Skip to content

🌱 enable requiredfields linter #5643

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
+101 −43
Open

🌱 enable requiredfields linter #5643

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
44bbc87
enabled commentstart linter and addressed findings
v47 Sep 2, 2025
43a07db
Updated kube-api-linter version to the latest. After update relax con…
v47 Sep 4, 2025
99178e8
use a CEL validation for URLs
v47 Sep 19, 2025
216ebdd
In awsMachinePool tests added a AWSLaunchTemplate data
v47 Sep 23, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 10 additions & 10 deletions .golangci-kal.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,17 +25,17 @@ linters:
#- "nobools" # Bools do not evolve over time, should use enums instead.
#- "nofloats" # Ensure floats are not used.
#- "optionalorrequired" # Every field should be marked as `+optional` or `+required`.
# - "requiredfields" # Required fields should not be pointers, and should not have `omitempty`.
- "requiredfields" # Required fields should not be pointers, and should not have `omitempty`.
- "statussubresource" # All root objects that have a `status` field should have a status subresource.

# Linters below this line are disabled, pending conversation on how and when to enable them.
disable:
- "*" # We will manually enable new linters after understanding the impact. Disable all by default.
lintersConfig:
conditions:
isFirstField: Warn # Require conditions to be the first field in the status struct.
usePatchStrategy: Forbid # Conditions should not use the patch strategy on CRDs.
useProtobuf: Forbid # We don't use protobuf, so protobuf tags are not required.
# conditions:
# isFirstField: Warn # Require conditions to be the first field in the status struct.
# usePatchStrategy: Forbid # Conditions should not use the patch strategy on CRDs.
# useProtobuf: Forbid # We don't use protobuf, so protobuf tags are not required.
# jsonTags:
# jsonTagRegex: "^[a-z][a-z0-9]*(?:[A-Z][a-z0-9]*)*$" # The default regex is appropriate for our use case.
# optionalOrRequired:
Expand All @@ -45,11 +45,11 @@ linters:
# pointerPolicy: Warn | SuggestFix # Defaults to `SuggestFix`. We want our required fields to not be pointers.

exclusions:
generated: strict
paths:
- zz_generated.*\.go$
- ".*_test.go" # Exclude test files.
rules:
generated: strict
paths:
- zz_generated.*\.go$
- ".*_test.go" # Exclude test files.
rules:
# KAL should only run on API folders.
- path-except: "api//*"
linters:
Expand Down
2 changes: 1 addition & 1 deletion api/v1beta1/awsmachine_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ type AWSMachineSpec struct {
// InstanceType is the type of instance to create. Example: m4.xlarge
// +kubebuilder:validation:Required
// +kubebuilder:validation:MinLength:=2
InstanceType string `json:"instanceType"`
InstanceType string `json:"instanceType,omitempty"`

// AdditionalTags is an optional set of tags to add to an instance, in addition to the ones added by default by the
// AWS provider. If both the AWSCluster and the AWSMachine specify the same tag name with different values, the
Expand Down
2 changes: 1 addition & 1 deletion api/v1beta2/awsmachine_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -114,7 +114,7 @@ type AWSMachineSpec struct {
// InstanceType is the type of instance to create. Example: m4.xlarge
// +kubebuilder:validation:Required
// +kubebuilder:validation:MinLength:=2
InstanceType string `json:"instanceType"`
InstanceType string `json:"instanceType,omitempty"`

// AdditionalTags is an optional set of tags to add to an instance, in addition to the ones added by default by the
// AWS provider. If both the AWSCluster and the AWSMachine specify the same tag name with different values, the
Expand Down
10 changes: 10 additions & 0 deletions config/crd/bases/controlplane.cluster.x-k8s.io_awsmanagedcontrolplanes.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -878,6 +878,7 @@ spec:
description: |-
This is also known as audience. The ID for the client application that makes
authentication requests to the OpenID identity provider.
minLength: 1
type: string
groupsClaim:
description: The JWT claim that the provider uses to return your
Expand All @@ -894,6 +895,7 @@ spec:
The name of the OIDC provider configuration.

IdentityProviderConfigName is a required field
minLength: 1
type: string
issuerUrl:
description: |-
Expand All @@ -904,7 +906,10 @@ spec:
not. Typically the URL consists of only a hostname, like https://server.example.org
or https://example.com. This URL should point to the level below .well-known/openid-configuration
and must be publicly accessible over the internet.
minLength: 1
type: string
x-kubernetes-validations:
- rule: isURL(self) && url(self).getScheme() == 'https'
requiredClaims:
additionalProperties:
type: string
Expand Down Expand Up @@ -3050,6 +3055,7 @@ spec:
description: |-
This is also known as audience. The ID for the client application that makes
authentication requests to the OpenID identity provider.
minLength: 1
type: string
groupsClaim:
description: The JWT claim that the provider uses to return your
Expand All @@ -3066,6 +3072,7 @@ spec:
The name of the OIDC provider configuration.

