Go 1.19

apis/v1beta1/gpupolicyadapter_types.go

@@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-//+kubebuilder:validation:Optional
+// +kubebuilder:validation:Optional
 package v1beta1
 
 import (

apis/v1beta2/core_types.go

@@ -5,70 +5,70 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
-//+kubebuilder:object:root=true
+// +kubebuilder:object:root=true
 type BootstrapToken struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 	Spec              *opnicorev1.BootstrapToken `json:"spec,omitempty"`
 }
 
-//+kubebuilder:object:root=true
+// +kubebuilder:object:root=true
 type BootstrapTokenList struct {
 	metav1.TypeMeta `json:",inline"`
 	metav1.ListMeta `json:"metadata,omitempty"`
 	Items           []BootstrapToken `json:"items"`
 }
 
-//+kubebuilder:object:root=true
+// +kubebuilder:object:root=true
 type Cluster struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 	Spec              *opnicorev1.Cluster `json:"spec,omitempty"`
 }
 
-//+kubebuilder:object:root=true
+// +kubebuilder:object:root=true
 type ClusterList struct {
 	metav1.TypeMeta `json:",inline"`
 	metav1.ListMeta `json:"metadata,omitempty"`
 	Items           []Cluster `json:"items"`
 }
 
-//+kubebuilder:object:root=true
+// +kubebuilder:object:root=true
 type Role struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 	Spec              *opnicorev1.Role `json:"spec,omitempty"`
 }
 
-//+kubebuilder:object:root=true
+// +kubebuilder:object:root=true
 type RoleList struct {
 	metav1.TypeMeta `json:",inline"`
 	metav1.ListMeta `json:"metadata,omitempty"`
 	Items           []Role `json:"items"`
 }
 
-//+kubebuilder:object:root=true
+// +kubebuilder:object:root=true
 type RoleBinding struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 	Spec              *opnicorev1.RoleBinding `json:"spec,omitempty"`
 }
 
-//+kubebuilder:object:root=true
+// +kubebuilder:object:root=true
 type RoleBindingList struct {
 	metav1.TypeMeta `json:",inline"`
 	metav1.ListMeta `json:"metadata,omitempty"`
 	Items           []RoleBinding `json:"items"`
 }
 
-//+kubebuilder:object:root=true
+// +kubebuilder:object:root=true
 type Keyring struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 	Data              []byte `json:"data,omitempty"`
 }
 
-//+kubebuilder:object:root=true
+// +kubebuilder:object:root=true
 type KeyringList struct {
 	metav1.TypeMeta `json:",inline"`
 	metav1.ListMeta `json:"metadata,omitempty"`

apis/v1beta2/dataprepper_types.go

@@ -48,7 +48,7 @@ type OpensearchSpec struct {
 	InsecureDisableSSLVerify bool   `json:"insecureDisableSSLVerify,omitempty"`
 }
 
-//+kubebuilder:object:root=true
+// +kubebuilder:object:root=true
 type DataPrepperList struct {
 	metav1.TypeMeta `json:",inline"`
 	metav1.ListMeta `json:"metadata,omitempty"`

apis/v1beta2/gpupolicyadapter_types.go

@@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-//+kubebuilder:validation:Optional
+// +kubebuilder:validation:Optional
 package v1beta2
 
 import (

apis/v1beta2/loggingcluster_types.go

@@ -50,7 +50,7 @@ type LoggingClusterStatus struct {
 	ReadRole       string              `json:"readRole,omitempty"`
 }
 
-//+kubebuilder:object:root=true
+// +kubebuilder:object:root=true
 type LoggingClusterList struct {
 	metav1.TypeMeta `json:",inline"`
 	metav1.ListMeta `json:"metadata,omitempty"`

apis/v1beta2/monitoring_types.go

@@ -280,16 +280,16 @@ type MonitoringClusterStatus struct {
 	ImagePullPolicy corev1.PullPolicy `json:"imagePullPolicy,omitempty"`
 }
 
