update k-api

Signed-off-by: Foysal Iqbal <mqb@qlik.com>

.github/workflows/build.yml

@@ -24,4 +24,4 @@ jobs:
       shell: bash
 
     - run: make test
-    - run: make build
+    - run: make xbuild-all

Makefile

@@ -43,8 +43,8 @@ build: clean generate
 	go build -ldflags '$(LDFLAGS)' -tags "$(BUILDTAGS)" -o $(BINDIR)/$(MIXIN)$(FILE_EXT) ./cmd/$(MIXIN)
 	$(MAKE) clean
 
-.PHONY: test
-test: clean generate
+.PHONY: test-setup
+test-setup: clean generate
 ifeq ($(shell ${WHICH} docker-registry 2>${DEVNUL}),)
 	$(eval TMP-docker-distribution := $(shell mktemp -d))
 	git clone https://github.com/docker/distribution.git $(TMP-docker-distribution)/docker-distribution
@@ -52,9 +52,17 @@ ifeq ($(shell ${WHICH} docker-registry 2>${DEVNUL}),)
 	cp $(TMP-docker-distribution)/docker-distribution/bin/registry pkg/qliksense/docker-registry
 	-rm -rf $(TMP-docker-distribution)
 endif
+
+.PHONY: test-short
+test-short: test-setup
 	go test -short -count=1 -tags "$(BUILDTAGS)" -v ./...
 	$(MAKE) clean
 
+.PHONY: test
+test: test-setup
+	go test -count=1 -tags "$(BUILDTAGS)" -v ./...
+	$(MAKE) clean
+
 xbuild-all: clean generate
 	$(foreach OS, $(SUPPORTED_PLATFORMS), \
 		$(foreach ARCH, $(SUPPORTED_ARCHES), \

cmd/qliksense/config.go

@@ -42,3 +42,20 @@ func configViewCmd(q *qliksense.Qliksense) *cobra.Command {
 	}
 	return c
 }
+
+func configEditCmd(q *qliksense.Qliksense) *cobra.Command {
+	c := &cobra.Command{
+		Use:   "edit [context-name]",
+		Short: "Edit the context cr",
+		Long: `edit the context cr. if no context name provided default context will be edited
+		It will open the vim editor unless KUBE_EDITOR is defined`,
+		Example: `qliksense config edit [context-name]`,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			if len(args) == 1 {
+				return q.EditCR(args[0])
+			}
+			return q.EditCR("")
+		},
+	}
+	return c
+}

cmd/qliksense/context.go

@@ -3,6 +3,7 @@ package main
 import (
 	"errors"
 	"fmt"
+	"os"
 
 	qapi "github.com/qlik-oss/sense-installer/pkg/api"
 
@@ -68,18 +69,30 @@ func setConfigsCmd(q *qliksense.Qliksense) *cobra.Command {
 	var (
 		cmd *cobra.Command
 	)
-
+	base64Encoded := false
 	cmd = &cobra.Command{
 		Use:   "set-configs",
 		Short: "set configurations into the qliksense context as key-value pairs",
 		Example: `
 qliksense config set-configs <service_name>.<attribute>="<value>"
-    - The above configuration will be displayed in the CR
+		- The above configuration will be displayed in the CR
+qliksense config set-configs <service_name>.<attribute>="<value" --base64
+		- if the value is base64 encoded
+echo "something" | base64 | qliksense config set-configs <service_name>.<attribute> --base64
+	- value is coming from input pipe as base64 encoded
+echo "something" | qliksense config set-configs <service_name>.<attribute>
+	- value is coming from input pipe
+
 `,
 		RunE: func(cmd *cobra.Command, args []string) error {
-			return q.SetConfigs(args)
+			if isInputFromPipe() && len(args) == 1 {
+				return q.SetConfigFromReader(args[0], os.Stdin, base64Encoded)
+			}
+			return q.SetConfigs(args, base64Encoded)
 		},
 	}
+	f := cmd.Flags()
+	f.BoolVarP(&base64Encoded, "base64", "", false, "if the arguments value is base64 encoded")
 	return cmd
 }
 
@@ -88,7 +101,7 @@ func setSecretsCmd(q *qliksense.Qliksense) *cobra.Command {
 		cmd    *cobra.Command
 		secret bool
 	)
-
+	base64Encoded := false
 	cmd = &cobra.Command{
 		Use:   "set-secrets",
 		Short: "set secrets configurations into the qliksense context as key-value pairs",
@@ -101,13 +114,24 @@ qliksense config set-secrets <service_name>.<attribute>="<value>" --secret=true
 qliksense config set-secrets <service_name>.<attribute>="<value>" --secret=false
 		- Encrypt the secret value and display it in the current context
 		- No secret resource is created
-        - The above configuration will be displayed in the CR `,
+		  - The above configuration will be displayed in the CR 
+qliksense config set-secrets <service_name>.<attribute>="<value>" --base64
+		- the <value> is base64 encoded
+echo "something" | base64 | qliksense config set-secrets <service_name>.<attribute> --base64
+		- value coming from input pipe as base64 encoded
+echo "something" | qliksense config set-secrets <service_name>.<attribute>
+		- value coming from input pipe`,
 		RunE: func(cmd *cobra.Command, args []string) error {
-			return q.SetSecrets(args, secret)
+			if isInputFromPipe() && len(args) == 1 {
+				return q.SetSecretsFromReader(args[0], os.Stdin, secret, base64Encoded)
+			}
+			return q.SetSecrets(args, secret, base64Encoded)
 		},
 	}
 	f := cmd.Flags()
 	f.BoolVar(&secret, "secret", false, "Whether secrets should be encrypted as a Kubernetes Secret resource")
+	f.BoolVarP(&base64Encoded, "base64", "", false, "if the arguments value is base64 encoded")
+
 	return cmd
 }
 

cmd/qliksense/fetch.go

@@ -1,26 +1,30 @@
 package main
 
 import (
-	"errors"
 	"github.com/qlik-oss/sense-installer/pkg/qliksense"
 	"github.com/spf13/cobra"
 )
 
 func fetchCmd(q *qliksense.Qliksense) *cobra.Command {
+	opts := &qliksense.FetchCommandOptions{}
 	c := &cobra.Command{
 		Use:     "fetch",
-		Short:   "fetch a release from qliksense-k8s repo",
-		Long:    `fetch a release from qliksense-k8s repo`,
-		Example: `qliksense fetch <version>`,
-		Args: func(cmd *cobra.Command, args []string) error {
-			if len(args) != 1 {
-				return errors.New("requires a version (i.e. v1.0.0)")
-			}
-			return nil
-		},
+		Short:   "fetch a release from qliksense-k8s repo, if version not supplied, will use from context",
+		Long:    `fetch a release from qliksense-k8s repo, if version not supplied, will use from context`,
+		Example: `qliksense fetch [version]`,
 		RunE: func(cmd *cobra.Command, args []string) error {
-			return q.FetchQK8s(args[0])
+			if len(args) == 1 {
+				opts.Version = args[0]
+			}
+			return q.FetchK8sWithOpts(opts)
 		},
 	}
+
+	f := c.Flags()
+	f.StringVarP(&opts.GitUrl, "url", "", "", "git url from where configuration will be pulled")
+	f.StringVarP(&opts.AccessToken, "accessToken", "", "", "access token for git url")
+	f.StringVarP(&opts.SecretName, "secretName", "", "", "kubernetes secret name where a key name accessToken exist")
+	f.BoolVarP(&opts.Overwrite, "overwrite", "", false, "Ovewrite previously fetched veersion as well as local chagnes")
+
 	return c
 }

cmd/qliksense/preflight.go

@@ -37,6 +37,9 @@ func pfDnsCheckCmd(q *qliksense.Qliksense) *cobra.Command {
 				fmt.Printf("Preflight DNS check FAILED\n")
 				log.Fatal(err)
 			}
+			if namespace == "" {
+				namespace = "default"
+			}
 			if err = qp.CheckDns(namespace, kubeConfigContents); err != nil {
 				fmt.Println(err)
 				fmt.Print("Preflight DNS check FAILED\n")
@@ -50,10 +53,10 @@ func pfDnsCheckCmd(q *qliksense.Qliksense) *cobra.Command {
 
 func pfK8sVersionCheckCmd(q *qliksense.Qliksense) *cobra.Command {
 	var preflightCheckK8sVersionCmd = &cobra.Command{
-		Use:     "k8s-version",
-		Short:   "check k8s version",
-		Long:    `check minimum valid k8s version on the cluster`,
-		Example: `qliksense preflight k8s-version`,
+		Use:     "kube-version",
+		Short:   "check kubernetes version",
+		Long:    `check minimum valid kubernetes version on the cluster`,
+		Example: `qliksense preflight kube-version`,
 		RunE: func(cmd *cobra.Command, args []string) error {
 			qp := &preflight.QliksensePreflight{Q: q}
 
@@ -77,6 +80,7 @@ func pfK8sVersionCheckCmd(q *qliksense.Qliksense) *cobra.Command {
 }
 
 func pfAllChecksCmd(q *qliksense.Qliksense) *cobra.Command {
+	var mongodbUrl string
 	var preflightAllChecksCmd = &cobra.Command{
 		Use:     "all",
 		Short:   "perform all checks",
@@ -93,11 +97,16 @@ func pfAllChecksCmd(q *qliksense.Qliksense) *cobra.Command {
 				fmt.Printf("Running preflight check suite has FAILED...\n")
 				log.Fatal()
 			}
-			qp.RunAllPreflightChecks(namespace, kubeConfigContents)
+			if namespace == "" {
+				namespace = "default"
+			}
+			qp.RunAllPreflightChecks(namespace, kubeConfigContents, mongodbUrl)
 			return nil
 
 		},
 	}
+	f := preflightAllChecksCmd.Flags()
+	f.StringVarP(&mongodbUrl, "mongodb-url", "", "", "mongodbUrl to try connecting to")
 	return preflightAllChecksCmd
 }
 
@@ -118,6 +127,9 @@ func pfDeploymentCheckCmd(q *qliksense.Qliksense) *cobra.Command {
 				fmt.Printf("Preflight deployment check FAILED\n")
 				log.Fatal(err)
 			}
+			if namespace == "" {
+				namespace = "default"
+			}
 			if err = qp.CheckDeployment(namespace, kubeConfigContents); err != nil {
 				fmt.Println(err)
 				fmt.Print("Preflight deploy check FAILED\n")
@@ -146,6 +158,9 @@ func pfServiceCheckCmd(q *qliksense.Qliksense) *cobra.Command {
 				fmt.Printf("Preflight service check FAILED\n")
 				log.Fatal(err)
 			}
+			if namespace == "" {
+				namespace = "default"
+			}
 			if err = qp.CheckService(namespace, kubeConfigContents); err != nil {
 				fmt.Println(err)
 				fmt.Print("Preflight service check FAILED\n")
@@ -174,6 +189,9 @@ func pfPodCheckCmd(q *qliksense.Qliksense) *cobra.Command {
 				fmt.Printf("Preflight pod check FAILED\n")
 				log.Fatal(err)
 			}
+			if namespace == "" {
+				namespace = "default"
+			}
 			if err = qp.CheckPod(namespace, kubeConfigContents); err != nil {
 				fmt.Println(err)
 				fmt.Print("Preflight pod check FAILED\n")
@@ -186,35 +204,147 @@ func pfPodCheckCmd(q *qliksense.Qliksense) *cobra.Command {
 }
 
 func pfCreateRoleCheckCmd(q *qliksense.Qliksense) *cobra.Command {
-	var preflightDnsCmd = &cobra.Command{
-		Use:     "create-role",
+	var preflightRoleCmd = &cobra.Command{
+		Use:     "role",
 		Short:   "preflight create role check",
 		Long:    `perform preflight role check to ensure we are able to create a role in the cluster`,
-		Example: `qliksense preflight create-role`,
+		Example: `qliksense preflight createRole`,
 		RunE: func(cmd *cobra.Command, args []string) error {
 			qp := &preflight.QliksensePreflight{Q: q}
 
-			// Preflight create-role check
-			fmt.Printf("Preflight create-role check\n")
+			// Preflight role check
+			fmt.Printf("Preflight role check\n")
 			fmt.Println("---------------------------")
-			namespace, kubeConfigContents, err := preflight.InitPreflight()
+			namespace, _, err := preflight.InitPreflight()
 			if err != nil {
-				fmt.Printf("Preflight create-role check FAILED\n")
+				fmt.Printf("Preflight role check FAILED\n")
 				log.Fatal(err)
 			}
-			if err = qp.CreateRoleCheck(namespace, kubeConfigContents); err != nil {
+			if err = qp.CheckCreateRole(namespace); err != nil {
 				fmt.Println(err)
-				fmt.Print("Preflight role-check FAILED\n")
+				fmt.Print("Preflight role FAILED\n")
 				log.Fatal()
 			}
 			return nil
 		},
 	}
-	return preflightDnsCmd
+	return preflightRoleCmd
 }
 
-// preflightCmd.AddCommand(pfMongoCheckCmd(p))
-// preflightCmd.AddCommand(pfServiceCheckCmd(p))
-// preflightCmd.AddCommand(pfCreateRoleBindingCheckCmd(p))
-// preflightCmd.AddCommand(pfCreateServiceAccountCheckCmd(p))
-// preflightCmd.AddCommand(pfCreateRBCheckCmd(p))
+func pfCreateRoleBindingCheckCmd(q *qliksense.Qliksense) *cobra.Command {
+	var preflightRoleBindingCmd = &cobra.Command{
+		Use:     "rolebinding",
+		Short:   "preflight create rolebinding check",
+		Long:    `perform preflight rolebinding check to ensure we are able to create a rolebinding in the cluster`,
+		Example: `qliksense preflight rolebinding`,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			qp := &preflight.QliksensePreflight{Q: q}
+
+			// Preflight createRoleBinding check
+			fmt.Printf("Preflight rolebinding check\n")
+			fmt.Println("---------------------------")
+			namespace, _, err := preflight.InitPreflight()
+			if err != nil {
+				fmt.Printf("Preflight rolebinding check FAILED\n")
+				log.Fatal(err)
+			}
+			if err = qp.CheckCreateRoleBinding(namespace); err != nil {
+				fmt.Println(err)
+				fmt.Print("Preflight rolebinding check FAILED\n")
+				log.Fatal()
+			}
+			return nil
+		},
+	}
+	return preflightRoleBindingCmd
+}
+
+func pfCreateServiceAccountCheckCmd(q *qliksense.Qliksense) *cobra.Command {
+	var preflightServiceAccountCmd = &cobra.Command{
+		Use:     "serviceaccount",
+		Short:   "preflight create ServiceAccount check",
+		Long:    `perform preflight serviceaccount check to ensure we are able to create a service account in the cluster`,
+		Example: `qliksense preflight serviceaccount`,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			qp := &preflight.QliksensePreflight{Q: q}
+
+			// Preflight createServiceAccount check
+			fmt.Printf("Preflight ServiceAccount check\n")
+			fmt.Println("-------------------------------------")
+			namespace, _, err := preflight.InitPreflight()
+			if err != nil {
+				fmt.Printf("Preflight serviceaccount check FAILED\n")
+				log.Fatal(err)
+			}
+			if err = qp.CheckCreateServiceAccount(namespace); err != nil {
+				fmt.Println(err)
+				fmt.Print("Preflight serviceaccount check FAILED\n")
+				log.Fatal()
+			}
+			return nil
+		},
+	}
+	return preflightServiceAccountCmd
+}
+
+func pfCreateAuthCheckCmd(q *qliksense.Qliksense) *cobra.Command {
+	var preflightCreateAuthCmd = &cobra.Command{
+		Use:     "authcheck",
+		Short:   "preflight authcheck",
+		Long:    `perform preflight authcheck that combines the role, rolebinding and serviceaccount checks`,
+		Example: `qliksense preflight authcheck`,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			qp := &preflight.QliksensePreflight{Q: q}
+
+			// Preflight authcheck
+			fmt.Printf("Preflight authcheck\n")
+			fmt.Println("------------------------")
+			namespace, kubeConfigContents, err := preflight.InitPreflight()
+			if err != nil {
+				fmt.Printf("Preflight authcheck FAILED\n")
+				log.Fatal(err)
+			}
+			if err = qp.CheckCreateRB(namespace, kubeConfigContents); err != nil {
+				fmt.Println(err)
+				fmt.Print("Preflight authcheck FAILED\n")
+				log.Fatal()
+			}
+			return nil
+		},
+	}
+	return preflightCreateAuthCmd
+}
+
+func pfMongoCheckCmd(q *qliksense.Qliksense) *cobra.Command {
+	var mongodbUrl string
+	var preflightMongoCmd = &cobra.Command{
+		Use:     "mongo",
+		Short:   "preflight mongo OR preflight mongo --url=<url>",
+		Long:    `perform preflight mongo check to ensure we are able to connect to a mongodb instance in the cluster`,
+		Example: `qliksense preflight mongo OR preflight mongo --url=<url>`,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			qp := &preflight.QliksensePreflight{Q: q}
+
+			// Preflight mongo check
+			fmt.Printf("Preflight mongo check\n")
+			fmt.Println("-------------------------------------")
+			namespace, kubeConfigContents, err := preflight.InitPreflight()
+			if err != nil {
+				fmt.Printf("Preflight mongo check FAILED\n")
+				log.Fatal(err)
+			}
+			if namespace == "" {
+				namespace = "default"
+			}
+			if err = qp.CheckMongo(kubeConfigContents, namespace, mongodbUrl); err != nil {
+				fmt.Println(err)
+				fmt.Print("Preflight mongo check FAILED\n")
+				log.Fatal()
+			}
+			return nil
+		},
+	}
+	f := preflightMongoCmd.Flags()
+	f.StringVarP(&mongodbUrl, "url", "", "", "mongodbUrl to try connecting to")
+	return preflightMongoCmd
+}

cmd/qliksense/root.go

@@ -100,6 +100,10 @@ func getRootCmd(p *qliksense.Qliksense) *cobra.Command {
 				if err := p.SetUpQliksenseDefaultContext(); err != nil {
 					panic(err)
 				}
+				pf := api.NewPreflightConfig(p.QliksenseHome)
+				if err := pf.Initialize(); err != nil {
+					panic(err)
+				}
 				globalEulaPostRun(cmd, p)
 			}
 		},
@@ -185,6 +189,8 @@ func rootCmd(p *qliksense.Qliksense) *cobra.Command {
 	// add clean-config-repo-patches command as a sub-command to the app config sub-command
 	configCmd.AddCommand(cleanConfigRepoPatchesCmd(p))
 
+	// open editor for config
+	configCmd.AddCommand(configEditCmd(p))
 	// add uninstall command
 	cmd.AddCommand(uninstallCmd(p))
 
@@ -198,14 +204,14 @@ func rootCmd(p *qliksense.Qliksense) *cobra.Command {
 	preflightCmd.AddCommand(pfDnsCheckCmd(p))
 	preflightCmd.AddCommand(pfK8sVersionCheckCmd(p))
 	preflightCmd.AddCommand(pfAllChecksCmd(p))
-	// preflightCmd.AddCommand(pfMongoCheckCmd(p))
+	preflightCmd.AddCommand(pfMongoCheckCmd(p))
 	preflightCmd.AddCommand(pfDeploymentCheckCmd(p))
 	preflightCmd.AddCommand(pfServiceCheckCmd(p))
 	preflightCmd.AddCommand(pfPodCheckCmd(p))
 	preflightCmd.AddCommand(pfCreateRoleCheckCmd(p))
-	// preflightCmd.AddCommand(pfCreateRoleBindingCheckCmd(p))
-	// preflightCmd.AddCommand(pfCreateServiceAccountCheckCmd(p))
-	// preflightCmd.AddCommand(pfCreateRBCheckCmd(p))
+	preflightCmd.AddCommand(pfCreateRoleBindingCheckCmd(p))
+	preflightCmd.AddCommand(pfCreateServiceAccountCheckCmd(p))
+	preflightCmd.AddCommand(pfCreateAuthCheckCmd(p))
 
 	cmd.AddCommand(preflightCmd)
 	cmd.AddCommand(loadCrFile(p))

docs/preflight_checks.md

@@ -109,9 +109,116 @@ Deleted pod: pod-pf-check
 Completed preflight pod check
 ```
 
+### Create-Role check
+We use the command below to test if we are able to create a role in the cluster
+```shell
+$ qliksense preflight create-role
+Preflight create-role check
+---------------------------
+Preflight create-role check: 
+Created role: role-preflight-check
+Preflight create-role check: PASSED
+Cleaning up resources...
+Deleted role: role-preflight-check
+
+Completed preflight create-role check
+```
+
+### Create-RoleBinding check
+We use the command below to test if we are able to create a role binding in the cluster
+```shell
+$ qliksense preflight createRoleBinding
+
+Preflight create roleBinding check
+---------------------------
+Preflight createRoleBinding check: 
+Created RoleBinding: role-binding-preflight-check
+Preflight createRoleBinding check: PASSED
+Cleaning up resources...
+Deleting RoleBinding: role-binding-preflight-check
+Deleted RoleBinding: role-binding-preflight-check
+
+Completed preflight createRoleBinding check
+```
+
+### Create-ServiceAccount check
+We use the command below to test if we are able to create a service account in the cluster
+```shell
+$ qliksense preflight createServiceAccount
+
+Preflight create ServiceAccount check
+-------------------------------------
+Preflight createServiceAccount check: 
+Created Service Account: preflight-check-test-serviceaccount
+Preflight createServiceAccount check: PASSED
+Cleaning up resources...
+Deleting ServiceAccount: preflight-check-test-serviceaccount
+Deleted ServiceAccount: preflight-check-test-serviceaccount
+
+Completed preflight createServiceAccount check
+```
+
+### CreateRB check
+We use the command below to combine creation of role, role binding, and service account tests
+```shell
+$ qliksense preflight createRB
+
+Preflight createRB check
+-------------------------------------
+Preflight create-role check: 
+Created role: role-preflight-check
+Preflight create-role check: PASSED
+Cleaning up resources...
+Deleted role: role-preflight-check
+
+Completed preflight create-role check
+
+Preflight create RoleBinding check: 
+Created RoleBinding: role-binding-preflight-check
+Preflight create RoleBinding check: PASSED
+Cleaning up resources...
+Deleted RoleBinding: role-binding-preflight-check
+
+Completed preflight create RoleBinding check
+
+Preflight createServiceAccount check: 
+Created Service Account: preflight-check-test-serviceaccount
+Preflight createServiceAccount check: PASSED
+Cleaning up resources...
+Deleted ServiceAccount: preflight-check-test-serviceaccount
+
+Completed preflight createServiceAccount check
+Completed preflight CreateRB check
+```
+
+### Mongodb check
+We can check if we are able to connect to an instance of mongodb on the cluster by either supplying the mongodbUri as part of the command or infer it from the current context.
+
+```shell
+qliksense preflight mongo --url=<url> OR
+qliksense preflight mongo
+
+Preflight mongo check
+---------------------
+Preflight mongodb check: 
+Created pod: pf-mongo-pod
+stdout: MongoDB shell version v4.2.5
+connecting to: <url>/?compressors=disabled&gssapiServiceName=mongodb
+Implicit session: session { "id" : UUID("64f639d3-2c93-4894-80f6-ee14acaf56a5") }
+MongoDB server version: 4.2.5
+bye
+stderr: 
+Preflight mongo check: PASSED
+Deleted pod: pf-mongo-pod
+Completed preflight mongodb check
+```
+
+
+
 ### Running all checks
 Run the command shown below to execute all preflight checks.
 ```console
+$ qliksense preflight all --mongodb-url=<url> OR
 $ qliksense preflight all
 
