Shellck5

[gsmith-sas]

No description provided.

[github-actions]

sh-checker report

To get the full details, please check in the job output.

shellcheck errors

'shellcheck -e SC1004' returned error 1 finding the following syntactical issues:

----------

In bin/airgap-include.sh line 11:
    if [ -z $AIRGAP_REGISTRY ]; then
            ^--------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
    if [ -z "$AIRGAP_REGISTRY" ]; then


In bin/airgap-include.sh line 20:
        if [ -z "$(kubectl get secret -n $V4M_NS $AIRGAP_IMAGE_PULL_SECRET_NAME -o name --ignore-not-found)" ]; then
                                         ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                 ^----------------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
        if [ -z "$(kubectl get secret -n "$V4M_NS" "$AIRGAP_IMAGE_PULL_SECRET_NAME" -o name --ignore-not-found)" ]; then


In bin/airgap-include.sh line 43:
    mkdir -p $airgapDir
             ^--------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
    mkdir -p "$airgapDir"


In bin/autogenerate-include.sh line 39:
        kubectl -n $namespace label secret $secretName  managed-by="v4m-es-script"
                   ^--------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                           ^---------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
        kubectl -n "$namespace" label secret "$secretName"  managed-by="v4m-es-script"


In bin/autogenerate-include.sh line 40:
    elif [ ! -z "$certFile$keyFile" ]; then
           ^-- SC2236 (style): Use -n instead of ! -z.


In bin/autogenerate-include.sh line 75:
        BASE_DOMAIN="${BASE_DOMAIN}"
        ^---------^ SC2269 (info): This variable is assigned to itself, so the assignment does nothing.


In bin/autogenerate-include.sh line 91:
        INGRESS_CERT="${INGRESS_CERT}"
        ^----------^ SC2269 (info): This variable is assigned to itself, so the assignment does nothing.


In bin/autogenerate-include.sh line 92:
        INGRESS_KEY="${INGRESS_KEY}"
        ^---------^ SC2269 (info): This variable is assigned to itself, so the assignment does nothing.


In bin/common.sh line 22:
         extract_trap_cmd() { printf '%s\n' "$3"; }
                              ^----------------^ SC2317 (info): Command appears to be unreachable. Check usage (or ignore if invoked indirectly).


In bin/log-include.sh line 41:
     cat "$TMP_DIR"/notices.txt | while read -r line || [[ -n "$line" ]];
         ^--------------------^ SC2002 (style): Useless cat. Consider 'cmd < file | ..' or 'cmd file | ..' instead.


In bin/service-url-include.sh line 32:
    info=$(kubectl -n "$namespace" get "$object" -o=jsonpath=$jsonpath 2>/dev/null)
                                                             ^-------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
    info=$(kubectl -n "$namespace" get "$object" -o=jsonpath="$jsonpath" 2>/dev/null)


In bin/service-url-include.sh line 35:
    if [ ! -z  "$info" ]; then
         ^-- SC2236 (style): Use -n instead of ! -z.


In bin/service-url-include.sh line 165:
    if [ ! -z "$port" ]; then
         ^-- SC2236 (style): Use -n instead of ! -z.


In bin/show_app_url.sh line 6:
cd "$(dirname $BASH_SOURCE)/.." || exit
              ^----------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
cd "$(dirname "$BASH_SOURCE")/.." || exit


In bin/show_app_url.sh line 89:
   if [ ! -z "$service_url" ]; then
        ^-- SC2236 (style): Use -n instead of ! -z.


In bin/tls-include.sh line 247:
    kubectl -n "$namespace" create secret generic "$secretName" --from-file=tls.crt=$TMP_DIR/${app}.pem --from-file=tls.key=$TMP_DIR/${app}-key.pem --from-file=ca.crt=$TMP_DIR/root-ca.pem
                                                                                    ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                             ^----^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                            ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                                     ^----^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                                                                       ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
    kubectl -n "$namespace" create secret generic "$secretName" --from-file=tls.crt="$TMP_DIR"/"${app}".pem --from-file=tls.key="$TMP_DIR"/"${app}"-key.pem --from-file=ca.crt="$TMP_DIR"/root-ca.pem


In bin/version-include.sh line 40:
        cat "$USER_DIR/user.env" | sed 's/^/      /' >> "$v4mValuesYAML"
            ^------------------^ SC2002 (style): Useless cat. Consider 'cmd < file | ..' or 'cmd file | ..' instead.


In bin/version-include.sh line 45:
        cat "$USER_DIR/monitoring/user.env" | sed 's/^/      /' >> "$v4mValuesYAML"
            ^-----------------------------^ SC2002 (style): Useless cat. Consider 'cmd < file | ..' or 'cmd file | ..' instead.


In bin/version-include.sh line 50:
        cat "$USER_DIR/logging/user.env" | sed 's/^/      /' >> "$v4mValuesYAML"
            ^--------------------------^ SC2002 (style): Useless cat. Consider 'cmd < file | ..' or 'cmd file | ..' instead.


In bin/version-include.sh line 95:
    if [ ! -z "$(helm list -n "$NS" --filter "^$releaseName\$" -q)" ]; then
         ^-- SC2236 (style): Use -n instead of ! -z.

For more information:
  https://www.shellcheck.net/wiki/SC2086 -- Double quote to prevent globbing ...
  https://www.shellcheck.net/wiki/SC2269 -- This variable is assigned to itse...
  https://www.shellcheck.net/wiki/SC2317 -- Command appears to be unreachable...
----------

You can address the above issues in one of three ways:
1. Manually correct the issue in the offending shell script;
2. Disable specific issues by adding the comment:
  # shellcheck disable=NNNN
above the line that contains the issue, where NNNN is the error code;
3. Add '-e NNNN' to the SHELLCHECK_OPTS setting in your .yml action file.

shfmt errors

'shfmt -s -i 4 -bn -sr -ln bash' returned error 1 finding the following formatting issues:

----------
diff bin/airgap-include.sh.orig bin/airgap-include.sh
--- bin/airgap-include.sh.orig
+++ bin/airgap-include.sh
@@ -5,7 +5,6 @@
 # This file is not marked as executable as it is intended to be sourced
 # Current directory must be the root directory of the repo
 
-
 if [ "$AIRGAP_SOURCED" == "" ]; then
     ## Check for AIRGAP_REGISTRY, if null/empty, error out.  Otherwise set and create HELM_URL_BASE.
     if [ -z $AIRGAP_REGISTRY ]; then
diff bin/autogenerate-include.sh.orig bin/autogenerate-include.sh
--- bin/autogenerate-include.sh.orig
+++ bin/autogenerate-include.sh
@@ -5,7 +5,6 @@
 # This file is not marked as executable as it is intended to be sourced
 # Current directory must be the root directory of the repo
 
-
 function checkYqVersion {
     # confirm yq installed and correct version
     local goodver yq_version
@@ -36,7 +35,7 @@
     if [ -f "$certFile" ] && [ -f "$keyFile" ]; then
         kubectl delete secret "$secretName" --namespace "$namespace" --ignore-not-found
         kubectl create secret tls "$secretName" --namespace "$namespace" --key="$keyFile" --cert="$certFile"
-        kubectl -n $namespace label secret $secretName  managed-by="v4m-es-script"
+        kubectl -n $namespace label secret $secretName managed-by="v4m-es-script"
     elif [ ! -z "$certFile$keyFile" ]; then
         log_warn "Missing Ingress certificate file; specified Ingress cert [$certFile] and/or key [$keyFile] file is missing."
         log_warn "Create the missing Kubernetes secrets after deployment; use command: kubectl -create secret tls $secretName --namespace $namespace --key=cert_key_file --cert=cert_file"
@@ -160,7 +159,7 @@
             log_debug "Secret [$SMTP_USER_SECRET] exists; will use it for SMTP user credentials"
         elif [ -z "$SMTP_USER" ] && [ -z "$SMTP_PASSWORD" ]; then
             log_debug "Neither SMTP_USER nor SMTP_PASSWORD are set; skipping creation of secret [$SMTP_USER_SECRET]"
-        elif  [ -z "$SMTP_USER" ] || [ -z "$SMTP_PASSWORD" ]; then
+        elif [ -z "$SMTP_USER" ] || [ -z "$SMTP_PASSWORD" ]; then
             log_error "Complete SMTP Credentials NOT provided; MUST provide BOTH [SMTP_USER] and [SMTP_PASSWORD]"
             log_info "SMTP_USER is set to [$SMTP_USER] and SMTP_PASSWORD is set to [$SMTP_PASSWORD]"
             exit 1
@@ -174,12 +173,11 @@
 
     export AUTOGENERATE_SOURCED="true"
 
-    elif [ "$AUTOGENERATE_SOURCED" == "NotNeeded" ]; then
-        log_debug "autogenerate-include.sh not needed"
-    else
-        log_debug "autogenerate-include.sh was already sourced [$AUTOGENERATE_SOURCED]"
-fi
-
+elif [ "$AUTOGENERATE_SOURCED" == "NotNeeded" ]; then
+    log_debug "autogenerate-include.sh not needed"
+else
+    log_debug "autogenerate-include.sh was already sourced [$AUTOGENERATE_SOURCED]"
+fi
 
 function checkStorageClass {
     # input parms: $1  *Name of env var* identifying storageClass
@@ -195,7 +193,7 @@
         exit 1
     else
         # shellcheck disable=SC2091
-        if $(kubectl get storageClass "$storageClass" -o name &>/dev/null); then
+        if $(kubectl get storageClass "$storageClass" -o name &> /dev/null); then
             log_debug "The specified StorageClass [$storageClass] exists"
         else
             log_error "The specified StorageClass [$storageClass] does NOT exist"
diff bin/colors-include.sh.orig bin/colors-include.sh
--- bin/colors-include.sh.orig
+++ bin/colors-include.sh
@@ -35,67 +35,67 @@
 
 # Foregrounds
 function black {
-  echo -e "${black}${1}${end}" >&3
+    echo -e "${black}${1}${end}" >&3
 }
 
 function blackb {
-  echo -e "${blackb}${1}${end}" >&3
+    echo -e "${blackb}${1}${end}" >&3
 }
 
 function white {
-  echo -e "${white}${1}${end}" >&3
+    echo -e "${white}${1}${end}" >&3
 }
 
 function whiteb {
-  echo -e "${whiteb}${1}${end}" >&3
+    echo -e "${whiteb}${1}${end}" >&3
 }
 
 function red {
-  echo -e "${red}${1}${end}" >&3
+    echo -e "${red}${1}${end}" >&3
 }
 
 function redb {
-  echo -e "${redb}${1}${end}" >&3
+    echo -e "${redb}${1}${end}" >&3
 }
 
 function green {
-  echo -e "${green}${1}${end}" >&3
+    echo -e "${green}${1}${end}" >&3
 }
 
 function greenb {
-  echo -e "${greenb}${1}${end}" >&3
+    echo -e "${greenb}${1}${end}" >&3
 }
 
 function yellow {
-  echo -e "${yellow}${1}${end}" >&3
+    echo -e "${yellow}${1}${end}" >&3
 }
 
 function yellowb {
-  echo -e "${yellowb}${1}${end}" >&3
+    echo -e "${yellowb}${1}${end}" >&3
 }
 
 function blue {
-  echo -e "${blue}${1}${end}" >&3
+    echo -e "${blue}${1}${end}" >&3
 }
 
 function blueb {
-  echo -e "${blueb}${1}${end}" >&3
+    echo -e "${blueb}${1}${end}" >&3
 }
 
 function purple {
-  echo -e "${purple}${1}${end}" >&3
+    echo -e "${purple}${1}${end}" >&3
 }
 
 function purpleb {
-  echo -e "${purpleb}${1}${end}" >&3
+    echo -e "${purpleb}${1}${end}" >&3
 }
 
 function lightblue {
-  echo -e "${lightblue}${1}${end}" >&3
+    echo -e "${lightblue}${1}${end}" >&3
 }
 
 function lightblueb {
-  echo -e "${lightblueb}${1}${end}" >&3
+    echo -e "${lightblueb}${1}${end}" >&3
 }
 
 # Export all the things
diff bin/common.sh.orig bin/common.sh
--- bin/common.sh.orig
+++ bin/common.sh
@@ -6,24 +6,25 @@
 # Current directory must be the root directory of the repo
 
 function trap_add() {
- # based on https://stackoverflow.com/questions/3338030/multiple-bash-traps-for-the-same-signal
- # but: prepends new cmd rather than append it, changed var names and eliminated messages
-
-   local cmd_to_add signal
-
-   cmd_to_add=$1; shift
-   for signal in "$@"; do
-      trap -- "$(
-         # print the new trap command
-         printf '%s\n' "${cmd_to_add}"
-         # helper fn to get existing trap command from output
-         # of trap -p
-         # shellcheck disable=SC2329
-         extract_trap_cmd() { printf '%s\n' "$3"; }
-         # print existing trap command with newline
-         eval "extract_trap_cmd $(trap -p "${signal}")"
-      )" "${signal}"
-   done
+    # based on https://stackoverflow.com/questions/3338030/multiple-bash-traps-for-the-same-signal
+    # but: prepends new cmd rather than append it, changed var names and eliminated messages
+
+    local cmd_to_add signal
+
+    cmd_to_add=$1
+    shift
+    for signal in "$@"; do
+        trap -- "$(
+            # print the new trap command
+            printf '%s\n' "${cmd_to_add}"
+            # helper fn to get existing trap command from output
+            # of trap -p
+            # shellcheck disable=SC2329
+            extract_trap_cmd() { printf '%s\n' "$3"; }
+            # print existing trap command with newline
+            eval "extract_trap_cmd $(trap -p "${signal}")"
+        )" "${signal}"
+    done
 }
 
 function errexit_msg {
@@ -72,7 +73,10 @@
     export USER_DIR=${USER_DIR:-$(pwd)}
     if [ -d "$USER_DIR" ]; then
         # Resolve full path
-        USER_DIR=$(cd "$(dirname "$USER_DIR")" || exit; pwd)/$(basename "$USER_DIR")
+        USER_DIR=$(
+            cd "$(dirname "$USER_DIR")" || exit
+            pwd
+        )/$(basename "$USER_DIR")
         export USER_DIR
     fi
     if [ -f "$USER_DIR/user.env" ]; then
@@ -122,7 +126,6 @@
     # set TLS Cert Generator (cert-manager|openssl)
     export CERT_GENERATOR="${CERT_GENERATOR:-openssl}"
 
-
     # Set default timeout for kubectl namespace delete command
     export KUBE_NAMESPACE_DELETE_TIMEOUT=${KUBE_NAMESPACE_DELETE_TIMEOUT:-5m}
 
@@ -154,7 +157,7 @@
 
 function checkDefaultStorageClass {
     if [ -z "$defaultStorageClass" ]; then
-    # Check for kubernetes environment conflicts/requirements
+        # Check for kubernetes environment conflicts/requirements
         defaultStorageClass=$(kubectl get storageclass -o jsonpath="{range .items[*]}{.metadata.name}{'\t'}{.metadata.annotations..storageclass\.kubernetes\.io/is-default-class}{'\n'}{end}" | grep true | awk '{print $1}')
         if [ "$defaultStorageClass" ]; then
             log_debug "Found default storageClass: [$defaultStorageClass]"
@@ -198,11 +201,10 @@
     fi
 }
 
-
 function validateNamespace {
     local namespace
     namespace="$1"
-    if [[ "$namespace" =~ ^[a-z0-9]([\-a-z0-9]*[a-z0-9])?$ ]]; then
+    if [[ $namespace =~ ^[a-z0-9]([\-a-z0-9]*[a-z0-9])?$ ]]; then
         log_debug "Namespace [$namespace] passes validation"
     else
         log_error "[$namespace] is not a valid namespace name"
@@ -210,9 +212,9 @@
     fi
 }
 
-
 function randomPassword {
-  date +%s | sha256sum | base64 | head -c 32 ; echo
+    date +%s | sha256sum | base64 | head -c 32
+    echo
 }
 
 function disable_sa_token_automount {
@@ -222,7 +224,7 @@
     should_disable=${SEC_DISABLE_SA_TOKEN_AUTOMOUNT:-true}
 
     if [ "$should_disable" == "true" ]; then
-        if [ -n "$(kubectl -n "$ns" get serviceAccount "$sa_name" -o name 2>/dev/null)" ]; then
+        if [ -n "$(kubectl -n "$ns" get serviceAccount "$sa_name" -o name 2> /dev/null)" ]; then
             log_debug "Disabling automount of API tokens for serviceAccount [$ns/$sa_name]"
             kubectl -n "$ns" patch serviceAccount "$sa_name" -p '{"automountServiceAccountToken":false}'
         else
@@ -244,7 +246,7 @@
         log_debug "Enabling automount of API tokens for pods deployed via [$resource_type/$resource_name]"
 
         if [ "$resource_type" == "daemonset" ] || [ "$resource_type" == "deployment" ]; then
-            kubectl -n "$ns" patch "$resource_type"  "$resource_name" -p '{"spec": {"template": {"spec": {"automountServiceAccountToken":true}}}}'
+            kubectl -n "$ns" patch "$resource_type" "$resource_name" -p '{"spec": {"template": {"spec": {"automountServiceAccountToken":true}}}}'
         else
             log_error "Invalid request to function [${FUNCNAME[0]}]; unsupported resource_type [$resource_type]"
             return 1
@@ -264,11 +266,11 @@
 export -f enable_pod_token_automount
 
 function parseFullImage {
-   # shellcheck disable=SC2034
-   fullImage="$1"
-   unset REGISTRY REPOS IMAGE VERSION FULL_IMAGE_ESCAPED
-
-   if [[ "$1" =~ (.*)\/(.*)\/(.*)\:(.*) ]]; then
+    # shellcheck disable=SC2034
+    fullImage="$1"
+    unset REGISTRY REPOS IMAGE VERSION FULL_IMAGE_ESCAPED
+
+    if [[ $1 =~ (.*)\/(.*)\/(.*)\:(.*) ]]; then
         REGISTRY="${BASH_REMATCH[1]}"
         REPOS="${BASH_REMATCH[2]}"
         IMAGE="${BASH_REMATCH[3]}"
@@ -276,19 +278,18 @@
         # shellcheck disable=SC2034
         FULL_IMAGE_ESCAPED="$REGISTRY\/$REPOS\/$IMAGE\:$VERSION"
         return 0
-   else
+    else
         log_warn "Invalid value for full container image; does not fit expected pattern [$1]."
         return 1
-   fi
-}
-
+    fi
+}
 
 function v4m_replace {
 
     if echo "$OSTYPE" | grep 'darwin' > /dev/null 2>&1; then
-        sed -i '' "s;$1;$2;g"  "$3"
-    else
-        sed -i  "s;$1;$2;g"  "$3"
+        sed -i '' "s;$1;$2;g" "$3"
+    else
+        sed -i "s;$1;$2;g" "$3"
     fi
 }
 
@@ -304,7 +305,7 @@
 
     local pullsecret_text
 
-    if ! parseFullImage "$1";  then
+    if ! parseFullImage "$1"; then
         log_error "Unable to parse full image [$1]"
         return 1
     fi
@@ -316,8 +317,8 @@
     template_file=$2
 
     if [ "$template_file" != "$imageKeysFile" ]; then
-        rm -f  "$imageKeysFile"
-        cp "$template_file"  "$imageKeysFile"
+        rm -f "$imageKeysFile"
+        cp "$template_file" "$imageKeysFile"
     else
         log_debug "Modifying an existing imageKeysFile"
     fi
@@ -349,20 +350,19 @@
     v4m_pullPolicy=${V4M_PULL_POLICY:-"IfNotPresent"}
 
     v4m_replace "__${prefix}GLOBAL_REGISTRY_OSBUG__" "$GLOBAL_REGISTRY_OSBUG" "$imageKeysFile"
-    v4m_replace "__${prefix}GLOBAL_REGISTRY__" "$GLOBAL_REGISTRY"          "$imageKeysFile"
+    v4m_replace "__${prefix}GLOBAL_REGISTRY__" "$GLOBAL_REGISTRY" "$imageKeysFile"
     v4m_replace "__${prefix}IMAGE_REGISTRY__" "$REGISTRY" "$imageKeysFile"
-    v4m_replace "__${prefix}IMAGE_REPO_3LEVEL__"  "$REGISTRY\/$REPOS\/$IMAGE" "$imageKeysFile"
-    v4m_replace "__${prefix}IMAGE_REPO_2LEVEL__"  "$REPOS\/$IMAGE"            "$imageKeysFile"
-    v4m_replace "__${prefix}IMAGE__"              "$IMAGE"                    "$imageKeysFile"
-    v4m_replace "__${prefix}IMAGE_TAG__"          "$VERSION"                  "$imageKeysFile"
-    v4m_replace "__${prefix}IMAGE_PULL_POLICY__"  "$v4m_pullPolicy"           "$imageKeysFile"
-    v4m_replace "__${prefix}IMAGE_PULL_SECRET__"  "$pullsecret_text"          "$imageKeysFile"       #Handle Charts Accepting a Single Image Pull Secret
-    v4m_replace "__${prefix}IMAGE_PULL_SECRETS__" "$pullsecrets_text"         "$imageKeysFile"       #Handle Charts Accepting Multiple Image Pull Secrets
+    v4m_replace "__${prefix}IMAGE_REPO_3LEVEL__" "$REGISTRY\/$REPOS\/$IMAGE" "$imageKeysFile"
+    v4m_replace "__${prefix}IMAGE_REPO_2LEVEL__" "$REPOS\/$IMAGE" "$imageKeysFile"
+    v4m_replace "__${prefix}IMAGE__" "$IMAGE" "$imageKeysFile"
+    v4m_replace "__${prefix}IMAGE_TAG__" "$VERSION" "$imageKeysFile"
+    v4m_replace "__${prefix}IMAGE_PULL_POLICY__" "$v4m_pullPolicy" "$imageKeysFile"
+    v4m_replace "__${prefix}IMAGE_PULL_SECRET__" "$pullsecret_text" "$imageKeysFile"   #Handle Charts Accepting a Single Image Pull Secret
+    v4m_replace "__${prefix}IMAGE_PULL_SECRETS__" "$pullsecrets_text" "$imageKeysFile" #Handle Charts Accepting Multiple Image Pull Secrets
 
     return 0
 }
 
-
 export -f parseFullImage
 export -f v4m_replace
 export -f generateImageKeysFile
diff bin/configure_nodeport.sh.orig bin/configure_nodeport.sh
--- bin/configure_nodeport.sh.orig
+++ bin/configure_nodeport.sh
@@ -3,7 +3,7 @@
 # Copyright ©2022, SAS Institute Inc., Cary, NC, USA.  All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0
 
-cd "$(dirname "$BASH_SOURCE")/.."  || exit
+cd "$(dirname "$BASH_SOURCE")/.." || exit
 source logging/bin/common.sh
 
 #TO DO: Should be done in bin/common?
@@ -22,12 +22,12 @@
 set -e
 
 app=${1}
-arg1=$(echo "$arg1"| tr '[:lower:]' '[:upper:]')
+arg1=$(echo "$arg1" | tr '[:lower:]' '[:upper:]')
 
 arg2=${2}
-arg2=$(echo "$arg2"| tr '[:lower:]' '[:upper:]')
-
-if [[ "$arg2" -ge 30000 ]] && [[ "$arg2" -le 32767 ]]; then
+arg2=$(echo "$arg2" | tr '[:lower:]' '[:upper:]')
+
+if [[ $arg2 -ge 30000 ]] && [[ $arg2 -le 32767 ]]; then
     log_debug "Requested port [$target_port] is within valid range"
     target_port="$arg2"
 elif [ "$arg2" == "0" ]; then
@@ -41,47 +41,47 @@
     exit 1
 fi
 
