diff --git a/.github/workflows/make-self-upgrade.yaml b/.github/workflows/make-self-upgrade.yaml index 03e69b6d..25dffeff 100644 --- a/.github/workflows/make-self-upgrade.yaml +++ b/.github/workflows/make-self-upgrade.yaml @@ -32,7 +32,7 @@ jobs: exit 1 - name: Octo STS Token Exchange - uses: octo-sts/action@a26b0c6455c7f13316f29a8766287f939e75f6c8 # v1.0.2 + uses: octo-sts/action@d6c70ad3b9ac85df6da6b9749014d7283987cfec # v1.0.3 id: octo-sts with: scope: 'jetstack/jetstack-secure' diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index f852bd91..24477324 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -27,7 +27,7 @@ jobs: exit 1 - name: Octo STS Token Exchange - uses: octo-sts/action@a26b0c6455c7f13316f29a8766287f939e75f6c8 # v1.0.2 + uses: octo-sts/action@d6c70ad3b9ac85df6da6b9749014d7283987cfec # v1.0.3 id: octo-sts with: scope: 'jetstack/jetstack-secure' @@ -50,7 +50,7 @@ jobs: go-version: ${{ steps.go-version.outputs.result }} - name: Self-hosted Renovate - uses: renovatebot/github-action@70ea19f1b0dc8a9cc7af1b4278f8d3fd9778b577 # v43.0.17 + uses: renovatebot/github-action@c5fdc9f98fdf9e9bb16b5760f7e560256eb79326 # v44.0.2 with: configurationFile: .github/renovate.json5 token: ${{ steps.octo-sts.outputs.token }} diff --git a/.golangci.yaml b/.golangci.yaml index bebff5e6..f40fc736 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -54,6 +54,7 @@ linters: - makezero - mirror - misspell + - modernize - musttag - nakedret - nilerr @@ -81,9 +82,10 @@ formatters: sections: - standard # Standard section: captures all standard packages. - default # Default section: contains all imports that could not be matched to another section type. - - prefix(github.com/jetstack/preflight) # Custom section: groups all imports with the specified Prefix. + - localmodule # Local module section: contains all local packages. This section is not present unless explicitly enabled. - blank # Blank section: contains all blank imports. This section is not present unless explicitly enabled. - dot # Dot section: contains all dot imports. This section is not present unless explicitly enabled. + custom-order: true exclusions: generated: lax paths: [third_party, builtin$, examples$] diff --git a/api/datareading.go b/api/datareading.go index 86dd2dd8..0556dd63 100644 --- a/api/datareading.go +++ b/api/datareading.go @@ -22,11 +22,11 @@ type DataReadingsPost struct { type DataReading struct { // ClusterID is optional as it can be inferred from the agent // token when using basic authentication. - ClusterID string `json:"cluster_id,omitempty"` - DataGatherer string `json:"data-gatherer"` - Timestamp Time `json:"timestamp"` - Data interface{} `json:"data"` - SchemaVersion string `json:"schema_version"` + ClusterID string `json:"cluster_id,omitempty"` + DataGatherer string `json:"data-gatherer"` + Timestamp Time `json:"timestamp"` + Data any `json:"data"` + SchemaVersion string `json:"schema_version"` } // UnmarshalJSON implements the json.Unmarshaler interface for DataReading. @@ -61,11 +61,11 @@ func (o *DataReading) UnmarshalJSON(data []byte) error { // Define a list of decoding attempts with prioritized types dataTypes := []struct { - target interface{} - assign func(interface{}) + target any + assign func(any) }{ - {&DiscoveryData{}, func(v interface{}) { o.Data = v.(*DiscoveryData) }}, - {&DynamicData{}, func(v interface{}) { o.Data = v.(*DynamicData) }}, + {&DiscoveryData{}, func(v any) { o.Data = v.(*DiscoveryData) }}, + {&DynamicData{}, func(v any) { o.Data = v.(*DynamicData) }}, } // Attempt to decode the Data field into each type @@ -82,7 +82,7 @@ func (o *DataReading) UnmarshalJSON(data []byte) error { // jsonUnmarshalStrict unmarshals JSON data into the provided interface, // disallowing unknown fields to ensure strict adherence to the expected structure. -func jsonUnmarshalStrict(data []byte, v interface{}) error { +func jsonUnmarshalStrict(data []byte, v any) error { decoder := json.NewDecoder(bytes.NewReader(data)) decoder.DisallowUnknownFields() return decoder.Decode(v) @@ -92,8 +92,8 @@ func jsonUnmarshalStrict(data []byte, v interface{}) error { type GatheredResource struct { // Resource is a reference to a k8s object that was found by the informer // should be of type unstructured.Unstructured, raw Object - Resource interface{} `json:"resource"` - DeletedAt Time `json:"deleted_at,omitempty"` + Resource any + DeletedAt Time } func (v GatheredResource) MarshalJSON() ([]byte, error) { @@ -103,8 +103,8 @@ func (v GatheredResource) MarshalJSON() ([]byte, error) { } data := struct { - Resource interface{} `json:"resource"` - DeletedAt string `json:"deleted_at,omitempty"` + Resource any `json:"resource"` + DeletedAt string `json:"deleted_at,omitempty"` }{ Resource: v.Resource, DeletedAt: dateString, @@ -116,7 +116,7 @@ func (v GatheredResource) MarshalJSON() ([]byte, error) { func (v *GatheredResource) UnmarshalJSON(data []byte) error { var tmpResource struct { Resource *unstructured.Unstructured `json:"resource"` - DeletedAt Time `json:"deleted_at,omitempty"` + DeletedAt Time `json:"deleted_at"` } d := json.NewDecoder(bytes.NewReader(data)) diff --git a/api/datareading_test.go b/api/datareading_test.go index c55ca034..9fa90b01 100644 --- a/api/datareading_test.go +++ b/api/datareading_test.go @@ -43,7 +43,7 @@ func TestDataReading_UnmarshalJSON(t *testing.T) { tests := []struct { name string input string - wantDataType interface{} + wantDataType any expectError string }{ { diff --git a/go.mod b/go.mod index 2eabd2f0..5ac5c6ca 100644 --- a/go.mod +++ b/go.mod @@ -16,13 +16,13 @@ require ( github.com/spf13/cobra v1.10.1 github.com/spf13/pflag v1.0.10 github.com/stretchr/testify v1.11.1 - golang.org/x/sync v0.17.0 + golang.org/x/sync v0.18.0 gopkg.in/yaml.v2 v2.4.0 - k8s.io/api v0.34.1 - k8s.io/apimachinery v0.34.1 - k8s.io/client-go v0.34.1 - k8s.io/component-base v0.34.1 - sigs.k8s.io/controller-runtime v0.22.3 + k8s.io/api v0.34.2 + k8s.io/apimachinery v0.34.2 + k8s.io/client-go v0.34.2 + k8s.io/component-base v0.34.2 + sigs.k8s.io/controller-runtime v0.22.4 sigs.k8s.io/yaml v1.6.0 ) diff --git a/go.sum b/go.sum index 13f8945b..dd68d0bb 100644 --- a/go.sum +++ b/go.sum @@ -246,8 +246,8 @@ golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKl golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.17.0 h1:l60nONMj9l5drqw6jlhIELNv9I0A4OFgRsG9k2oT9Ug= -golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= +golang.org/x/sync v0.18.0 h1:kr88TuHDroi+UVf+0hZnirlk8o8T+4MrK6mr60WkH/I= +golang.org/x/sync v0.18.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -297,18 +297,18 @@ gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/api v0.34.1 h1:jC+153630BMdlFukegoEL8E/yT7aLyQkIVuwhmwDgJM= -k8s.io/api v0.34.1/go.mod h1:SB80FxFtXn5/gwzCoN6QCtPD7Vbu5w2n1S0J5gFfTYk= +k8s.io/api v0.34.2 h1:fsSUNZhV+bnL6Aqrp6O7lMTy6o5x2C4XLjnh//8SLYY= +k8s.io/api v0.34.2/go.mod h1:MMBPaWlED2a8w4RSeanD76f7opUoypY8TFYkSM+3XHw= k8s.io/apiextensions-apiserver v0.34.1 h1:NNPBva8FNAPt1iSVwIE0FsdrVriRXMsaWFMqJbII2CI= k8s.io/apiextensions-apiserver v0.34.1/go.mod h1:hP9Rld3zF5Ay2Of3BeEpLAToP+l4s5UlxiHfqRaRcMc= -k8s.io/apimachinery v0.34.1 h1:dTlxFls/eikpJxmAC7MVE8oOeP1zryV7iRyIjB0gky4= -k8s.io/apimachinery v0.34.1/go.mod h1:/GwIlEcWuTX9zKIg2mbw0LRFIsXwrfoVxn+ef0X13lw= +k8s.io/apimachinery v0.34.2 h1:zQ12Uk3eMHPxrsbUJgNF8bTauTVR2WgqJsTmwTE/NW4= +k8s.io/apimachinery v0.34.2/go.mod h1:/GwIlEcWuTX9zKIg2mbw0LRFIsXwrfoVxn+ef0X13lw= k8s.io/apiserver v0.34.1 h1:U3JBGdgANK3dfFcyknWde1G6X1F4bg7PXuvlqt8lITA= k8s.io/apiserver v0.34.1/go.mod h1:eOOc9nrVqlBI1AFCvVzsob0OxtPZUCPiUJL45JOTBG0= -k8s.io/client-go v0.34.1 h1:ZUPJKgXsnKwVwmKKdPfw4tB58+7/Ik3CrjOEhsiZ7mY= -k8s.io/client-go v0.34.1/go.mod h1:kA8v0FP+tk6sZA0yKLRG67LWjqufAoSHA2xVGKw9Of8= -k8s.io/component-base v0.34.1 h1:v7xFgG+ONhytZNFpIz5/kecwD+sUhVE6HU7qQUiRM4A= -k8s.io/component-base v0.34.1/go.mod h1:mknCpLlTSKHzAQJJnnHVKqjxR7gBeHRv0rPXA7gdtQ0= +k8s.io/client-go v0.34.2 h1:Co6XiknN+uUZqiddlfAjT68184/37PS4QAzYvQvDR8M= +k8s.io/client-go v0.34.2/go.mod h1:2VYDl1XXJsdcAxw7BenFslRQX28Dxz91U9MWKjX97fE= +k8s.io/component-base v0.34.2 h1:HQRqK9x2sSAsd8+R4xxRirlTjowsg6fWCPwWYeSvogQ= +k8s.io/component-base v0.34.2/go.mod h1:9xw2FHJavUHBFpiGkZoKuYZ5pdtLKe97DEByaA+hHbM= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b h1:MloQ9/bdJyIu9lb1PzujOPolHyvO06MXG5TUIj2mNAA= @@ -317,8 +317,8 @@ k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 h1:SjGebBtkBqHFOli+05xYbK8YF1Dzk k8s.io/utils v0.0.0-20251002143259-bc988d571ff4/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.2 h1:jpcvIRr3GLoUoEKRkHKSmGjxb6lWwrBlJsXc+eUYQHM= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.2/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw= -sigs.k8s.io/controller-runtime v0.22.3 h1:I7mfqz/a/WdmDCEnXmSPm8/b/yRTy6JsKKENTijTq8Y= -sigs.k8s.io/controller-runtime v0.22.3/go.mod h1:+QX1XUpTXN4mLoblf4tqr5CQcyHPAki2HLXqQMY6vh8= +sigs.k8s.io/controller-runtime v0.22.4 h1:GEjV7KV3TY8e+tJ2LCTxUTanW4z/FmNB7l327UfMq9A= +sigs.k8s.io/controller-runtime v0.22.4/go.mod h1:+QX1XUpTXN4mLoblf4tqr5CQcyHPAki2HLXqQMY6vh8= sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE= sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU= diff --git a/internal/cyberark/servicediscovery/discovery.go b/internal/cyberark/servicediscovery/discovery.go index 5fc920f5..e838e507 100644 --- a/internal/cyberark/servicediscovery/discovery.go +++ b/internal/cyberark/servicediscovery/discovery.go @@ -58,15 +58,15 @@ func New(httpClient *http.Client) *Client { // DiscoveryResponse represents the full JSON response returned by the CyberArk api/tenant-discovery/public API // The API is documented here https://ca-il-confluence.il.cyber-ark.com/spaces/EV/pages/575618345/Updated+PD+APIs+doc type DiscoveryResponse struct { - Region string `json:"region"` - DRRegion string `json:"dr_region"` - Subdomain string `json:"subdomain"` - TenantID string `json:"tenant_id"` - PlatformID string `json:"platform_id"` - IdentityID string `json:"identity_id"` - DefaultURL string `json:"default_url"` - TenantFlags map[string]interface{} `json:"tenant_flags"` - Services []Service `json:"services"` + Region string `json:"region"` + DRRegion string `json:"dr_region"` + Subdomain string `json:"subdomain"` + TenantID string `json:"tenant_id"` + PlatformID string `json:"platform_id"` + IdentityID