jprdonnelly/sense-installer
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: jprdonnelly:renovate/github.com-spf13-cobra-1.x
Branches Tags
jprdonnelly:master jprdonnelly:renovate/github.com-spf13-cobra-1.x jprdonnelly:renovate/github.com-spf13-viper-1.x jprdonnelly:renovate/github.com-mattn-go-colorable-0.x jprdonnelly:renovate/github.com-otiai10-copy-1.x jprdonnelly:renovate/go-github.com-go-git-go-git-v5-vulnerability jprdonnelly:renovate/go-github.com-containers-image-v5-vulnerability jprdonnelly:renovate/go-k8s.io-apimachinery-vulnerability jprdonnelly:renovate/gopkg.in-yaml.v2-2.x jprdonnelly:renovate/github.com-shopify-ejson-1.x jprdonnelly:renovate/github.com-jinzhu-copier-0.x jprdonnelly:renovate/github.com-gobuffalo-packr-v2-2.x jprdonnelly:renovate/github.com-go-git-go-git-v5-5.x jprdonnelly:renovate/github.com-spf13-cobra-0.x jprdonnelly:renovate/github.com-qlik-oss-k-apis-0.x jprdonnelly:add-k3d jprdonnelly:kust2 jprdonnelly:update-kust jprdonnelly:fix-kust jprdonnelly:fix_crds jprdonnelly:preflight_openssl_verify jprdonnelly:gh-pages jprdonnelly:rotateKeys jprdonnelly:fix-editor jprdonnelly:autorun_postflight_checks jprdonnelly:fix-unset jprdonnelly:preflight_roles_better_error jprdonnelly:upgrade-kapi jprdonnelly:pf_checks_unit_tests jprdonnelly:kuz-api-qlik-v0.0.27 jprdonnelly:postflight_check_1 jprdonnelly:redesign jprdonnelly:update-library jprdonnelly:dry-run jprdonnelly:unset jprdonnelly:pkger jprdonnelly:pf_mongo_2_1 jprdonnelly:actions jprdonnelly:fix-cipher jprdonnelly:pf_mongo_tls-2 jprdonnelly:pf_storage_class jprdonnelly:pf_mongo_version jprdonnelly:upgrade_libraries jprdonnelly:kuz-upgrade jprdonnelly:export_function jprdonnelly:preflight_cleanup_cmd jprdonnelly:packr_to_pakger jprdonnelly:chalk_replacement jprdonnelly:pf_remove_emojis jprdonnelly:actiontests jprdonnelly:install-latest jprdonnelly:context_delete jprdonnelly:uninstall_confirm jprdonnelly:fix-go-git jprdonnelly:update-k-api jprdonnelly:random-fix jprdonnelly:manifest-root-relative-path jprdonnelly:load-file jprdonnelly:config_unset jprdonnelly:gitops_spec jprdonnelly:ibiqlik/installscript jprdonnelly:ms-3 jprdonnelly:circle jprdonnelly:testing-output jprdonnelly:helper-levenstein jprdonnelly:helper jprdonnelly:for-andrey jprdonnelly:shell_cr jprdonnelly:sense-installer/porter jprdonnelly:readme_doc jprdonnelly:cache-clear
jprdonnelly:v0.35.0 jprdonnelly:v0.36.0 jprdonnelly:v0.34.0 jprdonnelly:v0.33.0 jprdonnelly:v0.32.0 jprdonnelly:v0.31.0 jprdonnelly:v0.31.1 jprdonnelly:v0.30.2 jprdonnelly:v0.30.1 jprdonnelly:v0.30.0 jprdonnelly:v0.29.0 jprdonnelly:v0.28.2 jprdonnelly:v0.28.1 jprdonnelly:v0.28.0 jprdonnelly:v0.27.0 jprdonnelly:v0.26.0 jprdonnelly:v0.25.0 jprdonnelly:v0.24.0 jprdonnelly:v0.23.0 jprdonnelly:v0.22.0 jprdonnelly:v0.21.0 jprdonnelly:v0.20.0 jprdonnelly:v0.19.0 jprdonnelly:v0.18.0 jprdonnelly:v0.17.0 jprdonnelly:v0.16.0 jprdonnelly:v0.15.0 jprdonnelly:0.15.0 jprdonnelly:v0.14.0 jprdonnelly:v0.13.0 jprdonnelly:v0.12.0 jprdonnelly:v0.11.0 jprdonnelly:v0.10.0 jprdonnelly:v0.9.21 jprdonnelly:v0.9.20 jprdonnelly:v0.9.19 jprdonnelly:v0.9.18 jprdonnelly:v0.9.17 jprdonnelly:v0.9.16 jprdonnelly:v0.9.15 jprdonnelly:v0.9.14 jprdonnelly:v0.9.13 jprdonnelly:v0.9.12 jprdonnelly:v0.9.11 jprdonnelly:v0.9.10 jprdonnelly:v0.9.8 jprdonnelly:v0.9.7 jprdonnelly:v0.9.6 jprdonnelly:v0.9.5 jprdonnelly:v0.9.0 jprdonnelly:0.9.0 jprdonnelly:v0.8.3 jprdonnelly:v0.8.1 jprdonnelly:v0.8.2 jprdonnelly:v0.8.0 jprdonnelly:v0.7.1 jprdonnelly:v0.7.0 jprdonnelly:v0.6.0 jprdonnelly:v0.5.7 jprdonnelly:v0.5.6 jprdonnelly:v0.5.5 jprdonnelly:v0.5.4 jprdonnelly:v0.5.3 jprdonnelly:v0.5.2 jprdonnelly:v0.5.1 jprdonnelly:v.0.5.0 jprdonnelly:v0.4.0 jprdonnelly:v0.3.0 jprdonnelly:v0.2.0 jprdonnelly:v0.1.0
..
compare: jprdonnelly:random-fix
Branches Tags
jprdonnelly:renovate/github.com-spf13-cobra-1.x jprdonnelly:renovate/github.com-spf13-viper-1.x jprdonnelly:renovate/github.com-mattn-go-colorable-0.x jprdonnelly:renovate/github.com-otiai10-copy-1.x jprdonnelly:renovate/go-github.com-go-git-go-git-v5-vulnerability jprdonnelly:renovate/go-github.com-containers-image-v5-vulnerability jprdonnelly:renovate/go-k8s.io-apimachinery-vulnerability jprdonnelly:renovate/gopkg.in-yaml.v2-2.x jprdonnelly:renovate/github.com-shopify-ejson-1.x jprdonnelly:renovate/github.com-jinzhu-copier-0.x jprdonnelly:renovate/github.com-gobuffalo-packr-v2-2.x jprdonnelly:renovate/github.com-go-git-go-git-v5-5.x jprdonnelly:renovate/github.com-spf13-cobra-0.x jprdonnelly:renovate/github.com-qlik-oss-k-apis-0.x jprdonnelly:add-k3d jprdonnelly:kust2 jprdonnelly:update-kust jprdonnelly:fix-kust jprdonnelly:master jprdonnelly:fix_crds jprdonnelly:preflight_openssl_verify jprdonnelly:gh-pages jprdonnelly:rotateKeys jprdonnelly:fix-editor jprdonnelly:autorun_postflight_checks jprdonnelly:fix-unset jprdonnelly:preflight_roles_better_error jprdonnelly:upgrade-kapi jprdonnelly:pf_checks_unit_tests jprdonnelly:kuz-api-qlik-v0.0.27 jprdonnelly:postflight_check_1 jprdonnelly:redesign jprdonnelly:update-library jprdonnelly:dry-run jprdonnelly:unset jprdonnelly:pkger jprdonnelly:pf_mongo_2_1 jprdonnelly:actions jprdonnelly:fix-cipher jprdonnelly:pf_mongo_tls-2 jprdonnelly:pf_storage_class jprdonnelly:pf_mongo_version jprdonnelly:upgrade_libraries jprdonnelly:kuz-upgrade jprdonnelly:export_function jprdonnelly:preflight_cleanup_cmd jprdonnelly:packr_to_pakger jprdonnelly:chalk_replacement jprdonnelly:pf_remove_emojis jprdonnelly:actiontests jprdonnelly:install-latest jprdonnelly:context_delete jprdonnelly:uninstall_confirm jprdonnelly:fix-go-git jprdonnelly:update-k-api jprdonnelly:random-fix jprdonnelly:manifest-root-relative-path jprdonnelly:load-file jprdonnelly:config_unset jprdonnelly:gitops_spec jprdonnelly:ibiqlik/installscript jprdonnelly:ms-3 jprdonnelly:circle jprdonnelly:testing-output jprdonnelly:helper-levenstein jprdonnelly:helper jprdonnelly:for-andrey jprdonnelly:shell_cr jprdonnelly:sense-installer/porter jprdonnelly:readme_doc jprdonnelly:cache-clear
jprdonnelly:v0.35.0 jprdonnelly:v0.36.0 jprdonnelly:v0.34.0 jprdonnelly:v0.33.0 jprdonnelly:v0.32.0 jprdonnelly:v0.31.0 jprdonnelly:v0.31.1 jprdonnelly:v0.30.2 jprdonnelly:v0.30.1 jprdonnelly:v0.30.0 jprdonnelly:v0.29.0 jprdonnelly:v0.28.2 jprdonnelly:v0.28.1 jprdonnelly:v0.28.0 jprdonnelly:v0.27.0 jprdonnelly:v0.26.0 jprdonnelly:v0.25.0 jprdonnelly:v0.24.0 jprdonnelly:v0.23.0 jprdonnelly:v0.22.0 jprdonnelly:v0.21.0 jprdonnelly:v0.20.0 jprdonnelly:v0.19.0 jprdonnelly:v0.18.0 jprdonnelly:v0.17.0 jprdonnelly:v0.16.0 jprdonnelly:v0.15.0 jprdonnelly:0.15.0 jprdonnelly:v0.14.0 jprdonnelly:v0.13.0 jprdonnelly:v0.12.0 jprdonnelly:v0.11.0 jprdonnelly:v0.10.0 jprdonnelly:v0.9.21 jprdonnelly:v0.9.20 jprdonnelly:v0.9.19 jprdonnelly:v0.9.18 jprdonnelly:v0.9.17 jprdonnelly:v0.9.16 jprdonnelly:v0.9.15 jprdonnelly:v0.9.14 jprdonnelly:v0.9.13 jprdonnelly:v0.9.12 jprdonnelly:v0.9.11 jprdonnelly:v0.9.10 jprdonnelly:v0.9.8 jprdonnelly:v0.9.7 jprdonnelly:v0.9.6 jprdonnelly:v0.9.5 jprdonnelly:v0.9.0 jprdonnelly:0.9.0 jprdonnelly:v0.8.3 jprdonnelly:v0.8.1 jprdonnelly:v0.8.2 jprdonnelly:v0.8.0 jprdonnelly:v0.7.1 jprdonnelly:v0.7.0 jprdonnelly:v0.6.0 jprdonnelly:v0.5.7 jprdonnelly:v0.5.6 jprdonnelly:v0.5.5 jprdonnelly:v0.5.4 jprdonnelly:v0.5.3 jprdonnelly:v0.5.2 jprdonnelly:v0.5.1 jprdonnelly:v.0.5.0 jprdonnelly:v0.4.0 jprdonnelly:v0.3.0 jprdonnelly:v0.2.0 jprdonnelly:v0.1.0

26 Commits
renovate/g ... random-fix

Author SHA1 Message Date
Foysal Iqbal
75ce6caa2b random prefix 
Signed-off-by: Foysal Iqbal <mqb@qlik.com>
 2020-04-06 00:17:54 -04:00
Ashwathi Shiva
d05b119a68 remove namespace from role, rolebinding and SA checks 2020-04-05 23:31:47 -04:00
Ashwathi Shiva
ed26e692c9 Merge branch 'master' into preflight_pretty_print 
# Conflicts:
#	pkg/preflight/role_check.go
#	pkg/qliksense/kuz.go
 2020-04-05 21:28:05 -04:00
Ashwathi Shiva
5909c728ab - possible fix for restricting role and role binding checks to only install their specific types 
- moved kubectl delete to defer to force clean up
 2020-04-05 21:25:19 -04:00
Ashwathi Shiva
d77654e763 Updated readme 2020-04-05 19:05:03 -04:00
Ashwathi Shiva
73c3ac1d58 Merge branch 'master' into preflight_roles 2020-04-05 17:30:59 -04:00
Ashwathi Shiva
083203128c passed mongo url to preflight all command, addressed some PR comments 2020-04-05 17:27:54 -04:00
Foysal Iqbal
ccc2997745 fix entity creation 
Signed-off-by: Foysal Iqbal <mqb@qlik.com>
 2020-04-04 13:44:18 -04:00
Ashwathi Shiva
1f5ee3d487 Merge branch 'master' into preflight_roles 2020-04-04 01:37:58 -04:00
Ashwathi Shiva
87ace81dee renamed some commands and cleaned up some messages 2020-04-04 01:33:20 -04:00
Ashwathi Shiva
2618e72a46 display the mongodb url 2020-04-03 11:18:13 -04:00
Ashwathi Shiva
1aac550f66 mongodbUrl inferred from CR 2020-04-03 08:04:29 -04:00
Ashwathi Shiva
bacaea1b92 Merge branch 'master' into preflight_roles 
# Conflicts:
#	pkg/preflight/deployability.go
 2020-04-03 01:23:09 -04:00
Ashwathi Shiva
acfa1f16a1 updated readme 2020-04-03 01:18:59 -04:00
Ashwathi Shiva
8b68a4d305 updated qliksense preflight all to update mongodb check 2020-04-03 01:08:06 -04:00
Ashwathi Shiva
114d0a13c8 preflight mongo --url=url working 2020-04-03 00:47:49 -04:00
Ashwathi Shiva
c733d2821e Merge branch 'preflight_roles' of github.com:qlik-oss/sense-installer into preflight_roles 2020-04-02 23:38:11 -04:00
Ashwathi Shiva
69306605a3 preflight createRole, createRoleBinding, createServiceAccount, createRB working 2020-04-02 23:34:55 -04:00
Foysal Iqbal
67ec3105f0 fix yaml trim 
Signed-off-by: Foysal Iqbal <mqb@qlik.com>
 2020-04-02 20:48:43 -04:00
Ashwathi Shiva
e69149ec64 finished initial functional role check 2020-04-02 19:44:13 -04:00
Ashwathi Shiva
cedb7f8fca WIP - intermediate commit 2020-04-02 19:09:34 -04:00
Ashwathi Shiva
fee81b25a6 WIP preflight createRole 2020-04-02 16:31:48 -04:00
Ashwathi Shiva
b5eea11050 Merge branch 'master' into preflight_roles 2020-04-02 14:44:23 -04:00
Ashwathi Shiva
dbf6f6debc preflight createRB working and updated readme 2020-04-02 00:00:48 -04:00
Ashwathi Shiva
002b0faaa1 Merge branch 'master' into preflight_roles 2020-04-01 23:33:47 -04:00
Ashwathi Shiva
a676d10ed0 preflight role, roleBinding, serviceAccount working 2020-04-01 23:31:28 -04:00
94 changed files with 2831 additions and 7230 deletions
Expand all files Collapse all files

39
.github/workflows/build.yml vendored
View File

@@ -4,43 +4,24 @@ on: [pull_request]
jobs:
test:
name: Test
env:
CGO_ENABLED: 0
strategy:
matrix:
go: [1.13.x]
os: [ubuntu-latest, windows-latest]
runs-on: ${{ matrix.os }}
steps:
- name: Set up Go ${{ matrix.go }}
uses: actions/setup-go@v2-beta
with:
go-version: ${{ matrix.go }}
- uses: actions/checkout@v2
- name: setup make (Windows)
if: matrix.os == 'windows-latest'
run: choco install make -y
- run: make test
build:
name: Build
runs-on: ubuntu-latest
needs: test
steps:
- name: Set up Go 1.13
uses: actions/setup-go@v2-beta
uses: actions/setup-go@v1
with:
go-version: 1.13
- uses: actions/checkout@v2
- run: git fetch --depth=1 origin +refs/tags/*:refs/tags/*
- name: Set GOPATH
# temporary fix
# see https://github.com/actions/setup-go/issues/14
run: |
echo "##[set-env name=GOPATH;]$(dirname $GITHUB_WORKSPACE)"
echo "##[add-path]$(dirname $GITHUB_WORKSPACE)/bin"
shell: bash
- run: make xbuild-all
- run: make test
- run: make build

2
.github/workflows/mkdocs.yml vendored
View File

@@ -16,6 +16,6 @@ jobs:
uses: actions/checkout@v1
- name: Deploy docs
uses: mhausenblas/mkdocs-deploy-gh-pages@1.12
uses: mhausenblas/mkdocs-deploy-gh-pages@1.11
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

9
.github/workflows/release.yml vendored
View File

@@ -12,12 +12,19 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Set up Go 1.13
uses: actions/setup-go@v2-beta
uses: actions/setup-go@v1
with:
go-version: 1.13
- uses: actions/checkout@v2
- run: git fetch --depth=1 origin +refs/tags/*:refs/tags/* # Needed in makefile for versioning
- name: Set GOPATH
# temporary fix
# see https://github.com/actions/setup-go/issues/14
run: |
echo "##[set-env name=GOPATH;]$(dirname $GITHUB_WORKSPACE)"
echo "##[add-path]$(dirname $GITHUB_WORKSPACE)/bin"
shell: bash
- run: make test
- run: make xbuild-all

51
Makefile
View File

@@ -39,29 +39,21 @@ endif
.PHONY: build
build: clean generate
go run _make_support/mkdir_all/do.go $(BINDIR)
mkdir -p $(BINDIR)
go build -ldflags '$(LDFLAGS)' -tags "$(BUILDTAGS)" -o $(BINDIR)/$(MIXIN)$(FILE_EXT) ./cmd/$(MIXIN)
$(MAKE) clean
.PHONY: test-setup
test-setup: clean generate
ifeq ($(shell ${WHICH} docker-registry 2>${DEVNUL}),)
$(eval TMP-docker-distribution := $(shell go run _make_support/get_tmp_dir/do.go))
git clone https://github.com/docker/distribution.git "$(TMP-docker-distribution)/docker-distribution"
cd "$(TMP-docker-distribution)/docker-distribution" && git checkout -b v2.7.1 && "$(MAKE)"
go run _make_support/copy/do.go --src "$(TMP-docker-distribution)/docker-distribution/bin/registry" --dst pkg/qliksense/docker-registry$(FILE_EXT)
go run _make_support/remove_all/do.go "$(TMP-docker-distribution)"
endif
.PHONY: test-short
test-short: test-setup
go test -count 1 -p 1 -tags "$(BUILDTAGS)" -v -short ./...
"$(MAKE)" clean
.PHONY: test
test: test-setup
go test -count 1 -p 1 -tags "$(BUILDTAGS)" -v ./...
"$(MAKE)" clean
test: clean generate
ifeq ($(shell ${WHICH} docker-registry 2>${DEVNUL}),)
$(eval TMP-docker-distribution := $(shell mktemp -d))
git clone https://github.com/docker/distribution.git $(TMP-docker-distribution)/docker-distribution
cd $(TMP-docker-distribution)/docker-distribution; git checkout -b v2.7.1; make
cp $(TMP-docker-distribution)/docker-distribution/bin/registry pkg/qliksense/docker-registry
-rm -rf $(TMP-docker-distribution)
endif
go test -short -count=1 -tags "$(BUILDTAGS)" -v ./...
$(MAKE) clean
xbuild-all: clean generate
$(foreach OS, $(SUPPORTED_PLATFORMS), \
@@ -86,7 +78,6 @@ endif
generate: get-crds packr2
go generate ./...
go run _make_support/remove_all/do.go pkg/qliksense/crds
packr2:
ifeq ($(shell ${WHICH} packr2 2>${DEVNUL}),)
@@ -94,22 +85,22 @@ ifeq ($(shell ${WHICH} packr2 2>${DEVNUL}),)
endif
clean: clean-packr
go run _make_support/remove_all/do.go pkg/qliksense/crds
-rm -fr pkg/qliksense/crds
clean-packr: packr2
cd pkg/qliksense && packr2 clean
get-crds:
ifeq ($(QLIKSENSE_OPERATOR_DIR),)
$(eval TMP-operator := $(shell go run _make_support/get_tmp_dir/do.go))
$(eval TMP-operator := $(shell mktemp -d))
git clone https://github.com/qlik-oss/qliksense-operator.git -b master $(TMP-operator)/operator
"$(MAKE)" QLIKSENSE_OPERATOR_DIR="$(TMP-operator)/operator" get-crds
go run _make_support/remove_all/do.go "$(TMP-operator)"
$(MAKE) QLIKSENSE_OPERATOR_DIR=$(TMP-operator)/operator get-crds
-rm -rf $(TMP-operator)
else
go run _make_support/mkdir_all/do.go pkg/qliksense/crds/cr
go run _make_support/mkdir_all/do.go pkg/qliksense/crds/crd
go run _make_support/mkdir_all/do.go pkg/qliksense/crds/crd-deploy
go run _make_support/copy/do.go --src-pattern "$(QLIKSENSE_OPERATOR_DIR)/deploy/*.yaml" --dst pkg/qliksense/crds/crd-deploy
go run _make_support/copy/do.go --src-pattern "$(QLIKSENSE_OPERATOR_DIR)/deploy/crds/*_crd.yaml" --dst pkg/qliksense/crds/crd
go run _make_support/copy/do.go --src-pattern "$(QLIKSENSE_OPERATOR_DIR)/deploy/crds/*_cr.yaml" --dst pkg/qliksense/crds/cr
mkdir -p pkg/qliksense/crds/cr
mkdir -p pkg/qliksense/crds/crd
mkdir -p pkg/qliksense/crds/crd-deploy
cp $(QLIKSENSE_OPERATOR_DIR)/deploy/*.yaml pkg/qliksense/crds/crd-deploy
cp $(QLIKSENSE_OPERATOR_DIR)/deploy/crds/*_crd.yaml pkg/qliksense/crds/crd
cp $(QLIKSENSE_OPERATOR_DIR)/deploy/crds/*_cr.yaml pkg/qliksense/crds/cr
endif

10
README.md
View File

@@ -1,12 +1,16 @@
# (WIP) Qlik Sense on Kubernetes installation and operations CLI
# (WIP) Qlik Sense installation and operations CLI
## Documentation
To learn more about Qlik Sense on Kubernetes CLI go to https://qlik-oss.github.io/sense-installer/
To learn more about Qlik Sense installer go to https://qlik-oss.github.io/sense-installer/
## About
The QSEoK CLI (qliksense) provides an imperative interface to many of the configurations that need to be applied against the declarative structure described in [qliksense-k8s](https://github.com/qlik-oss/qliksense-k8s).
The Qlik Sense installer CLI (qliksense) provides an imperative interface to many of the configurations that need to be applied against the declarative structure described in [qliksense-k8s](https://github.com/qlik-oss/qliksense-k8s). This cli facilitates:
- installation of QSEoK
- installation of qliksense operator to manage QSEoK
- air gapped installation of QSEoK
This is a technology preview that uses Qlik modified [kustomize](https://github.com/qlik-oss/kustomize) to kubernetes manifests of the versions of the [qliksense-k8s](https://github.com/qlik-oss/qliksense-k8s) repository.

109
_make_support/copy/do.go
View File

@@ -1,109 +0,0 @@
package main
import (
"flag"
"fmt"
"io"
"os"
"path/filepath"
"github.com/otiai10/copy"
)
func main() {
srcPattern := flag.String("src-pattern", "", "Source file pattern")
src := flag.String("src", "", "Source file or directory")
dst := flag.String("dst", "", "Destination file or directory")
flag.Parse()
if *srcPattern != "" {
if dstInfo, err := os.Lstat(*dst); err != nil {
panic(err)
} else if !dstInfo.IsDir() {
panic(fmt.Errorf("%v must be a directory", *dst))
}
if matches, err := filepath.Glob(*srcPattern); err != nil {
panic(err)
} else {
for _, match := range matches {
srcInfo, err := os.Lstat(match)
if err != nil {
panic(err)
}
if srcInfo.IsDir() {
if err := copy.Copy(match, *dst, copy.Options{
OnSymlink: func(p string) copy.SymlinkAction {
return copy.Skip
},
}); err != nil {
panic(err)
}
} else if srcInfo.Mode().IsRegular() {
if err := fcopy(match, filepath.Join(*dst, filepath.Base(match)), srcInfo); err != nil {
panic(err)
}
}
}
}
} else if *src != "" {
srcInfo, err := os.Lstat(*src)
if err != nil {
panic(err)
}
if srcInfo.IsDir() {
if err := copy.Copy(*src, *dst, copy.Options{
OnSymlink: func(p string) copy.SymlinkAction {
return copy.Skip
},
}); err != nil {
panic(err)
}
} else if srcInfo.Mode().IsRegular() {
finalDestination := *dst
if dstInfo, err := os.Lstat(*dst); err != nil {
if !os.IsNotExist(err) {
panic(err)
}
} else if dstInfo.IsDir() {
finalDestination = filepath.Join(*dst, filepath.Base(*src))
} else if dstInfo.Mode().IsRegular() {
fmt.Println("WARNING: over-writing existing file: ", *dst)
if err := os.Remove(*dst); err != nil {
panic(err)
}
} else {
panic(fmt.Errorf("not sure how to copy to this dst: %v", *dst))
}
if err := fcopy(*src, finalDestination, srcInfo); err != nil {
panic(err)
}
}
}
}
func fcopy(src, dest string, info os.FileInfo) (err error) {
if err := os.MkdirAll(filepath.Dir(dest), os.ModePerm); err != nil {
return err
}
f, err := os.Create(dest)
if err != nil {
return err
}
defer f.Close()
if err = os.Chmod(f.Name(), info.Mode()); err != nil {
return err
}
s, err := os.Open(src)
if err != nil {
return err
}
defer s.Close()
_, err = io.Copy(f, s)
return err
}

5
_make_support/copy/go.mod
View File

@@ -1,5 +0,0 @@
module github.com/qlik-oss/sense-installer/_make_support/copy
go 1.13
require github.com/otiai10/copy v1.1.1

8
_make_support/copy/go.sum
View File

@@ -1,8 +0,0 @@
github.com/otiai10/copy v1.1.1 h1:PH7IFlRQ6Fv9vYmuXbDRLdgTHoP1w483kPNUP2bskpo=
github.com/otiai10/copy v1.1.1/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw=
github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE=
github.com/otiai10/curr v1.0.0 h1:TJIWdbX0B+kpNagQrjgq8bCMrbhiuX73M2XwgtDMoOI=
github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs=
github.com/otiai10/mint v1.3.0/go.mod h1:F5AjcsTsWUqX+Na9fpHb52P8pcRX2CI6A3ctIT91xUo=
github.com/otiai10/mint v1.3.1 h1:BCmzIS3n71sGfHB5NMNDB3lHYPz8fWSkCAErHed//qc=
github.com/otiai10/mint v1.3.1/go.mod h1:/yxELlJQ0ufhjUwhshSj+wFjZ78CnZ48/1wtmBH1OTc=

14
_make_support/get_tmp_dir/do.go
View File

@@ -1,14 +0,0 @@
package main
import (
"fmt"
"io/ioutil"
)
func main() {
if tmpDir, err := ioutil.TempDir("", ""); err != nil {
panic(err)
} else {
fmt.Print(tmpDir)
}
}

3
_make_support/get_tmp_dir/go.mod
View File

@@ -1,3 +0,0 @@
module github.com/qlik-oss/sense-installer/_make_support/get_tmp_dir
go 1.13

11
_make_support/mkdir_all/do.go
View File

@@ -1,11 +0,0 @@
package main
import (
"os"
)
func main() {
if err := os.MkdirAll(os.Args[1], os.ModePerm); err != nil {
panic(err)
}
}

3
_make_support/mkdir_all/go.mod
View File

@@ -1,3 +0,0 @@
module github.com/qlik-oss/sense-installer/_make_support/mkdir_all
go 1.13

11
_make_support/remove_all/do.go
View File

@@ -1,11 +0,0 @@
package main
import (
"os"
)
func main() {
if err := os.RemoveAll(os.Args[1]); err != nil {
panic(err)
}
}

3
_make_support/remove_all/go.mod
View File

@@ -1,3 +0,0 @@
module github.com/qlik-oss/sense-installer/_make_support/remove_all
go 1.13

6
cmd/qliksense/about.go
View File

@@ -19,7 +19,7 @@ func about(q *qliksense.Qliksense) *cobra.Command {
c := &cobra.Command{
Use: "about ref",
Short: "Displays information pertaining to qliksense on Kubernetes",
Short: "Displays information pertaining to Qliksense on Kubernetes",
Long: "Gives the version of QLik Sense on Kubernetes and versions of images.",
Example: `
qliksense about 1.0.0
@@ -39,7 +39,7 @@ qliksense about --profile=test
then get version information based on the default profile in the qliksense-k8s repo master
`,
RunE: func(cmd *cobra.Command, args []string) error {
if gitRef, err := getSingleArg(args); err != nil {
if gitRef, err := getAboutCommandGitRef(args); err != nil {
return err
} else if vout, err := q.About(gitRef, opts.Profile); err != nil {
return err
@@ -56,7 +56,7 @@ qliksense about --profile=test
return c
}
func getSingleArg(args []string) (string, error) {
func getAboutCommandGitRef(args []string) (string, error) {
if len(args) > 1 {
return "", errors.New("too many arguments, only 1 expected")
} else if len(args) == 1 {

33
cmd/qliksense/apply.go
View File

@@ -1,44 +1,37 @@
package main
import (
"io"
"github.com/qlik-oss/sense-installer/pkg/qliksense"
"github.com/spf13/cobra"
)
func applyCmd(q *qliksense.Qliksense) *cobra.Command {
opts := &qliksense.InstallCommandOptions{
CleanPatchFiles: true,
}
opts := &qliksense.InstallCommandOptions{}
filePath := ""
keepPatchFiles := false
c := &cobra.Command{
Use: "apply",
Short: "install qliksense based on provided cr file",
Long: `install qliksense based on provided cr file`,
Example: `qliksense apply -f file_name or cat cr_file | qliksense apply -f -`,
RunE: func(cmd *cobra.Command, args []string) error {
return apply(q, cmd, opts)
return runLoadOrApplyCommandE(cmd, func(reader io.Reader) error {
return q.ApplyCRFromReader(reader, opts, keepPatchFiles, true)
})
},
}
f := c.Flags()
f.StringVarP(&filePath, "file", "f", "", "Install from a CR file")
c.MarkFlagRequired("file")
f.StringVarP(&opts.StorageClass, "storageClass", "s", "", "Storage class for qliksense")
f.StringVarP(&opts.MongodbUri, "mongodbUri", "m", "", "mongodbUri for qliksense (i.e. mongodb://qlik-default-mongodb:27017/qliksense?ssl=false)")
f.BoolVar(&opts.CleanPatchFiles, cleanPatchFilesFlagName, opts.CleanPatchFiles, cleanPatchFilesFlagUsage)
f.BoolVarP(&opts.Pull, pullFlagName, pullFlagShorthand, opts.Pull, pullFlagUsage)
f.BoolVarP(&opts.Push, pushFlagName, pushFlagShorthand, opts.Push, pushFlagUsage)
f.StringVarP(&opts.AcceptEULA, "acceptEULA", "a", opts.AcceptEULA, "Accept EULA for qliksense")
f.StringVarP(&opts.MongoDbUri, "mongoDbUri", "m", "", "mongoDbUri for qliksense (i.e. mongodb://qlik-default-mongodb:27017/qliksense?ssl=false)")
f.StringVarP(&opts.RotateKeys, "rotateKeys", "r", "", "Rotate JWT keys for qliksense (yes:rotate keys/ no:use exising keys from cluster/ None: use default EJSON_KEY from env")
f.BoolVar(&keepPatchFiles, keepPatchFilesFlagName, keepPatchFiles, keepPatchFilesFlagUsage)
eulaPreRunHooks.addValidator(c.Name(), loadOrApplyCommandEulaPreRunHook)
if err := c.MarkFlagRequired("file"); err != nil {
panic(err)
}
return c
}
func apply(q *qliksense.Qliksense, cmd *cobra.Command, opts *qliksense.InstallCommandOptions) error {
if crBytes, err := getCrBytesFromFileFlag(cmd); err != nil {
return err
} else {
return q.ApplyCRFromBytes(crBytes, opts, true)
}
}

67
cmd/qliksense/context.go
View File

@@ -3,7 +3,6 @@ package main
import (
"errors"
"fmt"
"os"
qapi "github.com/qlik-oss/sense-installer/pkg/api"
@@ -69,30 +68,18 @@ func setConfigsCmd(q *qliksense.Qliksense) *cobra.Command {
var (
cmd *cobra.Command
)
base64Encoded := false
cmd = &cobra.Command{
Use: "set-configs",
Short: "set configurations into the qliksense context as key-value pairs",
Example: `
qliksense config set-configs <service_name>.<attribute>="<value>"
- The above configuration will be displayed in the CR
qliksense config set-configs <service_name>.<attribute>="<value" --base64
- if the value is base64 encoded
echo "something" | base64 | qliksense config set-configs <service_name>.<attribute> --base64
- value is coming from input pipe as base64 encoded
echo "something" | qliksense config set-configs <service_name>.<attribute>
- value is coming from input pipe
- The above configuration will be displayed in the CR
`,
RunE: func(cmd *cobra.Command, args []string) error {
if isInputFromPipe() && len(args) == 1 {
return q.SetConfigFromReader(args[0], os.Stdin, base64Encoded)
}
return q.SetConfigs(args, base64Encoded)
return q.SetConfigs(args)
},
}
f := cmd.Flags()
f.BoolVarP(&base64Encoded, "base64", "", false, "if the arguments value is base64 encoded")
return cmd
}
@@ -101,7 +88,7 @@ func setSecretsCmd(q *qliksense.Qliksense) *cobra.Command {
cmd *cobra.Command
secret bool
)
base64Encoded := false
cmd = &cobra.Command{
Use: "set-secrets",
Short: "set secrets configurations into the qliksense context as key-value pairs",
@@ -114,24 +101,13 @@ qliksense config set-secrets <service_name>.<attribute>="<value>" --secret=true
qliksense config set-secrets <service_name>.<attribute>="<value>" --secret=false
- Encrypt the secret value and display it in the current context
- No secret resource is created
- The above configuration will be displayed in the CR
qliksense config set-secrets <service_name>.<attribute>="<value>" --base64
- the <value> is base64 encoded
echo "something" | base64 | qliksense config set-secrets <service_name>.<attribute> --base64
- value coming from input pipe as base64 encoded
echo "something" | qliksense config set-secrets <service_name>.<attribute>
- value coming from input pipe`,
- The above configuration will be displayed in the CR `,
RunE: func(cmd *cobra.Command, args []string) error {
if isInputFromPipe() && len(args) == 1 {
return q.SetSecretsFromReader(args[0], os.Stdin, secret, base64Encoded)
}
return q.SetSecrets(args, secret, base64Encoded)
return q.SetSecrets(args, secret)
},
}
f := cmd.Flags()
f.BoolVar(&secret, "secret", false, "Whether secrets should be encrypted as a Kubernetes Secret resource")
f.BoolVarP(&base64Encoded, "base64", "", false, "if the arguments value is base64 encoded")
return cmd
}
@@ -139,18 +115,15 @@ func deleteContextConfigCmd(q *qliksense.Qliksense) *cobra.Command {
var (
cmd *cobra.Command
)
skipConfirmation := false
cmd = &cobra.Command{
Use: "delete-context",
Short: "deletes a specific context locally (not in-cluster)",
Example: `qliksense config delete-contexts <context_name>`,
RunE: func(cmd *cobra.Command, args []string) error {
return q.DeleteContextConfig(args, skipConfirmation)
return q.DeleteContextConfig(args)
},
}
f := cmd.Flags()
f.BoolVar(&skipConfirmation, "yes", skipConfirmation, "skips confirmation")
return cmd
}
@@ -220,27 +193,3 @@ func cleanConfigRepoPatchesCmd(q *qliksense.Qliksense) *cobra.Command {
},
}
}
func unsetCmd(q *qliksense.Qliksense) *cobra.Command {
cmd := &cobra.Command{
Use: "unset",
Short: "remove a key from a context or a secrets or a configs from the context",
Example: `
# remove the key from CR
qliksense config unset <key>
# remove the key from service inside configs/secrets of CR
qliksense config unset <service>.<key>
# remove the service from inside configs/secrets of CR
qliksense config usnet <servcie>
all of the above supports space separated multiple arguments
`,
RunE: func(cmd *cobra.Command, args []string) error {
return q.UnsetCmd(args)
},
Args: cobra.MinimumNArgs(1),
}
return cmd
}

20
cmd/qliksense/crds.go
View File

@@ -12,35 +12,31 @@ var crdsCmd = &cobra.Command{
}
func crdsViewCmd(q *qliksense.Qliksense) *cobra.Command {
opts := &qliksense.CrdCommandOptions{
All: true,
}
opts := &qliksense.CrdCommandOptions{}
c := &cobra.Command{
Use: "view",
Short: "View CRDs for qliksense application. Use view --all=false to exclude the operator CRD",
Long: "View CRDs for qliksense application. Use view --all=false to exclude the operator CRD",
Short: "View CRDs for qliksense application. use view --all to see opearator crd as well ",
Long: `View CRDs for qliksense application. use view --all to see opearator crd as well`,
RunE: func(cmd *cobra.Command, args []string) error {
return q.ViewCrds(opts)
},
}
f := c.Flags()
f.BoolVarP(&opts.All, "all", "", opts.All, "If set to false, then the operator CRD is excluded")
f.BoolVarP(&opts.All, "all", "", false, "Include All CRDs")
return c
}
func crdsInstallCmd(q *qliksense.Qliksense) *cobra.Command {
opts := &qliksense.CrdCommandOptions{
All: true,
}
opts := &qliksense.CrdCommandOptions{}
c := &cobra.Command{
Use: "install",
Short: "Install CRDs for qliksense application. Use install --all=false to exclude the operator CRD",
Long: "Install CRDs for qliksense application. Use install --all=false to exclude the operator CRD",
Short: "Install CRDs fro Qliksense application. Use install --all to include operator crd",
Long: `Install CRDs fro Qliksense application. Use install --all to include operator crd`,
RunE: func(cmd *cobra.Command, args []string) error {
return q.InstallCrds(opts)
},
}
f := c.Flags()
f.BoolVarP(&opts.All, "all", "", opts.All, "If set to false, then the operator CRD is excluded")
f.BoolVarP(&opts.All, "all", "", false, "Include All CRDs")
return c
}

105
cmd/qliksense/eula.go Normal file
View File

@@ -0,0 +1,105 @@
package main
import (
"fmt"
"os"
"strings"
"github.com/mattn/go-tty"
qapi "github.com/qlik-oss/sense-installer/pkg/api"
"github.com/qlik-oss/sense-installer/pkg/qliksense"
"github.com/spf13/cobra"
)
type eulaPreRunHooksT struct {
validators map[string]func(cmd *cobra.Command, q *qliksense.Qliksense) (bool, error)
postValidationArtifacts map[string]interface{}
}
func (e *eulaPreRunHooksT) addValidator(command string, validator func(cmd *cobra.Command, q *qliksense.Qliksense) (bool, error)) {
e.validators[command] = validator
}
func (e *eulaPreRunHooksT) getValidator(command string) func(cmd *cobra.Command, q *qliksense.Qliksense) (bool, error) {
if validator, ok := e.validators[command]; ok {
return validator
}
return nil
}
func (e *eulaPreRunHooksT) addPostValidationArtifact(artifactName string, artifact interface{}) {
e.postValidationArtifacts[artifactName] = artifact
}
func (e *eulaPreRunHooksT) getPostValidationArtifact(artifactName string) interface{} {
if artifact, ok := e.postValidationArtifacts[artifactName]; ok {
return artifact
}
return nil
}
var eulaEnforced = os.Getenv("QLIKSENSE_EULA_ENFORCE") == "true"
var eulaText = "Please read the end user license agreement at: https://www.qlik.com/us/legal/license-terms"
var eulaPrompt = "Do you accept our EULA? (y/n): "
var eulaErrorInstruction = `You must enter "y" to continue`
var eulaPreRunHooks = eulaPreRunHooksT{
validators: make(map[string]func(cmd *cobra.Command, q *qliksense.Qliksense) (bool, error)),
postValidationArtifacts: make(map[string]interface{}),
}
func commandAlwaysRequiresEulaAcceptance(commandName string) bool {
return commandName == "install" || commandName == "upgrade" || commandName == "apply"
}
func globalEulaPreRun(cmd *cobra.Command, q *qliksense.Qliksense) {
if isEulaEnforced(cmd.Name()) {
if strings.TrimSpace(strings.ToLower(cmd.Flag("acceptEULA").Value.String())) != "yes" {
if eulaPreRunHook := eulaPreRunHooks.getValidator(cmd.Name()); eulaPreRunHook != nil {
if eulaAccepted, err := eulaPreRunHook(cmd, q); err != nil {
panic(err)
} else if !eulaAccepted {
doEnforceEula()
}
} else if qConfig, err := qapi.NewQConfigE(q.QliksenseHome); err != nil {
doEnforceEula()
} else if qcr, err := qConfig.GetCurrentCR(); err != nil || !qcr.IsEULA() {
doEnforceEula()
}
}
}
}
func globalEulaPostRun(cmd *cobra.Command, q *qliksense.Qliksense) {
if isEulaEnforced(cmd.Name()) {
if err := q.SetEulaAccepted(); err != nil {
panic(err)
}
}
}
func isEulaEnforced(commandName string) bool {
return eulaEnforced || commandAlwaysRequiresEulaAcceptance(commandName)
}
func doEnforceEula() {
fmt.Println(eulaText)
fmt.Print(eulaPrompt)
answer := readRuneFromTty()
if strings.ToLower(answer) != "y" {
fmt.Println(eulaErrorInstruction)
os.Exit(1)
}
}
func readRuneFromTty() string {
t, err := tty.Open()
if err != nil {
panic(err)
}
defer t.Close()
answer, err := t.ReadString()
if err != nil {
panic(err)
}
return answer
}

26
cmd/qliksense/fetch.go
View File

@@ -1,30 +1,26 @@
package main
import (
"errors"
"github.com/qlik-oss/sense-installer/pkg/qliksense"
"github.com/spf13/cobra"
)
func fetchCmd(q *qliksense.Qliksense) *cobra.Command {
opts := &qliksense.FetchCommandOptions{}
c := &cobra.Command{
Use: "fetch",
Short: "fetch a release from qliksense-k8s repo, if version not supplied, will use from context",
Long: `fetch a release from qliksense-k8s repo, if version not supplied, will use from context`,
Example: `qliksense fetch [version]`,
RunE: func(cmd *cobra.Command, args []string) error {
if len(args) == 1 {
opts.Version = args[0]
Short: "fetch a release from qliksense-k8s repo",
Long: `fetch a release from qliksense-k8s repo`,
Example: `qliksense fetch <version>`,
Args: func(cmd *cobra.Command, args []string) error {
if len(args) != 1 {
return errors.New("requires a version (i.e. v1.0.0)")
}
return q.FetchK8sWithOpts(opts)
return nil
},
RunE: func(cmd *cobra.Command, args []string) error {
return q.FetchQK8s(args[0])
},
}
f := c.Flags()
f.StringVarP(&opts.GitUrl, "url", "", "", "git url from where configuration will be pulled")
f.StringVarP(&opts.AccessToken, "accessToken", "", "", "access token for git url")
f.StringVarP(&opts.SecretName, "secretName", "", "", "kubernetes secret name where a key name accessToken exist")
f.BoolVarP(&opts.Overwrite, "overwrite", "", false, "Ovewrite previously fetched veersion as well as local chagnes")
return c
}

40
cmd/qliksense/install.go
View File

@@ -6,47 +6,27 @@ import (
)
func installCmd(q *qliksense.Qliksense) *cobra.Command {
opts := &qliksense.InstallCommandOptions{
CleanPatchFiles: true,
}
filePath := ""
opts := &qliksense.InstallCommandOptions{}
keepPatchFiles := false
c := &cobra.Command{
Use: "install",
Short: "install a qliksense release",
Long: `install a qliksense release`,
Example: `qliksense install <version> #if no version provides, expect manifestsRoot is set somewhere in the file system
# qliksense install -f file_name or cat cr_file | qliksense install -f -
`,
Use: "install",
Short: "install a qliksense release",
Long: `install a qliksense release`,
Example: `qliksense install <version> #if no version provides, expect manifestsRoot is set somewhere in the file system`,
RunE: func(cmd *cobra.Command, args []string) error {
version := ""
if len(args) != 0 {
version = args[0]
}
if filePath != "" {
if err := apply(q, cmd, opts); err != nil {
return err
}
} else {
if err := q.InstallQK8s(version, opts); err != nil {
return err
}
}
postflightChecksCmd := AllPostflightChecks(q)
postflightChecksCmd.DisableFlagParsing = true
return postflightChecksCmd.Execute()
return q.InstallQK8s(version, opts, keepPatchFiles)
},
}
f := c.Flags()
f.StringVarP(&filePath, "file", "f", "", "Install from a CR file")
f.StringVarP(&opts.StorageClass, "storageClass", "s", "", "Storage class for qliksense")
f.StringVarP(&opts.MongodbUri, "mongodbUri", "m", "", "mongodbUri for qliksense (i.e. mongodb://qlik-default-mongodb:27017/qliksense?ssl=false)")
f.BoolVar(&opts.CleanPatchFiles, cleanPatchFilesFlagName, opts.CleanPatchFiles, cleanPatchFilesFlagUsage)
f.BoolVarP(&opts.Pull, pullFlagName, pullFlagShorthand, opts.Pull, pullFlagUsage)
f.BoolVarP(&opts.Push, pushFlagName, pushFlagShorthand, opts.Push, pushFlagUsage)
f.StringVarP(&opts.AcceptEULA, "acceptEULA", "a", opts.AcceptEULA, "Accept EULA for qliksense")
f.BoolVarP(&opts.DryRun, "dry-run", "", false, "Dry run will generate the patches without rotating keys")
f.StringVarP(&opts.MongoDbUri, "mongoDbUri", "m", "", "mongoDbUri for qliksense (i.e. mongodb://qlik-default-mongodb:27017/qliksense?ssl=false)")
f.StringVarP(&opts.RotateKeys, "rotateKeys", "r", "", "Rotate JWT keys for qliksense (yes:rotate keys/ no:use exising keys from cluster/ None: use default EJSON_KEY from env")
f.BoolVar(&keepPatchFiles, keepPatchFilesFlagName, keepPatchFiles, keepPatchFilesFlagUsage)
return c
}

31
cmd/qliksense/keys.go
View File

@@ -1,31 +0,0 @@
package main
import (
"github.com/qlik-oss/sense-installer/pkg/qliksense"
"github.com/spf13/cobra"
)
var keysCmd = &cobra.Command{
Use: "keys",
Short: "keys for qliksense",
}
func keysRotateCmd(q *qliksense.Qliksense) *cobra.Command {
c := &cobra.Command{
Use: "rotate",
Short: "Rotate qliksense application keys",
RunE: func(cmd *cobra.Command, args []string) error {
if err := q.InstallQK8s("", &qliksense.InstallCommandOptions{
CleanPatchFiles: true,
RotateKeys: true,
}); err != nil {
return err
} else {
postFlightChecksCmd := AllPostflightChecks(q)
postFlightChecksCmd.DisableFlagParsing = true
return postFlightChecksCmd.Execute()
}
},
}
return c
}

63
cmd/qliksense/load.go
View File

@@ -1,6 +1,8 @@
package main
import (
"bytes"
"io"
"io/ioutil"
"os"
@@ -18,48 +20,65 @@ func loadCrFile(q *qliksense.Qliksense) *cobra.Command {
Long: `load a CR a file and create necessary structure for future use`,
Example: `qliksense load -f file_name or cat cr_file | qliksense load -f -`,
RunE: func(cmd *cobra.Command, args []string) error {
if crBytes, err := getCrBytesFromFileFlag(cmd); err != nil {
return err
} else {
return q.LoadCr(crBytes, overwriteExistingContext)
}
return runLoadOrApplyCommandE(cmd, func(reader io.Reader) error {
return q.LoadCr(reader, overwriteExistingContext)
})
},
}
f := c.Flags()
f.StringVarP(&filePath, "file", "f", "", "File to load CR from")
c.MarkFlagRequired("file")
f.BoolVarP(&overwriteExistingContext, "overwrite", "o", overwriteExistingContext, "Overwrite any existing contexts with the same name")
if err := c.MarkFlagRequired("file"); err != nil {
panic(err)
}
eulaPreRunHooks.addValidator(c.Name(), loadOrApplyCommandEulaPreRunHook)
return c
}
func isInputFromPipe() bool {
fileInfo, _ := os.Stdin.Stat()
return fileInfo.Mode()&os.ModeCharDevice == 0
}
func getCrFileFromFlag(cmd *cobra.Command, flagName string) (*os.File, error) {
filePath := cmd.Flag(flagName).Value.String()
if filePath == "-" {
if !isInputFromPipe() {
return nil, errors.New("No input pipe present")
} else {
return os.Stdin, nil
}
} else if file, err := os.Open(filePath); err != nil {
return nil, errors.Wrapf(err, "unable to read the file %s", filePath)
return os.Stdin, nil
}
file, e := os.Open(filePath)
if e != nil {
return nil, errors.Wrapf(e,
"unable to read the file %s", filePath)
}
return file, nil
}
func isInputFromPipe() bool {
fileInfo, _ := os.Stdin.Stat()
return fileInfo.Mode()&os.ModeCharDevice == 0
}
func loadOrApplyCommandEulaPreRunHook(cmd *cobra.Command, q *qliksense.Qliksense) (bool, error) {
file, err := getCrFileFromFlag(cmd, "file")
if err != nil {
return false, err
}
defer file.Close()
if crBytes, err := ioutil.ReadAll(file); err != nil {
return false, err
} else {
return file, nil
eulaPreRunHooks.addPostValidationArtifact("CR", crBytes)
return q.IsEulaAcceptedInCrFile(bytes.NewBuffer(crBytes))
}
}
func getCrBytesFromFileFlag(cmd *cobra.Command) ([]byte, error) {
if file, err := getCrFileFromFlag(cmd, "file"); err != nil {
return nil, err
func runLoadOrApplyCommandE(cmd *cobra.Command, callBack func(io.Reader) error) error {
if crBytes := eulaPreRunHooks.getPostValidationArtifact("CR"); crBytes != nil {
return callBack(bytes.NewBuffer(crBytes.([]byte)))
} else {
file, err := getCrFileFromFlag(cmd, "file")
if err != nil {
return err
}
defer file.Close()
return ioutil.ReadAll(file)
return callBack(file)
}
}

96
cmd/qliksense/postflight.go
View File

@@ -1,96 +0,0 @@
package main
import (
"fmt"
. "github.com/logrusorgru/aurora"
ansi "github.com/mattn/go-colorable"
"github.com/qlik-oss/sense-installer/pkg/api"
postflight "github.com/qlik-oss/sense-installer/pkg/postflight"
"github.com/qlik-oss/sense-installer/pkg/qliksense"
"github.com/spf13/cobra"
)
func postflightCmd(q *qliksense.Qliksense) *cobra.Command {
postflightOpts := &postflight.PostflightOptions{}
var postflightCmd = &cobra.Command{
Use: "postflight",
Short: "perform postflight checks on the cluster",
Long: `perform postflight checks on the cluster`,
Example: `qliksense postflight <postflight_check_to_run>`,
}
f := postflightCmd.Flags()
f.BoolVarP(&postflightOpts.Verbose, "verbose", "v", false, "verbose mode")
return postflightCmd
}
func postflightMigrationCheck(q *qliksense.Qliksense) *cobra.Command {
out := ansi.NewColorableStdout()
postflightOpts := &postflight.PostflightOptions{}
var postflightMigrationCmd = &cobra.Command{
Use: "db-migration-check",
Short: "check mongodb migration status on the cluster",
Long: `check mongodb migration status on the cluster`,
Example: `qliksense postflight db-migration-check`,
RunE: func(cmd *cobra.Command, args []string) error {
pf := &postflight.QliksensePostflight{Q: q, P: postflightOpts, CG: &api.ClientGoUtils{Verbose: postflightOpts.Verbose}}
// Postflight db_migration_check
namespace, kubeConfigContents, err := pf.CG.LoadKubeConfigAndNamespace()
if err != nil {
fmt.Fprintf(out, "%s\n", Red("Postflight db_migration_check FAILED"))
fmt.Printf("Error: %v\n", err)
return nil
}
if namespace == "" {
namespace = "default"
}
if err = pf.DbMigrationCheck(namespace, kubeConfigContents); err != nil {
fmt.Fprintf(out, "%s\n", Red("Postflight db_migration_check FAILED"))
fmt.Printf("Error: %v\n", err)
return nil
}
fmt.Fprintf(out, "%s\n", Green("Postflight db_migration_check completed"))
return nil
},
}
f := postflightMigrationCmd.Flags()
f.BoolVarP(&postflightOpts.Verbose, "verbose", "v", false, "verbose mode")
return postflightMigrationCmd
}
func AllPostflightChecks(q *qliksense.Qliksense) *cobra.Command {
out := ansi.NewColorableStdout()
postflightOpts := &postflight.PostflightOptions{}
var postflightAllChecksCmd = &cobra.Command{
Use: "all",
Short: "perform all checks",
Long: `perform all postflight checks`,
Example: `qliksense postflight all`,
RunE: func(cmd *cobra.Command, args []string) error {
pf := &postflight.QliksensePostflight{Q: q, P: postflightOpts, CG: &api.ClientGoUtils{Verbose: postflightOpts.Verbose}}
// run all postflight checks
fmt.Printf("Running all postflight checks...\n\n")
namespace, kubeConfigContents, err := pf.CG.LoadKubeConfigAndNamespace()
if err != nil {
fmt.Fprintf(out, "%s\n", Red("Unable to run all postflight checks"))
fmt.Printf("Error: %v\n", err)
return nil
}
if namespace == "" {
namespace = "default"
}
if err = pf.RunAllPostflightChecks(namespace, kubeConfigContents, postflightOpts); err != nil {
fmt.Fprintf(out, "%s\n", Red("1 or more preflight checks have FAILED"))
fmt.Printf("Completed running all postflight checks")
return nil
}
fmt.Fprintf(out, "%s\n", Green("All postflight checks have PASSED"))
return nil
},
}
f := postflightAllChecksCmd.Flags()
f.BoolVarP(&postflightOpts.Verbose, "verbose", "v", false, "verbose mode")
return postflightAllChecksCmd
}

