Enforce aliases for 'k8s.io/apimachinery/pkg/util/errors' and 'k8s.io…

…/apimachinery/pkg/api/errors'
vmware-tanzu · May 11, 2024 · e920919 · e920919
1 parent d7849c7
commit e920919
Show file tree

Hide file tree

Showing 55 changed files with 200 additions and 192 deletions.
diff --git a/.golangci.yaml b/.golangci.yaml
@@ -48,6 +48,7 @@ linters:
     - fatcontext
     # - canonicalheader Can't do this one since it alerts on valid headers such as X-XSS-Protection
     - spancheck
+    - importas
 
 issues:
   exclude-dirs:
@@ -91,3 +92,11 @@ linters-settings:
     - end
     - record-error
     - set-status
+  importas:
+    no-unaliased: true # All packages explicitly listed below must be aliased
+    no-extra-aliases: false # Allow other aliases than the ones explicitly listed below
+    alias:
+    - pkg: k8s.io/apimachinery/pkg/util/errors
+      alias: utilerrors
+    - pkg: k8s.io/apimachinery/pkg/api/errors
+      alias: apierrors
diff --git a/cmd/pinniped/cmd/whoami.go b/cmd/pinniped/cmd/whoami.go
@@ -1,4 +1,4 @@
-// Copyright 2021-2023 the Pinniped contributors. All Rights Reserved.
+// Copyright 2021-2024 the Pinniped contributors. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
 
 package cmd
@@ -12,7 +12,7 @@ import (
 	"time"
 
 	"github.com/spf13/cobra"
-	"k8s.io/apimachinery/pkg/api/errors"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/serializer"
@@ -99,7 +99,7 @@ func runWhoami(output io.Writer, getClientset getConciergeClientsetFunc, flags *
 	whoAmI, err := clientset.IdentityV1alpha1().WhoAmIRequests().Create(ctx, &identityv1alpha1.WhoAmIRequest{}, metav1.CreateOptions{})
 	if err != nil {
 		hint := ""
-		if errors.IsNotFound(err) {
+		if apierrors.IsNotFound(err) {
 			hint = " (is the Pinniped WhoAmI API running and healthy?)"
 		}
 		return fmt.Errorf("could not complete WhoAmIRequest%s: %w", hint, err)

diff --git a/cmd/pinniped/cmd/whoami_test.go b/cmd/pinniped/cmd/whoami_test.go
@@ -8,7 +8,7 @@ import (
 	"testing"
 
 	"github.com/stretchr/testify/require"
-	"k8s.io/apimachinery/pkg/api/errors"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/runtime"
 	kubetesting "k8s.io/client-go/testing"
 	"k8s.io/client-go/tools/clientcmd"
@@ -273,7 +273,7 @@ func TestWhoami(t *testing.T) {
 		},
 		{
 			name:          "calling API fails because WhoAmI API is not installed",
-			callingAPIErr: errors.NewNotFound(identityv1alpha1.SchemeGroupVersion.WithResource("whoamirequests").GroupResource(), "whatever"),
+			callingAPIErr: apierrors.NewNotFound(identityv1alpha1.SchemeGroupVersion.WithResource("whoamirequests").GroupResource(), "whatever"),
 			wantError:     true,
 			wantStderr:    "Error: could not complete WhoAmIRequest (is the Pinniped WhoAmI API running and healthy?): whoamirequests.identity.concierge.pinniped.dev \"whatever\" not found\n",
 		},

diff --git a/internal/clientcertissuer/issuer.go b/internal/clientcertissuer/issuer.go
@@ -1,4 +1,4 @@
-// Copyright 2021-2023 the Pinniped contributors. All Rights Reserved.
+// Copyright 2021-2024 the Pinniped contributors. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
 
 package clientcertissuer
@@ -8,7 +8,7 @@ import (
 	"strings"
 	"time"
 
-	"k8s.io/apimachinery/pkg/util/errors"
+	utilerrors "k8s.io/apimachinery/pkg/util/errors"
 