 Running all preflight checks

go.mod

@@ -32,7 +32,6 @@ require (
 	github.com/gobuffalo/packr/v2 v2.7.1
 	github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e // indirect
 	github.com/golang/protobuf v1.3.3 // indirect
-	github.com/google/uuid v1.1.1
 	github.com/gorilla/mux v1.7.3 // indirect
 	github.com/hashicorp/golang-lru v0.5.4 // indirect
 	github.com/jinzhu/copier v0.0.0-20190924061706-b57f9002281a
@@ -41,12 +40,14 @@ require (
 	github.com/mattn/go-tty v0.0.3
 	github.com/mitchellh/go-homedir v1.1.0
 	github.com/morikuni/aec v1.0.0 // indirect
+	github.com/otiai10/copy v1.1.1
 	github.com/pkg/errors v0.8.1
-	github.com/qlik-oss/k-apis v0.0.34
+	github.com/qlik-oss/k-apis v0.1.0
 	github.com/robfig/cron/v3 v3.0.1
 	github.com/rogpeppe/go-internal v1.5.2 // indirect
 	github.com/spf13/cobra v0.0.6
 	github.com/spf13/viper v1.6.1
+	github.com/src-d/go-git v4.7.0+incompatible
 	github.com/ttacon/chalk v0.0.0-20160626202418-22c06c80ed31
 	golang.org/x/crypto v0.0.0-20200311171314-f7b00557c8c4 // indirect
 	golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a // indirect
@@ -55,12 +56,12 @@ require (
 	golang.org/x/tools v0.0.0-20200312194400-c312e98713c2 // indirect
 	google.golang.org/genproto v0.0.0-20200128133413-58ce757ed39b // indirect
 	google.golang.org/grpc v1.27.0 // indirect
+	gopkg.in/src-d/go-git.v4 v4.13.1
 	gopkg.in/yaml.v2 v2.2.8
 	gopkg.in/yaml.v3 v3.0.0-20190924164351-c8b7dadae555
 	k8s.io/api v0.17.0
 	k8s.io/apimachinery v0.17.0
 	k8s.io/client-go v11.0.0+incompatible
-	k8s.io/kubectl v0.0.0-20191016120415-2ed914427d51
 	sigs.k8s.io/kustomize/api v0.3.2
 	sigs.k8s.io/yaml v1.1.0
 )

go.sum

@@ -792,6 +792,14 @@ github.com/opencontainers/selinux v1.3.0 h1:xsI95WzPZu5exzA6JzkLSfdr/DilzOhCJOqG
 github.com/opencontainers/selinux v1.3.0/go.mod h1:+BLncwf63G4dgOzykXAxcmnFlUaOlkDdmw/CqsW6pjs=
 github.com/ostreedev/ostree-go v0.0.0-20190702140239-759a8c1ac913 h1:TnbXhKzrTOyuvWrjI8W6pcoI9XPbLHFXCdN2dtUw7Rw=
 github.com/ostreedev/ostree-go v0.0.0-20190702140239-759a8c1ac913/go.mod h1:J6OG6YJVEWopen4avK3VNQSnALmmjvniMmni/YFYAwc=
+github.com/otiai10/copy v1.1.1 h1:PH7IFlRQ6Fv9vYmuXbDRLdgTHoP1w483kPNUP2bskpo=
+github.com/otiai10/copy v1.1.1/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw=
+github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE=
+github.com/otiai10/curr v1.0.0 h1:TJIWdbX0B+kpNagQrjgq8bCMrbhiuX73M2XwgtDMoOI=
+github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs=
+github.com/otiai10/mint v1.3.0/go.mod h1:F5AjcsTsWUqX+Na9fpHb52P8pcRX2CI6A3ctIT91xUo=
+github.com/otiai10/mint v1.3.1 h1:BCmzIS3n71sGfHB5NMNDB3lHYPz8fWSkCAErHed//qc=
+github.com/otiai10/mint v1.3.1/go.mod h1:/yxELlJQ0ufhjUwhshSj+wFjZ78CnZ48/1wtmBH1OTc=
 github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
 github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0MwY=
 github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
@@ -852,10 +860,14 @@ github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDa
 github.com/prometheus/procfs v0.0.5 h1:3+auTFlqw+ZaQYJARz6ArODtkaIwtvBTx3N2NehQlL8=
 github.com/prometheus/procfs v0.0.5/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
 github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
-github.com/qlik-oss/k-apis v0.0.34 h1:lOC21wz/nNZNmSfTXZSJCOm1BulaZfdg7tAuYb7knAE=
-github.com/qlik-oss/k-apis v0.0.34/go.mod h1:DNiWYqCqPIN216l7+1rccArNIYPb1Le7kYDcPSyNp+Q=
-github.com/qlik-oss/kustomize/api v0.3.3-0.20200401055330-fa528324112a h1:Vzod5XB+e25ENy5Lse0pXNmSYSDFxSEYhH/6Sj7twPg=
-github.com/qlik-oss/kustomize/api v0.3.3-0.20200401055330-fa528324112a/go.mod h1:tSQaDZ4Jt9KwYvD7LlMUPi5nkiGOno3PAKl5/XqEfxs=
+github.com/qlik-oss/k-apis v0.0.35 h1:LdxfN43UE4Fy4LAmFcsv2nXCuxfxowKY66rpUQHAyDU=
+github.com/qlik-oss/k-apis v0.0.35/go.mod h1:DNiWYqCqPIN216l7+1rccArNIYPb1Le7kYDcPSyNp+Q=
+github.com/qlik-oss/k-apis v0.0.36 h1:Ztd31rKn4uR3AQRb9QxYf1KEll4+Ku1E8DzCpplBw/g=
+github.com/qlik-oss/k-apis v0.0.36/go.mod h1:yoYGgPJ/H0t9H3NSq64dWfyQY6QWi2L9c+hCJoVO03U=
+github.com/qlik-oss/k-apis v0.0.39 h1:fIGCC7f9kU7319VTSJKr3fLoA9E4MjusRFmOjX3ypis=
+github.com/qlik-oss/k-apis v0.0.39/go.mod h1:yoYGgPJ/H0t9H3NSq64dWfyQY6QWi2L9c+hCJoVO03U=
+github.com/qlik-oss/k-apis v0.1.0 h1:uMl1316SNYy5Hm6jy1U7wiCMkut0tKqdP8mBpSuXXp8=
+github.com/qlik-oss/k-apis v0.1.0/go.mod h1:yoYGgPJ/H0t9H3NSq64dWfyQY6QWi2L9c+hCJoVO03U=
 github.com/qlik-oss/kustomize/api v0.3.3-0.20200402170547-2e8140160c36 h1:BuT+cnXPQ6mcOWTDS1S8GXy65LAEMdPuNQCC36rMq28=
 github.com/qlik-oss/kustomize/api v0.3.3-0.20200402170547-2e8140160c36/go.mod h1:tSQaDZ4Jt9KwYvD7LlMUPi5nkiGOno3PAKl5/XqEfxs=
 github.com/quasilyte/go-consistent v0.0.0-20190521200055-c6f3937de18c/go.mod h1:5STLWrekHfjyYwxBRVRXNOSewLJ3PWfDJd1VyTS21fI=
@@ -941,6 +953,8 @@ github.com/spf13/viper v1.6.1 h1:VPZzIkznI1YhVMRi6vNFLHSwhnhReBfgTxIPccpfdZk=
 github.com/spf13/viper v1.6.1/go.mod h1:t3iDnF5Jlj76alVNuyFBk5oUMCvsrkbvZK0WQdfDi5k=
 github.com/src-d/gcfg v1.4.0 h1:xXbNR5AlLSA315x2UO+fTSSAXCDf+Ar38/6oyGbDKQ4=
 github.com/src-d/gcfg v1.4.0/go.mod h1:p/UMsR43ujA89BJY9duynAwIpvqEujIH/jFlfL7jWoI=
+github.com/src-d/go-git v4.7.0+incompatible h1:IYSSnbAHeKmsfbQFi9ozbid+KNh0bKjlorMfQehQbcE=
+github.com/src-d/go-git v4.7.0+incompatible/go.mod h1:1bQciz+hn0jzPQNsYj0hDFZHLJBdV7gXE2mWhC7EkFk=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=

pkg/api/apis.go

@@ -1,11 +1,9 @@
 package api
 
 import (
-	"crypto/rsa"
 	"errors"
 	"fmt"
 	"io/ioutil"
-	"log"
 	"os"
 	"path/filepath"
 	"strings"
@@ -23,6 +21,7 @@ const (
 	qliksenseContextsDirName = "contexts"
 	qliksenseSecretsDirName  = "secrets"
 	qliksenseEjsonDirName    = "ejson"
+	QLIK_GIT_REPO            = "https://github.com/qlik-oss/qliksense-k8s"
 )
 
 // NewQConfig create QliksenseConfig object from file ~/.qliksense/config.yaml
@@ -144,6 +143,66 @@ func (cr *QliksenseCR) IsRepoExist() bool {
 	return true
 }
 
+func (cr *QliksenseCR) GetFetchUrl() string {
+	if cr.Spec.FetchSource == nil || cr.Spec.FetchSource.Repository == "" {
+		return QLIK_GIT_REPO
+	}
+	return cr.Spec.FetchSource.Repository
+}
+
+func (cr *QliksenseCR) GetFetchAccessToken(encryptionKey string) string {
+	if cr.Spec.FetchSource == nil {
+		return ""
+	}
+	if tok, err := cr.Spec.FetchSource.GetAccessToken(); err != nil {
+		fmt.Println(err)
+		return ""
+	} else {
+		by, _ := b64.StdEncoding.DecodeString(tok)
+		res, err := DecryptData(by, encryptionKey)
+		if err != nil {
+			fmt.Println(err)
+			return ""
+		}
+		return string(res)
+	}
+}
+
+func (cr *QliksenseCR) SetFetchUrl(url string) {
+	if cr.Spec.FetchSource == nil {
+		cr.Spec.FetchSource = &config.Repo{}
+	}
+	cr.Spec.FetchSource.Repository = url
+}
+
+func (cr *QliksenseCR) SetFetchAccessToken(token, encryptionKey string) error {
+	if cr.Spec.FetchSource == nil {
+		cr.Spec.FetchSource = &config.Repo{}
+	}
+	res, err := EncryptData([]byte(token), encryptionKey)
+	if err != nil {
+		return err
+	}
+	cr.Spec.FetchSource.AccessToken = b64.StdEncoding.EncodeToString(res)
+	return nil
+}
+
+func (cr *QliksenseCR) SetFetchAccessSecretName(sec string) {
+	if cr.Spec.FetchSource == nil {
+		cr.Spec.FetchSource = &config.Repo{}
+	}
+	cr.Spec.FetchSource.SecretName = sec
+}
+
+//DeleteRepo delete the manifest repo and unset manifestsRoot
+func (cr *QliksenseCR) DeleteRepo() error {
+	if err := os.RemoveAll(cr.Spec.ManifestsRoot); err != nil {
+		return err
+	}
+	cr.Spec.ManifestsRoot = ""
+	return nil
+}
+
 func (qc *QliksenseConfig) IsRepoExist(contextName, version string) bool {
 	if _, err := os.Lstat(qc.BuildRepoPathForContext(contextName, version)); err != nil {
 		return false
@@ -158,6 +217,11 @@ func (qc *QliksenseConfig) IsRepoExistForCurrent(version string) bool {
 	return true
 }
 
+func (qc *QliksenseConfig) DeleteRepoForCurrent(version string) error {
+	path := qc.BuildRepoPath(version)
+	return os.RemoveAll(path)
+}
+
 func (qc *QliksenseConfig) BuildRepoPath(version string) string {
 	return qc.BuildRepoPathForContext(qc.Spec.CurrentContext, version)
 }
@@ -258,9 +322,9 @@ func (qc *QliksenseConfig) GetCurrentContextSecretsDir() (string, error) {
 func (qc *QliksenseConfig) setDockerConfigJsonSecret(filename string, dockerConfigJsonSecret *DockerConfigJsonSecret) error {
 	if secretsDir, err := qc.GetCurrentContextSecretsDir(); err != nil {
 		return err
-	} else if publicKey, _, err := qc.GetCurrentContextEncryptionKeyPair(); err != nil {
+	} else if encryptionKey, err := qc.GetEncryptionKeyForCurrent(); err != nil {
 		return err
-	} else if dockerConfigJsonSecretYaml, err := dockerConfigJsonSecret.ToYaml(publicKey); err != nil {
+	} else if dockerConfigJsonSecretYaml, err := dockerConfigJsonSecret.ToYaml(encryptionKey); err != nil {
 		return err
 	} else if err := os.MkdirAll(secretsDir, os.ModePerm); err != nil {
 		return err
@@ -307,9 +371,9 @@ func (qc *QliksenseConfig) getDockerConfigJsonSecret(name string) (*DockerConfig
 		return nil, err
 	} else if dockerConfigJsonSecretYaml, err := ioutil.ReadFile(filepath.Join(secretsDir, name)); err != nil {
 		return nil, err
-	} else if _, privateKey, err := qc.GetCurrentContextEncryptionKeyPair(); err != nil {
+	} else if encryptionKey, err := qc.GetEncryptionKeyForCurrent(); err != nil {
 		return nil, err
-	} else if err := dockerConfigJsonSecret.FromYaml(dockerConfigJsonSecretYaml, privateKey); err != nil {
+	} else if err := dockerConfigJsonSecret.FromYaml(dockerConfigJsonSecretYaml, encryptionKey); err != nil {
 		return nil, err
 	}
 	return dockerConfigJsonSecret, nil
@@ -320,11 +384,11 @@ func (qc *QliksenseConfig) getCurrentContextEncryptionKeyPairLocation() (string,
 	if qcr, err := qc.GetCurrentCR(); err != nil {
 		return "", err
 	} else {
-		return qc.getContextEncryptionKeyPairLocation(qcr.GetName())
+		return qc.getContextEncryptionKeyLocation(qcr.GetName())
 	}
 }
 
-func (qc *QliksenseConfig) getContextEncryptionKeyPairLocation(contextName string) (string, error) {
+func (qc *QliksenseConfig) getContextEncryptionKeyLocation(contextName string) (string, error) {
 	// Check env var: QLIKSENSE_KEY_LOCATION to determine location to store keypair
 	var secretKeyPairLocation string
 	if os.Getenv("QLIKSENSE_KEY_LOCATION") != "" {
@@ -334,9 +398,9 @@ func (qc *QliksenseConfig) getContextEncryptionKeyPairLocation(contextName strin
 		// QLIKSENSE_KEY_LOCATION has not been set, hence storing key pair in default location:
 		// /.qliksense/secrets/contexts/<current-context>/secrets/
 		secretKeyPairLocation = filepath.Join(qc.QliksenseHomePath, qliksenseSecretsDirName, qliksenseContextsDirName, contextName, qliksenseSecretsDirName)
-
 	}
-	return secretKeyPairLocation, nil
+
+	return secretKeyPairLocation, os.MkdirAll(secretKeyPairLocation, os.ModePerm)
 }
 
 func (qc *QliksenseConfig) GetCurrentContextEjsonKeyDir() (string, error) {
@@ -351,52 +415,25 @@ func (qc *QliksenseConfig) GetCurrentContextEjsonKeyDir() (string, error) {
 	}
 }
 
-func (qc *QliksenseConfig) GetCurrentContextEncryptionKeyPair() (*rsa.PublicKey, *rsa.PrivateKey, error) {
+func (qc *QliksenseConfig) GetEncryptionKeyForCurrent() (string, error) {
 	if qcr, err := qc.GetCurrentCR(); err != nil {
-		return nil, nil, err
+		return "", err
 	} else {
-		return qc.GetContextEncryptionKeyPair(qcr.GetName())
+		return qc.GetEncryptionKeyFor(qcr.GetName())
 	}
 }
 
-func (qc *QliksenseConfig) GetContextEncryptionKeyPair(contextName string) (*rsa.PublicKey, *rsa.PrivateKey, error) {
-	secretKeyPairLocation, err := qc.getContextEncryptionKeyPairLocation(contextName)
+func (qc *QliksenseConfig) GetEncryptionKeyFor(contextName string) (string, error) {
+	secretKeyLocation, err := qc.getContextEncryptionKeyLocation(contextName)
 	if err != nil {
-		return nil, nil, err
+		return "", err
 	}
-
-	publicKeyFilePath := filepath.Join(secretKeyPairLocation, QliksensePublicKey)
-	privateKeyFilePath := filepath.Join(secretKeyPairLocation, QliksensePrivateKey)
-	// try to create the dir if it doesn't exist
-	if !FileExists(publicKeyFilePath) || !FileExists(privateKeyFilePath) {
-		LogDebugMessage("Qliksense secretKeyLocation dir does not exist, creating it now: %s", secretKeyPairLocation)
-		if err := os.MkdirAll(secretKeyPairLocation, os.ModePerm); err != nil {
-			err = fmt.Errorf("Not able to create %s dir: %v", secretKeyPairLocation, err)
-			log.Println(err)
-			return nil, nil, err
-		}
-		// generating and storing key-pair
-		err1 := GenerateAndStoreSecretKeypair(secretKeyPairLocation)
-		if err1 != nil {
-			err1 = fmt.Errorf("Not able to generate and store key pair for encryption")
-			log.Println(err1)
-			return nil, nil, err1
-		}
-	}
-
-	if publicKeyBytes, err := ReadKeys(publicKeyFilePath); err != nil {
-		LogDebugMessage("Not able to read public key")
-		return nil, nil, err
-	} else if privateKeyBytes, err := ReadKeys(privateKeyFilePath); err != nil {
-		LogDebugMessage("Not able to read private key")
-		return nil, nil, err
-	} else if rsaPublicKey, err := DecodeToPublicKey(publicKeyBytes); err != nil {
-		return nil, nil, err
-	} else if rsaPrivateKey, err := DecodeToPrivateKey(privateKeyBytes); err != nil {
-		return nil, nil, err
-	} else {
-		return rsaPublicKey, rsaPrivateKey, nil
+	key, err := LoadSecretKey(secretKeyLocation)
+	if key != "" {
+		return key, nil
 	}
+	fmt.Println("Generating new encryption key for the context: " + contextName)
+	return GenerateAndStoreSecretKey(secretKeyLocation)
 }
 
 func (cr *QliksenseCR) AddLabelToCr(key, value string) {
@@ -453,11 +490,23 @@ func (cr *QliksenseCR) SetEULA(value string) {
 	cr.Spec.AddToConfigs("qliksense", "acceptEULA", value)
 }
 
+// GetCustomCrdsPath get crds path if exist in the profile dir
+func (cr *QliksenseCR) GetCustomCrdsPath() string {
+	if cr.Spec.ManifestsRoot == "" || cr.Spec.Profile == "" {
+		return ""
+	}
+	crdsPath := filepath.Join(cr.Spec.GetManifestsRoot(), "manifests", cr.Spec.Profile, "crds")
+	if _, err := os.Lstat(crdsPath); err != nil {
+		return ""
+	}
+	return crdsPath
+}
+
 // GetDecryptedCr it decrypts all the encrypted value and return a new CR
 func (qc *QliksenseConfig) GetDecryptedCr(cr *QliksenseCR) (*QliksenseCR, error) {
 	newCr := &QliksenseCR{}
 	copier.Copy(newCr, cr)
-	_, rsaPrivateKey, err := qc.GetCurrentContextEncryptionKeyPair()
+	encryptionKey, err := qc.GetEncryptionKeyFor(cr.GetName())
 	if err != nil {
 		return nil, err
 	}
@@ -470,7 +519,7 @@ func (qc *QliksenseConfig) GetDecryptedCr(cr *QliksenseCR) (*QliksenseCR, error)
 				if err != nil {
 					return nil, err
 				}
-				db, err := Decrypt(b, rsaPrivateKey)
+				db, err := DecryptData(b, encryptionKey)
 				if err != nil {
 					return nil, err
 				}
@@ -483,6 +532,11 @@ func (qc *QliksenseConfig) GetDecryptedCr(cr *QliksenseCR) (*QliksenseCR, error)
 		finalSecrets[k] = newNvs
 	}
 	newCr.Spec.Secrets = finalSecrets
+
+	if newCr.Spec.FetchSource != nil && newCr.Spec.FetchSource.AccessToken != "" {
+		decData := cr.GetFetchAccessToken(encryptionKey)
+		newCr.Spec.FetchSource.AccessToken = decData
+	}
 	return newCr, nil
 }
 

pkg/api/apis_test.go

@@ -1,6 +1,7 @@
 package api
 
 import (
+	b64 "encoding/base64"
 	"fmt"
 	"io/ioutil"
 	"log"
@@ -52,12 +53,6 @@ spec:
     qliksense:
       - name: acceptEULA
         value: "yes"
-  secrets:
-    qliksense:
-    - name: mongoDbUri
-      # this is rsa encrypted value, the pub and pri keys are in setuPublicAndPrivateKey() method
-      # actual value: mongodb://qlik-default-mongodb:27017/qliksense?ssl=false
-      value: n/pDi7Z/A3i16cAHFFwMp19/egNKc8WZxm6MKHLT/B1DMv3U6pDXWyXT5fYYDV1wDTO3Vk43yECST1UgZYmMpgUOwgSfGgqTVi2VqS0JQsnwI+Twwhnvha8RJANX8b/XIoSFVWaOgy7+RP35ZkvOqHdCfC2aT8JMIHgBQqqCbsNgimCuRSxi0klR000ic/Tp5PYSz5mD+WLrkPw2FbS0OVBsQ/hIp5GZrmVpvEOZdbT63Sz+n/G4Br6GTv2LkZcU7JBuKQm2wfB+mRjJmJnNrPawLfn2UZ89Rz0BLwIy+6b24/RoIUgoNowfGkJreGiwItGK8fjCcx11oavK/yAo6pYZXCcru46pmHbxxle1OlkdTKkG6EVtJuKjSZXtVmBHZYRFzsR7HnAiXnL7QzSEcS7ieZlQvTmNLfpidJhK199oSbyKREqXGl2S8DzPKM9RLccVbQTy6X8qWimP3MYCnO4K0KoQnNQAgfuV8ZxnvdDecByLDPIpmFMGy0Xm9pUZWxmSoDBq+p5WBI2HdCX2gCYVv5yxS2iBqO5SMKo8iOglHtPI9NIMvloERdN1vZtxSRkY5uDEfrU9ysYwfayEXxvXmdWv0HxlotcgUinP02j7k+OfIapTmY/jGfvF4euyCGRKuJ9JlSD9pIiRdAcekjL6hCxXLJLdajCV4sL/YDo=
 `
 	ctx1Dir := filepath.Join(homeDir, "contexts", "contx1")
 	crFile := filepath.Join(ctx1Dir, "contx1.yaml")
@@ -106,13 +101,16 @@ func TestGetDecryptedCr(t *testing.T) {
 		t.Fail()
 		t.Log(e)
 	}
-	qcr, err := qct.GetCurrentCR()
-	if err != nil {
-		t.Fail()
-		t.Log(err)
-	}
 
