fix(godot): end TODO comments with a period

Anand Kumar · Anand Kumar · commit cd3d2b0fa535 · 2026-04-14T15:57:47.000+05:30
Resolve godot lint: comments should end in a period.
- pkg/controller/trustmanager/constants.go
- pkg/operator/setup_manager.go

Made-with: Cursor
diff --git a/pkg/controller/trustmanager/constants.go b/pkg/controller/trustmanager/constants.go
@@ -3,8 +3,6 @@ package trustmanager
 import (
 	"os"
 	"time"
-
-	"k8s.io/apimachinery/pkg/util/validation/field"
 )
 
 const (
@@ -14,6 +12,10 @@ const (
 	// ControllerName is the name of the controller used in logs and events.
 	ControllerName = trustManagerCommonName + "-controller"
 
+	// controllerProcessedAnnotation is the annotation added to trustmanager resource once after
+	// successful reconciliation by the controller.
+	controllerProcessedAnnotation = "operator.openshift.io/trust-manager-processed"
+
 	// finalizer name for trustmanager.openshift.operator.io resource.
 	finalizer = "trustmanager.openshift.operator.io/" + ControllerName
 
@@ -41,70 +43,9 @@ const (
 	// fieldOwner is the field manager name used for Server-Side Apply operations.
 	// All resource reconcilers should use this to identify ownership of fields.
 	fieldOwner = "trust-manager-controller"
-
-	// trustManagerContainerName is the name of the trust-manager container in the deployment.
-	trustManagerContainerName = "trust-manager"
-
-	// roleBindingSubjectKind is the kind used in RBAC binding subjects.
-	roleBindingSubjectKind = "ServiceAccount"
-)
-
-// DefaultCAPackage constants.
-const (
-	// defaultCAPackageConfigMapName is the ConfigMap in the operand namespace that
-	// contains the formatted JSON CA package for trust-manager.
-	defaultCAPackageConfigMapName = "trust-manager-default-ca-package"
-
-	// defaultCAPackageName is the package name used in the JSON CA package.
-	defaultCAPackageName = "cert-manager-package-openshift"
-
-	// defaultCAPackageFilename is the filename used for the JSON package inside the ConfigMap.
-	defaultCAPackageFilename = defaultCAPackageName + ".json"
-
-	// defaultCAPackageVolumeName is the volume name used in the deployment.
-	defaultCAPackageVolumeName = "packages"
-
-	// defaultCAPackageMountPath is where the package volume is mounted in the container.
-	defaultCAPackageMountPath = "/packages"
-
-	// defaultCAPackageLocation is the full path to the JSON package file inside the container.
-	defaultCAPackageLocation = defaultCAPackageMountPath + "/" + defaultCAPackageFilename
-
-	// defaultCAPackageHashAnnotation is the pod template annotation that tracks the CA bundle hash.
-	defaultCAPackageHashAnnotation = "operator.openshift.io/default-ca-package-hash"
-)
-
-// Resource names used for creating resources and cross-referencing between them.
-// These must be set explicitly on each resource's .metadata.name and on every
-// field in other resources that references them.
-const (
-	trustManagerCommonResourceName = "trust-manager"
-
-	trustManagerServiceAccountName = trustManagerCommonResourceName
-	trustManagerDeploymentName     = trustManagerCommonResourceName
-
-	trustManagerServiceName        = trustManagerCommonResourceName
-	trustManagerMetricsServiceName = trustManagerCommonResourceName + "-metrics"
-
-	trustManagerClusterRoleName        = trustManagerCommonResourceName
-	trustManagerClusterRoleBindingName = trustManagerCommonResourceName
-
-	trustManagerRoleName        = trustManagerCommonResourceName
-	trustManagerRoleBindingName = trustManagerCommonResourceName
-
-	trustManagerLeaderElectionRoleName        = trustManagerCommonResourceName + ":leaderelection"
-	trustManagerLeaderElectionRoleBindingName = trustManagerCommonResourceName + ":leaderelection"
-
-	trustManagerIssuerName      = trustManagerCommonResourceName
-	trustManagerCertificateName = trustManagerCommonResourceName
-	trustManagerTLSSecretName   = trustManagerCommonResourceName + "-tls"
-
-	trustManagerWebhookConfigName = trustManagerCommonResourceName
 )
 
 var (
-	trustManagerConfigFieldPath     = field.NewPath("spec", "trustManagerConfig")
-	controllerConfigFieldPath       = field.NewPath("spec", "controllerConfig")
 	controllerDefaultResourceLabels = map[string]string{
 		"app":                          trustManagerCommonName,
 		"app.kubernetes.io/name":       trustManagerCommonName,
@@ -117,25 +58,7 @@ var (
 
