refactor: shell to prevent globbing and word splitting (#3829)

* refactors scripts/create-e2e-infrastruture sh

Signed-off-by: afzal442 <afzal442@gmail.com>

* refactors scripts/deploy-controller.sh

Signed-off-by: afzal442 <afzal442@gmail.com>

* refactors scripts/generate-server-cert.sh

Signed-off-by: afzal442 <afzal442@gmail.com>

* minor changes

Signed-off-by: afzal442 <afzal442@gmail.com>

Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>

scripts/create-e2e-infrastruture.sh

@@ -5,23 +5,23 @@ pwd=$(pwd)
 hash=$(git describe --match "[0-9].[0-9]-dev*")
 #
 ## Install Kind
-curl -Lo $pwd/kind https://kind.sigs.k8s.io/dl/v0.11.0/kind-linux-amd64
-chmod a+x $pwd/kind
+curl -Lo "$pwd"/kind https://kind.sigs.k8s.io/dl/v0.11.0/kind-linux-amd64
+chmod a+x "$pwd"/kind
 
 ## Create Kind Cluster
 if [ -z "${KIND_IMAGE}" ]; then
-    $pwd/kind create cluster
+    "$pwd"/kind create cluster
 else
-    $pwd/kind create cluster --image="${KIND_IMAGE}"
+    "$pwd"/kind create cluster --image="${KIND_IMAGE}"
 fi
 
-$pwd/kind load docker-image ghcr.io/kyverno/kyverno:$hash
-$pwd/kind load docker-image ghcr.io/kyverno/kyvernopre:$hash
+"$pwd"/kind load docker-image ghcr.io/kyverno/kyverno:"$hash"
+"$pwd"/kind load docker-image ghcr.io/kyverno/kyvernopre:"$hash"
 
 pwd=$(pwd)
-cd $pwd/config
+cd "$pwd"/config
 echo "Installing kustomize"
 curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh"  | bash
-kustomize edit set image ghcr.io/kyverno/kyverno:$hash
-kustomize edit set image ghcr.io/kyverno/kyvernopre:$hash
-kustomize build $pwd/config/ -o $pwd/config/install.yaml
+kustomize edit set image ghcr.io/kyverno/kyverno:"$hash"
+kustomize edit set image ghcr.io/kyverno/kyvernopre:"$hash"
+kustomize build "$pwd"/config/ -o "$pwd"/config/install.yaml

scripts/deploy-controller.sh

@@ -45,7 +45,7 @@ else # controller should be launched within a cluster
   secret_name="${project_name}-secret"
   echo "Generating secret ${secret_name}..."
   kubectl delete secret "${secret_name}" 2>/dev/null
-  kubectl create secret generic ${secret_name} --namespace ${namespace} --from-file=./certs || exit 3
+  kubectl create secret generic "${secret_name}" --namespace "${namespace}" --from-file=./certs || exit 3
 
   echo "Creating the service ${service_name}..."
   kubectl delete -f crd/service.yaml

scripts/generate-server-cert.sh

@@ -28,7 +28,7 @@ if [ ! -d "$destdir" ]; then
 fi
 tmpdir=$(mktemp -d)
 
-cat <<EOF >> ${tmpdir}/csr.conf
+cat <<EOF >> "${tmpdir}/csr.conf"
 [req]
 req_extensions = v3_req
 distinguished_name = req_distinguished_name
@@ -57,32 +57,32 @@ if [ ! -z "${service}" ]; then
     subjectCN="${service}"
   fi
 else
-  subjectCN=${serverIp}
+  subjectCN="${serverIp}"
 fi
 echo "Generating certificate for CN=${subjectCN}"
-openssl req -new -key ${destdir}/server-key.pem -subj "/CN=${subjectCN}" -out ${tmpdir}/server.csr -config ${tmpdir}/csr.conf || exit 3
+openssl req -new -key "${destdir}/server-key.pem" -subj "/CN=${subjectCN}" -out "${tmpdir}/server.csr" -config "${tmpdir}/csr.conf" || exit 3
 
 CSR_NAME=${service}.cert-request
-kubectl delete csr ${CSR_NAME} 2>/dev/null
+kubectl delete csr "${CSR_NAME}" 2>/dev/null
 
 cat <<EOF | kubectl create -f -
 apiVersion: certificates.k8s.io/v1beta1
 kind: CertificateSigningRequest
 metadata:
-  name: ${CSR_NAME}
+  name: "${CSR_NAME}"
 spec:
   groups:
   - system:authenticated
-  request: $(cat ${tmpdir}/server.csr | base64 | tr -d '\n')
+  request: $(cat "${tmpdir}/server.csr" | base64 | tr -d '\n')
   usages:
   - digital signature
   - key encipherment
   - server auth
 EOF
 
-kubectl certificate approve ${CSR_NAME} || exit 4
-kubectl get csr ${CSR_NAME} -o jsonpath='{.status.certificate}' | base64 --decode > ${outCertFile} || exit 5
+kubectl certificate approve "${CSR_NAME}" || exit 4
+kubectl get csr "${CSR_NAME}" -o jsonpath='{.status.certificate}' | base64 --decode > "${outCertFile}" || exit 5
 
 echo "Generated:"
-echo ${outKeyFile}
-echo ${outCertFile}
+echo "${outKeyFile}"
+echo "${outCertFile}"