Merge branch 'master' into autorun_postflight_checks

updated docs, added a postflight all command at this point
postflight checks triggerred on qliksense install
2020-06-18 09:06:00 -04:00 · 2020-06-17 00:52:31 -04:00 · 2020-06-17 00:09:26 -04:00
38 changed files with 271 additions and 548 deletions
--- a/.github/workflows/mkdocs.yml
+++ b/.github/workflows/mkdocs.yml
@@ -16,6 +16,6 @@ jobs:
        uses: actions/checkout@v1

      - name: Deploy docs
-        uses: mhausenblas/mkdocs-deploy-gh-pages@1.12
+        uses: mhausenblas/mkdocs-deploy-gh-pages@1.11
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
--- a/cmd/qliksense/about.go
+++ b/cmd/qliksense/about.go
@@ -19,7 +19,7 @@ func about(q *qliksense.Qliksense) *cobra.Command {

 	c := &cobra.Command{
 		Use:   "about ref",
-		Short: "Displays information pertaining to qliksense on Kubernetes",
+		Short: "Displays information pertaining to Qliksense on Kubernetes",
 		Long:  "Gives the version of QLik Sense on Kubernetes and versions of images.",
 		Example: `
 qliksense about 1.0.0
--- a/cmd/qliksense/apply.go
+++ b/cmd/qliksense/apply.go
@@ -24,6 +24,7 @@ func applyCmd(q *qliksense.Qliksense) *cobra.Command {
 	f.StringVarP(&filePath, "file", "f", "", "Install from a CR file")
 	f.StringVarP(&opts.StorageClass, "storageClass", "s", "", "Storage class for qliksense")
 	f.StringVarP(&opts.MongodbUri, "mongodbUri", "m", "", "mongodbUri for qliksense (i.e. mongodb://qlik-default-mongodb:27017/qliksense?ssl=false)")
+	f.StringVarP(&opts.RotateKeys, "rotateKeys", "r", "", "Rotate JWT keys for qliksense (yes:rotate keys/ no:use exising keys from cluster/ None: use default EJSON_KEY from env")
 	f.BoolVar(&opts.CleanPatchFiles, cleanPatchFilesFlagName, opts.CleanPatchFiles, cleanPatchFilesFlagUsage)
 	f.BoolVarP(&opts.Pull, pullFlagName, pullFlagShorthand, opts.Pull, pullFlagUsage)
 	f.BoolVarP(&opts.Push, pushFlagName, pushFlagShorthand, opts.Push, pushFlagUsage)
--- a/cmd/qliksense/crds.go
+++ b/cmd/qliksense/crds.go
@@ -34,8 +34,8 @@ func crdsInstallCmd(q *qliksense.Qliksense) *cobra.Command {
 	}
 	c := &cobra.Command{
 		Use:   "install",
-		Short: "Install CRDs for qliksense application. Use install --all=false to exclude the operator CRD",
-		Long:  "Install CRDs for qliksense application. Use install --all=false to exclude the operator CRD",
+		Short: "Install CRDs for Qliksense application. Use install --all=false to exclude the operator CRD",
+		Long:  "Install CRDs for Qliksense application. Use install --all=false to exclude the operator CRD",
 		RunE: func(cmd *cobra.Command, args []string) error {
 			return q.InstallCrds(opts)
 		},
--- a/cmd/qliksense/install.go
+++ b/cmd/qliksense/install.go
@@ -28,13 +28,11 @@ func installCmd(q *qliksense.Qliksense) *cobra.Command {
 					return err
 				}
 			} else {
-				if err := q.InstallQK8s(version, opts); err != nil {
-					return err
+				if err1 := q.InstallQK8s(version, opts); err1 != nil {
+					return err1
 				}
 			}
-			postflightChecksCmd := AllPostflightChecks(q)
-			postflightChecksCmd.DisableFlagParsing = true
-			return postflightChecksCmd.Execute()
+			return AllPostflightChecks(q).Execute()
 		},
 	}

@@ -42,6 +40,7 @@ func installCmd(q *qliksense.Qliksense) *cobra.Command {
 	f.StringVarP(&filePath, "file", "f", "", "Install from a CR file")
 	f.StringVarP(&opts.StorageClass, "storageClass", "s", "", "Storage class for qliksense")
 	f.StringVarP(&opts.MongodbUri, "mongodbUri", "m", "", "mongodbUri for qliksense (i.e. mongodb://qlik-default-mongodb:27017/qliksense?ssl=false)")
+	f.StringVarP(&opts.RotateKeys, "rotateKeys", "r", "", "Rotate JWT keys for qliksense (yes:rotate keys/ no:use exising keys from cluster/ None: use default EJSON_KEY from env")
 	f.BoolVar(&opts.CleanPatchFiles, cleanPatchFilesFlagName, opts.CleanPatchFiles, cleanPatchFilesFlagUsage)
 	f.BoolVarP(&opts.Pull, pullFlagName, pullFlagShorthand, opts.Pull, pullFlagUsage)
 	f.BoolVarP(&opts.Push, pushFlagName, pushFlagShorthand, opts.Push, pushFlagUsage)
--- a/cmd/qliksense/keys.go
+++ b/cmd/qliksense/keys.go
@@ -1,31 +0,0 @@
-package main
-
-import (
-	"github.com/qlik-oss/sense-installer/pkg/qliksense"
-	"github.com/spf13/cobra"
-)
-
-var keysCmd = &cobra.Command{
-	Use:   "keys",
-	Short: "keys for qliksense",
-}
-
-func keysRotateCmd(q *qliksense.Qliksense) *cobra.Command {
-	c := &cobra.Command{
-		Use:   "rotate",
-		Short: "Rotate qliksense application keys",
-		RunE: func(cmd *cobra.Command, args []string) error {
-			if err := q.InstallQK8s("", &qliksense.InstallCommandOptions{
-				CleanPatchFiles: true,
-				RotateKeys:      true,
-			}); err != nil {
-				return err
-			} else {
-				postFlightChecksCmd := AllPostflightChecks(q)
-				postFlightChecksCmd.DisableFlagParsing = true
-				return postFlightChecksCmd.Execute()
-			}
-		},
-	}
-	return c
-}
--- a/cmd/qliksense/preflight.go
+++ b/cmd/qliksense/preflight.go
@@ -472,42 +472,3 @@ func pfCleanupCmd(q *qliksense.Qliksense) *cobra.Command {
 	f.BoolVarP(&preflightOpts.Verbose, "verbose", "v", false, "verbose mode")
 	return pfCleanCmd
 }
-
-func pfVerifyCAChainCmd(q *qliksense.Qliksense) *cobra.Command {
-	out := ansi.NewColorableStdout()
-	preflightOpts := &preflight.PreflightOptions{
-		MongoOptions: &preflight.MongoOptions{},
-	}
-
-	var pfVerifyCAChainCmd = &cobra.Command{
-		Use:     "verify-ca-chain",
-		Short:   "verify-ca-chain using openssl verify",
-		Long:    `verify the CA chain using openssl verify to ensure that mongodb certificate is valid`,
-		Example: `qliksense preflight verify-ca-chain`,
-		RunE: func(cmd *cobra.Command, args []string) error {
-			qp := &preflight.QliksensePreflight{Q: q, P: preflightOpts, CG: &api.ClientGoUtils{Verbose: preflightOpts.Verbose}}
-
-			// Preflight service check
-			namespace, kubeConfigContents, err := qp.CG.LoadKubeConfigAndNamespace()
-			if err != nil {
-				fmt.Fprintf(out, "%s\n", Red("FAILED"))
-				fmt.Printf("Error: %v\n", err)
-				return nil
-			}
-
-			if namespace == "" {
-				namespace = "default"
-			}
-			if err = qp.VerifyCAChain(kubeConfigContents, namespace, preflightOpts, false); err != nil {
-				fmt.Fprintf(out, "%s\n", Red("FAILED"))
-				fmt.Printf("Error: %v\n", err)
-				return nil
-			}
-			fmt.Fprintf(out, "%s\n", Green("PASSED"))
-			return nil
-		},
-	}
-	f := pfVerifyCAChainCmd.Flags()
-	f.BoolVarP(&preflightOpts.Verbose, "verbose", "v", false, "verbose mode")
-	return pfVerifyCAChainCmd
-}
--- a/cmd/qliksense/root.go
+++ b/cmd/qliksense/root.go
@@ -28,10 +28,10 @@ const (
 	cleanPatchFilesFlagUsage = "Set --clean=false to keep any prior config repo file changes on install (for debugging)"
 	pullFlagName             = "pull"
 	pullFlagShorthand        = "d"
-	pullFlagUsage            = "If using private docker registry, pull (download) all required qliksense images before install"
+	pullFlagUsage            = "If using private docker registry, pull (download) all required Qliksense images before install"
 	pushFlagName             = "push"
 	pushFlagShorthand        = "u"
-	pushFlagUsage            = "If using private docker registry, push (upload) all downloaded qliksense images to that registry before install"
+	pushFlagUsage            = "If using private docker registry, push (upload) all downloaded Qliksense images to that registry before install"
 	rootCommandName          = "qliksense"
 )

