chore(revive-linter): add revive linter configuration (#5515)

Signed-off-by: Olumide Ogundele <olumideralph@gmail.com>
Co-authored-by: Gergely Brautigam <skarlso777@gmail.com>

.golangci.yaml

@@ -32,6 +32,7 @@ linters:
     - unparam
     - unused
     - whitespace
+    - revive
   settings:
     goconst:
       min-len: 3
@@ -68,9 +69,9 @@ linters:
         - shadow
     lll:
       line-length: 300
-#    staticcheck:
-#      checks:
-#        - QF1008
+    #    staticcheck:
+    #      checks:
+    #        - QF1008
     misspell:
       locale: US
   exclusions:
@@ -84,6 +85,13 @@ linters:
           - gosec
           - unparam
           - lll
+          - revive
+
+      # Allow dot imports for Ginkgo and Gomega in test files
+      - path: _test\.go
+        text: "dot-imports:"
+        linters:
+          - revive
 
       # Ease some gocritic warnings on test files.
       - path: _test\.go
@@ -91,6 +99,11 @@ linters:
         linters:
           - gocritic
 
+      # Exclude fake or mock packages from revive linter
+      - path: /(fake|mock)/
+        linters:
+          - revive
+
       # This is a "potential hardcoded credentials" warning. It's triggered by
       # any variable with 'secret' in the same, and thus hits a lot of false
       # positives in Kubernetes land where a Secret is an object type.
@@ -123,4 +136,4 @@ formatters:
         - "default"
         - "prefix(github.com/external-secrets/external-secrets)"
         - "blank"
-        - "dot"
+        - "dot"

pkg/constants/constants.go

@@ -19,19 +19,19 @@ package constants
 
 // These constants are used for identifying providers and calls to them.
 const (
-	ProviderAWSSM                = "AWS/SecretsManager"
-	CallAWSSMGetSecretValue      = "GetSecretValue"
-	CallAWSPSGetParametersByPath = "GetParametersByPath"
-	CallAWSSMDescribeSecret      = "DescribeSecret"
-	CallAWSSMDeleteSecret        = "DeleteSecret"
-	CallAWSSMCreateSecret        = "CreateSecret"
-	CallAWSSMPutSecretValue      = "PutSecretValue"
-	CallAWSSMListSecrets         = "ListSecrets"
-	CallAWSSMBatchGetSecretValue = "BatchGetSecretValue"
-	CallAWSSMUntagResource       = "UntagResource"
-	CallAWSSMTagResource         = "TagResource"
-	CallAWSSMPutResourcePolicy   = "PutResourcePolicy"
-	CallAWSSMGetResourcePolicy   = "GetResourcePolicy"
+	ProviderAWSSM                 = "AWS/SecretsManager"
+	CallAWSSMGetSecretValue       = "GetSecretValue"
+	CallAWSPSGetParametersByPath  = "GetParametersByPath"
+	CallAWSSMDescribeSecret       = "DescribeSecret"
+	CallAWSSMDeleteSecret         = "DeleteSecret"
+	CallAWSSMCreateSecret         = "CreateSecret"
+	CallAWSSMPutSecretValue       = "PutSecretValue"
+	CallAWSSMListSecrets          = "ListSecrets"
+	CallAWSSMBatchGetSecretValue  = "BatchGetSecretValue"
+	CallAWSSMUntagResource        = "UntagResource"
+	CallAWSSMTagResource          = "TagResource"
+	CallAWSSMPutResourcePolicy    = "PutResourcePolicy"
+	CallAWSSMGetResourcePolicy    = "GetResourcePolicy"
 	CallAWSSMDeleteResourcePolicy = "DeleteResourcePolicy"
 
