Skip to content

Commit

Permalink
Fix golang-lint findings
Browse files Browse the repository at this point in the history
  • Loading branch information
rikatz committed Nov 13, 2024
1 parent 8eac53c commit 52b8c9c
Show file tree
Hide file tree
Showing 13 changed files with 47 additions and 67 deletions.
1 change: 0 additions & 1 deletion .golangci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,6 @@ linters:
- errname
- ginkgolinter
- gocheckcompilerdirectives
- goconst
- gocritic
- gocyclo
- godox
Expand Down
9 changes: 9 additions & 0 deletions go.work.sum
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
cel.dev/expr v0.16.0/go.mod h1:TRSuuV7DlVCE/uwv5QbAiW/v8l5O8C4eEPHeu7gf7Sg=
cel.dev/expr v0.16.1/go.mod h1:AsGA5zb3WruAEQeQng1RZdGEXmBj0jvMWh6l5SnNuC8=
cloud.google.com/go/compute v1.23.3/go.mod h1:VCgBUoMnIVIR0CscqQiPJLAG25E3ZRZMzcFZeQ+h8CI=
cloud.google.com/go/compute/metadata v0.5.0/go.mod h1:aHnloV2TPI38yx4s9+wAZhHykWvVCfu7hQbF+9CWoiY=
github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
Expand All @@ -20,6 +21,7 @@ github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMn
github.com/cilium/ebpf v0.16.0/go.mod h1:L7u2Blt2jMM/vLAVgjxluxtBKlz3/GWjB0dMOEngfwE=
github.com/cncf/udpa/go v0.0.0-20220112060539-c52dc94e7fbe/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI=
github.com/cncf/xds/go v0.0.0-20240723142845-024c85f92f20/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8=
github.com/cncf/xds/go v0.0.0-20240905190251-b4127c9b8d78/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8=
github.com/containerd/console v1.0.4/go.mod h1:YynlIjWYF8myEu6sdkwKIvGQq+cOckRm6So2avqoYAk=
github.com/coreos/go-oidc v2.2.1+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc=
github.com/coreos/go-semver v0.3.1/go.mod h1:irMmmIw/7yzSRPWryHsK7EYSg09caPQL03VsM8rvUec=
Expand Down Expand Up @@ -109,11 +111,18 @@ go.opentelemetry.io/otel/sdk v1.28.0/go.mod h1:oYj7ClPUA7Iw3m+r7GeEjz0qckQRJK2B8
go.opentelemetry.io/otel/trace v1.28.0/go.mod h1:jPyXzNPg6da9+38HEwElrQiHlVMTnVfM3/yv2OlIHaI=
go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8=
golang.org/x/arch v0.3.0/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U=
golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
golang.org/x/telemetry v0.0.0-20240521205824-bda55230c457/go.mod h1:pRgIJT+bRLFKnoM1ldnzKoxTIn14Yxz928LQRYYgIN0=
golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds=
google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80 h1:KAeGQVN3M9nD0/bQXnr/ClcEMJ968gUXJQ9pwfSynuQ=
google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80/go.mod h1:cc8bqMqtv9gMOr0zHg2Vzff5ULhhL2IXP4sbcn32Dro=
google.golang.org/genproto/googleapis/api v0.0.0-20240814211410-ddb44dafa142/go.mod h1:d6be+8HhtEtucleCbxpPW9PA9XwISACu8nvpPqF0BVo=
google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:qpvKtACPCQhAdu3PyQgV4l3LMXZEtft7y8QcarRsp9I=
gopkg.in/natefinch/lumberjack.v2 v2.2.1/go.mod h1:YD8tP3GAjkrDg1eZH7EGmyESg/lsYskCTPBJVb9jqSc=
gopkg.in/square/go-jose.v2 v2.6.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
k8s.io/kms v0.31.2/go.mod h1:OZKwl1fan3n3N5FFxnW5C4V3ygrah/3YXeJWS3O6+94=
Expand Down
2 changes: 1 addition & 1 deletion internal/ingress/controller/controller_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -157,7 +157,7 @@ func (ntc testNginxTestCommand) Test(cfg string) ([]byte, error) {

type fakeTemplate struct{}

func (fakeTemplate) Validate(filename string) error {
func (fakeTemplate) Validate(_ string) error {
return nil
}

Expand Down
5 changes: 2 additions & 3 deletions internal/ingress/controller/template/crossplane/cors.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,11 +23,10 @@ import (
"k8s.io/ingress-nginx/internal/ingress/annotations/cors"
)

func buildCorsDirectives(locationcors cors.Config) ngx_crossplane.Directives {
func buildCorsDirectives(locationcors *cors.Config) ngx_crossplane.Directives {
directives := make(ngx_crossplane.Directives, 0)
if len(locationcors.CorsAllowOrigin) > 0 {
directives = append(directives, buildCorsOriginRegex(locationcors.CorsAllowOrigin)...)

