'shellcheck -e SC1004' returned error 1 finding the following syntactical issues:

----------

In logging/bin/apiaccess-include.sh line 34:
      kill -9 $pid
              ^--^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      kill -9 "$pid"


In logging/bin/apiaccess-include.sh line 35:
      wait $pid 2>/dev/null  # suppresses message reporting process has been killed
           ^--^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      wait "$pid" 2>/dev/null  # suppresses message reporting process has been killed


In logging/bin/apiaccess-include.sh line 56:
      stop_portforwarding $espfpid
                          ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      stop_portforwarding "$espfpid"


In logging/bin/apiaccess-include.sh line 71:
      stop_portforwarding $kbpfpid
                          ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      stop_portforwarding "$kbpfpid"


In logging/bin/apiaccess-include.sh line 90:
   api_url=$(get_service_url "$LOG_NS" "$servicename" "$usetls" $ingress)
                                                                ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   api_url=$(get_service_url "$LOG_NS" "$servicename" "$usetls" "$ingress")


In logging/bin/apiaccess-include.sh line 97:
      serviceport=$(kubectl -n $LOG_NS get service $servicename -o=jsonpath=$portpath)
                               ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                   ^----------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                            ^-------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      serviceport=$(kubectl -n "$LOG_NS" get service "$servicename" -o=jsonpath="$portpath")


In logging/bin/apiaccess-include.sh line 102:
      kubectl -n $LOG_NS port-forward --address localhost svc/$servicename :$serviceport > $tmpfile 2>/dev/null &
                 ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                              ^----------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                            ^----------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                           ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      kubectl -n "$LOG_NS" port-forward --address localhost svc/"$servicename" :"$serviceport" > "$tmpfile" 2>/dev/null &


In logging/bin/apiaccess-include.sh line 113:
      myline=$(head -n1  $tmpfile)
                         ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      myline=$(head -n1  "$tmpfile")


In logging/bin/apiaccess-include.sh line 179:
   tlsrequired="$(kubectl -n $LOG_NS get secret v4m-osd-tls-enabled -o=jsonpath={.data.enable_tls} |base64 --decode)"
                             ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                ^-- SC1083 (warning): This { is literal. Check expression (missing ;/\n?) or quote it.
                                                                                                 ^-- SC1083 (warning): This } is literal. Check expression (missing ;/\n?) or quote it.

Did you mean: 
   tlsrequired="$(kubectl -n "$LOG_NS" get secret v4m-osd-tls-enabled -o=jsonpath={.data.enable_tls} |base64 --decode)"


In logging/bin/apiaccess-include.sh line 182:
   get_api_url "$KB_SERVICENAME" '{.spec.ports[?(@.name=="'${KB_SERVICEPORT}'")].port}'  $tlsrequired  $KB_INGRESSNAME
                                                           ^---------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                         ^----------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                       ^-------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   get_api_url "$KB_SERVICENAME" '{.spec.ports[?(@.name=="'"${KB_SERVICEPORT}"'")].port}'  "$tlsrequired"  "$KB_INGRESSNAME"


In logging/bin/change_internal_password.sh line 6:
cd "$(dirname $BASH_SOURCE)/../.."
              ^----------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
cd "$(dirname "$BASH_SOURCE")/../.."


In logging/bin/change_internal_password.sh line 7:
CHECK_HELM=false
^--------^ SC2034 (warning): CHECK_HELM appears unused. Verify use (or export if used externally).


In logging/bin/change_internal_password.sh line 12:
this_script=`basename "$0"`
            ^-------------^ SC2006 (style): Use $(...) notation instead of legacy backticks `...`.

Did you mean: 
this_script=$(basename "$0")


In logging/bin/change_internal_password.sh line 79:
   if [ -z "$(kubectl -n $LOG_NS get secret internal-user-$USER_NAME -o=name 2>/dev/null)" ]; then
                         ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                          ^--------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   if [ -z "$(kubectl -n "$LOG_NS" get secret internal-user-"$USER_NAME" -o=name 2>/dev/null)" ]; then


In logging/bin/change_internal_password.sh line 85:
      ES_USER=$(kubectl -n $LOG_NS get secret internal-user-$USER_NAME -o=jsonpath="{.data.\username}" |base64 --decode)
                           ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                            ^--------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      ES_USER=$(kubectl -n "$LOG_NS" get secret internal-user-"$USER_NAME" -o=jsonpath="{.data.\username}" |base64 --decode)


In logging/bin/change_internal_password.sh line 86:
      ES_PASSWD=$(kubectl -n $LOG_NS get secret internal-user-$USER_NAME -o=jsonpath="{.data.password}" |base64 --decode)
                             ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                              ^--------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      ES_PASSWD=$(kubectl -n "$LOG_NS" get secret internal-user-"$USER_NAME" -o=jsonpath="{.data.password}" |base64 --decode)


In logging/bin/change_internal_password.sh line 106:
      ES_ADMIN_USER=$(kubectl -n $LOG_NS get secret internal-user-admin -o=jsonpath="{.data.username}" |base64 --decode)
                                 ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      ES_ADMIN_USER=$(kubectl -n "$LOG_NS" get secret internal-user-admin -o=jsonpath="{.data.username}" |base64 --decode)


In logging/bin/change_internal_password.sh line 107:
      ES_ADMIN_PASSWD=$(kubectl -n $LOG_NS get secret internal-user-admin -o=jsonpath="{.data.password}" |base64 --decode)
                                   ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      ES_ADMIN_PASSWD=$(kubectl -n "$LOG_NS" get secret internal-user-admin -o=jsonpath="{.data.password}" |base64 --decode)


In logging/bin/change_internal_password.sh line 110:
      kubectl -n $LOG_NS exec $targetpod -c $targetcontainer --  chmod +x $toolsrootdir/tools/hash.sh
                 ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      kubectl -n "$LOG_NS" exec $targetpod -c $targetcontainer --  chmod +x $toolsrootdir/tools/hash.sh


In logging/bin/change_internal_password.sh line 112:
      hashed_passwd=$(kubectl -n $LOG_NS exec $targetpod  -c $targetcontainer --  $toolsrootdir/tools/hash.sh -p $NEW_PASSWD|grep -v '*')
                                 ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                 ^---------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                                     ^-^ SC2063 (warning): Grep uses regex, but this looks like a glob.

Did you mean: 
      hashed_passwd=$(kubectl -n "$LOG_NS" exec $targetpod  -c $targetcontainer --  $toolsrootdir/tools/hash.sh -p "$NEW_PASSWD"|grep -v '*')


In logging/bin/change_internal_password.sh line 117:
         response=$(curl -s -o /dev/null -w "%{http_code}"  -XPATCH "$sec_api_url/internalusers/$ES_USER"   -H 'Content-Type: application/json' -d'[{"op" : "replace", "path" : "/hash", "value" : "'"$hashed_passwd"'"}]'  --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
                                                                                                                                                                                                                                   ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                                                                                                                                                  ^--------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
         response=$(curl -s -o /dev/null -w "%{http_code}"  -XPATCH "$sec_api_url/internalusers/$ES_USER"   -H 'Content-Type: application/json' -d'[{"op" : "replace", "path" : "/hash", "value" : "'"$hashed_passwd"'"}]'  --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)


In logging/bin/change_internal_password.sh line 151:
      kubectl -n $LOG_NS exec $targetpod  -c $targetcontainer --  chmod +x $toolsrootdir/tools/hash.sh
                 ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      kubectl -n "$LOG_NS" exec $targetpod  -c $targetcontainer --  chmod +x $toolsrootdir/tools/hash.sh


In logging/bin/change_internal_password.sh line 153:
      hashed_passwd=$(kubectl -n $LOG_NS exec $targetpod  -c $targetcontainer --  $toolsrootdir/tools/hash.sh -p $NEW_PASSWD|grep -v '*')
                                 ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                 ^---------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                                     ^-^ SC2063 (warning): Grep uses regex, but this looks like a glob.

Did you mean: 
      hashed_passwd=$(kubectl -n "$LOG_NS" exec $targetpod  -c $targetcontainer --  $toolsrootdir/tools/hash.sh -p "$NEW_PASSWD"|grep -v '*')


In logging/bin/change_internal_password.sh line 157:
      rm -f $TMP_DIR/tls.crt
            ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      rm -f "$TMP_DIR"/tls.crt


In logging/bin/change_internal_password.sh line 158:
      admin_tls_cert=$(kubectl -n $LOG_NS get secrets es-admin-tls-secret -o "jsonpath={.data['tls\.crt']}")
                                  ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      admin_tls_cert=$(kubectl -n "$LOG_NS" get secrets es-admin-tls-secret -o "jsonpath={.data['tls\.crt']}")


In logging/bin/change_internal_password.sh line 164:
         echo "$admin_tls_cert" |base64 --decode > $TMP_DIR/admin_tls.crt
                                                   ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
         echo "$admin_tls_cert" |base64 --decode > "$TMP_DIR"/admin_tls.crt


In logging/bin/change_internal_password.sh line 167:
         rm -f $TMP_DIR/tls.key
               ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
         rm -f "$TMP_DIR"/tls.key


In logging/bin/change_internal_password.sh line 168:
         admin_tls_key=$(kubectl -n $LOG_NS get secrets es-admin-tls-secret -o "jsonpath={.data['tls\.key']}")
                                    ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
         admin_tls_key=$(kubectl -n "$LOG_NS" get secrets es-admin-tls-secret -o "jsonpath={.data['tls\.key']}")


In logging/bin/change_internal_password.sh line 174:
            echo "$admin_tls_key" |base64 --decode > $TMP_DIR/admin_tls.key
                                                     ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
            echo "$admin_tls_key" |base64 --decode > "$TMP_DIR"/admin_tls.key


In logging/bin/change_internal_password.sh line 177:
            response=$(curl -s -o /dev/null -w "%{http_code}" -XPATCH "$sec_api_url/internalusers/$ES_USER"   -H 'Content-Type: application/json' -d'[{"op" : "replace", "path" : "/hash", "value" : "'"$hashed_passwd"'"}]'  --cert $TMP_DIR/admin_tls.crt --key $TMP_DIR/admin_tls.key  --insecure)
                                                                                                                                                                                                                                     ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                                                                                                                                                                  ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
            response=$(curl -s -o /dev/null -w "%{http_code}" -XPATCH "$sec_api_url/internalusers/$ES_USER"   -H 'Content-Type: application/json' -d'[{"op" : "replace", "path" : "/hash", "value" : "'"$hashed_passwd"'"}]'  --cert "$TMP_DIR"/admin_tls.crt --key "$TMP_DIR"/admin_tls.key  --insecure)


In logging/bin/change_internal_password.sh line 202:
     kubectl -n $LOG_NS delete secret internal-user-$USER_NAME  --ignore-not-found
                ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                    ^--------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
     kubectl -n "$LOG_NS" delete secret internal-user-"$USER_NAME"  --ignore-not-found


In logging/bin/change_internal_password.sh line 209:
     create_user_secret internal-user-$USER_NAME $USER_NAME $NEW_PASSWD "$labels"
                                      ^--------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                 ^--------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                            ^---------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
     create_user_secret internal-user-"$USER_NAME" "$USER_NAME" "$NEW_PASSWD" "$labels"


In logging/bin/deploy_esexporter.sh line 6:
cd "$(dirname $BASH_SOURCE)/../.."
              ^----------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
cd "$(dirname "$BASH_SOURCE")/../.."


In logging/bin/deploy_esexporter.sh line 10:
this_script=`basename "$0"`
            ^-------------^ SC2006 (style): Use $(...) notation instead of legacy backticks `...`.

Did you mean: 
this_script=$(basename "$0")


In logging/bin/deploy_esexporter.sh line 28:
if [ "$(kubectl get ns $LOG_NS -o name 2>/dev/null)" == "" ]; then
                       ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
if [ "$(kubectl get ns "$LOG_NS" -o name 2>/dev/null)" == "" ]; then


In logging/bin/deploy_esexporter.sh line 39:
if helm3ReleaseExists es-exporter $LOG_NS; then
                                  ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
if helm3ReleaseExists es-exporter "$LOG_NS"; then


In logging/bin/deploy_esexporter.sh line 42:
   if [ -z $(kubectl -n $LOG_NS get pods -l "app.kubernetes.io/name=prometheus-elasticsearch-exporter,searchbackend=opensearch" -o name 2>/dev/null) ]; then
           ^-- SC2046 (warning): Quote this to prevent word splitting.
                        ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   if [ -z $(kubectl -n "$LOG_NS" get pods -l "app.kubernetes.io/name=prometheus-elasticsearch-exporter,searchbackend=opensearch" -o name 2>/dev/null) ]; then


In logging/bin/deploy_esexporter.sh line 44:
      helm -n $LOG_NS delete es-exporter
              ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      helm -n "$LOG_NS" delete es-exporter


In logging/bin/deploy_esexporter.sh line 47:
   if kubectl get crd servicemonitors.monitoring.coreos.com 2>1 1>/dev/null; then
                                                             ^-- SC2210 (warning): This is a file redirection. Was it supposed to be a comparison or fd operation?


In logging/bin/deploy_esexporter.sh line 52:
         kubectl delete -n $monNamespace servicemonitor elasticsearch
                           ^-----------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
         kubectl delete -n "$monNamespace" servicemonitor elasticsearch


In logging/bin/deploy_esexporter.sh line 54:
         kubectl apply  -n $monNamespace -f monitoring/monitors/logging/serviceMonitor-elasticsearch-v2.yaml
                           ^-----------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
         kubectl apply  -n "$monNamespace" -f monitoring/monitors/logging/serviceMonitor-elasticsearch-v2.yaml


In logging/bin/deploy_esexporter.sh line 110:
helm2ReleaseCheck es-exporter-$LOG_NS
                              ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
helm2ReleaseCheck es-exporter-"$LOG_NS"


In logging/bin/deploy_esexporter.sh line 115:
chart2install="$(get_helmchart_reference $ESEXPORTER_HELM_CHART_REPO $ESEXPORTER_HELM_CHART_NAME $ESEXPORTER_HELM_CHART_VERSION)"
                                         ^-------------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                     ^-------------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                 ^----------------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
chart2install="$(get_helmchart_reference "$ESEXPORTER_HELM_CHART_REPO" "$ESEXPORTER_HELM_CHART_NAME" "$ESEXPORTER_HELM_CHART_VERSION")"


In logging/bin/deploy_esexporter.sh line 116:
versionstring="$(get_helm_versionstring  $ESEXPORTER_HELM_CHART_VERSION)"
                                         ^----------------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
versionstring="$(get_helm_versionstring  "$ESEXPORTER_HELM_CHART_VERSION")"


In logging/bin/deploy_esexporter.sh line 120:
helm $helmDebug upgrade --install es-exporter \
     ^--------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
helm "$helmDebug" upgrade --install es-exporter \


In logging/bin/deploy_esexporter.sh line 121:
 --namespace $LOG_NS \
             ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
 --namespace "$LOG_NS" \


In logging/bin/deploy_esexporter.sh line 122:
 -f $imageKeysFile \
    ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
 -f "$imageKeysFile" \


In logging/bin/deploy_esexporter.sh line 124:
 -f $wnpValuesFile \
    ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
 -f "$wnpValuesFile" \


In logging/bin/deploy_esexporter.sh line 125:
 -f $openshiftValuesFile \
    ^------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
 -f "$openshiftValuesFile" \


In logging/bin/deploy_esexporter.sh line 126:
 -f $ES_OPEN_EXPORTER_USER_YAML \
    ^-------------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
 -f "$ES_OPEN_EXPORTER_USER_YAML" \


In logging/bin/deploy_esexporter.sh line 128:
 $versionstring \
 ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
 "$versionstring" \


In logging/bin/deploy_esexporter.sh line 129:
 $chart2install
 ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
 "$chart2install"


In logging/bin/deploy_logging_openshift.sh line 6:
cd "$(dirname $BASH_SOURCE)/../.."
              ^----------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
cd "$(dirname "$BASH_SOURCE")/../.."


In logging/bin/deploy_logging_openshift.sh line 31:
if [ "$(kubectl get ns $LOG_NS -o name 2>/dev/null)" == "" ]; then
                       ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
if [ "$(kubectl get ns "$LOG_NS" -o name 2>/dev/null)" == "" ]; then


In logging/bin/deploy_logging_openshift.sh line 32:
  kubectl create ns $LOG_NS
                    ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
  kubectl create ns "$LOG_NS"


In logging/bin/deploy_logging_openshift.sh line 35:
  disable_sa_token_automount $LOG_NS default
                             ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
  disable_sa_token_automount "$LOG_NS" default


In logging/bin/deploy_logging_openshift.sh line 36:
  disable_sa_token_automount $LOG_NS builder
                             ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
  disable_sa_token_automount "$LOG_NS" builder


In logging/bin/deploy_logging_openshift.sh line 37:
  disable_sa_token_automount $LOG_NS deployer
                             ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
  disable_sa_token_automount "$LOG_NS" deployer


In logging/bin/deploy_logging_openshift.sh line 123:
   bin/show_app_url.sh $servicelist
                       ^----------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   bin/show_app_url.sh "$servicelist"


In logging/bin/deploy_logging_openshift.sh line 144:
if helm3ReleaseExists v4m $LOG_NS; then
                          ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
if helm3ReleaseExists v4m "$LOG_NS"; then


In logging/bin/deploy_opensearch.sh line 6:
cd "$(dirname $BASH_SOURCE)/../.."
              ^----------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
cd "$(dirname "$BASH_SOURCE")/../.."


In logging/bin/deploy_opensearch.sh line 13:
this_script=`basename "$0"`
            ^-------------^ SC2006 (style): Use $(...) notation instead of legacy backticks `...`.

Did you mean: 
this_script=$(basename "$0")


In logging/bin/deploy_opensearch.sh line 48:
if [ "$AUTOGENERATE_INGRESS" == "true" ] && [ "$OPENSEARCH_INGRESS_ENABLE"="true" ]; then
                                                                          ^-- SC2077 (error): You need spaces around the comparison operator.


In logging/bin/deploy_opensearch.sh line 68:
   yq -i eval-all '. as $item ireduce ({}; . * $item )' "$autogeneratedYAMLFile" "$ingressSampleFile"
                  ^-- SC2016 (info): Expressions don't expand in single quotes, use double quotes for that.


In logging/bin/deploy_opensearch.sh line 71:
   OPENSEARCH_FQDN="${OPENSEARCH_FQDN}"
   ^-------------^ SC2269 (info): This variable is assigned to itself, so the assignment does nothing.


In logging/bin/deploy_opensearch.sh line 85:
   yq -i '.ingress.enabled=env(OPENSEARCH_INGRESS_ENABLE)'               $autogeneratedYAMLFile
                                                                         ^--------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   yq -i '.ingress.enabled=env(OPENSEARCH_INGRESS_ENABLE)'               "$autogeneratedYAMLFile"


In logging/bin/deploy_opensearch.sh line 88:
      yq -i '.ingress.hosts.[0]=env(OPENSEARCH_FQDN)'                    $autogeneratedYAMLFile
                                                                         ^--------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      yq -i '.ingress.hosts.[0]=env(OPENSEARCH_FQDN)'                    "$autogeneratedYAMLFile"


In logging/bin/deploy_opensearch.sh line 89:
      yq -i '.ingress.tls.[0].hosts.[0]=env(OPENSEARCH_FQDN)'            $autogeneratedYAMLFile
                                                                         ^--------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      yq -i '.ingress.tls.[0].hosts.[0]=env(OPENSEARCH_FQDN)'            "$autogeneratedYAMLFile"


In logging/bin/deploy_opensearch.sh line 91:
      slashpath="/$OPENSEARCH_PATH" yq -i '.ingress.path=env(slashpath)' $autogeneratedYAMLFile
                                                                         ^--------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      slashpath="/$OPENSEARCH_PATH" yq -i '.ingress.path=env(slashpath)' "$autogeneratedYAMLFile"


In logging/bin/deploy_opensearch.sh line 92:
      yq -i '.ingress.hosts.[0]=env(OPENSEARCH_FQDN)'                    $autogeneratedYAMLFile
                                                                         ^--------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      yq -i '.ingress.hosts.[0]=env(OPENSEARCH_FQDN)'                    "$autogeneratedYAMLFile"


In logging/bin/deploy_opensearch.sh line 94:
      yq -i '.ingress.tls.[0].hosts.[0]=env(OPENSEARCH_FQDN)'            $autogeneratedYAMLFile
                                                                         ^--------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      yq -i '.ingress.tls.[0].hosts.[0]=env(OPENSEARCH_FQDN)'            "$autogeneratedYAMLFile"


In logging/bin/deploy_opensearch.sh line 95:
      slashpath="/$OPENSEARCH_PATH" yq -i '.ingress.annotations["nginx.ingress.kubernetes.io/rewrite-target"]=env(slashpath)' $autogeneratedYAMLFile
                                                                                                                              ^--------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      slashpath="/$OPENSEARCH_PATH" yq -i '.ingress.annotations["nginx.ingress.kubernetes.io/rewrite-target"]=env(slashpath)' "$autogeneratedYAMLFile"


In logging/bin/deploy_opensearch.sh line 98:
      printf -v snippet "rewrite (?i)/$OPENSEARCH_PATH/(.*) /\$1 break;\nrewrite (?i)/${OPENSEARCH_PATH}$ / break;"  ;
                        ^-- SC2059 (info): Don't use variables in the printf format string. Use printf '..%s..' "$foo".


In logging/bin/deploy_opensearch.sh line 99:
      snippet="$snippet"    yq -i '.ingress.annotations["nginx.ingress.kubernetes.io/configuration-snippet"]=strenv(snippet)'  $autogeneratedYAMLFile
                                                                                                                               ^--------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      snippet="$snippet"    yq -i '.ingress.annotations["nginx.ingress.kubernetes.io/configuration-snippet"]=strenv(snippet)'  "$autogeneratedYAMLFile"


In logging/bin/deploy_opensearch.sh line 116:
if [ "$(kubectl get ns $LOG_NS -o name 2>/dev/null)" == "" ]; then
                       ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
if [ "$(kubectl get ns "$LOG_NS" -o name 2>/dev/null)" == "" ]; then


In logging/bin/deploy_opensearch.sh line 144:
if verify_cert_generator $LOG_NS es-transport es-rest es-admin; then
                         ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
if verify_cert_generator "$LOG_NS" es-transport es-rest es-admin; then


In logging/bin/deploy_opensearch.sh line 152:
create_tls_certs $LOG_NS logging es-transport es-rest es-admin
                 ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
create_tls_certs "$LOG_NS" logging es-transport es-rest es-admin


In logging/bin/deploy_opensearch.sh line 158:
if [ ! -f  $TMP_DIR/es-transport.pem ]; then
           ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
if [ ! -f  "$TMP_DIR"/es-transport.pem ]; then


In logging/bin/deploy_opensearch.sh line 160:
   kubectl -n $LOG_NS get secret es-transport-tls-secret -o=jsonpath="{.data.tls\.crt}" |base64 --decode > $TMP_DIR/es-transport.pem
              ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                           ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   kubectl -n "$LOG_NS" get secret es-transport-tls-secret -o=jsonpath="{.data.tls\.crt}" |base64 --decode > "$TMP_DIR"/es-transport.pem


In logging/bin/deploy_opensearch.sh line 162:
node_dn=$(openssl x509 -subject -nameopt RFC2253 -noout -in $TMP_DIR/es-transport.pem | sed -e "s/subject=\s*\(\S*\)/\1/" -e "s/^[ \t]*//")
                                                            ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
node_dn=$(openssl x509 -subject -nameopt RFC2253 -noout -in "$TMP_DIR"/es-transport.pem | sed -e "s/subject=\s*\(\S*\)/\1/" -e "s/^[ \t]*//")


In logging/bin/deploy_opensearch.sh line 164:
if [ ! -f  $TMP_DIR/es-admin.pem ]; then
           ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
if [ ! -f  "$TMP_DIR"/es-admin.pem ]; then


In logging/bin/deploy_opensearch.sh line 166:
   kubectl -n $LOG_NS get secret es-admin-tls-secret -o=jsonpath="{.data.tls\.crt}" |base64 --decode > $TMP_DIR/es-admin.pem
              ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                       ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   kubectl -n "$LOG_NS" get secret es-admin-tls-secret -o=jsonpath="{.data.tls\.crt}" |base64 --decode > "$TMP_DIR"/es-admin.pem


In logging/bin/deploy_opensearch.sh line 168:
admin_dn=$(openssl x509 -subject -nameopt RFC2253 -noout -in $TMP_DIR/es-admin.pem | sed -e "s/subject=\s*\(\S*\)/\1/" -e "s/^[ \t]*//")
                                                             ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
admin_dn=$(openssl x509 -subject -nameopt RFC2253 -noout -in "$TMP_DIR"/es-admin.pem | sed -e "s/subject=\s*\(\S*\)/\1/" -e "s/^[ \t]*//")


In logging/bin/deploy_opensearch.sh line 173:
kubectl -n $LOG_NS delete secret opensearch-cert-subjects --ignore-not-found
           ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
kubectl -n "$LOG_NS" delete secret opensearch-cert-subjects --ignore-not-found


In logging/bin/deploy_opensearch.sh line 174:
kubectl -n $LOG_NS create secret generic opensearch-cert-subjects  --from-literal=node_dn="$node_dn" --from-literal=admin_dn="$admin_dn"
           ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
kubectl -n "$LOG_NS" create secret generic opensearch-cert-subjects  --from-literal=node_dn="$node_dn" --from-literal=admin_dn="$admin_dn"


In logging/bin/deploy_opensearch.sh line 175:
kubectl -n $LOG_NS label  secret opensearch-cert-subjects  managed-by=v4m-es-script
           ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
kubectl -n "$LOG_NS" label  secret opensearch-cert-subjects  managed-by=v4m-es-script


In logging/bin/deploy_opensearch.sh line 178:
kubectl -n $LOG_NS delete configmap run-securityadmin.sh --ignore-not-found
           ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
kubectl -n "$LOG_NS" delete configmap run-securityadmin.sh --ignore-not-found


In logging/bin/deploy_opensearch.sh line 179:
kubectl -n $LOG_NS create configmap run-securityadmin.sh --from-file logging/opensearch/bin/run_securityadmin.sh
           ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
kubectl -n "$LOG_NS" create configmap run-securityadmin.sh --from-file logging/opensearch/bin/run_securityadmin.sh


In logging/bin/deploy_opensearch.sh line 180:
kubectl -n $LOG_NS label  configmap run-securityadmin.sh managed-by=v4m-es-script search-backend=opensearch
           ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
kubectl -n "$LOG_NS" label  configmap run-securityadmin.sh managed-by=v4m-es-script search-backend=opensearch


In logging/bin/deploy_opensearch.sh line 183:
export ES_ADMIN_USER=$(kubectl -n $LOG_NS get secret internal-user-admin -o=jsonpath="{.data.username}" |base64 --decode)
       ^-----------^ SC2155 (warning): Declare and assign separately to avoid masking return values.
                                  ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
export ES_ADMIN_USER=$(kubectl -n "$LOG_NS" get secret internal-user-admin -o=jsonpath="{.data.username}" |base64 --decode)


In logging/bin/deploy_opensearch.sh line 184:
export ES_ADMIN_PASSWD=$(kubectl -n $LOG_NS get secret internal-user-admin -o=jsonpath="{.data.password}" |base64 --decode)
       ^-------------^ SC2155 (warning): Declare and assign separately to avoid masking return values.
                                    ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
export ES_ADMIN_PASSWD=$(kubectl -n "$LOG_NS" get secret internal-user-admin -o=jsonpath="{.data.password}" |base64 --decode)


In logging/bin/deploy_opensearch.sh line 185:
export ES_METRICGETTER_USER=$(kubectl -n $LOG_NS get secret internal-user-metricgetter -o=jsonpath="{.data.username}" |base64 --decode)
       ^------------------^ SC2155 (warning): Declare and assign separately to avoid masking return values.
                                         ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
export ES_METRICGETTER_USER=$(kubectl -n "$LOG_NS" get secret internal-user-metricgetter -o=jsonpath="{.data.username}" |base64 --decode)


In logging/bin/deploy_opensearch.sh line 186:
export ES_METRICGETTER_PASSWD=$(kubectl -n $LOG_NS get secret internal-user-metricgetter -o=jsonpath="{.data.password}" |base64 --decode)
       ^--------------------^ SC2155 (warning): Declare and assign separately to avoid masking return values.
                                           ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
export ES_METRICGETTER_PASSWD=$(kubectl -n "$LOG_NS" get secret internal-user-metricgetter -o=jsonpath="{.data.password}" |base64 --decode)


In logging/bin/deploy_opensearch.sh line 189:
adminpwd_autogenerated=$(kubectl -n $LOG_NS get secret internal-user-admin   -o jsonpath='{.metadata.labels.autogenerated_password}')
                                    ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
adminpwd_autogenerated=$(kubectl -n "$LOG_NS" get secret internal-user-admin   -o jsonpath='{.metadata.labels.autogenerated_password}')


In logging/bin/deploy_opensearch.sh line 190:
if [ ! -z "$adminpwd_autogenerated"  ]; then
     ^-- SC2236 (style): Use -n instead of ! -z.


In logging/bin/deploy_opensearch.sh line 224:
if [ "$(helm -n $LOG_NS list --filter 'opensearch' -q)" == "opensearch" ]; then
                ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
if [ "$(helm -n "$LOG_NS" list --filter 'opensearch' -q)" == "opensearch" ]; then


In logging/bin/deploy_opensearch.sh line 232:
helm2ReleaseCheck odfe-$LOG_NS
                       ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
helm2ReleaseCheck odfe-"$LOG_NS"


In logging/bin/deploy_opensearch.sh line 235:
if [ "$(helm -n $LOG_NS list --filter 'odfe' -q)" == "odfe" ]; then
                ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
if [ "$(helm -n "$LOG_NS" list --filter 'odfe' -q)" == "odfe" ]; then


In logging/bin/deploy_opensearch.sh line 249:
if [ -z "$(kubectl -n $LOG_NS get secret opensearch-securityconfig -o name 2>/dev/null)" ]; then
                      ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
if [ -z "$(kubectl -n "$LOG_NS" get secret opensearch-securityconfig -o name 2>/dev/null)" ]; then


In logging/bin/deploy_opensearch.sh line 251:
   kubectl -n $LOG_NS delete secret opensearch-securityconfig --ignore-not-found
              ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   kubectl -n "$LOG_NS" delete secret opensearch-securityconfig --ignore-not-found


In logging/bin/deploy_opensearch.sh line 254:
   mkdir -p $TMP_DIR/opensearch/securityconfig
            ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   mkdir -p "$TMP_DIR"/opensearch/securityconfig


In logging/bin/deploy_opensearch.sh line 255:
   cp logging/opensearch/securityconfig/*.yml $TMP_DIR/opensearch/securityconfig
                                              ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   cp logging/opensearch/securityconfig/*.yml "$TMP_DIR"/opensearch/securityconfig


In logging/bin/deploy_opensearch.sh line 260:
      if [ "$(ls $USER_DIR/logging/opensearch/securityconfig/*.yml 2>/dev/null)" ]; then
                 ^-------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      if [ "$(ls "$USER_DIR"/logging/opensearch/securityconfig/*.yml 2>/dev/null)" ]; then


In logging/bin/deploy_opensearch.sh line 262:
        cp $USER_DIR/logging/opensearch/securityconfig/*.yml $TMP_DIR/opensearch/securityconfig
           ^-------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                             ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
        cp "$USER_DIR"/logging/opensearch/securityconfig/*.yml "$TMP_DIR"/opensearch/securityconfig


In logging/bin/deploy_opensearch.sh line 271:
   kubectl -n $LOG_NS create secret generic opensearch-securityconfig    \
              ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   kubectl -n "$LOG_NS" create secret generic opensearch-securityconfig    \


In logging/bin/deploy_opensearch.sh line 272:
       --from-file $TMP_DIR/opensearch/securityconfig/action_groups.yml  \
                   ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
       --from-file "$TMP_DIR"/opensearch/securityconfig/action_groups.yml  \


In logging/bin/deploy_opensearch.sh line 273:
       --from-file $TMP_DIR/opensearch/securityconfig/allowlist.yml      \
                   ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
       --from-file "$TMP_DIR"/opensearch/securityconfig/allowlist.yml      \


In logging/bin/deploy_opensearch.sh line 274:
       --from-file whitelist.yml=$TMP_DIR/opensearch/securityconfig/allowlist.yml      \
                                 ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
       --from-file whitelist.yml="$TMP_DIR"/opensearch/securityconfig/allowlist.yml      \


In logging/bin/deploy_opensearch.sh line 275:
       --from-file $TMP_DIR/opensearch/securityconfig/config.yml         \
                   ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
       --from-file "$TMP_DIR"/opensearch/securityconfig/config.yml         \


In logging/bin/deploy_opensearch.sh line 276:
       --from-file $TMP_DIR/opensearch/securityconfig/internal_users.yml \
                   ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
       --from-file "$TMP_DIR"/opensearch/securityconfig/internal_users.yml \


In logging/bin/deploy_opensearch.sh line 277:
       --from-file $TMP_DIR/opensearch/securityconfig/nodes_dn.yml       \
                   ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
       --from-file "$TMP_DIR"/opensearch/securityconfig/nodes_dn.yml       \


In logging/bin/deploy_opensearch.sh line 278:
       --from-file $TMP_DIR/opensearch/securityconfig/roles.yml          \
                   ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
       --from-file "$TMP_DIR"/opensearch/securityconfig/roles.yml          \


In logging/bin/deploy_opensearch.sh line 279:
       --from-file $TMP_DIR/opensearch/securityconfig/roles_mapping.yml  \
                   ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
       --from-file "$TMP_DIR"/opensearch/securityconfig/roles_mapping.yml  \


In logging/bin/deploy_opensearch.sh line 280:
       --from-file $TMP_DIR/opensearch/securityconfig/tenants.yml
                   ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
       --from-file "$TMP_DIR"/opensearch/securityconfig/tenants.yml


In logging/bin/deploy_opensearch.sh line 282:
   kubectl -n $LOG_NS label secret opensearch-securityconfig  managed-by=v4m-es-script
              ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   kubectl -n "$LOG_NS" label secret opensearch-securityconfig  managed-by=v4m-es-script


In logging/bin/deploy_opensearch.sh line 318:
chart2install="$(get_helmchart_reference $OPENSEARCH_HELM_CHART_REPO $OPENSEARCH_HELM_CHART_NAME $OPENSEARCH_HELM_CHART_VERSION)"
                                         ^-------------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                     ^-------------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                 ^----------------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
chart2install="$(get_helmchart_reference "$OPENSEARCH_HELM_CHART_REPO" "$OPENSEARCH_HELM_CHART_NAME" "$OPENSEARCH_HELM_CHART_VERSION")"


In logging/bin/deploy_opensearch.sh line 319:
versionstring="$(get_helm_versionstring  $OPENSEARCH_HELM_CHART_VERSION)"
                                         ^----------------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
versionstring="$(get_helm_versionstring  "$OPENSEARCH_HELM_CHART_VERSION")"


In logging/bin/deploy_opensearch.sh line 325:
helm $helmDebug upgrade --install opensearch \
     ^--------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
helm "$helmDebug" upgrade --install opensearch \


In logging/bin/deploy_opensearch.sh line 326:
    --namespace $LOG_NS \
                ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
    --namespace "$LOG_NS" \


In logging/bin/deploy_opensearch.sh line 337:
    $versionstring \
    ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
    "$versionstring" \


In logging/bin/deploy_opensearch.sh line 338:
    $chart2install
    ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
    "$chart2install"


In logging/bin/deploy_opensearch.sh line 342:
pvc_status=$(kubectl -n $LOG_NS get pvc  v4m-search-v4m-search-0  -o=jsonpath="{.status.phase}")
                        ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
pvc_status=$(kubectl -n "$LOG_NS" get pvc  v4m-search-v4m-search-0  -o=jsonpath="{.status.phase}")


In logging/bin/deploy_opensearch.sh line 343:
until [ "$pvc_status" == "Bound" ] || (( $pvcCounter>90 ));
                                         ^---------^ SC2004 (style): $/${} is unnecessary on arithmetic variables.


