Skip to content

Housekeeping: lint remaining scripts in logging/bin #784

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
gsmith-sas merged 7 commits into from
Sep 4, 2025
Merged

Housekeeping: lint remaining scripts in logging/bin #784

gsmith-sas merged 7 commits into from
Sep 4, 2025

Conversation

@gsmith-sas
Copy link
Member

@gsmith-sas gsmith-sas commented Aug 21, 2025

No description provided.

@github-actions
Copy link
Contributor

github-actions bot commented Aug 21, 2025

sh-checker report

To get the full details, please check in the job output.

shellcheck errors 

'shellcheck -e SC1004' returned error 1 finding the following syntactical issues:

----------

In logging/bin/onboard.sh line 91:
    -*|--*=) # unsupported flags
    ^-- SC2221 (warning): This pattern always overrides a later one on line 91.
       ^--^ SC2222 (warning): This pattern never matches because of a previous pattern on line 91.


In logging/bin/user.sh line 105:
    -*|--*=) # unsupported flags
    ^-- SC2221 (warning): This pattern always overrides a later one on line 105.
       ^--^ SC2222 (warning): This pattern never matches because of a previous pattern on line 105.


In logging/bin/user.sh line 125:
   action=$(echo "$1"|tr '[a-z]' '[A-Z]')
                         ^-----^ SC2021 (info): Don't use [] around classes in tr, it replaces literal square brackets.
                                 ^-----^ SC2021 (info): Don't use [] around classes in tr, it replaces literal square brackets.

For more information:
  https://www.shellcheck.net/wiki/SC2221 -- This pattern always overrides a l...
  https://www.shellcheck.net/wiki/SC2222 -- This pattern never matches becaus...
  https://www.shellcheck.net/wiki/SC2021 -- Don't use [] around classes in tr...
----------

You can address the above issues in one of three ways:
1. Manually correct the issue in the offending shell script;
2. Disable specific issues by adding the comment:
  # shellcheck disable=NNNN
above the line that contains the issue, where NNNN is the error code;
3. Add '-e NNNN' to the SHELLCHECK_OPTS setting in your .yml action file.
shfmt errors 

'shfmt -s -i 4 -bn -sr -ln bash' returned error 1 finding the following formatting issues:

----------
diff logging/bin/deploy_logging_azmonitor.sh.orig logging/bin/deploy_logging_azmonitor.sh
--- logging/bin/deploy_logging_azmonitor.sh.orig
+++ logging/bin/deploy_logging_azmonitor.sh
@@ -11,8 +11,8 @@
 tmpfile=$TMP_DIR/output.txt
 rm -f tmpfile
 
-if [ "$(kubectl get ns "$LOG_NS" -o name 2>/dev/null)" == "" ]; then
-  kubectl create ns "$LOG_NS"
+if [ "$(kubectl get ns "$LOG_NS" -o name 2> /dev/null)" == "" ]; then
+    kubectl create ns "$LOG_NS"
 fi
 
 set -e
@@ -26,6 +26,5 @@
 log_info "STEP 1: Deploying Fluent Bit"
 logging/bin/deploy_fluentbit_azmonitor.sh
 
-
 log_notice "The deployment of logging components has completed [$(date)]"
 echo ""
diff logging/bin/deploy_servicemonitors_openshift.sh.orig logging/bin/deploy_servicemonitors_openshift.sh
--- logging/bin/deploy_servicemonitors_openshift.sh.orig
+++ logging/bin/deploy_servicemonitors_openshift.sh
@@ -14,26 +14,26 @@
 DEPLOY_SERVICEMONITORS=${DEPLOY_SERVICEMONITORS:-false}
 
 if [ "$DEPLOY_SERVICEMONITORS" != "true" ]; then
-  log_info "Environment variable [DEPLOY_SERVICEMONITORS] is not set to 'true'; exiting WITHOUT deploying ServiceMonitors"
-  exit
+    log_info "Environment variable [DEPLOY_SERVICEMONITORS] is not set to 'true'; exiting WITHOUT deploying ServiceMonitors"
+    exit
 fi
 
 EVENTROUTER_ENABLE=${EVENTROUTER_ENABLE:-true}
 if [ "$EVENTROUTER_ENABLE" == "true" ]; then
-   # Eventrouter ServiceMonitor
-   kubectl apply -n "$LOG_NS" -f monitoring/monitors/kube/podMonitor-eventrouter.yaml
+    # Eventrouter ServiceMonitor
+    kubectl apply -n "$LOG_NS" -f monitoring/monitors/kube/podMonitor-eventrouter.yaml
 fi
 
 ELASTICSEARCH_ENABLE=${ELASTICSEARCH_ENABLE:-true}
 if [ "$ELASTICSEARCH_ENABLE" == "true" ]; then
-   # Elasticsearch ServiceMonitor
-   kubectl apply -n "$LOG_NS" -f monitoring/monitors/logging/serviceMonitor-elasticsearch.yaml
+    # Elasticsearch ServiceMonitor
+    kubectl apply -n "$LOG_NS" -f monitoring/monitors/logging/serviceMonitor-elasticsearch.yaml
 fi
 
 FLUENT_BIT_ENABLED=${FLUENT_BIT_ENABLED:-true}
 if [ "$FLUENT_BIT_ENABLED" == "true" ]; then
-   # Fluent Bit ServiceMonitors
-   kubectl apply -n "$LOG_NS" -f monitoring/monitors/logging/serviceMonitor-fluent-bit-v2.yaml
+    # Fluent Bit ServiceMonitors
+    kubectl apply -n "$LOG_NS" -f monitoring/monitors/logging/serviceMonitor-fluent-bit-v2.yaml
 fi
 
 log_info "ServiceMonitors have been deployed."
diff logging/bin/offboard.sh.orig logging/bin/offboard.sh
--- logging/bin/offboard.sh.orig
+++ logging/bin/offboard.sh
@@ -12,73 +12,69 @@
 
 this_script=$(basename "$0")
 
-
 function show_usage {
-  log_message  "Usage: $this_script --namespace NAMESPACE [--tenant TENANT] [OPTIONS]"
-  log_message  ""
-  log_message  "'Offboards' either the specified SAS Viya deployment (namespace) or the specified tenant within that deployment.  This removes the ability to limit admins to the SAS Viya deployment (or a single tenant within a given deployment)."
-  log_message  "The offboarding process deletes the security access controls and the associated OpenSearch Dashboards tenant space (including any saved OpenSearch Dashboards content (e.g. visualizations, dashboards, etc.)."
-  log_message  ""
-  log_message  "    Arguments:"
-  log_message  "     -ns, --namespace   NAMESPACE - (Required) The SAS Viya deployment/Kubernetes Namespace to which access should be removed."
-  log_message  "     -t,  --tenant      TENANT    - (Optional) The tenant within the specific SAS Viya deployment/Kubernetes Namespace to which access should be removed."
-  log_message  ""
-  #log_message  "    Options:"
-  #log_message  ""
+    log_message "Usage: $this_script --namespace NAMESPACE [--tenant TENANT] [OPTIONS]"
+    log_message ""
+    log_message "'Offboards' either the specified SAS Viya deployment (namespace) or the specified tenant within that deployment.  This removes the ability to limit admins to the SAS Viya deployment (or a single tenant within a given deployment)."
+    log_message "The offboarding process deletes the security access controls and the associated OpenSearch Dashboards tenant space (including any saved OpenSearch Dashboards content (e.g. visualizations, dashboards, etc.)."
+    log_message ""
+    log_message "    Arguments:"
+    log_message "     -ns, --namespace   NAMESPACE - (Required) The SAS Viya deployment/Kubernetes Namespace to which access should be removed."
+    log_message "     -t,  --tenant      TENANT    - (Optional) The tenant within the specific SAS Viya deployment/Kubernetes Namespace to which access should be removed."
+    log_message ""
+    #log_message  "    Options:"
+    #log_message  ""
 }
 
-
 # set flag indicating wrapper/driver script being run
 export LOGGING_DRIVER=true
 
-
 #
 #Handle arguments and parameters
 #
 POS_PARMS=""
 
-while (( "$#" )); do
-  case "$1" in
-    -ns|--namespace)
-      if [ -n "$2" ] && [ "${2:0:1}" != "-" ]; then
-        namespace=$2
-        shift 2
-      else
-        log_error "A value for parameter [NAMESPACE] has not been provided." >&2
-        show_usage
-        exit 2
-      fi
-      ;;
-    -t|--tenant)
-      if [ -n "$2" ] && [ "${2:0:1}" != "-" ]; then
-        tenant=$2
-        shift 2
-      else
-        log_error "A value for parameter [TENANT] has not been provided." >&2
-        show_usage
-        exit 2
-      fi
-      ;;
-    -h|--help)
-      show_usage
-      exit
-      ;;
-    --*=|-*) # unsupported flags
-      log_error "Unsupported flag $1" >&2
-      show_usage
-      exit 1
-      ;;
+while (("$#")); do
+    case "$1" in
+    -ns | --namespace)
+        if [ -n "$2" ] && [ "${2:0:1}" != "-" ]; then
+            namespace=$2
+            shift 2
+        else
+            log_error "A value for parameter [NAMESPACE] has not been provided." >&2
+            show_usage
+            exit 2
+        fi
+        ;;
+    -t | --tenant)
+        if [ -n "$2" ] && [ "${2:0:1}" != "-" ]; then
+            tenant=$2
+            shift 2
+        else
+            log_error "A value for parameter [TENANT] has not been provided." >&2
+            show_usage
+            exit 2
+        fi
+        ;;
+    -h | --help)
+        show_usage
+        exit
+        ;;
+    --*= | -*) # unsupported flags
+        log_error "Unsupported flag $1" >&2
+        show_usage
+        exit 1
+        ;;
     *) # preserve positional arguments
-      POS_PARMS="$POS_PARMS $1"
-      shift
-      ;;
-  esac
+        POS_PARMS="$POS_PARMS $1"
+        shift
+        ;;
+    esac
 done
 
 # set positional arguments in their proper place
 eval set -- "$POS_PARMS"
 
-
 # No positional parameters are supported
 if [ "$#" -ge 1 ]; then
     log_error "Unexpected additional arguments were found; exiting."
@@ -87,26 +83,26 @@
 fi
 
 # Convert namespace and tenant to all lower-case
-namespace=$(echo "$namespace"| tr '[:upper:]' '[:lower:]')
-tenant=$(echo "$tenant"| tr '[:upper:]' '[:lower:]')
+namespace=$(echo "$namespace" | tr '[:upper:]' '[:lower:]')
+tenant=$(echo "$tenant" | tr '[:upper:]' '[:lower:]')
 
 # validation of input args
 if [ "$namespace" == "global" ]; then
-   log_error "Invalid namespace value specified; you can NOT offboard the [global] namespace."
-   exit 1
+    log_error "Invalid namespace value specified; you can NOT offboard the [global] namespace."
+    exit 1
 fi
 
 validateNamespace "$namespace"
 
 if [ -n "$tenant" ]; then
-   validateTenantID "$tenant"
-
-   nst="${namespace}_${tenant}"
-   index_nst="${namespace}-__${tenant}__"
-else
-   nst="$namespace"
-   # shellcheck disable=SC2034
-   index_nst="${namespace}"
+    validateTenantID "$tenant"
+
+    nst="${namespace}_${tenant}"
+    index_nst="${namespace}-__${tenant}__"
+else
+    nst="$namespace"
+    # shellcheck disable=SC2034
+    index_nst="${namespace}"
 fi
 
 # OpenSearch Dashboards tenant space
@@ -113,12 +109,12 @@
 ktenant=$nst
 
 if [ -n "$tenant" ]; then
-   tenant_description="An OpenSearch Dashboards tenant space for tenant [$tenant] within SAS Viya deployment (namespace) [$namespace]."
-   log_notice "Offboarding tenant [$tenant] within namespace [$namespace] [$(date)]"
-else
-   # shellcheck disable=SC2034
-   tenant_description="An OpenSearch Dashboards tenant space for SAS Viya deployment (namespace) [$namespace]."
-   log_notice "Offboarding namespace [$namespace] [$(date)]"
+    tenant_description="An OpenSearch Dashboards tenant space for tenant [$tenant] within SAS Viya deployment (namespace) [$namespace]."
+    log_notice "Offboarding tenant [$tenant] within namespace [$namespace] [$(date)]"
+else
+    # shellcheck disable=SC2034
+    tenant_description="An OpenSearch Dashboards tenant space for SAS Viya deployment (namespace) [$namespace]."
+    log_notice "Offboarding namespace [$namespace] [$(date)]"
 fi
 
 #
@@ -136,36 +132,35 @@
 
 # Delete OpenSearch Dashboards tenant space (if it exists)
 if kibana_tenant_exists "$ktenant"; then
-   delete_kibana_tenant "$ktenant"
-   rc=$?
-   if [ "$rc" == "0" ]; then
-      add_notice "                                                      "
-      add_notice "   The OpenSearch Dashboards tenant space [$ktenant] has been deleted.   "
-      add_notice "                                                      "
-   else
-      log_error "Problems were encountered while attempting to delete tenant space [$ktenant]."
-      exit 1
-   fi
-else
-   log_warn "The OpenSearch Dashboards tenant space [$ktenant] does not exist and, therefore, could not be deleted."
+    delete_kibana_tenant "$ktenant"
+    rc=$?
+    if [ "$rc" == "0" ]; then
+        add_notice "                                                      "
+        add_notice "   The OpenSearch Dashboards tenant space [$ktenant] has been deleted.   "
+        add_notice "                                                      "
+    else
+        log_error "Problems were encountered while attempting to delete tenant space [$ktenant]."
+        exit 1
+    fi
+else
+    log_warn "The OpenSearch Dashboards tenant space [$ktenant] does not exist and, therefore, could not be deleted."
 fi
 
 # Delete ES index containing tenant content
-kibana_index_name=".kibana_*_$(echo "$ktenant"|tr -d _)"
-response=$(curl -s -o /dev/null -w "%{http_code}" -XDELETE "${es_api_url}/$kibana_index_name"  --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)
-if [[ $response == 2* ]]; then
-   log_info "Deleted index [$kibana_index_name]. [$response]"
-else
-   log_warn "There was an issue deleting the index [$kibana_index_name] holding content related to OpenSearch Dashboards tenant space [$ktenant]. You may need to manually delete this index. [$response]"
-fi
-
-response=$(curl -s -o /dev/null -w "%{http_code}" -XDELETE "${es_api_url}/${kibana_index_name}_*"  --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)
-if [[ $response == 2* ]]; then
-   log_info "Deleted index [${kibana_index_name}_*]. [$response]"
-else
-   log_warn "There was an issue deleting the index [${kibana_index_name}_*] holding content related to OpenSearch Dashboards tenant space [$ktenant]. You may need to manually delete this index. [$response]"
-fi
-
+kibana_index_name=".kibana_*_$(echo "$ktenant" | tr -d _)"
+response=$(curl -s -o /dev/null -w "%{http_code}" -XDELETE "${es_api_url}/$kibana_index_name" --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)
+if [[ $response == 2* ]]; then
+    log_info "Deleted index [$kibana_index_name]. [$response]"
+else
+    log_warn "There was an issue deleting the index [$kibana_index_name] holding content related to OpenSearch Dashboards tenant space [$ktenant]. You may need to manually delete this index. [$response]"
+fi
+
+response=$(curl -s -o /dev/null -w "%{http_code}" -XDELETE "${es_api_url}/${kibana_index_name}_*" --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)
+if [[ $response == 2* ]]; then
+    log_info "Deleted index [${kibana_index_name}_*]. [$response]"
+else
+    log_warn "There was an issue deleting the index [${kibana_index_name}_*] holding content related to OpenSearch Dashboards tenant space [$ktenant]. You may need to manually delete this index. [$response]"
+fi
 
 # Delete access controls
 ./logging/bin/security_delete_rbac.sh "$namespace" "$tenant"
@@ -173,8 +168,8 @@
 # Delete Grafana Datasource utility user (if exists)
 grfds_user="${nst}_grafana_ds"
 if user_exists "$grfds_user"; then
-   log_verbose "Removing the [$grfds_user] utility account."
-   delete_user "$grfds_user"
+    log_verbose "Removing the [$grfds_user] utility account."
+    delete_user "$grfds_user"
 fi
 
 # Reminder that users are not deleted
@@ -182,7 +177,7 @@
 add_notice "   The off-boarding process does NOT remove any users.  If there "
 add_notice "   are users which are no longer needed after off-boarding the   "
 if [ -n "$tenant" ]; then
-   add_notice "   tenant [$tenant] within the                                   "
+    add_notice "   tenant [$tenant] within the                                   "
 fi
 add_notice "   SAS Viya deployment/namespace of [$namespace]                     "
 add_notice "   you must delete those users manually, either through the      "
@@ -199,7 +194,7 @@
 
 # Exit with an overall success/failure message
 if [ -n "$tenant" ]; then
-  log_notice "Successfully offboarded tenant [$tenant] within namespace [$namespace] [$(date)]"
-else
-  log_notice "Successfully offboarded namespace [$namespace] [$(date)]"
+    log_notice "Successfully offboarded tenant [$tenant] within namespace [$namespace] [$(date)]"
+else
+    log_notice "Successfully offboarded namespace [$namespace] [$(date)]"
 fi
diff logging/bin/onboard.sh.orig logging/bin/onboard.sh
--- logging/bin/onboard.sh.orig
+++ logging/bin/onboard.sh
@@ -12,24 +12,22 @@
 
 this_script=$(basename "$0")
 
-
 function show_usage {
-  log_message  "Usage: $this_script --namespace NAMESPACE [--tenant TENANT] [OPTIONS]"
-  log_message  ""
-  log_message  "'Onboards' a SAS Viya deployment (namespace) or a specific tenant within that deployment.  This process allows admins responsible for a SAS Viya deployment (or a single tenant within a given deployment) to work with log messages collected from the deployment (or tenant within the deployment)."
-  log_message  "The onboarding process creates the security access controls and, optionally, an initial user granted access.  In addition, an OpenSearch Dashboards tenant space is created and populated with an initial set of OpenSearch Dashboards content (e.g. visualizations, dashboards, etc.)."
-  log_message  ""
-  log_message  "    Arguments:"
-  log_message  "     -ns, --namespace   NAMESPACE - (Required) The SAS Viya deployment/Kubernetes Namespace to 'on-board' or the namespace in which the tenant to 'on-board' resides."
-  log_message  "     -t,  --tenant      TENANT    - (Optional) The tenant within the specified SAS Viya deployment/Kubernetes Namespace to 'on-board'."
-  log_message  ""
-  log_message  "    Options:"
-  log_message  "        -u, --user [USER]           - Create an initial user with access to this OpenSearch Dashboards tenant space. User name is optional, by default its name will combine the OpenSearch Dashboards tenant space name with '_admin'."
-  log_message  "        -p, --password PASSWORD     - Password for the initial user."
-  log_message  ""
+    log_message "Usage: $this_script --namespace NAMESPACE [--tenant TENANT] [OPTIONS]"
+    log_message ""
+    log_message "'Onboards' a SAS Viya deployment (namespace) or a specific tenant within that deployment.  This process allows admins responsible for a SAS Viya deployment (or a single tenant within a given deployment) to work with log messages collected from the deployment (or tenant within the deployment)."
+    log_message "The onboarding process creates the security access controls and, optionally, an initial user granted access.  In addition, an OpenSearch Dashboards tenant space is created and populated with an initial set of OpenSearch Dashboards content (e.g. visualizations, dashboards, etc.)."
+    log_message ""
+    log_message "    Arguments:"
+    log_message "     -ns, --namespace   NAMESPACE - (Required) The SAS Viya deployment/Kubernetes Namespace to 'on-board' or the namespace in which the tenant to 'on-board' resides."
+    log_message "     -t,  --tenant      TENANT    - (Optional) The tenant within the specified SAS Viya deployment/Kubernetes Namespace to 'on-board'."
+    log_message ""
+    log_message "    Options:"
+    log_message "        -u, --user [USER]           - Create an initial user with access to this OpenSearch Dashboards tenant space. User name is optional, by default its name will combine the OpenSearch Dashboards tenant space name with '_admin'."
+    log_message "        -p, --password PASSWORD     - Password for the initial user."
+    log_message ""
 }
 
