Fix various typos found by codespell

Found by running this command:

codespell -S .git,*.png,go.sum -L keypair,iam,ans,unknwon,tage,ths,creater

Signed-off-by: Mateusz Gozdek <mgozdekof@gmail.com>

build/container.bzl

@@ -40,7 +40,7 @@ load("@bazel_tools//tools/build_defs/pkg:pkg.bzl", "pkg_tar")
 #     The format string {ARCH} will be replaced with the configured GOARCH;
 #     any stamping variables should be escaped, e.g. {{STABLE_MY_VAR}}.
 #   tags: will be applied to all targets
-#   visiblity: will be applied only to the container_bundles; the internal
+#   visibility: will be applied only to the container_bundles; the internal
 #     container_image is private
 #   All other args will be applied to the internal container_image.
 def multi_arch_container(

build/files.bzl

@@ -16,7 +16,7 @@
 # file, separated by the given separator.
 # If a specific output filename is desired, it can be specified using the arg
 # 'out'. Otherwise the output file will be named 'name.out'.
-def concat_files(name, srcs, seperator, out = None, **kwargs):
+def concat_files(name, srcs, separator, out = None, **kwargs):
     if not out:
         out = "%s.out" % name
 
@@ -27,7 +27,7 @@ for each in $(SRCS); do
     cat $$each >> $@
     echo -e "%s" >> $@
 done
-""" % seperator,
+""" % separator,
         srcs = srcs,
         outs = [out],
         **kwargs

deploy/crds/BUILD.bazel

@@ -19,7 +19,7 @@ crds = [
 concat_files(
     name = "templates.regular",
     srcs = [":crd-%s.yaml" % crd for crd in crds],
-    seperator = "---",
+    separator = "---",
     visibility = ["//visibility:public"],
 )
 
@@ -27,7 +27,7 @@ concat_files(
 concat_files(
     name = "templates.v1beta1",
     srcs = [":crd-%s.v1beta1.yaml" % crd for crd in crds],
-    seperator = "---",
+    separator = "---",
     visibility = ["//visibility:public"],
 )
 

design/acme-orders-challenges-crd.md

@@ -428,7 +428,7 @@ be 'invalid' and vice-versa).
 
 ### Refactoring
 
-There will be some significant refactoring work required to accomodate this change.
+There will be some significant refactoring work required to accommodate this change.
 Notably, the ACME specific client handling in the `pkg/issuer/acme` directory
 will need breaking out into a shared package so that the new Order and Challenge
 controllers can re-use this code.

devel/cluster/create-openshift3.sh

@@ -81,7 +81,7 @@ echo "Running 'cluster up'"
 # Set kubeconfig to be sysadmin
 "${OC3}" login -u system:admin
 
-# Disable restrictions for our test dependancies
+# Disable restrictions for our test dependencies
 "${OC3}" adm policy add-scc-to-group privileged system:authenticated
 
 # Replace kube-dns with our patched CoreDNS

devel/lib/lib.sh

@@ -97,7 +97,7 @@ require_image() {
   load_image "$IMAGE_NAME"
 }
 
-# load_image will lod an image into the local cluster
+# load_image will load an image into the local cluster
 # for a kind cluster it will load it into the cluster
 # with name $KIND_CLUSTER_NAME
 load_image() {
@@ -109,4 +109,4 @@ load_image() {
     return
   fi
   kind load docker-image --name "$KIND_CLUSTER_NAME" "$IMAGE_NAME"
-}
+}

pkg/controller/acmeorders/sync.go

@@ -494,14 +494,14 @@ func (c *controller) finalizeOrder(ctx context.Context, cl acmecl.Interface, o *
 
 				log.V(logf.DebugLevel).WithValues("Issuer CN", cert.Issuer.CommonName).Info("Found alternative ACME bundle")
 				if cert.Issuer.CommonName == issuer.GetSpec().ACME.PreferredChain {
-					// if the issuer's CN matched the preffered chain it means this bundle is
+					// if the issuer's CN matched the preferred chain it means this bundle is
 					// signed by the requested chain
 					return c.storeCertificateOnStatus(ctx, o, altBundle)
 				}
 			}
 		}
 		// if no match is found we return to the actual cert
-		// it is a *prefered* chain after all
+		// it is a *preferred* chain after all
 	}
 
 	return c.storeCertificateOnStatus(ctx, o, certSlice)

pkg/controller/certificates/issuing/issuing_controller.go

@@ -57,7 +57,7 @@ const (
 type localTemporarySignerFn func(crt *cmapi.Certificate, pk []byte) ([]byte, error)
 
