Upgrade go-template-utils to v3.2.0

Makefile

@@ -87,15 +87,15 @@ clean:
 
 .PHONY: fmt-dependencies
 fmt-dependencies:
-	$(call go-get-tool,github.com/daixiang0/gci@v0.2.9)
-	$(call go-get-tool,mvdan.cc/gofumpt@v0.2.0)
+	$(call go-get-tool,github.com/daixiang0/gci@v0.10.1)
+	$(call go-get-tool,mvdan.cc/gofumpt@v0.5.0)
 
 # All available format: format-go format-protos format-python
 # Default value will run all formats, override these make target with your requirements:
 #    eg: fmt: format-go format-protos
 fmt: fmt-dependencies
 	find . -not \( -path "./.go" -prune \) -name "*.go" | xargs gofmt -s -w
-	find . -not \( -path "./.go" -prune \) -name "*.go" | xargs gci -w -local "$(shell cat go.mod | head -1 | cut -d " " -f 2)"
+	find . -not \( -path "./.go" -prune \) -name "*.go" | xargs gci write -s standard -s default -s "prefix($(shell cat go.mod | head -1 | cut -d " " -f 2))"
 	find . -not \( -path "./.go" -prune \) -name "*.go" | xargs gofumpt -l -w
 
 ############################################################
@@ -107,7 +107,7 @@ check: lint
 
 .PHONY: lint-dependencies
 lint-dependencies:
-	$(call go-get-tool,github.com/golangci/golangci-lint/cmd/golangci-lint@v1.46.2)
+	$(call go-get-tool,github.com/golangci/golangci-lint/cmd/golangci-lint@v1.52.2)
 
 # All available linters: lint-dockerfiles lint-scripts lint-yaml lint-copyright-banner lint-go lint-python lint-helm lint-markdown lint-sass lint-typescript lint-protos
 # Default value will run all linters, override these make target with your requirements:
@@ -119,19 +119,20 @@ lint: lint-dependencies lint-all
 ############################################################
 GOSEC = $(LOCAL_BIN)/gosec
 KUBEBUILDER = $(LOCAL_BIN)/kubebuilder
-KBVERSION = 3.2.0
-K8S_VERSION = 1.21.2
+ENVTEST = $(LOCAL_BIN)/setup-envtest
+KBVERSION = 3.12.0
+ENVTEST_K8S_VERSION = 1.26.x
 
 .PHONY: test
 test: test-dependencies
-	KUBEBUILDER_ASSETS=$(LOCAL_BIN) go test $(TESTARGS) `go list ./... | grep -v test/e2e`
+	KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) -p path)" go test $(TESTARGS) `go list ./... | grep -v test/e2e`
 
 .PHONY: test-coverage
 test-coverage: TESTARGS = -json -cover -covermode=atomic -coverprofile=coverage_unit.out
 test-coverage: test
 
 .PHONY: test-dependencies
-test-dependencies: kubebuilder-dependencies kubebuilder
+test-dependencies: envtest kubebuilder
 
 .PHONY: kubebuilder
 kubebuilder:
@@ -141,17 +142,13 @@ kubebuilder:
 		chmod +x $(KUBEBUILDER); \
 	fi
 
-.PHONY: kubebuilder-dependencies
-kubebuilder-dependencies: $(LOCAL_BIN)
-	@if [ ! -f $(LOCAL_BIN)/etcd ] || [ ! -f $(LOCAL_BIN)/kube-apiserver ] || [ ! -f $(LOCAL_BIN)/kubectl ] || \
-	[ "$$($(KUBEBUILDER) version 2>/dev/null | grep -o KubeBuilderVersion:\"[0-9]*\.[0-9]\.[0-9]*\")" != "KubeBuilderVersion:\"$(KBVERSION)\"" ]; then \
-		echo "Installing envtest Kubebuilder assets"; \
-		curl -L "https://go.kubebuilder.io/test-tools/$(K8S_VERSION)/$(GOOS)/$(GOARCH)" | tar xz --strip-components=2 -C $(LOCAL_BIN); \
-	fi
+.PHONY: envtest
+envtest:
+	$(call go-get-tool,sigs.k8s.io/controller-runtime/tools/setup-envtest@latest)
 
 .PHONY: gosec
 gosec:
-	$(call go-get-tool,github.com/securego/gosec/v2/cmd/gosec@v2.9.6)
+	$(call go-get-tool,github.com/securego/gosec/v2/cmd/gosec@v2.15.0)
 
 .PHONY: gosec-scan
 gosec-scan: gosec
@@ -212,7 +209,7 @@ controller-gen: ## Download controller-gen locally if necessary.
 
