From b485ce17f7fa2b408d531c31072b7485d6b3873d Mon Sep 17 00:00:00 2001
From: Tom Pantelis <tompantelis@gmail.com>
Date: Tue, 27 Aug 2024 12:54:04 -0400
Subject: [PATCH] Bump shipyard and address golangci-lint v1.60.3 errors

Specifically, gosec "integer overflow conversion" issues.

Signed-off-by: Tom Pantelis <tompantelis@gmail.com>
---
 .golangci.yml                                 |  2 +-
 controllers/submariner/gateway_resources.go   |  8 +++++--
 .../submariner/loadbalancer_resources.go      |  4 ++--
 go.mod                                        |  2 +-
 go.sum                                        |  4 ++--
 pkg/discovery/globalnet/globalnet.go          | 22 +++++++++----------
 6 files changed, 23 insertions(+), 19 deletions(-)

diff --git a/.golangci.yml b/.golangci.yml
index 9a9c3ea2c..9cc46fddb 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -57,6 +57,7 @@ linters:
     - bidichk
     - bodyclose
     - contextcheck
+    - copyloopvar
     # - cyclop # This is equivalent to gocyclo
     # - depguard # depguard now denies by default, it should only be enabled if we actually use it
     - dogsled
@@ -67,7 +68,6 @@ linters:
     - errname
     - exhaustive
     # - exhaustivestruct # Not recommended for general use - meant to be used only for special cases
-    - exportloopref
     # - forbidigo # We don't forbid any statements
     # - forcetypeassert # There are many unchecked type assertions that would be the result of a programming error so the
     #                     reasonable recourse would be to panic anyway if checked so this doesn't seem useful
diff --git a/controllers/submariner/gateway_resources.go b/controllers/submariner/gateway_resources.go
index 0eee58ac6..40ef72ecf 100644
--- a/controllers/submariner/gateway_resources.go
+++ b/controllers/submariner/gateway_resources.go
@@ -169,8 +169,8 @@ func newGatewayPodTemplate(cr *v1alpha1.Submariner, name string, podSelectorLabe
 					Ports: []corev1.ContainerPort{
 						{
 							Name:          encapsPortName,
-							HostPort:      int32(cr.Spec.CeIPSecNATTPort),
-							ContainerPort: int32(cr.Spec.CeIPSecNATTPort),
+							HostPort:      toInt32(cr.Spec.CeIPSecNATTPort),
+							ContainerPort: toInt32(cr.Spec.CeIPSecNATTPort),
 							Protocol:      corev1.ProtocolUDP,
 						},
 						{
@@ -325,3 +325,7 @@ func (r *Reconciler) retrieveGateways(ctx context.Context, owner metav1.Object,
 
 	return foundGateways.Items, nil
 }
+
+func toInt32(from int) int32 {
+	return int32(from) //nolint:gosec // Need to ignore reported integer overflow conversion
+}
diff --git a/controllers/submariner/loadbalancer_resources.go b/controllers/submariner/loadbalancer_resources.go
index ba952684d..c29ca97ef 100644
--- a/controllers/submariner/loadbalancer_resources.go
+++ b/controllers/submariner/loadbalancer_resources.go
@@ -125,8 +125,8 @@ func newLoadBalancerService(instance *v1alpha1.Submariner, platformTypeOCP strin
 			Ports: []corev1.ServicePort{
 				{
 					Name:       encapsPortName,
-					Port:       int32(instance.Spec.CeIPSecNATTPort),
-					TargetPort: intstr.IntOrString{Type: intstr.Int, IntVal: int32(instance.Spec.CeIPSecNATTPort)},
+					Port:       toInt32(instance.Spec.CeIPSecNATTPort),
+					TargetPort: intstr.IntOrString{Type: intstr.Int, IntVal: toInt32(instance.Spec.CeIPSecNATTPort)},
 					Protocol:   corev1.ProtocolUDP,
 				},
 				{
diff --git a/go.mod b/go.mod
index 3d095f268..c585c62a3 100644
--- a/go.mod
+++ b/go.mod
@@ -14,7 +14,7 @@ require (
 	github.com/prometheus-operator/prometheus-operator/pkg/client v0.76.0
 	github.com/prometheus/client_golang v1.19.1
 	github.com/submariner-io/admiral v0.19.0-m2.0.20240820215844-1487e5c4b941
-	github.com/submariner-io/shipyard v0.19.0-m2
+	github.com/submariner-io/shipyard v0.19.0-m2.0.20240827150103-0a3b7a0f1ca0
 	github.com/submariner-io/submariner v0.19.0-m2
 	golang.org/x/net v0.28.0
 	golang.org/x/text v0.17.0
diff --git a/go.sum b/go.sum
index a1770ac0b..619ad6225 100644
--- a/go.sum
+++ b/go.sum
@@ -393,8 +393,8 @@ github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsT
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/submariner-io/admiral v0.19.0-m2.0.20240820215844-1487e5c4b941 h1:E504VAAKuggnzhTGOFr3X5/beHOKLYS3tqJIIffRpbg=
 github.com/submariner-io/admiral v0.19.0-m2.0.20240820215844-1487e5c4b941/go.mod h1:f4xzFML4SRqETWcyZ32iTy8DH0gLUt2+jrYu6VGXL4Q=
-github.com/submariner-io/shipyard v0.19.0-m2 h1:vOVbz4p+391s6H9lO6JL4t+gNoRdhmbESbx2vzmcGQg=
-github.com/submariner-io/shipyard v0.19.0-m2/go.mod h1:91eQ4sF5XgbJxJUrXvY7u33gGGjaz5ofjLYaZyYXEls=
+github.com/submariner-io/shipyard v0.19.0-m2.0.20240827150103-0a3b7a0f1ca0 h1:6Z3RbaML+SZfoW5h5fuDB76ApJASdXm23c6OIIKGyFQ=
+github.com/submariner-io/shipyard v0.19.0-m2.0.20240827150103-0a3b7a0f1ca0/go.mod h1:CZTfxB5frorCIECWNwZ4asC8o2qtJLeFXoXY5UNX2Sg=
 github.com/submariner-io/submariner v0.19.0-m2 h1:qCNV17T55gIYtgDyMGJevrmUlr+nO4YA5GIlnkJTzLg=
 github.com/submariner-io/submariner v0.19.0-m2/go.mod h1:+agj3FglAMfAzOM0d4c/ZTjwBIdvFJjJedMlwJxHboc=
 github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
diff --git a/pkg/discovery/globalnet/globalnet.go b/pkg/discovery/globalnet/globalnet.go
index 9a1e1cb44..a67d5466a 100644
--- a/pkg/discovery/globalnet/globalnet.go
+++ b/pkg/discovery/globalnet/globalnet.go
@@ -56,7 +56,7 @@ type GlobalCIDR struct {
 type CIDR struct {
 	network *net.IPNet
 	size    int
-	lastIP  uint
+	lastIP  uint32
 }
 
