generics for bound checks, typos, and other reviews

krishagarwal278 · krishagarwal278 · commit 68d9c7080585 · 2025-11-12T11:58:07.000-05:00
diff --git a/docs/linters.md b/docs/linters.md
@@ -486,11 +486,11 @@ According to Kubernetes API conventions, numeric fields should have bounds check
 
 This linter ensures that:
 - Numeric fields have both `+kubebuilder:validation:Minimum` and `+kubebuilder:validation:Maximum` markers
-- K8s declarative validation markers (`+k8s:minimum` and `+k8s:maximum`) are also supported  
-- Bounds values are within the type's valid range:
-  - int32: full int32 range (±2^31-1)
-  - int64: JavaScript-safe range (±2^53-1) per Kubernetes API conventions
-  - float32/float64: within their respective ranges
+- K8s declarative validation markers (`+k8s:minimum` and `+k8s:maximum`) are also supported
+- Bounds values are validated:
+  - int32: within int32 range (±2^31-1)
+  - int64: within JavaScript-safe range (±2^53-1) per K8s API conventions for JSON compatibility
+  - float32/float64: marker values are valid (within type ranges)
 
 **Note:** While `+k8s:minimum` is documented in the official Kubernetes declarative validation spec, `+k8s:maximum` is not yet officially documented but is supported by this linter for forward compatibility and consistency.
 
diff --git a/go.mod b/go.mod
@@ -8,6 +8,7 @@ require (
 	github.com/google/go-cmp v0.7.0
 	github.com/onsi/ginkgo/v2 v2.23.4
 	github.com/onsi/gomega v1.38.0
+	golang.org/x/exp v0.0.0-20240909161429-701f63a606c0
 	golang.org/x/tools v0.37.0
 	k8s.io/apimachinery v0.32.3
 	k8s.io/gengo/v2 v2.0.0-20250922181213-ec3ebc5fd46b
diff --git a/pkg/analysis/numericbounds/analyzer.go b/pkg/analysis/numericbounds/analyzer.go
@@ -19,7 +19,9 @@ import (
 	"errors"
 	"fmt"
 	"go/ast"
+	"strings"
 
+	"golang.org/x/exp/constraints"
 	"golang.org/x/tools/go/analysis"
 	kalerrors "sigs.k8s.io/kube-api-linter/pkg/analysis/errors"
 	"sigs.k8s.io/kube-api-linter/pkg/analysis/helpers/extractjsontags"
@@ -97,6 +99,12 @@ func checkNumericType(pass *analysis.Pass, ident *ast.Ident, node ast.Node, pref
 	// Determine if this is a slice/array field
 	isSlice := utils.IsArrayTypeOrAlias(pass, field)
 
+	// For array elements, update prefix to include type information
+	// e.g., "field Ports array element pointer" -> "field Ports array element type of int32"
+	if isSlice {
+		prefix = buildArrayElementPrefix(prefix, ident.Name)
+	}
+
 	// Determine which markers to look for based on whether the field is a slice
 	minMarkers, maxMarkers := getMarkerNames(isSlice)
 
@@ -119,11 +127,11 @@ func checkNumericType(pass *analysis.Pass, ident *ast.Ident, node ast.Node, pref
 
 	// Report if markers are missing
 	if minMissing {
-		pass.Reportf(field.Pos(), "%s is missing minimum bounds validation marker", prefix)
+		pass.Reportf(field.Pos(), "%s is missing minimum bound validation marker", prefix)
 	}
 
 	if maxMissing {
-		pass.Reportf(field.Pos(), "%s is missing maximum bounds validation marker", prefix)
+		pass.Reportf(field.Pos(), "%s is missing maximum bound validation marker", prefix)
 	}
 
 	// If any markers are missing or invalid, don't continue with bounds checks
@@ -146,16 +154,30 @@ func getMarkerNames(isSlice bool) (minMarkers, maxMarkers []string) {
 	return []string{markers.KubebuilderMinimumMarker, markers.K8sMinimumMarker}, []string{markers.KubebuilderMaximumMarker, markers.K8sMaximumMarker}
 }
 