@@ -100,7 +100,7 @@ func commandUsesContext(commandName string) bool {
 func getRootCmd(p *qliksense.Qliksense) *cobra.Command {
 	cmd := &cobra.Command{
 		Use:   rootCommandName,
-		Short: "qliksense cli tool",
+		Short: "Qliksense cli tool",
 		Long:  `qliksense cli tool provides functionality to perform operations on qliksense-k8s, qliksense operator, and kubernetes cluster`,
 		Args:  cobra.ArbitraryArgs,
 		PersistentPreRun: func(cmd *cobra.Command, args []string) {
@@ -209,7 +209,6 @@ func rootCmd(p *qliksense.Qliksense) *cobra.Command {
 	preflightCmd.AddCommand(pfCreateRoleBindingCheckCmd(p))
 	preflightCmd.AddCommand(pfCreateServiceAccountCheckCmd(p))
 	preflightCmd.AddCommand(pfCreateAuthCheckCmd(p))
-	preflightCmd.AddCommand(pfVerifyCAChainCmd(p))
 	preflightCmd.AddCommand(pfCleanupCmd(p))

 	cmd.AddCommand(preflightCmd)
@@ -222,10 +221,6 @@ func rootCmd(p *qliksense.Qliksense) *cobra.Command {
 	postflightCmd.AddCommand(AllPostflightChecks(p))

 	cmd.AddCommand(postflightCmd)
-
-	// add keys command
-	cmd.AddCommand(keysCmd)
-	keysCmd.AddCommand(keysRotateCmd(p))
 	return cmd
 }

--- a/docs/command_reference.md
+++ b/docs/command_reference.md
@@ -74,6 +74,7 @@ spec:
    - name: mongodbUri
      value: mongodb://qlik-test-mongodb:27017/qliksense?ssl=false
  profile: docker-desktop
+  rotateKeys: "yes"
 ```

 `qliksense apply` does everything `qliksense load` does but will install Qlik Sense into the cluster as well
--- a/docs/concepts.md
+++ b/docs/concepts.md
@@ -1,6 +1,6 @@
 # How CLI works

-At the initialization, `qliksense` cli creates few files in the director `~/.qliksense` and it contains following files:
+At the initialization, `qliksense` cli creates few files in the director `~/.qliksene` and it contains following files:

 ```console
 .qliksense
@@ -25,6 +25,7 @@ spec:
    qliksense:
    - name: mongodbUri
      value: mongodb://qlik-default-mongodb:27017/qliksense?ssl=false
+  rotateKeys: "yes"
  releaseName: qlik-default
 ```

--- a/docs/getting_started.md
+++ b/docs/getting_started.md
@@ -1,162 +1,53 @@
 # Getting started

-To get familiar with the Qlik Sense on Kubernetes Operator Command Line Interface (CLI), we will install Qlik Sense on Kubernetes on docker desktop. In subsequent sections we will enhance this configuration to include an Identity Provider (keycloak) and demonstrate air gapped capabilities as well.
-
 ## Requirements

 - Kubernetes cluster (Docker Desktop with enabled Kubernetes)
- `kubectl` installed, configured and able to communicate with kubernetes cluster. _`qliksense` CLI uses `kubectl` to perform some operations on cluster_
+- `kubectl` installed, configured and able to communicate with kubernetes cluster. _`qliksense` CLI uses `kubectl` under the hood to perform operations on cluster_

 ## Installing `qliksense` CLI

 Download the executable for your platform from [releases page](https://github.com/qlik-oss/sense-installer/releases) and rename it to `qliksense`

-=== "Linux"
+??? tldr "Linux"

    ``` bash
-    # bash
-
-    curl -LOJ https://storage.googleapis.com/kubernetes-release/release/v1.16.8/bin/linux/amd64/kubectl
-    curl -LOJ https://github.com/qlik-oss/sense-installer/releases/latest/download/qliksense-linux-amd64
-    sudo mv qliksense-linux-amd64 kubectl /usr/local/bin
-    sudo chmod ugo+x /usr/local/bin/qliksense-linux-amd64 /usr/local/bin/kubectl
-    sudo ln -s /usr/local/bin/qliksense-linux-amd64 /usr/local/bin/qliksense
-    sudo ln -s /usr/local/bin/qliksense-linux-amd64 /usr/local/bin/kubectl-qliksense
+    curl -Lo qliksense https://github.com/qlik-oss/sense-installer/releases/download/v0.7.0/qliksense-linux-amd64
+    chmod +x qliksense
+    sudo mv qliksense /usr/local/bin
    ```

-=== "MacOS"
+??? tldr "MacOS"

    ``` bash
-    # bash
-
-    curl -LOJ https://storage.googleapis.com/kubernetes-release/release/v1.16.8/bin/darwin/amd64/kubectl
-    curl -LOJ https://github.com/qlik-oss/sense-installer/releases/latest/download/qliksense-darwin-amd64
-    sudo mv qliksense-darwin-amd64 kubectl /usr/local/bin
-    sudo chmod ugo+x /usr/local/bin/qliksense-darwin-amd64 /usr/local/bin/kubectl
-    sudo ln -s /usr/local/bin/qliksense-darwin-amd64 /usr/local/bin/qliksense
-    sudo ln -s /usr/local/bin/qliksense-darwin-amd64 /usr/local/bin/kubectl-qliksense
+    curl -Lo qliksense https://github.com/qlik-oss/sense-installer/releases/download/v0.7.0/qliksense-darwin-amd64
+    chmod +x qliksense
+    sudo mv qliksense /usr/local/bin
    ```

-=== "Windows"
+??? tldr "Windows"
+    Download Windows executable and add it in your `PATH` as `qliksense.exe`

-    ``` powershell
-    # powershell
+    [https://github.com/qlik-oss/sense-installer/releases/download/v0.7.0/qliksense-windows-amd64.exe](https://github.com/qlik-oss/sense-installer/releases/download/v0.7.0/qliksense-windows-amd64.exe)
+    

-    Invoke-WebRequest https://storage.googleapis.com/kubernetes-release/release/v1.16.8/bin/windows/amd64/kubectl.exe -O C:\bin\kubectl.exe
-    Invoke-WebRequest https://github.com/qlik-oss/sense-installer/releases/latest/download/qliksense-windows-amd64.exe -O C:\bin\qliksense.exe
-    Copy-Item C:\bin\qliksense.exe C:\bin\kubectl-qliksense.exe
-    # Add C:\bin to current Path
-    $Env:Path += ";C:\bin"
-    # Save Path to User environment scope
-    [Environment]::SetEnvironmentVariable("Path",[Environment]::GetEnvironmentVariable("Path", [EnvironmentVariableTarget]::User) + ";C:\bin",[EnvironmentVariableTarget]::User)
-    ```

 ## Quick start

-### Setting the contexts
-
-By default a `qlik-default` configuration context is provided and can be used, as is.  In effect, this is the name of the Qlik Sense instance in the target cluster. All resources installed into the target namespace will be prefixed with `qlik-default`.  The name of the Qlik Sense application will correspondingly be `qliksense`.
-
-Ex.: To change this to `qliksense-dev`:
+- To download the version `v0.0.2` from qliksense-k8s [releases](https://github.com/qlik-oss/qliksense-k8s/releases).

 ```shell
-qliksense config set-context qliksense-dev
+qliksense fetch v0.0.2
 ```

-!!! info ""
-    For the purposes of the Quick Start we will be using `qlik-default`
-
-The target namespace is determined by the kubectl connection context.
-
-ex. Ensure a connection to cluster to change the configuration context's target namespace with kubectl to `qliksense`
+- To install CRDs for QSEoK and qliksense operator into the kubernetes cluster.

 ```shell
-kubectl config set-context --current --namespace=qliksense
+qliksense crds install --all
 ```

-!!! info ""
-    For the purposes of the Quick Start we will be using the default namespace. (`default`)
-
-### Downloading a version of Qlik Sense on Kubernetes
-
-To download the latest version of Qlik Sense on Kubernetes from qliksense-k8s
+- To install QSEoK into a namespace in the kubernetes cluster where `kubectl` is pointing to.