 .PHONY: kustomize
 kustomize: ## Download kustomize locally if necessary.
-	$(call go-get-tool,sigs.k8s.io/kustomize/kustomize/[email protected])
+	$(call go-get-tool,sigs.k8s.io/kustomize/kustomize/[email protected])
 
 ############################################################
 # e2e test section
@@ -282,7 +279,7 @@ e2e-dependencies:
 
 .PHONY: e2e-test
 e2e-test: e2e-dependencies
-	$(GINKGO) -v --fail-fast --slow-spec-threshold=10s $(E2E_TEST_ARGS) test/e2e
+	$(GINKGO) -v --fail-fast $(E2E_TEST_ARGS) test/e2e
 
 .PHONY: e2e-test-coverage
 e2e-test-coverage: E2E_TEST_ARGS = --json-report=report_e2e.json --output-dir=.

build/common/config/.golangci.yml

@@ -1,10 +1,6 @@
-service:
-  # When updating this, also update the version stored in docker/build-tools/Dockerfile in the multicloudlab/tools repo.
-  golangci-lint-version: 1.18.x # use the fixed version to not introduce new linters unexpectedly
 run:
   # timeout for analysis, e.g. 30s, 5m, default is 1m
   deadline: 20m
-  go: '1.17'
   timeout: 20m
 
   # which dirs to skip: they won't be analyzed;
@@ -80,7 +76,7 @@ linters-settings:
     check-shadowing: false
   gci:
     sections:
-      - prefix(open-cluster-management.io/config-policy-controller)
+      - prefix(open-cluster-management.io/governance-policy-propagator)
   golint:
     # minimal confidence for issues, default is 0.8
     min-confidence: 0.0

controllers/automation/PolicyAutomationPredicate.go

@@ -13,9 +13,9 @@ import (
 // we only want to watch for pb contains policy as subjects
 var policyAuomtationPredicateFuncs = predicate.Funcs{
 	UpdateFunc: func(e event.UpdateEvent) bool {
-		// nolint: forcetypeassert
+		//nolint:forcetypeassert
 		policyAutomationNew := e.ObjectNew.(*policyv1beta1.PolicyAutomation)
-		// nolint: forcetypeassert
+		//nolint:forcetypeassert
 		policyAutomationOld := e.ObjectOld.(*policyv1beta1.PolicyAutomation)
 
 		if policyAutomationNew.Spec.PolicyRef == "" {
@@ -29,7 +29,7 @@ var policyAuomtationPredicateFuncs = predicate.Funcs{
 		return !equality.Semantic.DeepEqual(policyAutomationNew.Spec, policyAutomationOld.Spec)
 	},
 	CreateFunc: func(e event.CreateEvent) bool {
-		// nolint: forcetypeassert
+		//nolint:forcetypeassert
 		policyAutomationNew := e.Object.(*policyv1beta1.PolicyAutomation)
 
 		return policyAutomationNew.Spec.PolicyRef != ""

controllers/automation/policyMapper.go

@@ -16,7 +16,7 @@ import (
 
 func policyMapper(c client.Client) handler.MapFunc {
 	return func(obj client.Object) []reconcile.Request {
-		// nolint: forcetypeassert
+		//nolint:forcetypeassert
 		policy := obj.(*policiesv1.Policy)
 
 		var result []reconcile.Request
@@ -42,9 +42,8 @@ func policyMapper(c client.Client) handler.MapFunc {
 
 		if found {
 			modeType := policyAutomation.Spec.Mode
-			if modeType == "scan" {
-				// scan mode, do not queue
-			} else if modeType == policyv1beta1.Once || modeType == policyv1beta1.EveryEvent {
+			// Do not queue during scan mode
+			if modeType != "scan" && modeType == policyv1beta1.Once || modeType == policyv1beta1.EveryEvent {
 				// The same policyAutomation mapping logic for once and everyEvent mode
 				request := reconcile.Request{NamespacedName: types.NamespacedName{
 					Name:      policyAutomation.GetName(),

controllers/automation/policyPredicate.go

@@ -12,13 +12,13 @@ import (
 // we only want to watch for pb contains policy as subjects
 var policyPredicateFuncs = predicate.Funcs{
 	UpdateFunc: func(e event.UpdateEvent) bool {
-		// nolint: forcetypeassert
+		//nolint:forcetypeassert
 		plcObjNew := e.ObjectNew.(*policiesv1.Policy)
 		if _, ok := plcObjNew.Labels["policy.open-cluster-management.io/root-policy"]; ok {
 			return false
 		}
 
