From 9fcbfa1f2353014a13c28d6542742786d0c3560a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 17 Apr 2025 12:31:55 +0000 Subject: [PATCH 1/3] Bump golangci/golangci-lint-action from 6.1.1 to 7.0.0 Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 6.1.1 to 7.0.0. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/971e284b6050e8a5849b72094c50ab08da042db8...1481404843c368bc19ca9406f87d6e0fc97bdcfd) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/golangci-lint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index bf73ac6a2..c4d6f4fa3 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -15,6 +15,6 @@ jobs: - uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b with: go-version-file: ./go.mod - - uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 + - uses: golangci/golangci-lint-action@1481404843c368bc19ca9406f87d6e0fc97bdcfd with: version: latest From 920eaa28d080bc838ee08f0facfe0334bdd71aa1 Mon Sep 17 00:00:00 2001 From: Ziv Nevo Date: Thu, 17 Apr 2025 16:02:08 +0300 Subject: [PATCH 2/3] convert to golangci-lint v2 Signed-off-by: Ziv Nevo --- .golangci.yml | 187 +++++++++++++++++++++++++++----------------------- 1 file changed, 100 insertions(+), 87 deletions(-) diff --git a/.golangci.yml b/.golangci.yml index 595db8bf6..9e1c6f449 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -1,71 +1,6 @@ -linters-settings: - dupl: - threshold: 100 - funlen: - lines: 100 - statements: 50 - gci: - prefix: github.com/np-guard - goconst: - min-len: 2 - min-occurrences: 2 - gocritic: - enabled-tags: - - diagnostic - - experimental - - opinionated - - performance - - style - gocyclo: - min-complexity: 15 - goheader: - values: - const: - COMPANY: IBM Inc. - template: |- - Copyright 2023- {{ COMPANY }} All Rights Reserved. - - SPDX-License-Identifier: Apache-2.0 - goimports: - local-prefixes: github.com/np-guard - mnd: - # don't include the "operation" and "assign" - checks: argument,case,condition,return - ignored-numbers: 0,1,2,3 - ignored-functions: strings.SplitN - - govet: - shadow: true - lll: - line-length: 140 - misspell: - locale: US - nolintlint: - allow-leading-space: true # don't require machine-readable nolint directives (i.e. with no leading space) - allow-unused: false # report any unused nolint directives - require-explanation: false # don't require an explanation for nolint directives - require-specific: false # don't require nolint directives to be specific about which linter is being skipped - revive: - # see https://github.com/mgechev/revive#available-rules for details. - ignore-generated-header: true - severity: warning - rules: - - name: indent-error-flow - severity: warning - - name: add-constant - severity: warning - arguments: - - maxLitCount: "1" - allowStrs: '"",".","-","/","\n","\n\n","\t","error","true","false"' - allowInts: "0,1,2,404" - allowFloats: "0.0,0.,1.0,1.,2.0,2." - tagliatelle: - case: - rules: - json: snake - +version: "2" linters: - disable-all: true + default: none enable: - asasalint - asciicheck @@ -85,14 +20,10 @@ linters: - goconst - gocritic - gocyclo - - gofmt - goheader - - goimports - - mnd - gomoddirectives - goprintffuncname - gosec - - gosimple - govet - grouper - importas @@ -101,6 +32,7 @@ linters: - loggercheck - makezero - misspell + - mnd - nakedret - nilerr - noctx @@ -112,28 +44,109 @@ linters: - reassign - revive - staticcheck - - stylecheck - tagliatelle - testableexamples - - typecheck - unconvert - unparam - unused - usestdlibvars - usetesting - whitespace - -issues: - exclude-rules: - - path: _test\.go - linters: - - dupl - - revive - - goconst - - funlen - -run: - timeout: 5m + settings: + dupl: + threshold: 100 + funlen: + lines: 100 + statements: 50 + goconst: + min-len: 2 + min-occurrences: 2 + gocritic: + enabled-tags: + - diagnostic + - experimental + - opinionated + - performance + - style + gocyclo: + min-complexity: 15 + goheader: + values: + const: + COMPANY: IBM Inc. + template: |- + Copyright 2023- {{ COMPANY }} All Rights Reserved. -output: - print-issued-lines: false + SPDX-License-Identifier: Apache-2.0 + govet: + enable: + - shadow + lll: + line-length: 140 + misspell: + locale: US + mnd: + checks: + - argument + - case + - condition + - return + ignored-numbers: + - "0" + - "1" + - "2" + - "3" + ignored-functions: + - strings.SplitN + nolintlint: + require-explanation: false + require-specific: false + allow-unused: false + revive: + severity: warning + rules: + - name: indent-error-flow + severity: warning + - name: add-constant + arguments: + - allowFloats: 0.0,0.,1.0,1.,2.0,2. + allowInts: 0,1,2,404 + allowStrs: '"",".","-","/","\n","\n\n","\t","error","true","false"' + maxLitCount: "1" + severity: warning + tagliatelle: + case: + rules: + json: snake + exclusions: + generated: lax + presets: + - comments + - common-false-positives + - legacy + - std-error-handling + rules: + - linters: + - dupl + - funlen + - goconst + - revive + path: _test\.go + paths: + - third_party$ + - builtin$ + - examples$ +formatters: + enable: + - gofmt + - goimports + settings: + goimports: + local-prefixes: + - github.com/np-guard + exclusions: + generated: lax + paths: + - third_party$ + - builtin$ + - examples$ From 22c0c5ea8608730ec164725ad8210ae5dc70b615 Mon Sep 17 00:00:00 2001 From: Ziv Nevo Date: Thu, 17 Apr 2025 16:06:11 +0300 Subject: [PATCH 3/3] fix lint Signed-off-by: Ziv Nevo --- pkg/awsvpc/nacl_analysis.go | 6 +++--- pkg/commonvpc/nacl_analysis.go | 10 ++++++---- pkg/commonvpc/parser.go | 6 +++--- pkg/commonvpc/testfunc/common_test_functionality.go | 5 +++-- pkg/drawio/layout.go | 13 +++++++------ pkg/ibmvpc/routing_tables_analysis.go | 10 +++++----- pkg/ibmvpc/subnetsIPBlocks.go | 4 ++-- pkg/ibmvpc/vpc.go | 10 +++++----- pkg/vpcmodel/grouping.go | 2 +- pkg/vpcmodel/semanticDiff.go | 10 ++++++---- pkg/vpcmodel/synthesisOutput.go | 10 ++++++---- 11 files changed, 47 insertions(+), 39 deletions(-) diff --git a/pkg/awsvpc/nacl_analysis.go b/pkg/awsvpc/nacl_analysis.go index 700acf4e8..7473c0a39 100644 --- a/pkg/awsvpc/nacl_analysis.go +++ b/pkg/awsvpc/nacl_analysis.go @@ -75,10 +75,10 @@ func (na *AWSNACLAnalyzer) GetNACLRule(index int) (ruleStr string, ruleRes *comm portsStr = fmt.Sprintf(", dstPorts: %d-%d", minPort, maxPort) case protocolICMP: icmpTypeMin, icmpTypeMax, icmpCodeMin, icmpCodeMax, - err := handleIcmpTypeCode(ruleObj.IcmpTypeCode.Type, ruleObj.IcmpTypeCode.Code) + err2 := handleIcmpTypeCode(ruleObj.IcmpTypeCode.Type, ruleObj.IcmpTypeCode.Code) - if err != nil { - return "", nil, false, err + if err2 != nil { + return "", nil, false, err2 } if ruleObj.IcmpTypeCode.Type != nil && *ruleObj.IcmpTypeCode.Type != -1 { portsStr = fmt.Sprintf(", type: %d", *ruleObj.IcmpTypeCode.Type) diff --git a/pkg/commonvpc/nacl_analysis.go b/pkg/commonvpc/nacl_analysis.go index c5682160f..3fdeb21d8 100644 --- a/pkg/commonvpc/nacl_analysis.go +++ b/pkg/commonvpc/nacl_analysis.go @@ -139,7 +139,8 @@ func GetAllowedXgressConnections(rules []*NACLRule, src, subnetCidr *netset.IPBl } for _, disjointDestCidr := range destCidrList { disjointDestIP := disjointDestCidr.ToIPRanges() - if rule.Action == ALLOW { + switch rule.Action { + case ALLOW: addedAllowedConns := rule.Connections.Copy() addedAllowedConns = addedAllowedConns.Subtract(deniedXgress[disjointDestIP]) // issue here at union below @@ -148,7 +149,7 @@ func GetAllowedXgressConnections(rules []*NACLRule, src, subnetCidr *netset.IPBl if !allowedXgress[disjointDestIP].Equal(allowedXgressDestCidrBefore) { // this rule contributes to the connection