fix: validate webhook certs before starting operator (#806)

.golangci.yml

@@ -6,6 +6,7 @@ linters-settings:
     locale: US
 
 linters:
+  disable-all: true
   enable:
     - typecheck
     - goimports
@@ -16,6 +17,12 @@ linters:
     - gosimple
     - deadcode
     - structcheck
+    - gomodguard
+    - gofmt
+    - unused
+    - structcheck
+    - unconvert
+    - varcheck
 
 issues:
   exclude-use-default: false

Makefile

@@ -70,7 +70,11 @@ regen-crd-docs:
 
 plugin: regen-crd
 	@echo "Building 'kubectl-minio' binary"
-	@(cd $(PLUGIN_HOME); go build -o kubectl-minio main.go)
+	@(cd $(PLUGIN_HOME); \
+		go vet ./... && \
+		go test -race ./... && \
+		GO111MODULE=on ${GOPATH}/bin/golangci-lint cache clean && \
+		GO111MODULE=on ${GOPATH}/bin/golangci-lint run --timeout=5m --config ../.golangci.yml)
 
 .PHONY: logsearchapi
 logsearchapi:

kubectl-minio/cmd/delete.go

@@ -20,11 +20,9 @@ package cmd
 
 import (
 	"bufio"
-	"context"
 	"errors"
 	"fmt"
 	"io"
-	"log"
 	"os"
 	"os/exec"
 	"strings"
@@ -33,21 +31,11 @@ import (
 	"sigs.k8s.io/kustomize/api/types"
 	"sigs.k8s.io/yaml"
 
-	"k8s.io/apimachinery/pkg/api/meta"
 	"k8s.io/klog/v2"
 
-	rbacv1 "k8s.io/api/rbac/v1"
-	apiextension "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/runtime/schema"
-	"k8s.io/client-go/dynamic"
-	"k8s.io/client-go/restmapper"
-
 	"github.com/minio/kubectl-minio/cmd/helpers"
 	"github.com/minio/kubectl-minio/cmd/resources"
 	"github.com/spf13/cobra"
-
-	"k8s.io/apimachinery/pkg/runtime"
 )
 
 const (
@@ -61,7 +49,6 @@ type deleteCmd struct {
 	errOut       io.Writer
 	output       bool
 	operatorOpts resources.OperatorOptions
-	steps        []runtime.Object
 }
 
 func newDeleteCmd(out io.Writer, errOut io.Writer) *cobra.Command {
@@ -73,7 +60,7 @@ func newDeleteCmd(out io.Writer, errOut io.Writer) *cobra.Command {
 		Long:    deleteDesc,
 		Example: deleteExample,
 		PreRunE: func(cmd *cobra.Command, args []string) error {
-			if !helpers.Ask(fmt.Sprintf("Are you sure you want to delete ALL the MinIO Tenants and MinIO Operator?")) {
+			if !helpers.Ask("Are you sure you want to delete ALL the MinIO Tenants and MinIO Operator?") {
 				return fmt.Errorf(Bold("Aborting Operator deletion\n"))
 			}
 			return nil
@@ -118,12 +105,20 @@ func (o *deleteCmd) run(writer io.Writer) error {
 	if o.operatorOpts.Namespace != "" {
 		kustomizationYaml.Namespace = o.operatorOpts.Namespace
 	}
+
 	// Compile the kustomization to a file and create on the in memory filesystem
-	kustYaml, _ := yaml.Marshal(kustomizationYaml)
+	kustYaml, err := yaml.Marshal(kustomizationYaml)
+	if err != nil {
+		return err
+	}
+
 	kustFile, err := inMemSys.Create("kustomization.yaml")
+	if err != nil {
+		return err
+	}
+
 	_, err = kustFile.Write(kustYaml)
 	if err != nil {
-		log.Println(err)
 		return err
 	}
 
@@ -144,8 +139,7 @@ func (o *deleteCmd) run(writer io.Writer) error {
 
 	if o.output {
 		_, err = writer.Write(yml)
-		//done
-		return nil
+		return err
 	}
 
