Merge pull request #6952 from inteon/fix_linters

Enable golangci-lint gci, dupword and tagalign linters

.golangci.yaml

@@ -11,10 +11,7 @@ issues:
         - tenv
         - exhaustive
         - gocritic
-        - gci
         - nilerr
-        - tagalign
-        - dupword
         - bodyclose
         - loggercheck
         - forbidigo

cmd/cainjector/app/cainjector.go

@@ -28,7 +28,6 @@ import (
 	"github.com/cert-manager/cert-manager/cainjector-binary/app/options"
 	config "github.com/cert-manager/cert-manager/internal/apis/config/cainjector"
 	"github.com/cert-manager/cert-manager/internal/apis/config/cainjector/validation"
-
 	cainjectorconfigfile "github.com/cert-manager/cert-manager/pkg/cainjector/configfile"
 	logf "github.com/cert-manager/cert-manager/pkg/logs"
 	"github.com/cert-manager/cert-manager/pkg/util"

cmd/controller/app/controller.go

@@ -25,6 +25,7 @@ import (
 	"os"
 	"time"
 
+	"github.com/go-logr/logr"
 	"golang.org/x/sync/errgroup"
 	"k8s.io/apimachinery/pkg/api/resource"
 	utilerrors "k8s.io/apimachinery/pkg/util/errors"
@@ -51,7 +52,6 @@ import (
 	"github.com/cert-manager/cert-manager/pkg/server/tls/authority"
 	utilfeature "github.com/cert-manager/cert-manager/pkg/util/feature"
 	"github.com/cert-manager/cert-manager/pkg/util/profiling"
-	"github.com/go-logr/logr"
 )
 
 const (

cmd/controller/app/options/options.go

@@ -20,9 +20,8 @@ import (
 	"fmt"
 	"strings"
 
-	"k8s.io/apimachinery/pkg/util/sets"
-
 	"github.com/spf13/pflag"
+	"k8s.io/apimachinery/pkg/util/sets"
 	cliflag "k8s.io/component-base/cli/flag"
 
 	config "github.com/cert-manager/cert-manager/internal/apis/config/controller"
@@ -31,7 +30,6 @@ import (
 	"github.com/cert-manager/cert-manager/internal/controller/feature"
 	configv1alpha1 "github.com/cert-manager/cert-manager/pkg/apis/config/controller/v1alpha1"
 	shimgatewaycontroller "github.com/cert-manager/cert-manager/pkg/controller/certificate-shim/gateways"
-
 	logf "github.com/cert-manager/cert-manager/pkg/logs"
 	utilfeature "github.com/cert-manager/cert-manager/pkg/util/feature"
 )
@@ -197,7 +195,7 @@ func AddConfigFlags(fs *pflag.FlagSet, c *config.ControllerConfiguration) {
 
 	fs.DurationVar(&c.MetricsTLSConfig.Dynamic.LeafDuration, "metrics-dynamic-serving-leaf-duration", c.MetricsTLSConfig.Dynamic.LeafDuration, "leaf duration of serving certificates")
 	fs.StringVar(&c.MetricsTLSConfig.Dynamic.SecretNamespace, "metrics-dynamic-serving-ca-secret-namespace", c.MetricsTLSConfig.Dynamic.SecretNamespace, "namespace of the secret used to store the CA that signs serving certificates")
-	fs.StringVar(&c.MetricsTLSConfig.Dynamic.SecretName, "metrics-dynamic-serving-ca-secret-name", c.MetricsTLSConfig.Dynamic.SecretName, "name of the secret used to store the CA that signs serving certificates certificates")
+	fs.StringVar(&c.MetricsTLSConfig.Dynamic.SecretName, "metrics-dynamic-serving-ca-secret-name", c.MetricsTLSConfig.Dynamic.SecretName, "name of the secret used to store the CA that signs serving certificates")
 	fs.StringSliceVar(&c.MetricsTLSConfig.Dynamic.DNSNames, "metrics-dynamic-serving-dns-names", c.MetricsTLSConfig.Dynamic.DNSNames, "DNS names that should be present on certificates generated by the dynamic serving CA")
 	tlsCipherPossibleValues := cliflag.TLSCipherPossibleValues()
 	fs.StringSliceVar(&c.MetricsTLSConfig.CipherSuites, "metrics-tls-cipher-suites", c.MetricsTLSConfig.CipherSuites,