-	setuPublicAndPrivateKey(dir)
+	qcr, err := qct.GetCurrentCR()
+
+	key, _ := setupGenerateKey(dir)
+	ecn, _ := EncryptData([]byte("mongodb://qlik-default-mongodb:27017/qliksense?ssl=false"), key)
+	b := b64.StdEncoding.EncodeToString(ecn)
+	qcr.Spec.AddToSecrets("qliksense", "mongoDbUri", b, "")
+
+	qcr.SetFetchAccessToken("mytoken", key)
+
 	newCr, err := qct.GetDecryptedCr(qcr)
 	if err != nil {
 		t.Fail()
@@ -129,77 +127,12 @@ func TestGetDecryptedCr(t *testing.T) {
 	if decryptedValue == orignalValue {
 		t.Fail()
 	}
+	if newCr.Spec.FetchSource.AccessToken != "mytoken" {
+		t.Fail()
+	}
 	td()
 }
-func setuPublicAndPrivateKey(homeDir string) ([]byte, []byte, error) {
-	privKeyBytes := []byte(`-----BEGIN RSA PRIVATE KEY-----
-MIIJJwIBAAKCAgEAwUCimKCidbF3UxEHPy8K+hvhklRB9JYhj5sJy0if4lTVibkK
-1MrYCykOnmC40pPU9GLY1b8HxAg9tvyRn0YHUxOra6vVQaVcOVJhTM8D18d+lSr3
-Lp1yiX+UGT4nzWI9+R1CCbwXrqeQVoZs6QZKynEXMkFI9/wNMOwPOvQFOSTuoEoC
-O+zyTyUWEkNbUq825ELUQdIsjgmlWUOONudxsAr7ESRXW9QTHVh6uWmr3VRKZHby
-1JdU3I/wjdlGg5M2dDuXy5nQO9w/nYLjJXiw+zzOetZ/+t7/VOkOpNTeJQhwTM1W
-F7Y2VLetbi9FHgyzHatrduh07+XEiTbgDf3GIx2bp2p6oh0G3N2zpiLcK/aZj8ro
-uWWydfFfsU3MZ4FfJDP8I6b9awxjmKYqIr6hiPQCJaLBED8mwK+I5evIbnKv6E6u
-K+BApWA/R7ElragoFYbqQ1VpvntVMtJt9Dy5ZrI+IQARdXD3bb34oh0IPBhClnvv
-MUc1cWxDoXEX6oJ4I+LzxE87Zkwnan9qOwengolMVKFwPx1o37qrbmrXID21kKt7
-FL6xN4HxHLkItr1fKzdyWDFRHgASTAWfx5BIwvPuUW0vZHkvO80VyV2L63whVhPn
-PASmFkbviomrBttYfpr2aGQqF/qR1Nlxe834MFxk1pS9LMa/WnzvFr0gWakCAwEA
-AQKCAgARSp9B2N2wejibDiL/3E23I1eDqFZedDB8kPrHXbAwqDaTJCN79spt9TaB
-pVXkQaYEV/Pe7EDdoX8kKGU/QxzUqiXkdHOYdBtUZbKfFMbbP9ZrsnR7j0r4UpoF
-yDH3hprU93E5PcNAtW2M0GpeT1nR01yn+n908PCdOAIE3GC7RDq1zOl2QzVLL55R
-9ATv2Q2oTvJ/ETc7XlGVMx4+e2cIwXLFjeLjLI6pSYlxnarrGuetJZeEviWxto9n
-odFVZI6yx8JFTXX8ZTCr/1IjwDDVyhMPmrHI2Lsv9cqBpSpbVe32cUkKxhsGaYjz
-GvesQKamOPhco2ATNxPm0yopFlPsGKMfVl0BK0J6BqFh1BvU/SYJmXfnFuUNO3vV
-4u2Saa0q1iddxV0rXDwIqUfn+S6rwzK0G7y8bH2yvpB2VwiG3TFPnULep4wsefNq
-Fj92kqFBjacGpQLEEslUY0CMgeZ2+NuBQSUTscP3wBRsottMR6YXJtINdvfHBx+e
-EcN71z8D00w3mYqIQ7qb4Ml6HOqknunn58g43L9sACMUMTlEBXa9pUnScNYgWBAz
-W2q2mH37cIydM2JRZPpA8B4yTHt5ugJmChwyNFM7941arjKrebH+6AzLkofGedOP
-zg+vZQuPEXWs+3MBBnkWoyJW3Y0fbQdjsuQTtnd+7iyoxoBroQKCAQEA4dIiFlIS
-MDfRhQQWSiDvaw9aneDEJ3uo63ZRH5tm/IynLgtjYgEm/ZxlBCQgqRKLYELBxhu8
-SaF0uPK8pmpFJt0mIwSlsdeVhuE2obQeKUCczaqrKeaHS3PdWLjTlwph81BGRkHy
-qfqtNylyyMxrdEbnR51EtsWgFq6anTUAui1Q09JMuMNZRMOzDs1F4gExgD22rc0V
-c9YQ+jHJRxBGtNKMpMEqc8cvaxBidbItrN9SMTSWog7uYPBuEuaJ6K9vpgyJMOzJ
-SYcQEFGqgIqIDCg+ABE4d/4YROMKZ1DV/bJCind9brUHSx6XALsF0nC5c1Q9TnUL
-qI2khOwts4KYKwKCAQEA2xRC6Az97Vkdzu7BjLJ1FKmx4S2nEEgVS12ds82U+5Xf
-BHKAJnjqlqmmpzzJG+d77IYktz0+mey1QCNkqlm2fhuKs8LZMnpZRf0l8VcoBsUP
-/xKz7wfiE7RRFZtLJhPp4hhe43GzX5/JFMWMnC6UykwQbj4t1E/GNM/Suqwvg12M
-wktAJ6nqLgfhjQSO4xWo+nPzcbX+fNtrPCZVrBhYXihhcwRRNImWUCGJ6J4LMdPY
-Y9Z59qhOvE9cReH/Xw1av46omyiSyAqlgPyZ/kzA2IJSqYCjiQR/2+RD/g13jpcJ
-jatXLVZ8MJSL5OTS40G/HHTNNpNHbKKh0GOyxBA3ewKCAQBAn8UXhCcmW2L/YPsL
-/b7mcX9qPP+FmRLvR23R0MQ5M/tH5wRq8I969n3GIJykJeVzB8eybQ+GNslTgEvS
-iAkAJTubu+G7MkndTqg2wHf9MDtvdA8Fr646Po8yq7oJuHPtkKR7yLWsRUu6xIbP
-xgheP0hCq1QVxhqZQyCGKrvpi7xc0gsYuPbcAfFFJCOCmPrUi1SzCkTAYJt9LjA+
-wP6rErIjGBCRD4iXaBn1OqdtmH9KC5WsDP/VCBlIGWeQCly2NVIxiSHVg+xp7yUP
-IhXq/L05gbQaSsIhPKQmivCiaJg4The8TdwneDqYf+0bmxzHT203/bD3bImPbJNr
-ksz/AoIBAEwu4Y1cZzkQUmNRd5D7xecnk6ngfEYXKwCIT3zlMrfCSEl9n77BMaKu
-4Dsr0iuX9eosQ7xM2eYhAG6LYEg05lc4MKWOToVVMpI6E+W3Dz47bPKgiF3I+f8s
-Jz5CQIG/TwfGvciOE3hfUkec4ua09BzdEqGjkcBQ9XYMBxXPJr6h2379OBQS7FKR
-fwfQ2/dv4tElXTTfut2kV8gU9Jnh5Wjo1epvR+XjKpg28YQo4W+0YX1magcyRB8L
-4eSTUIC3XiVa8Jr0IwbZXPBb5xkdi7o+p4w2JahSHjxTRqmj+T1mnHXdbXVgq9Mg
-9Pzl7cgFZvX4UBx4XtASRf73jITNtt0CggEADH9K+O7FrIOSQly0sMvsRCMtejp3
-o+MDh1Q+vEg2kEgNXjS4ZFVljUpM2kg1OdUz7feS4dLXUJiIQ8ZWtZPedcq7wjHd
-02he5+s06l0jPifN3tX1ADfXGpXg5R2fbkrIzakkPP5/RO/aDxIUo7qhklNsVTXO
-VlGGfWLdk0ekA4upKm02Q1+YOlbIcAicEYYY8K7IffUwnohzKwL9yfuGi1VKTXpE
-4fzdegsHI03FSqR7V+LvtBpIupQ7RO4kuBmCEyI4E9FVknchg4te4gO3qwd9y0rJ
-Gu7HNIOrwOHzviI7J6Nd/l9MmeKqklHSgJvko/f5TmiXuQQ8xDZf84rcjQ==
------END RSA PRIVATE KEY-----
-`)
-
-	publicKeyBytes := []byte(`-----BEGIN RSA PUBLIC KEY-----
-MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwUCimKCidbF3UxEHPy8K
-+hvhklRB9JYhj5sJy0if4lTVibkK1MrYCykOnmC40pPU9GLY1b8HxAg9tvyRn0YH
-UxOra6vVQaVcOVJhTM8D18d+lSr3Lp1yiX+UGT4nzWI9+R1CCbwXrqeQVoZs6QZK
-ynEXMkFI9/wNMOwPOvQFOSTuoEoCO+zyTyUWEkNbUq825ELUQdIsjgmlWUOONudx
-sAr7ESRXW9QTHVh6uWmr3VRKZHby1JdU3I/wjdlGg5M2dDuXy5nQO9w/nYLjJXiw
-+zzOetZ/+t7/VOkOpNTeJQhwTM1WF7Y2VLetbi9FHgyzHatrduh07+XEiTbgDf3G
-Ix2bp2p6oh0G3N2zpiLcK/aZj8rouWWydfFfsU3MZ4FfJDP8I6b9awxjmKYqIr6h
-iPQCJaLBED8mwK+I5evIbnKv6E6uK+BApWA/R7ElragoFYbqQ1VpvntVMtJt9Dy5
-ZrI+IQARdXD3bb34oh0IPBhClnvvMUc1cWxDoXEX6oJ4I+LzxE87Zkwnan9qOwen
-golMVKFwPx1o37qrbmrXID21kKt7FL6xN4HxHLkItr1fKzdyWDFRHgASTAWfx5BI
-wvPuUW0vZHkvO80VyV2L63whVhPnPASmFkbviomrBttYfpr2aGQqF/qR1Nlxe834
-MFxk1pS9LMa/WnzvFr0gWakCAwEAAQ==
------END RSA PUBLIC KEY-----
-`)
+func setupGenerateKey(homeDir string) (string, error) {
 	secretKeyPairDir := filepath.Join(homeDir, "secrets", "contexts", "contx1", "secrets")
 	if err := os.MkdirAll(secretKeyPairDir, 0777); err != nil {
 		err = fmt.Errorf("Not able to create directories")
@@ -207,19 +140,33 @@ MFxk1pS9LMa/WnzvFr0gWakCAwEAAQ==
 	}
 	os.Setenv("QLIKSENSE_KEY_LOCATION", secretKeyPairDir)
 
-	privKeyFile := filepath.Join(secretKeyPairDir, "qliksensePriv")
-	// construct and write priv key file into secretsDir location
-	err := ioutil.WriteFile(privKeyFile, privKeyBytes, 0777)
-	if err != nil {
-		log.Printf("Error while creating file: %v", err)
-		return nil, nil, err
+	key, _ := LoadSecretKey(secretKeyPairDir)
+
+	if key == "" {
+		return GenerateAndStoreSecretKey(secretKeyPairDir)
 	}
-	pubKeyFile := filepath.Join(secretKeyPairDir, "qliksensePub")
-	// construct and write pub key file into secretsDir location
-	err = ioutil.WriteFile(pubKeyFile, publicKeyBytes, 0777)
-	if err != nil {
-		log.Printf("Error while creating file: %v", err)
-		return nil, nil, err
-	}
-	return publicKeyBytes, privKeyBytes, nil
+	return key, nil
+}
+
+func Test_set_and_get_fetch_access_token(t *testing.T) {
+	td, homeDir := setup()
+	defer td()
+	createCRFile(homeDir)
+	crFile := filepath.Join("contexts", "contx1", "contx1.yaml")
+	qConfig := NewQConfig(homeDir)
+	newQ, _ := qConfig.SetCrLocation("contx1", crFile)
+	newQ.Write()
+	qConfig = NewQConfig(homeDir)
+	qcr, _ := qConfig.GetCurrentCR()
+	key, _ := qConfig.GetEncryptionKeyFor(qcr.GetName())
+	if err := qcr.SetFetchAccessToken("mytokenbeforeencryption", key); err != nil {
+		t.Log(err)
+		t.FailNow()
+	}
+	tok := qcr.GetFetchAccessToken(key)
+	if tok != "mytokenbeforeencryption" {
+		t.Log("Expected: mytokenbeforeencryption, got: " + tok)
+		t.Fail()
+	}
+
 }

pkg/api/copy.go

@@ -0,0 +1,8 @@
+package api
+
+import "github.com/otiai10/copy"
+
+//copy source directory to destination
+func CopyDirectory(source string, dest string) error {
+	return copy.Copy(source, dest)
+}

pkg/api/copy_test.go

@@ -0,0 +1,101 @@
+package api
+
+import (
+	"io/ioutil"
+	"os"
+	"path"
+	"path/filepath"
+	"testing"
+
+	kapis_git "github.com/qlik-oss/k-apis/pkg/git"
+	"sigs.k8s.io/kustomize/api/filesys"
+	"sigs.k8s.io/kustomize/api/konfig"
+	"sigs.k8s.io/kustomize/api/krusty"
+	"sigs.k8s.io/kustomize/api/types"
+)
+
+func TestCopyDirectory(t *testing.T) {
+	src, _ := ioutil.TempDir("", "")
+	f1, _ := ioutil.TempFile(src, "")
+	ioutil.TempFile(src, "")
+
+	dest, _ := ioutil.TempDir("", "")
+	CopyDirectory(src, dest)
+	if _, err := os.Lstat(filepath.Join(dest, filepath.Base(f1.Name()))); err != nil {
+		t.Log(err)
+		t.Fail()
+	}
+}
+
+func TestCopyDirectory_withGit_withKuz(t *testing.T) {
+	if testing.Short() {
+		t.Skip("Skipping in short test mode")
+	}
+
+	tmpDir1, err := ioutil.TempDir("", "")
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	defer os.RemoveAll(tmpDir1)
+
+	tmpDir2, err := ioutil.TempDir("", "")
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	defer os.RemoveAll(tmpDir2)
+
+	repoPath1 := path.Join(tmpDir1, "repo")
+	repo1, err := kapis_git.CloneRepository(repoPath1, "https://github.com/qlik-oss/qliksense-k8s", nil)
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+
+	if err := CopyDirectory(repoPath1, tmpDir2); err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+
+	repoPath2 := tmpDir2
+	repo2, err := kapis_git.OpenRepository(repoPath2)
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+
+	if err := kapis_git.Checkout(repo2, "v0.0.2", "", nil); err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+
+	repo2Manifest, err := kuz(path.Join(repoPath2, "manifests", "docker-desktop"))
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+
+	if err := kapis_git.Checkout(repo1, "v0.0.2", "", nil); err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+
+	repo1Manifest, err := kuz(path.Join(repoPath1, "manifests", "docker-desktop"))
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+
+	if string(repo2Manifest) != string(repo1Manifest) {
+		t.Logf("manifest generated on the original config:\n%v", string(repo1Manifest))
+		t.Logf("manifest generated on the copied config:\n%v", string(repo2Manifest))
+		t.Fatal("expected manifests to be equal, but they were not")
+	}
+}
+
+func kuz(directory string) ([]byte, error) {
+	options := &krusty.Options{
+		DoLegacyResourceSort: false,
+		LoadRestrictions:     types.LoadRestrictionsNone,
+		DoPrune:              false,
+		PluginConfig:         konfig.DisabledPluginConfig(),
+	}
+	k := krusty.MakeKustomizer(filesys.MakeFsOnDisk(), options)
+	resMap, err := k.Run(directory)
+	if err != nil {
+		return nil, err
+	}
+	return resMap.AsYaml()
+}

pkg/api/docker_registry_secret.go

@@ -1,7 +1,6 @@
 package api
 
 import (
-	"crypto/rsa"
 	"encoding/base64"
 	"encoding/json"
 	"errors"
@@ -27,14 +26,14 @@ func (kdcjt *k8sDockerConfigJsonType) GenerateAuth() {
 }
 
 type DockerConfigJsonSecret struct {
-	Name      string
-	Uri       string
-	Username  string
-	Password  string
-	Email     string
+	Name     string
+	Uri      string
+	Username string
+	Password string
+	Email    string
 }
 
-func (d *DockerConfigJsonSecret) ToYaml(encryptionKey *rsa.PublicKey) ([]byte, error) {
+func (d *DockerConfigJsonSecret) ToYaml(encryptionKey string) ([]byte, error) {
 	k8sDockerConfigJson := k8sDockerConfigJsonType{
 		Username: d.Username,
 		Password: d.Password,
@@ -51,8 +50,8 @@ func (d *DockerConfigJsonSecret) ToYaml(encryptionKey *rsa.PublicKey) ([]byte, e
 		return nil, err
 	}
 	var k8sDockerConfigJsonMapMaybeEncryptedBytes []byte
-	if encryptionKey != nil {
-		if k8sDockerConfigJsonMapMaybeEncryptedBytes, err = Encrypt(k8sDockerConfigJsonMapBytes, encryptionKey); err != nil {
+	if encryptionKey != "" {
+		if k8sDockerConfigJsonMapMaybeEncryptedBytes, err = EncryptData(k8sDockerConfigJsonMapBytes, encryptionKey); err != nil {
 			return nil, err
 		}
 	} else {
@@ -65,7 +64,7 @@ func (d *DockerConfigJsonSecret) ToYaml(encryptionKey *rsa.PublicKey) ([]byte, e
 			Kind:       "Secret",
 		},
 		ObjectMeta: metav1.ObjectMeta{
-			Name:      d.Name,
+			Name: d.Name,
 		},
 		Type: v1.SecretTypeDockerConfigJson,
 		Data: map[string][]byte{
@@ -76,7 +75,7 @@ func (d *DockerConfigJsonSecret) ToYaml(encryptionKey *rsa.PublicKey) ([]byte, e
 	return K8sSecretToYaml(k8sSecret)
 }
 
-func (d *DockerConfigJsonSecret) FromYaml(secretBytes []byte, decryptionKey *rsa.PrivateKey) error {
+func (d *DockerConfigJsonSecret) FromYaml(secretBytes []byte, decryptionKey string) error {
 	k8sDockerConfigJsonMap := k8sDockerConfigJsonMapType{}
 	if k8sSecret, err := K8sSecretFromYaml(secretBytes); err != nil {
 		return err
@@ -86,7 +85,7 @@ func (d *DockerConfigJsonSecret) FromYaml(secretBytes []byte, decryptionKey *rsa
 		return errors.New("not a kubernetes.io/dockerconfigjson type")
 	} else if k8sDockerConfigJsonMapEncryptedBytes, ok := k8sSecret.Data[".dockerconfigjson"]; !ok {
 		return errors.New("secret data is missing a value for the .dockerconfigjson key")
-	} else if k8sDockerConfigJsonMapBytes, err := Decrypt(k8sDockerConfigJsonMapEncryptedBytes, decryptionKey); err != nil {
+	} else if k8sDockerConfigJsonMapBytes, err := DecryptData(k8sDockerConfigJsonMapEncryptedBytes, decryptionKey); err != nil {
 		return errors.New("secret data is missing a value for the .dockerconfigjson key")
 	} else if err := json.Unmarshal(k8sDockerConfigJsonMapBytes, &k8sDockerConfigJsonMap); err != nil {
 		return err

pkg/api/docker_registry_secret_test.go

@@ -1,8 +1,6 @@
 package api
 
 import (
-	"crypto/rand"
-	"crypto/rsa"
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
@@ -14,21 +12,21 @@ import (
 
 func TestDockerConfigJsonSecret(t *testing.T) {
 	dockerConfigJsonSecret := DockerConfigJsonSecret{
-		Name:      "some-name",
-		Uri:       "some-uri",
-		Username:  "some-username",
-		Password:  "some-password",
-		Email:     "some-email",
+		Name:     "some-name",
+		Uri:      "some-uri",
+		Username: "some-username",
+		Password: "some-password",
+		Email:    "some-email",
 	}
 	dockerConfigJsonSecretFromYaml := DockerConfigJsonSecret{}
 	validYamlMap := map[string]interface{}{}
 
-	privateKey, err := rsa.GenerateKey(rand.Reader, RSA_KEY_LENGTH)
+	encryptionKey, err := GenerateKey()
 	if err != nil {
 		t.Fatalf("error generating RSA private key: %v\n", err)
 	}
 
