Merge pull request #27911 from jfrazelle/start-enable-golint

Automatic merge from submit-queue

Start verifying golint on a per-package basis as packages are fixed

<!--
Checklist for submitting a Pull Request

Please remove this comment block before submitting.

1. Please read our [contributor guidelines](https://github.com/kubernetes/kubernetes/blob/master/CONTRIBUTING.md).
2. See our [developer guide](https://github.com/kubernetes/kubernetes/blob/master/docs/devel/development.md).
3. If you want this PR to automatically close an issue when it is merged,
   add `fixes #<issue number>` or `fixes #<issue number>, fixes #<issue number>`
   to close multiple issues (see: https://github.com/blog/1506-closing-issues-via-pull-requests).
4. Follow the instructions for [labeling and writing a release note for this PR](https://github.com/kubernetes/kubernetes/blob/master/docs/devel/pull-requests.md#release-notes) in the block below.
-->

```release-note
Added `golint` for pkg/security/podsecuritypolicy/capabilities` along with validation.
```


[![Analytics](https://kubernetes-site.appspot.com/UA-36037335-10/GitHub/.github/PULL_REQUEST_TEMPLATE.md?pixel)]()

This is a POC to start enabling `golint` checks on a per-package basis, we did this on the docker project and it was a great way for new contributors to help and it benefits the project overall. All they have to do is add the package they fixed to the bash array in `hack/verify-golint.sh` and fix all the lint errors. 
Eventually when all the packages have been fixed we can change the function to `find_files`. Or something based off which files are changed in a patch set to verify `golint`.
Now I used this specific package as the POC because I wanted to show the downside of this changing the api of the package.
Most of the times this arose in docker/docker we decided that if someone wasn't importing their deps locally then it was their loss, but I'm not sure if you all will agree.

<!-- Reviewable:start -->
---
This change is [<img src="https://reviewable.kubernetes.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.kubernetes.io/reviews/kubernetes/kubernetes/27911)
<!-- Reviewable:end -->