-//+kubebuilder:object:root=true
-//+kubebuilder:subresource:status
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
 type MonitoringCluster struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 	Spec              MonitoringClusterSpec   `json:"spec,omitempty"`
 	Status            MonitoringClusterStatus `json:"status,omitempty"`
 }
 
-//+kubebuilder:object:root=true
+// +kubebuilder:object:root=true
 type MonitoringClusterList struct {
 	metav1.TypeMeta `json:",inline"`
 	metav1.ListMeta `json:"metadata,omitempty"`
@@ -305,16 +305,16 @@ type GatewayStatus struct {
 	Ready           bool                        `json:"ready,omitempty"`
 }
 
-//+kubebuilder:object:root=true
-//+kubebuilder:subresource:status
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
 type Gateway struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 	Spec              GatewaySpec   `json:"spec,omitempty"`
 	Status            GatewayStatus `json:"status,omitempty"`
 }
 
-//+kubebuilder:object:root=true
+// +kubebuilder:object:root=true
 type GatewayList struct {
 	metav1.TypeMeta `json:",inline"`
 	metav1.ListMeta `json:"metadata,omitempty"`

go.mod

@@ -1,6 +1,6 @@
 module github.com/rancher/opni
 
-go 1.18
+go 1.19
 
 require (
 	cuelang.org/go v0.4.3

magefile.go

@@ -32,7 +32,7 @@ import (
 	// mage:import charts
 	_ "github.com/rancher/charts-build-scripts/pkg/actions"
 	// mage:import test
-	test "github.com/rancher/opni/internal/mage/test"
+	"github.com/rancher/opni/internal/mage/test"
 )
 
 var Default = All
@@ -190,6 +190,7 @@ func init() {
 		version = tag
 	}
 
+	build.Config.ExtraFlags = append(build.Config.ExtraFlags, "-trimpath")
 	build.Config.LDFlags = append(build.Config.LDFlags, "-X", "github.com/rancher/opni/pkg/util.Version="+version)
 	build.Config.ExtraTargets = extraTargets
 

pkg/alerting/noop/noop.go

@@ -15,7 +15,6 @@ import (
 	"google.golang.org/protobuf/types/known/emptypb"
 )
 
-//
 func NewUnavailableAlertingImplementation(version string) alerting.Provider {
 	switch version {
 	case shared.AlertingV1Alpha:

pkg/bootstrap/doc.go

@@ -4,32 +4,32 @@ to the gateway using bootstrap tokens.
 
 The bootstrap process is as follows:
 
