ci(develop) fix golint for code and lic

.golangci.yml

@@ -9,8 +9,6 @@ run:
   #   vendor$, third_party$, testdata$, examples$, Godeps$, builtin$
   skip-dirs-use-default: true
 
-  modules-download-mode: vendor
-
 linters:
   # please, do not use `enable-all`: it's deprecated and will be removed soon.
   # inverted configuration with `enable-all` and `disable` is not scalable during updates of golangci-lint
@@ -39,11 +37,14 @@ linters:
     - ifshort
     - unconvert
 
-issues:
-  exclude-rules:
-    - linters:
-        - golint
-      text: "AccessKeyId"
+linters-settings:
+  errcheck:
+    check-type-assertions: false
+    ignore: fmt:.*,io/ioutil:^Read.*
+    exclude-functions:
+      - io/ioutil.ReadFile
+      - io.Copy(*bytes.Buffer)
+      - io.Copy(os.Stdout)
 
 # golangci.com configuration
 # https://github.com/golangci/golangci/wiki/Configuration

CHANGELOG.md

@@ -1,19 +1,3 @@
-<!--
-// Copyright © 2019 NAME HERE <EMAIL ADDRESS>
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
--->
-
 # Table of Contents
 
 - [3.3.9-rc.6](#671)

CONTRIBUTING.md

@@ -70,7 +70,7 @@ To put forward a PR, we assume you have registered a GitHub ID. Then you could f
 
 1. **FORK** sealos to your repository. To make this work, you just need to click the button Fork in right-left of [fanux/sealos](https://github.com/fanux/sealos) main page. Then you will end up with your repository in `https://github.com/<your-username>/sealos`, in which `your-username` is your GitHub username.
 
-1. **CLONE** your own repository to develop locally. Use `git clone https://github.com/<your-username>/sealos.git` to clone repository to your local machine. Then you can create new branches to finish the change you wish to make.
+1. **CLONE** your own repository to master locally. Use `git clone https://github.com/<your-username>/sealos.git` to clone repository to your local machine. Then you can create new branches to finish the change you wish to make.
 
 1. **Set Remote** upstream to be `https://github.com/fanux/sealos.git` using the following two commands:
 
@@ -120,11 +120,11 @@ To put forward a PR, we assume you have registered a GitHub ID. Then you could f
    git push	// push to your forked repository after rebase done
    ```
 
-1. **File a pull request** to fanux/sealos:develop
+1. **File a pull request** to fanux/sealos:master
 
 ### Branch Definition
 
-Right now we assume every contribution via pull request is for [branch develop](https://github.com/fanux/sealos/tree/develop) in sealos. Before contributing, be aware of branch definition would help a lot.
+Right now we assume every contribution via pull request is for [branch master](https://github.com/fanux/sealos/tree/master) in sealos. Before contributing, be aware of branch definition would help a lot.
 
 As a contributor, keep in mind again that every contribution via pull request is for branch master. While in project sealos, there are several other branches, we generally call them rc branches, release branches and backport branches.
 

Makefile

@@ -66,15 +66,15 @@ filelicense: SHELL:=/bin/bash
 filelicense: ## add license
 	for file in ${Dirs} ; do \
 		if [[  $$file != '_output' && $$file != 'docs' && $$file != 'vendor' && $$file != 'logger' && $$file != 'applications' ]]; then \
-			$(ADDLICENSE_BIN)  -y $(shell date +"%Y") -c "Alibaba Group Holding Ltd." -f hack/template/LICENSE ./$$file ; \
+			$(ADDLICENSE_BIN)  -y $(shell date +"%Y") -c "sealos." -f hack/template/LICENSE ./$$file ; \
 		fi \
     done
 
 install-ossutil: ## check ossutil if not exist install ossutil tools
 ifeq (, $(shell which ossutil))
 	@{ \
 	set -e ;\
-	go install github.com/aliyun/ossutil@latest ;\
+	curl -sfL https://raw.githubusercontent.com/securego/gosec/master/install.sh | sh -s -- -b $(GOBIN) v2.2.0 ;\
 	}
 OSSUTIL_BIN=$(GOBIN)/ossutil
 else

cert/cert.go

@@ -1,3 +1,17 @@
+// Copyright © 2021 sealos.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 package cert
 
 import (

cert/cert_cmd.go

@@ -1,10 +1,24 @@
+// Copyright © 2021 sealos.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 package cert
 
 import (
 	"fmt"
 	"os"
 
-	"github.com/wonderivan/logger"
+	"github.com/fanux/sealos/pkg/logger"
 )
 
 // CMD return sealos cert command
@@ -42,5 +56,5 @@ func GenerateCert(certPATH, certEtcdPATH string, altNames []string, hostIP, host
 		logger.Error("generator cert config failed %s", err)
 		os.Exit(-1)
 	}
-	certConfig.GenerateAll()
+	_ = certConfig.GenerateAll()
 }

cert/kube_certs.go

@@ -1,3 +1,17 @@
+// Copyright © 2021 sealos.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 package cert
 
 import (
@@ -8,7 +22,7 @@ import (
 	"os"
 	"path"
 