 ```shell
-qliksense fetch
-```
-
-#### More Options
-
- To download a specific version `v1.59.20` from qliksense-k8s [releases](https://github.com/qlik-oss/qliksense-k8s/releases)
-```shell
-qliksense fetch v1.58.20
-```
- To download from a GitHub repository fork of the `qliksense-k8s` repository (master branch)
-```shell
-qliksense fetch --url https://github.com/bkuschel/qliksense-k8s.git master
-```
-
-### Deployment Profiles
-
-Deployment profiles are a sets components that require sets of key/value pairs to satisfy the requirements for the generation of a Qlik Sense on Kubernetes manifest. Along with the profile name, sets of key/value pairs are provided through the Qlik Sense custom application resources (see here).
-
-Profiles can be developed and added to the qliksense-k8s repo but is considered an advanced topic (see here) not covered here.
-
-#### Default Profile: Docker Desktop
-
-By default, the `docker-desktop` profile is associated with the configuration context when initially created. This profile is guaranteed to work on Docker Desktop but can generally be used on other types of Kubernetes clusters, provided that the required configuration tweaks are provided specific to the hosting requirements (Ex. storage class).
-
-The docker-desktop profile does not have any scaling characteristics and is generally set up to have the ability to work on a reasonably powerful computer (16GB, 4 cores minimum, greater is better). It also includes a self-contained mongodb instance for non-production purposes.
-
-Generally it doesn't require any extra configuration to work except an acceptance of the Qlik User License Agreement (QULA), which is prompted on install but can also be set in advance (having read the QULA)
-
-```shell
-qliksense config set-configs qliksense.acceptEULA="yes"
-```
-
-More information on the possible configuration parameters for docker-desktop here (see here).
-
-!!! Info
-    To access an installation of the docker desktop profile in docker desktop, the host `elastic.example` needs to be added to the system host file as an alias to `127.0.0.1`
-
-    ```
-    127.0.0.1 elastic.example
-    ```
-
-    File location:
-
-    - Linux - `/etc/hosts`
-    - MacOS - `/etc/hosts`
-    - Windows - `C:\Windows\System32\drivers\etc\hosts`
-
-### Installing Qlik Sense on Kubernetes
-
-#### Custom Resource Definitions (CRDs)
-
-Besides the CLI, a Kubernetes operator (read here) is a core component of the Qlik Sense Operator. Additionally, there are other Kubernetes operators in Qlik Sense on Kubernetes that provide other types functionality (ex. scaling). Depending on the profile chosen [(see Deployment profiles)](#deployment-profiles), additional CRDs can also be installed for third-party components (see gke-demo).
-
-Kubernetes operators require Custom resource definitions (CRD) (read here), which are YAML schemas for custom resources (CR). The Qlik Sense application instance, corresponding to the name of the configuration context, corresponds to a CR (ex. `qlik-default`).
-
-CRDs require cluster scope permissions and are shared cluster-wide across namespaces. These need to be installed first (if not done previously).
-
-To install CRDs for Qlik Sense on Kubernetes into the Kubernetes cluster.
-
-```shell
-qliksense crds install
-```
-
-#### Preflight Checks
-
-To check that your environment fullfills Qlik Sense requirements
-
-```shell
-qliksense preflight all
-```
-
-#### Qlik Sense
-
-To install Qlik Sense into a namespace in the Kubernetes cluster where `kubectl` is pointing to
-
-```shell
-qliksense install
+qliksense install --acceptEULA="yes"
 ```
--- a/docs/index.md
+++ b/docs/index.md
@@ -1,22 +1,15 @@
 # Overview

-The Qlik Sense on Kubernetes Operator CLI (`qliksense`)  facilitates:
+The Qlik Sense on Kubernetes CLI (`qliksense`) provides an imperative interface to many of the configurations that need to be applied against the declarative structure described in [qliksense-k8s](https://github.com/qlik-oss/qliksense-k8s).
+
+The CLI facilitates:

 - Installation of QSEoK
- Installation of Qliksense operator to manage the QSEoK installation
+- Installation of qliksense operator to manage QSEoK
 - Air gapped installation of QSEoK
- Cluster configuration management
- Pre-flight and Post-flight environment and configuration checks
-
-The Qlik Sense on Kubernetes Operator CLI provides an imperative interface to many of the configurations that need to be applied against the declarative structure described in the [qliksense-k8s](https://github.com/qlik-oss/qliksense-k8s) repository
-
-To get start quickly go to the [Getting Started page](getting_started.md).
-
-To learn more about the internal workings of the Qlik Sense on Kubernetes Operator, go to [How CLI works](concepts.md).

 !!! info ""
    This is a technology preview that uses Qlik modified [kustomize](https://github.com/qlik-oss/kustomize) for Kubernetes manifests on [qliksense-k8s](https://github.com/qlik-oss/qliksense-k8s) repository

-
 !!! info ""
    See QlikSense [edge releases on qliksense-k8s](https://github.com/qlik-oss/qliksense-k8s/releases) repository
--- a/docs/preflight_checks.md
+++ b/docs/preflight_checks.md
@@ -305,21 +305,3 @@ Removing mongo check components...
 Preflight cleanup complete

 ```
-
-### Verify-ca-chain check
-We use the command below to verify the ca certificate chain and server certificate. We run this check over mongodbUrl and discoveryUrl we inferred from idpconfigs in the CR.
-```shell
-$ qliksense preflight preflight verify-ca-chain -v
-
-Preflight verify-ca-chain check... 
----------------------------------- 
-Openssl verify mongodbUrl:
-Mongodb url inferred form CR: <mongodbUrl_from_CR>
-Host: <host extracted from mongodbUrl>
-
-Openssl verify discoveryUrl:
-Discovery url: <discoveryUrl_from_CR>
-Host: <host extracted from discoveryUrl>
-Completed preflight verify-CA-chain check
-PASSED
-```
--- a/go.mod
+++ b/go.mod
@@ -40,7 +40,7 @@ require (
 	github.com/mitchellh/go-homedir v1.1.0
 	github.com/otiai10/copy v1.1.1
 	github.com/pkg/errors v0.9.1
-	github.com/qlik-oss/k-apis v0.1.16
+	github.com/qlik-oss/k-apis v0.1.10
 	github.com/robfig/cron/v3 v3.0.1
 	github.com/rogpeppe/go-internal v1.5.2 // indirect
 	github.com/spf13/cobra v0.0.6
@@ -55,7 +55,6 @@ require (
 	k8s.io/apiextensions-apiserver v0.17.2
 	k8s.io/apimachinery v0.17.2
 	k8s.io/client-go v11.0.0+incompatible
-	k8s.io/kubectl v0.17.2
 	sigs.k8s.io/kustomize/api v0.3.2
 	sigs.k8s.io/yaml v1.1.0
 )
--- a/go.sum
+++ b/go.sum
@@ -885,8 +885,8 @@ github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDa
 github.com/prometheus/procfs v0.0.5 h1:3+auTFlqw+ZaQYJARz6ArODtkaIwtvBTx3N2NehQlL8=
 github.com/prometheus/procfs v0.0.5/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
 github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
-github.com/qlik-oss/k-apis v0.1.16 h1:R3gCZs4A3EHPNx4B7p1idWD+OhyaU/bAlGYBWc0ZNz4=
-github.com/qlik-oss/k-apis v0.1.16/go.mod h1:AkNa/kaZHpGVs9l+pHe6nvz99Sp9WO1f9ylBES95o+I=
+github.com/qlik-oss/k-apis v0.1.10 h1:adBXokJpE7oOr9wkPOHgpVbvuhLLKtqFdnX7V9MEyOs=
+github.com/qlik-oss/k-apis v0.1.10/go.mod h1:qJVbbSYtZ+fFCojEyG9UoiCAmymm0JEtnhulr5M7HyU=
 github.com/qlik-oss/kustomize/api v0.3.3-0.20200612023448-4c1f2f38ea9b h1:RDh3OZJOriy/ap1NUHVKsPG07N4DALaCzaqXFFK57T0=
 github.com/qlik-oss/kustomize/api v0.3.3-0.20200612023448-4c1f2f38ea9b/go.mod h1:zh3yFgE5zFk1kreqzVyyj1eXyIxQJT53l4zSg8Wt4SA=
 github.com/quasilyte/go-consistent v0.0.0-20190521200055-c6f3937de18c/go.mod h1:5STLWrekHfjyYwxBRVRXNOSewLJ3PWfDJd1VyTS21fI=
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -1,13 +1,11 @@
 site_name: Qlik Sense on Kubernetes CLI
 repo_url: 'https://github.com/qlik-oss/sense-installer'
 strict: true
-
 theme:
  name: "material"
  palette:
    primary: 'green'
    accent: 'indigo'
-
 markdown_extensions:
  - toc:
      permalink: true
@@ -16,8 +14,6 @@ markdown_extensions:
  - pymdownx.inlinehilite
  - pymdownx.superfences
  - pymdownx.details
-  - pymdownx.tabbed
-
 nav:
  - Overview: index.md
  - getting_started.md
--- a/pkg/api/apis.go
+++ b/pkg/api/apis.go
@@ -144,17 +144,17 @@ func (cr *QliksenseCR) IsRepoExist() bool {
 }