393
cmd/qliksense/preflight.go
View File

@@ -2,10 +2,8 @@ package main
import (
"fmt"
"log"
. "github.com/logrusorgru/aurora"
ansi "github.com/mattn/go-colorable"
"github.com/qlik-oss/sense-installer/pkg/api"
"github.com/qlik-oss/sense-installer/pkg/preflight"
"github.com/qlik-oss/sense-installer/pkg/qliksense"
@@ -13,501 +11,340 @@ import (
)
func preflightCmd(q *qliksense.Qliksense) *cobra.Command {
preflightOpts := &preflight.PreflightOptions{
MongoOptions: &preflight.MongoOptions{},
}
var preflightCmd = &cobra.Command{
Use: "preflight",
Short: "perform preflight checks on the cluster",
Long: `perform preflight checks on the cluster`,
Example: `qliksense preflight <preflight_check_to_run>`,
}
f := preflightCmd.Flags()
f.BoolVarP(&preflightOpts.Verbose, "verbose", "v", false, "verbose mode")
return preflightCmd
}
func pfDnsCheckCmd(q *qliksense.Qliksense) *cobra.Command {
out := ansi.NewColorableStdout()
preflightOpts := &preflight.PreflightOptions{
MongoOptions: &preflight.MongoOptions{},
}
var preflightDnsCmd = &cobra.Command{
Use: "dns",
Short: "perform preflight dns check",
Long: `perform preflight dns check to check DNS connectivity status in the cluster`,
Example: `qliksense preflight dns`,
RunE: func(cmd *cobra.Command, args []string) error {
qp := &preflight.QliksensePreflight{Q: q, P: preflightOpts, CG: &api.ClientGoUtils{Verbose: preflightOpts.Verbose}}
qp := &preflight.QliksensePreflight{Q: q}
// Preflight DNS check
namespace, kubeConfigContents, err := qp.CG.LoadKubeConfigAndNamespace()
fmt.Printf("Preflight DNS check\n")
fmt.Println("---------------------")
namespace, kubeConfigContents, err := preflight.InitPreflight()
if err != nil {
fmt.Fprintf(out, "%s\n", Red("FAILED"))
fmt.Printf("Error: %v\n", err)
return nil
fmt.Printf("Preflight DNS check FAILED\n")
log.Fatal(err)
}
if namespace == "" {
namespace = "default"
}
if err = qp.CheckDns(namespace, kubeConfigContents, false); err != nil {
fmt.Fprintf(out, "%s\n", Red("FAILED"))
fmt.Printf("Error: %v\n", err)
return nil
if err = qp.CheckDns(namespace, kubeConfigContents); err != nil {
fmt.Println(err)
fmt.Print("Preflight DNS check FAILED\n")
log.Fatal()
}
fmt.Fprintf(out, "%s\n", Green("PASSED"))
return nil
},
}
f := preflightDnsCmd.Flags()
f.BoolVarP(&preflightOpts.Verbose, "verbose", "v", false, "verbose mode")
return preflightDnsCmd
}
func pfK8sVersionCheckCmd(q *qliksense.Qliksense) *cobra.Command {
out := ansi.NewColorableStdout()
preflightOpts := &preflight.PreflightOptions{
MongoOptions: &preflight.MongoOptions{},
}
var preflightCheckK8sVersionCmd = &cobra.Command{
Use: "k8s-version",
Use: "kube-version",
Short: "check kubernetes version",
Long: `check minimum valid kubernetes version on the cluster`,
Example: `qliksense preflight k8s-version`,
Example: `qliksense preflight kube-version`,
RunE: func(cmd *cobra.Command, args []string) error {
qp := &preflight.QliksensePreflight{Q: q, P: preflightOpts, CG: &api.ClientGoUtils{Verbose: preflightOpts.Verbose}}
qp := &preflight.QliksensePreflight{Q: q}
// Preflight Kubernetes minimum version check
namespace, kubeConfigContents, err := qp.CG.LoadKubeConfigAndNamespace()
fmt.Printf("Preflight kubernetes minimum version check\n")
fmt.Println("------------------------------------------")
namespace, kubeConfigContents, err := preflight.InitPreflight()
if err != nil {
fmt.Fprintf(out, "%s\n", Red("FAILED"))
fmt.Printf("Error: %v\n", err)
return nil
fmt.Printf("Preflight kubernetes minimum version check FAILED\n")
log.Fatal(err)
}
if err = qp.CheckK8sVersion(namespace, kubeConfigContents); err != nil {
fmt.Fprintf(out, "%s\n", Red("FAILED"))
fmt.Printf("Error: %v\n", err)
return nil
fmt.Println(err)
fmt.Printf("Preflight kubernetes minimum version check FAILED\n")
log.Fatal()
}
fmt.Fprintf(out, "%s\n", Green("PASSED"))
return nil
},
}
f := preflightCheckK8sVersionCmd.Flags()
f.BoolVarP(&preflightOpts.Verbose, "verbose", "v", false, "verbose mode")
return preflightCheckK8sVersionCmd
}
func pfAllChecksCmd(q *qliksense.Qliksense) *cobra.Command {
out := ansi.NewColorableStdout()
preflightOpts := &preflight.PreflightOptions{
MongoOptions: &preflight.MongoOptions{},
}
var mongodbUrl string
var preflightAllChecksCmd = &cobra.Command{
Use: "all",
Short: "perform all checks",
Long: `perform all preflight checks on the target cluster`,
Example: `qliksense preflight all`,
RunE: func(cmd *cobra.Command, args []string) error {
qp := &preflight.QliksensePreflight{Q: q, P: preflightOpts, CG: &api.ClientGoUtils{Verbose: preflightOpts.Verbose}}
qp := &preflight.QliksensePreflight{Q: q}
// Preflight run all checks
fmt.Printf("Running all preflight checks...\n\n")
namespace, kubeConfigContents, err := qp.CG.LoadKubeConfigAndNamespace()
fmt.Printf("Running all preflight checks\n")
namespace, kubeConfigContents, err := preflight.InitPreflight()
if err != nil {
fmt.Fprintf(out, "%s\n", Red("Unable to run the preflight checks suite"))
fmt.Printf("Error: %v\n", err)
return nil
fmt.Println(err)
fmt.Printf("Running preflight check suite has FAILED...\n")
log.Fatal()
}
if namespace == "" {
namespace = "default"
}
if err = qp.RunAllPreflightChecks(kubeConfigContents, namespace, preflightOpts); err != nil {
fmt.Fprintf(out, "%s\n", Red("1 or more preflight checks have FAILED"))
fmt.Println("Completed running all preflight checks")
return nil
}
fmt.Fprintf(out, "%s\n\n", Green("All preflight checks have PASSED"))
qp.RunAllPreflightChecks(namespace, kubeConfigContents, mongodbUrl)
return nil
},
}
f := preflightAllChecksCmd.Flags()
f.BoolVarP(&preflightOpts.Verbose, "verbose", "v", false, "verbose mode")
f.StringVarP(&preflightOpts.MongoOptions.MongodbUrl, "mongodb-url", "", "", "mongodbUrl to try connecting to")
f.StringVarP(&preflightOpts.MongoOptions.CaCertFile, "mongodb-ca-cert", "", "", "certificate to use for mongodb check")
f.StringVarP(&mongodbUrl, "mongodb-url", "", "", "mongodbUrl to try connecting to")
return preflightAllChecksCmd
}
func pfDeploymentCheckCmd(q *qliksense.Qliksense) *cobra.Command {
out := ansi.NewColorableStdout()
preflightOpts := &preflight.PreflightOptions{
MongoOptions: &preflight.MongoOptions{},
}
var pfDeploymentCheckCmd = &cobra.Command{
Use: "deployment",
Short: "perform preflight deployment check",
Short: "perform preflight deploymwnt check",
Long: `perform preflight deployment check to ensure that we can create deployments in the cluster`,
Example: `qliksense preflight deployment`,
RunE: func(cmd *cobra.Command, args []string) error {
qp := &preflight.QliksensePreflight{Q: q, P: preflightOpts, CG: &api.ClientGoUtils{Verbose: preflightOpts.Verbose}}
qp := &preflight.QliksensePreflight{Q: q}
// Preflight deployments check
namespace, kubeConfigContents, err := qp.CG.LoadKubeConfigAndNamespace()
fmt.Printf("Preflight deployment check\n")
fmt.Println("--------------------------")
namespace, kubeConfigContents, err := preflight.InitPreflight()
if err != nil {
fmt.Fprintf(out, "%s\n", Red("FAILED"))
fmt.Printf("Error: %v\n", err)
return nil
fmt.Printf("Preflight deployment check FAILED\n")
log.Fatal(err)
}
if namespace == "" {
namespace = "default"
}
if err = qp.CheckDeployment(namespace, kubeConfigContents, false); err != nil {
fmt.Fprintf(out, "%s\n", Red("FAILED"))
fmt.Printf("Error: %v\n", err)
return nil
if err = qp.CheckDeployment(namespace, kubeConfigContents); err != nil {
fmt.Println(err)
fmt.Print("Preflight deploy check FAILED\n")
log.Fatal()
}
fmt.Fprintf(out, "%s\n", Green("PASSED"))
return nil
},
}
f := pfDeploymentCheckCmd.Flags()
f.BoolVarP(&preflightOpts.Verbose, "verbose", "v", false, "verbose mode")
return pfDeploymentCheckCmd
}
func pfServiceCheckCmd(q *qliksense.Qliksense) *cobra.Command {
out := ansi.NewColorableStdout()
preflightOpts := &preflight.PreflightOptions{
MongoOptions: &preflight.MongoOptions{},
}
var pfServiceCheckCmd = &cobra.Command{
Use: "service",
Short: "perform preflight service check",
Long: `perform preflight service check to ensure that we are able to create services in the cluster`,
Example: `qliksense preflight service`,
RunE: func(cmd *cobra.Command, args []string) error {
qp := &preflight.QliksensePreflight{Q: q, P: preflightOpts, CG: &api.ClientGoUtils{Verbose: preflightOpts.Verbose}}
qp := &preflight.QliksensePreflight{Q: q}
// Preflight service check
namespace, kubeConfigContents, err := qp.CG.LoadKubeConfigAndNamespace()
fmt.Printf("Preflight service check\n")
fmt.Println("-----------------------")
namespace, kubeConfigContents, err := preflight.InitPreflight()
if err != nil {
fmt.Fprintf(out, "%s\n", Red("FAILED"))
fmt.Printf("Error: %v\n", err)
return nil
fmt.Printf("Preflight service check FAILED\n")
log.Fatal(err)
}
if namespace == "" {
namespace = "default"
}
if err = qp.CheckService(namespace, kubeConfigContents, false); err != nil {
fmt.Fprintf(out, "%s\n", Red("FAILED"))
fmt.Printf("Error: %v\n", err)
return nil
if err = qp.CheckService(namespace, kubeConfigContents); err != nil {
fmt.Println(err)
fmt.Print("Preflight service check FAILED\n")
log.Fatal()
}
fmt.Fprintf(out, "%s\n", Green("PASSED"))
return nil
},
}
f := pfServiceCheckCmd.Flags()
f.BoolVarP(&preflightOpts.Verbose, "verbose", "v", false, "verbose mode")
return pfServiceCheckCmd
}
func pfPodCheckCmd(q *qliksense.Qliksense) *cobra.Command {
out := ansi.NewColorableStdout()
preflightOpts := &preflight.PreflightOptions{
MongoOptions: &preflight.MongoOptions{},
}
var pfPodCheckCmd = &cobra.Command{
Use: "pod",
Short: "perform preflight pod check",
Long: `perform preflight pod check to ensure we can create pods in the cluster`,
Example: `qliksense preflight pod`,
RunE: func(cmd *cobra.Command, args []string) error {
qp := &preflight.QliksensePreflight{Q: q, P: preflightOpts, CG: &api.ClientGoUtils{Verbose: preflightOpts.Verbose}}
qp := &preflight.QliksensePreflight{Q: q}
// Preflight pod check
namespace, kubeConfigContents, err := qp.CG.LoadKubeConfigAndNamespace()
fmt.Printf("Preflight pod check\n")
fmt.Println("--------------------")
namespace, kubeConfigContents, err := preflight.InitPreflight()
if err != nil {
fmt.Fprintf(out, "%s\n", Red("FAILED"))
fmt.Printf("Error: %v\n", err)
return nil
fmt.Printf("Preflight pod check FAILED\n")
log.Fatal(err)
}
if namespace == "" {
namespace = "default"
}
if err = qp.CheckPod(namespace, kubeConfigContents, false); err != nil {
fmt.Fprintf(out, "%s\n", Red("FAILED"))
fmt.Printf("Error: %v\n", err)
return nil
if err = qp.CheckPod(namespace, kubeConfigContents); err != nil {
fmt.Println(err)
fmt.Print("Preflight pod check FAILED\n")
log.Fatal()
}
fmt.Fprintf(out, "%s\n", Green("PASSED"))
return nil
},
}
f := pfPodCheckCmd.Flags()
f.BoolVarP(&preflightOpts.Verbose, "verbose", "v", false, "verbose mode")
return pfPodCheckCmd
}
func pfCreateRoleCheckCmd(q *qliksense.Qliksense) *cobra.Command {
out := ansi.NewColorableStdout()
preflightOpts := &preflight.PreflightOptions{
MongoOptions: &preflight.MongoOptions{},
}
var preflightRoleCmd = &cobra.Command{
Use: "role",
Short: "preflight create role check",
Long: `perform preflight role check to ensure we are able to create a role in the cluster`,
Example: `qliksense preflight createRole`,
RunE: func(cmd *cobra.Command, args []string) error {
qp := &preflight.QliksensePreflight{Q: q, P: preflightOpts, CG: &api.ClientGoUtils{Verbose: preflightOpts.Verbose}}
qp := &preflight.QliksensePreflight{Q: q}
// Preflight role check
namespace, _, err := qp.CG.LoadKubeConfigAndNamespace()
fmt.Printf("Preflight role check\n")
fmt.Println("---------------------------")
namespace, _, err := preflight.InitPreflight()
if err != nil {
fmt.Fprintf(out, "%s\n", Red("FAILED"))
fmt.Printf("Error: %v\n", err)
return nil
fmt.Printf("Preflight role check FAILED\n")
log.Fatal(err)
}
if err = qp.CheckCreateRole(namespace, false); err != nil {
fmt.Fprintf(out, "%s\n", Red("FAILED"))
fmt.Printf("Error: %v\n", err)
return nil
if err = qp.CheckCreateRole(namespace); err != nil {
fmt.Println(err)
fmt.Print("Preflight role FAILED\n")
log.Fatal()
}
fmt.Fprintf(out, "%s\n", Green("PASSED"))
return nil
},
}
f := preflightRoleCmd.Flags()
f.BoolVarP(&preflightOpts.Verbose, "verbose", "v", false, "verbose mode")
return preflightRoleCmd
}
func pfCreateRoleBindingCheckCmd(q *qliksense.Qliksense) *cobra.Command {
out := ansi.NewColorableStdout()
preflightOpts := &preflight.PreflightOptions{
MongoOptions: &preflight.MongoOptions{},
}
var preflightRoleBindingCmd = &cobra.Command{
Use: "rolebinding",
Short: "preflight create rolebinding check",
Long: `perform preflight rolebinding check to ensure we are able to create a rolebinding in the cluster`,
Example: `qliksense preflight rolebinding`,
RunE: func(cmd *cobra.Command, args []string) error {
qp := &preflight.QliksensePreflight{Q: q, P: preflightOpts, CG: &api.ClientGoUtils{Verbose: preflightOpts.Verbose}}
qp := &preflight.QliksensePreflight{Q: q}
// Preflight createRoleBinding check
namespace, _, err := qp.CG.LoadKubeConfigAndNamespace()
fmt.Printf("Preflight rolebinding check\n")
fmt.Println("---------------------------")
namespace, _, err := preflight.InitPreflight()
if err != nil {
fmt.Fprintf(out, "%s\n", Red("FAILED"))
fmt.Printf("Error: %v\n", err)
return nil
fmt.Printf("Preflight rolebinding check FAILED\n")
log.Fatal(err)
}
if err = qp.CheckCreateRoleBinding(namespace, false); err != nil {
fmt.Fprintf(out, "%s\n", Red("FAILED"))
fmt.Printf("Error: %v\n", err)
return nil
if err = qp.CheckCreateRoleBinding(namespace); err != nil {
fmt.Println(err)
fmt.Print("Preflight rolebinding check FAILED\n")
log.Fatal()
}
fmt.Fprintf(out, "%s\n", Green("PASSED"))
return nil
},
}
f := preflightRoleBindingCmd.Flags()
f.BoolVarP(&preflightOpts.Verbose, "verbose", "v", false, "verbose mode")
return preflightRoleBindingCmd
}
func pfCreateServiceAccountCheckCmd(q *qliksense.Qliksense) *cobra.Command {
out := ansi.NewColorableStdout()
preflightOpts := &preflight.PreflightOptions{
MongoOptions: &preflight.MongoOptions{},
}
var preflightServiceAccountCmd = &cobra.Command{
Use: "serviceaccount",
Short: "preflight create serviceaccount check",
Short: "preflight create ServiceAccount check",
Long: `perform preflight serviceaccount check to ensure we are able to create a service account in the cluster`,
Example: `qliksense preflight serviceaccount`,
RunE: func(cmd *cobra.Command, args []string) error {
qp := &preflight.QliksensePreflight{Q: q, P: preflightOpts, CG: &api.ClientGoUtils{Verbose: preflightOpts.Verbose}}
qp := &preflight.QliksensePreflight{Q: q}
// Preflight createServiceAccount check
namespace, _, err := qp.CG.LoadKubeConfigAndNamespace()
fmt.Printf("Preflight ServiceAccount check\n")
fmt.Println("-------------------------------------")
namespace, _, err := preflight.InitPreflight()
if err != nil {
fmt.Fprintf(out, "%s\n", Red("FAILED"))
fmt.Printf("Error: %v\n", err)
return nil
fmt.Printf("Preflight serviceaccount check FAILED\n")
log.Fatal(err)
}
if err = qp.CheckCreateServiceAccount(namespace, false); err != nil {
fmt.Fprintf(out, "%s\n", Red("FAILED"))
fmt.Printf("Error: %v\n", err)
return nil
if err = qp.CheckCreateServiceAccount(namespace); err != nil {
fmt.Println(err)
fmt.Print("Preflight serviceaccount check FAILED\n")
log.Fatal()
}
fmt.Fprintf(out, "%s\n", Green("PASSED"))
return nil
},
}
f := preflightServiceAccountCmd.Flags()
f.BoolVarP(&preflightOpts.Verbose, "verbose", "v", false, "verbose mode")
return preflightServiceAccountCmd
}
func pfCreateAuthCheckCmd(q *qliksense.Qliksense) *cobra.Command {
out := ansi.NewColorableStdout()
preflightOpts := &preflight.PreflightOptions{
MongoOptions: &preflight.MongoOptions{},
}
var preflightCreateAuthCmd = &cobra.Command{
Use: "authcheck",
Short: "preflight authcheck",
Long: `perform preflight authcheck that combines the role, rolebinding and serviceaccount checks`,
Example: `qliksense preflight authcheck`,
RunE: func(cmd *cobra.Command, args []string) error {
qp := &preflight.QliksensePreflight{Q: q, P: preflightOpts, CG: &api.ClientGoUtils{Verbose: preflightOpts.Verbose}}
qp := &preflight.QliksensePreflight{Q: q}
// Preflight authcheck
namespace, kubeConfigContents, err := qp.CG.LoadKubeConfigAndNamespace()
fmt.Printf("Preflight authcheck\n")
fmt.Println("------------------------")
namespace, kubeConfigContents, err := preflight.InitPreflight()
if err != nil {
fmt.Fprintf(out, "%s\n", Red("FAILED"))
fmt.Printf("Error: %v\n", err)
return nil
fmt.Printf("Preflight authcheck FAILED\n")
log.Fatal(err)
}
if err = qp.CheckCreateRB(namespace, kubeConfigContents); err != nil {
fmt.Fprintf(out, "%s\n", Red("FAILED"))
fmt.Printf("Error: %v\n", err)
return nil
fmt.Println(err)
fmt.Print("Preflight authcheck FAILED\n")
log.Fatal()
}
fmt.Fprintf(out, "%s\n", Green("PASSED"))
return nil
},
}
f := preflightCreateAuthCmd.Flags()
f.BoolVarP(&preflightOpts.Verbose, "verbose", "v", false, "verbose mode")
return preflightCreateAuthCmd
}
func pfMongoCheckCmd(q *qliksense.Qliksense) *cobra.Command {
out := ansi.NewColorableStdout()
preflightOpts := &preflight.PreflightOptions{
MongoOptions: &preflight.MongoOptions{},
}
var mongodbUrl string
var preflightMongoCmd = &cobra.Command{
Use: "mongo",
Short: "preflight mongo OR preflight mongo --url=<url>",
Long: `perform preflight mongo check to ensure we are able to connect to a mongodb instance in the cluster`,
Example: `qliksense preflight mongo OR preflight mongo --url=<url>`,
RunE: func(cmd *cobra.Command, args []string) error {
qp := &preflight.QliksensePreflight{Q: q, P: preflightOpts, CG: &api.ClientGoUtils{Verbose: preflightOpts.Verbose}}
qp := &preflight.QliksensePreflight{Q: q}
// Preflight mongo check
namespace, kubeConfigContents, err := qp.CG.LoadKubeConfigAndNamespace()
fmt.Printf("Preflight mongo check\n")
fmt.Println("-------------------------------------")
namespace, kubeConfigContents, err := preflight.InitPreflight()
if err != nil {
fmt.Fprintf(out, "%s\n", Red("FAILED"))
fmt.Printf("Error: %v\n", err)
return nil
fmt.Printf("Preflight mongo check FAILED\n")
log.Fatal(err)
}
if namespace == "" {
namespace = "default"
}
if err = qp.CheckMongo(kubeConfigContents, namespace, preflightOpts, false); err != nil {
fmt.Fprintf(out, "%s\n", Red("FAILED"))
fmt.Printf("Error: %v\n", err)
return nil
if err = qp.CheckMongo(kubeConfigContents, namespace, mongodbUrl); err != nil {
fmt.Println(err)
fmt.Print("Preflight mongo check FAILED\n")
log.Fatal()
}
fmt.Fprintf(out, "%s\n", Green("PASSED"))
return nil
},
}
f := preflightMongoCmd.Flags()
f.BoolVarP(&preflightOpts.Verbose, "verbose", "v", false, "verbose mode")
f.StringVarP(&preflightOpts.MongoOptions.MongodbUrl, "url", "", "", "mongodbUrl to try connecting to")
f.StringVarP(&preflightOpts.MongoOptions.CaCertFile, "ca-cert", "", "", "ca certificate to use for mongodb check")
f.StringVarP(&mongodbUrl, "url", "", "", "mongodbUrl to try connecting to")
return preflightMongoCmd
}
func pfCleanupCmd(q *qliksense.Qliksense) *cobra.Command {
out := ansi.NewColorableStdout()
preflightOpts := &preflight.PreflightOptions{
MongoOptions: &preflight.MongoOptions{},
}
var pfCleanCmd = &cobra.Command{
Use: "clean",
Short: "perform preflight clean",
Long: `perform preflight clean to ensure that all resources are cleared up in the cluster`,
Example: `qliksense preflight clean`,
RunE: func(cmd *cobra.Command, args []string) error {
qp := &preflight.QliksensePreflight{Q: q, P: preflightOpts, CG: &api.ClientGoUtils{Verbose: preflightOpts.Verbose}}
// Preflight clean
namespace, kubeConfigContents, err := qp.CG.LoadKubeConfigAndNamespace()
if err != nil {
fmt.Fprintf(out, "%s\n", Red("Preflight cleanup FAILED"))
fmt.Printf("Error: %v\n", err)
return nil
}
if namespace == "" {
namespace = "default"
}
if err = qp.Cleanup(namespace, kubeConfigContents); err != nil {
fmt.Fprintf(out, "%s\n", Red("Preflight cleanup FAILED"))
fmt.Printf("Error: %v\n", err)
return nil
}
fmt.Fprintf(out, "%s\n", Green("Preflight cleanup complete"))
return nil
},
}
f := pfCleanCmd.Flags()
f.BoolVarP(&preflightOpts.Verbose, "verbose", "v", false, "verbose mode")
return pfCleanCmd
}
func pfVerifyCAChainCmd(q *qliksense.Qliksense) *cobra.Command {
out := ansi.NewColorableStdout()
preflightOpts := &preflight.PreflightOptions{
MongoOptions: &preflight.MongoOptions{},
}
var pfVerifyCAChainCmd = &cobra.Command{
Use: "verify-ca-chain",
Short: "verify-ca-chain using openssl verify",
Long: `verify the CA chain using openssl verify to ensure that mongodb certificate is valid`,
Example: `qliksense preflight verify-ca-chain`,
RunE: func(cmd *cobra.Command, args []string) error {
qp := &preflight.QliksensePreflight{Q: q, P: preflightOpts, CG: &api.ClientGoUtils{Verbose: preflightOpts.Verbose}}
// Preflight service check
namespace, kubeConfigContents, err := qp.CG.LoadKubeConfigAndNamespace()
if err != nil {
fmt.Fprintf(out, "%s\n", Red("FAILED"))
fmt.Printf("Error: %v\n", err)
return nil
}
if namespace == "" {
namespace = "default"
}
if err = qp.VerifyCAChain(kubeConfigContents, namespace, preflightOpts, false); err != nil {
fmt.Fprintf(out, "%s\n", Red("FAILED"))
fmt.Printf("Error: %v\n", err)
return nil
}
fmt.Fprintf(out, "%s\n", Green("PASSED"))
return nil
},
}
f := pfVerifyCAChainCmd.Flags()
f.BoolVarP(&preflightOpts.Verbose, "verbose", "v", false, "verbose mode")
return pfVerifyCAChainCmd
}

14
cmd/qliksense/pull_push.go
View File

@@ -1,6 +1,9 @@
package main
import (
"errors"
qapi "github.com/qlik-oss/sense-installer/pkg/api"
"github.com/qlik-oss/sense-installer/pkg/qliksense"
"github.com/spf13/cobra"
)
@@ -13,7 +16,7 @@ func pullQliksenseImages(q *qliksense.Qliksense) *cobra.Command {
Short: "Pull docker images for offline install",
Example: `qliksense pull`,
RunE: func(cmd *cobra.Command, args []string) error {
version, err := getSingleArg(args)
version, err := getAboutCommandGitRef(args)
if err != nil {
return err
}
@@ -31,7 +34,14 @@ func pushQliksenseImages(q *qliksense.Qliksense) *cobra.Command {
Short: "Push docker images for offline install",
Example: `qliksense push`,
RunE: func(cmd *cobra.Command, args []string) error {
return q.PushImagesForCurrentCR()
qConfig := qapi.NewQConfig(q.QliksenseHome)
if qcr, err := qConfig.GetCurrentCR(); err != nil {
return err
} else if registry := qcr.GetImageRegistry(); registry == "" {
return errors.New("no image registry in config")
} else {
return q.PushImagesForCurrentCR()
}
},
}
return cmd

105
cmd/qliksense/root.go
View File

@@ -2,19 +2,21 @@ package main
import (
"fmt"
"io"
"log"
"os"
"path/filepath"
"strings"
. "github.com/logrusorgru/aurora"
ansi "github.com/mattn/go-colorable"
"github.com/mitchellh/go-homedir"
"github.com/qlik-oss/sense-installer/pkg"
"github.com/qlik-oss/sense-installer/pkg/api"
"github.com/qlik-oss/sense-installer/pkg/preflight"
"github.com/qlik-oss/sense-installer/pkg/qliksense"
"github.com/spf13/cobra"
"github.com/spf13/viper"
"github.com/ttacon/chalk"
)
// To run this project in debug mode, run:
@@ -22,17 +24,10 @@ import (
// qliksense <command>
const (
qlikSenseHomeVar = "QLIKSENSE_HOME"
qlikSenseDirVar = ".qliksense"
cleanPatchFilesFlagName = "clean"
cleanPatchFilesFlagUsage = "Set --clean=false to keep any prior config repo file changes on install (for debugging)"
pullFlagName = "pull"
pullFlagShorthand = "d"
pullFlagUsage = "If using private docker registry, pull (download) all required qliksense images before install"
pushFlagName = "push"
pushFlagShorthand = "u"
pushFlagUsage = "If using private docker registry, push (upload) all downloaded qliksense images to that registry before install"
rootCommandName = "qliksense"
qlikSenseHomeVar = "QLIKSENSE_HOME"
qlikSenseDirVar = ".qliksense"
keepPatchFilesFlagName = "keep-config-repo-patches"
keepPatchFilesFlagUsage = "Keep config repo patch files (for debugging)"
)
func initAndExecute() error {
@@ -45,7 +40,7 @@ func initAndExecute() error {
log.Fatal(err)
}
// create dirs and appropriate files for setting up contexts
api.LogDebugMessage("QliksenseHomeDir: %s\n", qlikSenseHome)
api.LogDebugMessage("QliksenseHomeDir: %s", qlikSenseHome)
qliksenseClient := qliksense.New(qlikSenseHome)
cmd := rootCmd(qliksenseClient)
@@ -91,31 +86,43 @@ var versionCmd = &cobra.Command{
}
func commandUsesContext(commandName string) bool {
return commandName != "" &&
commandName != rootCommandName &&
commandName != fmt.Sprintf("%v help", rootCommandName) &&
commandName != fmt.Sprintf("%v version", rootCommandName)
return commandName != "" && commandName != "qliksense" && commandName != "help" && commandName != "version"
}
func getRootCmd(p *qliksense.Qliksense) *cobra.Command {
cmd := &cobra.Command{
Use: rootCommandName,
Short: "qliksense cli tool",
Use: "qliksense",
Short: "Qliksense cli tool",
Long: `qliksense cli tool provides functionality to perform operations on qliksense-k8s, qliksense operator, and kubernetes cluster`,
Args: cobra.ArbitraryArgs,
PersistentPreRun: func(cmd *cobra.Command, args []string) {
if commandUsesContext(cmd.CommandPath()) {
if commandUsesContext(cmd.Name()) {
globalEulaPreRun(cmd, p)
if err := p.SetUpQliksenseDefaultContext(); err != nil {
panic(err)
}
pf := api.NewPreflightConfig(p.QliksenseHome)
pf := preflight.NewPreflightConfig(p.QliksenseHome)
if err := pf.Initialize(); err != nil {
panic(err)
}
globalEulaPostRun(cmd, p)
}
},
PersistentPostRun: func(cmd *cobra.Command, args []string) {
if commandUsesContext(cmd.Name()) {
globalEulaPostRun(cmd, p)
}
},
SilenceUsage: true,
}
origHelpFunc := cmd.HelpFunc()
cmd.SetHelpFunc(func(cmd *cobra.Command, args []string) {
if !commandUsesContext(cmd.Name()) {
cmd.Flags().MarkHidden("acceptEULA")
}
origHelpFunc(cmd, args)
})
accept := ""
cmd.PersistentFlags().StringVarP(&accept, "acceptEULA", "a", "", "Accept EULA for qliksense")
cmd.Flags().SetInterspersed(false)
return cmd
}
@@ -151,13 +158,14 @@ func rootCmd(p *qliksense.Qliksense) *cobra.Command {
// add config command
configCmd := configCmd(p)
cmd.AddCommand(configCmd)
/** disabling for now
configCmd.AddCommand(configApplyCmd(p))
**/
configCmd.AddCommand(configViewCmd(p))
viper.SetEnvKeyReplacer(strings.NewReplacer("-", "_"))
//add upgrade command
cmd.AddCommand(upgradeCmd(p))
// add the set-context config command as a sub-command to the app config command
configCmd.AddCommand(setContextConfigCmd(p))
@@ -184,10 +192,6 @@ func rootCmd(p *qliksense.Qliksense) *cobra.Command {
// open editor for config
configCmd.AddCommand(configEditCmd(p))
// add unset for config
configCmd.AddCommand((unsetCmd(p)))
// add uninstall command
cmd.AddCommand(uninstallCmd(p))
@@ -196,7 +200,7 @@ func rootCmd(p *qliksense.Qliksense) *cobra.Command {
crdsCmd.AddCommand(crdsViewCmd(p))
crdsCmd.AddCommand(crdsInstallCmd(p))
// add preflight commands
// add preflight command
preflightCmd := preflightCmd(p)
preflightCmd.AddCommand(pfDnsCheckCmd(p))
preflightCmd.AddCommand(pfK8sVersionCheckCmd(p))
@@ -209,26 +213,41 @@ func rootCmd(p *qliksense.Qliksense) *cobra.Command {
preflightCmd.AddCommand(pfCreateRoleBindingCheckCmd(p))
preflightCmd.AddCommand(pfCreateServiceAccountCheckCmd(p))
preflightCmd.AddCommand(pfCreateAuthCheckCmd(p))
preflightCmd.AddCommand(pfVerifyCAChainCmd(p))
preflightCmd.AddCommand(pfCleanupCmd(p))
cmd.AddCommand(preflightCmd)
cmd.AddCommand(loadCrFile(p))
cmd.AddCommand((applyCmd(p)))
// add postflight command
postflightCmd := postflightCmd(p)
postflightCmd.AddCommand(postflightMigrationCheck(p))
postflightCmd.AddCommand(AllPostflightChecks(p))
cmd.AddCommand(postflightCmd)
// add keys command
cmd.AddCommand(keysCmd)
keysCmd.AddCommand(keysRotateCmd(p))
return cmd
}
func copy(src, dst string) (int64, error) {
var (
source, destination *os.File
sourceFileStat os.FileInfo
err error
nBytes int64
)
if sourceFileStat, err = os.Stat(src); err != nil {
return 0, err
}
if !sourceFileStat.Mode().IsRegular() {
return 0, fmt.Errorf("%s is not a regular file", src)
}
if source, err = os.Open(src); err != nil {
return 0, err
}
defer source.Close()
if destination, err = os.Create(dst); err != nil {
return 0, err
}
defer destination.Close()
nBytes, err = io.Copy(destination, source)
return nBytes, err
}
func levenstein(cmd *cobra.Command) {
cmd.SuggestionsMinimumDistance = 2
if len(os.Args) > 1 {
@@ -242,7 +261,7 @@ func levenstein(cmd *cobra.Command) {
if !strings.EqualFold(arg[1], suggest[0]) {
arg[1] = suggest[0]
out := ansi.NewColorableStdout()
fmt.Fprintln(out, Green("Did you mean: "), Bold(strings.Join(arg, " ")), "?")
fmt.Fprintln(out, chalk.Green.Color("Did you mean: "), chalk.Bold.TextStyle(strings.Join(arg, " ")), "?")
}
}
}

10
cmd/qliksense/uninstall.go
View File

@@ -6,7 +6,6 @@ import (
)
func uninstallCmd(q *qliksense.Qliksense) *cobra.Command {
skipConfirmation := false
c := &cobra.Command{
Use: "uninstall",
Short: "Uninstall the deployed qliksense.",
@@ -14,15 +13,10 @@ func uninstallCmd(q *qliksense.Qliksense) *cobra.Command {
Example: `qliksense uninstall <context-name>`,
RunE: func(cmd *cobra.Command, args []string) error {
if len(args) > 0 {
return q.UninstallQK8s(args[0], skipConfirmation)
return q.UninstallQK8s(args[0])
}
return q.UninstallQK8s("", skipConfirmation)
return q.UninstallQK8s("")
},
}
f := c.Flags()
f.BoolVar(&skipConfirmation, "yes", skipConfirmation, "skips confirmation")
return c
}

23
cmd/qliksense/upgrade.go Normal file
View File

@@ -0,0 +1,23 @@
package main
import (
"github.com/qlik-oss/sense-installer/pkg/qliksense"
"github.com/spf13/cobra"
)
func upgradeCmd(q *qliksense.Qliksense) *cobra.Command {
keepPatchFiles := false
c := &cobra.Command{
Use: "upgrade",
Short: "upgrade qliksense release",
Long: `upgrade qliksense release`,
Example: `qliksense upgrade <version>`,
RunE: func(cmd *cobra.Command, args []string) error {
return q.UpgradeQK8s(keepPatchFiles)
},
}
f := c.Flags()
f.BoolVar(&keepPatchFiles, keepPatchFilesFlagName, keepPatchFiles, keepPatchFilesFlagUsage)
return c
}

134
docs/command_reference.md
View File

@@ -1,61 +1,13 @@
# CLI reference
# qliksense command reference
### qliksense preflight
## qliksense apply
Preflight checks provide pre-installation cluster conformance testing and validation before we install qliksense on the cluster. We gather a suite of conformance tests that can be easily written and run on the target cluster to verify that cluster-specific requirements are met.
We support a couple of tests at the moment as part of preflight checks, and the range of the suite will be expanded in future.
Run the following command to view help about the commands supported by preflight at any moment:
```
qliksense preflight
```
#### Running all checks
Run the following command to execute all preflight checks
```
qliksense preflight all --mongodb-url=<mongo-server url> --mongodb-ca-cert=<path to ca-cert file>
```
#### Running specific check
Run the following command to execute a specific check
```
qliksense preflight dns
```
#### Running cleanup
Run the following command to cleanup entities created for preflight checks that were left behind on the cluster.
```
qliksense preflight clean
```
### qliksense postflight
Postflight checks are performed after qliksense is installed on the cluster and during normal operating mode of the product. Such checks can range from validating certain conditions to checking the status of certain operations or entities.
Run the following command to view help about the commands supported by postflight at any moment:
```
qliksense postflight
```
### qliksense load
`qliksense load` command takes input from a file or from pipe
- `qliksense load -f cr-file.yaml`
- `cat cr-file.yaml | qliksense load -f -`
This will load the Custom Resource (CR) into `${QLIKSENSE_HOME}` folder, create context structure and set the current context to that CR.
This will also encrypt the secrets from CR while writing the CR into the disk.
### qliksense apply
`qliksense apply` command takes input from a file or from pipe
`qliksense apply` command takes input a cr file or input from pipe
- `qliksense apply -f cr-file.yaml`
- `cat cr-file.yaml | qliksense apply -f -`
The content of `cr-file.yaml` should be something like the following:
the content of `cr-file.yaml` should be something similar
```yaml
apiVersion: qlik.com/v1
@@ -71,29 +23,37 @@ spec:
value: "yes"
secrets:
qliksense:
- name: mongodbUri
- name: mongoDbUri
value: mongodb://qlik-test-mongodb:27017/qliksense?ssl=false
profile: docker-desktop
```
rotateKeys: "yes"
```
`qliksense apply` does everything `qliksense load` does but will install Qlik Sense into the cluster as well
This will do everything `qliksense load` does and install the qliksense into the cluster.
### qliksense about
## qliksense load
`qliksense about` command will display information about [qliksense-k8s](https://github.com/qlik-oss/qliksense-k8s) release.
`qliksense load` command takes input a cr file or input from pipe.
For example, running the following command will show information about default profile for `1.0.0` tag
- `qliksense load -f cr-file.yaml`
- `cat cr-file.yaml | qliksense load -f -`
```
qliksense about 1.0.0
```
This will load the CR into `${QLIKSENSE_HOME}` folder, create context structure and set the current context to that CR.
This will also encrypt the secrets from CR while writing the CR into the disk.
Run the following command to view options for `about` command:
```
qliksense about --help
```
## qliksense about
Using other supported commands user might have built the CR into the location `~/.qliksense/myqliksense.yaml`
About action will display inside information regarding [qliksense-k8](https://github.com/qlik-oss/qliksense-k8s) release.
it will support following flags
- `qliksense about 1.0.0` display default profile for tag `1.0.0`.
- `qliksense about 1.0.0 --profile=docker-desktop`
- `qliksense about`
- assuming current directory has `manifests/docker-desktop`
- or get version information from pull of `qliksense-k8s` `master`
using other supported commands user might have built the CR into the location `~/.qliksense/myqliksense.yaml`
```yaml
apiVersion: qlik.com/v1
@@ -102,7 +62,7 @@ metadata:
name: myqliksense
spec:
profile: docker-desktop
manifestsRoot: /Usr/xyz/my-k8-repo/manifests
manifestsRoot: /Usr/ddd/my-k8-repo/manifests
namespace: myqliksense
storageClassName: efs
configs:
@@ -111,35 +71,37 @@ spec:
value: "yes"
secrets:
qliksense:
- name: mongodbUri
- name: mongoDbUri
value: "mongo://mongo:3307"
- name: messagingPassword
valueFromKey: messagingPassword
```
In this case, the result of `qliksense about` command would display information from:
In that case the command would be
- `/Usr/xyz/my-k8-repo/manifests/docker-desktop` location, or
- Pull and show information from `master` branch if the directory is invalid or empty
- `qliksense about`
- display from `/Usr/ddd/my-k8-repo/manifests/docker-desktop` location
- pull from `master` if directory invalid/empty
### qliksense config
## qliksense config
`qliksense config` will perform operations on configurations and contexts regarding the [qliksense-k8](https://github.com/qlik-oss/qliksense-k8s) release.
Config action will perform operations on configurations and contexts regarding the [qliksense-k8](https://github.com/qlik-oss/qliksense-k8s) release.
It supports the following flags:
it will support following commands:
- `qliksense config list-contexts` - get and list contexts
- `qliksense config set` - configure a key-value pair into the current context
- `qliksense config set-configs` - set configurations into qliksense context as key-value pairs
- `qliksense config set-context` - sets the Kubernetes context where resources are located
- `qliksense config set-secrets <service_name>.<attribute>="<value>" --secret=false` - set secrets configurations into qliksense context as key-value pairs and show encrypted value as part of CR
- `qliksense config set-secrets <service_name>.<attribute>="<value>" --secret=true` - set secrets configurations into qliksense context as key-value pairs and show a key reference to the created Kubernetes secret resource as part of the CR
- `qliksense config apply` - generate the patchs and apply manifests to k8s
- `qliksense config list-contexts` - retrieves the contexts and lists them
- `qliksense config set` - configure a key value pair into the current context
- `qliksense config set-configs` - set configurations into the qliksense context as key-value pairs
- `qliksense config set-context` - sets the context in which the Kubernetes cluster and resources live in
- `qliksense config set-secrets <service_name>.<attribute>="<value>" --secret=false` - set secrets configurations into the qliksense context as key-value pairs and show encrypted value as part of CR
- `qliksense config set-secrets <service_name>.<attribute>="<value>" --secret=true` - set secrets configurations into the qliksense context as key-value pairs and show a key reference to the created Kubernetes secret resource as part of the CR
- `qliksense config view` - view the qliksense operator CR
- `qliksense config delete-context` - deletes a specific context locally (not in-cluster). Deletes context in spec of `config.yaml` and locally deletes entire folder of specified context (does not delete secrets from cluster)
- `qliksense config delete-context` - deletes a specific context locally (not in-cluster). Deletes context in spec of `config.yaml` and locally deletes entire folder of specified context (does not delete in-cluster secrets)
The global file which abstracts all contexts is `~/.qliksense/config.yaml`
the global file that abstracts all the contexts is `config.yaml`, located at: `~/.qliksense/config.yaml`:
```yaml
apiVersion: config.qlik.com/v1
kind: QliksenseConfig
@@ -148,10 +110,10 @@ metadata:
spec:
contexts:
- name: qlik-default
crFile: /Users/xyz/.qliksense/contexts/qlik-default/qlik-default.yaml
crFile: /Users/fff/.qliksense/contexts/qlik-default/qlik-default.yaml
- name: myqliksense
crFile: /Users/xyz/.qliksense/contexts/myqliksense/myqliksense.yaml
crFile: /Users/fff/.qliksense/contexts/myqliksense/myqliksense.yaml
- name: hello
crFile: /Users/xyz/.qliksense/contexts/hello/hello.yaml
crFile: /Users/fff/.qliksense/contexts/hello/hello.yaml
currentContext: hello
```
```

18
docs/concepts.md
View File

@@ -1,6 +1,6 @@
# How CLI works
# How qliksense cli works
At the initialization, `qliksense` cli creates few files in the director `~/.qliksense` and it contains following files:
At the initialization, `qliksense` cli creates few files in the director `~/.qliksene` and it contains following files:
```console
.qliksense
@@ -23,8 +23,9 @@ spec:
profile: docker-desktop
secrets:
qliksense:
- name: mongodbUri
- name: mongoDbUri
value: mongodb://qlik-default-mongodb:27017/qliksense?ssl=false
rotateKeys: "yes"
releaseName: qlik-default
```
@@ -47,14 +48,14 @@ qliksense config -h
In this mode `qliksense` CLI downloads the specified version from [qliksense-k8s](https://github.com/qlik-oss/qliksense-k8s) and places it in `~/.qliksense/contexts/<context-name>/qlik-k8s` folder.
The qliksense cli creates a CR for the QlikSense operator and all config operations are performed to edit the CR.
The qliksense cli creates a CR for the QlikSense operator and all config operations are peformed to edit the CR.
`qliksense install` will generate patches in local file system (i.e `~/.qliksense/contexts/<context-name>/qlik-k8s`) and
`qliksense install` or `qliksense config apply` will generate patches in local file system (i.e `~/.qliksense/contexts/<context-name>/qlik-k8s`) and
- Install those manifests into the cluster
- Create a custom resource (CR) for the `qliksene operator`.
- Create a custom resoruce (CR) for the `qliksene operator`.
The operator makes the association to the installed resources so that when `qliksense uninstall` is performed the operator can delete all kubernetes resources related to QSEoK for the current context.
The operator makes the association to the installed resoruces so that when `qliksense uninstall` is performed the operator can delete all kubernetes resources related to QSEoK for the current context.
## With a git repo
@@ -67,7 +68,7 @@ qliksense config set git.repository="https://github.com/my-org/qliksense-k8s"
qliksense config set git.accessToken="<mySecretToken>"
```
When you perform `qliksense install`, qliksense operator performs these tasks:
When you perform `qliksense install` or `qliksene config apply`, qliksense operator performs these tasks:
- Download corresponding version of manifests from the your git repo
- Generate kustomize patches
@@ -93,3 +94,4 @@ spec:
image: qlik-docker-oss.bintray.io/qliksense-repo-watcher
....
```

149
docs/getting_started.md
View File

@@ -1,162 +1,53 @@
# Getting started
To get familiar with the Qlik Sense on Kubernetes Operator Command Line Interface (CLI), we will install Qlik Sense on Kubernetes on docker desktop. In subsequent sections we will enhance this configuration to include an Identity Provider (keycloak) and demonstrate air gapped capabilities as well.
## Requirements
- Kubernetes cluster (Docker Desktop with enabled Kubernetes)
- `kubectl` installed, configured and able to communicate with kubernetes cluster. _`qliksense` CLI uses `kubectl` to perform some operations on cluster_
- `kubectl` installed, configured and able to communicate with kubernetes cluster. _`qliksense` CLI uses `kubectl` under the hood to perform operations on cluster_
## Installing `qliksense` CLI
## Installing Sense installer
Download the executable for your platform from [releases page](https://github.com/qlik-oss/sense-installer/releases) and rename it to `qliksense`
=== "Linux"
??? tldr "Linux"
``` bash
# bash
curl -LOJ https://storage.googleapis.com/kubernetes-release/release/v1.16.8/bin/linux/amd64/kubectl
curl -LOJ https://github.com/qlik-oss/sense-installer/releases/latest/download/qliksense-linux-amd64
sudo mv qliksense-linux-amd64 kubectl /usr/local/bin
sudo chmod ugo+x /usr/local/bin/qliksense-linux-amd64 /usr/local/bin/kubectl
sudo ln -s /usr/local/bin/qliksense-linux-amd64 /usr/local/bin/qliksense
sudo ln -s /usr/local/bin/qliksense-linux-amd64 /usr/local/bin/kubectl-qliksense
curl -Lo qliksense https://github.com/qlik-oss/sense-installer/releases/download/v0.7.0/qliksense-linux-amd64
chmod +x qliksense
sudo mv qliksense /usr/local/bin
```
=== "MacOS"
??? tldr "MacOS"
``` bash
# bash
curl -LOJ https://storage.googleapis.com/kubernetes-release/release/v1.16.8/bin/darwin/amd64/kubectl
curl -LOJ https://github.com/qlik-oss/sense-installer/releases/latest/download/qliksense-darwin-amd64
sudo mv qliksense-darwin-amd64 kubectl /usr/local/bin
sudo chmod ugo+x /usr/local/bin/qliksense-darwin-amd64 /usr/local/bin/kubectl
sudo ln -s /usr/local/bin/qliksense-darwin-amd64 /usr/local/bin/qliksense
sudo ln -s /usr/local/bin/qliksense-darwin-amd64 /usr/local/bin/kubectl-qliksense
curl -Lo qliksense https://github.com/qlik-oss/sense-installer/releases/download/v0.7.0/qliksense-darwin-amd64
chmod +x qliksense
sudo mv qliksense /usr/local/bin
```
=== "Windows"
??? tldr "Windows"
Download Windows executable and add it in your `PATH` as `qliksense.exe`
``` powershell
# powershell
[https://github.com/qlik-oss/sense-installer/releases/download/v0.7.0/qliksense-windows-amd64.exe](https://github.com/qlik-oss/sense-installer/releases/download/v0.7.0/qliksense-windows-amd64.exe)
Invoke-WebRequest https://storage.googleapis.com/kubernetes-release/release/v1.16.8/bin/windows/amd64/kubectl.exe -O C:\bin\kubectl.exe
Invoke-WebRequest https://github.com/qlik-oss/sense-installer/releases/latest/download/qliksense-windows-amd64.exe -O C:\bin\qliksense.exe
Copy-Item C:\bin\qliksense.exe C:\bin\kubectl-qliksense.exe
# Add C:\bin to current Path
$Env:Path += ";C:\bin"
# Save Path to User environment scope
[Environment]::SetEnvironmentVariable("Path",[Environment]::GetEnvironmentVariable("Path", [EnvironmentVariableTarget]::User) + ";C:\bin",[EnvironmentVariableTarget]::User)
```
## Quick start
### Setting the contexts
By default a `qlik-default` configuration context is provided and can be used, as is. In effect, this is the name of the Qlik Sense instance in the target cluster. All resources installed into the target namespace will be prefixed with `qlik-default`. The name of the Qlik Sense application will correspondingly be `qliksense`.
Ex.: To change this to `qliksense-dev`:
- To download the version `v0.0.2` from qliksense-k8s [releases](https://github.com/qlik-oss/qliksense-k8s/releases).
```shell
qliksense config set-context qliksense-dev
qliksense fetch v0.0.2
```
!!! info ""
For the purposes of the Quick Start we will be using `qlik-default`
The target namespace is determined by the kubectl connection context.
ex. Ensure a connection to cluster to change the configuration context's target namespace with kubectl to `qliksense`
- To install CRDs for QSEoK and qliksense operator into the kubernetes cluster.
```shell
kubectl config set-context --current --namespace=qliksense
qliksense crds install --all
```
!!! info ""
For the purposes of the Quick Start we will be using the default namespace. (`default`)
### Downloading a version of Qlik Sense on Kubernetes
To download the latest version of Qlik Sense on Kubernetes from qliksense-k8s
- To install QSEoK into a namespace in the kubernetes cluster where `kubectl` is pointing to.
```shell
qliksense fetch
```
#### More Options
- To download a specific version `v1.59.20` from qliksense-k8s [releases](https://github.com/qlik-oss/qliksense-k8s/releases)
```shell
qliksense fetch v1.58.20
```
- To download from a GitHub repository fork of the `qliksense-k8s` repository (master branch)
```shell
qliksense fetch --url https://github.com/bkuschel/qliksense-k8s.git master
```
### Deployment Profiles
Deployment profiles are a sets components that require sets of key/value pairs to satisfy the requirements for the generation of a Qlik Sense on Kubernetes manifest. Along with the profile name, sets of key/value pairs are provided through the Qlik Sense custom application resources (see here).
Profiles can be developed and added to the qliksense-k8s repo but is considered an advanced topic (see here) not covered here.
#### Default Profile: Docker Desktop
By default, the `docker-desktop` profile is associated with the configuration context when initially created. This profile is guaranteed to work on Docker Desktop but can generally be used on other types of Kubernetes clusters, provided that the required configuration tweaks are provided specific to the hosting requirements (Ex. storage class).
The docker-desktop profile does not have any scaling characteristics and is generally set up to have the ability to work on a reasonably powerful computer (16GB, 4 cores minimum, greater is better). It also includes a self-contained mongodb instance for non-production purposes.
Generally it doesn't require any extra configuration to work except an acceptance of the Qlik User License Agreement (QULA), which is prompted on install but can also be set in advance (having read the QULA)
```shell
qliksense config set-configs qliksense.acceptEULA="yes"
```
More information on the possible configuration parameters for docker-desktop here (see here).
!!! Info
To access an installation of the docker desktop profile in docker desktop, the host `elastic.example` needs to be added to the system host file as an alias to `127.0.0.1`
```
127.0.0.1 elastic.example
```
File location:
- Linux - `/etc/hosts`
- MacOS - `/etc/hosts`
- Windows - `C:\Windows\System32\drivers\etc\hosts`
### Installing Qlik Sense on Kubernetes
#### Custom Resource Definitions (CRDs)
Besides the CLI, a Kubernetes operator (read here) is a core component of the Qlik Sense Operator. Additionally, there are other Kubernetes operators in Qlik Sense on Kubernetes that provide other types functionality (ex. scaling). Depending on the profile chosen [(see Deployment profiles)](#deployment-profiles), additional CRDs can also be installed for third-party components (see gke-demo).
Kubernetes operators require Custom resource definitions (CRD) (read here), which are YAML schemas for custom resources (CR). The Qlik Sense application instance, corresponding to the name of the configuration context, corresponds to a CR (ex. `qlik-default`).
CRDs require cluster scope permissions and are shared cluster-wide across namespaces. These need to be installed first (if not done previously).
To install CRDs for Qlik Sense on Kubernetes into the Kubernetes cluster.
```shell
qliksense crds install
```
#### Preflight Checks
To check that your environment fullfills Qlik Sense requirements
```shell
qliksense preflight all
```
#### Qlik Sense
To install Qlik Sense into a namespace in the Kubernetes cluster where `kubectl` is pointing to
```shell
qliksense install
qliksense install --acceptEULA="yes"
```