-	"github.com/wonderivan/logger"
+	"github.com/fanux/sealos/pkg/logger"
 )
 
 var (
@@ -62,7 +76,7 @@ func CaList(CertPath, CertEtcdPath string) []Config {
 	}
 }
 
-func CertList(CertPath, CertEtcdPath string) []Config {
+func List(CertPath, CertEtcdPath string) []Config {
 	return []Config{
 		{
 			Path:         CertPath,
@@ -198,8 +212,7 @@ func NewSealosCertMetaData(certPATH, certEtcdPATH string, apiServerIPAndDomains
 		}
 		data.APIServer.DNSNames[altName] = altName
 	}
-	ip := net.ParseIP(nodeIP)
-	if ip != nil {
+	if ip := net.ParseIP(nodeIP); ip != nil {
 		data.APIServer.IPs[ip.String()] = ip
 	}
 
@@ -213,8 +226,8 @@ func (meta *SealosCertMetaData) apiServerAltName(certList *[]Config) {
 		(*certList)[APIserverCert].AltNames.DNSNames[dns] = dns
 	}
 
-	svcDns := fmt.Sprintf("kubernetes.default.svc.%s", meta.DNSDomain)
-	(*certList)[APIserverCert].AltNames.DNSNames[svcDns] = svcDns
+	svcDNS := fmt.Sprintf("kubernetes.default.svc.%s", meta.DNSDomain)
+	(*certList)[APIserverCert].AltNames.DNSNames[svcDNS] = svcDNS
 	(*certList)[APIserverCert].AltNames.DNSNames[meta.NodeName] = meta.NodeName
 
 	for _, ip := range meta.APIServer.IPs {
@@ -268,10 +281,10 @@ func (meta *SealosCertMetaData) generatorServiceAccountKeyPaire() error {
 
 func (meta *SealosCertMetaData) GenerateAll() error {
 	cas := CaList(meta.CertPath, meta.CertEtcdPath)
-	certs := CertList(meta.CertPath, meta.CertEtcdPath)
+	certs := List(meta.CertPath, meta.CertEtcdPath)
 	meta.apiServerAltName(&certs)
 	meta.etcdAltAndCommonName(&certs)
-	meta.generatorServiceAccountKeyPaire()
+	_ = meta.generatorServiceAccountKeyPaire()
 
 	CACerts := map[string]*x509.Certificate{}
 	CAKeys := map[string]crypto.Signer{}

cert/kube_certs_test.go

@@ -1,3 +1,17 @@
+// Copyright © 2021 sealos.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 package cert
 
 import (

cert/kubeconfig.go

@@ -1,11 +1,24 @@
+// Copyright © 2021 sealos.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 package cert
 
 import (
 	"bytes"
 	"crypto"
 	"crypto/x509"
 	"fmt"
-	"io"
 	"os"
 	"path/filepath"
 
@@ -14,7 +27,7 @@ import (
 	clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
 	"k8s.io/client-go/util/keyutil"
 
-	"github.com/wonderivan/logger"
+	"github.com/fanux/sealos/pkg/logger"
 )
 
 // clientCertAuth struct holds info required to build a client certificate to provide authentication info in a kubeconfig object
@@ -64,9 +77,7 @@ func CreateKubeConfigFile(kubeConfigFileName string, outDir string, cfg Config,
 
 // createKubeConfigFiles creates all the requested kubeconfig files.
 // If kubeconfig files already exists, they are used only if evaluated equal; otherwise an error is returned.
-func createKubeConfigFiles(outDir string, cfg Config, nodeName, controlPlaneEndpoint, clusterName string, kubeConfigFileNames ...string) error {
-
-	// gets the KubeConfigSpecs, actualized for the current InitConfiguration
+func createKubeConfigFiles(outDir string, cfg Config, nodeName, controlPlaneEndpoint, clusterName string, kubeConfigFileNames ...string) error { // gets the KubeConfigSpecs, actualized for the current InitConfiguration
 	specs, err := getKubeConfigSpecs(cfg, nodeName, controlPlaneEndpoint)
 	if err != nil {
 		return err
@@ -97,7 +108,6 @@ func createKubeConfigFiles(outDir string, cfg Config, nodeName, controlPlaneEndp
 // getKubeConfigSpecs returns all KubeConfigSpecs actualized to the context of the current InitConfiguration
 // NB. this methods holds the information about how kubeadm creates kubeconfig files.
 func getKubeConfigSpecs(cfg Config, nodeName, controlPlaneEndpoint string) (map[string]*kubeConfigSpec, error) {
-
 	caCert, caKey, err := LoadCaCertAndKeyFromDisk(cfg)
 	if err != nil {
 		return nil, errors.Wrap(err, "couldn't create a kubeconfig; the CA files couldn't be loaded")
@@ -153,7 +163,6 @@ func getKubeConfigSpecs(cfg Config, nodeName, controlPlaneEndpoint string) (map[
 