 func (cr *QliksenseCR) GetFetchUrl() string {
-	if cr.Spec.Git == nil || cr.Spec.Git.Repository == "" {
+	if cr.Spec.FetchSource == nil || cr.Spec.FetchSource.Repository == "" {
 		return QLIK_GIT_REPO
 	}
-	return cr.Spec.Git.Repository
+	return cr.Spec.FetchSource.Repository
 }

 func (cr *QliksenseCR) GetFetchAccessToken(encryptionKey string) string {
-	if cr.Spec.Git == nil {
+	if cr.Spec.FetchSource == nil {
 		return ""
 	}
-	if tok, err := cr.Spec.Git.GetAccessToken(); err != nil {
+	if tok, err := cr.Spec.FetchSource.GetAccessToken(); err != nil {
 		fmt.Println(err)
 		return ""
 	} else if tok == "" {
@@ -171,29 +171,29 @@ func (cr *QliksenseCR) GetFetchAccessToken(encryptionKey string) string {
 }

 func (cr *QliksenseCR) SetFetchUrl(url string) {
-	if cr.Spec.Git == nil {
-		cr.Spec.Git = &config.Repo{}
+	if cr.Spec.FetchSource == nil {
+		cr.Spec.FetchSource = &config.Repo{}
 	}
-	cr.Spec.Git.Repository = url
+	cr.Spec.FetchSource.Repository = url
 }

 func (cr *QliksenseCR) SetFetchAccessToken(token, encryptionKey string) error {
-	if cr.Spec.Git == nil {
-		cr.Spec.Git = &config.Repo{}
+	if cr.Spec.FetchSource == nil {
+		cr.Spec.FetchSource = &config.Repo{}
 	}
 	res, err := EncryptData([]byte(token), encryptionKey)
 	if err != nil {
 		return err
 	}
-	cr.Spec.Git.AccessToken = b64.StdEncoding.EncodeToString(res)
+	cr.Spec.FetchSource.AccessToken = b64.StdEncoding.EncodeToString(res)
 	return nil
 }

 func (cr *QliksenseCR) SetFetchAccessSecretName(sec string) {
-	if cr.Spec.Git == nil {
-		cr.Spec.Git = &config.Repo{}
+	if cr.Spec.FetchSource == nil {
+		cr.Spec.FetchSource = &config.Repo{}
 	}
-	cr.Spec.Git.SecretName = sec
+	cr.Spec.FetchSource.SecretName = sec
 }

 //DeleteRepo delete the manifest repo and unset manifestsRoot
@@ -524,9 +524,9 @@ func (qc *QliksenseConfig) GetDecryptedCr(cr *QliksenseCR) (*QliksenseCR, error)
 	}
 	newCr.Spec.Secrets = finalSecrets

-	if newCr.Spec.Git != nil && newCr.Spec.Git.AccessToken != "" {
+	if newCr.Spec.FetchSource != nil && newCr.Spec.FetchSource.AccessToken != "" {
 		decData := cr.GetFetchAccessToken(encryptionKey)
-		newCr.Spec.Git.AccessToken = decData
+		newCr.Spec.FetchSource.AccessToken = decData
 	}
 	return newCr, nil
 }
--- a/pkg/api/apis_test.go
+++ b/pkg/api/apis_test.go
@@ -127,7 +127,7 @@ func TestGetDecryptedCr(t *testing.T) {
 	if decryptedValue == orignalValue {
 		t.Fail()
 	}
-	if newCr.Spec.Git.AccessToken != "mytoken" {
+	if newCr.Spec.FetchSource.AccessToken != "mytoken" {
 		t.Fail()
 	}
 	td()
--- a/pkg/api/clientgo_utils_test.go
+++ b/pkg/api/clientgo_utils_test.go
@@ -508,7 +508,7 @@ func TestClientGoUtils_CreatePreflightTestPod(t *testing.T) {
 							ImagePullPolicy: apiv1.PullIfNotPresent,
 							Command:         []string{"echo"},
 							VolumeMounts: []apiv1.VolumeMount{
-								{
+								apiv1.VolumeMount{
 									Name:      "secret1",
 									MountPath: filepath.Dir("/etc/secret1"),
 									ReadOnly:  true,
@@ -517,7 +517,7 @@ func TestClientGoUtils_CreatePreflightTestPod(t *testing.T) {
 						},
 					},
 					Volumes: []apiv1.Volume{
-						{
+						apiv1.Volume{
 							Name: "secret1",
 							VolumeSource: apiv1.VolumeSource{
 								Secret: &apiv1.SecretVolumeSource{
@@ -844,7 +844,7 @@ func TestClientGoUtils_WaitForPod(t *testing.T) {
 		},
 		Spec: apiv1.PodSpec{
 			Containers: []apiv1.Container{
-				{},
+				apiv1.Container{},
 			},
 		},
 		Status: apiv1.PodStatus{
@@ -895,7 +895,7 @@ func TestClientGoUtils_WaitForPod(t *testing.T) {
 					},
 					Spec: apiv1.PodSpec{
 						Containers: []apiv1.Container{
-							{},
+							apiv1.Container{},
 						},
 					},
 					Status: apiv1.PodStatus{
@@ -942,7 +942,7 @@ func TestClientGoUtils_WaitForPod(t *testing.T) {
 					},
 					Spec: apiv1.PodSpec{
 						Containers: []apiv1.Container{
-							{},
+							apiv1.Container{},
 						},
 					},
 					Status: apiv1.PodStatus{
@@ -1059,7 +1059,7 @@ func TestClientGoUtils_WaitForPodToDie(t *testing.T) {
 		},
 		Spec: apiv1.PodSpec{
 			Containers: []apiv1.Container{
-				{},
+				apiv1.Container{},
 			},
 		},
 		Status: apiv1.PodStatus{
@@ -1131,7 +1131,7 @@ func TestClientGoUtils_WaitForPodToDie(t *testing.T) {
 					},
 					Spec: apiv1.PodSpec{
 						Containers: []apiv1.Container{
-							{},
+							apiv1.Container{},
 						},
 					},
 					Status: apiv1.PodStatus{
@@ -1885,10 +1885,10 @@ func TestClientGoUtils_waitForStatefulsetToDelete(t *testing.T) {
 		statefulsetName string
 	}
 	tests := []struct {
-		name                           string
-		fields                         fields
-		args                           args
-		wantErr                        bool
+		name    string
+		fields  fields
+		args    args
+		wantErr bool
 		timeoutForChangingReplicaCount time.Duration
 	}{
 		{
@@ -1897,8 +1897,8 @@ func TestClientGoUtils_waitForStatefulsetToDelete(t *testing.T) {
 				Verbose: true,
 			},
 			args: args{
-				clientset:       fake.NewSimpleClientset(ss),
-				namespace:       "test-ns",
+				clientset:      fake.NewSimpleClientset(ss),
+				namespace:      "test-ns",
 				statefulsetName: ss.Name,
 			},
 			wantErr:                        false,
@@ -1910,11 +1910,11 @@ func TestClientGoUtils_waitForStatefulsetToDelete(t *testing.T) {
 				Verbose: true,
 			},
 			args: args{
-				clientset:       fake.NewSimpleClientset(),
-				namespace:       "test-ns",
+				clientset:      fake.NewSimpleClientset(),
+				namespace:      "test-ns",
 				statefulsetName: ss.Name,
 			},
-			wantErr: false,
+			wantErr:                        false,
 		},
 		{
 			name: "timeout",
@@ -1922,11 +1922,11 @@ func TestClientGoUtils_waitForStatefulsetToDelete(t *testing.T) {
 				Verbose: true,
 			},
 			args: args{
-				clientset:       fake.NewSimpleClientset(ss),
-				namespace:       "test-ns",
+				clientset:      fake.NewSimpleClientset(ss),
+				namespace:      "test-ns",
 				statefulsetName: ss.Name,
 			},
-			wantErr: true,
+			wantErr:                        true,
 		},
 	}
 	for _, tt := range tests {
--- a/pkg/api/context_apis.go
+++ b/pkg/api/context_apis.go
@@ -23,6 +23,7 @@ const (
 	QliksenseKind           = "Qliksense"
 	QliksenseGroup          = "qlik.com"
 	QliksenseDefaultProfile = "docker-desktop"
+	DefaultRotateKeys       = "yes"
 	QliksenseMetadataName   = "QliksenseConfigMetadata"
 	DefaultMongodbUri       = "mongodb://qlik-default-mongodb:27017/qliksense?ssl=false"
 	DefaultMongodbUriKey    = "mongodbUri"
@@ -37,7 +38,8 @@ func (qliksenseCR *QliksenseCR) AddCommonConfig(contextName string) {
 	})
 	qliksenseCR.SetName(contextName)
 	qliksenseCR.Spec = &config.CRSpec{
-		Profile: QliksenseDefaultProfile,
+		Profile:    QliksenseDefaultProfile,
+		RotateKeys: DefaultRotateKeys,
 	}
 	qliksenseCR.Spec.AddToSecrets("qliksense", DefaultMongodbUriKey, strings.Replace(DefaultMongodbUri, "qlik-default", contextName, 1), "")
 }
--- a/pkg/api/context_apis_test.go
+++ b/pkg/api/context_apis_test.go
@@ -23,7 +23,8 @@ func TestAddCommonConfig(t *testing.T) {
 	q.SetName("myqliksense")
 	q.SetGroupVersionKind(gvk)
 	q.Spec = &config.CRSpec{
-		Profile: QliksenseDefaultProfile,
+		Profile:    QliksenseDefaultProfile,
+		RotateKeys: DefaultRotateKeys,
 		Secrets: map[string]config.NameValues{
 			"qliksense": []config.NameValue{{
 				Name:  DefaultMongodbUriKey,
--- a/pkg/preflight/all_checks.go
+++ b/pkg/preflight/all_checks.go
@@ -103,16 +103,6 @@ func (qp *QliksensePreflight) RunAllPreflightChecks(kubeConfigContents []byte, n
 	}
 	totalCount++