+// buildArrayElementPrefix updates the prefix for array elements to include type information.
+// Replaces TypeChecker's suffix (like "pointer" or "type X") with "type of {typeName}".
+// Example: "field Ports array element pointer" -> "field Ports array element type of int32".
+func buildArrayElementPrefix(prefix, typeName string) string {
+	idx := strings.Index(prefix, "array element")
+	if idx == -1 {
+		return prefix
+	}
+
+	return prefix[:idx+len("array element")] + " type of " + typeName
+}
+
 // getMarkerNumericValue extracts the numeric value from the first instance of any of the given marker names.
 // Checks multiple marker names to support both kubebuilder and k8s declarative validation markers.
+// Precedence: Markers checked in the order provided and first valid value found is returned.
+// We require a valid numeric value (not just marker presence) for both minimum and maximum markers.
 func getMarkerNumericValue(markerSet markershelper.MarkerSet, markerNames []string) (float64, error) {
 	for _, markerName := range markerNames {
 		markerList := markerSet.Get(markerName)
 		if len(markerList) == 0 {
 			continue
 		}
 
-		// Use the exported utils function to parse the marker value
+		// Use the exported utils.GetMarkerNumericValue function to parse the marker value
 		value, err := utils.GetMarkerNumericValue[float64](markerList[0])
 		if err != nil {
 			if errors.Is(err, errMarkerMissingValue) {
@@ -174,43 +196,42 @@ func getMarkerNumericValue(markerSet markershelper.MarkerSet, markerNames []stri
 // checkBoundsWithinTypeRange validates that the bounds are within the valid range for the type.
 // For int64, enforces JavaScript-safe bounds as per Kubernetes API conventions to ensure
 // compatibility with JavaScript clients.
-//
-//nolint:cyclop
 func checkBoundsWithinTypeRange(pass *analysis.Pass, field *ast.Field, prefix, typeName string, minimum, maximum float64) {
 	switch typeName {
 	case "int32":
-		if minimum < float64(minInt32) || minimum > float64(maxInt32) {
-			pass.Reportf(field.Pos(), "%s has minimum bound %v that is outside the valid int32 range [%d, %d]", prefix, minimum, minInt32, maxInt32)
-		}
-
-		if maximum < float64(minInt32) || maximum > float64(maxInt32) {
-			pass.Reportf(field.Pos(), "%s has maximum bound %v that is outside the valid int32 range [%d, %d]", prefix, maximum, minInt32, maxInt32)
-		}
+		checkBoundInRange(pass, field, prefix, minimum, minInt32, maxInt32, "minimum", "int32")
+		checkBoundInRange(pass, field, prefix, maximum, minInt32, maxInt32, "maximum", "int32")
 	case "int64":
-		// Kubernetes API conventions enforce JavaScript-safe bounds for int64 (±2^53-1)
-		// to ensure compatibility with JavaScript clients
-		if minimum < float64(minSafeInt64) {
-			pass.Reportf(field.Pos(), "%s has minimum bound %v that is outside the JavaScript-safe int64 range [%d, %d]. Consider using a string type to avoid precision loss in JavaScript clients", prefix, minimum, int64(minSafeInt64), int64(maxSafeInt64))
-		}
-
-		if maximum > float64(maxSafeInt64) {
-			pass.Reportf(field.Pos(), "%s has maximum bound %v that is outside the JavaScript-safe int64 range [%d, %d]. Consider using a string type to avoid precision loss in JavaScript clients", prefix, maximum, int64(minSafeInt64), int64(maxSafeInt64))
-		}
+		// K8s API conventions enforce JavaScript-safe bounds for int64 (±2^53-1)
+		checkBoundInRange(pass, field, prefix, minimum, int64(minSafeInt64), int64(maxSafeInt64), "minimum", "JavaScript-safe int64",
+			"Consider using a string type to avoid precision loss in JavaScript clients")
+		checkBoundInRange(pass, field, prefix, maximum, int64(minSafeInt64), int64(maxSafeInt64), "maximum", "JavaScript-safe int64",
+			"Consider using a string type to avoid precision loss in JavaScript clients")
 	case "float32":
-		if minimum < float64(minFloat32) || minimum > float64(maxFloat32) {
-			pass.Reportf(field.Pos(), "%s has minimum bound %v that is outside the valid float32 range", prefix, minimum)
-		}
-
-		if maximum < float64(minFloat32) || maximum > float64(maxFloat32) {
-			pass.Reportf(field.Pos(), "%s has maximum bound %v that is outside the valid float32 range", prefix, maximum)
-		}
+		checkFloatBoundInRange(pass, field, prefix, minimum, minFloat32, maxFloat32, "minimum", "float32")
+		checkFloatBoundInRange(pass, field, prefix, maximum, minFloat32, maxFloat32, "maximum", "float32")
 	case "float64":
-		if minimum < minFloat64 || minimum > maxFloat64 {
-			pass.Reportf(field.Pos(), "%s has minimum bound %v that is outside the valid float64 range", prefix, minimum)
-		}
+		checkFloatBoundInRange(pass, field, prefix, minimum, minFloat64, maxFloat64, "minimum", "float64")
+		checkFloatBoundInRange(pass, field, prefix, maximum, minFloat64, maxFloat64, "maximum", "float64")
+	}
+}
 
