Merge pull request #1387 from vmware-tanzu/jtc/bump-to-golang-1.19-se…

…mantics Bump to golang 1.18 semantics
vmware-tanzu · Jan 31, 2023 · 60d12d8 · 60d12d8
2 parents d0784ea + 7704176
commit 60d12d8
Show file tree

Hide file tree

Showing 13 changed files with 33 additions and 92 deletions.
diff --git a/cmd/pinniped-server/main.go b/cmd/pinniped-server/main.go
@@ -12,12 +12,13 @@ import (
 	"os"
 	"path/filepath"
 
+	"k8s.io/apimachinery/pkg/util/sets"
+
 	concierge "go.pinniped.dev/internal/concierge/server"
 	// this side effect import ensures that we use fipsonly crypto in fips_strict mode.
 	_ "go.pinniped.dev/internal/crypto/ptls"
 	lua "go.pinniped.dev/internal/localuserauthenticator"
 	"go.pinniped.dev/internal/plog"
-	"go.pinniped.dev/internal/psets"
 	supervisor "go.pinniped.dev/internal/supervisor/server"
 )
 
@@ -37,7 +38,7 @@ func main() {
 	}
 	binary := filepath.Base(os.Args[0])
 	if subcommands[binary] == nil {
-		fail(fmt.Errorf("must be invoked as one of %v, not %q", psets.StringKeySet(subcommands).List(), binary))
+		fail(fmt.Errorf("must be invoked as one of %v, not %q", sets.StringKeySet(subcommands).List(), binary))
 	}
 	subcommands[binary]()
 }
diff --git a/cmd/pinniped/cmd/kubeconfig.go b/cmd/pinniped/cmd/kubeconfig.go
@@ -720,6 +720,7 @@ func validateKubeconfig(ctx context.Context, flags getKubeconfigParams, kubeconf
 func countCACerts(pemData []byte) int {
 	pool := x509.NewCertPool()
 	pool.AppendCertsFromPEM(pemData)
+	//nolint:staticcheck // since we're not using .Subjects() to access the system pool
 	return len(pool.Subjects())
 }
 

diff --git a/go.mod b/go.mod
@@ -1,6 +1,6 @@
 module go.pinniped.dev
 
-go 1.17
+go 1.18
 
 require (
 	github.com/MakeNowJust/heredoc/v2 v2.0.1
@@ -30,7 +30,6 @@ require (
 	github.com/spf13/pflag v1.0.5
 	github.com/stretchr/testify v1.8.1
 	github.com/tdewolff/minify/v2 v2.12.4
-	go.uber.org/atomic v1.10.0
 	go.uber.org/zap v1.24.0
 	golang.org/x/crypto v0.5.0
 	golang.org/x/net v0.5.0
@@ -139,6 +138,7 @@ require (
 	go.opentelemetry.io/otel/sdk v1.10.0 // indirect
 	go.opentelemetry.io/otel/trace v1.10.0 // indirect
 	go.opentelemetry.io/proto/otlp v0.19.0 // indirect
+	go.uber.org/atomic v1.10.0 // indirect
 	go.uber.org/multierr v1.8.0 // indirect
 	golang.org/x/mod v0.7.0 // indirect
 	golang.org/x/sys v0.4.0 // indirect

diff --git a/hack/module.sh b/hack/module.sh
@@ -9,7 +9,7 @@ ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
 
 function tidy_cmd() {
   local version="$(cat "${ROOT}/go.mod" | grep '^go ' | cut -f 2 -d ' ')"
-  echo "go mod tidy -v -go=${version} -compat=1.17"
+  echo "go mod tidy -v -go=${version} -compat=${version}"
 }
 
 function lint_cmd() {

diff --git a/internal/certauthority/certauthority_test.go b/internal/certauthority/certauthority_test.go
@@ -1,4 +1,4 @@
-// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
+// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
 
 package certauthority
@@ -206,6 +206,7 @@ func TestPool(t *testing.T) {
 	require.NoError(t, err)
 
 	pool := ca.Pool()
+	//nolint:staticcheck // since we're not using .Subjects() to access the system pool
 	require.Len(t, pool.Subjects(), 1)
 }
 

diff --git a/internal/dynamiccert/provider_test.go b/internal/dynamiccert/provider_test.go
@@ -1,4 +1,4 @@
-// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved.
+// Copyright 2021-2023 the Pinniped contributors. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
 
 package dynamiccert
@@ -41,6 +41,7 @@ func TestProviderWithDynamicServingCertificateController(t *testing.T) {
 				cert, err := tls.X509KeyPair(certPEM, keyPEM)
 				require.NoError(t, err)
 
