Hyperfleet-455 - fix: use standard .golangci.yml and fix lint issues

.golangci.yml

@@ -1,5 +1,108 @@
-version: 2
+# HyperFleet Standard golangci-lint Configuration
+# Reference: https://golangci-lint.run/usage/configuration
+#
+# This is the baseline configuration for all HyperFleet Go repositories.
+# Copy this file to your repository root as .golangci.yml
+#
+# golangci-lint should be installed and versioned via bingo in each repository.
+# See linting.md for full documentation of this standard.
+
+version: "2"
+
+run:
+  timeout: 5m
+  tests: true
+  modules-download-mode: readonly
+
+linters-settings:
+  errcheck:
+    check-type-assertions: true
+    check-blank: true
+
+  govet:
+    enable-all: true
+
+  goconst:
+    min-len: 3
+    min-occurrences: 3
+
+  misspell:
+    locale: US
+
+  lll:
+    line-length: 120
+
+  gofmt:
+    simplify: true
+
+  revive:
+    rules:
+      - name: exported
+        severity: warning
+        disabled: true
+      - name: unexported-return
+        severity: warning
+        disabled: false
+      - name: var-naming
+        severity: warning
+        disabled: false
+
+  unused:
+    check-exported: false
+
+  unparam:
+    check-exported: false
+
+  exhaustive:
+    check-generated: false
+    default-signifies-exhaustive: true
+
+linters:
+  enable:
+    # Code Quality
+    - errcheck
+    - govet
+    - staticcheck
+    - ineffassign
+    - unused
+    - unconvert
+    - unparam
+    - goconst
+    - exhaustive
+
+    # Code Style
+    - misspell
+    - lll
+    # - revive
+    - gocritic
+
+    # Security
+    - gosec
+
 issues:
+  # Add repository-specific generated code directories here
   exclude-dirs:
     - pkg/api/openapi  # Generated code
     - data/generated/openapi # Generated file
+
+  exclude-rules:
+    # Relaxed rules for test files
+    - path: _test\.go
+      linters:
+        - gosec
+        - errcheck
+        - unparam
+
+    # Exclude generated code (backup pattern if exclude-dirs doesn't catch all)
+    - path: pkg/api/openapi/
+      linters:
+        - all
+
+  max-issues-per-linter: 0
+  max-same-issues: 0
+  new: false
+
+output:
+  format: colored-line-number
+  print-issued-lines: true
+  print-linter-name: true

cmd/hyperfleet-api/servecmd/cmd.go

@@ -113,7 +113,9 @@ func runServe(cmd *cobra.Command, args []string) {
 	}
 
 	if tp != nil {
-		shutdownCtx, cancel := context.WithTimeout(context.Background(), environments.Environment().Config.Health.ShutdownTimeout)
+		shutdownCtx, cancel := context.WithTimeout(
+			context.Background(), environments.Environment().Config.Health.ShutdownTimeout,
+		)
 		defer cancel()
 		if err := telemetry.Shutdown(shutdownCtx, tp); err != nil {
 			logger.WithError(ctx, err).Error("Failed to shutdown OpenTelemetry")

cmd/hyperfleet-api/server/api_server.go

@@ -93,8 +93,9 @@ func NewAPIServer() Server {
 	mainHandler = removeTrailingSlash(mainHandler)
 
 	s.httpServer = &http.Server{
-		Addr:    env().Config.Server.BindAddress,
-		Handler: mainHandler,
+		Addr:              env().Config.Server.BindAddress,
+		Handler:           mainHandler,
+		ReadHeaderTimeout: 10 * time.Second,
 	}
 
 	return s
@@ -136,7 +137,8 @@ func (s apiServer) Listen() (listener net.Listener, err error) {
 	return net.Listen("tcp", env().Config.Server.BindAddress)
 }
 
-// Start listening on the configured port and start the server. This is a convenience wrapper for Listen() and Serve(listener Listener)
+// Start listening on the configured port and start the server.
+// This is a convenience wrapper for Listen() and Serve(listener Listener)
 func (s apiServer) Start() {
 	ctx := context.Background()
 	listener, err := s.Listen()

cmd/hyperfleet-api/server/health_server.go

@@ -30,8 +30,9 @@ func NewHealthServer() Server {
 		listening:       make(chan struct{}),
 	}
 	s.httpServer = &http.Server{
-		Addr:    env().Config.Health.BindAddress,
-		Handler: mainHandler,
+		Addr:              env().Config.Health.BindAddress,
+		Handler:           mainHandler,
+		ReadHeaderTimeout: 10 * time.Second,
 	}
 	return s
 }

cmd/hyperfleet-api/server/metrics_server.go

@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"net"
 	"net/http"
+	"time"
 
 	"github.com/gorilla/mux"
 
