update k-api

Signed-off-by: Foysal Iqbal <mqb@qlik.com>

cmd/qliksense/context.go

@@ -3,6 +3,7 @@ package main
 import (
 	"errors"
 	"fmt"
+	"os"
 
 	qapi "github.com/qlik-oss/sense-installer/pkg/api"
 
@@ -68,18 +69,30 @@ func setConfigsCmd(q *qliksense.Qliksense) *cobra.Command {
 	var (
 		cmd *cobra.Command
 	)
-
+	base64Encoded := false
 	cmd = &cobra.Command{
 		Use:   "set-configs",
 		Short: "set configurations into the qliksense context as key-value pairs",
 		Example: `
 qliksense config set-configs <service_name>.<attribute>="<value>"
-    - The above configuration will be displayed in the CR
+		- The above configuration will be displayed in the CR
+qliksense config set-configs <service_name>.<attribute>="<value" --base64
+		- if the value is base64 encoded
+echo "something" | base64 | qliksense config set-configs <service_name>.<attribute> --base64
+	- value is coming from input pipe as base64 encoded
+echo "something" | qliksense config set-configs <service_name>.<attribute>
+	- value is coming from input pipe
+
 `,
 		RunE: func(cmd *cobra.Command, args []string) error {
-			return q.SetConfigs(args)
+			if isInputFromPipe() && len(args) == 1 {
+				return q.SetConfigFromReader(args[0], os.Stdin, base64Encoded)
+			}
+			return q.SetConfigs(args, base64Encoded)
 		},
 	}
+	f := cmd.Flags()
+	f.BoolVarP(&base64Encoded, "base64", "", false, "if the arguments value is base64 encoded")
 	return cmd
 }
 
@@ -88,7 +101,7 @@ func setSecretsCmd(q *qliksense.Qliksense) *cobra.Command {
 		cmd    *cobra.Command
 		secret bool
 	)
-
+	base64Encoded := false
 	cmd = &cobra.Command{
 		Use:   "set-secrets",
 		Short: "set secrets configurations into the qliksense context as key-value pairs",
@@ -101,13 +114,24 @@ qliksense config set-secrets <service_name>.<attribute>="<value>" --secret=true
 qliksense config set-secrets <service_name>.<attribute>="<value>" --secret=false
 		- Encrypt the secret value and display it in the current context
 		- No secret resource is created
-        - The above configuration will be displayed in the CR `,
+		  - The above configuration will be displayed in the CR 
+qliksense config set-secrets <service_name>.<attribute>="<value>" --base64
+		- the <value> is base64 encoded
+echo "something" | base64 | qliksense config set-secrets <service_name>.<attribute> --base64
+		- value coming from input pipe as base64 encoded
+echo "something" | qliksense config set-secrets <service_name>.<attribute>
+		- value coming from input pipe`,
 		RunE: func(cmd *cobra.Command, args []string) error {
-			return q.SetSecrets(args, secret)
+			if isInputFromPipe() && len(args) == 1 {
+				return q.SetSecretsFromReader(args[0], os.Stdin, secret, base64Encoded)
+			}
+			return q.SetSecrets(args, secret, base64Encoded)
 		},
 	}
 	f := cmd.Flags()
 	f.BoolVar(&secret, "secret", false, "Whether secrets should be encrypted as a Kubernetes Secret resource")
+	f.BoolVarP(&base64Encoded, "base64", "", false, "if the arguments value is base64 encoded")
+
 	return cmd
 }
 

go.mod

@@ -42,14 +42,14 @@ require (
 	github.com/morikuni/aec v1.0.0 // indirect
 	github.com/otiai10/copy v1.1.1
 	github.com/pkg/errors v0.8.1
-	github.com/qlik-oss/k-apis v0.0.36
+	github.com/qlik-oss/k-apis v0.1.0
 	github.com/robfig/cron/v3 v3.0.1
 	github.com/rogpeppe/go-internal v1.5.2 // indirect
 	github.com/spf13/cobra v0.0.6
 	github.com/spf13/viper v1.6.1
 	github.com/src-d/go-git v4.7.0+incompatible
 	github.com/ttacon/chalk v0.0.0-20160626202418-22c06c80ed31
-	golang.org/x/crypto v0.0.0-20200311171314-f7b00557c8c4
+	golang.org/x/crypto v0.0.0-20200311171314-f7b00557c8c4 // indirect
 	golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a // indirect
 	golang.org/x/net v0.0.0-20200226121028-0de0cce0169b
 	golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527 // indirect
@@ -62,7 +62,6 @@ require (
 	k8s.io/api v0.17.0
 	k8s.io/apimachinery v0.17.0
 	k8s.io/client-go v11.0.0+incompatible
-	k8s.io/kubectl v0.0.0-20191016120415-2ed914427d51
 	sigs.k8s.io/kustomize/api v0.3.2
 	sigs.k8s.io/yaml v1.1.0
 )

