Bump golangci-lint to 2.3.0 and fix issues

2025-12-23 14:25:50 +00:00 · 2025-07-30 10:25:23 -05:00
parent b387a2cae9
commit 1c1b3b7f2e
16 changed files with 41 additions and 31 deletions
--- a/hack/lib/lint-version.txt
+++ b/hack/lib/lint-version.txt
@@ -1 +1 @@
-2.2.1
+2.3.0
--- a/internal/controller/impersonatorconfig/impersonator_config_test.go
+++ b/internal/controller/impersonatorconfig/impersonator_config_test.go
@@ -544,12 +544,13 @@ func TestImpersonatorConfigControllerSync(t *testing.T) {
 			expectedErrorRegex := "dial tcp .*: connect: connection refused"
 			expectedErrorRegexCompiled, err := regexp.Compile(expectedErrorRegex)
 			r.NoError(err)
+
+			dialer := tls.Dialer{}
 			assert.Eventually(t, func() bool {
-				_, err = tls.Dial(
+				_, err = dialer.DialContext(
+					context.Background(),
 					"tcp",
-					testServerAddr(),
-					&tls.Config{InsecureSkipVerify: true}, //nolint:gosec
-				)
+					testServerAddr())
 				return err != nil && expectedErrorRegexCompiled.MatchString(err.Error())
 			}, 20*time.Second, 50*time.Millisecond)
 			r.Error(err)
--- a/internal/localuserauthenticator/localuserauthenticator.go
+++ b/internal/localuserauthenticator/localuserauthenticator.go
@@ -357,8 +357,8 @@ func run(ctx context.Context) error {
 	startControllers(ctx, dynamicCertProvider, client.Kubernetes, kubeInformers)
 	plog.Debug("controllers are ready")

-	//nolint:gosec // Intentionally binding to all network interfaces.
-	l, err := net.Listen("tcp", ":8443")
+	listenConfig := net.ListenConfig{}
+	l, err := listenConfig.Listen(context.Background(), "tcp", ":8443")
 	if err != nil {
 		return fmt.Errorf("cannot create listener: %w", err)
 	}
--- a/internal/localuserauthenticator/localuserauthenticator_test.go
+++ b/internal/localuserauthenticator/localuserauthenticator_test.go
@@ -97,7 +97,8 @@ func TestWebhook(t *testing.T) {
 	certProvider, caBundle, serverName := newCertProvider(t)
 	w := newWebhook(certProvider, secretInformer)

-	l, err := net.Listen("tcp", "127.0.0.1:0")
+	listenConfig := &net.ListenConfig{}
+	l, err := listenConfig.Listen(t.Context(), "tcp", "127.0.0.1:0")
 	require.NoError(t, err)
 	defer func() { _ = l.Close() }()
 	require.NoError(t, w.start(ctx, l))
--- a/internal/supervisor/server/server.go
+++ b/internal/supervisor/server/server.go
@@ -545,7 +545,8 @@ func runSupervisor(ctx context.Context, podInfo *downward.PodInfo, cfg *supervis
 	if e := cfg.Endpoints.HTTP; e.Network != supervisor.NetworkDisabled {
 		finishSetupPerms := maybeSetupUnixPerms(e, supervisorPod)

-		httpListener, err := net.Listen(e.Network, e.Address)
+		listenConfig := net.ListenConfig{}
+		httpListener, err := listenConfig.Listen(ctx, e.Network, e.Address)
 		if err != nil {
 			return fmt.Errorf("cannot create http listener with network %q and address %q: %w", e.Network, e.Address, err)
 		}
--- a/internal/testutil/tlsserver/tlsserver.go
+++ b/internal/testutil/tlsserver/tlsserver.go
@@ -36,7 +36,8 @@ const (
 func TestServerIPv6(t *testing.T, handler http.Handler, f func(*httptest.Server)) (*httptest.Server, []byte) {
 	t.Helper()

-	listener, err := net.Listen("tcp6", "[::1]:0")
+	listenConfig := net.ListenConfig{}
+	listener, err := listenConfig.Listen(t.Context(), "tcp6", "[::1]:0")
 	require.NoError(t, err, "TLSTestIPv6Server: failed to listen on a port")

 	server := &httptest.Server{
@@ -81,13 +82,14 @@ func TLSTestServerWithCert(t *testing.T, handler http.HandlerFunc, certificate *
 		ReadHeaderTimeout: 10 * time.Second,
 	}

