fix golangci-lint errors

Signed-off-by: Tim Ramlot <[email protected]>

.golangci.yaml

@@ -1,12 +1,3 @@
-issues:
-  exclude-rules:
-    - linters:
-        - errcheck
-        - gci
-        - gosec
-        - protogetter
-        - staticcheck
-      text: ".*"
 linters:
   # Explicitly define all enabled linters
   disable-all: true

internal/controllers/signer.go

@@ -40,11 +40,8 @@ var (
 	errHealthCheckerBuilder = errors.New("failed to build the healthchecker")
 	errHealthCheckerCheck   = errors.New("healthcheck failed")
 
-	errIssuerRef      = errors.New("error interpreting issuerRef")
-	errGetIssuer      = errors.New("error getting issuer")
-	errIssuerNotReady = errors.New("issuer is not ready")
-	errSignerBuilder  = errors.New("failed to build the signer")
-	errSignerSign     = errors.New("failed to sign")
+	errSignerBuilder = errors.New("failed to build the signer")
+	errSignerSign    = errors.New("failed to sign")
 )
 
 type HealthChecker interface {

main.go

@@ -23,15 +23,11 @@ import (
 	"fmt"
 	"os"
 
-	// Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.)
-	// to ensure that exec-entrypoint and run can make use of them.
-	_ "k8s.io/client-go/plugin/pkg/client/auth"
-	"k8s.io/klog/v2"
-
 	cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
+	"k8s.io/klog/v2"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/healthz"
 	"sigs.k8s.io/controller-runtime/pkg/log/zap"
@@ -42,55 +38,70 @@ import (
 	"github.com/cert-manager/sample-external-issuer/internal/controllers"
 	"github.com/cert-manager/sample-external-issuer/internal/signer"
 	"github.com/cert-manager/sample-external-issuer/internal/version"
-	//+kubebuilder:scaffold:imports
+
+	// Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.)
+	// to ensure that exec-entrypoint and run can make use of them.
+	_ "k8s.io/client-go/plugin/pkg/client/auth"
 )
 
 const inClusterNamespacePath = "/var/run/secrets/kubernetes.io/serviceaccount/namespace"
 
+type options struct {
+	metricsAddr              string
+	probeAddr                string
+	enableLeaderElection     bool
+	clusterResourceNamespace string
+	printVersion             bool
+	disableApprovedCheck     bool
+}
+
 func main() {
-	var metricsAddr string
-	var probeAddr string
-	var enableLeaderElection bool
-	var clusterResourceNamespace string
-	var printVersion bool
-	var disableApprovedCheck bool
-
-	flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.")
-	flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.")
-	flag.BoolVar(&enableLeaderElection, "leader-elect", false,
+	opts := options{}
+	flag.StringVar(&opts.metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.")
+	flag.StringVar(&opts.probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.")
+	flag.BoolVar(&opts.enableLeaderElection, "leader-elect", false,
 		"Enable leader election for controller manager. "+
 			"Enabling this will ensure there is only one active controller manager.")
-	flag.StringVar(&clusterResourceNamespace, "cluster-resource-namespace", "", "The namespace for secrets in which cluster-scoped resources are found.")
-	flag.BoolVar(&printVersion, "version", false, "Print version to stdout and exit")
-	flag.BoolVar(&disableApprovedCheck, "disable-approved-check", false,
+	flag.StringVar(&opts.clusterResourceNamespace, "cluster-resource-namespace", "", "The namespace for secrets in which cluster-scoped resources are found.")
+	flag.BoolVar(&opts.printVersion, "version", false, "Print version to stdout and exit")
+	flag.BoolVar(&opts.disableApprovedCheck, "disable-approved-check", false,
 		"Disables waiting for CertificateRequests to have an approved condition before signing.")
 