In logging/bin/deploy_opensearch.sh line 347:
   pvc_status=$(kubectl -n $LOG_NS get pvc v4m-search-v4m-search-0 -o=jsonpath="{.status.phase}")
                           ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   pvc_status=$(kubectl -n "$LOG_NS" get pvc v4m-search-v4m-search-0 -o=jsonpath="{.status.phase}")


In logging/bin/deploy_opensearch.sh line 351:
pvc_status=$(kubectl -n $LOG_NS get pvc  v4m-search-v4m-search-0  -o=jsonpath="{.status.phase}")
                        ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
pvc_status=$(kubectl -n "$LOG_NS" get pvc  v4m-search-v4m-search-0  -o=jsonpath="{.status.phase}")


In logging/bin/deploy_opensearch.sh line 362:
kubectl -n $LOG_NS wait pods v4m-search-0 --for=condition=Ready --timeout=10m
           ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
kubectl -n "$LOG_NS" wait pods v4m-search-0 --for=condition=Ready --timeout=10m


In logging/bin/deploy_opensearch.sh line 376:
  kubectl -n $LOG_NS exec v4m-search-0 -c opensearch -- config/run_securityadmin.sh
             ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
  kubectl -n "$LOG_NS" exec v4m-search-0 -c opensearch -- config/run_securityadmin.sh


In logging/bin/deploy_opensearch.sh line 378:
  kubectl -n $LOG_NS cp v4m-search-0:config/run_securityadmin.log $TMP_DIR/run_securityadmin.log -c opensearch
             ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                  ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
  kubectl -n "$LOG_NS" cp v4m-search-0:config/run_securityadmin.log "$TMP_DIR"/run_securityadmin.log -c opensearch


In logging/bin/deploy_opensearch.sh line 379:
  if [ "$(tail -n1  $TMP_DIR/run_securityadmin.log)" == "Done with success" ]; then
                    ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
  if [ "$(tail -n1  "$TMP_DIR"/run_securityadmin.log)" == "Done with success" ]; then


In logging/bin/deploy_opensearch.sh line 385:
  sed 's/^/   | /' $TMP_DIR/run_securityadmin.log
                   ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
  sed 's/^/   | /' "$TMP_DIR"/run_securityadmin.log


In logging/bin/deploy_opensearch.sh line 394:
   disable_sa_token_automount $LOG_NS v4m-os
                              ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   disable_sa_token_automount "$LOG_NS" v4m-os


In logging/bin/deploy_opensearch_content.sh line 6:
cd "$(dirname $BASH_SOURCE)/../.."
              ^----------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
cd "$(dirname "$BASH_SOURCE")/../.."


In logging/bin/deploy_opensearch_content.sh line 12:
this_script=`basename "$0"`
            ^-------------^ SC2006 (style): Use $(...) notation instead of legacy backticks `...`.

Did you mean: 
this_script=$(basename "$0")


In logging/bin/deploy_opensearch_content.sh line 33:
if [ "$(kubectl get ns $LOG_NS -o name 2>/dev/null)" == "" ]; then
                       ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
if [ "$(kubectl get ns "$LOG_NS" -o name 2>/dev/null)" == "" ]; then


In logging/bin/deploy_opensearch_content.sh line 49:
   response=$(curl -s -o /dev/null -w  "%{http_code}" -XGET  "$es_api_url"  --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD  --insecure)
                                                                                   ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                  ^--------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   response=$(curl -s -o /dev/null -w  "%{http_code}" -XGET  "$es_api_url"  --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD"  --insecure)


In logging/bin/deploy_opensearch_content.sh line 77:
   log_debug "Function called: set_retention_perid ARGS: $@"
                                                         ^-- SC2145 (error): Argument mixes string and array. Use * or separate argument.


In logging/bin/deploy_opensearch_content.sh line 83:
   cp logging/opensearch/${policy_name}.json $TMP_DIR/$policy_name.json
                         ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                             ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                      ^----------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   cp logging/opensearch/"${policy_name}".json "$TMP_DIR"/"$policy_name".json


In logging/bin/deploy_opensearch_content.sh line 92:
   sed -i'.bak' "s/\"min_index_age\": \"xxxRETENTION_PERIODxxx\"/\"min_index_age\": \"${retention_period}d\"/g" $TMP_DIR/$policy_name.json
                                                                                                                ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                         ^----------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   sed -i'.bak' "s/\"min_index_age\": \"xxxRETENTION_PERIODxxx\"/\"min_index_age\": \"${retention_period}d\"/g" "$TMP_DIR"/"$policy_name".json


In logging/bin/deploy_opensearch_content.sh line 95:
   log_debug "$(cat $TMP_DIR/${policy_name}.json)"
                    ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                             ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   log_debug "$(cat "$TMP_DIR"/"${policy_name}".json)"


In logging/bin/deploy_opensearch_content.sh line 98:
   response=$(curl -s -o /dev/null  -w "%{http_code}" -XPUT "$ism_api_url/policies/$policy_name" -H 'Content-Type: application/json' -d @$TMP_DIR/$policy_name.json  --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
                                                                                                                                         ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                                                  ^----------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                                                                            ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                                                                                           ^--------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   response=$(curl -s -o /dev/null  -w "%{http_code}" -XPUT "$ism_api_url/policies/$policy_name" -H 'Content-Type: application/json' -d @"$TMP_DIR"/"$policy_name".json  --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)


In logging/bin/deploy_opensearch_content.sh line 118:
   response=$(curl -s -o $TMP_DIR/ism_policy_patch.json -w "%{http_code}" -XGET "$ism_api_url/policies/$policy_name" --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
                         ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                            ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                                           ^--------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   response=$(curl -s -o "$TMP_DIR"/ism_policy_patch.json -w "%{http_code}" -XGET "$ism_api_url/policies/$policy_name" --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)


In logging/bin/deploy_opensearch_content.sh line 124:
   if [ -n "$(cat $TMP_DIR/ism_policy_patch.json |grep '"ism_template":null')" ]; then
        ^-- SC2143 (style): Use grep -q instead of comparing output with [ -n .. ].
                  ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   if [ -n "$(cat "$TMP_DIR"/ism_policy_patch.json |grep '"ism_template":null')" ]; then


In logging/bin/deploy_opensearch_content.sh line 128:
      sed -i'.bak'  "s/\"_id\":\"${policy_name}\",//;s/\"_version\":[0-9]*,//;s/\"_seq_no\":[0-9]*,//;s/\"_primary_term\":[0-9]*,//" $TMP_DIR/ism_policy_patch.json
                                                                                                                                     ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      sed -i'.bak'  "s/\"_id\":\"${policy_name}\",//;s/\"_version\":[0-9]*,//;s/\"_seq_no\":[0-9]*,//;s/\"_primary_term\":[0-9]*,//" "$TMP_DIR"/ism_policy_patch.json


In logging/bin/deploy_opensearch_content.sh line 131:
      sed -i'.bak'  "s/\"ism_template\":null/\"ism_template\": {\"index_patterns\": \[\"${pattern}\"\],\"priority\":${priority}}/g" $TMP_DIR/ism_policy_patch.json
                                                                                                                                    ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      sed -i'.bak'  "s/\"ism_template\":null/\"ism_template\": {\"index_patterns\": \[\"${pattern}\"\],\"priority\":${priority}}/g" "$TMP_DIR"/ism_policy_patch.json


In logging/bin/deploy_opensearch_content.sh line 134:
      response=$(curl -s -o /dev/null   -w "%{http_code}" -XDELETE "$ism_api_url/policies/$policy_name" --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
                                                                                                               ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                              ^--------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      response=$(curl -s -o /dev/null   -w "%{http_code}" -XDELETE "$ism_api_url/policies/$policy_name" --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)


In logging/bin/deploy_opensearch_content.sh line 145:
         sed -i'.bak' "s/viya_infra_idxmgmt_policy/viya-infra-idxmgmt-policy/g"  $TMP_DIR/ism_policy_patch.json
                                                                                 ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
         sed -i'.bak' "s/viya_infra_idxmgmt_policy/viya-infra-idxmgmt-policy/g"  "$TMP_DIR"/ism_policy_patch.json


In logging/bin/deploy_opensearch_content.sh line 151:
      response=$(curl -s -o /dev/null -w "%{http_code}" -XPUT "$ism_api_url/policies/$policy_name"  -H 'Content-Type: application/json' -d "@$TMP_DIR/ism_policy_patch.json" --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
                                                                                                                                                                                    ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                                                                                                   ^--------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      response=$(curl -s -o /dev/null -w "%{http_code}" -XPUT "$ism_api_url/policies/$policy_name"  -H 'Content-Type: application/json' -d "@$TMP_DIR/ism_policy_patch.json" --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)


In logging/bin/deploy_opensearch_content.sh line 171:
response=$(curl  -s -o /dev/null -w "%{http_code}"  -XPUT "$es_api_url/_ingest/pipeline/viyaburstns" -H 'Content-Type: application/json' -d @logging/opensearch/create_ns_burst_pipeline.json  --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
                                                                                                                                                                                                      ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                                                                                                                     ^--------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
response=$(curl  -s -o /dev/null -w "%{http_code}"  -XPUT "$es_api_url/_ingest/pipeline/viyaburstns" -H 'Content-Type: application/json' -d @logging/opensearch/create_ns_burst_pipeline.json  --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)


In logging/bin/deploy_opensearch_content.sh line 181:
response=$(curl  -s -o /dev/null -w "%{http_code}" -XPUT "$es_api_url/_template/viya-logs-template"  -H 'Content-Type: application/json' -d @logging/opensearch/set_index_template_settings_logs.json --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure )
                                                                                                                                                                                                             ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                                                                                                                            ^--------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
response=$(curl  -s -o /dev/null -w "%{http_code}" -XPUT "$es_api_url/_template/viya-logs-template"  -H 'Content-Type: application/json' -d @logging/opensearch/set_index_template_settings_logs.json --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure )


In logging/bin/deploy_opensearch_content.sh line 198:
   response=$(curl  -s -o /dev/null -w "%{http_code}" -XPUT "$es_api_url/_template/viya-infra-template"   -H 'Content-Type: application/json' -d @logging/opensearch/set_index_template_settings_infra_openshift.json --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure )
                                                                                                                                                                                                                             ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                                                                                                                                            ^--------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   response=$(curl  -s -o /dev/null -w "%{http_code}" -XPUT "$es_api_url/_template/viya-infra-template"   -H 'Content-Type: application/json' -d @logging/opensearch/set_index_template_settings_infra_openshift.json --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure )


In logging/bin/deploy_opensearch_content.sh line 217:
response=$(curl -s -o /dev/null -w "%{http_code}" -XPUT "$es_api_url/_template/viya-ops-template" -H 'Content-Type: application/json'  -d @logging/opensearch/set_index_template_settings_ops.json --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
                                                                                                                                                                                                          ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                                                                                                                         ^--------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
response=$(curl -s -o /dev/null -w "%{http_code}" -XPUT "$es_api_url/_template/viya-ops-template" -H 'Content-Type: application/json'  -d @logging/opensearch/set_index_template_settings_ops.json --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)


In logging/bin/deploy_opensearch_content.sh line 254:
      LOGGING_DRIVER=true ./logging/bin/user.sh CREATE -ns _all_ -t _all_ -u logadm -p $LOG_LOGADM_PASSWD
                                                                                       ^----------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      LOGGING_DRIVER=true ./logging/bin/user.sh CREATE -ns _all_ -t _all_ -u logadm -p "$LOG_LOGADM_PASSWD"


In logging/bin/deploy_opensearch_content.sh line 264:
   response=$(curl -s -o /dev/null -w "%{http_code}" -XGET "$es_api_url/_plugins/_reports/instances"   --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
                                                                                                              ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                             ^--------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   response=$(curl -s -o /dev/null -w "%{http_code}" -XGET "$es_api_url/_plugins/_reports/instances"   --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)


In logging/bin/deploy_opensearch_content.sh line 266:
   response=$(curl -s -o /dev/null -w "%{http_code}" -XGET "$es_api_url/_plugins/_reports/definitions" --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
                                                                                                              ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                             ^--------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   response=$(curl -s -o /dev/null -w "%{http_code}" -XGET "$es_api_url/_plugins/_reports/definitions" --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)


In logging/bin/deploy_openshift_prereqs.sh line 6:
cd "$(dirname $BASH_SOURCE)/../.."
^-- SC2164 (warning): Use 'cd ... || exit' or 'cd ... || return' in case cd fails.
              ^----------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
cd "$(dirname "$BASH_SOURCE")/../.." || exit


In logging/bin/deploy_openshift_prereqs.sh line 9:
this_script=`basename "$0"`
            ^-------------^ SC2006 (style): Use $(...) notation instead of legacy backticks `...`.

Did you mean: 
this_script=$(basename "$0")


In logging/bin/deploy_openshift_prereqs.sh line 23:
oc adm policy add-scc-to-user privileged -z v4m-os -n $LOG_NS
                                                      ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
oc adm policy add-scc-to-user privileged -z v4m-os -n "$LOG_NS"


In logging/bin/deploy_osd.sh line 6:
cd "$(dirname $BASH_SOURCE)/../.."
              ^----------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
cd "$(dirname "$BASH_SOURCE")/../.."


In logging/bin/deploy_osd.sh line 13:
this_script=`basename "$0"`
            ^-------------^ SC2006 (style): Use $(...) notation instead of legacy backticks `...`.

Did you mean: 
this_script=$(basename "$0")


In logging/bin/deploy_osd.sh line 35:
if [ "$(kubectl get ns $LOG_NS -o name 2>/dev/null)" == "" ]; then
                       ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
if [ "$(kubectl get ns "$LOG_NS" -o name 2>/dev/null)" == "" ]; then


In logging/bin/deploy_osd.sh line 47:
if verify_cert_generator $LOG_NS kibana; then
                         ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
if verify_cert_generator "$LOG_NS" kibana; then


In logging/bin/deploy_osd.sh line 55:
create_tls_certs $LOG_NS logging kibana
                 ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
create_tls_certs "$LOG_NS" logging kibana


In logging/bin/deploy_osd.sh line 82:
   yq -i eval-all '. as $item ireduce ({}; . * $item )' "$autogeneratedYAMLFile" "$ingressSampleFile"
                  ^-- SC2016 (info): Expressions don't expand in single quotes, use double quotes for that.


In logging/bin/deploy_osd.sh line 85:
   OSD_FQDN="${OSD_FQDN}"
   ^------^ SC2269 (info): This variable is assigned to itself, so the assignment does nothing.


In logging/bin/deploy_osd.sh line 99:
   yq -i '.ingress.enabled=env(OSD_INGRESS_ENABLE)'            $autogeneratedYAMLFile
                                                               ^--------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   yq -i '.ingress.enabled=env(OSD_INGRESS_ENABLE)'            "$autogeneratedYAMLFile"


In logging/bin/deploy_osd.sh line 101:
      yq -i '.ingress.hosts.[0].host=strenv(OSD_FQDN)'         $autogeneratedYAMLFile
                                                               ^--------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      yq -i '.ingress.hosts.[0].host=strenv(OSD_FQDN)'         "$autogeneratedYAMLFile"


In logging/bin/deploy_osd.sh line 102:
      yq -i '.ingress.tls.[0].hosts.[0]=env(OSD_FQDN)'         $autogeneratedYAMLFile
                                                               ^--------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      yq -i '.ingress.tls.[0].hosts.[0]=env(OSD_FQDN)'         "$autogeneratedYAMLFile"


In logging/bin/deploy_osd.sh line 107:
      yq -i '(.extraEnvs.[] | select(has("name")) | select(.name == "SERVER_BASEPATH")).value=env(slashpath)' $autogeneratedYAMLFile
                                                                                                              ^--------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      yq -i '(.extraEnvs.[] | select(has("name")) | select(.name == "SERVER_BASEPATH")).value=env(slashpath)' "$autogeneratedYAMLFile"


In logging/bin/deploy_osd.sh line 109:
      yq -i '.ingress.hosts.[0].host=env(OSD_FQDN)'            $autogeneratedYAMLFile
                                                               ^--------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      yq -i '.ingress.hosts.[0].host=env(OSD_FQDN)'            "$autogeneratedYAMLFile"


In logging/bin/deploy_osd.sh line 110:
      yq -i '.ingress.hosts.[0].paths.[0].path=env(slashpath)' $autogeneratedYAMLFile
                                                               ^--------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      yq -i '.ingress.hosts.[0].paths.[0].path=env(slashpath)' "$autogeneratedYAMLFile"


In logging/bin/deploy_osd.sh line 111:
      yq -i '.ingress.tls.[0].hosts.[0]=env(OSD_FQDN)'         $autogeneratedYAMLFile
                                                               ^--------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      yq -i '.ingress.tls.[0].hosts.[0]=env(OSD_FQDN)'         "$autogeneratedYAMLFile"


In logging/bin/deploy_osd.sh line 112:
      yq -i '.ingress.annotations["nginx.ingress.kubernetes.io/rewrite-target"]=env(slashpath)'               $autogeneratedYAMLFile
                                                                                                              ^--------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      yq -i '.ingress.annotations["nginx.ingress.kubernetes.io/rewrite-target"]=env(slashpath)'               "$autogeneratedYAMLFile"


In logging/bin/deploy_osd.sh line 115:
      printf -v snippet "rewrite (?i)/$OSD_PATH/(.*) /\$1 break;\nrewrite (?i)/${OSD_PATH}$ / break;"  ;
                        ^-- SC2059 (info): Don't use variables in the printf format string. Use printf '..%s..' "$foo".


In logging/bin/deploy_osd.sh line 116:
      snippet="$snippet"    yq -i '.ingress.annotations["nginx.ingress.kubernetes.io/configuration-snippet"]=strenv(snippet)'  $autogeneratedYAMLFile
                                                                                                                               ^--------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
      snippet="$snippet"    yq -i '.ingress.annotations["nginx.ingress.kubernetes.io/configuration-snippet"]=strenv(snippet)'  "$autogeneratedYAMLFile"


In logging/bin/deploy_osd.sh line 160:
kubectl -n $LOG_NS delete secret          v4m-osd-tls-enabled  --ignore-not-found
           ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
kubectl -n "$LOG_NS" delete secret          v4m-osd-tls-enabled  --ignore-not-found


In logging/bin/deploy_osd.sh line 161:
kubectl -n $LOG_NS create secret generic  v4m-osd-tls-enabled  --from-literal enable_tls="$OSD_TLS_ENABLE"
           ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
kubectl -n "$LOG_NS" create secret generic  v4m-osd-tls-enabled  --from-literal enable_tls="$OSD_TLS_ENABLE"


In logging/bin/deploy_osd.sh line 167:
if [ "$(kubectl -n $LOG_NS get deployment v4m-osd -o jsonpath={.spec.template.metadata.labels} 2>/dev/null)" == '{"app":"opensearch-dashboards","release":"v4m-osd"}' ]; then
                   ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                              ^-- SC1083 (warning): This { is literal. Check expression (missing ;/\n?) or quote it.
                                                                                             ^-- SC1083 (warning): This } is literal. Check expression (missing ;/\n?) or quote it.

Did you mean: 
if [ "$(kubectl -n "$LOG_NS" get deployment v4m-osd -o jsonpath={.spec.template.metadata.labels} 2>/dev/null)" == '{"app":"opensearch-dashboards","release":"v4m-osd"}' ]; then


In logging/bin/deploy_osd.sh line 169:
   kubectl -n $LOG_NS delete deployment v4m-osd
              ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   kubectl -n "$LOG_NS" delete deployment v4m-osd


In logging/bin/deploy_osd.sh line 204:
chart2install="$(get_helmchart_reference $OSD_HELM_CHART_REPO $OSD_HELM_CHART_NAME $OSD_HELM_CHART_VERSION)"
                                         ^------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                              ^------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                   ^---------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
chart2install="$(get_helmchart_reference "$OSD_HELM_CHART_REPO" "$OSD_HELM_CHART_NAME" "$OSD_HELM_CHART_VERSION")"


In logging/bin/deploy_osd.sh line 205:
versionstring="$(get_helm_versionstring  $OSD_HELM_CHART_VERSION)"
                                         ^---------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
versionstring="$(get_helm_versionstring  "$OSD_HELM_CHART_VERSION")"


In logging/bin/deploy_osd.sh line 210:
helm $helmDebug upgrade --install v4m-osd \
     ^--------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
helm "$helmDebug" upgrade --install v4m-osd \


In logging/bin/deploy_osd.sh line 211:
    $versionstring \
    ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
    "$versionstring" \


In logging/bin/deploy_osd.sh line 212:
    --namespace $LOG_NS \
                ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
    --namespace "$LOG_NS" \


In logging/bin/deploy_osd.sh line 222:
   $chart2install
   ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   "$chart2install"


In logging/bin/deploy_osd.sh line 229:
   disable_sa_token_automount $LOG_NS v4m-os
                              ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   disable_sa_token_automount "$LOG_NS" v4m-os


In logging/bin/deploy_osd.sh line 231:
   disable_sa_token_automount $LOG_NS v4m-osd-dashboards
                              ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
   disable_sa_token_automount "$LOG_NS" v4m-osd-dashboards

For more information:
  https://www.shellcheck.net/wiki/SC2077 -- You need spaces around the compar...
  https://www.shellcheck.net/wiki/SC2145 -- Argument mixes string and array. ...
  https://www.shellcheck.net/wiki/SC1083 -- This { is literal. Check expressi...
----------

You can address the above issues in one of three ways:
1. Manually correct the issue in the offending shell script;
2. Disable specific issues by adding the comment:
  # shellcheck disable=NNNN
above the line that contains the issue, where NNNN is the error code;
3. Add '-e NNNN' to the SHELLCHECK_OPTS setting in your .yml action file.

'shfmt -s -i 4 -bn -sr -ln bash' returned error 1 finding the following formatting issues:

----------
diff logging/bin/apiaccess-include.sh.orig logging/bin/apiaccess-include.sh
--- logging/bin/apiaccess-include.sh.orig
+++ logging/bin/apiaccess-include.sh
@@ -18,237 +18,233 @@
 source bin/service-url-include.sh
 
 function stop_portforwarding {
-   # terminate port-forwarding process if PID was cached
-
-   local pid
-   pid=${1:-$pfPID}
-
-   if [ -o errexit ]; then
-      restore_errexit=Y
-      log_debug "Toggling errexit: Off"
-      set +e
-   fi
-
-   if ps -p "$pid" >/dev/null;  then
-      log_debug "Killing port-forwarding process [$pid]."
-      kill -9 $pid
-      wait $pid 2>/dev/null  # suppresses message reporting process has been killed
-   else
-      log_debug "No portforwarding processID found; nothing to terminate."
-   fi
-
-   if [ -n "$restore_errexit" ]; then
-      log_debug "Toggling errexit: On"
-      set -e
-   fi
+    # terminate port-forwarding process if PID was cached
+
+    local pid
+    pid=${1:-$pfPID}
+
+    if [ -o errexit ]; then
+        restore_errexit=Y
+        log_debug "Toggling errexit: Off"
+        set +e
+    fi
+
+    if ps -p "$pid" > /dev/null; then
+        log_debug "Killing port-forwarding process [$pid]."
+        kill -9 $pid
+        wait $pid 2> /dev/null # suppresses message reporting process has been killed
+    else
+        log_debug "No portforwarding processID found; nothing to terminate."
+    fi
+
+    if [ -n "$restore_errexit" ]; then
+        log_debug "Toggling errexit: On"
+        set -e
+    fi
 
 }
 
 function stop_es_portforwarding {
-   #
-   # terminate ES port-forwarding process
-   #
-   # Global vars:      espfpid    - process id of ES portforwarding
-   #                   es_api_url - URL to access ES API/serivce
-
-   if [ -n "$espfpid" ]; then
-      log_debug "ES PF PID for stopping: $espfpid"
-      stop_portforwarding $espfpid
-      unset espfpid
-      unset es_api_url
-   fi
+    #
+    # terminate ES port-forwarding process
+    #
+    # Global vars:      espfpid    - process id of ES portforwarding
+    #                   es_api_url - URL to access ES API/serivce
+
+    if [ -n "$espfpid" ]; then
+        log_debug "ES PF PID for stopping: $espfpid"
+        stop_portforwarding $espfpid
+        unset espfpid
+        unset es_api_url
+    fi
 }
 
 function stop_kb_portforwarding {
-   #
-   # terminate KB port-forwarding process
-   #
-   # Global vars:      kbpfpid    - process id of KB portforwarding
-   #                   kb_api_url - URL to access KB API/serivce
-
-   if [ -n "$kbpfpid" ]; then
-      log_debug "KB PF PID for stopping: $kbpfpid"
-      stop_portforwarding $kbpfpid
-      unset kbpfpid
-      unset kb_api_url
-   fi
- }
+    #
+    # terminate KB port-forwarding process
+    #
+    # Global vars:      kbpfpid    - process id of KB portforwarding
+    #                   kb_api_url - URL to access KB API/serivce
+
+    if [ -n "$kbpfpid" ]; then
+        log_debug "KB PF PID for stopping: $kbpfpid"
+        stop_portforwarding $kbpfpid
+        unset kbpfpid
+        unset kb_api_url
+    fi
+}
 
 function get_api_url {
-   #
-   # determine URL to access specified API/service
-   #
-   # Global vars:      api_url - URL to access requested API/serivce
-   #                   pfPID   - process id used for portforwarding
-   #
-   local servicename portpath usetls serviceport
-   servicename=$1
-   portpath=$2
-   usetls=${3:-false}
-   ingress=$4
-
-   api_url=$(get_service_url "$LOG_NS" "$servicename" "$usetls" $ingress)
-
-   if [ -z "$api_url" ] || [ "$LOG_ALWAYS_PORT_FORWARD" == "true" ]; then
-      # set up temporary port forwarding to allow curl access
-      log_debug "Will use Kubernetes port-forwarding to access"
-      log_debug "LOG_ALWAYS_PORT_FORWARD: $LOG_ALWAYS_PORT_FORWARD api_url: $api_url"
-
-      serviceport=$(kubectl -n $LOG_NS get service $servicename -o=jsonpath=$portpath)
-      log_debug "serviceport: $serviceport"
-
-      # command is sent to run in background
-
-      kubectl -n $LOG_NS port-forward --address localhost svc/$servicename :$serviceport > $tmpfile 2>/dev/null &
-
-      # get PID to allow us to kill process later
-      pfPID=$!
-      log_debug "pfPID: $pfPID"
-
-      # pause to allow port-forwarding messages to appear
-      sleep 5
-
-      # determine which port port-forwarding is using
-      pfRegex='Forwarding from .+:([0-9]+)'
-      myline=$(head -n1  $tmpfile)
-
-      if [[ $myline =~ $pfRegex ]]; then
-         TEMP_PORT="${BASH_REMATCH[1]}";
-         log_debug "TEMP_PORT=${TEMP_PORT}"
-      else
-         log_error "Unable to identify the temporary port used for port-forwarding [$servicename]; exiting script.";
-         return 1
-      fi
-
-      if [ "$usetls" == "true" ]; then
-         protocol="https"
-      else
-         protocol="http"
-      fi
-
-      api_url="$protocol://localhost:$TEMP_PORT"
-
-   fi
-   log_debug "API Endpoint for [$servicename]: $api_url"
-}
-
+    #
+    # determine URL to access specified API/service
+    #
+    # Global vars:      api_url - URL to access requested API/serivce
+    #                   pfPID   - process id used for portforwarding
+    #
+    local servicename portpath usetls serviceport
+    servicename=$1
+    portpath=$2
+    usetls=${3:-false}
+    ingress=$4
+
+    api_url=$(get_service_url "$LOG_NS" "$servicename" "$usetls" $ingress)
+
+    if [ -z "$api_url" ] || [ "$LOG_ALWAYS_PORT_FORWARD" == "true" ]; then
+        # set up temporary port forwarding to allow curl access
+        log_debug "Will use Kubernetes port-forwarding to access"
+        log_debug "LOG_ALWAYS_PORT_FORWARD: $LOG_ALWAYS_PORT_FORWARD api_url: $api_url"
+
+        serviceport=$(kubectl -n $LOG_NS get service $servicename -o=jsonpath=$portpath)
+        log_debug "serviceport: $serviceport"
+
+        # command is sent to run in background
+
+        kubectl -n $LOG_NS port-forward --address localhost svc/$servicename :$serviceport > $tmpfile 2> /dev/null &
+
+        # get PID to allow us to kill process later
+        pfPID=$!
+        log_debug "pfPID: $pfPID"
+
+        # pause to allow port-forwarding messages to appear
+        sleep 5
+
+        # determine which port port-forwarding is using
+        pfRegex='Forwarding from .+:([0-9]+)'
+        myline=$(head -n1 $tmpfile)
+
+        if [[ $myline =~ $pfRegex ]]; then
+            TEMP_PORT="${BASH_REMATCH[1]}"
+            log_debug "TEMP_PORT=${TEMP_PORT}"
+        else
+            log_error "Unable to identify the temporary port used for port-forwarding [$servicename]; exiting script."
+            return 1
+        fi
+
+        if [ "$usetls" == "true" ]; then
+            protocol="https"
+        else
+            protocol="http"
+        fi
+
+        api_url="$protocol://localhost:$TEMP_PORT"
+
+    fi
+    log_debug "API Endpoint for [$servicename]: $api_url"
+}
 
 function get_es_api_url {
-   #
-   # obtain ES API/service URL (establish port-forwarding, if necessary)
-   #
-   # Global vars:      es_api_url - URL to access ES API/serivce
-   #                   espfpid    - process id of ES portforwarding
-
-   if [ -n "$es_api_url" ]; then
-      log_debug "Elasticsearch API Endpoint already set [$es_api_url]"
-      return 0
-   fi
-
-   pfPID=""
-   get_api_url "$ES_SERVICENAME" '{.spec.ports[?(@.name=="http")].port}' true
-
-   rc=$?
-
-   if [ "$rc" == "0" ]; then
-      es_api_url=$api_url
-      espfpid=$pfPID
-      trap_add stop_es_portforwarding EXIT
-      return 0
-   else
-      log_error "Unable to obtain the URL for the Elasticsearch API Endpoint"
-      return 1
-   fi
+    #
+    # obtain ES API/service URL (establish port-forwarding, if necessary)
+    #
+    # Global vars:      es_api_url - URL to access ES API/serivce
+    #                   espfpid    - process id of ES portforwarding
+
+    if [ -n "$es_api_url" ]; then
+        log_debug "Elasticsearch API Endpoint already set [$es_api_url]"
+        return 0
+    fi
+
+    pfPID=""
+    get_api_url "$ES_SERVICENAME" '{.spec.ports[?(@.name=="http")].port}' true
+
+    rc=$?
+
+    if [ "$rc" == "0" ]; then
+        es_api_url=$api_url
+        espfpid=$pfPID
+        trap_add stop_es_portforwarding EXIT
+        return 0
+    else
+        log_error "Unable to obtain the URL for the Elasticsearch API Endpoint"
+        return 1
+    fi
 }
 
 function get_kb_api_url {
-   #
-   # obtain KB API/service URL (establish port-forwarding, if necessary)
-   #
-   # Global vars:      kb_api_url - URL to access KB API/service
-   #                   kbpfpid    - process id of KB portforwarding
-
-
-   if [ -n "$kb_api_url" ]; then
-      log_debug "Kibana API Endpoint already set [$kb_api_url]"
-      return 0
-   fi
-
-   pfPID=""
-
-   tlsrequired="$(kubectl -n $LOG_NS get secret v4m-osd-tls-enabled -o=jsonpath={.data.enable_tls} |base64 --decode)"
-   log_debug "TLS required to connect to Kibana? [$tlsrequired]"
-
-   get_api_url "$KB_SERVICENAME" '{.spec.ports[?(@.name=="'${KB_SERVICEPORT}'")].port}'  $tlsrequired  $KB_INGRESSNAME
-   rc=$?
-
-   if [ "$rc" == "0" ]; then
-      kb_api_url=$api_url
-      kbpfpid=$pfPID
-      trap_add stop_kb_portforwarding EXIT
-      return 0
-   else
-      log_error "Unable to obtain the URL for the OpenSearch Dashboards API Endpoint"
-      return 1
-   fi
+    #
+    # obtain KB API/service URL (establish port-forwarding, if necessary)
+    #
+    # Global vars:      kb_api_url - URL to access KB API/service
+    #                   kbpfpid    - process id of KB portforwarding
+
+    if [ -n "$kb_api_url" ]; then
+        log_debug "Kibana API Endpoint already set [$kb_api_url]"
+        return 0
+    fi
+
+    pfPID=""
+
+    tlsrequired="$(kubectl -n $LOG_NS get secret v4m-osd-tls-enabled -o=jsonpath={.data.enable_tls} | base64 --decode)"
+    log_debug "TLS required to connect to Kibana? [$tlsrequired]"
+
+    get_api_url "$KB_SERVICENAME" '{.spec.ports[?(@.name=="'${KB_SERVICEPORT}'")].port}' $tlsrequired $KB_INGRESSNAME
+    rc=$?
+
+    if [ "$rc" == "0" ]; then
+        kb_api_url=$api_url
+        kbpfpid=$pfPID
+        trap_add stop_kb_portforwarding EXIT
+        return 0
+    else
+        log_error "Unable to obtain the URL for the OpenSearch Dashboards API Endpoint"
+        return 1
+    fi
 }
 
 function get_sec_api_url {
-   #
-   # obtain ODFE Security API/service URL (calls get_es_api_url function, if necessary)
-   #
-   # Global vars:      sec_api_url - URL to access ODFE Security API/serivce
-
- if [ -n "$sec_api_url" ]; then
-    log_debug "Security API Endpoint already set [$sec_api_url]"
-    return 0
- fi
-
- get_es_api_url
- rc=$?
-
- if [ "$rc" == "0" ]; then
-    sec_api_url="${es_api_url}/$ES_PLUGINS_DIR/_security/api"
-
-    log_debug "Security API Endpoint: [$sec_api_url]"
-    return 0
- else
-    sec_api_url=""
-    log_error "Unable to obtain the URL for the Security API Endpoint"
-    return 1
- fi
+    #
+    # obtain ODFE Security API/service URL (calls get_es_api_url function, if necessary)
+    #
+    # Global vars:      sec_api_url - URL to access ODFE Security API/serivce
+
+    if [ -n "$sec_api_url" ]; then
+        log_debug "Security API Endpoint already set [$sec_api_url]"
+        return 0
+    fi
+
+    get_es_api_url
+    rc=$?
+
+    if [ "$rc" == "0" ]; then
+        sec_api_url="${es_api_url}/$ES_PLUGINS_DIR/_security/api"
+
+        log_debug "Security API Endpoint: [$sec_api_url]"
+        return 0
+    else
+        sec_api_url=""
+        log_error "Unable to obtain the URL for the Security API Endpoint"
+        return 1
+    fi
 }
 
 function get_ism_api_url {
-   #
-   # obtain Index State Managment API/service URL (calls get_es_api_url function, if necessary)
-   #
-   # Global vars:      ism_api_url - URL to access ISM API/serivce
-
- if [ -n "$ism_api_url" ]; then
-    log_debug "Index Statement Management API Endpoint already set [$ism_api_url]"
-    return 0
- fi
-
- get_es_api_url
- rc=$?
-
- if [ "$rc" == "0" ]; then
-    ism_api_url="${es_api_url}/$ES_PLUGINS_DIR/_ism"
-
-    log_debug "Index State Management API Endpoint: [$ism_api_url]"
-    return 0
- else
-    ism_api_url=""
-    log_error "Unable to obtain the URL for the Index State Management API Endpoint"
-    return 1
- fi
-}
-
+    #
+    # obtain Index State Managment API/service URL (calls get_es_api_url function, if necessary)
+    #
+    # Global vars:      ism_api_url - URL to access ISM API/serivce
+
+    if [ -n "$ism_api_url" ]; then
+        log_debug "Index Statement Management API Endpoint already set [$ism_api_url]"
+        return 0
+    fi
+
+    get_es_api_url
+    rc=$?
+
+    if [ "$rc" == "0" ]; then
+        ism_api_url="${es_api_url}/$ES_PLUGINS_DIR/_ism"
+
+        log_debug "Index State Management API Endpoint: [$ism_api_url]"
+        return 0
+    else
+        ism_api_url=""
+        log_error "Unable to obtain the URL for the Index State Management API Endpoint"
+        return 1
+    fi
+}
 
 export -f get_ism_api_url get_sec_api_url stop_portforwarding get_es_api_url get_kb_api_url stop_es_portforwarding stop_kb_portforwarding
 