hack/.linted_packages

@@ -0,0 +1,196 @@
+cluster/addons/fluentd-elasticsearch/es-image
+cmd/gendocs
+cmd/genkubedocs
+cmd/genman
+cmd/genswaggertypedocs
+cmd/integration
+cmd/kube-apiserver
+cmd/kube-apiserver/app
+cmd/kube-apiserver/app/options
+cmd/kube-controller-manager
+cmd/kube-controller-manager/app/options
+cmd/kubectl
+cmd/kube-dns
+cmd/kubelet
+cmd/kube-proxy
+cmd/kubernetes-discovery
+cmd/libs/go2idl/client-gen/generators
+cmd/libs/go2idl/client-gen/test_apis/testgroup.k8s.io/install
+cmd/libs/go2idl/client-gen/testoutput/clientset_generated/test_internalclientset/typed/testgroup.k8s.io/unversioned
+cmd/libs/go2idl/conversion-gen
+cmd/libs/go2idl/deepcopy-gen
+cmd/libs/go2idl/generator
+cmd/libs/go2idl/go-to-protobuf
+cmd/libs/go2idl/go-to-protobuf/protoc-gen-gogo
+cmd/libs/go2idl/import-boss
+cmd/libs/go2idl/parser
+cmd/libs/go2idl/set-gen
+cmd/libs/go2idl/set-gen/generators
+cmd/linkcheck
+contrib/mesos/cmd/k8sm-controller-manager
+contrib/mesos/cmd/k8sm-executor
+contrib/mesos/cmd/k8sm-scheduler
+contrib/mesos/pkg/executor/config
+contrib/mesos/pkg/flagutil
+contrib/mesos/pkg/scheduler/components/algorithm
+contrib/mesos/pkg/scheduler/service
+docs/user-guide/environment-guide/containers/backend
+docs/user-guide/environment-guide/containers/show
+docs/user-guide/liveness/image
+examples
+examples/apiserver/server
+examples/explorer
+examples/https-nginx
+examples/sharing-clusters
+federation/apis/core/install
+federation/apis/federation/install
+federation/cmd/federation-apiserver
+federation/cmd/federation-controller-manager
+federation/cmd/genfeddocs
+hack/cmd/teststale
+pkg/api
+pkg/api/annotations
+pkg/api/errors
+pkg/api/install
+pkg/apimachinery
+pkg/api/meta
+pkg/api/resource
+pkg/apis/abac/v0
+pkg/apis/apps/install
+pkg/apis/authentication/install
+pkg/apis/authentication.k8s.io/install
+pkg/apis/authorization/install
+pkg/apis/autoscaling/install
+pkg/apis/batch/install
+pkg/apis/certificates/install
+pkg/apis/componentconfig/install
+pkg/api/service
+pkg/apis/extensions/install
+pkg/apis/extensions/v1beta1
+pkg/apis/policy/install
+pkg/apis/rbac/install
+pkg/api/v1
+pkg/auth/authenticator
+pkg/auth/authorizer/union
+pkg/client/testing/core
+pkg/client/unversioned
+pkg/client/unversioned/adapters/internalclientset
+pkg/client/unversioned/auth
+pkg/client/unversioned/remotecommand
+pkg/cloudprovider/providers
+pkg/cloudprovider/providers/azure
+pkg/controller/framework
+pkg/controller/volume
+pkg/controller/volume/attachdetach/cache
+pkg/controller/volume/attachdetach/populator
+pkg/controller/volume/attachdetach/reconciler
+pkg/controller/volume/cache
+pkg/controller/volume/populator
+pkg/controller/volume/reconciler
+pkg/controller/volume/statusupdater
+pkg/conversion/queryparams
+pkg/credentialprovider/aws
+pkg/hyperkube
+pkg/kubelet/api
+pkg/kubelet/container
+pkg/kubelet/envvars
+pkg/kubelet/util/format
+pkg/kubelet/util/ioutils
+pkg/kubelet/volume
+pkg/kubelet/volume/cache
+pkg/kubelet/volumemanager
+pkg/kubelet/volumemanager/cache
+pkg/kubelet/volumemanager/populator
+pkg/kubelet/volumemanager/reconciler
+pkg/kubelet/volume/populator
+pkg/kubelet/volume/reconciler
+pkg/proxy/config
+pkg/quota/install
+pkg/registry
+pkg/registry/authorization/util
+pkg/registry/clusterrolebinding/etcd
+pkg/registry/clusterrole/etcd
+pkg/registry/configmap/etcd
+pkg/registry/endpoint
+pkg/registry/node/rest
+pkg/registry/pod/etcd
+pkg/registry/podsecuritypolicy/etcd
+pkg/registry/rangeallocation
+pkg/registry/rolebinding/etcd
+pkg/registry/role/etcd
+pkg/registry/serviceaccount
+pkg/registry/service/ipallocator/controller
+pkg/registry/service/ipallocator/etcd
+pkg/registry/thirdpartyresource
+pkg/registry/thirdpartyresource/etcd
+pkg/runtime
+pkg/runtime/serializer/json
+pkg/runtime/serializer/protobuf
+pkg/runtime/serializer/recognizer/testing
+pkg/runtime/serializer/versioning
+pkg/runtime/serializer/yaml
+pkg/security
+pkg/security/podsecuritypolicy/capabilities
+pkg/serviceaccount
+pkg/storage
+pkg/storage/etcd3
+pkg/storage/storagebackend/factory
+pkg/util/async
+pkg/util/certificates
+pkg/util/codeinspector
+pkg/util/crypto
+pkg/util/flock
+pkg/util/flushwriter
+pkg/util/goroutinemap
+pkg/util/hash
+pkg/util/homedir
+pkg/util/interrupt
+pkg/util/io
+pkg/util/json
+pkg/util/limitwriter
+pkg/util/logs
+pkg/util/validation/field
+pkg/util/workqueue
+pkg/volume
+pkg/volume/downwardapi
+pkg/volume/util/nestedpendingoperations
+pkg/volume/util/operationexecutor
+pkg/volume/util/types
+pkg/volume/util/volumehelper
+pkg/watch/json
+pkg/watch/versioned
+plugin/cmd/kube-scheduler
+plugin/cmd/kube-scheduler/app/options
+plugin/pkg/admission/admit
+plugin/pkg/admission/alwayspullimages
+plugin/pkg/admission/deny
+plugin/pkg/admission/exec
+plugin/pkg/admission/namespace/autoprovision
+plugin/pkg/admission/namespace/exists
+plugin/pkg/admission/securitycontext/scdeny
+plugin/pkg/auth
+plugin/pkg/auth/authenticator
+plugin/pkg/auth/authenticator/password
+plugin/pkg/auth/authenticator/password/allow
+plugin/pkg/auth/authenticator/request/basicauth
+plugin/pkg/auth/authenticator/request/union
+plugin/pkg/auth/authorizer
+plugin/pkg/client/auth
+plugin/pkg/client/auth/gcp
+test/e2e/cleanup
+test/e2e/generated
+test/e2e/perftype
+test/images/clusterapi-tester
+test/images/entrypoint-tester
+test/images/fakegitserver
+test/images/goproxy
+test/images/mount-tester
+test/images/n-way-http
+test/images/porter
+test/images/port-forward-tester
+test/images/resource-consumer/consume-cpu
+test/images/serve_hostname
+test/integration/openshift
+test/soak/cauldron
+test/soak/serve_hostnames
+third_party/forked/golang/expansion