 	// Options for configuring logging
-	opts := zap.Options{}
-	opts.BindFlags(flag.CommandLine)
+	loggerOpts := zap.Options{}
+	loggerOpts.BindFlags(flag.CommandLine)
 
 	flag.Parse()
 
-	logr := zap.New(zap.UseFlagOptions(&opts))
+	logr := zap.New(zap.UseFlagOptions(&loggerOpts))
 
 	klog.SetLogger(logr)
 	ctrl.SetLogger(logr)
 
 	logr.Info("Version", "version", version.Version)
 
-	if printVersion {
+	if opts.printVersion {
 		return
 	}
 
+	if err := Main(logr, opts); err != nil {
+		logr.Error(err, "error running manager")
+		os.Exit(1)
+	}
+}
+
+func Main(
+	logr klog.Logger,
+	opts options,
+) error {
 	setupLog := logr.WithName("setup")
 
-	if err := getInClusterNamespace(&clusterResourceNamespace); err != nil {
+	if err := getInClusterNamespace(&opts.clusterResourceNamespace); err != nil {
 		if errors.Is(err, errNotInCluster) {
-			setupLog.Error(err, "please supply --cluster-resource-namespace")
+			return fmt.Errorf("please supply --cluster-resource-namespace: %w", err)
 		} else {
-			setupLog.Error(err, "unexpected error while getting in-cluster Namespace")
+			return fmt.Errorf("unexpected error while getting in-cluster Namespace: %w", err)
 		}
-		os.Exit(1)
 	}
 
 	scheme := runtime.NewScheme()
@@ -102,21 +113,21 @@ func main() {
 	setupLog.Info(
 		"starting",
 		"version", version.Version,
-		"enable-leader-election", enableLeaderElection,
-		"metrics-addr", metricsAddr,
-		"cluster-resource-namespace", clusterResourceNamespace,
+		"enable-leader-election", opts.enableLeaderElection,
+		"metrics-addr", opts.metricsAddr,
+		"cluster-resource-namespace", opts.clusterResourceNamespace,
 	)
 
 	mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{
 		Scheme: scheme,
 		Metrics: server.Options{
-			BindAddress: metricsAddr,
+			BindAddress: opts.metricsAddr,
 		},
 		WebhookServer: webhook.NewServer(webhook.Options{
 			Port: 9443,
 		}),
-		HealthProbeBindAddress: probeAddr,
-		LeaderElection:         enableLeaderElection,
+		HealthProbeBindAddress: opts.probeAddr,
+		LeaderElection:         opts.enableLeaderElection,
 		LeaderElectionID:       "54c549fd.sample-external-issuer",
 		// LeaderElectionReleaseOnCancel defines if the leader should step down voluntarily
 		// when the Manager ends. This requires the binary to immediately end when the
@@ -131,8 +142,7 @@ func main() {
 		LeaderElectionReleaseOnCancel: true,
 	})
 	if err != nil {
-		setupLog.Error(err, "unable to start manager")
-		os.Exit(1)
+		return fmt.Errorf("unable to start manager: %w", err)
 	}
 
 	ctx, cancel := context.WithCancel(ctrl.SetupSignalHandler())
@@ -141,28 +151,26 @@ func main() {
 	if err = (&controllers.Issuer{
 		HealthCheckerBuilder:     signer.ExampleHealthCheckerFromIssuerAndSecretData,
 		SignerBuilder:            signer.ExampleSignerFromIssuerAndSecretData,
-		ClusterResourceNamespace: clusterResourceNamespace,
+		ClusterResourceNamespace: opts.clusterResourceNamespace,
 	}).SetupWithManager(ctx, mgr); err != nil {
-		setupLog.Error(err, "unable to create Signer controllers")
-		os.Exit(1)
+		return fmt.Errorf("unable to create Signer controllers: %w", err)
 	}
 
 	// +kubebuilder:scaffold:builder
 
 	if err := mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil {
-		setupLog.Error(err, "unable to set up health check")
-		os.Exit(1)
+		return fmt.Errorf("unable to set up health check: %w", err)
 	}
 	if err := mgr.AddReadyzCheck("readyz", healthz.Ping); err != nil {
-		setupLog.Error(err, "unable to set up ready check")
-		os.Exit(1)
+		return fmt.Errorf("unable to set up ready check: %w", err)
 	}
 
 	setupLog.Info("starting manager")
 	if err := mgr.Start(ctx); err != nil {
-		setupLog.Error(err, "problem running manager")
-		os.Exit(1)
+		return fmt.Errorf("problem running manager: %w", err)
 	}
+
+	return nil
 }
 
 var errNotInCluster = errors.New("not running in-cluster")