Fix editconfig lint issues

_chart_installers.sh

@@ -36,6 +36,7 @@ function install_helm {
             kubectl create serviceaccount --namespace "$KRD_TILLER_NAMESPACE" tiller
         fi
         if ! kubectl get role/tiller-role -n "$KRD_TILLER_NAMESPACE" --no-headers -o custom-columns=name:.metadata.name; then
+            # editorconfig-checker-disable
             cat <<EOF | kubectl apply -f -
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
@@ -47,8 +48,10 @@ rules:
   resources: ["*"]
   verbs: ["*"]
 EOF
+            # editorconfig-checker-enable
         fi
         if ! kubectl get rolebinding/tiller-role-binding -n "$KRD_TILLER_NAMESPACE" --no-headers -o custom-columns=name:.metadata.name; then
+            # editorconfig-checker-disable
             cat <<EOF | kubectl apply -f -
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
@@ -64,6 +67,7 @@ roleRef:
   name: tiller-role
   apiGroup: rbac.authorization.k8s.io
 EOF
+            # editorconfig-checker-enable
         fi
         sudo mkdir -p /home/helm/.kube/
         sudo cp ~/.kube/config /home/helm/.kube/
@@ -135,6 +139,7 @@ function install_metrics_server {
     helm_installed_version=$(helm version --short --client | awk '{sub(/+.*/,X,$0);sub(/Client: /,X,$0);print}')
 
     if _vercmp "${helm_installed_version#*v}" '<' '3'; then
+        # editorconfig-checker-disable
         cat <<EOF | kubectl auth reconcile -f -
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -171,6 +176,7 @@ roleRef:
   kind: ClusterRole
   name: metrics-server-role
 EOF
+        # editorconfig-checker-enable
         if ! helm ls --tiller-namespace "$KRD_TILLER_NAMESPACE" | grep -q metrics-server; then
             helm install stable/metrics-server --name metrics-server \
                 --wait \

_commons.sh

@@ -241,6 +241,7 @@ function install_metallb {
         for range in ${KRD_METALLB_ADDRESS_POOLS_LIST//,/ }; do
             ranges+="          - ${range}\n"
         done
+        # editorconfig-checker-disable
         cat <<EOF | kubectl apply -f -
 apiVersion: v1
 kind: ConfigMap
@@ -255,6 +256,7 @@ data:
         addresses:
 $(printf '%b' "$ranges")
 EOF
+        # editorconfig-checker-enable
     fi
 }
 

_functions.sh

@@ -120,6 +120,7 @@ function run_external_k6 {
     # Perform bechmarking
     docker rm k6 || :
     pushd "$(mktemp -d)" >/dev/null
+    # editorconfig-checker-disable
     cat <<EOF >script.js
     import http from "k6/http";
     import { check, sleep } from "k6";
@@ -139,6 +140,7 @@ function run_external_k6 {
       });
     };
 EOF
+    # editorconfig-checker-enable
     docker run --name k6 -i loadimpact/k6 run - <script.js
     popd >/dev/null
 

_untested_installers.sh

@@ -312,6 +312,7 @@ function install_kubesphere {
 
     kubectl apply -f "https://github.com/kubesphere/ks-installer/releases/download/$kubesphere_version/kubesphere-installer.yaml"
     kubectl rollout status deployment/ks-installer -n kubesphere-system --timeout=5m
+    # editorconfig-checker-disable
     cat <<EOF | kubectl apply -f -
 ---
 apiVersion: installer.kubesphere.io/v1alpha1
@@ -386,6 +387,7 @@ spec:
   servicemesh:         # (0.3 Core, 300 MiB) Whether to install KubeSphere Service Mesh (Istio-based). It provides fine-grained traffic management, observability and tracing, and offer visualization for traffic topology.
     enabled: $KRD_KUBESPHERE_SERVICEMESH_ENABLED
 EOF
+    # editorconfig-checker-enable
     for namespace in "" -controls -monitoring -devops; do
         if kubectl get "namespace/kubesphere$namespace-system" --no-headers -o custom-columns=name:.metadata.name; then
             for deployment in $(kubectl get deployments --no-headers -o custom-columns=name:.metadata.name -n "kubesphere$namespace-system"); do
@@ -430,6 +432,7 @@ function install_longhorn {
         fi
     done
     if _vercmp "${kube_version#*v}" '>=' "1.19"; then
+        # editorconfig-checker-disable
         cat <<EOF | kubectl apply -f -
 apiVersion: networking.k8s.io/v1
 kind: Ingress
@@ -448,7 +451,9 @@ spec:
                 port:
                   number: 80
 EOF
+        # editorconfig-checker-enable
     else
+        # editorconfig-checker-disable
         cat <<EOF | kubectl apply -f -
 apiVersion: networking.k8s.io/v1beta1
 kind: Ingress
@@ -466,5 +471,6 @@ spec:
           serviceName: longhorn-frontend
           servicePort: 80
 EOF
+        # editorconfig-checker-enable
     fi
 }

