Merge pull request #514 from xmidt-org/yaml-lint

chore:Enable yaml linting.

.codecov.yml

@@ -1,5 +1,6 @@
-## SPDX-FileCopyrightText: 2022 Comcast Cable Communications Management, LLC
-## SPDX-License-Identifier: Apache-2.0
+# SPDX-FileCopyrightText: 2022 Comcast Cable Communications Management, LLC
+# SPDX-License-Identifier: Apache-2.0
+---
 coverage:
   range: 50..80
   round: down

.github/dependabot.yml

@@ -7,13 +7,14 @@ updates:
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
-      # Check for updates to GitHub Actions every week
+      # Check for updates to GitHub Actions every day
       interval: "daily"
     labels:
       - "dependencies"
     commit-message:
       prefix: "chore"
       include: "scope"
+    open-pull-requests-limit: 10
 
   - package-ecosystem: gomod
     directory: /
@@ -22,5 +23,6 @@ updates:
     labels:
       - "dependencies"
     commit-message:
-      prefix: "feat"
+      prefix: "chore"
       include: "scope"
+    open-pull-requests-limit: 10

.github/workflows/ci.yml

@@ -33,4 +33,5 @@ jobs:
         .release/docker
         LICENSE
         NOTICE
+      yaml-lint-skip: false
     secrets: inherit

.release/docker/tr1d1um_spruce.yaml

@@ -94,7 +94,7 @@ logging:
   encoderConfig:
     messageKey: msg
     levelKey: level
-  # reducedLoggingResponseCodes allows disabling verbose transaction logs for 
+  # reducedLoggingResponseCodes allows disabling verbose transaction logs for
   # benign responses from the target server given HTTP status codes.
   # (Optional)
   # reducedLoggingResponseCodes: [200, 504]
@@ -105,25 +105,25 @@ logging:
 # webhookStore provides configuration for storing and obtaining webhook
 # information using argus.
 webhook:
-  # disablePartnerIDs, if true, will allow webhooks to register without 
+  # disablePartnerIDs, if true, will allow webhooks to register without
   # checking the validity of the partnerIDs in the request
   # Defaults to 'false'.
   disablePartnerIDs: false
 
-  # validation provides options for validating the webhook's URL and TTL 
-  # related fields. Some validation happens regardless of the configuration: 
-  # URLs must be a valid URL structure, the Matcher.DeviceID values must 
-  # compile into regular expressions, and the Events field must have at 
-  # least one value and all values must compile into regular expressions. 
+  # validation provides options for validating the webhook's URL and TTL
+  # related fields. Some validation happens regardless of the configuration:
+  # URLs must be a valid URL structure, the Matcher.DeviceID values must
+  # compile into regular expressions, and the Events field must have at
+  # least one value and all values must compile into regular expressions.
   validation:
-    # url provides options for additional validation of the webhook's 
+    # url provides options for additional validation of the webhook's
     # Config.URL, FailureURL, and Config.AlternativeURLs fields.
     url:
       # httpsOnly will allow only URLs with https schemes through if true.
       # (Optional). Defaults to 'false'.
       httpsOnly: false
 
-      # allowLoopback will allow any canonical or IP loopback address if 
+      # allowLoopback will allow any canonical or IP loopback address if
       # true. Otherwise, loopback addresses are considered invalid.
       # (Optional). Defaults to 'false'.
       allowLoopback: true
@@ -132,42 +132,42 @@ webhook:
       # (Optional). Defaults to 'false'.
       allowIP: true
 
-      # allowSpecialUseHosts allows URLs that include reserved domains if set to true.  
+      # allowSpecialUseHosts allows URLs that include reserved domains if set to true.
       # Read more here: https://en.wikipedia.org/wiki/Top-level_domain#Reserved_domains
       # (Optional). Defaults to 'false'.
       allowSpecialUseHosts: true
 
-      # allowSpecialUseIPs, if set to true, allows URLs that contain or route to IPs that have 
+      # allowSpecialUseIPs, if set to true, allows URLs that contain or route to IPs that have
       # been marked as reserved through various RFCs: rfc6761, rfc6890, rfc8190.
       # (Optional). Defaults to 'false'.
       allowSpecialUseIPs: true
 