}
directives = append(directives,
buildBlockDirective("if",
Expand All @@ -43,7 +42,7 @@ func buildCorsDirectives(locationcors cors.Config) ngx_crossplane.Directives {
}

// commonCorsDirective builds the common cors directives for a location
func commonCorsDirective(cfg cors.Config, options bool) *ngx_crossplane.Directive {
func commonCorsDirective(cfg *cors.Config, options bool) *ngx_crossplane.Directive {
corsDir := "true"
if options {
corsDir = "trueoptions"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,8 @@ const (

// helpful directive location alias describing "any" context
// doesn't include ngxHTTPSifConf, ngxHTTPLifConf, ngxHTTPLmtConf, or ngxMgmtMainConf.
//
//nolint:unused // This file is generated
const ngxAnyConf = ngxMainConf | ngxEventConf | ngxMailMainConf | ngxMailSrvConf |
ngxStreamMainConf | ngxStreamSrvConf | ngxStreamUpsConf |
ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPLocConf | ngxHTTPUpsConf |
Expand Down
30 changes: 16 additions & 14 deletions internal/ingress/controller/template/crossplane/http.go
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,7 @@ func (c *Template) initHTTPDirectives() ngx_crossplane.Directives {
return httpBlock
}

//nolint:gocyclo
//nolint:gocyclo // Function is what it is
func (c *Template) buildHTTP() {
cfg := c.tplConfig.Cfg
httpBlock := c.initHTTPDirectives()
Expand Down Expand Up @@ -140,10 +140,10 @@ func (c *Template) buildHTTP() {
}

if cfg.EnableBrotli {
httpBlock = append(httpBlock, buildDirective("brotli", "on"))
httpBlock = append(httpBlock, buildDirective("brotli_comp_level", cfg.BrotliLevel))
httpBlock = append(httpBlock, buildDirective("brotli_min_length", cfg.BrotliMinLength))
httpBlock = append(httpBlock, buildDirective("brotli_types", cfg.BrotliTypes))
httpBlock = append(httpBlock, buildDirective("brotli", "on"),
buildDirective("brotli_comp_level", cfg.BrotliLevel),
buildDirective("brotli_min_length", cfg.BrotliMinLength),
buildDirective("brotli_types", cfg.BrotliTypes))
}

if (c.tplConfig.Cfg.EnableOpentelemetry || shouldLoadOpentelemetryModule(c.tplConfig.Servers)) &&
Expand Down Expand Up @@ -293,16 +293,17 @@ func (c *Template) buildHTTP() {
httpBlock = append(httpBlock, buildBlockDirective("upstream", []string{"upstream_balancer"}, blockUpstreamDirectives))

// Adding Rate limit
for _, rl := range filterRateLimits(c.tplConfig.Servers) {
id := fmt.Sprintf("$allowlist_%s", rl.ID)
httpBlock = append(httpBlock, buildDirective("#", "Ratelimit", rl.Name))
rl := filterRateLimits(c.tplConfig.Servers)
for i := range rl {
id := fmt.Sprintf("$allowlist_%s", rl[i].ID)
httpBlock = append(httpBlock, buildDirective("#", "Ratelimit", rl[i].Name))
rlDirectives := ngx_crossplane.Directives{
buildDirective("default", 0),
}
for _, ip := range rl.Allowlist {
for _, ip := range rl[i].Allowlist {
rlDirectives = append(rlDirectives, buildDirective(ip, "1"))
}
mapRateLimitDirective := buildMapDirective(id, fmt.Sprintf("$limit_%s", rl.ID), ngx_crossplane.Directives{
mapRateLimitDirective := buildMapDirective(id, fmt.Sprintf("$limit_%s", rl[i].ID), ngx_crossplane.Directives{
buildDirective("0", cfg.LimitConnZoneVariable),
buildDirective("1", ""),
})
Expand Down Expand Up @@ -343,10 +344,11 @@ func (c *Template) buildHTTP() {

