overall refactoring and linter fixes

Author: PatrickLaabs

Dockerfile

@@ -28,7 +28,7 @@ ARG ARCH
 # It's an invalid finding since the image is explicitly set in the Makefile.
 # https://github.com/hadolint/hadolint/wiki/DL3006
 # hadolint ignore=DL3006
-FROM ${builder_image} as builder
+FROM ${builder_image} AS builder
 WORKDIR /workspace
 
 # Run this with docker build --build-arg goproxy=$(go env GOPROXY) to override the goproxy
@@ -71,34 +71,31 @@ RUN --mount=type=cache,target=/root/.cache/go-build \
 # Production image
 FROM ${deployment_base_image}:${deployment_base_image_tag}
 
+# Set shell with pipefail option for better error handling
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+
 # Install Node.js and cdk8s-cli directly
+# hadolint ignore=DL3015
 RUN apt-get update && \
-    apt-get install -y ca-certificates curl wget && \
+    apt-get install -y --no-install-recommends ca-certificates=20240203~22.04.1 curl=7.81.0-1ubuntu1.20 && \
     curl -fsSL https://deb.nodesource.com/setup_18.x | bash - && \
-    apt-get install -y nodejs && \
-    npm install -g cdk8s-cli && \
-    wget https://go.dev/dl/go1.21.5.linux-amd64.tar.gz && \
-    tar -C /usr/local -xzf go1.21.5.linux-amd64.tar.gz && \
-    rm go1.21.5.linux-amd64.tar.gz && \
+    apt-get install -y nodejs=18.19.1-1nodesource1 && \
+    npm install -g cdk8s-cli@2.200.96 && \
+    curl -fsSL -o go1.24.4.linux-amd64.tar.gz https://go.dev/dl/go1.24.4.linux-amd64.tar.gz && \
+    tar -C /usr/local -xzf go1.24.4.linux-amd64.tar.gz && \
+    rm go1.24.4.linux-amd64.tar.gz && \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 
-    # Set Go environment variables
+# Set Go environment variables
 ENV PATH=$PATH:/usr/local/go/bin
 ENV GOROOT=/usr/local/go
 
-RUN cdk8s --version && go version
-
 WORKDIR /
 COPY --from=builder /workspace/manager .
 
 # Create non-root user
 RUN useradd --uid 65532 --create-home --shell /bin/bash nonroot
-
-# Ensure the non-root user can access Go by setting up their environment
-RUN echo 'export PATH=$PATH:/usr/local/go/bin' >> /home/nonroot/.bashrc && \
-    echo 'export GOROOT=/usr/local/go' >> /home/nonroot/.bashrc && \
-    echo 'export PATH=$PATH:/usr/local/go/bin' >> /home/nonroot/.profile
 
 # Switch back to non-root user (this line should already exist)
 # USER root # This was part of the removed direct install, ensure it's not re-added here unless needed for COPY permissions

Makefile

@@ -232,7 +232,7 @@ CAPI_KIND_CLUSTER_NAME ?= capi-test
 
 # It is set by Prow GIT_TAG, a git-based tag of the form vYYYYMMDD-hash, e.g., v20210120-v0.3.10-308-gc61521971
 
-TAG ?= v0.2.4-alpha
+TAG ?= v0.2.6-preview
 ARCH ?= $(shell go env GOARCH)
 ALL_ARCH = amd64 arm arm64
 

api/v1alpha1/cdk8sappproxy_types.go

@@ -41,7 +41,7 @@ type GitRepositorySpec struct {
 	// containing authentication credentials for the Git repository.
 	// The secret must contain 'username' and 'password' fields.
 	// +kubebuilder:validation:Optional
-	AuthSecretRef *corev1.LocalObjectReference `json:"authSecretRef,omitempty"` // New field
+	AuthSecretRef *corev1.LocalObjectReference `json:"authSecretRef,omitempty"`
 }
 