-app=$(echo "$app"| tr '[:lower:]' '[:upper:]')
+app=$(echo "$app" | tr '[:lower:]' '[:upper:]')
 case "$app" in
-   "OPENSEARCH"|"OS")
-      namespace=$LOG_NS
-      servicename=$ES_SERVICENAME
-      appname="OpenSearch"
-      target_port="${target_port:-0}"
-      ;;
-   "OPENSEARCHDASHBOARDS"|"DASHBOARDS"|"OSD")
-      namespace=$LOG_NS
-      servicename=$KB_SERVICENAME
-      appname="OpenSearchDashboards"
-      target_port="${target_port:-31033}"
-      ;;
-   "ALERTMANAGER"|"AM")
-      namespace=$MON_NS
-      appname="Alertmanager"
-      servicename="v4m-alertmanager"
-      target_port="${target_port:-31091}"
-      ;;
-   "PROMETHEUS"|"PROM"|"PRO"|"PR")
-      namespace=$MON_NS
-      appname="Prometheus"
-      servicename="v4m-prometheus"
-      target_port="${target_port:-31090}"
-      ;;
-   "GRAFANA"|"GRAF"|"GR")
-      namespace=$MON_NS
-      appname="Grafana"
-      servicename="v4m-grafana"
-      target_port="${target_port:-31100}"
-      ;;
-  ""|*)
-      log_error "Application name is invalid or missing."
-      log_error "The APPLICATION NAME is required; valid values are:"
-      log_error "OPENSEARCH, OPENSEARCHDASHBOARDS, GRAFANA, PROMETHEUS or ALERTMANAGER"
-      exit 1
-      ;;
+"OPENSEARCH" | "OS")
+    namespace=$LOG_NS
+    servicename=$ES_SERVICENAME
+    appname="OpenSearch"
+    target_port="${target_port:-0}"
+    ;;
+"OPENSEARCHDASHBOARDS" | "DASHBOARDS" | "OSD")
+    namespace=$LOG_NS
+    servicename=$KB_SERVICENAME
+    appname="OpenSearchDashboards"
+    target_port="${target_port:-31033}"
+    ;;
+"ALERTMANAGER" | "AM")
+    namespace=$MON_NS
+    appname="Alertmanager"
+    servicename="v4m-alertmanager"
+    target_port="${target_port:-31091}"
+    ;;
+"PROMETHEUS" | "PROM" | "PRO" | "PR")
+    namespace=$MON_NS
+    appname="Prometheus"
+    servicename="v4m-prometheus"
+    target_port="${target_port:-31090}"
+    ;;
+"GRAFANA" | "GRAF" | "GR")
+    namespace=$MON_NS
+    appname="Grafana"
+    servicename="v4m-grafana"
+    target_port="${target_port:-31100}"
+    ;;
+"" | *)
+    log_error "Application name is invalid or missing."
+    log_error "The APPLICATION NAME is required; valid values are:"
+    log_error "OPENSEARCH, OPENSEARCHDASHBOARDS, GRAFANA, PROMETHEUS or ALERTMANAGER"
+    exit 1
+    ;;
 esac
 
-if [ "$arg2" == "DISABLE" ];then
+if [ "$arg2" == "DISABLE" ]; then
     log_info "Removing NodePort for [$servicename] in [$LOG_NS]"
     kubectl -n "$namespace" patch svc "$servicename" --type='json' -p '[{"op":"replace","path":"/spec/type","value":"ClusterIP"}]'
     exit
diff bin/helm-include.sh.orig bin/helm-include.sh
--- bin/helm-include.sh.orig
+++ bin/helm-include.sh
@@ -11,9 +11,9 @@
     exit 1
 fi
 
-helmVer=$(helm version --short 2>/dev/null)
+helmVer=$(helm version --short 2> /dev/null)
 # shellcheck disable=SC2116,SC2086,SC2207
-hver=( $(echo ${helmVer//[^0-9]/ }) )
+hver=($(echo ${helmVer//[^0-9]/ }))
 HELM_VER_MAJOR=${hver[0]}
 HELM_VER_MINOR=${hver[1]}
 HELM_VER_PATCH=${hver[2]}
@@ -25,7 +25,7 @@
     exit 1
 fi
 
-if [ "$V4M_HELM_USE_LATEST"  == "true" ]; then
+if [ "$V4M_HELM_USE_LATEST" == "true" ]; then
     log_warn "******This feature is NOT intended for use outside the project maintainers*******"
     log_warn "Environment variable V4M_HELM_USE_LATEST set; deploying *latest* version of all Helm charts"
 fi
@@ -59,9 +59,9 @@
     if [ "$HELM_RELEASE_CHECK" != "false" ]; then
         release=$1
         if helm2ReleaseExists "$release"; then
-        log_error "A Helm 2.x release of [$release] already exists"
-        log_error "Helm [$HELM_VER_FULL] cannot manage the Helm 2.x release of [$release]"
-        exit 1
+            log_error "A Helm 2.x release of [$release] already exists"
+            log_error "Helm [$HELM_VER_FULL] cannot manage the Helm 2.x release of [$release]"
+            exit 1
         fi
     fi
 }
@@ -77,7 +77,7 @@
 
     HELM_FORCE_REPO_UPDATE=${HELM_FORCE_REPO_UPDATE:-true}
     # shellcheck disable=SC1087
-    if [[ ! $(helm repo list 2>/dev/null) =~ $repo[[:space:]] ]]; then
+    if [[ ! $(helm repo list 2> /dev/null) =~ $repo[[:space:]] ]]; then
         log_info "Adding [$repo] helm repository"
         helm repo add "$repo" "$repoURL"
     else
@@ -87,7 +87,7 @@
 
             # Helm 3.3.2 changed 'repo add' behavior and added the --force-update flag
             # https://github.com/helm/helm/releases/tag/v3.3.2
-            if [[  $HELM_VER_MINOR -lt 3 || ( $HELM_VER_MINOR -eq 3 &&  $HELM_VER_PATCH -lt 2) ]]; then
+            if [[ $HELM_VER_MINOR -lt 3 || ($HELM_VER_MINOR -eq 3 && $HELM_VER_PATCH -lt 2) ]]; then
                 helm repo add "$repo" "$repoURL"
             else
                 helm repo add --force-update "$repo" "$repoURL"
@@ -117,9 +117,9 @@
         :
     fi
 
-    if [ "$AIRGAP_HELM_FORMAT"  == "tgz" ]; then
+    if [ "$AIRGAP_HELM_FORMAT" == "tgz" ]; then
         echo "${AIRGAP_HELM_REPO}/${chart_name}-${chart_version}.tgz"
-    elif [ "$AIRGAP_HELM_FORMAT"  == "oci" ]; then
+    elif [ "$AIRGAP_HELM_FORMAT" == "oci" ]; then
         echo "oci://${AIRGAP_HELM_REPO}/${chart_repository}/${chart_name}"
     else
         echo "${chart_repository}/${chart_name}"
@@ -126,8 +126,8 @@
     fi
 }
 function get_helm_versionstring {
-    if [ "$V4M_HELM_USE_LATEST"  == "true" ]; then
-        :  # return null string
+    if [ "$V4M_HELM_USE_LATEST" == "true" ]; then
+        : # return null string
     else
         # Explicitly use printf instead of echo to avoid quote issues
         printf -- "--version %s" "$1"
diff bin/log-include.sh.orig bin/log-include.sh
--- bin/log-include.sh.orig
+++ bin/log-include.sh
@@ -11,124 +11,123 @@
 
 # This must be run without 'set -e' being set
 # So it has to be done up here and not within log_notice
-if [ -z "$TERM" ] || ! tput cols >/dev/null 2>&1 ; then
-  # Non-interactive shell
-  LOG_COLOR_ENABLE=false
-  noticeColWidth=${LOG_NOTICE_COL_WIDTH:-100}
+if [ -z "$TERM" ] || ! tput cols > /dev/null 2>&1; then
+    # Non-interactive shell
+    LOG_COLOR_ENABLE=false
+    noticeColWidth=${LOG_NOTICE_COL_WIDTH:-100}
 else
-  # Terminal width should be accessible
-  noticeColWidth=${LOG_NOTICE_COL_WIDTH:-$(tput cols)}
-  if [ "$noticeColWidth" == "" ]; then
-    noticeColWidth=100
-  fi
+    # Terminal width should be accessible
+    noticeColWidth=${LOG_NOTICE_COL_WIDTH:-$(tput cols)}
+    if [ "$noticeColWidth" == "" ]; then
+        noticeColWidth=100
+    fi
 fi
 
 if [ "$LOG_VERBOSE_ENABLE" != "true" ]; then
-  # Send stdout to /dev/null
-  # All non-error command output (kubectl, helm, etc.) will be suppressed
-  # for non-verbose mode. log_* calls will funtion normally since they are
-  # sent to &3, which is a copy of stdout
-  exec 1>/dev/null
+    # Send stdout to /dev/null
+    # All non-error command output (kubectl, helm, etc.) will be suppressed
+    # for non-verbose mode. log_* calls will funtion normally since they are
+    # sent to &3, which is a copy of stdout
+    exec 1> /dev/null
 fi
 
 function add_notice {
-  echo "$*" >> "$TMP_DIR"/notices.txt
+    echo "$*" >> "$TMP_DIR"/notices.txt
 }
 
 function display_notices {
-  if [ -f "$TMP_DIR/notices.txt" ]; then
-     local IFS=''
-     cat "$TMP_DIR"/notices.txt | while read -r line || [[ -n "$line" ]];
-     do
-       log_notice "$line"
-     done
- fi
+    if [ -f "$TMP_DIR/notices.txt" ]; then
+        local IFS=''
+        cat "$TMP_DIR"/notices.txt | while read -r line || [[ -n $line ]]; do
+            log_notice "$line"
+        done
+    fi
 }
 
 function log_notice {
-  local msg
-  msg=$1
-  width=$noticeColWidth
-
-  n=$((width - ${#msg}))
-  if [ $n -lt 0 ]; then
-     n=0
-  fi
-  # Fill remaining characters with spaces
-  # shellcheck disable=SC2046
-  text="$*$(printf %$(eval 'echo $n')s |tr ' ' ' ')"
-
-  if [ "$LOG_COLOR_ENABLE" = "true" ]; then
-    whiteb "${bluebg}$text"
-  else
-    echo "$text" >&3
-  fi
+    local msg
+    msg=$1
+    width=$noticeColWidth
+
+    n=$((width - ${#msg}))
+    if [ $n -lt 0 ]; then
+        n=0
+    fi
+    # Fill remaining characters with spaces
+    # shellcheck disable=SC2046
+    text="$*$(printf %$(eval 'echo $n')s | tr ' ' ' ')"
+
+    if [ "$LOG_COLOR_ENABLE" = "true" ]; then
+        whiteb "${bluebg}$text"
+    else
+        echo "$text" >&3
+    fi
 }
 
 function log_message {
-    echo "$*"  >&3
+    echo "$*" >&3
 }
 
 function log_debug {
-  if [ "$LOG_DEBUG_ENABLE" = "true" ]; then
-    if [ "$LOG_LEVEL_ENABLE" = "true" ]; then
-        level="DEBUG "
-    else
-        level=""
-    fi
-    if [ "$LOG_COLOR_ENABLE" = "true" ]; then
-        echo -e "${whiteb}${level}${white}$*${end}" >&3
-    else
-        echo "${level}$*" >&3
-    fi
-  fi
+    if [ "$LOG_DEBUG_ENABLE" = "true" ]; then
+        if [ "$LOG_LEVEL_ENABLE" = "true" ]; then
+            level="DEBUG "
+        else
+            level=""
+        fi
+        if [ "$LOG_COLOR_ENABLE" = "true" ]; then
+            echo -e "${whiteb}${level}${white}$*${end}" >&3
+        else
+            echo "${level}$*" >&3
+        fi
+    fi
 }
 
 function log_info {
-  if [ "$LOG_LEVEL_ENABLE" = "true" ]; then
-    level="INFO "
-  else
-    level=""
-  fi
-  if [ "$LOG_COLOR_ENABLE" = "true" ]; then
-    echo -e "${greenb}${level}${whiteb}$*${end}" >&3
-  else
-    echo "${level}$*" >&3
-  fi
+    if [ "$LOG_LEVEL_ENABLE" = "true" ]; then
+        level="INFO "
+    else
+        level=""
+    fi
+    if [ "$LOG_COLOR_ENABLE" = "true" ]; then
+        echo -e "${greenb}${level}${whiteb}$*${end}" >&3
+    else
+        echo "${level}$*" >&3
+    fi
 }
 
 # Verbose messages are basically optional, more detailed INFO messages
 # The value of LOG_VERBOSE_ENABLE determines whether they are displayed
 function log_verbose {
-  if [ "$LOG_VERBOSE_ENABLE" == "true" ]; then
-		log_info "$*" >&3
-  fi
+    if [ "$LOG_VERBOSE_ENABLE" == "true" ]; then
+        log_info "$*" >&3
+    fi
 }
 
 function log_warn {
-  if [ "$LOG_LEVEL_ENABLE" = "true" ]; then
-    level="WARN "
-  else
-    level=""
-  fi
-  if [ "$LOG_COLOR_ENABLE" = "true" ]; then
-    echo -e "${black}${yellowbg}${level}$*${end}" >&3
-  else
-    echo "${level}$*" >&3
-  fi
+    if [ "$LOG_LEVEL_ENABLE" = "true" ]; then
+        level="WARN "
+    else
+        level=""
+    fi
+    if [ "$LOG_COLOR_ENABLE" = "true" ]; then
+        echo -e "${black}${yellowbg}${level}$*${end}" >&3
+    else
+        echo "${level}$*" >&3
+    fi
 }
 
 function log_error {
-  if [ "$LOG_LEVEL_ENABLE" = "true" ]; then
-    level="ERROR "
-  else
-    level=""
-  fi
-  if [ "$LOG_COLOR_ENABLE" = "true" ]; then
-    echo -e "${whiteb}${redbg}${level}$*${end}" >&3
-  else
-    echo "${level}$*" >&3
-  fi
+    if [ "$LOG_LEVEL_ENABLE" = "true" ]; then
+        level="ERROR "
+    else
+        level=""
+    fi
+    if [ "$LOG_COLOR_ENABLE" = "true" ]; then
+        echo -e "${whiteb}${redbg}${level}$*${end}" >&3
+    else
+        echo "${level}$*" >&3
+    fi
 }
 
 export -f log_notice log_message log_debug log_info log_warn log_error add_notice display_notices log_verbose
diff bin/openshift-include.sh.orig bin/openshift-include.sh
--- bin/openshift-include.sh.orig
+++ bin/openshift-include.sh
@@ -10,36 +10,36 @@
     IFS=$'\n'
 
     # shellcheck disable=SC2207
-    allArr=($(oc version 2>/dev/null))
+    allArr=($(oc version 2> /dev/null))
     IFS=$origIFS
 
-    for (( i=0; i<${#allArr[@]}; i++ )); do
+    for ((i = 0; i < ${#allArr[@]}; i++)); do
         # Split the line into an array
         verArr=("${allArr[$i]}")
         if [ ${#verArr[@]} -eq 3 ]; then
-        verType="${verArr[0]}"
-        ver="${verArr[2]}"
-        if [ "$verType" == "Client" ]; then
-            ver="${verArr[2]}"
-            if [[ $ver =~ v?(([0-9]+)\.([0-9]+)\.([0-9]+)) ]]; then
-                OC_FULL_VERSION=${BASH_REMATCH[1]}
-                OC_MAJOR_VERSION=${BASH_REMATCH[2]}
-                OC_MINOR_VERSION=${BASH_REMATCH[3]}
-                OC_PATCH_VERSION=${BASH_REMATCH[4]}
-            else
-                echo "Unable to parse client version: [$ver]"
-            fi
-        elif [ "$verType" == "Server" ]; then
-            ver="${verArr[2]}"
-            if [[ $ver =~ (([0-9]+)\.([0-9]+)\.([0-9]+)) ]]; then
-                OSHIFT_FULL_VERSION=${BASH_REMATCH[1]}
-                OSHIFT_MAJOR_VERSION=${BASH_REMATCH[2]}
-                OSHIFT_MINOR_VERSION=${BASH_REMATCH[3]}
-                OSHIFT_PATCH_VERSION=${BASH_REMATCH[4]}
-            else
-                echo "Unable to parse server version: [$ver]"
-            fi
-        fi
+            verType="${verArr[0]}"
+            ver="${verArr[2]}"
+            if [ "$verType" == "Client" ]; then
+                ver="${verArr[2]}"
+                if [[ $ver =~ v?(([0-9]+)\.([0-9]+)\.([0-9]+)) ]]; then
+                    OC_FULL_VERSION=${BASH_REMATCH[1]}
+                    OC_MAJOR_VERSION=${BASH_REMATCH[2]}
+                    OC_MINOR_VERSION=${BASH_REMATCH[3]}
+                    OC_PATCH_VERSION=${BASH_REMATCH[4]}
+                else
+                    echo "Unable to parse client version: [$ver]"
+                fi
+            elif [ "$verType" == "Server" ]; then
+                ver="${verArr[2]}"
+                if [[ $ver =~ (([0-9]+)\.([0-9]+)\.([0-9]+)) ]]; then
+                    OSHIFT_FULL_VERSION=${BASH_REMATCH[1]}
+                    OSHIFT_MAJOR_VERSION=${BASH_REMATCH[2]}
+                    OSHIFT_MINOR_VERSION=${BASH_REMATCH[3]}
+                    OSHIFT_PATCH_VERSION=${BASH_REMATCH[4]}
+                else
+                    echo "Unable to parse server version: [$ver]"
+                fi
+            fi
         fi
     done
     log_info "OpenShift client version: $OC_FULL_VERSION"
@@ -49,32 +49,32 @@
     if [ "$OPENSHIFT_VERSION_CHECK" == "true" ]; then
         ## Server Version
         ### Openshift versions that do not start with a 4 should produce an error.
-        if (( OSHIFT_MAJOR_VERSION != 4 )); then
-        log_error "Unsupported OpenShift server version: $OSHIFT_FULL_VERSION"
-        log_error "Version 4.12+ is required"
-        exit 1
+        if ((OSHIFT_MAJOR_VERSION != 4)); then
+            log_error "Unsupported OpenShift server version: $OSHIFT_FULL_VERSION"
+            log_error "Version 4.12+ is required"
+            exit 1
         ### 21FEB24: Openshift 4 versions earlier than 4.12 should produce an error.
-        elif (( OSHIFT_MINOR_VERSION < 12 )); then
-        log_error "Unsupported OpenShift server version: $OSHIFT_FULL_VERSION"
-        log_error "Version 4.12+ is required"
-        exit 1
-        else
-        log_debug "OpenShift server version check OK"
+        elif ((OSHIFT_MINOR_VERSION < 12)); then
+            log_error "Unsupported OpenShift server version: $OSHIFT_FULL_VERSION"
+            log_error "Version 4.12+ is required"
+            exit 1
+        else
+            log_debug "OpenShift server version check OK"
         fi
 
         ## Client Version
         ### Openshift versions that do not start with a 4 should produce an error.
-        if (( OC_MAJOR_VERSION != 4 )); then
-        log_error "Unsupported OpenShift client version: $OC_FULL_VERSION"
-        log_error "Version 4.11+ is required"
-        exit 1
+        if ((OC_MAJOR_VERSION != 4)); then
+            log_error "Unsupported OpenShift client version: $OC_FULL_VERSION"
+            log_error "Version 4.11+ is required"
+            exit 1
         ### Openshift 4 client version must be w/in 1 minor releases of server minimum.
-        elif (( OC_MINOR_VERSION < 11 )); then
-        log_error "Unsupported OpenShift client version: $OC_FULL_VERSION"
-        log_error "Version 4.11+ is required"
-        exit 1
-        else
-        log_debug "OpenShift client version check OK"
+        elif ((OC_MINOR_VERSION < 11)); then
+            log_error "Unsupported OpenShift client version: $OC_FULL_VERSION"
+            log_error "Version 4.11+ is required"
+            exit 1
+        else
+            log_debug "OpenShift client version check OK"
         fi
     fi
 }
@@ -83,12 +83,12 @@
 if [ "$SAS_OPENSHIFT_SOURCED" != "true" ]; then
     if [ "$OPENSHIFT_CLUSTER" == "" ]; then
         # Detect OpenShift cluster
-        if kubectl get ns openshift 2>/dev/null 1>&2; then
-        log_debug "OpenShift detected"
-        OPENSHIFT_CLUSTER="true"
-        else
-        log_debug "OpenShift not detected"
-        OPENSHIFT_CLUSTER="false"
+        if kubectl get ns openshift 2> /dev/null 1>&2; then
+            log_debug "OpenShift detected"
+            OPENSHIFT_CLUSTER="true"
+        else
+            log_debug "OpenShift not detected"
+            OPENSHIFT_CLUSTER="false"
         fi
     else
         log_debug "Skipping OpenShift detection. OPENSHIFT_CLUSTER=[$OPENSHIFT_CLUSTER]"
@@ -96,28 +96,28 @@
 
