[action] Bump setup-go ver; omit dirs in zip

* preflight mongo mutual tls working when cert is specified in CR

.github/workflows/build.yml

@@ -16,7 +16,7 @@ jobs:
 
     steps:
     - name: Set up Go ${{ matrix.go }}
-      uses: actions/setup-go@v2-beta
+      uses: actions/setup-go@v2
       with:
         go-version: ${{ matrix.go }}
 
@@ -35,7 +35,7 @@ jobs:
 
     steps:
     - name: Set up Go 1.13
-      uses: actions/setup-go@v2-beta
+      uses: actions/setup-go@v2
       with:
         go-version: 1.13
 

.github/workflows/release.yml

@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Set up Go 1.13
-      uses: actions/setup-go@v2-beta
+      uses: actions/setup-go@v2
       with:
         go-version: 1.13
 

Makefile

@@ -78,7 +78,7 @@ $(BINDIR)/$(VERSION)/$(MIXIN)-$(CLIENT_PLATFORM)-$(CLIENT_ARCH)$(FILE_EXT):
 	GOOS=$(CLIENT_PLATFORM) GOARCH=$(CLIENT_ARCH) $(XBUILD) -o $@ ./cmd/$(MIXIN)
 
 ifeq ($(CLIENT_PLATFORM),windows)
-	zip $(BINDIR)/$(VERSION)/$(MIXIN)-$(CLIENT_PLATFORM)-$(CLIENT_ARCH).zip $(BINDIR)/$(VERSION)/$(MIXIN)-$(CLIENT_PLATFORM)-$(CLIENT_ARCH)$(FILE_EXT)
+	zip -j $(BINDIR)/$(VERSION)/$(MIXIN)-$(CLIENT_PLATFORM)-$(CLIENT_ARCH).zip $(BINDIR)/$(VERSION)/$(MIXIN)-$(CLIENT_PLATFORM)-$(CLIENT_ARCH)$(FILE_EXT)
 else
 	tar -czvf $(BINDIR)/$(VERSION)/$(MIXIN)-$(CLIENT_PLATFORM)-$(CLIENT_ARCH).tar.gz -C $(BINDIR)/$(VERSION)/ $(MIXIN)-$(CLIENT_PLATFORM)-$(CLIENT_ARCH)$(FILE_EXT)
 endif

cmd/qliksense/preflight.go

@@ -12,12 +12,17 @@ import (
 )
 
 func preflightCmd(q *qliksense.Qliksense) *cobra.Command {
+	preflightOpts := &preflight.PreflightOptions{
+		MongoOptions: &preflight.MongoOptions{},
+	}
 	var preflightCmd = &cobra.Command{
 		Use:     "preflight",
 		Short:   "perform preflight checks on the cluster",
 		Long:    `perform preflight checks on the cluster`,
 		Example: `qliksense preflight <preflight_check_to_run>`,
 	}
+	f := preflightCmd.Flags()
+	f.BoolVarP(&preflightOpts.Verbose, "verbose", "v", false, "verbose mode")
 	return preflightCmd
 }
 

cmd/qliksense/root.go

@@ -8,6 +8,7 @@ import (
 	"path/filepath"
 	"strings"
 
+	. "github.com/logrusorgru/aurora"
 	ansi "github.com/mattn/go-colorable"
 	"github.com/mitchellh/go-homedir"
 	"github.com/qlik-oss/sense-installer/pkg"
@@ -15,7 +16,6 @@ import (
 	"github.com/qlik-oss/sense-installer/pkg/qliksense"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
-	. "github.com/logrusorgru/aurora"
 )
 
 // To run this project in debug mode, run:
@@ -46,7 +46,7 @@ func initAndExecute() error {
 		log.Fatal(err)
 	}
 	// create dirs and appropriate files for setting up contexts
-	api.LogDebugMessage("QliksenseHomeDir: %s", qlikSenseHome)
+	api.LogDebugMessage("QliksenseHomeDir: %s\n", qlikSenseHome)
 
 	qliksenseClient := qliksense.New(qlikSenseHome)
 	cmd := rootCmd(qliksenseClient)
@@ -195,7 +195,6 @@ func rootCmd(p *qliksense.Qliksense) *cobra.Command {
 
 	// add clean-config-repo-patches command as a sub-command to the app config sub-command
 	configCmd.AddCommand(cleanConfigRepoPatchesCmd(p))
-	
 
 	// open editor for config
 	configCmd.AddCommand(configEditCmd(p))

docs/command_reference.md

@@ -23,6 +23,12 @@ Run the following command to execute a specific check
 qliksense preflight dns
 ```
 
+#### Running cleanup
+Run the following command to cleanup entities created for preflight checks that were left behind on the cluster.
+```
+qliksense preflight clean
+```
+
 ### qliksense load
 
 `qliksense load` command takes input from a file or from pipe

docs/preflight_checks.md

@@ -22,13 +22,14 @@ Available Commands:
 
 Flags:
   -h, --help   help for preflight
+  -v, --verbose   verbose mode
 ```
 