cmd/controller/app/start.go

@@ -28,24 +28,24 @@ import (
 	"github.com/cert-manager/cert-manager/controller-binary/app/options"
 	config "github.com/cert-manager/cert-manager/internal/apis/config/controller"
 	"github.com/cert-manager/cert-manager/internal/apis/config/controller/validation"
+	controllerconfigfile "github.com/cert-manager/cert-manager/pkg/controller/configfile"
+	logf "github.com/cert-manager/cert-manager/pkg/logs"
+	"github.com/cert-manager/cert-manager/pkg/util"
+	"github.com/cert-manager/cert-manager/pkg/util/configfile"
+	utilfeature "github.com/cert-manager/cert-manager/pkg/util/feature"
 
 	_ "github.com/cert-manager/cert-manager/pkg/controller/acmechallenges"
 	_ "github.com/cert-manager/cert-manager/pkg/controller/acmeorders"
 	_ "github.com/cert-manager/cert-manager/pkg/controller/certificate-shim/gateways"
 	_ "github.com/cert-manager/cert-manager/pkg/controller/certificate-shim/ingresses"
 	_ "github.com/cert-manager/cert-manager/pkg/controller/certificates/trigger"
 	_ "github.com/cert-manager/cert-manager/pkg/controller/clusterissuers"
-	controllerconfigfile "github.com/cert-manager/cert-manager/pkg/controller/configfile"
 	_ "github.com/cert-manager/cert-manager/pkg/controller/issuers"
 	_ "github.com/cert-manager/cert-manager/pkg/issuer/acme"
 	_ "github.com/cert-manager/cert-manager/pkg/issuer/ca"
 	_ "github.com/cert-manager/cert-manager/pkg/issuer/selfsigned"
 	_ "github.com/cert-manager/cert-manager/pkg/issuer/vault"
 	_ "github.com/cert-manager/cert-manager/pkg/issuer/venafi"
-	logf "github.com/cert-manager/cert-manager/pkg/logs"
-	"github.com/cert-manager/cert-manager/pkg/util"
-	"github.com/cert-manager/cert-manager/pkg/util/configfile"
-	utilfeature "github.com/cert-manager/cert-manager/pkg/util/feature"
 )
 
 const componentController = "controller"

cmd/controller/main.go

@@ -21,7 +21,6 @@ import (
 	"flag"
 
 	"github.com/cert-manager/cert-manager/controller-binary/app"
-
 	"github.com/cert-manager/cert-manager/internal/cmd/util"
 	logf "github.com/cert-manager/cert-manager/pkg/logs"
 )

deploy/crds/crd-clusterissuers.yaml

@@ -112,7 +112,7 @@ spec:
                         Enables requesting a Not After date on certificates that matches the
                         duration of the certificate. This is not supported by all ACME servers
                         like Let's Encrypt. If set to true when the ACME server does not support
-                        it it will create an error on the Order.
+                        it, it will create an error on the Order.
                         Defaults to false.
                       type: boolean
                     externalAccountBinding:

deploy/crds/crd-issuers.yaml

@@ -112,7 +112,7 @@ spec:
                         Enables requesting a Not After date on certificates that matches the
                         duration of the certificate. This is not supported by all ACME servers
                         like Let's Encrypt. If set to true when the ACME server does not support
-                        it it will create an error on the Order.
+                        it, it will create an error on the Order.
                         Defaults to false.
                       type: boolean
                     externalAccountBinding:

internal/apis/acme/types_issuer.go

@@ -99,7 +99,7 @@ type ACMEIssuer struct {
 	// Enables requesting a Not After date on certificates that matches the
 	// duration of the certificate. This is not supported by all ACME servers
 	// like Let's Encrypt. If set to true when the ACME server does not support
-	// it it will create an error on the Order.
+	// it, it will create an error on the Order.
 	// Defaults to false.
 	EnableDurationFeature bool
 }
@@ -303,7 +303,7 @@ type ACMEChallengeSolverHTTP01IngressPodSpec struct {
 
