Merge pull request #27473 from lsm5/deprecation-notice-update

golangci-lint bump and deprecation cleanups

Makefile

@@ -71,7 +71,7 @@ BUILDTAGS += ${EXTRA_BUILDTAGS}
 # N/B: This value is managed by Renovate, manual changes are
 # possible, as long as they don't disturb the formatting
 # (i.e. DO NOT ADD A 'v' prefix!)
-GOLANGCI_LINT_VERSION := 2.5.0
+GOLANGCI_LINT_VERSION := 2.6.0
 PYTHON ?= $(shell command -v python3 python|head -n1)
 PKG_MANAGER ?= $(shell command -v dnf yum|head -n1)
 # ~/.local/bin is not in PATH on all systems

libpod/container_config.go

@@ -250,16 +250,6 @@ type ContainerNetworkConfig struct {
 	// network namespace for the container.
 	// This cannot be set if NetNsCtr is also set.
 	CreateNetNS bool `json:"createNetNS"`
-	// StaticIP is a static IP to request for the container.
-	// This cannot be set unless CreateNetNS is set.
-	// If not set, the container will be dynamically assigned an IP by CNI.
-	// Deprecated: Do no use this anymore, this is only for DB backwards compat.
-	StaticIP net.IP `json:"staticIP,omitempty"`
-	// StaticMAC is a static MAC to request for the container.
-	// This cannot be set unless CreateNetNS is set.
-	// If not set, the container will be dynamically assigned a MAC by CNI.
-	// Deprecated: Do no use this anymore, this is only for DB backwards compat.
-	StaticMAC types.HardwareAddr `json:"staticMAC,omitempty"`
 	// PortMappings are the ports forwarded to the container's network
 	// namespace
 	// These are not used unless CreateNetNS is true
@@ -314,6 +304,7 @@ type ContainerNetworkConfig struct {
 	// Please note that these can be altered at runtime. The actual list is
 	// stored in the DB and should be retrieved from there; this is only the
 	// set of networks the container was *created* with.
+	//
 	// Deprecated: Do no use this anymore, this is only for DB backwards compat.
 	// Also note that we need to keep the old json tag to decode from DB correctly
 	NetworksDeprecated []string `json:"networks,omitempty"`

libpod/container_internal.go

@@ -50,6 +50,7 @@ import (
 	cutil "go.podman.io/common/pkg/util"
 	"go.podman.io/storage"
 	"go.podman.io/storage/pkg/chrootarchive"
+	"go.podman.io/storage/pkg/directory"
 	"go.podman.io/storage/pkg/fileutils"
 	"go.podman.io/storage/pkg/idmap"
 	"go.podman.io/storage/pkg/idtools"
@@ -100,8 +101,8 @@ func (c *Container) rootFsSize() (int64, error) {
 // for a given container.
 func (c *Container) rwSize() (int64, error) {
 	if c.config.Rootfs != "" {
-		size, err := util.SizeOfPath(c.config.Rootfs)
-		return int64(size), err
+		size, err := directory.Size(c.config.Rootfs)
+		return size, err
 	}
 
 	layerSize, err := c.runtime.store.ContainerSize(c.ID())

libpod/container_validate.go

@@ -80,16 +80,6 @@ func (c *Container) validate() error {
 		}
 	}
 
-	// Can only set static IP or MAC is creating a network namespace.
-	if !c.config.CreateNetNS && (c.config.StaticIP != nil || c.config.StaticMAC != nil) {
-		return fmt.Errorf("cannot set static IP or MAC address if not creating a network namespace: %w", define.ErrInvalidArg)
-	}
-
-	// Cannot set static IP or MAC if joining >1 network.
-	if len(c.config.Networks) > 1 && (c.config.StaticIP != nil || c.config.StaticMAC != nil) {
-		return fmt.Errorf("cannot set static IP or MAC address if joining more than one network: %w", define.ErrInvalidArg)
-	}
-
 	// Using image resolv.conf conflicts with various DNS settings.
 	if c.config.UseImageResolvConf &&
 		(len(c.config.DNSSearch) > 0 || len(c.config.DNSServer) > 0 ||