-      # invalidHosts is a slice that contains strings that we do not want 
+      # invalidHosts is a slice that contains strings that we do not want
       # allowed in URLs, providing a way to deny certain domains or hostnames.
       # (Optional). Defaults to an empty slice.
       invalidHosts: []
 
-      # invalidSubnets is a list of IP subnets.  If a URL contains an 
-      # IP or resolves to an IP in one of these subnets, the webhook is 
+      # invalidSubnets is a list of IP subnets.  If a URL contains an
+      # IP or resolves to an IP in one of these subnets, the webhook is
       # considered invalid.
       # (Optional). Defaults to an empty slice.
       invalidSubnets: []
 
-    # ttl provides information for what is considered valid for time-related 
-    # fields (Duration and Until) in the webhook.  A webhook set to expire 
-    # too far in the future is considered invalid, while a time in the past 
-    # is considered equivalent to a request to delete the webhook.  
-    # Regardless of this configuration, either Until or Duration must have a 
+    # ttl provides information for what is considered valid for time-related
+    # fields (Duration and Until) in the webhook.  A webhook set to expire
+    # too far in the future is considered invalid, while a time in the past
+    # is considered equivalent to a request to delete the webhook.
+    # Regardless of this configuration, either Until or Duration must have a
     # non-zero value.
     ttl:
-      # max is the length of time a webhook is allowed to live.  The Duration 
-      # cannot be larger than this value, and the Until value cannot be set 
+      # max is the length of time a webhook is allowed to live.  The Duration
+      # cannot be larger than this value, and the Until value cannot be set
       # later than the current time + max + jitter.
       max: (( grab $WEBHOOK_MAX_TTL || "1m" ))
 
-      # jitter is the buffer time added when checking that the Until value is 
-      # valid.  If there is a slight clock skew between servers or some delay 
-      # in the http request, jitter should help account for that when ensuring 
+      # jitter is the buffer time added when checking that the Until value is
+      # valid.  If there is a slight clock skew between servers or some delay
+      # in the http request, jitter should help account for that when ensuring
       # that Until is not a time too far in the future.
       jitter: (( grab $WEBHOOK_TTL_JITTER || "10s" ))
 
@@ -177,7 +177,7 @@ webhook:
   # Raw: parser assumes all of the token payload == JWT token
   # (Optional). Defaults to 'simple'.
   JWTParserType: (( grab $WEBHOOK_JWT_PARSER_TYPE || "raw" ))
-  BasicClientConfig: 
+  BasicClientConfig:
     # listen is the subsection that configures the listening feature of the argus client
     # (Optional)
     listen:
@@ -243,32 +243,32 @@ authx:
     basic: ["dXNlcjpwYXNz"]
 
 # capabilityCheck provides the details needed for checking an incoming JWT's
-# capabilities.  If the type of check isn't provided, no checking is done.  The 
-# type can be "monitor" or "enforce".  If it is empty or a different value, no 
-# checking is done.  If "monitor" is provided, the capabilities are checked but 
-# the request isn't rejected when there isn't a valid capability for the 
-# request. Instead, a message is logged.  When "enforce" is provided, a request 
+# capabilities.  If the type of check isn't provided, no checking is done.  The
+# type can be "monitor" or "enforce".  If it is empty or a different value, no
+# checking is done.  If "monitor" is provided, the capabilities are checked but
+# the request isn't rejected when there isn't a valid capability for the
+# request. Instead, a message is logged.  When "enforce" is provided, a request
 # that doesn't have the needed capability is rejected.
 #
 # The capability is expected to have the format:
 #
 # {prefix}{endpoint}:{method}
 #
-# The prefix can be a regular expression.  If it's empty, no capability check 
+# The prefix can be a regular expression.  If it's empty, no capability check
 # is done.  The endpoint is a regular expression that should match the endpoint
-# the request was sent to. The method is usually the method of the request, such as 
-# GET.  The accept all method is a catchall string that indicates the capability 
+# the request was sent to. The method is usually the method of the request, such as
+# GET.  The accept all method is a catchall string that indicates the capability
 # is approved for all methods.
 # (Optional)
 # capabilityCheck:
 #   # type provides the mode for capability checking.
 #   type: "enforce"
 #   # prefix provides the regex to match the capability before the endpoint.
 #   prefix: "prefix Here"
-#   # acceptAllMethod provides a way to have a capability that allows all 
+#   # acceptAllMethod provides a way to have a capability that allows all
 #   # methods for a specific endpoint.
 #   acceptAllMethod: "all"
-#   # endpointBuckets provides regular expressions to use against the request 
+#   # endpointBuckets provides regular expressions to use against the request
 #   # endpoint in order to group requests for a metric label.
 #   endpointBuckets:
 #     - "hook\\b"
@@ -287,8 +287,8 @@ targetURL: (( grab  $XMIDT_CLUSTER || "http://scytale:6300/api/v3" ))
 # WRPSource is used as 'source' field for all outgoing WRP Messages
 WRPSource: "dns:tr1d1um.example.com"
 