string `json:"identity_id"` + DefaultURL string `json:"default_url"` + TenantFlags map[string]any `json:"tenant_flags"` + Services []Service `json:"services"` } type Service struct { diff --git a/klone.yaml b/klone.yaml index 828480f6..8f93eb56 100644 --- a/klone.yaml +++ b/klone.yaml @@ -10,55 +10,55 @@ targets: - folder_name: generate-verify repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 3640ec2744eca6198a647fa0cd6ca09536aa4f8e + repo_hash: 4479013f57fb2f7f0f28b4e951dc1ba6e6badddc repo_path: modules/generate-verify - folder_name: go repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 3640ec2744eca6198a647fa0cd6ca09536aa4f8e + repo_hash: 4479013f57fb2f7f0f28b4e951dc1ba6e6badddc repo_path: modules/go - folder_name: helm repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 3640ec2744eca6198a647fa0cd6ca09536aa4f8e + repo_hash: 4479013f57fb2f7f0f28b4e951dc1ba6e6badddc repo_path: modules/helm - folder_name: help repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 3640ec2744eca6198a647fa0cd6ca09536aa4f8e + repo_hash: 4479013f57fb2f7f0f28b4e951dc1ba6e6badddc repo_path: modules/help - folder_name: kind repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 3640ec2744eca6198a647fa0cd6ca09536aa4f8e + repo_hash: 4479013f57fb2f7f0f28b4e951dc1ba6e6badddc repo_path: modules/kind - folder_name: klone repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 3640ec2744eca6198a647fa0cd6ca09536aa4f8e + repo_hash: 4479013f57fb2f7f0f28b4e951dc1ba6e6badddc repo_path: modules/klone - folder_name: licenses repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 3640ec2744eca6198a647fa0cd6ca09536aa4f8e + repo_hash: 4479013f57fb2f7f0f28b4e951dc1ba6e6badddc repo_path: modules/licenses - folder_name: oci-build repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 3640ec2744eca6198a647fa0cd6ca09536aa4f8e + repo_hash: 4479013f57fb2f7f0f28b4e951dc1ba6e6badddc repo_path: modules/oci-build - folder_name: oci-publish repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 3640ec2744eca6198a647fa0cd6ca09536aa4f8e + repo_hash: 4479013f57fb2f7f0f28b4e951dc1ba6e6badddc repo_path: modules/oci-publish - folder_name: repository-base repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 3640ec2744eca6198a647fa0cd6ca09536aa4f8e + repo_hash: 4479013f57fb2f7f0f28b4e951dc1ba6e6badddc repo_path: modules/repository-base - folder_name: tools repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 3640ec2744eca6198a647fa0cd6ca09536aa4f8e + repo_hash: 4479013f57fb2f7f0f28b4e951dc1ba6e6badddc repo_path: modules/tools diff --git a/make/_shared/go/.golangci.override.yaml b/make/_shared/go/.golangci.override.yaml index 5b209d87..bafd9073 100644 --- a/make/_shared/go/.golangci.override.yaml +++ b/make/_shared/go/.golangci.override.yaml @@ -45,6 +45,7 @@ linters: - makezero - mirror - misspell + - modernize - musttag - nakedret - nilerr @@ -69,10 +70,11 @@ formatters: enable: [ gci, gofmt ] settings: gci: + custom-order: true sections: - standard # Standard section: captures all standard packages. - default # Default section: contains all imports that could not be matched to another section type. - - prefix({{REPO-NAME}}) # Custom section: groups all imports with the specified Prefix. + - localmodule # Local module section: contains all local packages. This section is not present unless explicitly enabled. - blank # Blank section: contains all blank imports. This section is not present unless explicitly enabled. - dot # Dot section: contains all dot imports. This section is not present unless explicitly enabled. exclusions: diff --git a/make/_shared/go/01_mod.mk b/make/_shared/go/01_mod.mk index 2f053f69..2993456e 100644 --- a/make/_shared/go/01_mod.mk +++ b/make/_shared/go/01_mod.mk @@ -117,7 +117,6 @@ generate-golangci-lint-config: | $(NEEDS_GOLANGCI-LINT) $(NEEDS_YQ) $(bin_dir)/s cp $(golangci_lint_config) $(bin_dir)/scratch/golangci-lint.yaml.tmp $(YQ) -i 'del(.linters.enable)' $(bin_dir)/scratch/golangci-lint.yaml.tmp $(YQ) eval-all -i '. as $$item ireduce ({}; . * $$item)' $(bin_dir)/scratch/golangci-lint.yaml.tmp $(golangci_lint_override) - $(YQ) -i '(.. | select(tag == "!!str")) |= sub("{{REPO-NAME}}", "$(repo_name)")' $(bin_dir)/scratch/golangci-lint.yaml.tmp mv $(bin_dir)/scratch/golangci-lint.yaml.tmp $(golangci_lint_config) shared_generate_targets += generate-golangci-lint-config @@ -147,9 +146,9 @@ fix-golangci-lint: | $(NEEDS_GOLANGCI-LINT) $(NEEDS_YQ) $(NEEDS_GCI) $(bin_dir)/ @find . -name go.mod -not \( -path "./$(bin_dir)/*" -or -path "./make/_shared/*" \) \ | while read d; do \ target=$$(dirname $${d}); \ - echo "Running 'GOVERSION=$(VENDORED_GO_VERSION) $(bin_dir)/tools/golangci-lint fmt -c $(CURDIR)/$(golangci_lint_config)' in directory '$${target}'"; \ + echo "Running 'GOVERSION=$(VENDORED_GO_VERSION) $(bin_dir)/tools/golangci-lint run --fix -c $(CURDIR)/$(golangci_lint_config) --timeout $(golangci_lint_timeout)' in directory '$${target}'"; \ pushd "$${target}" >/dev/null; \ - GOVERSION=$(VENDORED_GO_VERSION) $(GOLANGCI-LINT) fmt -c $(CURDIR)/$(golangci_lint_config) || exit; \ + GOVERSION=$(VENDORED_GO_VERSION) $(GOLANGCI-LINT) run --fix -c $(CURDIR)/$(golangci_lint_config) --timeout $(golangci_lint_timeout) || exit; \ popd >/dev/null; \ echo ""; \ done diff --git a/make/_shared/licenses/01_mod.mk b/make/_shared/licenses/01_mod.mk index f5dd0529..e9e748c9 100644 --- a/make/_shared/licenses/01_mod.mk +++ b/make/_shared/licenses/01_mod.mk @@ -68,6 +68,7 @@ oci-license-layer-$1: | $(bin_dir)/scratch $(NEEDS_GO-LICENSES) cp $$(go_$1_mod_dir)/LICENSES $$(license_layer_path_$1)/licenses/LICENSES oci-build-$1: oci-license-layer-$1 +oci-build-$1__local: oci-license-layer-$1 oci_$1_additional_layers += $$(license_layer_path_$1) endef diff --git a/make/_shared/oci-build/00_mod.mk b/make/_shared/oci-build/00_mod.mk index 7f7ace41..a9c850f9 100644 --- a/make/_shared/oci-build/00_mod.mk +++ b/make/_shared/oci-build/00_mod.mk @@ -12,8 +12,6 @@ # See the License for the specific language governing permissions and # limitations under the License. -oci_platforms ?= linux/amd64,linux/arm/v7,linux/arm64,linux/ppc64le - # Use distroless as minimal base image to package the manager binary # To get latest SHA run "crane digest quay.io/jetstack/base-static:latest" base_image_static := quay.io/jetstack/base-static@sha256:1da2e7de36c9d7a1931d765e8054a3c9fe7ed5126bacf728bb7429e923386146 @@ -27,12 +25,12 @@ fatal_if_undefined = $(if $(findstring undefined,$(origin $1)),$(error $1 is not fatal_if_deprecated_defined = $(if $(findstring undefined,$(origin $1)),,$(error $1 is deprecated, use $2 instead)) # Validate globals that are required -$(call fatal_if_undefined,bin_dir) $(call fatal_if_undefined,build_names) # Set default config values CGO_ENABLED ?= 0 GOEXPERIMENT ?= # empty by default +oci_platforms ?= linux/amd64,linux/arm/v7,linux/arm64,linux/ppc64le # Default variables per build_names entry # @@ -41,6 +39,7 @@ define default_per_build_variables go_$1_cgo_enabled ?= $(CGO_ENABLED) go_$1_goexperiment ?= $(GOEXPERIMENT) go_$1_flags ?= -tags= +oci_$1_platforms ?= $(oci_platforms) oci_$1_additional_layers ?= oci_$1_linux_capabilities ?= oci_$1_build_args ?= @@ -98,7 +97,7 @@ ifeq ($(wildcard $(go_$1_mod_dir)/go.mod),) $$(error go_$1_mod_dir "$(go_$1_mod_dir)" does not contain a go.mod file) endif ifeq ($(wildcard $(go_$1_mod_dir)/$(go_$1_main_dir)/main.go),) -$$(error go_$1_main_dir "$(go_$1_mod_dir)" does not contain a main.go file) +$$(error go_$1_main_dir "$(go_$1_mod_dir)/$(go_$1_main_dir)" does not contain a main.go file) endif # Validate the config required to build OCI images @@ -106,6 +105,10 @@ ifneq ($(words $(oci_$1_image_name_development)),1) $$(error oci_$1_image_name_development "$(oci_$1_image_name_development)" should be a single image name) endif +# Validate that the build name does not end in __local +ifeq ($(1:%__local=__local),__local) +$$(error build_name "$1" SHOULD NOT end in __local) +endif endef $(foreach build_name,$(build_names),$(eval $(call check_per_build_variables,$(build_name)))) @@ -113,22 +116,20 @@ $(foreach build_name,$(build_names),$(eval $(call check_per_build_variables,$(bu # Create variables holding targets # # We create the following targets for each $(build_names) -# - oci-build-$(build_name) = build the oci directory +# - oci-build-$(build_name) = build the oci directory (multi-arch) +# - oci-build-$(build_name)__local = build the oci directory (local arch: linux/$(HOST_ARCH)) # - oci-load-$(build_name) = load the image into docker using the oci_$(build_name)_image_name_development variable # - docker-tarball-$(build_name) = build a "docker load" compatible tarball of the image -# - ko-config-$(build_name) = generate "ko" config for a given build oci_build_targets := $(build_names:%=oci-build-%) +oci_build_targets += $(build_names:%=oci-build-%__local) oci_load_targets := $(build_names:%=oci-load-%) docker_tarball_targets := $(build_names:%=docker-tarball-%) -ko_config_targets := $(build_names:%=ko-config-%) # Derive config based on user config # # - oci_layout_path_$(build_name) = path that the OCI image will be saved in OCI layout directory format # - oci_digest_path_$(build_name) = path to the file that will contain the digests -# - ko_config_path_$(build_name) = path to the ko config file # - docker_tarball_path_$(build_name) = path that the docker tarball that the docker-tarball-$(build_name) will produce $(foreach build_name,$(build_names),$(eval oci_layout_path_$(build_name) := $(bin_dir)/scratch/image/oci-layout-$(build_name))) $(foreach build_name,$(build_names),$(eval oci_digest_path_$(build_name) := $(CURDIR)/$(oci_layout_path_$(build_name)).digests)) -$(foreach build_name,$(build_names),$(eval ko_config_path_$(build_name) := $(CURDIR)/$(oci_layout_path_$(build_name)).ko_config.yaml)) $(foreach build_name,$(build_names),$(eval docker_tarball_path_$(build_name) := $(CURDIR)/$(oci_layout_path_$(build_name)).docker.tar)) diff --git a/make/_shared/oci-build/01_mod.mk b/make/_shared/oci-build/01_mod.mk index 726ad13c..026e46b8 100644 --- a/make/_shared/oci-build/01_mod.mk +++ b/make/_shared/oci-build/01_mod.mk @@ -15,57 +15,56 @@ $(bin_dir)/scratch/image: @mkdir -p $@ -define ko_config_target -.PHONY: $(ko_config_path_$1:$(CURDIR)/%=%) -$(ko_config_path_$1:$(CURDIR)/%=%): | $(NEEDS_YQ) $(bin_dir)/scratch/image +.PHONY: $(oci_build_targets) +## Build the OCI image. +## - oci-build-$(build_name) = build the oci directory (multi-arch) +## - oci-build-$(build_name)__local = build the oci directory (local arch: linux/$(HOST_ARCH)) +## @category [shared] Build +$(oci_build_targets): oci-build-%: | $(NEEDS_KO) $(NEEDS_GO) $(NEEDS_YQ) $(NEEDS_IMAGE-TOOL) $(bin_dir)/scratch/image + $(eval a := $(patsubst %__local,%,$*)) + $(eval is_local := $(if $(findstring $a__local,$*),true)) + $(eval layout_path := $(if $(is_local),$(oci_layout_path_$a).local,$(oci_layout_path_$a))) + $(eval digest_path := $(if $(is_local),$(oci_digest_path_$a).local,$(oci_digest_path_$a))) + + rm -rf $(CURDIR)/$(layout_path) + echo '{}' | \ - $(YQ) '.defaultBaseImage = "$(oci_$1_base_image)"' | \ - $(YQ) '.builds[0].id = "$1"' | \ - $(YQ) '.builds[0].dir = "$(go_$1_mod_dir)"' | \ - $(YQ) '.builds[0].main = "$(go_$1_main_dir)"' | \ - $(YQ) '.builds[0].env[0] = "CGO_ENABLED=$(go_$1_cgo_enabled)"' | \ - $(YQ) '.builds[0].env[1] = "GOEXPERIMENT=$(go_$1_goexperiment)"' | \ + $(YQ) '.defaultBaseImage = "$(oci_$a_base_image)"' | \ + $(YQ) '.builds[0].id = "$a"' | \ + $(YQ) '.builds[0].dir = "$(go_$a_mod_dir)"' | \ + $(YQ) '.builds[0].main = "$(go_$a_main_dir)"' | \ + $(YQ) '.builds[0].env[0] = "CGO_ENABLED=$(go_$a_cgo_enabled)"' | \ + $(YQ) '.builds[0].env[1] = "GOEXPERIMENT=$(go_$a_goexperiment)"' | \ $(YQ) '.builds[0].ldflags[0] = "-s"' | \ $(YQ) '.builds[0].ldflags[1] = "-w"' | \ $(YQ) '.builds[0].ldflags[2] = "{{.Env.LDFLAGS}}"' | \ - $(YQ) '.builds[0].flags[0] = "$(go_$1_flags)"' | \ - $(YQ) '.builds[0].linux_capabilities = "$(oci_$1_linux_capabilities)"' \ - > $(CURDIR)/$(oci_layout_path_$1).ko_config.yaml + $(YQ) '.builds[0].flags[0] = "$(go_$a_flags)"' | \ + $(YQ) '.builds[0].linux_capabilities = "$(oci_$a_linux_capabilities)"' \ + > $(CURDIR)/$(layout_path).ko_config.yaml -ko-config-$1: $(ko_config_path_$1:$(CURDIR)/%=%) -endef - -.PHONY: $(ko_config_targets) -$(foreach build_name,$(build_names),$(eval $(call ko_config_target,$(build_name)))) - -.PHONY: $(oci_build_targets) -## Build the OCI image. -## @category [shared] Build -$(oci_build_targets): oci-build-%: ko-config-% | $(NEEDS_KO) $(NEEDS_GO) $(NEEDS_YQ) $(NEEDS_IMAGE-TOOL) $(bin_dir)/scratch/image - rm -rf $(CURDIR)/$(oci_layout_path_$*) GOWORK=off \ - KO_DOCKER_REPO=$(oci_$*_image_name_development) \ + KO_DOCKER_REPO=$(oci_$a_image_name_development) \ KOCACHE=$(CURDIR)/$(bin_dir)/scratch/image/ko_cache \ - KO_CONFIG_PATH=$(ko_config_path_$*) \ + KO_CONFIG_PATH=$(CURDIR)/$(layout_path).ko_config.yaml \ SOURCE_DATE_EPOCH=$(GITEPOCH) \ KO_GO_PATH=$(GO) \ - LDFLAGS="$(go_$*_ldflags)" \ - $(KO) build $(go_$*_mod_dir)/$(go_$*_main_dir) \ - --platform=$(oci_platforms) \ - $(oci_$*_build_args) \ - --oci-layout-path=$(oci_layout_path_$*) \ - --sbom-dir=$(CURDIR)/$(oci_layout_path_$*).sbom \ + LDFLAGS="$(go_$a_ldflags)" \ + $(KO) build $(go_$a_mod_dir)/$(go_$a_main_dir) \ + --platform=$(if $(is_local),linux/$(HOST_ARCH),$(oci_$a_platforms)) \ + $(oci_$a_build_args) \ + --oci-layout-path=$(layout_path) \ + --sbom-dir=$(CURDIR)/$(layout_path).sbom \ --sbom=spdx \ --push=false \ --bare $(IMAGE-TOOL) append-layers \ - $(CURDIR)/$(oci_layout_path_$*) \ - $(oci_$*_additional_layers) + $(CURDIR)/$(layout_path) \ + $(oci_$a_additional_layers) $(IMAGE-TOOL) list-digests \ - $(CURDIR)/$(oci_layout_path_$*) \ - > $(oci_digest_path_$*) + $(CURDIR)/$(layout_path) \ + > $(digest_path) # Only include the oci-load target if kind is provided by the kind makefile-module ifdef kind_cluster_name @@ -80,6 +79,5 @@ endif ## Build Docker tarball image for the local architecture ## @category [shared] Build .PHONY: $(docker_tarball_targets) -$(docker_tarball_targets): oci_platforms := "linux/$(HOST_ARCH)" -$(docker_tarball_targets): docker-tarball-%: oci-build-% | $(NEEDS_GO) $(NEEDS_IMAGE-TOOL) - $(IMAGE-TOOL) convert-to-docker-tar $(CURDIR)/$(oci_layout_path_$*) $(docker_tarball_path_$*) $(oci_$*_image_name_development):$(oci_$*_image_tag) +$(docker_tarball_targets): docker-tarball-%: oci-build-%__local | $(NEEDS_GO) $(NEEDS_IMAGE-TOOL) + $(IMAGE-TOOL) convert-to-docker-tar $(CURDIR)/$(oci_layout_path_$*).local $(docker_tarball_path_$*) $(oci_$*_image_name_development):$(oci_$*_image_tag) diff --git a/make/_shared/repository-base/base/.github/workflows/make-self-upgrade.yaml b/make/_shared/repository-base/base/.github/workflows/make-self-upgrade.yaml index 3d5e8d1a..1850dbc7 100644 --- a/make/_shared/repository-base/base/.github/workflows/make-self-upgrade.yaml +++ b/make/_shared/repository-base/base/.github/workflows/make-self-upgrade.yaml @@ -32,7 +32,7 @@ jobs: exit 1 - name: Octo STS Token Exchange - uses: octo-sts/action@a26b0c6455c7f13316f29a8766287f939e75f6c8 # v1.0.2 + uses: octo-sts/action@d6c70ad3b9ac85df6da6b9749014d7283987cfec # v1.0.3 id: octo-sts with: scope: '{{REPLACE:GH-REPOSITORY}}' diff --git a/make/_shared/repository-base/base/.github/workflows/renovate.yaml b/make/_shared/repository-base/base/.github/workflows/renovate.yaml index a5b29d9b..95b8fa28 100644 --- a/make/_shared/repository-base/base/.github/workflows/renovate.yaml +++ b/make/_shared/repository-base/base/.github/workflows/renovate.yaml @@ -27,7 +27,7 @@ jobs: exit 1 - name: Octo STS Token Exchange - uses: octo-sts/action@a26b0c6455c7f13316f29a8766287f939e75f6c8 # v1.0.2 + uses: octo-sts/action@d6c70ad3b9ac85df6da6b9749014d7283987cfec # v1.0.3 id: octo-sts with: scope: '{{REPLACE:GH-REPOSITORY}}' @@ -50,7 +50,7 @@ jobs: go-version: ${{ steps.go-version.outputs.result }} - name: Self-hosted Renovate - uses: renovatebot/github-action@70ea19f1b0dc8a9cc7af1b4278f8d3fd9778b577 # v43.0.17 + uses: renovatebot/github-action@c5fdc9f98fdf9e9bb16b5760f7e560256eb79326 # v44.0.2 with: configurationFile: .github/renovate.json5 token: ${{ steps.octo-sts.outputs.token }} diff --git a/make/_shared/tools/00_mod.mk b/make/_shared/tools/00_mod.mk index 48bf1154..d7e4821a 100644 --- a/make/_shared/tools/00_mod.mk +++ b/make/_shared/tools/00_mod.mk @@ -62,31 +62,31 @@ NEEDS_CTR = __require-ctr tools := # https://github.com/helm/helm/releases # renovate: datasource=github-releases packageName=helm/helm -tools += helm=v3.19.0 +tools += helm=v3.19.2 # https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl # renovate: datasource=github-releases packageName=kubernetes/kubernetes -tools += kubectl=v1.34.1 +tools += kubectl=v1.34.2 # https://github.com/kubernetes-sigs/kind/releases # renovate: datasource=github-releases packageName=kubernetes-sigs/kind tools += kind=v0.30.0 # https://www.vaultproject.io/downloads # renovate: datasource=github-releases packageName=hashicorp/vault -tools += vault=v1.20.4 +tools += vault=v1.21.0 # https://github.com/Azure/azure-workload-identity/releases # renovate: datasource=github-releases packageName=Azure/azure-workload-identity tools += azwi=v1.5.1 # https://github.com/kyverno/kyverno/releases # renovate: datasource=github-releases packageName=kyverno/kyverno -tools += kyverno=v1.15.2 +tools += kyverno=v1.16.0 # https://github.com/mikefarah/yq/releases # renovate: datasource=github-releases packageName=mikefarah/yq -tools += yq=v4.48.1 +tools += yq=v4.48.2 # https://github.com/ko-build/ko/releases # renovate: datasource=github-releases packageName=ko-build/ko tools += ko=0.18.0 # https://github.com/protocolbuffers/protobuf/releases # renovate: datasource=github-releases packageName=protocolbuffers/protobuf -tools += protoc=v32.1 +tools += protoc=v33.1 # https://github.com/aquasecurity/trivy/releases # renovate: datasource=github-releases packageName=aquasecurity/trivy tools += trivy=v0.67.2 @@ -95,10 +95,10 @@ tools += trivy=v0.67.2 tools += ytt=v0.52.1 # https://github.com/rclone/rclone/releases # renovate: datasource=github-releases packageName=rclone/rclone -tools += rclone=v1.71.1 +tools += rclone=v1.71.2 # https://github.com/istio/istio/releases # renovate: datasource=github-releases packageName=istio/istio -tools += istioctl=1.27.2 +tools += istioctl=1.28.0 ### go packages # https://pkg.go.dev/sigs.k8s.io/controller-tools/cmd/controller-gen?tab=versions @@ -106,7 +106,7 @@ tools += istioctl=1.27.2 tools += controller-gen=v0.19.0 # https://pkg.go.dev/golang.org/x/tools/cmd/goimports?tab=versions # renovate: datasource=go packageName=golang.org/x/tools -tools += goimports=v0.38.0 +tools += goimports=v0.39.0 # https://pkg.go.dev/github.com/google/go-licenses/v2?tab=versions # renovate: datasource=go packageName=github.com/inteon/go-licenses/v2 tools += go-licenses=v2.0.0-20250821024731-e4be79958780 @@ -115,7 +115,7 @@ tools += go-licenses=v2.0.0-20250821024731-e4be79958780 tools += gotestsum=v1.13.0 # https://pkg.go.dev/sigs.k8s.io/kustomize/kustomize/v5?tab=versions # renovate: datasource=go packageName=sigs.k8s.io/kustomize/kustomize/v5 -tools += kustomize=v5.7.1 +tools += kustomize=v5.8.0 # https://pkg.go.dev/github.com/itchyny/gojq?tab=versions # renovate: datasource=go packageName=github.com/itchyny/gojq tools += gojq=v0.12.17 @@ -149,10 +149,10 @@ tools += ginkgo=$(detected_ginkgo_version) tools += klone=v0.2.0 # https://pkg.go.dev/github.com/goreleaser/goreleaser/v2?tab=versions # renovate: datasource=go packageName=github.com/goreleaser/goreleaser/v2 -tools += goreleaser=v2.12.5 +tools += goreleaser=v2.12.7 # https://pkg.go.dev/github.com/anchore/syft/cmd/syft?tab=versions # renovate: datasource=go packageName=github.com/anchore/syft -tools += syft=v1.33.0 +tools += syft=v1.37.0 # https://github.com/cert-manager/helm-tool/releases # renovate: datasource=github-releases packageName=cert-manager/helm-tool tools += helm-tool=v0.5.3 @@ -167,16 +167,16 @@ tools += cmctl=v2.3.0 tools += cmrel=v1.12.15-0.20241121151736-e3cbe5171488 # https://pkg.go.dev/github.com/golangci/golangci-lint/v2/cmd/golangci-lint?tab=versions # renovate: datasource=go packageName=github.com/golangci/golangci-lint/v2 -tools += golangci-lint=v2.5.0 +tools += golangci-lint=v2.6.2 # https://pkg.go.dev/golang.org/x/vuln?tab=versions # renovate: datasource=go packageName=golang.org/x/vuln tools += govulncheck=v1.1.4 # https://github.com/operator-framework/operator-sdk/releases # renovate: datasource=github-releases packageName=operator-framework/operator-sdk -tools += operator-sdk=v1.41.1 +tools += operator-sdk=v1.42.0 # https://pkg.go.dev/github.com/cli/cli/v2?tab=versions # renovate: datasource=go packageName=github.com/cli/cli/v2 -tools += gh=v2.81.0 +tools += gh=v2.83.1 # https://github.com/redhat-openshift-ecosystem/openshift-preflight/releases # renovate: datasource=github-releases packageName=redhat-openshift-ecosystem/openshift-preflight tools += preflight=1.14.1 @@ -185,7 +185,7 @@ tools += preflight=1.14.1 tools += gci=v0.13.7 # https://github.com/google/yamlfmt/releases # renovate: datasource=github-releases packageName=google/yamlfmt -tools += yamlfmt=v0.17.2 +tools += yamlfmt=v0.20.0 # https://github.com/yannh/kubeconform/releases # renovate: datasource=github-releases packageName=yannh/kubeconform tools += kubeconform=v0.7.0 @@ -193,7 +193,7 @@ tools += kubeconform=v0.7.0 # FIXME(erikgb): cert-manager needs the ability to override the version set here # https://pkg.go.dev/k8s.io/code-generator/cmd?tab=versions # renovate: datasource=go packageName=k8s.io/code-generator -K8S_CODEGEN_VERSION ?