random prefix

Signed-off-by: Foysal Iqbal <mqb@qlik.com>

.github/workflows/build.yml

@@ -24,4 +24,4 @@ jobs:
       shell: bash
 
     - run: make test
-    - run: make xbuild-all
+    - run: make build

Makefile

@@ -39,28 +39,20 @@ endif
 
 .PHONY: build
 build: clean generate
-	go run _make_support/mkdir_all/do.go $(BINDIR)
+	mkdir -p $(BINDIR)
 	go build -ldflags '$(LDFLAGS)' -tags "$(BUILDTAGS)" -o $(BINDIR)/$(MIXIN)$(FILE_EXT) ./cmd/$(MIXIN)
 	$(MAKE) clean
 
-.PHONY: test-setup
-test-setup: clean generate
-ifeq ($(shell ${WHICH} docker-registry 2>${DEVNUL}),)
-	$(eval TMP-docker-distribution := $(shell go run _make_support/get_tmp_dir/do.go))
-	git clone https://github.com/docker/distribution.git "$(TMP-docker-distribution)/docker-distribution"
-	cd "$(TMP-docker-distribution)/docker-distribution" && git checkout -b v2.7.1 && $(MAKE)
-	go run _make_support/copy/do.go --src "$(TMP-docker-distribution)/docker-distribution/bin/registry" --dst pkg/qliksense/docker-registry$(FILE_EXT)
-	go run _make_support/remove_all/do.go "$(TMP-docker-distribution)"
-endif
-
-.PHONY: test-short
-test-short: test-setup
-	go test -short -count=1 -tags "$(BUILDTAGS)" -v ./...
-	$(MAKE) clean
-
 .PHONY: test
-test: test-setup
-	go test -count=1 -tags "$(BUILDTAGS)" -v ./...
+test: clean generate
+ifeq ($(shell ${WHICH} docker-registry 2>${DEVNUL}),)
+	$(eval TMP-docker-distribution := $(shell mktemp -d))
+	git clone https://github.com/docker/distribution.git $(TMP-docker-distribution)/docker-distribution
+	cd $(TMP-docker-distribution)/docker-distribution; git checkout -b v2.7.1; make
+	cp $(TMP-docker-distribution)/docker-distribution/bin/registry pkg/qliksense/docker-registry
+	-rm -rf $(TMP-docker-distribution)
+endif
+	go test -short -count=1 -tags "$(BUILDTAGS)" -v ./...
 	$(MAKE) clean
 
 xbuild-all: clean generate
@@ -86,7 +78,6 @@ endif
 
 generate: get-crds packr2
 	go generate ./...
-	go run _make_support/remove_all/do.go pkg/qliksense/crds
 
 packr2:
 ifeq ($(shell ${WHICH} packr2 2>${DEVNUL}),)
@@ -94,22 +85,22 @@ ifeq ($(shell ${WHICH} packr2 2>${DEVNUL}),)
 endif
 
 clean: clean-packr
-	go run _make_support/remove_all/do.go pkg/qliksense/crds
+	-rm -fr pkg/qliksense/crds
 
 clean-packr: packr2
 	cd pkg/qliksense && packr2 clean
 
 get-crds:
 ifeq ($(QLIKSENSE_OPERATOR_DIR),)
-	$(eval TMP-operator := $(shell go run _make_support/get_tmp_dir/do.go))
+	$(eval TMP-operator := $(shell mktemp -d))
 	git clone https://github.com/qlik-oss/qliksense-operator.git -b master $(TMP-operator)/operator
-	$(MAKE) QLIKSENSE_OPERATOR_DIR="$(TMP-operator)/operator" get-crds
-	go run _make_support/remove_all/do.go "$(TMP-operator)"
+	$(MAKE) QLIKSENSE_OPERATOR_DIR=$(TMP-operator)/operator get-crds
+	-rm -rf $(TMP-operator)
 else
-	go run _make_support/mkdir_all/do.go pkg/qliksense/crds/cr
-	go run _make_support/mkdir_all/do.go pkg/qliksense/crds/crd
-	go run _make_support/mkdir_all/do.go pkg/qliksense/crds/crd-deploy
-	go run _make_support/copy/do.go --src-pattern "$(QLIKSENSE_OPERATOR_DIR)/deploy/*.yaml" --dst pkg/qliksense/crds/crd-deploy
-	go run _make_support/copy/do.go --src-pattern "$(QLIKSENSE_OPERATOR_DIR)/deploy/crds/*_crd.yaml" --dst pkg/qliksense/crds/crd
-	go run _make_support/copy/do.go --src-pattern "$(QLIKSENSE_OPERATOR_DIR)/deploy/crds/*_cr.yaml" --dst pkg/qliksense/crds/cr
+	mkdir -p pkg/qliksense/crds/cr
+	mkdir -p pkg/qliksense/crds/crd
+	mkdir -p pkg/qliksense/crds/crd-deploy
+	cp $(QLIKSENSE_OPERATOR_DIR)/deploy/*.yaml pkg/qliksense/crds/crd-deploy
+	cp $(QLIKSENSE_OPERATOR_DIR)/deploy/crds/*_crd.yaml pkg/qliksense/crds/crd
+	cp $(QLIKSENSE_OPERATOR_DIR)/deploy/crds/*_cr.yaml pkg/qliksense/crds/cr
 endif

README.md

@@ -1,12 +1,16 @@
-# (WIP) Qlik Sense on Kubernetes installation and operations CLI
+# (WIP) Qlik Sense installation and operations CLI
 
 ## Documentation
 
-To learn more about Qlik Sense on Kubernetes CLI go to https://qlik-oss.github.io/sense-installer/
+To learn more about Qlik Sense installer go to https://qlik-oss.github.io/sense-installer/
 
 ## About
 
-The QSEoK CLI (qliksense) provides an imperative interface to many of the configurations that need to be applied against the declarative structure described in [qliksense-k8s](https://github.com/qlik-oss/qliksense-k8s).
+The Qlik Sense installer CLI (qliksense) provides an imperative interface to many of the configurations that need to be applied against the declarative structure described in [qliksense-k8s](https://github.com/qlik-oss/qliksense-k8s). This cli facilitates:
+
+- installation of QSEoK
+- installation of qliksense operator to manage QSEoK
+- air gapped installation of QSEoK
 
 This is a technology preview that uses Qlik modified [kustomize](https://github.com/qlik-oss/kustomize) to kubernetes manifests of the versions of the [qliksense-k8s](https://github.com/qlik-oss/qliksense-k8s) repository.
 

_make_support/copy/do.go

@@ -1,109 +0,0 @@
-package main
-
-import (
-	"flag"
-	"fmt"
-	"io"
-	"os"
-	"path/filepath"
-
-	"github.com/otiai10/copy"
-)
-
-func main() {
-	srcPattern := flag.String("src-pattern", "", "Source file pattern")
-	src := flag.String("src", "", "Source file or directory")
-	dst := flag.String("dst", "", "Destination file or directory")
-	flag.Parse()
-
-	if *srcPattern != "" {
-		if dstInfo, err := os.Lstat(*dst); err != nil {
-			panic(err)
-		} else if !dstInfo.IsDir() {
-			panic(fmt.Errorf("%v must be a directory", *dst))
-		}
-
-		if matches, err := filepath.Glob(*srcPattern); err != nil {
-			panic(err)
-		} else {
-			for _, match := range matches {
-				srcInfo, err := os.Lstat(match)
-				if err != nil {
-					panic(err)
-				}
-				if srcInfo.IsDir() {
-					if err := copy.Copy(match, *dst, copy.Options{
-						OnSymlink: func(p string) copy.SymlinkAction {
-							return copy.Skip
-						},
-					}); err != nil {
-						panic(err)
-					}
-				} else if srcInfo.Mode().IsRegular() {
-					if err := fcopy(match, filepath.Join(*dst, filepath.Base(match)), srcInfo); err != nil {
-						panic(err)
-					}
-				}
-			}
-		}
-	} else if *src != "" {
-		srcInfo, err := os.Lstat(*src)
-		if err != nil {
-			panic(err)
-		}
-		if srcInfo.IsDir() {
-			if err := copy.Copy(*src, *dst, copy.Options{
-				OnSymlink: func(p string) copy.SymlinkAction {
-					return copy.Skip
-				},
-			}); err != nil {
-				panic(err)
-			}
-		} else if srcInfo.Mode().IsRegular() {
-			finalDestination := *dst
-			if dstInfo, err := os.Lstat(*dst); err != nil {
-				if !os.IsNotExist(err) {
-					panic(err)
-				}
-			} else if dstInfo.IsDir() {
-				finalDestination = filepath.Join(*dst, filepath.Base(*src))
-			} else if dstInfo.Mode().IsRegular() {
-				fmt.Println("WARNING: over-writing existing file: ", *dst)
-				if err := os.Remove(*dst); err != nil {
-					panic(err)
-				}
-			} else {
-				panic(fmt.Errorf("not sure how to copy to this dst: %v", *dst))
-			}
-			if err := fcopy(*src, finalDestination, srcInfo); err != nil {
-				panic(err)
-			}
-		}
-	}
-}
-
-func fcopy(src, dest string, info os.FileInfo) (err error) {
-
-	if err := os.MkdirAll(filepath.Dir(dest), os.ModePerm); err != nil {
-		return err
-	}
-
-	f, err := os.Create(dest)
-	if err != nil {
-		return err
-	}
-	defer f.Close()
-
-	if err = os.Chmod(f.Name(), info.Mode()); err != nil {
-		return err
-	}
-
-	s, err := os.Open(src)
-	if err != nil {
-		return err
-	}
-	defer s.Close()
-
-	_, err = io.Copy(f, s)
-	return err
-}

_make_support/copy/go.mod

@@ -1,5 +0,0 @@
-module github.com/qlik-oss/sense-installer/_make_support/copy
-
-go 1.13
-
-require github.com/otiai10/copy v1.1.1

_make_support/copy/go.sum

@@ -1,8 +0,0 @@
-github.com/otiai10/copy v1.1.1 h1:PH7IFlRQ6Fv9vYmuXbDRLdgTHoP1w483kPNUP2bskpo=
-github.com/otiai10/copy v1.1.1/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw=
-github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE=
-github.com/otiai10/curr v1.0.0 h1:TJIWdbX0B+kpNagQrjgq8bCMrbhiuX73M2XwgtDMoOI=
-github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs=
-github.com/otiai10/mint v1.3.0/go.mod h1:F5AjcsTsWUqX+Na9fpHb52P8pcRX2CI6A3ctIT91xUo=
-github.com/otiai10/mint v1.3.1 h1:BCmzIS3n71sGfHB5NMNDB3lHYPz8fWSkCAErHed//qc=
-github.com/otiai10/mint v1.3.1/go.mod h1:/yxELlJQ0ufhjUwhshSj+wFjZ78CnZ48/1wtmBH1OTc=

_make_support/get_tmp_dir/do.go

@@ -1,14 +0,0 @@
-package main
-
-import (
-	"fmt"
-	"io/ioutil"
-)
-
-func main() {
-	if tmpDir, err := ioutil.TempDir("", ""); err != nil {
-		panic(err)
-	} else {
-		fmt.Print(tmpDir)
-	}
-}

_make_support/get_tmp_dir/go.mod

@@ -1,3 +0,0 @@
-module github.com/qlik-oss/sense-installer/_make_support/get_tmp_dir
-
-go 1.13

_make_support/mkdir_all/do.go

@@ -1,11 +0,0 @@
-package main
-
-import (
-	"os"
-)
-
-func main() {
-	if err := os.MkdirAll(os.Args[1], os.ModePerm); err != nil {
-		panic(err)
-	}
-}

_make_support/mkdir_all/go.mod

@@ -1,3 +0,0 @@
-module github.com/qlik-oss/sense-installer/_make_support/mkdir_all
-
-go 1.13

_make_support/remove_all/do.go

@@ -1,11 +0,0 @@
-package main
-
-import (
-	"os"
-)
-
-func main() {
-	if err := os.RemoveAll(os.Args[1]); err != nil {
-		panic(err)
-	}
-}

_make_support/remove_all/go.mod

@@ -1,3 +0,0 @@
-module github.com/qlik-oss/sense-installer/_make_support/remove_all
-
-go 1.13

cmd/qliksense/about.go

@@ -39,7 +39,7 @@ qliksense about --profile=test
     then get version information based on the default profile in the qliksense-k8s repo master
 `,
 		RunE: func(cmd *cobra.Command, args []string) error {
-			if gitRef, err := getSingleArg(args); err != nil {
+			if gitRef, err := getAboutCommandGitRef(args); err != nil {
 				return err
 			} else if vout, err := q.About(gitRef, opts.Profile); err != nil {
 				return err
@@ -56,7 +56,7 @@ qliksense about --profile=test
 	return c
 }
 
-func getSingleArg(args []string) (string, error) {
+func getAboutCommandGitRef(args []string) (string, error) {
 	if len(args) > 1 {
 		return "", errors.New("too many arguments, only 1 expected")
 	} else if len(args) == 1 {

cmd/qliksense/apply.go

@@ -1,11 +1,7 @@
 package main
 
 import (
-	"bytes"
-	"errors"
-	"fmt"
-
-	qapi "github.com/qlik-oss/sense-installer/pkg/api"
+	"io"
 
 	"github.com/qlik-oss/sense-installer/pkg/qliksense"
 	"github.com/spf13/cobra"
@@ -14,21 +10,15 @@ import (
 func applyCmd(q *qliksense.Qliksense) *cobra.Command {
 	opts := &qliksense.InstallCommandOptions{}
 	filePath := ""
-	keepPatchFiles, pull, push := false, false, false
+	keepPatchFiles := false
 	c := &cobra.Command{
 		Use:     "apply",
 		Short:   "install qliksense based on provided cr file",
 		Long:    `install qliksense based on provided cr file`,
 		Example: `qliksense apply -f file_name or cat cr_file | qliksense apply -f -`,
 		RunE: func(cmd *cobra.Command, args []string) error {
-			return runLoadOrApplyCommandE(cmd, func(crBytes []byte) error {
-				if cr, crBytesWithEula, err := getCrWithEulaInserted(crBytes); err != nil {
-					return err
-				} else if err := validatePullPushFlagsOnApply(cr, pull, push); err != nil {
-					return err
-				} else {
-					return q.ApplyCRFromReader(bytes.NewReader(crBytesWithEula), opts, keepPatchFiles, true, pull, push)
-				}
+			return runLoadOrApplyCommandE(cmd, func(reader io.Reader) error {
+				return q.ApplyCRFromReader(reader, opts, keepPatchFiles, true)
 			})
 		},
 	}
@@ -40,35 +30,8 @@ func applyCmd(q *qliksense.Qliksense) *cobra.Command {
 	f.StringVarP(&opts.MongoDbUri, "mongoDbUri", "m", "", "mongoDbUri for qliksense (i.e. mongodb://qlik-default-mongodb:27017/qliksense?ssl=false)")
 	f.StringVarP(&opts.RotateKeys, "rotateKeys", "r", "", "Rotate JWT keys for qliksense (yes:rotate keys/ no:use exising keys from cluster/ None: use default EJSON_KEY from env")
 	f.BoolVar(&keepPatchFiles, keepPatchFilesFlagName, keepPatchFiles, keepPatchFilesFlagUsage)
-	f.BoolVarP(&pull, pullFlagName, pullFlagShorthand, pull, pullFlagUsage)
-	f.BoolVarP(&push, pushFlagName, pushFlagShorthand, push, pushFlagUsage)
 
-	eulaPreRunHooks.addValidator(fmt.Sprintf("%v %v", rootCommandName, c.Name()), loadOrApplyCommandEulaPreRunHook)
+	eulaPreRunHooks.addValidator(c.Name(), loadOrApplyCommandEulaPreRunHook)
 
 	return c
 }
-
-func validatePullPushFlagsOnApply(cr *qapi.QliksenseCR, pull, push bool) error {
-	if pull && !push {
-		fmt.Printf("WARNING: pulling images without pushing them")
-	}
-	if push {
-		if registry := cr.Spec.GetImageRegistry(); registry == "" {
-			return errors.New("no image registry set in the CR; to set it use: qliksense config set-image-registry")
-		}
-	}
-	return nil
-}
-
-func getCrWithEulaInserted(crBytes []byte) (*qapi.QliksenseCR, []byte, error) {
-	if cr, err := qapi.CreateCRObjectFromString(string(crBytes)); err != nil {
-		return nil, nil, err
-	} else {
-		cr.SetEULA("yes")
-		if crBytesWithEula, err := qapi.K8sToYaml(cr); err != nil {
-			return nil, nil, err
-		} else {
-			return cr, crBytesWithEula, nil
-		}
-	}
-}

cmd/qliksense/context.go

@@ -3,7 +3,6 @@ package main
 import (
 	"errors"
 	"fmt"
-	"os"
 
 	qapi "github.com/qlik-oss/sense-installer/pkg/api"
 
@@ -69,30 +68,18 @@ func setConfigsCmd(q *qliksense.Qliksense) *cobra.Command {
 	var (
 		cmd *cobra.Command
 	)
-	base64Encoded := false
+
 	cmd = &cobra.Command{
 		Use:   "set-configs",
 		Short: "set configurations into the qliksense context as key-value pairs",
 		Example: `
 qliksense config set-configs <service_name>.<attribute>="<value>"
-		- The above configuration will be displayed in the CR
-qliksense config set-configs <service_name>.<attribute>="<value" --base64
-		- if the value is base64 encoded
-echo "something" | base64 | qliksense config set-configs <service_name>.<attribute> --base64
-	- value is coming from input pipe as base64 encoded
-echo "something" | qliksense config set-configs <service_name>.<attribute>
-	- value is coming from input pipe
-
+    - The above configuration will be displayed in the CR
 `,
 		RunE: func(cmd *cobra.Command, args []string) error {
-			if isInputFromPipe() && len(args) == 1 {
-				return q.SetConfigFromReader(args[0], os.Stdin, base64Encoded)
-			}
-			return q.SetConfigs(args, base64Encoded)
+			return q.SetConfigs(args)
 		},
 	}
-	f := cmd.Flags()
-	f.BoolVarP(&base64Encoded, "base64", "", false, "if the arguments value is base64 encoded")
 	return cmd
 }
 
@@ -101,7 +88,7 @@ func setSecretsCmd(q *qliksense.Qliksense) *cobra.Command {
 		cmd    *cobra.Command
 		secret bool
 	)
-	base64Encoded := false
+
 	cmd = &cobra.Command{
 		Use:   "set-secrets",
 		Short: "set secrets configurations into the qliksense context as key-value pairs",
@@ -114,24 +101,13 @@ qliksense config set-secrets <service_name>.<attribute>="<value>" --secret=true
 qliksense config set-secrets <service_name>.<attribute>="<value>" --secret=false
 		- Encrypt the secret value and display it in the current context
 		- No secret resource is created
-		  - The above configuration will be displayed in the CR 
-qliksense config set-secrets <service_name>.<attribute>="<value>" --base64
-		- the <value> is base64 encoded
-echo "something" | base64 | qliksense config set-secrets <service_name>.<attribute> --base64
-		- value coming from input pipe as base64 encoded
-echo "something" | qliksense config set-secrets <service_name>.<attribute>
-		- value coming from input pipe`,
+        - The above configuration will be displayed in the CR `,
 		RunE: func(cmd *cobra.Command, args []string) error {
-			if isInputFromPipe() && len(args) == 1 {
-				return q.SetSecretsFromReader(args[0], os.Stdin, secret, base64Encoded)
-			}
-			return q.SetSecrets(args, secret, base64Encoded)
+			return q.SetSecrets(args, secret)
 		},
 	}
 	f := cmd.Flags()
 	f.BoolVar(&secret, "secret", false, "Whether secrets should be encrypted as a Kubernetes Secret resource")
-	f.BoolVarP(&base64Encoded, "base64", "", false, "if the arguments value is base64 encoded")
-
 	return cmd
 }
 
@@ -139,18 +115,15 @@ func deleteContextConfigCmd(q *qliksense.Qliksense) *cobra.Command {
 	var (
 		cmd *cobra.Command
 	)
-	skipConfirmation := false
+
 	cmd = &cobra.Command{
 		Use:     "delete-context",
 		Short:   "deletes a specific context locally (not in-cluster)",
 		Example: `qliksense config delete-contexts <context_name>`,
 		RunE: func(cmd *cobra.Command, args []string) error {
-			return q.DeleteContextConfig(args, skipConfirmation)
+			return q.DeleteContextConfig(args)
 		},
 	}
-	f := cmd.Flags()
-
-	f.BoolVar(&skipConfirmation, "yes", skipConfirmation, "skips confirmation")
 	return cmd
 }
 

cmd/qliksense/eula.go

@@ -48,14 +48,13 @@ var eulaPreRunHooks = eulaPreRunHooksT{
 }
 
 func commandAlwaysRequiresEulaAcceptance(commandName string) bool {
-	return commandName == fmt.Sprintf("%v install", rootCommandName) ||
-		commandName == fmt.Sprintf("%v apply", rootCommandName)
+	return commandName == "install" || commandName == "upgrade" || commandName == "apply"
 }
 
 func globalEulaPreRun(cmd *cobra.Command, q *qliksense.Qliksense) {
-	if isEulaEnforced(cmd.CommandPath()) {
+	if isEulaEnforced(cmd.Name()) {
 		if strings.TrimSpace(strings.ToLower(cmd.Flag("acceptEULA").Value.String())) != "yes" {
-			if eulaPreRunHook := eulaPreRunHooks.getValidator(cmd.CommandPath()); eulaPreRunHook != nil {
+			if eulaPreRunHook := eulaPreRunHooks.getValidator(cmd.Name()); eulaPreRunHook != nil {
 				if eulaAccepted, err := eulaPreRunHook(cmd, q); err != nil {
 					panic(err)
 				} else if !eulaAccepted {
@@ -71,7 +70,7 @@ func globalEulaPreRun(cmd *cobra.Command, q *qliksense.Qliksense) {
 }
 
 func globalEulaPostRun(cmd *cobra.Command, q *qliksense.Qliksense) {
-	if isEulaEnforced(cmd.CommandPath()) {
+	if isEulaEnforced(cmd.Name()) {
 		if err := q.SetEulaAccepted(); err != nil {
 			panic(err)
 		}

cmd/qliksense/fetch.go

@@ -1,30 +1,26 @@
 package main
 
 import (
+	"errors"
 	"github.com/qlik-oss/sense-installer/pkg/qliksense"
 	"github.com/spf13/cobra"
 )
 
 func fetchCmd(q *qliksense.Qliksense) *cobra.Command {
-	opts := &qliksense.FetchCommandOptions{}
 	c := &cobra.Command{
 		Use:     "fetch",
-		Short:   "fetch a release from qliksense-k8s repo, if version not supplied, will use from context",
-		Long:    `fetch a release from qliksense-k8s repo, if version not supplied, will use from context`,
-		Example: `qliksense fetch [version]`,
-		RunE: func(cmd *cobra.Command, args []string) error {
-			if len(args) == 1 {
-				opts.Version = args[0]
+		Short:   "fetch a release from qliksense-k8s repo",
+		Long:    `fetch a release from qliksense-k8s repo`,
+		Example: `qliksense fetch <version>`,
+		Args: func(cmd *cobra.Command, args []string) error {
+			if len(args) != 1 {
+				return errors.New("requires a version (i.e. v1.0.0)")
 			}
-			return q.FetchK8sWithOpts(opts)
+			return nil
+		},
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return q.FetchQK8s(args[0])
 		},
 	}
-
-	f := c.Flags()
-	f.StringVarP(&opts.GitUrl, "url", "", "", "git url from where configuration will be pulled")
-	f.StringVarP(&opts.AccessToken, "accessToken", "", "", "access token for git url")
-	f.StringVarP(&opts.SecretName, "secretName", "", "", "kubernetes secret name where a key name accessToken exist")
-	f.BoolVarP(&opts.Overwrite, "overwrite", "", false, "Ovewrite previously fetched veersion as well as local chagnes")
-
 	return c
 }

cmd/qliksense/install.go

@@ -1,15 +1,13 @@
 package main
 
 import (
-	"fmt"
-
 	"github.com/qlik-oss/sense-installer/pkg/qliksense"
 	"github.com/spf13/cobra"
 )
 
 func installCmd(q *qliksense.Qliksense) *cobra.Command {
 	opts := &qliksense.InstallCommandOptions{}
-	keepPatchFiles, pull, push := false, false, false
+	keepPatchFiles := false
 	c := &cobra.Command{
 		Use:     "install",
 		Short:   "install a qliksense release",
@@ -20,21 +18,6 @@ func installCmd(q *qliksense.Qliksense) *cobra.Command {
 			if len(args) != 0 {
 				version = args[0]
 			}
-			if err := validatePullPushFlagsOnInstall(q, pull, push); err != nil {
-				return err
-			}
-			if pull {
-				fmt.Println("Pulling images...")
-				if err := q.PullImages(version, ""); err != nil {
-					return err
-				}
-			}
-			if push {
-				fmt.Println("Pushing images...")
-				if err := q.PushImagesForCurrentCR(); err != nil {
-					return err
-				}
-			}
 			return q.InstallQK8s(version, opts, keepPatchFiles)
 		},
 	}
@@ -44,19 +27,6 @@ func installCmd(q *qliksense.Qliksense) *cobra.Command {
 	f.StringVarP(&opts.MongoDbUri, "mongoDbUri", "m", "", "mongoDbUri for qliksense (i.e. mongodb://qlik-default-mongodb:27017/qliksense?ssl=false)")
 	f.StringVarP(&opts.RotateKeys, "rotateKeys", "r", "", "Rotate JWT keys for qliksense (yes:rotate keys/ no:use exising keys from cluster/ None: use default EJSON_KEY from env")
 	f.BoolVar(&keepPatchFiles, keepPatchFilesFlagName, keepPatchFiles, keepPatchFilesFlagUsage)
-	f.BoolVarP(&pull, pullFlagName, pullFlagShorthand, pull, pullFlagUsage)
-	f.BoolVarP(&push, pushFlagName, pushFlagShorthand, push, pushFlagUsage)
+
 	return c
 }
-
-func validatePullPushFlagsOnInstall(q *qliksense.Qliksense, pull, push bool) error {
-	if pull && !push {
-		fmt.Printf("WARNING: pulling images without pushing them")
-	}
-	if push {
-		if err := ensureImageRegistrySetInCR(q); err != nil {
-			return err
-		}
-	}
-	return nil
-}

cmd/qliksense/load.go

@@ -2,7 +2,7 @@ package main
 
 import (
 	"bytes"
-	"fmt"
+	"io"
 	"io/ioutil"
 	"os"
 
@@ -20,8 +20,8 @@ func loadCrFile(q *qliksense.Qliksense) *cobra.Command {
 		Long:    `load a CR a file and create necessary structure for future use`,
 		Example: `qliksense load -f file_name or cat cr_file | qliksense load -f -`,
 		RunE: func(cmd *cobra.Command, args []string) error {
-			return runLoadOrApplyCommandE(cmd, func(buffer []byte) error {
-				return q.LoadCr(bytes.NewReader(buffer), overwriteExistingContext)
+			return runLoadOrApplyCommandE(cmd, func(reader io.Reader) error {
+				return q.LoadCr(reader, overwriteExistingContext)
 			})
 		},
 	}
@@ -30,7 +30,7 @@ func loadCrFile(q *qliksense.Qliksense) *cobra.Command {
 	c.MarkFlagRequired("file")
 	f.BoolVarP(&overwriteExistingContext, "overwrite", "o", overwriteExistingContext, "Overwrite any existing contexts with the same name")
 
-	eulaPreRunHooks.addValidator(fmt.Sprintf("%v %v", rootCommandName, c.Name()), loadOrApplyCommandEulaPreRunHook)
+	eulaPreRunHooks.addValidator(c.Name(), loadOrApplyCommandEulaPreRunHook)
 	return c
 }
 
@@ -70,19 +70,15 @@ func loadOrApplyCommandEulaPreRunHook(cmd *cobra.Command, q *qliksense.Qliksense
 	}
 }
 
-func runLoadOrApplyCommandE(cmd *cobra.Command, callBack func(buffer []byte) error) error {
+func runLoadOrApplyCommandE(cmd *cobra.Command, callBack func(io.Reader) error) error {
 	if crBytes := eulaPreRunHooks.getPostValidationArtifact("CR"); crBytes != nil {
-		return callBack(crBytes.([]byte))
+		return callBack(bytes.NewBuffer(crBytes.([]byte)))
 	} else {
 		file, err := getCrFileFromFlag(cmd, "file")
 		if err != nil {
 			return err
 		}
 		defer file.Close()
-		if crBytes, err := ioutil.ReadAll(file); err != nil {
-			return err
-		} else {
-			return callBack(crBytes)
-		}
+		return callBack(file)
 	}
 }

cmd/qliksense/preflight.go

@@ -80,9 +80,7 @@ func pfK8sVersionCheckCmd(q *qliksense.Qliksense) *cobra.Command {
 }
 
 func pfAllChecksCmd(q *qliksense.Qliksense) *cobra.Command {
-
-	preflightOpts := &preflight.PreflightMongoOptions{}
-
+	var mongodbUrl string
 	var preflightAllChecksCmd = &cobra.Command{
 		Use:     "all",
 		Short:   "perform all checks",
@@ -102,19 +100,13 @@ func pfAllChecksCmd(q *qliksense.Qliksense) *cobra.Command {
 			if namespace == "" {
 				namespace = "default"
 			}
-			qp.RunAllPreflightChecks(kubeConfigContents, namespace, preflightOpts)
+			qp.RunAllPreflightChecks(namespace, kubeConfigContents, mongodbUrl)
 			return nil
 
 		},
 	}
 	f := preflightAllChecksCmd.Flags()
-	f.StringVarP(&preflightOpts.MongodbUrl, "mongodb-url", "", "", "mongodbUrl to try connecting to")
-	f.StringVarP(&preflightOpts.Username, "mongodb-username", "", "", "username to connect to mongodb")
-	f.StringVarP(&preflightOpts.Password, "mongodb-password", "", "", "password to connect to mongodb")
-	f.StringVarP(&preflightOpts.CaCertFile, "mongodb-ca-cert", "", "", "certificate to use for mongodb check")
-	f.StringVarP(&preflightOpts.ClientCertFile, "mongodb-client-cert", "", "", "client-certificate to use for mongodb check")
-	f.BoolVar(&preflightOpts.Tls, "mongodb-tls", false, "enable tls?")
-
+	f.StringVarP(&mongodbUrl, "mongodb-url", "", "", "mongodbUrl to try connecting to")
 	return preflightAllChecksCmd
 }
 
