Add revive linting. Address linting errors. Remove unused code.

Signed-off-by: Matt Welke <matt.welke@spectrocloud.com>

Author: mattwelke

.golangci.yml

@@ -26,6 +26,7 @@ linters:
     - misspell
     - nakedret
     - prealloc
+    - revive
     - staticcheck
     - typecheck
     - unconvert

README.md

@@ -154,7 +154,7 @@ More information can be found via the [Kubebuilder Documentation](https://book.k
 
 ## License
 
-Copyright 2023.
+Copyright 2024.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

api/v1alpha1/azurevalidator_types.go

@@ -1,5 +1,5 @@
 /*
-Copyright 2023.
+Copyright 2024.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -33,6 +33,7 @@ type AzureValidatorSpec struct {
 	Auth                       AzureAuth                   `json:"auth" yaml:"auth"`
 }
 
+// ResultCount returns the number of validation results expected for an AzureValidatorSpec.
 func (s AzureValidatorSpec) ResultCount() int {
 	return len(s.RBACRules) + len(s.CommunityGalleryImageRules)
 }
@@ -83,6 +84,7 @@ type CommunityGallery struct {
 	Name string `json:"name" yaml:"name"`
 }
 
+// AzureAuth defines authentication configuration for an AzureValidator.
 type AzureAuth struct {
 	// If true, the AzureValidator will use the Azure SDK's default credential chain to authenticate.
 	// Set to true if using WorkloadIdentityCredentials.
@@ -98,25 +100,25 @@ type AzureAuth struct {
 // +kubebuilder:validation:MaxLength=200
 type ActionStr string
 
-// Conveys that the security principal should be the member of a role assignment that provides the
-// specified role for the specified scope. Scope can be either subscription, resource group, or
-// resource.
+// PermissionSet is part of an RBAC rule and verifies that a security principal has the specified
+// permissions (via role assignments) at the specified scope. Scope can be either subscription,
+// resource group, or resource.
 type PermissionSet struct {
-	// If provided, the actions that the role must be able to perform. Must not contain any
+	// Actions is a list of actions that the role must be able to perform. Must not contain any
 	// wildcards. If not specified, the role is assumed to already be able to perform all required
 	// actions.
 	//+kubebuilder:validation:MaxItems=1000
 	//+kubebuilder:validation:XValidation:message="Actions cannot have wildcards.",rule="self.all(item, !item.contains('*'))"
 	Actions []ActionStr `json:"actions,omitempty" yaml:"actions,omitempty"`
-	// If provided, the data actions that the role must be able to perform. Must not contain any
-	// wildcards. If not provided, the role is assumed to already be able to perform all required
-	// data actions.
+	// DataActions is a list of data actions that the role must be able to perform. Must not
+	// contain any wildcards. If not provided, the role is assumed to already be able to perform
+	// all required data actions.
 	//+kubebuilder:validation:MaxItems=1000
 	//+kubebuilder:validation:XValidation:message="DataActions cannot have wildcards.",rule="self.all(item, !item.contains('*'))"
 	DataActions []ActionStr `json:"dataActions,omitempty" yaml:"dataActions,omitempty"`
-	// The minimum scope of the role. Role assignments found at higher level scopes will satisfy
-	// this. For example, a role assignment found with subscription scope will satisfy a permission
-	// set where the role scope specified is a resource group within that subscription.
+	// Scope is the minimum scope of the role. Role assignments found at higher level scopes will
+	// satisfy this. For example, a role assignment found with subscription scope will satisfy a
+	// permission set where the role scope specified is a resource group within that subscription.
 	Scope string `json:"scope" yaml:"scope"`
 }
 

api/v1alpha1/groupversion_info.go

@@ -1,5 +1,5 @@
 /*
-Copyright 2023.
+Copyright 2024.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

api/v1alpha1/zz_generated.deepcopy.go

@@ -1,5 +1,5 @@
 /*
-Copyright 2023.
+Copyright 2024.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -14,6 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
+// Package main initializes an AzureValidator controller.
 package main
 
 import (

cmd/main.go

@@ -14,4 +14,4 @@ spec:
       name: AKSUbuntu-38d80f77-467a-481f-a8d4-09b6d4220bd2
     images:
     - 1804gen2gpucontainerd
-    subscriptionID: <subscription>
+    subscriptionID: 9b16dd0b-1bea-4c9a-a291-65e6f44c4745

config/samples/azurevalidator-communitygalleryimages-one-image.yaml

@@ -1,5 +1,5 @@
 /*
-Copyright 2023.
+Copyright 2024.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -12,4 +12,4 @@ distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
-*/
+*/

hack/boilerplate.go.txt

@@ -1,9 +1,13 @@
+// Package constants contains Azure plugin constants.
 package constants
 
 const (
+	// PluginCode is the code for the plugin.
 	PluginCode string = "Azure"
 
+	// ValidationTypeRBAC is the validation type for RBAC rules.
 	ValidationTypeRBAC string = "azure-rbac"
 
+	// ValidationTypeCommunityGalleryImages is the validation type for community gallery image rules.
 	ValidationTypeCommunityGalleryImages string = "azure-community-gallery-image"
 )

internal/constants/constants.go

@@ -1,5 +1,5 @@
 /*
-Copyright 2023.
+Copyright 2024.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -14,6 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
+// Package controller defines a controller for reconciling AzureValidator objects.
 package controller
 
 import (
@@ -43,6 +44,7 @@ import (
 	vres "github.com/validator-labs/validator/pkg/validationresult"
 )
 
+// ErrSecretNameRequired is returned when the auth.secretName field is empty.
 var ErrSecretNameRequired = errors.New("auth.secretName is required")
 
 // AzureValidatorReconciler reconciles an AzureValidator object
@@ -123,10 +125,10 @@ func (r *AzureValidatorReconciler) Reconcile(ctx context.Context, req ctrl.Reque
 			defer cancel()
 		}
 
-		daClient := azure_utils.NewAzureDenyAssignmentsClient(azureCtx, azureAPI.DenyAssignmentsClient)
-		raClient := azure_utils.NewAzureRoleAssignmentsClient(azureCtx, azureAPI.RoleAssignmentsClient)
-		rdClient := azure_utils.NewAzureRoleDefinitionsClient(azureCtx, azureAPI.RoleDefinitionsClient)
-		cgiClient := azure_utils.NewAzureCommunityGalleryImagesClient(azureCtx, azureAPI.CommunityGalleryImagesClientProducer)
+		daClient := azure_utils.NewDenyAssignmentsClient(azureCtx, azureAPI.DenyAssignmentsClient)
+		raClient := azure_utils.NewRoleAssignmentsClient(azureCtx, azureAPI.RoleAssignmentsClient)
+		rdClient := azure_utils.NewRoleDefinitionsClient(azureCtx, azureAPI.RoleDefinitionsClient)
+		cgiClient := azure_utils.NewCommunityGalleryImagesClient(azureCtx, azureAPI.CommunityGalleryImagesClientProducer)
 
 		// RBAC rules
 		rbacSvc := validators.NewRBACRuleService(daClient, raClient, rdClient)