-1. The server generates a self-signed keypair, and a bootstrap token.
-2. The client is given the bootstrap token and one or more fingerprints of
-	 public keys in the server's certificate chain ("pinned" public keys).
-	 It sends a request to the server's /bootstrap/join endpoint with no
-	 Authentication header. The client cannot yet trust the server's self-signed
-	 certificate, so it does not send any other data in the request.
-4. During the TLS handshake, the client computes the fingerprints of the public
-	 keys in the server's offered certificates, and compares them to its
-	 pinned fingerprints. If any of the fingerprints match, and the server's
-	 certificate chain is valid (i.e. each certificate is signed by the next
-	 certificate in the chain), the client trusts the server and completes the
-	 TLS handshake.
-3. The server responds with several JWS messages with detached payloads
-	 (one for each active bootstrap token).
-5. The client finds the JWS with the matching bootstrap token ID, fills in
-	 the detached payload (the bootstrap token), and sends it back to the server's
-	 /bootstrap/join endpoint along with the client's own unique identifier it
-	 wishes to use (typically the client's kube-system namespace resource UID)
-	 and an ephemeral x25519 public key.
-6. The server verifies the reconstructed JWS. If it is correct, the server can
-   now trust the client. The server responds with its own ephemeral x25519
-	 public key.
-7. Both the client and server use their ephemeral keypair and their peer's
-	 public key to generate a shared secret. Then, this secret is passed through
-	 a KDF to create two static ed25519 keys. One is used to generate and verify
-	 MACs for client->server messages, and the other is used to generate and
-	 verify MACs for server->client messages.
+ 1. The server generates a self-signed keypair, and a bootstrap token.
+ 2. The client is given the bootstrap token and one or more fingerprints of
+    public keys in the server's certificate chain ("pinned" public keys).
+    It sends a request to the server's /bootstrap/join endpoint with no
+    Authentication header. The client cannot yet trust the server's self-signed
+    certificate, so it does not send any other data in the request.
+ 4. During the TLS handshake, the client computes the fingerprints of the public
+    keys in the server's offered certificates, and compares them to its
+    pinned fingerprints. If any of the fingerprints match, and the server's
+    certificate chain is valid (i.e. each certificate is signed by the next
+    certificate in the chain), the client trusts the server and completes the
+    TLS handshake.
+ 3. The server responds with several JWS messages with detached payloads
+    (one for each active bootstrap token).
+ 5. The client finds the JWS with the matching bootstrap token ID, fills in
+    the detached payload (the bootstrap token), and sends it back to the server's
+    /bootstrap/join endpoint along with the client's own unique identifier it
+    wishes to use (typically the client's kube-system namespace resource UID)
+    and an ephemeral x25519 public key.
+ 6. The server verifies the reconstructed JWS. If it is correct, the server can
+    now trust the client. The server responds with its own ephemeral x25519
+    public key.
+ 7. Both the client and server use their ephemeral keypair and their peer's
+    public key to generate a shared secret. Then, this secret is passed through
+    a KDF to create two static ed25519 keys. One is used to generate and verify
+    MACs for client->server messages, and the other is used to generate and
+    verify MACs for server->client messages.
 */
 package bootstrap

pkg/capabilities/template.go

@@ -78,25 +78,27 @@ type OptionSpec struct {
 // The args are specific to each kind of input control.
 //
 // Kinds:
-//   "input": A text box.
-//     Arguments:
-//       1: Label
-//   "select": A combo box.
-//     Arguments:
-//       1: Label
-//       2+: Combo box items
-//   "toggle": A checkbox.
-//     Arguments:
-//       1: Label
+//
+//	"input": A text box.
+//	  Arguments:
+//	    1: Label
+//	"select": A combo box.
+//	  Arguments:
+//	    1: Label
+//	    2+: Combo box items
+//	"toggle": A checkbox.
+//	  Arguments:
+//	    1: Label
 //
 // Options:
-//   "+format:<value>": Controls how the value is substituted into the install
-//                      command. Within the format text, {{ value }} will be
-//                      replaced with the user input. Defaults to '{{ value }}'
-//   "+required": Marks the input is required.
-//   "+omitEmpty": If the value is "falsy" ('', 'false', etc), the argument
-//                 will be omitted from the install command.
-//   "+default:<value>": Adds a default value to the input.
+//
+//	"+format:<value>": Controls how the value is substituted into the install
+//	                   command. Within the format text, {{ value }} will be
+//	                   replaced with the user input. Defaults to '{{ value }}'
+//	"+required": Marks the input is required.
+//	"+omitEmpty": If the value is "falsy" ('', 'false', etc), the argument
+//	              will be omitted from the install command.
+//	"+default:<value>": Adds a default value to the input.
 func Arg(kind ArgKind, args ...string) (string, error) {
 	opts, remaining, err := extractOptions(args...)
 	if err != nil {

pkg/ecdh/ecdh.go

@@ -51,7 +51,9 @@ func NewEphemeralKeyPair() EphemeralKeyPair {
 // another party's ephemeral public key obtained from ECDH.
 //
 // The secret is computed using the following KDF (similar to libsodium):
-//  blake2b-512(q || client-pub || server-pub).
+//
+//	blake2b-512(q || client-pub || server-pub).
+//
 // where q is the 32-byte x25519 shared secret.
 //
 // The client and server's public keys must be ordered the same way on both