-		// nolint: forcetypeassert
+		//nolint:forcetypeassert
 		plcObjOld := e.ObjectOld.(*policiesv1.Policy)
 
 		return plcObjNew.Status.ComplianceState != plcObjOld.Status.ComplianceState

controllers/automation/policyautomation_controller.go

@@ -520,7 +520,7 @@ func (r *PolicyAutomationReconciler) Reconcile(
 
 			policyAutomation.Status.ClustersWithEvent = eventMap
 			// use StatusWriter to update status subresource of a Kubernetes object
-			err = r.Status().Update(ctx, policyAutomation, &client.UpdateOptions{})
+			err = r.Status().Update(ctx, policyAutomation)
 			if err != nil {
 				log.Error(err, "Failed to update ClustersWithEvent in policyAutomation status")
 

controllers/encryptionkeys/encryptionkeys_controller.go

@@ -56,7 +56,7 @@ var _ reconcile.Reconciler = &EncryptionKeysReconciler{}
 
 // EncryptionKeysReconciler is responsible for rotating the AES encryption key in the "policy-encryption-key" Secrets
 // for all managed clusters.
-type EncryptionKeysReconciler struct { // nolint:golint,revive
+type EncryptionKeysReconciler struct { //nolint:golint,revive
 	client.Client
 	KeyRotationDays         uint
 	MaxConcurrentReconciles uint
@@ -192,7 +192,7 @@ func (r *EncryptionKeysReconciler) getNextRotationFromNow(secret *corev1.Secret)
 
 	lastRotated, err := time.Parse(time.RFC3339, lastRotatedTS)
 	if err != nil {
-		return 0, fmt.Errorf(`%w with value "%s": %v`, errLastRotationParseError, lastRotatedTS, err)
+		return 0, fmt.Errorf(`%w with value "%s": %w`, errLastRotationParseError, lastRotatedTS, err)
 	}
 
 	nextRotation := lastRotated.Add(time.Hour * 24 * time.Duration(r.KeyRotationDays))

controllers/encryptionkeys/encryptionkeys_controller_test.go

@@ -44,7 +44,9 @@ type erroringFakeClient struct {
 	UpdateError bool
 }
 
-func (c *erroringFakeClient) Get(ctx context.Context, key client.ObjectKey, obj client.Object) error {
+func (c *erroringFakeClient) Get(
+	ctx context.Context, key client.ObjectKey, obj client.Object, _ ...client.GetOption,
+) error {
 	if c.GetError {
 		return errors.New("some get error")
 	}
@@ -81,7 +83,7 @@ func (c *erroringFakeClient) Update(ctx context.Context, obj client.Object, opts
 func generateSecret() *corev1.Secret {
 	key := make([]byte, keySize/8)
 	_, err := rand.Read(key)
-	Expect(err).To(BeNil())
+	Expect(err).ToNot(HaveOccurred())
 
 	encryptionSecret := &corev1.Secret{
 		ObjectMeta: metav1.ObjectMeta{
@@ -93,7 +95,7 @@ func generateSecret() *corev1.Secret {
 
 	prevKey := make([]byte, keySize/8)
 	_, err = rand.Read(prevKey)
-	Expect(err).To(BeNil())
+	Expect(err).ToNot(HaveOccurred())
 
 	encryptionSecret.Data["previousKey"] = prevKey
 
@@ -190,9 +192,9 @@ func getReconciler(encryptionSecret *corev1.Secret) *EncryptionKeysReconciler {
 
 	scheme := k8sruntime.NewScheme()
 	err := clientgoscheme.AddToScheme(scheme)
-	Expect(err).To(BeNil())
+	Expect(err).ToNot(HaveOccurred())
 	err = v1.AddToScheme(scheme)
-	Expect(err).To(BeNil())
+	Expect(err).ToNot(HaveOccurred())
 
 	builder := fake.NewClientBuilder().WithObjects(policies...).WithScheme(scheme)
 