-		if maximum < minFloat64 || maximum > maxFloat64 {
-			pass.Reportf(field.Pos(), "%s has maximum bound %v that is outside the valid float64 range", prefix, maximum)
+// checkBoundInRange checks if an integer bound value is within the valid range.
+// Uses generics to avoid type conversions.
+func checkBoundInRange[T constraints.Integer](pass *analysis.Pass, field *ast.Field, prefix string, value float64, minBound, maxBound T, boundType, typeName string, extraMsg ...string) {
+	if value < float64(minBound) || value > float64(maxBound) {
+		msg := fmt.Sprintf("%s has %s bound %%v that is outside the %s range [%%d, %%d]", prefix, boundType, typeName)
+		if len(extraMsg) > 0 {
+			msg += ". " + extraMsg[0]
 		}
+
+		pass.Reportf(field.Pos(), msg, value, minBound, maxBound)
+	}
+}
+
+// checkFloatBoundInRange checks if a float bound value is within the valid range.
+func checkFloatBoundInRange[T constraints.Float](pass *analysis.Pass, field *ast.Field, prefix string, value float64, minBound, maxBound T, boundType, typeName string) {
+	if value < float64(minBound) || value > float64(maxBound) {
+		pass.Reportf(field.Pos(), "%s has %s bound %v that is outside the valid %s range", prefix, boundType, value, typeName)
 	}
 }
diff --git a/pkg/analysis/numericbounds/testdata/src/a/a.go b/pkg/analysis/numericbounds/testdata/src/a/a.go
@@ -1,58 +1,58 @@
 package a
 
-// ValidInt32WithBounds has proper bounds validation
-type ValidInt32WithBounds struct {
+// ValidInt32WithBound has proper bounds validation
+type ValidInt32WithBound struct {
 	// +kubebuilder:validation:Minimum=0
 	// +kubebuilder:validation:Maximum=100
 	Count int32
 }
 
-// ValidInt64WithBounds has proper bounds validation
-type ValidInt64WithBounds struct {
+// ValidInt64WithBound has proper bounds validation
+type ValidInt64WithBound struct {
 	// +kubebuilder:validation:Minimum=-1000
 	// +kubebuilder:validation:Maximum=1000
 	Value int64
 }
 
-// ValidInt64WithJSSafeBounds has bounds within JavaScript safe integer range
-type ValidInt64WithJSSafeBounds struct {
+// ValidInt64WithJSSafeBound has bounds within JavaScript safe integer range
+type ValidInt64WithJSSafeBound struct {
 	// +kubebuilder:validation:Minimum=-9007199254740991
 	// +kubebuilder:validation:Maximum=9007199254740991
 	SafeValue int64
 }
 
-// InvalidInt32NoBounds should have bounds markers
-type InvalidInt32NoBounds struct {
-	NoBounds int32 // want "field NoBounds is missing minimum bounds validation marker" "field NoBounds is missing maximum bounds validation marker"
+// InvalidInt32NoBound should have bounds markers
+type InvalidInt32NoBound struct {
+	NoBound int32 // want "field NoBound is missing minimum bound validation marker" "field NoBound is missing maximum bound validation marker"
 }
 
-// InvalidInt64NoBounds should have bounds markers
-type InvalidInt64NoBounds struct {
-	NoBounds int64 // want "field NoBounds is missing minimum bounds validation marker" "field NoBounds is missing maximum bounds validation marker"
+// InvalidInt64NoBound should have bounds markers
+type InvalidInt64NoBound struct {
+	NoBound int64 // want "field NoBound is missing minimum bound validation marker" "field NoBound is missing maximum bound validation marker"
 }
 