 // This controller observes the state of the certificate's 'Issuing' condition,
-// which will then copy the singed certificates and private key to the target
+// which will then copy the signed certificates and private key to the target
 // Secret resource.
 type controller struct {
 	certificateLister        cmlisters.CertificateLister

pkg/controller/ingress-shim/sync_test.go

@@ -929,7 +929,7 @@ func TestSync(t *testing.T) {
 			},
 		},
 		{
-			Name:         "if an ingress contains multiple tls entires that specify the same secretName, an error should be logged and no action taken",
+			Name:         "if an ingress contains multiple tls entries that specify the same secretName, an error should be logged and no action taken",
 			Issuer:       acmeIssuer,
 			IssuerLister: []runtime.Object{acmeIssuer},
 			ExpectedEvents: []string{

pkg/internal/apis/certmanager/validation/certificate_test.go

@@ -415,17 +415,17 @@ func TestValidateCertificate(t *testing.T) {
 				},
 			},
 		},
-		"invalid certificate with nonexistant keyusage": {
+		"invalid certificate with nonexistent keyusage": {
 			cfg: &internalcmapi.Certificate{
 				Spec: internalcmapi.CertificateSpec{
 					CommonName: "testcn",
 					SecretName: "abc",
 					IssuerRef:  validIssuerRef,
-					Usages:     []internalcmapi.KeyUsage{"nonexistant"},
+					Usages:     []internalcmapi.KeyUsage{"nonexistent"},
 				},
 			},
 			errs: []*field.Error{
-				field.Invalid(fldPath.Child("usages").Index(0), internalcmapi.KeyUsage("nonexistant"), "unknown keyusage"),
+				field.Invalid(fldPath.Child("usages").Index(0), internalcmapi.KeyUsage("nonexistent"), "unknown keyusage"),
 			},
 		},
 		"valid certificate with only URI SAN name": {

pkg/internal/vault/vault_test.go

@@ -127,7 +127,7 @@ func TestSign(t *testing.T) {
 	tests := map[string]testSignT{
 		"a garbage csr should return err": {
 			csrPEM:       []byte("a bad csr"),
-			expectedErr:  errors.New("faild to decode CSR for signing: error decoding certificate request PEM block"),
+			expectedErr:  errors.New("failed to decode CSR for signing: error decoding certificate request PEM block"),
 			expectedCert: "",
 			expectedCA:   "",
 		},

pkg/issuer/acme/dns/util/wait_test.go

@@ -85,7 +85,7 @@ var checkResolvConfServersTests = []struct {
 	defaults []string
 }{
 	{"testdata/resolv.conf.1", []string{"10.200.3.249:53", "10.200.3.250:5353", "[2001:4860:4860::8844]:53", "[10.0.0.1]:5353"}, []string{"127.0.0.1:53"}},
-	{"testdata/resolv.conf.nonexistant", []string{"127.0.0.1:53"}, []string{"127.0.0.1:53"}},
+	{"testdata/resolv.conf.nonexistent", []string{"127.0.0.1:53"}, []string{"127.0.0.1:53"}},
 }
 
 func TestMatchCAA(t *testing.T) {
@@ -265,7 +265,7 @@ func TestValidateCAA(t *testing.T) {
 	if err != nil {
 		t.Fatalf("unexpected error: %s", err)
 	}
-	// now ask, expecting a CA that wont match
+	// now ask, expecting a CA that won't match
 	err = ValidateCAA("www.google.com", []string{"daniel.homebrew.ca"}, false, RecursiveNameservers)
 	if err == nil {
 		t.Fatalf("expected err, got success")

pkg/util/pki/csr_test.go

@@ -68,7 +68,7 @@ func TestBuildUsages(t *testing.T) {
 		},
 		{
 			name:          "nonexisting keyusage error",
-			usages:        []cmapi.KeyUsage{"nonexistant"},
+			usages:        []cmapi.KeyUsage{"nonexistent"},
 			expectedError: true,
 		},
 		{

pkg/webhook/authority/authority.go

@@ -65,7 +65,7 @@ type DynamicAuthority struct {
 	// Defaults to 365d.
 	CADuration time.Duration
 