-
 # set flag indicating wrapper/driver script being run
 export LOGGING_DRIVER=true
 
@@ -41,69 +39,68 @@
 #
 POS_PARMS=""
 
-while (( "$#" )); do
-  case "$1" in
-    -ns|--namespace)
-      if [ -n "$2" ] && [ "${2:0:1}" != "-" ]; then
-        namespace=$2
-        shift 2
-      else
-        log_error "A value for parameter [NAMESPACE] has not been provided." >&2
-        show_usage
-        exit 2
-      fi
-      ;;
-    -t|--tenant)
-      if [ -n "$2" ] && [ "${2:0:1}" != "-" ]; then
-        tenant=$2
-        shift 2
-      else
-        log_error "A value for parameter [TENANT] has not been provided." >&2
-        show_usage
-        exit 2
-      fi
-      ;;
-    -u|--user)
-      if [ -n "$2" ] && [ "${2:0:1}" != "-" ]; then
-        createuser=true
-        inituser=$2
-        shift 2
-      else
-        # no initial user name provided, assign default name
-        createuser=true
-        shift 1
-      fi
-      ;;
-    -p|--password)
-      if [ -n "$2" ] && [ "${2:0:1}" != "-" ]; then
-        initpasswd=$2
-        shift 2
-      else
-        log_error "A value for parameter [PASSWORD] has not been provided." >&2
-        show_usage
-        exit 2
-      fi
-      ;;
-    -h|--help)
-      show_usage
-      exit
-      ;;
-    -*|--*=) # unsupported flags
-      log_error "Unsupported flag $1" >&2
-      show_usage
-      exit 1
-      ;;
+while (("$#")); do
+    case "$1" in
+    -ns | --namespace)
+        if [ -n "$2" ] && [ "${2:0:1}" != "-" ]; then
+            namespace=$2
+            shift 2
+        else
+            log_error "A value for parameter [NAMESPACE] has not been provided." >&2
+            show_usage
+            exit 2
+        fi
+        ;;
+    -t | --tenant)
+        if [ -n "$2" ] && [ "${2:0:1}" != "-" ]; then
+            tenant=$2
+            shift 2
+        else
+            log_error "A value for parameter [TENANT] has not been provided." >&2
+            show_usage
+            exit 2
+        fi
+        ;;
+    -u | --user)
+        if [ -n "$2" ] && [ "${2:0:1}" != "-" ]; then
+            createuser=true
+            inituser=$2
+            shift 2
+        else
+            # no initial user name provided, assign default name
+            createuser=true
+            shift 1
+        fi
+        ;;
+    -p | --password)
+        if [ -n "$2" ] && [ "${2:0:1}" != "-" ]; then
+            initpasswd=$2
+            shift 2
+        else
+            log_error "A value for parameter [PASSWORD] has not been provided." >&2
+            show_usage
+            exit 2
+        fi
+        ;;
+    -h | --help)
+        show_usage
+        exit
+        ;;
+    -* | --*=) # unsupported flags
+        log_error "Unsupported flag $1" >&2
+        show_usage
+        exit 1
+        ;;
     *) # preserve positional arguments
-      POS_PARMS="$POS_PARMS $1"
-      shift
-      ;;
-  esac
+        POS_PARMS="$POS_PARMS $1"
+        shift
+        ;;
+    esac
 done
 
 # set positional arguments in their proper place
 eval set -- "$POS_PARMS"
 
-
 # No positional parameters (other than ACTION) are supported
 if [ "$#" -ge 1 ]; then
     log_error "Unexpected additional arguments were found; exiting."
@@ -112,26 +109,26 @@
 fi
 
 # Convert namespace and tenant to all lower-case
-namespace=$(echo "$namespace"| tr '[:upper:]' '[:lower:]')
-tenant=$(echo "$tenant"| tr '[:upper:]' '[:lower:]')
+namespace=$(echo "$namespace" | tr '[:upper:]' '[:lower:]')
+tenant=$(echo "$tenant" | tr '[:upper:]' '[:lower:]')
 
 # validation of input args
 if [ "$namespace" == "global" ]; then
-   log_error "Invalid namespace value specified; you can NOT onboard the [global] namespace."
-   exit 1
+    log_error "Invalid namespace value specified; you can NOT onboard the [global] namespace."
+    exit 1
 fi
 
 validateNamespace "$namespace"
 
 if [ -n "$tenant" ]; then
-   validateTenantID "$tenant"
-
-   nst="${namespace}_${tenant}"
-   index_nst="${namespace}-__${tenant}__"
-else
-   nst="$namespace"
-   # shellcheck disable=SC2034
-   index_nst="${namespace}"
+    validateTenantID "$tenant"
+
+    nst="${namespace}_${tenant}"
+    index_nst="${namespace}-__${tenant}__"
+else
+    nst="$namespace"
+    # shellcheck disable=SC2034
+    index_nst="${namespace}"
 fi
 
 #FUTURE: Allow user to specify OpenSearch Dashboards tenant space name?
@@ -138,11 +135,11 @@
 ktenant=$nst
 
 if [ -n "$tenant" ]; then
-   tenant_description="An OpenSearch Dashboards tenant space for tenant [$tenant] within SAS Viya deployment (namespace) [$namespace]."
-   log_notice "Onboarding tenant [$tenant] within namespace [$namespace] [$(date)]"
-else
-   tenant_description="An OpenSearch Dashboards tenant space for SAS Viya deployment (namespace) [$namespace]."
-   log_notice "Onboarding namespace [$namespace] [$(date)]"
+    tenant_description="An OpenSearch Dashboards tenant space for tenant [$tenant] within SAS Viya deployment (namespace) [$namespace]."
+    log_notice "Onboarding tenant [$tenant] within namespace [$namespace] [$(date)]"
+else
+    tenant_description="An OpenSearch Dashboards tenant space for SAS Viya deployment (namespace) [$namespace]."
+    log_notice "Onboarding namespace [$namespace] [$(date)]"
 fi
 
 #
@@ -157,19 +154,19 @@
 
 # Create OpenSearch Dashboards tenant space (if it doesn't exist)
 if ! kibana_tenant_exists "$ktenant"; then
-   create_kibana_tenant "$ktenant" "$tenant_description"
-   rc=$?
-   if [ "$rc" == "0" ]; then
-      add_notice "                                                      "
-      add_notice "   The OpenSearch Dashboards tenant space [$ktenant] was created.   "
-      add_notice "                                                      "
-   else
-      log_error "Problems were encountered while attempting to create tenant space [$ktenant]."
-      exit 1
-   fi
-else
-   log_error "A OpenSearch Dashboards tenant space [$ktenant] already exists."
-   exit 1
+    create_kibana_tenant "$ktenant" "$tenant_description"
+    rc=$?
+    if [ "$rc" == "0" ]; then
+        add_notice "                                                      "
+        add_notice "   The OpenSearch Dashboards tenant space [$ktenant] was created.   "
+        add_notice "                                                      "
+    else
+        log_error "Problems were encountered while attempting to create tenant space [$ktenant]."
+        exit 1
+    fi
+else
+    log_error "A OpenSearch Dashboards tenant space [$ktenant] already exists."
+    exit 1
 fi
 
 # get KIBANA API URL
@@ -179,22 +176,22 @@
 ./logging/bin/import_osd_content.sh logging/osd/common "$ktenant"
 
 if [ -z "$tenant" ]; then
-   ./logging/bin/import_osd_content.sh logging/osd/namespace "$ktenant"
-else
-   ./logging/bin/import_osd_content.sh logging/osd/tenant    "$ktenant"
+    ./logging/bin/import_osd_content.sh logging/osd/namespace "$ktenant"
+else
+    ./logging/bin/import_osd_content.sh logging/osd/tenant "$ktenant"
 fi
 
 if [ -d "$USER_DIR/logging/osd" ] && [ "$USER_DIR" != "$(pwd)" ]; then
 
-   export IGNORE_NOT_FOUND="true"
-   ./logging/bin/import_osd_content.sh "$USER_DIR"/logging/osd/common "$ktenant"
-
-   if [ -z "$tenant" ]; then
-      ./logging/bin/import_osd_content.sh "$USER_DIR"/logging/osd/namespace "$ktenant"
-   else
-      ./logging/bin/import_osd_content.sh "$USER_DIR"/logging/osd/tenant    "$ktenant"
-   fi
-   unset IGNORE_NOT_FOUND
+    export IGNORE_NOT_FOUND="true"
+    ./logging/bin/import_osd_content.sh "$USER_DIR"/logging/osd/common "$ktenant"
+
+    if [ -z "$tenant" ]; then
+        ./logging/bin/import_osd_content.sh "$USER_DIR"/logging/osd/namespace "$ktenant"
+    else
+        ./logging/bin/import_osd_content.sh "$USER_DIR"/logging/osd/tenant "$ktenant"
+    fi
+    unset IGNORE_NOT_FOUND
 fi
 
 # Create access controls
@@ -203,32 +200,32 @@
 # Create an initial user
 if [ "$createuser" == "true" ]; then
 
-   if [ -z "$inituser" ]; then
-      inituser="${ktenant}_admin"
-
-   else
-      log_debug "Initial user name [$inituser] provided."
-   fi
-
-   if [ -n "$initpasswd" ]; then
-      passwdarg="-p $initpasswd"
-   else
-      passwdarg=""
-   fi
-
-   if user_exists "$inituser"; then
-      log_warn "A user with the requested user name of  [$inituser] already exists; the initial user account you requested was NOT created."
-      log_warn "This existing user may have completely different access controls than you intended for the initial user."
-      log_warn "You can create a new user with the appropriate access controls by calling the logging/bin/user.sh script directly."
-   else
-      if [ -z "$tenant" ]; then
-         ./logging/bin/user.sh CREATE -ns "$namespace" -u "$inituser" "$passwdarg"
-      else
-         ./logging/bin/user.sh CREATE -ns "$namespace" -t "$tenant" -u "$inituser" "$passwdarg"
-      fi
-   fi
-else
-   log_debug "An initial user will NOT be created."
+    if [ -z "$inituser" ]; then
+        inituser="${ktenant}_admin"
+
+    else
+        log_debug "Initial user name [$inituser] provided."
+    fi
+
+    if [ -n "$initpasswd" ]; then
+        passwdarg="-p $initpasswd"
+    else
+        passwdarg=""
+    fi
+
+    if user_exists "$inituser"; then
+        log_warn "A user with the requested user name of  [$inituser] already exists; the initial user account you requested was NOT created."
+        log_warn "This existing user may have completely different access controls than you intended for the initial user."
+        log_warn "You can create a new user with the appropriate access controls by calling the logging/bin/user.sh script directly."
+    else
+        if [ -z "$tenant" ]; then
+            ./logging/bin/user.sh CREATE -ns "$namespace" -u "$inituser" "$passwdarg"
+        else
+            ./logging/bin/user.sh CREATE -ns "$namespace" -t "$tenant" -u "$inituser" "$passwdarg"
+        fi
+    fi
+else
+    log_debug "An initial user will NOT be created."
 fi
 
 # Write any "notices" to console
@@ -241,7 +238,7 @@
 
 # Exit with an overall success/failure message
 if [ -n "$tenant" ]; then
-  log_notice "Successfully onboarded tenant [$tenant] within namespace [$namespace] [$(date)]"
-else
-  log_notice "Successfully onboarded namespace [$namespace] [$(date)]"
+    log_notice "Successfully onboarded tenant [$tenant] within namespace [$namespace] [$(date)]"
+else
+    log_notice "Successfully onboarded namespace [$namespace] [$(date)]"
 fi
diff logging/bin/remove_eventrouter.sh.orig logging/bin/remove_eventrouter.sh
--- logging/bin/remove_eventrouter.sh.orig
+++ logging/bin/remove_eventrouter.sh
@@ -17,21 +17,20 @@
 
 # Replace placeholders
 log_debug "Replacing logging namespace for files in [$logDir]"
-  if echo "$OSTYPE" | grep 'darwin' > /dev/null 2>&1; then
+if echo "$OSTYPE" | grep 'darwin' > /dev/null 2>&1; then
     sed -i '' "s/__LOG_NS__/$LOG_NS/g" "$logDir"/eventrouter.yaml
-  else
+else
     sed -i "s/__LOG_NS__/$LOG_NS/g" "$logDir"/eventrouter.yaml
-  fi
+fi
 
 log_info "Removing Event Router [$(date)]"
 # Remove existing instance of Event Router in the kube-system namespace (if present).
 if [[ $V4M_CURRENT_VERSION_FULL =~ 1.0 || $V4M_CURRENT_VERSION_FULL =~ 1.1.[0-2] ]]; then
-   # Remove existing instance of Event Router in the kube-system namespace (if present).
-   log_info "Removing instance of Event Router in the kube-system namespace"
-   kubectl delete --ignore-not-found -f logging/eventrouter/eventrouter_kubesystem.yaml
-else
-  kubectl delete --ignore-not-found -f "$logDir"/eventrouter.yaml
+    # Remove existing instance of Event Router in the kube-system namespace (if present).
+    log_info "Removing instance of Event Router in the kube-system namespace"
+    kubectl delete --ignore-not-found -f logging/eventrouter/eventrouter_kubesystem.yaml
+else
+    kubectl delete --ignore-not-found -f "$logDir"/eventrouter.yaml
 fi
 
 log_debug "Script [$this_script] has completed [$(date)]"
-
diff logging/bin/remove_logging_azmonitor.sh.orig logging/bin/remove_logging_azmonitor.sh
--- logging/bin/remove_logging_azmonitor.sh.orig
+++ logging/bin/remove_logging_azmonitor.sh
@@ -15,16 +15,15 @@
 log_info "Removing eventrouter..."
 logging/bin/remove_eventrouter.sh
 
-
 if [ "$LOG_DELETE_NAMESPACE_ON_REMOVE" == "true" ]; then
-  log_info "Deleting the [$LOG_NS] namespace..."
-  if kubectl delete namespace "$LOG_NS" --timeout "$KUBE_NAMESPACE_DELETE_TIMEOUT"; then
-    log_info "[$LOG_NS] namespace and logging components successfully removed"
-    exit 0
-  else
-    log_error "Unable to delete the [$LOG_NS] namespace"
-    exit 1
-  fi
+    log_info "Deleting the [$LOG_NS] namespace..."
+    if kubectl delete namespace "$LOG_NS" --timeout "$KUBE_NAMESPACE_DELETE_TIMEOUT"; then
+        log_info "[$LOG_NS] namespace and logging components successfully removed"
+        exit 0
+    else
+        log_error "Unable to delete the [$LOG_NS] namespace"
+        exit 1
+    fi
 fi
 
 log_info "Removing components from the [$LOG_NS] namespace..."
@@ -33,23 +32,21 @@
 sleep 60
 
 log_info "Checking contents of the [$LOG_NS] namespace:"
-crds=( secrets all )
+crds=(secrets all)
 empty="true"
-for crd in "${crds[@]}"
-do
-	out=$(kubectl get -n "$LOG_NS" "$crd" 2>&1)
-  if [[ "$out" =~ 'No resources found' ]]; then
-    :
-  else
-    empty="false"
-    log_warn "Found [$crd] resources in the [$LOG_NS] namespace:"
-    echo "$out"
-  fi
+for crd in "${crds[@]}"; do
+    out=$(kubectl get -n "$LOG_NS" "$crd" 2>&1)
+    if [[ $out =~ 'No resources found' ]]; then
+        :
+    else
+        empty="false"
+        log_warn "Found [$crd] resources in the [$LOG_NS] namespace:"
+        echo "$out"
+    fi
 done
 if [ "$empty" == "true" ]; then
-  log_info "  The [$LOG_NS] namespace is empty and should be safe to delete."
+    log_info "  The [$LOG_NS] namespace is empty and should be safe to delete."
 else
-  log_warn "  The [$LOG_NS] namespace is not empty."
-  log_warn "  Examine the resources above before deleting the namespace."
-fi
-
+    log_warn "  The [$LOG_NS] namespace is not empty."
+    log_warn "  Examine the resources above before deleting the namespace."
+fi
diff logging/bin/remove_servicemonitors_openshift.sh.orig logging/bin/remove_servicemonitors_openshift.sh
--- logging/bin/remove_servicemonitors_openshift.sh.orig
+++ logging/bin/remove_servicemonitors_openshift.sh
@@ -14,26 +14,26 @@
 DEPLOY_SERVICEMONITORS=${DEPLOY_SERVICEMONITORS:-false}
 
 if [ "$DEPLOY_SERVICEMONITORS" != "true" ]; then
-  log_info "Environment variable [DEPLOY_SERVICEMONITORS] is not set to 'true'; exiting b/c ServiceMonitors were not deployed."
-  exit
+    log_info "Environment variable [DEPLOY_SERVICEMONITORS] is not set to 'true'; exiting b/c ServiceMonitors were not deployed."
+    exit
 fi
 
 EVENTROUTER_ENABLE=${EVENTROUTER_ENABLE:-true}
 if [ "$EVENTROUTER_ENABLE" == "true" ]; then
-   # Eventrouter ServiceMonitor
-   kubectl delete --ignore-not-found -n "$LOG_NS" -f monitoring/monitors/kube/podMonitor-eventrouter.yaml
+    # Eventrouter ServiceMonitor
+    kubectl delete --ignore-not-found -n "$LOG_NS" -f monitoring/monitors/kube/podMonitor-eventrouter.yaml
 fi
 
 ELASTICSEARCH_ENABLE=${ELASTICSEARCH_ENABLE:-true}
 if [ "$ELASTICSEARCH_ENABLE" == "true" ]; then
-   # Elasticsearch ServiceMonitor
-   kubectl delete --ignore-not-found -n "$LOG_NS" -f monitoring/monitors/logging/serviceMonitor-elasticsearch.yaml
+    # Elasticsearch ServiceMonitor
+    kubectl delete --ignore-not-found -n "$LOG_NS" -f monitoring/monitors/logging/serviceMonitor-elasticsearch.yaml
 fi
 
 FLUENT_BIT_ENABLED=${FLUENT_BIT_ENABLED:-true}
 if [ "$FLUENT_BIT_ENABLED" == "true" ]; then
-   # Fluent Bit ServiceMonitors
-   kubectl delete --ignore-not-found -n "$LOG_NS" -f monitoring/monitors/logging/serviceMonitor-fluent-bit-v2.yaml
+    # Fluent Bit ServiceMonitors
+    kubectl delete --ignore-not-found -n "$LOG_NS" -f monitoring/monitors/logging/serviceMonitor-fluent-bit-v2.yaml
 fi
 
 log_info "ServiceMonitors have been removed."
diff logging/bin/security_create_rbac.sh.orig logging/bin/security_create_rbac.sh
--- logging/bin/security_create_rbac.sh.orig
+++ logging/bin/security_create_rbac.sh
@@ -30,16 +30,15 @@
 source logging/bin/rbac-include.sh
 source logging/bin/apiaccess-include.sh
 
-
 function show_usage {
-  log_message  "Usage: $this_script NAMESPACE [TENANT]"
-  log_message  ""
-  log_message  "Creates access controls (e.g. roles, role-mappings, etc.) to limit access to the specified namespace and, optionally, the specified tenant within that namespace."
-  log_message  ""
-  log_message  "        NAMESPACE - (Required) The SAS Viya deployment/Kubernetes Namespace for which access controls should be created"
-  log_message  ""
-  log_message  "        TENANT    - (Optional) The tenant with the SAS Viya deployment/Kubernetes Namespace for which access controls should be created"
-  log_message  ""
+    log_message "Usage: $this_script NAMESPACE [TENANT]"
+    log_message ""
+    log_message "Creates access controls (e.g. roles, role-mappings, etc.) to limit access to the specified namespace and, optionally, the specified tenant within that namespace."
+    log_message ""
+    log_message "        NAMESPACE - (Required) The SAS Viya deployment/Kubernetes Namespace for which access controls should be created"
+    log_message ""
+    log_message "        TENANT    - (Optional) The tenant with the SAS Viya deployment/Kubernetes Namespace for which access controls should be created"
+    log_message ""
 }
 