-	dockerConfigJsonSecretYamlBytes, err := dockerConfigJsonSecret.ToYaml(&privateKey.PublicKey)
+	dockerConfigJsonSecretYamlBytes, err := dockerConfigJsonSecret.ToYaml(encryptionKey)
 	dockerConfigJsonMap := map[string]interface{}{}
 	if err != nil {
 		t.Fatalf("error converting secret to yaml: %v", err)
@@ -43,7 +41,7 @@ func TestDockerConfigJsonSecret(t *testing.T) {
 		t.Fatalf("no .dockerconfigjson data key in the secret yaml: %v", string(dockerConfigJsonSecretYamlBytes))
 	} else if dockerConfigJsonEncryptedBytes, err := base64.StdEncoding.DecodeString(dockerConfigJsonBytesBase64.(string)); err != nil {
 		t.Fatalf("error decoding dockerConfigJsonBytes from base64: %v", err)
-	} else if dockerConfigJsonBytes, err := Decrypt(dockerConfigJsonEncryptedBytes, privateKey); err != nil {
+	} else if dockerConfigJsonBytes, err := DecryptData(dockerConfigJsonEncryptedBytes, encryptionKey); err != nil {
 		t.Fatalf("error decrypting dockerConfigJsonBytes: %v", err)
 	} else if err := json.Unmarshal(dockerConfigJsonBytes, &dockerConfigJsonMap); err != nil {
 		t.Fatalf("error unmarshalling dockerConfigJson from json: %v", err)
@@ -63,7 +61,7 @@ func TestDockerConfigJsonSecret(t *testing.T) {
 	}
 
 	t.Logf("dockerConfigJsonSecretYaml: \n%v\n", string(dockerConfigJsonSecretYamlBytes))
-	if err := dockerConfigJsonSecretFromYaml.FromYaml(dockerConfigJsonSecretYamlBytes, privateKey); err != nil {
+	if err := dockerConfigJsonSecretFromYaml.FromYaml(dockerConfigJsonSecretYamlBytes, encryptionKey); err != nil {
 		t.Fatalf("error reading secret in from yaml: %v", err)
 	} else if !reflect.DeepEqual(dockerConfigJsonSecret, dockerConfigJsonSecretFromYaml) {
 		t.Fatalf("secret: %v does not equal secret: %v", dockerConfigJsonSecret, dockerConfigJsonSecretFromYaml)

pkg/api/encryption.go

@@ -1,58 +1,42 @@
 package api
 
 import (
+	"crypto/aes"
+	"crypto/cipher"
 	"crypto/rand"
-	"crypto/rsa"
-	"crypto/x509"
-	"encoding/pem"
+	"encoding/hex"
+	"errors"
 	"fmt"
+	"io"
 	"io/ioutil"
 	"log"
 	"path/filepath"
 )
 
 const (
-	RSA_KEY_LENGTH = 4096
-
-	QliksensePublicKey  = "qliksensePub"
-	QliksensePrivateKey = "qliksensePriv"
+	key_file_name = "user_secret_key"
 )
 
-// GenerateAndStoreSecretKeypair generates and stores key pairs
-func GenerateAndStoreSecretKeypair(secretsPath string) error {
-	LogDebugMessage("%s exists", secretsPath)
-	// creating contexts/qlik-default/secrets/qliksensePub and contexts/qlik-default/secrets/qliksensePriv files
-	publicKeyFilePath := filepath.Join(secretsPath, QliksensePublicKey)
-	privateKeyFilePath := filepath.Join(secretsPath, QliksensePrivateKey)
-	LogDebugMessage("Generating public-private key pair.....")
-	GenerateRSAEncryptionKeys(publicKeyFilePath, privateKeyFilePath)
-	LogDebugMessage("Generated public-private key pairs")
-
-	return nil
-}
-
-// GenerateRSAEncryptionKeys is used to generate a new public-private key pair
-func GenerateRSAEncryptionKeys(publicKeyFilePath, privateKeyFilePath string) error {
-	LogDebugMessage("Generating new RSA key pair")
-	privateKey, err := rsa.GenerateKey(rand.Reader, RSA_KEY_LENGTH)
+// GenerateAndStoreSecretKey generates and stores key
+func GenerateAndStoreSecretKey(secretsDir string) (string, error) {
+	// creating contexts/qlik-default/secrets/user_secret_key
+	keyFile := filepath.Join(secretsDir, key_file_name)
+	key, err := GenerateKey()
 	if err != nil {
-		log.Printf("error generating RSA private key: %v\n", err)
-		return err
+		return "", err
 	}
-
-	privateKeyPEM := EncodePrivateKey(privateKey)
-	if err := writeContentToFile(privateKeyPEM, privateKeyFilePath); err != nil {
-		return err
+	if err := writeContentToFile([]byte(key), keyFile); err != nil {
+		return "", err
 	}
-	pubKeyPEM, err2 := EncodePublicKey(&privateKey.PublicKey)
-	if err2 != nil {
-		log.Printf("error occurred when encoding public key: %v\n", err2)
-		return err2
+	return key, nil
+}
+func LoadSecretKey(secretsDir string) (string, error) {
+	keyFile := filepath.Join(secretsDir, key_file_name)
+	by, err := ioutil.ReadFile(keyFile)
+	if err != nil {
+		return "", err
 	}
-	if err := writeContentToFile(pubKeyPEM, publicKeyFilePath); err != nil {
-		return err
-	}
-	return nil
+	return string(by), nil
 }
 
 // writeContentToFile writes keys to a file
@@ -65,104 +49,54 @@ func writeContentToFile(keyData []byte, fileName string) error {
 	return nil
 }
 
-// Encrypt encrypts data with public key
-func Encrypt(pt []byte, pub *rsa.PublicKey) ([]byte, error) {
-	//hash := sha512.New()
-	//ct, err := rsa.EncryptOAEP(hash, rand.Reader, pub, pt, nil)
-	ct, err := rsa.EncryptPKCS1v15(rand.Reader, pub, pt)
+func GenerateKey() (string, error) {
+	salt := make([]byte, 32)
+	if _, err := rand.Read(salt); err != nil {
+		return "", err
+	}
+	s := fmt.Sprintf("%x", salt)
+	return s, nil
+}
+
+func EncryptData(plaintext []byte, userKey string) ([]byte, error) {
+	key, _ := hex.DecodeString(userKey)
+
+	block, err := aes.NewCipher(key)
 	if err != nil {
-		log.Println(err)
 		return nil, err
 	}
-	return ct, nil
-}
 
-// Decrypt decrypts data with private key
-func Decrypt(ct []byte, priv *rsa.PrivateKey) ([]byte, error) {
-	// hash := sha512.New()
-	// plaintext, err := rsa.DecryptOAEP(hash, rand.Reader, priv, ciphertext, nil)
-	pt, err := rsa.DecryptPKCS1v15(rand.Reader, priv, ct)
+	aesgcm, err := cipher.NewGCM(block)
 	if err != nil {
-		log.Println(err)
 		return nil, err
 	}
-	return pt, nil
+	nonce := make([]byte, aesgcm.NonceSize())
+	if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
+		return nil, err
+	}
+
+	return aesgcm.Seal(nonce, nonce, plaintext, nil), nil
 }
 
-// EncodePrivateKey private key to bytes
-func EncodePrivateKey(priv *rsa.PrivateKey) []byte {
-	privBytes := pem.EncodeToMemory(
-		&pem.Block{
-			Type:  "RSA PRIVATE KEY",
-			Bytes: x509.MarshalPKCS1PrivateKey(priv),
-		},
-	)
-
-	return privBytes
-}
-
-// EncodePublicKey public key to bytes
-func EncodePublicKey(pub *rsa.PublicKey) ([]byte, error) {
-	pubASN1, err := x509.MarshalPKIXPublicKey(pub)
+func DecryptData(ciphertext []byte, userKey string) ([]byte, error) {
+	key, _ := hex.DecodeString(userKey)
+	block, err := aes.NewCipher(key)
 	if err != nil {
-		log.Println(err)
 		return nil, err
 	}
 
-	pubBytes := pem.EncodeToMemory(&pem.Block{
-		Type:  "RSA PUBLIC KEY",
-		Bytes: pubASN1,
-	})
-
-	return pubBytes, nil
-}
-
-// DecodeToPrivateKey bytes to private key
-func DecodeToPrivateKey(priv []byte) (*rsa.PrivateKey, error) {
-	block, _ := pem.Decode(priv)
-	enc := x509.IsEncryptedPEMBlock(block)
-	b := block.Bytes
-	var err error
-	if enc {
-		log.Println("is encrypted pem block")
-		b, err = x509.DecryptPEMBlock(block, nil)
-		if err != nil {
-			log.Println(err)
-			return nil, err
-		}
-	}
-	key, err := x509.ParsePKCS1PrivateKey(b)
+	aesgcm, err := cipher.NewGCM(block)
 	if err != nil {
-		log.Println(err)
 		return nil, err
 	}
-	return key, nil
-}
-
-// DecodeToPublicKey bytes to public key
-func DecodeToPublicKey(pub []byte) (*rsa.PublicKey, error) {
-	block, _ := pem.Decode(pub)
-	enc := x509.IsEncryptedPEMBlock(block)
-	b := block.Bytes
-	var err error
-	if enc {
-		log.Println("is encrypted pem block")
-		b, err = x509.DecryptPEMBlock(block, nil)
-		if err != nil {
-			log.Println(err)
-			return nil, err
-		}
+	nonceSize := aesgcm.NonceSize()
+	if len(ciphertext) < nonceSize {
+		return nil, errors.New("ciphertext too short")
 	}
-	iface, err := x509.ParsePKIXPublicKey(b)
+	nonce, ciphertext := ciphertext[:nonceSize], ciphertext[nonceSize:]
+	plaintext, err := aesgcm.Open(nil, nonce, ciphertext, nil)
 	if err != nil {
-		log.Println(err)
 		return nil, err
 	}
-	key, ok := iface.(*rsa.PublicKey)
-	if !ok {
-		err := fmt.Errorf("Unable to decode public key")
-		log.Println(err)
-		return nil, err
-	}
-	return key, nil
+	return plaintext, nil
 }

pkg/api/encryption_test.go

@@ -1,128 +1,29 @@
 package api
 
 import (
-	"encoding/base64"
-	"log"
-	"os"
 	"testing"
 )
 
-func Test_generateRSAEncryptionKeys(t *testing.T) {
-	tests := []struct {
-		name    string
-		wantErr bool
-	}{
-		{
-			name:    "valid case",
-			wantErr: false,
-		},
+func Test_encrypt_decrypt(t *testing.T) {
+	key, err := GenerateKey()
+	if err != nil {
+		t.Log(err)
+		t.FailNow()
 	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			if err := GenerateAndStoreSecretKeypair(os.TempDir()); (err != nil) != tt.wantErr {
-				t.Errorf("generateRSAEncryptionKeys() error = %v, wantErr %v", err, tt.wantErr)
-			}
-		})
-	}
-}
-
-func Test_encryption_decryption(t *testing.T) {
-	privKeyBytes := []byte(`-----BEGIN RSA PRIVATE KEY-----
-MIIJJwIBAAKCAgEAwUCimKCidbF3UxEHPy8K+hvhklRB9JYhj5sJy0if4lTVibkK
-1MrYCykOnmC40pPU9GLY1b8HxAg9tvyRn0YHUxOra6vVQaVcOVJhTM8D18d+lSr3
-Lp1yiX+UGT4nzWI9+R1CCbwXrqeQVoZs6QZKynEXMkFI9/wNMOwPOvQFOSTuoEoC
-O+zyTyUWEkNbUq825ELUQdIsjgmlWUOONudxsAr7ESRXW9QTHVh6uWmr3VRKZHby
-1JdU3I/wjdlGg5M2dDuXy5nQO9w/nYLjJXiw+zzOetZ/+t7/VOkOpNTeJQhwTM1W
-F7Y2VLetbi9FHgyzHatrduh07+XEiTbgDf3GIx2bp2p6oh0G3N2zpiLcK/aZj8ro
-uWWydfFfsU3MZ4FfJDP8I6b9awxjmKYqIr6hiPQCJaLBED8mwK+I5evIbnKv6E6u
-K+BApWA/R7ElragoFYbqQ1VpvntVMtJt9Dy5ZrI+IQARdXD3bb34oh0IPBhClnvv
-MUc1cWxDoXEX6oJ4I+LzxE87Zkwnan9qOwengolMVKFwPx1o37qrbmrXID21kKt7
-FL6xN4HxHLkItr1fKzdyWDFRHgASTAWfx5BIwvPuUW0vZHkvO80VyV2L63whVhPn
-PASmFkbviomrBttYfpr2aGQqF/qR1Nlxe834MFxk1pS9LMa/WnzvFr0gWakCAwEA
-AQKCAgARSp9B2N2wejibDiL/3E23I1eDqFZedDB8kPrHXbAwqDaTJCN79spt9TaB
-pVXkQaYEV/Pe7EDdoX8kKGU/QxzUqiXkdHOYdBtUZbKfFMbbP9ZrsnR7j0r4UpoF
-yDH3hprU93E5PcNAtW2M0GpeT1nR01yn+n908PCdOAIE3GC7RDq1zOl2QzVLL55R
-9ATv2Q2oTvJ/ETc7XlGVMx4+e2cIwXLFjeLjLI6pSYlxnarrGuetJZeEviWxto9n
-odFVZI6yx8JFTXX8ZTCr/1IjwDDVyhMPmrHI2Lsv9cqBpSpbVe32cUkKxhsGaYjz
-GvesQKamOPhco2ATNxPm0yopFlPsGKMfVl0BK0J6BqFh1BvU/SYJmXfnFuUNO3vV
-4u2Saa0q1iddxV0rXDwIqUfn+S6rwzK0G7y8bH2yvpB2VwiG3TFPnULep4wsefNq
-Fj92kqFBjacGpQLEEslUY0CMgeZ2+NuBQSUTscP3wBRsottMR6YXJtINdvfHBx+e
-EcN71z8D00w3mYqIQ7qb4Ml6HOqknunn58g43L9sACMUMTlEBXa9pUnScNYgWBAz
-W2q2mH37cIydM2JRZPpA8B4yTHt5ugJmChwyNFM7941arjKrebH+6AzLkofGedOP
-zg+vZQuPEXWs+3MBBnkWoyJW3Y0fbQdjsuQTtnd+7iyoxoBroQKCAQEA4dIiFlIS
-MDfRhQQWSiDvaw9aneDEJ3uo63ZRH5tm/IynLgtjYgEm/ZxlBCQgqRKLYELBxhu8
-SaF0uPK8pmpFJt0mIwSlsdeVhuE2obQeKUCczaqrKeaHS3PdWLjTlwph81BGRkHy
-qfqtNylyyMxrdEbnR51EtsWgFq6anTUAui1Q09JMuMNZRMOzDs1F4gExgD22rc0V
-c9YQ+jHJRxBGtNKMpMEqc8cvaxBidbItrN9SMTSWog7uYPBuEuaJ6K9vpgyJMOzJ
-SYcQEFGqgIqIDCg+ABE4d/4YROMKZ1DV/bJCind9brUHSx6XALsF0nC5c1Q9TnUL
-qI2khOwts4KYKwKCAQEA2xRC6Az97Vkdzu7BjLJ1FKmx4S2nEEgVS12ds82U+5Xf
-BHKAJnjqlqmmpzzJG+d77IYktz0+mey1QCNkqlm2fhuKs8LZMnpZRf0l8VcoBsUP
-/xKz7wfiE7RRFZtLJhPp4hhe43GzX5/JFMWMnC6UykwQbj4t1E/GNM/Suqwvg12M
-wktAJ6nqLgfhjQSO4xWo+nPzcbX+fNtrPCZVrBhYXihhcwRRNImWUCGJ6J4LMdPY
-Y9Z59qhOvE9cReH/Xw1av46omyiSyAqlgPyZ/kzA2IJSqYCjiQR/2+RD/g13jpcJ
-jatXLVZ8MJSL5OTS40G/HHTNNpNHbKKh0GOyxBA3ewKCAQBAn8UXhCcmW2L/YPsL
-/b7mcX9qPP+FmRLvR23R0MQ5M/tH5wRq8I969n3GIJykJeVzB8eybQ+GNslTgEvS
-iAkAJTubu+G7MkndTqg2wHf9MDtvdA8Fr646Po8yq7oJuHPtkKR7yLWsRUu6xIbP
-xgheP0hCq1QVxhqZQyCGKrvpi7xc0gsYuPbcAfFFJCOCmPrUi1SzCkTAYJt9LjA+
-wP6rErIjGBCRD4iXaBn1OqdtmH9KC5WsDP/VCBlIGWeQCly2NVIxiSHVg+xp7yUP
-IhXq/L05gbQaSsIhPKQmivCiaJg4The8TdwneDqYf+0bmxzHT203/bD3bImPbJNr
-ksz/AoIBAEwu4Y1cZzkQUmNRd5D7xecnk6ngfEYXKwCIT3zlMrfCSEl9n77BMaKu
-4Dsr0iuX9eosQ7xM2eYhAG6LYEg05lc4MKWOToVVMpI6E+W3Dz47bPKgiF3I+f8s
-Jz5CQIG/TwfGvciOE3hfUkec4ua09BzdEqGjkcBQ9XYMBxXPJr6h2379OBQS7FKR
-fwfQ2/dv4tElXTTfut2kV8gU9Jnh5Wjo1epvR+XjKpg28YQo4W+0YX1magcyRB8L
-4eSTUIC3XiVa8Jr0IwbZXPBb5xkdi7o+p4w2JahSHjxTRqmj+T1mnHXdbXVgq9Mg
-9Pzl7cgFZvX4UBx4XtASRf73jITNtt0CggEADH9K+O7FrIOSQly0sMvsRCMtejp3
-o+MDh1Q+vEg2kEgNXjS4ZFVljUpM2kg1OdUz7feS4dLXUJiIQ8ZWtZPedcq7wjHd
-02he5+s06l0jPifN3tX1ADfXGpXg5R2fbkrIzakkPP5/RO/aDxIUo7qhklNsVTXO
-VlGGfWLdk0ekA4upKm02Q1+YOlbIcAicEYYY8K7IffUwnohzKwL9yfuGi1VKTXpE
-4fzdegsHI03FSqR7V+LvtBpIupQ7RO4kuBmCEyI4E9FVknchg4te4gO3qwd9y0rJ
-Gu7HNIOrwOHzviI7J6Nd/l9MmeKqklHSgJvko/f5TmiXuQQ8xDZf84rcjQ==
------END RSA PRIVATE KEY-----
-`)
-
-	publicKeyBytes := []byte(`-----BEGIN RSA PUBLIC KEY-----
-MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwUCimKCidbF3UxEHPy8K
-+hvhklRB9JYhj5sJy0if4lTVibkK1MrYCykOnmC40pPU9GLY1b8HxAg9tvyRn0YH
-UxOra6vVQaVcOVJhTM8D18d+lSr3Lp1yiX+UGT4nzWI9+R1CCbwXrqeQVoZs6QZK
-ynEXMkFI9/wNMOwPOvQFOSTuoEoCO+zyTyUWEkNbUq825ELUQdIsjgmlWUOONudx
-sAr7ESRXW9QTHVh6uWmr3VRKZHby1JdU3I/wjdlGg5M2dDuXy5nQO9w/nYLjJXiw
-+zzOetZ/+t7/VOkOpNTeJQhwTM1WF7Y2VLetbi9FHgyzHatrduh07+XEiTbgDf3G
-Ix2bp2p6oh0G3N2zpiLcK/aZj8rouWWydfFfsU3MZ4FfJDP8I6b9awxjmKYqIr6h
-iPQCJaLBED8mwK+I5evIbnKv6E6uK+BApWA/R7ElragoFYbqQ1VpvntVMtJt9Dy5
-ZrI+IQARdXD3bb34oh0IPBhClnvvMUc1cWxDoXEX6oJ4I+LzxE87Zkwnan9qOwen
-golMVKFwPx1o37qrbmrXID21kKt7FL6xN4HxHLkItr1fKzdyWDFRHgASTAWfx5BI
-wvPuUW0vZHkvO80VyV2L63whVhPnPASmFkbviomrBttYfpr2aGQqF/qR1Nlxe834
-MFxk1pS9LMa/WnzvFr0gWakCAwEAAQ==
------END RSA PUBLIC KEY-----
-`)
-	origStr := "Value1234"
-
-	pubKey, err := DecodeToPublicKey(publicKeyBytes)
-	if err != nil {
-		t.Error(err)
-		t.FailNow()
-	}
-	privKey, err := DecodeToPrivateKey(privKeyBytes)
-	if err != nil {
-		t.Error(err)
-		t.FailNow()
-	}
-	encData, err := Encrypt([]byte(origStr), pubKey)
-	if err != nil {
-		t.Error(err)
-		t.FailNow()
-	}
-
-	encDataStr := base64.StdEncoding.EncodeToString(encData)
-	log.Println("Encoded text:", encDataStr)
-	dec, _ := base64.StdEncoding.DecodeString(encDataStr)
-	data, err := Decrypt(dec, privKey)
-	if err != nil {
-		t.Error(err)
-		t.FailNow()
-	}
-	if string(data) != origStr {
-		t.Error("original string and decrypted string don't match")
-		t.FailNow()
+	testData := "this is a secret value"
+	enc, err := EncryptData([]byte(testData), key)
+	if err != nil {
+		t.Log(err)
+		t.FailNow()
+	}
+	dec, err := DecryptData(enc, key)
+	if err != nil {
+		t.Log(err)
+		t.FailNow()
+	}
+	if testData != string(dec) {
+		t.Log("expected: " + testData)
+		t.Log("actual: " + string(dec))
+		t.Fail()
 	}
 }

pkg/api/preflight_apis.go

@@ -0,0 +1,109 @@
+package api
+
+import (
+	"os"
+	"path/filepath"
+
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+type PreflightConfig struct {
+	metav1.TypeMeta   `json:",inline" yaml:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty" yaml:"metadata,omitempty"`
+	Spec              *PreflightSpec `json:"spec" yaml:"spec"`
+	QliksenseHomePath string         `json:"-" yaml:"-"`
+}
+
+type PreflightSpec struct {
+	MinK8sVersion string            `json:"minK8sVersion,omitempty" yaml:"minK8sVersion,omitempty"`
+	Images        map[string]string `json:"images,omitempty" yaml:"images,omitempty"`
+}
+
+//NewPreflightConfigEmpty create empty PreflightConfig object
+func NewPreflightConfigEmpty(qHome string) *PreflightConfig {
+	p := &PreflightConfig{
+		QliksenseHomePath: qHome,
+		TypeMeta: metav1.TypeMeta{
+			APIVersion: "config.qlik.com/v1",
+			Kind:       "PreflightConfig",
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name: "PreflightConfigMetadata",
+		},
+		Spec: &PreflightSpec{},
+	}
+	return p
+}
+
+//NewPreflightConfig create empty PreflightConfig object if preflit/preflight-config.yaml not exist
+func NewPreflightConfig(qHome string) *PreflightConfig {
+	p := NewPreflightConfigEmpty(qHome)
+	conFile := p.GetConfigFilePath()
+	if _, err := os.Lstat(conFile); err != nil {
+		return p
+	}
+	p = &PreflightConfig{}
+	if err := ReadFromFile(p, conFile); err != nil {
+		return nil
+	}
+	return p
+}
+
+//GetConfigFilePath return preflight-config.yaml file path
+func (p *PreflightConfig) GetConfigFilePath() string {
+	return filepath.Join(p.QliksenseHomePath, "preflight", "preflight-config.yaml")
+}
+
+//Write write PreflightConfig object into the ~/.qliksense/preflight/preflight-config.yaml file
+func (p *PreflightConfig) Write() error {
+	pDir := filepath.Join(p.QliksenseHomePath, "preflight")
+	if err := os.MkdirAll(pDir, os.ModePerm); err != nil {
+		return err
+	}
+	return WriteToFile(p, p.GetConfigFilePath())
+}
+
+func (p *PreflightConfig) AddMinK8sV(version string) {
+	if p.Spec == nil {
+		p.Spec = &PreflightSpec{}
+	}
+	p.Spec.MinK8sVersion = version
+}
+
+func (p *PreflightConfig) AddImage(imageFor, imageName string) {
+	if p.Spec.Images == nil {
+		p.Spec.Images = make(map[string]string)
+	}
+	p.Spec.Images[imageFor] = imageName
+}
+
+func (p *PreflightConfig) GetImageName(imageFor string) string {
+	if p.Spec.Images == nil {
+		return ""
+	}
+	return p.Spec.Images[imageFor]
+}
+func (p *PreflightConfig) GetMinK8sVersion() string {
+	return p.Spec.MinK8sVersion
+}
+func (p *PreflightConfig) IsExistOnDisk() bool {
+	if _, err := os.Lstat(p.GetConfigFilePath()); err != nil {
+		return false
+	}
+	return true
+}
+
+func (p *PreflightConfig) GetImageMap() map[string]string {
+	return p.Spec.Images
+}
+
+func (p *PreflightConfig) Initialize() error {
+	if p.IsExistOnDisk() {
+		return nil
+	}
+	p.AddMinK8sV("1.15")
+	p.AddImage("nginx", "nginx")
+	p.AddImage("netcat", "subfuzion/netcat")
+	p.AddImage("mongo", "mongo")
+	return p.Write()
+}

pkg/api/preflight_apis_test.go

@@ -0,0 +1,39 @@
+package api
+
+import (
+	"io/ioutil"
+	"testing"
+)
+
+func Test_Initalize(t *testing.T) {
+	tempDir, err := ioutil.TempDir("", "")
+	if err != nil {
+		t.Log(err)
+		t.FailNow()
+	}
+	pf := NewPreflightConfig(tempDir)
+	if err := pf.Initialize(); err != nil {
+		t.Log()
+		t.FailNow()
+	}
+	p := &PreflightConfig{
+		QliksenseHomePath: tempDir,
+	}
+	if err := ReadFromFile(p, pf.GetConfigFilePath()); err != nil {
+		t.Log(err)
+		t.FailNow()
+	}
+	if p.GetMinK8sVersion() != "1.15" {
+		t.Log("expected k8 version: 1.15, but got " + p.GetMinK8sVersion())
+		t.Fail()
+	}
+	p.AddImage("test", "testimage")
+	if err := p.Write(); err != nil {
+		t.Log(err)
+		t.Fail()
+	}
+	p2 := NewPreflightConfig(tempDir)
+	if p2.GetImageName("test") != "testimage" {
+		t.Log("expected image name: testimage, got: " + p2.GetImageName("test"))
+	}
+}

pkg/api/utils.go

@@ -4,6 +4,7 @@ import (
 	"archive/tar"
 	"archive/zip"
 	"compress/gzip"
+	b64 "encoding/base64"
 	"fmt"
 	"io"
 	"io/ioutil"
@@ -11,7 +12,6 @@ import (
 	"net/http"
 	"os"
 	"path/filepath"
-	"regexp"
 	"strings"
 	"time"
 