-
 #initialize "global" vars
 LOG_ALWAYS_PORT_FORWARD=${LOG_ALWAYS_PORT_FORWARD:-true}
 export es_api_url kb_api_url espfpid kbpfpid sec_api_url pfPID LOG_ALWAYS_PORT_FORWARD
@@ -255,5 +251,5 @@
 
 #create a temp file to hold curl response
 if [ -z "$tmpfile" ]; then
-   tmpfile=$TMP_DIR/curl_response.txt
+    tmpfile=$TMP_DIR/curl_response.txt
 fi
diff logging/bin/change_internal_password.sh.orig logging/bin/change_internal_password.sh
--- logging/bin/change_internal_password.sh.orig
+++ logging/bin/change_internal_password.sh
@@ -9,22 +9,22 @@
 source logging/bin/secrets-include.sh
 source logging/bin/apiaccess-include.sh
 
-this_script=`basename "$0"`
+this_script=$(basename "$0")
 
 function show_usage {
-   log_info  ""
-   log_info  "Usage: $this_script USERNAME [PASSWORD] "
-   log_info  ""
-   log_info  "Changes the password for one of the special internal user accounts used by other components of the monitoring system to communicate "
-   log_info  "with OpenSearch.  In addition, the script upates the internal cache (i.e. corresponding Kubernetes secret) with the new value."
-   log_info  ""
-   log_info  "     USERNAME - REQUIRED; the internal username for which the password is be changed; "
-   log_info  "                MUST be one of: admin, kibanaserver, logadm, logcollector or metricgetter"
-   log_info  ""
-   log_info  "     PASSWORD - OPTIONAL; the new password.  If not provided, a random 32-character password will be generated."
-   log_info  "                Note: PASSWORD is REQUIRED when USERNAME is 'logadm'."
-   log_info  ""
-   echo ""
+    log_info ""
+    log_info "Usage: $this_script USERNAME [PASSWORD] "
+    log_info ""
+    log_info "Changes the password for one of the special internal user accounts used by other components of the monitoring system to communicate "
+    log_info "with OpenSearch.  In addition, the script upates the internal cache (i.e. corresponding Kubernetes secret) with the new value."
+    log_info ""
+    log_info "     USERNAME - REQUIRED; the internal username for which the password is be changed; "
+    log_info "                MUST be one of: admin, kibanaserver, logadm, logcollector or metricgetter"
+    log_info ""
+    log_info "     PASSWORD - OPTIONAL; the new password.  If not provided, a random 32-character password will be generated."
+    log_info "                Note: PASSWORD is REQUIRED when USERNAME is 'logadm'."
+    log_info ""
+    echo ""
 }
 
 # set vars used in curl commands
@@ -37,246 +37,241 @@
 
 # if no user_name; ERROR and EXIT
 if [ "$USER_NAME" == "" ]; then
-  log_error "Required argument [USER_NAME] not provided."
-  exit 1
-else
-  case "$USER_NAME" in
-   admin)
-     ;;
-   logcollector)
-     ;;
-   logadm)
-     if [ -z "$NEW_PASSWD" ]; then
-        log_error "No password provided.  A new password is REQUIRED when using this script to change the [logadm] account password"
-        exit 1
-     fi
-     ;;
-   kibanaserver)
-     ;;
-   metricgetter)
-     ;;
-   --help|-h)
-     show_usage
-     exit
-     ;;
-   *)
-     log_error "The user name [$USER_NAME] you provided is not one of the supported internal users; exiting"
-     show_usage
-     exit 2
-     ;;
-  esac
-fi
-
+    log_error "Required argument [USER_NAME] not provided."
+    exit 1
+else
+    case "$USER_NAME" in
+    admin) ;;
+    logcollector) ;;
+    logadm)
+        if [ -z "$NEW_PASSWD" ]; then
+            log_error "No password provided.  A new password is REQUIRED when using this script to change the [logadm] account password"
+            exit 1
+        fi
+        ;;
+    kibanaserver) ;;
+    metricgetter) ;;
+    --help | -h)
+        show_usage
+        exit
+        ;;
+    *)
+        log_error "The user name [$USER_NAME] you provided is not one of the supported internal users; exiting"
+        show_usage
+        exit 2
+        ;;
+    esac
+fi
 
 if [ "$NEW_PASSWD" == "" ]; then
-   # generate password if one not provided
-   NEW_PASSWD="$(randomPassword)"
-   autogenerated_password="true"
+    # generate password if one not provided
+    NEW_PASSWD="$(randomPassword)"
+    autogenerated_password="true"
 fi
 
 if [ "$USER_NAME" != "logadm" ]; then
-   #get current credentials from Kubernetes secret
-   if [ -z "$(kubectl -n $LOG_NS get secret internal-user-$USER_NAME -o=name 2>/dev/null)" ]; then
-      log_warn "The Kubernetes secret [internal-user-$USER_NAME], containing credentials for the user, was not found."
-      # TO DO: How to handle case where secret does not exist?  Should never happen. 
-      # exit
-      ES_USER=$USER_NAME
-   else
-      ES_USER=$(kubectl -n $LOG_NS get secret internal-user-$USER_NAME -o=jsonpath="{.data.\username}" |base64 --decode)
-      ES_PASSWD=$(kubectl -n $LOG_NS get secret internal-user-$USER_NAME -o=jsonpath="{.data.password}" |base64 --decode)
-   fi
-else
-  ES_USER=$USER_NAME
-  ES_PASSWD="do_not_know_current_password"
+    #get current credentials from Kubernetes secret
+    if [ -z "$(kubectl -n $LOG_NS get secret internal-user-$USER_NAME -o=name 2> /dev/null)" ]; then
+        log_warn "The Kubernetes secret [internal-user-$USER_NAME], containing credentials for the user, was not found."
+        # TO DO: How to handle case where secret does not exist?  Should never happen.
+        # exit
+        ES_USER=$USER_NAME
+    else
+        ES_USER=$(kubectl -n $LOG_NS get secret internal-user-$USER_NAME -o=jsonpath="{.data.\username}" | base64 --decode)
+        ES_PASSWD=$(kubectl -n $LOG_NS get secret internal-user-$USER_NAME -o=jsonpath="{.data.password}" | base64 --decode)
+    fi
+else
+    ES_USER=$USER_NAME
+    ES_PASSWD="do_not_know_current_password"
 fi
 
 get_sec_api_url
 
 # Attempt to change password using current user credentials
-response=$(curl -s -o /dev/null -w "%{http_code}" -XPUT "$sec_api_url/account"   -H 'Content-Type: application/json' -d'{"current_password" : "'"$ES_PASSWD"'", "password" : "'"$NEW_PASSWD"'"}' --user "$ES_USER:$ES_PASSWD" --insecure)
+response=$(curl -s -o /dev/null -w "%{http_code}" -XPUT "$sec_api_url/account" -H 'Content-Type: application/json' -d'{"current_password" : "'"$ES_PASSWD"'", "password" : "'"$NEW_PASSWD"'"}' --user "$ES_USER:$ES_PASSWD" --insecure)
 if [[ $response == 4* ]]; then
-   if [ "$USER_NAME" != "logadm" ]; then
-      log_warn "The currently stored credentials for [$USER_NAME] do NOT appear to be up-to-date; unable to use them to change password. [$response]"
-   fi
-
-   if [ "$USER_NAME" != "admin" ]; then
-
-      log_debug "Will attempt to use admin credentials to change password for [$USER_NAME]"
-
-      ES_ADMIN_USER=$(kubectl -n $LOG_NS get secret internal-user-admin -o=jsonpath="{.data.username}" |base64 --decode)
-      ES_ADMIN_PASSWD=$(kubectl -n $LOG_NS get secret internal-user-admin -o=jsonpath="{.data.password}" |base64 --decode)
-
-      # make sure hash utility is executable
-      kubectl -n $LOG_NS exec $targetpod -c $targetcontainer --  chmod +x $toolsrootdir/tools/hash.sh
-      # get hash of new password
-      hashed_passwd=$(kubectl -n $LOG_NS exec $targetpod  -c $targetcontainer --  $toolsrootdir/tools/hash.sh -p $NEW_PASSWD|grep -v '*')
-      rc=$?
-      if [ "$rc" == "0" ]; then
-
-         #try changing password using admin password
-         response=$(curl -s -o /dev/null -w "%{http_code}"  -XPATCH "$sec_api_url/internalusers/$ES_USER"   -H 'Content-Type: application/json' -d'[{"op" : "replace", "path" : "/hash", "value" : "'"$hashed_passwd"'"}]'  --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
-         if [[ "$response" == "404" ]]; then
-            log_error "Unable to change password for [$USER_NAME] because that user does not exist. [$response]"
-            success="non-existent_user"
-         elif [[ $response == 4* ]]; then
-            log_error "The Kubernetes secret containing credentials for the [admin] user appears to be out-of-date. [$response]"
-            echo ""
-            log_error "                                *********** IMPORTANT NOTE ***********"
-            log_error ""
-            log_error " Cached credentials for [admin] user are not valid!"
-            log_error ""
-            log_error " It is VERY IMPORTANT to ensure the credentials for the [admin] account and the corresponding"
-            log_error " Kubernetes secret [internal-user-admin] in the [$LOG_NS] namespace are ALWAYS synchronized."
-            log_error ""
-            log_error " You MUST re-run this script NOW with the updated password for the [admin] account to update"
-            log_error " the secret with the current password."
-            log_error ""
-            log_error " You may then run this script again to update the password for the [$USER_NAME] account."
-            echo ""
-            success="false"
-         elif [[ $response == 2* ]]; then
-            log_debug "Password for [$USER_NAME] has been changed in OpenSearch. [$response]"
-            success="true"
-         else
-            log_warn "Unable to change password for [$USER_NAME] using [admin] credentials. [$response]"
-            success="false"
-         fi
-      else
-         log_error "Unable to obtain a hash of the new password; password not changed. [rc: $rc]";
-      fi
-   else
-      log_debug "Attempting to change password for user [admin] using the admin certs rather than cached password"
-
-      # make sure hash utility is executable
-      kubectl -n $LOG_NS exec $targetpod  -c $targetcontainer --  chmod +x $toolsrootdir/tools/hash.sh
-      # get hash of new password
-      hashed_passwd=$(kubectl -n $LOG_NS exec $targetpod  -c $targetcontainer --  $toolsrootdir/tools/hash.sh -p $NEW_PASSWD|grep -v '*')
-
-
-      #obtain admin cert
-      rm -f $TMP_DIR/tls.crt
-      admin_tls_cert=$(kubectl -n $LOG_NS get secrets es-admin-tls-secret -o "jsonpath={.data['tls\.crt']}")
-      if [ -z "$admin_tls_cert" ]; then
-         log_error "Unable to obtain admin certs from secret [es-admin-tls-secret] in the [$LOG_NS] namespace. Password for [$USER_NAME] has NOT been changed."
-         success="false"
-      else
-         log_debug "File tls.crt obtained from Kubernetes secret"
-         echo "$admin_tls_cert" |base64 --decode > $TMP_DIR/admin_tls.crt
-
-         #obtain admin TLS key
-         rm -f $TMP_DIR/tls.key
-         admin_tls_key=$(kubectl -n $LOG_NS get secrets es-admin-tls-secret -o "jsonpath={.data['tls\.key']}")
-         if [ -z "$admin_tls_key" ]; then
-            log_error "Unable to obtain admin cert key from secret [es-admin-tls-secret] in the [$LOG_NS] namespace. Password for [$USER_NAME] has NOT been changed."
-            success="false"
-         else
-            log_debug "File tls.key obtained from Kubernetes secret"
-            echo "$admin_tls_key" |base64 --decode > $TMP_DIR/admin_tls.key
-
-            # Attempt to change password using admin certs
-            response=$(curl -s -o /dev/null -w "%{http_code}" -XPATCH "$sec_api_url/internalusers/$ES_USER"   -H 'Content-Type: application/json' -d'[{"op" : "replace", "path" : "/hash", "value" : "'"$hashed_passwd"'"}]'  --cert $TMP_DIR/admin_tls.crt --key $TMP_DIR/admin_tls.key  --insecure)
-            if [[ $response == 2* ]]; then
-               log_debug "Password for [$USER_NAME] has been changed in OpenSearch. [$response]"
-               success="true"
-            else
-               log_warn "Unable to change password for [$USER_NAME] using [admin] certificates. [$response]"
-               success="false"
-            fi
-         fi
-      fi
-   fi
+    if [ "$USER_NAME" != "logadm" ]; then
+        log_warn "The currently stored credentials for [$USER_NAME] do NOT appear to be up-to-date; unable to use them to change password. [$response]"
+    fi
+
+    if [ "$USER_NAME" != "admin" ]; then
+
+        log_debug "Will attempt to use admin credentials to change password for [$USER_NAME]"
+
+        ES_ADMIN_USER=$(kubectl -n $LOG_NS get secret internal-user-admin -o=jsonpath="{.data.username}" | base64 --decode)
+        ES_ADMIN_PASSWD=$(kubectl -n $LOG_NS get secret internal-user-admin -o=jsonpath="{.data.password}" | base64 --decode)
+
+        # make sure hash utility is executable
+        kubectl -n $LOG_NS exec $targetpod -c $targetcontainer -- chmod +x $toolsrootdir/tools/hash.sh
+        # get hash of new password
+        hashed_passwd=$(kubectl -n $LOG_NS exec $targetpod -c $targetcontainer -- $toolsrootdir/tools/hash.sh -p $NEW_PASSWD | grep -v '*')
+        rc=$?
+        if [ "$rc" == "0" ]; then
+
+            #try changing password using admin password
+            response=$(curl -s -o /dev/null -w "%{http_code}" -XPATCH "$sec_api_url/internalusers/$ES_USER" -H 'Content-Type: application/json' -d'[{"op" : "replace", "path" : "/hash", "value" : "'"$hashed_passwd"'"}]' --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
+            if [[ $response == "404" ]]; then
+                log_error "Unable to change password for [$USER_NAME] because that user does not exist. [$response]"
+                success="non-existent_user"
+            elif [[ $response == 4* ]]; then
+                log_error "The Kubernetes secret containing credentials for the [admin] user appears to be out-of-date. [$response]"
+                echo ""
+                log_error "                                *********** IMPORTANT NOTE ***********"
+                log_error ""
+                log_error " Cached credentials for [admin] user are not valid!"
+                log_error ""
+                log_error " It is VERY IMPORTANT to ensure the credentials for the [admin] account and the corresponding"
+                log_error " Kubernetes secret [internal-user-admin] in the [$LOG_NS] namespace are ALWAYS synchronized."
+                log_error ""
+                log_error " You MUST re-run this script NOW with the updated password for the [admin] account to update"
+                log_error " the secret with the current password."
+                log_error ""
+                log_error " You may then run this script again to update the password for the [$USER_NAME] account."
+                echo ""
+                success="false"
+            elif [[ $response == 2* ]]; then
+                log_debug "Password for [$USER_NAME] has been changed in OpenSearch. [$response]"
+                success="true"
+            else
+                log_warn "Unable to change password for [$USER_NAME] using [admin] credentials. [$response]"
+                success="false"
+            fi
+        else
+            log_error "Unable to obtain a hash of the new password; password not changed. [rc: $rc]"
+        fi
+    else
+        log_debug "Attempting to change password for user [admin] using the admin certs rather than cached password"
+
+        # make sure hash utility is executable
+        kubectl -n $LOG_NS exec $targetpod -c $targetcontainer -- chmod +x $toolsrootdir/tools/hash.sh
+        # get hash of new password
+        hashed_passwd=$(kubectl -n $LOG_NS exec $targetpod -c $targetcontainer -- $toolsrootdir/tools/hash.sh -p $NEW_PASSWD | grep -v '*')
+
+        #obtain admin cert
+        rm -f $TMP_DIR/tls.crt
+        admin_tls_cert=$(kubectl -n $LOG_NS get secrets es-admin-tls-secret -o "jsonpath={.data['tls\.crt']}")
+        if [ -z "$admin_tls_cert" ]; then
+            log_error "Unable to obtain admin certs from secret [es-admin-tls-secret] in the [$LOG_NS] namespace. Password for [$USER_NAME] has NOT been changed."
+            success="false"
+        else
+            log_debug "File tls.crt obtained from Kubernetes secret"
+            echo "$admin_tls_cert" | base64 --decode > $TMP_DIR/admin_tls.crt
+
+            #obtain admin TLS key
+            rm -f $TMP_DIR/tls.key
+            admin_tls_key=$(kubectl -n $LOG_NS get secrets es-admin-tls-secret -o "jsonpath={.data['tls\.key']}")
+            if [ -z "$admin_tls_key" ]; then
+                log_error "Unable to obtain admin cert key from secret [es-admin-tls-secret] in the [$LOG_NS] namespace. Password for [$USER_NAME] has NOT been changed."
+                success="false"
+            else
+                log_debug "File tls.key obtained from Kubernetes secret"
+                echo "$admin_tls_key" | base64 --decode > $TMP_DIR/admin_tls.key
+
+                # Attempt to change password using admin certs
+                response=$(curl -s -o /dev/null -w "%{http_code}" -XPATCH "$sec_api_url/internalusers/$ES_USER" -H 'Content-Type: application/json' -d'[{"op" : "replace", "path" : "/hash", "value" : "'"$hashed_passwd"'"}]' --cert $TMP_DIR/admin_tls.crt --key $TMP_DIR/admin_tls.key --insecure)
+                if [[ $response == 2* ]]; then
+                    log_debug "Password for [$USER_NAME] has been changed in OpenSearch. [$response]"
+                    success="true"
+                else
+                    log_warn "Unable to change password for [$USER_NAME] using [admin] certificates. [$response]"
+                    success="false"
+                fi
+            fi
+        fi
+    fi
 elif [[ $response == 2* ]]; then
-   log_debug "Password change response [$response]"
-   success="true"
-else
-   log_error "An unexpected problem was encountered while attempting to update password for [$USER_NAME]; password not changed [$response]"
-   success="false"
+    log_debug "Password change response [$response]"
+    success="true"
+else
+    log_error "An unexpected problem was encountered while attempting to update password for [$USER_NAME]; password not changed [$response]"
+    success="false"
 fi
 
 if [ "$success" == "true" ]; then
-  log_info "Successfully changed the password for [$USER_NAME] in OpenSearch internal database."
-
-  if [ "$USER_NAME" != "logadm" ]; then
-     log_debug "Trying to store the updated credentials in the corresponding Kubernetes secret [internal-user-$USER_NAME]."
-
-     kubectl -n $LOG_NS delete secret internal-user-$USER_NAME  --ignore-not-found
-
-     labels="managed-by=v4m-es-script"
-     if [ "$autogenerated_password" == "true" ]; then
-        labels="$labels autogenerated_password=true"
-     fi
-
-     create_user_secret internal-user-$USER_NAME $USER_NAME $NEW_PASSWD "$labels"
-     rc=$?
-     if [ "$rc" != "0" ]; then
-       log_error "IMPORTANT! A Kubernetes secret holding the password for $USER_NAME no longer exists."
-       log_error "This WILL cause problems when the OpenSearch pods restart."
-       log_error "Try re-running this script again OR manually creating the secret using the command: "
-       log_error "kubectl -n $LOG_NS create secret generic --from-literal=username=$USER_NAME --from-literal=password=$NEW_PASSWD"
-     else
-       case $USER_NAME in
-        admin)
-
-          if [ "$autogenerated_password" == "true" ]; then
-             echo ""
-             log_notice "                    *********** IMPORTANT NOTE ***********                  "
-             log_notice ""
-             log_notice " The password for the OpenSearch 'admin' user was changed as requested.  "
-             log_notice "                                                                            "
-             log_notice " Since a new password for the 'admin' user was NOT provided, one was        "
-             log_notice " auto-generated for the account. The generated password is shown below.     "
-             log_notice "                                                                            "
-             log_notice " Generated 'admin' password:  $NEW_PASSWD                                       |"
-             log_notice "                                                                            "
-             log_notice " You can change the password for the 'admin' account at any time, by        "
-             log_notice " re-running this script.                                                    "
-             log_notice "                                                                            "
-             log_notice " NOTE: *NEVER* change the password for the 'admin' account from within the  "
-             log_notice " OpenSearch Dashboards web-interface.  The 'admin' password should *ONLY* be changed via   "
-             log_notice " this script (logging/bin/change_internal_password.sh)                      "
-             echo ""
-          fi
-          ;;
-        logcollector)
-          echo ""
-          log_notice "                    *********** IMPORTANT NOTE ***********                   "
-          log_notice "                                                                             "
-          log_notice " After changing the password for the [logcollector] user, you should restart "
-          log_notice " the Fluent Bit pods to ensure log collection is not interrupted.            "
-          log_notice "                                                                             "
-          log_notice " This can be done by submitting the following command:                       "
-          log_notice "       kubectl -n $LOG_NS rollout restart daemonset v4m-fb                   "
-          echo ""
-          ;;
-        kibanaserver)
-          echo ""
-          log_notice "                        *********** IMPORTANT NOTE ***********                        "
-          log_notice "                                                                                      "
-          log_notice " After changing the password for the [kibanaserver] user, you need to restart the     "
-          log_notice " OpenSearch Dashboards pod to ensure OpenSearch Dashboards can still be accessed and used. "
-          log_notice "                                                                                      "
-          log_notice " This can be done by submitting the following command:                                "
-          log_notice "              kubectl -n $LOG_NS delete pods -l 'app=opensearch-dashboards'"
-          echo ""
-          ;;
-        metricgetter)
-          echo ""
-          log_notice "                        *********** IMPORTANT NOTE ***********                        "
-          log_notice "                                                                                      "
-          log_notice " After changing the password for the [metricgetter] user, you should restart the      "
-          log_notice " Elasticsearch Exporter pod to ensure OpenSearch metrics continue to be collected. "
-          log_notice "                                                                                      "
-          log_notice " This can be done by submitting the following command:                                "
-          log_notice "       kubectl -n $LOG_NS rollout restart deployment v4m-es-exporter                  "
-          echo ""
-          ;;
-        *)
-        log_error "The user name [$USER_NAME] you provided is not one of the supported internal users; exiting"
-        exit 2
-       esac
-     fi
-  fi
+    log_info "Successfully changed the password for [$USER_NAME] in OpenSearch internal database."
+
+    if [ "$USER_NAME" != "logadm" ]; then
+        log_debug "Trying to store the updated credentials in the corresponding Kubernetes secret [internal-user-$USER_NAME]."
+
+        kubectl -n $LOG_NS delete secret internal-user-$USER_NAME --ignore-not-found
+
+        labels="managed-by=v4m-es-script"
+        if [ "$autogenerated_password" == "true" ]; then
+            labels="$labels autogenerated_password=true"
+        fi
+
+        create_user_secret internal-user-$USER_NAME $USER_NAME $NEW_PASSWD "$labels"
+        rc=$?
+        if [ "$rc" != "0" ]; then
+            log_error "IMPORTANT! A Kubernetes secret holding the password for $USER_NAME no longer exists."
+            log_error "This WILL cause problems when the OpenSearch pods restart."
+            log_error "Try re-running this script again OR manually creating the secret using the command: "
+            log_error "kubectl -n $LOG_NS create secret generic --from-literal=username=$USER_NAME --from-literal=password=$NEW_PASSWD"
+        else
+            case $USER_NAME in
+            admin)
+
+                if [ "$autogenerated_password" == "true" ]; then
+                    echo ""
+                    log_notice "                    *********** IMPORTANT NOTE ***********                  "
+                    log_notice ""
+                    log_notice " The password for the OpenSearch 'admin' user was changed as requested.  "
+                    log_notice "                                                                            "
+                    log_notice " Since a new password for the 'admin' user was NOT provided, one was        "
+                    log_notice " auto-generated for the account. The generated password is shown below.     "
+                    log_notice "                                                                            "
+                    log_notice " Generated 'admin' password:  $NEW_PASSWD                                       |"
+                    log_notice "                                                                            "
+                    log_notice " You can change the password for the 'admin' account at any time, by        "
+                    log_notice " re-running this script.                                                    "
+                    log_notice "                                                                            "
+                    log_notice " NOTE: *NEVER* change the password for the 'admin' account from within the  "
+                    log_notice " OpenSearch Dashboards web-interface.  The 'admin' password should *ONLY* be changed via   "
+                    log_notice " this script (logging/bin/change_internal_password.sh)                      "
+                    echo ""
+                fi
+                ;;
+            logcollector)
+                echo ""
+                log_notice "                    *********** IMPORTANT NOTE ***********                   "
+                log_notice "                                                                             "
+                log_notice " After changing the password for the [logcollector] user, you should restart "
+                log_notice " the Fluent Bit pods to ensure log collection is not interrupted.            "
+                log_notice "                                                                             "
+                log_notice " This can be done by submitting the following command:                       "
+                log_notice "       kubectl -n $LOG_NS rollout restart daemonset v4m-fb                   "
+                echo ""
+                ;;
+            kibanaserver)
+                echo ""
+                log_notice "                        *********** IMPORTANT NOTE ***********                        "
+                log_notice "                                                                                      "
+                log_notice " After changing the password for the [kibanaserver] user, you need to restart the     "
+                log_notice " OpenSearch Dashboards pod to ensure OpenSearch Dashboards can still be accessed and used. "
+                log_notice "                                                                                      "
+                log_notice " This can be done by submitting the following command:                                "
+                log_notice "              kubectl -n $LOG_NS delete pods -l 'app=opensearch-dashboards'"
+                echo ""
+                ;;
+            metricgetter)
+                echo ""
+                log_notice "                        *********** IMPORTANT NOTE ***********                        "
+                log_notice "                                                                                      "
+                log_notice " After changing the password for the [metricgetter] user, you should restart the      "
+                log_notice " Elasticsearch Exporter pod to ensure OpenSearch metrics continue to be collected. "
+                log_notice "                                                                                      "
+                log_notice " This can be done by submitting the following command:                                "
+                log_notice "       kubectl -n $LOG_NS rollout restart deployment v4m-es-exporter                  "
+                echo ""
+                ;;
+            *)
+                log_error "The user name [$USER_NAME] you provided is not one of the supported internal users; exiting"
+                exit 2
+                ;;
+            esac
+        fi
+    fi
 elif [ "$success" == "false" ]; then
-  log_error "Unable to update the password for user [$USER_NAME] on the OpenSearch pod; original password remains in place."
-  exit 99
+    log_error "Unable to update the password for user [$USER_NAME] on the OpenSearch pod; original password remains in place."
+    exit 99
 fi
diff logging/bin/common.sh.orig logging/bin/common.sh
--- logging/bin/common.sh.orig
+++ logging/bin/common.sh
@@ -14,19 +14,19 @@
 
         log_verbose "Loading user environment file: $USER_DIR/logging/user.env"
         if [ "$userEnv" ]; then
-         # shellcheck disable=SC2086,SC2163
-          export $userEnv
+            # shellcheck disable=SC2086,SC2163
+            export $userEnv
         fi
     fi
 
     #Check for obsolete env var
-    if [  -n "$LOG_SEARCH_BACKEND" ]; then
+    if [ -n "$LOG_SEARCH_BACKEND" ]; then
         log_error "Support for the LOG_SEARCH_BACKEND environment variable has been removed."
         log_error "This script is only appropriate for use with OpenSearch as the search back-end."
         log_error "The LOG_SEARCH_BACKEND environment variable is currently set to [$LOG_SEARCH_BACKEND]"
         exit 1
     fi
-    
+
     export LOG_NS="${LOG_NS:-logging}"
 
     #if TLS (w/in cluster; for all monitoring components) is requested, require TLS into OSD pod, too
@@ -51,7 +51,7 @@
     export V4M_NS=$LOG_NS
 
     if [ "$AIRGAP_DEPLOYMENT" == "true" ]; then
-       source bin/airgap-include.sh
+        source bin/airgap-include.sh
     fi
 
     source bin/version-include.sh
@@ -60,4 +60,3 @@
 
 fi
 echo ""
-
diff logging/bin/deploy_esexporter.sh.orig logging/bin/deploy_esexporter.sh
--- logging/bin/deploy_esexporter.sh.orig
+++ logging/bin/deploy_esexporter.sh
@@ -7,7 +7,7 @@
 source logging/bin/common.sh
 source logging/bin/secrets-include.sh
 
-this_script=`basename "$0"`
+this_script=$(basename "$0")
 
 log_debug "Script [$this_script] has started [$(date)]"
 