 #TO DO: Move to named args
@@ -48,15 +47,15 @@
 tenant=${2}
 
 # Convert namespace and tenant to all lower-case
-namespace=$(echo "$namespace"| tr '[:upper:]' '[:lower:]')
-tenant=$(echo "$tenant"| tr '[:upper:]' '[:lower:]')
+namespace=$(echo "$namespace" | tr '[:upper:]' '[:lower:]')
+tenant=$(echo "$tenant" | tr '[:upper:]' '[:lower:]')
 
 if [ "$namespace" == "_all_" ] && [ "$tenant" == "_all_" ]; then
-   log_debug "All cluster access RBACs requested"
-   cluster="true"
-else
-   cluster="false"
-   log_debug "namespace: $namespace tenant: $tenant"
+    log_debug "All cluster access RBACs requested"
+    cluster="true"
+else
+    cluster="false"
+    log_debug "namespace: $namespace tenant: $tenant"
 fi
 
 create_ktenant_roles=${CREATE_KTENANT_ROLE:-true}
@@ -63,58 +62,58 @@
 
 if [ "$cluster" == "true" ]; then
 
-   # creating cluster-wide RBACs
-   INDEX_PREFIX=viya_logs
-   INDEX_NST="*"
-   ROLENAME=search_index_-ALL-
-   BE_ROLENAME=V4MCLUSTER_ADMIN_kibana_users
-   NST="cluster_admins"
-   BE_GFDS_ROLENAME=V4MCLUSTER_ADMIN_grafana_dsusers
-   index_role_template="index_role_allcluster.json"
-   kibana_tenant_role_template="kibana_tenant_clusteradmins_role.json"
-
-else
-   # creating namespace or tenant limited RBACs
-   if [ -z "$namespace" ]; then
-     log_error "Required argument NAMESPACE not specified"
-     echo  ""
-     show_usage
-     exit 1
-   elif [[ "$namespace" =~ -H|--HELP|-h|--help ]]; then
-    show_usage
-    exit
-   fi
-
-   validateNamespace "$namespace"
-
-   if [[ "$tenant" =~ -H|--HELP|-h|--help ]]; then
-      show_usage
-      exit
-   elif [ -n "$tenant" ]; then
-
-      validateTenantID "$tenant"
-
-      NST="${namespace}_${tenant}"
-      INDEX_NST="${namespace}-__${tenant}__"
-   else
-      NST="$namespace"
-      INDEX_NST="${namespace}"
-   fi
-
-   if [ -n "$tenant" ]; then
-     log_notice "Creating access controls for tenant [$tenant] within namespace [$namespace] [$(date)]"
-   else
-     log_notice "Creating access controls for namespace [$namespace] [$(date)]"
-   fi
-
-   INDEX_PREFIX=viya_logs
-   ROLENAME=search_index_$NST
-   BE_ROLENAME=${NST}_kibana_users
-   BE_GFDS_ROLENAME=${NST}_grafana_dsusers
-   index_role_template="index_role.json"
-   kibana_tenant_role_template="kibana_tenant_limited_role.json"
-
-   log_debug "NST: $NST TENANT: $tenant NAMESPACE: $namespace ROLENAME: $ROLENAME"
+    # creating cluster-wide RBACs
+    INDEX_PREFIX=viya_logs
+    INDEX_NST="*"
+    ROLENAME=search_index_-ALL-
+    BE_ROLENAME=V4MCLUSTER_ADMIN_kibana_users
+    NST="cluster_admins"
+    BE_GFDS_ROLENAME=V4MCLUSTER_ADMIN_grafana_dsusers
+    index_role_template="index_role_allcluster.json"
+    kibana_tenant_role_template="kibana_tenant_clusteradmins_role.json"
+
+else
+    # creating namespace or tenant limited RBACs
+    if [ -z "$namespace" ]; then
+        log_error "Required argument NAMESPACE not specified"
+        echo ""
+        show_usage
+        exit 1
+    elif [[ $namespace =~ -H|--HELP|-h|--help ]]; then
+        show_usage
+        exit
+    fi
+
+    validateNamespace "$namespace"
+
+    if [[ $tenant =~ -H|--HELP|-h|--help ]]; then
+        show_usage
+        exit
+    elif [ -n "$tenant" ]; then
+
+        validateTenantID "$tenant"
+
+        NST="${namespace}_${tenant}"
+        INDEX_NST="${namespace}-__${tenant}__"
+    else
+        NST="$namespace"
+        INDEX_NST="${namespace}"
+    fi
+
+    if [ -n "$tenant" ]; then
+        log_notice "Creating access controls for tenant [$tenant] within namespace [$namespace] [$(date)]"
+    else
+        log_notice "Creating access controls for namespace [$namespace] [$(date)]"
+    fi
+
+    INDEX_PREFIX=viya_logs
+    ROLENAME=search_index_$NST
+    BE_ROLENAME=${NST}_kibana_users
+    BE_GFDS_ROLENAME=${NST}_grafana_dsusers
+    index_role_template="index_role.json"
+    kibana_tenant_role_template="kibana_tenant_limited_role.json"
+
+    log_debug "NST: $NST TENANT: $tenant NAMESPACE: $namespace ROLENAME: $ROLENAME"
 
 fi
 
@@ -122,28 +121,25 @@
 cp logging/opensearch/rbac "$TMP_DIR" -r
 
 # Replace PLACEHOLDERS
-sed -i'.bak' "s/xxIDXPREFIXxx/$INDEX_PREFIX/g"  "$TMP_DIR"/rbac/*.json     # IDXPREFIX
-sed -i'.bak' "s/xxNAMESPACExx/$namespace/g"     "$TMP_DIR"/rbac/*.json     # NAMESPACE
-sed -i'.bak' "s/xxTENANTxx/$tenant/g"           "$TMP_DIR"/rbac/*.json     # TENANT
-sed -i'.bak' "s/xxIDXNSTxx/$INDEX_NST/g"        "$TMP_DIR"/rbac/*.json     # NAMESPACE|NAMESPACE-__TENANT__    (used in index names)
-sed -i'.bak' "s/xxNSTxx/$NST/g"                 "$TMP_DIR"/rbac/*.json     # NAMESPACE|NAMESPACE_TENANT        (used in RBAC names)
-
+sed -i'.bak' "s/xxIDXPREFIXxx/$INDEX_PREFIX/g" "$TMP_DIR"/rbac/*.json # IDXPREFIX
+sed -i'.bak' "s/xxNAMESPACExx/$namespace/g" "$TMP_DIR"/rbac/*.json    # NAMESPACE
+sed -i'.bak' "s/xxTENANTxx/$tenant/g" "$TMP_DIR"/rbac/*.json          # TENANT
+sed -i'.bak' "s/xxIDXNSTxx/$INDEX_NST/g" "$TMP_DIR"/rbac/*.json       # NAMESPACE|NAMESPACE-__TENANT__    (used in index names)
+sed -i'.bak' "s/xxNSTxx/$NST/g" "$TMP_DIR"/rbac/*.json                # NAMESPACE|NAMESPACE_TENANT        (used in RBAC names)
 
 # get admin credentials
 # shellcheck disable=SC2155
-export ES_ADMIN_USER=$(kubectl -n "$LOG_NS" get secret internal-user-admin -o=jsonpath="{.data.username}" |base64 --decode)
-# shellcheck disable=SC2155
-export ES_ADMIN_PASSWD=$(kubectl -n "$LOG_NS" get secret internal-user-admin -o=jsonpath="{.data.password}" |base64 --decode)
-
+export ES_ADMIN_USER=$(kubectl -n "$LOG_NS" get secret internal-user-admin -o=jsonpath="{.data.username}" | base64 --decode)
+# shellcheck disable=SC2155
+export ES_ADMIN_PASSWD=$(kubectl -n "$LOG_NS" get secret internal-user-admin -o=jsonpath="{.data.password}" | base64 --decode)
 
 # Get Security API URL
 get_sec_api_url
 
 if [ -z "$sec_api_url" ]; then
-   log_error "Unable to determine URL to access security API endpoint"
-   exit 1
-fi
-
+    log_error "Unable to determine URL to access security API endpoint"
+    exit 1
+fi
 
 #index user (controls access to indexes)
 ensure_role_exists "$ROLENAME" "$TMP_DIR"/rbac/$index_role_template
@@ -154,12 +150,11 @@
 add_rolemapping v4m_grafana_dsuser "$BE_GFDS_ROLENAME" null
 add_rolemapping "$ROLENAME" "$BE_GFDS_ROLENAME"
 
-
 #tenant role (controls access to Kibanas tenant spaces)
 if [ "$create_ktenant_roles" == "true" ]; then
 
-   ensure_role_exists tenant_"${NST}" "$TMP_DIR"/rbac/$kibana_tenant_role_template
-   add_rolemapping  tenant_"${NST}" "$BE_ROLENAME"
+    ensure_role_exists tenant_"${NST}" "$TMP_DIR"/rbac/$kibana_tenant_role_template
+    add_rolemapping tenant_"${NST}" "$BE_ROLENAME"
 
 fi
 
@@ -170,22 +165,21 @@
 log_notice "Access controls created [$(date)]"
 echo ""
 
-add_notice    "Assign users the back-end role of  [${BE_ROLENAME}] to"
-add_notice    "grant them access to OpenSearch Dashboards and log messages from"
-if [ "$cluster" == "true" ]; then
-   add_notice "ALL tenants and ALL namespaces"
+add_notice "Assign users the back-end role of  [${BE_ROLENAME}] to"
+add_notice "grant them access to OpenSearch Dashboards and log messages from"
+if [ "$cluster" == "true" ]; then
+    add_notice "ALL tenants and ALL namespaces"
 elif [ -n "$tenant" ]; then
-   add_notice "ONLY the [$tenant] tenant within the [$namespace] namespace"
-else
-   add_notice "ONLY the [$namespace] namespace."
+    add_notice "ONLY the [$tenant] tenant within the [$namespace] namespace"
+else
+    add_notice "ONLY the [$namespace] namespace."
 fi
 
 LOGGING_DRIVER=${LOGGING_DRIVER:-false}
 if [ "$LOGGING_DRIVER" != "true" ]; then
-   echo ""
-   log_notice    "================================================================================="
-   display_notices
-   log_notice    "================================================================================="
-   echo ""
-fi
-
+    echo ""
+    log_notice "================================================================================="
+    display_notices
+    log_notice "================================================================================="
+    echo ""
+fi
diff logging/bin/security_delete_rbac.sh.orig logging/bin/security_delete_rbac.sh
--- logging/bin/security_delete_rbac.sh.orig
+++ logging/bin/security_delete_rbac.sh
@@ -33,89 +33,89 @@
 tenant=${2}
 
 if [ -z "$namespace" ]; then
-  log_error "Required argument NAMESPACE not specified"
-  log_message  ""
-  log_message  "Usage: $this_script NAMESPACE"
-  log_message  ""
-  log_message  "Deletes access control artifacts (e.g. roles, role-mappings, etc.) previously created to limit access to the specified namespace."
-  log_message  ""
-  log_message  "        NAMESPACE - (Required) The SAS Viya deployment/Kubernetes Namespace for which access controls should be deleted"
-  log_message  "        TENANT    - (Optional) The tenant with the SAS Viya deployment/Kubernetes Namespace for which access controls should be created"
-  log_message  ""
-
-  exit 1
+    log_error "Required argument NAMESPACE not specified"
+    log_message ""
+    log_message "Usage: $this_script NAMESPACE"
+    log_message ""
+    log_message "Deletes access control artifacts (e.g. roles, role-mappings, etc.) previously created to limit access to the specified namespace."
+    log_message ""
+    log_message "        NAMESPACE - (Required) The SAS Viya deployment/Kubernetes Namespace for which access controls should be deleted"
+    log_message "        TENANT    - (Optional) The tenant with the SAS Viya deployment/Kubernetes Namespace for which access controls should be created"
+    log_message ""
+
+    exit 1
 fi
 
 # Convert namespace and tenant to all lower-case
-namespace=$(echo "$namespace"| tr '[:upper:]' '[:lower:]')
-tenant=$(echo "$tenant"| tr '[:upper:]' '[:lower:]')
+namespace=$(echo "$namespace" | tr '[:upper:]' '[:lower:]')
+tenant=$(echo "$tenant" | tr '[:upper:]' '[:lower:]')
 
 if [ "$namespace" == "_all_" ] && [ "$tenant" == "_all_" ]; then
-   log_debug "Deleting of All cluster access RBACs requested"
-   cluster="true"
-else
-   cluster="false"
-fi
-
-if [ "$cluster" == "true" ]; then
-
-   # deleting cluster-wide RBACs
-   ROLENAME="search_index_-ALL-"
-   BACKENDROLE="V4MCLUSTER_ADMIN_kibana_users"
-   GFDS_BACKENDROLE="V4MCLUSTER_ADMIN_grafana_dsusers"
-   NST="cluster_admins"
-
-else
-   # deleting namespace or tenant limited RBACs
-   validateNamespace "$namespace"
-
-   if [ -n "$tenant" ]; then
-      validateTenantID "$tenant"
-
-      NST="${namespace}_${tenant}"
-
-      log_notice "Deleting access controls for the [$tenant] tenant within the namespace [$namespace] [$(date)]"
-
-   else
-      NST="$namespace"
-      log_notice "Deleting access controls for namespace [$namespace] [$(date)]"
-   fi
-
-   ROLENAME="search_index_$NST"
-   BACKENDROLE="${NST}_kibana_users"
-   GFDS_BACKENDROLE="${NST}_grafana_dsusers"
-
-   log_debug "NAMESPACE: $namespace TENANT: $tenant ROLENAME: $ROLENAME BACKENDROLE: $BACKENDROLE GFDS_BACKENDROLE: $GFDS_BACKENDROLE"
+    log_debug "Deleting of All cluster access RBACs requested"
+    cluster="true"
+else
+    cluster="false"
+fi
+
+if [ "$cluster" == "true" ]; then
+
+    # deleting cluster-wide RBACs
+    ROLENAME="search_index_-ALL-"
+    BACKENDROLE="V4MCLUSTER_ADMIN_kibana_users"
+    GFDS_BACKENDROLE="V4MCLUSTER_ADMIN_grafana_dsusers"
+    NST="cluster_admins"
+
+else
+    # deleting namespace or tenant limited RBACs
+    validateNamespace "$namespace"
+
+    if [ -n "$tenant" ]; then
+        validateTenantID "$tenant"
+
+        NST="${namespace}_${tenant}"
+
+        log_notice "Deleting access controls for the [$tenant] tenant within the namespace [$namespace] [$(date)]"
+
+    else
+        NST="$namespace"
+        log_notice "Deleting access controls for namespace [$namespace] [$(date)]"
+    fi
+
+    ROLENAME="search_index_$NST"
+    BACKENDROLE="${NST}_kibana_users"
+    GFDS_BACKENDROLE="${NST}_grafana_dsusers"
+
+    log_debug "NAMESPACE: $namespace TENANT: $tenant ROLENAME: $ROLENAME BACKENDROLE: $BACKENDROLE GFDS_BACKENDROLE: $GFDS_BACKENDROLE"
 fi
 
 # get admin credentials
 # shellcheck disable=SC2155
-export ES_ADMIN_USER=$(kubectl -n "$LOG_NS" get secret internal-user-admin -o=jsonpath="{.data.username}" |base64 --decode)
-# shellcheck disable=SC2155
-export ES_ADMIN_PASSWD=$(kubectl -n "$LOG_NS" get secret internal-user-admin -o=jsonpath="{.data.password}" |base64 --decode)
+export ES_ADMIN_USER=$(kubectl -n "$LOG_NS" get secret internal-user-admin -o=jsonpath="{.data.username}" | base64 --decode)
+# shellcheck disable=SC2155
+export ES_ADMIN_PASSWD=$(kubectl -n "$LOG_NS" get secret internal-user-admin -o=jsonpath="{.data.password}" | base64 --decode)
 
 # Get Security API URL
 get_sec_api_url
 
 if [ -z "$sec_api_url" ]; then
-   log_error "Unable to determine URL to access security API endpoint"
-   exit 1
+    log_error "Unable to determine URL to access security API endpoint"
+    exit 1
 fi
 
 # handle $ROLENAME
 if role_exists "$ROLENAME"; then
-   delete_rolemappings "$ROLENAME"
-   delete_role "$ROLENAME"
-
-   # handle tenant_$NST
-   delete_rolemappings tenant_"${NST}"
-   delete_role tenant_"${NST}"
-else
-  log_verbose "The role [$ROLENAME] does not exist; nothing to delete"
+    delete_rolemappings "$ROLENAME"
+    delete_role "$ROLENAME"
+
+    # handle tenant_$NST
+    delete_rolemappings tenant_"${NST}"
+    delete_role tenant_"${NST}"
+else
+    log_verbose "The role [$ROLENAME] does not exist; nothing to delete"
 fi
 
 # handle KIBANA_USER
-remove_rolemapping kibana_user     "$BACKENDROLE"    # Needed for RBACs created prior to MT support (should be no-op for post MT RBACs)
+remove_rolemapping kibana_user "$BACKENDROLE" # Needed for RBACs created prior to MT support (should be no-op for post MT RBACs)
 remove_rolemapping v4m_kibana_user "$BACKENDROLE"
 
 # handle Grafana Data Source user
@@ -124,10 +124,9 @@
 log_notice "Access controls deleted [$(date)]"
 echo ""
 if [ "$cluster" == "true" ]; then
-   log_verbose "You may want to consider deleting users whose *only* role(s) were 'V4MCLUSTER_ADMIN_kibana_users' and/or 'search_index_-ALL-'"
+    log_verbose "You may want to consider deleting users whose *only* role(s) were 'V4MCLUSTER_ADMIN_kibana_users' and/or 'search_index_-ALL-'"
 elif [ -n "$tenant" ]; then
-   log_notice "You should delete any users whose only purpose was to access log messages from the [$tenant] tenant within the [$namespace] namespace  "
-else
-   log_notice "You should delete any users whose only purpose was to access log messages from the [$namespace] namespace  "
-fi
-
+    log_notice "You should delete any users whose only purpose was to access log messages from the [$tenant] tenant within the [$namespace] namespace  "
+else
+    log_notice "You should delete any users whose only purpose was to access log messages from the [$namespace] namespace  "
+fi
diff logging/bin/user.sh.orig logging/bin/user.sh
--- logging/bin/user.sh.orig
+++ logging/bin/user.sh
@@ -1,10 +1,8 @@
 #!/bin/bash
 
-
 # Copyright © 2020, SAS Institute Inc., Cary, NC, USA.  All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0
 