IdentityProviderConfigName is a required field
minLength: 1
type: string
issuerUrl:
description: |-
Expand All @@ -3076,7 +3083,10 @@ spec:
not. Typically the URL consists of only a hostname, like https://server.example.org
or https://example.com. This URL should point to the level below .well-known/openid-configuration
and must be publicly accessible over the internet.
minLength: 1
type: string
x-kubernetes-validations:
- rule: isURL(self) && url(self).getScheme() == 'https'
requiredClaims:
additionalProperties:
type: string
Expand Down
5 changes: 5 additions & 0 deletions config/crd/bases/controlplane.cluster.x-k8s.io_awsmanagedcontrolplanetemplates.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -880,6 +880,7 @@ spec:
description: |-
This is also known as audience. The ID for the client application that makes
authentication requests to the OpenID identity provider.
minLength: 1
type: string
groupsClaim:
description: The JWT claim that the provider uses to return
Expand All @@ -896,6 +897,7 @@ spec:
The name of the OIDC provider configuration.

IdentityProviderConfigName is a required field
minLength: 1
type: string
issuerUrl:
description: |-
Expand All @@ -906,7 +908,10 @@ spec:
not. Typically the URL consists of only a hostname, like https://server.example.org
or https://example.com. This URL should point to the level below .well-known/openid-configuration
and must be publicly accessible over the internet.
minLength: 1
type: string
x-kubernetes-validations:
- rule: isURL(self) && url(self).getScheme() == 'https'
requiredClaims:
additionalProperties:
type: string
Expand Down
6 changes: 6 additions & 0 deletions config/crd/bases/controlplane.cluster.x-k8s.io_rosacontrolplanes.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -285,6 +285,7 @@ spec:
claim:
description: Claim is a JWT token claim to be used in
the mapping
minLength: 1
type: string
prefix:
description: |-
Expand All @@ -310,6 +311,7 @@ spec:
claim:
description: Claim is a JWT token claim to be used in
the mapping
minLength: 1
type: string
prefix:
description: Prefix is prepended to claim to prevent
Expand Down Expand Up @@ -417,6 +419,7 @@ spec:
name:
description: Name is the metadata.name of the referenced
object.
minLength: 1
type: string
required:
- name
Expand All @@ -425,6 +428,7 @@ spec:
description: |-
URL is the serving URL of the token issuer.
Must use the https:// scheme.
minLength: 1
pattern: ^https:\/\/[^\s]
type: string
required:
Expand Down Expand Up @@ -457,6 +461,7 @@ spec:
name:
description: Name is the metadata.name of the referenced
object.
minLength: 1
type: string
required:
- name
Expand All @@ -474,6 +479,7 @@ spec:
client configuration
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
extraScopes:
description: ExtraScopes is an optional set of scopes
Expand Down
2 changes: 2 additions & 0 deletions config/crd/bases/infrastructure.cluster.x-k8s.io_awsmachinepools.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,7 @@ spec:
awsLaunchTemplate:
description: AWSLaunchTemplate specifies the launch template and version
to use when an instance is launched.
minProperties: 1
properties:
additionalSecurityGroups:
description: |-
Expand Down Expand Up @@ -582,6 +583,7 @@ spec:
awsLaunchTemplate:
description: AWSLaunchTemplate specifies the launch template and version
to use when an instance is launched.
minProperties: 1
properties:
additionalSecurityGroups:
description: |-
Expand Down
6 changes: 6 additions & 0 deletions config/crd/bases/infrastructure.cluster.x-k8s.io_awsmanagedmachinepools.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,7 @@ spec:
AWSLaunchTemplate specifies the launch template to use to create the managed node group.
If AWSLaunchTemplate is specified, certain node group configuraions outside of launch template
are prohibited (https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html).
minProperties: 1
properties:
additionalSecurityGroups:
description: |-
Expand Down Expand Up @@ -349,9 +350,11 @@ spec:
type: string
key:
description: Key is the key of the taint
minLength: 1
type: string
value:
description: Value is the value of the taint
minLength: 1
type: string
required:
- effect
Expand Down Expand Up @@ -591,6 +594,7 @@ spec:
AWSLaunchTemplate specifies the launch template to use to create the managed node group.
If AWSLaunchTemplate is specified, certain node group configuraions outside of launch template
are prohibited (https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html).
minProperties: 1
properties:
additionalSecurityGroups:
description: |-
Expand Down Expand Up @@ -1085,9 +1089,11 @@ spec:
type: string
key:
description: Key is the key of the taint
minLength: 1
type: string
value:
description: Value is the value of the taint
minLength: 1
type: string
required:
- effect
Expand Down
2 changes: 2 additions & 0 deletions config/crd/bases/infrastructure.cluster.x-k8s.io_rosamachinepools.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -90,6 +90,7 @@ spec:
type: string
instanceType:
description: InstanceType specifies the AWS instance type
minLength: 1
type: string
labels:
additionalProperties:
Expand Down Expand Up @@ -143,6 +144,7 @@ spec:
type: string
key:
description: The taint key to be applied to a node.
minLength: 1
type: string
value:
description: The taint value corresponding to the taint key.
Expand Down
6 changes: 5 additions & 1 deletion controlplane/eks/api/v1beta1/types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -127,7 +127,7 @@ type Addon struct {
// Name is the name of the addon
// +kubebuilder:validation:MinLength:=2
// +kubebuilder:validation:Required
Name string `json:"name"`
Name string `json:"name,omitempty"`
// Version is the version of the addon to use
Version string `json:"version"`
// Configuration of the EKS addon
Expand Down Expand Up @@ -223,6 +223,7 @@ type OIDCIdentityProviderConfig struct {
// This is also known as audience. The ID for the client application that makes
// authentication requests to the OpenID identity provider.
// +kubebuilder:validation:Required
// +kubebuilder:validation:MinLength=1
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Have you verified that this ratchets?