hack/jenkins/dockerized-e2e-runner.sh

@@ -61,5 +61,5 @@ docker run --rm=true -i \
   -e "WORKSPACE=/workspace" \
   ${KUBEKINS_SERVICE_ACCOUNT_FILE:+-e "KUBEKINS_SERVICE_ACCOUNT_FILE=/service-account.json"} \
   "${docker_extra_args[@]:+${docker_extra_args[@]}}" \
-  gcr.io/google_containers/kubekins-test:go1.6.3-docker1.9.1-rev1 \
+  gcr.io/google_containers/kubekins-test:go1.6.3-docker1.9.1-rev2 \
   bash -c "bash <(curl -fsS --retry 3 --keepalive-time 2 'https://raw.githubusercontent.com/kubernetes/kubernetes/master/hack/jenkins/e2e-runner.sh')"

hack/jenkins/gotest-dockerized.sh

@@ -45,5 +45,5 @@ docker run --rm=true \
   -e "KUBE_VERIFY_GIT_BRANCH=${KUBE_VERIFY_GIT_BRANCH:-}" \
   -e "REPO_DIR=${REPO_DIR}" \
   -e "HOST_ARTIFACTS_DIR=${HOST_ARTIFACTS_DIR}" \
-  -i gcr.io/google_containers/kubekins-test:go1.6.3-docker1.9.1-rev1 \
+  -i gcr.io/google_containers/kubekins-test:go1.6.3-docker1.9.1-rev2 \
   bash -c "cd kubernetes && ${KUBE_TEST_SCRIPT:-./hack/jenkins/test-dockerized.sh}"

hack/jenkins/test-image/Dockerfile

@@ -44,6 +44,8 @@ RUN apt-get -o Acquire::Check-Valid-Until=false update && apt-get install -y \
 RUN curl -L "https://get.docker.com/builds/Linux/x86_64/docker-${DOCKER_VERSION}.tgz" |\
   tar -C /usr/bin -xvzf- --strip-components=3 usr/local/bin/docker
 
+RUN go get github.com/golang/lint/golint
+
 RUN mkdir -p /go/src/k8s.io/kubernetes \
 	&& ln -s /go/src/k8s.io/kubernetes /workspace/kubernetes
 

hack/jenkins/test-image/Makefile

@@ -16,7 +16,7 @@ all: push
 
 # Tag format: $GO_VERSION-$EMBEDDED_DOCKER_VERSION-$REVISION
 # These versions are specified in the Dockerfile
-TAG = go1.6.3-docker1.9.1-rev1
+TAG = go1.6.3-docker1.9.1-rev2
 
 container:
 	docker build -t gcr.io/google_containers/kubekins-test .

