enable staticcheck and disable all occurances

.golangci.yaml

@@ -80,9 +80,6 @@ linters:
       - legacy
       - std-error-handling
     rules:
-      - linters:
-        - staticcheck
-        text: 'SA1019:' # Excludes messages where deprecated variables are used
       - linters:
           - gosec
         path: _test\.go

pkg/apis/stackit/validation/cloudprofile.go

@@ -27,6 +27,7 @@ func ValidateCloudProfileConfig(cloudProfile *stackitv1alpha1.CloudProfileConfig
 
 	floatingPoolPath := fldPath.Child("constraints", "floatingPools")
 	combinationFound := sets.NewString()
+	//nolint:staticcheck // SA1019: needed for migration purposes
 	for i, pool := range cloudProfile.Constraints.FloatingPools {
 		idxPath := floatingPoolPath.Index(i)
 		if len(pool.Name) == 0 {
@@ -66,6 +67,7 @@ func ValidateCloudProfileConfig(cloudProfile *stackitv1alpha1.CloudProfileConfig
 		allErrs = append(allErrs, ValidateProviderMachineImage(idxPath, machineImage)...)
 	}
 	allErrs = append(allErrs, validateMachineImageMapping(machineImages, cloudProfile, field.NewPath("spec").Child("machineImages"))...)
+	//nolint:staticcheck // SA1019: needed for migration purposes
 	if ca := cloudProfile.KeyStoneCACert; ca != nil && len(*ca) > 0 {
 		_, err := utils.DecodeCertificate([]byte(*ca))
 		if err != nil {
@@ -74,6 +76,7 @@ func ValidateCloudProfileConfig(cloudProfile *stackitv1alpha1.CloudProfileConfig
 	}
 
 	regionsFound := sets.NewString()
+	//nolint:staticcheck // SA1019: needed for migration purposes
 	for i, val := range cloudProfile.KeyStoneURLs {
 		idxPath := fldPath.Child("keyStoneURLs").Index(i)
 
@@ -104,11 +107,13 @@ func ValidateCloudProfileConfig(cloudProfile *stackitv1alpha1.CloudProfileConfig
 		}
 	}
 
+	//nolint:staticcheck // SA1019: needed for migration purposes
 	if cloudProfile.DHCPDomain != nil && len(*cloudProfile.DHCPDomain) == 0 {
 		allErrs = append(allErrs, field.Required(fldPath.Child("dhcpDomain"), "must provide a dhcp domain when the key is specified"))
 	}
 
 	serverGroupPath := fldPath.Child("serverGroupPolicies")
+	//nolint:staticcheck // SA1019: needed for migration purposes
 	for i, policy := range cloudProfile.ServerGroupPolicies {
 		idxPath := serverGroupPath.Index(i)
 

pkg/apis/stackit/validation/cloudprofile_test.go

@@ -74,6 +74,7 @@ var _ = Describe("CloudProfileConfig validation", func() {
 
 		Context("floating pools constraints", func() {
 			It("should forbid unsupported pools", func() {
+				//nolint:staticcheck // SA1019: needed for migration purposes
 				cloudProfileConfig.Constraints.FloatingPools = []stackitv1alpha1.FloatingPool{
 					{
 						Name:   "",
@@ -97,6 +98,7 @@ var _ = Describe("CloudProfileConfig validation", func() {
 			})
 
 			It("should forbid duplicates regions and domains in pools", func() {
+				//nolint:staticcheck // SA1019: needed for migration purposes
 				cloudProfileConfig.Constraints.FloatingPools = []stackitv1alpha1.FloatingPool{
 					{
 						Name:   "foo",
@@ -149,9 +151,10 @@ var _ = Describe("CloudProfileConfig validation", func() {
 
 		Context("keystone url validation", func() {
 			It("should forbid keystone urls with missing keys", func() {
+				//nolint:staticcheck // SA1019: needed for migration purposes
 				cloudProfileConfig.KeyStoneURL = ""
+				//nolint:staticcheck // SA1019: needed for migration purposes
 				cloudProfileConfig.KeyStoneURLs = []stackitv1alpha1.KeyStoneURL{{}}
-
 				errorList := ValidateCloudProfileConfig(cloudProfileConfig, machineImages, fldPath)
 