 ### DNS check
 Run the following command to perform preflight DNS check. We setup a kubernetes deployment and try to reach it as part of establishing DNS connectivity in this check. 
 The expected output should be similar to the one shown below.
 ```shell
-$ qliksense preflight dns
+$ qliksense preflight dns -v
 
 Preflight DNS check
 ---------------------
@@ -51,7 +52,7 @@ Deleted deployment: dep-dns-preflight-check
 We check the version of the target kubernetes cluster and ensure that it falls in the valid range of kubernetes versions that are supported by qliksense. 
 The command to run this check and the expected similar output are as shown below:
 ```shell
-$ qliksense preflight k8s-version
+$ qliksense preflight k8s-version -v
 
 Preflight kubernetes minimum version check
 ------------------------------------------
@@ -66,7 +67,7 @@ Completed Preflight kubernetes minimum version check
 ### Service check
 We use the commmand below to test if we are able to create a service in the cluster.
 ```shell
-$ qliksense preflight service
+$ qliksense preflight service -v
 
 Preflight service check
 -----------------------
@@ -82,7 +83,7 @@ Completed preflight service check
 ### Deployment check
 We use the commmand below to test if we are able to create a deployment in the cluster. After the test exexutes, we wait until the created deployment terminates before we exit the command. 
 ```shell
-$ qliksense preflight deployment
+$ qliksense preflight deployment -v
 
 Preflight deployment check
 -----------------------
@@ -97,7 +98,7 @@ Completed preflight deployment check
 ### Pod check
 We use the commmand below to test if we are able to create a pod in the cluster.
 ```shell
-$ qliksense preflight pod
+$ qliksense preflight pod -v
 
 Preflight pod check
 --------------------
@@ -110,61 +111,61 @@ Deleted pod: pod-pf-check
 Completed preflight pod check
 ```
 
-### Create-Role check
+### Role check
 We use the command below to test if we are able to create a role in the cluster
 ```shell
-$ qliksense preflight create-role
-Preflight create-role check
+$ qliksense preflight role -v
+Preflight role check
 ---------------------------
-Preflight create-role check: 
+Preflight role check: 
 Created role: role-preflight-check
-Preflight create-role check: PASSED
+Preflight role check: PASSED
 Cleaning up resources...
 Deleted role: role-preflight-check
 
-Completed preflight create-role check
+Completed preflight role check
 ```
 
-### Create-RoleBinding check
+### RoleBinding check
 We use the command below to test if we are able to create a role binding in the cluster
 ```shell
-$ qliksense preflight createRoleBinding
+$ qliksense preflight rolebinding -v
 
-Preflight create roleBinding check
+Preflight rolebinding check
 ---------------------------
-Preflight createRoleBinding check: 
+Preflight rolebinding check: 
 Created RoleBinding: role-binding-preflight-check
-Preflight createRoleBinding check: PASSED
+Preflight rolebinding check: PASSED
 Cleaning up resources...
 Deleting RoleBinding: role-binding-preflight-check
 Deleted RoleBinding: role-binding-preflight-check
 
-Completed preflight createRoleBinding check
+Completed preflight rolebinding check
 ```
 
 ### Create-ServiceAccount check
 We use the command below to test if we are able to create a service account in the cluster
 ```shell
-$ qliksense preflight createServiceAccount
+$ qliksense preflight serviceaccount -v
 
-Preflight create ServiceAccount check
+Preflight ServiceAccount check
 -------------------------------------
-Preflight createServiceAccount check: 
+Preflight serviceaccount check: 
 Created Service Account: preflight-check-test-serviceaccount
-Preflight createServiceAccount check: PASSED
+Preflight serviceaccount check: PASSED
 Cleaning up resources...
 Deleting ServiceAccount: preflight-check-test-serviceaccount
 Deleted ServiceAccount: preflight-check-test-serviceaccount
 
-Completed preflight createServiceAccount check
+Completed preflight serviceaccount check
 ```
 
-### CreateRB check
+### Auth check
 We use the command below to combine creation of role, role binding, and service account tests
 ```shell
-$ qliksense preflight createRB
+$ qliksense preflight authcheck -v
 
-Preflight createRB check
+Preflight auth check
 -------------------------------------
 Preflight create-role check: 
 Created role: role-preflight-check
@@ -189,16 +190,16 @@ Cleaning up resources...
 Deleted ServiceAccount: preflight-check-test-serviceaccount
 
 Completed preflight createServiceAccount check
-Completed preflight CreateRB check
+Completed preflight auth check
 ```
 
 ### Mongodb check
 We can check if we are able to connect to an instance of mongodb on the cluster by either supplying the mongodbUri as part of the command or infer it from the current context.
 
 ```shell
-qliksense preflight mongo --url=<url> OR
-qliksense preflight mongo
-qliksense preflight mongo --url=<mongo-server url> --ca-cert=<path to ca-cert file>
+qliksense preflight mongo --url=<url> -v OR
+qliksense preflight mongo -v
+qliksense preflight mongo --url=<mongo-server url> --ca-cert=<path to ca-cert file> -v
 
 
 Preflight mongo check
@@ -221,8 +222,8 @@ Completed preflight mongodb check
 ### Running all checks
 Run the command shown below to execute all preflight checks.
 ```shell
-$ qliksense preflight all --mongodb-url=<url> OR
-$ qliksense preflight all --mongodb-url=<mongo-server url> --mongodb-ca-cert=<path to ca-cert file> 
+$ qliksense preflight all --mongodb-url=<url> -v OR
+$ qliksense preflight all --mongodb-url=<mongo-server url> --mongodb-ca-cert=<path to ca-cert file> -v
 
