refactor: enable revive, resolve all lints, remove unused code (#194)

Also bumps 2023 copyright to 2024.

---------

Signed-off-by: Matt Welke <matt.welke@spectrocloud.com>

Author: mattwelke

.golangci.yml

@@ -26,6 +26,7 @@ linters:
     - misspell
     - nakedret
     - prealloc
+    - revive
     - staticcheck
     - typecheck
     - unconvert

README.md

@@ -154,7 +154,7 @@ More information can be found via the [Kubebuilder Documentation](https://book.k
 
 ## License
 
-Copyright 2023.
+Copyright 2024.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

api/v1alpha1/azurevalidator_types.go

@@ -1,5 +1,5 @@
 /*
-Copyright 2023.
+Copyright 2024.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -33,6 +33,7 @@ type AzureValidatorSpec struct {
 	Auth                       AzureAuth                   `json:"auth" yaml:"auth"`
 }
 
+// ResultCount returns the number of validation results expected for an AzureValidatorSpec.
 func (s AzureValidatorSpec) ResultCount() int {
 	return len(s.RBACRules) + len(s.CommunityGalleryImageRules)
 }
@@ -83,6 +84,7 @@ type CommunityGallery struct {
 	Name string `json:"name" yaml:"name"`
 }
 
+// AzureAuth defines authentication configuration for an AzureValidator.
 type AzureAuth struct {
 	// If true, the AzureValidator will use the Azure SDK's default credential chain to authenticate.
 	// Set to true if using WorkloadIdentityCredentials.
@@ -98,25 +100,25 @@ type AzureAuth struct {
 // +kubebuilder:validation:MaxLength=200
 type ActionStr string
 
-// Conveys that the security principal should be the member of a role assignment that provides the
-// specified role for the specified scope. Scope can be either subscription, resource group, or
-// resource.
+// PermissionSet is part of an RBAC rule and verifies that a security principal has the specified
+// permissions (via role assignments) at the specified scope. Scope can be either subscription,
+// resource group, or resource.
 type PermissionSet struct {
-	// If provided, the actions that the role must be able to perform. Must not contain any
+	// Actions is a list of actions that the role must be able to perform. Must not contain any
 	// wildcards. If not specified, the role is assumed to already be able to perform all required
 	// actions.
 	//+kubebuilder:validation:MaxItems=1000
 	//+kubebuilder:validation:XValidation:message="Actions cannot have wildcards.",rule="self.all(item, !item.contains('*'))"
 	Actions []ActionStr `json:"actions,omitempty" yaml:"actions,omitempty"`
-	// If provided, the data actions that the role must be able to perform. Must not contain any
-	// wildcards. If not provided, the role is assumed to already be able to perform all required
-	// data actions.
+	// DataActions is a list of data actions that the role must be able to perform. Must not
+	// contain any wildcards. If not provided, the role is assumed to already be able to perform
+	// all required data actions.
 	//+kubebuilder:validation:MaxItems=1000
 	//+kubebuilder:validation:XValidation:message="DataActions cannot have wildcards.",rule="self.all(item, !item.contains('*'))"
 	DataActions []ActionStr `json:"dataActions,omitempty" yaml:"dataActions,omitempty"`
-	// The minimum scope of the role. Role assignments found at higher level scopes will satisfy
-	// this. For example, a role assignment found with subscription scope will satisfy a permission
-	// set where the role scope specified is a resource group within that subscription.
+	// Scope is the minimum scope of the role. Role assignments found at higher level scopes will
+	// satisfy this. For example, a role assignment found with subscription scope will satisfy a
+	// permission set where the role scope specified is a resource group within that subscription.
 	Scope string `json:"scope" yaml:"scope"`
 }
 

api/v1alpha1/groupversion_info.go

@@ -1,5 +1,5 @@
 /*
-Copyright 2023.
+Copyright 2024.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

api/v1alpha1/zz_generated.deepcopy.go

@@ -1,5 +1,5 @@
 /*
-Copyright 2023.
+Copyright 2024.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -14,6 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
+// Package main initializes an AzureValidator controller.
 package main
 
 import (

cmd/main.go

@@ -40,6 +40,8 @@ spec:
             description: AzureValidatorSpec defines the desired state of AzureValidator
             properties:
               auth:
+                description: AzureAuth defines authentication configuration for an
+                  AzureValidator.
                 properties:
                   implicit:
                     description: |-
@@ -125,13 +127,13 @@ spec:
                         will pass.
                       items:
                         description: |-
-                          Conveys that the security principal should be the member of a role assignment that provides the
-                          specified role for the specified scope. Scope can be either subscription, resource group, or
-                          resource.
+                          PermissionSet is part of an RBAC rule and verifies that a security principal has the specified
+                          permissions (via role assignments) at the specified scope. Scope can be either subscription,
+                          resource group, or resource.
                         properties:
                           actions:
                             description: |-
-                              If provided, the actions that the role must be able to perform. Must not contain any
+                              Actions is a list of actions that the role must be able to perform. Must not contain any
                               wildcards. If not specified, the role is assumed to already be able to perform all required
                               actions.
                             items:
@@ -147,9 +149,9 @@ spec:
                               rule: self.all(item, !item.contains('*'))
                           dataActions:
                             description: |-
-                              If provided, the data actions that the role must be able to perform. Must not contain any
-                              wildcards. If not provided, the role is assumed to already be able to perform all required
-                              data actions.
+                              DataActions is a list of data actions that the role must be able to perform. Must not
+                              contain any wildcards. If not provided, the role is assumed to already be able to perform
+                              all required data actions.
                             items:
                               description: |-
                                 ActionStr is a type used for Action strings and DataAction strings. Alias exists to enable
@@ -163,9 +165,9 @@ spec:
                               rule: self.all(item, !item.contains('*'))
                           scope:
                             description: |-
-                              The minimum scope of the role. Role assignments found at higher level scopes will satisfy
-                              this. For example, a role assignment found with subscription scope will satisfy a permission
-                              set where the role scope specified is a resource group within that subscription.
+                              Scope is the minimum scope of the role. Role assignments found at higher level scopes will
+                              satisfy this. For example, a role assignment found with subscription scope will satisfy a
+                              permission set where the role scope specified is a resource group within that subscription.
                             type: string
                         required:
                         - scope

config/crd/bases/validation.spectrocloud.labs_azurevalidators.yaml

@@ -14,4 +14,4 @@ spec:
       name: AKSUbuntu-38d80f77-467a-481f-a8d4-09b6d4220bd2
     images:
     - 1804gen2gpucontainerd
-    subscriptionID: <subscription>
+    subscriptionID: 9b16dd0b-1bea-4c9a-a291-65e6f44c4745

config/samples/azurevalidator-communitygalleryimages-one-image.yaml

@@ -1,5 +1,5 @@
 /*
-Copyright 2023.
+Copyright 2024.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -12,4 +12,4 @@ distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
-*/
+*/

hack/boilerplate.go.txt

@@ -1,9 +1,13 @@
+// Package constants contains Azure plugin constants.
 package constants
 
 const (
+	// PluginCode is the code for the plugin.
 	PluginCode string = "Azure"
 
+	// ValidationTypeRBAC is the validation type for RBAC rules.
 	ValidationTypeRBAC string = "azure-rbac"
 
+	// ValidationTypeCommunityGalleryImages is the validation type for community gallery image rules.
 	ValidationTypeCommunityGalleryImages string = "azure-community-gallery-image"
 )