     if [ "$OPENSHIFT_CLUSTER" == "true" ]; then
         if [ "${OPENSHIFT_OC_CHECK:-true}" == "true" ]; then
-        if ! which oc 1>/dev/null ; then
-            echo "'oc' is required for OpenShift and not found on the current PATH"
-            exit 1
-        fi
-        ocVersionCheck
-
-        # Get base OpenShift route hostname
-        OPENSHIFT_ROUTE_DOMAIN=${OPENSHIFT_ROUTE_DOMAIN:-$(oc get route -n openshift-console console -o 'jsonpath={.spec.host}' | cut -c 27-)}
-        if [ "$OPENSHIFT_ROUTE_DOMAIN" != "" ]; then
-            log_debug "OpenShift route host is [$OPENSHIFT_ROUTE_DOMAIN]"
-        else
-            log_error "Unable to determine OpenShift route host. Set OPENSHIFT_ROUTE_DOMAIN if necessary."
-            exit 1
-        fi
-
-        export OPENSHIFT_ROUTE_DOMAIN
-        export OC_MAJOR_VERSION OC_MINOR_VERSION OC_PATCH_VERSION
-        export OSHIFT_MAJOR_VERSION OSHIFT_MINOR_VERSION OSHIFT_PATCH_VERSION
-        fi
-    else
-    log_debug "OpenShift not detected. Skipping 'oc' checks."
+            if ! which oc 1> /dev/null; then
+                echo "'oc' is required for OpenShift and not found on the current PATH"
+                exit 1
+            fi
+            ocVersionCheck
+
+            # Get base OpenShift route hostname
+            OPENSHIFT_ROUTE_DOMAIN=${OPENSHIFT_ROUTE_DOMAIN:-$(oc get route -n openshift-console console -o 'jsonpath={.spec.host}' | cut -c 27-)}
+            if [ "$OPENSHIFT_ROUTE_DOMAIN" != "" ]; then
+                log_debug "OpenShift route host is [$OPENSHIFT_ROUTE_DOMAIN]"
+            else
+                log_error "Unable to determine OpenShift route host. Set OPENSHIFT_ROUTE_DOMAIN if necessary."
+                exit 1
+            fi
+
+            export OPENSHIFT_ROUTE_DOMAIN
+            export OC_MAJOR_VERSION OC_MINOR_VERSION OC_PATCH_VERSION
+            export OSHIFT_MAJOR_VERSION OSHIFT_MINOR_VERSION OSHIFT_PATCH_VERSION
+        fi
+    else
+        log_debug "OpenShift not detected. Skipping 'oc' checks."
     fi
     export OPENSHIFT_CLUSTER
-  export SAS_OPENSHIFT_SOURCED="true"
+    export SAS_OPENSHIFT_SOURCED="true"
 fi
diff bin/renew-tls-certs.sh.orig bin/renew-tls-certs.sh
--- bin/renew-tls-certs.sh.orig
+++ bin/renew-tls-certs.sh
@@ -16,86 +16,86 @@
 function restart-resources {
     app=$1
     case "$app" in
-        "OPENSEARCH"|"OS")
-            namespace=$LOG_NS
-            resourceName=${OS_RESOURCENAME:-"v4m-search"}
-
-            log_info "Restarting [OpenSearch]"
-            kubectl rollout restart statefulset "$resourceName" -n "$namespace"
-            ;;
-        "OPENSEARCHDASHBOARDS"|"DASHBOARDS"|"OSD")
-            namespace=$LOG_NS
-            resourceName=${OSD_RESOURCENAME:-"v4m-osd"}
-
-            log_info "Restarting [OpenSearch Dashboards]"
-            kubectl rollout restart deployment "$resourceName" -n "$namespace"
-            ;;
-        "ALERTMANAGER"|"AM")
-            namespace=$MON_NS
-            resourceName=${AM_RESOURCENAME:-"alertmanager-v4m-alertmanager"}
-
-            log_info "Restarting [Alertmanager]"
-            kubectl rollout restart statefulset "$resourceName" -n "$namespace"
-            ;;
-        "PROMETHEUS"|"PROM"|"PRO"|"PR")
-            namespace=$MON_NS
-            resourceName=${PROM_RESOURCENAME:-"prometheus-v4m-prometheus"}
-
-            log_info "Restarting [Prometheus]"
-            kubectl rollout restart statefulset "$resourceName" -n "$namespace"
-            ;;
-        "GRAFANA"|"GRAF"|"GR")
-            namespace=$MON_NS
-            resourceName=${GR_RESOURCENAME:-"v4m-grafana"}
-
-            log_info "Restarting [Grafana]"
-            kubectl rollout restart deployment "$resourceName" -n "$namespace"
-            ;;
-        "ALL-MON")
-            namespace=$MON_NS
-            alertmanagerResourceName=${AM_RESOURCENAME:-"alertmanager-v4m-alertmanager"}
-            prometheusResourceName=${PROM_RESOURCENAME:-"prometheus-v4m-prometheus"}
-            grafanaResourceName=${GR_RESOURCENAME:-"v4m-grafana"}
-
-            log_info "Restarting [Alertmanager, Prometheus, Grafana]"
-            kubectl rollout restart statefulset "$alertmanagerResourceName" -n "$namespace"
-            kubectl rollout restart statefulset "$prometheusResourceName" -n "$namespace"
-            kubectl rollout restart deployment "$grafanaResourceName" -n "$namespace"
-            ;;
-        "ALL-LOG")
-            namespace=$LOG_NS
-            osdResourceName=${OSD_RESOURCENAME:-"v4m-osd"}
-            osResourceName=${OS_RESOURCENAME:-"v4m-search"}
-
-            log_info "Restarting [OpenSearch, OpenSearch Dashboards]"
-            kubectl rollout restart deployment "$osdResourceName" -n "$namespace"
-            kubectl rollout restart statefulset "$osResourceName" -n "$namespace"
-            ;;
-        "ALL")
-            logNamespace=$LOG_NS
-            osdResourceName=${OSD_RESOURCENAME:-"v4m-osd"}
-            osResourceName=${OS_RESOURCENAME:-"v4m-search"}
-
-            log_info "Restarting [OpenSearch, OpenSearch Dashboards]"
-            kubectl rollout restart deployment "$osdResourceName" -n "$logNamespace"
-            kubectl rollout restart statefulset "$osResourceName" -n "$logNamespace"
-
-            monNamespace=$MON_NS
-            alertmanagerResourceName=${AM_RESOURCENAME:-"alertmanager-v4m-alertmanager"}
-            prometheusResourceName=${PROM_RESOURCENAME:-"prometheus-v4m-prometheus"}
-            grafanaResourceName=${GR_RESOURCENAME:-"v4m-grafana"}
-
-            log_info "Restarting [Alertmanager, Prometheus, Grafana]"
-            kubectl rollout restart statefulset "$alertmanagerResourceName" -n "$monNamespace"
-            kubectl rollout restart statefulset "$prometheusResourceName" -n "$monNamespace"
-            kubectl rollout restart deployment "$grafanaResourceName" -n "$monNamespace"
-            ;;
-        ""|*)
-            log_error "Must Specify which resources to restart"
-            log_error "Valid values are:"
-            log_error "[OPENSEARCH, OPENSEARCHDASHBOARDS, GRAFANA, PROMETHEUS, ALERTMANAGER, ALL-MON, ALL-LOG, or ALL]"
-            exit 1
-            ;;
+    "OPENSEARCH" | "OS")
+        namespace=$LOG_NS
+        resourceName=${OS_RESOURCENAME:-"v4m-search"}
+
+        log_info "Restarting [OpenSearch]"
+        kubectl rollout restart statefulset "$resourceName" -n "$namespace"
+        ;;
+    "OPENSEARCHDASHBOARDS" | "DASHBOARDS" | "OSD")
+        namespace=$LOG_NS
+        resourceName=${OSD_RESOURCENAME:-"v4m-osd"}
+
+        log_info "Restarting [OpenSearch Dashboards]"
+        kubectl rollout restart deployment "$resourceName" -n "$namespace"
+        ;;
+    "ALERTMANAGER" | "AM")
+        namespace=$MON_NS
+        resourceName=${AM_RESOURCENAME:-"alertmanager-v4m-alertmanager"}
+
+        log_info "Restarting [Alertmanager]"
+        kubectl rollout restart statefulset "$resourceName" -n "$namespace"
+        ;;
+    "PROMETHEUS" | "PROM" | "PRO" | "PR")
+        namespace=$MON_NS
+        resourceName=${PROM_RESOURCENAME:-"prometheus-v4m-prometheus"}
+
+        log_info "Restarting [Prometheus]"
+        kubectl rollout restart statefulset "$resourceName" -n "$namespace"
+        ;;
+    "GRAFANA" | "GRAF" | "GR")
+        namespace=$MON_NS
+        resourceName=${GR_RESOURCENAME:-"v4m-grafana"}
+
+        log_info "Restarting [Grafana]"
+        kubectl rollout restart deployment "$resourceName" -n "$namespace"
+        ;;
+    "ALL-MON")
+        namespace=$MON_NS
+        alertmanagerResourceName=${AM_RESOURCENAME:-"alertmanager-v4m-alertmanager"}
+        prometheusResourceName=${PROM_RESOURCENAME:-"prometheus-v4m-prometheus"}
+        grafanaResourceName=${GR_RESOURCENAME:-"v4m-grafana"}
+
+        log_info "Restarting [Alertmanager, Prometheus, Grafana]"
+        kubectl rollout restart statefulset "$alertmanagerResourceName" -n "$namespace"
+        kubectl rollout restart statefulset "$prometheusResourceName" -n "$namespace"
+        kubectl rollout restart deployment "$grafanaResourceName" -n "$namespace"
+        ;;
+    "ALL-LOG")
+        namespace=$LOG_NS
+        osdResourceName=${OSD_RESOURCENAME:-"v4m-osd"}
+        osResourceName=${OS_RESOURCENAME:-"v4m-search"}
+
+        log_info "Restarting [OpenSearch, OpenSearch Dashboards]"
+        kubectl rollout restart deployment "$osdResourceName" -n "$namespace"
+        kubectl rollout restart statefulset "$osResourceName" -n "$namespace"
+        ;;
+    "ALL")
+        logNamespace=$LOG_NS
+        osdResourceName=${OSD_RESOURCENAME:-"v4m-osd"}
+        osResourceName=${OS_RESOURCENAME:-"v4m-search"}
+
+        log_info "Restarting [OpenSearch, OpenSearch Dashboards]"
+        kubectl rollout restart deployment "$osdResourceName" -n "$logNamespace"
+        kubectl rollout restart statefulset "$osResourceName" -n "$logNamespace"
+
+        monNamespace=$MON_NS
+        alertmanagerResourceName=${AM_RESOURCENAME:-"alertmanager-v4m-alertmanager"}
+        prometheusResourceName=${PROM_RESOURCENAME:-"prometheus-v4m-prometheus"}
+        grafanaResourceName=${GR_RESOURCENAME:-"v4m-grafana"}
+
+        log_info "Restarting [Alertmanager, Prometheus, Grafana]"
+        kubectl rollout restart statefulset "$alertmanagerResourceName" -n "$monNamespace"
+        kubectl rollout restart statefulset "$prometheusResourceName" -n "$monNamespace"
+        kubectl rollout restart deployment "$grafanaResourceName" -n "$monNamespace"
+        ;;
+    "" | *)
+        log_error "Must Specify which resources to restart"
+        log_error "Valid values are:"
+        log_error "[OPENSEARCH, OPENSEARCHDASHBOARDS, GRAFANA, PROMETHEUS, ALERTMANAGER, ALL-MON, ALL-LOG, or ALL]"
+        exit 1
+        ;;
     esac
 }
 
@@ -102,13 +102,13 @@
 function renew-certs {
     app=$1
     case "$app" in
-        "ALL-MON")
-            log_info "Generating new certs for [Alertmanager, Prometheus, Grafana]"
-            log_info "Deleting existing secrets for [Alertmanager, Prometheus, Grafana]"
-
-            for secretName in prometheus-tls-secret alertmanager-tls-secret grafana-tls-secret v4m-root-ca-tls-secret; do
-            if [ -n "$(kubectl get secret -n "$MON_NS" "$secretName" -o name 2>/dev/null)" ]; then
-                if (tls_cert_managed_by_v4m "$MON_NS" "$secretName") then
+    "ALL-MON")
+        log_info "Generating new certs for [Alertmanager, Prometheus, Grafana]"
+        log_info "Deleting existing secrets for [Alertmanager, Prometheus, Grafana]"
+
+        for secretName in prometheus-tls-secret alertmanager-tls-secret grafana-tls-secret v4m-root-ca-tls-secret; do
+            if [ -n "$(kubectl get secret -n "$MON_NS" "$secretName" -o name 2> /dev/null)" ]; then
+                if (tls_cert_managed_by_v4m "$MON_NS" "$secretName"); then
                     kubectl delete secret -n "$MON_NS" $secretName
                 else
                     log_error "[$secretName] is not managed by SAS Viya Monitoring. Delete certs not managed by SAS Viya Monitoring or update certs and restart applications by re-running this script using the [-r] flag"
@@ -115,20 +115,20 @@
                     exit 1
                 fi
             fi
-            done
-
-            log_info "Generating new certs for [Alertmanager, Prometheus, Grafana]"
-            create_tls_certs_openssl "$MON_NS" prometheus alertmanager grafana
-
-            restart-resources "ALL-MON" # WIP: Move restarts to create_tls_certs_openssl function?
-            ;;
-        "ALL-LOG")
+        done
+
+        log_info "Generating new certs for [Alertmanager, Prometheus, Grafana]"
+        create_tls_certs_openssl "$MON_NS" prometheus alertmanager grafana
+
+        restart-resources "ALL-MON" # WIP: Move restarts to create_tls_certs_openssl function?
+        ;;
+    "ALL-LOG")
         log_info "Generating new certs for [OpenSearch, OpenSearch Dashboards]"
         log_info "Deleting existing secrets for [OpenSearch, OpenSearch Dashboards]"
 
-            for secretName in kibana-tls-secret es-transport-tls-secret es-rest-tls-secret es-admin-tls-secret v4m-root-ca-tls-secret; do
-            if [ -n "$(kubectl get secret -n "$LOG_NS" "$secretName" -o name 2>/dev/null)" ]; then
-                if (tls_cert_managed_by_v4m "$LOG_NS" "$secretName") then
+        for secretName in kibana-tls-secret es-transport-tls-secret es-rest-tls-secret es-admin-tls-secret v4m-root-ca-tls-secret; do
+            if [ -n "$(kubectl get secret -n "$LOG_NS" "$secretName" -o name 2> /dev/null)" ]; then
+                if (tls_cert_managed_by_v4m "$LOG_NS" "$secretName"); then
                     kubectl delete secret -n "$LOG_NS" $secretName
                 else
                     log_error "[$secretName] is not managed by SAS Viya Monitoring. Delete certs not managed by SAS Viya Monitoring or update certs and restart applications by re-running this script using the [-r] flag"
@@ -135,18 +135,18 @@
                     exit 1
                 fi
             fi
-            done
-
-            log_info "Generating new certs for [OpenSearch and OpenSearch Dashboards]"
-            create_tls_certs_openssl "$LOG_NS" kibana es-transport es-rest es-admin
-
-            restart-resources "ALL-LOG" # WIP: Move restarts to create_tls_certs_openssl function?
-            ;;
-        ""|*)
-            log_error "Valid target values for certificate renewal:"
-            log_error "[ALL-MON] or [ALL-LOG]"
-            exit 1
-            ;;
+        done
+
+        log_info "Generating new certs for [OpenSearch and OpenSearch Dashboards]"
+        create_tls_certs_openssl "$LOG_NS" kibana es-transport es-rest es-admin
+
+        restart-resources "ALL-LOG" # WIP: Move restarts to create_tls_certs_openssl function?
+        ;;
+    "" | *)
+        log_error "Valid target values for certificate renewal:"
+        log_error "[ALL-MON] or [ALL-LOG]"
+        exit 1
+        ;;
     esac
 }
 
@@ -154,35 +154,35 @@
 
 while getopts 't:rh' OPTION; do
     case "$OPTION" in
-        t)
+    t)
         targetOpt=$OPTARG
         log_info "Target resources: $targetOpt"
         ;;
-        r)
+    r)
         # Restart resource without renewing certs
         restartOnly=true
         log_info "Restarting the target resources without renewing certs"
         ;;
-        h)
+    h)
         log_message "script usage: ./bin/renew-tls-certs.sh [-t [REQUIRED](target resource)] [-r]"
         log_message "-t (REQUIRED) Options: [ALL-MON, ALL-LOG]"
         log_message "-r Only restarts the target resources and does not generate new certs. Useful for those managing their own certs"
         log_message "Running with [-r] allows the following targets [-t]: [OPENSEARCH, OPENSEARCHDASHBOARDS, GRAFANA, PROMETHEUS, ALERTMANAGER, ALL-MON, ALL-LOG, or ALL]"
         ;;
-        ?)
+    ?)
         log_error "script usage: ./bin/renew-tls-certs.sh [-t [REQUIRED](target resource)] [-r]" >&2
         exit 1
         ;;
     esac
 done
-shift "$((OPTIND -1))"
+shift "$((OPTIND - 1))"
 
 if ! [ "$targetOpt" ]; then
-     log_error "Missing required target option, use [-h] to see how to use this script"
+    log_error "Missing required target option, use [-h] to see how to use this script"
 fi
 
 if [ $restartOnly == true ]; then
     restart-resources "$targetOpt"
-    else
+else
     renew-certs "$targetOpt"
 fi
diff bin/service-url-include.sh.orig bin/service-url-include.sh
--- bin/service-url-include.sh.orig
+++ bin/service-url-include.sh
@@ -29,10 +29,10 @@
     object=$2
     jsonpath=$3
 
-    info=$(kubectl -n "$namespace" get "$object" -o=jsonpath=$jsonpath 2>/dev/null)
+    info=$(kubectl -n "$namespace" get "$object" -o=jsonpath=$jsonpath 2> /dev/null)
     rc=$?
 
-    if [ ! -z  "$info" ]; then
+    if [ ! -z "$info" ]; then
         echo "$info"
     else
         v4m_rc=1
@@ -66,7 +66,7 @@
     namespace=$1
     name=$2
 
-    if [ ! "$(kubectl -n "$namespace"  get ingress/"$name" 2>/dev/null)" ]; then
+    if [ ! "$(kubectl -n "$namespace" get ingress/"$name" 2> /dev/null)" ]; then
         # ingress object does not exist
         v4m_rc=1
         echo ""
@@ -102,7 +102,7 @@
 
     url="$protocol://${host}${porttxt}${path}"
 
-    url="${url%/}"   # strip any trailing "/"
+    url="${url%/}" # strip any trailing "/"
     echo "$url"
 }
 
@@ -130,7 +130,7 @@
     fi
 
     url="$protocol://$host$path"
-    url="${url%/}"   # strip any trailing "/"
+    url="${url%/}" # strip any trailing "/"
 
     echo "$url"
 }
@@ -142,7 +142,7 @@
     service=$2
     tls_enabled=$3
 
-    if [ ! "$(kubectl -n "$namespace" get service/"$service" 2>/dev/null)" ]; then
+    if [ ! "$(kubectl -n "$namespace" get service/"$service" 2> /dev/null)" ]; then
         # ingress object does not exist
         v4m_rc=1
         echo ""
@@ -151,7 +151,7 @@
 
     host="$(kubectl get node --selector='node-role.kubernetes.io/master' | awk 'NR==2 { print $1 }')"
     if [ -z "$host" ]; then
-        host=$(kubectl get nodes | awk 'NR==2 { print $1 }')  # use first node
+        host=$(kubectl get nodes | awk 'NR==2 { print $1 }') # use first node
     fi
 
     port=$(get_k8s_info "$namespace" "service/$service" "$json_service_nodeport")
@@ -174,12 +174,12 @@
     local namespace service use_tls ingress service_type url
 
     namespace=$1
-    service=$2                 # name of service
-    use_tls=$3                 # (optional - NodePort only) use http or https (ingress properties over-ride)
-    ingress=${4:-${service}}   # (optional) name of ingress/route object (default: $service)
+    service=$2               # name of service
+    use_tls=$3               # (optional - NodePort only) use http or https (ingress properties over-ride)
+    ingress=${4:-${service}} # (optional) name of ingress/route object (default: $service)
 
     # is a route defined for this service?
-    if [ "$OPENSHIFT_CLUSTER" == "true" ] && [ "$(kubectl -n "$namespace" get route/"$service" 2>/dev/null)" ]; then
+    if [ "$OPENSHIFT_CLUSTER" == "true" ] && [ "$(kubectl -n "$namespace" get route/"$service" 2> /dev/null)" ]; then
         url=$(get_route_url "$namespace" "$service")
 
         if [ -z "$url" ]; then
diff bin/show_app_url.sh.orig bin/show_app_url.sh
--- bin/show_app_url.sh.orig
+++ bin/show_app_url.sh
@@ -25,7 +25,7 @@
 
 #start looping through services
 servicelist=${*:-"ALL"}
-servicelist=$(echo "$servicelist"| tr '[:lower:]' '[:upper:]')
+servicelist=$(echo "$servicelist" | tr '[:lower:]' '[:upper:]')
 
 if [ "$servicelist" == "ALL" ]; then
     servicelist="GRAFANA OS OSD"
@@ -33,17 +33,16 @@
 
 log_debug "Application URLs requested for [$servicelist]"
 
-for service in $servicelist
-do
-   case  "$service" in
-     OPENSEARCHDASHBOARDS|OPENSEARCHDASHBOARD|OSD)
+for service in $servicelist; do
+    case "$service" in
+    OPENSEARCHDASHBOARDS | OPENSEARCHDASHBOARD | OSD)
         service="OpenSearch Dashboards"
         namespace=${LOG_NS:-"logging"}
         servicename="v4m-osd"
         ingressname="v4m-osd"
-        tls_flag=$(kubectl -n "$namespace" get secret v4m-osd-tls-enabled -o=jsonpath="{.data.enable_tls}" --ignore-not-found |base64 --decode)
-        ;;
-     OPENSEARCH|OS)
+        tls_flag=$(kubectl -n "$namespace" get secret v4m-osd-tls-enabled -o=jsonpath="{.data.enable_tls}" --ignore-not-found | base64 --decode)
+        ;;
+    OPENSEARCH | OS)
         service="OpenSearch"
         namespace=${LOG_NS:-"logging"}
         servicename="v4m-search"
@@ -50,7 +49,7 @@
         ingressname="v4m-search"
         tls_flag="true"
         ;;
-     GRAFANA|GRAF|GR)
+    GRAFANA | GRAF | GR)
         namespace=${MON_NS:-"monitoring"}
         service="Grafana"
         servicename="v4m-grafana"
@@ -57,7 +56,7 @@
         ingressname="v4m-grafana"
         tls_flag="$TLS_ENABLE"
         ;;
-     PROMETHEUS|PROM|PR)
+    PROMETHEUS | PROM | PR)
         namespace=${MON_NS:-"monitoring"}
         service="Prometheus"
         servicename="v4m-prometheus"
@@ -64,7 +63,7 @@
         ingressname="v4m-prometheus"
         tls_flag="$TLS_ENABLE"
         ;;
-     ALERTMANAGER|AM)
+    ALERTMANAGER | AM)
         namespace=${MON_NS:-"monitoring"}
         service="AlertManager"
         servicename="v4m-alertmanager"
@@ -72,31 +71,30 @@
         tls_flag="$TLS_ENABLE"
         ;;
 
-     *)
+    *)
         log_error "Invalid application [$service] specified".
         log_error "Valid values are [GRAFANA, OPENSEARCH, OPENSEARCHDASHBOARDS or ALL]"
         exit 1
         ;;
-   esac
-
-   # get URLs for requested services
-   log_debug "Function call: get_service_url $namespace $servicename $tls_flag $ingressname"
-
-   service_url=$(get_service_url "$namespace" "$servicename"  "$tls_flag" "$ingressname")
-
-   # Print URLs
-   # add_notice "*** $service ***"
-   if [ ! -z "$service_url" ]; then
+    esac
+
+    # get URLs for requested services
+    log_debug "Function call: get_service_url $namespace $servicename $tls_flag $ingressname"
+
+    service_url=$(get_service_url "$namespace" "$servicename" "$tls_flag" "$ingressname")
+
+    # Print URLs
+    # add_notice "*** $service ***"
+    if [ ! -z "$service_url" ]; then
         add_notice "  You can access $service via the following URL:"
         add_notice "    $service_url"
         add_notice ""
-   else
+    else
         add_notice "  It was not possible to determine the URL needed to access $service"
         add_notice ""
-   fi
+    fi
 done
 
-
 add_notice " Note: The URL might be incorrect if your Ingress configuration, another network"
 add_notice "       configuration, or both include options that this script does not process."
 add_notice ""
diff bin/tls-include.sh.orig bin/tls-include.sh
--- bin/tls-include.sh.orig
+++ bin/tls-include.sh
@@ -8,7 +8,7 @@
 
 # Determine if cert-manager is available
 
-if [ "$(kubectl get crd certificates.cert-manager.io -o name 2>/dev/null)" ]; then
+if [ "$(kubectl get crd certificates.cert-manager.io -o name 2> /dev/null)" ]; then
     # shellcheck disable=SC2034
     certManagerAvailable="true"
 else
@@ -23,7 +23,7 @@
         return 1
     fi
 
-    if [ "$(kubectl get crd certificates.cert-manager.io -o name 2>/dev/null)" ]; then
+    if [ "$(kubectl get crd certificates.cert-manager.io -o name 2> /dev/null)" ]; then
         cert_manager_ok="true"
         return 0
     else
@@ -32,7 +32,6 @@
     fi
 }
 
-
 function deploy_issuers {
     namespace=$1
     context=$2
@@ -45,11 +44,11 @@
 