if redirectServers, ok := c.tplConfig.RedirectServers.([]*utilingress.Redirect); ok {
for _, server := range redirectServers {
httpBlock = append(httpBlock, buildStartServer(server.From))
serverBlock := c.buildRedirectServer(server)
httpBlock = append(httpBlock, serverBlock)
httpBlock = append(httpBlock, buildEndServer(server.From))
httpBlock = append(httpBlock,
buildStartServer(server.From),
c.buildRedirectServer(server),
buildEndServer(server.From),
)
}
}

Expand Down
32 changes: 4 additions & 28 deletions internal/ingress/controller/template/crossplane/location.go
Original file line number Diff line number Diff line change
Expand Up @@ -107,7 +107,6 @@ func buildCustomErrorLocationsPerServer(server *ingress.Server, enableMetrics bo
errorLocationsDirectives = append(errorLocationsDirectives, buildCustomErrorLocation(errorLocations[i].UpstreamName, errorLocations[i].Codes, enableMetrics)...)
}
return errorLocationsDirectives

}

func buildCustomErrorLocation(upstreamName string, errorCodes []int, enableMetrics bool) ngx_crossplane.Directives {
Expand Down Expand Up @@ -199,7 +198,7 @@ func (c *Template) buildServerLocations(server *ingress.Server, locations []*ing
buildDirective("add_header", "Set-Cookie", "$auth_cookie"),
}
if location.CorsConfig.CorsEnabled {
directives = append(directives, buildCorsDirectives(location.CorsConfig)...)
directives = append(directives, buildCorsDirectives(&location.CorsConfig)...)
}
directives = append(directives,
buildDirective("return",
Expand All @@ -208,12 +207,9 @@ func (c *Template) buildServerLocations(server *ingress.Server, locations []*ing

serverLocations = append(serverLocations, buildBlockDirective("location",
[]string{buildAuthSignURLLocation(location.Path, locationConfig.externalAuth.SigninURL)}, directives))

}
serverLocations = append(serverLocations, c.buildLocation(server, location, locationConfig))

}

return serverLocations
}

Expand Down Expand Up @@ -294,7 +290,7 @@ func (c *Template) buildAllowedLocation(server *ingress.Server, location *ingres
}

if location.CorsConfig.CorsEnabled {
dir = append(dir, buildCorsDirectives(location.CorsConfig)...)
dir = append(dir, buildCorsDirectives(&location.CorsConfig)...)
}

if !isLocationInLocationList(location, c.tplConfig.Cfg.NoAuthLocations) {
Expand Down Expand Up @@ -686,8 +682,8 @@ func buildAuthLocationConfig(location *ingress.Location, locationConfig location
directives := make(ngx_crossplane.Directives, 0)
if locationConfig.authPath != "" {
if locationConfig.applyAuthUpstream && !locationConfig.applyGlobalAuth {
directives = append(directives, buildDirective("set", "$auth_cookie", ""))
directives = append(directives, buildDirective("add_header", "Set-Cookie", "$auth_cookie"))
directives = append(directives, buildDirective("set", "$auth_cookie", ""),
buildDirective("add_header", "Set-Cookie", "$auth_cookie"))
directives = append(directives, buildAuthResponseHeaders(locationConfig.proxySetHeader, locationConfig.externalAuth.ResponseHeaders, true)...)
if len(locationConfig.externalAuth.ResponseHeaders) > 0 {
directives = append(directives, buildDirective("set", "$auth_response_headers", strings.Join(locationConfig.externalAuth.ResponseHeaders, ",")))
Expand Down Expand Up @@ -733,24 +729,4 @@ func buildAuthLocationConfig(location *ingress.Location, locationConfig location
}

