core: fix golangci linter

fix golangci linter

Signed-off-by: subhamkrai <[email protected]>

cmd/rook/rook/rook.go

@@ -209,7 +209,7 @@ func TerminateFatal(reason error) {
 	if err != nil {
 		fmt.Fprintln(os.Stderr, fmt.Errorf("failed to write message to termination log: %v", err))
 	} else {
-		// #nosec G307 Calling defer to close the file without checking the error return is not a risk for a simple file open and close
+		//nolint:gosec // Calling defer to close the file without checking the error return is not a risk for a simple file open and close
 		defer file.Close()
 		if _, err = file.WriteString(reason.Error()); err != nil {
 			fmt.Fprintln(os.Stderr, fmt.Errorf("failed to write message to termination log: %v", err))

pkg/daemon/ceph/client/filesystem_mirror_test.go

@@ -29,7 +29,7 @@ import (
 
 var (
 	// response of "ceph fs snapshot mirror peer_bootstrap create myfs2 client.mirror test"
-	// #nosec G101 since this is not leaking any credentials
+	//nolint:gosec // since this is not leaking any credentials
 	fsMirrorToken = `{"token": "eyJmc2lkIjogIjgyYjdlZDkyLTczYjAtNGIyMi1hOGI3LWVkOTQ4M2UyODc1NiIsICJmaWxlc3lzdGVtIjogIm15ZnMyIiwgInVzZXIiOiAiY2xpZW50Lm1pcnJvciIsICJzaXRlX25hbWUiOiAidGVzdCIsICJrZXkiOiAiQVFEVVAxSmdqM3RYQVJBQWs1cEU4cDI1ZUhld2lQK0ZXRm9uOVE9PSIsICJtb25faG9zdCI6ICJbdjI6MTAuOTYuMTQyLjIxMzozMzAwLHYxOjEwLjk2LjE0Mi4yMTM6Njc4OV0sW3YyOjEwLjk2LjIxNy4yMDc6MzMwMCx2MToxMC45Ni4yMTcuMjA3OjY3ODldLFt2MjoxMC45OS4xMC4xNTc6MzMwMCx2MToxMC45OS4xMC4xNTc6Njc4OV0ifQ=="}`
 
 	// response of "ceph fs snapshot mirror daemon status myfs"

pkg/daemon/ceph/osd/kms/ibm_key_protect.go

@@ -23,14 +23,13 @@ import (
 
 const (
 	TypeIBM = "ibmkeyprotect"
-	// IbmKeyProtectServiceApiKey is the IBM Key Protect service API key
+	//nolint:gosec // IbmKeyProtectServiceApiKey is the IBM Key Protect service API key
 	IbmKeyProtectServiceApiKey = "IBM_KP_SERVICE_API_KEY"
-	// IbmKeyProtectInstanceIdKey is the IBM Key Protect instance id
+	//nolint:gosec // IbmKeyProtectInstanceIdKey is the IBM Key Protect instance id
 	IbmKeyProtectInstanceIdKey = "IBM_KP_SERVICE_INSTANCE_ID"
-	// IbmKeyProtectBaseUrlKey is the IBM Key Protect base url
+	//nolint:gosec // IbmKeyProtectBaseUrlKey is the IBM Key Protect base url
 	IbmKeyProtectBaseUrlKey = "IBM_KP_BASE_URL"
-	// IbmKeyProtectTokenUrlKey is the IBM Key Protect token url
-	// #nosec G101 since it's just an URL
+	//nolint:gosec // IbmKeyProtectTokenUrlKey is the IBM Key Protect token url
 	IbmKeyProtectTokenUrlKey = "IBM_KP_TOKEN_URL"
 )
 

pkg/daemon/ceph/osd/kms/k8s.go

@@ -28,14 +28,13 @@ import (
 )
 
 const (
-	// OsdEncryptionSecretNameKeyName is the key name of the Secret that contains the OSD encryption key
-	// #nosec G101 since this is not leaking any hardcoded credentials, it's just the secret key name
+	//nolint:gosec // OsdEncryptionSecretNameKeyName is the key name of the Secret that contains the OSD encryption key
 	OsdEncryptionSecretNameKeyName = "dmcrypt-key"
 
