ci-operator/step-registry/upi: Fix ShellCheck quoting, fgrep, etc.

ci-operator/step-registry/upi/conf/gcp/upi-conf-gcp-commands.sh

@@ -12,29 +12,29 @@ if [[ -z "$RELEASE_IMAGE_LATEST" ]]; then
   echo "RELEASE_IMAGE_LATEST is an empty string, exiting"
   exit 1
 fi
-export OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE=${RELEASE_IMAGE_LATEST}
+export OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE="${RELEASE_IMAGE_LATEST}"
 
 # Ensure ignition assets are configured with the correct invoker to track CI jobs.
-export OPENSHIFT_INSTALL_INVOKER=openshift-internal-ci/${JOB_NAME_SAFE}/${BUILD_ID}
+export OPENSHIFT_INSTALL_INVOKER="openshift-internal-ci/${JOB_NAME_SAFE}/${BUILD_ID}"
 
-export GOOGLE_CLOUD_KEYFILE_JSON=${CLUSTER_PROFILE_DIR}/gce.json
+export GOOGLE_CLOUD_KEYFILE_JSON="${CLUSTER_PROFILE_DIR}/gce.json"
 
 dir=/tmp/installer
-mkdir "${dir}/"
-pushd ${dir}
+mkdir "${dir}"
+pushd "${dir}"
 cp -t "${dir}" \
     "${SHARED_DIR}/install-config.yaml"
 
 ### Read XPN config, if exists
 if [[ -s "${SHARED_DIR}/xpn.json" ]]; then
   echo "Reading variables from ${SHARED_DIR}/xpn.json..."
   IS_XPN=1
-  HOST_PROJECT=$(jq -r '.hostProject' ${SHARED_DIR}/xpn.json)
-  HOST_PROJECT_NETWORK=$(jq -r '.clusterNetwork' ${SHARED_DIR}/xpn.json)
-  HOST_PROJECT_COMPUTE_SUBNET=$(jq -r '.computeSubnet' ${SHARED_DIR}/xpn.json)
+  HOST_PROJECT="$(jq -r '.hostProject' "${SHARED_DIR}/xpn.json")"
+  HOST_PROJECT_NETWORK="$(jq -r '.clusterNetwork' "${SHARED_DIR}/xpn.json")"
+  HOST_PROJECT_COMPUTE_SUBNET="$(jq -r '.computeSubnet' "${SHARED_DIR}/xpn.json")"
 
-  HOST_PROJECT_NETWORK_NAME=$(basename ${HOST_PROJECT_NETWORK})
-  HOST_PROJECT_COMPUTE_SUBNET_NAME=$(basename ${HOST_PROJECT_COMPUTE_SUBNET})
+  HOST_PROJECT_NETWORK_NAME="$(basename "${HOST_PROJECT_NETWORK}")"
+  HOST_PROJECT_COMPUTE_SUBNET_NAME="$(basename "${HOST_PROJECT_COMPUTE_SUBNET}")"
 fi
 
 ### Empty the compute pool (optional)

ci-operator/step-registry/upi/deprovision/gcp/upi-deprovision-gcp-commands.sh

@@ -10,62 +10,62 @@ export HOME=/tmp
 
 export GOOGLE_CLOUD_KEYFILE_JSON="${CLUSTER_PROFILE_DIR}/gce.json"
 gcloud auth activate-service-account --key-file="${GOOGLE_CLOUD_KEYFILE_JSON}"
-gcloud config set project "$(jq -r .gcp.projectID ${SHARED_DIR}/metadata.json)"
+gcloud config set project "$(jq -r .gcp.projectID "${SHARED_DIR}/metadata.json")"
 
 dir=/tmp/installer
-mkdir -p "${dir}/"
-pushd ${dir}
+mkdir -p "${dir}"
+pushd "${dir}"
 
 if [[ ! -s "${SHARED_DIR}/metadata.json" ]]; then
   echo "Skipping: ${SHARED_DIR}/metadata.json not found."
   exit
 fi
 BASE_DOMAIN='origin-ci-int-gce.dev.openshift.com'
-CLUSTER_NAME=$(jq -r .clusterName ${SHARED_DIR}/metadata.json)
-INFRA_ID=$(jq -r .infraID ${SHARED_DIR}/metadata.json)
+CLUSTER_NAME="$(jq -r .clusterName "${SHARED_DIR}/metadata.json")"
+INFRA_ID="$(jq -r .infraID "${SHARED_DIR}/metadata.json")"
 