+				//nolint:staticcheck // since we're not using .Subjects() to access the system pool
 				return pool.Subjects(), []tls.Certificate{cert}
 			},
 		},
@@ -69,6 +70,7 @@ func TestProviderWithDynamicServingCertificateController(t *testing.T) {
 
 				certKey.UnsetCertKeyContent()
 
+				//nolint:staticcheck // since we're not using .Subjects() to access the system pool
 				return pool.Subjects(), []tls.Certificate{cert}
 			},
 		},
@@ -87,6 +89,7 @@ func TestProviderWithDynamicServingCertificateController(t *testing.T) {
 				cert, err := tls.X509KeyPair(certPEM, keyPEM)
 				require.NoError(t, err)
 
+				//nolint:staticcheck // since we're not using .Subjects() to access the system pool
 				return newCA.Pool().Subjects(), []tls.Certificate{cert}
 			},
 		},
@@ -110,6 +113,7 @@ func TestProviderWithDynamicServingCertificateController(t *testing.T) {
 				ok := pool.AppendCertsFromPEM(ca.CurrentCABundleContent())
 				require.True(t, ok, "should have valid non-empty CA bundle")
 
+				//nolint:staticcheck // since we're not using .Subjects() to access the system pool
 				return pool.Subjects(), []tls.Certificate{cert}
 			},
 		},
@@ -137,6 +141,7 @@ func TestProviderWithDynamicServingCertificateController(t *testing.T) {
 				err = ca.SetCertKeyContent(newOtherCA.Bundle(), caKey)
 				require.NoError(t, err)
 
+				//nolint:staticcheck // since we're not using .Subjects() to access the system pool
 				return newOtherCA.Pool().Subjects(), []tls.Certificate{cert}
 			},
 		},
@@ -221,6 +226,7 @@ func poolSubjects(pool *x509.CertPool) [][]byte {
 	if pool == nil {
 		return nil
 	}
+	//nolint:staticcheck // since we're not using .Subjects() to access the system pool
 	return pool.Subjects()
 }
 

diff --git a/internal/kubeclient/kubeclient_test.go b/internal/kubeclient/kubeclient_test.go
@@ -949,6 +949,7 @@ func TestUnwrap(t *testing.T) {
 
 	server, restConfig := fakekubeapi.Start(t, nil)
 
+	//nolint:staticcheck // since we're not using .Subjects() to access the system pool
 	serverSubjects := server.Client().Transport.(*http.Transport).TLSClientConfig.RootCAs.Subjects()
 
 	t.Run("regular client", func(t *testing.T) {
@@ -1089,6 +1090,7 @@ func testUnwrap(t *testing.T, client *Client, serverSubjects [][]byte) {
 			require.Equal(t, secureTLSConfig.NextProtos, tlsConfig.NextProtos)
 
 			// x509.CertPool has some embedded functions that make it hard to compare so just look at the subjects
+			//nolint:staticcheck // since we're not using .Subjects() to access the system pool
 			require.Equal(t, serverSubjects, tlsConfig.RootCAs.Subjects())
 		})
 	}

diff --git a/internal/leaderelection/leaderelection.go b/internal/leaderelection/leaderelection.go
@@ -1,14 +1,14 @@
-// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved.
+// Copyright 2021-2023 the Pinniped contributors. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
 
 package leaderelection
 
 import (
 	"context"
 	"fmt"
+	"sync/atomic"
 	"time"
 
-	"go.uber.org/atomic"
 	appsv1 "k8s.io/api/apps/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/kubernetes"
@@ -45,7 +45,7 @@ func New(podInfo *downward.PodInfo, deployment *appsv1.Deployment, opts ...kubec
 		return nil, nil, fmt.Errorf("could not create internal client for leader election: %w", err)
 	}
 
-	isLeader := &isLeaderTracker{tracker: atomic.NewBool(false)}
+	isLeader := &isLeaderTracker{tracker: &atomic.Bool{}}
 
 	identity := podInfo.Name
 	leaseName := deployment.Name

diff --git a/internal/leaderelection/leaderelection_test.go b/internal/leaderelection/leaderelection_test.go
@@ -1,16 +1,16 @@
-// Copyright 2021 the Pinniped contributors. All Rights Reserved.
+// Copyright 2021-2023 the Pinniped contributors. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
 
 package leaderelection
 
 import (
 	"context"
 	"errors"
+	"sync/atomic"
 	"testing"
 	"time"
 
