From 354a8e8dbf888f63f5e3d34e151b809c073e2598 Mon Sep 17 00:00:00 2001 From: Hidde Beydals Date: Mon, 9 Oct 2023 12:08:02 +0200 Subject: [PATCH 01/17] misc: use `Err` prefix for errors Signed-off-by: Hidde Beydals --- internal/controller/bucket_controller_fetch_test.go | 6 +++--- internal/mock/gcs/server.go | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/internal/controller/bucket_controller_fetch_test.go b/internal/controller/bucket_controller_fetch_test.go index be65c1c4..46ae60d5 100644 --- a/internal/controller/bucket_controller_fetch_test.go +++ b/internal/controller/bucket_controller_fetch_test.go @@ -41,7 +41,7 @@ type mockBucketClient struct { objects map[string]mockBucketObject } -var mockNotFound = fmt.Errorf("not found") +var errMockNotFound = fmt.Errorf("not found") func (m mockBucketClient) BucketExists(_ context.Context, name string) (bool, error) { return name == m.bucketName, nil @@ -57,7 +57,7 @@ func (m mockBucketClient) FGetObject(_ context.Context, bucket, obj, path string } object, ok := m.objects[obj] if !ok { - return "", mockNotFound + return "", errMockNotFound } if err := os.WriteFile(path, []byte(object.data), os.FileMode(0660)); err != nil { return "", err @@ -66,7 +66,7 @@ func (m mockBucketClient) FGetObject(_ context.Context, bucket, obj, path string } func (m mockBucketClient) ObjectIsNotFound(e error) bool { - return e == mockNotFound + return e == errMockNotFound } func (m mockBucketClient) VisitObjects(_ context.Context, _ string, f func(key, etag string) error) error { diff --git a/internal/mock/gcs/server.go b/internal/mock/gcs/server.go index 63b60b15..d589a3cb 100644 --- a/internal/mock/gcs/server.go +++ b/internal/mock/gcs/server.go @@ -32,7 +32,7 @@ import ( ) var ( - ObjectNotFound = errors.New("object not found") + ErrObjectNotFound = errors.New("object not found") ) // Object is a mock Server object. @@ -101,7 +101,7 @@ func (s *Server) getObjectFile(key string, generation int64) ([]byte, error) { } } } - return nil, ObjectNotFound + return nil, ErrObjectNotFound } func (s *Server) handler(w http.ResponseWriter, r *http.Request) { From 25400d881020a5d090f5d308cddce4c62f3ac882 Mon Sep 17 00:00:00 2001 From: Hidde Beydals Date: Mon, 9 Oct 2023 12:10:50 +0200 Subject: [PATCH 02/17] misc: remove redundant return statements Signed-off-by: Hidde Beydals --- internal/controller/bucket_controller_fetch_test.go | 4 +--- pkg/azure/blob.go | 4 +--- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/internal/controller/bucket_controller_fetch_test.go b/internal/controller/bucket_controller_fetch_test.go index 46ae60d5..e8fb629d 100644 --- a/internal/controller/bucket_controller_fetch_test.go +++ b/internal/controller/bucket_controller_fetch_test.go @@ -78,9 +78,7 @@ func (m mockBucketClient) VisitObjects(_ context.Context, _ string, f func(key, return nil } -func (m mockBucketClient) Close(_ context.Context) { - return -} +func (m mockBucketClient) Close(_ context.Context) {} func (m *mockBucketClient) addObject(key string, object mockBucketObject) { if m.objects == nil { diff --git a/pkg/azure/blob.go b/pkg/azure/blob.go index 453240c4..58410718 100644 --- a/pkg/azure/blob.go +++ b/pkg/azure/blob.go @@ -286,9 +286,7 @@ func (c *BlobClient) VisitObjects(ctx context.Context, bucketName string, visit } // Close has no effect on BlobClient. -func (c *BlobClient) Close(_ context.Context) { - return -} +func (c *BlobClient) Close(_ context.Context) {} // ObjectIsNotFound checks if the error provided is an azblob.StorageError with // an azblob.StorageErrorCodeBlobNotFound error code. From 8d1c755dd1cd419f363e5706638c3275d2b6c4fa Mon Sep 17 00:00:00 2001 From: Hidde Beydals Date: Mon, 9 Oct 2023 12:13:06 +0200 Subject: [PATCH 03/17] misc: remove unnecessary use of fmt.Sprintf Signed-off-by: Hidde Beydals --- internal/controller/bucket_controller_test.go | 4 ++-- internal/controller/gitrepository_controller.go | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/internal/controller/bucket_controller_test.go b/internal/controller/bucket_controller_test.go index ff7b33f6..f0858335 100644 --- a/internal/controller/bucket_controller_test.go +++ b/internal/controller/bucket_controller_test.go @@ -258,7 +258,7 @@ func TestBucketReconciler_reconcileStorage(t *testing.T) { name: "notices missing artifact in storage", beforeFunc: func(obj *bucketv1.Bucket, storage *Storage) error { obj.Status.Artifact = &sourcev1.Artifact{ - Path: fmt.Sprintf("/reconcile-storage/invalid.txt"), + Path: "/reconcile-storage/invalid.txt", Revision: "d", } storage.SetArtifactURL(obj.Status.Artifact) @@ -339,7 +339,7 @@ func TestBucketReconciler_reconcileStorage(t *testing.T) { name: "updates hostname on diff from current", beforeFunc: func(obj *bucketv1.Bucket, storage *Storage) error { obj.Status.Artifact = &sourcev1.Artifact{ - Path: fmt.Sprintf("/reconcile-storage/hostname.txt"), + Path: "/reconcile-storage/hostname.txt", Revision: "f", Digest: "sha256:3b9c358f36f0a31b6ad3e14f309c7cf198ac9246e8316f9ce543d5b19ac02b80", URL: "http://outdated.com/reconcile-storage/hostname.txt", diff --git a/internal/controller/gitrepository_controller.go b/internal/controller/gitrepository_controller.go index 60736b95..35eb5f69 100644 --- a/internal/controller/gitrepository_controller.go +++ b/internal/controller/gitrepository_controller.go @@ -521,7 +521,7 @@ func (r *GitRepositoryReconciler) reconcileSource(ctx context.Context, sp *patch // Observe if the artifacts still match the previous included ones if artifacts.Diff(obj.Status.IncludedArtifacts) { - message := fmt.Sprintf("included artifacts differ from last observed includes") + message := "included artifacts differ from last observed includes" if obj.Status.IncludedArtifacts != nil { conditions.MarkTrue(obj, sourcev1.ArtifactOutdatedCondition, "IncludeChange", message) } From 