 ### Read XPN config, if exists
 if [[ -s "${SHARED_DIR}/xpn.json" ]]; then
   echo "Reading variables from ${SHARED_DIR}/xpn.json..."
   IS_XPN=1
-  HOST_PROJECT=$(jq -r '.hostProject' ${SHARED_DIR}/xpn.json)
-  HOST_PROJECT_PRIVATE_ZONE_NAME=$(jq -r '.privateZoneName' "${SHARED_DIR}/xpn.json")
+  HOST_PROJECT="$(jq -r '.hostProject' "${SHARED_DIR}/xpn.json")"
+  HOST_PROJECT_PRIVATE_ZONE_NAME="$(jq -r '.privateZoneName' "${SHARED_DIR}/xpn.json")"
 fi
 
 # Delete the bootstrap deployment, but expect it to error.
 echo "$(date -u --rfc-3339=seconds) - Deleting bootstrap deployment (errors when bootstrap-complete)..."
 set +e
-gcloud deployment-manager deployments delete -q ${INFRA_ID}-bootstrap
+gcloud deployment-manager deployments delete -q "${INFRA_ID}-bootstrap"
 set -e
 
 # Delete the deployments that should always exist.
 echo "$(date -u --rfc-3339=seconds) - Deleting worker, control-plane, and infra deployments..."
-gcloud deployment-manager deployments delete -q ${INFRA_ID}-{worker,control-plane,infra}
+gcloud deployment-manager deployments delete -q "${INFRA_ID}"-{worker,control-plane,infra}
 
 # Only delete these deployments when they are expected to exist.
 if [[ ! -v IS_XPN ]]; then
   echo "$(date -u --rfc-3339=seconds) - Deleting security and vpc deployments..."
-  gcloud deployment-manager deployments delete -q ${INFRA_ID}-{security,vpc}
+  gcloud deployment-manager deployments delete -q "${INFRA_ID}"-{security,vpc}
 fi
 
 # Delete XPN DNS entries
 if [[ -v IS_XPN ]]; then
   set +e
   if [ -f transaction.yaml ]; then rm transaction.yaml; fi
-  gcloud --project="${HOST_PROJECT}" dns record-sets transaction start --zone ${HOST_PROJECT_PRIVATE_ZONE_NAME}
+  gcloud --project="${HOST_PROJECT}" dns record-sets transaction start --zone "${HOST_PROJECT_PRIVATE_ZONE_NAME}"
   while read -r line; do
-    DNSNAME=$(echo $line | jq -r '.name')
-    DNSTTL=$(echo $line | jq -r '.ttl')
-    DNSTYPE=$(echo $line | jq -r '.type')
-    DNSDATA=$(echo $line | jq -r '.rrdatas[]')
-    gcloud --project="${HOST_PROJECT}" dns record-sets transaction remove --zone ${HOST_PROJECT_PRIVATE_ZONE_NAME} --name ${DNSNAME} --ttl ${DNSTTL} --type ${DNSTYPE} ${DNSDATA};
+    DNSNAME=$(echo "${line}" | jq -r '.name')
+    DNSTTL=$(echo "${line}" | jq -r '.ttl')
+    DNSTYPE=$(echo "${line}" | jq -r '.type')
+    DNSDATA=$(echo "${line}" | jq -r '.rrdatas[]')
+    gcloud --project="${HOST_PROJECT}" dns record-sets transaction remove --zone "${HOST_PROJECT_PRIVATE_ZONE_NAME}" --name "${DNSNAME}" --ttl "${DNSTTL}" --type "${DNSTYPE}" "${DNSDATA}"
   done < <(gcloud --project="${HOST_PROJECT}" dns record-sets list --zone="${HOST_PROJECT_PRIVATE_ZONE_NAME}" --filter="name:.${CLUSTER_NAME}.${BASE_DOMAIN}." --format=json | jq -c '.[]')
   # Delete the SRV record
-  gcloud --project=${HOST_PROJECT} dns record-sets transaction remove \
-    --name _etcd-server-ssl._tcp.${CLUSTER_NAME}.${BASE_DOMAIN}. --ttl 60 --type SRV --zone ${HOST_PROJECT_PRIVATE_ZONE_NAME} \
+  gcloud "--project=${HOST_PROJECT}" dns record-sets transaction remove \
+    --name "_etcd-server-ssl._tcp.${CLUSTER_NAME}.${BASE_DOMAIN}." --ttl 60 --type SRV --zone "${HOST_PROJECT_PRIVATE_ZONE_NAME}" \
     "0 10 2380 etcd-0.${CLUSTER_NAME}.${BASE_DOMAIN}." \
     "0 10 2380 etcd-1.${CLUSTER_NAME}.${BASE_DOMAIN}." \
     "0 10 2380 etcd-2.${CLUSTER_NAME}.${BASE_DOMAIN}."
-  gcloud --project="${HOST_PROJECT}" dns record-sets transaction execute --zone ${HOST_PROJECT_PRIVATE_ZONE_NAME}
+  gcloud --project="${HOST_PROJECT}" dns record-sets transaction execute --zone "${HOST_PROJECT_PRIVATE_ZONE_NAME}"
   set -e
 fi