-
 cd "$(dirname "$BASH_SOURCE")/../.."
 source logging/bin/common.sh
 this_script=$(basename "$0")
@@ -13,39 +11,39 @@
 source logging/bin/apiaccess-include.sh
 
 function show_usage {
-  which_action=$1
-  case "$which_action" in
+    which_action=$1
+    case "$which_action" in
     "CREATE")
-       log_message  ""
-       log_message  "Usage: $this_script CREATE [REQUIRED_PARAMETERS] [OPTIONS] "
-       log_message  ""
-       log_message  "Creates a user in the internal user database and limits their access to only log messages from the specified namespace and, optionally, more narrowly, to the specified tenant within the specified namespace"
-       log_message  ""
-       log_message  "     -ns, --namespace   NAMESPACE - (Required) The SAS Viya deployment/Kubernetes Namespace to which this user should be granted access"
-       log_message  "     -t,  --tenant      TENANT    - (Optional) The tenant within the specific SAS Viya deployment/Kubernetes Namespace to which this user should be granted access."
-       log_message  "     -u,  --user        USERNAME  - (Optional) The username to be created (default: [NAMESPACE]|[NAMESPACE_TENANT]_admin)"
-       log_message  "     -p,  --password    PASSWORD  - (Optional) The password for the newly created account (default: [USERNAME])"
-       echo ""
-       ;;
+        log_message ""
+        log_message "Usage: $this_script CREATE [REQUIRED_PARAMETERS] [OPTIONS] "
+        log_message ""
+        log_message "Creates a user in the internal user database and limits their access to only log messages from the specified namespace and, optionally, more narrowly, to the specified tenant within the specified namespace"
+        log_message ""
+        log_message "     -ns, --namespace   NAMESPACE - (Required) The SAS Viya deployment/Kubernetes Namespace to which this user should be granted access"
+        log_message "     -t,  --tenant      TENANT    - (Optional) The tenant within the specific SAS Viya deployment/Kubernetes Namespace to which this user should be granted access."
+        log_message "     -u,  --user        USERNAME  - (Optional) The username to be created (default: [NAMESPACE]|[NAMESPACE_TENANT]_admin)"
+        log_message "     -p,  --password    PASSWORD  - (Optional) The password for the newly created account (default: [USERNAME])"
+        echo ""
+        ;;
     "DELETE")
-       log_message  "Usage: $this_script DELETE [REQUIRED_PARAMETERS]"
-       log_message  ""
-       log_message  "Removes the specified user from the internal user database"
-       log_message  ""
-       log_message  "     -u,  --user        USERNAME  - (Required) The username to be deleted."
-       ;;
+        log_message "Usage: $this_script DELETE [REQUIRED_PARAMETERS]"
+        log_message ""
+        log_message "Removes the specified user from the internal user database"
+        log_message ""
+        log_message "     -u,  --user        USERNAME  - (Required) The username to be deleted."
+        ;;
     *)
-       log_message  ""
-       log_message  "Usage: $this_script ACTION [REQUIRED_PARAMETERS] [OPTIONS] "
-       log_message  ""
-       log_message  "Creates or deletes a user in the internal user database.  Newly created users are granted permission limiting their access to log messages for the specified namespace, and, optionally, to a specific tenant within that namespace."
-       log_message  ""
-       log_message  "        ACTION - (Required) one of the following actions: [CREATE, DELETE]"
-       log_message  ""
-       log_message  "        Additional help information, including details of required and optional parameters, can be displayed by submitting the command: $this_script ACTION --help"
-       echo ""
-       ;;
-  esac
+        log_message ""
+        log_message "Usage: $this_script ACTION [REQUIRED_PARAMETERS] [OPTIONS] "
+        log_message ""
+        log_message "Creates or deletes a user in the internal user database.  Newly created users are granted permission limiting their access to log messages for the specified namespace, and, optionally, to a specific tenant within that namespace."
+        log_message ""
+        log_message "        ACTION - (Required) one of the following actions: [CREATE, DELETE]"
+        log_message ""
+        log_message "        Additional help information, including details of required and optional parameters, can be displayed by submitting the command: $this_script ACTION --help"
+        echo ""
+        ;;
+    esac
 }
 
 set -e
@@ -52,66 +50,66 @@
 
 POS_PARMS=""
 
-while (( "$#" )); do
-  case "$1" in
-    -ns|--namespace)
-      if [ -n "$2" ] && [ "${2:0:1}" != "-" ]; then
-        namespace=$2
-        shift 2
-      else
-        log_error "Error: A value for parameter [Namespace] has not been provided." >&2
-        show_usage
-        exit 2
-      fi
-      ;;
-    -t|--tenant)
-      if [ -n "$2" ] && [ "${2:0:1}" != "-" ]; then
-        tenant=$2
-        shift 2
-      else
-        log_error "Error: A value for parameter [Tenant] has not been provided." >&2
-        show_usage
-      exit 2
-      fi
-      ;;
-    -u|--user|--username)
-      if [ -n "$2" ] && [ "${2:0:1}" != "-" ]; then
-        username=$2
-        shift 2
-      else
-        log_error "Error: A value for parameter [User] has not been provided." >&2
-        show_usage
-      exit 2
-      fi
-      ;;
-    -p|--password)
-      if [ -n "$2" ] && [ "${2:0:1}" != "-" ]; then
-        password=$2
-        shift 2
-      else
-        log_error "Error: A value for parameter [Password] has not been provided." >&2
-        show_usage
-        exit 2
-      fi
-      ;;
-    -g|--grafanads)
-      grafanads_user="true"
-      shift
-      ;;
-    -h|--help)
-      show_usage=1
-      shift
-      ;;
-    -*|--*=) # unsupported flags
-      log_error "Error: Unsupported flag $1" >&2
-      show_usage
-      exit 2
-      ;;
+while (("$#")); do
+    case "$1" in
+    -ns | --namespace)
+        if [ -n "$2" ] && [ "${2:0:1}" != "-" ]; then
+            namespace=$2
+            shift 2
+        else
+            log_error "Error: A value for parameter [Namespace] has not been provided." >&2
+            show_usage
+            exit 2
+        fi
+        ;;
+    -t | --tenant)
+        if [ -n "$2" ] && [ "${2:0:1}" != "-" ]; then
+            tenant=$2
+            shift 2
+        else
+            log_error "Error: A value for parameter [Tenant] has not been provided." >&2
+            show_usage
+            exit 2
+        fi
+        ;;
+    -u | --user | --username)
+        if [ -n "$2" ] && [ "${2:0:1}" != "-" ]; then
+            username=$2
+            shift 2
+        else
+            log_error "Error: A value for parameter [User] has not been provided." >&2
+            show_usage
+            exit 2
+        fi
+        ;;
+    -p | --password)
+        if [ -n "$2" ] && [ "${2:0:1}" != "-" ]; then
+            password=$2
+            shift 2
+        else
+            log_error "Error: A value for parameter [Password] has not been provided." >&2
+            show_usage
+            exit 2
+        fi
+        ;;
+    -g | --grafanads)
+        grafanads_user="true"
+        shift
+        ;;
+    -h | --help)
+        show_usage=1
+        shift
+        ;;
+    -* | --*=) # unsupported flags
+        log_error "Error: Unsupported flag $1" >&2
+        show_usage
+        exit 2
+        ;;
     *) # preserve positional arguments
-      POS_PARMS="$POS_PARMS $1"
-      shift
-      ;;
-  esac
+        POS_PARMS="$POS_PARMS $1"
+        shift
+        ;;
+    esac
 done
 
 # set positional arguments in their proper place
@@ -122,21 +120,21 @@
     show_usage
     exit 1
 else
-   action=$(echo "$1"|tr '[a-z]' '[A-Z]')
-   shift
-
-   if [ "$action" != "CREATE" ] &&  [ "$action" != "DELETE" ] ; then
-      log_error "Invalid action [$action] specified; exiting"
-      show_usage
-      exit 1
-   fi
+    action=$(echo "$1" | tr '[a-z]' '[A-Z]')
+    shift
+
+    if [ "$action" != "CREATE" ] && [ "$action" != "DELETE" ]; then
+        log_error "Invalid action [$action] specified; exiting"
+        show_usage
+        exit 1
+    fi
 fi
 
 log_debug "Action: $action"
 
 if [ "$show_usage" == "1" ]; then
-   show_usage "$action"
-   exit
+    show_usage "$action"
+    exit
 fi
 
 # No positional parameters (other than ACTION) are supported
@@ -146,31 +144,29 @@
     exit 4
 fi
 
-
 log_debug "POS_PARMS: $POS_PARMS"
 
 # Convert namespace and tenant to all lower-case
-namespace=$(echo "$namespace"| tr '[:upper:]' '[:lower:]')
-tenant=$(echo "$tenant"| tr '[:upper:]' '[:lower:]')
-
+namespace=$(echo "$namespace" | tr '[:upper:]' '[:lower:]')
+tenant=$(echo "$tenant" | tr '[:upper:]' '[:lower:]')
 
 if [ "$namespace" == "_all_" ] && [ "$tenant" == "_all_" ]; then
-   if [ -z "$username"  ] && [ "$grafanads_user" != "true" ]; then
-     log_error "Required parameter USERNAME not specified"
-     show_usage "$action"
-     exit 4
-   fi
-   cluster="true"
-   namespace=''
-   tenant=''
-else
-   cluster="false"
-
-   if [ -z "$username"  ] && [ -z "$namespace" ]; then
-     log_error "Required parameter(s) NAMESPACE and/or USERNAME not specified"
-     show_usage "$action"
-     exit 4
-   fi
+    if [ -z "$username" ] && [ "$grafanads_user" != "true" ]; then
+        log_error "Required parameter USERNAME not specified"
+        show_usage "$action"
+        exit 4
+    fi
+    cluster="true"
+    namespace=''
+    tenant=''
+else
+    cluster="false"
+
+    if [ -z "$username" ] && [ -z "$namespace" ]; then
+        log_error "Required parameter(s) NAMESPACE and/or USERNAME not specified"
+        show_usage "$action"
+        exit 4
+    fi
 fi
 
 log_debug "CLUSTER: $cluster NAMESPACE: $namespace TENANT: $tenant NST: $nst USERNAME: $username"
@@ -177,121 +173,117 @@
 
 # get admin credentials
 # shellcheck disable=SC2155
-export ES_ADMIN_USER=$(kubectl -n "$LOG_NS" get secret internal-user-admin -o=jsonpath="{.data.username}" |base64 --decode)
-# shellcheck disable=SC2155
-export ES_ADMIN_PASSWD=$(kubectl -n "$LOG_NS" get secret internal-user-admin -o=jsonpath="{.data.password}" |base64 --decode)
-
+export ES_ADMIN_USER=$(kubectl -n "$LOG_NS" get secret internal-user-admin -o=jsonpath="{.data.username}" | base64 --decode)
+# shellcheck disable=SC2155
+export ES_ADMIN_PASSWD=$(kubectl -n "$LOG_NS" get secret internal-user-admin -o=jsonpath="{.data.password}" | base64 --decode)
 
 # Get Security API URL
 get_sec_api_url
 
 if [ -z "$sec_api_url" ]; then
-   log_error "Unable to determine URL to access security API endpoint"
-   exit 1
-fi
-
+    log_error "Unable to determine URL to access security API endpoint"
+    exit 1
+fi
 
 case "$action" in
-   CREATE)
-      if [ "$cluster" == "true" ]; then
-         if [ "$grafanads_user" == "true" ]; then
+CREATE)
+    if [ "$cluster" == "true" ]; then
+        if [ "$grafanads_user" == "true" ]; then
             berole="V4MCLUSTER_ADMIN_grafana_dsusers"
             pwdchangetxt="Do NOT use OpenSearch Dashboards or API, MUST re-run Grafana datasource creation script"
-         else
+        else
             berole="V4MCLUSTER_ADMIN_kibana_users"
-         fi
-         rolename="search_index_-ALL-"
-         scope="ALL namespaces"
-      else
-         if [ -z "$namespace" ]; then
+        fi
+        rolename="search_index_-ALL-"
+        scope="ALL namespaces"
+    else
+        if [ -z "$namespace" ]; then
             log_error "Required argument NAMESPACE no specified"
             echo ""
             show_usage CREATE
             exit 1
-         fi
-
-         if [ -n "$tenant" ]; then
+        fi
+
+        if [ -n "$tenant" ]; then
             nst="${namespace}_${tenant}"
             scope="the tenant [$tenant] within the namespace [$namespace]"
-         else
+        else
             nst="$namespace"
             scope="namespace [$namespace]"
-         fi
-
-         rolename=search_index_$nst
-
-         if [ "$grafanads_user" == "true" ]; then
+        fi
+
+        rolename=search_index_$nst
+
+        if [ "$grafanads_user" == "true" ]; then
             berole="${nst}_grafana_dsusers"
             pwdchangetxt="Do NOT use OpenSearch Dashboards or API, MUST re-run Grafana datasource creation script"
-         else
+        else
             berole="${nst}_kibana_users"
 
             if [ -z "$username" ]; then
-               username="${nst}_admin"
+                username="${nst}_admin"
             fi
-         fi
-      fi
-
-      log_info "Attempting to create user [$username] and grant them access to log messages from $scope [$(date)]"
-
-      # Check if user exists
-      if user_exists "$username"; then
-         log_error "A user with this name [$username] already exists."
-         exit 1
-      fi
-
-      #Check if role exists
-      if ! role_exists "$rolename"; then
-         log_error "The expected access control role [$rolename] does NOT exist."
-         if [ "$cluster" != "true" ]; then
+        fi
+    fi
+
+    log_info "Attempting to create user [$username] and grant them access to log messages from $scope [$(date)]"
+
+    # Check if user exists
+    if user_exists "$username"; then
+        log_error "A user with this name [$username] already exists."
+        exit 1
+    fi
+
+    #Check if role exists
+    if ! role_exists "$rolename"; then
+        log_error "The expected access control role [$rolename] does NOT exist."
+        if [ "$cluster" != "true" ]; then
             log_error "You must on-oboard $scope to create required the access control role."
-         fi
-         exit 1
-      fi
-
-      password=${password:-$username}
-
-      if [ -z "$namespace" ]; then
-         nsconstraint="-none-"
-      else
-         nsconstraint=$namespace
-      fi
-      if [ -z "$tenant" ]; then
-         tconstraint="-none-"
-      else
-         tconstraint=$tenant
-      fi
-
-      if [ -z "$pwdchangetxt" ]; then
-         pwdchangetxt="Use OpenSearch Dashboards or API"
-      fi
-
-      exitnow="false"
-      weakpassword="false"
-      loopcounter=1
-      until [ "$exitnow" == "true" ]
-      do
-
-         cp logging/opensearch/rbac/user.json "$TMP_DIR"/user.json
-         # Replace PLACEHOLDERS
-         sed -i'.bak' "s/xxBEROLExx/$berole/g"             "$TMP_DIR"/user.json      # (NAMESPACE|NAMESPACE_TENANT|'V4MCLUSTER_ADMIN') + '_kibana_users'
-         sed -i'.bak' "s/xxNSCONSTRAINTxx/$nsconstraint/g" "$TMP_DIR"/user.json      # NAMESPACE|'-none-'
-         sed -i'.bak' "s/xxTCONSTRAINTxx/$tconstraint/g"   "$TMP_DIR"/user.json      # TENANT|'-none-'
-         sed -i'.bak' "s/xxPASSWORDxx/$password/g"         "$TMP_DIR"/user.json      # PASSWORD
-         sed -i'.bak' "s/xxCREATEDBYxx/$this_script/g"     "$TMP_DIR"/user.json      # CREATEDBY
-         sed -i'.bak' "s/xxPWDCHANGEXX/$pwdchangetxt/g"    "$TMP_DIR"/user.json      # PASSWORD CHANGE MECHANISM (OSD|change_internal_password.sh script)
-         sed -i'.bak' "s/xxDATETIMExx/$(date)/g"           "$TMP_DIR"/user.json      # DATE
-
-         log_debug "Contents of user.json template file after substitutions: \n $(cat "$TMP_DIR"/user.json)"
-
-
-         #remove any existing instance of this file
-         rm -f "$TMP_DIR"/user_create.txt
-
-         # Create user
-         response=$(curl -s -o "$TMP_DIR"/user_create.txt -w "%{http_code}" -XPUT "$sec_api_url/internalusers/$username"  -H 'Content-Type: application/json' -d @"$TMP_DIR"/user.json  --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)
-
-         if grep -i 'weak password' "$TMP_DIR"/user_create.txt >/dev/null 2>&1; then
+        fi
+        exit 1
+    fi
+
+    password=${password:-$username}
+
+    if [ -z "$namespace" ]; then
+        nsconstraint="-none-"
+    else
+        nsconstraint=$namespace
+    fi
+    if [ -z "$tenant" ]; then
+        tconstraint="-none-"
+    else
+        tconstraint=$tenant
+    fi
+
+    if [ -z "$pwdchangetxt" ]; then
+        pwdchangetxt="Use OpenSearch Dashboards or API"
+    fi
+
+    exitnow="false"
+    weakpassword="false"
+    loopcounter=1
+    until [ "$exitnow" == "true" ]; do
+
+        cp logging/opensearch/rbac/user.json "$TMP_DIR"/user.json
+        # Replace PLACEHOLDERS
+        sed -i'.bak' "s/xxBEROLExx/$berole/g" "$TMP_DIR"/user.json             # (NAMESPACE|NAMESPACE_TENANT|'V4MCLUSTER_ADMIN') + '_kibana_users'
+        sed -i'.bak' "s/xxNSCONSTRAINTxx/$nsconstraint/g" "$TMP_DIR"/user.json # NAMESPACE|'-none-'
+        sed -i'.bak' "s/xxTCONSTRAINTxx/$tconstraint/g" "$TMP_DIR"/user.json   # TENANT|'-none-'
+        sed -i'.bak' "s/xxPASSWORDxx/$password/g" "$TMP_DIR"/user.json         # PASSWORD
+        sed -i'.bak' "s/xxCREATEDBYxx/$this_script/g" "$TMP_DIR"/user.json     # CREATEDBY
+        sed -i'.bak' "s/xxPWDCHANGEXX/$pwdchangetxt/g" "$TMP_DIR"/user.json    # PASSWORD CHANGE MECHANISM (OSD|change_internal_password.sh script)
+        sed -i'.bak' "s/xxDATETIMExx/$(date)/g" "$TMP_DIR"/user.json           # DATE
+
+        log_debug "Contents of user.json template file after substitutions: \n $(cat "$TMP_DIR"/user.json)"
+
+        #remove any existing instance of this file
+        rm -f "$TMP_DIR"/user_create.txt
+
+        # Create user
+        response=$(curl -s -o "$TMP_DIR"/user_create.txt -w "%{http_code}" -XPUT "$sec_api_url/internalusers/$username" -H 'Content-Type: application/json' -d @"$TMP_DIR"/user.json --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)
+
+        if grep -i 'weak password' "$TMP_DIR"/user_create.txt > /dev/null 2>&1; then
             log_warn "The password specified for user [$username] did not meet complexity requirements of OpenSearch."
             log_warn "A randomly generated password will be used instead."
             log_warn "Check notices below for additional details."
@@ -298,79 +290,78 @@
             weakpassword="true"
             password="$(randomPassword)"
             exitnow="false"
-         else
+        else
             exitnow="true"
-         fi
-
-         ((loopcounter++))
-
-         if [[ $loopcounter -gt 3 ]]; then
+        fi
+
+        ((loopcounter++))
+
+        if [[ $loopcounter -gt 3 ]]; then
             exitnow='true'
             log_debug "Weak password check looped too many times [$loopcounter]"
-         else
+        else
             log_debug "Weak password check loop [$loopcounter]"
-         fi
-      done
-
-      if [[ $response != 2* ]]; then
-         log_error "There was an issue creating the user [$username]. [$response]"
-         exit 1
-      else
-         log_info "User [$username] created. [$response]"
-      fi
-      log_notice "User [$username] added to internal user database [$(date)]"
-      add_notice "                                                          "
-      add_notice "User [$username] added to internal user database. "
-
-      if [ "$weakpassword" == "true" ]; then
-         add_notice '+------------------------------------------------------------------------------+'
-         add_notice '|.............IMPORTANT NOTICE: REQUESTED PASSWORD REJECTED....................|'
-         add_notice '+------------------------------------------------------------------------------+'
-         add_notice "The specified password failed the complexity requirements of OpenSearch."
-         add_notice "The password [$password] was generated randomly for [$username]."
-         add_notice "$pwdchangetxt to change the password later."
-      fi
-      add_notice " "
-
-      ;;
-   DELETE)
-      if [ -z "$username" ]; then
-         log_error "Required argument USERNAME not specified"
-         echo ""
-         show_usage DELETE
-         exit 1
-      fi
-
-      log_info "Attempting to remove user [$username] from the internal user database [$(date)]"
-
-      # Check if user exists
-      if ! user_exists "$username"; then
-         log_error "There was an issue deleting the user [$username]; the user does NOT exists."
-         exit 1
-      else
-         log_debug "User [$username] exists."
-      fi
-
-      # Delete user
-      response=$(curl -s -o /dev/null -w "%{http_code}" -XDELETE "$sec_api_url/internalusers/$username"  --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)
-      if [[ $response != 2* ]]; then
-         log_error "There was an issue deleting the user [$username]. [$response]"
-         exit 1
-      else
-         log_info "User [$username] deleted. [$response]"
-         log_notice "User [$username] removed from internal user database [$(date)]"
-      fi
-      ;;
-   *)
-      log_error "Invalid action specified"
-      exit 1
-   ;;
+        fi
+    done
+
+    if [[ $response != 2* ]]; then
+        log_error "There was an issue creating the user [$username]. [$response]"
+        exit 1
+    else
+        log_info "User [$username] created. [$response]"
+    fi
+    log_notice "User [$username] added to internal user database [$(date)]"
+    add_notice "                                                          "
+    add_notice "User [$username] added to internal user database. "
+
+    if [ "$weakpassword" == "true" ]; then
+        add_notice '+------------------------------------------------------------------------------+'
+        add_notice '|.............IMPORTANT NOTICE: REQUESTED PASSWORD REJECTED....................|'
+        add_notice '+------------------------------------------------------------------------------+'
+        add_notice "The specified password failed the complexity requirements of OpenSearch."
+        add_notice "The password [$password] was generated randomly for [$username]."
+        add_notice "$pwdchangetxt to change the password later."
+    fi
+    add_notice " "
+
+    ;;
+DELETE)
+    if [ -z "$username" ]; then
+        log_error "Required argument USERNAME not specified"
+        echo ""
+        show_usage DELETE
+        exit 1
+    fi
+
+    log_info "Attempting to remove user [$username] from the internal user database [$(date)]"
+
+    # Check if user exists
+    if ! user_exists "$username"; then
+        log_error "There was an issue deleting the user [$username]; the user does NOT exists."
+        exit 1
+    else
+        log_debug "User [$username] exists."
+    fi
+
+    # Delete user
+    response=$(curl -s -o /dev/null -w "%{http_code}" -XDELETE "$sec_api_url/internalusers/$username" --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)
+    if [[ $response != 2* ]]; then
+        log_error "There was an issue deleting the user [$username]. [$response]"
+        exit 1
+    else
+        log_info "User [$username] deleted. [$response]"
+        log_notice "User [$username] removed from internal user database [$(date)]"
+    fi
+    ;;
+*)
+    log_error "Invalid action specified"
+    exit 1
+    ;;
 esac
 
