Skip to content

Removemigrate #753

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 11 commits into from
Jun 17, 2025
Merged

Removemigrate #753

merged 11 commits into from
Jun 17, 2025

Conversation

gsmith-sas
Copy link
Member

No description provided.

@github-actions GitHub Actions
Copy link
Contributor

sh-checker report

To get the full details, please check in the job output.

shellcheck errors 

'shellcheck -e SC1004' returned error 1 finding the following syntactical issues:

----------

In logging/bin/apiaccess-include.sh line 34:
      kill -9 $pid
              ^--^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      kill -9 "$pid"


In logging/bin/apiaccess-include.sh line 35:
      wait $pid 2>/dev/null  # suppresses message reporting process has been killed
           ^--^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      wait "$pid" 2>/dev/null  # suppresses message reporting process has been killed


In logging/bin/apiaccess-include.sh line 56:
      stop_portforwarding $espfpid
                          ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      stop_portforwarding "$espfpid"


In logging/bin/apiaccess-include.sh line 71:
      stop_portforwarding $kbpfpid
                          ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      stop_portforwarding "$kbpfpid"


In logging/bin/apiaccess-include.sh line 90:
   api_url=$(get_service_url "$LOG_NS" "$servicename" "$usetls" $ingress)
                                                                ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   api_url=$(get_service_url "$LOG_NS" "$servicename" "$usetls" "$ingress")


In logging/bin/apiaccess-include.sh line 97:
      serviceport=$(kubectl -n $LOG_NS get service $servicename -o=jsonpath=$portpath)
                               ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                   ^----------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                            ^-------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      serviceport=$(kubectl -n "$LOG_NS" get service "$servicename" -o=jsonpath="$portpath")


In logging/bin/apiaccess-include.sh line 102:
      kubectl -n $LOG_NS port-forward --address localhost svc/$servicename :$serviceport > $tmpfile 2>/dev/null &
                 ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                              ^----------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                            ^----------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                           ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      kubectl -n "$LOG_NS" port-forward --address localhost svc/"$servicename" :"$serviceport" > "$tmpfile" 2>/dev/null &


In logging/bin/apiaccess-include.sh line 113:
      myline=$(head -n1  $tmpfile)
                         ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      myline=$(head -n1  "$tmpfile")


In logging/bin/apiaccess-include.sh line 179:
   tlsrequired="$(kubectl -n $LOG_NS get secret v4m-osd-tls-enabled -o=jsonpath={.data.enable_tls} |base64 --decode)"
                             ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                ^-- SC1083 (warning): This { is literal. Check expression (missing ;/\n?) or quote it.
                                                                                                 ^-- SC1083 (warning): This } is literal. Check expression (missing ;/\n?) or quote it.

Did you mean: 
   tlsrequired="$(kubectl -n "$LOG_NS" get secret v4m-osd-tls-enabled -o=jsonpath={.data.enable_tls} |base64 --decode)"


In logging/bin/apiaccess-include.sh line 182:
   get_api_url "$KB_SERVICENAME" '{.spec.ports[?(@.name=="'${KB_SERVICEPORT}'")].port}'  $tlsrequired  $KB_INGRESSNAME
                                                           ^---------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                         ^----------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                       ^-------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   get_api_url "$KB_SERVICENAME" '{.spec.ports[?(@.name=="'"${KB_SERVICEPORT}"'")].port}'  "$tlsrequired"  "$KB_INGRESSNAME"


In logging/bin/change_internal_password.sh line 6:
cd "$(dirname $BASH_SOURCE)/../.."
              ^----------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
cd "$(dirname "$BASH_SOURCE")/../.."


In logging/bin/change_internal_password.sh line 7:
CHECK_HELM=false
^--------^ SC2034 (warning): CHECK_HELM appears unused. Verify use (or export if used externally).


In logging/bin/change_internal_password.sh line 12:
this_script=`basename "$0"`
            ^-------------^ SC2006 (style): Use $(...) notation instead of legacy backticks `...`.

Did you mean: 
this_script=$(basename "$0")


In logging/bin/change_internal_password.sh line 79:
   if [ -z "$(kubectl -n $LOG_NS get secret internal-user-$USER_NAME -o=name 2>/dev/null)" ]; then
                         ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                          ^--------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   if [ -z "$(kubectl -n "$LOG_NS" get secret internal-user-"$USER_NAME" -o=name 2>/dev/null)" ]; then


In logging/bin/change_internal_password.sh line 85:
      ES_USER=$(kubectl -n $LOG_NS get secret internal-user-$USER_NAME -o=jsonpath="{.data.\username}" |base64 --decode)
                           ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                            ^--------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      ES_USER=$(kubectl -n "$LOG_NS" get secret internal-user-"$USER_NAME" -o=jsonpath="{.data.\username}" |base64 --decode)


In logging/bin/change_internal_password.sh line 86:
      ES_PASSWD=$(kubectl -n $LOG_NS get secret internal-user-$USER_NAME -o=jsonpath="{.data.password}" |base64 --decode)
                             ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                              ^--------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      ES_PASSWD=$(kubectl -n "$LOG_NS" get secret internal-user-"$USER_NAME" -o=jsonpath="{.data.password}" |base64 --decode)


In logging/bin/change_internal_password.sh line 106:
      ES_ADMIN_USER=$(kubectl -n $LOG_NS get secret internal-user-admin -o=jsonpath="{.data.username}" |base64 --decode)
                                 ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      ES_ADMIN_USER=$(kubectl -n "$LOG_NS" get secret internal-user-admin -o=jsonpath="{.data.username}" |base64 --decode)


In logging/bin/change_internal_password.sh line 107:
      ES_ADMIN_PASSWD=$(kubectl -n $LOG_NS get secret internal-user-admin -o=jsonpath="{.data.password}" |base64 --decode)
                                   ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      ES_ADMIN_PASSWD=$(kubectl -n "$LOG_NS" get secret internal-user-admin -o=jsonpath="{.data.password}" |base64 --decode)


In logging/bin/change_internal_password.sh line 110:
      kubectl -n $LOG_NS exec $targetpod -c $targetcontainer --  chmod +x $toolsrootdir/tools/hash.sh
                 ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      kubectl -n "$LOG_NS" exec $targetpod -c $targetcontainer --  chmod +x $toolsrootdir/tools/hash.sh


In logging/bin/change_internal_password.sh line 112:
      hashed_passwd=$(kubectl -n $LOG_NS exec $targetpod  -c $targetcontainer --  $toolsrootdir/tools/hash.sh -p $NEW_PASSWD|grep -v '*')
                                 ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                 ^---------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                                     ^-^ SC2063 (warning): Grep uses regex, but this looks like a glob.

Did you mean: 
      hashed_passwd=$(kubectl -n "$LOG_NS" exec $targetpod  -c $targetcontainer --  $toolsrootdir/tools/hash.sh -p "$NEW_PASSWD"|grep -v '*')


In logging/bin/change_internal_password.sh line 117:
         response=$(curl -s -o /dev/null -w "%{http_code}"  -XPATCH "$sec_api_url/internalusers/$ES_USER"   -H 'Content-Type: application/json' -d'[{"op" : "replace", "path" : "/hash", "value" : "'"$hashed_passwd"'"}]'  --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
                                                                                                                                                                                                                                   ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                                                                                                                                                  ^--------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
         response=$(curl -s -o /dev/null -w "%{http_code}"  -XPATCH "$sec_api_url/internalusers/$ES_USER"   -H 'Content-Type: application/json' -d'[{"op" : "replace", "path" : "/hash", "value" : "'"$hashed_passwd"'"}]'  --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)


In logging/bin/change_internal_password.sh line 151:
      kubectl -n $LOG_NS exec $targetpod  -c $targetcontainer --  chmod +x $toolsrootdir/tools/hash.sh
                 ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      kubectl -n "$LOG_NS" exec $targetpod  -c $targetcontainer --  chmod +x $toolsrootdir/tools/hash.sh


In logging/bin/change_internal_password.sh line 153:
      hashed_passwd=$(kubectl -n $LOG_NS exec $targetpod  -c $targetcontainer --  $toolsrootdir/tools/hash.sh -p $NEW_PASSWD|grep -v '*')
                                 ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                 ^---------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                                     ^-^ SC2063 (warning): Grep uses regex, but this looks like a glob.

Did you mean: 
      hashed_passwd=$(kubectl -n "$LOG_NS" exec $targetpod  -c $targetcontainer --  $toolsrootdir/tools/hash.sh -p "$NEW_PASSWD"|grep -v '*')


In logging/bin/change_internal_password.sh line 157:
      rm -f $TMP_DIR/tls.crt
            ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      rm -f "$TMP_DIR"/tls.crt


In logging/bin/change_internal_password.sh line 158:
      admin_tls_cert=$(kubectl -n $LOG_NS get secrets es-admin-tls-secret -o "jsonpath={.data['tls\.crt']}")
                                  ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      admin_tls_cert=$(kubectl -n "$LOG_NS" get secrets es-admin-tls-secret -o "jsonpath={.data['tls\.crt']}")


In logging/bin/change_internal_password.sh line 164:
         echo "$admin_tls_cert" |base64 --decode > $TMP_DIR/admin_tls.crt
                                                   ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
         echo "$admin_tls_cert" |base64 --decode > "$TMP_DIR"/admin_tls.crt


In logging/bin/change_internal_password.sh line 167:
         rm -f $TMP_DIR/tls.key
               ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
         rm -f "$TMP_DIR"/tls.key


In logging/bin/change_internal_password.sh line 168:
         admin_tls_key=$(kubectl -n $LOG_NS get secrets es-admin-tls-secret -o "jsonpath={.data['tls\.key']}")
                                    ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
         admin_tls_key=$(kubectl -n "$LOG_NS" get secrets es-admin-tls-secret -o "jsonpath={.data['tls\.key']}")


In logging/bin/change_internal_password.sh line 174:
            echo "$admin_tls_key" |base64 --decode > $TMP_DIR/admin_tls.key
                                                     ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
            echo "$admin_tls_key" |base64 --decode > "$TMP_DIR"/admin_tls.key


In logging/bin/change_internal_password.sh line 177:
            response=$(curl -s -o /dev/null -w "%{http_code}" -XPATCH "$sec_api_url/internalusers/$ES_USER"   -H 'Content-Type: application/json' -d'[{"op" : "replace", "path" : "/hash", "value" : "'"$hashed_passwd"'"}]'  --cert $TMP_DIR/admin_tls.crt --key $TMP_DIR/admin_tls.key  --insecure)
                                                                                                                                                                                                                                     ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                                                                                                                                                                  ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
            response=$(curl -s -o /dev/null -w "%{http_code}" -XPATCH "$sec_api_url/internalusers/$ES_USER"   -H 'Content-Type: application/json' -d'[{"op" : "replace", "path" : "/hash", "value" : "'"$hashed_passwd"'"}]'  --cert "$TMP_DIR"/admin_tls.crt --key "$TMP_DIR"/admin_tls.key  --insecure)


In logging/bin/change_internal_password.sh line 202:
     kubectl -n $LOG_NS delete secret internal-user-$USER_NAME  --ignore-not-found
                ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                    ^--------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
     kubectl -n "$LOG_NS" delete secret internal-user-"$USER_NAME"  --ignore-not-found


In logging/bin/change_internal_password.sh line 209:
     create_user_secret internal-user-$USER_NAME $USER_NAME $NEW_PASSWD "$labels"
                                      ^--------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                 ^--------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                            ^---------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
     create_user_secret internal-user-"$USER_NAME" "$USER_NAME" "$NEW_PASSWD" "$labels"


In logging/bin/common.sh line 1:
# Copyright © 2020, SAS Institute Inc., Cary, NC, USA.  All Rights Reserved.
^-- SC2148 (error): Tips depend on target shell and yours is unknown. Add a shebang or a 'shell' directive.


In logging/bin/common.sh line 11:
        userEnv=$(grep -v '^[[:blank:]]*$' $USER_DIR/logging/user.env | grep -v '^#' | xargs)
                                           ^-------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
        userEnv=$(grep -v '^[[:blank:]]*$' "$USER_DIR"/logging/user.env | grep -v '^#' | xargs)


In logging/bin/common.sh line 14:
          export $userEnv
                 ^------^ SC2163 (warning): This does not export 'userEnv'. Remove $/${} for that, or use ${var?} to quiet.
                 ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
          export "$userEnv"


In logging/bin/deploy_esexporter.sh line 6:
cd "$(dirname $BASH_SOURCE)/../.."
              ^----------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
cd "$(dirname "$BASH_SOURCE")/../.."


In logging/bin/deploy_esexporter.sh line 10:
this_script=`basename "$0"`
            ^-------------^ SC2006 (style): Use $(...) notation instead of legacy backticks `...`.

Did you mean: 
this_script=$(basename "$0")


In logging/bin/deploy_esexporter.sh line 28:
if [ "$(kubectl get ns $LOG_NS -o name 2>/dev/null)" == "" ]; then
                       ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
if [ "$(kubectl get ns "$LOG_NS" -o name 2>/dev/null)" == "" ]; then


In logging/bin/deploy_esexporter.sh line 39:
if helm3ReleaseExists es-exporter $LOG_NS; then
                                  ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
if helm3ReleaseExists es-exporter "$LOG_NS"; then


In logging/bin/deploy_esexporter.sh line 42:
   if [ -z $(kubectl -n $LOG_NS get pods -l "app.kubernetes.io/name=prometheus-elasticsearch-exporter,searchbackend=opensearch" -o name 2>/dev/null) ]; then
           ^-- SC2046 (warning): Quote this to prevent word splitting.
                        ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   if [ -z $(kubectl -n "$LOG_NS" get pods -l "app.kubernetes.io/name=prometheus-elasticsearch-exporter,searchbackend=opensearch" -o name 2>/dev/null) ]; then


In logging/bin/deploy_esexporter.sh line 44:
      helm -n $LOG_NS delete es-exporter
              ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      helm -n "$LOG_NS" delete es-exporter


In logging/bin/deploy_esexporter.sh line 47:
   if kubectl get crd servicemonitors.monitoring.coreos.com 2>1 1>/dev/null; then
                                                             ^-- SC2210 (warning): This is a file redirection. Was it supposed to be a comparison or fd operation?


In logging/bin/deploy_esexporter.sh line 52:
         kubectl delete -n $monNamespace servicemonitor elasticsearch
                           ^-----------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
         kubectl delete -n "$monNamespace" servicemonitor elasticsearch


In logging/bin/deploy_esexporter.sh line 54:
         kubectl apply  -n $monNamespace -f monitoring/monitors/logging/serviceMonitor-elasticsearch-v2.yaml
                           ^-----------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
         kubectl apply  -n "$monNamespace" -f monitoring/monitors/logging/serviceMonitor-elasticsearch-v2.yaml


In logging/bin/deploy_esexporter.sh line 110:
helm2ReleaseCheck es-exporter-$LOG_NS
                              ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
helm2ReleaseCheck es-exporter-"$LOG_NS"


In logging/bin/deploy_esexporter.sh line 115:
chart2install="$(get_helmchart_reference $ESEXPORTER_HELM_CHART_REPO $ESEXPORTER_HELM_CHART_NAME $ESEXPORTER_HELM_CHART_VERSION)"
                                         ^-------------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                     ^-------------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                 ^----------------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
chart2install="$(get_helmchart_reference "$ESEXPORTER_HELM_CHART_REPO" "$ESEXPORTER_HELM_CHART_NAME" "$ESEXPORTER_HELM_CHART_VERSION")"


In logging/bin/deploy_esexporter.sh line 116:
versionstring="$(get_helm_versionstring  $ESEXPORTER_HELM_CHART_VERSION)"
                                         ^----------------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
versionstring="$(get_helm_versionstring  "$ESEXPORTER_HELM_CHART_VERSION")"


In logging/bin/deploy_esexporter.sh line 120:
helm $helmDebug upgrade --install es-exporter \
     ^--------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
helm "$helmDebug" upgrade --install es-exporter \


In logging/bin/deploy_esexporter.sh line 121:
 --namespace $LOG_NS \
             ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
 --namespace "$LOG_NS" \


In logging/bin/deploy_esexporter.sh line 122:
 -f $imageKeysFile \
    ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
 -f "$imageKeysFile" \


In logging/bin/deploy_esexporter.sh line 124:
 -f $wnpValuesFile \
    ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
 -f "$wnpValuesFile" \


In logging/bin/deploy_esexporter.sh line 125:
 -f $openshiftValuesFile \
    ^------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
 -f "$openshiftValuesFile" \


In logging/bin/deploy_esexporter.sh line 126:
 -f $ES_OPEN_EXPORTER_USER_YAML \
    ^-------------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
 -f "$ES_OPEN_EXPORTER_USER_YAML" \


In logging/bin/deploy_esexporter.sh line 128:
 $versionstring \
 ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
 "$versionstring" \


In logging/bin/deploy_esexporter.sh line 129:
 $chart2install
 ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
 "$chart2install"


In logging/bin/deploy_logging.sh line 6:
cd "$(dirname $BASH_SOURCE)/../.."
              ^----------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
cd "$(dirname "$BASH_SOURCE")/../.."


In logging/bin/deploy_logging.sh line 30:
if [ "$(kubectl get ns $LOG_NS -o name 2>/dev/null)" == "" ]; then
                       ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
if [ "$(kubectl get ns "$LOG_NS" -o name 2>/dev/null)" == "" ]; then


In logging/bin/deploy_logging.sh line 31:
  kubectl create ns $LOG_NS
                    ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
  kubectl create ns "$LOG_NS"


In logging/bin/deploy_logging.sh line 34:
  disable_sa_token_automount $LOG_NS default
                             ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
  disable_sa_token_automount "$LOG_NS" default


In logging/bin/deploy_logging.sh line 97:
if helm3ReleaseExists v4m $LOG_NS; then
                          ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
if helm3ReleaseExists v4m "$LOG_NS"; then


In logging/bin/deploy_logging_openshift.sh line 6:
cd "$(dirname $BASH_SOURCE)/../.."
              ^----------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
cd "$(dirname "$BASH_SOURCE")/../.."


In logging/bin/deploy_logging_openshift.sh line 31:
if [ "$(kubectl get ns $LOG_NS -o name 2>/dev/null)" == "" ]; then
                       ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
if [ "$(kubectl get ns "$LOG_NS" -o name 2>/dev/null)" == "" ]; then


In logging/bin/deploy_logging_openshift.sh line 32:
  kubectl create ns $LOG_NS
                    ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
  kubectl create ns "$LOG_NS"


In logging/bin/deploy_logging_openshift.sh line 35:
  disable_sa_token_automount $LOG_NS default
                             ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
  disable_sa_token_automount "$LOG_NS" default


In logging/bin/deploy_logging_openshift.sh line 36:
  disable_sa_token_automount $LOG_NS builder
                             ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
  disable_sa_token_automount "$LOG_NS" builder


In logging/bin/deploy_logging_openshift.sh line 37:
  disable_sa_token_automount $LOG_NS deployer
                             ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
  disable_sa_token_automount "$LOG_NS" deployer


In logging/bin/deploy_logging_openshift.sh line 123:
   bin/show_app_url.sh $servicelist
                       ^----------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   bin/show_app_url.sh "$servicelist"


In logging/bin/deploy_logging_openshift.sh line 144:
if helm3ReleaseExists v4m $LOG_NS; then
                          ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
if helm3ReleaseExists v4m "$LOG_NS"; then


In logging/bin/deploy_opensearch.sh line 6:
cd "$(dirname $BASH_SOURCE)/../.."
              ^----------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
cd "$(dirname "$BASH_SOURCE")/../.."


In logging/bin/deploy_opensearch.sh line 13:
this_script=`basename "$0"`
            ^-------------^ SC2006 (style): Use $(...) notation instead of legacy backticks `...`.

Did you mean: 
this_script=$(basename "$0")


In logging/bin/deploy_opensearch.sh line 48:
if [ "$AUTOGENERATE_INGRESS" == "true" ] && [ "$OPENSEARCH_INGRESS_ENABLE"="true" ]; then
                                                                          ^-- SC2077 (error): You need spaces around the comparison operator.


In logging/bin/deploy_opensearch.sh line 68:
   yq -i eval-all '. as $item ireduce ({}; . * $item )' "$autogeneratedYAMLFile" "$ingressSampleFile"
                  ^-- SC2016 (info): Expressions don't expand in single quotes, use double quotes for that.


In logging/bin/deploy_opensearch.sh line 71:
   OPENSEARCH_FQDN="${OPENSEARCH_FQDN}"
   ^-------------^ SC2269 (info): This variable is assigned to itself, so the assignment does nothing.


In logging/bin/deploy_opensearch.sh line 85:
   yq -i '.ingress.enabled=env(OPENSEARCH_INGRESS_ENABLE)'               $autogeneratedYAMLFile
                                                                         ^--------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   yq -i '.ingress.enabled=env(OPENSEARCH_INGRESS_ENABLE)'               "$autogeneratedYAMLFile"


In logging/bin/deploy_opensearch.sh line 88:
      yq -i '.ingress.hosts.[0]=env(OPENSEARCH_FQDN)'                    $autogeneratedYAMLFile
                                                                         ^--------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      yq -i '.ingress.hosts.[0]=env(OPENSEARCH_FQDN)'                    "$autogeneratedYAMLFile"


In logging/bin/deploy_opensearch.sh line 89:
      yq -i '.ingress.tls.[0].hosts.[0]=env(OPENSEARCH_FQDN)'            $autogeneratedYAMLFile
                                                                         ^--------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      yq -i '.ingress.tls.[0].hosts.[0]=env(OPENSEARCH_FQDN)'            "$autogeneratedYAMLFile"


In logging/bin/deploy_opensearch.sh line 91:
      slashpath="/$OPENSEARCH_PATH" yq -i '.ingress.path=env(slashpath)' $autogeneratedYAMLFile
                                                                         ^--------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      slashpath="/$OPENSEARCH_PATH" yq -i '.ingress.path=env(slashpath)' "$autogeneratedYAMLFile"


In logging/bin/deploy_opensearch.sh line 92:
      yq -i '.ingress.hosts.[0]=env(OPENSEARCH_FQDN)'                    $autogeneratedYAMLFile
                                                                         ^--------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      yq -i '.ingress.hosts.[0]=env(OPENSEARCH_FQDN)'                    "$autogeneratedYAMLFile"


In logging/bin/deploy_opensearch.sh line 94:
      yq -i '.ingress.tls.[0].hosts.[0]=env(OPENSEARCH_FQDN)'            $autogeneratedYAMLFile
                                                                         ^--------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      yq -i '.ingress.tls.[0].hosts.[0]=env(OPENSEARCH_FQDN)'            "$autogeneratedYAMLFile"


In logging/bin/deploy_opensearch.sh line 95:
      slashpath="/$OPENSEARCH_PATH" yq -i '.ingress.annotations["nginx.ingress.kubernetes.io/rewrite-target"]=env(slashpath)' $autogeneratedYAMLFile
                                                                                                                              ^--------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      slashpath="/$OPENSEARCH_PATH" yq -i '.ingress.annotations["nginx.ingress.kubernetes.io/rewrite-target"]=env(slashpath)' "$autogeneratedYAMLFile"


In logging/bin/deploy_opensearch.sh line 98:
      printf -v snippet "rewrite (?i)/$OPENSEARCH_PATH/(.*) /\$1 break;\nrewrite (?i)/${OPENSEARCH_PATH}$ / break;"  ;
                        ^-- SC2059 (info): Don't use variables in the printf format string. Use printf '..%s..' "$foo".


In logging/bin/deploy_opensearch.sh line 99:
      snippet="$snippet"    yq -i '.ingress.annotations["nginx.ingress.kubernetes.io/configuration-snippet"]=strenv(snippet)'  $autogeneratedYAMLFile
                                                                                                                               ^--------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      snippet="$snippet"    yq -i '.ingress.annotations["nginx.ingress.kubernetes.io/configuration-snippet"]=strenv(snippet)'  "$autogeneratedYAMLFile"


In logging/bin/deploy_opensearch.sh line 116:
if [ "$(kubectl get ns $LOG_NS -o name 2>/dev/null)" == "" ]; then
                       ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
if [ "$(kubectl get ns "$LOG_NS" -o name 2>/dev/null)" == "" ]; then


In logging/bin/deploy_opensearch.sh line 144:
if verify_cert_generator $LOG_NS es-transport es-rest es-admin; then
                         ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
if verify_cert_generator "$LOG_NS" es-transport es-rest es-admin; then


In logging/bin/deploy_opensearch.sh line 152:
create_tls_certs $LOG_NS logging es-transport es-rest es-admin
                 ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
create_tls_certs "$LOG_NS" logging es-transport es-rest es-admin


In logging/bin/deploy_opensearch.sh line 158:
if [ ! -f  $TMP_DIR/es-transport.pem ]; then
           ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
if [ ! -f  "$TMP_DIR"/es-transport.pem ]; then


In logging/bin/deploy_opensearch.sh line 160:
   kubectl -n $LOG_NS get secret es-transport-tls-secret -o=jsonpath="{.data.tls\.crt}" |base64 --decode > $TMP_DIR/es-transport.pem
              ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                           ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   kubectl -n "$LOG_NS" get secret es-transport-tls-secret -o=jsonpath="{.data.tls\.crt}" |base64 --decode > "$TMP_DIR"/es-transport.pem


In logging/bin/deploy_opensearch.sh line 162:
node_dn=$(openssl x509 -subject -nameopt RFC2253 -noout -in $TMP_DIR/es-transport.pem | sed -e "s/subject=\s*\(\S*\)/\1/" -e "s/^[ \t]*//")
                                                            ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
node_dn=$(openssl x509 -subject -nameopt RFC2253 -noout -in "$TMP_DIR"/es-transport.pem | sed -e "s/subject=\s*\(\S*\)/\1/" -e "s/^[ \t]*//")


In logging/bin/deploy_opensearch.sh line 164:
if [ ! -f  $TMP_DIR/es-admin.pem ]; then
           ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
if [ ! -f  "$TMP_DIR"/es-admin.pem ]; then


In logging/bin/deploy_opensearch.sh line 166:
   kubectl -n $LOG_NS get secret es-admin-tls-secret -o=jsonpath="{.data.tls\.crt}" |base64 --decode > $TMP_DIR/es-admin.pem
              ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                       ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   kubectl -n "$LOG_NS" get secret es-admin-tls-secret -o=jsonpath="{.data.tls\.crt}" |base64 --decode > "$TMP_DIR"/es-admin.pem


In logging/bin/deploy_opensearch.sh line 168:
admin_dn=$(openssl x509 -subject -nameopt RFC2253 -noout -in $TMP_DIR/es-admin.pem | sed -e "s/subject=\s*\(\S*\)/\1/" -e "s/^[ \t]*//")
                                                             ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
admin_dn=$(openssl x509 -subject -nameopt RFC2253 -noout -in "$TMP_DIR"/es-admin.pem | sed -e "s/subject=\s*\(\S*\)/\1/" -e "s/^[ \t]*//")


In logging/bin/deploy_opensearch.sh line 173:
kubectl -n $LOG_NS delete secret opensearch-cert-subjects --ignore-not-found
           ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
kubectl -n "$LOG_NS" delete secret opensearch-cert-subjects --ignore-not-found


In logging/bin/deploy_opensearch.sh line 174:
kubectl -n $LOG_NS create secret generic opensearch-cert-subjects  --from-literal=node_dn="$node_dn" --from-literal=admin_dn="$admin_dn"
           ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
kubectl -n "$LOG_NS" create secret generic opensearch-cert-subjects  --from-literal=node_dn="$node_dn" --from-literal=admin_dn="$admin_dn"


In logging/bin/deploy_opensearch.sh line 175:
kubectl -n $LOG_NS label  secret opensearch-cert-subjects  managed-by=v4m-es-script
           ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
kubectl -n "$LOG_NS" label  secret opensearch-cert-subjects  managed-by=v4m-es-script


In logging/bin/deploy_opensearch.sh line 178:
kubectl -n $LOG_NS delete configmap run-securityadmin.sh --ignore-not-found
           ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
kubectl -n "$LOG_NS" delete configmap run-securityadmin.sh --ignore-not-found


In logging/bin/deploy_opensearch.sh line 179:
kubectl -n $LOG_NS create configmap run-securityadmin.sh --from-file logging/opensearch/bin/run_securityadmin.sh
           ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
kubectl -n "$LOG_NS" create configmap run-securityadmin.sh --from-file logging/opensearch/bin/run_securityadmin.sh


In logging/bin/deploy_opensearch.sh line 180:
kubectl -n $LOG_NS label  configmap run-securityadmin.sh managed-by=v4m-es-script search-backend=opensearch
           ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
kubectl -n "$LOG_NS" label  configmap run-securityadmin.sh managed-by=v4m-es-script search-backend=opensearch


In logging/bin/deploy_opensearch.sh line 183:
export ES_ADMIN_USER=$(kubectl -n $LOG_NS get secret internal-user-admin -o=jsonpath="{.data.username}" |base64 --decode)
       ^-----------^ SC2155 (warning): Declare and assign separately to avoid masking return values.
                                  ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
export ES_ADMIN_USER=$(kubectl -n "$LOG_NS" get secret internal-user-admin -o=jsonpath="{.data.username}" |base64 --decode)


In logging/bin/deploy_opensearch.sh line 184:
export ES_ADMIN_PASSWD=$(kubectl -n $LOG_NS get secret internal-user-admin -o=jsonpath="{.data.password}" |base64 --decode)
       ^-------------^ SC2155 (warning): Declare and assign separately to avoid masking return values.
                                    ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
export ES_ADMIN_PASSWD=$(kubectl -n "$LOG_NS" get secret internal-user-admin -o=jsonpath="{.data.password}" |base64 --decode)


In logging/bin/deploy_opensearch.sh line 185:
export ES_METRICGETTER_USER=$(kubectl -n $LOG_NS get secret internal-user-metricgetter -o=jsonpath="{.data.username}" |base64 --decode)
       ^------------------^ SC2155 (warning): Declare and assign separately to avoid masking return values.
                                         ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
export ES_METRICGETTER_USER=$(kubectl -n "$LOG_NS" get secret internal-user-metricgetter -o=jsonpath="{.data.username}" |base64 --decode)


In logging/bin/deploy_opensearch.sh line 186:
export ES_METRICGETTER_PASSWD=$(kubectl -n $LOG_NS get secret internal-user-metricgetter -o=jsonpath="{.data.password}" |base64 --decode)
       ^--------------------^ SC2155 (warning): Declare and assign separately to avoid masking return values.
                                           ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
export ES_METRICGETTER_PASSWD=$(kubectl -n "$LOG_NS" get secret internal-user-metricgetter -o=jsonpath="{.data.password}" |base64 --decode)


In logging/bin/deploy_opensearch.sh line 189:
adminpwd_autogenerated=$(kubectl -n $LOG_NS get secret internal-user-admin   -o jsonpath='{.metadata.labels.autogenerated_password}')
                                    ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
adminpwd_autogenerated=$(kubectl -n "$LOG_NS" get secret internal-user-admin   -o jsonpath='{.metadata.labels.autogenerated_password}')


In logging/bin/deploy_opensearch.sh line 190:
if [ ! -z "$adminpwd_autogenerated"  ]; then
     ^-- SC2236 (style): Use -n instead of ! -z.


In logging/bin/deploy_opensearch.sh line 224:
if [ "$(helm -n $LOG_NS list --filter 'opensearch' -q)" == "opensearch" ]; then
                ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
if [ "$(helm -n "$LOG_NS" list --filter 'opensearch' -q)" == "opensearch" ]; then


In logging/bin/deploy_opensearch.sh line 232:
helm2ReleaseCheck odfe-$LOG_NS
                       ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
helm2ReleaseCheck odfe-"$LOG_NS"


In logging/bin/deploy_opensearch.sh line 235:
if [ "$(helm -n $LOG_NS list --filter 'odfe' -q)" == "odfe" ]; then
                ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
if [ "$(helm -n "$LOG_NS" list --filter 'odfe' -q)" == "odfe" ]; then


In logging/bin/deploy_opensearch.sh line 249:
if [ -z "$(kubectl -n $LOG_NS get secret opensearch-securityconfig -o name 2>/dev/null)" ]; then
                      ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
if [ -z "$(kubectl -n "$LOG_NS" get secret opensearch-securityconfig -o name 2>/dev/null)" ]; then


In logging/bin/deploy_opensearch.sh line 251:
   kubectl -n $LOG_NS delete secret opensearch-securityconfig --ignore-not-found
              ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   kubectl -n "$LOG_NS" delete secret opensearch-securityconfig --ignore-not-found


In logging/bin/deploy_opensearch.sh line 254:
   mkdir -p $TMP_DIR/opensearch/securityconfig
            ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   mkdir -p "$TMP_DIR"/opensearch/securityconfig


In logging/bin/deploy_opensearch.sh line 255:
   cp logging/opensearch/securityconfig/*.yml $TMP_DIR/opensearch/securityconfig
                                              ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   cp logging/opensearch/securityconfig/*.yml "$TMP_DIR"/opensearch/securityconfig


In logging/bin/deploy_opensearch.sh line 260:
      if [ "$(ls $USER_DIR/logging/opensearch/securityconfig/*.yml 2>/dev/null)" ]; then
                 ^-------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      if [ "$(ls "$USER_DIR"/logging/opensearch/securityconfig/*.yml 2>/dev/null)" ]; then


In logging/bin/deploy_opensearch.sh line 262:
        cp $USER_DIR/logging/opensearch/securityconfig/*.yml $TMP_DIR/opensearch/securityconfig
           ^-------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                             ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
        cp "$USER_DIR"/logging/opensearch/securityconfig/*.yml "$TMP_DIR"/opensearch/securityconfig


In logging/bin/deploy_opensearch.sh line 271:
   kubectl -n $LOG_NS create secret generic opensearch-securityconfig    \
              ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   kubectl -n "$LOG_NS" create secret generic opensearch-securityconfig    \


In logging/bin/deploy_opensearch.sh line 272:
       --from-file $TMP_DIR/opensearch/securityconfig/action_groups.yml  \
                   ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
       --from-file "$TMP_DIR"/opensearch/securityconfig/action_groups.yml  \


In logging/bin/deploy_opensearch.sh line 273:
       --from-file $TMP_DIR/opensearch/securityconfig/allowlist.yml      \
                   ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
       --from-file "$TMP_DIR"/opensearch/securityconfig/allowlist.yml      \


In logging/bin/deploy_opensearch.sh line 274:
       --from-file whitelist.yml=$TMP_DIR/opensearch/securityconfig/allowlist.yml      \
                                 ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
       --from-file whitelist.yml="$TMP_DIR"/opensearch/securityconfig/allowlist.yml      \


In logging/bin/deploy_opensearch.sh line 275:
       --from-file $TMP_DIR/opensearch/securityconfig/config.yml         \
                   ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
       --from-file "$TMP_DIR"/opensearch/securityconfig/config.yml         \


In logging/bin/deploy_opensearch.sh line 276:
       --from-file $TMP_DIR/opensearch/securityconfig/internal_users.yml \
                   ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
       --from-file "$TMP_DIR"/opensearch/securityconfig/internal_users.yml \


In logging/bin/deploy_opensearch.sh line 277:
       --from-file $TMP_DIR/opensearch/securityconfig/nodes_dn.yml       \
                   ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
       --from-file "$TMP_DIR"/opensearch/securityconfig/nodes_dn.yml       \


In logging/bin/deploy_opensearch.sh line 278:
       --from-file $TMP_DIR/opensearch/securityconfig/roles.yml          \
                   ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
       --from-file "$TMP_DIR"/opensearch/securityconfig/roles.yml          \


In logging/bin/deploy_opensearch.sh line 279:
       --from-file $TMP_DIR/opensearch/securityconfig/roles_mapping.yml  \
                   ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
       --from-file "$TMP_DIR"/opensearch/securityconfig/roles_mapping.yml  \


In logging/bin/deploy_opensearch.sh line 280:
       --from-file $TMP_DIR/opensearch/securityconfig/tenants.yml
                   ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
       --from-file "$TMP_DIR"/opensearch/securityconfig/tenants.yml


In logging/bin/deploy_opensearch.sh line 282:
   kubectl -n $LOG_NS label secret opensearch-securityconfig  managed-by=v4m-es-script
              ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   kubectl -n "$LOG_NS" label secret opensearch-securityconfig  managed-by=v4m-es-script


In logging/bin/deploy_opensearch.sh line 318:
chart2install="$(get_helmchart_reference $OPENSEARCH_HELM_CHART_REPO $OPENSEARCH_HELM_CHART_NAME $OPENSEARCH_HELM_CHART_VERSION)"
                                         ^-------------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                     ^-------------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                 ^----------------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
chart2install="$(get_helmchart_reference "$OPENSEARCH_HELM_CHART_REPO" "$OPENSEARCH_HELM_CHART_NAME" "$OPENSEARCH_HELM_CHART_VERSION")"


In logging/bin/deploy_opensearch.sh line 319:
versionstring="$(get_helm_versionstring  $OPENSEARCH_HELM_CHART_VERSION)"
                                         ^----------------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
versionstring="$(get_helm_versionstring  "$OPENSEARCH_HELM_CHART_VERSION")"


In logging/bin/deploy_opensearch.sh line 325:
helm $helmDebug upgrade --install opensearch \
     ^--------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
helm "$helmDebug" upgrade --install opensearch \


In logging/bin/deploy_opensearch.sh line 326:
    --namespace $LOG_NS \
                ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
    --namespace "$LOG_NS" \


In logging/bin/deploy_opensearch.sh line 337:
    $versionstring \
    ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
    "$versionstring" \


In logging/bin/deploy_opensearch.sh line 338:
    $chart2install
    ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
    "$chart2install"


In logging/bin/deploy_opensearch.sh line 342:
pvc_status=$(kubectl -n $LOG_NS get pvc  v4m-search-v4m-search-0  -o=jsonpath="{.status.phase}")
                        ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
pvc_status=$(kubectl -n "$LOG_NS" get pvc  v4m-search-v4m-search-0  -o=jsonpath="{.status.phase}")


In logging/bin/deploy_opensearch.sh line 343:
until [ "$pvc_status" == "Bound" ] || (( $pvcCounter>90 ));
                                         ^---------^ SC2004 (style): $/${} is unnecessary on arithmetic variables.


In logging/bin/deploy_opensearch.sh line 347:
   pvc_status=$(kubectl -n $LOG_NS get pvc v4m-search-v4m-search-0 -o=jsonpath="{.status.phase}")
                           ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   pvc_status=$(kubectl -n "$LOG_NS" get pvc v4m-search-v4m-search-0 -o=jsonpath="{.status.phase}")


In logging/bin/deploy_opensearch.sh line 351:
pvc_status=$(kubectl -n $LOG_NS get pvc  v4m-search-v4m-search-0  -o=jsonpath="{.status.phase}")
                        ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
pvc_status=$(kubectl -n "$LOG_NS" get pvc  v4m-search-v4m-search-0  -o=jsonpath="{.status.phase}")


In logging/bin/deploy_opensearch.sh line 362:
kubectl -n $LOG_NS wait pods v4m-search-0 --for=condition=Ready --timeout=10m
           ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
kubectl -n "$LOG_NS" wait pods v4m-search-0 --for=condition=Ready --timeout=10m


In logging/bin/deploy_opensearch.sh line 376:
  kubectl -n $LOG_NS exec v4m-search-0 -c opensearch -- config/run_securityadmin.sh
             ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
  kubectl -n "$LOG_NS" exec v4m-search-0 -c opensearch -- config/run_securityadmin.sh


In logging/bin/deploy_opensearch.sh line 378:
  kubectl -n $LOG_NS cp v4m-search-0:config/run_securityadmin.log $TMP_DIR/run_securityadmin.log -c opensearch
             ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                  ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
  kubectl -n "$LOG_NS" cp v4m-search-0:config/run_securityadmin.log "$TMP_DIR"/run_securityadmin.log -c opensearch


In logging/bin/deploy_opensearch.sh line 379:
  if [ "$(tail -n1  $TMP_DIR/run_securityadmin.log)" == "Done with success" ]; then
                    ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
  if [ "$(tail -n1  "$TMP_DIR"/run_securityadmin.log)" == "Done with success" ]; then


In logging/bin/deploy_opensearch.sh line 385:
  sed 's/^/   | /' $TMP_DIR/run_securityadmin.log
                   ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
  sed 's/^/   | /' "$TMP_DIR"/run_securityadmin.log


In logging/bin/deploy_opensearch.sh line 394:
   disable_sa_token_automount $LOG_NS v4m-os
                              ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   disable_sa_token_automount "$LOG_NS" v4m-os


In logging/bin/deploy_opensearch_content.sh line 6:
cd "$(dirname $BASH_SOURCE)/../.."
              ^----------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
cd "$(dirname "$BASH_SOURCE")/../.."


In logging/bin/deploy_opensearch_content.sh line 12:
this_script=`basename "$0"`
            ^-------------^ SC2006 (style): Use $(...) notation instead of legacy backticks `...`.

Did you mean: 
this_script=$(basename "$0")


In logging/bin/deploy_opensearch_content.sh line 33:
if [ "$(kubectl get ns $LOG_NS -o name 2>/dev/null)" == "" ]; then
                       ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
if [ "$(kubectl get ns "$LOG_NS" -o name 2>/dev/null)" == "" ]; then


In logging/bin/deploy_opensearch_content.sh line 49:
   response=$(curl -s -o /dev/null -w  "%{http_code}" -XGET  "$es_api_url"  --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD  --insecure)
                                                                                   ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                  ^--------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   response=$(curl -s -o /dev/null -w  "%{http_code}" -XGET  "$es_api_url"  --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD"  --insecure)


In logging/bin/deploy_opensearch_content.sh line 77:
   log_debug "Function called: set_retention_perid ARGS: $@"
                                                         ^-- SC2145 (error): Argument mixes string and array. Use * or separate argument.


In logging/bin/deploy_opensearch_content.sh line 83:
   cp logging/opensearch/${policy_name}.json $TMP_DIR/$policy_name.json
                         ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                             ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                      ^----------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   cp logging/opensearch/"${policy_name}".json "$TMP_DIR"/"$policy_name".json


In logging/bin/deploy_opensearch_content.sh line 92:
   sed -i'.bak' "s/\"min_index_age\": \"xxxRETENTION_PERIODxxx\"/\"min_index_age\": \"${retention_period}d\"/g" $TMP_DIR/$policy_name.json
                                                                                                                ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                         ^----------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   sed -i'.bak' "s/\"min_index_age\": \"xxxRETENTION_PERIODxxx\"/\"min_index_age\": \"${retention_period}d\"/g" "$TMP_DIR"/"$policy_name".json


In logging/bin/deploy_opensearch_content.sh line 95:
   log_debug "$(cat $TMP_DIR/${policy_name}.json)"
                    ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                             ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   log_debug "$(cat "$TMP_DIR"/"${policy_name}".json)"


In logging/bin/deploy_opensearch_content.sh line 98:
   response=$(curl -s -o /dev/null  -w "%{http_code}" -XPUT "$ism_api_url/policies/$policy_name" -H 'Content-Type: application/json' -d @$TMP_DIR/$policy_name.json  --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
                                                                                                                                         ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                                                  ^----------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                                                                            ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                                                                                           ^--------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   response=$(curl -s -o /dev/null  -w "%{http_code}" -XPUT "$ism_api_url/policies/$policy_name" -H 'Content-Type: application/json' -d @"$TMP_DIR"/"$policy_name".json  --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)


In logging/bin/deploy_opensearch_content.sh line 118:
   response=$(curl -s -o $TMP_DIR/ism_policy_patch.json -w "%{http_code}" -XGET "$ism_api_url/policies/$policy_name" --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
                         ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                            ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                                           ^--------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   response=$(curl -s -o "$TMP_DIR"/ism_policy_patch.json -w "%{http_code}" -XGET "$ism_api_url/policies/$policy_name" --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)


In logging/bin/deploy_opensearch_content.sh line 124:
   if [ -n "$(cat $TMP_DIR/ism_policy_patch.json |grep '"ism_template":null')" ]; then
        ^-- SC2143 (style): Use grep -q instead of comparing output with [ -n .. ].
                  ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   if [ -n "$(cat "$TMP_DIR"/ism_policy_patch.json |grep '"ism_template":null')" ]; then


In logging/bin/deploy_opensearch_content.sh line 128:
      sed -i'.bak'  "s/\"_id\":\"${policy_name}\",//;s/\"_version\":[0-9]*,//;s/\"_seq_no\":[0-9]*,//;s/\"_primary_term\":[0-9]*,//" $TMP_DIR/ism_policy_patch.json
                                                                                                                                     ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      sed -i'.bak'  "s/\"_id\":\"${policy_name}\",//;s/\"_version\":[0-9]*,//;s/\"_seq_no\":[0-9]*,//;s/\"_primary_term\":[0-9]*,//" "$TMP_DIR"/ism_policy_patch.json


In logging/bin/deploy_opensearch_content.sh line 131:
      sed -i'.bak'  "s/\"ism_template\":null/\"ism_template\": {\"index_patterns\": \[\"${pattern}\"\],\"priority\":${priority}}/g" $TMP_DIR/ism_policy_patch.json
                                                                                                                                    ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      sed -i'.bak'  "s/\"ism_template\":null/\"ism_template\": {\"index_patterns\": \[\"${pattern}\"\],\"priority\":${priority}}/g" "$TMP_DIR"/ism_policy_patch.json


In logging/bin/deploy_opensearch_content.sh line 134:
      response=$(curl -s -o /dev/null   -w "%{http_code}" -XDELETE "$ism_api_url/policies/$policy_name" --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
                                                                                                               ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                              ^--------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      response=$(curl -s -o /dev/null   -w "%{http_code}" -XDELETE "$ism_api_url/policies/$policy_name" --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)


In logging/bin/deploy_opensearch_content.sh line 145:
         sed -i'.bak' "s/viya_infra_idxmgmt_policy/viya-infra-idxmgmt-policy/g"  $TMP_DIR/ism_policy_patch.json
                                                                                 ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
         sed -i'.bak' "s/viya_infra_idxmgmt_policy/viya-infra-idxmgmt-policy/g"  "$TMP_DIR"/ism_policy_patch.json


In logging/bin/deploy_opensearch_content.sh line 151:
      response=$(curl -s -o /dev/null -w "%{http_code}" -XPUT "$ism_api_url/policies/$policy_name"  -H 'Content-Type: application/json' -d "@$TMP_DIR/ism_policy_patch.json" --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
                                                                                                                                                                                    ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                                                                                                   ^--------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      response=$(curl -s -o /dev/null -w "%{http_code}" -XPUT "$ism_api_url/policies/$policy_name"  -H 'Content-Type: application/json' -d "@$TMP_DIR/ism_policy_patch.json" --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)


In logging/bin/deploy_opensearch_content.sh line 171:
response=$(curl  -s -o /dev/null -w "%{http_code}"  -XPUT "$es_api_url/_ingest/pipeline/viyaburstns" -H 'Content-Type: application/json' -d @logging/opensearch/create_ns_burst_pipeline.json  --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
                                                                                                                                                                                                      ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                                                                                                                     ^--------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
response=$(curl  -s -o /dev/null -w "%{http_code}"  -XPUT "$es_api_url/_ingest/pipeline/viyaburstns" -H 'Content-Type: application/json' -d @logging/opensearch/create_ns_burst_pipeline.json  --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)


In logging/bin/deploy_opensearch_content.sh line 181:
response=$(curl  -s -o /dev/null -w "%{http_code}" -XPUT "$es_api_url/_template/viya-logs-template"  -H 'Content-Type: application/json' -d @logging/opensearch/set_index_template_settings_logs.json --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure )
                                                                                                                                                                                                             ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                                                                                                                            ^--------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
response=$(curl  -s -o /dev/null -w "%{http_code}" -XPUT "$es_api_url/_template/viya-logs-template"  -H 'Content-Type: application/json' -d @logging/opensearch/set_index_template_settings_logs.json --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure )


In logging/bin/deploy_opensearch_content.sh line 198:
   response=$(curl  -s -o /dev/null -w "%{http_code}" -XPUT "$es_api_url/_template/viya-infra-template"   -H 'Content-Type: application/json' -d @logging/opensearch/set_index_template_settings_infra_openshift.json --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure )
                                                                                                                                                                                                                             ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                                                                                                                                            ^--------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   response=$(curl  -s -o /dev/null -w "%{http_code}" -XPUT "$es_api_url/_template/viya-infra-template"   -H 'Content-Type: application/json' -d @logging/opensearch/set_index_template_settings_infra_openshift.json --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure )


In logging/bin/deploy_opensearch_content.sh line 217:
response=$(curl -s -o /dev/null -w "%{http_code}" -XPUT "$es_api_url/_template/viya-ops-template" -H 'Content-Type: application/json'  -d @logging/opensearch/set_index_template_settings_ops.json --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
                                                                                                                                                                                                          ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                                                                                                                         ^--------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
response=$(curl -s -o /dev/null -w "%{http_code}" -XPUT "$es_api_url/_template/viya-ops-template" -H 'Content-Type: application/json'  -d @logging/opensearch/set_index_template_settings_ops.json --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)


In logging/bin/deploy_opensearch_content.sh line 254:
      LOGGING_DRIVER=true ./logging/bin/user.sh CREATE -ns _all_ -t _all_ -u logadm -p $LOG_LOGADM_PASSWD
                                                                                       ^----------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      LOGGING_DRIVER=true ./logging/bin/user.sh CREATE -ns _all_ -t _all_ -u logadm -p "$LOG_LOGADM_PASSWD"


In logging/bin/deploy_opensearch_content.sh line 264:
   response=$(curl -s -o /dev/null -w "%{http_code}" -XGET "$es_api_url/_plugins/_reports/instances"   --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
                                                                                                              ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                             ^--------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   response=$(curl -s -o /dev/null -w "%{http_code}" -XGET "$es_api_url/_plugins/_reports/instances"   --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)


In logging/bin/deploy_opensearch_content.sh line 266:
   response=$(curl -s -o /dev/null -w "%{http_code}" -XGET "$es_api_url/_plugins/_reports/definitions" --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
                                                                                                              ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                             ^--------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   response=$(curl -s -o /dev/null -w "%{http_code}" -XGET "$es_api_url/_plugins/_reports/definitions" --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)


In logging/bin/deploy_openshift_prereqs.sh line 6:
cd "$(dirname $BASH_SOURCE)/../.."
^-- SC2164 (warning): Use 'cd ... || exit' or 'cd ... || return' in case cd fails.
              ^----------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
cd "$(dirname "$BASH_SOURCE")/../.." || exit


In logging/bin/deploy_openshift_prereqs.sh line 9:
this_script=`basename "$0"`
            ^-------------^ SC2006 (style): Use $(...) notation instead of legacy backticks `...`.

Did you mean: 
this_script=$(basename "$0")


In logging/bin/deploy_openshift_prereqs.sh line 23:
oc adm policy add-scc-to-user privileged -z v4m-os -n $LOG_NS
                                                      ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
oc adm policy add-scc-to-user privileged -z v4m-os -n "$LOG_NS"


In logging/bin/deploy_osd.sh line 6:
cd "$(dirname $BASH_SOURCE)/../.."
              ^----------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
cd "$(dirname "$BASH_SOURCE")/../.."


In logging/bin/deploy_osd.sh line 13:
this_script=`basename "$0"`
            ^-------------^ SC2006 (style): Use $(...) notation instead of legacy backticks `...`.

Did you mean: 
this_script=$(basename "$0")


In logging/bin/deploy_osd.sh line 35:
if [ "$(kubectl get ns $LOG_NS -o name 2>/dev/null)" == "" ]; then
                       ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
if [ "$(kubectl get ns "$LOG_NS" -o name 2>/dev/null)" == "" ]; then


In logging/bin/deploy_osd.sh line 47:
if verify_cert_generator $LOG_NS kibana; then
                         ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
if verify_cert_generator "$LOG_NS" kibana; then


In logging/bin/deploy_osd.sh line 55:
create_tls_certs $LOG_NS logging kibana
                 ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
create_tls_certs "$LOG_NS" logging kibana


In logging/bin/deploy_osd.sh line 82:
   yq -i eval-all '. as $item ireduce ({}; . * $item )' "$autogeneratedYAMLFile" "$ingressSampleFile"
                  ^-- SC2016 (info): Expressions don't expand in single quotes, use double quotes for that.


In logging/bin/deploy_osd.sh line 85:
   OSD_FQDN="${OSD_FQDN}"
   ^------^ SC2269 (info): This variable is assigned to itself, so the assignment does nothing.


