Improve error handling

To follow best practices for error and exception handling in Go and to prevent regressions, err113 and gosec checks in golang-ci-linter are now enabled.
openstack-k8s-operators · Feb 26, 2025 · eb9a7af · eb9a7af
1 parent 52d6965
commit eb9a7af
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 10 deletions.
diff --git a/.golangci.yaml b/.golangci.yaml
@@ -7,5 +7,8 @@ linters:
     - ginkgolinter
     - gofmt
     - govet
+    - gosec
+    - errname
+    - err113
 run:
   timeout: 5m
diff --git a/controllers/placementapi_controller.go b/controllers/placementapi_controller.go
@@ -97,7 +97,7 @@ func ensureSecret(
 			return "",
 				ctrl.Result{},
 				*secret,
-				fmt.Errorf("Secret %s not found", secretName)
+				fmt.Errorf("%w: Secret %s not found", err, secretName)
 		}
 		conditionUpdater.Set(condition.FalseCondition(
 			condition.InputReadyCondition,
@@ -113,7 +113,7 @@ func ensureSecret(
 	for _, field := range expectedFields {
 		val, ok := secret.Data[field]
 		if !ok {
-			err := fmt.Errorf("field '%s' not found in secret/%s", field, secretName.Name)
+			err := fmt.Errorf("%w: field '%s' not found in secret/%s", util.ErrFieldNotFound, field, secretName.Name)
 			conditionUpdater.Set(condition.FalseCondition(
 				condition.InputReadyCondition,
 				condition.ErrorReason,
@@ -827,7 +827,7 @@ func (r *PlacementAPIReconciler) initConditions(
 // fields to index to reconcile when change
 const (
 	passwordSecretField     = ".spec.secret"
-	caBundleSecretNameField = ".spec.tls.caBundleSecretName"
+	caBundleSecretNameField = ".spec.tls.caBundleSecretName" // #nosec G101
 	tlsAPIInternalField     = ".spec.tls.api.internal.secretName"
 	tlsAPIPublicField       = ".spec.tls.api.public.secretName"
 	topologyField           = ".spec.topologyRef.Name"
@@ -1228,13 +1228,12 @@ func (r *PlacementAPIReconciler) ensureDeployment(
 	if networkReady {
 		instance.Status.Conditions.MarkTrue(condition.NetworkAttachmentsReadyCondition, condition.NetworkAttachmentsReadyMessage)
 	} else {
-		err := fmt.Errorf("not all pods have interfaces with ips as configured in NetworkAttachments: %s", instance.Spec.NetworkAttachments)
 		instance.Status.Conditions.Set(condition.FalseCondition(
 			condition.NetworkAttachmentsReadyCondition,
 			condition.ErrorReason,
 			condition.SeverityWarning,
-			condition.NetworkAttachmentsReadyErrorMessage,
-			err.Error()))
+			condition.NetworkAttachmentsErrorMessage,
+			instance.Spec.NetworkAttachments))
 
 		return ctrl.Result{}, err
 	}

diff --git a/tests/functional/suite_test.go b/tests/functional/suite_test.go
@@ -79,11 +79,11 @@ const (
 
 	AccountName = "test-placement-account"
 
-	PublicCertSecretName = "public-tls-certs"
+	PublicCertSecretName = "public-tls-certs" // #nosec G101
 
-	InternalCertSecretName = "internal-tls-certs"
+	InternalCertSecretName = "internal-tls-certs" // #nosec G101
 
-	CABundleSecretName = "combined-ca-bundle"
+	CABundleSecretName = "combined-ca-bundle" // #nosec G101
 
 	interval = time.Millisecond * 200
 )
@@ -201,7 +201,7 @@ var _ = BeforeSuite(func() {
 	dialer := &net.Dialer{Timeout: time.Duration(10) * time.Second}
 	addrPort := fmt.Sprintf("%s:%d", webhookInstallOptions.LocalServingHost, webhookInstallOptions.LocalServingPort)
 	Eventually(func() error {
-		conn, err := tls.DialWithDialer(dialer, "tcp", addrPort, &tls.Config{InsecureSkipVerify: true})
+		conn, err := tls.DialWithDialer(dialer, "tcp", addrPort, &tls.Config{InsecureSkipVerify: true}) // #nosec G402
 		if err != nil {
 			return err
 		}
-Original file line number
+Diff line change
@@ Expand Up / @@ -7,5 +7,8 @@ linters: @@
         - ginkgolinter
         - gofmt
         - govet
+        - gosec
+        - errname
+        - err113
     run:
       timeout: 5m