Merge remote-tracking branch 'origin/main' into user/gsiciliano/feat-…

…slb2

.golangci.yml

@@ -0,0 +1,21 @@
+run:
+  timeout: 15m
+  tests: false  # Exclude test files from linting
+
+# Linter options and descriptions: https://golangci-lint.run/usage/linters/
+linters:
+  enable:
+    - errcheck
+    - govet
+    - ineffassign
+    - staticcheck
+  disable:
+    # Disabling these two default linters for now as their checks are not a priority
+    - gosimple
+    - unused
+
+linters-settings:
+  staticcheck:
+    checks:
+      - all
+      - -SA1019 # Ignore pkg deprecation warnings from staticcheck

.pipelines/build.yaml

@@ -63,3 +63,47 @@ jobs:
 
   - publish: $(System.DefaultWorkingDirectory)/manifest
     artifact: manifest
+
+- job: Lint
+  displayName: 'Lint'
+
+  pool:
+    vmImage: 'ubuntu-latest'
+
+  variables:
+  - group: moc-build
+  - name: GO111MODULE
+    value: 'on'
+
+  steps:
+  - task: GoTool@0
+    inputs:
+      version: '1.22.5'
+
+  - task: InstallSSHKey@0
+    inputs:
+      knownHostsEntry: |
+        $(KNOWN_HOST_GITHUB)
+        $(KNOWN_HOST_GITHUB_ECDSA)
+        $(KNOWN_HOST_GITHUB_Ed25519)
+      sshPublicKey: '$(SSH_PUBLIC_KEY)'
+      sshKeySecureFile: 'azure-pipelines-ssh-key-new'
+
+  - task: AzureCLI@2
+    inputs:
+      azureSubscription: 'kva-azuredevops-gcm'
+      scriptType: 'bash'
+      scriptLocation: 'inlineScript'
+      inlineScript: |
+        # Obtain Azure DevOps access token
+        aadToken=$(az account get-access-token --query accessToken --resource 499b84ac-1321-427f-aa17-267ca6975798 -o tsv)
+
+        # Set git configuration for authentication
+        git config --global http.extraheader "AUTHORIZATION: bearer $aadToken"
+        git config --global url."ssh://[email protected]/".insteadOf "https://github.com/"
+    displayName: 'Set git config'
+
+  - script: |
+      make golangci-lint
+    displayName: 'Run GolangCI-Lint'
+    workingDirectory: '$(System.DefaultWorkingDirectory)'

Makefile

@@ -5,6 +5,7 @@ GOBUILD=$(GOCMD) build -v #-mod=vendor
 GOTEST=$(GOCMD) test -v 
 GOHOSTOS=$(strip $(shell $(GOCMD) env get GOHOSTOS))
 MOCKGEN=$(shell command -v mockgen 2> /dev/null)
+GOPATH_BIN := $(shell go env GOPATH)/bin
 
 # Private repo workaround
 export GOPRIVATE = github.com/microsoft
@@ -51,3 +52,7 @@ mocks:
 	go get github.com/golang/[email protected]
 	go generate ./...
 
+golangci-lint:
+	$(GOCMD) install github.com/golangci/golangci-lint/cmd/golangci-lint@latest
+	$(GOPATH_BIN)/golangci-lint run --config .golangci.yml
+

common/roles.go

@@ -35,6 +35,8 @@ const (
 	NIContributorRoleName = "NetworkInterfaceContributor"
 	// Network Security Group Contributor Role - has permissions to run any operation on network security groups
 	NSGContributorRoleName = "NetworkSecurityGroupContributor"
+	// PublicIPAddress Contributor Role - has permissions to run any operation on public IP address
+	PIPContributorRoleName = "PublicIPAddressContributor"
 	// VM Contributor Role - has permissions to run any operation on VMs
 	VMContributorRoleName = "VMContributor"
 	// VM Updater Role - has permissions to update VMs
@@ -99,6 +101,8 @@ const (
 	NIReaderRoleName = "NetworkInterfaceReader"
 	// Network Security Group Reader Role - has permissions to run read operations on network security groups
 	NSGReaderRoleName = "NetworkSecurityGroupReader"
+	// PublicIPAddress Reader Role - has permissions to run read operation on public IP address
+	PIPReaderRoleName = "PublicIPAddressReader"
 	// VM Reader Role - has permissions to run read operations on VMs
 	VMReaderRoleName = "VMReader"
 	// VirtualMachineImage Reader Role - has permissions to run read operations on VirtualMachineImages

