Remove unused function and add nolint where it's wrong

micromaomao · micromaomao · commit cb41b999a1d3 · 2025-10-23T09:34:30.000+01:00
Signed-off-by: Tingmao Wang &lt;tingmaowang@microsoft.com&gt;
diff --git a/pkg/securitypolicy/securitypolicy_linux.go b/pkg/securitypolicy/securitypolicy_linux.go
@@ -24,6 +24,8 @@ const osType = "linux"
 // substituteUVMPath substitutes mount prefix to an appropriate path inside
 // UVM. At policy generation time, it's impossible to tell what the sandboxID
 // will be, so the prefix substitution needs to happen during runtime.
+//
+//nolint:unused // linting is wrong, this is used in rego_utils_test.go
 func substituteUVMPath(sandboxID string, m mountInternal) mountInternal {
 	if strings.HasPrefix(m.Source, guestpath.SandboxMountPrefix) {
 		m.Source = specInternal.SandboxMountSource(sandboxID, m.Source)
diff --git a/pkg/securitypolicy/securitypolicy_windows.go b/pkg/securitypolicy/securitypolicy_windows.go
@@ -12,6 +12,8 @@ const osType = "windows"
 // substituteUVMPath substitutes mount prefix to an appropriate path inside
 // UVM. At policy generation time, it's impossible to tell what the sandboxID
 // will be, so the prefix substitution needs to happen during runtime.
+//
+//nolint:unused // linting is wrong, this is used in rego_utils_test.go
 func substituteUVMPath(sandboxID string, m mountInternal) mountInternal {
 	//no-op for windows
 	_ = sandboxID
diff --git a/pkg/securitypolicy/securitypolicyenforcer.go b/pkg/securitypolicy/securitypolicyenforcer.go
@@ -2,8 +2,6 @@ package securitypolicy
 
 import (
 	"context"
-	"encoding/base64"
-	"encoding/json"
 	"fmt"
 	"syscall"
 
@@ -144,26 +142,6 @@ func (s stringSet) contains(item string) bool {
 	return contains
 }
 
-func newSecurityPolicyFromBase64JSON(base64EncodedPolicy string) (*SecurityPolicy, error) {
-	// base64 decode the incoming policy string
-	// its base64 encoded because it is coming from an annotation
-	// annotations are a map of string to string
-	// we want to store a complex json object so.... base64 it is
-	jsonPolicy, err := base64.StdEncoding.DecodeString(base64EncodedPolicy)
-	if err != nil {
-		return nil, errors.Wrap(err, "unable to decode policy from Base64 format")
-	}
-
-	// json unmarshall the decoded to a SecurityPolicy
-	securityPolicy := new(SecurityPolicy)
-	err = json.Unmarshal(jsonPolicy, securityPolicy)
-	if err != nil {
-		return nil, errors.Wrap(err, "unable to unmarshal JSON policy")
-	}
-
-	return securityPolicy, nil
-}
-
 // CreateSecurityPolicyEnforcer returns an appropriate enforcer for input
 // parameters.  Returns an error if the requested `enforcer` implementation
 // isn't registered.