return directives
/*
Missing this Lua script
# `auth_request` module does not support HTTP keepalives in upstream block:
# https://trac.nginx.org/nginx/ticket/1579
access_by_lua_block {
local res = ngx.location.capture('{{ $authPath }}', { method = ngx.HTTP_GET, body = '', share_all_vars = {{ $externalAuth.KeepaliveShareVars }} })
if res.status == ngx.HTTP_OK then
ngx.var.auth_cookie = res.header['Set-Cookie']
{{- range $line := buildAuthUpstreamLuaHeaders $externalAuth.ResponseHeaders }} # IF 4
{{ $line }}
{{- end }} # END IF 4
return
end
if res.status == ngx.HTTP_UNAUTHORIZED or res.status == ngx.HTTP_FORBIDDEN then
ngx.exit(res.status)
end
ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
}
*/
}
6 changes: 2 additions & 4 deletions internal/ingress/controller/template/crossplane/server.go
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ func (c *Template) buildServerDirective(server *ingress.Server) *ngx_crossplane.
buildDirective("ssl_certificate_by_lua_file", "/etc/nginx/lua/nginx/ngx_conf_certificate.lua"),
}

serverBlock = append(serverBlock, buildListener(*c.tplConfig, server.Hostname)...)
serverBlock = append(serverBlock, buildListener(c.tplConfig, server.Hostname)...)
serverBlock = append(serverBlock, c.buildBlockers()...)

if server.Hostname == "_" {
Expand All @@ -62,7 +62,6 @@ func (c *Template) buildServerDirective(server *ingress.Server) *ngx_crossplane.

// The other locations should come here!
serverBlock = append(serverBlock, c.buildServerLocations(server, server.Locations)...)

}

// "/healthz" location
Expand Down Expand Up @@ -101,7 +100,6 @@ func (c *Template) buildServerDirective(server *ingress.Server) *ngx_crossplane.
// End of "nginx_status" location

serverBlock = append(serverBlock, buildBlockDirective("location", []string{"/nginx_status"}, statusLocationDirs))

}

// DO NOT MOVE! THIS IS THE END DIRECTIVE OF SERVERS
Expand Down Expand Up @@ -167,7 +165,7 @@ func (c *Template) buildRedirectServer(server *utilingress.Redirect) *ngx_crossp
buildDirective("ssl_certificate_by_lua_file", "/etc/nginx/lua/nginx/ngx_conf_certificate.lua"),
buildDirective("set_by_lua_file", "$redirect_to", "/etc/nginx/lua/nginx/ngx_srv_redirect.lua", server.To),
}
serverBlock = append(serverBlock, buildListener(*c.tplConfig, server.From)...)
serverBlock = append(serverBlock, buildListener(c.tplConfig, server.From)...)
serverBlock = append(serverBlock, c.buildBlockers()...)
serverBlock = append(serverBlock, buildDirective("return", c.tplConfig.Cfg.HTTPRedirectCode, "$redirect_to"))

Expand Down
21 changes: 10 additions & 11 deletions internal/ingress/controller/template/crossplane/utils.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ limitations under the License.
package crossplane

import (
"crypto/sha1"
"crypto/sha1" //nolint:gosec // We cannot move away from sha1
"encoding/base64"
"encoding/hex"
"fmt"
Expand Down Expand Up @@ -62,7 +62,7 @@ var (
type seconds int
type minutes int

func buildDirectiveWithComment(directive string, comment string, args ...any) *ngx_crossplane.Directive {
func buildDirectiveWithComment(directive, comment string, args ...any) *ngx_crossplane.Directive {
dir := buildDirective(directive, args...)
dir.Comment = ptr.To(comment)
return dir
Expand Down Expand Up @@ -213,25 +213,25 @@ func buildServerName(hostname string) string {
return `~^(?<subdomain>[\w-]+)\.` + strings.Join(parts, "\\.") + `$`
}

func buildListener(tc config.TemplateConfig, hostname string) ngx_crossplane.Directives {
func buildListener(tc *config.TemplateConfig, hostname string) ngx_crossplane.Directives {
listenDirectives := make(ngx_crossplane.Directives, 0)

co := commonListenOptions(&tc, hostname)
co := commonListenOptions(tc, hostname)

addrV4 := []string{""}
if len(tc.Cfg.BindAddressIpv4) > 0 {
addrV4 = tc.Cfg.BindAddressIpv4
}
listenDirectives = append(listenDirectives, httpListener(addrV4, co, &tc, false)...)
listenDirectives = append(listenDirectives, httpListener(addrV4, co, &tc, true)...)
listenDirectives = append(listenDirectives, httpListener(addrV4, co, tc, false)...)
listenDirectives = append(listenDirectives, httpListener(addrV4, co, tc, true)...)