allowRules[disjointDestIP] = append(allowRules[disjointDestIP], rule.Index) } - } else if rule.Action == DENY { + case DENY: addedDeniedConns := rule.Connections.Copy() addedDeniedConns = addedDeniedConns.Subtract(allowedXgress[disjointDestIP]) deniedXgressDestCidrBefore := deniedXgress[disjointDestIP] @@ -418,9 +419,10 @@ func (na *NACLAnalyzer) getRulesRelevantConn(rules []int, continue } curConn = curConn.Union(rule.Connections) - if rule.Action == ALLOW { + switch rule.Action { + case ALLOW: allowRelevant = append(allowRelevant, rule.Index) - } else if rule.Action == DENY { + case DENY: denyRelevant = append(denyRelevant, rule.Index) } contains := connQuery.IsSubset(curConn) diff --git a/pkg/commonvpc/parser.go b/pkg/commonvpc/parser.go index ec32bab57..4bd2753d7 100644 --- a/pkg/commonvpc/parser.go +++ b/pkg/commonvpc/parser.go @@ -215,9 +215,9 @@ func NewVPC(name, uid, region string, zonesToAP map[string][]string, regionToStr } for zoneName, zoneCidrsList := range zonesToAP { vpcNodeSet.AddressPrefixesList = append(vpcNodeSet.AddressPrefixesList, zoneCidrsList...) - zoneIPBlock, err := netset.IPBlockFromCidrList(zoneCidrsList) - if err != nil { - return nil, err + zoneIPBlock, err2 := netset.IPBlockFromCidrList(zoneCidrsList) + if err2 != nil { + return nil, err2 } vpcNodeSet.Zones[zoneName] = &Zone{Name: zoneName, Vpc: vpcNodeSet, diff --git a/pkg/commonvpc/testfunc/common_test_functionality.go b/pkg/commonvpc/testfunc/common_test_functionality.go index a7e567df1..e0edcdb10 100644 --- a/pkg/commonvpc/testfunc/common_test_functionality.go +++ b/pkg/commonvpc/testfunc/common_test_functionality.go @@ -299,7 +299,8 @@ func GetTestsDirInput() string { func compareOrRegenerateOutputPerTest(t *testing.T, mode testMode, actualOutput, testDir, name string, expectedOutput map[vpcmodel.OutputUseCase]string, uc vpcmodel.OutputUseCase) error { - if mode == OutputComparison { + switch mode { + case OutputComparison: expectedOutput, err := os.ReadFile(expectedOutput[uc]) if err != nil { t.Fatalf(errString, err) @@ -309,7 +310,7 @@ func compareOrRegenerateOutputPerTest(t *testing.T, mode testMode, actualOutput, compareTextualResult(expectedOutputStr, actualOutput, testDir) t.Fatalf("output mismatch expected-vs-actual on test name: %s, use case: %d", name, uc) } - } else if mode == OutputGeneration { + case OutputGeneration: fmt.Printf("outputGeneration\n") // create or override expected output file if _, err := vpcmodel.WriteToFile(actualOutput, expectedOutput[uc]); err != nil { diff --git a/pkg/drawio/layout.go b/pkg/drawio/layout.go index 7b6d5fdcd..c7d86e1ee 100644 --- a/pkg/drawio/layout.go +++ b/pkg/drawio/layout.go @@ -207,12 +207,13 @@ func getSubnetIconsOrder(subnet SquareTreeNodeInterface) [][]IconTreeNodeInterfa // collect for each group with viability square its innerSquares groups: for _, groupS := range sortedBySizeGroups { group := groupS.(*GroupSquareTreeNode) - if group.visibility == square { + switch group.visibility { + case square: outerToInnersGroup[group] = map[SquareTreeNodeInterface]bool{} for _, icon := range group.groupedIcons { iconOuterGroup[icon] = group } - } else if group.visibility == innerSquare { + case innerSquare: for _, icon := range group.groupedIcons { iconInnerGroup[icon] = group outerToInnersGroup[iconOuterGroup[icon]][group] = true @@ -379,8 +380,8 @@ func (ly *layoutS) resolveGroupedSubnetsOverlap() { // check if two squares: share a col and have the same first/last raw, or share a row and have the same first/last col func squareBordersOverlap(l1, l2 *Location) bool { - shareCol := !(l1.firstCol.index > l2.lastCol.index || l2.firstCol.index > l1.lastCol.index) - shareRow := !