In logging/bin/deploy_osd.sh line 99:
   yq -i '.ingress.enabled=env(OSD_INGRESS_ENABLE)'            $autogeneratedYAMLFile
                                                               ^--------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   yq -i '.ingress.enabled=env(OSD_INGRESS_ENABLE)'            "$autogeneratedYAMLFile"


In logging/bin/deploy_osd.sh line 101:
      yq -i '.ingress.hosts.[0].host=strenv(OSD_FQDN)'         $autogeneratedYAMLFile
                                                               ^--------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      yq -i '.ingress.hosts.[0].host=strenv(OSD_FQDN)'         "$autogeneratedYAMLFile"


In logging/bin/deploy_osd.sh line 102:
      yq -i '.ingress.tls.[0].hosts.[0]=env(OSD_FQDN)'         $autogeneratedYAMLFile
                                                               ^--------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      yq -i '.ingress.tls.[0].hosts.[0]=env(OSD_FQDN)'         "$autogeneratedYAMLFile"


In logging/bin/deploy_osd.sh line 107:
      yq -i '(.extraEnvs.[] | select(has("name")) | select(.name == "SERVER_BASEPATH")).value=env(slashpath)' $autogeneratedYAMLFile
                                                                                                              ^--------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      yq -i '(.extraEnvs.[] | select(has("name")) | select(.name == "SERVER_BASEPATH")).value=env(slashpath)' "$autogeneratedYAMLFile"


In logging/bin/deploy_osd.sh line 109:
      yq -i '.ingress.hosts.[0].host=env(OSD_FQDN)'            $autogeneratedYAMLFile
                                                               ^--------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      yq -i '.ingress.hosts.[0].host=env(OSD_FQDN)'            "$autogeneratedYAMLFile"


In logging/bin/deploy_osd.sh line 110:
      yq -i '.ingress.hosts.[0].paths.[0].path=env(slashpath)' $autogeneratedYAMLFile
                                                               ^--------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      yq -i '.ingress.hosts.[0].paths.[0].path=env(slashpath)' "$autogeneratedYAMLFile"


In logging/bin/deploy_osd.sh line 111:
      yq -i '.ingress.tls.[0].hosts.[0]=env(OSD_FQDN)'         $autogeneratedYAMLFile
                                                               ^--------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      yq -i '.ingress.tls.[0].hosts.[0]=env(OSD_FQDN)'         "$autogeneratedYAMLFile"


In logging/bin/deploy_osd.sh line 112:
      yq -i '.ingress.annotations["nginx.ingress.kubernetes.io/rewrite-target"]=env(slashpath)'               $autogeneratedYAMLFile
                                                                                                              ^--------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      yq -i '.ingress.annotations["nginx.ingress.kubernetes.io/rewrite-target"]=env(slashpath)'               "$autogeneratedYAMLFile"


In logging/bin/deploy_osd.sh line 115:
      printf -v snippet "rewrite (?i)/$OSD_PATH/(.*) /\$1 break;\nrewrite (?i)/${OSD_PATH}$ / break;"  ;
                        ^-- SC2059 (info): Don't use variables in the printf format string. Use printf '..%s..' "$foo".


In logging/bin/deploy_osd.sh line 116:
      snippet="$snippet"    yq -i '.ingress.annotations["nginx.ingress.kubernetes.io/configuration-snippet"]=strenv(snippet)'  $autogeneratedYAMLFile
                                                                                                                               ^--------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      snippet="$snippet"    yq -i '.ingress.annotations["nginx.ingress.kubernetes.io/configuration-snippet"]=strenv(snippet)'  "$autogeneratedYAMLFile"


In logging/bin/deploy_osd.sh line 160:
kubectl -n $LOG_NS delete secret          v4m-osd-tls-enabled  --ignore-not-found
           ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
kubectl -n "$LOG_NS" delete secret          v4m-osd-tls-enabled  --ignore-not-found


In logging/bin/deploy_osd.sh line 161:
kubectl -n $LOG_NS create secret generic  v4m-osd-tls-enabled  --from-literal enable_tls="$OSD_TLS_ENABLE"
           ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
kubectl -n "$LOG_NS" create secret generic  v4m-osd-tls-enabled  --from-literal enable_tls="$OSD_TLS_ENABLE"


In logging/bin/deploy_osd.sh line 167:
if [ "$(kubectl -n $LOG_NS get deployment v4m-osd -o jsonpath={.spec.template.metadata.labels} 2>/dev/null)" == '{"app":"opensearch-dashboards","release":"v4m-osd"}' ]; then
                   ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                              ^-- SC1083 (warning): This { is literal. Check expression (missing ;/\n?) or quote it.
                                                                                             ^-- SC1083 (warning): This } is literal. Check expression (missing ;/\n?) or quote it.

Did you mean: 
if [ "$(kubectl -n "$LOG_NS" get deployment v4m-osd -o jsonpath={.spec.template.metadata.labels} 2>/dev/null)" == '{"app":"opensearch-dashboards","release":"v4m-osd"}' ]; then


In logging/bin/deploy_osd.sh line 169:
   kubectl -n $LOG_NS delete deployment v4m-osd
              ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   kubectl -n "$LOG_NS" delete deployment v4m-osd


In logging/bin/deploy_osd.sh line 204:
chart2install="$(get_helmchart_reference $OSD_HELM_CHART_REPO $OSD_HELM_CHART_NAME $OSD_HELM_CHART_VERSION)"
                                         ^------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                              ^------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                   ^---------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
chart2install="$(get_helmchart_reference "$OSD_HELM_CHART_REPO" "$OSD_HELM_CHART_NAME" "$OSD_HELM_CHART_VERSION")"


In logging/bin/deploy_osd.sh line 205:
versionstring="$(get_helm_versionstring  $OSD_HELM_CHART_VERSION)"
                                         ^---------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
versionstring="$(get_helm_versionstring  "$OSD_HELM_CHART_VERSION")"


In logging/bin/deploy_osd.sh line 210:
helm $helmDebug upgrade --install v4m-osd \
     ^--------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
helm "$helmDebug" upgrade --install v4m-osd \


In logging/bin/deploy_osd.sh line 211:
    $versionstring \
    ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
    "$versionstring" \


In logging/bin/deploy_osd.sh line 212:
    --namespace $LOG_NS \
                ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
    --namespace "$LOG_NS" \


In logging/bin/deploy_osd.sh line 222:
   $chart2install
   ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   "$chart2install"


In logging/bin/deploy_osd.sh line 229:
   disable_sa_token_automount $LOG_NS v4m-os
                              ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   disable_sa_token_automount "$LOG_NS" v4m-os


In logging/bin/deploy_osd.sh line 231:
   disable_sa_token_automount $LOG_NS v4m-osd-dashboards
                              ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   disable_sa_token_automount "$LOG_NS" v4m-osd-dashboards


In logging/bin/deploy_osd_content.sh line 6:
cd "$(dirname $BASH_SOURCE)/../.."
              ^----------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
cd "$(dirname "$BASH_SOURCE")/../.."


In logging/bin/deploy_osd_content.sh line 13:
this_script=`basename "$0"`
            ^-------------^ SC2006 (style): Use $(...) notation instead of legacy backticks `...`.

Did you mean: 
this_script=$(basename "$0")


In logging/bin/deploy_osd_content.sh line 28:
if [ "$(kubectl get ns $LOG_NS -o name 2>/dev/null)" == "" ]; then
                       ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
if [ "$(kubectl get ns "$LOG_NS" -o name 2>/dev/null)" == "" ]; then


In logging/bin/deploy_osd_content.sh line 45:
osdlabels="$(kubectl -n $LOG_NS get deployment v4m-osd -o=jsonpath='{.spec.selector.matchLabels}'| tr -d '{}"' | tr : '=')"
                        ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
osdlabels="$(kubectl -n "$LOG_NS" get deployment v4m-osd -o=jsonpath='{.spec.selector.matchLabels}'| tr -d '{}"' | tr : '=')"


In logging/bin/deploy_osd_content.sh line 47:
kubectl -n $LOG_NS wait pods --selector "$osdlabels"  --for condition=Ready --timeout=10m
           ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
kubectl -n "$LOG_NS" wait pods --selector "$osdlabels"  --for condition=Ready --timeout=10m


In logging/bin/deploy_osd_content.sh line 59:
   response=$(curl -s -o /dev/null -w  "%{http_code}" -XGET  "${kb_api_url}/api/status"  --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD  --insecure)
                                                                                                ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                               ^--------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   response=$(curl -s -o /dev/null -w  "%{http_code}" -XGET  "${kb_api_url}/api/status"  --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD"  --insecure)

For more information:
  https://www.shellcheck.net/wiki/SC2077 -- You need spaces around the compar...
  https://www.shellcheck.net/wiki/SC2145 -- Argument mixes string and array. ...
  https://www.shellcheck.net/wiki/SC2148 -- Tips depend on target shell and y...
----------

You can address the above issues in one of three ways:
1. Manually correct the issue in the offending shell script;
2. Disable specific issues by adding the comment:
  # shellcheck disable=NNNN
above the line that contains the issue, where NNNN is the error code;
3. Add '-e NNNN' to the SHELLCHECK_OPTS setting in your .yml action file.
shfmt errors 

'shfmt -s -i 4 -bn -sr -ln bash' returned error 1 finding the following formatting issues:

----------
diff logging/bin/apiaccess-include.sh.orig logging/bin/apiaccess-include.sh
--- logging/bin/apiaccess-include.sh.orig
+++ logging/bin/apiaccess-include.sh
@@ -18,237 +18,233 @@
 source bin/service-url-include.sh
 
 function stop_portforwarding {
-   # terminate port-forwarding process if PID was cached
-
-   local pid
-   pid=${1:-$pfPID}
-
-   if [ -o errexit ]; then
-      restore_errexit=Y
-      log_debug "Toggling errexit: Off"
-      set +e
-   fi
-
-   if ps -p "$pid" >/dev/null;  then
-      log_debug "Killing port-forwarding process [$pid]."
-      kill -9 $pid
-      wait $pid 2>/dev/null  # suppresses message reporting process has been killed
-   else
-      log_debug "No portforwarding processID found; nothing to terminate."
-   fi
-
-   if [ -n "$restore_errexit" ]; then
-      log_debug "Toggling errexit: On"
-      set -e
-   fi
+    # terminate port-forwarding process if PID was cached
+
+    local pid
+    pid=${1:-$pfPID}
+
+    if [ -o errexit ]; then
+        restore_errexit=Y
+        log_debug "Toggling errexit: Off"
+        set +e
+    fi
+
+    if ps -p "$pid" > /dev/null; then
+        log_debug "Killing port-forwarding process [$pid]."
+        kill -9 $pid
+        wait $pid 2> /dev/null # suppresses message reporting process has been killed
+    else
+        log_debug "No portforwarding processID found; nothing to terminate."
+    fi
+
+    if [ -n "$restore_errexit" ]; then
+        log_debug "Toggling errexit: On"
+        set -e
+    fi
 
 }
 
 function stop_es_portforwarding {
-   #
-   # terminate ES port-forwarding process
-   #
-   # Global vars:      espfpid    - process id of ES portforwarding
-   #                   es_api_url - URL to access ES API/serivce
-
-   if [ -n "$espfpid" ]; then
-      log_debug "ES PF PID for stopping: $espfpid"
-      stop_portforwarding $espfpid
-      unset espfpid
-      unset es_api_url
-   fi
+    #
+    # terminate ES port-forwarding process
+    #
+    # Global vars:      espfpid    - process id of ES portforwarding
+    #                   es_api_url - URL to access ES API/serivce
+
+    if [ -n "$espfpid" ]; then
+        log_debug "ES PF PID for stopping: $espfpid"
+        stop_portforwarding $espfpid
+        unset espfpid
+        unset es_api_url
+    fi
 }
 
 function stop_kb_portforwarding {
-   #
-   # terminate KB port-forwarding process
-   #
-   # Global vars:      kbpfpid    - process id of KB portforwarding
-   #                   kb_api_url - URL to access KB API/serivce
-
-   if [ -n "$kbpfpid" ]; then
-      log_debug "KB PF PID for stopping: $kbpfpid"
-      stop_portforwarding $kbpfpid
-      unset kbpfpid
-      unset kb_api_url
-   fi
- }
+    #
+    # terminate KB port-forwarding process
+    #
+    # Global vars:      kbpfpid    - process id of KB portforwarding
+    #                   kb_api_url - URL to access KB API/serivce
+
+    if [ -n "$kbpfpid" ]; then
+        log_debug "KB PF PID for stopping: $kbpfpid"
+        stop_portforwarding $kbpfpid
+        unset kbpfpid
+        unset kb_api_url
+    fi
+}
 
 function get_api_url {
-   #
-   # determine URL to access specified API/service
-   #
-   # Global vars:      api_url - URL to access requested API/serivce
-   #                   pfPID   - process id used for portforwarding
-   #
-   local servicename portpath usetls serviceport
-   servicename=$1
-   portpath=$2
-   usetls=${3:-false}
-   ingress=$4
-
-   api_url=$(get_service_url "$LOG_NS" "$servicename" "$usetls" $ingress)
-
-   if [ -z "$api_url" ] || [ "$LOG_ALWAYS_PORT_FORWARD" == "true" ]; then
-      # set up temporary port forwarding to allow curl access
-      log_debug "Will use Kubernetes port-forwarding to access"
-      log_debug "LOG_ALWAYS_PORT_FORWARD: $LOG_ALWAYS_PORT_FORWARD api_url: $api_url"
-
-      serviceport=$(kubectl -n $LOG_NS get service $servicename -o=jsonpath=$portpath)
-      log_debug "serviceport: $serviceport"
-
-      # command is sent to run in background
-
-      kubectl -n $LOG_NS port-forward --address localhost svc/$servicename :$serviceport > $tmpfile 2>/dev/null &
-
-      # get PID to allow us to kill process later
-      pfPID=$!
-      log_debug "pfPID: $pfPID"
-
-      # pause to allow port-forwarding messages to appear
-      sleep 5
-
-      # determine which port port-forwarding is using
-      pfRegex='Forwarding from .+:([0-9]+)'
-      myline=$(head -n1  $tmpfile)
-
-      if [[ $myline =~ $pfRegex ]]; then
-         TEMP_PORT="${BASH_REMATCH[1]}";
-         log_debug "TEMP_PORT=${TEMP_PORT}"
-      else
-         log_error "Unable to identify the temporary port used for port-forwarding [$servicename]; exiting script.";
-         return 1
-      fi
-
-      if [ "$usetls" == "true" ]; then
-         protocol="https"
-      else
-         protocol="http"
-      fi
-
-      api_url="$protocol://localhost:$TEMP_PORT"
-
-   fi
-   log_debug "API Endpoint for [$servicename]: $api_url"
-}
-
+    #
+    # determine URL to access specified API/service
+    #
+    # Global vars:      api_url - URL to access requested API/serivce
+    #                   pfPID   - process id used for portforwarding
+    #
+    local servicename portpath usetls serviceport
+    servicename=$1
+    portpath=$2
+    usetls=${3:-false}
+    ingress=$4
+
+    api_url=$(get_service_url "$LOG_NS" "$servicename" "$usetls" $ingress)
+
+    if [ -z "$api_url" ] || [ "$LOG_ALWAYS_PORT_FORWARD" == "true" ]; then
+        # set up temporary port forwarding to allow curl access
+        log_debug "Will use Kubernetes port-forwarding to access"
+        log_debug "LOG_ALWAYS_PORT_FORWARD: $LOG_ALWAYS_PORT_FORWARD api_url: $api_url"
+
+        serviceport=$(kubectl -n $LOG_NS get service $servicename -o=jsonpath=$portpath)
+        log_debug "serviceport: $serviceport"
+
+        # command is sent to run in background
+
+        kubectl -n $LOG_NS port-forward --address localhost svc/$servicename :$serviceport > $tmpfile 2> /dev/null &
+
+        # get PID to allow us to kill process later
+        pfPID=$!
+        log_debug "pfPID: $pfPID"
+
+        # pause to allow port-forwarding messages to appear
+        sleep 5
+
+        # determine which port port-forwarding is using
+        pfRegex='Forwarding from .+:([0-9]+)'
+        myline=$(head -n1 $tmpfile)
+
+        if [[ $myline =~ $pfRegex ]]; then
+            TEMP_PORT="${BASH_REMATCH[1]}"
+            log_debug "TEMP_PORT=${TEMP_PORT}"
+        else
+            log_error "Unable to identify the temporary port used for port-forwarding [$servicename]; exiting script."
+            return 1
+        fi
+
+        if [ "$usetls" == "true" ]; then
+            protocol="https"
+        else
+            protocol="http"
+        fi
+
+        api_url="$protocol://localhost:$TEMP_PORT"
+
+    fi
+    log_debug "API Endpoint for [$servicename]: $api_url"
+}
 
 function get_es_api_url {
-   #
-   # obtain ES API/service URL (establish port-forwarding, if necessary)
-   #
-   # Global vars:      es_api_url - URL to access ES API/serivce
-   #                   espfpid    - process id of ES portforwarding
-
-   if [ -n "$es_api_url" ]; then
-      log_debug "Elasticsearch API Endpoint already set [$es_api_url]"
-      return 0
-   fi
-
-   pfPID=""
-   get_api_url "$ES_SERVICENAME" '{.spec.ports[?(@.name=="http")].port}' true
-
-   rc=$?
-
-   if [ "$rc" == "0" ]; then
-      es_api_url=$api_url
-      espfpid=$pfPID
-      trap_add stop_es_portforwarding EXIT
-      return 0
-   else
-      log_error "Unable to obtain the URL for the Elasticsearch API Endpoint"
-      return 1
-   fi
+    #
+    # obtain ES API/service URL (establish port-forwarding, if necessary)
+    #
+    # Global vars:      es_api_url - URL to access ES API/serivce
+    #                   espfpid    - process id of ES portforwarding
+
+    if [ -n "$es_api_url" ]; then
+        log_debug "Elasticsearch API Endpoint already set [$es_api_url]"
+        return 0
+    fi
+
+    pfPID=""
+    get_api_url "$ES_SERVICENAME" '{.spec.ports[?(@.name=="http")].port}' true
+
+    rc=$?
+
+    if [ "$rc" == "0" ]; then
+        es_api_url=$api_url
+        espfpid=$pfPID
+        trap_add stop_es_portforwarding EXIT
+        return 0
+    else
+        log_error "Unable to obtain the URL for the Elasticsearch API Endpoint"
+        return 1
+    fi
 }
 
 function get_kb_api_url {
-   #
-   # obtain KB API/service URL (establish port-forwarding, if necessary)
-   #
-   # Global vars:      kb_api_url - URL to access KB API/service
-   #                   kbpfpid    - process id of KB portforwarding
-
-
-   if [ -n "$kb_api_url" ]; then
-      log_debug "Kibana API Endpoint already set [$kb_api_url]"
-      return 0
-   fi
-
-   pfPID=""
-
-   tlsrequired="$(kubectl -n $LOG_NS get secret v4m-osd-tls-enabled -o=jsonpath={.data.enable_tls} |base64 --decode)"
-   log_debug "TLS required to connect to Kibana? [$tlsrequired]"
-
-   get_api_url "$KB_SERVICENAME" '{.spec.ports[?(@.name=="'${KB_SERVICEPORT}'")].port}'  $tlsrequired  $KB_INGRESSNAME
-   rc=$?
-
-   if [ "$rc" == "0" ]; then
-      kb_api_url=$api_url
-      kbpfpid=$pfPID
-      trap_add stop_kb_portforwarding EXIT
-      return 0
-   else
-      log_error "Unable to obtain the URL for the OpenSearch Dashboards API Endpoint"
-      return 1
-   fi
+    #
+    # obtain KB API/service URL (establish port-forwarding, if necessary)
+    #
+    # Global vars:      kb_api_url - URL to access KB API/service
+    #                   kbpfpid    - process id of KB portforwarding
+
+    if [ -n "$kb_api_url" ]; then
+        log_debug "Kibana API Endpoint already set [$kb_api_url]"
+        return 0
+    fi
+
+    pfPID=""
+
+    tlsrequired="$(kubectl -n $LOG_NS get secret v4m-osd-tls-enabled -o=jsonpath={.data.enable_tls} | base64 --decode)"
+    log_debug "TLS required to connect to Kibana? [$tlsrequired]"
+
+    get_api_url "$KB_SERVICENAME" '{.spec.ports[?(@.name=="'${KB_SERVICEPORT}'")].port}' $tlsrequired $KB_INGRESSNAME
+    rc=$?
+
+    if [ "$rc" == "0" ]; then
+        kb_api_url=$api_url
+        kbpfpid=$pfPID
+        trap_add stop_kb_portforwarding EXIT
+        return 0
+    else
+        log_error "Unable to obtain the URL for the OpenSearch Dashboards API Endpoint"
+        return 1
+    fi
 }
 
 function get_sec_api_url {
-   #
-   # obtain ODFE Security API/service URL (calls get_es_api_url function, if necessary)
-   #
-   # Global vars:      sec_api_url - URL to access ODFE Security API/serivce
-
- if [ -n "$sec_api_url" ]; then
-    log_debug "Security API Endpoint already set [$sec_api_url]"
-    return 0
- fi
-
- get_es_api_url
- rc=$?
-
- if [ "$rc" == "0" ]; then
-    sec_api_url="${es_api_url}/$ES_PLUGINS_DIR/_security/api"
-
-    log_debug "Security API Endpoint: [$sec_api_url]"
-    return 0
- else
-    sec_api_url=""
-    log_error "Unable to obtain the URL for the Security API Endpoint"
-    return 1
- fi
+    #
+    # obtain ODFE Security API/service URL (calls get_es_api_url function, if necessary)
+    #
+    # Global vars:      sec_api_url - URL to access ODFE Security API/serivce
+
+    if [ -n "$sec_api_url" ]; then
+        log_debug "Security API Endpoint already set [$sec_api_url]"
+        return 0
+    fi
+
+    get_es_api_url
+    rc=$?
+
+    if [ "$rc" == "0" ]; then
+        sec_api_url="${es_api_url}/$ES_PLUGINS_DIR/_security/api"
+
+        log_debug "Security API Endpoint: [$sec_api_url]"
+        return 0
+    else
+        sec_api_url=""
+        log_error "Unable to obtain the URL for the Security API Endpoint"
+        return 1
+    fi
 }
 
 function get_ism_api_url {
-   #
-   # obtain Index State Managment API/service URL (calls get_es_api_url function, if necessary)
-   #
-   # Global vars:      ism_api_url - URL to access ISM API/serivce
-
- if [ -n "$ism_api_url" ]; then
-    log_debug "Index Statement Management API Endpoint already set [$ism_api_url]"
-    return 0
- fi
-
- get_es_api_url
- rc=$?
-
- if [ "$rc" == "0" ]; then
-    ism_api_url="${es_api_url}/$ES_PLUGINS_DIR/_ism"
-
-    log_debug "Index State Management API Endpoint: [$ism_api_url]"
-    return 0
- else
-    ism_api_url=""
-    log_error "Unable to obtain the URL for the Index State Management API Endpoint"
-    return 1
- fi
-}
-
+    #
+    # obtain Index State Managment API/service URL (calls get_es_api_url function, if necessary)
+    #
+    # Global vars:      ism_api_url - URL to access ISM API/serivce
+
+    if [ -n "$ism_api_url" ]; then
+        log_debug "Index Statement Management API Endpoint already set [$ism_api_url]"
+        return 0
+    fi
+
+    get_es_api_url
+    rc=$?
+
+    if [ "$rc" == "0" ]; then
+        ism_api_url="${es_api_url}/$ES_PLUGINS_DIR/_ism"
+
+        log_debug "Index State Management API Endpoint: [$ism_api_url]"
+        return 0
+    else
+        ism_api_url=""
+        log_error "Unable to obtain the URL for the Index State Management API Endpoint"
+        return 1
+    fi
+}
 
 export -f get_ism_api_url get_sec_api_url stop_portforwarding get_es_api_url get_kb_api_url stop_es_portforwarding stop_kb_portforwarding
 
-
 #initialize "global" vars
 LOG_ALWAYS_PORT_FORWARD=${LOG_ALWAYS_PORT_FORWARD:-true}
 export es_api_url kb_api_url espfpid kbpfpid sec_api_url pfPID LOG_ALWAYS_PORT_FORWARD
@@ -255,5 +251,5 @@
 
 #create a temp file to hold curl response
 if [ -z "$tmpfile" ]; then
-   tmpfile=$TMP_DIR/curl_response.txt
+    tmpfile=$TMP_DIR/curl_response.txt
 fi
diff logging/bin/change_internal_password.sh.orig logging/bin/change_internal_password.sh
--- logging/bin/change_internal_password.sh.orig
+++ logging/bin/change_internal_password.sh
@@ -9,22 +9,22 @@
 source logging/bin/secrets-include.sh
 source logging/bin/apiaccess-include.sh
 
-this_script=`basename "$0"`
+this_script=$(basename "$0")
 
 function show_usage {
-   log_info  ""
-   log_info  "Usage: $this_script USERNAME [PASSWORD] "
-   log_info  ""
-   log_info  "Changes the password for one of the special internal user accounts used by other components of the monitoring system to communicate "
-   log_info  "with OpenSearch.  In addition, the script upates the internal cache (i.e. corresponding Kubernetes secret) with the new value."
-   log_info  ""
-   log_info  "     USERNAME - REQUIRED; the internal username for which the password is be changed; "
-   log_info  "                MUST be one of: admin, kibanaserver, logadm, logcollector or metricgetter"
-   log_info  ""
-   log_info  "     PASSWORD - OPTIONAL; the new password.  If not provided, a random 32-character password will be generated."
-   log_info  "                Note: PASSWORD is REQUIRED when USERNAME is 'logadm'."
-   log_info  ""
-   echo ""
+    log_info ""
+    log_info "Usage: $this_script USERNAME [PASSWORD] "
+    log_info ""
+    log_info "Changes the password for one of the special internal user accounts used by other components of the monitoring system to communicate "
+    log_info "with OpenSearch.  In addition, the script upates the internal cache (i.e. corresponding Kubernetes secret) with the new value."
+    log_info ""
+    log_info "     USERNAME - REQUIRED; the internal username for which the password is be changed; "
+    log_info "                MUST be one of: admin, kibanaserver, logadm, logcollector or metricgetter"
+    log_info ""
+    log_info "     PASSWORD - OPTIONAL; the new password.  If not provided, a random 32-character password will be generated."
+    log_info "                Note: PASSWORD is REQUIRED when USERNAME is 'logadm'."
+    log_info ""
+    echo ""
 }
 
 # set vars used in curl commands
@@ -37,246 +37,241 @@
 
 # if no user_name; ERROR and EXIT
 if [ "$USER_NAME" == "" ]; then
-  log_error "Required argument [USER_NAME] not provided."
-  exit 1
-else
-  case "$USER_NAME" in
-   admin)
-     ;;
-   logcollector)
-     ;;
-   logadm)
-     if [ -z "$NEW_PASSWD" ]; then
-        log_error "No password provided.  A new password is REQUIRED when using this script to change the [logadm] account password"
-        exit 1
-     fi
-     ;;
-   kibanaserver)
-     ;;
-   metricgetter)
-     ;;
-   --help|-h)
-     show_usage
-     exit
-     ;;
-   *)
-     log_error "The user name [$USER_NAME] you provided is not one of the supported internal users; exiting"
-     show_usage
-     exit 2
-     ;;
-  esac
-fi
-
+    log_error "Required argument [USER_NAME] not provided."
+    exit 1
+else
+    case "$USER_NAME" in
+    admin) ;;
+    logcollector) ;;
+    logadm)
+        if [ -z "$NEW_PASSWD" ]; then
+            log_error "No password provided.  A new password is REQUIRED when using this script to change the [logadm] account password"
+            exit 1
+        fi
+        ;;
+    kibanaserver) ;;
+    metricgetter) ;;
+    --help | -h)
+        show_usage
+        exit
+        ;;
+    *)
+        log_error "The user name [$USER_NAME] you provided is not one of the supported internal users; exiting"
+        show_usage
+        exit 2
+        ;;
+    esac
+fi
 
 if [ "$NEW_PASSWD" == "" ]; then
-   # generate password if one not provided
-   NEW_PASSWD="$(randomPassword)"
-   autogenerated_password="true"
+    # generate password if one not provided
+    NEW_PASSWD="$(randomPassword)"
+    autogenerated_password="true"
 fi
 
 if [ "$USER_NAME" != "logadm" ]; then
-   #get current credentials from Kubernetes secret
-   if [ -z "$(kubectl -n $LOG_NS get secret internal-user-$USER_NAME -o=name 2>/dev/null)" ]; then
-      log_warn "The Kubernetes secret [internal-user-$USER_NAME], containing credentials for the user, was not found."
-      # TO DO: How to handle case where secret does not exist?  Should never happen. 
-      # exit
-      ES_USER=$USER_NAME
-   else
-      ES_USER=$(kubectl -n $LOG_NS get secret internal-user-$USER_NAME -o=jsonpath="{.data.\username}" |base64 --decode)
-      ES_PASSWD=$(kubectl -n $LOG_NS get secret internal-user-$USER_NAME -o=jsonpath="{.data.password}" |base64 --decode)
-   fi
-else
-  ES_USER=$USER_NAME
-  ES_PASSWD="do_not_know_current_password"
+    #get current credentials from Kubernetes secret
+    if [ -z "$(kubectl -n $LOG_NS get secret internal-user-$USER_NAME -o=name 2> /dev/null)" ]; then
+        log_warn "The Kubernetes secret [internal-user-$USER_NAME], containing credentials for the user, was not found."
+        # TO DO: How to handle case where secret does not exist?  Should never happen.
+        # exit
+        ES_USER=$USER_NAME
+    else
+        ES_USER=$(kubectl -n $LOG_NS get secret internal-user-$USER_NAME -o=jsonpath="{.data.\username}" | base64 --decode)
+        ES_PASSWD=$(kubectl -n $LOG_NS get secret internal-user-$USER_NAME -o=jsonpath="{.data.password}" | base64 --decode)
+    fi
+else
+    ES_USER=$USER_NAME
+    ES_PASSWD="do_not_know_current_password"
 fi
 
 get_sec_api_url
 
 # Attempt to change password using current user credentials
-response=$(curl -s -o /dev/null -w "%{http_code}" -XPUT "$sec_api_url/account"   -H 'Content-Type: application/json' -d'{"current_password" : "'"$ES_PASSWD"'", "password" : "'"$NEW_PASSWD"'"}' --user "$ES_USER:$ES_PASSWD" --insecure)
+response=$(curl -s -o /dev/null -w "%{http_code}" -XPUT "$sec_api_url/account" -H 'Content-Type: application/json' -d'{"current_password" : "'"$ES_PASSWD"'", "password" : "'"$NEW_PASSWD"'"}' --user "$ES_USER:$ES_PASSWD" --insecure)
 if [[ $response == 4* ]]; then
-   if [ "$USER_NAME" != "logadm" ]; then
-      log_warn "The currently stored credentials for [$USER_NAME] do NOT appear to be up-to-date; unable to use them to change password. [$response]"
-   fi
-
-   if [ "$USER_NAME" != "admin" ]; then
-
-      log_debug "Will attempt to use admin credentials to change password for [$USER_NAME]"
-
-      ES_ADMIN_USER=$(kubectl -n $LOG_NS get secret internal-user-admin -o=jsonpath="{.data.username}" |base64 --decode)
-      ES_ADMIN_PASSWD=$(kubectl -n $LOG_NS get secret internal-user-admin -o=jsonpath="{.data.password}" |base64 --decode)
-
-      # make sure hash utility is executable
-      kubectl -n $LOG_NS exec $targetpod -c $targetcontainer --  chmod +x $toolsrootdir/tools/hash.sh
-      # get hash of new password
-      hashed_passwd=$(kubectl -n $LOG_NS exec $targetpod  -c $targetcontainer --  $toolsrootdir/tools/hash.sh -p $NEW_PASSWD|grep -v '*')
-      rc=$?
-      if [ "$rc" == "0" ]; then
-
-         #try changing password using admin password
-         response=$(curl -s -o /dev/null -w "%{http_code}"  -XPATCH "$sec_api_url/internalusers/$ES_USER"   -H 'Content-Type: application/json' -d'[{"op" : "replace", "path" : "/hash", "value" : "'"$hashed_passwd"'"}]'  --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
-         if [[ "$response" == "404" ]]; then
-            log_error "Unable to change password for [$USER_NAME] because that user does not exist. [$response]"
-            success="non-existent_user"
-         elif [[ $response == 4* ]]; then
-            log_error "The Kubernetes secret containing credentials for the [admin] user appears to be out-of-date. [$response]"
-            echo ""
-            log_error "                                *********** IMPORTANT NOTE ***********"
-            log_error ""
-            log_error " Cached credentials for [admin] user are not valid!"
-            log_error ""
-            log_error " It is VERY IMPORTANT to ensure the credentials for the [admin] account and the corresponding"
-            log_error " Kubernetes secret [internal-user-admin] in the [$LOG_NS] namespace are ALWAYS synchronized."
-            log_error ""
-            log_error " You MUST re-run this script NOW with the updated password for the [admin] account to update"
-            log_error " the secret with the current password."
-            log_error ""
-            log_error " You may then run this script again to update the password for the [$USER_NAME] account."
-            echo ""
-            success="false"
-         elif [[ $response == 2* ]]; then
-            log_debug "Password for [$USER_NAME] has been changed in OpenSearch. [$response]"
-            success="true"
-         else
-            log_warn "Unable to change password for [$USER_NAME] using [admin] credentials. [$response]"
-            success="false"
-         fi
-      else
-         log_error "Unable to obtain a hash of the new password; password not changed. [rc: $rc]";
-      fi
-   else
-      log_debug "Attempting to change password for user [admin] using the admin certs rather than cached password"
-
-      # make sure hash utility is executable
-      kubectl -n $LOG_NS exec $targetpod  -c $targetcontainer --  chmod +x $toolsrootdir/tools/hash.sh
-      # get hash of new password
-      hashed_passwd=$(kubectl -n $LOG_NS exec $targetpod  -c $targetcontainer --  $toolsrootdir/tools/hash.sh -p $NEW_PASSWD|grep -v '*')
-
-
-      #obtain admin cert
-      rm -f $TMP_DIR/tls.crt
-      admin_tls_cert=$(kubectl -n $LOG_NS get secrets es-admin-tls-secret -o "jsonpath={.data['tls\.crt']}")
-      if [ -z "$admin_tls_cert" ]; then
-         log_error "Unable to obtain admin certs from secret [es-admin-tls-secret] in the [$LOG_NS] namespace. Password for [$USER_NAME] has NOT been changed."
-         success="false"
-      else
-         log_debug "File tls.crt obtained from Kubernetes secret"
-         echo "$admin_tls_cert" |base64 --decode > $TMP_DIR/admin_tls.crt
-
-         #obtain admin TLS key
-         rm -f $TMP_DIR/tls.key
-         admin_tls_key=$(kubectl -n $LOG_NS get secrets es-admin-tls-secret -o "jsonpath={.data['tls\.key']}")
-         if [ -z "$admin_tls_key" ]; then
-            log_error "Unable to obtain admin cert key from secret [es-admin-tls-secret] in the [$LOG_NS] namespace. Password for [$USER_NAME] has NOT been changed."
-            success="false"
-         else
-            log_debug "File tls.key obtained from Kubernetes secret"
-            echo "$admin_tls_key" |base64 --decode > $TMP_DIR/admin_tls.key
-
-            # Attempt to change password using admin certs
-            response=$(curl -s -o /dev/null -w "%{http_code}" -XPATCH "$sec_api_url/internalusers/$ES_USER"   -H 'Content-Type: application/json' -d'[{"op" : "replace", "path" : "/hash", "value" : "'"$hashed_passwd"'"}]'  --cert $TMP_DIR/admin_tls.crt --key $TMP_DIR/admin_tls.key  --insecure)
-            if [[ $response == 2* ]]; then
-               log_debug "Password for [$USER_NAME] has been changed in OpenSearch. [$response]"
-               success="true"
-            else
-               log_warn "Unable to change password for [$USER_NAME] using [admin] certificates. [$response]"
-               success="false"
-            fi
-         fi
-      fi
-   fi
+    if [ "$USER_NAME" != "logadm" ]; then
+        log_warn "The currently stored credentials for [$USER_NAME] do NOT appear to be up-to-date; unable to use them to change password. [$response]"
+    fi
+
+    if [ "$USER_NAME" != "admin" ]; then
+
+        log_debug "Will attempt to use admin credentials to change password for [$USER_NAME]"
+
+        ES_ADMIN_USER=$(kubectl -n $LOG_NS get secret internal-user-admin -o=jsonpath="{.data.username}" | base64 --decode)
+        ES_ADMIN_PASSWD=$(kubectl -n $LOG_NS get secret internal-user-admin -o=jsonpath="{.data.password}" | base64 --decode)
+
+        # make sure hash utility is executable
+        kubectl -n $LOG_NS exec $targetpod -c $targetcontainer -- chmod +x $toolsrootdir/tools/hash.sh
+        # get hash of new password
+        hashed_passwd=$(kubectl -n $LOG_NS exec $targetpod -c $targetcontainer -- $toolsrootdir/tools/hash.sh -p $NEW_PASSWD | grep -v '*')
+        rc=$?
+        if [ "$rc" == "0" ]; then
+
+            #try changing password using admin password
+            response=$(curl -s -o /dev/null -w "%{http_code}" -XPATCH "$sec_api_url/internalusers/$ES_USER" -H 'Content-Type: application/json' -d'[{"op" : "replace", "path" : "/hash", "value" : "'"$hashed_passwd"'"}]' --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
+            if [[ $response == "404" ]]; then
+                log_error "Unable to change password for [$USER_NAME] because that user does not exist. [$response]"
+                success="non-existent_user"
+            elif [[ $response == 4* ]]; then
+                log_error "The Kubernetes secret containing credentials for the [admin] user appears to be out-of-date. [$response]"
+                echo ""
+                log_error "                                *********** IMPORTANT NOTE ***********"
+                log_error ""
+                log_error " Cached credentials for [admin] user are not valid!"
+                log_error ""
+                log_error " It is VERY IMPORTANT to ensure the credentials for the [admin] account and the corresponding"
+                log_error " Kubernetes secret [internal-user-admin] in the [$LOG_NS] namespace are ALWAYS synchronized."
+                log_error ""
+                log_error " You MUST re-run this script NOW with the updated password for the [admin] account to update"
+                log_error " the secret with the current password."
+                log_error ""
+                log_error " You may then run this script again to update the password for the [$USER_NAME] account."
+                echo ""
+                success="false"
+            elif [[ $response == 2* ]]; then
+                log_debug "Password for [$USER_NAME] has been changed in OpenSearch. [$response]"
+                success="true"
+            else
+                log_warn "Unable to change password for [$USER_NAME] using [admin] credentials. [$response]"
+                success="false"
+            fi
+        else
+            log_error "Unable to obtain a hash of the new password; password not changed. [rc: $rc]"
+        fi
+    else
+        log_debug "Attempting to change password for user [admin] using the admin certs rather than cached password"
+
+        # make sure hash utility is executable
+        kubectl -n $LOG_NS exec $targetpod -c $targetcontainer -- chmod +x $toolsrootdir/tools/hash.sh
+        # get hash of new password
+        hashed_passwd=$(kubectl -n $LOG_NS exec $targetpod -c $targetcontainer -- $toolsrootdir/tools/hash.sh -p $NEW_PASSWD | grep -v '*')
+
+        #obtain admin cert
+        rm -f $TMP_DIR/tls.crt
+        admin_tls_cert=$(kubectl -n $LOG_NS get secrets es-admin-tls-secret -o "jsonpath={.data['tls\.crt']}")
+        if [ -z "$admin_tls_cert" ]; then
+            log_error "Unable to obtain admin certs from secret [es-admin-tls-secret] in the [$LOG_NS] namespace. Password for [$USER_NAME] has NOT been changed."
+            success="false"
+        else
+            log_debug "File tls.crt obtained from Kubernetes secret"
+            echo "$admin_tls_cert" | base64 --decode > $TMP_DIR/admin_tls.crt
+
+            #obtain admin TLS key
+            rm -f $TMP_DIR/tls.key
+            admin_tls_key=$(kubectl -n $LOG_NS get secrets es-admin-tls-secret -o "jsonpath={.data['tls\.key']}")
+            if [ -z "$admin_tls_key" ]; then
+                log_error "Unable to obtain admin cert key from secret [es-admin-tls-secret] in the [$LOG_NS] namespace. Password for [$USER_NAME] has NOT been changed."
+                success="false"
+            else
+                log_debug "File tls.key obtained from Kubernetes secret"
+                echo "$admin_tls_key" | base64 --decode > $TMP_DIR/admin_tls.key
+
+                # Attempt to change password using admin certs
+                response=$(curl -s -o /dev/null -w "%{http_code}" -XPATCH "$sec_api_url/internalusers/$ES_USER" -H 'Content-Type: application/json' -d'[{"op" : "replace", "path" : "/hash", "value" : "'"$hashed_passwd"'"}]' --cert $TMP_DIR/admin_tls.crt --key $TMP_DIR/admin_tls.key --insecure)
+                if [[ $response == 2* ]]; then
+                    log_debug "Password for [$USER_NAME] has been changed in OpenSearch. [$response]"
+                    success="true"
+                else
+                    log_warn "Unable to change password for [$USER_NAME] using [admin] certificates. [$response]"
+                    success="false"
+                fi
+            fi
+        fi
+    fi
 elif [[ $response == 2* ]]; then
-   log_debug "Password change response [$response]"
-   success="true"
-else
-   log_error "An unexpected problem was encountered while attempting to update password for [$USER_NAME]; password not changed [$response]"
-   success="false"
+    log_debug "Password change response [$response]"
+    success="true"
+else
+    log_error "An unexpected problem was encountered while attempting to update password for [$USER_NAME]; password not changed [$response]"
+    success="false"
 fi
 
 if [ "$success" == "true" ]; then
-  log_info "Successfully changed the password for [$USER_NAME] in OpenSearch internal database."
-
-  if [ "$USER_NAME" != "logadm" ]; then
-     log_debug "Trying to store the updated credentials in the corresponding Kubernetes secret [internal-user-$USER_NAME]."
-
-     kubectl -n $LOG_NS delete secret internal-user-$USER_NAME  --ignore-not-found
-
-     labels="managed-by=v4m-es-script"
-     if [ "$autogenerated_password" == "true" ]; then
-        labels="$labels autogenerated_password=true"
-     fi
-
-     create_user_secret internal-user-$USER_NAME $USER_NAME $NEW_PASSWD "$labels"
-     rc=$?
-     if [ "$rc" != "0" ]; then
-       log_error "IMPORTANT! A Kubernetes secret holding the password for $USER_NAME no longer exists."
-       log_error "This WILL cause problems when the OpenSearch pods restart."
-       log_error "Try re-running this script again OR manually creating the secret using the command: "
-       log_error "kubectl -n $LOG_NS create secret generic --from-literal=username=$USER_NAME --from-literal=password=$NEW_PASSWD"
-     else
-       case $USER_NAME in
-        admin)
-
-          if [ "$autogenerated_password" == "true" ]; then
-             echo ""
-             log_notice "                    *********** IMPORTANT NOTE ***********                  "
-             log_notice ""
-             log_notice " The password for the OpenSearch 'admin' user was changed as requested.  "
-             log_notice "                                                                            "
-             log_notice " Since a new password for the 'admin' user was NOT provided, one was        "
-             log_notice " auto-generated for the account. The generated password is shown below.     "
-             log_notice "                                                                            "
-             log_notice " Generated 'admin' password:  $NEW_PASSWD                                       |"
-             log_notice "                                                                            "
-             log_notice " You can change the password for the 'admin' account at any time, by        "
-             log_notice " re-running this script.                                                    "
-             log_notice "                                                                            "
-             log_notice " NOTE: *NEVER* change the password for the 'admin' account from within the  "
-             log_notice " OpenSearch Dashboards web-interface.  The 'admin' password should *ONLY* be changed via   "
-             log_notice " this script (logging/bin/change_internal_password.sh)                      "
-             echo ""
-          fi
-          ;;
-        logcollector)
-          echo ""
-          log_notice "                    *********** IMPORTANT NOTE ***********                   "
-          log_notice "                                                                             "
-          log_notice " After changing the password for the [logcollector] user, you should restart "
-          log_notice " the Fluent Bit pods to ensure log collection is not interrupted.            "
-          log_notice "                                                                             "
-          log_notice " This can be done by submitting the following command:                       "
-          log_notice "       kubectl -n $LOG_NS rollout restart daemonset v4m-fb                   "
-          echo ""
-          ;;
-        kibanaserver)
-          echo ""
-          log_notice "                        *********** IMPORTANT NOTE ***********                        "
-          log_notice "                                                                                      "
-          log_notice " After changing the password for the [kibanaserver] user, you need to restart the     "
-          log_notice " OpenSearch Dashboards pod to ensure OpenSearch Dashboards can still be accessed and used. "
-          log_notice "                                                                                      "
-          log_notice " This can be done by submitting the following command:                                "
-          log_notice "              kubectl -n $LOG_NS delete pods -l 'app=opensearch-dashboards'"
-          echo ""
-          ;;
-        metricgetter)
-          echo ""
-          log_notice "                        *********** IMPORTANT NOTE ***********                        "
-          log_notice "                                                                                      "
-          log_notice " After changing the password for the [metricgetter] user, you should restart the      "
-          log_notice " Elasticsearch Exporter pod to ensure OpenSearch metrics continue to be collected. "
-          log_notice "                                                                                      "
-          log_notice " This can be done by submitting the following command:                                "
-          log_notice "       kubectl -n $LOG_NS rollout restart deployment v4m-es-exporter                  "
-          echo ""
-          ;;
-        *)
-        log_error "The user name [$USER_NAME] you provided is not one of the supported internal users; exiting"
-        exit 2
-       esac
-     fi
-  fi
+    log_info "Successfully changed the password for [$USER_NAME] in OpenSearch internal database."
+
+    if [ "$USER_NAME" != "logadm" ]; then
+        log_debug "Trying to store the updated credentials in the corresponding Kubernetes secret [internal-user-$USER_NAME]."
+
+        kubectl -n $LOG_NS delete secret internal-user-$USER_NAME --ignore-not-found
+
+        labels="managed-by=v4m-es-script"
+        if [ "$autogenerated_password" == "true" ]; then
+            labels="$labels autogenerated_password=true"
+        fi
+
+        create_user_secret internal-user-$USER_NAME $USER_NAME $NEW_PASSWD "$labels"
+        rc=$?
+        if [ "$rc" != "0" ]; then
+            log_error "IMPORTANT! A Kubernetes secret holding the password for $USER_NAME no longer exists."
+            log_error "This WILL cause problems when the OpenSearch pods restart."
+            log_error "Try re-running this script again OR manually creating the secret using the command: "
+            log_error "kubectl -n $LOG_NS create secret generic --from-literal=username=$USER_NAME --from-literal=password=$NEW_PASSWD"
+        else
+            case $USER_NAME in
+            admin)
+
+                if [ "$autogenerated_password" == "true" ]; then
+                    echo ""
+                    log_notice "                    *********** IMPORTANT NOTE ***********                  "
+                    log_notice ""
+                    log_notice " The password for the OpenSearch 'admin' user was changed as requested.  "
+                    log_notice "                                                                            "
+                    log_notice " Since a new password for the 'admin' user was NOT provided, one was        "
+                    log_notice " auto-generated for the account. The generated password is shown below.     "
+                    log_notice "                                                                            "
+                    log_notice " Generated 'admin' password:  $NEW_PASSWD                                       |"
+                    log_notice "                                                                            "
+                    log_notice " You can change the password for the 'admin' account at any time, by        "
+                    log_notice " re-running this script.                                                    "
+                    log_notice "                                                                            "
+                    log_notice " NOTE: *NEVER* change the password for the 'admin' account from within the  "
+                    log_notice " OpenSearch Dashboards web-interface.  The 'admin' password should *ONLY* be changed via   "
+                    log_notice " this script (logging/bin/change_internal_password.sh)                      "
+                    echo ""
+                fi
+                ;;
+            logcollector)
+                echo ""
+                log_notice "                    *********** IMPORTANT NOTE ***********                   "
+                log_notice "                                                                             "
+                log_notice " After changing the password for the [logcollector] user, you should restart "
+                log_notice " the Fluent Bit pods to ensure log collection is not interrupted.            "
+                log_notice "                                                                             "
+                log_notice " This can be done by submitting the following command:                       "
+                log_notice "       kubectl -n $LOG_NS rollout restart daemonset v4m-fb                   "
+                echo ""
+                ;;
+            kibanaserver)
+                echo ""
+                log_notice "                        *********** IMPORTANT NOTE ***********                        "
+                log_notice "                                                                                      "
+                log_notice " After changing the password for the [kibanaserver] user, you need to restart the     "
+                log_notice " OpenSearch Dashboards pod to ensure OpenSearch Dashboards can still be accessed and used. "
+                log_notice "                                                                                      "
+                log_notice " This can be done by submitting the following command:                                "
+                log_notice "              kubectl -n $LOG_NS delete pods -l 'app=opensearch-dashboards'"
+                echo ""
+                ;;
+            metricgetter)
+                echo ""
+                log_notice "                        *********** IMPORTANT NOTE ***********                        "
+                log_notice "                                                                                      "
+                log_notice " After changing the password for the [metricgetter] user, you should restart the      "
+                log_notice " Elasticsearch Exporter pod to ensure OpenSearch metrics continue to be collected. "
+                log_notice "                                                                                      "
+                log_notice " This can be done by submitting the following command:                                "
+                log_notice "       kubectl -n $LOG_NS rollout restart deployment v4m-es-exporter                  "
+                echo ""
+                ;;
+            *)
+                log_error "The user name [$USER_NAME] you provided is not one of the supported internal users; exiting"
+                exit 2
+                ;;
+            esac
+        fi
+    fi
 elif [ "$success" == "false" ]; then
-  log_error "Unable to update the password for user [$USER_NAME] on the OpenSearch pod; original password remains in place."
-  exit 99
+    log_error "Unable to update the password for user [$USER_NAME] on the OpenSearch pod; original password remains in place."
+    exit 99
 fi
diff logging/bin/common.sh.orig logging/bin/common.sh
--- logging/bin/common.sh.orig
+++ logging/bin/common.sh
@@ -11,18 +11,18 @@
         userEnv=$(grep -v '^[[:blank:]]*$' $USER_DIR/logging/user.env | grep -v '^#' | xargs)
         log_verbose "Loading user environment file: $USER_DIR/logging/user.env"
         if [ "$userEnv" ]; then
-          export $userEnv
+            export $userEnv
         fi
     fi
 
     #Check for obsolete env var
-    if [  -n "$LOG_SEARCH_BACKEND" ]; then
+    if [ -n "$LOG_SEARCH_BACKEND" ]; then
         log_error "Support for the LOG_SEARCH_BACKEND environment variable has been removed."
         log_error "This script is only appropriate for use with OpenSearch as the search back-end."
         log_error "The LOG_SEARCH_BACKEND environment variable is currently set to [$LOG_SEARCH_BACKEND]"
         exit 1
     fi
-    
+
     export LOG_NS="${LOG_NS:-logging}"
 
     #if TLS (w/in cluster; for all monitoring components) is requested, require TLS into OSD pod, too
@@ -47,7 +47,7 @@
     export V4M_NS=$LOG_NS
 
     if [ "$AIRGAP_DEPLOYMENT" == "true" ]; then
-       source bin/airgap-include.sh
+        source bin/airgap-include.sh
     fi
 
     source bin/version-include.sh
@@ -56,4 +56,3 @@
 
 fi
 echo ""
-
diff logging/bin/deploy_esexporter.sh.orig logging/bin/deploy_esexporter.sh
--- logging/bin/deploy_esexporter.sh.orig
+++ logging/bin/deploy_esexporter.sh
@@ -7,7 +7,7 @@
 source logging/bin/common.sh
 source logging/bin/secrets-include.sh
 
-this_script=`basename "$0"`
+this_script=$(basename "$0")
 
 log_debug "Script [$this_script] has started [$(date)]"
 
