linters: add forbiddenmarkers and nonullable linters

[everettraven]

Adds a disabled by default forbiddenmarkers linter that has configuration options to specify marker identifiers that should never exist on a type/field. Suggests fixes to remove the forbidden markers.

Adds an enabled by default nonullable linter that wraps the forbiddenmarkers linter and configures the nullable marker to be forbidden.

Fixes #100

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: everettraven
Once this PR has been reviewed and has the lgtm label, please assign jpbetz for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[everettraven]

I'll need to add the linter documentation to the new location as well :P

/hold

[JoelSpeed]

What if I wanted to forbid a marker only if it had a certain parameter? Or a certain value?

E.g. I want to prevent someone from using a particular kubebuilder:validation:Format, would this allow me to do that?

Or I wanted to say, you can't use the optionalOldSelf property on an XValidation?

[everettraven]

Good questions. This would not allow that for now. I think those are reasonable use cases and make sense to consider.

I can add some configuration options to allow for this type of customization.

[JoelSpeed]

Maybe create a constructor on the forbidden markers side that allows you to pass options for Name and Doc, rather than overriding them here? Then this just becomes

return NewAnalyzerWithOpts(forbidden.Opts{
  Name: ...
  Doc: ...
  Markers: []string{...}
})

Or even, you could just call that inside the initializer.

[JoelSpeed]

Why the asterisks at the beginning of each line?

[everettraven]

Copied format from another linter doc.go - but also I think my editor does this by default. I can strip the asterisks at the beginning of each line if necessary

[JoelSpeed]

Doesn't matter to me, but normally with /* */ syntax I didn't think it was needed

[JoelSpeed]

I'm starting to wonder if we should create a util to generate the initializer from a func 🤔

[everettraven]

I like that idea, but to keep the scope of this PR tightened to these two linters I'd suggest that be a follow up.

[JoelSpeed]

This is now implemented, PR will need a rebase

[everettraven]

Working on allowing configuration of forbidden attributes and values.

/hold

[everettraven]

This is mostly ready to go, just have to fix linting issues and squash commits.

[JoelSpeed]

Implementation of validation missing?

[JoelSpeed]

Normally the child element is called by the parent, rather than here

[JoelSpeed]

What if I wanted to say identifier foo is allow, unless it has attribute A and B, or A and C? Are we sure the identifiers must be unique? Or should they be unique only when the attributes match?

For example, what if I wanted to forbid Blue Apples, or Green Oranges, but allow Red Apples and Orange Oranges? Would that be configurable today?

[everettraven]

Good question. I'd have to think through potential scenarios a bit further,but giving this a quick analysis.

In this example we essentially want the markers +custom:marker:fruit=apple,color=blue and +custom:marker:fruit=orange,color=green to be invalid. I think boils down to a configuration of:

markers:
  - identifier: "custom:marker"
    attributes: # entries join as an AND operation
      - name: fruit
         values: # OR operation
           - apple
           - orange
      - name: color
         values: # OR operation
           - blue
           - green

This basically becomes a boolean conditional chain of (fruit == apple || fruit == orange) && (color == blue || color == green) which means that it would successfully work for the exact constraints of your example, but would also forbid Green Apples and Blue Oranges.

I could imagine a case where you may want to forbid something like Blue Apples and Green Oranges but still want to allow something like Green Apples as valid.

Maybe doing something like a "rule set" that does an OR (basically a configured set of the existing ANDed attribute rules) would allow for that behavior while keeping all configuration under a unique identifier.

For example, to handle the case of forbidding Blue Apples and Green Oranges, but allowing Green Apples you might be able to do something like:

markers:
  - identifier: "custom:marker"
    ruleSets: # OR operation
      - attributes: # entries join as an AND operation
        - name: fruit
           values: # OR operation
             - apple
        - name: color
           values: # OR operation
             - blue
      - attributes: # entries join as an AND operation
        - name: fruit
           values: # OR operation
             - orange
        - name: color
           values: # OR operation
             - green

Which would essentially become a conditional of (fruit == apple && color == blue) || (fruit == orange && color == green) which would work.

[JoelSpeed]

Yeah I think the ruleset idea could work, shall we give that a go?

[everettraven]

Yeah, I'll move this in that direction. I probably won't have time to do this until later this week though