Fix linter issues

Author: fischerman

cmd/application-load-balancer-controller-manager/main.go

@@ -41,7 +41,6 @@ import (
 
 	"github.com/stackitcloud/cloud-provider-stackit/pkg/alb/ingress"
 	"github.com/stackitcloud/cloud-provider-stackit/pkg/stackit"
-	albclient "github.com/stackitcloud/cloud-provider-stackit/pkg/stackit"
 	albsdk "github.com/stackitcloud/stackit-sdk-go/services/alb/v2api"
 	certsdk "github.com/stackitcloud/stackit-sdk-go/services/certificates/v2api"
 	// +kubebuilder:scaffold:imports
@@ -58,7 +57,7 @@ func init() {
 	// +kubebuilder:scaffold:scheme
 }
 
-// nolint:gocyclo
+// nolint:gocyclo,funlen // TODO: Refactor into smaller functions.
 func main() {
 	var metricsAddr string
 	var metricsCertPath, metricsCertName, metricsCertKey string
@@ -120,7 +119,7 @@ func main() {
 	// Initial webhook TLS options
 	webhookTLSOpts := tlsOpts
 
-	if len(webhookCertPath) > 0 {
+	if webhookCertPath != "" {
 		setupLog.Info("Initializing webhook certificate watcher using provided certificates",
 			"webhook-cert-path", webhookCertPath, "webhook-cert-name", webhookCertName, "webhook-cert-key", webhookCertKey)
 
@@ -169,7 +168,7 @@ func main() {
 	// - [METRICS-WITH-CERTS] at config/default/kustomization.yaml to generate and use certificates
 	// managed by cert-manager for the metrics server.
 	// - [PROMETHEUS-WITH-CERTS] at config/prometheus/kustomization.yaml for TLS certification.
-	if len(metricsCertPath) > 0 {
+	if metricsCertPath != "" {
 		setupLog.Info("Initializing metrics certificate watcher using provided certificates",
 			"metrics-cert-path", metricsCertPath, "metrics-cert-name", metricsCertName, "metrics-cert-key", metricsCertKey)
 
@@ -252,7 +251,7 @@ func main() {
 	}
 	// Create an ALB client
 	fmt.Printf("Create ALB client\n")
-	albClient, err := albclient.NewApplicationLoadBalancerClient(sdkClient)
+	albClient, err := stackit.NewApplicationLoadBalancerClient(sdkClient)
 	if err != nil {
 		setupLog.Error(err, "unable to create ALB client", "controller", "IngressClass")
 		os.Exit(1)

pkg/alb/ingress/alb_spec.go

@@ -11,7 +11,7 @@ import (
 	"strconv"
 	"strings"
 
-	v1 "k8s.io/api/core/v1"
+	corev1 "k8s.io/api/core/v1"
 	networkingv1 "k8s.io/api/networking/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/utils/ptr"
@@ -64,13 +64,13 @@ type ruleMetadata struct {
 // It merges and sorts all routing rules across the ingresses based on host, priority, path specificity, path type, and ingress origin.
 // The resulting ALB payload includes targets derived from cluster nodes, target pools per backend service, HTTP(S) listeners,
 // and optional TLS certificate bindings. This spec is later used to create or update the actual ALB instance.
-func (r *IngressClassReconciler) albSpecFromIngress(
+func (r *IngressClassReconciler) albSpecFromIngress( //nolint:funlen,gocyclo // We go through a lot of fields. Not much complexity.
 	ctx context.Context,
 	ingresses []*networkingv1.Ingress,
 	ingressClass *networkingv1.IngressClass,
 	networkID *string,
-	nodes []v1.Node,
-	services map[string]v1.Service,
+	nodes []corev1.Node,
+	services map[string]corev1.Service,
 ) (*albsdk.CreateLoadBalancerPayload, error) {
 	targetPools := []albsdk.TargetPool{}
 	targetPoolSeen := map[string]bool{}
@@ -89,10 +89,11 @@ func (r *IngressClassReconciler) albSpecFromIngress(
 
 	// Create targets for each node in the cluster
 	targets := []albsdk.Target{}
-	for _, node := range nodes {
+	for i := range nodes {
+		node := nodes[i]
 		for j := range node.Status.Addresses {
 			address := node.Status.Addresses[j]
-			if address.Type == v1.NodeInternalIP {
+			if address.Type == corev1.NodeInternalIP {
 				targets = append(targets, albsdk.Target{
 					DisplayName: &node.Name,
 					Ip:          &address.Address,
@@ -142,6 +143,7 @@ func (r *IngressClassReconciler) albSpecFromIngress(
 		certificateIDs, err := r.loadCerts(ctx, ingressClass, ingress)
 		if err != nil {
 			log.Printf("failed to load tls certificates: %v", err)
+			//nolint:gocritic // TODO: Rework error handling.
 			// return nil, fmt.Errorf("failed to load tls certificates: %w", err)
 		}
 		allCertificateIDs = append(allCertificateIDs, certificateIDs...)
@@ -241,7 +243,7 @@ func (r *IngressClassReconciler) albSpecFromIngress(
 	}
 