ci-operator/step-registry/upi/gcp/nested/post/upi-gcp-nested-post-commands.sh

@@ -2,13 +2,13 @@
 
 set -eo pipefail
 
-INSTANCE_PREFIX=${NAMESPACE}-${JOB_NAME_HASH}
+INSTANCE_PREFIX="${NAMESPACE}-${JOB_NAME_HASH}"
 
 function teardown() {
   # This is for running the gcloud commands
   mock-nss.sh
   gcloud auth activate-service-account \
-    --quiet --key-file ${CLUSTER_PROFILE_DIR}/gce.json
+    --quiet --key-file "${CLUSTER_PROFILE_DIR}/gce.json"
   gcloud --quiet config set project "${GOOGLE_PROJECT_ID}"
   gcloud --quiet config set compute/zone "${GOOGLE_COMPUTE_ZONE}"
   gcloud --quiet config set compute/region "${GOOGLE_COMPUTE_REGION}"
@@ -24,4 +24,4 @@ function teardown() {
 }
 
 trap 'teardown' EXIT
-trap 'CHILDREN=$(jobs -p); if test -n "${CHILDREN}"; then kill ${CHILDREN} && wait; fi' TERM
+trap 'CHILDREN=$(jobs -p); if test -n "${CHILDREN}"; then kill ${CHILDREN} && wait; fi' TERM

ci-operator/step-registry/upi/gcp/nested/pre/upi-gcp-nested-pre-commands.sh

@@ -3,18 +3,18 @@ set -euo pipefail
 
 trap 'CHILDREN=$(jobs -p); if test -n "${CHILDREN}"; then kill ${CHILDREN} && wait; fi' TERM
 
-INSTANCE_PREFIX=${NAMESPACE}-${JOB_NAME_HASH}
+INSTANCE_PREFIX="${NAMESPACE}-${JOB_NAME_HASH}"
 
 echo "$(date -u --rfc-3339=seconds) - Configuring VM on GCP..."
 mkdir -p "${HOME}"/.ssh
 mock-nss.sh
 
 # gcloud compute will use this key rather than create a new one
-cp ${CLUSTER_PROFILE_DIR}/ssh-privatekey ${HOME}/.ssh/google_compute_engine
-chmod 0600 ${HOME}/.ssh/google_compute_engine
-cp ${CLUSTER_PROFILE_DIR}/ssh-publickey ${HOME}/.ssh/google_compute_engine.pub
+cp "${CLUSTER_PROFILE_DIR}/ssh-privatekey" "${HOME}/.ssh/google_compute_engine"
+chmod 0600 "${HOME}/.ssh/google_compute_engine"
+cp "${CLUSTER_PROFILE_DIR}/ssh-publickey" "${HOME}/.ssh/google_compute_engine.pub"
 
-gcloud auth activate-service-account --quiet --key-file ${CLUSTER_PROFILE_DIR}/gce.json
+gcloud auth activate-service-account --quiet --key-file "${CLUSTER_PROFILE_DIR}/gce.json"
 gcloud --quiet config set project "${GOOGLE_PROJECT_ID}"
 gcloud --quiet config set compute/zone "${GOOGLE_COMPUTE_ZONE}"
 gcloud --quiet config set compute/region "${GOOGLE_COMPUTE_REGION}"
@@ -41,4 +41,4 @@ gcloud compute instances create "${INSTANCE_PREFIX}" \
   --boot-disk-type pd-ssd \
   --boot-disk-size 256GB \
   --subnet "${INSTANCE_PREFIX}" \
-  --network "${INSTANCE_PREFIX}"
+  --network "${INSTANCE_PREFIX}"