libpod/pod_api.go

@@ -667,7 +667,6 @@ func (p *Pod) Inspect() (*define.InspectPodData, error) {
 		}
 		infraConfig = new(define.InspectPodInfraConfig)
 		infraConfig.HostNetwork = p.NetworkMode() == "host"
-		infraConfig.StaticIP = infra.config.ContainerNetworkConfig.StaticIP
 		infraConfig.NoManageResolvConf = infra.config.UseImageResolvConf
 		infraConfig.NoManageHostname = infra.config.UseImageHostname
 		infraConfig.NoManageHosts = infra.config.UseImageHosts

libpod/runtime_ctr.go

@@ -205,11 +205,6 @@ func (r *Runtime) initContainerVariables(rSpec *spec.Spec, config *ContainerConf
 		}
 		// Reset the log path to point to the default
 		ctr.config.LogPath = ""
-		// Later in validate() the check is for nil. JSONDeepCopy sets it to an empty
-		// object. Resetting it to nil if it was nil before.
-		if config.StaticMAC == nil {
-			ctr.config.StaticMAC = nil
-		}
 	}
 
 	ctr.config.Spec = rSpec

pkg/bindings/containers/types.go

@@ -238,6 +238,7 @@ type WaitOptions struct {
 	// Time interval to wait before polling for completion.
 	Interval *string
 	// Container status to wait on.
+	//
 	// Deprecated: use Conditions instead.
 	Condition []define.ContainerStatus
 }

pkg/checkpoint/checkpoint_restore.go

@@ -139,8 +139,6 @@ func CRImportCheckpoint(ctx context.Context, runtime *libpod.Runtime, restoreOpt
 				opts.StaticMAC = nil
 				ctrConfig.Networks[net] = opts
 			}
-			ctrConfig.StaticIP = nil
-			ctrConfig.StaticMAC = nil
 		}
 
 		if ctrConfig.PIDNsCtr != "" {

pkg/k8s.io/api/core/v1/annotation_key_constants.go

@@ -36,15 +36,18 @@ const (
 
 	// SeccompPodAnnotationKey represents the key of a seccomp profile applied
 	// to all containers of a pod.
+	//
 	// Deprecated: set a pod security context `seccompProfile` field.
 	SeccompPodAnnotationKey string = "seccomp.security.alpha.kubernetes.io/pod"
 
 	// SeccompContainerAnnotationKeyPrefix represents the key of a seccomp profile applied
 	// to one container of a pod.
+	//
 	// Deprecated: set a container security context `seccompProfile` field.
 	SeccompContainerAnnotationKeyPrefix string = "container.seccomp.security.alpha.kubernetes.io/"
 
 	// SeccompProfileRuntimeDefault represents the default seccomp profile used by container runtime.
+	//
 	// Deprecated: set a pod or container security context `seccompProfile` of type "RuntimeDefault" instead.
 	SeccompProfileRuntimeDefault string = "runtime/default"
 
@@ -71,6 +74,7 @@ const (
 	AppArmorBetaProfileNameUnconfined = "unconfined"
 
 	// DeprecatedSeccompProfileDockerDefault represents the default seccomp profile used by docker.
+	//
 	// Deprecated: set a pod or container security context `seccompProfile` of type "RuntimeDefault" instead.
 	DeprecatedSeccompProfileDockerDefault string = "docker/default"
 