 // InvalidInt32OnlyMin should have maximum marker
 type InvalidInt32OnlyMin struct {
 	// +kubebuilder:validation:Minimum=0
-	OnlyMin int32 // want "field OnlyMin is missing maximum bounds validation marker"
+	OnlyMin int32 // want "field OnlyMin is missing maximum bound validation marker"
 }
 
 // InvalidInt32OnlyMax should have minimum marker
 type InvalidInt32OnlyMax struct {
 	// +kubebuilder:validation:Maximum=100
-	OnlyMax int32 // want "field OnlyMax is missing minimum bounds validation marker"
+	OnlyMax int32 // want "field OnlyMax is missing minimum bound validation marker"
 }
 
 // InvalidInt64OnlyMin should have maximum marker
 type InvalidInt64OnlyMin struct {
 	// +kubebuilder:validation:Minimum=0
-	OnlyMin int64 // want "field OnlyMin is missing maximum bounds validation marker"
+	OnlyMin int64 // want "field OnlyMin is missing maximum bound validation marker"
 }
 
 // InvalidInt64OnlyMax should have minimum marker
 type InvalidInt64OnlyMax struct {
 	// +kubebuilder:validation:Maximum=100
-	OnlyMax int64 // want "field OnlyMax is missing minimum bounds validation marker"
+	OnlyMax int64 // want "field OnlyMax is missing minimum bound validation marker"
 }
 
 // InvalidInt64ExceedsJSMaxBounds has maximum that exceeds JavaScript safe integer range
@@ -102,12 +102,12 @@ type ValidFloat32WithBounds struct {
 
 // InvalidFloat64NoBounds should have bounds markers
 type InvalidFloat64NoBounds struct {
-	Value float64 // want "field Value is missing minimum bounds validation marker" "field Value is missing maximum bounds validation marker"
+	Value float64 // want "field Value is missing minimum bound validation marker" "field Value is missing maximum bound validation marker"
 }
 
 // InvalidFloat32NoBounds should have bounds markers
 type InvalidFloat32NoBounds struct {
-	Ratio float32 // want "field Ratio is missing minimum bounds validation marker" "field Ratio is missing maximum bounds validation marker"
+	Ratio float32 // want "field Ratio is missing minimum bound validation marker" "field Ratio is missing maximum bound validation marker"
 }
 
 // MixedFields has both valid and invalid fields
@@ -116,15 +116,15 @@ type MixedFields struct {
 	// +kubebuilder:validation:Maximum=100
 	ValidCount int32
 
-	InvalidCount int32 // want "field InvalidCount is missing minimum bounds validation marker" "field InvalidCount is missing maximum bounds validation marker"
+	InvalidCount int32 // want "field InvalidCount is missing minimum bound validation marker" "field InvalidCount is missing maximum bound validation marker"
 
 	Name string
 
 	// +kubebuilder:validation:Minimum=0
 	// +kubebuilder:validation:Maximum=1000
 	ValidValue int64
 
-	InvalidValue int64 // want "field InvalidValue is missing minimum bounds validation marker" "field InvalidValue is missing maximum bounds validation marker"
+	InvalidValue int64 // want "field InvalidValue is missing minimum bound validation marker" "field InvalidValue is missing maximum bound validation marker"
 }
 
 // PointerFields with pointers should also be checked
@@ -133,18 +133,18 @@ type PointerFields struct {
 	// +kubebuilder:validation:Maximum=100
 	ValidPointerWithBounds *int32
 
-	InvalidPointer *int32 // want "field InvalidPointer pointer is missing minimum bounds validation marker" "field InvalidPointer pointer is missing maximum bounds validation marker"
+	InvalidPointer *int32 // want "field InvalidPointer pointer is missing minimum bound validation marker" "field InvalidPointer pointer is missing maximum bound validation marker"
 
-	InvalidPointer64 *int64 // want "field InvalidPointer64 pointer is missing minimum bounds validation marker" "field InvalidPointer64 pointer is missing maximum bounds validation marker"
+	InvalidPointer64 *int64 // want "field InvalidPointer64 pointer is missing minimum bound validation marker" "field InvalidPointer64 pointer is missing maximum bound validation marker"
 }
 
 // SliceFields with slices should check the element type
 type SliceFields struct {
 	ValidSlice []string
 
-	InvalidSlice []int32 // want "field InvalidSlice array element is missing minimum bounds validation marker" "field InvalidSlice array element is missing maximum bounds validation marker"
+	InvalidSlice []int32 // want "field InvalidSlice array element type of int32 is missing minimum bound validation marker" "field InvalidSlice array element type of int32 is missing maximum bound validation marker"
 
