Enable more linters (#2545)

Author: lucacome

.golangci.yml

@@ -53,14 +53,19 @@ linters:
   enable:
     - asasalint
     - asciicheck
+    - bidichk
     - copyloopvar
     - dupword
+    - durationcheck
     - errcheck
+    - errchkjson
     - errname
     - errorlint
     - fatcontext
     - ginkgolinter
     - gocheckcompilerdirectives
+    - gochecksumtype
+    - gocritic
     - gocyclo
     - godot
     - gofmt
@@ -76,6 +81,7 @@ linters:
     - loggercheck
     - makezero
     - misspell
+    - musttag
     - nilerr
     - noctx
     - nolintlint
@@ -86,6 +92,7 @@ linters:
     - spancheck
     - staticcheck
     - stylecheck
+    - tagalign
     - tenv
     - thelper
     - tparallel

internal/mode/provisioner/manager.go

@@ -133,7 +133,7 @@ func StartManager(cfg Config) error {
 		statusUpdater,
 		mgr.GetClient(),
 		embeddedfiles.StaticModeDeploymentYAML,
-		func() metav1.Time { return metav1.Now() },
+		metav1.Now,
 	)
 
 	eventLoop := events.NewEventLoop(

internal/mode/static/handler.go

@@ -471,8 +471,7 @@ func getGatewayAddresses(
 	}
 
 	var addresses, hostnames []string
-	switch gwSvc.Spec.Type {
-	case v1.ServiceTypeLoadBalancer:
+	if gwSvc.Spec.Type == v1.ServiceTypeLoadBalancer {
 		for _, ingress := range gwSvc.Status.LoadBalancer.Ingress {
 			if ingress.IP != "" {
 				addresses = append(addresses, ingress.IP)

internal/mode/static/manager.go

@@ -107,7 +107,8 @@ func StartManager(cfg config.Config) error {
 		Namespace: cfg.GatewayPodConfig.Namespace,
 		Name:      cfg.ConfigName,
 	}
-	if err := registerControllers(ctx, cfg, mgr, recorder, logLevelSetter, eventCh, controlConfigNSName); err != nil {
+	err = registerControllers(ctx, cfg, mgr, recorder, logLevelSetter, eventCh, controlConfigNSName)
+	if err != nil {
 		return err
 	}
 
@@ -149,9 +150,11 @@ func StartManager(cfg config.Config) error {
 	processHandler := ngxruntime.NewProcessHandlerImpl(os.ReadFile, os.Stat)
 
 	// Ensure NGINX is running before registering metrics & starting the manager.
-	if _, err := processHandler.FindMainProcess(ctx, ngxruntime.PidFileTimeout); err != nil {
+	p, err := processHandler.FindMainProcess(ctx, ngxruntime.PidFileTimeout)
+	if err != nil {
 		return fmt.Errorf("NGINX is not running: %w", err)
 	}
+	cfg.Logger.V(1).Info("NGINX is running with PID", "pid", p)
 
 	var (
 		ngxruntimeCollector ngxruntime.MetricsCollector = collectors.NewManagerNoopCollector()
@@ -162,11 +165,6 @@ func StartManager(cfg config.Config) error {
 	var usageSecret *usage.Secret
 
 	if cfg.Plus {
-		ngxPlusClient, err = ngxruntime.CreatePlusClient()
-		if err != nil {
-			return fmt.Errorf("error creating NGINX plus client: %w", err)
-		}
-
 		if cfg.UsageReportConfig != nil {
 			usageSecret = usage.NewUsageSecret()
 			reporter, err := createUsageReporterJob(mgr.GetAPIReader(), cfg, usageSecret, nginxChecker.getReadyCh())
@@ -188,6 +186,10 @@ func StartManager(cfg config.Config) error {
 		constLabels := map[string]string{"class": cfg.GatewayClassName}
 		var ngxCollector prometheus.Collector
 		if cfg.Plus {
+			ngxPlusClient, err = ngxruntime.CreatePlusClient()
+			if err != nil {
+				return fmt.Errorf("error creating NGINX plus client: %w", err)
+			}
 			ngxCollector, err = collectors.NewNginxPlusMetricsCollector(ngxPlusClient, constLabels, promLogger)
 		} else {
 			ngxCollector = collectors.NewNginxMetricsCollector(constLabels, promLogger)

internal/mode/static/nginx/config/validation/common_test.go

@@ -48,7 +48,7 @@ func TestValidateEscapedStringNoVarExpansion(t *testing.T) {
 
 func TestValidateValidHeaderName(t *testing.T) {
 	t.Parallel()
-	validator := func(value string) error { return validateHeaderName(value) }
+	validator := validateHeaderName
 