pkg/k8s.io/api/core/v1/types.go

@@ -1463,6 +1463,7 @@ const (
 	PodFailed PodPhase = "Failed"
 	// PodUnknown means that for some reason the state of the pod could not be obtained, typically due
 	// to an error in communicating with the host of the pod.
+	//
 	// Deprecated: It isn't being set since 2015 (74da3b14b0c0f658b3bb8d2def5094686d0e9095)
 	PodUnknown PodPhase = "Unknown"
 )
@@ -1882,6 +1883,7 @@ type PodSpec struct {
 	// +optional
 	ServiceAccountName string `json:"serviceAccountName,omitempty"`
 	// DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.
+	//
 	// Deprecated: Use serviceAccountName instead.
 	// +k8s:conversion-gen=false
 	// +optional
@@ -4272,6 +4274,7 @@ type ComponentCondition struct {
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 
 // ComponentStatus (and ComponentStatusList) holds the cluster validation info.
+//
 // Deprecated: This API is deprecated in v1.19+
 type ComponentStatus struct {
 	metav1.TypeMeta `json:",inline"`
@@ -4290,6 +4293,7 @@ type ComponentStatus struct {
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 
 // Status of all the conditions for the component as a list of ComponentStatus objects.
+//
 // Deprecated: This API is deprecated in v1.19+
 type ComponentStatusList struct {
 	metav1.TypeMeta `json:",inline"`

pkg/specgen/generate/kube/seccomp.go

@@ -37,7 +37,8 @@ func InitializeSeccompPaths(annotations map[string]string, profileRoot string) (
 		for annKeyValue, seccomp := range annotations {
 			// check if it is prefaced with container.seccomp.security.alpha.kubernetes.io/
 			prefixAndCtr := strings.Split(annKeyValue, "/")
-			if prefixAndCtr[0]+"/" != v1.SeccompContainerAnnotationKeyPrefix {
+			// FIXME: Rework for deprecation removal https://github.com/containers/podman/issues/27501
+			if prefixAndCtr[0]+"/" != v1.SeccompContainerAnnotationKeyPrefix { //nolint:staticcheck
 				continue
 			} else if len(prefixAndCtr) != 2 {
 				// this could be caused by a user inputting either of
@@ -52,8 +53,8 @@ func InitializeSeccompPaths(annotations map[string]string, profileRoot string) (
 			}
 			seccompPaths.containerPaths[prefixAndCtr[1]] = path
 		}
-
-		podSeccomp, ok := annotations[v1.SeccompPodAnnotationKey]
+		// FIXME: Rework for deprecation removal https://github.com/containers/podman/issues/27501
+		podSeccomp, ok := annotations[v1.SeccompPodAnnotationKey] //nolint:staticcheck
 		if ok {
 			seccompPaths.podPath, err = verifySeccompPath(podSeccomp, profileRoot)
 		} else {
@@ -70,9 +71,11 @@ func InitializeSeccompPaths(annotations map[string]string, profileRoot string) (
 // the available options are parsed as defined in https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp
 func verifySeccompPath(path string, profileRoot string) (string, error) {
 	switch path {
-	case v1.DeprecatedSeccompProfileDockerDefault:
+	// FIXME: Rework for deprecation removal https://github.com/containers/podman/issues/27501
+	case v1.DeprecatedSeccompProfileDockerDefault: //nolint:staticcheck
 		fallthrough
-	case v1.SeccompProfileRuntimeDefault:
+	// FIXME: Rework for deprecation removal https://github.com/containers/podman/issues/27501
+	case v1.SeccompProfileRuntimeDefault: //nolint:staticcheck
 		return libpod.DefaultSeccompPath()
 	case "unconfined":
 		return path, nil