go.sum

@@ -795,8 +795,10 @@ github.com/ostreedev/ostree-go v0.0.0-20190702140239-759a8c1ac913/go.mod h1:J6OG
 github.com/otiai10/copy v1.1.1 h1:PH7IFlRQ6Fv9vYmuXbDRLdgTHoP1w483kPNUP2bskpo=
 github.com/otiai10/copy v1.1.1/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw=
 github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE=
+github.com/otiai10/curr v1.0.0 h1:TJIWdbX0B+kpNagQrjgq8bCMrbhiuX73M2XwgtDMoOI=
 github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs=
 github.com/otiai10/mint v1.3.0/go.mod h1:F5AjcsTsWUqX+Na9fpHb52P8pcRX2CI6A3ctIT91xUo=
+github.com/otiai10/mint v1.3.1 h1:BCmzIS3n71sGfHB5NMNDB3lHYPz8fWSkCAErHed//qc=
 github.com/otiai10/mint v1.3.1/go.mod h1:/yxELlJQ0ufhjUwhshSj+wFjZ78CnZ48/1wtmBH1OTc=
 github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
 github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0MwY=
@@ -862,6 +864,10 @@ github.com/qlik-oss/k-apis v0.0.35 h1:LdxfN43UE4Fy4LAmFcsv2nXCuxfxowKY66rpUQHAyD
 github.com/qlik-oss/k-apis v0.0.35/go.mod h1:DNiWYqCqPIN216l7+1rccArNIYPb1Le7kYDcPSyNp+Q=
 github.com/qlik-oss/k-apis v0.0.36 h1:Ztd31rKn4uR3AQRb9QxYf1KEll4+Ku1E8DzCpplBw/g=
 github.com/qlik-oss/k-apis v0.0.36/go.mod h1:yoYGgPJ/H0t9H3NSq64dWfyQY6QWi2L9c+hCJoVO03U=
+github.com/qlik-oss/k-apis v0.0.39 h1:fIGCC7f9kU7319VTSJKr3fLoA9E4MjusRFmOjX3ypis=
+github.com/qlik-oss/k-apis v0.0.39/go.mod h1:yoYGgPJ/H0t9H3NSq64dWfyQY6QWi2L9c+hCJoVO03U=
+github.com/qlik-oss/k-apis v0.1.0 h1:uMl1316SNYy5Hm6jy1U7wiCMkut0tKqdP8mBpSuXXp8=
+github.com/qlik-oss/k-apis v0.1.0/go.mod h1:yoYGgPJ/H0t9H3NSq64dWfyQY6QWi2L9c+hCJoVO03U=
 github.com/qlik-oss/kustomize/api v0.3.3-0.20200402170547-2e8140160c36 h1:BuT+cnXPQ6mcOWTDS1S8GXy65LAEMdPuNQCC36rMq28=
 github.com/qlik-oss/kustomize/api v0.3.3-0.20200402170547-2e8140160c36/go.mod h1:tSQaDZ4Jt9KwYvD7LlMUPi5nkiGOno3PAKl5/XqEfxs=
 github.com/quasilyte/go-consistent v0.0.0-20190521200055-c6f3937de18c/go.mod h1:5STLWrekHfjyYwxBRVRXNOSewLJ3PWfDJd1VyTS21fI=

pkg/api/apis.go

@@ -150,15 +150,21 @@ func (cr *QliksenseCR) GetFetchUrl() string {
 	return cr.Spec.FetchSource.Repository
 }
 
-func (cr *QliksenseCR) GetFetchAccessToken() string {
-	if cr.Spec.FetchSource == nil || cr.Spec.FetchSource.Repository == "" {
+func (cr *QliksenseCR) GetFetchAccessToken(encryptionKey string) string {
+	if cr.Spec.FetchSource == nil {
 		return ""
 	}
 	if tok, err := cr.Spec.FetchSource.GetAccessToken(); err != nil {
 		fmt.Println(err)
 		return ""
 	} else {
-		return tok
+		by, _ := b64.StdEncoding.DecodeString(tok)
+		res, err := DecryptData(by, encryptionKey)
+		if err != nil {
+			fmt.Println(err)
+			return ""
+		}
+		return string(res)
 	}
 }
 