@@ -62,27 +62,38 @@ func ReadKeys(keyFile string) ([]byte, error) {
 }
 
 // ProcessConfigArgs processes args and returns an service, key, value slice
-func ProcessConfigArgs(args []string) ([]*ServiceKeyValue, error) {
+func ProcessConfigArgs(args []string, base64Encoded bool) ([]*ServiceKeyValue, error) {
 	// prepare received args
 	// split args[0] into key and value
 	if len(args) == 0 {
 		err := fmt.Errorf("No args were provided. Please provide args to configure the current context")
 		return nil, err
 	}
+	notValidErr := fmt.Errorf("Please provide valid args for this command")
 	resultSvcKV := make([]*ServiceKeyValue, len(args))
-	re1 := regexp.MustCompile(`(\w{1,}).(\w{1,})=("*[\w\-?=_/:0-9\.]+"*)`)
+	// qliksense.mongodb=somethig
 	for i, arg := range args {
 		LogDebugMessage("Arg received: %s", arg)
-		result := re1.FindStringSubmatch(arg)
-		// check if result array's length is == 4 (index 0 - is the full match & indices 1,2,3- are the fields we need)
-		if len(result) != 4 {
-			err := fmt.Errorf("Please provide valid args for this command")
-			return nil, err
+		first := strings.SplitN(arg, "=", 2)
+		if len(first) != 2 {
+			return nil, notValidErr
+		}
+		second := strings.SplitN(first[0], ".", 2)
+		if len(second) != 2 {
+			return nil, notValidErr
+		}
+		resultValue := strings.Trim(first[1], "\"")
+		if base64Encoded {
+			if decodeByte, err := b64.StdEncoding.DecodeString(resultValue); err != nil {
+				return nil, err
+			} else {
+				resultValue = strings.Trim(string(decodeByte), "\n ")
+			}
 		}
 		resultSvcKV[i] = &ServiceKeyValue{
-			SvcName: result[1],
-			Key:     result[2],
-			Value:   strings.ReplaceAll(result[3], `"`, ""),
+			SvcName: second[0],
+			Key:     second[1],
+			Value:   resultValue,
 		}
 	}
 	return resultSvcKV, nil

pkg/api/utils_test.go

@@ -0,0 +1,47 @@
+package api
+
+import (
+	"testing"
+)
+
+func TestProcessConfigArgs(t *testing.T) {
+	args := []string{
+		"qliksense.mongodb=mongouri://something?ffall",
+		"test_under.test=value_under",
+		"test-dash.dash-key=value-dash",
+		"test-dot.dot-key=127.0.0.1",
+		"test123.key123=value123",
+		"test-equal.keyequal=newvalue=@hj",
+	}
+	expectedKeys := []string{"mongodb", "test", "dash-key", "dot-key", "key123", "keyequal"}
+	expectedValue := []string{"mongouri://something?ffall", "value_under", "value-dash", "127.0.0.1", "value123", "newvalue=@hj"}
+	exppectedSvc := []string{"qliksense", "test_under", "test-dash", "test-dot", "test123", "test-equal"}
+	sv, err := ProcessConfigArgs(args, false)
+	if err != nil {
+		t.Log(err)
+		t.FailNow()
+	}
+	for _, v := range sv {
+		if !contains(expectedKeys, v.Key) {
+			t.Fail()
+			t.Log("expectd key " + v.Key + " not found")
+		}
+		if !contains(expectedValue, v.Value) {
+			t.Fail()
+			t.Log("expectd Value " + v.Value + " not found")
+		}
+		if !contains(exppectedSvc, v.SvcName) {
+			t.Fail()
+			t.Log("expectd service " + v.SvcName + " not found")
+		}
+	}
+}
+
+func contains(arr []string, str string) bool {
+	for _, a := range arr {
+		if a == str {
+			return true
+		}
+	}
+	return false
+}

pkg/preflight/all_checks.go

@@ -4,9 +4,10 @@ import (
 	"fmt"
 )
 
-func (qp *QliksensePreflight) RunAllPreflightChecks(namespace string, kubeConfigContents []byte) {
+func (qp *QliksensePreflight) RunAllPreflightChecks(namespace string, kubeConfigContents []byte, mongodbUrl string) {
 
 	checkCount := 0
+	totalCount := 0
 	// Preflight minimum kuberenetes version check
 	fmt.Printf("\nPreflight kubernetes minimum version check\n")
 	fmt.Println("------------------------------------------")
@@ -15,15 +16,17 @@ func (qp *QliksensePreflight) RunAllPreflightChecks(namespace string, kubeConfig
 	} else {
 		checkCount++
 	}
+	totalCount++
 
 	// Preflight deployment check
 	fmt.Printf("\nPreflight deployment check\n")
-	fmt.Println("-----------------------")
+	fmt.Println("--------------------------")
 	if err := qp.CheckDeployment(namespace, kubeConfigContents); err != nil {
 		fmt.Printf("Preflight deployment check: FAILED\n")
 	} else {
 		checkCount++
 	}
+	totalCount++
 
 	// Preflight service check
 	fmt.Printf("\nPreflight service check\n")
@@ -33,6 +36,7 @@ func (qp *QliksensePreflight) RunAllPreflightChecks(namespace string, kubeConfig
 	} else {
 		checkCount++
 	}
+	totalCount++
 
 	// Preflight pod check
 	fmt.Printf("\nPreflight pod check\n")
@@ -42,6 +46,47 @@ func (qp *QliksensePreflight) RunAllPreflightChecks(namespace string, kubeConfig
 	} else {
 		checkCount++
 	}
+	totalCount++
+
+	// Preflight role check
+	fmt.Printf("\nPreflight role check\n")
+	fmt.Println("--------------------------")
+	if err := qp.CheckCreateRole(namespace); err != nil {
+		fmt.Printf("Preflight role check: FAILED\n")
+	} else {
+		checkCount++
+	}
+	totalCount++
+
+	// Preflight rolebinding check
+	fmt.Printf("\nPreflight rolebinding check\n")
+	fmt.Println("---------------------------------")
+	if err := qp.CheckCreateRoleBinding(namespace); err != nil {
+		fmt.Printf("Preflight rolebinding check: FAILED\n")
+	} else {
+		checkCount++
+	}
+	totalCount++
+
+	// Preflight serviceaccount check
+	fmt.Printf("\nPreflight serviceaccount check\n")
+	fmt.Println("------------------------------------")
+	if err := qp.CheckCreateServiceAccount(namespace); err != nil {
+		fmt.Printf("Preflight serviceaccount check: FAILED\n")
+	} else {
+		checkCount++
+	}
+	totalCount++
+
+	// Preflight mongo check
+	fmt.Printf("\nPreflight mongo check\n")
+	fmt.Println("---------------------")
+	if err := qp.CheckMongo(kubeConfigContents, namespace, mongodbUrl); err != nil {
+		fmt.Printf("Preflight mongo check: FAILED\n")
+	} else {
+		checkCount++
+	}
+	totalCount++
 
 	// Preflight DNS check
 	fmt.Printf("\nPreflight DNS check\n")
@@ -51,8 +96,9 @@ func (qp *QliksensePreflight) RunAllPreflightChecks(namespace string, kubeConfig
 	} else {
 		checkCount++
 	}
+	totalCount++
 
-	if checkCount == 5 {
+	if checkCount == totalCount {
 		fmt.Printf("\nAll preflight checks have PASSED\n")
 	} else {
 		fmt.Printf("\n1 or more preflight checks have FAILED\n")

pkg/preflight/deployability.go

@@ -16,7 +16,7 @@ func (qp *QliksensePreflight) CheckDeployment(namespace string, kubeConfigConten
 
 	// Deployment check
 	fmt.Printf("Preflight deployment check: \n")
-	err = checkPfDeployment(clientset, namespace, "deployment-preflight-check")
+	err = qp.checkPfDeployment(clientset, namespace, "deployment-preflight-check")
 	if err != nil {
 		fmt.Println("Preflight Deployment check: FAILED")
 		return err
@@ -54,7 +54,7 @@ func (qp *QliksensePreflight) CheckPod(namespace string, kubeConfigContents []by
 	// Pod check
 	fmt.Printf("\nPreflight pod check: \n")
 
-	err = checkPfPod(clientset, namespace)
+	err = qp.checkPfPod(clientset, namespace)
 	if err != nil {
 		fmt.Println("Preflight Pod check: FAILED")
 		return err
@@ -63,10 +63,11 @@ func (qp *QliksensePreflight) CheckPod(namespace string, kubeConfigContents []by
 	return nil
 }
 
-func checkPfPod(clientset *kubernetes.Clientset, namespace string) error {
+func (qp *QliksensePreflight) checkPfPod(clientset *kubernetes.Clientset, namespace string) error {
 	// create a pod
 	podName := "pod-pf-check"
-	pod, err := createPreflightTestPod(clientset, namespace, podName, nginxImage)
+	commandToRun := []string{}
+	pod, err := createPreflightTestPod(clientset, namespace, podName, qp.GetPreflightConfigObj().GetImageName(nginx), commandToRun)
 	if err != nil {
 		err = fmt.Errorf("error: unable to create pod %s - %v\n", podName, err)
 		return err
@@ -101,10 +102,9 @@ func checkPfService(clientset *kubernetes.Clientset, namespace string) error {
 	return nil
 }
 
-func checkPfDeployment(clientset *kubernetes.Clientset, namespace, depName string) error {
+func (qp *QliksensePreflight) checkPfDeployment(clientset *kubernetes.Clientset, namespace, depName string) error {
 	// check if we are able to create a deployment
-	// depName :=
-	pfDeployment, err := createPreflightTestDeployment(clientset, namespace, depName, nginxImage)
+	pfDeployment, err := createPreflightTestDeployment(clientset, namespace, depName, qp.GetPreflightConfigObj().GetImageName(nginx))
 	if err != nil {
 		err = fmt.Errorf("error: unable to create deployment: %v\n", err)
 		return err

pkg/preflight/dns_check.go

@@ -3,17 +3,15 @@ package preflight
 import (
 	"fmt"
 	"strings"
-
-	"github.com/qlik-oss/sense-installer/pkg/api"
 )
 
 const (
-	nginxImage  = "nginx"
-	netcatImage = "subfuzion/netcat:latest"
+	nginx  = "nginx"
+	netcat = "netcat"
 )
 
 func (qp *QliksensePreflight) CheckDns(namespace string, kubeConfigContents []byte) error {
-	clientset, clientConfig, err := getK8SClientSet(kubeConfigContents, "")
+	clientset, _, err := getK8SClientSet(kubeConfigContents, "")
 	if err != nil {
 		err = fmt.Errorf("error: unable to create a kubernetes client: %v\n", err)
 		fmt.Println(err)
@@ -22,7 +20,7 @@ func (qp *QliksensePreflight) CheckDns(namespace string, kubeConfigContents []by
 
 	// creating deployment
 	depName := "dep-dns-preflight-check"
-	dnsDeployment, err := createPreflightTestDeployment(clientset, namespace, depName, nginxImage)
+	dnsDeployment, err := createPreflightTestDeployment(clientset, namespace, depName, qp.GetPreflightConfigObj().GetImageName(nginx))
 	if err != nil {
 		err = fmt.Errorf("error: unable to create deployment: %v\n", err)
 		fmt.Println(err)
@@ -45,11 +43,13 @@ func (qp *QliksensePreflight) CheckDns(namespace string, kubeConfigContents []by
 
 	// create a pod
 	podName := "pf-pod-1"
-	dnsPod, err := createPreflightTestPod(clientset, namespace, podName, netcatImage)
+	commandToRun := []string{"sh", "-c", "sleep 10; nc -z -v -w 1 " + dnsService.Name + " 80"}
+	dnsPod, err := createPreflightTestPod(clientset, namespace, podName, qp.GetPreflightConfigObj().GetImageName(netcat), commandToRun)
 	if err != nil {
 		err = fmt.Errorf("error: unable to create pod : %s\n", podName)
 		return err
 	}
+
 	defer deletePod(clientset, namespace, podName)
 
 	if err := waitForPod(clientset, namespace, dnsPod); err != nil {
@@ -60,18 +60,21 @@ func (qp *QliksensePreflight) CheckDns(namespace string, kubeConfigContents []by
 		fmt.Println(err)
 		return err
 	}
-	api.LogDebugMessage("Exec-ing into the container...")
-	stdout, stderr, err := executeRemoteCommand(clientset, clientConfig, dnsPod.Name, dnsPod.Spec.Containers[0].Name, namespace, []string{"nc", "-z", "-v", "-w 1", dnsService.Name, "80"})
+
+	waitForPodToDie(clientset, namespace, dnsPod)
+
+	logStr, err := getPodLogs(clientset, dnsPod)
 	if err != nil {
 		err = fmt.Errorf("error: unable to execute dns check in the cluster: %v", err)
 		fmt.Println(err)
 		return err
 	}
 
-	if strings.HasSuffix(stdout, "succeeded!") || strings.HasSuffix(stderr, "succeeded!") {
+	if strings.HasSuffix(strings.TrimSpace(logStr), "succeeded!") {
 		fmt.Println("Preflight DNS check: PASSED")
 	} else {
-		fmt.Println("Preflight DNS check: FAILED")
+		err = fmt.Errorf("Expected response not found\n")
+		return err
 	}
 
 	fmt.Println("Completed preflight DNS check")

pkg/preflight/mongo_check.go

@@ -0,0 +1,83 @@
+package preflight
+
+import (
+	"fmt"
+	"strings"
+
+	qapi "github.com/qlik-oss/sense-installer/pkg/api"
+)
+
+const (
+	mongo = "mongo"
+)
+
+func (qp *QliksensePreflight) CheckMongo(kubeConfigContents []byte, namespace, mongodbUrl string) error {
+	fmt.Printf("Preflight mongodb check: \n")
+
+	if mongodbUrl == "" {
+		// infer mongoDbUrl from currentCR
+		fmt.Println("MongoDbUri is empty, infer from CR")
+		qConfig := qapi.NewQConfig(qp.Q.QliksenseHome)
+		var currentCR *qapi.QliksenseCR
+
+		var err error
+		qConfig.SetNamespace(namespace)
+		currentCR, err = qConfig.GetCurrentCR()
+		if err != nil {
+			fmt.Printf("Unable to retrieve current CR: %v\n", err)
+			return err
+		}
+		decryptedCR, err := qConfig.GetDecryptedCr(currentCR)
+		mongodbUrl = decryptedCR.Spec.GetFromSecrets("qliksense", "mongoDbUri")
+	}
+
+	fmt.Printf("mongodbUrl: %s\n", mongodbUrl)
+	if err := qp.mongoConnCheck(kubeConfigContents, namespace, mongodbUrl); err != nil {
+		return err
+	}
+	fmt.Println("Completed preflight mongodb check")
+	return nil
+}
+
+func (qp *QliksensePreflight) mongoConnCheck(kubeConfigContents []byte, namespace, mongodbUrl string) error {
+	clientset, _, err := getK8SClientSet(kubeConfigContents, "")
+	if err != nil {
+		err = fmt.Errorf("error: unable to create a kubernetes client: %v\n", err)
+		fmt.Println(err)
+		return err
+	}
+	// create a pod
+	podName := "pf-mongo-pod"
+	commandToRun := []string{"sh", "-c", "sleep 10;mongo " + mongodbUrl}
+	mongoPod, err := createPreflightTestPod(clientset, namespace, podName, qp.GetPreflightConfigObj().GetImageName(mongo), commandToRun)
+	if err != nil {
+		err = fmt.Errorf("error: unable to create pod : %v\n", err)
+		return err
+	}
+	defer deletePod(clientset, namespace, podName)
+
+	if err := waitForPod(clientset, namespace, mongoPod); err != nil {
+		return err
+	}
+	if len(mongoPod.Spec.Containers) == 0 {
+		err := fmt.Errorf("error: there are no containers in the pod- %v\n", err)
+		fmt.Println(err)
+		return err
+	}
+	waitForPodToDie(clientset, namespace, mongoPod)
+	logStr, err := getPodLogs(clientset, mongoPod)
+	if err != nil {
+		err = fmt.Errorf("error: unable to execute mongo check in the cluster: %v\n", err)
+		fmt.Println(err)
+		return err
+	}
+
+	stringToCheck := "Implicit session:"
+	if strings.Contains(logStr, stringToCheck) {
+		fmt.Println("Preflight mongo check: PASSED")
+	} else {
+		err = fmt.Errorf("Expected response not found\n")
+		return err
+	}
+	return nil
+}

pkg/preflight/preflight_utils.go

@@ -5,32 +5,25 @@ import (
 	"fmt"
 	"io"
 	"io/ioutil"
-	"net/url"
+	"log"
 	"path/filepath"
 	"strings"
 	"time"
 
 	"github.com/mitchellh/go-homedir"
-
-	"k8s.io/apimachinery/pkg/util/wait"
-
-	"k8s.io/client-go/util/retry"
-
-	"k8s.io/client-go/rest"
-	"k8s.io/client-go/tools/clientcmd"
-	"k8s.io/client-go/tools/remotecommand"
-	"k8s.io/kubectl/pkg/scheme"
-
 	"github.com/pkg/errors"
 	"github.com/qlik-oss/sense-installer/pkg/api"
 	"github.com/qlik-oss/sense-installer/pkg/qliksense"
 	appsv1 "k8s.io/api/apps/v1"
 	apiv1 "k8s.io/api/core/v1"
-	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/client-go/kubernetes"
-	restclient "k8s.io/client-go/rest"
-
+	"k8s.io/api/rbac/v1beta1"
 	k8serrors "k8s.io/apimachinery/pkg/api/errors"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/util/wait"
+	"k8s.io/client-go/kubernetes"
+	"k8s.io/client-go/rest"
+	"k8s.io/client-go/tools/clientcmd"
+	"k8s.io/client-go/util/retry"
 )
 
 var gracePeriod int64 = 0
@@ -39,6 +32,10 @@ type QliksensePreflight struct {
 	Q *qliksense.Qliksense
 }
 
+func (qp *QliksensePreflight) GetPreflightConfigObj() *api.PreflightConfig {
+	return api.NewPreflightConfig(qp.Q.QliksenseHome)
+}
+
 func InitPreflight() (string, []byte, error) {
 	api.LogDebugMessage("Reading .kube/config file...")
 