@@ -324,8 +316,7 @@ func pfCreateAuthCheckCmd(q *qliksense.Qliksense) *cobra.Command {
 }
 
 func pfMongoCheckCmd(q *qliksense.Qliksense) *cobra.Command {
-
-	preflightOpts := &preflight.PreflightMongoOptions{}
+	var mongodbUrl string
 	var preflightMongoCmd = &cobra.Command{
 		Use:     "mongo",
 		Short:   "preflight mongo OR preflight mongo --url=<url>",
@@ -345,7 +336,7 @@ func pfMongoCheckCmd(q *qliksense.Qliksense) *cobra.Command {
 			if namespace == "" {
 				namespace = "default"
 			}
-			if err = qp.CheckMongo(kubeConfigContents, namespace, preflightOpts); err != nil {
+			if err = qp.CheckMongo(kubeConfigContents, namespace, mongodbUrl); err != nil {
 				fmt.Println(err)
 				fmt.Print("Preflight mongo check FAILED\n")
 				log.Fatal()
@@ -354,11 +345,6 @@ func pfMongoCheckCmd(q *qliksense.Qliksense) *cobra.Command {
 		},
 	}
 	f := preflightMongoCmd.Flags()
-	f.StringVarP(&preflightOpts.MongodbUrl, "url", "", "", "mongodbUrl to try connecting to")
-	f.StringVarP(&preflightOpts.Username, "username", "", "", "username to connect to mongodb")
-	f.StringVarP(&preflightOpts.Password, "password", "", "", "password to connect to mongodb")
-	f.StringVarP(&preflightOpts.CaCertFile, "ca-cert", "", "", "ca certificate to use for mongodb check")
-	f.StringVarP(&preflightOpts.ClientCertFile, "client-cert", "", "", "client-certificate to use for mongodb check")
-	f.BoolVar(&preflightOpts.Tls, "tls", false, "enable tls?")
+	f.StringVarP(&mongodbUrl, "url", "", "", "mongodbUrl to try connecting to")
 	return preflightMongoCmd
 }

cmd/qliksense/pull_push.go

@@ -16,7 +16,7 @@ func pullQliksenseImages(q *qliksense.Qliksense) *cobra.Command {
 		Short:   "Pull docker images for offline install",
 		Example: `qliksense pull`,
 		RunE: func(cmd *cobra.Command, args []string) error {
-			version, err := getSingleArg(args)
+			version, err := getAboutCommandGitRef(args)
 			if err != nil {
 				return err
 			}
@@ -34,8 +34,11 @@ func pushQliksenseImages(q *qliksense.Qliksense) *cobra.Command {
 		Short:   "Push docker images for offline install",
 		Example: `qliksense push`,
 		RunE: func(cmd *cobra.Command, args []string) error {
-			if err := ensureImageRegistrySetInCR(q); err != nil {
+			qConfig := qapi.NewQConfig(q.QliksenseHome)
+			if qcr, err := qConfig.GetCurrentCR(); err != nil {
 				return err
+			} else if registry := qcr.GetImageRegistry(); registry == "" {
+				return errors.New("no image registry in config")
 			} else {
 				return q.PushImagesForCurrentCR()
 			}
@@ -43,13 +46,3 @@ func pushQliksenseImages(q *qliksense.Qliksense) *cobra.Command {
 	}
 	return cmd
 }
-
-func ensureImageRegistrySetInCR(q *qliksense.Qliksense) error {
-	qConfig := qapi.NewQConfig(q.QliksenseHome)
-	if qcr, err := qConfig.GetCurrentCR(); err != nil {
-		return err
-	} else if registry := qcr.Spec.GetImageRegistry(); registry == "" {
-		return errors.New("no image registry set in the CR; to set it use: qliksense config set-image-registry")
-	}
-	return nil
-}

cmd/qliksense/root.go

@@ -12,6 +12,7 @@ import (
 	"github.com/mitchellh/go-homedir"
 	"github.com/qlik-oss/sense-installer/pkg"
 	"github.com/qlik-oss/sense-installer/pkg/api"
+	"github.com/qlik-oss/sense-installer/pkg/preflight"
 	"github.com/qlik-oss/sense-installer/pkg/qliksense"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
@@ -27,13 +28,6 @@ const (
 	qlikSenseDirVar         = ".qliksense"
 	keepPatchFilesFlagName  = "keep-config-repo-patches"
 	keepPatchFilesFlagUsage = "Keep config repo patch files (for debugging)"
-	pullFlagName            = "pull"
-	pullFlagShorthand       = "d"
-	pullFlagUsage           = "If using private docker registry, pull (download) all required Qliksense images before install"
-	pushFlagName            = "push"
-	pushFlagShorthand       = "u"
-	pushFlagUsage           = "If using private docker registry, push (upload) all downloaded Qliksense images to that registry before install"
-	rootCommandName         = "qliksense"
 )
 
 func initAndExecute() error {
@@ -92,25 +86,22 @@ var versionCmd = &cobra.Command{
 }
 
 func commandUsesContext(commandName string) bool {
-	return commandName != "" &&
-		commandName != rootCommandName &&
-		commandName != fmt.Sprintf("%v help", rootCommandName) &&
-		commandName != fmt.Sprintf("%v version", rootCommandName)
+	return commandName != "" && commandName != "qliksense" && commandName != "help" && commandName != "version"
 }
 
 func getRootCmd(p *qliksense.Qliksense) *cobra.Command {
 	cmd := &cobra.Command{
-		Use:   rootCommandName,
+		Use:   "qliksense",
 		Short: "Qliksense cli tool",
 		Long:  `qliksense cli tool provides functionality to perform operations on qliksense-k8s, qliksense operator, and kubernetes cluster`,
 		Args:  cobra.ArbitraryArgs,
 		PersistentPreRun: func(cmd *cobra.Command, args []string) {
-			if commandUsesContext(cmd.CommandPath()) {
+			if commandUsesContext(cmd.Name()) {
 				globalEulaPreRun(cmd, p)
 				if err := p.SetUpQliksenseDefaultContext(); err != nil {
 					panic(err)
 				}
-				pf := api.NewPreflightConfig(p.QliksenseHome)
+				pf := preflight.NewPreflightConfig(p.QliksenseHome)
 				if err := pf.Initialize(); err != nil {
 					panic(err)
 				}
@@ -118,14 +109,14 @@ func getRootCmd(p *qliksense.Qliksense) *cobra.Command {
 			}
 		},
 		PersistentPostRun: func(cmd *cobra.Command, args []string) {
-			if commandUsesContext(cmd.CommandPath()) {
+			if commandUsesContext(cmd.Name()) {
 				globalEulaPostRun(cmd, p)
 			}
 		},
 	}
 	origHelpFunc := cmd.HelpFunc()
 	cmd.SetHelpFunc(func(cmd *cobra.Command, args []string) {
-		if !commandUsesContext(cmd.CommandPath()) {
+		if !commandUsesContext(cmd.Name()) {
 			cmd.Flags().MarkHidden("acceptEULA")
 		}
 		origHelpFunc(cmd, args)

cmd/qliksense/uninstall.go

@@ -6,7 +6,6 @@ import (
 )
 
 func uninstallCmd(q *qliksense.Qliksense) *cobra.Command {
-	skipConfirmation := false
 	c := &cobra.Command{
 		Use:     "uninstall",
 		Short:   "Uninstall the deployed qliksense.",
@@ -14,15 +13,10 @@ func uninstallCmd(q *qliksense.Qliksense) *cobra.Command {
 		Example: `qliksense uninstall <context-name>`,
 		RunE: func(cmd *cobra.Command, args []string) error {
 			if len(args) > 0 {
-				return q.UninstallQK8s(args[0], skipConfirmation)
+				return q.UninstallQK8s(args[0])
 			}
-			return q.UninstallQK8s("", skipConfirmation)
+			return q.UninstallQK8s("")
 		},
 	}
-
-	f := c.Flags()
-
-	f.BoolVar(&skipConfirmation, "yes", skipConfirmation, "skips confirmation")
-
 	return c
 }

docs/command_reference.md

@@ -1,47 +1,13 @@
-# CLI reference
+# qliksense command reference
 
-### qliksense preflight
+## qliksense apply
 
-Preflight checks provide pre-installation cluster conformance testing and validation before we install qliksense on the cluster. We gather a suite of conformance tests that can be easily written and run on the target cluster to verify that cluster-specific requirements are met.
-
-We support the following tests at the moment as part of preflight checks, and the range of the suite will be expanded in future.
-
-Run the following command to view help about the commands supported by preflight at any moment:
-```
-qliksense preflight
-```
-
-#### Running all checks
-Run the following command to execute all preflight checks
-```
-qliksense preflight all --mongodb-url=<mongo-server url> --mongodb-ca-cert=<path to ca-cert file>
-```
-
-#### Running specific check
-Run the following command to execute a specific check
-```
-qliksense preflight dns
-```
-
-### qliksense load
-
-`qliksense load` command takes input from a file or from pipe
-
-- `qliksense load -f cr-file.yaml`
-- `cat cr-file.yaml | qliksense load -f -`
-
-This will load the Custom Resource (CR) into `${QLIKSENSE_HOME}` folder, create context structure and set the current context to that CR.
-
-This will also encrypt the secrets from CR while writing the CR into the disk.
-
-### qliksense apply
-
-`qliksense apply` command takes input from a file or from pipe
+`qliksense apply` command takes input a cr file or input from pipe
 
 - `qliksense apply -f cr-file.yaml`
 - `cat cr-file.yaml | qliksense apply -f -`
 
-The content of `cr-file.yaml` should be something like the following:
+the content of `cr-file.yaml` should be something similar
 
 ```yaml
 apiVersion: qlik.com/v1
@@ -61,26 +27,33 @@ spec:
       value: mongodb://qlik-test-mongodb:27017/qliksense?ssl=false
   profile: docker-desktop
   rotateKeys: "yes"
-```
+  ```
 
-`qliksense apply` does everything `qliksense load` does but will install Qlik Sense into the cluster as well
+This will do everything `qliksense load` does and install the qliksense into the cluster. 
 
-### qliksense about
+## qliksense load
 
-`qliksense about` command will display information about [qliksense-k8s](https://github.com/qlik-oss/qliksense-k8s) release.
+`qliksense load` command takes input a cr file or input from pipe.
 
-For example, running the following command will show information about default profile for `1.0.0` tag
+- `qliksense load -f cr-file.yaml`
+- `cat cr-file.yaml | qliksense load -f -`
 
-```
-qliksense about 1.0.0
-```
+This will load the CR into `${QLIKSENSE_HOME}` folder, create context structure and set the current context to that CR. 
+This will also encrypt the secrets from CR while writing the CR into the disk.
 
-Run the following command to view options for `about` command:
-```
-qliksense about --help
-```
+## qliksense about
 
-Using other supported commands user might have built the CR into the location `~/.qliksense/myqliksense.yaml`
+About action will display inside information regarding [qliksense-k8](https://github.com/qlik-oss/qliksense-k8s) release.
+
+it will support following flags
+
+- `qliksense about 1.0.0` display default profile for tag `1.0.0`.
+- `qliksense about 1.0.0 --profile=docker-desktop`
+- `qliksense about` 
+  - assuming current directory has `manifests/docker-desktop`
+  - or get version information from pull of `qliksense-k8s` `master`
+
+using other supported commands user might have built the CR into the location `~/.qliksense/myqliksense.yaml`
 
 ```yaml
 apiVersion: qlik.com/v1
@@ -89,7 +62,7 @@ metadata:
   name: myqliksense
 spec:
   profile: docker-desktop
-  manifestsRoot: /Usr/xyz/my-k8-repo/manifests
+  manifestsRoot: /Usr/ddd/my-k8-repo/manifests
   namespace: myqliksense
   storageClassName: efs
   configs:
@@ -104,30 +77,31 @@ spec:
       valueFromKey: messagingPassword
 ```
 
-In this case, the result of `qliksense about` command would display information from:
+In that case the command would be
 
-- `/Usr/xyz/my-k8-repo/manifests/docker-desktop` location, or
-- Pull and show information from `master` branch if the directory is invalid or empty
+- `qliksense about`
+   - display from `/Usr/ddd/my-k8-repo/manifests/docker-desktop` location
+   - pull from `master` if directory invalid/empty
 
 
-### qliksense config
+## qliksense config
 
-`qliksense config` will perform operations on configurations and contexts regarding the [qliksense-k8](https://github.com/qlik-oss/qliksense-k8s) release.
+Config action will perform operations on configurations and contexts regarding the [qliksense-k8](https://github.com/qlik-oss/qliksense-k8s) release.
 
-It supports the following flags:
+it will support following commands:
 
-- `qliksense config apply` - generate the patches and apply manifests to K8s
-- `qliksense config list-contexts` - get and list contexts
-- `qliksense config set` - configure a key-value pair into the current context
-- `qliksense config set-configs` - set configurations into qliksense context as key-value pairs
-- `qliksense config set-context` - sets the Kubernetes context where resources are located
-- `qliksense config set-secrets <service_name>.<attribute>="<value>" --secret=false` - set secrets configurations into qliksense context as key-value pairs and show encrypted value as part of CR
-- `qliksense config set-secrets <service_name>.<attribute>="<value>" --secret=true` - set secrets configurations into qliksense context as key-value pairs and show a key reference to the created Kubernetes secret resource as part of the CR
+- `qliksense config apply` - generate the patchs and apply manifests to k8s
+- `qliksense config list-contexts` - retrieves the contexts and lists them
+- `qliksense config set` - configure a key value pair into the current context
+- `qliksense config set-configs` - set configurations into the qliksense context as key-value pairs
+- `qliksense config set-context` - sets the context in which the Kubernetes cluster and resources live in
+- `qliksense config set-secrets <service_name>.<attribute>="<value>" --secret=false` - set secrets configurations into the qliksense context as key-value pairs and show encrypted value as part of CR
+- `qliksense config set-secrets <service_name>.<attribute>="<value>" --secret=true` - set secrets configurations into the qliksense context as key-value pairs and show a key reference to the created Kubernetes secret resource as part of the CR
 - `qliksense config view` - view the qliksense operator CR
-- `qliksense config delete-context` - deletes a specific context locally (not in-cluster). Deletes context in spec of `config.yaml` and locally deletes entire folder of specified context (does not delete secrets from cluster)
+- `qliksense config delete-context` - deletes a specific context locally (not in-cluster). Deletes context in spec of `config.yaml` and locally deletes entire folder of specified context (does not delete in-cluster secrets)
 
 
-The global file which abstracts all contexts is `~/.qliksense/config.yaml`
+the global file that abstracts all the contexts is `config.yaml`, located at:  `~/.qliksense/config.yaml`:
 ```yaml
 apiVersion: config.qlik.com/v1
 kind: QliksenseConfig
@@ -136,10 +110,10 @@ metadata:
 spec:
   contexts:
   - name: qlik-default
-    crFile: /Users/xyz/.qliksense/contexts/qlik-default/qlik-default.yaml
+    crFile: /Users/fff/.qliksense/contexts/qlik-default/qlik-default.yaml
   - name: myqliksense
-    crFile: /Users/xyz/.qliksense/contexts/myqliksense/myqliksense.yaml
+    crFile: /Users/fff/.qliksense/contexts/myqliksense/myqliksense.yaml
   - name: hello
-    crFile: /Users/xyz/.qliksense/contexts/hello/hello.yaml
+    crFile: /Users/fff/.qliksense/contexts/hello/hello.yaml
   currentContext: hello
-```
+```

docs/concepts.md

@@ -1,4 +1,4 @@
-# How CLI works
+# How qliksense cli works
 
 At the initialization, `qliksense` cli creates few files in the director `~/.qliksene` and it contains following files:
 
@@ -48,14 +48,14 @@ qliksense config -h
 
 In this mode `qliksense` CLI downloads the specified version from [qliksense-k8s](https://github.com/qlik-oss/qliksense-k8s) and places it in `~/.qliksense/contexts/<context-name>/qlik-k8s` folder.
 
-The qliksense cli creates a CR for the QlikSense operator and all config operations are performed to edit the CR.
+The qliksense cli creates a CR for the QlikSense operator and all config operations are peformed to edit the CR.
 
 `qliksense install` or `qliksense config apply` will generate patches in local file system (i.e `~/.qliksense/contexts/<context-name>/qlik-k8s`) and
 
 - Install those manifests into the cluster 
-- Create a custom resource (CR) for the `qliksene operator`.
+- Create a custom resoruce (CR) for the `qliksene operator`.
 
-The operator makes the association to the installed resources so that when `qliksense uninstall` is performed the operator can delete all kubernetes resources related to QSEoK for the current context.
+The operator makes the association to the installed resoruces so that when `qliksense uninstall` is performed the operator can delete all kubernetes resources related to QSEoK for the current context.
 
 ## With a git repo
 
@@ -94,3 +94,4 @@ spec:
     image: qlik-docker-oss.bintray.io/qliksense-repo-watcher
 ....
 ```
+

docs/getting_started.md

@@ -5,7 +5,7 @@
 - Kubernetes cluster (Docker Desktop with enabled Kubernetes)
 - `kubectl` installed, configured and able to communicate with kubernetes cluster. _`qliksense` CLI uses `kubectl` under the hood to perform operations on cluster_
 
-## Installing `qliksense` CLI
+## Installing Sense installer
 
 Download the executable for your platform from [releases page](https://github.com/qlik-oss/sense-installer/releases) and rename it to `qliksense`
 

docs/index.md

@@ -1,15 +1,22 @@
 # Overview
 
-The Qlik Sense on Kubernetes CLI (`qliksense`) provides an imperative interface to many of the configurations that need to be applied against the declarative structure described in [qliksense-k8s](https://github.com/qlik-oss/qliksense-k8s).
-
-The CLI facilitates:
+The Qlik Sense installer CLI (`qliksense`) provides an imperative interface to many of the configurations that need to be applied against the declarative structure described in [qliksense-k8s](https://github.com/qlik-oss/qliksense-k8s). This cli facilitates:
 
 - Installation of QSEoK
 - Installation of qliksense operator to manage QSEoK
 - Air gapped installation of QSEoK
 
 !!! info ""
-    This is a technology preview that uses Qlik modified [kustomize](https://github.com/qlik-oss/kustomize) for Kubernetes manifests on [qliksense-k8s](https://github.com/qlik-oss/qliksense-k8s) repository
+    This is a technology preview that uses Qlik modified [kustomize](https://github.com/qlik-oss/kustomize) for kubernetes manifests on [qliksense-k8s](https://github.com/qlik-oss/qliksense-k8s) repository
 
 !!! info ""
     See QlikSense [edge releases on qliksense-k8s](https://github.com/qlik-oss/qliksense-k8s/releases) repository
+
+## Future Direction
+
+Operations:
+
+- Expand preflight checks
+- Backup/restore operations
+- Fully support airgap installation of QSEoK
+- Restore unwanted deletion of kubernetes resources

docs/preflight_checks.md

@@ -1,11 +1,10 @@
-# Preflight checks
-
+##Preflight checks
 Preflight checks provide pre-installation cluster conformance testing and validation before we install qliksense on the cluster. We gather a suite of conformance tests that can be easily written and run on the target cluster to verify that cluster-specific requirements are met.
-
+The suite consists of a set of `collectors` which run the specifications of every test and `analyzers` which analyze the results of every test run by the collector.
 We support the following tests at the moment as part of preflight checks, and the range of the suite will be expanded in future.
 
 Run the following command to view help about the commands supported by preflight at any moment:
-```shell
+```console
 $ qliksense preflight
 perform preflight checks on the cluster
 
@@ -27,7 +26,7 @@ Flags:
 ### DNS check
 Run the following command to perform preflight DNS check. We setup a kubernetes deployment and try to reach it as part of establishing DNS connectivity in this check. 
 The expected output should be similar to the one shown below.
-```shell
+```console
 $ qliksense preflight dns
 
 Preflight DNS check
@@ -50,7 +49,7 @@ Deleted deployment: dep-dns-preflight-check
 ### Kubernetes version check
 We check the version of the target kubernetes cluster and ensure that it falls in the valid range of kubernetes versions that are supported by qliksense. 
 The command to run this check and the expected similar output are as shown below:
-```shell
+```console
 $ qliksense preflight k8s-version
 
 Preflight kubernetes minimum version check
@@ -65,7 +64,7 @@ Completed Preflight kubernetes minimum version check
 
 ### Service check
 We use the commmand below to test if we are able to create a service in the cluster.
-```shell
+```console
 $ qliksense preflight service
 
 Preflight service check
@@ -81,7 +80,7 @@ Completed preflight service check
 
 ### Deployment check
 We use the commmand below to test if we are able to create a deployment in the cluster. After the test exexutes, we wait until the created deployment terminates before we exit the command. 
-```shell
+```console
 $ qliksense preflight deployment
 
 Preflight deployment check
@@ -96,7 +95,7 @@ Completed preflight deployment check
 
 ### Pod check
 We use the commmand below to test if we are able to create a pod in the cluster.
-```shell
+```console
 $ qliksense preflight pod
 