 				Expect(errorList).To(ConsistOf(PointTo(MatchFields(IgnoreExtras, Fields{
@@ -164,7 +167,9 @@ var _ = Describe("CloudProfileConfig validation", func() {
 			})
 
 			It("should forbid duplicate regions for keystone urls", func() {
+				//nolint:staticcheck // SA1019: needed for migration purposes
 				cloudProfileConfig.KeyStoneURL = ""
+				//nolint:staticcheck // SA1019: needed for migration purposes
 				cloudProfileConfig.KeyStoneURLs = []stackitv1alpha1.KeyStoneURL{
 					{
 						Region: "foo",
@@ -186,8 +191,8 @@ var _ = Describe("CloudProfileConfig validation", func() {
 		})
 
 		It("should forbid invalid keystone CA Certs", func() {
+			//nolint:staticcheck // SA1019: needed for migration purposes
 			cloudProfileConfig.KeyStoneCACert = ptr.To("foo")
-
 			errorList := ValidateCloudProfileConfig(cloudProfileConfig, machineImages, fldPath)
 			Expect(errorList).To(ConsistOf(PointTo(MatchFields(IgnoreExtras, Fields{
 				"Type":   Equal(field.ErrorTypeInvalid),
@@ -211,8 +216,8 @@ var _ = Describe("CloudProfileConfig validation", func() {
 
 		Context("dhcp domain validation", func() {
 			It("should forbid not specifying a value when the key is present", func() {
+				//nolint:staticcheck // SA1019: needed for migration purposes
 				cloudProfileConfig.DHCPDomain = ptr.To("")
-
 				errorList := ValidateCloudProfileConfig(cloudProfileConfig, machineImages, fldPath)
 
 				Expect(errorList).To(ConsistOf(PointTo(MatchFields(IgnoreExtras, Fields{
@@ -393,6 +398,7 @@ var _ = Describe("CloudProfileConfig validation", func() {
 
 		Context("server group policy validation", func() {
 			It("should forbid empty server group policy", func() {
+				//nolint:staticcheck // SA1019: needed for migration purposes
 				cloudProfileConfig.ServerGroupPolicies = []string{
 					"affinity",
 					"",

pkg/apis/stackit/validation/infrastructure.go

@@ -30,14 +30,18 @@ func ValidateInfrastructureConfig(infra *stackitv1alpha1.InfrastructureConfig, n
 	}
 
 	networksPath := fldPath.Child("networks")
+	//nolint:staticcheck // SA1019: needed for migration purposes
 	if len(infra.Networks.Worker) == 0 && len(infra.Networks.Workers) == 0 {
 		allErrs = append(allErrs, field.Required(networksPath.Child("workers"), "must specify the network range for the worker network"))
 	}
 
 	var workerCIDR cidrvalidation.CIDR
+	//nolint:staticcheck // SA1019: needed for migration purposes
 	if infra.Networks.Worker != "" {
+		//nolint:staticcheck // SA1019: needed for migration purposes
 		workerCIDR = cidrvalidation.NewCIDR(infra.Networks.Worker, networksPath.Child("worker"))
 		allErrs = append(allErrs, cidrvalidation.ValidateCIDRParse(workerCIDR)...)
+		//nolint:staticcheck // SA1019: needed for migration purposes
 		allErrs = append(allErrs, cidrvalidation.ValidateCIDRIsCanonical(networksPath.Child("worker"), infra.Networks.Worker)...)
 	}
 	if infra.Networks.Workers != "" {
@@ -98,6 +102,7 @@ func ValidateInfrastructureConfigAgainstCloudProfile(oldInfra, infra *stackitv1a
 	allErrs := field.ErrorList{}
 
 	if oldInfra == nil || oldInfra.FloatingPoolName != infra.FloatingPoolName {
+		//nolint:staticcheck // SA1019: needed for migration purposes
 		allErrs = append(allErrs, validateFloatingPoolNameConstraints(cloudProfileConfig.Constraints.FloatingPools, infra.FloatingPoolName, fldPath.Child("floatingPoolName")))
 	}
 

pkg/cmd/config.go

@@ -69,9 +69,11 @@ func (c *Config) ApplyETCDStorage(etcdStorage *config.ETCDStorage) {
 