hack/verify-golint.sh

@@ -0,0 +1,94 @@
+#!/bin/bash
+
+# Copyright 2014 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+KUBE_ROOT=$(dirname "${BASH_SOURCE}")/..
+source "${KUBE_ROOT}/hack/lib/init.sh"
+
+kube::golang::verify_go_version
+
+cd "${KUBE_ROOT}"
+
+array_contains () {
+    local seeking=$1; shift # shift will iterate through the array
+    local in=1 # in holds the exit status for the function
+    for element; do
+        if [[ "$element" == "$seeking" ]]; then
+            in=0 # set in to 0 since we found it
+            break
+        fi
+    done
+    return $in
+}
+
+export IFS=$'\n'
+all_packages=(
+	$(go list -e ./... | egrep -v "/(third_party|vendor|staging|generated|clientset_generated)" | sed 's/k8s.io\/kubernetes\///g')
+)
+linted_file="${KUBE_ROOT}/hack/.linted_packages"
+linted_packages=(
+	$(cat $linted_file)
+)
+unset IFS
+linted=()
+errors=()
+for p in "${all_packages[@]}"; do
+	# Run golint on package/*.go file explicitly to validate all go files
+	# and not just the ones for the current platform.
+	failedLint=$(golint "$p"/*.go)
+	if [ "$failedLint" ]; then
+		if array_contains "$p" "${linted_packages[@]}"; then
+			errors+=( "$failedLint" )
+		fi
+	else
+		array_contains "$p" "${linted_packages[@]}" || linted+=( "$p" )
+	fi
+done
+
+# Check to be sure all the packages that should pass lint are.
+if [ ${#errors[@]} -eq 0 ]; then
+	echo 'Congratulations!  All Go source files have been linted.'
+else
+	{
+		echo "Errors from golint:"
+		for err in "${errors[@]}"; do
+			echo "$err"
+		done
+		echo
+		echo 'Please fix the above errors. You can test via "golint" and commit the result.'
+		echo
+	} >&2
+	false
+fi
+
+# check to make sure all packages that pass lint are in the linted file.
+if [ ${#linted[@]} -eq 0 ]; then
+	echo 'Success! All packages that should pass lint are listed in the linted file.'
+else
+	{
+		echo "The following packages passed golint but are not listed in $linted_file:"
+		for p in "${linted[@]}"; do
+			echo "echo $p >> hack/.linted_packages"
+		done
+		echo
+		echo 'Please add the following packages to the linted file. You can test via this script and commit the result.'
+		echo
+	} >&2
+	false
+fi

pkg/security/podsecuritypolicy/capabilities/mustrunas.go

@@ -24,18 +24,18 @@ import (
 	"k8s.io/kubernetes/pkg/util/validation/field"
 )
 
-// defaultCapabilities implements the CapabilitiesStrategy interface
+// defaultCapabilities implements the Strategy interface
 type defaultCapabilities struct {
 	defaultAddCapabilities   []api.Capability
 	requiredDropCapabilities []api.Capability
 	allowedCaps              []api.Capability
 }
 
-var _ CapabilitiesStrategy = &defaultCapabilities{}
+var _ Strategy = &defaultCapabilities{}
 
 // NewDefaultCapabilities creates a new defaultCapabilities strategy that will provide defaults and validation
 // based on the configured initial caps and allowed caps.
-func NewDefaultCapabilities(defaultAddCapabilities, requiredDropCapabilities, allowedCaps []api.Capability) (CapabilitiesStrategy, error) {
+func NewDefaultCapabilities(defaultAddCapabilities, requiredDropCapabilities, allowedCaps []api.Capability) (Strategy, error) {
 	return &defaultCapabilities{
 		defaultAddCapabilities:   defaultAddCapabilities,
 		requiredDropCapabilities: requiredDropCapabilities,

pkg/security/podsecuritypolicy/capabilities/types.go

@@ -21,8 +21,8 @@ import (
 	"k8s.io/kubernetes/pkg/util/validation/field"
 )
 
-// CapabilitiesStrategy defines the interface for all cap constraint strategies.
-type CapabilitiesStrategy interface {
+// Strategy defines the interface for all cap constraint strategies.
+type Strategy interface {
 	// Generate creates the capabilities based on policy rules.
 	Generate(pod *api.Pod, container *api.Container) (*api.Capabilities, error)
 	// Validate ensures that the specified values fall within the range of the strategy.

pkg/security/podsecuritypolicy/factory.go

@@ -130,6 +130,6 @@ func createSupplementalGroupStrategy(opts *extensions.SupplementalGroupsStrategy
 }
 
 // createCapabilitiesStrategy creates a new capabilities strategy.
-func createCapabilitiesStrategy(defaultAddCaps, requiredDropCaps, allowedCaps []api.Capability) (capabilities.CapabilitiesStrategy, error) {
+func createCapabilitiesStrategy(defaultAddCaps, requiredDropCaps, allowedCaps []api.Capability) (capabilities.Strategy, error) {
 	return capabilities.NewDefaultCapabilities(defaultAddCaps, requiredDropCaps, allowedCaps)
 }

pkg/security/podsecuritypolicy/types.go

@@ -58,5 +58,5 @@ type ProviderStrategies struct {
 	SELinuxStrategy           selinux.SELinuxStrategy
 	FSGroupStrategy           group.GroupStrategy
 	SupplementalGroupStrategy group.GroupStrategy
-	CapabilitiesStrategy      capabilities.CapabilitiesStrategy
+	CapabilitiesStrategy      capabilities.Strategy
 }