style: fix lint error

cmd/tke-auth-api/app/config/config.go

@@ -308,7 +308,7 @@ func setupCasbinEnforcer(authorizationOptions *options.AuthorizationOptions) (*c
 func setupDefaultConnectorConfig(authClient authinternalclient.AuthInterface, versionInformers versionedinformers.SharedInformerFactory, store dexstorage.Storage, auth *options.AuthOptions) error {
  // create dex local identity provider for tke connector.
  dexserver.ConnectorsConfig[local.TkeConnectorType] = func() dexserver.ConnectorConfig {
- return new(local.DefaultIdentityProvdier)
+ return new(local.DefaultIdentityProvider)
  }
  local.SetupRestClient(authClient)
 

cmd/tke-auth-controller/app/options/feature.go

@@ -54,7 +54,9 @@ type FeatureOptions struct {
 }
 
 func NewFeatureOptions() *FeatureOptions {
- return &FeatureOptions{CasbinReloadInterval: 5*time.Second}
+ return &FeatureOptions{
+ CasbinReloadInterval: 5 * time.Second,
+ }
 }
 
 // AddFlags adds flags for console to the specified FlagSet object.

cmd/tke-auth-controller/app/options/options.go

@@ -27,23 +27,22 @@ import (
 
 // Options is the main context object for the TKE controller manager.
 type Options struct {
- Log *log.Options
- Debug *apiserveroptions.DebugOptions
- SecureServing *apiserveroptions.SecureServingOptions
- Component *controlleroptions.ComponentOptions
- AuthAPIClient *controlleroptions.APIServerClientOptions
-
+ Log *log.Options
+ Debug *apiserveroptions.DebugOptions
+ SecureServing *apiserveroptions.SecureServingOptions
+ Component *controlleroptions.ComponentOptions
+ AuthAPIClient *controlleroptions.APIServerClientOptions
  FeatureOptions *FeatureOptions
 }
 
 // NewOptions creates a new Options with a default config.
 func NewOptions(serverName string, allControllers []string, disabledByDefaultControllers []string) *Options {
  return &Options{
- Log: log.NewOptions(),
- Debug: apiserveroptions.NewDebugOptions(),
- SecureServing: apiserveroptions.NewSecureServingOptions(serverName, 9458),
- Component: controlleroptions.NewComponentOptions(allControllers, disabledByDefaultControllers),
- AuthAPIClient: controlleroptions.NewAPIServerClientOptions("auth", true),
+ Log:  log.NewOptions(),
+ Debug:  apiserveroptions.NewDebugOptions(),
+ SecureServing:  apiserveroptions.NewSecureServingOptions(serverName, 9458),
+ Component:  controlleroptions.NewComponentOptions(allControllers, disabledByDefaultControllers),
+ AuthAPIClient:  controlleroptions.NewAPIServerClientOptions("auth", true),
  FeatureOptions: NewFeatureOptions(),
  }
 }

pkg/auth/authentication/oidc/identityprovider/interface.go

@@ -20,16 +20,11 @@ package identityprovider
 
 import (
  "context"
-
  "github.com/dexidp/dex/connector"
  dexlog "github.com/dexidp/dex/pkg/log"
- metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-
  "github.com/dexidp/dex/storage"
-
  metainternal "k8s.io/apimachinery/pkg/apis/meta/internalversion"
-
-
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
  "tkestack.io/tke/api/auth"
 )
 
@@ -44,7 +39,7 @@ type IdentityProvider interface {
 }
 
 // IdentityProvidersStore represents identity providers for every tenantID.
-var IdentityProvidersStore = make(map[string] IdentityProvider)
+var IdentityProvidersStore = make(map[string]IdentityProvider)
 
 // UserGetter is an object that can get the user that match the provided field and label criteria.
 type UserGetter interface {

pkg/auth/authentication/oidc/identityprovider/local/local.go

@@ -58,22 +58,22 @@ var (
 )
 
 // Config holds the configuration parameters for tke local connector login.
-type DefaultIdentityProvdier struct {
+type DefaultIdentityProvider struct {
  tenantID string
  localIdentityLister authv1lister.LocalIdentityLister
  localGroupLister authv1lister.LocalGroupLister
 }
 
 func NewDefaultIdentityProvider(tenantID string, versionInformers versionedinformers.SharedInformerFactory) identityprovider.IdentityProvider {
- return &DefaultIdentityProvdier{
+ return &DefaultIdentityProvider{
  tenantID: tenantID,
  localIdentityLister: versionInformers.Auth().V1().LocalIdentities().Lister(),
  localGroupLister: versionInformers.Auth().V1().LocalGroups().Lister(),
  }
 }
 