     # Create issuers if needed
     # Issuers honor USER_DIR for overrides/customizations
-    if [ -z "$(kubectl get issuer -n "$namespace" selfsigning-issuer -o name 2>/dev/null)" ]; then
+    if [ -z "$(kubectl get issuer -n "$namespace" selfsigning-issuer -o name 2> /dev/null)" ]; then
         log_info "Creating selfsigning-issuer for the [$namespace] namespace..."
         selfsignIssuer=$context/tls/selfsigning-issuer.yaml
         if [ -f "$USER_DIR/$context/tls/selfsigning-issuer.yaml" ]; then
-        selfsignIssuer="$USER_DIR/$context/tls/selfsigning-issuer.yaml"
+            selfsignIssuer="$USER_DIR/$context/tls/selfsigning-issuer.yaml"
         fi
         log_debug "Self-sign issuer yaml is [$selfsignIssuer]"
         kubectl apply -n "$namespace" -f "$selfsignIssuer"
@@ -57,7 +56,7 @@
     else
         log_debug "Using existing $namespace/selfsigning-issuer"
     fi
-    if [ -z "$(kubectl get secret -n "$namespace" ca-certificate-secret -o name 2>/dev/null)" ]; then
+    if [ -z "$(kubectl get secret -n "$namespace" ca-certificate-secret -o name 2> /dev/null)" ]; then
         log_info "Creating self-signed CA certificate for the [$namespace] namespace..."
         caCert=$context/tls/ca-certificate.yaml
         if [ -f "$USER_DIR/$context/tls/ca-certificate.yaml" ]; then
@@ -69,7 +68,7 @@
     else
         log_debug "Using existing $namespace/ca-certificate-secret"
     fi
-    if [ -z "$(kubectl get issuer -n "$namespace" namespace-issuer -o name 2>/dev/null)" ]; then
+    if [ -z "$(kubectl get issuer -n "$namespace" namespace-issuer -o name 2> /dev/null)" ]; then
         log_info "Creating namespace-issuer for the [$namespace] namespace..."
         namespaceIssuer=$context/tls/namespace-issuer.yaml
         if [ -f "$USER_DIR/$context/tls/namespace-issuer.yaml" ]; then
@@ -84,63 +83,62 @@
 }
 
 function deploy_app_cert {
-  namespace=$1
-  context=$2
-  app=$3
-
-  contextDir=${TLS_CONTEXT_DIR:-$context/tls}
-
-  # Create the certificate using cert-manager
-  certyaml=$contextDir/$app-tls-cert.yaml
-  if [ -f "$USER_DIR/$context/tls/$app-tls-cert.yaml" ]; then
-    certyaml="$USER_DIR/$context/tls/$app-tls-cert.yaml"
-  fi
-  log_debug "Creating cert-manager certificate custom resource for [$app] using [$certyaml]"
-  kubectl apply -n "$namespace" -f "$certyaml"
+    namespace=$1
+    context=$2
+    app=$3
+
+    contextDir=${TLS_CONTEXT_DIR:-$context/tls}
+
+    # Create the certificate using cert-manager
+    certyaml=$contextDir/$app-tls-cert.yaml
+    if [ -f "$USER_DIR/$context/tls/$app-tls-cert.yaml" ]; then
+        certyaml="$USER_DIR/$context/tls/$app-tls-cert.yaml"
+    fi
+    log_debug "Creating cert-manager certificate custom resource for [$app] using [$certyaml]"
+    kubectl apply -n "$namespace" -f "$certyaml"
 }
 
 function create_tls_certs_cm {
-  namespace=$1
-  context=$2
-  shift 2
-  apps=("$@")
-
-  deployedIssuers="false"
+    namespace=$1
+    context=$2
+    shift 2
+    apps=("$@")
+
+    deployedIssuers="false"
     # Certs honor USER_DIR for overrides/customizations
-  for app in "${apps[@]}"; do
-    # Only create the secrets if they do not exist
-    TLS_SECRET_NAME=$app-tls-secret
-    if [ -z "$(kubectl get secret -n "$namespace" "$TLS_SECRET_NAME" -o name 2>/dev/null)" ]; then
-        if [ "$deployedIssuers" == "false" ]; then
-          deploy_issuers "$namespace" "$context"
-          deployedIssuers="true"
-        fi
-        deploy_app_cert "$namespace" "$context" "$app"
-    else
-      log_debug "Using existing $TLS_SECRET_NAME for [$app]"
-    fi
-  done
+    for app in "${apps[@]}"; do
+        # Only create the secrets if they do not exist
+        TLS_SECRET_NAME=$app-tls-secret
+        if [ -z "$(kubectl get secret -n "$namespace" "$TLS_SECRET_NAME" -o name 2> /dev/null)" ]; then
+            if [ "$deployedIssuers" == "false" ]; then
+                deploy_issuers "$namespace" "$context"
+                deployedIssuers="true"
+            fi
+            deploy_app_cert "$namespace" "$context" "$app"
+        else
+            log_debug "Using existing $TLS_SECRET_NAME for [$app]"
+        fi
+    done
 }
 
 function create_tls_certs {
-  local namespace context apps
-  namespace=$1
-  context=$2
-  shift 2
-  apps=("$@")
-
-  if [ "$CERT_GENERATOR" == "cert-manager" ]; then
-     create_tls_certs_cm       "$namespace" "$context" "${apps[@]}"
-  elif [ "$CERT_GENERATOR" == "openssl" ]; then
-     create_tls_certs_openssl  "$namespace"          "${apps[@]}"
-  else
-     log_error "Unknown TLS Certificate Generator [$cert-generator] requested."
-     return 1
-  fi
-}
-
-
-function  do_all_secrets_already_exist {
+    local namespace context apps
+    namespace=$1
+    context=$2
+    shift 2
+    apps=("$@")
+
+    if [ "$CERT_GENERATOR" == "cert-manager" ]; then
+        create_tls_certs_cm "$namespace" "$context" "${apps[@]}"
+    elif [ "$CERT_GENERATOR" == "openssl" ]; then
+        create_tls_certs_openssl "$namespace" "${apps[@]}"
+    else
+        log_error "Unknown TLS Certificate Generator [$cert-generator] requested."
+        return 1
+    fi
+}
+
+function do_all_secrets_already_exist {
     namespace="$1"
     shift
     apps=("$@")
@@ -148,84 +146,84 @@
     all_secrets_exist="true"
 
     for app in "${apps[@]}"; do
-      secretName=$app-tls-secret
-      if [ -z "$(kubectl get secret -n "$namespace" "$secretName" -o name 2>/dev/null)" ]; then
-          log_debug "Secret [$namespace/$secretName] not found. Certificate generation is required."
-          all_secrets_exist="false"
-          break
-      else
-        log_debug "Found existing secret $namespace/$secretName"
-      fi
-    done
-
-   if [ "$all_secrets_exist" == "false" ]; then
-      return 1
-   else
-      return 0
-   fi
+        secretName=$app-tls-secret
+        if [ -z "$(kubectl get secret -n "$namespace" "$secretName" -o name 2> /dev/null)" ]; then
+            log_debug "Secret [$namespace/$secretName] not found. Certificate generation is required."
+            all_secrets_exist="false"
+            break
+        else
+            log_debug "Found existing secret $namespace/$secretName"
+        fi
+    done
+
+    if [ "$all_secrets_exist" == "false" ]; then
+        return 1
+    else
+        return 0
+    fi
 }
 
 function verify_cert_generator {
 
-  if [ "$TLS_ENABLE" != "true" ]; then
-     log_debug "TLS is disabled. Skipping verification of certificate generator."
-     return 0
-  fi
-
-  if [ "$cert_generator_ok" == "true" ]; then
-    return 0
-  elif [ "$cert_generator_ok" == "false" ]; then
-    return 1
-  fi
-
-  if do_all_secrets_already_exist "$@"; then
-     log_debug "All required secrets exist. Skipping check for certificate generator check."
-     cert_generator_ok="true"
-     return 0
-  else
-     cert_generator_ok="false"
-  fi
-
-  if [ "$CERT_GENERATOR" == "cert-manager" ]; then
-     verify_cert_manager
-     rc=$?
-  elif [ "$CERT_GENERATOR" == "openssl" ]; then
-    verify_openssl
-    rc=$?
-  else
-     log_error "No TLS certificate generation mechanism defined"
-     return 1
-  fi
-
-  if [ "$rc" == "0" ]; then
-     cert_generator_ok="true"
-  else
-     cert_generator_ok="false"
-  fi
-  return $rc
+    if [ "$TLS_ENABLE" != "true" ]; then
+        log_debug "TLS is disabled. Skipping verification of certificate generator."
+        return 0
+    fi
+
+    if [ "$cert_generator_ok" == "true" ]; then
+        return 0
+    elif [ "$cert_generator_ok" == "false" ]; then
+        return 1
+    fi
+
+    if do_all_secrets_already_exist "$@"; then
+        log_debug "All required secrets exist. Skipping check for certificate generator check."
+        cert_generator_ok="true"
+        return 0
+    else
+        cert_generator_ok="false"
+    fi
+
+    if [ "$CERT_GENERATOR" == "cert-manager" ]; then
+        verify_cert_manager
+        rc=$?
+    elif [ "$CERT_GENERATOR" == "openssl" ]; then
+        verify_openssl
+        rc=$?
+    else
+        log_error "No TLS certificate generation mechanism defined"
+        return 1
+    fi
+
+    if [ "$rc" == "0" ]; then
+        cert_generator_ok="true"
+    else
+        cert_generator_ok="false"
+    fi
+    return $rc
 }
 
 function verify_openssl {
-  if [ "$openssl_ok" == "true" ]; then
-    return 0
-  elif [ "$openssl_ok" == "false" ]; then
-    return 1
-  else
-     # shellcheck disable=SC2034
-     openssl_version="$(which openssl)" 2>/dev/null
-     openssl_available="$?"
-
-     if [ "$openssl_available" == "0" ]; then
-        log_debug "OpenSSL is available to generate missing required certs"
-        openssl_ok="true"
-        return 0
-     else
-        log_error "OpenSSL is NOT available to generate missing required certs"
-        openssl_ok="false"
-        return 1
-     fi
-
-  fi
+    if [ "$openssl_ok" == "true" ]; then
+        return 0
+    elif [ "$openssl_ok" == "false" ]; then
+        return 1
+    else
+        # shellcheck disable=SC2034
+        openssl_version="$(which openssl)" 2> /dev/null
+        openssl_available="$?"
+
+        if [ "$openssl_available" == "0" ]; then
+            log_debug "OpenSSL is available to generate missing required certs"
+            openssl_ok="true"
+            return 0
+        else
+            log_error "OpenSSL is NOT available to generate missing required certs"
+            openssl_ok="false"
+            return 1
+        fi
+
+    fi
 }
 
 function create_cert_secret {
@@ -235,18 +233,18 @@
     secretName="$3"
 
     if [ -z "$secretName" ]; then
-       secretName="${app}-tls-secret"
+        secretName="${app}-tls-secret"
     fi
     log_debug "Storing TLS Cert for [$app] in secret [$secretName] in namespace [$namespace]"
 
-    expiration_date=$(openssl x509 -enddate -noout -in  "$TMP_DIR"/"${app}".pem | awk -F "=" '{print $2}')
+    expiration_date=$(openssl x509 -enddate -noout -in "$TMP_DIR"/"${app}".pem | awk -F "=" '{print $2}')
     # Secret Type: TLS (two sub-parts: cert + key)
     #kubectl -n "$namespace" create secret tls $secretName --cert $TMP_DIR/${app}.pem --key $TMP_DIR/${app}-key.pem
 
     # Secret Type: GENERIC (3 sub-parts: cert + key + CACert)
     kubectl -n "$namespace" create secret generic "$secretName" --from-file=tls.crt=$TMP_DIR/${app}.pem --from-file=tls.key=$TMP_DIR/${app}-key.pem --from-file=ca.crt=$TMP_DIR/root-ca.pem
-    kubectl -n "$namespace" annotate secret "$secretName"  expiration="$expiration_date"
-    kubectl -n "$namespace" label secret "$secretName"  managed-by="v4m" cert-generator="openssl"
+    kubectl -n "$namespace" annotate secret "$secretName" expiration="$expiration_date"
+    kubectl -n "$namespace" label secret "$secretName" managed-by="v4m" cert-generator="openssl"
 
 }
 
@@ -253,35 +251,34 @@
 # Checks if tls cert is or will expire within TLS_CERT_RENEW_WINDOW timeframe
 # Return 1: cert is still valid and will not expire with the given timeframe
 # Return 0: cert is expired or will expire within the given timeframe
-function tls_cert_expired () {
-  namespace="$1"
-  app="$2"
-  secretName="$3"
-
-  cert_window=$((${TLS_CERT_RENEW_WINDOW:-7} * 86400))
-
-  if kubectl get secret -n "$namespace" "$secretName" -o "jsonpath={.data['tls\.crt']}" | base64 -d | openssl x509 -checkend $cert_window -noout 2>/dev/null
-  then
-    return 1
-  else
-    return 0
-  fi
+function tls_cert_expired() {
+    namespace="$1"
+    app="$2"
+    secretName="$3"
+
+    cert_window=$((${TLS_CERT_RENEW_WINDOW:-7} * 86400))
+
+    if kubectl get secret -n "$namespace" "$secretName" -o "jsonpath={.data['tls\.crt']}" | base64 -d | openssl x509 -checkend $cert_window -noout 2> /dev/null; then
+        return 1
+    else
+        return 0
+    fi
 }
 
 # Checks if tls cert is generated and managed by V4M
 # Return 0: TLS cert is managed by V4M
 # Return 1: TLS cert is not managed by V4M
-function tls_cert_managed_by_v4m () {
-  namespace="$1"
-  secretName="$3"
-
-  if [[ "$(kubectl get secret -n "$namespace" "$secretName" --show-labels)" == *"managed-by=v4m"* ]]; then
-    log_debug "TLS Certs are managed by SAS Viya Monitoring"
-    return 0
-  else
-    log_debug "TLS Certs are not managed by SAS Viya Monitoring"
-    return 1
-  fi
+function tls_cert_managed_by_v4m() {
+    namespace="$1"
+    secretName="$3"
+
+    if [[ "$(kubectl get secret -n "$namespace" "$secretName" --show-labels)" == *"managed-by=v4m"* ]]; then
+        log_debug "TLS Certs are managed by SAS Viya Monitoring"
+        return 0
+    else
+        log_debug "TLS Certs are not managed by SAS Viya Monitoring"
+        return 1
+    fi
 }
 
 function create_tls_certs_openssl {
@@ -293,61 +290,59 @@
     cert_life=${OPENSSL_CERT_LIFE:-550}
 
     for app in "${apps[@]}"; do
-      secretName="${app}-tls-secret"
-
-      if [ -n "$(kubectl get secret -n "$namespace" "$secretName" -o name 2>/dev/null)" ]; then
-        if (tls_cert_managed_by_v4m "$namespace" "$secretName") then
-          if ! (tls_cert_expired "$namespace" "$app" "$secretName") then
-            log_debug "TLS Secret for [$app] already exists and cert is not expired; skipping TLS certificate generation."
-            continue
-          else
-            log_info "TLS Secret for [$app] exists but cert has expired or will do so within ${TLS_CERT_RENEW_WINDOW:-7} days"
-            log_info "Renew cert using: renew-tls-certs.sh"
-            # TODO: When certs are expired:
-            # Delete secret and allow cert generation
-            # Get the resource restarted by calling func in renew-tls-certs.sh
-            # kubectl delete secret -n "$namespace" $secretName
-            continue
-          fi
-        else
-          # Cert not managed by SAS Viya Monitoring
-          continue
-        fi
-      fi
-
-      if [ ! -f  "$TMP_DIR"/root-ca-key.pem ]; then
-
-         if [ -n "$(kubectl get secret -n "$namespace" v4m-root-ca-tls-secret -o name 2>/dev/null)" ]; then
-            log_debug "Extracting Root CA cert from secret [v4m-root-ca-tls-secret]"
-            kubectl -n "$namespace" get secret v4m-root-ca-tls-secret -o=jsonpath="{.data.tls\.crt}" |base64 --decode > "$TMP_DIR"/root-ca.pem
-            kubectl -n "$namespace" get secret v4m-root-ca-tls-secret -o=jsonpath="{.data.tls\.key}" |base64 --decode > "$TMP_DIR"/root-ca-key.pem
-         else
-            log_debug "Creating Root CA cert using OpenSSL"
-            cert_subject="/O=v4m/CN=rootca"
-            openssl genrsa -out "$TMP_DIR"/root-ca-key.pem 4096 2>/dev/null
-            openssl req -new -x509 -sha256 -key "$TMP_DIR"/root-ca-key.pem -subj "$cert_subject" -out "$TMP_DIR"/root-ca.pem -days "$cert_life"
-
-            create_cert_secret "$namespace" root-ca v4m-root-ca-tls-secret
-         fi
-
-      else
-         log_debug "Using existing Root CA cert"
-      fi
-
-      log_debug "Creating TLS Cert for [$app] using OpenSSL"
-      cert_subject="/O=v4m/CN=$app"
-      openssl genrsa -out "$TMP_DIR"/"${app}"-key-temp.pem 4096 2>/dev/null
-      openssl pkcs8 -inform PEM -outform PEM -in "$TMP_DIR"/"${app}"-key-temp.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out "$TMP_DIR"/"${app}"-key.pem
-      openssl req -new -key "$TMP_DIR"/"${app}"-key.pem -subj "$cert_subject" -out "$TMP_DIR"/"${app}".csr
-      openssl x509 -req -in "$TMP_DIR"/"${app}".csr -CA "$TMP_DIR"/root-ca.pem  -CAkey "$TMP_DIR"/root-ca-key.pem -CAcreateserial -CAserial "$TMP_DIR"/ca.srl -sha256 -out "$TMP_DIR"/"${app}".pem -days "$cert_life" 2>/dev/null
-
-      create_cert_secret "$namespace" "$app"
-
-    done
-
-
-}
-
+        secretName="${app}-tls-secret"
+
+        if [ -n "$(kubectl get secret -n "$namespace" "$secretName" -o name 2> /dev/null)" ]; then
+            if (tls_cert_managed_by_v4m "$namespace" "$secretName"); then
+                if ! (tls_cert_expired "$namespace" "$app" "$secretName"); then
+                    log_debug "TLS Secret for [$app] already exists and cert is not expired; skipping TLS certificate generation."
+                    continue
+                else
+                    log_info "TLS Secret for [$app] exists but cert has expired or will do so within ${TLS_CERT_RENEW_WINDOW:-7} days"
+                    log_info "Renew cert using: renew-tls-certs.sh"
+                    # TODO: When certs are expired:
+                    # Delete secret and allow cert generation
+                    # Get the resource restarted by calling func in renew-tls-certs.sh
+                    # kubectl delete secret -n "$namespace" $secretName
+                    continue
+                fi
+            else
+                # Cert not managed by SAS Viya Monitoring
+                continue
+            fi
+        fi
+
+        if [ ! -f "$TMP_DIR"/root-ca-key.pem ]; then
+
+            if [ -n "$(kubectl get secret -n "$namespace" v4m-root-ca-tls-secret -o name 2> /dev/null)" ]; then
+                log_debug "Extracting Root CA cert from secret [v4m-root-ca-tls-secret]"
+                kubectl -n "$namespace" get secret v4m-root-ca-tls-secret -o=jsonpath="{.data.tls\.crt}" | base64 --decode > "$TMP_DIR"/root-ca.pem
+                kubectl -n "$namespace" get secret v4m-root-ca-tls-secret -o=jsonpath="{.data.tls\.key}" | base64 --decode > "$TMP_DIR"/root-ca-key.pem
+            else
+                log_debug "Creating Root CA cert using OpenSSL"
+                cert_subject="/O=v4m/CN=rootca"
+                openssl genrsa -out "$TMP_DIR"/root-ca-key.pem 4096 2> /dev/null
+                openssl req -new -x509 -sha256 -key "$TMP_DIR"/root-ca-key.pem -subj "$cert_subject" -out "$TMP_DIR"/root-ca.pem -days "$cert_life"
+
+                create_cert_secret "$namespace" root-ca v4m-root-ca-tls-secret
+            fi
+
+        else
+            log_debug "Using existing Root CA cert"
+        fi
+
+        log_debug "Creating TLS Cert for [$app] using OpenSSL"
+        cert_subject="/O=v4m/CN=$app"
+        openssl genrsa -out "$TMP_DIR"/"${app}"-key-temp.pem 4096 2> /dev/null
+        openssl pkcs8 -inform PEM -outform PEM -in "$TMP_DIR"/"${app}"-key-temp.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out "$TMP_DIR"/"${app}"-key.pem
+        openssl req -new -key "$TMP_DIR"/"${app}"-key.pem -subj "$cert_subject" -out "$TMP_DIR"/"${app}".csr
+        openssl x509 -req -in "$TMP_DIR"/"${app}".csr -CA "$TMP_DIR"/root-ca.pem -CAkey "$TMP_DIR"/root-ca-key.pem -CAcreateserial -CAserial "$TMP_DIR"/ca.srl -sha256 -out "$TMP_DIR"/"${app}".pem -days "$cert_life" 2> /dev/null
+
+        create_cert_secret "$namespace" "$app"
+
+    done
+
+}
 
 export -f verify_cert_manager deploy_issuers deploy_app_cert create_tls_certs_cm
 export -f do_all_secrets_already_exist verify_cert_generator verify_openssl create_cert_secret create_tls_certs_openssl create_tls_certs
diff bin/version-include.sh.orig bin/version-include.sh
--- bin/version-include.sh.orig
+++ bin/version-include.sh
@@ -8,46 +8,46 @@
     touch "$v4mValuesYAML"
 
     # Attempt to obtain current git commit hash
-    gitCommit=$(git rev-parse --short HEAD 2>/dev/null)
+    gitCommit=$(git rev-parse --short HEAD 2> /dev/null)
     if [ -n "$gitCommit" ]; then
         echo "gitCommit: $gitCommit" >> "$v4mValuesYAML"
         gitStatus=$(git status -s | sed 's/^ M/M/' | sed 's/^/  /')
         if [ -n "$gitStatus" ]; then
-        echo "gitStatus: |" >> "$v4mValuesYAML"
-        echo "$gitStatus" >> "$v4mValuesYAML"
+            echo "gitStatus: |" >> "$v4mValuesYAML"
+            echo "$gitStatus" >> "$v4mValuesYAML"
         fi
     fi
 
     # List contents of USER_DIR
-    if ! [[ "$USER_DIR" -ef "$(pwd)" ]]; then
+    if ! [[ $USER_DIR -ef "$(pwd)" ]]; then
         if [ -d "$USER_DIR" ]; then
-        # shellcheck disable=SC2129
-        echo '"user_dir":' >> "$v4mValuesYAML"
-        echo "  path: $USER_DIR" >> "$v4mValuesYAML"
-        echo '  files: |' >> "$v4mValuesYAML"
-        # shellcheck disable=SC2207
-        l=($(find "$USER_DIR" -type f|sort))
-        for (( i=0; i<${#l[@]}; i++ )); do
-            fullPath=${l[i]}
-            path=${fullPath#"$USER_DIR/"}
-            echo "      $path" >> "$v4mValuesYAML"
-        done
+            # shellcheck disable=SC2129
+            echo '"user_dir":' >> "$v4mValuesYAML"
+            echo "  path: $USER_DIR" >> "$v4mValuesYAML"
+            echo '  files: |' >> "$v4mValuesYAML"
+            # shellcheck disable=SC2207
+            l=($(find "$USER_DIR" -type f | sort))
+            for ((i = 0; i < ${#l[@]}; i++)); do
+                fullPath=${l[i]}
+                path=${fullPath#"$USER_DIR/"}
+                echo "      $path" >> "$v4mValuesYAML"
+            done
         fi
 
         # Top-level user.env contents
         if [ -f "$USER_DIR/user.env" ]; then
-        echo '  "user.env": |' >> "$v4mValuesYAML"
-        cat "$USER_DIR/user.env" | sed 's/^/      /' >> "$v4mValuesYAML"
+            echo '  "user.env": |' >> "$v4mValuesYAML"
+            cat "$USER_DIR/user.env" | sed 's/^/      /' >> "$v4mValuesYAML"
         fi
         # Monitoring user.env contents
         if [ -f "$USER_DIR/monitoring/user.env" ]; then
-        echo '  "monitoring_user.env": |' >> "$v4mValuesYAML"
-        cat "$USER_DIR/monitoring/user.env" | sed 's/^/      /' >> "$v4mValuesYAML"
+            echo '  "monitoring_user.env": |' >> "$v4mValuesYAML"
+            cat "$USER_DIR/monitoring/user.env" | sed 's/^/      /' >> "$v4mValuesYAML"
         fi
         # Logging user.env contents
         if [ -f "$USER_DIR/logging/user.env" ]; then
-        echo '  "logging_user.env": |' >> "$v4mValuesYAML"
-        cat "$USER_DIR/logging/user.env" | sed 's/^/      /' >> "$v4mValuesYAML"
+            echo '  "logging_user.env": |' >> "$v4mValuesYAML"
+            cat "$USER_DIR/logging/user.env" | sed 's/^/      /' >> "$v4mValuesYAML"
         fi
     fi
 