-	l, err := net.Listen("tcp", "127.0.0.1:0")
+	listenConfig := net.ListenConfig{}
+	listener, err := listenConfig.Listen(t.Context(), "tcp", "127.0.0.1:0")
 	require.NoError(t, err)

 	serverShutdownChan := make(chan error)
 	go func() {
 		// Empty certFile and keyFile will use certs from Server.TLSConfig.
-		serverShutdownChan <- server.ServeTLS(l, "", "")
+		serverShutdownChan <- server.ServeTLS(listener, "", "")
 	}()

 	t.Cleanup(func() {
@@ -99,7 +101,7 @@ func TLSTestServerWithCert(t *testing.T, handler http.HandlerFunc, certificate *
 		}
 	})

-	return l.Addr().String()
+	return listener.Addr().String()
 }

 // RecordTLSHello configures the server to record client TLS negotiation info onto each incoming request,
--- a/internal/upstreamldap/upstreamldap_test.go
+++ b/internal/upstreamldap/upstreamldap_test.go
@@ -2384,7 +2384,8 @@ func TestRealTLSDialing(t *testing.T) {
 	require.NoError(t, err)
 	testServerWithBadCertNameAddr := tlsserver.TLSTestServerWithCert(t, func(w http.ResponseWriter, r *http.Request) {}, cert)

-	unusedPortGrabbingListener, err := net.Listen("tcp", "127.0.0.1:0")
+	listenConfig := net.ListenConfig{}
+	unusedPortGrabbingListener, err := listenConfig.Listen(t.Context(), "tcp", "127.0.0.1:0")
 	require.NoError(t, err)
 	recentlyClaimedHostAndPort := unusedPortGrabbingListener.Addr().String()
 	require.NoError(t, unusedPortGrabbingListener.Close())
--- a/test/integration/category_test.go
+++ b/test/integration/category_test.go
@@ -23,7 +23,7 @@ func runTestKubectlCommand(t *testing.T, args ...string) (string, string) {
 	testlib.RequireEventually(t, func(requireEventually *require.Assertions) {
 		stdOut.Reset()
 		stdErr.Reset()
-		cmd := exec.Command("kubectl", args...)
+		cmd := exec.CommandContext(t.Context(), "kubectl", args...)
 		cmd.Stdout = &stdOut
 		cmd.Stderr = &stdErr
 		requireEventually.NoError(cmd.Run())
--- a/test/integration/cli_test.go
+++ b/test/integration/cli_test.go
@@ -110,13 +110,14 @@ type testingT interface {
 	Errorf(format string, args ...any)
 	FailNow()
 	Logf(format string, args ...any)
+	Context() context.Context
 }

 func runPinnipedCLI(t testingT, envVars []string, pinnipedExe string, args ...string) (string, string) {
 	t.Helper()
 	start := time.Now()
 	var stdout, stderr bytes.Buffer
-	cmd := exec.Command(pinnipedExe, args...)
+	cmd := exec.CommandContext(t.Context(), pinnipedExe, args...)
 	cmd.Stdout = &stdout
 	cmd.Stderr = &stderr
 	cmd.Env = envVars
--- a/test/integration/concierge_tls_spec_test.go
+++ b/test/integration/concierge_tls_spec_test.go
@@ -701,8 +701,7 @@ func performKubectlApply(t *testing.T, resourceName string, yamlBytes []byte) (s

 	t.Cleanup(func() {
 		t.Helper()
-		//nolint:gosec // this is test code.
-		require.NoError(t, exec.Command("kubectl", []string{"delete", "--ignore-not-found", "-f", yamlFilepath}...).Run())
+		require.NoError(t, exec.CommandContext(t.Context(), "kubectl", "delete", "--ignore-not-found", "-f", yamlFilepath).Run())
 	})