@@ -14,8 +14,8 @@
 ELASTICSEARCH_EXPORTER_ENABLED=${ELASTICSEARCH_EXPORTER_ENABLED:-true}
 
 if [ "$ELASTICSEARCH_EXPORTER_ENABLED" != "true" ]; then
-  log_verbose "Environment variable [ELASTICSEARCH_EXPORTER_ENABLED] is not set to 'true'; exiting WITHOUT deploying Elasticsearch Exporter"
-  exit
+    log_verbose "Environment variable [ELASTICSEARCH_EXPORTER_ENABLED] is not set to 'true'; exiting WITHOUT deploying Elasticsearch Exporter"
+    exit
 fi
 
 set -e
@@ -25,41 +25,43 @@
 # check for pre-reqs
 
 # Confirm namespace exists
-if [ "$(kubectl get ns $LOG_NS -o name 2>/dev/null)" == "" ]; then
-  log_error "Namespace [$LOG_NS] does NOT exist."
-  exit 1
+if [ "$(kubectl get ns $LOG_NS -o name 2> /dev/null)" == "" ]; then
+    log_error "Namespace [$LOG_NS] does NOT exist."
+    exit 1
 fi
 
 # get credentials
 get_credentials_from_secret metricgetter
 rc=$?
-if [ "$rc" != "0" ] ;then log_debug "RC=$rc"; exit $rc;fi
-
+if [ "$rc" != "0" ]; then
+    log_debug "RC=$rc"
+    exit $rc
+fi
 
 if helm3ReleaseExists es-exporter $LOG_NS; then
-   #remove an existing instance if it does NOT have the most current set of labels
-   # NOTE: pod label 'app' changed to 'app.kubernetes.io/name' w/Helm chart 6.x
-   if [ -z $(kubectl -n $LOG_NS get pods -l "app.kubernetes.io/name=prometheus-elasticsearch-exporter,searchbackend=opensearch" -o name 2>/dev/null) ]; then
-      log_debug "Removing an outdated version of Helm release [es-exporter]"
-      helm -n $LOG_NS delete es-exporter
-   fi
-
-   if kubectl get crd servicemonitors.monitoring.coreos.com 2>1 1>/dev/null; then
-      #serviceMonitor CRD may not be present if metric monitoring stack is not deployed
-      monNamespace=$(kubectl get servicemonitor -A --field-selector=metadata.name=elasticsearch -l sas.com/monitoring-base=kube-viya-monitoring -o=custom-columns=NAMESPACE:.metadata.namespace --no-headers)
-      if [ -n "$monNamespace" ]; then
-         log_debug "Removing obsolete serviceMonitor [$monNamespace/elasticsearch]"
-         kubectl delete -n $monNamespace servicemonitor elasticsearch
-         log_debug "Deploying an updated serviceMonitor for Elasticsearch  [$monNamespace/elasticsearch-v2]"
-         kubectl apply  -n $monNamespace -f monitoring/monitors/logging/serviceMonitor-elasticsearch-v2.yaml
-      else
-         log_debug "No instance of the obsolete elasticsearch serviceMonitor found."
-      fi
-   else
-      log_debug "No serviceMonitor CRD detected; skipping check for obsolete elasticseach serviceMonitor instance."
-   fi
-else
-   log_debug "No existing Helm release [es-exporter] found."
+    #remove an existing instance if it does NOT have the most current set of labels
+    # NOTE: pod label 'app' changed to 'app.kubernetes.io/name' w/Helm chart 6.x
+    if [ -z $(kubectl -n $LOG_NS get pods -l "app.kubernetes.io/name=prometheus-elasticsearch-exporter,searchbackend=opensearch" -o name 2> /dev/null) ]; then
+        log_debug "Removing an outdated version of Helm release [es-exporter]"
+        helm -n $LOG_NS delete es-exporter
+    fi
+
+    if kubectl get crd servicemonitors.monitoring.coreos.com 2> 1 1> /dev/null; then
+        #serviceMonitor CRD may not be present if metric monitoring stack is not deployed
+        monNamespace=$(kubectl get servicemonitor -A --field-selector=metadata.name=elasticsearch -l sas.com/monitoring-base=kube-viya-monitoring -o=custom-columns=NAMESPACE:.metadata.namespace --no-headers)
+        if [ -n "$monNamespace" ]; then
+            log_debug "Removing obsolete serviceMonitor [$monNamespace/elasticsearch]"
+            kubectl delete -n $monNamespace servicemonitor elasticsearch
+            log_debug "Deploying an updated serviceMonitor for Elasticsearch  [$monNamespace/elasticsearch-v2]"
+            kubectl apply -n $monNamespace -f monitoring/monitors/logging/serviceMonitor-elasticsearch-v2.yaml
+        else
+            log_debug "No instance of the obsolete elasticsearch serviceMonitor found."
+        fi
+    else
+        log_debug "No serviceMonitor CRD detected; skipping check for obsolete elasticseach serviceMonitor instance."
+    fi
+else
+    log_debug "No existing Helm release [es-exporter] found."
 fi
 
 # enable debug on Helm via env var
@@ -66,7 +68,7 @@
 export HELM_DEBUG="${HELM_DEBUG:-false}"
 
 if [ "$HELM_DEBUG" == "true" ]; then
-  helmDebug="--debug"
+    helmDebug="--debug"
 fi
 
 helmRepoAdd prometheus-community https://prometheus-community.github.io/helm-charts
@@ -80,8 +82,8 @@
 # Load any user customizations/overrides
 ES_OPEN_EXPORTER_USER_YAML="${ES_OPEN_EXPORTER_USER_YAML:-$USER_DIR/logging/user-values-es-exporter.yaml}"
 if [ ! -f "$ES_OPEN_EXPORTER_USER_YAML" ]; then
-  log_debug "[$ES_OPEN_EXPORTER_USER_YAML] not found. Using $TMP_DIR/empty.yaml"
-  ES_OPEN_EXPORTER_USER_YAML=$TMP_DIR/empty.yaml
+    log_debug "[$ES_OPEN_EXPORTER_USER_YAML] not found. Using $TMP_DIR/empty.yaml"
+    ES_OPEN_EXPORTER_USER_YAML=$TMP_DIR/empty.yaml
 fi
 
 # Enable workload node placement?
@@ -89,44 +91,42 @@
 
 # Optional workload node placement support
 if [ "$LOG_NODE_PLACEMENT_ENABLE" == "true" ]; then
-  log_verbose "Enabling elasticsearch exporter for workload node placement"
-  wnpValuesFile="logging/node-placement/values-elasticsearch-exporter-wnp.yaml"
-else
-  log_debug "Workload node placement support is disabled for the elasticsearch exporter"
-  wnpValuesFile="$TMP_DIR/empty.yaml"
-fi
-
+    log_verbose "Enabling elasticsearch exporter for workload node placement"
+    wnpValuesFile="logging/node-placement/values-elasticsearch-exporter-wnp.yaml"
+else
+    log_debug "Workload node placement support is disabled for the elasticsearch exporter"
+    wnpValuesFile="$TMP_DIR/empty.yaml"
+fi
 
 # Point to OpenShift response file or dummy as appropriate
 if [ "$OPENSHIFT_CLUSTER" == "true" ]; then
-  log_verbose "Deploying Elasticsearch metric exporter onto OpenShift cluster"
-  openshiftValuesFile="logging/openshift/values-elasticsearch-exporter.yaml"
-else
-  log_debug "Elasticsearch metric exporter is NOT being deployed on OpenShift cluster"
-  openshiftValuesFile="$TMP_DIR/empty.yaml"
+    log_verbose "Deploying Elasticsearch metric exporter onto OpenShift cluster"
+    openshiftValuesFile="logging/openshift/values-elasticsearch-exporter.yaml"
+else
+    log_debug "Elasticsearch metric exporter is NOT being deployed on OpenShift cluster"
+    openshiftValuesFile="$TMP_DIR/empty.yaml"
 fi
 
 # Elasticsearch metric exporter
 helm2ReleaseCheck es-exporter-$LOG_NS
 
-
 ## Get Helm Chart Name
 log_debug "Elasticsearch Exporter Helm Chart: repo [$ESEXPORTER_HELM_CHART_REPO] name [$ESEXPORTER_HELM_CHART_NAME] version [$ESEXPORTER_HELM_CHART_VERSION]"
 chart2install="$(get_helmchart_reference $ESEXPORTER_HELM_CHART_REPO $ESEXPORTER_HELM_CHART_NAME $ESEXPORTER_HELM_CHART_VERSION)"
-versionstring="$(get_helm_versionstring  $ESEXPORTER_HELM_CHART_VERSION)"
+versionstring="$(get_helm_versionstring $ESEXPORTER_HELM_CHART_VERSION)"
 
 log_debug "Installing Helm chart from artifact [$chart2install]"
 
 helm $helmDebug upgrade --install es-exporter \
- --namespace $LOG_NS \
- -f $imageKeysFile \
- -f $primaryValuesFile \
- -f $wnpValuesFile \
- -f $openshiftValuesFile \
- -f $ES_OPEN_EXPORTER_USER_YAML \
- --set fullnameOverride=v4m-es-exporter  \
- $versionstring \
- $chart2install
+    --namespace $LOG_NS \
+    -f $imageKeysFile \
+    -f $primaryValuesFile \
+    -f $wnpValuesFile \
+    -f $openshiftValuesFile \
+    -f $ES_OPEN_EXPORTER_USER_YAML \
+    --set fullnameOverride=v4m-es-exporter \
+    $versionstring \
+    $chart2install
 
 log_info "Elasticsearch metric exporter has been deployed"
 
diff logging/bin/deploy_logging.sh.orig logging/bin/deploy_logging.sh
--- logging/bin/deploy_logging.sh.orig
+++ logging/bin/deploy_logging.sh
@@ -16,7 +16,6 @@
     fi
 fi
 
-
 # set flag indicating wrapper/driver script being run
 export LOGGING_DRIVER=true
 
@@ -27,9 +26,9 @@
 checkDefaultStorageClass
 
 # Create namespace if it doesn't exist
-if [ -z "$(kubectl get ns "$LOG_NS" -o name 2>/dev/null)" ]; then
+if [ -z "$(kubectl get ns "$LOG_NS" -o name 2> /dev/null)" ]; then
     kubectl create ns "$LOG_NS"
-    
+
     #Container Security: Disable serviceAccount Token Automounting
     disable_sa_token_automount "$LOG_NS" default
 fi
@@ -88,7 +87,6 @@
 bin/show_app_url.sh OSD OS
 set -e
 
-
 ##################################
 # Version Info                   #
 ##################################
@@ -103,7 +101,6 @@
     log_warn "Unable to update SAS Viya Monitoring Helm chart release"
 fi
 
-
 # Write any "notices" to console
 log_message ""
 display_notices
@@ -111,4 +108,3 @@
 log_message ""
 log_notice "The deployment of logging components has completed [$(date)]"
 echo ""
-
diff logging/bin/deploy_logging_openshift.sh.orig logging/bin/deploy_logging_openshift.sh
--- logging/bin/deploy_logging_openshift.sh.orig
+++ logging/bin/deploy_logging_openshift.sh
@@ -11,11 +11,11 @@
 ##################################
 
 if [ "$OPENSHIFT_CLUSTER" != "true" ]; then
-  if [ "${CHECK_OPENSHIFT_CLUSTER:-true}" == "true" ]; then
-    log_error "This script should only be run on OpenShift clusters"
-    log_error "Run logging/bin/deploy_logging.sh instead"
-    exit 1
-  fi
+    if [ "${CHECK_OPENSHIFT_CLUSTER:-true}" == "true" ]; then
+        log_error "This script should only be run on OpenShift clusters"
+        log_error "Run logging/bin/deploy_logging.sh instead"
+        exit 1
+    fi
 fi
 
 # set flag indicating wrapper/driver script being run
@@ -28,13 +28,13 @@
 checkDefaultStorageClass
 
 # Create namespace if it doesn't exist
-if [ "$(kubectl get ns $LOG_NS -o name 2>/dev/null)" == "" ]; then
-  kubectl create ns $LOG_NS
-
-  #Container Security: Disable serviceAccount Token Automounting
-  disable_sa_token_automount $LOG_NS default
-  disable_sa_token_automount $LOG_NS builder
-  disable_sa_token_automount $LOG_NS deployer
+if [ "$(kubectl get ns $LOG_NS -o name 2> /dev/null)" == "" ]; then
+    kubectl create ns $LOG_NS
+
+    #Container Security: Disable serviceAccount Token Automounting
+    disable_sa_token_automount $LOG_NS default
+    disable_sa_token_automount $LOG_NS builder
+    disable_sa_token_automount $LOG_NS deployer
 fi
 
 set -e
@@ -41,7 +41,6 @@
 
 log_notice "Deploying logging components to the [$LOG_NS] namespace [$(date)]"
 
-
 ##################################
 # OpenShift-specific Set-up      #
 ##################################
@@ -57,7 +56,6 @@
 log_info "STEP 1: OpenSearch"
 logging/bin/deploy_opensearch.sh
 
-
 ##################################
 # OpenSearch Dashboards (Kibana) #
 ##################################
@@ -64,7 +62,6 @@
 log_info "STEP 2: OpenSearch Dashboards"
 logging/bin/deploy_osd.sh
 
-
 ##################################
 # Elasticsearch Metric Exporter  #
 ##################################
@@ -71,7 +68,6 @@
 log_info "STEP 3: Elasticsearch metric exporter"
 logging/bin/deploy_esexporter.sh
 
-
 ##################################
 # OpenSearch Content (OpenShift) #
 ##################################
@@ -78,7 +74,6 @@
 log_info "STEP 4: Loading Content into OpenSearch"
 logging/bin/deploy_opensearch_content.sh
 
-
 ##################################
 # OSD Content                    #
 ##################################
@@ -86,7 +81,6 @@
 
 KB_KNOWN_NODEPORT_ENABLE=false logging/bin/deploy_osd_content.sh
 
-
 ##################################
 # Fluent Bit - Log Messages      #
 ##################################
@@ -99,7 +93,6 @@
 log_info "STEP 7: Deploying Fluent Bit - K8s Event Collection"
 logging/bin/deploy_fluentbit_k8sevents_opensearch.sh
 
-
 ##################################
 # Create OpenShift Route(s)      #
 # and display app URL(s)         #
@@ -110,22 +103,21 @@
 
 if [ "$OPENSHIFT_ROUTES_ENABLE" == "true" ]; then
 
-   servicelist="OSD"
-   logging/bin/create_openshift_route.sh OSD
-
-   OPENSHIFT_ES_ROUTE_ENABLE=${OPENSHIFT_ES_ROUTE_ENABLE:-false}
-   if [ "$OPENSHIFT_ES_ROUTE_ENABLE" == "true" ]; then
-      logging/bin/create_openshift_route.sh OS OSD
-
-      servicelist="OS OSD"
-   fi
-
-   bin/show_app_url.sh $servicelist
+    servicelist="OSD"
+    logging/bin/create_openshift_route.sh OSD
+
+    OPENSHIFT_ES_ROUTE_ENABLE=${OPENSHIFT_ES_ROUTE_ENABLE:-false}
+    if [ "$OPENSHIFT_ES_ROUTE_ENABLE" == "true" ]; then
+        logging/bin/create_openshift_route.sh OS OSD
+
+        servicelist="OS OSD"
+    fi
+
+    bin/show_app_url.sh $servicelist
 
 else
-   log_info "Environment variable [OPENSHIFT_ROUTES_ENABLE] is not set to 'true'; continuing WITHOUT deploying OpenShift Routes"
-fi
-
+    log_info "Environment variable [OPENSHIFT_ROUTES_ENABLE] is not set to 'true'; continuing WITHOUT deploying OpenShift Routes"
+fi
 
 ##################################
 # Service Monitors               #
@@ -134,7 +126,6 @@
 export DEPLOY_SERVICEMONITORS=${DEPLOY_SERVICEMONITORS:-true}
 logging/bin/deploy_servicemonitors_openshift.sh
 
-
 ##################################
 # Version Info                   #
 ##################################
@@ -142,14 +133,13 @@
 
 # If a deployment with the old name exists, remove it first
 if helm3ReleaseExists v4m $LOG_NS; then
-  log_verbose "Removing outdated SAS Viya Monitoring Helm chart release from [$LOG_NS] namespace"
-  helm uninstall -n "$LOG_NS" "v4m"
+    log_verbose "Removing outdated SAS Viya Monitoring Helm chart release from [$LOG_NS] namespace"
+    helm uninstall -n "$LOG_NS" "v4m"
 fi
 
 if ! deployV4MInfo "$LOG_NS" "v4m-logs"; then
-  log_warn "Unable to update SAS Viya Monitoring version info"
-fi
-
+    log_warn "Unable to update SAS Viya Monitoring version info"
+fi
 
 ##################################
 # Display Notices                #
@@ -158,7 +148,6 @@
 echo ""
 display_notices
 
-
 echo ""
 log_notice "The deployment of logging components has completed [$(date)]"
 echo ""
diff logging/bin/deploy_opensearch.sh.orig logging/bin/deploy_opensearch.sh
--- logging/bin/deploy_opensearch.sh.orig
+++ logging/bin/deploy_opensearch.sh
@@ -10,7 +10,7 @@
 source bin/autogenerate-include.sh
 source logging/bin/apiaccess-include.sh
 
-this_script=`basename "$0"`
+this_script=$(basename "$0")
 
 log_debug "Script [$this_script] has started [$(date)]"
 
@@ -17,8 +17,8 @@
 ELASTICSEARCH_ENABLE=${ELASTICSEARCH_ENABLE:-true}
 
 if [ "$ELASTICSEARCH_ENABLE" != "true" ]; then
-  log_verbose "Environment variable [ELASTICSEARCH_ENABLE] is not set to 'true'; exiting WITHOUT deploying OpenSearch"
-  exit 0
+    log_verbose "Environment variable [ELASTICSEARCH_ENABLE] is not set to 'true'; exiting WITHOUT deploying OpenSearch"
+    exit 0
 fi
 
 autogeneratedYAMLFile="$TMP_DIR/autogenerate-opensearch.yaml"
@@ -27,19 +27,19 @@
 
 if [ "$AUTOGENERATE_STORAGECLASS" == "true" ]; then
 
-   if [ ! -f "$autogeneratedYAMLFile" ]; then
-      log_debug "Creating file [$autogeneratedYAMLFile]"
-      touch "$autogeneratedYAMLFile"
-   else
-      log_debug "File [$autogeneratedYAMLFile] already exists"
-   fi
-
-   storageClass="${OPENSEARCH_STORAGECLASS:-$STORAGECLASS}"
-   checkStorageClass OPENSEARCH_STORAGECLASS "$OPENSEARCH_STORAGECLASS"
-   sc="$storageClass" yq -i '.persistence.storageClass=env(sc)' "$autogeneratedYAMLFile"
-
-else
-   log_debug "Autogeneration of storageClass References NOT enabled"
+    if [ ! -f "$autogeneratedYAMLFile" ]; then
+        log_debug "Creating file [$autogeneratedYAMLFile]"
+        touch "$autogeneratedYAMLFile"
+    else
+        log_debug "File [$autogeneratedYAMLFile] already exists"
+    fi
+
+    storageClass="${OPENSEARCH_STORAGECLASS:-$STORAGECLASS}"
+    checkStorageClass OPENSEARCH_STORAGECLASS "$OPENSEARCH_STORAGECLASS"
+    sc="$storageClass" yq -i '.persistence.storageClass=env(sc)' "$autogeneratedYAMLFile"
+
+else
+    log_debug "Autogeneration of storageClass References NOT enabled"
 fi
 
 AUTOGENERATE_INGRESS="${AUTOGENERATE_INGRESS:-false}"
@@ -47,62 +47,60 @@
 
 if [ "$AUTOGENERATE_INGRESS" == "true" ] && [ "$OPENSEARCH_INGRESS_ENABLE"="true" ]; then
 
-   if [ ! -f "$autogeneratedYAMLFile" ]; then
-      log_debug "Creating file [$autogeneratedYAMLFile]"
-      touch "$autogeneratedYAMLFile"
-   else
-      log_debug "File [$autogeneratedYAMLFile] already exists"
-   fi
-
-   osIngressCert="${OPENSEARCH_INGRESS_CERT}"
-   osIngressKey="${OPENSEARCH_INGRESS_KEY}"
-
-   create_ingress_certs "$LOG_NS" "elasticsearch-ingress-tls-secret" "$osIngressCert" "$osIngressKey" 
-
-   ROUTING="${ROUTING:-host}"
-
-   ## tested with sample version: 0.2.1
-   ingressSampleFile="samples/ingress/${ROUTING}-based-ingress/logging/user-values-opensearch.yaml"
-
-   #intialized the yaml file w/appropriate ingress sample
-   yq -i eval-all '. as $item ireduce ({}; . * $item )' "$autogeneratedYAMLFile" "$ingressSampleFile"
-
-   
-   OPENSEARCH_FQDN="${OPENSEARCH_FQDN}"
-   OPENSEARCH_PATH="${OPENSEARCH_PATH:-search}"
-   if [ -z "$OPENSEARCH_FQDN" ]; then
-      if [ "$ROUTING" == "host" ]; then
-         OPENSEARCH_FQDN="$OPENSEARCH_PATH.$BASE_DOMAIN"
-      else
-         OPENSEARCH_FQDN="$BASE_DOMAIN"
-      fi
-   fi
-
-   log_debug "OPENSEARCH_INGRESS_ENABLE [$OPENSEARCH_INGRESS_ENABLE] OPENSEARCH_FQDN [$OPENSEARCH_FQDN] OPENSEARCH_PATH [$OPENSEARCH_PATH]"
-
-   export OPENSEARCH_INGRESS_ENABLE OPENSEARCH_FQDN OPENSEARCH_PATH
-
-   yq -i '.ingress.enabled=env(OPENSEARCH_INGRESS_ENABLE)'               $autogeneratedYAMLFile
-
-   if [ "$ROUTING" == "host" ]; then
-      yq -i '.ingress.hosts.[0]=env(OPENSEARCH_FQDN)'                    $autogeneratedYAMLFile
-      yq -i '.ingress.tls.[0].hosts.[0]=env(OPENSEARCH_FQDN)'            $autogeneratedYAMLFile
-   else
-      slashpath="/$OPENSEARCH_PATH" yq -i '.ingress.path=env(slashpath)' $autogeneratedYAMLFile
-      yq -i '.ingress.hosts.[0]=env(OPENSEARCH_FQDN)'                    $autogeneratedYAMLFile
-
-      yq -i '.ingress.tls.[0].hosts.[0]=env(OPENSEARCH_FQDN)'            $autogeneratedYAMLFile
-      slashpath="/$OPENSEARCH_PATH" yq -i '.ingress.annotations["nginx.ingress.kubernetes.io/rewrite-target"]=env(slashpath)' $autogeneratedYAMLFile
-
-      # Need to use printf to preserve newlines
-      printf -v snippet "rewrite (?i)/$OPENSEARCH_PATH/(.*) /\$1 break;\nrewrite (?i)/${OPENSEARCH_PATH}$ / break;"  ;
-      snippet="$snippet"    yq -i '.ingress.annotations["nginx.ingress.kubernetes.io/configuration-snippet"]=strenv(snippet)'  $autogeneratedYAMLFile
-
-   fi      
-else
-   log_debug "Autogeneration of ingresss NOT enabled and/or ingress NOT enabled for OpenSearch"
-fi
-
+    if [ ! -f "$autogeneratedYAMLFile" ]; then
+        log_debug "Creating file [$autogeneratedYAMLFile]"
+        touch "$autogeneratedYAMLFile"
+    else
+        log_debug "File [$autogeneratedYAMLFile] already exists"
+    fi
+
+    osIngressCert="${OPENSEARCH_INGRESS_CERT}"
+    osIngressKey="${OPENSEARCH_INGRESS_KEY}"
+
+    create_ingress_certs "$LOG_NS" "elasticsearch-ingress-tls-secret" "$osIngressCert" "$osIngressKey"
+
+    ROUTING="${ROUTING:-host}"
+
+    ## tested with sample version: 0.2.1
+    ingressSampleFile="samples/ingress/${ROUTING}-based-ingress/logging/user-values-opensearch.yaml"
+
+    #intialized the yaml file w/appropriate ingress sample
+    yq -i eval-all '. as $item ireduce ({}; . * $item )' "$autogeneratedYAMLFile" "$ingressSampleFile"
+
+    OPENSEARCH_FQDN="${OPENSEARCH_FQDN}"
+    OPENSEARCH_PATH="${OPENSEARCH_PATH:-search}"
+    if [ -z "$OPENSEARCH_FQDN" ]; then
+        if [ "$ROUTING" == "host" ]; then
+            OPENSEARCH_FQDN="$OPENSEARCH_PATH.$BASE_DOMAIN"
+        else
+            OPENSEARCH_FQDN="$BASE_DOMAIN"
+        fi
+    fi
+
+    log_debug "OPENSEARCH_INGRESS_ENABLE [$OPENSEARCH_INGRESS_ENABLE] OPENSEARCH_FQDN [$OPENSEARCH_FQDN] OPENSEARCH_PATH [$OPENSEARCH_PATH]"
+
+    export OPENSEARCH_INGRESS_ENABLE OPENSEARCH_FQDN OPENSEARCH_PATH
+
+    yq -i '.ingress.enabled=env(OPENSEARCH_INGRESS_ENABLE)' $autogeneratedYAMLFile
+
+    if [ "$ROUTING" == "host" ]; then
+        yq -i '.ingress.hosts.[0]=env(OPENSEARCH_FQDN)' $autogeneratedYAMLFile
+        yq -i '.ingress.tls.[0].hosts.[0]=env(OPENSEARCH_FQDN)' $autogeneratedYAMLFile
+    else
+        slashpath="/$OPENSEARCH_PATH" yq -i '.ingress.path=env(slashpath)' $autogeneratedYAMLFile
+        yq -i '.ingress.hosts.[0]=env(OPENSEARCH_FQDN)' $autogeneratedYAMLFile
+
+        yq -i '.ingress.tls.[0].hosts.[0]=env(OPENSEARCH_FQDN)' $autogeneratedYAMLFile
+        slashpath="/$OPENSEARCH_PATH" yq -i '.ingress.annotations["nginx.ingress.kubernetes.io/rewrite-target"]=env(slashpath)' $autogeneratedYAMLFile
+
+        # Need to use printf to preserve newlines
+        printf -v snippet "rewrite (?i)/$OPENSEARCH_PATH/(.*) /\$1 break;\nrewrite (?i)/${OPENSEARCH_PATH}$ / break;"
+        snippet="$snippet" yq -i '.ingress.annotations["nginx.ingress.kubernetes.io/configuration-snippet"]=strenv(snippet)' $autogeneratedYAMLFile
+
+    fi
+else
+    log_debug "Autogeneration of ingresss NOT enabled and/or ingress NOT enabled for OpenSearch"
+fi
 
 set -e
 
@@ -113,18 +111,18 @@
 checkDefaultStorageClass
 
 # Confirm namespace exists
-if [ "$(kubectl get ns $LOG_NS -o name 2>/dev/null)" == "" ]; then
-  log_error "Namespace [$LOG_NS] does NOT exist."
-  exit 1
+if [ "$(kubectl get ns $LOG_NS -o name 2> /dev/null)" == "" ]; then
+    log_error "Namespace [$LOG_NS] does NOT exist."
+    exit 1
 fi
 
 #Generate yaml files with all container-related keys
-generateImageKeysFile "$OS_FULL_IMAGE"          "logging/opensearch/os_container_image.template"
-generateImageKeysFile "$OS_SYSCTL_FULL_IMAGE"   "$imageKeysFile"  "OS_SYSCTL_"
+generateImageKeysFile "$OS_FULL_IMAGE" "logging/opensearch/os_container_image.template"
+generateImageKeysFile "$OS_SYSCTL_FULL_IMAGE" "$imageKeysFile" "OS_SYSCTL_"
 
 #Copy imageKeysFile since next call will replace existing one
 cp "$imageKeysFile" "$TMP_DIR/opensearch_imagekeysfile.yaml"
-generateImageKeysFile "$OS_FULL_IMAGE"          "logging/opensearch/os_initcontainer_image.template" "" "true"
+generateImageKeysFile "$OS_FULL_IMAGE" "logging/opensearch/os_initcontainer_image.template" "" "true"
 
 # get credentials
 export ES_ADMIN_PASSWD=${ES_ADMIN_PASSWD}
@@ -133,19 +131,19 @@
 export ES_METRICGETTER_PASSWD=${ES_METRICGETTER_PASSWD}
 
 # Create secrets containing internal user credentials
-create_user_secret internal-user-admin        admin        "$ES_ADMIN_PASSWD"         managed-by=v4m-es-script
-create_user_secret internal-user-kibanaserver kibanaserver "$ES_KIBANASERVER_PASSWD"  managed-by=v4m-es-script
-create_user_secret internal-user-logcollector logcollector "$ES_LOGCOLLECTOR_PASSWD"  managed-by=v4m-es-script
-create_user_secret internal-user-metricgetter metricgetter "$ES_METRICGETTER_PASSWD"  managed-by=v4m-es-script
+create_user_secret internal-user-admin admin "$ES_ADMIN_PASSWD" managed-by=v4m-es-script
+create_user_secret internal-user-kibanaserver kibanaserver "$ES_KIBANASERVER_PASSWD" managed-by=v4m-es-script
+create_user_secret internal-user-logcollector logcollector "$ES_LOGCOLLECTOR_PASSWD" managed-by=v4m-es-script
+create_user_secret internal-user-metricgetter metricgetter "$ES_METRICGETTER_PASSWD" managed-by=v4m-es-script
 
 #cert_generator="${CERT_GENERATOR:-openssl}"
 
 # Verify cert generator is available (if necessary)
 if verify_cert_generator $LOG_NS es-transport es-rest es-admin; then
-   log_debug "cert generator check OK [$cert_generator_ok]"
-else
-   log_error "One or more required TLS certs do not exist and the expected certificate generator mechanism [$CERT_GENERATOR] is not available to create the missing certs"
-   exit 1
+    log_debug "cert generator check OK [$cert_generator_ok]"
+else
+    log_error "One or more required TLS certs do not exist and the expected certificate generator mechanism [$CERT_GENERATOR] is not available to create the missing certs"
+    exit 1
 fi
 
 # Create/Get necessary TLS certs
@@ -155,15 +153,15 @@
 sleep 10
 
 # Get subject from admin and transport cert for opensearch.yaml
-if [ ! -f  $TMP_DIR/es-transport.pem ]; then
-   log_debug "Extracting es-transport cert from secret"
-   kubectl -n $LOG_NS get secret es-transport-tls-secret -o=jsonpath="{.data.tls\.crt}" |base64 --decode > $TMP_DIR/es-transport.pem
+if [ ! -f $TMP_DIR/es-transport.pem ]; then
+    log_debug "Extracting es-transport cert from secret"
+    kubectl -n $LOG_NS get secret es-transport-tls-secret -o=jsonpath="{.data.tls\.crt}" | base64 --decode > $TMP_DIR/es-transport.pem
 fi
 node_dn=$(openssl x509 -subject -nameopt RFC2253 -noout -in $TMP_DIR/es-transport.pem | sed -e "s/subject=\s*\(\S*\)/\1/" -e "s/^[ \t]*//")
 
-if [ ! -f  $TMP_DIR/es-admin.pem ]; then
-   log_debug "Extracting es-admin cert from secret"
-   kubectl -n $LOG_NS get secret es-admin-tls-secret -o=jsonpath="{.data.tls\.crt}" |base64 --decode > $TMP_DIR/es-admin.pem
+if [ ! -f $TMP_DIR/es-admin.pem ]; then
+    log_debug "Extracting es-admin cert from secret"
+    kubectl -n $LOG_NS get secret es-admin-tls-secret -o=jsonpath="{.data.tls\.crt}" | base64 --decode > $TMP_DIR/es-admin.pem
 fi
 admin_dn=$(openssl x509 -subject -nameopt RFC2253 -noout -in $TMP_DIR/es-admin.pem | sed -e "s/subject=\s*\(\S*\)/\1/" -e "s/^[ \t]*//")
 
@@ -171,62 +169,61 @@
 
 #write cert subjects to secret to be mounted as env var
 kubectl -n $LOG_NS delete secret opensearch-cert-subjects --ignore-not-found
-kubectl -n $LOG_NS create secret generic opensearch-cert-subjects  --from-literal=node_dn="$node_dn" --from-literal=admin_dn="$admin_dn"
-kubectl -n $LOG_NS label  secret opensearch-cert-subjects  managed-by=v4m-es-script
+kubectl -n $LOG_NS create secret generic opensearch-cert-subjects --from-literal=node_dn="$node_dn" --from-literal=admin_dn="$admin_dn"
+kubectl -n $LOG_NS label secret opensearch-cert-subjects managed-by=v4m-es-script
 
 # Create ConfigMap for securityadmin script
 kubectl -n $LOG_NS delete configmap run-securityadmin.sh --ignore-not-found
 kubectl -n $LOG_NS create configmap run-securityadmin.sh --from-file logging/opensearch/bin/run_securityadmin.sh
-kubectl -n $LOG_NS label  configmap run-securityadmin.sh managed-by=v4m-es-script search-backend=opensearch
+kubectl -n $LOG_NS label configmap run-securityadmin.sh managed-by=v4m-es-script search-backend=opensearch
 
 # Need to retrieve these from secrets in case secrets pre-existed
-export ES_ADMIN_USER=$(kubectl -n $LOG_NS get secret internal-user-admin -o=jsonpath="{.data.username}" |base64 --decode)
-export ES_ADMIN_PASSWD=$(kubectl -n $LOG_NS get secret internal-user-admin -o=jsonpath="{.data.password}" |base64 --decode)
-export ES_METRICGETTER_USER=$(kubectl -n $LOG_NS get secret internal-user-metricgetter -o=jsonpath="{.data.username}" |base64 --decode)
-export ES_METRICGETTER_PASSWD=$(kubectl -n $LOG_NS get secret internal-user-metricgetter -o=jsonpath="{.data.password}" |base64 --decode)
+export ES_ADMIN_USER=$(kubectl -n $LOG_NS get secret internal-user-admin -o=jsonpath="{.data.username}" | base64 --decode)
+export ES_ADMIN_PASSWD=$(kubectl -n $LOG_NS get secret internal-user-admin -o=jsonpath="{.data.password}" | base64 --decode)
+export ES_METRICGETTER_USER=$(kubectl -n $LOG_NS get secret internal-user-metricgetter -o=jsonpath="{.data.username}" | base64 --decode)
+export ES_METRICGETTER_PASSWD=$(kubectl -n $LOG_NS get secret internal-user-metricgetter -o=jsonpath="{.data.password}" | base64 --decode)
 