@@ -115,19 +115,19 @@
     if [ -z "$v4mHelmVersionLines" ]; then
         log_debug "No [$releaseName] release found in [$NS]"
     else
-        for (( i=0; i<${#v4mHelmVersionLines[@]}; i++ )); do
-        line=${v4mHelmVersionLines[$i]}
-        vre='app_version: (([0-9]+).([[0-9]+).([0-9]+)\.?(-.+)?)'
-        sre='status: (.+)'
-        if [[ $line =~ $vre ]]; then
-            # Set
-            releaseVersionFull=${BASH_REMATCH[1]}
-            releaseVersionMajor=${BASH_REMATCH[2]}
-            releaseVersionMinor=${BASH_REMATCH[3]}
-            releaseVersionPatch=${BASH_REMATCH[4]}
-        elif [[ "$line" =~ $sre ]]; then
-            releaseStatus=${BASH_REMATCH[1]}
-        fi
+        for ((i = 0; i < ${#v4mHelmVersionLines[@]}; i++)); do
+            line=${v4mHelmVersionLines[$i]}
+            vre='app_version: (([0-9]+).([[0-9]+).([0-9]+)\.?(-.+)?)'
+            sre='status: (.+)'
+            if [[ $line =~ $vre ]]; then
+                # Set
+                releaseVersionFull=${BASH_REMATCH[1]}
+                releaseVersionMajor=${BASH_REMATCH[2]}
+                releaseVersionMinor=${BASH_REMATCH[3]}
+                releaseVersionPatch=${BASH_REMATCH[4]}
+            elif [[ $line =~ $sre ]]; then
+                releaseStatus=${BASH_REMATCH[1]}
+            fi
         done
 
     fi
@@ -156,4 +156,3 @@
     export -f deployV4MInfo removeV4MInfo getHelmReleaseVersion
     export V4M_VERSION_INCLUDE=true
 fi
-
----------

You can reformat the above files to meet shfmt's requirements by typing:

  shfmt -s -i 4 -bn -sr -ln bash -w filename

[github-actions]

sh-checker report

To get the full details, please check in the job output.

shellcheck errors

'shellcheck -e SC1004' returned error 1 finding the following syntactical issues:

----------

In bin/tls-include.sh line 247:
    kubectl -n "$namespace" create secret generic "$secretName" --from-file=tls.crt=$TMP_DIR/${app}.pem --from-file=tls.key=$TMP_DIR/${app}-key.pem --from-file=ca.crt=$TMP_DIR/root-ca.pem
                                                                                    ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                             ^----^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                            ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                                     ^----^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                                                                       ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
    kubectl -n "$namespace" create secret generic "$secretName" --from-file=tls.crt="$TMP_DIR"/"${app}".pem --from-file=tls.key="$TMP_DIR"/"${app}"-key.pem --from-file=ca.crt="$TMP_DIR"/root-ca.pem

For more information:
  https://www.shellcheck.net/wiki/SC2086 -- Double quote to prevent globbing ...
----------

You can address the above issues in one of three ways:
1. Manually correct the issue in the offending shell script;
2. Disable specific issues by adding the comment:
  # shellcheck disable=NNNN
above the line that contains the issue, where NNNN is the error code;
3. Add '-e NNNN' to the SHELLCHECK_OPTS setting in your .yml action file.

shfmt errors

'shfmt -s -i 4 -bn -sr -ln bash' returned error 1 finding the following formatting issues:

----------
diff bin/airgap-include.sh.orig bin/airgap-include.sh
--- bin/airgap-include.sh.orig
+++ bin/airgap-include.sh
@@ -5,7 +5,6 @@
 # This file is not marked as executable as it is intended to be sourced
 # Current directory must be the root directory of the repo
 
-
 if [ "$AIRGAP_SOURCED" == "" ]; then
     ## Check for AIRGAP_REGISTRY, if null/empty, error out.  Otherwise set and create HELM_URL_BASE.
     if [ -z "$AIRGAP_REGISTRY" ]; then
diff bin/autogenerate-include.sh.orig bin/autogenerate-include.sh
--- bin/autogenerate-include.sh.orig
+++ bin/autogenerate-include.sh
@@ -5,7 +5,6 @@
 # This file is not marked as executable as it is intended to be sourced
 # Current directory must be the root directory of the repo
 
-
 function checkYqVersion {
     # confirm yq installed and correct version
     local goodver yq_version
@@ -36,8 +35,8 @@
     if [ -f "$certFile" ] && [ -f "$keyFile" ]; then
         kubectl delete secret "$secretName" --namespace "$namespace" --ignore-not-found
         kubectl create secret tls "$secretName" --namespace "$namespace" --key="$keyFile" --cert="$certFile"
-        kubectl -n "$namespace" label secret "$secretName"  managed-by="v4m-es-script"
-    elif [  -n "$certFile$keyFile" ]; then
+        kubectl -n "$namespace" label secret "$secretName" managed-by="v4m-es-script"
+    elif [ -n "$certFile$keyFile" ]; then
         log_warn "Missing Ingress certificate file; specified Ingress cert [$certFile] and/or key [$keyFile] file is missing."
         log_warn "Create the missing Kubernetes secrets after deployment; use command: kubectl -create secret tls $secretName --namespace $namespace --key=cert_key_file --cert=cert_file"
     fi
@@ -162,7 +161,7 @@
             log_debug "Secret [$SMTP_USER_SECRET] exists; will use it for SMTP user credentials"
         elif [ -z "$SMTP_USER" ] && [ -z "$SMTP_PASSWORD" ]; then
             log_debug "Neither SMTP_USER nor SMTP_PASSWORD are set; skipping creation of secret [$SMTP_USER_SECRET]"
-        elif  [ -z "$SMTP_USER" ] || [ -z "$SMTP_PASSWORD" ]; then
+        elif [ -z "$SMTP_USER" ] || [ -z "$SMTP_PASSWORD" ]; then
             log_error "Complete SMTP Credentials NOT provided; MUST provide BOTH [SMTP_USER] and [SMTP_PASSWORD]"
             log_info "SMTP_USER is set to [$SMTP_USER] and SMTP_PASSWORD is set to [$SMTP_PASSWORD]"
             exit 1
@@ -176,12 +175,11 @@
 
     export AUTOGENERATE_SOURCED="true"
 
-    elif [ "$AUTOGENERATE_SOURCED" == "NotNeeded" ]; then
-        log_debug "autogenerate-include.sh not needed"
-    else
-        log_debug "autogenerate-include.sh was already sourced [$AUTOGENERATE_SOURCED]"
-fi
-
+elif [ "$AUTOGENERATE_SOURCED" == "NotNeeded" ]; then
+    log_debug "autogenerate-include.sh not needed"
+else
+    log_debug "autogenerate-include.sh was already sourced [$AUTOGENERATE_SOURCED]"
+fi
 
 function checkStorageClass {
     # input parms: $1  *Name of env var* identifying storageClass
@@ -197,7 +195,7 @@
         exit 1
     else
         # shellcheck disable=SC2091
-        if $(kubectl get storageClass "$storageClass" -o name &>/dev/null); then
+        if $(kubectl get storageClass "$storageClass" -o name &> /dev/null); then
             log_debug "The specified StorageClass [$storageClass] exists"
         else
             log_error "The specified StorageClass [$storageClass] does NOT exist"
diff bin/colors-include.sh.orig bin/colors-include.sh
--- bin/colors-include.sh.orig
+++ bin/colors-include.sh
@@ -35,67 +35,67 @@
 
 # Foregrounds
 function black {
-  echo -e "${black}${1}${end}" >&3
+    echo -e "${black}${1}${end}" >&3
 }
 
 function blackb {
-  echo -e "${blackb}${1}${end}" >&3
+    echo -e "${blackb}${1}${end}" >&3
 }
 
 function white {
-  echo -e "${white}${1}${end}" >&3
+    echo -e "${white}${1}${end}" >&3
 }
 
 function whiteb {
-  echo -e "${whiteb}${1}${end}" >&3
+    echo -e "${whiteb}${1}${end}" >&3
 }
 
 function red {
-  echo -e "${red}${1}${end}" >&3
+    echo -e "${red}${1}${end}" >&3
 }
 
 function redb {
-  echo -e "${redb}${1}${end}" >&3
+    echo -e "${redb}${1}${end}" >&3
 }
 
 function green {
-  echo -e "${green}${1}${end}" >&3
+    echo -e "${green}${1}${end}" >&3
 }
 
 function greenb {
-  echo -e "${greenb}${1}${end}" >&3
+    echo -e "${greenb}${1}${end}" >&3
 }
 
 function yellow {
-  echo -e "${yellow}${1}${end}" >&3
+    echo -e "${yellow}${1}${end}" >&3
 }
 
 function yellowb {
-  echo -e "${yellowb}${1}${end}" >&3
+    echo -e "${yellowb}${1}${end}" >&3
 }
 
 function blue {
-  echo -e "${blue}${1}${end}" >&3
+    echo -e "${blue}${1}${end}" >&3
 }
 
 function blueb {
-  echo -e "${blueb}${1}${end}" >&3
+    echo -e "${blueb}${1}${end}" >&3
 }
 
 function purple {
-  echo -e "${purple}${1}${end}" >&3
+    echo -e "${purple}${1}${end}" >&3
 }
 
 function purpleb {
-  echo -e "${purpleb}${1}${end}" >&3
+    echo -e "${purpleb}${1}${end}" >&3
 }
 
 function lightblue {
-  echo -e "${lightblue}${1}${end}" >&3
+    echo -e "${lightblue}${1}${end}" >&3
 }
 
 function lightblueb {
-  echo -e "${lightblueb}${1}${end}" >&3
+    echo -e "${lightblueb}${1}${end}" >&3
 }
 
 # Export all the things
diff bin/common.sh.orig bin/common.sh
--- bin/common.sh.orig
+++ bin/common.sh
@@ -6,24 +6,25 @@
 # Current directory must be the root directory of the repo
 
 function trap_add() {
- # based on https://stackoverflow.com/questions/3338030/multiple-bash-traps-for-the-same-signal
- # but: prepends new cmd rather than append it, changed var names and eliminated messages
-
-   local cmd_to_add signal
-
-   cmd_to_add=$1; shift
-   for signal in "$@"; do
-      trap -- "$(
-         # print the new trap command
-         printf '%s\n' "${cmd_to_add}"
-         # helper fn to get existing trap command from output
-         # of trap -p
-         # shellcheck disable=SC2329,SC2317
-         extract_trap_cmd() { printf '%s\n' "$3"; }
-         # print existing trap command with newline
-         eval "extract_trap_cmd $(trap -p "${signal}")"
-      )" "${signal}"
-   done
+    # based on https://stackoverflow.com/questions/3338030/multiple-bash-traps-for-the-same-signal
+    # but: prepends new cmd rather than append it, changed var names and eliminated messages
+
+    local cmd_to_add signal
+
+    cmd_to_add=$1
+    shift
+    for signal in "$@"; do
+        trap -- "$(
+            # print the new trap command
+            printf '%s\n' "${cmd_to_add}"
+            # helper fn to get existing trap command from output
+            # of trap -p
+            # shellcheck disable=SC2329,SC2317
+            extract_trap_cmd() { printf '%s\n' "$3"; }
+            # print existing trap command with newline
+            eval "extract_trap_cmd $(trap -p "${signal}")"
+        )" "${signal}"
+    done
 }
 
 function errexit_msg {
@@ -72,7 +73,10 @@
     export USER_DIR=${USER_DIR:-$(pwd)}
     if [ -d "$USER_DIR" ]; then
         # Resolve full path
-        USER_DIR=$(cd "$(dirname "$USER_DIR")" || exit; pwd)/$(basename "$USER_DIR")
+        USER_DIR=$(
+            cd "$(dirname "$USER_DIR")" || exit
+            pwd
+        )/$(basename "$USER_DIR")
         export USER_DIR
     fi
     if [ -f "$USER_DIR/user.env" ]; then
@@ -122,7 +126,6 @@
     # set TLS Cert Generator (cert-manager|openssl)
     export CERT_GENERATOR="${CERT_GENERATOR:-openssl}"
 
-
     # Set default timeout for kubectl namespace delete command
     export KUBE_NAMESPACE_DELETE_TIMEOUT=${KUBE_NAMESPACE_DELETE_TIMEOUT:-5m}
 
@@ -154,7 +157,7 @@
 
 function checkDefaultStorageClass {
     if [ -z "$defaultStorageClass" ]; then
-    # Check for kubernetes environment conflicts/requirements
+        # Check for kubernetes environment conflicts/requirements
         defaultStorageClass=$(kubectl get storageclass -o jsonpath="{range .items[*]}{.metadata.name}{'\t'}{.metadata.annotations..storageclass\.kubernetes\.io/is-default-class}{'\n'}{end}" | grep true | awk '{print $1}')
         if [ "$defaultStorageClass" ]; then
             log_debug "Found default storageClass: [$defaultStorageClass]"
@@ -198,11 +201,10 @@
     fi
 }
 
-
 function validateNamespace {
     local namespace
     namespace="$1"
-    if [[ "$namespace" =~ ^[a-z0-9]([\-a-z0-9]*[a-z0-9])?$ ]]; then
+    if [[ $namespace =~ ^[a-z0-9]([\-a-z0-9]*[a-z0-9])?$ ]]; then
         log_debug "Namespace [$namespace] passes validation"
     else
         log_error "[$namespace] is not a valid namespace name"
@@ -210,9 +212,9 @@
     fi
 }
 
-
 function randomPassword {
-  date +%s | sha256sum | base64 | head -c 32 ; echo
+    date +%s | sha256sum | base64 | head -c 32
+    echo
 }
 
 function disable_sa_token_automount {
@@ -222,7 +224,7 @@
     should_disable=${SEC_DISABLE_SA_TOKEN_AUTOMOUNT:-true}
 
     if [ "$should_disable" == "true" ]; then
-        if [ -n "$(kubectl -n "$ns" get serviceAccount "$sa_name" -o name 2>/dev/null)" ]; then
+        if [ -n "$(kubectl -n "$ns" get serviceAccount "$sa_name" -o name 2> /dev/null)" ]; then
             log_debug "Disabling automount of API tokens for serviceAccount [$ns/$sa_name]"
             kubectl -n "$ns" patch serviceAccount "$sa_name" -p '{"automountServiceAccountToken":false}'
         else
@@ -244,7 +246,7 @@
         log_debug "Enabling automount of API tokens for pods deployed via [$resource_type/$resource_name]"
 
         if [ "$resource_type" == "daemonset" ] || [ "$resource_type" == "deployment" ]; then
-            kubectl -n "$ns" patch "$resource_type"  "$resource_name" -p '{"spec": {"template": {"spec": {"automountServiceAccountToken":true}}}}'
+            kubectl -n "$ns" patch "$resource_type" "$resource_name" -p '{"spec": {"template": {"spec": {"automountServiceAccountToken":true}}}}'
         else
             log_error "Invalid request to function [${FUNCNAME[0]}]; unsupported resource_type [$resource_type]"
             return 1
@@ -264,11 +266,11 @@
 export -f enable_pod_token_automount
 
 function parseFullImage {
-   # shellcheck disable=SC2034
-   fullImage="$1"
-   unset REGISTRY REPOS IMAGE VERSION FULL_IMAGE_ESCAPED
-
-   if [[ "$1" =~ (.*)\/(.*)\/(.*)\:(.*) ]]; then
+    # shellcheck disable=SC2034
+    fullImage="$1"
+    unset REGISTRY REPOS IMAGE VERSION FULL_IMAGE_ESCAPED
+
+    if [[ $1 =~ (.*)\/(.*)\/(.*)\:(.*) ]]; then
         REGISTRY="${BASH_REMATCH[1]}"
         REPOS="${BASH_REMATCH[2]}"
         IMAGE="${BASH_REMATCH[3]}"
@@ -276,19 +278,18 @@
         # shellcheck disable=SC2034
         FULL_IMAGE_ESCAPED="$REGISTRY\/$REPOS\/$IMAGE\:$VERSION"
         return 0
-   else
+    else
         log_warn "Invalid value for full container image; does not fit expected pattern [$1]."
         return 1
-   fi
-}
-
+    fi
+}
 
 function v4m_replace {
 
     if echo "$OSTYPE" | grep 'darwin' > /dev/null 2>&1; then
-        sed -i '' "s;$1;$2;g"  "$3"
-    else
-        sed -i  "s;$1;$2;g"  "$3"
+        sed -i '' "s;$1;$2;g" "$3"
+    else
+        sed -i "s;$1;$2;g" "$3"
     fi
 }
 
@@ -304,7 +305,7 @@
 
     local pullsecret_text
 
-    if ! parseFullImage "$1";  then
+    if ! parseFullImage "$1"; then
         log_error "Unable to parse full image [$1]"
         return 1
     fi
@@ -316,8 +317,8 @@
     template_file=$2
 
     if [ "$template_file" != "$imageKeysFile" ]; then
-        rm -f  "$imageKeysFile"
-        cp "$template_file"  "$imageKeysFile"
+        rm -f "$imageKeysFile"
+        cp "$template_file" "$imageKeysFile"
     else
         log_debug "Modifying an existing imageKeysFile"
     fi
@@ -349,20 +350,19 @@
     v4m_pullPolicy=${V4M_PULL_POLICY:-"IfNotPresent"}
 
     v4m_replace "__${prefix}GLOBAL_REGISTRY_OSBUG__" "$GLOBAL_REGISTRY_OSBUG" "$imageKeysFile"
-    v4m_replace "__${prefix}GLOBAL_REGISTRY__" "$GLOBAL_REGISTRY"          "$imageKeysFile"
+    v4m_replace "__${prefix}GLOBAL_REGISTRY__" "$GLOBAL_REGISTRY" "$imageKeysFile"
     v4m_replace "__${prefix}IMAGE_REGISTRY__" "$REGISTRY" "$imageKeysFile"
-    v4m_replace "__${prefix}IMAGE_REPO_3LEVEL__"  "$REGISTRY\/$REPOS\/$IMAGE" "$imageKeysFile"
-    v4m_replace "__${prefix}IMAGE_REPO_2LEVEL__"  "$REPOS\/$IMAGE"            "$imageKeysFile"
-    v4m_replace "__${prefix}IMAGE__"              "$IMAGE"                    "$imageKeysFile"
-    v4m_replace "__${prefix}IMAGE_TAG__"          "$VERSION"                  "$imageKeysFile"
-    v4m_replace "__${prefix}IMAGE_PULL_POLICY__"  "$v4m_pullPolicy"           "$imageKeysFile"
-    v4m_replace "__${prefix}IMAGE_PULL_SECRET__"  "$pullsecret_text"          "$imageKeysFile"       #Handle Charts Accepting a Single Image Pull Secret
-    v4m_replace "__${prefix}IMAGE_PULL_SECRETS__" "$pullsecrets_text"         "$imageKeysFile"       #Handle Charts Accepting Multiple Image Pull Secrets
+    v4m_replace "__${prefix}IMAGE_REPO_3LEVEL__" "$REGISTRY\/$REPOS\/$IMAGE" "$imageKeysFile"
+    v4m_replace "__${prefix}IMAGE_REPO_2LEVEL__" "$REPOS\/$IMAGE" "$imageKeysFile"
+    v4m_replace "__${prefix}IMAGE__" "$IMAGE" "$imageKeysFile"
+    v4m_replace "__${prefix}IMAGE_TAG__" "$VERSION" "$imageKeysFile"
+    v4m_replace "__${prefix}IMAGE_PULL_POLICY__" "$v4m_pullPolicy" "$imageKeysFile"
+    v4m_replace "__${prefix}IMAGE_PULL_SECRET__" "$pullsecret_text" "$imageKeysFile"   #Handle Charts Accepting a Single Image Pull Secret
+    v4m_replace "__${prefix}IMAGE_PULL_SECRETS__" "$pullsecrets_text" "$imageKeysFile" #Handle Charts Accepting Multiple Image Pull Secrets
 
     return 0
 }
 
-
 export -f parseFullImage
 export -f v4m_replace
 export -f generateImageKeysFile
diff bin/configure_nodeport.sh.orig bin/configure_nodeport.sh
--- bin/configure_nodeport.sh.orig
+++ bin/configure_nodeport.sh
@@ -3,7 +3,7 @@
 # Copyright ©2022, SAS Institute Inc., Cary, NC, USA.  All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0
 
-cd "$(dirname "$BASH_SOURCE")/.."  || exit
+cd "$(dirname "$BASH_SOURCE")/.." || exit
 source logging/bin/common.sh
 
 #TO DO: Should be done in bin/common?
@@ -22,12 +22,12 @@
 set -e
 
 app=${1}
-arg1=$(echo "$arg1"| tr '[:lower:]' '[:upper:]')
+arg1=$(echo "$arg1" | tr '[:lower:]' '[:upper:]')
 
 arg2=${2}
-arg2=$(echo "$arg2"| tr '[:lower:]' '[:upper:]')
-
-if [[ "$arg2" -ge 30000 ]] && [[ "$arg2" -le 32767 ]]; then
+arg2=$(echo "$arg2" | tr '[:lower:]' '[:upper:]')
+
+if [[ $arg2 -ge 30000 ]] && [[ $arg2 -le 32767 ]]; then
     log_debug "Requested port [$target_port] is within valid range"
     target_port="$arg2"
 elif [ "$arg2" == "0" ]; then
@@ -41,47 +41,47 @@
     exit 1
 fi
 
-app=$(echo "$app"| tr '[:lower:]' '[:upper:]')
+app=$(echo "$app" | tr '[:lower:]' '[:upper:]')
 case "$app" in
-   "OPENSEARCH"|"OS")
-      namespace=$LOG_NS
-      servicename=$ES_SERVICENAME
-      appname="OpenSearch"
-      target_port="${target_port:-0}"
-      ;;
-   "OPENSEARCHDASHBOARDS"|"DASHBOARDS"|"OSD")
-      namespace=$LOG_NS
-      servicename=$KB_SERVICENAME
-      appname="OpenSearchDashboards"
-      target_port="${target_port:-31033}"
-      ;;
-   "ALERTMANAGER"|"AM")
-      namespace=$MON_NS
-      appname="Alertmanager"
-      servicename="v4m-alertmanager"
-      target_port="${target_port:-31091}"
-      ;;
-   "PROMETHEUS"|"PROM"|"PRO"|"PR")
-      namespace=$MON_NS
-      appname="Prometheus"
-      servicename="v4m-prometheus"
-      target_port="${target_port:-31090}"
-      ;;
-   "GRAFANA"|"GRAF"|"GR")
-      namespace=$MON_NS
-      appname="Grafana"
-      servicename="v4m-grafana"
-      target_port="${target_port:-31100}"
-      ;;
-  ""|*)
-      log_error "Application name is invalid or missing."
-      log_error "The APPLICATION NAME is required; valid values are:"
-      log_error "OPENSEARCH, OPENSEARCHDASHBOARDS, GRAFANA, PROMETHEUS or ALERTMANAGER"
-      exit 1
-      ;;
+"OPENSEARCH" | "OS")
+    namespace=$LOG_NS
+    servicename=$ES_SERVICENAME
+    appname="OpenSearch"
+    target_port="${target_port:-0}"
+    ;;
+"OPENSEARCHDASHBOARDS" | "DASHBOARDS" | "OSD")
+    namespace=$LOG_NS
+    servicename=$KB_SERVICENAME
+    appname="OpenSearchDashboards"
+    target_port="${target_port:-31033}"
+    ;;
+"ALERTMANAGER" | "AM")
+    namespace=$MON_NS
+    appname="Alertmanager"
+    servicename="v4m-alertmanager"
+    target_port="${target_port:-31091}"
+    ;;
+"PROMETHEUS" | "PROM" | "PRO" | "PR")
+    namespace=$MON_NS
+    appname="Prometheus"
+    servicename="v4m-prometheus"
+    target_port="${target_port:-31090}"
+    ;;
+"GRAFANA" | "GRAF" | "GR")
+    namespace=$MON_NS
+    appname="Grafana"
+    servicename="v4m-grafana"
+    target_port="${target_port:-31100}"
+    ;;
+"" | *)
+    log_error "Application name is invalid or missing."
+    log_error "The APPLICATION NAME is required; valid values are:"
+    log_error "OPENSEARCH, OPENSEARCHDASHBOARDS, GRAFANA, PROMETHEUS or ALERTMANAGER"
+    exit 1
+    ;;
 esac
 