 	// do kubectl apply
@@ -180,65 +174,3 @@ func (o *deleteCmd) run(writer io.Writer) error {
 
 	return nil
 }
-
-func deleteConsoleResources(opts resources.OperatorOptions, clientset *apiextension.Clientset, dynClient dynamic.Interface, consoleResources []runtime.Object) error {
-	ctx, cancel := context.WithCancel(context.Background())
-	defer cancel()
-
-	groupResources, err := restmapper.GetAPIGroupResources(clientset.Discovery())
-	if err != nil {
-		klog.Info(err)
-		return errors.New("Cannot get group resources")
-	}
-	rm := restmapper.NewDiscoveryRESTMapper(groupResources)
-
-	for _, obj := range consoleResources {
-		gvk := obj.GetObjectKind().GroupVersionKind()
-		gk := schema.GroupKind{Group: gvk.Group, Kind: gvk.Kind}
-
-		mapping, err := rm.RESTMapping(gk, gvk.Version)
-
-		// convert the runtime.Object to unstructured.Unstructured
-		unstructuredObj, err := runtime.DefaultUnstructuredConverter.ToUnstructured(obj)
-		if err != nil {
-			return err
-		}
-		var resourceName string
-		if metaobj, ok := unstructuredObj["metadata"]; ok {
-			mtobj := metaobj.(map[string]interface{})
-			if name, ok2 := mtobj["name"]; ok2 {
-				resourceName = name.(string)
-			}
-		}
-
-		switch obj.(type) {
-		case *rbacv1.ClusterRoleBinding:
-			if err := clusterScopeDelete(dynClient, mapping, ctx, resourceName); err != nil {
-				return err
-			}
-		case *rbacv1.ClusterRole:
-			if err := clusterScopeDelete(dynClient, mapping, ctx, resourceName); err != nil {
-				return err
-			}
-		default:
-			if err := namespaceScopeDelete(opts, dynClient, mapping, ctx, resourceName); err != nil {
-				return err
-			}
-		}
-	}
-	return nil
-}
-
-func clusterScopeDelete(dynClient dynamic.Interface, mapping *meta.RESTMapping, ctx context.Context, name string) error {
-	if err := dynClient.Resource(mapping.Resource).Delete(ctx, name, metav1.DeleteOptions{}); err != nil {
-		return err
-	}
-	return nil
-}
-
-func namespaceScopeDelete(opts resources.OperatorOptions, dynClient dynamic.Interface, mapping *meta.RESTMapping, ctx context.Context, name string) error {
-	if err := dynClient.Resource(mapping.Resource).Namespace(opts.Namespace).Delete(ctx, name, metav1.DeleteOptions{}); err != nil {
-		return err
-	}
-	return nil
-}

kubectl-minio/cmd/helpers/helpers.go

@@ -95,8 +95,7 @@ func GetKubeDynamicClient() (dynamic.Interface, error) {
 		return nil, err
 	}
 
-	dynClient, err := dynamic.NewForConfig(config)
-	return dynClient, nil
+	return dynamic.NewForConfig(config)
 }
 
 // GetKubeOperatorClient provides k8s client for operator

kubectl-minio/cmd/init.go

@@ -24,7 +24,6 @@ import (
 	"errors"
 	"fmt"
 	"io"
-	"log"
 	"os"
 	"os/exec"
 	"strings"
@@ -41,10 +40,8 @@ import (
 
 	"github.com/minio/kubectl-minio/cmd/helpers"
 	"github.com/minio/kubectl-minio/cmd/resources"
-	rsc "github.com/minio/operator/resources"
 	"github.com/spf13/cobra"
 
-	"k8s.io/apimachinery/pkg/runtime"
 	"sigs.k8s.io/kustomize/api/krusty"
 )
 
