Enable templates linting

- braces - brackets - colons - commas - comments - hyphens - indentation - key-duplicates with corresponding code changes. Also disable enforcement for document-(start|end) rules and disables warnings to increase readability. * Unrestrict octal values rule since benefits of file modes readability exceed possible issues with yaml 1.2 adoption in future k8s versions. These issues will be addressed when/if they occur. Change-Id: Ic5e327cf40c4b09c90738baff56419a6cef132da Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
2020-07-06 14:19:39 -05:00 · 2020-07-06 14:19:39 -05:00 · 44d263b2bf
commit 44d263b2bf
parent 0807ecb354
21 changed files with 74 additions and 48 deletions
--- a/barbican/templates/pod-test.yaml
+++ b/barbican/templates/pod-test.yaml
@ -38,7 +38,7 @@ spec:
    {{ .Values.labels.test.node_selector_key }}: {{ .Values.labels.test.node_selector_value }}
  restartPolicy: Never
  initContainers:
-{{ tuple $envAll "tests" $mounts_barbican_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll "tests" $mounts_barbican_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
  containers:
    - name: barbican-test
 {{ tuple $envAll "scripted_test" | include "helm-toolkit.snippets.image" | indent 6 }}
--- a/cinder/templates/deployment-api.yaml
+++ b/cinder/templates/deployment-api.yaml
@ -168,7 +168,7 @@ spec:
            secretName: cinder-etc
            defaultMode: 0444
        {{- if eq ( split "://" .Values.conf.cinder.coordination.backend_url )._0 "file" }}
-        #NOTE (portdirect): this will need to be set to a shared mount amongst all cinder
+        # NOTE (portdirect): this will need to be set to a shared mount amongst all cinder
        # pods for the coordination backend to be fully functional.
        - name: cinder-coordination
          emptyDir: {}
--- a/cinder/templates/deployment-backup.yaml
+++ b/cinder/templates/deployment-backup.yaml
@ -243,7 +243,7 @@ spec:
            claimName: cinder-backup
        {{- end }}
        {{- if eq ( split "://" .Values.conf.cinder.coordination.backend_url )._0 "file" }}
-        #NOTE (portdirect): this will need to be set to a shared mount amongst all cinder
+        # NOTE (portdirect): this will need to be set to a shared mount amongst all cinder
        # pods for the coordination backend to be fully functional.
        - name: cinder-coordination
          emptyDir: {}
--- a/cinder/templates/deployment-scheduler.yaml
+++ b/cinder/templates/deployment-scheduler.yaml
@ -117,7 +117,7 @@ spec:
            secretName: cinder-etc
            defaultMode: 0444
        {{- if eq ( split "://" .Values.conf.cinder.coordination.backend_url )._0 "file" }}
-        #NOTE (portdirect): this will need to be set to a shared mount amongst all cinder
+        # NOTE (portdirect): this will need to be set to a shared mount amongst all cinder
        # pods for the coordination backend to be fully functional.
        - name: cinder-coordination
          emptyDir: {}
--- a/cinder/templates/deployment-volume.yaml
+++ b/cinder/templates/deployment-volume.yaml
@ -96,7 +96,6 @@ spec:
              mountPath: {{ ( split "://" .Values.conf.cinder.coordination.backend_url )._1 }}
        {{ end }}
        - name: init-cinder-conf
 {{ tuple $envAll "cinder_volume" | include "helm-toolkit.snippets.image" | indent 10 }}
 {{ dict "envAll" $envAll "application" "cinder_volume" "container" "init_cinder_conf" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
          image: {{ .Values.images.tags.ks_user }}
          imagePullPolicy: {{ .Values.images.pull_policy }}
@ -240,7 +239,7 @@ spec:
            secretName: {{ .Values.secrets.rbd.volume | quote }}
        {{ end }}
        {{- if eq ( split "://" .Values.conf.cinder.coordination.backend_url )._0 "file" }}
-        #NOTE (portdirect): this will need to be set to a shared mount amongst all cinder
+        # NOTE (portdirect): this will need to be set to a shared mount amongst all cinder