 // Open returns a strategy for logging in through TKE
-func (c *DefaultIdentityProvdier) Open(id string, logger dexlog.Logger) (
+func (c *DefaultIdentityProvider) Open(id string, logger dexlog.Logger) (
  connector.Connector, error) {
 
  if authClient == nil {
@@ -83,12 +83,12 @@ func (c *DefaultIdentityProvdier) Open(id string, logger dexlog.Logger) (
  return &localConnector{authClient: authClient, tenantID: id}, nil
 }
 
-func (c *DefaultIdentityProvdier) Connector() (*dexstorage.Connector, error) {
+func (c *DefaultIdentityProvider) Connector() (*dexstorage.Connector, error) {
  if c.tenantID == "" {
  return nil, fmt.Errorf("must specify tenantID")
  }
 
- bytes, err := json.Marshal(DefaultIdentityProvdier{})
+ bytes, err := json.Marshal(DefaultIdentityProvider{})
  if err != nil {
  return nil, err
  }
@@ -99,7 +99,6 @@ func (c *DefaultIdentityProvdier) Connector() (*dexstorage.Connector, error) {
  Name: c.tenantID,
  Config: bytes,
  }, nil
-
 }
 
 func SetupRestClient(authInterface authinternalclient.AuthInterface) {
@@ -190,7 +189,7 @@ func (p *localConnector) Refresh(ctx context.Context, s connector.Scopes, identi
 }
 
 // Get is an object that can get the user that match the provided field and label criteria.
-func (c *DefaultIdentityProvdier) GetUser(ctx context.Context, name string, options *metav1.GetOptions) (*auth.User, error) {
+func (c *DefaultIdentityProvider) GetUser(ctx context.Context, name string, options *metav1.GetOptions) (*auth.User, error) {
  _, tenantID := authentication.GetUsernameAndTenantID(ctx)
  if tenantID != "" && tenantID != c.tenantID {
  return nil, apierrors.NewBadRequest("must in the same tenant")
@@ -210,7 +209,7 @@ func (c *DefaultIdentityProvdier) GetUser(ctx context.Context, name string, opti
 }
 
 // List is an object that can list users that match the provided field and label criteria.
-func (c *DefaultIdentityProvdier) ListUsers(ctx context.Context, options *metainternal.ListOptions) (*auth.UserList, error) {
+func (c *DefaultIdentityProvider) ListUsers(ctx context.Context, options *metainternal.ListOptions) (*auth.UserList, error) {
  keyword := ""
  limit := 50
  if options.FieldSelector != nil {
@@ -260,7 +259,7 @@ func (c *DefaultIdentityProvdier) ListUsers(ctx context.Context, options *metain
 }
 
 // Get is an object that can get the user that match the provided field and label criteria.
-func (c *DefaultIdentityProvdier) GetGroup(ctx context.Context, name string, options *metav1.GetOptions) (*auth.Group, error) {
+func (c *DefaultIdentityProvider) GetGroup(ctx context.Context, name string, options *metav1.GetOptions) (*auth.Group, error) {
  _, tenantID := authentication.GetUsernameAndTenantID(ctx)
  if tenantID != "" && tenantID != c.tenantID {
  return nil, apierrors.NewBadRequest("must in the same tenant")
@@ -280,7 +279,7 @@ func (c *DefaultIdentityProvdier) GetGroup(ctx context.Context, name string, opt
 }
 
 // List is an object that can list users that match the provided field and label criteria.
-func (c *DefaultIdentityProvdier) ListGroups(ctx context.Context, options *metainternal.ListOptions) (*auth.GroupList, error) {
+func (c *DefaultIdentityProvider) ListGroups(ctx context.Context, options *metainternal.ListOptions) (*auth.GroupList, error) {
  keyword := ""
  limit := 50
  if options.FieldSelector != nil {

pkg/auth/authorization/local/authorizer.go

@@ -96,7 +96,7 @@ func (a *Authorizer) Authorize(ctx context.Context, attr authorizer.Attributes)
  }
  }
 