ci/bootstrap.sh

@@ -26,6 +26,7 @@ function destroy_vm {
 
 info "Define target node"
 if [[ ${TEST_MULTINODE:-false} == "false" ]]; then
+    # editorconfig-checker-disable
     cat <<EOL >../config/pdf.yml
 - name: aio
   os:
@@ -71,8 +72,10 @@ if [[ ${TEST_MULTINODE:-false} == "false" ]]; then
     - kube-node
     - qat-node
 EOL
+    # editorconfig-checker-enable
     destroy_vm aio
 else
+    # editorconfig-checker-disable
     cat <<EOL >../config/pdf.yml
 - name: controller
   os:
@@ -98,7 +101,9 @@ else
     - kube-master
     - etcd
 EOL
+    # editorconfig-checker-enable
     for i in {1..2}; do
+        # editorconfig-checker-disable
         cat <<EOL >>../config/pdf.yml
 - name: worker0${i}
   os:
@@ -123,6 +128,7 @@ EOL
   roles:
     - kube-node
 EOL
+        # editorconfig-checker-enable
     done
     destroy_vm controller
     for i in {1..2}; do

ci/update_distros.sh

@@ -58,11 +58,13 @@ function _vagrant_pull {
         msg+="$name($version, $PROVIDER) box doesn't exist\n"
         return
     fi
+    # editorconfig-checker-disable
     cat <<EOT >>.distros_supported.yml
   $alias:
     name: $name
     version: "$version"
 EOT
+    # editorconfig-checker-enable
 }
 
 if ! command -v vagrant >/dev/null; then

ci/update_versions.sh

@@ -158,6 +158,7 @@ sed -i "s/virtink_version:.*/virtink_version: v$(get_version github_release smar
 sed -i "s/kubesphere_version:.*/kubesphere_version: v$(get_version github_release kubesphere/kubesphere)/g" ./playbooks/krd-vars.yml
 sed -i "s/metallb_version:.*/metallb_version: v$(get_version github_tag metallb/metallb)/g" ./playbooks/krd-vars.yml
 
+# editorconfig-checker-disable
 cat <<EOT >galaxy-requirements.yml
 ---
 # SPDX-license-identifier: Apache-2.0
@@ -191,6 +192,7 @@ collections:
   - name: community.general
     version: $(get_version ansible_collection community.general)
 EOT
+# editorconfig-checker-enable
 
 # Udpate Playbook default versions
 # NOTE: There is no images released for minor versions https://hub.docker.com/r/nfvpe/sriov-cni/tags

tests/_common.sh

@@ -19,6 +19,7 @@ function populate_nfd {
     mkdir -p "/tmp/${nfd_deployment_name}"
     pushd "/tmp/${nfd_deployment_name}"
 
+    # editorconfig-checker-disable
     cat <<DEPLOYMENT >"$nfd_deployment_name.yaml"
 apiVersion: apps/v1
 kind: Deployment
@@ -53,6 +54,7 @@ spec:
                 operator: Gt
                 values: ["2"]
 DEPLOYMENT
+    # editorconfig-checker-enable
     popd
 }
 
@@ -65,6 +67,7 @@ function populate_qat {
     mkdir -p "/tmp/${qat_deployment_name}"
     pushd "/tmp/${qat_deployment_name}"
 
+    # editorconfig-checker-disable
     cat <<DEPLOYMENT >"$qat_deployment_name.yaml"
 apiVersion: apps/v1
 kind: Deployment
@@ -170,5 +173,6 @@ data:
           address: 0.0.0.0
           port_value: 9001
 DEPLOYMENT
+    # editorconfig-checker-enable
     popd
 }

tests/gatekeeper.sh

@@ -34,6 +34,7 @@ trap cleanup EXIT
 # Test
 info "===== Test started ====="
 