 Running all preflight checks
 
@@ -253,4 +254,23 @@ Completed Preflight kubernetes minimum version check
 All preflight checks have PASSED
 Completed running all preflight checks
 
-```
+```
+
+### Clean
+Run the command below to cleanup entities that were created for the purpose of running preflight checks and left behind in the cluster.
+```shell
+$ qliksense preflight clean -v
+
+Preflight clean
+----------------
+Removing deployment...
+Removing service...
+Removing pod...
+Removing role...
+Removing rolebinding...
+Removing serviceaccount...
+Removing DNS check components...
+Removing mongo check components...
+Preflight cleanup complete
+
+```

go.mod

@@ -16,7 +16,7 @@ replace (
 require (
 	cloud.google.com/go v0.52.0 // indirect
 	cloud.google.com/go/storage v1.5.0 // indirect
-	github.com/Masterminds/semver/v3 v3.0.3
+	github.com/Masterminds/semver/v3 v3.1.0
 	github.com/Shopify/ejson v1.2.1
 	github.com/aws/aws-sdk-go v1.28.9 // indirect
 	github.com/bugsnag/bugsnag-go v1.5.3 // indirect
@@ -40,7 +40,7 @@ require (
 	github.com/mitchellh/go-homedir v1.1.0
 	github.com/otiai10/copy v1.1.1
 	github.com/pkg/errors v0.9.1
-	github.com/qlik-oss/k-apis v0.1.1
+	github.com/qlik-oss/k-apis v0.1.2
 	github.com/robfig/cron/v3 v3.0.1
 	github.com/rogpeppe/go-internal v1.5.2 // indirect
 	github.com/spf13/cobra v0.0.6
@@ -51,7 +51,6 @@ require (
 	golang.org/x/tools v0.0.0-20200312194400-c312e98713c2 // indirect
 	google.golang.org/genproto v0.0.0-20200128133413-58ce757ed39b // indirect
 	gopkg.in/yaml.v2 v2.2.8
-	gopkg.in/yaml.v3 v3.0.0-20190924164351-c8b7dadae555
 	k8s.io/api v0.17.2
 	k8s.io/apimachinery v0.17.2
 	k8s.io/client-go v11.0.0+incompatible

go.sum

@@ -72,6 +72,8 @@ github.com/Masterminds/goutils v1.1.0 h1:zukEsf/1JZwCMgHiK3GZftabmxiCw4apj3a28RP
 github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
 github.com/Masterminds/semver/v3 v3.0.3 h1:znjIyLfpXEDQjOIEWh+ehwpTU14UzUPub3c3sm36u14=
 github.com/Masterminds/semver/v3 v3.0.3/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
+github.com/Masterminds/semver/v3 v3.1.0 h1:Y2lUDsFKVRSYGojLJ1yLxSXdMmMYTYls0rCvoqmMUQk=
+github.com/Masterminds/semver/v3 v3.1.0/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
 github.com/Masterminds/sprig/v3 v3.0.2 h1:wz22D0CiSctrliXiI9ZO3HoNApweeRGftyDN+BQa3B8=
 github.com/Masterminds/sprig/v3 v3.0.2/go.mod h1:oesJ8kPONMONaZgtiHNzUShJbksypC5kWczhZAf6+aU=
 github.com/Masterminds/vcs v1.13.1/go.mod h1:N09YCmOQr6RLxC6UNHzuVwAdodYbbnycGHSmwVJjcKA=
@@ -883,6 +885,8 @@ github.com/prometheus/procfs v0.0.5/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDa
 github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
 github.com/qlik-oss/k-apis v0.1.1 h1:aZ4eTMB3mSn03Kuj7+RI0eFLkjK9+0qxADBioRb3qVA=
 github.com/qlik-oss/k-apis v0.1.1/go.mod h1:yoYGgPJ/H0t9H3NSq64dWfyQY6QWi2L9c+hCJoVO03U=
+github.com/qlik-oss/k-apis v0.1.2 h1:BBcrXl+NxdsvuRsZuJbvIFxMv5QIXqWBzhXOcr5KUX8=
+github.com/qlik-oss/k-apis v0.1.2/go.mod h1:yoYGgPJ/H0t9H3NSq64dWfyQY6QWi2L9c+hCJoVO03U=
 github.com/qlik-oss/kustomize/api v0.3.3-0.20200424070349-b0312eb71568 h1:wHOUCGfnmgYqW3aCjuP3fXmB2T/uZXMvltO+F3us83E=
 github.com/qlik-oss/kustomize/api v0.3.3-0.20200424070349-b0312eb71568/go.mod h1:Yg8bqX8Mq/eSgXfcenxCxhZuSXg+NCsKq6NBdch/oUc=
 github.com/quasilyte/go-consistent v0.0.0-20190521200055-c6f3937de18c/go.mod h1:5STLWrekHfjyYwxBRVRXNOSewLJ3PWfDJd1VyTS21fI=