 	// If specified, the pod's imagePullSecrets
 	// +optional
-	ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty" patchStrategy:"merge" patchMergeKey:"name"`
+	ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty" patchMergeKey:"name" patchStrategy:"merge"`
 }
 
 type ACMEChallengeSolverHTTP01IngressTemplate struct {

internal/apis/acme/v1alpha2/types_issuer.go

@@ -109,7 +109,7 @@ type ACMEIssuer struct {
 	// Enables requesting a Not After date on certificates that matches the
 	// duration of the certificate. This is not supported by all ACME servers
 	// like Let's Encrypt. If set to true when the ACME server does not support
-	// it it will create an error on the Order.
+	// it, it will create an error on the Order.
 	// Defaults to false.
 	// +optional
 	EnableDurationFeature bool `json:"enableDurationFeature,omitempty"`
@@ -334,7 +334,7 @@ type ACMEChallengeSolverHTTP01IngressPodSpec struct {
 
 	// If specified, the pod's imagePullSecrets
 	// +optional
-	ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty" patchStrategy:"merge" patchMergeKey:"name"`
+	ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty" patchMergeKey:"name" patchStrategy:"merge"`
 }
 
 type ACMEChallengeSolverHTTP01IngressTemplate struct {

internal/apis/acme/v1alpha3/types_issuer.go

@@ -109,7 +109,7 @@ type ACMEIssuer struct {
 	// Enables requesting a Not After date on certificates that matches the
 	// duration of the certificate. This is not supported by all ACME servers
 	// like Let's Encrypt. If set to true when the ACME server does not support
-	// it it will create an error on the Order.
+	// it, it will create an error on the Order.
 	// Defaults to false.
 	// +optional
 	EnableDurationFeature bool `json:"enableDurationFeature,omitempty"`
@@ -334,7 +334,7 @@ type ACMEChallengeSolverHTTP01IngressPodSpec struct {
 
 	// If specified, the pod's imagePullSecrets
 	// +optional
-	ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty" patchStrategy:"merge" patchMergeKey:"name"`
+	ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty" patchMergeKey:"name" patchStrategy:"merge"`
 }
 
 type ACMEChallengeSolverHTTP01IngressTemplate struct {

internal/apis/acme/v1beta1/types_issuer.go

@@ -109,7 +109,7 @@ type ACMEIssuer struct {
 	// Enables requesting a Not After date on certificates that matches the
 	// duration of the certificate. This is not supported by all ACME servers
 	// like Let's Encrypt. If set to true when the ACME server does not support
-	// it it will create an error on the Order.
+	// it, it will create an error on the Order.
 	// Defaults to false.
 	// +optional
 	EnableDurationFeature bool `json:"enableDurationFeature,omitempty"`
@@ -333,7 +333,7 @@ type ACMEChallengeSolverHTTP01IngressPodSpec struct {
 
 	// If specified, the pod's imagePullSecrets
 	// +optional
-	ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty" patchStrategy:"merge" patchMergeKey:"name"`
+	ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty" patchMergeKey:"name" patchStrategy:"merge"`
 }
 
 type ACMEChallengeSolverHTTP01IngressTemplate struct {

internal/apis/config/cainjector/v1alpha1/defaults_test.go

@@ -21,8 +21,9 @@ import (
 	"os"
 	"testing"
 
-	"github.com/cert-manager/cert-manager/pkg/apis/config/cainjector/v1alpha1"
 	"github.com/stretchr/testify/require"
+
+	"github.com/cert-manager/cert-manager/pkg/apis/config/cainjector/v1alpha1"
 )
 
 func TestCAInjectorConfigurationDefaults(t *testing.T) {

internal/apis/config/controller/v1alpha1/defaults.go

@@ -18,12 +18,11 @@ package v1alpha1
 
 import (
 	"fmt"
+	"time"
 