 	ProviderAWSPS                = "AWS/ParameterStore"

pkg/provider/aws/secretsmanager/fake/fake.go

@@ -33,19 +33,19 @@ import (
 
 // Client implements the aws secretsmanager interface.
 type Client struct {
-	ExecutionCounter      int
-	valFn                 map[string]func(*awssm.GetSecretValueInput) (*awssm.GetSecretValueOutput, error)
-	CreateSecretFn        CreateSecretFn
-	GetSecretValueFn      GetSecretValueFn
-	PutSecretValueFn      PutSecretValueFn
-	DescribeSecretFn      DescribeSecretFn
-	DeleteSecretFn        DeleteSecretFn
-	ListSecretsFn         ListSecretsFn
-	BatchGetSecretValueFn BatchGetSecretValueFn
-	TagResourceFn         TagResourceFn
-	UntagResourceFn       UntagResourceFn
-	PutResourcePolicyFn   PutResourcePolicyFn
-	GetResourcePolicyFn   GetResourcePolicyFn
+	ExecutionCounter       int
+	valFn                  map[string]func(*awssm.GetSecretValueInput) (*awssm.GetSecretValueOutput, error)
+	CreateSecretFn         CreateSecretFn
+	GetSecretValueFn       GetSecretValueFn
+	PutSecretValueFn       PutSecretValueFn
+	DescribeSecretFn       DescribeSecretFn
+	DeleteSecretFn         DeleteSecretFn
+	ListSecretsFn          ListSecretsFn
+	BatchGetSecretValueFn  BatchGetSecretValueFn
+	TagResourceFn          TagResourceFn
+	UntagResourceFn        UntagResourceFn
+	PutResourcePolicyFn    PutResourcePolicyFn
+	GetResourcePolicyFn    GetResourcePolicyFn
 	DeleteResourcePolicyFn DeleteResourcePolicyFn
 }
 type CreateSecretFn func(context.Context, *awssm.CreateSecretInput, ...func(*awssm.Options)) (*awssm.CreateSecretOutput, error)

pkg/provider/aws/secretsmanager/secretsmanager.go

@@ -57,11 +57,13 @@ type PushSecretMetadataSpec struct {
 	ResourcePolicy   *ResourcePolicySpec `json:"resourcePolicy,omitempty"`
 }
 
+// ResourcePolicySpec defines the resource policy configuration using PolicySourceRef for AWS Secrets Manager.
 type ResourcePolicySpec struct {
 	BlockPublicPolicy *bool            `json:"blockPublicPolicy,omitempty"`
 	PolicySourceRef   *PolicySourceRef `json:"policySourceRef,omitempty"`
 }
 
+// PolicySourceRef defines the source reference for the resource policy.
 type PolicySourceRef struct {
 	Kind string `json:"kind"`
 	Name string `json:"name"`
@@ -842,7 +844,7 @@ func (sm *SecretsManager) resolveResourcePolicy(ctx context.Context, policyRef *
 }
 
 // manageResourcePolicy applies or removes the resource policy based on metadata.
-func (sm *SecretsManager) manageResourcePolicy(ctx context.Context, metadata *apiextensionsv1.JSON, secretId *string) error {
+func (sm *SecretsManager) manageResourcePolicy(ctx context.Context, metadata *apiextensionsv1.JSON, secretID *string) error {
 	meta, err := sm.constructMetadataWithDefaults(metadata)
 	if err != nil {
 		return err
@@ -851,7 +853,7 @@ func (sm *SecretsManager) manageResourcePolicy(ctx context.Context, metadata *ap
 	// Delete policy if policyRef is nil and the policy exists.
 	if meta.Spec.ResourcePolicy == nil {
 		deletePolicyInput := &awssm.DeleteResourcePolicyInput{
-			SecretId: secretId,
+			SecretId: secretID,
 		}
 		_, err = sm.client.DeleteResourcePolicy(ctx, deletePolicyInput)
 		metrics.ObserveAPICall(constants.ProviderAWSSM, constants.CallAWSSMDeleteResourcePolicy, err)
@@ -871,7 +873,7 @@ func (sm *SecretsManager) manageResourcePolicy(ctx context.Context, metadata *ap
 	}
 