 # Generate message about autogenerated admin password
-adminpwd_autogenerated=$(kubectl -n $LOG_NS get secret internal-user-admin   -o jsonpath='{.metadata.labels.autogenerated_password}')
-if [ ! -z "$adminpwd_autogenerated"  ]; then
-   # Print info about how to obtain admin password
-   add_notice "                                                                    "
-   add_notice "**The OpenSearch 'admin' Account**"
-   add_notice "Generated 'admin' password:  $ES_ADMIN_PASSWD                       "
-   add_notice "To change the password for the 'admin' account at any time, run the "
-   add_notice "following command:                                                  "
-   add_notice "                                                                    "
-   add_notice "    logging/bin/change_internal_password.sh admin newPassword       "
-   add_notice "                                                                    "
-   add_notice "NOTE: *NEVER* change the password for the 'admin' account from within the"
-   add_notice "OpenSearch Dashboards web-interface.  The 'admin' password should *ONLY* be changed via "
-   add_notice "the change_internal_password.sh script in the logging/bin sub-directory."
-   add_notice "                                                                    "
-
-   LOGGING_DRIVER=${LOGGING_DRIVER:-false}
-   if [ "$LOGGING_DRIVER" != "true" ]; then
-      echo ""
-      display_notices
-      echo ""
-   fi
-fi
-
+adminpwd_autogenerated=$(kubectl -n $LOG_NS get secret internal-user-admin -o jsonpath='{.metadata.labels.autogenerated_password}')
+if [ ! -z "$adminpwd_autogenerated" ]; then
+    # Print info about how to obtain admin password
+    add_notice "                                                                    "
+    add_notice "**The OpenSearch 'admin' Account**"
+    add_notice "Generated 'admin' password:  $ES_ADMIN_PASSWD                       "
+    add_notice "To change the password for the 'admin' account at any time, run the "
+    add_notice "following command:                                                  "
+    add_notice "                                                                    "
+    add_notice "    logging/bin/change_internal_password.sh admin newPassword       "
+    add_notice "                                                                    "
+    add_notice "NOTE: *NEVER* change the password for the 'admin' account from within the"
+    add_notice "OpenSearch Dashboards web-interface.  The 'admin' password should *ONLY* be changed via "
+    add_notice "the change_internal_password.sh script in the logging/bin sub-directory."
+    add_notice "                                                                    "
+
+    LOGGING_DRIVER=${LOGGING_DRIVER:-false}
+    if [ "$LOGGING_DRIVER" != "true" ]; then
+        echo ""
+        display_notices
+        echo ""
+    fi
+fi
 
 # enable debug on Helm via env var
 export HELM_DEBUG="${HELM_DEBUG:-false}"
 
 if [ "$HELM_DEBUG" == "true" ]; then
-  helmDebug="--debug"
-fi
-
-helmRepoAdd opensearch  https://opensearch-project.github.io/helm-charts
+    helmDebug="--debug"
+fi
+
+helmRepoAdd opensearch https://opensearch-project.github.io/helm-charts
 
 # Check for existing OpenSearch helm release
 if [ "$(helm -n $LOG_NS list --filter 'opensearch' -q)" == "opensearch" ]; then
-   log_debug "The Helm release [opensearch] already exists; upgrading the release."
-   existingSearch="true"
-else
-   log_debug "The Helm release [opensearch] does NOT exist; deploying a new release."
-   existingSearch="false"
+    log_debug "The Helm release [opensearch] already exists; upgrading the release."
+    existingSearch="true"
+else
+    log_debug "The Helm release [opensearch] does NOT exist; deploying a new release."
+    existingSearch="false"
 fi
 
 helm2ReleaseCheck odfe-$LOG_NS
@@ -234,8 +231,8 @@
 # Check for existing Open Distro helm release
 if [ "$(helm -n $LOG_NS list --filter 'odfe' -q)" == "odfe" ]; then
 
-   log_error "An existing ODFE-based deployment was detected.  It must be removed before deploying the current version."
-   exit 1
+    log_error "An existing ODFE-based deployment was detected.  It must be removed before deploying the current version."
+    exit 1
 
 fi
 
@@ -242,47 +239,47 @@
 # OpenSearch user customizations
 ES_OPEN_USER_YAML="${ES_OPEN_USER_YAML:-$USER_DIR/logging/user-values-opensearch.yaml}"
 if [ ! -f "$ES_OPEN_USER_YAML" ]; then
-  log_debug "[$ES_OPEN_USER_YAML] not found. Using $TMP_DIR/empty.yaml"
-  ES_OPEN_USER_YAML=$TMP_DIR/empty.yaml
-fi
-
-if [ -z "$(kubectl -n $LOG_NS get secret opensearch-securityconfig -o name 2>/dev/null)" ]; then
-
-   kubectl -n $LOG_NS delete secret opensearch-securityconfig --ignore-not-found
-
-   #Copy OpenSearch Security Configuration files
-   mkdir -p $TMP_DIR/opensearch/securityconfig
-   cp logging/opensearch/securityconfig/*.yml $TMP_DIR/opensearch/securityconfig
-   #Overlay OpenSearch security configuration files from USER_DIR (if exists)
-   if [ -d "$USER_DIR/logging/opensearch/securityconfig" ]; then
-      log_debug "OpenSearch Security Configuration directory found w/in USER_DIR [$USER_DIR]"
-
-      if [ "$(ls $USER_DIR/logging/opensearch/securityconfig/*.yml 2>/dev/null)" ]; then
-        log_info "Copying OpenSearch Security Configuration files from [$USER_DIR/logging/opensearch/securityconfig]"
-        cp $USER_DIR/logging/opensearch/securityconfig/*.yml $TMP_DIR/opensearch/securityconfig
-      else
-         log_debug "No YAML (*.yml) files found in USER_DIR/opensearch/securityconfig directory"
-      fi
-   fi
-
-   #create secret containing OpenSearch security configuration yaml files
-   #NOTE: whitelist.yml file is only created due to apparent bug in OpenSearch
-   #      which causes an ERROR when securityAdmin.sh is run without it 
-   kubectl -n $LOG_NS create secret generic opensearch-securityconfig    \
-       --from-file $TMP_DIR/opensearch/securityconfig/action_groups.yml  \
-       --from-file $TMP_DIR/opensearch/securityconfig/allowlist.yml      \
-       --from-file whitelist.yml=$TMP_DIR/opensearch/securityconfig/allowlist.yml      \
-       --from-file $TMP_DIR/opensearch/securityconfig/config.yml         \
-       --from-file $TMP_DIR/opensearch/securityconfig/internal_users.yml \
-       --from-file $TMP_DIR/opensearch/securityconfig/nodes_dn.yml       \
-       --from-file $TMP_DIR/opensearch/securityconfig/roles.yml          \
-       --from-file $TMP_DIR/opensearch/securityconfig/roles_mapping.yml  \
-       --from-file $TMP_DIR/opensearch/securityconfig/tenants.yml
-
-   kubectl -n $LOG_NS label secret opensearch-securityconfig  managed-by=v4m-es-script
-
-else
-   log_verbose "Using existing secret [opensearch-securityconfig] for OpenSearch Security Configuration"
+    log_debug "[$ES_OPEN_USER_YAML] not found. Using $TMP_DIR/empty.yaml"
+    ES_OPEN_USER_YAML=$TMP_DIR/empty.yaml
+fi
+
+if [ -z "$(kubectl -n $LOG_NS get secret opensearch-securityconfig -o name 2> /dev/null)" ]; then
+
+    kubectl -n $LOG_NS delete secret opensearch-securityconfig --ignore-not-found
+
+    #Copy OpenSearch Security Configuration files
+    mkdir -p $TMP_DIR/opensearch/securityconfig
+    cp logging/opensearch/securityconfig/*.yml $TMP_DIR/opensearch/securityconfig
+    #Overlay OpenSearch security configuration files from USER_DIR (if exists)
+    if [ -d "$USER_DIR/logging/opensearch/securityconfig" ]; then
+        log_debug "OpenSearch Security Configuration directory found w/in USER_DIR [$USER_DIR]"
+
+        if [ "$(ls $USER_DIR/logging/opensearch/securityconfig/*.yml 2> /dev/null)" ]; then
+            log_info "Copying OpenSearch Security Configuration files from [$USER_DIR/logging/opensearch/securityconfig]"
+            cp $USER_DIR/logging/opensearch/securityconfig/*.yml $TMP_DIR/opensearch/securityconfig
+        else
+            log_debug "No YAML (*.yml) files found in USER_DIR/opensearch/securityconfig directory"
+        fi
+    fi
+
+    #create secret containing OpenSearch security configuration yaml files
+    #NOTE: whitelist.yml file is only created due to apparent bug in OpenSearch
+    #      which causes an ERROR when securityAdmin.sh is run without it
+    kubectl -n $LOG_NS create secret generic opensearch-securityconfig \
+        --from-file $TMP_DIR/opensearch/securityconfig/action_groups.yml \
+        --from-file $TMP_DIR/opensearch/securityconfig/allowlist.yml \
+        --from-file whitelist.yml=$TMP_DIR/opensearch/securityconfig/allowlist.yml \
+        --from-file $TMP_DIR/opensearch/securityconfig/config.yml \
+        --from-file $TMP_DIR/opensearch/securityconfig/internal_users.yml \
+        --from-file $TMP_DIR/opensearch/securityconfig/nodes_dn.yml \
+        --from-file $TMP_DIR/opensearch/securityconfig/roles.yml \
+        --from-file $TMP_DIR/opensearch/securityconfig/roles_mapping.yml \
+        --from-file $TMP_DIR/opensearch/securityconfig/tenants.yml
+
+    kubectl -n $LOG_NS label secret opensearch-securityconfig managed-by=v4m-es-script
+
+else
+    log_verbose "Using existing secret [opensearch-securityconfig] for OpenSearch Security Configuration"
 fi
 
 # OpenSearch
@@ -293,11 +290,11 @@
 
 # Optional workload node placement support
 if [ "$LOG_NODE_PLACEMENT_ENABLE" == "true" ]; then
-  log_verbose "Enabling OpenSearch for workload node placement"
-  wnpValuesFile="logging/node-placement/values-opensearch-wnp.yaml"
-else
-  log_debug "Workload node placement support is disabled for OpenSearch"
-  wnpValuesFile="$TMP_DIR/empty.yaml"
+    log_verbose "Enabling OpenSearch for workload node placement"
+    wnpValuesFile="logging/node-placement/values-opensearch-wnp.yaml"
+else
+    log_debug "Workload node placement support is disabled for OpenSearch"
+    wnpValuesFile="$TMP_DIR/empty.yaml"
 fi
 
 OPENSHIFT_SPECIFIC_YAML=$TMP_DIR/empty.yaml
@@ -305,21 +302,18 @@
     OPENSHIFT_SPECIFIC_YAML=logging/openshift/values-opensearch-openshift.yaml
 fi
 
-
 # YAML file container auto-generated ingress definitions (or not)
 if [ ! -f "$autogeneratedYAMLFile" ]; then
-  log_debug "[$autogeneratedYAMLFile] not found. Using $TMP_DIR/empty.yaml"
-  autogeneratedYAMLFile="$TMP_DIR/empty.yaml"
-fi
-
+    log_debug "[$autogeneratedYAMLFile] not found. Using $TMP_DIR/empty.yaml"
+    autogeneratedYAMLFile="$TMP_DIR/empty.yaml"
+fi
 
 # Get Helm Chart Name
 log_debug "OpenSearch Helm Chart: repo [$OPENSEARCH_HELM_CHART_REPO] name [$OPENSEARCH_HELM_CHART_NAME] version [$OPENSEARCH_HELM_CHART_VERSION]"
 chart2install="$(get_helmchart_reference $OPENSEARCH_HELM_CHART_REPO $OPENSEARCH_HELM_CHART_NAME $OPENSEARCH_HELM_CHART_VERSION)"
-versionstring="$(get_helm_versionstring  $OPENSEARCH_HELM_CHART_VERSION)"
+versionstring="$(get_helm_versionstring $OPENSEARCH_HELM_CHART_VERSION)"
 log_debug "Installing Helm chart from artifact [$chart2install]"
 
-
 # Deploy OpenSearch via Helm chart
 # NOTE: nodeGroup needed to get resource names we want
 helm $helmDebug upgrade --install opensearch \
@@ -331,7 +325,7 @@
     --values "$autogeneratedYAMLFile" \
     --values "$ES_OPEN_USER_YAML" \
     --values "$OPENSHIFT_SPECIFIC_YAML" \
-    --set nodeGroup=primary  \
+    --set nodeGroup=primary \
     --set masterService=v4m-search \
     --set fullnameOverride=v4m-search \
     $versionstring \
@@ -339,21 +333,20 @@
 
 # waiting for PVCs to be bound
 declare -i pvcCounter=0
-pvc_status=$(kubectl -n $LOG_NS get pvc  v4m-search-v4m-search-0  -o=jsonpath="{.status.phase}")
-until [ "$pvc_status" == "Bound" ] || (( $pvcCounter>90 ));
-do
-   sleep 5
-   pvcCounter=$((pvcCounter+5))
-   pvc_status=$(kubectl -n $LOG_NS get pvc v4m-search-v4m-search-0 -o=jsonpath="{.status.phase}")
+pvc_status=$(kubectl -n $LOG_NS get pvc v4m-search-v4m-search-0 -o=jsonpath="{.status.phase}")
+until [ "$pvc_status" == "Bound" ] || ((pvcCounter > 90)); do
+    sleep 5
+    pvcCounter=$((pvcCounter + 5))
+    pvc_status=$(kubectl -n $LOG_NS get pvc v4m-search-v4m-search-0 -o=jsonpath="{.status.phase}")
 done
 
 # Confirm PVC is "bound" (matched) to PV
-pvc_status=$(kubectl -n $LOG_NS get pvc  v4m-search-v4m-search-0  -o=jsonpath="{.status.phase}")
-if [ "$pvc_status" != "Bound" ];  then
-      log_error "It appears that the PVC [v4m-search-v4m-search-0] associated with the [v4m-search-0] node has not been bound to a PV."
-      log_error "The status of the PVC is [$pvc_status]"
-      log_error "After ensuring all claims shown as Pending can be satisfied; run the remove_opensearch.sh script and try again."
-      exit 1
+pvc_status=$(kubectl -n $LOG_NS get pvc v4m-search-v4m-search-0 -o=jsonpath="{.status.phase}")
+if [ "$pvc_status" != "Bound" ]; then
+    log_error "It appears that the PVC [v4m-search-v4m-search-0] associated with the [v4m-search-0] node has not been bound to a PV."
+    log_error "The status of the PVC is [$pvc_status]"
+    log_error "After ensuring all claims shown as Pending can be satisfied; run the remove_opensearch.sh script and try again."
+    exit 1
 fi
 log_verbose "The PVC [v4m-search-v4m-search-0] have been bound to PVs"
 
@@ -361,9 +354,8 @@
 log_info "Waiting on OpenSearch pods to be Ready"
 kubectl -n $LOG_NS wait pods v4m-search-0 --for=condition=Ready --timeout=10m
 
-
 # TO DO: Convert to curl command to detect ES is up?
-# hitting https:/host:port -u adminuser:adminpwd --insecure 
+# hitting https:/host:port -u adminuser:adminpwd --insecure
 # returns "OpenDistro Security not initialized." and 503 when up
 log_verbose "Waiting [2] minutes to allow OpenSearch to initialize [$(date)]"
 sleep 120
@@ -372,19 +364,19 @@
 
 # Run the security admin script on the pod
 # Add some logic to find ES release
-if [ "$existingSearch" == "false" ] ; then
-  kubectl -n $LOG_NS exec v4m-search-0 -c opensearch -- config/run_securityadmin.sh
-  # Retrieve log file from security admin script
-  kubectl -n $LOG_NS cp v4m-search-0:config/run_securityadmin.log $TMP_DIR/run_securityadmin.log -c opensearch
-  if [ "$(tail -n1  $TMP_DIR/run_securityadmin.log)" == "Done with success" ]; then
-    log_verbose "The run_securityadmin.log script appears to have run successfully; you can review its output below:"
-  else
-    log_warn "There may have been a problem with the run_securityadmin.log script; review the output below:"
-  fi
-  # show output from run_securityadmin.sh script
-  sed 's/^/   | /' $TMP_DIR/run_securityadmin.log
-else
-  log_verbose "Existing OpenSearch release found. Skipping OpenSearch security initialization."
+if [ "$existingSearch" == "false" ]; then
+    kubectl -n $LOG_NS exec v4m-search-0 -c opensearch -- config/run_securityadmin.sh
+    # Retrieve log file from security admin script
+    kubectl -n $LOG_NS cp v4m-search-0:config/run_securityadmin.log $TMP_DIR/run_securityadmin.log -c opensearch
+    if [ "$(tail -n1 $TMP_DIR/run_securityadmin.log)" == "Done with success" ]; then
+        log_verbose "The run_securityadmin.log script appears to have run successfully; you can review its output below:"
+    else
+        log_warn "There may have been a problem with the run_securityadmin.log script; review the output below:"
+    fi
+    # show output from run_securityadmin.sh script
+    sed 's/^/   | /' $TMP_DIR/run_securityadmin.log
+else
+    log_verbose "Existing OpenSearch release found. Skipping OpenSearch security initialization."
 fi
 
 set -e
@@ -391,8 +383,8 @@
 
 #Container Security: Disable serviceAccount Token Automounting
 if [ "$OPENSHIFT_CLUSTER" == "true" ]; then
-   disable_sa_token_automount $LOG_NS v4m-os
-   #NOTE: On other providers, OpenSearch pods linked to the 'default' serviceAccount
+    disable_sa_token_automount $LOG_NS v4m-os
+    #NOTE: On other providers, OpenSearch pods linked to the 'default' serviceAccount
 fi
 
 log_info "OpenSearch has been deployed"
diff logging/bin/deploy_opensearch_content.sh.orig logging/bin/deploy_opensearch_content.sh
--- logging/bin/deploy_opensearch_content.sh.orig
+++ logging/bin/deploy_opensearch_content.sh
@@ -9,7 +9,7 @@
 source logging/bin/apiaccess-include.sh
 source logging/bin/rbac-include.sh
 
-this_script=`basename "$0"`
+this_script=$(basename "$0")
 
 log_debug "Script [$this_script] has started [$(date)]"
 
@@ -16,8 +16,8 @@
 ES_CONTENT_DEPLOY=${ES_CONTENT_DEPLOY:-${ELASTICSEARCH_ENABLE:-true}}
 
 if [ "$ES_CONTENT_DEPLOY" != "true" ]; then
-  log_verbose "Environment variable [ES_CONTENT_DEPLOY] is not set to 'true'; exiting WITHOUT deploying content into OpenSearch"
-  exit 0
+    log_verbose "Environment variable [ES_CONTENT_DEPLOY] is not set to 'true'; exiting WITHOUT deploying content into OpenSearch"
+    exit 0
 fi
 
 log_info "Loading Content into OpenSearch"
@@ -30,181 +30,178 @@
 # check for pre-reqs
 
 # Confirm namespace exists
-if [ "$(kubectl get ns $LOG_NS -o name 2>/dev/null)" == "" ]; then
-  log_error "Namespace [$LOG_NS] does NOT exist."
-  exit 1
-fi
-
+if [ "$(kubectl get ns $LOG_NS -o name 2> /dev/null)" == "" ]; then
+    log_error "Namespace [$LOG_NS] does NOT exist."
+    exit 1
+fi
 
 # get credentials
 get_credentials_from_secret admin
 rc=$?
-if [ "$rc" != "0" ] ;then log_debug "RC=$rc"; exit $rc;fi
+if [ "$rc" != "0" ]; then
+    log_debug "RC=$rc"
+    exit $rc
+fi
 
 get_ism_api_url
 
 # Confirm OpenSearch is ready
-for pause in 30 30 30 30 30 30 60
-do
-   response=$(curl -s -o /dev/null -w  "%{http_code}" -XGET  "$es_api_url"  --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD  --insecure)
-   # returns 503 (and outputs "Open Distro Security not initialized.") when ODFE isn't ready yet
-   # TO DO: check for 503 specifically?
-
-   if [[ $response != 2* ]]; then
-      log_verbose "The OpenSearch REST endpoint does not appear to be quite ready [$response]; sleeping for [$pause] more seconds before checking again."
-      sleep ${pause}
-   else
-      log_debug "The OpenSearch REST endpoint appears to be ready...continuing"
-      esready="TRUE"
-      break
-   fi
+for pause in 30 30 30 30 30 30 60; do
+    response=$(curl -s -o /dev/null -w "%{http_code}" -XGET "$es_api_url" --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
+    # returns 503 (and outputs "Open Distro Security not initialized.") when ODFE isn't ready yet
+    # TO DO: check for 503 specifically?
+
+    if [[ $response != 2* ]]; then
+        log_verbose "The OpenSearch REST endpoint does not appear to be quite ready [$response]; sleeping for [$pause] more seconds before checking again."
+        sleep ${pause}
+    else
+        log_debug "The OpenSearch REST endpoint appears to be ready...continuing"
+        esready="TRUE"
+        break
+    fi
 done
 
 if [ "$esready" != "TRUE" ]; then
-   log_error "The OpenSearch REST endpoint has NOT become accessible in the expected time; exiting."
-   log_error "Review the OpenSearch pod's events and log to identify the issue and resolve it before trying again."
-   exit 1
-fi
-
+    log_error "The OpenSearch REST endpoint has NOT become accessible in the expected time; exiting."
+    log_error "Review the OpenSearch pod's events and log to identify the issue and resolve it before trying again."
+    exit 1
+fi
 
 # Create Index Management (I*M) Policy  objects
 function set_retention_period {
 
-   #Arguments
-   policy_name=$1                                   # Name of policy...also, used to construct name of json file to load
-   retention_period_var=$2                          # Name of env var that can be used to specify retention period
-
-   log_debug "Function called: set_retention_perid ARGS: $@"
-
-   retention_period=${!retention_period_var}        # Retention Period (unit: days)
-
-   digits_re='^[0-9]+$'
-
-   cp logging/opensearch/${policy_name}.json $TMP_DIR/$policy_name.json
-
-   # confirm value is number
-   if ! [[ $retention_period =~ $digits_re ]]; then
-      log_error "An invalid valid was provided for [$retention_period_var]; exiting."
-      exit 1
-   fi
-
-   #Update retention period in json file prior to loading it
-   sed -i'.bak' "s/\"min_index_age\": \"xxxRETENTION_PERIODxxx\"/\"min_index_age\": \"${retention_period}d\"/g" $TMP_DIR/$policy_name.json
-
-   log_debug "Contents of $policy_name.json after substitution:"
-   log_debug "$(cat $TMP_DIR/${policy_name}.json)"
-
-   # Load policy into OpenSearch via API
-   response=$(curl -s -o /dev/null  -w "%{http_code}" -XPUT "$ism_api_url/policies/$policy_name" -H 'Content-Type: application/json' -d @$TMP_DIR/$policy_name.json  --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
-   if [[ $response == 409 ]]; then
-      log_info "The index management policy [$policy_name] already exist in OpenSearch; skipping load and using existing policy."
-   elif [[ $response != 2* ]]; then
-      log_error "There was an issue loading index management policy [$policy_name] into OpenSearch [$response]"
-      exit 1
-   else
-      log_debug "Index management policy [$policy_name] loaded into OpenSearch [$response]"
-   fi
+    #Arguments
+    policy_name=$1          # Name of policy...also, used to construct name of json file to load
+    retention_period_var=$2 # Name of env var that can be used to specify retention period
+
+    log_debug "Function called: set_retention_perid ARGS: $@"
+
+    retention_period=${!retention_period_var} # Retention Period (unit: days)
+
+    digits_re='^[0-9]+$'
+
+    cp logging/opensearch/${policy_name}.json $TMP_DIR/$policy_name.json
+
+    # confirm value is number
+    if ! [[ $retention_period =~ $digits_re ]]; then
+        log_error "An invalid valid was provided for [$retention_period_var]; exiting."
+        exit 1
+    fi
+
+    #Update retention period in json file prior to loading it
+    sed -i'.bak' "s/\"min_index_age\": \"xxxRETENTION_PERIODxxx\"/\"min_index_age\": \"${retention_period}d\"/g" $TMP_DIR/$policy_name.json
+
+    log_debug "Contents of $policy_name.json after substitution:"
+    log_debug "$(cat $TMP_DIR/${policy_name}.json)"
+
+    # Load policy into OpenSearch via API
+    response=$(curl -s -o /dev/null -w "%{http_code}" -XPUT "$ism_api_url/policies/$policy_name" -H 'Content-Type: application/json' -d @$TMP_DIR/$policy_name.json --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
+    if [[ $response == 409 ]]; then
+        log_info "The index management policy [$policy_name] already exist in OpenSearch; skipping load and using existing policy."
+    elif [[ $response != 2* ]]; then
+        log_error "There was an issue loading index management policy [$policy_name] into OpenSearch [$response]"
+        exit 1
+    else
+        log_debug "Index management policy [$policy_name] loaded into OpenSearch [$response]"
+    fi
 }
 
 #Patch ODFE 1.7.0 ISM policies to ODFE 1.13.x format
 function add_ism_template {
-   local policy_name pattern
-
-   #Arguments
-   policy_name=$1                                   # Name of policy
-   pattern=$2                                       # Index pattern to associate with policy
-   priority=${3:-100}                               # Index Priority (Higher values ==> reloaded first)
-
-   response=$(curl -s -o $TMP_DIR/ism_policy_patch.json -w "%{http_code}" -XGET "$ism_api_url/policies/$policy_name" --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
-   if [[ $response != 2* ]]; then
-      log_debug "No ISM policy [$policy_name] found to patch; moving on.[$response]"
-      return
-   fi
-
-   if [ -n "$(cat $TMP_DIR/ism_policy_patch.json |grep '"ism_template":null')" ]; then
-      log_debug "No ISM Template on policy [$policy_name]; adding one."
-
-      #remove crud returned but not needed
-      sed -i'.bak'  "s/\"_id\":\"${policy_name}\",//;s/\"_version\":[0-9]*,//;s/\"_seq_no\":[0-9]*,//;s/\"_primary_term\":[0-9]*,//" $TMP_DIR/ism_policy_patch.json
-
-      #add ISM_Template to existing ISM policy
-      sed -i'.bak'  "s/\"ism_template\":null/\"ism_template\": {\"index_patterns\": \[\"${pattern}\"\],\"priority\":${priority}}/g" $TMP_DIR/ism_policy_patch.json
-
-      #delete exisiting policy
-      response=$(curl -s -o /dev/null   -w "%{http_code}" -XDELETE "$ism_api_url/policies/$policy_name" --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
-      if [[ $response != 2* ]]; then
-         log_warn "Error encountered deleting index management policy [$policy_name] before patching to add ISM template stanza [$response]."
-         log_warn "Review the index managment policy [$policy_name] within OpenSearch Dashboards to ensure it is properly configured and linked to appropriate indexes [$pattern]."
-         return
-      else
-         log_debug "Index policy [$policy_name] deleted [$response]."
-      fi
-
-      #handle change in policy name w/ our 1.1.0 release
-      if [ "$policy_name" == "viya_infra_idxmgmt_policy" ]; then
-         sed -i'.bak' "s/viya_infra_idxmgmt_policy/viya-infra-idxmgmt-policy/g"  $TMP_DIR/ism_policy_patch.json
-         policy_name="viya-infra-idxmgmt-policy"
-      fi
-
-
-      #load revised policy
-      response=$(curl -s -o /dev/null -w "%{http_code}" -XPUT "$ism_api_url/policies/$policy_name"  -H 'Content-Type: application/json' -d "@$TMP_DIR/ism_policy_patch.json" --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
-      if [[ $response != 2* ]]; then
-         log_warn "Unable to update index management policy [$policy_name] to add a ISM_TEMPLATE stanza [$response]"
-         log_warn "Review/create the index managment policy [$policy_name] within OpenSearch Dashboards to ensure it is properly configured and linked to appropriate indexes [$pattern]."
-         return
-      else
-         log_info "Index management policy [$policy_name] loaded into OpenSearch [$response]"
-      fi
-   else
-      log_debug "The policy definition for [$policy_name] already includes an ISM Template stanza; no need to patch."
-      return
-   fi
-}
-
+    local policy_name pattern
+
+    #Arguments
+    policy_name=$1     # Name of policy
+    pattern=$2         # Index pattern to associate with policy
+    priority=${3:-100} # Index Priority (Higher values ==> reloaded first)
+
+    response=$(curl -s -o $TMP_DIR/ism_policy_patch.json -w "%{http_code}" -XGET "$ism_api_url/policies/$policy_name" --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
+    if [[ $response != 2* ]]; then
+        log_debug "No ISM policy [$policy_name] found to patch; moving on.[$response]"
+        return
+    fi
+
+    if [ -n "$(cat $TMP_DIR/ism_policy_patch.json | grep '"ism_template":null')" ]; then
+        log_debug "No ISM Template on policy [$policy_name]; adding one."
+
+        #remove crud returned but not needed
+        sed -i'.bak' "s/\"_id\":\"${policy_name}\",//;s/\"_version\":[0-9]*,//;s/\"_seq_no\":[0-9]*,//;s/\"_primary_term\":[0-9]*,//" $TMP_DIR/ism_policy_patch.json
+
+        #add ISM_Template to existing ISM policy
+        sed -i'.bak' "s/\"ism_template\":null/\"ism_template\": {\"index_patterns\": \[\"${pattern}\"\],\"priority\":${priority}}/g" $TMP_DIR/ism_policy_patch.json
+
+        #delete exisiting policy
+        response=$(curl -s -o /dev/null -w "%{http_code}" -XDELETE "$ism_api_url/policies/$policy_name" --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
+        if [[ $response != 2* ]]; then
+            log_warn "Error encountered deleting index management policy [$policy_name] before patching to add ISM template stanza [$response]."
+            log_warn "Review the index managment policy [$policy_name] within OpenSearch Dashboards to ensure it is properly configured and linked to appropriate indexes [$pattern]."
+            return
+        else
+            log_debug "Index policy [$policy_name] deleted [$response]."
+        fi
+
+        #handle change in policy name w/ our 1.1.0 release
+        if [ "$policy_name" == "viya_infra_idxmgmt_policy" ]; then
+            sed -i'.bak' "s/viya_infra_idxmgmt_policy/viya-infra-idxmgmt-policy/g" $TMP_DIR/ism_policy_patch.json
+            policy_name="viya-infra-idxmgmt-policy"
+        fi
+
+        #load revised policy
+        response=$(curl -s -o /dev/null -w "%{http_code}" -XPUT "$ism_api_url/policies/$policy_name" -H 'Content-Type: application/json' -d "@$TMP_DIR/ism_policy_patch.json" --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
+        if [[ $response != 2* ]]; then
+            log_warn "Unable to update index management policy [$policy_name] to add a ISM_TEMPLATE stanza [$response]"
+            log_warn "Review/create the index managment policy [$policy_name] within OpenSearch Dashboards to ensure it is properly configured and linked to appropriate indexes [$pattern]."
+            return
+        else
+            log_info "Index management policy [$policy_name] loaded into OpenSearch [$response]"
+        fi
+    else
+        log_debug "The policy definition for [$policy_name] already includes an ISM Template stanza; no need to patch."
+        return
+    fi
+}
 
 LOG_RETENTION_PERIOD="${LOG_RETENTION_PERIOD:-3}"
 set_retention_period viya_logs_idxmgmt_policy LOG_RETENTION_PERIOD
-add_ism_template "viya_logs_idxmgmt_policy" "viya_logs-*"  100
+add_ism_template "viya_logs_idxmgmt_policy" "viya_logs-*" 100
 
 # Create Ingest Pipeline to "burst" incoming log messages to separate indexes based on namespace
-response=$(curl  -s -o /dev/null -w "%{http_code}"  -XPUT "$es_api_url/_ingest/pipeline/viyaburstns" -H 'Content-Type: application/json' -d @logging/opensearch/create_ns_burst_pipeline.json  --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
-# request returns: {"acknowledged":true}
-if [[ $response != 2* ]]; then
-   log_error "There was an issue loading ingest pipeline into OpenSearch [$response]"
-   exit 1
-else
-   log_debug "Ingest pipeline definition loaded into OpenSearch [$response]"
+response=$(curl -s -o /dev/null -w "%{http_code}" -XPUT "$es_api_url/_ingest/pipeline/viyaburstns" -H 'Content-Type: application/json' -d @logging/opensearch/create_ns_burst_pipeline.json --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
+# request returns: {"acknowledged":true}
+if [[ $response != 2* ]]; then
+    log_error "There was an issue loading ingest pipeline into OpenSearch [$response]"
+    exit 1
+else
+    log_debug "Ingest pipeline definition loaded into OpenSearch [$response]"
 fi
 