= v0.34.1 +K8S_CODEGEN_VERSION ?= v0.34.2 tools += client-gen=$(K8S_CODEGEN_VERSION) tools += deepcopy-gen=$(K8S_CODEGEN_VERSION) tools += informer-gen=$(K8S_CODEGEN_VERSION) @@ -217,7 +217,7 @@ tools += $(ADDITIONAL_TOOLS) # https://go.dev/dl/ # renovate: datasource=golang-version packageName=go -VENDORED_GO_VERSION := 1.25.3 +VENDORED_GO_VERSION := 1.25.4 # Print the go version which can be used in GH actions .PHONY: print-go-version @@ -440,10 +440,10 @@ $(call for_each_kv,go_dependency,$(go_dependencies)) # File downloads # ################## -go_linux_amd64_SHA256SUM=0335f314b6e7bfe08c3d0cfaa7c19db961b7b99fb20be62b0a826c992ad14e0f -go_linux_arm64_SHA256SUM=1d42ebc84999b5e2069f5e31b67d6fc5d67308adad3e178d5a2ee2c9ff2001f5 -go_darwin_amd64_SHA256SUM=1641050b422b80dfd6299f8aa7eb8798d1cd23eac7e79f445728926e881b7bcd -go_darwin_arm64_SHA256SUM=7c083e3d2c00debfeb2f77d9a4c00a1aac97113b89b9ccc42a90487af3437382 +go_linux_amd64_SHA256SUM=9fa5ffeda4170de60f67f3aa0f824e426421ba724c21e133c1e35d6159ca1bec +go_linux_arm64_SHA256SUM=a68e86d4b72c2c2fecf7dfed667680b6c2a071221bbdb6913cf83ce3f80d9ff0 +go_darwin_amd64_SHA256SUM=33ba03ff9973f5bd26d516eea35328832a9525ecc4d169b15937ffe2ce66a7d8 +go_darwin_arm64_SHA256SUM=c1b04e74251fe1dfbc5382e73d0c6d96f49642d8aebb7ee10a7ecd4cae36ebd2 .PRECIOUS: $(DOWNLOAD_DIR)/tools/go@$(VENDORED_GO_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz $(DOWNLOAD_DIR)/tools/go@$(VENDORED_GO_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz: | $(DOWNLOAD_DIR)/tools @@ -451,10 +451,10 @@ $(DOWNLOAD_DIR)/tools/go@$(VENDORED_GO_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz: $(CURL) https://go.dev/dl/go$(VENDORED_GO_VERSION).$(HOST_OS)-$(HOST_ARCH).tar.gz -o $(outfile); \ $(checkhash_script) $(outfile) $(go_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM) -helm_linux_amd64_SHA256SUM=a7f81ce08007091b86d8bd696eb4d86b8d0f2e1b9f6c714be62f82f96a594496 -helm_linux_arm64_SHA256SUM=440cf7add0aee27ebc93fada965523c1dc2e0ab340d4348da2215737fc0d76ad -helm_darwin_amd64_SHA256SUM=09a108c0abda42e45af172be65c49125354bf7cd178dbe10435e94540e49c7b9 -helm_darwin_arm64_SHA256SUM=31513e1193da4eb4ae042eb5f98ef9aca7890cfa136f4707c8d4f70e2115bef6 +helm_linux_amd64_SHA256SUM=2114c9dea2844dce6d0ee2d792a9aae846be8cf53d5b19dc2988b5a0e8fec26e +helm_linux_arm64_SHA256SUM=566e9f3a5a83a81e4b03503ae37e368edd52d699619e8a9bb1fdf21561ae0e88 +helm_darwin_amd64_SHA256SUM=7ef4416cdef4c2d78a09e1c8f07a51e945dc0343c883a46b1f628deab52690b7 +helm_darwin_arm64_SHA256SUM=f0847f899479b66a6dd8d9fcd452e8db2562e4cf3f7de28103f9fcf2b824f1d5 .PRECIOUS: $(DOWNLOAD_DIR)/tools/helm@$(HELM_VERSION)_$(HOST_OS)_$(HOST_ARCH) $(DOWNLOAD_DIR)/tools/helm@$(HELM_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools @@ -465,10 +465,10 @@ $(DOWNLOAD_DIR)/tools/helm@$(HELM_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD chmod +x $(outfile); \ rm -f $(outfile).tar.gz -kubectl_linux_amd64_SHA256SUM=7721f265e18709862655affba5343e85e1980639395d5754473dafaadcaa69e3 -kubectl_linux_arm64_SHA256SUM=420e6110e3ba7ee5a3927b5af868d18df17aae36b720529ffa4e9e945aa95450 -kubectl_darwin_amd64_SHA256SUM=bb211f2b31f2b3bc60562b44cc1e3b712a16a98e9072968ba255beb04cefcfdf -kubectl_darwin_arm64_SHA256SUM=d80e5fa36f2b14005e5bb35d3a72818acb1aea9a081af05340a000e5fbdb2f76 +kubectl_linux_amd64_SHA256SUM=9591f3d75e1581f3f7392e6ad119aab2f28ae7d6c6e083dc5d22469667f27253 +kubectl_linux_arm64_SHA256SUM=95df604e914941f3172a93fa8feeb1a1a50f4011dfbe0c01e01b660afc8f9b85 +kubectl_darwin_amd64_SHA256SUM=d2a71bb7dd7238287f2ba4efefbad4f98584170063f7d9e6c842f772d9255d45 +kubectl_darwin_arm64_SHA256SUM=8f38d3a38ae317b00ebf90254dc274dd28d8c6eea4a4b30c5cb12d3d27017b6d .PRECIOUS: $(DOWNLOAD_DIR)/tools/kubectl@$(KUBECTL_VERSION)_$(HOST_OS)_$(HOST_ARCH) $(DOWNLOAD_DIR)/tools/kubectl@$(KUBECTL_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools @@ -489,17 +489,17 @@ $(DOWNLOAD_DIR)/tools/kind@$(KIND_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD $(checkhash_script) $(outfile) $(kind_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ chmod +x $(outfile) -vault_linux_amd64_SHA256SUM=fc5fb5d01d192f1216b139fb5c6af17e3af742aaeffc289fd861920ec55f2c9c -vault_linux_arm64_SHA256SUM=d1e9548efd89e772b6be9dc37914579cabd86362779b7239d2d769cfb601d835 -vault_darwin_amd64_SHA256SUM=0abe8673c442710795b0182c382dd5347b961d2c0d548742813b3ecbe15bf7cc -vault_darwin_arm64_SHA256SUM=cca50f328a44e025205047d480bead1460012ecd82fa78387c7b5af0bae59d02 +vault_linux_amd64_SHA256SUM=5a91c93a9949ed8863ee4b91cfc30640bc49ab04225f0b1c5a0650c4d6e10171 +vault_linux_arm64_SHA256SUM=0083b02005ad89f6a01773866c6a892194ba27867b5f26ee374a0dfbbfb84c07 +vault_darwin_amd64_SHA256SUM=2e00e327be8141751f7bcc840aad93c8a5428908a4131f17d02d22eab444bcf2 +vault_darwin_arm64_SHA256SUM=fd1b26fcbc78c04c2d76d35a13a9564d450074f2547871b2046ddb95bbd7ea9c .PRECIOUS: $(DOWNLOAD_DIR)/tools/vault@$(VAULT_VERSION)_$(HOST_OS)_$(HOST_ARCH) $(DOWNLOAD_DIR)/tools/vault@$(VAULT_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools @source $(lock_script) $@; \ $(CURL) https://releases.hashicorp.com/vault/$(VAULT_VERSION:v%=%)/vault_$(VAULT_VERSION:v%=%)_$(HOST_OS)_$(HOST_ARCH).zip -o $(outfile).zip; \ $(checkhash_script) $(outfile).zip $(vault_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ - unzip -qq -c $(outfile).zip > $(outfile); \ + unzip -p $(outfile).zip vault > $(outfile); \ chmod +x $(outfile); \ rm -f $(outfile).zip @@ -535,10 +535,10 @@ $(DOWNLOAD_DIR)/tools/kube-apiserver@$(KUBEBUILDER_ASSETS_VERSION)_$(HOST_OS)_$( @source $(lock_script) $@; \ tar xfO $< controller-tools/envtest/kube-apiserver > $(outfile) && chmod 775 $(outfile) -kyverno_linux_amd64_SHA256SUM=c90520ba24fb8b8df003ec22d6d2621e4a3d3c7497665fdcf84e9eab4ff1dfe0 -kyverno_linux_arm64_SHA256SUM=3d9b2465d09d2d251b42a8de92531cf00ecef4afc1e74ea6af01498f6a8b8c80 -kyverno_darwin_amd64_SHA256SUM=bf6348d84ef0ee487b3476db03217d24e6e980ceaea35248932f6e96ffb6d0c8 -kyverno_darwin_arm64_SHA256SUM=217af6bc2fc21006dd243101db64a48436c01a63092feabb3d994e286d64d4b1 +kyverno_linux_amd64_SHA256SUM=edb9ec84406704a39e6eced5089df2da75c81dde3d8422255af294bd5e0bc52f +kyverno_linux_arm64_SHA256SUM=c7897ad466917f0c5a3cc5bb39142929388f739e20bb9e7e3cd422ef90214973 +kyverno_darwin_amd64_SHA256SUM=c6f7052569527498728d8c19551fa985378107c785391c6d601d1aa452bbb101 +kyverno_darwin_arm64_SHA256SUM=cac8aefd5de5e23431dc8f1a7d0acf8233ce66462446f23f2d5575cafedcf7b8 .PRECIOUS: $(DOWNLOAD_DIR)/tools/kyverno@$(KYVERNO_VERSION)_$(HOST_OS)_$(HOST_ARCH) $(DOWNLOAD_DIR)/tools/kyverno@$(KYVERNO_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools @@ -551,10 +551,10 @@ $(DOWNLOAD_DIR)/tools/kyverno@$(KYVERNO_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DO chmod +x $(outfile); \ rm -f $(outfile).tar.gz -yq_linux_amd64_SHA256SUM=99df6047f5b577a9d25f969f7c3823ada3488de2e2115b30a0abb10d9324fd9f -yq_linux_arm64_SHA256SUM=0e46b5b926a9e57c526fa2bd8f8e38b7e17fbf6e2403ff1741f3b268e3363a9e -yq_darwin_amd64_SHA256SUM=c93d5e5880c78e22aec4efc1d719751b60f9adc49b2735a8009916581b8457c2 -yq_darwin_arm64_SHA256SUM=05e19db817704d945f28f73763cc2b3c5142ef114a991f57b83bd034c2b86646 +yq_linux_amd64_SHA256SUM=0ffc35320180d4911bc3a772934da508715e08af444cb33d4d43660065e25bcc +yq_linux_arm64_SHA256SUM=3c21630fda217239a5b7d718d08f08e02503098230b3abd49195d315a6dcfe45 +yq_darwin_amd64_SHA256SUM=ca06dea96304cbfb1482a177e41e535c87d721f45c553873c97f51c339767c40 +yq_darwin_arm64_SHA256SUM=b3a77a428fda2daced121c937be7f5dfb8107fc62ec506064f1d23bc09415dcb .PRECIOUS: $(DOWNLOAD_DIR)/tools/yq@$(YQ_VERSION)_$(HOST_OS)_$(HOST_ARCH) $(DOWNLOAD_DIR)/tools/yq@$(YQ_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools @@ -580,10 +580,10 @@ $(DOWNLOAD_DIR)/tools/ko@$(KO_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR chmod +x $(outfile); \ rm -f $(outfile).tar.gz -protoc_linux_amd64_SHA256SUM=e9c129c176bb7df02546c4cd6185126ca53c89e7d2f09511e209319704b5dd7e -protoc_linux_arm64_SHA256SUM=4a802ed23d70f7bad7eb19e5a3e724b3aa967250d572cadfd537c1ba939aee6a -protoc_darwin_amd64_SHA256SUM=f9caa5b4d0b537acffb0ffd7d53225511a5574ef903fca550ea9e7600987f13b -protoc_darwin_arm64_SHA256SUM=a7b51b2113862690fa52c62f8891a6037bafb9db88d4f9924c486de9d9bb89d5 +protoc_linux_amd64_SHA256SUM=f3340e28a83d1c637d8bafdeed92b9f7db6a384c26bca880a6e5217b40a4328b +protoc_linux_arm64_SHA256SUM=6018147740548e0e0f764408c87f4cd040e6e1c1203e13aeacaf811892b604f3 +protoc_darwin_amd64_SHA256SUM=e20b5f930e886da85e7402776a4959efb1ed60c57e72794bcade765e67abaa82 +protoc_darwin_arm64_SHA256SUM=db7e66ff7f9080614d0f5505a6b0ac488cf89a15621b6a361672d1332ec2e14e .PRECIOUS: $(DOWNLOAD_DIR)/tools/protoc@$(PROTOC_VERSION)_$(HOST_OS)_$(HOST_ARCH) $(DOWNLOAD_DIR)/tools/protoc@$(PROTOC_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools @@ -593,7 +593,7 @@ $(DOWNLOAD_DIR)/tools/protoc@$(PROTOC_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWN @source $(lock_script) $@; \ $(CURL) https://github.com/protocolbuffers/protobuf/releases/download/$(PROTOC_VERSION)/protoc-$(PROTOC_VERSION:v%=%)-$(OS)-$(ARCH).zip -o $(outfile).zip; \ $(checkhash_script) $(outfile).zip $(protoc_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ - unzip -qq -c $(outfile).zip bin/protoc > $(outfile); \ + unzip -p $(outfile).zip bin/protoc > $(outfile); \ chmod +x $(outfile); \ rm -f $(outfile).zip @@ -626,10 +626,10 @@ $(DOWNLOAD_DIR)/tools/ytt@$(YTT_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_D $(checkhash_script) $(outfile) $(ytt_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ chmod +x $(outfile) -rclone_linux_amd64_SHA256SUM=417e3da236f3a12d292da4e7287d67b1df558b8c2b280d092e563958ed724be7 -rclone_linux_arm64_SHA256SUM=cd0eb0d6faf1fdb697f191a316bbc6552770fafa097baf326ce61c04ab89f783 -rclone_darwin_amd64_SHA256SUM=a2d635ef69785c889381460a16ef20255b07ef17a67c84c81fb4cb8aaf1a280f -rclone_darwin_arm64_SHA256SUM=8b7a2c57680d769e33d8616cabc214831d3bddcdb4da0d40a263ede63b15acce +rclone_linux_amd64_SHA256SUM=ab9fa5877cee91c64fdfd61a27028a458cf618b39259e5c371dc2ec34a12e415 +rclone_linux_arm64_SHA256SUM=e2e2efc7ed143026352d60216ef0d46d3fa4fe9d647eff1bd929e6fea498e6f1 +rclone_darwin_amd64_SHA256SUM=37e50641cd736de296b8aca8149e607b9923b357d79abb902e89c4cdb1fcc790 +rclone_darwin_arm64_SHA256SUM=d1cea838b618f9b4f15984748502232684e92ff0b90e3c4c8bd91ac21f4d8695 .PRECIOUS: $(DOWNLOAD_DIR)/tools/rclone@$(RCLONE_VERSION)_$(HOST_OS)_$(HOST_ARCH) $(DOWNLOAD_DIR)/tools/rclone@$(RCLONE_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools @@ -642,10 +642,10 @@ $(DOWNLOAD_DIR)/tools/rclone@$(RCLONE_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWN chmod +x $(outfile); \ rm -f $(outfile).zip -istioctl_linux_amd64_SHA256SUM=e93a206f32f2cf382753c180d6fb7cbeb96298a05d99d6e7fea85d19e6c768b3 -istioctl_linux_arm64_SHA256SUM=cb9f43bdfd4a5e1068ff438fcdf6f50c51dceef6384b58bb45f80dbbcca22e3c -istioctl_darwin_amd64_SHA256SUM=0c4ec20d9f72cbe2f8ae76ac3197441d0646d66784c3f54197313921c36e771b -istioctl_darwin_arm64_SHA256SUM=5ca15663df4ddef6e37358a09256ebf383c6109f32a40438331d5c5a9f1a7728 +istioctl_linux_amd64_SHA256SUM=31ba3429f6527e085a5b3630bb732f876e8ff8a433947abae2cdd886c9e59271 +istioctl_linux_arm64_SHA256SUM=f1eff3bcc86dcd72ee473d8a7fbfe9eafd2337b946c9c3fd40f0c9d0e20e2561 +istioctl_darwin_amd64_SHA256SUM=5cbe5c4bf72bf5e447d39626d69874e25b96578a19c40c420ec9af09eae71ccd +istioctl_darwin_arm64_SHA256SUM=593f8d58571ff4cddcd069041d2c398da4e0d6fc8055890715cad95feec09aeb .PRECIOUS: $(DOWNLOAD_DIR)/tools/istioctl@$(ISTIOCTL_VERSION)_$(HOST_OS)_$(HOST_ARCH) $(DOWNLOAD_DIR)/tools/istioctl@$(ISTIOCTL_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools @@ -670,10 +670,10 @@ $(DOWNLOAD_DIR)/tools/preflight@$(PREFLIGHT_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(checkhash_script) $(outfile) $(preflight_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ chmod +x $(outfile) -operator-sdk_linux_amd64_SHA256SUM=348284cbd5298f70e2b0a01f9f86820a3149aa6e7e19272e886a9d5769c7fb69 -operator-sdk_linux_arm64_SHA256SUM=719e5565cb11895995284d236e94bc14af0c9e7c96954ce4f30f450d8c86995e -operator-sdk_darwin_amd64_SHA256SUM=d1d55418a37f142913b7155cfdd16416aeaa657eb25e27644bd37a91451f7751 -operator-sdk_darwin_arm64_SHA256SUM=e9f3bdc229697a30f725ffa5bbb15ee59ca7eba6e6f58b3028bf940903ed0df6 +operator-sdk_linux_amd64_SHA256SUM=5b730c233dbc8da816dde11ac96ff538929cb9a11aca93cb98d68fe63e89303a +operator-sdk_linux_arm64_SHA256SUM=36ccecbfe6b4f22ca13bb6ae32d5f131f845357b51cabc01381a98a245ea8a37 +operator-sdk_darwin_amd64_SHA256SUM=2a2b03ae4e54d6e7fba42f89b7bdb366cf76ad33ce39967bde5775fbd0c0dba8 +operator-sdk_darwin_arm64_SHA256SUM=57d68ba70d8db64bc7f5bfa754623e0a08f81f85104254aff3774fd3baf88662 .PRECIOUS: $(DOWNLOAD_DIR)/tools/operator-sdk@$(OPERATOR-SDK_VERSION)_$(HOST_OS)_$(HOST_ARCH) $(DOWNLOAD_DIR)/tools/operator-sdk@$(OPERATOR-SDK_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools @@ -707,12 +707,12 @@ endif non_go_tool_names := $(filter-out $(go_tool_names),$(tool_names)) .PHONY: non-go-tools -## Download and setup all Go tools +## Download and setup all Non-Go tools ## @category [shared] Tools non-go-tools: $(non_go_tool_names:%=$(bin_dir)/tools/%) .PHONY: go-tools -## Download and setup all Non-Go tools +## Download and setup all Go tools ## NOTE: this target is also used to learn the shas of ## these tools (see scripts/learn_tools_shas.sh in the ## Makefile modules repo) diff --git a/pkg/agent/config.go b/pkg/agent/config.go index 624f80b5..06474a19 100644 --- a/pkg/agent/config.go +++ b/pkg/agent/config.go @@ -860,7 +860,7 @@ func getInClusterNamespace() (string, error) { return "", fmt.Errorf("POD_NAMESPACE env var not set, meaning that you are probably not running in cluster. Please use --install-namespace or POD_NAMESPACE to specify the namespace in which the agent is running.") } -func reMarshal(rawConfig interface{}, config datagatherer.Config) error { +func reMarshal(rawConfig any, config datagatherer.Config) error { bb, err := yaml.Marshal(rawConfig) if err != nil { return nil @@ -875,12 +875,12 @@ func reMarshal(rawConfig interface{}, config datagatherer.Config) error { } // UnmarshalYAML unmarshals a dataGatherer resolving the type according to Kind. -func (dg *DataGatherer) UnmarshalYAML(unmarshal func(interface{}) error) error { +func (dg *DataGatherer) UnmarshalYAML(unmarshal func(any) error) error { aux := struct { - Kind string `yaml:"kind"` - Name string `yaml:"name"` - DataPath string `yaml:"data-path,omitempty"` - RawConfig interface{} `yaml:"config"` + Kind string `yaml:"kind"` + Name string `yaml:"name"` + DataPath string `yaml:"data-path,omitempty"` + RawConfig any `yaml:"config"` }{} err := unmarshal(&aux) if err != nil { diff --git a/pkg/agent/dummy_data_gatherer.go b/pkg/agent/dummy_data_gatherer.go index 48eda8c9..997c50eb 100644 --- a/pkg/agent/dummy_data_gatherer.go +++ b/pkg/agent/dummy_data_gatherer.go @@ -39,7 +39,7 @@ func (g *dummyDataGatherer) WaitForCacheSync(ctx context.Context) error { return nil } -func (c *dummyDataGatherer) Fetch() (interface{}, int, error) { +func (c *dummyDataGatherer) Fetch() (any, int, error) { var err error if c.attemptNumber < c.FailedAttempts { err = fmt.Errorf("First %d attempts will fail", c.FailedAttempts) diff --git a/pkg/agent/run.go b/pkg/agent/run.go index 9e9831d8..6ce40a6a 100644 --- a/pkg/agent/run.go +++ b/pkg/agent/run.go @@ -271,7 +271,7 @@ func newEventf(log logr.Logger) (Eventf, error) { "reason", "The agent does not appear to be running in a Kubernetes cluster.", "detail", "When running in a Kubernetes cluster the following environment variables must be set: POD_NAME, POD_NODE, POD_UID, POD_NAMESPACE", ) - return func(eventType, reason, msg string, args ...interface{}) {}, nil + return func(eventType, reason, msg string, args ...any) {}, nil } restcfg, err := kubeconfig.LoadRESTConfig("") if err != nil { @@ -289,7 +289,7 @@ func newEventf(log logr.Logger) (Eventf, error) { broadcaster := record.NewBroadcaster() broadcaster.StartRecordingToSink(&clientgocorev1.EventSinkImpl{Interface: eventClient.CoreV1().Events(podNamespace)}) eventRec := broadcaster.NewRecorder(scheme, corev1.EventSource{Component: "venafi-kubernetes-agent", Host: podNode}) - eventf = func(eventType, reason, msg string, args ...interface{}) { + eventf = func(eventType, reason, msg string, args ...any) { eventRec.Eventf(&corev1.Pod{ObjectMeta: v1.ObjectMeta{Name: podName, Namespace: podNamespace, UID: types.UID(podUID)}}, eventType, reason, msg, args...) } @@ -298,7 +298,7 @@ func newEventf(log logr.Logger) (Eventf, error) { } // Like Printf but for sending events to the agent's Pod object. -type Eventf func(eventType, reason, msg string, args ...interface{}) +type Eventf func(eventType, reason, msg string, args ...any) func gatherAndOutputData(ctx context.Context, eventf Eventf, config CombinedConfig, preflightClient client.Client, dataGatherers map[string]datagatherer.DataGatherer) error { log := klog.FromContext(ctx).WithName("gatherAndOutputData") diff --git a/pkg/client/client_cyberark.go b/pkg/client/client_cyberark.go index 3e0659fc..c9310265 100644 --- a/pkg/client/client_cyberark.go +++ b/pkg/client/client_cyberark.go @@ -7,6 +7,7 @@ import ( "encoding/pem" "fmt" "net/http" + "slices" "github.com/go-logr/logr" corev1 "k8s.io/api/core/v1" @@ -304,7 +305,7 @@ func isExcludableSecret(log logr.Logger, obj runtime.Object) bool { // isExcludableTLSSecret checks if a TLS Secret contains a client certificate. // It returns true if the Secret is a TLS Secret and its tls.crt does not // contain a client certificate. -func isExcludableTLSSecret(log logr.Logger, dataMap map[string]interface{}) bool { +func isExcludableTLSSecret(log logr.Logger, dataMap map[string]any) bool { tlsCrtRaw, found := dataMap[corev1.TLSCertKey] if !found { log.Info("TLS Secret does not contain tls.crt key") @@ -378,10 +379,5 @@ func isClientCertificate(cert *x509.Certificate) bool { return false } // Check if the certificate has the ClientAuth EKU - for _, eku := range cert.ExtKeyUsage { - if eku == x509.ExtKeyUsageClientAuth { - return true - } - } - return false + return slices.Contains(cert.ExtKeyUsage, x509.ExtKeyUsageClientAuth) } diff --git a/pkg/client/client_cyberark_convertdatareadings_test.go b/pkg/client/client_cyberark_convertdatareadings_test.go index 20ae60d9..4fc33198 100644 --- a/pkg/client/client_cyberark_convertdatareadings_test.go +++ b/pkg/client/client_cyberark_convertdatareadings_test.go @@ -198,9 +198,9 @@ func TestExtractResourceListFromReading(t *testing.T) { Items: []*api.GatheredResource{ { Resource: &unstructured.Unstructured{ - Object: map[string]interface{}{ + Object: map[string]any{ "kind": "Namespace", - "metadata": map[string]interface{}{ + "metadata": map[string]any{ "name": "default", "uid": "uid-default", }, @@ -209,9 +209,9 @@ func TestExtractResourceListFromReading(t *testing.T) { }, { Resource: &unstructured.Unstructured{ - Object: map[string]interface{}{ + Object: map[string]any{ "kind": "Namespace", - "metadata": map[string]interface{}{ + "metadata": map[string]any{ "name": "kube-system", "uid": "uid-kube-system", }, @@ -222,9 +222,9 @@ func TestExtractResourceListFromReading(t *testing.T) { { DeletedAt: api.Time{Time: time.Now()}, Resource: &unstructured.Unstructured{ - Object: map[string]interface{}{ + Object: map[string]any{ "kind": "Namespace", - "metadata": map[string]interface{}{ + "metadata": map[string]any{ "name": "kube-system", "uid": "uid-kube-system", }, @@ -384,10 +384,10 @@ func TestMinimizeSnapshot(t *testing.T) { secretWithoutClientCert := newTLSSecret("tls-secret-without-client", sampleCertificateChain(t, x509.ExtKeyUsageServerAuth)) opaqueSecret := newOpaqueSecret("opaque-secret") serviceAccount := &unstructured.Unstructured{ - Object: map[string]interface{}{ + Object: map[string]any{ "apiVersion": "v1", "kind": "ServiceAccount", - "metadata": map[string]interface{}{ + "metadata": map[string]any{ "name": "my-service-account", "namespace": "default", }, @@ -491,10 +491,10 @@ func TestIsExcludableSecret(t *testing.T) { { name: "Non-secret", secret: &unstructured.Unstructured{ - Object: map[string]interface{}{ + Object: map[string]any{ "apiVersion": "cert-manager/v1", "kind": "Certificate", - "metadata": map[string]interface{}{ + "metadata": map[string]any{ "name": "non-secret", "namespace": "default", }, @@ -541,16 +541,16 @@ func TestIsExcludableSecret(t *testing.T) { // newTLSSecret creates a Kubernetes TLS secret with the given name and certificate data. // If crt is nil, the secret will not contain a "tls.crt" entry. -func newTLSSecret(name string, crt interface{}) *unstructured.Unstructured { - data := map[string]interface{}{"tls.key": "dummy-key"} +func newTLSSecret(name string, crt any) *unstructured.Unstructured { + data := map[string]any{"tls.key": "dummy-key"} if crt != nil { data["tls.crt"] = crt } return &unstructured.Unstructured{ - Object: map[string]interface{}{ + Object: map[string]any{ "apiVersion": "v1", "kind": "Secret", - "metadata": map[string]interface{}{ + "metadata": map[string]any{ "name": name, "namespace": "default", }, @@ -563,15 +563,15 @@ func newTLSSecret(name string, crt interface{}) *unstructured.Unstructured { // newOpaqueSecret creates a Kubernetes Opaque secret with the given name. func newOpaqueSecret(name string) *unstructured.Unstructured { return &unstructured.Unstructured{ - Object: map[string]interface{}{ + Object: map[string]any{ "apiVersion": "v1", "kind": "Secret", - "metadata": map[string]interface{}{ + "metadata": map[string]any{ "name": name, "namespace": "default", }, "type": "Opaque", - "data": map[string]interface{}{ + "data": map[string]any{ "key": "value", }, }, diff --git a/pkg/client/client_venafi_cloud.go b/pkg/client/client_venafi_cloud.go index 405c65a9..6b5da890 100644 --- a/pkg/client/client_venafi_cloud.go +++ b/pkg/client/client_venafi_cloud.go @@ -307,7 +307,7 @@ func (c *VenafiCloudClient) updateAccessToken(ctx context.Context) error { return nil } -func (c *VenafiCloudClient) sendHTTPRequest(request *http.Request, responseObject interface{}) error { +func (c *VenafiCloudClient) sendHTTPRequest(request *http.Request, responseObject any) error { response, err := c.Client.Do(request) if err != nil { return err diff --git a/pkg/datagatherer/datagatherer.go b/pkg/datagatherer/datagatherer.go index 3a4cfe04..0baab09d 100644 --- a/pkg/datagatherer/datagatherer.go +++ b/pkg/datagatherer/datagatherer.go @@ -14,7 +14,7 @@ type DataGatherer interface { // Fetch retrieves data. // count is the number of items that were discovered. A negative count means the number // of items was indeterminate. - Fetch() (data interface{}, count int, err error) + Fetch() (data any, count int, err error) // Run starts the data gatherer's informers for resource collection. // Returns error if the data gatherer informer wasn't initialized Run(ctx context.Context) error diff --git a/pkg/datagatherer/k8s/cache.go b/pkg/datagatherer/k8s/cache.go index 5ecc1fac..4482f512 100644 --- a/pkg/datagatherer/k8s/cache.go +++ b/pkg/datagatherer/k8s/cache.go @@ -31,7 +31,7 @@ type cacheResource interface { GetNamespace() string } -func logCacheUpdateFailure(log logr.Logger, obj interface{}, operation string) { +func logCacheUpdateFailure(log logr.Logger, obj any, operation string) { // We use WithCallStackHelper to ensure the correct caller line numbers in the log messages helper, log := log.WithCallStackHelper() helper() @@ -41,7 +41,7 @@ func logCacheUpdateFailure(log logr.Logger, obj interface{}, operation string) { // onAdd handles the informer creation events, adding the created runtime.Object // to the data gatherer's cache. The cache key is the uid of the object -func onAdd(log logr.Logger, obj interface{}, dgCache *cache.Cache) { +func onAdd(log logr.Logger, obj any, dgCache *cache.Cache) { item, ok := obj.(cacheResource) if ok { cacheObject := &api.GatheredResource{ @@ -56,7 +56,7 @@ func onAdd(log logr.Logger, obj interface{}, dgCache *cache.Cache) { // onUpdate handles the informer update events, replacing the old object with the new one // if it's present in the data gatherer's cache, (if the object isn't present, it gets added). // The cache key is the uid of the object -func onUpdate(log logr.Logger, oldObj, newObj interface{}, dgCache *cache.Cache) { +func onUpdate(log logr.Logger, oldObj, newObj any, dgCache *cache.Cache) { item, ok := oldObj.(cacheResource) if ok { cacheObject := updateCacheGatheredResource(string(item.GetUID()), newObj, dgCache) @@ -69,7 +69,7 @@ func onUpdate(log logr.Logger, oldObj, newObj interface{}, dgCache *cache.Cache) // onDelete handles the informer deletion events, updating the object's properties with the deletion // time of the object (but not removing the object from the cache). // The cache key is the uid of the object -func onDelete(log logr.Logger, obj interface{}, dgCache *cache.Cache) { +func onDelete(log logr.Logger, obj any, dgCache *cache.Cache) { item, ok := obj.(cacheResource) if ok { cacheObject := updateCacheGatheredResource(string(item.GetUID()), obj, dgCache) @@ -83,7 +83,7 @@ func onDelete(log logr.Logger, obj interface{}, dgCache *cache.Cache) { // creates a new updated instance of a cache object, with the resource // argument. If the object is present in the cache it fetches the object's // properties. -func updateCacheGatheredResource(cacheKey string, resource interface{}, dgCache *cache.Cache) *api.GatheredResource { +func updateCacheGatheredResource(cacheKey string, resource any, dgCache *cache.Cache) *api.GatheredResource { // updated cache object cacheObject := &api.GatheredResource{ Resource: resource, diff --git a/pkg/datagatherer/k8s/cache_test.go b/pkg/datagatherer/k8s/cache_test.go index 8b4685bc..f0cb5071 100644 --- a/pkg/datagatherer/k8s/cache_test.go +++ b/pkg/datagatherer/k8s/cache_test.go @@ -24,7 +24,7 @@ func TestOnAddCache(t *testing.T) { tcs := map[string]struct { inputObjects []runtime.Object eventObjects []runtime.Object - eventFunc func(log logr.Logger, old, obj interface{}, dgCache *cache.Cache) + eventFunc func(log logr.Logger, old, obj any, dgCache *cache.Cache) expected []*api.GatheredResource }{ "add all objects": { @@ -51,7 +51,7 @@ func TestOnAddCache(t *testing.T) { getObject("v1", "Service", "testservice", "testns", false), getObject("foobar/v1", "NotFoo", "notfoo", "testns", false), }, - eventFunc: func(log logr.Logger, oldObj, newObj interface{}, dgCache *cache.Cache) { + eventFunc: func(log logr.Logger, oldObj, newObj any, dgCache *cache.Cache) { onDelete(log, oldObj, dgCache) }, expected: []*api.GatheredResource{ diff --git a/pkg/datagatherer/k8s/discovery.go b/pkg/datagatherer/k8s/discovery.go index cc44d4e5..d28b5eda 100644 --- a/pkg/datagatherer/k8s/discovery.go +++ b/pkg/datagatherer/k8s/discovery.go @@ -18,7 +18,7 @@ type ConfigDiscovery struct { } // UnmarshalYAML unmarshals the Config resolving GroupVersionResource. -func (c *ConfigDiscovery) UnmarshalYAML(unmarshal func(interface{}) error) error { +func (c *ConfigDiscovery) UnmarshalYAML(unmarshal func(any) error) error { aux := struct { KubeConfigPath string `yaml:"kubeconfig"` }{} @@ -75,7 +75,7 @@ func (g *DataGathererDiscovery) WaitForCacheSync(ctx context.Context) error { } // Fetch will fetch discovery data from the apiserver, or return an error -func (g *DataGathererDiscovery) Fetch() (interface{}, int, error) { +func (g *DataGathererDiscovery) Fetch() (any, int, error) { data, err := g.cl.ServerVersion() if err != nil { return nil, -1, fmt.Errorf("failed to get server version: %v", err) diff --git a/pkg/datagatherer/k8s/dynamic.go b/pkg/datagatherer/k8s/dynamic.go index 4a979aea..92f10c33 100644 --- a/pkg/datagatherer/k8s/dynamic.go +++ b/pkg/datagatherer/k8s/dynamic.go @@ -37,6 +37,7 @@ import ( "errors" "fmt" "regexp" + "slices" "strings" "time" @@ -78,7 +79,7 @@ type ConfigDynamic struct { } // UnmarshalYAML unmarshals the ConfigDynamic resolving GroupVersionResource. -func (c *ConfigDynamic) UnmarshalYAML(unmarshal func(interface{}) error) error { +func (c *ConfigDynamic) UnmarshalYAML(unmarshal func(any) error) error { aux := struct { KubeConfigPath string `yaml:"kubeconfig"` ResourceType struct { @@ -253,13 +254,13 @@ func (c *ConfigDynamic) newDataGathererWithClient(ctx context.Context, cl dynami } registration, err := newDataGatherer.informer.AddEventHandlerWithOptions(k8scache.ResourceEventHandlerFuncs{ - AddFunc: func(obj interface{}) { + AddFunc: func(obj any) { onAdd(log, obj, dgCache) }, - UpdateFunc: func(oldObj, newObj interface{}) { + UpdateFunc: func(oldObj, newObj any) { onUpdate(log, oldObj, newObj, dgCache) }, - DeleteFunc: func(obj interface{}) { + DeleteFunc: func(obj any) { onDelete(log, obj, dgCache) }, }, k8scache.HandlerOptions{ @@ -345,7 +346,7 @@ func (g *DataGathererDynamic) WaitForCacheSync(ctx context.Context) error { // Fetch will fetch the requested data from the apiserver, or return an error // if fetching the data fails. -func (g *DataGathererDynamic) Fetch() (interface{}, int, error) { +func (g *DataGathererDynamic) Fetch() (any, int, error) { if g.groupVersionResource.String() == "" { return nil, -1, fmt.Errorf("resource type must be specified") } @@ -527,7 +528,7 @@ func RemoveUnstructuredKeys(excludeKeys []*regexp.Regexp, obj *unstructured.Unst // map[string]interface{}. That's because the yaml.Unmarshal func is used // with an empty map[string]interface{} object, which means all nested // objects will be unmarshalled to a map[string]interface{}. - annots, ok := annotsRaw.(map[string]interface{}) + annots, ok := annotsRaw.