 	getCurrentPolicyInput := &awssm.GetResourcePolicyInput{
-		SecretId: secretId,
+		SecretId: secretID,
 	}
 	currentPolicyOutput, err := sm.client.GetResourcePolicy(ctx, getCurrentPolicyInput)
 	metrics.ObserveAPICall(constants.ProviderAWSSM, constants.CallAWSSMGetResourcePolicy, err)
@@ -904,7 +906,7 @@ func (sm *SecretsManager) manageResourcePolicy(ctx context.Context, metadata *ap
 	}
 
 	putPolicyInput := &awssm.PutResourcePolicyInput{
-		SecretId:       secretId,
+		SecretId:       secretID,
 		ResourcePolicy: aws.String(policyJSON),
 	}
 	if meta.Spec.ResourcePolicy.BlockPublicPolicy != nil {

pkg/provider/aws/secretsmanager/secretsmanager_test.go

@@ -571,8 +571,8 @@ func TestSetSecret(t *testing.T) {
 						SecretBinary: []byte(`fake-value`),
 						Version:      aws.String(initialVersion),
 					}),
-					TagResourceFn:   fakesm.NewTagResourceFn(&awssm.TagResourceOutput{}, nil),
-					UntagResourceFn: fakesm.NewUntagResourceFn(&awssm.UntagResourceOutput{}, nil),
+					TagResourceFn:          fakesm.NewTagResourceFn(&awssm.TagResourceOutput{}, nil),
+					UntagResourceFn:        fakesm.NewUntagResourceFn(&awssm.UntagResourceOutput{}, nil),
 					DeleteResourcePolicyFn: fakesm.NewDeleteResourcePolicyFn(&awssm.DeleteResourcePolicyOutput{}, nil),
 				},
 				pushSecretData: pushSecretDataWithoutProperty,
@@ -591,8 +591,8 @@ func TestSetSecret(t *testing.T) {
 						SecretBinary: []byte(`{"other-fake-property":"fake-value"}`),
 						Version:      aws.String(initialVersion),
 					}),
-					TagResourceFn:   fakesm.NewTagResourceFn(&awssm.TagResourceOutput{}, nil),
-					UntagResourceFn: fakesm.NewUntagResourceFn(&awssm.UntagResourceOutput{}, nil),
+					TagResourceFn:          fakesm.NewTagResourceFn(&awssm.TagResourceOutput{}, nil),
+					UntagResourceFn:        fakesm.NewUntagResourceFn(&awssm.UntagResourceOutput{}, nil),
 					DeleteResourcePolicyFn: fakesm.NewDeleteResourcePolicyFn(&awssm.DeleteResourcePolicyOutput{}, nil),
 				},
 				pushSecretData: pushSecretDataWithProperty,
@@ -606,11 +606,11 @@ func TestSetSecret(t *testing.T) {
 			args: args{
 				store: makeValidSecretStore().Spec.Provider.AWS,
 				client: fakesm.Client{
-					GetSecretValueFn: fakesm.NewGetSecretValueFn(secretValueOutput, nil),
-					PutSecretValueFn: fakesm.NewPutSecretValueFn(putSecretOutput, nil),
-					DescribeSecretFn: fakesm.NewDescribeSecretFn(tagSecretOutput, nil),
-					TagResourceFn:    fakesm.NewTagResourceFn(&awssm.TagResourceOutput{}, nil),
-					UntagResourceFn:  fakesm.NewUntagResourceFn(&awssm.UntagResourceOutput{}, nil),
+					GetSecretValueFn:       fakesm.NewGetSecretValueFn(secretValueOutput, nil),
+					PutSecretValueFn:       fakesm.NewPutSecretValueFn(putSecretOutput, nil),
+					DescribeSecretFn:       fakesm.NewDescribeSecretFn(tagSecretOutput, nil),
+					TagResourceFn:          fakesm.NewTagResourceFn(&awssm.TagResourceOutput{}, nil),
+					UntagResourceFn:        fakesm.NewUntagResourceFn(&awssm.UntagResourceOutput{}, nil),