0288645875fa80e3701113af0adedbd25bdae6a9 Mon Sep 17 00:00:00 2001 From: Hidde Beydals Date: Mon, 9 Oct 2023 12:14:51 +0200 Subject: [PATCH 04/17] misc: properly handle f.Close() defer Signed-off-by: Hidde Beydals --- internal/controller/bucket_controller_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/controller/bucket_controller_test.go b/internal/controller/bucket_controller_test.go index f0858335..a8f92070 100644 --- a/internal/controller/bucket_controller_test.go +++ b/internal/controller/bucket_controller_test.go @@ -1211,8 +1211,8 @@ func TestBucketReconciler_reconcileArtifact(t *testing.T) { // path. t.Expect(os.RemoveAll(dir)).ToNot(HaveOccurred()) f, err := os.Create(dir) - defer f.Close() t.Expect(err).ToNot(HaveOccurred()) + t.Expect(f.Close()).ToNot(HaveOccurred()) conditions.MarkReconciling(obj, meta.ProgressingReason, "foo") conditions.MarkUnknown(obj, meta.ReadyCondition, "foo", "bar") }, From 691d925addf1e11b25b33be4ec7451889ef46211 Mon Sep 17 00:00:00 2001 From: Hidde Beydals Date: Mon, 9 Oct 2023 13:34:47 +0200 Subject: [PATCH 05/17] misc: ensure return errs are captured Signed-off-by: Hidde Beydals --- internal/controller/bucket_controller_test.go | 12 ++++++------ .../controller/gitrepository_controller_test.go | 12 ++++++------ internal/controller/helmchart_controller_test.go | 12 ++++++------ .../controller/helmrepository_controller_test.go | 13 +++++++------ .../controller/ocirepository_controller_test.go | 4 ++++ pkg/azure/blob_test.go | 5 ++--- 6 files changed, 31 insertions(+), 27 deletions(-) diff --git a/internal/controller/bucket_controller_test.go b/internal/controller/bucket_controller_test.go index a8f92070..5deb3f60 100644 --- a/internal/controller/bucket_controller_test.go +++ b/internal/controller/bucket_controller_test.go @@ -1293,6 +1293,7 @@ func TestBucketReconciler_statusConditions(t *testing.T) { name string beforeFunc func(obj *bucketv1.Bucket) assertConditions []metav1.Condition + wantErr bool }{ { name: "positive conditions only", @@ -1317,6 +1318,7 @@ func TestBucketReconciler_statusConditions(t *testing.T) { *conditions.TrueCondition(sourcev1.StorageOperationFailedCondition, sourcev1.DirCreationFailedReason, "failed to create directory"), *conditions.TrueCondition(sourcev1.ArtifactOutdatedCondition, "NewRevision", "some error"), }, + wantErr: true, }, { name: "mixed positive and negative conditions", @@ -1329,6 +1331,7 @@ func TestBucketReconciler_statusConditions(t *testing.T) { *conditions.TrueCondition(sourcev1.FetchFailedCondition, sourcev1.AuthenticationFailedReason, "failed to get secret"), *conditions.TrueCondition(sourcev1.ArtifactInStorageCondition, meta.SucceededReason, "stored artifact for revision"), }, + wantErr: true, }, } @@ -1360,21 +1363,18 @@ func TestBucketReconciler_statusConditions(t *testing.T) { } ctx := context.TODO() - recResult := sreconcile.ResultSuccess - var retErr error - summarizeHelper := summarize.NewHelper(record.NewFakeRecorder(32), serialPatcher) summarizeOpts := []summarize.Option{ summarize.WithConditions(bucketReadyCondition), - summarize.WithReconcileResult(recResult), - summarize.WithReconcileError(retErr), + summarize.WithReconcileResult(sreconcile.ResultSuccess), summarize.WithIgnoreNotFound(), summarize.WithResultBuilder(sreconcile.AlwaysRequeueResultBuilder{ RequeueAfter: jitter.JitteredIntervalDuration(obj.GetRequeueAfter()), }), summarize.WithPatchFieldOwner("source-controller"), } - _, retErr = summarizeHelper.SummarizeAndPatch(ctx, obj, summarizeOpts...) + _, err := summarizeHelper.SummarizeAndPatch(ctx, obj, summarizeOpts...) + g.Expect(err != nil).To(Equal(tt.wantErr)) key := client.ObjectKeyFromObject(obj) g.Expect(c.Get(ctx, key, obj)).ToNot(HaveOccurred()) diff --git a/internal/controller/gitrepository_controller_test.go b/internal/controller/gitrepository_controller_test.go index 62b8dada..e46533ad 100644 --- a/internal/controller/gitrepository_controller_test.go +++ b/internal/controller/gitrepository_controller_test.go @@ -2328,6 +2328,7 @@ func TestGitRepositoryReconciler_statusConditions(t *testing.T) { name string beforeFunc func(obj *sourcev1.GitRepository) assertConditions []metav1.Condition + wantErr bool }{ { name: "multiple positive conditions", @@ -2356,6 +2357,7 @@ func TestGitRepositoryReconciler_statusConditions(t *testing.T) { *conditions.TrueCondition(sourcev1.StorageOperationFailedCondition, sourcev1.DirCreationFailedReason, "failed to create directory"), *conditions.TrueCondition(sourcev1.ArtifactOutdatedCondition, "NewRevision", "some error"), }, + wantErr: true, }, { name: "mixed positive and negative conditions", @@ -2368,6 +2370,7 @@ func TestGitRepositoryReconciler_statusConditions(t *testing.T) { *conditions.TrueCondition(sourcev1.FetchFailedCondition, sourcev1.AuthenticationFailedReason, "failed to get secret"), *conditions.TrueCondition(sourcev1.ArtifactInStorageCondition, meta.SucceededReason, "stored artifact for revision"), }, + wantErr: true, }, } @@ -2400,22 +2403,19 @@ func TestGitRepositoryReconciler_statusConditions(t *testing.T) { } ctx := context.TODO() - recResult := sreconcile.ResultSuccess - var retErr error - summarizeHelper := summarize.NewHelper(record.NewFakeRecorder(32), serialPatcher) summarizeOpts := []summarize.Option{ summarize.WithConditions(gitRepositoryReadyCondition), summarize.WithBiPolarityConditionTypes(sourcev1.SourceVerifiedCondition), - summarize.WithReconcileResult(recResult), - summarize.WithReconcileError(retErr), + summarize.WithReconcileResult(sreconcile.ResultSuccess), summarize.WithIgnoreNotFound(), summarize.WithResultBuilder(sreconcile.AlwaysRequeueResultBuilder{ RequeueAfter: jitter.JitteredIntervalDuration(obj.GetRequeueAfter()), }), summarize.WithPatchFieldOwner("source-controller"), } - _, retErr = summarizeHelper.SummarizeAndPatch(ctx, obj, summarizeOpts...) + _, err := summarizeHelper.SummarizeAndPatch(ctx, obj, summarizeOpts...) + g.Expect(err != nil).To(Equal(tt.wantErr)) key := client.ObjectKeyFromObject(obj) g.Expect(c.Get(ctx, key, obj)).ToNot(HaveOccurred()) diff --git a/internal/controller/helmchart_controller_test.go b/internal/controller/helmchart_controller_test.go index 3d5fc5c7..1b22bc01 100644 --- a/internal/controller/helmchart_controller_test.go +++ b/internal/controller/helmchart_controller_test.go @@ -2029,6 +2029,7 @@ func TestHelmChartReconciler_statusConditions(t *testing.T) { name string beforeFunc func(obj *helmv1.HelmChart) assertConditions []metav1.Condition + wantErr bool }{ { name: "positive conditions only", @@ -2055,6 +2056,7 @@ func TestHelmChartReconciler_statusConditions(t *testing.T) { *conditions.TrueCondition(sourcev1.BuildFailedCondition, "ChartPackageError", "some error"), *conditions.TrueCondition(sourcev1.ArtifactOutdatedCondition, "NewRevision", "some error"), }, + wantErr: true, }, { name: "mixed positive and negative conditions", @@ -2067,6 +2069,7 @@ func TestHelmChartReconciler_statusConditions(t *testing.T) { *conditions.TrueCondition(sourcev1.FetchFailedCondition, sourcev1.AuthenticationFailedReason, "failed to get secret"), *conditions.TrueCondition(sourcev1.ArtifactInStorageCondition, meta.SucceededReason, "stored artifact for revision"), }, + wantErr: true, }, } @@ -2098,22 +2101,19 @@ func TestHelmChartReconciler_statusConditions(t *testing.T) { } ctx := context.TODO() - recResult := sreconcile.ResultSuccess - var retErr error - summarizeHelper := summarize.NewHelper(record.NewFakeRecorder(32), serialPatcher) summarizeOpts := []summarize.Option{ summarize.WithConditions(helmChartReadyCondition), summarize.WithBiPolarityConditionTypes(sourcev1.SourceVerifiedCondition), - summarize.WithReconcileResult(recResult), - summarize.WithReconcileError(retErr), + summarize.WithReconcileResult(sreconcile.ResultSuccess), summarize.WithIgnoreNotFound(), summarize.WithResultBuilder(sreconcile.AlwaysRequeueResultBuilder{ RequeueAfter: jitter.JitteredIntervalDuration(obj.GetRequeueAfter()), }), summarize.WithPatchFieldOwner("source-controller"), } - _, retErr = summarizeHelper.SummarizeAndPatch(ctx, obj, summarizeOpts...) + _, err := summarizeHelper.SummarizeAndPatch(ctx, obj, summarizeOpts...) + g.Expect(err != nil).To(Equal(tt.wantErr)) key := client.ObjectKeyFromObject(obj) g.Expect(c.Get(ctx, key, obj)).ToNot(HaveOccurred()) diff --git a/internal/controller/helmrepository_controller_test.go b/internal/controller/helmrepository_controller_test.go index 2c90ae91..dcd7df2a 100644 --- a/internal/controller/helmrepository_controller_test.go +++ b/internal/controller/helmrepository_controller_test.go @@ -1254,6 +1254,7 @@ func TestHelmRepositoryReconciler_statusConditions(t *testing.T) { name string beforeFunc func(obj *helmv1.HelmRepository) assertConditions []metav1.Condition + wantErr bool }{ { name: "positive conditions only", @@ -1264,6 +1265,7 @@ func TestHelmRepositoryReconciler_statusConditions(t *testing.T) { *conditions.TrueCondition(meta.ReadyCondition, meta.SucceededReason, "stored artifact for revision"), *conditions.TrueCondition(sourcev1.ArtifactInStorageCondition, meta.SucceededReason, "stored artifact for revision"), }, + wantErr: false, }, { name: "multiple failures", @@ -1278,6 +1280,7 @@ func TestHelmRepositoryReconciler_statusConditions(t *testing.T) { *conditions.TrueCondition(sourcev1.StorageOperationFailedCondition, sourcev1.DirCreationFailedReason, "failed to create directory"), *conditions.TrueCondition(sourcev1.ArtifactOutdatedCondition, "NewRevision", "some error"), }, + wantErr: true, }, { name: "mixed positive and negative conditions", @@ -1290,6 +1293,7 @@ func TestHelmRepositoryReconciler_statusConditions(t *testing.T) { *conditions.TrueCondition(sourcev1.FetchFailedCondition, sourcev1.AuthenticationFailedReason, "failed to get secret"), *conditions.TrueCondition(sourcev1.ArtifactInStorageCondition, meta.SucceededReason, "stored artifact for revision"), }, + wantErr: true, }, } @@ -1321,19 +1325,16 @@ func TestHelmRepositoryReconciler_statusConditions(t *testing.T) { } ctx := context.TODO() - recResult := sreconcile.ResultSuccess - var retErr error - summarizeHelper := summarize.NewHelper(record.NewFakeRecorder(32), serialPatcher) summarizeOpts := []summarize.Option{ summarize.WithConditions(helmRepositoryReadyCondition), - summarize.WithReconcileResult(recResult), - summarize.WithReconcileError(retErr), + summarize.WithReconcileResult(sreconcile.ResultSuccess), summarize.WithIgnoreNotFound(), summarize.WithResultBuilder(sreconcile.AlwaysRequeueResultBuilder{RequeueAfter: obj.GetRequeueAfter()}), summarize.WithPatchFieldOwner("source-controller"), } - _, retErr = summarizeHelper.SummarizeAndPatch(ctx, obj, summarizeOpts...) + _, err := summarizeHelper.SummarizeAndPatch(ctx, obj, summarizeOpts...) + g.Expect(err != nil).To(Equal(tt.wantErr)) key := client.ObjectKeyFromObject(obj) g.Expect(c.Get(ctx, key, obj)).ToNot(HaveOccurred()) diff --git a/internal/controller/ocirepository_controller_test.go b/internal/controller/ocirepository_controller_test.go index 18ee68dc..95792953 100644 --- a/internal/controller/ocirepository_controller_test.go +++ b/internal/controller/ocirepository_controller_test.go @@ -119,6 +119,7 @@ func TestOCIRepository_Reconcile(t *testing.T) { }) podinfoVersions, err := pushMultiplePodinfoImages(regServer.registryHost, true, "6.1.4", "6.1.5", "6.1.6") + g.Expect(err).ToNot(HaveOccurred()) tests := []struct { name string @@ -305,6 +306,7 @@ func TestOCIRepository_Reconcile_MediaType(t *testing.T) { }) podinfoVersions, err := pushMultiplePodinfoImages(regServer.registryHost, true, "6.1.4", "6.1.5", "6.1.6") + g.Expect(err).ToNot(HaveOccurred()) tests := []struct { name string @@ -997,6 +999,8 @@ func TestOCIRepository_reconcileSource_remoteReference(t *testing.T) { }) podinfoVersions, err := pushMultiplePodinfoImages(server.registryHost, true, "6.1.4", "6.1.5", "6.1.6") + g.Expect(err).ToNot(HaveOccurred()) + img6 := podinfoVersions["6.1.6"] img5 := podinfoVersions["6.1.5"] diff --git a/pkg/azure/blob_test.go b/pkg/azure/blob_test.go index 866317e2..56a3ca0b 100644 --- a/pkg/azure/blob_test.go +++ b/pkg/azure/blob_test.go @@ -364,16 +364,15 @@ func Test_sasTokenFromSecret(t *testing.T) { t.Run(tt.name, func(t *testing.T) { g := NewWithT(t) - _, err := url.ParseQuery("") got, err := sasTokenFromSecret(tt.endpoint, tt.secret) g.Expect(err != nil).To(Equal(tt.wantErr)) if tt.want != "" { - ttVaules, err := url.Parse(tt.want) + ttValues, err := url.Parse(tt.want) g.Expect(err).To(BeNil()) gotValues, err := url.Parse(got) g.Expect(err).To(BeNil()) - g.Expect(gotValues.Query()).To(Equal(ttVaules.Query())) + g.Expect(gotValues.Query()).To(Equal(ttValues.Query())) return } g.Expect(got).To(Equal("")) From 3a0c27926efc8ebc332620730ba3a9b5c92fe0a9 Mon Sep 17 00:00:00 2001 From: Hidde Beydals Date: Mon, 9 Oct 2023 13:36:22 +0200 Subject: [PATCH 06/17] misc: simplify by directly returning bool Signed-off-by: Hidde Beydals --- internal/controller/gitrepository_controller.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/controller/gitrepository_controller.go b/internal/controller/gitrepository_controller.go index 35eb5f69..71ce654f 100644 --- a/internal/controller/gitrepository_controller.go +++ b/internal/controller/gitrepository_controller.go @@ -366,7 +366,7 @@ func (r *GitRepositoryReconciler) shouldNotify(oldObj, newObj *sourcev1.GitRepos if resErr != nil && res == sreconcile.ResultEmpty && newObj.Status.Artifact != nil { // Convert to Generic error and check for ignore. if ge, ok := resErr.(*serror.Generic); ok { - return ge.Ignore == true + return ge.Ignore } } return false From d56d0a7ad79977c7941d607c80059f786e71c9d8 Mon Sep 17 00:00:00 2001 From: Hidde Beydals Date: Mon, 9 Oct 2023 13:38:09 +0200 Subject: [PATCH 07/17] misc: address `k8s.io/utils/pointer` deprecation Signed-off-by: Hidde Beydals --- go.mod | 2 +- go.sum | 4 +-- .../controller/gitrepository_controller.go | 4 +-- .../gitrepository_controller_test.go | 12 +++---- .../controller/ocirepository_controller.go | 4 +-- .../ocirepository_controller_test.go | 36 +++++++++---------- main.go | 4 +-- 7 files changed, 33 insertions(+), 33 deletions(-) diff --git a/go.mod b/go.mod index 2fc7ba51..825037e0 100644 --- a/go.mod +++ b/go.mod @@ -68,7 +68,7 @@ require ( k8s.io/api v0.27.4 k8s.io/apimachinery v0.27.4 k8s.io/client-go v0.27.4 - k8s.io/utils v0.0.0-20230505201702-9f6742963106 + k8s.io/utils v0.0.0-20230726121419-3b25d923346b sigs.k8s.io/cli-utils v0.35.0 sigs.k8s.io/controller-runtime v0.15.1 sigs.k8s.io/yaml v1.3.0 diff --git a/go.sum b/go.sum index c1b66ffd..422278ea 100644 --- a/go.sum +++ b/go.sum @@ -1808,8 +1808,8 @@ k8s.io/kube-openapi v0.0.0-20230515203736-54b630e78af5 h1:azYPdzztXxPSa8wb+hksEK k8s.io/kube-openapi v0.0.0-20230515203736-54b630e78af5/go.mod h1:kzo02I3kQ4BTtEfVLaPbjvCkX97YqGve33wzlb3fofQ= k8s.io/kubectl v0.27.3 h1:HyC4o+8rCYheGDWrkcOQHGwDmyLKR5bxXFgpvF82BOw= k8s.io/kubectl v0.27.3/go.mod h1:g9OQNCC2zxT+LT3FS09ZYqnDhlvsKAfFq76oyarBcq4= -k8s.io/utils v0.0.0-20230505201702-9f6742963106 h1:EObNQ3TW2D+WptiYXlApGNLVy0zm/JIBVY9i+M4wpAU= -k8s.io/utils v0.0.0-20230505201702-9f6742963106/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI= +k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= oras.land/oras-go v1.2.3 h1:v8PJl+gEAntI1pJ/LCrDgsuk+1PKVavVEPsYIHFE5uY= oras.land/oras-go v1.2.3/go.mod h1:M/uaPdYklze0Vf3AakfarnpoEckvw0ESbRdN8Z1vdJg= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= diff --git a/internal/controller/gitrepository_controller.go b/internal/controller/gitrepository_controller.go index 71ce654f..2440904a 100644 --- a/internal/controller/gitrepository_controller.go +++ b/internal/controller/gitrepository_controller.go @@ -33,7 +33,7 @@ import ( "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/types" kuberecorder "k8s.io/client-go/tools/record" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/builder" "sigs.k8s.io/controller-runtime/pkg/client" @@ -1106,7 +1106,7 @@ func (r *GitRepositoryReconciler) eventLogf(ctx context.Context, obj runtime.Obj // changed and requires rebuilding the artifact. Rebuilding the artifact is also // required if the object needs to be (re)verified. func gitContentConfigChanged(obj *sourcev1.GitRepository, includes *artifactSet) bool { - if !pointer.StringEqual(obj.Spec.Ignore, obj.Status.ObservedIgnore) { + if !ptr.Equal(obj.Spec.Ignore, obj.Status.ObservedIgnore) { return true } if obj.Spec.RecurseSubmodules != obj.Status.ObservedRecurseSubmodules { diff --git a/internal/controller/gitrepository_controller_test.go b/internal/controller/gitrepository_controller_test.go index e46533ad..b291fbe4 100644 --- a/internal/controller/gitrepository_controller_test.go +++ b/internal/controller/gitrepository_controller_test.go @@ -40,7 +40,7 @@ import ( corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/tools/record" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" kstatus "sigs.k8s.io/cli-utils/pkg/kstatus/status" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" @@ -827,7 +827,7 @@ func TestGitRepositoryReconciler_reconcileSource_checkoutStrategy(t *testing.T) }, beforeFunc: func(obj *sourcev1.GitRepository, latestRev string) { // Set new ignore value. - obj.Spec.Ignore = pointer.StringPtr("foo") + obj.Spec.Ignore = ptr.To("foo") // Add existing artifact on the object and storage. obj.Status = sourcev1.GitRepositoryStatus{ Artifact: &sourcev1.Artifact{ @@ -1001,7 +1001,7 @@ func TestGitRepositoryReconciler_reconcileArtifact(t *testing.T) { dir: "testdata/git/repository", beforeFunc: func(obj *sourcev1.GitRepository) { obj.Spec.Interval = metav1.Duration{Duration: interval} - obj.Spec.Ignore = pointer.StringPtr("!