 Preflight pod check
@@ -198,8 +197,6 @@ We can check if we are able to connect to an instance of mongodb on the cluster
 ```shell
 qliksense preflight mongo --url=<url> OR
 qliksense preflight mongo
-qliksense preflight mongo --url=<mongo-server url> --ca-cert=<path to ca-cert file>
-
 
 Preflight mongo check
 ---------------------
@@ -207,7 +204,7 @@ Preflight mongodb check:
 Created pod: pf-mongo-pod
 stdout: MongoDB shell version v4.2.5
 connecting to: <url>/?compressors=disabled&gssapiServiceName=mongodb
-Implicit session: session { "id" : UUID("...") }
+Implicit session: session { "id" : UUID("64f639d3-2c93-4894-80f6-ee14acaf56a5") }
 MongoDB server version: 4.2.5
 bye
 stderr: 
@@ -220,9 +217,9 @@ Completed preflight mongodb check
 
 ### Running all checks
 Run the command shown below to execute all preflight checks.
-```shell
+```console
 $ qliksense preflight all --mongodb-url=<url> OR
-$ qliksense preflight all --mongodb-url=<mongo-server url> --mongodb-ca-cert=<path to ca-cert file> 
+$ qliksense preflight all
 
 Running all preflight checks
 

go.mod

@@ -26,13 +26,13 @@ require (
 	github.com/docker/cli v0.0.0-20191212191748-ebca1413117a // indirect
 	github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7 // indirect
 	github.com/docker/go-metrics v0.0.1 // indirect
-	github.com/go-git/go-git/v5 v5.0.0
 	github.com/gobuffalo/envy v1.9.0 // indirect
 	github.com/gobuffalo/logger v1.0.3 // indirect
 	github.com/gobuffalo/packd v1.0.0 // indirect
 	github.com/gobuffalo/packr/v2 v2.7.1
 	github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e // indirect
 	github.com/golang/protobuf v1.3.3 // indirect
+	github.com/google/uuid v1.1.1
 	github.com/gorilla/mux v1.7.3 // indirect
 	github.com/hashicorp/golang-lru v0.5.4 // indirect
 	github.com/jinzhu/copier v0.0.0-20190924061706-b57f9002281a
@@ -41,9 +41,8 @@ require (
 	github.com/mattn/go-tty v0.0.3
 	github.com/mitchellh/go-homedir v1.1.0
 	github.com/morikuni/aec v1.0.0 // indirect
-	github.com/otiai10/copy v1.1.1
 	github.com/pkg/errors v0.8.1
-	github.com/qlik-oss/k-apis v0.1.1
+	github.com/qlik-oss/k-apis v0.0.34
 	github.com/robfig/cron/v3 v3.0.1
 	github.com/rogpeppe/go-internal v1.5.2 // indirect
 	github.com/spf13/cobra v0.0.6
@@ -51,7 +50,8 @@ require (
 	github.com/ttacon/chalk v0.0.0-20160626202418-22c06c80ed31
 	golang.org/x/crypto v0.0.0-20200311171314-f7b00557c8c4 // indirect
 	golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a // indirect
-	golang.org/x/net v0.0.0-20200301022130-244492dfa37a
+	golang.org/x/net v0.0.0-20200226121028-0de0cce0169b
+	golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527 // indirect
 	golang.org/x/tools v0.0.0-20200312194400-c312e98713c2 // indirect
 	google.golang.org/genproto v0.0.0-20200128133413-58ce757ed39b // indirect
 	google.golang.org/grpc v1.27.0 // indirect

go.sum

@@ -207,7 +207,6 @@ github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwc
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
-github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/cyphar/filepath-securejoin v0.2.2 h1:jCwT2GTP+PY5nBz3c/YL5PAIbusElVrPujOBSCj8xRg=
 github.com/cyphar/filepath-securejoin v0.2.2/go.mod h1:FpkQEhXnPnOthhzymB7CGsFk2G9VLXONKD9G7QGMM+4=
 github.com/davecgh/go-spew v0.0.0-20151105211317-5215b55f46b2/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -300,12 +299,6 @@ github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aev
 github.com/globalsign/mgo v0.0.0-20180905125535-1ca0a4f7cbcb/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q=
 github.com/globalsign/mgo v0.0.0-20181015135952-eeefdecb41b8/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q=
 github.com/go-critic/go-critic v0.3.5-0.20190904082202-d79a9f0c64db/go.mod h1:+sE8vrLDS2M0pZkBk0wy6+nLdKexVDrl/jBqQOTDThA=
-github.com/go-git/gcfg v1.5.0 h1:Q5ViNfGF8zFgyJWPqYwA7qGFoMTEiBmdlkcfRmpIMa4=
-github.com/go-git/gcfg v1.5.0/go.mod h1:5m20vg6GwYabIxaOonVkTdrILxQMpEShl1xiMF4ua+E=
-github.com/go-git/go-billy/v5 v5.0.0/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0=
-github.com/go-git/go-git-fixtures/v4 v4.0.1/go.mod h1:m+ICp2rF3jDhFgEZ/8yziagdT1C+ZpZcrJjappBCDSw=
-github.com/go-git/go-git/v5 v5.0.0 h1:k5RWPm4iJwYtfWoxIJy4wJX9ON7ihPeZZYC1fLYDnpg=
-github.com/go-git/go-git/v5 v5.0.0/go.mod h1:oYD8y9kWsGINPFJoLdaScGCN6dlKg23blmClfZwtUVA=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-ini/ini v1.25.4/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8=
@@ -674,7 +667,6 @@ github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA=
 github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw=
 github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
-github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.2.0 h1:LXpIM/LZ5xGFhOpXAQUIMM1HdyqzVYM13zNdjCEEcA0=
 github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
@@ -768,7 +760,6 @@ github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8m
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
 github.com/nbutton23/zxcvbn-go v0.0.0-20180912185939-ae427f1e4c1d/go.mod h1:o96djdrsSGy3AWPyBgZMAGfxZNfgntdJG+11KU4QvbU=
-github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
 github.com/nwaples/rardecode v1.0.0 h1:r7vGuS5akxOnR4JQSkko62RJ1ReCMXxQRPtxsiFMBOs=
 github.com/nwaples/rardecode v1.0.0/go.mod h1:5DzqNKiOdpKKBH87u8VlvAnPZMXcGRhxWkRpHbbfGS0=
 github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA=
@@ -801,14 +792,6 @@ github.com/opencontainers/selinux v1.3.0 h1:xsI95WzPZu5exzA6JzkLSfdr/DilzOhCJOqG
 github.com/opencontainers/selinux v1.3.0/go.mod h1:+BLncwf63G4dgOzykXAxcmnFlUaOlkDdmw/CqsW6pjs=
 github.com/ostreedev/ostree-go v0.0.0-20190702140239-759a8c1ac913 h1:TnbXhKzrTOyuvWrjI8W6pcoI9XPbLHFXCdN2dtUw7Rw=
 github.com/ostreedev/ostree-go v0.0.0-20190702140239-759a8c1ac913/go.mod h1:J6OG6YJVEWopen4avK3VNQSnALmmjvniMmni/YFYAwc=
-github.com/otiai10/copy v1.1.1 h1:PH7IFlRQ6Fv9vYmuXbDRLdgTHoP1w483kPNUP2bskpo=
-github.com/otiai10/copy v1.1.1/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw=
-github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE=
-github.com/otiai10/curr v1.0.0 h1:TJIWdbX0B+kpNagQrjgq8bCMrbhiuX73M2XwgtDMoOI=
-github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs=
-github.com/otiai10/mint v1.3.0/go.mod h1:F5AjcsTsWUqX+Na9fpHb52P8pcRX2CI6A3ctIT91xUo=
-github.com/otiai10/mint v1.3.1 h1:BCmzIS3n71sGfHB5NMNDB3lHYPz8fWSkCAErHed//qc=
-github.com/otiai10/mint v1.3.1/go.mod h1:/yxELlJQ0ufhjUwhshSj+wFjZ78CnZ48/1wtmBH1OTc=
 github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
 github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0MwY=
 github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
@@ -869,12 +852,10 @@ github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDa
 github.com/prometheus/procfs v0.0.5 h1:3+auTFlqw+ZaQYJARz6ArODtkaIwtvBTx3N2NehQlL8=
 github.com/prometheus/procfs v0.0.5/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
 github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
-github.com/qlik-oss/k-apis v0.0.39 h1:fIGCC7f9kU7319VTSJKr3fLoA9E4MjusRFmOjX3ypis=
-github.com/qlik-oss/k-apis v0.0.39/go.mod h1:yoYGgPJ/H0t9H3NSq64dWfyQY6QWi2L9c+hCJoVO03U=
-github.com/qlik-oss/k-apis v0.1.0 h1:uMl1316SNYy5Hm6jy1U7wiCMkut0tKqdP8mBpSuXXp8=
-github.com/qlik-oss/k-apis v0.1.0/go.mod h1:yoYGgPJ/H0t9H3NSq64dWfyQY6QWi2L9c+hCJoVO03U=
-github.com/qlik-oss/k-apis v0.1.1 h1:aZ4eTMB3mSn03Kuj7+RI0eFLkjK9+0qxADBioRb3qVA=
-github.com/qlik-oss/k-apis v0.1.1/go.mod h1:yoYGgPJ/H0t9H3NSq64dWfyQY6QWi2L9c+hCJoVO03U=
+github.com/qlik-oss/k-apis v0.0.34 h1:lOC21wz/nNZNmSfTXZSJCOm1BulaZfdg7tAuYb7knAE=
+github.com/qlik-oss/k-apis v0.0.34/go.mod h1:DNiWYqCqPIN216l7+1rccArNIYPb1Le7kYDcPSyNp+Q=
+github.com/qlik-oss/kustomize/api v0.3.3-0.20200401055330-fa528324112a h1:Vzod5XB+e25ENy5Lse0pXNmSYSDFxSEYhH/6Sj7twPg=
+github.com/qlik-oss/kustomize/api v0.3.3-0.20200401055330-fa528324112a/go.mod h1:tSQaDZ4Jt9KwYvD7LlMUPi5nkiGOno3PAKl5/XqEfxs=
 github.com/qlik-oss/kustomize/api v0.3.3-0.20200402170547-2e8140160c36 h1:BuT+cnXPQ6mcOWTDS1S8GXy65LAEMdPuNQCC36rMq28=
 github.com/qlik-oss/kustomize/api v0.3.3-0.20200402170547-2e8140160c36/go.mod h1:tSQaDZ4Jt9KwYvD7LlMUPi5nkiGOno3PAKl5/XqEfxs=
 github.com/quasilyte/go-consistent v0.0.0-20190521200055-c6f3937de18c/go.mod h1:5STLWrekHfjyYwxBRVRXNOSewLJ3PWfDJd1VyTS21fI=
@@ -960,8 +941,6 @@ github.com/spf13/viper v1.6.1 h1:VPZzIkznI1YhVMRi6vNFLHSwhnhReBfgTxIPccpfdZk=
 github.com/spf13/viper v1.6.1/go.mod h1:t3iDnF5Jlj76alVNuyFBk5oUMCvsrkbvZK0WQdfDi5k=
 github.com/src-d/gcfg v1.4.0 h1:xXbNR5AlLSA315x2UO+fTSSAXCDf+Ar38/6oyGbDKQ4=
 github.com/src-d/gcfg v1.4.0/go.mod h1:p/UMsR43ujA89BJY9duynAwIpvqEujIH/jFlfL7jWoI=
-github.com/src-d/go-git v4.7.0+incompatible h1:IYSSnbAHeKmsfbQFi9ozbid+KNh0bKjlorMfQehQbcE=
-github.com/src-d/go-git v4.7.0+incompatible/go.mod h1:1bQciz+hn0jzPQNsYj0hDFZHLJBdV7gXE2mWhC7EkFk=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
@@ -1077,7 +1056,6 @@ golang.org/x/crypto v0.0.0-20191112222119-e1110fd1c708/go.mod h1:LzIPMQfyMNhhGPh
 golang.org/x/crypto v0.0.0-20191122220453-ac88ee75c92c/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200128174031-69ecbb4d6d5d h1:9FCpayM9Egr1baVnV1SX0H87m+XB0B8S0hAMi99X/3U=
 golang.org/x/crypto v0.0.0-20200128174031-69ecbb4d6d5d/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200311171314-f7b00557c8c4 h1:QmwruyY+bKbDDL0BaglrbZABEali68eoMFhTZpCjYVA=
 golang.org/x/crypto v0.0.0-20200311171314-f7b00557c8c4/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -1158,8 +1136,6 @@ golang.org/x/net v0.0.0-20200202094626-16171245cfb2 h1:CCH4IOTTfewWjGOlSp+zGcjut
 golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b h1:0mm1VjtFUOIlE1SbDlwjYaDxZVDP2S5ou6y0gSgXHu8=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200301022130-244492dfa37a h1:GuSPYbZzB5/dcLNCwLQLsg3obCJtX9IJhpXkvY7kzk0=
-golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421 h1:Wo7BWFiOk0QRFMLYMqJGFMd9CgUAcGx7V+qEg/h5IBI=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -1323,7 +1299,6 @@ gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4=
 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=

mkdocs.yml

@@ -1,4 +1,4 @@
-site_name: Qlik Sense on Kubernetes CLI
+site_name: Qlik Sense installer
 repo_url: 'https://github.com/qlik-oss/sense-installer'
 strict: true
 theme:
@@ -19,5 +19,6 @@ nav:
   - getting_started.md
   - command_reference.md
   - concepts.md
+  - preflight_checks.md
   - air_gap.md
   - Releases ⧉: https://github.com/qlik-oss/sense-installer/releases

pkg/api/apis.go

@@ -1,9 +1,11 @@
 package api
 
 import (
+	"crypto/rsa"
 	"errors"
 	"fmt"
 	"io/ioutil"
+	"log"
 	"os"
 	"path/filepath"
 	"strings"
@@ -21,7 +23,6 @@ const (
 	qliksenseContextsDirName = "contexts"
 	qliksenseSecretsDirName  = "secrets"
 	qliksenseEjsonDirName    = "ejson"
-	QLIK_GIT_REPO            = "https://github.com/qlik-oss/qliksense-k8s"
 )
 
 // NewQConfig create QliksenseConfig object from file ~/.qliksense/config.yaml
@@ -143,66 +144,6 @@ func (cr *QliksenseCR) IsRepoExist() bool {
 	return true
 }
 
-func (cr *QliksenseCR) GetFetchUrl() string {
-	if cr.Spec.FetchSource == nil || cr.Spec.FetchSource.Repository == "" {
-		return QLIK_GIT_REPO
-	}
-	return cr.Spec.FetchSource.Repository
-}
-
-func (cr *QliksenseCR) GetFetchAccessToken(encryptionKey string) string {
-	if cr.Spec.FetchSource == nil {
-		return ""
-	}
-	if tok, err := cr.Spec.FetchSource.GetAccessToken(); err != nil {
-		fmt.Println(err)
-		return ""
-	} else {
-		by, _ := b64.StdEncoding.DecodeString(tok)
-		res, err := DecryptData(by, encryptionKey)
-		if err != nil {
-			fmt.Println(err)
-			return ""
-		}
-		return string(res)
-	}
-}
-
-func (cr *QliksenseCR) SetFetchUrl(url string) {
-	if cr.Spec.FetchSource == nil {
-		cr.Spec.FetchSource = &config.Repo{}
-	}
-	cr.Spec.FetchSource.Repository = url
-}
-
-func (cr *QliksenseCR) SetFetchAccessToken(token, encryptionKey string) error {
-	if cr.Spec.FetchSource == nil {
-		cr.Spec.FetchSource = &config.Repo{}
-	}
-	res, err := EncryptData([]byte(token), encryptionKey)
-	if err != nil {
-		return err
-	}
-	cr.Spec.FetchSource.AccessToken = b64.StdEncoding.EncodeToString(res)
-	return nil
-}
-
-func (cr *QliksenseCR) SetFetchAccessSecretName(sec string) {
-	if cr.Spec.FetchSource == nil {
-		cr.Spec.FetchSource = &config.Repo{}
-	}
-	cr.Spec.FetchSource.SecretName = sec
-}
-
-//DeleteRepo delete the manifest repo and unset manifestsRoot
-func (cr *QliksenseCR) DeleteRepo() error {
-	if err := os.RemoveAll(cr.Spec.ManifestsRoot); err != nil {
-		return err
-	}
-	cr.Spec.ManifestsRoot = ""
-	return nil
-}
-
 func (qc *QliksenseConfig) IsRepoExist(contextName, version string) bool {
 	if _, err := os.Lstat(qc.BuildRepoPathForContext(contextName, version)); err != nil {
 		return false
@@ -217,11 +158,6 @@ func (qc *QliksenseConfig) IsRepoExistForCurrent(version string) bool {
 	return true
 }
 
-func (qc *QliksenseConfig) DeleteRepoForCurrent(version string) error {
-	path := qc.BuildRepoPath(version)
-	return os.RemoveAll(path)
-}
-
 func (qc *QliksenseConfig) BuildRepoPath(version string) string {
 	return qc.BuildRepoPathForContext(qc.Spec.CurrentContext, version)
 }
@@ -322,9 +258,9 @@ func (qc *QliksenseConfig) GetCurrentContextSecretsDir() (string, error) {
 func (qc *QliksenseConfig) setDockerConfigJsonSecret(filename string, dockerConfigJsonSecret *DockerConfigJsonSecret) error {
 	if secretsDir, err := qc.GetCurrentContextSecretsDir(); err != nil {
 		return err
-	} else if encryptionKey, err := qc.GetEncryptionKeyForCurrent(); err != nil {
+	} else if publicKey, _, err := qc.GetCurrentContextEncryptionKeyPair(); err != nil {
 		return err
-	} else if dockerConfigJsonSecretYaml, err := dockerConfigJsonSecret.ToYaml(encryptionKey); err != nil {
+	} else if dockerConfigJsonSecretYaml, err := dockerConfigJsonSecret.ToYaml(publicKey); err != nil {
 		return err
 	} else if err := os.MkdirAll(secretsDir, os.ModePerm); err != nil {
 		return err
@@ -371,9 +307,9 @@ func (qc *QliksenseConfig) getDockerConfigJsonSecret(name string) (*DockerConfig
 		return nil, err
 	} else if dockerConfigJsonSecretYaml, err := ioutil.ReadFile(filepath.Join(secretsDir, name)); err != nil {
 		return nil, err
-	} else if encryptionKey, err := qc.GetEncryptionKeyForCurrent(); err != nil {
+	} else if _, privateKey, err := qc.GetCurrentContextEncryptionKeyPair(); err != nil {
 		return nil, err
-	} else if err := dockerConfigJsonSecret.FromYaml(dockerConfigJsonSecretYaml, encryptionKey); err != nil {
+	} else if err := dockerConfigJsonSecret.FromYaml(dockerConfigJsonSecretYaml, privateKey); err != nil {
 		return nil, err
 	}
 	return dockerConfigJsonSecret, nil
@@ -384,11 +320,11 @@ func (qc *QliksenseConfig) getCurrentContextEncryptionKeyPairLocation() (string,
 	if qcr, err := qc.GetCurrentCR(); err != nil {
 		return "", err
 	} else {
-		return qc.getContextEncryptionKeyLocation(qcr.GetName())
+		return qc.getContextEncryptionKeyPairLocation(qcr.GetName())
 	}
 }
 
-func (qc *QliksenseConfig) getContextEncryptionKeyLocation(contextName string) (string, error) {
+func (qc *QliksenseConfig) getContextEncryptionKeyPairLocation(contextName string) (string, error) {
 	// Check env var: QLIKSENSE_KEY_LOCATION to determine location to store keypair
 	var secretKeyPairLocation string
 	if os.Getenv("QLIKSENSE_KEY_LOCATION") != "" {
@@ -398,9 +334,9 @@ func (qc *QliksenseConfig) getContextEncryptionKeyLocation(contextName string) (
 		// QLIKSENSE_KEY_LOCATION has not been set, hence storing key pair in default location:
 		// /.qliksense/secrets/contexts/<current-context>/secrets/
 		secretKeyPairLocation = filepath.Join(qc.QliksenseHomePath, qliksenseSecretsDirName, qliksenseContextsDirName, contextName, qliksenseSecretsDirName)
-	}
 
-	return secretKeyPairLocation, os.MkdirAll(secretKeyPairLocation, os.ModePerm)
+	}
+	return secretKeyPairLocation, nil
 }
 
 func (qc *QliksenseConfig) GetCurrentContextEjsonKeyDir() (string, error) {
@@ -415,25 +351,52 @@ func (qc *QliksenseConfig) GetCurrentContextEjsonKeyDir() (string, error) {
 	}
 }
 
-func (qc *QliksenseConfig) GetEncryptionKeyForCurrent() (string, error) {
+func (qc *QliksenseConfig) GetCurrentContextEncryptionKeyPair() (*rsa.PublicKey, *rsa.PrivateKey, error) {
 	if qcr, err := qc.GetCurrentCR(); err != nil {
-		return "", err
+		return nil, nil, err
 	} else {
-		return qc.GetEncryptionKeyFor(qcr.GetName())
+		return qc.GetContextEncryptionKeyPair(qcr.GetName())
 	}
 }
 
-func (qc *QliksenseConfig) GetEncryptionKeyFor(contextName string) (string, error) {
-	secretKeyLocation, err := qc.getContextEncryptionKeyLocation(contextName)
+func (qc *QliksenseConfig) GetContextEncryptionKeyPair(contextName string) (*rsa.PublicKey, *rsa.PrivateKey, error) {
+	secretKeyPairLocation, err := qc.getContextEncryptionKeyPairLocation(contextName)
 	if err != nil {
-		return "", err
+		return nil, nil, err
 	}
-	key, err := LoadSecretKey(secretKeyLocation)
-	if key != "" {
-		return key, nil
+
+	publicKeyFilePath := filepath.Join(secretKeyPairLocation, QliksensePublicKey)
+	privateKeyFilePath := filepath.Join(secretKeyPairLocation, QliksensePrivateKey)
+	// try to create the dir if it doesn't exist
+	if !FileExists(publicKeyFilePath) || !FileExists(privateKeyFilePath) {
+		LogDebugMessage("Qliksense secretKeyLocation dir does not exist, creating it now: %s", secretKeyPairLocation)
+		if err := os.MkdirAll(secretKeyPairLocation, os.ModePerm); err != nil {
+			err = fmt.Errorf("Not able to create %s dir: %v", secretKeyPairLocation, err)
+			log.Println(err)
+			return nil, nil, err
+		}
+		// generating and storing key-pair
+		err1 := GenerateAndStoreSecretKeypair(secretKeyPairLocation)
+		if err1 != nil {
+			err1 = fmt.Errorf("Not able to generate and store key pair for encryption")
+			log.Println(err1)
+			return nil, nil, err1
+		}
+	}
+
+	if publicKeyBytes, err := ReadKeys(publicKeyFilePath); err != nil {
+		LogDebugMessage("Not able to read public key")
+		return nil, nil, err
+	} else if privateKeyBytes, err := ReadKeys(privateKeyFilePath); err != nil {
+		LogDebugMessage("Not able to read private key")
+		return nil, nil, err
+	} else if rsaPublicKey, err := DecodeToPublicKey(publicKeyBytes); err != nil {
+		return nil, nil, err
+	} else if rsaPrivateKey, err := DecodeToPrivateKey(privateKeyBytes); err != nil {
+		return nil, nil, err
+	} else {
+		return rsaPublicKey, rsaPrivateKey, nil
 	}
-	fmt.Println("Generating new encryption key for the context: " + contextName)
-	return GenerateAndStoreSecretKey(secretKeyLocation)
 }
 
 func (cr *QliksenseCR) AddLabelToCr(key, value string) {
@@ -458,6 +421,17 @@ func (cr *QliksenseCR) GetString() (string, error) {
 	return string(out), nil
 }
 
+func (cr *QliksenseCR) GetImageRegistry() string {
+	for _, nameValues := range cr.Spec.Configs {
+		for _, nameValue := range nameValues {
+			if nameValue.Name == "imageRegistry" {
+				return nameValue.Value
+			}
+		}
+	}
+	return ""
+}
+
 func (cr *QliksenseCR) GetK8sSecretsFolder(qlikSenseHomeDir string) string {
 	return filepath.Join(qlikSenseHomeDir, qliksenseContextsDirName, cr.GetName(), qliksenseSecretsDirName)
 }
@@ -495,7 +469,7 @@ func (cr *QliksenseCR) GetCustomCrdsPath() string {
 func (qc *QliksenseConfig) GetDecryptedCr(cr *QliksenseCR) (*QliksenseCR, error) {
 	newCr := &QliksenseCR{}
 	copier.Copy(newCr, cr)
-	encryptionKey, err := qc.GetEncryptionKeyFor(cr.GetName())
+	_, rsaPrivateKey, err := qc.GetCurrentContextEncryptionKeyPair()
 	if err != nil {
 		return nil, err
 	}
@@ -508,7 +482,7 @@ func (qc *QliksenseConfig) GetDecryptedCr(cr *QliksenseCR) (*QliksenseCR, error)
 				if err != nil {
 					return nil, err
 				}
-				db, err := DecryptData(b, encryptionKey)
+				db, err := Decrypt(b, rsaPrivateKey)
 				if err != nil {
 					return nil, err
 				}
@@ -521,11 +495,6 @@ func (qc *QliksenseConfig) GetDecryptedCr(cr *QliksenseCR) (*QliksenseCR, error)
 		finalSecrets[k] = newNvs
 	}
 	newCr.Spec.Secrets = finalSecrets
-
-	if newCr.Spec.FetchSource != nil && newCr.Spec.FetchSource.AccessToken != "" {
-		decData := cr.GetFetchAccessToken(encryptionKey)
-		newCr.Spec.FetchSource.AccessToken = decData
-	}
 	return newCr, nil
 }
 

pkg/api/apis_test.go

@@ -1,7 +1,6 @@
 package api
 
 import (
-	b64 "encoding/base64"
 	"fmt"
 	"io/ioutil"
 	"log"
@@ -53,6 +52,12 @@ spec:
     qliksense:
       - name: acceptEULA
         value: "yes"
+  secrets:
+    qliksense:
+    - name: mongoDbUri
+      # this is rsa encrypted value, the pub and pri keys are in setuPublicAndPrivateKey() method
+      # actual value: mongodb://qlik-default-mongodb:27017/qliksense?ssl=false
+      value: n/pDi7Z/A3i16cAHFFwMp19/egNKc8WZxm6MKHLT/B1DMv3U6pDXWyXT5fYYDV1wDTO3Vk43yECST1UgZYmMpgUOwgSfGgqTVi2VqS0JQsnwI+Twwhnvha8RJANX8b/XIoSFVWaOgy7+RP35ZkvOqHdCfC2aT8JMIHgBQqqCbsNgimCuRSxi0klR000ic/Tp5PYSz5mD+WLrkPw2FbS0OVBsQ/hIp5GZrmVpvEOZdbT63Sz+n/G4Br6GTv2LkZcU7JBuKQm2wfB+mRjJmJnNrPawLfn2UZ89Rz0BLwIy+6b24/RoIUgoNowfGkJreGiwItGK8fjCcx11oavK/yAo6pYZXCcru46pmHbxxle1OlkdTKkG6EVtJuKjSZXtVmBHZYRFzsR7HnAiXnL7QzSEcS7ieZlQvTmNLfpidJhK199oSbyKREqXGl2S8DzPKM9RLccVbQTy6X8qWimP3MYCnO4K0KoQnNQAgfuV8ZxnvdDecByLDPIpmFMGy0Xm9pUZWxmSoDBq+p5WBI2HdCX2gCYVv5yxS2iBqO5SMKo8iOglHtPI9NIMvloERdN1vZtxSRkY5uDEfrU9ysYwfayEXxvXmdWv0HxlotcgUinP02j7k+OfIapTmY/jGfvF4euyCGRKuJ9JlSD9pIiRdAcekjL6hCxXLJLdajCV4sL/YDo=
 `
 	ctx1Dir := filepath.Join(homeDir, "contexts", "contx1")
 	crFile := filepath.Join(ctx1Dir, "contx1.yaml")
@@ -101,16 +106,13 @@ func TestGetDecryptedCr(t *testing.T) {
 		t.Fail()
 		t.Log(e)
 	}
-
 	qcr, err := qct.GetCurrentCR()
+	if err != nil {
+		t.Fail()
+		t.Log(err)
+	}
 
-	key, _ := setupGenerateKey(dir)
-	ecn, _ := EncryptData([]byte("mongodb://qlik-default-mongodb:27017/qliksense?ssl=false"), key)
-	b := b64.StdEncoding.EncodeToString(ecn)
-	qcr.Spec.AddToSecrets("qliksense", "mongoDbUri", b, "")
-
-	qcr.SetFetchAccessToken("mytoken", key)
-
+	setuPublicAndPrivateKey(dir)
 	newCr, err := qct.GetDecryptedCr(qcr)
 	if err != nil {
 		t.Fail()
@@ -127,12 +129,77 @@ func TestGetDecryptedCr(t *testing.T) {
 	if decryptedValue == orignalValue {
 		t.Fail()
 	}
-	if newCr.Spec.FetchSource.AccessToken != "mytoken" {
-		t.Fail()
-	}
 	td()
 }
-func setupGenerateKey(homeDir string) (string, error) {
+func setuPublicAndPrivateKey(homeDir string) ([]byte, []byte, error) {
+	privKeyBytes := []byte(`-----BEGIN RSA PRIVATE KEY-----
+MIIJJwIBAAKCAgEAwUCimKCidbF3UxEHPy8K+hvhklRB9JYhj5sJy0if4lTVibkK
+1MrYCykOnmC40pPU9GLY1b8HxAg9tvyRn0YHUxOra6vVQaVcOVJhTM8D18d+lSr3
+Lp1yiX+UGT4nzWI9+R1CCbwXrqeQVoZs6QZKynEXMkFI9/wNMOwPOvQFOSTuoEoC
+O+zyTyUWEkNbUq825ELUQdIsjgmlWUOONudxsAr7ESRXW9QTHVh6uWmr3VRKZHby
+1JdU3I/wjdlGg5M2dDuXy5nQO9w/nYLjJXiw+zzOetZ/+t7/VOkOpNTeJQhwTM1W
+F7Y2VLetbi9FHgyzHatrduh07+XEiTbgDf3GIx2bp2p6oh0G3N2zpiLcK/aZj8ro
+uWWydfFfsU3MZ4FfJDP8I6b9awxjmKYqIr6hiPQCJaLBED8mwK+I5evIbnKv6E6u
+K+BApWA/R7ElragoFYbqQ1VpvntVMtJt9Dy5ZrI+IQARdXD3bb34oh0IPBhClnvv
+MUc1cWxDoXEX6oJ4I+LzxE87Zkwnan9qOwengolMVKFwPx1o37qrbmrXID21kKt7
+FL6xN4HxHLkItr1fKzdyWDFRHgASTAWfx5BIwvPuUW0vZHkvO80VyV2L63whVhPn
+PASmFkbviomrBttYfpr2aGQqF/qR1Nlxe834MFxk1pS9LMa/WnzvFr0gWakCAwEA
+AQKCAgARSp9B2N2wejibDiL/3E23I1eDqFZedDB8kPrHXbAwqDaTJCN79spt9TaB
+pVXkQaYEV/Pe7EDdoX8kKGU/QxzUqiXkdHOYdBtUZbKfFMbbP9ZrsnR7j0r4UpoF
+yDH3hprU93E5PcNAtW2M0GpeT1nR01yn+n908PCdOAIE3GC7RDq1zOl2QzVLL55R
+9ATv2Q2oTvJ/ETc7XlGVMx4+e2cIwXLFjeLjLI6pSYlxnarrGuetJZeEviWxto9n
+odFVZI6yx8JFTXX8ZTCr/1IjwDDVyhMPmrHI2Lsv9cqBpSpbVe32cUkKxhsGaYjz
+GvesQKamOPhco2ATNxPm0yopFlPsGKMfVl0BK0J6BqFh1BvU/SYJmXfnFuUNO3vV
+4u2Saa0q1iddxV0rXDwIqUfn+S6rwzK0G7y8bH2yvpB2VwiG3TFPnULep4wsefNq
+Fj92kqFBjacGpQLEEslUY0CMgeZ2+NuBQSUTscP3wBRsottMR6YXJtINdvfHBx+e
+EcN71z8D00w3mYqIQ7qb4Ml6HOqknunn58g43L9sACMUMTlEBXa9pUnScNYgWBAz
+W2q2mH37cIydM2JRZPpA8B4yTHt5ugJmChwyNFM7941arjKrebH+6AzLkofGedOP
+zg+vZQuPEXWs+3MBBnkWoyJW3Y0fbQdjsuQTtnd+7iyoxoBroQKCAQEA4dIiFlIS
+MDfRhQQWSiDvaw9aneDEJ3uo63ZRH5tm/IynLgtjYgEm/ZxlBCQgqRKLYELBxhu8
+SaF0uPK8pmpFJt0mIwSlsdeVhuE2obQeKUCczaqrKeaHS3PdWLjTlwph81BGRkHy
+qfqtNylyyMxrdEbnR51EtsWgFq6anTUAui1Q09JMuMNZRMOzDs1F4gExgD22rc0V
+c9YQ+jHJRxBGtNKMpMEqc8cvaxBidbItrN9SMTSWog7uYPBuEuaJ6K9vpgyJMOzJ
+SYcQEFGqgIqIDCg+ABE4d/4YROMKZ1DV/bJCind9brUHSx6XALsF0nC5c1Q9TnUL
+qI2khOwts4KYKwKCAQEA2xRC6Az97Vkdzu7BjLJ1FKmx4S2nEEgVS12ds82U+5Xf
+BHKAJnjqlqmmpzzJG+d77IYktz0+mey1QCNkqlm2fhuKs8LZMnpZRf0l8VcoBsUP
+/xKz7wfiE7RRFZtLJhPp4hhe43GzX5/JFMWMnC6UykwQbj4t1E/GNM/Suqwvg12M
+wktAJ6nqLgfhjQSO4xWo+nPzcbX+fNtrPCZVrBhYXihhcwRRNImWUCGJ6J4LMdPY
+Y9Z59qhOvE9cReH/Xw1av46omyiSyAqlgPyZ/kzA2IJSqYCjiQR/2+RD/g13jpcJ
+jatXLVZ8MJSL5OTS40G/HHTNNpNHbKKh0GOyxBA3ewKCAQBAn8UXhCcmW2L/YPsL
+/b7mcX9qPP+FmRLvR23R0MQ5M/tH5wRq8I969n3GIJykJeVzB8eybQ+GNslTgEvS
+iAkAJTubu+G7MkndTqg2wHf9MDtvdA8Fr646Po8yq7oJuHPtkKR7yLWsRUu6xIbP
+xgheP0hCq1QVxhqZQyCGKrvpi7xc0gsYuPbcAfFFJCOCmPrUi1SzCkTAYJt9LjA+
+wP6rErIjGBCRD4iXaBn1OqdtmH9KC5WsDP/VCBlIGWeQCly2NVIxiSHVg+xp7yUP
+IhXq/L05gbQaSsIhPKQmivCiaJg4The8TdwneDqYf+0bmxzHT203/bD3bImPbJNr
+ksz/AoIBAEwu4Y1cZzkQUmNRd5D7xecnk6ngfEYXKwCIT3zlMrfCSEl9n77BMaKu
+4Dsr0iuX9eosQ7xM2eYhAG6LYEg05lc4MKWOToVVMpI6E+W3Dz47bPKgiF3I+f8s
+Jz5CQIG/TwfGvciOE3hfUkec4ua09BzdEqGjkcBQ9XYMBxXPJr6h2379OBQS7FKR
+fwfQ2/dv4tElXTTfut2kV8gU9Jnh5Wjo1epvR+XjKpg28YQo4W+0YX1magcyRB8L
+4eSTUIC3XiVa8Jr0IwbZXPBb5xkdi7o+p4w2JahSHjxTRqmj+T1mnHXdbXVgq9Mg
+9Pzl7cgFZvX4UBx4XtASRf73jITNtt0CggEADH9K+O7FrIOSQly0sMvsRCMtejp3
+o+MDh1Q+vEg2kEgNXjS4ZFVljUpM2kg1OdUz7feS4dLXUJiIQ8ZWtZPedcq7wjHd
+02he5+s06l0jPifN3tX1ADfXGpXg5R2fbkrIzakkPP5/RO/aDxIUo7qhklNsVTXO
+VlGGfWLdk0ekA4upKm02Q1+YOlbIcAicEYYY8K7IffUwnohzKwL9yfuGi1VKTXpE
+4fzdegsHI03FSqR7V+LvtBpIupQ7RO4kuBmCEyI4E9FVknchg4te4gO3qwd9y0rJ
+Gu7HNIOrwOHzviI7J6Nd/l9MmeKqklHSgJvko/f5TmiXuQQ8xDZf84rcjQ==
+-----END RSA PRIVATE KEY-----
+`)
+
+	publicKeyBytes := []byte(`-----BEGIN RSA PUBLIC KEY-----
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwUCimKCidbF3UxEHPy8K