(map[string]any) if !ok { return } @@ -558,12 +559,7 @@ func isIncludedNamespace(namespace string, namespaces []string) bool { if namespaces[0] == metav1.NamespaceAll { return true } - for _, current := range namespaces { - if namespace == current { - return true - } - } - return false + return slices.Contains(namespaces, namespace) } func isNativeResource(gvr schema.GroupVersionResource) bool { diff --git a/pkg/datagatherer/k8s/dynamic_test.go b/pkg/datagatherer/k8s/dynamic_test.go index 525c8892..26b6ae90 100644 --- a/pkg/datagatherer/k8s/dynamic_test.go +++ b/pkg/datagatherer/k8s/dynamic_test.go @@ -29,7 +29,7 @@ import ( ) func getObject(version, kind, name, namespace string, withManagedFields bool) *unstructured.Unstructured { - metadata := map[string]interface{}{ + metadata := map[string]any{ "name": name, "namespace": namespace, "uid": fmt.Sprintf("%s1", name), @@ -41,7 +41,7 @@ func getObject(version, kind, name, namespace string, withManagedFields bool) *u metadata["managedFields"] = "set" } - object := map[string]interface{}{ + object := map[string]any{ "apiVersion": version, "kind": kind, "metadata": metadata, @@ -52,12 +52,12 @@ func getObject(version, kind, name, namespace string, withManagedFields bool) *u } } -func getObjectAnnot(version, kind, name, namespace string, annotations, labels map[string]interface{}) *unstructured.Unstructured { +func getObjectAnnot(version, kind, name, namespace string, annotations, labels map[string]any) *unstructured.Unstructured { obj := getObject(version, kind, name, namespace, false) - metadata, _ := obj.Object["metadata"].(map[string]interface{}) + metadata, _ := obj.Object["metadata"].(map[string]any) if annotations == nil { - annotations = make(map[string]interface{}) + annotations = make(map[string]any) } metadata["annotations"] = annotations metadata["labels"] = labels @@ -65,7 +65,7 @@ func getObjectAnnot(version, kind, name, namespace string, annotations, labels m return obj } -func getSecret(name, namespace string, data map[string]interface{}, isTLS bool, withLastApplied bool) *unstructured.Unstructured { +func getSecret(name, namespace string, data map[string]any, isTLS bool, withLastApplied bool) *unstructured.Unstructured { object := getObject("v1", "Secret", name, namespace, false) if data != nil { @@ -77,8 +77,8 @@ func getSecret(name, namespace string, data map[string]interface{}, isTLS bool, object.Object["type"] = "kubernetes.io/tls" } - metadata, _ := object.Object["metadata"].(map[string]interface{}) - annotations := make(map[string]interface{}) + metadata, _ := object.Object["metadata"].(map[string]any) + annotations := make(map[string]any) // if we're creating a 'raw' secret as scraped that was applied by kubectl if withLastApplied { @@ -391,10 +391,10 @@ func TestDynamicGatherer_Fetch(t *testing.T) { expected: []*api.GatheredResource{ { Resource: &unstructured.Unstructured{ - Object: map[string]interface{}{ + Object: map[string]any{ "apiVersion": "v1", "kind": "Namespace", - "metadata": map[string]interface{}{ + "metadata": map[string]any{ "name": "default", "uid": "default1", }, @@ -542,10 +542,10 @@ func TestDynamicGatherer_Fetch(t *testing.T) { GroupVersionResource: schema.GroupVersionResource{Group: "", Version: "v1", Resource: "secrets"}, }, addObjects: []runtime.Object{ - getSecret("testsecret", "testns1", map[string]interface{}{ + getSecret("testsecret", "testns1", map[string]any{ "secretKey": "secretValue", }, false, true), - getSecret("anothertestsecret", "testns2", map[string]interface{}{ + getSecret("anothertestsecret", "testns2", map[string]any{ "secretNumber": "12345", }, false, true), }, @@ -564,12 +564,12 @@ func TestDynamicGatherer_Fetch(t *testing.T) { GroupVersionResource: schema.GroupVersionResource{Group: "", Version: "v1", Resource: "secrets"}, }, addObjects: []runtime.Object{ - getSecret("testsecret", "testns1", map[string]interface{}{ + getSecret("testsecret", "testns1", map[string]any{ "tls.key": "secretValue", "tls.crt": "value", "ca.crt": "value", }, true, true), - getSecret("anothertestsecret", "testns2", map[string]interface{}{ + getSecret("anothertestsecret", "testns2", map[string]any{ "example.key": "secretValue", "example.crt": "value", }, true, true), @@ -577,7 +577,7 @@ func TestDynamicGatherer_Fetch(t *testing.T) { expected: []*api.GatheredResource{ { // only tls.crt and ca.cert remain - Resource: getSecret("testsecret", "testns1", map[string]interface{}{ + Resource: getSecret("testsecret", "testns1", map[string]any{ "tls.crt": "value", "ca.crt": "value", }, true, false), @@ -624,12 +624,12 @@ func TestDynamicGatherer_Fetch(t *testing.T) { excludeLabelKeys: []string{`^company\.com/employee-id$`}, addObjects: []runtime.Object{getObjectAnnot("v1", "Secret", "s0", "n1", - map[string]interface{}{"kapp.k14s.io/original": "foo", "kapp.k14s.io/original-diff": "bar", "normal": "true"}, - map[string]interface{}{`company.com/employee-id`: "12345", "prod": "true"}, + map[string]any{"kapp.k14s.io/original": "foo", "kapp.k14s.io/original-diff": "bar", "normal": "true"}, + map[string]any{`company.com/employee-id`: "12345", "prod": "true"}, )}, expected: []*api.GatheredResource{{Resource: getObjectAnnot("v1", "Secret", "s0", "n1", - map[string]interface{}{"normal": "true"}, - map[string]interface{}{"prod": "true"}, + map[string]any{"normal": "true"}, + map[string]any{"prod": "true"}, )}}, }, } @@ -659,11 +659,11 @@ func TestDynamicGatherer_Fetch(t *testing.T) { resourceInformer := factory.ForResource(tc.config.GroupVersionResource) testInformer := resourceInformer.Informer() _, err = testInformer.AddEventHandler(k8scache.ResourceEventHandlerFuncs{ - DeleteFunc: func(obj interface{}) { + DeleteFunc: func(obj any) { defer wg.Done() time.Sleep(100 * time.Millisecond) }, - UpdateFunc: func(oldObj, newObj interface{}) { + UpdateFunc: func(oldObj, newObj any) { defer wg.Done() time.Sleep(100 * time.Millisecond) }, @@ -973,11 +973,11 @@ func TestDynamicGathererNativeResources_Fetch(t *testing.T) { informers.WithTweakListOptions(func(options *metav1.ListOptions) {})) testInformer := factory.Core().V1().Pods().Informer() _, err = testInformer.AddEventHandler(k8scache.ResourceEventHandlerFuncs{ - DeleteFunc: func(obj interface{}) { + DeleteFunc: func(obj any) { defer wg.Done() time.Sleep(100 * time.Millisecond) }, - UpdateFunc: func(oldObj, newObj interface{}) { + UpdateFunc: func(oldObj, newObj any) { defer wg.Done() time.Sleep(100 * time.Millisecond) }, @@ -1078,17 +1078,17 @@ func TestRemoveUnstructuredKeys(t *testing.T) { t.Run("remove single key", run_TestRemoveUnstructuredKeys(tc_RemoveUnstructuredKeys{ givenPath: []string{"metadata", "annotations"}, givenExclude: []string{"^toexclude$"}, - givenObj: map[string]interface{}{ - "metadata": map[string]interface{}{ - "annotations": map[string]interface{}{ + givenObj: map[string]any{ + "metadata": map[string]any{ + "annotations": map[string]any{ "toexclude": "foo", "tokeep": "bar", }, }, }, - expectObj: map[string]interface{}{ - "metadata": map[string]interface{}{ - "annotations": map[string]interface{}{ + expectObj: map[string]any{ + "metadata": map[string]any{ + "annotations": map[string]any{ "tokeep": "bar", }, }, @@ -1098,34 +1098,34 @@ func TestRemoveUnstructuredKeys(t *testing.T) { t.Run("remove keys using multiple regexes", run_TestRemoveUnstructuredKeys(tc_RemoveUnstructuredKeys{ givenPath: []string{"metadata", "annotations"}, givenExclude: []string{"^toexclude1$", "^toexclude2$"}, - givenObj: map[string]interface{}{ - "metadata": map[string]interface{}{ - "annotations": map[string]interface{}{ + givenObj: map[string]any{ + "metadata": map[string]any{ + "annotations": map[string]any{ "toexclude1": "foo", "toexclude2": "bar", }, }, }, - expectObj: map[string]interface{}{ - "metadata": map[string]interface{}{"annotations": map[string]interface{}{}}, + expectObj: map[string]any{ + "metadata": map[string]any{"annotations": map[string]any{}}, }, })) t.Run("remove multiple keys with a single regex", run_TestRemoveUnstructuredKeys(tc_RemoveUnstructuredKeys{ givenPath: []string{"metadata", "annotations"}, givenExclude: []string{"toexclude.*"}, - givenObj: map[string]interface{}{ - "metadata": map[string]interface{}{ - "annotations": map[string]interface{}{ + givenObj: map[string]any{ + "metadata": map[string]any{ + "annotations": map[string]any{ "toexclude1": "foo", "toexclude2": "bar", "tokeep": "baz", }, }, }, - expectObj: map[string]interface{}{ - "metadata": map[string]interface{}{ - "annotations": map[string]interface{}{ + expectObj: map[string]any{ + "metadata": map[string]any{ + "annotations": map[string]any{ "tokeep": "baz", }, }, @@ -1135,16 +1135,16 @@ func TestRemoveUnstructuredKeys(t *testing.T) { t.Run("with no regex, the object is untouched", run_TestRemoveUnstructuredKeys(tc_RemoveUnstructuredKeys{ givenPath: []string{"metadata", "annotations"}, givenExclude: []string{}, - givenObj: map[string]interface{}{ - "metadata": map[string]interface{}{ - "annotations": map[string]interface{}{ + givenObj: map[string]any{ + "metadata": map[string]any{ + "annotations": map[string]any{ "tokeep1": "foo", }, }, }, - expectObj: map[string]interface{}{ - "metadata": map[string]interface{}{ - "annotations": map[string]interface{}{ + expectObj: map[string]any{ + "metadata": map[string]any{ + "annotations": map[string]any{ "tokeep1": "foo", }, }, @@ -1157,21 +1157,21 @@ func TestRemoveUnstructuredKeys(t *testing.T) { givenPath: []string{"metadata", "annotations"}, givenExclude: []string{}, - givenObj: map[string]interface{}{"metadata": map[string]interface{}{}}, - expectObj: map[string]interface{}{"metadata": map[string]interface{}{}}, + givenObj: map[string]any{"metadata": map[string]any{}}, + expectObj: map[string]any{"metadata": map[string]any{}}, })) t.Run("works when the leaf field is nil", run_TestRemoveUnstructuredKeys(tc_RemoveUnstructuredKeys{ givenPath: []string{"metadata", "annotations"}, givenExclude: []string{}, - givenObj: map[string]interface{}{"metadata": map[string]interface{}{"annotations": nil}}, - expectObj: map[string]interface{}{"metadata": map[string]interface{}{"annotations": nil}}, + givenObj: map[string]any{"metadata": map[string]any{"annotations": nil}}, + expectObj: map[string]any{"metadata": map[string]any{"annotations": nil}}, })) t.Run("works when leaf field is unexpectedly not nil and not a known map", run_TestRemoveUnstructuredKeys(tc_RemoveUnstructuredKeys{ givenPath: []string{"metadata", "annotations"}, - givenObj: map[string]interface{}{"metadata": map[string]interface{}{"annotations": 42}}, - expectObj: map[string]interface{}{"metadata": map[string]interface{}{"annotations": 42}}, + givenObj: map[string]any{"metadata": map[string]any{"annotations": 42}}, + expectObj: map[string]any{"metadata": map[string]any{"annotations": 42}}, })) // The "intermediate" field is the field that is not at the end of the path. @@ -1179,28 +1179,28 @@ func TestRemoveUnstructuredKeys(t *testing.T) { // metadata.annotations. t.Run("works when the intermediate field doesn't exist", run_TestRemoveUnstructuredKeys(tc_RemoveUnstructuredKeys{ givenPath: []string{"metadata", "annotations"}, - givenObj: map[string]interface{}{}, - expectObj: map[string]interface{}{}, + givenObj: map[string]any{}, + expectObj: map[string]any{}, })) t.Run("works when the intermediate field is nil", run_TestRemoveUnstructuredKeys(tc_RemoveUnstructuredKeys{ givenPath: []string{"metadata", "annotations"}, - givenObj: map[string]interface{}{"metadata": nil}, - expectObj: map[string]interface{}{"metadata": nil}, + givenObj: map[string]any{"metadata": nil}, + expectObj: map[string]any{"metadata": nil}, })) t.Run("works when the intermediate field is unexpectedly not nil and not a map", run_TestRemoveUnstructuredKeys(tc_RemoveUnstructuredKeys{ givenPath: []string{"metadata", "annotations"}, - givenObj: map[string]interface{}{"metadata": 42}, - expectObj: map[string]interface{}{"metadata": 42}, + givenObj: map[string]any{"metadata": 42}, + expectObj: map[string]any{"metadata": 42}, })) } type tc_RemoveUnstructuredKeys struct { givenExclude []string - givenObj map[string]interface{} + givenObj map[string]any givenPath []string - expectObj map[string]interface{} + expectObj map[string]any } func run_TestRemoveUnstructuredKeys(tc tc_RemoveUnstructuredKeys) func(*testing.T) { diff --git a/pkg/datagatherer/k8s/fieldfilter.go b/pkg/datagatherer/k8s/fieldfilter.go index 6af47ed4..08470066 100644 --- a/pkg/datagatherer/k8s/fieldfilter.go +++ b/pkg/datagatherer/k8s/fieldfilter.go @@ -80,7 +80,7 @@ type FieldPath []string // Select removes all but the supplied fields from the resource func Select(fields []FieldPath, resource *unstructured.Unstructured) error { newResource := unstructured.Unstructured{ - Object: map[string]interface{}{}, + Object: map[string]any{}, } for _, field := range fields { diff --git a/pkg/datagatherer/k8s/fieldfilter_test.go b/pkg/datagatherer/k8s/fieldfilter_test.go index 1590a9f8..0cf126c3 100644 --- a/pkg/datagatherer/k8s/fieldfilter_test.go +++ b/pkg/datagatherer/k8s/fieldfilter_test.go @@ -13,16 +13,16 @@ import ( func TestSelect(t *testing.T) { t.Run("secret", run_TestSelect( - map[string]interface{}{ + map[string]any{ "apiVersion": "v1", "kind": "Secret", - "metadata": map[string]interface{}{ + "metadata": map[string]any{ "name": "example", "namespace": "example", - "annotations": map[string]interface{}{ + "annotations": map[string]any{ "kubectl.kubernetes.io/last-applied-configuration": "secret", }, - "labels": map[string]interface{}{ + "labels": map[string]any{ "foo": "bar", }, "resourceVersion": "fake-resource-version", @@ -34,7 +34,7 @@ func TestSelect(t *testing.T) { "generation": 11, }, "type": "kubernetes.io/tls", - "data": map[string]interface{}{ + "data": map[string]any{ "tls.crt": "cert data", "tls.key": "secret", "extra": "should be removed", @@ -42,18 +42,18 @@ func TestSelect(t *testing.T) { }, }, SecretSelectedFields, - map[string]interface{}{ + map[string]any{ "apiVersion": "v1", "kind": "Secret", - "metadata": map[string]interface{}{ + "metadata": map[string]any{ "name": "example", "namespace": "example", - "annotations": map[string]interface{}{ + "annotations": map[string]any{ // The "last-applied-configuration" isn't ignored in // "Select". "Redact" removes it. "kubectl.kubernetes.io/last-applied-configuration": "secret", }, - "labels": map[string]interface{}{ + "labels": map[string]any{ "foo": "bar", }, "resourceVersion": "fake-resource-version", @@ -61,7 +61,7 @@ func TestSelect(t *testing.T) { "deletionTimestamp": "2025-08-15T00:00:02Z", }, "type": "kubernetes.io/tls", - "data": map[string]interface{}{ + "data": map[string]any{ // The "tls.key" is ignored. "tls.crt": "cert data", "conjur-map": "should be kept", @@ -71,22 +71,22 @@ func TestSelect(t *testing.T) { // Confirm select function preserves immutability t.Run("secret-immutable", run_TestSelect( - map[string]interface{}{ + map[string]any{ "apiVersion": "v1", "kind": "Secret", "immutable": true, - "metadata": map[string]interface{}{ + "metadata": map[string]any{ "name": "with-immutable", "namespace": "example", }, "type": "Opaque", }, SecretSelectedFields, - map[string]interface{}{ + map[string]any{ "apiVersion": "v1", "kind": "Secret", "immutable": true, - "metadata": map[string]interface{}{ + "metadata": map[string]any{ "name": "with-immutable", "namespace": "example", }, @@ -95,22 +95,22 @@ func TestSelect(t *testing.T) { )) t.Run("secret-immutable-false", run_TestSelect( - map[string]interface{}{ + map[string]any{ "apiVersion": "v1", "kind": "Secret", "immutable": false, - "metadata": map[string]interface{}{ + "metadata": map[string]any{ "name": "with-immutable-false", "namespace": "example", }, "type": "Opaque", }, SecretSelectedFields, - map[string]interface{}{ + map[string]any{ "apiVersion": "v1", "kind": "Secret", "immutable": false, - "metadata": map[string]interface{}{ + "metadata": map[string]any{ "name": "with-immutable-false", "namespace": "example", }, @@ -119,20 +119,20 @@ func TestSelect(t *testing.T) { )) t.Run("secret-immutable-absent", run_TestSelect( - map[string]interface{}{ + map[string]any{ "apiVersion": "v1", "kind": "Secret", - "metadata": map[string]interface{}{ + "metadata": map[string]any{ "name": "immutable-absent", "namespace": "example", }, "type": "Opaque", }, SecretSelectedFields, - map[string]interface{}{ + map[string]any{ "apiVersion": "v1", "kind": "Secret", - "metadata": map[string]interface{}{ + "metadata": map[string]any{ "name": "immutable-absent", "namespace": "example", }, @@ -141,15 +141,15 @@ func TestSelect(t *testing.T) { )) t.Run("route", run_TestSelect( - map[string]interface{}{ + map[string]any{ "apiVersion": "v1", "kind": "Route", - "metadata": map[string]interface{}{ + "metadata": map[string]any{ "name": "example", - "annotations": map[string]interface{}{ + "annotations": map[string]any{ "kubectl.kubernetes.io/last-applied-configuration": "secret", }, - "labels": map[string]interface{}{ + "labels": map[string]any{ "foo": "bar", }, "resourceVersion": "fake-resource-version", @@ -160,13 +160,13 @@ func TestSelect(t *testing.T) { "finalizers": []string{"example.com/fake-finalizer"}, "generation": 11, }, - "spec": map[string]interface{}{ + "spec": map[string]any{ "host": "www.example.com", - "to": map[string]interface{}{ + "to": map[string]any{ "kind": "Service", "name": "frontend", }, - "tls": map[string]interface{}{ + "tls": map[string]any{ "termination": "reencrypt", "key": "secret", "certificate": "cert data", @@ -175,12 +175,12 @@ func TestSelect(t *testing.T) { }, }, }, RouteSelectedFields, - map[string]interface{}{ + map[string]any{ "apiVersion": "v1", "kind": "Route", - "metadata": map[string]interface{}{ + "metadata": map[string]any{ "name": "example", - "annotations": map[string]interface{}{ + "annotations": map[string]any{ // The "last-applied-configuration" isn't ignored in // "Select". "Redact" removes it. "kubectl.kubernetes.io/last-applied-configuration": "secret", @@ -189,13 +189,13 @@ func TestSelect(t *testing.T) { "creationTimestamp": "2025-08-15T00:00:01Z", "deletionTimestamp": "2025-08-15T00:00:02Z", }, - "spec": map[string]interface{}{ + "spec": map[string]any{ "host": "www.example.com", - "to": map[string]interface{}{ + "to": map[string]any{ "kind": "Service", "name": "frontend", }, - "tls": map[string]interface{}{ + "tls": map[string]any{ "termination": "reencrypt", // The "key" field is ignored. "certificate": "cert data", @@ -207,7 +207,7 @@ func TestSelect(t *testing.T) { )) } -func run_TestSelect(given map[string]interface{}, givenSelect []FieldPath, expect map[string]interface{}) func(*testing.T) { +func run_TestSelect(given map[string]any, givenSelect []FieldPath, expect map[string]any) func(*testing.T) { return func(t *testing.T) { t.Helper() givenPtr := unstructured.Unstructured{Object: given} @@ -220,7 +220,7 @@ func run_TestSelect(given map[string]interface{}, givenSelect []FieldPath, expec func TestSelectMissingSelectedField(t *testing.T) { resource := &unstructured.Unstructured{ - Object: map[string]interface{}{ + Object: map[string]any{ "kind": "Secret", }, } @@ -244,19 +244,19 @@ func TestSelectMissingSelectedField(t *testing.T) { func TestRedactSecret(t *testing.T) { resource := &unstructured.Unstructured{ - Object: map[string]interface{}{ + Object: map[string]any{ "apiVersion": "v1", "kind": "Secret", - "metadata": map[string]interface{}{ + "metadata": map[string]any{ "name": "example", "namespace": "example", - "annotations": map[string]interface{}{ + "annotations": map[string]any{ "kubectl.kubernetes.io/last-applied-configuration": "secret", }, "managedFields": nil, }, "type": "kubernetes.io/tls", - "data": map[string]interface{}{ + "data": map[string]any{ "tls.crt": "cert data", "tls.key": "secret", }, @@ -292,15 +292,15 @@ func TestRedactSecret(t *testing.T) { func TestRedactPod(t *testing.T) { resource := &unstructured.Unstructured{ - Object: map[string]interface{}{ + Object: map[string]any{ "apiVersion": "v1", "kind": "Pod", - "metadata": map[string]interface{}{ + "metadata": map[string]any{ "name": "example", "namespace": "example", - "managedFields": []interface{}{}, + "managedFields": []any{}, }, - "spec": map[string]interface{}{ + "spec": map[string]any{ "serviceAccountName": "example", }, }, @@ -331,7 +331,7 @@ func TestRedactPod(t *testing.T) { func TestRedactMissingField(t *testing.T) { resource := &unstructured.Unstructured{ - Object: map[string]interface{}{ + Object: map[string]any{ "kind": "Secret", }, } diff --git a/pkg/datagatherer/local/local.go b/pkg/datagatherer/local/local.go index 27368973..530cd11c 100644 --- a/pkg/datagatherer/local/local.go +++ b/pkg/datagatherer/local/local.go @@ -49,7 +49,7 @@ func (g *DataGatherer) WaitForCacheSync(ctx context.Context) error { } // Fetch loads and returns the data from the LocalDatagatherer's dataPath -func (g *DataGatherer) Fetch() (interface{}, int, error) { +func (g *DataGatherer) Fetch() (any, int, error) { dataBytes, err := os.ReadFile(g.dataPath) if err != nil { return nil, -1, err