        # pods for the coordination backend to be fully functional.
        - name: cinder-coordination
          emptyDir: {}
--- a/heat/templates/secret-keystone.yaml
+++ b/heat/templates/secret-keystone.yaml
@ -32,9 +32,9 @@ metadata:
  name: {{ $envAll.Values.secrets.identity.heat_stack_user }}
 type: Opaque
 data:
-  OS_AUTH_URL: {{ tuple "identity" "internal" "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
+  OS_AUTH_URL: {{ tuple "identity" "internal" "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc }}
-  OS_REGION_NAME: {{ .Values.endpoints.identity.auth.heat_stack_user.region_name | b64enc | indent 4 }}
+  OS_REGION_NAME: {{ .Values.endpoints.identity.auth.heat_stack_user.region_name | b64enc }}
-  OS_DOMAIN_NAME: {{ .Values.endpoints.identity.auth.heat_stack_user.domain_name | b64enc | indent 4 }}
+  OS_DOMAIN_NAME: {{ .Values.endpoints.identity.auth.heat_stack_user.domain_name | b64enc }}
-  OS_USERNAME: {{ .Values.endpoints.identity.auth.heat_stack_user.username | b64enc | indent 4 }}
+  OS_USERNAME: {{ .Values.endpoints.identity.auth.heat_stack_user.username | b64enc }}
-  OS_PASSWORD: {{ .Values.endpoints.identity.auth.heat_stack_user.password | b64enc | indent 4 }}
+  OS_PASSWORD: {{ .Values.endpoints.identity.auth.heat_stack_user.password | b64enc }}
 {{- end }}
--- a/magnum/templates/secret-keystone.yaml
+++ b/magnum/templates/secret-keystone.yaml
@ -32,9 +32,9 @@ metadata:
  name: {{ $envAll.Values.secrets.identity.magnum_stack_user }}
 type: Opaque
 data:
-  OS_AUTH_URL: {{ tuple "identity" "internal" "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
+  OS_AUTH_URL: {{ tuple "identity" "internal" "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc }}
-  OS_REGION_NAME: {{ .Values.endpoints.identity.auth.magnum_stack_user.region_name | b64enc | indent 4 }}
+  OS_REGION_NAME: {{ .Values.endpoints.identity.auth.magnum_stack_user.region_name | b64enc }}
-  OS_DOMAIN_NAME: {{ .Values.endpoints.identity.auth.magnum_stack_user.domain_name | b64enc | indent 4 }}
+  OS_DOMAIN_NAME: {{ .Values.endpoints.identity.auth.magnum_stack_user.domain_name | b64enc }}
-  OS_USERNAME: {{ .Values.endpoints.identity.auth.magnum_stack_user.username | b64enc | indent 4 }}
+  OS_USERNAME: {{ .Values.endpoints.identity.auth.magnum_stack_user.username | b64enc }}
-  OS_PASSWORD: {{ .Values.endpoints.identity.auth.magnum_stack_user.password | b64enc | indent 4 }}
+  OS_PASSWORD: {{ .Values.endpoints.identity.auth.magnum_stack_user.password | b64enc }}
 {{- end }}
--- a/neutron/templates/pod-rally-test.yaml
+++ b/neutron/templates/pod-rally-test.yaml
@ -26,11 +26,10 @@ kind: Pod
 metadata:
  name: {{ print $envAll.Release.Name "-test" }}
  annotations:
    "helm.sh/hook": test-success
    {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
  labels:
 {{ tuple $envAll "neutron" "test" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
  annotations:
    "helm.sh/hook": test-success
 {{ dict "envAll" $envAll "podName" "neutron-test" "containerNames" (list "init" "neutron-test" "neutron-test-ks-user") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }}
 spec:
  nodeSelector:
--- a/nova/templates/daemonset-compute.yaml
+++ b/nova/templates/daemonset-compute.yaml
@ -88,7 +88,7 @@ spec:
 {{ dict "envAll" $envAll "application" "nova" "container" "nova_compute_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
          env:
            - name: NOVA_USER_UID
-              value: "{{ .Values.pod.user.nova.uid }}"
+              value: "{{ .Values.pod.security_context.nova.pod.runAsUser }}"
          command:
            - /tmp/nova-compute-init.sh
          terminationMessagePath: /var/log/termination-log
--- a/nova/values.yaml
+++ b/nova/values.yaml
@ -2335,9 +2335,6 @@ pod:
          enabled: True
          params:
            initialDelaySeconds: 30
  user:
    nova:
      uid: 42424
  security_context:
    nova:
      pod:
--- a/nova/values_overrides/rocky-opensuse_15.yaml
+++ b/nova/values_overrides/rocky-opensuse_15.yaml
@ -24,5 +24,4 @@ images:
    nova_spiceproxy: "docker.io/openstackhelm/nova:rocky-opensuse_15"
    nova_spiceproxy_assets: "docker.io/openstackhelm/nova:rocky-opensuse_15"
    nova_service_cleaner: "docker.io/openstackhelm/ceph-config-helper:latest-opensuse_15"
 ...
