diff --git a/.ci-operator.yaml b/.ci-operator.yaml index 18e4ec53..0cf77c2c 100644 --- a/.ci-operator.yaml +++ b/.ci-operator.yaml @@ -1,4 +1,4 @@ build_root_image: name: builder namespace: stolostron - tag: go1.19-linux + tag: go1.20-linux diff --git a/Dockerfile b/Dockerfile index a4cb4afb..ae1bcc66 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ # Copyright Contributors to the Open Cluster Management project # Stage 1: Use image builder to build the target binaries -FROM registry.ci.openshift.org/stolostron/builder:go1.19-linux AS builder +FROM registry.ci.openshift.org/stolostron/builder:go1.20-linux AS builder ENV COMPONENT=cert-policy-controller ENV REPO_PATH=/go/src/github.com/stolostron/${COMPONENT} diff --git a/Makefile b/Makefile index 459d6111..670c7407 100644 --- a/Makefile +++ b/Makefile @@ -123,7 +123,7 @@ create-ns: # Lint code .PHONY: lint-dependencies lint-dependencies: - $(call go-get-tool,github.com/golangci/golangci-lint/cmd/golangci-lint@v1.46.2) + $(call go-get-tool,github.com/golangci/golangci-lint/cmd/golangci-lint@v1.52.2) .PHONY: lint lint: lint-dependencies lint-all @@ -206,7 +206,7 @@ kubebuilder-dependencies: $(LOCAL_BIN) .PHONY: gosec gosec: - $(call go-get-tool,github.com/securego/gosec/v2/cmd/gosec@v2.9.6) + $(call go-get-tool,github.com/securego/gosec/v2/cmd/gosec@v2.15.0) .PHONY: gosec-scan gosec-scan: gosec diff --git a/api/v1/certificatepolicy_types.go b/api/v1/certificatepolicy_types.go index c5325641..113c1bf6 100644 --- a/api/v1/certificatepolicy_types.go +++ b/api/v1/certificatepolicy_types.go @@ -89,21 +89,21 @@ type CertificatePolicySpec struct { MinDuration *metav1.Duration `json:"minimumDuration,omitempty"` // Minimum CA duration before a signing certificate expires that it is considered non-compliant. // Golang's time units only. - MinCADuration *metav1.Duration `json:"minimumCADuration,omitempty"` // nolint:tagliatelle + MinCADuration *metav1.Duration `json:"minimumCADuration,omitempty"` //nolint:tagliatelle // Maximum duration for a certificate, longer duration is considered non-compliant. // Golang's time units only. MaxDuration *metav1.Duration `json:"maximumDuration,omitempty"` // Maximum CA duration for a signing certificate, longer duration is considered non-compliant. // Golang's time units only. - MaxCADuration *metav1.Duration `json:"maximumCADuration,omitempty"` // nolint:tagliatelle + MaxCADuration *metav1.Duration `json:"maximumCADuration,omitempty"` //nolint:tagliatelle // A pattern that must match any defined SAN entries in the certificate for the certificate to be compliant. // Golang's regexp syntax only. // +kubebuilder:validation:MinLength=1 - AllowedSANPattern string `json:"allowedSANPattern,omitempty"` // nolint:tagliatelle + AllowedSANPattern string `json:"allowedSANPattern,omitempty"` //nolint:tagliatelle // A pattern that must not match any defined SAN entries in the certificate for the certificate to be compliant. // Golang's regexp syntax only. // +kubebuilder:validation:MinLength=1 - DisallowedSANPattern string `json:"disallowedSANPattern,omitempty"` // nolint:tagliatelle + DisallowedSANPattern string `json:"disallowedSANPattern,omitempty"` //nolint:tagliatelle } // CertificatePolicyStatus defines the observed state of CertificatePolicy diff --git a/controllers/certificatepolicy_controller.go b/controllers/certificatepolicy_controller.go index 76205cae..a3286cbb 100644 --- a/controllers/certificatepolicy_controller.go +++ b/controllers/certificatepolicy_controller.go @@ -137,7 +137,7 @@ func (r *CertificatePolicyReconciler) Reconcile(ctx context.Context, request ctr