 type Config struct {
@@ -99,16 +99,16 @@ func NewCIDR(cidr string) (CIDR, error) {
 	return clusterCidr, nil
 }
 
-func LastIP(network *net.IPNet) uint {
+func LastIP(network *net.IPNet) uint32 {
 	ones, total := network.Mask.Size()
-	clusterSize := uint(total - ones)
+	clusterSize := total - ones
 	firstIPInt := ipToUint(network.IP)
 	lastIPUint := firstIPInt + 1<<clusterSize - 1
 
 	return lastIPUint
 }
 
-func allocateByCidr(cidr string, globalCidr *GlobalCIDR) (uint, error) {
+func allocateByCidr(cidr string, globalCidr *GlobalCIDR) (uint32, error) {
 	requestedIP, requestedNetwork, err := net.ParseCIDR(cidr)
 	if err != nil || !globalCidr.net.Contains(requestedIP) {
 		return 0, fmt.Errorf("%s not a valid subnet of %v", cidr, globalCidr.net)
@@ -197,18 +197,18 @@ func AllocateGlobalCIDR(globalnetInfo *Info) (string, error) {
 	return allocateByClusterSize(globalnetInfo.ClusterSize, globalCidr)
 }
 
-func ipToUint(ip net.IP) uint {
+func ipToUint(ip net.IP) uint32 {
 	intIP := ip
 	if len(ip) == 16 {
 		intIP = ip[12:16]
 	}
 
-	return uint(binary.BigEndian.Uint32(intIP))
+	return binary.BigEndian.Uint32(intIP)
 }
 
-func uintToIP(ip uint) net.IP {
+func uintToIP(ip uint32) net.IP {
 	netIP := make(net.IP, 4)
-	binary.BigEndian.PutUint32(netIP, uint32(ip))
+	binary.BigEndian.PutUint32(netIP, ip)
 
 	return netIP
 }
@@ -222,7 +222,7 @@ func GetValidClusterSize(cidrRange string, clusterSize uint) (uint, error) {
 	ones, totalbits := network.Mask.Size()
 	availableSize := 1 << uint(totalbits-ones)
 	userClusterSize := clusterSize
-	clusterSize = nextPowerOf2(uint32(clusterSize))
+	clusterSize = nextPowerOf2(clusterSize)
 
 	if clusterSize > uint(availableSize/2) {
 		return 0, fmt.Errorf("cluster size %d, should be <= %d", userClusterSize, availableSize/2)
@@ -236,7 +236,7 @@ func GetValidClusterSize(cidrRange string, clusterSize uint) (uint, error) {
 }
 
 // Refer: https://graphics.stanford.edu/~seander/bithacks.html#RoundUpPowerOf2
-func nextPowerOf2(n uint32) uint {
+func nextPowerOf2(n uint) uint {
 	n--
 	n |= n >> 1
 	n |= n >> 2
@@ -245,7 +245,7 @@ func nextPowerOf2(n uint32) uint {
 	n |= n >> 16
 	n++
 
-	return uint(n)
+	return n
 }
 
 func CheckOverlappingCidrs(globalnetInfo *Info, netconfig Config) error {