 	"go.pinniped.dev/internal/constable"
 )
@@ -48,7 +48,7 @@ func (c ClientCertIssuers) IssueClientCertPEM(username string, groups []string,
 		errs = append(errs, fmt.Errorf("%s failed to issue client cert: %w", issuer.Name(), err))
 	}
 
-	if err := errors.NewAggregate(errs); err != nil {
+	if err := utilerrors.NewAggregate(errs); err != nil {
 		return nil, nil, err
 	}
 

diff --git a/internal/concierge/apiserver/apiserver.go b/internal/concierge/apiserver/apiserver.go
@@ -11,7 +11,7 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
-	"k8s.io/apimachinery/pkg/util/errors"
+	utilerrors "k8s.io/apimachinery/pkg/util/errors"
 	"k8s.io/apiserver/pkg/registry/rest"
 	genericapiserver "k8s.io/apiserver/pkg/server"
 
@@ -105,7 +105,7 @@ func (c completedConfig) New() (*PinnipedServer, error) {
 			),
 		)
 	}
-	if err := errors.NewAggregate(errs); err != nil {
+	if err := utilerrors.NewAggregate(errs); err != nil {
 		return nil, fmt.Errorf("could not install API groups: %w", err)
 	}
 

diff --git a/internal/concierge/impersonator/impersonator.go b/internal/concierge/impersonator/impersonator.go
@@ -26,7 +26,7 @@ import (
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apimachinery/pkg/runtime/serializer"
-	"k8s.io/apimachinery/pkg/util/errors"
+	utilerrors "k8s.io/apimachinery/pkg/util/errors"
 	"k8s.io/apimachinery/pkg/util/httpstream"
 	utilnet "k8s.io/apimachinery/pkg/util/net"
 	"k8s.io/apimachinery/pkg/util/sets"
@@ -349,7 +349,7 @@ func newInternal(
 		if listener != nil {
 			errs = append(errs, listener.Close())
 		}
-		return nil, errors.NewAggregate(errs)
+		return nil, utilerrors.NewAggregate(errs)
 	}
 	return result, nil
 }

diff --git a/internal/concierge/impersonator/impersonator_test.go b/internal/concierge/impersonator/impersonator_test.go
@@ -21,7 +21,7 @@ import (
 	"github.com/stretchr/testify/require"
 	authenticationv1 "k8s.io/api/authentication/v1"
 	corev1 "k8s.io/api/core/v1"
-	"k8s.io/apimachinery/pkg/api/errors"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured/unstructuredscheme"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -1010,7 +1010,7 @@ func TestImpersonator(t *testing.T) {
 
 			probeBody, errProbe := rc.Get().AbsPath("/probe").DoRaw(ctx)
 			if tt.anonymousAuthDisabled {
-				require.True(t, errors.IsUnauthorized(errProbe), errProbe)
+				require.True(t, apierrors.IsUnauthorized(errProbe), errProbe)
 				require.Equal(t, `{"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"Unauthorized","reason":"Unauthorized","code":401}`+"\n", string(probeBody))
 			} else {
 				require.NoError(t, errProbe)
@@ -1019,7 +1019,7 @@ func TestImpersonator(t *testing.T) {
 
 			notTCRBody, errNotTCR := rc.Get().Resource("tokencredentialrequests").DoRaw(ctx)
 			if tt.anonymousAuthDisabled {
-				require.True(t, errors.IsUnauthorized(errNotTCR), errNotTCR)
+				require.True(t, apierrors.IsUnauthorized(errNotTCR), errNotTCR)
 				require.Equal(t, `{"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"Unauthorized","reason":"Unauthorized","code":401}`+"\n", string(notTCRBody))
 			} else {
 				require.NoError(t, errNotTCR)
@@ -1028,7 +1028,7 @@ func TestImpersonator(t *testing.T) {
 
 			ducksBody, errDucks := rc.Get().Resource("ducks").DoRaw(ctx)
 			if tt.anonymousAuthDisabled {
-				require.True(t, errors.IsUnauthorized(errDucks), errDucks)
+				require.True(t, apierrors.IsUnauthorized(errDucks), errDucks)
 				require.Equal(t, `{"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"Unauthorized","reason":"Unauthorized","code":401}`+"\n", string(ducksBody))
 			} else {
 				require.NoError(t, errDucks)
@@ -1046,7 +1046,7 @@ func TestImpersonator(t *testing.T) {
 			require.NoError(t, err)
 