@@ -14,8 +14,8 @@
 ELASTICSEARCH_EXPORTER_ENABLED=${ELASTICSEARCH_EXPORTER_ENABLED:-true}
 
 if [ "$ELASTICSEARCH_EXPORTER_ENABLED" != "true" ]; then
-  log_verbose "Environment variable [ELASTICSEARCH_EXPORTER_ENABLED] is not set to 'true'; exiting WITHOUT deploying Elasticsearch Exporter"
-  exit
+    log_verbose "Environment variable [ELASTICSEARCH_EXPORTER_ENABLED] is not set to 'true'; exiting WITHOUT deploying Elasticsearch Exporter"
+    exit
 fi
 
 set -e
@@ -25,41 +25,43 @@
 # check for pre-reqs
 
 # Confirm namespace exists
-if [ "$(kubectl get ns $LOG_NS -o name 2>/dev/null)" == "" ]; then
-  log_error "Namespace [$LOG_NS] does NOT exist."
-  exit 1
+if [ "$(kubectl get ns $LOG_NS -o name 2> /dev/null)" == "" ]; then
+    log_error "Namespace [$LOG_NS] does NOT exist."
+    exit 1
 fi
 
 # get credentials
 get_credentials_from_secret metricgetter
 rc=$?
-if [ "$rc" != "0" ] ;then log_debug "RC=$rc"; exit $rc;fi
-
+if [ "$rc" != "0" ]; then
+    log_debug "RC=$rc"
+    exit $rc
+fi
 
 if helm3ReleaseExists es-exporter $LOG_NS; then
-   #remove an existing instance if it does NOT have the most current set of labels
-   # NOTE: pod label 'app' changed to 'app.kubernetes.io/name' w/Helm chart 6.x
-   if [ -z $(kubectl -n $LOG_NS get pods -l "app.kubernetes.io/name=prometheus-elasticsearch-exporter,searchbackend=opensearch" -o name 2>/dev/null) ]; then
-      log_debug "Removing an outdated version of Helm release [es-exporter]"
-      helm -n $LOG_NS delete es-exporter
-   fi
-
-   if kubectl get crd servicemonitors.monitoring.coreos.com 2>1 1>/dev/null; then
-      #serviceMonitor CRD may not be present if metric monitoring stack is not deployed
-      monNamespace=$(kubectl get servicemonitor -A --field-selector=metadata.name=elasticsearch -l sas.com/monitoring-base=kube-viya-monitoring -o=custom-columns=NAMESPACE:.metadata.namespace --no-headers)
-      if [ -n "$monNamespace" ]; then
-         log_debug "Removing obsolete serviceMonitor [$monNamespace/elasticsearch]"
-         kubectl delete -n $monNamespace servicemonitor elasticsearch
-         log_debug "Deploying an updated serviceMonitor for Elasticsearch  [$monNamespace/elasticsearch-v2]"
-         kubectl apply  -n $monNamespace -f monitoring/monitors/logging/serviceMonitor-elasticsearch-v2.yaml
-      else
-         log_debug "No instance of the obsolete elasticsearch serviceMonitor found."
-      fi
-   else
-      log_debug "No serviceMonitor CRD detected; skipping check for obsolete elasticseach serviceMonitor instance."
-   fi
-else
-   log_debug "No existing Helm release [es-exporter] found."
+    #remove an existing instance if it does NOT have the most current set of labels
+    # NOTE: pod label 'app' changed to 'app.kubernetes.io/name' w/Helm chart 6.x
+    if [ -z $(kubectl -n $LOG_NS get pods -l "app.kubernetes.io/name=prometheus-elasticsearch-exporter,searchbackend=opensearch" -o name 2> /dev/null) ]; then
+        log_debug "Removing an outdated version of Helm release [es-exporter]"
+        helm -n $LOG_NS delete es-exporter
+    fi
+
+    if kubectl get crd servicemonitors.monitoring.coreos.com 2> 1 1> /dev/null; then
+        #serviceMonitor CRD may not be present if metric monitoring stack is not deployed
+        monNamespace=$(kubectl get servicemonitor -A --field-selector=metadata.name=elasticsearch -l sas.com/monitoring-base=kube-viya-monitoring -o=custom-columns=NAMESPACE:.metadata.namespace --no-headers)
+        if [ -n "$monNamespace" ]; then
+            log_debug "Removing obsolete serviceMonitor [$monNamespace/elasticsearch]"
+            kubectl delete -n $monNamespace servicemonitor elasticsearch
+            log_debug "Deploying an updated serviceMonitor for Elasticsearch  [$monNamespace/elasticsearch-v2]"
+            kubectl apply -n $monNamespace -f monitoring/monitors/logging/serviceMonitor-elasticsearch-v2.yaml
+        else
+            log_debug "No instance of the obsolete elasticsearch serviceMonitor found."
+        fi
+    else
+        log_debug "No serviceMonitor CRD detected; skipping check for obsolete elasticseach serviceMonitor instance."
+    fi
+else
+    log_debug "No existing Helm release [es-exporter] found."
 fi
 
 # enable debug on Helm via env var
@@ -66,7 +68,7 @@
 export HELM_DEBUG="${HELM_DEBUG:-false}"
 
 if [ "$HELM_DEBUG" == "true" ]; then
-  helmDebug="--debug"
+    helmDebug="--debug"
 fi
 
 helmRepoAdd prometheus-community https://prometheus-community.github.io/helm-charts
@@ -80,8 +82,8 @@
 # Load any user customizations/overrides
 ES_OPEN_EXPORTER_USER_YAML="${ES_OPEN_EXPORTER_USER_YAML:-$USER_DIR/logging/user-values-es-exporter.yaml}"
 if [ ! -f "$ES_OPEN_EXPORTER_USER_YAML" ]; then
-  log_debug "[$ES_OPEN_EXPORTER_USER_YAML] not found. Using $TMP_DIR/empty.yaml"
-  ES_OPEN_EXPORTER_USER_YAML=$TMP_DIR/empty.yaml
+    log_debug "[$ES_OPEN_EXPORTER_USER_YAML] not found. Using $TMP_DIR/empty.yaml"
+    ES_OPEN_EXPORTER_USER_YAML=$TMP_DIR/empty.yaml
 fi
 
 # Enable workload node placement?
@@ -89,44 +91,42 @@
 
 # Optional workload node placement support
 if [ "$LOG_NODE_PLACEMENT_ENABLE" == "true" ]; then
-  log_verbose "Enabling elasticsearch exporter for workload node placement"
-  wnpValuesFile="logging/node-placement/values-elasticsearch-exporter-wnp.yaml"
-else
-  log_debug "Workload node placement support is disabled for the elasticsearch exporter"
-  wnpValuesFile="$TMP_DIR/empty.yaml"
-fi
-
+    log_verbose "Enabling elasticsearch exporter for workload node placement"
+    wnpValuesFile="logging/node-placement/values-elasticsearch-exporter-wnp.yaml"
+else
+    log_debug "Workload node placement support is disabled for the elasticsearch exporter"
+    wnpValuesFile="$TMP_DIR/empty.yaml"
+fi
 
 # Point to OpenShift response file or dummy as appropriate
 if [ "$OPENSHIFT_CLUSTER" == "true" ]; then
-  log_verbose "Deploying Elasticsearch metric exporter onto OpenShift cluster"
-  openshiftValuesFile="logging/openshift/values-elasticsearch-exporter.yaml"
-else
-  log_debug "Elasticsearch metric exporter is NOT being deployed on OpenShift cluster"
-  openshiftValuesFile="$TMP_DIR/empty.yaml"
+    log_verbose "Deploying Elasticsearch metric exporter onto OpenShift cluster"
+    openshiftValuesFile="logging/openshift/values-elasticsearch-exporter.yaml"
+else
+    log_debug "Elasticsearch metric exporter is NOT being deployed on OpenShift cluster"
+    openshiftValuesFile="$TMP_DIR/empty.yaml"
 fi
 
 # Elasticsearch metric exporter
 helm2ReleaseCheck es-exporter-$LOG_NS
 
-
 ## Get Helm Chart Name
 log_debug "Elasticsearch Exporter Helm Chart: repo [$ESEXPORTER_HELM_CHART_REPO] name [$ESEXPORTER_HELM_CHART_NAME] version [$ESEXPORTER_HELM_CHART_VERSION]"
 chart2install="$(get_helmchart_reference $ESEXPORTER_HELM_CHART_REPO $ESEXPORTER_HELM_CHART_NAME $ESEXPORTER_HELM_CHART_VERSION)"
-versionstring="$(get_helm_versionstring  $ESEXPORTER_HELM_CHART_VERSION)"
+versionstring="$(get_helm_versionstring $ESEXPORTER_HELM_CHART_VERSION)"
 
 log_debug "Installing Helm chart from artifact [$chart2install]"
 
 helm $helmDebug upgrade --install es-exporter \
- --namespace $LOG_NS \
- -f $imageKeysFile \
- -f $primaryValuesFile \
- -f $wnpValuesFile \
- -f $openshiftValuesFile \
- -f $ES_OPEN_EXPORTER_USER_YAML \
- --set fullnameOverride=v4m-es-exporter  \
- $versionstring \
- $chart2install
+    --namespace $LOG_NS \
+    -f $imageKeysFile \
+    -f $primaryValuesFile \
+    -f $wnpValuesFile \
+    -f $openshiftValuesFile \
+    -f $ES_OPEN_EXPORTER_USER_YAML \
+    --set fullnameOverride=v4m-es-exporter \
+    $versionstring \
+    $chart2install
 
 log_info "Elasticsearch metric exporter has been deployed"
 
diff logging/bin/deploy_logging.sh.orig logging/bin/deploy_logging.sh
--- logging/bin/deploy_logging.sh.orig
+++ logging/bin/deploy_logging.sh
@@ -9,13 +9,12 @@
 
 # Confirm NOT on OpenShift
 if [ "$OPENSHIFT_CLUSTER" == "true" ]; then
-  if [ "${CHECK_OPENSHIFT_CLUSTER:-true}" == "true" ]; then
-    log_error "This script should NOT be run on OpenShift clusters"
-    log_error "Run logging/bin/deploy_logging_openshift.sh instead"
-    exit 1
-  fi
-fi
-
+    if [ "${CHECK_OPENSHIFT_CLUSTER:-true}" == "true" ]; then
+        log_error "This script should NOT be run on OpenShift clusters"
+        log_error "Run logging/bin/deploy_logging_openshift.sh instead"
+        exit 1
+    fi
+fi
 
 # set flag indicating wrapper/driver script being run
 export LOGGING_DRIVER=true
@@ -27,11 +26,11 @@
 checkDefaultStorageClass
 
 # Create namespace if it doesn't exist
-if [ "$(kubectl get ns $LOG_NS -o name 2>/dev/null)" == "" ]; then
-  kubectl create ns $LOG_NS
-
-  #Container Security: Disable serviceAccount Token Automounting
-  disable_sa_token_automount $LOG_NS default
+if [ "$(kubectl get ns $LOG_NS -o name 2> /dev/null)" == "" ]; then
+    kubectl create ns $LOG_NS
+
+    #Container Security: Disable serviceAccount Token Automounting
+    disable_sa_token_automount $LOG_NS default
 fi
 
 log_notice "Deploying logging components to the [$LOG_NS] namespace [$(date)]"
@@ -88,7 +87,6 @@
 bin/show_app_url.sh OSD OS
 set -e
 
-
 ##################################
 # Version Info                   #
 ##################################
@@ -95,14 +93,13 @@
 
 # If a deployment with the old name exists, remove it first
 if helm3ReleaseExists v4m $LOG_NS; then
-  log_verbose "Removing outdated SAS Viya Monitoring Helm chart release from [$LOG_NS] namespace"
-  helm uninstall -n "$LOG_NS" "v4m"
+    log_verbose "Removing outdated SAS Viya Monitoring Helm chart release from [$LOG_NS] namespace"
+    helm uninstall -n "$LOG_NS" "v4m"
 fi
 
 if ! deployV4MInfo "$LOG_NS" "v4m-logs"; then
-  log_warn "Unable to update SAS Viya Monitoring Helm chart release"
-fi
-
+    log_warn "Unable to update SAS Viya Monitoring Helm chart release"
+fi
 
 # Write any "notices" to console
 log_message ""
@@ -111,4 +108,3 @@
 log_message ""
 log_notice "The deployment of logging components has completed [$(date)]"
 echo ""
-
diff logging/bin/deploy_logging_openshift.sh.orig logging/bin/deploy_logging_openshift.sh
--- logging/bin/deploy_logging_openshift.sh.orig
+++ logging/bin/deploy_logging_openshift.sh
@@ -11,11 +11,11 @@
 ##################################
 
 if [ "$OPENSHIFT_CLUSTER" != "true" ]; then
-  if [ "${CHECK_OPENSHIFT_CLUSTER:-true}" == "true" ]; then
-    log_error "This script should only be run on OpenShift clusters"
-    log_error "Run logging/bin/deploy_logging.sh instead"
-    exit 1
-  fi
+    if [ "${CHECK_OPENSHIFT_CLUSTER:-true}" == "true" ]; then
+        log_error "This script should only be run on OpenShift clusters"
+        log_error "Run logging/bin/deploy_logging.sh instead"
+        exit 1
+    fi
 fi
 
 # set flag indicating wrapper/driver script being run
@@ -28,13 +28,13 @@
 checkDefaultStorageClass
 
 # Create namespace if it doesn't exist
-if [ "$(kubectl get ns $LOG_NS -o name 2>/dev/null)" == "" ]; then
-  kubectl create ns $LOG_NS
-
-  #Container Security: Disable serviceAccount Token Automounting
-  disable_sa_token_automount $LOG_NS default
-  disable_sa_token_automount $LOG_NS builder
-  disable_sa_token_automount $LOG_NS deployer
+if [ "$(kubectl get ns $LOG_NS -o name 2> /dev/null)" == "" ]; then
+    kubectl create ns $LOG_NS
+
+    #Container Security: Disable serviceAccount Token Automounting
+    disable_sa_token_automount $LOG_NS default
+    disable_sa_token_automount $LOG_NS builder
+    disable_sa_token_automount $LOG_NS deployer
 fi
 
 set -e
@@ -41,7 +41,6 @@
 
 log_notice "Deploying logging components to the [$LOG_NS] namespace [$(date)]"
 
-
 ##################################
 # OpenShift-specific Set-up      #
 ##################################
@@ -57,7 +56,6 @@
 log_info "STEP 1: OpenSearch"
 logging/bin/deploy_opensearch.sh
 
-
 ##################################
 # OpenSearch Dashboards (Kibana) #
 ##################################
@@ -64,7 +62,6 @@
 log_info "STEP 2: OpenSearch Dashboards"
 logging/bin/deploy_osd.sh
 
-
 ##################################
 # Elasticsearch Metric Exporter  #
 ##################################
@@ -71,7 +68,6 @@
 log_info "STEP 3: Elasticsearch metric exporter"
 logging/bin/deploy_esexporter.sh
 
-
 ##################################
 # OpenSearch Content (OpenShift) #
 ##################################
@@ -78,7 +74,6 @@
 log_info "STEP 4: Loading Content into OpenSearch"
 logging/bin/deploy_opensearch_content.sh
 
-
 ##################################
 # OSD Content                    #
 ##################################
@@ -86,7 +81,6 @@
 
 KB_KNOWN_NODEPORT_ENABLE=false logging/bin/deploy_osd_content.sh
 
-
 ##################################
 # Fluent Bit - Log Messages      #
 ##################################
@@ -99,7 +93,6 @@
 log_info "STEP 7: Deploying Fluent Bit - K8s Event Collection"
 logging/bin/deploy_fluentbit_k8sevents_opensearch.sh
 
-
 ##################################
 # Create OpenShift Route(s)      #
 # and display app URL(s)         #
@@ -110,22 +103,21 @@
 
 if [ "$OPENSHIFT_ROUTES_ENABLE" == "true" ]; then
 
-   servicelist="OSD"
-   logging/bin/create_openshift_route.sh OSD
-
-   OPENSHIFT_ES_ROUTE_ENABLE=${OPENSHIFT_ES_ROUTE_ENABLE:-false}
-   if [ "$OPENSHIFT_ES_ROUTE_ENABLE" == "true" ]; then
-      logging/bin/create_openshift_route.sh OS OSD
-
-      servicelist="OS OSD"
-   fi
-
-   bin/show_app_url.sh $servicelist
+    servicelist="OSD"
+    logging/bin/create_openshift_route.sh OSD
+
+    OPENSHIFT_ES_ROUTE_ENABLE=${OPENSHIFT_ES_ROUTE_ENABLE:-false}
+    if [ "$OPENSHIFT_ES_ROUTE_ENABLE" == "true" ]; then
+        logging/bin/create_openshift_route.sh OS OSD
+
+        servicelist="OS OSD"
+    fi
+
+    bin/show_app_url.sh $servicelist
 
 else
-   log_info "Environment variable [OPENSHIFT_ROUTES_ENABLE] is not set to 'true'; continuing WITHOUT deploying OpenShift Routes"
-fi
-
+    log_info "Environment variable [OPENSHIFT_ROUTES_ENABLE] is not set to 'true'; continuing WITHOUT deploying OpenShift Routes"
+fi
 
 ##################################
 # Service Monitors               #
@@ -134,7 +126,6 @@
 export DEPLOY_SERVICEMONITORS=${DEPLOY_SERVICEMONITORS:-true}
 logging/bin/deploy_servicemonitors_openshift.sh
 
-
 ##################################
 # Version Info                   #
 ##################################
@@ -142,14 +133,13 @@
 
 # If a deployment with the old name exists, remove it first
 if helm3ReleaseExists v4m $LOG_NS; then
-  log_verbose "Removing outdated SAS Viya Monitoring Helm chart release from [$LOG_NS] namespace"
-  helm uninstall -n "$LOG_NS" "v4m"
+    log_verbose "Removing outdated SAS Viya Monitoring Helm chart release from [$LOG_NS] namespace"
+    helm uninstall -n "$LOG_NS" "v4m"
 fi
 
 if ! deployV4MInfo "$LOG_NS" "v4m-logs"; then
-  log_warn "Unable to update SAS Viya Monitoring version info"
-fi
-
+    log_warn "Unable to update SAS Viya Monitoring version info"
+fi
 
 ##################################
 # Display Notices                #
@@ -158,7 +148,6 @@
 echo ""
 display_notices
 
-
 echo ""
 log_notice "The deployment of logging components has completed [$(date)]"
 echo ""
diff logging/bin/deploy_opensearch.sh.orig logging/bin/deploy_opensearch.sh
--- logging/bin/deploy_opensearch.sh.orig
+++ logging/bin/deploy_opensearch.sh
@@ -10,7 +10,7 @@
 source bin/autogenerate-include.sh
 source logging/bin/apiaccess-include.sh
 
-this_script=`basename "$0"`
+this_script=$(basename "$0")
 
 log_debug "Script [$this_script] has started [$(date)]"
 
@@ -17,8 +17,8 @@
 ELASTICSEARCH_ENABLE=${ELASTICSEARCH_ENABLE:-true}
 
 if [ "$ELASTICSEARCH_ENABLE" != "true" ]; then
-  log_verbose "Environment variable [ELASTICSEARCH_ENABLE] is not set to 'true'; exiting WITHOUT deploying OpenSearch"
-  exit 0
+    log_verbose "Environment variable [ELASTICSEARCH_ENABLE] is not set to 'true'; exiting WITHOUT deploying OpenSearch"
+    exit 0
 fi
 
 autogeneratedYAMLFile="$TMP_DIR/autogenerate-opensearch.yaml"
@@ -27,19 +27,19 @@
 
 if [ "$AUTOGENERATE_STORAGECLASS" == "true" ]; then
 
-   if [ ! -f "$autogeneratedYAMLFile" ]; then
-      log_debug "Creating file [$autogeneratedYAMLFile]"
-      touch "$autogeneratedYAMLFile"
-   else
-      log_debug "File [$autogeneratedYAMLFile] already exists"
-   fi
-
-   storageClass="${OPENSEARCH_STORAGECLASS:-$STORAGECLASS}"
-   checkStorageClass OPENSEARCH_STORAGECLASS "$OPENSEARCH_STORAGECLASS"
-   sc="$storageClass" yq -i '.persistence.storageClass=env(sc)' "$autogeneratedYAMLFile"
-
-else
-   log_debug "Autogeneration of storageClass References NOT enabled"
+    if [ ! -f "$autogeneratedYAMLFile" ]; then
+        log_debug "Creating file [$autogeneratedYAMLFile]"
+        touch "$autogeneratedYAMLFile"
+    else
+        log_debug "File [$autogeneratedYAMLFile] already exists"
+    fi
+
+    storageClass="${OPENSEARCH_STORAGECLASS:-$STORAGECLASS}"
+    checkStorageClass OPENSEARCH_STORAGECLASS "$OPENSEARCH_STORAGECLASS"
+    sc="$storageClass" yq -i '.persistence.storageClass=env(sc)' "$autogeneratedYAMLFile"
+
+else
+    log_debug "Autogeneration of storageClass References NOT enabled"
 fi
 
 AUTOGENERATE_INGRESS="${AUTOGENERATE_INGRESS:-false}"
@@ -47,62 +47,60 @@
 
 if [ "$AUTOGENERATE_INGRESS" == "true" ] && [ "$OPENSEARCH_INGRESS_ENABLE"="true" ]; then
 
-   if [ ! -f "$autogeneratedYAMLFile" ]; then
-      log_debug "Creating file [$autogeneratedYAMLFile]"
-      touch "$autogeneratedYAMLFile"
-   else
-      log_debug "File [$autogeneratedYAMLFile] already exists"
-   fi
-
-   osIngressCert="${OPENSEARCH_INGRESS_CERT}"
-   osIngressKey="${OPENSEARCH_INGRESS_KEY}"
-
-   create_ingress_certs "$LOG_NS" "elasticsearch-ingress-tls-secret" "$osIngressCert" "$osIngressKey" 
-
-   ROUTING="${ROUTING:-host}"
-
-   ## tested with sample version: 0.2.1
-   ingressSampleFile="samples/ingress/${ROUTING}-based-ingress/logging/user-values-opensearch.yaml"
-
-   #intialized the yaml file w/appropriate ingress sample
-   yq -i eval-all '. as $item ireduce ({}; . * $item )' "$autogeneratedYAMLFile" "$ingressSampleFile"
-
-   
-   OPENSEARCH_FQDN="${OPENSEARCH_FQDN}"
-   OPENSEARCH_PATH="${OPENSEARCH_PATH:-search}"
-   if [ -z "$OPENSEARCH_FQDN" ]; then
-      if [ "$ROUTING" == "host" ]; then
-         OPENSEARCH_FQDN="$OPENSEARCH_PATH.$BASE_DOMAIN"
-      else
-         OPENSEARCH_FQDN="$BASE_DOMAIN"
-      fi
-   fi
-
-   log_debug "OPENSEARCH_INGRESS_ENABLE [$OPENSEARCH_INGRESS_ENABLE] OPENSEARCH_FQDN [$OPENSEARCH_FQDN] OPENSEARCH_PATH [$OPENSEARCH_PATH]"
-
-   export OPENSEARCH_INGRESS_ENABLE OPENSEARCH_FQDN OPENSEARCH_PATH
-
-   yq -i '.ingress.enabled=env(OPENSEARCH_INGRESS_ENABLE)'               $autogeneratedYAMLFile
-
-   if [ "$ROUTING" == "host" ]; then
-      yq -i '.ingress.hosts.[0]=env(OPENSEARCH_FQDN)'                    $autogeneratedYAMLFile
-      yq -i '.ingress.tls.[0].hosts.[0]=env(OPENSEARCH_FQDN)'            $autogeneratedYAMLFile
-   else
-      slashpath="/$OPENSEARCH_PATH" yq -i '.ingress.path=env(slashpath)' $autogeneratedYAMLFile
-      yq -i '.ingress.hosts.[0]=env(OPENSEARCH_FQDN)'                    $autogeneratedYAMLFile
-
-      yq -i '.ingress.tls.[0].hosts.[0]=env(OPENSEARCH_FQDN)'            $autogeneratedYAMLFile
-      slashpath="/$OPENSEARCH_PATH" yq -i '.ingress.annotations["nginx.ingress.kubernetes.io/rewrite-target"]=env(slashpath)' $autogeneratedYAMLFile
-
-      # Need to use printf to preserve newlines
-      printf -v snippet "rewrite (?i)/$OPENSEARCH_PATH/(.*) /\$1 break;\nrewrite (?i)/${OPENSEARCH_PATH}$ / break;"  ;
-      snippet="$snippet"    yq -i '.ingress.annotations["nginx.ingress.kubernetes.io/configuration-snippet"]=strenv(snippet)'  $autogeneratedYAMLFile
-
-   fi      
-else
-   log_debug "Autogeneration of ingresss NOT enabled and/or ingress NOT enabled for OpenSearch"
-fi
-
+    if [ ! -f "$autogeneratedYAMLFile" ]; then
+        log_debug "Creating file [$autogeneratedYAMLFile]"
+        touch "$autogeneratedYAMLFile"
+    else
+        log_debug "File [$autogeneratedYAMLFile] already exists"
+    fi
+
+    osIngressCert="${OPENSEARCH_INGRESS_CERT}"
+    osIngressKey="${OPENSEARCH_INGRESS_KEY}"
+
+    create_ingress_certs "$LOG_NS" "elasticsearch-ingress-tls-secret" "$osIngressCert" "$osIngressKey"
+
+    ROUTING="${ROUTING:-host}"
+
+    ## tested with sample version: 0.2.1
+    ingressSampleFile="samples/ingress/${ROUTING}-based-ingress/logging/user-values-opensearch.yaml"
+
+    #intialized the yaml file w/appropriate ingress sample
+    yq -i eval-all '. as $item ireduce ({}; . * $item )' "$autogeneratedYAMLFile" "$ingressSampleFile"
+
+    OPENSEARCH_FQDN="${OPENSEARCH_FQDN}"
+    OPENSEARCH_PATH="${OPENSEARCH_PATH:-search}"
+    if [ -z "$OPENSEARCH_FQDN" ]; then
+        if [ "$ROUTING" == "host" ]; then
+            OPENSEARCH_FQDN="$OPENSEARCH_PATH.$BASE_DOMAIN"
+        else
+            OPENSEARCH_FQDN="$BASE_DOMAIN"
+        fi
+    fi
+
+    log_debug "OPENSEARCH_INGRESS_ENABLE [$OPENSEARCH_INGRESS_ENABLE] OPENSEARCH_FQDN [$OPENSEARCH_FQDN] OPENSEARCH_PATH [$OPENSEARCH_PATH]"
+
+    export OPENSEARCH_INGRESS_ENABLE OPENSEARCH_FQDN OPENSEARCH_PATH
+
+    yq -i '.ingress.enabled=env(OPENSEARCH_INGRESS_ENABLE)' $autogeneratedYAMLFile
+
+    if [ "$ROUTING" == "host" ]; then
+        yq -i '.ingress.hosts.[0]=env(OPENSEARCH_FQDN)' $autogeneratedYAMLFile
+        yq -i '.ingress.tls.[0].hosts.[0]=env(OPENSEARCH_FQDN)' $autogeneratedYAMLFile
+    else
+        slashpath="/$OPENSEARCH_PATH" yq -i '.ingress.path=env(slashpath)' $autogeneratedYAMLFile
+        yq -i '.ingress.hosts.[0]=env(OPENSEARCH_FQDN)' $autogeneratedYAMLFile
+
+        yq -i '.ingress.tls.[0].hosts.[0]=env(OPENSEARCH_FQDN)' $autogeneratedYAMLFile
+        slashpath="/$OPENSEARCH_PATH" yq -i '.ingress.annotations["nginx.ingress.kubernetes.io/rewrite-target"]=env(slashpath)' $autogeneratedYAMLFile
+
+        # Need to use printf to preserve newlines
+        printf -v snippet "rewrite (?i)/$OPENSEARCH_PATH/(.*) /\$1 break;\nrewrite (?i)/${OPENSEARCH_PATH}$ / break;"
+        snippet="$snippet" yq -i '.ingress.annotations["nginx.ingress.kubernetes.io/configuration-snippet"]=strenv(snippet)' $autogeneratedYAMLFile
+
+    fi
+else
+    log_debug "Autogeneration of ingresss NOT enabled and/or ingress NOT enabled for OpenSearch"
+fi
 
 set -e
 
@@ -113,18 +111,18 @@
 checkDefaultStorageClass
 
 # Confirm namespace exists
-if [ "$(kubectl get ns $LOG_NS -o name 2>/dev/null)" == "" ]; then
-  log_error "Namespace [$LOG_NS] does NOT exist."
-  exit 1
+if [ "$(kubectl get ns $LOG_NS -o name 2> /dev/null)" == "" ]; then
+    log_error "Namespace [$LOG_NS] does NOT exist."
+    exit 1
 fi
 
 #Generate yaml files with all container-related keys
-generateImageKeysFile "$OS_FULL_IMAGE"          "logging/opensearch/os_container_image.template"
-generateImageKeysFile "$OS_SYSCTL_FULL_IMAGE"   "$imageKeysFile"  "OS_SYSCTL_"
+generateImageKeysFile "$OS_FULL_IMAGE" "logging/opensearch/os_container_image.template"
+generateImageKeysFile "$OS_SYSCTL_FULL_IMAGE" "$imageKeysFile" "OS_SYSCTL_"
 
 #Copy imageKeysFile since next call will replace existing one
 cp "$imageKeysFile" "$TMP_DIR/opensearch_imagekeysfile.yaml"
-generateImageKeysFile "$OS_FULL_IMAGE"          "logging/opensearch/os_initcontainer_image.template" "" "true"
+generateImageKeysFile "$OS_FULL_IMAGE" "logging/opensearch/os_initcontainer_image.template" "" "true"
 
 # get credentials
 export ES_ADMIN_PASSWD=${ES_ADMIN_PASSWD}
@@ -133,19 +131,19 @@
 export ES_METRICGETTER_PASSWD=${ES_METRICGETTER_PASSWD}
 
 # Create secrets containing internal user credentials
-create_user_secret internal-user-admin        admin        "$ES_ADMIN_PASSWD"         managed-by=v4m-es-script
-create_user_secret internal-user-kibanaserver kibanaserver "$ES_KIBANASERVER_PASSWD"  managed-by=v4m-es-script
-create_user_secret internal-user-logcollector logcollector "$ES_LOGCOLLECTOR_PASSWD"  managed-by=v4m-es-script
-create_user_secret internal-user-metricgetter metricgetter "$ES_METRICGETTER_PASSWD"  managed-by=v4m-es-script
+create_user_secret internal-user-admin admin "$ES_ADMIN_PASSWD" managed-by=v4m-es-script
+create_user_secret internal-user-kibanaserver kibanaserver "$ES_KIBANASERVER_PASSWD" managed-by=v4m-es-script
+create_user_secret internal-user-logcollector logcollector "$ES_LOGCOLLECTOR_PASSWD" managed-by=v4m-es-script
+create_user_secret internal-user-metricgetter metricgetter "$ES_METRICGETTER_PASSWD" managed-by=v4m-es-script
 
 #cert_generator="${CERT_GENERATOR:-openssl}"
 
 # Verify cert generator is available (if necessary)
 if verify_cert_generator $LOG_NS es-transport es-rest es-admin; then
-   log_debug "cert generator check OK [$cert_generator_ok]"
-else
-   log_error "One or more required TLS certs do not exist and the expected certificate generator mechanism [$CERT_GENERATOR] is not available to create the missing certs"
-   exit 1
+    log_debug "cert generator check OK [$cert_generator_ok]"
+else
+    log_error "One or more required TLS certs do not exist and the expected certificate generator mechanism [$CERT_GENERATOR] is not available to create the missing certs"
+    exit 1
 fi
 
 # Create/Get necessary TLS certs
@@ -155,15 +153,15 @@
 sleep 10
 
 # Get subject from admin and transport cert for opensearch.yaml
-if [ ! -f  $TMP_DIR/es-transport.pem ]; then
-   log_debug "Extracting es-transport cert from secret"
-   kubectl -n $LOG_NS get secret es-transport-tls-secret -o=jsonpath="{.data.tls\.crt}" |base64 --decode > $TMP_DIR/es-transport.pem
+if [ ! -f $TMP_DIR/es-transport.pem ]; then
+    log_debug "Extracting es-transport cert from secret"
+    kubectl -n $LOG_NS get secret es-transport-tls-secret -o=jsonpath="{.data.tls\.crt}" | base64 --decode > $TMP_DIR/es-transport.pem
 fi
 node_dn=$(openssl x509 -subject -nameopt RFC2253 -noout -in $TMP_DIR/es-transport.pem | sed -e "s/subject=\s*\(\S*\)/\1/" -e "s/^[ \t]*//")
 
-if [ ! -f  $TMP_DIR/es-admin.pem ]; then
-   log_debug "Extracting es-admin cert from secret"
-   kubectl -n $LOG_NS get secret es-admin-tls-secret -o=jsonpath="{.data.tls\.crt}" |base64 --decode > $TMP_DIR/es-admin.pem
+if [ ! -f $TMP_DIR/es-admin.pem ]; then
+    log_debug "Extracting es-admin cert from secret"
+    kubectl -n $LOG_NS get secret es-admin-tls-secret -o=jsonpath="{.data.tls\.crt}" | base64 --decode > $TMP_DIR/es-admin.pem
 fi
 admin_dn=$(openssl x509 -subject -nameopt RFC2253 -noout -in $TMP_DIR/es-admin.pem | sed -e "s/subject=\s*\(\S*\)/\1/" -e "s/^[ \t]*//")
 
@@ -171,62 +169,61 @@
 
 #write cert subjects to secret to be mounted as env var
 kubectl -n $LOG_NS delete secret opensearch-cert-subjects --ignore-not-found
-kubectl -n $LOG_NS create secret generic opensearch-cert-subjects  --from-literal=node_dn="$node_dn" --from-literal=admin_dn="$admin_dn"
-kubectl -n $LOG_NS label  secret opensearch-cert-subjects  managed-by=v4m-es-script
+kubectl -n $LOG_NS create secret generic opensearch-cert-subjects --from-literal=node_dn="$node_dn" --from-literal=admin_dn="$admin_dn"
+kubectl -n $LOG_NS label secret opensearch-cert-subjects managed-by=v4m-es-script
 
 # Create ConfigMap for securityadmin script
 kubectl -n $LOG_NS delete configmap run-securityadmin.sh --ignore-not-found
 kubectl -n $LOG_NS create configmap run-securityadmin.sh --from-file logging/opensearch/bin/run_securityadmin.sh
-kubectl -n $LOG_NS label  configmap run-securityadmin.sh managed-by=v4m-es-script search-backend=opensearch
+kubectl -n $LOG_NS label configmap run-securityadmin.sh managed-by=v4m-es-script search-backend=opensearch
 
 # Need to retrieve these from secrets in case secrets pre-existed
-export ES_ADMIN_USER=$(kubectl -n $LOG_NS get secret internal-user-admin -o=jsonpath="{.data.username}" |base64 --decode)
-export ES_ADMIN_PASSWD=$(kubectl -n $LOG_NS get secret internal-user-admin -o=jsonpath="{.data.password}" |base64 --decode)
-export ES_METRICGETTER_USER=$(kubectl -n $LOG_NS get secret internal-user-metricgetter -o=jsonpath="{.data.username}" |base64 --decode)
-export ES_METRICGETTER_PASSWD=$(kubectl -n $LOG_NS get secret internal-user-metricgetter -o=jsonpath="{.data.password}" |base64 --decode)
+export ES_ADMIN_USER=$(kubectl -n $LOG_NS get secret internal-user-admin -o=jsonpath="{.data.username}" | base64 --decode)
+export ES_ADMIN_PASSWD=$(kubectl -n $LOG_NS get secret internal-user-admin -o=jsonpath="{.data.password}" | base64 --decode)
+export ES_METRICGETTER_USER=$(kubectl -n $LOG_NS get secret internal-user-metricgetter -o=jsonpath="{.data.username}" | base64 --decode)
+export ES_METRICGETTER_PASSWD=$(kubectl -n $LOG_NS get secret internal-user-metricgetter -o=jsonpath="{.data.password}" | base64 --decode)
 
 # Generate message about autogenerated admin password
-adminpwd_autogenerated=$(kubectl -n $LOG_NS get secret internal-user-admin   -o jsonpath='{.metadata.labels.autogenerated_password}')
-if [ ! -z "$adminpwd_autogenerated"  ]; then
-   # Print info about how to obtain admin password
-   add_notice "                                                                    "
-   add_notice "**The OpenSearch 'admin' Account**"
-   add_notice "Generated 'admin' password:  $ES_ADMIN_PASSWD                       "
-   add_notice "To change the password for the 'admin' account at any time, run the "
-   add_notice "following command:                                                  "
-   add_notice "                                                                    "
-   add_notice "    logging/bin/change_internal_password.sh admin newPassword       "
-   add_notice "                                                                    "
-   add_notice "NOTE: *NEVER* change the password for the 'admin' account from within the"
-   add_notice "OpenSearch Dashboards web-interface.  The 'admin' password should *ONLY* be changed via "
-   add_notice "the change_internal_password.sh script in the logging/bin sub-directory."
-   add_notice "                                                                    "
-
-   LOGGING_DRIVER=${LOGGING_DRIVER:-false}
-   if [ "$LOGGING_DRIVER" != "true" ]; then
-      echo ""
-      display_notices
-      echo ""
-   fi
-fi
-
+adminpwd_autogenerated=$(kubectl -n $LOG_NS get secret internal-user-admin -o jsonpath='{.metadata.labels.autogenerated_password}')
+if [ ! -z "$adminpwd_autogenerated" ]; then
+    # Print info about how to obtain admin password
+    add_notice "                                                                    "
+    add_notice "**The OpenSearch 'admin' Account**"
+    add_notice "Generated 'admin' password:  $ES_ADMIN_PASSWD                       "
+    add_notice "To change the password for the 'admin' account at any time, run the "
+    add_notice "following command:                                                  "
+    add_notice "                                                                    "
+    add_notice "    logging/bin/change_internal_password.sh admin newPassword       "
+    add_notice "                                                                    "
+    add_notice "NOTE: *NEVER* change the password for the 'admin' account from within the"
+    add_notice "OpenSearch Dashboards web-interface.  The 'admin' password should *ONLY* be changed via "
+    add_notice "the change_internal_password.sh script in the logging/bin sub-directory."
+    add_notice "                                                                    "
+
+    LOGGING_DRIVER=${LOGGING_DRIVER:-false}
+    if [ "$LOGGING_DRIVER" != "true" ]; then
+        echo ""
+        display_notices
+        echo ""
+    fi
+fi
 
 # enable debug on Helm via env var
 export HELM_DEBUG="${HELM_DEBUG:-false}"
 
 if [ "$HELM_DEBUG" == "true" ]; then
-  helmDebug="--debug"
-fi
-
-helmRepoAdd opensearch  https://opensearch-project.github.io/helm-charts
+    helmDebug="--debug"
+fi
+
+helmRepoAdd opensearch https://opensearch-project.github.io/helm-charts
 
 # Check for existing OpenSearch helm release
 if [ "$(helm -n $LOG_NS list --filter 'opensearch' -q)" == "opensearch" ]; then
-   log_debug "The Helm release [opensearch] already exists; upgrading the release."
-   existingSearch="true"
-else
-   log_debug "The Helm release [opensearch] does NOT exist; deploying a new release."
-   existingSearch="false"
+    log_debug "The Helm release [opensearch] already exists; upgrading the release."
+    existingSearch="true"
+else
+    log_debug "The Helm release [opensearch] does NOT exist; deploying a new release."
+    existingSearch="false"
 fi
 
 helm2ReleaseCheck odfe-$LOG_NS
@@ -234,8 +231,8 @@
 # Check for existing Open Distro helm release
 if [ "$(helm -n $LOG_NS list --filter 'odfe' -q)" == "odfe" ]; then
 
-   log_error "An existing ODFE-based deployment was detected.  It must be removed before deploying the current version."
-   exit 1
+    log_error "An existing ODFE-based deployment was detected.  It must be removed before deploying the current version."
+    exit 1
 
 fi
 
@@ -242,47 +239,47 @@
 # OpenSearch user customizations
 ES_OPEN_USER_YAML="${ES_OPEN_USER_YAML:-$USER_DIR/logging/user-values-opensearch.yaml}"
 if [ ! -f "$ES_OPEN_USER_YAML" ]; then
-  log_debug "[$ES_OPEN_USER_YAML] not found. Using $TMP_DIR/empty.yaml"
-  ES_OPEN_USER_YAML=$TMP_DIR/empty.yaml
-fi
-
-if [ -z "$(kubectl -n $LOG_NS get secret opensearch-securityconfig -o name 2>/dev/null)" ]; then
-
-   kubectl -n $LOG_NS delete secret opensearch-securityconfig --ignore-not-found
-
-   #Copy OpenSearch Security Configuration files
-   mkdir -p $TMP_DIR/opensearch/securityconfig
-   cp logging/opensearch/securityconfig/*.yml $TMP_DIR/opensearch/securityconfig
-   #Overlay OpenSearch security configuration files from USER_DIR (if exists)
-   if [ -d "$USER_DIR/logging/opensearch/securityconfig" ]; then
-      log_debug "OpenSearch Security Configuration directory found w/in USER_DIR [$USER_DIR]"
-
-      if [ "$(ls $USER_DIR/logging/opensearch/securityconfig/*.yml 2>/dev/null)" ]; then
-        log_info "Copying OpenSearch Security Configuration files from [$USER_DIR/logging/opensearch/securityconfig]"
-        cp $USER_DIR/logging/opensearch/securityconfig/*.yml $TMP_DIR/opensearch/securityconfig
-      else
-         log_debug "No YAML (*.yml) files found in USER_DIR/opensearch/securityconfig directory"
-      fi
-   fi
-
-   #create secret containing OpenSearch security configuration yaml files
-   #NOTE: whitelist.yml file is only created due to apparent bug in OpenSearch
-   #      which causes an ERROR when securityAdmin.sh is run without it 
-   kubectl -n $LOG_NS create secret generic opensearch-securityconfig    \
-       --from-file $TMP_DIR/opensearch/securityconfig/action_groups.yml  \
-       --from-file $TMP_DIR/opensearch/securityconfig/allowlist.yml      \
-       --from-file whitelist.yml=$TMP_DIR/opensearch/securityconfig/allowlist.yml      \
-       --from-file $TMP_DIR/opensearch/securityconfig/config.yml         \
-       --from-file $TMP_DIR/opensearch/securityconfig/internal_users.yml \
-       --from-file $TMP_DIR/opensearch/securityconfig/nodes_dn.yml       \
-       --from-file $TMP_DIR/opensearch/securityconfig/roles.yml          \
-       --from-file $TMP_DIR/opensearch/securityconfig/roles_mapping.yml  \
-       --from-file $TMP_DIR/opensearch/securityconfig/tenants.yml
-
-   kubectl -n $LOG_NS label secret opensearch-securityconfig  managed-by=v4m-es-script
-
-else
-   log_verbose "Using existing secret [opensearch-securityconfig] for OpenSearch Security Configuration"
+    log_debug "[$ES_OPEN_USER_YAML] not found. Using $TMP_DIR/empty.yaml"
+    ES_OPEN_USER_YAML=$TMP_DIR/empty.yaml
+fi
+
+if [ -z "$(kubectl -n $LOG_NS get secret opensearch-securityconfig -o name 2> /dev/null)" ]; then
+
+    kubectl -n $LOG_NS delete secret opensearch-securityconfig --ignore-not-found
+
+    #Copy OpenSearch Security Configuration files
+    mkdir -p $TMP_DIR/opensearch/securityconfig
+    cp logging/opensearch/securityconfig/*.yml $TMP_DIR/opensearch/securityconfig
+    #Overlay OpenSearch security configuration files from USER_DIR (if exists)
+    if [ -d "$USER_DIR/logging/opensearch/securityconfig" ]; then
+        log_debug "OpenSearch Security Configuration directory found w/in USER_DIR [$USER_DIR]"
+
+        if [ "$(ls $USER_DIR/logging/opensearch/securityconfig/*.yml 2> /dev/null)" ]; then
+            log_info "Copying OpenSearch Security Configuration files from [$USER_DIR/logging/opensearch/securityconfig]"
+            cp $USER_DIR/logging/opensearch/securityconfig/*.yml $TMP_DIR/opensearch/securityconfig
+        else
+            log_debug "No YAML (*.yml) files found in USER_DIR/opensearch/securityconfig directory"
+        fi
+    fi
+
+    #create secret containing OpenSearch security configuration yaml files
+    #NOTE: whitelist.yml file is only created due to apparent bug in OpenSearch
+    #      which causes an ERROR when securityAdmin.sh is run without it
+    kubectl -n $LOG_NS create secret generic opensearch-securityconfig \
+        --from-file $TMP_DIR/opensearch/securityconfig/action_groups.yml \
+        --from-file $TMP_DIR/opensearch/securityconfig/allowlist.yml \
+        --from-file whitelist.yml=$TMP_DIR/opensearch/securityconfig/allowlist.yml \
+        --from-file $TMP_DIR/opensearch/securityconfig/config.yml \
+        --from-file $TMP_DIR/opensearch/securityconfig/internal_users.yml \
+        --from-file $TMP_DIR/opensearch/securityconfig/nodes_dn.yml \
+        --from-file $TMP_DIR/opensearch/securityconfig/roles.yml \
+        --from-file $TMP_DIR/opensearch/securityconfig/roles_mapping.yml \
+        --from-file $TMP_DIR/opensearch/securityconfig/tenants.yml
+
+    kubectl -n $LOG_NS label secret opensearch-securityconfig managed-by=v4m-es-script
+
+else
+    log_verbose "Using existing secret [opensearch-securityconfig] for OpenSearch Security Configuration"
 fi
 
 # OpenSearch
@@ -293,11 +290,11 @@
 
 # Optional workload node placement support
 if [ "$LOG_NODE_PLACEMENT_ENABLE" == "true" ]; then
-  log_verbose "Enabling OpenSearch for workload node placement"
-  wnpValuesFile="logging/node-placement/values-opensearch-wnp.yaml"
-else
-  log_debug "Workload node placement support is disabled for OpenSearch"
-  wnpValuesFile="$TMP_DIR/empty.yaml"
+    log_verbose "Enabling OpenSearch for workload node placement"
+    wnpValuesFile="logging/node-placement/values-opensearch-wnp.yaml"
+else
+    log_debug "Workload node placement support is disabled for OpenSearch"
+    wnpValuesFile="$TMP_DIR/empty.yaml"
 fi
 
 OPENSHIFT_SPECIFIC_YAML=$TMP_DIR/empty.yaml
@@ -305,21 +302,18 @@
     OPENSHIFT_SPECIFIC_YAML=logging/openshift/values-opensearch-openshift.yaml
 fi
 
-
 # YAML file container auto-generated ingress definitions (or not)
 if [ ! -f "$autogeneratedYAMLFile" ]; then
-  log_debug "[$autogeneratedYAMLFile] not found. Using $TMP_DIR/empty.yaml"
-  autogeneratedYAMLFile="$TMP_DIR/empty.yaml"
-fi
-
+    log_debug "[$autogeneratedYAMLFile] not found. Using $TMP_DIR/empty.yaml"
+    autogeneratedYAMLFile="$TMP_DIR/empty.yaml"
+fi
 
 # Get Helm Chart Name
 log_debug "OpenSearch Helm Chart: repo [$OPENSEARCH_HELM_CHART_REPO] name [$OPENSEARCH_HELM_CHART_NAME] version [$OPENSEARCH_HELM_CHART_VERSION]"
 chart2install="$(get_helmchart_reference $OPENSEARCH_HELM_CHART_REPO $OPENSEARCH_HELM_CHART_NAME $OPENSEARCH_HELM_CHART_VERSION)"
-versionstring="$(get_helm_versionstring  $OPENSEARCH_HELM_CHART_VERSION)"
+versionstring="$(get_helm_versionstring $OPENSEARCH_HELM_CHART_VERSION)"
 log_debug "Installing Helm chart from artifact [$chart2install]"
 
-
 # Deploy OpenSearch via Helm chart
 # NOTE: nodeGroup needed to get resource names we want
 helm $helmDebug upgrade --install opensearch \
@@ -331,7 +325,7 @@
     --values "$autogeneratedYAMLFile" \
     --values "$ES_OPEN_USER_YAML" \
     --values "$OPENSHIFT_SPECIFIC_YAML" \
-    --set nodeGroup=primary  \
+    --set nodeGroup=primary \
     --set masterService=v4m-search \
     --set fullnameOverride=v4m-search \
     $versionstring \
@@ -339,21 +333,20 @@
 
 # waiting for PVCs to be bound
 declare -i pvcCounter=0
-pvc_status=$(kubectl -n $LOG_NS get pvc  v4m-search-v4m-search-0  -o=jsonpath="{.status.phase}")
-until [ "$pvc_status" == "Bound" ] || (( $pvcCounter>90 ));
-do
-   sleep 5
-   pvcCounter=$((pvcCounter+5))
-   pvc_status=$(kubectl -n $LOG_NS get pvc v4m-search-v4m-search-0 -o=jsonpath="{.status.phase}")
+pvc_status=$(kubectl -n $LOG_NS get pvc v4m-search-v4m-search-0 -o=jsonpath="{.status.phase}")
+until [ "$pvc_status" == "Bound" ] || ((pvcCounter > 90)); do
+    sleep 5
+    pvcCounter=$((pvcCounter + 5))
+    pvc_status=$(kubectl -n $LOG_NS get pvc v4m-search-v4m-search-0 -o=jsonpath="{.status.phase}")
 done
 
 # Confirm PVC is "bound" (matched) to PV
-pvc_status=$(kubectl -n $LOG_NS get pvc  v4m-search-v4m-search-0  -o=jsonpath="{.status.phase}")
-if [ "$pvc_status" != "Bound" ];  then
-      log_error "It appears that the PVC [v4m-search-v4m-search-0] associated with the [v4m-search-0] node has not been bound to a PV."
-      log_error "The status of the PVC is [$pvc_status]"
-      log_error "After ensuring all claims shown as Pending can be satisfied; run the remove_opensearch.sh script and try again."
-      exit 1
+pvc_status=$(kubectl -n $LOG_NS get pvc v4m-search-v4m-search-0 -o=jsonpath="{.status.phase}")
+if [ "$pvc_status" != "Bound" ]; then
+    log_error "It appears that the PVC [v4m-search-v4m-search-0] associated with the [v4m-search-0] node has not been bound to a PV."
+    log_error "The status of the PVC is [$pvc_status]"
+    log_error "After ensuring all claims shown as Pending can be satisfied; run the remove_opensearch.sh script and try again."
+    exit 1
 fi
 log_verbose "The PVC [v4m-search-v4m-search-0] have been bound to PVs"
 
@@ -361,9 +354,8 @@
 log_info "Waiting on OpenSearch pods to be Ready"
 kubectl -n $LOG_NS wait pods v4m-search-0 --for=condition=Ready --timeout=10m
 
-
 # TO DO: Convert to curl command to detect ES is up?
-# hitting https:/host:port -u adminuser:adminpwd --insecure 
+# hitting https:/host:port -u adminuser:adminpwd --insecure
 # returns "OpenDistro Security not initialized." and 503 when up
 log_verbose "Waiting [2] minutes to allow OpenSearch to initialize [$(date)]"
 sleep 120
@@ -372,19 +364,19 @@
 