24
docs/index.md
View File

@@ -1,22 +1,22 @@
# Overview
The Qlik Sense on Kubernetes Operator CLI (`qliksense`) facilitates:
The Qlik Sense installer CLI (`qliksense`) provides an imperative interface to many of the configurations that need to be applied against the declarative structure described in [qliksense-k8s](https://github.com/qlik-oss/qliksense-k8s). This cli facilitates:
- Installation of QSEoK
- Installation of Qliksense operator to manage the QSEoK installation
- Installation of qliksense operator to manage QSEoK
- Air gapped installation of QSEoK
- Cluster configuration management
- Pre-flight and Post-flight environment and configuration checks
The Qlik Sense on Kubernetes Operator CLI provides an imperative interface to many of the configurations that need to be applied against the declarative structure described in the [qliksense-k8s](https://github.com/qlik-oss/qliksense-k8s) repository
To get start quickly go to the [Getting Started page](getting_started.md).
To learn more about the internal workings of the Qlik Sense on Kubernetes Operator, go to [How CLI works](concepts.md).
!!! info ""
This is a technology preview that uses Qlik modified [kustomize](https://github.com/qlik-oss/kustomize) for Kubernetes manifests on [qliksense-k8s](https://github.com/qlik-oss/qliksense-k8s) repository
This is a technology preview that uses Qlik modified [kustomize](https://github.com/qlik-oss/kustomize) for kubernetes manifests on [qliksense-k8s](https://github.com/qlik-oss/qliksense-k8s) repository
!!! info ""
See QlikSense [edge releases on qliksense-k8s](https://github.com/qlik-oss/qliksense-k8s/releases) repository
## Future Direction
Operations:
- Expand preflight checks
- Backup/restore operations
- Fully support airgap installation of QSEoK
- Restore unwanted deletion of kubernetes resources

51
docs/postflight_checks.md
View File

@@ -1,51 +0,0 @@
# Postflight checks
Postflight checks are performed after qliksense is installed on the cluster and during normal operating mode of the product. Such checks can range from validating certain conditions to checking the status of certain operations or entities on the kubernetes cluster.
Run the following command to view help about the commands supported by postflight at any moment:
```
$ qliksense postflight
perform postflight checks on the cluster
Usage:
qliksense postflight [command]
Examples:
qliksense postflight <postflight_check_to_run>
Available Commands:
db-migration-check check mongodb migration status on the cluster
Flags:
-h, --help help for postflight
-v, --verbose verbose mode
```
### Run all postflight checks
This command runs all the postflight checks available.
```shell
$ qliksense postflight all
Running all postflight checks...
Postflight db migration check...
Logs from pod: qliksense-users-6977cb7788-qlgmv
{"caller":"main.go:39","environment":"qseok","error":"error parsing uri: scheme must be \"mongodb\" or \"mongodb+srv\"","level":"error","message":"failed to connect to ","timestamp":"2020-06-17T04:10:11.7891913Z","version":""}
To view more logs in this context, please run the command: kubectl logs -n test_ns qliksense-users-6977cb7788-qlgmv migration
PASSED
All postflight checks have PASSED
```
### DB migration check
This command checks init containers for successful database migrarion completions, and reports failure, if any to the user.
An example run of this check produces an output as shown below:
```shell
$ qliksense postflight db-migration-check
Logs from pod: qliksense-users-6977cb7788-cxxwh
{"caller":"main.go:39","environment":"qseok","error":"error parsing uri: scheme must be \"mongodb\" or \"mongodb+srv\"","level":"error","message":"failed to connect to ","timestamp":"2020-06-01T01:07:18.4170507Z","version":""}
To view more logs in this context, please run the command: kubectl logs -n test_ns qliksense-users-6977cb7788-qlgmv migration
PASSED
Postflight db_migration_check completed
```