@@ -169,11 +175,16 @@ func (cr *QliksenseCR) SetFetchUrl(url string) {
 	cr.Spec.FetchSource.Repository = url
 }
 
-func (cr *QliksenseCR) SetFetchAccessToken(token string) {
+func (cr *QliksenseCR) SetFetchAccessToken(token, encryptionKey string) error {
 	if cr.Spec.FetchSource == nil {
 		cr.Spec.FetchSource = &config.Repo{}
 	}
-	cr.Spec.FetchSource.AccessToken = token
+	res, err := EncryptData([]byte(token), encryptionKey)
+	if err != nil {
+		return err
+	}
+	cr.Spec.FetchSource.AccessToken = b64.StdEncoding.EncodeToString(res)
+	return nil
 }
 
 func (cr *QliksenseCR) SetFetchAccessSecretName(sec string) {
@@ -495,7 +506,7 @@ func (cr *QliksenseCR) GetCustomCrdsPath() string {
 func (qc *QliksenseConfig) GetDecryptedCr(cr *QliksenseCR) (*QliksenseCR, error) {
 	newCr := &QliksenseCR{}
 	copier.Copy(newCr, cr)
-	encryptionKey, err := qc.GetEncryptionKeyForCurrent()
+	encryptionKey, err := qc.GetEncryptionKeyFor(cr.GetName())
 	if err != nil {
 		return nil, err
 	}
@@ -521,6 +532,11 @@ func (qc *QliksenseConfig) GetDecryptedCr(cr *QliksenseCR) (*QliksenseCR, error)
 		finalSecrets[k] = newNvs
 	}
 	newCr.Spec.Secrets = finalSecrets
+
+	if newCr.Spec.FetchSource != nil && newCr.Spec.FetchSource.AccessToken != "" {
+		decData := cr.GetFetchAccessToken(encryptionKey)
+		newCr.Spec.FetchSource.AccessToken = decData
+	}
 	return newCr, nil
 }
 

pkg/api/apis_test.go

@@ -109,10 +109,7 @@ func TestGetDecryptedCr(t *testing.T) {
 	b := b64.StdEncoding.EncodeToString(ecn)
 	qcr.Spec.AddToSecrets("qliksense", "mongoDbUri", b, "")
 
-	if err != nil {
-		t.Fail()
-		t.Log(err)
-	}
+	qcr.SetFetchAccessToken("mytoken", key)
 
 	newCr, err := qct.GetDecryptedCr(qcr)
 	if err != nil {
@@ -130,6 +127,9 @@ func TestGetDecryptedCr(t *testing.T) {
 	if decryptedValue == orignalValue {
 		t.Fail()
 	}
+	if newCr.Spec.FetchSource.AccessToken != "mytoken" {
+		t.Fail()
+	}
 	td()
 }
 func setupGenerateKey(homeDir string) (string, error) {
@@ -147,3 +147,26 @@ func setupGenerateKey(homeDir string) (string, error) {
 	}
 	return key, nil
 }
+
+func Test_set_and_get_fetch_access_token(t *testing.T) {
+	td, homeDir := setup()
+	defer td()
+	createCRFile(homeDir)
+	crFile := filepath.Join("contexts", "contx1", "contx1.yaml")
+	qConfig := NewQConfig(homeDir)
+	newQ, _ := qConfig.SetCrLocation("contx1", crFile)
+	newQ.Write()
+	qConfig = NewQConfig(homeDir)
+	qcr, _ := qConfig.GetCurrentCR()
+	key, _ := qConfig.GetEncryptionKeyFor(qcr.GetName())
+	if err := qcr.SetFetchAccessToken("mytokenbeforeencryption", key); err != nil {
+		t.Log(err)
+		t.FailNow()
+	}
+	tok := qcr.GetFetchAccessToken(key)
+	if tok != "mytokenbeforeencryption" {
+		t.Log("Expected: mytokenbeforeencryption, got: " + tok)
+		t.Fail()
+	}
+
+}

pkg/api/utils.go

@@ -4,6 +4,7 @@ import (
 	"archive/tar"
 	"archive/zip"
 	"compress/gzip"
+	b64 "encoding/base64"
 	"fmt"
 	"io"
 	"io/ioutil"
@@ -61,7 +62,7 @@ func ReadKeys(keyFile string) ([]byte, error) {
 }
 