 # Run the security admin script on the pod
 # Add some logic to find ES release
-if [ "$existingSearch" == "false" ] ; then
-  kubectl -n $LOG_NS exec v4m-search-0 -c opensearch -- config/run_securityadmin.sh
-  # Retrieve log file from security admin script
-  kubectl -n $LOG_NS cp v4m-search-0:config/run_securityadmin.log $TMP_DIR/run_securityadmin.log -c opensearch
-  if [ "$(tail -n1  $TMP_DIR/run_securityadmin.log)" == "Done with success" ]; then
-    log_verbose "The run_securityadmin.log script appears to have run successfully; you can review its output below:"
-  else
-    log_warn "There may have been a problem with the run_securityadmin.log script; review the output below:"
-  fi
-  # show output from run_securityadmin.sh script
-  sed 's/^/   | /' $TMP_DIR/run_securityadmin.log
-else
-  log_verbose "Existing OpenSearch release found. Skipping OpenSearch security initialization."
+if [ "$existingSearch" == "false" ]; then
+    kubectl -n $LOG_NS exec v4m-search-0 -c opensearch -- config/run_securityadmin.sh
+    # Retrieve log file from security admin script
+    kubectl -n $LOG_NS cp v4m-search-0:config/run_securityadmin.log $TMP_DIR/run_securityadmin.log -c opensearch
+    if [ "$(tail -n1 $TMP_DIR/run_securityadmin.log)" == "Done with success" ]; then
+        log_verbose "The run_securityadmin.log script appears to have run successfully; you can review its output below:"
+    else
+        log_warn "There may have been a problem with the run_securityadmin.log script; review the output below:"
+    fi
+    # show output from run_securityadmin.sh script
+    sed 's/^/   | /' $TMP_DIR/run_securityadmin.log
+else
+    log_verbose "Existing OpenSearch release found. Skipping OpenSearch security initialization."
 fi
 
 set -e
@@ -391,8 +383,8 @@
 
 #Container Security: Disable serviceAccount Token Automounting
 if [ "$OPENSHIFT_CLUSTER" == "true" ]; then
-   disable_sa_token_automount $LOG_NS v4m-os
-   #NOTE: On other providers, OpenSearch pods linked to the 'default' serviceAccount
+    disable_sa_token_automount $LOG_NS v4m-os
+    #NOTE: On other providers, OpenSearch pods linked to the 'default' serviceAccount
 fi
 
 log_info "OpenSearch has been deployed"
diff logging/bin/deploy_opensearch_content.sh.orig logging/bin/deploy_opensearch_content.sh
--- logging/bin/deploy_opensearch_content.sh.orig
+++ logging/bin/deploy_opensearch_content.sh
@@ -9,7 +9,7 @@
 source logging/bin/apiaccess-include.sh
 source logging/bin/rbac-include.sh
 
-this_script=`basename "$0"`
+this_script=$(basename "$0")
 
 log_debug "Script [$this_script] has started [$(date)]"
 
@@ -16,8 +16,8 @@
 ES_CONTENT_DEPLOY=${ES_CONTENT_DEPLOY:-${ELASTICSEARCH_ENABLE:-true}}
 
 if [ "$ES_CONTENT_DEPLOY" != "true" ]; then
-  log_verbose "Environment variable [ES_CONTENT_DEPLOY] is not set to 'true'; exiting WITHOUT deploying content into OpenSearch"
-  exit 0
+    log_verbose "Environment variable [ES_CONTENT_DEPLOY] is not set to 'true'; exiting WITHOUT deploying content into OpenSearch"
+    exit 0
 fi
 
 log_info "Loading Content into OpenSearch"
@@ -30,181 +30,178 @@
 # check for pre-reqs
 
 # Confirm namespace exists
-if [ "$(kubectl get ns $LOG_NS -o name 2>/dev/null)" == "" ]; then
-  log_error "Namespace [$LOG_NS] does NOT exist."
-  exit 1
-fi
-
+if [ "$(kubectl get ns $LOG_NS -o name 2> /dev/null)" == "" ]; then
+    log_error "Namespace [$LOG_NS] does NOT exist."
+    exit 1
+fi
 
 # get credentials
 get_credentials_from_secret admin
 rc=$?
-if [ "$rc" != "0" ] ;then log_debug "RC=$rc"; exit $rc;fi
+if [ "$rc" != "0" ]; then
+    log_debug "RC=$rc"
+    exit $rc
+fi
 
 get_ism_api_url
 
 # Confirm OpenSearch is ready
-for pause in 30 30 30 30 30 30 60
-do
-   response=$(curl -s -o /dev/null -w  "%{http_code}" -XGET  "$es_api_url"  --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD  --insecure)
-   # returns 503 (and outputs "Open Distro Security not initialized.") when ODFE isn't ready yet
-   # TO DO: check for 503 specifically?
-
-   if [[ $response != 2* ]]; then
-      log_verbose "The OpenSearch REST endpoint does not appear to be quite ready [$response]; sleeping for [$pause] more seconds before checking again."
-      sleep ${pause}
-   else
-      log_debug "The OpenSearch REST endpoint appears to be ready...continuing"
-      esready="TRUE"
-      break
-   fi
+for pause in 30 30 30 30 30 30 60; do
+    response=$(curl -s -o /dev/null -w "%{http_code}" -XGET "$es_api_url" --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
+    # returns 503 (and outputs "Open Distro Security not initialized.") when ODFE isn't ready yet
+    # TO DO: check for 503 specifically?
+
+    if [[ $response != 2* ]]; then
+        log_verbose "The OpenSearch REST endpoint does not appear to be quite ready [$response]; sleeping for [$pause] more seconds before checking again."
+        sleep ${pause}
+    else
+        log_debug "The OpenSearch REST endpoint appears to be ready...continuing"
+        esready="TRUE"
+        break
+    fi
 done
 
 if [ "$esready" != "TRUE" ]; then
-   log_error "The OpenSearch REST endpoint has NOT become accessible in the expected time; exiting."
-   log_error "Review the OpenSearch pod's events and log to identify the issue and resolve it before trying again."
-   exit 1
-fi
-
+    log_error "The OpenSearch REST endpoint has NOT become accessible in the expected time; exiting."
+    log_error "Review the OpenSearch pod's events and log to identify the issue and resolve it before trying again."
+    exit 1
+fi
 
 # Create Index Management (I*M) Policy  objects
 function set_retention_period {
 
-   #Arguments
-   policy_name=$1                                   # Name of policy...also, used to construct name of json file to load
-   retention_period_var=$2                          # Name of env var that can be used to specify retention period
-
-   log_debug "Function called: set_retention_perid ARGS: $@"
-
-   retention_period=${!retention_period_var}        # Retention Period (unit: days)
-
-   digits_re='^[0-9]+$'
-
-   cp logging/opensearch/${policy_name}.json $TMP_DIR/$policy_name.json
-
-   # confirm value is number
-   if ! [[ $retention_period =~ $digits_re ]]; then
-      log_error "An invalid valid was provided for [$retention_period_var]; exiting."
-      exit 1
-   fi
-
-   #Update retention period in json file prior to loading it
-   sed -i'.bak' "s/\"min_index_age\": \"xxxRETENTION_PERIODxxx\"/\"min_index_age\": \"${retention_period}d\"/g" $TMP_DIR/$policy_name.json
-
-   log_debug "Contents of $policy_name.json after substitution:"
-   log_debug "$(cat $TMP_DIR/${policy_name}.json)"
-
-   # Load policy into OpenSearch via API
-   response=$(curl -s -o /dev/null  -w "%{http_code}" -XPUT "$ism_api_url/policies/$policy_name" -H 'Content-Type: application/json' -d @$TMP_DIR/$policy_name.json  --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
-   if [[ $response == 409 ]]; then
-      log_info "The index management policy [$policy_name] already exist in OpenSearch; skipping load and using existing policy."
-   elif [[ $response != 2* ]]; then
-      log_error "There was an issue loading index management policy [$policy_name] into OpenSearch [$response]"
-      exit 1
-   else
-      log_debug "Index management policy [$policy_name] loaded into OpenSearch [$response]"
-   fi
+    #Arguments
+    policy_name=$1          # Name of policy...also, used to construct name of json file to load
+    retention_period_var=$2 # Name of env var that can be used to specify retention period
+
+    log_debug "Function called: set_retention_perid ARGS: $@"
+
+    retention_period=${!retention_period_var} # Retention Period (unit: days)
+
+    digits_re='^[0-9]+$'
+
+    cp logging/opensearch/${policy_name}.json $TMP_DIR/$policy_name.json
+
+    # confirm value is number
+    if ! [[ $retention_period =~ $digits_re ]]; then
+        log_error "An invalid valid was provided for [$retention_period_var]; exiting."
+        exit 1
+    fi
+
+    #Update retention period in json file prior to loading it
+    sed -i'.bak' "s/\"min_index_age\": \"xxxRETENTION_PERIODxxx\"/\"min_index_age\": \"${retention_period}d\"/g" $TMP_DIR/$policy_name.json
+
+    log_debug "Contents of $policy_name.json after substitution:"
+    log_debug "$(cat $TMP_DIR/${policy_name}.json)"
+
+    # Load policy into OpenSearch via API
+    response=$(curl -s -o /dev/null -w "%{http_code}" -XPUT "$ism_api_url/policies/$policy_name" -H 'Content-Type: application/json' -d @$TMP_DIR/$policy_name.json --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
+    if [[ $response == 409 ]]; then
+        log_info "The index management policy [$policy_name] already exist in OpenSearch; skipping load and using existing policy."
+    elif [[ $response != 2* ]]; then
+        log_error "There was an issue loading index management policy [$policy_name] into OpenSearch [$response]"
+        exit 1
+    else
+        log_debug "Index management policy [$policy_name] loaded into OpenSearch [$response]"
+    fi
 }
 
 #Patch ODFE 1.7.0 ISM policies to ODFE 1.13.x format
 function add_ism_template {
-   local policy_name pattern
-
-   #Arguments
-   policy_name=$1                                   # Name of policy
-   pattern=$2                                       # Index pattern to associate with policy
-   priority=${3:-100}                               # Index Priority (Higher values ==> reloaded first)
-
-   response=$(curl -s -o $TMP_DIR/ism_policy_patch.json -w "%{http_code}" -XGET "$ism_api_url/policies/$policy_name" --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
-   if [[ $response != 2* ]]; then
-      log_debug "No ISM policy [$policy_name] found to patch; moving on.[$response]"
-      return
-   fi
-
-   if [ -n "$(cat $TMP_DIR/ism_policy_patch.json |grep '"ism_template":null')" ]; then
-      log_debug "No ISM Template on policy [$policy_name]; adding one."
-
-      #remove crud returned but not needed
-      sed -i'.bak'  "s/\"_id\":\"${policy_name}\",//;s/\"_version\":[0-9]*,//;s/\"_seq_no\":[0-9]*,//;s/\"_primary_term\":[0-9]*,//" $TMP_DIR/ism_policy_patch.json
-
-      #add ISM_Template to existing ISM policy
-      sed -i'.bak'  "s/\"ism_template\":null/\"ism_template\": {\"index_patterns\": \[\"${pattern}\"\],\"priority\":${priority}}/g" $TMP_DIR/ism_policy_patch.json
-
-      #delete exisiting policy
-      response=$(curl -s -o /dev/null   -w "%{http_code}" -XDELETE "$ism_api_url/policies/$policy_name" --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
-      if [[ $response != 2* ]]; then
-         log_warn "Error encountered deleting index management policy [$policy_name] before patching to add ISM template stanza [$response]."
-         log_warn "Review the index managment policy [$policy_name] within OpenSearch Dashboards to ensure it is properly configured and linked to appropriate indexes [$pattern]."
-         return
-      else
-         log_debug "Index policy [$policy_name] deleted [$response]."
-      fi
-
-      #handle change in policy name w/ our 1.1.0 release
-      if [ "$policy_name" == "viya_infra_idxmgmt_policy" ]; then
-         sed -i'.bak' "s/viya_infra_idxmgmt_policy/viya-infra-idxmgmt-policy/g"  $TMP_DIR/ism_policy_patch.json
-         policy_name="viya-infra-idxmgmt-policy"
-      fi
-
-
-      #load revised policy
-      response=$(curl -s -o /dev/null -w "%{http_code}" -XPUT "$ism_api_url/policies/$policy_name"  -H 'Content-Type: application/json' -d "@$TMP_DIR/ism_policy_patch.json" --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
-      if [[ $response != 2* ]]; then
-         log_warn "Unable to update index management policy [$policy_name] to add a ISM_TEMPLATE stanza [$response]"
-         log_warn "Review/create the index managment policy [$policy_name] within OpenSearch Dashboards to ensure it is properly configured and linked to appropriate indexes [$pattern]."
-         return
-      else
-         log_info "Index management policy [$policy_name] loaded into OpenSearch [$response]"
-      fi
-   else
-      log_debug "The policy definition for [$policy_name] already includes an ISM Template stanza; no need to patch."
-      return
-   fi
-}
-
+    local policy_name pattern
+
+    #Arguments
+    policy_name=$1     # Name of policy
+    pattern=$2         # Index pattern to associate with policy
+    priority=${3:-100} # Index Priority (Higher values ==> reloaded first)
+
+    response=$(curl -s -o $TMP_DIR/ism_policy_patch.json -w "%{http_code}" -XGET "$ism_api_url/policies/$policy_name" --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
+    if [[ $response != 2* ]]; then
+        log_debug "No ISM policy [$policy_name] found to patch; moving on.[$response]"
+        return
+    fi
+
+    if [ -n "$(cat $TMP_DIR/ism_policy_patch.json | grep '"ism_template":null')" ]; then
+        log_debug "No ISM Template on policy [$policy_name]; adding one."
+
+        #remove crud returned but not needed
+        sed -i'.bak' "s/\"_id\":\"${policy_name}\",//;s/\"_version\":[0-9]*,//;s/\"_seq_no\":[0-9]*,//;s/\"_primary_term\":[0-9]*,//" $TMP_DIR/ism_policy_patch.json
+
+        #add ISM_Template to existing ISM policy
+        sed -i'.bak' "s/\"ism_template\":null/\"ism_template\": {\"index_patterns\": \[\"${pattern}\"\],\"priority\":${priority}}/g" $TMP_DIR/ism_policy_patch.json
+
+        #delete exisiting policy
+        response=$(curl -s -o /dev/null -w "%{http_code}" -XDELETE "$ism_api_url/policies/$policy_name" --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
+        if [[ $response != 2* ]]; then
+            log_warn "Error encountered deleting index management policy [$policy_name] before patching to add ISM template stanza [$response]."
+            log_warn "Review the index managment policy [$policy_name] within OpenSearch Dashboards to ensure it is properly configured and linked to appropriate indexes [$pattern]."
+            return
+        else
+            log_debug "Index policy [$policy_name] deleted [$response]."
+        fi
+
+        #handle change in policy name w/ our 1.1.0 release
+        if [ "$policy_name" == "viya_infra_idxmgmt_policy" ]; then
+            sed -i'.bak' "s/viya_infra_idxmgmt_policy/viya-infra-idxmgmt-policy/g" $TMP_DIR/ism_policy_patch.json
+            policy_name="viya-infra-idxmgmt-policy"
+        fi
+
+        #load revised policy
+        response=$(curl -s -o /dev/null -w "%{http_code}" -XPUT "$ism_api_url/policies/$policy_name" -H 'Content-Type: application/json' -d "@$TMP_DIR/ism_policy_patch.json" --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
+        if [[ $response != 2* ]]; then
+            log_warn "Unable to update index management policy [$policy_name] to add a ISM_TEMPLATE stanza [$response]"
+            log_warn "Review/create the index managment policy [$policy_name] within OpenSearch Dashboards to ensure it is properly configured and linked to appropriate indexes [$pattern]."
+            return
+        else
+            log_info "Index management policy [$policy_name] loaded into OpenSearch [$response]"
+        fi
+    else
+        log_debug "The policy definition for [$policy_name] already includes an ISM Template stanza; no need to patch."
+        return
+    fi
+}
 
 LOG_RETENTION_PERIOD="${LOG_RETENTION_PERIOD:-3}"
 set_retention_period viya_logs_idxmgmt_policy LOG_RETENTION_PERIOD
-add_ism_template "viya_logs_idxmgmt_policy" "viya_logs-*"  100
+add_ism_template "viya_logs_idxmgmt_policy" "viya_logs-*" 100
 
 # Create Ingest Pipeline to "burst" incoming log messages to separate indexes based on namespace
-response=$(curl  -s -o /dev/null -w "%{http_code}"  -XPUT "$es_api_url/_ingest/pipeline/viyaburstns" -H 'Content-Type: application/json' -d @logging/opensearch/create_ns_burst_pipeline.json  --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
-# request returns: {"acknowledged":true}
-if [[ $response != 2* ]]; then
-   log_error "There was an issue loading ingest pipeline into OpenSearch [$response]"
-   exit 1
-else
-   log_debug "Ingest pipeline definition loaded into OpenSearch [$response]"
+response=$(curl -s -o /dev/null -w "%{http_code}" -XPUT "$es_api_url/_ingest/pipeline/viyaburstns" -H 'Content-Type: application/json' -d @logging/opensearch/create_ns_burst_pipeline.json --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
+# request returns: {"acknowledged":true}
+if [[ $response != 2* ]]; then
+    log_error "There was an issue loading ingest pipeline into OpenSearch [$response]"
+    exit 1
+else
+    log_debug "Ingest pipeline definition loaded into OpenSearch [$response]"
 fi
 
 # Configure index template settings and link Ingest Pipeline to Index Template
-response=$(curl  -s -o /dev/null -w "%{http_code}" -XPUT "$es_api_url/_template/viya-logs-template"  -H 'Content-Type: application/json' -d @logging/opensearch/set_index_template_settings_logs.json --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure )
-# request returns: {"acknowledged":true}
-if [[ $response != 2* ]]; then
-   log_error "There was an issue loading index template settings into OpenSearch [$response]"
-   exit 1
-else
-   log_debug "Index template settings loaded into OpenSearch [$response]"
+response=$(curl -s -o /dev/null -w "%{http_code}" -XPUT "$es_api_url/_template/viya-logs-template" -H 'Content-Type: application/json' -d @logging/opensearch/set_index_template_settings_logs.json --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
+# request returns: {"acknowledged":true}
+if [[ $response != 2* ]]; then
+    log_error "There was an issue loading index template settings into OpenSearch [$response]"
+    exit 1
+else
+    log_debug "Index template settings loaded into OpenSearch [$response]"
 fi
 
 if [ "$OPENSHIFT_CLUSTER" == "true" ]; then
-   # INFRASTRUCTURE LOGS
-   # Handle "infrastructure" logs differently
-   INFRA_LOG_RETENTION_PERIOD="${INFRA_LOG_RETENTION_PERIOD:-1}"
-   set_retention_period viya_infra_idxmgmt_policy INFRA_LOG_RETENTION_PERIOD
-   add_ism_template "viya_infra_idxmgmt_policy"  "viya_logs-openshift-*"   5
-
-   # Link index management policy Index Template
-   response=$(curl  -s -o /dev/null -w "%{http_code}" -XPUT "$es_api_url/_template/viya-infra-template"   -H 'Content-Type: application/json' -d @logging/opensearch/set_index_template_settings_infra_openshift.json --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure )
-   # request returns: {"acknowledged":true}
-   if [[ $response != 2* ]]; then
-      log_error "There was an issue loading infrastructure index template settings into OpenSearch [$response]"
-      exit 1
-   else
-      log_info "Infrastructure index template settings loaded into OpenSearch [$response]"
-  fi
-fi
-
+    # INFRASTRUCTURE LOGS
+    # Handle "infrastructure" logs differently
+    INFRA_LOG_RETENTION_PERIOD="${INFRA_LOG_RETENTION_PERIOD:-1}"
+    set_retention_period viya_infra_idxmgmt_policy INFRA_LOG_RETENTION_PERIOD
+    add_ism_template "viya_infra_idxmgmt_policy" "viya_logs-openshift-*" 5
+
+    # Link index management policy Index Template
+    response=$(curl -s -o /dev/null -w "%{http_code}" -XPUT "$es_api_url/_template/viya-infra-template" -H 'Content-Type: application/json' -d @logging/opensearch/set_index_template_settings_infra_openshift.json --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
+    # request returns: {"acknowledged":true}
+    if [[ $response != 2* ]]; then
+        log_error "There was an issue loading infrastructure index template settings into OpenSearch [$response]"
+        exit 1
+    else
+        log_info "Infrastructure index template settings loaded into OpenSearch [$response]"
+    fi
+fi
 
 # METALOGGING: Create index management policy object & link policy to index template
 # ...index management policy automates the deletion of indexes after the specified time
@@ -211,17 +208,17 @@
 
 OPS_LOG_RETENTION_PERIOD="${OPS_LOG_RETENTION_PERIOD:-1}"
 set_retention_period viya_ops_idxmgmt_policy OPS_LOG_RETENTION_PERIOD
-add_ism_template "viya_ops_idxmgmt_policy"  "viya_ops-*"  50
+add_ism_template "viya_ops_idxmgmt_policy" "viya_ops-*" 50
 
 # Load template
-response=$(curl -s -o /dev/null -w "%{http_code}" -XPUT "$es_api_url/_template/viya-ops-template" -H 'Content-Type: application/json'  -d @logging/opensearch/set_index_template_settings_ops.json --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
-# request returns: {"acknowledged":true}
-
-if [[ $response != 2* ]]; then
-   log_error "There was an issue loading monitoring index template settings into OpenSearch [$response]"
-   exit 1
-else
-   log_debug "Monitoring index template template settings loaded into OpenSearch [$response]"
+response=$(curl -s -o /dev/null -w "%{http_code}" -XPUT "$es_api_url/_template/viya-ops-template" -H 'Content-Type: application/json' -d @logging/opensearch/set_index_template_settings_ops.json --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
+# request returns: {"acknowledged":true}
+
+if [[ $response != 2* ]]; then
+    log_error "There was an issue loading monitoring index template settings into OpenSearch [$response]"
+    exit 1
+else
+    log_debug "Monitoring index template template settings loaded into OpenSearch [$response]"
 fi
 echo ""
 
@@ -236,45 +233,43 @@
 LOG_CREATE_LOGADM_USER=${LOG_CREATE_LOGADM_USER:-true}
 if [ "$LOG_CREATE_LOGADM_USER" == "true" ]; then
 
-   if user_exists logadm; then
-      log_warn "A user 'logadm' already exists; leaving that user as-is.  Review its definition in OpenSearch Dashboards and update it, or create another user, as needed."
-   else
-      log_debug "Creating the 'logadm' user"
-
-      LOG_LOGADM_PASSWD=${LOG_LOGADM_PASSWD:-$ES_ADMIN_PASSWD}
-      if [ -z "$LOG_LOGADM_PASSWD" ]; then
-         log_debug "Creating a random password for the 'logadm' user"
-         LOG_LOGADM_PASSWD="$(randomPassword)"
-         add_notice ""
-         add_notice "**The OpenSearch 'logadm' Account**"
-         add_notice "Generated 'logadm' password:  $LOG_LOGADM_PASSWD"
-      fi
-
-      #create the user
-      LOGGING_DRIVER=true ./logging/bin/user.sh CREATE -ns _all_ -t _all_ -u logadm -p $LOG_LOGADM_PASSWD
-   fi
-else
-   log_debug "Skipping creation of 'logadm' user because LOG_CREATE_LOGADM_USER not 'true' [$LOG_CREATE_LOGADM_USER]"
+    if user_exists logadm; then
+        log_warn "A user 'logadm' already exists; leaving that user as-is.  Review its definition in OpenSearch Dashboards and update it, or create another user, as needed."
+    else
+        log_debug "Creating the 'logadm' user"
+
+        LOG_LOGADM_PASSWD=${LOG_LOGADM_PASSWD:-$ES_ADMIN_PASSWD}
+        if [ -z "$LOG_LOGADM_PASSWD" ]; then
+            log_debug "Creating a random password for the 'logadm' user"
+            LOG_LOGADM_PASSWD="$(randomPassword)"
+            add_notice ""
+            add_notice "**The OpenSearch 'logadm' Account**"
+            add_notice "Generated 'logadm' password:  $LOG_LOGADM_PASSWD"
+        fi
+
+        #create the user
+        LOGGING_DRIVER=true ./logging/bin/user.sh CREATE -ns _all_ -t _all_ -u logadm -p $LOG_LOGADM_PASSWD
+    fi
+else
+    log_debug "Skipping creation of 'logadm' user because LOG_CREATE_LOGADM_USER not 'true' [$LOG_CREATE_LOGADM_USER]"
 fi
 
 #Initialize OSD Reporting Plugin indices
 INIT_OSD_RPT_IDX=${INIT_OSD_RPT_IDX:-true}
 if [ "$INIT_OSD_RPT_IDX" == "true" ]; then
-   log_debug "Initializing OpenSearch Dashboards Reporting plugin indices"
-   response=$(curl -s -o /dev/null -w "%{http_code}" -XGET "$es_api_url/_plugins/_reports/instances"   --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
-   log_debug "OSD_RPT_IDX (instances) Response [$response]"
-   response=$(curl -s -o /dev/null -w "%{http_code}" -XGET "$es_api_url/_plugins/_reports/definitions" --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
-   log_debug "OSD_RPT_IDX (definitions) Response [$response]"
-fi
-
+    log_debug "Initializing OpenSearch Dashboards Reporting plugin indices"
+    response=$(curl -s -o /dev/null -w "%{http_code}" -XGET "$es_api_url/_plugins/_reports/instances" --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
+    log_debug "OSD_RPT_IDX (instances) Response [$response]"
+    response=$(curl -s -o /dev/null -w "%{http_code}" -XGET "$es_api_url/_plugins/_reports/definitions" --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
+    log_debug "OSD_RPT_IDX (definitions) Response [$response]"
+fi
 
 LOGGING_DRIVER=${LOGGING_DRIVER:-false}
 if [ "$LOGGING_DRIVER" != "true" ]; then
-   echo ""
-   display_notices
-   echo ""
-fi
-
+    echo ""
+    display_notices
+    echo ""
+fi
 
 log_info "Content has been loaded into OpenSearch"
 
diff logging/bin/deploy_openshift_prereqs.sh.orig logging/bin/deploy_openshift_prereqs.sh
--- logging/bin/deploy_openshift_prereqs.sh.orig
+++ logging/bin/deploy_openshift_prereqs.sh
@@ -6,7 +6,7 @@
 cd "$(dirname $BASH_SOURCE)/../.."
 source logging/bin/common.sh
 
-this_script=`basename "$0"`
+this_script=$(basename "$0")
 
 log_debug "Script [$this_script] has started [$(date)]"
 
@@ -14,26 +14,25 @@
 OPENSHIFT_PREREQS_ENABLE=${OPENSHIFT_PREREQS_ENABLE:-true}
 
 if [ "$OPENSHIFT_PREREQS_ENABLE" != "true" ]; then
-  log_info "Environment variable [OPENSHIFT_PREREQS_ENABLE] is not set to 'true'; exiting WITHOUT deploying OpenShift Prerequisites"
-  exit
-fi
-
+    log_info "Environment variable [OPENSHIFT_PREREQS_ENABLE] is not set to 'true'; exiting WITHOUT deploying OpenShift Prerequisites"
+    exit
+fi
 
 # link OpenSearch serviceAccounts to 'privileged' scc
 oc adm policy add-scc-to-user privileged -z v4m-os -n $LOG_NS
 
 # create the 'v4m-logging-v2' SCC, if it does not already exist
-if oc get scc v4m-logging-v2 2>/dev/null 1>&2; then
-   log_info "Skipping scc creation; using existing scc [v4m-logging-v2]"
-else
-   oc create -f logging/openshift/fb_v4m-logging-v2_scc.yaml
+if oc get scc v4m-logging-v2 2> /dev/null 1>&2; then
+    log_info "Skipping scc creation; using existing scc [v4m-logging-v2]"
+else
+    oc create -f logging/openshift/fb_v4m-logging-v2_scc.yaml
 fi
 
 # create the 'v4m-k8sevents' SCC, if it does not already exist
-if oc get scc v4m-k8sevents 2>/dev/null 1>&2; then
-   log_info "Skipping scc creation; using existing scc [v4m-k8sevents]"
-else
-   oc create -f logging/openshift/fb_v4m-k8sevents_scc.yaml
+if oc get scc v4m-k8sevents 2> /dev/null 1>&2; then
+    log_info "Skipping scc creation; using existing scc [v4m-k8sevents]"
+else
+    oc create -f logging/openshift/fb_v4m-k8sevents_scc.yaml
 fi
 
 log_info "OpenShift Prerequisites have been deployed."
diff logging/bin/deploy_osd.sh.orig logging/bin/deploy_osd.sh
--- logging/bin/deploy_osd.sh.orig
+++ logging/bin/deploy_osd.sh
@@ -10,7 +10,7 @@
 source bin/autogenerate-include.sh
 source logging/bin/apiaccess-include.sh
 
-this_script=`basename "$0"`
+this_script=$(basename "$0")
 
 log_debug "Script [$this_script] has started [$(date)]"
 
@@ -17,8 +17,8 @@
 OPENSEARCHDASH_ENABLE=${OPENSEARCHDASH_ENABLE:-true}
 
 if [ "$OPENSEARCHDASH_ENABLE" != "true" ]; then
-  log_verbose "Environment variable [OPENSEARCHDASH_ENABLE] is not set to 'true'; exiting WITHOUT deploying OpenSearch Dashboards"
-  exit 0
+    log_verbose "Environment variable [OPENSEARCHDASH_ENABLE] is not set to 'true'; exiting WITHOUT deploying OpenSearch Dashboards"
+    exit 0
 fi
 
 set -e
@@ -28,13 +28,12 @@
 #
 
 #Generate yaml file with all container-related keys
-generateImageKeysFile "$OSD_FULL_IMAGE"         "logging/opensearch/osd_container_image.template"
-
+generateImageKeysFile "$OSD_FULL_IMAGE" "logging/opensearch/osd_container_image.template"
 
 # Confirm namespace exists
-if [ "$(kubectl get ns $LOG_NS -o name 2>/dev/null)" == "" ]; then
-  log_error "Namespace [$LOG_NS] does NOT exist."
-  exit 1
+if [ "$(kubectl get ns $LOG_NS -o name 2> /dev/null)" == "" ]; then
+    log_error "Namespace [$LOG_NS] does NOT exist."
+    exit 1
 fi
 
 # get credentials
@@ -41,14 +40,14 @@
 export ES_KIBANASERVER_PASSWD=${ES_KIBANASERVER_PASSWD}
 
 # Create secrets containing internal user credentials
-create_user_secret internal-user-kibanaserver kibanaserver "$ES_KIBANASERVER_PASSWD"  managed-by=v4m-es-script
+create_user_secret internal-user-kibanaserver kibanaserver "$ES_KIBANASERVER_PASSWD" managed-by=v4m-es-script
 
 # Verify cert generator is available (if necessary)
 if verify_cert_generator $LOG_NS kibana; then
-  log_debug "cert generator check OK [$cert_generator_ok]"
-else
-  log_error "A required TLS cert does not exist and the expected certificate generator mechanism [$cert_generator] is not available to create the missing cert"
-  exit 1
+    log_debug "cert generator check OK [$cert_generator_ok]"
+else
+    log_error "A required TLS cert does not exist and the expected certificate generator mechanism [$cert_generator] is not available to create the missing cert"
+    exit 1
 fi
 
 # Create/Get necessary TLS certs
@@ -59,66 +58,66 @@
 
 if [ "$AUTOGENERATE_INGRESS" == "true" ] && [ "$OSD_INGRESS_ENABLE" == "true" ]; then
 
-   autogeneratedYAMLFile="$TMP_DIR/autogenerate-osd.yaml"
-
-   if [ ! -f "$autogeneratedYAMLFile" ]; then
-      log_debug "Creating file [$autogeneratedYAMLFile]"
-      touch "$autogeneratedYAMLFile"
-   else
-      log_debug "File [$autogeneratedYAMLFile] already exists"
-   fi
-
-   osdIngressCert="${OSD_INGRESS_CERT}"
-   osdIngressKey="${OSD_INGRESS_KEY}"
-   
-   create_ingress_certs "$LOG_NS" kibana-ingress-tls-secret "$osdIngressCert" "$osdIngressKey" 
-
-   ROUTING="${ROUTING:-host}"
-
-   ## tested with sample version: 0.2.1
-   ingressSampleFile="samples/ingress/${ROUTING}-based-ingress/logging/user-values-osd.yaml"
-
-   #intialized the yaml file w/appropriate ingress sample
-   yq -i eval-all '. as $item ireduce ({}; . * $item )' "$autogeneratedYAMLFile" "$ingressSampleFile"
-
-   ###OSD_INGRESS_ENABLE="${OSD_INGRESS_ENABLE:-true}"
-   OSD_FQDN="${OSD_FQDN}"
-   OSD_PATH="${OSD_PATH:-dashboards}"
-   if [ -z "$OSD_FQDN" ]; then
-      if [ "$ROUTING" == "host" ]; then
-         OSD_FQDN="$OSD_PATH.$BASE_DOMAIN"
-      else
-         OSD_FQDN="$BASE_DOMAIN"
-      fi
-   fi
-
-   log_debug "OSD_INGRESS_ENABLE [$OSD_INGRESS_ENABLE] OSD_FQDN [$OSD_FQDN] OSD_PATH [$OSD_PATH]"
-
-   export OSD_INGRESS_ENABLE OSD_FQDN OSD_PATH
-   
-   yq -i '.ingress.enabled=env(OSD_INGRESS_ENABLE)'            $autogeneratedYAMLFile
-   if [ "$ROUTING" == "host" ]; then
-      yq -i '.ingress.hosts.[0].host=strenv(OSD_FQDN)'         $autogeneratedYAMLFile
-      yq -i '.ingress.tls.[0].hosts.[0]=env(OSD_FQDN)'         $autogeneratedYAMLFile
-   else
-
-      export slashpath="/$OSD_PATH"
-
-      yq -i '(.extraEnvs.[] | select(has("name")) | select(.name == "SERVER_BASEPATH")).value=env(slashpath)' $autogeneratedYAMLFile
-
-      yq -i '.ingress.hosts.[0].host=env(OSD_FQDN)'            $autogeneratedYAMLFile
-      yq -i '.ingress.hosts.[0].paths.[0].path=env(slashpath)' $autogeneratedYAMLFile
-      yq -i '.ingress.tls.[0].hosts.[0]=env(OSD_FQDN)'         $autogeneratedYAMLFile
-      yq -i '.ingress.annotations["nginx.ingress.kubernetes.io/rewrite-target"]=env(slashpath)'               $autogeneratedYAMLFile
-
-      # Need to use printf to preserve newlines
-      printf -v snippet "rewrite (?i)/$OSD_PATH/(.*) /\$1 break;\nrewrite (?i)/${OSD_PATH}$ / break;"  ;
-      snippet="$snippet"    yq -i '.ingress.annotations["nginx.ingress.kubernetes.io/configuration-snippet"]=strenv(snippet)'  $autogeneratedYAMLFile
-
-      unset slashpath
-   fi
-else
-   log_debug "Autogeneration of ingresss NOT enabled"
+    autogeneratedYAMLFile="$TMP_DIR/autogenerate-osd.yaml"
+
+    if [ ! -f "$autogeneratedYAMLFile" ]; then
+        log_debug "Creating file [$autogeneratedYAMLFile]"
+        touch "$autogeneratedYAMLFile"
+    else
+        log_debug "File [$autogeneratedYAMLFile] already exists"
+    fi
+
+    osdIngressCert="${OSD_INGRESS_CERT}"
+    osdIngressKey="${OSD_INGRESS_KEY}"
+
+    create_ingress_certs "$LOG_NS" kibana-ingress-tls-secret "$osdIngressCert" "$osdIngressKey"
+
+    ROUTING="${ROUTING:-host}"
+
+    ## tested with sample version: 0.2.1
+    ingressSampleFile="samples/ingress/${ROUTING}-based-ingress/logging/user-values-osd.yaml"
+
+    #intialized the yaml file w/appropriate ingress sample
+    yq -i eval-all '. as $item ireduce ({}; . * $item )' "$autogeneratedYAMLFile" "$ingressSampleFile"
+
+    ###OSD_INGRESS_ENABLE="${OSD_INGRESS_ENABLE:-true}"
+    OSD_FQDN="${OSD_FQDN}"
+    OSD_PATH="${OSD_PATH:-dashboards}"
+    if [ -z "$OSD_FQDN" ]; then
+        if [ "$ROUTING" == "host" ]; then
+            OSD_FQDN="$OSD_PATH.$BASE_DOMAIN"
+        else
+            OSD_FQDN="$BASE_DOMAIN"
+        fi
+    fi
+
+    log_debug "OSD_INGRESS_ENABLE [$OSD_INGRESS_ENABLE] OSD_FQDN [$OSD_FQDN] OSD_PATH [$OSD_PATH]"
+
+    export OSD_INGRESS_ENABLE OSD_FQDN OSD_PATH
+
+    yq -i '.ingress.enabled=env(OSD_INGRESS_ENABLE)' $autogeneratedYAMLFile
+    if [ "$ROUTING" == "host" ]; then
+        yq -i '.ingress.hosts.[0].host=strenv(OSD_FQDN)' $autogeneratedYAMLFile
+        yq -i '.ingress.tls.[0].hosts.[0]=env(OSD_FQDN)' $autogeneratedYAMLFile
+    else
+
+        export slashpath="/$OSD_PATH"
+
+        yq -i '(.extraEnvs.[] | select(has("name")) | select(.name == "SERVER_BASEPATH")).value=env(slashpath)' $autogeneratedYAMLFile
+
+        yq -i '.ingress.hosts.[0].host=env(OSD_FQDN)' $autogeneratedYAMLFile
+        yq -i '.ingress.hosts.[0].paths.[0].path=env(slashpath)' $autogeneratedYAMLFile
+        yq -i '.ingress.tls.[0].hosts.[0]=env(OSD_FQDN)' $autogeneratedYAMLFile
+        yq -i '.ingress.annotations["nginx.ingress.kubernetes.io/rewrite-target"]=env(slashpath)' $autogeneratedYAMLFile
+
+        # Need to use printf to preserve newlines
+        printf -v snippet "rewrite (?i)/$OSD_PATH/(.*) /\$1 break;\nrewrite (?i)/${OSD_PATH}$ / break;"
+        snippet="$snippet" yq -i '.ingress.annotations["nginx.ingress.kubernetes.io/configuration-snippet"]=strenv(snippet)' $autogeneratedYAMLFile
+
+        unset slashpath
+    fi
+else
+    log_debug "Autogeneration of ingresss NOT enabled"
 fi
 
 # enable debug on Helm via env var
@@ -125,48 +124,47 @@
 export HELM_DEBUG="${HELM_DEBUG:-false}"
 
 if [ "$HELM_DEBUG" == "true" ]; then
-  helmDebug="--debug"
-fi
-
-helmRepoAdd opensearch  https://opensearch-project.github.io/helm-charts
+    helmDebug="--debug"
+fi
+
+helmRepoAdd opensearch https://opensearch-project.github.io/helm-charts
 
 KB_KNOWN_NODEPORT_ENABLE=${KB_KNOWN_NODEPORT_ENABLE:-false}
 
 if [ "$KB_KNOWN_NODEPORT_ENABLE" == "true" ]; then
-   KIBANA_PORT=31033
-   log_verbose "Setting OpenSearch Dashboards service NodePort to $KIBANA_PORT"
-   nodeport_yaml=logging/opensearch/osd_helm_values_nodeport.yaml
-else
-   nodeport_yaml=$TMP_DIR/empty.yaml
-   log_debug "OpenSearch Dashboards service NodePort NOT changed to 'known' port because KB_KNOWN_NODEPORT_ENABLE set to [$KB_KNOWN_NODEPORT_ENABLE]."
-fi
-
+    KIBANA_PORT=31033
+    log_verbose "Setting OpenSearch Dashboards service NodePort to $KIBANA_PORT"
+    nodeport_yaml=logging/opensearch/osd_helm_values_nodeport.yaml
+else
+    nodeport_yaml=$TMP_DIR/empty.yaml
+    log_debug "OpenSearch Dashboards service NodePort NOT changed to 'known' port because KB_KNOWN_NODEPORT_ENABLE set to [$KB_KNOWN_NODEPORT_ENABLE]."
+fi
 
 # OpenSearch Dashboards user customizations
 OSD_USER_YAML="${OSD_USER_YAML:-$USER_DIR/logging/user-values-osd.yaml}"
 if [ ! -f "$OSD_USER_YAML" ]; then
-  log_debug "[$OSD_USER_YAML] not found. Using $TMP_DIR/empty.yaml"
-  OSD_USER_YAML=$TMP_DIR/empty.yaml
+    log_debug "[$OSD_USER_YAML] not found. Using $TMP_DIR/empty.yaml"
+    OSD_USER_YAML=$TMP_DIR/empty.yaml
 fi
 
 # Require TLS into OpenSearch Dashboards (nee Kibana)?
 OSD_TLS_ENABLE=${OSD_TLS_ENABLE:-$TLS_ENABLE}
 if [ -z "$OSD_TLS_ENABLE" ]; then
-   #set to 'true' if still not set
-   OSD_TLS_ENABLE="true"
+    #set to 'true' if still not set
+    OSD_TLS_ENABLE="true"
 fi
 
 #(Re)Create secret containing OSD TLS Setting
-kubectl -n $LOG_NS delete secret          v4m-osd-tls-enabled  --ignore-not-found
-kubectl -n $LOG_NS create secret generic  v4m-osd-tls-enabled  --from-literal enable_tls="$OSD_TLS_ENABLE"
+kubectl -n $LOG_NS delete secret v4m-osd-tls-enabled --ignore-not-found
+kubectl -n $LOG_NS create secret generic v4m-osd-tls-enabled --from-literal enable_tls="$OSD_TLS_ENABLE"
 
 # OpenSearch Dashboards
 log_info "Deploying OpenSearch Dashboards"
 
 # Remove pre-OSD 2.19.0 version due to label changes
-if [ "$(kubectl -n $LOG_NS get deployment v4m-osd -o jsonpath={.spec.template.metadata.labels} 2>/dev/null)" == '{"app":"opensearch-dashboards","release":"v4m-osd"}' ]; then
-   log_debug "An earlier version of OpenSearch Dashboards (>2.19) was found running and will be removed"
-   kubectl -n $LOG_NS delete deployment v4m-osd
+if [ "$(kubectl -n $LOG_NS get deployment v4m-osd -o jsonpath={.spec.template.metadata.labels} 2> /dev/null)" == '{"app":"opensearch-dashboards","release":"v4m-osd"}' ]; then
+    log_debug "An earlier version of OpenSearch Dashboards (>2.19) was found running and will be removed"
+    kubectl -n $LOG_NS delete deployment v4m-osd
 fi
 
 # Enable workload node placement?
@@ -174,11 +172,11 @@
 
 # Optional workload node placement support
 if [ "$LOG_NODE_PLACEMENT_ENABLE" == "true" ]; then
-  log_verbose "Enabling OpenSearch Dashboards for workload node placement"
-  wnpValuesFile="logging/node-placement/values-osd-wnp.yaml"
-else
-  log_debug "Workload node placement support is disabled for OpenSearch Dashboards"
-  wnpValuesFile="$TMP_DIR/empty.yaml"
+    log_verbose "Enabling OpenSearch Dashboards for workload node placement"
+    wnpValuesFile="logging/node-placement/values-osd-wnp.yaml"
+else
+    log_debug "Workload node placement support is disabled for OpenSearch Dashboards"
+    wnpValuesFile="$TMP_DIR/empty.yaml"
 fi
 
 OSD_PATH_INGRESS_YAML=$TMP_DIR/empty.yaml
@@ -186,7 +184,6 @@
     OSD_PATH_INGRESS_YAML=logging/openshift/values-osd-path-route-openshift.yaml
 fi
 
-
 OPENSHIFT_SPECIFIC_YAML=$TMP_DIR/empty.yaml
 if [ "$OPENSHIFT_CLUSTER" == "true" ]; then
     OPENSHIFT_SPECIFIC_YAML=logging/openshift/values-osd-openshift.yaml
@@ -194,15 +191,14 @@
 
 # YAML file container auto-generated ingress definitions (or not)
 if [ ! -f "$autogeneratedYAMLFile" ]; then
-  log_debug "[$autogeneratedYAMLFile] not found. Using $TMP_DIR/empty.yaml"
-  autogeneratedYAMLFile="$TMP_DIR/empty.yaml"
-fi
-
+    log_debug "[$autogeneratedYAMLFile] not found. Using $TMP_DIR/empty.yaml"
+    autogeneratedYAMLFile="$TMP_DIR/empty.yaml"
+fi
 
 # Get Helm Chart Name
 log_debug "OpenSearch Dashboards Helm Chart: repo [$OSD_HELM_CHART_REPO] name [$OSD_HELM_CHART_NAME] version [$OSD_HELM_CHART_VERSION]"
 chart2install="$(get_helmchart_reference $OSD_HELM_CHART_REPO $OSD_HELM_CHART_NAME $OSD_HELM_CHART_VERSION)"
-versionstring="$(get_helm_versionstring  $OSD_HELM_CHART_VERSION)"
+versionstring="$(get_helm_versionstring $OSD_HELM_CHART_VERSION)"
 
 log_debug "Installing Helm chart from artifact [$chart2install]"
 
@@ -219,16 +215,15 @@
     --values "$OPENSHIFT_SPECIFIC_YAML" \
     --values "$OSD_PATH_INGRESS_YAML" \
     --set fullnameOverride=v4m-osd \
-   $chart2install
+    $chart2install
 
 log_info "OpenSearch Dashboards has been deployed"
 
-
 #Container Security: Disable serviceAccount Token Automounting
 if [ "$OPENSHIFT_CLUSTER" == "true" ]; then
-   disable_sa_token_automount $LOG_NS v4m-os
-else
-   disable_sa_token_automount $LOG_NS v4m-osd-dashboards
+    disable_sa_token_automount $LOG_NS v4m-os
+else
+    disable_sa_token_automount $LOG_NS v4m-osd-dashboards
 fi
 
 log_debug "Script [$this_script] has completed [$(date)]"
diff logging/bin/deploy_osd_content.sh.orig logging/bin/deploy_osd_content.sh
--- logging/bin/deploy_osd_content.sh.orig
+++ logging/bin/deploy_osd_content.sh
@@ -10,7 +10,7 @@
 source logging/bin/apiaccess-include.sh
 source logging/bin/rbac-include.sh
 
-this_script=`basename "$0"`
+this_script=$(basename "$0")
 
 log_debug "Script [$this_script] has started [$(date)]"
 
@@ -17,8 +17,8 @@
 KIBANA_CONTENT_DEPLOY=${KIBANA_CONTENT_DEPLOY:-${ELASTICSEARCH_ENABLE:-true}}
 
 if [ "$KIBANA_CONTENT_DEPLOY" != "true" ]; then
-  log_verbose "Environment variable [KIBANA_CONTENT_DEPLOY] is not set to 'true'; exiting WITHOUT deploying content into OpenSearch Dashboards"
-  exit 0
+    log_verbose "Environment variable [KIBANA_CONTENT_DEPLOY] is not set to 'true'; exiting WITHOUT deploying content into OpenSearch Dashboards"
+    exit 0
 fi
 
 # temp file used to capture command output
@@ -25,61 +25,62 @@
 tmpfile=$TMP_DIR/output.txt
 
 # Confirm namespace exists
-if [ "$(kubectl get ns $LOG_NS -o name 2>/dev/null)" == "" ]; then
-  log_error "Namespace [$LOG_NS] does NOT exist."
-  exit 1
+if [ "$(kubectl get ns $LOG_NS -o name 2> /dev/null)" == "" ]; then
+    log_error "Namespace [$LOG_NS] does NOT exist."
+    exit 1
 fi
 
 # get credentials
 get_credentials_from_secret admin
 rc=$?
-if [ "$rc" != "0" ] ;then log_debug "RC=$rc"; exit $rc;fi
+if [ "$rc" != "0" ]; then
+    log_debug "RC=$rc"
+    exit $rc
+fi
 
 set -e
 
 log_info "Configuring OpenSearch Dashboards...this may take a few minutes"
 
-
 # wait for pod to show as "running" and "ready"
 log_info "Waiting for OpenSearch Dashboards pods to be ready ($(date) - timeout 10m)"
-osdlabels="$(kubectl -n $LOG_NS get deployment v4m-osd -o=jsonpath='{.spec.selector.matchLabels}'| tr -d '{}"' | tr : '=')"
-
-kubectl -n $LOG_NS wait pods --selector "$osdlabels"  --for condition=Ready --timeout=10m
-
-set +e  # disable exit on error
+osdlabels="$(kubectl -n $LOG_NS get deployment v4m-osd -o=jsonpath='{.spec.selector.matchLabels}' | tr -d '{}"' | tr : '=')"
+
+kubectl -n $LOG_NS wait pods --selector "$osdlabels" --for condition=Ready --timeout=10m
+
+set +e # disable exit on error
 
 # Need to wait 2-3 minutes for OSD to come up and
 # and be ready to accept the curl commands below
 # Confirm OSD is ready
 log_info "Waiting (up to more 8 minutes) for OpenSearch Dashboards API endpoint to be ready"
-for pause in 30 30 60 30 30 30 30 30 30 60 60 60 
-do
-
-   get_kb_api_url
-   response=$(curl -s -o /dev/null -w  "%{http_code}" -XGET  "${kb_api_url}/api/status"  --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD  --insecure)
-   # returns 503 (and outputs "Kibana server is not ready yet") when Kibana isn't ready yet
-   # TO DO: check for 503 specifically?
-   rc=$?
-   if [[ $response != 2* ]]; then
-      log_debug "The OpenSearch Dashboards REST endpoint does not appear to be quite ready [$response/$rc]; sleeping for [$pause] more seconds before checking again."
-      stop_kb_portforwarding
-      sleep ${pause}
-   else
-      log_verbose "The OpenSearch Dashboards REST endpoint appears to be ready...continuing"
-      kibanaready="TRUE"
-      break
-   fi
+for pause in 30 30 60 30 30 30 30 30 30 60 60 60; do
+
+    get_kb_api_url
+    response=$(curl -s -o /dev/null -w "%{http_code}" -XGET "${kb_api_url}/api/status" --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
+    # returns 503 (and outputs "Kibana server is not ready yet") when Kibana isn't ready yet
+    # TO DO: check for 503 specifically?
+    rc=$?
+    if [[ $response != 2* ]]; then
+        log_debug "The OpenSearch Dashboards REST endpoint does not appear to be quite ready [$response/$rc]; sleeping for [$pause] more seconds before checking again."
+        stop_kb_portforwarding
+        sleep ${pause}
+    else
+        log_verbose "The OpenSearch Dashboards REST endpoint appears to be ready...continuing"
+        kibanaready="TRUE"
+        break
+    fi
 done
 
 set -e
 
 if [ "$kibanaready" != "TRUE" ]; then
-   log_error "The OpenSearch Dashboards REST endpoint has NOT become accessible in the expected time; exiting."
-   log_error "Review the OpenSearch Dashboards pod's events and log to identify the issue and resolve it before trying again."
-   exit 1
-fi
-
-set +e  # disable exit on error
+    log_error "The OpenSearch Dashboards REST endpoint has NOT become accessible in the expected time; exiting."
+    log_error "Review the OpenSearch Dashboards pod's events and log to identify the issue and resolve it before trying again."
+    exit 1
+fi
+
+set +e # disable exit on error
 
 # get Security API URL
 get_sec_api_url
@@ -88,21 +89,21 @@
 #   Should only be true during UIP scenario b/c our updated securityconfig processing
 #   is bypassed (to prevent clobbering post-deployment changes made via OSD).
 if ! kibana_tenant_exists "cluster_admins"; then
-   create_kibana_tenant "cluster_admins" "Tenant space for Cluster Administrators"
-   rc=$?
-   if [ "$rc" != "0" ]; then
-      log_error "Problems were encountered while attempting to create tenant space [cluster_admins]."
-      exit 1
-   fi
+    create_kibana_tenant "cluster_admins" "Tenant space for Cluster Administrators"
+    rc=$?
+    if [ "$rc" != "0" ]; then
+        log_error "Problems were encountered while attempting to create tenant space [cluster_admins]."
+        exit 1
+    fi
 else
-   log_debug "The OpenSearch Dashboards tenant space [cluster_admins] exists."
+    log_debug "The OpenSearch Dashboards tenant space [cluster_admins] exists."
 fi
 
 # Import OSD Searches, Visualizations and Dashboard Objects using curl
-./logging/bin/import_osd_content.sh logging/osd/common          cluster_admins
-./logging/bin/import_osd_content.sh logging/osd/cluster_admins  cluster_admins
-./logging/bin/import_osd_content.sh logging/osd/namespace       cluster_admins
-./logging/bin/import_osd_content.sh logging/osd/tenant          cluster_admins
+./logging/bin/import_osd_content.sh logging/osd/common cluster_admins
+./logging/bin/import_osd_content.sh logging/osd/cluster_admins cluster_admins
+./logging/bin/import_osd_content.sh logging/osd/namespace cluster_admins
+./logging/bin/import_osd_content.sh logging/osd/tenant cluster_admins
 
 log_info "Configuring OpenSearch Dashboards has been completed"
 
----------

You can reformat the above files to meet shfmt's requirements by typing:

  shfmt -s -i 4 -bn -sr -ln bash -w filename

@gsmith-sas gsmith-sas requested a review from ceelias June 6, 2025 14:36
@github-actions GitHub Actions
Copy link
Contributor

sh-checker report

To get the full details, please check in the job output.

shellcheck errors 

'shellcheck -e SC1004' returned error 1 finding the following syntactical issues:

----------

In logging/bin/apiaccess-include.sh line 34:
      kill -9 $pid
              ^--^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      kill -9 "$pid"


In logging/bin/apiaccess-include.sh line 35:
      wait $pid 2>/dev/null  # suppresses message reporting process has been killed
           ^--^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      wait "$pid" 2>/dev/null  # suppresses message reporting process has been killed


In logging/bin/apiaccess-include.sh line 56:
      stop_portforwarding $espfpid
                          ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      stop_portforwarding "$espfpid"


In logging/bin/apiaccess-include.sh line 71:
      stop_portforwarding $kbpfpid
                          ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      stop_portforwarding "$kbpfpid"


In logging/bin/apiaccess-include.sh line 90:
   api_url=$(get_service_url "$LOG_NS" "$servicename" "$usetls" $ingress)
                                                                ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   api_url=$(get_service_url "$LOG_NS" "$servicename" "$usetls" "$ingress")


In logging/bin/apiaccess-include.sh line 97:
      serviceport=$(kubectl -n $LOG_NS get service $servicename -o=jsonpath=$portpath)
                               ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                   ^----------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                            ^-------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      serviceport=$(kubectl -n "$LOG_NS" get service "$servicename" -o=jsonpath="$portpath")


In logging/bin/apiaccess-include.sh line 102:
      kubectl -n $LOG_NS port-forward --address localhost svc/$servicename :$serviceport > $tmpfile 2>/dev/null &
                 ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                              ^----------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                            ^----------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                           ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      kubectl -n "$LOG_NS" port-forward --address localhost svc/"$servicename" :"$serviceport" > "$tmpfile" 2>/dev/null &


In logging/bin/apiaccess-include.sh line 113:
      myline=$(head -n1  $tmpfile)
                         ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      myline=$(head -n1  "$tmpfile")


In logging/bin/apiaccess-include.sh line 179:
   tlsrequired="$(kubectl -n $LOG_NS get secret v4m-osd-tls-enabled -o=jsonpath={.data.enable_tls} |base64 --decode)"
                             ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                ^-- SC1083 (warning): This { is literal. Check expression (missing ;/\n?) or quote it.
                                                                                                 ^-- SC1083 (warning): This } is literal. Check expression (missing ;/\n?) or quote it.