@@ -59,7 +56,6 @@ type operatorInitCmd struct {
 	errOut       io.Writer
 	output       bool
 	operatorOpts resources.OperatorOptions
-	steps        []runtime.Object
 }
 
 func newInitCmd(out io.Writer, errOut io.Writer) *cobra.Command {
@@ -99,19 +95,13 @@ func newInitCmd(out io.Writer, errOut io.Writer) *cobra.Command {
 	return cmd
 }
 
-var resourcesFS = rsc.GetStaticResources()
-
-type OpInt struct {
-	Op    string `json:"op"`
-	Path  string `json:"path"`
-	Value int    `json:"value"`
-}
-type OpStr struct {
+type opStr struct {
 	Op    string `json:"op"`
 	Path  string `json:"path"`
 	Value string `json:"value"`
 }
-type OpInterface struct {
+
+type opInterface struct {
 	Op    string      `json:"op"`
 	Path  string      `json:"path"`
 	Value interface{} `json:"value"`
@@ -140,21 +130,21 @@ func (o *operatorInitCmd) run(writer io.Writer) error {
 	var operatorDepPatches []interface{}
 	// create patches for the supplied arguments
 	if o.operatorOpts.Image != "" {
-		operatorDepPatches = append(operatorDepPatches, OpStr{
+		operatorDepPatches = append(operatorDepPatches, opStr{
 			Op:    "replace",
 			Path:  "/spec/template/spec/containers/0/image",
 			Value: o.operatorOpts.Image,
 		})
 	}
 	// create an empty array
-	operatorDepPatches = append(operatorDepPatches, OpInterface{
+	operatorDepPatches = append(operatorDepPatches, opInterface{
 		Op:    "add",
 		Path:  "/spec/template/spec/containers/0/env",
 		Value: []interface{}{},
 	})
 
 	if o.operatorOpts.ClusterDomain != "" {
-		operatorDepPatches = append(operatorDepPatches, OpInterface{
+		operatorDepPatches = append(operatorDepPatches, opInterface{
 			Op:   "add",
 			Path: "/spec/template/spec/containers/0/env/0",
 			Value: corev1.EnvVar{
@@ -164,7 +154,7 @@ func (o *operatorInitCmd) run(writer io.Writer) error {
 		})
 	}
 	if o.operatorOpts.NSToWatch != "" {
-		operatorDepPatches = append(operatorDepPatches, OpInterface{
+		operatorDepPatches = append(operatorDepPatches, opInterface{
 			Op:   "add",
 			Path: "/spec/template/spec/containers/0/env/0",
 			Value: corev1.EnvVar{
@@ -174,7 +164,7 @@ func (o *operatorInitCmd) run(writer io.Writer) error {
 		})
 	}
 	if o.operatorOpts.TenantMinIOImage != "" {
-		operatorDepPatches = append(operatorDepPatches, OpInterface{
+		operatorDepPatches = append(operatorDepPatches, opInterface{
 			Op:   "add",
 			Path: "/spec/template/spec/containers/0/env/0",
 			Value: corev1.EnvVar{
@@ -184,7 +174,7 @@ func (o *operatorInitCmd) run(writer io.Writer) error {
 		})
 	}
 	if o.operatorOpts.TenantConsoleImage != "" {
-		operatorDepPatches = append(operatorDepPatches, OpInterface{
+		operatorDepPatches = append(operatorDepPatches, opInterface{
 			Op:   "add",
 			Path: "/spec/template/spec/containers/0/env/0",
 			Value: corev1.EnvVar{
@@ -194,7 +184,7 @@ func (o *operatorInitCmd) run(writer io.Writer) error {
 		})
 	}
 	if o.operatorOpts.TenantKesImage != "" {
-		operatorDepPatches = append(operatorDepPatches, OpInterface{
+		operatorDepPatches = append(operatorDepPatches, opInterface{
 			Op:   "add",
 			Path: "/spec/template/spec/containers/0/env/0",
 			Value: corev1.EnvVar{
@@ -204,7 +194,7 @@ func (o *operatorInitCmd) run(writer io.Writer) error {
 		})
 	}
 	if o.operatorOpts.ImagePullSecret != "" {
-		operatorDepPatches = append(operatorDepPatches, OpInterface{
+		operatorDepPatches = append(operatorDepPatches, opInterface{
 			Op:    "add",
 			Path:  "/spec/template/spec/imagePullSecrets",
 			Value: []corev1.LocalObjectReference{{Name: o.operatorOpts.ImagePullSecret}},
@@ -213,7 +203,7 @@ func (o *operatorInitCmd) run(writer io.Writer) error {
 	// attach the patches to the kustomization file
 	if len(operatorDepPatches) > 0 {
 		kustomizationYaml.PatchesJson6902 = append(kustomizationYaml.PatchesJson6902, types.Patch{
-			Patch: o.serializeJsonPachOps(operatorDepPatches),
+			Patch: o.serializeJSONPachOps(operatorDepPatches),
 			Target: &types.Selector{
 				Gvk: resid.Gvk{
 					Group:   "apps",
@@ -228,8 +218,8 @@ func (o *operatorInitCmd) run(writer io.Writer) error {
 	if o.operatorOpts.ConsoleImage != "" {
 
