Merge pull request #3458 from xrstf/fix-typos

fix a bunch of typos

Author: kcp-ci-bot

.typos.toml

@@ -0,0 +1,23 @@
+# configuration for https://github.com/crate-ci/typos
+
+[default.extend-words]
+Informable = "Informable"
+Creater = "Creater"
+
+[default.extend-identifiers]
+ANDed = "ANDed"
+p0lyn0mial = "p0lyn0mial"
+HashiCorp = "HashiCorp"
+
+[default]
+extend-ignore-identifiers-re = [
+   "\\bTLS_[A-Z0-9_]+(_anon_[A-Z0-9_]+)?\\b",
+]
+
+[files]
+extend-exclude = [
+   "config/crds",
+   "contrib/crds",
+   "sdk/apis/third_party",
+   "sdk/testing/third_party",
+]

GOVERNANCE.md

@@ -133,7 +133,7 @@ to the private Maintainer mailing list or alias in the code-of-conduct file.-->
 kcp has adopted the CNCF [Code of Conduct](./code-of-conduct.md). Reporting of
 Code of Conduct violations happen through the [CNCF Code of Conduct committee](./code-of-conduct.md#reporting)
 and kcp maintainers pledge to work with the committee to resolve any incidents
-occuring in the kcp community.
+occurring in the kcp community.
 
 ## Security Response Team
 

Makefile

@@ -347,7 +347,7 @@ test-e2e-sharded-minimal: build-all
 	$(if $(value WAIT),|| { echo "Terminated with $$?"; wait "$$PID"; },)
 
 # This is just easy target to run 2 shard test server locally until manually killed.
-# You can targer test to it by running:
+# You can target test to it by running:
 # go test ./test/e2e/apibinding/... --kcp-kubeconfig=$(pwd)/.kcp/admin.kubeconfig --shard-kubeconfigs=root=$(pwd)/.kcp-0/admin.kubeconfig -run=^TestAPIBinding$
 test-run-sharded-server: WORK_DIR ?= $(PWD)
 test-run-sharded-server: LOG_DIR ?= $(WORK_DIR)/.kcp

docs/content/concepts/authorization/authorizers.md

@@ -138,7 +138,7 @@ A service-account defined in a different workspace is NOT given access to it.
 
 #### System CRD Authorizer
 
-This small authorizer simply prevents updates to the `status` subresource on APIExports or APIBindings. Note that this authorizer does not validate changes to the CustomResourceDefitions themselves, but to objects from those CRDs instead.
+This small authorizer simply prevents updates to the `status` subresource on APIExports or APIBindings. Note that this authorizer does not validate changes to the CustomResourceDefinitions themselves, but to objects from those CRDs instead.
 
 #### Maximal Permission Policy Authorizer
 

docs/content/concepts/sharding/shards.md

@@ -21,13 +21,13 @@ cluster holds administrational objects. Among them are shard objects.
 The set of shards in a kcp installation is defined by `Shard` objects in
 `core.kcp.io/v1alpha1`.
 
-A shard object specifies the network addresses, one for external access (usually 
+A shard object specifies the network addresses, one for external access (usually
 some worldwide load balancer) and one for direct access (shard to shard).
 
 ## Logical Clusters and Workspace Paths
 
 Logical clusters are defined through the existence of a `LogicalCluster` object
-"in themselves", similar to a `.` directory defining the existence of a directory 
+"in themselves", similar to a `.` directory defining the existence of a directory
 in Unix.
 
 Every logical cluster name `name` is a *logical cluster path*. Every logical
@@ -54,8 +54,8 @@ for the parent (`home` in this case) to exist.
 ## Front Proxy
 
 A front-proxy is aware of all logical clusters, their shard they live on,
-their canonical paths and all `Workspaces`s. Non canonical paths can be 
-reconstructed from the canonical path prefixes and the worksapce names.
+their canonical paths and all `Workspaces`s. Non canonical paths can be
+reconstructed from the canonical path prefixes and the workspace names.
 
 Requests to `/cluster/<path>` are forwarded to the shard via inverse proxying.
 
@@ -70,7 +70,7 @@ or multiple per region or cloud provider.
 ## Consistency Domain
 
 Every logical cluster provides a Kubernetes-compatible API root endpoint under
-`/cluster/<path>` including its own discovery endpoint and their own set of 
+`/cluster/<path>` including its own discovery endpoint and their own set of
 API groups and resources.
 
 Resources under such an endpoints satisfy the same consistency properties as with
@@ -84,12 +84,12 @@ i.e. resource versions cannot be compared.
 