Did you mean: 
   tlsrequired="$(kubectl -n "$LOG_NS" get secret v4m-osd-tls-enabled -o=jsonpath={.data.enable_tls} |base64 --decode)"


In logging/bin/apiaccess-include.sh line 182:
   get_api_url "$KB_SERVICENAME" '{.spec.ports[?(@.name=="'${KB_SERVICEPORT}'")].port}'  $tlsrequired  $KB_INGRESSNAME
                                                           ^---------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                         ^----------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                       ^-------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   get_api_url "$KB_SERVICENAME" '{.spec.ports[?(@.name=="'"${KB_SERVICEPORT}"'")].port}'  "$tlsrequired"  "$KB_INGRESSNAME"


In logging/bin/change_internal_password.sh line 6:
cd "$(dirname $BASH_SOURCE)/../.."
              ^----------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
cd "$(dirname "$BASH_SOURCE")/../.."


In logging/bin/change_internal_password.sh line 7:
CHECK_HELM=false
^--------^ SC2034 (warning): CHECK_HELM appears unused. Verify use (or export if used externally).


In logging/bin/change_internal_password.sh line 12:
this_script=`basename "$0"`
            ^-------------^ SC2006 (style): Use $(...) notation instead of legacy backticks `...`.

Did you mean: 
this_script=$(basename "$0")


In logging/bin/change_internal_password.sh line 79:
   if [ -z "$(kubectl -n $LOG_NS get secret internal-user-$USER_NAME -o=name 2>/dev/null)" ]; then
                         ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                          ^--------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   if [ -z "$(kubectl -n "$LOG_NS" get secret internal-user-"$USER_NAME" -o=name 2>/dev/null)" ]; then


In logging/bin/change_internal_password.sh line 85:
      ES_USER=$(kubectl -n $LOG_NS get secret internal-user-$USER_NAME -o=jsonpath="{.data.\username}" |base64 --decode)
                           ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                            ^--------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      ES_USER=$(kubectl -n "$LOG_NS" get secret internal-user-"$USER_NAME" -o=jsonpath="{.data.\username}" |base64 --decode)


In logging/bin/change_internal_password.sh line 86:
      ES_PASSWD=$(kubectl -n $LOG_NS get secret internal-user-$USER_NAME -o=jsonpath="{.data.password}" |base64 --decode)
                             ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                              ^--------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      ES_PASSWD=$(kubectl -n "$LOG_NS" get secret internal-user-"$USER_NAME" -o=jsonpath="{.data.password}" |base64 --decode)


In logging/bin/change_internal_password.sh line 106:
      ES_ADMIN_USER=$(kubectl -n $LOG_NS get secret internal-user-admin -o=jsonpath="{.data.username}" |base64 --decode)
                                 ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      ES_ADMIN_USER=$(kubectl -n "$LOG_NS" get secret internal-user-admin -o=jsonpath="{.data.username}" |base64 --decode)


In logging/bin/change_internal_password.sh line 107:
      ES_ADMIN_PASSWD=$(kubectl -n $LOG_NS get secret internal-user-admin -o=jsonpath="{.data.password}" |base64 --decode)
                                   ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      ES_ADMIN_PASSWD=$(kubectl -n "$LOG_NS" get secret internal-user-admin -o=jsonpath="{.data.password}" |base64 --decode)


In logging/bin/change_internal_password.sh line 110:
      kubectl -n $LOG_NS exec $targetpod -c $targetcontainer --  chmod +x $toolsrootdir/tools/hash.sh
                 ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      kubectl -n "$LOG_NS" exec $targetpod -c $targetcontainer --  chmod +x $toolsrootdir/tools/hash.sh


In logging/bin/change_internal_password.sh line 112:
      hashed_passwd=$(kubectl -n $LOG_NS exec $targetpod  -c $targetcontainer --  $toolsrootdir/tools/hash.sh -p $NEW_PASSWD|grep -v '*')
                                 ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                 ^---------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                                     ^-^ SC2063 (warning): Grep uses regex, but this looks like a glob.

Did you mean: 
      hashed_passwd=$(kubectl -n "$LOG_NS" exec $targetpod  -c $targetcontainer --  $toolsrootdir/tools/hash.sh -p "$NEW_PASSWD"|grep -v '*')


In logging/bin/change_internal_password.sh line 117:
         response=$(curl -s -o /dev/null -w "%{http_code}"  -XPATCH "$sec_api_url/internalusers/$ES_USER"   -H 'Content-Type: application/json' -d'[{"op" : "replace", "path" : "/hash", "value" : "'"$hashed_passwd"'"}]'  --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
                                                                                                                                                                                                                                   ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                                                                                                                                                  ^--------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
         response=$(curl -s -o /dev/null -w "%{http_code}"  -XPATCH "$sec_api_url/internalusers/$ES_USER"   -H 'Content-Type: application/json' -d'[{"op" : "replace", "path" : "/hash", "value" : "'"$hashed_passwd"'"}]'  --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)


In logging/bin/change_internal_password.sh line 151:
      kubectl -n $LOG_NS exec $targetpod  -c $targetcontainer --  chmod +x $toolsrootdir/tools/hash.sh
                 ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      kubectl -n "$LOG_NS" exec $targetpod  -c $targetcontainer --  chmod +x $toolsrootdir/tools/hash.sh


In logging/bin/change_internal_password.sh line 153:
      hashed_passwd=$(kubectl -n $LOG_NS exec $targetpod  -c $targetcontainer --  $toolsrootdir/tools/hash.sh -p $NEW_PASSWD|grep -v '*')
                                 ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                 ^---------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                                     ^-^ SC2063 (warning): Grep uses regex, but this looks like a glob.

Did you mean: 
      hashed_passwd=$(kubectl -n "$LOG_NS" exec $targetpod  -c $targetcontainer --  $toolsrootdir/tools/hash.sh -p "$NEW_PASSWD"|grep -v '*')


In logging/bin/change_internal_password.sh line 157:
      rm -f $TMP_DIR/tls.crt
            ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      rm -f "$TMP_DIR"/tls.crt


In logging/bin/change_internal_password.sh line 158:
      admin_tls_cert=$(kubectl -n $LOG_NS get secrets es-admin-tls-secret -o "jsonpath={.data['tls\.crt']}")
                                  ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      admin_tls_cert=$(kubectl -n "$LOG_NS" get secrets es-admin-tls-secret -o "jsonpath={.data['tls\.crt']}")


In logging/bin/change_internal_password.sh line 164:
         echo "$admin_tls_cert" |base64 --decode > $TMP_DIR/admin_tls.crt
                                                   ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
         echo "$admin_tls_cert" |base64 --decode > "$TMP_DIR"/admin_tls.crt


In logging/bin/change_internal_password.sh line 167:
         rm -f $TMP_DIR/tls.key
               ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
         rm -f "$TMP_DIR"/tls.key


In logging/bin/change_internal_password.sh line 168:
         admin_tls_key=$(kubectl -n $LOG_NS get secrets es-admin-tls-secret -o "jsonpath={.data['tls\.key']}")
                                    ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
         admin_tls_key=$(kubectl -n "$LOG_NS" get secrets es-admin-tls-secret -o "jsonpath={.data['tls\.key']}")


In logging/bin/change_internal_password.sh line 174:
            echo "$admin_tls_key" |base64 --decode > $TMP_DIR/admin_tls.key
                                                     ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
            echo "$admin_tls_key" |base64 --decode > "$TMP_DIR"/admin_tls.key


In logging/bin/change_internal_password.sh line 177:
            response=$(curl -s -o /dev/null -w "%{http_code}" -XPATCH "$sec_api_url/internalusers/$ES_USER"   -H 'Content-Type: application/json' -d'[{"op" : "replace", "path" : "/hash", "value" : "'"$hashed_passwd"'"}]'  --cert $TMP_DIR/admin_tls.crt --key $TMP_DIR/admin_tls.key  --insecure)
                                                                                                                                                                                                                                     ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                                                                                                                                                                  ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
            response=$(curl -s -o /dev/null -w "%{http_code}" -XPATCH "$sec_api_url/internalusers/$ES_USER"   -H 'Content-Type: application/json' -d'[{"op" : "replace", "path" : "/hash", "value" : "'"$hashed_passwd"'"}]'  --cert "$TMP_DIR"/admin_tls.crt --key "$TMP_DIR"/admin_tls.key  --insecure)


In logging/bin/change_internal_password.sh line 202:
     kubectl -n $LOG_NS delete secret internal-user-$USER_NAME  --ignore-not-found
                ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                    ^--------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
     kubectl -n "$LOG_NS" delete secret internal-user-"$USER_NAME"  --ignore-not-found


In logging/bin/change_internal_password.sh line 209:
     create_user_secret internal-user-$USER_NAME $USER_NAME $NEW_PASSWD "$labels"
                                      ^--------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                 ^--------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                            ^---------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
     create_user_secret internal-user-"$USER_NAME" "$USER_NAME" "$NEW_PASSWD" "$labels"


In logging/bin/common.sh line 1:
# Copyright © 2020, SAS Institute Inc., Cary, NC, USA.  All Rights Reserved.
^-- SC2148 (error): Tips depend on target shell and yours is unknown. Add a shebang or a 'shell' directive.


In logging/bin/common.sh line 11:
        userEnv=$(grep -v '^[[:blank:]]*$' $USER_DIR/logging/user.env | grep -v '^#' | xargs)
                                           ^-------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
        userEnv=$(grep -v '^[[:blank:]]*$' "$USER_DIR"/logging/user.env | grep -v '^#' | xargs)


In logging/bin/common.sh line 14:
          export $userEnv
                 ^------^ SC2163 (warning): This does not export 'userEnv'. Remove $/${} for that, or use ${var?} to quiet.
                 ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
          export "$userEnv"


In logging/bin/deploy_esexporter.sh line 6:
cd "$(dirname $BASH_SOURCE)/../.."
              ^----------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
cd "$(dirname "$BASH_SOURCE")/../.."


In logging/bin/deploy_esexporter.sh line 10:
this_script=`basename "$0"`
            ^-------------^ SC2006 (style): Use $(...) notation instead of legacy backticks `...`.

Did you mean: 
this_script=$(basename "$0")


In logging/bin/deploy_esexporter.sh line 28:
if [ "$(kubectl get ns $LOG_NS -o name 2>/dev/null)" == "" ]; then
                       ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
if [ "$(kubectl get ns "$LOG_NS" -o name 2>/dev/null)" == "" ]; then


In logging/bin/deploy_esexporter.sh line 39:
if helm3ReleaseExists es-exporter $LOG_NS; then
                                  ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
if helm3ReleaseExists es-exporter "$LOG_NS"; then


In logging/bin/deploy_esexporter.sh line 42:
   if [ -z $(kubectl -n $LOG_NS get pods -l "app.kubernetes.io/name=prometheus-elasticsearch-exporter,searchbackend=opensearch" -o name 2>/dev/null) ]; then
           ^-- SC2046 (warning): Quote this to prevent word splitting.
                        ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   if [ -z $(kubectl -n "$LOG_NS" get pods -l "app.kubernetes.io/name=prometheus-elasticsearch-exporter,searchbackend=opensearch" -o name 2>/dev/null) ]; then


In logging/bin/deploy_esexporter.sh line 44:
      helm -n $LOG_NS delete es-exporter
              ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      helm -n "$LOG_NS" delete es-exporter


In logging/bin/deploy_esexporter.sh line 47:
   if kubectl get crd servicemonitors.monitoring.coreos.com 2>1 1>/dev/null; then
                                                             ^-- SC2210 (warning): This is a file redirection. Was it supposed to be a comparison or fd operation?


In logging/bin/deploy_esexporter.sh line 52:
         kubectl delete -n $monNamespace servicemonitor elasticsearch
                           ^-----------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
         kubectl delete -n "$monNamespace" servicemonitor elasticsearch


In logging/bin/deploy_esexporter.sh line 54:
         kubectl apply  -n $monNamespace -f monitoring/monitors/logging/serviceMonitor-elasticsearch-v2.yaml
                           ^-----------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
         kubectl apply  -n "$monNamespace" -f monitoring/monitors/logging/serviceMonitor-elasticsearch-v2.yaml


In logging/bin/deploy_esexporter.sh line 110:
helm2ReleaseCheck es-exporter-$LOG_NS
                              ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
helm2ReleaseCheck es-exporter-"$LOG_NS"


In logging/bin/deploy_esexporter.sh line 115:
chart2install="$(get_helmchart_reference $ESEXPORTER_HELM_CHART_REPO $ESEXPORTER_HELM_CHART_NAME $ESEXPORTER_HELM_CHART_VERSION)"
                                         ^-------------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                     ^-------------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                 ^----------------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
chart2install="$(get_helmchart_reference "$ESEXPORTER_HELM_CHART_REPO" "$ESEXPORTER_HELM_CHART_NAME" "$ESEXPORTER_HELM_CHART_VERSION")"


In logging/bin/deploy_esexporter.sh line 116:
versionstring="$(get_helm_versionstring  $ESEXPORTER_HELM_CHART_VERSION)"
                                         ^----------------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
versionstring="$(get_helm_versionstring  "$ESEXPORTER_HELM_CHART_VERSION")"


In logging/bin/deploy_esexporter.sh line 120:
helm $helmDebug upgrade --install es-exporter \
     ^--------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
helm "$helmDebug" upgrade --install es-exporter \


In logging/bin/deploy_esexporter.sh line 121:
 --namespace $LOG_NS \
             ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
 --namespace "$LOG_NS" \


In logging/bin/deploy_esexporter.sh line 122:
 -f $imageKeysFile \
    ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
 -f "$imageKeysFile" \


In logging/bin/deploy_esexporter.sh line 124:
 -f $wnpValuesFile \
    ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
 -f "$wnpValuesFile" \


In logging/bin/deploy_esexporter.sh line 125:
 -f $openshiftValuesFile \
    ^------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
 -f "$openshiftValuesFile" \


In logging/bin/deploy_esexporter.sh line 126:
 -f $ES_OPEN_EXPORTER_USER_YAML \
    ^-------------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
 -f "$ES_OPEN_EXPORTER_USER_YAML" \


In logging/bin/deploy_esexporter.sh line 128:
 $versionstring \
 ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
 "$versionstring" \


In logging/bin/deploy_esexporter.sh line 129:
 $chart2install
 ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
 "$chart2install"


In logging/bin/deploy_logging.sh line 6:
cd "$(dirname $BASH_SOURCE)/../.."
              ^----------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
cd "$(dirname "$BASH_SOURCE")/../.."


In logging/bin/deploy_logging.sh line 30:
if [ "$(kubectl get ns $LOG_NS -o name 2>/dev/null)" == "" ]; then
                       ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
if [ "$(kubectl get ns "$LOG_NS" -o name 2>/dev/null)" == "" ]; then


In logging/bin/deploy_logging.sh line 31:
  kubectl create ns $LOG_NS
                    ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
  kubectl create ns "$LOG_NS"


In logging/bin/deploy_logging.sh line 34:
  disable_sa_token_automount $LOG_NS default
                             ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
  disable_sa_token_automount "$LOG_NS" default


In logging/bin/deploy_logging.sh line 97:
if helm3ReleaseExists v4m $LOG_NS; then
                          ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
if helm3ReleaseExists v4m "$LOG_NS"; then


In logging/bin/deploy_logging_openshift.sh line 6:
cd "$(dirname $BASH_SOURCE)/../.."
              ^----------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
cd "$(dirname "$BASH_SOURCE")/../.."


In logging/bin/deploy_logging_openshift.sh line 31:
if [ "$(kubectl get ns $LOG_NS -o name 2>/dev/null)" == "" ]; then
                       ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
if [ "$(kubectl get ns "$LOG_NS" -o name 2>/dev/null)" == "" ]; then


In logging/bin/deploy_logging_openshift.sh line 32:
  kubectl create ns $LOG_NS
                    ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
  kubectl create ns "$LOG_NS"


In logging/bin/deploy_logging_openshift.sh line 35:
  disable_sa_token_automount $LOG_NS default
                             ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
  disable_sa_token_automount "$LOG_NS" default


In logging/bin/deploy_logging_openshift.sh line 36:
  disable_sa_token_automount $LOG_NS builder
                             ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
  disable_sa_token_automount "$LOG_NS" builder


In logging/bin/deploy_logging_openshift.sh line 37:
  disable_sa_token_automount $LOG_NS deployer
                             ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
  disable_sa_token_automount "$LOG_NS" deployer


In logging/bin/deploy_logging_openshift.sh line 123:
   bin/show_app_url.sh $servicelist
                       ^----------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   bin/show_app_url.sh "$servicelist"


In logging/bin/deploy_logging_openshift.sh line 144:
if helm3ReleaseExists v4m $LOG_NS; then
                          ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
if helm3ReleaseExists v4m "$LOG_NS"; then


In logging/bin/deploy_opensearch.sh line 6:
cd "$(dirname $BASH_SOURCE)/../.."
              ^----------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
cd "$(dirname "$BASH_SOURCE")/../.."


In logging/bin/deploy_opensearch.sh line 13:
this_script=`basename "$0"`
            ^-------------^ SC2006 (style): Use $(...) notation instead of legacy backticks `...`.

Did you mean: 
this_script=$(basename "$0")


In logging/bin/deploy_opensearch.sh line 48:
if [ "$AUTOGENERATE_INGRESS" == "true" ] && [ "$OPENSEARCH_INGRESS_ENABLE"="true" ]; then
                                                                          ^-- SC2077 (error): You need spaces around the comparison operator.


In logging/bin/deploy_opensearch.sh line 68:
   yq -i eval-all '. as $item ireduce ({}; . * $item )' "$autogeneratedYAMLFile" "$ingressSampleFile"
                  ^-- SC2016 (info): Expressions don't expand in single quotes, use double quotes for that.


In logging/bin/deploy_opensearch.sh line 71:
   OPENSEARCH_FQDN="${OPENSEARCH_FQDN}"
   ^-------------^ SC2269 (info): This variable is assigned to itself, so the assignment does nothing.


In logging/bin/deploy_opensearch.sh line 85:
   yq -i '.ingress.enabled=env(OPENSEARCH_INGRESS_ENABLE)'               $autogeneratedYAMLFile
                                                                         ^--------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   yq -i '.ingress.enabled=env(OPENSEARCH_INGRESS_ENABLE)'               "$autogeneratedYAMLFile"


In logging/bin/deploy_opensearch.sh line 88:
      yq -i '.ingress.hosts.[0]=env(OPENSEARCH_FQDN)'                    $autogeneratedYAMLFile
                                                                         ^--------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      yq -i '.ingress.hosts.[0]=env(OPENSEARCH_FQDN)'                    "$autogeneratedYAMLFile"


In logging/bin/deploy_opensearch.sh line 89:
      yq -i '.ingress.tls.[0].hosts.[0]=env(OPENSEARCH_FQDN)'            $autogeneratedYAMLFile
                                                                         ^--------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      yq -i '.ingress.tls.[0].hosts.[0]=env(OPENSEARCH_FQDN)'            "$autogeneratedYAMLFile"


In logging/bin/deploy_opensearch.sh line 91:
      slashpath="/$OPENSEARCH_PATH" yq -i '.ingress.path=env(slashpath)' $autogeneratedYAMLFile
                                                                         ^--------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      slashpath="/$OPENSEARCH_PATH" yq -i '.ingress.path=env(slashpath)' "$autogeneratedYAMLFile"


In logging/bin/deploy_opensearch.sh line 92:
      yq -i '.ingress.hosts.[0]=env(OPENSEARCH_FQDN)'                    $autogeneratedYAMLFile
                                                                         ^--------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      yq -i '.ingress.hosts.[0]=env(OPENSEARCH_FQDN)'                    "$autogeneratedYAMLFile"


In logging/bin/deploy_opensearch.sh line 94:
      yq -i '.ingress.tls.[0].hosts.[0]=env(OPENSEARCH_FQDN)'            $autogeneratedYAMLFile
                                                                         ^--------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      yq -i '.ingress.tls.[0].hosts.[0]=env(OPENSEARCH_FQDN)'            "$autogeneratedYAMLFile"


In logging/bin/deploy_opensearch.sh line 95:
      slashpath="/$OPENSEARCH_PATH" yq -i '.ingress.annotations["nginx.ingress.kubernetes.io/rewrite-target"]=env(slashpath)' $autogeneratedYAMLFile
                                                                                                                              ^--------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      slashpath="/$OPENSEARCH_PATH" yq -i '.ingress.annotations["nginx.ingress.kubernetes.io/rewrite-target"]=env(slashpath)' "$autogeneratedYAMLFile"


In logging/bin/deploy_opensearch.sh line 98:
      printf -v snippet "rewrite (?i)/$OPENSEARCH_PATH/(.*) /\$1 break;\nrewrite (?i)/${OPENSEARCH_PATH}$ / break;"  ;
                        ^-- SC2059 (info): Don't use variables in the printf format string. Use printf '..%s..' "$foo".


In logging/bin/deploy_opensearch.sh line 99:
      snippet="$snippet"    yq -i '.ingress.annotations["nginx.ingress.kubernetes.io/configuration-snippet"]=strenv(snippet)'  $autogeneratedYAMLFile
                                                                                                                               ^--------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      snippet="$snippet"    yq -i '.ingress.annotations["nginx.ingress.kubernetes.io/configuration-snippet"]=strenv(snippet)'  "$autogeneratedYAMLFile"


In logging/bin/deploy_opensearch.sh line 116:
if [ "$(kubectl get ns $LOG_NS -o name 2>/dev/null)" == "" ]; then
                       ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
if [ "$(kubectl get ns "$LOG_NS" -o name 2>/dev/null)" == "" ]; then


In logging/bin/deploy_opensearch.sh line 144:
if verify_cert_generator $LOG_NS es-transport es-rest es-admin; then
                         ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
if verify_cert_generator "$LOG_NS" es-transport es-rest es-admin; then


In logging/bin/deploy_opensearch.sh line 152:
create_tls_certs $LOG_NS logging es-transport es-rest es-admin
                 ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
create_tls_certs "$LOG_NS" logging es-transport es-rest es-admin


In logging/bin/deploy_opensearch.sh line 158:
if [ ! -f  $TMP_DIR/es-transport.pem ]; then
           ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
if [ ! -f  "$TMP_DIR"/es-transport.pem ]; then


In logging/bin/deploy_opensearch.sh line 160:
   kubectl -n $LOG_NS get secret es-transport-tls-secret -o=jsonpath="{.data.tls\.crt}" |base64 --decode > $TMP_DIR/es-transport.pem
              ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                           ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   kubectl -n "$LOG_NS" get secret es-transport-tls-secret -o=jsonpath="{.data.tls\.crt}" |base64 --decode > "$TMP_DIR"/es-transport.pem


In logging/bin/deploy_opensearch.sh line 162:
node_dn=$(openssl x509 -subject -nameopt RFC2253 -noout -in $TMP_DIR/es-transport.pem | sed -e "s/subject=\s*\(\S*\)/\1/" -e "s/^[ \t]*//")
                                                            ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
node_dn=$(openssl x509 -subject -nameopt RFC2253 -noout -in "$TMP_DIR"/es-transport.pem | sed -e "s/subject=\s*\(\S*\)/\1/" -e "s/^[ \t]*//")


In logging/bin/deploy_opensearch.sh line 164:
if [ ! -f  $TMP_DIR/es-admin.pem ]; then
           ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
if [ ! -f  "$TMP_DIR"/es-admin.pem ]; then


In logging/bin/deploy_opensearch.sh line 166:
   kubectl -n $LOG_NS get secret es-admin-tls-secret -o=jsonpath="{.data.tls\.crt}" |base64 --decode > $TMP_DIR/es-admin.pem
              ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                       ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   kubectl -n "$LOG_NS" get secret es-admin-tls-secret -o=jsonpath="{.data.tls\.crt}" |base64 --decode > "$TMP_DIR"/es-admin.pem


In logging/bin/deploy_opensearch.sh line 168:
admin_dn=$(openssl x509 -subject -nameopt RFC2253 -noout -in $TMP_DIR/es-admin.pem | sed -e "s/subject=\s*\(\S*\)/\1/" -e "s/^[ \t]*//")
                                                             ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
admin_dn=$(openssl x509 -subject -nameopt RFC2253 -noout -in "$TMP_DIR"/es-admin.pem | sed -e "s/subject=\s*\(\S*\)/\1/" -e "s/^[ \t]*//")


In logging/bin/deploy_opensearch.sh line 173:
kubectl -n $LOG_NS delete secret opensearch-cert-subjects --ignore-not-found
           ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
kubectl -n "$LOG_NS" delete secret opensearch-cert-subjects --ignore-not-found


In logging/bin/deploy_opensearch.sh line 174:
kubectl -n $LOG_NS create secret generic opensearch-cert-subjects  --from-literal=node_dn="$node_dn" --from-literal=admin_dn="$admin_dn"
           ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
kubectl -n "$LOG_NS" create secret generic opensearch-cert-subjects  --from-literal=node_dn="$node_dn" --from-literal=admin_dn="$admin_dn"


In logging/bin/deploy_opensearch.sh line 175:
kubectl -n $LOG_NS label  secret opensearch-cert-subjects  managed-by=v4m-es-script
           ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
kubectl -n "$LOG_NS" label  secret opensearch-cert-subjects  managed-by=v4m-es-script


In logging/bin/deploy_opensearch.sh line 178:
kubectl -n $LOG_NS delete configmap run-securityadmin.sh --ignore-not-found
           ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
kubectl -n "$LOG_NS" delete configmap run-securityadmin.sh --ignore-not-found


In logging/bin/deploy_opensearch.sh line 179:
kubectl -n $LOG_NS create configmap run-securityadmin.sh --from-file logging/opensearch/bin/run_securityadmin.sh
           ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
kubectl -n "$LOG_NS" create configmap run-securityadmin.sh --from-file logging/opensearch/bin/run_securityadmin.sh


In logging/bin/deploy_opensearch.sh line 180:
kubectl -n $LOG_NS label  configmap run-securityadmin.sh managed-by=v4m-es-script search-backend=opensearch
           ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
kubectl -n "$LOG_NS" label  configmap run-securityadmin.sh managed-by=v4m-es-script search-backend=opensearch


In logging/bin/deploy_opensearch.sh line 183:
export ES_ADMIN_USER=$(kubectl -n $LOG_NS get secret internal-user-admin -o=jsonpath="{.data.username}" |base64 --decode)
       ^-----------^ SC2155 (warning): Declare and assign separately to avoid masking return values.
                                  ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
export ES_ADMIN_USER=$(kubectl -n "$LOG_NS" get secret internal-user-admin -o=jsonpath="{.data.username}" |base64 --decode)


In logging/bin/deploy_opensearch.sh line 184:
export ES_ADMIN_PASSWD=$(kubectl -n $LOG_NS get secret internal-user-admin -o=jsonpath="{.data.password}" |base64 --decode)
       ^-------------^ SC2155 (warning): Declare and assign separately to avoid masking return values.
                                    ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
export ES_ADMIN_PASSWD=$(kubectl -n "$LOG_NS" get secret internal-user-admin -o=jsonpath="{.data.password}" |base64 --decode)


In logging/bin/deploy_opensearch.sh line 185:
export ES_METRICGETTER_USER=$(kubectl -n $LOG_NS get secret internal-user-metricgetter -o=jsonpath="{.data.username}" |base64 --decode)
       ^------------------^ SC2155 (warning): Declare and assign separately to avoid masking return values.
                                         ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
export ES_METRICGETTER_USER=$(kubectl -n "$LOG_NS" get secret internal-user-metricgetter -o=jsonpath="{.data.username}" |base64 --decode)


In logging/bin/deploy_opensearch.sh line 186:
export ES_METRICGETTER_PASSWD=$(kubectl -n $LOG_NS get secret internal-user-metricgetter -o=jsonpath="{.data.password}" |base64 --decode)
       ^--------------------^ SC2155 (warning): Declare and assign separately to avoid masking return values.
                                           ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
export ES_METRICGETTER_PASSWD=$(kubectl -n "$LOG_NS" get secret internal-user-metricgetter -o=jsonpath="{.data.password}" |base64 --decode)


In logging/bin/deploy_opensearch.sh line 189:
adminpwd_autogenerated=$(kubectl -n $LOG_NS get secret internal-user-admin   -o jsonpath='{.metadata.labels.autogenerated_password}')
                                    ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
adminpwd_autogenerated=$(kubectl -n "$LOG_NS" get secret internal-user-admin   -o jsonpath='{.metadata.labels.autogenerated_password}')


In logging/bin/deploy_opensearch.sh line 190:
if [ ! -z "$adminpwd_autogenerated"  ]; then
     ^-- SC2236 (style): Use -n instead of ! -z.


In logging/bin/deploy_opensearch.sh line 224:
if [ "$(helm -n $LOG_NS list --filter 'opensearch' -q)" == "opensearch" ]; then
                ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
if [ "$(helm -n "$LOG_NS" list --filter 'opensearch' -q)" == "opensearch" ]; then


In logging/bin/deploy_opensearch.sh line 232:
helm2ReleaseCheck odfe-$LOG_NS
                       ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
helm2ReleaseCheck odfe-"$LOG_NS"


In logging/bin/deploy_opensearch.sh line 235:
if [ "$(helm -n $LOG_NS list --filter 'odfe' -q)" == "odfe" ]; then
                ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
if [ "$(helm -n "$LOG_NS" list --filter 'odfe' -q)" == "odfe" ]; then


In logging/bin/deploy_opensearch.sh line 249:
if [ -z "$(kubectl -n $LOG_NS get secret opensearch-securityconfig -o name 2>/dev/null)" ]; then
                      ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
if [ -z "$(kubectl -n "$LOG_NS" get secret opensearch-securityconfig -o name 2>/dev/null)" ]; then


In logging/bin/deploy_opensearch.sh line 251:
   kubectl -n $LOG_NS delete secret opensearch-securityconfig --ignore-not-found
              ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   kubectl -n "$LOG_NS" delete secret opensearch-securityconfig --ignore-not-found


In logging/bin/deploy_opensearch.sh line 254:
   mkdir -p $TMP_DIR/opensearch/securityconfig
            ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   mkdir -p "$TMP_DIR"/opensearch/securityconfig


In logging/bin/deploy_opensearch.sh line 255:
   cp logging/opensearch/securityconfig/*.yml $TMP_DIR/opensearch/securityconfig
                                              ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   cp logging/opensearch/securityconfig/*.yml "$TMP_DIR"/opensearch/securityconfig


In logging/bin/deploy_opensearch.sh line 260:
      if [ "$(ls $USER_DIR/logging/opensearch/securityconfig/*.yml 2>/dev/null)" ]; then
                 ^-------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      if [ "$(ls "$USER_DIR"/logging/opensearch/securityconfig/*.yml 2>/dev/null)" ]; then


In logging/bin/deploy_opensearch.sh line 262:
        cp $USER_DIR/logging/opensearch/securityconfig/*.yml $TMP_DIR/opensearch/securityconfig
           ^-------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                             ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
        cp "$USER_DIR"/logging/opensearch/securityconfig/*.yml "$TMP_DIR"/opensearch/securityconfig


In logging/bin/deploy_opensearch.sh line 271:
   kubectl -n $LOG_NS create secret generic opensearch-securityconfig    \
              ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   kubectl -n "$LOG_NS" create secret generic opensearch-securityconfig    \


In logging/bin/deploy_opensearch.sh line 272:
       --from-file $TMP_DIR/opensearch/securityconfig/action_groups.yml  \
                   ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
       --from-file "$TMP_DIR"/opensearch/securityconfig/action_groups.yml  \


In logging/bin/deploy_opensearch.sh line 273:
       --from-file $TMP_DIR/opensearch/securityconfig/allowlist.yml      \
                   ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
       --from-file "$TMP_DIR"/opensearch/securityconfig/allowlist.yml      \


In logging/bin/deploy_opensearch.sh line 274:
       --from-file whitelist.yml=$TMP_DIR/opensearch/securityconfig/allowlist.yml      \
                                 ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
       --from-file whitelist.yml="$TMP_DIR"/opensearch/securityconfig/allowlist.yml      \


In logging/bin/deploy_opensearch.sh line 275:
       --from-file $TMP_DIR/opensearch/securityconfig/config.yml         \
                   ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
       --from-file "$TMP_DIR"/opensearch/securityconfig/config.yml         \


In logging/bin/deploy_opensearch.sh line 276:
       --from-file $TMP_DIR/opensearch/securityconfig/internal_users.yml \
                   ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
       --from-file "$TMP_DIR"/opensearch/securityconfig/internal_users.yml \


In logging/bin/deploy_opensearch.sh line 277:
       --from-file $TMP_DIR/opensearch/securityconfig/nodes_dn.yml       \
                   ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
       --from-file "$TMP_DIR"/opensearch/securityconfig/nodes_dn.yml       \


In logging/bin/deploy_opensearch.sh line 278:
       --from-file $TMP_DIR/opensearch/securityconfig/roles.yml          \
                   ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
       --from-file "$TMP_DIR"/opensearch/securityconfig/roles.yml          \


In logging/bin/deploy_opensearch.sh line 279:
       --from-file $TMP_DIR/opensearch/securityconfig/roles_mapping.yml  \
                   ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
       --from-file "$TMP_DIR"/opensearch/securityconfig/roles_mapping.yml  \


In logging/bin/deploy_opensearch.sh line 280:
       --from-file $TMP_DIR/opensearch/securityconfig/tenants.yml
                   ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
       --from-file "$TMP_DIR"/opensearch/securityconfig/tenants.yml


In logging/bin/deploy_opensearch.sh line 282:
   kubectl -n $LOG_NS label secret opensearch-securityconfig  managed-by=v4m-es-script
              ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   kubectl -n "$LOG_NS" label secret opensearch-securityconfig  managed-by=v4m-es-script


In logging/bin/deploy_opensearch.sh line 318:
chart2install="$(get_helmchart_reference $OPENSEARCH_HELM_CHART_REPO $OPENSEARCH_HELM_CHART_NAME $OPENSEARCH_HELM_CHART_VERSION)"
                                         ^-------------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                     ^-------------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                 ^----------------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
chart2install="$(get_helmchart_reference "$OPENSEARCH_HELM_CHART_REPO" "$OPENSEARCH_HELM_CHART_NAME" "$OPENSEARCH_HELM_CHART_VERSION")"


In logging/bin/deploy_opensearch.sh line 319:
versionstring="$(get_helm_versionstring  $OPENSEARCH_HELM_CHART_VERSION)"
                                         ^----------------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
versionstring="$(get_helm_versionstring  "$OPENSEARCH_HELM_CHART_VERSION")"


In logging/bin/deploy_opensearch.sh line 325:
helm $helmDebug upgrade --install opensearch \
     ^--------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
helm "$helmDebug" upgrade --install opensearch \


In logging/bin/deploy_opensearch.sh line 326:
    --namespace $LOG_NS \
                ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
    --namespace "$LOG_NS" \


In logging/bin/deploy_opensearch.sh line 337:
    $versionstring \
    ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
    "$versionstring" \


In logging/bin/deploy_opensearch.sh line 338:
    $chart2install
    ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
    "$chart2install"


In logging/bin/deploy_opensearch.sh line 342:
pvc_status=$(kubectl -n $LOG_NS get pvc  v4m-search-v4m-search-0  -o=jsonpath="{.status.phase}")
                        ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
pvc_status=$(kubectl -n "$LOG_NS" get pvc  v4m-search-v4m-search-0  -o=jsonpath="{.status.phase}")


In logging/bin/deploy_opensearch.sh line 343:
until [ "$pvc_status" == "Bound" ] || (( $pvcCounter>90 ));
                                         ^---------^ SC2004 (style): $/${} is unnecessary on arithmetic variables.


In logging/bin/deploy_opensearch.sh line 347:
   pvc_status=$(kubectl -n $LOG_NS get pvc v4m-search-v4m-search-0 -o=jsonpath="{.status.phase}")
                           ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   pvc_status=$(kubectl -n "$LOG_NS" get pvc v4m-search-v4m-search-0 -o=jsonpath="{.status.phase}")


In logging/bin/deploy_opensearch.sh line 351:
pvc_status=$(kubectl -n $LOG_NS get pvc  v4m-search-v4m-search-0  -o=jsonpath="{.status.phase}")
                        ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
pvc_status=$(kubectl -n "$LOG_NS" get pvc  v4m-search-v4m-search-0  -o=jsonpath="{.status.phase}")


In logging/bin/deploy_opensearch.sh line 362:
kubectl -n $LOG_NS wait pods v4m-search-0 --for=condition=Ready --timeout=10m
           ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
kubectl -n "$LOG_NS" wait pods v4m-search-0 --for=condition=Ready --timeout=10m


In logging/bin/deploy_opensearch.sh line 376:
  kubectl -n $LOG_NS exec v4m-search-0 -c opensearch -- config/run_securityadmin.sh
             ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
  kubectl -n "$LOG_NS" exec v4m-search-0 -c opensearch -- config/run_securityadmin.sh


In logging/bin/deploy_opensearch.sh line 378:
  kubectl -n $LOG_NS cp v4m-search-0:config/run_securityadmin.log $TMP_DIR/run_securityadmin.log -c opensearch
             ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                  ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
  kubectl -n "$LOG_NS" cp v4m-search-0:config/run_securityadmin.log "$TMP_DIR"/run_securityadmin.log -c opensearch


In logging/bin/deploy_opensearch.sh line 379:
  if [ "$(tail -n1  $TMP_DIR/run_securityadmin.log)" == "Done with success" ]; then
                    ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
  if [ "$(tail -n1  "$TMP_DIR"/run_securityadmin.log)" == "Done with success" ]; then


In logging/bin/deploy_opensearch.sh line 385:
  sed 's/^/   | /' $TMP_DIR/run_securityadmin.log
                   ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
  sed 's/^/   | /' "$TMP_DIR"/run_securityadmin.log


In logging/bin/deploy_opensearch.sh line 394:
   disable_sa_token_automount $LOG_NS v4m-os
                              ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   disable_sa_token_automount "$LOG_NS" v4m-os


In logging/bin/deploy_opensearch_content.sh line 6:
cd "$(dirname $BASH_SOURCE)/../.."
              ^----------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
cd "$(dirname "$BASH_SOURCE")/../.."


In logging/bin/deploy_opensearch_content.sh line 12:
this_script=`basename "$0"`
            ^-------------^ SC2006 (style): Use $(...) notation instead of legacy backticks `...`.

Did you mean: 
this_script=$(basename "$0")


In logging/bin/deploy_opensearch_content.sh line 33:
if [ "$(kubectl get ns $LOG_NS -o name 2>/dev/null)" == "" ]; then
                       ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
if [ "$(kubectl get ns "$LOG_NS" -o name 2>/dev/null)" == "" ]; then


In logging/bin/deploy_opensearch_content.sh line 49:
   response=$(curl -s -o /dev/null -w  "%{http_code}" -XGET  "$es_api_url"  --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD  --insecure)
                                                                                   ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                  ^--------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   response=$(curl -s -o /dev/null -w  "%{http_code}" -XGET  "$es_api_url"  --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD"  --insecure)


In logging/bin/deploy_opensearch_content.sh line 77:
   log_debug "Function called: set_retention_perid ARGS: $@"
                                                         ^-- SC2145 (error): Argument mixes string and array. Use * or separate argument.


In logging/bin/deploy_opensearch_content.sh line 83:
   cp logging/opensearch/${policy_name}.json $TMP_DIR/$policy_name.json
                         ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                             ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                      ^----------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   cp logging/opensearch/"${policy_name}".json "$TMP_DIR"/"$policy_name".json


In logging/bin/deploy_opensearch_content.sh line 92:
   sed -i'.bak' "s/\"min_index_age\": \"xxxRETENTION_PERIODxxx\"/\"min_index_age\": \"${retention_period}d\"/g" $TMP_DIR/$policy_name.json
                                                                                                                ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                         ^----------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   sed -i'.bak' "s/\"min_index_age\": \"xxxRETENTION_PERIODxxx\"/\"min_index_age\": \"${retention_period}d\"/g" "$TMP_DIR"/"$policy_name".json


In logging/bin/deploy_opensearch_content.sh line 95:
   log_debug "$(cat $TMP_DIR/${policy_name}.json)"
                    ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                             ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   log_debug "$(cat "$TMP_DIR"/"${policy_name}".json)"


In logging/bin/deploy_opensearch_content.sh line 98:
   response=$(curl -s -o /dev/null  -w "%{http_code}" -XPUT "$ism_api_url/policies/$policy_name" -H 'Content-Type: application/json' -d @$TMP_DIR/$policy_name.json  --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
                                                                                                                                         ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                                                  ^----------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                                                                            ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                                                                                           ^--------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   response=$(curl -s -o /dev/null  -w "%{http_code}" -XPUT "$ism_api_url/policies/$policy_name" -H 'Content-Type: application/json' -d @"$TMP_DIR"/"$policy_name".json  --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)


In logging/bin/deploy_opensearch_content.sh line 118:
   response=$(curl -s -o $TMP_DIR/ism_policy_patch.json -w "%{http_code}" -XGET "$ism_api_url/policies/$policy_name" --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
                         ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                            ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                                           ^--------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   response=$(curl -s -o "$TMP_DIR"/ism_policy_patch.json -w "%{http_code}" -XGET "$ism_api_url/policies/$policy_name" --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)


In logging/bin/deploy_opensearch_content.sh line 124:
   if [ -n "$(cat $TMP_DIR/ism_policy_patch.json |grep '"ism_template":null')" ]; then
        ^-- SC2143 (style): Use grep -q instead of comparing output with [ -n .. ].
                  ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   if [ -n "$(cat "$TMP_DIR"/ism_policy_patch.json |grep '"ism_template":null')" ]; then


In logging/bin/deploy_opensearch_content.sh line 128:
      sed -i'.bak'  "s/\"_id\":\"${policy_name}\",//;s/\"_version\":[0-9]*,//;s/\"_seq_no\":[0-9]*,//;s/\"_primary_term\":[0-9]*,//" $TMP_DIR/ism_policy_patch.json
                                                                                                                                     ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      sed -i'.bak'  "s/\"_id\":\"${policy_name}\",//;s/\"_version\":[0-9]*,//;s/\"_seq_no\":[0-9]*,//;s/\"_primary_term\":[0-9]*,//" "$TMP_DIR"/ism_policy_patch.json


In logging/bin/deploy_opensearch_content.sh line 131:
      sed -i'.bak'  "s/\"ism_template\":null/\"ism_template\": {\"index_patterns\": \[\"${pattern}\"\],\"priority\":${priority}}/g" $TMP_DIR/ism_policy_patch.json
                                                                                                                                    ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      sed -i'.bak'  "s/\"ism_template\":null/\"ism_template\": {\"index_patterns\": \[\"${pattern}\"\],\"priority\":${priority}}/g" "$TMP_DIR"/ism_policy_patch.json


In logging/bin/deploy_opensearch_content.sh line 134:
      response=$(curl -s -o /dev/null   -w "%{http_code}" -XDELETE "$ism_api_url/policies/$policy_name" --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
                                                                                                               ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                              ^--------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      response=$(curl -s -o /dev/null   -w "%{http_code}" -XDELETE "$ism_api_url/policies/$policy_name" --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)


In logging/bin/deploy_opensearch_content.sh line 145:
         sed -i'.bak' "s/viya_infra_idxmgmt_policy/viya-infra-idxmgmt-policy/g"  $TMP_DIR/ism_policy_patch.json
                                                                                 ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
         sed -i'.bak' "s/viya_infra_idxmgmt_policy/viya-infra-idxmgmt-policy/g"  "$TMP_DIR"/ism_policy_patch.json


In logging/bin/deploy_opensearch_content.sh line 151:
      response=$(curl -s -o /dev/null -w "%{http_code}" -XPUT "$ism_api_url/policies/$policy_name"  -H 'Content-Type: application/json' -d "@$TMP_DIR/ism_policy_patch.json" --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
                                                                                                                                                                                    ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                                                                                                   ^--------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      response=$(curl -s -o /dev/null -w "%{http_code}" -XPUT "$ism_api_url/policies/$policy_name"  -H 'Content-Type: application/json' -d "@$TMP_DIR/ism_policy_patch.json" --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)


In logging/bin/deploy_opensearch_content.sh line 171:
response=$(curl  -s -o /dev/null -w "%{http_code}"  -XPUT "$es_api_url/_ingest/pipeline/viyaburstns" -H 'Content-Type: application/json' -d @logging/opensearch/create_ns_burst_pipeline.json  --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
                                                                                                                                                                                                      ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                                                                                                                     ^--------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
response=$(curl  -s -o /dev/null -w "%{http_code}"  -XPUT "$es_api_url/_ingest/pipeline/viyaburstns" -H 'Content-Type: application/json' -d @logging/opensearch/create_ns_burst_pipeline.json  --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)


In logging/bin/deploy_opensearch_content.sh line 181:
response=$(curl  -s -o /dev/null -w "%{http_code}" -XPUT "$es_api_url/_template/viya-logs-template"  -H 'Content-Type: application/json' -d @logging/opensearch/set_index_template_settings_logs.json --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure )
                                                                                                                                                                                                             ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                                                                                                                            ^--------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
response=$(curl  -s -o /dev/null -w "%{http_code}" -XPUT "$es_api_url/_template/viya-logs-template"  -H 'Content-Type: application/json' -d @logging/opensearch/set_index_template_settings_logs.json --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure )


In logging/bin/deploy_opensearch_content.sh line 198:
   response=$(curl  -s -o /dev/null -w "%{http_code}" -XPUT "$es_api_url/_template/viya-infra-template"   -H 'Content-Type: application/json' -d @logging/opensearch/set_index_template_settings_infra_openshift.json --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure )
                                                                                                                                                                                                                             ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                                                                                                                                            ^--------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   response=$(curl  -s -o /dev/null -w "%{http_code}" -XPUT "$es_api_url/_template/viya-infra-template"   -H 'Content-Type: application/json' -d @logging/opensearch/set_index_template_settings_infra_openshift.json --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure )


In logging/bin/deploy_opensearch_content.sh line 217:
response=$(curl -s -o /dev/null -w "%{http_code}" -XPUT "$es_api_url/_template/viya-ops-template" -H 'Content-Type: application/json'  -d @logging/opensearch/set_index_template_settings_ops.json --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
                                                                                                                                                                                                          ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                                                                                                                         ^--------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
response=$(curl -s -o /dev/null -w "%{http_code}" -XPUT "$es_api_url/_template/viya-ops-template" -H 'Content-Type: application/json'  -d @logging/opensearch/set_index_template_settings_ops.json --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)


In logging/bin/deploy_opensearch_content.sh line 254:
      LOGGING_DRIVER=true ./logging/bin/user.sh CREATE -ns _all_ -t _all_ -u logadm -p $LOG_LOGADM_PASSWD
                                                                                       ^----------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      LOGGING_DRIVER=true ./logging/bin/user.sh CREATE -ns _all_ -t _all_ -u logadm -p "$LOG_LOGADM_PASSWD"


In logging/bin/deploy_opensearch_content.sh line 264:
   response=$(curl -s -o /dev/null -w "%{http_code}" -XGET "$es_api_url/_plugins/_reports/instances"   --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
                                                                                                              ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                             ^--------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   response=$(curl -s -o /dev/null -w "%{http_code}" -XGET "$es_api_url/_plugins/_reports/instances"   --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)


In logging/bin/deploy_opensearch_content.sh line 266:
   response=$(curl -s -o /dev/null -w "%{http_code}" -XGET "$es_api_url/_plugins/_reports/definitions" --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
                                                                                                              ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                             ^--------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   response=$(curl -s -o /dev/null -w "%{http_code}" -XGET "$es_api_url/_plugins/_reports/definitions" --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)


In logging/bin/deploy_openshift_prereqs.sh line 6:
cd "$(dirname $BASH_SOURCE)/../.."
^-- SC2164 (warning): Use 'cd ... || exit' or 'cd ... || return' in case cd fails.
              ^----------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
cd "$(dirname "$BASH_SOURCE")/../.." || exit


In logging/bin/deploy_openshift_prereqs.sh line 9:
this_script=`basename "$0"`
            ^-------------^ SC2006 (style): Use $(...) notation instead of legacy backticks `...`.

Did you mean: 
this_script=$(basename "$0")


In logging/bin/deploy_openshift_prereqs.sh line 23:
oc adm policy add-scc-to-user privileged -z v4m-os -n $LOG_NS
                                                      ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
oc adm policy add-scc-to-user privileged -z v4m-os -n "$LOG_NS"


In logging/bin/deploy_osd.sh line 6:
cd "$(dirname $BASH_SOURCE)/../.."
              ^----------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
cd "$(dirname "$BASH_SOURCE")/../.."


In logging/bin/deploy_osd.sh line 13:
this_script=`basename "$0"`
            ^-------------^ SC2006 (style): Use $(...) notation instead of legacy backticks `...`.

Did you mean: 
this_script=$(basename "$0")


In logging/bin/deploy_osd.sh line 35:
if [ "$(kubectl get ns $LOG_NS -o name 2>/dev/null)" == "" ]; then
                       ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
if [ "$(kubectl get ns "$LOG_NS" -o name 2>/dev/null)" == "" ]; then


In logging/bin/deploy_osd.sh line 47:
if verify_cert_generator $LOG_NS kibana; then
                         ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
if verify_cert_generator "$LOG_NS" kibana; then


In logging/bin/deploy_osd.sh line 55:
create_tls_certs $LOG_NS logging kibana
                 ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
create_tls_certs "$LOG_NS" logging kibana


In logging/bin/deploy_osd.sh line 82:
   yq -i eval-all '. as $item ireduce ({}; . * $item )' "$autogeneratedYAMLFile" "$ingressSampleFile"
                  ^-- SC2016 (info): Expressions don't expand in single quotes, use double quotes for that.


In logging/bin/deploy_osd.sh line 85:
   OSD_FQDN="${OSD_FQDN}"
   ^------^ SC2269 (info): This variable is assigned to itself, so the assignment does nothing.