 // ProcessConfigArgs processes args and returns an service, key, value slice
-func ProcessConfigArgs(args []string) ([]*ServiceKeyValue, error) {
+func ProcessConfigArgs(args []string, base64Encoded bool) ([]*ServiceKeyValue, error) {
 	// prepare received args
 	// split args[0] into key and value
 	if len(args) == 0 {
@@ -81,10 +82,18 @@ func ProcessConfigArgs(args []string) ([]*ServiceKeyValue, error) {
 		if len(second) != 2 {
 			return nil, notValidErr
 		}
+		resultValue := strings.Trim(first[1], "\"")
+		if base64Encoded {
+			if decodeByte, err := b64.StdEncoding.DecodeString(resultValue); err != nil {
+				return nil, err
+			} else {
+				resultValue = strings.Trim(string(decodeByte), "\n ")
+			}
+		}
 		resultSvcKV[i] = &ServiceKeyValue{
 			SvcName: second[0],
 			Key:     second[1],
-			Value:   strings.ReplaceAll(first[1], `"`, ""),
+			Value:   resultValue,
 		}
 	}
 	return resultSvcKV, nil

pkg/api/utils_test.go

@@ -16,7 +16,7 @@ func TestProcessConfigArgs(t *testing.T) {
 	expectedKeys := []string{"mongodb", "test", "dash-key", "dot-key", "key123", "keyequal"}
 	expectedValue := []string{"mongouri://something?ffall", "value_under", "value-dash", "127.0.0.1", "value123", "newvalue=@hj"}
 	exppectedSvc := []string{"qliksense", "test_under", "test-dash", "test-dot", "test123", "test-equal"}
-	sv, err := ProcessConfigArgs(args)
+	sv, err := ProcessConfigArgs(args, false)
 	if err != nil {
 		t.Log(err)
 		t.FailNow()

pkg/qliksense/context_configs.go

@@ -1,7 +1,9 @@
 package qliksense
 
 import (
+	"errors"
 	"fmt"
+	"io"
 
 	"github.com/qlik-oss/k-apis/pkg/config"
 	"github.com/robfig/cron/v3"
@@ -38,8 +40,21 @@ const (
 	qliksenseOperatorImageName = "qliksense-operator"
 )
 
+func (q *Qliksense) SetSecretsFromReader(arg string, reader io.Reader, createSecret, base64Encoded bool) error {
+	//take only name from the arguments, value should be from reader
+	argName := strings.SplitN(arg, "=", 1)
+	if len(argName) != 1 {
+		return errors.New("can only have one argument from pipe")
+	}
+	valueBytes, err := ioutil.ReadAll(reader)
+	if err != nil {
+		return err
+	}
+	return q.SetSecrets([]string{argName[0] + "=" + string(valueBytes)}, createSecret, base64Encoded)
+}
+
 // SetSecrets - set-secrets <key>=<value> commands
-func (q *Qliksense) SetSecrets(args []string, isSecretSet bool) error {
+func (q *Qliksense) SetSecrets(args []string, isSecretSet bool, base64Encoded bool) error {
 	qConfig := api.NewQConfig(q.QliksenseHome)
 	qliksenseCR, err := qConfig.GetCurrentCR()
 	if err != nil {
@@ -52,7 +67,7 @@ func (q *Qliksense) SetSecrets(args []string, isSecretSet bool) error {
 	if err != nil {
 		return err
 	}
-	resultArgs, err := api.ProcessConfigArgs(args)
+	resultArgs, err := api.ProcessConfigArgs(args, base64Encoded)
 	if err != nil {
 		return err
 	}
@@ -123,8 +138,21 @@ func (q *Qliksense) processSecret(ra *api.ServiceKeyValue, encryptionKey string,
 	return nil
 }
 