-	// #nosec G101 since this is not leaking any hardcoded credentials, it's just the prefix of the secret name
+	//nolint:gosec // since this is not leaking any hardcoded credentials, it's just the prefix of the secret name
 	osdEncryptionSecretNamePrefix = "rook-ceph-osd-encryption-key"
 
-	// KMSTokenSecretNameKey is the key name of the Secret that contains the KMS authentication token
+	//nolint:gosec // KMSTokenSecretNameKey is the key name of the Secret that contains the KMS authentication token,
 	KMSTokenSecretNameKey = "token"
 )
 

pkg/daemon/ceph/osd/kms/vault.go

@@ -202,7 +202,7 @@ func put(v secrets.Secrets, secretName, secretValue string, keyContext map[strin
 	data := make(map[string]interface{})
 	data[secretName] = secretValue
 
-	// #nosec G104 Write the encryption key in Vault
+	//nolint:gosec // Write the encryption key in Vault
 	err = v.PutSecret(secretName, data, keyContext)
 	if err != nil {
 		return errors.Wrapf(err, "failed to put secret %q in vault", secretName)
@@ -212,7 +212,7 @@ func put(v secrets.Secrets, secretName, secretValue string, keyContext map[strin
 }
 
 func get(v secrets.Secrets, secretName string, keyContext map[string]string) (string, error) {
-	// #nosec G104 Write the encryption key in Vault
+	//nolint:gosec // Write the encryption key in Vault
 	s, err := v.GetSecret(secretName, keyContext)
 	if err != nil {
 		return "", err
@@ -222,7 +222,7 @@ func get(v secrets.Secrets, secretName string, keyContext map[string]string) (st
 }
 
 func deleteSecret(v secrets.Secrets, secretName string, keyContext map[string]string) error {
-	// #nosec G104 Write the encryption key in Vault
+	//nolint:gosec // Write the encryption key in Vault
 	err := v.DeleteSecret(secretName, keyContext)
 	if err != nil {
 		return errors.Wrapf(err, "failed to delete secret %q in vault", secretName)

pkg/daemon/ceph/osd/volume.go

@@ -925,7 +925,7 @@ func readCVLogContent(cvLogFilePath string) string {
 		logger.Errorf("failed to open ceph-volume log file %q. %v", cvLogFilePath, err)
 		return ""
 	}
-	// #nosec G307 Calling defer to close the file without checking the error return is not a risk for a simple file open and close
+	//nolint:gosec // Calling defer to close the file without checking the error return is not a risk for a simple file open and close
 	defer cvLogFile.Close()
 
 	// Read c-v log file

pkg/daemon/ceph/util/util.go

@@ -47,7 +47,7 @@ func GetPortFromEndpoint(endpoint string) int32 {
 	if err != nil {
 		logger.Errorf("failed to split host and port for endpoint %q, assuming default Ceph port %q. %v", endpoint, portString, err)
 	} else {
-		// #nosec G109 using Atoi to convert type into int is not a real risk
+		//nolint:gosec // using Atoi to convert type into int is not a real risk
 		port, err = strconv.Atoi(portString)
 		if err != nil {
 			logger.Errorf("failed to convert %q to integer. %v", portString, err)

pkg/daemon/util/copybins.go

@@ -32,7 +32,7 @@ func CopyBinaries(target string) error {
 	return copyBinary(defaultRookDir, target, "rook")
 }
 
-// #nosec G307 Calling defer to close the file without checking the error return is not a risk for a simple file open and close
+//nolint:gosec // Calling defer to close the file without checking the error return is not a risk for a simple file open and close
 func copyBinary(sourceDir, targetDir, filename string) error {
 	sourcePath := path.Join(sourceDir, filename)
 	targetPath := path.Join(targetDir, filename)
@@ -67,6 +67,6 @@ func copyBinary(sourceDir, targetDir, filename string) error {
 	if err := destinationFile.Close(); err != nil {
 		return err
 	}
-	// #nosec targetPath requires the permission to execute
+	//nolint:gosec // targetPath requires the permission to execute
 	return os.Chmod(targetPath, 0700)
 }