 	"k8s.io/apimachinery/pkg/runtime"
 	logsapi "k8s.io/component-base/logs/api/v1"
 
-	"time"
-
 	cm "github.com/cert-manager/cert-manager/pkg/apis/certmanager"
 	"github.com/cert-manager/cert-manager/pkg/apis/config/controller/v1alpha1"
 	challengescontroller "github.com/cert-manager/cert-manager/pkg/controller/acmechallenges"

internal/apis/config/controller/v1alpha1/defaults_test.go

@@ -21,8 +21,9 @@ import (
 	"os"
 	"testing"
 
-	"github.com/cert-manager/cert-manager/pkg/apis/config/controller/v1alpha1"
 	"github.com/stretchr/testify/require"
+
+	"github.com/cert-manager/cert-manager/pkg/apis/config/controller/v1alpha1"
 )
 
 const TestFileLocation = "testdata/defaults.json"

internal/apis/config/webhook/v1alpha1/defaults_test.go

@@ -21,8 +21,9 @@ import (
 	"os"
 	"testing"
 
-	"github.com/cert-manager/cert-manager/pkg/apis/config/webhook/v1alpha1"
 	"github.com/stretchr/testify/require"
+
+	"github.com/cert-manager/cert-manager/pkg/apis/config/webhook/v1alpha1"
 )
 
 func TestWebhookConfigurationDefaults(t *testing.T) {

internal/controller/certificates/certificates_test.go

@@ -25,11 +25,11 @@ import (
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
+	corev1listers "k8s.io/client-go/listers/core/v1"
+	"k8s.io/client-go/tools/cache"
 
 	cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"
 	cmv1listers "github.com/cert-manager/cert-manager/pkg/client/listers/certmanager/v1"
-	corev1listers "k8s.io/client-go/listers/core/v1"
-	"k8s.io/client-go/tools/cache"
 )
 
 func TestCertificateOwnsSecret(t *testing.T) {

internal/controller/certificates/policies/checks_test.go

@@ -21,6 +21,7 @@ import (
 	"testing"
 	"time"
 
+	"github.com/stretchr/testify/assert"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
@@ -32,7 +33,6 @@ import (
 	"github.com/cert-manager/cert-manager/pkg/util/pki"
 	testcrypto "github.com/cert-manager/cert-manager/test/unit/crypto"
 	"github.com/cert-manager/cert-manager/test/unit/gen"
-	"github.com/stretchr/testify/assert"
 )
 
 // Runs a full set of tests against the trigger 'policy chain' once it is

internal/vault/vault.go

@@ -28,11 +28,10 @@ import (
 	"strings"
 	"time"
 
-	corev1 "k8s.io/api/core/v1"
-
 	vault "github.com/hashicorp/vault/api"
 	"github.com/hashicorp/vault/sdk/helper/certutil"
 	authv1 "k8s.io/api/authentication/v1"
+	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/utils/ptr"
 

pkg/acme/accounts/test/registry.go

@@ -20,10 +20,9 @@ import (
 	"crypto/rsa"
 	"net/http"
 
+	"github.com/cert-manager/cert-manager/pkg/acme/accounts"
 	acmecl "github.com/cert-manager/cert-manager/pkg/acme/client"
 	cmacme "github.com/cert-manager/cert-manager/pkg/apis/acme/v1"
-
-	"github.com/cert-manager/cert-manager/pkg/acme/accounts"
 )
 
 var _ accounts.Registry = &FakeRegistry{}

pkg/acme/client/interfaces.go

@@ -19,9 +19,9 @@ package client
 import (
 	"context"
 
-	acmeutil "github.com/cert-manager/cert-manager/pkg/acme/util"
-
 	"golang.org/x/crypto/acme"
+
+	acmeutil "github.com/cert-manager/cert-manager/pkg/acme/util"
 )
 