 // Cdk8sAppProxySpec defines the desired state of Cdk8sAppProxy.

api/v1alpha1/cdk8sappproxy_webhook_test.go

@@ -1,7 +1,6 @@
 package v1alpha1
 
 import (
-	"context"
 	"testing"
 
 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
@@ -90,12 +89,7 @@ func TestCdk8sAppProxy_Default(t *testing.T) {
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			ctx := context.Background()
-			err := tt.proxy.Default(ctx, tt.proxy)
-			if err != nil {
-				t.Errorf("Default() error = %v", err)
-				return
-			}
+			tt.proxy.Default()
 
 			if tt.proxy.Spec.GitRepository != nil && tt.expected.Spec.GitRepository != nil {
 				if tt.proxy.Spec.GitRepository.Reference != tt.expected.Spec.GitRepository.Reference {
@@ -177,21 +171,19 @@ func TestCdk8sAppProxy_ValidateCreate(t *testing.T) {
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			ctx := context.Background()
-			warnings, err := tt.proxy.ValidateCreate(ctx, tt.proxy)
+			warnings, err := tt.proxy.ValidateCreate()
 
 			if tt.wantError {
 				if err == nil {
 					t.Errorf("ValidateCreate() expected error, got nil")
+
 					return
 				}
 				if tt.errorMsg != "" && err.Error() != "validation failed: ["+tt.errorMsg+"]" {
 					t.Errorf("ValidateCreate() error = %v, want error containing %v", err.Error(), tt.errorMsg)
 				}
-			} else {
-				if err != nil {
-					t.Errorf("ValidateCreate() unexpected error = %v", err)
-				}
+			} else if err != nil {
+				t.Errorf("ValidateCreate() unexpected error = %v", err)
 			}
 
 			// Warnings should always be nil in our implementation
@@ -248,8 +240,7 @@ func TestCdk8sAppProxy_ValidateUpdate(t *testing.T) {
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			ctx := context.Background()
-			warnings, err := tt.newProxy.ValidateUpdate(ctx, tt.oldProxy, tt.newProxy)
+			warnings, err := tt.newProxy.ValidateUpdate(tt.oldProxy)
 
 			if tt.wantError {
 				if err == nil {
@@ -278,8 +269,7 @@ func TestCdk8sAppProxy_ValidateDelete(t *testing.T) {
 		},
 	}
 
-	ctx := context.Background()
-	warnings, err := proxy.ValidateDelete(ctx, proxy)
+	warnings, err := proxy.ValidateDelete()
 
 	if err != nil {
 		t.Errorf("ValidateDelete() unexpected error = %v", err)
@@ -335,15 +325,17 @@ func TestCdk8sAppProxy_validateCdk8sAppProxy(t *testing.T) {
 
 			if (err != nil) != tt.wantError {
 				t.Errorf("validateCdk8sAppProxy() error = %v, wantError %v", err, tt.wantError)
+
 				return
 			}
 
 			// Compare warnings properly
-			if tt.wantWarnings == nil && warnings != nil {
+			switch {
+			case tt.wantWarnings == nil && warnings != nil:
 				t.Errorf("validateCdk8sAppProxy() warnings = %v, want nil", warnings)
-			} else if tt.wantWarnings != nil && warnings == nil {
+			case tt.wantWarnings != nil && warnings == nil:
 				t.Errorf("validateCdk8sAppProxy() warnings = nil, want %v", tt.wantWarnings)
-			} else if tt.wantWarnings != nil && warnings != nil {
+			case tt.wantWarnings != nil && warnings != nil:
 				if len(warnings) != len(tt.wantWarnings) {
 					t.Errorf("validateCdk8sAppProxy() warnings length = %d, want %d", len(warnings), len(tt.wantWarnings))
 				} else {

api/v1alpha1/cdk8sappproxy_webook.go

@@ -21,10 +21,10 @@ func (r *Cdk8sAppProxy) SetupWebhookWithManager(mgr ctrl.Manager) error {
 