-if [ "$arg2" == "DISABLE" ];then
+if [ "$arg2" == "DISABLE" ]; then
     log_info "Removing NodePort for [$servicename] in [$LOG_NS]"
     kubectl -n "$namespace" patch svc "$servicename" --type='json' -p '[{"op":"replace","path":"/spec/type","value":"ClusterIP"}]'
     exit
diff bin/helm-include.sh.orig bin/helm-include.sh
--- bin/helm-include.sh.orig
+++ bin/helm-include.sh
@@ -11,9 +11,9 @@
     exit 1
 fi
 
-helmVer=$(helm version --short 2>/dev/null)
+helmVer=$(helm version --short 2> /dev/null)
 # shellcheck disable=SC2116,SC2086,SC2207
-hver=( $(echo ${helmVer//[^0-9]/ }) )
+hver=($(echo ${helmVer//[^0-9]/ }))
 HELM_VER_MAJOR=${hver[0]}
 HELM_VER_MINOR=${hver[1]}
 HELM_VER_PATCH=${hver[2]}
@@ -25,7 +25,7 @@
     exit 1
 fi
 
-if [ "$V4M_HELM_USE_LATEST"  == "true" ]; then
+if [ "$V4M_HELM_USE_LATEST" == "true" ]; then
     log_warn "******This feature is NOT intended for use outside the project maintainers*******"
     log_warn "Environment variable V4M_HELM_USE_LATEST set; deploying *latest* version of all Helm charts"
 fi
@@ -59,9 +59,9 @@
     if [ "$HELM_RELEASE_CHECK" != "false" ]; then
         release=$1
         if helm2ReleaseExists "$release"; then
-        log_error "A Helm 2.x release of [$release] already exists"
-        log_error "Helm [$HELM_VER_FULL] cannot manage the Helm 2.x release of [$release]"
-        exit 1
+            log_error "A Helm 2.x release of [$release] already exists"
+            log_error "Helm [$HELM_VER_FULL] cannot manage the Helm 2.x release of [$release]"
+            exit 1
         fi
     fi
 }
@@ -77,7 +77,7 @@
 
     HELM_FORCE_REPO_UPDATE=${HELM_FORCE_REPO_UPDATE:-true}
     # shellcheck disable=SC1087
-    if [[ ! $(helm repo list 2>/dev/null) =~ $repo[[:space:]] ]]; then
+    if [[ ! $(helm repo list 2> /dev/null) =~ $repo[[:space:]] ]]; then
         log_info "Adding [$repo] helm repository"
         helm repo add "$repo" "$repoURL"
     else
@@ -87,7 +87,7 @@
 
             # Helm 3.3.2 changed 'repo add' behavior and added the --force-update flag
             # https://github.com/helm/helm/releases/tag/v3.3.2
-            if [[  $HELM_VER_MINOR -lt 3 || ( $HELM_VER_MINOR -eq 3 &&  $HELM_VER_PATCH -lt 2) ]]; then
+            if [[ $HELM_VER_MINOR -lt 3 || ($HELM_VER_MINOR -eq 3 && $HELM_VER_PATCH -lt 2) ]]; then
                 helm repo add "$repo" "$repoURL"
             else
                 helm repo add --force-update "$repo" "$repoURL"
@@ -117,9 +117,9 @@
         :
     fi
 
-    if [ "$AIRGAP_HELM_FORMAT"  == "tgz" ]; then
+    if [ "$AIRGAP_HELM_FORMAT" == "tgz" ]; then
         echo "${AIRGAP_HELM_REPO}/${chart_name}-${chart_version}.tgz"
-    elif [ "$AIRGAP_HELM_FORMAT"  == "oci" ]; then
+    elif [ "$AIRGAP_HELM_FORMAT" == "oci" ]; then
         echo "oci://${AIRGAP_HELM_REPO}/${chart_repository}/${chart_name}"
     else
         echo "${chart_repository}/${chart_name}"
@@ -126,8 +126,8 @@
     fi
 }
 function get_helm_versionstring {
-    if [ "$V4M_HELM_USE_LATEST"  == "true" ]; then
-        :  # return null string
+    if [ "$V4M_HELM_USE_LATEST" == "true" ]; then
+        : # return null string
     else
         # Explicitly use printf instead of echo to avoid quote issues
         printf -- "--version %s" "$1"
diff bin/log-include.sh.orig bin/log-include.sh
--- bin/log-include.sh.orig
+++ bin/log-include.sh
@@ -11,120 +11,120 @@
 
 # This must be run without 'set -e' being set
 # So it has to be done up here and not within log_notice
-if [ -z "$TERM" ] || ! tput cols >/dev/null 2>&1 ; then
-  # Non-interactive shell
-  LOG_COLOR_ENABLE=false
-  noticeColWidth=${LOG_NOTICE_COL_WIDTH:-100}
+if [ -z "$TERM" ] || ! tput cols > /dev/null 2>&1; then
+    # Non-interactive shell
+    LOG_COLOR_ENABLE=false
+    noticeColWidth=${LOG_NOTICE_COL_WIDTH:-100}
 else
-  # Terminal width should be accessible
-  noticeColWidth=${LOG_NOTICE_COL_WIDTH:-$(tput cols)}
-  if [ "$noticeColWidth" == "" ]; then
-    noticeColWidth=100
-  fi
+    # Terminal width should be accessible
+    noticeColWidth=${LOG_NOTICE_COL_WIDTH:-$(tput cols)}
+    if [ "$noticeColWidth" == "" ]; then
+        noticeColWidth=100
+    fi
 fi
 
 if [ "$LOG_VERBOSE_ENABLE" != "true" ]; then
-  # Send stdout to /dev/null
-  # All non-error command output (kubectl, helm, etc.) will be suppressed
-  # for non-verbose mode. log_* calls will funtion normally since they are
-  # sent to &3, which is a copy of stdout
-  exec 1>/dev/null
+    # Send stdout to /dev/null
+    # All non-error command output (kubectl, helm, etc.) will be suppressed
+    # for non-verbose mode. log_* calls will funtion normally since they are
+    # sent to &3, which is a copy of stdout
+    exec 1> /dev/null
 fi
 
 function add_notice {
-  echo "$*" >> "$TMP_DIR"/notices.txt
+    echo "$*" >> "$TMP_DIR"/notices.txt
 }
 
 function display_notices {
-  if [ -f "$TMP_DIR/notices.txt" ]; then
-     while IFS= read -r line || [[ -n "$line" ]]; do log_notice "$line"; done <"$TMP_DIR"/notices.txt
- fi
+    if [ -f "$TMP_DIR/notices.txt" ]; then
+        while IFS= read -r line || [[ -n $line ]]; do log_notice "$line"; done < "$TMP_DIR"/notices.txt
+    fi
 }
 
 function log_notice {
-  local msg
-  msg=$1
-  width=$noticeColWidth
-
-  n=$((width - ${#msg}))
-  if [ $n -lt 0 ]; then
-     n=0
-  fi
-  # Fill remaining characters with spaces
-  # shellcheck disable=SC2046
-  text="$*$(printf %$(eval 'echo $n')s |tr ' ' ' ')"
-
-  if [ "$LOG_COLOR_ENABLE" = "true" ]; then
-    whiteb "${bluebg}$text"
-  else
-    echo "$text" >&3
-  fi
+    local msg
+    msg=$1
+    width=$noticeColWidth
+
+    n=$((width - ${#msg}))
+    if [ $n -lt 0 ]; then
+        n=0
+    fi
+    # Fill remaining characters with spaces
+    # shellcheck disable=SC2046
+    text="$*$(printf %$(eval 'echo $n')s | tr ' ' ' ')"
+
+    if [ "$LOG_COLOR_ENABLE" = "true" ]; then
+        whiteb "${bluebg}$text"
+    else
+        echo "$text" >&3
+    fi
 }
 
 function log_message {
-    echo "$*"  >&3
+    echo "$*" >&3
 }
 
 function log_debug {
-  if [ "$LOG_DEBUG_ENABLE" = "true" ]; then
-    if [ "$LOG_LEVEL_ENABLE" = "true" ]; then
-        level="DEBUG "
-    else
-        level=""
-    fi
-    if [ "$LOG_COLOR_ENABLE" = "true" ]; then
-        echo -e "${whiteb}${level}${white}$*${end}" >&3
-    else
-        echo "${level}$*" >&3
-    fi
-  fi
+    if [ "$LOG_DEBUG_ENABLE" = "true" ]; then
+        if [ "$LOG_LEVEL_ENABLE" = "true" ]; then
+            level="DEBUG "
+        else
+            level=""
+        fi
+        if [ "$LOG_COLOR_ENABLE" = "true" ]; then
+            echo -e "${whiteb}${level}${white}$*${end}" >&3
+        else
+            echo "${level}$*" >&3
+        fi
+    fi
 }
 
 function log_info {
-  if [ "$LOG_LEVEL_ENABLE" = "true" ]; then
-    level="INFO "
-  else
-    level=""
-  fi
-  if [ "$LOG_COLOR_ENABLE" = "true" ]; then
-    echo -e "${greenb}${level}${whiteb}$*${end}" >&3
-  else
-    echo "${level}$*" >&3
-  fi
+    if [ "$LOG_LEVEL_ENABLE" = "true" ]; then
+        level="INFO "
+    else
+        level=""
+    fi
+    if [ "$LOG_COLOR_ENABLE" = "true" ]; then
+        echo -e "${greenb}${level}${whiteb}$*${end}" >&3
+    else
+        echo "${level}$*" >&3
+    fi
 }
 
 # Verbose messages are basically optional, more detailed INFO messages
 # The value of LOG_VERBOSE_ENABLE determines whether they are displayed
 function log_verbose {
-  if [ "$LOG_VERBOSE_ENABLE" == "true" ]; then
-		log_info "$*" >&3
-  fi
+    if [ "$LOG_VERBOSE_ENABLE" == "true" ]; then
+        log_info "$*" >&3
+    fi
 }
 
 function log_warn {
-  if [ "$LOG_LEVEL_ENABLE" = "true" ]; then
-    level="WARN "
-  else
-    level=""
-  fi
-  if [ "$LOG_COLOR_ENABLE" = "true" ]; then
-    echo -e "${black}${yellowbg}${level}$*${end}" >&3
-  else
-    echo "${level}$*" >&3
-  fi
+    if [ "$LOG_LEVEL_ENABLE" = "true" ]; then
+        level="WARN "
+    else
+        level=""
+    fi
+    if [ "$LOG_COLOR_ENABLE" = "true" ]; then
+        echo -e "${black}${yellowbg}${level}$*${end}" >&3
+    else
+        echo "${level}$*" >&3
+    fi
 }
 
 function log_error {
-  if [ "$LOG_LEVEL_ENABLE" = "true" ]; then
-    level="ERROR "
-  else
-    level=""
-  fi
-  if [ "$LOG_COLOR_ENABLE" = "true" ]; then
-    echo -e "${whiteb}${redbg}${level}$*${end}" >&3
-  else
-    echo "${level}$*" >&3
-  fi
+    if [ "$LOG_LEVEL_ENABLE" = "true" ]; then
+        level="ERROR "
+    else
+        level=""
+    fi
+    if [ "$LOG_COLOR_ENABLE" = "true" ]; then
+        echo -e "${whiteb}${redbg}${level}$*${end}" >&3
+    else
+        echo "${level}$*" >&3
+    fi
 }
 
 export -f log_notice log_message log_debug log_info log_warn log_error add_notice display_notices log_verbose
diff bin/openshift-include.sh.orig bin/openshift-include.sh
--- bin/openshift-include.sh.orig
+++ bin/openshift-include.sh
@@ -10,36 +10,36 @@
     IFS=$'\n'
 
     # shellcheck disable=SC2207
-    allArr=($(oc version 2>/dev/null))
+    allArr=($(oc version 2> /dev/null))
     IFS=$origIFS
 
-    for (( i=0; i<${#allArr[@]}; i++ )); do
+    for ((i = 0; i < ${#allArr[@]}; i++)); do
         # Split the line into an array
         verArr=("${allArr[$i]}")
         if [ ${#verArr[@]} -eq 3 ]; then
-        verType="${verArr[0]}"
-        ver="${verArr[2]}"
-        if [ "$verType" == "Client" ]; then
-            ver="${verArr[2]}"
-            if [[ $ver =~ v?(([0-9]+)\.([0-9]+)\.([0-9]+)) ]]; then
-                OC_FULL_VERSION=${BASH_REMATCH[1]}
-                OC_MAJOR_VERSION=${BASH_REMATCH[2]}
-                OC_MINOR_VERSION=${BASH_REMATCH[3]}
-                OC_PATCH_VERSION=${BASH_REMATCH[4]}
-            else
-                echo "Unable to parse client version: [$ver]"
-            fi
-        elif [ "$verType" == "Server" ]; then
-            ver="${verArr[2]}"
-            if [[ $ver =~ (([0-9]+)\.([0-9]+)\.([0-9]+)) ]]; then
-                OSHIFT_FULL_VERSION=${BASH_REMATCH[1]}
-                OSHIFT_MAJOR_VERSION=${BASH_REMATCH[2]}
-                OSHIFT_MINOR_VERSION=${BASH_REMATCH[3]}
-                OSHIFT_PATCH_VERSION=${BASH_REMATCH[4]}
-            else
-                echo "Unable to parse server version: [$ver]"
-            fi
-        fi
+            verType="${verArr[0]}"
+            ver="${verArr[2]}"
+            if [ "$verType" == "Client" ]; then
+                ver="${verArr[2]}"
+                if [[ $ver =~ v?(([0-9]+)\.([0-9]+)\.([0-9]+)) ]]; then
+                    OC_FULL_VERSION=${BASH_REMATCH[1]}
+                    OC_MAJOR_VERSION=${BASH_REMATCH[2]}
+                    OC_MINOR_VERSION=${BASH_REMATCH[3]}
+                    OC_PATCH_VERSION=${BASH_REMATCH[4]}
+                else
+                    echo "Unable to parse client version: [$ver]"
+                fi
+            elif [ "$verType" == "Server" ]; then
+                ver="${verArr[2]}"
+                if [[ $ver =~ (([0-9]+)\.([0-9]+)\.([0-9]+)) ]]; then
+                    OSHIFT_FULL_VERSION=${BASH_REMATCH[1]}
+                    OSHIFT_MAJOR_VERSION=${BASH_REMATCH[2]}
+                    OSHIFT_MINOR_VERSION=${BASH_REMATCH[3]}
+                    OSHIFT_PATCH_VERSION=${BASH_REMATCH[4]}
+                else
+                    echo "Unable to parse server version: [$ver]"
+                fi
+            fi
         fi
     done
     log_info "OpenShift client version: $OC_FULL_VERSION"
@@ -49,32 +49,32 @@
     if [ "$OPENSHIFT_VERSION_CHECK" == "true" ]; then
         ## Server Version
         ### Openshift versions that do not start with a 4 should produce an error.
-        if (( OSHIFT_MAJOR_VERSION != 4 )); then
-        log_error "Unsupported OpenShift server version: $OSHIFT_FULL_VERSION"
-        log_error "Version 4.12+ is required"
-        exit 1
+        if ((OSHIFT_MAJOR_VERSION != 4)); then
+            log_error "Unsupported OpenShift server version: $OSHIFT_FULL_VERSION"
+            log_error "Version 4.12+ is required"
+            exit 1
         ### 21FEB24: Openshift 4 versions earlier than 4.12 should produce an error.
-        elif (( OSHIFT_MINOR_VERSION < 12 )); then
-        log_error "Unsupported OpenShift server version: $OSHIFT_FULL_VERSION"
-        log_error "Version 4.12+ is required"
-        exit 1
-        else
-        log_debug "OpenShift server version check OK"
+        elif ((OSHIFT_MINOR_VERSION < 12)); then
+            log_error "Unsupported OpenShift server version: $OSHIFT_FULL_VERSION"
+            log_error "Version 4.12+ is required"
+            exit 1
+        else
+            log_debug "OpenShift server version check OK"
         fi
 
         ## Client Version
         ### Openshift versions that do not start with a 4 should produce an error.
-        if (( OC_MAJOR_VERSION != 4 )); then
-        log_error "Unsupported OpenShift client version: $OC_FULL_VERSION"
-        log_error "Version 4.11+ is required"
-        exit 1
+        if ((OC_MAJOR_VERSION != 4)); then
+            log_error "Unsupported OpenShift client version: $OC_FULL_VERSION"
+            log_error "Version 4.11+ is required"
+            exit 1
         ### Openshift 4 client version must be w/in 1 minor releases of server minimum.
-        elif (( OC_MINOR_VERSION < 11 )); then
-        log_error "Unsupported OpenShift client version: $OC_FULL_VERSION"
-        log_error "Version 4.11+ is required"
-        exit 1
-        else
-        log_debug "OpenShift client version check OK"
+        elif ((OC_MINOR_VERSION < 11)); then
+            log_error "Unsupported OpenShift client version: $OC_FULL_VERSION"
+            log_error "Version 4.11+ is required"
+            exit 1
+        else
+            log_debug "OpenShift client version check OK"
         fi
     fi
 }
@@ -83,12 +83,12 @@
 if [ "$SAS_OPENSHIFT_SOURCED" != "true" ]; then
     if [ "$OPENSHIFT_CLUSTER" == "" ]; then
         # Detect OpenShift cluster
-        if kubectl get ns openshift 2>/dev/null 1>&2; then
-        log_debug "OpenShift detected"
-        OPENSHIFT_CLUSTER="true"
-        else
-        log_debug "OpenShift not detected"
-        OPENSHIFT_CLUSTER="false"
+        if kubectl get ns openshift 2> /dev/null 1>&2; then
+            log_debug "OpenShift detected"
+            OPENSHIFT_CLUSTER="true"
+        else
+            log_debug "OpenShift not detected"
+            OPENSHIFT_CLUSTER="false"
         fi
     else
         log_debug "Skipping OpenShift detection. OPENSHIFT_CLUSTER=[$OPENSHIFT_CLUSTER]"
@@ -96,28 +96,28 @@
 
     if [ "$OPENSHIFT_CLUSTER" == "true" ]; then
         if [ "${OPENSHIFT_OC_CHECK:-true}" == "true" ]; then
-        if ! which oc 1>/dev/null ; then
-            echo "'oc' is required for OpenShift and not found on the current PATH"
-            exit 1
-        fi
-        ocVersionCheck
-
-        # Get base OpenShift route hostname
-        OPENSHIFT_ROUTE_DOMAIN=${OPENSHIFT_ROUTE_DOMAIN:-$(oc get route -n openshift-console console -o 'jsonpath={.spec.host}' | cut -c 27-)}
-        if [ "$OPENSHIFT_ROUTE_DOMAIN" != "" ]; then
-            log_debug "OpenShift route host is [$OPENSHIFT_ROUTE_DOMAIN]"
-        else
-            log_error "Unable to determine OpenShift route host. Set OPENSHIFT_ROUTE_DOMAIN if necessary."
-            exit 1
-        fi
-
-        export OPENSHIFT_ROUTE_DOMAIN
-        export OC_MAJOR_VERSION OC_MINOR_VERSION OC_PATCH_VERSION
-        export OSHIFT_MAJOR_VERSION OSHIFT_MINOR_VERSION OSHIFT_PATCH_VERSION
-        fi
-    else
-    log_debug "OpenShift not detected. Skipping 'oc' checks."
+            if ! which oc 1> /dev/null; then
+                echo "'oc' is required for OpenShift and not found on the current PATH"
+                exit 1
+            fi
+            ocVersionCheck
+
+            # Get base OpenShift route hostname
+            OPENSHIFT_ROUTE_DOMAIN=${OPENSHIFT_ROUTE_DOMAIN:-$(oc get route -n openshift-console console -o 'jsonpath={.spec.host}' | cut -c 27-)}
+            if [ "$OPENSHIFT_ROUTE_DOMAIN" != "" ]; then
+                log_debug "OpenShift route host is [$OPENSHIFT_ROUTE_DOMAIN]"
+            else
+                log_error "Unable to determine OpenShift route host. Set OPENSHIFT_ROUTE_DOMAIN if necessary."
+                exit 1
+            fi
+
+            export OPENSHIFT_ROUTE_DOMAIN
+            export OC_MAJOR_VERSION OC_MINOR_VERSION OC_PATCH_VERSION
+            export OSHIFT_MAJOR_VERSION OSHIFT_MINOR_VERSION OSHIFT_PATCH_VERSION
+        fi
+    else
+        log_debug "OpenShift not detected. Skipping 'oc' checks."
     fi
     export OPENSHIFT_CLUSTER
-  export SAS_OPENSHIFT_SOURCED="true"
+    export SAS_OPENSHIFT_SOURCED="true"
 fi
diff bin/renew-tls-certs.sh.orig bin/renew-tls-certs.sh
--- bin/renew-tls-certs.sh.orig
+++ bin/renew-tls-certs.sh
@@ -16,86 +16,86 @@
 function restart-resources {
     app=$1
     case "$app" in
-        "OPENSEARCH"|"OS")
-            namespace=$LOG_NS
-            resourceName=${OS_RESOURCENAME:-"v4m-search"}
-
-            log_info "Restarting [OpenSearch]"
-            kubectl rollout restart statefulset "$resourceName" -n "$namespace"
-            ;;
-        "OPENSEARCHDASHBOARDS"|"DASHBOARDS"|"OSD")
-            namespace=$LOG_NS
-            resourceName=${OSD_RESOURCENAME:-"v4m-osd"}
-
-            log_info "Restarting [OpenSearch Dashboards]"
-            kubectl rollout restart deployment "$resourceName" -n "$namespace"
-            ;;
-        "ALERTMANAGER"|"AM")
-            namespace=$MON_NS
-            resourceName=${AM_RESOURCENAME:-"alertmanager-v4m-alertmanager"}
-
-            log_info "Restarting [Alertmanager]"
-            kubectl rollout restart statefulset "$resourceName" -n "$namespace"
-            ;;
-        "PROMETHEUS"|"PROM"|"PRO"|"PR")
-            namespace=$MON_NS
-            resourceName=${PROM_RESOURCENAME:-"prometheus-v4m-prometheus"}
-
-            log_info "Restarting [Prometheus]"
-            kubectl rollout restart statefulset "$resourceName" -n "$namespace"
-            ;;
-        "GRAFANA"|"GRAF"|"GR")
-            namespace=$MON_NS
-            resourceName=${GR_RESOURCENAME:-"v4m-grafana"}
-
-            log_info "Restarting [Grafana]"
-            kubectl rollout restart deployment "$resourceName" -n "$namespace"
-            ;;
-        "ALL-MON")
-            namespace=$MON_NS
-            alertmanagerResourceName=${AM_RESOURCENAME:-"alertmanager-v4m-alertmanager"}
-            prometheusResourceName=${PROM_RESOURCENAME:-"prometheus-v4m-prometheus"}
-            grafanaResourceName=${GR_RESOURCENAME:-"v4m-grafana"}
-
-            log_info "Restarting [Alertmanager, Prometheus, Grafana]"
-            kubectl rollout restart statefulset "$alertmanagerResourceName" -n "$namespace"
-            kubectl rollout restart statefulset "$prometheusResourceName" -n "$namespace"
-            kubectl rollout restart deployment "$grafanaResourceName" -n "$namespace"
-            ;;
-        "ALL-LOG")
-            namespace=$LOG_NS
-            osdResourceName=${OSD_RESOURCENAME:-"v4m-osd"}
-            osResourceName=${OS_RESOURCENAME:-"v4m-search"}
-
-            log_info "Restarting [OpenSearch, OpenSearch Dashboards]"
-            kubectl rollout restart deployment "$osdResourceName" -n "$namespace"
-            kubectl rollout restart statefulset "$osResourceName" -n "$namespace"
-            ;;
-        "ALL")
-            logNamespace=$LOG_NS
-            osdResourceName=${OSD_RESOURCENAME:-"v4m-osd"}
-            osResourceName=${OS_RESOURCENAME:-"v4m-search"}
-
-            log_info "Restarting [OpenSearch, OpenSearch Dashboards]"
-            kubectl rollout restart deployment "$osdResourceName" -n "$logNamespace"
-            kubectl rollout restart statefulset "$osResourceName" -n "$logNamespace"
-
-            monNamespace=$MON_NS
-            alertmanagerResourceName=${AM_RESOURCENAME:-"alertmanager-v4m-alertmanager"}
-            prometheusResourceName=${PROM_RESOURCENAME:-"prometheus-v4m-prometheus"}
-            grafanaResourceName=${GR_RESOURCENAME:-"v4m-grafana"}
-
-            log_info "Restarting [Alertmanager, Prometheus, Grafana]"
-            kubectl rollout restart statefulset "$alertmanagerResourceName" -n "$monNamespace"
-            kubectl rollout restart statefulset "$prometheusResourceName" -n "$monNamespace"
-            kubectl rollout restart deployment "$grafanaResourceName" -n "$monNamespace"
-            ;;
-        ""|*)
-            log_error "Must Specify which resources to restart"
-            log_error "Valid values are:"
-            log_error "[OPENSEARCH, OPENSEARCHDASHBOARDS, GRAFANA, PROMETHEUS, ALERTMANAGER, ALL-MON, ALL-LOG, or ALL]"
-            exit 1
-            ;;
+    "OPENSEARCH" | "OS")
+        namespace=$LOG_NS
+        resourceName=${OS_RESOURCENAME:-"v4m-search"}
+
+        log_info "Restarting [OpenSearch]"
+        kubectl rollout restart statefulset "$resourceName" -n "$namespace"
+        ;;
+    "OPENSEARCHDASHBOARDS" | "DASHBOARDS" | "OSD")
+        namespace=$LOG_NS
+        resourceName=${OSD_RESOURCENAME:-"v4m-osd"}
+
+        log_info "Restarting [OpenSearch Dashboards]"
+        kubectl rollout restart deployment "$resourceName" -n "$namespace"
+        ;;
+    "ALERTMANAGER" | "AM")
+        namespace=$MON_NS
+        resourceName=${AM_RESOURCENAME:-"alertmanager-v4m-alertmanager"}
+
+        log_info "Restarting [Alertmanager]"
+        kubectl rollout restart statefulset "$resourceName" -n "$namespace"
+        ;;
+    "PROMETHEUS" | "PROM" | "PRO" | "PR")
+        namespace=$MON_NS
+        resourceName=${PROM_RESOURCENAME:-"prometheus-v4m-prometheus"}
+
+        log_info "Restarting [Prometheus]"
+        kubectl rollout restart statefulset "$resourceName" -n "$namespace"
+        ;;
+    "GRAFANA" | "GRAF" | "GR")
+        namespace=$MON_NS
+        resourceName=${GR_RESOURCENAME:-"v4m-grafana"}
+
+        log_info "Restarting [Grafana]"
+        kubectl rollout restart deployment "$resourceName" -n "$namespace"
+        ;;
+    "ALL-MON")
+        namespace=$MON_NS
+        alertmanagerResourceName=${AM_RESOURCENAME:-"alertmanager-v4m-alertmanager"}
+        prometheusResourceName=${PROM_RESOURCENAME:-"prometheus-v4m-prometheus"}
+        grafanaResourceName=${GR_RESOURCENAME:-"v4m-grafana"}
+
+        log_info "Restarting [Alertmanager, Prometheus, Grafana]"
+        kubectl rollout restart statefulset "$alertmanagerResourceName" -n "$namespace"
+        kubectl rollout restart statefulset "$prometheusResourceName" -n "$namespace"
+        kubectl rollout restart deployment "$grafanaResourceName" -n "$namespace"
+        ;;
+    "ALL-LOG")
+        namespace=$LOG_NS
+        osdResourceName=${OSD_RESOURCENAME:-"v4m-osd"}
+        osResourceName=${OS_RESOURCENAME:-"v4m-search"}
+
+        log_info "Restarting [OpenSearch, OpenSearch Dashboards]"
+        kubectl rollout restart deployment "$osdResourceName" -n "$namespace"
+        kubectl rollout restart statefulset "$osResourceName" -n "$namespace"
+        ;;
+    "ALL")
+        logNamespace=$LOG_NS
+        osdResourceName=${OSD_RESOURCENAME:-"v4m-osd"}
+        osResourceName=${OS_RESOURCENAME:-"v4m-search"}
+
+        log_info "Restarting [OpenSearch, OpenSearch Dashboards]"
+        kubectl rollout restart deployment "$osdResourceName" -n "$logNamespace"
+        kubectl rollout restart statefulset "$osResourceName" -n "$logNamespace"
+
+        monNamespace=$MON_NS
+        alertmanagerResourceName=${AM_RESOURCENAME:-"alertmanager-v4m-alertmanager"}
+        prometheusResourceName=${PROM_RESOURCENAME:-"prometheus-v4m-prometheus"}
+        grafanaResourceName=${GR_RESOURCENAME:-"v4m-grafana"}
+
+        log_info "Restarting [Alertmanager, Prometheus, Grafana]"
+        kubectl rollout restart statefulset "$alertmanagerResourceName" -n "$monNamespace"
+        kubectl rollout restart statefulset "$prometheusResourceName" -n "$monNamespace"
+        kubectl rollout restart deployment "$grafanaResourceName" -n "$monNamespace"
+        ;;
+    "" | *)
+        log_error "Must Specify which resources to restart"
+        log_error "Valid values are:"
+        log_error "[OPENSEARCH, OPENSEARCHDASHBOARDS, GRAFANA, PROMETHEUS, ALERTMANAGER, ALL-MON, ALL-LOG, or ALL]"
+        exit 1
+        ;;
     esac
 }
 