@@ -213,7 +215,7 @@ func getReconciler(encryptionSecret *corev1.Secret) *EncryptionKeysReconciler {
 func assertTriggerUpdate(r *EncryptionKeysReconciler) {
 	policyList := v1.PolicyList{}
 	err := r.List(context.TODO(), &policyList)
-	Expect(err).To(BeNil())
+	Expect(err).ToNot(HaveOccurred())
 
 	for _, policy := range policyList.Items {
 		annotation := policy.Annotations[propagator.TriggerUpdateAnnotation]
@@ -230,7 +232,7 @@ func assertTriggerUpdate(r *EncryptionKeysReconciler) {
 func assertNoTriggerUpdate(r *EncryptionKeysReconciler) {
 	policyList := v1.PolicyList{}
 	err := r.List(context.TODO(), &policyList)
-	Expect(err).To(BeNil())
+	Expect(err).ToNot(HaveOccurred())
 
 	for _, policy := range policyList.Items {
 		annotation := policy.Annotations[propagator.TriggerUpdateAnnotation]
@@ -267,12 +269,12 @@ func TestReconcileRotateKey(t *testing.T) {
 				request := ctrl.Request{NamespacedName: secretID}
 				result, err := r.Reconcile(context.TODO(), request)
 
-				Expect(err).To(BeNil())
+				Expect(err).ToNot(HaveOccurred())
 				Expect(result.Requeue).To(BeFalse())
 				Expect(getRequeueAfterDays(result)).To(Equal(30))
 
 				err = r.Get(context.TODO(), secretID, encryptionSecret)
-				Expect(err).To(BeNil())
+				Expect(err).ToNot(HaveOccurred())
 				Expect(bytes.Equal(encryptionSecret.Data["key"], originalKey)).To(BeFalse())
 				Expect(bytes.Equal(encryptionSecret.Data["previousKey"], originalKey)).To(BeTrue())
 
@@ -301,11 +303,11 @@ func TestReconcileNoRotation(t *testing.T) {
 	request := ctrl.Request{NamespacedName: secretID}
 	result, err := r.Reconcile(context.TODO(), request)
 
-	Expect(err).To(BeNil())
+	Expect(err).ToNot(HaveOccurred())
 	Expect(getRequeueAfterDays(result)).To(Equal(30))
 
 	err = r.Get(context.TODO(), secretID, encryptionSecret)
-	Expect(err).To(BeNil())
+	Expect(err).ToNot(HaveOccurred())
 	Expect(bytes.Equal(encryptionSecret.Data["key"], originalKey)).To(BeTrue())
 	Expect(bytes.Equal(encryptionSecret.Data["previousKey"], originalKey)).To(BeFalse())
 
@@ -324,12 +326,12 @@ func TestReconcileNotFound(t *testing.T) {
 	request := ctrl.Request{NamespacedName: secretID}
 	result, err := r.Reconcile(context.TODO(), request)
 
-	Expect(err).To(BeNil())
+	Expect(err).ToNot(HaveOccurred())
 	Expect(result.RequeueAfter).To(Equal(time.Duration(0)))
 
 	policyList := v1.PolicyList{}
 	err = r.List(context.TODO(), &policyList)
-	Expect(err).To(BeNil())
+	Expect(err).ToNot(HaveOccurred())
 
 	for _, policy := range policyList.Items {
 		annotation := policy.Annotations[propagator.TriggerUpdateAnnotation]
@@ -358,12 +360,12 @@ func TestReconcileManualRotation(t *testing.T) {
 	request := ctrl.Request{NamespacedName: secretID}
 	result, err := r.Reconcile(context.TODO(), request)
 
-	Expect(err).To(BeNil())
+	Expect(err).ToNot(HaveOccurred())
 	Expect(result.Requeue).To(BeFalse())
 	Expect(result.RequeueAfter).To(Equal(time.Duration(0)))
 
 	err = r.Get(context.TODO(), secretID, encryptionSecret)
-	Expect(err).To(BeNil())
+	Expect(err).ToNot(HaveOccurred())
 	Expect(bytes.Equal(encryptionSecret.Data["key"], originalKey)).To(BeTrue())
 	Expect(bytes.Equal(encryptionSecret.Data["previousKey"], originalPrevKey)).To(BeTrue())
 