pkg/specgen/generate/namespaces.go

@@ -338,19 +338,9 @@ func namespaceOptions(s *specgen.SpecGenerator, rt *libpod.Runtime, pod *libpod.
 		}
 		// if no network was specified use add the default
 		if len(s.Networks) == 0 {
-			// backwards config still allow the old cni networks list and convert to new format
-			if len(s.CNINetworks) > 0 {
-				logrus.Warn(`specgen "cni_networks" option is deprecated use the "networks" map instead`)
-				networks := make(map[string]types.PerNetworkOptions, len(s.CNINetworks))
-				for _, net := range s.CNINetworks {
-					networks[net] = types.PerNetworkOptions{}
-				}
-				s.Networks = networks
-			} else {
-				// no networks given but bridge is set so use default network
-				s.Networks = map[string]types.PerNetworkOptions{
-					rtConfig.Network.DefaultNetwork: {},
-				}
+			// no networks given but bridge is set so use default network
+			s.Networks = map[string]types.PerNetworkOptions{
+				rtConfig.Network.DefaultNetwork: {},
 			}
 		}
 		// rename the "default" network to the correct default name

pkg/specgen/generate/pod_create.go

@@ -260,10 +260,6 @@ func MapSpec(p *specgen.PodSpecGenerator) (*specgen.SpecGenerator, error) {
 	if len(p.Networks) > 0 {
 		spec.Networks = p.Networks
 	}
-	// deprecated cni networks for api users
-	if len(p.CNINetworks) > 0 {
-		spec.CNINetworks = p.CNINetworks
-	}
 	if p.NoManageHosts {
 		spec.UseImageHosts = &p.NoManageHosts
 	}

pkg/specgen/podspecgen.go

@@ -122,14 +122,6 @@ type PodNetworkConfig struct {
 	// If the map is empty and the bridge network mode is set the container
 	// will be joined to the default network.
 	Networks map[string]types.PerNetworkOptions
-	// CNINetworks is a list of CNI networks to join the container to.
-	// If this list is empty, the default CNI network will be joined
-	// instead. If at least one entry is present, we will not join the
-	// default network (unless it is part of this list).
-	// Only available if NetNS is set to bridge.
-	// Optional.
-	// Deprecated: as of podman 4.0 use "Networks" instead.
-	CNINetworks []string `json:"cni_networks,omitempty"`
 	// NoManageResolvConf indicates that /etc/resolv.conf should not be
 	// managed by the pod. Instead, each container will create and manage a
 	// separate resolv.conf as if they had not joined a pod.

pkg/specgen/specgen.go

@@ -505,14 +505,6 @@ type ContainerNetworkConfig struct {
 	// will be joined to the default network.
 	// Optional.
 	Networks map[string]nettypes.PerNetworkOptions
-	// CNINetworks is a list of CNI networks to join the container to.
-	// If this list is empty, the default CNI network will be joined
-	// instead. If at least one entry is present, we will not join the
-	// default network (unless it is part of this list).
-	// Only available if NetNS is set to bridge.
-	// Optional.
-	// Deprecated: as of podman 4.0 use "Networks" instead.
-	CNINetworks []string `json:"cni_networks,omitempty"`
 	// UseImageResolvConf indicates that resolv.conf should not be managed
 	// by Podman, but instead sourced from the image.
 	// Conflicts with DNSServer, DNSSearch, DNSOption.

pkg/util/utils.go

@@ -25,7 +25,6 @@ import (
 	"github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/sirupsen/logrus"
 	"go.podman.io/image/v5/types"
-	"go.podman.io/storage/pkg/directory"
 	"go.podman.io/storage/pkg/fileutils"
 	"go.podman.io/storage/pkg/idtools"
 	"go.podman.io/storage/pkg/unshare"
@@ -1200,14 +1199,6 @@ func LookupUser(name string) (*user.User, error) {
 	return user.Lookup(name)
 }
 
-// SizeOfPath determines the file usage of a given path. it was called volumeSize in v1
-// and now is made to be generic and take a path instead of a libpod volume
-// Deprecated: use github.com/containers/storage/pkg/directory.Size() instead.
-func SizeOfPath(path string) (uint64, error) {
-	size, err := directory.Size(path)
-	return uint64(size), err
-}
-
 // ParseRestartPolicy parses the value given to the --restart flag and returns the policy
 // and restart retries value
 func ParseRestartPolicy(policy string) (string, uint, error) {