 			_, errBadCert := tcrBadCert.PinnipedConcierge.LoginV1alpha1().TokenCredentialRequests().Create(ctx, &loginv1alpha1.TokenCredentialRequest{}, metav1.CreateOptions{})
-			require.True(t, errors.IsUnauthorized(errBadCert), errBadCert)
+			require.True(t, apierrors.IsUnauthorized(errBadCert), errBadCert)
 			require.EqualError(t, errBadCert, "Unauthorized")
 		})
 	}

diff --git a/internal/controller/apicerts/apiservice_updater.go b/internal/controller/apicerts/apiservice_updater.go
@@ -1,12 +1,12 @@
-// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
+// Copyright 2020-2024 the Pinniped contributors. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
 
 package apicerts
 
 import (
 	"fmt"
 
-	k8serrors "k8s.io/apimachinery/pkg/api/errors"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	corev1informers "k8s.io/client-go/informers/core/v1"
 	aggregatorclient "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset"
 
@@ -53,7 +53,7 @@ func NewAPIServiceUpdaterController(
 func (c *apiServiceUpdaterController) Sync(ctx controllerlib.Context) error {
 	// Try to get the secret from the informer cache.
 	certSecret, err := c.secretInformer.Lister().Secrets(c.namespace).Get(c.certsSecretResourceName)
-	notFound := k8serrors.IsNotFound(err)
+	notFound := apierrors.IsNotFound(err)
 	if err != nil && !notFound {
 		return fmt.Errorf("failed to get %s/%s secret: %w", c.namespace, c.certsSecretResourceName, err)
 	}

diff --git a/internal/controller/apicerts/certs_expirer.go b/internal/controller/apicerts/certs_expirer.go
@@ -1,4 +1,4 @@
-// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
+// Copyright 2020-2024 the Pinniped contributors. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
 
 package apicerts
@@ -10,7 +10,7 @@ import (
 	"time"
 
 	corev1 "k8s.io/api/core/v1"
-	k8serrors "k8s.io/apimachinery/pkg/api/errors"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	corev1informers "k8s.io/client-go/informers/core/v1"
 	"k8s.io/client-go/kubernetes"
@@ -74,7 +74,7 @@ func NewCertsExpirerController(
 // Sync implements controller.Syncer.Sync.
 func (c *certsExpirerController) Sync(ctx controllerlib.Context) error {
 	secret, err := c.secretInformer.Lister().Secrets(c.namespace).Get(c.certsSecretResourceName)
-	notFound := k8serrors.IsNotFound(err)
+	notFound := apierrors.IsNotFound(err)
 	if err != nil && !notFound {
 		return fmt.Errorf("failed to get %s/%s secret: %w", c.namespace, c.certsSecretResourceName, err)
 	}

diff --git a/internal/controller/apicerts/certs_manager.go b/internal/controller/apicerts/certs_manager.go
@@ -1,4 +1,4 @@
-// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
+// Copyright 2020-2024 the Pinniped contributors. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
 
 package apicerts
@@ -8,7 +8,7 @@ import (
 	"time"
 
 	corev1 "k8s.io/api/core/v1"
-	k8serrors "k8s.io/apimachinery/pkg/api/errors"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	corev1informers "k8s.io/client-go/informers/core/v1"
 	"k8s.io/client-go/kubernetes"
@@ -83,7 +83,7 @@ func NewCertsManagerController(
 func (c *certsManagerController) Sync(ctx controllerlib.Context) error {
 	// Try to get the secret from the informer cache.
 	_, err := c.secretInformer.Lister().Secrets(c.namespace).Get(c.certsSecretResourceName)
-	notFound := k8serrors.IsNotFound(err)
+	notFound := apierrors.IsNotFound(err)
 	if err != nil && !notFound {
 		return fmt.Errorf("failed to get %s/%s secret: %w", c.namespace, c.certsSecretResourceName, err)
 	}

diff --git a/internal/controller/apicerts/certs_observer.go b/internal/controller/apicerts/certs_observer.go
@@ -1,12 +1,12 @@
-// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
+// Copyright 2020-2024 the Pinniped contributors. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
 
 package apicerts
 
 import (
 	"fmt"
 