162
docs/preflight_checks.md
View File

@@ -1,11 +1,10 @@
# Preflight checks
##Preflight checks
Preflight checks provide pre-installation cluster conformance testing and validation before we install qliksense on the cluster. We gather a suite of conformance tests that can be easily written and run on the target cluster to verify that cluster-specific requirements are met.
We support a couple of tests at the moment as part of preflight checks, and the range of the suite will be expanded in future.
The suite consists of a set of `collectors` which run the specifications of every test and `analyzers` which analyze the results of every test run by the collector.
We support the following tests at the moment as part of preflight checks, and the range of the suite will be expanded in future.
Run the following command to view help about the commands supported by preflight at any moment:
```shell
```console
$ qliksense preflight
perform preflight checks on the cluster
@@ -16,29 +15,19 @@ Examples:
qliksense preflight <preflight_check_to_run>
Available Commands:
all perform all checks
authcheck preflight authcheck
clean perform preflight clean
deployment perform preflight deployment check
dns perform preflight dns check
k8s-version check kubernetes version
mongo preflight mongo OR preflight mongo --url=<url>
pod perform preflight pod check
role preflight create role check
rolebinding preflight create rolebinding check
service perform preflight service check
serviceaccount preflight create ServiceAccount check
all perform all checks
dns perform preflight dns check
k8s-version check k8s version
Flags:
-h, --help help for preflight
-v, --verbose verbose mode
```
### DNS check
Run the following command to perform preflight DNS check. We setup a kubernetes deployment and try to reach it as part of establishing DNS connectivity in this check.
The expected output should be similar to the one shown below.
```shell
$ qliksense preflight dns -v
```console
$ qliksense preflight dns
Preflight DNS check
---------------------
@@ -60,8 +49,8 @@ Deleted deployment: dep-dns-preflight-check
### Kubernetes version check
We check the version of the target kubernetes cluster and ensure that it falls in the valid range of kubernetes versions that are supported by qliksense.
The command to run this check and the expected similar output are as shown below:
```shell
$ qliksense preflight k8s-version -v
```console
$ qliksense preflight k8s-version
Preflight kubernetes minimum version check
------------------------------------------
@@ -75,8 +64,8 @@ Completed Preflight kubernetes minimum version check
### Service check
We use the commmand below to test if we are able to create a service in the cluster.
```shell
$ qliksense preflight service -v
```console
$ qliksense preflight service
Preflight service check
-----------------------
@@ -91,8 +80,8 @@ Completed preflight service check
### Deployment check
We use the commmand below to test if we are able to create a deployment in the cluster. After the test exexutes, we wait until the created deployment terminates before we exit the command.
```shell
$ qliksense preflight deployment -v
```console
$ qliksense preflight deployment
Preflight deployment check
-----------------------
@@ -106,8 +95,8 @@ Completed preflight deployment check
### Pod check
We use the commmand below to test if we are able to create a pod in the cluster.
```shell
$ qliksense preflight pod -v
```console
$ qliksense preflight pod
Preflight pod check
--------------------
@@ -120,61 +109,61 @@ Deleted pod: pod-pf-check
Completed preflight pod check
```
### Role check
### Create-Role check
We use the command below to test if we are able to create a role in the cluster
```shell
$ qliksense preflight role -v
Preflight role check
$ qliksense preflight create-role
Preflight create-role check
---------------------------
Preflight role check:
Preflight create-role check:
Created role: role-preflight-check
Preflight role check: PASSED
Preflight create-role check: PASSED
Cleaning up resources...
Deleted role: role-preflight-check
Completed preflight role check
Completed preflight create-role check
```
### RoleBinding check
### Create-RoleBinding check
We use the command below to test if we are able to create a role binding in the cluster
```shell
$ qliksense preflight rolebinding -v
$ qliksense preflight createRoleBinding
Preflight rolebinding check
Preflight create roleBinding check
---------------------------
Preflight rolebinding check:
Preflight createRoleBinding check:
Created RoleBinding: role-binding-preflight-check
Preflight rolebinding check: PASSED
Preflight createRoleBinding check: PASSED
Cleaning up resources...
Deleting RoleBinding: role-binding-preflight-check
Deleted RoleBinding: role-binding-preflight-check
Completed preflight rolebinding check
Completed preflight createRoleBinding check
```
### Create-ServiceAccount check
We use the command below to test if we are able to create a service account in the cluster
```shell
$ qliksense preflight serviceaccount -v
$ qliksense preflight createServiceAccount
Preflight ServiceAccount check
Preflight create ServiceAccount check
-------------------------------------
Preflight serviceaccount check:
Preflight createServiceAccount check:
Created Service Account: preflight-check-test-serviceaccount
Preflight serviceaccount check: PASSED
Preflight createServiceAccount check: PASSED
Cleaning up resources...
Deleting ServiceAccount: preflight-check-test-serviceaccount
Deleted ServiceAccount: preflight-check-test-serviceaccount
Completed preflight serviceaccount check
Completed preflight createServiceAccount check
```
### Auth check
### CreateRB check
We use the command below to combine creation of role, role binding, and service account tests
```shell
$ qliksense preflight authcheck -v
$ qliksense preflight createRB
Preflight auth check
Preflight createRB check
-------------------------------------
Preflight create-role check:
Created role: role-preflight-check
@@ -199,25 +188,23 @@ Cleaning up resources...
Deleted ServiceAccount: preflight-check-test-serviceaccount
Completed preflight createServiceAccount check
Completed preflight auth check
Completed preflight CreateRB check
```
### Mongodb check
We can check if we are able to connect to an instance of mongodb on the cluster by either supplying the mongodbUri as part of the command or infer it from the current context.
```shell
qliksense preflight mongo --url=<url> -v OR
qliksense preflight mongo -v
qliksense preflight mongo --url=<mongo-server url> --ca-cert=<path to ca-cert file> -v
```
```shell
qliksense preflight mongo --url=<url> OR
qliksense preflight mongo
Preflight mongo check
---------------------
Preflight mongodb check:
Created pod: pf-mongo-pod
stdout: MongoDB shell version v4.2.5
connecting to: <url>/?compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("...") }
Implicit session: session { "id" : UUID("64f639d3-2c93-4894-80f6-ee14acaf56a5") }
MongoDB server version: 4.2.5
bye
stderr:
@@ -226,35 +213,13 @@ Deleted pod: pf-mongo-pod
Completed preflight mongodb check
```
#### Mongodb check with mutual tls
In order to perform mutual tls with mongo we need to:
- append client certificate to the beginning/end of CA certificate. Make sure to include the beginning and end tags on each certificate.
The CA certificate file should look like this in the end:
```shell
<existing contents of CA cert>
...
-----BEGIN RSA PRIVATE KEY-----
<private key>
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
<public key>
-----END CERTIFICATE-----
```
- Run the command below to set the ca certificate into the CR
```shell
cat <path_to_ca.crt> | base64 | qliksense config set-secrets qliksense.caCertificates --base64
```
Next, run:
```shell
qliksense preflight mongo -v
```
### Running all checks
Run the command shown below to execute all preflight checks.
```shell
$ qliksense preflight all --mongodb-url=<url> -v OR
$ qliksense preflight all --mongodb-url=<mongo-server url> --mongodb-ca-cert=<path to ca-cert file> -v
```console
$ qliksense preflight all --mongodb-url=<url> OR
$ qliksense preflight all
Running all preflight checks
@@ -285,41 +250,4 @@ Completed Preflight kubernetes minimum version check
All preflight checks have PASSED
Completed running all preflight checks
```
### Clean
Run the command below to cleanup entities that were created for the purpose of running preflight checks and left behind in the cluster.
```shell
$ qliksense preflight clean -v
Preflight clean
----------------
Removing deployment...
Removing service...
Removing pod...
Removing role...
Removing rolebinding...
Removing serviceaccount...
Removing DNS check components...
Removing mongo check components...
Preflight cleanup complete
```
### Verify-ca-chain check
We use the command below to verify the ca certificate chain and server certificate. We run this check over mongodbUrl and discoveryUrl we inferred from idpconfigs in the CR.
```shell
$ qliksense preflight preflight verify-ca-chain -v
Preflight verify-ca-chain check...
-----------------------------------
Openssl verify mongodbUrl:
Mongodb url inferred form CR: <mongodbUrl_from_CR>
Host: <host extracted from mongodbUrl>
Openssl verify discoveryUrl:
Discovery url: <discoveryUrl_from_CR>
Host: <host extracted from discoveryUrl>
Completed preflight verify-CA-chain check
PASSED
```

39
go.mod
View File

@@ -6,56 +6,61 @@ replace (
github.com/docker/docker => github.com/moby/moby v0.7.3-0.20190826074503-38ab9da00309
golang.org/x/sys => golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a
k8s.io/apimachinery => k8s.io/apimachinery v0.17.0
k8s.io/client-go => k8s.io/client-go v0.17.0
k8s.io/kubectl => k8s.io/kubectl v0.0.0-20191219154910-1528d4eea6dd
k8s.io/apimachinery => k8s.io/apimachinery v0.0.0-20191004115801-a2eda9f80ab8
k8s.io/client-go => k8s.io/client-go v0.0.0-20191016111102-bec269661e48
k8s.io/kubectl => k8s.io/kubectl v0.0.0-20191016120415-2ed914427d51
sigs.k8s.io/kustomize/api => github.com/qlik-oss/kustomize/api v0.3.3-0.20200612023448-4c1f2f38ea9b
sigs.k8s.io/kustomize/api => github.com/qlik-oss/kustomize/api v0.3.3-0.20200402170547-2e8140160c36
)
require (
cloud.google.com/go v0.52.0 // indirect
cloud.google.com/go/storage v1.5.0 // indirect
github.com/Masterminds/semver/v3 v3.1.0
github.com/Masterminds/semver/v3 v3.0.3
github.com/Shopify/ejson v1.2.1
github.com/aws/aws-sdk-go v1.28.9 // indirect
github.com/bugsnag/bugsnag-go v1.5.3 // indirect
github.com/containerd/containerd v1.3.2 // indirect
github.com/containerd/continuity v0.0.0-20191214063359-1097c8bae83b // indirect
github.com/containers/image/v5 v5.1.0
github.com/docker/cli v0.0.0-20191212191748-ebca1413117a // indirect
github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7 // indirect
github.com/docker/go-metrics v0.0.1 // indirect
github.com/go-git/go-git/v5 v5.1.0
github.com/gobuffalo/envy v1.9.0 // indirect
github.com/gobuffalo/logger v1.0.3 // indirect
github.com/gobuffalo/packd v1.0.0 // indirect
github.com/gobuffalo/packr/v2 v2.7.1
github.com/gofrs/uuid v3.2.0+incompatible // indirect
github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e // indirect
github.com/golang/protobuf v1.3.3 // indirect
github.com/google/uuid v1.1.1
github.com/gorilla/mux v1.7.3 // indirect
github.com/hashicorp/golang-lru v0.5.4 // indirect
github.com/jinzhu/copier v0.0.0-20190924061706-b57f9002281a
github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0 // indirect
github.com/logrusorgru/aurora v0.0.0-20200102142835-e9ef32dff381
github.com/mattn/go-colorable v0.1.4
github.com/mattn/go-tty v0.0.3
github.com/mitchellh/go-homedir v1.1.0
github.com/otiai10/copy v1.1.1
github.com/pkg/errors v0.9.1
github.com/qlik-oss/k-apis v0.1.16
github.com/morikuni/aec v1.0.0 // indirect
github.com/pkg/errors v0.8.1
github.com/qlik-oss/k-apis v0.0.34
github.com/robfig/cron/v3 v3.0.1
github.com/rogpeppe/go-internal v1.5.2 // indirect
github.com/spf13/cobra v1.10.2
github.com/spf13/cobra v0.0.6
github.com/spf13/viper v1.6.1
github.com/ttacon/chalk v0.0.0-20160626202418-22c06c80ed31
golang.org/x/crypto v0.0.0-20200311171314-f7b00557c8c4 // indirect
golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a // indirect
golang.org/x/net v0.0.0-20200528225125-3c3fba18258b
golang.org/x/net v0.0.0-20200226121028-0de0cce0169b
golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527 // indirect
golang.org/x/tools v0.0.0-20200312194400-c312e98713c2 // indirect
google.golang.org/genproto v0.0.0-20200128133413-58ce757ed39b // indirect
google.golang.org/grpc v1.27.0 // indirect
gopkg.in/yaml.v2 v2.2.8
k8s.io/api v0.17.2
k8s.io/apiextensions-apiserver v0.17.2
k8s.io/apimachinery v0.17.2
gopkg.in/yaml.v3 v3.0.0-20190924164351-c8b7dadae555
k8s.io/api v0.17.0
k8s.io/apimachinery v0.17.0
k8s.io/client-go v11.0.0+incompatible
k8s.io/kubectl v0.17.2
k8s.io/kubectl v0.0.0-20191016120415-2ed914427d51
sigs.k8s.io/kustomize/api v0.3.2
sigs.k8s.io/yaml v1.1.0
)

359
go.sum
View File

File diff suppressed because it is too large Load Diff

7
mkdocs.yml
View File

@@ -1,13 +1,11 @@
site_name: Qlik Sense on Kubernetes CLI
site_name: Qlik Sense installer
repo_url: 'https://github.com/qlik-oss/sense-installer'
strict: true
theme:
name: "material"
palette:
primary: 'green'
accent: 'indigo'
markdown_extensions:
- toc:
permalink: true
@@ -16,12 +14,11 @@ markdown_extensions:
- pymdownx.inlinehilite
- pymdownx.superfences
- pymdownx.details
- pymdownx.tabbed
nav:
- Overview: index.md
- getting_started.md
- command_reference.md
- concepts.md
- preflight_checks.md
- air_gap.md
- Releases ⧉: https://github.com/qlik-oss/sense-installer/releases

155
pkg/api/apis.go
View File

@@ -1,9 +1,11 @@
package api
import (
"crypto/rsa"
"errors"
"fmt"
"io/ioutil"
"log"
"os"
"path/filepath"
"strings"
@@ -21,7 +23,6 @@ const (
qliksenseContextsDirName = "contexts"
qliksenseSecretsDirName = "secrets"
qliksenseEjsonDirName = "ejson"
QLIK_GIT_REPO = "https://github.com/qlik-oss/qliksense-k8s"
)
// NewQConfig create QliksenseConfig object from file ~/.qliksense/config.yaml
@@ -143,68 +144,6 @@ func (cr *QliksenseCR) IsRepoExist() bool {
return true
}
func (cr *QliksenseCR) GetFetchUrl() string {
if cr.Spec.Git == nil || cr.Spec.Git.Repository == "" {
return QLIK_GIT_REPO
}
return cr.Spec.Git.Repository
}
func (cr *QliksenseCR) GetFetchAccessToken(encryptionKey string) string {
if cr.Spec.Git == nil {
return ""
}
if tok, err := cr.Spec.Git.GetAccessToken(); err != nil {
fmt.Println(err)
return ""
} else if tok == "" {
return tok
} else {
by, _ := b64.StdEncoding.DecodeString(tok)
res, err := DecryptData(by, encryptionKey)
if err != nil {
fmt.Println(err)
return ""
}
return string(res)
}
}
func (cr *QliksenseCR) SetFetchUrl(url string) {
if cr.Spec.Git == nil {
cr.Spec.Git = &config.Repo{}
}
cr.Spec.Git.Repository = url
}
func (cr *QliksenseCR) SetFetchAccessToken(token, encryptionKey string) error {
if cr.Spec.Git == nil {
cr.Spec.Git = &config.Repo{}
}
res, err := EncryptData([]byte(token), encryptionKey)
if err != nil {
return err
}
cr.Spec.Git.AccessToken = b64.StdEncoding.EncodeToString(res)
return nil
}
func (cr *QliksenseCR) SetFetchAccessSecretName(sec string) {
if cr.Spec.Git == nil {
cr.Spec.Git = &config.Repo{}
}
cr.Spec.Git.SecretName = sec
}
//DeleteRepo delete the manifest repo and unset manifestsRoot
func (cr *QliksenseCR) DeleteRepo() error {
if err := os.RemoveAll(cr.Spec.ManifestsRoot); err != nil {
return err
}
cr.Spec.ManifestsRoot = ""
return nil
}
func (qc *QliksenseConfig) IsRepoExist(contextName, version string) bool {
if _, err := os.Lstat(qc.BuildRepoPathForContext(contextName, version)); err != nil {
return false
@@ -219,11 +158,6 @@ func (qc *QliksenseConfig) IsRepoExistForCurrent(version string) bool {
return true
}
func (qc *QliksenseConfig) DeleteRepoForCurrent(version string) error {
path := qc.BuildRepoPath(version)
return os.RemoveAll(path)
}
func (qc *QliksenseConfig) BuildRepoPath(version string) string {
return qc.BuildRepoPathForContext(qc.Spec.CurrentContext, version)
}
@@ -324,9 +258,9 @@ func (qc *QliksenseConfig) GetCurrentContextSecretsDir() (string, error) {
func (qc *QliksenseConfig) setDockerConfigJsonSecret(filename string, dockerConfigJsonSecret *DockerConfigJsonSecret) error {
if secretsDir, err := qc.GetCurrentContextSecretsDir(); err != nil {
return err
} else if encryptionKey, err := qc.GetEncryptionKeyForCurrent(); err != nil {
} else if publicKey, _, err := qc.GetCurrentContextEncryptionKeyPair(); err != nil {
return err
} else if dockerConfigJsonSecretYaml, err := dockerConfigJsonSecret.ToYaml(encryptionKey); err != nil {
} else if dockerConfigJsonSecretYaml, err := dockerConfigJsonSecret.ToYaml(publicKey); err != nil {
return err
} else if err := os.MkdirAll(secretsDir, os.ModePerm); err != nil {
return err
@@ -373,9 +307,9 @@ func (qc *QliksenseConfig) getDockerConfigJsonSecret(name string) (*DockerConfig
return nil, err
} else if dockerConfigJsonSecretYaml, err := ioutil.ReadFile(filepath.Join(secretsDir, name)); err != nil {
return nil, err
} else if encryptionKey, err := qc.GetEncryptionKeyForCurrent(); err != nil {
} else if _, privateKey, err := qc.GetCurrentContextEncryptionKeyPair(); err != nil {
return nil, err
} else if err := dockerConfigJsonSecret.FromYaml(dockerConfigJsonSecretYaml, encryptionKey); err != nil {
} else if err := dockerConfigJsonSecret.FromYaml(dockerConfigJsonSecretYaml, privateKey); err != nil {
return nil, err
}
return dockerConfigJsonSecret, nil
@@ -386,11 +320,11 @@ func (qc *QliksenseConfig) getCurrentContextEncryptionKeyPairLocation() (string,
if qcr, err := qc.GetCurrentCR(); err != nil {
return "", err
} else {
return qc.getContextEncryptionKeyLocation(qcr.GetName())
return qc.getContextEncryptionKeyPairLocation(qcr.GetName())
}
}
func (qc *QliksenseConfig) getContextEncryptionKeyLocation(contextName string) (string, error) {
func (qc *QliksenseConfig) getContextEncryptionKeyPairLocation(contextName string) (string, error) {
// Check env var: QLIKSENSE_KEY_LOCATION to determine location to store keypair
var secretKeyPairLocation string
if os.Getenv("QLIKSENSE_KEY_LOCATION") != "" {
@@ -400,9 +334,9 @@ func (qc *QliksenseConfig) getContextEncryptionKeyLocation(contextName string) (
// QLIKSENSE_KEY_LOCATION has not been set, hence storing key pair in default location:
// /.qliksense/secrets/contexts/<current-context>/secrets/
secretKeyPairLocation = filepath.Join(qc.QliksenseHomePath, qliksenseSecretsDirName, qliksenseContextsDirName, contextName, qliksenseSecretsDirName)
}
return secretKeyPairLocation, os.MkdirAll(secretKeyPairLocation, os.ModePerm)
}
return secretKeyPairLocation, nil
}
func (qc *QliksenseConfig) GetCurrentContextEjsonKeyDir() (string, error) {
@@ -417,25 +351,52 @@ func (qc *QliksenseConfig) GetCurrentContextEjsonKeyDir() (string, error) {
}
}
func (qc *QliksenseConfig) GetEncryptionKeyForCurrent() (string, error) {
func (qc *QliksenseConfig) GetCurrentContextEncryptionKeyPair() (*rsa.PublicKey, *rsa.PrivateKey, error) {
if qcr, err := qc.GetCurrentCR(); err != nil {
return "", err
return nil, nil, err
} else {
return qc.GetEncryptionKeyFor(qcr.GetName())
return qc.GetContextEncryptionKeyPair(qcr.GetName())
}
}
func (qc *QliksenseConfig) GetEncryptionKeyFor(contextName string) (string, error) {
secretKeyLocation, err := qc.getContextEncryptionKeyLocation(contextName)
func (qc *QliksenseConfig) GetContextEncryptionKeyPair(contextName string) (*rsa.PublicKey, *rsa.PrivateKey, error) {
secretKeyPairLocation, err := qc.getContextEncryptionKeyPairLocation(contextName)
if err != nil {
return "", err
return nil, nil, err
}
key, err := LoadSecretKey(secretKeyLocation)
if key != "" {
return key, nil
publicKeyFilePath := filepath.Join(secretKeyPairLocation, QliksensePublicKey)
privateKeyFilePath := filepath.Join(secretKeyPairLocation, QliksensePrivateKey)
// try to create the dir if it doesn't exist
if !FileExists(publicKeyFilePath) || !FileExists(privateKeyFilePath) {
LogDebugMessage("Qliksense secretKeyLocation dir does not exist, creating it now: %s", secretKeyPairLocation)
if err := os.MkdirAll(secretKeyPairLocation, os.ModePerm); err != nil {
err = fmt.Errorf("Not able to create %s dir: %v", secretKeyPairLocation, err)
log.Println(err)
return nil, nil, err
}
// generating and storing key-pair
err1 := GenerateAndStoreSecretKeypair(secretKeyPairLocation)
if err1 != nil {
err1 = fmt.Errorf("Not able to generate and store key pair for encryption")
log.Println(err1)
return nil, nil, err1
}
}
if publicKeyBytes, err := ReadKeys(publicKeyFilePath); err != nil {
LogDebugMessage("Not able to read public key")
return nil, nil, err
} else if privateKeyBytes, err := ReadKeys(privateKeyFilePath); err != nil {
LogDebugMessage("Not able to read private key")
return nil, nil, err
} else if rsaPublicKey, err := DecodeToPublicKey(publicKeyBytes); err != nil {
return nil, nil, err
} else if rsaPrivateKey, err := DecodeToPrivateKey(privateKeyBytes); err != nil {
return nil, nil, err
} else {
return rsaPublicKey, rsaPrivateKey, nil
}
fmt.Println("Generating new encryption key for the context: " + contextName)
return GenerateAndStoreSecretKey(secretKeyLocation)
}
func (cr *QliksenseCR) AddLabelToCr(key, value string) {
@@ -460,6 +421,17 @@ func (cr *QliksenseCR) GetString() (string, error) {
return string(out), nil
}
func (cr *QliksenseCR) GetImageRegistry() string {
for _, nameValues := range cr.Spec.Configs {
for _, nameValue := range nameValues {
if nameValue.Name == "imageRegistry" {
return nameValue.Value
}
}
}
return ""
}
func (cr *QliksenseCR) GetK8sSecretsFolder(qlikSenseHomeDir string) string {
return filepath.Join(qlikSenseHomeDir, qliksenseContextsDirName, cr.GetName(), qliksenseSecretsDirName)
}
@@ -497,7 +469,7 @@ func (cr *QliksenseCR) GetCustomCrdsPath() string {
func (qc *QliksenseConfig) GetDecryptedCr(cr *QliksenseCR) (*QliksenseCR, error) {
newCr := &QliksenseCR{}
copier.Copy(newCr, cr)
encryptionKey, err := qc.GetEncryptionKeyFor(cr.GetName())
_, rsaPrivateKey, err := qc.GetCurrentContextEncryptionKeyPair()
if err != nil {
return nil, err
}
@@ -510,7 +482,7 @@ func (qc *QliksenseConfig) GetDecryptedCr(cr *QliksenseCR) (*QliksenseCR, error)
if err != nil {
return nil, err
}
db, err := DecryptData(b, encryptionKey)
db, err := Decrypt(b, rsaPrivateKey)
if err != nil {
return nil, err
}
@@ -523,11 +495,6 @@ func (qc *QliksenseConfig) GetDecryptedCr(cr *QliksenseCR) (*QliksenseCR, error)
finalSecrets[k] = newNvs
}
newCr.Spec.Secrets = finalSecrets
if newCr.Spec.Git != nil && newCr.Spec.Git.AccessToken != "" {
decData := cr.GetFetchAccessToken(encryptionKey)
newCr.Spec.Git.AccessToken = decData
}
return newCr, nil
}

139
pkg/api/apis_test.go
View File

@@ -1,7 +1,6 @@
package api
import (
b64 "encoding/base64"
"fmt"
"io/ioutil"
"log"
@@ -53,6 +52,12 @@ spec:
qliksense:
- name: acceptEULA
value: "yes"
secrets:
qliksense:
- name: mongoDbUri
# this is rsa encrypted value, the pub and pri keys are in setuPublicAndPrivateKey() method
# actual value: mongodb://qlik-default-mongodb:27017/qliksense?ssl=false
value: n/pDi7Z/A3i16cAHFFwMp19/egNKc8WZxm6MKHLT/B1DMv3U6pDXWyXT5fYYDV1wDTO3Vk43yECST1UgZYmMpgUOwgSfGgqTVi2VqS0JQsnwI+Twwhnvha8RJANX8b/XIoSFVWaOgy7+RP35ZkvOqHdCfC2aT8JMIHgBQqqCbsNgimCuRSxi0klR000ic/Tp5PYSz5mD+WLrkPw2FbS0OVBsQ/hIp5GZrmVpvEOZdbT63Sz+n/G4Br6GTv2LkZcU7JBuKQm2wfB+mRjJmJnNrPawLfn2UZ89Rz0BLwIy+6b24/RoIUgoNowfGkJreGiwItGK8fjCcx11oavK/yAo6pYZXCcru46pmHbxxle1OlkdTKkG6EVtJuKjSZXtVmBHZYRFzsR7HnAiXnL7QzSEcS7ieZlQvTmNLfpidJhK199oSbyKREqXGl2S8DzPKM9RLccVbQTy6X8qWimP3MYCnO4K0KoQnNQAgfuV8ZxnvdDecByLDPIpmFMGy0Xm9pUZWxmSoDBq+p5WBI2HdCX2gCYVv5yxS2iBqO5SMKo8iOglHtPI9NIMvloERdN1vZtxSRkY5uDEfrU9ysYwfayEXxvXmdWv0HxlotcgUinP02j7k+OfIapTmY/jGfvF4euyCGRKuJ9JlSD9pIiRdAcekjL6hCxXLJLdajCV4sL/YDo=
`
ctx1Dir := filepath.Join(homeDir, "contexts", "contx1")
crFile := filepath.Join(ctx1Dir, "contx1.yaml")
@@ -101,24 +106,21 @@ func TestGetDecryptedCr(t *testing.T) {
t.Fail()
t.Log(e)
}
qcr, err := qct.GetCurrentCR()
if err != nil {
t.Fail()
t.Log(err)
}
key, _ := setupGenerateKey(dir)
ecn, _ := EncryptData([]byte("mongodb://qlik-default-mongodb:27017/qliksense?ssl=false"), key)
b := b64.StdEncoding.EncodeToString(ecn)
qcr.Spec.AddToSecrets("qliksense", "mongodbUri", b, "")
qcr.SetFetchAccessToken("mytoken", key)
setuPublicAndPrivateKey(dir)
newCr, err := qct.GetDecryptedCr(qcr)
if err != nil {
t.Fail()
t.Log(err)
}
decryptedValue := newCr.Spec.GetFromSecrets("qliksense", "mongodbUri")
orignalValue := qcr.Spec.GetFromSecrets("qliksense", "mongodbUri")
decryptedValue := newCr.Spec.GetFromSecrets("qliksense", "mongoDbUri")
orignalValue := qcr.Spec.GetFromSecrets("qliksense", "mongoDbUri")
if decryptedValue != "mongodb://qlik-default-mongodb:27017/qliksense?ssl=false" {
t.Fail()
b, _ := K8sToYaml(newCr)
@@ -127,12 +129,77 @@ func TestGetDecryptedCr(t *testing.T) {
if decryptedValue == orignalValue {
t.Fail()
}
if newCr.Spec.Git.AccessToken != "mytoken" {
t.Fail()
}
td()
}
func setupGenerateKey(homeDir string) (string, error) {
func setuPublicAndPrivateKey(homeDir string) ([]byte, []byte, error) {
privKeyBytes := []byte(`-----BEGIN RSA PRIVATE KEY-----
MIIJJwIBAAKCAgEAwUCimKCidbF3UxEHPy8K+hvhklRB9JYhj5sJy0if4lTVibkK
1MrYCykOnmC40pPU9GLY1b8HxAg9tvyRn0YHUxOra6vVQaVcOVJhTM8D18d+lSr3
Lp1yiX+UGT4nzWI9+R1CCbwXrqeQVoZs6QZKynEXMkFI9/wNMOwPOvQFOSTuoEoC
O+zyTyUWEkNbUq825ELUQdIsjgmlWUOONudxsAr7ESRXW9QTHVh6uWmr3VRKZHby
1JdU3I/wjdlGg5M2dDuXy5nQO9w/nYLjJXiw+zzOetZ/+t7/VOkOpNTeJQhwTM1W
F7Y2VLetbi9FHgyzHatrduh07+XEiTbgDf3GIx2bp2p6oh0G3N2zpiLcK/aZj8ro
uWWydfFfsU3MZ4FfJDP8I6b9awxjmKYqIr6hiPQCJaLBED8mwK+I5evIbnKv6E6u
K+BApWA/R7ElragoFYbqQ1VpvntVMtJt9Dy5ZrI+IQARdXD3bb34oh0IPBhClnvv
MUc1cWxDoXEX6oJ4I+LzxE87Zkwnan9qOwengolMVKFwPx1o37qrbmrXID21kKt7
FL6xN4HxHLkItr1fKzdyWDFRHgASTAWfx5BIwvPuUW0vZHkvO80VyV2L63whVhPn
PASmFkbviomrBttYfpr2aGQqF/qR1Nlxe834MFxk1pS9LMa/WnzvFr0gWakCAwEA
AQKCAgARSp9B2N2wejibDiL/3E23I1eDqFZedDB8kPrHXbAwqDaTJCN79spt9TaB
pVXkQaYEV/Pe7EDdoX8kKGU/QxzUqiXkdHOYdBtUZbKfFMbbP9ZrsnR7j0r4UpoF
yDH3hprU93E5PcNAtW2M0GpeT1nR01yn+n908PCdOAIE3GC7RDq1zOl2QzVLL55R
9ATv2Q2oTvJ/ETc7XlGVMx4+e2cIwXLFjeLjLI6pSYlxnarrGuetJZeEviWxto9n
odFVZI6yx8JFTXX8ZTCr/1IjwDDVyhMPmrHI2Lsv9cqBpSpbVe32cUkKxhsGaYjz
GvesQKamOPhco2ATNxPm0yopFlPsGKMfVl0BK0J6BqFh1BvU/SYJmXfnFuUNO3vV
4u2Saa0q1iddxV0rXDwIqUfn+S6rwzK0G7y8bH2yvpB2VwiG3TFPnULep4wsefNq
Fj92kqFBjacGpQLEEslUY0CMgeZ2+NuBQSUTscP3wBRsottMR6YXJtINdvfHBx+e
EcN71z8D00w3mYqIQ7qb4Ml6HOqknunn58g43L9sACMUMTlEBXa9pUnScNYgWBAz
W2q2mH37cIydM2JRZPpA8B4yTHt5ugJmChwyNFM7941arjKrebH+6AzLkofGedOP
zg+vZQuPEXWs+3MBBnkWoyJW3Y0fbQdjsuQTtnd+7iyoxoBroQKCAQEA4dIiFlIS
MDfRhQQWSiDvaw9aneDEJ3uo63ZRH5tm/IynLgtjYgEm/ZxlBCQgqRKLYELBxhu8
SaF0uPK8pmpFJt0mIwSlsdeVhuE2obQeKUCczaqrKeaHS3PdWLjTlwph81BGRkHy
qfqtNylyyMxrdEbnR51EtsWgFq6anTUAui1Q09JMuMNZRMOzDs1F4gExgD22rc0V
c9YQ+jHJRxBGtNKMpMEqc8cvaxBidbItrN9SMTSWog7uYPBuEuaJ6K9vpgyJMOzJ
SYcQEFGqgIqIDCg+ABE4d/4YROMKZ1DV/bJCind9brUHSx6XALsF0nC5c1Q9TnUL
qI2khOwts4KYKwKCAQEA2xRC6Az97Vkdzu7BjLJ1FKmx4S2nEEgVS12ds82U+5Xf
BHKAJnjqlqmmpzzJG+d77IYktz0+mey1QCNkqlm2fhuKs8LZMnpZRf0l8VcoBsUP
/xKz7wfiE7RRFZtLJhPp4hhe43GzX5/JFMWMnC6UykwQbj4t1E/GNM/Suqwvg12M
wktAJ6nqLgfhjQSO4xWo+nPzcbX+fNtrPCZVrBhYXihhcwRRNImWUCGJ6J4LMdPY
Y9Z59qhOvE9cReH/Xw1av46omyiSyAqlgPyZ/kzA2IJSqYCjiQR/2+RD/g13jpcJ
jatXLVZ8MJSL5OTS40G/HHTNNpNHbKKh0GOyxBA3ewKCAQBAn8UXhCcmW2L/YPsL
/b7mcX9qPP+FmRLvR23R0MQ5M/tH5wRq8I969n3GIJykJeVzB8eybQ+GNslTgEvS
iAkAJTubu+G7MkndTqg2wHf9MDtvdA8Fr646Po8yq7oJuHPtkKR7yLWsRUu6xIbP
xgheP0hCq1QVxhqZQyCGKrvpi7xc0gsYuPbcAfFFJCOCmPrUi1SzCkTAYJt9LjA+
wP6rErIjGBCRD4iXaBn1OqdtmH9KC5WsDP/VCBlIGWeQCly2NVIxiSHVg+xp7yUP
IhXq/L05gbQaSsIhPKQmivCiaJg4The8TdwneDqYf+0bmxzHT203/bD3bImPbJNr
ksz/AoIBAEwu4Y1cZzkQUmNRd5D7xecnk6ngfEYXKwCIT3zlMrfCSEl9n77BMaKu
4Dsr0iuX9eosQ7xM2eYhAG6LYEg05lc4MKWOToVVMpI6E+W3Dz47bPKgiF3I+f8s
Jz5CQIG/TwfGvciOE3hfUkec4ua09BzdEqGjkcBQ9XYMBxXPJr6h2379OBQS7FKR
fwfQ2/dv4tElXTTfut2kV8gU9Jnh5Wjo1epvR+XjKpg28YQo4W+0YX1magcyRB8L
4eSTUIC3XiVa8Jr0IwbZXPBb5xkdi7o+p4w2JahSHjxTRqmj+T1mnHXdbXVgq9Mg
9Pzl7cgFZvX4UBx4XtASRf73jITNtt0CggEADH9K+O7FrIOSQly0sMvsRCMtejp3
o+MDh1Q+vEg2kEgNXjS4ZFVljUpM2kg1OdUz7feS4dLXUJiIQ8ZWtZPedcq7wjHd
02he5+s06l0jPifN3tX1ADfXGpXg5R2fbkrIzakkPP5/RO/aDxIUo7qhklNsVTXO
VlGGfWLdk0ekA4upKm02Q1+YOlbIcAicEYYY8K7IffUwnohzKwL9yfuGi1VKTXpE
4fzdegsHI03FSqR7V+LvtBpIupQ7RO4kuBmCEyI4E9FVknchg4te4gO3qwd9y0rJ
Gu7HNIOrwOHzviI7J6Nd/l9MmeKqklHSgJvko/f5TmiXuQQ8xDZf84rcjQ==
-----END RSA PRIVATE KEY-----
`)
publicKeyBytes := []byte(`-----BEGIN RSA PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwUCimKCidbF3UxEHPy8K
+hvhklRB9JYhj5sJy0if4lTVibkK1MrYCykOnmC40pPU9GLY1b8HxAg9tvyRn0YH
UxOra6vVQaVcOVJhTM8D18d+lSr3Lp1yiX+UGT4nzWI9+R1CCbwXrqeQVoZs6QZK
ynEXMkFI9/wNMOwPOvQFOSTuoEoCO+zyTyUWEkNbUq825ELUQdIsjgmlWUOONudx
sAr7ESRXW9QTHVh6uWmr3VRKZHby1JdU3I/wjdlGg5M2dDuXy5nQO9w/nYLjJXiw
+zzOetZ/+t7/VOkOpNTeJQhwTM1WF7Y2VLetbi9FHgyzHatrduh07+XEiTbgDf3G
Ix2bp2p6oh0G3N2zpiLcK/aZj8rouWWydfFfsU3MZ4FfJDP8I6b9awxjmKYqIr6h
iPQCJaLBED8mwK+I5evIbnKv6E6uK+BApWA/R7ElragoFYbqQ1VpvntVMtJt9Dy5
ZrI+IQARdXD3bb34oh0IPBhClnvvMUc1cWxDoXEX6oJ4I+LzxE87Zkwnan9qOwen
golMVKFwPx1o37qrbmrXID21kKt7FL6xN4HxHLkItr1fKzdyWDFRHgASTAWfx5BI
wvPuUW0vZHkvO80VyV2L63whVhPnPASmFkbviomrBttYfpr2aGQqF/qR1Nlxe834
MFxk1pS9LMa/WnzvFr0gWakCAwEAAQ==
-----END RSA PUBLIC KEY-----
`)
secretKeyPairDir := filepath.Join(homeDir, "secrets", "contexts", "contx1", "secrets")
if err := os.MkdirAll(secretKeyPairDir, 0777); err != nil {
err = fmt.Errorf("Not able to create directories")
@@ -140,33 +207,19 @@ func setupGenerateKey(homeDir string) (string, error) {
}
os.Setenv("QLIKSENSE_KEY_LOCATION", secretKeyPairDir)
key, _ := LoadSecretKey(secretKeyPairDir)
if key == "" {
return GenerateAndStoreSecretKey(secretKeyPairDir)
privKeyFile := filepath.Join(secretKeyPairDir, "qliksensePriv")
// construct and write priv key file into secretsDir location
err := ioutil.WriteFile(privKeyFile, privKeyBytes, 0777)
if err != nil {
log.Printf("Error while creating file: %v", err)
return nil, nil, err
}
return key, nil
}
func Test_set_and_get_fetch_access_token(t *testing.T) {
td, homeDir := setup()
defer td()
createCRFile(homeDir)
crFile := filepath.Join("contexts", "contx1", "contx1.yaml")
qConfig := NewQConfig(homeDir)
newQ, _ := qConfig.SetCrLocation("contx1", crFile)
newQ.Write()
qConfig = NewQConfig(homeDir)
qcr, _ := qConfig.GetCurrentCR()
key, _ := qConfig.GetEncryptionKeyFor(qcr.GetName())
if err := qcr.SetFetchAccessToken("mytokenbeforeencryption", key); err != nil {
t.Log(err)
t.FailNow()
}
tok := qcr.GetFetchAccessToken(key)
if tok != "mytokenbeforeencryption" {
t.Log("Expected: mytokenbeforeencryption, got: " + tok)
t.Fail()
}
pubKeyFile := filepath.Join(secretKeyPairDir, "qliksensePub")
// construct and write pub key file into secretsDir location
err = ioutil.WriteFile(pubKeyFile, publicKeyBytes, 0777)
if err != nil {
log.Printf("Error while creating file: %v", err)
return nil, nil, err
}
return publicKeyBytes, privKeyBytes, nil
}

727
pkg/api/clientgo_utils.go
View File

@@ -1,727 +0,0 @@
package api
import (
"bytes"
"fmt"
"io"
"io/ioutil"
"os"
"path/filepath"
"time"
"github.com/mitchellh/go-homedir"
appsv1 "k8s.io/api/apps/v1"
apiv1 "k8s.io/api/core/v1"
k8serrors "k8s.io/apimachinery/pkg/api/errors"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/labels"
"k8s.io/apimachinery/pkg/util/wait"
"k8s.io/client-go/kubernetes"
"k8s.io/client-go/rest"
"k8s.io/client-go/tools/clientcmd"
"k8s.io/client-go/util/retry"
)
var gracePeriod int64 = 0
var waitTimeout = 2 * time.Minute
type ClientGoUtils struct {
Verbose bool
}
func (p *ClientGoUtils) LogVerboseMessage(strMessage string, args ...interface{}) {
if p.Verbose || os.Getenv("QLIKSENSE_DEBUG") == "true" {
fmt.Printf(strMessage, args...)
}
}
func int32Ptr(i int32) *int32 { return &i }
func (p *ClientGoUtils) LoadKubeConfigAndNamespace() (string, []byte, error) {
LogDebugMessage("Reading .kube/config file...")
homeDir, err := homedir.Dir()
if err != nil {
err = fmt.Errorf("Unable to deduce home dir")
return "", nil, err
}
LogDebugMessage("Kube config location: %s\n\n", filepath.Join(homeDir, ".kube", "config"))
kubeConfig := filepath.Join(homeDir, ".kube", "config")
kubeConfigContents, err := ioutil.ReadFile(kubeConfig)
if err != nil {
err = fmt.Errorf("Unable to deduce home dir")
return "", nil, err
}
// retrieve namespace
namespace := GetKubectlNamespace()
// if namespace comes back empty, we will run checks in the default namespace
if namespace == "" {
namespace = "default"
}
return namespace, kubeConfigContents, nil
}
func (p *ClientGoUtils) RetryOnError(mf func() error) error {
return retry.OnError(wait.Backoff{
Duration: 1 * time.Second,
Factor: 1,
Jitter: 0.1,
Steps: 5,
}, func(err error) bool {
return k8serrors.IsConflict(err) || k8serrors.IsGone(err) || k8serrors.IsServerTimeout(err) ||
k8serrors.IsServiceUnavailable(err) || k8serrors.IsTimeout(err) || k8serrors.IsTooManyRequests(err)
}, mf)
}
func (p *ClientGoUtils) GetK8SClientSet(kubeconfig []byte, contextName string) (*kubernetes.Clientset, *rest.Config, error) {
var clientConfig *rest.Config
var err error
if len(kubeconfig) == 0 {
clientConfig, err = rest.InClusterConfig()
if err != nil {
err = fmt.Errorf("Unable to load in-cluster kubeconfig: %w", err)
return nil, nil, err
}
} else {
config, err := clientcmd.Load(kubeconfig)
if err != nil {
err = fmt.Errorf("Unable to load kubeconfig: %w", err)
return nil, nil, err
}
if contextName != "" {
config.CurrentContext = contextName
}
clientConfig, err = clientcmd.NewDefaultClientConfig(*config, &clientcmd.ConfigOverrides{}).ClientConfig()
if err != nil {
err = fmt.Errorf("Unable to create client config from config: %w", err)
return nil, nil, err
}
}
clientset, err := kubernetes.NewForConfig(clientConfig)
if err != nil {
err = fmt.Errorf("Unable to create clientset: %w", err)
return nil, nil, err
}
return clientset, clientConfig, nil
}
func (p *ClientGoUtils) CreatePreflightTestDeployment(clientset kubernetes.Interface, namespace string, depName string, imageName string) (*appsv1.Deployment, error) {
deploymentsClient := clientset.AppsV1().Deployments(namespace)
deployment := &appsv1.Deployment{
ObjectMeta: v1.ObjectMeta{
Name: depName,
},
Spec: appsv1.DeploymentSpec{
Replicas: int32Ptr(1),
Selector: &v1.LabelSelector{
MatchLabels: map[string]string{
"app": "preflight-check",
},
},
Template: apiv1.PodTemplateSpec{
ObjectMeta: v1.ObjectMeta{
Labels: map[string]string{
"app": "preflight-check",
"label": "preflight-check-label",
},
},
Spec: apiv1.PodSpec{
Containers: []apiv1.Container{
{
Name: "dep",
Image: imageName,
Ports: []apiv1.ContainerPort{
{
Name: "http",
Protocol: apiv1.ProtocolTCP,
ContainerPort: 80,
},
},
},
},
},
},
},
}
// Create Deployment
var result *appsv1.Deployment
if err := p.RetryOnError(func() (err error) {
result, err = deploymentsClient.Create(deployment)
return err
}); err != nil {
err = fmt.Errorf("unable to create deployments in the %s namespace: %w", namespace, err)
return nil, err
}
p.LogVerboseMessage("Created deployment %q\n", result.GetObjectMeta().GetName())
return deployment, nil
}
func (p *ClientGoUtils) getDeployment(clientset kubernetes.Interface, namespace, depName string) (*appsv1.Deployment, error) {
deploymentsClient := clientset.AppsV1().Deployments(namespace)
var deployment *appsv1.Deployment
if err := p.RetryOnError(func() (err error) {
deployment, err = deploymentsClient.Get(depName, v1.GetOptions{})
return err
}); err != nil {
err = fmt.Errorf("unable to get deployments in the %s namespace: %w", namespace, err)
LogDebugMessage("%v\n", err)
return nil, err
}
return deployment, nil
}
func (p *ClientGoUtils) DeleteDeployment(clientset kubernetes.Interface, namespace, name string) error {
deploymentsClient := clientset.AppsV1().Deployments(namespace)
// Create Deployment
deletePolicy := v1.DeletePropagationForeground
deleteOptions := v1.DeleteOptions{
PropagationPolicy: &deletePolicy,
GracePeriodSeconds: &gracePeriod,
}
if err := p.RetryOnError(func() (err error) {
return deploymentsClient.Delete(name, &deleteOptions)
}); err != nil {
return err
}
if err := p.WaitForDeploymentToDelete(clientset, namespace, name); err != nil {
return err
}
p.LogVerboseMessage("Deleted deployment: %s\n", name)
return nil
}
func (p *ClientGoUtils) CreatePreflightTestService(clientset kubernetes.Interface, namespace string, svcName string) (*apiv1.Service, error) {
iptr := int32Ptr(80)
servicesClient := clientset.CoreV1().Services(namespace)
service := &apiv1.Service{
ObjectMeta: v1.ObjectMeta{
Name: svcName,
Namespace: namespace,
Labels: map[string]string{
"app": "preflight-check",
},
},
Spec: apiv1.ServiceSpec{
Ports: []apiv1.ServicePort{
{Name: "port1",
Port: *iptr,
},
},
Selector: map[string]string{
"app": "preflight-check",
},
ClusterIP: "",
},
}
var result *apiv1.Service
if err := p.RetryOnError(func() (err error) {
result, err = servicesClient.Create(service)
return err
}); err != nil {
return nil, err
}
p.LogVerboseMessage("Created service %q\n", result.GetObjectMeta().GetName())
return service, nil
}
func (p *ClientGoUtils) GetService(clientset kubernetes.Interface, namespace, svcName string) (*apiv1.Service, error) {
servicesClient := clientset.CoreV1().Services(namespace)
var svc *apiv1.Service
if err := p.RetryOnError(func() (err error) {
svc, err = servicesClient.Get(svcName, v1.GetOptions{})
return err
}); err != nil {
err = fmt.Errorf("unable to get services in the %s namespace: %w", namespace, err)
return nil, err
}
return svc, nil
}
func (p *ClientGoUtils) DeleteService(clientset kubernetes.Interface, namespace, name string) error {
servicesClient := clientset.CoreV1().Services(namespace)
// Create Deployment
deletePolicy := v1.DeletePropagationForeground
deleteOptions := v1.DeleteOptions{
PropagationPolicy: &deletePolicy,
}
if err := p.RetryOnError(func() (err error) {
return servicesClient.Delete(name, &deleteOptions)
}); err != nil {
return err
}
p.LogVerboseMessage("Deleted service: %s\n", name)
return nil
}
func (p *ClientGoUtils) DeletePod(clientset kubernetes.Interface, namespace, name string) error {
podsClient := clientset.CoreV1().Pods(namespace)
deletePolicy := v1.DeletePropagationForeground
deleteOptions := v1.DeleteOptions{
PropagationPolicy: &deletePolicy,
GracePeriodSeconds: &gracePeriod,
}
if err := p.RetryOnError(func() (err error) {
return podsClient.Delete(name, &deleteOptions)
}); err != nil {
return err
}
if err := p.waitForPodToDelete(clientset, namespace, name); err != nil {
return err
}
p.LogVerboseMessage("Deleted pod: %s\n", name)
return nil
}
func (p *ClientGoUtils) CreatePreflightTestPod(clientset kubernetes.Interface, namespace, podName, imageName string, secretNames map[string]string, commandToRun []string) (*apiv1.Pod, error) {
// build the pod definition we want to deploy
pod := &apiv1.Pod{
ObjectMeta: v1.ObjectMeta{
Name: podName,
Namespace: namespace,
Labels: map[string]string{
"app": "preflight",
},
},
Spec: apiv1.PodSpec{
RestartPolicy: apiv1.RestartPolicyNever,
Containers: []apiv1.Container{
{
Name: "cnt",
Image: imageName,
ImagePullPolicy: apiv1.PullIfNotPresent,
Command: commandToRun,
},
},
},
}
if len(secretNames) > 0 {
for secretName, mountPath := range secretNames {
pod.Spec.Volumes = append(pod.Spec.Volumes, apiv1.Volume{
Name: secretName,
VolumeSource: apiv1.VolumeSource{
Secret: &apiv1.SecretVolumeSource{
SecretName: secretName,
Items: []apiv1.KeyToPath{
{
Key: secretName,
Path: filepath.Base(mountPath),
},
},
},
},
})
if len(pod.Spec.Containers) > 0 {
pod.Spec.Containers[0].VolumeMounts = append(pod.Spec.Containers[0].VolumeMounts, apiv1.VolumeMount{
Name: secretName,
MountPath: filepath.Dir(mountPath),
ReadOnly: true,
})
}
}
}
// now create the pod in kubernetes cluster using the clientset
if err := p.RetryOnError(func() (err error) {
pod, err = clientset.CoreV1().Pods(namespace).Create(pod)
return err
}); err != nil {
return nil, err
}
p.LogVerboseMessage("Created pod: %s\n", pod.Name)
return pod, nil
}
func (p *ClientGoUtils) getPod(clientset kubernetes.Interface, namespace, podName string) (*apiv1.Pod, error) {
LogDebugMessage("Fetching pod: %s\n", podName)
var pod *apiv1.Pod
if err := p.RetryOnError(func() (err error) {
pod, err = clientset.CoreV1().Pods(namespace).Get(podName, v1.GetOptions{})
return err
}); err != nil {
LogDebugMessage("%v\n", err)
return nil, err
}
return pod, nil
}
func (p *ClientGoUtils) GetPodLogs(clientset kubernetes.Interface, pod *apiv1.Pod) (string, error) {
return p.GetPodContainerLogs(clientset, pod, "")
}
func (p *ClientGoUtils) GetPodContainerLogs(clientset kubernetes.Interface, pod *apiv1.Pod, container string) (string, error) {
podLogOpts := apiv1.PodLogOptions{}
if container != "" {
podLogOpts.Container = container
}
LogDebugMessage("Retrieving logs for pod: %s namespace: %s\n", pod.GetName(), pod.Namespace)
req := clientset.CoreV1().Pods(pod.Namespace).GetLogs(pod.Name, &podLogOpts)
podLogs, err := req.Stream()
if err != nil {
return "", err
}
defer podLogs.Close()
buf := new(bytes.Buffer)
_, err = io.Copy(buf, podLogs)
if err != nil {
return "", err
}
LogDebugMessage("Log from pod: %s\n", buf.String())
return buf.String(), nil
}
func (p *ClientGoUtils) waitForResource(checkFunc func() (interface{}, error), validateFunc func(interface{}) bool) error {
timeout := time.NewTicker(waitTimeout)
defer timeout.Stop()
OUT:
for {
r, err := checkFunc()
if err != nil {
return err
}
select {
case <-timeout.C:
break OUT
default:
if validateFunc(r) {
break OUT
}
}
time.Sleep(5 * time.Second)
}
return nil
}
func (p *ClientGoUtils) WaitForDeployment(clientset kubernetes.Interface, namespace string, pfDeployment *appsv1.Deployment) error {
var err error
depName := pfDeployment.GetName()
checkFunc := func() (interface{}, error) {
pfDeployment, err = p.getDeployment(clientset, namespace, depName)
if err != nil {
err = fmt.Errorf("unable to retrieve deployment: %s\n", depName)
return nil, err
}
return pfDeployment, nil
}
validateFunc := func(data interface{}) bool {
d := data.(*appsv1.Deployment)
return int(d.Status.ReadyReplicas) > 0
}
if err := p.waitForResource(checkFunc, validateFunc); err != nil {
return err
}
if int(pfDeployment.Status.ReadyReplicas) == 0 {
err = fmt.Errorf("deployment took longer than expected to spin up pods")
return err
}
return nil
}
func (p *ClientGoUtils) WaitForPod(clientset kubernetes.Interface, namespace string, pod *apiv1.Pod) error {
var err error
if len(pod.Spec.Containers) == 0 {
err = fmt.Errorf("there are no containers in the pod")
return err
}
podName := pod.Name
checkFunc := func() (interface{}, error) {
pod, err = p.getPod(clientset, namespace, podName)
if err != nil {
err = fmt.Errorf("unable to retrieve %s pod by name", podName)
return nil, err
}
return pod, nil
}
validateFunc := func(data interface{}) bool {
po := data.(*apiv1.Pod)
return po.Status.Phase == apiv1.PodRunning || po.Status.Phase == apiv1.PodSucceeded || po.Status.Phase == apiv1.PodFailed
}
if err := p.waitForResource(checkFunc, validateFunc); err != nil {
return err
}
if pod.Status.Phase != apiv1.PodRunning && pod.Status.Phase != apiv1.PodSucceeded && pod.Status.Phase != apiv1.PodFailed {
err = fmt.Errorf("container is taking much longer than expected")
return err
}
return nil
}
func (p *ClientGoUtils) WaitForPodToDie(clientset kubernetes.Interface, namespace string, pod *apiv1.Pod) error {
podName := pod.Name
checkFunc := func() (interface{}, error) {
po, err := p.getPod(clientset, namespace, podName)
if err != nil {
err = fmt.Errorf("unable to retrieve %s pod by name", podName)
return nil, err
}
return po, nil
}
validateFunc := func(r interface{}) bool {
po := r.(*apiv1.Pod)
return po.Status.Phase == apiv1.PodFailed || po.Status.Phase == apiv1.PodSucceeded
}
if err := p.waitForResource(checkFunc, validateFunc); err != nil {
return err
}
return nil
}
func (p *ClientGoUtils) waitForPodToDelete(clientset kubernetes.Interface, namespace, podName string) error {
checkFunc := func() (interface{}, error) {
po, err := p.getPod(clientset, namespace, podName)
if err != nil {
return nil, err
}
return po, nil
}
validateFunc := func(po interface{}) bool {
return false
}
if err := p.waitForResource(checkFunc, validateFunc); err != nil {
return nil
}
err := fmt.Errorf("delete pod is taking unusually long")
return err
}
func (p *ClientGoUtils) WaitForDeploymentToDelete(clientset kubernetes.Interface, namespace, deploymentName string) error {
checkFunc := func() (interface{}, error) {
dep, err := p.getDeployment(clientset, namespace, deploymentName)
if err != nil {
return nil, err
}
return dep, nil
}
validateFunc := func(po interface{}) bool {
return false
}
if err := p.waitForResource(checkFunc, validateFunc); err != nil {
return nil
}
err := fmt.Errorf("delete deployment is taking unusually long")
return err
}
func (p *ClientGoUtils) CreatePreflightTestSecret(clientset kubernetes.Interface, namespace, secretName string, secretData []byte) (*apiv1.Secret, error) {
var secret *apiv1.Secret
var err error
// build the secret defination we want to create
secretSpec := &apiv1.Secret{
ObjectMeta: v1.ObjectMeta{
Name: secretName,
Namespace: namespace,
Labels: map[string]string{
"app": "preflight",
},
},
Data: map[string][]byte{
secretName: secretData,
},
}
// now create the secret in kubernetes cluster using the clientset
if err = p.RetryOnError(func() (err error) {
secret, err = clientset.CoreV1().Secrets(namespace).Create(secretSpec)
return err
}); err != nil {
return nil, err
}
p.LogVerboseMessage("Created Secret: %s\n", secret.Name)
return secret, nil
}
func (p *ClientGoUtils) DeleteK8sSecret(clientset kubernetes.Interface, namespace string, secretName string) error {
secretClient := clientset.CoreV1().Secrets(namespace)
deletePolicy := v1.DeletePropagationForeground
deleteOptions := v1.DeleteOptions{
PropagationPolicy: &deletePolicy,
}
err := secretClient.Delete(secretName, &deleteOptions)
if err != nil {
return err
}
p.LogVerboseMessage("Deleted Secret: %s\n", secretName)
return nil
}
func (p *ClientGoUtils) CreateStatefulSet(clientset kubernetes.Interface, namespace string, statefulSetName string, imageName string) (*appsv1.StatefulSet, error) {
statefulSetsClient := clientset.AppsV1().StatefulSets(namespace)
statefulset := &appsv1.StatefulSet{
ObjectMeta: v1.ObjectMeta{
Name: statefulSetName,
},
Spec: appsv1.StatefulSetSpec{
Replicas: int32Ptr(1),
Selector: &v1.LabelSelector{
MatchLabels: map[string]string{
"app": "postflight-check",
},
},
Template: apiv1.PodTemplateSpec{
ObjectMeta: v1.ObjectMeta{
Labels: map[string]string{
"app": "postflight-check",
"label": "postflight-check-label",
},
},
Spec: apiv1.PodSpec{
InitContainers: []apiv1.Container{
{
Name: "migration",
Image: "ubuntu",
ImagePullPolicy: apiv1.PullIfNotPresent,
// Command: []string{"bash", "-c", "for i in {1..10}; do echo \"from init container...\"; sleep 1; done"},
Command: []string{"bash", "-c", "for i in {1..10}; do echo \"from init container...\"; sleep 1; exit 1; done"},
},
},
Containers: []apiv1.Container{
{
Name: "statefulset",
Image: imageName,
Ports: []apiv1.ContainerPort{
{
Name: "http",
Protocol: apiv1.ProtocolTCP,
ContainerPort: 80,
},
},
},
},
},
},
},
}
// Create Statefulset
var result *appsv1.StatefulSet
if err := p.RetryOnError(func() (err error) {
result, err = statefulSetsClient.Create(statefulset)
return err
}); err != nil {
err = fmt.Errorf("unable to create statefulsets in the %s namespace: %w", namespace, err)
return nil, err
}
LogDebugMessage("Created statefulset %q\n", result.GetObjectMeta().GetName())
return statefulset, nil
}
func (p *ClientGoUtils) waitForStatefulSet(clientset kubernetes.Interface, namespace string, pfStatefulset *appsv1.StatefulSet) error {
var err error
statefulsetName := pfStatefulset.GetName()
checkFunc := func() (interface{}, error) {
pfStatefulset, err = p.getStatefulset(clientset, namespace, statefulsetName)
if err != nil {
err = fmt.Errorf("unable to retrieve stateful set: %s\n", statefulsetName)
return nil, err
}
return pfStatefulset, nil
}
validateFunc := func(data interface{}) bool {
s := data.(*appsv1.StatefulSet)
return int(s.Status.ReadyReplicas) > 0
}
if err := p.waitForResource(checkFunc, validateFunc); err != nil {
return err
}
if int(pfStatefulset.Status.ReadyReplicas) == 0 {
err = fmt.Errorf("deployment took longer than expected to spin up pods")
return err
}
return nil
}
func (p *ClientGoUtils) getStatefulset(clientset kubernetes.Interface, namespace, statefulsetName string) (*appsv1.StatefulSet, error) {
statefulsetsClient := clientset.AppsV1().StatefulSets(namespace)
var statefulset *appsv1.StatefulSet
if err := p.RetryOnError(func() (err error) {
statefulset, err = statefulsetsClient.Get(statefulsetName, v1.GetOptions{})
return err
}); err != nil {
err = fmt.Errorf("unable to get statefulsets in the %s namespace: %w", namespace, err)
fmt.Printf("%v\n", err)
return nil, err
}
return statefulset, nil
}
func (p *ClientGoUtils) deleteStatefulSet(clientset kubernetes.Interface, namespace, name string) error {
statefulsetClient := clientset.AppsV1().StatefulSets(namespace)
deletePolicy := v1.DeletePropagationForeground
deleteOptions := v1.DeleteOptions{
PropagationPolicy: &deletePolicy,
GracePeriodSeconds: &gracePeriod,
}
if err := p.RetryOnError(func() (err error) {
return statefulsetClient.Delete(name, &deleteOptions)
}); err != nil {
return err
}
if err := p.waitForStatefulsetToDelete(clientset, namespace, name); err != nil {
return err
}
LogDebugMessage("Deleted statefulset: %s\n", name)
return nil
}
func (p *ClientGoUtils) waitForStatefulsetToDelete(clientset kubernetes.Interface, namespace, statefulsetName string) error {
checkFunc := func() (interface{}, error) {
statefulset, err := p.getStatefulset(clientset, namespace, statefulsetName)
if err != nil {
return nil, err
}
return statefulset, nil
}
validateFunc := func(po interface{}) bool {
return false
}
if err := p.waitForResource(checkFunc, validateFunc); err != nil {
return nil
}
err := fmt.Errorf("delete statefulset is taking unusually long")
return err
}
func (p *ClientGoUtils) GetPodsAndPodLogsFromFailedInitContainer(clientset kubernetes.Interface, lbls map[string]string, namespace, containerName string) (map[string]string, error) {
set := labels.Set(lbls)
listOptions := v1.ListOptions{LabelSelector: set.AsSelector().String()}
podList, err := clientset.CoreV1().Pods(namespace).List(listOptions)
if err != nil {
err = fmt.Errorf("unable to get podlist: %v", err)
fmt.Printf("%s\n", err)
}
LogDebugMessage("%d Pods retrieved\n ", len(podList.Items))
// var logs map[string]string
logs := map[string]string{}
for _, pod := range podList.Items {
LogDebugMessage("pod: %v\n", pod.GetName())
LogDebugMessage("%d init containers retrieved\n", len(pod.Spec.InitContainers))
for _, cs := range pod.Status.InitContainerStatuses {
if cs.Name == containerName && ((cs.State.Terminated != nil && (cs.State.Terminated.Reason != "Completed" || cs.State.Terminated.ExitCode > 0)) ||
(cs.LastTerminationState.Terminated != nil && (cs.LastTerminationState.Terminated.Reason != "Completed" || cs.LastTerminationState.Terminated.ExitCode > 0))) {
logs[pod.GetName()], err = p.GetPodContainerLogs(clientset, &pod, cs.Name)
if err != nil {
err = fmt.Errorf("unable to get pod logs: %v", err)
fmt.Printf("%s\n", err)
return nil, err
}
}
}
}
return logs, nil
}

1950
pkg/api/clientgo_utils_test.go
View File

File diff suppressed because it is too large Load Diff

14
pkg/api/context_apis.go
View File

@@ -7,7 +7,6 @@ import (
"io/ioutil"
"log"
"os"
"strings"
"github.com/qlik-oss/k-apis/pkg/config"
"k8s.io/apimachinery/pkg/runtime/schema"
@@ -23,9 +22,10 @@ const (
QliksenseKind = "Qliksense"
QliksenseGroup = "qlik.com"
QliksenseDefaultProfile = "docker-desktop"
DefaultRotateKeys = "yes"
QliksenseMetadataName = "QliksenseConfigMetadata"
DefaultMongodbUri = "mongodb://qlik-default-mongodb:27017/qliksense?ssl=false"
DefaultMongodbUriKey = "mongodbUri"
DefaultMongoDbUri = "mongodb://qlik-default-mongodb:27017/qliksense?ssl=false"
DefaultMongoDbUriKey = "mongoDbUri"
)
// AddCommonConfig adds common configs into CRs
@@ -37,9 +37,10 @@ func (qliksenseCR *QliksenseCR) AddCommonConfig(contextName string) {
})
qliksenseCR.SetName(contextName)
qliksenseCR.Spec = &config.CRSpec{
Profile: QliksenseDefaultProfile,
Profile: QliksenseDefaultProfile,
RotateKeys: DefaultRotateKeys,
}
qliksenseCR.Spec.AddToSecrets("qliksense", DefaultMongodbUriKey, strings.Replace(DefaultMongodbUri, "qlik-default", contextName, 1), "")
qliksenseCR.Spec.AddToSecrets("qliksense", DefaultMongoDbUriKey, DefaultMongoDbUri, "")
}
// AddBaseQliksenseConfigs adds configs into config.yaml
@@ -95,7 +96,7 @@ func WriteToFile(content interface{}, targetFile string) error {
log.Println(err)
return err
}