 # Configure index template settings and link Ingest Pipeline to Index Template
-response=$(curl  -s -o /dev/null -w "%{http_code}" -XPUT "$es_api_url/_template/viya-logs-template"  -H 'Content-Type: application/json' -d @logging/opensearch/set_index_template_settings_logs.json --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure )
-# request returns: {"acknowledged":true}
-if [[ $response != 2* ]]; then
-   log_error "There was an issue loading index template settings into OpenSearch [$response]"
-   exit 1
-else
-   log_debug "Index template settings loaded into OpenSearch [$response]"
+response=$(curl -s -o /dev/null -w "%{http_code}" -XPUT "$es_api_url/_template/viya-logs-template" -H 'Content-Type: application/json' -d @logging/opensearch/set_index_template_settings_logs.json --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
+# request returns: {"acknowledged":true}
+if [[ $response != 2* ]]; then
+    log_error "There was an issue loading index template settings into OpenSearch [$response]"
+    exit 1
+else
+    log_debug "Index template settings loaded into OpenSearch [$response]"
 fi
 
 if [ "$OPENSHIFT_CLUSTER" == "true" ]; then
-   # INFRASTRUCTURE LOGS
-   # Handle "infrastructure" logs differently
-   INFRA_LOG_RETENTION_PERIOD="${INFRA_LOG_RETENTION_PERIOD:-1}"
-   set_retention_period viya_infra_idxmgmt_policy INFRA_LOG_RETENTION_PERIOD
-   add_ism_template "viya_infra_idxmgmt_policy"  "viya_logs-openshift-*"   5
-
-   # Link index management policy Index Template
-   response=$(curl  -s -o /dev/null -w "%{http_code}" -XPUT "$es_api_url/_template/viya-infra-template"   -H 'Content-Type: application/json' -d @logging/opensearch/set_index_template_settings_infra_openshift.json --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure )
-   # request returns: {"acknowledged":true}
-   if [[ $response != 2* ]]; then
-      log_error "There was an issue loading infrastructure index template settings into OpenSearch [$response]"
-      exit 1
-   else
-      log_info "Infrastructure index template settings loaded into OpenSearch [$response]"
-  fi
-fi
-
+    # INFRASTRUCTURE LOGS
+    # Handle "infrastructure" logs differently
+    INFRA_LOG_RETENTION_PERIOD="${INFRA_LOG_RETENTION_PERIOD:-1}"
+    set_retention_period viya_infra_idxmgmt_policy INFRA_LOG_RETENTION_PERIOD
+    add_ism_template "viya_infra_idxmgmt_policy" "viya_logs-openshift-*" 5
+
+    # Link index management policy Index Template
+    response=$(curl -s -o /dev/null -w "%{http_code}" -XPUT "$es_api_url/_template/viya-infra-template" -H 'Content-Type: application/json' -d @logging/opensearch/set_index_template_settings_infra_openshift.json --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
+    # request returns: {"acknowledged":true}
+    if [[ $response != 2* ]]; then
+        log_error "There was an issue loading infrastructure index template settings into OpenSearch [$response]"
+        exit 1
+    else
+        log_info "Infrastructure index template settings loaded into OpenSearch [$response]"
+    fi
+fi
 
 # METALOGGING: Create index management policy object & link policy to index template
 # ...index management policy automates the deletion of indexes after the specified time
@@ -211,17 +208,17 @@
 
 OPS_LOG_RETENTION_PERIOD="${OPS_LOG_RETENTION_PERIOD:-1}"
 set_retention_period viya_ops_idxmgmt_policy OPS_LOG_RETENTION_PERIOD
-add_ism_template "viya_ops_idxmgmt_policy"  "viya_ops-*"  50
+add_ism_template "viya_ops_idxmgmt_policy" "viya_ops-*" 50
 
 # Load template
-response=$(curl -s -o /dev/null -w "%{http_code}" -XPUT "$es_api_url/_template/viya-ops-template" -H 'Content-Type: application/json'  -d @logging/opensearch/set_index_template_settings_ops.json --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
-# request returns: {"acknowledged":true}
-
-if [[ $response != 2* ]]; then
-   log_error "There was an issue loading monitoring index template settings into OpenSearch [$response]"
-   exit 1
-else
-   log_debug "Monitoring index template template settings loaded into OpenSearch [$response]"
+response=$(curl -s -o /dev/null -w "%{http_code}" -XPUT "$es_api_url/_template/viya-ops-template" -H 'Content-Type: application/json' -d @logging/opensearch/set_index_template_settings_ops.json --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
+# request returns: {"acknowledged":true}
+
+if [[ $response != 2* ]]; then
+    log_error "There was an issue loading monitoring index template settings into OpenSearch [$response]"
+    exit 1
+else
+    log_debug "Monitoring index template template settings loaded into OpenSearch [$response]"
 fi
 echo ""
 
@@ -236,45 +233,43 @@
 LOG_CREATE_LOGADM_USER=${LOG_CREATE_LOGADM_USER:-true}
 if [ "$LOG_CREATE_LOGADM_USER" == "true" ]; then
 
-   if user_exists logadm; then
-      log_warn "A user 'logadm' already exists; leaving that user as-is.  Review its definition in OpenSearch Dashboards and update it, or create another user, as needed."
-   else
-      log_debug "Creating the 'logadm' user"
-
-      LOG_LOGADM_PASSWD=${LOG_LOGADM_PASSWD:-$ES_ADMIN_PASSWD}
-      if [ -z "$LOG_LOGADM_PASSWD" ]; then
-         log_debug "Creating a random password for the 'logadm' user"
-         LOG_LOGADM_PASSWD="$(randomPassword)"
-         add_notice ""
-         add_notice "**The OpenSearch 'logadm' Account**"
-         add_notice "Generated 'logadm' password:  $LOG_LOGADM_PASSWD"
-      fi
-
-      #create the user
-      LOGGING_DRIVER=true ./logging/bin/user.sh CREATE -ns _all_ -t _all_ -u logadm -p $LOG_LOGADM_PASSWD
-   fi
-else
-   log_debug "Skipping creation of 'logadm' user because LOG_CREATE_LOGADM_USER not 'true' [$LOG_CREATE_LOGADM_USER]"
+    if user_exists logadm; then
+        log_warn "A user 'logadm' already exists; leaving that user as-is.  Review its definition in OpenSearch Dashboards and update it, or create another user, as needed."
+    else
+        log_debug "Creating the 'logadm' user"
+
+        LOG_LOGADM_PASSWD=${LOG_LOGADM_PASSWD:-$ES_ADMIN_PASSWD}
+        if [ -z "$LOG_LOGADM_PASSWD" ]; then
+            log_debug "Creating a random password for the 'logadm' user"
+            LOG_LOGADM_PASSWD="$(randomPassword)"
+            add_notice ""
+            add_notice "**The OpenSearch 'logadm' Account**"
+            add_notice "Generated 'logadm' password:  $LOG_LOGADM_PASSWD"
+        fi
+
+        #create the user
+        LOGGING_DRIVER=true ./logging/bin/user.sh CREATE -ns _all_ -t _all_ -u logadm -p $LOG_LOGADM_PASSWD
+    fi
+else
+    log_debug "Skipping creation of 'logadm' user because LOG_CREATE_LOGADM_USER not 'true' [$LOG_CREATE_LOGADM_USER]"
 fi
 
 #Initialize OSD Reporting Plugin indices
 INIT_OSD_RPT_IDX=${INIT_OSD_RPT_IDX:-true}
 if [ "$INIT_OSD_RPT_IDX" == "true" ]; then
-   log_debug "Initializing OpenSearch Dashboards Reporting plugin indices"
-   response=$(curl -s -o /dev/null -w "%{http_code}" -XGET "$es_api_url/_plugins/_reports/instances"   --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
-   log_debug "OSD_RPT_IDX (instances) Response [$response]"
-   response=$(curl -s -o /dev/null -w "%{http_code}" -XGET "$es_api_url/_plugins/_reports/definitions" --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
-   log_debug "OSD_RPT_IDX (definitions) Response [$response]"
-fi
-
+    log_debug "Initializing OpenSearch Dashboards Reporting plugin indices"
+    response=$(curl -s -o /dev/null -w "%{http_code}" -XGET "$es_api_url/_plugins/_reports/instances" --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
+    log_debug "OSD_RPT_IDX (instances) Response [$response]"
+    response=$(curl -s -o /dev/null -w "%{http_code}" -XGET "$es_api_url/_plugins/_reports/definitions" --user $ES_ADMIN_USER:$ES_ADMIN_PASSWD --insecure)
+    log_debug "OSD_RPT_IDX (definitions) Response [$response]"
+fi
 
 LOGGING_DRIVER=${LOGGING_DRIVER:-false}
 if [ "$LOGGING_DRIVER" != "true" ]; then
-   echo ""
-   display_notices
-   echo ""
-fi
-
+    echo ""
+    display_notices
+    echo ""
+fi
 
 log_info "Content has been loaded into OpenSearch"
 
diff logging/bin/deploy_openshift_prereqs.sh.orig logging/bin/deploy_openshift_prereqs.sh
--- logging/bin/deploy_openshift_prereqs.sh.orig
+++ logging/bin/deploy_openshift_prereqs.sh
@@ -6,7 +6,7 @@
 cd "$(dirname $BASH_SOURCE)/../.."
 source logging/bin/common.sh
 
-this_script=`basename "$0"`
+this_script=$(basename "$0")
 
 log_debug "Script [$this_script] has started [$(date)]"
 
@@ -14,26 +14,25 @@
 OPENSHIFT_PREREQS_ENABLE=${OPENSHIFT_PREREQS_ENABLE:-true}
 
 if [ "$OPENSHIFT_PREREQS_ENABLE" != "true" ]; then
-  log_info "Environment variable [OPENSHIFT_PREREQS_ENABLE] is not set to 'true'; exiting WITHOUT deploying OpenShift Prerequisites"
-  exit
-fi
-
+    log_info "Environment variable [OPENSHIFT_PREREQS_ENABLE] is not set to 'true'; exiting WITHOUT deploying OpenShift Prerequisites"
+    exit
+fi
 
 # link OpenSearch serviceAccounts to 'privileged' scc
 oc adm policy add-scc-to-user privileged -z v4m-os -n $LOG_NS
 
 # create the 'v4m-logging-v2' SCC, if it does not already exist
-if oc get scc v4m-logging-v2 2>/dev/null 1>&2; then
-   log_info "Skipping scc creation; using existing scc [v4m-logging-v2]"
-else
-   oc create -f logging/openshift/fb_v4m-logging-v2_scc.yaml
+if oc get scc v4m-logging-v2 2> /dev/null 1>&2; then
+    log_info "Skipping scc creation; using existing scc [v4m-logging-v2]"
+else
+    oc create -f logging/openshift/fb_v4m-logging-v2_scc.yaml
 fi
 
 # create the 'v4m-k8sevents' SCC, if it does not already exist
-if oc get scc v4m-k8sevents 2>/dev/null 1>&2; then
-   log_info "Skipping scc creation; using existing scc [v4m-k8sevents]"
-else
-   oc create -f logging/openshift/fb_v4m-k8sevents_scc.yaml
+if oc get scc v4m-k8sevents 2> /dev/null 1>&2; then
+    log_info "Skipping scc creation; using existing scc [v4m-k8sevents]"
+else
+    oc create -f logging/openshift/fb_v4m-k8sevents_scc.yaml
 fi
 
 log_info "OpenShift Prerequisites have been deployed."
diff logging/bin/deploy_osd.sh.orig logging/bin/deploy_osd.sh
--- logging/bin/deploy_osd.sh.orig
+++ logging/bin/deploy_osd.sh
@@ -10,7 +10,7 @@
 source bin/autogenerate-include.sh
 source logging/bin/apiaccess-include.sh
 
-this_script=`basename "$0"`
+this_script=$(basename "$0")
 
 log_debug "Script [$this_script] has started [$(date)]"
 
@@ -17,8 +17,8 @@
 OPENSEARCHDASH_ENABLE=${OPENSEARCHDASH_ENABLE:-true}
 
 if [ "$OPENSEARCHDASH_ENABLE" != "true" ]; then
-  log_verbose "Environment variable [OPENSEARCHDASH_ENABLE] is not set to 'true'; exiting WITHOUT deploying OpenSearch Dashboards"
-  exit 0
+    log_verbose "Environment variable [OPENSEARCHDASH_ENABLE] is not set to 'true'; exiting WITHOUT deploying OpenSearch Dashboards"
+    exit 0
 fi
 
 set -e
@@ -28,13 +28,12 @@
 #
 
 #Generate yaml file with all container-related keys
-generateImageKeysFile "$OSD_FULL_IMAGE"         "logging/opensearch/osd_container_image.template"
-
+generateImageKeysFile "$OSD_FULL_IMAGE" "logging/opensearch/osd_container_image.template"
 
 # Confirm namespace exists
-if [ "$(kubectl get ns $LOG_NS -o name 2>/dev/null)" == "" ]; then
-  log_error "Namespace [$LOG_NS] does NOT exist."
-  exit 1
+if [ "$(kubectl get ns $LOG_NS -o name 2> /dev/null)" == "" ]; then
+    log_error "Namespace [$LOG_NS] does NOT exist."
+    exit 1
 fi
 
 # get credentials
@@ -41,14 +40,14 @@
 export ES_KIBANASERVER_PASSWD=${ES_KIBANASERVER_PASSWD}
 
 # Create secrets containing internal user credentials
-create_user_secret internal-user-kibanaserver kibanaserver "$ES_KIBANASERVER_PASSWD"  managed-by=v4m-es-script
+create_user_secret internal-user-kibanaserver kibanaserver "$ES_KIBANASERVER_PASSWD" managed-by=v4m-es-script
 
 # Verify cert generator is available (if necessary)
 if verify_cert_generator $LOG_NS kibana; then
-  log_debug "cert generator check OK [$cert_generator_ok]"
-else
-  log_error "A required TLS cert does not exist and the expected certificate generator mechanism [$cert_generator] is not available to create the missing cert"
-  exit 1
+    log_debug "cert generator check OK [$cert_generator_ok]"
+else
+    log_error "A required TLS cert does not exist and the expected certificate generator mechanism [$cert_generator] is not available to create the missing cert"
+    exit 1
 fi
 
 # Create/Get necessary TLS certs
@@ -59,66 +58,66 @@
 
 if [ "$AUTOGENERATE_INGRESS" == "true" ] && [ "$OSD_INGRESS_ENABLE" == "true" ]; then
 
-   autogeneratedYAMLFile="$TMP_DIR/autogenerate-osd.yaml"
-
-   if [ ! -f "$autogeneratedYAMLFile" ]; then
-      log_debug "Creating file [$autogeneratedYAMLFile]"
-      touch "$autogeneratedYAMLFile"
-   else
-      log_debug "File [$autogeneratedYAMLFile] already exists"
-   fi
-
-   osdIngressCert="${OSD_INGRESS_CERT}"
-   osdIngressKey="${OSD_INGRESS_KEY}"
-   
-   create_ingress_certs "$LOG_NS" kibana-ingress-tls-secret "$osdIngressCert" "$osdIngressKey" 
-
-   ROUTING="${ROUTING:-host}"
-
-   ## tested with sample version: 0.2.1
-   ingressSampleFile="samples/ingress/${ROUTING}-based-ingress/logging/user-values-osd.yaml"
-
-   #intialized the yaml file w/appropriate ingress sample
-   yq -i eval-all '. as $item ireduce ({}; . * $item )' "$autogeneratedYAMLFile" "$ingressSampleFile"
-
-   ###OSD_INGRESS_ENABLE="${OSD_INGRESS_ENABLE:-true}"
-   OSD_FQDN="${OSD_FQDN}"
-   OSD_PATH="${OSD_PATH:-dashboards}"
-   if [ -z "$OSD_FQDN" ]; then
-      if [ "$ROUTING" == "host" ]; then
-         OSD_FQDN="$OSD_PATH.$BASE_DOMAIN"
-      else
-         OSD_FQDN="$BASE_DOMAIN"
-      fi
-   fi
-
-   log_debug "OSD_INGRESS_ENABLE [$OSD_INGRESS_ENABLE] OSD_FQDN [$OSD_FQDN] OSD_PATH [$OSD_PATH]"
-
-   export OSD_INGRESS_ENABLE OSD_FQDN OSD_PATH
-   
-   yq -i '.ingress.enabled=env(OSD_INGRESS_ENABLE)'            $autogeneratedYAMLFile
-   if [ "$ROUTING" == "host" ]; then
-      yq -i '.ingress.hosts.[0].host=strenv(OSD_FQDN)'         $autogeneratedYAMLFile
-      yq -i '.ingress.tls.[0].hosts.[0]=env(OSD_FQDN)'         $autogeneratedYAMLFile
-   else
-
-      export slashpath="/$OSD_PATH"
-
-      yq -i '(.extraEnvs.[] | select(has("name")) | select(.name == "SERVER_BASEPATH")).value=env(slashpath)' $autogeneratedYAMLFile
-
-      yq -i '.ingress.hosts.[0].host=env(OSD_FQDN)'            $autogeneratedYAMLFile
-      yq -i '.ingress.hosts.[0].paths.[0].path=env(slashpath)' $autogeneratedYAMLFile
-      yq -i '.ingress.tls.[0].hosts.[0]=env(OSD_FQDN)'         $autogeneratedYAMLFile
-      yq -i '.ingress.annotations["nginx.ingress.kubernetes.io/rewrite-target"]=env(slashpath)'               $autogeneratedYAMLFile
-
-      # Need to use printf to preserve newlines
-      printf -v snippet "rewrite (?i)/$OSD_PATH/(.*) /\$1 break;\nrewrite (?i)/${OSD_PATH}$ / break;"  ;
-      snippet="$snippet"    yq -i '.ingress.annotations["nginx.ingress.kubernetes.io/configuration-snippet"]=strenv(snippet)'  $autogeneratedYAMLFile
-
-      unset slashpath
-   fi
-else
-   log_debug "Autogeneration of ingresss NOT enabled"
+    autogeneratedYAMLFile="$TMP_DIR/autogenerate-osd.yaml"
+
+    if [ ! -f "$autogeneratedYAMLFile" ]; then
+        log_debug "Creating file [$autogeneratedYAMLFile]"
+        touch "$autogeneratedYAMLFile"
+    else
+        log_debug "File [$autogeneratedYAMLFile] already exists"
+    fi
+
+    osdIngressCert="${OSD_INGRESS_CERT}"
+    osdIngressKey="${OSD_INGRESS_KEY}"
+
+    create_ingress_certs "$LOG_NS" kibana-ingress-tls-secret "$osdIngressCert" "$osdIngressKey"
+
+    ROUTING="${ROUTING:-host}"
+
+    ## tested with sample version: 0.2.1
+    ingressSampleFile="samples/ingress/${ROUTING}-based-ingress/logging/user-values-osd.yaml"
+
+    #intialized the yaml file w/appropriate ingress sample
+    yq -i eval-all '. as $item ireduce ({}; . * $item )' "$autogeneratedYAMLFile" "$ingressSampleFile"
+
+    ###OSD_INGRESS_ENABLE="${OSD_INGRESS_ENABLE:-true}"
+    OSD_FQDN="${OSD_FQDN}"
+    OSD_PATH="${OSD_PATH:-dashboards}"
+    if [ -z "$OSD_FQDN" ]; then
+        if [ "$ROUTING" == "host" ]; then
+            OSD_FQDN="$OSD_PATH.$BASE_DOMAIN"
+        else
+            OSD_FQDN="$BASE_DOMAIN"
+        fi
+    fi
+
+    log_debug "OSD_INGRESS_ENABLE [$OSD_INGRESS_ENABLE] OSD_FQDN [$OSD_FQDN] OSD_PATH [$OSD_PATH]"
+
+    export OSD_INGRESS_ENABLE OSD_FQDN OSD_PATH
+
+    yq -i '.ingress.enabled=env(OSD_INGRESS_ENABLE)' $autogeneratedYAMLFile
+    if [ "$ROUTING" == "host" ]; then
+        yq -i '.ingress.hosts.[0].host=strenv(OSD_FQDN)' $autogeneratedYAMLFile
+        yq -i '.ingress.tls.[0].hosts.[0]=env(OSD_FQDN)' $autogeneratedYAMLFile
+    else
+
+        export slashpath="/$OSD_PATH"
+
+        yq -i '(.extraEnvs.[] | select(has("name")) | select(.name == "SERVER_BASEPATH")).value=env(slashpath)' $autogeneratedYAMLFile
+
+        yq -i '.ingress.hosts.[0].host=env(OSD_FQDN)' $autogeneratedYAMLFile
+        yq -i '.ingress.hosts.[0].paths.[0].path=env(slashpath)' $autogeneratedYAMLFile
+        yq -i '.ingress.tls.[0].hosts.[0]=env(OSD_FQDN)' $autogeneratedYAMLFile
+        yq -i '.ingress.annotations["nginx.ingress.kubernetes.io/rewrite-target"]=env(slashpath)' $autogeneratedYAMLFile
+
+        # Need to use printf to preserve newlines
+        printf -v snippet "rewrite (?i)/$OSD_PATH/(.*) /\$1 break;\nrewrite (?i)/${OSD_PATH}$ / break;"
+        snippet="$snippet" yq -i '.ingress.annotations["nginx.ingress.kubernetes.io/configuration-snippet"]=strenv(snippet)' $autogeneratedYAMLFile
+
+        unset slashpath
+    fi
+else
+    log_debug "Autogeneration of ingresss NOT enabled"
 fi
 
 # enable debug on Helm via env var
@@ -125,48 +124,47 @@
 export HELM_DEBUG="${HELM_DEBUG:-false}"
 
 if [ "$HELM_DEBUG" == "true" ]; then
-  helmDebug="--debug"
-fi
-
-helmRepoAdd opensearch  https://opensearch-project.github.io/helm-charts
+    helmDebug="--debug"
+fi
+
+helmRepoAdd opensearch https://opensearch-project.github.io/helm-charts
 
 KB_KNOWN_NODEPORT_ENABLE=${KB_KNOWN_NODEPORT_ENABLE:-false}
 
 if [ "$KB_KNOWN_NODEPORT_ENABLE" == "true" ]; then
-   KIBANA_PORT=31033
-   log_verbose "Setting OpenSearch Dashboards service NodePort to $KIBANA_PORT"
-   nodeport_yaml=logging/opensearch/osd_helm_values_nodeport.yaml
-else
-   nodeport_yaml=$TMP_DIR/empty.yaml
-   log_debug "OpenSearch Dashboards service NodePort NOT changed to 'known' port because KB_KNOWN_NODEPORT_ENABLE set to [$KB_KNOWN_NODEPORT_ENABLE]."
-fi
-
+    KIBANA_PORT=31033
+    log_verbose "Setting OpenSearch Dashboards service NodePort to $KIBANA_PORT"
+    nodeport_yaml=logging/opensearch/osd_helm_values_nodeport.yaml
+else
+    nodeport_yaml=$TMP_DIR/empty.yaml
+    log_debug "OpenSearch Dashboards service NodePort NOT changed to 'known' port because KB_KNOWN_NODEPORT_ENABLE set to [$KB_KNOWN_NODEPORT_ENABLE]."
+fi
 
 # OpenSearch Dashboards user customizations
 OSD_USER_YAML="${OSD_USER_YAML:-$USER_DIR/logging/user-values-osd.yaml}"
 if [ ! -f "$OSD_USER_YAML" ]; then
-  log_debug "[$OSD_USER_YAML] not found. Using $TMP_DIR/empty.yaml"
-  OSD_USER_YAML=$TMP_DIR/empty.yaml
+    log_debug "[$OSD_USER_YAML] not found. Using $TMP_DIR/empty.yaml"
+    OSD_USER_YAML=$TMP_DIR/empty.yaml
 fi
 
 # Require TLS into OpenSearch Dashboards (nee Kibana)?
 OSD_TLS_ENABLE=${OSD_TLS_ENABLE:-$TLS_ENABLE}
 if [ -z "$OSD_TLS_ENABLE" ]; then
-   #set to 'true' if still not set
-   OSD_TLS_ENABLE="true"
+    #set to 'true' if still not set
+    OSD_TLS_ENABLE="true"
 fi
 
 #(Re)Create secret containing OSD TLS Setting
-kubectl -n $LOG_NS delete secret          v4m-osd-tls-enabled  --ignore-not-found
-kubectl -n $LOG_NS create secret generic  v4m-osd-tls-enabled  --from-literal enable_tls="$OSD_TLS_ENABLE"
+kubectl -n $LOG_NS delete secret v4m-osd-tls-enabled --ignore-not-found
+kubectl -n $LOG_NS create secret generic v4m-osd-tls-enabled --from-literal enable_tls="$OSD_TLS_ENABLE"
 
 # OpenSearch Dashboards
 log_info "Deploying OpenSearch Dashboards"
 
 # Remove pre-OSD 2.19.0 version due to label changes
-if [ "$(kubectl -n $LOG_NS get deployment v4m-osd -o jsonpath={.spec.template.metadata.labels} 2>/dev/null)" == '{"app":"opensearch-dashboards","release":"v4m-osd"}' ]; then
-   log_debug "An earlier version of OpenSearch Dashboards (>2.19) was found running and will be removed"
-   kubectl -n $LOG_NS delete deployment v4m-osd
+if [ "$(kubectl -n $LOG_NS get deployment v4m-osd -o jsonpath={.spec.template.metadata.labels} 2> /dev/null)" == '{"app":"opensearch-dashboards","release":"v4m-osd"}' ]; then
+    log_debug "An earlier version of OpenSearch Dashboards (>2.19) was found running and will be removed"
+    kubectl -n $LOG_NS delete deployment v4m-osd
 fi
 
 # Enable workload node placement?
@@ -174,11 +172,11 @@
 
 # Optional workload node placement support
 if [ "$LOG_NODE_PLACEMENT_ENABLE" == "true" ]; then
-  log_verbose "Enabling OpenSearch Dashboards for workload node placement"
-  wnpValuesFile="logging/node-placement/values-osd-wnp.yaml"
-else
-  log_debug "Workload node placement support is disabled for OpenSearch Dashboards"
-  wnpValuesFile="$TMP_DIR/empty.yaml"
+    log_verbose "Enabling OpenSearch Dashboards for workload node placement"
+    wnpValuesFile="logging/node-placement/values-osd-wnp.yaml"
+else
+    log_debug "Workload node placement support is disabled for OpenSearch Dashboards"
+    wnpValuesFile="$TMP_DIR/empty.yaml"
 fi
 
 OSD_PATH_INGRESS_YAML=$TMP_DIR/empty.yaml
@@ -186,7 +184,6 @@
     OSD_PATH_INGRESS_YAML=logging/openshift/values-osd-path-route-openshift.yaml
 fi
 
-
 OPENSHIFT_SPECIFIC_YAML=$TMP_DIR/empty.yaml
 if [ "$OPENSHIFT_CLUSTER" == "true" ]; then
     OPENSHIFT_SPECIFIC_YAML=logging/openshift/values-osd-openshift.yaml
@@ -194,15 +191,14 @@
 
 # YAML file container auto-generated ingress definitions (or not)
 if [ ! -f "$autogeneratedYAMLFile" ]; then
-  log_debug "[$autogeneratedYAMLFile] not found. Using $TMP_DIR/empty.yaml"
-  autogeneratedYAMLFile="$TMP_DIR/empty.yaml"
-fi
-
+    log_debug "[$autogeneratedYAMLFile] not found. Using $TMP_DIR/empty.yaml"
+    autogeneratedYAMLFile="$TMP_DIR/empty.yaml"
+fi
 
 # Get Helm Chart Name
 log_debug "OpenSearch Dashboards Helm Chart: repo [$OSD_HELM_CHART_REPO] name [$OSD_HELM_CHART_NAME] version [$OSD_HELM_CHART_VERSION]"
 chart2install="$(get_helmchart_reference $OSD_HELM_CHART_REPO $OSD_HELM_CHART_NAME $OSD_HELM_CHART_VERSION)"
-versionstring="$(get_helm_versionstring  $OSD_HELM_CHART_VERSION)"
+versionstring="$(get_helm_versionstring $OSD_HELM_CHART_VERSION)"
 
 log_debug "Installing Helm chart from artifact [$chart2install]"
 
@@ -219,16 +215,15 @@
     --values "$OPENSHIFT_SPECIFIC_YAML" \
     --values "$OSD_PATH_INGRESS_YAML" \
     --set fullnameOverride=v4m-osd \
-   $chart2install
+    $chart2install
 
 log_info "OpenSearch Dashboards has been deployed"
 
-
 #Container Security: Disable serviceAccount Token Automounting
 if [ "$OPENSHIFT_CLUSTER" == "true" ]; then
-   disable_sa_token_automount $LOG_NS v4m-os
-else
-   disable_sa_token_automount $LOG_NS v4m-osd-dashboards
+    disable_sa_token_automount $LOG_NS v4m-os
+else
+    disable_sa_token_automount $LOG_NS v4m-osd-dashboards
 fi
 
 log_debug "Script [$this_script] has completed [$(date)]"
diff logging/bin/deploy_osd_content.sh.orig logging/bin/deploy_osd_content.sh
--- logging/bin/deploy_osd_content.sh.orig
+++ logging/bin/deploy_osd_content.sh
@@ -26,7 +26,7 @@
 tmpfile=$TMP_DIR/output.txt
 
 # Confirm namespace exists
-if [ -z "$(kubectl get ns "$LOG_NS" -o name 2>/dev/null)" ]; then
+if [ -z "$(kubectl get ns "$LOG_NS" -o name 2> /dev/null)" ]; then
     log_error "Namespace [$LOG_NS] does NOT exist."
     exit 1
 fi
@@ -34,9 +34,9 @@
 # get credentials
 get_credentials_from_secret admin
 rc=$?
-if [ "$rc" != "0" ] ;then
+if [ "$rc" != "0" ]; then
     log_debug "RC=$rc"
-    exit $rc;
+    exit $rc
 fi
 
 set -e
@@ -43,7 +43,6 @@
 
 log_info "Configuring OpenSearch Dashboards...this may take a few minutes"
 
-
 # wait for pod to show as "running" and "ready"
 log_info "Waiting for OpenSearch Dashboards pods to be ready ($(date) - timeout 10m)"
 osdlabels="$(kubectl -n "$LOG_NS" get deployment v4m-osd -o=jsonpath='{.spec.selector.matchLabels}' | tr -d '{}"' | tr : '=')"
@@ -57,9 +56,9 @@
 # Confirm OSD is ready
 log_info "Waiting (up to more 8 minutes) for OpenSearch Dashboards API endpoint to be ready"
 for pause in 30 30 60 30 30 30 30 30 30 60 60 60; do
-    
+
     get_kb_api_url
-    response=$(curl -s -o /dev/null -w  "%{http_code}" -XGET  "${kb_api_url}/api/status"  --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD"  --insecure)
+    response=$(curl -s -o /dev/null -w "%{http_code}" -XGET "${kb_api_url}/api/status" --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)
 
     # returns 503 (and outputs "Kibana server is not ready yet") when Kibana isn't ready yet
     # TO DO: check for 503 specifically?
@@ -83,7 +82,7 @@
     exit 1
 fi
 
-set +e  # disable exit on error
+set +e # disable exit on error
 
 # get Security API URL
 get_sec_api_url
@@ -104,10 +103,10 @@
 
 # Import OSD Searches, Visualizations and Dashboard Objects using curl
 # shfmt: ignoring suggested reformat to maintain readability
-./logging/bin/import_osd_content.sh logging/osd/common          cluster_admins
-./logging/bin/import_osd_content.sh logging/osd/cluster_admins  cluster_admins
-./logging/bin/import_osd_content.sh logging/osd/namespace       cluster_admins
-./logging/bin/import_osd_content.sh logging/osd/tenant          cluster_admins
+./logging/bin/import_osd_content.sh logging/osd/common cluster_admins
+./logging/bin/import_osd_content.sh logging/osd/cluster_admins cluster_admins
+./logging/bin/import_osd_content.sh logging/osd/namespace cluster_admins
+./logging/bin/import_osd_content.sh logging/osd/tenant cluster_admins
 
 log_info "Configuring OpenSearch Dashboards has been completed"
 
----------

You can reformat the above files to meet shfmt's requirements by typing:

  shfmt -s -i 4 -bn -sr -ln bash -w filename

'shellcheck -e SC1004' returned error 1 finding the following syntactical issues:

----------

In logging/bin/deploy_osd_content.sh line 26:
tmpfile=$TMP_DIR/output.txt
^-----^ SC2034 (warning): tmpfile appears unused. Verify use (or export if used externally).

For more information:
  https://www.shellcheck.net/wiki/SC2034 -- tmpfile appears unused. Verify us...
----------

You can address the above issues in one of three ways:
1. Manually correct the issue in the offending shell script;
2. Disable specific issues by adding the comment:
  # shellcheck disable=NNNN
above the line that contains the issue, where NNNN is the error code;
3. Add '-e NNNN' to the SHELLCHECK_OPTS setting in your .yml action file.