@@ -102,13 +102,13 @@
 function renew-certs {
     app=$1
     case "$app" in
-        "ALL-MON")
-            log_info "Generating new certs for [Alertmanager, Prometheus, Grafana]"
-            log_info "Deleting existing secrets for [Alertmanager, Prometheus, Grafana]"
-
-            for secretName in prometheus-tls-secret alertmanager-tls-secret grafana-tls-secret v4m-root-ca-tls-secret; do
-            if [ -n "$(kubectl get secret -n "$MON_NS" "$secretName" -o name 2>/dev/null)" ]; then
-                if (tls_cert_managed_by_v4m "$MON_NS" "$secretName") then
+    "ALL-MON")
+        log_info "Generating new certs for [Alertmanager, Prometheus, Grafana]"
+        log_info "Deleting existing secrets for [Alertmanager, Prometheus, Grafana]"
+
+        for secretName in prometheus-tls-secret alertmanager-tls-secret grafana-tls-secret v4m-root-ca-tls-secret; do
+            if [ -n "$(kubectl get secret -n "$MON_NS" "$secretName" -o name 2> /dev/null)" ]; then
+                if (tls_cert_managed_by_v4m "$MON_NS" "$secretName"); then
                     kubectl delete secret -n "$MON_NS" $secretName
                 else
                     log_error "[$secretName] is not managed by SAS Viya Monitoring. Delete certs not managed by SAS Viya Monitoring or update certs and restart applications by re-running this script using the [-r] flag"
@@ -115,20 +115,20 @@
                     exit 1
                 fi
             fi
-            done
-
-            log_info "Generating new certs for [Alertmanager, Prometheus, Grafana]"
-            create_tls_certs_openssl "$MON_NS" prometheus alertmanager grafana
-
-            restart-resources "ALL-MON" # WIP: Move restarts to create_tls_certs_openssl function?
-            ;;
-        "ALL-LOG")
+        done
+
+        log_info "Generating new certs for [Alertmanager, Prometheus, Grafana]"
+        create_tls_certs_openssl "$MON_NS" prometheus alertmanager grafana
+
+        restart-resources "ALL-MON" # WIP: Move restarts to create_tls_certs_openssl function?
+        ;;
+    "ALL-LOG")
         log_info "Generating new certs for [OpenSearch, OpenSearch Dashboards]"
         log_info "Deleting existing secrets for [OpenSearch, OpenSearch Dashboards]"
 
-            for secretName in kibana-tls-secret es-transport-tls-secret es-rest-tls-secret es-admin-tls-secret v4m-root-ca-tls-secret; do
-            if [ -n "$(kubectl get secret -n "$LOG_NS" "$secretName" -o name 2>/dev/null)" ]; then
-                if (tls_cert_managed_by_v4m "$LOG_NS" "$secretName") then
+        for secretName in kibana-tls-secret es-transport-tls-secret es-rest-tls-secret es-admin-tls-secret v4m-root-ca-tls-secret; do
+            if [ -n "$(kubectl get secret -n "$LOG_NS" "$secretName" -o name 2> /dev/null)" ]; then
+                if (tls_cert_managed_by_v4m "$LOG_NS" "$secretName"); then
                     kubectl delete secret -n "$LOG_NS" $secretName
                 else
                     log_error "[$secretName] is not managed by SAS Viya Monitoring. Delete certs not managed by SAS Viya Monitoring or update certs and restart applications by re-running this script using the [-r] flag"
@@ -135,18 +135,18 @@
                     exit 1
                 fi
             fi
-            done
-
-            log_info "Generating new certs for [OpenSearch and OpenSearch Dashboards]"
-            create_tls_certs_openssl "$LOG_NS" kibana es-transport es-rest es-admin
-
-            restart-resources "ALL-LOG" # WIP: Move restarts to create_tls_certs_openssl function?
-            ;;
-        ""|*)
-            log_error "Valid target values for certificate renewal:"
-            log_error "[ALL-MON] or [ALL-LOG]"
-            exit 1
-            ;;
+        done
+
+        log_info "Generating new certs for [OpenSearch and OpenSearch Dashboards]"
+        create_tls_certs_openssl "$LOG_NS" kibana es-transport es-rest es-admin
+
+        restart-resources "ALL-LOG" # WIP: Move restarts to create_tls_certs_openssl function?
+        ;;
+    "" | *)
+        log_error "Valid target values for certificate renewal:"
+        log_error "[ALL-MON] or [ALL-LOG]"
+        exit 1
+        ;;
     esac
 }
 
@@ -154,35 +154,35 @@
 
 while getopts 't:rh' OPTION; do
     case "$OPTION" in
-        t)
+    t)
         targetOpt=$OPTARG
         log_info "Target resources: $targetOpt"
         ;;
-        r)
+    r)
         # Restart resource without renewing certs
         restartOnly=true
         log_info "Restarting the target resources without renewing certs"
         ;;
-        h)
+    h)
         log_message "script usage: ./bin/renew-tls-certs.sh [-t [REQUIRED](target resource)] [-r]"
         log_message "-t (REQUIRED) Options: [ALL-MON, ALL-LOG]"
         log_message "-r Only restarts the target resources and does not generate new certs. Useful for those managing their own certs"
         log_message "Running with [-r] allows the following targets [-t]: [OPENSEARCH, OPENSEARCHDASHBOARDS, GRAFANA, PROMETHEUS, ALERTMANAGER, ALL-MON, ALL-LOG, or ALL]"
         ;;
-        ?)
+    ?)
         log_error "script usage: ./bin/renew-tls-certs.sh [-t [REQUIRED](target resource)] [-r]" >&2
         exit 1
         ;;
     esac
 done
-shift "$((OPTIND -1))"
+shift "$((OPTIND - 1))"
 
 if ! [ "$targetOpt" ]; then
-     log_error "Missing required target option, use [-h] to see how to use this script"
+    log_error "Missing required target option, use [-h] to see how to use this script"
 fi
 
 if [ $restartOnly == true ]; then
     restart-resources "$targetOpt"
-    else
+else
     renew-certs "$targetOpt"
 fi
diff bin/service-url-include.sh.orig bin/service-url-include.sh
--- bin/service-url-include.sh.orig
+++ bin/service-url-include.sh
@@ -29,10 +29,10 @@
     object=$2
     jsonpath=$3
 
-    info=$(kubectl -n "$namespace" get "$object" -o=jsonpath="$jsonpath" 2>/dev/null)
+    info=$(kubectl -n "$namespace" get "$object" -o=jsonpath="$jsonpath" 2> /dev/null)
     rc=$?
 
-    if [ -n  "$info" ]; then
+    if [ -n "$info" ]; then
         echo "$info"
     else
         v4m_rc=1
@@ -66,7 +66,7 @@
     namespace=$1
     name=$2
 
-    if [ ! "$(kubectl -n "$namespace"  get ingress/"$name" 2>/dev/null)" ]; then
+    if [ ! "$(kubectl -n "$namespace" get ingress/"$name" 2> /dev/null)" ]; then
         # ingress object does not exist
         v4m_rc=1
         echo ""
@@ -102,7 +102,7 @@
 
     url="$protocol://${host}${porttxt}${path}"
 
-    url="${url%/}"   # strip any trailing "/"
+    url="${url%/}" # strip any trailing "/"
     echo "$url"
 }
 
@@ -130,7 +130,7 @@
     fi
 
     url="$protocol://$host$path"
-    url="${url%/}"   # strip any trailing "/"
+    url="${url%/}" # strip any trailing "/"
 
     echo "$url"
 }
@@ -142,7 +142,7 @@
     service=$2
     tls_enabled=$3
 
-    if [ ! "$(kubectl -n "$namespace" get service/"$service" 2>/dev/null)" ]; then
+    if [ ! "$(kubectl -n "$namespace" get service/"$service" 2> /dev/null)" ]; then
         # ingress object does not exist
         v4m_rc=1
         echo ""
@@ -151,7 +151,7 @@
 
     host="$(kubectl get node --selector='node-role.kubernetes.io/master' | awk 'NR==2 { print $1 }')"
     if [ -z "$host" ]; then
-        host=$(kubectl get nodes | awk 'NR==2 { print $1 }')  # use first node
+        host=$(kubectl get nodes | awk 'NR==2 { print $1 }') # use first node
     fi
 
     port=$(get_k8s_info "$namespace" "service/$service" "$json_service_nodeport")
@@ -174,12 +174,12 @@
     local namespace service use_tls ingress service_type url
 
     namespace=$1
-    service=$2                 # name of service
-    use_tls=$3                 # (optional - NodePort only) use http or https (ingress properties over-ride)
-    ingress=${4:-${service}}   # (optional) name of ingress/route object (default: $service)
+    service=$2               # name of service
+    use_tls=$3               # (optional - NodePort only) use http or https (ingress properties over-ride)
+    ingress=${4:-${service}} # (optional) name of ingress/route object (default: $service)
 
     # is a route defined for this service?
-    if [ "$OPENSHIFT_CLUSTER" == "true" ] && [ "$(kubectl -n "$namespace" get route/"$service" 2>/dev/null)" ]; then
+    if [ "$OPENSHIFT_CLUSTER" == "true" ] && [ "$(kubectl -n "$namespace" get route/"$service" 2> /dev/null)" ]; then
         url=$(get_route_url "$namespace" "$service")
 
         if [ -z "$url" ]; then
diff bin/show_app_url.sh.orig bin/show_app_url.sh
--- bin/show_app_url.sh.orig
+++ bin/show_app_url.sh
@@ -25,7 +25,7 @@
 
 #start looping through services
 servicelist=${*:-"ALL"}
-servicelist=$(echo "$servicelist"| tr '[:lower:]' '[:upper:]')
+servicelist=$(echo "$servicelist" | tr '[:lower:]' '[:upper:]')
 
 if [ "$servicelist" == "ALL" ]; then
     servicelist="GRAFANA OS OSD"
@@ -33,17 +33,16 @@
 
 log_debug "Application URLs requested for [$servicelist]"
 
-for service in $servicelist
-do
-   case  "$service" in
-     OPENSEARCHDASHBOARDS|OPENSEARCHDASHBOARD|OSD)
+for service in $servicelist; do
+    case "$service" in
+    OPENSEARCHDASHBOARDS | OPENSEARCHDASHBOARD | OSD)
         service="OpenSearch Dashboards"
         namespace=${LOG_NS:-"logging"}
         servicename="v4m-osd"
         ingressname="v4m-osd"
-        tls_flag=$(kubectl -n "$namespace" get secret v4m-osd-tls-enabled -o=jsonpath="{.data.enable_tls}" --ignore-not-found |base64 --decode)
-        ;;
-     OPENSEARCH|OS)
+        tls_flag=$(kubectl -n "$namespace" get secret v4m-osd-tls-enabled -o=jsonpath="{.data.enable_tls}" --ignore-not-found | base64 --decode)
+        ;;
+    OPENSEARCH | OS)
         service="OpenSearch"
         namespace=${LOG_NS:-"logging"}
         servicename="v4m-search"
@@ -50,7 +49,7 @@
         ingressname="v4m-search"
         tls_flag="true"
         ;;
-     GRAFANA|GRAF|GR)
+    GRAFANA | GRAF | GR)
         namespace=${MON_NS:-"monitoring"}
         service="Grafana"
         servicename="v4m-grafana"
@@ -57,7 +56,7 @@
         ingressname="v4m-grafana"
         tls_flag="$TLS_ENABLE"
         ;;
-     PROMETHEUS|PROM|PR)
+    PROMETHEUS | PROM | PR)
         namespace=${MON_NS:-"monitoring"}
         service="Prometheus"
         servicename="v4m-prometheus"
@@ -64,7 +63,7 @@
         ingressname="v4m-prometheus"
         tls_flag="$TLS_ENABLE"
         ;;
-     ALERTMANAGER|AM)
+    ALERTMANAGER | AM)
         namespace=${MON_NS:-"monitoring"}
         service="AlertManager"
         servicename="v4m-alertmanager"
@@ -72,31 +71,30 @@
         tls_flag="$TLS_ENABLE"
         ;;
 
-     *)
+    *)
         log_error "Invalid application [$service] specified".
         log_error "Valid values are [GRAFANA, OPENSEARCH, OPENSEARCHDASHBOARDS or ALL]"
         exit 1
         ;;
-   esac
-
-   # get URLs for requested services
-   log_debug "Function call: get_service_url $namespace $servicename $tls_flag $ingressname"
-
-   service_url=$(get_service_url "$namespace" "$servicename"  "$tls_flag" "$ingressname")
-
-   # Print URLs
-   # add_notice "*** $service ***"
-   if [ -n "$service_url" ]; then
+    esac
+
+    # get URLs for requested services
+    log_debug "Function call: get_service_url $namespace $servicename $tls_flag $ingressname"
+
+    service_url=$(get_service_url "$namespace" "$servicename" "$tls_flag" "$ingressname")
+
+    # Print URLs
+    # add_notice "*** $service ***"
+    if [ -n "$service_url" ]; then
         add_notice "  You can access $service via the following URL:"
         add_notice "    $service_url"
         add_notice ""
-   else
+    else
         add_notice "  It was not possible to determine the URL needed to access $service"
         add_notice ""
-   fi
+    fi
 done
 
-
 add_notice " Note: The URL might be incorrect if your Ingress configuration, another network"
 add_notice "       configuration, or both include options that this script does not process."
 add_notice ""
diff bin/tls-include.sh.orig bin/tls-include.sh
--- bin/tls-include.sh.orig
+++ bin/tls-include.sh
@@ -8,7 +8,7 @@
 
 # Determine if cert-manager is available
 
-if [ "$(kubectl get crd certificates.cert-manager.io -o name 2>/dev/null)" ]; then
+if [ "$(kubectl get crd certificates.cert-manager.io -o name 2> /dev/null)" ]; then
     # shellcheck disable=SC2034
     certManagerAvailable="true"
 else
@@ -23,7 +23,7 @@
         return 1
     fi
 
-    if [ "$(kubectl get crd certificates.cert-manager.io -o name 2>/dev/null)" ]; then
+    if [ "$(kubectl get crd certificates.cert-manager.io -o name 2> /dev/null)" ]; then
         cert_manager_ok="true"
         return 0
     else
@@ -32,7 +32,6 @@
     fi
 }
 
-
 function deploy_issuers {
     namespace=$1
     context=$2
@@ -45,11 +44,11 @@
 
     # Create issuers if needed
     # Issuers honor USER_DIR for overrides/customizations
-    if [ -z "$(kubectl get issuer -n "$namespace" selfsigning-issuer -o name 2>/dev/null)" ]; then
+    if [ -z "$(kubectl get issuer -n "$namespace" selfsigning-issuer -o name 2> /dev/null)" ]; then
         log_info "Creating selfsigning-issuer for the [$namespace] namespace..."
         selfsignIssuer=$context/tls/selfsigning-issuer.yaml
         if [ -f "$USER_DIR/$context/tls/selfsigning-issuer.yaml" ]; then
-        selfsignIssuer="$USER_DIR/$context/tls/selfsigning-issuer.yaml"
+            selfsignIssuer="$USER_DIR/$context/tls/selfsigning-issuer.yaml"
         fi
         log_debug "Self-sign issuer yaml is [$selfsignIssuer]"
         kubectl apply -n "$namespace" -f "$selfsignIssuer"
@@ -57,7 +56,7 @@
     else
         log_debug "Using existing $namespace/selfsigning-issuer"
     fi
-    if [ -z "$(kubectl get secret -n "$namespace" ca-certificate-secret -o name 2>/dev/null)" ]; then
+    if [ -z "$(kubectl get secret -n "$namespace" ca-certificate-secret -o name 2> /dev/null)" ]; then
         log_info "Creating self-signed CA certificate for the [$namespace] namespace..."
         caCert=$context/tls/ca-certificate.yaml
         if [ -f "$USER_DIR/$context/tls/ca-certificate.yaml" ]; then
@@ -69,7 +68,7 @@
     else
         log_debug "Using existing $namespace/ca-certificate-secret"
     fi
-    if [ -z "$(kubectl get issuer -n "$namespace" namespace-issuer -o name 2>/dev/null)" ]; then
+    if [ -z "$(kubectl get issuer -n "$namespace" namespace-issuer -o name 2> /dev/null)" ]; then
         log_info "Creating namespace-issuer for the [$namespace] namespace..."
         namespaceIssuer=$context/tls/namespace-issuer.yaml
         if [ -f "$USER_DIR/$context/tls/namespace-issuer.yaml" ]; then
@@ -84,63 +83,62 @@
 }
 
 function deploy_app_cert {
-  namespace=$1
-  context=$2
-  app=$3
-
-  contextDir=${TLS_CONTEXT_DIR:-$context/tls}
-
-  # Create the certificate using cert-manager
-  certyaml=$contextDir/$app-tls-cert.yaml
-  if [ -f "$USER_DIR/$context/tls/$app-tls-cert.yaml" ]; then
-    certyaml="$USER_DIR/$context/tls/$app-tls-cert.yaml"
-  fi
-  log_debug "Creating cert-manager certificate custom resource for [$app] using [$certyaml]"
-  kubectl apply -n "$namespace" -f "$certyaml"
+    namespace=$1
+    context=$2
+    app=$3
+
+    contextDir=${TLS_CONTEXT_DIR:-$context/tls}
+
+    # Create the certificate using cert-manager
+    certyaml=$contextDir/$app-tls-cert.yaml
+    if [ -f "$USER_DIR/$context/tls/$app-tls-cert.yaml" ]; then
+        certyaml="$USER_DIR/$context/tls/$app-tls-cert.yaml"
+    fi
+    log_debug "Creating cert-manager certificate custom resource for [$app] using [$certyaml]"
+    kubectl apply -n "$namespace" -f "$certyaml"
 }
 
 function create_tls_certs_cm {
-  namespace=$1
-  context=$2
-  shift 2
-  apps=("$@")
-
-  deployedIssuers="false"
+    namespace=$1
+    context=$2
+    shift 2
+    apps=("$@")
+
+    deployedIssuers="false"
     # Certs honor USER_DIR for overrides/customizations
-  for app in "${apps[@]}"; do
-    # Only create the secrets if they do not exist
-    TLS_SECRET_NAME=$app-tls-secret
-    if [ -z "$(kubectl get secret -n "$namespace" "$TLS_SECRET_NAME" -o name 2>/dev/null)" ]; then
-        if [ "$deployedIssuers" == "false" ]; then
-          deploy_issuers "$namespace" "$context"
-          deployedIssuers="true"
-        fi
-        deploy_app_cert "$namespace" "$context" "$app"
-    else
-      log_debug "Using existing $TLS_SECRET_NAME for [$app]"
-    fi
-  done
+    for app in "${apps[@]}"; do
+        # Only create the secrets if they do not exist
+        TLS_SECRET_NAME=$app-tls-secret
+        if [ -z "$(kubectl get secret -n "$namespace" "$TLS_SECRET_NAME" -o name 2> /dev/null)" ]; then
+            if [ "$deployedIssuers" == "false" ]; then
+                deploy_issuers "$namespace" "$context"
+                deployedIssuers="true"
+            fi
+            deploy_app_cert "$namespace" "$context" "$app"
+        else
+            log_debug "Using existing $TLS_SECRET_NAME for [$app]"
+        fi
+    done
 }
 