-
 LOGGING_DRIVER=${LOGGING_DRIVER:-false}
 if [ "$LOGGING_DRIVER" != "true" ]; then
-   echo ""
-   display_notices
-   echo ""
+    echo ""
+    display_notices
+    echo ""
 fi
----------

You can reformat the above files to meet shfmt's requirements by typing:

  shfmt -s -i 4 -bn -sr -ln bash -w filename

@github-actions
Copy link
Contributor

github-actions bot commented Aug 22, 2025

sh-checker report

To get the full details, please check in the job output.

shellcheck errors 

'shellcheck -e SC1004' returned error 1 finding the following syntactical issues:

----------

In logging/bin/onboard.sh line 91:
    -*|--*=) # unsupported flags
    ^-- SC2221 (warning): This pattern always overrides a later one on line 91.
       ^--^ SC2222 (warning): This pattern never matches because of a previous pattern on line 91.


In logging/bin/user.sh line 105:
    -*|--*=) # unsupported flags
    ^-- SC2221 (warning): This pattern always overrides a later one on line 105.
       ^--^ SC2222 (warning): This pattern never matches because of a previous pattern on line 105.


In logging/bin/user.sh line 125:
   action=$(echo "$1"|tr '[a-z]' '[A-Z]')
                         ^-----^ SC2021 (info): Don't use [] around classes in tr, it replaces literal square brackets.
                                 ^-----^ SC2021 (info): Don't use [] around classes in tr, it replaces literal square brackets.

For more information:
  https://www.shellcheck.net/wiki/SC2221 -- This pattern always overrides a l...
  https://www.shellcheck.net/wiki/SC2222 -- This pattern never matches becaus...
  https://www.shellcheck.net/wiki/SC2021 -- Don't use [] around classes in tr...
----------

You can address the above issues in one of three ways:
1. Manually correct the issue in the offending shell script;
2. Disable specific issues by adding the comment:
  # shellcheck disable=NNNN
above the line that contains the issue, where NNNN is the error code;
3. Add '-e NNNN' to the SHELLCHECK_OPTS setting in your .yml action file.
shfmt errors 

'shfmt -s -i 4 -bn -sr -ln bash' returned error 1 finding the following formatting issues:

----------
diff logging/bin/deploy_logging_azmonitor.sh.orig logging/bin/deploy_logging_azmonitor.sh
--- logging/bin/deploy_logging_azmonitor.sh.orig
+++ logging/bin/deploy_logging_azmonitor.sh
@@ -11,7 +11,7 @@
 tmpfile=$TMP_DIR/output.txt
 rm -f tmpfile
 
-if [ "$(kubectl get ns "$LOG_NS" -o name 2>/dev/null)" == "" ]; then
+if [ "$(kubectl get ns "$LOG_NS" -o name 2> /dev/null)" == "" ]; then
     kubectl create ns "$LOG_NS"
 fi
 
diff logging/bin/offboard.sh.orig logging/bin/offboard.sh
--- logging/bin/offboard.sh.orig
+++ logging/bin/offboard.sh
@@ -13,15 +13,15 @@
 this_script=$(basename "$0")
 
 function show_usage {
-    log_message  "Usage: $this_script --namespace NAMESPACE [--tenant TENANT] [OPTIONS]"
-    log_message  ""
-    log_message  "'Offboards' either the specified SAS Viya deployment (namespace) or the specified tenant within that deployment.  This removes the ability to limit admins to the SAS Viya deployment (or a single tenant within a given deployment)."
-    log_message  "The offboarding process deletes the security access controls and the associated OpenSearch Dashboards tenant space (including any saved OpenSearch Dashboards content (e.g. visualizations, dashboards, etc.)."
-    log_message  ""
-    log_message  "    Arguments:"
-    log_message  "     -ns, --namespace   NAMESPACE - (Required) The SAS Viya deployment/Kubernetes Namespace to which access should be removed."
-    log_message  "     -t,  --tenant      TENANT    - (Optional) The tenant within the specific SAS Viya deployment/Kubernetes Namespace to which access should be removed."
-    log_message  ""
+    log_message "Usage: $this_script --namespace NAMESPACE [--tenant TENANT] [OPTIONS]"
+    log_message ""
+    log_message "'Offboards' either the specified SAS Viya deployment (namespace) or the specified tenant within that deployment.  This removes the ability to limit admins to the SAS Viya deployment (or a single tenant within a given deployment)."
+    log_message "The offboarding process deletes the security access controls and the associated OpenSearch Dashboards tenant space (including any saved OpenSearch Dashboards content (e.g. visualizations, dashboards, etc.)."
+    log_message ""
+    log_message "    Arguments:"
+    log_message "     -ns, --namespace   NAMESPACE - (Required) The SAS Viya deployment/Kubernetes Namespace to which access should be removed."
+    log_message "     -t,  --tenant      TENANT    - (Optional) The tenant within the specific SAS Viya deployment/Kubernetes Namespace to which access should be removed."
+    log_message ""
     #log_message  "    Options:"
     #log_message  ""
 }
@@ -34,41 +34,41 @@
 #
 POS_PARMS=""
 
-while (( "$#" )); do
+while (("$#")); do
     case "$1" in
-        -ns | --namespace)
-            if [ -n "$2" ] && [ "${2:0:1}" != "-" ]; then
-                    namespace=$2
-                    shift 2
-            else
-                    log_error "A value for parameter [NAMESPACE] has not been provided." >&2
-                    show_usage
-                    exit 2
-            fi
-            ;;
-        -t | --tenant)
-            if [ -n "$2" ] && [ "${2:0:1}" != "-" ]; then
-                    tenant=$2
-                    shift 2
-            else
-                    log_error "A value for parameter [TENANT] has not been provided." >&2
-                    show_usage
-                    exit 2
-            fi
-            ;;
-        -h | --help)
-            show_usage
-            exit
-            ;;
-        --*= | -*) # unsupported flags
-            log_error "Unsupported flag $1" >&2
-            show_usage
-            exit 1
-            ;;
-        *) # preserve positional arguments
-            POS_PARMS="$POS_PARMS $1"
-            shift
-            ;;
+    -ns | --namespace)
+        if [ -n "$2" ] && [ "${2:0:1}" != "-" ]; then
+            namespace=$2
+            shift 2
+        else
+            log_error "A value for parameter [NAMESPACE] has not been provided." >&2
+            show_usage
+            exit 2
+        fi
+        ;;
+    -t | --tenant)
+        if [ -n "$2" ] && [ "${2:0:1}" != "-" ]; then
+            tenant=$2
+            shift 2
+        else
+            log_error "A value for parameter [TENANT] has not been provided." >&2
+            show_usage
+            exit 2
+        fi
+        ;;
+    -h | --help)
+        show_usage
+        exit
+        ;;
+    --*= | -*) # unsupported flags
+        log_error "Unsupported flag $1" >&2
+        show_usage
+        exit 1
+        ;;
+    *) # preserve positional arguments
+        POS_PARMS="$POS_PARMS $1"
+        shift
+        ;;
     esac
 done
 
@@ -162,7 +162,6 @@
     log_warn "There was an issue deleting the index [${kibana_index_name}_*] holding content related to OpenSearch Dashboards tenant space [$ktenant]. You may need to manually delete this index. [$response]"
 fi
 
-
 # Delete access controls
 ./logging/bin/security_delete_rbac.sh "$namespace" "$tenant"
 
diff logging/bin/onboard.sh.orig logging/bin/onboard.sh
--- logging/bin/onboard.sh.orig
+++ logging/bin/onboard.sh
@@ -12,24 +12,22 @@
 
 this_script=$(basename "$0")
 
-
 function show_usage {
-  log_message  "Usage: $this_script --namespace NAMESPACE [--tenant TENANT] [OPTIONS]"
-  log_message  ""
-  log_message  "'Onboards' a SAS Viya deployment (namespace) or a specific tenant within that deployment.  This process allows admins responsible for a SAS Viya deployment (or a single tenant within a given deployment) to work with log messages collected from the deployment (or tenant within the deployment)."
-  log_message  "The onboarding process creates the security access controls and, optionally, an initial user granted access.  In addition, an OpenSearch Dashboards tenant space is created and populated with an initial set of OpenSearch Dashboards content (e.g. visualizations, dashboards, etc.)."
-  log_message  ""
-  log_message  "    Arguments:"
-  log_message  "     -ns, --namespace   NAMESPACE - (Required) The SAS Viya deployment/Kubernetes Namespace to 'on-board' or the namespace in which the tenant to 'on-board' resides."
-  log_message  "     -t,  --tenant      TENANT    - (Optional) The tenant within the specified SAS Viya deployment/Kubernetes Namespace to 'on-board'."
-  log_message  ""
-  log_message  "    Options:"
-  log_message  "        -u, --user [USER]           - Create an initial user with access to this OpenSearch Dashboards tenant space. User name is optional, by default its name will combine the OpenSearch Dashboards tenant space name with '_admin'."
-  log_message  "        -p, --password PASSWORD     - Password for the initial user."
-  log_message  ""
+    log_message "Usage: $this_script --namespace NAMESPACE [--tenant TENANT] [OPTIONS]"
+    log_message ""
+    log_message "'Onboards' a SAS Viya deployment (namespace) or a specific tenant within that deployment.  This process allows admins responsible for a SAS Viya deployment (or a single tenant within a given deployment) to work with log messages collected from the deployment (or tenant within the deployment)."
+    log_message "The onboarding process creates the security access controls and, optionally, an initial user granted access.  In addition, an OpenSearch Dashboards tenant space is created and populated with an initial set of OpenSearch Dashboards content (e.g. visualizations, dashboards, etc.)."
+    log_message ""
+    log_message "    Arguments:"
+    log_message "     -ns, --namespace   NAMESPACE - (Required) The SAS Viya deployment/Kubernetes Namespace to 'on-board' or the namespace in which the tenant to 'on-board' resides."
+    log_message "     -t,  --tenant      TENANT    - (Optional) The tenant within the specified SAS Viya deployment/Kubernetes Namespace to 'on-board'."
+    log_message ""
+    log_message "    Options:"
+    log_message "        -u, --user [USER]           - Create an initial user with access to this OpenSearch Dashboards tenant space. User name is optional, by default its name will combine the OpenSearch Dashboards tenant space name with '_admin'."
+    log_message "        -p, --password PASSWORD     - Password for the initial user."
+    log_message ""
 }
 
-
 # set flag indicating wrapper/driver script being run
 export LOGGING_DRIVER=true
 
@@ -41,69 +39,68 @@
 #
 POS_PARMS=""
 
-while (( "$#" )); do
-  case "$1" in
-    -ns|--namespace)
-      if [ -n "$2" ] && [ "${2:0:1}" != "-" ]; then
-        namespace=$2
-        shift 2
-      else
-        log_error "A value for parameter [NAMESPACE] has not been provided." >&2
-        show_usage
-        exit 2
-      fi
-      ;;
-    -t|--tenant)
-      if [ -n "$2" ] && [ "${2:0:1}" != "-" ]; then
-        tenant=$2
-        shift 2
-      else
-        log_error "A value for parameter [TENANT] has not been provided." >&2
-        show_usage
-        exit 2
-      fi
-      ;;
-    -u|--user)
-      if [ -n "$2" ] && [ "${2:0:1}" != "-" ]; then
-        createuser=true
-        inituser=$2
-        shift 2
-      else
-        # no initial user name provided, assign default name
-        createuser=true
-        shift 1
-      fi
-      ;;
-    -p|--password)
-      if [ -n "$2" ] && [ "${2:0:1}" != "-" ]; then
-        initpasswd=$2
-        shift 2
-      else
-        log_error "A value for parameter [PASSWORD] has not been provided." >&2
-        show_usage
-        exit 2
-      fi
-      ;;
-    -h|--help)
-      show_usage
-      exit
-      ;;
-    -*|--*=) # unsupported flags
-      log_error "Unsupported flag $1" >&2
-      show_usage
-      exit 1
-      ;;
+while (("$#")); do
+    case "$1" in
+    -ns | --namespace)
+        if [ -n "$2" ] && [ "${2:0:1}" != "-" ]; then
+            namespace=$2
+            shift 2
+        else
+            log_error "A value for parameter [NAMESPACE] has not been provided." >&2
+            show_usage
+            exit 2
+        fi
+        ;;
+    -t | --tenant)
+        if [ -n "$2" ] && [ "${2:0:1}" != "-" ]; then
+            tenant=$2
+            shift 2
+        else
+            log_error "A value for parameter [TENANT] has not been provided." >&2
+            show_usage
+            exit 2
+        fi
+        ;;
+    -u | --user)
+        if [ -n "$2" ] && [ "${2:0:1}" != "-" ]; then
+            createuser=true
+            inituser=$2
+            shift 2
+        else
+            # no initial user name provided, assign default name
+            createuser=true
+            shift 1
+        fi
+        ;;
+    -p | --password)
+        if [ -n "$2" ] && [ "${2:0:1}" != "-" ]; then
+            initpasswd=$2
+            shift 2
+        else
+            log_error "A value for parameter [PASSWORD] has not been provided." >&2
+            show_usage
+            exit 2
+        fi
+        ;;
+    -h | --help)
+        show_usage
+        exit
+        ;;
+    -* | --*=) # unsupported flags
+        log_error "Unsupported flag $1" >&2
+        show_usage
+        exit 1
+        ;;
     *) # preserve positional arguments
-      POS_PARMS="$POS_PARMS $1"
-      shift
-      ;;
-  esac
+        POS_PARMS="$POS_PARMS $1"
+        shift
+        ;;
+    esac
 done
 
 # set positional arguments in their proper place
 eval set -- "$POS_PARMS"
 
-
 # No positional parameters (other than ACTION) are supported
 if [ "$#" -ge 1 ]; then
     log_error "Unexpected additional arguments were found; exiting."
@@ -112,26 +109,26 @@
 fi
 
 # Convert namespace and tenant to all lower-case
-namespace=$(echo "$namespace"| tr '[:upper:]' '[:lower:]')
-tenant=$(echo "$tenant"| tr '[:upper:]' '[:lower:]')
+namespace=$(echo "$namespace" | tr '[:upper:]' '[:lower:]')
+tenant=$(echo "$tenant" | tr '[:upper:]' '[:lower:]')
 
 # validation of input args
 if [ "$namespace" == "global" ]; then
-   log_error "Invalid namespace value specified; you can NOT onboard the [global] namespace."
-   exit 1
+    log_error "Invalid namespace value specified; you can NOT onboard the [global] namespace."
+    exit 1
 fi
 
 validateNamespace "$namespace"
 
 if [ -n "$tenant" ]; then
-   validateTenantID "$tenant"
-
-   nst="${namespace}_${tenant}"
-   index_nst="${namespace}-__${tenant}__"
-else
-   nst="$namespace"
-   # shellcheck disable=SC2034
-   index_nst="${namespace}"
+    validateTenantID "$tenant"
+
+    nst="${namespace}_${tenant}"
+    index_nst="${namespace}-__${tenant}__"
+else
+    nst="$namespace"
+    # shellcheck disable=SC2034
+    index_nst="${namespace}"
 fi
 
 #FUTURE: Allow user to specify OpenSearch Dashboards tenant space name?
@@ -138,11 +135,11 @@
 ktenant=$nst
 
 if [ -n "$tenant" ]; then
-   tenant_description="An OpenSearch Dashboards tenant space for tenant [$tenant] within SAS Viya deployment (namespace) [$namespace]."
-   log_notice "Onboarding tenant [$tenant] within namespace [$namespace] [$(date)]"
-else
-   tenant_description="An OpenSearch Dashboards tenant space for SAS Viya deployment (namespace) [$namespace]."
-   log_notice "Onboarding namespace [$namespace] [$(date)]"
+    tenant_description="An OpenSearch Dashboards tenant space for tenant [$tenant] within SAS Viya deployment (namespace) [$namespace]."
+    log_notice "Onboarding tenant [$tenant] within namespace [$namespace] [$(date)]"
+else
+    tenant_description="An OpenSearch Dashboards tenant space for SAS Viya deployment (namespace) [$namespace]."
+    log_notice "Onboarding namespace [$namespace] [$(date)]"
 fi
 
 #
@@ -157,19 +154,19 @@
 
 # Create OpenSearch Dashboards tenant space (if it doesn't exist)
 if ! kibana_tenant_exists "$ktenant"; then
-   create_kibana_tenant "$ktenant" "$tenant_description"
-   rc=$?
-   if [ "$rc" == "0" ]; then
-      add_notice "                                                      "
-      add_notice "   The OpenSearch Dashboards tenant space [$ktenant] was created.   "
-      add_notice "                                                      "
-   else
-      log_error "Problems were encountered while attempting to create tenant space [$ktenant]."
-      exit 1
-   fi
-else
-   log_error "A OpenSearch Dashboards tenant space [$ktenant] already exists."
-   exit 1
+    create_kibana_tenant "$ktenant" "$tenant_description"
+    rc=$?
+    if [ "$rc" == "0" ]; then
+        add_notice "                                                      "
+        add_notice "   The OpenSearch Dashboards tenant space [$ktenant] was created.   "
+        add_notice "                                                      "
+    else
+        log_error "Problems were encountered while attempting to create tenant space [$ktenant]."
+        exit 1
+    fi
+else
+    log_error "A OpenSearch Dashboards tenant space [$ktenant] already exists."
+    exit 1
 fi
 