In logging/bin/deploy_osd.sh line 99:
   yq -i '.ingress.enabled=env(OSD_INGRESS_ENABLE)'            $autogeneratedYAMLFile
                                                               ^--------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   yq -i '.ingress.enabled=env(OSD_INGRESS_ENABLE)'            "$autogeneratedYAMLFile"


In logging/bin/deploy_osd.sh line 101:
      yq -i '.ingress.hosts.[0].host=strenv(OSD_FQDN)'         $autogeneratedYAMLFile
                                                               ^--------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      yq -i '.ingress.hosts.[0].host=strenv(OSD_FQDN)'         "$autogeneratedYAMLFile"


In logging/bin/deploy_osd.sh line 102:
      yq -i '.ingress.tls.[0].hosts.[0]=env(OSD_FQDN)'         $autogeneratedYAMLFile
                                                               ^--------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      yq -i '.ingress.tls.[0].hosts.[0]=env(OSD_FQDN)'         "$autogeneratedYAMLFile"


In logging/bin/deploy_osd.sh line 107:
      yq -i '(.extraEnvs.[] | select(has("name")) | select(.name == "SERVER_BASEPATH")).value=env(slashpath)' $autogeneratedYAMLFile
                                                                                                              ^--------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      yq -i '(.extraEnvs.[] | select(has("name")) | select(.name == "SERVER_BASEPATH")).value=env(slashpath)' "$autogeneratedYAMLFile"


In logging/bin/deploy_osd.sh line 109:
      yq -i '.ingress.hosts.[0].host=env(OSD_FQDN)'            $autogeneratedYAMLFile
                                                               ^--------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      yq -i '.ingress.hosts.[0].host=env(OSD_FQDN)'            "$autogeneratedYAMLFile"


In logging/bin/deploy_osd.sh line 110:
      yq -i '.ingress.hosts.[0].paths.[0].path=env(slashpath)' $autogeneratedYAMLFile
                                                               ^--------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      yq -i '.ingress.hosts.[0].paths.[0].path=env(slashpath)' "$autogeneratedYAMLFile"


In logging/bin/deploy_osd.sh line 111:
      yq -i '.ingress.tls.[0].hosts.[0]=env(OSD_FQDN)'         $autogeneratedYAMLFile
                                                               ^--------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      yq -i '.ingress.tls.[0].hosts.[0]=env(OSD_FQDN)'         "$autogeneratedYAMLFile"


In logging/bin/deploy_osd.sh line 112:
      yq -i '.ingress.annotations["nginx.ingress.kubernetes.io/rewrite-target"]=env(slashpath)'               $autogeneratedYAMLFile
                                                                                                              ^--------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      yq -i '.ingress.annotations["nginx.ingress.kubernetes.io/rewrite-target"]=env(slashpath)'               "$autogeneratedYAMLFile"


In logging/bin/deploy_osd.sh line 115:
      printf -v snippet "rewrite (?i)/$OSD_PATH/(.*) /\$1 break;\nrewrite (?i)/${OSD_PATH}$ / break;"  ;
                        ^-- SC2059 (info): Don't use variables in the printf format string. Use printf '..%s..' "$foo".


In logging/bin/deploy_osd.sh line 116:
      snippet="$snippet"    yq -i '.ingress.annotations["nginx.ingress.kubernetes.io/configuration-snippet"]=strenv(snippet)'  $autogeneratedYAMLFile
                                                                                                                               ^--------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      snippet="$snippet"    yq -i '.ingress.annotations["nginx.ingress.kubernetes.io/configuration-snippet"]=strenv(snippet)'  "$autogeneratedYAMLFile"


In logging/bin/deploy_osd.sh line 160:
kubectl -n $LOG_NS delete secret          v4m-osd-tls-enabled  --ignore-not-found
           ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
kubectl -n "$LOG_NS" delete secret          v4m-osd-tls-enabled  --ignore-not-found


In logging/bin/deploy_osd.sh line 161:
kubectl -n $LOG_NS create secret generic  v4m-osd-tls-enabled  --from-literal enable_tls="$OSD_TLS_ENABLE"
           ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
kubectl -n "$LOG_NS" create secret generic  v4m-osd-tls-enabled  --from-literal enable_tls="$OSD_TLS_ENABLE"


In logging/bin/deploy_osd.sh line 167:
if [ "$(kubectl -n $LOG_NS get deployment v4m-osd -o jsonpath={.spec.template.metadata.labels} 2>/dev/null)" == '{"app":"opensearch-dashboards","release":"v4m-osd"}' ]; then
                   ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                              ^-- SC1083 (warning): This { is literal. Check expression (missing ;/\n?) or quote it.
                                                                                             ^-- SC1083 (warning): This } is literal. Check expression (missing ;/\n?) or quote it.

Did you mean: 
if [ "$(kubectl -n "$LOG_NS" get deployment v4m-osd -o jsonpath={.spec.template.metadata.labels} 2>/dev/null)" == '{"app":"opensearch-dashboards","release":"v4m-osd"}' ]; then


In logging/bin/deploy_osd.sh line 169:
   kubectl -n $LOG_NS delete deployment v4m-osd
              ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   kubectl -n "$LOG_NS" delete deployment v4m-osd


In logging/bin/deploy_osd.sh line 204:
chart2install="$(get_helmchart_reference $OSD_HELM_CHART_REPO $OSD_HELM_CHART_NAME $OSD_HELM_CHART_VERSION)"
                                         ^------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                              ^------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                   ^---------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
chart2install="$(get_helmchart_reference "$OSD_HELM_CHART_REPO" "$OSD_HELM_CHART_NAME" "$OSD_HELM_CHART_VERSION")"


In logging/bin/deploy_osd.sh line 205:
versionstring="$(get_helm_versionstring  $OSD_HELM_CHART_VERSION)"
                                         ^---------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
versionstring="$(get_helm_versionstring  "$OSD_HELM_CHART_VERSION")"


In logging/bin/deploy_osd.sh line 210:
helm $helmDebug upgrade --install v4m-osd \
     ^--------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
helm "$helmDebug" upgrade --install v4m-osd \


In logging/bin/deploy_osd.sh line 211:
    $versionstring \
    ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
    "$versionstring" \


In logging/bin/deploy_osd.sh line 212:
    --namespace $LOG_NS \
                ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
    --namespace "$LOG_NS" \


In logging/bin/deploy_osd.sh line 222:
   $chart2install
   ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   "$chart2install"


In logging/bin/deploy_osd.sh line 229:
   disable_sa_token_automount $LOG_NS v4m-os
                              ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   disable_sa_token_automount "$LOG_NS" v4m-os


In logging/bin/deploy_osd.sh line 231:
   disable_sa_token_automount $LOG_NS v4m-osd-dashboards
                              ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   disable_sa_token_automount "$LOG_NS" v4m-osd-dashboards


In logging/bin/deploy_osd_content.sh line 6:
cd "$(dirname $BASH_SOURCE)/../.."
              ^----------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
cd "$(dirname "$BASH_SOURCE")/../.."


In logging/bin/deploy_osd_content.sh line 13:
this_script=`basename "$0"`
            ^-------------^ SC2006 (style): Use $(...) notation instead of legacy backticks `...`.

Did you mean: 
this_script=$(basename "$0")


In logging/bin/deploy_osd_content.sh line 28:
if [ "$(kubectl get ns $LOG_NS -o name 2>/dev/null)" == "" ]; then
                       ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
if [ "$(kubectl get ns "$LOG_NS" -o name 2>/dev/null)" == "" ]; then


In logging/bin/deploy_osd_content.sh line 45:
osdlabels="$(kubectl -n $LOG_NS get deployment v4m-osd -o=jsonpath='{.spec.selector.matchLabels}'| tr -d '{}"' | tr : '=')"
                        ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
osdlabels="$(kubectl -n "$LOG_NS" get deployment v4m-osd -o=jsonpath='{.spec.selector.matchLabels}'| tr -d '{}"' | tr : '=')"


In logging/bin/deploy_osd_content.sh line 47:
kubectl -n $LOG_NS wait pods --selector "$osdlabels"  --for condition=Ready --timeout=10m
           ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
kubectl -n "$LOG_NS" wait pods --selector "$osdlabels"  --for condition=Ready --timeout=10m


In logging/bin/deploy_osd_content.sh line 59:
   response=$(curl -s -o /dev/null -w  "%{http_code}" -XGET  "${kb_api_url}/api/status"  --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD  --insecure)
                                                                                                ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                               ^--------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   response=$(curl -s -o /dev/null -w  "%{http_code}" -XGET  "${kb_api_url}/api/status"  --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD"  --insecure)

For more information:
  https://www.shellcheck.net/wiki/SC2077 -- You need spaces around the compar...
  https://www.shellcheck.net/wiki/SC2145 -- Argument mixes string and array. ...
  https://www.shellcheck.net/wiki/SC2148 -- Tips depend on target shell and y...
----------

You can address the above issues in one of three ways:
1. Manually correct the issue in the offending shell script;
2. Disable specific issues by adding the comment:
  # shellcheck disable=NNNN
above the line that contains the issue, where NNNN is the error code;
3. Add '-e NNNN' to the SHELLCHECK_OPTS setting in your .yml action file.
shfmt errors 

'shfmt -s -i 4 -bn -sr -ln bash' returned error 1 finding the following formatting issues:

----------
diff logging/bin/apiaccess-include.sh.orig logging/bin/apiaccess-include.sh
--- logging/bin/apiaccess-include.sh.orig
+++ logging/bin/apiaccess-include.sh
@@ -18,237 +18,233 @@
 source bin/service-url-include.sh
 
 function stop_portforwarding {
-   # terminate port-forwarding process if PID was cached
-
-   local pid
-   pid=${1:-$pfPID}
-
-   if [ -o errexit ]; then
-      restore_errexit=Y
-      log_debug "Toggling errexit: Off"
-      set +e
-   fi
-
-   if ps -p "$pid" >/dev/null;  then
-      log_debug "Killing port-forwarding process [$pid]."
-      kill -9 $pid
-      wait $pid 2>/dev/null  # suppresses message reporting process has been killed
-   else
-      log_debug "No portforwarding processID found; nothing to terminate."
-   fi
-
-   if [ -n "$restore_errexit" ]; then
-      log_debug "Toggling errexit: On"
-      set -e
-   fi
+    # terminate port-forwarding process if PID was cached
+
+    local pid
+    pid=${1:-$pfPID}
+
+    if [ -o errexit ]; then
+        restore_errexit=Y
+        log_debug "Toggling errexit: Off"
+        set +e
+    fi
+
+    if ps -p "$pid" > /dev/null; then
+        log_debug "Killing port-forwarding process [$pid]."
+        kill -9 $pid
+        wait $pid 2> /dev/null # suppresses message reporting process has been killed
+    else
+        log_debug "No portforwarding processID found; nothing to terminate."
+    fi
+
+    if [ -n "$restore_errexit" ]; then
+        log_debug "Toggling errexit: On"
+        set -e
+    fi
 
 }
 
 function stop_es_portforwarding {
-   #
-   # terminate ES port-forwarding process
-   #
-   # Global vars:      espfpid    - process id of ES portforwarding
-   #                   es_api_url - URL to access ES API/serivce
-
-   if [ -n "$espfpid" ]; then
-      log_debug "ES PF PID for stopping: $espfpid"
-      stop_portforwarding $espfpid
-      unset espfpid
-      unset es_api_url
-   fi
+    #
+    # terminate ES port-forwarding process
+    #
+    # Global vars:      espfpid    - process id of ES portforwarding
+    #                   es_api_url - URL to access ES API/serivce
+
+    if [ -n "$espfpid" ]; then
+        log_debug "ES PF PID for stopping: $espfpid"
+        stop_portforwarding $espfpid
+        unset espfpid
+        unset es_api_url
+    fi
 }
 
 function stop_kb_portforwarding {
-   #
-   # terminate KB port-forwarding process
-   #
-   # Global vars:      kbpfpid    - process id of KB portforwarding
-   #                   kb_api_url - URL to access KB API/serivce
-
-   if [ -n "$kbpfpid" ]; then
-      log_debug "KB PF PID for stopping: $kbpfpid"
-      stop_portforwarding $kbpfpid
-      unset kbpfpid
-      unset kb_api_url
-   fi
- }
+    #
+    # terminate KB port-forwarding process
+    #
+    # Global vars:      kbpfpid    - process id of KB portforwarding
+    #                   kb_api_url - URL to access KB API/serivce
+
+    if [ -n "$kbpfpid" ]; then
+        log_debug "KB PF PID for stopping: $kbpfpid"
+        stop_portforwarding $kbpfpid
+        unset kbpfpid
+        unset kb_api_url
+    fi
+}
 
 function get_api_url {
-   #
-   # determine URL to access specified API/service
-   #
-   # Global vars:      api_url - URL to access requested API/serivce
-   #                   pfPID   - process id used for portforwarding
-   #
-   local servicename portpath usetls serviceport
-   servicename=$1
-   portpath=$2
-   usetls=${3:-false}
-   ingress=$4
-
-   api_url=$(get_service_url "$LOG_NS" "$servicename" "$usetls" $ingress)
-
-   if [ -z "$api_url" ] || [ "$LOG_ALWAYS_PORT_FORWARD" == "true" ]; then
-      # set up temporary port forwarding to allow curl access
-      log_debug "Will use Kubernetes port-forwarding to access"
-      log_debug "LOG_ALWAYS_PORT_FORWARD: $LOG_ALWAYS_PORT_FORWARD api_url: $api_url"
-
-      serviceport=$(kubectl -n $LOG_NS get service $servicename -o=jsonpath=$portpath)
-      log_debug "serviceport: $serviceport"
-
-      # command is sent to run in background
-
-      kubectl -n $LOG_NS port-forward --address localhost svc/$servicename :$serviceport > $tmpfile 2>/dev/null &
-
-      # get PID to allow us to kill process later
-      pfPID=$!
-      log_debug "pfPID: $pfPID"
-
-      # pause to allow port-forwarding messages to appear
-      sleep 5
-
-      # determine which port port-forwarding is using
-      pfRegex='Forwarding from .+:([0-9]+)'
-      myline=$(head -n1  $tmpfile)
-
-      if [[ $myline =~ $pfRegex ]]; then
-         TEMP_PORT="${BASH_REMATCH[1]}";
-         log_debug "TEMP_PORT=${TEMP_PORT}"
-      else
-         log_error "Unable to identify the temporary port used for port-forwarding [$servicename]; exiting script.";
-         return 1
-      fi
-
-      if [ "$usetls" == "true" ]; then
-         protocol="https"
-      else
-         protocol="http"
-      fi
-
-      api_url="$protocol://localhost:$TEMP_PORT"
-
-   fi
-   log_debug "API Endpoint for [$servicename]: $api_url"
-}
-
+    #
+    # determine URL to access specified API/service
+    #
+    # Global vars:      api_url - URL to access requested API/serivce
+    #                   pfPID   - process id used for portforwarding
+    #
+    local servicename portpath usetls serviceport
+    servicename=$1
+    portpath=$2
+    usetls=${3:-false}
+    ingress=$4
+
+    api_url=$(get_service_url "$LOG_NS" "$servicename" "$usetls" $ingress)
+
+    if [ -z "$api_url" ] || [ "$LOG_ALWAYS_PORT_FORWARD" == "true" ]; then
+        # set up temporary port forwarding to allow curl access
+        log_debug "Will use Kubernetes port-forwarding to access"
+        log_debug "LOG_ALWAYS_PORT_FORWARD: $LOG_ALWAYS_PORT_FORWARD api_url: $api_url"
+
+        serviceport=$(kubectl -n $LOG_NS get service $servicename -o=jsonpath=$portpath)
+        log_debug "serviceport: $serviceport"
+
+        # command is sent to run in background
+
+        kubectl -n $LOG_NS port-forward --address localhost svc/$servicename :$serviceport > $tmpfile 2> /dev/null &
+
+        # get PID to allow us to kill process later
+        pfPID=$!
+        log_debug "pfPID: $pfPID"
+
+        # pause to allow port-forwarding messages to appear
+        sleep 5
+
+        # determine which port port-forwarding is using
+        pfRegex='Forwarding from .+:([0-9]+)'
+        myline=$(head -n1 $tmpfile)
+
+        if [[ $myline =~ $pfRegex ]]; then
+            TEMP_PORT="${BASH_REMATCH[1]}"
+            log_debug "TEMP_PORT=${TEMP_PORT}"
+        else
+            log_error "Unable to identify the temporary port used for port-forwarding [$servicename]; exiting script."
+            return 1
+        fi
+
+        if [ "$usetls" == "true" ]; then
+            protocol="https"
+        else
+            protocol="http"
+        fi
+
+        api_url="$protocol://localhost:$TEMP_PORT"
+
+    fi
+    log_debug "API Endpoint for [$servicename]: $api_url"
+}
 
 function get_es_api_url {
-   #
-   # obtain ES API/service URL (establish port-forwarding, if necessary)
-   #
-   # Global vars:      es_api_url - URL to access ES API/serivce
-   #                   espfpid    - process id of ES portforwarding
-
-   if [ -n "$es_api_url" ]; then
-      log_debug "Elasticsearch API Endpoint already set [$es_api_url]"
-      return 0
-   fi
-
-   pfPID=""
-   get_api_url "$ES_SERVICENAME" '{.spec.ports[?(@.name=="http")].port}' true
-
-   rc=$?
-
-   if [ "$rc" == "0" ]; then
-      es_api_url=$api_url
-      espfpid=$pfPID
-      trap_add stop_es_portforwarding EXIT
-      return 0
-   else
-      log_error "Unable to obtain the URL for the Elasticsearch API Endpoint"
-      return 1
-   fi
+    #
+    # obtain ES API/service URL (establish port-forwarding, if necessary)
+    #
+    # Global vars:      es_api_url - URL to access ES API/serivce
+    #                   espfpid    - process id of ES portforwarding
+
+    if [ -n "$es_api_url" ]; then
+        log_debug "Elasticsearch API Endpoint already set [$es_api_url]"
+        return 0
+    fi
+
+    pfPID=""
+    get_api_url "$ES_SERVICENAME" '{.spec.ports[?(@.name=="http")].port}' true
+
+    rc=$?
+
+    if [ "$rc" == "0" ]; then
+        es_api_url=$api_url
+        espfpid=$pfPID
+        trap_add stop_es_portforwarding EXIT
+        return 0
+    else
+        log_error "Unable to obtain the URL for the Elasticsearch API Endpoint"
+        return 1
+    fi
 }
 
 function get_kb_api_url {
-   #
-   # obtain KB API/service URL (establish port-forwarding, if necessary)
-   #
-   # Global vars:      kb_api_url - URL to access KB API/service
-   #                   kbpfpid    - process id of KB portforwarding
-
-
-   if [ -n "$kb_api_url" ]; then
-      log_debug "Kibana API Endpoint already set [$kb_api_url]"
-      return 0
-   fi
-
-   pfPID=""
-
-   tlsrequired="$(kubectl -n $LOG_NS get secret v4m-osd-tls-enabled -o=jsonpath={.data.enable_tls} |base64 --decode)"
-   log_debug "TLS required to connect to Kibana? [$tlsrequired]"
-
-   get_api_url "$KB_SERVICENAME" '{.spec.ports[?(@.name=="'${KB_SERVICEPORT}'")].port}'  $tlsrequired  $KB_INGRESSNAME
-   rc=$?
-
-   if [ "$rc" == "0" ]; then
-      kb_api_url=$api_url
-      kbpfpid=$pfPID
-      trap_add stop_kb_portforwarding EXIT
-      return 0
-   else
-      log_error "Unable to obtain the URL for the OpenSearch Dashboards API Endpoint"
-      return 1
-   fi
+    #
+    # obtain KB API/service URL (establish port-forwarding, if necessary)
+    #
+    # Global vars:      kb_api_url - URL to access KB API/service
+    #                   kbpfpid    - process id of KB portforwarding
+
+    if [ -n "$kb_api_url" ]; then
+        log_debug "Kibana API Endpoint already set [$kb_api_url]"
+        return 0
+    fi
+
+    pfPID=""
+
+    tlsrequired="$(kubectl -n $LOG_NS get secret v4m-osd-tls-enabled -o=jsonpath={.data.enable_tls} | base64 --decode)"
+    log_debug "TLS required to connect to Kibana? [$tlsrequired]"
+
+    get_api_url "$KB_SERVICENAME" '{.spec.ports[?(@.name=="'${KB_SERVICEPORT}'")].port}' $tlsrequired $KB_INGRESSNAME
+    rc=$?
+
+    if [ "$rc" == "0" ]; then
+        kb_api_url=$api_url
+        kbpfpid=$pfPID
+        trap_add stop_kb_portforwarding EXIT
+        return 0
+    else
+        log_error "Unable to obtain the URL for the OpenSearch Dashboards API Endpoint"
+        return 1
+    fi
 }
 
 function get_sec_api_url {
-   #
-   # obtain ODFE Security API/service URL (calls get_es_api_url function, if necessary)
-   #
-   # Global vars:      sec_api_url - URL to access ODFE Security API/serivce
-
- if [ -n "$sec_api_url" ]; then
-    log_debug "Security API Endpoint already set [$sec_api_url]"
-    return 0
- fi
-
- get_es_api_url
- rc=$?
-
- if [ "$rc" == "0" ]; then
-    sec_api_url="${es_api_url}/$ES_PLUGINS_DIR/_security/api"
-
-    log_debug "Security API Endpoint: [$sec_api_url]"
-    return 0
- else
-    sec_api_url=""
-    log_error "Unable to obtain the URL for the Security API Endpoint"
-    return 1
- fi
+    #
+    # obtain ODFE Security API/service URL (calls get_es_api_url function, if necessary)
+    #
+    # Global vars:      sec_api_url - URL to access ODFE Security API/serivce
+
+    if [ -n "$sec_api_url" ]; then
+        log_debug "Security API Endpoint already set [$sec_api_url]"
+        return 0
+    fi
+
+    get_es_api_url
+    rc=$?
+
+    if [ "$rc" == "0" ]; then
+        sec_api_url="${es_api_url}/$ES_PLUGINS_DIR/_security/api"
+
+        log_debug "Security API Endpoint: [$sec_api_url]"
+        return 0
+    else
+        sec_api_url=""
+        log_error "Unable to obtain the URL for the Security API Endpoint"
+        return 1
+    fi
 }
 
 function get_ism_api_url {
-   #
-   # obtain Index State Managment API/service URL (calls get_es_api_url function, if necessary)
-   #
-   # Global vars:      ism_api_url - URL to access ISM API/serivce
-
- if [ -n "$ism_api_url" ]; then
-    log_debug "Index Statement Management API Endpoint already set [$ism_api_url]"
-    return 0
- fi
-
- get_es_api_url
- rc=$?
-
- if [ "$rc" == "0" ]; then
-    ism_api_url="${es_api_url}/$ES_PLUGINS_DIR/_ism"
-
-    log_debug "Index State Management API Endpoint: [$ism_api_url]"
-    return 0
- else
-    ism_api_url=""
-    log_error "Unable to obtain the URL for the Index State Management API Endpoint"
-    return 1
- fi
-}
-
+    #
+    # obtain Index State Managment API/service URL (calls get_es_api_url function, if necessary)
+    #
+    # Global vars:      ism_api_url - URL to access ISM API/serivce
+
+    if [ -n "$ism_api_url" ]; then
+        log_debug "Index Statement Management API Endpoint already set [$ism_api_url]"
+        return 0
+    fi
+
+    get_es_api_url
+    rc=$?
+
+    if [ "$rc" == "0" ]; then
+        ism_api_url="${es_api_url}/$ES_PLUGINS_DIR/_ism"
+
+        log_debug "Index State Management API Endpoint: [$ism_api_url]"
+        return 0
+    else
+        ism_api_url=""
+        log_error "Unable to obtain the URL for the Index State Management API Endpoint"
+        return 1
+    fi
+}
 
 export -f get_ism_api_url get_sec_api_url stop_portforwarding get_es_api_url get_kb_api_url stop_es_portforwarding stop_kb_portforwarding
 
-
 #initialize "global" vars
 LOG_ALWAYS_PORT_FORWARD=${LOG_ALWAYS_PORT_FORWARD:-true}
 export es_api_url kb_api_url espfpid kbpfpid sec_api_url pfPID LOG_ALWAYS_PORT_FORWARD
@@ -255,5 +251,5 @@
 
 #create a temp file to hold curl response
 if [ -z "$tmpfile" ]; then
-   tmpfile=$TMP_DIR/curl_response.txt
+    tmpfile=$TMP_DIR/curl_response.txt
 fi
diff logging/bin/change_internal_password.sh.orig logging/bin/change_internal_password.sh
--- logging/bin/change_internal_password.sh.orig
+++ logging/bin/change_internal_password.sh
@@ -9,22 +9,22 @@
 source logging/bin/secrets-include.sh
 source logging/bin/apiaccess-include.sh
 
-this_script=`basename "$0"`
+this_script=$(basename "$0")
 
 function show_usage {
-   log_info  ""
-   log_info  "Usage: $this_script USERNAME [PASSWORD] "
-   log_info  ""
-   log_info  "Changes the password for one of the special internal user accounts used by other components of the monitoring system to communicate "
-   log_info  "with OpenSearch.  In addition, the script upates the internal cache (i.e. corresponding Kubernetes secret) with the new value."
-   log_info  ""
-   log_info  "     USERNAME - REQUIRED; the internal username for which the password is be changed; "
-   log_info  "                MUST be one of: admin, kibanaserver, logadm, logcollector or metricgetter"
-   log_info  ""
-   log_info  "     PASSWORD - OPTIONAL; the new password.  If not provided, a random 32-character password will be generated."
-   log_info  "                Note: PASSWORD is REQUIRED when USERNAME is 'logadm'."
-   log_info  ""
-   echo ""
+    log_info ""
+    log_info "Usage: $this_script USERNAME [PASSWORD] "
+    log_info ""
+    log_info "Changes the password for one of the special internal user accounts used by other components of the monitoring system to communicate "
+    log_info "with OpenSearch.  In addition, the script upates the internal cache (i.e. corresponding Kubernetes secret) with the new value."
+    log_info ""
+    log_info "     USERNAME - REQUIRED; the internal username for which the password is be changed; "
+    log_info "                MUST be one of: admin, kibanaserver, logadm, logcollector or metricgetter"
+    log_info ""
+    log_info "     PASSWORD - OPTIONAL; the new password.  If not provided, a random 32-character password will be generated."
+    log_info "                Note: PASSWORD is REQUIRED when USERNAME is 'logadm'."
+    log_info ""
+    echo ""
 }
 
 # set vars used in curl commands
@@ -37,246 +37,241 @@
 
 # if no user_name; ERROR and EXIT
 if [ "$USER_NAME" == "" ]; then
-  log_error "Required argument [USER_NAME] not provided."
-  exit 1
-else
-  case "$USER_NAME" in
-   admin)
-     ;;
-   logcollector)
-     ;;
-   logadm)
-     if [ -z "$NEW_PASSWD" ]; then
-        log_error "No password provided.  A new password is REQUIRED when using this script to change the [logadm] account password"
-        exit 1
-     fi
-     ;;
-   kibanaserver)
-     ;;
-   metricgetter)
-     ;;
-   --help|-h)
-     show_usage
-     exit
-     ;;
-   *)
-     log_error "The user name [$USER_NAME] you provided is not one of the supported internal users; exiting"
-     show_usage
-     exit 2
-     ;;
-  esac
-fi
-
+    log_error "Required argument [USER_NAME] not provided."
+    exit 1
+else
+    case "$USER_NAME" in
+    admin) ;;
+    logcollector) ;;
+    logadm)
+        if [ -z "$NEW_PASSWD" ]; then
+            log_error "No password provided.  A new password is REQUIRED when using this script to change the [logadm] account password"
+            exit 1
+        fi
+        ;;
+    kibanaserver) ;;
+    metricgetter) ;;
+    --help | -h)
+        show_usage
+        exit
+        ;;
+    *)
+        log_error "The user name [$USER_NAME] you provided is not one of the supported internal users; exiting"
+        show_usage
+        exit 2
+        ;;
+    esac
+fi
 
 if [ "$NEW_PASSWD" == "" ]; then
-   # generate password if one not provided
-   NEW_PASSWD="$(randomPassword)"
-   autogenerated_password="true"
+    # generate password if one not provided
+    NEW_PASSWD="$(randomPassword)"
+    autogenerated_password="true"
 fi
 
 if [ "$USER_NAME" != "logadm" ]; then
-   #get current credentials from Kubernetes secret
-   if [ -z "$(kubectl -n $LOG_NS get secret internal-user-$USER_NAME -o=name 2>/dev/null)" ]; then
-      log_warn "The Kubernetes secret [internal-user-$USER_NAME], containing credentials for the user, was not found."
-      # TO DO: How to handle case where secret does not exist?  Should never happen. 
-      # exit
-      ES_USER=$USER_NAME
-   else
-      ES_USER=$(kubectl -n $LOG_NS get secret internal-user-$USER_NAME -o=jsonpath="{.data.\username}" |base64 --decode)
-      ES_PASSWD=$(kubectl -n $LOG_NS get secret internal-user-$USER_NAME -o=jsonpath="{.data.password}" |base64 --decode)
-   fi
-else
-  ES_USER=$USER_NAME
-  ES_PASSWD="do_not_know_current_password"
+    #get current credentials from Kubernetes secret
+    if [ -z "$(kubectl -n $LOG_NS get secret internal-user-$USER_NAME -o=name 2> /dev/null)" ]; then
+        log_warn "The Kubernetes secret [internal-user-$USER_NAME], containing credentials for the user, was not found."
+        # TO DO: How to handle case where secret does not exist?  Should never happen.
+        # exit
+        ES_USER=$USER_NAME
+    else
+        ES_USER=$(kubectl -n $LOG_NS get secret internal-user-$USER_NAME -o=jsonpath="{.data.\username}" | base64 --decode)
+        ES_PASSWD=$(kubectl -n $LOG_NS get secret internal-user-$USER_NAME -o=jsonpath="{.data.password}" | base64 --decode)
+    fi
+else
+    ES_USER=$USER_NAME
+    ES_PASSWD="do_not_know_current_password"
 fi
 
 get_sec_api_url
 
 # Attempt to change password using current user credentials
-response=$(curl -s -o /dev/null -w "%{http_code}" -XPUT "$sec_api_url/account"   -H 'Content-Type: application/json' -d'{"current_password" : "'"$ES_PASSWD"'", "password" : "'"$NEW_PASSWD"'"}' --user "$ES_USER:$ES_PASSWD" --insecure)
+response=$(curl -s -o /dev/null -w "%{http_code}" -XPUT "$sec_api_url/account" -H 'Content-Type: application/json' -d'{"current_password" : "'"$ES_PASSWD"'", "password" : "'"$NEW_PASSWD"'"}' --user "$ES_USER:$ES_PASSWD" --insecure)
 if [[ $response == 4* ]]; then
-   if [ "$USER_NAME" != "logadm" ]; then
-      log_warn "The currently stored credentials for [$USER_NAME] do NOT appear to be up-to-date; unable to use them to change password. [$response]"
-   fi
-
-   if [ "$USER_NAME" != "admin" ]; then
-
-      log_debug "Will attempt to use admin credentials to change password for [$USER_NAME]"
-
-      ES_ADMIN_USER=$(kubectl -n $LOG_NS get secret internal-user-admin -o=jsonpath="{.data.username}" |base64 --decode)
-      ES_ADMIN_PASSWD=$(kubectl -n $LOG_NS get secret internal-user-admin -o=jsonpath="{.data.password}" |base64 --decode)
-
-      # make sure hash utility is executable
-      kubectl -n $LOG_NS exec $targetpod -c $targetcontainer --  chmod +x $toolsrootdir/tools/hash.sh
-      # get hash of new password
-      hashed_passwd=$(kubectl -n $LOG_NS exec $targetpod  -c $targetcontainer --  $toolsrootdir/tools/hash.sh -p $NEW_PASSWD|grep -v '*')
-      rc=$?
-      if [ "$rc" == "0" ]; then
-
-         #try changing password using admin password
-         response=$(curl -s -o /dev/null -w "%{http_code}"  -XPATCH "$sec_api_url/internalusers/$ES_USER"   -H 'Content-Type: application/json' -d'[{"op" : "replace", "path" : "/hash", "value" : "'"$hashed_passwd"'"}]'  --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
-         if [[ "$response" == "404" ]]; then
-            log_error "Unable to change password for [$USER_NAME] because that user does not exist. [$response]"
-            success="non-existent_user"
-         elif [[ $response == 4* ]]; then
-            log_error "The Kubernetes secret containing credentials for the [admin] user appears to be out-of-date. [$response]"
-            echo ""
-            log_error "                                *********** IMPORTANT NOTE ***********"
-            log_error ""
-            log_error " Cached credentials for [admin] user are not valid!"
-            log_error ""
-            log_error " It is VERY IMPORTANT to ensure the credentials for the [admin] account and the corresponding"
-            log_error " Kubernetes secret [internal-user-admin] in the [$LOG_NS] namespace are ALWAYS synchronized."
-            log_error ""
-            log_error " You MUST re-run this script NOW with the updated password for the [admin] account to update"
-            log_error " the secret with the current password."
-            log_error ""
-            log_error " You may then run this script again to update the password for the [$USER_NAME] account."
-            echo ""
-            success="false"
-         elif [[ $response == 2* ]]; then
-            log_debug "Password for [$USER_NAME] has been changed in OpenSearch. [$response]"
-            success="true"
-         else
-            log_warn "Unable to change password for [$USER_NAME] using [admin] credentials. [$response]"
-            success="false"
-         fi
-      else
-         log_error "Unable to obtain a hash of the new password; password not changed. [rc: $rc]";
-      fi
-   else
-      log_debug "Attempting to change password for user [admin] using the admin certs rather than cached password"
-
-      # make sure hash utility is executable
-      kubectl -n $LOG_NS exec $targetpod  -c $targetcontainer --  chmod +x $toolsrootdir/tools/hash.sh
-      # get hash of new password
-      hashed_passwd=$(kubectl -n $LOG_NS exec $targetpod  -c $targetcontainer --  $toolsrootdir/tools/hash.sh -p $NEW_PASSWD|grep -v '*')
-
-
-      #obtain admin cert
-      rm -f $TMP_DIR/tls.crt
-      admin_tls_cert=$(kubectl -n $LOG_NS get secrets es-admin-tls-secret -o "jsonpath={.data['tls\.crt']}")
-      if [ -z "$admin_tls_cert" ]; then
-         log_error "Unable to obtain admin certs from secret [es-admin-tls-secret] in the [$LOG_NS] namespace. Password for [$USER_NAME] has NOT been changed."
-         success="false"
-      else
-         log_debug "File tls.crt obtained from Kubernetes secret"
-         echo "$admin_tls_cert" |base64 --decode > $TMP_DIR/admin_tls.crt
-
-         #obtain admin TLS key
-         rm -f $TMP_DIR/tls.key
-         admin_tls_key=$(kubectl -n $LOG_NS get secrets es-admin-tls-secret -o "jsonpath={.data['tls\.key']}")
-         if [ -z "$admin_tls_key" ]; then
-            log_error "Unable to obtain admin cert key from secret [es-admin-tls-secret] in the [$LOG_NS] namespace. Password for [$USER_NAME] has NOT been changed."
-            success="false"
-         else
-            log_debug "File tls.key obtained from Kubernetes secret"
-            echo "$admin_tls_key" |base64 --decode > $TMP_DIR/admin_tls.key
-
-            # Attempt to change password using admin certs
-            response=$(curl -s -o /dev/null -w "%{http_code}" -XPATCH "$sec_api_url/internalusers/$ES_USER"   -H 'Content-Type: application/json' -d'[{"op" : "replace", "path" : "/hash", "value" : "'"$hashed_passwd"'"}]'  --cert $TMP_DIR/admin_tls.crt --key $TMP_DIR/admin_tls.key  --insecure)
-            if [[ $response == 2* ]]; then
-               log_debug "Password for [$USER_NAME] has been changed in OpenSearch. [$response]"
-               success="true"
-            else
-               log_warn "Unable to change password for [$USER_NAME] using [admin] certificates. [$response]"
-               success="false"
-            fi
-         fi
-      fi
-   fi
+    if [ "$USER_NAME" != "logadm" ]; then
+        log_warn "The currently stored credentials for [$USER_NAME] do NOT appear to be up-to-date; unable to use them to change password. [$response]"
+    fi
+
+    if [ "$USER_NAME" != "admin" ]; then
+
+        log_debug "Will attempt to use admin credentials to change password for [$USER_NAME]"
+
+        ES_ADMIN_USER=$(kubectl -n $LOG_NS get secret internal-user-admin -o=jsonpath="{.data.username}" | base64 --decode)
+        ES_ADMIN_PASSWD=$(kubectl -n $LOG_NS get secret internal-user-admin -o=jsonpath="{.data.password}" | base64 --decode)
+
+        # make sure hash utility is executable
+        kubectl -n $LOG_NS exec $targetpod -c $targetcontainer -- chmod +x $toolsrootdir/tools/hash.sh
+        # get hash of new password
+        hashed_passwd=$(kubectl -n $LOG_NS exec $targetpod -c $targetcontainer -- $toolsrootdir/tools/hash.sh -p $NEW_PASSWD | grep -v '*')
+        rc=$?
+        if [ "$rc" == "0" ]; then
+
+            #try changing password using admin password
+            response=$(curl -s -o /dev/null -w "%{http_code}" -XPATCH "$sec_api_url/internalusers/$ES_USER" -H 'Content-Type: application/json' -d'[{"op" : "replace", "path" : "/hash", "value" : "'"$hashed_passwd"'"}]' --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
+            if [[ $response == "404" ]]; then
+                log_error "Unable to change password for [$USER_NAME] because that user does not exist. [$response]"
+                success="non-existent_user"
+            elif [[ $response == 4* ]]; then
+                log_error "The Kubernetes secret containing credentials for the [admin] user appears to be out-of-date. [$response]"
+                echo ""
+                log_error "                                *********** IMPORTANT NOTE ***********"
+                log_error ""
+                log_error " Cached credentials for [admin] user are not valid!"
+                log_error ""
+                log_error " It is VERY IMPORTANT to ensure the credentials for the [admin] account and the corresponding"
+                log_error " Kubernetes secret [internal-user-admin] in the [$LOG_NS] namespace are ALWAYS synchronized."
+                log_error ""
+                log_error " You MUST re-run this script NOW with the updated password for the [admin] account to update"
+                log_error " the secret with the current password."
+                log_error ""
+                log_error " You may then run this script again to update the password for the [$USER_NAME] account."
+                echo ""
+                success="false"
+            elif [[ $response == 2* ]]; then
+                log_debug "Password for [$USER_NAME] has been changed in OpenSearch. [$response]"
+                success="true"
+            else
+                log_warn "Unable to change password for [$USER_NAME] using [admin] credentials. [$response]"
+                success="false"
+            fi
+        else
+            log_error "Unable to obtain a hash of the new password; password not changed. [rc: $rc]"
+        fi
+    else
+        log_debug "Attempting to change password for user [admin] using the admin certs rather than cached password"
+
+        # make sure hash utility is executable
+        kubectl -n $LOG_NS exec $targetpod -c $targetcontainer -- chmod +x $toolsrootdir/tools/hash.sh
+        # get hash of new password
+        hashed_passwd=$(kubectl -n $LOG_NS exec $targetpod -c $targetcontainer -- $toolsrootdir/tools/hash.sh -p $NEW_PASSWD | grep -v '*')
+
+        #obtain admin cert
+        rm -f $TMP_DIR/tls.crt
+        admin_tls_cert=$(kubectl -n $LOG_NS get secrets es-admin-tls-secret -o "jsonpath={.data['tls\.crt']}")
+        if [ -z "$admin_tls_cert" ]; then
+            log_error "Unable to obtain admin certs from secret [es-admin-tls-secret] in the [$LOG_NS] namespace. Password for [$USER_NAME] has NOT been changed."
+            success="false"
+        else
+            log_debug "File tls.crt obtained from Kubernetes secret"
+            echo "$admin_tls_cert" | base64 --decode > $TMP_DIR/admin_tls.crt
+
+            #obtain admin TLS key
+            rm -f $TMP_DIR/tls.key
+            admin_tls_key=$(kubectl -n $LOG_NS get secrets es-admin-tls-secret -o "jsonpath={.data['tls\.key']}")
+            if [ -z "$admin_tls_key" ]; then
+                log_error "Unable to obtain admin cert key from secret [es-admin-tls-secret] in the [$LOG_NS] namespace. Password for [$USER_NAME] has NOT been changed."
+                success="false"
+            else
+                log_debug "File tls.key obtained from Kubernetes secret"
+                echo "$admin_tls_key" | base64 --decode > $TMP_DIR/admin_tls.key
+
+                # Attempt to change password using admin certs
+                response=$(curl -s -o /dev/null -w "%{http_code}" -XPATCH "$sec_api_url/internalusers/$ES_USER" -H 'Content-Type: application/json' -d'[{"op" : "replace", "path" : "/hash", "value" : "'"$hashed_passwd"'"}]' --cert $TMP_DIR/admin_tls.crt --key $TMP_DIR/admin_tls.key --insecure)
+                if [[ $response == 2* ]]; then
+                    log_debug "Password for [$USER_NAME] has been changed in OpenSearch. [$response]"
+                    success="true"
+                else
+                    log_warn "Unable to change password for [$USER_NAME] using [admin] certificates. [$response]"
+                    success="false"
+                fi
+            fi
+        fi
+    fi
 elif [[ $response == 2* ]]; then
-   log_debug "Password change response [$response]"
-   success="true"
-else
-   log_error "An unexpected problem was encountered while attempting to update password for [$USER_NAME]; password not changed [$response]"
-   success="false"
+    log_debug "Password change response [$response]"
+    success="true"
+else
+    log_error "An unexpected problem was encountered while attempting to update password for [$USER_NAME]; password not changed [$response]"
+    success="false"
 fi
 
 if [ "$success" == "true" ]; then
-  log_info "Successfully changed the password for [$USER_NAME] in OpenSearch internal database."
-
-  if [ "$USER_NAME" != "logadm" ]; then
-     log_debug "Trying to store the updated credentials in the corresponding Kubernetes secret [internal-user-$USER_NAME]."
-
-     kubectl -n $LOG_NS delete secret internal-user-$USER_NAME  --ignore-not-found
-
-     labels="managed-by=v4m-es-script"
-     if [ "$autogenerated_password" == "true" ]; then
-        labels="$labels autogenerated_password=true"
-     fi
-
-     create_user_secret internal-user-$USER_NAME $USER_NAME $NEW_PASSWD "$labels"
-     rc=$?
-     if [ "$rc" != "0" ]; then
-       log_error "IMPORTANT! A Kubernetes secret holding the password for $USER_NAME no longer exists."
-       log_error "This WILL cause problems when the OpenSearch pods restart."
-       log_error "Try re-running this script again OR manually creating the secret using the command: "
-       log_error "kubectl -n $LOG_NS create secret generic --from-literal=username=$USER_NAME --from-literal=password=$NEW_PASSWD"
-     else
-       case $USER_NAME in
-        admin)
-
-          if [ "$autogenerated_password" == "true" ]; then
-             echo ""
-             log_notice "                    *********** IMPORTANT NOTE ***********                  "
-             log_notice ""
-             log_notice " The password for the OpenSearch 'admin' user was changed as requested.  "
-             log_notice "                                                                            "
-             log_notice " Since a new password for the 'admin' user was NOT provided, one was        "
-             log_notice " auto-generated for the account. The generated password is shown below.     "
-             log_notice "                                                                            "
-             log_notice " Generated 'admin' password:  $NEW_PASSWD                                       |"
-             log_notice "                                                                            "
-             log_notice " You can change the password for the 'admin' account at any time, by        "
-             log_notice " re-running this script.                                                    "
-             log_notice "                                                                            "
-             log_notice " NOTE: *NEVER* change the password for the 'admin' account from within the  "
-             log_notice " OpenSearch Dashboards web-interface.  The 'admin' password should *ONLY* be changed via   "
-             log_notice " this script (logging/bin/change_internal_password.sh)                      "
-             echo ""
-          fi
-          ;;
-        logcollector)
-          echo ""
-          log_notice "                    *********** IMPORTANT NOTE ***********                   "
-          log_notice "                                                                             "
-          log_notice " After changing the password for the [logcollector] user, you should restart "
-          log_notice " the Fluent Bit pods to ensure log collection is not interrupted.            "
-          log_notice "                                                                             "
-          log_notice " This can be done by submitting the following command:                       "
-          log_notice "       kubectl -n $LOG_NS rollout restart daemonset v4m-fb                   "
-          echo ""
-          ;;
-        kibanaserver)
-          echo ""
-          log_notice "                        *********** IMPORTANT NOTE ***********                        "
-          log_notice "                                                                                      "
-          log_notice " After changing the password for the [kibanaserver] user, you need to restart the     "
-          log_notice " OpenSearch Dashboards pod to ensure OpenSearch Dashboards can still be accessed and used. "
-          log_notice "                                                                                      "
-          log_notice " This can be done by submitting the following command:                                "
-          log_notice "              kubectl -n $LOG_NS delete pods -l 'app=opensearch-dashboards'"
-          echo ""
-          ;;
-        metricgetter)
-          echo ""
-          log_notice "                        *********** IMPORTANT NOTE ***********                        "
-          log_notice "                                                                                      "
-          log_notice " After changing the password for the [metricgetter] user, you should restart the      "
-          log_notice " Elasticsearch Exporter pod to ensure OpenSearch metrics continue to be collected. "
-          log_notice "                                                                                      "
-          log_notice " This can be done by submitting the following command:                                "
-          log_notice "       kubectl -n $LOG_NS rollout restart deployment v4m-es-exporter                  "
-          echo ""
-          ;;
-        *)
-        log_error "The user name [$USER_NAME] you provided is not one of the supported internal users; exiting"
-        exit 2
-       esac
-     fi
-  fi
+    log_info "Successfully changed the password for [$USER_NAME] in OpenSearch internal database."
+
+    if [ "$USER_NAME" != "logadm" ]; then
+        log_debug "Trying to store the updated credentials in the corresponding Kubernetes secret [internal-user-$USER_NAME]."
+
+        kubectl -n $LOG_NS delete secret internal-user-$USER_NAME --ignore-not-found
+
+        labels="managed-by=v4m-es-script"
+        if [ "$autogenerated_password" == "true" ]; then
+            labels="$labels autogenerated_password=true"
+        fi
+
+        create_user_secret internal-user-$USER_NAME $USER_NAME $NEW_PASSWD "$labels"
+        rc=$?
+        if [ "$rc" != "0" ]; then
+            log_error "IMPORTANT! A Kubernetes secret holding the password for $USER_NAME no longer exists."
+            log_error "This WILL cause problems when the OpenSearch pods restart."
+            log_error "Try re-running this script again OR manually creating the secret using the command: "
+            log_error "kubectl -n $LOG_NS create secret generic --from-literal=username=$USER_NAME --from-literal=password=$NEW_PASSWD"
+        else
+            case $USER_NAME in
+            admin)
+
+                if [ "$autogenerated_password" == "true" ]; then
+                    echo ""
+                    log_notice "                    *********** IMPORTANT NOTE ***********                  "
+                    log_notice ""
+                    log_notice " The password for the OpenSearch 'admin' user was changed as requested.  "
+                    log_notice "                                                                            "
+                    log_notice " Since a new password for the 'admin' user was NOT provided, one was        "
+                    log_notice " auto-generated for the account. The generated password is shown below.     "
+                    log_notice "                                                                            "
+                    log_notice " Generated 'admin' password:  $NEW_PASSWD                                       |"
+                    log_notice "                                                                            "
+                    log_notice " You can change the password for the 'admin' account at any time, by        "
+                    log_notice " re-running this script.                                                    "
+                    log_notice "                                                                            "
+                    log_notice " NOTE: *NEVER* change the password for the 'admin' account from within the  "
+                    log_notice " OpenSearch Dashboards web-interface.  The 'admin' password should *ONLY* be changed via   "
+                    log_notice " this script (logging/bin/change_internal_password.sh)                      "
+                    echo ""
+                fi
+                ;;
+            logcollector)
+                echo ""
+                log_notice "                    *********** IMPORTANT NOTE ***********                   "
+                log_notice "                                                                             "
+                log_notice " After changing the password for the [logcollector] user, you should restart "
+                log_notice " the Fluent Bit pods to ensure log collection is not interrupted.            "
+                log_notice "                                                                             "
+                log_notice " This can be done by submitting the following command:                       "
+                log_notice "       kubectl -n $LOG_NS rollout restart daemonset v4m-fb                   "
+                echo ""
+                ;;
+            kibanaserver)
+                echo ""
+                log_notice "                        *********** IMPORTANT NOTE ***********                        "
+                log_notice "                                                                                      "
+                log_notice " After changing the password for the [kibanaserver] user, you need to restart the     "
+                log_notice " OpenSearch Dashboards pod to ensure OpenSearch Dashboards can still be accessed and used. "
+                log_notice "                                                                                      "
+                log_notice " This can be done by submitting the following command:                                "
+                log_notice "              kubectl -n $LOG_NS delete pods -l 'app=opensearch-dashboards'"
+                echo ""
+                ;;
+            metricgetter)
+                echo ""
+                log_notice "                        *********** IMPORTANT NOTE ***********                        "
+                log_notice "                                                                                      "
+                log_notice " After changing the password for the [metricgetter] user, you should restart the      "
+                log_notice " Elasticsearch Exporter pod to ensure OpenSearch metrics continue to be collected. "
+                log_notice "                                                                                      "
+                log_notice " This can be done by submitting the following command:                                "
+                log_notice "       kubectl -n $LOG_NS rollout restart deployment v4m-es-exporter                  "
+                echo ""
+                ;;
+            *)
+                log_error "The user name [$USER_NAME] you provided is not one of the supported internal users; exiting"
+                exit 2
+                ;;
+            esac
+        fi
+    fi
 elif [ "$success" == "false" ]; then
-  log_error "Unable to update the password for user [$USER_NAME] on the OpenSearch pod; original password remains in place."
-  exit 99
+    log_error "Unable to update the password for user [$USER_NAME] on the OpenSearch pod; original password remains in place."
+    exit 99
 fi
diff logging/bin/common.sh.orig logging/bin/common.sh
--- logging/bin/common.sh.orig
+++ logging/bin/common.sh
@@ -11,18 +11,18 @@
         userEnv=$(grep -v '^[[:blank:]]*$' $USER_DIR/logging/user.env | grep -v '^#' | xargs)
         log_verbose "Loading user environment file: $USER_DIR/logging/user.env"
         if [ "$userEnv" ]; then
-          export $userEnv
+            export $userEnv
         fi
     fi
 
     #Check for obsolete env var
-    if [  -n "$LOG_SEARCH_BACKEND" ]; then
+    if [ -n "$LOG_SEARCH_BACKEND" ]; then
         log_error "Support for the LOG_SEARCH_BACKEND environment variable has been removed."
         log_error "This script is only appropriate for use with OpenSearch as the search back-end."
         log_error "The LOG_SEARCH_BACKEND environment variable is currently set to [$LOG_SEARCH_BACKEND]"
         exit 1
     fi
-    
+
     export LOG_NS="${LOG_NS:-logging}"
 
     #if TLS (w/in cluster; for all monitoring components) is requested, require TLS into OSD pod, too
@@ -47,7 +47,7 @@
     export V4M_NS=$LOG_NS
 
     if [ "$AIRGAP_DEPLOYMENT" == "true" ]; then
-       source bin/airgap-include.sh
+        source bin/airgap-include.sh
     fi
 
     source bin/version-include.sh
@@ -56,4 +56,3 @@
 
 fi
 echo ""
-
diff logging/bin/deploy_esexporter.sh.orig logging/bin/deploy_esexporter.sh
--- logging/bin/deploy_esexporter.sh.orig
+++ logging/bin/deploy_esexporter.sh
@@ -7,7 +7,7 @@
 source logging/bin/common.sh
 source logging/bin/secrets-include.sh
 
-this_script=`basename "$0"`
+this_script=$(basename "$0")
 
 log_debug "Script [$this_script] has started [$(date)]"
 