-# supportedServices is a list of endpoints we support for the WRP producing endpoints 
-# we will soon drop this configuration 
+# supportedServices is a list of endpoints we support for the WRP producing endpoints
+# we will soon drop this configuration
 supportedServices:
   - "config"
 
@@ -299,7 +299,7 @@ supportedServices:
 # timeouts that apply to the Argus HTTP client.
 # (Optional) By default, the values below will be used.
 argusClientTimeout:
-  # clientTimeout is the timeout for requests made through this 
+  # clientTimeout is the timeout for requests made through this
   # HTTP client. This timeout includes connection time, any
   # redirects, and reading the response body.
   clientTimeout: 50s
@@ -311,12 +311,12 @@ argusClientTimeout:
 # timeouts that apply to the XMiDT HTTP client.
 # (Optional) By default, the values below will be used.
 xmidtClientTimeout:
-  # clientTimeout is the timeout for the requests made through this 
+  # clientTimeout is the timeout for the requests made through this
   # HTTP client. This timeout includes connection time, any
   # redirects, and reading the response body.
   clientTimeout: 135s
 
-  # requestTimeout is the timeout imposed on requests made by this client 
+  # requestTimeout is the timeout imposed on requests made by this client
   # through context cancellation.
   # TODO since clientTimeouts are implemented through context cancellations,
   # we might not need this.
@@ -327,10 +327,10 @@ xmidtClientTimeout:
   netDialerTimeout: 5s
 
 
-# requestRetryInterval is the time between HTTP request retries against XMiDT 
+# requestRetryInterval is the time between HTTP request retries against XMiDT
 requestRetryInterval: "2s"
 
-# requestMaxRetries is the max number of times an HTTP request is retried against XMiDT in 
+# requestMaxRetries is the max number of times an HTTP request is retried against XMiDT in
 # case of ephemeral errors
 requestMaxRetries: 2
 
@@ -341,21 +341,21 @@ authToken: (( grab $AUTH_TOKEN || "dXNlcjpwYXNz" ))
 # requests to XMiDT. If both types are configured, JWT will be preferred.
 # (Optional)
 authAcquirer:
-  # JWT: 
+  # JWT:
   #   # requestHeaders are added to the request for the token.
   #   # (Optional)
   #   # requestHeaders:
-  #   #   "": "" 
+  #   #   "": ""
 
   #   # authURL is the URL to access for the token.
   #   authURL: ""
 
-  #   # timeout is how long the request to get the token will take before 
+  #   # timeout is how long the request to get the token will take before
   #   # timing out.
   #   timeout: "1m"
 
   #   # buffer is the length of time before a token expires to get a new token.
-  #   buffer: "2m"  
+  #   buffer: "2m"
 
   Basic:  (( concat "Basic " authToken ))
 

.release/helm/tr1d1um/templates/tr1d1um.yaml

@@ -1,14 +1,15 @@
-## SPDX-FileCopyrightText: 2022 Comcast Cable Communications Management, LLC
-## SPDX-License-Identifier: Apache-2.0
+# SPDX-FileCopyrightText: 2022 Comcast Cable Communications Management, LLC
+# SPDX-License-Identifier: Apache-2.0
+---
 apiVersion: v1
 data:
   tr1d1um.yaml: |
     ########################################
     #   Labeling/Tracing via HTTP Headers Configuration
     ########################################
 
