fix golangci reported issues

Signed-off-by: Martin Schuppert <[email protected]>

Author: stuggi

controllers/galera_controller.go

@@ -14,12 +14,14 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
+// Package controllers contains the Galera and MariaDB account controllers for the mariadb-operator.
 package controllers
 
 import (
 	"bytes"
 	"context"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"sort"
 	"strconv"
@@ -63,16 +65,23 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/reconcile"
 
 	topologyv1 "github.com/openstack-k8s-operators/infra-operator/apis/topology/v1beta1"
-	databasev1beta1 "github.com/openstack-k8s-operators/mariadb-operator/api/v1beta1"
 	mariadbv1 "github.com/openstack-k8s-operators/mariadb-operator/api/v1beta1"
 	mariadb "github.com/openstack-k8s-operators/mariadb-operator/pkg/mariadb"
 )
 
 // fields to index to reconcile on CR change
 const (
-	serviceSecretNameField = ".spec.tls.genericService.SecretName"
-	caSecretNameField      = ".spec.tls.ca.caBundleSecretName"
-	topologyField          = ".spec.topologyRef.Name"
+	// serviceSecretNameField specifies the field path for TLS service secret name
+	serviceSecretNameField = ".spec.tls.genericService.SecretName" // #nosec G101 -- This is a field path, not a credential
+	// caSecretNameField specifies the field path for CA bundle secret name
+	caSecretNameField = ".spec.tls.ca.caBundleSecretName" // #nosec G101 -- This is a field path, not a credential
+	topologyField     = ".spec.topologyRef.Name"
+)
+
+// Static errors
+var (
+	// ErrOpenStackSecretNotFound indicates that the OpenStack secret was not found
+	ErrOpenStackSecretNotFound = errors.New("OpenStack secret not found")
 )
 
 var allWatchFields = []string{
@@ -574,7 +583,7 @@ func (r *GaleraReconciler) Reconcile(ctx context.Context, req ctrl.Request) (res
 				condition.RequestedReason,
 				condition.SeverityInfo,
 				condition.InputReadyWaitingMessage))
-			return res, fmt.Errorf("OpenStack secret %s not found", instance.Spec.Secret)
+			return res, fmt.Errorf("%w: %s", ErrOpenStackSecretNotFound, instance.Spec.Secret)
 		}
 		instance.Status.Conditions.Set(condition.FalseCondition(
 			condition.InputReadyCondition,
@@ -605,7 +614,7 @@ func (r *GaleraReconciler) Reconcile(ctx context.Context, req ctrl.Request) (res
 					condition.TLSInputReadyCondition,
 					condition.RequestedReason,
 					condition.SeverityInfo,
-					fmt.Sprintf(condition.TLSInputReadyWaitingMessage, instance.Spec.TLS.CaBundleSecretName)))
+					condition.TLSInputReadyWaitingMessage, instance.Spec.TLS.CaBundleSecretName))
 				return ctrl.Result{}, nil
 			}
 			instance.Status.Conditions.Set(condition.FalseCondition(
@@ -631,7 +640,7 @@ func (r *GaleraReconciler) Reconcile(ctx context.Context, req ctrl.Request) (res
 					condition.TLSInputReadyCondition,
 					condition.RequestedReason,
 					condition.SeverityInfo,
-					fmt.Sprintf(condition.TLSInputReadyWaitingMessage, err.Error())))
+					condition.TLSInputReadyWaitingMessage, err.Error()))
 				return ctrl.Result{}, nil
 			}
 			instance.Status.Conditions.Set(condition.FalseCondition(
@@ -662,7 +671,7 @@ func (r *GaleraReconciler) Reconcile(ctx context.Context, req ctrl.Request) (res
 