@@ -14,8 +14,8 @@
 ELASTICSEARCH_EXPORTER_ENABLED=${ELASTICSEARCH_EXPORTER_ENABLED:-true}
 
 if [ "$ELASTICSEARCH_EXPORTER_ENABLED" != "true" ]; then
-  log_verbose "Environment variable [ELASTICSEARCH_EXPORTER_ENABLED] is not set to 'true'; exiting WITHOUT deploying Elasticsearch Exporter"
-  exit
+    log_verbose "Environment variable [ELASTICSEARCH_EXPORTER_ENABLED] is not set to 'true'; exiting WITHOUT deploying Elasticsearch Exporter"
+    exit
 fi
 
 set -e
@@ -25,41 +25,43 @@
 # check for pre-reqs
 
 # Confirm namespace exists
-if [ "$(kubectl get ns $LOG_NS -o name 2>/dev/null)" == "" ]; then
-  log_error "Namespace [$LOG_NS] does NOT exist."
-  exit 1
+if [ "$(kubectl get ns $LOG_NS -o name 2> /dev/null)" == "" ]; then
+    log_error "Namespace [$LOG_NS] does NOT exist."
+    exit 1
 fi
 
 # get credentials
 get_credentials_from_secret metricgetter
 rc=$?
-if [ "$rc" != "0" ] ;then log_debug "RC=$rc"; exit $rc;fi
-
+if [ "$rc" != "0" ]; then
+    log_debug "RC=$rc"
+    exit $rc
+fi
 
 if helm3ReleaseExists es-exporter $LOG_NS; then
-   #remove an existing instance if it does NOT have the most current set of labels
-   # NOTE: pod label 'app' changed to 'app.kubernetes.io/name' w/Helm chart 6.x
-   if [ -z $(kubectl -n $LOG_NS get pods -l "app.kubernetes.io/name=prometheus-elasticsearch-exporter,searchbackend=opensearch" -o name 2>/dev/null) ]; then
-      log_debug "Removing an outdated version of Helm release [es-exporter]"
-      helm -n $LOG_NS delete es-exporter
-   fi
-
-   if kubectl get crd servicemonitors.monitoring.coreos.com 2>1 1>/dev/null; then
-      #serviceMonitor CRD may not be present if metric monitoring stack is not deployed
-      monNamespace=$(kubectl get servicemonitor -A --field-selector=metadata.name=elasticsearch -l sas.com/monitoring-base=kube-viya-monitoring -o=custom-columns=NAMESPACE:.metadata.namespace --no-headers)
-      if [ -n "$monNamespace" ]; then
-         log_debug "Removing obsolete serviceMonitor [$monNamespace/elasticsearch]"
-         kubectl delete -n $monNamespace servicemonitor elasticsearch
-         log_debug "Deploying an updated serviceMonitor for Elasticsearch  [$monNamespace/elasticsearch-v2]"
-         kubectl apply  -n $monNamespace -f monitoring/monitors/logging/serviceMonitor-elasticsearch-v2.yaml
-      else
-         log_debug "No instance of the obsolete elasticsearch serviceMonitor found."
-      fi
-   else
-      log_debug "No serviceMonitor CRD detected; skipping check for obsolete elasticseach serviceMonitor instance."
-   fi
-else
-   log_debug "No existing Helm release [es-exporter] found."
+    #remove an existing instance if it does NOT have the most current set of labels
+    # NOTE: pod label 'app' changed to 'app.kubernetes.io/name' w/Helm chart 6.x
+    if [ -z $(kubectl -n $LOG_NS get pods -l "app.kubernetes.io/name=prometheus-elasticsearch-exporter,searchbackend=opensearch" -o name 2> /dev/null) ]; then
+        log_debug "Removing an outdated version of Helm release [es-exporter]"
+        helm -n $LOG_NS delete es-exporter
+    fi
+
+    if kubectl get crd servicemonitors.monitoring.coreos.com 2> 1 1> /dev/null; then
+        #serviceMonitor CRD may not be present if metric monitoring stack is not deployed
+        monNamespace=$(kubectl get servicemonitor -A --field-selector=metadata.name=elasticsearch -l sas.com/monitoring-base=kube-viya-monitoring -o=custom-columns=NAMESPACE:.metadata.namespace --no-headers)
+        if [ -n "$monNamespace" ]; then
+            log_debug "Removing obsolete serviceMonitor [$monNamespace/elasticsearch]"
+            kubectl delete -n $monNamespace servicemonitor elasticsearch
+            log_debug "Deploying an updated serviceMonitor for Elasticsearch  [$monNamespace/elasticsearch-v2]"
+            kubectl apply -n $monNamespace -f monitoring/monitors/logging/serviceMonitor-elasticsearch-v2.yaml
+        else
+            log_debug "No instance of the obsolete elasticsearch serviceMonitor found."
+        fi
+    else
+        log_debug "No serviceMonitor CRD detected; skipping check for obsolete elasticseach serviceMonitor instance."
+    fi
+else
+    log_debug "No existing Helm release [es-exporter] found."
 fi
 
 # enable debug on Helm via env var
@@ -66,7 +68,7 @@
 export HELM_DEBUG="${HELM_DEBUG:-false}"
 
 if [ "$HELM_DEBUG" == "true" ]; then
-  helmDebug="--debug"
+    helmDebug="--debug"
 fi
 
 helmRepoAdd prometheus-community https://prometheus-community.github.io/helm-charts
@@ -80,8 +82,8 @@
 # Load any user customizations/overrides
 ES_OPEN_EXPORTER_USER_YAML="${ES_OPEN_EXPORTER_USER_YAML:-$USER_DIR/logging/user-values-es-exporter.yaml}"
 if [ ! -f "$ES_OPEN_EXPORTER_USER_YAML" ]; then
-  log_debug "[$ES_OPEN_EXPORTER_USER_YAML] not found. Using $TMP_DIR/empty.yaml"
-  ES_OPEN_EXPORTER_USER_YAML=$TMP_DIR/empty.yaml
+    log_debug "[$ES_OPEN_EXPORTER_USER_YAML] not found. Using $TMP_DIR/empty.yaml"
+    ES_OPEN_EXPORTER_USER_YAML=$TMP_DIR/empty.yaml
 fi
 
 # Enable workload node placement?
@@ -89,44 +91,42 @@
 
 # Optional workload node placement support
 if [ "$LOG_NODE_PLACEMENT_ENABLE" == "true" ]; then
-  log_verbose "Enabling elasticsearch exporter for workload node placement"
-  wnpValuesFile="logging/node-placement/values-elasticsearch-exporter-wnp.yaml"
-else
-  log_debug "Workload node placement support is disabled for the elasticsearch exporter"
-  wnpValuesFile="$TMP_DIR/empty.yaml"
-fi
-
+    log_verbose "Enabling elasticsearch exporter for workload node placement"
+    wnpValuesFile="logging/node-placement/values-elasticsearch-exporter-wnp.yaml"
+else
+    log_debug "Workload node placement support is disabled for the elasticsearch exporter"
+    wnpValuesFile="$TMP_DIR/empty.yaml"
+fi
 
 # Point to OpenShift response file or dummy as appropriate
 if [ "$OPENSHIFT_CLUSTER" == "true" ]; then
-  log_verbose "Deploying Elasticsearch metric exporter onto OpenShift cluster"
-  openshiftValuesFile="logging/openshift/values-elasticsearch-exporter.yaml"
-else
-  log_debug "Elasticsearch metric exporter is NOT being deployed on OpenShift cluster"
-  openshiftValuesFile="$TMP_DIR/empty.yaml"
+    log_verbose "Deploying Elasticsearch metric exporter onto OpenShift cluster"
+    openshiftValuesFile="logging/openshift/values-elasticsearch-exporter.yaml"
+else
+    log_debug "Elasticsearch metric exporter is NOT being deployed on OpenShift cluster"
+    openshiftValuesFile="$TMP_DIR/empty.yaml"
 fi
 
 # Elasticsearch metric exporter
 helm2ReleaseCheck es-exporter-$LOG_NS
 
-
 ## Get Helm Chart Name
 log_debug "Elasticsearch Exporter Helm Chart: repo [$ESEXPORTER_HELM_CHART_REPO] name [$ESEXPORTER_HELM_CHART_NAME] version [$ESEXPORTER_HELM_CHART_VERSION]"
 chart2install="$(get_helmchart_reference $ESEXPORTER_HELM_CHART_REPO $ESEXPORTER_HELM_CHART_NAME $ESEXPORTER_HELM_CHART_VERSION)"
-versionstring="$(get_helm_versionstring  $ESEXPORTER_HELM_CHART_VERSION)"
+versionstring="$(get_helm_versionstring $ESEXPORTER_HELM_CHART_VERSION)"
 
 log_debug "Installing Helm chart from artifact [$chart2install]"
 
 helm $helmDebug upgrade --install es-exporter \
- --namespace $LOG_NS \
- -f $imageKeysFile \
- -f $primaryValuesFile \
- -f $wnpValuesFile \
- -f $openshiftValuesFile \
- -f $ES_OPEN_EXPORTER_USER_YAML \
- --set fullnameOverride=v4m-es-exporter  \
- $versionstring \
- $chart2install
+    --namespace $LOG_NS \
+    -f $imageKeysFile \
+    -f $primaryValuesFile \
+    -f $wnpValuesFile \
+    -f $openshiftValuesFile \
+    -f $ES_OPEN_EXPORTER_USER_YAML \
+    --set fullnameOverride=v4m-es-exporter \
+    $versionstring \
+    $chart2install
 
 log_info "Elasticsearch metric exporter has been deployed"
 
diff logging/bin/deploy_logging.sh.orig logging/bin/deploy_logging.sh
--- logging/bin/deploy_logging.sh.orig
+++ logging/bin/deploy_logging.sh
@@ -9,13 +9,12 @@
 
 # Confirm NOT on OpenShift
 if [ "$OPENSHIFT_CLUSTER" == "true" ]; then
-  if [ "${CHECK_OPENSHIFT_CLUSTER:-true}" == "true" ]; then
-    log_error "This script should NOT be run on OpenShift clusters"
-    log_error "Run logging/bin/deploy_logging_openshift.sh instead"
-    exit 1
-  fi
-fi
-
+    if [ "${CHECK_OPENSHIFT_CLUSTER:-true}" == "true" ]; then
+        log_error "This script should NOT be run on OpenShift clusters"
+        log_error "Run logging/bin/deploy_logging_openshift.sh instead"
+        exit 1
+    fi
+fi
 
 # set flag indicating wrapper/driver script being run
 export LOGGING_DRIVER=true
@@ -27,11 +26,11 @@
 checkDefaultStorageClass
 
 # Create namespace if it doesn't exist
-if [ "$(kubectl get ns $LOG_NS -o name 2>/dev/null)" == "" ]; then
-  kubectl create ns $LOG_NS
-
-  #Container Security: Disable serviceAccount Token Automounting
-  disable_sa_token_automount $LOG_NS default
+if [ "$(kubectl get ns $LOG_NS -o name 2> /dev/null)" == "" ]; then
+    kubectl create ns $LOG_NS
+
+    #Container Security: Disable serviceAccount Token Automounting
+    disable_sa_token_automount $LOG_NS default
 fi
 
 log_notice "Deploying logging components to the [$LOG_NS] namespace [$(date)]"
@@ -88,7 +87,6 @@
 bin/show_app_url.sh OSD OS
 set -e
 
-
 ##################################
 # Version Info                   #
 ##################################
@@ -95,14 +93,13 @@
 
 # If a deployment with the old name exists, remove it first
 if helm3ReleaseExists v4m $LOG_NS; then
-  log_verbose "Removing outdated SAS Viya Monitoring Helm chart release from [$LOG_NS] namespace"
-  helm uninstall -n "$LOG_NS" "v4m"
+    log_verbose "Removing outdated SAS Viya Monitoring Helm chart release from [$LOG_NS] namespace"
+    helm uninstall -n "$LOG_NS" "v4m"
 fi
 
 if ! deployV4MInfo "$LOG_NS" "v4m-logs"; then
-  log_warn "Unable to update SAS Viya Monitoring Helm chart release"
-fi
-
+    log_warn "Unable to update SAS Viya Monitoring Helm chart release"
+fi
 
 # Write any "notices" to console
 log_message ""
@@ -111,4 +108,3 @@
 log_message ""
 log_notice "The deployment of logging components has completed [$(date)]"
 echo ""
-
diff logging/bin/deploy_logging_openshift.sh.orig logging/bin/deploy_logging_openshift.sh
--- logging/bin/deploy_logging_openshift.sh.orig
+++ logging/bin/deploy_logging_openshift.sh
@@ -11,11 +11,11 @@
 ##################################
 
 if [ "$OPENSHIFT_CLUSTER" != "true" ]; then
-  if [ "${CHECK_OPENSHIFT_CLUSTER:-true}" == "true" ]; then
-    log_error "This script should only be run on OpenShift clusters"
-    log_error "Run logging/bin/deploy_logging.sh instead"
-    exit 1
-  fi
+    if [ "${CHECK_OPENSHIFT_CLUSTER:-true}" == "true" ]; then
+        log_error "This script should only be run on OpenShift clusters"
+        log_error "Run logging/bin/deploy_logging.sh instead"
+        exit 1
+    fi
 fi
 
 # set flag indicating wrapper/driver script being run
@@ -28,13 +28,13 @@
 checkDefaultStorageClass
 
 # Create namespace if it doesn't exist
-if [ "$(kubectl get ns $LOG_NS -o name 2>/dev/null)" == "" ]; then
-  kubectl create ns $LOG_NS
-
-  #Container Security: Disable serviceAccount Token Automounting
-  disable_sa_token_automount $LOG_NS default
-  disable_sa_token_automount $LOG_NS builder
-  disable_sa_token_automount $LOG_NS deployer
+if [ "$(kubectl get ns $LOG_NS -o name 2> /dev/null)" == "" ]; then
+    kubectl create ns $LOG_NS
+
+    #Container Security: Disable serviceAccount Token Automounting
+    disable_sa_token_automount $LOG_NS default
+    disable_sa_token_automount $LOG_NS builder
+    disable_sa_token_automount $LOG_NS deployer
 fi
 
 set -e
@@ -41,7 +41,6 @@
 
 log_notice "Deploying logging components to the [$LOG_NS] namespace [$(date)]"
 
-
 ##################################
 # OpenShift-specific Set-up      #
 ##################################
@@ -57,7 +56,6 @@
 log_info "STEP 1: OpenSearch"
 logging/bin/deploy_opensearch.sh
 
-
 ##################################
 # OpenSearch Dashboards (Kibana) #
 ##################################
@@ -64,7 +62,6 @@
 log_info "STEP 2: OpenSearch Dashboards"
 logging/bin/deploy_osd.sh
 
-
 ##################################
 # Elasticsearch Metric Exporter  #
 ##################################
@@ -71,7 +68,6 @@
 log_info "STEP 3: Elasticsearch metric exporter"
 logging/bin/deploy_esexporter.sh
 
-
 ##################################
 # OpenSearch Content (OpenShift) #
 ##################################
@@ -78,7 +74,6 @@
 log_info "STEP 4: Loading Content into OpenSearch"
 logging/bin/deploy_opensearch_content.sh
 
-
 ##################################
 # OSD Content                    #
 ##################################
@@ -86,7 +81,6 @@
 
 KB_KNOWN_NODEPORT_ENABLE=false logging/bin/deploy_osd_content.sh
 
-
 ##################################
 # Fluent Bit - Log Messages      #
 ##################################
@@ -99,7 +93,6 @@
 log_info "STEP 7: Deploying Fluent Bit - K8s Event Collection"
 logging/bin/deploy_fluentbit_k8sevents_opensearch.sh
 
-
 ##################################
 # Create OpenShift Route(s)      #
 # and display app URL(s)         #
@@ -110,22 +103,21 @@
 
 if [ "$OPENSHIFT_ROUTES_ENABLE" == "true" ]; then
 
-   servicelist="OSD"
-   logging/bin/create_openshift_route.sh OSD
-
-   OPENSHIFT_ES_ROUTE_ENABLE=${OPENSHIFT_ES_ROUTE_ENABLE:-false}
-   if [ "$OPENSHIFT_ES_ROUTE_ENABLE" == "true" ]; then
-      logging/bin/create_openshift_route.sh OS OSD
-
-      servicelist="OS OSD"
-   fi
-
-   bin/show_app_url.sh $servicelist
+    servicelist="OSD"
+    logging/bin/create_openshift_route.sh OSD
+
+    OPENSHIFT_ES_ROUTE_ENABLE=${OPENSHIFT_ES_ROUTE_ENABLE:-false}
+    if [ "$OPENSHIFT_ES_ROUTE_ENABLE" == "true" ]; then
+        logging/bin/create_openshift_route.sh OS OSD
+
+        servicelist="OS OSD"
+    fi
+
+    bin/show_app_url.sh $servicelist
 
 else
-   log_info "Environment variable [OPENSHIFT_ROUTES_ENABLE] is not set to 'true'; continuing WITHOUT deploying OpenShift Routes"
-fi
-
+    log_info "Environment variable [OPENSHIFT_ROUTES_ENABLE] is not set to 'true'; continuing WITHOUT deploying OpenShift Routes"
+fi
 
 ##################################
 # Service Monitors               #
@@ -134,7 +126,6 @@
 export DEPLOY_SERVICEMONITORS=${DEPLOY_SERVICEMONITORS:-true}
 logging/bin/deploy_servicemonitors_openshift.sh
 
-
 ##################################
 # Version Info                   #
 ##################################
@@ -142,14 +133,13 @@
 
 # If a deployment with the old name exists, remove it first
 if helm3ReleaseExists v4m $LOG_NS; then
-  log_verbose "Removing outdated SAS Viya Monitoring Helm chart release from [$LOG_NS] namespace"
-  helm uninstall -n "$LOG_NS" "v4m"
+    log_verbose "Removing outdated SAS Viya Monitoring Helm chart release from [$LOG_NS] namespace"
+    helm uninstall -n "$LOG_NS" "v4m"
 fi
 
 if ! deployV4MInfo "$LOG_NS" "v4m-logs"; then
-  log_warn "Unable to update SAS Viya Monitoring version info"
-fi
-
+    log_warn "Unable to update SAS Viya Monitoring version info"
+fi
 
 ##################################
 # Display Notices                #
@@ -158,7 +148,6 @@
 echo ""
 display_notices
 
-
 echo ""
 log_notice "The deployment of logging components has completed [$(date)]"
 echo ""
diff logging/bin/deploy_opensearch.sh.orig logging/bin/deploy_opensearch.sh
--- logging/bin/deploy_opensearch.sh.orig
+++ logging/bin/deploy_opensearch.sh
@@ -10,7 +10,7 @@
 source bin/autogenerate-include.sh
 source logging/bin/apiaccess-include.sh
 
-this_script=`basename "$0"`
+this_script=$(basename "$0")
 
 log_debug "Script [$this_script] has started [$(date)]"
 
@@ -17,8 +17,8 @@
 ELASTICSEARCH_ENABLE=${ELASTICSEARCH_ENABLE:-true}
 
 if [ "$ELASTICSEARCH_ENABLE" != "true" ]; then
-  log_verbose "Environment variable [ELASTICSEARCH_ENABLE] is not set to 'true'; exiting WITHOUT deploying OpenSearch"
-  exit 0
+    log_verbose "Environment variable [ELASTICSEARCH_ENABLE] is not set to 'true'; exiting WITHOUT deploying OpenSearch"
+    exit 0
 fi
 
 autogeneratedYAMLFile="$TMP_DIR/autogenerate-opensearch.yaml"
@@ -27,19 +27,19 @@
 
 if [ "$AUTOGENERATE_STORAGECLASS" == "true" ]; then
 
-   if [ ! -f "$autogeneratedYAMLFile" ]; then
-      log_debug "Creating file [$autogeneratedYAMLFile]"
-      touch "$autogeneratedYAMLFile"
-   else
-      log_debug "File [$autogeneratedYAMLFile] already exists"
-   fi
-
-   storageClass="${OPENSEARCH_STORAGECLASS:-$STORAGECLASS}"
-   checkStorageClass OPENSEARCH_STORAGECLASS "$OPENSEARCH_STORAGECLASS"
-   sc="$storageClass" yq -i '.persistence.storageClass=env(sc)' "$autogeneratedYAMLFile"
-
-else
-   log_debug "Autogeneration of storageClass References NOT enabled"
+    if [ ! -f "$autogeneratedYAMLFile" ]; then
+        log_debug "Creating file [$autogeneratedYAMLFile]"
+        touch "$autogeneratedYAMLFile"
+    else
+        log_debug "File [$autogeneratedYAMLFile] already exists"
+    fi
+
+    storageClass="${OPENSEARCH_STORAGECLASS:-$STORAGECLASS}"
+    checkStorageClass OPENSEARCH_STORAGECLASS "$OPENSEARCH_STORAGECLASS"
+    sc="$storageClass" yq -i '.persistence.storageClass=env(sc)' "$autogeneratedYAMLFile"
+
+else
+    log_debug "Autogeneration of storageClass References NOT enabled"
 fi
 
 AUTOGENERATE_INGRESS="${AUTOGENERATE_INGRESS:-false}"
@@ -47,62 +47,60 @@
 
 if [ "$AUTOGENERATE_INGRESS" == "true" ] && [ "$OPENSEARCH_INGRESS_ENABLE"="true" ]; then
 
-   if [ ! -f "$autogeneratedYAMLFile" ]; then
-      log_debug "Creating file [$autogeneratedYAMLFile]"
-      touch "$autogeneratedYAMLFile"
-   else
-      log_debug "File [$autogeneratedYAMLFile] already exists"
-   fi
-
-   osIngressCert="${OPENSEARCH_INGRESS_CERT}"
-   osIngressKey="${OPENSEARCH_INGRESS_KEY}"
-
-   create_ingress_certs "$LOG_NS" "elasticsearch-ingress-tls-secret" "$osIngressCert" "$osIngressKey" 
-
-   ROUTING="${ROUTING:-host}"
-
-   ## tested with sample version: 0.2.1
-   ingressSampleFile="samples/ingress/${ROUTING}-based-ingress/logging/user-values-opensearch.yaml"
-
-   #intialized the yaml file w/appropriate ingress sample
-   yq -i eval-all '. as $item ireduce ({}; . * $item )' "$autogeneratedYAMLFile" "$ingressSampleFile"
-
-   
-   OPENSEARCH_FQDN="${OPENSEARCH_FQDN}"
-   OPENSEARCH_PATH="${OPENSEARCH_PATH:-search}"
-   if [ -z "$OPENSEARCH_FQDN" ]; then
-      if [ "$ROUTING" == "host" ]; then
-         OPENSEARCH_FQDN="$OPENSEARCH_PATH.$BASE_DOMAIN"
-      else
-         OPENSEARCH_FQDN="$BASE_DOMAIN"
-      fi
-   fi
-
-   log_debug "OPENSEARCH_INGRESS_ENABLE [$OPENSEARCH_INGRESS_ENABLE] OPENSEARCH_FQDN [$OPENSEARCH_FQDN] OPENSEARCH_PATH [$OPENSEARCH_PATH]"
-
-   export OPENSEARCH_INGRESS_ENABLE OPENSEARCH_FQDN OPENSEARCH_PATH
-
-   yq -i '.ingress.enabled=env(OPENSEARCH_INGRESS_ENABLE)'               $autogeneratedYAMLFile
-
-   if [ "$ROUTING" == "host" ]; then
-      yq -i '.ingress.hosts.[0]=env(OPENSEARCH_FQDN)'                    $autogeneratedYAMLFile
-      yq -i '.ingress.tls.[0].hosts.[0]=env(OPENSEARCH_FQDN)'            $autogeneratedYAMLFile
-   else
-      slashpath="/$OPENSEARCH_PATH" yq -i '.ingress.path=env(slashpath)' $autogeneratedYAMLFile
-      yq -i '.ingress.hosts.[0]=env(OPENSEARCH_FQDN)'                    $autogeneratedYAMLFile
-
-      yq -i '.ingress.tls.[0].hosts.[0]=env(OPENSEARCH_FQDN)'            $autogeneratedYAMLFile
-      slashpath="/$OPENSEARCH_PATH" yq -i '.ingress.annotations["nginx.ingress.kubernetes.io/rewrite-target"]=env(slashpath)' $autogeneratedYAMLFile
-
-      # Need to use printf to preserve newlines
-      printf -v snippet "rewrite (?i)/$OPENSEARCH_PATH/(.*) /\$1 break;\nrewrite (?i)/${OPENSEARCH_PATH}$ / break;"  ;
-      snippet="$snippet"    yq -i '.ingress.annotations["nginx.ingress.kubernetes.io/configuration-snippet"]=strenv(snippet)'  $autogeneratedYAMLFile
-
-   fi      
-else
-   log_debug "Autogeneration of ingresss NOT enabled and/or ingress NOT enabled for OpenSearch"
-fi
-
+    if [ ! -f "$autogeneratedYAMLFile" ]; then
+        log_debug "Creating file [$autogeneratedYAMLFile]"
+        touch "$autogeneratedYAMLFile"
+    else
+        log_debug "File [$autogeneratedYAMLFile] already exists"
+    fi
+
+    osIngressCert="${OPENSEARCH_INGRESS_CERT}"
+    osIngressKey="${OPENSEARCH_INGRESS_KEY}"
+
+    create_ingress_certs "$LOG_NS" "elasticsearch-ingress-tls-secret" "$osIngressCert" "$osIngressKey"
+
+    ROUTING="${ROUTING:-host}"
+
+    ## tested with sample version: 0.2.1
+    ingressSampleFile="samples/ingress/${ROUTING}-based-ingress/logging/user-values-opensearch.yaml"
+
+    #intialized the yaml file w/appropriate ingress sample
+    yq -i eval-all '. as $item ireduce ({}; . * $item )' "$autogeneratedYAMLFile" "$ingressSampleFile"
+
+    OPENSEARCH_FQDN="${OPENSEARCH_FQDN}"
+    OPENSEARCH_PATH="${OPENSEARCH_PATH:-search}"
+    if [ -z "$OPENSEARCH_FQDN" ]; then
+        if [ "$ROUTING" == "host" ]; then
+            OPENSEARCH_FQDN="$OPENSEARCH_PATH.$BASE_DOMAIN"
+        else
+            OPENSEARCH_FQDN="$BASE_DOMAIN"
+        fi
+    fi
+
+    log_debug "OPENSEARCH_INGRESS_ENABLE [$OPENSEARCH_INGRESS_ENABLE] OPENSEARCH_FQDN [$OPENSEARCH_FQDN] OPENSEARCH_PATH [$OPENSEARCH_PATH]"
+
+    export OPENSEARCH_INGRESS_ENABLE OPENSEARCH_FQDN OPENSEARCH_PATH
+
+    yq -i '.ingress.enabled=env(OPENSEARCH_INGRESS_ENABLE)' $autogeneratedYAMLFile
+
+    if [ "$ROUTING" == "host" ]; then
+        yq -i '.ingress.hosts.[0]=env(OPENSEARCH_FQDN)' $autogeneratedYAMLFile
+        yq -i '.ingress.tls.[0].hosts.[0]=env(OPENSEARCH_FQDN)' $autogeneratedYAMLFile
+    else
+        slashpath="/$OPENSEARCH_PATH" yq -i '.ingress.path=env(slashpath)' $autogeneratedYAMLFile
+        yq -i '.ingress.hosts.[0]=env(OPENSEARCH_FQDN)' $autogeneratedYAMLFile
+
+        yq -i '.ingress.tls.[0].hosts.[0]=env(OPENSEARCH_FQDN)' $autogeneratedYAMLFile
+        slashpath="/$OPENSEARCH_PATH" yq -i '.ingress.annotations["nginx.ingress.kubernetes.io/rewrite-target"]=env(slashpath)' $autogeneratedYAMLFile
+
+        # Need to use printf to preserve newlines
+        printf -v snippet "rewrite (?i)/$OPENSEARCH_PATH/(.*) /\$1 break;\nrewrite (?i)/${OPENSEARCH_PATH}$ / break;"
+        snippet="$snippet" yq -i '.ingress.annotations["nginx.ingress.kubernetes.io/configuration-snippet"]=strenv(snippet)' $autogeneratedYAMLFile
+
+    fi
+else
+    log_debug "Autogeneration of ingresss NOT enabled and/or ingress NOT enabled for OpenSearch"
+fi
 
 set -e
 
@@ -113,18 +111,18 @@
 checkDefaultStorageClass
 
 # Confirm namespace exists
-if [ "$(kubectl get ns $LOG_NS -o name 2>/dev/null)" == "" ]; then
-  log_error "Namespace [$LOG_NS] does NOT exist."
-  exit 1
+if [ "$(kubectl get ns $LOG_NS -o name 2> /dev/null)" == "" ]; then
+    log_error "Namespace [$LOG_NS] does NOT exist."
+    exit 1
 fi
 
 #Generate yaml files with all container-related keys
-generateImageKeysFile "$OS_FULL_IMAGE"          "logging/opensearch/os_container_image.template"
-generateImageKeysFile "$OS_SYSCTL_FULL_IMAGE"   "$imageKeysFile"  "OS_SYSCTL_"
+generateImageKeysFile "$OS_FULL_IMAGE" "logging/opensearch/os_container_image.template"
+generateImageKeysFile "$OS_SYSCTL_FULL_IMAGE" "$imageKeysFile" "OS_SYSCTL_"
 
 #Copy imageKeysFile since next call will replace existing one
 cp "$imageKeysFile" "$TMP_DIR/opensearch_imagekeysfile.yaml"
-generateImageKeysFile "$OS_FULL_IMAGE"          "logging/opensearch/os_initcontainer_image.template" "" "true"
+generateImageKeysFile "$OS_FULL_IMAGE" "logging/opensearch/os_initcontainer_image.template" "" "true"
 
 # get credentials
 export ES_ADMIN_PASSWD=${ES_ADMIN_PASSWD}
@@ -133,19 +131,19 @@
 export ES_METRICGETTER_PASSWD=${ES_METRICGETTER_PASSWD}
 
 # Create secrets containing internal user credentials
-create_user_secret internal-user-admin        admin        "$ES_ADMIN_PASSWD"         managed-by=v4m-es-script
-create_user_secret internal-user-kibanaserver kibanaserver "$ES_KIBANASERVER_PASSWD"  managed-by=v4m-es-script
-create_user_secret internal-user-logcollector logcollector "$ES_LOGCOLLECTOR_PASSWD"  managed-by=v4m-es-script
-create_user_secret internal-user-metricgetter metricgetter "$ES_METRICGETTER_PASSWD"  managed-by=v4m-es-script
+create_user_secret internal-user-admin admin "$ES_ADMIN_PASSWD" managed-by=v4m-es-script
+create_user_secret internal-user-kibanaserver kibanaserver "$ES_KIBANASERVER_PASSWD" managed-by=v4m-es-script
+create_user_secret internal-user-logcollector logcollector "$ES_LOGCOLLECTOR_PASSWD" managed-by=v4m-es-script
+create_user_secret internal-user-metricgetter metricgetter "$ES_METRICGETTER_PASSWD" managed-by=v4m-es-script
 
 #cert_generator="${CERT_GENERATOR:-openssl}"
 
 # Verify cert generator is available (if necessary)
 if verify_cert_generator $LOG_NS es-transport es-rest es-admin; then
-   log_debug "cert generator check OK [$cert_generator_ok]"
-else
-   log_error "One or more required TLS certs do not exist and the expected certificate generator mechanism [$CERT_GENERATOR] is not available to create the missing certs"
-   exit 1
+    log_debug "cert generator check OK [$cert_generator_ok]"
+else
+    log_error "One or more required TLS certs do not exist and the expected certificate generator mechanism [$CERT_GENERATOR] is not available to create the missing certs"
+    exit 1
 fi
 
 # Create/Get necessary TLS certs
@@ -155,15 +153,15 @@
 sleep 10
 
 # Get subject from admin and transport cert for opensearch.yaml
-if [ ! -f  $TMP_DIR/es-transport.pem ]; then
-   log_debug "Extracting es-transport cert from secret"
-   kubectl -n $LOG_NS get secret es-transport-tls-secret -o=jsonpath="{.data.tls\.crt}" |base64 --decode > $TMP_DIR/es-transport.pem
+if [ ! -f $TMP_DIR/es-transport.pem ]; then
+    log_debug "Extracting es-transport cert from secret"
+    kubectl -n $LOG_NS get secret es-transport-tls-secret -o=jsonpath="{.data.tls\.crt}" | base64 --decode > $TMP_DIR/es-transport.pem
 fi
 node_dn=$(openssl x509 -subject -nameopt RFC2253 -noout -in $TMP_DIR/es-transport.pem | sed -e "s/subject=\s*\(\S*\)/\1/" -e "s/^[ \t]*//")
 
-if [ ! -f  $TMP_DIR/es-admin.pem ]; then
-   log_debug "Extracting es-admin cert from secret"
-   kubectl -n $LOG_NS get secret es-admin-tls-secret -o=jsonpath="{.data.tls\.crt}" |base64 --decode > $TMP_DIR/es-admin.pem
+if [ ! -f $TMP_DIR/es-admin.pem ]; then
+    log_debug "Extracting es-admin cert from secret"
+    kubectl -n $LOG_NS get secret es-admin-tls-secret -o=jsonpath="{.data.tls\.crt}" | base64 --decode > $TMP_DIR/es-admin.pem
 fi
 admin_dn=$(openssl x509 -subject -nameopt RFC2253 -noout -in $TMP_DIR/es-admin.pem | sed -e "s/subject=\s*\(\S*\)/\1/" -e "s/^[ \t]*//")
 
@@ -171,62 +169,61 @@
 
 #write cert subjects to secret to be mounted as env var
 kubectl -n $LOG_NS delete secret opensearch-cert-subjects --ignore-not-found
-kubectl -n $LOG_NS create secret generic opensearch-cert-subjects  --from-literal=node_dn="$node_dn" --from-literal=admin_dn="$admin_dn"
-kubectl -n $LOG_NS label  secret opensearch-cert-subjects  managed-by=v4m-es-script
+kubectl -n $LOG_NS create secret generic opensearch-cert-subjects --from-literal=node_dn="$node_dn" --from-literal=admin_dn="$admin_dn"
+kubectl -n $LOG_NS label secret opensearch-cert-subjects managed-by=v4m-es-script
 
 # Create ConfigMap for securityadmin script
 kubectl -n $LOG_NS delete configmap run-securityadmin.sh --ignore-not-found
 kubectl -n $LOG_NS create configmap run-securityadmin.sh --from-file logging/opensearch/bin/run_securityadmin.sh
-kubectl -n $LOG_NS label  configmap run-securityadmin.sh managed-by=v4m-es-script search-backend=opensearch
+kubectl -n $LOG_NS label configmap run-securityadmin.sh managed-by=v4m-es-script search-backend=opensearch
 
 # Need to retrieve these from secrets in case secrets pre-existed
-export ES_ADMIN_USER=$(kubectl -n $LOG_NS get secret internal-user-admin -o=jsonpath="{.data.username}" |base64 --decode)
-export ES_ADMIN_PASSWD=$(kubectl -n $LOG_NS get secret internal-user-admin -o=jsonpath="{.data.password}" |base64 --decode)
-export ES_METRICGETTER_USER=$(kubectl -n $LOG_NS get secret internal-user-metricgetter -o=jsonpath="{.data.username}" |base64 --decode)
-export ES_METRICGETTER_PASSWD=$(kubectl -n $LOG_NS get secret internal-user-metricgetter -o=jsonpath="{.data.password}" |base64 --decode)
+export ES_ADMIN_USER=$(kubectl -n $LOG_NS get secret internal-user-admin -o=jsonpath="{.data.username}" | base64 --decode)
+export ES_ADMIN_PASSWD=$(kubectl -n $LOG_NS get secret internal-user-admin -o=jsonpath="{.data.password}" | base64 --decode)
+export ES_METRICGETTER_USER=$(kubectl -n $LOG_NS get secret internal-user-metricgetter -o=jsonpath="{.data.username}" | base64 --decode)
+export ES_METRICGETTER_PASSWD=$(kubectl -n $LOG_NS get secret internal-user-metricgetter -o=jsonpath="{.data.password}" | base64 --decode)
 
 # Generate message about autogenerated admin password
-adminpwd_autogenerated=$(kubectl -n $LOG_NS get secret internal-user-admin   -o jsonpath='{.metadata.labels.autogenerated_password}')
-if [ ! -z "$adminpwd_autogenerated"  ]; then
-   # Print info about how to obtain admin password
-   add_notice "                                                                    "
-   add_notice "**The OpenSearch 'admin' Account**"
-   add_notice "Generated 'admin' password:  $ES_ADMIN_PASSWD                       "
-   add_notice "To change the password for the 'admin' account at any time, run the "
-   add_notice "following command:                                                  "
-   add_notice "                                                                    "
-   add_notice "    logging/bin/change_internal_password.sh admin newPassword       "
-   add_notice "                                                                    "
-   add_notice "NOTE: *NEVER* change the password for the 'admin' account from within the"
-   add_notice "OpenSearch Dashboards web-interface.  The 'admin' password should *ONLY* be changed via "
-   add_notice "the change_internal_password.sh script in the logging/bin sub-directory."
-   add_notice "                                                                    "
-
-   LOGGING_DRIVER=${LOGGING_DRIVER:-false}
-   if [ "$LOGGING_DRIVER" != "true" ]; then
-      echo ""
-      display_notices
-      echo ""
-   fi
-fi
-
+adminpwd_autogenerated=$(kubectl -n $LOG_NS get secret internal-user-admin -o jsonpath='{.metadata.labels.autogenerated_password}')
+if [ ! -z "$adminpwd_autogenerated" ]; then
+    # Print info about how to obtain admin password
+    add_notice "                                                                    "
+    add_notice "**The OpenSearch 'admin' Account**"
+    add_notice "Generated 'admin' password:  $ES_ADMIN_PASSWD                       "
+    add_notice "To change the password for the 'admin' account at any time, run the "
+    add_notice "following command:                                                  "
+    add_notice "                                                                    "
+    add_notice "    logging/bin/change_internal_password.sh admin newPassword       "
+    add_notice "                                                                    "
+    add_notice "NOTE: *NEVER* change the password for the 'admin' account from within the"
+    add_notice "OpenSearch Dashboards web-interface.  The 'admin' password should *ONLY* be changed via "
+    add_notice "the change_internal_password.sh script in the logging/bin sub-directory."
+    add_notice "                                                                    "
+
+    LOGGING_DRIVER=${LOGGING_DRIVER:-false}
+    if [ "$LOGGING_DRIVER" != "true" ]; then
+        echo ""
+        display_notices
+        echo ""
+    fi
+fi
 
 # enable debug on Helm via env var
 export HELM_DEBUG="${HELM_DEBUG:-false}"
 
 if [ "$HELM_DEBUG" == "true" ]; then
-  helmDebug="--debug"
-fi
-
-helmRepoAdd opensearch  https://opensearch-project.github.io/helm-charts
+    helmDebug="--debug"
+fi
+
+helmRepoAdd opensearch https://opensearch-project.github.io/helm-charts
 
 # Check for existing OpenSearch helm release
 if [ "$(helm -n $LOG_NS list --filter 'opensearch' -q)" == "opensearch" ]; then
-   log_debug "The Helm release [opensearch] already exists; upgrading the release."
-   existingSearch="true"
-else
-   log_debug "The Helm release [opensearch] does NOT exist; deploying a new release."
-   existingSearch="false"
+    log_debug "The Helm release [opensearch] already exists; upgrading the release."
+    existingSearch="true"
+else
+    log_debug "The Helm release [opensearch] does NOT exist; deploying a new release."
+    existingSearch="false"
 fi
 
 helm2ReleaseCheck odfe-$LOG_NS
@@ -234,8 +231,8 @@
 # Check for existing Open Distro helm release
 if [ "$(helm -n $LOG_NS list --filter 'odfe' -q)" == "odfe" ]; then
 
-   log_error "An existing ODFE-based deployment was detected.  It must be removed before deploying the current version."
-   exit 1
+    log_error "An existing ODFE-based deployment was detected.  It must be removed before deploying the current version."
+    exit 1
 
 fi
 
@@ -242,47 +239,47 @@
 # OpenSearch user customizations
 ES_OPEN_USER_YAML="${ES_OPEN_USER_YAML:-$USER_DIR/logging/user-values-opensearch.yaml}"
 if [ ! -f "$ES_OPEN_USER_YAML" ]; then
-  log_debug "[$ES_OPEN_USER_YAML] not found. Using $TMP_DIR/empty.yaml"
-  ES_OPEN_USER_YAML=$TMP_DIR/empty.yaml
-fi
-
-if [ -z "$(kubectl -n $LOG_NS get secret opensearch-securityconfig -o name 2>/dev/null)" ]; then
-
-   kubectl -n $LOG_NS delete secret opensearch-securityconfig --ignore-not-found
-
-   #Copy OpenSearch Security Configuration files
-   mkdir -p $TMP_DIR/opensearch/securityconfig
-   cp logging/opensearch/securityconfig/*.yml $TMP_DIR/opensearch/securityconfig
-   #Overlay OpenSearch security configuration files from USER_DIR (if exists)
-   if [ -d "$USER_DIR/logging/opensearch/securityconfig" ]; then
-      log_debug "OpenSearch Security Configuration directory found w/in USER_DIR [$USER_DIR]"
-
-      if [ "$(ls $USER_DIR/logging/opensearch/securityconfig/*.yml 2>/dev/null)" ]; then
-        log_info "Copying OpenSearch Security Configuration files from [$USER_DIR/logging/opensearch/securityconfig]"
-        cp $USER_DIR/logging/opensearch/securityconfig/*.yml $TMP_DIR/opensearch/securityconfig
-      else
-         log_debug "No YAML (*.yml) files found in USER_DIR/opensearch/securityconfig directory"
-      fi
-   fi
-
-   #create secret containing OpenSearch security configuration yaml files
-   #NOTE: whitelist.yml file is only created due to apparent bug in OpenSearch
-   #      which causes an ERROR when securityAdmin.sh is run without it 
-   kubectl -n $LOG_NS create secret generic opensearch-securityconfig    \
-       --from-file $TMP_DIR/opensearch/securityconfig/action_groups.yml  \
-       --from-file $TMP_DIR/opensearch/securityconfig/allowlist.yml      \
-       --from-file whitelist.yml=$TMP_DIR/opensearch/securityconfig/allowlist.yml      \
-       --from-file $TMP_DIR/opensearch/securityconfig/config.yml         \
-       --from-file $TMP_DIR/opensearch/securityconfig/internal_users.yml \
-       --from-file $TMP_DIR/opensearch/securityconfig/nodes_dn.yml       \
-       --from-file $TMP_DIR/opensearch/securityconfig/roles.yml          \
-       --from-file $TMP_DIR/opensearch/securityconfig/roles_mapping.yml  \
-       --from-file $TMP_DIR/opensearch/securityconfig/tenants.yml
-
-   kubectl -n $LOG_NS label secret opensearch-securityconfig  managed-by=v4m-es-script
-
-else
-   log_verbose "Using existing secret [opensearch-securityconfig] for OpenSearch Security Configuration"
+    log_debug "[$ES_OPEN_USER_YAML] not found. Using $TMP_DIR/empty.yaml"
+    ES_OPEN_USER_YAML=$TMP_DIR/empty.yaml
+fi
+
+if [ -z "$(kubectl -n $LOG_NS get secret opensearch-securityconfig -o name 2> /dev/null)" ]; then
+
+    kubectl -n $LOG_NS delete secret opensearch-securityconfig --ignore-not-found
+
+    #Copy OpenSearch Security Configuration files
+    mkdir -p $TMP_DIR/opensearch/securityconfig
+    cp logging/opensearch/securityconfig/*.yml $TMP_DIR/opensearch/securityconfig
+    #Overlay OpenSearch security configuration files from USER_DIR (if exists)
+    if [ -d "$USER_DIR/logging/opensearch/securityconfig" ]; then
+        log_debug "OpenSearch Security Configuration directory found w/in USER_DIR [$USER_DIR]"
+
+        if [ "$(ls $USER_DIR/logging/opensearch/securityconfig/*.yml 2> /dev/null)" ]; then
+            log_info "Copying OpenSearch Security Configuration files from [$USER_DIR/logging/opensearch/securityconfig]"
+            cp $USER_DIR/logging/opensearch/securityconfig/*.yml $TMP_DIR/opensearch/securityconfig
+        else
+            log_debug "No YAML (*.yml) files found in USER_DIR/opensearch/securityconfig directory"
+        fi
+    fi
+
+    #create secret containing OpenSearch security configuration yaml files
+    #NOTE: whitelist.yml file is only created due to apparent bug in OpenSearch
+    #      which causes an ERROR when securityAdmin.sh is run without it
+    kubectl -n $LOG_NS create secret generic opensearch-securityconfig \
+        --from-file $TMP_DIR/opensearch/securityconfig/action_groups.yml \
+        --from-file $TMP_DIR/opensearch/securityconfig/allowlist.yml \
+        --from-file whitelist.yml=$TMP_DIR/opensearch/securityconfig/allowlist.yml \
+        --from-file $TMP_DIR/opensearch/securityconfig/config.yml \
+        --from-file $TMP_DIR/opensearch/securityconfig/internal_users.yml \
+        --from-file $TMP_DIR/opensearch/securityconfig/nodes_dn.yml \
+        --from-file $TMP_DIR/opensearch/securityconfig/roles.yml \
+        --from-file $TMP_DIR/opensearch/securityconfig/roles_mapping.yml \
+        --from-file $TMP_DIR/opensearch/securityconfig/tenants.yml
+
+    kubectl -n $LOG_NS label secret opensearch-securityconfig managed-by=v4m-es-script
+
+else
+    log_verbose "Using existing secret [opensearch-securityconfig] for OpenSearch Security Configuration"
 fi
 
 # OpenSearch
@@ -293,11 +290,11 @@
 
 # Optional workload node placement support
 if [ "$LOG_NODE_PLACEMENT_ENABLE" == "true" ]; then
-  log_verbose "Enabling OpenSearch for workload node placement"
-  wnpValuesFile="logging/node-placement/values-opensearch-wnp.yaml"
-else
-  log_debug "Workload node placement support is disabled for OpenSearch"
-  wnpValuesFile="$TMP_DIR/empty.yaml"
+    log_verbose "Enabling OpenSearch for workload node placement"
+    wnpValuesFile="logging/node-placement/values-opensearch-wnp.yaml"
+else
+    log_debug "Workload node placement support is disabled for OpenSearch"
+    wnpValuesFile="$TMP_DIR/empty.yaml"
 fi
 
 OPENSHIFT_SPECIFIC_YAML=$TMP_DIR/empty.yaml
@@ -305,21 +302,18 @@
     OPENSHIFT_SPECIFIC_YAML=logging/openshift/values-opensearch-openshift.yaml
 fi
 
-
 # YAML file container auto-generated ingress definitions (or not)
 if [ ! -f "$autogeneratedYAMLFile" ]; then
-  log_debug "[$autogeneratedYAMLFile] not found. Using $TMP_DIR/empty.yaml"
-  autogeneratedYAMLFile="$TMP_DIR/empty.yaml"
-fi
-
+    log_debug "[$autogeneratedYAMLFile] not found. Using $TMP_DIR/empty.yaml"
+    autogeneratedYAMLFile="$TMP_DIR/empty.yaml"
+fi
 
 # Get Helm Chart Name
 log_debug "OpenSearch Helm Chart: repo [$OPENSEARCH_HELM_CHART_REPO] name [$OPENSEARCH_HELM_CHART_NAME] version [$OPENSEARCH_HELM_CHART_VERSION]"
 chart2install="$(get_helmchart_reference $OPENSEARCH_HELM_CHART_REPO $OPENSEARCH_HELM_CHART_NAME $OPENSEARCH_HELM_CHART_VERSION)"
-versionstring="$(get_helm_versionstring  $OPENSEARCH_HELM_CHART_VERSION)"
+versionstring="$(get_helm_versionstring $OPENSEARCH_HELM_CHART_VERSION)"
 log_debug "Installing Helm chart from artifact [$chart2install]"
 
-
 # Deploy OpenSearch via Helm chart
 # NOTE: nodeGroup needed to get resource names we want
 helm $helmDebug upgrade --install opensearch \
@@ -331,7 +325,7 @@
     --values "$autogeneratedYAMLFile" \
     --values "$ES_OPEN_USER_YAML" \
     --values "$OPENSHIFT_SPECIFIC_YAML" \
-    --set nodeGroup=primary  \
+    --set nodeGroup=primary \
     --set masterService=v4m-search \
     --set fullnameOverride=v4m-search \
     $versionstring \
@@ -339,21 +333,20 @@
 
 # waiting for PVCs to be bound
 declare -i pvcCounter=0
-pvc_status=$(kubectl -n $LOG_NS get pvc  v4m-search-v4m-search-0  -o=jsonpath="{.status.phase}")
-until [ "$pvc_status" == "Bound" ] || (( $pvcCounter>90 ));
-do
-   sleep 5
-   pvcCounter=$((pvcCounter+5))
-   pvc_status=$(kubectl -n $LOG_NS get pvc v4m-search-v4m-search-0 -o=jsonpath="{.status.phase}")
+pvc_status=$(kubectl -n $LOG_NS get pvc v4m-search-v4m-search-0 -o=jsonpath="{.status.phase}")
+until [ "$pvc_status" == "Bound" ] || ((pvcCounter > 90)); do
+    sleep 5
+    pvcCounter=$((pvcCounter + 5))
+    pvc_status=$(kubectl -n $LOG_NS get pvc v4m-search-v4m-search-0 -o=jsonpath="{.status.phase}")
 done
 
 # Confirm PVC is "bound" (matched) to PV
-pvc_status=$(kubectl -n $LOG_NS get pvc  v4m-search-v4m-search-0  -o=jsonpath="{.status.phase}")
-if [ "$pvc_status" != "Bound" ];  then
-      log_error "It appears that the PVC [v4m-search-v4m-search-0] associated with the [v4m-search-0] node has not been bound to a PV."
-      log_error "The status of the PVC is [$pvc_status]"
-      log_error "After ensuring all claims shown as Pending can be satisfied; run the remove_opensearch.sh script and try again."
-      exit 1
+pvc_status=$(kubectl -n $LOG_NS get pvc v4m-search-v4m-search-0 -o=jsonpath="{.status.phase}")
+if [ "$pvc_status" != "Bound" ]; then
+    log_error "It appears that the PVC [v4m-search-v4m-search-0] associated with the [v4m-search-0] node has not been bound to a PV."
+    log_error "The status of the PVC is [$pvc_status]"
+    log_error "After ensuring all claims shown as Pending can be satisfied; run the remove_opensearch.sh script and try again."
+    exit 1
 fi
 log_verbose "The PVC [v4m-search-v4m-search-0] have been bound to PVs"
 
@@ -361,9 +354,8 @@
 log_info "Waiting on OpenSearch pods to be Ready"
 kubectl -n $LOG_NS wait pods v4m-search-0 --for=condition=Ready --timeout=10m
 
-
 # TO DO: Convert to curl command to detect ES is up?
-# hitting https:/host:port -u adminuser:adminpwd --insecure 
+# hitting https:/host:port -u adminuser:adminpwd --insecure
 # returns "OpenDistro Security not initialized." and 503 when up
 log_verbose "Waiting [2] minutes to allow OpenSearch to initialize [$(date)]"
 sleep 120
@@ -372,19 +364,19 @@
 
 # Run the security admin script on the pod
 # Add some logic to find ES release
-if [ "$existingSearch" == "false" ] ; then
-  kubectl -n $LOG_NS exec v4m-search-0 -c opensearch -- config/run_securityadmin.sh
-  # Retrieve log file from security admin script
-  kubectl -n $LOG_NS cp v4m-search-0:config/run_securityadmin.log $TMP_DIR/run_securityadmin.log -c opensearch
-  if [ "$(tail -n1  $TMP_DIR/run_securityadmin.log)" == "Done with success" ]; then
-    log_verbose "The run_securityadmin.log script appears to have run successfully; you can review its output below:"
-  else
-    log_warn "There may have been a problem with the run_securityadmin.log script; review the output below:"
-  fi
-  # show output from run_securityadmin.sh script
-  sed 's/^/   | /' $TMP_DIR/run_securityadmin.log
-else
-  log_verbose "Existing OpenSearch release found. Skipping OpenSearch security initialization."
+if [ "$existingSearch" == "false" ]; then
+    kubectl -n $LOG_NS exec v4m-search-0 -c opensearch -- config/run_securityadmin.sh
+    # Retrieve log file from security admin script
+    kubectl -n $LOG_NS cp v4m-search-0:config/run_securityadmin.log $TMP_DIR/run_securityadmin.log -c opensearch
+    if [ "$(tail -n1 $TMP_DIR/run_securityadmin.log)" == "Done with success" ]; then
+        log_verbose "The run_securityadmin.log script appears to have run successfully; you can review its output below:"
+    else
+        log_warn "There may have been a problem with the run_securityadmin.log script; review the output below:"
+    fi
+    # show output from run_securityadmin.sh script
+    sed 's/^/   | /' $TMP_DIR/run_securityadmin.log
+else
+    log_verbose "Existing OpenSearch release found. Skipping OpenSearch security initialization."
 fi
 
 set -e
@@ -391,8 +383,8 @@
 
 #Container Security: Disable serviceAccount Token Automounting
 if [ "$OPENSHIFT_CLUSTER" == "true" ]; then
-   disable_sa_token_automount $LOG_NS v4m-os
-   #NOTE: On other providers, OpenSearch pods linked to the 'default' serviceAccount
+    disable_sa_token_automount $LOG_NS v4m-os
+    #NOTE: On other providers, OpenSearch pods linked to the 'default' serviceAccount
 fi
 
 log_info "OpenSearch has been deployed"
diff logging/bin/deploy_opensearch_content.sh.orig logging/bin/deploy_opensearch_content.sh
--- logging/bin/deploy_opensearch_content.sh.orig
+++ logging/bin/deploy_opensearch_content.sh
@@ -9,7 +9,7 @@
 source logging/bin/apiaccess-include.sh
 source logging/bin/rbac-include.sh
 