if tc.IsIPV6Enabled {
addrV6 := []string{"[::]"}
if len(tc.Cfg.BindAddressIpv6) > 0 {
addrV6 = tc.Cfg.BindAddressIpv6
}
listenDirectives = append(listenDirectives, httpListener(addrV6, co, &tc, false)...)
listenDirectives = append(listenDirectives, httpListener(addrV6, co, &tc, true)...)
listenDirectives = append(listenDirectives, httpListener(addrV6, co, tc, false)...)
listenDirectives = append(listenDirectives, httpListener(addrV6, co, tc, true)...)
}

return listenDirectives
Expand All @@ -258,7 +258,7 @@ func commonListenOptions(template *config.TemplateConfig, hostname string) []str
return out
}

func httpListener(addresses []string, co []string, tc *config.TemplateConfig, ssl bool) ngx_crossplane.Directives {
func httpListener(addresses, co []string, tc *config.TemplateConfig, ssl bool) ngx_crossplane.Directives {
listeners := make(ngx_crossplane.Directives, 0)
port := tc.ListenPorts.HTTP
isTLSProxy := tc.IsSSLPassthroughEnabled
Expand Down Expand Up @@ -400,7 +400,7 @@ func changeHostPort(newURL, value string) string {
}

func buildAuthSignURLLocation(location, authSignURL string) string {
hasher := sha1.New() // #nosec
hasher := sha1.New() //nolint:gosec // We cannot move away from sha1
hasher.Write([]byte(location))
hasher.Write([]byte(authSignURL))
return "@" + hex.EncodeToString(hasher.Sum(nil))
Expand Down Expand Up @@ -558,7 +558,6 @@ func buildProxyPass(backends []*ingress.Backend, location *ingress.Location) ngx
}

func buildGeoIPDirectives(reloadTime int, files []string) ngx_crossplane.Directives {

directives := make(ngx_crossplane.Directives, 0)
buildGeoIPBlock := func(file string, directives ngx_crossplane.Directives) *ngx_crossplane.Directive {
if reloadTime > 0 && file != "GeoIP2-Connection-Type.mmdb" {
Expand Down
2 changes: 1 addition & 1 deletion internal/ingress/controller/template/template.go
Original file line number Diff line number Diff line change
Expand Up @@ -234,7 +234,7 @@ type LuaListenPorts struct {
}

// Validate is no-op at go-template
func (t *Template) Validate(filename string) error {
func (t *Template) Validate(_ string) error {
return nil
}

Expand Down
1 change: 0 additions & 1 deletion test/e2e/annotations/canary.go
Original file line number Diff line number Diff line change
Expand Up @@ -1106,7 +1106,6 @@ var _ = framework.DescribeAnnotation("canary-*", func() {
!strings.Contains(server, `set $proxy_upstream_name "pstream-default-backend;`) &&
!strings.Contains(server, canaryUpstreamNameCrossplane) &&
strings.Contains(server, upstreamNameCrossplane))

})
})

Expand Down
1 change: 0 additions & 1 deletion test/e2e/annotations/cors.go
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,6 @@ var _ = framework.DescribeAnnotation("cors-*", func() {
func(server string) bool {
return strings.Contains(server, "more_set_headers 'Access-Control-Allow-Methods: POST, GET';") ||
strings.Contains(server, `more_set_headers "Access-Control-Allow-Methods: POST, GET";`)

})
})

Expand Down
2 changes: 0 additions & 2 deletions test/e2e/settings/proxy_host.go
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,6 @@ var _ = framework.IngressNginxDescribe("Dynamic $proxy_host", func() {
})

ginkgo.It("should exist a proxy_host", func() {

h := make(map[string]string)
h["Custom-Header"] = "$proxy_host"
cfgMap := "add-headers-configmap"
Expand All @@ -60,7 +59,6 @@ var _ = framework.IngressNginxDescribe("Dynamic $proxy_host", func() {
})

ginkgo.It("should exist a proxy_host using the upstream-vhost annotation value", func() {

h := make(map[string]string)
h["Custom-Header"] = "$proxy_host"
cfgMap := "add-headers-configmap"
Expand Down

0 comments on commit 52b8c9c

Please sign in to comment.