-	// The amount of time leaf certificates signed by ths authority will be
+	// The amount of time leaf certificates signed by this authority will be
 	// valid for.
 	// This must be less than CADuration.
 	// Defaults to 7d.

pkg/webhook/server/util/convert.go

@@ -27,7 +27,7 @@ import (
 
 // these conversions are copied from https://github.com/kubernetes/kubernetes/blob/4db3a096ce8ac730b2280494422e1c4cf5fe875e/pkg/apis/admission/v1beta1/zz_generated.conversion.go
 // to avoid copying in kubernetes/kubernetes
-// they are sightly modified to remove complexity
+// they are slightly modified to remove complexity
 
 func Convert_v1beta1_AdmissionReview_To_admission_AdmissionReview(in *admissionv1beta1.AdmissionReview, out *admissionv1.AdmissionReview) {
 	if in.Request != nil {

test/e2e/framework/helper/validate.go

@@ -70,7 +70,7 @@ func (h *Helper) ValidationSetForUnsupportedFeatureSet(fs featureset.FeatureSet)
 	return out
 }
 
-// ValidateCertificate retreives the issued certificate and runs all validation functions
+// ValidateCertificate retrieves the issued certificate and runs all validation functions
 func (h *Helper) ValidateCertificate(ns, name string, validations ...ValidationFunc) error {
 	if len(validations) == 0 {
 		validations = h.DefaultValidationSet()

test/e2e/framework/helper/validations/certificates.go

@@ -233,7 +233,7 @@ func ExpectKeyUsageUsageDigitalSignature(certificate *cmapi.Certificate, secret
 	}
 
 	// taking the key usage here and use a binary OR to flip all non KeyUsageCertSign bits to 0
-	// so if KeyUsageCertSign the value will be exacty x509.KeyUsageCertSign
+	// so if KeyUsageCertSign the value will be exactly x509.KeyUsageCertSign
 	usage := cert.KeyUsage
 	usage &= x509.KeyUsageDigitalSignature
 	if usage != x509.KeyUsageDigitalSignature {
@@ -251,7 +251,7 @@ func ExpectKeyUsageUsageDataEncipherment(certificate *cmapi.Certificate, secret
 	}
 
 	// taking the key usage here and use a binary OR to flip all non KeyUsageDataEncipherment bits to 0
-	// so if KeyUsageDataEncipherment the value will be exacty x509.KeyUsageDataEncipherment
+	// so if KeyUsageDataEncipherment the value will be exactly x509.KeyUsageDataEncipherment
 	usage := cert.KeyUsage
 	usage &= x509.KeyUsageDataEncipherment
 	if usage != x509.KeyUsageDataEncipherment {

test/e2e/suite/conformance/certificates/venaficloud/cloud.go

@@ -40,7 +40,7 @@ var _ = framework.ConformanceDescribe("Certificates", func() {
 		featureset.DurationFeature,
 		// Venafi Cloud has no ECDSA support
 		featureset.ECDSAFeature,
-		// Alternate SANS are currently not suppored in Venafi Cloud
+		// Alternate SANS are currently not supported in Venafi Cloud
 		featureset.EmailSANsFeature,
 		featureset.IPAddressFeature,
 		featureset.URISANsFeature,

test/e2e/suite/issuers/vault/certificate/approle.go

@@ -246,7 +246,7 @@ func runVaultAppRoleTests(issuerKind string) {
 			err = f.Helper().ValidateCertificate(f.Namespace.Name, certificateName)
 			Expect(err).NotTo(HaveOccurred())
 
-			// Vault substract 30 seconds to the NotBefore date.
+			// Vault subtract 30 seconds to the NotBefore date.
 			f.CertificateDurationValid(cert, v.expectedDuration, time.Second*30)
 		})
 	}

test/integration/certificates/metrics_controller_test.go

@@ -138,7 +138,7 @@ func TestMetricsController(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	// Should expose that Certificate as unkown with no expiry
+	// Should expose that Certificate as unknown with no expiry
 	waitForMetrics(`# HELP certmanager_certificate_expiration_timestamp_seconds The date after which the certificate expires. Expressed as a Unix Epoch Time.
 # TYPE certmanager_certificate_expiration_timestamp_seconds gauge
 certmanager_certificate_expiration_timestamp_seconds{name="testcrt",namespace="testns"} 0