++hvhklRB9JYhj5sJy0if4lTVibkK1MrYCykOnmC40pPU9GLY1b8HxAg9tvyRn0YH
+UxOra6vVQaVcOVJhTM8D18d+lSr3Lp1yiX+UGT4nzWI9+R1CCbwXrqeQVoZs6QZK
+ynEXMkFI9/wNMOwPOvQFOSTuoEoCO+zyTyUWEkNbUq825ELUQdIsjgmlWUOONudx
+sAr7ESRXW9QTHVh6uWmr3VRKZHby1JdU3I/wjdlGg5M2dDuXy5nQO9w/nYLjJXiw
++zzOetZ/+t7/VOkOpNTeJQhwTM1WF7Y2VLetbi9FHgyzHatrduh07+XEiTbgDf3G
+Ix2bp2p6oh0G3N2zpiLcK/aZj8rouWWydfFfsU3MZ4FfJDP8I6b9awxjmKYqIr6h
+iPQCJaLBED8mwK+I5evIbnKv6E6uK+BApWA/R7ElragoFYbqQ1VpvntVMtJt9Dy5
+ZrI+IQARdXD3bb34oh0IPBhClnvvMUc1cWxDoXEX6oJ4I+LzxE87Zkwnan9qOwen
+golMVKFwPx1o37qrbmrXID21kKt7FL6xN4HxHLkItr1fKzdyWDFRHgASTAWfx5BI
+wvPuUW0vZHkvO80VyV2L63whVhPnPASmFkbviomrBttYfpr2aGQqF/qR1Nlxe834
+MFxk1pS9LMa/WnzvFr0gWakCAwEAAQ==
+-----END RSA PUBLIC KEY-----
+`)
 	secretKeyPairDir := filepath.Join(homeDir, "secrets", "contexts", "contx1", "secrets")
 	if err := os.MkdirAll(secretKeyPairDir, 0777); err != nil {
 		err = fmt.Errorf("Not able to create directories")
@@ -140,33 +207,19 @@ func setupGenerateKey(homeDir string) (string, error) {
 	}
 	os.Setenv("QLIKSENSE_KEY_LOCATION", secretKeyPairDir)
 
-	key, _ := LoadSecretKey(secretKeyPairDir)
-
-	if key == "" {
-		return GenerateAndStoreSecretKey(secretKeyPairDir)
+	privKeyFile := filepath.Join(secretKeyPairDir, "qliksensePriv")
+	// construct and write priv key file into secretsDir location
+	err := ioutil.WriteFile(privKeyFile, privKeyBytes, 0777)
+	if err != nil {
+		log.Printf("Error while creating file: %v", err)
+		return nil, nil, err
 	}
-	return key, nil
-}
-
-func Test_set_and_get_fetch_access_token(t *testing.T) {
-	td, homeDir := setup()
-	defer td()
-	createCRFile(homeDir)
-	crFile := filepath.Join("contexts", "contx1", "contx1.yaml")
-	qConfig := NewQConfig(homeDir)
-	newQ, _ := qConfig.SetCrLocation("contx1", crFile)
-	newQ.Write()
-	qConfig = NewQConfig(homeDir)
-	qcr, _ := qConfig.GetCurrentCR()
-	key, _ := qConfig.GetEncryptionKeyFor(qcr.GetName())
-	if err := qcr.SetFetchAccessToken("mytokenbeforeencryption", key); err != nil {
-		t.Log(err)
-		t.FailNow()
-	}
-	tok := qcr.GetFetchAccessToken(key)
-	if tok != "mytokenbeforeencryption" {
-		t.Log("Expected: mytokenbeforeencryption, got: " + tok)
-		t.Fail()
-	}
-
+	pubKeyFile := filepath.Join(secretKeyPairDir, "qliksensePub")
+	// construct and write pub key file into secretsDir location
+	err = ioutil.WriteFile(pubKeyFile, publicKeyBytes, 0777)
+	if err != nil {
+		log.Printf("Error while creating file: %v", err)
+		return nil, nil, err
+	}
+	return publicKeyBytes, privKeyBytes, nil
 }

pkg/api/context_apis.go

@@ -109,7 +109,6 @@ func ReadFromFile(content interface{}, sourceFile string) error {
 	if e != nil {
 		return e
 	}
-	defer file.Close()
 	return ReadFromStream(content, file)
 }
 

pkg/api/copy.go

@@ -1,8 +0,0 @@
-package api
-
-import "github.com/otiai10/copy"
-
-//copy source directory to destination
-func CopyDirectory(source string, dest string) error {
-	return copy.Copy(source, dest)
-}

pkg/api/copy_test.go

@@ -1,101 +0,0 @@
-package api
-
-import (
-	"io/ioutil"
-	"os"
-	"path"
-	"path/filepath"
-	"testing"
-
-	kapis_git "github.com/qlik-oss/k-apis/pkg/git"
-	"sigs.k8s.io/kustomize/api/filesys"
-	"sigs.k8s.io/kustomize/api/konfig"
-	"sigs.k8s.io/kustomize/api/krusty"
-	"sigs.k8s.io/kustomize/api/types"
-)
-
-func TestCopyDirectory(t *testing.T) {
-	src, _ := ioutil.TempDir("", "")
-	f1, _ := ioutil.TempFile(src, "")
-	ioutil.TempFile(src, "")
-
-	dest, _ := ioutil.TempDir("", "")
-	CopyDirectory(src, dest)
-	if _, err := os.Lstat(filepath.Join(dest, filepath.Base(f1.Name()))); err != nil {
-		t.Log(err)
-		t.Fail()
-	}
-}
-
-func TestCopyDirectory_withGit_withKuz(t *testing.T) {
-	if testing.Short() {
-		t.Skip("Skipping in short test mode")
-	}
-
-	tmpDir1, err := ioutil.TempDir("", "")
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-	defer os.RemoveAll(tmpDir1)
-
-	tmpDir2, err := ioutil.TempDir("", "")
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-	defer os.RemoveAll(tmpDir2)
-
-	repoPath1 := path.Join(tmpDir1, "repo")
-	repo1, err := kapis_git.CloneRepository(repoPath1, "https://github.com/qlik-oss/qliksense-k8s", nil)
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-
-	if err := CopyDirectory(repoPath1, tmpDir2); err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-
-	repoPath2 := tmpDir2
-	repo2, err := kapis_git.OpenRepository(repoPath2)
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-
-	if err := kapis_git.Checkout(repo2, "v0.0.2", "", nil); err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-
-	repo2Manifest, err := kuz(path.Join(repoPath2, "manifests", "docker-desktop"))
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-
-	if err := kapis_git.Checkout(repo1, "v0.0.2", "", nil); err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-
-	repo1Manifest, err := kuz(path.Join(repoPath1, "manifests", "docker-desktop"))
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-
-	if string(repo2Manifest) != string(repo1Manifest) {
-		t.Logf("manifest generated on the original config:\n%v", string(repo1Manifest))
-		t.Logf("manifest generated on the copied config:\n%v", string(repo2Manifest))
-		t.Fatal("expected manifests to be equal, but they were not")
-	}
-}
-
-func kuz(directory string) ([]byte, error) {
-	options := &krusty.Options{
-		DoLegacyResourceSort: false,
-		LoadRestrictions:     types.LoadRestrictionsNone,
-		DoPrune:              false,
-		PluginConfig:         konfig.DisabledPluginConfig(),
-	}
-	k := krusty.MakeKustomizer(filesys.MakeFsOnDisk(), options)
-	resMap, err := k.Run(directory)
-	if err != nil {
-		return nil, err
-	}
-	return resMap.AsYaml()
-}

pkg/api/docker_registry_secret.go

@@ -1,6 +1,7 @@
 package api
 
 import (
+	"crypto/rsa"
 	"encoding/base64"
 	"encoding/json"
 	"errors"
@@ -26,14 +27,14 @@ func (kdcjt *k8sDockerConfigJsonType) GenerateAuth() {
 }
 
 type DockerConfigJsonSecret struct {
-	Name     string
-	Uri      string
-	Username string
-	Password string
-	Email    string
+	Name      string
+	Uri       string
+	Username  string
+	Password  string
+	Email     string
 }
 
-func (d *DockerConfigJsonSecret) ToYaml(encryptionKey string) ([]byte, error) {
+func (d *DockerConfigJsonSecret) ToYaml(encryptionKey *rsa.PublicKey) ([]byte, error) {
 	k8sDockerConfigJson := k8sDockerConfigJsonType{
 		Username: d.Username,
 		Password: d.Password,
@@ -50,8 +51,8 @@ func (d *DockerConfigJsonSecret) ToYaml(encryptionKey string) ([]byte, error) {
 		return nil, err
 	}
 	var k8sDockerConfigJsonMapMaybeEncryptedBytes []byte
-	if encryptionKey != "" {
-		if k8sDockerConfigJsonMapMaybeEncryptedBytes, err = EncryptData(k8sDockerConfigJsonMapBytes, encryptionKey); err != nil {
+	if encryptionKey != nil {
+		if k8sDockerConfigJsonMapMaybeEncryptedBytes, err = Encrypt(k8sDockerConfigJsonMapBytes, encryptionKey); err != nil {
 			return nil, err
 		}
 	} else {
@@ -64,7 +65,7 @@ func (d *DockerConfigJsonSecret) ToYaml(encryptionKey string) ([]byte, error) {
 			Kind:       "Secret",
 		},
 		ObjectMeta: metav1.ObjectMeta{
-			Name: d.Name,
+			Name:      d.Name,
 		},
 		Type: v1.SecretTypeDockerConfigJson,
 		Data: map[string][]byte{
@@ -75,7 +76,7 @@ func (d *DockerConfigJsonSecret) ToYaml(encryptionKey string) ([]byte, error) {
 	return K8sSecretToYaml(k8sSecret)
 }
 
-func (d *DockerConfigJsonSecret) FromYaml(secretBytes []byte, decryptionKey string) error {
+func (d *DockerConfigJsonSecret) FromYaml(secretBytes []byte, decryptionKey *rsa.PrivateKey) error {
 	k8sDockerConfigJsonMap := k8sDockerConfigJsonMapType{}
 	if k8sSecret, err := K8sSecretFromYaml(secretBytes); err != nil {
 		return err
@@ -85,7 +86,7 @@ func (d *DockerConfigJsonSecret) FromYaml(secretBytes []byte, decryptionKey stri
 		return errors.New("not a kubernetes.io/dockerconfigjson type")
 	} else if k8sDockerConfigJsonMapEncryptedBytes, ok := k8sSecret.Data[".dockerconfigjson"]; !ok {
 		return errors.New("secret data is missing a value for the .dockerconfigjson key")
-	} else if k8sDockerConfigJsonMapBytes, err := DecryptData(k8sDockerConfigJsonMapEncryptedBytes, decryptionKey); err != nil {
+	} else if k8sDockerConfigJsonMapBytes, err := Decrypt(k8sDockerConfigJsonMapEncryptedBytes, decryptionKey); err != nil {
 		return errors.New("secret data is missing a value for the .dockerconfigjson key")
 	} else if err := json.Unmarshal(k8sDockerConfigJsonMapBytes, &k8sDockerConfigJsonMap); err != nil {
 		return err

pkg/api/docker_registry_secret_test.go

@@ -1,6 +1,8 @@
 package api
 
 import (
+	"crypto/rand"
+	"crypto/rsa"
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
@@ -12,21 +14,21 @@ import (
 
 func TestDockerConfigJsonSecret(t *testing.T) {
 	dockerConfigJsonSecret := DockerConfigJsonSecret{
-		Name:     "some-name",
-		Uri:      "some-uri",
-		Username: "some-username",
-		Password: "some-password",
-		Email:    "some-email",
+		Name:      "some-name",
+		Uri:       "some-uri",
+		Username:  "some-username",
+		Password:  "some-password",
+		Email:     "some-email",
 	}
 	dockerConfigJsonSecretFromYaml := DockerConfigJsonSecret{}
 	validYamlMap := map[string]interface{}{}
 
-	encryptionKey, err := GenerateKey()
+	privateKey, err := rsa.GenerateKey(rand.Reader, RSA_KEY_LENGTH)
 	if err != nil {
 		t.Fatalf("error generating RSA private key: %v\n", err)
 	}
 
-	dockerConfigJsonSecretYamlBytes, err := dockerConfigJsonSecret.ToYaml(encryptionKey)
+	dockerConfigJsonSecretYamlBytes, err := dockerConfigJsonSecret.ToYaml(&privateKey.PublicKey)
 	dockerConfigJsonMap := map[string]interface{}{}
 	if err != nil {
 		t.Fatalf("error converting secret to yaml: %v", err)
@@ -41,7 +43,7 @@ func TestDockerConfigJsonSecret(t *testing.T) {
 		t.Fatalf("no .dockerconfigjson data key in the secret yaml: %v", string(dockerConfigJsonSecretYamlBytes))
 	} else if dockerConfigJsonEncryptedBytes, err := base64.StdEncoding.DecodeString(dockerConfigJsonBytesBase64.(string)); err != nil {
 		t.Fatalf("error decoding dockerConfigJsonBytes from base64: %v", err)
-	} else if dockerConfigJsonBytes, err := DecryptData(dockerConfigJsonEncryptedBytes, encryptionKey); err != nil {
+	} else if dockerConfigJsonBytes, err := Decrypt(dockerConfigJsonEncryptedBytes, privateKey); err != nil {
 		t.Fatalf("error decrypting dockerConfigJsonBytes: %v", err)
 	} else if err := json.Unmarshal(dockerConfigJsonBytes, &dockerConfigJsonMap); err != nil {
 		t.Fatalf("error unmarshalling dockerConfigJson from json: %v", err)
@@ -61,7 +63,7 @@ func TestDockerConfigJsonSecret(t *testing.T) {
 	}
 
 	t.Logf("dockerConfigJsonSecretYaml: \n%v\n", string(dockerConfigJsonSecretYamlBytes))
-	if err := dockerConfigJsonSecretFromYaml.FromYaml(dockerConfigJsonSecretYamlBytes, encryptionKey); err != nil {
+	if err := dockerConfigJsonSecretFromYaml.FromYaml(dockerConfigJsonSecretYamlBytes, privateKey); err != nil {
 		t.Fatalf("error reading secret in from yaml: %v", err)
 	} else if !reflect.DeepEqual(dockerConfigJsonSecret, dockerConfigJsonSecretFromYaml) {
 		t.Fatalf("secret: %v does not equal secret: %v", dockerConfigJsonSecret, dockerConfigJsonSecretFromYaml)

pkg/api/encryption.go

@@ -1,42 +1,58 @@
 package api
 
 import (
-	"crypto/aes"
-	"crypto/cipher"
 	"crypto/rand"
-	"encoding/hex"
-	"errors"
+	"crypto/rsa"
+	"crypto/x509"
+	"encoding/pem"
 	"fmt"
-	"io"
 	"io/ioutil"
 	"log"
 	"path/filepath"
 )
 
 const (
-	key_file_name = "user_secret_key"
+	RSA_KEY_LENGTH = 4096
+
+	QliksensePublicKey  = "qliksensePub"
+	QliksensePrivateKey = "qliksensePriv"
 )
 
-// GenerateAndStoreSecretKey generates and stores key
-func GenerateAndStoreSecretKey(secretsDir string) (string, error) {
-	// creating contexts/qlik-default/secrets/user_secret_key
-	keyFile := filepath.Join(secretsDir, key_file_name)
-	key, err := GenerateKey()
-	if err != nil {
-		return "", err
-	}
-	if err := writeContentToFile([]byte(key), keyFile); err != nil {
-		return "", err
-	}
-	return key, nil
+// GenerateAndStoreSecretKeypair generates and stores key pairs
+func GenerateAndStoreSecretKeypair(secretsPath string) error {
+	LogDebugMessage("%s exists", secretsPath)
+	// creating contexts/qlik-default/secrets/qliksensePub and contexts/qlik-default/secrets/qliksensePriv files
+	publicKeyFilePath := filepath.Join(secretsPath, QliksensePublicKey)
+	privateKeyFilePath := filepath.Join(secretsPath, QliksensePrivateKey)
+	LogDebugMessage("Generating public-private key pair.....")
+	GenerateRSAEncryptionKeys(publicKeyFilePath, privateKeyFilePath)
+	LogDebugMessage("Generated public-private key pairs")
+
+	return nil
 }
-func LoadSecretKey(secretsDir string) (string, error) {
-	keyFile := filepath.Join(secretsDir, key_file_name)
-	by, err := ioutil.ReadFile(keyFile)
+
+// GenerateRSAEncryptionKeys is used to generate a new public-private key pair
+func GenerateRSAEncryptionKeys(publicKeyFilePath, privateKeyFilePath string) error {
+	LogDebugMessage("Generating new RSA key pair")
+	privateKey, err := rsa.GenerateKey(rand.Reader, RSA_KEY_LENGTH)
 	if err != nil {
-		return "", err
+		log.Printf("error generating RSA private key: %v\n", err)
+		return err
 	}
-	return string(by), nil
+
+	privateKeyPEM := EncodePrivateKey(privateKey)
+	if err := writeContentToFile(privateKeyPEM, privateKeyFilePath); err != nil {
+		return err
+	}
+	pubKeyPEM, err2 := EncodePublicKey(&privateKey.PublicKey)
+	if err2 != nil {
+		log.Printf("error occurred when encoding public key: %v\n", err2)
+		return err2
+	}
+	if err := writeContentToFile(pubKeyPEM, publicKeyFilePath); err != nil {
+		return err
+	}
+	return nil
 }
 
 // writeContentToFile writes keys to a file
@@ -49,54 +65,104 @@ func writeContentToFile(keyData []byte, fileName string) error {
 	return nil
 }
 
-func GenerateKey() (string, error) {
-	salt := make([]byte, 32)
-	if _, err := rand.Read(salt); err != nil {
-		return "", err
+// Encrypt encrypts data with public key
+func Encrypt(pt []byte, pub *rsa.PublicKey) ([]byte, error) {
+	//hash := sha512.New()
+	//ct, err := rsa.EncryptOAEP(hash, rand.Reader, pub, pt, nil)
+	ct, err := rsa.EncryptPKCS1v15(rand.Reader, pub, pt)
+	if err != nil {
+		log.Println(err)
+		return nil, err
 	}
-	s := fmt.Sprintf("%x", salt)
-	return s, nil
+	return ct, nil
 }
 
-func EncryptData(plaintext []byte, userKey string) ([]byte, error) {
-	key, _ := hex.DecodeString(userKey)
-
-	block, err := aes.NewCipher(key)
+// Decrypt decrypts data with private key
+func Decrypt(ct []byte, priv *rsa.PrivateKey) ([]byte, error) {
+	// hash := sha512.New()
+	// plaintext, err := rsa.DecryptOAEP(hash, rand.Reader, priv, ciphertext, nil)
+	pt, err := rsa.DecryptPKCS1v15(rand.Reader, priv, ct)
 	if err != nil {
+		log.Println(err)
 		return nil, err
 	}
-
-	aesgcm, err := cipher.NewGCM(block)
-	if err != nil {
-		return nil, err
-	}
-	nonce := make([]byte, aesgcm.NonceSize())
-	if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
-		return nil, err
-	}
-
-	return aesgcm.Seal(nonce, nonce, plaintext, nil), nil
+	return pt, nil
 }
 
-func DecryptData(ciphertext []byte, userKey string) ([]byte, error) {
-	key, _ := hex.DecodeString(userKey)
-	block, err := aes.NewCipher(key)
+// EncodePrivateKey private key to bytes
+func EncodePrivateKey(priv *rsa.PrivateKey) []byte {
+	privBytes := pem.EncodeToMemory(
+		&pem.Block{
+			Type:  "RSA PRIVATE KEY",
+			Bytes: x509.MarshalPKCS1PrivateKey(priv),
+		},
+	)
+
+	return privBytes
+}
+
+// EncodePublicKey public key to bytes
+func EncodePublicKey(pub *rsa.PublicKey) ([]byte, error) {
+	pubASN1, err := x509.MarshalPKIXPublicKey(pub)
 	if err != nil {
+		log.Println(err)
 		return nil, err
 	}
 
-	aesgcm, err := cipher.NewGCM(block)
-	if err != nil {
-		return nil, err
-	}
-	nonceSize := aesgcm.NonceSize()
-	if len(ciphertext) < nonceSize {
-		return nil, errors.New("ciphertext too short")
-	}
-	nonce, ciphertext := ciphertext[:nonceSize], ciphertext[nonceSize:]
-	plaintext, err := aesgcm.Open(nil, nonce, ciphertext, nil)
-	if err != nil {
-		return nil, err
-	}
-	return plaintext, nil
+	pubBytes := pem.EncodeToMemory(&pem.Block{
+		Type:  "RSA PUBLIC KEY",
+		Bytes: pubASN1,
+	})
+
+	return pubBytes, nil
+}
+
+// DecodeToPrivateKey bytes to private key
+func DecodeToPrivateKey(priv []byte) (*rsa.PrivateKey, error) {
+	block, _ := pem.Decode(priv)
+	enc := x509.IsEncryptedPEMBlock(block)
+	b := block.Bytes
+	var err error
+	if enc {
+		log.Println("is encrypted pem block")
+		b, err = x509.DecryptPEMBlock(block, nil)
+		if err != nil {
+			log.Println(err)
+			return nil, err
+		}
+	}
+	key, err := x509.ParsePKCS1PrivateKey(b)
+	if err != nil {
+		log.Println(err)
+		return nil, err
+	}
+	return key, nil
+}
+
+// DecodeToPublicKey bytes to public key
+func DecodeToPublicKey(pub []byte) (*rsa.PublicKey, error) {
+	block, _ := pem.Decode(pub)
+	enc := x509.IsEncryptedPEMBlock(block)
+	b := block.Bytes
+	var err error
+	if enc {
+		log.Println("is encrypted pem block")
+		b, err = x509.DecryptPEMBlock(block, nil)
+		if err != nil {
+			log.Println(err)
+			return nil, err
+		}
+	}
+	iface, err := x509.ParsePKIXPublicKey(b)
+	if err != nil {
+		log.Println(err)
+		return nil, err
+	}
+	key, ok := iface.(*rsa.PublicKey)
+	if !ok {
+		err := fmt.Errorf("Unable to decode public key")
+		log.Println(err)
+		return nil, err
+	}
+	return key, nil
 }

pkg/api/encryption_test.go

@@ -1,29 +1,128 @@
 package api
 
 import (
+	"encoding/base64"
+	"log"
+	"os"
 	"testing"
 )
 
-func Test_encrypt_decrypt(t *testing.T) {
-	key, err := GenerateKey()
-	if err != nil {
-		t.Log(err)
-		t.FailNow()
+func Test_generateRSAEncryptionKeys(t *testing.T) {
+	tests := []struct {
+		name    string
+		wantErr bool
+	}{
+		{
+			name:    "valid case",
+			wantErr: false,
+		},
 	}
-	testData := "this is a secret value"
-	enc, err := EncryptData([]byte(testData), key)
-	if err != nil {
-		t.Log(err)
-		t.FailNow()
-	}
-	dec, err := DecryptData(enc, key)
-	if err != nil {
-		t.Log(err)
-		t.FailNow()
-	}
-	if testData != string(dec) {
-		t.Log("expected: " + testData)
-		t.Log("actual: " + string(dec))
-		t.Fail()
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if err := GenerateAndStoreSecretKeypair(os.TempDir()); (err != nil) != tt.wantErr {
+				t.Errorf("generateRSAEncryptionKeys() error = %v, wantErr %v", err, tt.wantErr)
+			}
+		})
+	}
+}
+
+func Test_encryption_decryption(t *testing.T) {
+	privKeyBytes := []byte(`-----BEGIN RSA PRIVATE KEY-----
+MIIJJwIBAAKCAgEAwUCimKCidbF3UxEHPy8K+hvhklRB9JYhj5sJy0if4lTVibkK
+1MrYCykOnmC40pPU9GLY1b8HxAg9tvyRn0YHUxOra6vVQaVcOVJhTM8D18d+lSr3
+Lp1yiX+UGT4nzWI9+R1CCbwXrqeQVoZs6QZKynEXMkFI9/wNMOwPOvQFOSTuoEoC
+O+zyTyUWEkNbUq825ELUQdIsjgmlWUOONudxsAr7ESRXW9QTHVh6uWmr3VRKZHby
+1JdU3I/wjdlGg5M2dDuXy5nQO9w/nYLjJXiw+zzOetZ/+t7/VOkOpNTeJQhwTM1W
+F7Y2VLetbi9FHgyzHatrduh07+XEiTbgDf3GIx2bp2p6oh0G3N2zpiLcK/aZj8ro
+uWWydfFfsU3MZ4FfJDP8I6b9awxjmKYqIr6hiPQCJaLBED8mwK+I5evIbnKv6E6u
+K+BApWA/R7ElragoFYbqQ1VpvntVMtJt9Dy5ZrI+IQARdXD3bb34oh0IPBhClnvv
+MUc1cWxDoXEX6oJ4I+LzxE87Zkwnan9qOwengolMVKFwPx1o37qrbmrXID21kKt7
+FL6xN4HxHLkItr1fKzdyWDFRHgASTAWfx5BIwvPuUW0vZHkvO80VyV2L63whVhPn
+PASmFkbviomrBttYfpr2aGQqF/qR1Nlxe834MFxk1pS9LMa/WnzvFr0gWakCAwEA
+AQKCAgARSp9B2N2wejibDiL/3E23I1eDqFZedDB8kPrHXbAwqDaTJCN79spt9TaB
+pVXkQaYEV/Pe7EDdoX8kKGU/QxzUqiXkdHOYdBtUZbKfFMbbP9ZrsnR7j0r4UpoF
+yDH3hprU93E5PcNAtW2M0GpeT1nR01yn+n908PCdOAIE3GC7RDq1zOl2QzVLL55R
+9ATv2Q2oTvJ/ETc7XlGVMx4+e2cIwXLFjeLjLI6pSYlxnarrGuetJZeEviWxto9n
+odFVZI6yx8JFTXX8ZTCr/1IjwDDVyhMPmrHI2Lsv9cqBpSpbVe32cUkKxhsGaYjz
+GvesQKamOPhco2ATNxPm0yopFlPsGKMfVl0BK0J6BqFh1BvU/SYJmXfnFuUNO3vV
+4u2Saa0q1iddxV0rXDwIqUfn+S6rwzK0G7y8bH2yvpB2VwiG3TFPnULep4wsefNq
+Fj92kqFBjacGpQLEEslUY0CMgeZ2+NuBQSUTscP3wBRsottMR6YXJtINdvfHBx+e
+EcN71z8D00w3mYqIQ7qb4Ml6HOqknunn58g43L9sACMUMTlEBXa9pUnScNYgWBAz
+W2q2mH37cIydM2JRZPpA8B4yTHt5ugJmChwyNFM7941arjKrebH+6AzLkofGedOP
+zg+vZQuPEXWs+3MBBnkWoyJW3Y0fbQdjsuQTtnd+7iyoxoBroQKCAQEA4dIiFlIS
+MDfRhQQWSiDvaw9aneDEJ3uo63ZRH5tm/IynLgtjYgEm/ZxlBCQgqRKLYELBxhu8
+SaF0uPK8pmpFJt0mIwSlsdeVhuE2obQeKUCczaqrKeaHS3PdWLjTlwph81BGRkHy
+qfqtNylyyMxrdEbnR51EtsWgFq6anTUAui1Q09JMuMNZRMOzDs1F4gExgD22rc0V
+c9YQ+jHJRxBGtNKMpMEqc8cvaxBidbItrN9SMTSWog7uYPBuEuaJ6K9vpgyJMOzJ
+SYcQEFGqgIqIDCg+ABE4d/4YROMKZ1DV/bJCind9brUHSx6XALsF0nC5c1Q9TnUL
+qI2khOwts4KYKwKCAQEA2xRC6Az97Vkdzu7BjLJ1FKmx4S2nEEgVS12ds82U+5Xf
+BHKAJnjqlqmmpzzJG+d77IYktz0+mey1QCNkqlm2fhuKs8LZMnpZRf0l8VcoBsUP
+/xKz7wfiE7RRFZtLJhPp4hhe43GzX5/JFMWMnC6UykwQbj4t1E/GNM/Suqwvg12M
+wktAJ6nqLgfhjQSO4xWo+nPzcbX+fNtrPCZVrBhYXihhcwRRNImWUCGJ6J4LMdPY
+Y9Z59qhOvE9cReH/Xw1av46omyiSyAqlgPyZ/kzA2IJSqYCjiQR/2+RD/g13jpcJ
+jatXLVZ8MJSL5OTS40G/HHTNNpNHbKKh0GOyxBA3ewKCAQBAn8UXhCcmW2L/YPsL
+/b7mcX9qPP+FmRLvR23R0MQ5M/tH5wRq8I969n3GIJykJeVzB8eybQ+GNslTgEvS
+iAkAJTubu+G7MkndTqg2wHf9MDtvdA8Fr646Po8yq7oJuHPtkKR7yLWsRUu6xIbP
+xgheP0hCq1QVxhqZQyCGKrvpi7xc0gsYuPbcAfFFJCOCmPrUi1SzCkTAYJt9LjA+
+wP6rErIjGBCRD4iXaBn1OqdtmH9KC5WsDP/VCBlIGWeQCly2NVIxiSHVg+xp7yUP
+IhXq/L05gbQaSsIhPKQmivCiaJg4The8TdwneDqYf+0bmxzHT203/bD3bImPbJNr
+ksz/AoIBAEwu4Y1cZzkQUmNRd5D7xecnk6ngfEYXKwCIT3zlMrfCSEl9n77BMaKu
+4Dsr0iuX9eosQ7xM2eYhAG6LYEg05lc4MKWOToVVMpI6E+W3Dz47bPKgiF3I+f8s
+Jz5CQIG/TwfGvciOE3hfUkec4ua09BzdEqGjkcBQ9XYMBxXPJr6h2379OBQS7FKR
+fwfQ2/dv4tElXTTfut2kV8gU9Jnh5Wjo1epvR+XjKpg28YQo4W+0YX1magcyRB8L
+4eSTUIC3XiVa8Jr0IwbZXPBb5xkdi7o+p4w2JahSHjxTRqmj+T1mnHXdbXVgq9Mg
+9Pzl7cgFZvX4UBx4XtASRf73jITNtt0CggEADH9K+O7FrIOSQly0sMvsRCMtejp3
+o+MDh1Q+vEg2kEgNXjS4ZFVljUpM2kg1OdUz7feS4dLXUJiIQ8ZWtZPedcq7wjHd
+02he5+s06l0jPifN3tX1ADfXGpXg5R2fbkrIzakkPP5/RO/aDxIUo7qhklNsVTXO
+VlGGfWLdk0ekA4upKm02Q1+YOlbIcAicEYYY8K7IffUwnohzKwL9yfuGi1VKTXpE
+4fzdegsHI03FSqR7V+LvtBpIupQ7RO4kuBmCEyI4E9FVknchg4te4gO3qwd9y0rJ
+Gu7HNIOrwOHzviI7J6Nd/l9MmeKqklHSgJvko/f5TmiXuQQ8xDZf84rcjQ==
+-----END RSA PRIVATE KEY-----
+`)
+
+	publicKeyBytes := []byte(`-----BEGIN RSA PUBLIC KEY-----
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwUCimKCidbF3UxEHPy8K
++hvhklRB9JYhj5sJy0if4lTVibkK1MrYCykOnmC40pPU9GLY1b8HxAg9tvyRn0YH
+UxOra6vVQaVcOVJhTM8D18d+lSr3Lp1yiX+UGT4nzWI9+R1CCbwXrqeQVoZs6QZK
+ynEXMkFI9/wNMOwPOvQFOSTuoEoCO+zyTyUWEkNbUq825ELUQdIsjgmlWUOONudx
+sAr7ESRXW9QTHVh6uWmr3VRKZHby1JdU3I/wjdlGg5M2dDuXy5nQO9w/nYLjJXiw
++zzOetZ/+t7/VOkOpNTeJQhwTM1WF7Y2VLetbi9FHgyzHatrduh07+XEiTbgDf3G
+Ix2bp2p6oh0G3N2zpiLcK/aZj8rouWWydfFfsU3MZ4FfJDP8I6b9awxjmKYqIr6h
+iPQCJaLBED8mwK+I5evIbnKv6E6uK+BApWA/R7ElragoFYbqQ1VpvntVMtJt9Dy5
+ZrI+IQARdXD3bb34oh0IPBhClnvvMUc1cWxDoXEX6oJ4I+LzxE87Zkwnan9qOwen
+golMVKFwPx1o37qrbmrXID21kKt7FL6xN4HxHLkItr1fKzdyWDFRHgASTAWfx5BI
+wvPuUW0vZHkvO80VyV2L63whVhPnPASmFkbviomrBttYfpr2aGQqF/qR1Nlxe834
+MFxk1pS9LMa/WnzvFr0gWakCAwEAAQ==
+-----END RSA PUBLIC KEY-----
+`)
+	origStr := "Value1234"
+
+	pubKey, err := DecodeToPublicKey(publicKeyBytes)
+	if err != nil {
+		t.Error(err)
+		t.FailNow()
+	}
+	privKey, err := DecodeToPrivateKey(privKeyBytes)
+	if err != nil {
+		t.Error(err)
+		t.FailNow()
+	}
+	encData, err := Encrypt([]byte(origStr), pubKey)
+	if err != nil {
+		t.Error(err)
+		t.FailNow()
+	}
+
+	encDataStr := base64.StdEncoding.EncodeToString(encData)
+	log.Println("Encoded text:", encDataStr)
+	dec, _ := base64.StdEncoding.DecodeString(encDataStr)
+	data, err := Decrypt(dec, privKey)
+	if err != nil {
+		t.Error(err)
+		t.FailNow()
+	}
+	if string(data) != origStr {
+		t.Error("original string and decrypted string don't match")
+		t.FailNow()
 	}
 }

pkg/api/preflight_apis_test.go

@@ -1,138 +0,0 @@
-package api
-
-import (
-	"fmt"
-	"io/ioutil"
-	"os"
-	"path"
-	"testing"
-)
-
-func Test_Initalize(t *testing.T) {
-	testCases := []struct {
-		name     string
-		validate func(t *testing.T, tempDir string)
-	}{
-		{
-			name: "without account for imageRegistry",
-			validate: func(t *testing.T, tempDir string) {
-				preflightConfig := NewPreflightConfig(tempDir)
-				imageName, err := preflightConfig.GetImageName("test", false)
-				if err != nil {
-					t.Fatalf("unexpected error: %v", err)
-				}
-				if imageName != "testimage" {
-					t.Fatalf("expected image name: testimage, got: %v", imageName)
-				}
-			},
-		},
-		{
-			name: "with account for configured imageRegistry",
-			validate: func(t *testing.T, tempDir string) {
-				registry := "registryFoo"
-				setupQliksenseTestDefaultContext(t, tempDir, fmt.Sprintf(`
-apiVersion: qlik.com/v1
-kind: Qliksense
-metadata:
-  name: qlik-default
-spec:
-  configs:
-    qliksense:
-    - name: imageRegistry
-      value: %v
-`, registry))
-				preflightConfig := NewPreflightConfig(tempDir)
-				imageName, err := preflightConfig.GetImageName("test", true)
-				if err != nil {
-					t.Fatalf("unexpected error: %v", err)
-				}
-				expectedImageName := fmt.Sprintf("%v/testimage", registry)
-				if imageName != expectedImageName {
-					t.Fatalf("expected image name: %v, got: %v", expectedImageName, imageName)
-				}
-			},
-		},
-		{
-			name: "with account for un-configured imageRegistry",
-			validate: func(t *testing.T, tempDir string) {
-				setupQliksenseTestDefaultContext(t, tempDir, `
-apiVersion: qlik.com/v1
-kind: Qliksense
-metadata:
-  name: qlik-default
-spec:
-  configs:
-    qliksense:
-    - name: something
-      value: other
-`)
-				preflightConfig := NewPreflightConfig(tempDir)
-				imageName, err := preflightConfig.GetImageName("test", true)
-				if err != nil {
-					t.Fatalf("unexpected error: %v", err)
-				}
-				expectedImageName := "testimage"
-				if imageName != expectedImageName {
-					t.Fatalf("expected image name: %v, got: %v", expectedImageName, imageName)
-				}
-			},
-		},
-	}
-
-	for _, testCase := range testCases {
-		t.Run(testCase.name, func(t *testing.T) {
-			tempDir, err := ioutil.TempDir("", "")
-			if err != nil {
-				t.Fatal(err)
-			}
-			defer os.RemoveAll(tempDir)
-			setupPreflightConfig(t, tempDir)
-			testCase.validate(t, tempDir)
-		})
-	}
-}
-
-func setupPreflightConfig(t *testing.T, tempDir string) {
-	pf := NewPreflightConfig(tempDir)
-	if err := pf.Initialize(); err != nil {
-		t.Fatal(err)
-	}
-	p := &PreflightConfig{