**.txt\n") + obj.Spec.Ignore = ptr.To("!**.txt\n") }, afterFunc: func(t *WithT, obj *sourcev1.GitRepository) { t.Expect(obj.GetArtifact()).ToNot(BeNil()) @@ -2833,15 +2833,15 @@ func TestGitContentConfigChanged(t *testing.T) { { name: "unobserved ignore", obj: sourcev1.GitRepository{ - Spec: sourcev1.GitRepositorySpec{Ignore: pointer.String("foo")}, + Spec: sourcev1.GitRepositorySpec{Ignore: ptr.To("foo")}, }, want: true, }, { name: "observed ignore", obj: sourcev1.GitRepository{ - Spec: sourcev1.GitRepositorySpec{Ignore: pointer.String("foo")}, - Status: sourcev1.GitRepositoryStatus{ObservedIgnore: pointer.String("foo")}, + Spec: sourcev1.GitRepositorySpec{Ignore: ptr.To("foo")}, + Status: sourcev1.GitRepositoryStatus{ObservedIgnore: ptr.To("foo")}, }, want: false, }, diff --git a/internal/controller/ocirepository_controller.go b/internal/controller/ocirepository_controller.go index 7257b966..cce10c82 100644 --- a/internal/controller/ocirepository_controller.go +++ b/internal/controller/ocirepository_controller.go @@ -41,7 +41,7 @@ import ( "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/sets" kuberecorder "k8s.io/client-go/tools/record" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/builder" @@ -1176,7 +1176,7 @@ type remoteOptions []remote.Option // of the artifact in the status to determine if artifact content configuration // has changed and requires rebuilding the artifact. func ociContentConfigChanged(obj *ociv1.OCIRepository) bool { - if !pointer.StringEqual(obj.Spec.Ignore, obj.Status.ObservedIgnore) { + if !ptr.Equal(obj.Spec.Ignore, obj.Status.ObservedIgnore) { return true } diff --git a/internal/controller/ocirepository_controller_test.go b/internal/controller/ocirepository_controller_test.go index 95792953..6eeddf03 100644 --- a/internal/controller/ocirepository_controller_test.go +++ b/internal/controller/ocirepository_controller_test.go @@ -48,7 +48,7 @@ import ( apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/tools/record" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" kstatus "sigs.k8s.io/cli-utils/pkg/kstatus/status" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" @@ -1483,7 +1483,7 @@ func TestOCIRepository_reconcileSource_noop(t *testing.T) { { name: "full reconcile - same rev, unobserved ignore", beforeFunc: func(obj *ociv1.OCIRepository) { - obj.Status.ObservedIgnore = pointer.String("aaa") + obj.Status.ObservedIgnore = ptr.To("aaa") obj.Status.Artifact = &sourcev1.Artifact{ Revision: testRevision, } @@ -1495,8 +1495,8 @@ func TestOCIRepository_reconcileSource_noop(t *testing.T) { { name: "noop - same rev, observed ignore", beforeFunc: func(obj *ociv1.OCIRepository) { - obj.Spec.Ignore = pointer.String("aaa") - obj.Status.ObservedIgnore = pointer.String("aaa") + obj.Spec.Ignore = ptr.To("aaa") + obj.Status.ObservedIgnore = ptr.To("aaa") obj.Status.Artifact = &sourcev1.Artifact{ Revision: testRevision, } @@ -1651,7 +1651,7 @@ func TestOCIRepository_reconcileArtifact(t *testing.T) { targetPath: "testdata/oci/repository", artifact: &sourcev1.Artifact{Revision: "revision"}, beforeFunc: func(obj *ociv1.OCIRepository) { - obj.Spec.Ignore = pointer.String("foo.txt") + obj.Spec.Ignore = ptr.To("foo.txt") }, want: sreconcile.ResultSuccess, assertPaths: []string{ @@ -1691,7 +1691,7 @@ func TestOCIRepository_reconcileArtifact(t *testing.T) { }, beforeFunc: func(obj *ociv1.OCIRepository) { obj.Status.Artifact = &sourcev1.Artifact{Revision: "revision"} - obj.Spec.Ignore = pointer.String("aaa") + obj.Spec.Ignore = ptr.To("aaa") }, want: sreconcile.ResultSuccess, assertPaths: []string{ @@ -1758,10 +1758,10 @@ func TestOCIRepository_reconcileArtifact(t *testing.T) { Revision: "revision", }, beforeFunc: func(obj *ociv1.OCIRepository) { - obj.Spec.Ignore = pointer.String("aaa") + obj.Spec.Ignore = ptr.To("aaa") obj.Spec.LayerSelector = &ociv1.OCILayerSelector{MediaType: "foo"} obj.Status.Artifact = &sourcev1.Artifact{Revision: "revision"} - obj.Status.ObservedIgnore = pointer.String("aaa") + obj.Status.ObservedIgnore = ptr.To("aaa") obj.Status.ObservedLayerSelector = &ociv1.OCILayerSelector{MediaType: "foo"} }, want: sreconcile.ResultSuccess, @@ -2544,34 +2544,34 @@ func TestOCIContentConfigChanged(t *testing.T) { { name: "same ignore, no layer selector", spec: ociv1.OCIRepositorySpec{ - Ignore: pointer.String("nnn"), + Ignore: ptr.To("nnn"), }, status: ociv1.OCIRepositoryStatus{ - ObservedIgnore: pointer.String("nnn"), + ObservedIgnore: ptr.To("nnn"), }, want: false, }, { name: "different ignore, no layer selector", spec: ociv1.OCIRepositorySpec{ - Ignore: pointer.String("nnn"), + Ignore: ptr.To("nnn"), }, status: ociv1.OCIRepositoryStatus{ - ObservedIgnore: pointer.String("mmm"), + ObservedIgnore: ptr.To("mmm"), }, want: true, }, { name: "same ignore, same layer selector", spec: ociv1.OCIRepositorySpec{ - Ignore: pointer.String("nnn"), + Ignore: ptr.To("nnn"), LayerSelector: &ociv1.OCILayerSelector{ MediaType: "foo", Operation: ociv1.OCILayerExtract, }, }, status: ociv1.OCIRepositoryStatus{ - ObservedIgnore: pointer.String("nnn"), + ObservedIgnore: ptr.To("nnn"), ObservedLayerSelector: &ociv1.OCILayerSelector{ MediaType: "foo", Operation: ociv1.OCILayerExtract, @@ -2582,14 +2582,14 @@ func TestOCIContentConfigChanged(t *testing.T) { { name: "same ignore, different layer selector operation", spec: ociv1.OCIRepositorySpec{ - Ignore: pointer.String("nnn"), + Ignore: ptr.To("nnn"), LayerSelector: &ociv1.OCILayerSelector{ MediaType: "foo", Operation: ociv1.OCILayerCopy, }, }, status: ociv1.OCIRepositoryStatus{ - ObservedIgnore: pointer.String("nnn"), + ObservedIgnore: ptr.To("nnn"), ObservedLayerSelector: &ociv1.OCILayerSelector{ MediaType: "foo", Operation: ociv1.OCILayerExtract, @@ -2600,14 +2600,14 @@ func TestOCIContentConfigChanged(t *testing.T) { { name: "same ignore, different layer selector mediatype", spec: ociv1.OCIRepositorySpec{ - Ignore: pointer.String("nnn"), + Ignore: ptr.To("nnn"), LayerSelector: &ociv1.OCILayerSelector{ MediaType: "bar", Operation: ociv1.OCILayerExtract, }, }, status: ociv1.OCIRepositoryStatus{ - ObservedIgnore: pointer.String("nnn"), + ObservedIgnore: ptr.To("nnn"), ObservedLayerSelector: &ociv1.OCILayerSelector{ MediaType: "foo", Operation: ociv1.OCILayerExtract, diff --git a/main.go b/main.go index a7918634..4e7a79f0 100644 --- a/main.go +++ b/main.go @@ -31,7 +31,7 @@ import ( clientgoscheme "k8s.io/client-go/kubernetes/scheme" _ "k8s.io/client-go/plugin/pkg/client/auth/gcp" "k8s.io/client-go/tools/record" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" ctrl "sigs.k8s.io/controller-runtime" ctrlcache "sigs.k8s.io/controller-runtime/pkg/cache" ctrlclient "sigs.k8s.io/controller-runtime/pkg/client" @@ -371,7 +371,7 @@ func mustSetupManager(metricsAddr, healthAddr string, maxConcurrent int, Namespaces: []string{watchNamespace}, }, Controller: ctrlcfg.Controller{ - RecoverPanic: pointer.Bool(true), + RecoverPanic: ptr.To(true), MaxConcurrentReconciles: maxConcurrent, }, }) From 0a27f6ac902d4eb84046c277a318581cf65798c5 Mon Sep 17 00:00:00 2001 From: Hidde Beydals Date: Mon, 9 Oct 2023 13:39:14 +0200 Subject: [PATCH 08/17] misc: `iotuil` deprecation Signed-off-by: Hidde Beydals --- internal/controller/suite_test.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/internal/controller/suite_test.go b/internal/controller/suite_test.go index 2429b58a..b78987af 100644 --- a/internal/controller/suite_test.go +++ b/internal/controller/suite_test.go @@ -23,7 +23,6 @@ import ( "crypto/x509" "fmt" "io" - "io/ioutil" "log" "math/rand" "net" @@ -174,7 +173,7 @@ func setupRegistryServer(ctx context.Context, workspaceDir string, opts registry server.registryHost = fmt.Sprintf("example.com:%d", port) // Disable DNS server logging as it is extremely chatty. dnsLog := log.Default() - dnsLog.SetOutput(ioutil.Discard) + dnsLog.SetOutput(io.Discard) server.dnsServer, err = mockdns.NewServerWithLogger(map[string]mockdns.Zone{ "example.com.": { A: []string{"127.0.0.1"}, From d9dbd1bdb78f06f490160c2c9327523f1d4a1d2d Mon Sep 17 00:00:00 2001 From: Hidde Beydals Date: Mon, 9 Oct 2023 13:40:01 +0200 Subject: [PATCH 09/17] misc: `rand.Seed` deprecation See: https://pkg.go.dev/math/rand@go1.20#Seed Signed-off-by: Hidde Beydals --- internal/controller/suite_test.go | 4 ---- pkg/azure/blob_integration_test.go | 4 ---- 2 files changed, 8 deletions(-) diff --git a/internal/controller/suite_test.go b/internal/controller/suite_test.go index b78987af..faa775d8 100644 --- a/internal/controller/suite_test.go +++ b/internal/controller/suite_test.go @@ -116,10 +116,6 @@ var ( testCache *cache.Cache ) -func init() { - rand.Seed(time.Now().UnixNano()) -} - type registryClientTestServer struct { out io.Writer registryHost string diff --git a/pkg/azure/blob_integration_test.go b/pkg/azure/blob_integration_test.go index 43f1b7a2..240fa949 100644 --- a/pkg/azure/blob_integration_test.go +++ b/pkg/azure/blob_integration_test.go @@ -81,10 +81,6 @@ test: file2 } ) -func init() { - rand.Seed(time.Now().UnixNano()) -} - func TestMain(m *testing.M) { var err error cred, err = blob.NewSharedKeyCredential(testAccountName, testAccountKey) From a74eb57811ccbfb3a9544fcc4d8e1926d2331eb9 Mon Sep 17 00:00:00 2001 From: Hidde Beydals Date: Mon, 9 Oct 2023 13:42:46 +0200 Subject: [PATCH 10/17] misc: `math/rand.Read()` has been deprecated See: https://pkg.go.dev/math/rand@go1.20#Read Signed-off-by: Hidde Beydals --- internal/helm/chart/builder_test.go | 2 +- pkg/azure/blob_integration_test.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/internal/helm/chart/builder_test.go b/internal/helm/chart/builder_test.go index 0fac78cb..47e2909a 100644 --- a/internal/helm/chart/builder_test.go +++ b/internal/helm/chart/builder_test.go @@ -17,8 +17,8 @@ limitations under the License. package chart import ( + "crypto/rand" "encoding/hex" - "math/rand" "os" "path/filepath" "testing" diff --git a/pkg/azure/blob_integration_test.go b/pkg/azure/blob_integration_test.go index 240fa949..c468e9fc 100644 --- a/pkg/azure/blob_integration_test.go +++ b/pkg/azure/blob_integration_test.go @@ -21,11 +21,11 @@ package azure import ( "context" "crypto/md5" + "crypto/rand" "encoding/hex" "errors" "fmt" "log" - "math/rand" "os" "path/filepath" "strings" From 20230811e4a2ef805a166a554f3c9d2e7fa337c8 Mon Sep 17 00:00:00 2001 From: Hidde Beydals Date: Mon, 9 Oct 2023 13:57:05 +0200 Subject: [PATCH 11/17] misc: address duplicate imports Signed-off-by: Hidde Beydals --- internal/controller/ocirepository_controller.go | 5 ++--- internal/controller/ocirepository_controller_test.go | 3 +-- internal/helm/registry/auth.go | 3 +-- pkg/azure/blob.go | 1 - 4 files changed, 4 insertions(+), 8 deletions(-) diff --git a/internal/controller/ocirepository_controller.go b/internal/controller/ocirepository_controller.go index cce10c82..0c43d565 100644 --- a/internal/controller/ocirepository_controller.go +++ b/internal/controller/ocirepository_controller.go @@ -34,7 +34,6 @@ import ( "github.com/google/go-containerregistry/pkg/authn/k8schain" "github.com/google/go-containerregistry/pkg/name" gcrv1 "github.com/google/go-containerregistry/pkg/v1" - v1 "github.com/google/go-containerregistry/pkg/v1" "github.com/google/go-containerregistry/pkg/v1/remote" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/runtime" @@ -578,13 +577,13 @@ func (r *OCIRepositoryReconciler) selectLayer(obj *ociv1.OCIRepository, image gc func (r *OCIRepositoryReconciler) getRevision(ref name.Reference, options []remote.Option) (string, error) { switch ref := ref.