 # get KIBANA API URL
@@ -179,22 +176,22 @@
 ./logging/bin/import_osd_content.sh logging/osd/common "$ktenant"
 
 if [ -z "$tenant" ]; then
-   ./logging/bin/import_osd_content.sh logging/osd/namespace "$ktenant"
-else
-   ./logging/bin/import_osd_content.sh logging/osd/tenant    "$ktenant"
+    ./logging/bin/import_osd_content.sh logging/osd/namespace "$ktenant"
+else
+    ./logging/bin/import_osd_content.sh logging/osd/tenant "$ktenant"
 fi
 
 if [ -d "$USER_DIR/logging/osd" ] && [ "$USER_DIR" != "$(pwd)" ]; then
 
-   export IGNORE_NOT_FOUND="true"
-   ./logging/bin/import_osd_content.sh "$USER_DIR"/logging/osd/common "$ktenant"
-
-   if [ -z "$tenant" ]; then
-      ./logging/bin/import_osd_content.sh "$USER_DIR"/logging/osd/namespace "$ktenant"
-   else
-      ./logging/bin/import_osd_content.sh "$USER_DIR"/logging/osd/tenant    "$ktenant"
-   fi
-   unset IGNORE_NOT_FOUND
+    export IGNORE_NOT_FOUND="true"
+    ./logging/bin/import_osd_content.sh "$USER_DIR"/logging/osd/common "$ktenant"
+
+    if [ -z "$tenant" ]; then
+        ./logging/bin/import_osd_content.sh "$USER_DIR"/logging/osd/namespace "$ktenant"
+    else
+        ./logging/bin/import_osd_content.sh "$USER_DIR"/logging/osd/tenant "$ktenant"
+    fi
+    unset IGNORE_NOT_FOUND
 fi
 
 # Create access controls
@@ -203,32 +200,32 @@
 # Create an initial user
 if [ "$createuser" == "true" ]; then
 
-   if [ -z "$inituser" ]; then
-      inituser="${ktenant}_admin"
-
-   else
-      log_debug "Initial user name [$inituser] provided."
-   fi
-
-   if [ -n "$initpasswd" ]; then
-      passwdarg="-p $initpasswd"
-   else
-      passwdarg=""
-   fi
-
-   if user_exists "$inituser"; then
-      log_warn "A user with the requested user name of  [$inituser] already exists; the initial user account you requested was NOT created."
-      log_warn "This existing user may have completely different access controls than you intended for the initial user."
-      log_warn "You can create a new user with the appropriate access controls by calling the logging/bin/user.sh script directly."
-   else
-      if [ -z "$tenant" ]; then
-         ./logging/bin/user.sh CREATE -ns "$namespace" -u "$inituser" "$passwdarg"
-      else
-         ./logging/bin/user.sh CREATE -ns "$namespace" -t "$tenant" -u "$inituser" "$passwdarg"
-      fi
-   fi
-else
-   log_debug "An initial user will NOT be created."
+    if [ -z "$inituser" ]; then
+        inituser="${ktenant}_admin"
+
+    else
+        log_debug "Initial user name [$inituser] provided."
+    fi
+
+    if [ -n "$initpasswd" ]; then
+        passwdarg="-p $initpasswd"
+    else
+        passwdarg=""
+    fi
+
+    if user_exists "$inituser"; then
+        log_warn "A user with the requested user name of  [$inituser] already exists; the initial user account you requested was NOT created."
+        log_warn "This existing user may have completely different access controls than you intended for the initial user."
+        log_warn "You can create a new user with the appropriate access controls by calling the logging/bin/user.sh script directly."
+    else
+        if [ -z "$tenant" ]; then
+            ./logging/bin/user.sh CREATE -ns "$namespace" -u "$inituser" "$passwdarg"
+        else
+            ./logging/bin/user.sh CREATE -ns "$namespace" -t "$tenant" -u "$inituser" "$passwdarg"
+        fi
+    fi
+else
+    log_debug "An initial user will NOT be created."
 fi
 
 # Write any "notices" to console
@@ -241,7 +238,7 @@
 
 # Exit with an overall success/failure message
 if [ -n "$tenant" ]; then
-  log_notice "Successfully onboarded tenant [$tenant] within namespace [$namespace] [$(date)]"
-else
-  log_notice "Successfully onboarded namespace [$namespace] [$(date)]"
+    log_notice "Successfully onboarded tenant [$tenant] within namespace [$namespace] [$(date)]"
+else
+    log_notice "Successfully onboarded namespace [$namespace] [$(date)]"
 fi
diff logging/bin/remove_eventrouter.sh.orig logging/bin/remove_eventrouter.sh
--- logging/bin/remove_eventrouter.sh.orig
+++ logging/bin/remove_eventrouter.sh
@@ -17,21 +17,20 @@
 
 # Replace placeholders
 log_debug "Replacing logging namespace for files in [$logDir]"
-  if echo "$OSTYPE" | grep 'darwin' > /dev/null 2>&1; then
+if echo "$OSTYPE" | grep 'darwin' > /dev/null 2>&1; then
     sed -i '' "s/__LOG_NS__/$LOG_NS/g" "$logDir"/eventrouter.yaml
-  else
+else
     sed -i "s/__LOG_NS__/$LOG_NS/g" "$logDir"/eventrouter.yaml
-  fi
+fi
 
 log_info "Removing Event Router [$(date)]"
 # Remove existing instance of Event Router in the kube-system namespace (if present).
 if [[ $V4M_CURRENT_VERSION_FULL =~ 1.0 || $V4M_CURRENT_VERSION_FULL =~ 1.1.[0-2] ]]; then
-   # Remove existing instance of Event Router in the kube-system namespace (if present).
-   log_info "Removing instance of Event Router in the kube-system namespace"
-   kubectl delete --ignore-not-found -f logging/eventrouter/eventrouter_kubesystem.yaml
-else
-  kubectl delete --ignore-not-found -f "$logDir"/eventrouter.yaml
+    # Remove existing instance of Event Router in the kube-system namespace (if present).
+    log_info "Removing instance of Event Router in the kube-system namespace"
+    kubectl delete --ignore-not-found -f logging/eventrouter/eventrouter_kubesystem.yaml
+else
+    kubectl delete --ignore-not-found -f "$logDir"/eventrouter.yaml
 fi
 
 log_debug "Script [$this_script] has completed [$(date)]"
-
diff logging/bin/remove_logging_azmonitor.sh.orig logging/bin/remove_logging_azmonitor.sh
--- logging/bin/remove_logging_azmonitor.sh.orig
+++ logging/bin/remove_logging_azmonitor.sh
@@ -15,16 +15,15 @@
 log_info "Removing eventrouter..."
 logging/bin/remove_eventrouter.sh
 
-
 if [ "$LOG_DELETE_NAMESPACE_ON_REMOVE" == "true" ]; then
-  log_info "Deleting the [$LOG_NS] namespace..."
-  if kubectl delete namespace "$LOG_NS" --timeout "$KUBE_NAMESPACE_DELETE_TIMEOUT"; then
-    log_info "[$LOG_NS] namespace and logging components successfully removed"
-    exit 0
-  else
-    log_error "Unable to delete the [$LOG_NS] namespace"
-    exit 1
-  fi
+    log_info "Deleting the [$LOG_NS] namespace..."
+    if kubectl delete namespace "$LOG_NS" --timeout "$KUBE_NAMESPACE_DELETE_TIMEOUT"; then
+        log_info "[$LOG_NS] namespace and logging components successfully removed"
+        exit 0
+    else
+        log_error "Unable to delete the [$LOG_NS] namespace"
+        exit 1
+    fi
 fi
 
 log_info "Removing components from the [$LOG_NS] namespace..."
@@ -33,23 +32,21 @@
 sleep 60
 
 log_info "Checking contents of the [$LOG_NS] namespace:"
-crds=( secrets all )
+crds=(secrets all)
 empty="true"
-for crd in "${crds[@]}"
-do
-	out=$(kubectl get -n "$LOG_NS" "$crd" 2>&1)
-  if [[ "$out" =~ 'No resources found' ]]; then
-    :
-  else
-    empty="false"
-    log_warn "Found [$crd] resources in the [$LOG_NS] namespace:"
-    echo "$out"
-  fi
+for crd in "${crds[@]}"; do
+    out=$(kubectl get -n "$LOG_NS" "$crd" 2>&1)
+    if [[ $out =~ 'No resources found' ]]; then
+        :
+    else
+        empty="false"
+        log_warn "Found [$crd] resources in the [$LOG_NS] namespace:"
+        echo "$out"
+    fi
 done
 if [ "$empty" == "true" ]; then
-  log_info "  The [$LOG_NS] namespace is empty and should be safe to delete."
+    log_info "  The [$LOG_NS] namespace is empty and should be safe to delete."
 else
-  log_warn "  The [$LOG_NS] namespace is not empty."
-  log_warn "  Examine the resources above before deleting the namespace."
-fi
-
+    log_warn "  The [$LOG_NS] namespace is not empty."
+    log_warn "  Examine the resources above before deleting the namespace."
+fi
diff logging/bin/remove_servicemonitors_openshift.sh.orig logging/bin/remove_servicemonitors_openshift.sh
--- logging/bin/remove_servicemonitors_openshift.sh.orig
+++ logging/bin/remove_servicemonitors_openshift.sh
@@ -14,26 +14,26 @@
 DEPLOY_SERVICEMONITORS=${DEPLOY_SERVICEMONITORS:-false}
 
 if [ "$DEPLOY_SERVICEMONITORS" != "true" ]; then
-  log_info "Environment variable [DEPLOY_SERVICEMONITORS] is not set to 'true'; exiting b/c ServiceMonitors were not deployed."
-  exit
+    log_info "Environment variable [DEPLOY_SERVICEMONITORS] is not set to 'true'; exiting b/c ServiceMonitors were not deployed."
+    exit
 fi
 
 EVENTROUTER_ENABLE=${EVENTROUTER_ENABLE:-true}
 if [ "$EVENTROUTER_ENABLE" == "true" ]; then
-   # Eventrouter ServiceMonitor
-   kubectl delete --ignore-not-found -n "$LOG_NS" -f monitoring/monitors/kube/podMonitor-eventrouter.yaml
+    # Eventrouter ServiceMonitor
+    kubectl delete --ignore-not-found -n "$LOG_NS" -f monitoring/monitors/kube/podMonitor-eventrouter.yaml
 fi
 
 ELASTICSEARCH_ENABLE=${ELASTICSEARCH_ENABLE:-true}
 if [ "$ELASTICSEARCH_ENABLE" == "true" ]; then
-   # Elasticsearch ServiceMonitor
-   kubectl delete --ignore-not-found -n "$LOG_NS" -f monitoring/monitors/logging/serviceMonitor-elasticsearch.yaml
+    # Elasticsearch ServiceMonitor
+    kubectl delete --ignore-not-found -n "$LOG_NS" -f monitoring/monitors/logging/serviceMonitor-elasticsearch.yaml
 fi
 
 FLUENT_BIT_ENABLED=${FLUENT_BIT_ENABLED:-true}
 if [ "$FLUENT_BIT_ENABLED" == "true" ]; then
-   # Fluent Bit ServiceMonitors
-   kubectl delete --ignore-not-found -n "$LOG_NS" -f monitoring/monitors/logging/serviceMonitor-fluent-bit-v2.yaml
+    # Fluent Bit ServiceMonitors
+    kubectl delete --ignore-not-found -n "$LOG_NS" -f monitoring/monitors/logging/serviceMonitor-fluent-bit-v2.yaml
 fi
 
 log_info "ServiceMonitors have been removed."
diff logging/bin/security_create_rbac.sh.orig logging/bin/security_create_rbac.sh
--- logging/bin/security_create_rbac.sh.orig
+++ logging/bin/security_create_rbac.sh
@@ -30,16 +30,15 @@
 source logging/bin/rbac-include.sh
 source logging/bin/apiaccess-include.sh
 
-
 function show_usage {
-  log_message  "Usage: $this_script NAMESPACE [TENANT]"
-  log_message  ""
-  log_message  "Creates access controls (e.g. roles, role-mappings, etc.) to limit access to the specified namespace and, optionally, the specified tenant within that namespace."
-  log_message  ""
-  log_message  "        NAMESPACE - (Required) The SAS Viya deployment/Kubernetes Namespace for which access controls should be created"
-  log_message  ""
-  log_message  "        TENANT    - (Optional) The tenant with the SAS Viya deployment/Kubernetes Namespace for which access controls should be created"
-  log_message  ""
+    log_message "Usage: $this_script NAMESPACE [TENANT]"
+    log_message ""
+    log_message "Creates access controls (e.g. roles, role-mappings, etc.) to limit access to the specified namespace and, optionally, the specified tenant within that namespace."
+    log_message ""
+    log_message "        NAMESPACE - (Required) The SAS Viya deployment/Kubernetes Namespace for which access controls should be created"
+    log_message ""
+    log_message "        TENANT    - (Optional) The tenant with the SAS Viya deployment/Kubernetes Namespace for which access controls should be created"
+    log_message ""
 }
 
 #TO DO: Move to named args
@@ -48,15 +47,15 @@
 tenant=${2}
 
 # Convert namespace and tenant to all lower-case
-namespace=$(echo "$namespace"| tr '[:upper:]' '[:lower:]')
-tenant=$(echo "$tenant"| tr '[:upper:]' '[:lower:]')
+namespace=$(echo "$namespace" | tr '[:upper:]' '[:lower:]')
+tenant=$(echo "$tenant" | tr '[:upper:]' '[:lower:]')
 
 if [ "$namespace" == "_all_" ] && [ "$tenant" == "_all_" ]; then
-   log_debug "All cluster access RBACs requested"
-   cluster="true"
-else
-   cluster="false"
-   log_debug "namespace: $namespace tenant: $tenant"
+    log_debug "All cluster access RBACs requested"
+    cluster="true"
+else
+    cluster="false"
+    log_debug "namespace: $namespace tenant: $tenant"
 fi
 
 create_ktenant_roles=${CREATE_KTENANT_ROLE:-true}
@@ -63,58 +62,58 @@
 
 if [ "$cluster" == "true" ]; then
 
-   # creating cluster-wide RBACs
-   INDEX_PREFIX=viya_logs
-   INDEX_NST="*"
-   ROLENAME=search_index_-ALL-
-   BE_ROLENAME=V4MCLUSTER_ADMIN_kibana_users
-   NST="cluster_admins"
-   BE_GFDS_ROLENAME=V4MCLUSTER_ADMIN_grafana_dsusers
-   index_role_template="index_role_allcluster.json"
-   kibana_tenant_role_template="kibana_tenant_clusteradmins_role.json"
-
-else
-   # creating namespace or tenant limited RBACs
-   if [ -z "$namespace" ]; then
-     log_error "Required argument NAMESPACE not specified"
-     echo  ""
-     show_usage
-     exit 1
-   elif [[ "$namespace" =~ -H|--HELP|-h|--help ]]; then
-    show_usage
-    exit
-   fi
-
-   validateNamespace "$namespace"
-
-   if [[ "$tenant" =~ -H|--HELP|-h|--help ]]; then
-      show_usage
-      exit
-   elif [ -n "$tenant" ]; then
-
-      validateTenantID "$tenant"
-
-      NST="${namespace}_${tenant}"
-      INDEX_NST="${namespace}-__${tenant}__"
-   else
-      NST="$namespace"
-      INDEX_NST="${namespace}"
-   fi
-
-   if [ -n "$tenant" ]; then
-     log_notice "Creating access controls for tenant [$tenant] within namespace [$namespace] [$(date)]"
-   else
-     log_notice "Creating access controls for namespace [$namespace] [$(date)]"
-   fi
-
-   INDEX_PREFIX=viya_logs
-   ROLENAME=search_index_$NST
-   BE_ROLENAME=${NST}_kibana_users
-   BE_GFDS_ROLENAME=${NST}_grafana_dsusers
-   index_role_template="index_role.json"
-   kibana_tenant_role_template="kibana_tenant_limited_role.json"
-
-   log_debug "NST: $NST TENANT: $tenant NAMESPACE: $namespace ROLENAME: $ROLENAME"
+    # creating cluster-wide RBACs
+    INDEX_PREFIX=viya_logs
+    INDEX_NST="*"
+    ROLENAME=search_index_-ALL-
+    BE_ROLENAME=V4MCLUSTER_ADMIN_kibana_users
+    NST="cluster_admins"
+    BE_GFDS_ROLENAME=V4MCLUSTER_ADMIN_grafana_dsusers
+    index_role_template="index_role_allcluster.json"
+    kibana_tenant_role_template="kibana_tenant_clusteradmins_role.json"
+
+else
+    # creating namespace or tenant limited RBACs
+    if [ -z "$namespace" ]; then
+        log_error "Required argument NAMESPACE not specified"
+        echo ""
+        show_usage
+        exit 1
+    elif [[ $namespace =~ -H|--HELP|-h|--help ]]; then
+        show_usage
+        exit
+    fi
+
+    validateNamespace "$namespace"
+
+    if [[ $tenant =~ -H|--HELP|-h|--help ]]; then
+        show_usage
+        exit
+    elif [ -n "$tenant" ]; then
+
+        validateTenantID "$tenant"
+
+        NST="${namespace}_${tenant}"
+        INDEX_NST="${namespace}-__${tenant}__"
+    else
+        NST="$namespace"
+        INDEX_NST="${namespace}"
+    fi
+
+    if [ -n "$tenant" ]; then
+        log_notice "Creating access controls for tenant [$tenant] within namespace [$namespace] [$(date)]"
+    else
+        log_notice "Creating access controls for namespace [$namespace] [$(date)]"
+    fi
+
+    INDEX_PREFIX=viya_logs
+    ROLENAME=search_index_$NST
+    BE_ROLENAME=${NST}_kibana_users
+    BE_GFDS_ROLENAME=${NST}_grafana_dsusers
+    index_role_template="index_role.json"
+    kibana_tenant_role_template="kibana_tenant_limited_role.json"
+
+    log_debug "NST: $NST TENANT: $tenant NAMESPACE: $namespace ROLENAME: $ROLENAME"
 
 fi
 
@@ -122,28 +121,25 @@
 cp logging/opensearch/rbac "$TMP_DIR" -r
 
 # Replace PLACEHOLDERS
-sed -i'.bak' "s/xxIDXPREFIXxx/$INDEX_PREFIX/g"  "$TMP_DIR"/rbac/*.json     # IDXPREFIX
-sed -i'.bak' "s/xxNAMESPACExx/$namespace/g"     "$TMP_DIR"/rbac/*.json     # NAMESPACE
-sed -i'.bak' "s/xxTENANTxx/$tenant/g"           "$TMP_DIR"/rbac/*.json     # TENANT
-sed -i'.bak' "s/xxIDXNSTxx/$INDEX_NST/g"        "$TMP_DIR"/rbac/*.json     # NAMESPACE|NAMESPACE-__TENANT__    (used in index names)
-sed -i'.bak' "s/xxNSTxx/$NST/g"                 "$TMP_DIR"/rbac/*.json     # NAMESPACE|NAMESPACE_TENANT        (used in RBAC names)
-
+sed -i'.bak' "s/xxIDXPREFIXxx/$INDEX_PREFIX/g" "$TMP_DIR"/rbac/*.json # IDXPREFIX
+sed -i'.bak' "s/xxNAMESPACExx/$namespace/g" "$TMP_DIR"/rbac/*.json    # NAMESPACE
+sed -i'.bak' "s/xxTENANTxx/$tenant/g" "$TMP_DIR"/rbac/*.json          # TENANT
+sed -i'.bak' "s/xxIDXNSTxx/$INDEX_NST/g" "$TMP_DIR"/rbac/*.json       # NAMESPACE|NAMESPACE-__TENANT__    (used in index names)
+sed -i'.bak' "s/xxNSTxx/$NST/g" "$TMP_DIR"/rbac/*.json                # NAMESPACE|NAMESPACE_TENANT        (used in RBAC names)
 