pkg/api/apis.go

@@ -157,6 +157,8 @@ func (cr *QliksenseCR) GetFetchAccessToken(encryptionKey string) string {
 	if tok, err := cr.Spec.FetchSource.GetAccessToken(); err != nil {
 		fmt.Println(err)
 		return ""
+	} else if tok == "" {
+		return tok
 	} else {
 		by, _ := b64.StdEncoding.DecodeString(tok)
 		res, err := DecryptData(by, encryptionKey)

pkg/api/context_apis.go

@@ -96,7 +96,7 @@ func WriteToFile(content interface{}, targetFile string) error {
 		log.Println(err)
 		return err
 	}
-	LogDebugMessage("Wrote content into %s", targetFile)
+	LogDebugMessage("Wrote content into %s\n", targetFile)
 	return nil
 }
 

pkg/api/docker_registry_secret_test.go

@@ -7,7 +7,7 @@ import (
 	"reflect"
 	"testing"
 
-	"gopkg.in/yaml.v3"
+	"gopkg.in/yaml.v2"
 )
 
 func TestDockerConfigJsonSecret(t *testing.T) {
@@ -34,10 +34,10 @@ func TestDockerConfigJsonSecret(t *testing.T) {
 		t.Fatalf("error unmarshalling yaml string: %v, error: %v", string(dockerConfigJsonSecretYamlBytes), err)
 	} else if validYamlMap["apiVersion"] != "v1" ||
 		validYamlMap["kind"] != "Secret" ||
-		validYamlMap["metadata"].(map[string]interface{})["name"] != dockerConfigJsonSecret.Name ||
+		validYamlMap["metadata"].(map[interface {}]interface {})["name"] != dockerConfigJsonSecret.Name ||
 		validYamlMap["type"] != "kubernetes.io/dockerconfigjson" {
 		t.Fatalf("error verifying validity of secret yaml: %v", string(dockerConfigJsonSecretYamlBytes))
-	} else if dockerConfigJsonBytesBase64, ok := validYamlMap["data"].(map[string]interface{})[".dockerconfigjson"]; !ok {
+	} else if dockerConfigJsonBytesBase64, ok := validYamlMap["data"].(map[interface {}]interface {})[".dockerconfigjson"]; !ok {
 		t.Fatalf("no .dockerconfigjson data key in the secret yaml: %v", string(dockerConfigJsonSecretYamlBytes))
 	} else if dockerConfigJsonEncryptedBytes, err := base64.StdEncoding.DecodeString(dockerConfigJsonBytesBase64.(string)); err != nil {
 		t.Fatalf("error decoding dockerConfigJsonBytes from base64: %v", err)
@@ -45,14 +45,14 @@ func TestDockerConfigJsonSecret(t *testing.T) {
 		t.Fatalf("error decrypting dockerConfigJsonBytes: %v", err)
 	} else if err := json.Unmarshal(dockerConfigJsonBytes, &dockerConfigJsonMap); err != nil {
 		t.Fatalf("error unmarshalling dockerConfigJson from json: %v", err)
-	} else if dockerConfigJson, ok := dockerConfigJsonMap["auths"].(map[string]interface{})[dockerConfigJsonSecret.Uri]; !ok {
+	} else if dockerConfigJson, ok := dockerConfigJsonMap["auths"].(map[string]interface {})[dockerConfigJsonSecret.Uri]; !ok {
 		t.Fatalf("dockerConfigJson map does not contain data for the registry: %v", dockerConfigJsonSecret.Uri)
-	} else if dockerConfigJson.(map[string]interface{})["username"] != dockerConfigJsonSecret.Username ||
-		dockerConfigJson.(map[string]interface{})["password"] != dockerConfigJsonSecret.Password ||
-		dockerConfigJson.(map[string]interface{})["email"] != dockerConfigJsonSecret.Email {
+	} else if dockerConfigJson.(map[string]interface {})["username"] != dockerConfigJsonSecret.Username ||
+		dockerConfigJson.(map[string]interface {})["password"] != dockerConfigJsonSecret.Password ||
+		dockerConfigJson.(map[string]interface {})["email"] != dockerConfigJsonSecret.Email {
 		t.Fatal("dockerConfigJson map does not contain expected values")
 	} else {
-		authBase64 := dockerConfigJson.(map[string]interface{})["auth"]
+		authBase64 := dockerConfigJson.(map[string]interface {})["auth"]
 		if auth, err := base64.StdEncoding.DecodeString(authBase64.(string)); err != nil {
 			t.Fatal("error base64 decoding auth value")
 		} else if string(auth) != fmt.Sprintf("%s:%s", dockerConfigJsonSecret.Username, dockerConfigJsonSecret.Password) {

pkg/api/preflight_apis.go

@@ -17,8 +17,9 @@ type PreflightConfig struct {
 }
 
 type PreflightSpec struct {
-	MinK8sVersion string            `json:"minK8sVersion,omitempty" yaml:"minK8sVersion,omitempty"`
-	Images        map[string]string `json:"images,omitempty" yaml:"images,omitempty"`
+	MinK8sVersion   string            `json:"minK8sVersion,omitempty" yaml:"minK8sVersion,omitempty"`
+	MinMongoVersion string            `json:"minMongoVersion,omitempty" yaml:"minMongoVersion,omitempty"`
+	Images          map[string]string `json:"images,omitempty" yaml:"images,omitempty"`
 }
 