go.mod

@@ -1,6 +1,6 @@
 module github.com/microsoft/moc
 
-go 1.22
+go 1.22.4
 
 require (
 	github.com/golang-jwt/jwt v3.2.2+incompatible
@@ -18,11 +18,11 @@ require (
 require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	golang.org/x/net v0.33.0 // indirect
-	golang.org/x/sys v0.28.0 // indirect
+	golang.org/x/net v0.34.0 // indirect
+	golang.org/x/sys v0.29.0 // indirect
 	golang.org/x/text v0.21.0 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20241219192143-6b3ec007d9bb // indirect
-	google.golang.org/protobuf v1.36.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20250106144421-5f5ef82da422 // indirect
+	google.golang.org/protobuf v1.36.2 // indirect
 )
 
 replace (

go.sum

@@ -35,8 +35,8 @@ golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96b
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
-golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
-golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
+golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0=
+golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -64,12 +64,12 @@ golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20241219192143-6b3ec007d9bb h1:3oy2tynMOP1QbTC0MsNNAV+Se8M2Bd0A5+x1QHyw+pI=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20241219192143-6b3ec007d9bb/go.mod h1:lcTa1sDdWEIHMWlITnIczmw5w60CF9ffkb8Z+DVmmjA=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20250106144421-5f5ef82da422 h1:3UsHvIr4Wc2aW4brOaSCmcxh9ksica6fHEr8P1XhkYw=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20250106144421-5f5ef82da422/go.mod h1:3ENsm/5D1mzDyhpzeRi1NR784I0BcofWBoSc5QqqMK4=
 google.golang.org/grpc v1.59.0 h1:Z5Iec2pjwb+LEOqzpB2MR12/eKFhDPhuqW91O+4bwUk=
 google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98=
-google.golang.org/protobuf v1.36.0 h1:mjIs9gYtt56AzC4ZaffQuh88TZurBGhIJMBZGSxNerQ=
-google.golang.org/protobuf v1.36.0/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
+google.golang.org/protobuf v1.36.2 h1:R8FeyR1/eLmkutZOM5CWghmo5itiG9z0ktFlTVLuTmU=
+google.golang.org/protobuf v1.36.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=

pkg/auth/auth_env.go

@@ -81,13 +81,14 @@ func GetWssdConfigLocation() string {
 		// Create the default config path and set the
 		// env variable
 		defaultPath = filepath.Join(wd, DefaultWSSDFolder)
-		os.Setenv(AccessFileDirPath, defaultPath)
+		os.Setenv(AccessFileDirPath, defaultPath) //nolint:golint,errcheck
 	}
 
 	if execName, err := getExecutableName(); err == nil {
 		defaultPath = filepath.Join(defaultPath, execName)
 	}
-	os.MkdirAll(defaultPath, os.ModePerm)
+	// needs to be fixed later since a large number of repos use this
+	os.MkdirAll(defaultPath, os.ModePerm) //nolint:golint,errcheck
 	accessFilePath := filepath.Join(defaultPath, AccessFileDefaultName)
 	return accessFilePath
 }
@@ -108,9 +109,9 @@ func GetMocConfigLocationName(subfolder, filename string) string {
 		// Create the default config path and set the
 		// env variable
 		defaultPath := filepath.Join(wd, DefaultWSSDFolder, subfolder)
-		os.MkdirAll(defaultPath, os.ModePerm)
+		os.MkdirAll(defaultPath, os.ModePerm) //nolint:golint,errcheck
 		wssdConfigPath = filepath.Join(defaultPath, file)
-		os.Setenv(WssdConfigPath, wssdConfigPath)
+		os.Setenv(WssdConfigPath, wssdConfigPath) //nolint:golint,errcheck
 	}
 	return wssdConfigPath
 }
@@ -126,9 +127,9 @@ func getClientTokenLocation() string {
 		// Create the default token path and set the
 		// env variable
 		defaultPath := filepath.Join(wd, DefaultWSSDFolder)
-		os.MkdirAll(defaultPath, os.ModePerm)
+		os.MkdirAll(defaultPath, os.ModePerm) //nolint:golint,errcheck
 		clientTokenPath = filepath.Join(defaultPath, ClientTokenName)
-		os.Setenv(ClientTokenPath, clientTokenPath)
+		os.Setenv(ClientTokenPath, clientTokenPath) //nolint:golint,errcheck
 	}
 	return clientTokenPath
 }