-	// Preflight verify ca chain check
-	if err := qp.VerifyCAChain(kubeConfigContents, namespace, preflightOpts, false); err != nil {
-		fmt.Fprintf(out, "%s\n", Red("FAILED"))
-		fmt.Printf("Error: %v\n\n", err)
-	} else {
-		fmt.Fprintf(out, "%s\n\n", Green("PASSED"))
-		checkCount++
-	}
-	totalCount++
-
 	if checkCount == totalCount {
 		// All preflight checks were successful
 		return nil
--- a/pkg/preflight/verify_ca.go
+++ b/pkg/preflight/verify_ca.go
@@ -1,123 +0,0 @@
-package preflight
-
-import (
-	"crypto/tls"
-	"crypto/x509"
-	"encoding/json"
-	"fmt"
-	"net/url"
-	"strings"
-
-	qapi "github.com/qlik-oss/sense-installer/pkg/api"
-)
-
-func (qp *QliksensePreflight) VerifyCAChain(kubeConfigContents []byte, namespace string, preflightOpts *PreflightOptions, cleanup bool) error {
-
-	var currentCR *qapi.QliksenseCR
-	var err error
-	qConfig := qapi.NewQConfig(qp.Q.QliksenseHome)
-	qConfig.SetNamespace(namespace)
-
-	fmt.Print("Preflight verify-ca-chain check... ")
-	qp.CG.LogVerboseMessage("\n----------------------------------- \n")
-
-	currentCR, err = qConfig.GetCurrentCR()
-	if err != nil {
-		qp.CG.LogVerboseMessage("Unable to retrieve current CR: %v\n", err)
-		return err
-	}
-	decryptedCR, err := qConfig.GetDecryptedCr(currentCR)
-	if err != nil {
-		qp.CG.LogVerboseMessage("An error occurred while retrieving mongodbUrl from current CR: %v\n", err)
-		return err
-	}
-
-	// infer ca certs form CR
-	caCertificates := strings.TrimSpace(decryptedCR.Spec.GetFromSecrets("qliksense", "caCertificates"))
-
-	fmt.Println("Openssl verify mongodbUrl:")
-	// infer mongodb url from CR
-	mongodbUrl := strings.TrimSpace(decryptedCR.Spec.GetFromSecrets("qliksense", "mongodbUri"))
-	qp.CG.LogVerboseMessage("Mongodb url inferred form CR: %s\n", mongodbUrl)
-
-	// parse out server and port from mongodb url and execute openssl verify
-	if err := qp.extractCertAndVerify(mongodbUrl, caCertificates); err != nil {
-		return err
-	}
-
-	fmt.Printf("\nOpenssl verify discoveryUrl:\n")
-	// infer idpConfigs form CR
-	idpConfigs := strings.TrimSpace(decryptedCR.Spec.GetFromSecrets("identity-providers", "idpConfigs"))
-
-	data := []map[string]interface{}{}
-	if err := json.Unmarshal([]byte(idpConfigs), &data); err != nil {
-		panic(err)
-	}
-
-	var discoveryUrl string
-	for _, idpData := range data {
-		discoveryUrl = idpData["discoveryUrl"].(string)
-		qp.CG.LogVerboseMessage("Discovery url: %s\n", discoveryUrl)
-	}
-	if err := qp.extractCertAndVerify(discoveryUrl, caCertificates); err != nil {
-		return err
-	}
-
-	qp.CG.LogVerboseMessage("Completed preflight verify-ca-chain check\n")
-	return nil
-}
-
-func (qp *QliksensePreflight) extractCertAndVerify(server string, caCertificates string) error {
-	u, err := url.Parse(server)
-	if err != nil {
-		return fmt.Errorf("unable to parse url: %v", err)
-	}
-
-	switch strings.ToLower(u.Scheme) {
-	case "http":
-		return fmt.Errorf("http url is not supported for this operation")
-	case "https":
-		if u.Port() == "" {
-			u.Host += ":443"
-		}
-	}
-
-	qp.CG.LogVerboseMessage("Host: %s, port: %s\n", u.Host, u.Port())
-	conn, err := tls.Dial("tcp", u.Host, &tls.Config{})
-	qp.CG.LogVerboseMessage("Host: %s\n", u.Host)
-	if err != nil {
-		return fmt.Errorf("failed to connect: " + err.Error())
-	}
-	defer conn.Close()
-
-	// Get the ConnectionState struct as that's the one which gives us x509.Certificate struct
-	x509Certificates := conn.ConnectionState().PeerCertificates
-
-	var serverCert *x509.Certificate
-	if len(x509Certificates) == 0 {
-		return fmt.Errorf("no server certificates retrieved from the server")
-	}
-	// we retrieve and verify the server certificate, we ignore intermediate certificates at this point.
-	for _, x509Cert := range x509Certificates {
-		if !x509Cert.IsCA {
-			serverCert = x509Cert
-			break
-		}
-	}
-	if serverCert == nil {
-		return fmt.Errorf("no valid server certificates retrieved from the server")
-	}
-	roots := x509.NewCertPool()
-	if ok := roots.AppendCertsFromPEM([]byte(caCertificates)); !ok {
-		return fmt.Errorf("failed to parse root certificate.")
-	}
-
-	opts := x509.VerifyOptions{
-		Roots:   roots,
-		DNSName: u.Hostname(),
-	}
-	if _, err := serverCert.Verify(opts); err != nil {
-		return fmt.Errorf("failed to verify certificate: " + err.Error())
-	}
-	return nil
-}
--- a/pkg/qliksense/config.go
+++ b/pkg/qliksense/config.go
@@ -5,19 +5,16 @@ import (
 	"fmt"
 	"io/ioutil"
 	"os"
+	"os/exec"
 	"path"
 	"path/filepath"
 	"strings"

-	"github.com/qlik-oss/k-apis/pkg/config"
-
 	"github.com/mitchellh/go-homedir"
-	"gopkg.in/yaml.v2"

 	"github.com/qlik-oss/k-apis/pkg/cr"
 	"github.com/qlik-oss/sense-installer/pkg/api"
 	qapi "github.com/qlik-oss/sense-installer/pkg/api"
-	"k8s.io/kubectl/pkg/cmd/util/editor"
 )

 const (
@@ -76,21 +73,20 @@ func (q *Qliksense) configEjson() error {
 }

 func (q *Qliksense) applyConfigToK8s(qcr *qapi.QliksenseCR) error {
-	if err := q.configEjson(); err != nil {
-		return err
+	if qcr.Spec.RotateKeys != "None" {
+		if err := q.configEjson(); err != nil {
+			return err
+		}
 	}
-
 	userHomeDir, err := homedir.Dir()
 	if err != nil {
 		fmt.Printf(`error fetching user's home directory: %v\n`, err)
 		return err
 	}
+	fmt.Println("Manifests root: " + qcr.Spec.GetManifestsRoot())
 	qcr.SetNamespace(qapi.GetKubectlNamespace())
-	b, _ := yaml.Marshal(qcr.KApiCr)
-	fmt.Printf("%v", string(b))
-	// os.Exit(0)
 	// generate patches
-	cr.GeneratePatches(&qcr.KApiCr, config.KeysActionRestoreOrRotate, path.Join(userHomeDir, ".kube", "config"))
+	cr.GeneratePatches(&qcr.KApiCr, path.Join(userHomeDir, ".kube", "config"))
 	// apply generated manifests
 	profilePath := filepath.Join(qcr.Spec.GetManifestsRoot(), qcr.Spec.GetProfileDir())
 	fmt.Printf("Generating manifests for profile: %v\n", profilePath)
@@ -196,12 +192,13 @@ func (q *Qliksense) EditCR(contextName string) error {
 	if err := ioutil.WriteFile(tempFile.Name(), crContent, os.ModePerm); err != nil {
 		return nil
 	}
-
-	currentEditor := editor.NewDefaultEditor([]string{"KUBE_EDITOR", "EDITOR"})
-	if err = currentEditor.Launch(tempFile.Name()); err != nil {
+	cmd := exec.Command(getKubeEditorTool(), tempFile.Name())
+	cmd.Stdin = os.Stdin
+	cmd.Stdout = os.Stdout
+	err = cmd.Run()
+	if err != nil {
 		return err
 	}
-
 	newCr, err := qapi.GetCRObject(tempFile.Name())
 	if err != nil {
 		return errors.New("cannot save the cr. Someting wrong in the file format. It is not saved\n" + err.Error())
@@ -216,3 +213,11 @@ func (q *Qliksense) EditCR(contextName string) error {
 	}
 	return nil
 }
+
+func getKubeEditorTool() string {
+	editor := os.Getenv("KUBE_EDITOR")
+	if editor == "" {
+		editor = "vim"
+	}
+	return editor
+}
--- a/pkg/qliksense/context_configs.go
+++ b/pkg/qliksense/context_configs.go
@@ -176,6 +176,53 @@ func caseInsenstiveFieldByName(v reflect.Value, name string) reflect.Value {
 	return v.FieldByNameFunc(func(n string) bool { return strings.ToLower(n) == name })
 }