-		QliksenseHomePath: tempDir,
-	}
-	if err := ReadFromFile(p, pf.GetConfigFilePath()); err != nil {
-		t.Fatal(err)
-	}
-	if p.GetMinK8sVersion() != "1.15" {
-		t.Fatalf("expected k8 version: 1.15, but got " + p.GetMinK8sVersion())
-	}
-	p.AddImage("test", "testimage")
-	if err := p.Write(); err != nil {
-		t.Fatal(err)
-	}
-}
-
-func setupQliksenseTestDefaultContext(t *testing.T, tmpQlikSenseHome, CR string) {
-	if err := ioutil.WriteFile(path.Join(tmpQlikSenseHome, "config.yaml"), []byte(`
-apiVersion: config.qlik.com/v1
-kind: QliksenseConfig
-metadata:
-  name: QliksenseConfigMetadata
-spec:
-  contexts:
-  - name: qlik-default
-    crFile: contexts/qlik-default/qlik-default.yaml
-  currentContext: qlik-default
-`), os.ModePerm); err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-
-	defaultContextDir := path.Join(tmpQlikSenseHome, "contexts", "qlik-default")
-	if err := os.MkdirAll(defaultContextDir, os.ModePerm); err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-
-	if err := ioutil.WriteFile(path.Join(defaultContextDir, "qlik-default.yaml"), []byte(CR), os.ModePerm); err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-}

pkg/api/utils.go

@@ -4,7 +4,6 @@ import (
 	"archive/tar"
 	"archive/zip"
 	"compress/gzip"
-	b64 "encoding/base64"
 	"fmt"
 	"io"
 	"io/ioutil"
@@ -12,6 +11,7 @@ import (
 	"net/http"
 	"os"
 	"path/filepath"
+	"regexp"
 	"strings"
 	"time"
 
@@ -62,38 +62,27 @@ func ReadKeys(keyFile string) ([]byte, error) {
 }
 
 // ProcessConfigArgs processes args and returns an service, key, value slice
-func ProcessConfigArgs(args []string, base64Encoded bool) ([]*ServiceKeyValue, error) {
+func ProcessConfigArgs(args []string) ([]*ServiceKeyValue, error) {
 	// prepare received args
 	// split args[0] into key and value
 	if len(args) == 0 {
 		err := fmt.Errorf("No args were provided. Please provide args to configure the current context")
 		return nil, err
 	}
-	notValidErr := fmt.Errorf("Please provide valid args for this command")
 	resultSvcKV := make([]*ServiceKeyValue, len(args))
-	// qliksense.mongodb=somethig
+	re1 := regexp.MustCompile(`([\w\-]{1,}).([\w\-]{1,})=("*[\w\-?=_/:0-9\.]+"*)`)
 	for i, arg := range args {
 		LogDebugMessage("Arg received: %s", arg)
-		first := strings.SplitN(arg, "=", 2)
-		if len(first) != 2 {
-			return nil, notValidErr
-		}
-		second := strings.SplitN(first[0], ".", 2)
-		if len(second) != 2 {
-			return nil, notValidErr
-		}
-		resultValue := strings.Trim(first[1], "\"")
-		if base64Encoded {
-			if decodeByte, err := b64.StdEncoding.DecodeString(resultValue); err != nil {
-				return nil, err
-			} else {
-				resultValue = strings.Trim(string(decodeByte), "\n ")
-			}
+		result := re1.FindStringSubmatch(arg)
+		// check if result array's length is == 4 (index 0 - is the full match & indices 1,2,3- are the fields we need)
+		if len(result) != 4 {
+			err := fmt.Errorf("Please provide valid args for this command")
+			return nil, err
 		}
 		resultSvcKV[i] = &ServiceKeyValue{
-			SvcName: second[0],
-			Key:     second[1],
-			Value:   resultValue,
+			SvcName: result[1],
+			Key:     result[2],
+			Value:   strings.ReplaceAll(result[3], `"`, ""),
 		}
 	}
 	return resultSvcKV, nil

pkg/api/utils_test.go

@@ -11,12 +11,11 @@ func TestProcessConfigArgs(t *testing.T) {
 		"test-dash.dash-key=value-dash",
 		"test-dot.dot-key=127.0.0.1",
 		"test123.key123=value123",
-		"test-equal.keyequal=newvalue=@hj",
 	}
-	expectedKeys := []string{"mongodb", "test", "dash-key", "dot-key", "key123", "keyequal"}
-	expectedValue := []string{"mongouri://something?ffall", "value_under", "value-dash", "127.0.0.1", "value123", "newvalue=@hj"}
-	exppectedSvc := []string{"qliksense", "test_under", "test-dash", "test-dot", "test123", "test-equal"}
-	sv, err := ProcessConfigArgs(args, false)
+	expectedKeys := []string{"mongodb", "test", "dash-key", "dot-key", "key123"}
+	expectedValue := []string{"mongouri://something?ffall", "value_under", "value-dash", "127.0.0.1", "value123"}
+	exppectedSvc := []string{"qliksense", "test_under", "test-dash", "test-dot", "test123"}
+	sv, err := ProcessConfigArgs(args)
 	if err != nil {
 		t.Log(err)
 		t.FailNow()

pkg/preflight/all_checks.go

@@ -4,10 +4,9 @@ import (
 	"fmt"
 )
 
-func (qp *QliksensePreflight) RunAllPreflightChecks(kubeConfigContents []byte, namespace string, preflightOpts *PreflightMongoOptions) {
+func (qp *QliksensePreflight) RunAllPreflightChecks(namespace string, kubeConfigContents []byte, mongodbUrl string) {
 
 	checkCount := 0
-	totalCount := 0
 	// Preflight minimum kuberenetes version check
 	fmt.Printf("\nPreflight kubernetes minimum version check\n")
 	fmt.Println("------------------------------------------")
@@ -16,7 +15,6 @@ func (qp *QliksensePreflight) RunAllPreflightChecks(kubeConfigContents []byte, n
 	} else {
 		checkCount++
 	}
-	totalCount++
 
 	// Preflight deployment check
 	fmt.Printf("\nPreflight deployment check\n")
@@ -26,7 +24,6 @@ func (qp *QliksensePreflight) RunAllPreflightChecks(kubeConfigContents []byte, n
 	} else {
 		checkCount++
 	}
-	totalCount++
 
 	// Preflight service check
 	fmt.Printf("\nPreflight service check\n")
@@ -36,7 +33,6 @@ func (qp *QliksensePreflight) RunAllPreflightChecks(kubeConfigContents []byte, n
 	} else {
 		checkCount++
 	}
-	totalCount++
 
 	// Preflight pod check
 	fmt.Printf("\nPreflight pod check\n")
@@ -46,7 +42,6 @@ func (qp *QliksensePreflight) RunAllPreflightChecks(kubeConfigContents []byte, n
 	} else {
 		checkCount++
 	}
-	totalCount++
 
 	// Preflight role check
 	fmt.Printf("\nPreflight role check\n")
@@ -56,7 +51,6 @@ func (qp *QliksensePreflight) RunAllPreflightChecks(kubeConfigContents []byte, n
 	} else {
 		checkCount++
 	}
-	totalCount++
 
 	// Preflight rolebinding check
 	fmt.Printf("\nPreflight rolebinding check\n")
@@ -66,7 +60,6 @@ func (qp *QliksensePreflight) RunAllPreflightChecks(kubeConfigContents []byte, n
 	} else {
 		checkCount++
 	}
-	totalCount++
 
 	// Preflight serviceaccount check
 	fmt.Printf("\nPreflight serviceaccount check\n")
@@ -76,17 +69,15 @@ func (qp *QliksensePreflight) RunAllPreflightChecks(kubeConfigContents []byte, n
 	} else {
 		checkCount++
 	}
-	totalCount++
 
 	// Preflight mongo check
 	fmt.Printf("\nPreflight mongo check\n")
 	fmt.Println("---------------------")
-	if err := qp.CheckMongo(kubeConfigContents, namespace, preflightOpts); err != nil {
+	if err := qp.CheckMongo(kubeConfigContents, namespace, mongodbUrl); err != nil {
 		fmt.Printf("Preflight mongo check: FAILED\n")
 	} else {
 		checkCount++
 	}
-	totalCount++
 
 	// Preflight DNS check
 	fmt.Printf("\nPreflight DNS check\n")
@@ -96,9 +87,8 @@ func (qp *QliksensePreflight) RunAllPreflightChecks(kubeConfigContents []byte, n
 	} else {
 		checkCount++
 	}
-	totalCount++
 
-	if checkCount == totalCount {
+	if checkCount == 9 {
 		fmt.Printf("\nAll preflight checks have PASSED\n")
 	} else {
 		fmt.Printf("\n1 or more preflight checks have FAILED\n")

pkg/preflight/deployability.go

@@ -66,13 +66,7 @@ func (qp *QliksensePreflight) CheckPod(namespace string, kubeConfigContents []by
 func (qp *QliksensePreflight) checkPfPod(clientset *kubernetes.Clientset, namespace string) error {
 	// create a pod
 	podName := "pod-pf-check"
-	commandToRun := []string{}
-
-	imageName, err := qp.GetPreflightConfigObj().GetImageName(nginx, true)
-	if err != nil {
-		return err
-	}
-	pod, err := createPreflightTestPod(clientset, namespace, podName, imageName, nil, commandToRun)
+	pod, err := createPreflightTestPod(clientset, namespace, podName, qp.GetPreflightConfigObj().GetImageName(nginx))
 	if err != nil {
 		err = fmt.Errorf("error: unable to create pod %s - %v\n", podName, err)
 		return err
@@ -109,11 +103,7 @@ func checkPfService(clientset *kubernetes.Clientset, namespace string) error {
 
 func (qp *QliksensePreflight) checkPfDeployment(clientset *kubernetes.Clientset, namespace, depName string) error {
 	// check if we are able to create a deployment
-	imageName, err := qp.GetPreflightConfigObj().GetImageName(nginx, true)
-	if err != nil {
-		return err
-	}
-	pfDeployment, err := createPreflightTestDeployment(clientset, namespace, depName, imageName)
+	pfDeployment, err := createPreflightTestDeployment(clientset, namespace, depName, qp.GetPreflightConfigObj().GetImageName(nginx))
 	if err != nil {
 		err = fmt.Errorf("error: unable to create deployment: %v\n", err)
 		return err

pkg/preflight/dns_check.go

@@ -3,6 +3,8 @@ package preflight
 import (
 	"fmt"
 	"strings"
+
+	"github.com/qlik-oss/sense-installer/pkg/api"
 )
 
 const (
@@ -11,7 +13,7 @@ const (
 )
 
 func (qp *QliksensePreflight) CheckDns(namespace string, kubeConfigContents []byte) error {
-	clientset, _, err := getK8SClientSet(kubeConfigContents, "")
+	clientset, clientConfig, err := getK8SClientSet(kubeConfigContents, "")
 	if err != nil {
 		err = fmt.Errorf("error: unable to create a kubernetes client: %v\n", err)
 		fmt.Println(err)
@@ -20,11 +22,7 @@ func (qp *QliksensePreflight) CheckDns(namespace string, kubeConfigContents []by
 
 	// creating deployment
 	depName := "dep-dns-preflight-check"
-	nginxImageName, err := qp.GetPreflightConfigObj().GetImageName(nginx, true)
-	if err != nil {
-		return err
-	}
-	dnsDeployment, err := createPreflightTestDeployment(clientset, namespace, depName, nginxImageName)
+	dnsDeployment, err := createPreflightTestDeployment(clientset, namespace, depName, qp.GetPreflightConfigObj().GetImageName(nginx))
 	if err != nil {
 		err = fmt.Errorf("error: unable to create deployment: %v\n", err)
 		fmt.Println(err)
@@ -47,17 +45,11 @@ func (qp *QliksensePreflight) CheckDns(namespace string, kubeConfigContents []by
 
 	// create a pod
 	podName := "pf-pod-1"
-	commandToRun := []string{"sh", "-c", "sleep 10; nc -z -v -w 1 " + dnsService.Name + " 80"}
-	netcatImageName, err := qp.GetPreflightConfigObj().GetImageName(netcat, true)
-	if err != nil {
-		return err
-	}
-	dnsPod, err := createPreflightTestPod(clientset, namespace, podName, netcatImageName, nil, commandToRun)
+	dnsPod, err := createPreflightTestPod(clientset, namespace, podName, qp.GetPreflightConfigObj().GetImageName(netcat))
 	if err != nil {
 		err = fmt.Errorf("error: unable to create pod : %s\n", podName)
 		return err
 	}
-
 	defer deletePod(clientset, namespace, podName)
 
 	if err := waitForPod(clientset, namespace, dnsPod); err != nil {
@@ -68,21 +60,18 @@ func (qp *QliksensePreflight) CheckDns(namespace string, kubeConfigContents []by
 		fmt.Println(err)
 		return err
 	}
-
-	waitForPodToDie(clientset, namespace, dnsPod)
-
-	logStr, err := getPodLogs(clientset, dnsPod)
+	api.LogDebugMessage("Exec-ing into the container...")
+	stdout, stderr, err := executeRemoteCommand(clientset, clientConfig, dnsPod.Name, dnsPod.Spec.Containers[0].Name, namespace, []string{"nc", "-z", "-v", "-w 1", dnsService.Name, "80"})
 	if err != nil {
 		err = fmt.Errorf("error: unable to execute dns check in the cluster: %v", err)
 		fmt.Println(err)
 		return err
 	}
 
-	if strings.HasSuffix(strings.TrimSpace(logStr), "succeeded!") {
+	if strings.HasSuffix(stdout, "succeeded!") || strings.HasSuffix(stderr, "succeeded!") {
 		fmt.Println("Preflight DNS check: PASSED")
 	} else {
-		err = fmt.Errorf("Expected response not found\n")
-		return err
+		fmt.Println("Preflight DNS check: FAILED")
 	}
 
 	fmt.Println("Completed preflight DNS check")

pkg/preflight/mongo_check.go

@@ -2,23 +2,20 @@ package preflight
 
 import (
 	"fmt"
-	"io/ioutil"
 	"strings"
 
 	"github.com/qlik-oss/sense-installer/pkg/api"
 	qapi "github.com/qlik-oss/sense-installer/pkg/api"
-	apiv1 "k8s.io/api/core/v1"
-	"k8s.io/client-go/kubernetes"
 )
 
 const (
-	mongo = "mongo"
+	mongoImage = "mongo"
 )
 
-func (qp *QliksensePreflight) CheckMongo(kubeConfigContents []byte, namespace string, preflightOpts *PreflightMongoOptions) error {
+func (qp *QliksensePreflight) CheckMongo(kubeConfigContents []byte, namespace, mongodbUrl string) error {
 	fmt.Printf("Preflight mongodb check: \n")
 
-	if preflightOpts.MongodbUrl == "" {
+	if mongodbUrl == "" {
 		// infer mongoDbUrl from currentCR
 		fmt.Println("MongoDbUri is empty, infer from CR")
 		qConfig := qapi.NewQConfig(qp.Q.QliksenseHome)
@@ -32,92 +29,30 @@ func (qp *QliksensePreflight) CheckMongo(kubeConfigContents []byte, namespace st
 			return err
 		}
 		decryptedCR, err := qConfig.GetDecryptedCr(currentCR)
-		if err != nil {
-			fmt.Printf("An error occurred while retrieving mongodbUrl from current CR: %v\n", err)
-			return err
-		}
-		preflightOpts.MongodbUrl = decryptedCR.Spec.GetFromSecrets("qliksense", "mongoDbUri")
+		mongodbUrl = decryptedCR.Spec.GetFromSecrets("qliksense", "mongoDbUri")
 	}
 
-	fmt.Printf("mongodbUrl: %s\n", preflightOpts.MongodbUrl)
-	if err := qp.mongoConnCheck(kubeConfigContents, namespace, preflightOpts); err != nil {
+	fmt.Printf("mongodbUrl: %s\n", mongodbUrl)
+	if err := mongoConnCheck(kubeConfigContents, namespace, mongodbUrl); err != nil {
 		return err
 	}
 	fmt.Println("Completed preflight mongodb check")
 	return nil
 }
 
-func (qp *QliksensePreflight) mongoConnCheck(kubeConfigContents []byte, namespace string, preflightOpts *PreflightMongoOptions) error {
-	var caCertSecretName, clientCertSecretName string
-	clientset, _, err := getK8SClientSet(kubeConfigContents, "")
+func mongoConnCheck(kubeConfigContents []byte, namespace, mongodbUrl string) error {
+	clientset, clientConfig, err := getK8SClientSet(kubeConfigContents, "")
 	if err != nil {
 		err = fmt.Errorf("error: unable to create a kubernetes client: %v\n", err)
 		fmt.Println(err)
 		return err
 	}
-	var secrets []string
-	if preflightOpts.CaCertFile != "" {
-		caCertSecretName = "preflight-mongo-test-cacert"
-		caCertSecret, err := createSecret(clientset, namespace, preflightOpts.CaCertFile, caCertSecretName)
-
-		if err != nil {
-			err = fmt.Errorf("error: unable to create a create ca cert kubernetes secret: %v\n", err)
-			fmt.Println(err)
-			return err
-		}
-
-		defer deleteK8sSecret(clientset, namespace, caCertSecret)
-		secrets = append(secrets, caCertSecretName)
-	}
-	if preflightOpts.ClientCertFile != "" {
-		clientCertSecretName = "preflight-mongo-test-clientcert"
-		clientCertSecret, err := createSecret(clientset, namespace, preflightOpts.ClientCertFile, clientCertSecretName)
-		if err != nil {
-			err = fmt.Errorf("error: unable to create a create client cert kubernetes secret: %v\n", err)
-			fmt.Println(err)
-			return err
-		}
-
-		defer deleteK8sSecret(clientset, namespace, clientCertSecret)
-		secrets = append(secrets, clientCertSecretName)
-	}
-
-	mongoCommand := strings.Builder{}
-	mongoCommand.WriteString(fmt.Sprintf("sleep 10;mongo %s", preflightOpts.MongodbUrl))
-	if preflightOpts.Username != "" {
-		mongoCommand.WriteString(fmt.Sprintf(" --username %s", preflightOpts.Username))
-		api.LogDebugMessage("Adding username: Mongo command: %s\n", mongoCommand.String())
-	}
-	if preflightOpts.Password != "" {
-		mongoCommand.WriteString(fmt.Sprintf(" --password %s", preflightOpts.Password))
-		api.LogDebugMessage("Adding username and password\n")
-	}
-	if preflightOpts.Tls || preflightOpts.CaCertFile != "" || preflightOpts.ClientCertFile != "" {
-		mongoCommand.WriteString(" --tls")
-		api.LogDebugMessage("Adding --tls: Mongo command: %s\n", mongoCommand.String())
-	}
-		mongoCommand.WriteString(fmt.Sprintf(" --tlsCAFile=/etc/ssl/%s/%[1]s", caCertSecretName))
-	if preflightOpts.CaCertFile != "" {
-		api.LogDebugMessage("Adding caCertFile:  Mongo command: %s\n", mongoCommand.String())
-	}
-	if preflightOpts.ClientCertFile != "" {
-		mongoCommand.WriteString(fmt.Sprintf(" --tlsCertificateKeyFile=/etc/ssl/%s/%[1]s", clientCertSecretName))
-		api.LogDebugMessage("Adding clientCertFile:  Mongo command: %s\n", mongoCommand.String())
-	}
-	mongoCommand.WriteString(` --eval "print(\"connected to mongo\")"`)
-
-	commandToRun := []string{"sh", "-c", mongoCommand.String()}
-	api.LogDebugMessage("Mongo commandToRun: %s\n", strings.Join(commandToRun, " "))
-
 	// create a pod
 	podName := "pf-mongo-pod"
-	imageName, err := qp.GetPreflightConfigObj().GetImageName(mongo, true)
+	mongoPod, err := createPreflightTestPod(clientset, namespace, podName, mongoImage)
 	if err != nil {
-		return err
-	}
-	mongoPod, err := createPreflightTestPod(clientset, namespace, podName, imageName, secrets, commandToRun)
-	if err != nil {
-		err = fmt.Errorf("error: unable to create pod : %v\n", err)
+		err = fmt.Errorf("error: unable to create pod : %s\n", podName)
+		fmt.Println("Preflight mongo check: FAILED")
 		return err
 	}
 	defer deletePod(clientset, namespace, podName)
@@ -126,38 +61,25 @@ func (qp *QliksensePreflight) mongoConnCheck(kubeConfigContents []byte, namespac
 		return err
 	}
 	if len(mongoPod.Spec.Containers) == 0 {
-		err := fmt.Errorf("error: there are no containers in the pod- %v\n", err)
+		err := fmt.Errorf("error: there are no containers in the pod")
 		fmt.Println(err)
 		return err
 	}
-	waitForPodToDie(clientset, namespace, mongoPod)
-	logStr, err := getPodLogs(clientset, mongoPod)
+	api.LogDebugMessage("Exec-ing into the container...")
+	stdout, stderr, err := executeRemoteCommand(clientset, clientConfig, mongoPod.Name, mongoPod.Spec.Containers[0].Name, namespace, []string{"mongo", mongodbUrl})
 	if err != nil {
-		err = fmt.Errorf("error: unable to execute mongo check in the cluster: %v\n", err)
+		err = fmt.Errorf("error: unable to execute mongo check in the cluster: %v", err)
 		fmt.Println(err)
 		return err
 	}
 
-	stringToCheck := "Implicit session:"
-	if strings.Contains(logStr, stringToCheck) {
+	api.LogDebugMessage("stdout:", stdout)
+	api.LogDebugMessage("stderr:", stderr)
+	stringToCheck := "Implicit session"
+	if strings.Contains(stdout, stringToCheck) || strings.Contains(stderr, stringToCheck) {
 		fmt.Println("Preflight mongo check: PASSED")
 	} else {
-		err = fmt.Errorf("Expected response not found\n")
-		return err
+		fmt.Println("Preflight mongo check: FAILED")
 	}
 	return nil
 }
-
-func createSecret(clientset *kubernetes.Clientset, namespace, certFile, certSecretName string) (*apiv1.Secret, error) {
-	certBytes, err := ioutil.ReadFile(certFile)
-	if err != nil {
-		return nil, err
-	}
-
-	certSecret, err := createPreflightTestSecret(clientset, namespace, certSecretName, certBytes)
-	if err != nil {
-		err = fmt.Errorf("error: unable to create secret with ca cert : %v\n", err)
-		return nil, err
-	}
-	return certSecret, nil
-}

pkg/preflight/preflight_apis.go

@@ -1,11 +1,10 @@
-package api
+package preflight
 
 import (
 	"os"
-	"path"
 	"path/filepath"
-	"strings"
 
+	api "github.com/qlik-oss/sense-installer/pkg/api"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
@@ -44,10 +43,8 @@ func NewPreflightConfig(qHome string) *PreflightConfig {
 	if _, err := os.Lstat(conFile); err != nil {
 		return p
 	}
-	p = &PreflightConfig{
-		QliksenseHomePath: qHome,
-	}
-	if err := ReadFromFile(p, conFile); err != nil {
+	p = &PreflightConfig{}
+	if err := api.ReadFromFile(p, conFile); err != nil {
 		return nil
 	}
 	return p
@@ -64,7 +61,7 @@ func (p *PreflightConfig) Write() error {
 	if err := os.MkdirAll(pDir, os.ModePerm); err != nil {
 		return err
 	}
-	return WriteToFile(p, p.GetConfigFilePath())
+	return api.WriteToFile(p, p.GetConfigFilePath())
 }
 
 func (p *PreflightConfig) AddMinK8sV(version string) {
@@ -81,22 +78,11 @@ func (p *PreflightConfig) AddImage(imageFor, imageName string) {
 	p.Spec.Images[imageFor] = imageName
 }
 
-func (p *PreflightConfig) GetImageName(imageFor string, accountForImageRegistry bool) (string, error) {
+func (p *PreflightConfig) GetImageName(imageFor string) string {
 	if p.Spec.Images == nil {
-		return "", nil
+		return ""
 	}
-	image := p.Spec.Images[imageFor]
-	if accountForImageRegistry {
-		qConfig := NewQConfig(p.QliksenseHomePath)
-		if currentCR, err := qConfig.GetCurrentCR(); err != nil {
-			return "", err
-		} else if imageRegistry := currentCR.Spec.GetImageRegistry(); imageRegistry != "" {
-			imageSegments := strings.Split(image, "/")
-			imageNameAndTag := imageSegments[len(imageSegments)-1]
-			return path.Join(imageRegistry, imageNameAndTag), nil
-		}
-	}
-	return image, nil
+	return p.Spec.Images[imageFor]
 }
 func (p *PreflightConfig) GetMinK8sVersion() string {
 	return p.Spec.MinK8sVersion
@@ -119,6 +105,5 @@ func (p *PreflightConfig) Initialize() error {
 	p.AddMinK8sV("1.15")
 	p.AddImage("nginx", "nginx")
 	p.AddImage("netcat", "subfuzion/netcat")
-	p.AddImage("mongo", "mongo")
 	return p.Write()
 }

pkg/preflight/preflight_apis_test.go

@@ -0,0 +1,41 @@
+package preflight
+
+import (
+	"io/ioutil"
+	"testing"
+
+	api "github.com/qlik-oss/sense-installer/pkg/api"
+)
+
+func Test_Initalize(t *testing.T) {
+	tempDir, err := ioutil.TempDir("", "")
+	if err != nil {
+		t.Log(err)
+		t.FailNow()
+	}
+	pf := NewPreflightConfig(tempDir)
+	if err := pf.Initialize(); err != nil {
+		t.Log()
+		t.FailNow()
+	}
+	p := &PreflightConfig{
+		QliksenseHomePath: tempDir,
+	}
+	if err := api.ReadFromFile(p, pf.GetConfigFilePath()); err != nil {
+		t.Log(err)
+		t.FailNow()
+	}
+	if p.GetMinK8sVersion() != "1.15" {
+		t.Log("expected k8 version: 1.15, but got " + p.GetMinK8sVersion())
+		t.Fail()
+	}
+	p.AddImage("test", "testimage")
+	if err := p.Write(); err != nil {
+		t.Log(err)
+		t.Fail()
+	}
+	p2 := NewPreflightConfig(tempDir)
+	if p2.GetImageName("test") != "testimage" {
+		t.Log("expected image name: testimage, got: " + p2.GetImageName("test"))
+	}
+}

pkg/preflight/preflight_utils.go

@@ -6,34 +6,34 @@ import (
 	"io"
 	"io/ioutil"
 	"log"
+	"net/url"
 	"path/filepath"
 	"strings"
 	"time"
 
 	"github.com/mitchellh/go-homedir"
+
+	"k8s.io/apimachinery/pkg/util/wait"
+
+	"k8s.io/client-go/util/retry"
+
+	"k8s.io/client-go/rest"
+	"k8s.io/client-go/tools/clientcmd"
+	"k8s.io/client-go/tools/remotecommand"
+	"k8s.io/kubectl/pkg/scheme"
+
 	"github.com/pkg/errors"
 	"github.com/qlik-oss/sense-installer/pkg/api"
 	"github.com/qlik-oss/sense-installer/pkg/qliksense"
 	appsv1 "k8s.io/api/apps/v1"
 	apiv1 "k8s.io/api/core/v1"
 	"k8s.io/api/rbac/v1beta1"
-	k8serrors "k8s.io/apimachinery/pkg/api/errors"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/util/wait"
 	"k8s.io/client-go/kubernetes"
-	"k8s.io/client-go/rest"
-	"k8s.io/client-go/tools/clientcmd"
-	"k8s.io/client-go/util/retry"
-)
+	restclient "k8s.io/client-go/rest"
 
-type PreflightMongoOptions struct {
-	MongodbUrl     string
-	Username       string
-	Password       string
-	CaCertFile     string
-	ClientCertFile string
-	Tls            bool
-}
+	k8serrors "k8s.io/apimachinery/pkg/api/errors"
+)
 
 var gracePeriod int64 = 0
 
@@ -41,8 +41,8 @@ type QliksensePreflight struct {
 	Q *qliksense.Qliksense
 }
 
-func (qp *QliksensePreflight) GetPreflightConfigObj() *api.PreflightConfig {
-	return api.NewPreflightConfig(qp.Q.QliksenseHome)
+func (qp *QliksensePreflight) GetPreflightConfigObj() *PreflightConfig {
+	return NewPreflightConfig(qp.Q.QliksenseHome)
 }
 
 func InitPreflight() (string, []byte, error) {
@@ -310,7 +310,7 @@ func deletePod(clientset *kubernetes.Clientset, namespace, name string) error {
 	return nil
 }
 
-func createPreflightTestPod(clientset *kubernetes.Clientset, namespace, podName, imageName string, secretNames []string, commandToRun []string) (*apiv1.Pod, error) {
+func createPreflightTestPod(clientset *kubernetes.Clientset, namespace string, podName string, imageName string) (*apiv1.Pod, error) {
 	// build the pod definition we want to deploy
 	pod := &apiv1.Pod{
 		ObjectMeta: v1.ObjectMeta{
@@ -321,42 +321,19 @@ func createPreflightTestPod(clientset *kubernetes.Clientset, namespace, podName,
 			},
 		},
 		Spec: apiv1.PodSpec{
-			RestartPolicy: apiv1.RestartPolicyNever,
 			Containers: []apiv1.Container{
 				{
 					Name:            "cnt",
 					Image:           imageName,
 					ImagePullPolicy: apiv1.PullIfNotPresent,
-					Command:         commandToRun,
+					Command: []string{
+						"sleep",
+						"3600",
+					},
 				},
 			},
 		},
 	}
-	if len(secretNames) > 0 {
-		for _, secretName := range secretNames {
-			pod.Spec.Volumes = append(pod.Spec.Volumes, apiv1.Volume{
-				Name: secretName,
-				VolumeSource: apiv1.VolumeSource{
-					Secret: &apiv1.SecretVolumeSource{
-						SecretName: secretName,
-						Items: []apiv1.KeyToPath{
-							{
-								Key:  secretName,
-								Path: secretName,
-							},
-						},
-					},
-				},
-			})
-			if len(pod.Spec.Containers) > 0 {
-				pod.Spec.Containers[0].VolumeMounts = append(pod.Spec.Containers[0].VolumeMounts, apiv1.VolumeMount{
-					Name:      secretName,
-					MountPath: "/etc/ssl/" + secretName,
-					ReadOnly:  true,
-				})
-			}
-		}
-	}
 
 	// now create the pod in kubernetes cluster using the clientset
 	if err := retryOnError(func() (err error) {
@@ -383,68 +360,65 @@ func getPod(clientset *kubernetes.Clientset, namespace, podName string) (*apiv1.
 	return pod, nil
 }
 
-func getPodLogs(clientset *kubernetes.Clientset, pod *apiv1.Pod) (string, error) {
-	podLogOpts := apiv1.PodLogOptions{}
-
-	api.LogDebugMessage("Retrieving logs for pod: %s   namespace: %s\n", pod.GetName(), pod.Namespace)
-	req := clientset.CoreV1().Pods(pod.Namespace).GetLogs(pod.Name, &podLogOpts)
-	podLogs, err := req.Stream()
+func execute(method string, url *url.URL, config *restclient.Config, stdin io.Reader, stdout, stderr io.Writer, tty bool) error {
+	exec, err := remotecommand.NewSPDYExecutor(config, method, url)
 	if err != nil {
-		return "", err
+		return err
 	}
-	defer podLogs.Close()
-	time.Sleep(15 * time.Second)
-	buf := new(bytes.Buffer)
-	_, err = io.Copy(buf, podLogs)
-	if err != nil {
-		return "", err
-	}
-	api.LogDebugMessage("Log from pod: %s\n", buf.String())
-	return buf.String(), nil
+	return exec.Stream(remotecommand.StreamOptions{