- allow, err := a.enforcer.Enforce(fmt.Sprintf(util.UserKey(tenantID, subject)), resource, action)
+ allow, err := a.enforcer.Enforce(util.UserKey(tenantID, subject), resource, action)
  if err != nil {
  log.Error("Casbin enforcer failed", log.Any("att", attr), log.String("subj", subject), log.String("act", action), log.String("res", resource), log.Err(err))
  return authorizer.DecisionDeny, "", err

pkg/auth/controller/policy/deletion/policied_resources_deleter.go

@@ -282,6 +282,9 @@ func detachRelatedRoles(deleter *policiedResourcesDeleter, policy *v1.Policy) er
  log.Info("Policy controller - deleteRelatedRules", log.String("policyName", policy.ObjectMeta.Name))
 
  roles, err := deleter.enforcer.GetRolesForUser(policy.ObjectMeta.Name)
+ if err != nil {
+ return err
+ }
 
  var errs []error
 

pkg/auth/registry/localidentity/storage/password.go

@@ -58,11 +58,11 @@ func (r *PasswordREST) Create(ctx context.Context, obj runtime.Object, createVal
 
  userID := requestInfo.Name
 
- obj, err := r.localIdentityStore.Get(ctx, userID, &metav1.GetOptions{})
+ localIdentityObj, err := r.localIdentityStore.Get(ctx, userID, &metav1.GetOptions{})
  if err != nil {
  return nil, err
  }
- localIdentity := obj.(*auth.LocalIdentity)
+ localIdentity := localIdentityObj.(*auth.LocalIdentity)
 
  passwordReq := obj.(*auth.PasswordReq)
 

pkg/auth/registry/localidentity/validation.go

@@ -138,12 +138,11 @@ func ValidateLocalIdentityPasswordUpdate(localIdentity *auth.LocalIdentity, pass
  return fmt.Errorf("must specify hashedPassword")
  }
 
- if bcrypted, err := util.BcryptPassword(passwordReq.HashedPassword); err != nil {
+ bcrypted, err := util.BcryptPassword(passwordReq.HashedPassword)
+ if err != nil {
  return fmt.Errorf("bcrypt password failed: %v", err)
- } else {
- localIdentity.Spec.HashedPassword = bcrypted
  }
-
+ localIdentity.Spec.HashedPassword = bcrypted
  return nil
 }
 

pkg/auth/registry/rule/strategy.go

@@ -56,7 +56,6 @@ func (Strategy) DefaultGarbageCollectionRule(ctx context.Context) rest.GarbageCo
 // PrepareForUpdate is invoked on update before validation to normalize the
 // object.
 func (Strategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) {
- return
 }
 
 // NamespaceScoped is false for policies.
@@ -106,7 +105,7 @@ func GetAttrs(obj runtime.Object) (labels.Set, fields.Set, error) {
  if !ok {
  return nil, nil, fmt.Errorf("not a rule")
  }
- return labels.Set(rule.ObjectMeta.Labels), ToSelectableFields(rule), nil
+ return rule.ObjectMeta.Labels, ToSelectableFields(rule), nil
 }
 
 // MatchRule returns a generic matcher for a given label and field selector.

pkg/auth/registry/rule/validation.go

@@ -42,8 +42,8 @@ func ValidateRule(rule *auth.Rule) field.ErrorList {
 // ValidateRuleUpdate tests if required fields in the policy are set during
 // an update.
 func ValidateRuleUpdate(rule *auth.Rule, old *auth.Rule) field.ErrorList {
- //allErrs := apiMachineryValidation.ValidateObjectMetaUpdate(&policy.ObjectMeta, &old.ObjectMeta, field.NewPath("metadata"))
+ // allErrs := apiMachineryValidation.ValidateObjectMetaUpdate(&policy.ObjectMeta, &old.ObjectMeta, field.NewPath("metadata"))
  allErrs := field.ErrorList{}
  allErrs = append(allErrs, ValidateRule(rule)...)
- return nil
+ return allErrs
 }

pkg/auth/util/adapter.go

@@ -36,11 +36,6 @@ import (
  authv1lister "tkestack.io/tke/api/client/listers/auth/v1"
 )
 
-const (
- // placeHolder represent the NULL value in the Casbin Rule.
- placeHolder = "_"
-)
-
 // RestAdapter is the policy storage adapter for Casbin. With this library, Casbin can load policy
 // from kubernetes rest storage and save policy to it. Rest adapter support the Auto-Save feature for Casbin policy.
 // This means it can support adding a single policy rule to the storage, or removing a single policy
@@ -68,7 +63,7 @@ func (a *RestAdapter) LoadPolicy(model model.Model) error {
  }
 