-	InvalidSlice64 []int64 // want "field InvalidSlice64 array element is missing minimum bounds validation marker" "field InvalidSlice64 array element is missing maximum bounds validation marker"
+	InvalidSlice64 []int64 // want "field InvalidSlice64 array element type of int64 is missing minimum bound validation marker" "field InvalidSlice64 array element type of int64 is missing maximum bound validation marker"
 
 	// +kubebuilder:validation:items:Minimum=0
 	// +kubebuilder:validation:items:Maximum=100
@@ -179,13 +179,13 @@ type TypeAliasFields struct {
 	// +kubebuilder:validation:Maximum=100
 	ValidAlias Int32Alias
 
-	InvalidAlias Int32Alias // want "field InvalidAlias type Int32Alias is missing minimum bounds validation marker" "field InvalidAlias type Int32Alias is missing maximum bounds validation marker"
+	InvalidAlias Int32Alias // want "field InvalidAlias type Int32Alias is missing minimum bound validation marker" "field InvalidAlias type Int32Alias is missing maximum bound validation marker"
 
-	InvalidAlias64 Int64Alias // want "field InvalidAlias64 type Int64Alias is missing minimum bounds validation marker" "field InvalidAlias64 type Int64Alias is missing maximum bounds validation marker"
+	InvalidAlias64 Int64Alias // want "field InvalidAlias64 type Int64Alias is missing minimum bound validation marker" "field InvalidAlias64 type Int64Alias is missing maximum bound validation marker"
 
-	InvalidAliasFloat32 Float32Alias // want "field InvalidAliasFloat32 type Float32Alias is missing minimum bounds validation marker" "field InvalidAliasFloat32 type Float32Alias is missing maximum bounds validation marker"
+	InvalidAliasFloat32 Float32Alias // want "field InvalidAliasFloat32 type Float32Alias is missing minimum bound validation marker" "field InvalidAliasFloat32 type Float32Alias is missing maximum bound validation marker"
 
-	InvalidAliasFloat64 Float64Alias // want "field InvalidAliasFloat64 type Float64Alias is missing minimum bounds validation marker" "field InvalidAliasFloat64 type Float64Alias is missing maximum bounds validation marker"
+	InvalidAliasFloat64 Float64Alias // want "field InvalidAliasFloat64 type Float64Alias is missing minimum bound validation marker" "field InvalidAliasFloat64 type Float64Alias is missing maximum bound validation marker"
 
 	// Valid: bounds are on the type alias itself
 	ValidBoundedAlias BoundedInt32Alias
@@ -199,10 +199,10 @@ type TypeAliasFields struct {
 
 // PointerSliceFields with pointer slices should also be checked
 type PointerSliceFields struct {
-	InvalidPointerSlice []*int32 // want "field InvalidPointerSlice array element pointer is missing minimum bounds validation marker" "field InvalidPointerSlice array element pointer is missing maximum bounds validation marker"
+	InvalidPointerSlice []*int32 // want "field InvalidPointerSlice array element type of int32 is missing minimum bound validation marker" "field InvalidPointerSlice array element type of int32 is missing maximum bound validation marker"
 }
 
-// K8sDeclarativeValidation with k8s declarative validation markers should work
+// K8sDeclarativeValidation with k8s declarative validation markers
 type K8sDeclarativeValidation struct {
 	// +k8s:minimum=0
 	// +k8s:maximum=100
@@ -217,7 +217,7 @@ type K8sDeclarativeValidation struct {
 type InvalidInt32BoundsOutOfRange struct {
 	// +kubebuilder:validation:Minimum=-3000000000
 	// +kubebuilder:validation:Maximum=3000000000
-	OutOfRange int32 // want "field OutOfRange has minimum bound -3e\\+09 that is outside the valid int32 range" "field OutOfRange has maximum bound 3e\\+09 that is outside the valid int32 range"
+	OutOfRange int32 // want "field OutOfRange has minimum bound -3e\\+09 that is outside the int32 range \\[-2147483648, 2147483647\\]" "field OutOfRange has maximum bound 3e\\+09 that is outside the int32 range \\[-2147483648, 2147483647\\]"
 }
 
 // MixedMarkersKubebuilderAndK8s can use either kubebuilder or k8s markers