 // +kubebuilder:webhook:path=/mutate-addons-cluster-x-k8s-io-v1alpha1-cdk8sappproxy,mutating=true,failurePolicy=fail,sideEffects=None,groups=addons.cluster.x-k8s.io,resources=cdk8sappproxies,verbs=create;update,versions=v1alpha1,name=cdk8sappproxy.kb.io,admissionReviewVersions=v1
 
-// var _ webhook.CustomDefaulter = &Cdk8sAppProxy{}
+// var _ webhook.CustomDefaulter = &Cdk8sAppProxy{}.
 var _ webhook.Defaulter = &Cdk8sAppProxy{}
 
-// Default implements webhook.CustomDefaulter so a webhook will be registered for the type
+// Default implements webhook.CustomDefaulter so a webhook will be registered for the type.
 func (r *Cdk8sAppProxy) Default() {
 	cdk8sappproxylog.Info("default", "name", r.Name)
 
@@ -43,21 +43,21 @@ func (r *Cdk8sAppProxy) Default() {
 
 var _ webhook.Validator = &Cdk8sAppProxy{}
 
-// ValidateCreate implements webhook.CustomValidator so a webhook will be registered for the type
+// ValidateCreate implements webhook.CustomValidator so a webhook will be registered for the type.
 func (r *Cdk8sAppProxy) ValidateCreate() (admission.Warnings, error) {
 	cdk8sappproxylog.Info("validate create", "name", r.Name)
 
 	return r.validateCdk8sAppProxy()
 }
 
-// ValidateUpdate implements webhook.CustomValidator so a webhook will be registered for the type
+// ValidateUpdate implements webhook.CustomValidator so a webhook will be registered for the type.
 func (r *Cdk8sAppProxy) ValidateUpdate(oldRaw runtime.Object) (admission.Warnings, error) {
 	cdk8sappproxylog.Info("validate update", "name", r.Name)
 
 	return r.validateCdk8sAppProxy()
 }
 
-// ValidateDelete implements webhook.CustomValidator so a webhook will be registered for the type
+// ValidateDelete implements webhook.CustomValidator so a webhook will be registered for the type.
 func (r *Cdk8sAppProxy) ValidateDelete() (admission.Warnings, error) {
 	cdk8sappproxylog.Info("validate delete", "name", r.Name)
 