@@ -25,8 +26,9 @@ func NewMetricsServer() Server {
 
 	s := &metricsServer{}
 	s.httpServer = &http.Server{
-		Addr:    env().Config.Metrics.BindAddress,
-		Handler: mainHandler,
+		Addr:              env().Config.Metrics.BindAddress,
+		Handler:           mainHandler,
+		ReadHeaderTimeout: 10 * time.Second,
 	}
 	return s
 }

cmd/hyperfleet-api/server/routes.go

@@ -23,15 +23,25 @@ type ServicesInterface interface {
 	GetService(name string) interface{}
 }
 
-type RouteRegistrationFunc func(apiV1Router *mux.Router, services ServicesInterface, authMiddleware auth.JWTMiddleware, authzMiddleware auth.AuthorizationMiddleware)
+type RouteRegistrationFunc func(
+	apiV1Router *mux.Router,
+	services ServicesInterface,
+	authMiddleware auth.JWTMiddleware,
+	authzMiddleware auth.AuthorizationMiddleware,
+)
 
 var routeRegistry = make(map[string]RouteRegistrationFunc)
 
 func RegisterRoutes(name string, registrationFunc RouteRegistrationFunc) {
 	routeRegistry[name] = registrationFunc
 }
 
-func LoadDiscoveredRoutes(apiV1Router *mux.Router, services ServicesInterface, authMiddleware auth.JWTMiddleware, authzMiddleware auth.AuthorizationMiddleware) {
+func LoadDiscoveredRoutes(
+	apiV1Router *mux.Router,
+	services ServicesInterface,
+	authMiddleware auth.JWTMiddleware,
+	authzMiddleware auth.AuthorizationMiddleware,
+) {
 	for name, registrationFunc := range routeRegistry {
 		registrationFunc(apiV1Router, services, authMiddleware, authzMiddleware)
 		_ = name // prevent unused variable warning

pkg/api/presenters/cluster_test.go

@@ -12,6 +12,10 @@ import (
 	"github.com/openshift-hyperfleet/hyperfleet-api/pkg/util"
 )
 
+const (
+	testConditionReady = "Ready"
+)
+
 // Helper function to create test ClusterCreateRequest
 func createTestClusterRequest() *openapi.ClusterCreateRequest {
 	labels := map[string]string{"env": "test"}
@@ -157,7 +161,7 @@ func TestPresentCluster_Complete(t *testing.T) {
 	RegisterTestingT(t)
 
 	now := time.Now()
-	reason := "Ready"
+	reason := testConditionReady
 	message := "Cluster is ready"
 
 	// Create domain ResourceCondition
@@ -218,7 +222,7 @@ func TestPresentCluster_Complete(t *testing.T) {
 	Expect(len(result.Status.Conditions)).To(Equal(1))
 	Expect(result.Status.Conditions[0].Type).To(Equal("Available"))
 	Expect(result.Status.Conditions[0].Status).To(Equal(openapi.ResourceConditionStatusTrue))
-	Expect(*result.Status.Conditions[0].Reason).To(Equal("Ready"))
+	Expect(*result.Status.Conditions[0].Reason).To(Equal(testConditionReady))
 
 	// Verify timestamps
 	Expect(result.CreatedTime.Unix()).To(Equal(now.Unix()))
@@ -300,7 +304,7 @@ func TestPresentCluster_StatusConditionsConversion(t *testing.T) {
 	// First condition
 	Expect(result.Status.Conditions[0].Type).To(Equal("Available"))
 	Expect(result.Status.Conditions[0].Status).To(Equal(openapi.ResourceConditionStatusTrue))
-	Expect(*result.Status.Conditions[0].Reason).To(Equal("Ready"))
+	Expect(*result.Status.Conditions[0].Reason).To(Equal(testConditionReady))
 	Expect(*result.Status.Conditions[0].Message).To(Equal("All systems operational"))
 