-	k8serrors "k8s.io/apimachinery/pkg/api/errors"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	corev1informers "k8s.io/client-go/informers/core/v1"
 
 	pinnipedcontroller "go.pinniped.dev/internal/controller"
@@ -50,7 +50,7 @@ func NewCertsObserverController(
 func (c *certsObserverController) Sync(_ controllerlib.Context) error {
 	// Try to get the secret from the informer cache.
 	certSecret, err := c.secretInformer.Lister().Secrets(c.namespace).Get(c.certsSecretResourceName)
-	notFound := k8serrors.IsNotFound(err)
+	notFound := apierrors.IsNotFound(err)
 	if err != nil && !notFound {
 		return fmt.Errorf("failed to get %s/%s secret: %w", c.namespace, c.certsSecretResourceName, err)
 	}

diff --git a/internal/controller/authenticator/jwtcachefiller/jwtcachefiller.go b/internal/controller/authenticator/jwtcachefiller/jwtcachefiller.go
@@ -21,7 +21,7 @@ import (
 	"k8s.io/apimachinery/pkg/api/equality"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	errorsutil "k8s.io/apimachinery/pkg/util/errors"
+	utilerrors "k8s.io/apimachinery/pkg/util/errors"
 	"k8s.io/apiserver/pkg/apis/apiserver"
 	"k8s.io/apiserver/pkg/authentication/authenticator"
 	"k8s.io/apiserver/plugin/pkg/authenticator/token/oidc"
@@ -229,7 +229,7 @@ func (c *jwtCacheFillerController) Sync(ctx controllerlib.Context) error {
 	//   object. The controller simply must wait for a user to correct before running again.
 	// - Other errors, such as networking errors, etc. are the types of errors that should return here
 	//   and signal the controller to retry the sync loop. These may be corrected by machines.
-	return errorsutil.NewAggregate(errs)
+	return utilerrors.NewAggregate(errs)
 }
 
 func (c *jwtCacheFillerController) extractValueAsJWTAuthenticator(value authncache.Value) *cachedJWTAuthenticator {

diff --git a/internal/controller/authenticator/webhookcachefiller/webhookcachefiller.go b/internal/controller/authenticator/webhookcachefiller/webhookcachefiller.go
@@ -14,9 +14,9 @@ import (
 
 	k8sauthv1beta1 "k8s.io/api/authentication/v1beta1"
 	"k8s.io/apimachinery/pkg/api/equality"
-	"k8s.io/apimachinery/pkg/api/errors"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	errorsutil "k8s.io/apimachinery/pkg/util/errors"
+	utilerrors "k8s.io/apimachinery/pkg/util/errors"
 	k8snetutil "k8s.io/apimachinery/pkg/util/net"
 	"k8s.io/apiserver/pkg/authentication/authenticator"
 	"k8s.io/apiserver/plugin/pkg/authenticator/token/webhook"
@@ -95,7 +95,7 @@ type webhookCacheFillerController struct {
 // Sync implements controllerlib.Syncer.
 func (c *webhookCacheFillerController) Sync(ctx controllerlib.Context) error {
 	obj, err := c.webhooks.Lister().Get(ctx.Key.Name)
-	if err != nil && errors.IsNotFound(err) {
+	if err != nil && apierrors.IsNotFound(err) {
 		c.log.Info("Sync() found that the WebhookAuthenticator does not exist yet or was deleted")
 		return nil
 	}
@@ -141,7 +141,7 @@ func (c *webhookCacheFillerController) Sync(ctx controllerlib.Context) error {
 	//   object. The controller simply must wait for a user to correct before running again.
 	// - other errors, such as networking errors, etc. are the types of errors that should return here
 	//   and signal the controller to retry the sync loop. These may be corrected by machines.
-	return errorsutil.NewAggregate(errs)
+	return utilerrors.NewAggregate(errs)
 }
 
 // newWebhookAuthenticator creates a webhook from the provided API server url and caBundle