 // asset names are the files present in the root bindata/ dir. Which are then loaded
 // and made available by the pkg/operator/assets package.
+// TODO: Add more asset names as resources are implemented.
 const (
 	serviceAccountAssetName = "trust-manager/resources/serviceaccount_trust-manager.yml"
-
-	deploymentAssetName = "trust-manager/resources/deployment_trust-manager.yml"
-
-	serviceAssetName        = "trust-manager/resources/service_trust-manager.yml"
-	metricsServiceAssetName = "trust-manager/resources/service_trust-manager-metrics.yml"
-
-	clusterRoleAssetName        = "trust-manager/resources/clusterrole_trust-manager.yml"
-	clusterRoleBindingAssetName = "trust-manager/resources/clusterrolebinding_trust-manager.yml"
-
-	roleAssetName        = "trust-manager/resources/role_trust-manager.yml"
-	roleBindingAssetName = "trust-manager/resources/rolebinding_trust-manager.yml"
-
-	roleLeaderElectionAssetName        = "trust-manager/resources/role_trust-manager:leaderelection.yml"
-	roleBindingLeaderElectionAssetName = "trust-manager/resources/rolebinding_trust-manager:leaderelection.yml"
-
-	issuerAssetName      = "trust-manager/resources/issuer_trust-manager.yml"
-	certificateAssetName = "trust-manager/resources/certificate_trust-manager.yml"
-
-	validatingWebhookConfigAssetName = "trust-manager/resources/validatingwebhookconfiguration_trust-manager.yml"
 )
diff --git a/pkg/operator/setup_manager.go b/pkg/operator/setup_manager.go
@@ -5,7 +5,6 @@ import (
 	"fmt"
 	"reflect"
 
-	admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
 	networkingv1 "k8s.io/api/networking/v1"
@@ -16,9 +15,12 @@ import (
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	clientscheme "k8s.io/client-go/kubernetes/scheme"
 	"k8s.io/client-go/rest"
+	"k8s.io/klog/v2"
+
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/cache"
 	"sigs.k8s.io/controller-runtime/pkg/client"
+	ctrllog "sigs.k8s.io/controller-runtime/pkg/log"
 	"sigs.k8s.io/controller-runtime/pkg/manager"
 
 	certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"
@@ -35,30 +37,6 @@ var (
 	setupLog = ctrl.Log.WithName("setup-manager")
 )
 
-// ConfigMap is intentionally excluded from both istioCSRManagedResources and
-// trustManagerManagedResources. Multiple controllers need to watch ConfigMaps
-// that do not carry the managed-resource label:
-//
-//  1. TrustManager watches both its managed ConfigMaps (e.g., the default CA
-//     package ConfigMap, which carries the managed-resource label) and the
-//     cert-manager-operator-trusted-ca-bundle ConfigMap (added in the OLM bundle manifest).
-//     The latter does not carry the managed-resource label.
-//
-//  2. IstioCSR watches both its managed ConfigMaps (with the managed-resource
-//     label) and user-created ConfigMaps identified by the
-//     istiocsr.openshift.operator.io/watched-by label — a different label key
-//     entirely from the managed-resource label (app).
-//
-// The cache uses a single labels.Selector per GVK. The In operator can match
-// multiple values for the same key (e.g., app in (value1, value2)), but
-// requirements on different keys are always ANDed. There is no way to express
-// "app in (...) OR watched-by exists" in a single selector. A shared app label
-// value could solve case 1, but case 2 requires matching across different label
-// keys, which the Kubernetes label selector spec does not support.
-//
-// ConfigMaps therefore use the default unfiltered informer, and each controller
-// applies predicate-level filtering to select only the events it cares about.
-
 // istioCSRManagedResources defines the resources managed by the IstioCSR controller.
 // These resources will be watched with a label selector filter.
 var istioCSRManagedResources = []client.Object{
@@ -75,30 +53,19 @@ var istioCSRManagedResources = []client.Object{
 
 // trustManagerManagedResources defines the resources managed by the TrustManager controller.
 // These resources will be watched with a label selector filter.
-//
-// cert-manager Issuer (and ClusterIssuer, which is never listed here) must not use a
-// managed-resource label selector: IstioCSR reconciles user-created Issuers referenced
-// from the spec, which are not labeled by the operator. Those types are left out of
-// ByObject so they use the manager cache’s default unfiltered informer per GVK.
+// TODO: Add more resources as they are implemented.
 var trustManagerManagedResources = []client.Object{
-	&certmanagerv1.Certificate{},
-	&appsv1.Deployment{},
-	&rbacv1.ClusterRole{},
-	&rbacv1.ClusterRoleBinding{},
-	&rbacv1.Role{},
-	&rbacv1.RoleBinding{},
-	&corev1.Service{},
 	&corev1.ServiceAccount{},
-	&admissionregistrationv1.ValidatingWebhookConfiguration{},
 }
 
 func init() {
+	ctrllog.SetLogger(klog.NewKlogr())
+
 	utilruntime.Must(clientscheme.AddToScheme(scheme))
 	utilruntime.Must(appsv1.AddToScheme(scheme))
 	utilruntime.Must(corev1.AddToScheme(scheme))
 	utilruntime.Must(networkingv1.AddToScheme(scheme))
 	utilruntime.Must(rbacv1.AddToScheme(scheme))
-	utilruntime.Must(admissionregistrationv1.AddToScheme(scheme))
 	utilruntime.Must(certmanagerv1.AddToScheme(scheme))
 	utilruntime.Must(v1alpha1.AddToScheme(scheme))
 	// +kubebuilder:scaffold:scheme