 // ApplyRegistryCaches sets the given Registry Cache configurations.
 func (c *Config) ApplyRegistryCaches(regCaches *[]config.RegistryCacheConfiguration) {
+	//nolint:staticcheck // SA1019: needed for migration purposes
 	if len(c.Config.RegistryCaches) == 0 {
 		return
 	}
+	//nolint:staticcheck // SA1019: needed for migration purposes
 	*regCaches = c.Config.RegistryCaches
 }
 

pkg/controller/controlplane/valuesprovider.go

@@ -641,7 +641,9 @@ func getConfigChartValues(
 		values["applicationCredentialName"] = osCredentials.ApplicationCredentialName
 		values["applicationCredentialSecret"] = osCredentials.ApplicationCredentialSecret
 		values["region"] = cp.Spec.Region
+		//nolint:staticcheck // SA1019: needed for migration purposes
 		values["requestTimeout"] = cloudProfileConfig.RequestTimeout
+		//nolint:staticcheck // SA1019: needed for migration purposes
 		values["ignoreVolumeAZ"] = cloudProfileConfig.IgnoreVolumeAZ != nil && *cloudProfileConfig.IgnoreVolumeAZ
 		// detect internal network.
 		// See https://github.com/kubernetes/cloud-provider-openstack/blob/v1.22.1/docs/openstack-cloud-controller-manager/using-openstack-cloud-controller-manager.md#networking
@@ -1196,7 +1198,8 @@ func (vp *valuesProvider) getControlPlaneShootChartCSIValues(ctx context.Context
 	values := map[string]any{
 		"enabled":                    getCSIDriver(cpConfig) == stackitv1alpha1.OPENSTACK,
 		"rescanBlockStorageOnResize": cloudProfileConfig.RescanBlockStorageOnResize != nil && *cloudProfileConfig.RescanBlockStorageOnResize,
-		"nodeVolumeAttachLimit":      cloudProfileConfig.NodeVolumeAttachLimit,
+		//nolint:staticcheck // SA1019: needed for migration purposes
+		"nodeVolumeAttachLimit": cloudProfileConfig.NodeVolumeAttachLimit,
 	}
 
 	if userAgentHeader != nil {

pkg/controller/infrastructure/openstack/infraflow/context.go

@@ -188,6 +188,7 @@ func (fctx *FlowContext) computeInfrastructureStatus() *stackitv1alpha1.Infrastr
 	status.Networks.Router.ExternalFixedIPs = fctx.state.GetObject(IdentifierEgressCIDRs).([]string)
 	// backwards compatibility change for the deprecated field
 	if len(status.Networks.Router.ExternalFixedIPs) > 0 {
+		//nolint:staticcheck // SA1019: needed for migration purposes
 		status.Networks.Router.IP = status.Networks.Router.ExternalFixedIPs[0]
 	}
 

pkg/controller/infrastructure/openstack/infraflow/reconcile.go

@@ -162,7 +162,8 @@ func (fctx *FlowContext) ensureNewRouter(ctx context.Context, externalNetworkID
 	desired := &access.Router{
 		Name:              fctx.defaultRouterName(),
 		ExternalNetworkID: externalNetworkID,
-		EnableSNAT:        fctx.cloudProfileConfig.UseSNAT,
+		//nolint:staticcheck // SA1019: needed for migration purposes
+		EnableSNAT: fctx.cloudProfileConfig.UseSNAT,
 	}
 	current, err := fctx.findExistingRouter(ctx)
 	if err != nil {
@@ -209,6 +210,7 @@ func (fctx *FlowContext) findFloatingPoolSubnetName() *string {
 	}
 