@@ -304,26 +301,24 @@ func deletePod(clientset *kubernetes.Clientset, namespace, name string) error {
 	return nil
 }
 
-func createPreflightTestPod(clientset *kubernetes.Clientset, namespace string, podName string, imageName string) (*apiv1.Pod, error) {
+func createPreflightTestPod(clientset *kubernetes.Clientset, namespace string, podName string, imageName string, commandToRun []string) (*apiv1.Pod, error) {
 	// build the pod definition we want to deploy
 	pod := &apiv1.Pod{
 		ObjectMeta: v1.ObjectMeta{
 			Name:      podName,
 			Namespace: namespace,
 			Labels: map[string]string{
-				"app": "demo",
+				"app": "preflight",
 			},
 		},
 		Spec: apiv1.PodSpec{
+			RestartPolicy: apiv1.RestartPolicyNever,
 			Containers: []apiv1.Container{
 				{
 					Name:            "cnt",
 					Image:           imageName,
 					ImagePullPolicy: apiv1.PullIfNotPresent,
-					Command: []string{
-						"sleep",
-						"3600",
-					},
+					Command:         commandToRun,
 				},
 			},
 		},
@@ -354,65 +349,68 @@ func getPod(clientset *kubernetes.Clientset, namespace, podName string) (*apiv1.
 	return pod, nil
 }
 
-func execute(method string, url *url.URL, config *restclient.Config, stdin io.Reader, stdout, stderr io.Writer, tty bool) error {
-	exec, err := remotecommand.NewSPDYExecutor(config, method, url)
+func getPodLogs(clientset *kubernetes.Clientset, pod *apiv1.Pod) (string, error) {
+	podLogOpts := apiv1.PodLogOptions{}
+
+	api.LogDebugMessage("Retrieving logs for pod: %s   namespace: %s\n", pod.GetName(), pod.Namespace)
+	req := clientset.CoreV1().Pods(pod.Namespace).GetLogs(pod.Name, &podLogOpts)
+	podLogs, err := req.Stream()
 	if err != nil {
-		return err
+		return "", err
 	}
-	return exec.Stream(remotecommand.StreamOptions{
-		Stdin:  stdin,
-		Stdout: stdout,
-		Stderr: stderr,
-		Tty:    tty,
-	})
+	defer podLogs.Close()
+	time.Sleep(15 * time.Second)
+	buf := new(bytes.Buffer)
+	_, err = io.Copy(buf, podLogs)
+	if err != nil {
+		return "", err
+	}
+	api.LogDebugMessage("Log from pod: %s\n", buf.String())
+	return buf.String(), nil
 }
 
-func executeRemoteCommand(clientset *kubernetes.Clientset, config *rest.Config, podName, containerName, namespace string, command []string) (string, string, error) {
-	tty := false
-	req := clientset.CoreV1().RESTClient().Post().
-		Resource("pods").
-		Name(podName).
-		Namespace(namespace).
-		SubResource("exec").
-		Param("container", containerName)
-	req.VersionedParams(&apiv1.PodExecOptions{
-		Container: containerName,
-		Command:   command,
-		Stdin:     false,
-		Stdout:    true,
-		Stderr:    true,
-		TTY:       tty,
-	}, scheme.ParameterCodec)
-
-	var stdout, stderr bytes.Buffer
-	err := execute("POST", req.URL(), config, nil, &stdout, &stderr, tty)
-	return strings.TrimSpace(stdout.String()), strings.TrimSpace(stderr.String()), err
-}
-
-func waitForDeployment(clientset *kubernetes.Clientset, namespace string, pfDeployment *appsv1.Deployment) error {
+func waitForResource(checkFunc func() (interface{}, error), validateFunc func(interface{}) bool) error {
 	timeout := time.NewTicker(2 * time.Minute)
 	defer timeout.Stop()
-	var d *appsv1.Deployment
-	var err error
-WAIT:
+OUT:
 	for {
-		d, err = getDeployment(clientset, namespace, pfDeployment.GetName())
+		r, err := checkFunc()
 		if err != nil {
-			err = fmt.Errorf("error: unable to retrieve deployment: %s\n", pfDeployment.GetName())
-			fmt.Println(err)
 			return err
 		}
 		select {
 		case <-timeout.C:
-			break WAIT
+			break OUT
 		default:
-			if int(d.Status.ReadyReplicas) > 0 {
-				break WAIT
+			if validateFunc(r) {
+				break OUT
 			}
 		}
 		time.Sleep(5 * time.Second)
 	}
-	if int(d.Status.ReadyReplicas) == 0 {
+	return nil
+}
+
+func waitForDeployment(clientset *kubernetes.Clientset, namespace string, pfDeployment *appsv1.Deployment) error {
+	var err error
+	depName := pfDeployment.GetName()
+	checkFunc := func() (interface{}, error) {
+		pfDeployment, err = getDeployment(clientset, namespace, depName)
+		if err != nil {
+			err = fmt.Errorf("error: unable to retrieve deployment: %s\n", depName)
+			fmt.Println(err)
+			return nil, err
+		}
+		return pfDeployment, nil
+	}
+	validateFunc := func(data interface{}) bool {
+		d := data.(*appsv1.Deployment)
+		return int(d.Status.ReadyReplicas) > 0
+	}
+	if err := waitForResource(checkFunc, validateFunc); err != nil {
+		return err
+	}
+	if int(pfDeployment.Status.ReadyReplicas) == 0 {
 		err = fmt.Errorf("error: deployment took longer than expected to spin up pods")
 		fmt.Println(err)
 		return err
@@ -422,82 +420,226 @@ WAIT:
 
 func waitForPod(clientset *kubernetes.Clientset, namespace string, pod *apiv1.Pod) error {
 	var err error
-	if len(pod.Spec.Containers) > 0 {
-		timeout := time.NewTicker(2 * time.Minute)
-		defer timeout.Stop()
-		podName := pod.Name
-	OUT:
-		for {
-			pod, err = getPod(clientset, namespace, podName)
-			if err != nil {
-				err = fmt.Errorf("error: unable to retrieve %s pod by name", podName)
-				fmt.Println(err)
-				return err
-			}
-			select {
-			case <-timeout.C:
-				break OUT
-			default:
-				if len(pod.Status.ContainerStatuses) > 0 && pod.Status.ContainerStatuses[0].Ready {
-					break OUT
-				}
-			}
-			time.Sleep(5 * time.Second)
-		}
-		if len(pod.Status.ContainerStatuses) == 0 || !pod.Status.ContainerStatuses[0].Ready {
-			err = fmt.Errorf("error: container is taking much longer than expected")
-			fmt.Println(err)
-			return err
-		}
-		return nil
+	if len(pod.Spec.Containers) == 0 {
+		err = fmt.Errorf("error: there are no containers in the pod")
+		fmt.Println(err)
+		return err
 	}
-	err = fmt.Errorf("error: there are no containers in the pod")
-	fmt.Println(err)
-	return err
+	podName := pod.Name
+	checkFunc := func() (interface{}, error) {
+		pod, err = getPod(clientset, namespace, podName)
+		if err != nil {
+			err = fmt.Errorf("error: unable to retrieve %s pod by name", podName)
+			fmt.Println(err)
+			return nil, err
+		}
+		return pod, nil
+	}
+	validateFunc := func(data interface{}) bool {
+		po := data.(*apiv1.Pod)
+		return len(po.Status.ContainerStatuses) > 0 && po.Status.ContainerStatuses[0].Ready
+	}
+
+	if err := waitForResource(checkFunc, validateFunc); err != nil {
+		return err
+	}
+	if len(pod.Status.ContainerStatuses) == 0 || !pod.Status.ContainerStatuses[0].Ready {
+		err = fmt.Errorf("error: container is taking much longer than expected")
+		fmt.Println(err)
+		return err
+	}
+	return nil
+}
+
+func waitForPodToDie(clientset *kubernetes.Clientset, namespace string, pod *apiv1.Pod) error {
+	podName := pod.Name
+	checkFunc := func() (interface{}, error) {
+		po, err := getPod(clientset, namespace, podName)
+		if err != nil {
+			err = fmt.Errorf("error: unable to retrieve %s pod by name", podName)
+			fmt.Println(err)
+			return nil, err
+		}
+		api.LogDebugMessage("pod status: %v\n", po.Status.Phase)
+		return po, nil
+	}
+	validateFunc := func(r interface{}) bool {
+		po := r.(*apiv1.Pod)
+		return po.Status.Phase == apiv1.PodFailed || po.Status.Phase == apiv1.PodSucceeded
+	}
+	if err := waitForResource(checkFunc, validateFunc); err != nil {
+		return err
+	}
+	return nil
 }
 
 func waitForPodToDelete(clientset *kubernetes.Clientset, namespace, podName string) error {
-	var err error
-	timeout := time.NewTicker(2 * time.Minute)
-	defer timeout.Stop()
-OUT:
-	for {
-		_, err = getPod(clientset, namespace, podName)
+	checkFunc := func() (interface{}, error) {
+		po, err := getPod(clientset, namespace, podName)
 		if err != nil {
-			return nil
+			return nil, err
 		}
-		select {
-		case <-timeout.C:
-			break OUT
-		default:
-
-		}
-		time.Sleep(5 * time.Second)
+		return po, nil
 	}
-	err = fmt.Errorf("error: delete pod is taking unusually long")
+	validateFunc := func(po interface{}) bool {
+		return false
+	}
+	if err := waitForResource(checkFunc, validateFunc); err != nil {
+		return nil
+	}
+	err := fmt.Errorf("error: delete pod is taking unusually long")
 	fmt.Println(err)
 	return err
 }
 
 func waitForDeploymentToDelete(clientset *kubernetes.Clientset, namespace, deploymentName string) error {
-	var err error
-	timeout := time.NewTicker(2 * time.Minute)
-	defer timeout.Stop()
-OUT:
-	for {
-		_, err = getDeployment(clientset, namespace, deploymentName)
+	checkFunc := func() (interface{}, error) {
+		dep, err := getDeployment(clientset, namespace, deploymentName)
 		if err != nil {
-			return nil
+			return nil, err
 		}
-		select {
-		case <-timeout.C:
-			break OUT
-		default:
-
-		}
-		time.Sleep(5 * time.Second)
+		return dep, nil
 	}
-	err = fmt.Errorf("error: delete deployment is taking unusually long")
+	validateFunc := func(po interface{}) bool {
+		return false
+	}
+	if err := waitForResource(checkFunc, validateFunc); err != nil {
+		return nil
+	}
+	err := fmt.Errorf("error: delete deployment is taking unusually long")
 	fmt.Println(err)
 	return err
 }
+
+func createPfRole(clientset *kubernetes.Clientset, namespace, roleName string) (*v1beta1.Role, error) {
+	// build the role defination we want to create
+	var role *v1beta1.Role
+	roleSpec := &v1beta1.Role{
+		ObjectMeta: v1.ObjectMeta{
+			Name:      roleName,
+			Namespace: namespace,
+			Labels: map[string]string{
+				"app": "preflight",
+			},
+		},
+		Rules: []v1beta1.PolicyRule{},
+	}
+
+	// now create the role in kubernetes cluster using the clientset
+	if err := retryOnError(func() (err error) {
+		role, err = clientset.RbacV1beta1().Roles(namespace).Create(roleSpec)
+		return err
+	}); err != nil {
+		fmt.Println(err)
+		return nil, err
+	}
+
+	fmt.Printf("Created role: %s\n", role.Name)
+
+	return role, nil
+}
+
+func deleteRole(clientset *kubernetes.Clientset, namespace string, role *v1beta1.Role) {
+	rolesClient := clientset.RbacV1beta1().Roles(namespace)
+
+	deletePolicy := v1.DeletePropagationForeground
+	deleteOptions := v1.DeleteOptions{
+		PropagationPolicy: &deletePolicy,
+	}
+	err := rolesClient.Delete(role.GetName(), &deleteOptions)
+	if err != nil {
+		log.Fatal(err)
+	}
+	fmt.Printf("Deleted role: %s\n\n", role.Name)
+}
+
+func createPfRoleBinding(clientset *kubernetes.Clientset, namespace, roleBindingName string) (*v1beta1.RoleBinding, error) {
+	var roleBinding *v1beta1.RoleBinding
+	// build the rolebinding defination we want to create
+	roleBindingSpec := &v1beta1.RoleBinding{
+		ObjectMeta: v1.ObjectMeta{
+			Name:      roleBindingName,
+			Namespace: namespace,
+			Labels: map[string]string{
+				"app": "demo",
+			},
+		},
+		Subjects: []v1beta1.Subject{
+			{
+				Kind:      "ServiceAccount",
+				APIGroup:  "",
+				Name:      "preflight-check-subject",
+				Namespace: namespace,
+			},
+		},
+		RoleRef: v1beta1.RoleRef{
+			APIGroup: "",
+			Kind:     "Role",
+			Name:     "preflight-check-roleref",
+		},
+	}
+
+	// now create the roleBinding in kubernetes cluster using the clientset
+	if err := retryOnError(func() (err error) {
+		roleBinding, err = clientset.RbacV1beta1().RoleBindings(namespace).Create(roleBindingSpec)
+		return err
+	}); err != nil {
+		fmt.Println(err)
+		return nil, err
+	}
+	fmt.Printf("Created RoleBinding: %s\n", roleBindingSpec.Name)
+	return roleBinding, nil
+}
+
+func deleteRoleBinding(clientset *kubernetes.Clientset, namespace string, roleBinding *v1beta1.RoleBinding) {
+	roleBindingClient := clientset.RbacV1beta1().RoleBindings(namespace)
+
+	deletePolicy := v1.DeletePropagationForeground
+	deleteOptions := v1.DeleteOptions{
+		PropagationPolicy: &deletePolicy,
+	}
+	err := roleBindingClient.Delete(roleBinding.GetName(), &deleteOptions)
+	if err != nil {
+		log.Fatal(err)
+	}
+	fmt.Printf("Deleted RoleBinding: %s\n\n", roleBinding.Name)
+}
+
+func createPfServiceAccount(clientset *kubernetes.Clientset, namespace, serviceAccountName string) (*apiv1.ServiceAccount, error) {
+	var serviceAccount *apiv1.ServiceAccount
+	// build the serviceAccount defination we want to create
+	serviceAccountSpec := &apiv1.ServiceAccount{
+		ObjectMeta: v1.ObjectMeta{
+			Name:      "preflight-check-test-serviceaccount",
+			Namespace: namespace,
+			Labels: map[string]string{
+				"app": "demo",
+			},
+		},
+	}
+
+	// now create the serviceAccount in kubernetes cluster using the clientset
+	if err := retryOnError(func() (err error) {
+		serviceAccount, err = clientset.CoreV1().ServiceAccounts(namespace).Create(serviceAccountSpec)
+		return err
+	}); err != nil {
+		fmt.Println(err)
+		return nil, err
+	}
+	fmt.Printf("Created Service Account: %s\n", serviceAccountSpec.Name)
+	return serviceAccount, nil
+}
+
+func deleteServiceAccount(clientset *kubernetes.Clientset, namespace string, serviceAccount *apiv1.ServiceAccount) {
+	serviceAccountClient := clientset.CoreV1().ServiceAccounts(namespace)
+
+	deletePolicy := v1.DeletePropagationForeground
+	deleteOptions := v1.DeleteOptions{
+		PropagationPolicy: &deletePolicy,
+	}
+	err := serviceAccountClient.Delete(serviceAccount.GetName(), &deleteOptions)
+	if err != nil {
+		log.Fatal(err)
+	}
+	fmt.Printf("Deleted ServiceAccount: %s\n\n", serviceAccount.Name)
+}

pkg/preflight/role_check.go

@@ -1,12 +1,137 @@
 package preflight
 
-func (qp *QliksensePreflight) CreateRoleCheck(namespace string, kubeConfigContents []byte) error {
+import (
+	"fmt"
+	"path/filepath"
+	"strings"
 
-	// create service account
+	"github.com/qlik-oss/sense-installer/pkg/api"
+	qapi "github.com/qlik-oss/sense-installer/pkg/api"
+	"github.com/qlik-oss/sense-installer/pkg/qliksense"
+)
 
-	// create role
-
-	// create rolebinding
+var resultYamlBytes = []byte("")
 
+func (qp *QliksensePreflight) CheckCreateRole(namespace string) error {
+	// create a Role
+	fmt.Printf("Preflight role check: \n")
+	err := qp.checkCreateEntity(namespace, "Role")
+	if err != nil {
+		return err
+	}
+	fmt.Println("Completed preflight role check")
+	return nil
+}
+
+func (qp *QliksensePreflight) CheckCreateRoleBinding(namespace string) error {
+	// create a RoleBinding
+	fmt.Printf("Preflight rolebinding check: \n")
+	err := qp.checkCreateEntity(namespace, "RoleBinding")
+	if err != nil {
+		return err
+	}
+	fmt.Println("Completed preflight rolebinding check")
+	return nil
+}
+
+func (qp *QliksensePreflight) CheckCreateServiceAccount(namespace string) error {
+	// create a service account
+	fmt.Printf("Preflight serviceaccount check: \n")
+	err := qp.checkCreateEntity(namespace, "ServiceAccount")
+	if err != nil {
+		return err
+	}
+	fmt.Println("Completed preflight serviceaccount check")
+	return nil
+}
+func (qp *QliksensePreflight) checkCreateEntity(namespace, entityToTest string) error {
+	qConfig := qapi.NewQConfig(qp.Q.QliksenseHome)
+	var currentCR *qapi.QliksenseCR
+	mfroot := ""
+	kusDir := ""
+	var err error
+	currentCR, err = qConfig.GetCurrentCR()
+	if err != nil {
+		fmt.Printf("Unable to retrieve current CR: %v\n", err)
+		return err
+	}
+	if currentCR.IsRepoExist() {
+		mfroot = currentCR.Spec.GetManifestsRoot()
+	} else if tempDownloadedDir, err := qliksense.DownloadFromGitRepoToTmpDir(qliksense.QLIK_GIT_REPO, "master"); err != nil {
+		fmt.Printf("Unable to Download from git repo to tmp dir: %v\n", err)
+		return err
+	} else {
+		mfroot = tempDownloadedDir
+	}
+
+	if currentCR.Spec.Profile == "" {
+		kusDir = filepath.Join(mfroot, "manifests", "docker-desktop")
+	} else {
+		kusDir = filepath.Join(mfroot, "manifests", currentCR.Spec.Profile)
+	}
+	if len(resultYamlBytes) == 0 {
+		resultYamlBytes, err = qliksense.ExecuteKustomizeBuild(kusDir)
+		if err != nil {
+			fmt.Printf("Unable to retrieve manifests from executing kustomize: %v\n", err)
+			return err
+		}
+	}
+	sa := qliksense.GetYamlsFromMultiDoc(string(resultYamlBytes), entityToTest)
+	if sa != "" {
+		sa = strings.Replace(sa, "name: qliksense", "name: preflight", -1)
+	} else {
+		err := fmt.Errorf("Unable to retrieve yamls to apply on cluster")
+		fmt.Println(err)
+		return err
+	}
+	namespace = "" // namespace is handled when generating the manifests
+
+	defer func() {
+		fmt.Println("Cleaning up resources")
+		api.KubectlDelete(sa, namespace)
+		if err != nil {
+			fmt.Println("Preflight cleanup failed!")
+		}
+	}()
+
+	err = api.KubectlApply(sa, namespace)
+	if err != nil {
+		err := fmt.Errorf("Failed to create entity on the cluster: %v", err)
+		fmt.Println(err)
+		return err
+	}
+
+	fmt.Printf("Preflight %s check: PASSED\n", entityToTest)
+	return nil
+}
+
+func (qp *QliksensePreflight) CheckCreateRB(namespace string, kubeConfigContents []byte) error {
+
+	// create a role
+	fmt.Printf("Preflight createRole check: \n")
+	err := qp.checkCreateEntity(namespace, "Role")
+	if err != nil {
+		fmt.Println("Preflight role check: FAILED")
+	}
+	fmt.Printf("Completed preflight role check\n\n")
+
+	// create a roleBinding
+	fmt.Printf("Preflight rolebinding check: \n")
+	err = qp.checkCreateEntity(namespace, "RoleBinding")
+	if err != nil {
+		fmt.Println("Preflight rolebinding check: FAILED")
+	}
+	fmt.Printf("Completed preflight rolebinding check\n\n")
+
+	// create a service account
+	fmt.Printf("Preflight serviceaccount check: \n")
+	err = qp.checkCreateEntity(namespace, "ServiceAccount")
+	if err != nil {
+		fmt.Println("Preflight serviceaccount check: FAILED")
+	}
+	fmt.Printf("Completed preflight serviceaccount check\n\n")
+
+	fmt.Println("Preflight RB check: PASSED")
+	fmt.Println("Completed preflight CreateRB check")
 	return nil
 }

pkg/preflight/version_check.go

@@ -7,8 +7,6 @@ import (
 	"k8s.io/apimachinery/pkg/version"
 )
 
-const minK8sVersion = "1.15.0"
-
 func (qp *QliksensePreflight) CheckK8sVersion(namespace string, kubeConfigContents []byte) error {
 
 	var currentVersion *semver.Version
@@ -38,7 +36,7 @@ func (qp *QliksensePreflight) CheckK8sVersion(namespace string, kubeConfigConten
 	}
 	//fmt.Printf("Current K8s Version: %v\n", currentVersion)
 