 function create_tls_certs {
-  local namespace context apps
-  namespace=$1
-  context=$2
-  shift 2
-  apps=("$@")
-
-  if [ "$CERT_GENERATOR" == "cert-manager" ]; then
-     create_tls_certs_cm       "$namespace" "$context" "${apps[@]}"
-  elif [ "$CERT_GENERATOR" == "openssl" ]; then
-     create_tls_certs_openssl  "$namespace"          "${apps[@]}"
-  else
-     log_error "Unknown TLS Certificate Generator [$cert-generator] requested."
-     return 1
-  fi
-}
-
-
-function  do_all_secrets_already_exist {
+    local namespace context apps
+    namespace=$1
+    context=$2
+    shift 2
+    apps=("$@")
+
+    if [ "$CERT_GENERATOR" == "cert-manager" ]; then
+        create_tls_certs_cm "$namespace" "$context" "${apps[@]}"
+    elif [ "$CERT_GENERATOR" == "openssl" ]; then
+        create_tls_certs_openssl "$namespace" "${apps[@]}"
+    else
+        log_error "Unknown TLS Certificate Generator [$cert-generator] requested."
+        return 1
+    fi
+}
+
+function do_all_secrets_already_exist {
     namespace="$1"
     shift
     apps=("$@")
@@ -148,84 +146,84 @@
     all_secrets_exist="true"
 
     for app in "${apps[@]}"; do
-      secretName=$app-tls-secret
-      if [ -z "$(kubectl get secret -n "$namespace" "$secretName" -o name 2>/dev/null)" ]; then
-          log_debug "Secret [$namespace/$secretName] not found. Certificate generation is required."
-          all_secrets_exist="false"
-          break
-      else
-        log_debug "Found existing secret $namespace/$secretName"
-      fi
-    done
-
-   if [ "$all_secrets_exist" == "false" ]; then
-      return 1
-   else
-      return 0
-   fi
+        secretName=$app-tls-secret
+        if [ -z "$(kubectl get secret -n "$namespace" "$secretName" -o name 2> /dev/null)" ]; then
+            log_debug "Secret [$namespace/$secretName] not found. Certificate generation is required."
+            all_secrets_exist="false"
+            break
+        else
+            log_debug "Found existing secret $namespace/$secretName"
+        fi
+    done
+
+    if [ "$all_secrets_exist" == "false" ]; then
+        return 1
+    else
+        return 0
+    fi
 }
 
 function verify_cert_generator {
 
-  if [ "$TLS_ENABLE" != "true" ]; then
-     log_debug "TLS is disabled. Skipping verification of certificate generator."
-     return 0
-  fi
-
-  if [ "$cert_generator_ok" == "true" ]; then
-    return 0
-  elif [ "$cert_generator_ok" == "false" ]; then
-    return 1
-  fi
-
-  if do_all_secrets_already_exist "$@"; then
-     log_debug "All required secrets exist. Skipping check for certificate generator check."
-     cert_generator_ok="true"
-     return 0
-  else
-     cert_generator_ok="false"
-  fi
-
-  if [ "$CERT_GENERATOR" == "cert-manager" ]; then
-     verify_cert_manager
-     rc=$?
-  elif [ "$CERT_GENERATOR" == "openssl" ]; then
-    verify_openssl
-    rc=$?
-  else
-     log_error "No TLS certificate generation mechanism defined"
-     return 1
-  fi
-
-  if [ "$rc" == "0" ]; then
-     cert_generator_ok="true"
-  else
-     cert_generator_ok="false"
-  fi
-  return $rc
+    if [ "$TLS_ENABLE" != "true" ]; then
+        log_debug "TLS is disabled. Skipping verification of certificate generator."
+        return 0
+    fi
+
+    if [ "$cert_generator_ok" == "true" ]; then
+        return 0
+    elif [ "$cert_generator_ok" == "false" ]; then
+        return 1
+    fi
+
+    if do_all_secrets_already_exist "$@"; then
+        log_debug "All required secrets exist. Skipping check for certificate generator check."
+        cert_generator_ok="true"
+        return 0
+    else
+        cert_generator_ok="false"
+    fi
+
+    if [ "$CERT_GENERATOR" == "cert-manager" ]; then
+        verify_cert_manager
+        rc=$?
+    elif [ "$CERT_GENERATOR" == "openssl" ]; then
+        verify_openssl
+        rc=$?
+    else
+        log_error "No TLS certificate generation mechanism defined"
+        return 1
+    fi
+
+    if [ "$rc" == "0" ]; then
+        cert_generator_ok="true"
+    else
+        cert_generator_ok="false"
+    fi
+    return $rc
 }
 
 function verify_openssl {
-  if [ "$openssl_ok" == "true" ]; then
-    return 0
-  elif [ "$openssl_ok" == "false" ]; then
-    return 1
-  else
-     # shellcheck disable=SC2034
-     openssl_version="$(which openssl)" 2>/dev/null
-     openssl_available="$?"
-
-     if [ "$openssl_available" == "0" ]; then
-        log_debug "OpenSSL is available to generate missing required certs"
-        openssl_ok="true"
-        return 0
-     else
-        log_error "OpenSSL is NOT available to generate missing required certs"
-        openssl_ok="false"
-        return 1
-     fi
-
-  fi
+    if [ "$openssl_ok" == "true" ]; then
+        return 0
+    elif [ "$openssl_ok" == "false" ]; then
+        return 1
+    else
+        # shellcheck disable=SC2034
+        openssl_version="$(which openssl)" 2> /dev/null
+        openssl_available="$?"
+
+        if [ "$openssl_available" == "0" ]; then
+            log_debug "OpenSSL is available to generate missing required certs"
+            openssl_ok="true"
+            return 0
+        else
+            log_error "OpenSSL is NOT available to generate missing required certs"
+            openssl_ok="false"
+            return 1
+        fi
+
+    fi
 }
 
 function create_cert_secret {
@@ -235,18 +233,18 @@
     secretName="$3"
 
     if [ -z "$secretName" ]; then
-       secretName="${app}-tls-secret"
+        secretName="${app}-tls-secret"
     fi
     log_debug "Storing TLS Cert for [$app] in secret [$secretName] in namespace [$namespace]"
 
-    expiration_date=$(openssl x509 -enddate -noout -in  "$TMP_DIR"/"${app}".pem | awk -F "=" '{print $2}')
+    expiration_date=$(openssl x509 -enddate -noout -in "$TMP_DIR"/"${app}".pem | awk -F "=" '{print $2}')
     # Secret Type: TLS (two sub-parts: cert + key)
     #kubectl -n "$namespace" create secret tls $secretName --cert $TMP_DIR/${app}.pem --key $TMP_DIR/${app}-key.pem
 
     # Secret Type: GENERIC (3 sub-parts: cert + key + CACert)
     kubectl -n "$namespace" create secret generic "$secretName" --from-file=tls.crt=$TMP_DIR/${app}.pem --from-file=tls.key=$TMP_DIR/${app}-key.pem --from-file=ca.crt=$TMP_DIR/root-ca.pem
-    kubectl -n "$namespace" annotate secret "$secretName"  expiration="$expiration_date"
-    kubectl -n "$namespace" label secret "$secretName"  managed-by="v4m" cert-generator="openssl"
+    kubectl -n "$namespace" annotate secret "$secretName" expiration="$expiration_date"
+    kubectl -n "$namespace" label secret "$secretName" managed-by="v4m" cert-generator="openssl"
 
 }
 
@@ -253,35 +251,34 @@
 # Checks if tls cert is or will expire within TLS_CERT_RENEW_WINDOW timeframe
 # Return 1: cert is still valid and will not expire with the given timeframe
 # Return 0: cert is expired or will expire within the given timeframe
-function tls_cert_expired () {
-  namespace="$1"
-  app="$2"
-  secretName="$3"
-
-  cert_window=$((${TLS_CERT_RENEW_WINDOW:-7} * 86400))
-
-  if kubectl get secret -n "$namespace" "$secretName" -o "jsonpath={.data['tls\.crt']}" | base64 -d | openssl x509 -checkend $cert_window -noout 2>/dev/null
-  then
-    return 1
-  else
-    return 0
-  fi
+function tls_cert_expired() {
+    namespace="$1"
+    app="$2"
+    secretName="$3"
+
+    cert_window=$((${TLS_CERT_RENEW_WINDOW:-7} * 86400))
+
+    if kubectl get secret -n "$namespace" "$secretName" -o "jsonpath={.data['tls\.crt']}" | base64 -d | openssl x509 -checkend $cert_window -noout 2> /dev/null; then
+        return 1
+    else
+        return 0
+    fi
 }
 
 # Checks if tls cert is generated and managed by V4M
 # Return 0: TLS cert is managed by V4M
 # Return 1: TLS cert is not managed by V4M
-function tls_cert_managed_by_v4m () {
-  namespace="$1"
-  secretName="$3"
-
-  if [[ "$(kubectl get secret -n "$namespace" "$secretName" --show-labels)" == *"managed-by=v4m"* ]]; then
-    log_debug "TLS Certs are managed by SAS Viya Monitoring"
-    return 0
-  else
-    log_debug "TLS Certs are not managed by SAS Viya Monitoring"
-    return 1
-  fi
+function tls_cert_managed_by_v4m() {
+    namespace="$1"
+    secretName="$3"
+
+    if [[ "$(kubectl get secret -n "$namespace" "$secretName" --show-labels)" == *"managed-by=v4m"* ]]; then
+        log_debug "TLS Certs are managed by SAS Viya Monitoring"
+        return 0
+    else
+        log_debug "TLS Certs are not managed by SAS Viya Monitoring"
+        return 1
+    fi
 }
 
 function create_tls_certs_openssl {
@@ -293,61 +290,59 @@
     cert_life=${OPENSSL_CERT_LIFE:-550}
 
     for app in "${apps[@]}"; do
-      secretName="${app}-tls-secret"
-
-      if [ -n "$(kubectl get secret -n "$namespace" "$secretName" -o name 2>/dev/null)" ]; then
-        if (tls_cert_managed_by_v4m "$namespace" "$secretName") then
-          if ! (tls_cert_expired "$namespace" "$app" "$secretName") then
-            log_debug "TLS Secret for [$app] already exists and cert is not expired; skipping TLS certificate generation."
-            continue
-          else
-            log_info "TLS Secret for [$app] exists but cert has expired or will do so within ${TLS_CERT_RENEW_WINDOW:-7} days"
-            log_info "Renew cert using: renew-tls-certs.sh"
-            # TODO: When certs are expired:
-            # Delete secret and allow cert generation
-            # Get the resource restarted by calling func in renew-tls-certs.sh
-            # kubectl delete secret -n "$namespace" $secretName
-            continue
-          fi
-        else
-          # Cert not managed by SAS Viya Monitoring
-          continue
-        fi
-      fi
-
-      if [ ! -f  "$TMP_DIR"/root-ca-key.pem ]; then
-
-         if [ -n "$(kubectl get secret -n "$namespace" v4m-root-ca-tls-secret -o name 2>/dev/null)" ]; then
-            log_debug "Extracting Root CA cert from secret [v4m-root-ca-tls-secret]"
-            kubectl -n "$namespace" get secret v4m-root-ca-tls-secret -o=jsonpath="{.data.tls\.crt}" |base64 --decode > "$TMP_DIR"/root-ca.pem
-            kubectl -n "$namespace" get secret v4m-root-ca-tls-secret -o=jsonpath="{.data.tls\.key}" |base64 --decode > "$TMP_DIR"/root-ca-key.pem
-         else
-            log_debug "Creating Root CA cert using OpenSSL"
-            cert_subject="/O=v4m/CN=rootca"
-            openssl genrsa -out "$TMP_DIR"/root-ca-key.pem 4096 2>/dev/null
-            openssl req -new -x509 -sha256 -key "$TMP_DIR"/root-ca-key.pem -subj "$cert_subject" -out "$TMP_DIR"/root-ca.pem -days "$cert_life"
-
-            create_cert_secret "$namespace" root-ca v4m-root-ca-tls-secret
-         fi
-
-      else
-         log_debug "Using existing Root CA cert"
-      fi
-
-      log_debug "Creating TLS Cert for [$app] using OpenSSL"
-      cert_subject="/O=v4m/CN=$app"
-      openssl genrsa -out "$TMP_DIR"/"${app}"-key-temp.pem 4096 2>/dev/null
-      openssl pkcs8 -inform PEM -outform PEM -in "$TMP_DIR"/"${app}"-key-temp.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out "$TMP_DIR"/"${app}"-key.pem
-      openssl req -new -key "$TMP_DIR"/"${app}"-key.pem -subj "$cert_subject" -out "$TMP_DIR"/"${app}".csr
-      openssl x509 -req -in "$TMP_DIR"/"${app}".csr -CA "$TMP_DIR"/root-ca.pem  -CAkey "$TMP_DIR"/root-ca-key.pem -CAcreateserial -CAserial "$TMP_DIR"/ca.srl -sha256 -out "$TMP_DIR"/"${app}".pem -days "$cert_life" 2>/dev/null
-
-      create_cert_secret "$namespace" "$app"
-
-    done
-
-
-}
-
+        secretName="${app}-tls-secret"
+
+        if [ -n "$(kubectl get secret -n "$namespace" "$secretName" -o name 2> /dev/null)" ]; then
+            if (tls_cert_managed_by_v4m "$namespace" "$secretName"); then
+                if ! (tls_cert_expired "$namespace" "$app" "$secretName"); then
+                    log_debug "TLS Secret for [$app] already exists and cert is not expired; skipping TLS certificate generation."
+                    continue
+                else
+                    log_info "TLS Secret for [$app] exists but cert has expired or will do so within ${TLS_CERT_RENEW_WINDOW:-7} days"
+                    log_info "Renew cert using: renew-tls-certs.sh"
+                    # TODO: When certs are expired:
+                    # Delete secret and allow cert generation
+                    # Get the resource restarted by calling func in renew-tls-certs.sh
+                    # kubectl delete secret -n "$namespace" $secretName
+                    continue
+                fi
+            else
+                # Cert not managed by SAS Viya Monitoring
+                continue
+            fi
+        fi
+
+        if [ ! -f "$TMP_DIR"/root-ca-key.pem ]; then
+
+            if [ -n "$(kubectl get secret -n "$namespace" v4m-root-ca-tls-secret -o name 2> /dev/null)" ]; then
+                log_debug "Extracting Root CA cert from secret [v4m-root-ca-tls-secret]"
+                kubectl -n "$namespace" get secret v4m-root-ca-tls-secret -o=jsonpath="{.data.tls\.crt}" | base64 --decode > "$TMP_DIR"/root-ca.pem
+                kubectl -n "$namespace" get secret v4m-root-ca-tls-secret -o=jsonpath="{.data.tls\.key}" | base64 --decode > "$TMP_DIR"/root-ca-key.pem
+            else
+                log_debug "Creating Root CA cert using OpenSSL"
+                cert_subject="/O=v4m/CN=rootca"
+                openssl genrsa -out "$TMP_DIR"/root-ca-key.pem 4096 2> /dev/null
+                openssl req -new -x509 -sha256 -key "$TMP_DIR"/root-ca-key.pem -subj "$cert_subject" -out "$TMP_DIR"/root-ca.pem -days "$cert_life"
+
+                create_cert_secret "$namespace" root-ca v4m-root-ca-tls-secret
+            fi
+
+        else
+            log_debug "Using existing Root CA cert"
+        fi
+
+        log_debug "Creating TLS Cert for [$app] using OpenSSL"
+        cert_subject="/O=v4m/CN=$app"
+        openssl genrsa -out "$TMP_DIR"/"${app}"-key-temp.pem 4096 2> /dev/null
+        openssl pkcs8 -inform PEM -outform PEM -in "$TMP_DIR"/"${app}"-key-temp.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out "$TMP_DIR"/"${app}"-key.pem
+        openssl req -new -key "$TMP_DIR"/"${app}"-key.pem -subj "$cert_subject" -out "$TMP_DIR"/"${app}".csr
+        openssl x509 -req -in "$TMP_DIR"/"${app}".csr -CA "$TMP_DIR"/root-ca.pem -CAkey "$TMP_DIR"/root-ca-key.pem -CAcreateserial -CAserial "$TMP_DIR"/ca.srl -sha256 -out "$TMP_DIR"/"${app}".pem -days "$cert_life" 2> /dev/null
+
+        create_cert_secret "$namespace" "$app"
+
+    done
+
+}
 
 export -f verify_cert_manager deploy_issuers deploy_app_cert create_tls_certs_cm
 export -f do_all_secrets_already_exist verify_cert_generator verify_openssl create_cert_secret create_tls_certs_openssl create_tls_certs
diff bin/version-include.sh.orig bin/version-include.sh
--- bin/version-include.sh.orig
+++ bin/version-include.sh
@@ -8,30 +8,30 @@
     touch "$v4mValuesYAML"
 
     # Attempt to obtain current git commit hash
-    gitCommit=$(git rev-parse --short HEAD 2>/dev/null)
+    gitCommit=$(git rev-parse --short HEAD 2> /dev/null)
     if [ -n "$gitCommit" ]; then
         echo "gitCommit: $gitCommit" >> "$v4mValuesYAML"
         gitStatus=$(git status -s | sed 's/^ M/M/' | sed 's/^/  /')
         if [ -n "$gitStatus" ]; then
-        echo "gitStatus: |" >> "$v4mValuesYAML"
-        echo "$gitStatus" >> "$v4mValuesYAML"
+            echo "gitStatus: |" >> "$v4mValuesYAML"
+            echo "$gitStatus" >> "$v4mValuesYAML"
         fi
     fi
 
     # List contents of USER_DIR
-    if ! [[ "$USER_DIR" -ef "$(pwd)" ]]; then
+    if ! [[ $USER_DIR -ef "$(pwd)" ]]; then
         if [ -d "$USER_DIR" ]; then
-        # shellcheck disable=SC2129
-        echo '"user_dir":' >> "$v4mValuesYAML"
-        echo "  path: $USER_DIR" >> "$v4mValuesYAML"
-        echo '  files: |' >> "$v4mValuesYAML"
-        # shellcheck disable=SC2207
-        l=($(find "$USER_DIR" -type f|sort))
-        for (( i=0; i<${#l[@]}; i++ )); do
-            fullPath=${l[i]}
-            path=${fullPath#"$USER_DIR/"}
-            echo "      $path" >> "$v4mValuesYAML"
-        done
+            # shellcheck disable=SC2129
+            echo '"user_dir":' >> "$v4mValuesYAML"
+            echo "  path: $USER_DIR" >> "$v4mValuesYAML"
+            echo '  files: |' >> "$v4mValuesYAML"
+            # shellcheck disable=SC2207
+            l=($(find "$USER_DIR" -type f | sort))
+            for ((i = 0; i < ${#l[@]}; i++)); do
+                fullPath=${l[i]}
+                path=${fullPath#"$USER_DIR/"}
+                echo "      $path" >> "$v4mValuesYAML"
+            done
         fi
 
         # Top-level user.env contents
@@ -115,19 +115,19 @@
     if [ -z "$v4mHelmVersionLines" ]; then
         log_debug "No [$releaseName] release found in [$NS]"
     else
-        for (( i=0; i<${#v4mHelmVersionLines[@]}; i++ )); do
-        line=${v4mHelmVersionLines[$i]}
-        vre='app_version: (([0-9]+).([[0-9]+).([0-9]+)\.?(-.+)?)'
-        sre='status: (.+)'
-        if [[ $line =~ $vre ]]; then
-            # Set
-            releaseVersionFull=${BASH_REMATCH[1]}
-            releaseVersionMajor=${BASH_REMATCH[2]}
-            releaseVersionMinor=${BASH_REMATCH[3]}
-            releaseVersionPatch=${BASH_REMATCH[4]}
-        elif [[ "$line" =~ $sre ]]; then
-            releaseStatus=${BASH_REMATCH[1]}
-        fi
+        for ((i = 0; i < ${#v4mHelmVersionLines[@]}; i++)); do
+            line=${v4mHelmVersionLines[$i]}
+            vre='app_version: (([0-9]+).([[0-9]+).([0-9]+)\.?(-.+)?)'
+            sre='status: (.+)'
+            if [[ $line =~ $vre ]]; then
+                # Set
+                releaseVersionFull=${BASH_REMATCH[1]}
+                releaseVersionMajor=${BASH_REMATCH[2]}
+                releaseVersionMinor=${BASH_REMATCH[3]}
+                releaseVersionPatch=${BASH_REMATCH[4]}
+            elif [[ $line =~ $sre ]]; then
+                releaseStatus=${BASH_REMATCH[1]}
+            fi
         done
 
     fi
@@ -156,4 +156,3 @@
     export -f deployV4MInfo removeV4MInfo getHelmReleaseVersion
     export V4M_VERSION_INCLUDE=true
 fi
-
----------

You can reformat the above files to meet shfmt's requirements by typing:

  shfmt -s -i 4 -bn -sr -ln bash -w filename

[github-actions]

sh-checker report

To get the full details, please check in the job output.

shellcheck errors

'shellcheck -e SC1004' returned error 1 finding the following syntactical issues:

----------

In bin/tls-include.sh line 245:
    kubectl -n "$namespace" create secret generic "$secretName" --from-file=tls.crt="$TMP_DIR"/"${app}".pem --from-file=tls.key=$TMP_DIR/${app}-key.pem --from-file=ca.crt=$TMP_DIR/root-ca.pem
                                                                                                                                ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                                         ^----^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                                                                                           ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
    kubectl -n "$namespace" create secret generic "$secretName" --from-file=tls.crt="$TMP_DIR"/"${app}".pem --from-file=tls.key="$TMP_DIR"/"${app}"-key.pem --from-file=ca.crt="$TMP_DIR"/root-ca.pem

For more information:
  https://www.shellcheck.net/wiki/SC2086 -- Double quote to prevent globbing ...
----------

You can address the above issues in one of three ways:
1. Manually correct the issue in the offending shell script;
2. Disable specific issues by adding the comment:
  # shellcheck disable=NNNN
above the line that contains the issue, where NNNN is the error code;
3. Add '-e NNNN' to the SHELLCHECK_OPTS setting in your .yml action file.

shfmt errors

'shfmt -s -i 4 -bn -sr -ln bash' returned error 1 finding the following formatting issues:

----------
diff bin/log-include.sh.orig bin/log-include.sh
--- bin/log-include.sh.orig
+++ bin/log-include.sh
@@ -46,7 +46,7 @@
     msg=$1
     width=$noticeColWidth
 
-    n=$((width - ${#msg} -1))
+    n=$((width - ${#msg} - 1))
     if [ $n -lt 0 ]; then
         n=0
     fi
----------

You can reformat the above files to meet shfmt's requirements by typing:

  shfmt -s -i 4 -bn -sr -ln bash -w filename

[vishaanS]

Changes look consistent throughout, LGTM

[ceelias]

Just curious what this change is here? Do we not actually need these lines?

[gsmith-sas]

We originally had lines assigning these variables the values already assigned to them (e.g. SMTP_HOST="${SMTP_HOST}"). Why? Mostly they were artifacts of the early implementation work, as we sorted out what parameters were needed..but the lines also clarified what inputs this functionality required or used. When shellck flagged them, I thought the latter reason was still valid and added the shellcheck disable comments. But, later when looking over things one more time, I decided that keeping the line AND adding the disabling quotes was silly and the documentation objective could be achieved more cleanly with comments. Which is what we ended up with. I don't like the idea of code responding to apparently random environment variables. Documenting which environment variables are intended to influence behavior seems "better".