(l1.firstRow.index > l2.lastRow.index || l2.firstRow.index > l1.lastRow.index) + shareCol := l1.firstCol.index <= l2.lastCol.index && l2.firstCol.index <= l1.lastCol.index + shareRow := l1.firstRow.index <= l2.lastRow.index && l2.firstRow.index <= l1.lastRow.index sameRow := l1.firstRow == l2.firstRow || l1.lastRow == l2.lastRow sameCol := l1.firstCol == l2.firstCol || l1.lastCol == l2.lastCol return shareCol && sameRow || shareRow && sameCol @@ -772,13 +773,13 @@ func (ly *layoutS) setGroupingIconLocations() { r, c := calcGroupingIconLocation(parentLocation, colleagueLocation) gIcon.setLocation(newCellLocation(r, c)) // add the icon to its border: - groupBorder := groupBorder{ + gb := groupBorder{ c: c, r: r, visibility: parent.visibility, right: c == parentLocation.nextCol(), } - iconsInBorder[groupBorder] = append(iconsInBorder[groupBorder], gIcon) + iconsInBorder[gb] = append(iconsInBorder[gb], gIcon) // set the x offset to the icons: switch parent.visibility { case theSubnet: diff --git a/pkg/ibmvpc/routing_tables_analysis.go b/pkg/ibmvpc/routing_tables_analysis.go index f4b7febc2..ed09afa74 100644 --- a/pkg/ibmvpc/routing_tables_analysis.go +++ b/pkg/ibmvpc/routing_tables_analysis.go @@ -58,9 +58,9 @@ func (ga *GlobalRTAnalyzer) GetRoutingPath(src vpcmodel.InternalNodeIntf, dest * } // if res ends with "tgw" -> should get remaining routing path in the target VPC with src:tgw if res != nil && res.DoesEndWithTGW() { - targetVPCAnalyzer, err := ga.getRTAnalyzerPerVPC(res.TargetVPC()) - if err != nil { - return nil, err + targetVPCAnalyzer, errGet := ga.getRTAnalyzerPerVPC(res.TargetVPC()) + if errGet != nil { + return nil, errGet } targetVPC := ga.allConfigs.GetVPC(res.TargetVPC()).(*commonvpc.VPC) destZone, _ := getZoneByIPBlock(dest, ga.allConfigs) @@ -74,8 +74,8 @@ func (ga *GlobalRTAnalyzer) GetRoutingPath(src vpcmodel.InternalNodeIntf, dest * // if dest zone is not found, should consider all routes for all zones in the RT // and prefer the one with the src zone of such is available // the analysis should be done for all available zones (up to 3) - res2, err := targetVPCAnalyzer.getIngressPath(tgwSource, dest, destZone, srcZone) - return vpcmodel.ConcatPaths(res, res2), err + res2, err2 := targetVPCAnalyzer.getIngressPath(tgwSource, dest, destZone, srcZone) + return vpcmodel.ConcatPaths(res, res2), err2 } // else - routing remains within a single vpc context return res, err diff --git a/pkg/ibmvpc/subnetsIPBlocks.go b/pkg/ibmvpc/subnetsIPBlocks.go index 2023f8a59..8cfb3de78 100644 --- a/pkg/ibmvpc/subnetsIPBlocks.go +++ b/pkg/ibmvpc/subnetsIPBlocks.go @@ -67,8 +67,8 @@ type subnetsIPBlocks map[string]*oneSubnetBlocks // 3. calculate the splitByFiltersBlocks // 4. calculate the freeAddressesBlocks func getSubnetsIPBlocks(rc *IBMresourcesContainer, filtersCidrs []map[string][]*string, - skipByVPC map[string]bool) (subnetsBlocks subnetsIPBlocks, err error) { - subnetsBlocks = subnetsIPBlocks{} + skipByVPC map[string]bool) (subnetsIPBlocks, error) { + subnetsBlocks := subnetsIPBlocks{} // gets the original blocks of the subnets: if err := subnetsBlocks.getSubnetsOriginalBlocks(rc, skipByVPC); err != nil { return nil, err diff --git a/pkg/ibmvpc/vpc.go b/pkg/ibmvpc/vpc.go index 956ddbb02..7478bec19 100644 --- a/pkg/ibmvpc/vpc.go +++ b/pkg/ibmvpc/vpc.go @@ -481,7 +481,7 @@ func (tgw *TransitGateway) ExternalIP() string { } func isPairRelevantToTGW(src, dst vpcmodel.VPCResourceIntf) bool { - return !