 					DeleteResourcePolicyFn: fakesm.NewDeleteResourcePolicyFn(&awssm.DeleteResourcePolicyOutput{}, nil),
 				},
 				pushSecretData: pushSecretDataWithoutSecretKey,
@@ -624,11 +624,11 @@ func TestSetSecret(t *testing.T) {
 			args: args{
 				store: makeValidSecretStore().Spec.Provider.AWS,
 				client: fakesm.Client{
-					GetSecretValueFn: fakesm.NewGetSecretValueFn(secretValueOutput, nil),
-					PutSecretValueFn: fakesm.NewPutSecretValueFn(putSecretOutput, nil),
-					DescribeSecretFn: fakesm.NewDescribeSecretFn(tagSecretOutput, nil),
-					TagResourceFn:    fakesm.NewTagResourceFn(&awssm.TagResourceOutput{}, nil),
-					UntagResourceFn:  fakesm.NewUntagResourceFn(&awssm.UntagResourceOutput{}, nil),
+					GetSecretValueFn:       fakesm.NewGetSecretValueFn(secretValueOutput, nil),
+					PutSecretValueFn:       fakesm.NewPutSecretValueFn(putSecretOutput, nil),
+					DescribeSecretFn:       fakesm.NewDescribeSecretFn(tagSecretOutput, nil),
+					TagResourceFn:          fakesm.NewTagResourceFn(&awssm.TagResourceOutput{}, nil),
+					UntagResourceFn:        fakesm.NewUntagResourceFn(&awssm.UntagResourceOutput{}, nil),
 					DeleteResourcePolicyFn: fakesm.NewDeleteResourcePolicyFn(&awssm.DeleteResourcePolicyOutput{}, nil),
 				},
 				pushSecretData: pushSecretDataWithMetadata,
@@ -665,11 +665,11 @@ func TestSetSecret(t *testing.T) {
 			args: args{
 				store: makeValidSecretStore().Spec.Provider.AWS,
 				client: fakesm.Client{
-					GetSecretValueFn: fakesm.NewGetSecretValueFn(secretValueOutput, nil),
-					PutSecretValueFn: fakesm.NewPutSecretValueFn(putSecretOutput, nil),
-					DescribeSecretFn: fakesm.NewDescribeSecretFn(tagSecretOutput, nil),
-					TagResourceFn:    fakesm.NewTagResourceFn(&awssm.TagResourceOutput{}, nil),
-					UntagResourceFn:  fakesm.NewUntagResourceFn(&awssm.UntagResourceOutput{}, nil),
+					GetSecretValueFn:       fakesm.NewGetSecretValueFn(secretValueOutput, nil),
+					PutSecretValueFn:       fakesm.NewPutSecretValueFn(putSecretOutput, nil),
+					DescribeSecretFn:       fakesm.NewDescribeSecretFn(tagSecretOutput, nil),
+					TagResourceFn:          fakesm.NewTagResourceFn(&awssm.TagResourceOutput{}, nil),
+					UntagResourceFn:        fakesm.NewUntagResourceFn(&awssm.UntagResourceOutput{}, nil),
 					DeleteResourcePolicyFn: fakesm.NewDeleteResourcePolicyFn(&awssm.DeleteResourcePolicyOutput{}, nil),
 				},
 				pushSecretData: fake.PushSecretData{SecretKey: secretKey, RemoteKey: fakeKey, Property: "", Metadata: &apiextensionsv1.JSON{
@@ -690,8 +690,8 @@ func TestSetSecret(t *testing.T) {
 			args: args{
 				store: makeValidSecretStore().Spec.Provider.AWS,
 				client: fakesm.Client{
-					DescribeSecretFn: fakesm.NewDescribeSecretFn(blankDescribeSecretOutput, &getSecretCorrectErr),
-					CreateSecretFn:   fakesm.NewCreateSecretFn(secretOutput, nil),
+					DescribeSecretFn:    fakesm.NewDescribeSecretFn(blankDescribeSecretOutput, &getSecretCorrectErr),
+					CreateSecretFn:      fakesm.NewCreateSecretFn(secretOutput, nil),
