Fix shellcheck failures in cluster/gce/gci/configure.sh

Signed-off-by: Joakim Roubert <joakimr@axis.com>

cluster/gce/gci/configure.sh

@@ -24,13 +24,13 @@ set -o nounset
 set -o pipefail
 
 ### Hardcoded constants
-DEFAULT_CNI_VERSION="v0.8.7"
-DEFAULT_CNI_HASH="8f2cbee3b5f94d59f919054dccfe99a8e3db5473b553d91da8af4763e811138533e05df4dbeab16b3f774852b4184a7994968f5e036a3f531ad1ac4620d10ede"
-DEFAULT_NPD_VERSION="v0.8.5"
-DEFAULT_NPD_HASH="3fbf97a38c06d8fcc8c46f956a6e90aa1b47cb42d50ddcfd1a644a7e624e42ee523db2f81e08fbfb21b80142d4bafdbedce16e8b62d2274a5b2b703a56d9c015"
-DEFAULT_CRICTL_VERSION="v1.20.0"
-DEFAULT_CRICTL_HASH="bf6e07c0834ead3cb17342fdd684723acd66d71dbad9a93a2c2001db0af647db124be732d9eaa58e3d0f36d7ab1026ab1380e1331e084810f1403e3656d1205d"
-DEFAULT_MOUNTER_TAR_SHA="7956fd42523de6b3107ddc3ce0e75233d2fcb78436ff07a1389b6eaac91fb2b1b72a08f7a219eaf96ba1ca4da8d45271002e0d60e0644e796c665f99bb356516"
+DEFAULT_CNI_VERSION='v0.8.7'
+DEFAULT_CNI_HASH='8f2cbee3b5f94d59f919054dccfe99a8e3db5473b553d91da8af4763e811138533e05df4dbeab16b3f774852b4184a7994968f5e036a3f531ad1ac4620d10ede'
+DEFAULT_NPD_VERSION='v0.8.5'
+DEFAULT_NPD_HASH='3fbf97a38c06d8fcc8c46f956a6e90aa1b47cb42d50ddcfd1a644a7e624e42ee523db2f81e08fbfb21b80142d4bafdbedce16e8b62d2274a5b2b703a56d9c015'
+DEFAULT_CRICTL_VERSION='v1.20.0'
+DEFAULT_CRICTL_HASH='bf6e07c0834ead3cb17342fdd684723acd66d71dbad9a93a2c2001db0af647db124be732d9eaa58e3d0f36d7ab1026ab1380e1331e084810f1403e3656d1205d'
+DEFAULT_MOUNTER_TAR_SHA='7956fd42523de6b3107ddc3ce0e75233d2fcb78436ff07a1389b6eaac91fb2b1b72a08f7a219eaf96ba1ca4da8d45271002e0d60e0644e796c665f99bb356516'
 ###
 
 # Use --retry-connrefused opt only if it's supported by curl.
@@ -64,7 +64,7 @@ function download-kube-env {
       -o "${tmp_kube_env}" \
       http://metadata.google.internal/computeMetadata/v1/instance/attributes/kube-env
     # Convert the yaml format file into a shell-style file.
-    eval $(${PYTHON} -c '''
+    eval "$(${PYTHON} -c '''
 import pipes,sys,yaml
 # check version of python and call methods appropriate for that version
 if sys.version_info[0] < 3:
@@ -73,7 +73,7 @@ else:
     items = yaml.load(sys.stdin, Loader=yaml.BaseLoader).items()
 for k, v in items:
     print("readonly {var}={value}".format(var=k, value=pipes.quote(str(v))))
-''' < "${tmp_kube_env}" > "${KUBE_HOME}/kube-env")
+''' < "${tmp_kube_env}" > "${KUBE_HOME}/kube-env")"
     rm -f "${tmp_kube_env}"
   )
 }
@@ -108,7 +108,7 @@ function download-kube-master-certs {
       -o "${tmp_kube_master_certs}" \
       http://metadata.google.internal/computeMetadata/v1/instance/attributes/kube-master-certs
     # Convert the yaml format file into a shell-style file.
-    eval $(${PYTHON} -c '''
+    eval "$(${PYTHON} -c '''
 import pipes,sys,yaml
 # check version of python and call methods appropriate for that version
 if sys.version_info[0] < 3:
@@ -117,7 +117,7 @@ else:
     items = yaml.load(sys.stdin, Loader=yaml.BaseLoader).items()
 for k, v in items:
     print("readonly {var}={value}".format(var=k, value=pipes.quote(str(v))))
-''' < "${tmp_kube_master_certs}" > "${KUBE_HOME}/kube-master-certs")
+''' < "${tmp_kube_master_certs}" > "${KUBE_HOME}/kube-master-certs")"
     rm -f "${tmp_kube_master_certs}"
   )
 }
@@ -153,9 +153,8 @@ function download-or-bust {
   local -r hash="$1"
   shift 1
 