 	testValidValuesForSimpleValidator(
 		t,

internal/mode/static/nginx/file/folders.go

@@ -28,12 +28,12 @@ func ClearFolders(fileMgr ClearFoldersOSFileManager, paths []string) (removedFil
 		}
 
 		for _, entry := range entries {
-			path := filepath.Join(path, entry.Name())
-			if err := fileMgr.Remove(path); err != nil {
-				return removedFiles, fmt.Errorf("failed to remove %q: %w", path, err)
+			entryPath := filepath.Join(path, entry.Name())
+			if err := fileMgr.Remove(entryPath); err != nil {
+				return removedFiles, fmt.Errorf("failed to remove %q: %w", entryPath, err)
 			}
 
-			removedFiles = append(removedFiles, path)
+			removedFiles = append(removedFiles, entryPath)
 		}
 	}
 

internal/mode/static/nginx/runtime/manager.go

@@ -121,9 +121,9 @@ func (m *ManagerImpl) Reload(ctx context.Context, configVersion int) error {
 
 	// send HUP signal to the NGINX main process reload configuration
 	// See https://nginx.org/en/docs/control.html
-	if err := m.processHandler.Kill(pid); err != nil {
+	if errP := m.processHandler.Kill(pid); errP != nil {
 		m.metricsCollector.IncReloadErrors()
-		return fmt.Errorf("failed to send the HUP signal to NGINX main: %w", err)
+		return fmt.Errorf("failed to send the HUP signal to NGINX main: %w", errP)
 	}
 
 	if err = m.verifyClient.WaitForCorrectVersion(

internal/mode/static/state/dataplane/configuration.go

@@ -279,12 +279,12 @@ func buildBackendGroups(servers []VirtualServer) []BackendGroup {
 			for _, mr := range pr.MatchRules {
 				group := mr.BackendGroup
 
-				key := key{
+				k := key{
 					nsname:  group.Source,
 					ruleIdx: group.RuleIdx,
 				}
 
-				uniqueGroups[key] = group
+				uniqueGroups[k] = group
 			}
 		}
 	}

internal/mode/static/state/graph/backend_refs.go

@@ -238,12 +238,10 @@ func validateBackendTLSPolicyMatchingAllBackends(backendRefs []BackendRef) *cond
 		if referencePolicy == nil {
 			// First reference, store the policy as reference
 			referencePolicy = backendRef.BackendTLSPolicy
-		} else {
+		} else if checkPoliciesEqual(backendRef.BackendTLSPolicy.Source, referencePolicy.Source) {
 			// Check if the policies match
-			if checkPoliciesEqual(backendRef.BackendTLSPolicy.Source, referencePolicy.Source) {
-				mismatch = true
-				break
-			}
+			mismatch = true
+			break
 		}
 	}
 	if mismatch {

internal/mode/static/state/graph/backend_tls_policy.go

@@ -86,23 +86,27 @@ func validateBackendTLSPolicy(
 
 	caCertRefs := backendTLSPolicy.Spec.Validation.CACertificateRefs
 	wellKnownCerts := backendTLSPolicy.Spec.Validation.WellKnownCACertificates
-	if len(caCertRefs) > 0 && wellKnownCerts != nil {
+	switch {
+	case len(caCertRefs) > 0 && wellKnownCerts != nil:
 		valid = false
 		msg := "CACertificateRefs and WellKnownCACertificates are mutually exclusive"
 		conds = append(conds, staticConds.NewPolicyInvalid(msg))
-	} else if len(caCertRefs) > 0 {
+
+	case len(caCertRefs) > 0:
 		if err := validateBackendTLSCACertRef(backendTLSPolicy, configMapResolver); err != nil {
 			valid = false
 			conds = append(conds, staticConds.NewPolicyInvalid(
 				fmt.Sprintf("invalid CACertificateRef: %s", err.Error())))
 		}
-	} else if wellKnownCerts != nil {
+
+	case wellKnownCerts != nil:
 		if err := validateBackendTLSWellKnownCACerts(backendTLSPolicy); err != nil {
 			valid = false
 			conds = append(conds, staticConds.NewPolicyInvalid(
 				fmt.Sprintf("invalid WellKnownCACertificates: %s", err.Error())))
 		}
-	} else {
+
+	default:
 		valid = false
 		conds = append(conds, staticConds.NewPolicyInvalid("CACertRefs and WellKnownCACerts are both nil"))
 	}