 					PutResourcePolicyFn: fakesm.NewPutResourcePolicyFn(&awssm.PutResourcePolicyOutput{}, nil),
 				},
 				pushSecretData: pushSecretDataWithoutProperty,
@@ -726,8 +726,8 @@ func TestSetSecret(t *testing.T) {
 						SecretBinary: []byte(`{"fake-property":"fake-value","other-fake-property":"fake-value"}`),
 						Version:      &defaultUpdatedVersion,
 					}),
-					TagResourceFn:   fakesm.NewTagResourceFn(&awssm.TagResourceOutput{}, nil),
-					UntagResourceFn: fakesm.NewUntagResourceFn(&awssm.UntagResourceOutput{}, nil),
+					TagResourceFn:          fakesm.NewTagResourceFn(&awssm.TagResourceOutput{}, nil),
+					UntagResourceFn:        fakesm.NewUntagResourceFn(&awssm.UntagResourceOutput{}, nil),
 					DeleteResourcePolicyFn: fakesm.NewDeleteResourcePolicyFn(&awssm.DeleteResourcePolicyOutput{}, nil),
 				},
 				pushSecretData: pushSecretDataWithProperty,
@@ -751,8 +751,8 @@ func TestSetSecret(t *testing.T) {
 						SecretBinary: []byte(`{"fake-property":"fake-value","other-fake-property":"fake-value"}`),
 						Version:      &randomUUIDVersionIncremented,
 					}),
-					TagResourceFn:   fakesm.NewTagResourceFn(&awssm.TagResourceOutput{}, nil),
-					UntagResourceFn: fakesm.NewUntagResourceFn(&awssm.UntagResourceOutput{}, nil),
+					TagResourceFn:          fakesm.NewTagResourceFn(&awssm.TagResourceOutput{}, nil),
+					UntagResourceFn:        fakesm.NewUntagResourceFn(&awssm.UntagResourceOutput{}, nil),
 					DeleteResourcePolicyFn: fakesm.NewDeleteResourcePolicyFn(&awssm.DeleteResourcePolicyOutput{}, nil),
 				},
 				pushSecretData: pushSecretDataWithProperty,
@@ -776,8 +776,8 @@ func TestSetSecret(t *testing.T) {
 						SecretBinary: []byte((`fake-value`)),
 						Version:      &unparsableVersion,
 					}),
-					TagResourceFn:   fakesm.NewTagResourceFn(&awssm.TagResourceOutput{}, nil),
-					UntagResourceFn: fakesm.NewUntagResourceFn(&awssm.UntagResourceOutput{}, nil),
+					TagResourceFn:          fakesm.NewTagResourceFn(&awssm.TagResourceOutput{}, nil),
+					UntagResourceFn:        fakesm.NewUntagResourceFn(&awssm.UntagResourceOutput{}, nil),
 					DeleteResourcePolicyFn: fakesm.NewDeleteResourcePolicyFn(&awssm.DeleteResourcePolicyOutput{}, nil),
 				},
 				pushSecretData: pushSecretDataWithoutProperty,
@@ -801,8 +801,8 @@ func TestSetSecret(t *testing.T) {
 						SecretBinary: []byte(`{"fake-property":"fake-value","other-fake-property":"fake-value"}`),
 						Version:      &initialVersion,
 					}),
-					TagResourceFn:   fakesm.NewTagResourceFn(&awssm.TagResourceOutput{}, nil),
-					UntagResourceFn: fakesm.NewUntagResourceFn(&awssm.UntagResourceOutput{}, nil),
+					TagResourceFn:          fakesm.NewTagResourceFn(&awssm.TagResourceOutput{}, nil),
+					UntagResourceFn:        fakesm.NewUntagResourceFn(&awssm.UntagResourceOutput{}, nil),
 					DeleteResourcePolicyFn: fakesm.NewDeleteResourcePolicyFn(&awssm.DeleteResourcePolicyOutput{}, nil),
 				},
 				pushSecretData: pushSecretDataWithProperty,
@@ -823,8 +823,8 @@ func TestSetSecret(t *testing.T) {
