diff --git a/.golangci.yaml b/.golangci.yaml index eba33a48..b0ca022f 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -4,10 +4,6 @@ linters: exclusions: generated: lax presets: [comments, common-false-positives, legacy, std-error-handling] - rules: - - linters: - - modernize - text: .* paths: [third_party, builtin$, examples$] warn-unused: true settings: diff --git a/deploy/charts/approver-policy/templates/crd-policy.cert-manager.io_certificaterequestpolicies.yaml b/deploy/charts/approver-policy/templates/crd-policy.cert-manager.io_certificaterequestpolicies.yaml index bce01907..67707b20 100644 --- a/deploy/charts/approver-policy/templates/crd-policy.cert-manager.io_certificaterequestpolicies.yaml +++ b/deploy/charts/approver-policy/templates/crd-policy.cert-manager.io_certificaterequestpolicies.yaml @@ -1140,6 +1140,8 @@ spec: - type x-kubernetes-list-type: map type: object + required: + - spec type: object served: true storage: true diff --git a/deploy/crds/policy.cert-manager.io_certificaterequestpolicies.yaml b/deploy/crds/policy.cert-manager.io_certificaterequestpolicies.yaml index cf6502fb..67cbbe00 100644 --- a/deploy/crds/policy.cert-manager.io_certificaterequestpolicies.yaml +++ b/deploy/crds/policy.cert-manager.io_certificaterequestpolicies.yaml @@ -1157,6 +1157,8 @@ spec: - type x-kubernetes-list-type: map type: object + required: + - spec type: object served: true storage: true diff --git a/pkg/apis/policy/v1alpha1/types_certificaterequestpolicy.go b/pkg/apis/policy/v1alpha1/types_certificaterequestpolicy.go index 3d004440..b520684b 100644 --- a/pkg/apis/policy/v1alpha1/types_certificaterequestpolicy.go +++ b/pkg/apis/policy/v1alpha1/types_certificaterequestpolicy.go @@ -37,19 +37,23 @@ var CertificateRequestPolicyKind = "CertificateRequestPolicy" // makes decisions on whether applicable CertificateRequests should be approved // or denied. type CertificateRequestPolicy struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty"` + metav1.TypeMeta `json:",inline"` + // +optional + metav1.ObjectMeta `json:"metadata"` - Spec CertificateRequestPolicySpec `json:"spec,omitempty"` - Status CertificateRequestPolicyStatus `json:"status,omitempty"` + Spec CertificateRequestPolicySpec `json:"spec"` + // +optional + Status CertificateRequestPolicyStatus `json:"status,omitzero"` } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // CertificateRequestPolicyList is a list of CertificateRequestPolicies. type CertificateRequestPolicyList struct { metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata,omitempty"` - Items []CertificateRequestPolicy `json:"items"` + // +optional + metav1.ListMeta `json:"metadata"` + + Items []CertificateRequestPolicy `json:"items"` } // CertificateRequestPolicySpec defines the desired state of diff --git a/pkg/internal/approver/constraints/evaluator.go b/pkg/internal/approver/constraints/evaluator.go index 27aba027..704f2db1 100644 --- a/pkg/internal/approver/constraints/evaluator.go +++ b/pkg/internal/approver/constraints/evaluator.go @@ -108,7 +108,7 @@ func (c constraints) Evaluate(_ context.Context, policy *policyapi.CertificateRe // decodePublicKey will return the algorithm and size of the given public key. // If the public key cannot be decoded, an error is returned. -func decodePublicKey(pub interface{}) (cmapi.PrivateKeyAlgorithm, int, error) { +func decodePublicKey(pub any) (cmapi.PrivateKeyAlgorithm, int, error) { switch pubKey := pub.(type) { case *rsa.PublicKey: return cmapi.RSAKeyAlgorithm, pubKey.N.BitLen(), nil diff --git a/pkg/internal/approver/validation/serviceaccount.go b/pkg/internal/approver/validation/serviceaccount.go index 694eaf53..3e866112 100644 --- a/pkg/internal/approver/validation/serviceaccount.go +++ b/pkg/internal/approver/validation/serviceaccount.go @@ -41,11 +41,11 @@ func ServiceAccountLib() cel.EnvOption { } // ConvertToNative implements ref.Val.ConvertToNative. -func (sa ServiceAccount) ConvertToNative(typeDesc reflect.Type) (interface{}, error) { - if reflect.TypeOf(sa).AssignableTo(typeDesc) { +func (sa ServiceAccount) ConvertToNative(typeDesc reflect.Type) (any, error) { + if reflect.TypeFor[ServiceAccount]().AssignableTo(typeDesc) { return sa, nil } - if reflect.TypeOf("").AssignableTo(typeDesc) { + if reflect.TypeFor[string]().AssignableTo(typeDesc) { return serviceaccount.MakeUsername(sa.Namespace, sa.Name), nil } return nil, fmt.Errorf("type conversion error from 'serviceaccount' to '%v'", typeDesc) @@ -77,7 +77,7 @@ func (sa ServiceAccount) Type() ref.Type { } // Value implements ref.Val.Value. -func (sa ServiceAccount) Value() interface{} { +func (sa ServiceAccount) Value() any { return sa } diff --git a/pkg/internal/approver/validation/validator.go b/pkg/internal/approver/validation/validator.go index e4b311da..3c206e30 100644 --- a/pkg/internal/approver/validation/validator.go +++ b/pkg/internal/approver/validation/validator.go @@ -86,7 +86,7 @@ func (v *validator) Validate(value string, request cmapi.CertificateRequest) (bo return false, errors.New("must compile first") } - vars := map[string]interface{}{ + vars := map[string]any{ varSelf: value, varRequest: &CertificateRequest{ Name: request.GetName(), diff --git a/pkg/internal/webhook/validator.go b/pkg/internal/webhook/validator.go index c41ffc7a..ca3ab996 100644 --- a/pkg/internal/webhook/validator.go +++ b/pkg/internal/webhook/validator.go @@ -20,6 +20,7 @@ import ( "context" "errors" "fmt" + "slices" "sort" "github.com/go-logr/logr" @@ -75,15 +76,7 @@ func (v *validator) validate(ctx context.Context, obj runtime.Object) (admission // Ensure no plugin has been defined which is not registered. var unrecognisedNames []string for name := range policy.Spec.Plugins { - var found bool - for _, known := range v.registeredPlugins { - if name == known { - found = true - break - } - } - - if !found { + if !slices.Contains(v.registeredPlugins, name) { unrecognisedNames = append(unrecognisedNames, name) } }