LogDebugMessage("Wrote content into %s\n", targetFile)
LogDebugMessage("Wrote content into %s", targetFile)
return nil
}
@@ -108,7 +109,6 @@ func ReadFromFile(content interface{}, sourceFile string) error {
if e != nil {
return e
}
defer file.Close()
return ReadFromStream(content, file)
}

8
pkg/api/context_apis_test.go
View File

@@ -2,7 +2,6 @@ package api
import (
"reflect"
"strings"
"testing"
"github.com/qlik-oss/k-apis/pkg/config"
@@ -23,11 +22,12 @@ func TestAddCommonConfig(t *testing.T) {
q.SetName("myqliksense")
q.SetGroupVersionKind(gvk)
q.Spec = &config.CRSpec{
Profile: QliksenseDefaultProfile,
Profile: QliksenseDefaultProfile,
RotateKeys: DefaultRotateKeys,
Secrets: map[string]config.NameValues{
"qliksense": []config.NameValue{{
Name: DefaultMongodbUriKey,
Value: strings.Replace(DefaultMongodbUri, "qlik-default", "myqliksense", 1),
Name: DefaultMongoDbUriKey,
Value: DefaultMongoDbUri,
},
},
},

8
pkg/api/copy.go
View File

@@ -1,8 +0,0 @@
package api
import "github.com/otiai10/copy"
//copy source directory to destination
func CopyDirectory(source string, dest string) error {
return copy.Copy(source, dest)
}

108
pkg/api/copy_test.go
View File

@@ -1,108 +0,0 @@
package api
import (
"io/ioutil"
"os"
"path"
"path/filepath"
"regexp"
"testing"
kapis_git "github.com/qlik-oss/k-apis/pkg/git"
"sigs.k8s.io/kustomize/api/filesys"
"sigs.k8s.io/kustomize/api/konfig"
"sigs.k8s.io/kustomize/api/krusty"
"sigs.k8s.io/kustomize/api/types"
)
func TestCopyDirectory(t *testing.T) {
src, _ := ioutil.TempDir("", "")
f1, _ := ioutil.TempFile(src, "")
ioutil.TempFile(src, "")
dest, _ := ioutil.TempDir("", "")
CopyDirectory(src, dest)
if _, err := os.Lstat(filepath.Join(dest, filepath.Base(f1.Name()))); err != nil {
t.Log(err)
t.Fail()
}
}
func TestCopyDirectory_withGit_withKuz(t *testing.T) {
if testing.Short() {
t.Skip("Skipping in short test mode")
}
tmpDir1, err := ioutil.TempDir("", "")
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
defer os.RemoveAll(tmpDir1)
tmpDir2, err := ioutil.TempDir("", "")
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
defer os.RemoveAll(tmpDir2)
repoPath1 := path.Join(tmpDir1, "repo")
repo1, err := kapis_git.CloneRepository(repoPath1, "https://github.com/qlik-oss/qliksense-k8s", nil)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
if err := CopyDirectory(repoPath1, tmpDir2); err != nil {
t.Fatalf("unexpected error: %v", err)
}
repoPath2 := tmpDir2
repo2, err := kapis_git.OpenRepository(repoPath2)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
if err := kapis_git.Checkout(repo2, "v0.0.8", "", nil); err != nil {
t.Fatalf("unexpected error: %v", err)
}
repo2Manifest, err := kuz(path.Join(repoPath2, "manifests", "docker-desktop"))
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
if err := kapis_git.Checkout(repo1, "v0.0.8", "", nil); err != nil {
t.Fatalf("unexpected error: %v", err)
}
repo1Manifest, err := kuz(path.Join(repoPath1, "manifests", "docker-desktop"))
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
re, err := regexp.Compile(`name: qliksense-ca-certificates-[a-z]{5}`)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
repo1ManifestTweaked := re.ReplaceAllString(string(repo1Manifest), "name: qliksense-ca-certificates")
repo2ManifestTweaked := re.ReplaceAllString(string(repo2Manifest), "name: qliksense-ca-certificates")
if repo2ManifestTweaked != repo1ManifestTweaked {
t.Logf("manifest generated on the original config:\n%v", repo1ManifestTweaked)
t.Logf("manifest generated on the copied config:\n%v", repo2ManifestTweaked)
t.Fatal("expected manifests to be equal, but they were not")
}
}
func kuz(directory string) ([]byte, error) {
options := &krusty.Options{
DoLegacyResourceSort: false,
LoadRestrictions: types.LoadRestrictionsNone,
DoPrune: false,
PluginConfig: konfig.DisabledPluginConfig(),
}
k := krusty.MakeKustomizer(filesys.MakeFsOnDisk(), options)
resMap, err := k.Run(directory)
if err != nil {
return nil, err
}
return resMap.AsYaml()
}

23
pkg/api/docker_registry_secret.go
View File

@@ -1,6 +1,7 @@
package api
import (
"crypto/rsa"
"encoding/base64"
"encoding/json"
"errors"
@@ -26,14 +27,14 @@ func (kdcjt *k8sDockerConfigJsonType) GenerateAuth() {
}
type DockerConfigJsonSecret struct {
Name string
Uri string
Username string
Password string
Email string
Name string
Uri string
Username string
Password string
Email string
}
func (d *DockerConfigJsonSecret) ToYaml(encryptionKey string) ([]byte, error) {
func (d *DockerConfigJsonSecret) ToYaml(encryptionKey *rsa.PublicKey) ([]byte, error) {
k8sDockerConfigJson := k8sDockerConfigJsonType{
Username: d.Username,
Password: d.Password,
@@ -50,8 +51,8 @@ func (d *DockerConfigJsonSecret) ToYaml(encryptionKey string) ([]byte, error) {
return nil, err
}
var k8sDockerConfigJsonMapMaybeEncryptedBytes []byte
if encryptionKey != "" {
if k8sDockerConfigJsonMapMaybeEncryptedBytes, err = EncryptData(k8sDockerConfigJsonMapBytes, encryptionKey); err != nil {
if encryptionKey != nil {
if k8sDockerConfigJsonMapMaybeEncryptedBytes, err = Encrypt(k8sDockerConfigJsonMapBytes, encryptionKey); err != nil {
return nil, err
}
} else {
@@ -64,7 +65,7 @@ func (d *DockerConfigJsonSecret) ToYaml(encryptionKey string) ([]byte, error) {
Kind: "Secret",
},
ObjectMeta: metav1.ObjectMeta{
Name: d.Name,
Name: d.Name,
},
Type: v1.SecretTypeDockerConfigJson,
Data: map[string][]byte{
@@ -75,7 +76,7 @@ func (d *DockerConfigJsonSecret) ToYaml(encryptionKey string) ([]byte, error) {
return K8sSecretToYaml(k8sSecret)
}
func (d *DockerConfigJsonSecret) FromYaml(secretBytes []byte, decryptionKey string) error {
func (d *DockerConfigJsonSecret) FromYaml(secretBytes []byte, decryptionKey *rsa.PrivateKey) error {
k8sDockerConfigJsonMap := k8sDockerConfigJsonMapType{}
if k8sSecret, err := K8sSecretFromYaml(secretBytes); err != nil {
return err
@@ -85,7 +86,7 @@ func (d *DockerConfigJsonSecret) FromYaml(secretBytes []byte, decryptionKey stri
return errors.New("not a kubernetes.io/dockerconfigjson type")
} else if k8sDockerConfigJsonMapEncryptedBytes, ok := k8sSecret.Data[".dockerconfigjson"]; !ok {
return errors.New("secret data is missing a value for the .dockerconfigjson key")
} else if k8sDockerConfigJsonMapBytes, err := DecryptData(k8sDockerConfigJsonMapEncryptedBytes, decryptionKey); err != nil {
} else if k8sDockerConfigJsonMapBytes, err := Decrypt(k8sDockerConfigJsonMapEncryptedBytes, decryptionKey); err != nil {
return errors.New("secret data is missing a value for the .dockerconfigjson key")
} else if err := json.Unmarshal(k8sDockerConfigJsonMapBytes, &k8sDockerConfigJsonMap); err != nil {
return err

36
pkg/api/docker_registry_secret_test.go
View File

@@ -1,32 +1,34 @@
package api
import (
"crypto/rand"
"crypto/rsa"
"encoding/base64"
"encoding/json"
"fmt"
"reflect"
"testing"
"gopkg.in/yaml.v2"
"gopkg.in/yaml.v3"
)
func TestDockerConfigJsonSecret(t *testing.T) {
dockerConfigJsonSecret := DockerConfigJsonSecret{
Name: "some-name",
Uri: "some-uri",
Username: "some-username",
Password: "some-password",
Email: "some-email",
Name: "some-name",
Uri: "some-uri",
Username: "some-username",
Password: "some-password",
Email: "some-email",
}
dockerConfigJsonSecretFromYaml := DockerConfigJsonSecret{}
validYamlMap := map[string]interface{}{}
encryptionKey, err := GenerateKey()
privateKey, err := rsa.GenerateKey(rand.Reader, RSA_KEY_LENGTH)
if err != nil {
t.Fatalf("error generating RSA private key: %v\n", err)
}
dockerConfigJsonSecretYamlBytes, err := dockerConfigJsonSecret.ToYaml(encryptionKey)
dockerConfigJsonSecretYamlBytes, err := dockerConfigJsonSecret.ToYaml(&privateKey.PublicKey)
dockerConfigJsonMap := map[string]interface{}{}
if err != nil {
t.Fatalf("error converting secret to yaml: %v", err)
@@ -34,25 +36,25 @@ func TestDockerConfigJsonSecret(t *testing.T) {
t.Fatalf("error unmarshalling yaml string: %v, error: %v", string(dockerConfigJsonSecretYamlBytes), err)
} else if validYamlMap["apiVersion"] != "v1" ||
validYamlMap["kind"] != "Secret" ||
validYamlMap["metadata"].(map[interface {}]interface {})["name"] != dockerConfigJsonSecret.Name ||
validYamlMap["metadata"].(map[string]interface{})["name"] != dockerConfigJsonSecret.Name ||
validYamlMap["type"] != "kubernetes.io/dockerconfigjson" {
t.Fatalf("error verifying validity of secret yaml: %v", string(dockerConfigJsonSecretYamlBytes))
} else if dockerConfigJsonBytesBase64, ok := validYamlMap["data"].(map[interface {}]interface {})[".dockerconfigjson"]; !ok {
} else if dockerConfigJsonBytesBase64, ok := validYamlMap["data"].(map[string]interface{})[".dockerconfigjson"]; !ok {
t.Fatalf("no .dockerconfigjson data key in the secret yaml: %v", string(dockerConfigJsonSecretYamlBytes))
} else if dockerConfigJsonEncryptedBytes, err := base64.StdEncoding.DecodeString(dockerConfigJsonBytesBase64.(string)); err != nil {
t.Fatalf("error decoding dockerConfigJsonBytes from base64: %v", err)
} else if dockerConfigJsonBytes, err := DecryptData(dockerConfigJsonEncryptedBytes, encryptionKey); err != nil {
} else if dockerConfigJsonBytes, err := Decrypt(dockerConfigJsonEncryptedBytes, privateKey); err != nil {
t.Fatalf("error decrypting dockerConfigJsonBytes: %v", err)
} else if err := json.Unmarshal(dockerConfigJsonBytes, &dockerConfigJsonMap); err != nil {
t.Fatalf("error unmarshalling dockerConfigJson from json: %v", err)
} else if dockerConfigJson, ok := dockerConfigJsonMap["auths"].(map[string]interface {})[dockerConfigJsonSecret.Uri]; !ok {
} else if dockerConfigJson, ok := dockerConfigJsonMap["auths"].(map[string]interface{})[dockerConfigJsonSecret.Uri]; !ok {
t.Fatalf("dockerConfigJson map does not contain data for the registry: %v", dockerConfigJsonSecret.Uri)
} else if dockerConfigJson.(map[string]interface {})["username"] != dockerConfigJsonSecret.Username ||
dockerConfigJson.(map[string]interface {})["password"] != dockerConfigJsonSecret.Password ||
dockerConfigJson.(map[string]interface {})["email"] != dockerConfigJsonSecret.Email {
} else if dockerConfigJson.(map[string]interface{})["username"] != dockerConfigJsonSecret.Username ||
dockerConfigJson.(map[string]interface{})["password"] != dockerConfigJsonSecret.Password ||
dockerConfigJson.(map[string]interface{})["email"] != dockerConfigJsonSecret.Email {
t.Fatal("dockerConfigJson map does not contain expected values")
} else {
authBase64 := dockerConfigJson.(map[string]interface {})["auth"]
authBase64 := dockerConfigJson.(map[string]interface{})["auth"]
if auth, err := base64.StdEncoding.DecodeString(authBase64.(string)); err != nil {
t.Fatal("error base64 decoding auth value")
} else if string(auth) != fmt.Sprintf("%s:%s", dockerConfigJsonSecret.Username, dockerConfigJsonSecret.Password) {
@@ -61,7 +63,7 @@ func TestDockerConfigJsonSecret(t *testing.T) {
}
t.Logf("dockerConfigJsonSecretYaml: \n%v\n", string(dockerConfigJsonSecretYamlBytes))
if err := dockerConfigJsonSecretFromYaml.FromYaml(dockerConfigJsonSecretYamlBytes, encryptionKey); err != nil {
if err := dockerConfigJsonSecretFromYaml.FromYaml(dockerConfigJsonSecretYamlBytes, privateKey); err != nil {
t.Fatalf("error reading secret in from yaml: %v", err)
} else if !reflect.DeepEqual(dockerConfigJsonSecret, dockerConfigJsonSecretFromYaml) {
t.Fatalf("secret: %v does not equal secret: %v", dockerConfigJsonSecret, dockerConfigJsonSecretFromYaml)

188
pkg/api/encryption.go
View File

@@ -1,42 +1,58 @@
package api
import (
"crypto/aes"
"crypto/cipher"
"crypto/rand"
"encoding/hex"
"errors"
"crypto/rsa"
"crypto/x509"
"encoding/pem"
"fmt"
"io"
"io/ioutil"
"log"
"path/filepath"
)
const (
key_file_name = "user_secret_key"
RSA_KEY_LENGTH = 4096
QliksensePublicKey = "qliksensePub"
QliksensePrivateKey = "qliksensePriv"
)
// GenerateAndStoreSecretKey generates and stores key
func GenerateAndStoreSecretKey(secretsDir string) (string, error) {
// creating contexts/qlik-default/secrets/user_secret_key
keyFile := filepath.Join(secretsDir, key_file_name)
key, err := GenerateKey()
if err != nil {
return "", err
}
if err := writeContentToFile([]byte(key), keyFile); err != nil {
return "", err
}
return key, nil
// GenerateAndStoreSecretKeypair generates and stores key pairs
func GenerateAndStoreSecretKeypair(secretsPath string) error {
LogDebugMessage("%s exists", secretsPath)
// creating contexts/qlik-default/secrets/qliksensePub and contexts/qlik-default/secrets/qliksensePriv files
publicKeyFilePath := filepath.Join(secretsPath, QliksensePublicKey)
privateKeyFilePath := filepath.Join(secretsPath, QliksensePrivateKey)
LogDebugMessage("Generating public-private key pair.....")
GenerateRSAEncryptionKeys(publicKeyFilePath, privateKeyFilePath)
LogDebugMessage("Generated public-private key pairs")
return nil
}
func LoadSecretKey(secretsDir string) (string, error) {
keyFile := filepath.Join(secretsDir, key_file_name)
by, err := ioutil.ReadFile(keyFile)
// GenerateRSAEncryptionKeys is used to generate a new public-private key pair
func GenerateRSAEncryptionKeys(publicKeyFilePath, privateKeyFilePath string) error {
LogDebugMessage("Generating new RSA key pair")
privateKey, err := rsa.GenerateKey(rand.Reader, RSA_KEY_LENGTH)
if err != nil {
return "", err
log.Printf("error generating RSA private key: %v\n", err)
return err
}
return string(by), nil
privateKeyPEM := EncodePrivateKey(privateKey)
if err := writeContentToFile(privateKeyPEM, privateKeyFilePath); err != nil {
return err
}
pubKeyPEM, err2 := EncodePublicKey(&privateKey.PublicKey)
if err2 != nil {
log.Printf("error occurred when encoding public key: %v\n", err2)
return err2
}
if err := writeContentToFile(pubKeyPEM, publicKeyFilePath); err != nil {
return err
}
return nil
}
// writeContentToFile writes keys to a file
@@ -49,54 +65,104 @@ func writeContentToFile(keyData []byte, fileName string) error {
return nil
}
func GenerateKey() (string, error) {
salt := make([]byte, 32)
if _, err := rand.Read(salt); err != nil {
return "", err
// Encrypt encrypts data with public key
func Encrypt(pt []byte, pub *rsa.PublicKey) ([]byte, error) {
//hash := sha512.New()
//ct, err := rsa.EncryptOAEP(hash, rand.Reader, pub, pt, nil)
ct, err := rsa.EncryptPKCS1v15(rand.Reader, pub, pt)
if err != nil {
log.Println(err)
return nil, err
}
s := fmt.Sprintf("%x", salt)
return s, nil
return ct, nil
}
func EncryptData(plaintext []byte, userKey string) ([]byte, error) {
key, _ := hex.DecodeString(userKey)
block, err := aes.NewCipher(key)
// Decrypt decrypts data with private key
func Decrypt(ct []byte, priv *rsa.PrivateKey) ([]byte, error) {
// hash := sha512.New()
// plaintext, err := rsa.DecryptOAEP(hash, rand.Reader, priv, ciphertext, nil)
pt, err := rsa.DecryptPKCS1v15(rand.Reader, priv, ct)
if err != nil {
log.Println(err)
return nil, err
}
aesgcm, err := cipher.NewGCM(block)
if err != nil {
return nil, err
}
nonce := make([]byte, aesgcm.NonceSize())
if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
return nil, err
}
return aesgcm.Seal(nonce, nonce, plaintext, nil), nil
return pt, nil
}
func DecryptData(ciphertext []byte, userKey string) ([]byte, error) {
key, _ := hex.DecodeString(userKey)
block, err := aes.NewCipher(key)
// EncodePrivateKey private key to bytes
func EncodePrivateKey(priv *rsa.PrivateKey) []byte {
privBytes := pem.EncodeToMemory(
&pem.Block{
Type: "RSA PRIVATE KEY",
Bytes: x509.MarshalPKCS1PrivateKey(priv),
},
)
return privBytes
}
// EncodePublicKey public key to bytes
func EncodePublicKey(pub *rsa.PublicKey) ([]byte, error) {
pubASN1, err := x509.MarshalPKIXPublicKey(pub)
if err != nil {
log.Println(err)
return nil, err
}
aesgcm, err := cipher.NewGCM(block)
if err != nil {
return nil, err
}
nonceSize := aesgcm.NonceSize()
if len(ciphertext) < nonceSize {
return nil, errors.New("ciphertext too short")
}
nonce, ciphertext := ciphertext[:nonceSize], ciphertext[nonceSize:]
plaintext, err := aesgcm.Open(nil, nonce, ciphertext, nil)
if err != nil {
return nil, err
}
return plaintext, nil
pubBytes := pem.EncodeToMemory(&pem.Block{
Type: "RSA PUBLIC KEY",
Bytes: pubASN1,
})
return pubBytes, nil
}
// DecodeToPrivateKey bytes to private key
func DecodeToPrivateKey(priv []byte) (*rsa.PrivateKey, error) {
block, _ := pem.Decode(priv)
enc := x509.IsEncryptedPEMBlock(block)
b := block.Bytes
var err error
if enc {
log.Println("is encrypted pem block")
b, err = x509.DecryptPEMBlock(block, nil)
if err != nil {
log.Println(err)
return nil, err
}
}
key, err := x509.ParsePKCS1PrivateKey(b)
if err != nil {
log.Println(err)
return nil, err
}
return key, nil
}
// DecodeToPublicKey bytes to public key
func DecodeToPublicKey(pub []byte) (*rsa.PublicKey, error) {
block, _ := pem.Decode(pub)
enc := x509.IsEncryptedPEMBlock(block)
b := block.Bytes
var err error
if enc {
log.Println("is encrypted pem block")
b, err = x509.DecryptPEMBlock(block, nil)
if err != nil {
log.Println(err)
return nil, err
}
}
iface, err := x509.ParsePKIXPublicKey(b)
if err != nil {
log.Println(err)
return nil, err
}
key, ok := iface.(*rsa.PublicKey)
if !ok {
err := fmt.Errorf("Unable to decode public key")
log.Println(err)
return nil, err
}
return key, nil
}

139
pkg/api/encryption_test.go
View File

@@ -1,29 +1,128 @@
package api
import (
"encoding/base64"
"log"
"os"
"testing"
)
func Test_encrypt_decrypt(t *testing.T) {
key, err := GenerateKey()
if err != nil {
t.Log(err)
t.FailNow()
func Test_generateRSAEncryptionKeys(t *testing.T) {
tests := []struct {
name string
wantErr bool
}{
{
name: "valid case",
wantErr: false,
},
}
testData := "this is a secret value"
enc, err := EncryptData([]byte(testData), key)
if err != nil {
t.Log(err)
t.FailNow()
}
dec, err := DecryptData(enc, key)
if err != nil {
t.Log(err)
t.FailNow()
}
if testData != string(dec) {
t.Log("expected: " + testData)
t.Log("actual: " + string(dec))
t.Fail()
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if err := GenerateAndStoreSecretKeypair(os.TempDir()); (err != nil) != tt.wantErr {
t.Errorf("generateRSAEncryptionKeys() error = %v, wantErr %v", err, tt.wantErr)
}
})
}
}
func Test_encryption_decryption(t *testing.T) {
privKeyBytes := []byte(`-----BEGIN RSA PRIVATE KEY-----
MIIJJwIBAAKCAgEAwUCimKCidbF3UxEHPy8K+hvhklRB9JYhj5sJy0if4lTVibkK
1MrYCykOnmC40pPU9GLY1b8HxAg9tvyRn0YHUxOra6vVQaVcOVJhTM8D18d+lSr3
Lp1yiX+UGT4nzWI9+R1CCbwXrqeQVoZs6QZKynEXMkFI9/wNMOwPOvQFOSTuoEoC
O+zyTyUWEkNbUq825ELUQdIsjgmlWUOONudxsAr7ESRXW9QTHVh6uWmr3VRKZHby
1JdU3I/wjdlGg5M2dDuXy5nQO9w/nYLjJXiw+zzOetZ/+t7/VOkOpNTeJQhwTM1W
F7Y2VLetbi9FHgyzHatrduh07+XEiTbgDf3GIx2bp2p6oh0G3N2zpiLcK/aZj8ro
uWWydfFfsU3MZ4FfJDP8I6b9awxjmKYqIr6hiPQCJaLBED8mwK+I5evIbnKv6E6u
K+BApWA/R7ElragoFYbqQ1VpvntVMtJt9Dy5ZrI+IQARdXD3bb34oh0IPBhClnvv
MUc1cWxDoXEX6oJ4I+LzxE87Zkwnan9qOwengolMVKFwPx1o37qrbmrXID21kKt7
FL6xN4HxHLkItr1fKzdyWDFRHgASTAWfx5BIwvPuUW0vZHkvO80VyV2L63whVhPn
PASmFkbviomrBttYfpr2aGQqF/qR1Nlxe834MFxk1pS9LMa/WnzvFr0gWakCAwEA
AQKCAgARSp9B2N2wejibDiL/3E23I1eDqFZedDB8kPrHXbAwqDaTJCN79spt9TaB
pVXkQaYEV/Pe7EDdoX8kKGU/QxzUqiXkdHOYdBtUZbKfFMbbP9ZrsnR7j0r4UpoF
yDH3hprU93E5PcNAtW2M0GpeT1nR01yn+n908PCdOAIE3GC7RDq1zOl2QzVLL55R
9ATv2Q2oTvJ/ETc7XlGVMx4+e2cIwXLFjeLjLI6pSYlxnarrGuetJZeEviWxto9n
odFVZI6yx8JFTXX8ZTCr/1IjwDDVyhMPmrHI2Lsv9cqBpSpbVe32cUkKxhsGaYjz
GvesQKamOPhco2ATNxPm0yopFlPsGKMfVl0BK0J6BqFh1BvU/SYJmXfnFuUNO3vV
4u2Saa0q1iddxV0rXDwIqUfn+S6rwzK0G7y8bH2yvpB2VwiG3TFPnULep4wsefNq
Fj92kqFBjacGpQLEEslUY0CMgeZ2+NuBQSUTscP3wBRsottMR6YXJtINdvfHBx+e
EcN71z8D00w3mYqIQ7qb4Ml6HOqknunn58g43L9sACMUMTlEBXa9pUnScNYgWBAz
W2q2mH37cIydM2JRZPpA8B4yTHt5ugJmChwyNFM7941arjKrebH+6AzLkofGedOP
zg+vZQuPEXWs+3MBBnkWoyJW3Y0fbQdjsuQTtnd+7iyoxoBroQKCAQEA4dIiFlIS
MDfRhQQWSiDvaw9aneDEJ3uo63ZRH5tm/IynLgtjYgEm/ZxlBCQgqRKLYELBxhu8
SaF0uPK8pmpFJt0mIwSlsdeVhuE2obQeKUCczaqrKeaHS3PdWLjTlwph81BGRkHy
qfqtNylyyMxrdEbnR51EtsWgFq6anTUAui1Q09JMuMNZRMOzDs1F4gExgD22rc0V
c9YQ+jHJRxBGtNKMpMEqc8cvaxBidbItrN9SMTSWog7uYPBuEuaJ6K9vpgyJMOzJ
SYcQEFGqgIqIDCg+ABE4d/4YROMKZ1DV/bJCind9brUHSx6XALsF0nC5c1Q9TnUL
qI2khOwts4KYKwKCAQEA2xRC6Az97Vkdzu7BjLJ1FKmx4S2nEEgVS12ds82U+5Xf
BHKAJnjqlqmmpzzJG+d77IYktz0+mey1QCNkqlm2fhuKs8LZMnpZRf0l8VcoBsUP
/xKz7wfiE7RRFZtLJhPp4hhe43GzX5/JFMWMnC6UykwQbj4t1E/GNM/Suqwvg12M
wktAJ6nqLgfhjQSO4xWo+nPzcbX+fNtrPCZVrBhYXihhcwRRNImWUCGJ6J4LMdPY
Y9Z59qhOvE9cReH/Xw1av46omyiSyAqlgPyZ/kzA2IJSqYCjiQR/2+RD/g13jpcJ
jatXLVZ8MJSL5OTS40G/HHTNNpNHbKKh0GOyxBA3ewKCAQBAn8UXhCcmW2L/YPsL
/b7mcX9qPP+FmRLvR23R0MQ5M/tH5wRq8I969n3GIJykJeVzB8eybQ+GNslTgEvS
iAkAJTubu+G7MkndTqg2wHf9MDtvdA8Fr646Po8yq7oJuHPtkKR7yLWsRUu6xIbP
xgheP0hCq1QVxhqZQyCGKrvpi7xc0gsYuPbcAfFFJCOCmPrUi1SzCkTAYJt9LjA+
wP6rErIjGBCRD4iXaBn1OqdtmH9KC5WsDP/VCBlIGWeQCly2NVIxiSHVg+xp7yUP
IhXq/L05gbQaSsIhPKQmivCiaJg4The8TdwneDqYf+0bmxzHT203/bD3bImPbJNr
ksz/AoIBAEwu4Y1cZzkQUmNRd5D7xecnk6ngfEYXKwCIT3zlMrfCSEl9n77BMaKu
4Dsr0iuX9eosQ7xM2eYhAG6LYEg05lc4MKWOToVVMpI6E+W3Dz47bPKgiF3I+f8s
Jz5CQIG/TwfGvciOE3hfUkec4ua09BzdEqGjkcBQ9XYMBxXPJr6h2379OBQS7FKR
fwfQ2/dv4tElXTTfut2kV8gU9Jnh5Wjo1epvR+XjKpg28YQo4W+0YX1magcyRB8L
4eSTUIC3XiVa8Jr0IwbZXPBb5xkdi7o+p4w2JahSHjxTRqmj+T1mnHXdbXVgq9Mg
9Pzl7cgFZvX4UBx4XtASRf73jITNtt0CggEADH9K+O7FrIOSQly0sMvsRCMtejp3
o+MDh1Q+vEg2kEgNXjS4ZFVljUpM2kg1OdUz7feS4dLXUJiIQ8ZWtZPedcq7wjHd
02he5+s06l0jPifN3tX1ADfXGpXg5R2fbkrIzakkPP5/RO/aDxIUo7qhklNsVTXO
VlGGfWLdk0ekA4upKm02Q1+YOlbIcAicEYYY8K7IffUwnohzKwL9yfuGi1VKTXpE
4fzdegsHI03FSqR7V+LvtBpIupQ7RO4kuBmCEyI4E9FVknchg4te4gO3qwd9y0rJ
Gu7HNIOrwOHzviI7J6Nd/l9MmeKqklHSgJvko/f5TmiXuQQ8xDZf84rcjQ==
-----END RSA PRIVATE KEY-----
`)
publicKeyBytes := []byte(`-----BEGIN RSA PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwUCimKCidbF3UxEHPy8K
+hvhklRB9JYhj5sJy0if4lTVibkK1MrYCykOnmC40pPU9GLY1b8HxAg9tvyRn0YH
UxOra6vVQaVcOVJhTM8D18d+lSr3Lp1yiX+UGT4nzWI9+R1CCbwXrqeQVoZs6QZK
ynEXMkFI9/wNMOwPOvQFOSTuoEoCO+zyTyUWEkNbUq825ELUQdIsjgmlWUOONudx
sAr7ESRXW9QTHVh6uWmr3VRKZHby1JdU3I/wjdlGg5M2dDuXy5nQO9w/nYLjJXiw
+zzOetZ/+t7/VOkOpNTeJQhwTM1WF7Y2VLetbi9FHgyzHatrduh07+XEiTbgDf3G
Ix2bp2p6oh0G3N2zpiLcK/aZj8rouWWydfFfsU3MZ4FfJDP8I6b9awxjmKYqIr6h
iPQCJaLBED8mwK+I5evIbnKv6E6uK+BApWA/R7ElragoFYbqQ1VpvntVMtJt9Dy5
ZrI+IQARdXD3bb34oh0IPBhClnvvMUc1cWxDoXEX6oJ4I+LzxE87Zkwnan9qOwen
golMVKFwPx1o37qrbmrXID21kKt7FL6xN4HxHLkItr1fKzdyWDFRHgASTAWfx5BI
wvPuUW0vZHkvO80VyV2L63whVhPnPASmFkbviomrBttYfpr2aGQqF/qR1Nlxe834
MFxk1pS9LMa/WnzvFr0gWakCAwEAAQ==
-----END RSA PUBLIC KEY-----
`)
origStr := "Value1234"
pubKey, err := DecodeToPublicKey(publicKeyBytes)
if err != nil {
t.Error(err)
t.FailNow()
}
privKey, err := DecodeToPrivateKey(privKeyBytes)
if err != nil {
t.Error(err)
t.FailNow()
}
encData, err := Encrypt([]byte(origStr), pubKey)
if err != nil {
t.Error(err)
t.FailNow()
}
encDataStr := base64.StdEncoding.EncodeToString(encData)
log.Println("Encoded text:", encDataStr)
dec, _ := base64.StdEncoding.DecodeString(encDataStr)
data, err := Decrypt(dec, privKey)
if err != nil {
t.Error(err)
t.FailNow()
}
if string(data) != origStr {
t.Error("original string and decrypted string don't match")
t.FailNow()
}
}

22
pkg/api/kubectl.go
View File

@@ -9,26 +9,18 @@ import (
"strings"
)
// KubectlApply create resources in the provided namespace,
// KubectlApply create resoruces in the provided namespace,
// if namespace="" then use whatever the kubectl default is
func KubectlApply(manifests, namespace string) error {
return kubectlOperation(manifests, "apply", namespace)
}
func KubectlApplyVerbose(manifests, namespace string, verbose bool) error {
return kubectlOperationVerbose(manifests, "apply", namespace, verbose)
}
// KubectlDelete delete resources in the provided namespace,
// KubectlDelete delete resoruces in the provided namespace,
// if namespace="" then use whatever the kubectl default is
func KubectlDelete(manifests, namespace string) error {
return kubectlOperation(manifests, "delete", namespace)
}
func KubectlDeleteVerbose(manifests, namespace string, verbose bool) error {
return kubectlOperationVerbose(manifests, "delete", namespace, verbose)
}
func GetKubectlNamespace() string {
namespace := ""
cmd := exec.Command("kubectl", "config", "current-context")
@@ -69,10 +61,6 @@ func SetKubectlNamespace(ns string) {
}
func kubectlOperation(manifests string, oprName string, namespace string) error {
return kubectlOperationVerbose(manifests, oprName, namespace, true)
}
func kubectlOperationVerbose(manifests string, oprName string, namespace string, verbose bool) error {
tempYaml, err := ioutil.TempFile("", "")
if err != nil {
fmt.Println("cannot create file ", err)
@@ -100,16 +88,12 @@ func kubectlOperationVerbose(manifests string, oprName string, namespace string,
}
sterrBuffer := &bytes.Buffer{}
stoutBuffer := &bytes.Buffer{}
cmd.Stdout = stoutBuffer
cmd.Stdout = os.Stdout
cmd.Stderr = sterrBuffer
err = cmd.Run()
if err != nil {
return fmt.Errorf("kubectl %v failed with: %v, %v, temp k8s yaml file:%v\n", oprName, err, sterrBuffer.String(), tempYaml.Name())
}
if verbose {
fmt.Println(stoutBuffer.String())
}
os.Remove(tempYaml.Name())
return nil
}

138
pkg/api/preflight_apis_test.go
View File

@@ -1,138 +0,0 @@
package api
import (
"fmt"
"io/ioutil"
"os"
"path"
"testing"
)
func Test_Initalize(t *testing.T) {
testCases := []struct {
name string
validate func(t *testing.T, tempDir string)
}{
{
name: "without account for imageRegistry",
validate: func(t *testing.T, tempDir string) {
preflightConfig := NewPreflightConfig(tempDir)
imageName, err := preflightConfig.GetImageName("test", false)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
if imageName != "testimage" {
t.Fatalf("expected image name: testimage, got: %v", imageName)
}
},
},
{
name: "with account for configured imageRegistry",
validate: func(t *testing.T, tempDir string) {
registry := "registryFoo"
setupQliksenseTestDefaultContext(t, tempDir, fmt.Sprintf(`
apiVersion: qlik.com/v1
kind: Qliksense
metadata:
name: qlik-default
spec:
configs:
qliksense:
- name: imageRegistry
value: %v
`, registry))
preflightConfig := NewPreflightConfig(tempDir)
imageName, err := preflightConfig.GetImageName("test", true)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
expectedImageName := fmt.Sprintf("%v/testimage", registry)
if imageName != expectedImageName {
t.Fatalf("expected image name: %v, got: %v", expectedImageName, imageName)
}
},
},
{
name: "with account for un-configured imageRegistry",
validate: func(t *testing.T, tempDir string) {
setupQliksenseTestDefaultContext(t, tempDir, `
apiVersion: qlik.com/v1
kind: Qliksense
metadata:
name: qlik-default
spec:
configs:
qliksense:
- name: something
value: other
`)
preflightConfig := NewPreflightConfig(tempDir)
imageName, err := preflightConfig.GetImageName("test", true)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
expectedImageName := "testimage"
if imageName != expectedImageName {
t.Fatalf("expected image name: %v, got: %v", expectedImageName, imageName)
}
},
},
}
for _, testCase := range testCases {
t.Run(testCase.name, func(t *testing.T) {
tempDir, err := ioutil.TempDir("", "")
if err != nil {
t.Fatal(err)
}
defer os.RemoveAll(tempDir)
setupPreflightConfig(t, tempDir)
testCase.validate(t, tempDir)
})
}
}
func setupPreflightConfig(t *testing.T, tempDir string) {
pf := NewPreflightConfig(tempDir)
if err := pf.Initialize(); err != nil {
t.Fatal(err)
}
p := &PreflightConfig{
QliksenseHomePath: tempDir,
}
if err := ReadFromFile(p, pf.GetConfigFilePath()); err != nil {
t.Fatal(err)
}
if p.GetMinK8sVersion() != "1.15" {
t.Fatalf("expected k8 version: 1.15, but got " + p.GetMinK8sVersion())
}
p.AddImage("test", "testimage")
if err := p.Write(); err != nil {
t.Fatal(err)
}
}
func setupQliksenseTestDefaultContext(t *testing.T, tmpQlikSenseHome, CR string) {
if err := ioutil.WriteFile(path.Join(tmpQlikSenseHome, "config.yaml"), []byte(`
apiVersion: config.qlik.com/v1
kind: QliksenseConfig
metadata:
name: QliksenseConfigMetadata
spec:
contexts:
- name: qlik-default
crFile: contexts/qlik-default/qlik-default.yaml
currentContext: qlik-default
`), os.ModePerm); err != nil {
t.Fatalf("unexpected error: %v", err)
}
defaultContextDir := path.Join(tmpQlikSenseHome, "contexts", "qlik-default")
if err := os.MkdirAll(defaultContextDir, os.ModePerm); err != nil {
t.Fatalf("unexpected error: %v", err)
}
if err := ioutil.WriteFile(path.Join(defaultContextDir, "qlik-default.yaml"), []byte(CR), os.ModePerm); err != nil {
t.Fatalf("unexpected error: %v", err)
}
}

58
pkg/api/utils.go
View File

@@ -4,7 +4,6 @@ import (
"archive/tar"
"archive/zip"
"compress/gzip"
b64 "encoding/base64"
"fmt"
"io"
"io/ioutil"
@@ -24,7 +23,7 @@ func checkExists(filename string) os.FileInfo {
if os.IsNotExist(err) {
return nil
}
LogDebugMessage("File exists\n")
LogDebugMessage("File exists")
return info
}
@@ -47,7 +46,7 @@ func DirExists(dirname string) bool {
// LogDebugMessage logs a debug message
func LogDebugMessage(strMessage string, args ...interface{}) {
if os.Getenv("QLIKSENSE_DEBUG") == "true" {
fmt.Printf(strMessage, args...)
log.Printf(strMessage, args...)
}
}
@@ -63,63 +62,32 @@ func ReadKeys(keyFile string) ([]byte, error) {
}
// ProcessConfigArgs processes args and returns an service, key, value slice
func ProcessConfigArgs(args []string, base64Encoded bool) ([]*ServiceKeyValue, error) {
func ProcessConfigArgs(args []string) ([]*ServiceKeyValue, error) {
// prepare received args
// split args[0] into key and value
if len(args) == 0 {
err := fmt.Errorf("No args were provided. Please provide args to configure the current context")
return nil, err
}
notValidErr := fmt.Errorf("Please provide valid args for this command")
resultSvcKV := make([]*ServiceKeyValue, len(args))
// qliksense.mongodb=somethig
re1 := regexp.MustCompile(`([\w\-]{1,}).([\w\-]{1,})=("*[\w\-?=_/:0-9\.]+"*)`)
for i, arg := range args {
LogDebugMessage("Arg received: %s\n", arg)
first := strings.SplitN(arg, "=", 2)
if len(first) != 2 {
return nil, notValidErr
}
svcKey := getSvcAndKey(first[0])
if len(svcKey) != 2 {
return nil, notValidErr
}
resultValue := strings.Trim(first[1], "\"")
if base64Encoded {
if decodeByte, err := b64.StdEncoding.DecodeString(resultValue); err != nil {
return nil, err
} else {
resultValue = strings.Trim(string(decodeByte), "\n ")
}
LogDebugMessage("Arg received: %s", arg)
result := re1.FindStringSubmatch(arg)
// check if result array's length is == 4 (index 0 - is the full match & indices 1,2,3- are the fields we need)
if len(result) != 4 {
err := fmt.Errorf("Please provide valid args for this command")
return nil, err
}
resultSvcKV[i] = &ServiceKeyValue{
SvcName: svcKey[0],
Key: svcKey[1],
Value: resultValue,
SvcName: result[1],
Key: result[2],
Value: strings.ReplaceAll(result[3], `"`, ""),
}
}
return resultSvcKV, nil
}
// input should be svc[key]
func getSvcAndKey(arg string) []string {
// for key
re := regexp.MustCompile(`\[(.*)\]`)
// for service
re2 := regexp.MustCompile(`(.*)\[`)
keys := re.FindStringSubmatch(arg)
svcs := re2.FindStringSubmatch(arg)
if len(svcs) != 2 || len(keys) != 2 {
return strings.SplitN(arg, ".", 2)
}
if svcs[1] == "" || keys[1] == "" {
return []string{}
}
return []string{svcs[1], keys[1]}
}
func ExecuteTaskWithBlinkingStdoutFeedback(task func() (interface{}, error), feedback string) (result interface{}, err error) {
taskDone := make(chan bool)
go func() {

30
pkg/api/utils_test.go
View File

@@ -11,12 +11,11 @@ func TestProcessConfigArgs(t *testing.T) {
"test-dash.dash-key=value-dash",
"test-dot.dot-key=127.0.0.1",
"test123.key123=value123",
"test-equal.keyequal=newvalue=@hj",
}
expectedKeys := []string{"mongodb", "test", "dash-key", "dot-key", "key123", "keyequal"}
expectedValue := []string{"mongouri://something?ffall", "value_under", "value-dash", "127.0.0.1", "value123", "newvalue=@hj"}
exppectedSvc := []string{"qliksense", "test_under", "test-dash", "test-dot", "test123", "test-equal"}
sv, err := ProcessConfigArgs(args, false)
expectedKeys := []string{"mongodb", "test", "dash-key", "dot-key", "key123"}
expectedValue := []string{"mongouri://something?ffall", "value_under", "value-dash", "127.0.0.1", "value123"}
exppectedSvc := []string{"qliksense", "test_under", "test-dash", "test-dot", "test123"}
sv, err := ProcessConfigArgs(args)
if err != nil {
t.Log(err)
t.FailNow()
@@ -45,24 +44,3 @@ func contains(arr []string, str string) bool {
}
return false
}
func TestGetSvcAndKey(t *testing.T) {
s1 := "qliksense[tls.cert]"
sa := getSvcAndKey(s1)
if sa[0] != "qliksense" || sa[1] != "tls.cert" {
t.Fail()
t.Logf("expected service: qliksense but got %s", sa[0])
t.Logf("expected key: tls.cert but got %s", sa[1])
}
s1 = "qliksense-idps.tls"
sa = getSvcAndKey(s1)
for _, s := range sa {
t.Logf("|%s|", s)
}
if sa[0] != "qliksense-idps" || sa[1] != "tls" {
t.Fail()
t.Logf("expected service: qliksense-idps but got %s", sa[0])
t.Logf("expected key: tls but got %s", sa[1])
}
}

31
pkg/postflight/all_postflight_checks.go
View File

@@ -1,31 +0,0 @@
package postflight
import (
"fmt"
. "github.com/logrusorgru/aurora"
ansi "github.com/mattn/go-colorable"
"github.com/pkg/errors"
)
func (qp *QliksensePostflight) RunAllPostflightChecks(namespace string, kubeConfigContents []byte, preflightOpts *PostflightOptions) error {
checkCount := 0
totalCount := 0
out := ansi.NewColorableStdout()
// Postflight db migration check
if err := qp.DbMigrationCheck(namespace, kubeConfigContents); err != nil {
fmt.Fprintf(out, "%s\n", Red("FAILED"))
fmt.Printf("Error: %v\n\n", err)
} else {
fmt.Fprintf(out, "%s\n\n", Green("PASSED"))
checkCount++
}
totalCount++
if checkCount == totalCount {
// All postflight checks were successful
return nil
}
return errors.New("1 or more postflight checks have FAILED")
}

74
pkg/postflight/db_migration_check.go
View File

@@ -1,74 +0,0 @@
package postflight
import (
"fmt"
"strings"
"github.com/qlik-oss/sense-installer/pkg/api"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
const initContainerNameToCheck = "migration"
func (p *QliksensePostflight) DbMigrationCheck(namespace string, kubeConfigContents []byte) error {
fmt.Printf("Postflight db migration check... \n")
p.CG.LogVerboseMessage("\n----------------------------------- \n")
clientset, _, err := p.CG.GetK8SClientSet(kubeConfigContents, "")
if err != nil {
err = fmt.Errorf("unable to create a kubernetes client: %v", err)
fmt.Printf("%s\n", err)
return err
}
var logsMap map[string]string
// Retrieve all deployments
p.CG.LogVerboseMessage("Retrieving logs from deployments\n")
deploymentsClient := clientset.AppsV1().Deployments(namespace)
deployments, err := deploymentsClient.List(v1.ListOptions{})
api.LogDebugMessage("Number of deployments found: %d\n", deployments.Size())
for _, deployment := range deployments.Items {
api.LogDebugMessage("Deployment name: %s\n", deployment.GetName())
if logsMap, err = p.CG.GetPodsAndPodLogsFromFailedInitContainer(clientset, deployment.Spec.Template.Labels, namespace, initContainerNameToCheck); err != nil {
fmt.Printf("%s\n", err)
return err
}
p.filterLogsForErrors(logsMap, namespace)
}
// retrieve all statefulsets
p.CG.LogVerboseMessage("Retrieving logs from statefulsets\n")
statefulsetsClient := clientset.AppsV1().StatefulSets(namespace)
statefulsets, err := statefulsetsClient.List(v1.ListOptions{})
api.LogDebugMessage("Number of statefulsets found: %d\n", statefulsets.Size())
for _, statefulset := range statefulsets.Items {
api.LogDebugMessage("Statefulset name: %s\n", statefulset.GetName())
if logsMap, err = p.CG.GetPodsAndPodLogsFromFailedInitContainer(clientset, statefulset.Spec.Template.Labels, namespace, initContainerNameToCheck); err != nil {
fmt.Printf("%s\n", err)
return err
}
p.filterLogsForErrors(logsMap, namespace)
}
return nil
}
func (p *QliksensePostflight) filterLogsForErrors(logsMap map[string]string, namespace string) {
errorLogsPresent := false
for podName, podLog := range logsMap {
containerLogs := strings.Split(podLog, "\n")
if len(containerLogs) > 0 {
for _, logLine := range containerLogs {
if strings.Contains(strings.ToLower(logLine), "error") {
errorLogsPresent = true
fmt.Printf("Logs from pod: %s\n%s\n", podName, logLine)
}
}
if errorLogsPresent {
fmt.Printf("To view more logs in this context, please run the command: kubectl logs -n %s %s %s\n", namespace, podName, initContainerNameToCheck)
}
} else {
fmt.Printf("no logs obtained\n\n")
}
}
}

16
pkg/postflight/postflight_utils.go
View File

@@ -1,16 +0,0 @@
package postflight
import (
"github.com/qlik-oss/sense-installer/pkg/api"
"github.com/qlik-oss/sense-installer/pkg/qliksense"
)
type PostflightOptions struct {
Verbose bool
}
type QliksensePostflight struct {
Q *qliksense.Qliksense
P *PostflightOptions
CG *api.ClientGoUtils
}

106
pkg/preflight/all_checks.go
View File

@@ -2,120 +2,96 @@ package preflight
import (
"fmt"
. "github.com/logrusorgru/aurora"
ansi "github.com/mattn/go-colorable"
"github.com/pkg/errors"
)
func (qp *QliksensePreflight) RunAllPreflightChecks(kubeConfigContents []byte, namespace string, preflightOpts *PreflightOptions) error {
checkCount := 0
totalCount := 0
func (qp *QliksensePreflight) RunAllPreflightChecks(namespace string, kubeConfigContents []byte, mongodbUrl string) {
out := ansi.NewColorableStdout()
checkCount := 0
// Preflight minimum kuberenetes version check
fmt.Printf("\nPreflight kubernetes minimum version check\n")
fmt.Println("------------------------------------------")
if err := qp.CheckK8sVersion(namespace, kubeConfigContents); err != nil {
fmt.Fprintf(out, "%s\n", Red("FAILED"))
fmt.Printf("Error: %v\n\n", err)
fmt.Printf("Preflight kubernetes minimum version check: FAILED\n")
} else {
fmt.Fprintf(out, "%s\n\n", Green("PASSED"))
checkCount++
}
totalCount++
// Preflight deployment check
if err := qp.CheckDeployment(namespace, kubeConfigContents, false); err != nil {
fmt.Fprintf(out, "%s\n", Red("FAILED"))
fmt.Printf("Error: %v\n\n", err)
fmt.Printf("\nPreflight deployment check\n")
fmt.Println("--------------------------")
if err := qp.CheckDeployment(namespace, kubeConfigContents); err != nil {
fmt.Printf("Preflight deployment check: FAILED\n")
} else {
fmt.Fprintf(out, "%s\n\n", Green("PASSED"))
checkCount++
}
totalCount++
// Preflight service check
if err := qp.CheckService(namespace, kubeConfigContents, false); err != nil {
fmt.Fprintf(out, "%s\n", Red("FAILED"))
fmt.Printf("Error: %v\n\n", err)
fmt.Printf("\nPreflight service check\n")
fmt.Println("-----------------------")
if err := qp.CheckService(namespace, kubeConfigContents); err != nil {
fmt.Printf("Preflight service check: FAILED\n")
} else {
fmt.Fprintf(out, "%s\n\n", Green("PASSED"))
checkCount++
}
totalCount++
// Preflight pod check
if err := qp.CheckPod(namespace, kubeConfigContents, false); err != nil {
fmt.Fprintf(out, "%s\n", Red("FAILED"))
fmt.Printf("Error: %v\n\n", err)
fmt.Printf("\nPreflight pod check\n")
fmt.Println("-----------------------")
if err := qp.CheckPod(namespace, kubeConfigContents); err != nil {
fmt.Printf("Preflight pod check: FAILED\n")
} else {
fmt.Fprintf(out, "%s\n\n", Green("PASSED"))
checkCount++
}
totalCount++
// Preflight role check
if err := qp.CheckCreateRole(namespace, false); err != nil {
fmt.Fprintf(out, "%s\n", Red("FAILED"))
fmt.Printf("Error: %v\n\n", err)
fmt.Printf("\nPreflight role check\n")
fmt.Println("--------------------------")
if err := qp.CheckCreateRole(namespace); err != nil {
fmt.Printf("Preflight role check: FAILED\n")
} else {
fmt.Fprintf(out, "%s\n\n", Green("PASSED"))
checkCount++
}
totalCount++
// Preflight rolebinding check
if err := qp.CheckCreateRoleBinding(namespace, false); err != nil {
fmt.Fprintf(out, "%s\n", Red("FAILED"))
fmt.Printf("Error: %v\n\n", err)
fmt.Printf("\nPreflight rolebinding check\n")
fmt.Println("---------------------------------")
if err := qp.CheckCreateRoleBinding(namespace); err != nil {
fmt.Printf("Preflight rolebinding check: FAILED\n")
} else {
fmt.Fprintf(out, "%s\n\n", Green("PASSED"))
checkCount++
}
totalCount++
// Preflight serviceaccount check
if err := qp.CheckCreateServiceAccount(namespace, false); err != nil {
fmt.Fprintf(out, "%s\n", Red("FAILED"))
fmt.Printf("Error: %v\n\n", err)
fmt.Printf("\nPreflight serviceaccount check\n")
fmt.Println("------------------------------------")
if err := qp.CheckCreateServiceAccount(namespace); err != nil {
fmt.Printf("Preflight serviceaccount check: FAILED\n")
} else {
fmt.Fprintf(out, "%s\n\n", Green("PASSED"))
checkCount++
}
totalCount++
// Preflight mongo check
if err := qp.CheckMongo(kubeConfigContents, namespace, preflightOpts, false); err != nil {
fmt.Fprintf(out, "%s\n", Red("FAILED"))
fmt.Printf("Error: %v\n\n", err)
fmt.Printf("\nPreflight mongo check\n")
fmt.Println("---------------------")
if err := qp.CheckMongo(kubeConfigContents, namespace, mongodbUrl); err != nil {
fmt.Printf("Preflight mongo check: FAILED\n")
} else {
fmt.Fprintf(out, "%s\n\n", Green("PASSED"))
checkCount++
}
totalCount++
// Preflight DNS check
if err := qp.CheckDns(namespace, kubeConfigContents, false); err != nil {
fmt.Fprintf(out, "%s\n", Red("FAILED"))
fmt.Printf("Error: %v\n\n", err)
fmt.Printf("\nPreflight DNS check\n")
fmt.Println("-------------------")
if err := qp.CheckDns(namespace, kubeConfigContents); err != nil {
fmt.Printf("Preflight DNS check: FAILED\n")
} else {
fmt.Fprintf(out, "%s\n\n", Green("PASSED"))
checkCount++
}
totalCount++
// Preflight verify ca chain check
if err := qp.VerifyCAChain(kubeConfigContents, namespace, preflightOpts, false); err != nil {
fmt.Fprintf(out, "%s\n", Red("FAILED"))
fmt.Printf("Error: %v\n\n", err)
if checkCount == 9 {
fmt.Printf("\nAll preflight checks have PASSED\n")
} else {
fmt.Fprintf(out, "%s\n\n", Green("PASSED"))
checkCount++
fmt.Printf("\n1 or more preflight checks have FAILED\n")
}
totalCount++
if checkCount == totalCount {
// All preflight checks were successful
return nil
}
return errors.New("1 or more preflight checks have FAILED")
fmt.Println("Completed running all preflight checks")
}

132
pkg/preflight/deployability.go
View File

@@ -6,151 +6,113 @@ import (
"k8s.io/client-go/kubernetes"
)
func (p *QliksensePreflight) CheckDeployment(namespace string, kubeConfigContents []byte, cleanup bool) error {
clientset, _, err := p.CG.GetK8SClientSet(kubeConfigContents, "")
func (qp *QliksensePreflight) CheckDeployment(namespace string, kubeConfigContents []byte) error {
clientset, _, err := getK8SClientSet(kubeConfigContents, "")
if err != nil {
err = fmt.Errorf("Kube config error: %v\n", err)
fmt.Print(err)
return err
}
// Deployment check
if !cleanup {
fmt.Print("Preflight deployment check... ")
p.CG.LogVerboseMessage("\n--------------------------- \n")
}
err = p.checkPfDeployment(clientset, namespace, cleanup)
fmt.Printf("Preflight deployment check: \n")
err = qp.checkPfDeployment(clientset, namespace, "deployment-preflight-check")
if err != nil {
p.CG.LogVerboseMessage("Preflight Deployment check: FAILED\n")
fmt.Println("Preflight Deployment check: FAILED")
return err
}
if !cleanup {
p.CG.LogVerboseMessage("Completed preflight deployment check\n")
}
fmt.Println("Completed preflight deployment check")
return nil
}
func (p *QliksensePreflight) CheckService(namespace string, kubeConfigContents []byte, cleanup bool) error {
clientset, _, err := p.CG.GetK8SClientSet(kubeConfigContents, "")
func (qp *QliksensePreflight) CheckService(namespace string, kubeConfigContents []byte) error {
clientset, _, err := getK8SClientSet(kubeConfigContents, "")
if err != nil {
err = fmt.Errorf("unable to create a kubernetes client: %v\n", err)
err = fmt.Errorf("error: unable to create a kubernetes client: %v\n", err)
fmt.Println(err)
return err
}
// Service check
if !cleanup {
fmt.Print("Preflight service check... ")
p.CG.LogVerboseMessage("\n------------------------ \n")
}
err = p.checkPfService(clientset, namespace, cleanup)
fmt.Printf("\nPreflight service check: \n")
err = checkPfService(clientset, namespace)
if err != nil {
p.CG.LogVerboseMessage("Preflight Service check: FAILED\n")
fmt.Println("Preflight Service check: FAILED")
return err
}
if !cleanup {
p.CG.LogVerboseMessage("Completed preflight service check\n")
}
fmt.Println("Completed preflight service check")
return nil
}
func (p *QliksensePreflight) CheckPod(namespace string, kubeConfigContents []byte, cleanup bool) error {
clientset, _, err := p.CG.GetK8SClientSet(kubeConfigContents, "")
func (qp *QliksensePreflight) CheckPod(namespace string, kubeConfigContents []byte) error {
clientset, _, err := getK8SClientSet(kubeConfigContents, "")
if err != nil {
err = fmt.Errorf("error: unable to create a kubernetes client: %v\n", err)
fmt.Print(err)
return err
}
// Pod check
if !cleanup {
fmt.Print("Preflight pod check... ")
p.CG.LogVerboseMessage("\n-------------------- \n")
}
err = p.checkPfPod(clientset, namespace, cleanup)
fmt.Printf("\nPreflight pod check: \n")
err = qp.checkPfPod(clientset, namespace)
if err != nil {
p.CG.LogVerboseMessage("Preflight Pod check: FAILED\n")
fmt.Println("Preflight Pod check: FAILED")
return err
}
if !cleanup {
p.CG.LogVerboseMessage("Completed preflight pod check\n")
}
fmt.Println("Completed preflight pod check")
return nil
}
func (p *QliksensePreflight) checkPfPod(clientset kubernetes.Interface, namespace string, cleanup bool) error {
// delete the pod we are going to create, if it already exists in the cluster
podName := "pod-pf-check"
p.CG.DeletePod(clientset, namespace, podName)
if cleanup {
return nil
}
commandToRun := []string{}
imageName, err := p.GetPreflightConfigObj().GetImageName(nginx, true)
if err != nil {
return err
}
func (qp *QliksensePreflight) checkPfPod(clientset *kubernetes.Clientset, namespace string) error {
// create a pod
pod, err := p.CG.CreatePreflightTestPod(clientset, namespace, podName, imageName, nil, commandToRun)
podName := "pod-pf-check"
pod, err := createPreflightTestPod(clientset, namespace, podName, qp.GetPreflightConfigObj().GetImageName(nginx))
if err != nil {
err = fmt.Errorf("unable to create pod - %v\n", err)
err = fmt.Errorf("error: unable to create pod %s - %v\n", podName, err)
return err
}
defer p.CG.DeletePod(clientset, namespace, podName)
defer deletePod(clientset, namespace, podName)
if err := p.CG.WaitForPod(clientset, namespace, pod); err != nil {
if err := waitForPod(clientset, namespace, pod); err != nil {
return err
}
p.CG.LogVerboseMessage("Preflight pod creation check: PASSED\n")
p.CG.LogVerboseMessage("Cleaning up resources...\n")
fmt.Println("Preflight pod creation check: PASSED")
fmt.Println("Cleaning up resources...")
return nil
}
func (p *QliksensePreflight) checkPfService(clientset kubernetes.Interface, namespace string, cleanup bool) error {
// delete the service we are going to create, if it already exists in the cluster
serviceName := "svc-pf-check"
p.CG.DeleteService(clientset, namespace, serviceName)
if cleanup {
return nil
}
func checkPfService(clientset *kubernetes.Clientset, namespace string) error {
// creating service
pfService, err := p.CG.CreatePreflightTestService(clientset, namespace, serviceName)
serviceName := "svc-pf-check"
pfService, err := createPreflightTestService(clientset, namespace, serviceName)
if err != nil {
err = fmt.Errorf("unable to create service - %v\n", err)
err = fmt.Errorf("error: unable to create service : %s\n", serviceName)
return err
}
defer p.CG.DeleteService(clientset, namespace, serviceName)
_, err = p.CG.GetService(clientset, namespace, pfService.GetName())
defer deleteService(clientset, namespace, serviceName)
_, err = getService(clientset, namespace, pfService.GetName())
if err != nil {
err = fmt.Errorf("unable to retrieve service - %v\n", err)
err = fmt.Errorf("error: unable to retrieve service: %s\n", serviceName)
return err
}
p.CG.LogVerboseMessage("Preflight service creation check: PASSED\n")
p.CG.LogVerboseMessage("Cleaning up resources...\n")
fmt.Println("Preflight service creation check: PASSED")
fmt.Println("Cleaning up resources...")
return nil
}
func (p *QliksensePreflight) checkPfDeployment(clientset kubernetes.Interface, namespace string, cleanup bool) error {
// delete the deployment we are going to create, if it already exists in the cluster
depName := "deployment-preflight-check"
p.CG.DeleteDeployment(clientset, namespace, depName)
if cleanup {
return nil
}
func (qp *QliksensePreflight) checkPfDeployment(clientset *kubernetes.Clientset, namespace, depName string) error {
// check if we are able to create a deployment
imageName, err := p.GetPreflightConfigObj().GetImageName(nginx, true)
pfDeployment, err := createPreflightTestDeployment(clientset, namespace, depName, qp.GetPreflightConfigObj().GetImageName(nginx))
if err != nil {
err = fmt.Errorf("error: unable to create deployment: %v\n", err)
return err
}
pfDeployment, err := p.CG.CreatePreflightTestDeployment(clientset, namespace, depName, imageName)
if err != nil {
err = fmt.Errorf("unable to create deployment - %v\n", err)
defer deleteDeployment(clientset, namespace, depName)
if err := waitForDeployment(clientset, namespace, pfDeployment); err != nil {
return err
}
defer p.CG.DeleteDeployment(clientset, namespace, depName)
if err := p.CG.WaitForDeployment(clientset, namespace, pfDeployment); err != nil {
return err
}
p.CG.LogVerboseMessage("Preflight Deployment check: PASSED\n")
p.CG.LogVerboseMessage("Cleaning up resources...\n")
fmt.Println("Preflight Deployment check: PASSED")
fmt.Println("Cleaning up resources...")
return nil
}

93
pkg/preflight/dns_check.go
View File

@@ -4,7 +4,7 @@ import (
"fmt"
"strings"
"k8s.io/client-go/kubernetes"
"github.com/qlik-oss/sense-installer/pkg/api"
)
const (
@@ -12,99 +12,70 @@ const (
netcat = "netcat"
)
func (p *QliksensePreflight) CheckDns(namespace string, kubeConfigContents []byte, cleanup bool) error {
depName := "dep-dns-preflight-check"
serviceName := "svc-dns-pf-check"
podName := "pf-pod-1"
if !cleanup {
fmt.Print("Preflight DNS check... ")
p.CG.LogVerboseMessage("\n------------------- \n")
}
clientset, _, err := p.CG.GetK8SClientSet(kubeConfigContents, "")
func (qp *QliksensePreflight) CheckDns(namespace string, kubeConfigContents []byte) error {
clientset, clientConfig, err := getK8SClientSet(kubeConfigContents, "")
if err != nil {
err = fmt.Errorf("unable to create a kubernetes client: %v\n", err)
err = fmt.Errorf("error: unable to create a kubernetes client: %v\n", err)
fmt.Println(err)
return err
}
// delete the deployment we are going to create, if it already exists in the cluster
p.runDNSCleanup(clientset, namespace, podName, serviceName, depName)
if cleanup {
return nil
}
// creating deployment
nginxImageName, err := p.GetPreflightConfigObj().GetImageName(nginx, true)
depName := "dep-dns-preflight-check"
dnsDeployment, err := createPreflightTestDeployment(clientset, namespace, depName, qp.GetPreflightConfigObj().GetImageName(nginx))
if err != nil {
err = fmt.Errorf("error: unable to create deployment: %v\n", err)
fmt.Println(err)
return err
}
defer deleteDeployment(clientset, namespace, depName)
dnsDeployment, err := p.CG.CreatePreflightTestDeployment(clientset, namespace, depName, nginxImageName)
if err != nil {
err = fmt.Errorf("unable to create deployment: %v\n", err)
return err
}
defer p.CG.DeleteDeployment(clientset, namespace, depName)
if err := p.CG.WaitForDeployment(clientset, namespace, dnsDeployment); err != nil {
if err := waitForDeployment(clientset, namespace, dnsDeployment); err != nil {
return err
}
// creating service
dnsService, err := p.CG.CreatePreflightTestService(clientset, namespace, serviceName)
serviceName := "svc-dns-pf-check"
dnsService, err := createPreflightTestService(clientset, namespace, serviceName)
if err != nil {
err = fmt.Errorf("unable to create service : %s, %s\n", serviceName, err)
err = fmt.Errorf("error: unable to create service : %s\n", serviceName)
return err
}
defer p.CG.DeleteService(clientset, namespace, serviceName)
defer deleteService(clientset, namespace, serviceName)
// create a pod
commandToRun := []string{"sh", "-c", "sleep 10; nc -z -v -w 1 " + dnsService.Name + " 80"}
netcatImageName, err := p.GetPreflightConfigObj().GetImageName(netcat, true)
podName := "pf-pod-1"
dnsPod, err := createPreflightTestPod(clientset, namespace, podName, qp.GetPreflightConfigObj().GetImageName(netcat))
if err != nil {
err = fmt.Errorf("unable to retrieve image : %v\n", err)
err = fmt.Errorf("error: unable to create pod : %s\n", podName)
return err
}
defer deletePod(clientset, namespace, podName)
dnsPod, err := p.CG.CreatePreflightTestPod(clientset, namespace, podName, netcatImageName, nil, commandToRun)
if err != nil {
err = fmt.Errorf("unable to create pod : %s, %s\n", podName, err)
return err
}
defer p.CG.DeletePod(clientset, namespace, podName)
if err := p.CG.WaitForPod(clientset, namespace, dnsPod); err != nil {
if err := waitForPod(clientset, namespace, dnsPod); err != nil {
return err
}
if len(dnsPod.Spec.Containers) == 0 {
err := fmt.Errorf("there are no containers in the pod")
err := fmt.Errorf("error: there are no containers in the pod")
fmt.Println(err)
return err
}
p.CG.WaitForPodToDie(clientset, namespace, dnsPod)