 The only exception to the upper rule are objects under a "wildcard endpoint"
 `/clusters/*/apis/<group>/<v>/[namespaces/<ns>]/resource:<identity-hash>` per
-shard. It serves the objects of the given resource on that shard across 
+shard. It serves the objects of the given resource on that shard across
 logical-clusters. The annotation `kcp.io/cluster` tells the consumer which
 logical cluster each object belongs to.
 
 The wildcard endpoint is privileged (requires `system:masters` group membership).
-It is only accessible when talking directly to a shard, not through a 
+It is only accessible when talking directly to a shard, not through a
 front-proxy.
 
 Note: for unprivileged access, virtual view apiservers can offer a highly
@@ -115,7 +115,7 @@ the shard hosting the `Workspace` object will access another shard to create the
 `LogicalCluster` object initially. It does that by choosing a random logical
 cluster name (optimistically) and choosing a shard that name maps to (through
 consistent hashing). It then tries to create the `LogicalCluster`. On conflict,
-it can check whether the existing object belong the given `Workspace` object or 
+it can check whether the existing object belong the given `Workspace` object or
 not. If not, another name and shard is chosen, until scheduling succeeds. During
 initialization the controller on the `Workspace` hosting shard will keep watching
 the logical cluster on the other shard, with some exponential backoff. In other
@@ -125,8 +125,8 @@ the other shard.
 Another example is API binding, but it is different than workspace scheduling:
 a binding controller running on the shard hosting the `APIBinding` object will
 be aware of all `APIExport`s in the kcp installation through caching replication
-(see next section). What is special is that this controller has all the 
-information necessary to bind a new API and to keep bound APIs working even if 
+(see next section). What is special is that this controller has all the
+information necessary to bind a new API and to keep bound APIs working even if
 the shard of the `APIExport` is unavailable.
 
 Note: usually it a bad idea to create logic dependent on the parent workspace. If
@@ -138,12 +138,12 @@ parent is not accessible.
 
 The cache server is a special API server that can hold replicas of objects that
 must be available globally in an eventual consistent way. E.g. the `APIExport`s
-and `APIResourceSchemas` are replicated that way and made available to the 
+and `APIResourceSchemas` are replicated that way and made available to the
 corresponding controllers via informers.
 
 The cache server holds objects by logical clusters, and it can hold objects from
 many or all shards in a kcp installation, served through wildcard informers.
-The resource versions of those objects have no meaning beyond driving the cache 
+The resource versions of those objects have no meaning beyond driving the cache
 informers running in the shards.
 
 Cache servers can be 1:1 with shards, or there can be shared cache servers, e.g.
@@ -155,22 +155,22 @@ Controllers that make use of cached objects, will usually have informers against
 local objects and against the same objects in the cache server. If the former
 returns a "NotFound" error, the controllers will look up in the cache informers.
 
-The cache server technique is only useful for APIs whose object cardinality 
+The cache server technique is only useful for APIs whose object cardinality
 across all shards does not go beyond the cardinality sensibly storable in a
 kube-based apiserver.
 
 Note that objects like `Workspace`s and `LogicalCluster`s fall not into that
 category. This means that in particular the logical cluster canonical path
 cannot be derived from cached `LogicalCluster`s. Instead, the cached objects
 must hold their own `kcp.io/path` annotation in order to be indexable by that
-value. This is crucial to implement cross-logical-cluster references by 
+value. This is crucial to implement cross-logical-cluster references by
 canonical path.
 
 Note: the `APIExport` example assumes that there are never more than e.g. 10,000
-API exports in a kcp installation. If that is not an acceptable constraint, 
+API exports in a kcp installation. If that is not an acceptable constraint,
 other partitioning mechanism would be need to hold the number of `APIExport`
 objects per cache server below the critical number. E.g. there could be cache
-servers per big tenant, and that would hold only public exports and 
+servers per big tenant, and that would hold only public exports and
 tenant-internal exports. A more complex caching hierarchy would make sure the
 right objects are replicated, while the "really public" exports would only be a
 small number.
@@ -182,9 +182,9 @@ server replication is costly, this set is as minimal as possible. For example,
 certain RBAC objects are replicated in case they are needed to successfully
 authorize bindings of an API, or to use a workspace type.
 
-By the nature of replication, objects in the cache server can be old and 
+By the nature of replication, objects in the cache server can be old and
 incomplete. For instance, the non-existence of an object in the cache server
-does not mean it does not exist in its respective shard. The replication 
+does not mean it does not exist in its respective shard. The replication
 could be just delayed or the object was not identified to be worth to replicate.
 