 //NewPreflightConfigEmpty create empty PreflightConfig object
@@ -74,6 +75,13 @@ func (p *PreflightConfig) AddMinK8sV(version string) {
 	p.Spec.MinK8sVersion = version
 }
 
+func (p *PreflightConfig) AddMinMongoV(version string) {
+	if p.Spec == nil {
+		p.Spec = &PreflightSpec{}
+	}
+	p.Spec.MinMongoVersion = version
+}
+
 func (p *PreflightConfig) AddImage(imageFor, imageName string) {
 	if p.Spec.Images == nil {
 		p.Spec.Images = make(map[string]string)
@@ -101,6 +109,11 @@ func (p *PreflightConfig) GetImageName(imageFor string, accountForImageRegistry
 func (p *PreflightConfig) GetMinK8sVersion() string {
 	return p.Spec.MinK8sVersion
 }
+
+func (p *PreflightConfig) GetMinMongoVersion() string {
+	return p.Spec.MinMongoVersion
+}
+
 func (p *PreflightConfig) IsExistOnDisk() bool {
 	if _, err := os.Lstat(p.GetConfigFilePath()); err != nil {
 		return false
@@ -117,6 +130,7 @@ func (p *PreflightConfig) Initialize() error {
 		return nil
 	}
 	p.AddMinK8sV("1.15")
+	p.AddMinMongoV("3.6")
 	p.AddImage("nginx", "nginx")
 	p.AddImage("netcat", "subfuzion/netcat")
 	p.AddImage("mongo", "mongo")

pkg/api/utils.go

@@ -23,7 +23,7 @@ func checkExists(filename string) os.FileInfo {
 	if os.IsNotExist(err) {
 		return nil
 	}
-	LogDebugMessage("File exists")
+	LogDebugMessage("File exists\n")
 	return info
 }
 
@@ -73,7 +73,7 @@ func ProcessConfigArgs(args []string, base64Encoded bool) ([]*ServiceKeyValue, e
 	resultSvcKV := make([]*ServiceKeyValue, len(args))
 	// qliksense.mongodb=somethig
 	for i, arg := range args {
-		LogDebugMessage("Arg received: %s", arg)
+		LogDebugMessage("Arg received: %s\n", arg)
 		first := strings.SplitN(arg, "=", 2)
 		if len(first) != 2 {
 			return nil, notValidErr

pkg/preflight/mongo_check.go

@@ -3,8 +3,12 @@ package preflight
 import (
 	"fmt"
 	"io/ioutil"
+	"os"
+	"path/filepath"
 	"strings"
 
+	"github.com/Masterminds/semver/v3"
+	"github.com/pkg/errors"
 	"github.com/qlik-oss/sense-installer/pkg/api"
 	qapi "github.com/qlik-oss/sense-installer/pkg/api"
 	apiv1 "k8s.io/api/core/v1"
@@ -38,10 +42,37 @@ func (qp *QliksensePreflight) CheckMongo(kubeConfigContents []byte, namespace st
 			qp.P.LogVerboseMessage("An error occurred while retrieving mongodbUrl from current CR: %v\n", err)
 			return err
 		}
-		preflightOpts.MongoOptions.MongodbUrl = decryptedCR.Spec.GetFromSecrets("qliksense", "mongoDbUri")
+		preflightOpts.MongoOptions.MongodbUrl = strings.TrimSpace(decryptedCR.Spec.GetFromSecrets("qliksense", "mongoDbUri"))
+		tmpDir := os.TempDir()
+		caCrtFile := filepath.Join(tmpDir, "rootCA.crt")
+		clientCrtFile := filepath.Join(tmpDir, "mongoClient.crt")
+		caCertStr := decryptedCR.Spec.GetFromSecrets("qliksense", "caCertificates")
+		clientCertStr := decryptedCR.Spec.GetFromSecrets("qliksense", "mongoDbClientCrt")
+
+		if preflightOpts.MongoOptions.CaCertFile == "" && caCertStr != "" {
+			api.LogDebugMessage("received ca crt: %s\n", caCertStr)
+			if err := ioutil.WriteFile(caCrtFile, []byte(caCertStr), 0644); err != nil {
+				return fmt.Errorf("unable to write CA crt to file: %v", err)
+			}
+			preflightOpts.MongoOptions.CaCertFile = caCrtFile
+		}
+
+		if preflightOpts.MongoOptions.ClientCertFile == "" && clientCertStr != "" {
+			api.LogDebugMessage("received client crt: %s\n", clientCertStr)
+			if err := ioutil.WriteFile(clientCrtFile, []byte(clientCertStr), 0644); err != nil {
+				return fmt.Errorf("unable to write client crt to file: %v", err)
+			}
+			preflightOpts.MongoOptions.ClientCertFile = clientCrtFile
+		}
 	}
 	if !cleanup {
 		qp.P.LogVerboseMessage("MongodbUrl: %s\n", preflightOpts.MongoOptions.MongodbUrl)
+
+		// if mongoDbUrl is empty, abort check
+		if preflightOpts.MongoOptions.MongodbUrl == "" {
+			qp.P.LogVerboseMessage("Mongodb Url is empty, hence aborting preflight check\n")
+			return errors.New("MongoDbUrl is empty")
+		}
 	}
 	if err := qp.mongoConnCheck(kubeConfigContents, namespace, preflightOpts, cleanup); err != nil {
 		return err
@@ -99,7 +130,7 @@ func (qp *QliksensePreflight) mongoConnCheck(kubeConfigContents []byte, namespac
 		mongoCommand.WriteString(fmt.Sprintf(" --password %s", preflightOpts.MongoOptions.Password))
 		api.LogDebugMessage("Adding username and password\n")
 	}
-	if preflightOpts.MongoOptions.Tls || preflightOpts.MongoOptions.CaCertFile != "" || preflightOpts.MongoOptions.ClientCertFile != "" {
+	if preflightOpts.MongoOptions.Tls || preflightOpts.MongoOptions.ClientCertFile != "" {
 		mongoCommand.WriteString(" --tls")
 		api.LogDebugMessage("Adding --tls: Mongo command: %s\n", mongoCommand.String())
 	}
@@ -143,6 +174,13 @@ func (qp *QliksensePreflight) mongoConnCheck(kubeConfigContents []byte, namespac
 		return err
 	}
 
