The dockerfile we were using in the cfn-python-lint repo wasn't actually pinned to the version associated with the git tag, it always installs the latest version.
A recent release consolidated error rules regarding invalid values.
We use an invalid "us-test-1" region and zones in much of our testing.
We used to be able to ignore this "invalid AZ" error, but now we would need to ignore all invalid values for all resource properties.
This pins cfn-python-lint to an older version but we'll have to figure out how we want to handle this longer term.
This should be much easier to start and to get under testing; it only
works with a load balancer, it sets the apiserver into anonymous-auth
allowed, it grants the anonymous auth user permission to read our jwks
tokens. But it shouldn't need a second bucket or anything of that
nature.
Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
Otherwise we get a warning:
"find: warning: you have specified the global option -maxdepth after the argument -type, but global options are not positional, i.e., -maxdepth affects tests specified before it as well as those specified after it. Please specify global options before other arguments."
IGNORE is an empty array, it throws error when make verify-staticcheck
$ make verify-staticcheck
hack/verify-staticcheck.sh
hack/verify-staticcheck.sh: line 50: IGNORE[*]: unbound variable
make: *** [verify-staticcheck] Error 1
Signed-off-by: Ma Xinjian <maxj.fnst@cn.fujitsu.com>
We create a simple exec plugin command which can create and renew
short-lived admin credentials on the fly, essentially leveraging the
security of the underlying cloud credentials.
Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
We will be managing cluster addons using CRDs, and so we want to be
able to apply arbitrary objects as part of cluster bringup.
Start by allowing (behind a feature-flag) for arbitrary objects to be
specified.
Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
this prevents spurious changes from being made based on the shell's env vars.
Also adding a parameter to override the package being updated, so that we dont need to test the full repo
Originally `kops_feature_table(kops_added_default='1.17')` would generate a single column with a header of Default which isnt very intuitive. This replaces the header with Introduced which I think is more intuitive
Without this change, go 1.14 reports this error:
```
cannot find module providing package golang.org/x/tools/cmd/goimports: working directory is not part of a module
```
Ideally this wouldn't rely on kops being in the GOPATH but that may require updating goimports. This can happen in a followup PR
Errors being fixed or ignored:
```
Errors from staticcheck:
cmd/kops/create_cluster.go:740:37: possible nil pointer dereference (SA5011)
cmd/kops/create_cluster.go:736:7: this check suggests that the pointer can be nil
cmd/kops/create_cluster.go:828:30: possible nil pointer dereference (SA5011)
cmd/kops/create_cluster.go:825:7: this check suggests that the pointer can be nil
dns-controller/pkg/dns/dnscontroller.go:585:5: this value of existing is never used (SA4006)
nodeup/pkg/model/kubelet_test.go:67:23: possible nil pointer dereference (SA5011)
nodeup/pkg/model/kubelet_test.go:63:5: this check suggests that the pointer can be nil
pkg/apis/kops/validation/legacy.go:138:97: unnecessary use of fmt.Sprintf (S1039)
pkg/apis/kops/validation/legacy.go:150:112: unnecessary use of fmt.Sprintf (S1039)
upup/pkg/fi/nodeup/nodetasks/update_packages.go:48:9: unnecessary use of fmt.Sprintf (S1039)
cmd/kops-controller/controllers/node_controller.go:89:1: comment on exported method Reconcile should be of the form "Reconcile ..." (ST1020)
dnsprovider/pkg/dnsprovider/dns.go:102:1: comment on exported function ResourceRecordSetsEquivalent should be of the form "ResourceRecordSetsEquivalent ..." (ST1020)
dnsprovider/pkg/dnsprovider/plugins.go:65:1: comment on exported function RegisteredDnsProviders should be of the form "RegisteredDnsProviders ..." (ST1020)
dnsprovider/pkg/dnsprovider/providers/aws/route53/stubs/route53api.go:30:1: comment on exported type Route53API should be of the form "Route53API ..." (with optional leading article) (ST1021)
dnsprovider/pkg/dnsprovider/providers/google/clouddns/internal/stubs/clouddns.go:26:2: comment on exported type Project should be of the form "Project ..." (with optional leading article) (ST1021)