+func (q *Qliksense) SetConfigFromReader(arg string, reader io.Reader, base64Encoded bool) error {
+	//take only name from the arguments, value should be from reader
+	argName := strings.SplitN(arg, "=", 1)
+	if len(argName) != 1 {
+		return errors.New("can only have one argument from pipe")
+	}
+	valueBytes, err := ioutil.ReadAll(reader)
+	if err != nil {
+		return err
+	}
+	return q.SetConfigs([]string{argName[0] + "=" + string(valueBytes)}, base64Encoded)
+}
+
 // SetConfigs - set-configs <key>=<value> commands
-func (q *Qliksense) SetConfigs(args []string) error {
+func (q *Qliksense) SetConfigs(args []string, base64Encoded bool) error {
 	// retieve current context from config.yaml
 	qConfig := api.NewQConfig(q.QliksenseHome)
 	qliksenseCR, err := qConfig.GetCurrentCR()
@@ -132,7 +160,7 @@ func (q *Qliksense) SetConfigs(args []string) error {
 		return err
 	}
 
-	resultArgs, err := api.ProcessConfigArgs(args)
+	resultArgs, err := api.ProcessConfigArgs(args, base64Encoded)
 	if err != nil {
 		return err
 	}
@@ -212,43 +240,130 @@ func (q *Qliksense) SetOtherConfigs(args []string) error {
 	}
 
 	for _, arg := range args {
-		argsString := strings.Split(arg, "=")
-		key := strings.ToLower(argsString[0])
-		value := argsString[1]
-		// check if key is for git or gitops (sub objects)
-		keySplit := strings.Split(key, ".")
-		key = keySplit[0]
-		keySub := ""
-
-		if len(keySplit) == 2 {
-			keySub = strings.ToLower(keySplit[1])
-		}
-
-		valid := true
-		valid, qliksenseCR = validateCR(key, keySub, value, qliksenseCR)
-		field := caseInsenstiveFieldByName(reflect.Indirect(reflect.ValueOf(qliksenseCR.Spec)), key)
-		if !valid {
-			err := fmt.Errorf("Please enter one of: profile, storageClassName,rotateKeys, manifestRoot, git.repository or gitops arguments to configure the current context")
-			return err
-		} else if strings.EqualFold("", keySub) {
-			// set spec for everything excluding git and gitops
-			if field.CanSet() {
-				field.SetString(value)
+		if strings.HasPrefix(arg, "fetchSource.") {
+			if err := q.processSetFetchSource(arg, qliksenseCR); err != nil {
+				return err
+			}
+		} else if strings.HasPrefix(arg, "git.") {
+			if err := q.processSetGit(arg, qliksenseCR); err != nil {
+				return err
+			}
+		} else if strings.HasPrefix(arg, "gitOps.") {
+			if err := q.processSetGitOps(arg, qliksenseCR); err != nil {
+				return err
 			}
 		} else {
-			// set spec for git or gitops
-			subField := caseInsenstiveFieldByName(reflect.Indirect(field), keySub)
-			if subField.CanSet() {
-				subField.SetString(value)
+			if err := processSetSingleArg(arg, qliksenseCR); err != nil {
+				return err
 			}
 		}
-
 		fmt.Println(chalk.Green.Color("Successfully added to Custom Resource Spec"))
 	}
+
 	// write modified content into context.yaml
 	return qConfig.WriteCR(qliksenseCR)
 }
 