-    # The unique fully-qualified-domain-name of the server.  It is provided to 
-    # the X-Tr1d1um-Server header for showing what server fulfilled the request 
+    # The unique fully-qualified-domain-name of the server.  It is provided to
+    # the X-Tr1d1um-Server header for showing what server fulfilled the request
     # sent.
     # (Optional)
     server: "tr1d1um-local-instance-123.example.com"
@@ -36,7 +37,7 @@ data:
     # WebPA Service configuration
     ##############################################################################
 
-    # For a complete view of the service config structure, 
+    # For a complete view of the service config structure,
     # checkout https://godoc.org/github.com/xmidt-org/webpa-common/server#WebPA
 
     ########################################
@@ -116,19 +117,19 @@ data:
 
 
     ##############################################################################
-    # Webhooks Related configuration 
+    # Webhooks Related configuration
     ##############################################################################
 
     # webhooksEnabled indicates whether or not the webhooks server should be started
     # It is disabled for local testing
     webhooksEnabled: false
 
     # The unique fully-qualified-domain-name of the server.  The webhooks library uses it
-    # to know which host to use to confirm this service is ready to receive events 
+    # to know which host to use to confirm this service is ready to receive events
     # (Optional if not running webhooks)
     fqdn: "tr1d1um-local-instance-123.example.com"
 
-    # start contains configuration for the logic by which Tr1d1um can 
+    # start contains configuration for the logic by which Tr1d1um can
     # fetch the current WebPA webhooks without having to wait for SNS
     # It does so by pinging the rest of the cluter at the specified apiPath
     # More details at https://godoc.org/github.com/xmidt-org/webpa-common/webhook#StartConfig
@@ -140,7 +141,7 @@ data:
       apiPath: http://tr1d1um:6100/hooks
 
     ########################################
-    # Webhooks DNS readiness Configuration 
+    # Webhooks DNS readiness Configuration
     ########################################
 
     # WaitForDns is the duration the webhooks library will wait for this server's DNS record to be
@@ -150,10 +151,10 @@ data:
     #soa stands for Start of Authority and it's a type of record in a DNS
     soa:
       # provider is the SOA provider used to verify DNS record readiness of this service
-      provider: "example-123.awsdns-00.com:17" 
+      provider: "example-123.awsdns-00.com:17"
 
     ########################################
-    # Webhooks AWS SNS Configuration 
+    # Webhooks AWS SNS Configuration
     ########################################
 
     # aws provides the AWS SNS configurations the webhooks library needs
@@ -167,11 +168,11 @@ data:
       env: local-dev
 
       sns:
-        # awsEndpoint is the AWS endpoint 
+        # awsEndpoint is the AWS endpoint
         # this must be left out in produ
         awsEndpoint: http://goaws:4100
 
-        #region is the AWS SNS region 
+        #region is the AWS SNS region
         region: "us-east-1"
 
         # topicArn describes the SNS topic this server needs to subscribe to
@@ -201,14 +202,14 @@ data:
     # WRP and XMiDT Cloud configurations
     ##############################################################################
 
-    # targetURL is the base URL of the XMiDT cluster 
+    # targetURL is the base URL of the XMiDT cluster
     targetURL: http://scytale:6300
 
     # WRPSource is used as 'source' field for all outgoing WRP Messages
     WRPSource: "dns:tr1d1um.example.com"
 
-    # supportedServices is a list of endpoints we support for the WRP producing endpoints 
-    # we will soon drop this configuration 
+    # supportedServices is a list of endpoints we support for the WRP producing endpoints
+    # we will soon drop this configuration
     supportedServices:
       - "config"
 
@@ -226,10 +227,10 @@ data:
     # netDialerTimeout is the timeout used for the net dialer used within HTTP clients
     netDialerTimeout: "5s"
 
-    # requestRetryInterval is the time between HTTP request retries against XMiDT 
+    # requestRetryInterval is the time between HTTP request retries against XMiDT
     requestRetryInterval: "2s"
 
-    # requestMaxRetries is the max number of times an HTTP request is retried against XMiDT in 
+    # requestMaxRetries is the max number of times an HTTP request is retried against XMiDT in
     # case of ephemeral errors
     requestMaxRetries: 2
 kind: ConfigMap
@@ -327,4 +328,4 @@ spec:
       {{ if (.Values.imagePullSecretName) }}
       imagePullSecrets:
         - name: {{ .Values.imagePullSecretName }}}
-      {{ end }}
+      {{ end }}