+func validateCR(key string, keySub string, value string, crSpec *api.QliksenseCR) (bool, *api.QliksenseCR) {
+	cr := reflect.ValueOf(crSpec.Spec)
+	keyValid := caseInsenstiveFieldByName(reflect.Indirect(cr), key)
+	if !keyValid.IsValid() {
+		//not in main spec
+		fmt.Println(key, "is an invalid key")
+		return false, crSpec
+	} else if keySub == "" {
+		if key == "rotatekeys" {
+			if _, err := validateInput(value); err != nil {
+				return false, crSpec
+			}
+		}
+	}
+	// checks if it is git or gitops
+	if keySub != "" {
+		if !keyValid.IsNil() {
+			if !caseInsenstiveFieldByName(reflect.Indirect(keyValid), keySub).IsValid() {
+				fmt.Println(keySub, "is an invalid key")
+				return false, crSpec
+			} else {
+				// verify gitops enabled and gitops schedule
+				switch keySub {
+				case "schedule":
+					if _, err := cron.ParseStandard(value); err != nil {
+						fmt.Println("Please enter string with standard cron scheduling syntax ")
+						return false, crSpec
+					}
+				case "enabled":
+					if !strings.EqualFold(value, "yes") && !strings.EqualFold(value, "no") {
+						fmt.Println("Please use yes or no for key enabled")
+						return false, crSpec
+					}
+				}
+			}
+		} else {
+			switch key {
+			case "opsrunner":
+				crSpec.Spec.OpsRunner = &config.OpsRunner{}
+			case "git":
+				crSpec.Spec.Git = &config.Repo{}
+			}
+		}
+	}
+	return true, crSpec
+}
+
 // SetOtherConfigs - set profile/storageclassname/git.repository/manifestRoot commands
 func (q *Qliksense) SetOtherConfigs(args []string) error {
 	// retieve current context from config.yaml
@@ -193,7 +240,11 @@ func (q *Qliksense) SetOtherConfigs(args []string) error {
 	}

 	for _, arg := range args {
-		if strings.HasPrefix(arg, "git.") {
+		if strings.HasPrefix(arg, "fetchSource.") {
+			if err := q.processSetFetchSource(arg, qliksenseCR); err != nil {
+				return err
+			}
+		} else if strings.HasPrefix(arg, "git.") {
 			if err := q.processSetGit(arg, qliksenseCR); err != nil {
 				return err
 			}
@@ -222,34 +273,64 @@ func processSetSingleArg(arg string, cr *api.QliksenseCR) error {
 		cr.Spec.Profile = nv[1]
 	case "storageClassName":
 		cr.Spec.StorageClassName = nv[1]
+	case "rotateKeys":
+		valid := false
+		for _, v := range []string{"yes", "no", "None"} {
+			if nv[1] == v {
+				valid = true
+			}
+		}
+		if !valid {
+			return errors.New("please povide rotateKeys=yes|no|None")
+		}
+		cr.Spec.RotateKeys = nv[1]
 	default:
-		return errors.New("Please enter one of: profile, storageClassName, manifestRoot, git to configure the current context")
+		return errors.New("Please enter one of: profile, storageClassName,rotateKeys, manifestRoot to configure the current context")
 	}
 	return nil
 }

-func (q *Qliksense) processSetGit(arg string, cr *api.QliksenseCR) error {
-	s := strings.Split(arg, "=")
-	tArg0 := strings.TrimSpace(s[0])
-	tArg1 := strings.TrimSpace(s[1])
-	subs := strings.Split(tArg0, ".")
-	if cr.Spec.Git == nil {
-		cr.Spec.Git = &config.Repo{}
+func (q *Qliksense) processSetFetchSource(arg string, cr *api.QliksenseCR) error {
+	args := strings.Split(arg, "=")
+	subs := strings.Split(args[0], ".")
+	if cr.Spec.FetchSource == nil {
+		cr.Spec.FetchSource = &config.Repo{}
 	}
 	switch subs[1] {
 	case "repository":
-		cr.Spec.Git.Repository = tArg1
+		cr.Spec.FetchSource.Repository = args[1]
 	case "accessToken":
 		qConfig := api.NewQConfig(q.QliksenseHome)
 		key, err := qConfig.GetEncryptionKeyFor(cr.GetName())
 		if err != nil {
 			return err
 		}
-		return cr.SetFetchAccessToken(tArg1, key)
+		return cr.SetFetchAccessToken(args[1], key)
 	case "secretName":
-		cr.Spec.Git.SecretName = tArg1
+		cr.Spec.FetchSource.SecretName = args[1]
 	case "userName":
-		cr.Spec.Git.UserName = tArg1
+		cr.Spec.FetchSource.UserName = args[1]
+	default:
+		return errors.New(arg + " does not match any cr spec")
+	}
+	return nil
+}
+
+func (q *Qliksense) processSetGit(arg string, cr *api.QliksenseCR) error {
+	args := strings.Split(arg, "=")
+	subs := strings.Split(args[0], ".")
+	if cr.Spec.Git == nil {
+		cr.Spec.Git = &config.Repo{}
+	}
+	switch subs[1] {
+	case "repository":
+		cr.Spec.Git.Repository = args[1]
+	case "accessToken":
+		cr.Spec.Git.AccessToken = args[1]
+	case "secretName":
+		cr.Spec.Git.SecretName = args[1]
+	case "userName":
+		cr.Spec.Git.UserName = args[1]
 	default:
 		return errors.New(arg + " does not match any cr spec")
 	}
--- a/pkg/qliksense/context_configs_test.go
+++ b/pkg/qliksense/context_configs_test.go
@@ -96,6 +96,7 @@ metadata:
  name: qlik-default
 spec:
  profile: docker-desktop
+  rotateKeys: "yes"
  releaseName: qlik-default
 `
 	qlikDefaultContext := "qlik-default"
@@ -243,7 +244,7 @@ func TestSetOtherConfigs(t *testing.T) {
 				q: &Qliksense{
 					QliksenseHome: testDir,
 				},
-				args: []string{"profile=minikube", "storageClassName=efs", "opsRunner.enabled=yes", "opsRunner.schedule=30 * * * *", "git.repository=master", "git.userName=foo", "git.accessToken=1234"},
+				args: []string{"profile=minikube", "rotateKeys=yes", "storageClassName=efs", "opsRunner.enabled=yes", "opsRunner.schedule=30 * * * *", "git.repository=master", "git.userName=foo", "git.accessToken=1234"},
 			},
 			wantErr: false,
 		},
@@ -253,7 +254,7 @@ func TestSetOtherConfigs(t *testing.T) {
 				q: &Qliksense{
 					QliksenseHome: testDir,
 				},
-				args: []string{"someconfig=somevalue, opsRunner.schedule=bar", "opsRunner.enabled=bar", "git.foo=bar"},
+				args: []string{"someconfig=somevalue, opsRunner.schedule=bar", "opsRunner.enabled=bar", "git.foo=bar", "rotateKeys=bar"},
 			},
 			wantErr: true,
 		},
@@ -743,6 +744,7 @@ metadata:
  name: qlik-default
 spec:
  profile: docker-desktop
+  rotateKeys: "yes"
  releaseName: qlik-default
  `
 	qlikDefaultContext := "qlik-default"
@@ -761,6 +763,7 @@ metadata:
  name: qlik1
 spec:
  profile: docker-desktop
+  rotateKeys: "yes"
  releaseName: qlik1`

 	contextYaml2 :=
@@ -771,6 +774,7 @@ metadata:
  name: qlik2
 spec:
  profile: docker-desktop
+  rotateKeys: "yes"
  releaseName: qlik2`