 	// build state of the restart hash. this is used to decide whether the
 	// statefulset must stop all its pods before applying a config update
-	clusterPropertiesEnv["GCommTLS"] = env.SetValue(strconv.FormatBool(instance.Spec.TLS.Enabled() && instance.Spec.TLS.Ca.CaBundleSecretName != ""))
+	clusterPropertiesEnv["GCommTLS"] = env.SetValue(strconv.FormatBool(instance.Spec.TLS.Enabled() && instance.Spec.TLS.CaBundleSecretName != ""))
 	clusterPropertiesHash, err := util.HashOfInputHashes(clusterPropertiesEnv)
 	if err != nil {
 		return ctrl.Result{}, err
@@ -981,8 +990,8 @@ func (r *GaleraReconciler) SetupWithManager(mgr ctrl.Manager) error {
 		// Extract the secret name from the spec, if one is provided
 		cr := rawObj.(*mariadbv1.Galera)
 		tls := &cr.Spec.TLS
-		if tls.Ca.CaBundleSecretName != "" {
-			return []string{tls.Ca.CaBundleSecretName}
+		if tls.CaBundleSecretName != "" {
+			return []string{tls.CaBundleSecretName}
 		}
 		return nil
 	}); err != nil {
@@ -994,7 +1003,7 @@ func (r *GaleraReconciler) SetupWithManager(mgr ctrl.Manager) error {
 		cr := rawObj.(*mariadbv1.Galera)
 		tls := &cr.Spec.TLS
 		if tls.Enabled() {
-			return []string{*tls.GenericService.SecretName}
+			return []string{*tls.SecretName}
 		}
 		return nil
 	}); err != nil {
@@ -1036,8 +1045,8 @@ func (r *GaleraReconciler) SetupWithManager(mgr ctrl.Manager) error {
 // GetDatabaseObject - returns either a Galera or MariaDB object (and an associated client.Object interface).
 // used by both MariaDBDatabaseReconciler and MariaDBAccountReconciler
 // this will later return only Galera objects, so as a lookup it's part of the galera controller
-func GetDatabaseObject(ctx context.Context, clientObj client.Client, name string, namespace string) (*databasev1beta1.Galera, error) {
-	dbGalera := &databasev1beta1.Galera{
+func GetDatabaseObject(ctx context.Context, clientObj client.Client, name string, namespace string) (*mariadbv1.Galera, error) {
+	dbGalera := &mariadbv1.Galera{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      name,
 			Namespace: namespace,
@@ -1089,7 +1098,7 @@ func (r *GaleraReconciler) findObjectsForSrc(ctx context.Context, src client.Obj
 	return requests
 }
 
-func (r *GaleraReconciler) reconcileDelete(ctx context.Context, instance *databasev1beta1.Galera, helper *helper.Helper) (ctrl.Result, error) {
+func (r *GaleraReconciler) reconcileDelete(ctx context.Context, instance *mariadbv1.Galera, helper *helper.Helper) (ctrl.Result, error) {
 	helper.GetLogger().Info("Reconciling Service delete")
 
 	// Remove our finalizer from the db svc

controllers/mariadbaccount_controller.go

@@ -59,14 +59,14 @@ func (r *MariaDBAccountReconciler) SetupWithManager(mgr ctrl.Manager) error {
 //+kubebuilder:rbac:groups=mariadb.openstack.org,resources=mariadbaccounts/finalizers,verbs=update;patch
 //+kubebuilder:rbac:groups=core,resources=secrets,verbs=get;list;create;update;delete;patch
 
-// Reconcile
+// Reconcile reconciles a MariaDBAccount object
 func (r *MariaDBAccountReconciler) Reconcile(ctx context.Context, req ctrl.Request) (result ctrl.Result, _err error) {
 	log := GetLog(ctx, "MariaDBAccount")
 
 	var err error
 
 	instance := &databasev1beta1.MariaDBAccount{}
-	err = r.Client.Get(ctx, req.NamespacedName, instance)
+	err = r.Get(ctx, req.NamespacedName, instance)
 	if err != nil {
 		return ctrl.Result{}, client.IgnoreNotFound(err)
 	}
@@ -142,7 +142,7 @@ func (r *MariaDBAccountReconciler) reconcileCreate(
 	// the reference to the secret itself is given in the spec
 	// the convention appears to be: "things we are dependent on are named in labels,
 	// things we are setting up are named in the spec"
-	mariadbDatabaseName := instance.ObjectMeta.Labels["mariaDBDatabaseName"]
+	mariadbDatabaseName := instance.Labels["mariaDBDatabaseName"]
 	if mariadbDatabaseName == "" {
 