 	// Second condition

pkg/api/presenters/slice_filter.go

@@ -103,7 +103,8 @@ func validate(model interface{}, in map[string]bool, prefix string) *errors.Serv
 		}
 		field := reflectValue.Field(i).Interface()
 		name := strings.Split(tag, ",")[0]
-		if kind == reflect.Struct {
+		switch kind { //nolint:exhaustive // Only Struct and Slice need special handling, rest handled by default
+		case reflect.Struct:
 			if t.Type == reflect.TypeOf(&time.Time{}) {
 				delete(in, name)
 			} else {
@@ -116,12 +117,12 @@ func validate(model interface{}, in map[string]bool, prefix string) *errors.Serv
 					}
 				}
 			}
-		} else if t.Type.Kind() == reflect.Slice {
+		case reflect.Slice:
 			// TODO: We don't support Slices' validation :(
 			in = removeStar(in, name)
 			continue
-			//_ = validate(slice, in, name)
-		} else {
+			// _ = validate(slice, in, name)
+		default:
 			prefixedName := name
 			if prefix != "" {
 				prefixedName = fmt.Sprintf("%s.%s", prefix, name)
@@ -188,7 +189,8 @@ func structToMap(item interface{}, in map[string]bool, prefix string) map[string
 		}
 		field := reflectValue.Field(i).Interface()
 		name := strings.Split(tag, ",")[0]
-		if kind == reflect.Struct {
+		switch kind { //nolint:exhaustive // Only Struct and Slice need special handling, rest handled by default
+		case reflect.Struct:
 			if t.Type == reflect.TypeOf(&time.Time{}) {
 				if _, ok := in[name]; ok {
 					if timePtr, ok := field.(*time.Time); ok && timePtr != nil {
@@ -205,7 +207,7 @@ func structToMap(item interface{}, in map[string]bool, prefix string) map[string
 					res[name] = subStruct
 				}
 			}
-		} else if kind == reflect.Slice {
+		case reflect.Slice:
 			s := reflect.ValueOf(field)
 			if s.Len() > 0 {
 				result := make([]interface{}, 0, s.Len())
@@ -220,7 +222,7 @@ func structToMap(item interface{}, in map[string]bool, prefix string) map[string
 					res[name] = result
 				}
 			}
-		} else {
+		default:
 			prefixedName := name
 			if prefix != "" {
 				prefixedName = fmt.Sprintf("%s.%s", prefix, name)

pkg/auth/auth_middleware.go

@@ -26,7 +26,10 @@ func (a *Middleware) AuthenticateAccountJWT(next http.Handler) http.Handler {
 		ctx := r.Context()
 		payload, err := GetAuthPayload(r)
 		if err != nil {
-			handleError(ctx, w, r, errors.CodeAuthNoCredentials, fmt.Sprintf("Unable to get payload details from JWT token: %s", err))
+			handleError(
+				ctx, w, r, errors.CodeAuthNoCredentials,
+				fmt.Sprintf("Unable to get payload details from JWT token: %s", err),
+			)
 			return
 		}
 

pkg/auth/authz_middleware.go

@@ -46,8 +46,8 @@ func (a authzMiddleware) AuthorizeApi(next http.Handler) http.Handler {
 		if username == "" {
 			_ = fmt.Errorf("authenticated username not present in request context")
 			// TODO
-			//body := api.E500.Format(r, "Authentication details not present in context")
-			//api.SendError(w, r, &body)
+			// body := api.E500.Format(r, "Authentication details not present in context")
+			// api.SendError(w, r, &body)
 			return
 		}
 
@@ -56,8 +56,8 @@ func (a authzMiddleware) AuthorizeApi(next http.Handler) http.Handler {
 		if err != nil {
 			_ = fmt.Errorf("unable to make authorization request: %s", err)
 			// TODO
-			//body := api.E500.Format(r, "Unable to make authorization request")
-			//api.SendError(w, r, &body)
+			// body := api.E500.Format(r, "Unable to make authorization request")
+			// api.SendError(w, r, &body)
 			return
 		}
 
@@ -66,7 +66,7 @@ func (a authzMiddleware) AuthorizeApi(next http.Handler) http.Handler {
 		}
 
 		// TODO
-		//body := api.E403.Format(r, "")
-		//api.SendError(w, r, &body)
+		// body := api.E403.Format(r, "")
+		// api.SendError(w, r, &body)
 	})
 }

pkg/auth/authz_middleware_mock.go

@@ -16,7 +16,8 @@ func NewAuthzMiddlewareMock() AuthorizationMiddleware {
 
 func (a authzMiddlewareMock) AuthorizeApi(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		logger.With(r.Context(), logger.HTTPMethod(r.Method), logger.HTTPPath(r.URL.Path)).Info("Mock authz allows <any>/<any> for method/path")
+		logger.With(r.Context(), logger.HTTPMethod(r.Method), logger.HTTPPath(r.URL.Path)).
+			Info("Mock authz allows <any>/<any> for method/path")
 		next.ServeHTTP(w, r)
 	})
 }

pkg/auth/context.go

@@ -70,12 +70,12 @@ func GetAuthPayloadFromContext(ctx context.Context) (*Payload, error) {
 	// TODO figure out how to unmarshal jwt.mapclaims into the struct to avoid all the
 	// type assertions
 	//
-	//var accountAuth api.AuthPayload
-	//err := json.Unmarshal([]byte(claims), &accountAuth)
-	//if err != nil {
-	//	err := fmt.Errorf("Unable to parse JWT token claims")
-	//	return nil, err
-	//}
+	// var accountAuth api.AuthPayload
+	// err := json.Unmarshal([]byte(claims), &accountAuth)
+	// if err != nil {
+	// 	err := fmt.Errorf("Unable to parse JWT token claims")
+	// 	return nil, err
+	// }
 
 	payload := &Payload{}
 	// default to the values we expect from RHSSO