 	contextsDir := filepath.Join(testDir, contexts, "qlik1")
--- a/pkg/qliksense/context_configs_unset_test.go
+++ b/pkg/qliksense/context_configs_unset_test.go
@@ -16,7 +16,7 @@ func TestUnsetAll(t *testing.T) {
 	testPepareDir(qHome)
 	defer os.RemoveAll(qHome)
 	//fmt.Print(qHome)
-	args := []string{"qliksense", "qliksense2.acceptEula3", "serviceA.acceptEula", "opsRunner.watchBranch"}
+	args := []string{"rotateKeys", "qliksense", "qliksense2.acceptEula3", "serviceA.acceptEula", "opsRunner.watchBranch"}
 	//args := []string{"opsRunner"}
 	//args := []string{"opsRunner.watchBranch"}
 	if err := unsetAll(qHome, args); err != nil {
@@ -29,6 +29,10 @@ func TestUnsetAll(t *testing.T) {
 		t.Log("error while getting current cr", err)
 		t.FailNow()
 	}
+	if qcr.Spec.RotateKeys != "" {
+		t.Log("Expected empty rotateKeys but got: " + qcr.Spec.RotateKeys)
+		t.Fail()
+	}

 	if qcr.Spec.Configs["qliksense"] != nil {
 		t.Log("qliksense in configs not deleted")
@@ -78,6 +82,7 @@ metadata:
  name: qlik-default
 spec:
  profile: docker-desktop
+  rotateKeys: "yes"
  opsRunner:
    enabled: "yes"
    watchBranch: something
--- a/pkg/qliksense/crds.go
+++ b/pkg/qliksense/crds.go
@@ -93,15 +93,11 @@ func getQliksenseInitCrds(qcr *qapi.QliksenseCR) (string, error) {
 		}
 	}

-	qInitMsPath := filepath.Join(repoPath, "manifests", qcr.Spec.Profile, "crds")
+	qInitMsPath := filepath.Join(repoPath, Q_INIT_CRD_PATH)
 	if _, err := os.Lstat(qInitMsPath); err != nil {
-		qInitMsPath = filepath.Join(repoPath, Q_INIT_CRD_PATH)
-		if _, err := os.Lstat(qInitMsPath); err != nil {
-			// older version of qliksense-init used
-			qInitMsPath = filepath.Join(repoPath, "manifests/base/manifests/qliksense-init")
-		}
+		// older version of qliksense-init used
+		qInitMsPath = filepath.Join(repoPath, "manifests/base/manifests/qliksense-init")
 	}
-
 	qInitByte, err := ExecuteKustomizeBuild(qInitMsPath)
 	if err != nil {
 		fmt.Println("cannot generate crds for qliksense-init", err)
--- a/pkg/qliksense/docker_test.go
+++ b/pkg/qliksense/docker_test.go
@@ -268,6 +268,7 @@ spec:
    - name: imageRegistry
      value: %s
  manifestsRoot: %s
+  rotateKeys: "yes"
  releaseName: qlik-default
 `, version, registry.url, manifestsRootDir)
 	setupQliksenseTestDefaultContext(t, tmpQlikSenseHome, cr)
--- a/pkg/qliksense/fetch.go
+++ b/pkg/qliksense/fetch.go
@@ -94,6 +94,7 @@ func fetchAndUpdateCR(qConfig *qapi.QliksenseConfig, version string) error {
 	if err != nil {
 		return err
 	}
+
 	destDir := qConfig.BuildRepoPath(version)
 	fmt.Printf("fetching version [%s] from %s\n", version, qcr.GetFetchUrl())
 	if err := qapi.CopyDirectory(tempDest, destDir); err != nil {
--- a/pkg/qliksense/get_installable_versions.go
+++ b/pkg/qliksense/get_installable_versions.go
@@ -5,8 +5,6 @@ import (
 	"fmt"

 	"github.com/Masterminds/semver/v3"
-	"github.com/go-git/go-git/v5/plumbing/transport"
-	"github.com/go-git/go-git/v5/plumbing/transport/http"
 	"github.com/qlik-oss/k-apis/pkg/git"
 	qapi "github.com/qlik-oss/sense-installer/pkg/api"
 )
@@ -24,20 +22,8 @@ func (q *Qliksense) GetInstallableVersions(opts *LsRemoteCmdOptions) error {
 	}

 	var repoPath string
-	var auth transport.AuthMethod
 	if qcr.Spec.GetManifestsRoot() != "" {
 		repoPath = qcr.Spec.GetManifestsRoot()
-		encKey, err := qConfig.GetEncryptionKeyFor(qcr.GetName())
-		if err != nil {
-			return err
-		}
-		accessToken := qcr.GetFetchAccessToken(encKey)
-		if accessToken != "" {
-			auth = &http.BasicAuth{
-				Username: "something",
-				Password: accessToken,
-			}
-		}
 	} else {
 		repoPath, err = DownloadFromGitRepoToTmpDir(defaultConfigRepoGitUrl, "master")
 		if err != nil {
@@ -50,7 +36,7 @@ func (q *Qliksense) GetInstallableVersions(opts *LsRemoteCmdOptions) error {
 		return err
 	}

-	remoteRefsList, err := git.GetRemoteRefs(r, auth,
+	remoteRefsList, err := git.GetRemoteRefs(r, nil,
 		&git.RemoteRefConstraints{
 			Include:   true,
 			Sort:      true,
@@ -110,18 +96,13 @@ func getLatestTag(repoUrl, accessToken string) (string, error) {
 	if err != nil {
 		return "", err
 	}
+
 	r, err := git.OpenRepository(repoPath)
 	if err != nil {
 		return "", err
 	}
-	var auth transport.AuthMethod
-	if accessToken != "" {
-		auth = &http.BasicAuth{
-			Username: "something",
-			Password: accessToken,
-		}
-	}
-	remoteRefsList, err := git.GetRemoteRefs(r, auth,
+
+	remoteRefsList, err := git.GetRemoteRefs(r, nil,
 		&git.RemoteRefConstraints{
 			Include:   true,
 			Sort:      true,
--- a/pkg/qliksense/install.go
+++ b/pkg/qliksense/install.go
@@ -7,9 +7,7 @@ import (
 	"os"
 	"path"
 	"path/filepath"
-	"strconv"
 	"strings"
-	"time"

 	"github.com/mattn/go-tty"

@@ -24,12 +22,12 @@ import (
 type InstallCommandOptions struct {
 	StorageClass    string
 	MongodbUri      string
+	RotateKeys      string
 	AcceptEULA      string
 	DryRun          bool
 	Pull            bool
 	Push            bool
 	CleanPatchFiles bool
-	RotateKeys      bool
 }

 const (
@@ -47,14 +45,6 @@ func (q *Qliksense) InstallQK8s(version string, opts *InstallCommandOptions) err
 		return err
 	}

-	if !qcr.IsRepoExist() {
-		if err := fetchAndUpdateCR(qConfig, version); err != nil {
-			return err
-		} else if qcr, err = qConfig.GetCurrentCR(); err != nil {
-			return err
-		}
-	}
-
 	if opts.AcceptEULA != "" && opts.AcceptEULA != "yes" {
 		enforceEula()
 	} else if opts.AcceptEULA == "" && !qcr.IsEULA() {
@@ -68,9 +58,8 @@ func (q *Qliksense) InstallQK8s(version string, opts *InstallCommandOptions) err
 	if opts.StorageClass != "" {
 		qcr.Spec.StorageClassName = opts.StorageClass
 	}
-
-	if err := qConfig.WriteCurrentContextCR(qcr); err != nil {
-		return err
+	if opts.RotateKeys != "" {
+		qcr.Spec.RotateKeys = opts.RotateKeys
 	}

 	if opts.CleanPatchFiles {
@@ -82,11 +71,13 @@ func (q *Qliksense) InstallQK8s(version string, opts *InstallCommandOptions) err
 	// for debugging purpose
 	if opts.DryRun {
 		// generate patches
+		qcr.Spec.RotateKeys = "None"
 		userHomeDir, _ := homedir.Dir()
 		fmt.Println("Generating patches only")
-		cr.GeneratePatches(&qcr.KApiCr, config.KeysActionDoNothing, path.Join(userHomeDir, ".kube", "config"))
+		cr.GeneratePatches(&qcr.KApiCr, path.Join(userHomeDir, ".kube", "config"))
 		return nil
 	}
+	qConfig.WriteCurrentContextCR(qcr)

 	if installed, err := q.CheckAllCrdsInstalled(); err != nil {
 		fmt.Println("error verifying whether CRDs are installed", err)
@@ -132,18 +123,6 @@ func (q *Qliksense) InstallQK8s(version string, opts *InstallCommandOptions) err
 		return err
 	}