 						SecretBinary: []byte(`{"fake-property":"fake-value","other-fake-property":"fake-value"}`),
 						Version:      &defaultUpdatedVersion,
 					}),
-					TagResourceFn:   fakesm.NewTagResourceFn(&awssm.TagResourceOutput{}, nil),
-					UntagResourceFn: fakesm.NewUntagResourceFn(&awssm.UntagResourceOutput{}, nil),
+					TagResourceFn:          fakesm.NewTagResourceFn(&awssm.TagResourceOutput{}, nil),
+					UntagResourceFn:        fakesm.NewUntagResourceFn(&awssm.UntagResourceOutput{}, nil),
 					DeleteResourcePolicyFn: fakesm.NewDeleteResourcePolicyFn(&awssm.DeleteResourcePolicyOutput{}, nil),
 				},
 				pushSecretData: pushSecretDataWithProperty,
@@ -845,8 +845,8 @@ func TestSetSecret(t *testing.T) {
 						SecretBinary: []byte(`{"fake-property":{"fake-property":"fake-value","other-fake-property":"fake-value"}}`),
 						Version:      &defaultUpdatedVersion,
 					}),
-					TagResourceFn:   fakesm.NewTagResourceFn(&awssm.TagResourceOutput{}, nil),
-					UntagResourceFn: fakesm.NewUntagResourceFn(&awssm.UntagResourceOutput{}, nil),
+					TagResourceFn:          fakesm.NewTagResourceFn(&awssm.TagResourceOutput{}, nil),
+					UntagResourceFn:        fakesm.NewUntagResourceFn(&awssm.UntagResourceOutput{}, nil),
 					DeleteResourcePolicyFn: fakesm.NewDeleteResourcePolicyFn(&awssm.DeleteResourcePolicyOutput{}, nil),
 				},
 				pushSecretData: fake.PushSecretData{SecretKey: secretKey, RemoteKey: fakeKey, Property: "fake-property.other-fake-property"},
@@ -915,11 +915,11 @@ func TestSetSecret(t *testing.T) {
 			args: args{
 				store: makeValidSecretStore().Spec.Provider.AWS,
 				client: fakesm.Client{
-					GetSecretValueFn: fakesm.NewGetSecretValueFn(secretValueOutput, nil),
-					PutSecretValueFn: fakesm.NewPutSecretValueFn(nil, noPermission),
-					DescribeSecretFn: fakesm.NewDescribeSecretFn(tagSecretOutput, nil),
-					TagResourceFn:    fakesm.NewTagResourceFn(&awssm.TagResourceOutput{}, nil),
-					UntagResourceFn:  fakesm.NewUntagResourceFn(&awssm.UntagResourceOutput{}, nil),
+					GetSecretValueFn:       fakesm.NewGetSecretValueFn(secretValueOutput, nil),
+					PutSecretValueFn:       fakesm.NewPutSecretValueFn(nil, noPermission),
+					DescribeSecretFn:       fakesm.NewDescribeSecretFn(tagSecretOutput, nil),
+					TagResourceFn:          fakesm.NewTagResourceFn(&awssm.TagResourceOutput{}, nil),
+					UntagResourceFn:        fakesm.NewUntagResourceFn(&awssm.UntagResourceOutput{}, nil),
 					DeleteResourcePolicyFn: fakesm.NewDeleteResourcePolicyFn(&awssm.DeleteResourcePolicyOutput{}, nil),
 				},
 				pushSecretData: pushSecretDataWithoutProperty,

pkg/provider/cloudru/secretmanager/endpoints.go

@@ -43,7 +43,7 @@ func GetEndpoints(url string) (*EndpointsResponse, error) {
 	if url != EndpointsURI {
 		return nil, fmt.Errorf("invalid endpoints URL: expected %s, got %s", EndpointsURI, url)
 	}
-	
+
 	req, err := http.NewRequest(http.MethodGet, url, http.NoBody)
 	if err != nil {
 		return nil, fmt.Errorf("construct HTTP request for cloud.ru endpoints: %w", err)