pkg/operator/ceph/cluster/mgr/dashboard.go

@@ -43,7 +43,7 @@ const (
 	dashboardPortHTTPS  = 8443
 	dashboardPortHTTP   = 7000
 	dashboardUsername   = "admin"
-	// #nosec because of the word `Password`
+	//nolint:gosec // because of the word `Password`
 	dashboardPasswordName          = "rook-ceph-dashboard-password"
 	passwordLength                 = 20
 	passwordKeyName                = "password"
@@ -291,7 +291,7 @@ func (c *Cluster) getOrGenerateDashboardPassword() (string, error) {
 }
 
 func GeneratePassword(length int) (string, error) {
-	// #nosec because of the word password
+	//nolint:gosec // because of the word password
 	const passwordChars = "!\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~"
 	passwd, err := GenerateRandomBytes(length)
 	if err != nil {

pkg/operator/ceph/cluster/mon/mon.go

@@ -62,7 +62,7 @@ const (
 
 	// AppName is the name of the secret storing cluster mon.admin key, fsid and name
 	AppName = "rook-ceph-mon"
-	// OperatorCreds is the name of the secret
+	//nolint:gosec // OperatorCreds is the name of the secret
 	OperatorCreds     = "rook-ceph-operator-creds"
 	monClusterAttr    = "mon_cluster"
 	fsidSecretNameKey = "fsid"

pkg/operator/ceph/controller/mirror_peer.go

@@ -35,15 +35,15 @@ import (
 )
 
 const (
-	// #nosec G101 since this is not leaking any hardcoded credentials, it's just the prefix of the secret name
+	//nolint:gosec // since this is not leaking any hardcoded credentials, it's just the prefix of the secret name
 	poolMirrorBoostrapPeerSecretName = "pool-peer-token"
-	// #nosec G101 since this is not leaking any hardcoded credentials, it's just the prefix of the secret name
+	//nolint:gosec // since this is not leaking any hardcoded credentials, it's just the prefix of the secret name
 	fsMirrorBoostrapPeerSecretName = "fs-peer-token"
-	// #nosec G101 since this is not leaking any hardcoded credentials, it's just the prefix of the secret name
+	//nolint:gosec // // since this is not leaking any hardcoded credentials, it's just the prefix of the secret name
 	clusterMirrorBoostrapPeerSecretName = "cluster-peer-token"
-	// RBDMirrorBootstrapPeerSecretName #nosec G101 since this is not leaking any hardcoded credentials, it's just the prefix of the secret name
+	//nolint:gosec // since this is not leaking any hardcoded credentials, it's just the prefix of the secret name
 	RBDMirrorBootstrapPeerSecretName = "rbdMirrorBootstrapPeerSecretName"
-	// FSMirrorBootstrapPeerSecretName #nosec G101 since this is not leaking any hardcoded credentials, it's just the prefix of the secret name
+	//nolint:gosec // since this is not leaking any hardcoded credentials, it's just the prefix of the secret name
 	FSMirrorBootstrapPeerSecretName = "fsMirrorBootstrapPeerSecretName"
 )
 

pkg/operator/ceph/csi/peermap/config_test.go

@@ -160,13 +160,13 @@ const (
 	ns = "rook-ceph-primary"
 )
 
-// #nosec G101 fake token for peer cluster "peer1"
+//nolint:gosec // fake token for peer cluster "peer1"
 var fakeTokenPeer1 = "eyJmc2lkIjoiOWY1MjgyZGItYjg5OS00NTk2LTgwOTgtMzIwYzFmYzM5NmYzIiwiY2xpZW50X2lkIjoicmJkLW1pcnJvci1wZWVyIiwia2V5IjoiQVFBUnczOWQwdkhvQmhBQVlMM1I4RmR5dHNJQU50bkFTZ0lOTVE9PSIsIm1vbl9ob3N0IjoiW3YyOjE5Mi4xNjguMS4zOjY4MjAsdjE6MTkyLjE2OC4xLjM6NjgyMV0iLCAibmFtZXNwYWNlIjogInBlZXIxIn0="
 