 // buildKubeConfigFromSpec creates a kubeconfig object for the given kubeConfigSpec
 func buildKubeConfigFromSpec(spec *kubeConfigSpec, clustername string) (*clientcmdapi.Config, error) {
-
 	// If this kubeconfig should use token
 	if spec.TokenAuth != nil {
 		// create a kubeconfig with a token
@@ -268,107 +277,6 @@ func createKubeConfigFileIfNotExists(outDir, filename string, config *clientcmda
 	return nil
 }
 
-// WriteKubeConfigWithClientCert writes a kubeconfig file - with a client certificate as authentication info  - to the given writer.
-func WriteKubeConfigWithClientCert(out io.Writer, cfg Config, clientName, controlPlaneEndpoint, clusterName string, organizations []string) error {
-
-	// creates the KubeConfigSpecs, actualized for the current InitConfiguration
-	caCert, caKey, err := LoadCaCertAndKeyFromDisk(cfg)
-	if err != nil {
-		return errors.Wrap(err, "couldn't create a kubeconfig; the CA files couldn't be loaded")
-	}
-
-	if len(controlPlaneEndpoint) == 0 {
-		return errors.New("controlPlaneEndpoint  can not be empty")
-	}
-
-	spec := &kubeConfigSpec{
-		ClientName: clientName,
-		APIServer:  controlPlaneEndpoint,
-		CACert:     caCert,
-		ClientCertAuth: &clientCertAuth{
-			CAKey:         caKey,
-			Organizations: organizations,
-		},
-	}
-
-	return writeKubeConfigFromSpec(out, spec, clusterName)
-}
-
-// WriteKubeConfigWithToken writes a kubeconfig file - with a token as client authentication info - to the given writer.
-func WriteKubeConfigWithToken(out io.Writer, cfg Config, clientName, controlPlaneEndpoint, clusterName, token string) error {
-
-	// creates the KubeConfigSpecs, actualized for the current InitConfiguration
-	caCert, _, err := LoadCaCertAndKeyFromDisk(cfg)
-	if err != nil {
-		return errors.Wrap(err, "couldn't create a kubeconfig; the CA files couldn't be loaded")
-	}
-
-	if len(controlPlaneEndpoint) == 0 {
-		return errors.New("controlPlaneEndpoint  can not be empty")
-	}
-
-	spec := &kubeConfigSpec{
-		ClientName: clientName,
-		APIServer:  controlPlaneEndpoint,
-		CACert:     caCert,
-		TokenAuth: &tokenAuth{
-			Token: token,
-		},
-	}
-
-	return writeKubeConfigFromSpec(out, spec, clusterName)
-}
-
-// writeKubeConfigFromSpec creates a kubeconfig object from a kubeConfigSpec and writes it to the given writer.
-func writeKubeConfigFromSpec(out io.Writer, spec *kubeConfigSpec, clustername string) error {
-
-	// builds the KubeConfig object
-	config, err := buildKubeConfigFromSpec(spec, clustername)
-	if err != nil {
-		return err
-	}
-
-	// writes the kubeconfig to disk if it not exists
-	configBytes, err := clientcmd.Write(*config)
-	if err != nil {
-		return errors.Wrap(err, "failure while serializing admin kubeconfig")
-	}
-
-	fmt.Fprintln(out, string(configBytes))
-	return nil
-}
-
-// ValidateKubeconfigsForExternalCA check if the kubeconfig file exist and has the expected CA and server URL using kubeadmapi.InitConfiguration.
-func ValidateKubeconfigsForExternalCA(outDir string, cfg Config, controlPlaneEndpoint string) error {
-	kubeConfigFileNames := []string{
-		"admin.conf",
-		"kubelet.conf",
-		"controller-manager.conf",
-		"scheduler.conf",
-	}
-
-	// Creates a kubeconfig file with the target CA and server URL
-	// to be used as a input for validating user provided kubeconfig files
-	caCert, _, err := LoadCaCertAndKeyFromDisk(cfg)
-	if err != nil {
-		return err
-	}
-
-	if len(controlPlaneEndpoint) == 0 {
-		return errors.New("controlPlaneEndpoint  can not be empty")
-	}
-
-	validationConfig := CreateBasic(controlPlaneEndpoint, "dummy", "dummy", EncodeCertPEM(caCert))
-
-	// validate user provided kubeconfig files
-	for _, kubeConfigFileName := range kubeConfigFileNames {
-		if err = validateKubeConfig(outDir, kubeConfigFileName, validationConfig); err != nil {
-			return errors.Wrapf(err, "the %s file does not exists or it is not valid", kubeConfigFileName)
-		}
-	}
-	return nil
-}
-
 // cmd/kubeadm/app/util/kubeconfig/kubeconfig.go
 // CreateBasic creates a basic, general KubeConfig object that then can be extended
 func CreateBasic(serverURL, clusterName, userName string, caCert []byte) *clientcmdapi.Config {