pkg/auth/utils.go

@@ -67,6 +67,9 @@ func GenerateClientCsr(loginconfig LoginConfig) (string, WssdConfig, error) {
 		return "", WssdConfig{}, err
 	}
 	accessFile, err := readAccessFile(GetWssdConfigLocation())
+	if err != nil {
+		return "", WssdConfig{}, err
+	}
 	cloudAgentIpAddress, err := wssdnet.GetIPAddress()
 	if err != nil {
 		return "", WssdConfig{}, err

pkg/certs/certificateAuthority.go

@@ -176,6 +176,9 @@ func (ca *CertificateAuthority) SignRequest(csrPem []byte, oldCertPem []byte, co
 			return nil, errors.Wrapf(errors.InvalidInput, "Old certificate verification failed : %v", err)
 		}
 		oldCert, err = DecodeCertPEM(oldCertPem)
+		if err != nil {
+			return
+		}
 	}
 	err = csr.CheckSignature()
 	if err != nil {
@@ -302,7 +305,9 @@ func (ca *CertificateAuthority) SignRequest(csrPem []byte, oldCertPem []byte, co
 			if ext.Id.Equal(oidOriginalCertificate) {
 				origCertDER = ext.Value
 			} else if ext.Id.Equal(oidRenewCount) {
-				asn1.Unmarshal(ext.Value, &renewCount)
+				if _, err := asn1.Unmarshal(ext.Value, &renewCount); err != nil {
+					return nil, errors.Wrapf(err, "Failed to unmarshall renew count")
+				}
 			}
 		}
 

pkg/config/config.go

@@ -154,7 +154,9 @@ func MarshalOutput(data interface{}, query string, outputType string) ([]byte, e
 	if err != nil {
 		return nil, err
 	}
-	marshal.FromJSONBytes(jsonByte, &queryTarget)
+	if err := marshal.FromJSONBytes(jsonByte, &queryTarget); err != nil {
+		return nil, err
+	}
 	if query != "" {
 		result, err = jmespath.Search(query, queryTarget)
 		if err != nil {

pkg/logging/loggingRedirect.go

@@ -20,7 +20,9 @@ var (
 
 func createLogFile(logFileAbsolutePath string, logFileName string) (*os.File, error) {
 	// Create log path
-	os.MkdirAll(logFileAbsolutePath, os.ModeDir)
+	if err := os.MkdirAll(logFileAbsolutePath, os.ModeDir); err != nil {
+		return nil, err
+	}
 
 	err := path.CheckPath(logFileAbsolutePath)
 	if err != nil {
@@ -40,7 +42,9 @@ func createLogFile(logFileAbsolutePath string, logFileName string) (*os.File, er
 	// If there are contents in the file already, move the file and replace it.
 	if st.Size() > 0 {
 		logFile.Close()
-		os.Rename(path, path+".old")
+		if err := os.Rename(path, path+".old"); err != nil {
+			return nil, err
+		}
 		logFile, err = os.Create(path)
 		if err != nil {
 			return nil, err

pkg/logging/redirectstderr_linux.go

@@ -10,7 +10,6 @@ import (
 
 func RedirectStdErr(file *os.File) {
 	err := syscall.Dup3(int(file.Fd()), int(os.Stderr.Fd()), 0)
-	if err != nil {
+	if err != nil { //nolint:golint,staticcheck
 	}
-	return
 }

pkg/status/status.go

@@ -112,7 +112,11 @@ func SetValidationStatus(s *common.Status, validationState []*common.ValidationS
 }
 
 func GetValidationStatus(s *common.Status) []*common.ValidationState {
-	return s.GetValidationStatus().GetValidationState()
+	validationStatus := s.GetValidationStatus()
+	if validationStatus != nil {
+		return validationStatus.GetValidationState()
+	}
+	return nil
 }
 
 func SetPlacementStatus(s *common.Status, placementState *common.PlacementStatus) {
@@ -136,15 +140,27 @@ func GetStatuses(status *common.Status) map[string]*string {
 	hstate := parseHealth(status.GetHealth())
 	statuses["HealthState"] = &hstate
 