dnsprovider/pkg/dnsprovider/tests/commontests.go:28:1: comment on exported function CommonTestResourceRecordSetsReplace should be of the form "CommonTestResourceRecordSetsReplace ..." (ST1020)
dnsprovider/pkg/dnsprovider/tests/commontests.go:52:1: comment on exported function CommonTestResourceRecordSetsReplaceAll should be of the form "CommonTestResourceRecordSetsReplaceAll ..." (ST1020)
dnsprovider/pkg/dnsprovider/tests/commontests.go:78:1: comment on exported function CommonTestResourceRecordSetsDifferentTypes should be of the form "CommonTestResourceRecordSetsDifferentTypes ..." (ST1020)
pkg/apis/kops/instancegroup.go:318:1: comment on exported type LoadBalancer should be of the form "LoadBalancer ..." (with optional leading article) (ST1021)
pkg/apis/kops/v1alpha2/instancegroup.go:23:1: comment on exported type InstanceGroup should be of the form "InstanceGroup ..." (with optional leading article) (ST1021)
pkg/apis/kops/v1alpha2/networking.go:449:1: comment on exported type LyftVPCNetworkingSpec should be of the form "LyftVPCNetworkingSpec ..." (with optional leading article) (ST1021)
pkg/dns/gossip.go:21:1: comment on exported function IsGossipHostname should be of the form "IsGossipHostname ..." (ST1020)
pkg/kubeconfig/kubecfg_builder.go:47:1: comment on exported function NewKubeconfigBuilder should be of the form "NewKubeconfigBuilder ..." (ST1020)
pkg/kubeconfig/kubecfg_builder.go:82:1: comment on exported method BuildRestConfig should be of the form "BuildRestConfig ..." (ST1020)
pkg/kubeconfig/kubecfg_builder.go:102:1: comment on exported method WriteKubecfg should be of the form "WriteKubecfg ..." (ST1020)
pkg/model/alimodel/context.go:52:1: comment on exported method LinkToNatGateway should be of the form "LinkToNatGateway ..." (ST1020)
pkg/model/domodel/context.go:21:1: comment on exported type DOModelContext should be of the form "DOModelContext ..." (with optional leading article) (ST1021)
pkg/model/gcemodel/autoscalinggroup.go:38:1: comment on exported type AutoscalingGroupModelBuilder should be of the form "AutoscalingGroupModelBuilder ..." (with optional leading article) (ST1021)
pkg/nodeidentity/do/identify.go:51:1: comment on exported method Token should be of the form "Token ..." (ST1020)
pkg/resources/aws/aws.go:1560:1: comment on exported function ListELBV2s should be of the form "ListELBV2s ..." (ST1020)
pkg/resources/digitalocean/cloud.go:47:1: comment on exported method Token should be of the form "Token ..." (ST1020)
pkg/resources/spotinst/spotinst.go:84:1: comment on exported function NewInstanceGroup should be of the form "NewInstanceGroup ..." (ST1020)
protokube/pkg/gossip/dns/dns.go:29:1: comment on exported const DefaultZoneName should be of the form "DefaultZoneName ..." (ST1022)
protokube/pkg/gossip/mesh/mesh.pb.go:421:4: this value of iNdEx is never used (SA4006)
protokube/pkg/protokube/openstack_volume.go:53:1: comment on exported type OpenstackVolumes should be of the form "OpenstackVolumes ..." (with optional leading article) (ST1021)
upup/pkg/fi/assetstore.go:132:1: comment on exported method AddForTest should be of the form "AddForTest ..." (ST1020)
upup/pkg/fi/cloudup/alitasks/disk.go:128:1: comment on exported method RenderALI should be of the form "RenderALI ..." (ST1020)
upup/pkg/fi/cloudup/alitasks/eip_natgateway_association.go:34:1: comment on exported type EIP should be of the form "EIP ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/alitasks/loadbalancer.go:169:1: comment on exported method RenderALI should be of the form "RenderALI ..." (ST1020)
upup/pkg/fi/cloudup/alitasks/loadbalancerlistener.go:33:1: comment on exported type LoadBalancerListener should be of the form "LoadBalancerListener ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/alitasks/loadbalancerlistener.go:106:1: comment on exported method RenderALI should be of the form "RenderALI ..." (ST1020)
upup/pkg/fi/cloudup/alitasks/natgateway.go:30:1: comment on exported type NatGateway should be of the form "NatGateway ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/alitasks/securitygroup.go:32:1: comment on exported const SecurityResource should be of the form "SecurityResource ..." (ST1022)
upup/pkg/fi/cloudup/alitasks/sshkey.go:33:1: comment on exported type SSHKey should be of the form "SSHKey ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/alitasks/vpc.go:30:1: comment on exported type VPC should be of the form "VPC ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/alitasks/vswitch.go:31:1: comment on exported type VSwitch should be of the form "VSwitch ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/alitasks/vswitchSNAT.go:31:1: comment on exported type VSwitchSNAT should be of the form "VSwitchSNAT ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/aliup/ali_cloud.go:50:1: comment on exported var KubernetesKopsIdentity should be of the form "KubernetesKopsIdentity ..." (ST1022)