-// #nosec G101 fake token for peer cluster "peer2"
+//nolint:gosec // fake token for peer cluster "peer2"
 var fakeTokenPeer2 = "eyJmc2lkIjoiOWY1MjgyZGItYjg5OS00NTk2LTgwOTgtMzIwYzFmYzM5NmYzIiwiY2xpZW50X2lkIjoicmJkLW1pcnJvci1wZWVyIiwia2V5IjoiQVFBUnczOWQwdkhvQmhBQVlMM1I4RmR5dHNJQU50bkFTZ0lOTVE9PSIsIm1vbl9ob3N0IjoiW3YyOjE5Mi4xNjguMS4zOjY4MjAsdjE6MTkyLjE2OC4xLjM6NjgyMV0iLCAibmFtZXNwYWNlIjogInBlZXIyIn0="
 
-// #nosec G101 fake token for peer cluster "peer3"
+//nolint:gosec // fake token for peer cluster "peer3"
 var fakeTokenPeer3 = "eyJmc2lkIjoiOWY1MjgyZGItYjg5OS00NTk2LTgwOTgtMzIwYzFmYzM5NmYzIiwiY2xpZW50X2lkIjoicmJkLW1pcnJvci1wZWVyIiwia2V5IjoiQVFBUnczOWQwdkhvQmhBQVlMM1I4RmR5dHNJQU50bkFTZ0lOTVE9PSIsIm1vbl9ob3N0IjoiW3YyOjE5Mi4xNjguMS4zOjY4MjAsdjE6MTkyLjE2OC4xLjM6NjgyMV0iLCAibmFtZXNwYWNlIjogInBlZXIzIn0="
 
 var peer1Secret = corev1.Secret{

pkg/operator/ceph/csi/secrets.go

@@ -26,15 +26,15 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
-// #nosec because of the word `Secret`
+//nolint:gosec // because of the word `Secret`
 const (
 	csiKeyringRBDProvisionerUsername = "client.csi-rbd-provisioner"
 	csiKeyringRBDNodeUsername        = "client.csi-rbd-node"
 	CsiRBDNodeSecret                 = "rook-csi-rbd-node"
 	CsiRBDProvisionerSecret          = "rook-csi-rbd-provisioner"
 )
 
-// #nosec because of the word `Secret`
+//nolint:gosec // because of the word `Secret`
 const (
 	csiKeyringCephFSProvisionerUsername = "client.csi-cephfs-provisioner"
 	csiKeyringCephFSNodeUsername        = "client.csi-cephfs-node"

pkg/operator/ceph/object/admin.go

@@ -95,7 +95,7 @@ func (c *debugHTTPClient) Do(req *http.Request) (*http.Response, error) {
 
 const (
 	// RGWAdminOpsUserSecretName is the secret name of the admin ops user
-	// #nosec G101 since this is not leaking any hardcoded credentials, it's just the secret name
+	//nolint:gosec // since this is not leaking any hardcoded credentials, it's just the secret name
 	RGWAdminOpsUserSecretName = "rgw-admin-ops-user"
 	rgwAdminOpsUserAccessKey  = "accessKey"
 	rgwAdminOpsUserSecretKey  = "secretKey"

pkg/operator/ceph/object/s3-handlers.go

@@ -197,7 +197,7 @@ func (s *S3Agent) DeleteObjectInBucket(bucketname string, key string) (bool, err
 }
 
 func BuildTransportTLS(tlsCert []byte, insecure bool) *http.Transport {
-	// #nosec G402 is enabled only for testing
+	//nolint:gosec // is enabled only for testing
 	tlsConfig := &tls.Config{MinVersion: tls.VersionTLS12, InsecureSkipVerify: insecure}
 	if len(tlsCert) > 0 {
 		caCertPool := x509.NewCertPool()

pkg/operator/ceph/object/spec.go

@@ -41,7 +41,7 @@ import (
 const (
 	readinessProbePath = "/swift/healthcheck"
 	serviceAccountName = "rook-ceph-rgw"
-	// #nosec G101 since this is not leaking any hardcoded details
+	//nolint:gosec // since this is not leaking any hardcoded details
 	setupVaultTokenFile = `
 set -e
 

pkg/operator/ceph/object/topic/provisioner.go

@@ -21,7 +21,7 @@ import (
 	"context"
 	"crypto/hmac"
 