-	estate := status.GetLastError().String()
-	statuses["Error"] = &estate
-	version := status.GetVersion().Number
-	statuses["Version"] = &version
-	dstate := status.GetDownloadStatus().String()
-	statuses["DownloadStatus"] = &dstate
-	placementStatus := status.GetPlacementStatus().String()
-	if placementStatus != "" {
-		statuses["PlacementStatus"] = &placementStatus
+	errorStatus := status.GetLastError()
+	if errorStatus != nil {
+		errorStatusStr := errorStatus.String()
+		statuses["Error"] = &errorStatusStr
+	}
+
+	version := status.GetVersion()
+	if version != nil {
+		statuses["Version"] = &version.Number
+	}
+
+	downloadStatus := status.GetDownloadStatus()
+	if downloadStatus != nil {
+		downloadStatusStr := downloadStatus.String()
+		statuses["DownloadStatus"] = &downloadStatusStr
+	}
+
+	placementStatus := status.GetPlacementStatus()
+	if placementStatus != nil {
+		placementStatusStr := placementStatus.String()
+		statuses["PlacementStatus"] = &placementStatusStr
 	}
 
 	return statuses
@@ -155,27 +171,27 @@ func GetFromStatuses(statuses map[string]*string) (status *common.Status) {
 	status = &common.Status{}
 	if val, ok := statuses["ProvisionState"]; ok {
 		ps := new(common.ProvisionStatus)
-		proto.UnmarshalText(*val, ps)
+		proto.UnmarshalText(*val, ps) //nolint:golint,errcheck
 		status.ProvisioningStatus = ps
 	}
 	if val, ok := statuses["HealthState"]; ok {
 		ps := new(common.Health)
-		proto.UnmarshalText(*val, ps)
+		proto.UnmarshalText(*val, ps) //nolint:golint,errcheck
 		status.Health = ps
 	}
 	if val, ok := statuses["Error"]; ok {
 		ps := new(common.Error)
-		proto.UnmarshalText(*val, ps)
+		proto.UnmarshalText(*val, ps) //nolint:golint,errcheck
 		status.LastError = ps
 	}
 	if val, ok := statuses["DownloadStatus"]; ok {
 		ps := new(common.DownloadStatus)
-		proto.UnmarshalText(*val, ps)
+		proto.UnmarshalText(*val, ps) //nolint:golint,errcheck
 		status.DownloadStatus = ps
 	}
 	if val, ok := statuses["PlacementStatus"]; ok {
 		ps := new(common.PlacementStatus)
-		proto.UnmarshalText(*val, ps)
+		proto.UnmarshalText(*val, ps) //nolint:golint,errcheck
 		status.PlacementStatus = ps
 	}
 

pkg/validations/proxy_validation.go

@@ -18,7 +18,7 @@ func ValidateProxyURL(proxyURL string) (*url.URL, error) {
 	parsedURL, err := url.ParseRequestURI(proxyURL)
 
 	if err != nil {
-		return nil, errors.Wrapf(errors.InvalidInput, err.Error())
+		return nil, errors.Wrapf(errors.InvalidInput, "%s", err.Error())
 	}
 
 	// Check if url scheme is http or https
@@ -54,7 +54,7 @@ func TestProxyUrlConnection(parsedURL *url.URL, certContent string, getRequestUr
 	// Test the HTTP GET request
 	response, err := client.Get(getRequestUrl)
 	if err != nil {
-		return errors.Wrapf(errors.InvalidInput, err.Error())
+		return errors.Wrapf(errors.InvalidInput, "%s", err.Error())
 	} else {
 		defer response.Body.Close()
 		fmt.Println("Connected successfully to the proxy server")

rpc/cloudagent/network/loadbalancer/moc_cloudagent_loadbalancer.proto

@@ -125,4 +125,3 @@ service LoadBalancerAgent {
 	// Prechecks whether the system is able to create specified load balancers (but does not actually create them).
 	rpc Precheck(LoadBalancerPrecheckRequest) returns (LoadBalancerPrecheckResponse) {}
 }
-