(type) { case name.Digest: - digest, err := v1.NewHash(ref.DigestStr()) + digest, err := gcrv1.NewHash(ref.DigestStr()) if err != nil { return "", err } return digest.String(), nil case name.Tag: - var digest v1.Hash + var digest gcrv1.Hash desc, err := remote.Head(ref, options...) if err == nil { diff --git a/internal/controller/ocirepository_controller_test.go b/internal/controller/ocirepository_controller_test.go index 6eeddf03..8723cba1 100644 --- a/internal/controller/ocirepository_controller_test.go +++ b/internal/controller/ocirepository_controller_test.go @@ -19,7 +19,6 @@ package controller import ( "crypto/rand" "crypto/tls" - cryptotls "crypto/tls" "crypto/x509" "crypto/x509/pkix" "encoding/pem" @@ -830,7 +829,7 @@ func TestOCIRepository_reconcileSource_authStrategy(t *testing.T) { func makeTransport(insecure bool) http.RoundTripper { transport := remote.DefaultTransport.(*http.Transport).Clone() if insecure { - transport.TLSClientConfig = &cryptotls.Config{ + transport.TLSClientConfig = &tls.Config{ InsecureSkipVerify: true, } } diff --git a/internal/helm/registry/auth.go b/internal/helm/registry/auth.go index d6a567d2..1b9b3332 100644 --- a/internal/helm/registry/auth.go +++ b/internal/helm/registry/auth.go @@ -26,7 +26,6 @@ import ( "github.com/fluxcd/source-controller/internal/oci" "github.com/google/go-containerregistry/pkg/authn" "helm.sh/helm/v3/pkg/registry" - helmreg "helm.sh/helm/v3/pkg/registry" corev1 "k8s.io/api/core/v1" ) @@ -143,7 +142,7 @@ func (r stringResource) RegistryStr() string { // NewLoginOption returns a registry login option for the given HelmRepository. // If the HelmRepository does not specify a secretRef, a nil login option is returned. -func NewLoginOption(auth authn.Authenticator, keychain authn.Keychain, registryURL string) (helmreg.LoginOption, error) { +func NewLoginOption(auth authn.Authenticator, keychain authn.Keychain, registryURL string) (registry.LoginOption, error) { if auth != nil { return AuthAdaptHelper(auth) } diff --git a/pkg/azure/blob.go b/pkg/azure/blob.go index 58410718..ae5e54a7 100644 --- a/pkg/azure/blob.go +++ b/pkg/azure/blob.go @@ -31,7 +31,6 @@ import ( "github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud" "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - _ "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/storage/azblob" "github.com/Azure/azure-sdk-for-go/sdk/storage/azblob/bloberror" corev1 "k8s.io/api/core/v1" From cdb43f1999355740a8a48e2af1bb119f026f83ae Mon Sep 17 00:00:00 2001 From: Hidde Beydals Date: Mon, 9 Oct 2023 14:53:05 +0200 Subject: [PATCH 12/17] misc: add test case for invalid tag signature Signed-off-by: Hidde Beydals --- .../gitrepository_controller_test.go | 35 +++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/internal/controller/gitrepository_controller_test.go b/internal/controller/gitrepository_controller_test.go index b291fbe4..28e0dede 100644 --- a/internal/controller/gitrepository_controller_test.go +++ b/internal/controller/gitrepository_controller_test.go @@ -1849,6 +1849,41 @@ func TestGitRepositoryReconciler_verifySignature(t *testing.T) { *conditions.FalseCondition(sourcev1.SourceVerifiedCondition, "InvalidCommitSignature", "signature verification of commit 'shasum' failed: unable to verify Git commit: unable to verify payload with any of the given key rings"), }, }, + { + name: "Invalid tag signature with mode=tag makes SourceVerifiedCondition=False", + secret: &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "existing", + }, + Data: map[string][]byte{ + "foo": []byte(armoredKeyRingFixture), + }, + }, + commit: git.Commit{ + ReferencingTag: &git.Tag{ + Name: "v0.1.0", + Hash: []byte("shasum"), + Encoded: []byte(malformedEncodedTagFixture), + Signature: signatureTagFixture, + }, + }, + beforeFunc: func(obj *sourcev1.GitRepository) { + obj.Spec.Reference = &sourcev1.GitRepositoryRef{ + Tag: "v0.1.0", + } + obj.Spec.Interval = metav1.Duration{Duration: interval} + obj.Spec.Verification = &sourcev1.GitRepositoryVerification{ + Mode: sourcev1.ModeGitTag, + SecretRef: meta.LocalObjectReference{ + Name: "existing", + }, + } + }, + wantErr: true, + assertConditions: []metav1.Condition{ + *conditions.FalseCondition(sourcev1.SourceVerifiedCondition, "InvalidTagSignature", "signature verification of tag 'v0.1.0@shasum' failed: unable to verify Git tag: unable to verify payload with any of the given key rings"), + }, + }, { name: "Invalid PGP key makes SourceVerifiedCondition=False and returns error", secret: &corev1.Secret{ From a70b3f37c085b838809830c1f7e613e498d70bb4 Mon Sep 17 00:00:00 2001 From: Hidde Beydals Date: Mon, 9 Oct 2023 14:53:22 +0200 Subject: [PATCH 13/17] misc: remove unused code Signed-off-by: Hidde Beydals --- .../ocirepository_controller_test.go | 43 ------------------- 1 file changed, 43 deletions(-) diff --git a/internal/controller/ocirepository_controller_test.go b/internal/controller/ocirepository_controller_test.go index 8723cba1..2e4458f7 100644 --- a/internal/controller/ocirepository_controller_test.go +++ b/internal/controller/ocirepository_controller_test.go @@ -17,14 +17,10 @@ limitations under the License. package controller import ( - "crypto/rand" "crypto/tls" "crypto/x509" - "crypto/x509/pkix" - "encoding/pem" "errors" "fmt" - "math/big" "net/http" "net/url" "os" @@ -2494,45 +2490,6 @@ func setPodinfoImageAnnotations(img gcrv1.Image, tag string) gcrv1.Image { return mutate.Annotations(img, metadata).