+		Stdin:  stdin,
+		Stdout: stdout,
+		Stderr: stderr,
+		Tty:    tty,
+	})
 }
 
-func waitForResource(checkFunc func() (interface{}, error), validateFunc func(interface{}) bool) error {
+func executeRemoteCommand(clientset *kubernetes.Clientset, config *rest.Config, podName, containerName, namespace string, command []string) (string, string, error) {
+	tty := false
+	req := clientset.CoreV1().RESTClient().Post().
+		Resource("pods").
+		Name(podName).
+		Namespace(namespace).
+		SubResource("exec").
+		Param("container", containerName)
+	req.VersionedParams(&apiv1.PodExecOptions{
+		Container: containerName,
+		Command:   command,
+		Stdin:     false,
+		Stdout:    true,
+		Stderr:    true,
+		TTY:       tty,
+	}, scheme.ParameterCodec)
+
+	var stdout, stderr bytes.Buffer
+	err := execute("POST", req.URL(), config, nil, &stdout, &stderr, tty)
+	return strings.TrimSpace(stdout.String()), strings.TrimSpace(stderr.String()), err
+}
+
+func waitForDeployment(clientset *kubernetes.Clientset, namespace string, pfDeployment *appsv1.Deployment) error {
 	timeout := time.NewTicker(2 * time.Minute)
 	defer timeout.Stop()
-OUT:
+	var d *appsv1.Deployment
+	var err error
+WAIT:
 	for {
-		r, err := checkFunc()
+		d, err = getDeployment(clientset, namespace, pfDeployment.GetName())
 		if err != nil {
+			err = fmt.Errorf("error: unable to retrieve deployment: %s\n", pfDeployment.GetName())
+			fmt.Println(err)
 			return err
 		}
 		select {
 		case <-timeout.C:
-			break OUT
+			break WAIT
 		default:
-			if validateFunc(r) {
-				break OUT
+			if int(d.Status.ReadyReplicas) > 0 {
+				break WAIT
 			}
 		}
 		time.Sleep(5 * time.Second)
 	}
-	return nil
-}
-
-func waitForDeployment(clientset *kubernetes.Clientset, namespace string, pfDeployment *appsv1.Deployment) error {
-	var err error
-	depName := pfDeployment.GetName()
-	checkFunc := func() (interface{}, error) {
-		pfDeployment, err = getDeployment(clientset, namespace, depName)
-		if err != nil {
-			err = fmt.Errorf("error: unable to retrieve deployment: %s\n", depName)
-			fmt.Println(err)
-			return nil, err
-		}
-		return pfDeployment, nil
-	}
-	validateFunc := func(data interface{}) bool {
-		d := data.(*appsv1.Deployment)
-		return int(d.Status.ReadyReplicas) > 0
-	}
-	if err := waitForResource(checkFunc, validateFunc); err != nil {
-		return err
-	}
-	if int(pfDeployment.Status.ReadyReplicas) == 0 {
+	if int(d.Status.ReadyReplicas) == 0 {
 		err = fmt.Errorf("error: deployment took longer than expected to spin up pods")
 		fmt.Println(err)
 		return err
@@ -454,93 +428,82 @@ func waitForDeployment(clientset *kubernetes.Clientset, namespace string, pfDepl
 
 func waitForPod(clientset *kubernetes.Clientset, namespace string, pod *apiv1.Pod) error {
 	var err error
-	if len(pod.Spec.Containers) == 0 {
-		err = fmt.Errorf("error: there are no containers in the pod")
-		fmt.Println(err)
-		return err
-	}
-	podName := pod.Name
-	checkFunc := func() (interface{}, error) {
-		pod, err = getPod(clientset, namespace, podName)
-		if err != nil {
-			err = fmt.Errorf("error: unable to retrieve %s pod by name", podName)
-			fmt.Println(err)
-			return nil, err
+	if len(pod.Spec.Containers) > 0 {
+		timeout := time.NewTicker(2 * time.Minute)
+		defer timeout.Stop()
+		podName := pod.Name
+	OUT:
+		for {
+			pod, err = getPod(clientset, namespace, podName)
+			if err != nil {
+				err = fmt.Errorf("error: unable to retrieve %s pod by name", podName)
+				fmt.Println(err)
+				return err
+			}
+			select {
+			case <-timeout.C:
+				break OUT
+			default:
+				if len(pod.Status.ContainerStatuses) > 0 && pod.Status.ContainerStatuses[0].Ready {
+					break OUT
+				}
+			}
+			time.Sleep(5 * time.Second)
 		}
-		return pod, nil
-	}
-	validateFunc := func(data interface{}) bool {
-		po := data.(*apiv1.Pod)
-		return len(po.Status.ContainerStatuses) > 0 && po.Status.ContainerStatuses[0].Ready
-	}
-
-	if err := waitForResource(checkFunc, validateFunc); err != nil {
-		return err
-	}
-	if len(pod.Status.ContainerStatuses) == 0 || !pod.Status.ContainerStatuses[0].Ready {
-		err = fmt.Errorf("error: container is taking much longer than expected")
-		fmt.Println(err)
-		return err
-	}
-	return nil
-}
-
-func waitForPodToDie(clientset *kubernetes.Clientset, namespace string, pod *apiv1.Pod) error {
-	podName := pod.Name
-	checkFunc := func() (interface{}, error) {
-		po, err := getPod(clientset, namespace, podName)
-		if err != nil {
-			err = fmt.Errorf("error: unable to retrieve %s pod by name", podName)
+		if len(pod.Status.ContainerStatuses) == 0 || !pod.Status.ContainerStatuses[0].Ready {
+			err = fmt.Errorf("error: container is taking much longer than expected")
 			fmt.Println(err)
-			return nil, err
+			return err
 		}
-		api.LogDebugMessage("pod status: %v\n", po.Status.Phase)
-		return po, nil
+		return nil
 	}
-	validateFunc := func(r interface{}) bool {
-		po := r.(*apiv1.Pod)
-		return po.Status.Phase == apiv1.PodFailed || po.Status.Phase == apiv1.PodSucceeded
-	}
-	if err := waitForResource(checkFunc, validateFunc); err != nil {
-		return err
-	}
-	return nil
+	err = fmt.Errorf("error: there are no containers in the pod")
+	fmt.Println(err)
+	return err
 }
 
 func waitForPodToDelete(clientset *kubernetes.Clientset, namespace, podName string) error {
-	checkFunc := func() (interface{}, error) {
-		po, err := getPod(clientset, namespace, podName)
+	var err error
+	timeout := time.NewTicker(2 * time.Minute)
+	defer timeout.Stop()
+OUT:
+	for {
+		_, err = getPod(clientset, namespace, podName)
 		if err != nil {
-			return nil, err
+			return nil
 		}
-		return po, nil
+		select {
+		case <-timeout.C:
+			break OUT
+		default:
+
+		}
+		time.Sleep(5 * time.Second)
 	}
-	validateFunc := func(po interface{}) bool {
-		return false
-	}
-	if err := waitForResource(checkFunc, validateFunc); err != nil {
-		return nil
-	}
-	err := fmt.Errorf("error: delete pod is taking unusually long")
+	err = fmt.Errorf("error: delete pod is taking unusually long")
 	fmt.Println(err)
 	return err
 }
 
 func waitForDeploymentToDelete(clientset *kubernetes.Clientset, namespace, deploymentName string) error {
-	checkFunc := func() (interface{}, error) {
-		dep, err := getDeployment(clientset, namespace, deploymentName)
+	var err error
+	timeout := time.NewTicker(2 * time.Minute)
+	defer timeout.Stop()
+OUT:
+	for {
+		_, err = getDeployment(clientset, namespace, deploymentName)
 		if err != nil {
-			return nil, err
+			return nil
 		}
-		return dep, nil
+		select {
+		case <-timeout.C:
+			break OUT
+		default:
+
+		}
+		time.Sleep(5 * time.Second)
 	}
-	validateFunc := func(po interface{}) bool {
-		return false
-	}
-	if err := waitForResource(checkFunc, validateFunc); err != nil {
-		return nil
-	}
-	err := fmt.Errorf("error: delete deployment is taking unusually long")
+	err = fmt.Errorf("error: delete deployment is taking unusually long")
 	fmt.Println(err)
 	return err
 }
@@ -595,7 +558,7 @@ func createPfRoleBinding(clientset *kubernetes.Clientset, namespace, roleBinding
 			Name:      roleBindingName,
 			Namespace: namespace,
 			Labels: map[string]string{
-				"app": "preflight",
+				"app": "demo",
 			},
 		},
 		Subjects: []v1beta1.Subject{
@@ -677,46 +640,3 @@ func deleteServiceAccount(clientset *kubernetes.Clientset, namespace string, ser
 	}
 	fmt.Printf("Deleted ServiceAccount: %s\n\n", serviceAccount.Name)
 }
-
-func createPreflightTestSecret(clientset *kubernetes.Clientset, namespace, secretName string, secretData []byte) (*apiv1.Secret, error) {
-	var secret *apiv1.Secret
-	var err error
-	// build the secret defination we want to create
-	secretSpec := &apiv1.Secret{
-		ObjectMeta: v1.ObjectMeta{
-			Name:      secretName,
-			Namespace: namespace,
-			Labels: map[string]string{
-				"app": "preflight",
-			},
-		},
-		Data: map[string][]byte{
-			secretName: secretData,
-		},
-	}
-
-	// now create the secret in kubernetes cluster using the clientset
-	if err = retryOnError(func() (err error) {
-		secret, err = clientset.CoreV1().Secrets(namespace).Create(secretSpec)
-		return err
-	}); err != nil {
-		fmt.Println(err)
-		return nil, err
-	}
-	fmt.Printf("Created Secret: %s\n", secret.Name)
-	return secret, nil
-}
-
-func deleteK8sSecret(clientset *kubernetes.Clientset, namespace string, k8sSecret *apiv1.Secret) {
-	secretClient := clientset.CoreV1().Secrets(namespace)
-
-	deletePolicy := v1.DeletePropagationForeground
-	deleteOptions := v1.DeleteOptions{
-		PropagationPolicy: &deletePolicy,
-	}
-	err := secretClient.Delete(k8sSecret.GetName(), &deleteOptions)
-	if err != nil {
-		log.Fatal(err)
-	}
-	fmt.Printf("Deleted Secret: %s\n\n", k8sSecret.Name)
-}

pkg/preflight/role_check.go

@@ -2,16 +2,16 @@ package preflight
 
 import (
 	"fmt"
+	"path"
 	"path/filepath"
-	"strings"
 
+	"github.com/mitchellh/go-homedir"
+	"github.com/qlik-oss/k-apis/pkg/cr"
 	"github.com/qlik-oss/sense-installer/pkg/api"
 	qapi "github.com/qlik-oss/sense-installer/pkg/api"
 	"github.com/qlik-oss/sense-installer/pkg/qliksense"
 )
 
-var resultYamlBytes = []byte("")
-
 func (qp *QliksensePreflight) CheckCreateRole(namespace string) error {
 	// create a Role
 	fmt.Printf("Preflight role check: \n")
@@ -69,19 +69,29 @@ func (qp *QliksensePreflight) checkCreateEntity(namespace, entityToTest string)
 	} else {
 		kusDir = filepath.Join(mfroot, "manifests", currentCR.Spec.Profile)
 	}
-	if len(resultYamlBytes) == 0 {
-		resultYamlBytes, err = qliksense.ExecuteKustomizeBuild(kusDir)
-		if err != nil {
-			err := fmt.Errorf("Unable to retrieve manifests from executing kustomize from dir: %s", kusDir)
-			fmt.Println(err)
-			return err
-		}
+
+	currentCR.SetName("random")
+	currentCR.Spec.RotateKeys = "None"
+	currentCR.Spec.ManifestsRoot = mfroot
+	userHomeDir, err := homedir.Dir()
+	if err != nil {
+		fmt.Printf(`error fetching user's home directory: %v\n`, err)
+		return err
 	}
-	sa := qliksense.GetYamlsFromMultiDoc(string(resultYamlBytes), entityToTest)
+
+	cr.GeneratePatches(&currentCR.KApiCr, path.Join(userHomeDir, ".kube", "config"))
+
+	resultYamlString, err := qliksense.ExecuteKustomizeBuild(kusDir)
+	if err != nil {
+		fmt.Printf("Unable to retrieve manifests from executing kustomize: %v\n", err)
+		return err
+	}
+
+	sa := qliksense.GetYamlsFromMultiDoc(string(resultYamlString), entityToTest)
 	if sa != "" {
-		sa = strings.Replace(sa, "name: qliksense", "name: preflight", -1)
+		// sa = strings.ReplaceAll(sa, "namespace: default\n", fmt.Sprintf("namespace: %s\n", namespace))
 	} else {
-		err := fmt.Errorf("Unable to retrieve yamls to apply on cluster from dir: %s", kusDir)
+		err := fmt.Errorf("Unable to retrieve yamls to apply on cluster")
 		fmt.Println(err)
 		return err
 	}

pkg/qliksense/about.go

@@ -194,10 +194,8 @@ func getImageList(yamlContent []byte) ([]string, error) {
 		})
 	}
 	var sortedImageList []string
-	for image, v := range imageMap {
+	for image, _ := range imageMap {
 		sortedImageList = append(sortedImageList, image)
-		// a warning "simplify range expression" if written like this 'for image _ :=range imageMap'
-		_ = v
 	}
 	sort.Strings(sortedImageList)
 	return sortedImageList, nil

pkg/qliksense/about_test.go

@@ -2,13 +2,13 @@ package qliksense
 
 import (
 	"fmt"
-	qapi "github.com/qlik-oss/sense-installer/pkg/api"
 	"io/ioutil"
 	"os"
 	"path"
-	"path/filepath"
 	"reflect"
 	"testing"
+
+	qapi "github.com/qlik-oss/sense-installer/pkg/api"
 )
 
 func Test_About_getImageList(t *testing.T) {
@@ -230,24 +230,15 @@ spec:
 	}
 }
 
-func Test_foo(t *testing.T) {
-	configDir := "C:\\Users\\abulynko\\AppData\\Local\\Temp\\03994898/repo"
-	fmt.Printf("--AB: 1: %v\n", path.Dir(configDir))
-
-	sub := path.Dir(configDir)
-	fmt.Printf("--AB: 2: %v\n", path.Dir(sub))
-}
-
 func Test_About_getConfigDirectory(t *testing.T) {
 	verifyAsdBranch := func(configDir string) (ok bool, reason string) {
 		tmpDir := os.TempDir()
 
-		configParentDir := filepath.Dir(configDir)
-		if (filepath.Clean(filepath.Dir(configParentDir)) != filepath.Clean(tmpDir)) || (filepath.Base(configDir) != "repo") {
+		if (path.Clean(path.Dir(path.Dir(configDir))) != path.Clean(tmpDir)) || (path.Base(configDir) != "repo") {
 			return false, fmt.Sprintf("expected config directory path: %v to be under: %v and terminate with repo", configDir, tmpDir)
 		}
 
-		if info, err := os.Stat(filepath.Join(configDir, "asdczxc")); err != nil || !info.Mode().IsRegular() {
+		if info, err := os.Stat(path.Join(configDir, "asdczxc")); err != nil || !info.Mode().IsRegular() {
 			return false, fmt.Sprintf(`expected to find file: "asdczxc" under directory: %v`, configDir)
 		}
 		return true, ""
@@ -256,16 +247,15 @@ func Test_About_getConfigDirectory(t *testing.T) {
 	verifyMasterBranch := func(configDir string) (ok bool, reason string) {
 		tmpDir := os.TempDir()
 
-		configParentDir := filepath.Dir(configDir)
-		if (filepath.Clean(filepath.Dir(configParentDir)) != filepath.Clean(tmpDir)) || (filepath.Base(configDir) != "repo") {
+		if (path.Clean(path.Dir(path.Dir(configDir))) != path.Clean(tmpDir)) || (path.Base(configDir) != "repo") {
 			return false, fmt.Sprintf("expected config directory path: %v to be under: %v and terminate with repo", configDir, tmpDir)
 		}
 
-		if _, err := os.Stat(filepath.Join(configDir, "asdczxc")); err == nil || !os.IsNotExist(err) {
+		if _, err := os.Stat(path.Join(configDir, "asdczxc")); err == nil || !os.IsNotExist(err) {
 			return false, fmt.Sprintf(`expected to NOT find file: "asdczxc"" under directory: %v`, configDir)
 		}
 
-		if info, err := os.Stat(filepath.Join(configDir, "sad")); err != nil || !info.Mode().IsRegular() {
+		if info, err := os.Stat(path.Join(configDir, "sad")); err != nil || !info.Mode().IsRegular() {
 			return false, fmt.Sprintf(`expected to find file: "sad"" under directory: %v`, configDir)
 		}
 		return true, ""
@@ -315,7 +305,7 @@ func Test_About_getConfigDirectory(t *testing.T) {
 			cleanup: func(_ *Qliksense, configDir string) error {
 				if currentDirectory, err := os.Getwd(); err != nil {
 					return err
-				} else if err := os.RemoveAll(filepath.Join(currentDirectory, "manifests")); err != nil {
+				} else if err := os.RemoveAll(path.Join(currentDirectory, "manifests")); err != nil {
 					return err
 				}
 				return nil
@@ -330,7 +320,7 @@ func Test_About_getConfigDirectory(t *testing.T) {
 				}
 
 				profileEntered = "foo"
-				defaultProfilePath := filepath.Join(currentDirectory, "manifests", profileEntered)
+				defaultProfilePath := path.Join(currentDirectory, "manifests", profileEntered)
 				err = os.MkdirAll(defaultProfilePath, os.ModePerm)
 				if err != nil {
 					t.Fatalf("error making path: %v, err: %v\n", defaultProfilePath, err)
@@ -360,7 +350,7 @@ func Test_About_getConfigDirectory(t *testing.T) {
 			cleanup: func(_ *Qliksense, configDir string) error {
 				if currentDirectory, err := os.Getwd(); err != nil {
 					return err
-				} else if err := os.RemoveAll(filepath.Join(currentDirectory, "manifests")); err != nil {
+				} else if err := os.RemoveAll(path.Join(currentDirectory, "manifests")); err != nil {
 					return err
 				}
 				return nil
@@ -390,8 +380,8 @@ func Test_About_getConfigDirectory(t *testing.T) {
 			cleanup: func(_ *Qliksense, configDir string) error {
 				tmpDir := os.TempDir()
 
-				tmpTmpDir := filepath.Dir(configDir)
-				if filepath.Clean(filepath.Dir(tmpTmpDir)) == filepath.Clean(tmpDir) && filepath.Base(configDir) == "repo" {
+				if path.Clean(path.Dir(path.Dir(configDir))) == path.Clean(tmpDir) && path.Base(configDir) == "repo" {
+					tmpTmpDir := path.Dir(configDir)
 					if err := os.RemoveAll(tmpTmpDir); err != nil {
 						return err
 					}
@@ -423,8 +413,8 @@ func Test_About_getConfigDirectory(t *testing.T) {
 			cleanup: func(_ *Qliksense, configDir string) error {
 				tmpDir := os.TempDir()
 
-				tmpTmpDir := filepath.Dir(configDir)
-				if filepath.Clean(filepath.Dir(tmpTmpDir)) == filepath.Clean(tmpDir) && filepath.Base(configDir) == "repo" {
+				if path.Clean(path.Dir(path.Dir(configDir))) == path.Clean(tmpDir) && path.Base(configDir) == "repo" {
+					tmpTmpDir := path.Dir(configDir)
 					if err := os.RemoveAll(tmpTmpDir); err != nil {
 						return err
 					}
@@ -466,9 +456,8 @@ func Test_About_getConfigDirectory(t *testing.T) {
 			},
 			cleanup: func(q *Qliksense, configDir string) error {
 				tmpDir := os.TempDir()
-
-				tmpTmpDir := filepath.Dir(configDir)
-				if filepath.Clean(filepath.Dir(tmpTmpDir)) == filepath.Clean(tmpDir) && filepath.Base(configDir) == "repo" {
+				if path.Clean(path.Dir(path.Dir(configDir))) == path.Clean(tmpDir) && path.Base(configDir) == "repo" {
+					tmpTmpDir := path.Dir(configDir)
 					if err := os.RemoveAll(tmpTmpDir); err != nil {
 						return err
 					}
@@ -513,9 +502,8 @@ func Test_About_getConfigDirectory(t *testing.T) {
 			},
 			cleanup: func(q *Qliksense, configDir string) error {
 				tmpDir := os.TempDir()
-
-				tmpTmpDir := filepath.Dir(configDir)
-				if filepath.Clean(filepath.Dir(tmpTmpDir)) == filepath.Clean(tmpDir) && filepath.Base(configDir) == "repo" {
+				if path.Clean(path.Dir(path.Dir(configDir))) == path.Clean(tmpDir) && path.Base(configDir) == "repo" {
+					tmpTmpDir := path.Dir(configDir)
 					if err := os.RemoveAll(tmpTmpDir); err != nil {
 						return err
 					}
@@ -537,16 +525,12 @@ func Test_About_getConfigDirectory(t *testing.T) {
 					if err := q.SetUpQliksenseDefaultContext(); err != nil {
 						t.Fatalf("error setting up default context in the tmp dir: %v\n", err)
 						return nil, "", "", ""
-					} else if qConfig, err := qapi.NewQConfigE(q.QliksenseHome); err != nil {
-						t.Fatalf("cannot initiallize qConfig: %v\n", err)
+					} else if err := q.FetchQK8s("master"); err != nil {
+						t.Fatalf("error fetching master config to the tmp dir: %v\n", err)
 						return nil, "", "", ""
-					} else if !qConfig.IsRepoExistForCurrent("master") {
-						if err := q.FetchQK8s("master"); err != nil {
-							t.Fatalf("error fetching master config to the tmp dir: %v\n", err)
-							return nil, "", "", ""
-						}
+					} else {
+						return q, "no-git-clone-for-you", "", ""
 					}
-					return q, "no-git-clone-for-you", "", ""
 				}
 			},
 			verify: func(q *Qliksense, configDir string, isTemporary bool, profile string) (ok bool, reason string, err error) {

pkg/qliksense/apply.go

@@ -1,13 +1,12 @@
 package qliksense
 
 import (
-	"fmt"
 	"io"
 
 	qapi "github.com/qlik-oss/sense-installer/pkg/api"
 )
 
-func (q *Qliksense) ApplyCRFromReader(r io.Reader, opts *InstallCommandOptions, keepPatchFiles, overwriteExistingContext, pull, push bool) error {
+func (q *Qliksense) ApplyCRFromReader(r io.Reader, opts *InstallCommandOptions, keepPatchFiles, overwriteExistingContext bool) error {
 	if err := q.LoadCr(r, overwriteExistingContext); err != nil {
 		return err
 	}
@@ -16,33 +15,16 @@ func (q *Qliksense) ApplyCRFromReader(r io.Reader, opts *InstallCommandOptions,
 	if err != nil {
 		return err
 	}
-	version := cr.GetLabelFromCr("version")
-
-	if pull {
-		fmt.Println("Pulling images...")
-		if err := q.PullImages(version, ""); err != nil {
-			return err
-		}
-	}
-	if push {
-		fmt.Println("Pushing images...")
-		if err := q.PushImagesForCurrentCR(); err != nil {
-			return err
-		}
-	}
-
 	if IsQliksenseInstalled(cr.GetName()) {
 		// it is needed in case want to upgrade from one version to another
 		if cr.Spec.ManifestsRoot == "" && cr.Spec.Git == nil {
-			if !qConfig.IsRepoExistForCurrent(version) {
-				if err := q.FetchQK8s(version); err != nil {
-					return err
-				}
+			if err := q.FetchQK8s(cr.GetLabelFromCr("version")); err != nil {
+				return err
 			}
 		}
 		return q.UpgradeQK8s(keepPatchFiles)
 	}
-	return q.InstallQK8s(version, opts, keepPatchFiles)
+	return q.InstallQK8s(cr.GetLabelFromCr("version"), opts, keepPatchFiles)
 }
 
 func IsQliksenseInstalled(crName string) bool {

pkg/qliksense/config.go

@@ -18,7 +18,7 @@ import (
 )
 
 const (
-	Q_INIT_CRD_PATH   = "manifests/base/crds"
+	Q_INIT_CRD_PATH   = "manifests/base/manifests/qliksense-init"
 	agreementTempalte = `
 	Please read the agreement at https://www.qlik.com/us/legal/license-terms
 	Accept the end user license agreement by providing acceptEULA=yes
@@ -146,22 +146,18 @@ func (q *Qliksense) getCurrentCrDependentResourceAsString() (string, error) {
 	var crString strings.Builder
 
 	for svcName, v := range qcr.Spec.Secrets {
-		hasFile := false
 		for _, item := range v {
 			if item.ValueFrom != nil && item.ValueFrom.SecretKeyRef != nil {
-				hasFile = true
-				break
-			}
-		}
-		if hasFile {
-			secretFilePath := filepath.Join(q.QliksenseHome, QliksenseContextsDir, qcr.GetName(), QliksenseSecretsDir, svcName+".yaml")
-			if api.FileExists(secretFilePath) {
-				secretFile, err := ioutil.ReadFile(secretFilePath)
-				if err != nil {
-					return "", err
+				secretFilePath := filepath.Join(q.QliksenseHome, QliksenseContextsDir, qcr.GetName(), QliksenseSecretsDir, svcName+".yaml")
+
+				if api.FileExists(secretFilePath) {
+					secretFile, err := ioutil.ReadFile(secretFilePath)
+					if err != nil {
+						return "", err
+					}
+					crString.WriteString("\n---\n")
+					crString.Write(secretFile)
 				}
-				crString.WriteString("\n---\n")
-				crString.Write(secretFile)
 			}
 		}
 	}

pkg/qliksense/confirmation.go

@@ -1,24 +0,0 @@
-package qliksense
-
-import (
-	"fmt"
-	"log"
-	"strings"
-)
-
-func AskForConfirmation(s string) bool {
-	for {
-		fmt.Printf("%s [y/n]: ", s)
-		var response string
-		_, err := fmt.Scanln(&response)
-		if err != nil {
-			log.Fatal(err)
-		}
-
-		if strings.EqualFold(response, "y") || strings.EqualFold(response, "yes") {
-			return true
-		} else if strings.EqualFold(response, "n") || strings.EqualFold(response, "no") {
-			return false
-		}
-	}
-}

pkg/qliksense/context_configs.go

@@ -1,9 +1,8 @@
 package qliksense
 
 import (
-	"errors"
+	"crypto/rsa"
 	"fmt"
-	"io"
 
 	"github.com/qlik-oss/k-apis/pkg/config"
 	"github.com/robfig/cron/v3"
@@ -34,27 +33,12 @@ const (
 	MaxContextNameLength    = 17
 	QliksenseSecretsDir     = "secrets"
 
-	imageRegistryConfigKey     = "imageRegistry"
-	pullSecretName             = "artifactory-docker-secret"
-	qliksenseOperatorImageRepo = "qlik-docker-oss.bintray.io"
-	qliksenseOperatorImageName = "qliksense-operator"
+	imageRegistryConfigKey = "imageRegistry"
+	pullSecretName         = "artifactory-docker-secret"
 )
 
-func (q *Qliksense) SetSecretsFromReader(arg string, reader io.Reader, createSecret, base64Encoded bool) error {
-	//take only name from the arguments, value should be from reader
-	argName := strings.SplitN(arg, "=", 1)
-	if len(argName) != 1 {
-		return errors.New("can only have one argument from pipe")
-	}
-	valueBytes, err := ioutil.ReadAll(reader)
-	if err != nil {
-		return err
-	}
-	return q.SetSecrets([]string{argName[0] + "=" + string(valueBytes)}, createSecret, base64Encoded)
-}
-
 // SetSecrets - set-secrets <key>=<value> commands
-func (q *Qliksense) SetSecrets(args []string, isSecretSet bool, base64Encoded bool) error {
+func (q *Qliksense) SetSecrets(args []string, isSecretSet bool) error {
 	qConfig := api.NewQConfig(q.QliksenseHome)
 	qliksenseCR, err := qConfig.GetCurrentCR()
 	if err != nil {
@@ -63,17 +47,17 @@ func (q *Qliksense) SetSecrets(args []string, isSecretSet bool, base64Encoded bo
 
 	// Metadata name in qliksense CR is the name of the current context
 	api.LogDebugMessage("Current context: %s", qliksenseCR.GetName())
-	encryptionKey, err := qConfig.GetEncryptionKeyForCurrent()
+	rsaPublicKey, _, err := qConfig.GetCurrentContextEncryptionKeyPair()
 	if err != nil {
 		return err
 	}
-	resultArgs, err := api.ProcessConfigArgs(args, base64Encoded)
+	resultArgs, err := api.ProcessConfigArgs(args)
 	if err != nil {
 		return err
 	}
 	for _, ra := range resultArgs {
 		api.LogDebugMessage("value args to be encrypted: %s", ra.Value)
-		if err := q.processSecret(ra, encryptionKey, qliksenseCR, isSecretSet); err != nil {
+		if err := q.processSecret(ra, rsaPublicKey, qliksenseCR, isSecretSet); err != nil {
 			return err
 		}
 	}
@@ -81,11 +65,14 @@ func (q *Qliksense) SetSecrets(args []string, isSecretSet bool, base64Encoded bo
 	return qConfig.WriteCR(qliksenseCR)
 }
 
-func (q *Qliksense) processSecret(ra *api.ServiceKeyValue, encryptionKey string, qliksenseCR *api.QliksenseCR, isSecretSet bool) error {
-	cipherText, e2 := api.EncryptData([]byte(ra.Value), encryptionKey)
+func (q *Qliksense) processSecret(ra *api.ServiceKeyValue, rsaPublicKey *rsa.PublicKey, qliksenseCR *api.QliksenseCR, isSecretSet bool) error {
+	// encrypt value with RSA key pair
+	valueBytes := []byte(ra.Value)
+	cipherText, e2 := api.Encrypt(valueBytes, rsaPublicKey)
 	if e2 != nil {
 		return e2
 	}
+	base64EncodedSecret := b64.StdEncoding.EncodeToString(cipherText)
 	secretName := ""
 	if isSecretSet {
 		secretFolder := qliksenseCR.GetK8sSecretsFolder(q.QliksenseHome)
@@ -117,8 +104,7 @@ func (q *Qliksense) processSecret(ra *api.ServiceKeyValue, encryptionKey string,
 		if k8sSecret.Data == nil {
 			k8sSecret.Data = map[string][]byte{}
 		}
-		// v1.Secret does enconding, so no need to encode again
-		k8sSecret.Data[ra.Key] = []byte(cipherText)
+		k8sSecret.Data[ra.Key] = []byte(base64EncodedSecret)
 
 		// Write secret to file
 		k8sSecretBytes, err := api.K8sSecretToYaml(k8sSecret)
@@ -131,28 +117,18 @@ func (q *Qliksense) processSecret(ra *api.ServiceKeyValue, encryptionKey string,
 			return err
 		}
 		api.LogDebugMessage("Created a Kubernetes secret")
+
+		// Prepare args to update CR in the next step
+		base64EncodedSecret = ""
 	}
-	base64EncodedSecret := b64.StdEncoding.EncodeToString([]byte(cipherText))
+
 	// write into CR the keyref of the secret
