diff --git a/.golangci.yml b/.golangci.yml index 31201b94..e09696b5 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -5,8 +5,11 @@ run: linters: enable: - wsl_v5 + - gomodguard_v2 default: all disable: + - wsl + - gomodguard - revive - noinlineerr - depguard @@ -39,6 +42,9 @@ linters: gocognit: min-complexity: 50 goconst: + ignore-string-values: + - "status" + - "path" min-len: 2 min-occurrences: 2 inamedparam: diff --git a/Makefile b/Makefile index 411e0f4f..e01f9617 100644 --- a/Makefile +++ b/Makefile @@ -364,7 +364,7 @@ nwa: $(call go-install-tool,$(NWA),github.com/$(NWA_LOOKUP)@$(NWA_VERSION)) GOLANGCI_LINT := $(LOCALBIN)/golangci-lint -GOLANGCI_LINT_VERSION := v2.11.4 +GOLANGCI_LINT_VERSION := v2.12.1 GOLANGCI_LINT_LOOKUP := golangci/golangci-lint golangci-lint: ## Download golangci-lint locally if necessary. @test -s $(GOLANGCI_LINT) && $(GOLANGCI_LINT) -h | grep -q $(GOLANGCI_LINT_VERSION) || \ diff --git a/internal/authorization/middleware.go b/internal/authorization/middleware.go index a075ec55..b105b401 100644 --- a/internal/authorization/middleware.go +++ b/internal/authorization/middleware.go @@ -10,6 +10,7 @@ import ( "github.com/projectcapsule/capsule-proxy/internal/modules/clusterscoped" "github.com/projectcapsule/capsule-proxy/internal/tenant" + "github.com/projectcapsule/capsule-proxy/internal/types" ) func MutateAuthorization(proxyClusterScoped bool, proxyTenants []*tenant.ProxyTenant, obj *runtime.Object, gvk schema.GroupVersionKind) error { @@ -17,7 +18,7 @@ func MutateAuthorization(proxyClusterScoped bool, proxyTenants []*tenant.ProxyTe case "SelfSubjectAccessReview": //nolint:forcetypeassert accessReview := (*obj).(*authorizationv1.SelfSubjectAccessReview) - if accessReview.Spec.ResourceAttributes.Resource == "namespaces" && accessReview.Spec.ResourceAttributes.Verb == "list" { + if accessReview.Spec.ResourceAttributes.Resource == types.Namespaces && accessReview.Spec.ResourceAttributes.Verb == types.ListVerb { accessReview.Status.Allowed = true } @@ -57,8 +58,8 @@ func MutateAuthorization(proxyClusterScoped bool, proxyTenants []*tenant.ProxyTe resourceRules = append(resourceRules, authorizationv1.ResourceRule{ APIGroups: []string{""}, - Resources: []string{"namespaces"}, - Verbs: []string{"list"}, + Resources: []string{types.Namespaces}, + Verbs: []string{types.ListVerb}, }) src := authorizationv1.SelfSubjectRulesReview{ Status: authorizationv1.SubjectRulesReviewStatus{ diff --git a/internal/modules/errors/bad_request.go b/internal/modules/errors/bad_request.go index 9239cda0..a94629cc 100644 --- a/internal/modules/errors/bad_request.go +++ b/internal/modules/errors/bad_request.go @@ -8,6 +8,8 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime/schema" + + "github.com/projectcapsule/capsule-proxy/internal/types" ) //nolint:errname @@ -33,8 +35,8 @@ func (b badRequest) Error() string { func (b badRequest) Status() *metav1.Status { return &metav1.Status{ TypeMeta: metav1.TypeMeta{ - Kind: "Status", - APIVersion: "v1", + Kind: types.StatusKind, + APIVersion: types.V1, }, Reason: metav1.StatusReasonBadRequest, Message: b.message, diff --git a/internal/modules/errors/not_found.go b/internal/modules/errors/not_found.go index 43862ae9..99c341b7 100644 --- a/internal/modules/errors/not_found.go +++ b/internal/modules/errors/not_found.go @@ -9,6 +9,8 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime/schema" + + "github.com/projectcapsule/capsule-proxy/internal/types" ) type notFoundError struct { @@ -36,8 +38,8 @@ func (e notFoundError) Error() string { func (e notFoundError) Status() *metav1.Status { return &metav1.Status{ TypeMeta: metav1.TypeMeta{ - Kind: "Status", - APIVersion: "v1", + Kind: types.StatusKind, + APIVersion: types.V1, }, Reason: metav1.StatusReasonNotFound, Message: e.message, diff --git a/internal/modules/ingressclass/get.go b/internal/modules/ingressclass/get.go index af61d3d9..fa0bd352 100644 --- a/internal/modules/ingressclass/get.go +++ b/internal/modules/ingressclass/get.go @@ -20,6 +20,7 @@ import ( "github.com/projectcapsule/capsule-proxy/internal/modules/utils" "github.com/projectcapsule/capsule-proxy/internal/request" "github.com/projectcapsule/capsule-proxy/internal/tenant" + "github.com/projectcapsule/capsule-proxy/internal/types" ) type get struct { @@ -35,7 +36,7 @@ func Get(client client.Reader) modules.Module { gk: schema.GroupVersionKind{ Group: networkingv1.GroupName, Version: "*", - Kind: "ingressclasses", + Kind: types.Ingressclasses, }, } } diff --git a/internal/modules/metric/get.go b/internal/modules/metric/get.go index 41c749e3..68082111 100644 --- a/internal/modules/metric/get.go +++ b/internal/modules/metric/get.go @@ -19,6 +19,7 @@ import ( "github.com/projectcapsule/capsule-proxy/internal/modules/utils" "github.com/projectcapsule/capsule-proxy/internal/request" "github.com/projectcapsule/capsule-proxy/internal/tenant" + "github.com/projectcapsule/capsule-proxy/internal/types" ) type get struct { @@ -32,9 +33,9 @@ func Get(client client.Reader) modules.Module { client: client, log: ctrl.Log.WithName("metric_get"), gk: schema.GroupVersionKind{ - Group: "metrics.k8s.io", + Group: types.MetricsGroup, Version: "*", - Kind: "nodes", + Kind: types.Nodes, }, } } diff --git a/internal/modules/namespace/get.go b/internal/modules/namespace/get.go index bf28e5a2..88fd3a12 100644 --- a/internal/modules/namespace/get.go +++ b/internal/modules/namespace/get.go @@ -23,6 +23,7 @@ import ( "github.com/projectcapsule/capsule-proxy/internal/modules/errors" "github.com/projectcapsule/capsule-proxy/internal/request" "github.com/projectcapsule/capsule-proxy/internal/tenant" + ctypes "github.com/projectcapsule/capsule-proxy/internal/types" ) type get struct { @@ -44,7 +45,7 @@ func Get(roleBindingsReflector *controllers.RoleBindingReflector, client client. gk: schema.GroupVersionKind{ Group: corev1.GroupName, Version: "*", - Kind: "namespaces", + Kind: ctypes.Namespaces, }, } } diff --git a/internal/modules/namespace/list.go b/internal/modules/namespace/list.go index 2a14e751..a1a293fa 100644 --- a/internal/modules/namespace/list.go +++ b/internal/modules/namespace/list.go @@ -18,6 +18,7 @@ import ( "github.com/projectcapsule/capsule-proxy/internal/modules/errors" "github.com/projectcapsule/capsule-proxy/internal/request" "github.com/projectcapsule/capsule-proxy/internal/tenant" + "github.com/projectcapsule/capsule-proxy/internal/types" ) type list struct { @@ -33,7 +34,7 @@ func List(roleBindingsReflector *controllers.RoleBindingReflector) modules.Modul gk: schema.GroupVersionKind{ Group: corev1.GroupName, Version: "*", - Kind: "namespaces", + Kind: types.Namespaces, }, } } diff --git a/internal/modules/node/list.go b/internal/modules/node/list.go index 5224acbe..956d68b7 100644 --- a/internal/modules/node/list.go +++ b/internal/modules/node/list.go @@ -17,6 +17,7 @@ import ( "github.com/projectcapsule/capsule-proxy/internal/modules/utils" "github.com/projectcapsule/capsule-proxy/internal/request" "github.com/projectcapsule/capsule-proxy/internal/tenant" + "github.com/projectcapsule/capsule-proxy/internal/types" ) type list struct { @@ -32,7 +33,7 @@ func List(client client.Reader) modules.Module { gk: schema.GroupVersionKind{ Group: corev1.GroupName, Version: "*", - Kind: "nodes", + Kind: types.Nodes, }, } } diff --git a/internal/modules/persistentvolume/get.go b/internal/modules/persistentvolume/get.go index a1970791..99f62148 100644 --- a/internal/modules/persistentvolume/get.go +++ b/internal/modules/persistentvolume/get.go @@ -17,6 +17,7 @@ import ( "github.com/projectcapsule/capsule-proxy/internal/modules/utils" "github.com/projectcapsule/capsule-proxy/internal/request" "github.com/projectcapsule/capsule-proxy/internal/tenant" + "github.com/projectcapsule/capsule-proxy/internal/types" ) type get struct { @@ -36,7 +37,7 @@ func Get(client client.Reader) modules.Module { gk: schema.GroupVersionKind{ Group: corev1.GroupName, Version: "*", - Kind: "persistentvolumes", + Kind: types.PersistentVolumes, }, } } diff --git a/internal/modules/persistentvolume/list.go b/internal/modules/persistentvolume/list.go index 036426c5..31782b26 100644 --- a/internal/modules/persistentvolume/list.go +++ b/internal/modules/persistentvolume/list.go @@ -17,6 +17,7 @@ import ( "github.com/projectcapsule/capsule-proxy/internal/modules/utils" "github.com/projectcapsule/capsule-proxy/internal/request" "github.com/projectcapsule/capsule-proxy/internal/tenant" + "github.com/projectcapsule/capsule-proxy/internal/types" ) type list struct { @@ -36,7 +37,7 @@ func List(client client.Reader) modules.Module { gk: schema.GroupVersionKind{ Group: corev1.GroupName, Version: "*", - Kind: "persistentvolumes", + Kind: types.PersistentVolumes, }, } } diff --git a/internal/modules/priorityclass/get.go b/internal/modules/priorityclass/get.go index d750a9c3..b6ba6ca6 100644 --- a/internal/modules/priorityclass/get.go +++ b/internal/modules/priorityclass/get.go @@ -20,6 +20,7 @@ import ( "github.com/projectcapsule/capsule-proxy/internal/modules/utils" "github.com/projectcapsule/capsule-proxy/internal/request" "github.com/projectcapsule/capsule-proxy/internal/tenant" + "github.com/projectcapsule/capsule-proxy/internal/types" ) type get struct { @@ -35,7 +36,7 @@ func Get(client client.Reader) modules.Module { gk: schema.GroupVersionKind{ Group: schedulingv1.GroupName, Version: "*", - Kind: "priorityclasses", + Kind: types.PriorityClasses, }, } } diff --git a/internal/modules/priorityclass/list.go b/internal/modules/priorityclass/list.go index 491c383a..50a51bf5 100644 --- a/internal/modules/priorityclass/list.go +++ b/internal/modules/priorityclass/list.go @@ -17,6 +17,7 @@ import ( "github.com/projectcapsule/capsule-proxy/internal/modules/utils" "github.com/projectcapsule/capsule-proxy/internal/request" "github.com/projectcapsule/capsule-proxy/internal/tenant" + "github.com/projectcapsule/capsule-proxy/internal/types" ) type list struct { @@ -32,7 +33,7 @@ func List(client client.Reader) modules.Module { gk: schema.GroupVersionKind{ Group: schedulingv1.GroupName, Version: "*", - Kind: "priorityclasses", + Kind: types.PriorityClasses, }, } } diff --git a/internal/modules/runtimeclass/get.go b/internal/modules/runtimeclass/get.go index 20688940..f9e13504 100644 --- a/internal/modules/runtimeclass/get.go +++ b/internal/modules/runtimeclass/get.go @@ -17,6 +17,7 @@ import ( "github.com/projectcapsule/capsule-proxy/internal/modules/utils" "github.com/projectcapsule/capsule-proxy/internal/request" "github.com/projectcapsule/capsule-proxy/internal/tenant" + "github.com/projectcapsule/capsule-proxy/internal/types" ) type get struct { @@ -32,7 +33,7 @@ func Get(client client.Reader) modules.Module { gk: schema.GroupVersionKind{ Group: nodev1.GroupName, Version: "*", - Kind: "runtimeclasses", + Kind: types.RuntimeClasses, }, } } diff --git a/internal/modules/runtimeclass/list.go b/internal/modules/runtimeclass/list.go index ba2cd591..37248af7 100644 --- a/internal/modules/runtimeclass/list.go +++ b/internal/modules/runtimeclass/list.go @@ -17,6 +17,7 @@ import ( "github.com/projectcapsule/capsule-proxy/internal/modules/utils" "github.com/projectcapsule/capsule-proxy/internal/request" "github.com/projectcapsule/capsule-proxy/internal/tenant" + "github.com/projectcapsule/capsule-proxy/internal/types" ) type list struct { @@ -32,7 +33,7 @@ func List(client client.Reader) modules.Module { gk: schema.GroupVersionKind{ Group: nodev1.GroupName, Version: "*", - Kind: "runtimeclasses", + Kind: types.RuntimeClasses, }, } } diff --git a/internal/modules/storageclass/get.go b/internal/modules/storageclass/get.go index 00faa280..15f52945 100644 --- a/internal/modules/storageclass/get.go +++ b/internal/modules/storageclass/get.go @@ -20,6 +20,7 @@ import ( "github.com/projectcapsule/capsule-proxy/internal/modules/utils" "github.com/projectcapsule/capsule-proxy/internal/request" "github.com/projectcapsule/capsule-proxy/internal/tenant" + "github.com/projectcapsule/capsule-proxy/internal/types" ) type