Enable templates linting

- braces
- brackets
- colons
- commas
- comments
- hyphens
- indentation
- key-duplicates

with corresponding code changes.

Also disable enforcement for document-(start|end) rules and
disables warnings to increase readability.

* Unrestrict octal values rule since benefits of file modes readability
  exceed possible issues with yaml 1.2 adoption in future k8s versions.
  These issues will be addressed when/if they occur.

Change-Id: Ic5e327cf40c4b09c90738baff56419a6cef132da
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
This commit is contained in:
Andrii Ostapenko 2020-07-06 14:19:39 -05:00 committed by Andrii Ostapenko
parent 0807ecb354
commit 44d263b2bf
21 changed files with 74 additions and 48 deletions

View File

@ -38,7 +38,7 @@ spec:
{{ .Values.labels.test.node_selector_key }}: {{ .Values.labels.test.node_selector_value }}
restartPolicy: Never
initContainers:
{{ tuple $envAll "tests" $mounts_barbican_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
{{ tuple $envAll "tests" $mounts_barbican_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
containers:
- name: barbican-test
{{ tuple $envAll "scripted_test" | include "helm-toolkit.snippets.image" | indent 6 }}

View File

@ -168,7 +168,7 @@ spec:
secretName: cinder-etc
defaultMode: 0444
{{- if eq ( split "://" .Values.conf.cinder.coordination.backend_url )._0 "file" }}
#NOTE (portdirect): this will need to be set to a shared mount amongst all cinder
# NOTE (portdirect): this will need to be set to a shared mount amongst all cinder
# pods for the coordination backend to be fully functional.
- name: cinder-coordination
emptyDir: {}

View File

@ -243,7 +243,7 @@ spec:
claimName: cinder-backup
{{- end }}
{{- if eq ( split "://" .Values.conf.cinder.coordination.backend_url )._0 "file" }}
#NOTE (portdirect): this will need to be set to a shared mount amongst all cinder
# NOTE (portdirect): this will need to be set to a shared mount amongst all cinder
# pods for the coordination backend to be fully functional.
- name: cinder-coordination
emptyDir: {}

View File

@ -117,7 +117,7 @@ spec:
secretName: cinder-etc
defaultMode: 0444
{{- if eq ( split "://" .Values.conf.cinder.coordination.backend_url )._0 "file" }}
#NOTE (portdirect): this will need to be set to a shared mount amongst all cinder
# NOTE (portdirect): this will need to be set to a shared mount amongst all cinder
# pods for the coordination backend to be fully functional.
- name: cinder-coordination
emptyDir: {}

View File

@ -96,7 +96,6 @@ spec:
mountPath: {{ ( split "://" .Values.conf.cinder.coordination.backend_url )._1 }}
{{ end }}
- name: init-cinder-conf
{{ tuple $envAll "cinder_volume" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ dict "envAll" $envAll "application" "cinder_volume" "container" "init_cinder_conf" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
image: {{ .Values.images.tags.ks_user }}
imagePullPolicy: {{ .Values.images.pull_policy }}
@ -240,7 +239,7 @@ spec:
secretName: {{ .Values.secrets.rbd.volume | quote }}
{{ end }}
{{- if eq ( split "://" .Values.conf.cinder.coordination.backend_url )._0 "file" }}
#NOTE (portdirect): this will need to be set to a shared mount amongst all cinder
# NOTE (portdirect): this will need to be set to a shared mount amongst all cinder
# pods for the coordination backend to be fully functional.
- name: cinder-coordination
emptyDir: {}

View File

@ -32,9 +32,9 @@ metadata:
name: {{ $envAll.Values.secrets.identity.heat_stack_user }}
type: Opaque
data:
OS_AUTH_URL: {{ tuple "identity" "internal" "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
OS_REGION_NAME: {{ .Values.endpoints.identity.auth.heat_stack_user.region_name | b64enc | indent 4 }}
OS_DOMAIN_NAME: {{ .Values.endpoints.identity.auth.heat_stack_user.domain_name | b64enc | indent 4 }}
OS_USERNAME: {{ .Values.endpoints.identity.auth.heat_stack_user.username | b64enc | indent 4 }}
OS_PASSWORD: {{ .Values.endpoints.identity.auth.heat_stack_user.password | b64enc | indent 4 }}
OS_AUTH_URL: {{ tuple "identity" "internal" "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc }}
OS_REGION_NAME: {{ .Values.endpoints.identity.auth.heat_stack_user.region_name | b64enc }}
OS_DOMAIN_NAME: {{ .Values.endpoints.identity.auth.heat_stack_user.domain_name | b64enc }}
OS_USERNAME: {{ .Values.endpoints.identity.auth.heat_stack_user.username | b64enc }}
OS_PASSWORD: {{ .Values.endpoints.identity.auth.heat_stack_user.password | b64enc }}
{{- end }}