 	"github.com/stretchr/testify/require"
-	"go.uber.org/atomic"
 	coordinationv1 "k8s.io/api/coordination/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	kubefake "k8s.io/client-go/kubernetes/fake"
@@ -63,7 +63,7 @@ func Test_releaseLock_Update(t *testing.T) {
 			t.Parallel()
 
 			internalClient := kubefake.NewSimpleClientset()
-			isLeader := &isLeaderTracker{tracker: atomic.NewBool(false)}
+			isLeader := &isLeaderTracker{tracker: &atomic.Bool{}}
 
 			leaderElectorCtx, cancel := context.WithCancel(context.Background())
 

diff --git a/internal/psets/psets.go b/internal/psets/psets.go
diff --git a/internal/supervisor/server/bootstrap.go b/internal/supervisor/server/bootstrap.go
@@ -1,4 +1,4 @@
-// Copyright 2021 the Pinniped contributors. All Rights Reserved.
+// Copyright 2021-2023 the Pinniped contributors. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
 
 package server
@@ -9,9 +9,9 @@ import (
 	"fmt"
 	"net"
 	"net/http"
+	"sync/atomic"
 	"time"
 
-	"go.uber.org/atomic"
 	"k8s.io/apimachinery/pkg/util/sets"
 
 	"go.pinniped.dev/internal/certauthority"
@@ -23,8 +23,8 @@ type contextKey int
 const bootstrapKey contextKey = iota
 
 func withBootstrapConnCtx(ctx context.Context, _ net.Conn) context.Context {
-	isBootstrap := atomic.NewBool(false) // safe for concurrent access
-	return context.WithValue(ctx, bootstrapKey, isBootstrap)
+	isBootstrap := atomic.Bool{} // safe for concurrent access
+	return context.WithValue(ctx, bootstrapKey, &isBootstrap)
 }
 
 func setIsBootstrapConn(ctx context.Context) {

diff --git a/internal/upstreamoidc/upstreamoidc.go b/internal/upstreamoidc/upstreamoidc.go
@@ -18,12 +18,12 @@ import (
 	"golang.org/x/oauth2"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
+	"k8s.io/apimachinery/pkg/util/sets"
 
 	oidcapi "go.pinniped.dev/generated/latest/apis/supervisor/oidc"
 	"go.pinniped.dev/internal/httputil/httperr"
 	"go.pinniped.dev/internal/oidc/provider"
 	"go.pinniped.dev/internal/plog"
-	"go.pinniped.dev/internal/psets"
 	"go.pinniped.dev/pkg/oidcclient/nonce"
 	"go.pinniped.dev/pkg/oidcclient/oidctypes"
 	"go.pinniped.dev/pkg/oidcclient/pkce"
@@ -421,7 +421,7 @@ func maybeLogClaims(msg, name string, claims map[string]interface{}) {
 	}
 
 	if plog.Enabled(plog.LevelDebug) { // log keys at debug level
-		keys := psets.StringKeySet(claims).List() // note: this is only safe because the compiler asserts that claims is a map[string]<anything>
+		keys := sets.StringKeySet(claims).List() // note: this is only safe because the compiler asserts that claims is a map[string]<anything>
 		plog.Debug(msg, "providerName", name, "keys", keys)
 		return
 	}

diff --git a/test/integration/leaderelection_test.go b/test/integration/leaderelection_test.go
@@ -17,13 +17,13 @@ import (
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/rand"
+	"k8s.io/apimachinery/pkg/util/sets"
 	"k8s.io/client-go/util/retry"
 	"k8s.io/utils/pointer"
 
 	"go.pinniped.dev/internal/downward"
 	"go.pinniped.dev/internal/kubeclient"
 	"go.pinniped.dev/internal/leaderelection"
-	"go.pinniped.dev/internal/psets"
 	"go.pinniped.dev/test/testlib"
 )
 
@@ -175,7 +175,7 @@ func leaderElectionClients(t *testing.T, namespace *corev1.Namespace, leaseName
 		clients[identity], cancels[identity] = leaderElectionClient(t, namespace, leaseName, identity)
 	}
 
-	t.Logf("running leader election client tests with %d clients: %v", len(clients), psets.StringKeySet(clients).List())
+	t.Logf("running leader election client tests with %d clients: %v", len(clients), sets.StringKeySet(clients).List())
 
 	return clients, cancels
 }
@@ -191,7 +191,7 @@ func pickRandomLeaderElectionClient(clients map[string]*kubeclient.Client) *kube
 func waitForIdentity(ctx context.Context, t *testing.T, namespace *corev1.Namespace, leaseName string, clients map[string]*kubeclient.Client) *coordinationv1.Lease {
 	t.Helper()
 
-	identities := psets.StringKeySet(clients)
+	identities := sets.StringKeySet(clients)
 	var out *coordinationv1.Lease
 
 	testlib.RequireEventuallyWithoutError(t, func() (bool, error) {