logStr, err := p.CG.GetPodLogs(clientset, dnsPod)
api.LogDebugMessage("Exec-ing into the container...")
stdout, stderr, err := executeRemoteCommand(clientset, clientConfig, dnsPod.Name, dnsPod.Spec.Containers[0].Name, namespace, []string{"nc", "-z", "-v", "-w 1", dnsService.Name, "80"})
if err != nil {
err = fmt.Errorf("unable to execute dns check in the cluster: %v", err)
err = fmt.Errorf("error: unable to execute dns check in the cluster: %v", err)
fmt.Println(err)
return err
}
if strings.HasSuffix(strings.TrimSpace(logStr), "succeeded!") {
p.CG.LogVerboseMessage("Preflight DNS check: PASSED\n")
if strings.HasSuffix(stdout, "succeeded!") || strings.HasSuffix(stderr, "succeeded!") {
fmt.Println("Preflight DNS check: PASSED")
} else {
err = fmt.Errorf("Expected response not found\n")
return err
}
if !cleanup {
p.CG.LogVerboseMessage("Completed preflight DNS check\n")
p.CG.LogVerboseMessage("Cleaning up resources...\n")
fmt.Println("Preflight DNS check: FAILED")
}
fmt.Println("Completed preflight DNS check")
fmt.Println("Cleaning up resources...")
return nil
}
func (p *QliksensePreflight) runDNSCleanup(clientset kubernetes.Interface, namespace, podName, serviceName, depName string) {
p.CG.DeleteDeployment(clientset, namespace, depName)
p.CG.DeletePod(clientset, namespace, podName)
p.CG.DeleteService(clientset, namespace, serviceName)
}

204
pkg/preflight/mongo_check.go
View File

@@ -2,206 +2,84 @@ package preflight
import (
"fmt"
"io/ioutil"
"os"
"path/filepath"
"strings"
"github.com/Masterminds/semver/v3"
"github.com/pkg/errors"
"github.com/qlik-oss/sense-installer/pkg/api"
qapi "github.com/qlik-oss/sense-installer/pkg/api"
apiv1 "k8s.io/api/core/v1"
"k8s.io/client-go/kubernetes"
)
const (
preflight_mongo = "preflight-mongo"
caCertMountPath = "/etc/ssl/certs/ca-certificates.crt"
mongoImage = "mongo"
)
func (qp *QliksensePreflight) CheckMongo(kubeConfigContents []byte, namespace string, preflightOpts *PreflightOptions, cleanup bool) error {
if !cleanup {
fmt.Print("Preflight mongodb check... ")
qp.CG.LogVerboseMessage("\n------------------------ \n")
}
var currentCR *qapi.QliksenseCR
var err error
qConfig := qapi.NewQConfig(qp.Q.QliksenseHome)
qConfig.SetNamespace(namespace)
currentCR, err = qConfig.GetCurrentCR()
if err != nil {
qp.CG.LogVerboseMessage("Unable to retrieve current CR: %v\n", err)
return err
}
decryptedCR, err := qConfig.GetDecryptedCr(currentCR)
if err != nil {
qp.CG.LogVerboseMessage("An error occurred while retrieving mongodbUrl from current CR: %v\n", err)
return err
}
if preflightOpts.MongoOptions.MongodbUrl == "" && !cleanup {
func (qp *QliksensePreflight) CheckMongo(kubeConfigContents []byte, namespace, mongodbUrl string) error {
fmt.Printf("Preflight mongodb check: \n")
if mongodbUrl == "" {
// infer mongoDbUrl from currentCR
qp.CG.LogVerboseMessage("mongodbUri is empty, infer from CR\n")
preflightOpts.MongoOptions.MongodbUrl = strings.TrimSpace(decryptedCR.Spec.GetFromSecrets("qliksense", "mongodbUri"))
}
fmt.Println("MongoDbUri is empty, infer from CR")
qConfig := qapi.NewQConfig(qp.Q.QliksenseHome)
var currentCR *qapi.QliksenseCR
if preflightOpts.MongoOptions.CaCertFile == "" && !cleanup {
caCertStr := decryptedCR.Spec.GetFromSecrets("qliksense", "caCertificates")
tmpDir := os.TempDir()
caCrtFile := filepath.Join(tmpDir, "rootCA.crt")
api.LogDebugMessage("received ca crt: %s\n", caCertStr)
if err := ioutil.WriteFile(caCrtFile, []byte(caCertStr), 0644); err != nil {
return fmt.Errorf("unable to write CA crt to file: %v", err)
var err error
qConfig.SetNamespace(namespace)
currentCR, err = qConfig.GetCurrentCR()
if err != nil {
fmt.Printf("Unable to retrieve current CR: %v\n", err)
return err
}
preflightOpts.MongoOptions.CaCertFile = caCrtFile
decryptedCR, err := qConfig.GetDecryptedCr(currentCR)
mongodbUrl = decryptedCR.Spec.GetFromSecrets("qliksense", "mongoDbUri")
}
if !cleanup {
qp.CG.LogVerboseMessage("MongodbUrl: %s\n", preflightOpts.MongoOptions.MongodbUrl)
// if mongodbUrl is empty, abort check
if preflightOpts.MongoOptions.MongodbUrl == "" {
qp.CG.LogVerboseMessage("Mongodb Url is empty, hence aborting preflight check\n")
return errors.New("MongodbUrl is empty")
}
}
if err := qp.mongoConnCheck(kubeConfigContents, namespace, preflightOpts, cleanup); err != nil {
fmt.Printf("mongodbUrl: %s\n", mongodbUrl)
if err := mongoConnCheck(kubeConfigContents, namespace, mongodbUrl); err != nil {
return err
}
if !cleanup {
qp.CG.LogVerboseMessage("Completed preflight mongodb check\n")
}
fmt.Println("Completed preflight mongodb check")
return nil
}
func (p *QliksensePreflight) mongoConnCheck(kubeConfigContents []byte, namespace string, preflightOpts *PreflightOptions, cleanup bool) error {
caCertSecretName := "ca-certificates-crt"
mongoPodName := "pf-mongo-pod"
clientset, _, err := p.CG.GetK8SClientSet(kubeConfigContents, "")
func mongoConnCheck(kubeConfigContents []byte, namespace, mongodbUrl string) error {
clientset, clientConfig, err := getK8SClientSet(kubeConfigContents, "")
if err != nil {
err = fmt.Errorf("unable to create a kubernetes client: %v\n", err)
err = fmt.Errorf("error: unable to create a kubernetes client: %v\n", err)
fmt.Println(err)
return err
}
// cleanup before starting check
p.runMongoCleanup(clientset, namespace, mongoPodName, caCertSecretName)
if cleanup {
return nil
}
secrets := map[string]string{}
if preflightOpts.MongoOptions.CaCertFile != "" {
caCertSecret, err := p.createSecret(clientset, namespace, preflightOpts.MongoOptions.CaCertFile, caCertSecretName)
if err != nil {
err = fmt.Errorf("unable to create a ca cert kubernetes secret: %v\n", err)
return err
}
defer p.CG.DeleteK8sSecret(clientset, namespace, caCertSecret.Name)
secrets[caCertSecretName] = caCertMountPath
}
commandToRun := []string{"./preflight-mongo", fmt.Sprintf(`-url="%s"`, preflightOpts.MongoOptions.MongodbUrl)}
api.LogDebugMessage("Mongo command: %s\n", strings.Join(commandToRun, " "))
// create a pod
imageName, err := p.GetPreflightConfigObj().GetImageName(preflight_mongo, true)
podName := "pf-mongo-pod"
mongoPod, err := createPreflightTestPod(clientset, namespace, podName, mongoImage)
if err != nil {
err = fmt.Errorf("unable to retrieve image : %v\n", err)
err = fmt.Errorf("error: unable to create pod : %s\n", podName)
fmt.Println("Preflight mongo check: FAILED")
return err
}
api.LogDebugMessage("image name to be used: %s\n", imageName)
mongoPod, err := p.CG.CreatePreflightTestPod(clientset, namespace, mongoPodName, imageName, secrets, commandToRun)
if err != nil {
err = fmt.Errorf("unable to create pod : %v\n", err)
return err
}
defer p.CG.DeletePod(clientset, namespace, mongoPodName)
defer deletePod(clientset, namespace, podName)
if err := p.CG.WaitForPod(clientset, namespace, mongoPod); err != nil {
if err := waitForPod(clientset, namespace, mongoPod); err != nil {
return err
}
if len(mongoPod.Spec.Containers) == 0 {
err := fmt.Errorf("there are no containers in the pod- %v\n", err)
err := fmt.Errorf("error: there are no containers in the pod")
fmt.Println(err)
return err
}
p.CG.WaitForPodToDie(clientset, namespace, mongoPod)
logStr, err := p.CG.GetPodLogs(clientset, mongoPod)
api.LogDebugMessage("Exec-ing into the container...")
stdout, stderr, err := executeRemoteCommand(clientset, clientConfig, mongoPod.Name, mongoPod.Spec.Containers[0].Name, namespace, []string{"mongo", mongodbUrl})
if err != nil {
err = fmt.Errorf("unable to execute mongo check in the cluster: %v\n", err)
err = fmt.Errorf("error: unable to execute mongo check in the cluster: %v", err)
fmt.Println(err)
return err
}
// check mongo server version
ok, err := p.checkMongoVersion(logStr)
if !ok || err != nil {
return err
}
// check if connection succeeded
stringToCheck := "qlik - connection succeeded!!"
if strings.Contains(logStr, stringToCheck) {
p.CG.LogVerboseMessage("Preflight mongo check: PASSED\n")
api.LogDebugMessage("stdout:", stdout)
api.LogDebugMessage("stderr:", stderr)
stringToCheck := "Implicit session"
if strings.Contains(stdout, stringToCheck) || strings.Contains(stderr, stringToCheck) {
fmt.Println("Preflight mongo check: PASSED")
} else {
err = fmt.Errorf("Connection failed: %s\n", logStr)
return err
fmt.Println("Preflight mongo check: FAILED")
}
return nil
}
func (p *QliksensePreflight) checkMongoVersion(logStr string) (bool, error) {
// check mongo server version
api.LogDebugMessage("Minimum required mongo version: %s\n", p.GetPreflightConfigObj().GetMinMongoVersion())
mongoVersionStrToCheck := "qlik mongo server version:"
if strings.Contains(logStr, mongoVersionStrToCheck) {
logLines := strings.Split(logStr, "\n")
for _, eachline := range logLines {
if strings.Contains(eachline, mongoVersionStrToCheck) {
mongoVersionLog := strings.Split(eachline, ":")
if len(mongoVersionLog) < 2 {
continue
}
mongoVersionStr := strings.ReplaceAll(strings.TrimSpace(mongoVersionLog[1]), `"`, "")
api.LogDebugMessage("Extracted mongo version from pod log: %s\n", mongoVersionStr)
currentMongoVersionSemver, err := semver.NewVersion(mongoVersionStr)
if err != nil {
err = fmt.Errorf("Unable to convert minimum mongo version into semver version:%v\n", err)
return false, err
}
minMongoVersionSemver, err := semver.NewVersion(p.GetPreflightConfigObj().GetMinMongoVersion())
if err != nil {
err = fmt.Errorf("Unable to convert required minimum mongo version into semver version:%v\n", err)
return false, err
}
if currentMongoVersionSemver.GreaterThan(minMongoVersionSemver) || currentMongoVersionSemver.Equal(minMongoVersionSemver) {
p.CG.LogVerboseMessage("Current mongodb server version %s is greater than or equal to minimum required mongodb version: %s\n", currentMongoVersionSemver, minMongoVersionSemver)
return true, nil
}
err = fmt.Errorf("Current mongodb server version %s is less than minimum required mongodb version: %s", currentMongoVersionSemver, minMongoVersionSemver)
return false, err
}
}
}
err := errors.New("Unable to infer mongodb server version")
return false, err
}
func (p *QliksensePreflight) createSecret(clientset kubernetes.Interface, namespace, certFile, certSecretName string) (*apiv1.Secret, error) {
certBytes, err := ioutil.ReadFile(certFile)
if err != nil {
return nil, err
}
certSecret, err := p.CG.CreatePreflightTestSecret(clientset, namespace, certSecretName, certBytes)
if err != nil {
err = fmt.Errorf("unable to create secret with cert : %v\n", err)
return nil, err
}
return certSecret, nil
}
func (p *QliksensePreflight) runMongoCleanup(clientset kubernetes.Interface, namespace, mongoPodName, caCertSecretName string) {
p.CG.DeletePod(clientset, namespace, mongoPodName)
p.CG.DeleteK8sSecret(clientset, namespace, caCertSecretName)
}

53
pkg/api/preflight_apis.go → pkg/preflight/preflight_apis.go
View File

@@ -1,11 +1,10 @@
package api
package preflight
import (
"os"
"path"
"path/filepath"
"strings"
api "github.com/qlik-oss/sense-installer/pkg/api"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
@@ -17,9 +16,8 @@ type PreflightConfig struct {
}
type PreflightSpec struct {
MinK8sVersion string `json:"minK8sVersion,omitempty" yaml:"minK8sVersion,omitempty"`
MinMongoVersion string `json:"minMongoVersion,omitempty" yaml:"minMongoVersion,omitempty"`
Images map[string]string `json:"images,omitempty" yaml:"images,omitempty"`
MinK8sVersion string `json:"minK8sVersion,omitempty" yaml:"minK8sVersion,omitempty"`
Images map[string]string `json:"images,omitempty" yaml:"images,omitempty"`
}
//NewPreflightConfigEmpty create empty PreflightConfig object
@@ -45,10 +43,8 @@ func NewPreflightConfig(qHome string) *PreflightConfig {
if _, err := os.Lstat(conFile); err != nil {
return p
}
p = &PreflightConfig{
QliksenseHomePath: qHome,
}
if err := ReadFromFile(p, conFile); err != nil {
p = &PreflightConfig{}
if err := api.ReadFromFile(p, conFile); err != nil {
return nil
}
return p
@@ -65,7 +61,7 @@ func (p *PreflightConfig) Write() error {
if err := os.MkdirAll(pDir, os.ModePerm); err != nil {
return err
}
return WriteToFile(p, p.GetConfigFilePath())
return api.WriteToFile(p, p.GetConfigFilePath())
}
func (p *PreflightConfig) AddMinK8sV(version string) {
@@ -75,13 +71,6 @@ func (p *PreflightConfig) AddMinK8sV(version string) {
p.Spec.MinK8sVersion = version
}
func (p *PreflightConfig) AddMinMongoV(version string) {
if p.Spec == nil {
p.Spec = &PreflightSpec{}
}
p.Spec.MinMongoVersion = version
}
func (p *PreflightConfig) AddImage(imageFor, imageName string) {
if p.Spec.Images == nil {
p.Spec.Images = make(map[string]string)
@@ -89,31 +78,15 @@ func (p *PreflightConfig) AddImage(imageFor, imageName string) {
p.Spec.Images[imageFor] = imageName
}
func (p *PreflightConfig) GetImageName(imageFor string, accountForImageRegistry bool) (string, error) {
func (p *PreflightConfig) GetImageName(imageFor string) string {
if p.Spec.Images == nil {
return "", nil
return ""
}
image := p.Spec.Images[imageFor]
if accountForImageRegistry {
qConfig := NewQConfig(p.QliksenseHomePath)
if currentCR, err := qConfig.GetCurrentCR(); err != nil {
return "", err
} else if imageRegistry := currentCR.Spec.GetImageRegistry(); imageRegistry != "" {
imageSegments := strings.Split(image, "/")
imageNameAndTag := imageSegments[len(imageSegments)-1]
return path.Join(imageRegistry, imageNameAndTag), nil
}
}
return image, nil
return p.Spec.Images[imageFor]
}
func (p *PreflightConfig) GetMinK8sVersion() string {
return p.Spec.MinK8sVersion
}
func (p *PreflightConfig) GetMinMongoVersion() string {
return p.Spec.MinMongoVersion
}
func (p *PreflightConfig) IsExistOnDisk() bool {
if _, err := os.Lstat(p.GetConfigFilePath()); err != nil {
return false
@@ -130,9 +103,7 @@ func (p *PreflightConfig) Initialize() error {
return nil
}
p.AddMinK8sV("1.15")
p.AddMinMongoV("3.6")
p.AddImage("nginx", "nginx:1.19.0-alpine")
p.AddImage("netcat", "qlik-docker-oss.bintray.io/preflight-netcat:v1.0.0")
p.AddImage("preflight-mongo", "qlik-docker-oss.bintray.io/preflight-mongo:v1.0.0")
p.AddImage("nginx", "nginx")
p.AddImage("netcat", "subfuzion/netcat")
return p.Write()
}

41
pkg/preflight/preflight_apis_test.go Normal file
View File

@@ -0,0 +1,41 @@
package preflight
import (
"io/ioutil"
"testing"
api "github.com/qlik-oss/sense-installer/pkg/api"
)
func Test_Initalize(t *testing.T) {
tempDir, err := ioutil.TempDir("", "")
if err != nil {
t.Log(err)
t.FailNow()
}
pf := NewPreflightConfig(tempDir)
if err := pf.Initialize(); err != nil {
t.Log()
t.FailNow()
}
p := &PreflightConfig{
QliksenseHomePath: tempDir,
}
if err := api.ReadFromFile(p, pf.GetConfigFilePath()); err != nil {
t.Log(err)
t.FailNow()
}
if p.GetMinK8sVersion() != "1.15" {
t.Log("expected k8 version: 1.15, but got " + p.GetMinK8sVersion())
t.Fail()
}
p.AddImage("test", "testimage")
if err := p.Write(); err != nil {
t.Log(err)
t.Fail()
}
p2 := NewPreflightConfig(tempDir)
if p2.GetImageName("test") != "testimage" {
t.Log("expected image name: testimage, got: " + p2.GetImageName("test"))
}
}

657
pkg/preflight/preflight_utils.go
View File

@@ -1,51 +1,642 @@
package preflight
import (
"bytes"
"fmt"
"io"
"io/ioutil"
"log"
"net/url"
"path/filepath"
"strings"
"time"
"github.com/mitchellh/go-homedir"
"k8s.io/apimachinery/pkg/util/wait"
"k8s.io/client-go/util/retry"
"k8s.io/client-go/rest"
"k8s.io/client-go/tools/clientcmd"
"k8s.io/client-go/tools/remotecommand"
"k8s.io/kubectl/pkg/scheme"
"github.com/pkg/errors"
"github.com/qlik-oss/sense-installer/pkg/api"
"github.com/qlik-oss/sense-installer/pkg/qliksense"
appsv1 "k8s.io/api/apps/v1"
apiv1 "k8s.io/api/core/v1"
"k8s.io/api/rbac/v1beta1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/kubernetes"
restclient "k8s.io/client-go/rest"
k8serrors "k8s.io/apimachinery/pkg/api/errors"
)
type PreflightOptions struct {
Verbose bool
MongoOptions *MongoOptions
}
type MongoOptions struct {
MongodbUrl string
CaCertFile string
}
var gracePeriod int64 = 0
type QliksensePreflight struct {
Q *qliksense.Qliksense
P *PreflightOptions
CG *api.ClientGoUtils
Q *qliksense.Qliksense
}
func (qp *QliksensePreflight) GetPreflightConfigObj() *api.PreflightConfig {
return api.NewPreflightConfig(qp.Q.QliksenseHome)
func (qp *QliksensePreflight) GetPreflightConfigObj() *PreflightConfig {
return NewPreflightConfig(qp.Q.QliksenseHome)
}
func (qp *QliksensePreflight) Cleanup(namespace string, kubeConfigContents []byte) error {
qp.CG.LogVerboseMessage("Preflight clean\n")
qp.CG.LogVerboseMessage("----------------\n")
func InitPreflight() (string, []byte, error) {
api.LogDebugMessage("Reading .kube/config file...")
qp.CG.LogVerboseMessage("Removing deployment...\n")
qp.CheckDeployment(namespace, kubeConfigContents, true)
qp.CG.LogVerboseMessage("Removing service...\n")
qp.CheckService(namespace, kubeConfigContents, true)
qp.CG.LogVerboseMessage("Removing pod...\n")
qp.CheckPod(namespace, kubeConfigContents, true)
homeDir, err := homedir.Dir()
if err != nil {
err = fmt.Errorf("Unable to deduce home dir\n")
return "", nil, err
}
api.LogDebugMessage("Kube config location: %s\n\n", filepath.Join(homeDir, ".kube", "config"))
qp.CG.LogVerboseMessage("Removing role...\n")
qp.CheckCreateRole(namespace, true)
qp.CG.LogVerboseMessage("Removing rolebinding...\n")
qp.CheckCreateRoleBinding(namespace, true)
qp.CG.LogVerboseMessage("Removing serviceaccount...\n")
qp.CheckCreateServiceAccount(namespace, true)
kubeConfig := filepath.Join(homeDir, ".kube", "config")
kubeConfigContents, err := ioutil.ReadFile(kubeConfig)
if err != nil {
err = fmt.Errorf("Unable to deduce home dir\n")
return "", nil, err
}
// retrieve namespace
namespace := api.GetKubectlNamespace()
// if namespace comes back empty, we will run checks in the default namespace
if namespace == "" {
namespace = "default"
}
api.LogDebugMessage("Namespace: %s\n", namespace)
return namespace, kubeConfigContents, nil
}
qp.CG.LogVerboseMessage("Removing DNS check components...\n")
qp.CheckDns(namespace, kubeConfigContents, true)
qp.CG.LogVerboseMessage("Removing mongo check components...\n")
qp.CheckMongo(kubeConfigContents, namespace, &PreflightOptions{MongoOptions: &MongoOptions{}}, true)
func initiateK8sOps(opr, namespace string) error {
opr1 := strings.Fields(opr)
_, err := api.KubectlDirectOps(opr1, namespace)
if err != nil {
fmt.Println(err)
return err
}
return nil
}
func int32Ptr(i int32) *int32 { return &i }
func retryOnError(mf func() error) error {
return retry.OnError(wait.Backoff{
Duration: 1 * time.Second,
Factor: 1,
Jitter: 0.1,
Steps: 5,
}, func(err error) bool {
return k8serrors.IsConflict(err) || k8serrors.IsGone(err) || k8serrors.IsServerTimeout(err) ||
k8serrors.IsServiceUnavailable(err) || k8serrors.IsTimeout(err) || k8serrors.IsTooManyRequests(err)
}, mf)
}
func getK8SClientSet(kubeconfig []byte, contextName string) (*kubernetes.Clientset, *rest.Config, error) {
var clientConfig *rest.Config
var err error
if len(kubeconfig) == 0 {
clientConfig, err = rest.InClusterConfig()
if err != nil {
err = errors.Wrap(err, "Unable to load in-cluster kubeconfig")
fmt.Println(err)
return nil, nil, err
}
} else {
config, err := clientcmd.Load(kubeconfig)
if err != nil {
err = errors.Wrap(err, "Unable to load kubeconfig")
fmt.Println(err)
return nil, nil, err
}
if contextName != "" {
config.CurrentContext = contextName
}
clientConfig, err = clientcmd.NewDefaultClientConfig(*config, &clientcmd.ConfigOverrides{}).ClientConfig()
if err != nil {
err = errors.Wrap(err, "Unable to create client config from config")
fmt.Println(err)
return nil, nil, err
}
}
clientset, err := kubernetes.NewForConfig(clientConfig)
if err != nil {
err = errors.Wrap(err, "Unable to create clientset")
fmt.Println(err)
return nil, nil, err
}
return clientset, clientConfig, nil
}
func createPreflightTestDeployment(clientset *kubernetes.Clientset, namespace string, depName string, imageName string) (*appsv1.Deployment, error) {
deploymentsClient := clientset.AppsV1().Deployments(namespace)
deployment := &appsv1.Deployment{
ObjectMeta: v1.ObjectMeta{
Name: depName,
},
Spec: appsv1.DeploymentSpec{
Replicas: int32Ptr(1),
Selector: &v1.LabelSelector{
MatchLabels: map[string]string{
"app": "preflight-check",
},
},
Template: apiv1.PodTemplateSpec{
ObjectMeta: v1.ObjectMeta{
Labels: map[string]string{
"app": "preflight-check",
"label": "preflight-check-label",
},
},
Spec: apiv1.PodSpec{
Containers: []apiv1.Container{
{
Name: "dep",
Image: imageName,
Ports: []apiv1.ContainerPort{
{
Name: "http",
Protocol: apiv1.ProtocolTCP,
ContainerPort: 80,
},
},
},
},
},
},
},
}
// Create Deployment
var result *appsv1.Deployment
if err := retryOnError(func() (err error) {
result, err = deploymentsClient.Create(deployment)
return err
}); err != nil {
err = errors.Wrapf(err, "error: unable to create deployments in the %s namespace", namespace)
fmt.Println(err)
return nil, err
}
fmt.Printf("Created deployment %q\n", result.GetObjectMeta().GetName())
return deployment, nil
}
func getDeployment(clientset *kubernetes.Clientset, namespace, depName string) (*appsv1.Deployment, error) {
deploymentsClient := clientset.AppsV1().Deployments(namespace)
var deployment *appsv1.Deployment
if err := retryOnError(func() (err error) {
deployment, err = deploymentsClient.Get(depName, v1.GetOptions{})
return err
}); err != nil {
err = errors.Wrapf(err, "error: unable to get deployments in the %s namespace", namespace)
api.LogDebugMessage("%v\n", err)
return nil, err
}
return deployment, nil
}
func deleteDeployment(clientset *kubernetes.Clientset, namespace, name string) error {
deploymentsClient := clientset.AppsV1().Deployments(namespace)
// Create Deployment
deletePolicy := v1.DeletePropagationForeground
deleteOptions := v1.DeleteOptions{
PropagationPolicy: &deletePolicy,
GracePeriodSeconds: &gracePeriod,
}
if err := retryOnError(func() (err error) {
return deploymentsClient.Delete(name, &deleteOptions)
}); err != nil {
fmt.Println(err)
return err
}
if err := waitForDeploymentToDelete(clientset, namespace, name); err != nil {
return err
}
fmt.Printf("Deleted deployment: %s\n", name)
return nil
}
func createPreflightTestService(clientset *kubernetes.Clientset, namespace string, svcName string) (*apiv1.Service, error) {
iptr := int32Ptr(80)
servicesClient := clientset.CoreV1().Services(namespace)
service := &apiv1.Service{
ObjectMeta: v1.ObjectMeta{
Name: svcName,
Namespace: namespace,
Labels: map[string]string{
"app": "preflight-check",
},
},
Spec: apiv1.ServiceSpec{
Ports: []apiv1.ServicePort{
{Name: "port1",
Port: *iptr,
},
},
Selector: map[string]string{
"app": "preflight-check",
},
ClusterIP: "",
},
}
var result *apiv1.Service
if err := retryOnError(func() (err error) {
result, err = servicesClient.Create(service)
return err
}); err != nil {
fmt.Println(err)
return nil, err
}
fmt.Printf("Created service %q\n", result.GetObjectMeta().GetName())
return service, nil
}
func getService(clientset *kubernetes.Clientset, namespace, svcName string) (*apiv1.Service, error) {
servicesClient := clientset.CoreV1().Services(namespace)
var svc *apiv1.Service
if err := retryOnError(func() (err error) {
svc, err = servicesClient.Get(svcName, v1.GetOptions{})
return err
}); err != nil {
err = errors.Wrapf(err, "unable to get services in the %s namespace", namespace)
fmt.Println(err)
return nil, err
}
return svc, nil
}
func deleteService(clientset *kubernetes.Clientset, namespace, name string) error {
servicesClient := clientset.CoreV1().Services(namespace)
// Create Deployment
deletePolicy := v1.DeletePropagationForeground
deleteOptions := v1.DeleteOptions{
PropagationPolicy: &deletePolicy,
}
if err := retryOnError(func() (err error) {
return servicesClient.Delete(name, &deleteOptions)
}); err != nil {
fmt.Println(err)
return err
}
fmt.Printf("Deleted service: %s\n", name)
return nil
}
func deletePod(clientset *kubernetes.Clientset, namespace, name string) error {
podsClient := clientset.CoreV1().Pods(namespace)
deletePolicy := v1.DeletePropagationForeground
deleteOptions := v1.DeleteOptions{
PropagationPolicy: &deletePolicy,
GracePeriodSeconds: &gracePeriod,
}
if err := retryOnError(func() (err error) {
return podsClient.Delete(name, &deleteOptions)
}); err != nil {
fmt.Println(err)
return err
}
if err := waitForPodToDelete(clientset, namespace, name); err != nil {
return err
}
fmt.Printf("Deleted pod: %s\n", name)
return nil
}
func createPreflightTestPod(clientset *kubernetes.Clientset, namespace string, podName string, imageName string) (*apiv1.Pod, error) {
// build the pod definition we want to deploy
pod := &apiv1.Pod{
ObjectMeta: v1.ObjectMeta{
Name: podName,
Namespace: namespace,
Labels: map[string]string{
"app": "preflight",
},
},
Spec: apiv1.PodSpec{
Containers: []apiv1.Container{
{
Name: "cnt",
Image: imageName,
ImagePullPolicy: apiv1.PullIfNotPresent,
Command: []string{
"sleep",
"3600",
},
},
},
},
}
// now create the pod in kubernetes cluster using the clientset
if err := retryOnError(func() (err error) {
pod, err = clientset.CoreV1().Pods(namespace).Create(pod)
return err
}); err != nil {
fmt.Println(err)
return nil, err
}
fmt.Printf("Created pod: %s\n", pod.Name)
return pod, nil
}
func getPod(clientset *kubernetes.Clientset, namespace, podName string) (*apiv1.Pod, error) {
api.LogDebugMessage("Fetching pod: %s\n", podName)
var pod *apiv1.Pod
if err := retryOnError(func() (err error) {
pod, err = clientset.CoreV1().Pods(namespace).Get(podName, v1.GetOptions{})
return err
}); err != nil {
api.LogDebugMessage("%v\n", err)
return nil, err
}
return pod, nil
}
func execute(method string, url *url.URL, config *restclient.Config, stdin io.Reader, stdout, stderr io.Writer, tty bool) error {
exec, err := remotecommand.NewSPDYExecutor(config, method, url)
if err != nil {
return err
}
return exec.Stream(remotecommand.StreamOptions{
Stdin: stdin,
Stdout: stdout,
Stderr: stderr,
Tty: tty,
})
}
func executeRemoteCommand(clientset *kubernetes.Clientset, config *rest.Config, podName, containerName, namespace string, command []string) (string, string, error) {
tty := false
req := clientset.CoreV1().RESTClient().Post().
Resource("pods").
Name(podName).
Namespace(namespace).
SubResource("exec").
Param("container", containerName)
req.VersionedParams(&apiv1.PodExecOptions{
Container: containerName,
Command: command,
Stdin: false,
Stdout: true,
Stderr: true,
TTY: tty,
}, scheme.ParameterCodec)
var stdout, stderr bytes.Buffer
err := execute("POST", req.URL(), config, nil, &stdout, &stderr, tty)
return strings.TrimSpace(stdout.String()), strings.TrimSpace(stderr.String()), err
}
func waitForDeployment(clientset *kubernetes.Clientset, namespace string, pfDeployment *appsv1.Deployment) error {
timeout := time.NewTicker(2 * time.Minute)
defer timeout.Stop()
var d *appsv1.Deployment
var err error
WAIT:
for {
d, err = getDeployment(clientset, namespace, pfDeployment.GetName())
if err != nil {
err = fmt.Errorf("error: unable to retrieve deployment: %s\n", pfDeployment.GetName())
fmt.Println(err)
return err
}
select {
case <-timeout.C:
break WAIT
default:
if int(d.Status.ReadyReplicas) > 0 {
break WAIT
}
}
time.Sleep(5 * time.Second)
}
if int(d.Status.ReadyReplicas) == 0 {
err = fmt.Errorf("error: deployment took longer than expected to spin up pods")
fmt.Println(err)
return err
}
return nil
}
func waitForPod(clientset *kubernetes.Clientset, namespace string, pod *apiv1.Pod) error {
var err error
if len(pod.Spec.Containers) > 0 {
timeout := time.NewTicker(2 * time.Minute)
defer timeout.Stop()
podName := pod.Name
OUT:
for {
pod, err = getPod(clientset, namespace, podName)
if err != nil {
err = fmt.Errorf("error: unable to retrieve %s pod by name", podName)
fmt.Println(err)
return err
}
select {
case <-timeout.C:
break OUT
default:
if len(pod.Status.ContainerStatuses) > 0 && pod.Status.ContainerStatuses[0].Ready {
break OUT
}
}
time.Sleep(5 * time.Second)
}
if len(pod.Status.ContainerStatuses) == 0 || !pod.Status.ContainerStatuses[0].Ready {
err = fmt.Errorf("error: container is taking much longer than expected")
fmt.Println(err)
return err
}
return nil
}
err = fmt.Errorf("error: there are no containers in the pod")
fmt.Println(err)
return err
}
func waitForPodToDelete(clientset *kubernetes.Clientset, namespace, podName string) error {
var err error
timeout := time.NewTicker(2 * time.Minute)
defer timeout.Stop()
OUT:
for {
_, err = getPod(clientset, namespace, podName)
if err != nil {
return nil
}
select {
case <-timeout.C:
break OUT
default:
}
time.Sleep(5 * time.Second)
}
err = fmt.Errorf("error: delete pod is taking unusually long")
fmt.Println(err)
return err
}
func waitForDeploymentToDelete(clientset *kubernetes.Clientset, namespace, deploymentName string) error {
var err error
timeout := time.NewTicker(2 * time.Minute)
defer timeout.Stop()
OUT:
for {
_, err = getDeployment(clientset, namespace, deploymentName)
if err != nil {
return nil
}
select {
case <-timeout.C:
break OUT
default:
}
time.Sleep(5 * time.Second)
}
err = fmt.Errorf("error: delete deployment is taking unusually long")
fmt.Println(err)
return err
}
func createPfRole(clientset *kubernetes.Clientset, namespace, roleName string) (*v1beta1.Role, error) {
// build the role defination we want to create
var role *v1beta1.Role
roleSpec := &v1beta1.Role{
ObjectMeta: v1.ObjectMeta{
Name: roleName,
Namespace: namespace,
Labels: map[string]string{
"app": "preflight",
},
},
Rules: []v1beta1.PolicyRule{},
}
// now create the role in kubernetes cluster using the clientset
if err := retryOnError(func() (err error) {
role, err = clientset.RbacV1beta1().Roles(namespace).Create(roleSpec)
return err
}); err != nil {
fmt.Println(err)
return nil, err
}
fmt.Printf("Created role: %s\n", role.Name)
return role, nil
}
func deleteRole(clientset *kubernetes.Clientset, namespace string, role *v1beta1.Role) {
rolesClient := clientset.RbacV1beta1().Roles(namespace)
deletePolicy := v1.DeletePropagationForeground
deleteOptions := v1.DeleteOptions{
PropagationPolicy: &deletePolicy,
}
err := rolesClient.Delete(role.GetName(), &deleteOptions)
if err != nil {
log.Fatal(err)
}
fmt.Printf("Deleted role: %s\n\n", role.Name)
}
func createPfRoleBinding(clientset *kubernetes.Clientset, namespace, roleBindingName string) (*v1beta1.RoleBinding, error) {
var roleBinding *v1beta1.RoleBinding
// build the rolebinding defination we want to create
roleBindingSpec := &v1beta1.RoleBinding{
ObjectMeta: v1.ObjectMeta{
Name: roleBindingName,
Namespace: namespace,
Labels: map[string]string{
"app": "demo",
},
},
Subjects: []v1beta1.Subject{
{
Kind: "ServiceAccount",
APIGroup: "",
Name: "preflight-check-subject",
Namespace: namespace,
},
},
RoleRef: v1beta1.RoleRef{
APIGroup: "",
Kind: "Role",
Name: "preflight-check-roleref",
},
}
// now create the roleBinding in kubernetes cluster using the clientset
if err := retryOnError(func() (err error) {
roleBinding, err = clientset.RbacV1beta1().RoleBindings(namespace).Create(roleBindingSpec)
return err
}); err != nil {
fmt.Println(err)
return nil, err
}
fmt.Printf("Created RoleBinding: %s\n", roleBindingSpec.Name)
return roleBinding, nil
}
func deleteRoleBinding(clientset *kubernetes.Clientset, namespace string, roleBinding *v1beta1.RoleBinding) {
roleBindingClient := clientset.RbacV1beta1().RoleBindings(namespace)
deletePolicy := v1.DeletePropagationForeground
deleteOptions := v1.DeleteOptions{
PropagationPolicy: &deletePolicy,
}
err := roleBindingClient.Delete(roleBinding.GetName(), &deleteOptions)
if err != nil {
log.Fatal(err)
}
fmt.Printf("Deleted RoleBinding: %s\n\n", roleBinding.Name)
}
func createPfServiceAccount(clientset *kubernetes.Clientset, namespace, serviceAccountName string) (*apiv1.ServiceAccount, error) {
var serviceAccount *apiv1.ServiceAccount
// build the serviceAccount defination we want to create
serviceAccountSpec := &apiv1.ServiceAccount{
ObjectMeta: v1.ObjectMeta{
Name: "preflight-check-test-serviceaccount",
Namespace: namespace,
Labels: map[string]string{
"app": "demo",
},
},
}
// now create the serviceAccount in kubernetes cluster using the clientset
if err := retryOnError(func() (err error) {
serviceAccount, err = clientset.CoreV1().ServiceAccounts(namespace).Create(serviceAccountSpec)
return err
}); err != nil {
fmt.Println(err)
return nil, err
}
fmt.Printf("Created Service Account: %s\n", serviceAccountSpec.Name)
return serviceAccount, nil
}
func deleteServiceAccount(clientset *kubernetes.Clientset, namespace string, serviceAccount *apiv1.ServiceAccount) {
serviceAccountClient := clientset.CoreV1().ServiceAccounts(namespace)
deletePolicy := v1.DeletePropagationForeground
deleteOptions := v1.DeleteOptions{
PropagationPolicy: &deletePolicy,
}
err := serviceAccountClient.Delete(serviceAccount.GetName(), &deleteOptions)
if err != nil {
log.Fatal(err)
}
fmt.Printf("Deleted ServiceAccount: %s\n\n", serviceAccount.Name)
}

43
pkg/preflight/preflight_utils_test.go Normal file
View File

@@ -0,0 +1,43 @@
package preflight
import (
"fmt"
"testing"
)
func Test_initiateK8sOps(t *testing.T) {
t.Skip()
type args struct {
opr string
namespace string
}
tests := []struct {
name string
args args
wantErr bool
}{
{
name: "valid case",
args: args{
opr: fmt.Sprintf("version"),
namespace: "test-ns",
},
wantErr: false,
},
{
name: "invalid case",
args: args{
opr: fmt.Sprintf("versions"),
namespace: "test-ns",
},
wantErr: true,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if err := initiateK8sOps(tt.args.opr, tt.args.namespace); (err != nil) != tt.wantErr {
t.Errorf("initiateK8sOps() error = %v, wantErr %v", err, tt.wantErr)
}
})
}
}

151
pkg/preflight/role_check.go
View File

@@ -2,78 +2,63 @@ package preflight
import (
"fmt"
"path"
"path/filepath"
"strings"
"github.com/pkg/errors"
"github.com/mitchellh/go-homedir"
"github.com/qlik-oss/k-apis/pkg/cr"
"github.com/qlik-oss/sense-installer/pkg/api"
qapi "github.com/qlik-oss/sense-installer/pkg/api"
"github.com/qlik-oss/sense-installer/pkg/qliksense"
)
func (qp *QliksensePreflight) CheckCreateRole(namespace string, cleanup bool) error {
func (qp *QliksensePreflight) CheckCreateRole(namespace string) error {
// create a Role
if !cleanup {
fmt.Print("Preflight role check... ")
qp.CG.LogVerboseMessage("\n--------------------- \n")
}
err := qp.checkCreateEntity(namespace, "Role", cleanup)
fmt.Printf("Preflight role check: \n")
err := qp.checkCreateEntity(namespace, "Role")
if err != nil {
return err
}
if !cleanup {
qp.CG.LogVerboseMessage("Completed preflight role check\n")
}
fmt.Println("Completed preflight role check")
return nil
}
func (qp *QliksensePreflight) CheckCreateRoleBinding(namespace string, cleanup bool) error {
func (qp *QliksensePreflight) CheckCreateRoleBinding(namespace string) error {
// create a RoleBinding
if !cleanup {
fmt.Print("Preflight rolebinding check... ")
qp.CG.LogVerboseMessage("\n---------------------------- \n")
}
err := qp.checkCreateEntity(namespace, "RoleBinding", cleanup)
fmt.Printf("Preflight rolebinding check: \n")
err := qp.checkCreateEntity(namespace, "RoleBinding")
if err != nil {
return err
}
if !cleanup {
qp.CG.LogVerboseMessage("Completed preflight rolebinding check\n")
}
fmt.Println("Completed preflight rolebinding check")
return nil
}
func (qp *QliksensePreflight) CheckCreateServiceAccount(namespace string, cleanup bool) error {
func (qp *QliksensePreflight) CheckCreateServiceAccount(namespace string) error {
// create a service account
if !cleanup {
fmt.Print("Preflight serviceaccount check... ")
qp.CG.LogVerboseMessage("\n------------------------------- \n")
}
err := qp.checkCreateEntity(namespace, "ServiceAccount", cleanup)
fmt.Printf("Preflight serviceaccount check: \n")
err := qp.checkCreateEntity(namespace, "ServiceAccount")
if err != nil {
return err
}
if !cleanup {
qp.CG.LogVerboseMessage("Completed preflight serviceaccount check\n")
}
fmt.Println("Completed preflight serviceaccount check")
return nil
}
func (qp *QliksensePreflight) checkCreateEntity(namespace, entityToTest string, cleanup bool) error {
func (qp *QliksensePreflight) checkCreateEntity(namespace, entityToTest string) error {
qConfig := qapi.NewQConfig(qp.Q.QliksenseHome)
var currentCR *qapi.QliksenseCR
mfroot := ""
kusDir := ""
resultYamlBytes := []byte("")
var err error
currentCR, err = qConfig.GetCurrentCR()
if err != nil {
qp.CG.LogVerboseMessage("Unable to retrieve current CR: %v\n", err)
fmt.Printf("Unable to retrieve current CR: %v\n", err)
return err
}
if currentCR.IsRepoExist() {
mfroot = currentCR.Spec.GetManifestsRoot()
} else if tempDownloadedDir, err := qliksense.DownloadFromGitRepoToTmpDir(qliksense.QLIK_GIT_REPO, "master"); err != nil {
qp.CG.LogVerboseMessage("Unable to Download from git repo to tmp dir: %v\n", err)
fmt.Printf("Unable to Download from git repo to tmp dir: %v\n", err)
return err
} else {
mfroot = tempDownloadedDir
@@ -84,92 +69,80 @@ func (qp *QliksensePreflight) checkCreateEntity(namespace, entityToTest string,
} else {
kusDir = filepath.Join(mfroot, "manifests", currentCR.Spec.Profile)
}
if len(resultYamlBytes) == 0 {
resultYamlBytes, err = qliksense.ExecuteKustomizeBuild(kusDir)
if err != nil {
err := fmt.Errorf("Unable to retrieve manifests from executing kustomize: %s, error: %v", kusDir, err)
return err
}
currentCR.SetName("random")
currentCR.Spec.RotateKeys = "None"
currentCR.Spec.ManifestsRoot = mfroot
userHomeDir, err := homedir.Dir()
if err != nil {
fmt.Printf(`error fetching user's home directory: %v\n`, err)
return err
}
sa := qliksense.GetYamlsFromMultiDoc(string(resultYamlBytes), entityToTest)
cr.GeneratePatches(&currentCR.KApiCr, path.Join(userHomeDir, ".kube", "config"))
resultYamlString, err := qliksense.ExecuteKustomizeBuild(kusDir)
if err != nil {
fmt.Printf("Unable to retrieve manifests from executing kustomize: %v\n", err)
return err
}
sa := qliksense.GetYamlsFromMultiDoc(string(resultYamlString), entityToTest)
if sa != "" {
sa = strings.Replace(sa, "name: qliksense", "name: preflight", -1)
// sa = strings.ReplaceAll(sa, "namespace: default\n", fmt.Sprintf("namespace: %s\n", namespace))
} else {
err = fmt.Errorf(`We were unable to retrieve valid %ss from running "kustomize" in your %s directory.
Please check the value in the "Profile" field of your CR. `, strings.ToLower(entityToTest), kusDir)
err := fmt.Errorf("Unable to retrieve yamls to apply on cluster")
fmt.Println(err)
return err
}
namespace = "" // namespace is handled when generating the manifests
// check if entity already exists in the cluster, if so - delete it
api.KubectlDeleteVerbose(sa, namespace, qp.P.Verbose)
if cleanup {
return nil
}
defer func() {
qp.CG.LogVerboseMessage("Cleaning up resources...\n")
err := api.KubectlDeleteVerbose(sa, namespace, qp.P.Verbose)
fmt.Println("Cleaning up resources")
api.KubectlDelete(sa, namespace)
if err != nil {
qp.CG.LogVerboseMessage("Preflight cleanup failed!\n")
fmt.Println("Preflight cleanup failed!")
}
}()
err = api.KubectlApplyVerbose(sa, namespace, qp.P.Verbose)
err = api.KubectlApply(sa, namespace)
if err != nil {
err := fmt.Errorf("Failed to create entity on the cluster: %v", err)
fmt.Println(err)
return err
}
qp.CG.LogVerboseMessage("Preflight %s check: PASSED\n", entityToTest)
fmt.Printf("Preflight %s check: PASSED\n", entityToTest)
return nil
}
func (qp *QliksensePreflight) CheckCreateRB(namespace string, kubeConfigContents []byte) error {
// create a role
qp.CG.LogVerboseMessage("Preflight createRole check: \n")
qp.CG.LogVerboseMessage("--------------------------- \n")
errStr := strings.Builder{}
err1 := qp.checkCreateEntity(namespace, "Role", false)
if err1 != nil {
errStr.WriteString(err1.Error())
errStr.WriteString("\n")
qp.CG.LogVerboseMessage("%v\n", err1)
qp.CG.LogVerboseMessage("Preflight role check: FAILED\n")
fmt.Printf("Preflight createRole check: \n")
err := qp.checkCreateEntity(namespace, "Role")
if err != nil {
fmt.Println("Preflight role check: FAILED")
}
qp.CG.LogVerboseMessage("Completed preflight role check\n\n")
fmt.Printf("Completed preflight role check\n\n")
// create a roleBinding
qp.CG.LogVerboseMessage("Preflight rolebinding check: \n")
qp.CG.LogVerboseMessage("---------------------------- \n")
err2 := qp.checkCreateEntity(namespace, "RoleBinding", false)
if err2 != nil {
errStr.WriteString(err2.Error())
errStr.WriteString("\n")
qp.CG.LogVerboseMessage("%v\n", err2)
qp.CG.LogVerboseMessage("Preflight rolebinding check: FAILED\n")
fmt.Printf("Preflight rolebinding check: \n")
err = qp.checkCreateEntity(namespace, "RoleBinding")
if err != nil {
fmt.Println("Preflight rolebinding check: FAILED")
}
qp.CG.LogVerboseMessage("Completed preflight rolebinding check\n\n")
fmt.Printf("Completed preflight rolebinding check\n\n")
// create a service account
qp.CG.LogVerboseMessage("Preflight serviceaccount check: \n")
qp.CG.LogVerboseMessage("------------------------------- \n")
err3 := qp.checkCreateEntity(namespace, "ServiceAccount", false)
if err3 != nil {
errStr.WriteString(err3.Error())
errStr.WriteString("\n")
qp.CG.LogVerboseMessage("%v\n", err3)
qp.CG.LogVerboseMessage("Preflight serviceaccount check: FAILED\n")
fmt.Printf("Preflight serviceaccount check: \n")
err = qp.checkCreateEntity(namespace, "ServiceAccount")
if err != nil {
fmt.Println("Preflight serviceaccount check: FAILED")
}
qp.CG.LogVerboseMessage("Completed preflight serviceaccount check\n\n")
fmt.Printf("Completed preflight serviceaccount check\n\n")
if err1 != nil || err2 != nil || err3 != nil {
qp.CG.LogVerboseMessage("Preflight authcheck: FAILED\n")
qp.CG.LogVerboseMessage("Completed preflight authcheck\n")
return errors.New(errStr.String())
}
qp.CG.LogVerboseMessage("Preflight authcheck: PASSED\n")
qp.CG.LogVerboseMessage("Completed preflight authcheck\n")
fmt.Println("Preflight RB check: PASSED")
fmt.Println("Completed preflight CreateRB check")
return nil
}

123
pkg/preflight/verify_ca.go
View File

@@ -1,123 +0,0 @@
package preflight
import (
"crypto/tls"
"crypto/x509"
"encoding/json"
"fmt"
"net/url"
"strings"
qapi "github.com/qlik-oss/sense-installer/pkg/api"
)
func (qp *QliksensePreflight) VerifyCAChain(kubeConfigContents []byte, namespace string, preflightOpts *PreflightOptions, cleanup bool) error {
var currentCR *qapi.QliksenseCR
var err error
qConfig := qapi.NewQConfig(qp.Q.QliksenseHome)
qConfig.SetNamespace(namespace)
fmt.Print("Preflight verify-ca-chain check... ")
qp.CG.LogVerboseMessage("\n----------------------------------- \n")
currentCR, err = qConfig.GetCurrentCR()
if err != nil {
qp.CG.LogVerboseMessage("Unable to retrieve current CR: %v\n", err)
return err
}
decryptedCR, err := qConfig.GetDecryptedCr(currentCR)
if err != nil {
qp.CG.LogVerboseMessage("An error occurred while retrieving mongodbUrl from current CR: %v\n", err)
return err
}
// infer ca certs form CR
caCertificates := strings.TrimSpace(decryptedCR.Spec.GetFromSecrets("qliksense", "caCertificates"))
fmt.Println("Openssl verify mongodbUrl:")
// infer mongodb url from CR
mongodbUrl := strings.TrimSpace(decryptedCR.Spec.GetFromSecrets("qliksense", "mongodbUri"))
qp.CG.LogVerboseMessage("Mongodb url inferred form CR: %s\n", mongodbUrl)
// parse out server and port from mongodb url and execute openssl verify
if err := qp.extractCertAndVerify(mongodbUrl, caCertificates); err != nil {
return err
}
fmt.Printf("\nOpenssl verify discoveryUrl:\n")
// infer idpConfigs form CR
idpConfigs := strings.TrimSpace(decryptedCR.Spec.GetFromSecrets("identity-providers", "idpConfigs"))
data := []map[string]interface{}{}
if err := json.Unmarshal([]byte(idpConfigs), &data); err != nil {
panic(err)
}
var discoveryUrl string
for _, idpData := range data {
discoveryUrl = idpData["discoveryUrl"].(string)
qp.CG.LogVerboseMessage("Discovery url: %s\n", discoveryUrl)
}
if err := qp.extractCertAndVerify(discoveryUrl, caCertificates); err != nil {
return err
}
qp.CG.LogVerboseMessage("Completed preflight verify-ca-chain check\n")
return nil
}
func (qp *QliksensePreflight) extractCertAndVerify(server string, caCertificates string) error {
u, err := url.Parse(server)
if err != nil {
return fmt.Errorf("unable to parse url: %v", err)
}
switch strings.ToLower(u.Scheme) {
case "http":
return fmt.Errorf("http url is not supported for this operation")
case "https":
if u.Port() == "" {
u.Host += ":443"
}
}
qp.CG.LogVerboseMessage("Host: %s, port: %s\n", u.Host, u.Port())
conn, err := tls.Dial("tcp", u.Host, &tls.Config{})
qp.CG.LogVerboseMessage("Host: %s\n", u.Host)
if err != nil {
return fmt.Errorf("failed to connect: " + err.Error())
}
defer conn.Close()
// Get the ConnectionState struct as that's the one which gives us x509.Certificate struct
x509Certificates := conn.ConnectionState().PeerCertificates
var serverCert *x509.Certificate
if len(x509Certificates) == 0 {
return fmt.Errorf("no server certificates retrieved from the server")
}
// we retrieve and verify the server certificate, we ignore intermediate certificates at this point.
for _, x509Cert := range x509Certificates {
if !x509Cert.IsCA {
serverCert = x509Cert
break
}
}
if serverCert == nil {
return fmt.Errorf("no valid server certificates retrieved from the server")
}
roots := x509.NewCertPool()
if ok := roots.AppendCertsFromPEM([]byte(caCertificates)); !ok {
return fmt.Errorf("failed to parse root certificate.")
}
opts := x509.VerifyOptions{
Roots: roots,
DNSName: u.Hostname(),
}
if _, err := serverCert.Verify(opts); err != nil {
return fmt.Errorf("failed to verify certificate: " + err.Error())
}
return nil
}

28
pkg/preflight/version_check.go
View File

@@ -4,49 +4,53 @@ import (
"fmt"
"github.com/Masterminds/semver/v3"
"github.com/qlik-oss/sense-installer/pkg/api"
"k8s.io/apimachinery/pkg/version"
)
func (p *QliksensePreflight) CheckK8sVersion(namespace string, kubeConfigContents []byte) error {
fmt.Print("Preflight kubernetes version check... ")
p.CG.LogVerboseMessage("\n----------------------------------- \n")
func (qp *QliksensePreflight) CheckK8sVersion(namespace string, kubeConfigContents []byte) error {
var currentVersion *semver.Version
clientset, _, err := p.CG.GetK8SClientSet(kubeConfigContents, "")
clientset, _, err := getK8SClientSet(kubeConfigContents, "")
if err != nil {
err = fmt.Errorf("Unable to create clientset: %v\n", err)
return err
}
var serverVersion *version.Info
if err := p.CG.RetryOnError(func() (err error) {
if err := retryOnError(func() (err error) {
serverVersion, err = clientset.ServerVersion()
return err
}); err != nil {
err = fmt.Errorf("Unable to get server version: %v\n", err)
//fmt.Println(err)
return err
}
p.CG.LogVerboseMessage("Kubernetes API Server version: %s\n", serverVersion.String())
fmt.Printf("Kubernetes API Server version: %s\n", serverVersion.String())
// Compare K8s version on the cluster with minimum supported k8s version
currentVersion, err = semver.NewVersion(serverVersion.String())
if err != nil {
err = fmt.Errorf("Unable to convert server version into semver version: %v\n", err)
//fmt.Println(err)
return err
}
api.LogDebugMessage("Current Kubernetes Version: %v\n", currentVersion)
//fmt.Printf("Current K8s Version: %v\n", currentVersion)
minK8sVersionSemver, err := semver.NewVersion(p.GetPreflightConfigObj().GetMinK8sVersion())
minK8sVersionSemver, err := semver.NewVersion(qp.GetPreflightConfigObj().GetMinK8sVersion())
if err != nil {
err = fmt.Errorf("Unable to convert minimum Kubernetes version into semver version:%v\n", err)
fmt.Println(err)
return err
}
if currentVersion.GreaterThan(minK8sVersionSemver) {
p.CG.LogVerboseMessage("Current Kubernetes API Server version %s is greater than or equal to minimum required version: %s\n", currentVersion, minK8sVersionSemver)
//fmt.Printf("\n\nCurrent %s Component version: %s is less than minimum required version:%s\n", component, currentComponentVersion, componentVersionFromDependenciesYaml)
fmt.Printf("Current %s is greater than minimum required version:%s\n", currentVersion, minK8sVersionSemver)
fmt.Println("Preflight minimum kubernetes version check: PASSED")
} else {
err = fmt.Errorf("Current Kubernetes API Server version %s is less than minimum required version: %s", currentVersion, minK8sVersionSemver)
return err
fmt.Printf("Current %s is less than minimum required version:%s\n", currentVersion, minK8sVersionSemver)
fmt.Println("Preflight minimum kubernetes version check: FAILED")
}
fmt.Printf("Completed Preflight kubernetes minimum version check\n")
return nil
}

27
pkg/qliksense/about.go
View File

@@ -23,12 +23,13 @@ type patch struct {
Patch string `yaml:"patch"`
}
type annotationTransformer struct {
type selectivePatch struct {
APIVersion string `yaml:"apiVersion"`
Metadata struct {
Name string `yaml:"name"`
} `yaml:"metadata"`
Annotations map[string]string `json:"annotations,omitempty" yaml:"annotations,omitempty"`
Enabled bool `yaml:"enabled"`
Patches []patch `yaml:"patches"`
}
type helmChart struct {
@@ -72,7 +73,7 @@ func (q *Qliksense) About(gitRef, profile string) (*VersionOutput, error) {
}
func (q *Qliksense) AboutDir(configDirectory, profile string) (*VersionOutput, error) {
if chartVersion, err := getChartVersion(filepath.Join(configDirectory, "manifests", "base", "transformers", "release", "annotations.yaml"), "app.kubernetes.io/version"); err != nil {
if chartVersion, err := getChartVersion(filepath.Join(configDirectory, "transformers", "qseokversion.yaml"), "qliksense"); err != nil {
return nil, err
} else if kuzManifest, err := executeKustomizeBuildWithStdoutProgress(filepath.Join(configDirectory, "manifests", profile)); err != nil {
return nil, err
@@ -193,10 +194,8 @@ func getImageList(yamlContent []byte) ([]string, error) {
})
}
var sortedImageList []string
for image, v := range imageMap {
for image, _ := range imageMap {
sortedImageList = append(sortedImageList, image)
// a warning "simplify range expression" if written like this 'for image _ :=range imageMap'
_ = v
}
sort.Strings(sortedImageList)
return sortedImageList, nil
@@ -222,16 +221,22 @@ func traverseYamlDecodedMapRecursively(val reflect.Value, path []string, visitor
}
}
func getChartVersion(versionFile, versionAnnotation string) (string, error) {
var annTransformer annotationTransformer
func getChartVersion(versionFile, chartName string) (string, error) {
var patchInst patch
var selPatch selectivePatch
var chart helmChart
if bytes, err := ioutil.ReadFile(versionFile); err != nil {
return "", err
} else if err = yaml.Unmarshal(bytes, &annTransformer); err != nil {
} else if err = yaml.Unmarshal(bytes, &selPatch); err != nil {
return "", err
}
if version, ok := annTransformer.Annotations[versionAnnotation]; ok {
return version, nil
for _, patchInst = range selPatch.Patches {
if err := yaml.Unmarshal([]byte(patchInst.Patch), &chart); err == nil {
if chart.ChartName == chartName {
return chart.ChartVersion, nil
}
}
}
return "", nil
}

49
pkg/qliksense/about_test.go
View File

@@ -5,7 +5,6 @@ import (
"io/ioutil"
"os"
"path"
"path/filepath"
"reflect"
"testing"
@@ -235,12 +234,11 @@ func Test_About_getConfigDirectory(t *testing.T) {
verifyAsdBranch := func(configDir string) (ok bool, reason string) {
tmpDir := os.TempDir()
configParentDir := filepath.Dir(configDir)
if (filepath.Clean(filepath.Dir(configParentDir)) != filepath.Clean(tmpDir)) || (filepath.Base(configDir) != "repo") {
if (path.Clean(path.Dir(path.Dir(configDir))) != path.Clean(tmpDir)) || (path.Base(configDir) != "repo") {
return false, fmt.Sprintf("expected config directory path: %v to be under: %v and terminate with repo", configDir, tmpDir)
}
if info, err := os.Stat(filepath.Join(configDir, "asdczxc")); err != nil || !info.Mode().IsRegular() {
if info, err := os.Stat(path.Join(configDir, "asdczxc")); err != nil || !info.Mode().IsRegular() {
return false, fmt.Sprintf(`expected to find file: "asdczxc" under directory: %v`, configDir)
}
return true, ""
@@ -249,16 +247,15 @@ func Test_About_getConfigDirectory(t *testing.T) {
verifyMasterBranch := func(configDir string) (ok bool, reason string) {
tmpDir := os.TempDir()
configParentDir := filepath.Dir(configDir)
if (filepath.Clean(filepath.Dir(configParentDir)) != filepath.Clean(tmpDir)) || (filepath.Base(configDir) != "repo") {
if (path.Clean(path.Dir(path.Dir(configDir))) != path.Clean(tmpDir)) || (path.Base(configDir) != "repo") {
return false, fmt.Sprintf("expected config directory path: %v to be under: %v and terminate with repo", configDir, tmpDir)
}
if _, err := os.Stat(filepath.Join(configDir, "asdczxc")); err == nil || !os.IsNotExist(err) {
if _, err := os.Stat(path.Join(configDir, "asdczxc")); err == nil || !os.IsNotExist(err) {
return false, fmt.Sprintf(`expected to NOT find file: "asdczxc"" under directory: %v`, configDir)
}
if info, err := os.Stat(filepath.Join(configDir, "sad")); err != nil || !info.Mode().IsRegular() {
if info, err := os.Stat(path.Join(configDir, "sad")); err != nil || !info.Mode().IsRegular() {
return false, fmt.Sprintf(`expected to find file: "sad"" under directory: %v`, configDir)
}
return true, ""