-  local -r urls=( $* )
   while true; do
-    for url in "${urls[@]}"; do
+    for url in "$@"; do
       local file="${url##*/}"
       rm -f "${file}"
       # if the url belongs to GCS API we should use oauth2_token in the headers
@@ -186,14 +185,14 @@ function is-preloaded {
 }
 
 function split-commas {
-  echo $1 | tr "," "\n"
+  echo -e "${1//,/'\n'}"
 }
 
 function remount-flexvolume-directory {
   local -r flexvolume_plugin_dir=$1
-  mkdir -p $flexvolume_plugin_dir
-  mount --bind $flexvolume_plugin_dir $flexvolume_plugin_dir
-  mount -o remount,exec $flexvolume_plugin_dir
+  mkdir -p "$flexvolume_plugin_dir"
+  mount --bind "$flexvolume_plugin_dir" "$flexvolume_plugin_dir"
+  mount -o remount,exec "$flexvolume_plugin_dir"
 }
 
 function install-gci-mounter-tools {
@@ -246,11 +245,10 @@ function install-node-problem-detector {
 }
 
 function install-cni-binaries {
+  local -r cni_version=${CNI_VERSION:-$DEFAULT_CNI_VERSION}
   if [[ -n "${CNI_VERSION:-}" ]]; then
-      local -r cni_version="${CNI_VERSION}"
-      local -r cni_hash="${CNI_HASH}"
+      local -r cni_hash="${CNI_HASH:-}"
   else
-      local -r cni_version="${DEFAULT_CNI_VERSION}"
       local -r cni_hash="${DEFAULT_CNI_HASH}"
   fi
 
@@ -330,7 +328,10 @@ function install-kube-manifests {
   # Put kube-system pods manifests in ${KUBE_HOME}/kube-manifests/.
   local dst_dir="${KUBE_HOME}/kube-manifests"
   mkdir -p "${dst_dir}"
-  local -r manifests_tar_urls=( $(split-commas "${KUBE_MANIFESTS_TAR_URL}") )
+  local manifests_tar_urls
+  while IFS= read -r url; do
+    manifests_tar_urls+=("$url")
+  done < <(split-commas "${KUBE_MANIFESTS_TAR_URL}")
   local -r manifests_tar="${manifests_tar_urls[0]##*/}"
   if [ -n "${KUBE_MANIFESTS_TAR_HASH:-}" ]; then
     local -r manifests_tar_hash="${KUBE_MANIFESTS_TAR_HASH}"
@@ -350,10 +351,10 @@ function install-kube-manifests {
   tar xzf "${KUBE_HOME}/${manifests_tar}" -C "${dst_dir}" --overwrite
   local -r kube_addon_registry="${KUBE_ADDON_REGISTRY:-k8s.gcr.io}"
   if [[ "${kube_addon_registry}" != "k8s.gcr.io" ]]; then
-    find "${dst_dir}" -name \*.yaml -or -name \*.yaml.in | \
-      xargs sed -ri "s@(image:\s.*)k8s.gcr.io@\1${kube_addon_registry}@"
-    find "${dst_dir}" -name \*.manifest -or -name \*.json | \
-      xargs sed -ri "s@(image\":\s+\")k8s.gcr.io@\1${kube_addon_registry}@"
+    find "${dst_dir}" \(-name '*.yaml' -or -name '*.yaml.in'\) -print0 | \
+      xargs -0 sed -ri "s@(image:\s.*)k8s.gcr.io@\1${kube_addon_registry}@"
+    find "${dst_dir}" \(-name '*.manifest' -or -name '*.json'\) -print0 | \
+      xargs -0 sed -ri "s@(image\":\s+\")k8s.gcr.io@\1${kube_addon_registry}@"
   fi
   cp "${dst_dir}/kubernetes/gci-trusty/gci-configure-helper.sh" "${KUBE_BIN}/configure-helper.sh"
   cp "${dst_dir}/kubernetes/gci-trusty/configure-kubeapiserver.sh" "${KUBE_BIN}/configure-kubeapiserver.sh"
@@ -386,6 +387,8 @@ function try-load-docker-image {
     load_image_command="${LOAD_IMAGE_COMMAND:-}"
   fi
 
+  # Deliberately word split load_image_command
+  # shellcheck disable=SC2086
   until timeout 30 ${load_image_command} "${img}"; do
     if [[ "${attempt_num}" == "${max_attempts}" ]]; then
       echo "Fail to load docker image file ${img} using ${load_image_command} after ${max_attempts} retries. Exit!!"
@@ -436,7 +439,7 @@ function install-docker {
   release=$(lsb_release -cs)
 