+func processSetSingleArg(arg string, cr *api.QliksenseCR) error {
+	nv := strings.Split(arg, "=")
+	switch nv[0] {
+	case "manifestsRoot":
+		cr.Spec.ManifestsRoot = nv[1]
+	case "profile":
+		cr.Spec.Profile = nv[1]
+	case "storageClassName":
+		cr.Spec.StorageClassName = nv[1]
+	case "rotateKeys":
+		valid := false
+		for _, v := range []string{"yes", "no", "None"} {
+			if nv[1] == v {
+				valid = true
+			}
+		}
+		if !valid {
+			return errors.New("please povide rotateKeys=yes|no|None")
+		}
+		cr.Spec.RotateKeys = nv[1]
+	default:
+		return errors.New("Please enter one of: profile, storageClassName,rotateKeys, manifestRoot to configure the current context")
+	}
+	return nil
+}
+
+func (q *Qliksense) processSetFetchSource(arg string, cr *api.QliksenseCR) error {
+	args := strings.Split(arg, "=")
+	subs := strings.Split(args[0], ".")
+	if cr.Spec.FetchSource == nil {
+		cr.Spec.FetchSource = &config.Repo{}
+	}
+	switch subs[1] {
+	case "repository":
+		cr.Spec.FetchSource.Repository = args[1]
+	case "accessToken":
+		qConfig := api.NewQConfig(q.QliksenseHome)
+		key, err := qConfig.GetEncryptionKeyFor(cr.GetName())
+		if err != nil {
+			return err
+		}
+		return cr.SetFetchAccessToken(args[1], key)
+	case "secretName":
+		cr.Spec.FetchSource.SecretName = args[1]
+	case "userName":
+		cr.Spec.FetchSource.UserName = args[1]
+	default:
+		return errors.New(arg + " does not match any cr spec")
+	}
+	return nil
+}
+
+func (q *Qliksense) processSetGit(arg string, cr *api.QliksenseCR) error {
+	args := strings.Split(arg, "=")
+	subs := strings.Split(args[0], ".")
+	if cr.Spec.Git == nil {
+		cr.Spec.Git = &config.Repo{}
+	}
+	switch subs[1] {
+	case "repository":
+		cr.Spec.Git.Repository = args[1]
+	case "accessToken":
+		cr.Spec.Git.AccessToken = args[1]
+	case "secretName":
+		cr.Spec.Git.SecretName = args[1]
+	case "userName":
+		cr.Spec.Git.UserName = args[1]
+	default:
+		return errors.New(arg + " does not match any cr spec")
+	}
+	return nil
+}
+
+func (q *Qliksense) processSetGitOps(arg string, cr *api.QliksenseCR) error {
+	args := strings.Split(arg, "=")
+	subs := strings.Split(args[0], ".")
+	if cr.Spec.Git == nil {
+		cr.Spec.GitOps = &config.GitOps{}
+	}
+	switch subs[1] {
+	case "enabled":
+		if args[1] != "yes" && args[1] != "no" {
+			return errors.New("Please use yes or no for key enabled")
+		}
+		cr.Spec.GitOps.Enabled = args[1]
+	case "schedule":
+		if _, err := cron.ParseStandard(args[1]); err != nil {
+			return errors.New("Please enter string with standard cron scheduling syntax ")
+		}
+		cr.Spec.GitOps.Schedule = args[1]
+	case "watchBranch":
+		cr.Spec.GitOps.WatchBranch = args[1]
+	case "image":
+		cr.Spec.GitOps.Image = args[1]
+	default:
+		return errors.New(arg + " does not match any cr spec")
+	}
+	return nil
+}
+
 // SetContextConfig - set the context for qliksense kubernetes resources to live in
 func (q *Qliksense) SetContextConfig(args []string) error {
 	if len(args) == 1 {
@@ -397,7 +512,7 @@ func (q *Qliksense) SetUpQliksenseContext(contextName string) error {
 	}
 
 	// set the encrypted default mongo
-	return q.SetSecrets([]string{`qliksense.mongoDbUri="mongodb://qlik-default-mongodb:27017/qliksense?ssl=false"`}, false)
+	return q.SetSecrets([]string{`qliksense.mongoDbUri="mongodb://qlik-default-mongodb:27017/qliksense?ssl=false"`}, false, false)
 }
 