 // Interface is an Automatic Certificate Management Environment (ACME) client

pkg/acme/util/util_test.go

@@ -56,7 +56,7 @@ func TestRetryBackoff(t *testing.T) {
 			},
 		},
 		{
-			name: "Retry a 400 error when when less than 6 times",
+			name: "Retry a 400 error when less than 6 times",
 			args: args{
 				n:    5,
 				r:    &http.Request{},

pkg/acme/webhook/cmd/server/start.go

@@ -22,7 +22,6 @@ import (
 	"net"
 
 	"github.com/spf13/cobra"
-
 	genericapiserver "k8s.io/apiserver/pkg/server"
 	genericoptions "k8s.io/apiserver/pkg/server/options"
 	"k8s.io/component-base/logs"

pkg/api/util/names_test.go

@@ -20,10 +20,11 @@ import (
 	"fmt"
 	"testing"
 
-	cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/rand"
 	"k8s.io/apimachinery/pkg/util/validation"
+
+	cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"
 )
 
 func TestComputeName(t *testing.T) {

pkg/apis/acme/v1/types_issuer.go

@@ -110,7 +110,7 @@ type ACMEIssuer struct {
 	// Enables requesting a Not After date on certificates that matches the
 	// duration of the certificate. This is not supported by all ACME servers
 	// like Let's Encrypt. If set to true when the ACME server does not support
-	// it it will create an error on the Order.
+	// it, it will create an error on the Order.
 	// Defaults to false.
 	// +optional
 	EnableDurationFeature bool `json:"enableDurationFeature,omitempty"`
@@ -338,7 +338,7 @@ type ACMEChallengeSolverHTTP01IngressPodSpec struct {
 
 	// If specified, the pod's imagePullSecrets
 	// +optional
-	ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty" patchStrategy:"merge" patchMergeKey:"name"`
+	ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty" patchMergeKey:"name" patchStrategy:"merge"`
 }
 
 type ACMEChallengeSolverHTTP01IngressTemplate struct {

pkg/cainjector/configfile/configfile.go

@@ -19,9 +19,10 @@ package configfile
 import (
 	"fmt"
 
+	"k8s.io/apimachinery/pkg/runtime/serializer"
+
 	config "github.com/cert-manager/cert-manager/internal/apis/config/cainjector"
 	"github.com/cert-manager/cert-manager/internal/apis/config/cainjector/scheme"
-	"k8s.io/apimachinery/pkg/runtime/serializer"
 )
 
 type CAInjectorConfigFile struct {

pkg/controller/acmechallenges/controller_test.go

@@ -20,13 +20,13 @@ import (
 	"context"
 	"testing"
 
+	"github.com/stretchr/testify/require"
 	"k8s.io/apimachinery/pkg/runtime"
 	coretesting "k8s.io/client-go/testing"
 
 	cmacme "github.com/cert-manager/cert-manager/pkg/apis/acme/v1"
 	testpkg "github.com/cert-manager/cert-manager/pkg/controller/test"
 	"github.com/cert-manager/cert-manager/test/unit/gen"
-	"github.com/stretchr/testify/require"
 )
 
 const (

pkg/controller/acmechallenges/sync_test.go

@@ -316,6 +316,7 @@ func TestSyncHappyPath(t *testing.T) {
 						))),
 				},
 				ExpectedEvents: []string{
+					//nolint: dupword
 					"Normal Presented Presented challenge using HTTP-01 challenge mechanism",
 				},
 			},

pkg/controller/acmeorders/sync_test.go

@@ -426,6 +426,7 @@ Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5
 					testpkg.NewAction(coretesting.NewCreateAction(cmacme.SchemeGroupVersion.WithResource("challenges"), testAuthorizationChallenge.Namespace, testAuthorizationChallenge)),
 				},
 				ExpectedEvents: []string{
+					//nolint: dupword
 					`Normal Created Created Challenge resource "testorder-756011405" for domain "test.com"`,
 				},
 			},