@@ -308,7 +305,7 @@ func Test_About_getConfigDirectory(t *testing.T) {
cleanup: func(_ *Qliksense, configDir string) error {
if currentDirectory, err := os.Getwd(); err != nil {
return err
} else if err := os.RemoveAll(filepath.Join(currentDirectory, "manifests")); err != nil {
} else if err := os.RemoveAll(path.Join(currentDirectory, "manifests")); err != nil {
return err
}
return nil
@@ -323,7 +320,7 @@ func Test_About_getConfigDirectory(t *testing.T) {
}
profileEntered = "foo"
defaultProfilePath := filepath.Join(currentDirectory, "manifests", profileEntered)
defaultProfilePath := path.Join(currentDirectory, "manifests", profileEntered)
err = os.MkdirAll(defaultProfilePath, os.ModePerm)
if err != nil {
t.Fatalf("error making path: %v, err: %v\n", defaultProfilePath, err)
@@ -353,7 +350,7 @@ func Test_About_getConfigDirectory(t *testing.T) {
cleanup: func(_ *Qliksense, configDir string) error {
if currentDirectory, err := os.Getwd(); err != nil {
return err
} else if err := os.RemoveAll(filepath.Join(currentDirectory, "manifests")); err != nil {
} else if err := os.RemoveAll(path.Join(currentDirectory, "manifests")); err != nil {
return err
}
return nil
@@ -383,8 +380,8 @@ func Test_About_getConfigDirectory(t *testing.T) {
cleanup: func(_ *Qliksense, configDir string) error {
tmpDir := os.TempDir()
tmpTmpDir := filepath.Dir(configDir)
if filepath.Clean(filepath.Dir(tmpTmpDir)) == filepath.Clean(tmpDir) && filepath.Base(configDir) == "repo" {
if path.Clean(path.Dir(path.Dir(configDir))) == path.Clean(tmpDir) && path.Base(configDir) == "repo" {
tmpTmpDir := path.Dir(configDir)
if err := os.RemoveAll(tmpTmpDir); err != nil {
return err
}
@@ -416,8 +413,8 @@ func Test_About_getConfigDirectory(t *testing.T) {
cleanup: func(_ *Qliksense, configDir string) error {
tmpDir := os.TempDir()
tmpTmpDir := filepath.Dir(configDir)
if filepath.Clean(filepath.Dir(tmpTmpDir)) == filepath.Clean(tmpDir) && filepath.Base(configDir) == "repo" {
if path.Clean(path.Dir(path.Dir(configDir))) == path.Clean(tmpDir) && path.Base(configDir) == "repo" {
tmpTmpDir := path.Dir(configDir)
if err := os.RemoveAll(tmpTmpDir); err != nil {
return err
}
@@ -459,9 +456,8 @@ func Test_About_getConfigDirectory(t *testing.T) {
},
cleanup: func(q *Qliksense, configDir string) error {
tmpDir := os.TempDir()
tmpTmpDir := filepath.Dir(configDir)
if filepath.Clean(filepath.Dir(tmpTmpDir)) == filepath.Clean(tmpDir) && filepath.Base(configDir) == "repo" {
if path.Clean(path.Dir(path.Dir(configDir))) == path.Clean(tmpDir) && path.Base(configDir) == "repo" {
tmpTmpDir := path.Dir(configDir)
if err := os.RemoveAll(tmpTmpDir); err != nil {
return err
}
@@ -506,9 +502,8 @@ func Test_About_getConfigDirectory(t *testing.T) {
},
cleanup: func(q *Qliksense, configDir string) error {
tmpDir := os.TempDir()
tmpTmpDir := filepath.Dir(configDir)
if filepath.Clean(filepath.Dir(tmpTmpDir)) == filepath.Clean(tmpDir) && filepath.Base(configDir) == "repo" {
if path.Clean(path.Dir(path.Dir(configDir))) == path.Clean(tmpDir) && path.Base(configDir) == "repo" {
tmpTmpDir := path.Dir(configDir)
if err := os.RemoveAll(tmpTmpDir); err != nil {
return err
}
@@ -530,16 +525,12 @@ func Test_About_getConfigDirectory(t *testing.T) {
if err := q.SetUpQliksenseDefaultContext(); err != nil {
t.Fatalf("error setting up default context in the tmp dir: %v\n", err)
return nil, "", "", ""
} else if qConfig, err := qapi.NewQConfigE(q.QliksenseHome); err != nil {
t.Fatalf("cannot initiallize qConfig: %v\n", err)
} else if err := q.FetchQK8s("master"); err != nil {
t.Fatalf("error fetching master config to the tmp dir: %v\n", err)
return nil, "", "", ""
} else if !qConfig.IsRepoExistForCurrent("master") {
if err := q.FetchQK8s("master"); err != nil {
t.Fatalf("error fetching master config to the tmp dir: %v\n", err)
return nil, "", "", ""
}
} else {
return q, "no-git-clone-for-you", "", ""
}
return q, "no-git-clone-for-you", "", ""
}
},
verify: func(q *Qliksense, configDir string, isTemporary bool, profile string) (ok bool, reason string, err error) {

41
pkg/qliksense/apply.go
View File

@@ -1,8 +1,43 @@
package qliksense
func (q *Qliksense) ApplyCRFromBytes(crBytes []byte, opts *InstallCommandOptions, overwriteExistingContext bool) error {
if err := q.LoadCr(crBytes, overwriteExistingContext); err != nil {
import (
"io"
qapi "github.com/qlik-oss/sense-installer/pkg/api"
)
func (q *Qliksense) ApplyCRFromReader(r io.Reader, opts *InstallCommandOptions, keepPatchFiles, overwriteExistingContext bool) error {
if err := q.LoadCr(r, overwriteExistingContext); err != nil {
return err
}
return q.InstallQK8s("", opts)
qConfig := qapi.NewQConfig(q.QliksenseHome)
cr, err := qConfig.GetCurrentCR()
if err != nil {
return err
}
if IsQliksenseInstalled(cr.GetName()) {
// it is needed in case want to upgrade from one version to another
if cr.Spec.ManifestsRoot == "" && cr.Spec.Git == nil {
if err := q.FetchQK8s(cr.GetLabelFromCr("version")); err != nil {
return err
}
}
return q.UpgradeQK8s(keepPatchFiles)
}
return q.InstallQK8s(cr.GetLabelFromCr("version"), opts, keepPatchFiles)
}
func IsQliksenseInstalled(crName string) bool {
args := []string{
"get",
"qliksense",
crName,
"-ogo-template",
`--template='{{ .metadata.name}}'`,
}
_, err := qapi.KubectlDirectOps(args, "")
if err != nil {
return false
}
return true
}

69
pkg/qliksense/config.go
View File

@@ -5,23 +5,20 @@ import (
"fmt"
"io/ioutil"
"os"
"os/exec"
"path"
"path/filepath"
"strings"
"github.com/qlik-oss/k-apis/pkg/config"
"github.com/mitchellh/go-homedir"
"gopkg.in/yaml.v2"
"github.com/qlik-oss/k-apis/pkg/cr"
"github.com/qlik-oss/sense-installer/pkg/api"
qapi "github.com/qlik-oss/sense-installer/pkg/api"
"k8s.io/kubectl/pkg/cmd/util/editor"
)
const (
Q_INIT_CRD_PATH = "manifests/base/crds"
Q_INIT_CRD_PATH = "manifests/base/manifests/qliksense-init"
agreementTempalte = `
Please read the agreement at https://www.qlik.com/us/legal/license-terms
Accept the end user license agreement by providing acceptEULA=yes
@@ -42,9 +39,9 @@ func (q *Qliksense) ConfigApplyQK8s() error {
return errors.New(agreementTempalte + "\nPlease do $ qliksense config set-configs qliksense.acceptEULA=yes\n")
}
// create patch dependent resources
fmt.Println("Installing resources used by the kuztomize patch")
if err := q.createK8sResourceBeforePatch(qcr); err != nil {
// create patch dependent resoruces
fmt.Println("Installing resoruces used kuztomize patch")
if err := q.createK8sResoruceBeforePatch(qcr); err != nil {
return err
}
@@ -76,30 +73,27 @@ func (q *Qliksense) configEjson() error {
}
func (q *Qliksense) applyConfigToK8s(qcr *qapi.QliksenseCR) error {
if err := q.configEjson(); err != nil {
return err
if qcr.Spec.RotateKeys != "None" {
if err := q.configEjson(); err != nil {
return err
}
}
userHomeDir, err := homedir.Dir()
if err != nil {
fmt.Printf(`error fetching user's home directory: %v\n`, err)
return err
}
fmt.Println("Manifests root: " + qcr.Spec.GetManifestsRoot())
qcr.SetNamespace(qapi.GetKubectlNamespace())
b, _ := yaml.Marshal(qcr.KApiCr)
fmt.Printf("%v", string(b))
// os.Exit(0)
// generate patches
cr.GeneratePatches(&qcr.KApiCr, config.KeysActionRestoreOrRotate, path.Join(userHomeDir, ".kube", "config"))
cr.GeneratePatches(&qcr.KApiCr, path.Join(userHomeDir, ".kube", "config"))
// apply generated manifests
profilePath := filepath.Join(qcr.Spec.GetManifestsRoot(), qcr.Spec.GetProfileDir())
fmt.Printf("Generating manifests for profile: %v\n", profilePath)
mByte, err := ExecuteKustomizeBuild(profilePath)
if err != nil {
fmt.Printf("error generating manifests: %v\n", err)
fmt.Println("cannot generate manifests for "+profilePath, err)
return err
}
fmt.Println("Applying manifests to the cluster")
if err = qapi.KubectlApply(string(mByte), qcr.GetNamespace()); err != nil {
return err
}
@@ -152,22 +146,18 @@ func (q *Qliksense) getCurrentCrDependentResourceAsString() (string, error) {
var crString strings.Builder
for svcName, v := range qcr.Spec.Secrets {
hasFile := false
for _, item := range v {
if item.ValueFrom != nil && item.ValueFrom.SecretKeyRef != nil {
hasFile = true
break
}
}
if hasFile {
secretFilePath := filepath.Join(q.QliksenseHome, QliksenseContextsDir, qcr.GetName(), QliksenseSecretsDir, svcName+".yaml")
if api.FileExists(secretFilePath) {
secretFile, err := ioutil.ReadFile(secretFilePath)
if err != nil {
return "", err
secretFilePath := filepath.Join(q.QliksenseHome, QliksenseContextsDir, qcr.GetName(), QliksenseSecretsDir, svcName+".yaml")
if api.FileExists(secretFilePath) {
secretFile, err := ioutil.ReadFile(secretFilePath)
if err != nil {
return "", err
}
crString.WriteString("\n---\n")
crString.Write(secretFile)
}
crString.WriteString("\n---\n")
crString.Write(secretFile)
}
}
}
@@ -196,12 +186,13 @@ func (q *Qliksense) EditCR(contextName string) error {
if err := ioutil.WriteFile(tempFile.Name(), crContent, os.ModePerm); err != nil {
return nil
}
currentEditor := editor.NewDefaultEditor([]string{"KUBE_EDITOR", "EDITOR"})
if err = currentEditor.Launch(tempFile.Name()); err != nil {
cmd := exec.Command(getKubeEditorTool(), tempFile.Name())
cmd.Stdin = os.Stdin
cmd.Stdout = os.Stdout
err = cmd.Run()
if err != nil {
return err
}
newCr, err := qapi.GetCRObject(tempFile.Name())
if err != nil {
return errors.New("cannot save the cr. Someting wrong in the file format. It is not saved\n" + err.Error())
@@ -216,3 +207,11 @@ func (q *Qliksense) EditCR(contextName string) error {
}
return nil
}
func getKubeEditorTool() string {
editor := os.Getenv("KUBE_EDITOR")
if editor == "" {
editor = "vim"
}
return editor
}

24
pkg/qliksense/confirmation.go
View File

@@ -1,24 +0,0 @@
package qliksense
import (
"fmt"
"log"
"strings"
)
func AskForConfirmation(s string) bool {
for {
fmt.Printf("%s [y/n]: ", s)
var response string
_, err := fmt.Scanln(&response)
if err != nil {
log.Fatal(err)
}
if strings.EqualFold(response, "y") || strings.EqualFold(response, "yes") {
return true
} else if strings.EqualFold(response, "n") || strings.EqualFold(response, "no") {
return false
}
}
}

271
pkg/qliksense/context_configs.go
View File

@@ -1,9 +1,8 @@
package qliksense
import (
"errors"
"crypto/rsa"
"fmt"
"io"
"github.com/qlik-oss/k-apis/pkg/config"
"github.com/robfig/cron/v3"
@@ -18,9 +17,9 @@ import (
b64 "encoding/base64"
. "github.com/logrusorgru/aurora"
ansi "github.com/mattn/go-colorable"
"github.com/qlik-oss/sense-installer/pkg/api"
"github.com/ttacon/chalk"
_ "gopkg.in/yaml.v2"
v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -34,27 +33,12 @@ const (
MaxContextNameLength = 17
QliksenseSecretsDir = "secrets"
imageRegistryConfigKey = "imageRegistry"
pullSecretName = "artifactory-docker-secret"
qliksenseOperatorImageRepo = "qlik-docker-oss.bintray.io"
qliksenseOperatorImageName = "qliksense-operator"
imageRegistryConfigKey = "imageRegistry"
pullSecretName = "artifactory-docker-secret"
)
func (q *Qliksense) SetSecretsFromReader(arg string, reader io.Reader, createSecret, base64Encoded bool) error {
//take only name from the arguments, value should be from reader
argName := strings.SplitN(arg, "=", 1)
if len(argName) != 1 {
return errors.New("can only have one argument from pipe")
}
valueBytes, err := ioutil.ReadAll(reader)
if err != nil {
return err
}
return q.SetSecrets([]string{argName[0] + "=" + string(valueBytes)}, createSecret, base64Encoded)
}
// SetSecrets - set-secrets <key>=<value> commands
func (q *Qliksense) SetSecrets(args []string, isSecretSet bool, base64Encoded bool) error {
func (q *Qliksense) SetSecrets(args []string, isSecretSet bool) error {
qConfig := api.NewQConfig(q.QliksenseHome)
qliksenseCR, err := qConfig.GetCurrentCR()
if err != nil {
@@ -62,18 +46,18 @@ func (q *Qliksense) SetSecrets(args []string, isSecretSet bool, base64Encoded bo
}
// Metadata name in qliksense CR is the name of the current context
api.LogDebugMessage("Current context: %s\n", qliksenseCR.GetName())
encryptionKey, err := qConfig.GetEncryptionKeyForCurrent()
api.LogDebugMessage("Current context: %s", qliksenseCR.GetName())
rsaPublicKey, _, err := qConfig.GetCurrentContextEncryptionKeyPair()
if err != nil {
return err
}
resultArgs, err := api.ProcessConfigArgs(args, base64Encoded)
resultArgs, err := api.ProcessConfigArgs(args)
if err != nil {
return err
}
for _, ra := range resultArgs {
api.LogDebugMessage("value args to be encrypted: %s\n", ra.Value)
if err := q.processSecret(ra, encryptionKey, qliksenseCR, isSecretSet); err != nil {
api.LogDebugMessage("value args to be encrypted: %s", ra.Value)
if err := q.processSecret(ra, rsaPublicKey, qliksenseCR, isSecretSet); err != nil {
return err
}
}
@@ -81,11 +65,14 @@ func (q *Qliksense) SetSecrets(args []string, isSecretSet bool, base64Encoded bo
return qConfig.WriteCR(qliksenseCR)
}
func (q *Qliksense) processSecret(ra *api.ServiceKeyValue, encryptionKey string, qliksenseCR *api.QliksenseCR, isSecretSet bool) error {
cipherText, e2 := api.EncryptData([]byte(ra.Value), encryptionKey)
func (q *Qliksense) processSecret(ra *api.ServiceKeyValue, rsaPublicKey *rsa.PublicKey, qliksenseCR *api.QliksenseCR, isSecretSet bool) error {
// encrypt value with RSA key pair
valueBytes := []byte(ra.Value)
cipherText, e2 := api.Encrypt(valueBytes, rsaPublicKey)
if e2 != nil {
return e2
}
base64EncodedSecret := b64.StdEncoding.EncodeToString(cipherText)
secretName := ""
if isSecretSet {
secretFolder := qliksenseCR.GetK8sSecretsFolder(q.QliksenseHome)
@@ -117,8 +104,7 @@ func (q *Qliksense) processSecret(ra *api.ServiceKeyValue, encryptionKey string,
if k8sSecret.Data == nil {
k8sSecret.Data = map[string][]byte{}
}
// v1.Secret does enconding, so no need to encode again
k8sSecret.Data[ra.Key] = []byte(cipherText)
k8sSecret.Data[ra.Key] = []byte(base64EncodedSecret)
// Write secret to file
k8sSecretBytes, err := api.K8sSecretToYaml(k8sSecret)
@@ -131,28 +117,18 @@ func (q *Qliksense) processSecret(ra *api.ServiceKeyValue, encryptionKey string,
return err
}
api.LogDebugMessage("Created a Kubernetes secret")
// Prepare args to update CR in the next step
base64EncodedSecret = ""
}
base64EncodedSecret := b64.StdEncoding.EncodeToString([]byte(cipherText))
// write into CR the keyref of the secret
qliksenseCR.Spec.AddToSecrets(ra.SvcName, ra.Key, base64EncodedSecret, secretName)
return nil
}
func (q *Qliksense) SetConfigFromReader(arg string, reader io.Reader, base64Encoded bool) error {
//take only name from the arguments, value should be from reader
argName := strings.SplitN(arg, "=", 1)
if len(argName) != 1 {
return errors.New("can only have one argument from pipe")
}
valueBytes, err := ioutil.ReadAll(reader)
if err != nil {
return err
}
return q.SetConfigs([]string{argName[0] + "=" + string(valueBytes)}, base64Encoded)
}
// SetConfigs - set-configs <key>=<value> commands
func (q *Qliksense) SetConfigs(args []string, base64Encoded bool) error {
func (q *Qliksense) SetConfigs(args []string) error {
// retieve current context from config.yaml
qConfig := api.NewQConfig(q.QliksenseHome)
qliksenseCR, err := qConfig.GetCurrentCR()
@@ -160,7 +136,7 @@ func (q *Qliksense) SetConfigs(args []string, base64Encoded bool) error {
return err
}
resultArgs, err := api.ProcessConfigArgs(args, base64Encoded)
resultArgs, err := api.ProcessConfigArgs(args)
if err != nil {
return err
}
@@ -176,6 +152,53 @@ func caseInsenstiveFieldByName(v reflect.Value, name string) reflect.Value {
return v.FieldByNameFunc(func(n string) bool { return strings.ToLower(n) == name })
}
func validateCR(key string, keySub string, value string, crSpec *api.QliksenseCR) (bool, *api.QliksenseCR) {
cr := reflect.ValueOf(crSpec.Spec)
keyValid := caseInsenstiveFieldByName(reflect.Indirect(cr), key)
if !keyValid.IsValid() {
//not in main spec
fmt.Println(key, "is an invalid key")
return false, crSpec
} else if keySub == "" {
if key == "rotatekeys" {
if _, err := validateInput(value); err != nil {
return false, crSpec
}
}
}
// checks if it is git or gitops
if keySub != "" {
if !keyValid.IsNil() {
if !caseInsenstiveFieldByName(reflect.Indirect(keyValid), keySub).IsValid() {
fmt.Println(keySub, "is an invalid key")
return false, crSpec
} else {
// verify gitops enabled and gitops schedule
switch keySub {
case "schedule":
if _, err := cron.ParseStandard(value); err != nil {
fmt.Println("Please enter string with standard cron scheduling syntax ")
return false, crSpec
}
case "enabled":
if !strings.EqualFold(value, "yes") && !strings.EqualFold(value, "no") {
fmt.Println("Please use yes or no for key enabled")
return false, crSpec
}
}
}
} else {
switch key {
case "gitops":
crSpec.Spec.GitOps = &config.GitOps{}
case "git":
crSpec.Spec.Git = &config.Repo{}
}
}
}
return true, crSpec
}
// SetOtherConfigs - set profile/storageclassname/git.repository/manifestRoot commands
func (q *Qliksense) SetOtherConfigs(args []string) error {
// retieve current context from config.yaml
@@ -193,96 +216,43 @@ func (q *Qliksense) SetOtherConfigs(args []string) error {
}
for _, arg := range args {
if strings.HasPrefix(arg, "git.") {
if err := q.processSetGit(arg, qliksenseCR); err != nil {
return err
}
} else if strings.HasPrefix(arg, "opsRunner.") {
if err := q.processSetOpsRunner(arg, qliksenseCR); err != nil {
return err
argsString := strings.Split(arg, "=")
key := strings.ToLower(argsString[0])
value := argsString[1]
// check if key is for git or gitops (sub objects)
keySplit := strings.Split(key, ".")
key = keySplit[0]
keySub := ""
if len(keySplit) == 2 {
keySub = strings.ToLower(keySplit[1])
}
valid := true
valid, qliksenseCR = validateCR(key, keySub, value, qliksenseCR)
field := caseInsenstiveFieldByName(reflect.Indirect(reflect.ValueOf(qliksenseCR.Spec)), key)
if !valid {
err := fmt.Errorf("Please enter one of: profile, storageClassName,rotateKeys, manifestRoot, git.repository or gitops arguments to configure the current context")
return err
} else if strings.EqualFold("", keySub) {
// set spec for everything excluding git and gitops
if field.CanSet() {
field.SetString(value)
}
} else {
if err := processSetSingleArg(arg, qliksenseCR); err != nil {
return err
// set spec for git or gitops
subField := caseInsenstiveFieldByName(reflect.Indirect(field), keySub)
if subField.CanSet() {
subField.SetString(value)
}
}
fmt.Println(Green("Successfully added to Custom Resource Spec"))
}
fmt.Println(chalk.Green.Color("Successfully added to Custom Resource Spec"))
}
// write modified content into context.yaml
return qConfig.WriteCR(qliksenseCR)
}
func processSetSingleArg(arg string, cr *api.QliksenseCR) error {
nv := strings.Split(arg, "=")
switch nv[0] {
case "manifestsRoot":
cr.Spec.ManifestsRoot = nv[1]
case "profile":
cr.Spec.Profile = nv[1]
case "storageClassName":
cr.Spec.StorageClassName = nv[1]
default:
return errors.New("Please enter one of: profile, storageClassName, manifestRoot, git to configure the current context")
}
return nil
}
func (q *Qliksense) processSetGit(arg string, cr *api.QliksenseCR) error {
s := strings.Split(arg, "=")
tArg0 := strings.TrimSpace(s[0])
tArg1 := strings.TrimSpace(s[1])
subs := strings.Split(tArg0, ".")
if cr.Spec.Git == nil {
cr.Spec.Git = &config.Repo{}
}
switch subs[1] {
case "repository":
cr.Spec.Git.Repository = tArg1
case "accessToken":
qConfig := api.NewQConfig(q.QliksenseHome)
key, err := qConfig.GetEncryptionKeyFor(cr.GetName())
if err != nil {
return err
}
return cr.SetFetchAccessToken(tArg1, key)
case "secretName":
cr.Spec.Git.SecretName = tArg1
case "userName":
cr.Spec.Git.UserName = tArg1
default:
return errors.New(arg + " does not match any cr spec")
}
return nil
}
func (q *Qliksense) processSetOpsRunner(arg string, cr *api.QliksenseCR) error {
args := strings.Split(arg, "=")
subs := strings.Split(args[0], ".")
if cr.Spec.OpsRunner == nil {
cr.Spec.OpsRunner = &config.OpsRunner{}
}
switch subs[1] {
case "enabled":
if args[1] != "yes" && args[1] != "no" {
return errors.New("Please use yes or no for key enabled")
}
cr.Spec.OpsRunner.Enabled = args[1]
case "schedule":
if _, err := cron.ParseStandard(args[1]); err != nil {
return errors.New("Please enter string with standard cron scheduling syntax ")
}
cr.Spec.OpsRunner.Schedule = args[1]
case "watchBranch":
cr.Spec.OpsRunner.WatchBranch = args[1]
case "image":
cr.Spec.OpsRunner.Image = args[1]
default:
return errors.New(arg + " does not match any cr spec")
}
return nil
}
// SetContextConfig - set the context for qliksense kubernetes resources to live in
func (q *Qliksense) SetContextConfig(args []string) error {
if len(args) == 1 {
@@ -307,7 +277,7 @@ func (q *Qliksense) ListContextConfigs() error {
}
out := ansi.NewColorableStdout()
w := tabwriter.NewWriter(out, 5, 8, 0, '\t', 0)
fmt.Fprintln(w, Underline("Context Name"), "\t", Underline("CR File Location"))
fmt.Fprintln(w, chalk.Underline.TextStyle("Context Name"), "\t", chalk.Underline.TextStyle("CR File Location"))
w.Flush()
if len(qliksenseConfig.Spec.Contexts) > 0 {
for _, cont := range qliksenseConfig.Spec.Contexts {
@@ -315,14 +285,14 @@ func (q *Qliksense) ListContextConfigs() error {
}
w.Flush()
fmt.Fprintln(out, "")
fmt.Fprintln(out, Bold("Current Context : "), qliksenseConfig.Spec.CurrentContext)
fmt.Fprintln(out, chalk.Bold.TextStyle("Current Context : "), qliksenseConfig.Spec.CurrentContext)
} else {
fmt.Fprintln(out, "No Contexts Available")
}
return nil
}
func (q *Qliksense) DeleteContextConfig(args []string, flag bool) error {
func (q *Qliksense) DeleteContextConfig(args []string) error {
if len(args) == 1 {
qliksenseConfigFile := filepath.Join(q.QliksenseHome, QliksenseConfigFile)
var qliksenseConfig api.QliksenseConfig
@@ -330,11 +300,11 @@ func (q *Qliksense) DeleteContextConfig(args []string, flag bool) error {
out := ansi.NewColorableStdout()
switch args[0] {
case qliksenseConfig.Spec.CurrentContext:
fmt.Fprintln(out, Yellow("Please switch contexts to be able to delete this context."))
err := fmt.Errorf(Red("Cannot delete current context - %s").String(), White(Bold(qliksenseConfig.Spec.CurrentContext)))
fmt.Fprintln(out, chalk.Yellow.Color("Please switch contexts to be able to delete this context."))
err := fmt.Errorf(chalk.Red.Color("Cannot delete current context - %s"), chalk.White.Color(chalk.Bold.TextStyle(qliksenseConfig.Spec.CurrentContext)))
return err
case DefaultQliksenseContext:
err := fmt.Errorf(Red("Cannot delete default qliksense context").String())
err := fmt.Errorf(chalk.Red.Color("Cannot delete default qliksense context"))
return err
default:
qliksenseContextsDir1 := filepath.Join(q.QliksenseHome, QliksenseContextsDir)
@@ -364,19 +334,11 @@ func (q *Qliksense) DeleteContextConfig(args []string, flag bool) error {
}
newLength := len(qliksenseConfig.Spec.Contexts)
if currentLength != newLength {
ans := flag
if ans == false {
ans = AskForConfirmation("Are You Sure? ")
}
if ans == true {
api.WriteToFile(&qliksenseConfig, qliksenseConfigFile)
fmt.Fprintln(out, Yellow(Underline("Warning: Active resources may still be running in-cluster")))
fmt.Fprintln(out, Green("Successfully deleted context: "), Bold(args[0]))
} else {
return nil
}
api.WriteToFile(&qliksenseConfig, qliksenseConfigFile)
fmt.Fprintln(out, chalk.Yellow.Color(chalk.Underline.TextStyle("Warning: Active resources may still be running in-cluster")))
fmt.Fprintln(out, chalk.Green.Color("Successfully deleted context: "), chalk.Bold.TextStyle(args[0]))
} else {
err := fmt.Errorf(Red("Context not found").String())
err := fmt.Errorf(chalk.Red.Color("Context not found"))
return err
}
}
@@ -438,8 +400,8 @@ func (q *Qliksense) SetUpQliksenseContext(contextName string) error {
return err
}
// set the encrypted default mongo for the context in current CR
return q.SetSecrets([]string{fmt.Sprintf("qliksense.mongodbUri=mongodb://%s-mongodb:27017/qliksense?ssl=false", contextName)}, false, false)
// set the encrypted default mongo
return q.SetSecrets([]string{`qliksense.mongoDbUri="mongodb://qlik-default-mongodb:27017/qliksense?ssl=false"`}, false)
}
func validateInput(input string) (string, error) {
@@ -460,8 +422,7 @@ func validateInput(input string) (string, error) {
return input, err
}
// PrepareK8sSecret targetFile contains base64 encoded value of encrypted value.
// this method decodes and decrypts the secret value in the secret.yaml file and returns a B64encoded string
// PrepareK8sSecret decodes and decrypts the secret value in the secret.yaml file and returns a B64encoded string
func (q *Qliksense) PrepareK8sSecret(targetFile string) (string, error) {
// check if targetFile exists
if !api.FileExists(targetFile) {
@@ -470,7 +431,7 @@ func (q *Qliksense) PrepareK8sSecret(targetFile string) (string, error) {
return "", err
}
qConfig := api.NewQConfig(q.QliksenseHome)
encryptionKey, err := qConfig.GetEncryptionKeyForCurrent()
_, rsaPrivateKey, err := qConfig.GetCurrentContextEncryptionKeyPair()
if err != nil {
return "", err
}
@@ -488,13 +449,17 @@ func (q *Qliksense) PrepareK8sSecret(targetFile string) (string, error) {
dataMap := k8sSecret1.Data
var resultMap = make(map[string][]byte)
for k, v := range dataMap {
//k8s secrets has already base64 decoed value
decryptedString, err := api.DecryptData(v, encryptionKey)
ba, err := b64.StdEncoding.DecodeString(string(v))
if err != nil {
err := fmt.Errorf("Not able to decode message: %v", err)
return "", err
}
decryptedString, err := api.Decrypt(ba, rsaPrivateKey)
if err != nil {
err := fmt.Errorf("Not able to decrypt message: %v", err)
return "", err
}
resultMap[k] = []byte(decryptedString)
resultMap[k] = decryptedString
}
// putting the above map back into the k8sSecret struct

197
pkg/qliksense/context_configs_test.go
View File

@@ -29,41 +29,125 @@ const (
var targetFileStringTemplate = `
apiVersion: v1
data:
mongodbUri: %s
mongoDbUri: %s
kind: Secret
metadata:
name: testctx-qliksense-senseinstaller
type: Opaque
`
var encText = "SFpVZ2t5SGsrN2lLQjlTYm9rbFUxSDFRcmVYdUxhTW9MUHlQOGtGditxMEcwZTlIZDl1dVRrV0tEYm5qUURSWFp3dStuNklueGk3anI2c1djSVdsbWlKTHdWQUJwdUg0a1NXd3llMUlMa2oxK3FRSFlMM2dQUExvN1pBYkVDeDROMUVvam12M0t0NmQwbkdhSXlWWEpmWWJUVVFDM1Y4L0ZTVXBVN0JUb0l4OVZWdmlPam5HTHk4RlF2a3RUaHJxWTUvZEh2N3pVUmhiOTc2Q2YwbEovZ3I2L2NwRk9RMUFXVXdodVhrTG9lYjVzNFdtTEZzNldqT3k0bWlKM1J6VllLaWVUSFJ2SE85eDB6dUthanRwSGEzWEZkaE5QNnpySVJJNTRFalUyblVYYUNlYXVnWnZEOUxjdWluOFhFcjExbkFINURCUDAycXhoZk5BejVoMlV2eFNWVmR0aW1QTDBhMVBJTUxGQTgyWUkrQkFOQkhkSUNnZGU5SkxIRFBoTzR6c0llaE1LRmhVQkNoOUhQa3kyRnhTeDJ3YWp3M1UycEsvcFJVZUxDazRUbkhmL25LN3h5ekdpV3dSUFFFZHdsWE5JbUhjVlVPV3gvNWh4WlJCUTZtb3pGYk1HbXR1Mkh5Z3RVV2gzNFYzd1BhS01TNFRsa0hyODFjRjVCWVpxenBFK1pKWnVyLy8zbzJsU0tFMjMxTG1pcGk1K0FqbXZvUVcyWHBocjFNVWJQY1pXUkJFRkkyQXBCM0FhQXFPa0k1MkRqNG43Mko5bCtaMzdydTk1aHk5K1lzY0FxMjZVbExYRlc0S3RUUkRLSjlMNnVmdlIrUUNudER3em5UTFRHUnEwZU5COWt6S0Q4MFlUdXozeHNXK3cxdjlHbDJaMnBZMTZWTCtEV1k9"
var decText = "mongodb://qlik-default-mongodb:27017/qliksense?ssl=false"
func setupTargetFileAndPrivateKey() (string, string, error) {
func setupTargetFileAndPrivateKey() ([]byte, []byte, string, error) {
targetFileString := fmt.Sprintf(targetFileStringTemplate, encText)
privKeyBytes := []byte(`-----BEGIN RSA PRIVATE KEY-----
MIIJJwIBAAKCAgEApFf3qCQhAr2QLRRZdhLyB8exLjrQiXLr8hwDe0xHSLJX3w7v
5z4ujJWrHUulQ2/hvS8uffxMVrp2YqeA4sjy/ku1KqZVQv/WNTdL2v9Z1ewbRnBj
DQvmkWDKZ+cP8VPdHGzQ4iM2z6BZ4RQTkdQMKqsVwUsLO9amI2TOny/M696eFRW0
pk4+W3QZZRawT0HqJPvKKXKqoO2+62W54rOV8glJi29Do06e4S6CZUl1hBUy0VlL
trLlRSOHTois0dF2a9f7+GGgU11MHO6w1k1NesSlfZ0vnrrkW8WFLqewk+Jj+w1x
eQnYHOeHjx6zi9f9DC96eSylSB3iJ71NmXcMc0IEZ2LiQIqTL83BLOgMBCsK3FSl
GMakQUR2GJ+M0I/selYkRMhid6eOmhlsTNMPbpcTHxZ+ReIzS+5B1X0FZ7RIL+jS
L9mFcxmD3dxurrrt/DkLpXcuWdi1s1bpVn3jIQhU0+bgA6hT0k8Kj2f3Q9QnvkHS
Eff+XyLvLwQeSsSAcnM+1I7fNSPEo2cq0au6ZtjHcirXmMminAQ6cKW1XrEvJBef
HHibtjJjIM4bHH7MKRA5H3km/J4CCwI1VogSTcE05Z6ypAFU2TCrnec9c9VXkRDP
94h0GuoG8sdhmQudqvghr/8T7CV+sGRQbdeqrXwanfnGPrjcMVIO/dSOxOUCAwEA
AQKCAgA5b2TmJnpC8u0IVCxPz582iNurRHLNFpTPMGsnFCl1hp6fHiFJt7mc+FGt
E1rWjqtd6rdc4Gfth40IPXIV0BTcOqk+FpOFrtO2FXU1PDixQqrlmzGCxb324NTc
KyyvMpf77yuxXI0zUt8WgmW0eV8nKlOYEhoC96lohTqQ96uuY0bsJ4HS/VVdsN2P
Lra/fFHQSw8EHUb0pyIqMoscZ5bn18cUK/Z/hGKSYCbCL0Iavy3bbFHBsBPgbeJD
2BBN4953Iiy1Sak2eUy4b9LtkmaZmVAc7mpOFxLn38gD3icgB+bZPoGBw6b7sw71
Pc2R+hI9x/oNj0TUR11adhZApBJ9RhBbnSCUt8OUt9U5prNj+9qs8cHJGywtz1da
ZT1M6mn2MFSsaOyOlJPzGUzSf4AhI7HiouDpLHtHDqLmc8Vv4rZUqrcFw6kZTCY5
564yE8hh/UimOgQr7467/hADHZ0kBsupFEDWRqQ3qTIikHmGhTYZehDrSGL/3BMG
rvsFdv0krUHyW4FfHqPN09jfP3LTqd5vVbzRhxcGsoGmP/1kXIDtO8Cp1s/K6Mse
tInRCRla8ttZ3CZZ+Vf8HLi/n8XSRfbnMGYi7lVVxnp6kNsTEBgosbdU/r1zbMRJ
8mMMHygyugaRLHmOD/8fkWLfyR88cxPH8u9NufTfvJgiFpZboQKCAQEA0uSU6IGZ
pXIVZdmDWt4mxpS5T2UYarw3V9z/Isd3kkUU5YrC2XrvPRwmx5Jh9GXl9WENYJAR
wH7PaJT0HpBwpxJa1RqHHDSka7DnDcy44oRXyM7e2AmcW8QvcDty/0HPo4oZq4IT
m/+ot1R+bIpmJOweGRhVauzxJEUlQyt+kiH/ad8GiOS6LwqFPq42alnUxPQ106wF
EZZ2WQdzkyV6tF9aMG18AT1fJsGwNjCLRxJ52t/aEUP5mYwlL2UTT5Acn8KbtrTO
fFLAxGuB9LDdT1tGgIpzsXmxAaaeuPvSK4TDFdQyLAUdQJdz0GD9j9ciMPQH3UPe
Vjt6qtpfY6QK2wKCAQEAx36Vys5BlQI0TG6qORI0fiOYpLG1GqmdbCNRgBUsMj5T
LFe7uSd4qnDvGmns4MdkSSOlpF17bQiWhWKbjKRQpT0U/46zcIT4pWyajXJe+i9H
M/DpSRkMq2kGkx6KX2u9L66QBzcxJjtS17amdSpDAfsrvJgOWkxxInzw9n1u6aTe
ZjRDXdVX0KjPebEPOaoJToxne21Od3t+47TnDsQPsO1dvvrXX76IfH8cAlD5+0C/
b2YvDqWDmh9ICjKShwuDWgi4KjCV5PMHCIxH0FQ2L6mSbwIb9YgGin3wjN3KbWqz
dgEu7MeDxEwxZSSg4OstYVLQVgM39G/2ZA4YVJEbPwKCAQAo9FjymhBzb6c2Izp+
D/wpvkIKaBCI0cpRlso5P9E5p466UOsr/tKs5GWnhgbdxlgVAebuJKw93KJ8pciO
kvA9kbPwBHnOgW6Ytz73kBUrcBX4GixueddSftPTkMfxSB+Bm9UGWHlkZw6lo5P1
kh7p9qyVpQMZg7AEoiTtWWn4CQAn2DbVqM17Syi7Fmvc1VsbcG1vkM1fMAAFpAvO
vI2Kr6W9F9XoC7oJtb15mI3DnJPrbGNVzQSQzAWAoblRTyQv5kQFBDHBNPTYcCRJ
l3sy6P/VAI4dHgvAzVGvjL+w0dRszct8fvXCUGceRWeYYmfyZ8GLN53a0ywsN8Ik
gHvXAoIBACee5HEa9bt6bJihgf1DuFk1CKPtB2L8PN+1RAKEMfrolexAoG/tfvGa
7GH6l6ks8KX2BnfWeST2h66GHw6Xs8ydjQYUeV7nidqQ70EYbfSSXznZpvt1liaU
/VFKx4CcDT7jFIfaVlCZh6KADB9I/XXvRIh4SqF0fSO0XMcXsmeE7watapPAQ2iV
nl804yk4tBB9oi/JTcQ9Kr5et2UfW15wRiYf+5ZwaPsQ46cyHfPgsCSXztDB3plF
jTE5ShC4IKZJBQqcC6kk+0ifU8P0da6RpxuU96iUE3h9+sB/bCy+/FV7dq5gEbNy
znygAbOqAaFKqUXr7bkGY5ELm5lwGFECggEACcyaF9mMqLGghR55ew+cMmdeYdK3
meMLi5nrgtbQpVLlz+IV7Vdmrv7lZjeTr4nvU/5miU+p+If14CCFBiSucGq3Kmyp
OSM5cNCjDhw8uIDfY2qWCrZ2NSMR3qaAoBAQyQ2ER1IL98TDF/Qui0ZatbPiM4Ns
GErhkBZh3MCDSt24yiVKcUB79BxatWB4K7h7y8wqpX4Rj7rpfJMF7wz/I1cgyuCE
7XFpRwj7F1B2MmXnvV3KAgAD0EqrJDLeM0vIlDhpOUEaFUkuqmQyeB8qQkWfyXbD
jzloS3cNq0MBijB8oixwD2b4dVhBM7z8vQMX6OntN+97luWgO8OIukoYAg==
-----END RSA PRIVATE KEY-----
`)
secretKeyLocation := filepath.Join(testDir, secrets, contexts, qlikDefaultContext, secrets)
if err := os.MkdirAll(secretKeyLocation, 0777); err != nil {
publicKeyBytes := []byte(`-----BEGIN RSA PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApFf3qCQhAr2QLRRZdhLy
B8exLjrQiXLr8hwDe0xHSLJX3w7v5z4ujJWrHUulQ2/hvS8uffxMVrp2YqeA4sjy
/ku1KqZVQv/WNTdL2v9Z1ewbRnBjDQvmkWDKZ+cP8VPdHGzQ4iM2z6BZ4RQTkdQM
KqsVwUsLO9amI2TOny/M696eFRW0pk4+W3QZZRawT0HqJPvKKXKqoO2+62W54rOV
8glJi29Do06e4S6CZUl1hBUy0VlLtrLlRSOHTois0dF2a9f7+GGgU11MHO6w1k1N
esSlfZ0vnrrkW8WFLqewk+Jj+w1xeQnYHOeHjx6zi9f9DC96eSylSB3iJ71NmXcM
c0IEZ2LiQIqTL83BLOgMBCsK3FSlGMakQUR2GJ+M0I/selYkRMhid6eOmhlsTNMP
bpcTHxZ+ReIzS+5B1X0FZ7RIL+jSL9mFcxmD3dxurrrt/DkLpXcuWdi1s1bpVn3j
IQhU0+bgA6hT0k8Kj2f3Q9QnvkHSEff+XyLvLwQeSsSAcnM+1I7fNSPEo2cq0au6
ZtjHcirXmMminAQ6cKW1XrEvJBefHHibtjJjIM4bHH7MKRA5H3km/J4CCwI1VogS
TcE05Z6ypAFU2TCrnec9c9VXkRDP94h0GuoG8sdhmQudqvghr/8T7CV+sGRQbdeq
rXwanfnGPrjcMVIO/dSOxOUCAwEAAQ==
-----END RSA PUBLIC KEY-----
`)
targetFile := filepath.Join(testDir, "targetfile.yaml")
// tests/config.yaml exists
err := ioutil.WriteFile(targetFile, []byte(targetFileString), 0777)
if err != nil {
log.Printf("Error while creating file: %v", err)
return nil, nil, "", err
}
secretKeyPairDir := filepath.Join(testDir, secrets, contexts, qlikDefaultContext, secrets)
if err := os.MkdirAll(secretKeyPairDir, 0777); err != nil {
err = fmt.Errorf("Not able to create directories")
log.Fatal(err)
}
os.Setenv("QLIKSENSE_KEY_LOCATION", secretKeyLocation)
os.Setenv("QLIKSENSE_KEY_LOCATION", secretKeyPairDir)
//privKeyFile := filepath.Join(secretKeyLocation, "user_secret_key")
key, err := api.LoadSecretKey(secretKeyLocation)
if key == "" {
key, err = api.GenerateAndStoreSecretKey(secretKeyLocation)
}
encData, _ := api.EncryptData([]byte(decText), key)
encText := b64.StdEncoding.EncodeToString(encData)
targetFileString := fmt.Sprintf(targetFileStringTemplate, encText)
targetFile := filepath.Join(testDir, "targetfile.yaml")
// tests/config.yaml exists
err = ioutil.WriteFile(targetFile, []byte(targetFileString), 0777)
privKeyFile := filepath.Join(secretKeyPairDir, "qliksensePriv")
// construct and write priv key file into secretsDir location
err = ioutil.WriteFile(privKeyFile, privKeyBytes, 0777)
if err != nil {
log.Printf("Error while creating file: %v", err)
return "", "", err
return nil, nil, "", err
}
pubKeyFile := filepath.Join(secretKeyPairDir, "qliksensePub")
api.LogDebugMessage("Test setup - \npub key path: %s\n, priv key path: %s\n", pubKeyFile, privKeyFile)
// construct and write pub key file into secretsDir location
err = ioutil.WriteFile(pubKeyFile, publicKeyBytes, 0777)
if err != nil {
log.Printf("Error while creating file: %v", err)
return nil, nil, "", err
}
return publicKeyBytes, privKeyBytes, targetFile, nil
}
return targetFile, key, err
func removePrivateKey() {
err := os.Remove(filepath.Join(testDir, secrets, contexts, qlikDefaultContext, secrets, "qliksensePriv"))
if err != nil {
log.Fatalf("Could not delete private key %v", err)
}
return
}
func setup() func() {
@@ -96,6 +180,7 @@ metadata:
name: qlik-default
spec:
profile: docker-desktop
rotateKeys: "yes"
releaseName: qlik-default
`
qlikDefaultContext := "qlik-default"
@@ -243,7 +328,7 @@ func TestSetOtherConfigs(t *testing.T) {
q: &Qliksense{
QliksenseHome: testDir,
},
args: []string{"profile=minikube", "storageClassName=efs", "opsRunner.enabled=yes", "opsRunner.schedule=30 * * * *", "git.repository=master", "git.userName=foo", "git.accessToken=1234"},
args: []string{"profile=minikube", "rotateKeys=yes", "storageClassName=efs", "gitops.enabled=yes", "gitops.schedule=30 * * * *", "git.repository=master", "git.username=foo", "git.accesstoken=1234"},
},
wantErr: false,
},
@@ -253,7 +338,7 @@ func TestSetOtherConfigs(t *testing.T) {
q: &Qliksense{
QliksenseHome: testDir,
},
args: []string{"someconfig=somevalue, opsRunner.schedule=bar", "opsRunner.enabled=bar", "git.foo=bar"},
args: []string{"someconfig=somevalue, gitops.schedule=bar", "gitops.enabled=bar", "git.foo=bar", "rotatekeys=bar"},
},
wantErr: true,
},
@@ -295,7 +380,7 @@ func TestSetConfigs(t *testing.T) {
q: &Qliksense{
QliksenseHome: testDir,
},
args: []string{"qliksense.acceptEULA=\"yes\"", "qliksense.mongodbUri=\"mongo://mongo:3307\""},
args: []string{"qliksense.acceptEULA=\"yes\"", "qliksense.mongoDbUri=\"mongo://mongo:3307\""},
},
wantErr: false,
},
@@ -304,7 +389,7 @@ func TestSetConfigs(t *testing.T) {
defer tearDown()
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if err := tt.args.q.SetConfigs(tt.args.args, false); (err != nil) != tt.wantErr {
if err := tt.args.q.SetConfigs(tt.args.args); (err != nil) != tt.wantErr {
t.Errorf("SetConfigs() error = %v, wantErr %v", err, tt.wantErr)
}
})
@@ -423,14 +508,9 @@ spec:
})
}
}
func removePrivateKey() {
err := os.Remove(filepath.Join(testDir, secrets, contexts, qlikDefaultContext, secrets, "user_secret_key"))
if err != nil {
log.Fatalf("Could not delete private key %v", err)
}
return
}
func Test_PrepareK8sSecret(t *testing.T) {
type fields struct {
QliksenseHome string
}
@@ -450,7 +530,7 @@ func Test_PrepareK8sSecret(t *testing.T) {
wantErr: false,
setup: func() (string, func()) {
tearDown := setup()
targetFile, _, _ := setupTargetFileAndPrivateKey()
_, _, targetFile, _ := setupTargetFileAndPrivateKey()
return targetFile, tearDown
},
},
@@ -463,7 +543,7 @@ func Test_PrepareK8sSecret(t *testing.T) {
wantErr: true,
setup: func() (string, func()) {
tearDown := setup()
targetFile, _, _ := setupTargetFileAndPrivateKey()
_, _, targetFile, _ := setupTargetFileAndPrivateKey()
removePrivateKey()
return targetFile, tearDown
},
@@ -477,7 +557,8 @@ func Test_PrepareK8sSecret(t *testing.T) {
wantErr: true,
setup: func() (string, func()) {
tearDown := setup()
setupTargetFileAndPrivateKey()
_, _, _, _ = setupTargetFileAndPrivateKey()
removePrivateKey()
return "", tearDown
},
},
@@ -557,7 +638,6 @@ func Test_SetSecrets(t *testing.T) {
type args struct {
args []string
isSecretSet bool
base64 bool
}
tests := []struct {
name string
@@ -571,30 +651,18 @@ func Test_SetSecrets(t *testing.T) {
QliksenseHome: testDir,
},
args: args{
args: []string{"qliksense.mongodbUri=\"mongodb://qlik-default-mongodb:27017/qliksense?ssl=false\""},
args: []string{"qliksense.mongoDbUri=\"mongodb://qlik-default-mongodb:27017/qliksense?ssl=false\""},
isSecretSet: false,
},
wantErr: false,
},
{
name: "valid secret secrets=false base64 encoded",
fields: fields{
QliksenseHome: testDir,
},
args: args{
args: []string{"qliksense.mongodbUri=bW9uZ29kYjovL3FsaWstZGVmYXVsdC1tb25nb2RiOjI3MDE3L3FsaWtzZW5zZT9zc2w9ZmFsc2U="},
isSecretSet: false,
base64: true,
},
wantErr: false,
},
{
name: "test1 valid secret secrets=true",
fields: fields{
QliksenseHome: testDir,
},
args: args{
args: []string{"qliksense.mongodbUri=\"mongo://mongo:3307\""},
args: []string{"qliksense.mongoDbUri=\"mongo://mongo:3307\""},
isSecretSet: true,
},
wantErr: false,
@@ -605,7 +673,7 @@ func Test_SetSecrets(t *testing.T) {
QliksenseHome: testDir,
},
args: args{
args: []string{"qliksense.mongodbUri=\"mongodb://qlik-default-mongodb:27017/qliksense?ssl=false\""},
args: []string{"qliksense.mongoDbUri=\"mongodb://qlik-default-mongodb:27017/qliksense?ssl=false\""},
isSecretSet: true,
},
wantErr: false,
@@ -623,17 +691,22 @@ func Test_SetSecrets(t *testing.T) {
},
}
tearDown := setup()
_, encryptionKey, err := setupTargetFileAndPrivateKey()
_, privateKeyBytes, _, err := setupTargetFileAndPrivateKey()
if err != nil {
t.FailNow()
}
defer tearDown()
privKey, err := api.DecodeToPrivateKey(privateKeyBytes)
if err != nil {
t.FailNow()
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
q := &Qliksense{
QliksenseHome: tt.fields.QliksenseHome,
}
if err := q.SetSecrets(tt.args.args, tt.args.isSecretSet, tt.args.base64); (err != nil) != tt.wantErr {
if err := q.SetSecrets(tt.args.args, tt.args.isSecretSet); (err != nil) != tt.wantErr {
t.Errorf("SetSecrets() error = %v, wantErr %v", err, tt.wantErr)
t.FailNow()
}
@@ -644,10 +717,7 @@ func Test_SetSecrets(t *testing.T) {
// extract the value for testing
testValueArr := strings.SplitN(tt.args.args[0], "=", 2)
testValue := strings.ReplaceAll(testValueArr[1], "\"", "")
if tt.args.base64 {
d, _ := b64.StdEncoding.DecodeString(testValue)
testValue = strings.Trim(string(d), "\n ")
}
qliksenseCR, err := readCRFile()
if err != nil {
err = fmt.Errorf("Not able to read from context file: %v", err)
@@ -664,7 +734,13 @@ func Test_SetSecrets(t *testing.T) {
log.Printf("decode error: %v", err)
t.FailNow()
}
decryptedVal, err := api.DecryptData([]byte(valToBeEncrypted), encryptionKey)
decodedValue, err := b64.StdEncoding.DecodeString(valToBeEncrypted)
if err != nil {
err := fmt.Errorf("Error occurred while decoding: %v", err)
log.Printf("decode error: %v", err)
t.FailNow()
}
decryptedVal, err := api.Decrypt(decodedValue, privKey)
if err != nil {
err := fmt.Errorf("Error occurred while testing decryption: %v", err)
log.Printf("No Data in Secret: %v", err)
@@ -705,8 +781,7 @@ func getValueToBeDecodedForSetSecrets(item config.NameValue, qliksenseCR *api.Ql
}
// secret=false
if item.Value != "" {
b, err := b64.RawStdEncoding.DecodeString(item.Value)
return string(b), err
return item.Value, nil
}
err := fmt.Errorf("Both Value and ValueFrom are empty")
return "", err
@@ -743,6 +818,7 @@ metadata:
name: qlik-default
spec:
profile: docker-desktop
rotateKeys: "yes"
releaseName: qlik-default
`
qlikDefaultContext := "qlik-default"
@@ -761,6 +837,7 @@ metadata:
name: qlik1
spec:
profile: docker-desktop
rotateKeys: "yes"
releaseName: qlik1`
contextYaml2 :=
@@ -771,6 +848,7 @@ metadata:
name: qlik2
spec:
profile: docker-desktop
rotateKeys: "yes"
releaseName: qlik2`
contextsDir := filepath.Join(testDir, contexts, "qlik1")
@@ -851,10 +929,9 @@ func TestDeleteContexts(t *testing.T) {
q := New(tt.args.qlikSenseHome)
var arg []string
arg = append(arg, tt.args.contextName)
if err := q.DeleteContextConfig(arg, true); (err != nil) != tt.wantErr {
if err := q.DeleteContextConfig(arg); (err != nil) != tt.wantErr {
t.Errorf("DeleteContext() error = %v, wantErr %v", err, tt.wantErr)
}
})
}

128
pkg/qliksense/context_configs_unset.go
View File

@@ -1,128 +0,0 @@
package qliksense
import (
"fmt"
"strings"
"reflect"
kconfig "github.com/qlik-oss/k-apis/pkg/config"
"github.com/qlik-oss/sense-installer/pkg/api"
)
func (q *Qliksense) UnsetCmd(args []string) error {
return unsetAll(q.QliksenseHome, args)
}
func unsetAll(qHome string, args []string) error {
qConfig := api.NewQConfig(qHome)
qcr, err := qConfig.GetCurrentCR()
if err != nil {
return err
}
// either delete all args or none
for _, arg := range args {
isRemoved := false
// delete if key present
if !strings.Contains(arg, ".") {
if isRemoved = unsetOnlyKey(arg, qcr); isRemoved {
//continue to the next arg
continue
} else if isRemoved = unsetServiceName(arg, qcr); isRemoved {
//continue to the next arg
continue
} else {
return fmt.Errorf("%s not found in the context", arg)
}
}
// delete key inside configs if present
// delete key inside secrets if present
if isRemoved = unsetServiceKey(arg, qcr); isRemoved {
//return qConfig.WriteCR(qcr)
continue
}
if isRemoved = unsetTopAttrKey(arg, qcr); !isRemoved {
return fmt.Errorf("%s not found in the context", arg)
}
}
return qConfig.WriteCR(qcr)
}
func unsetOnlyKey(key string, qcr *api.QliksenseCR) bool {
v := reflect.ValueOf(qcr.Spec).Elem().FieldByName(strings.Title(key))
if v.IsValid() && v.CanSet() {
v.Set(reflect.Zero(v.Type()))
return true
}
return false
}
func unsetServiceName(svc string, qcr *api.QliksenseCR) bool {
if qcr.Spec.Configs != nil && qcr.Spec.Configs[svc] != nil {
delete(qcr.Spec.Configs, svc)
return true
}
if qcr.Spec.Secrets != nil && qcr.Spec.Secrets[svc] != nil {
delete(qcr.Spec.Secrets, svc)
return true
}
return false
}
func unsetServiceKey(svcKey string, qcr *api.QliksenseCR) bool {
sk := strings.Split(svcKey, ".")
svc := sk[0]
key := sk[1]
if qcr.Spec.Configs != nil && qcr.Spec.Configs[svc] != nil {
index := findIndex(key, qcr.Spec.Configs[svc])
if index > -1 {
qcr.Spec.Configs[svc][index] = qcr.Spec.Configs[svc][len(qcr.Spec.Configs[svc])-1]
qcr.Spec.Configs[svc] = qcr.Spec.Configs[svc][:len(qcr.Spec.Configs[svc])-1]
if len(qcr.Spec.Configs[svc]) == 0 {
delete(qcr.Spec.Configs, svc)
}
return true
}
}
if qcr.Spec.Secrets != nil && qcr.Spec.Secrets[svc] != nil {
index := findIndex(key, qcr.Spec.Secrets[svc])
if index > -1 {
qcr.Spec.Secrets[svc][index] = qcr.Spec.Secrets[svc][len(qcr.Spec.Secrets[svc])-1]
qcr.Spec.Secrets[svc] = qcr.Spec.Secrets[svc][:len(qcr.Spec.Secrets[svc])-1]
if len(qcr.Spec.Secrets[svc]) == 0 {
delete(qcr.Spec.Secrets, svc)
}
return true
}
}
return false
}
func unsetTopAttrKey(attKey string, qcr *api.QliksenseCR) bool {
sk := strings.Split(attKey, ".")
attStruct := sk[0]
key := sk[1]
attV := reflect.ValueOf(qcr.Spec).Elem().FieldByName(strings.Title(attStruct))
if !attV.IsValid() || attV.IsZero() || attV.IsNil() {
return false
}
v := attV.Elem().FieldByName(strings.Title(key))
if v.IsValid() && v.CanSet() {
v.Set(reflect.Zero(v.Type()))
return true
}
return false
}
func findIndex(elem string, nvs kconfig.NameValues) int {
for i, nv := range nvs {
if nv.Name == elem {
return i
}
}
return -1
}

107
pkg/qliksense/context_configs_unset_test.go
View File

@@ -1,107 +0,0 @@
package qliksense
import (
"fmt"
"io/ioutil"
"os"
"path/filepath"
"testing"
"github.com/qlik-oss/sense-installer/pkg/api"
_ "gopkg.in/yaml.v2"
)
func TestUnsetAll(t *testing.T) {
qHome, _ := ioutil.TempDir("", "")
testPepareDir(qHome)
defer os.RemoveAll(qHome)
//fmt.Print(qHome)
args := []string{"qliksense", "qliksense2.acceptEula3", "serviceA.acceptEula", "opsRunner.watchBranch"}
//args := []string{"opsRunner"}
//args := []string{"opsRunner.watchBranch"}
if err := unsetAll(qHome, args); err != nil {
t.Log("error during unset", err)
t.FailNow()
}
qc := api.NewQConfig(qHome)
qcr, err := qc.GetCurrentCR()
if err != nil {
t.Log("error while getting current cr", err)
t.FailNow()
}
if qcr.Spec.Configs["qliksense"] != nil {
t.Log("qliksense in configs not deleted")
t.Fail()
}
if len(qcr.Spec.Configs["qliksense2"]) != 1 {
t.Log("qliksense2.acceptEula3 not deleted")
t.Fail()
}
if qcr.Spec.Configs["serviceA"] != nil {
t.Log("serviceA not deleted")
t.Fail()
}
if qcr.Spec.OpsRunner == nil {
t.Log("opsRunner not deleted")
t.Fail()
}
if qcr.Spec.OpsRunner.WatchBranch != "" {
t.Log("opsRunner.watchBranch not deleted")
t.Fail()
}
}
func testPepareDir(qHome string) {
config :=
`
apiVersion: config.qlik.com/v1
kind: QliksenseConfig
metadata:
name: qliksenseConfig
spec:
contexts:
- name: qlik-default
crFile: contexts/qlik-default/qlik-default.yaml
currentContext: qlik-default
`
configFile := filepath.Join(qHome, "config.yaml")
// tests/config.yaml exists
ioutil.WriteFile(configFile, []byte(config), 0777)
contextYaml :=
`
apiVersion: qlik.com/v1
kind: Qliksense
metadata:
name: qlik-default
spec:
profile: docker-desktop
opsRunner:
enabled: "yes"
watchBranch: something
configs:
qliksense:
- name: acceptEula
value: some
qliksense2:
- name: acceptEula2
value: some
- name: acceptEula3
value: some
serviceA:
- name: acceptEula
value: some
`
qlikDefaultContext := "qlik-default"
// create contexts/qlik-default/ under tests/
contexts := "contexts"
contextsDir := filepath.Join(qHome, contexts, qlikDefaultContext)
if err := os.MkdirAll(contextsDir, 0777); err != nil {
err = fmt.Errorf("Not able to create directories")
}
contextFile := filepath.Join(contextsDir, qlikDefaultContext+".yaml")
ioutil.WriteFile(contextFile, []byte(contextYaml), 0777)
}

105
pkg/qliksense/crds.go
View File

@@ -2,18 +2,9 @@ package qliksense
import (
"fmt"
"os"
"path/filepath"
"github.com/mitchellh/go-homedir"
qapi "github.com/qlik-oss/sense-installer/pkg/api"
apixv1beta1client "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1beta1"
apierrors "k8s.io/apimachinery/pkg/api/errors"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/tools/clientcmd"
"sigs.k8s.io/kustomize/api/k8sdeps/kunstruct"
"sigs.k8s.io/kustomize/api/resmap"
"sigs.k8s.io/kustomize/api/resource"
)
type CrdCommandOptions struct {
@@ -28,11 +19,11 @@ func (q *Qliksense) ViewCrds(opts *CrdCommandOptions) error {
fmt.Println("cannot get the current-context cr", err)
return err
}
engineCRD, err := getQliksenseInitCrds(qcr)
engineCRD, err := getQliksenseInitCrd(qcr)
if err != nil {
return err
}
customCrd, err := getCustomCrds(qcr)
customCrd, err := getCustomCrd(qcr)
if err != nil {
return nil
}
@@ -59,12 +50,12 @@ func (q *Qliksense) InstallCrds(opts *CrdCommandOptions) error {
return err
}
if engineCRD, err := getQliksenseInitCrds(qcr); err != nil {
if engineCRD, err := getQliksenseInitCrd(qcr); err != nil {
return err
} else if err = qapi.KubectlApply(engineCRD, ""); err != nil {
return err
}
if customCrd, err := getCustomCrds(qcr); err != nil {
if customCrd, err := getCustomCrd(qcr); err != nil {
return err
} else if customCrd != "" {
if err = qapi.KubectlApply(customCrd, ""); err != nil {
@@ -81,7 +72,7 @@ func (q *Qliksense) InstallCrds(opts *CrdCommandOptions) error {
return nil
}
func getQliksenseInitCrds(qcr *qapi.QliksenseCR) (string, error) {
func getQliksenseInitCrd(qcr *qapi.QliksenseCR) (string, error) {
var repoPath string
var err error
@@ -93,15 +84,7 @@ func getQliksenseInitCrds(qcr *qapi.QliksenseCR) (string, error) {
}
}
qInitMsPath := filepath.Join(repoPath, "manifests", qcr.Spec.Profile, "crds")
if _, err := os.Lstat(qInitMsPath); err != nil {
qInitMsPath = filepath.Join(repoPath, Q_INIT_CRD_PATH)
if _, err := os.Lstat(qInitMsPath); err != nil {
// older version of qliksense-init used
qInitMsPath = filepath.Join(repoPath, "manifests/base/manifests/qliksense-init")
}
}
qInitMsPath := filepath.Join(repoPath, Q_INIT_CRD_PATH)
qInitByte, err := ExecuteKustomizeBuild(qInitMsPath)
if err != nil {
fmt.Println("cannot generate crds for qliksense-init", err)
@@ -110,7 +93,7 @@ func getQliksenseInitCrds(qcr *qapi.QliksenseCR) (string, error) {
return string(qInitByte), nil
}
func getCustomCrds(qcr *qapi.QliksenseCR) (string, error) {
func getCustomCrd(qcr *qapi.QliksenseCR) (string, error) {
crdPath := qcr.GetCustomCrdsPath()
if crdPath == "" {
return "", nil
@@ -122,77 +105,3 @@ func getCustomCrds(qcr *qapi.QliksenseCR) (string, error) {
}
return string(qInitByte), nil
}
func (q *Qliksense) CheckAllCrdsInstalled() (bool, error) {
qConfig := qapi.NewQConfig(q.QliksenseHome)
qcr, err := qConfig.GetCurrentCR()
if err != nil {
return false, err
}
customResourceDefinitionInterface, err := getCustomResourceDefinitionInterface()
if err != nil {
return false, err
}
if engineCRDs, err := getQliksenseInitCrds(qcr); err != nil {
return false, err
} else if allInstalled, err := checkCrdsInstalled(engineCRDs, customResourceDefinitionInterface); err != nil {
return false, err
} else if !allInstalled {
return false, nil
}
if customCrds, err := getCustomCrds(qcr); err != nil {
return false, err
} else if allInstalled, err := checkCrdsInstalled(customCrds, customResourceDefinitionInterface); err != nil {
return false, err
} else if !allInstalled {
return false, nil
}
if allInstalled, err := checkCrdsInstalled(q.GetOperatorCRDString(), customResourceDefinitionInterface); err != nil {
return false, err
} else if !allInstalled {
return false, nil
}
return true, nil
}
func checkCrdsInstalled(crds string, customResourceDefinitionInterface apixv1beta1client.CustomResourceDefinitionInterface) (bool, error) {
kuzResourceFactory := resmap.NewFactory(resource.NewFactory(kunstruct.NewKunstructuredFactoryImpl()), nil)
if kuzResMap, err := kuzResourceFactory.NewResMapFromBytes([]byte(crds)); err != nil {
return false, err
} else {
for _, kuzRes := range kuzResMap.Resources() {
if customResourceDefinition, err := customResourceDefinitionInterface.Get(kuzRes.GetName(), v1.GetOptions{}); err != nil && apierrors.IsNotFound(err) {
return false, nil
} else if err != nil {
return false, err
} else if customResourceDefinition == nil {
return false, fmt.Errorf("failed looking up crd: %v", kuzRes.GetName())
}
}
return true, nil
}
}
func getCustomResourceDefinitionInterface() (apixv1beta1client.CustomResourceDefinitionInterface, error) {
homeDir, err := homedir.Dir()
if err != nil {
return nil, err
}
kubeconfigPath := filepath.Join(homeDir, ".kube", "config")
k8sRestConfig, err := clientcmd.BuildConfigFromFlags("", kubeconfigPath)
if err != nil {
return nil, err
}
apixClient, err := apixv1beta1client.NewForConfig(k8sRestConfig)
if err != nil {
return nil, err
}
return apixClient.CustomResourceDefinitions(), nil
}

98
pkg/qliksense/crds_test.go
View File

@@ -1,18 +1,8 @@
package qliksense
import (
"io/ioutil"
"os"
"testing"
apixv1beta1client "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1beta1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"sigs.k8s.io/kustomize/api/k8sdeps/kunstruct"
"sigs.k8s.io/kustomize/api/resmap"
"sigs.k8s.io/kustomize/api/resource"
"github.com/gobuffalo/packr/v2"
kapi_config "github.com/qlik-oss/k-apis/pkg/config"
qapi "github.com/qlik-oss/sense-installer/pkg/api"
)
@@ -23,7 +13,7 @@ func TestGetQliksenseInitCrd(t *testing.T) {
t.Fatalf("unexpected error: %v", err)
}
crdFromContextConfig, err := getQliksenseInitCrds(&qapi.QliksenseCR{
crdFromContextConfig, err := getQliksenseInitCrd(&qapi.QliksenseCR{
KApiCr: kapi_config.KApiCr{
Spec: &kapi_config.CRSpec{
ManifestsRoot: someTmpRepoPath,
@@ -34,7 +24,7 @@ func TestGetQliksenseInitCrd(t *testing.T) {
t.Fatalf("unexpected error: %v", err)
}
crdFromDownloadedConfig, err := getQliksenseInitCrds(&qapi.QliksenseCR{
crdFromDownloadedConfig, err := getQliksenseInitCrd(&qapi.QliksenseCR{
KApiCr: kapi_config.KApiCr{
Spec: &kapi_config.CRSpec{
ManifestsRoot: "",
@@ -49,87 +39,3 @@ func TestGetQliksenseInitCrd(t *testing.T) {
t.Fatalf("expected %v to equal %v, but they didn't", crdFromContextConfig, crdFromDownloadedConfig)
}
}
func TestCheckAllCrdsInstalled(t *testing.T) {
t.Skip("Skipping this test because it makes kubernetes calls")
tmpQlikSenseHome, err := ioutil.TempDir("", "tmp-qlik-sense-home-")
if err != nil {
t.Fatalf("unexpected error creating tmp dir: %v", err)
}
defer os.RemoveAll(tmpQlikSenseHome)
setupQliksenseTestDefaultContext(t, tmpQlikSenseHome, `
apiVersion: qlik.com/v1
kind: Qliksense
metadata:
name: qlik-default
spec:
profile: docker-desktop
`)
q := &Qliksense{
QliksenseHome: tmpQlikSenseHome,
CrdBox: packr.New("crds", "./crds"),
}
if err := q.FetchQK8s("v1.50.3"); err != nil {
t.Fatalf("unexpected error: %v", err)
}