(src.IsExternal() || dst.IsExternal()) && src.VPC().UID() != dst.VPC().UID() + return !src.IsExternal() && !dst.IsExternal() && src.VPC().UID() != dst.VPC().UID() } func (tgw *TransitGateway) AllowedConnectivity(src, dst vpcmodel.VPCResourceIntf) (*netset.TransportSet, error) { @@ -534,11 +534,11 @@ func (tgw *TransitGateway) tgwPrefixStr(tc *datamodel.TransitConnection, // Array of prefix route filters for a transit gateway connection. This is order dependent with those first in the // array being applied first, and those at the end of the array is applied last, or just before the default. if prefixIndx == defaultPrefixFilter { // default - defaultStr, actionName, err := prefixDefaultStr(tc) - if err != nil { - return "", "", err + defaultStr, actName, err2 := prefixDefaultStr(tc) + if err2 != nil { + return "", "", err2 } - return resStr + defaultStr, actionName, nil + return resStr + defaultStr, actName, nil } if len(tc.PrefixFilters) < prefixIndx+1 { return "", "", fmt.Errorf("np-guard error: prefix index %d does not exists in transit connection %s of transit gateway %s", diff --git a/pkg/vpcmodel/grouping.go b/pkg/vpcmodel/grouping.go index b6cecc798..452865721 100644 --- a/pkg/vpcmodel/grouping.go +++ b/pkg/vpcmodel/grouping.go @@ -395,7 +395,7 @@ func (g *GroupConnLines) groupExternalAddressesForDiff(thisMinusOther bool) erro for src, endpointConnDiff := range connRemovedChanged { for dst, connDiff := range endpointConnDiff { connDiffString := connDiffEncode(src, dst, connDiff) - if !(connDiff.conn1.isEmpty() && connDiff.conn2.isEmpty()) { + if !connDiff.conn1.isEmpty() || !connDiff.conn2.isEmpty() { err := g.addLineToExternalGrouping(&res, src, dst, &groupedCommonProperties{connDiff: connDiff, groupingStrKey: connDiffString}) if err != nil { diff --git a/pkg/vpcmodel/semanticDiff.go b/pkg/vpcmodel/semanticDiff.go index 95e27dff5..d164afcac 100644 --- a/pkg/vpcmodel/semanticDiff.go +++ b/pkg/vpcmodel/semanticDiff.go @@ -116,13 +116,14 @@ func (configs configsForDiff) GetDiff() (*diffBetweenCfgs, error) { func getAllowedResponsiveConnections(c *VPCConfig, diffAnalysis diffAnalysisType) (responsiveConnectivityMap GeneralResponsiveConnectivityMap, err error) { - if diffAnalysis == Subnets { + switch diffAnalysis { + case Subnets: subnetsConn, err := c.GetSubnetsConnectivity(true, NoGroupingNoConsistencyEdges) if err != nil { return nil, err } return subnetsConn.AllowedConnsCombinedResponsive, err - } else if diffAnalysis == Vsis { + case Vsis: connectivity1, err := c.GetVPCNetworkConnectivity(false, NoGroupingNoConsistencyEdges) if err != nil { return nil, err @@ -238,9 +239,10 @@ func getDiffType(src, srcInOther, dst, dstInOther VPCResourceIntf) DiffType { } func getDiffInfoHeader(diffAnalysis diffAnalysisType) string { - if diffAnalysis == Subnets { + switch diffAnalysis { + case Subnets: return "subnets-diff-info:" - } else if diffAnalysis == Vsis { + case Vsis: return "vsis-diff-info:" } return "" diff --git a/pkg/vpcmodel/synthesisOutput.go b/pkg/vpcmodel/synthesisOutput.go index f12163883..1c645788a 100644 --- a/pkg/vpcmodel/synthesisOutput.go +++ b/pkg/vpcmodel/synthesisOutput.go @@ -148,14 +148,16 @@ func renameExternalsAndSegments(requiredConnections []spec.SpecRequiredConnectio externalsMap map[string]string, segmentsMap map[string]string) []spec.SpecRequiredConnectionsElem { connLines := []spec.SpecRequiredConnectionsElem{} for _, conn := range requiredConnections { - if conn.Src.Type == spec.ResourceTypeExternal { + switch conn.Src.Type { + case spec.ResourceTypeExternal: conn.Src.Name = getNewExternalOrSegmentName(conn.Src.Name, externalString, externalsMap) - } else if conn.Src.Type == spec.ResourceTypeSegment { + case spec.ResourceTypeSegment: conn.Src.Name = getNewExternalOrSegmentName(conn.Src.Name, segmentString, segmentsMap) } - if conn.Dst.Type == spec.ResourceTypeExternal { + switch conn.Dst.Type { + case spec.ResourceTypeExternal: conn.Dst.Name = getNewExternalOrSegmentName(conn.Dst.Name, externalString, externalsMap) - } else if conn.Dst.Type == spec.ResourceTypeSegment { + case spec.ResourceTypeSegment: conn.Dst.Name = getNewExternalOrSegmentName(conn.Dst.Name, segmentString, segmentsMap) } connLines = append(connLines, conn)