 	qliksenseCR.Spec.AddToSecrets(ra.SvcName, ra.Key, base64EncodedSecret, secretName)
 	return nil
 }
 
-func (q *Qliksense) SetConfigFromReader(arg string, reader io.Reader, base64Encoded bool) error {
-	//take only name from the arguments, value should be from reader
-	argName := strings.SplitN(arg, "=", 1)
-	if len(argName) != 1 {
-		return errors.New("can only have one argument from pipe")
-	}
-	valueBytes, err := ioutil.ReadAll(reader)
-	if err != nil {
-		return err
-	}
-	return q.SetConfigs([]string{argName[0] + "=" + string(valueBytes)}, base64Encoded)
-}
-
 // SetConfigs - set-configs <key>=<value> commands
-func (q *Qliksense) SetConfigs(args []string, base64Encoded bool) error {
+func (q *Qliksense) SetConfigs(args []string) error {
 	// retieve current context from config.yaml
 	qConfig := api.NewQConfig(q.QliksenseHome)
 	qliksenseCR, err := qConfig.GetCurrentCR()
@@ -160,7 +136,7 @@ func (q *Qliksense) SetConfigs(args []string, base64Encoded bool) error {
 		return err
 	}
 
-	resultArgs, err := api.ProcessConfigArgs(args, base64Encoded)
+	resultArgs, err := api.ProcessConfigArgs(args)
 	if err != nil {
 		return err
 	}
@@ -240,130 +216,43 @@ func (q *Qliksense) SetOtherConfigs(args []string) error {
 	}
 
 	for _, arg := range args {
-		if strings.HasPrefix(arg, "fetchSource.") {
-			if err := q.processSetFetchSource(arg, qliksenseCR); err != nil {
-				return err
-			}
-		} else if strings.HasPrefix(arg, "git.") {
-			if err := q.processSetGit(arg, qliksenseCR); err != nil {
-				return err
-			}
-		} else if strings.HasPrefix(arg, "gitOps.") {
-			if err := q.processSetGitOps(arg, qliksenseCR); err != nil {
-				return err
+		argsString := strings.Split(arg, "=")
+		key := strings.ToLower(argsString[0])
+		value := argsString[1]
+		// check if key is for git or gitops (sub objects)
+		keySplit := strings.Split(key, ".")
+		key = keySplit[0]
+		keySub := ""
+
+		if len(keySplit) == 2 {
+			keySub = strings.ToLower(keySplit[1])
+		}
+
+		valid := true
+		valid, qliksenseCR = validateCR(key, keySub, value, qliksenseCR)
+		field := caseInsenstiveFieldByName(reflect.Indirect(reflect.ValueOf(qliksenseCR.Spec)), key)
+		if !valid {
+			err := fmt.Errorf("Please enter one of: profile, storageClassName,rotateKeys, manifestRoot, git.repository or gitops arguments to configure the current context")
+			return err
+		} else if strings.EqualFold("", keySub) {
+			// set spec for everything excluding git and gitops
+			if field.CanSet() {
+				field.SetString(value)
 			}
 		} else {
-			if err := processSetSingleArg(arg, qliksenseCR); err != nil {
-				return err
+			// set spec for git or gitops
+			subField := caseInsenstiveFieldByName(reflect.Indirect(field), keySub)
+			if subField.CanSet() {
+				subField.SetString(value)
 			}
 		}
+
 		fmt.Println(chalk.Green.Color("Successfully added to Custom Resource Spec"))
 	}
-
 	// write modified content into context.yaml
 	return qConfig.WriteCR(qliksenseCR)
 }
 
-func processSetSingleArg(arg string, cr *api.QliksenseCR) error {
-	nv := strings.Split(arg, "=")
-	switch nv[0] {
-	case "manifestsRoot":
-		cr.Spec.ManifestsRoot = nv[1]
-	case "profile":
-		cr.Spec.Profile = nv[1]
-	case "storageClassName":
-		cr.Spec.StorageClassName = nv[1]
-	case "rotateKeys":
-		valid := false
-		for _, v := range []string{"yes", "no", "None"} {
-			if nv[1] == v {
-				valid = true
-			}
-		}
-		if !valid {
-			return errors.New("please povide rotateKeys=yes|no|None")
-		}
-		cr.Spec.RotateKeys = nv[1]
-	default:
-		return errors.New("Please enter one of: profile, storageClassName,rotateKeys, manifestRoot to configure the current context")
-	}
-	return nil
-}
-
-func (q *Qliksense) processSetFetchSource(arg string, cr *api.QliksenseCR) error {
-	args := strings.Split(arg, "=")
-	subs := strings.Split(args[0], ".")
-	if cr.Spec.FetchSource == nil {
-		cr.Spec.FetchSource = &config.Repo{}
-	}
-	switch subs[1] {
-	case "repository":
-		cr.Spec.FetchSource.Repository = args[1]
-	case "accessToken":
-		qConfig := api.NewQConfig(q.QliksenseHome)
-		key, err := qConfig.GetEncryptionKeyFor(cr.GetName())
-		if err != nil {
-			return err
-		}
-		return cr.SetFetchAccessToken(args[1], key)
-	case "secretName":
-		cr.Spec.FetchSource.SecretName = args[1]
-	case "userName":
-		cr.Spec.FetchSource.UserName = args[1]
-	default:
-		return errors.New(arg + " does not match any cr spec")
-	}
-	return nil
-}
-
-func (q *Qliksense) processSetGit(arg string, cr *api.QliksenseCR) error {
-	args := strings.Split(arg, "=")
-	subs := strings.Split(args[0], ".")
-	if cr.Spec.Git == nil {
-		cr.Spec.Git = &config.Repo{}
-	}
-	switch subs[1] {
-	case "repository":
-		cr.Spec.Git.Repository = args[1]
-	case "accessToken":
-		cr.Spec.Git.AccessToken = args[1]
-	case "secretName":
-		cr.Spec.Git.SecretName = args[1]
-	case "userName":
-		cr.Spec.Git.UserName = args[1]
-	default:
-		return errors.New(arg + " does not match any cr spec")
-	}
-	return nil
-}
-
-func (q *Qliksense) processSetGitOps(arg string, cr *api.QliksenseCR) error {
-	args := strings.Split(arg, "=")
-	subs := strings.Split(args[0], ".")
-	if cr.Spec.Git == nil {
-		cr.Spec.GitOps = &config.GitOps{}
-	}
-	switch subs[1] {
-	case "enabled":
-		if args[1] != "yes" && args[1] != "no" {
-			return errors.New("Please use yes or no for key enabled")
-		}
-		cr.Spec.GitOps.Enabled = args[1]
-	case "schedule":
-		if _, err := cron.ParseStandard(args[1]); err != nil {
-			return errors.New("Please enter string with standard cron scheduling syntax ")
-		}
-		cr.Spec.GitOps.Schedule = args[1]
-	case "watchBranch":
-		cr.Spec.GitOps.WatchBranch = args[1]
-	case "image":
-		cr.Spec.GitOps.Image = args[1]
-	default:
-		return errors.New(arg + " does not match any cr spec")
-	}
-	return nil
-}
-
 // SetContextConfig - set the context for qliksense kubernetes resources to live in
 func (q *Qliksense) SetContextConfig(args []string) error {
 	if len(args) == 1 {
@@ -403,7 +292,7 @@ func (q *Qliksense) ListContextConfigs() error {
 	return nil
 }
 
-func (q *Qliksense) DeleteContextConfig(args []string, flag bool) error {
+func (q *Qliksense) DeleteContextConfig(args []string) error {
 	if len(args) == 1 {
 		qliksenseConfigFile := filepath.Join(q.QliksenseHome, QliksenseConfigFile)
 		var qliksenseConfig api.QliksenseConfig
@@ -445,17 +334,9 @@ func (q *Qliksense) DeleteContextConfig(args []string, flag bool) error {
 					}
 					newLength := len(qliksenseConfig.Spec.Contexts)
 					if currentLength != newLength {
-						ans := flag
-						if ans == false {
-							ans = AskForConfirmation("Are You Sure? ")
-						}
-						if ans == true {
-							api.WriteToFile(&qliksenseConfig, qliksenseConfigFile)
-							fmt.Fprintln(out, chalk.Yellow.Color(chalk.Underline.TextStyle("Warning: Active resources may still be running in-cluster")))
-							fmt.Fprintln(out, chalk.Green.Color("Successfully deleted context: "), chalk.Bold.TextStyle(args[0]))
-						} else {
-							return nil
-						}
+						api.WriteToFile(&qliksenseConfig, qliksenseConfigFile)
+						fmt.Fprintln(out, chalk.Yellow.Color(chalk.Underline.TextStyle("Warning: Active resources may still be running in-cluster")))
+						fmt.Fprintln(out, chalk.Green.Color("Successfully deleted context: "), chalk.Bold.TextStyle(args[0]))
 					} else {
 						err := fmt.Errorf(chalk.Red.Color("Context not found"))
 						return err
@@ -520,7 +401,7 @@ func (q *Qliksense) SetUpQliksenseContext(contextName string) error {
 	}
 
 	// set the encrypted default mongo
-	return q.SetSecrets([]string{`qliksense.mongoDbUri="mongodb://qlik-default-mongodb:27017/qliksense?ssl=false"`}, false, false)
+	return q.SetSecrets([]string{`qliksense.mongoDbUri="mongodb://qlik-default-mongodb:27017/qliksense?ssl=false"`}, false)
 }
 
 func validateInput(input string) (string, error) {
@@ -541,8 +422,7 @@ func validateInput(input string) (string, error) {
 	return input, err
 }
 
-// PrepareK8sSecret targetFile contains base64 encoded value of encrypted value.
-// this method decodes and decrypts the secret value in the secret.yaml file and returns a B64encoded string
+// PrepareK8sSecret decodes and decrypts the secret value in the secret.yaml file and returns a B64encoded string
 func (q *Qliksense) PrepareK8sSecret(targetFile string) (string, error) {
 	// check if targetFile exists
 	if !api.FileExists(targetFile) {
@@ -551,7 +431,7 @@ func (q *Qliksense) PrepareK8sSecret(targetFile string) (string, error) {
 		return "", err
 	}
 	qConfig := api.NewQConfig(q.QliksenseHome)
-	encryptionKey, err := qConfig.GetEncryptionKeyForCurrent()
+	_, rsaPrivateKey, err := qConfig.GetCurrentContextEncryptionKeyPair()
 	if err != nil {
 		return "", err
 	}
@@ -569,13 +449,17 @@ func (q *Qliksense) PrepareK8sSecret(targetFile string) (string, error) {
 	dataMap := k8sSecret1.Data
 	var resultMap = make(map[string][]byte)
 	for k, v := range dataMap {
-		//k8s secrets has already base64 decoed value
-		decryptedString, err := api.DecryptData(v, encryptionKey)
+		ba, err := b64.StdEncoding.DecodeString(string(v))
+		if err != nil {
+			err := fmt.Errorf("Not able to decode message: %v", err)
+			return "", err
+		}
+		decryptedString, err := api.Decrypt(ba, rsaPrivateKey)
 		if err != nil {
 			err := fmt.Errorf("Not able to decrypt message: %v", err)
 			return "", err
 		}
-		resultMap[k] = []byte(decryptedString)
+		resultMap[k] = decryptedString
 	}
 
 	// putting the above map back into the k8sSecret struct

pkg/qliksense/context_configs_test.go

@@ -35,35 +35,119 @@ metadata:
   name: testctx-qliksense-senseinstaller
 type: Opaque
 `
+var encText = "SFpVZ2t5SGsrN2lLQjlTYm9rbFUxSDFRcmVYdUxhTW9MUHlQOGtGditxMEcwZTlIZDl1dVRrV0tEYm5qUURSWFp3dStuNklueGk3anI2c1djSVdsbWlKTHdWQUJwdUg0a1NXd3llMUlMa2oxK3FRSFlMM2dQUExvN1pBYkVDeDROMUVvam12M0t0NmQwbkdhSXlWWEpmWWJUVVFDM1Y4L0ZTVXBVN0JUb0l4OVZWdmlPam5HTHk4RlF2a3RUaHJxWTUvZEh2N3pVUmhiOTc2Q2YwbEovZ3I2L2NwRk9RMUFXVXdodVhrTG9lYjVzNFdtTEZzNldqT3k0bWlKM1J6VllLaWVUSFJ2SE85eDB6dUthanRwSGEzWEZkaE5QNnpySVJJNTRFalUyblVYYUNlYXVnWnZEOUxjdWluOFhFcjExbkFINURCUDAycXhoZk5BejVoMlV2eFNWVmR0aW1QTDBhMVBJTUxGQTgyWUkrQkFOQkhkSUNnZGU5SkxIRFBoTzR6c0llaE1LRmhVQkNoOUhQa3kyRnhTeDJ3YWp3M1UycEsvcFJVZUxDazRUbkhmL25LN3h5ekdpV3dSUFFFZHdsWE5JbUhjVlVPV3gvNWh4WlJCUTZtb3pGYk1HbXR1Mkh5Z3RVV2gzNFYzd1BhS01TNFRsa0hyODFjRjVCWVpxenBFK1pKWnVyLy8zbzJsU0tFMjMxTG1pcGk1K0FqbXZvUVcyWHBocjFNVWJQY1pXUkJFRkkyQXBCM0FhQXFPa0k1MkRqNG43Mko5bCtaMzdydTk1aHk5K1lzY0FxMjZVbExYRlc0S3RUUkRLSjlMNnVmdlIrUUNudER3em5UTFRHUnEwZU5COWt6S0Q4MFlUdXozeHNXK3cxdjlHbDJaMnBZMTZWTCtEV1k9"
 var decText = "mongodb://qlik-default-mongodb:27017/qliksense?ssl=false"
 
-func setupTargetFileAndPrivateKey() (string, string, error) {
+func setupTargetFileAndPrivateKey() ([]byte, []byte, string, error) {
+	targetFileString := fmt.Sprintf(targetFileStringTemplate, encText)
+	privKeyBytes := []byte(`-----BEGIN RSA PRIVATE KEY-----
+MIIJJwIBAAKCAgEApFf3qCQhAr2QLRRZdhLyB8exLjrQiXLr8hwDe0xHSLJX3w7v
+5z4ujJWrHUulQ2/hvS8uffxMVrp2YqeA4sjy/ku1KqZVQv/WNTdL2v9Z1ewbRnBj
+DQvmkWDKZ+cP8VPdHGzQ4iM2z6BZ4RQTkdQMKqsVwUsLO9amI2TOny/M696eFRW0
+pk4+W3QZZRawT0HqJPvKKXKqoO2+62W54rOV8glJi29Do06e4S6CZUl1hBUy0VlL
+trLlRSOHTois0dF2a9f7+GGgU11MHO6w1k1NesSlfZ0vnrrkW8WFLqewk+Jj+w1x
+eQnYHOeHjx6zi9f9DC96eSylSB3iJ71NmXcMc0IEZ2LiQIqTL83BLOgMBCsK3FSl
+GMakQUR2GJ+M0I/selYkRMhid6eOmhlsTNMPbpcTHxZ+ReIzS+5B1X0FZ7RIL+jS
+L9mFcxmD3dxurrrt/DkLpXcuWdi1s1bpVn3jIQhU0+bgA6hT0k8Kj2f3Q9QnvkHS
+Eff+XyLvLwQeSsSAcnM+1I7fNSPEo2cq0au6ZtjHcirXmMminAQ6cKW1XrEvJBef
+HHibtjJjIM4bHH7MKRA5H3km/J4CCwI1VogSTcE05Z6ypAFU2TCrnec9c9VXkRDP
+94h0GuoG8sdhmQudqvghr/8T7CV+sGRQbdeqrXwanfnGPrjcMVIO/dSOxOUCAwEA
+AQKCAgA5b2TmJnpC8u0IVCxPz582iNurRHLNFpTPMGsnFCl1hp6fHiFJt7mc+FGt
+E1rWjqtd6rdc4Gfth40IPXIV0BTcOqk+FpOFrtO2FXU1PDixQqrlmzGCxb324NTc
+KyyvMpf77yuxXI0zUt8WgmW0eV8nKlOYEhoC96lohTqQ96uuY0bsJ4HS/VVdsN2P
+Lra/fFHQSw8EHUb0pyIqMoscZ5bn18cUK/Z/hGKSYCbCL0Iavy3bbFHBsBPgbeJD
+2BBN4953Iiy1Sak2eUy4b9LtkmaZmVAc7mpOFxLn38gD3icgB+bZPoGBw6b7sw71
+Pc2R+hI9x/oNj0TUR11adhZApBJ9RhBbnSCUt8OUt9U5prNj+9qs8cHJGywtz1da
+ZT1M6mn2MFSsaOyOlJPzGUzSf4AhI7HiouDpLHtHDqLmc8Vv4rZUqrcFw6kZTCY5
+564yE8hh/UimOgQr7467/hADHZ0kBsupFEDWRqQ3qTIikHmGhTYZehDrSGL/3BMG
+rvsFdv0krUHyW4FfHqPN09jfP3LTqd5vVbzRhxcGsoGmP/1kXIDtO8Cp1s/K6Mse
+tInRCRla8ttZ3CZZ+Vf8HLi/n8XSRfbnMGYi7lVVxnp6kNsTEBgosbdU/r1zbMRJ
+8mMMHygyugaRLHmOD/8fkWLfyR88cxPH8u9NufTfvJgiFpZboQKCAQEA0uSU6IGZ
+pXIVZdmDWt4mxpS5T2UYarw3V9z/Isd3kkUU5YrC2XrvPRwmx5Jh9GXl9WENYJAR
+wH7PaJT0HpBwpxJa1RqHHDSka7DnDcy44oRXyM7e2AmcW8QvcDty/0HPo4oZq4IT
+m/+ot1R+bIpmJOweGRhVauzxJEUlQyt+kiH/ad8GiOS6LwqFPq42alnUxPQ106wF
+EZZ2WQdzkyV6tF9aMG18AT1fJsGwNjCLRxJ52t/aEUP5mYwlL2UTT5Acn8KbtrTO
+fFLAxGuB9LDdT1tGgIpzsXmxAaaeuPvSK4TDFdQyLAUdQJdz0GD9j9ciMPQH3UPe
+Vjt6qtpfY6QK2wKCAQEAx36Vys5BlQI0TG6qORI0fiOYpLG1GqmdbCNRgBUsMj5T
+LFe7uSd4qnDvGmns4MdkSSOlpF17bQiWhWKbjKRQpT0U/46zcIT4pWyajXJe+i9H
+M/DpSRkMq2kGkx6KX2u9L66QBzcxJjtS17amdSpDAfsrvJgOWkxxInzw9n1u6aTe
+ZjRDXdVX0KjPebEPOaoJToxne21Od3t+47TnDsQPsO1dvvrXX76IfH8cAlD5+0C/
+b2YvDqWDmh9ICjKShwuDWgi4KjCV5PMHCIxH0FQ2L6mSbwIb9YgGin3wjN3KbWqz
+dgEu7MeDxEwxZSSg4OstYVLQVgM39G/2ZA4YVJEbPwKCAQAo9FjymhBzb6c2Izp+
+D/wpvkIKaBCI0cpRlso5P9E5p466UOsr/tKs5GWnhgbdxlgVAebuJKw93KJ8pciO
+kvA9kbPwBHnOgW6Ytz73kBUrcBX4GixueddSftPTkMfxSB+Bm9UGWHlkZw6lo5P1
+kh7p9qyVpQMZg7AEoiTtWWn4CQAn2DbVqM17Syi7Fmvc1VsbcG1vkM1fMAAFpAvO
+vI2Kr6W9F9XoC7oJtb15mI3DnJPrbGNVzQSQzAWAoblRTyQv5kQFBDHBNPTYcCRJ
+l3sy6P/VAI4dHgvAzVGvjL+w0dRszct8fvXCUGceRWeYYmfyZ8GLN53a0ywsN8Ik
+gHvXAoIBACee5HEa9bt6bJihgf1DuFk1CKPtB2L8PN+1RAKEMfrolexAoG/tfvGa
+7GH6l6ks8KX2BnfWeST2h66GHw6Xs8ydjQYUeV7nidqQ70EYbfSSXznZpvt1liaU
+/VFKx4CcDT7jFIfaVlCZh6KADB9I/XXvRIh4SqF0fSO0XMcXsmeE7watapPAQ2iV
+nl804yk4tBB9oi/JTcQ9Kr5et2UfW15wRiYf+5ZwaPsQ46cyHfPgsCSXztDB3plF
+jTE5ShC4IKZJBQqcC6kk+0ifU8P0da6RpxuU96iUE3h9+sB/bCy+/FV7dq5gEbNy
+znygAbOqAaFKqUXr7bkGY5ELm5lwGFECggEACcyaF9mMqLGghR55ew+cMmdeYdK3
+meMLi5nrgtbQpVLlz+IV7Vdmrv7lZjeTr4nvU/5miU+p+If14CCFBiSucGq3Kmyp
+OSM5cNCjDhw8uIDfY2qWCrZ2NSMR3qaAoBAQyQ2ER1IL98TDF/Qui0ZatbPiM4Ns
+GErhkBZh3MCDSt24yiVKcUB79BxatWB4K7h7y8wqpX4Rj7rpfJMF7wz/I1cgyuCE
+7XFpRwj7F1B2MmXnvV3KAgAD0EqrJDLeM0vIlDhpOUEaFUkuqmQyeB8qQkWfyXbD
+jzloS3cNq0MBijB8oixwD2b4dVhBM7z8vQMX6OntN+97luWgO8OIukoYAg==
+-----END RSA PRIVATE KEY-----
+`)
 
-	secretKeyLocation := filepath.Join(testDir, secrets, contexts, qlikDefaultContext, secrets)
-	if err := os.MkdirAll(secretKeyLocation, 0777); err != nil {
+	publicKeyBytes := []byte(`-----BEGIN RSA PUBLIC KEY-----
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApFf3qCQhAr2QLRRZdhLy
+B8exLjrQiXLr8hwDe0xHSLJX3w7v5z4ujJWrHUulQ2/hvS8uffxMVrp2YqeA4sjy
+/ku1KqZVQv/WNTdL2v9Z1ewbRnBjDQvmkWDKZ+cP8VPdHGzQ4iM2z6BZ4RQTkdQM
+KqsVwUsLO9amI2TOny/M696eFRW0pk4+W3QZZRawT0HqJPvKKXKqoO2+62W54rOV
+8glJi29Do06e4S6CZUl1hBUy0VlLtrLlRSOHTois0dF2a9f7+GGgU11MHO6w1k1N
+esSlfZ0vnrrkW8WFLqewk+Jj+w1xeQnYHOeHjx6zi9f9DC96eSylSB3iJ71NmXcM
+c0IEZ2LiQIqTL83BLOgMBCsK3FSlGMakQUR2GJ+M0I/selYkRMhid6eOmhlsTNMP
+bpcTHxZ+ReIzS+5B1X0FZ7RIL+jSL9mFcxmD3dxurrrt/DkLpXcuWdi1s1bpVn3j
+IQhU0+bgA6hT0k8Kj2f3Q9QnvkHSEff+XyLvLwQeSsSAcnM+1I7fNSPEo2cq0au6
+ZtjHcirXmMminAQ6cKW1XrEvJBefHHibtjJjIM4bHH7MKRA5H3km/J4CCwI1VogS
+TcE05Z6ypAFU2TCrnec9c9VXkRDP94h0GuoG8sdhmQudqvghr/8T7CV+sGRQbdeq
+rXwanfnGPrjcMVIO/dSOxOUCAwEAAQ==
+-----END RSA PUBLIC KEY-----
+`)
+
+	targetFile := filepath.Join(testDir, "targetfile.yaml")
+	// tests/config.yaml exists
+	err := ioutil.WriteFile(targetFile, []byte(targetFileString), 0777)
+	if err != nil {
+		log.Printf("Error while creating file: %v", err)
+		return nil, nil, "", err
+	}
+
+	secretKeyPairDir := filepath.Join(testDir, secrets, contexts, qlikDefaultContext, secrets)
+	if err := os.MkdirAll(secretKeyPairDir, 0777); err != nil {
 		err = fmt.Errorf("Not able to create directories")
 		log.Fatal(err)
 	}
-	os.Setenv("QLIKSENSE_KEY_LOCATION", secretKeyLocation)
+	os.Setenv("QLIKSENSE_KEY_LOCATION", secretKeyPairDir)
 
-	//privKeyFile := filepath.Join(secretKeyLocation, "user_secret_key")
-	key, err := api.LoadSecretKey(secretKeyLocation)
-	if key == "" {
-		key, err = api.GenerateAndStoreSecretKey(secretKeyLocation)
-	}
-	encData, _ := api.EncryptData([]byte(decText), key)
-	encText := b64.StdEncoding.EncodeToString(encData)
-
-	targetFileString := fmt.Sprintf(targetFileStringTemplate, encText)
-	targetFile := filepath.Join(testDir, "targetfile.yaml")
-	// tests/config.yaml exists
-	err = ioutil.WriteFile(targetFile, []byte(targetFileString), 0777)
+	privKeyFile := filepath.Join(secretKeyPairDir, "qliksensePriv")
+	// construct and write priv key file into secretsDir location
+	err = ioutil.WriteFile(privKeyFile, privKeyBytes, 0777)
 	if err != nil {
 		log.Printf("Error while creating file: %v", err)
-		return "", "", err
+		return nil, nil, "", err
 	}
+	pubKeyFile := filepath.Join(secretKeyPairDir, "qliksensePub")
+	api.LogDebugMessage("Test setup - \npub key path: %s\n, priv key path: %s\n", pubKeyFile, privKeyFile)
+	// construct and write pub key file into secretsDir location
+	err = ioutil.WriteFile(pubKeyFile, publicKeyBytes, 0777)
+	if err != nil {
+		log.Printf("Error while creating file: %v", err)
+		return nil, nil, "", err
+	}
+	return publicKeyBytes, privKeyBytes, targetFile, nil
+}
 
-	return targetFile, key, err
+func removePrivateKey() {
+	err := os.Remove(filepath.Join(testDir, secrets, contexts, qlikDefaultContext, secrets, "qliksensePriv"))
+	if err != nil {
+		log.Fatalf("Could not delete private key %v", err)
+	}
+	return
 }
 
 func setup() func() {
@@ -244,7 +328,7 @@ func TestSetOtherConfigs(t *testing.T) {
 				q: &Qliksense{
 					QliksenseHome: testDir,
 				},
-				args: []string{"profile=minikube", "rotateKeys=yes", "storageClassName=efs", "gitOps.enabled=yes", "gitOps.schedule=30 * * * *", "git.repository=master", "git.userName=foo", "git.accessToken=1234"},
+				args: []string{"profile=minikube", "rotateKeys=yes", "storageClassName=efs", "gitops.enabled=yes", "gitops.schedule=30 * * * *", "git.repository=master", "git.username=foo", "git.accesstoken=1234"},
 			},
 			wantErr: false,
 		},
@@ -254,7 +338,7 @@ func TestSetOtherConfigs(t *testing.T) {
 				q: &Qliksense{
 					QliksenseHome: testDir,
 				},
-				args: []string{"someconfig=somevalue, gitOps.schedule=bar", "gitOps.enabled=bar", "git.foo=bar", "rotateKeys=bar"},
+				args: []string{"someconfig=somevalue, gitops.schedule=bar", "gitops.enabled=bar", "git.foo=bar", "rotatekeys=bar"},
 			},
 			wantErr: true,
 		},
@@ -305,7 +389,7 @@ func TestSetConfigs(t *testing.T) {
 	defer tearDown()
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			if err := tt.args.q.SetConfigs(tt.args.args, false); (err != nil) != tt.wantErr {
+			if err := tt.args.q.SetConfigs(tt.args.args); (err != nil) != tt.wantErr {
 				t.Errorf("SetConfigs() error = %v, wantErr %v", err, tt.wantErr)
 			}
 		})
@@ -424,14 +508,9 @@ spec:
 		})
 	}
 }
-func removePrivateKey() {
-	err := os.Remove(filepath.Join(testDir, secrets, contexts, qlikDefaultContext, secrets, "user_secret_key"))
-	if err != nil {
-		log.Fatalf("Could not delete private key %v", err)
-	}
-	return
-}
+
 func Test_PrepareK8sSecret(t *testing.T) {
+
 	type fields struct {
 		QliksenseHome string
 	}
@@ -451,7 +530,7 @@ func Test_PrepareK8sSecret(t *testing.T) {
 			wantErr: false,
 			setup: func() (string, func()) {
 				tearDown := setup()
-				targetFile, _, _ := setupTargetFileAndPrivateKey()
+				_, _, targetFile, _ := setupTargetFileAndPrivateKey()
 				return targetFile, tearDown
 			},
 		},
@@ -464,7 +543,7 @@ func Test_PrepareK8sSecret(t *testing.T) {
 			wantErr: true,
 			setup: func() (string, func()) {
 				tearDown := setup()
-				targetFile, _, _ := setupTargetFileAndPrivateKey()
+				_, _, targetFile, _ := setupTargetFileAndPrivateKey()
 				removePrivateKey()
 				return targetFile, tearDown
 			},
@@ -478,7 +557,8 @@ func Test_PrepareK8sSecret(t *testing.T) {
 			wantErr: true,
 			setup: func() (string, func()) {
 				tearDown := setup()
-				setupTargetFileAndPrivateKey()
+				_, _, _, _ = setupTargetFileAndPrivateKey()
+				removePrivateKey()
 				return "", tearDown
 			},
 		},
@@ -558,7 +638,6 @@ func Test_SetSecrets(t *testing.T) {
 	type args struct {
 		args        []string
 		isSecretSet bool
-		base64      bool
 	}
 	tests := []struct {
 		name    string
@@ -577,18 +656,6 @@ func Test_SetSecrets(t *testing.T) {
 			},
 			wantErr: false,
 		},
-		{
-			name: "valid secret secrets=false base64 encoded",
-			fields: fields{
-				QliksenseHome: testDir,
-			},
-			args: args{
-				args:        []string{"qliksense.mongoDbUri=bW9uZ29kYjovL3FsaWstZGVmYXVsdC1tb25nb2RiOjI3MDE3L3FsaWtzZW5zZT9zc2w9ZmFsc2U="},
-				isSecretSet: false,
-				base64:      true,
-			},
-			wantErr: false,
-		},
 		{
 			name: "test1 valid secret secrets=true",
 			fields: fields{
@@ -624,17 +691,22 @@ func Test_SetSecrets(t *testing.T) {
 		},
 	}
 	tearDown := setup()
-	_, encryptionKey, err := setupTargetFileAndPrivateKey()
+	_, privateKeyBytes, _, err := setupTargetFileAndPrivateKey()
 	if err != nil {
 		t.FailNow()
 	}
 	defer tearDown()
+
+	privKey, err := api.DecodeToPrivateKey(privateKeyBytes)
+	if err != nil {
+		t.FailNow()
+	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			q := &Qliksense{
 				QliksenseHome: tt.fields.QliksenseHome,
 			}
-			if err := q.SetSecrets(tt.args.args, tt.args.isSecretSet, tt.args.base64); (err != nil) != tt.wantErr {
+			if err := q.SetSecrets(tt.args.args, tt.args.isSecretSet); (err != nil) != tt.wantErr {
 				t.Errorf("SetSecrets() error = %v, wantErr %v", err, tt.wantErr)
 				t.FailNow()
 			}
@@ -645,10 +717,7 @@ func Test_SetSecrets(t *testing.T) {
 			// extract the value for testing
 			testValueArr := strings.SplitN(tt.args.args[0], "=", 2)
 			testValue := strings.ReplaceAll(testValueArr[1], "\"", "")
-			if tt.args.base64 {
-				d, _ := b64.StdEncoding.DecodeString(testValue)
-				testValue = strings.Trim(string(d), "\n ")
-			}
+
 			qliksenseCR, err := readCRFile()
 			if err != nil {
 				err = fmt.Errorf("Not able to read from context file: %v", err)
@@ -665,7 +734,13 @@ func Test_SetSecrets(t *testing.T) {
 							log.Printf("decode error: %v", err)
 							t.FailNow()
 						}
-						decryptedVal, err := api.DecryptData([]byte(valToBeEncrypted), encryptionKey)
+						decodedValue, err := b64.StdEncoding.DecodeString(valToBeEncrypted)
+						if err != nil {
+							err := fmt.Errorf("Error occurred while decoding: %v", err)
+							log.Printf("decode error: %v", err)
+							t.FailNow()
+						}
+						decryptedVal, err := api.Decrypt(decodedValue, privKey)
 						if err != nil {
 							err := fmt.Errorf("Error occurred while testing decryption: %v", err)
 							log.Printf("No Data in Secret: %v", err)
@@ -706,8 +781,7 @@ func getValueToBeDecodedForSetSecrets(item config.NameValue, qliksenseCR *api.Ql
 	}
 	// secret=false
 	if item.Value != "" {
-		b, err := b64.RawStdEncoding.DecodeString(item.Value)
-		return string(b), err
+		return item.Value, nil
 	}
 	err := fmt.Errorf("Both Value and ValueFrom are empty")
 	return "", err
@@ -855,10 +929,9 @@ func TestDeleteContexts(t *testing.T) {
 			q := New(tt.args.qlikSenseHome)
 			var arg []string
 			arg = append(arg, tt.args.contextName)
-			if err := q.DeleteContextConfig(arg, true); (err != nil) != tt.wantErr {
+			if err := q.DeleteContextConfig(arg); (err != nil) != tt.wantErr {
 				t.Errorf("DeleteContext() error = %v, wantErr %v", err, tt.wantErr)
 			}
-
 		})
 	}
 

pkg/qliksense/crds.go

@@ -2,7 +2,6 @@ package qliksense
 
 import (
 	"fmt"
-	"os"
 	"path/filepath"
 
 	qapi "github.com/qlik-oss/sense-installer/pkg/api"
@@ -86,10 +85,6 @@ func getQliksenseInitCrd(qcr *qapi.QliksenseCR) (string, error) {
 	}
 
 	qInitMsPath := filepath.Join(repoPath, Q_INIT_CRD_PATH)
-	if _, err := os.Lstat(qInitMsPath); err != nil {
-		// older version of qliksense-init used
-		qInitMsPath = filepath.Join(repoPath, "manifests/base/manifests/qliksense-init")
-	}
 	qInitByte, err := ExecuteKustomizeBuild(qInitMsPath)
 	if err != nil {
 		fmt.Println("cannot generate crds for qliksense-init", err)

pkg/qliksense/docker.go

@@ -31,10 +31,8 @@ const (
 func (q *Qliksense) PullImages(version, profile string) error {
 	qConfig := qapi.NewQConfig(q.QliksenseHome)
 	if version != "" {
-		if !qConfig.IsRepoExistForCurrent(version) {
-			if err := q.FetchQK8s(version); err != nil {
-				return err
-			}
+		if err := q.FetchQK8s(version); err != nil {
+			return err
 		}
 	}
 	qcr, err := qConfig.GetCurrentCR()
@@ -46,8 +44,8 @@ func (q *Qliksense) PullImages(version, profile string) error {
 	}
 	if profile != "" {
 		qcr.Spec.Profile = profile
-		if err := qConfig.WriteCR(qcr); err != nil {
-			return err
+		if e := qConfig.WriteCR(qcr); e != nil {
+			return e
 		}
 	}
 	return q.PullImagesForCurrentCR()
@@ -75,7 +73,7 @@ func (q *Qliksense) PullImagesForCurrentCR() error {
 	}
 
 	images := versionOut.Images
-	if err := q.appendAdditionalImages(&images, qcr); err != nil {
+	if err := q.appendOperatorImages(&images); err != nil {
 		return err
 	}
 
@@ -95,19 +93,6 @@ func (q *Qliksense) PullImagesForCurrentCR() error {
 	return nil
 }
 
-func (q *Qliksense) appendGitOpsImage(images *[]string, qcr *qapi.QliksenseCR) {
-	if qcr.Spec.GitOps != nil && qcr.Spec.GitOps.Image != "" {
-		*images = append(*images, qcr.Spec.GitOps.Image)
-	}
-}
-
-func (q *Qliksense) appendPreflightImages(images *[]string) {
-	pf := qapi.NewPreflightConfig(q.QliksenseHome)
-	for _, preflightImage := range pf.GetImageMap() {
-		*images = append(*images, preflightImage)
-	}
-}
-
 func (q *Qliksense) appendOperatorImages(images *[]string) error {
 	if operatorImages, err := getImageList([]byte(q.GetOperatorControllerString())); err != nil {
 		return err
@@ -155,6 +140,7 @@ func pullImage(image, imagesDir string) error {
 	return nil
 }
 
+// TagAndPushImages ...
 func (q *Qliksense) PushImagesForCurrentCR() error {