'shfmt -s -i 4 -bn -sr -ln bash' returned error 1 finding the following formatting issues:

----------
diff logging/bin/common.sh.orig logging/bin/common.sh
--- logging/bin/common.sh.orig
+++ logging/bin/common.sh
@@ -14,13 +14,13 @@
 
         log_verbose "Loading user environment file: $USER_DIR/logging/user.env"
         if [ "$userEnv" ]; then
-         # shellcheck disable=SC2086,SC2163
-          export $userEnv
+            # shellcheck disable=SC2086,SC2163
+            export $userEnv
         fi
     fi
 
     #Check for obsolete env var
-    if [  -n "$LOG_SEARCH_BACKEND" ]; then
+    if [ -n "$LOG_SEARCH_BACKEND" ]; then
         log_error "Support for the LOG_SEARCH_BACKEND environment variable has been removed."
         log_error "This script is only appropriate for use with OpenSearch as the search back-end."
         log_error "The LOG_SEARCH_BACKEND environment variable is currently set to [$LOG_SEARCH_BACKEND]"
@@ -51,7 +51,7 @@
     export V4M_NS=$LOG_NS
 
     if [ "$AIRGAP_DEPLOYMENT" == "true" ]; then
-       source bin/airgap-include.sh
+        source bin/airgap-include.sh
     fi
 
     source bin/version-include.sh
@@ -60,4 +60,3 @@
 
 fi
 echo ""
-
diff logging/bin/deploy_logging.sh.orig logging/bin/deploy_logging.sh
--- logging/bin/deploy_logging.sh.orig
+++ logging/bin/deploy_logging.sh
@@ -16,7 +16,6 @@
     fi
 fi
 
-
 # set flag indicating wrapper/driver script being run
 export LOGGING_DRIVER=true
 
@@ -27,9 +26,9 @@
 checkDefaultStorageClass
 
 # Create namespace if it doesn't exist
-if [ -z "$(kubectl get ns "$LOG_NS" -o name 2>/dev/null)" ]; then
+if [ -z "$(kubectl get ns "$LOG_NS" -o name 2> /dev/null)" ]; then
     kubectl create ns "$LOG_NS"
-    
+
     #Container Security: Disable serviceAccount Token Automounting
     disable_sa_token_automount "$LOG_NS" default
 fi
@@ -88,7 +87,6 @@
 bin/show_app_url.sh OSD OS
 set -e
 
-
 ##################################
 # Version Info                   #
 ##################################
@@ -103,7 +101,6 @@
     log_warn "Unable to update SAS Viya Monitoring Helm chart release"
 fi
 
-
 # Write any "notices" to console
 log_message ""
 display_notices
@@ -111,4 +108,3 @@
 log_message ""
 log_notice "The deployment of logging components has completed [$(date)]"
 echo ""
-
diff logging/bin/deploy_osd_content.sh.orig logging/bin/deploy_osd_content.sh
--- logging/bin/deploy_osd_content.sh.orig
+++ logging/bin/deploy_osd_content.sh
@@ -26,7 +26,7 @@
 tmpfile=$TMP_DIR/output.txt
 
 # Confirm namespace exists
-if [ -z "$(kubectl get ns "$LOG_NS" -o name 2>/dev/null)" ]; then
+if [ -z "$(kubectl get ns "$LOG_NS" -o name 2> /dev/null)" ]; then
     log_error "Namespace [$LOG_NS] does NOT exist."
     exit 1
 fi
@@ -34,9 +34,9 @@
 # get credentials
 get_credentials_from_secret admin
 rc=$?
-if [ "$rc" != "0" ] ;then
+if [ "$rc" != "0" ]; then
     log_debug "RC=$rc"
-    exit $rc;
+    exit $rc
 fi
 
 set -e
@@ -43,7 +43,6 @@
 
 log_info "Configuring OpenSearch Dashboards...this may take a few minutes"
 
-
 # wait for pod to show as "running" and "ready"
 log_info "Waiting for OpenSearch Dashboards pods to be ready ($(date) - timeout 10m)"
 osdlabels="$(kubectl -n "$LOG_NS" get deployment v4m-osd -o=jsonpath='{.spec.selector.matchLabels}' | tr -d '{}"' | tr : '=')"
@@ -57,9 +56,9 @@
 # Confirm OSD is ready
 log_info "Waiting (up to more 8 minutes) for OpenSearch Dashboards API endpoint to be ready"
 for pause in 30 30 60 30 30 30 30 30 30 60 60 60; do
-    
+
     get_kb_api_url
-    response=$(curl -s -o /dev/null -w  "%{http_code}" -XGET  "${kb_api_url}/api/status"  --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD"  --insecure)
+    response=$(curl -s -o /dev/null -w "%{http_code}" -XGET "${kb_api_url}/api/status" --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)
 
     # returns 503 (and outputs "Kibana server is not ready yet") when Kibana isn't ready yet
     # TO DO: check for 503 specifically?
@@ -83,7 +82,7 @@
     exit 1
 fi
 
-set +e  # disable exit on error
+set +e # disable exit on error
 
 # get Security API URL
 get_sec_api_url
@@ -104,10 +103,10 @@
 
 # Import OSD Searches, Visualizations and Dashboard Objects using curl
 # shfmt: ignoring suggested reformat to maintain readability
-./logging/bin/import_osd_content.sh logging/osd/common          cluster_admins
-./logging/bin/import_osd_content.sh logging/osd/cluster_admins  cluster_admins
-./logging/bin/import_osd_content.sh logging/osd/namespace       cluster_admins
-./logging/bin/import_osd_content.sh logging/osd/tenant          cluster_admins
+./logging/bin/import_osd_content.sh logging/osd/common cluster_admins
+./logging/bin/import_osd_content.sh logging/osd/cluster_admins cluster_admins
+./logging/bin/import_osd_content.sh logging/osd/namespace cluster_admins
+./logging/bin/import_osd_content.sh logging/osd/tenant cluster_admins
 
 log_info "Configuring OpenSearch Dashboards has been completed"
 
----------

You can reformat the above files to meet shfmt's requirements by typing:

  shfmt -s -i 4 -bn -sr -ln bash -w filename

'shellcheck -e SC1004' found no issues.

'shfmt -s -i 4 -bn -sr -ln bash' returned error 1 finding the following formatting issues:

----------
diff logging/bin/deploy_logging.sh.orig logging/bin/deploy_logging.sh
--- logging/bin/deploy_logging.sh.orig
+++ logging/bin/deploy_logging.sh
@@ -28,7 +28,7 @@
 # Create namespace if it doesn't exist
 if [ -z "$(kubectl get ns "$LOG_NS" -o name 2> /dev/null)" ]; then
     kubectl create ns "$LOG_NS"
-   
+
     #Container Security: Disable serviceAccount Token Automounting
     disable_sa_token_automount "$LOG_NS" default
 fi
diff logging/bin/deploy_osd_content.sh.orig logging/bin/deploy_osd_content.sh
--- logging/bin/deploy_osd_content.sh.orig
+++ logging/bin/deploy_osd_content.sh
@@ -55,7 +55,7 @@
 for pause in 30 30 60 30 30 30 30 30 30 60 60 60; do
 
     get_kb_api_url
-    response=$(curl -s -o /dev/null -w "%{http_code}" -XGET  "${kb_api_url}/api/status"  --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD"  --insecure)
+    response=$(curl -s -o /dev/null -w "%{http_code}" -XGET "${kb_api_url}/api/status" --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)
 
     # returns 503 (and outputs "Kibana server is not ready yet") when Kibana isn't ready yet
     # TO DO: check for 503 specifically?
@@ -100,10 +100,10 @@
 
 # Import OSD Searches, Visualizations and Dashboard Objects using curl
 # shfmt: ignoring suggested reformat to maintain readability
-./logging/bin/import_osd_content.sh logging/osd/common          cluster_admins
-./logging/bin/import_osd_content.sh logging/osd/cluster_admins  cluster_admins
-./logging/bin/import_osd_content.sh logging/osd/namespace       cluster_admins
-./logging/bin/import_osd_content.sh logging/osd/tenant          cluster_admins
+./logging/bin/import_osd_content.sh logging/osd/common cluster_admins
+./logging/bin/import_osd_content.sh logging/osd/cluster_admins cluster_admins
+./logging/bin/import_osd_content.sh logging/osd/namespace cluster_admins
+./logging/bin/import_osd_content.sh logging/osd/tenant cluster_admins
 
 log_info "Configuring OpenSearch Dashboards has been completed"
 
----------

You can reformat the above files to meet shfmt's requirements by typing:

  shfmt -s -i 4 -bn -sr -ln bash -w filename

'shellcheck -e SC1004' found no issues.

'shfmt -s -i 4 -bn -sr -ln bash' returned error 1 finding the following formatting issues:

----------
diff logging/bin/deploy_logging.sh.orig logging/bin/deploy_logging.sh
--- logging/bin/deploy_logging.sh.orig
+++ logging/bin/deploy_logging.sh
@@ -28,7 +28,7 @@
 # Create namespace if it doesn't exist
 if [ -z "$(kubectl get ns "$LOG_NS" -o name 2> /dev/null)" ]; then
     kubectl create ns "$LOG_NS"
-  
+
     #Container Security: Disable serviceAccount Token Automounting
     disable_sa_token_automount "$LOG_NS" default
 fi
diff logging/bin/deploy_osd_content.sh.orig logging/bin/deploy_osd_content.sh
--- logging/bin/deploy_osd_content.sh.orig
+++ logging/bin/deploy_osd_content.sh
@@ -100,10 +100,10 @@
 
 # Import OSD Searches, Visualizations and Dashboard Objects using curl
 # shfmt: ignoring suggested reformat to maintain readability
-./logging/bin/import_osd_content.sh logging/osd/common          cluster_admins
-./logging/bin/import_osd_content.sh logging/osd/cluster_admins  cluster_admins
-./logging/bin/import_osd_content.sh logging/osd/namespace       cluster_admins
-./logging/bin/import_osd_content.sh logging/osd/tenant          cluster_admins
+./logging/bin/import_osd_content.sh logging/osd/common cluster_admins
+./logging/bin/import_osd_content.sh logging/osd/cluster_admins cluster_admins
+./logging/bin/import_osd_content.sh logging/osd/namespace cluster_admins
+./logging/bin/import_osd_content.sh logging/osd/tenant cluster_admins
 
 log_info "Configuring OpenSearch Dashboards has been completed"
 
----------

You can reformat the above files to meet shfmt's requirements by typing:

  shfmt -s -i 4 -bn -sr -ln bash -w filename

'shellcheck -e SC1004' found no issues.

'shfmt -s -i 4 -bn -sr -ln bash' returned error 1 finding the following formatting issues:

----------
diff logging/bin/change_internal_password.sh.orig logging/bin/change_internal_password.sh
--- logging/bin/change_internal_password.sh.orig
+++ logging/bin/change_internal_password.sh
@@ -12,18 +12,18 @@
 this_script=$(basename "$0")
 
 function show_usage {
-    log_info  ""
-    log_info  "Usage: $this_script USERNAME [PASSWORD] "
-    log_info  ""
-    log_info  "Changes the password for one of the special internal user accounts used by other components of the monitoring system to communicate "
-    log_info  "with OpenSearch.  In addition, the script upates the internal cache (i.e. corresponding Kubernetes secret) with the new value."
-    log_info  ""
-    log_info  "     USERNAME - REQUIRED; the internal username for which the password is be changed; "
-    log_info  "                MUST be one of: admin, kibanaserver, logadm, logcollector or metricgetter"
-    log_info  ""
-    log_info  "     PASSWORD - OPTIONAL; the new password.  If not provided, a random 32-character password will be generated."
-    log_info  "                Note: PASSWORD is REQUIRED when USERNAME is 'logadm'."
-    log_info  ""
+    log_info ""
+    log_info "Usage: $this_script USERNAME [PASSWORD] "
+    log_info ""
+    log_info "Changes the password for one of the special internal user accounts used by other components of the monitoring system to communicate "
+    log_info "with OpenSearch.  In addition, the script upates the internal cache (i.e. corresponding Kubernetes secret) with the new value."
+    log_info ""
+    log_info "     USERNAME - REQUIRED; the internal username for which the password is be changed; "
+    log_info "                MUST be one of: admin, kibanaserver, logadm, logcollector or metricgetter"
+    log_info ""
+    log_info "     PASSWORD - OPTIONAL; the new password.  If not provided, a random 32-character password will be generated."
+    log_info "                Note: PASSWORD is REQUIRED when USERNAME is 'logadm'."
+    log_info ""
     echo ""
 }
 
@@ -41,8 +41,8 @@
     exit 1
 else
     case "$USER_NAME" in
-    admin);;
-    logcollector);;
+    admin) ;;
+    logcollector) ;;
     logadm)
         if [ -z "$NEW_PASSWD" ]; then
             log_error "No password provided.  A new password is REQUIRED when using this script to change the [logadm] account password"
@@ -49,9 +49,9 @@
             exit 1
         fi
         ;;
-    kibanaserver);;
-    metricgetter);;
-    --help|-h)
+    kibanaserver) ;;
+    metricgetter) ;;
+    --help | -h)
         show_usage
         exit
         ;;
@@ -63,7 +63,6 @@
     esac
 fi
 
-
 if [ "$NEW_PASSWD" == "" ]; then
     # generate password if one not provided
     NEW_PASSWD="$(randomPassword)"
@@ -74,16 +73,16 @@
     #get current credentials from Kubernetes secret
     if [ -z "$(kubectl -n "$LOG_NS" get secret internal-user-"$USER_NAME" -o=name 2> /dev/null)" ]; then
         log_warn "The Kubernetes secret [internal-user-$USER_NAME], containing credentials for the user, was not found."
-        # TO DO: How to handle case where secret does not exist?  Should never happen. 
+        # TO DO: How to handle case where secret does not exist?  Should never happen.
         # exit
         ES_USER=$USER_NAME
     else
-        ES_USER=$(kubectl -n "$LOG_NS" get secret internal-user-"$USER_NAME" -o=jsonpath="{.data.\username}" |base64 --decode)
-        ES_PASSWD=$(kubectl -n "$LOG_NS" get secret internal-user-"$USER_NAME" -o=jsonpath="{.data.password}" |base64 --decode)
-    fi
-else
-  ES_USER=$USER_NAME
-  ES_PASSWD="do_not_know_current_password"
+        ES_USER=$(kubectl -n "$LOG_NS" get secret internal-user-"$USER_NAME" -o=jsonpath="{.data.\username}" | base64 --decode)
+        ES_PASSWD=$(kubectl -n "$LOG_NS" get secret internal-user-"$USER_NAME" -o=jsonpath="{.data.password}" | base64 --decode)
+    fi
+else
+    ES_USER=$USER_NAME
+    ES_PASSWD="do_not_know_current_password"
 fi
 
 get_sec_api_url
@@ -98,20 +97,20 @@
     if [ "$USER_NAME" != "admin" ]; then
         log_debug "Will attempt to use admin credentials to change password for [$USER_NAME]"
 
-        ES_ADMIN_USER=$(kubectl -n "$LOG_NS" get secret internal-user-admin -o=jsonpath="{.data.username}" |base64 --decode)
-        ES_ADMIN_PASSWD=$(kubectl -n "$LOG_NS" get secret internal-user-admin -o=jsonpath="{.data.password}" |base64 --decode)
-
-        # make sure hash utility is executable
-        kubectl -n "$LOG_NS" exec $targetpod -c $targetcontainer --  chmod +x $toolsrootdir/tools/hash.sh
-        # get hash of new password
-        # shellcheck disable=2063
-        hashed_passwd=$(kubectl -n "$LOG_NS" exec $targetpod  -c $targetcontainer --  $toolsrootdir/tools/hash.sh -p "$NEW_PASSWD" | grep -v '*')
+        ES_ADMIN_USER=$(kubectl -n "$LOG_NS" get secret internal-user-admin -o=jsonpath="{.data.username}" | base64 --decode)
+        ES_ADMIN_PASSWD=$(kubectl -n "$LOG_NS" get secret internal-user-admin -o=jsonpath="{.data.password}" | base64 --decode)
+
+        # make sure hash utility is executable
+        kubectl -n "$LOG_NS" exec $targetpod -c $targetcontainer -- chmod +x $toolsrootdir/tools/hash.sh
+        # get hash of new password
+        # shellcheck disable=2063
+        hashed_passwd=$(kubectl -n "$LOG_NS" exec $targetpod -c $targetcontainer -- $toolsrootdir/tools/hash.sh -p "$NEW_PASSWD" | grep -v '*')
         rc=$?
         if [ "$rc" == "0" ]; then
 
             #try changing password using admin password
-            response=$(curl -s -o /dev/null -w "%{http_code}"  -XPATCH "$sec_api_url/internalusers/$ES_USER"   -H 'Content-Type: application/json' -d'[{"op" : "replace", "path" : "/hash", "value" : "'"$hashed_passwd"'"}]'  --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)
-            if [[ "$response" == "404" ]]; then
+            response=$(curl -s -o /dev/null -w "%{http_code}" -XPATCH "$sec_api_url/internalusers/$ES_USER" -H 'Content-Type: application/json' -d'[{"op" : "replace", "path" : "/hash", "value" : "'"$hashed_passwd"'"}]' --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)
+            if [[ $response == "404" ]]; then
                 log_error "Unable to change password for [$USER_NAME] because that user does not exist. [$response]"
                 success="non-existent_user"
             elif [[ $response == 4* ]]; then
@@ -138,16 +137,16 @@
                 success="false"
             fi
         else
-            log_error "Unable to obtain a hash of the new password; password not changed. [rc: $rc]";
+            log_error "Unable to obtain a hash of the new password; password not changed. [rc: $rc]"
         fi
     else
         log_debug "Attempting to change password for user [admin] using the admin certs rather than cached password"
 
         # make sure hash utility is executable
-        kubectl -n "$LOG_NS" exec $targetpod  -c $targetcontainer --  chmod +x $toolsrootdir/tools/hash.sh
-        # get hash of new password
-        # shellcheck disable=2063
-        hashed_passwd=$(kubectl -n "$LOG_NS" exec $targetpod  -c $targetcontainer --  $toolsrootdir/tools/hash.sh -p "$NEW_PASSWD" | grep -v '*')
+        kubectl -n "$LOG_NS" exec $targetpod -c $targetcontainer -- chmod +x $toolsrootdir/tools/hash.sh
+        # get hash of new password
+        # shellcheck disable=2063
+        hashed_passwd=$(kubectl -n "$LOG_NS" exec $targetpod -c $targetcontainer -- $toolsrootdir/tools/hash.sh -p "$NEW_PASSWD" | grep -v '*')
 
         #obtain admin cert
         rm -f "$TMP_DIR"/tls.crt
@@ -157,7 +156,7 @@
             success="false"
         else
             log_debug "File tls.crt obtained from Kubernetes secret"
-            echo "$admin_tls_cert" |base64 --decode > "$TMP_DIR"/admin_tls.crt
+            echo "$admin_tls_cert" | base64 --decode > "$TMP_DIR"/admin_tls.crt
 
             #obtain admin TLS key
             rm -f "$TMP_DIR"/tls.key
@@ -167,10 +166,10 @@
                 success="false"
             else
                 log_debug "File tls.key obtained from Kubernetes secret"
-                echo "$admin_tls_key" |base64 --decode > "$TMP_DIR"/admin_tls.key
+                echo "$admin_tls_key" | base64 --decode > "$TMP_DIR"/admin_tls.key
 
                 # Attempt to change password using admin certs
-                response=$(curl -s -o /dev/null -w "%{http_code}" -XPATCH "$sec_api_url/internalusers/$ES_USER"   -H 'Content-Type: application/json' -d'[{"op" : "replace", "path" : "/hash", "value" : "'"$hashed_passwd"'"}]'  --cert "$TMP_DIR"/admin_tls.crt --key "$TMP_DIR"/admin_tls.key  --insecure)
+                response=$(curl -s -o /dev/null -w "%{http_code}" -XPATCH "$sec_api_url/internalusers/$ES_USER" -H 'Content-Type: application/json' -d'[{"op" : "replace", "path" : "/hash", "value" : "'"$hashed_passwd"'"}]' --cert "$TMP_DIR"/admin_tls.crt --key "$TMP_DIR"/admin_tls.key --insecure)
 
                 if [[ $response == 2* ]]; then
                     log_debug "Password for [$USER_NAME] has been changed in OpenSearch. [$response]"
@@ -196,7 +195,7 @@
     if [ "$USER_NAME" != "logadm" ]; then
         log_debug "Trying to store the updated credentials in the corresponding Kubernetes secret [internal-user-$USER_NAME]."
 
-        kubectl -n "$LOG_NS" delete secret internal-user-"$USER_NAME"  --ignore-not-found
+        kubectl -n "$LOG_NS" delete secret internal-user-"$USER_NAME" --ignore-not-found
 
         labels="managed-by=v4m-es-script"
         if [ "$autogenerated_password" == "true" ]; then
@@ -211,7 +210,7 @@
             log_error "Try re-running this script again OR manually creating the secret using the command: "
             log_error "kubectl -n $LOG_NS create secret generic --from-literal=username=$USER_NAME --from-literal=password=$NEW_PASSWD"
         else
-        case $USER_NAME in
+            case $USER_NAME in
             admin)
 
                 if [ "$autogenerated_password" == "true" ]; then
@@ -270,7 +269,8 @@
             *)
                 log_error "The user name [$USER_NAME] you provided is not one of the supported internal users; exiting"
                 exit 2
-        esac
+                ;;
+            esac
         fi
     fi
 elif [ "$success" == "false" ]; then
diff logging/bin/deploy_logging.sh.orig logging/bin/deploy_logging.sh
--- logging/bin/deploy_logging.sh.orig
+++ logging/bin/deploy_logging.sh
@@ -28,7 +28,7 @@
 # Create namespace if it doesn't exist
 if [ -z "$(kubectl get ns "$LOG_NS" -o name 2> /dev/null)" ]; then
     kubectl create ns "$LOG_NS"
- 
+
     #Container Security: Disable serviceAccount Token Automounting
     disable_sa_token_automount "$LOG_NS" default
 fi
diff logging/bin/deploy_osd_content.sh.orig logging/bin/deploy_osd_content.sh
--- logging/bin/deploy_osd_content.sh.orig
+++ logging/bin/deploy_osd_content.sh
@@ -100,10 +100,10 @@
 
 # Import OSD Searches, Visualizations and Dashboard Objects using curl
 # shfmt: ignoring suggested reformat to maintain readability
-./logging/bin/import_osd_content.sh logging/osd/common          cluster_admins
-./logging/bin/import_osd_content.sh logging/osd/cluster_admins  cluster_admins
-./logging/bin/import_osd_content.sh logging/osd/namespace       cluster_admins
-./logging/bin/import_osd_content.sh logging/osd/tenant          cluster_admins
+./logging/bin/import_osd_content.sh logging/osd/common cluster_admins
+./logging/bin/import_osd_content.sh logging/osd/cluster_admins cluster_admins
+./logging/bin/import_osd_content.sh logging/osd/namespace cluster_admins
+./logging/bin/import_osd_content.sh logging/osd/tenant cluster_admins
 
 log_info "Configuring OpenSearch Dashboards has been completed"
 
----------

You can reformat the above files to meet shfmt's requirements by typing:

  shfmt -s -i 4 -bn -sr -ln bash -w filename

'shellcheck -e SC1004' found no issues.

'shfmt -s -i 4 -bn -sr -ln bash' returned error 1 finding the following formatting issues:

----------
diff logging/bin/change_internal_password.sh.orig logging/bin/change_internal_password.sh
--- logging/bin/change_internal_password.sh.orig
+++ logging/bin/change_internal_password.sh
@@ -51,7 +51,7 @@
         ;;
     kibanaserver) ;;
     metricgetter) ;;
-    --help| -h)
+    --help | -h)
         show_usage
         exit
         ;;
@@ -77,8 +77,8 @@
         # exit
         ES_USER=$USER_NAME
     else
-        ES_USER=$(kubectl -n "$LOG_NS" get secret internal-user-"$USER_NAME" -o=jsonpath="{.data.\username}" |base64 --decode)
-        ES_PASSWD=$(kubectl -n "$LOG_NS" get secret internal-user-"$USER_NAME" -o=jsonpath="{.data.password}" |base64 --decode)
+        ES_USER=$(kubectl -n "$LOG_NS" get secret internal-user-"$USER_NAME" -o=jsonpath="{.data.\username}" | base64 --decode)
+        ES_PASSWD=$(kubectl -n "$LOG_NS" get secret internal-user-"$USER_NAME" -o=jsonpath="{.data.password}" | base64 --decode)
     fi
 else
     ES_USER=$USER_NAME
@@ -97,20 +97,20 @@
     if [ "$USER_NAME" != "admin" ]; then
         log_debug "Will attempt to use admin credentials to change password for [$USER_NAME]"
 
-        ES_ADMIN_USER=$(kubectl -n "$LOG_NS" get secret internal-user-admin -o=jsonpath="{.data.username}" |base64 --decode)
-        ES_ADMIN_PASSWD=$(kubectl -n "$LOG_NS" get secret internal-user-admin -o=jsonpath="{.data.password}" |base64 --decode)
-
-        # make sure hash utility is executable
-        kubectl -n "$LOG_NS" exec $targetpod -c $targetcontainer --  chmod +x $toolsrootdir/tools/hash.sh
-        # get hash of new password
-        # shellcheck disable=2063
-        hashed_passwd=$(kubectl -n "$LOG_NS" exec $targetpod  -c $targetcontainer --  $toolsrootdir/tools/hash.sh -p "$NEW_PASSWD" | grep -v '*')
+        ES_ADMIN_USER=$(kubectl -n "$LOG_NS" get secret internal-user-admin -o=jsonpath="{.data.username}" | base64 --decode)
+        ES_ADMIN_PASSWD=$(kubectl -n "$LOG_NS" get secret internal-user-admin -o=jsonpath="{.data.password}" | base64 --decode)
+
+        # make sure hash utility is executable
+        kubectl -n "$LOG_NS" exec $targetpod -c $targetcontainer -- chmod +x $toolsrootdir/tools/hash.sh
+        # get hash of new password
+        # shellcheck disable=2063
+        hashed_passwd=$(kubectl -n "$LOG_NS" exec $targetpod -c $targetcontainer -- $toolsrootdir/tools/hash.sh -p "$NEW_PASSWD" | grep -v '*')
         rc=$?
         if [ "$rc" == "0" ]; then
 
             #try changing password using admin password
-            response=$(curl -s -o /dev/null -w "%{http_code}"  -XPATCH "$sec_api_url/internalusers/$ES_USER"   -H 'Content-Type: application/json' -d'[{"op" : "replace", "path" : "/hash", "value" : "'"$hashed_passwd"'"}]'  --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)
-            if [[ "$response" == "404" ]]; then
+            response=$(curl -s -o /dev/null -w "%{http_code}" -XPATCH "$sec_api_url/internalusers/$ES_USER" -H 'Content-Type: application/json' -d'[{"op" : "replace", "path" : "/hash", "value" : "'"$hashed_passwd"'"}]' --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)
+            if [[ $response == "404" ]]; then
                 log_error "Unable to change password for [$USER_NAME] because that user does not exist. [$response]"
                 success="non-existent_user"
             elif [[ $response == 4* ]]; then
@@ -137,16 +137,16 @@
                 success="false"
             fi
         else
-            log_error "Unable to obtain a hash of the new password; password not changed. [rc: $rc]";
+            log_error "Unable to obtain a hash of the new password; password not changed. [rc: $rc]"
         fi
     else
         log_debug "Attempting to change password for user [admin] using the admin certs rather than cached password"
 
         # make sure hash utility is executable
-        kubectl -n "$LOG_NS" exec $targetpod  -c $targetcontainer --  chmod +x $toolsrootdir/tools/hash.sh
-        # get hash of new password
-        # shellcheck disable=2063
-        hashed_passwd=$(kubectl -n "$LOG_NS" exec $targetpod  -c $targetcontainer --  $toolsrootdir/tools/hash.sh -p "$NEW_PASSWD" | grep -v '*')
+        kubectl -n "$LOG_NS" exec $targetpod -c $targetcontainer -- chmod +x $toolsrootdir/tools/hash.sh
+        # get hash of new password
+        # shellcheck disable=2063
+        hashed_passwd=$(kubectl -n "$LOG_NS" exec $targetpod -c $targetcontainer -- $toolsrootdir/tools/hash.sh -p "$NEW_PASSWD" | grep -v '*')
 
         #obtain admin cert
         rm -f "$TMP_DIR"/tls.crt
@@ -156,7 +156,7 @@
             success="false"
         else
             log_debug "File tls.crt obtained from Kubernetes secret"
-            echo "$admin_tls_cert" |base64 --decode > "$TMP_DIR"/admin_tls.crt
+            echo "$admin_tls_cert" | base64 --decode > "$TMP_DIR"/admin_tls.crt
 
             #obtain admin TLS key
             rm -f "$TMP_DIR"/tls.key
@@ -166,10 +166,10 @@
                 success="false"
             else
                 log_debug "File tls.key obtained from Kubernetes secret"
-                echo "$admin_tls_key" |base64 --decode > "$TMP_DIR"/admin_tls.key
+                echo "$admin_tls_key" | base64 --decode > "$TMP_DIR"/admin_tls.key
 
                 # Attempt to change password using admin certs
-                response=$(curl -s -o /dev/null -w "%{http_code}" -XPATCH "$sec_api_url/internalusers/$ES_USER"   -H 'Content-Type: application/json' -d'[{"op" : "replace", "path" : "/hash", "value" : "'"$hashed_passwd"'"}]'  --cert "$TMP_DIR"/admin_tls.crt --key "$TMP_DIR"/admin_tls.key  --insecure)
+                response=$(curl -s -o /dev/null -w "%{http_code}" -XPATCH "$sec_api_url/internalusers/$ES_USER" -H 'Content-Type: application/json' -d'[{"op" : "replace", "path" : "/hash", "value" : "'"$hashed_passwd"'"}]' --cert "$TMP_DIR"/admin_tls.crt --key "$TMP_DIR"/admin_tls.key --insecure)
 
                 if [[ $response == 2* ]]; then
                     log_debug "Password for [$USER_NAME] has been changed in OpenSearch. [$response]"
@@ -195,7 +195,7 @@
     if [ "$USER_NAME" != "logadm" ]; then
         log_debug "Trying to store the updated credentials in the corresponding Kubernetes secret [internal-user-$USER_NAME]."
 
-        kubectl -n "$LOG_NS" delete secret internal-user-"$USER_NAME"  --ignore-not-found
+        kubectl -n "$LOG_NS" delete secret internal-user-"$USER_NAME" --ignore-not-found
 
         labels="managed-by=v4m-es-script"
         if [ "$autogenerated_password" == "true" ]; then
@@ -210,7 +210,7 @@
             log_error "Try re-running this script again OR manually creating the secret using the command: "
             log_error "kubectl -n $LOG_NS create secret generic --from-literal=username=$USER_NAME --from-literal=password=$NEW_PASSWD"
         else
-        case $USER_NAME in
+            case $USER_NAME in
             admin)
 
                 if [ "$autogenerated_password" == "true" ]; then
@@ -269,7 +269,8 @@
             *)
                 log_error "The user name [$USER_NAME] you provided is not one of the supported internal users; exiting"
                 exit 2
-        esac
+                ;;
+            esac
         fi
     fi
 elif [ "$success" == "false" ]; then
diff logging/bin/deploy_logging.sh.orig logging/bin/deploy_logging.sh
--- logging/bin/deploy_logging.sh.orig
+++ logging/bin/deploy_logging.sh
@@ -28,7 +28,7 @@
 # Create namespace if it doesn't exist
 if [ -z "$(kubectl get ns "$LOG_NS" -o name 2> /dev/null)" ]; then
     kubectl create ns "$LOG_NS"
- 
+
     #Container Security: Disable serviceAccount Token Automounting
     disable_sa_token_automount "$LOG_NS" default
 fi
diff logging/bin/deploy_osd_content.sh.orig logging/bin/deploy_osd_content.sh
--- logging/bin/deploy_osd_content.sh.orig
+++ logging/bin/deploy_osd_content.sh
@@ -100,10 +100,10 @@
 
 # Import OSD Searches, Visualizations and Dashboard Objects using curl
 # shfmt: ignoring suggested reformat to maintain readability
-./logging/bin/import_osd_content.sh logging/osd/common          cluster_admins
-./logging/bin/import_osd_content.sh logging/osd/cluster_admins  cluster_admins
-./logging/bin/import_osd_content.sh logging/osd/namespace       cluster_admins
-./logging/bin/import_osd_content.sh logging/osd/tenant          cluster_admins
+./logging/bin/import_osd_content.sh logging/osd/common cluster_admins
+./logging/bin/import_osd_content.sh logging/osd/cluster_admins cluster_admins
+./logging/bin/import_osd_content.sh logging/osd/namespace cluster_admins
+./logging/bin/import_osd_content.sh logging/osd/tenant cluster_admins
 
 log_info "Configuring OpenSearch Dashboards has been completed"
 
----------

You can reformat the above files to meet shfmt's requirements by typing:

  shfmt -s -i 4 -bn -sr -ln bash -w filename

'shellcheck -e SC1004' found no issues.

'shfmt -s -i 4 -bn -sr -ln bash' returned error 1 finding the following formatting issues:

----------
diff logging/bin/change_internal_password.sh.orig logging/bin/change_internal_password.sh
--- logging/bin/change_internal_password.sh.orig
+++ logging/bin/change_internal_password.sh
@@ -109,8 +109,8 @@
         if [ "$rc" == "0" ]; then
 
             #try changing password using admin password
-            response=$(curl -s -o /dev/null -w "%{http_code}" -XPATCH "$sec_api_url/internalusers/$ES_USER" -H 'Content-Type: application/json' -d'[{"op" : "replace", "path" : "/hash", "value" : "'"$hashed_passwd"'"}]'  --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)
-            if [[ "$response" == "404" ]]; then
+            response=$(curl -s -o /dev/null -w "%{http_code}" -XPATCH "$sec_api_url/internalusers/$ES_USER" -H 'Content-Type: application/json' -d'[{"op" : "replace", "path" : "/hash", "value" : "'"$hashed_passwd"'"}]' --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)
+            if [[ $response == "404" ]]; then
                 log_error "Unable to change password for [$USER_NAME] because that user does not exist. [$response]"
                 success="non-existent_user"
             elif [[ $response == 4* ]]; then
@@ -143,7 +143,7 @@
         log_debug "Attempting to change password for user [admin] using the admin certs rather than cached password"
 
         # make sure hash utility is executable
-        kubectl -n "$LOG_NS" exec $targetpod  -c $targetcontainer --  chmod +x $toolsrootdir/tools/hash.sh
+        kubectl -n "$LOG_NS" exec $targetpod -c $targetcontainer -- chmod +x $toolsrootdir/tools/hash.sh
         # get hash of new password
         # shellcheck disable=2063
         hashed_passwd=$(kubectl -n "$LOG_NS" exec $targetpod -c $targetcontainer -- $toolsrootdir/tools/hash.sh -p "$NEW_PASSWD" | grep -v '*')
@@ -166,7 +166,7 @@
                 success="false"
             else
                 log_debug "File tls.key obtained from Kubernetes secret"
-                echo "$admin_tls_key" |base64 --decode > "$TMP_DIR"/admin_tls.key
+                echo "$admin_tls_key" | base64 --decode > "$TMP_DIR"/admin_tls.key
 
                 # Attempt to change password using admin certs
                 response=$(curl -s -o /dev/null -w "%{http_code}" -XPATCH "$sec_api_url/internalusers/$ES_USER" -H 'Content-Type: application/json' -d'[{"op" : "replace", "path" : "/hash", "value" : "'"$hashed_passwd"'"}]' --cert "$TMP_DIR"/admin_tls.crt --key "$TMP_DIR"/admin_tls.key --insecure)
@@ -195,7 +195,7 @@
     if [ "$USER_NAME" != "logadm" ]; then
         log_debug "Trying to store the updated credentials in the corresponding Kubernetes secret [internal-user-$USER_NAME]."
 