View File

@ -32,9 +32,9 @@ metadata:
name: {{ $envAll.Values.secrets.identity.magnum_stack_user }}
type: Opaque
data:
OS_AUTH_URL: {{ tuple "identity" "internal" "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
OS_REGION_NAME: {{ .Values.endpoints.identity.auth.magnum_stack_user.region_name | b64enc | indent 4 }}
OS_DOMAIN_NAME: {{ .Values.endpoints.identity.auth.magnum_stack_user.domain_name | b64enc | indent 4 }}
OS_USERNAME: {{ .Values.endpoints.identity.auth.magnum_stack_user.username | b64enc | indent 4 }}
OS_PASSWORD: {{ .Values.endpoints.identity.auth.magnum_stack_user.password | b64enc | indent 4 }}
OS_AUTH_URL: {{ tuple "identity" "internal" "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc }}
OS_REGION_NAME: {{ .Values.endpoints.identity.auth.magnum_stack_user.region_name | b64enc }}
OS_DOMAIN_NAME: {{ .Values.endpoints.identity.auth.magnum_stack_user.domain_name | b64enc }}
OS_USERNAME: {{ .Values.endpoints.identity.auth.magnum_stack_user.username | b64enc }}
OS_PASSWORD: {{ .Values.endpoints.identity.auth.magnum_stack_user.password | b64enc }}
{{- end }}

View File

@ -26,11 +26,10 @@ kind: Pod
metadata:
name: {{ print $envAll.Release.Name "-test" }}
annotations:
"helm.sh/hook": test-success
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
labels:
{{ tuple $envAll "neutron" "test" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
annotations:
"helm.sh/hook": test-success
{{ dict "envAll" $envAll "podName" "neutron-test" "containerNames" (list "init" "neutron-test" "neutron-test-ks-user") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }}
spec:
nodeSelector:

View File

@ -88,7 +88,7 @@ spec:
{{ dict "envAll" $envAll "application" "nova" "container" "nova_compute_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
env:
- name: NOVA_USER_UID
value: "{{ .Values.pod.user.nova.uid }}"
value: "{{ .Values.pod.security_context.nova.pod.runAsUser }}"
command:
- /tmp/nova-compute-init.sh
terminationMessagePath: /var/log/termination-log

View File

@ -2335,9 +2335,6 @@ pod:
enabled: True
params:
initialDelaySeconds: 30
user:
nova:
uid: 42424
security_context:
nova:
pod:

View File

@ -24,5 +24,4 @@ images:
nova_spiceproxy: "docker.io/openstackhelm/nova:rocky-opensuse_15"
nova_spiceproxy_assets: "docker.io/openstackhelm/nova:rocky-opensuse_15"
nova_service_cleaner: "docker.io/openstackhelm/ceph-config-helper:latest-opensuse_15"
...

View File

@ -71,7 +71,7 @@ spec:
- name: p-api
containerPort: {{ tuple "placement" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
readinessProbe:
#NOTE(portdirect): use tcpSocket check as HTTP will return 401
# NOTE(portdirect): use tcpSocket check as HTTP will return 401
tcpSocket:
port: {{ tuple "placement" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
initialDelaySeconds: 15

View File

@ -36,7 +36,7 @@ spec:
{{ .Values.labels.test.node_selector_key }}: {{ .Values.labels.test.node_selector_value }}
restartPolicy: Never
initContainers:
{{ tuple $envAll "tests" $mounts_senlin_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
{{ tuple $envAll "tests" $mounts_senlin_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
containers:
- name: {{.Release.Name}}-senlin-test
{{ tuple $envAll "scripted_test" | include "helm-toolkit.snippets.image" | indent 6 }}

View File

@ -45,7 +45,7 @@ metadata:
name: ceph-test
spec:
storageClassName: general
accessModes: [ "ReadWriteOnce" ]
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Gi

15
tox.ini
View File

@ -22,12 +22,15 @@ whitelist_externals =
rm
[testenv:lint]
deps = yamllint
deps =
yq
yamllint
commands =
bash -c "rm -rf {toxinidir}/.yamllint"
bash -c "mkdir -p {toxinidir}/.yamllint"
bash -c "cp -r $(ls {toxinidir}) {toxinidir}/.yamllint/"
bash -c "find {toxinidir}/.yamllint -type f -exec sed -i 's/%%%.*/XXX/g' \{\} +"
bash -c "yamllint -c {toxinidir}/yamllint.conf {toxinidir}/.yamllint/*/values* {toxinidir}/yamllint.conf"
rm -rf .yamllint
bash -c 'if [ ! -d ../openstack-helm-infra ]; then\
git clone https://opendev.org/openstack/openstack-helm-infra ../openstack-helm-infra;\
fi'
bash ../openstack-helm-infra/tools/gate/lint.sh
whitelist_externals =
rm
bash

32
yamllint-templates.conf Normal file
View File

@ -0,0 +1,32 @@
---
yaml-files:
- '*.yaml'
- '*.yml'
- '.yamllint'
rules:
braces: enable
brackets: enable
colons: enable
commas: enable
comments: enable
comments-indentation: disable
document-end: disable
document-start: disable
empty-lines: disable
empty-values: disable
hyphens: enable
indentation:
spaces: 2
indent-sequences: whatever
key-duplicates: enable
key-ordering: disable
line-length: disable
new-line-at-end-of-file: disable
new-lines: disable
octal-values: disable
quoted-strings: disable
trailing-spaces: disable
truthy: disable
...

View File

@ -11,13 +11,11 @@ rules:
colons: enable
commas: enable
comments: enable
comments-indentation:
level: warning
document-end: enable
document-start: enable
comments-indentation: disable
document-end: disable
document-start: disable
empty-lines: enable
empty-values:
level: warning
empty-values: disable
hyphens: enable
indentation:
spaces: 2
@ -27,9 +25,8 @@ rules:
line-length: disable
new-line-at-end-of-file: enable
new-lines: enable
octal-values: enable
octal-values: disable
quoted-strings: disable
trailing-spaces: enable
truthy:
level: warning
truthy: disable
...