 	// Set the IP address of the ALB
-	err := setIpAddresses(ingressClass, alb)
+	err := setIPAddresses(ingressClass, alb)
 	if err != nil {
 		return nil, fmt.Errorf("failed to set IP address: %w", err)
 	}
@@ -262,19 +264,19 @@ func (r *IngressClassReconciler) loadCerts(
 	certificateIDs := []string{}
 
 	for _, tls := range ingress.Spec.TLS {
-		if len(tls.SecretName) == 0 {
+		if tls.SecretName != "" {
 			continue
 		}
 
-		secret := &v1.Secret{}
+		secret := &corev1.Secret{}
 		if err := r.Client.Get(ctx, types.NamespacedName{Namespace: ingress.Namespace, Name: tls.SecretName}, secret); err != nil {
 			return nil, fmt.Errorf("failed to get TLS secret: %w", err)
 		}
 
 		// The tls.crt should contain both the leaf certificate and the intermediate CA certificates.
 		// If it contains only the leaf certificate, the ACME challenge likely hasn't finished.
 		// Therefore the incomplete certificate shouldn't be loaded as the updates upon them are impossible.
-		complete, err := isCertValid(*secret)
+		complete, err := isCertValid(secret)
 		if err != nil {
 			return nil, fmt.Errorf("failed to validate certificate: %w", err)
 		}
@@ -306,17 +308,18 @@ func (r *IngressClassReconciler) cleanupCerts(ctx context.Context, ingressClass
 	usedSecrets := map[string]bool{}
 	for _, ingress := range ingresses {
 		for _, tls := range ingress.Spec.TLS {
-			if tls.SecretName != "" {
-				// Retrieve the TLS Secret
-				tlsSecret := &v1.Secret{}
-				err := r.Client.Get(ctx, types.NamespacedName{Namespace: ingress.Namespace, Name: tls.SecretName}, tlsSecret)
-				if err != nil {
-					log.Printf("failed to get TLS secret %s: %v", tls.SecretName, err)
-					continue
-				}
-				certName := getCertName(ingressClass, ingress, tlsSecret)
-				usedSecrets[certName] = true
+			if tls.SecretName == "" {
+				continue
+			}
+			// Retrieve the TLS Secret
+			tlsSecret := &corev1.Secret{}
+			err := r.Client.Get(ctx, types.NamespacedName{Namespace: ingress.Namespace, Name: tls.SecretName}, tlsSecret)
+			if err != nil {
+				log.Printf("failed to get TLS secret %s: %v", tls.SecretName, err)
+				continue
 			}
+			certName := getCertName(ingressClass, ingress, tlsSecret)
+			usedSecrets[certName] = true
 		}
 	}
 
@@ -350,7 +353,7 @@ func (r *IngressClassReconciler) cleanupCerts(ctx context.Context, ingressClass
 
 // isCertValid checks if the certificate chain is complete. It is used for checking if
 // the cert-manager's ACME challenge is completed, or if it's sill ongoing.
-func isCertValid(secret v1.Secret) (bool, error) {
+func isCertValid(secret *corev1.Secret) (bool, error) {
 	tlsCert := secret.Data["tls.crt"]
 	if tlsCert == nil {
 		return false, fmt.Errorf("tls.crt not found in secret")
@@ -406,13 +409,13 @@ func addTargetPool(
 	}
 	*targetPools = append(*targetPools, albsdk.TargetPool{
 		Name:       ptr.To(targetPoolName),
-		TargetPort: ptr.To(int32(nodePort)),
+		TargetPort: ptr.To(nodePort),
 		TlsConfig:  tlsConfig,
 		Targets:    targets,
 	})
 }
 
-func setIpAddresses(ingressClass *networkingv1.IngressClass, alb *albsdk.CreateLoadBalancerPayload) error {
+func setIPAddresses(ingressClass *networkingv1.IngressClass, alb *albsdk.CreateLoadBalancerPayload) error {
 	isInternalIP, found := ingressClass.Annotations[internalIPAnnotation]
 	if found && isInternalIP == "true" {
 		alb.Options = &albsdk.LoadBalancerOptions{
@@ -447,7 +450,7 @@ func validateIPAddress(ipAddr string) error {
 }
 