-        kubectl -n "$LOG_NS" delete secret internal-user-"$USER_NAME"  --ignore-not-found
+        kubectl -n "$LOG_NS" delete secret internal-user-"$USER_NAME" --ignore-not-found
 
         labels="managed-by=v4m-es-script"
         if [ "$autogenerated_password" == "true" ]; then
@@ -269,6 +269,7 @@
             *)
                 log_error "The user name [$USER_NAME] you provided is not one of the supported internal users; exiting"
                 exit 2
+                ;;
             esac
         fi
     fi
diff logging/bin/deploy_logging.sh.orig logging/bin/deploy_logging.sh
--- logging/bin/deploy_logging.sh.orig
+++ logging/bin/deploy_logging.sh
@@ -28,7 +28,7 @@
 # Create namespace if it doesn't exist
 if [ -z "$(kubectl get ns "$LOG_NS" -o name 2> /dev/null)" ]; then
     kubectl create ns "$LOG_NS"
- 
+
     #Container Security: Disable serviceAccount Token Automounting
     disable_sa_token_automount "$LOG_NS" default
 fi
diff logging/bin/deploy_osd_content.sh.orig logging/bin/deploy_osd_content.sh
--- logging/bin/deploy_osd_content.sh.orig
+++ logging/bin/deploy_osd_content.sh
@@ -100,10 +100,10 @@
 
 # Import OSD Searches, Visualizations and Dashboard Objects using curl
 # shfmt: ignoring suggested reformat to maintain readability
-./logging/bin/import_osd_content.sh logging/osd/common          cluster_admins
-./logging/bin/import_osd_content.sh logging/osd/cluster_admins  cluster_admins
-./logging/bin/import_osd_content.sh logging/osd/namespace       cluster_admins
-./logging/bin/import_osd_content.sh logging/osd/tenant          cluster_admins
+./logging/bin/import_osd_content.sh logging/osd/common cluster_admins
+./logging/bin/import_osd_content.sh logging/osd/cluster_admins cluster_admins
+./logging/bin/import_osd_content.sh logging/osd/namespace cluster_admins
+./logging/bin/import_osd_content.sh logging/osd/tenant cluster_admins
 
 log_info "Configuring OpenSearch Dashboards has been completed"
 
----------

You can reformat the above files to meet shfmt's requirements by typing:

  shfmt -s -i 4 -bn -sr -ln bash -w filename

'shellcheck -e SC1004' found no issues.

'shfmt -s -i 4 -bn -sr -ln bash' returned error 1 finding the following formatting issues:

----------
diff logging/bin/change_internal_password.sh.orig logging/bin/change_internal_password.sh
--- logging/bin/change_internal_password.sh.orig
+++ logging/bin/change_internal_password.sh
@@ -110,7 +110,7 @@
 
             #try changing password using admin password
             response=$(curl -s -o /dev/null -w "%{http_code}" -XPATCH "$sec_api_url/internalusers/$ES_USER" -H 'Content-Type: application/json' -d'[{"op" : "replace", "path" : "/hash", "value" : "'"$hashed_passwd"'"}]' --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)
-            if [[ "$response" == "404" ]]; then
+            if [[ $response == "404" ]]; then
                 log_error "Unable to change password for [$USER_NAME] because that user does not exist. [$response]"
                 success="non-existent_user"
             elif [[ $response == 4* ]]; then
diff logging/bin/deploy_logging.sh.orig logging/bin/deploy_logging.sh
--- logging/bin/deploy_logging.sh.orig
+++ logging/bin/deploy_logging.sh
@@ -28,7 +28,7 @@
 # Create namespace if it doesn't exist
 if [ -z "$(kubectl get ns "$LOG_NS" -o name 2> /dev/null)" ]; then
     kubectl create ns "$LOG_NS"
- 
+
     #Container Security: Disable serviceAccount Token Automounting
     disable_sa_token_automount "$LOG_NS" default
 fi
diff logging/bin/deploy_osd_content.sh.orig logging/bin/deploy_osd_content.sh
--- logging/bin/deploy_osd_content.sh.orig
+++ logging/bin/deploy_osd_content.sh
@@ -100,10 +100,10 @@
 
 # Import OSD Searches, Visualizations and Dashboard Objects using curl
 # shfmt: ignoring suggested reformat to maintain readability
-./logging/bin/import_osd_content.sh logging/osd/common          cluster_admins
-./logging/bin/import_osd_content.sh logging/osd/cluster_admins  cluster_admins
-./logging/bin/import_osd_content.sh logging/osd/namespace       cluster_admins
-./logging/bin/import_osd_content.sh logging/osd/tenant          cluster_admins
+./logging/bin/import_osd_content.sh logging/osd/common cluster_admins
+./logging/bin/import_osd_content.sh logging/osd/cluster_admins cluster_admins
+./logging/bin/import_osd_content.sh logging/osd/namespace cluster_admins
+./logging/bin/import_osd_content.sh logging/osd/tenant cluster_admins
 
 log_info "Configuring OpenSearch Dashboards has been completed"
 
----------

You can reformat the above files to meet shfmt's requirements by typing:

  shfmt -s -i 4 -bn -sr -ln bash -w filename

'shellcheck -e SC1004' found no issues.

'shfmt -s -i 4 -bn -sr -ln bash' returned error 1 finding the following formatting issues:

----------
diff logging/bin/deploy_osd_content.sh.orig logging/bin/deploy_osd_content.sh
--- logging/bin/deploy_osd_content.sh.orig
+++ logging/bin/deploy_osd_content.sh
@@ -100,7 +100,7 @@
 
 # Import OSD Searches, Visualizations and Dashboard Objects using curl
 ./logging/bin/import_osd_content.sh logging/osd/common cluster_admins
-./logging/bin/import_osd_content.sh logging/osd/cluster_admins  cluster_admins
+./logging/bin/import_osd_content.sh logging/osd/cluster_admins cluster_admins
 ./logging/bin/import_osd_content.sh logging/osd/namespace cluster_admins
 ./logging/bin/import_osd_content.sh logging/osd/tenant cluster_admins
 
----------

You can reformat the above files to meet shfmt's requirements by typing:

  shfmt -s -i 4 -bn -sr -ln bash -w filename

'shellcheck -e SC1004' found no issues.

'shfmt -s -i 4 -bn -sr -ln bash' returned error 1 finding the following formatting issues:

----------
diff logging/bin/import_osd_content.sh.orig logging/bin/import_osd_content.sh
--- logging/bin/import_osd_content.sh.orig
+++ logging/bin/import_osd_content.sh
@@ -23,10 +23,10 @@
     if [ -f "$file" ]; then
         # ODFE 1.7.0: successful request returns: {"success":true,"successCount":20}
         # ODFE 1.13.x: successful request returns: {"successCount":1,"success":true,"successResults":[...content details...]}
-        response=$(curl -s -o "$TMP_DIR"/curl.response -w "%{http_code}" -XPOST "${kb_api_url}/api/saved_objects/_import?overwrite=true" -H "securitytenant: $tenant"  -H "$LOG_XSRF_HEADER"   --form file=@"$file" --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure )
+        response=$(curl -s -o "$TMP_DIR"/curl.response -w "%{http_code}" -XPOST "${kb_api_url}/api/saved_objects/_import?overwrite=true" -H "securitytenant: $tenant" -H "$LOG_XSRF_HEADER" --form file=@"$file" --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)
 
         if [[ $response == 2* ]]; then
-            if grep -q '"success":true' "$TMP_DIR"/curl.response ; then
+            if grep -q '"success":true' "$TMP_DIR"/curl.response; then
                 log_verbose "Deployed content from file [$file] - Success! [$response]"
             else
                 log_warn "Unable to deploy content from file [$file]. [$response]"
@@ -58,13 +58,13 @@
     for f in "$dir"/*.ndjson; do
         if [ -f "$f" ]; then
             log_debug "Adding $f to $tmpfile"
-            cat "$f" >>"$tmpfile"
+            cat "$f" >> "$tmpfile"
             echo " " >> "$tmpfile"
             ((item_count++))
         fi
     done
 
-    if [[ "$item_count" -gt 0 ]]; then
+    if [[ $item_count -gt 0 ]]; then
         log_debug "$item_count items packed into $tmpfile for loading"
         import_file "$tmpfile"
     else
@@ -99,14 +99,14 @@
 
 if [ "$#" != "2" ]; then
     log_error "Invalid set of arguments"
-    log_message  ""
-    log_message  "Usage: $this_script [CONTENT_LOCATION] [TENANT_SPACE]"
-    log_message  ""
-    log_message  "Loads content from the specified location into the specified tenant space."
-    log_message  ""
-    log_message  "     CONTENT_LOCATION  - (Required) The location, either a single file or a directory, containing content to be imported. Note: content must be in form of .ndjson files."
-    log_message  "     TENANT_SPACE      - (Required) The tenant space to which the content should be imported.  Note: the tenant space must already exist."
-    log_message  ""
+    log_message ""
+    log_message "Usage: $this_script [CONTENT_LOCATION] [TENANT_SPACE]"
+    log_message ""
+    log_message "Loads content from the specified location into the specified tenant space."
+    log_message ""
+    log_message "     CONTENT_LOCATION  - (Required) The location, either a single file or a directory, containing content to be imported. Note: content must be in form of .ndjson files."
+    log_message "     TENANT_SPACE      - (Required) The tenant space to which the content should be imported.  Note: the tenant space must already exist."
+    log_message ""
     exit 1
 fi
 
@@ -138,7 +138,7 @@
 fi
 
 # Convert tenant to all lower-case
-tenant=$(echo "$tenant"| tr '[:upper:]' '[:lower:]')
+tenant=$(echo "$tenant" | tr '[:upper:]' '[:lower:]')
 
 # get credentials
 get_credentials_from_secret admin
@@ -145,12 +145,12 @@
 rc=$?
 if [ "$rc" != "0" ]; then
     log_info "RC=$rc"
-    exit $rc;
+    exit $rc
 fi
 
 if kibana_tenant_exists "$tenant"; then
     log_debug "Confirmed OpenSearch Dashboards tenant space [$tenant] exists"
-elif [ "$tenant" == "global" ];then
+elif [ "$tenant" == "global" ]; then
     log_debug "OpenSearch Dashboards tenant space [global] specified."
 else
     log_error "Specified tenant space [$tenant] does not exist. Target OpenSearch Dashboards tenant space must exist."
@@ -171,16 +171,16 @@
         exit 1
     fi
 elif [ -d "$1" ]; then
-        # Deploy specified directory of OSD content
-        log_info "Importing content in [$1] to tenant space [$tenant]..."
-        if [ "$batch_kibana_content" != "true" ]; then
-            log_debug "'BATCH_KIBANA_CONTENT' flag set to 'false'; loading files individually from directory"
-            import_content "$1"
-        else
-            import_content_batch "$1"
-        fi
-
-        import_problems=$?
+    # Deploy specified directory of OSD content
+    log_info "Importing content in [$1] to tenant space [$tenant]..."
+    if [ "$batch_kibana_content" != "true" ]; then
+        log_debug "'BATCH_KIBANA_CONTENT' flag set to 'false'; loading files individually from directory"
+        import_content "$1"
+    else
+        import_content_batch "$1"
+    fi
+
+    import_problems=$?
 
 elif [ "$ignore_not_found" == "true" ]; then
     log_debug "The specified file/directory to import [$1] does not exist or cannot be accessed but --ignore-not-found flag has been set."
----------

You can reformat the above files to meet shfmt's requirements by typing:

  shfmt -s -i 4 -bn -sr -ln bash -w filename

'shellcheck -e SC1004' found no issues.

'shfmt -s -i 4 -bn -sr -ln bash' returned error 1 finding the following formatting issues:

----------
diff logging/bin/rbac-include.sh.orig logging/bin/rbac-include.sh
--- logging/bin/rbac-include.sh.orig
+++ logging/bin/rbac-include.sh
@@ -25,7 +25,7 @@
 
     if [[ $response == 2* ]]; then
         log_info "Security role [$role] created. [$response]"
-        return  0
+        return 0
     else
         log_error "There was an issue creating the security role [$role]. [$response]"
         log_debug "template contents: /n $(cat "$role_template")"
@@ -68,7 +68,7 @@
     role=$1
     role_template=${2:-null}
 
-    if  role_exists "$role"; then
+    if role_exists "$role"; then
         return 0
     else
         if [ -n "$role_template" ]; then
@@ -122,27 +122,26 @@
     response=$(curl -s -o "$TMP_DIR"/rolemapping.json -w "%{http_code}" -XGET "$sec_api_url/rolesmapping/$targetrole" --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)
 
     if [[ $response == 404 ]]; then
-    log_debug "Rolemappings for [$targetrole] do not exist; creating rolemappings. [$response]"
-
-    json='{"backend_roles" : ["'"$berole"'"]}'
-    verb=PUT
+        log_debug "Rolemappings for [$targetrole] do not exist; creating rolemappings. [$response]"
+
+        json='{"backend_roles" : ["'"$berole"'"]}'
+        verb=PUT
 
     elif [[ $response == 2* ]]; then
-    log_debug "Existing rolemappings for [$targetrole] obtained. [$response]"
-    log_debug "$(cat "$TMP_DIR"/rolemapping.json)"
-
-
-    if grep -q "$berole" "$TMP_DIR"/rolemapping.json; then
-        log_debug "A rolemapping between [$targetrole] and  back-end role [$berole] already appears to exist; leaving as-is."
-        return 0
-    elif grep -q '\"backend_roles\":\[\],' "$TMP_DIR"/rolemapping.json; then
-        log_debug "The role [$targetrole] has no existing rolemappings"
-        json='[{"op": "add","path": "/backend_roles","value":["'"$berole"'"]}]'
-        verb=PATCH
-    else
-        json='[{"op": "add","path": "/backend_roles/-","value":"'"$berole"'"}]'
-        verb=PATCH
-    fi
+        log_debug "Existing rolemappings for [$targetrole] obtained. [$response]"
+        log_debug "$(cat "$TMP_DIR"/rolemapping.json)"
+
+        if grep -q "$berole" "$TMP_DIR"/rolemapping.json; then
+            log_debug "A rolemapping between [$targetrole] and  back-end role [$berole] already appears to exist; leaving as-is."
+            return 0
+        elif grep -q '\"backend_roles\":\[\],' "$TMP_DIR"/rolemapping.json; then
+            log_debug "The role [$targetrole] has no existing rolemappings"
+            json='[{"op": "add","path": "/backend_roles","value":["'"$berole"'"]}]'
+            verb=PATCH
+        else
+            json='[{"op": "add","path": "/backend_roles/-","value":"'"$berole"'"}]'
+            verb=PATCH
+        fi
     else
         log_error "There was an issue getting the existing rolemappings for [$targetrole]. [$response]"
         return 1
@@ -203,62 +202,62 @@
 
     if role_exists "$targetrole"; then
 
-    # get existing rolemappings for $targetrole
-    response=$(curl -s -o "$TMP_DIR"/rolemapping.json -w "%{http_code}" -XGET "$sec_api_url/rolesmapping/$targetrole" --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)
-
-    if [[ $response == 404 ]]; then
-        log_debug "Rolemappings for [$targetrole] do not exist; nothing to do. [$response]"
-        return 0
-    elif [[ $response != 2* ]]; then
-        log_error "There was an issue getting the existing rolemappings for [$targetrole]. [$response]"
-        return 1
-    else
-        log_debug "Existing rolemappings for [$targetrole] obtained. [$response]"
-        log_debug "$(cat "$TMP_DIR"/rolemapping.json)"
-
-        regex='"backend_roles":\[((("[_0-9a-zA-Z\-]+",?)?)+)\]'
-        json=$(cat  "$TMP_DIR"/rolemapping.json)
-
-        if [[ $json =~ $regex ]]; then
-
-            be_roles="[${BASH_REMATCH[1]}]"
-
-            if [ -z "$be_roles" ]; then
-                log_debug "No backend roles to patch for [$targetrole]; moving on"
-                return 0
-            else
-
-                # ODFE 1.7  {"kibana_user":{"reserved":false,"hidden":false,"backend_roles":["kibanauser","d27885_kibana_users","acme_d27885_kibana_user"],"hosts":[],"users":[],"and_backend_roles":[],"description":"Maps kibanauser to kibana_user"}}
-                # ODFE 1.13 {"kibana_user":{"hosts":[],"users":[],"reserved":false,"hidden":false,"backend_roles":["kibanauser","d27886_kibana_users","d35396_kibana_users","d35396_acme_kibana_users","d35396A_kibana_users","d35396A_acme_kibana_users"],"and_backend_roles":[]}}
-
-                # Extract and reconstruct backend_roles array from rolemapping json
-                newroles=$(echo "$be_roles" | sed "s/\"$berole2remove\"//g;s/,,,/,/g;s/,,/,/g; s/,]/]/g;s/\[,/\[/g")
-                if [ "$be_roles" == "$newroles" ]; then
-                log_debug "The backend role [$berole2remove] is not mapped to [$targetrole]; moving on."
-                return 0
-                else
-
-                log_debug "Updated Back-end Role ($targetrole): $newroles"
-
-                # Copy RBAC template
-                cp logging/opensearch/rbac/backend_rolemapping_delete.json "$TMP_DIR"/"${targetrole}"_backend_rolemapping_delete.json
-
-                #update json template file w/revised list of backend roles
-                sed -i'.bak' "s/xxBACKENDROLESxx/$newroles/g"     "$TMP_DIR"/"${targetrole}"_backend_rolemapping_delete.json # BACKENDROLES
-
-                # Replace the rolemappings for the $targetrole with the revised list of backend roles
-                response=$(curl -s -o /dev/null -w "%{http_code}" -XPATCH "$sec_api_url/rolesmapping/$targetrole" -H 'Content-Type: application/json' -d @"$TMP_DIR"/"${targetrole}"_backend_rolemapping_delete.json --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)
-                if [[ $response != 2* ]]; then
-                    log_error "There was an issue updating the rolesmapping for [$targetrole] to remove link with backend-role [$berole2remove]. [$response]"
-                    return 1
-                else
-                    log_info "Security rolemapping deleted between [$targetrole] and backend-role [$berole2remove]. [$response]"
+        # get existing rolemappings for $targetrole
+        response=$(curl -s -o "$TMP_DIR"/rolemapping.json -w "%{http_code}" -XGET "$sec_api_url/rolesmapping/$targetrole" --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)
+
+        if [[ $response == 404 ]]; then
+            log_debug "Rolemappings for [$targetrole] do not exist; nothing to do. [$response]"
+            return 0
+        elif [[ $response != 2* ]]; then
+            log_error "There was an issue getting the existing rolemappings for [$targetrole]. [$response]"
+            return 1
+        else
+            log_debug "Existing rolemappings for [$targetrole] obtained. [$response]"
+            log_debug "$(cat "$TMP_DIR"/rolemapping.json)"
+
+            regex='"backend_roles":\[((("[_0-9a-zA-Z\-]+",?)?)+)\]'
+            json=$(cat "$TMP_DIR"/rolemapping.json)
+
+            if [[ $json =~ $regex ]]; then
+
+                be_roles="[${BASH_REMATCH[1]}]"
+
+                if [ -z "$be_roles" ]; then
+                    log_debug "No backend roles to patch for [$targetrole]; moving on"
                     return 0
-                fi
-                fi
-            fi
-        fi
-    fi
+                else
+
+                    # ODFE 1.7  {"kibana_user":{"reserved":false,"hidden":false,"backend_roles":["kibanauser","d27885_kibana_users","acme_d27885_kibana_user"],"hosts":[],"users":[],"and_backend_roles":[],"description":"Maps kibanauser to kibana_user"}}
+                    # ODFE 1.13 {"kibana_user":{"hosts":[],"users":[],"reserved":false,"hidden":false,"backend_roles":["kibanauser","d27886_kibana_users","d35396_kibana_users","d35396_acme_kibana_users","d35396A_kibana_users","d35396A_acme_kibana_users"],"and_backend_roles":[]}}
+
+                    # Extract and reconstruct backend_roles array from rolemapping json
+                    newroles=$(echo "$be_roles" | sed "s/\"$berole2remove\"//g;s/,,,/,/g;s/,,/,/g; s/,]/]/g;s/\[,/\[/g")
+                    if [ "$be_roles" == "$newroles" ]; then
+                        log_debug "The backend role [$berole2remove] is not mapped to [$targetrole]; moving on."
+                        return 0
+                    else
+
+                        log_debug "Updated Back-end Role ($targetrole): $newroles"
+
+                        # Copy RBAC template
+                        cp logging/opensearch/rbac/backend_rolemapping_delete.json "$TMP_DIR"/"${targetrole}"_backend_rolemapping_delete.json
+
+                        #update json template file w/revised list of backend roles
+                        sed -i'.bak' "s/xxBACKENDROLESxx/$newroles/g" "$TMP_DIR"/"${targetrole}"_backend_rolemapping_delete.json # BACKENDROLES
+
+                        # Replace the rolemappings for the $targetrole with the revised list of backend roles
+                        response=$(curl -s -o /dev/null -w "%{http_code}" -XPATCH "$sec_api_url/rolesmapping/$targetrole" -H 'Content-Type: application/json' -d @"$TMP_DIR"/"${targetrole}"_backend_rolemapping_delete.json --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)
+                        if [[ $response != 2* ]]; then
+                            log_error "There was an issue updating the rolesmapping for [$targetrole] to remove link with backend-role [$berole2remove]. [$response]"
+                            return 1
+                        else
+                            log_info "Security rolemapping deleted between [$targetrole] and backend-role [$berole2remove]. [$response]"
+                            return 0
+                        fi
+                    fi
+                fi
+            fi
+        fi
     else
         log_debug "The role [$targetrole] does not exist; doing nothing. [$response]"
     fi
@@ -283,7 +282,7 @@
 
     if [[ $response == 2* ]]; then
         log_info "OpenSearch Dashboards tenant space [$tenant] created. [$response]"
-        return  0
+        return 0
     else
         log_error "There was an issue creating the OpenSearch Dashboards tenant space [$tenant]. [$response]"
         return 1
@@ -304,7 +303,7 @@
 
     if [[ $response == 2* ]]; then
         log_info "OpenSearch Dashboards tenant space [$tenant] deleted. [$response]"
-        return  0
+        return 0
     else
         log_error "There was an issue deleting the OpenSearch Dashboards tenant space [$tenant]. [$response]"
         return 1
@@ -320,7 +319,7 @@
     local tenant response
     tenant=$1
 
-    response=$(curl -s -o /dev/null -w "%{http_code}" -XGET "${sec_api_url}/tenants/$tenant" --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure )
+    response=$(curl -s -o /dev/null -w "%{http_code}" -XGET "${sec_api_url}/tenants/$tenant" --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)
 
     if [[ $response == 2* ]]; then
         log_debug "Confirmed OpenSearch Dashboards tenant [$tenant] exists. [$response]"
@@ -344,7 +343,7 @@
     local username response
     username=$1
 
-    response=$(curl -s -o /dev/null -w "%{http_code}" -XGET "${sec_api_url}/internalusers/$username" --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure )
+    response=$(curl -s -o /dev/null -w "%{http_code}" -XGET "${sec_api_url}/internalusers/$username" --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)
 
     if [[ $response == 2* ]]; then
         log_debug "Confirmed OpenSearch user [$username] exists. [$response]"
@@ -365,7 +364,7 @@
     username=$1
 
     if user_exists "$username"; then
-        response=$(curl -s -o /dev/null -w "%{http_code}" -XDELETE "${sec_api_url}/internalusers/$username" --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure )
+        response=$(curl -s -o /dev/null -w "%{http_code}" -XDELETE "${sec_api_url}/internalusers/$username" --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)
 
         if [[ $response == 2* ]]; then
             log_debug "User [$username] deleted. [$response]"
----------

You can reformat the above files to meet shfmt's requirements by typing:

  shfmt -s -i 4 -bn -sr -ln bash -w filename

'shellcheck -e SC1004' found no issues.

'shfmt -s -i 4 -bn -sr -ln bash' returned error 1 finding the following formatting issues:

----------
diff logging/bin/rbac-include.sh.orig logging/bin/rbac-include.sh
--- logging/bin/rbac-include.sh.orig
+++ logging/bin/rbac-include.sh
@@ -131,7 +131,6 @@
         log_debug "Existing rolemappings for [$targetrole] obtained. [$response]"
         log_debug "$(cat "$TMP_DIR"/rolemapping.json)"
 
-
         if grep -q "$berole" "$TMP_DIR"/rolemapping.json; then
             log_debug "A rolemapping between [$targetrole] and  back-end role [$berole] already appears to exist; leaving as-is."
             return 0
@@ -217,7 +216,7 @@
             log_debug "$(cat "$TMP_DIR"/rolemapping.json)"
 
             regex='"backend_roles":\[((("[_0-9a-zA-Z\-]+",?)?)+)\]'
-            json=$(cat  "$TMP_DIR"/rolemapping.json)
+            json=$(cat "$TMP_DIR"/rolemapping.json)
 
             if [[ $json =~ $regex ]]; then
 
@@ -234,27 +233,27 @@
                     # Extract and reconstruct backend_roles array from rolemapping json
                     newroles=$(echo "$be_roles" | sed "s/\"$berole2remove\"//g;s/,,,/,/g;s/,,/,/g; s/,]/]/g;s/\[,/\[/g")
                     if [ "$be_roles" == "$newroles" ]; then
-                    log_debug "The backend role [$berole2remove] is not mapped to [$targetrole]; moving on."
-                    return 0
-                    else
-
-                    log_debug "Updated Back-end Role ($targetrole): $newroles"
-
-                    # Copy RBAC template
-                    cp logging/opensearch/rbac/backend_rolemapping_delete.json "$TMP_DIR"/"${targetrole}"_backend_rolemapping_delete.json
-
-                    #update json template file w/revised list of backend roles
-                    sed -i'.bak' "s/xxBACKENDROLESxx/$newroles/g"     "$TMP_DIR"/"${targetrole}"_backend_rolemapping_delete.json # BACKENDROLES
-
-                    # Replace the rolemappings for the $targetrole with the revised list of backend roles
-                    response=$(curl -s -o /dev/null -w "%{http_code}" -XPATCH "$sec_api_url/rolesmapping/$targetrole" -H 'Content-Type: application/json' -d @"$TMP_DIR"/"${targetrole}"_backend_rolemapping_delete.json --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)
-                    if [[ $response != 2* ]]; then
-                        log_error "There was an issue updating the rolesmapping for [$targetrole] to remove link with backend-role [$berole2remove]. [$response]"
-                        return 1
-                    else
-                        log_info "Security rolemapping deleted between [$targetrole] and backend-role [$berole2remove]. [$response]"
+                        log_debug "The backend role [$berole2remove] is not mapped to [$targetrole]; moving on."
                         return 0
-                    fi
+                    else
+
+                        log_debug "Updated Back-end Role ($targetrole): $newroles"
+
+                        # Copy RBAC template
+                        cp logging/opensearch/rbac/backend_rolemapping_delete.json "$TMP_DIR"/"${targetrole}"_backend_rolemapping_delete.json
+
+                        #update json template file w/revised list of backend roles
+                        sed -i'.bak' "s/xxBACKENDROLESxx/$newroles/g" "$TMP_DIR"/"${targetrole}"_backend_rolemapping_delete.json # BACKENDROLES
+
+                        # Replace the rolemappings for the $targetrole with the revised list of backend roles
+                        response=$(curl -s -o /dev/null -w "%{http_code}" -XPATCH "$sec_api_url/rolesmapping/$targetrole" -H 'Content-Type: application/json' -d @"$TMP_DIR"/"${targetrole}"_backend_rolemapping_delete.json --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)
+                        if [[ $response != 2* ]]; then
+                            log_error "There was an issue updating the rolesmapping for [$targetrole] to remove link with backend-role [$berole2remove]. [$response]"
+                            return 1
+                        else
+                            log_info "Security rolemapping deleted between [$targetrole] and backend-role [$berole2remove]. [$response]"
+                            return 0
+                        fi
                     fi
                 fi
             fi
@@ -365,7 +364,7 @@
     username=$1
 
     if user_exists "$username"; then
-        response=$(curl -s -o /dev/null -w "%{http_code}" -XDELETE "${sec_api_url}/internalusers/$username" --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure )
+        response=$(curl -s -o /dev/null -w "%{http_code}" -XDELETE "${sec_api_url}/internalusers/$username" --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)
 
         if [[ $response == 2* ]]; then
             log_debug "User [$username] deleted. [$response]"
----------

You can reformat the above files to meet shfmt's requirements by typing:

  shfmt -s -i 4 -bn -sr -ln bash -w filename

'shellcheck -e SC1004' found no issues.

'shfmt -s -i 4 -bn -sr -ln bash' returned error 1 finding the following formatting issues:

----------
diff logging/bin/rbac-include.sh.orig logging/bin/rbac-include.sh
--- logging/bin/rbac-include.sh.orig
+++ logging/bin/rbac-include.sh
@@ -243,7 +243,7 @@
                         cp logging/opensearch/rbac/backend_rolemapping_delete.json "$TMP_DIR"/"${targetrole}"_backend_rolemapping_delete.json
 
                         #update json template file w/revised list of backend roles
-                        sed -i'.bak' "s/xxBACKENDROLESxx/$newroles/g"     "$TMP_DIR"/"${targetrole}"_backend_rolemapping_delete.json # BACKENDROLES
+                        sed -i'.bak' "s/xxBACKENDROLESxx/$newroles/g" "$TMP_DIR"/"${targetrole}"_backend_rolemapping_delete.json # BACKENDROLES
 
                         # Replace the rolemappings for the $targetrole with the revised list of backend roles
                         response=$(curl -s -o /dev/null -w "%{http_code}" -XPATCH "$sec_api_url/rolesmapping/$targetrole" -H 'Content-Type: application/json' -d @"$TMP_DIR"/"${targetrole}"_backend_rolemapping_delete.json --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)
----------

You can reformat the above files to meet shfmt's requirements by typing:

  shfmt -s -i 4 -bn -sr -ln bash -w filename

'shellcheck -e SC1004' found no issues.

'shfmt -s -i 4 -bn -sr -ln bash' returned error 1 finding the following formatting issues:

----------
diff logging/bin/secrets-include.sh.orig logging/bin/secrets-include.sh
--- logging/bin/secrets-include.sh.orig
+++ logging/bin/secrets-include.sh
@@ -30,7 +30,7 @@
 
             if [ "$label" != "" ]; then
                 log_debug "Applying label [$label] to newly created secret [$secret_name]"
-                kubectl -n "$LOG_NS" label secret  "$secret_name" "$label"
+                kubectl -n "$LOG_NS" label secret "$secret_name" "$label"
             fi
 
             return 0
@@ -61,13 +61,13 @@
             label="$label autogenerated_password=true"
         fi
 
-        if [ "$(kubectl -n "$LOG_NS" create secret generic "$secret_name"  --from-literal=username="$username" --from-literal=password="$password")" == "secret/$secret_name created" ]; then
+        if [ "$(kubectl -n "$LOG_NS" create secret generic "$secret_name" --from-literal=username="$username" --from-literal=password="$password")" == "secret/$secret_name created" ]; then
 
             log_verbose "Created secret for OpenSearch user credentials [$username]"
 
             if [ "$label" != "" ]; then
                 log_debug "Applying label [$label] to newly created secret [$secret_name]"
-                kubectl -n "$LOG_NS" label secret  "$secret_name" "$label"
+                kubectl -n "$LOG_NS" label secret "$secret_name" "$label"
             fi
 
             return 0
@@ -97,7 +97,7 @@
         export "$user_var"="$(kubectl -n "$LOG_NS" get secret "$secret_name" -o=jsonpath="{.data.username}" 2> /dev/null | base64 --decode)"
         export "$passwd_var"="$(kubectl -n "$LOG_NS" get secret "$secret_name" -o=jsonpath="{.data.password}" 2> /dev/null | base64 --decode)"
 
-        if [ "${!user_var}" == "" ] || [ "${!passwd_var}" == "" ] ; then
+        if [ "${!user_var}" == "" ] || [ "${!passwd_var}" == "" ]; then
             log_error "Required credentials for the [$user] user not found in the [$secret_name] secret."
             return 1
         else
----------

You can reformat the above files to meet shfmt's requirements by typing:

  shfmt -s -i 4 -bn -sr -ln bash -w filename