upup/pkg/fi/cloudup/awstasks/dhcp_options.go:33:1: comment on exported type DHCPOptions should be of the form "DHCPOptions ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/dnsname.go:33:1: comment on exported type DNSName should be of the form "DNSName ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/ebsvolume.go:32:1: comment on exported type EBSVolume should be of the form "EBSVolume ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/external_load_balancer_attachment.go:31:1: comment on exported type ExternalLoadBalancerAttachment should be of the form "ExternalLoadBalancerAttachment ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/external_target_group_attachment.go:32:1: comment on exported type ExternalTargetGroupAttachment should be of the form "ExternalTargetGroupAttachment ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/iaminstanceprofile.go:34:1: comment on exported type IAMInstanceProfile should be of the form "IAMInstanceProfile ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/iaminstanceprofilerole.go:32:1: comment on exported type IAMInstanceProfileRole should be of the form "IAMInstanceProfileRole ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/iamoidcprovider.go:32:1: comment on exported type IAMOIDCProvider should be of the form "IAMOIDCProvider ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/iamrole.go:38:1: comment on exported type IAMRole should be of the form "IAMRole ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/iamrolepolicy.go:37:1: comment on exported type IAMRolePolicy should be of the form "IAMRolePolicy ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/internetgateway.go:30:1: comment on exported type InternetGateway should be of the form "InternetGateway ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/launchtemplate_target_cloudformation.go:150:1: comment on exported method CloudformationVersion should be of the form "CloudformationVersion ..." (ST1020)
upup/pkg/fi/cloudup/awstasks/load_balancer.go:39:1: comment on exported type LoadBalancer should be of the form "LoadBalancer ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/load_balancer_attachment.go:32:1: comment on exported type LoadBalancerAttachment should be of the form "LoadBalancerAttachment ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/natgateway.go:32:1: comment on exported type NatGateway should be of the form "NatGateway ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/route.go:31:1: comment on exported type Route should be of the form "Route ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/routetable.go:31:1: comment on exported type RouteTable should be of the form "RouteTable ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/routetableassociation.go:31:1: comment on exported type RouteTableAssociation should be of the form "RouteTableAssociation ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/securitygroup.go:33:1: comment on exported type SecurityGroup should be of the form "SecurityGroup ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/securitygrouprule.go:34:1: comment on exported type SecurityGroupRule should be of the form "SecurityGroupRule ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/sshkey.go:34:1: comment on exported type SSHKey should be of the form "SSHKey ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/subnet.go:32:1: comment on exported type Subnet should be of the form "Subnet ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/vpc.go:33:1: comment on exported type VPC should be of the form "VPC ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/vpc_dhcpoptions_association.go:30:1: comment on exported type VPCDHCPOptionsAssociation should be of the form "VPCDHCPOptionsAssociation ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/vpccidrblock.go:29:1: comment on exported type VPCCIDRBlock should be of the form "VPCCIDRBlock ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awsup/aws_cloud.go:58:1: comment on exported const ClientMaxRetries should be of the form "ClientMaxRetries ..." (ST1022)