 # get admin credentials
 # shellcheck disable=SC2155
-export ES_ADMIN_USER=$(kubectl -n "$LOG_NS" get secret internal-user-admin -o=jsonpath="{.data.username}" |base64 --decode)
-# shellcheck disable=SC2155
-export ES_ADMIN_PASSWD=$(kubectl -n "$LOG_NS" get secret internal-user-admin -o=jsonpath="{.data.password}" |base64 --decode)
-
+export ES_ADMIN_USER=$(kubectl -n "$LOG_NS" get secret internal-user-admin -o=jsonpath="{.data.username}" | base64 --decode)
+# shellcheck disable=SC2155
+export ES_ADMIN_PASSWD=$(kubectl -n "$LOG_NS" get secret internal-user-admin -o=jsonpath="{.data.password}" | base64 --decode)
 
 # Get Security API URL
 get_sec_api_url
 
 if [ -z "$sec_api_url" ]; then
-   log_error "Unable to determine URL to access security API endpoint"
-   exit 1
-fi
-
+    log_error "Unable to determine URL to access security API endpoint"
+    exit 1
+fi
 
 #index user (controls access to indexes)
 ensure_role_exists "$ROLENAME" "$TMP_DIR"/rbac/$index_role_template
@@ -154,12 +150,11 @@
 add_rolemapping v4m_grafana_dsuser "$BE_GFDS_ROLENAME" null
 add_rolemapping "$ROLENAME" "$BE_GFDS_ROLENAME"
 
-
 #tenant role (controls access to Kibanas tenant spaces)
 if [ "$create_ktenant_roles" == "true" ]; then
 
-   ensure_role_exists tenant_"${NST}" "$TMP_DIR"/rbac/$kibana_tenant_role_template
-   add_rolemapping  tenant_"${NST}" "$BE_ROLENAME"
+    ensure_role_exists tenant_"${NST}" "$TMP_DIR"/rbac/$kibana_tenant_role_template
+    add_rolemapping tenant_"${NST}" "$BE_ROLENAME"
 
 fi
 
@@ -170,22 +165,21 @@
 log_notice "Access controls created [$(date)]"
 echo ""
 
-add_notice    "Assign users the back-end role of  [${BE_ROLENAME}] to"
-add_notice    "grant them access to OpenSearch Dashboards and log messages from"
-if [ "$cluster" == "true" ]; then
-   add_notice "ALL tenants and ALL namespaces"
+add_notice "Assign users the back-end role of  [${BE_ROLENAME}] to"
+add_notice "grant them access to OpenSearch Dashboards and log messages from"
+if [ "$cluster" == "true" ]; then
+    add_notice "ALL tenants and ALL namespaces"
 elif [ -n "$tenant" ]; then
-   add_notice "ONLY the [$tenant] tenant within the [$namespace] namespace"
-else
-   add_notice "ONLY the [$namespace] namespace."
+    add_notice "ONLY the [$tenant] tenant within the [$namespace] namespace"
+else
+    add_notice "ONLY the [$namespace] namespace."
 fi
 
 LOGGING_DRIVER=${LOGGING_DRIVER:-false}
 if [ "$LOGGING_DRIVER" != "true" ]; then
-   echo ""
-   log_notice    "================================================================================="
-   display_notices
-   log_notice    "================================================================================="
-   echo ""
-fi
-
+    echo ""
+    log_notice "================================================================================="
+    display_notices
+    log_notice "================================================================================="
+    echo ""
+fi
diff logging/bin/security_delete_rbac.sh.orig logging/bin/security_delete_rbac.sh
--- logging/bin/security_delete_rbac.sh.orig
+++ logging/bin/security_delete_rbac.sh
@@ -33,89 +33,89 @@
 tenant=${2}
 
 if [ -z "$namespace" ]; then
-  log_error "Required argument NAMESPACE not specified"
-  log_message  ""
-  log_message  "Usage: $this_script NAMESPACE"
-  log_message  ""
-  log_message  "Deletes access control artifacts (e.g. roles, role-mappings, etc.) previously created to limit access to the specified namespace."
-  log_message  ""
-  log_message  "        NAMESPACE - (Required) The SAS Viya deployment/Kubernetes Namespace for which access controls should be deleted"
-  log_message  "        TENANT    - (Optional) The tenant with the SAS Viya deployment/Kubernetes Namespace for which access controls should be created"
-  log_message  ""
-
-  exit 1
+    log_error "Required argument NAMESPACE not specified"
+    log_message ""
+    log_message "Usage: $this_script NAMESPACE"
+    log_message ""
+    log_message "Deletes access control artifacts (e.g. roles, role-mappings, etc.) previously created to limit access to the specified namespace."
+    log_message ""
+    log_message "        NAMESPACE - (Required) The SAS Viya deployment/Kubernetes Namespace for which access controls should be deleted"
+    log_message "        TENANT    - (Optional) The tenant with the SAS Viya deployment/Kubernetes Namespace for which access controls should be created"
+    log_message ""
+
+    exit 1
 fi
 
 # Convert namespace and tenant to all lower-case
-namespace=$(echo "$namespace"| tr '[:upper:]' '[:lower:]')
-tenant=$(echo "$tenant"| tr '[:upper:]' '[:lower:]')
+namespace=$(echo "$namespace" | tr '[:upper:]' '[:lower:]')
+tenant=$(echo "$tenant" | tr '[:upper:]' '[:lower:]')
 
 if [ "$namespace" == "_all_" ] && [ "$tenant" == "_all_" ]; then
-   log_debug "Deleting of All cluster access RBACs requested"
-   cluster="true"
-else
-   cluster="false"
-fi
-
-if [ "$cluster" == "true" ]; then
-
-   # deleting cluster-wide RBACs
-   ROLENAME="search_index_-ALL-"
-   BACKENDROLE="V4MCLUSTER_ADMIN_kibana_users"
-   GFDS_BACKENDROLE="V4MCLUSTER_ADMIN_grafana_dsusers"
-   NST="cluster_admins"
-
-else
-   # deleting namespace or tenant limited RBACs
-   validateNamespace "$namespace"
-
-   if [ -n "$tenant" ]; then
-      validateTenantID "$tenant"
-
-      NST="${namespace}_${tenant}"
-
-      log_notice "Deleting access controls for the [$tenant] tenant within the namespace [$namespace] [$(date)]"
-
-   else
-      NST="$namespace"
-      log_notice "Deleting access controls for namespace [$namespace] [$(date)]"
-   fi
-
-   ROLENAME="search_index_$NST"
-   BACKENDROLE="${NST}_kibana_users"
-   GFDS_BACKENDROLE="${NST}_grafana_dsusers"
-
-   log_debug "NAMESPACE: $namespace TENANT: $tenant ROLENAME: $ROLENAME BACKENDROLE: $BACKENDROLE GFDS_BACKENDROLE: $GFDS_BACKENDROLE"
+    log_debug "Deleting of All cluster access RBACs requested"
+    cluster="true"
+else
+    cluster="false"
+fi
+
+if [ "$cluster" == "true" ]; then
+
+    # deleting cluster-wide RBACs
+    ROLENAME="search_index_-ALL-"
+    BACKENDROLE="V4MCLUSTER_ADMIN_kibana_users"
+    GFDS_BACKENDROLE="V4MCLUSTER_ADMIN_grafana_dsusers"
+    NST="cluster_admins"
+
+else
+    # deleting namespace or tenant limited RBACs
+    validateNamespace "$namespace"
+
+    if [ -n "$tenant" ]; then
+        validateTenantID "$tenant"
+
+        NST="${namespace}_${tenant}"
+
+        log_notice "Deleting access controls for the [$tenant] tenant within the namespace [$namespace] [$(date)]"
+
+    else
+        NST="$namespace"
+        log_notice "Deleting access controls for namespace [$namespace] [$(date)]"
+    fi
+
+    ROLENAME="search_index_$NST"
+    BACKENDROLE="${NST}_kibana_users"
+    GFDS_BACKENDROLE="${NST}_grafana_dsusers"
+
+    log_debug "NAMESPACE: $namespace TENANT: $tenant ROLENAME: $ROLENAME BACKENDROLE: $BACKENDROLE GFDS_BACKENDROLE: $GFDS_BACKENDROLE"
 fi
 
 # get admin credentials
 # shellcheck disable=SC2155
-export ES_ADMIN_USER=$(kubectl -n "$LOG_NS" get secret internal-user-admin -o=jsonpath="{.data.username}" |base64 --decode)
-# shellcheck disable=SC2155
-export ES_ADMIN_PASSWD=$(kubectl -n "$LOG_NS" get secret internal-user-admin -o=jsonpath="{.data.password}" |base64 --decode)
+export ES_ADMIN_USER=$(kubectl -n "$LOG_NS" get secret internal-user-admin -o=jsonpath="{.data.username}" | base64 --decode)
+# shellcheck disable=SC2155
+export ES_ADMIN_PASSWD=$(kubectl -n "$LOG_NS" get secret internal-user-admin -o=jsonpath="{.data.password}" | base64 --decode)
 
 # Get Security API URL
 get_sec_api_url
 
 if [ -z "$sec_api_url" ]; then
-   log_error "Unable to determine URL to access security API endpoint"
-   exit 1
+    log_error "Unable to determine URL to access security API endpoint"
+    exit 1
 fi
 
 # handle $ROLENAME
 if role_exists "$ROLENAME"; then
-   delete_rolemappings "$ROLENAME"
-   delete_role "$ROLENAME"
-
-   # handle tenant_$NST
-   delete_rolemappings tenant_"${NST}"
-   delete_role tenant_"${NST}"
-else
-  log_verbose "The role [$ROLENAME] does not exist; nothing to delete"
+    delete_rolemappings "$ROLENAME"
+    delete_role "$ROLENAME"
+
+    # handle tenant_$NST
+    delete_rolemappings tenant_"${NST}"
+    delete_role tenant_"${NST}"
+else
+    log_verbose "The role [$ROLENAME] does not exist; nothing to delete"
 fi
 
 # handle KIBANA_USER
-remove_rolemapping kibana_user     "$BACKENDROLE"    # Needed for RBACs created prior to MT support (should be no-op for post MT RBACs)
+remove_rolemapping kibana_user "$BACKENDROLE" # Needed for RBACs created prior to MT support (should be no-op for post MT RBACs)
 remove_rolemapping v4m_kibana_user "$BACKENDROLE"
 
 # handle Grafana Data Source user
@@ -124,10 +124,9 @@
 log_notice "Access controls deleted [$(date)]"
 echo ""
 if [ "$cluster" == "true" ]; then
-   log_verbose "You may want to consider deleting users whose *only* role(s) were 'V4MCLUSTER_ADMIN_kibana_users' and/or 'search_index_-ALL-'"
+    log_verbose "You may want to consider deleting users whose *only* role(s) were 'V4MCLUSTER_ADMIN_kibana_users' and/or 'search_index_-ALL-'"
 elif [ -n "$tenant" ]; then
-   log_notice "You should delete any users whose only purpose was to access log messages from the [$tenant] tenant within the [$namespace] namespace  "
-else
-   log_notice "You should delete any users whose only purpose was to access log messages from the [$namespace] namespace  "
-fi
-
+    log_notice "You should delete any users whose only purpose was to access log messages from the [$tenant] tenant within the [$namespace] namespace  "
+else
+    log_notice "You should delete any users whose only purpose was to access log messages from the [$namespace] namespace  "
+fi
diff logging/bin/user.sh.orig logging/bin/user.sh
--- logging/bin/user.sh.orig
+++ logging/bin/user.sh
@@ -1,10 +1,8 @@
 #!/bin/bash
 
-
 # Copyright © 2020, SAS Institute Inc., Cary, NC, USA.  All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0
 
-
 cd "$(dirname "$BASH_SOURCE")/../.."
 source logging/bin/common.sh
 this_script=$(basename "$0")
@@ -13,39 +11,39 @@
 source logging/bin/apiaccess-include.sh
 
 function show_usage {
-  which_action=$1
-  case "$which_action" in
+    which_action=$1
+    case "$which_action" in
     "CREATE")
-       log_message  ""
-       log_message  "Usage: $this_script CREATE [REQUIRED_PARAMETERS] [OPTIONS] "
-       log_message  ""
-       log_message  "Creates a user in the internal user database and limits their access to only log messages from the specified namespace and, optionally, more narrowly, to the specified tenant within the specified namespace"
-       log_message  ""
-       log_message  "     -ns, --namespace   NAMESPACE - (Required) The SAS Viya deployment/Kubernetes Namespace to which this user should be granted access"
-       log_message  "     -t,  --tenant      TENANT    - (Optional) The tenant within the specific SAS Viya deployment/Kubernetes Namespace to which this user should be granted access."
-       log_message  "     -u,  --user        USERNAME  - (Optional) The username to be created (default: [NAMESPACE]|[NAMESPACE_TENANT]_admin)"
-       log_message  "     -p,  --password    PASSWORD  - (Optional) The password for the newly created account (default: [USERNAME])"
-       echo ""
-       ;;
+        log_message ""
+        log_message "Usage: $this_script CREATE [REQUIRED_PARAMETERS] [OPTIONS] "
+        log_message ""
+        log_message "Creates a user in the internal user database and limits their access to only log messages from the specified namespace and, optionally, more narrowly, to the specified tenant within the specified namespace"
+        log_message ""
+        log_message "     -ns, --namespace   NAMESPACE - (Required) The SAS Viya deployment/Kubernetes Namespace to which this user should be granted access"
+        log_message "     -t,  --tenant      TENANT    - (Optional) The tenant within the specific SAS Viya deployment/Kubernetes Namespace to which this user should be granted access."
+        log_message "     -u,  --user        USERNAME  - (Optional) The username to be created (default: [NAMESPACE]|[NAMESPACE_TENANT]_admin)"
+        log_message "     -p,  --password    PASSWORD  - (Optional) The password for the newly created account (default: [USERNAME])"
+        echo ""
+        ;;
     "DELETE")
-       log_message  "Usage: $this_script DELETE [REQUIRED_PARAMETERS]"
-       log_message  ""
-       log_message  "Removes the specified user from the internal user database"
-       log_message  ""
-       log_message  "     -u,  --user        USERNAME  - (Required) The username to be deleted."
-       ;;
+        log_message "Usage: $this_script DELETE [REQUIRED_PARAMETERS]"
+        log_message ""
+        log_message "Removes the specified user from the internal user database"
+        log_message ""
+        log_message "     -u,  --user        USERNAME  - (Required) The username to be deleted."
+        ;;
     *)
-       log_message  ""
-       log_message  "Usage: $this_script ACTION [REQUIRED_PARAMETERS] [OPTIONS] "
-       log_message  ""
-       log_message  "Creates or deletes a user in the internal user database.  Newly created users are granted permission limiting their access to log messages for the specified namespace, and, optionally, to a specific tenant within that namespace."
-       log_message  ""
-       log_message  "        ACTION - (Required) one of the following actions: [CREATE, DELETE]"
-       log_message  ""
-       log_message  "        Additional help information, including details of required and optional parameters, can be displayed by submitting the command: $this_script ACTION --help"
-       echo ""
-       ;;
-  esac
+        log_message ""
+        log_message "Usage: $this_script ACTION [REQUIRED_PARAMETERS] [OPTIONS] "
+        log_message ""
+        log_message "Creates or deletes a user in the internal user database.  Newly created users are granted permission limiting their access to log messages for the specified namespace, and, optionally, to a specific tenant within that namespace."
+        log_message ""
+        log_message "        ACTION - (Required) one of the following actions: [CREATE, DELETE]"
+        log_message ""
+        log_message "        Additional help information, including details of required and optional parameters, can be displayed by submitting the command: $this_script ACTION --help"
+        echo ""
+        ;;
+    esac
 }
 
 set -e
@@ -52,66 +50,66 @@
 
 POS_PARMS=""
 
-while (( "$#" )); do
-  case "$1" in
-    -ns|--namespace)
-      if [ -n "$2" ] && [ "${2:0:1}" != "-" ]; then
-        namespace=$2
-        shift 2
-      else
-        log_error "Error: A value for parameter [Namespace] has not been provided." >&2
-        show_usage
-        exit 2
-      fi
-      ;;
-    -t|--tenant)
-      if [ -n "$2" ] && [ "${2:0:1}" != "-" ]; then
-        tenant=$2
-        shift 2
-      else
-        log_error "Error: A value for parameter [Tenant] has not been provided." >&2
-        show_usage
-      exit 2
-      fi
-      ;;
-    -u|--user|--username)
-      if [ -n "$2" ] && [ "${2:0:1}" != "-" ]; then
-        username=$2
-        shift 2
-      else
-        log_error "Error: A value for parameter [User] has not been provided." >&2
-        show_usage
-      exit 2
-      fi
-      ;;
-    -p|--password)
-      if [ -n "$2" ] && [ "${2:0:1}" != "-" ]; then
-        password=$2
-        shift 2
-      else
-        log_error "Error: A value for parameter [Password] has not been provided." >&2
-        show_usage
-        exit 2
-      fi
-      ;;
-    -g|--grafanads)
-      grafanads_user="true"
-      shift
-      ;;
-    -h|--help)
-      show_usage=1
-      shift
-      ;;
-    -*|--*=) # unsupported flags
-      log_error "Error: Unsupported flag $1" >&2
-      show_usage
-      exit 2
-      ;;
+while (("$#")); do
+    case "$1" in
+    -ns | --namespace)
+        if [ -n "$2" ] && [ "${2:0:1}" != "-" ]; then
+            namespace=$2
+            shift 2
+        else
+            log_error "Error: A value for parameter [Namespace] has not been provided." >&2
+            show_usage
+            exit 2
+        fi
+        ;;
+    -t | --tenant)
+        if [ -n "$2" ] && [ "${2:0:1}" != "-" ]; then
+            tenant=$2
+            shift 2
+        else
+            log_error "Error: A value for parameter [Tenant] has not been provided." >&2
+            show_usage
+            exit 2
+        fi
+        ;;
+    -u | --user | --username)
+        if [ -n "$2" ] && [ "${2:0:1}" != "-" ]; then
+            username=$2
+            shift 2
+        else
+            log_error "Error: A value for parameter [User] has not been provided." >&2
+            show_usage
+            exit 2
+        fi
+        ;;
+    -p | --password)
+        if [ -n "$2" ] && [ "${2:0:1}" != "-" ]; then
+            password=$2
+            shift 2
+        else
+            log_error "Error: A value for parameter [Password] has not been provided." >&2
+            show_usage
+            exit 2
+        fi
+        ;;
+    -g | --grafanads)
+        grafanads_user="true"
+        shift
+        ;;
+    -h | --help)
+        show_usage=1
+        shift
+        ;;
+    -* | --*=) # unsupported flags
+        log_error "Error: Unsupported flag $1" >&2
+        show_usage
+        exit 2
+        ;;
     *) # preserve positional arguments
-      POS_PARMS="$POS_PARMS $1"
-      shift
-      ;;
-  esac
+        POS_PARMS="$POS_PARMS $1"
+        shift
+        ;;
+    esac
 done
 
 # set positional arguments in their proper place
@@ -122,21 +120,21 @@
     show_usage
     exit 1
 else
-   action=$(echo "$1"|tr '[a-z]' '[A-Z]')
-   shift
-
-   if [ "$action" != "CREATE" ] &&  [ "$action" != "DELETE" ] ; then
-      log_error "Invalid action [$action] specified; exiting"
-      show_usage
-      exit 1
-   fi
+    action=$(echo "$1" | tr '[a-z]' '[A-Z]')
+    shift
+
+    if [ "$action" != "CREATE" ] && [ "$action" != "DELETE" ]; then
+        log_error "Invalid action [$action] specified; exiting"
+        show_usage
+        exit 1
+    fi
 fi
 
 log_debug "Action: $action"
 
 if [ "$show_usage" == "1" ]; then
-   show_usage "$action"
-   exit
+    show_usage "$action"
+    exit
 fi
 
 # No positional parameters (other than ACTION) are supported
@@ -146,31 +144,29 @@
     exit 4
 fi
 
-
 log_debug "POS_PARMS: $POS_PARMS"
 