+# editorconfig-checker-disable
 cat <<EOF >/tmp/restricted.yaml
 kind: Service
 apiVersion: v1
@@ -49,6 +50,7 @@ spec:
     port: 80
     targetPort: 8080
 EOF
+# editorconfig-checker-enable
 
 assert_contains "$(kubectl apply -f /tmp/restricted.yaml 2>&1 || :)" "Service type LoadBalancer are restricted" "OPA Gatekeeper didn't restrict the service creation using LoadBalancer type"
 

tests/haproxy.sh

@@ -38,6 +38,7 @@ info "===== Test started ====="
 info "Ensure HAProxy Ingress Class"
 kubectl get ingressclasses.networking.k8s.io haproxy
 
+# editorconfig-checker-disable
 cat <<EOF | kubectl apply -f -
 apiVersion: v1
 kind: Service
@@ -97,9 +98,11 @@ spec:
                 fieldRef:
                   fieldPath: status.podIP
 EOF
+# editorconfig-checker-enable
 wait_deployment "$echo_deployment_name"
 
 if [[ "$(_get_kube_version)" == *"v1.18"* ]]; then
+    # editorconfig-checker-disable
     cat <<EOF | kubectl apply -f -
 apiVersion: networking.k8s.io/v1beta1
 kind: Ingress
@@ -118,7 +121,9 @@ spec:
               serviceName: echo
               servicePort: 80
 EOF
+    # editorconfig-checker-enable
 else
+    # editorconfig-checker-disable
     cat <<EOF | kubectl apply -f -
 apiVersion: networking.k8s.io/v1
 kind: Ingress
@@ -139,6 +144,7 @@ spec:
                 port:
                   number: 80
 EOF
+    # editorconfig-checker-enable
 fi
 wait_ingress demo
 assert_contains "$(eval "$CURL_PROXY_CMD/foo")" "Pod Information:" "The server response doesn't have pod's info"

tests/istio.sh

@@ -32,6 +32,7 @@ function create_client {
     local attempt_counter=0
     max_attempts=10
 
+    # editorconfig-checker-disable
     cat <<EOF | kubectl apply -f -
 apiVersion: v1
 kind: Pod
@@ -47,6 +48,7 @@ spec:
         - name: REQUESTS_PER_SECOND
           value: '10'
 EOF
+    # editorconfig-checker-enable
     kubectl wait --for=condition=ready pods client --timeout=3m
     kubectl logs -n istio-system "$(kubectl get pods -n istio-system -l app=istiod -o jsonpath='{.items[*].metadata.name}')" | grep default/client
 
@@ -70,6 +72,7 @@ kubectl get namespaces --show-labels
 # Test https://istiobyexample.dev/mtls/
 info "===== Test started ====="
 
+# editorconfig-checker-disable
 cat <<EOF | kubectl apply -f -
 apiVersion: apps/v1
 kind: Deployment
@@ -102,6 +105,7 @@ spec:
     app.kubernetes.io/name: server
   type: ClusterIP
 EOF
+# editorconfig-checker-enable
 wait_deployment "$deployment_name"
 wait_service "$service_name"
 create_client

tests/k8sgpt.sh

@@ -0,0 +1,57 @@
+#!/bin/bash
+# SPDX-license-identifier: Apache-2.0
+##############################################################################
+# Copyright (c) 2024
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+# shellcheck source=tests/_functions.sh
+source _functions.sh
+# shellcheck source=tests/_assertions.sh
+source _assertions.sh
+
+function cleanup {
+    kubectl delete -f resources/gatekeeper
+    kubectl delete namespace opa-test
+}
+
+# Setup
+kubectl apply -f resources/gatekeeper/template.yml
+sleep 5
+kubectl apply -f resources/gatekeeper/lb-constraint.yml
+if ! kubectl get namespaces/opa-test --no-headers -o custom-columns=name:.metadata.name; then
+    kubectl create namespace opa-test
+fi
+trap cleanup EXIT
+
+# Test
+info "===== Test started ====="
+
+# editorconfig-checker-disable
+cat <<EOF >/tmp/restricted.yaml
+kind: Service
+apiVersion: v1
+metadata:
+  name: lb-service
+  namespace: opa-test
+spec:
+  type: LoadBalancer
+  selector:
+    app: opa-test
+  ports:
+  - protocol: TCP
+    port: 80
+    targetPort: 8080
+EOF
+# editorconfig-checker-enable
+
+assert_contains "$(kubectl apply -f /tmp/restricted.yaml 2>&1 || :)" "Service type LoadBalancer are restricted" "OPA Gatekeeper didn't restrict the service creation using LoadBalancer type"
+
+info "===== Test completed ====="