api/v1alpha1/webhook_suite_test.go

@@ -0,0 +1,136 @@
+/*
+Copyright 2022 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	"context"
+	"crypto/tls"
+	"fmt"
+	"net"
+	"path/filepath"
+	"testing"
+	"time"
+
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+	admissionv1beta1 "k8s.io/api/admission/v1beta1"
+	"k8s.io/apimachinery/pkg/runtime"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/envtest"
+	logf "sigs.k8s.io/controller-runtime/pkg/log"
+	"sigs.k8s.io/controller-runtime/pkg/log/zap"
+	metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server"
+	"sigs.k8s.io/controller-runtime/pkg/webhook"
+)
+
+// These tests use Ginkgo (BDD-style Go testing framework). Refer to
+// http://onsi.github.io/ginkgo/ to learn more about Ginkgo.
+
+var (
+	k8sClient client.Client
+	testEnv   *envtest.Environment
+	ctx       context.Context
+	cancel    context.CancelFunc
+)
+
+func TestAPIs(t *testing.T) {
+	RegisterFailHandler(Fail)
+
+	RunSpecs(t, "Webhook Suite")
+}
+
+var _ = BeforeSuite(func() {
+	logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true)))
+
+	ctx, cancel = context.WithCancel(context.TODO())
+
+	By("bootstrapping test environment")
+	testEnv = &envtest.Environment{
+		CRDDirectoryPaths:     []string{filepath.Join("..", "..", "config", "crd", "bases")},
+		ErrorIfCRDPathMissing: false,
+		WebhookInstallOptions: envtest.WebhookInstallOptions{
+			Paths: []string{filepath.Join("..", "..", "config", "webhook")},
+		},
+	}
+
+	cfg, err := testEnv.Start()
+	Expect(err).NotTo(HaveOccurred())
+	Expect(cfg).NotTo(BeNil())
+
+	scheme := runtime.NewScheme()
+	err = AddToScheme(scheme)
+	Expect(err).NotTo(HaveOccurred())
+
+	err = admissionv1beta1.AddToScheme(scheme)
+	Expect(err).NotTo(HaveOccurred())
+
+	err = admissionv1beta1.AddToScheme(scheme)
+	Expect(err).NotTo(HaveOccurred())
+
+	//+kubebuilder:scaffold:scheme
+
+	k8sClient, err = client.New(cfg, client.Options{Scheme: scheme})
+	Expect(err).NotTo(HaveOccurred())
+	Expect(k8sClient).NotTo(BeNil())
+
+	// start webhook server using Manager
+	webhookInstallOptions := &testEnv.WebhookInstallOptions
+	mgr, err := ctrl.NewManager(cfg, ctrl.Options{
+		Scheme: scheme,
+		WebhookServer: webhook.NewServer(
+			webhook.Options{
+				Host:    webhookInstallOptions.LocalServingHost,
+				Port:    webhookInstallOptions.LocalServingPort,
+				CertDir: webhookInstallOptions.LocalServingCertDir,
+			},
+		),
+		LeaderElection: false,
+		Metrics:        metricsserver.Options{BindAddress: "0"},
+	})
+	Expect(err).NotTo(HaveOccurred())
+
+	err = (&Cdk8sAppProxy{}).SetupWebhookWithManager(mgr)
+	Expect(err).NotTo(HaveOccurred())
+
+	//+kubebuilder:scaffold:webhook
+
+	go func() {
+		defer GinkgoRecover()
+		err = mgr.Start(ctx)
+		Expect(err).NotTo(HaveOccurred())
+	}()
+
+	// wait for the webhook server to get ready
+	dialer := &net.Dialer{Timeout: time.Second}
+	addrPort := fmt.Sprintf("%s:%d", webhookInstallOptions.LocalServingHost, webhookInstallOptions.LocalServingPort)
+	Eventually(func() error {
+		conn, err := tls.DialWithDialer(dialer, "tcp", addrPort, &tls.Config{InsecureSkipVerify: true})
+		if err != nil {
+			return err
+		}
+
+		return conn.Close()
+	}).Should(Succeed())
+})
+
+var _ = AfterSuite(func() {
+	cancel()
+	By("tearing down the test environment")
+	err := testEnv.Stop()
+	Expect(err).NotTo(HaveOccurred())
+})

config/default/manager_image_patch.yaml

@@ -7,5 +7,5 @@ spec:
   template:
     spec:
       containers:
-      - image: ghcr.io/patricklaabs/cluster-api-addon-provider-cdk8s/cluster-api-cdk8s-controller:v0.2.4-alpha
+      - image: ghcr.io/patricklaabs/cluster-api-addon-provider-cdk8s/cluster-api-cdk8s-controller:v0.2.6-preview
         name: manager

config/default/manager_image_patch.yaml-e

@@ -7,5 +7,5 @@ spec:
   template:
     spec:
       containers:
-      - image: ghcr.io/patricklaabs/cluster-api-addon-provider-cdk8s/cluster-api-cdk8s-controller:v0.2.4-alpha
+      - image: ghcr.io/patricklaabs/cluster-api-addon-provider-cdk8s/cluster-api-cdk8s-controller:v0.2.6-preview
         name: manager

config/default/manager_pull_policy.yaml-e

@@ -8,4 +8,4 @@ spec:
     spec:
       containers:
       - name: manager
-        imagePullPolicy: IfNotPresent
+        imagePullPolicy: Always