ClientID string `json:"clientId,omitempty"`

// The JWT claim that the provider uses to return your groups.
Expand All @@ -239,6 +240,7 @@ type OIDCIdentityProviderConfig struct {
//
// IdentityProviderConfigName is a required field
// +kubebuilder:validation:Required
// +kubebuilder:validation:MinLength=1
IdentityProviderConfigName string `json:"identityProviderConfigName,omitempty"`

// The URL of the OpenID identity provider that allows the API server to discover
Expand All @@ -250,6 +252,8 @@ type OIDCIdentityProviderConfig struct {
// and must be publicly accessible over the internet.
//
// +kubebuilder:validation:Required
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:XValidation:rule="isURL(self) && url(self).getScheme() == 'https'"
IssuerURL string `json:"issuerUrl,omitempty"`

// The key value pairs that describe required claims in the identity token.
Expand Down
12 changes: 8 additions & 4 deletions controlplane/eks/api/v1beta2/types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -107,7 +107,7 @@ type KubernetesMapping struct {
// RoleMapping represents a mapping from a IAM role to Kubernetes users and groups.
type RoleMapping struct {
// RoleARN is the AWS ARN for the role to map
// +kubebuilder:validation:MinLength:=31
// +kubebuilder:validation:MinLength=31
RoleARN string `json:"rolearn"`
// KubernetesMapping holds the RBAC details for the mapping
KubernetesMapping `json:",inline"`
Expand All @@ -116,7 +116,7 @@ type RoleMapping struct {
// UserMapping represents a mapping from an IAM user to Kubernetes users and groups.
type UserMapping struct {
// UserARN is the AWS ARN for the user to map
// +kubebuilder:validation:MinLength:=31
// +kubebuilder:validation:MinLength=31
UserARN string `json:"userarn"`
// KubernetesMapping holds the RBAC details for the mapping
KubernetesMapping `json:",inline"`
Expand All @@ -125,9 +125,9 @@ type UserMapping struct {
// Addon represents a EKS addon.
type Addon struct {
// Name is the name of the addon
// +kubebuilder:validation:MinLength:=2
// +kubebuilder:validation:MinLength=2
// +kubebuilder:validation:Required
Name string `json:"name"`
Name string `json:"name,omitempty"`
// Version is the version of the addon to use
Version string `json:"version"`
// Configuration of the EKS addon
Expand Down Expand Up @@ -227,6 +227,7 @@ type OIDCIdentityProviderConfig struct {
// This is also known as audience. The ID for the client application that makes
// authentication requests to the OpenID identity provider.
// +kubebuilder:validation:Required
// +kubebuilder:validation:MinLength=1
ClientID string `json:"clientId,omitempty"`

// The JWT claim that the provider uses to return your groups.
Expand All @@ -243,6 +244,7 @@ type OIDCIdentityProviderConfig struct {
//
// IdentityProviderConfigName is a required field
// +kubebuilder:validation:Required
// +kubebuilder:validation:MinLength=1
IdentityProviderConfigName string `json:"identityProviderConfigName,omitempty"`

// The URL of the OpenID identity provider that allows the API server to discover
Expand All @@ -254,6 +256,8 @@ type OIDCIdentityProviderConfig struct {
// and must be publicly accessible over the internet.
//
// +kubebuilder:validation:Required
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:XValidation:rule="isURL(self) && url(self).getScheme() == 'https'"
IssuerURL string `json:"issuerUrl,omitempty"`

// The key value pairs that describe required claims in the identity token.
Expand Down
Loading