upup/pkg/fi/cloudup/awsup/status.go:44:1: comment on exported method FindClusterStatus should be of the form "FindClusterStatus ..." (ST1020)
upup/pkg/fi/cloudup/dotasks/droplet.go:32:1: comment on exported type Droplet should be of the form "Droplet ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/dotasks/loadbalancer.go:35:1: comment on exported type LoadBalancer should be of the form "LoadBalancer ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/dotasks/volume.go:32:1: comment on exported type Volume should be of the form "Volume ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/gcetasks/address.go:29:1: comment on exported type Address should be of the form "Address ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/gcetasks/instance.go:33:1: comment on exported type Instance should be of the form "Instance ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/gcetasks/instancegroupmanager.go:29:1: comment on exported type InstanceGroupManager should be of the form "InstanceGroupManager ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/gcetasks/instancetemplate.go:35:1: comment on exported const InstanceTemplateNamePrefixMaxLength should be of the form "InstanceTemplateNamePrefixMaxLength ..." (ST1022)
upup/pkg/fi/cloudup/gcetasks/network.go:30:1: comment on exported type Network should be of the form "Network ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/gcetasks/subnet.go:30:1: comment on exported type Subnet should be of the form "Subnet ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/openstacktasks/floatingip.go:32:1: comment on exported type FloatingIP should be of the form "FloatingIP ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/openstacktasks/instance.go:32:1: comment on exported type Instance should be of the form "Instance ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/openstacktasks/lb.go:34:1: comment on exported type LB should be of the form "LB ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/openstacktasks/lblistener.go:30:1: comment on exported type LBListener should be of the form "LBListener ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/openstacktasks/lbpool.go:28:1: comment on exported type LBPool should be of the form "LBPool ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/openstacktasks/network.go:28:1: comment on exported type Network should be of the form "Network ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/openstacktasks/poolassociation.go:30:1: comment on exported type PoolAssociation should be of the form "PoolAssociation ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/openstacktasks/port.go:29:1: comment on exported type Port should be of the form "Port ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/openstacktasks/router.go:28:1: comment on exported type Router should be of the form "Router ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/openstacktasks/routerinterface.go:29:1: comment on exported type RouterInterface should be of the form "RouterInterface ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/openstacktasks/securitygroup.go:31:1: comment on exported type SecurityGroup should be of the form "SecurityGroup ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/openstacktasks/servergroup.go:30:1: comment on exported type ServerGroup should be of the form "ServerGroup ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/openstacktasks/sshkey.go:31:1: comment on exported type SSHKey should be of the form "SSHKey ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/openstacktasks/subnet.go:29:1: comment on exported type Subnet should be of the form "Subnet ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/openstacktasks/volume.go:28:1: comment on exported type Volume should be of the form "Volume ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/spotinsttasks/elastigroup.go:42:1: comment on exported type Elastigroup should be of the form "Elastigroup ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/spotinsttasks/launch_spec.go:37:1: comment on exported type LaunchSpec should be of the form "LaunchSpec ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/spotinsttasks/ocean.go:39:1: comment on exported type Ocean should be of the form "Ocean ..." (with optional leading article) (ST1021)
upup/pkg/fi/context.go:249:1: comment on exported function NewExistsAndWarnIfChangesError should be of the form "NewExistsAndWarnIfChangesError ..." (ST1020)