-	minK8sVersionSemver, err := semver.NewVersion(minK8sVersion)
+	minK8sVersionSemver, err := semver.NewVersion(qp.GetPreflightConfigObj().GetMinK8sVersion())
 	if err != nil {
 		err = fmt.Errorf("Unable to convert minimum Kubernetes version into semver version:%v\n", err)
 		fmt.Println(err)

pkg/qliksense/about.go

@@ -194,8 +194,10 @@ func getImageList(yamlContent []byte) ([]string, error) {
 		})
 	}
 	var sortedImageList []string
-	for image, _ := range imageMap {
+	for image, v := range imageMap {
 		sortedImageList = append(sortedImageList, image)
+		// a warning "simplify range expression" if written like this 'for image _ :=range imageMap'
+		_ = v
 	}
 	sort.Strings(sortedImageList)
 	return sortedImageList, nil

pkg/qliksense/about_test.go

@@ -525,12 +525,16 @@ func Test_About_getConfigDirectory(t *testing.T) {
 					if err := q.SetUpQliksenseDefaultContext(); err != nil {
 						t.Fatalf("error setting up default context in the tmp dir: %v\n", err)
 						return nil, "", "", ""
-					} else if err := q.FetchQK8s("master"); err != nil {
-						t.Fatalf("error fetching master config to the tmp dir: %v\n", err)
+					} else if qConfig, err := qapi.NewQConfigE(q.QliksenseHome); err != nil {
+						t.Fatalf("cannot initiallize qConfig: %v\n", err)
 						return nil, "", "", ""
-					} else {
-						return q, "no-git-clone-for-you", "", ""
+					} else if !qConfig.IsRepoExistForCurrent("master") {
+						if err := q.FetchQK8s("master"); err != nil {
+							t.Fatalf("error fetching master config to the tmp dir: %v\n", err)
+							return nil, "", "", ""
+						}
 					}
+					return q, "no-git-clone-for-you", "", ""
 				}
 			},
 			verify: func(q *Qliksense, configDir string, isTemporary bool, profile string) (ok bool, reason string, err error) {

pkg/qliksense/apply.go

@@ -18,8 +18,11 @@ func (q *Qliksense) ApplyCRFromReader(r io.Reader, opts *InstallCommandOptions,
 	if IsQliksenseInstalled(cr.GetName()) {
 		// it is needed in case want to upgrade from one version to another
 		if cr.Spec.ManifestsRoot == "" && cr.Spec.Git == nil {
-			if err := q.FetchQK8s(cr.GetLabelFromCr("version")); err != nil {
-				return err
+			v := cr.GetLabelFromCr("version")
+			if !qConfig.IsRepoExistForCurrent(v) {
+				if err := q.FetchQK8s(v); err != nil {
+					return err
+				}
 			}
 		}
 		return q.UpgradeQK8s(keepPatchFiles)

pkg/qliksense/config.go

@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"io/ioutil"
 	"os"
+	"os/exec"
 	"path"
 	"path/filepath"
 	"strings"
@@ -17,7 +18,7 @@ import (
 )
 
 const (
-	Q_INIT_CRD_PATH   = "manifests/base/manifests/qliksense-init"
+	Q_INIT_CRD_PATH   = "manifests/base/crds"
 	agreementTempalte = `
 	Please read the agreement at https://www.qlik.com/us/legal/license-terms
 	Accept the end user license agreement by providing acceptEULA=yes
@@ -145,21 +146,76 @@ func (q *Qliksense) getCurrentCrDependentResourceAsString() (string, error) {
 	var crString strings.Builder
 
 	for svcName, v := range qcr.Spec.Secrets {
+		hasFile := false
 		for _, item := range v {
 			if item.ValueFrom != nil && item.ValueFrom.SecretKeyRef != nil {
-				secretFilePath := filepath.Join(q.QliksenseHome, QliksenseContextsDir, qcr.GetName(), QliksenseSecretsDir, svcName+".yaml")
-
-				if api.FileExists(secretFilePath) {
-					secretFile, err := ioutil.ReadFile(secretFilePath)
-					if err != nil {
-						return "", err
-					}
-					crString.WriteString("\n---\n")
-					crString.Write(secretFile)
+				hasFile = true
+				break
+			}
+		}
+		if hasFile {
+			secretFilePath := filepath.Join(q.QliksenseHome, QliksenseContextsDir, qcr.GetName(), QliksenseSecretsDir, svcName+".yaml")
+			if api.FileExists(secretFilePath) {
+				secretFile, err := ioutil.ReadFile(secretFilePath)
+				if err != nil {
+					return "", err
 				}
+				crString.WriteString("\n---\n")
+				crString.Write(secretFile)
 			}
 		}
 	}
 	crString.WriteString("\n---\n")
 	return crString.String(), nil
 }
+
+func (q *Qliksense) EditCR(contextName string) error {
+	qConfig := qapi.NewQConfig(q.QliksenseHome)
+	if contextName == "" {
+		cr, err := qConfig.GetCurrentCR()
+		if err != nil {
+			return err
+		}
+		contextName = cr.GetName()
+	}
+	crFilePath := qConfig.GetCRFilePath(contextName)
+	tempFile, err := ioutil.TempFile("", "*.yaml")
+	if err != nil {
+		return err
+	}
+	crContent, err := ioutil.ReadFile(crFilePath)
+	if err != nil {
+		return err
+	}
+	if err := ioutil.WriteFile(tempFile.Name(), crContent, os.ModePerm); err != nil {
+		return nil
+	}
+	cmd := exec.Command(getKubeEditorTool(), tempFile.Name())
+	cmd.Stdin = os.Stdin
+	cmd.Stdout = os.Stdout
+	err = cmd.Run()
+	if err != nil {
+		return err
+	}
+	newCr, err := qapi.GetCRObject(tempFile.Name())
+	if err != nil {
+		return errors.New("cannot save the cr. Someting wrong in the file format. It is not saved\n" + err.Error())
+	}
+	oldCr, err := qapi.GetCRObject(crFilePath)
+
+	if oldCr.GetName() != newCr.GetName() {
+		return errors.New("cr name cannot be chagned")
+	}
+	if newCr.Validate() {
+		return qConfig.WriteCR(newCr)
+	}
+	return nil
+}
+
+func getKubeEditorTool() string {
+	editor := os.Getenv("KUBE_EDITOR")
+	if editor == "" {
+		editor = "vim"
+	}
+	return editor
+}

pkg/qliksense/context_configs.go

@@ -1,8 +1,9 @@
 package qliksense
 
 import (
-	"crypto/rsa"
+	"errors"
 	"fmt"
+	"io"
 
 	"github.com/qlik-oss/k-apis/pkg/config"
 	"github.com/robfig/cron/v3"
@@ -33,12 +34,27 @@ const (
 	MaxContextNameLength    = 17
 	QliksenseSecretsDir     = "secrets"
 
-	imageRegistryConfigKey = "imageRegistry"
-	pullSecretName         = "artifactory-docker-secret"
+	imageRegistryConfigKey     = "imageRegistry"
+	pullSecretName             = "artifactory-docker-secret"
+	qliksenseOperatorImageRepo = "qlik-docker-oss.bintray.io"
+	qliksenseOperatorImageName = "qliksense-operator"
 )
 
+func (q *Qliksense) SetSecretsFromReader(arg string, reader io.Reader, createSecret, base64Encoded bool) error {
+	//take only name from the arguments, value should be from reader
+	argName := strings.SplitN(arg, "=", 1)
+	if len(argName) != 1 {
+		return errors.New("can only have one argument from pipe")
+	}
+	valueBytes, err := ioutil.ReadAll(reader)
+	if err != nil {
+		return err
+	}
+	return q.SetSecrets([]string{argName[0] + "=" + string(valueBytes)}, createSecret, base64Encoded)
+}
+
 // SetSecrets - set-secrets <key>=<value> commands
-func (q *Qliksense) SetSecrets(args []string, isSecretSet bool) error {
+func (q *Qliksense) SetSecrets(args []string, isSecretSet bool, base64Encoded bool) error {
 	qConfig := api.NewQConfig(q.QliksenseHome)
 	qliksenseCR, err := qConfig.GetCurrentCR()
 	if err != nil {
@@ -47,17 +63,17 @@ func (q *Qliksense) SetSecrets(args []string, isSecretSet bool) error {
 
 	// Metadata name in qliksense CR is the name of the current context
 	api.LogDebugMessage("Current context: %s", qliksenseCR.GetName())
-	rsaPublicKey, _, err := qConfig.GetCurrentContextEncryptionKeyPair()
+	encryptionKey, err := qConfig.GetEncryptionKeyForCurrent()
 	if err != nil {
 		return err
 	}
-	resultArgs, err := api.ProcessConfigArgs(args)
+	resultArgs, err := api.ProcessConfigArgs(args, base64Encoded)
 	if err != nil {
 		return err
 	}
 	for _, ra := range resultArgs {
 		api.LogDebugMessage("value args to be encrypted: %s", ra.Value)
-		if err := q.processSecret(ra, rsaPublicKey, qliksenseCR, isSecretSet); err != nil {
+		if err := q.processSecret(ra, encryptionKey, qliksenseCR, isSecretSet); err != nil {
 			return err
 		}
 	}
@@ -65,14 +81,11 @@ func (q *Qliksense) SetSecrets(args []string, isSecretSet bool) error {
 	return qConfig.WriteCR(qliksenseCR)
 }
 
-func (q *Qliksense) processSecret(ra *api.ServiceKeyValue, rsaPublicKey *rsa.PublicKey, qliksenseCR *api.QliksenseCR, isSecretSet bool) error {
-	// encrypt value with RSA key pair
-	valueBytes := []byte(ra.Value)
-	cipherText, e2 := api.Encrypt(valueBytes, rsaPublicKey)
+func (q *Qliksense) processSecret(ra *api.ServiceKeyValue, encryptionKey string, qliksenseCR *api.QliksenseCR, isSecretSet bool) error {
+	cipherText, e2 := api.EncryptData([]byte(ra.Value), encryptionKey)
 	if e2 != nil {
 		return e2
 	}
-	base64EncodedSecret := b64.StdEncoding.EncodeToString(cipherText)
 	secretName := ""
 	if isSecretSet {
 		secretFolder := qliksenseCR.GetK8sSecretsFolder(q.QliksenseHome)
@@ -104,7 +117,8 @@ func (q *Qliksense) processSecret(ra *api.ServiceKeyValue, rsaPublicKey *rsa.Pub
 		if k8sSecret.Data == nil {
 			k8sSecret.Data = map[string][]byte{}
 		}
-		k8sSecret.Data[ra.Key] = []byte(base64EncodedSecret)
+		// v1.Secret does enconding, so no need to encode again
+		k8sSecret.Data[ra.Key] = []byte(cipherText)
 
 		// Write secret to file
 		k8sSecretBytes, err := api.K8sSecretToYaml(k8sSecret)
@@ -117,18 +131,28 @@ func (q *Qliksense) processSecret(ra *api.ServiceKeyValue, rsaPublicKey *rsa.Pub
 			return err
 		}
 		api.LogDebugMessage("Created a Kubernetes secret")
-
-		// Prepare args to update CR in the next step
-		base64EncodedSecret = ""
 	}
-
+	base64EncodedSecret := b64.StdEncoding.EncodeToString([]byte(cipherText))
 	// write into CR the keyref of the secret
 	qliksenseCR.Spec.AddToSecrets(ra.SvcName, ra.Key, base64EncodedSecret, secretName)
 	return nil
 }
 
+func (q *Qliksense) SetConfigFromReader(arg string, reader io.Reader, base64Encoded bool) error {
+	//take only name from the arguments, value should be from reader
+	argName := strings.SplitN(arg, "=", 1)
+	if len(argName) != 1 {
+		return errors.New("can only have one argument from pipe")
+	}
+	valueBytes, err := ioutil.ReadAll(reader)
+	if err != nil {
+		return err
+	}
+	return q.SetConfigs([]string{argName[0] + "=" + string(valueBytes)}, base64Encoded)
+}
+
 // SetConfigs - set-configs <key>=<value> commands
-func (q *Qliksense) SetConfigs(args []string) error {
+func (q *Qliksense) SetConfigs(args []string, base64Encoded bool) error {
 	// retieve current context from config.yaml
 	qConfig := api.NewQConfig(q.QliksenseHome)
 	qliksenseCR, err := qConfig.GetCurrentCR()
@@ -136,7 +160,7 @@ func (q *Qliksense) SetConfigs(args []string) error {
 		return err
 	}
 
-	resultArgs, err := api.ProcessConfigArgs(args)
+	resultArgs, err := api.ProcessConfigArgs(args, base64Encoded)
 	if err != nil {
 		return err
 	}
@@ -216,43 +240,130 @@ func (q *Qliksense) SetOtherConfigs(args []string) error {
 	}
 
 	for _, arg := range args {
-		argsString := strings.Split(arg, "=")
-		key := strings.ToLower(argsString[0])
-		value := argsString[1]
-		// check if key is for git or gitops (sub objects)
-		keySplit := strings.Split(key, ".")
-		key = keySplit[0]
-		keySub := ""
-
-		if len(keySplit) == 2 {
-			keySub = strings.ToLower(keySplit[1])
-		}
-
-		valid := true
-		valid, qliksenseCR = validateCR(key, keySub, value, qliksenseCR)
-		field := caseInsenstiveFieldByName(reflect.Indirect(reflect.ValueOf(qliksenseCR.Spec)), key)
-		if !valid {
-			err := fmt.Errorf("Please enter one of: profile, storageClassName,rotateKeys, manifestRoot, git.repository or gitops arguments to configure the current context")
-			return err
-		} else if strings.EqualFold("", keySub) {
-			// set spec for everything excluding git and gitops
-			if field.CanSet() {
-				field.SetString(value)
+		if strings.HasPrefix(arg, "fetchSource.") {
+			if err := q.processSetFetchSource(arg, qliksenseCR); err != nil {
+				return err
+			}
+		} else if strings.HasPrefix(arg, "git.") {
+			if err := q.processSetGit(arg, qliksenseCR); err != nil {
+				return err
+			}
+		} else if strings.HasPrefix(arg, "gitOps.") {
+			if err := q.processSetGitOps(arg, qliksenseCR); err != nil {
+				return err
 			}
 		} else {
-			// set spec for git or gitops
-			subField := caseInsenstiveFieldByName(reflect.Indirect(field), keySub)
-			if subField.CanSet() {
-				subField.SetString(value)
+			if err := processSetSingleArg(arg, qliksenseCR); err != nil {
+				return err
 			}
 		}
-
 		fmt.Println(chalk.Green.Color("Successfully added to Custom Resource Spec"))
 	}
+
 	// write modified content into context.yaml
 	return qConfig.WriteCR(qliksenseCR)
 }
 
+func processSetSingleArg(arg string, cr *api.QliksenseCR) error {
+	nv := strings.Split(arg, "=")
+	switch nv[0] {
+	case "manifestsRoot":
+		cr.Spec.ManifestsRoot = nv[1]
+	case "profile":
+		cr.Spec.Profile = nv[1]
+	case "storageClassName":
+		cr.Spec.StorageClassName = nv[1]
+	case "rotateKeys":
+		valid := false
+		for _, v := range []string{"yes", "no", "None"} {
+			if nv[1] == v {
+				valid = true
+			}
+		}
+		if !valid {
+			return errors.New("please povide rotateKeys=yes|no|None")
+		}
+		cr.Spec.RotateKeys = nv[1]
+	default:
+		return errors.New("Please enter one of: profile, storageClassName,rotateKeys, manifestRoot to configure the current context")
+	}
+	return nil
+}
+
+func (q *Qliksense) processSetFetchSource(arg string, cr *api.QliksenseCR) error {
+	args := strings.Split(arg, "=")
+	subs := strings.Split(args[0], ".")
+	if cr.Spec.FetchSource == nil {
+		cr.Spec.FetchSource = &config.Repo{}
+	}
+	switch subs[1] {
+	case "repository":
+		cr.Spec.FetchSource.Repository = args[1]
+	case "accessToken":
+		qConfig := api.NewQConfig(q.QliksenseHome)
+		key, err := qConfig.GetEncryptionKeyFor(cr.GetName())
+		if err != nil {
+			return err
+		}
+		return cr.SetFetchAccessToken(args[1], key)
+	case "secretName":
+		cr.Spec.FetchSource.SecretName = args[1]
+	case "userName":
+		cr.Spec.FetchSource.UserName = args[1]
+	default:
+		return errors.New(arg + " does not match any cr spec")
+	}
+	return nil
+}
+
+func (q *Qliksense) processSetGit(arg string, cr *api.QliksenseCR) error {
+	args := strings.Split(arg, "=")
+	subs := strings.Split(args[0], ".")
+	if cr.Spec.Git == nil {
+		cr.Spec.Git = &config.Repo{}
+	}
+	switch subs[1] {
+	case "repository":
+		cr.Spec.Git.Repository = args[1]
+	case "accessToken":
+		cr.Spec.Git.AccessToken = args[1]
+	case "secretName":
+		cr.Spec.Git.SecretName = args[1]
+	case "userName":
+		cr.Spec.Git.UserName = args[1]
+	default:
+		return errors.New(arg + " does not match any cr spec")
+	}
+	return nil
+}
+
+func (q *Qliksense) processSetGitOps(arg string, cr *api.QliksenseCR) error {
+	args := strings.Split(arg, "=")
+	subs := strings.Split(args[0], ".")
+	if cr.Spec.Git == nil {
+		cr.Spec.GitOps = &config.GitOps{}
+	}
+	switch subs[1] {
+	case "enabled":
+		if args[1] != "yes" && args[1] != "no" {
+			return errors.New("Please use yes or no for key enabled")
+		}
+		cr.Spec.GitOps.Enabled = args[1]
+	case "schedule":
+		if _, err := cron.ParseStandard(args[1]); err != nil {
+			return errors.New("Please enter string with standard cron scheduling syntax ")
+		}
+		cr.Spec.GitOps.Schedule = args[1]
+	case "watchBranch":
+		cr.Spec.GitOps.WatchBranch = args[1]
+	case "image":
+		cr.Spec.GitOps.Image = args[1]
+	default:
+		return errors.New(arg + " does not match any cr spec")
+	}
+	return nil
+}
+
 // SetContextConfig - set the context for qliksense kubernetes resources to live in
 func (q *Qliksense) SetContextConfig(args []string) error {
 	if len(args) == 1 {
@@ -401,7 +512,7 @@ func (q *Qliksense) SetUpQliksenseContext(contextName string) error {
 	}
 
 	// set the encrypted default mongo
-	return q.SetSecrets([]string{`qliksense.mongoDbUri="mongodb://qlik-default-mongodb:27017/qliksense?ssl=false"`}, false)
+	return q.SetSecrets([]string{`qliksense.mongoDbUri="mongodb://qlik-default-mongodb:27017/qliksense?ssl=false"`}, false, false)
 }
 
 func validateInput(input string) (string, error) {
@@ -422,7 +533,8 @@ func validateInput(input string) (string, error) {
 	return input, err
 }
 
-// PrepareK8sSecret decodes and decrypts the secret value in the secret.yaml file and returns a B64encoded string
+// PrepareK8sSecret targetFile contains base64 encoded value of encrypted value.
+// this method decodes and decrypts the secret value in the secret.yaml file and returns a B64encoded string
 func (q *Qliksense) PrepareK8sSecret(targetFile string) (string, error) {
 	// check if targetFile exists
 	if !api.FileExists(targetFile) {
@@ -431,7 +543,7 @@ func (q *Qliksense) PrepareK8sSecret(targetFile string) (string, error) {
 		return "", err
 	}
 	qConfig := api.NewQConfig(q.QliksenseHome)
-	_, rsaPrivateKey, err := qConfig.GetCurrentContextEncryptionKeyPair()
+	encryptionKey, err := qConfig.GetEncryptionKeyForCurrent()
 	if err != nil {
 		return "", err
 	}
@@ -449,17 +561,13 @@ func (q *Qliksense) PrepareK8sSecret(targetFile string) (string, error) {
 	dataMap := k8sSecret1.Data
 	var resultMap = make(map[string][]byte)
 	for k, v := range dataMap {
-		ba, err := b64.StdEncoding.DecodeString(string(v))
-		if err != nil {
-			err := fmt.Errorf("Not able to decode message: %v", err)
-			return "", err
-		}
-		decryptedString, err := api.Decrypt(ba, rsaPrivateKey)
+		//k8s secrets has already base64 decoed value
+		decryptedString, err := api.DecryptData(v, encryptionKey)
 		if err != nil {
 			err := fmt.Errorf("Not able to decrypt message: %v", err)
 			return "", err
 		}
-		resultMap[k] = decryptedString
+		resultMap[k] = []byte(decryptedString)
 	}
 
 	// putting the above map back into the k8sSecret struct

pkg/qliksense/context_configs_test.go

@@ -35,119 +35,35 @@ metadata:
   name: testctx-qliksense-senseinstaller
 type: Opaque
 `
-var encText = "SFpVZ2t5SGsrN2lLQjlTYm9rbFUxSDFRcmVYdUxhTW9MUHlQOGtGditxMEcwZTlIZDl1dVRrV0tEYm5qUURSWFp3dStuNklueGk3anI2c1djSVdsbWlKTHdWQUJwdUg0a1NXd3llMUlMa2oxK3FRSFlMM2dQUExvN1pBYkVDeDROMUVvam12M0t0NmQwbkdhSXlWWEpmWWJUVVFDM1Y4L0ZTVXBVN0JUb0l4OVZWdmlPam5HTHk4RlF2a3RUaHJxWTUvZEh2N3pVUmhiOTc2Q2YwbEovZ3I2L2NwRk9RMUFXVXdodVhrTG9lYjVzNFdtTEZzNldqT3k0bWlKM1J6VllLaWVUSFJ2SE85eDB6dUthanRwSGEzWEZkaE5QNnpySVJJNTRFalUyblVYYUNlYXVnWnZEOUxjdWluOFhFcjExbkFINURCUDAycXhoZk5BejVoMlV2eFNWVmR0aW1QTDBhMVBJTUxGQTgyWUkrQkFOQkhkSUNnZGU5SkxIRFBoTzR6c0llaE1LRmhVQkNoOUhQa3kyRnhTeDJ3YWp3M1UycEsvcFJVZUxDazRUbkhmL25LN3h5ekdpV3dSUFFFZHdsWE5JbUhjVlVPV3gvNWh4WlJCUTZtb3pGYk1HbXR1Mkh5Z3RVV2gzNFYzd1BhS01TNFRsa0hyODFjRjVCWVpxenBFK1pKWnVyLy8zbzJsU0tFMjMxTG1pcGk1K0FqbXZvUVcyWHBocjFNVWJQY1pXUkJFRkkyQXBCM0FhQXFPa0k1MkRqNG43Mko5bCtaMzdydTk1aHk5K1lzY0FxMjZVbExYRlc0S3RUUkRLSjlMNnVmdlIrUUNudER3em5UTFRHUnEwZU5COWt6S0Q4MFlUdXozeHNXK3cxdjlHbDJaMnBZMTZWTCtEV1k9"
 var decText = "mongodb://qlik-default-mongodb:27017/qliksense?ssl=false"
 