+	// check mongo server version
+	ok, err := qp.checkMongoVersion(logStr)
+	if !ok || err != nil {
+		return err
+	}
+
+	// check if connection succeeded
 	stringToCheck := "Implicit session:"
 	if strings.Contains(logStr, stringToCheck) {
 		qp.P.LogVerboseMessage("Preflight mongo check: PASSED\n")
@@ -153,6 +191,43 @@ func (qp *QliksensePreflight) mongoConnCheck(kubeConfigContents []byte, namespac
 	return nil
 }
 
+func (qp *QliksensePreflight) checkMongoVersion(logStr string) (bool, error) {
+	// check mongo server version
+	api.LogDebugMessage("Minimum required mongo version: %s\n", qp.GetPreflightConfigObj().GetMinMongoVersion())
+	mongoVersionStrToCheck := "MongoDB server version:"
+	if strings.Contains(logStr, mongoVersionStrToCheck) {
+		logLines := strings.Split(logStr, "\n")
+		for _, eachline := range logLines {
+			if strings.Contains(eachline, mongoVersionStrToCheck) {
+				mongoVersionLog := strings.Split(eachline, ":")
+				if len(mongoVersionLog) < 2 {
+					continue
+				}
+				mongoVersionStr := strings.TrimSpace(mongoVersionLog[1])
+				api.LogDebugMessage("Extracted mongo version from pod log: %s\n", mongoVersionStr)
+				currentMongoVersionSemver, err := semver.NewVersion(mongoVersionStr)
+				if err != nil {
+					err = fmt.Errorf("Unable to convert minimum mongo version into semver version:%v\n", err)
+					return false, err
+				}
+				minMongoVersionSemver, err := semver.NewVersion(qp.GetPreflightConfigObj().GetMinMongoVersion())
+				if err != nil {
+					err = fmt.Errorf("Unable to convert required minimum mongo version into semver version:%v\n", err)
+					return false, err
+				}
+				if currentMongoVersionSemver.GreaterThan(minMongoVersionSemver) || currentMongoVersionSemver.Equal(minMongoVersionSemver) {
+					qp.P.LogVerboseMessage("Current mongodb server version %s is greater than or equal to minimum required mongodb version: %s\n", currentMongoVersionSemver, minMongoVersionSemver)
+					return true, nil
+				}
+				err = fmt.Errorf("Current mongodb server version %s is less than minimum required mongodb version: %s", currentMongoVersionSemver, minMongoVersionSemver)
+				return false, err
+			}
+		}
+	}
+	err := errors.New("Unable to infer mongodb server version")
+	return false, err
+}
+
 func (qp *QliksensePreflight) createSecret(clientset *kubernetes.Clientset, namespace, certFile, certSecretName string) (*apiv1.Secret, error) {
 	certBytes, err := ioutil.ReadFile(certFile)
 	if err != nil {
@@ -161,7 +236,7 @@ func (qp *QliksensePreflight) createSecret(clientset *kubernetes.Clientset, name
 
 	certSecret, err := qp.createPreflightTestSecret(clientset, namespace, certSecretName, certBytes)
 	if err != nil {
-		err = fmt.Errorf("unable to create secret with ca cert : %v\n", err)
+		err = fmt.Errorf("unable to create secret with cert : %v\n", err)
 		return nil, err
 	}
 	return certSecret, nil

pkg/qliksense/context_configs.go

@@ -18,12 +18,12 @@ import (
 
 	b64 "encoding/base64"
 
+	. "github.com/logrusorgru/aurora"
 	ansi "github.com/mattn/go-colorable"
 	"github.com/qlik-oss/sense-installer/pkg/api"
 	_ "gopkg.in/yaml.v2"
 	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	. "github.com/logrusorgru/aurora"
 )
 
 const (
@@ -62,7 +62,7 @@ func (q *Qliksense) SetSecrets(args []string, isSecretSet bool, base64Encoded bo
 	}
 