--- a/placement/templates/deployment.yaml
+++ b/placement/templates/deployment.yaml
@ -71,7 +71,7 @@ spec:
            - name: p-api
              containerPort: {{ tuple "placement" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
          readinessProbe:
-            #NOTE(portdirect): use tcpSocket check as HTTP will return 401
+            # NOTE(portdirect): use tcpSocket check as HTTP will return 401
            tcpSocket:
              port: {{ tuple "placement" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
            initialDelaySeconds: 15
--- a/senlin/templates/pod-test.yaml
+++ b/senlin/templates/pod-test.yaml
@ -36,7 +36,7 @@ spec:
    {{ .Values.labels.test.node_selector_key }}: {{ .Values.labels.test.node_selector_value }}
  restartPolicy: Never
  initContainers:
-{{ tuple $envAll "tests" $mounts_senlin_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll "tests" $mounts_senlin_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
  containers:
    - name: {{.Release.Name}}-senlin-test
 {{ tuple $envAll "scripted_test" | include "helm-toolkit.snippets.image" | indent 6 }}
--- a/tests/pvc-test.yaml
+++ b/tests/pvc-test.yaml
@ -45,7 +45,7 @@ metadata:
  name: ceph-test
 spec:
  storageClassName: general
-  accessModes: [ "ReadWriteOnce" ]
+  accessModes: ["ReadWriteOnce"]
  resources:
    requests:
      storage: 1Gi
--- a/tox.ini
+++ b/tox.ini
@ -22,12 +22,15 @@ whitelist_externals =
  rm
 [testenv:lint]
-deps = yamllint
+deps =
  yq
  yamllint
 commands =
-  bash -c "rm -rf {toxinidir}/.yamllint"
+  rm -rf .yamllint
-  bash -c "mkdir -p {toxinidir}/.yamllint"
+  bash -c 'if [ ! -d ../openstack-helm-infra ]; then\
-  bash -c "cp -r $(ls {toxinidir}) {toxinidir}/.yamllint/"
+      git clone https://opendev.org/openstack/openstack-helm-infra ../openstack-helm-infra;\
-  bash -c "find {toxinidir}/.yamllint -type f -exec sed -i 's/%%%.*/XXX/g' \{\} +"
+  fi'
-  bash -c "yamllint -c {toxinidir}/yamllint.conf {toxinidir}/.yamllint/*/values* {toxinidir}/yamllint.conf"
+  bash ../openstack-helm-infra/tools/gate/lint.sh
 whitelist_externals =
  rm
  bash
--- a/yamllint-templates.conf
+++ b/yamllint-templates.conf
@ -0,0 +1,32 @@
 ---
 yaml-files:
 - '*.yaml'
 - '*.yml'
 - '.yamllint'
 rules:
  braces: enable
  brackets: enable
  colons: enable
  commas: enable
  comments: enable
  comments-indentation: disable
  document-end: disable
  document-start: disable
  empty-lines: disable
  empty-values: disable
  hyphens: enable
  indentation:
    spaces: 2
    indent-sequences: whatever
  key-duplicates: enable
  key-ordering: disable
  line-length: disable
  new-line-at-end-of-file: disable
  new-lines: disable
  octal-values: disable
  quoted-strings: disable
  trailing-spaces: disable
  truthy: disable
 ...
--- a/yamllint.conf
+++ b/yamllint.conf
@ -11,13 +11,11 @@ rules:
  colons: enable
  commas: enable
  comments: enable
-  comments-indentation:
+  comments-indentation: disable
-    level: warning
+  document-end: disable
-  document-end: enable
+  document-start: disable
  document-start: enable
  empty-lines: enable
-  empty-values:
+  empty-values: disable
    level: warning
  hyphens: enable
  indentation:
    spaces: 2
@ -27,9 +25,8 @@ rules:
  line-length: disable
  new-line-at-end-of-file: enable
  new-lines: enable
-  octal-values: enable
+  octal-values: disable
  quoted-strings: disable
  trailing-spaces: enable
-  truthy:
+  truthy: disable
    level: warning
 ...