 // getNodePort gets the NodePort of the Service
-func getNodePort(services map[string]v1.Service, path networkingv1.HTTPIngressPath) (int32, error) {
+func getNodePort(services map[string]corev1.Service, path networkingv1.HTTPIngressPath) (int32, error) {
 	service, found := services[path.Backend.Service.Name]
 	if !found {
 		return 0, fmt.Errorf("service not found: %s", path.Backend.Service.Name)

pkg/alb/ingress/alb_spec_test.go

@@ -7,7 +7,7 @@ import (
 	"github.com/google/go-cmp/cmp"
 	"google.golang.org/protobuf/testing/protocmp"
 
-	v1 "k8s.io/api/core/v1"
+	corev1 "k8s.io/api/core/v1"
 	networkingv1 "k8s.io/api/networking/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/utils/ptr"
@@ -79,11 +79,11 @@ func fixtureIngressWithParams(name, namespace string, annotations map[string]str
 	}
 }
 
-func fixtureServiceWithParams(port, nodePort int32) *v1.Service {
-	return &v1.Service{
+func fixtureServiceWithParams(port, nodePort int32) *corev1.Service { //nolint:unparam // We might need it later.
+	return &corev1.Service{
 		ObjectMeta: metav1.ObjectMeta{Name: testServiceName},
-		Spec: v1.ServiceSpec{
-			Ports: []v1.ServicePort{
+		Spec: corev1.ServiceSpec{
+			Ports: []corev1.ServicePort{
 				{
 					Port:     port,
 					NodePort: nodePort,
@@ -93,11 +93,11 @@ func fixtureServiceWithParams(port, nodePort int32) *v1.Service {
 	}
 }
 
-func fixtureNode(mods ...func(*v1.Node)) *v1.Node {
-	node := &v1.Node{
+func fixtureNode(mods ...func(*corev1.Node)) *corev1.Node {
+	node := &corev1.Node{
 		ObjectMeta: metav1.ObjectMeta{Name: testNodeName},
-		Status: v1.NodeStatus{
-			Addresses: []v1.NodeAddress{{Type: v1.NodeInternalIP, Address: testNodeIP}},
+		Status: corev1.NodeStatus{
+			Addresses: []corev1.NodeAddress{{Type: corev1.NodeInternalIP, Address: testNodeIP}},
 		},
 	}
 	for _, mod := range mods {
@@ -187,23 +187,24 @@ func fixtureAlbPayload(mods ...func(*albsdk.CreateLoadBalancerPayload)) *albsdk.
 	return payload
 }
 
+//nolint:funlen // Just many test cases.
 func Test_albSpecFromIngress(t *testing.T) {
 	r := &IngressClassReconciler{}
-	nodes := []v1.Node{*fixtureNode()}
+	nodes := []corev1.Node{*fixtureNode()}
 