 	// Metadata name in qliksense CR is the name of the current context
-	api.LogDebugMessage("Current context: %s", qliksenseCR.GetName())
+	api.LogDebugMessage("Current context: %s\n", qliksenseCR.GetName())
 	encryptionKey, err := qConfig.GetEncryptionKeyForCurrent()
 	if err != nil {
 		return err
@@ -72,7 +72,7 @@ func (q *Qliksense) SetSecrets(args []string, isSecretSet bool, base64Encoded bo
 		return err
 	}
 	for _, ra := range resultArgs {
-		api.LogDebugMessage("value args to be encrypted: %s", ra.Value)
+		api.LogDebugMessage("value args to be encrypted: %s\n", ra.Value)
 		if err := q.processSecret(ra, encryptionKey, qliksenseCR, isSecretSet); err != nil {
 			return err
 		}
@@ -213,8 +213,8 @@ func validateCR(key string, keySub string, value string, crSpec *api.QliksenseCR
 			}
 		} else {
 			switch key {
-			case "gitops":
-				crSpec.Spec.GitOps = &config.GitOps{}
+			case "opsrunner":
+				crSpec.Spec.OpsRunner = &config.OpsRunner{}
 			case "git":
 				crSpec.Spec.Git = &config.Repo{}
 			}
@@ -248,8 +248,8 @@ func (q *Qliksense) SetOtherConfigs(args []string) error {
 			if err := q.processSetGit(arg, qliksenseCR); err != nil {
 				return err
 			}
-		} else if strings.HasPrefix(arg, "gitOps.") {
-			if err := q.processSetGitOps(arg, qliksenseCR); err != nil {
+		} else if strings.HasPrefix(arg, "opsRunner.") {
+			if err := q.processSetOpsRunner(arg, qliksenseCR); err != nil {
 				return err
 			}
 		} else {
@@ -337,27 +337,29 @@ func (q *Qliksense) processSetGit(arg string, cr *api.QliksenseCR) error {
 	return nil
 }
 
-func (q *Qliksense) processSetGitOps(arg string, cr *api.QliksenseCR) error {
+func (q *Qliksense) processSetOpsRunner(arg string, cr *api.QliksenseCR) error {
 	args := strings.Split(arg, "=")
 	subs := strings.Split(args[0], ".")
-	if cr.Spec.Git == nil {
-		cr.Spec.GitOps = &config.GitOps{}
+	if cr.Spec.OpsRunner == nil {
+		cr.Spec.OpsRunner = &config.OpsRunner{}
 	}
 	switch subs[1] {
 	case "enabled":
 		if args[1] != "yes" && args[1] != "no" {
 			return errors.New("Please use yes or no for key enabled")
 		}
-		cr.Spec.GitOps.Enabled = args[1]
+		cr.Spec.OpsRunner.Enabled = args[1]
 	case "schedule":
 		if _, err := cron.ParseStandard(args[1]); err != nil {
 			return errors.New("Please enter string with standard cron scheduling syntax ")
 		}
-		cr.Spec.GitOps.Schedule = args[1]
+		cr.Spec.OpsRunner.Schedule = args[1]
 	case "watchBranch":
-		cr.Spec.GitOps.WatchBranch = args[1]
+		cr.Spec.OpsRunner.WatchBranch = args[1]
 	case "image":
-		cr.Spec.GitOps.Image = args[1]
+		cr.Spec.OpsRunner.Image = args[1]
+	case "crPvc":
+		cr.Spec.OpsRunner.CrPvc = args[1]
 	default:
 		return errors.New(arg + " does not match any cr spec")
 	}
@@ -411,7 +413,7 @@ func (q *Qliksense) DeleteContextConfig(args []string, flag bool) error {
 		out := ansi.NewColorableStdout()
 		switch args[0] {
 		case qliksenseConfig.Spec.CurrentContext:
-			fmt.Fprintln(out,Yellow("Please switch contexts to be able to delete this context."))
+			fmt.Fprintln(out, Yellow("Please switch contexts to be able to delete this context."))
 			err := fmt.Errorf(Red("Cannot delete current context - %s").String(), White(Bold(qliksenseConfig.Spec.CurrentContext)))
 			return err
 		case DefaultQliksenseContext:
@@ -452,7 +454,7 @@ func (q *Qliksense) DeleteContextConfig(args []string, flag bool) error {
 						if ans == true {
 							api.WriteToFile(&qliksenseConfig, qliksenseConfigFile)
 							fmt.Fprintln(out, Yellow(Underline("Warning: Active resources may still be running in-cluster")))
-							fmt.Fprintln(out, Green("Successfully deleted context: "),Bold(args[0]))
+							fmt.Fprintln(out, Green("Successfully deleted context: "), Bold(args[0]))
 						} else {
 							return nil
 						}