   # Add the Docker apt-repository
-  curl -fsSL https://download.docker.com/linux/$(. /etc/os-release; echo "$ID")/gpg \
+  curl -fsSL "https://download.docker.com/linux/$(. /etc/os-release; echo "$ID")/gpg" \
     | apt-key add -
   add-apt-repository \
     "deb [arch=amd64] https://download.docker.com/linux/$(. /etc/os-release; echo "$ID") \
@@ -444,7 +447,7 @@ function install-docker {
 
   # Install Docker
   apt-get update && \
-    apt-get install -y --no-install-recommends ${GCI_DOCKER_VERSION:-"docker-ce=5:19.03.*"}
+    apt-get install -y --no-install-recommends "${GCI_DOCKER_VERSION:-"docker-ce=5:19.03.*"}"
   rm -rf /var/lib/apt/lists/*
 }
 
@@ -477,7 +480,7 @@ function install-containerd-ubuntu {
   release=$(lsb_release -cs)
 
   # Add the Docker apt-repository (as we install containerd from there)
-  curl -fsSL https://download.docker.com/linux/$(. /etc/os-release; echo "$ID")/gpg \
+  curl -fsSL "https://download.docker.com/linux/$(. /etc/os-release; echo "$ID")/gpg" \
     | apt-key add -
   add-apt-repository \
     "deb [arch=amd64] https://download.docker.com/linux/$(. /etc/os-release; echo "$ID") \
@@ -490,13 +493,13 @@ function install-containerd-ubuntu {
 
   # Override to latest versions of containerd and runc
   systemctl stop containerd
-  if [[ ! -z "${UBUNTU_INSTALL_CONTAINERD_VERSION:-}" ]]; then
+  if [[ -n "${UBUNTU_INSTALL_CONTAINERD_VERSION:-}" ]]; then
     # containerd versions have slightly different url(s), so try both
     ( curl -fsSL "https://github.com/containerd/containerd/releases/download/${UBUNTU_INSTALL_CONTAINERD_VERSION}/containerd-${UBUNTU_INSTALL_CONTAINERD_VERSION:1}-linux-amd64.tar.gz" || \
       curl -fsSL "https://github.com/containerd/containerd/releases/download/${UBUNTU_INSTALL_CONTAINERD_VERSION}/containerd-${UBUNTU_INSTALL_CONTAINERD_VERSION:1}.linux-amd64.tar.gz" ) \
     | tar --overwrite -xzv -C /usr/
   fi
-  if [[ ! -z "${UBUNTU_INSTALL_RUNC_VERSION:-}" ]]; then
+  if [[ -n "${UBUNTU_INSTALL_RUNC_VERSION:-}" ]]; then
     curl -fsSL "https://github.com/opencontainers/runc/releases/download/${UBUNTU_INSTALL_RUNC_VERSION}/runc.amd64" --output /usr/sbin/runc && chmod 755 /usr/sbin/runc
   fi
   sudo systemctl start containerd
@@ -515,7 +518,7 @@ function ensure-container-runtime {
     docker version
   elif [[ "${container_runtime}" == "containerd" ]]; then
     # Install containerd/runc if requested
-    if [[ ! -z "${UBUNTU_INSTALL_CONTAINERD_VERSION:-}" || ! -z "${UBUNTU_INSTALL_RUNC_VERSION:-}" ]]; then
+    if [[ -n "${UBUNTU_INSTALL_CONTAINERD_VERSION:-}" || -n "${UBUNTU_INSTALL_RUNC_VERSION:-}" ]]; then
       install-containerd-ubuntu
     fi
     # Verify presence and print versions of ctr, containerd, runc
@@ -543,7 +546,10 @@ function ensure-container-runtime {
 # and places them into suitable directories. Files are placed in /home/kubernetes.
 function install-kube-binary-config {
   cd "${KUBE_HOME}"
-  local -r server_binary_tar_urls=( $(split-commas "${SERVER_BINARY_TAR_URL}") )
+  local server_binary_tar_urls
+  while IFS= read -r url; do
+    server_binary_tar_urls+=("$url")
+  done < <(split-commas "${SERVER_BINARY_TAR_URL}")
   local -r server_binary_tar="${server_binary_tar_urls[0]##*/}"
   if [[ -n "${SERVER_BINARY_TAR_HASH:-}" ]]; then
     local -r server_binary_tar_hash="${SERVER_BINARY_TAR_HASH}"
@@ -640,7 +646,7 @@ else
     exit 2
   fi
 fi
-echo "Version : " $(${PYTHON} -V 2>&1)
+echo "Version :  $(${PYTHON} -V 2>&1)"
 
 # download and source kube-env
 download-kube-env

hack/.shellcheck_failures

@@ -1 +0,0 @@
-./cluster/gce/gci/configure.sh