-this_script=`basename "$0"`
+this_script=$(basename "$0")
 
 log_debug "Script [$this_script] has started [$(date)]"
 
@@ -16,8 +16,8 @@
 ES_CONTENT_DEPLOY=${ES_CONTENT_DEPLOY:-${ELASTICSEARCH_ENABLE:-true}}
 
 if [ "$ES_CONTENT_DEPLOY" != "true" ]; then
-  log_verbose "Environment variable [ES_CONTENT_DEPLOY] is not set to 'true'; exiting WITHOUT deploying content into OpenSearch"
-  exit 0
+    log_verbose "Environment variable [ES_CONTENT_DEPLOY] is not set to 'true'; exiting WITHOUT deploying content into OpenSearch"
+    exit 0
 fi
 
 log_info "Loading Content into OpenSearch"
@@ -30,181 +30,178 @@
 # check for pre-reqs
 
 # Confirm namespace exists
-if [ "$(kubectl get ns $LOG_NS -o name 2>/dev/null)" == "" ]; then
-  log_error "Namespace [$LOG_NS] does NOT exist."
-  exit 1
-fi
-
+if [ "$(kubectl get ns $LOG_NS -o name 2> /dev/null)" == "" ]; then
+    log_error "Namespace [$LOG_NS] does NOT exist."
+    exit 1
+fi
 
 # get credentials
 get_credentials_from_secret admin
 rc=$?
-if [ "$rc" != "0" ] ;then log_debug "RC=$rc"; exit $rc;fi
+if [ "$rc" != "0" ]; then
+    log_debug "RC=$rc"
+    exit $rc
+fi
 
 get_ism_api_url
 
 # Confirm OpenSearch is ready
-for pause in 30 30 30 30 30 30 60
-do
-   response=$(curl -s -o /dev/null -w  "%{http_code}" -XGET  "$es_api_url"  --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD  --insecure)
-   # returns 503 (and outputs "Open Distro Security not initialized.") when ODFE isn't ready yet
-   # TO DO: check for 503 specifically?
-
-   if [[ $response != 2* ]]; then
-      log_verbose "The OpenSearch REST endpoint does not appear to be quite ready [$response]; sleeping for [$pause] more seconds before checking again."
-      sleep ${pause}
-   else
-      log_debug "The OpenSearch REST endpoint appears to be ready...continuing"
-      esready="TRUE"
-      break
-   fi
+for pause in 30 30 30 30 30 30 60; do
+    response=$(curl -s -o /dev/null -w "%{http_code}" -XGET "$es_api_url" --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
+    # returns 503 (and outputs "Open Distro Security not initialized.") when ODFE isn't ready yet
+    # TO DO: check for 503 specifically?
+
+    if [[ $response != 2* ]]; then
+        log_verbose "The OpenSearch REST endpoint does not appear to be quite ready [$response]; sleeping for [$pause] more seconds before checking again."
+        sleep ${pause}
+    else
+        log_debug "The OpenSearch REST endpoint appears to be ready...continuing"
+        esready="TRUE"
+        break
+    fi
 done
 
 if [ "$esready" != "TRUE" ]; then
-   log_error "The OpenSearch REST endpoint has NOT become accessible in the expected time; exiting."
-   log_error "Review the OpenSearch pod's events and log to identify the issue and resolve it before trying again."
-   exit 1
-fi
-
+    log_error "The OpenSearch REST endpoint has NOT become accessible in the expected time; exiting."
+    log_error "Review the OpenSearch pod's events and log to identify the issue and resolve it before trying again."
+    exit 1
+fi
 
 # Create Index Management (I*M) Policy  objects
 function set_retention_period {
 
-   #Arguments
-   policy_name=$1                                   # Name of policy...also, used to construct name of json file to load
-   retention_period_var=$2                          # Name of env var that can be used to specify retention period
-
-   log_debug "Function called: set_retention_perid ARGS: $@"
-
-   retention_period=${!retention_period_var}        # Retention Period (unit: days)
-
-   digits_re='^[0-9]+$'
-
-   cp logging/opensearch/${policy_name}.json $TMP_DIR/$policy_name.json
-
-   # confirm value is number
-   if ! [[ $retention_period =~ $digits_re ]]; then
-      log_error "An invalid valid was provided for [$retention_period_var]; exiting."
-      exit 1
-   fi
-
-   #Update retention period in json file prior to loading it
-   sed -i'.bak' "s/\"min_index_age\": \"xxxRETENTION_PERIODxxx\"/\"min_index_age\": \"${retention_period}d\"/g" $TMP_DIR/$policy_name.json
-
-   log_debug "Contents of $policy_name.json after substitution:"
-   log_debug "$(cat $TMP_DIR/${policy_name}.json)"
-
-   # Load policy into OpenSearch via API
-   response=$(curl -s -o /dev/null  -w "%{http_code}" -XPUT "$ism_api_url/policies/$policy_name" -H 'Content-Type: application/json' -d @$TMP_DIR/$policy_name.json  --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
-   if [[ $response == 409 ]]; then
-      log_info "The index management policy [$policy_name] already exist in OpenSearch; skipping load and using existing policy."
-   elif [[ $response != 2* ]]; then
-      log_error "There was an issue loading index management policy [$policy_name] into OpenSearch [$response]"
-      exit 1
-   else
-      log_debug "Index management policy [$policy_name] loaded into OpenSearch [$response]"
-   fi
+    #Arguments
+    policy_name=$1          # Name of policy...also, used to construct name of json file to load
+    retention_period_var=$2 # Name of env var that can be used to specify retention period
+
+    log_debug "Function called: set_retention_perid ARGS: $@"
+
+    retention_period=${!retention_period_var} # Retention Period (unit: days)
+
+    digits_re='^[0-9]+$'
+
+    cp logging/opensearch/${policy_name}.json $TMP_DIR/$policy_name.json
+
+    # confirm value is number
+    if ! [[ $retention_period =~ $digits_re ]]; then
+        log_error "An invalid valid was provided for [$retention_period_var]; exiting."
+        exit 1
+    fi
+
+    #Update retention period in json file prior to loading it
+    sed -i'.bak' "s/\"min_index_age\": \"xxxRETENTION_PERIODxxx\"/\"min_index_age\": \"${retention_period}d\"/g" $TMP_DIR/$policy_name.json
+
+    log_debug "Contents of $policy_name.json after substitution:"
+    log_debug "$(cat $TMP_DIR/${policy_name}.json)"
+
+    # Load policy into OpenSearch via API
+    response=$(curl -s -o /dev/null -w "%{http_code}" -XPUT "$ism_api_url/policies/$policy_name" -H 'Content-Type: application/json' -d @$TMP_DIR/$policy_name.json --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
+    if [[ $response == 409 ]]; then
+        log_info "The index management policy [$policy_name] already exist in OpenSearch; skipping load and using existing policy."
+    elif [[ $response != 2* ]]; then
+        log_error "There was an issue loading index management policy [$policy_name] into OpenSearch [$response]"
+        exit 1
+    else
+        log_debug "Index management policy [$policy_name] loaded into OpenSearch [$response]"
+    fi
 }
 
 #Patch ODFE 1.7.0 ISM policies to ODFE 1.13.x format
 function add_ism_template {
-   local policy_name pattern
-
-   #Arguments
-   policy_name=$1                                   # Name of policy
-   pattern=$2                                       # Index pattern to associate with policy
-   priority=${3:-100}                               # Index Priority (Higher values ==> reloaded first)
-
-   response=$(curl -s -o $TMP_DIR/ism_policy_patch.json -w "%{http_code}" -XGET "$ism_api_url/policies/$policy_name" --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
-   if [[ $response != 2* ]]; then
-      log_debug "No ISM policy [$policy_name] found to patch; moving on.[$response]"
-      return
-   fi
-
-   if [ -n "$(cat $TMP_DIR/ism_policy_patch.json |grep '"ism_template":null')" ]; then
-      log_debug "No ISM Template on policy [$policy_name]; adding one."
-
-      #remove crud returned but not needed
-      sed -i'.bak'  "s/\"_id\":\"${policy_name}\",//;s/\"_version\":[0-9]*,//;s/\"_seq_no\":[0-9]*,//;s/\"_primary_term\":[0-9]*,//" $TMP_DIR/ism_policy_patch.json
-
-      #add ISM_Template to existing ISM policy
-      sed -i'.bak'  "s/\"ism_template\":null/\"ism_template\": {\"index_patterns\": \[\"${pattern}\"\],\"priority\":${priority}}/g" $TMP_DIR/ism_policy_patch.json
-
-      #delete exisiting policy
-      response=$(curl -s -o /dev/null   -w "%{http_code}" -XDELETE "$ism_api_url/policies/$policy_name" --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
-      if [[ $response != 2* ]]; then
-         log_warn "Error encountered deleting index management policy [$policy_name] before patching to add ISM template stanza [$response]."
-         log_warn "Review the index managment policy [$policy_name] within OpenSearch Dashboards to ensure it is properly configured and linked to appropriate indexes [$pattern]."
-         return
-      else
-         log_debug "Index policy [$policy_name] deleted [$response]."
-      fi
-
-      #handle change in policy name w/ our 1.1.0 release
-      if [ "$policy_name" == "viya_infra_idxmgmt_policy" ]; then
-         sed -i'.bak' "s/viya_infra_idxmgmt_policy/viya-infra-idxmgmt-policy/g"  $TMP_DIR/ism_policy_patch.json
-         policy_name="viya-infra-idxmgmt-policy"
-      fi
-
-
-      #load revised policy
-      response=$(curl -s -o /dev/null -w "%{http_code}" -XPUT "$ism_api_url/policies/$policy_name"  -H 'Content-Type: application/json' -d "@$TMP_DIR/ism_policy_patch.json" --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
-      if [[ $response != 2* ]]; then
-         log_warn "Unable to update index management policy [$policy_name] to add a ISM_TEMPLATE stanza [$response]"
-         log_warn "Review/create the index managment policy [$policy_name] within OpenSearch Dashboards to ensure it is properly configured and linked to appropriate indexes [$pattern]."
-         return
-      else
-         log_info "Index management policy [$policy_name] loaded into OpenSearch [$response]"
-      fi
-   else
-      log_debug "The policy definition for [$policy_name] already includes an ISM Template stanza; no need to patch."
-      return
-   fi
-}
-
+    local policy_name pattern
+
+    #Arguments
+    policy_name=$1     # Name of policy
+    pattern=$2         # Index pattern to associate with policy
+    priority=${3:-100} # Index Priority (Higher values ==> reloaded first)
+
+    response=$(curl -s -o $TMP_DIR/ism_policy_patch.json -w "%{http_code}" -XGET "$ism_api_url/policies/$policy_name" --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
+    if [[ $response != 2* ]]; then
+        log_debug "No ISM policy [$policy_name] found to patch; moving on.[$response]"
+        return
+    fi
+
+    if [ -n "$(cat $TMP_DIR/ism_policy_patch.json | grep '"ism_template":null')" ]; then
+        log_debug "No ISM Template on policy [$policy_name]; adding one."
+
+        #remove crud returned but not needed
+        sed -i'.bak' "s/\"_id\":\"${policy_name}\",//;s/\"_version\":[0-9]*,//;s/\"_seq_no\":[0-9]*,//;s/\"_primary_term\":[0-9]*,//" $TMP_DIR/ism_policy_patch.json
+
+        #add ISM_Template to existing ISM policy
+        sed -i'.bak' "s/\"ism_template\":null/\"ism_template\": {\"index_patterns\": \[\"${pattern}\"\],\"priority\":${priority}}/g" $TMP_DIR/ism_policy_patch.json
+
+        #delete exisiting policy
+        response=$(curl -s -o /dev/null -w "%{http_code}" -XDELETE "$ism_api_url/policies/$policy_name" --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
+        if [[ $response != 2* ]]; then
+            log_warn "Error encountered deleting index management policy [$policy_name] before patching to add ISM template stanza [$response]."
+            log_warn "Review the index managment policy [$policy_name] within OpenSearch Dashboards to ensure it is properly configured and linked to appropriate indexes [$pattern]."
+            return
+        else
+            log_debug "Index policy [$policy_name] deleted [$response]."
+        fi
+
+        #handle change in policy name w/ our 1.1.0 release
+        if [ "$policy_name" == "viya_infra_idxmgmt_policy" ]; then
+            sed -i'.bak' "s/viya_infra_idxmgmt_policy/viya-infra-idxmgmt-policy/g" $TMP_DIR/ism_policy_patch.json
+            policy_name="viya-infra-idxmgmt-policy"
+        fi
+
+        #load revised policy
+        response=$(curl -s -o /dev/null -w "%{http_code}" -XPUT "$ism_api_url/policies/$policy_name" -H 'Content-Type: application/json' -d "@$TMP_DIR/ism_policy_patch.json" --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
+        if [[ $response != 2* ]]; then
+            log_warn "Unable to update index management policy [$policy_name] to add a ISM_TEMPLATE stanza [$response]"
+            log_warn "Review/create the index managment policy [$policy_name] within OpenSearch Dashboards to ensure it is properly configured and linked to appropriate indexes [$pattern]."
+            return
+        else
+            log_info "Index management policy [$policy_name] loaded into OpenSearch [$response]"
+        fi
+    else
+        log_debug "The policy definition for [$policy_name] already includes an ISM Template stanza; no need to patch."
+        return
+    fi
+}
 
 LOG_RETENTION_PERIOD="${LOG_RETENTION_PERIOD:-3}"
 set_retention_period viya_logs_idxmgmt_policy LOG_RETENTION_PERIOD
-add_ism_template "viya_logs_idxmgmt_policy" "viya_logs-*"  100
+add_ism_template "viya_logs_idxmgmt_policy" "viya_logs-*" 100
 
 # Create Ingest Pipeline to "burst" incoming log messages to separate indexes based on namespace
-response=$(curl  -s -o /dev/null -w "%{http_code}"  -XPUT "$es_api_url/_ingest/pipeline/viyaburstns" -H 'Content-Type: application/json' -d @logging/opensearch/create_ns_burst_pipeline.json  --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
-# request returns: {"acknowledged":true}
-if [[ $response != 2* ]]; then
-   log_error "There was an issue loading ingest pipeline into OpenSearch [$response]"
-   exit 1
-else
-   log_debug "Ingest pipeline definition loaded into OpenSearch [$response]"
+response=$(curl -s -o /dev/null -w "%{http_code}" -XPUT "$es_api_url/_ingest/pipeline/viyaburstns" -H 'Content-Type: application/json' -d @logging/opensearch/create_ns_burst_pipeline.json --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
+# request returns: {"acknowledged":true}
+if [[ $response != 2* ]]; then
+    log_error "There was an issue loading ingest pipeline into OpenSearch [$response]"
+    exit 1
+else
+    log_debug "Ingest pipeline definition loaded into OpenSearch [$response]"
 fi
 
 # Configure index template settings and link Ingest Pipeline to Index Template
-response=$(curl  -s -o /dev/null -w "%{http_code}" -XPUT "$es_api_url/_template/viya-logs-template"  -H 'Content-Type: application/json' -d @logging/opensearch/set_index_template_settings_logs.json --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure )
-# request returns: {"acknowledged":true}
-if [[ $response != 2* ]]; then
-   log_error "There was an issue loading index template settings into OpenSearch [$response]"
-   exit 1
-else
-   log_debug "Index template settings loaded into OpenSearch [$response]"
+response=$(curl -s -o /dev/null -w "%{http_code}" -XPUT "$es_api_url/_template/viya-logs-template" -H 'Content-Type: application/json' -d @logging/opensearch/set_index_template_settings_logs.json --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
+# request returns: {"acknowledged":true}
+if [[ $response != 2* ]]; then
+    log_error "There was an issue loading index template settings into OpenSearch [$response]"
+    exit 1
+else
+    log_debug "Index template settings loaded into OpenSearch [$response]"
 fi
 
 if [ "$OPENSHIFT_CLUSTER" == "true" ]; then
-   # INFRASTRUCTURE LOGS
-   # Handle "infrastructure" logs differently
-   INFRA_LOG_RETENTION_PERIOD="${INFRA_LOG_RETENTION_PERIOD:-1}"
-   set_retention_period viya_infra_idxmgmt_policy INFRA_LOG_RETENTION_PERIOD
-   add_ism_template "viya_infra_idxmgmt_policy"  "viya_logs-openshift-*"   5
-
-   # Link index management policy Index Template
-   response=$(curl  -s -o /dev/null -w "%{http_code}" -XPUT "$es_api_url/_template/viya-infra-template"   -H 'Content-Type: application/json' -d @logging/opensearch/set_index_template_settings_infra_openshift.json --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure )
-   # request returns: {"acknowledged":true}
-   if [[ $response != 2* ]]; then
-      log_error "There was an issue loading infrastructure index template settings into OpenSearch [$response]"
-      exit 1
-   else
-      log_info "Infrastructure index template settings loaded into OpenSearch [$response]"
-  fi
-fi
-
+    # INFRASTRUCTURE LOGS
+    # Handle "infrastructure" logs differently
+    INFRA_LOG_RETENTION_PERIOD="${INFRA_LOG_RETENTION_PERIOD:-1}"
+    set_retention_period viya_infra_idxmgmt_policy INFRA_LOG_RETENTION_PERIOD
+    add_ism_template "viya_infra_idxmgmt_policy" "viya_logs-openshift-*" 5
+
+    # Link index management policy Index Template
+    response=$(curl -s -o /dev/null -w "%{http_code}" -XPUT "$es_api_url/_template/viya-infra-template" -H 'Content-Type: application/json' -d @logging/opensearch/set_index_template_settings_infra_openshift.json --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
+    # request returns: {"acknowledged":true}
+    if [[ $response != 2* ]]; then
+        log_error "There was an issue loading infrastructure index template settings into OpenSearch [$response]"
+        exit 1
+    else
+        log_info "Infrastructure index template settings loaded into OpenSearch [$response]"
+    fi
+fi
 
 # METALOGGING: Create index management policy object & link policy to index template
 # ...index management policy automates the deletion of indexes after the specified time
@@ -211,17 +208,17 @@
 
 OPS_LOG_RETENTION_PERIOD="${OPS_LOG_RETENTION_PERIOD:-1}"
 set_retention_period viya_ops_idxmgmt_policy OPS_LOG_RETENTION_PERIOD
-add_ism_template "viya_ops_idxmgmt_policy"  "viya_ops-*"  50
+add_ism_template "viya_ops_idxmgmt_policy" "viya_ops-*" 50
 
 # Load template
-response=$(curl -s -o /dev/null -w "%{http_code}" -XPUT "$es_api_url/_template/viya-ops-template" -H 'Content-Type: application/json'  -d @logging/opensearch/set_index_template_settings_ops.json --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
-# request returns: {"acknowledged":true}
-
-if [[ $response != 2* ]]; then
-   log_error "There was an issue loading monitoring index template settings into OpenSearch [$response]"
-   exit 1
-else
-   log_debug "Monitoring index template template settings loaded into OpenSearch [$response]"
+response=$(curl -s -o /dev/null -w "%{http_code}" -XPUT "$es_api_url/_template/viya-ops-template" -H 'Content-Type: application/json' -d @logging/opensearch/set_index_template_settings_ops.json --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
+# request returns: {"acknowledged":true}
+
+if [[ $response != 2* ]]; then
+    log_error "There was an issue loading monitoring index template settings into OpenSearch [$response]"
+    exit 1
+else
+    log_debug "Monitoring index template template settings loaded into OpenSearch [$response]"
 fi
 echo ""
 
@@ -236,45 +233,43 @@
 LOG_CREATE_LOGADM_USER=${LOG_CREATE_LOGADM_USER:-true}
 if [ "$LOG_CREATE_LOGADM_USER" == "true" ]; then
 
-   if user_exists logadm; then
-      log_warn "A user 'logadm' already exists; leaving that user as-is.  Review its definition in OpenSearch Dashboards and update it, or create another user, as needed."
-   else
-      log_debug "Creating the 'logadm' user"
-
-      LOG_LOGADM_PASSWD=${LOG_LOGADM_PASSWD:-$ES_ADMIN_PASSWD}
-      if [ -z "$LOG_LOGADM_PASSWD" ]; then
-         log_debug "Creating a random password for the 'logadm' user"
-         LOG_LOGADM_PASSWD="$(randomPassword)"
-         add_notice ""
-         add_notice "**The OpenSearch 'logadm' Account**"
-         add_notice "Generated 'logadm' password:  $LOG_LOGADM_PASSWD"
-      fi
-
-      #create the user
-      LOGGING_DRIVER=true ./logging/bin/user.sh CREATE -ns _all_ -t _all_ -u logadm -p $LOG_LOGADM_PASSWD
-   fi
-else
-   log_debug "Skipping creation of 'logadm' user because LOG_CREATE_LOGADM_USER not 'true' [$LOG_CREATE_LOGADM_USER]"
+    if user_exists logadm; then
+        log_warn "A user 'logadm' already exists; leaving that user as-is.  Review its definition in OpenSearch Dashboards and update it, or create another user, as needed."
+    else
+        log_debug "Creating the 'logadm' user"
+
+        LOG_LOGADM_PASSWD=${LOG_LOGADM_PASSWD:-$ES_ADMIN_PASSWD}
+        if [ -z "$LOG_LOGADM_PASSWD" ]; then
+            log_debug "Creating a random password for the 'logadm' user"
+            LOG_LOGADM_PASSWD="$(randomPassword)"
+            add_notice ""
+            add_notice "**The OpenSearch 'logadm' Account**"
+            add_notice "Generated 'logadm' password:  $LOG_LOGADM_PASSWD"
+        fi
+
+        #create the user
+        LOGGING_DRIVER=true ./logging/bin/user.sh CREATE -ns _all_ -t _all_ -u logadm -p $LOG_LOGADM_PASSWD
+    fi
+else
+    log_debug "Skipping creation of 'logadm' user because LOG_CREATE_LOGADM_USER not 'true' [$LOG_CREATE_LOGADM_USER]"
 fi
 
 #Initialize OSD Reporting Plugin indices
 INIT_OSD_RPT_IDX=${INIT_OSD_RPT_IDX:-true}
 if [ "$INIT_OSD_RPT_IDX" == "true" ]; then
-   log_debug "Initializing OpenSearch Dashboards Reporting plugin indices"
-   response=$(curl -s -o /dev/null -w "%{http_code}" -XGET "$es_api_url/_plugins/_reports/instances"   --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
-   log_debug "OSD_RPT_IDX (instances) Response [$response]"
-   response=$(curl -s -o /dev/null -w "%{http_code}" -XGET "$es_api_url/_plugins/_reports/definitions" --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
-   log_debug "OSD_RPT_IDX (definitions) Response [$response]"
-fi
-
+    log_debug "Initializing OpenSearch Dashboards Reporting plugin indices"
+    response=$(curl -s -o /dev/null -w "%{http_code}" -XGET "$es_api_url/_plugins/_reports/instances" --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
+    log_debug "OSD_RPT_IDX (instances) Response [$response]"
+    response=$(curl -s -o /dev/null -w "%{http_code}" -XGET "$es_api_url/_plugins/_reports/definitions" --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
+    log_debug "OSD_RPT_IDX (definitions) Response [$response]"
+fi
 
 LOGGING_DRIVER=${LOGGING_DRIVER:-false}
 if [ "$LOGGING_DRIVER" != "true" ]; then
-   echo ""
-   display_notices
-   echo ""
-fi
-
+    echo ""
+    display_notices
+    echo ""
+fi
 
 log_info "Content has been loaded into OpenSearch"
 
diff logging/bin/deploy_openshift_prereqs.sh.orig logging/bin/deploy_openshift_prereqs.sh
--- logging/bin/deploy_openshift_prereqs.sh.orig
+++ logging/bin/deploy_openshift_prereqs.sh
@@ -6,7 +6,7 @@
 cd "$(dirname $BASH_SOURCE)/../.."
 source logging/bin/common.sh
 
-this_script=`basename "$0"`
+this_script=$(basename "$0")
 
 log_debug "Script [$this_script] has started [$(date)]"
 
@@ -14,26 +14,25 @@
 OPENSHIFT_PREREQS_ENABLE=${OPENSHIFT_PREREQS_ENABLE:-true}
 
 if [ "$OPENSHIFT_PREREQS_ENABLE" != "true" ]; then
-  log_info "Environment variable [OPENSHIFT_PREREQS_ENABLE] is not set to 'true'; exiting WITHOUT deploying OpenShift Prerequisites"
-  exit
-fi
-
+    log_info "Environment variable [OPENSHIFT_PREREQS_ENABLE] is not set to 'true'; exiting WITHOUT deploying OpenShift Prerequisites"
+    exit
+fi
 
 # link OpenSearch serviceAccounts to 'privileged' scc
 oc adm policy add-scc-to-user privileged -z v4m-os -n $LOG_NS
 
 # create the 'v4m-logging-v2' SCC, if it does not already exist
-if oc get scc v4m-logging-v2 2>/dev/null 1>&2; then
-   log_info "Skipping scc creation; using existing scc [v4m-logging-v2]"
-else
-   oc create -f logging/openshift/fb_v4m-logging-v2_scc.yaml
+if oc get scc v4m-logging-v2 2> /dev/null 1>&2; then
+    log_info "Skipping scc creation; using existing scc [v4m-logging-v2]"
+else
+    oc create -f logging/openshift/fb_v4m-logging-v2_scc.yaml
 fi
 
 # create the 'v4m-k8sevents' SCC, if it does not already exist
-if oc get scc v4m-k8sevents 2>/dev/null 1>&2; then
-   log_info "Skipping scc creation; using existing scc [v4m-k8sevents]"
-else
-   oc create -f logging/openshift/fb_v4m-k8sevents_scc.yaml
+if oc get scc v4m-k8sevents 2> /dev/null 1>&2; then
+    log_info "Skipping scc creation; using existing scc [v4m-k8sevents]"
+else
+    oc create -f logging/openshift/fb_v4m-k8sevents_scc.yaml
 fi
 
 log_info "OpenShift Prerequisites have been deployed."
diff logging/bin/deploy_osd.sh.orig logging/bin/deploy_osd.sh
--- logging/bin/deploy_osd.sh.orig
+++ logging/bin/deploy_osd.sh
@@ -10,7 +10,7 @@
 source bin/autogenerate-include.sh
 source logging/bin/apiaccess-include.sh
 
-this_script=`basename "$0"`
+this_script=$(basename "$0")
 
 log_debug "Script [$this_script] has started [$(date)]"
 
@@ -17,8 +17,8 @@
 OPENSEARCHDASH_ENABLE=${OPENSEARCHDASH_ENABLE:-true}
 
 if [ "$OPENSEARCHDASH_ENABLE" != "true" ]; then
-  log_verbose "Environment variable [OPENSEARCHDASH_ENABLE] is not set to 'true'; exiting WITHOUT deploying OpenSearch Dashboards"
-  exit 0
+    log_verbose "Environment variable [OPENSEARCHDASH_ENABLE] is not set to 'true'; exiting WITHOUT deploying OpenSearch Dashboards"
+    exit 0
 fi
 
 set -e
@@ -28,13 +28,12 @@
 #
 
 #Generate yaml file with all container-related keys
-generateImageKeysFile "$OSD_FULL_IMAGE"         "logging/opensearch/osd_container_image.template"
-
+generateImageKeysFile "$OSD_FULL_IMAGE" "logging/opensearch/osd_container_image.template"
 
 # Confirm namespace exists
-if [ "$(kubectl get ns $LOG_NS -o name 2>/dev/null)" == "" ]; then
-  log_error "Namespace [$LOG_NS] does NOT exist."
-  exit 1
+if [ "$(kubectl get ns $LOG_NS -o name 2> /dev/null)" == "" ]; then
+    log_error "Namespace [$LOG_NS] does NOT exist."
+    exit 1
 fi
 
 # get credentials
@@ -41,14 +40,14 @@
 export ES_KIBANASERVER_PASSWD=${ES_KIBANASERVER_PASSWD}
 
 # Create secrets containing internal user credentials
-create_user_secret internal-user-kibanaserver kibanaserver "$ES_KIBANASERVER_PASSWD"  managed-by=v4m-es-script
+create_user_secret internal-user-kibanaserver kibanaserver "$ES_KIBANASERVER_PASSWD" managed-by=v4m-es-script
 
 # Verify cert generator is available (if necessary)
 if verify_cert_generator $LOG_NS kibana; then
-  log_debug "cert generator check OK [$cert_generator_ok]"
-else
-  log_error "A required TLS cert does not exist and the expected certificate generator mechanism [$cert_generator] is not available to create the missing cert"
-  exit 1
+    log_debug "cert generator check OK [$cert_generator_ok]"
+else
+    log_error "A required TLS cert does not exist and the expected certificate generator mechanism [$cert_generator] is not available to create the missing cert"
+    exit 1
 fi
 
 # Create/Get necessary TLS certs
@@ -59,66 +58,66 @@
 
 if [ "$AUTOGENERATE_INGRESS" == "true" ] && [ "$OSD_INGRESS_ENABLE" == "true" ]; then
 
-   autogeneratedYAMLFile="$TMP_DIR/autogenerate-osd.yaml"
-
-   if [ ! -f "$autogeneratedYAMLFile" ]; then
-      log_debug "Creating file [$autogeneratedYAMLFile]"
-      touch "$autogeneratedYAMLFile"
-   else
-      log_debug "File [$autogeneratedYAMLFile] already exists"
-   fi
-
-   osdIngressCert="${OSD_INGRESS_CERT}"
-   osdIngressKey="${OSD_INGRESS_KEY}"
-   
-   create_ingress_certs "$LOG_NS" kibana-ingress-tls-secret "$osdIngressCert" "$osdIngressKey" 
-
-   ROUTING="${ROUTING:-host}"
-
-   ## tested with sample version: 0.2.1
-   ingressSampleFile="samples/ingress/${ROUTING}-based-ingress/logging/user-values-osd.yaml"
-
-   #intialized the yaml file w/appropriate ingress sample
-   yq -i eval-all '. as $item ireduce ({}; . * $item )' "$autogeneratedYAMLFile" "$ingressSampleFile"
-
-   ###OSD_INGRESS_ENABLE="${OSD_INGRESS_ENABLE:-true}"
-   OSD_FQDN="${OSD_FQDN}"
-   OSD_PATH="${OSD_PATH:-dashboards}"
-   if [ -z "$OSD_FQDN" ]; then
-      if [ "$ROUTING" == "host" ]; then
-         OSD_FQDN="$OSD_PATH.$BASE_DOMAIN"
-      else
-         OSD_FQDN="$BASE_DOMAIN"
-      fi
-   fi
-
-   log_debug "OSD_INGRESS_ENABLE [$OSD_INGRESS_ENABLE] OSD_FQDN [$OSD_FQDN] OSD_PATH [$OSD_PATH]"
-
-   export OSD_INGRESS_ENABLE OSD_FQDN OSD_PATH
-   
-   yq -i '.ingress.enabled=env(OSD_INGRESS_ENABLE)'            $autogeneratedYAMLFile
-   if [ "$ROUTING" == "host" ]; then
-      yq -i '.ingress.hosts.[0].host=strenv(OSD_FQDN)'         $autogeneratedYAMLFile
-      yq -i '.ingress.tls.[0].hosts.[0]=env(OSD_FQDN)'         $autogeneratedYAMLFile
-   else
-
-      export slashpath="/$OSD_PATH"
-
-      yq -i '(.extraEnvs.[] | select(has("name")) | select(.name == "SERVER_BASEPATH")).value=env(slashpath)' $autogeneratedYAMLFile
-
-      yq -i '.ingress.hosts.[0].host=env(OSD_FQDN)'            $autogeneratedYAMLFile
-      yq -i '.ingress.hosts.[0].paths.[0].path=env(slashpath)' $autogeneratedYAMLFile
-      yq -i '.ingress.tls.[0].hosts.[0]=env(OSD_FQDN)'         $autogeneratedYAMLFile
-      yq -i '.ingress.annotations["nginx.ingress.kubernetes.io/rewrite-target"]=env(slashpath)'               $autogeneratedYAMLFile
-
-      # Need to use printf to preserve newlines
-      printf -v snippet "rewrite (?i)/$OSD_PATH/(.*) /\$1 break;\nrewrite (?i)/${OSD_PATH}$ / break;"  ;
-      snippet="$snippet"    yq -i '.ingress.annotations["nginx.ingress.kubernetes.io/configuration-snippet"]=strenv(snippet)'  $autogeneratedYAMLFile
-
-      unset slashpath
-   fi
-else
-   log_debug "Autogeneration of ingresss NOT enabled"
+    autogeneratedYAMLFile="$TMP_DIR/autogenerate-osd.yaml"
+
+    if [ ! -f "$autogeneratedYAMLFile" ]; then
+        log_debug "Creating file [$autogeneratedYAMLFile]"
+        touch "$autogeneratedYAMLFile"
+    else
+        log_debug "File [$autogeneratedYAMLFile] already exists"
+    fi
+
+    osdIngressCert="${OSD_INGRESS_CERT}"
+    osdIngressKey="${OSD_INGRESS_KEY}"
+
+    create_ingress_certs "$LOG_NS" kibana-ingress-tls-secret "$osdIngressCert" "$osdIngressKey"
+
+    ROUTING="${ROUTING:-host}"
+
+    ## tested with sample version: 0.2.1
+    ingressSampleFile="samples/ingress/${ROUTING}-based-ingress/logging/user-values-osd.yaml"
+
+    #intialized the yaml file w/appropriate ingress sample
+    yq -i eval-all '. as $item ireduce ({}; . * $item )' "$autogeneratedYAMLFile" "$ingressSampleFile"
+
+    ###OSD_INGRESS_ENABLE="${OSD_INGRESS_ENABLE:-true}"
+    OSD_FQDN="${OSD_FQDN}"
+    OSD_PATH="${OSD_PATH:-dashboards}"
+    if [ -z "$OSD_FQDN" ]; then
+        if [ "$ROUTING" == "host" ]; then
+            OSD_FQDN="$OSD_PATH.$BASE_DOMAIN"
+        else
+            OSD_FQDN="$BASE_DOMAIN"
+        fi
+    fi
+
+    log_debug "OSD_INGRESS_ENABLE [$OSD_INGRESS_ENABLE] OSD_FQDN [$OSD_FQDN] OSD_PATH [$OSD_PATH]"
+
+    export OSD_INGRESS_ENABLE OSD_FQDN OSD_PATH
+
+    yq -i '.ingress.enabled=env(OSD_INGRESS_ENABLE)' $autogeneratedYAMLFile
+    if [ "$ROUTING" == "host" ]; then
+        yq -i '.ingress.hosts.[0].host=strenv(OSD_FQDN)' $autogeneratedYAMLFile
+        yq -i '.ingress.tls.[0].hosts.[0]=env(OSD_FQDN)' $autogeneratedYAMLFile
+    else
+
+        export slashpath="/$OSD_PATH"
+
+        yq -i '(.extraEnvs.[] | select(has("name")) | select(.name == "SERVER_BASEPATH")).value=env(slashpath)' $autogeneratedYAMLFile
+
+        yq -i '.ingress.hosts.[0].host=env(OSD_FQDN)' $autogeneratedYAMLFile
+        yq -i '.ingress.hosts.[0].paths.[0].path=env(slashpath)' $autogeneratedYAMLFile
+        yq -i '.ingress.tls.[0].hosts.[0]=env(OSD_FQDN)' $autogeneratedYAMLFile
+        yq -i '.ingress.annotations["nginx.ingress.kubernetes.io/rewrite-target"]=env(slashpath)' $autogeneratedYAMLFile
+
+        # Need to use printf to preserve newlines
+        printf -v snippet "rewrite (?i)/$OSD_PATH/(.*) /\$1 break;\nrewrite (?i)/${OSD_PATH}$ / break;"
+        snippet="$snippet" yq -i '.ingress.annotations["nginx.ingress.kubernetes.io/configuration-snippet"]=strenv(snippet)' $autogeneratedYAMLFile
+
+        unset slashpath
+    fi
+else
+    log_debug "Autogeneration of ingresss NOT enabled"
 fi
 
 # enable debug on Helm via env var
@@ -125,48 +124,47 @@
 export HELM_DEBUG="${HELM_DEBUG:-false}"
 
 if [ "$HELM_DEBUG" == "true" ]; then
-  helmDebug="--debug"
-fi
-
-helmRepoAdd opensearch  https://opensearch-project.github.io/helm-charts
+    helmDebug="--debug"
+fi
+
+helmRepoAdd opensearch https://opensearch-project.github.io/helm-charts
 
 KB_KNOWN_NODEPORT_ENABLE=${KB_KNOWN_NODEPORT_ENABLE:-false}
 
 if [ "$KB_KNOWN_NODEPORT_ENABLE" == "true" ]; then
-   KIBANA_PORT=31033
-   log_verbose "Setting OpenSearch Dashboards service NodePort to $KIBANA_PORT"
-   nodeport_yaml=logging/opensearch/osd_helm_values_nodeport.yaml
-else
-   nodeport_yaml=$TMP_DIR/empty.yaml
-   log_debug "OpenSearch Dashboards service NodePort NOT changed to 'known' port because KB_KNOWN_NODEPORT_ENABLE set to [$KB_KNOWN_NODEPORT_ENABLE]."
-fi
-
+    KIBANA_PORT=31033
+    log_verbose "Setting OpenSearch Dashboards service NodePort to $KIBANA_PORT"
+    nodeport_yaml=logging/opensearch/osd_helm_values_nodeport.yaml
+else
+    nodeport_yaml=$TMP_DIR/empty.yaml
+    log_debug "OpenSearch Dashboards service NodePort NOT changed to 'known' port because KB_KNOWN_NODEPORT_ENABLE set to [$KB_KNOWN_NODEPORT_ENABLE]."
+fi
 
 # OpenSearch Dashboards user customizations
 OSD_USER_YAML="${OSD_USER_YAML:-$USER_DIR/logging/user-values-osd.yaml}"
 if [ ! -f "$OSD_USER_YAML" ]; then
-  log_debug "[$OSD_USER_YAML] not found. Using $TMP_DIR/empty.yaml"
-  OSD_USER_YAML=$TMP_DIR/empty.yaml
+    log_debug "[$OSD_USER_YAML] not found. Using $TMP_DIR/empty.yaml"
+    OSD_USER_YAML=$TMP_DIR/empty.yaml
 fi
 
 # Require TLS into OpenSearch Dashboards (nee Kibana)?
 OSD_TLS_ENABLE=${OSD_TLS_ENABLE:-$TLS_ENABLE}
 if [ -z "$OSD_TLS_ENABLE" ]; then
-   #set to 'true' if still not set
-   OSD_TLS_ENABLE="true"
+    #set to 'true' if still not set
+    OSD_TLS_ENABLE="true"
 fi
 
 #(Re)Create secret containing OSD TLS Setting
-kubectl -n $LOG_NS delete secret          v4m-osd-tls-enabled  --ignore-not-found
-kubectl -n $LOG_NS create secret generic  v4m-osd-tls-enabled  --from-literal enable_tls="$OSD_TLS_ENABLE"
+kubectl -n $LOG_NS delete secret v4m-osd-tls-enabled --ignore-not-found
+kubectl -n $LOG_NS create secret generic v4m-osd-tls-enabled --from-literal enable_tls="$OSD_TLS_ENABLE"
 
 # OpenSearch Dashboards
 log_info "Deploying OpenSearch Dashboards"
 
 # Remove pre-OSD 2.19.0 version due to label changes
-if [ "$(kubectl -n $LOG_NS get deployment v4m-osd -o jsonpath={.spec.template.metadata.labels} 2>/dev/null)" == '{"app":"opensearch-dashboards","release":"v4m-osd"}' ]; then
-   log_debug "An earlier version of OpenSearch Dashboards (>2.19) was found running and will be removed"
-   kubectl -n $LOG_NS delete deployment v4m-osd
+if [ "$(kubectl -n $LOG_NS get deployment v4m-osd -o jsonpath={.spec.template.metadata.labels} 2> /dev/null)" == '{"app":"opensearch-dashboards","release":"v4m-osd"}' ]; then
+    log_debug "An earlier version of OpenSearch Dashboards (>2.19) was found running and will be removed"
+    kubectl -n $LOG_NS delete deployment v4m-osd
 fi
 
 # Enable workload node placement?
@@ -174,11 +172,11 @@
 
 # Optional workload node placement support
 if [ "$LOG_NODE_PLACEMENT_ENABLE" == "true" ]; then
-  log_verbose "Enabling OpenSearch Dashboards for workload node placement"
-  wnpValuesFile="logging/node-placement/values-osd-wnp.yaml"
-else
-  log_debug "Workload node placement support is disabled for OpenSearch Dashboards"
-  wnpValuesFile="$TMP_DIR/empty.yaml"
+    log_verbose "Enabling OpenSearch Dashboards for workload node placement"
+    wnpValuesFile="logging/node-placement/values-osd-wnp.yaml"
+else
+    log_debug "Workload node placement support is disabled for OpenSearch Dashboards"
+    wnpValuesFile="$TMP_DIR/empty.yaml"
 fi
 
 OSD_PATH_INGRESS_YAML=$TMP_DIR/empty.yaml
@@ -186,7 +184,6 @@
     OSD_PATH_INGRESS_YAML=logging/openshift/values-osd-path-route-openshift.yaml
 fi
 
-
 OPENSHIFT_SPECIFIC_YAML=$TMP_DIR/empty.yaml
 if [ "$OPENSHIFT_CLUSTER" == "true" ]; then
     OPENSHIFT_SPECIFIC_YAML=logging/openshift/values-osd-openshift.yaml
@@ -194,15 +191,14 @@
 
 # YAML file container auto-generated ingress definitions (or not)
 if [ ! -f "$autogeneratedYAMLFile" ]; then
-  log_debug "[$autogeneratedYAMLFile] not found. Using $TMP_DIR/empty.yaml"
-  autogeneratedYAMLFile="$TMP_DIR/empty.yaml"
-fi
-
+    log_debug "[$autogeneratedYAMLFile] not found. Using $TMP_DIR/empty.yaml"
+    autogeneratedYAMLFile="$TMP_DIR/empty.yaml"
+fi
 
 # Get Helm Chart Name
 log_debug "OpenSearch Dashboards Helm Chart: repo [$OSD_HELM_CHART_REPO] name [$OSD_HELM_CHART_NAME] version [$OSD_HELM_CHART_VERSION]"
 chart2install="$(get_helmchart_reference $OSD_HELM_CHART_REPO $OSD_HELM_CHART_NAME $OSD_HELM_CHART_VERSION)"
-versionstring="$(get_helm_versionstring  $OSD_HELM_CHART_VERSION)"
+versionstring="$(get_helm_versionstring $OSD_HELM_CHART_VERSION)"
 
 log_debug "Installing Helm chart from artifact [$chart2install]"
 
@@ -219,16 +215,15 @@
     --values "$OPENSHIFT_SPECIFIC_YAML" \
     --values "$OSD_PATH_INGRESS_YAML" \
     --set fullnameOverride=v4m-osd \
-   $chart2install
+    $chart2install
 
 log_info "OpenSearch Dashboards has been deployed"
 
-
 #Container Security: Disable serviceAccount Token Automounting
 if [ "$OPENSHIFT_CLUSTER" == "true" ]; then
-   disable_sa_token_automount $LOG_NS v4m-os
-else
-   disable_sa_token_automount $LOG_NS v4m-osd-dashboards
+    disable_sa_token_automount $LOG_NS v4m-os
+else
+    disable_sa_token_automount $LOG_NS v4m-osd-dashboards
 fi
 
 log_debug "Script [$this_script] has completed [$(date)]"
diff logging/bin/deploy_osd_content.sh.orig logging/bin/deploy_osd_content.sh
--- logging/bin/deploy_osd_content.sh.orig
+++ logging/bin/deploy_osd_content.sh
@@ -10,7 +10,7 @@
 source logging/bin/apiaccess-include.sh
 source logging/bin/rbac-include.sh
 
-this_script=`basename "$0"`
+this_script=$(basename "$0")
 
 log_debug "Script [$this_script] has started [$(date)]"
 
@@ -17,8 +17,8 @@
 KIBANA_CONTENT_DEPLOY=${KIBANA_CONTENT_DEPLOY:-${ELASTICSEARCH_ENABLE:-true}}
 
 if [ "$KIBANA_CONTENT_DEPLOY" != "true" ]; then
-  log_verbose "Environment variable [KIBANA_CONTENT_DEPLOY] is not set to 'true'; exiting WITHOUT deploying content into OpenSearch Dashboards"
-  exit 0
+    log_verbose "Environment variable [KIBANA_CONTENT_DEPLOY] is not set to 'true'; exiting WITHOUT deploying content into OpenSearch Dashboards"
+    exit 0
 fi
 
 # temp file used to capture command output
@@ -25,61 +25,62 @@
 tmpfile=$TMP_DIR/output.txt
 
 # Confirm namespace exists
-if [ "$(kubectl get ns $LOG_NS -o name 2>/dev/null)" == "" ]; then
-  log_error "Namespace [$LOG_NS] does NOT exist."
-  exit 1
+if [ "$(kubectl get ns $LOG_NS -o name 2> /dev/null)" == "" ]; then
+    log_error "Namespace [$LOG_NS] does NOT exist."
+    exit 1
 fi
 
 # get credentials
 get_credentials_from_secret admin
 rc=$?
-if [ "$rc" != "0" ] ;then log_debug "RC=$rc"; exit $rc;fi
+if [ "$rc" != "0" ]; then
+    log_debug "RC=$rc"
+    exit $rc
+fi
 
 set -e
 
 log_info "Configuring OpenSearch Dashboards...this may take a few minutes"
 
-
 # wait for pod to show as "running" and "ready"
 log_info "Waiting for OpenSearch Dashboards pods to be ready ($(date) - timeout 10m)"
-osdlabels="$(kubectl -n $LOG_NS get deployment v4m-osd -o=jsonpath='{.spec.selector.matchLabels}'| tr -d '{}"' | tr : '=')"
-
-kubectl -n $LOG_NS wait pods --selector "$osdlabels"  --for condition=Ready --timeout=10m
-
-set +e  # disable exit on error
+osdlabels="$(kubectl -n $LOG_NS get deployment v4m-osd -o=jsonpath='{.spec.selector.matchLabels}' | tr -d '{}"' | tr : '=')"
+
+kubectl -n $LOG_NS wait pods --selector "$osdlabels" --for condition=Ready --timeout=10m
+
+set +e # disable exit on error
 
 # Need to wait 2-3 minutes for OSD to come up and
 # and be ready to accept the curl commands below
 # Confirm OSD is ready
 log_info "Waiting (up to more 8 minutes) for OpenSearch Dashboards API endpoint to be ready"
-for pause in 30 30 60 30 30 30 30 30 30 60 60 60 
-do
-
-   get_kb_api_url
-   response=$(curl -s -o /dev/null -w  "%{http_code}" -XGET  "${kb_api_url}/api/status"  --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD  --insecure)
-   # returns 503 (and outputs "Kibana server is not ready yet") when Kibana isn't ready yet
-   # TO DO: check for 503 specifically?
-   rc=$?
-   if [[ $response != 2* ]]; then
-      log_debug "The OpenSearch Dashboards REST endpoint does not appear to be quite ready [$response/$rc]; sleeping for [$pause] more seconds before checking again."
-      stop_kb_portforwarding
-      sleep ${pause}
-   else
-      log_verbose "The OpenSearch Dashboards REST endpoint appears to be ready...continuing"
-      kibanaready="TRUE"
-      break
-   fi
+for pause in 30 30 60 30 30 30 30 30 30 60 60 60; do
+
+    get_kb_api_url
+    response=$(curl -s -o /dev/null -w "%{http_code}" -XGET "${kb_api_url}/api/status" --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
+    # returns 503 (and outputs "Kibana server is not ready yet") when Kibana isn't ready yet
+    # TO DO: check for 503 specifically?
+    rc=$?
+    if [[ $response != 2* ]]; then
+        log_debug "The OpenSearch Dashboards REST endpoint does not appear to be quite ready [$response/$rc]; sleeping for [$pause] more seconds before checking again."
+        stop_kb_portforwarding
+        sleep ${pause}
+    else
+        log_verbose "The OpenSearch Dashboards REST endpoint appears to be ready...continuing"
+        kibanaready="TRUE"
+        break
+    fi
 done
 
 set -e
 
 if [ "$kibanaready" != "TRUE" ]; then
-   log_error "The OpenSearch Dashboards REST endpoint has NOT become accessible in the expected time; exiting."
-   log_error "Review the OpenSearch Dashboards pod's events and log to identify the issue and resolve it before trying again."
-   exit 1
-fi
-
-set +e  # disable exit on error
+    log_error "The OpenSearch Dashboards REST endpoint has NOT become accessible in the expected time; exiting."
+    log_error "Review the OpenSearch Dashboards pod's events and log to identify the issue and resolve it before trying again."
+    exit 1
+fi
+
+set +e # disable exit on error
 
 # get Security API URL
 get_sec_api_url
@@ -88,21 +89,21 @@
 #   Should only be true during UIP scenario b/c our updated securityconfig processing
 #   is bypassed (to prevent clobbering post-deployment changes made via OSD).
 if ! kibana_tenant_exists "cluster_admins"; then
-   create_kibana_tenant "cluster_admins" "Tenant space for Cluster Administrators"
-   rc=$?
-   if [ "$rc" != "0" ]; then
-      log_error "Problems were encountered while attempting to create tenant space [cluster_admins]."
-      exit 1
-   fi
+    create_kibana_tenant "cluster_admins" "Tenant space for Cluster Administrators"
+    rc=$?
+    if [ "$rc" != "0" ]; then
+        log_error "Problems were encountered while attempting to create tenant space [cluster_admins]."
+        exit 1
+    fi
 else
-   log_debug "The OpenSearch Dashboards tenant space [cluster_admins] exists."
+    log_debug "The OpenSearch Dashboards tenant space [cluster_admins] exists."
 fi
 
 # Import OSD Searches, Visualizations and Dashboard Objects using curl
-./logging/bin/import_osd_content.sh logging/osd/common          cluster_admins
-./logging/bin/import_osd_content.sh logging/osd/cluster_admins  cluster_admins
-./logging/bin/import_osd_content.sh logging/osd/namespace       cluster_admins
-./logging/bin/import_osd_content.sh logging/osd/tenant          cluster_admins
+./logging/bin/import_osd_content.sh logging/osd/common cluster_admins
+./logging/bin/import_osd_content.sh logging/osd/cluster_admins cluster_admins
+./logging/bin/import_osd_content.sh logging/osd/namespace cluster_admins
+./logging/bin/import_osd_content.sh logging/osd/tenant cluster_admins
 
 log_info "Configuring OpenSearch Dashboards has been completed"
 
----------

You can reformat the above files to meet shfmt's requirements by typing:

  shfmt -s -i 4 -bn -sr -ln bash -w filename

@gsmith-sas gsmith-sas merged commit c5c1fa3 into main Jun 17, 2025
1 of 2 checks passed
@gsmith-sas gsmith-sas deleted the removemigrate branch June 18, 2025 15:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ceelias ceelias ceelias approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@gsmith-sas @ceelias