 		log.Info(fmt.Sprintf(
@@ -169,7 +169,7 @@ func (r *MariaDBAccountReconciler) reconcileCreate(
 
 		log.Info(fmt.Sprintf(
 			"MariaDBAccount '%s' didn't find MariaDBDatabase '%s'; requeueing",
-			instance.Name, instance.ObjectMeta.Labels["mariaDBDatabaseName"]))
+			instance.Name, instance.Labels["mariaDBDatabaseName"]))
 
 		return ctrl.Result{RequeueAfter: time.Duration(10) * time.Second}, nil
 	} else if err == nil && !mariadbDatabase.Status.Conditions.IsTrue(databasev1beta1.MariaDBDatabaseReadyCondition) {
@@ -186,7 +186,7 @@ func (r *MariaDBAccountReconciler) reconcileCreate(
 
 		log.Info(fmt.Sprintf(
 			"MariaDBAccount '%s' MariaDBDatabase '%s' not yet complete; requeueing",
-			instance.Name, instance.ObjectMeta.Labels["mariaDBDatabaseName"]))
+			instance.Name, instance.Labels["mariaDBDatabaseName"]))
 
 		return ctrl.Result{RequeueAfter: time.Duration(10) * time.Second}, nil
 	} else if err != nil {
@@ -345,7 +345,7 @@ func (r *MariaDBAccountReconciler) reconcileDelete(
 	// the reference to the secret itself is given in the spec
 	// the convention appears to be: "things we are dependent on are named in labels,
 	// things we are setting up are named in the spec"
-	mariadbDatabaseName := instance.ObjectMeta.Labels["mariaDBDatabaseName"]
+	mariadbDatabaseName := instance.Labels["mariaDBDatabaseName"]
 	if mariadbDatabaseName == "" {
 
 		log.Info(fmt.Sprintf(
@@ -367,7 +367,7 @@ func (r *MariaDBAccountReconciler) reconcileDelete(
 		// our own instance and return
 		log.Info(fmt.Sprintf(
 			"MariaDBAccount '%s' Didn't find MariaDBDatabase '%s'; no account delete needed",
-			instance.Name, instance.ObjectMeta.Labels["mariaDBDatabaseName"]))
+			instance.Name, instance.Labels["mariaDBDatabaseName"]))
 
 		controllerutil.RemoveFinalizer(instance, helper.GetFinalizer())
 
@@ -380,7 +380,7 @@ func (r *MariaDBAccountReconciler) reconcileDelete(
 		// our own instance and return
 		log.Info(fmt.Sprintf(
 			"MariaDBAccount '%s' MariaDBDatabase '%s' not yet complete; no account delete needed",
-			instance.Name, instance.ObjectMeta.Labels["mariaDBDatabaseName"]))
+			instance.Name, instance.Labels["mariaDBDatabaseName"]))
 
 		// first, remove finalizer from the MariaDBDatabase instance
 		if controllerutil.RemoveFinalizer(mariadbDatabase, fmt.Sprintf("%s-%s", helper.GetFinalizer(), instance.Name)) {
@@ -557,7 +557,7 @@ func (r *MariaDBAccountReconciler) reconcileDelete(
 
 // getDatabaseObject - returns either a Galera or MariaDB object (and an associated client.Object interface)
 func (r *MariaDBAccountReconciler) getDatabaseObject(ctx context.Context, mariaDBDatabase *databasev1beta1.MariaDBDatabase, instance *databasev1beta1.MariaDBAccount) (*databasev1beta1.Galera, error) {
-	dbName := mariaDBDatabase.ObjectMeta.Labels["dbName"]
+	dbName := mariaDBDatabase.Labels["dbName"]
 	return GetDatabaseObject(
 		ctx, r.Client,
 		dbName,
@@ -578,7 +578,7 @@ func (r *MariaDBAccountReconciler) getMariaDBDatabaseObject(ctx context.Context,
 
 	objectKey := client.ObjectKeyFromObject(mariaDBDatabase)
 