-	if opts.RotateKeys {
-		fmt.Println("Deleting stored application keys")
-		if err := q.DeleteKeysClusterBackup(); err != nil {
-			return err
-		} else {
-			qcr.AddLabelToCr("keys-rotated", strconv.FormatInt(time.Now().Unix(), 10))
-			if err := qConfig.WriteCurrentContextCR(qcr); err != nil {
-				return err
-			}
-		}
-	}
-
 	if qcr.Spec.OpsRunner != nil {
 		// fetching and applying manifest will be in the operator controller
 		// get decrypted cr
@@ -153,19 +132,49 @@ func (q *Qliksense) InstallQK8s(version string, opts *InstallCommandOptions) err
 			return q.applyCR(dcr)
 		}
 	}
+	if !qcr.IsRepoExist() {
+		if err := fetchAndUpdateCR(qConfig, version); err != nil {
+			return err
+		}
+	}
+
+	if qcr.Spec.GetManifestsRoot() == "" {
+		return errors.New("cannot get the manifest root. Use qliksense fetch <version> or qliksense set manifestsRoot")
+	}

 	// install generated manifests into cluster
 	fmt.Println("Installing generated manifests into the cluster")
+
 	if dcr, err := qConfig.GetDecryptedCr(qcr); err != nil {
 		return err
-	} else if err := q.applyConfigToK8s(dcr); err != nil {
-		fmt.Println("cannot do kubectl apply on manifests")
-		return err
 	} else {
-		return q.applyCR(dcr)
+		if IsQliksenseInstalled(dcr.GetName()) {
+			return q.UpgradeQK8s(opts.CleanPatchFiles)
+		}
+		if err := q.applyConfigToK8s(dcr); err != nil {
+			fmt.Println("cannot do kubectl apply on manifests")
+			return err
+		} else {
+			return q.applyCR(dcr)
+		}
 	}
 }

+func IsQliksenseInstalled(crName string) bool {
+	args := []string{
+		"get",
+		"qliksense",
+		crName,
+		"-ogo-template",
+		`--template='{{ .metadata.name}}'`,
+	}
+	_, err := qapi.KubectlDirectOps(args, "")
+	if err != nil {
+		return false
+	}
+	return true
+}
+
 func (q *Qliksense) getProcessedOperatorControllerString(qcr *qapi.QliksenseCR) (string, error) {
 	operatorControllerString := q.GetOperatorControllerString()
 	if imageRegistry := qcr.Spec.GetImageRegistry(); imageRegistry != "" {
--- a/pkg/qliksense/install_test.go
+++ b/pkg/qliksense/install_test.go
@@ -8,12 +8,13 @@ import (
 	"strings"
 	"testing"

-	"github.com/gobuffalo/packr/v2"
-	qapi "github.com/qlik-oss/sense-installer/pkg/api"
 	"sigs.k8s.io/kustomize/api/k8sdeps/kunstruct"
 	"sigs.k8s.io/kustomize/api/resid"
 	"sigs.k8s.io/kustomize/api/resmap"
 	"sigs.k8s.io/kustomize/api/resource"
+
+	"github.com/gobuffalo/packr/v2"
+	qapi "github.com/qlik-oss/sense-installer/pkg/api"
 )

 func TestCreateK8sResourceBeforePatch(t *testing.T) {
@@ -43,7 +44,8 @@ spec:
    qliksense:
    - name: mongodbUri
      value: mongodb://qlik-default-mongodb:27017/qliksense?ssl=false
-  profile: docker-desktop`
+  profile: docker-desktop
+  rotateKeys: "yes"`

 	q := New(testDir)
 	if err := q.LoadCr([]byte(sampleCr), false); err != nil {
--- a/pkg/qliksense/keys.go
+++ b/pkg/qliksense/keys.go
@@ -1,21 +0,0 @@
-package qliksense
-
-import (
-	"path"
-
-	"github.com/mitchellh/go-homedir"
-	"github.com/qlik-oss/k-apis/pkg/cr"
-	qapi "github.com/qlik-oss/sense-installer/pkg/api"
-)
-
-func (q *Qliksense) DeleteKeysClusterBackup() error {
-	qConfig := qapi.NewQConfig(q.QliksenseHome)
-	if qcr, err := qConfig.GetCurrentCR(); err != nil {
-		return err
-	} else if userHomeDir, err := homedir.Dir(); err != nil {
-		return err
-	} else if err := cr.DeleteKeysClusterBackup(&qcr.KApiCr, path.Join(userHomeDir, ".kube", "config")); err != nil {
-		return err
-	}
-	return nil
-}
--- a/pkg/qliksense/kuz_test.go
+++ b/pkg/qliksense/kuz_test.go
@@ -276,11 +276,9 @@ func Test_executeKustomizeBuild_onQlikConfig_regenerateKeys(t *testing.T) {
 	configPath := filepath.Join(tmpDir, "config")
 	if repo, err := kapis_git.CloneRepository(configPath, defaultConfigRepoGitUrl, nil); err != nil {
 		t.Fatalf("unexpected error: %v\n", err)
-	} else if err := kapis_git.Checkout(repo, "e38df644e759abf0b5941c1511d1a2cd5e3c42fa", "commit-e38df644e759abf0b5941c1511d1a2cd5e3c42fa", nil); err != nil {
+	} else if err := kapis_git.Checkout(repo, "e38df644e759abf0b5941c1511d1a2cd5e3c42fa", "", nil); err != nil {
 		t.Fatalf("unexpected error: %v\n", err)
 	}
-	//tmpDir := "/var/folders/mf/5hs1qkq508q_scjbhxhmf9qwjrp346/T/679268230"
-	//configPath := "/var/folders/mf/5hs1qkq508q_scjbhxhmf9qwjrp346/T/679268230/config"

 	cr := &config.CRSpec{
 		ManifestsRoot: configPath,
@@ -312,8 +310,8 @@ func Test_executeKustomizeBuild_onQlikConfig_regenerateKeys(t *testing.T) {
 			}
 			break
 		}
-		if resource["kind"].(string) == "Secret" && strings.Contains(resource["metadata"].(map[interface{}]interface{})["name"].(string), "users-secrets-") {
-			keyIdBase64 = resource["data"].(map[interface{}]interface{})["tokenAuthPrivateKeyId"].(string)
+		if resource["kind"].(string) == "Secret" && strings.Contains(resource["metadata"].(map[interface {}]interface {})["name"].(string), "users-secrets-") {
+			keyIdBase64 = resource["data"].(map[interface {}]interface {})["tokenAuthPrivateKeyId"].(string)
 			break
 		}
 	}
--- a/pkg/qliksense/load_cr.go
+++ b/pkg/qliksense/load_cr.go
@@ -55,8 +55,8 @@ func (q *Qliksense) loadCrStringIntoFileSystem(crstr string, overwriteExistingCo
 			}
 		}
 	}
-	if cr.Spec.Git != nil && cr.Spec.Git.AccessToken != "" {
-		if err := cr.SetFetchAccessToken(cr.Spec.Git.AccessToken, encryptionKey); err != nil {
+	if cr.Spec.FetchSource != nil && cr.Spec.FetchSource.AccessToken != "" {
+		if err := cr.SetFetchAccessToken(cr.Spec.FetchSource.AccessToken, encryptionKey); err != nil {
 			return "", err
 		}
 	}
--- a/pkg/qliksense/load_cr_test.go
+++ b/pkg/qliksense/load_cr_test.go
@@ -34,7 +34,8 @@ spec:
    qliksense:
    - name: mongodbUri
      value: mongodb://qlik-default-mongodb:27017/qliksense?ssl=false
-  profile: docker-desktop`
+  profile: docker-desktop
+  rotateKeys: "yes"`
 	sampleCr2 := `
 apiVersion: qlik.com/v1
 kind: Qliksense
@@ -60,7 +61,8 @@ spec:
    qliksense:
    - name: mongodbUri
      value: mongodb://qlik-default-mongodb:27017/qliksense?ssl=false
-  profile: docker-desktop`
+  profile: docker-desktop
+  rotateKeys: "yes"`

 	duplicateCr := `
 apiVersion: qlik.com/v1
--- a/pkg/qliksense/upgrade.go
+++ b/pkg/qliksense/upgrade.go
@@ -25,6 +25,7 @@ func (q *Qliksense) UpgradeQK8s(cleanPatchFiles bool) error {
 		fmt.Println("cannot get the current-context cr", err)
 		return err
 	}
+	qcr.Spec.RotateKeys = "no"

 	dcr, err := qConfig.GetDecryptedCr(qcr)
 	if err != nil {
Author	SHA1	Message	Date
Ashwathi Shiva	33ab6c632b	Merge branch 'master' into autorun_postflight_checks	2020-06-18 09:06:00 -04:00
Ashwathi Shiva	d3f33507d0	updated docs, added a postflight all command at this point	2020-06-17 00:52:31 -04:00
Ashwathi Shiva	a619970385	postflight checks triggerred on qliksense install	2020-06-17 00:09:26 -04:00