 ## Bootstrapping

docs/content/concepts/workspaces/workspace-types.md

@@ -133,8 +133,8 @@ kcp startup:
 - Workspace CRD
 - WorkspaceType CRD
 - Shard CRD
-- Partion CRD
-- PartionSet CRD
+- Partition CRD
+- PartitionSet CRD
 
 The root workspace is the only one that holds `Shard` objects. Shards
 are used to schedule a new Workspace to, i.e. to select in which etcd the
@@ -153,7 +153,7 @@ that are scoped to the local shard (e.g. `lease` objects for kcp internal contro
 leader election is enabled). It is accessible via `/clusters/system:admin`.
 
 # Workspace Type Extensions and Constraints
-kcp offers extensions and constraints that enable you inherit functionality from other 
+kcp offers extensions and constraints that enable you inherit functionality from other
 workspace types and create custom workspace hierarchies for your organizational structure.
 
 A `WorkspaceType` can extend one or more other `WorkspaceTypes` using the `spec.extend.with`
@@ -188,7 +188,7 @@ spec:
     - name: standard
       path: root:base
 ```
-## Workspace Constraint Mechanisms 
+## Workspace Constraint Mechanisms
 KCP provides two primary constraint mechanisms for workspace types:
 * `limitAllowedChildren`: Controls which workspace types can be created as children.
 * `limitAllowedParents`: Controls which workspace types can serve as parents.

docs/content/contributing/index.md

@@ -8,7 +8,7 @@ Please read the following guide if you're interested in contributing to kcp.
 ## Code of Conduct
 
 Please be aware that this project is governed by the [CNCF Code of Conduct](https://github.com/kcp-dev/kcp/blob/main/code-of-conduct.md),
-which boils down to "let's be excelent to each other". Code of Conduct violations can be reported to the
+which boils down to "let's be excellent to each other". Code of Conduct violations can be reported to the
 [CNCF Code of Conduct Committee](https://www.cncf.io/conduct/committee/), which can be reached via [[email protected]](mailto:[email protected]).
 
 ## Certificate of Origin
@@ -82,4 +82,4 @@ The `kcp` project uses `OWNERS` files to denote the collaborators who can assist
 are two roles: reviewer and approver.  Merging a PR requires sign off from both a reviewer and an approver.
 
 In general, maintainers strive to pick up PRs for review when they can. If you feel like your PR has been missed,
-do not hesistate to ping maintainers directly or ask on the project communication channels about your PR.
+do not hesitate to ping maintainers directly or ask on the project communication channels about your PR.

pkg/admission/workspace/admission.go

@@ -106,7 +106,7 @@ func (o *workspace) Admit(ctx context.Context, a admission.Attributes, _ admissi
 			ws.Annotations[tenancyv1alpha1.ExperimentalWorkspaceOwnerAnnotationKey] = userInfo
 		}
 
-		// copy required groups from LogicalCluster to new child-Worksapce
+		// copy required groups from LogicalCluster to new child-workspace
 		if _, found := ws.Annotations[authorization.RequiredGroupsAnnotationKey]; !found || !isSystemPrivileged {
 			logicalCluster, err := o.logicalClusterLister.Cluster(clusterName).Get(corev1alpha1.LogicalClusterName)
 			if err != nil {

pkg/authorization/workspace_content_authorizer_test.go

@@ -192,7 +192,7 @@ func TestWorkspaceContentAuthorizer(t *testing.T) {
 			wantReason:         "delegating due to logical cluster admin access",
 		},
 		{
-			testName: "system:kcp:logical-cluster-admin can always pass with exeception if scoped",
+			testName: "system:kcp:logical-cluster-admin can always pass with exception if scoped",
 
 			requestedWorkspace: "root:non-existent",
 			requestingUser: &user.DefaultInfo{Name: "lcluster-admin", Extra: map[string][]string{

pkg/network/dialer.go

@@ -48,7 +48,7 @@ func DefaultTransportWrapper(rt http.RoundTripper) http.RoundTripper {
 
 	// This function may be called from different goroutines on the same
 	// `rt` at the same time, causing a data race.
-	// To preven this race .DialContext is swapped atomically.
+	// To prevent this race .DialContext is swapped atomically.
 	defaultDialContext := DefaultDialContext()
 	trDialContext := unsafe.Pointer(&tr.DialContext)
 	atomic.StorePointer(&trDialContext, unsafe.Pointer(&defaultDialContext))