-	// #nosec G505 sha1 is needed for v2 signatures
+	//nolint:gosec // sha1 is needed for v2 signatures
 	"crypto/sha1"
 	"encoding/base64"
 	"net/http"

pkg/operator/ceph/test/podspec.go

@@ -67,10 +67,10 @@ func NewPodSpecTester(t *testing.T, spec *v1.PodSpec) *PodSpecTester {
 func (ps *PodSpecTester) AssertVolumesMeetCephRequirements(
 	daemonType, daemonID string,
 ) {
-	// #nosec because of the word `Secret`
+	//nolint:gosec // because of the word `Secret`
 	keyringSecretName := fmt.Sprintf("rook-ceph-%s-%s-keyring", daemonType, daemonID)
 	if daemonType == config.MonType {
-		// #nosec because of the word `Secret`
+		//nolint:gosec // because of the word `Secret`
 		keyringSecretName = "rook-ceph-mons-keyring"
 	}
 	// CephFS mirror has no index so the daemon name is just "rook-ceph-fs-mirror"

pkg/util/exec/exec.go

@@ -74,7 +74,7 @@ func (*CommandExecutor) ExecuteCommandWithEnv(env []string, command string, arg
 // ExecuteCommandWithTimeout starts a process and wait for its completion with timeout.
 func (*CommandExecutor) ExecuteCommandWithTimeout(timeout time.Duration, command string, arg ...string) (string, error) {
 	logCommand(command, arg...)
-	// #nosec G204 Rook controls the input to the exec arguments
+	//nolint:gosec // Rook controls the input to the exec arguments
 	cmd := exec.Command(command, arg...)
 
 	var b bytes.Buffer
@@ -127,23 +127,23 @@ func (*CommandExecutor) ExecuteCommandWithTimeout(timeout time.Duration, command
 // ExecuteCommandWithOutput executes a command with output
 func (*CommandExecutor) ExecuteCommandWithOutput(command string, arg ...string) (string, error) {
 	logCommand(command, arg...)
-	// #nosec G204 Rook controls the input to the exec arguments
+	//nolint:gosec // Rook controls the input to the exec arguments
 	cmd := exec.Command(command, arg...)
 	return runCommandWithOutput(cmd, false)
 }
 
 // ExecuteCommandWithCombinedOutput executes a command with combined output
 func (*CommandExecutor) ExecuteCommandWithCombinedOutput(command string, arg ...string) (string, error) {
 	logCommand(command, arg...)
-	// #nosec G204 Rook controls the input to the exec arguments
+	//nolint:gosec // Rook controls the input to the exec arguments
 	cmd := exec.Command(command, arg...)
 	return runCommandWithOutput(cmd, true)
 }
 
 func startCommand(env []string, command string, arg ...string) (*exec.Cmd, io.ReadCloser, io.ReadCloser, error) {
 	logCommand(command, arg...)
 
-	// #nosec G204 Rook controls the input to the exec arguments
+	//nolint:gosec // Rook controls the input to the exec arguments
 	cmd := exec.Command(command, arg...)
 	stdout, err := cmd.StdoutPipe()
 	if err != nil {

tests/framework/installer/settings.go

@@ -59,7 +59,7 @@ func readManifestFromURL(url string) string {
 	var response *http.Response
 	var err error
 	for i := 1; i <= 3; i++ {
-		// #nosec G107 This is only test code and is expected to read from a url
+		//nolint:gosec // // This is only test code and is expected to read from a url
 		response, err = http.Get(url)
 		if err != nil {
 			if i == 3 {

tests/integration/ceph_base_object_test.go

@@ -38,7 +38,7 @@ import (
 )
 
 const (
-	// #nosec G101 since this is not leaking any hardcoded credentials, it's just the secret name
+	//nolint:gosec // since this is not leaking any hardcoded credentials, it's just the secret name
 	objectTLSSecretName = "rook-ceph-rgw-tls-test-store-csr"
 )