  // Uncomment this line to see when the policy is loaded.
- //log.Info("List rules", log.Int("rules", len(rules)))
+ // log.Info("List rules", log.Int("rules", len(rules)))
 
  for _, rule := range rules {
  a.loadPolicy(rule, model)
@@ -139,45 +134,29 @@ func (a *RestAdapter) destroy() error {
 func ConvertRule(ptype string, line []string) (rule authv1.Rule) {
  rule = authv1.Rule{}
  rule.Spec.PType = ptype
- policys := []string{ptype}
- length := len(line)
 
  if len(line) > 0 {
  rule.Spec.V0 = line[0]
- policys = append(policys, line[0])
  }
  if len(line) > 1 {
  rule.Spec.V1 = line[1]
- policys = append(policys, line[1])
  }
  if len(line) > 2 {
  rule.Spec.V2 = line[2]
- policys = append(policys, line[2])
  }
  if len(line) > 3 {
  rule.Spec.V3 = line[3]
- policys = append(policys, line[3])
  }
  if len(line) > 4 {
  rule.Spec.V4 = line[4]
- policys = append(policys, line[4])
  }
  if len(line) > 5 {
  rule.Spec.V5 = line[5]
- policys = append(policys, line[5])
  }
-
  if len(line) > 6 {
  rule.Spec.V6 = line[6]
- policys = append(policys, line[6])
  }
 
- for i := 0; i < 7-length; i++ {
- policys = append(policys, placeHolder)
- }
-
- //rule.ObjectMeta.Name = strings.Join(policys, "::")
-
  return rule
 }
 

pkg/auth/util/dex/conn.go

@@ -35,13 +35,12 @@ type conn struct {
 
 func (c *conn) CreateConnector(connector dexstorage.Connector) error {
  idp := fromDexConnector(connector)
- idp, err := c.authClient.IdentityProviders().Create(idp)
+ _, err := c.authClient.IdentityProviders().Create(idp)
  if err != nil {
  if apierrors.IsAlreadyExists(err) {
  return dexstorage.ErrAlreadyExists
- } else {
- return err
  }
+ return err
  }
  return nil
 }
@@ -51,9 +50,8 @@ func (c *conn) GetConnector(id string) (conn dexstorage.Connector, err error) {
  if err != nil {
  if apierrors.IsNotFound(err) {
  return conn, dexstorage.ErrNotFound
- } else {
- return conn, err
  }
+ return conn, err
  }
 
  return toDexConnector(idp), nil

pkg/auth/util/sign.go

@@ -34,9 +34,6 @@ import (
 )
 
 var (
- minExpire = 1 * time.Second
- maxExpire = 100 * 365 * 24 * time.Hour
-
  DefaultAPISigningKey = "default-api-signing-key"
 )
 

pkg/auth/util/user.go

@@ -20,13 +20,11 @@ package util
 
 import (
  "fmt"
- "strings"
-
  apierrors "k8s.io/apimachinery/pkg/api/errors"
- v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ "k8s.io/apimachinery/pkg/apis/meta/v1"
  "k8s.io/apimachinery/pkg/fields"
+ "strings"
  "tkestack.io/tke/api/auth"
-
  authinternalclient "tkestack.io/tke/api/client/clientset/internalversion/typed/auth/internalversion"
 )
 
@@ -85,4 +83,3 @@ func ParseTenantAndName(str string) (string, string) {
 func CombineTenantAndName(tenantID, name string) string {
  return fmt.Sprintf("%s::%s", tenantID, name)
 }
-

pkg/util/leaderelection/resourcelock/auth_lock.go

@@ -25,7 +25,6 @@ import (
  metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
  "tkestack.io/tke/api/auth/v1"
  authv1client "tkestack.io/tke/api/client/clientset/versioned/typed/auth/v1"
- "tkestack.io/tke/pkg/util/log"
 )
 
 // BusinessConfigMapLock defines the structure of using configmap resources to implement
@@ -65,8 +64,6 @@ func (cml *AuthConfigMapLock) Create(ler LeaderElectionRecord) error {
  return err
  }
 
- log.Info("xxx", )
-
  cml.cm, err = cml.Client.ConfigMaps().Create(&v1.ConfigMap{
  ObjectMeta: metav1.ObjectMeta{
  Name: cml.ConfigMapMeta.Name,

pkg/util/leaderelection/resourcelock/resourcelock.go

@@ -20,11 +20,11 @@ package resourcelock
 
 import (
  metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ authv1 "tkestack.io/tke/api/client/clientset/versioned/typed/auth/v1"
  businessv1 "tkestack.io/tke/api/client/clientset/versioned/typed/business/v1"
  monitorv1 "tkestack.io/tke/api/client/clientset/versioned/typed/monitor/v1"
  notifyv1 "tkestack.io/tke/api/client/clientset/versioned/typed/notify/v1"
  platformv1 "tkestack.io/tke/api/client/clientset/versioned/typed/platform/v1"
- authv1 "tkestack.io/tke/api/client/clientset/versioned/typed/auth/v1"
 )
 
 const (