-	err := r.Client.Get(ctx, objectKey, mariaDBDatabase)
+	err := r.Get(ctx, objectKey, mariaDBDatabase)
 	if err != nil {
 		return nil, err
 	}

controllers/mariadbdatabase_controller.go

@@ -56,7 +56,7 @@ func (r *MariaDBDatabaseReconciler) Reconcile(ctx context.Context, req ctrl.Requ
 
 	// Fetch the MariaDBDatabase instance
 	instance := &databasev1beta1.MariaDBDatabase{}
-	err = r.Client.Get(ctx, req.NamespacedName, instance)
+	err = r.Get(ctx, req.NamespacedName, instance)
 	if err != nil {
 		return ctrl.Result{}, client.IgnoreNotFound(err)
 	}
@@ -258,7 +258,7 @@ func (r *MariaDBDatabaseReconciler) SetupWithManager(mgr ctrl.Manager) error {
 func (r *MariaDBDatabaseReconciler) getDatabaseObject(ctx context.Context, instance *databasev1beta1.MariaDBDatabase) (*databasev1beta1.Galera, error) {
 	return GetDatabaseObject(
 		ctx, r.Client,
-		instance.ObjectMeta.Labels["dbName"],
+		instance.Labels["dbName"],
 		instance.Namespace,
 	)
 }

main.go

@@ -14,6 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
+// Package main implements the mariadb-operator controller manager.
 package main
 
 import (

pkg/mariadb/account.go

@@ -1,3 +1,4 @@
+// Package mariadb contains MariaDB database management functionality.
 package mariadb
 
 import (
@@ -18,6 +19,7 @@ type accountCreateOrDeleteOptions struct {
 	RequireTLS            string
 }
 
+// CreateDbAccountJob creates a Kubernetes job for creating a MariaDB database account
 func CreateDbAccountJob(account *databasev1beta1.MariaDBAccount, databaseName string, databaseHostName string, databaseSecret string, containerImage string, serviceAccountName string, nodeSelector *map[string]string) (*batchv1.Job, error) {
 	var tlsStatement string
 	if account.Spec.RequireTLS {
@@ -45,7 +47,7 @@ func CreateDbAccountJob(account *databasev1beta1.MariaDBAccount, databaseName st
 			// provided db name is used as metadata name where underscore is a not allowed
 			// character. Lets replace all underscores with hypen. Underscores in the db name are
 			// possible.
-			Name:      strings.Replace(account.Spec.UserName, "_", "-", -1) + "-account-create",
+			Name:      strings.ReplaceAll(account.Spec.UserName, "_", "-") + "-account-create",
 			Namespace: account.Namespace,
 			Labels:    labels,
 		},
@@ -97,6 +99,7 @@ func CreateDbAccountJob(account *databasev1beta1.MariaDBAccount, databaseName st
 	return job, nil
 }
 
+// DeleteDbAccountJob creates a Kubernetes job for deleting a MariaDB database account
 func DeleteDbAccountJob(account *databasev1beta1.MariaDBAccount, databaseName string, databaseHostName string, databaseSecret string, containerImage string, serviceAccountName string, nodeSelector *map[string]string) (*batchv1.Job, error) {
 
 	opts := accountCreateOrDeleteOptions{account.Spec.UserName, databaseName, databaseHostName, "root", ""}
@@ -110,7 +113,7 @@ func DeleteDbAccountJob(account *databasev1beta1.MariaDBAccount, databaseName st
 	}
 	job := &batchv1.Job{
 		ObjectMeta: metav1.ObjectMeta{
-			Name:      strings.Replace(account.Spec.UserName, "_", "", -1) + "-account-delete",
+			Name:      strings.ReplaceAll(account.Spec.UserName, "_", "") + "-account-delete",
 			Namespace: account.Namespace,
 			Labels:    labels,
 		},

pkg/mariadb/const.go

@@ -7,6 +7,6 @@ const (
 	// ActivePodSelectorKey - Selector key used to configure A/P service behavior
 	ActivePodSelectorKey = "statefulset.kubernetes.io/pod-name"
 