 	tests := []struct {
 		name         string
 		ingresses    []*networkingv1.Ingress
 		ingressClass *networkingv1.IngressClass
-		services     map[string]v1.Service
+		services     map[string]corev1.Service
 		want         *albsdk.CreateLoadBalancerPayload
 		wantErr      bool
 	}{
 		{
 			name:         "valid ingress with HTTP listener",
 			ingresses:    []*networkingv1.Ingress{fixtureIngress()},
 			ingressClass: fixtureIngressClass(),
-			services:     map[string]v1.Service{testServiceName: *fixtureServiceWithParams(testServicePort, testNodePort)},
+			services:     map[string]corev1.Service{testServiceName: *fixtureServiceWithParams(testServicePort, testNodePort)},
 			want:         fixtureAlbPayload(),
 		},
 		{
@@ -214,7 +215,7 @@ func Test_albSpecFromIngress(t *testing.T) {
 					ing.Annotations = map[string]string{externalIPAnnotation: "2.2.2.2"}
 				},
 			),
-			services: map[string]v1.Service{testServiceName: *fixtureServiceWithParams(testServicePort, testNodePort)},
+			services: map[string]corev1.Service{testServiceName: *fixtureServiceWithParams(testServicePort, testNodePort)},
 			want: fixtureAlbPayload(func(payload *albsdk.CreateLoadBalancerPayload) {
 				payload.ExternalAddress = ptr.To("2.2.2.2")
 				payload.Options = &albsdk.LoadBalancerOptions{EphemeralAddress: nil}
@@ -228,7 +229,7 @@ func Test_albSpecFromIngress(t *testing.T) {
 					ing.Annotations = map[string]string{internalIPAnnotation: "true"}
 				},
 			),
-			services: map[string]v1.Service{testServiceName: *fixtureServiceWithParams(testServicePort, testNodePort)},
+			services: map[string]corev1.Service{testServiceName: *fixtureServiceWithParams(testServicePort, testNodePort)},
 			want: fixtureAlbPayload(func(payload *albsdk.CreateLoadBalancerPayload) {
 				payload.Options = &albsdk.LoadBalancerOptions{PrivateNetworkOnly: ptr.To(true)}
 			}),
@@ -242,7 +243,7 @@ func Test_albSpecFromIngress(t *testing.T) {
 					ingressRule("a-host.com", ingressPrefixPath("/a", "svc2")),
 				),
 			},
-			services: map[string]v1.Service{
+			services: map[string]corev1.Service{
 				"svc1": *fixtureServiceWithParams(testServicePort, 30001),
 				"svc2": *fixtureServiceWithParams(testServicePort, 30002),
 			},
@@ -278,7 +279,7 @@ func Test_albSpecFromIngress(t *testing.T) {
 					ingressRule("host.com", ingressPrefixPath("/x", "svc2")),
 				),
 			},
-			services: map[string]v1.Service{
+			services: map[string]corev1.Service{
 				"svc1": *fixtureServiceWithParams(testServicePort, 30003),
 				"svc2": *fixtureServiceWithParams(testServicePort, 30004),
 			},
@@ -305,7 +306,7 @@ func Test_albSpecFromIngress(t *testing.T) {
 					),
 				),
 			},
-			services: map[string]v1.Service{
+			services: map[string]corev1.Service{
 				"svc1": *fixtureServiceWithParams(testServicePort, 30005),
 				"svc2": *fixtureServiceWithParams(testServicePort, 30006),
 			},
@@ -332,7 +333,7 @@ func Test_albSpecFromIngress(t *testing.T) {
 					),
 				),
 			},
-			services: map[string]v1.Service{
+			services: map[string]corev1.Service{
 				"svc-exact":  *fixtureServiceWithParams(testServicePort, 30100),
 				"svc-prefix": *fixtureServiceWithParams(testServicePort, 30101),
 			},
@@ -359,7 +360,7 @@ func Test_albSpecFromIngress(t *testing.T) {
 					ingressRule("host.com", ingressPrefixPath("/x", "svc2")),
 				),
 			},
-			services: map[string]v1.Service{
+			services: map[string]corev1.Service{
 				"svc1": *fixtureServiceWithParams(testServicePort, 30007),
 				"svc2": *fixtureServiceWithParams(testServicePort, 30008),
 			},
@@ -386,7 +387,7 @@ func Test_albSpecFromIngress(t *testing.T) {
 					ingressRule("host.com", ingressPrefixPath("/x", "svc2")),
 				),
 			},
-			services: map[string]v1.Service{
+			services: map[string]corev1.Service{
 				"svc1": *fixtureServiceWithParams(testServicePort, 30009),
 				"svc2": *fixtureServiceWithParams(testServicePort, 30010),
 			},

pkg/alb/ingress/controller_test.go

@@ -7,7 +7,7 @@ import (
 	. "github.com/onsi/gomega"
 	corev1 "k8s.io/api/core/v1"
 	networkingv1 "k8s.io/api/networking/v1"
-	k8serrors "k8s.io/apimachinery/pkg/api/errors"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/kubernetes/scheme"
 	"k8s.io/utils/ptr"
@@ -135,7 +135,7 @@ var _ = Describe("IngressClassReconciler", func() {
 		AfterEach(func() {
 			var ic networkingv1.IngressClass
 			err := k8sClient.Get(ctx, client.ObjectKeyFromObject(ingressClass), &ic)
-			if k8serrors.IsNotFound(err) {
+			if apierrors.IsNotFound(err) {
 				// nothing to clean up, it’s already deleted
 				return
 			}
@@ -148,12 +148,12 @@ var _ = Describe("IngressClassReconciler", func() {
 
 			// delete the patched object (ic), not the old ingressClass pointer
 			err = k8sClient.Delete(ctx, &ic)
-			if err != nil && !k8serrors.IsNotFound(err) {
+			if err != nil && !apierrors.IsNotFound(err) {
 				Expect(err).NotTo(HaveOccurred())
 			}
 
 			Eventually(func() bool {
-				return k8serrors.IsNotFound(
+				return apierrors.IsNotFound(
 					k8sClient.Get(ctx, client.ObjectKeyFromObject(ingressClass), &networkingv1.IngressClass{}),
 				)
 			}).Should(BeTrue(), "IngressClass should be fully deleted")
@@ -183,7 +183,7 @@ var _ = Describe("IngressClassReconciler", func() {
 					Eventually(func(g Gomega) {
 						var ic networkingv1.IngressClass
 						err := k8sClient.Get(ctx, client.ObjectKeyFromObject(ingressClass), &ic)
-						if k8serrors.IsNotFound(err) {
+						if apierrors.IsNotFound(err) {
 							// IngressClass is gone — controller must have removed the finalizer
 							return
 						}