pkg/plugins/hooks/doc.go

@@ -3,25 +3,27 @@
 //
 // Hook types:
 //
-// PluginLoadHook
-// 	This hook is invoked whenever a plugin is loaded by the plugin loader.
+// # PluginLoadHook
 //
-//  Use the OnLoad* methods to construct a new PluginLoadHook with the type
-//  of the plugin you want to be notified for. Known plugin types can be
-//  found in pkg/plugins/types.
+// This hook is invoked whenever a plugin is loaded by the plugin loader.
 //
-//  Load hooks will be invoked exactly once per plugin, per hook, in a separate
-//  goroutine. All load hooks for a particular event are run in parallel.
+// Use the OnLoad* methods to construct a new PluginLoadHook with the type
+// of the plugin you want to be notified for. Known plugin types can be
+// found in pkg/plugins/types.
 //
-//  Load hooks should not block for an extended period of time. When a plugin
-//  is loaded, it will block until all hooks have completed (returned). Blocking
-//  inside a hook can cause delays in the loading process or deadlock. Hooks
-//  can be registered during other hook callbacks, but take care to avoid
-//  deadlocks.
+// Load hooks will be invoked exactly once per plugin, per hook, in a separate
+// goroutine. All load hooks for a particular event are run in parallel.
 //
-// LoadingCompletedHook
-// 	This hook is invoked after all plugins have been loaded, which occurs when
-//  all load hooks for all plugins have completed (returned).
+// Load hooks should not block for an extended period of time. When a plugin
+// is loaded, it will block until all hooks have completed (returned). Blocking
+// inside a hook can cause delays in the loading process or deadlock. Hooks
+// can be registered during other hook callbacks, but take care to avoid
+// deadlocks.
+//
+// # LoadingCompletedHook
+//
+// This hook is invoked after all plugins have been loaded, which occurs when
+// all load hooks for all plugins have completed (returned).
 //
 // Use the OnLoadingCompleted method to construct a new LoadingCompletedHook.
 //

pkg/util/notifier/periodic_test.go

@@ -12,7 +12,7 @@ import (
 	"github.com/rancher/opni/pkg/util/notifier"
 )
 
-//FIXME:
+// FIXME:
 type MockClone struct {
 	a int
 }

pkg/util/notifier/types.go

@@ -1,4 +1,4 @@
-/// Package for abstracting agent downstream updates and notifying upstream
+// Package for abstracting agent downstream updates and notifying upstream
 package notifier
 
 import (

plugins/alerting/pkg/alerting/api_endpoints.go

@@ -128,7 +128,7 @@ func (p *Plugin) DeleteAlertEndpoint(ctx context.Context, ref *corev1.Reference)
 	return &emptypb.Empty{}, nil
 }
 
-//TODO
+// TODO
 func (p *Plugin) TestAlertEndpoint(ctx context.Context, req *alertingv1alpha.TestAlertEndpointRequest) (*alertingv1alpha.TestAlertEndpointResponse, error) {
 	// - Create Endpoint
 	// - Trigger it using httpv2 api

plugins/alerting/pkg/alerting/condition_handlers.go

@@ -1,6 +1,6 @@
 /*
-  - Functions that handle each endpoint implementation update case
-  - Functions that handle each alert condition case
+- Functions that handle each endpoint implementation update case
+- Functions that handle each alert condition case
 */
 package alerting
 

plugins/alerting/pkg/alerting/endpoint_backend.go

@@ -235,9 +235,8 @@ func (a *AlertManagerAPI) IsHealthy() bool {
 }
 
 // WithHttpV2
-//## OpenAPI reference
+// ## OpenAPI reference
 // https://github.com/prometheus/alertmanager/blob/main/api/v2/openapi.yaml
-//
 func (a *AlertManagerAPI) WithHttpV2() *AlertManagerAPI {
 	a.Api = v2
 	return a