 	qConfig := qapi.NewQConfig(q.QliksenseHome)
 	qcr, err := qConfig.GetCurrentCR()
@@ -169,7 +155,7 @@ func (q *Qliksense) PushImagesForCurrentCR() error {
 	if err != nil {
 		if os.IsNotExist(err) {
 			dockerConfigJsonSecret = &qapi.DockerConfigJsonSecret{
-				Uri: qcr.Spec.GetImageRegistry(),
+				Uri: qcr.GetImageRegistry(),
 			}
 		} else {
 			return err
@@ -187,7 +173,7 @@ func (q *Qliksense) PushImagesForCurrentCR() error {
 	}
 
 	images := versionOut.Images
-	if err := q.appendAdditionalImages(&images, qcr); err != nil {
+	if err := q.appendOperatorImages(&images); err != nil {
 		return err
 	}
 
@@ -208,15 +194,6 @@ func (q *Qliksense) PushImagesForCurrentCR() error {
 	return nil
 }
 
-func (q *Qliksense) appendAdditionalImages(images *[]string, qcr *qapi.QliksenseCR) error {
-	if err := q.appendOperatorImages(images); err != nil {
-		return err
-	}
-	q.appendGitOpsImage(images, qcr)
-	q.appendPreflightImages(images)
-	return nil
-}
-
 func pushImage(image, imagesDir string, dockerConfigJsonSecret *qapi.DockerConfigJsonSecret) error {
 	imageNameParts := getImageNameParts(image)
 	srcDir := filepath.Join(imagesDir, imageIndexDirName, imageNameParts.name, imageNameParts.tag)

pkg/qliksense/docker_test.go

@@ -68,9 +68,6 @@ const (
 )
 
 func Test_Pull_Push_ImagesForCurrentCR(t *testing.T) {
-	if testing.Short() {
-		t.Skip("Skipping pull/push tests in short mode")
-	}
 	var testCases = []struct {
 		name              string
 		registryAuth      bool
@@ -134,7 +131,7 @@ func Test_Pull_Push_ImagesForCurrentCR(t *testing.T) {
 			}
 			q := &Qliksense{
 				QliksenseHome: tmpQlikSenseHome,
-				CrdBox:        &packr.Box{},
+				CrdBox:        packr.New("crds", "./crds"),
 			}
 			var versionOut VersionOutput
 
@@ -173,88 +170,29 @@ func Test_Pull_Push_ImagesForCurrentCR(t *testing.T) {
 	}
 }
 
-func Test_appendAdditionalImages(t *testing.T) {
-	tmpQlikSenseHome, err := ioutil.TempDir("", "tmp-qlik-sense-home-")
-	if err != nil {
-		t.Fatalf("unexpected error creating tmp dir: %v", err)
-	}
-	defer os.RemoveAll(tmpQlikSenseHome)
-
-	setupQliksenseTestDefaultContext(t, tmpQlikSenseHome, `
-apiVersion: qlik.com/v1
-kind: Qliksense
-metadata:
-  name: qlik-default
-spec:
-  gitOps:
-    image: some-gitops-image
-`)
-
-	q := &Qliksense{
-		QliksenseHome: tmpQlikSenseHome,
-		CrdBox:        packr.New("crds", "./crds"),
-	}
-
-	pf := api.NewPreflightConfig(q.QliksenseHome)
-	if err := pf.Initialize(); err != nil {
-		t.Fatalf("unexpected error initializing preflight: %v", err)
-	}
-
-	qConfig := api.NewQConfig(q.QliksenseHome)
-	qcr, err := qConfig.GetCurrentCR()
-	if err != nil {
-		t.Fatalf("unexpected error getting current CR: %v", err)
-	}
-
-	images := make([]string, 0)
-	if err := q.appendAdditionalImages(&images, qcr); err != nil {
-		t.Fatalf("unexpected error appending additional images: %v", err)
-	}
-
-	expectedNumberAdditionalImages := 5
-	if len(images) != expectedNumberAdditionalImages {
-		t.Fatalf("unexpected number of additional images: %v, expected: %v", len(images), expectedNumberAdditionalImages)
-	}
-
-	haveMatchingImage := func(test func(string) bool) bool {
-		for _, image := range images {
-			if test(image) {
-				return true
-			}
-		}
-		return false
-	}
-	if !haveMatchingImage(func(image string) bool {
-		return strings.Contains(image, "qlik-docker-oss.bintray.io/qliksense-operator:v")
-	}) {
-		t.Fatal("expected to find the operator image in the list, but it wasn't there")
-	}
-	if !haveMatchingImage(func(image string) bool {
-		return image == "some-gitops-image"
-	}) {
-		t.Fatal("expected to find the GitOps image in the list, but it wasn't there")
-	}
-	if !haveMatchingImage(func(image string) bool {
-		return image == "nginx"
-	}) {
-		t.Fatal("expected to find the nginx Preflight image in the list, but it wasn't there")
-	}
-	if !haveMatchingImage(func(image string) bool {
-		return image == "subfuzion/netcat"
-	}) {
-		t.Fatal("expected to find the netcat Preflight image in the list, but it wasn't there")
-	}
-	if !haveMatchingImage(func(image string) bool {
-		return image == "mongo"
-	}) {
-		t.Fatal("expected to find the mongo Preflight image in the list, but it wasn't there")
-	}
-}
-
 func setupQlikSenseHome(t *testing.T, tmpQlikSenseHome string, registry *testRegistryV2, clientAuth clientAuthType) error {
+	if err := ioutil.WriteFile(path.Join(tmpQlikSenseHome, "config.yaml"), []byte(`
+apiVersion: config.qlik.com/v1
+kind: QliksenseConfig
+metadata:
+  name: QliksenseConfigMetadata
+spec:
+  contexts:
+  - name: qlik-default
+    crFile: contexts/qlik-default/qlik-default.yaml
+  currentContext: qlik-default
+`), os.ModePerm); err != nil {
+		return err
+	}
+
+	defaultContextDir := path.Join(tmpQlikSenseHome, "contexts", "qlik-default")
+	if err := os.MkdirAll(defaultContextDir, os.ModePerm); err != nil {
+		return err
+	}
+
 	version := "foo"
-	manifestsRootDir := filepath.ToSlash(path.Join(tmpQlikSenseHome, "contexts", "qlik-default", "repo", version))
-	cr := fmt.Sprintf(`
+	manifestsRootDir := fmt.Sprintf("%s/repo/%s", defaultContextDir, version)
+	if err := ioutil.WriteFile(path.Join(defaultContextDir, "qlik-default.yaml"), []byte(fmt.Sprintf(`
 apiVersion: qlik.com/v1
 kind: Qliksense
 metadata:
@@ -270,8 +208,9 @@ spec:
   manifestsRoot: %s
   rotateKeys: "yes"
   releaseName: qlik-default
-`, version, registry.url, manifestsRootDir)
-	setupQliksenseTestDefaultContext(t, tmpQlikSenseHome, cr)
+`, version, registry.url, manifestsRootDir)), os.ModePerm); err != nil {
+		return err
+	}
 
 	if clientAuth == clientAuthProvided || clientAuth == clientAuthProvidedButIncorrect {
 		if registry.username == "" || clientAuth == clientAuthProvidedButIncorrect {

pkg/qliksense/fetch.go

@@ -1,28 +1,13 @@
 package qliksense
 
 import (
-	"bufio"
-	"errors"
 	"fmt"
-	"io/ioutil"
-	"os"
-	"path"
-	"strings"
 
-	"github.com/go-git/go-git/v5/plumbing/transport"
-	"github.com/go-git/go-git/v5/plumbing/transport/http"
+	"github.com/google/uuid"
 	kapis_git "github.com/qlik-oss/k-apis/pkg/git"
 	qapi "github.com/qlik-oss/sense-installer/pkg/api"
 )
 
-type FetchCommandOptions struct {
-	GitUrl      string
-	AccessToken string
-	Version     string
-	SecretName  string
-	Overwrite   bool
-}
-
 const (
 	QLIK_GIT_REPO = "https://github.com/qlik-oss/qliksense-k8s"
 )
@@ -32,130 +17,24 @@ func (q *Qliksense) FetchQK8s(version string) error {
 	return fetchAndUpdateCR(qConfig, version)
 }
 
-func (q *Qliksense) FetchK8sWithOpts(opts *FetchCommandOptions) error {
-	qConfig := qapi.NewQConfig(q.QliksenseHome)
-	cr, err := qConfig.GetCurrentCR()
-	if err != nil {
-		return err
-	}
-	if opts.AccessToken != "" {
-		encKey, err := qConfig.GetEncryptionKeyFor(cr.GetName())
-		if err != nil {
-			return err
-		}
-		if err := cr.SetFetchAccessToken(opts.AccessToken, encKey); err != nil {
-			return err
-		}
-	}
-	if opts.SecretName != "" {
-		cr.SetFetchAccessSecretName(opts.SecretName)
-	}
-	if opts.GitUrl != "" {
-		cr.SetFetchUrl(opts.GitUrl)
-	}
-	v := getVersion(opts, cr)
-	if v == "" {
-		return errors.New("Cannot find gitref/tag/branch/version to fetch")
-	}
-	if qConfig.IsRepoExistForCurrent(v) {
-		if opts.Overwrite || getVerionsOverwriteConfirmation(v) == "y" {
-			if err := qConfig.DeleteRepoForCurrent(v); err != nil {
-				return err
-			}
-		} else {
-			// nothing to do
-			return nil
-		}
-	}
-	qConfig.WriteCR(cr)
-	return fetchAndUpdateCR(qConfig, v)
-}
-
-// fetchAndUpdateCR fetch
 func fetchAndUpdateCR(qConfig *qapi.QliksenseConfig, version string) error {
 	qcr, err := qConfig.GetCurrentCR()
 	if err != nil {
 		fmt.Println("cannot get the current-context cr", err)
 		return err
 	}
-	if version == "" {
-		if qcr.GetLabelFromCr("version") == "" {
-			if encKey, err := qConfig.GetEncryptionKeyFor(qcr.GetName()); err != nil {
-				return err
-			} else if version, err = getLatestTag(qcr.GetFetchUrl(), qcr.GetFetchAccessToken(encKey)); err != nil {
-				return err
-			}
-		} else {
-			version = qcr.GetLabelFromCr("version")
-		}
-	}
-	encKey, err := qConfig.GetEncryptionKeyFor(qcr.GetName())
-	if err != nil {
-		return err
-	}
-	// downlaod to temp first
-	tempDest, err := fetchToTempDir(qcr.GetFetchUrl(), version, qcr.GetFetchAccessToken(encKey))
-	if err != nil {
-		return err
-	}
-
-	destDir := qConfig.BuildRepoPath(version)
-	fmt.Printf("fetching version [%s] from %s\n", version, qcr.GetFetchUrl())
-	if err := qapi.CopyDirectory(tempDest, destDir); err != nil {
+	if qConfig.IsRepoExistForCurrent(version) {
 		return nil
 	}
+	destDir := qConfig.BuildRepoPath(version)
+	fmt.Printf("fetching version [%s] from %s\n", version, QLIK_GIT_REPO)
+
+	if repo, err := kapis_git.CloneRepository(destDir, QLIK_GIT_REPO, nil); err != nil {
+		return err
+	} else if err = kapis_git.Checkout(repo, version, fmt.Sprintf("%v-by-operator-%v", version, uuid.New().String()), nil); err != nil {
+		return err
+	}
 	qcr.Spec.ManifestsRoot = qConfig.BuildCurrentManifestsRoot(version)
 	qcr.AddLabelToCr("version", version)
 	return qConfig.WriteCurrentContextCR(qcr)
 }
-
-func fetchToTempDir(gitUrl, gitRef, accessToken string) (string, error) {
-	tmpDir, err := ioutil.TempDir("", "")
-	if err != nil {
-		return "", err
-	}
-	downloadPath := path.Join(tmpDir, "repo")
-	var auth transport.AuthMethod
-	if accessToken != "" {
-		auth = &http.BasicAuth{
-			Username: "something",
-			Password: accessToken,
-		}
-	}
-	if repo, err := kapis_git.CloneRepository(downloadPath, gitUrl, auth); err != nil {
-		return "", err
-	} else if err := kapis_git.Checkout(repo, gitRef, "", auth); err != nil {
-		return "", err
-	} else {
-		return downloadPath, nil
-	}
-}
-
-func getVersion(opts *FetchCommandOptions, qcr *qapi.QliksenseCR) string {
-	if opts.Version == "" {
-		if qcr.GetLabelFromCr("version") != "" {
-			return qcr.GetLabelFromCr("version")
-		}
-	}
-	return opts.Version
-}
-
-func getVerionsOverwriteConfirmation(version string) string {
-	reader := bufio.NewReader(os.Stdin)
-	fmt.Println("The version  [" + version + "] already exist")
-	cfm := "n"
-	for {
-		fmt.Print("Do you want to delete and fetch again [y/N]: ")
-		cfm, _ = reader.ReadString('\n')
-		cfm = strings.Replace(cfm, "\n", "", -1)
-		cfm = strings.TrimSpace(cfm)
-		if cfm == "" {
-			cfm = "n"
-		}
-		cfm = strings.ToLower(cfm)
-		if cfm == "y" || cfm == "n" {
-			break
-		}
-	}
-	return cfm
-}

pkg/qliksense/fetch_test.go

@@ -32,19 +32,4 @@ func TestFetchAndUpdateCR(t *testing.T) {
 		t.Log("actual path: " + cr.Spec.ManifestsRoot + ", expected path: contexts/test1/qlik-k8s/v0.0.2")
 		t.FailNow()
 	}
-	//testing latest tag is fetched
-	cr.AddLabelToCr("version", "")
-	qConfig.WriteCR(cr)
-	err := fetchAndUpdateCR(qConfig, "")
-	if err != nil {
-		t.Log(err)
-		t.Fail()
-	}
-	cr = &qapi.QliksenseCR{}
-	qapi.ReadFromFile(cr, actualCrFile)
-	v := cr.GetLabelFromCr("version")
-	if v == "" || v == "v0.0.2" {
-		t.Log("should get latest but got version: " + v)
-		t.Fail()
-	}
 }

pkg/qliksense/get_installable_versions.go

@@ -4,7 +4,6 @@ import (
 	"errors"
 	"fmt"
 
-	"github.com/Masterminds/semver/v3"
 	"github.com/qlik-oss/k-apis/pkg/git"
 	qapi "github.com/qlik-oss/sense-installer/pkg/api"
 )
@@ -87,69 +86,3 @@ func (q *Qliksense) GetInstallableVersions(opts *LsRemoteCmdOptions) error {
 
 	return nil
 }
-
-func getLatestTag(repoUrl, accessToken string) (string, error) {
-	if repoUrl == "" {
-		return "", errors.New("repo url is empty")
-	}
-	repoPath, err := fetchToTempDir(repoUrl, "master", accessToken)
-	if err != nil {
-		return "", err
-	}
-
-	r, err := git.OpenRepository(repoPath)
-	if err != nil {
-		return "", err
-	}
-
-	remoteRefsList, err := git.GetRemoteRefs(r, nil,
-		&git.RemoteRefConstraints{
-			Include:   true,
-			Sort:      true,
-			SortOrder: git.RefSortOrderDescending,
-		},
-		&git.RemoteRefConstraints{
-			Include:   false,
-			Sort:      true,
-			SortOrder: git.RefSortOrderAscending,
-		})
-	if err != nil {
-		return "", err
-	}
-
-	if len(remoteRefsList) < 1 {
-		return "", errors.New("cannot find git remote information in the config repository")
-	}
-
-	var originRemoteRefs *git.RemoteRefs
-	for _, remoteRefs := range remoteRefsList {
-		if remoteRefs.Name == "origin" {
-			originRemoteRefs = remoteRefs
-			break
-		}
-	}
-	if originRemoteRefs == nil {
-		return "", errors.New(`cannot find git remote called "origin" in the config repository`)
-	}
-
-	tags := originRemoteRefs.Tags
-	if len(tags) == 0 {
-		return "", errors.New(("no tags exists in the repo: " + repoPath))
-	}
-	maxSem, _ := semver.NewVersion(tags[0])
-	for _, sv := range tags[1:] {
-		if sv == "" {
-			continue
-		}
-		v, err := semver.NewVersion(sv)
-		if err != nil {
-			// it may happen, in the repo some tags may not conform to semver
-			fmt.Print("Unconform tags: " + sv)
-			continue
-		}
-		if maxSem == nil || maxSem.LessThan(v) {
-			maxSem = v
-		}
-	}
-	return maxSem.Original(), nil
-}

pkg/qliksense/get_installable_versions_test.go

@@ -1,25 +0,0 @@
-package qliksense
-
-import (
-	"testing"
-
-	"github.com/Masterminds/semver/v3"
-)
-
-func TestGetLatestTag(t *testing.T) {
-	s, err := getLatestTag(defaultConfigRepoGitUrl, "")
-	if s == "" || err != nil {
-		t.Log(err)
-		t.Fail()
-	}
-	sv, err := semver.NewVersion(s)
-	if err != nil {
-		t.Log(err)
-		t.Log(sv)
-	}
-	baseV, _ := semver.NewVersion("v0.0.7")
-	if !sv.GreaterThan(baseV) {
-		t.Log("Expected greater than v0.0.7, but got:  " + s)
-		t.Fail()
-	}
-}

pkg/qliksense/install.go

@@ -3,9 +3,6 @@ package qliksense
 import (
 	"errors"
 	"fmt"
-	"io/ioutil"
-	"os"
-	"path"
 	"path/filepath"
 
 	"github.com/qlik-oss/k-apis/pkg/config"
@@ -30,9 +27,11 @@ func (q *Qliksense) InstallQK8s(version string, opts *InstallCommandOptions, kee
 	// fetch the version
 	qConfig := qapi.NewQConfig(q.QliksenseHome)
 	if !keepPatchFiles {
-		if err := q.DiscardAllUnstagedChangesFromGitRepo(qConfig); err != nil {
-			fmt.Printf("error removing temporary changes to the config: %v\n", err)
-		}
+		defer func() {
+			if err := q.DiscardAllUnstagedChangesFromGitRepo(qConfig); err != nil {
+				fmt.Printf("error removing temporary changes to the config: %v\n", err)
+			}
+		}()
 	}
 
 	qcr, err := qConfig.GetCurrentCR()
@@ -67,11 +66,16 @@ func (q *Qliksense) InstallQK8s(version string, opts *InstallCommandOptions, kee
 	//CRD will be installed outside of operator
 	//install operator controller into the namespace
 	fmt.Println("Installing operator controller")
-	if operatorControllerString, err := q.getProcessedOperatorControllerString(qcr); err != nil {
-		fmt.Println("error extracting/transforming operator controller", err)
-		return err
-	} else if err := qapi.KubectlApply(operatorControllerString, ""); err != nil {
-		fmt.Println("cannot do kubectl apply on operator controller", err)
+	operatorControllerString := q.GetOperatorControllerString()
+	if imageRegistry := qcr.GetImageRegistry(); imageRegistry != "" {
+		operatorControllerString, err = kustomizeForImageRegistry(operatorControllerString, pullSecretName,
+			"qlik/qliksense-operator", fmt.Sprintf("%v/qliksense-operator", imageRegistry))
+		if err != nil {
+			return err
+		}
+	}
+	if err := qapi.KubectlApply(operatorControllerString, ""); err != nil {
+		fmt.Println("cannot do kubectl apply on opeartor controller", err)
 		return err
 	}
 
@@ -90,10 +94,11 @@ func (q *Qliksense) InstallQK8s(version string, opts *InstallCommandOptions, kee
 			return q.applyCR(dcr)
 		}
 	}
-	if !qcr.IsRepoExist() {
-		if err := fetchAndUpdateCR(qConfig, version); err != nil {
-			return err
-		}
+	if version == "" {
+		version = qcr.GetLabelFromCr("version")
+	}
+	if err := fetchAndUpdateCR(qConfig, version); err != nil {
+		return err
 	}
 
 	qcr, err = qConfig.GetCurrentCR()
@@ -117,19 +122,9 @@ func (q *Qliksense) InstallQK8s(version string, opts *InstallCommandOptions, kee
 	}
 }
 
-func (q *Qliksense) getProcessedOperatorControllerString(qcr *qapi.QliksenseCR) (string, error) {
-	operatorControllerString := q.GetOperatorControllerString()
-	if imageRegistry := qcr.Spec.GetImageRegistry(); imageRegistry != "" {
-		return kustomizeForImageRegistry(operatorControllerString, pullSecretName,
-			path.Join(qliksenseOperatorImageRepo, qliksenseOperatorImageName),
-			path.Join(imageRegistry, qliksenseOperatorImageName))
-	}
-	return operatorControllerString, nil
-}
-
 func installOrRemoveImagePullSecret(qConfig *qapi.QliksenseConfig) error {
 	if pullDockerConfigJsonSecret, err := qConfig.GetPullDockerConfigJsonSecret(); err == nil {
-		if dockerConfigJsonSecretYaml, err := pullDockerConfigJsonSecret.ToYaml(""); err != nil {
+		if dockerConfigJsonSecretYaml, err := pullDockerConfigJsonSecret.ToYaml(nil); err != nil {
 			return err
 		} else if err := qapi.KubectlApply(string(dockerConfigJsonSecretYaml), ""); err != nil {
 			return err
@@ -138,7 +133,7 @@ func installOrRemoveImagePullSecret(qConfig *qapi.QliksenseConfig) error {
 		deleteDockerConfigJsonSecret := qapi.DockerConfigJsonSecret{
 			Name: pullSecretName,
 		}
-		if deleteDockerConfigJsonSecretYaml, err := deleteDockerConfigJsonSecret.ToYaml(""); err != nil {
+		if deleteDockerConfigJsonSecretYaml, err := deleteDockerConfigJsonSecret.ToYaml(nil); err != nil {
 			return err
 		} else if err := qapi.KubectlDelete(string(deleteDockerConfigJsonSecretYaml), ""); err != nil {
 			qapi.LogDebugMessage("failed deleting %v, error: %v\n", pullSecretName, err)
@@ -148,15 +143,10 @@ func installOrRemoveImagePullSecret(qConfig *qapi.QliksenseConfig) error {
 }
 
 func kustomizeForImageRegistry(resources, dockerConfigJsonSecretName, name, newName string) (string, error) {
-	dir, err := ioutil.TempDir("", "")
-	if err != nil {
+	fSys := filesys.MakeFsInMemory()
+	if err := fSys.WriteFile("/resources.yaml", []byte(resources)); err != nil {
 		return "", err
-	}
-	defer os.RemoveAll(dir)
-
-	if err := ioutil.WriteFile(filepath.Join(dir, "resources.yaml"), []byte(resources), os.ModePerm); err != nil {
-		return "", err
-	} else if err := ioutil.WriteFile(filepath.Join(dir, "addImagePullSecrets.yaml"), []byte(fmt.Sprintf(`
+	} else if err := fSys.WriteFile("/addImagePullSecrets.yaml", []byte(fmt.Sprintf(`
 apiVersion: builtin
 kind: PatchTransformer
 metadata:
@@ -165,9 +155,9 @@ patch: '[{"op": "add", "path": "/spec/template/spec/imagePullSecrets", "value":
 target:
   name: .*-operator
   kind: Deployment
-`, dockerConfigJsonSecretName)), os.ModePerm); err != nil {
+`, dockerConfigJsonSecretName))); err != nil {
 		return "", err
-	} else if err := ioutil.WriteFile(filepath.Join(dir, "kustomization.yaml"), []byte(fmt.Sprintf(`
+	} else if err := fSys.WriteFile("/kustomization.yaml", []byte(fmt.Sprintf(`
 resources:
 - resources.yaml
 transformers:
@@ -175,9 +165,9 @@ transformers:
 images:
 - name: %s
   newName: %s
-`, name, newName)), os.ModePerm); err != nil {
+`, name, newName))); err != nil {
 		return "", err
-	} else if out, err := executeKustomizeBuildForFileSystem(dir, filesys.MakeFsOnDisk()); err != nil {
+	} else if out, err := executeKustomizeBuildForFileSystem("/", fSys); err != nil {
 		return "", err
 	} else {
 		return string(out), nil

pkg/qliksense/install_test.go

@@ -1,20 +1,11 @@
 package qliksense
 
 import (
-	"fmt"
 	"io/ioutil"
 	"os"
-	"path"
 	"path/filepath"
-	"strings"
 	"testing"
 
-	"sigs.k8s.io/kustomize/api/k8sdeps/kunstruct"
-	"sigs.k8s.io/kustomize/api/resid"
-	"sigs.k8s.io/kustomize/api/resmap"
-	"sigs.k8s.io/kustomize/api/resource"
-
-	"github.com/gobuffalo/packr/v2"
 	qapi "github.com/qlik-oss/sense-installer/pkg/api"
 )
 
@@ -72,105 +63,3 @@ spec:
 	}
 	td()
 }
-
-func setupQliksenseTestDefaultContext(t *testing.T, tmpQlikSenseHome, CR string) {
-	if err := ioutil.WriteFile(path.Join(tmpQlikSenseHome, "config.yaml"), []byte(`
-apiVersion: config.qlik.com/v1
-kind: QliksenseConfig
-metadata:
-  name: QliksenseConfigMetadata
-spec:
-  contexts:
-  - name: qlik-default
-    crFile: contexts/qlik-default/qlik-default.yaml
-  currentContext: qlik-default
-`), os.ModePerm); err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-
-	defaultContextDir := path.Join(tmpQlikSenseHome, "contexts", "qlik-default")
-	if err := os.MkdirAll(defaultContextDir, os.ModePerm); err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-
-	if err := ioutil.WriteFile(path.Join(defaultContextDir, "qlik-default.yaml"), []byte(CR), os.ModePerm); err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-}
-
-func Test_getProcessedOperatorControllerString(t *testing.T) {
-	tmpQlikSenseHome, err := ioutil.TempDir("", "tmp-qlik-sense-home-")
-	if err != nil {
-		t.Fatalf("unexpected error creating tmp dir: %v", err)
-	}
-	defer os.RemoveAll(tmpQlikSenseHome)
-
-	registry := "registryFoo"
-	setupQliksenseTestDefaultContext(t, tmpQlikSenseHome, fmt.Sprintf(`
-apiVersion: qlik.com/v1
-kind: Qliksense
-metadata:
-  name: qlik-default
-spec:
-  configs:
-    qliksense:
-    - name: imageRegistry
-      value: %v
-`, registry))
-
-	q := &Qliksense{
-		QliksenseHome: tmpQlikSenseHome,
-		CrdBox:        packr.New("crds", "./crds"),
-	}
-
-	qConfig := qapi.NewQConfig(q.QliksenseHome)
-	qcr, err := qConfig.GetCurrentCR()
-	if err != nil {
-		t.Fatalf("unexpected error getting current CR: %v", err)
-	}
-
-	originalOperatorString := q.GetOperatorControllerString()
-	processedOperatorString, err := q.getProcessedOperatorControllerString(qcr)
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-
-	controllerImageChecks := map[string]func(t *testing.T, controllerImage string){
-		originalOperatorString: func(t *testing.T, controllerImage string) {
-			expectedControllerImagePrefix := fmt.Sprintf("%v/%v:", qliksenseOperatorImageRepo, qliksenseOperatorImageName)
-			if !strings.HasPrefix(controllerImage, expectedControllerImagePrefix) {
-				t.Fatalf("expected controller image: %v to have prefix: %v", controllerImage, expectedControllerImagePrefix)
-			}
-		},
-		processedOperatorString: func(t *testing.T, controllerImage string) {
-			expectedControllerImagePrefix := fmt.Sprintf("%v/%v:", registry, qliksenseOperatorImageName)
-			if !strings.HasPrefix(controllerImage, expectedControllerImagePrefix) {
-				t.Fatalf("expected controller image: %v to have prefix: %v", controllerImage, expectedControllerImagePrefix)
-			}
-		},
-	}
-
-	resourceFactory := resmap.NewFactory(resource.NewFactory(kunstruct.NewKunstructuredFactoryImpl()), nil)
-	for operatorString, controllerImageCheck := range controllerImageChecks {
-		resMap, err := resourceFactory.NewResMapFromBytes([]byte(operatorString))
-		if err != nil {
-			t.Fatalf("unexpected error: %v", err)
-		}
-
-		res, err := resMap.GetById(resid.NewResId(resid.Gvk{
-			Group:   "apps",
-			Version: "v1",
-			Kind:    "Deployment",
-		}, "qliksense-operator"))
-		if err != nil {
-			t.Fatalf("unexpected error: %v", err)
-		}
-
-		controllerImage, err := res.GetString("spec.template.spec.containers[0].image")
-		if err != nil {
-			t.Fatalf("unexpected error: %v", err)
-		}
-
-		controllerImageCheck(t, controllerImage)
-	}
-}

pkg/qliksense/kuz_test.go

@@ -68,7 +68,7 @@ func Test_executeKustomizeBuild_onQlikConfig_regenerateKeys(t *testing.T) {
 	configPath := path.Join(tmpDir, "config")
 	if repo, err := kapis_git.CloneRepository(configPath, defaultConfigRepoGitUrl, nil); err != nil {
 		t.Fatalf("unexpected error: %v\n", err)
-	} else if err := kapis_git.Checkout(repo, "e38df644e759abf0b5941c1511d1a2cd5e3c42fa", "", nil); err != nil {
+	} else if err := kapis_git.Checkout(repo, "v1.21.23-edge", "", nil); err != nil {
 		t.Fatalf("unexpected error: %v\n", err)
 	}
 

pkg/qliksense/load_cr.go

@@ -51,7 +51,7 @@ func (q *Qliksense) loadCrStringIntoFileSystem(crstr string, overwriteExistingCo
 	}
 
 	// encrypt the secrets and do base64 then update the CR
-	encryptionKey, err := qConfig.GetEncryptionKeyFor(cr.GetName())
+	rsaPublicKey, _, err := qConfig.GetContextEncryptionKeyPair(cr.GetName())
 	if err != nil {
 		return "", err
 	}
@@ -63,17 +63,13 @@ func (q *Qliksense) loadCrStringIntoFileSystem(crstr string, overwriteExistingCo
 					Value:   nv.Value,
 					SvcName: svc,
 				}
-				if err := q.processSecret(skv, encryptionKey, cr, false); err != nil {
+				if err := q.processSecret(skv, rsaPublicKey, cr, false); err != nil {
 					return cr.GetName(), err
 				}
 			}
 		}
 	}
-	if cr.Spec.FetchSource != nil && cr.Spec.FetchSource.AccessToken != "" {
-		if err := cr.SetFetchAccessToken(cr.Spec.FetchSource.AccessToken, encryptionKey); err != nil {
-			return "", err
-		}
-	}
+
 	// update manifestsRoot in case already exist
 	if existingCr, err := qConfig.GetCR(cr.GetName()); err == nil {
 		// cr exists, so update the manifestsRoot if version exist

pkg/qliksense/uninstall.go

@@ -6,24 +6,16 @@ import (
 	qapi "github.com/qlik-oss/sense-installer/pkg/api"
 )
 
-func (q *Qliksense) UninstallQK8s(contextName string, skipConfirmation bool) error {
-	ans := skipConfirmation
-
-	if ans == false {
-		ans = AskForConfirmation("Are You Sure? ")
+func (q *Qliksense) UninstallQK8s(contextName string) error {
+	qConfig := qapi.NewQConfig(q.QliksenseHome)
+	if contextName == "" {
+		contextName = qConfig.Spec.CurrentContext
+	} else if !qConfig.IsContextExist(contextName) {
+		return errors.New("context name [ " + contextName + " ] not found")
 	}
-	if ans == true {
-		qConfig := qapi.NewQConfig(q.QliksenseHome)
-		if contextName == "" {
-			contextName = qConfig.Spec.CurrentContext
-		} else if !qConfig.IsContextExist(contextName) {
-			return errors.New("context name [ " + contextName + " ] not found")
-		}
-		str, err := q.getCRString(contextName)
-		if err != nil {
-			return err
-		}
-		return qapi.KubectlDelete(str, "")
+	str, err := q.getCRString(contextName)
+	if err != nil {
+		return err
 	}
-	return nil
+	return qapi.KubectlDelete(str, "")
 }