(gcrv1.Image) } -// These two taken verbatim from https://ericchiang.github.io/post/go-tls/ -func certTemplate() (*x509.Certificate, error) { - // generate a random serial number (a real cert authority would - // have some logic behind this) - serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128) - serialNumber, err := rand.Int(rand.Reader, serialNumberLimit) - if err != nil { - return nil, errors.New("failed to generate serial number: " + err.Error()) - } - - tmpl := x509.Certificate{ - SerialNumber: serialNumber, - Subject: pkix.Name{Organization: []string{"Flux project"}}, - SignatureAlgorithm: x509.SHA256WithRSA, - NotBefore: time.Now(), - NotAfter: time.Now().Add(time.Hour), // valid for an hour - BasicConstraintsValid: true, - } - return &tmpl, nil -} - -func createCert(template, parent *x509.Certificate, pub interface{}, parentPriv interface{}) ( - cert *x509.Certificate, certPEM []byte, err error) { - - certDER, err := x509.CreateCertificate(rand.Reader, template, parent, pub, parentPriv) - if err != nil { - return - } - // parse the resulting certificate so we can use it again - cert, err = x509.ParseCertificate(certDER) - if err != nil { - return - } - // PEM encode the certificate (this is a standard TLS encoding) - b := pem.Block{Type: "CERTIFICATE", Bytes: certDER} - certPEM = pem.EncodeToMemory(&b) - return -} - func TestOCIContentConfigChanged(t *testing.T) { tests := []struct { name string From aba98008acc721a860a0fbf81d69b103e7b91e85 Mon Sep 17 00:00:00 2001 From: Hidde Beydals Date: Mon, 9 Oct 2023 14:55:23 +0200 Subject: [PATCH 14/17] misc: remove redundant nil check Signed-off-by: Hidde Beydals --- internal/reconcile/summarize/summary_test.go | 4 ---- 1 file changed, 4 deletions(-) diff --git a/internal/reconcile/summarize/summary_test.go b/internal/reconcile/summarize/summary_test.go index c7703a94..c4c16e4e 100644 --- a/internal/reconcile/summarize/summary_test.go +++ b/internal/reconcile/summarize/summary_test.go @@ -373,10 +373,6 @@ func TestSummarizeAndPatch(t *testing.T) { tt.afterFunc(g, obj) } - if obj == nil { - t.Fail() - } - // Check if the object status is valid as per kstatus. condns := &conditionscheck.Conditions{NegativePolarity: testReadyConditions.NegativePolarity} checker := conditionscheck.NewChecker(c, condns) From b0d94ce6d06e683d0e7ac500f8399e08afacc96c Mon Sep 17 00:00:00 2001 From: Hidde Beydals Date: Mon, 9 Oct 2023 14:57:04 +0200 Subject: [PATCH 15/17] misc: do not capitalize err string and fix wording Signed-off-by: Hidde Beydals --- pkg/azure/blob.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/azure/blob.go b/pkg/azure/blob.go index ae5e54a7..89e85b4a 100644 --- a/pkg/azure/blob.go +++ b/pkg/azure/blob.go @@ -192,7 +192,7 @@ func (c *BlobClient) BucketExists(ctx context.Context, bucketName string) (bool, // For a container-level SASToken, we get an AuthenticationFailed when the bucket doesn't exist if bloberror.HasCode(err, bloberror.AuthenticationFailed) { - return false, fmt.Errorf("Bucket name may be incorrect, it does not exist or caller does not have enough permissions: %w", err) + return false, fmt.Errorf("the specified bucket name may be incorrect, nonexistent, or the caller might lack sufficient permissions to access it: %w", err) } return false, err From 04612b539bc34d09348064f9896c10dc662a2e16 Mon Sep 17 00:00:00 2001 From: Hidde Beydals Date: Mon, 9 Oct 2023 15:48:22 +0200 Subject: [PATCH 16/17] misc: fix hypothetical implicit memory aliasing Signed-off-by: Hidde Beydals --- internal/controller/helmchart_controller.go | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/internal/controller/helmchart_controller.go b/internal/controller/helmchart_controller.go index 556253ef..1f952847 100644 --- a/internal/controller/helmchart_controller.go +++ b/internal/controller/helmchart_controller.go @@ -1129,9 +1129,9 @@ func (r *HelmChartReconciler) requestsForHelmRepositoryChange(ctx context.Contex } var reqs []reconcile.Request - for _, i := range list.Items { - if i.Status.ObservedSourceArtifactRevision != repo.GetArtifact().Revision { - reqs = append(reqs, reconcile.Request{NamespacedName: client.ObjectKeyFromObject(&i)}) + for i, v := range list.Items { + if v.Status.ObservedSourceArtifactRevision != repo.GetArtifact().Revision { + reqs = append(reqs, reconcile.Request{NamespacedName: client.ObjectKeyFromObject(&list.Items[i])}) } } return reqs @@ -1159,9 +1159,9 @@ func (r *HelmChartReconciler) requestsForGitRepositoryChange(ctx context.Context } var reqs []reconcile.Request - for _, i := range list.Items { - if !repo.GetArtifact().HasRevision(i.Status.ObservedSourceArtifactRevision) { - reqs = append(reqs, reconcile.Request{NamespacedName: client.ObjectKeyFromObject(&i)}) + for i, v := range list.Items { + if !repo.GetArtifact().HasRevision(v.Status.ObservedSourceArtifactRevision) { + reqs = append(reqs, reconcile.Request{NamespacedName: client.ObjectKeyFromObject(&list.Items[i])}) } } return reqs @@ -1189,9 +1189,9 @@ func (r *HelmChartReconciler) requestsForBucketChange(ctx context.Context, o cli } var reqs []reconcile.Request - for _, i := range list.Items { - if !bucket.GetArtifact().HasRevision(i.Status.ObservedSourceArtifactRevision) { - reqs = append(reqs, reconcile.Request{NamespacedName: client.ObjectKeyFromObject(&i)}) + for i, v := range list.Items { + if !bucket.GetArtifact().HasRevision(v.Status.ObservedSourceArtifactRevision) { + reqs = append(reqs, reconcile.Request{NamespacedName: client.ObjectKeyFromObject(&list.Items[i])}) } } return reqs From 09772bd0927ac8125a8b27db89b43f1b016563c4 Mon Sep 17 00:00:00 2001 From: Hidde Beydals Date: Mon, 9 Oct 2023 16:29:38 +0200 Subject: [PATCH 17/17] misc: set TLS certificate files perms to `0o600` Signed-off-by: Hidde Beydals --- internal/helm/getter/client_opts.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/helm/getter/client_opts.go b/internal/helm/getter/client_opts.go index 5c2755bf..f746684b 100644 --- a/internal/helm/getter/client_opts.go +++ b/internal/helm/getter/client_opts.go @@ -216,7 +216,7 @@ func storeTLSCertificateFiles(tlsBytes *stls.TLSBytes, path string) (string, str func writeToFile(data []byte, filename, tmpDir string) (string, error) { file := path.Join(tmpDir, filename) - err := os.WriteFile(file, data, 0o644) + err := os.WriteFile(file, data, 0o600) if err != nil { return "", err }