instance.Status.CompliancyDetails = make(map[string]policyv1.CompliancyDetails) - r.handleAddingPolicy(instance) + r.handleAddingPolicy(ctx, instance) } reqLogger.V(1).Info("Successful processing", "instance.Name", instance.Name, "instance.Namespace", @@ -173,7 +173,9 @@ func ensureDefaultLabel(instance *policyv1.CertificatePolicy) bool { } // PeriodicallyExecCertificatePolicies always check status - let this be the only function in the controller. -func (r *CertificatePolicyReconciler) PeriodicallyExecCertificatePolicies(freq uint, loopflag bool) { +func (r *CertificatePolicyReconciler) PeriodicallyExecCertificatePolicies( + ctx context.Context, freq uint, loopflag bool, +) { log.V(3).Info("Entered PeriodicallyExecCertificatePolicies") var plcToUpdateMap map[string]*policyv1.CertificatePolicy @@ -184,11 +186,11 @@ func (r *CertificatePolicyReconciler) PeriodicallyExecCertificatePolicies(freq u plcToUpdateMap = make(map[string]*policyv1.CertificatePolicy) - stateChange := r.ProcessPolicies(plcToUpdateMap) + stateChange := r.ProcessPolicies(ctx, plcToUpdateMap) if stateChange { // update status of all policies that changed: - faultyPlc, err := r.updatePolicyStatus(plcToUpdateMap) + faultyPlc, err := r.updatePolicyStatus(ctx, plcToUpdateMap) if err != nil { log.Error(err, "Unable to update policy status", "Name", faultyPlc.Name, "Namespace", faultyPlc.Namespace) @@ -211,7 +213,9 @@ func (r *CertificatePolicyReconciler) PeriodicallyExecCertificatePolicies(freq u } // ProcessPolicies reads each policy and looks for violations returning true if a change is found. -func (r *CertificatePolicyReconciler) ProcessPolicies(plcToUpdateMap map[string]*policyv1.CertificatePolicy) bool { +func (r *CertificatePolicyReconciler) ProcessPolicies( + ctx context.Context, plcToUpdateMap map[string]*policyv1.CertificatePolicy, +) bool { stateChange := false plcMap := make(map[string]*policyv1.CertificatePolicy) @@ -222,7 +226,7 @@ func (r *CertificatePolicyReconciler) ProcessPolicies(plcToUpdateMap map[string] // update available policies if there are changed namespaces for _, plc := range plcMap { // Retrieve the namespaces based on filters in NamespaceSelector - selectedNamespaces := r.retrieveNamespaces(plc.Spec.NamespaceSelector) + selectedNamespaces := r.retrieveNamespaces(ctx, plc.Spec.NamespaceSelector) // add availablePolicy if not present for _, ns := range selectedNamespaces { @@ -261,7 +265,7 @@ func (r *CertificatePolicyReconciler) ProcessPolicies(plcToUpdateMap map[string] log.V(2).Info("Checking certificates", "namespace", namespace, "policy.Name", policy.Name) - update, nonCompliant, list := r.checkSecrets(policy, namespace) + update, nonCompliant, list := r.checkSecrets(ctx, policy, namespace) if strings.EqualFold(string(policy.Spec.RemediationAction), string(policyv1.Enforce)) { log.V(1).Info("Enforce is set, but not implemented on this controller") @@ -337,7 +341,7 @@ func toLabelSet(v map[string]policyv1.NonEmptyString) labels.Set { // Checks each namespace for certificates that are going to expire within 3 months // Returns whether a state change is happening, the number of uncompliant certificates // and a list of the uncompliant certificates. -func (r *CertificatePolicyReconciler) checkSecrets(policy *policyv1.CertificatePolicy, +func (r *CertificatePolicyReconciler) checkSecrets(ctx context.Context, policy *policyv1.CertificatePolicy, namespace string, ) (bool, uint, map[string]policyv1.Cert) { slog := log.WithValues("policy.Namespace", policy.Namespace, "policy.Name", policy.Name) @@ -352,7 +356,7 @@ func (r *CertificatePolicyReconciler) checkSecrets(policy *policyv1.CertificateP // GOAL: Want the label selector to find secrets with certificates only!! -> is-certificate // Loops through all the secrets within the CertificatePolicy's specified namespace labelSelector := toLabelSet(policy.Spec.LabelSelector) - secretList, _ := r.TargetK8sClient.CoreV1().Secrets(namespace).List(context.TODO(), + secretList, _ := r.TargetK8sClient.CoreV1().Secrets(namespace).List(ctx, metav1.ListOptions{LabelSelector: labelSelector.String()}) for _, secretItem := range secretList.Items { @@ -381,14 +385,14 @@ func (r *CertificatePolicyReconciler) checkSecrets(policy *policyv1.CertificateP return update, uint(len(nonCompliantCertificates)), nonCompliantCertificates } -func (r *CertificatePolicyReconciler) retrieveNamespaces(selector policyv1.Target) []string { +func (r *CertificatePolicyReconciler) retrieveNamespaces(ctx context.Context, selector policyv1.Target) []string { var selectedNamespaces []string // If MatchLabels/MatchExpressions/Include were not provided, return no namespaces if selector.MatchLabels == nil && selector.MatchExpressions == nil && len(selector.Include) == 0 { log.Info("NamespaceSelector is empty. Skipping namespace retrieval.") } else { var err error - selectedNamespaces, err = common.GetSelectedNamespaces(r.TargetK8sClient, selector) + selectedNamespaces, err = common.GetSelectedNamespaces(ctx, r.TargetK8sClient, selector) if err != nil { log.Error( err, "Error filtering namespaces with provided NamespaceSelector", @@ -745,7 +749,8 @@ func checkComplianceChangeBasedOnDetails(plc *policyv1.CertificatePolicy) (compl return reflect.DeepEqual(previous, plc.Status.ComplianceState) } -func (r *CertificatePolicyReconciler) updatePolicyStatus(policies map[string]*policyv1.CertificatePolicy, +func (r *CertificatePolicyReconciler) updatePolicyStatus( + ctx context.Context, policies map[string]*policyv1.CertificatePolicy, ) (*policyv1.CertificatePolicy, error) { log.V(3).Info("Entered updatePolicyStatus") @@ -769,7 +774,7 @@ func (r *CertificatePolicyReconciler) updatePolicyStatus(policies map[string]*po } } - err := r.Status().Update(context.TODO(), instance) + err := r.Status().Update(ctx, instance) if err != nil { return instance, err } @@ -800,7 +805,7 @@ func handleRemovingPolicy(name string) { } } -func (r *CertificatePolicyReconciler) handleAddingPolicy(plc *policyv1.CertificatePolicy) { +func (r *CertificatePolicyReconciler) handleAddingPolicy(ctx context.Context, plc *policyv1.CertificatePolicy) { log.V(3).Info("Entered handleAddingPolicy") // clean up that policy from the availablePolicies list, in case the modification is in the @@ -816,7 +821,7 @@ func (r *CertificatePolicyReconciler) handleAddingPolicy(plc *policyv1.Certifica addFlag := false // Retrieve the namespaces based on filters in NamespaceSelector - selectedNamespaces := r.retrieveNamespaces(plc.Spec.NamespaceSelector) + selectedNamespaces := r.retrieveNamespaces(ctx, plc.Spec.NamespaceSelector) for _, ns := range selectedNamespaces { key := fmt.Sprintf("%s/%s", ns, plc.Name) diff --git a/controllers/certificatepolicy_controller_test.go b/controllers/certificatepolicy_controller_test.go index 4064ba5f..7a6696b1 100644 --- a/controllers/certificatepolicy_controller_test.go +++ b/controllers/certificatepolicy_controller_test.go @@ -174,8 +174,8 @@ func TestPeriodicallyExecCertificatePolicies(t *testing.T) { certPolicy.Name = fmt.Sprintf("%s-%d", certPolicy.Name, i) certPolicy.Spec.NamespaceSelector.Include = []policiesv1.NonEmptyString{test.namespaceSelector} - r.handleAddingPolicy(certPolicy) - r.PeriodicallyExecCertificatePolicies(1, false) + r.handleAddingPolicy(context.TODO(), certPolicy) + r.PeriodicallyExecCertificatePolicies(context.TODO(), 1, false) policy, found := availablePolicies.GetObject(test.cacheNamespace + "/" + certPolicy.Name) assert.True(t, found) @@ -192,7 +192,7 @@ func TestPeriodicallyExecCertificatePolicies(t *testing.T) { } } -func TestCheckComplianceBasedOnDetails(t *testing.T) { +func TestCheckComplianceBasedOnDetails(_ *testing.T) { certPolicy := policiesv1.CertificatePolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "foo", @@ -298,14 +298,14 @@ func TestHandleAddingPolicy(t *testing.T) { } certPolicy.Spec.NamespaceSelector.Include = []policiesv1.NonEmptyString{"default"} - r.handleAddingPolicy(certPolicy) + r.handleAddingPolicy(context.TODO(), certPolicy) policy, found := availablePolicies.GetObject(certPolicy.Namespace + "/" + certPolicy.Name) assert.True(t, found) assert.NotNil(t, policy) handleRemovingPolicy(certPolicy.Name) } -func TestPrintMap(t *testing.T) { +func TestPrintMap(_ *testing.T) { certPolicy := policiesv1.CertificatePolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "foo", @@ -491,10 +491,10 @@ func TestProcessPolicies(t *testing.T) { }, } r := &CertificatePolicyReconciler{Client: nil, Scheme: nil, Recorder: nil, TargetK8sClient: nil} - r.handleAddingPolicy(instance) + r.handleAddingPolicy(context.TODO(), instance) plcToUpdateMap := make(map[string]*policiesv1.CertificatePolicy) - value := r.ProcessPolicies(plcToUpdateMap) + value := r.ProcessPolicies(context.TODO(), plcToUpdateMap) assert.True(t, value) _, found := availablePolicies.GetObject("/" + instance.Name) @@ -587,7 +587,7 @@ uFPO5+jBaPT3/G0z1dDrZZDOxhTSkFuyLTXnaEhIbZQW0Mniq1m5nswOAgfompmA target := []policiesv1.NonEmptyString{"default"} instance.Spec.NamespaceSelector.Include = target - r.handleAddingPolicy(instance) + r.handleAddingPolicy(context.TODO(), instance) policy, found := availablePolicies.GetObject(instance.Namespace + "/" + instance.Name) assert.True(t, found) @@ -605,7 +605,7 @@ uFPO5+jBaPT3/G0z1dDrZZDOxhTSkFuyLTXnaEhIbZQW0Mniq1m5nswOAgfompmA assert.Nil(t, err) assert.NotNil(t, cert) - update, nonCompliant, list := r.checkSecrets(instance, "default") + update, nonCompliant, list := r.checkSecrets(context.TODO(), instance, "default") assert.Nil(t, err) assert.Equal(t, uint(1), nonCompliant) @@ -664,7 +664,7 @@ xUSmOkQ0VchHrQY4a3z4yzgWIdDe34DhonLA1njXcd66kzY5cD1EykmLcIPFLqCx target = []policiesv1.NonEmptyString{"default"} instance.Spec.NamespaceSelector.Include = target - r.handleAddingPolicy(instance) + r.handleAddingPolicy(context.TODO(), instance) policy, found = availablePolicies.GetObject(instance.Namespace + "/" + instance.Name) assert.True(t, found) @@ -678,7 +678,7 @@ xUSmOkQ0VchHrQY4a3z4yzgWIdDe34DhonLA1njXcd66kzY5cD1EykmLcIPFLqCx ) assert.Equal(t, 2, len(secretList.Items)) - update, nonCompliant, list = r.checkSecrets(instance, "default") + update, nonCompliant, list = r.checkSecrets(context.TODO(), instance, "default") assert.Nil(t, err) assert.Equal(t, uint(2), nonCompliant) @@ -802,7 +802,7 @@ uFPO5+jBaPT3/G0z1dDrZZDOxhTSkFuyLTXnaEhIbZQW0Mniq1m5nswOAgfompmA target := []policiesv1.NonEmptyString{"def*"} instance.Spec.NamespaceSelector.Include = target - r.handleAddingPolicy(instance) + r.handleAddingPolicy(context.TODO(), instance) policy, found := availablePolicies.GetObject(instance.Namespace + "/" + instance.Name) assert.True(t, found) @@ -810,7 +810,7 @@ uFPO5+jBaPT3/G0z1dDrZZDOxhTSkFuyLTXnaEhIbZQW0Mniq1m5nswOAgfompmA plcToUpdateMap := make(map[string]*policiesv1.CertificatePolicy) - stateChange := r.ProcessPolicies(plcToUpdateMap) + stateChange := r.ProcessPolicies(context.TODO(), plcToUpdateMap) assert.True(t, stateChange) message := convertPolicyStatusToString(instance, DefaultDuration) diff --git a/controllers/certificatepolicy_utils.go b/controllers/certificatepolicy_utils.go index 4b5462de..57604826 100644 --- a/controllers/certificatepolicy_utils.go +++ b/controllers/certificatepolicy_utils.go @@ -34,7 +34,7 @@ func convertPolicyStatusToString(plc *policyv1.CertificatePolicy, defaultDuratio } // Message format: - // NonCompliant; x certificates expire in less than 300h: namespace:secretname, namespace:secretname, ... + // NonCompliant; x certificates expire in less than 300h: namespace:secretname1, namespace:secretname2, ... expireCount := 0 expireCACount := 0 durationCount := 0 diff --git a/controllers/suite_test.go b/controllers/suite_test.go index 6afbd81a..9f132de2 100644 --- a/controllers/suite_test.go +++ b/controllers/suite_test.go @@ -16,7 +16,7 @@ limitations under the License. package controllers -// nolint:gci +//nolint:gci import ( "path/filepath" "testing" @@ -31,7 +31,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/log/zap" policyv1 "open-cluster-management.io/cert-policy-controller/api/v1" - //+kubebuilder:scaffold:imports ) // These tests use Ginkgo (BDD-style Go testing framework). Refer to diff --git a/go.mod b/go.mod index 858e32ac..96a000e6 100644 --- a/go.mod +++ b/go.mod @@ -1,9 +1,8 @@ module open-cluster-management.io/cert-policy-controller -go 1.19 +go 1.20 require ( - github.com/ghodss/yaml v1.0.1-0.20190212211648-25d852aebe32 github.com/go-logr/zapr v1.2.3 github.com/onsi/ginkgo/v2 v2.1.4 github.com/onsi/gomega v1.19.0 diff --git a/go.sum b/go.sum index 34b2fa6f..4dd37c74 100644 --- a/go.sum +++ b/go.sum @@ -163,8 +163,6 @@ github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5 github.com/getkin/kin-openapi v0.76.0/go.mod h1:660oXbgy5JFMKreazJaQTw7o+X00qeSyhcnluiMv+Xg= github.com/getsentry/raven-go v0.2.0/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49PX4NzFV5kcQ= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= -github.com/ghodss/yaml v1.0.1-0.20190212211648-25d852aebe32 h1:Mn26/9ZMNWSw9C9ERFA1PUxfmGpolnw2v0bKOREu5ew= -github.com/ghodss/yaml v1.0.1-0.20190212211648-25d852aebe32/go.mod h1:GIjDIg/heH5DOkXY3YJ/wNhfHsQHoXGjl8G8amsYQ1I= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= diff --git a/main.go b/main.go index 0fe7e246..a5bb5787 100644 --- a/main.go +++ b/main.go @@ -3,7 +3,7 @@ package main -// nolint:gci +//nolint:gci import ( "context" "errors" @@ -56,7 +56,7 @@ func printVersion() { "GOOS", runtime.GOOS, "GOARCH", runtime.GOARCH) } -// nolint:wsl +//nolint:wsl func init() { utilruntime.Must(clientgoscheme.AddToScheme(scheme)) utilruntime.Must(extpolicyv1.AddToScheme(scheme)) @@ -292,7 +292,7 @@ func main() { _ = r.Initialize(namespace, eventOnParent, time.Duration(0)) /* #nosec G104 */ // PeriodicallyExecCertificatePolicies is the go-routine that periodically checks the policies and // does the needed work to make sure the desired state is achieved - go r.PeriodicallyExecCertificatePolicies(frequency, true) + go r.PeriodicallyExecCertificatePolicies(context.TODO(), frequency, true) if enableLease { startLeaseController(generatedClient, hubConfigPath, clusterName) diff --git a/pkg/common/namespace_selection.go b/pkg/common/namespace_selection.go index 4ad58032..e14042e5 100644 --- a/pkg/common/namespace_selection.go +++ b/pkg/common/namespace_selection.go @@ -21,7 +21,9 @@ import ( var log = ctrl.Log // GetSelectedNamespaces returns the list of filtered namespaces according to the policy