Tim Hockin
Tim Hockin
Can we just automate this further? For every Service (probably opt-in, obv), create a TLS Secret. Pods "in" that Service can use that Secret. Rotate it. Automatically. No sidecar container,...
Is there a cni-announce mailing list? @dcbw and @squeed and @bboreham have historically bridged the worlds, but it has not been formalized in k8s-space.
We are using it through gocritic, through golangci-lint (though IMO it should be a first-order linter in golangci-lint) . I was thinking about using embedding for the dsl library, too....
Or if I am going to use ruleguard directly, maybe a flag that points to the DSL lib (ignoring modules)?
Coming back to this, I have set up a trivial demonstration of the problem(s): https://github.com/thockin/ruleguard-multi-modules There are errors in both `subdir/file.go` and `submod/file.go`. ``` $ golangci-lint run subdir/file.go:6:2: ruleguard: prefer...
I sounds like the piece I was missing was that this uses Go's libs internally and the shortcomings in those libs become shortcomings of this tool. Is that right?
I got a new starting point on this, but you might not like it. It seems that ruleguard uses `go/build` (the "old way"). Go team recommends everyone switch to `golang.org/x/tools/go/packages`...
OK. How about a MUCH dirtier trick? I just PoC'ed this with a forced failure, and no dep on the dsl in my codebase. ```diff: diff --git a/ruleguard/engine.go b/ruleguard/engine.go index...
You would have to "emit" the embedded files into a form that Go thinks they are real - either as a vendor'ed module or as "local" code (and replace the...
I came here to +1. We spent hours trying to figure out why golangci-lint was not running ruleguard. This is why.