-	// Time allowed during a the startup probe (in seconds)
+	// StartupProbeTimeout is the time allowed during the startup probe (in seconds)
 	StartupProbeTimeout = 240
 )

pkg/mariadb/database.go

@@ -93,7 +93,7 @@ func DbDatabaseJob(database *databasev1beta1.MariaDBDatabase, databaseHostName s
 			// provided db name is used as metadata name where underscore is a not allowed
 			// character. Lets replace all underscores with hypen. Underscores in the db name are
 			// possible.
-			Name:      strings.Replace(database.Spec.Name, "_", "-", -1) + "-db-create",
+			Name:      strings.ReplaceAll(database.Spec.Name, "_", "-") + "-db-create",
 			Namespace: database.Namespace,
 			Labels:    labels,
 		},
@@ -188,7 +188,7 @@ func DeleteDbDatabaseJob(database *databasev1beta1.MariaDBDatabase, databaseHost
 
 	job := &batchv1.Job{
 		ObjectMeta: metav1.ObjectMeta{
-			Name:      strings.Replace(database.Spec.Name, "_", "", -1) + "-database-delete",
+			Name:      strings.ReplaceAll(database.Spec.Name, "_", "") + "-database-delete",
 			Namespace: database.Namespace,
 			Labels:    labels,
 		},

pkg/mariadb/service.go

@@ -5,6 +5,7 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
+// Service creates a Kubernetes service for MariaDB database
 func Service(db metav1.Object) *corev1.Service {
 	selectors := LabelSelectors(db, "galera")
 	// NOTE(dciabrin) we currently deploy the Galera cluster as A/P,

pkg/mariadb/volumes.go

@@ -7,6 +7,7 @@ import (
 )
 
 const (
+	// GaleraCertPrefix is the prefix used for Galera cluster certificates
 	GaleraCertPrefix = "galera"
 )
 
@@ -23,7 +24,7 @@ func getGaleraVolumes(g *mariadbv1.Galera) []corev1.Volume {
 	}
 
 	if g.Spec.TLS.Enabled() {
-		if g.Spec.TLS.Ca.CaBundleSecretName != "" {
+		if g.Spec.TLS.CaBundleSecretName != "" {
 			configTemplates = append(configTemplates, corev1.KeyToPath{
 				Key:  "galera_tls.cnf.in",
 				Path: "galera_tls.cnf.in",
@@ -125,15 +126,15 @@ func getGaleraVolumes(g *mariadbv1.Galera) []corev1.Volume {
 
 	if g.Spec.TLS.Enabled() {
 		svc := tls.Service{
-			SecretName: *g.Spec.TLS.GenericService.SecretName,
+			SecretName: *g.Spec.TLS.SecretName,
 			CertMount:  nil,
 			KeyMount:   nil,
 			CaMount:    nil,
 		}
 		serviceVolume := svc.CreateVolume(GaleraCertPrefix)
 		volumes = append(volumes, serviceVolume)
-		if g.Spec.TLS.Ca.CaBundleSecretName != "" {
-			caVolume := g.Spec.TLS.Ca.CreateVolume()
+		if g.Spec.TLS.CaBundleSecretName != "" {
+			caVolume := g.Spec.TLS.CreateVolume()
 			volumes = append(volumes, caVolume)
 		}
 	}
@@ -175,15 +176,15 @@ func getGaleraVolumeMounts(g *mariadbv1.Galera) []corev1.VolumeMount {
 
 	if g.Spec.TLS.Enabled() {
 		svc := tls.Service{
-			SecretName: *g.Spec.TLS.GenericService.SecretName,
+			SecretName: *g.Spec.TLS.SecretName,
 			CertMount:  nil,
 			KeyMount:   nil,
 			CaMount:    nil,
 		}
 		serviceVolumeMounts := svc.CreateVolumeMounts(GaleraCertPrefix)
 		volumeMounts = append(volumeMounts, serviceVolumeMounts...)
-		if g.Spec.TLS.Ca.CaBundleSecretName != "" {
-			caVolumeMounts := g.Spec.TLS.Ca.CreateVolumeMounts(nil)
+		if g.Spec.TLS.CaBundleSecretName != "" {
+			caVolumeMounts := g.Spec.TLS.CreateVolumeMounts(nil)
 			volumeMounts = append(volumeMounts, caVolumeMounts...)
 		}
 	}