namespace selector. -func GetSelectedNamespaces(client kubernetes.Interface, selector policyv1.Target) ([]string, error) { +func GetSelectedNamespaces( + ctx context.Context, client kubernetes.Interface, selector policyv1.Target, +) ([]string, error) { // Build LabelSelector from provided MatchLabels and MatchExpressions var labelSelector metav1.LabelSelector // Handle when MatchLabels/MatchExpressions were not provided to prevent nil pointer dereference. @@ -44,7 +46,7 @@ func GetSelectedNamespaces(client kubernetes.Interface, selector policyv1.Target } // get all namespaces matching selector - allNamespaces, err := GetAllNamespaces(client, labelSelector) + allNamespaces, err := GetAllNamespaces(ctx, client, labelSelector) if err != nil { log.Error(err, "error retrieving namespaces") @@ -71,7 +73,9 @@ func GetSelectedNamespaces(client kubernetes.Interface, selector policyv1.Target } // GetAllNamespaces gets the list of all namespaces from k8s. -func GetAllNamespaces(client kubernetes.Interface, labelSelector metav1.LabelSelector) ([]string, error) { +func GetAllNamespaces( + ctx context.Context, client kubernetes.Interface, labelSelector metav1.LabelSelector, +) ([]string, error) { parsedSelector, err := metav1.LabelSelectorAsSelector(&labelSelector) if err != nil { return nil, fmt.Errorf("error parsing namespace LabelSelector: %w", err) @@ -83,7 +87,7 @@ func GetAllNamespaces(client kubernetes.Interface, labelSelector metav1.LabelSel log.V(2).Info("Retrieving namespaces with LabelSelector", "LabelSelector", parsedSelector.String()) - nsList, err := client.CoreV1().Namespaces().List(context.TODO(), listOpt) + nsList, err := client.CoreV1().Namespaces().List(ctx, listOpt) if err != nil { log.Error(err, "could not list namespaces from the API server") diff --git a/pkg/common/namespace_selection_test.go b/pkg/common/namespace_selection_test.go index fc26e912..e5421840 100644 --- a/pkg/common/namespace_selection_test.go +++ b/pkg/common/namespace_selection_test.go @@ -189,7 +189,7 @@ func TestGetSelectedNamespaces(t *testing.T) { t.Run( name, func(t *testing.T) { - actual, err := GetSelectedNamespaces(simpleClient, test.selector) + actual, err := GetSelectedNamespaces(context.TODO(), simpleClient, test.selector) if err != nil { if test.errMsg == "" { t.Fatalf("Encountered unexpected error: %v", err) @@ -340,7 +340,7 @@ func TestGetAllNamespaces(t *testing.T) { t.Run( name, func(t *testing.T) { - actual, err := GetAllNamespaces(simpleClient, test.labelSelector) + actual, err := GetAllNamespaces(context.TODO(), simpleClient, test.labelSelector) if err != nil { if test.errMsg == "" { t.Fatalf("Encountered unexpected error: %v", err) diff --git a/test/e2e/case1_expiration_test.go b/test/e2e/case1_expiration_test.go index eb37eb15..4e59a1ef 100644 --- a/test/e2e/case1_expiration_test.go +++ b/test/e2e/case1_expiration_test.go @@ -36,10 +36,10 @@ var _ = Describe("Test hosted certificate policy expiration", Ordered, Label("ho Expect(altKubeconfigPath).ToNot(Equal("")) targetK8sConfig, err := clientcmd.BuildConfigFromFlags("", altKubeconfigPath) - Expect(err).To(BeNil()) + Expect(err).ToNot(HaveOccurred()) targetK8sClient, err = kubernetes.NewForConfig(targetK8sConfig) - Expect(err).To(BeNil()) + Expect(err).ToNot(HaveOccurred()) }) AfterAll(func() { @@ -47,7 +47,7 @@ var _ = Describe("Test hosted certificate policy expiration", Ordered, Label("ho err := targetK8sClient.CoreV1().Secrets("default").Delete(context.TODO(), case1SecretName, metav1.DeleteOptions{}) if !errors.IsNotFound(err) { - Expect(err).To(BeNil()) + Expect(err).ToNot(HaveOccurred()) } })