diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml new file mode 100644 index 00000000000..2fe925ddfa4 --- /dev/null +++ b/.github/workflows/codeql-analysis.yml @@ -0,0 +1,71 @@ +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +# +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# +name: "CodeQL" + +on: + push: + branches: [ master ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ master ] + schedule: + - cron: '31 1 * * 3' + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ 'go' ] + # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ] + # Learn more: + # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v1 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + # queries: ./path/to/local/query, your-org/your-repo/queries@main + + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v1 + + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 https://git.io/JvXDl + + # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines + # and modify them (or add more) to build your code if your project + # uses a compiled language + + #- run: | + # make bootstrap + # make release + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v1 diff --git a/controllers/mysql_combined_test.go b/controllers/mysql_combined_test.go index 5364931ecec..f3ae05132aa 100644 --- a/controllers/mysql_combined_test.go +++ b/controllers/mysql_combined_test.go @@ -27,7 +27,7 @@ func TestMySQLHappyPath(t *testing.T) { ctx := context.Background() // Add any setup steps that needs to be executed before each test - rgLocation := "eastus2" + rgLocation := "westus2" rgName := tc.resourceGroupName mySQLServerName := GenerateTestResourceNameWithRandom("mysql-srv", 10) mySQLReplicaName := GenerateTestResourceNameWithRandom("mysql-rep", 10) diff --git a/pkg/resourcemanager/azuresql/azuresqlaction/azuresqlaction.go b/pkg/resourcemanager/azuresql/azuresqlaction/azuresqlaction.go index cba6b23ed94..d419943ee00 100644 --- a/pkg/resourcemanager/azuresql/azuresqlaction/azuresqlaction.go +++ b/pkg/resourcemanager/azuresql/azuresqlaction/azuresqlaction.go @@ -57,6 +57,7 @@ func (s *AzureSqlActionManager) UpdateUserPassword( if err != nil { return err } + defer db.Close() instance := &azurev1alpha1.AzureSQLUser{ TypeMeta: metav1.TypeMeta{ diff --git a/pkg/resourcemanager/azuresql/azuresqlmanageduser/azuresqlmanageduser_reconcile.go b/pkg/resourcemanager/azuresql/azuresqlmanageduser/azuresqlmanageduser_reconcile.go index 34a473b1802..87e0ad9025e 100644 --- a/pkg/resourcemanager/azuresql/azuresqlmanageduser/azuresqlmanageduser_reconcile.go +++ b/pkg/resourcemanager/azuresql/azuresqlmanageduser/azuresqlmanageduser_reconcile.go @@ -85,6 +85,7 @@ func (s *AzureSqlManagedUserManager) Ensure(ctx context.Context, obj runtime.Obj instance.Status.SetFailedProvisioning(instance.Status.Message) return false, nil } + defer db.Close() userExists, err := s.UserExists(ctx, db, requestedUsername) if err != nil { @@ -189,6 +190,7 @@ func (s *AzureSqlManagedUserManager) Delete(ctx context.Context, obj runtime.Obj return true, nil } + defer db.Close() userExists, err := s.UserExists(ctx, db, requestedUsername) if err != nil { diff --git a/pkg/resourcemanager/azuresql/azuresqluser/azuresqluser_reconcile.go b/pkg/resourcemanager/azuresql/azuresqluser/azuresqluser_reconcile.go index 8b0f0bb8460..bc27220d7f6 100644 --- a/pkg/resourcemanager/azuresql/azuresqluser/azuresqluser_reconcile.go +++ b/pkg/resourcemanager/azuresql/azuresqluser/azuresqluser_reconcile.go @@ -134,6 +134,7 @@ func (s *AzureSqlUserManager) Ensure(ctx context.Context, obj runtime.Object, op return false, err } + defer db.Close() userSecretKey := MakeSecretKey(userSecretClient, instance) @@ -352,6 +353,7 @@ func (s *AzureSqlUserManager) Delete(ctx context.Context, obj runtime.Object, op } return false, err } + defer db.Close() var sqlUserSecretClient secrets.SecretClient if options.SecretClient != nil { diff --git a/pkg/resourcemanager/mysql/mysqlaaduser/reconcile.go b/pkg/resourcemanager/mysql/mysqlaaduser/reconcile.go index 070ca7a38e6..d8752650b43 100644 --- a/pkg/resourcemanager/mysql/mysqlaaduser/reconcile.go +++ b/pkg/resourcemanager/mysql/mysqlaaduser/reconcile.go @@ -108,6 +108,7 @@ func (m *MySQLAADUserManager) Ensure(ctx context.Context, obj runtime.Object, op return false, mysql.IgnoreDatabaseBusy(err) } + defer db.Close() instance.Status.SetProvisioning("") @@ -179,6 +180,7 @@ func (m *MySQLAADUserManager) Delete(ctx context.Context, obj runtime.Object, op } return false, err } + defer db.Close() err = mysql.DropUser(ctx, db, instance.Username()) if err != nil { diff --git a/pkg/resourcemanager/mysql/mysqluser/mysqluser_reconcile.go b/pkg/resourcemanager/mysql/mysqluser/mysqluser_reconcile.go index ed30845673b..64a611833e7 100644 --- a/pkg/resourcemanager/mysql/mysqluser/mysqluser_reconcile.go +++ b/pkg/resourcemanager/mysql/mysqluser/mysqluser_reconcile.go @@ -104,6 +104,7 @@ func (s *MySqlUserManager) Ensure(ctx context.Context, obj runtime.Object, opts return false, err } + defer db.Close() secretKey := secrets.SecretKey{Name: instance.Name, Namespace: instance.Namespace, Kind: instance.TypeMeta.Kind} // create or get new user secret @@ -228,6 +229,7 @@ func (s *MySqlUserManager) Delete(ctx context.Context, obj runtime.Object, opts } return false, err } + defer db.Close() var userSecretClient secrets.SecretClient if options.SecretClient != nil { diff --git a/pkg/resourcemanager/psql/psqluser/psqluser_reconcile.go b/pkg/resourcemanager/psql/psqluser/psqluser_reconcile.go index 63aaebd68e8..974ea639024 100644 --- a/pkg/resourcemanager/psql/psqluser/psqluser_reconcile.go +++ b/pkg/resourcemanager/psql/psqluser/psqluser_reconcile.go @@ -124,6 +124,7 @@ func (m *PostgreSqlUserManager) Ensure(ctx context.Context, obj runtime.Object, return false, err } + defer db.Close() secretKey := secrets.SecretKey{Name: instance.Name, Namespace: instance.Namespace, Kind: instance.TypeMeta.Kind} @@ -250,6 +251,7 @@ func (m *PostgreSqlUserManager) Delete(ctx context.Context, obj runtime.Object, //stop the reconcile with unkown error return false, err } + defer db.Close() var psqlUserSecretClient secrets.SecretClient if options.SecretClient != nil {