 # Convert namespace and tenant to all lower-case
-namespace=$(echo "$namespace"| tr '[:upper:]' '[:lower:]')
-tenant=$(echo "$tenant"| tr '[:upper:]' '[:lower:]')
-
+namespace=$(echo "$namespace" | tr '[:upper:]' '[:lower:]')
+tenant=$(echo "$tenant" | tr '[:upper:]' '[:lower:]')
 
 if [ "$namespace" == "_all_" ] && [ "$tenant" == "_all_" ]; then
-   if [ -z "$username"  ] && [ "$grafanads_user" != "true" ]; then
-     log_error "Required parameter USERNAME not specified"
-     show_usage "$action"
-     exit 4
-   fi
-   cluster="true"
-   namespace=''
-   tenant=''
-else
-   cluster="false"
-
-   if [ -z "$username"  ] && [ -z "$namespace" ]; then
-     log_error "Required parameter(s) NAMESPACE and/or USERNAME not specified"
-     show_usage "$action"
-     exit 4
-   fi
+    if [ -z "$username" ] && [ "$grafanads_user" != "true" ]; then
+        log_error "Required parameter USERNAME not specified"
+        show_usage "$action"
+        exit 4
+    fi
+    cluster="true"
+    namespace=''
+    tenant=''
+else
+    cluster="false"
+
+    if [ -z "$username" ] && [ -z "$namespace" ]; then
+        log_error "Required parameter(s) NAMESPACE and/or USERNAME not specified"
+        show_usage "$action"
+        exit 4
+    fi
 fi
 
 log_debug "CLUSTER: $cluster NAMESPACE: $namespace TENANT: $tenant NST: $nst USERNAME: $username"
@@ -177,121 +173,117 @@
 
 # get admin credentials
 # shellcheck disable=SC2155
-export ES_ADMIN_USER=$(kubectl -n "$LOG_NS" get secret internal-user-admin -o=jsonpath="{.data.username}" |base64 --decode)
-# shellcheck disable=SC2155
-export ES_ADMIN_PASSWD=$(kubectl -n "$LOG_NS" get secret internal-user-admin -o=jsonpath="{.data.password}" |base64 --decode)
-
+export ES_ADMIN_USER=$(kubectl -n "$LOG_NS" get secret internal-user-admin -o=jsonpath="{.data.username}" | base64 --decode)
+# shellcheck disable=SC2155
+export ES_ADMIN_PASSWD=$(kubectl -n "$LOG_NS" get secret internal-user-admin -o=jsonpath="{.data.password}" | base64 --decode)
 
 # Get Security API URL
 get_sec_api_url
 
 if [ -z "$sec_api_url" ]; then
-   log_error "Unable to determine URL to access security API endpoint"
-   exit 1
-fi
-
+    log_error "Unable to determine URL to access security API endpoint"
+    exit 1
+fi
 
 case "$action" in
-   CREATE)
-      if [ "$cluster" == "true" ]; then
-         if [ "$grafanads_user" == "true" ]; then
+CREATE)
+    if [ "$cluster" == "true" ]; then
+        if [ "$grafanads_user" == "true" ]; then
             berole="V4MCLUSTER_ADMIN_grafana_dsusers"
             pwdchangetxt="Do NOT use OpenSearch Dashboards or API, MUST re-run Grafana datasource creation script"
-         else
+        else
             berole="V4MCLUSTER_ADMIN_kibana_users"
-         fi
-         rolename="search_index_-ALL-"
-         scope="ALL namespaces"
-      else
-         if [ -z "$namespace" ]; then
+        fi
+        rolename="search_index_-ALL-"
+        scope="ALL namespaces"
+    else
+        if [ -z "$namespace" ]; then
             log_error "Required argument NAMESPACE no specified"
             echo ""
             show_usage CREATE
             exit 1
-         fi
-
-         if [ -n "$tenant" ]; then
+        fi
+
+        if [ -n "$tenant" ]; then
             nst="${namespace}_${tenant}"
             scope="the tenant [$tenant] within the namespace [$namespace]"
-         else
+        else
             nst="$namespace"
             scope="namespace [$namespace]"
-         fi
-
-         rolename=search_index_$nst
-
-         if [ "$grafanads_user" == "true" ]; then
+        fi
+
+        rolename=search_index_$nst
+
+        if [ "$grafanads_user" == "true" ]; then
             berole="${nst}_grafana_dsusers"
             pwdchangetxt="Do NOT use OpenSearch Dashboards or API, MUST re-run Grafana datasource creation script"
-         else
+        else
             berole="${nst}_kibana_users"
 
             if [ -z "$username" ]; then
-               username="${nst}_admin"
+                username="${nst}_admin"
             fi
-         fi
-      fi
-
-      log_info "Attempting to create user [$username] and grant them access to log messages from $scope [$(date)]"
-
-      # Check if user exists
-      if user_exists "$username"; then
-         log_error "A user with this name [$username] already exists."
-         exit 1
-      fi
-
-      #Check if role exists
-      if ! role_exists "$rolename"; then
-         log_error "The expected access control role [$rolename] does NOT exist."
-         if [ "$cluster" != "true" ]; then
+        fi
+    fi
+
+    log_info "Attempting to create user [$username] and grant them access to log messages from $scope [$(date)]"
+
+    # Check if user exists
+    if user_exists "$username"; then
+        log_error "A user with this name [$username] already exists."
+        exit 1
+    fi
+
+    #Check if role exists
+    if ! role_exists "$rolename"; then
+        log_error "The expected access control role [$rolename] does NOT exist."
+        if [ "$cluster" != "true" ]; then
             log_error "You must on-oboard $scope to create required the access control role."
-         fi
-         exit 1
-      fi
-
-      password=${password:-$username}
-
-      if [ -z "$namespace" ]; then
-         nsconstraint="-none-"
-      else
-         nsconstraint=$namespace
-      fi
-      if [ -z "$tenant" ]; then
-         tconstraint="-none-"
-      else
-         tconstraint=$tenant
-      fi
-
-      if [ -z "$pwdchangetxt" ]; then
-         pwdchangetxt="Use OpenSearch Dashboards or API"
-      fi
-
-      exitnow="false"
-      weakpassword="false"
-      loopcounter=1
-      until [ "$exitnow" == "true" ]
-      do
-
-         cp logging/opensearch/rbac/user.json "$TMP_DIR"/user.json
-         # Replace PLACEHOLDERS
-         sed -i'.bak' "s/xxBEROLExx/$berole/g"             "$TMP_DIR"/user.json      # (NAMESPACE|NAMESPACE_TENANT|'V4MCLUSTER_ADMIN') + '_kibana_users'
-         sed -i'.bak' "s/xxNSCONSTRAINTxx/$nsconstraint/g" "$TMP_DIR"/user.json      # NAMESPACE|'-none-'
-         sed -i'.bak' "s/xxTCONSTRAINTxx/$tconstraint/g"   "$TMP_DIR"/user.json      # TENANT|'-none-'
-         sed -i'.bak' "s/xxPASSWORDxx/$password/g"         "$TMP_DIR"/user.json      # PASSWORD
-         sed -i'.bak' "s/xxCREATEDBYxx/$this_script/g"     "$TMP_DIR"/user.json      # CREATEDBY
-         sed -i'.bak' "s/xxPWDCHANGEXX/$pwdchangetxt/g"    "$TMP_DIR"/user.json      # PASSWORD CHANGE MECHANISM (OSD|change_internal_password.sh script)
-         sed -i'.bak' "s/xxDATETIMExx/$(date)/g"           "$TMP_DIR"/user.json      # DATE
-
-         log_debug "Contents of user.json template file after substitutions: \n $(cat "$TMP_DIR"/user.json)"
-
-
-         #remove any existing instance of this file
-         rm -f "$TMP_DIR"/user_create.txt
-
-         # Create user
-         response=$(curl -s -o "$TMP_DIR"/user_create.txt -w "%{http_code}" -XPUT "$sec_api_url/internalusers/$username"  -H 'Content-Type: application/json' -d @"$TMP_DIR"/user.json  --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)
-
-         if grep -i 'weak password' "$TMP_DIR"/user_create.txt >/dev/null 2>&1; then
+        fi
+        exit 1
+    fi
+
+    password=${password:-$username}
+
+    if [ -z "$namespace" ]; then
+        nsconstraint="-none-"
+    else
+        nsconstraint=$namespace
+    fi
+    if [ -z "$tenant" ]; then
+        tconstraint="-none-"
+    else
+        tconstraint=$tenant
+    fi
+
+    if [ -z "$pwdchangetxt" ]; then
+        pwdchangetxt="Use OpenSearch Dashboards or API"
+    fi
+
+    exitnow="false"
+    weakpassword="false"
+    loopcounter=1
+    until [ "$exitnow" == "true" ]; do
+
+        cp logging/opensearch/rbac/user.json "$TMP_DIR"/user.json
+        # Replace PLACEHOLDERS
+        sed -i'.bak' "s/xxBEROLExx/$berole/g" "$TMP_DIR"/user.json             # (NAMESPACE|NAMESPACE_TENANT|'V4MCLUSTER_ADMIN') + '_kibana_users'
+        sed -i'.bak' "s/xxNSCONSTRAINTxx/$nsconstraint/g" "$TMP_DIR"/user.json # NAMESPACE|'-none-'
+        sed -i'.bak' "s/xxTCONSTRAINTxx/$tconstraint/g" "$TMP_DIR"/user.json   # TENANT|'-none-'
+        sed -i'.bak' "s/xxPASSWORDxx/$password/g" "$TMP_DIR"/user.json         # PASSWORD
+        sed -i'.bak' "s/xxCREATEDBYxx/$this_script/g" "$TMP_DIR"/user.json     # CREATEDBY
+        sed -i'.bak' "s/xxPWDCHANGEXX/$pwdchangetxt/g" "$TMP_DIR"/user.json    # PASSWORD CHANGE MECHANISM (OSD|change_internal_password.sh script)
+        sed -i'.bak' "s/xxDATETIMExx/$(date)/g" "$TMP_DIR"/user.json           # DATE
+
+        log_debug "Contents of user.json template file after substitutions: \n $(cat "$TMP_DIR"/user.json)"
+
+        #remove any existing instance of this file
+        rm -f "$TMP_DIR"/user_create.txt
+
+        # Create user
+        response=$(curl -s -o "$TMP_DIR"/user_create.txt -w "%{http_code}" -XPUT "$sec_api_url/internalusers/$username" -H 'Content-Type: application/json' -d @"$TMP_DIR"/user.json --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)
+
+        if grep -i 'weak password' "$TMP_DIR"/user_create.txt > /dev/null 2>&1; then
             log_warn "The password specified for user [$username] did not meet complexity requirements of OpenSearch."
             log_warn "A randomly generated password will be used instead."
             log_warn "Check notices below for additional details."
@@ -298,79 +290,78 @@
             weakpassword="true"
             password="$(randomPassword)"
             exitnow="false"
-         else
+        else
             exitnow="true"
-         fi
-
-         ((loopcounter++))
-
-         if [[ $loopcounter -gt 3 ]]; then
+        fi
+
+        ((loopcounter++))
+
+        if [[ $loopcounter -gt 3 ]]; then
             exitnow='true'
             log_debug "Weak password check looped too many times [$loopcounter]"
-         else
+        else
             log_debug "Weak password check loop [$loopcounter]"
-         fi
-      done
-
-      if [[ $response != 2* ]]; then
-         log_error "There was an issue creating the user [$username]. [$response]"
-         exit 1
-      else
-         log_info "User [$username] created. [$response]"
-      fi
-      log_notice "User [$username] added to internal user database [$(date)]"
-      add_notice "                                                          "
-      add_notice "User [$username] added to internal user database. "
-
-      if [ "$weakpassword" == "true" ]; then
-         add_notice '+------------------------------------------------------------------------------+'
-         add_notice '|.............IMPORTANT NOTICE: REQUESTED PASSWORD REJECTED....................|'
-         add_notice '+------------------------------------------------------------------------------+'
-         add_notice "The specified password failed the complexity requirements of OpenSearch."
-         add_notice "The password [$password] was generated randomly for [$username]."
-         add_notice "$pwdchangetxt to change the password later."
-      fi
-      add_notice " "
-
-      ;;
-   DELETE)
-      if [ -z "$username" ]; then
-         log_error "Required argument USERNAME not specified"
-         echo ""
-         show_usage DELETE
-         exit 1
-      fi
-
-      log_info "Attempting to remove user [$username] from the internal user database [$(date)]"
-
-      # Check if user exists
-      if ! user_exists "$username"; then
-         log_error "There was an issue deleting the user [$username]; the user does NOT exists."
-         exit 1
-      else
-         log_debug "User [$username] exists."
-      fi
-
-      # Delete user
-      response=$(curl -s -o /dev/null -w "%{http_code}" -XDELETE "$sec_api_url/internalusers/$username"  --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)
-      if [[ $response != 2* ]]; then
-         log_error "There was an issue deleting the user [$username]. [$response]"
-         exit 1
-      else
-         log_info "User [$username] deleted. [$response]"
-         log_notice "User [$username] removed from internal user database [$(date)]"
-      fi
-      ;;
-   *)
-      log_error "Invalid action specified"
-      exit 1
-   ;;
+        fi
+    done
+
+    if [[ $response != 2* ]]; then
+        log_error "There was an issue creating the user [$username]. [$response]"
+        exit 1
+    else
+        log_info "User [$username] created. [$response]"
+    fi
+    log_notice "User [$username] added to internal user database [$(date)]"
+    add_notice "                                                          "
+    add_notice "User [$username] added to internal user database. "
+
+    if [ "$weakpassword" == "true" ]; then
+        add_notice '+------------------------------------------------------------------------------+'
+        add_notice '|.............IMPORTANT NOTICE: REQUESTED PASSWORD REJECTED....................|'
+        add_notice '+------------------------------------------------------------------------------+'
+        add_notice "The specified password failed the complexity requirements of OpenSearch."
+        add_notice "The password [$password] was generated randomly for [$username]."
+        add_notice "$pwdchangetxt to change the password later."
+    fi
+    add_notice " "
+
+    ;;
+DELETE)
+    if [ -z "$username" ]; then
+        log_error "Required argument USERNAME not specified"
+        echo ""
+        show_usage DELETE
+        exit 1
+    fi
+
+    log_info "Attempting to remove user [$username] from the internal user database [$(date)]"
+
+    # Check if user exists
+    if ! user_exists "$username"; then
+        log_error "There was an issue deleting the user [$username]; the user does NOT exists."
+        exit 1
+    else
+        log_debug "User [$username] exists."
+    fi
+
+    # Delete user
+    response=$(curl -s -o /dev/null -w "%{http_code}" -XDELETE "$sec_api_url/internalusers/$username" --user "$ES_ADMIN_USER":"$ES_ADMIN_PASSWD" --insecure)
+    if [[ $response != 2* ]]; then
+        log_error "There was an issue deleting the user [$username]. [$response]"
+        exit 1
+    else
+        log_info "User [$username] deleted. [$response]"
+        log_notice "User [$username] removed from internal user database [$(date)]"
+    fi
+    ;;
+*)
+    log_error "Invalid action specified"
+    exit 1
+    ;;
 esac
 
-
 LOGGING_DRIVER=${LOGGING_DRIVER:-false}
 if [ "$LOGGING_DRIVER" != "true" ]; then
-   echo ""
-   display_notices
-   echo ""
+    echo ""
+    display_notices
+    echo ""
 fi
----------

You can reformat the above files to meet shfmt's requirements by typing:

  shfmt -s -i 4 -bn -sr -ln bash -w filename

@github-actions
Copy link
Contributor

github-actions bot commented Aug 22, 2025

sh-checker report

To get the full details, please check in the job output.

shellcheck errors 

'shellcheck -e SC1004' returned error 1 finding the following syntactical issues:

----------

In logging/bin/onboard.sh line 89:
    -* | --*=) # unsupported flags
    ^-- SC2221 (warning): This pattern always overrides a later one on line 89.
         ^--^ SC2222 (warning): This pattern never matches because of a previous pattern on line 89.


In logging/bin/user.sh line 103:
    -* | --*=) # unsupported flags
    ^-- SC2221 (warning): This pattern always overrides a later one on line 103.
         ^--^ SC2222 (warning): This pattern never matches because of a previous pattern on line 103.


In logging/bin/user.sh line 123:
    action=$(echo "$1" | tr '[a-z]' '[A-Z]')
                            ^-----^ SC2021 (info): Don't use [] around classes in tr, it replaces literal square brackets.
                                    ^-----^ SC2021 (info): Don't use [] around classes in tr, it replaces literal square brackets.

For more information:
  https://www.shellcheck.net/wiki/SC2221 -- This pattern always overrides a l...
  https://www.shellcheck.net/wiki/SC2222 -- This pattern never matches becaus...
  https://www.shellcheck.net/wiki/SC2021 -- Don't use [] around classes in tr...
----------

You can address the above issues in one of three ways:
1. Manually correct the issue in the offending shell script;
2. Disable specific issues by adding the comment:
  # shellcheck disable=NNNN
above the line that contains the issue, where NNNN is the error code;
3. Add '-e NNNN' to the SHELLCHECK_OPTS setting in your .yml action file.
shfmt errors 

'shfmt -s -i 4 -bn -sr -ln bash' returned error 1 finding the following formatting issues:

----------
diff logging/bin/remove_eventrouter.sh.orig logging/bin/remove_eventrouter.sh
--- logging/bin/remove_eventrouter.sh.orig
+++ logging/bin/remove_eventrouter.sh
@@ -17,7 +17,7 @@
 
 # Replace placeholders
 log_debug "Replacing logging namespace for files in [$logDir]"
-v4m_replace  "__LOG_NS__" "$LOG_NS" "$logDir"/eventrouter.yaml
+v4m_replace "__LOG_NS__" "$LOG_NS" "$logDir"/eventrouter.yaml
 
 log_info "Removing Event Router [$(date)]"
 # Remove existing instance of Event Router in the kube-system namespace (if present).
----------

You can reformat the above files to meet shfmt's requirements by typing:

  shfmt -s -i 4 -bn -sr -ln bash -w filename

@github-actions
Copy link
Contributor

github-actions bot commented Aug 22, 2025

sh-checker report

To get the full details, please check in the job output.

shellcheck errors 

'shellcheck -e SC1004' returned error 1 finding the following syntactical issues:

----------

In logging/bin/user.sh line 124:
    action=$(echo "$1" | tr 'a-z' 'A-Z')
                            ^---^ SC2018 (info): Use '[:lower:]' to support accents and foreign alphabets.
                                  ^---^ SC2019 (info): Use '[:upper:]' to support accents and foreign alphabets.

For more information:
  https://www.shellcheck.net/wiki/SC2018 -- Use '[:lower:]' to support accent...
  https://www.shellcheck.net/wiki/SC2019 -- Use '[:upper:]' to support accent...
----------

You can address the above issues in one of three ways:
1. Manually correct the issue in the offending shell script;
2. Disable specific issues by adding the comment:
  # shellcheck disable=NNNN
above the line that contains the issue, where NNNN is the error code;
3. Add '-e NNNN' to the SHELLCHECK_OPTS setting in your .yml action file.
shfmt errors 
'shfmt -s -i 4 -bn -sr -ln bash' found no issues.

@gsmith-sas gsmith-sas requested a review from vishaanS August 28, 2025 14:40
vishaanS
vishaanS approved these changes Aug 28, 2025
View reviewed changes
Copy link
Collaborator

@vishaanS vishaanS left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks all good

@gsmith-sas gsmith-sas marked this pull request as ready for review September 4, 2025 17:46
@gsmith-sas gsmith-sas merged commit 8c63bc3 into main Sep 4, 2025
2 checks passed
@gsmith-sas gsmith-sas deleted the logging_lint4 branch September 4, 2025 17:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vishaanS vishaanS vishaanS approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@gsmith-sas @vishaanS