installer.Install(*namespace, *prefix, *webhookPort, *webhookSvcPort)
 }

cmd/webhook/main.go

@@ -15,39 +15,46 @@
 package main
 
 import (
-	"crypto/tls"
 	"context"
+	"crypto/tls"
 	"flag"
 	"fmt"
 	"net/http"
 	"os"
 	"time"
 
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/api/errors"
 	"github.com/fsnotify/fsnotify"
 	"github.com/golang/glog"
+	"github.com/k8snetworkplumbingwg/network-resources-injector/pkg/types"
 	"github.com/k8snetworkplumbingwg/network-resources-injector/pkg/webhook"
+	"k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
 const (
-	defaultClientCa              = "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
+	defaultClientCa               = "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
 	userDefinedInjectionConfigMap = "nri-user-defined-injections"
+	userDefinedInjectionInterval  = 30 * time.Second
 )
 
 func main() {
 	var namespace string
 	var clientCAPaths webhook.ClientCAFlags
 	/* load configuration */
-	port := flag.Int("port", 8443, "The port on which to serve.")
+	port := flag.Int("port", types.DefaultWebhookPort, "The port on which to serve.")
 	address := flag.String("bind-address", "0.0.0.0", "The IP address on which to listen for the --port port.")
 	cert := flag.String("tls-cert-file", "cert.pem", "File containing the default x509 Certificate for HTTPS.")
-	key := flag.String("tls-private-key-file", "key.pem", "File containing the default x509 private key matching --tls-cert-file.")
+	key := flag.String("tls-private-key-file", "key.pem",
+		"File containing the default x509 private key matching --tls-cert-file.")
 	insecure := flag.Bool("insecure", false, "Disable adding client CA to server TLS endpoint --insecure")
-	injectHugepageDownApi := flag.Bool("injectHugepageDownApi", false, "Enable hugepage requests and limits into Downward API.")
-	flag.Var(&clientCAPaths, "client-ca", "File containing client CA. This flag is repeatable if more than one client CA needs to be added to server")
-	resourceNameKeys := flag.String("network-resource-name-keys", "k8s.v1.cni.cncf.io/resourceName", "comma separated resource name keys --network-resource-name-keys.")
-	resourcesHonorFlag := flag.Bool("honor-resources", false, "Honor the existing requested resources requests & limits --honor-resources")
+	injectHugepageDownAPI := flag.Bool("injectHugepageDownApi", false,
+		"Enable hugepage requests and limits into Downward API.")
+	flag.Var(&clientCAPaths, "client-ca",
+		"File containing client CA. This flag is repeatable if more than one client CA needs to be added to server")
+	resourceNameKeys := flag.String("network-resource-name-keys", "k8s.v1.cni.cncf.io/resourceName",
+		"comma separated resource name keys --network-resource-name-keys.")
+	resourcesHonorFlag := flag.Bool("honor-resources", false,
+		"Honor the existing requested resources requests & limits --honor-resources")
 	flag.Parse()
 
 	if *port < 1024 || *port > 65535 {
@@ -68,7 +75,7 @@ func main() {
 
 	glog.Infof("starting mutating admission controller for network resources injection")
 
-	keyPair, err := webhook.NewTlsKeypairReloader(*cert, *key)
+	keyPair, err := webhook.NewTLSKeypairReloader(*cert, *key)
 	if err != nil {
 		glog.Fatalf("error load certificate: %s", err.Error())
 	}
@@ -81,7 +88,7 @@ func main() {
 	/* init API client */
 	clientset := webhook.SetupInClusterClient()
 
-	webhook.SetInjectHugepageDownApi(*injectHugepageDownApi)
+	webhook.SetInjectHugepageDownAPI(*injectHugepageDownAPI)
 
 	webhook.SetHonorExistingResources(*resourcesHonorFlag)
 
@@ -100,7 +107,7 @@ func main() {
 				return
 			}
 			if r.Method != http.MethodPost {
-				http.Error(w, "Invalid HTTP verb requested", 405)
+				http.Error(w, "invalid HTTP verb requested", http.StatusMethodNotAllowed)
 				return
 			}
 			webhook.MutateHandler(w, r)
@@ -149,8 +156,14 @@ func main() {
 	keyUpdated := false
 
 	for {
-		watcher.Add(*cert)
-		watcher.Add(*key)
+		err := watcher.Add(*cert)
+		if err != nil {
+			glog.Fatalf("error adding cert: %v", err)
+		}
+		err = watcher.Add(*key)
+		if err != nil {
+			glog.Fatalf("error adding key: %v", err)
+		}
 
 		select {
 		case event, ok := <-watcher.Events:
@@ -181,7 +194,7 @@ func main() {
 				continue
 			}
 			glog.Infof("watcher error: %v", err)
-		case <-time.After(30 * time.Second):
+		case <-time.After(userDefinedInjectionInterval):
 			cm, err := clientset.CoreV1().ConfigMaps(namespace).Get(
 				context.Background(), userDefinedInjectionConfigMap, metav1.GetOptions{})
 			if err != nil {

go.sum

@@ -262,7 +262,6 @@ golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20190930134127-c5a3c61f89f3/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7 h1:AeiKBIuRw3UomYXSbLy0Mc2dDLfdtbT/IVn4keq83P0=
 golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974 h1:IX6qOQeG5uLjB/hjjwjedwfjND0hgjPMMyO1RoIXQNI=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
@@ -295,7 +294,6 @@ golang.org/x/sys v0.0.0-20191022100944-742c48ecaeb7/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200519105757-fe76b779f299 h1:DYfZAGf2WMFjMxbgTjaC+2HC7NkNAQs+6Q8b9WEB/F4=
 golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f h1:+Nyd8tzPX9R7BWHguqsrbFdRx3WQ/1ib8I44HXV5yTA=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -328,7 +326,6 @@ golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roY
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=