@@ -390,14 +392,14 @@ func TestReconcileInvalidKey(t *testing.T) {
 	request := ctrl.Request{NamespacedName: secretID}
 	result, err := r.Reconcile(context.TODO(), request)
 
-	Expect(err).To(BeNil())
+	Expect(err).ToNot(HaveOccurred())
 	Expect(result.Requeue).To(BeFalse())
 	Expect(getRequeueAfterDays(result)).To(Equal(30))
 
 	err = r.Get(context.TODO(), secretID, encryptionSecret)
-	Expect(err).To(BeNil())
+	Expect(err).ToNot(HaveOccurred())
 	Expect(bytes.Equal(encryptionSecret.Data["key"], originalKey)).To(BeFalse())
-	Expect(len(encryptionSecret.Data["previousKey"])).To(Equal(0))
+	Expect(encryptionSecret.Data["previousKey"]).To(BeEmpty())
 
 	assertTriggerUpdate(r)
 }
@@ -422,14 +424,14 @@ func TestReconcileInvalidPreviousKey(t *testing.T) {
 	request := ctrl.Request{NamespacedName: secretID}
 	result, err := r.Reconcile(context.TODO(), request)
 
-	Expect(err).To(BeNil())
+	Expect(err).ToNot(HaveOccurred())
 	Expect(result.Requeue).To(BeFalse())
 	Expect(getRequeueAfterDays(result)).To(Equal(30))
 
 	err = r.Get(context.TODO(), secretID, encryptionSecret)
-	Expect(err).To(BeNil())
+	Expect(err).ToNot(HaveOccurred())
 	Expect(bytes.Equal(encryptionSecret.Data["key"], originalKey)).To(BeTrue())
-	Expect(len(encryptionSecret.Data["previousKey"])).To(Equal(0))
+	Expect(encryptionSecret.Data["previousKey"]).To(BeEmpty())
 
 	assertNoTriggerUpdate(r)
 }
@@ -451,7 +453,7 @@ func TestReconcileSecretNotFiltered(t *testing.T) {
 	request := ctrl.Request{NamespacedName: secretID}
 	result, err := r.Reconcile(context.TODO(), request)
 
-	Expect(err).To(BeNil())
+	Expect(err).ToNot(HaveOccurred())
 	Expect(result.Requeue).To(BeFalse())
 	Expect(result.RequeueAfter).To(Equal(time.Duration(0)))
 
@@ -504,10 +506,10 @@ func TestReconcileAPIFails(t *testing.T) {
 				result, err := r.Reconcile(context.TODO(), request)
 
 				if !test.ExpectedRotation {
-					Expect(err).ShouldNot(BeNil())
+					Expect(err).Should(HaveOccurred())
 					Expect(result.RequeueAfter).Should(Equal(time.Duration(0)))
 				} else {
-					Expect(err).Should(BeNil())
+					Expect(err).ShouldNot(HaveOccurred())
 					Expect(result.RequeueAfter).ShouldNot(Equal(time.Duration(0)))
 				}
 
@@ -517,7 +519,7 @@ func TestReconcileAPIFails(t *testing.T) {
 				r.Client = erroringClient.Client
 
 				err = r.Get(context.TODO(), client.ObjectKeyFromObject(encryptionSecret), encryptionSecret)
-				Expect(err).Should(BeNil())
+				Expect(err).ShouldNot(HaveOccurred())
 
 				if test.ExpectedRotation {
 					Expect(bytes.Equal(originalKey, encryptionSecret.Data["key"])).Should(BeFalse())

controllers/policyset/placementBindingMapper.go

@@ -12,9 +12,9 @@ import (
 	policiesv1 "open-cluster-management.io/governance-policy-propagator/api/v1"
 )
 
-func placementBindingMapper(c client.Client) handler.MapFunc {
+func placementBindingMapper(_ client.Client) handler.MapFunc {
 	return func(obj client.Object) []reconcile.Request {
-		// nolint: forcetypeassert
+		//nolint:forcetypeassert
 		object := obj.(*policiesv1.PlacementBinding)
 		var result []reconcile.Request