 func validateInput(input string) (string, error) {

pkg/qliksense/context_configs_test.go

@@ -244,7 +244,7 @@ func TestSetOtherConfigs(t *testing.T) {
 				q: &Qliksense{
 					QliksenseHome: testDir,
 				},
-				args: []string{"profile=minikube", "rotateKeys=yes", "storageClassName=efs", "gitops.enabled=yes", "gitops.schedule=30 * * * *", "git.repository=master", "git.username=foo", "git.accesstoken=1234"},
+				args: []string{"profile=minikube", "rotateKeys=yes", "storageClassName=efs", "gitOps.enabled=yes", "gitOps.schedule=30 * * * *", "git.repository=master", "git.userName=foo", "git.accessToken=1234"},
 			},
 			wantErr: false,
 		},
@@ -254,7 +254,7 @@ func TestSetOtherConfigs(t *testing.T) {
 				q: &Qliksense{
 					QliksenseHome: testDir,
 				},
-				args: []string{"someconfig=somevalue, gitops.schedule=bar", "gitops.enabled=bar", "git.foo=bar", "rotatekeys=bar"},
+				args: []string{"someconfig=somevalue, gitOps.schedule=bar", "gitOps.enabled=bar", "git.foo=bar", "rotateKeys=bar"},
 			},
 			wantErr: true,
 		},
@@ -305,7 +305,7 @@ func TestSetConfigs(t *testing.T) {
 	defer tearDown()
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			if err := tt.args.q.SetConfigs(tt.args.args); (err != nil) != tt.wantErr {
+			if err := tt.args.q.SetConfigs(tt.args.args, false); (err != nil) != tt.wantErr {
 				t.Errorf("SetConfigs() error = %v, wantErr %v", err, tt.wantErr)
 			}
 		})
@@ -558,6 +558,7 @@ func Test_SetSecrets(t *testing.T) {
 	type args struct {
 		args        []string
 		isSecretSet bool
+		base64      bool
 	}
 	tests := []struct {
 		name    string
@@ -576,6 +577,18 @@ func Test_SetSecrets(t *testing.T) {
 			},
 			wantErr: false,
 		},
+		{
+			name: "valid secret secrets=false base64 encoded",
+			fields: fields{
+				QliksenseHome: testDir,
+			},
+			args: args{
+				args:        []string{"qliksense.mongoDbUri=bW9uZ29kYjovL3FsaWstZGVmYXVsdC1tb25nb2RiOjI3MDE3L3FsaWtzZW5zZT9zc2w9ZmFsc2U="},
+				isSecretSet: false,
+				base64:      true,
+			},
+			wantErr: false,
+		},
 		{
 			name: "test1 valid secret secrets=true",
 			fields: fields{
@@ -621,7 +634,7 @@ func Test_SetSecrets(t *testing.T) {
 			q := &Qliksense{
 				QliksenseHome: tt.fields.QliksenseHome,
 			}
-			if err := q.SetSecrets(tt.args.args, tt.args.isSecretSet); (err != nil) != tt.wantErr {
+			if err := q.SetSecrets(tt.args.args, tt.args.isSecretSet, tt.args.base64); (err != nil) != tt.wantErr {
 				t.Errorf("SetSecrets() error = %v, wantErr %v", err, tt.wantErr)
 				t.FailNow()
 			}
@@ -632,7 +645,10 @@ func Test_SetSecrets(t *testing.T) {
 			// extract the value for testing
 			testValueArr := strings.SplitN(tt.args.args[0], "=", 2)
 			testValue := strings.ReplaceAll(testValueArr[1], "\"", "")
-
+			if tt.args.base64 {
+				d, _ := b64.StdEncoding.DecodeString(testValue)
+				testValue = strings.Trim(string(d), "\n ")
+			}
 			qliksenseCR, err := readCRFile()
 			if err != nil {
 				err = fmt.Errorf("Not able to read from context file: %v", err)

pkg/qliksense/fetch.go

@@ -39,7 +39,13 @@ func (q *Qliksense) FetchK8sWithOpts(opts *FetchCommandOptions) error {
 		return err
 	}
 	if opts.AccessToken != "" {
-		cr.SetFetchAccessToken(opts.AccessToken)
+		encKey, err := qConfig.GetEncryptionKeyFor(cr.GetName())
+		if err != nil {
+			return err
+		}
+		if err := cr.SetFetchAccessToken(opts.AccessToken, encKey); err != nil {
+			return err
+		}
 	}
 	if opts.SecretName != "" {
 		cr.SetFetchAccessSecretName(opts.SecretName)
@@ -78,8 +84,12 @@ func fetchAndUpdateCR(qConfig *qapi.QliksenseConfig, version string) error {
 		}
 		version = qcr.GetLabelFromCr("version")
 	}
+	encKey, err := qConfig.GetEncryptionKeyFor(qcr.GetName())
+	if err != nil {
+		return err
+	}
 	// downlaod to temp first
-	tempDest, err := fetchToTempDir(qcr.GetFetchUrl(), version, qcr.GetFetchAccessToken())
+	tempDest, err := fetchToTempDir(qcr.GetFetchUrl(), version, qcr.GetFetchAccessToken(encKey))
 	if err != nil {
 		return err
 	}

pkg/qliksense/load_cr.go

@@ -69,7 +69,11 @@ func (q *Qliksense) loadCrStringIntoFileSystem(crstr string, overwriteExistingCo
 			}
 		}
 	}
-
+	if cr.Spec.FetchSource != nil && cr.Spec.FetchSource.AccessToken != "" {
+		if err := cr.SetFetchAccessToken(cr.Spec.FetchSource.AccessToken, encryptionKey); err != nil {
+			return "", err
+		}
+	}
 	// update manifestsRoot in case already exist
 	if existingCr, err := qConfig.GetCR(cr.GetName()); err == nil {
 		// cr exists, so update the manifestsRoot if version exist