get struct { @@ -35,7 +36,7 @@ func Get(client client.Reader) modules.Module { gk: schema.GroupVersionKind{ Group: storagev1.GroupName, Version: "*", - Kind: "storageclasses", + Kind: types.StorageClasses, }, } } diff --git a/internal/modules/tenants/get.go b/internal/modules/tenants/get.go index 92b64af6..75884142 100644 --- a/internal/modules/tenants/get.go +++ b/internal/modules/tenants/get.go @@ -19,6 +19,7 @@ import ( "github.com/projectcapsule/capsule-proxy/internal/modules/errors" "github.com/projectcapsule/capsule-proxy/internal/request" "github.com/projectcapsule/capsule-proxy/internal/tenant" + "github.com/projectcapsule/capsule-proxy/internal/types" ) type get struct { @@ -36,9 +37,9 @@ func Get(client client.Reader) modules.Module { client: client, log: ctrl.Log.WithName("tenant_get"), gk: schema.GroupVersionKind{ - Group: "capsule.clastix.io", + Group: types.CapsuleGroup, Version: "*", - Kind: "tenants", + Kind: types.Tenants, }, } } diff --git a/internal/modules/tenants/list.go b/internal/modules/tenants/list.go index d1cf4eff..9ef1af6a 100644 --- a/internal/modules/tenants/list.go +++ b/internal/modules/tenants/list.go @@ -16,6 +16,7 @@ import ( "github.com/projectcapsule/capsule-proxy/internal/modules/errors" "github.com/projectcapsule/capsule-proxy/internal/request" "github.com/projectcapsule/capsule-proxy/internal/tenant" + "github.com/projectcapsule/capsule-proxy/internal/types" ) type list struct { @@ -27,9 +28,9 @@ func List() modules.Module { return &list{ log: ctrl.Log.WithName("tenant_list"), gk: schema.GroupVersionKind{ - Group: "capsule.clastix.io", + Group: types.CapsuleGroup, Version: "*", - Kind: "tenants", + Kind: types.Tenants, }, } } diff --git a/internal/request/http.go b/internal/request/http.go index 1037209d..b2464273 100644 --- a/internal/request/http.go +++ b/internal/request/http.go @@ -16,6 +16,8 @@ import ( "k8s.io/apiserver/pkg/authentication/serviceaccount" "k8s.io/apiserver/pkg/authentication/user" "sigs.k8s.io/controller-runtime/pkg/client" + + "github.com/projectcapsule/capsule-proxy/internal/types" ) var websocketBearerTokenRegexp = regexp.MustCompile(`base64url\.bearer\.authorization\.k8s\.io\.([^,]*)`) //nolint:gochecknoglobals @@ -127,7 +129,7 @@ func (h http) GetUserAndGroups() (username string, groups []string, err error) { ac := &authorizationv1.SubjectAccessReview{ Spec: authorizationv1.SubjectAccessReviewSpec{ ResourceAttributes: &authorizationv1.ResourceAttributes{ - Verb: "impersonate", + Verb: types.ImprisonateVerb, Resource: "groups", Name: impersonateGroup, }, diff --git a/internal/types/constnats.go b/internal/types/constnats.go new file mode 100644 index 00000000..c79784c4 --- /dev/null +++ b/internal/types/constnats.go @@ -0,0 +1,18 @@ +package types + +const ( + V1 string = "v1" + StatusKind string = "Status" + ListVerb string = "List" + Namespaces string = "namespaces" + ImprisonateVerb string = "impersonate" + Ingressclasses string = "ingressclasses" + MetricsGroup string = "metrics.k8s.io" + CapsuleGroup string = "capsule.clastix.io" + Nodes string = "nodes" + PersistentVolumes string = "persistentvolumes" + PriorityClasses string = "priorityclasses" + RuntimeClasses string = "runtimeclasses" + StorageClasses string = "storageclasses" + Tenants string = "tenants" +) diff --git a/internal/webserver/errors/panic.go b/internal/webserver/errors/panic.go index 0f2c7eb8..20f5c117 100644 --- a/internal/webserver/errors/panic.go +++ b/internal/webserver/errors/panic.go @@ -9,14 +9,16 @@ import ( "net/http" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + "github.com/projectcapsule/capsule-proxy/internal/types" ) func HandleUnauthorized(w http.ResponseWriter, err error, message string) { message = fmt.Sprintf("%s: %s", message, err.Error()) status := &metav1.Status{ TypeMeta: metav1.TypeMeta{ - Kind: "Status", - APIVersion: "v1", + Kind: types.StatusKind, + APIVersion: types.V1, }, Status: metav1.StatusFailure, Message: message,