 	return stdOut.String(), stdErr.String(), err
--- a/test/integration/kube_api_discovery_test.go
+++ b/test/integration/kube_api_discovery_test.go
@@ -729,7 +729,7 @@ func requireKubectlExplainShowsDescriptionForResource(t *testing.T, resourceName
 func runKubectlVersion(t *testing.T) {
 	t.Helper()
 	t.Log("Running: kubectl version")
-	out, err := exec.Command("kubectl", "version").CombinedOutput()
+	out, err := exec.CommandContext(t.Context(), "kubectl", "version").CombinedOutput()
 	require.NoError(t, err)
 	t.Log(string(out))
 }
@@ -737,7 +737,7 @@ func runKubectlVersion(t *testing.T) {
 func runKubectlExplain(t *testing.T, resourceName string, apiVersion string) string {
 	t.Helper()
 	var stdOut, stdErr bytes.Buffer
-	cmd := exec.Command("kubectl", "explain", resourceName, "--api-version", apiVersion, "--output", "plaintext-openapiv2")
+	cmd := exec.CommandContext(t.Context(), "kubectl", "explain", resourceName, "--api-version", apiVersion, "--output", "plaintext-openapiv2")
 	t.Log("Running:", cmd.String())
 	cmd.Stdout = &stdOut
 	cmd.Stderr = &stdErr
--- a/test/integration/ldap_client_test.go
+++ b/test/integration/ldap_client_test.go
@@ -856,7 +856,8 @@ func findRecentlyUnusedLocalhostPorts(t *testing.T, howManyPorts int) []string {
 	listeners := make([]net.Listener, howManyPorts)
 	for i := range howManyPorts {
 		var err error
-		listeners[i], err = net.Listen("tcp", "127.0.0.1:0")
+		listenConfig := net.ListenConfig{}
+		listeners[i], err = listenConfig.Listen(t.Context(), "tcp", "127.0.0.1:0")
 		require.NoError(t, err)
 	}

--- a/test/integration/smoke_test.go
+++ b/test/integration/smoke_test.go
@@ -16,7 +16,7 @@ import (
 // Smoke test to see if the kubeconfig works and the cluster is reachable.
 func TestGetNodes(t *testing.T) {
 	_ = testlib.IntegrationEnv(t)
-	cmd := exec.Command("kubectl", "get", "nodes")
+	cmd := exec.CommandContext(t.Context(), "kubectl", "get", "nodes")
 	cmd.Stdout = os.Stdout
 	cmd.Stderr = os.Stderr
 	err := cmd.Run()
--- a/test/integration/supervisor_discovery_test.go
+++ b/test/integration/supervisor_discovery_test.go
@@ -670,10 +670,6 @@ func requireJWKSEndpointIsWorking(t *testing.T, supervisorScheme, supervisorAddr
 }

 func printServerCert(t *testing.T, address string, dnsOverrides map[string]string) {
-	conf := &tls.Config{
-		InsecureSkipVerify: true, //nolint:gosec // this is for testing purposes
-	}
-
 	addressURL, err := url.Parse(address)
 	require.NoError(t, err)

@@ -691,10 +687,16 @@ func printServerCert(t *testing.T, address string, dnsOverrides map[string]strin
 		host = dnsOverrides[host]
 	}

-	conn, err := tls.Dial("tcp", host, conf)
+	dialer := tls.Dialer{
+		Config: &tls.Config{
+			InsecureSkipVerify: true, //nolint:gosec // this is for testing purposes
+		},
+	}
+	netConn, err := dialer.DialContext(t.Context(), "tcp", host)
+	tlsConn := tls.Client(netConn, dialer.Config)
 	require.NoError(t, err)
-	defer func() { _ = conn.Close() }()
-	certs := conn.ConnectionState().PeerCertificates
+	defer func() { _ = netConn.Close() }()
+	certs := tlsConn.ConnectionState().PeerCertificates
 	for i, cert := range certs {
 		t.Logf("found cert %d of %d for host=%q with dns=%+v and ips=%+v",
 			i+1,
--- a/test/testlib/access.go
+++ b/test/testlib/access.go
@@ -154,7 +154,8 @@ func runKubectlGetNamespaces(t *testing.T, kubeConfigYAML string) (string, error
 	f := writeStringToTempFile(t, "pinniped-generated-kubeconfig-*", kubeConfigYAML)

 	//nolint:gosec // It's okay that we are passing f.Name() to an exec command here. It was created above.
-	output, err := exec.Command(
+	output, err := exec.CommandContext(
+		t.Context(),
 		"kubectl", "get", "namespace", "--kubeconfig", f.Name(),
 	).CombinedOutput()

--- a/test/testlib/cli.go
+++ b/test/testlib/cli.go
@@ -42,7 +42,7 @@ func PinnipedCLIPath(t *testing.T) string {

 	t.Log("building pinniped CLI binary")
 	start := time.Now()
-	output, err := exec.Command("go", "build", "-o", path, "go.pinniped.dev/cmd/pinniped").CombinedOutput()
+	output, err := exec.CommandContext(t.Context(), "go", "build", "-o", path, "go.pinniped.dev/cmd/pinniped").CombinedOutput()
 	require.NoError(t, err, string(output))
 	t.Logf("built CLI binary in %s", time.Since(start).Round(time.Millisecond))
@@ -1 +1 @@
 .2.1
 .3.0