pkg/qliksense/context_configs_test.go

@@ -244,7 +244,7 @@ func TestSetOtherConfigs(t *testing.T) {
 				q: &Qliksense{
 					QliksenseHome: testDir,
 				},
-				args: []string{"profile=minikube", "rotateKeys=yes", "storageClassName=efs", "gitOps.enabled=yes", "gitOps.schedule=30 * * * *", "git.repository=master", "git.userName=foo", "git.accessToken=1234"},
+				args: []string{"profile=minikube", "rotateKeys=yes", "storageClassName=efs", "opsRunner.enabled=yes", "opsRunner.schedule=30 * * * *", "git.repository=master", "git.userName=foo", "git.accessToken=1234"},
 			},
 			wantErr: false,
 		},
@@ -254,7 +254,7 @@ func TestSetOtherConfigs(t *testing.T) {
 				q: &Qliksense{
 					QliksenseHome: testDir,
 				},
-				args: []string{"someconfig=somevalue, gitOps.schedule=bar", "gitOps.enabled=bar", "git.foo=bar", "rotateKeys=bar"},
+				args: []string{"someconfig=somevalue, opsRunner.schedule=bar", "opsRunner.enabled=bar", "git.foo=bar", "rotateKeys=bar"},
 			},
 			wantErr: true,
 		},

pkg/qliksense/docker.go

@@ -95,9 +95,9 @@ func (q *Qliksense) PullImagesForCurrentCR() error {
 	return nil
 }
 
-func (q *Qliksense) appendGitOpsImage(images *[]string, qcr *qapi.QliksenseCR) {
-	if qcr.Spec.GitOps != nil && qcr.Spec.GitOps.Image != "" {
-		*images = append(*images, qcr.Spec.GitOps.Image)
+func (q *Qliksense) appendOpsRunnerImage(images *[]string, qcr *qapi.QliksenseCR) {
+	if qcr.Spec.OpsRunner != nil && qcr.Spec.OpsRunner.Image != "" {
+		*images = append(*images, qcr.Spec.OpsRunner.Image)
 	}
 }
 
@@ -212,7 +212,7 @@ func (q *Qliksense) appendAdditionalImages(images *[]string, qcr *qapi.Qliksense
 	if err := q.appendOperatorImages(images); err != nil {
 		return err
 	}
-	q.appendGitOpsImage(images, qcr)
+	q.appendOpsRunnerImage(images, qcr)
 	q.appendPreflightImages(images)
 	return nil
 }

pkg/qliksense/docker_test.go

@@ -186,7 +186,7 @@ kind: Qliksense
 metadata:
   name: qlik-default
 spec:
-  gitOps:
+  opsRunner:
     image: some-gitops-image
 `)
 

pkg/qliksense/install.go

@@ -53,9 +53,7 @@ func (q *Qliksense) InstallQK8s(version string, opts *InstallCommandOptions, kee
 	}
 	qConfig.WriteCurrentContextCR(qcr)
 
-	//if the docker pull secret exists on disk, install it in the cluster
-	//if it doesn't exist on disk, remove it in the cluster
-	if err := installOrRemoveImagePullSecret(qConfig); err != nil {
+	if err := applyImagePullSecret(qConfig); err != nil {
 		return err
 	}
 
@@ -132,22 +130,13 @@ func (q *Qliksense) getProcessedOperatorControllerString(qcr *qapi.QliksenseCR)
 	return operatorControllerString, nil
 }
 
-func installOrRemoveImagePullSecret(qConfig *qapi.QliksenseConfig) error {
+func applyImagePullSecret(qConfig *qapi.QliksenseConfig) error {
 	if pullDockerConfigJsonSecret, err := qConfig.GetPullDockerConfigJsonSecret(); err == nil {
 		if dockerConfigJsonSecretYaml, err := pullDockerConfigJsonSecret.ToYaml(""); err != nil {
 			return err
 		} else if err := qapi.KubectlApply(string(dockerConfigJsonSecretYaml), ""); err != nil {
 			return err
 		}
-	} else {
-		deleteDockerConfigJsonSecret := qapi.DockerConfigJsonSecret{
-			Name: pullSecretName,
-		}
-		if deleteDockerConfigJsonSecretYaml, err := deleteDockerConfigJsonSecret.ToYaml(""); err != nil {
-			return err
-		} else if err := qapi.KubectlDelete(string(deleteDockerConfigJsonSecretYaml), ""); err != nil {
-			qapi.LogDebugMessage("failed deleting %v, error: %v\n", pullSecretName, err)
-		}
 	}
 	return nil
 }

pkg/qliksense/kuz_test.go

@@ -22,7 +22,7 @@ import (
 	"sigs.k8s.io/kustomize/api/resource"
 	"sigs.k8s.io/kustomize/api/types"
 
-	"gopkg.in/yaml.v3"
+	"gopkg.in/yaml.v2"
 
 	"github.com/Shopify/ejson"
 	"github.com/qlik-oss/k-apis/pkg/config"
@@ -310,8 +310,8 @@ func Test_executeKustomizeBuild_onQlikConfig_regenerateKeys(t *testing.T) {
 			}
 			break
 		}
-		if resource["kind"].(string) == "Secret" && strings.Contains(resource["metadata"].(map[string]interface{})["name"].(string), "users-secrets-") {
-			keyIdBase64 = resource["data"].(map[string]interface{})["tokenAuthPrivateKeyId"].(string)
+		if resource["kind"].(string) == "Secret" && strings.Contains(resource["metadata"].(map[interface {}]interface {})["name"].(string), "users-secrets-") {
+			keyIdBase64 = resource["data"].(map[interface {}]interface {})["tokenAuthPrivateKeyId"].(string)
 			break
 		}
 	}