 	// Second: Check if the CloudProfile contains a default floating subnet and use it.
+	//nolint:staticcheck // SA1019: needed for migration purposes
 	if floatingPool, err := helper.FindFloatingPool(fctx.cloudProfileConfig.Constraints.FloatingPools, fctx.config.FloatingPoolName, fctx.infra.Spec.Region, nil); err == nil && floatingPool.DefaultFloatingSubnet != nil {
 		return floatingPool.DefaultFloatingSubnet
 	}

pkg/controller/infrastructure/openstack/infraflow/utils.go

@@ -59,6 +59,7 @@ func (fctx *FlowContext) defaultSecurityGroupName() string {
 }
 
 func (fctx *FlowContext) workerCIDR() string {
+	//nolint:staticcheck // SA1019: needed for migration purposes
 	s := fctx.config.Networks.Worker
 	if workers := fctx.config.Networks.Workers; workers != "" {
 		s = workers

pkg/controller/infrastructure/stackit/infraflow/context.go

@@ -168,6 +168,7 @@ func (fctx *FlowContext) computeInfrastructureStatus() *stackitv1alpha1.Infrastr
 	status.Networks.Router.ExternalFixedIPs = fctx.state.GetObject(IdentifierEgressCIDRs).([]string)
 	// backwards compatibility change for the deprecated field
 	if len(status.Networks.Router.ExternalFixedIPs) > 0 {
+		//nolint:staticcheck // SA1019: needed for migration purposes
 		status.Networks.Router.IP = status.Networks.Router.ExternalFixedIPs[0]
 	}
 

pkg/controller/infrastructure/stackit/infraflow/utils.go

@@ -9,6 +9,7 @@ import (
 var ErrorMultipleMatches = fmt.Errorf("error multiple matches")
 
 func (fctx *FlowContext) workerCIDR() string {
+	//nolint:staticcheck // SA1019: needed for migration purposes
 	s := fctx.config.Networks.Worker
 	if workers := fctx.config.Networks.Workers; workers != "" {
 		s = workers

pkg/internal/infrastructure/infrastucture.go

@@ -147,6 +147,7 @@ func WorkersCIDR(config *stackitv1alpha1.InfrastructureConfig) string {
 	workersCIDR := config.Networks.Workers
 	// Backwards compatibility - remove this code in a future version.
 	if workersCIDR == "" {
+		//nolint:staticcheck // SA1019: needed for migration purposes
 		workersCIDR = config.Networks.Worker
 	}
 

pkg/webhook/cloudprovider/ensurer.go

@@ -62,14 +62,17 @@ func (e *ensurer) EnsureCloudProviderSecret(
 
 	// If no KeyStone configuration is present at all, skip KeyStone-related fields.
 	// This is valid for STACKIT-only shoots that don't require OpenStack credentials.
+	//nolint:staticcheck // SA1019: needed for migration purposes
 	if len(config.KeyStoneURLs) == 0 && len(config.KeyStoneURL) == 0 {
 		return nil
 	}
 
+	//nolint:staticcheck // SA1019: needed for migration purposes
 	keyStoneURL, err := helper.FindKeyStoneURL(config.KeyStoneURLs, config.KeyStoneURL, cluster.Shoot.Spec.Region)
 	if err != nil {
 		return fmt.Errorf("could not find KeyStoneUrl: %v", err)
 	}
+	//nolint:staticcheck // SA1019: needed for migration purposes
 	keyStoneCABundle := helper.FindKeyStoneCACert(config.KeyStoneURLs, config.KeyStoneCACert, cluster.Shoot.Spec.Region)
 
 	if new.Data == nil {
@@ -82,6 +85,7 @@ func (e *ensurer) EnsureCloudProviderSecret(
 
 	// remove key from user
 	delete(new.Data, types.Insecure)
+	//nolint:staticcheck // SA1019: needed for migration purposes
 	if config.KeyStoneForceInsecure {
 		new.Data[types.Insecure] = []byte("true")
 	}

pkg/webhook/controlplane/ensurer.go

@@ -380,5 +380,6 @@ func getResolveConfOptions(cloudProfileConfig *stackitv1alpha1.CloudProfileConfi
 	if cloudProfileConfig == nil {
 		return nil
 	}
+	//nolint:staticcheck // SA1019: needed for migration purposes
 	return cloudProfileConfig.ResolvConfOptions
 }