 		kustomizationYaml.PatchesJson6902 = append(kustomizationYaml.PatchesJson6902, types.Patch{
-			Patch: o.serializeJsonPachOps([]interface{}{
-				OpStr{
+			Patch: o.serializeJSONPachOps([]interface{}{
+				opStr{
 					Op:    "replace",
 					Path:  "/spec/template/spec/containers/0/image",
 					Value: o.operatorOpts.ConsoleImage,
@@ -250,11 +240,18 @@ func (o *operatorInitCmd) run(writer io.Writer) error {
 		kustomizationYaml.Namespace = o.operatorOpts.Namespace
 	}
 	// Compile the kustomization to a file and create on the in memory filesystem
-	kustYaml, _ := yaml.Marshal(kustomizationYaml)
+	kustYaml, err := yaml.Marshal(kustomizationYaml)
+	if err != nil {
+		return err
+	}
+
 	kustFile, err := inMemSys.Create("kustomization.yaml")
+	if err != nil {
+		return err
+	}
+
 	_, err = kustFile.Write(kustYaml)
 	if err != nil {
-		log.Println(err)
 		return err
 	}
 
@@ -275,8 +272,7 @@ func (o *operatorInitCmd) run(writer io.Writer) error {
 
 	if o.output {
 		_, err = writer.Write(yml)
-		//done
-		return nil
+		return err
 	}
 
 	// do kubectl apply
@@ -326,7 +322,7 @@ func (o *operatorInitCmd) run(writer io.Writer) error {
 	return nil
 }
 
-func (o *operatorInitCmd) serializeJsonPachOps(jp []interface{}) string {
-	jpJson, _ := json.Marshal(jp)
-	return string(jpJson)
+func (o *operatorInitCmd) serializeJSONPachOps(jp []interface{}) string {
+	jpJSON, _ := json.Marshal(jp)
+	return string(jpJSON)
 }

kubectl-minio/cmd/kubectl-minio.go

@@ -23,7 +23,6 @@ import (
 
 	"github.com/spf13/cobra"
 	"k8s.io/cli-runtime/pkg/genericclioptions"
-	"k8s.io/client-go/kubernetes"
 
 	// Workaround for auth import issues refer https://github.com/minio/operator/issues/283
 	_ "k8s.io/client-go/plugin/pkg/client/auth"
@@ -32,12 +31,6 @@ import (
 	"github.com/minio/kubectl-minio/cmd/helpers"
 )
 
-var (
-	kubeConfig string
-	namespace  string
-	kubeClient *kubernetes.Clientset
-)
-
 const (
 	minioDesc  = `Deploy and manage the multi tenant, S3 API compatible object storage on Kubernetes`
 	kubeconfig = "kubeconfig"