upup/pkg/fi/context.go:256:1: comment on exported method Error should be of the form "Error ..." (ST1020)
upup/pkg/fi/fitasks/keypair.go:31:1: comment on exported type Keypair should be of the form "Keypair ..." (with optional leading article) (ST1021)
upup/pkg/fi/fitasks/keypair.go:55:1: comment on exported method CheckExisting should be of the form "CheckExisting ..." (ST1020)
upup/pkg/fi/fitasks/managedfile.go:29:1: comment on exported type ManagedFile should be of the form "ManagedFile ..." (with optional leading article) (ST1021)
upup/pkg/fi/fitasks/mirrorkeystore.go:25:1: comment on exported type MirrorKeystore should be of the form "MirrorKeystore ..." (with optional leading article) (ST1021)
upup/pkg/fi/fitasks/mirrorsecrets.go:26:1: comment on exported type MirrorSecrets should be of the form "MirrorSecrets ..." (with optional leading article) (ST1021)
upup/pkg/fi/fitasks/secret.go:25:1: comment on exported type Secret should be of the form "Secret ..." (with optional leading article) (ST1021)
upup/pkg/fi/fitasks/secret.go:33:1: comment on exported method CheckExisting should be of the form "CheckExisting ..." (ST1020)
upup/pkg/fi/resources.go:248:1: comment on exported method AsBytes should be of the form "AsBytes ..." (ST1020)
upup/pkg/kutil/import_cluster.go:680:1: comment on exported function GetInstanceUserData should be of the form "GetInstanceUserData ..." (ST1020)
```
The provider binaries are in the hundreds of MBs and by defaulta are redownloaded into each integration tests' directory, this is a waste of bandwidth, time, and space.
TF supports specifying a provider cache directory [0] which will avoid redownloading them and storing them in multiple places, which should speed up the job time by a bit.
I was having trouble getting it to work with TF 0.12 so I bumped us up to the latest 0.13 beta (stable is scheduled for ~1 month from now)
[0] https://www.terraform.io/docs/configuration/providers.html#provider-plugin-cache
kube-apiserver doesn't expose the healthcheck via a dedicated
endpoint, instead relying on anonyomous-access being enabled. That
has previously forced us to enable the unauthenticated endpoint on
127.0.0.1:8080.
Instead we now run a small sidecar container, which
proxies /healthz and /readyz requests (only) adding appropriate
authentication using a client certificate.
This will also enable better load balancer checks in future, as these
have previously been hampered by the custom CA certificate.
Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
Writing to a hostPath from a non-root container requires file
ownership changes, which is difficult to roll out today. See
discussion in #8454
We were primarily using the logfile for e2e diagnostics, so we're
going to look into collecting the information via other means instead.
We also haven't yet shipped this logfile in a released version (though
we have shipped it in beta releases)
The new job was missing the generated files from go-bindata.
I noticed some of the prow jobs use make and others call hack/ scripts directly.
I think it'd be better to use make so we can more easily add dependencies like this, therefor I'd like to propose that we merge this, update the jobs to call make targets, then remove the make command I added to hack/verify-staticcheck.sh
By fixing the existing job as well as the make target, we can unblock other PRs and not get another swarm of failure notifications when the job gets updated to use make.
hack/update-expected.sh should ignore KOPSCONTROLLER_IMAGE when
regenerating the golden test outputs, just as it ignores the local
DNSCONTROLLER_IMAGE override.
We had a port collision on 3997; change the default memberlist ports
to avoid the collision (we haven't shipped a release with this in it).
Also create a go file so that we can use constants to keep track of
our port numbers, rather than magic values.
There are a few env vars which are frequently set in development, but
should not be reflected in the tests. Clear them before generated the
expected output.
Refactor to start to centralize the env-var configuration for system
components, also start to add test coverage so we can be sure we
haven't broken things!
Ciprian Hacman
Barry Melbourne
Ole Markus With
Ciprian Hacman
Peter Rifel
Kubernetes Prow Robot
AdamKorcz
AkiraFukushima
Justin SB
Ma Xinjian
John Gardiner Myers
Srikanth
MoShitrit
Rodrigo Menezes
Matt Ouille
Kim Bao Long
Roberto Rodriguez Alcala
tanjunchen
Aresforchina
ares
mikesplain
Xiaoyu Zhong
Guangming Wang
Thomas Jackson
Jesse Haka