if allInstalled, err := q.CheckAllCrdsInstalled(); err != nil {
t.Fatalf("unexpected error: %v", err)
} else if allInstalled {
t.Fatal("expected crds to NOT be installed at this point")
}
if err := q.InstallCrds(&CrdCommandOptions{All: true}); err != nil {
t.Fatalf("unexpected error: %v", err)
} else if allInstalled, err := q.CheckAllCrdsInstalled(); err != nil {
t.Fatalf("unexpected error: %v", err)
} else if !allInstalled {
t.Fatal("expected crds to BE installed at this point")
}
//cleanup:
qConfig := qapi.NewQConfig(q.QliksenseHome)
qcr, err := qConfig.GetCurrentCR()
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
customResourceDefinitionInterface, err := getCustomResourceDefinitionInterface()
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
if engineCRDs, err := getQliksenseInitCrds(qcr); err != nil {
t.Fatalf("unexpected error: %v", err)
} else if err := deleteCrds(engineCRDs, customResourceDefinitionInterface); err != nil {
t.Fatalf("unexpected error: %v", err)
}
if customCrd, err := getCustomCrds(qcr); err != nil {
t.Fatalf("unexpected error: %v", err)
} else if err := deleteCrds(customCrd, customResourceDefinitionInterface); err != nil {
t.Fatalf("unexpected error: %v", err)
}
if err := deleteCrds(q.GetOperatorCRDString(), customResourceDefinitionInterface); err != nil {
t.Fatalf("unexpected error: %v", err)
}
}
func deleteCrds(crds string, customResourceDefinitionInterface apixv1beta1client.CustomResourceDefinitionInterface) error {
kuzResourceFactory := resmap.NewFactory(resource.NewFactory(kunstruct.NewKunstructuredFactoryImpl()), nil)
if kuzResMap, err := kuzResourceFactory.NewResMapFromBytes([]byte(crds)); err != nil {
return err
} else {
for _, kuzRes := range kuzResMap.Resources() {
if err := customResourceDefinitionInterface.Delete(kuzRes.GetName(), &v1.DeleteOptions{}); err != nil {
return err
}
}
return nil
}
}

62
pkg/qliksense/docker.go
View File

@@ -30,19 +30,22 @@ const (
func (q *Qliksense) PullImages(version, profile string) error {
qConfig := qapi.NewQConfig(q.QliksenseHome)
if version != "" {
if err := q.FetchQK8s(version); err != nil {
return err
}
}
qcr, err := qConfig.GetCurrentCR()
if err != nil {
return err
}
if !qcr.IsRepoExist() {
if err := fetchAndUpdateCR(qConfig, version); err != nil {
return err
}
return errors.New("ManifestsRoot not found")
}
if profile != "" {
qcr.Spec.Profile = profile
if err := qConfig.WriteCR(qcr); err != nil {
return err
if e := qConfig.WriteCR(qcr); e != nil {
return e
}
}
return q.PullImagesForCurrentCR()
@@ -70,7 +73,7 @@ func (q *Qliksense) PullImagesForCurrentCR() error {
}
images := versionOut.Images
if err := q.appendAdditionalImages(&images, qcr); err != nil {
if err := q.appendOperatorImages(&images); err != nil {
return err
}
@@ -90,19 +93,6 @@ func (q *Qliksense) PullImagesForCurrentCR() error {
return nil
}
func (q *Qliksense) appendOpsRunnerImage(images *[]string, qcr *qapi.QliksenseCR) {
if qcr.Spec.OpsRunner != nil && qcr.Spec.OpsRunner.Image != "" {
*images = append(*images, qcr.Spec.OpsRunner.Image)
}
}
func (q *Qliksense) appendPreflightImages(images *[]string) {
pf := qapi.NewPreflightConfig(q.QliksenseHome)
for _, preflightImage := range pf.GetImageMap() {
*images = append(*images, preflightImage)
}
}
func (q *Qliksense) appendOperatorImages(images *[]string) error {
if operatorImages, err := getImageList([]byte(q.GetOperatorControllerString())); err != nil {
return err
@@ -150,15 +140,13 @@ func pullImage(image, imagesDir string) error {
return nil
}
// TagAndPushImages ...
func (q *Qliksense) PushImagesForCurrentCR() error {
qConfig := qapi.NewQConfig(q.QliksenseHome)
qcr, err := qConfig.GetCurrentCR()
if err != nil {
return err
} else if err := ensureImageRegistrySetInCR(qcr); err != nil {
return err
}
version := qcr.GetLabelFromCr("version")
profile := qcr.Spec.Profile
repoDir := qcr.Spec.ManifestsRoot
@@ -167,7 +155,7 @@ func (q *Qliksense) PushImagesForCurrentCR() error {
if err != nil {
if os.IsNotExist(err) {
dockerConfigJsonSecret = &qapi.DockerConfigJsonSecret{
Uri: qcr.Spec.GetImageRegistry(),
Uri: qcr.GetImageRegistry(),
}
} else {
return err
@@ -185,7 +173,7 @@ func (q *Qliksense) PushImagesForCurrentCR() error {
}
images := versionOut.Images
if err := q.appendAdditionalImages(&images, qcr); err != nil {
if err := q.appendOperatorImages(&images); err != nil {
return err
}
@@ -206,15 +194,6 @@ func (q *Qliksense) PushImagesForCurrentCR() error {
return nil
}
func (q *Qliksense) appendAdditionalImages(images *[]string, qcr *qapi.QliksenseCR) error {
if err := q.appendOperatorImages(images); err != nil {
return err
}
q.appendOpsRunnerImage(images, qcr)
q.appendPreflightImages(images)
return nil
}
func pushImage(image, imagesDir string, dockerConfigJsonSecret *qapi.DockerConfigJsonSecret) error {
imageNameParts := getImageNameParts(image)
srcDir := filepath.Join(imagesDir, imageIndexDirName, imageNameParts.name, imageNameParts.tag)
@@ -342,20 +321,3 @@ func (q *Qliksense) writeVersionOutput(versionOut *VersionOutput, imagesDir, ver
}
return nil
}
func validatePullPushFlagsOnInstall(cr *qapi.QliksenseCR, pull, push bool) error {
if pull && !push {
fmt.Printf("WARNING: pulling images without pushing them\n")
}
if push {
return ensureImageRegistrySetInCR(cr)
}
return nil
}
func ensureImageRegistrySetInCR(cr *qapi.QliksenseCR) error {
if registry := cr.Spec.GetImageRegistry(); registry == "" {
return errors.New("no image registry set in the CR; to set it use: qliksense config set-image-registry")
}
return nil
}

138
pkg/qliksense/docker_test.go
View File

@@ -68,9 +68,6 @@ const (
)
func Test_Pull_Push_ImagesForCurrentCR(t *testing.T) {
if testing.Short() {
t.Skip("Skipping pull/push tests in short mode")
}
var testCases = []struct {
name string
registryAuth bool
@@ -134,7 +131,7 @@ func Test_Pull_Push_ImagesForCurrentCR(t *testing.T) {
}
q := &Qliksense{
QliksenseHome: tmpQlikSenseHome,
CrdBox: &packr.Box{},
CrdBox: packr.New("crds", "./crds"),
}
var versionOut VersionOutput
@@ -173,88 +170,29 @@ func Test_Pull_Push_ImagesForCurrentCR(t *testing.T) {
}
}
func Test_appendAdditionalImages(t *testing.T) {
tmpQlikSenseHome, err := ioutil.TempDir("", "tmp-qlik-sense-home-")
if err != nil {
t.Fatalf("unexpected error creating tmp dir: %v", err)
}
defer os.RemoveAll(tmpQlikSenseHome)
setupQliksenseTestDefaultContext(t, tmpQlikSenseHome, `
apiVersion: qlik.com/v1
kind: Qliksense
metadata:
name: qlik-default
spec:
opsRunner:
image: some-gitops-image
`)
q := &Qliksense{
QliksenseHome: tmpQlikSenseHome,
CrdBox: packr.New("crds", "./crds"),
}
pf := api.NewPreflightConfig(q.QliksenseHome)
if err := pf.Initialize(); err != nil {
t.Fatalf("unexpected error initializing preflight: %v", err)
}
qConfig := api.NewQConfig(q.QliksenseHome)
qcr, err := qConfig.GetCurrentCR()
if err != nil {
t.Fatalf("unexpected error getting current CR: %v", err)
}
images := make([]string, 0)
if err := q.appendAdditionalImages(&images, qcr); err != nil {
t.Fatalf("unexpected error appending additional images: %v", err)
}
expectedNumberAdditionalImages := 5
if len(images) != expectedNumberAdditionalImages {
t.Fatalf("unexpected number of additional images: %v, expected: %v", len(images), expectedNumberAdditionalImages)
}
haveMatchingImage := func(test func(string) bool) bool {
for _, image := range images {
if test(image) {
return true
}
}
return false
}
if !haveMatchingImage(func(image string) bool {
return strings.Contains(image, "qlik-docker-oss.bintray.io/qliksense-operator:")
}) {
t.Fatal("expected to find the operator image in the list, but it wasn't there")
}
if !haveMatchingImage(func(image string) bool {
return image == "some-gitops-image"
}) {
t.Fatal("expected to find the GitOps image in the list, but it wasn't there")
}
if !haveMatchingImage(func(image string) bool {
return strings.Contains(image, "nginx")
}) {
t.Fatal("expected to find the nginx Preflight image in the list, but it wasn't there")
}
if !haveMatchingImage(func(image string) bool {
return strings.Contains(image, "preflight-netcat")
}) {
t.Fatal("expected to find the netcat Preflight image in the list, but it wasn't there")
}
if !haveMatchingImage(func(image string) bool {
return strings.Contains(image, "qlik-docker-oss.bintray.io/preflight-mongo")
}) {
t.Fatal("expected to find the preflight-mongo image in the list, but it wasn't there")
}
}
func setupQlikSenseHome(t *testing.T, tmpQlikSenseHome string, registry *testRegistryV2, clientAuth clientAuthType) error {
if err := ioutil.WriteFile(path.Join(tmpQlikSenseHome, "config.yaml"), []byte(`
apiVersion: config.qlik.com/v1
kind: QliksenseConfig
metadata:
name: QliksenseConfigMetadata
spec:
contexts:
- name: qlik-default
crFile: contexts/qlik-default/qlik-default.yaml
currentContext: qlik-default
`), os.ModePerm); err != nil {
return err
}
defaultContextDir := path.Join(tmpQlikSenseHome, "contexts", "qlik-default")
if err := os.MkdirAll(defaultContextDir, os.ModePerm); err != nil {
return err
}
version := "foo"
manifestsRootDir := filepath.ToSlash(path.Join(tmpQlikSenseHome, "contexts", "qlik-default", "repo", version))
cr := fmt.Sprintf(`
manifestsRootDir := fmt.Sprintf("%s/repo/%s", defaultContextDir, version)
if err := ioutil.WriteFile(path.Join(defaultContextDir, "qlik-default.yaml"), []byte(fmt.Sprintf(`
apiVersion: qlik.com/v1
kind: Qliksense
metadata:
@@ -268,9 +206,11 @@ spec:
- name: imageRegistry
value: %s
manifestsRoot: %s
rotateKeys: "yes"
releaseName: qlik-default
`, version, registry.url, manifestsRootDir)
setupQliksenseTestDefaultContext(t, tmpQlikSenseHome, cr)
`, version, registry.url, manifestsRootDir)), os.ModePerm); err != nil {
return err
}
if clientAuth == clientAuthProvided || clientAuth == clientAuthProvidedButIncorrect {
if registry.username == "" || clientAuth == clientAuthProvidedButIncorrect {
@@ -314,23 +254,23 @@ spec:
return err
}
transformersDir := path.Join(manifestsRootDir, "manifests", "base", "transformers", "release")
transformersDir := path.Join(manifestsRootDir, "transformers")
if err := os.MkdirAll(transformersDir, os.ModePerm); err != nil {
return err
}
if err := ioutil.WriteFile(path.Join(transformersDir, "annotations.yaml"), []byte(`
apiVersion: builtin
kind: AnnotationsTransformer
if err := ioutil.WriteFile(path.Join(transformersDir, "qseokversion.yaml"), []byte(`
apiVersion: qlik.com/v1
kind: SelectivePatch
metadata:
name: common-annotations
annotations:
app.kubernetes.io/name: qliksense
app.kubernetes.io/instance: $(PREFIX)
app.kubernetes.io/version: 1.21.23
app.kubernetes.io/managed-by: qliksense-operator
fieldSpecs:
- path: metadata/annotations
create: true
name: qseokversion
enabled: true
patches:
- target:
kind: HelmChart
labelSelector: name!=qliksense-init
patch: |-
chartName: qliksense
chartVersion: 1.21.23
`), os.ModePerm); err != nil {
return err
}

134
pkg/qliksense/fetch.go
View File

@@ -1,27 +1,13 @@
package qliksense
import (
"bufio"
"fmt"
"io/ioutil"
"os"
"path"
"strings"
"github.com/go-git/go-git/v5/plumbing/transport"
"github.com/go-git/go-git/v5/plumbing/transport/http"
"github.com/google/uuid"
kapis_git "github.com/qlik-oss/k-apis/pkg/git"
qapi "github.com/qlik-oss/sense-installer/pkg/api"
)
type FetchCommandOptions struct {
GitUrl string
AccessToken string
Version string
SecretName string
Overwrite bool
}
const (
QLIK_GIT_REPO = "https://github.com/qlik-oss/qliksense-k8s"
)
@@ -31,126 +17,24 @@ func (q *Qliksense) FetchQK8s(version string) error {
return fetchAndUpdateCR(qConfig, version)
}
func (q *Qliksense) FetchK8sWithOpts(opts *FetchCommandOptions) error {
qConfig := qapi.NewQConfig(q.QliksenseHome)
cr, err := qConfig.GetCurrentCR()
if err != nil {
return err
}
if opts.AccessToken != "" {
encKey, err := qConfig.GetEncryptionKeyFor(cr.GetName())
if err != nil {
return err
}
if err := cr.SetFetchAccessToken(opts.AccessToken, encKey); err != nil {
return err
}
}
if opts.SecretName != "" {
cr.SetFetchAccessSecretName(opts.SecretName)
}
if opts.GitUrl != "" {
cr.SetFetchUrl(opts.GitUrl)
}
v := getVersion(opts, cr)
if v != "" && qConfig.IsRepoExistForCurrent(v) {
if opts.Overwrite || getVerionsOverwriteConfirmation(v) == "y" {
if err := qConfig.DeleteRepoForCurrent(v); err != nil {
return err
}
} else {
// nothing to do
return nil
}
}
qConfig.WriteCR(cr)
return fetchAndUpdateCR(qConfig, v)
}
// fetchAndUpdateCR fetch
func fetchAndUpdateCR(qConfig *qapi.QliksenseConfig, version string) error {
qcr, err := qConfig.GetCurrentCR()
if err != nil {
fmt.Println("cannot get the current-context cr", err)
return err
}
if version == "" {
if qcr.GetLabelFromCr("version") == "" {
if encKey, err := qConfig.GetEncryptionKeyFor(qcr.GetName()); err != nil {
return err
} else if version, err = getLatestTag(qcr.GetFetchUrl(), qcr.GetFetchAccessToken(encKey)); err != nil {
return err
}
} else {
version = qcr.GetLabelFromCr("version")
}
}
encKey, err := qConfig.GetEncryptionKeyFor(qcr.GetName())
if err != nil {
return err
}
// downlaod to temp first
tempDest, err := fetchToTempDir(qcr.GetFetchUrl(), version, qcr.GetFetchAccessToken(encKey))
if err != nil {
return err
if qConfig.IsRepoExistForCurrent(version) {
return nil
}
destDir := qConfig.BuildRepoPath(version)
fmt.Printf("fetching version [%s] from %s\n", version, qcr.GetFetchUrl())
if err := qapi.CopyDirectory(tempDest, destDir); err != nil {
return nil
fmt.Printf("fetching version [%s] from %s\n", version, QLIK_GIT_REPO)
if repo, err := kapis_git.CloneRepository(destDir, QLIK_GIT_REPO, nil); err != nil {
return err
} else if err = kapis_git.Checkout(repo, version, fmt.Sprintf("%v-by-operator-%v", version, uuid.New().String()), nil); err != nil {
return err
}
qcr.Spec.ManifestsRoot = qConfig.BuildCurrentManifestsRoot(version)
qcr.AddLabelToCr("version", version)
return qConfig.WriteCurrentContextCR(qcr)
}
func fetchToTempDir(gitUrl, gitRef, accessToken string) (string, error) {
tmpDir, err := ioutil.TempDir("", "")
if err != nil {
return "", err
}
downloadPath := path.Join(tmpDir, "repo")
var auth transport.AuthMethod
if accessToken != "" {
auth = &http.BasicAuth{
Username: "something",
Password: accessToken,
}
}
if repo, err := kapis_git.CloneRepository(downloadPath, gitUrl, auth); err != nil {
return "", err
} else if err := kapis_git.Checkout(repo, gitRef, "", auth); err != nil {
return "", err
} else {
return downloadPath, nil
}
}
func getVersion(opts *FetchCommandOptions, qcr *qapi.QliksenseCR) string {
if opts.Version == "" {
if qcr.GetLabelFromCr("version") != "" {
return qcr.GetLabelFromCr("version")
}
}
return opts.Version
}
func getVerionsOverwriteConfirmation(version string) string {
reader := bufio.NewReader(os.Stdin)
fmt.Println("The version [" + version + "] already exists")
cfm := "n"
for {
fmt.Print("Do you want to delete and fetch again [y/N]: ")
cfm, _ = reader.ReadString('\n')
cfm = strings.Replace(cfm, "\n", "", -1)
cfm = strings.TrimSpace(cfm)
if cfm == "" {
cfm = "n"
}
cfm = strings.ToLower(cfm)
if cfm == "y" || cfm == "n" {
break
}
}
return cfm
}

21
pkg/qliksense/fetch_test.go
View File

@@ -16,7 +16,7 @@ func TestFetchAndUpdateCR(t *testing.T) {
}
q.SetUpQliksenseContext("test1")
qConfig := qapi.NewQConfig(tempHome)
if err := fetchAndUpdateCR(qConfig, "v0.0.8"); err != nil {
if err := fetchAndUpdateCR(qConfig, "v0.0.2"); err != nil {
t.Log(err)
t.FailNow()
}
@@ -28,23 +28,8 @@ func TestFetchAndUpdateCR(t *testing.T) {
t.FailNow()
}
if cr.Spec.ManifestsRoot != "contexts/test1/qlik-k8s/v0.0.8" {
t.Log("actual path: " + cr.Spec.ManifestsRoot + ", expected path: contexts/test1/qlik-k8s/v0.0.8")
if cr.Spec.ManifestsRoot != "contexts/test1/qlik-k8s/v0.0.2" {
t.Log("actual path: " + cr.Spec.ManifestsRoot + ", expected path: contexts/test1/qlik-k8s/v0.0.2")
t.FailNow()
}
//testing latest tag is fetched
cr.AddLabelToCr("version", "")
qConfig.WriteCR(cr)
err := fetchAndUpdateCR(qConfig, "")
if err != nil {
t.Log(err)
t.Fail()
}
cr = &qapi.QliksenseCR{}
qapi.ReadFromFile(cr, actualCrFile)
v := cr.GetLabelFromCr("version")
if v == "" || v == "v0.0.8" {
t.Log("should get latest but got version: " + v)
t.Fail()
}
}

88
pkg/qliksense/get_installable_versions.go
View File

@@ -4,9 +4,6 @@ import (
"errors"
"fmt"
"github.com/Masterminds/semver/v3"
"github.com/go-git/go-git/v5/plumbing/transport"
"github.com/go-git/go-git/v5/plumbing/transport/http"
"github.com/qlik-oss/k-apis/pkg/git"
qapi "github.com/qlik-oss/sense-installer/pkg/api"
)
@@ -24,20 +21,8 @@ func (q *Qliksense) GetInstallableVersions(opts *LsRemoteCmdOptions) error {
}
var repoPath string
var auth transport.AuthMethod
if qcr.Spec.GetManifestsRoot() != "" {
repoPath = qcr.Spec.GetManifestsRoot()
encKey, err := qConfig.GetEncryptionKeyFor(qcr.GetName())
if err != nil {
return err
}
accessToken := qcr.GetFetchAccessToken(encKey)
if accessToken != "" {
auth = &http.BasicAuth{
Username: "something",
Password: accessToken,
}
}
} else {
repoPath, err = DownloadFromGitRepoToTmpDir(defaultConfigRepoGitUrl, "master")
if err != nil {
@@ -50,7 +35,7 @@ func (q *Qliksense) GetInstallableVersions(opts *LsRemoteCmdOptions) error {
return err
}
remoteRefsList, err := git.GetRemoteRefs(r, auth,
remoteRefsList, err := git.GetRemoteRefs(r, nil,
&git.RemoteRefConstraints{
Include: true,
Sort: true,
@@ -101,74 +86,3 @@ func (q *Qliksense) GetInstallableVersions(opts *LsRemoteCmdOptions) error {
return nil
}
func getLatestTag(repoUrl, accessToken string) (string, error) {
if repoUrl == "" {
return "", errors.New("repo url is empty")
}
repoPath, err := fetchToTempDir(repoUrl, "master", accessToken)
if err != nil {
return "", err
}
r, err := git.OpenRepository(repoPath)
if err != nil {
return "", err
}
var auth transport.AuthMethod
if accessToken != "" {
auth = &http.BasicAuth{
Username: "something",
Password: accessToken,
}
}
remoteRefsList, err := git.GetRemoteRefs(r, auth,
&git.RemoteRefConstraints{
Include: true,
Sort: true,
SortOrder: git.RefSortOrderDescending,
},
&git.RemoteRefConstraints{
Include: false,
Sort: true,
SortOrder: git.RefSortOrderAscending,
})
if err != nil {
return "", err
}
if len(remoteRefsList) < 1 {
return "", errors.New("cannot find git remote information in the config repository")
}
var originRemoteRefs *git.RemoteRefs
for _, remoteRefs := range remoteRefsList {
if remoteRefs.Name == "origin" {
originRemoteRefs = remoteRefs
break
}
}
if originRemoteRefs == nil {
return "", errors.New(`cannot find git remote called "origin" in the config repository`)
}
tags := originRemoteRefs.Tags
if len(tags) == 0 {
return "", errors.New(("no tags exists in the repo: " + repoPath))
}
maxSem, _ := semver.NewVersion(tags[0])
for _, sv := range tags[1:] {
if sv == "" {
continue
}
v, err := semver.NewVersion(sv)
if err != nil {
// it may happen, in the repo some tags may not conform to semver
//fmt.Println("the tag is not conform to semver: " + sv)
continue
}
if maxSem == nil || maxSem.LessThan(v) {
maxSem = v
}
}
return maxSem.Original(), nil
}

25
pkg/qliksense/get_installable_versions_test.go
View File

@@ -1,25 +0,0 @@
package qliksense
import (
"testing"
"github.com/Masterminds/semver/v3"
)
func TestGetLatestTag(t *testing.T) {
s, err := getLatestTag(defaultConfigRepoGitUrl, "")
if s == "" || err != nil {
t.Log(err)
t.Fail()
}
sv, err := semver.NewVersion(s)
if err != nil {
t.Log(err)
t.Log(sv)
}
baseV, _ := semver.NewVersion("v0.0.8")
if !sv.GreaterThan(baseV) {
t.Log("Expected greater than v0.0.8, but got: " + s)
t.Fail()
}
}

235
pkg/qliksense/install.go
View File

@@ -3,148 +3,89 @@ package qliksense
import (
"errors"
"fmt"
"io/ioutil"
"os"
"path"
"path/filepath"
"strconv"
"strings"
"time"
"github.com/mattn/go-tty"
"github.com/mitchellh/go-homedir"
"github.com/qlik-oss/k-apis/pkg/config"
"github.com/qlik-oss/k-apis/pkg/cr"
"sigs.k8s.io/kustomize/api/filesys"
qapi "github.com/qlik-oss/sense-installer/pkg/api"
)
type InstallCommandOptions struct {
StorageClass string
MongodbUri string
AcceptEULA string
DryRun bool
Pull bool
Push bool
CleanPatchFiles bool
RotateKeys bool
StorageClass string
MongoDbUri string
RotateKeys string
}
const (
eulaText = "Please read the end user license agreement at: https://www.qlik.com/us/legal/license-terms"
eulaPrompt = "Do you accept our EULA? (y/n): "
eulaErrorInstruction = `You must enter "y" to continue or execute the command with the acceptEULA flag set to "yes"`
)
func (q *Qliksense) InstallQK8s(version string, opts *InstallCommandOptions, keepPatchFiles bool) error {
func (q *Qliksense) InstallQK8s(version string, opts *InstallCommandOptions) error {
// step1: fetch 1.0.0 # pull down qliksense-k8s@1.0.0
// step2: operator view | kubectl apply -f # operator manifest (CRD)
// step3: config apply | kubectl apply -f # generates patches (if required) in configuration directory, applies manifest
// step4: config view | kubectl apply -f # generates Custom Resource manifest (CR)
// fetch the version
qConfig := qapi.NewQConfig(q.QliksenseHome)
if !keepPatchFiles {
defer func() {
if err := q.DiscardAllUnstagedChangesFromGitRepo(qConfig); err != nil {
fmt.Printf("error removing temporary changes to the config: %v\n", err)
}
}()
}
qcr, err := qConfig.GetCurrentCR()
if err != nil {
fmt.Println("cannot get the current-context cr", err)
return err
}
if !qcr.IsRepoExist() {
if err := fetchAndUpdateCR(qConfig, version); err != nil {
return err
} else if qcr, err = qConfig.GetCurrentCR(); err != nil {
return err
}
}
if opts.AcceptEULA != "" && opts.AcceptEULA != "yes" {
enforceEula()
} else if opts.AcceptEULA == "" && !qcr.IsEULA() {
enforceEula()
}
qcr.SetEULA("yes")
if opts.MongodbUri != "" {
qcr.Spec.AddToSecrets("qliksense", "mongodbUri", opts.MongodbUri, "")
if opts.MongoDbUri != "" {
qcr.Spec.AddToSecrets("qliksense", "mongoDbUri", opts.MongoDbUri, "")
}
if opts.StorageClass != "" {
qcr.Spec.StorageClassName = opts.StorageClass
}
if opts.RotateKeys != "" {
qcr.Spec.RotateKeys = opts.RotateKeys
}
qConfig.WriteCurrentContextCR(qcr)
if err := qConfig.WriteCurrentContextCR(qcr); err != nil {
//if the docker pull secret exists on disk, install it in the cluster
//if it doesn't exist on disk, remove it in the cluster
if err := installOrRemoveImagePullSecret(qConfig); err != nil {
return err
}
if opts.CleanPatchFiles {
if err := q.DiscardAllUnstagedChangesFromGitRepo(qConfig); err != nil {
fmt.Printf("error removing temporary changes to the config: %v\n", err)
}
}
// for debugging purpose
if opts.DryRun {
// generate patches
userHomeDir, _ := homedir.Dir()
fmt.Println("Generating patches only")
cr.GeneratePatches(&qcr.KApiCr, config.KeysActionDoNothing, path.Join(userHomeDir, ".kube", "config"))
return nil
}
if installed, err := q.CheckAllCrdsInstalled(); err != nil {
fmt.Println("error verifying whether CRDs are installed", err)
return err
} else if !installed {
return errors.New(`please install CRDs by executing: $ qliksense crds install`)
}
if err := validatePullPushFlagsOnInstall(qcr, opts.Pull, opts.Push); err != nil {
return err
}
if opts.Pull {
fmt.Println("Pulling images...")
if err := q.PullImages(version, ""); err != nil {
return err
}
}
if opts.Push {
fmt.Println("Pushing images...")
if err := q.PushImagesForCurrentCR(); err != nil {
return err
}
}
if err := applyImagePullSecret(qConfig); err != nil {
return err
// check if acceptEULA is yes or not
if !qcr.IsEULA() {
return errors.New(agreementTempalte + "\n Please do $ qliksense install --acceptEULA=yes\n")
}
//CRD will be installed outside of operator
//install operator controller into the namespace
fmt.Println("Installing operator controller")
if operatorControllerString, err := q.getProcessedOperatorControllerString(qcr); err != nil {
fmt.Println("error extracting/transforming operator controller", err)
return err
} else if err := qapi.KubectlApply(operatorControllerString, ""); err != nil {
fmt.Println("cannot do kubectl apply on operator controller", err)
return err
}
// create patch dependent resources
fmt.Println("Installing resources used by the kuztomize patch")
if err := q.createK8sResourceBeforePatch(qcr); err != nil {
return err
}
if opts.RotateKeys {
fmt.Println("Deleting stored application keys")
if err := q.DeleteKeysClusterBackup(); err != nil {
operatorControllerString := q.GetOperatorControllerString()
if imageRegistry := qcr.GetImageRegistry(); imageRegistry != "" {
operatorControllerString, err = kustomizeForImageRegistry(operatorControllerString, pullSecretName,
"qlik/qliksense-operator", fmt.Sprintf("%v/qliksense-operator", imageRegistry))
if err != nil {
return err
} else {
qcr.AddLabelToCr("keys-rotated", strconv.FormatInt(time.Now().Unix(), 10))
if err := qConfig.WriteCurrentContextCR(qcr); err != nil {
return err
}
}
}
if err := qapi.KubectlApply(operatorControllerString, ""); err != nil {
fmt.Println("cannot do kubectl apply on opeartor controller", err)
return err
}
if qcr.Spec.OpsRunner != nil {
// create patch dependent resoruces
fmt.Println("Installing resoruces used kuztomize patch")
if err := q.createK8sResoruceBeforePatch(qcr); err != nil {
return err
}
if qcr.Spec.Git != nil && qcr.Spec.Git.Repository != "" {
// fetching and applying manifest will be in the operator controller
// get decrypted cr
if dcr, err := qConfig.GetDecryptedCr(qcr); err != nil {
@@ -153,9 +94,24 @@ func (q *Qliksense) InstallQK8s(version string, opts *InstallCommandOptions) err
return q.applyCR(dcr)
}
}
if version == "" {
version = qcr.GetLabelFromCr("version")
}
if err := fetchAndUpdateCR(qConfig, version); err != nil {
return err
}
qcr, err = qConfig.GetCurrentCR()
if err != nil {
fmt.Println("cannot get the current-context cr", err)
return err
} else if qcr.Spec.GetManifestsRoot() == "" {
return errors.New("cannot get the manifest root. Use qliksense fetch <version> or qliksense set manifestsRoot")
}
// install generated manifests into cluster
fmt.Println("Installing generated manifests into the cluster")
fmt.Println("Installing generated manifests into cluster")
if dcr, err := qConfig.GetDecryptedCr(qcr); err != nil {
return err
} else if err := q.applyConfigToK8s(dcr); err != nil {
@@ -166,37 +122,31 @@ func (q *Qliksense) InstallQK8s(version string, opts *InstallCommandOptions) err
}
}
func (q *Qliksense) getProcessedOperatorControllerString(qcr *qapi.QliksenseCR) (string, error) {
operatorControllerString := q.GetOperatorControllerString()
if imageRegistry := qcr.Spec.GetImageRegistry(); imageRegistry != "" {
return kustomizeForImageRegistry(operatorControllerString, pullSecretName,
path.Join(qliksenseOperatorImageRepo, qliksenseOperatorImageName),
path.Join(imageRegistry, qliksenseOperatorImageName))
}
return operatorControllerString, nil
}
func applyImagePullSecret(qConfig *qapi.QliksenseConfig) error {
func installOrRemoveImagePullSecret(qConfig *qapi.QliksenseConfig) error {
if pullDockerConfigJsonSecret, err := qConfig.GetPullDockerConfigJsonSecret(); err == nil {
if dockerConfigJsonSecretYaml, err := pullDockerConfigJsonSecret.ToYaml(""); err != nil {
if dockerConfigJsonSecretYaml, err := pullDockerConfigJsonSecret.ToYaml(nil); err != nil {
return err
} else if err := qapi.KubectlApply(string(dockerConfigJsonSecretYaml), ""); err != nil {
return err
}
} else {
deleteDockerConfigJsonSecret := qapi.DockerConfigJsonSecret{
Name: pullSecretName,
}
if deleteDockerConfigJsonSecretYaml, err := deleteDockerConfigJsonSecret.ToYaml(nil); err != nil {
return err
} else if err := qapi.KubectlDelete(string(deleteDockerConfigJsonSecretYaml), ""); err != nil {
qapi.LogDebugMessage("failed deleting %v, error: %v\n", pullSecretName, err)
}
}
return nil
}
func kustomizeForImageRegistry(resources, dockerConfigJsonSecretName, name, newName string) (string, error) {
dir, err := ioutil.TempDir("", "")
if err != nil {
fSys := filesys.MakeFsInMemory()
if err := fSys.WriteFile("/resources.yaml", []byte(resources)); err != nil {
return "", err
}
defer os.RemoveAll(dir)
if err := ioutil.WriteFile(filepath.Join(dir, "resources.yaml"), []byte(resources), os.ModePerm); err != nil {
return "", err
} else if err := ioutil.WriteFile(filepath.Join(dir, "addImagePullSecrets.yaml"), []byte(fmt.Sprintf(`
} else if err := fSys.WriteFile("/addImagePullSecrets.yaml", []byte(fmt.Sprintf(`
apiVersion: builtin
kind: PatchTransformer
metadata:
@@ -205,9 +155,9 @@ patch: '[{"op": "add", "path": "/spec/template/spec/imagePullSecrets", "value":
target:
name: .*-operator
kind: Deployment
`, dockerConfigJsonSecretName)), os.ModePerm); err != nil {
`, dockerConfigJsonSecretName))); err != nil {
return "", err
} else if err := ioutil.WriteFile(filepath.Join(dir, "kustomization.yaml"), []byte(fmt.Sprintf(`
} else if err := fSys.WriteFile("/kustomization.yaml", []byte(fmt.Sprintf(`
resources:
- resources.yaml
transformers:
@@ -215,9 +165,9 @@ transformers:
images:
- name: %s
newName: %s
`, name, newName)), os.ModePerm); err != nil {
`, name, newName))); err != nil {
return "", err
} else if out, err := executeKustomizeBuildForFileSystem(dir, filesys.MakeFsOnDisk()); err != nil {
} else if out, err := executeKustomizeBuildForFileSystem("/", fSys); err != nil {
return "", err
} else {
return string(out), nil
@@ -227,7 +177,7 @@ images:
func (q *Qliksense) applyCR(cr *qapi.QliksenseCR) error {
// install operator cr into cluster
//get the current context cr
fmt.Println("Installing operator CR into the cluster")
fmt.Println("Install operator CR into cluster")
r, err := cr.GetString()
if err != nil {
return err
@@ -239,7 +189,7 @@ func (q *Qliksense) applyCR(cr *qapi.QliksenseCR) error {
return nil
}
func (q *Qliksense) createK8sResourceBeforePatch(qcr *qapi.QliksenseCR) error {
func (q *Qliksense) createK8sResoruceBeforePatch(qcr *qapi.QliksenseCR) error {
for svc, nvs := range qcr.Spec.Secrets {
for _, nv := range nvs {
if isK8sSecretNeedToCreate(nv) {
@@ -258,26 +208,3 @@ func (q *Qliksense) createK8sResourceBeforePatch(qcr *qapi.QliksenseCR) error {
func isK8sSecretNeedToCreate(nv config.NameValue) bool {
return nv.ValueFrom != nil
}
func enforceEula() {
fmt.Println(eulaText)
fmt.Print(eulaPrompt)
answer := readAnswerFromTty()
if strings.ToLower(answer) != "y" {
fmt.Println(eulaErrorInstruction)
os.Exit(1)
}
}
func readAnswerFromTty() string {
t, err := tty.Open()
if err != nil {
panic(err)
}
defer t.Close()
answer, err := t.ReadString()
if err != nil {
panic(err)
}
return answer
}

129
pkg/qliksense/install_test.go
View File

@@ -1,22 +1,15 @@
package qliksense
import (
"fmt"
"io/ioutil"
"os"
"path"
"strings"
"path/filepath"
"testing"
"github.com/gobuffalo/packr/v2"
qapi "github.com/qlik-oss/sense-installer/pkg/api"
"sigs.k8s.io/kustomize/api/k8sdeps/kunstruct"
"sigs.k8s.io/kustomize/api/resid"
"sigs.k8s.io/kustomize/api/resmap"
"sigs.k8s.io/kustomize/api/resource"
)
func TestCreateK8sResourceBeforePatch(t *testing.T) {
func TestCreateK8sResoruceBeforePatch(t *testing.T) {
td := setup()
sampleCr := `
apiVersion: qlik.com/v1
@@ -41,12 +34,20 @@ spec:
value: "yes"
secrets:
qliksense:
- name: mongodbUri
- name: mongoDbUri
value: mongodb://qlik-default-mongodb:27017/qliksense?ssl=false
profile: docker-desktop`
profile: docker-desktop
rotateKeys: "yes"`
crFile := filepath.Join(testDir, "install_test.yaml")
ioutil.WriteFile(crFile, []byte(sampleCr), 0644)
q := New(testDir)
if err := q.LoadCr([]byte(sampleCr), false); err != nil {
file, e := os.Open(crFile)
if e != nil {
t.Log(e)
t.FailNow()
}
if err := q.LoadCr(file, false); err != nil {
t.Log(err)
t.FailNow()
}
@@ -56,111 +57,9 @@ spec:
t.Log(err)
t.FailNow()
}
if err = q.createK8sResourceBeforePatch(cr); err != nil {
if err = q.createK8sResoruceBeforePatch(cr); err != nil {
t.Log(err)
t.FailNow()
}
td()
}
func setupQliksenseTestDefaultContext(t *testing.T, tmpQlikSenseHome, CR string) {
if err := ioutil.WriteFile(path.Join(tmpQlikSenseHome, "config.yaml"), []byte(`
apiVersion: config.qlik.com/v1
kind: QliksenseConfig
metadata:
name: QliksenseConfigMetadata
spec:
contexts:
- name: qlik-default
crFile: contexts/qlik-default/qlik-default.yaml
currentContext: qlik-default
`), os.ModePerm); err != nil {
t.Fatalf("unexpected error: %v", err)
}
defaultContextDir := path.Join(tmpQlikSenseHome, "contexts", "qlik-default")
if err := os.MkdirAll(defaultContextDir, os.ModePerm); err != nil {
t.Fatalf("unexpected error: %v", err)
}
if err := ioutil.WriteFile(path.Join(defaultContextDir, "qlik-default.yaml"), []byte(CR), os.ModePerm); err != nil {
t.Fatalf("unexpected error: %v", err)
}
}
func Test_getProcessedOperatorControllerString(t *testing.T) {
tmpQlikSenseHome, err := ioutil.TempDir("", "tmp-qlik-sense-home-")
if err != nil {
t.Fatalf("unexpected error creating tmp dir: %v", err)
}
defer os.RemoveAll(tmpQlikSenseHome)
registry := "registryFoo"
setupQliksenseTestDefaultContext(t, tmpQlikSenseHome, fmt.Sprintf(`
apiVersion: qlik.com/v1
kind: Qliksense
metadata:
name: qlik-default
spec:
configs:
qliksense:
- name: imageRegistry
value: %v
`, registry))
q := &Qliksense{
QliksenseHome: tmpQlikSenseHome,
CrdBox: packr.New("crds", "./crds"),
}
qConfig := qapi.NewQConfig(q.QliksenseHome)
qcr, err := qConfig.GetCurrentCR()
if err != nil {
t.Fatalf("unexpected error getting current CR: %v", err)
}
originalOperatorString := q.GetOperatorControllerString()
processedOperatorString, err := q.getProcessedOperatorControllerString(qcr)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
controllerImageChecks := map[string]func(t *testing.T, controllerImage string){
originalOperatorString: func(t *testing.T, controllerImage string) {
expectedControllerImagePrefix := fmt.Sprintf("%v/%v:", qliksenseOperatorImageRepo, qliksenseOperatorImageName)
if !strings.HasPrefix(controllerImage, expectedControllerImagePrefix) {
t.Fatalf("expected controller image: %v to have prefix: %v", controllerImage, expectedControllerImagePrefix)
}
},
processedOperatorString: func(t *testing.T, controllerImage string) {
expectedControllerImagePrefix := fmt.Sprintf("%v/%v:", registry, qliksenseOperatorImageName)
if !strings.HasPrefix(controllerImage, expectedControllerImagePrefix) {
t.Fatalf("expected controller image: %v to have prefix: %v", controllerImage, expectedControllerImagePrefix)
}
},
}
resourceFactory := resmap.NewFactory(resource.NewFactory(kunstruct.NewKunstructuredFactoryImpl()), nil)
for operatorString, controllerImageCheck := range controllerImageChecks {
resMap, err := resourceFactory.NewResMapFromBytes([]byte(operatorString))
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
res, err := resMap.GetById(resid.NewResId(resid.Gvk{
Group: "apps",
Version: "v1",
Kind: "Deployment",
}, "qliksense-operator"))
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
controllerImage, err := res.GetString("spec.template.spec.containers[0].image")
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
controllerImageCheck(t, controllerImage)
}
}

21
pkg/qliksense/keys.go
View File

@@ -1,21 +0,0 @@
package qliksense
import (
"path"
"github.com/mitchellh/go-homedir"
"github.com/qlik-oss/k-apis/pkg/cr"
qapi "github.com/qlik-oss/sense-installer/pkg/api"
)
func (q *Qliksense) DeleteKeysClusterBackup() error {
qConfig := qapi.NewQConfig(q.QliksenseHome)
if qcr, err := qConfig.GetCurrentCR(); err != nil {
return err
} else if userHomeDir, err := homedir.Dir(); err != nil {
return err
} else if err := cr.DeleteKeysClusterBackup(&qcr.KApiCr, path.Join(userHomeDir, ".kube", "config")); err != nil {
return err
}
return nil
}

232
pkg/qliksense/kuz_test.go
View File

@@ -3,26 +3,15 @@ package qliksense
import (
"bytes"
"encoding/base64"
"fmt"
"io"
"io/ioutil"
"log"
"os"
"path/filepath"
"regexp"
"path"
"strings"
"sync"
"sync/atomic"
"testing"
"time"
"sigs.k8s.io/kustomize/api/k8sdeps/kunstruct"
"sigs.k8s.io/kustomize/api/resid"
"sigs.k8s.io/kustomize/api/resmap"
"sigs.k8s.io/kustomize/api/resource"
"sigs.k8s.io/kustomize/api/types"
"gopkg.in/yaml.v2"
"gopkg.in/yaml.v3"
"github.com/Shopify/ejson"
"github.com/qlik-oss/k-apis/pkg/config"
@@ -38,7 +27,7 @@ func Test_ExecuteKustomizeBuild(t *testing.T) {
}
defer os.RemoveAll(tmpDir)
kustomizationYamlFilePath := filepath.Join(tmpDir, "kustomization.yaml")
kustomizationYamlFilePath := path.Join(tmpDir, "kustomization.yaml")
kustomizationYaml := `
generatorOptions:
disableNameSuffixHash: true
@@ -69,203 +58,6 @@ metadata:
}
}
func Test_executeKustomizeBuild_onQlikConfig_withConcurrency(t *testing.T) {
if testing.Short() {
t.Skip("Skipping parallel kustomize test in short mode")
}
tmpDir, err := ioutil.TempDir("", "")
if err != nil {
t.Fatalf("unexpected error: %v\n", err)
}
defer os.RemoveAll(tmpDir)
configPath := filepath.Join(tmpDir, "config")
if repo, err := kapis_git.CloneRepository(configPath, defaultConfigRepoGitUrl, nil); err != nil {
t.Fatalf("unexpected error: %v\n", err)
} else if err := kapis_git.Checkout(repo, "v0.0.8", "v0.0.8", nil); err != nil {
t.Fatalf("unexpected error: %v\n", err)
}
configsDir := filepath.Join(configPath, "manifests", "base", "manifests")
shouldSkipDir := func(dirName string) bool {
skipMap := map[string]bool{
"sense-client": true,
}
_, ok := skipMap[dirName]
return ok
}
insertConcatenationKuzYaml := func(dir string) error {
concatenatedMap := map[string]interface{}{}
concatenatedMap["apiVersion"] = "kustomize.config.k8s.io/v1beta1"
concatenatedMap["kind"] = "Kustomization"
resources := make([]string, 0)
infos, err := ioutil.ReadDir(dir)
if err != nil {
return err
}
for _, info := range infos {
if !info.IsDir() {
resources = append(resources, info.Name())
}
}
concatenatedMap["resources"] = resources
if concatenatedMapBytes, err := yaml.Marshal(&concatenatedMap); err != nil {
return err
} else if err := ioutil.WriteFile(filepath.Join(dir, "kustomization.yaml"), concatenatedMapBytes, os.ModePerm); err != nil {
return err
}
return nil
}
//sequential test:
sequentialManifestsDir := filepath.Join(tmpDir, "sequential")
if err := os.RemoveAll(sequentialManifestsDir); err != nil {
t.Fatalf("unexpected error: %v\n", err)
} else if err := os.MkdirAll(sequentialManifestsDir, os.ModePerm); err != nil {
t.Fatalf("unexpected error: %v\n", err)
} else if err := os.RemoveAll(filepath.Join(os.TempDir(), "dotHelm")); err != nil {
t.Fatalf("unexpected error: %v\n", err)
} else if err := os.RemoveAll(filepath.Join(os.TempDir(), ".chartcache")); err != nil {
t.Fatalf("unexpected error: %v\n", err)
}
infos, err := ioutil.ReadDir(configsDir)
if err != nil {
t.Fatalf("unexpected error: %v\n", err)
}
fmt.Print("running a sequential execution test...\n")
t1 := time.Now()
for _, info := range infos {
if shouldSkipDir(info.Name()) {
continue
}
if info.IsDir() {
if yamlResources, err := ExecuteKustomizeBuild(filepath.Join(configsDir, info.Name())); err != nil {
t.Fatalf("unexpected error kustomizing: %v, error: %v\n", info.Name(), err)
} else if err := ioutil.WriteFile(filepath.Join(sequentialManifestsDir, fmt.Sprintf("%v.yaml", info.Name())), yamlResources, os.ModePerm); err != nil {
t.Fatalf("unexpected error: %v\n", err)
}
}
}
t2 := time.Now()
fmt.Printf("sequential execution test took: %vs\n", t2.Sub(t1).Seconds())
if err := insertConcatenationKuzYaml(sequentialManifestsDir); err != nil {
t.Fatalf("unexpected error: %v\n", err)
}
concatenatedSequentialManifests, err := ExecuteKustomizeBuild(sequentialManifestsDir)
if err != nil {
t.Fatalf("unexpected error: %v\n", err)
}
//concurrent tests:
numConcurrentTests := 5
concatenatedConcurrentManifestsList := make([][]byte, 0)
for i := 0; i < numConcurrentTests; i++ {
concurrentManifestsDir := filepath.Join(tmpDir, fmt.Sprintf("concurrent-%v", i))
if err := os.RemoveAll(concurrentManifestsDir); err != nil {
t.Fatalf("unexpected error: %v\n", err)
} else if err := os.MkdirAll(concurrentManifestsDir, os.ModePerm); err != nil {
t.Fatalf("unexpected error: %v\n", err)
} else if err := os.RemoveAll(filepath.Join(os.TempDir(), "dotHelm")); err != nil {
t.Fatalf("unexpected error: %v\n", err)
} else if err := os.RemoveAll(filepath.Join(os.TempDir(), ".chartcache")); err != nil {
t.Fatalf("unexpected error: %v\n", err)
}
var wg sync.WaitGroup
var concurrentErrorCounter int32
osStderrBackup := os.Stderr
tmpStdErrFile, err := ioutil.TempFile("", "")
if err != nil {
t.Fatalf("unexpected error: %v\n", err)
}
os.Stderr = tmpStdErrFile
fmt.Print("running a concurrent execution test...\n")
t1 = time.Now()
for _, fi := range infos {
wg.Add(1)
go func(info os.FileInfo) {
defer wg.Done()
if shouldSkipDir(info.Name()) {
return
}
if info.IsDir() {
if yamlResources, err := ExecuteKustomizeBuild(filepath.Join(configsDir, info.Name())); err != nil {
fmt.Printf("unexpected error: %v\n", err)
atomic.AddInt32(&concurrentErrorCounter, 1)
} else if err := ioutil.WriteFile(filepath.Join(concurrentManifestsDir, fmt.Sprintf("%v.yaml", info.Name())), yamlResources, os.ModePerm); err != nil {
fmt.Printf("unexpected error: %v\n", err)
atomic.AddInt32(&concurrentErrorCounter, 1)
}
}
}(fi)
}
wg.Wait()
t2 = time.Now()
os.Stderr = osStderrBackup
os.Remove(tmpStdErrFile.Name())
if concurrentErrorCounter > 0 {
t.Fatalf("there were %v errors during the concurrent execution", concurrentErrorCounter)
}
fmt.Printf("concurrent execution test took: %vs\n", t2.Sub(t1).Seconds())
if err := insertConcatenationKuzYaml(concurrentManifestsDir); err != nil {
t.Fatalf("unexpected error: %v\n", err)
}
concatenatedConcurrentManifests, err := ExecuteKustomizeBuild(concurrentManifestsDir)
if err != nil {
t.Fatalf("unexpected error: %v\n", err)
}
concatenatedConcurrentManifestsList = append(concatenatedConcurrentManifestsList, concatenatedConcurrentManifests)
}
getResMapBytesAdjustedForCaCertsJobName := func(resBytes []byte) ([]byte, error) {
resMapFactory := resmap.NewFactory(resource.NewFactory(kunstruct.NewKunstructuredFactoryImpl()), nil)
if resMap, err := resMapFactory.NewResMapFromBytes(resBytes); err != nil {
return nil, err
} else if resources, err := resMap.Select(types.Selector{
Gvk: resid.Gvk{
Group: "batch",
Version: "v1",
Kind: "Job",
},
}); err != nil {
return nil, err
} else if re, err := regexp.Compile(`^.+-ca-certificates-[a-z]{5}$`); err != nil {
return nil, err
} else {
for _, res := range resources {
res.SetName(re.ReplaceAllString(res.GetName(), "qliksense-ca-certificates"))
}
return resMap.AsYaml()
}
}
sequentialFinalManifest, err := getResMapBytesAdjustedForCaCertsJobName(concatenatedSequentialManifests)
if err != nil {
t.Fatalf("unexpected error: %v\n", err)
}
concurrentFinalManifestsList := make([][]byte, 0)
for _, concatenatedConcurrentManifest := range concatenatedConcurrentManifestsList {
if concurrentFinalManifest, err := getResMapBytesAdjustedForCaCertsJobName(concatenatedConcurrentManifest); err != nil {
t.Fatalf("unexpected error: %v\n", err)
} else {
concurrentFinalManifestsList = append(concurrentFinalManifestsList, concurrentFinalManifest)
}
}
for _, concurrentFinalManifest := range concurrentFinalManifestsList {
if !bytes.Equal(concurrentFinalManifest, sequentialFinalManifest) {
t.Fatalf("expected the concatenated concurrent manifest to equal the concatenated sequential manifest, but they didn't..."+
"\nconcurrent:\n%v\nsequential:\n%v", string(concurrentFinalManifest), string(sequentialFinalManifest))
}
}
}
func Test_executeKustomizeBuild_onQlikConfig_regenerateKeys(t *testing.T) {
tmpDir, err := ioutil.TempDir("", "")
if err != nil {
@@ -273,14 +65,12 @@ func Test_executeKustomizeBuild_onQlikConfig_regenerateKeys(t *testing.T) {
}
defer os.RemoveAll(tmpDir)
configPath := filepath.Join(tmpDir, "config")
configPath := path.Join(tmpDir, "config")
if repo, err := kapis_git.CloneRepository(configPath, defaultConfigRepoGitUrl, nil); err != nil {
t.Fatalf("unexpected error: %v\n", err)
} else if err := kapis_git.Checkout(repo, "e38df644e759abf0b5941c1511d1a2cd5e3c42fa", "commit-e38df644e759abf0b5941c1511d1a2cd5e3c42fa", nil); err != nil {
} else if err := kapis_git.Checkout(repo, "v1.21.23-edge", "", nil); err != nil {
t.Fatalf("unexpected error: %v\n", err)
}
//tmpDir := "/var/folders/mf/5hs1qkq508q_scjbhxhmf9qwjrp346/T/679268230"
//configPath := "/var/folders/mf/5hs1qkq508q_scjbhxhmf9qwjrp346/T/679268230/config"
cr := &config.CRSpec{
ManifestsRoot: configPath,
@@ -296,7 +86,7 @@ func Test_executeKustomizeBuild_onQlikConfig_regenerateKeys(t *testing.T) {
generateKeys(cr, "won't-use")
yamlResources, err := ExecuteKustomizeBuild(filepath.Join(configPath, "manifests", "base", "resources", "users"))
yamlResources, err := ExecuteKustomizeBuild(path.Join(configPath, "manifests", "base", "resources", "users"))
if err != nil {
t.Fatalf("unexpected kustomize error: %v\n", err)
}
@@ -312,8 +102,8 @@ func Test_executeKustomizeBuild_onQlikConfig_regenerateKeys(t *testing.T) {
}
break
}
if resource["kind"].(string) == "Secret" && strings.Contains(resource["metadata"].(map[interface{}]interface{})["name"].(string), "users-secrets-") {
keyIdBase64 = resource["data"].(map[interface{}]interface{})["tokenAuthPrivateKeyId"].(string)
if resource["kind"].(string) == "Secret" && strings.Contains(resource["metadata"].(map[string]interface{})["name"].(string), "users-secrets-") {
keyIdBase64 = resource["data"].(map[string]interface{})["tokenAuthPrivateKeyId"].(string)
break
}
}
@@ -337,7 +127,7 @@ func generateKeys(cr *config.CRSpec, defaultKeyDir string) {
log.Printf("error generating application keys: %v\n", err)
} else if err := os.MkdirAll(keyDir, os.ModePerm); err != nil {
log.Printf("error makeing sure private key storage directory: %v exists, error: %v\n", keyDir, err)
} else if err := ioutil.WriteFile(filepath.Join(keyDir, ejsonPublicKey), []byte(ejsonPrivateKey), os.ModePerm); err != nil {
} else if err := ioutil.WriteFile(path.Join(keyDir, ejsonPublicKey), []byte(ejsonPrivateKey), os.ModePerm); err != nil {
log.Printf("error storing ejson private key: %v\n", err)
}
}
@@ -357,8 +147,8 @@ func Test_GetYamlDocKindFromMultiDoc(t *testing.T) {
}
defer os.RemoveAll(tmpDir)
kustomizationYamlFilePath := filepath.Join(tmpDir, "kustomization.yaml")
testResFileYamlFilePath := filepath.Join(tmpDir, "test-file.yaml")
kustomizationYamlFilePath := path.Join(tmpDir, "kustomization.yaml")
testResFileYamlFilePath := path.Join(tmpDir, "test-file.yaml")
kustomizationYaml := `
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

28
pkg/qliksense/load_cr.go
View File

@@ -3,13 +3,17 @@ package qliksense
import (
"errors"
"fmt"
"io"
"io/ioutil"
"strings"
qapi "github.com/qlik-oss/sense-installer/pkg/api"
)
func (q *Qliksense) LoadCr(crBytes []byte, overwriteExistingContext bool) error {
if crName, err := q.loadCrStringIntoFileSystem(string(crBytes), overwriteExistingContext); err != nil {
func (q *Qliksense) LoadCr(reader io.Reader, overwriteExistingContext bool) error {
if crBytes, err := ioutil.ReadAll(reader); err != nil {
return err
} else if crName, err := q.loadCrStringIntoFileSystem(string(crBytes), overwriteExistingContext); err != nil {
return err
} else {
fmt.Println("cr name: [ " + crName + " ] has been loaded")
@@ -17,6 +21,16 @@ func (q *Qliksense) LoadCr(crBytes []byte, overwriteExistingContext bool) error
return nil
}
func (q *Qliksense) IsEulaAcceptedInCrFile(reader io.Reader) (bool, error) {
if crBytes, err := ioutil.ReadAll(reader); err != nil {
return false, err
} else if cr, err := qapi.CreateCRObjectFromString(string(crBytes)); err != nil {
return false, err
} else {
return cr.IsEULA(), nil
}
}
func (q *Qliksense) loadCrStringIntoFileSystem(crstr string, overwriteExistingContext bool) (string, error) {
cr, err := qapi.CreateCRObjectFromString(crstr)
if err != nil {
@@ -37,7 +51,7 @@ func (q *Qliksense) loadCrStringIntoFileSystem(crstr string, overwriteExistingCo
}
// encrypt the secrets and do base64 then update the CR
encryptionKey, err := qConfig.GetEncryptionKeyFor(cr.GetName())
rsaPublicKey, _, err := qConfig.GetContextEncryptionKeyPair(cr.GetName())
if err != nil {
return "", err
}
@@ -49,17 +63,13 @@ func (q *Qliksense) loadCrStringIntoFileSystem(crstr string, overwriteExistingCo
Value: nv.Value,
SvcName: svc,
}
if err := q.processSecret(skv, encryptionKey, cr, false); err != nil {
if err := q.processSecret(skv, rsaPublicKey, cr, false); err != nil {
return cr.GetName(), err
}
}
}
}
if cr.Spec.Git != nil && cr.Spec.Git.AccessToken != "" {
if err := cr.SetFetchAccessToken(cr.Spec.Git.AccessToken, encryptionKey); err != nil {
return "", err
}
}
// update manifestsRoot in case already exist
if existingCr, err := qConfig.GetCR(cr.GetName()); err == nil {
// cr exists, so update the manifestsRoot if version exist

41
pkg/qliksense/load_cr_test.go
View File

@@ -1,6 +1,9 @@
package qliksense
import (
"io/ioutil"
"os"
"path/filepath"
"testing"
qapi "github.com/qlik-oss/sense-installer/pkg/api"
@@ -32,9 +35,10 @@ spec:
value: "yes"
secrets:
qliksense:
- name: mongodbUri
- name: mongoDbUri
value: mongodb://qlik-default-mongodb:27017/qliksense?ssl=false
profile: docker-desktop`
profile: docker-desktop
rotateKeys: "yes"`
sampleCr2 := `
apiVersion: qlik.com/v1
kind: Qliksense
@@ -58,9 +62,10 @@ spec:
value: "yes"
secrets:
qliksense:
- name: mongodbUri
- name: mongoDbUri
value: mongodb://qlik-default-mongodb:27017/qliksense?ssl=false
profile: docker-desktop`
profile: docker-desktop
rotateKeys: "yes"`
duplicateCr := `
apiVersion: qlik.com/v1
@@ -74,13 +79,30 @@ spec:
repository: https://github.com/ffoysal/qliksense-k8s
accessToken: abababababababaab
userName: "blblbl"`
crFile1 := filepath.Join(testDir, "testcr1.yaml")
ioutil.WriteFile(crFile1, []byte(sampleCr1), 0644)
crFile2 := filepath.Join(testDir, "testcr2.yaml")
ioutil.WriteFile(crFile2, []byte(sampleCr2), 0644)
dupCrFile := filepath.Join(testDir, "dupcr.yaml")
ioutil.WriteFile(dupCrFile, []byte(duplicateCr), 0644)
q := New(testDir)
if err := q.LoadCr([]byte(sampleCr1), false); err != nil {
file1, e := os.Open(crFile1)
if e != nil {
t.Log(e)
t.FailNow()
}
if err := q.LoadCr(file1, false); err != nil {
t.Log(err)
t.FailNow()
}
if err := q.LoadCr([]byte(sampleCr2), false); err != nil {
file2, e := os.Open(crFile2)
if e != nil {
t.Log(e)
t.FailNow()
}
if err := q.LoadCr(file2, false); err != nil {
t.Log(err)
t.FailNow()
}
@@ -106,7 +128,12 @@ spec:
if qConfig.Spec.CurrentContext != "qlik-test3" {
t.FailNow()
}
if err := q.LoadCr([]byte(duplicateCr), false); err == nil {
file, e := os.Open(dupCrFile)
if e != nil {
t.Log(e)
t.FailNow()
}
if err := q.LoadCr(file, false); err == nil {
t.FailNow()
}
td()

2
pkg/qliksense/operator.go
View File

@@ -41,7 +41,7 @@ func (q *Qliksense) getYamlFromPackrFile(packrFile string) string {
if err != nil {
fmt.Printf("Cannot read file %s", packrFile)
}
return fmt.Sprintln("#source: " + packrFile + "\n\n" + s + "\n---")
return fmt.Sprintln("#soruce: " + packrFile + "\n\n" + s + "\n---")
}
func (q *Qliksense) getFileList(resourceType string) []string {
var resList []string

28
pkg/qliksense/uninstall.go
View File

@@ -6,24 +6,16 @@ import (
qapi "github.com/qlik-oss/sense-installer/pkg/api"
)
func (q *Qliksense) UninstallQK8s(contextName string, skipConfirmation bool) error {
ans := skipConfirmation
if ans == false {
ans = AskForConfirmation("Are You Sure? ")
func (q *Qliksense) UninstallQK8s(contextName string) error {
qConfig := qapi.NewQConfig(q.QliksenseHome)
if contextName == "" {
contextName = qConfig.Spec.CurrentContext
} else if !qConfig.IsContextExist(contextName) {
return errors.New("context name [ " + contextName + " ] not found")
}
if ans == true {
qConfig := qapi.NewQConfig(q.QliksenseHome)
if contextName == "" {
contextName = qConfig.Spec.CurrentContext
} else if !qConfig.IsContextExist(contextName) {
return errors.New("context name [ " + contextName + " ] not found")
}
str, err := q.getCRString(contextName)
if err != nil {
return err
}
return qapi.KubectlDelete(str, "")
str, err := q.getCRString(contextName)
if err != nil {
return err
}
return nil
return qapi.KubectlDelete(str, "")
}

13
pkg/qliksense/upgrade.go
View File

@@ -6,7 +6,7 @@ import (
qapi "github.com/qlik-oss/sense-installer/pkg/api"
)
func (q *Qliksense) UpgradeQK8s(cleanPatchFiles bool) error {
func (q *Qliksense) UpgradeQK8s(keepPatchFiles bool) error {
// step1: get CR
// step2: run kustomize
@@ -14,10 +14,12 @@ func (q *Qliksense) UpgradeQK8s(cleanPatchFiles bool) error {
// fetch the version
qConfig := qapi.NewQConfig(q.QliksenseHome)
if cleanPatchFiles {
if err := q.DiscardAllUnstagedChangesFromGitRepo(qConfig); err != nil {
fmt.Printf("error removing temporary changes to the config: %v\n", err)
}
if !keepPatchFiles {
defer func() {
if err := q.DiscardAllUnstagedChangesFromGitRepo(qConfig); err != nil {
fmt.Printf("error removing temporary changes to the config: %v\n", err)
}
}()
}
qcr, err := qConfig.GetCurrentCR()
@@ -25,6 +27,7 @@ func (q *Qliksense) UpgradeQK8s(cleanPatchFiles bool) error {
fmt.Println("cannot get the current-context cr", err)
return err
}
qcr.Spec.RotateKeys = "no"
dcr, err := qConfig.GetDecryptedCr(qcr)
if err != nil {