-func setupTargetFileAndPrivateKey() ([]byte, []byte, string, error) {
-	targetFileString := fmt.Sprintf(targetFileStringTemplate, encText)
-	privKeyBytes := []byte(`-----BEGIN RSA PRIVATE KEY-----
-MIIJJwIBAAKCAgEApFf3qCQhAr2QLRRZdhLyB8exLjrQiXLr8hwDe0xHSLJX3w7v
-5z4ujJWrHUulQ2/hvS8uffxMVrp2YqeA4sjy/ku1KqZVQv/WNTdL2v9Z1ewbRnBj
-DQvmkWDKZ+cP8VPdHGzQ4iM2z6BZ4RQTkdQMKqsVwUsLO9amI2TOny/M696eFRW0
-pk4+W3QZZRawT0HqJPvKKXKqoO2+62W54rOV8glJi29Do06e4S6CZUl1hBUy0VlL
-trLlRSOHTois0dF2a9f7+GGgU11MHO6w1k1NesSlfZ0vnrrkW8WFLqewk+Jj+w1x
-eQnYHOeHjx6zi9f9DC96eSylSB3iJ71NmXcMc0IEZ2LiQIqTL83BLOgMBCsK3FSl
-GMakQUR2GJ+M0I/selYkRMhid6eOmhlsTNMPbpcTHxZ+ReIzS+5B1X0FZ7RIL+jS
-L9mFcxmD3dxurrrt/DkLpXcuWdi1s1bpVn3jIQhU0+bgA6hT0k8Kj2f3Q9QnvkHS
-Eff+XyLvLwQeSsSAcnM+1I7fNSPEo2cq0au6ZtjHcirXmMminAQ6cKW1XrEvJBef
-HHibtjJjIM4bHH7MKRA5H3km/J4CCwI1VogSTcE05Z6ypAFU2TCrnec9c9VXkRDP
-94h0GuoG8sdhmQudqvghr/8T7CV+sGRQbdeqrXwanfnGPrjcMVIO/dSOxOUCAwEA
-AQKCAgA5b2TmJnpC8u0IVCxPz582iNurRHLNFpTPMGsnFCl1hp6fHiFJt7mc+FGt
-E1rWjqtd6rdc4Gfth40IPXIV0BTcOqk+FpOFrtO2FXU1PDixQqrlmzGCxb324NTc
-KyyvMpf77yuxXI0zUt8WgmW0eV8nKlOYEhoC96lohTqQ96uuY0bsJ4HS/VVdsN2P
-Lra/fFHQSw8EHUb0pyIqMoscZ5bn18cUK/Z/hGKSYCbCL0Iavy3bbFHBsBPgbeJD
-2BBN4953Iiy1Sak2eUy4b9LtkmaZmVAc7mpOFxLn38gD3icgB+bZPoGBw6b7sw71
-Pc2R+hI9x/oNj0TUR11adhZApBJ9RhBbnSCUt8OUt9U5prNj+9qs8cHJGywtz1da
-ZT1M6mn2MFSsaOyOlJPzGUzSf4AhI7HiouDpLHtHDqLmc8Vv4rZUqrcFw6kZTCY5
-564yE8hh/UimOgQr7467/hADHZ0kBsupFEDWRqQ3qTIikHmGhTYZehDrSGL/3BMG
-rvsFdv0krUHyW4FfHqPN09jfP3LTqd5vVbzRhxcGsoGmP/1kXIDtO8Cp1s/K6Mse
-tInRCRla8ttZ3CZZ+Vf8HLi/n8XSRfbnMGYi7lVVxnp6kNsTEBgosbdU/r1zbMRJ
-8mMMHygyugaRLHmOD/8fkWLfyR88cxPH8u9NufTfvJgiFpZboQKCAQEA0uSU6IGZ
-pXIVZdmDWt4mxpS5T2UYarw3V9z/Isd3kkUU5YrC2XrvPRwmx5Jh9GXl9WENYJAR
-wH7PaJT0HpBwpxJa1RqHHDSka7DnDcy44oRXyM7e2AmcW8QvcDty/0HPo4oZq4IT
-m/+ot1R+bIpmJOweGRhVauzxJEUlQyt+kiH/ad8GiOS6LwqFPq42alnUxPQ106wF
-EZZ2WQdzkyV6tF9aMG18AT1fJsGwNjCLRxJ52t/aEUP5mYwlL2UTT5Acn8KbtrTO
-fFLAxGuB9LDdT1tGgIpzsXmxAaaeuPvSK4TDFdQyLAUdQJdz0GD9j9ciMPQH3UPe
-Vjt6qtpfY6QK2wKCAQEAx36Vys5BlQI0TG6qORI0fiOYpLG1GqmdbCNRgBUsMj5T
-LFe7uSd4qnDvGmns4MdkSSOlpF17bQiWhWKbjKRQpT0U/46zcIT4pWyajXJe+i9H
-M/DpSRkMq2kGkx6KX2u9L66QBzcxJjtS17amdSpDAfsrvJgOWkxxInzw9n1u6aTe
-ZjRDXdVX0KjPebEPOaoJToxne21Od3t+47TnDsQPsO1dvvrXX76IfH8cAlD5+0C/
-b2YvDqWDmh9ICjKShwuDWgi4KjCV5PMHCIxH0FQ2L6mSbwIb9YgGin3wjN3KbWqz
-dgEu7MeDxEwxZSSg4OstYVLQVgM39G/2ZA4YVJEbPwKCAQAo9FjymhBzb6c2Izp+
-D/wpvkIKaBCI0cpRlso5P9E5p466UOsr/tKs5GWnhgbdxlgVAebuJKw93KJ8pciO
-kvA9kbPwBHnOgW6Ytz73kBUrcBX4GixueddSftPTkMfxSB+Bm9UGWHlkZw6lo5P1
-kh7p9qyVpQMZg7AEoiTtWWn4CQAn2DbVqM17Syi7Fmvc1VsbcG1vkM1fMAAFpAvO
-vI2Kr6W9F9XoC7oJtb15mI3DnJPrbGNVzQSQzAWAoblRTyQv5kQFBDHBNPTYcCRJ
-l3sy6P/VAI4dHgvAzVGvjL+w0dRszct8fvXCUGceRWeYYmfyZ8GLN53a0ywsN8Ik
-gHvXAoIBACee5HEa9bt6bJihgf1DuFk1CKPtB2L8PN+1RAKEMfrolexAoG/tfvGa
-7GH6l6ks8KX2BnfWeST2h66GHw6Xs8ydjQYUeV7nidqQ70EYbfSSXznZpvt1liaU
-/VFKx4CcDT7jFIfaVlCZh6KADB9I/XXvRIh4SqF0fSO0XMcXsmeE7watapPAQ2iV
-nl804yk4tBB9oi/JTcQ9Kr5et2UfW15wRiYf+5ZwaPsQ46cyHfPgsCSXztDB3plF
-jTE5ShC4IKZJBQqcC6kk+0ifU8P0da6RpxuU96iUE3h9+sB/bCy+/FV7dq5gEbNy
-znygAbOqAaFKqUXr7bkGY5ELm5lwGFECggEACcyaF9mMqLGghR55ew+cMmdeYdK3
-meMLi5nrgtbQpVLlz+IV7Vdmrv7lZjeTr4nvU/5miU+p+If14CCFBiSucGq3Kmyp
-OSM5cNCjDhw8uIDfY2qWCrZ2NSMR3qaAoBAQyQ2ER1IL98TDF/Qui0ZatbPiM4Ns
-GErhkBZh3MCDSt24yiVKcUB79BxatWB4K7h7y8wqpX4Rj7rpfJMF7wz/I1cgyuCE
-7XFpRwj7F1B2MmXnvV3KAgAD0EqrJDLeM0vIlDhpOUEaFUkuqmQyeB8qQkWfyXbD
-jzloS3cNq0MBijB8oixwD2b4dVhBM7z8vQMX6OntN+97luWgO8OIukoYAg==
------END RSA PRIVATE KEY-----
-`)
+func setupTargetFileAndPrivateKey() (string, string, error) {
 
-	publicKeyBytes := []byte(`-----BEGIN RSA PUBLIC KEY-----
-MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApFf3qCQhAr2QLRRZdhLy
-B8exLjrQiXLr8hwDe0xHSLJX3w7v5z4ujJWrHUulQ2/hvS8uffxMVrp2YqeA4sjy
-/ku1KqZVQv/WNTdL2v9Z1ewbRnBjDQvmkWDKZ+cP8VPdHGzQ4iM2z6BZ4RQTkdQM
-KqsVwUsLO9amI2TOny/M696eFRW0pk4+W3QZZRawT0HqJPvKKXKqoO2+62W54rOV
-8glJi29Do06e4S6CZUl1hBUy0VlLtrLlRSOHTois0dF2a9f7+GGgU11MHO6w1k1N
-esSlfZ0vnrrkW8WFLqewk+Jj+w1xeQnYHOeHjx6zi9f9DC96eSylSB3iJ71NmXcM
-c0IEZ2LiQIqTL83BLOgMBCsK3FSlGMakQUR2GJ+M0I/selYkRMhid6eOmhlsTNMP
-bpcTHxZ+ReIzS+5B1X0FZ7RIL+jSL9mFcxmD3dxurrrt/DkLpXcuWdi1s1bpVn3j
-IQhU0+bgA6hT0k8Kj2f3Q9QnvkHSEff+XyLvLwQeSsSAcnM+1I7fNSPEo2cq0au6
-ZtjHcirXmMminAQ6cKW1XrEvJBefHHibtjJjIM4bHH7MKRA5H3km/J4CCwI1VogS
-TcE05Z6ypAFU2TCrnec9c9VXkRDP94h0GuoG8sdhmQudqvghr/8T7CV+sGRQbdeq
-rXwanfnGPrjcMVIO/dSOxOUCAwEAAQ==
------END RSA PUBLIC KEY-----
-`)
-
-	targetFile := filepath.Join(testDir, "targetfile.yaml")
-	// tests/config.yaml exists
-	err := ioutil.WriteFile(targetFile, []byte(targetFileString), 0777)
-	if err != nil {
-		log.Printf("Error while creating file: %v", err)
-		return nil, nil, "", err
-	}
-
-	secretKeyPairDir := filepath.Join(testDir, secrets, contexts, qlikDefaultContext, secrets)
-	if err := os.MkdirAll(secretKeyPairDir, 0777); err != nil {
+	secretKeyLocation := filepath.Join(testDir, secrets, contexts, qlikDefaultContext, secrets)
+	if err := os.MkdirAll(secretKeyLocation, 0777); err != nil {
 		err = fmt.Errorf("Not able to create directories")
 		log.Fatal(err)
 	}
-	os.Setenv("QLIKSENSE_KEY_LOCATION", secretKeyPairDir)
+	os.Setenv("QLIKSENSE_KEY_LOCATION", secretKeyLocation)
 
-	privKeyFile := filepath.Join(secretKeyPairDir, "qliksensePriv")
-	// construct and write priv key file into secretsDir location
-	err = ioutil.WriteFile(privKeyFile, privKeyBytes, 0777)
+	//privKeyFile := filepath.Join(secretKeyLocation, "user_secret_key")
+	key, err := api.LoadSecretKey(secretKeyLocation)
+	if key == "" {
+		key, err = api.GenerateAndStoreSecretKey(secretKeyLocation)
+	}
+	encData, _ := api.EncryptData([]byte(decText), key)
+	encText := b64.StdEncoding.EncodeToString(encData)
+
+	targetFileString := fmt.Sprintf(targetFileStringTemplate, encText)
+	targetFile := filepath.Join(testDir, "targetfile.yaml")
+	// tests/config.yaml exists
+	err = ioutil.WriteFile(targetFile, []byte(targetFileString), 0777)
 	if err != nil {
 		log.Printf("Error while creating file: %v", err)
-		return nil, nil, "", err
+		return "", "", err
 	}
-	pubKeyFile := filepath.Join(secretKeyPairDir, "qliksensePub")
-	api.LogDebugMessage("Test setup - \npub key path: %s\n, priv key path: %s\n", pubKeyFile, privKeyFile)
-	// construct and write pub key file into secretsDir location
-	err = ioutil.WriteFile(pubKeyFile, publicKeyBytes, 0777)
-	if err != nil {
-		log.Printf("Error while creating file: %v", err)
-		return nil, nil, "", err
-	}
-	return publicKeyBytes, privKeyBytes, targetFile, nil
-}
 
-func removePrivateKey() {
-	err := os.Remove(filepath.Join(testDir, secrets, contexts, qlikDefaultContext, secrets, "qliksensePriv"))
-	if err != nil {
-		log.Fatalf("Could not delete private key %v", err)
-	}
-	return
+	return targetFile, key, err
 }
 
 func setup() func() {
@@ -328,7 +244,7 @@ func TestSetOtherConfigs(t *testing.T) {
 				q: &Qliksense{
 					QliksenseHome: testDir,
 				},
-				args: []string{"profile=minikube", "rotateKeys=yes", "storageClassName=efs", "gitops.enabled=yes", "gitops.schedule=30 * * * *", "git.repository=master", "git.username=foo", "git.accesstoken=1234"},
+				args: []string{"profile=minikube", "rotateKeys=yes", "storageClassName=efs", "gitOps.enabled=yes", "gitOps.schedule=30 * * * *", "git.repository=master", "git.userName=foo", "git.accessToken=1234"},
 			},
 			wantErr: false,
 		},
@@ -338,7 +254,7 @@ func TestSetOtherConfigs(t *testing.T) {
 				q: &Qliksense{
 					QliksenseHome: testDir,
 				},
-				args: []string{"someconfig=somevalue, gitops.schedule=bar", "gitops.enabled=bar", "git.foo=bar", "rotatekeys=bar"},
+				args: []string{"someconfig=somevalue, gitOps.schedule=bar", "gitOps.enabled=bar", "git.foo=bar", "rotateKeys=bar"},
 			},
 			wantErr: true,
 		},
@@ -389,7 +305,7 @@ func TestSetConfigs(t *testing.T) {
 	defer tearDown()
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			if err := tt.args.q.SetConfigs(tt.args.args); (err != nil) != tt.wantErr {
+			if err := tt.args.q.SetConfigs(tt.args.args, false); (err != nil) != tt.wantErr {
 				t.Errorf("SetConfigs() error = %v, wantErr %v", err, tt.wantErr)
 			}
 		})
@@ -508,9 +424,14 @@ spec:
 		})
 	}
 }
-
+func removePrivateKey() {
+	err := os.Remove(filepath.Join(testDir, secrets, contexts, qlikDefaultContext, secrets, "user_secret_key"))
+	if err != nil {
+		log.Fatalf("Could not delete private key %v", err)
+	}
+	return
+}
 func Test_PrepareK8sSecret(t *testing.T) {
-
 	type fields struct {
 		QliksenseHome string
 	}
@@ -530,7 +451,7 @@ func Test_PrepareK8sSecret(t *testing.T) {
 			wantErr: false,
 			setup: func() (string, func()) {
 				tearDown := setup()
-				_, _, targetFile, _ := setupTargetFileAndPrivateKey()
+				targetFile, _, _ := setupTargetFileAndPrivateKey()
 				return targetFile, tearDown
 			},
 		},
@@ -543,7 +464,7 @@ func Test_PrepareK8sSecret(t *testing.T) {
 			wantErr: true,
 			setup: func() (string, func()) {
 				tearDown := setup()
-				_, _, targetFile, _ := setupTargetFileAndPrivateKey()
+				targetFile, _, _ := setupTargetFileAndPrivateKey()
 				removePrivateKey()
 				return targetFile, tearDown
 			},
@@ -557,8 +478,7 @@ func Test_PrepareK8sSecret(t *testing.T) {
 			wantErr: true,
 			setup: func() (string, func()) {
 				tearDown := setup()
-				_, _, _, _ = setupTargetFileAndPrivateKey()
-				removePrivateKey()
+				setupTargetFileAndPrivateKey()
 				return "", tearDown
 			},
 		},
@@ -638,6 +558,7 @@ func Test_SetSecrets(t *testing.T) {
 	type args struct {
 		args        []string
 		isSecretSet bool
+		base64      bool
 	}
 	tests := []struct {
 		name    string
@@ -656,6 +577,18 @@ func Test_SetSecrets(t *testing.T) {
 			},
 			wantErr: false,
 		},
+		{
+			name: "valid secret secrets=false base64 encoded",
+			fields: fields{
+				QliksenseHome: testDir,
+			},
+			args: args{
+				args:        []string{"qliksense.mongoDbUri=bW9uZ29kYjovL3FsaWstZGVmYXVsdC1tb25nb2RiOjI3MDE3L3FsaWtzZW5zZT9zc2w9ZmFsc2U="},
+				isSecretSet: false,
+				base64:      true,
+			},
+			wantErr: false,
+		},
 		{
 			name: "test1 valid secret secrets=true",
 			fields: fields{
@@ -691,22 +624,17 @@ func Test_SetSecrets(t *testing.T) {
 		},
 	}
 	tearDown := setup()
-	_, privateKeyBytes, _, err := setupTargetFileAndPrivateKey()
+	_, encryptionKey, err := setupTargetFileAndPrivateKey()
 	if err != nil {
 		t.FailNow()
 	}
 	defer tearDown()
-
-	privKey, err := api.DecodeToPrivateKey(privateKeyBytes)
-	if err != nil {
-		t.FailNow()
-	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			q := &Qliksense{
 				QliksenseHome: tt.fields.QliksenseHome,
 			}
-			if err := q.SetSecrets(tt.args.args, tt.args.isSecretSet); (err != nil) != tt.wantErr {
+			if err := q.SetSecrets(tt.args.args, tt.args.isSecretSet, tt.args.base64); (err != nil) != tt.wantErr {
 				t.Errorf("SetSecrets() error = %v, wantErr %v", err, tt.wantErr)
 				t.FailNow()
 			}
@@ -717,7 +645,10 @@ func Test_SetSecrets(t *testing.T) {
 			// extract the value for testing
 			testValueArr := strings.SplitN(tt.args.args[0], "=", 2)
 			testValue := strings.ReplaceAll(testValueArr[1], "\"", "")
-
+			if tt.args.base64 {
+				d, _ := b64.StdEncoding.DecodeString(testValue)
+				testValue = strings.Trim(string(d), "\n ")
+			}
 			qliksenseCR, err := readCRFile()
 			if err != nil {
 				err = fmt.Errorf("Not able to read from context file: %v", err)
@@ -734,13 +665,7 @@ func Test_SetSecrets(t *testing.T) {
 							log.Printf("decode error: %v", err)
 							t.FailNow()
 						}
-						decodedValue, err := b64.StdEncoding.DecodeString(valToBeEncrypted)
-						if err != nil {
-							err := fmt.Errorf("Error occurred while decoding: %v", err)
-							log.Printf("decode error: %v", err)
-							t.FailNow()
-						}
-						decryptedVal, err := api.Decrypt(decodedValue, privKey)
+						decryptedVal, err := api.DecryptData([]byte(valToBeEncrypted), encryptionKey)
 						if err != nil {
 							err := fmt.Errorf("Error occurred while testing decryption: %v", err)
 							log.Printf("No Data in Secret: %v", err)
@@ -781,7 +706,8 @@ func getValueToBeDecodedForSetSecrets(item config.NameValue, qliksenseCR *api.Ql
 	}
 	// secret=false
 	if item.Value != "" {
-		return item.Value, nil
+		b, err := b64.RawStdEncoding.DecodeString(item.Value)
+		return string(b), err
 	}
 	err := fmt.Errorf("Both Value and ValueFrom are empty")
 	return "", err

pkg/qliksense/crds.go

@@ -2,6 +2,7 @@ package qliksense
 
 import (
 	"fmt"
+	"os"
 	"path/filepath"
 
 	qapi "github.com/qlik-oss/sense-installer/pkg/api"
@@ -19,12 +20,24 @@ func (q *Qliksense) ViewCrds(opts *CrdCommandOptions) error {
 		fmt.Println("cannot get the current-context cr", err)
 		return err
 	}
-	if engineCRD, err := getQliksenseInitCrd(qcr); err != nil {
+	engineCRD, err := getQliksenseInitCrd(qcr)
+	if err != nil {
 		return err
-	} else if opts.All {
-		fmt.Printf("%s\n%s", q.GetOperatorCRDString(), engineCRD)
-	} else {
-		fmt.Printf("%s", engineCRD)
+	}
+	customCrd, err := getCustomCrd(qcr)
+	if err != nil {
+		return nil
+	}
+
+	fmt.Println(engineCRD)
+	if customCrd != "" {
+		fmt.Println("---")
+		fmt.Println(customCrd)
+	}
+
+	if opts.All {
+		fmt.Println("---")
+		fmt.Printf("%s", q.GetOperatorCRDString())
 	}
 	return nil
 }
@@ -43,6 +56,14 @@ func (q *Qliksense) InstallCrds(opts *CrdCommandOptions) error {
 	} else if err = qapi.KubectlApply(engineCRD, ""); err != nil {
 		return err
 	}
+	if customCrd, err := getCustomCrd(qcr); err != nil {
+		return err
+	} else if customCrd != "" {
+		if err = qapi.KubectlApply(customCrd, ""); err != nil {
+			return err
+		}
+	}
+
 	if opts.All { // install opeartor crd
 		if err := qapi.KubectlApply(q.GetOperatorCRDString(), ""); err != nil {
 			fmt.Println("cannot do kubectl apply on opeartor CRD", err)
@@ -65,6 +86,10 @@ func getQliksenseInitCrd(qcr *qapi.QliksenseCR) (string, error) {
 	}
 
 	qInitMsPath := filepath.Join(repoPath, Q_INIT_CRD_PATH)
+	if _, err := os.Lstat(qInitMsPath); err != nil {
+		// older version of qliksense-init used
+		qInitMsPath = filepath.Join(repoPath, "manifests/base/manifests/qliksense-init")
+	}
 	qInitByte, err := ExecuteKustomizeBuild(qInitMsPath)
 	if err != nil {
 		fmt.Println("cannot generate crds for qliksense-init", err)
@@ -72,3 +97,16 @@ func getQliksenseInitCrd(qcr *qapi.QliksenseCR) (string, error) {
 	}
 	return string(qInitByte), nil
 }
+
+func getCustomCrd(qcr *qapi.QliksenseCR) (string, error) {
+	crdPath := qcr.GetCustomCrdsPath()
+	if crdPath == "" {
+		return "", nil
+	}
+	qInitByte, err := ExecuteKustomizeBuild(crdPath)
+	if err != nil {
+		fmt.Println("cannot generate custom crds", err)
+		return "", err
+	}
+	return string(qInitByte), nil
+}

pkg/qliksense/docker.go

@@ -31,8 +31,10 @@ const (
 func (q *Qliksense) PullImages(version, profile string) error {
 	qConfig := qapi.NewQConfig(q.QliksenseHome)
 	if version != "" {
-		if err := q.FetchQK8s(version); err != nil {
-			return err
+		if !qConfig.IsRepoExistForCurrent(version) {
+			if err := q.FetchQK8s(version); err != nil {
+				return err
+			}
 		}
 	}
 	qcr, err := qConfig.GetCurrentCR()
@@ -73,7 +75,7 @@ func (q *Qliksense) PullImagesForCurrentCR() error {
 	}
 
 	images := versionOut.Images
-	if err := q.appendOperatorImages(&images); err != nil {
+	if err := q.appendAdditionalImages(&images, qcr); err != nil {
 		return err
 	}
 
@@ -93,6 +95,19 @@ func (q *Qliksense) PullImagesForCurrentCR() error {
 	return nil
 }
 
+func (q *Qliksense) appendGitOpsImage(images *[]string, qcr *qapi.QliksenseCR) {
+	if qcr.Spec.GitOps != nil && qcr.Spec.GitOps.Image != "" {
+		*images = append(*images, qcr.Spec.GitOps.Image)
+	}
+}
+
+func (q *Qliksense) appendPreflightImages(images *[]string) {
+	pf := qapi.NewPreflightConfig(q.QliksenseHome)
+	for _, preflightImage := range pf.GetImageMap() {
+		*images = append(*images, preflightImage)
+	}
+}
+
 func (q *Qliksense) appendOperatorImages(images *[]string) error {
 	if operatorImages, err := getImageList([]byte(q.GetOperatorControllerString())); err != nil {
 		return err
@@ -173,7 +188,7 @@ func (q *Qliksense) PushImagesForCurrentCR() error {
 	}
 
 	images := versionOut.Images
-	if err := q.appendOperatorImages(&images); err != nil {
+	if err := q.appendAdditionalImages(&images, qcr); err != nil {
 		return err
 	}
 
@@ -194,6 +209,15 @@ func (q *Qliksense) PushImagesForCurrentCR() error {
 	return nil
 }
 
+func (q *Qliksense) appendAdditionalImages(images *[]string, qcr *qapi.QliksenseCR) error {
+	if err := q.appendOperatorImages(images); err != nil {
+		return err
+	}
+	q.appendGitOpsImage(images, qcr)
+	q.appendPreflightImages(images)
+	return nil
+}
+
 func pushImage(image, imagesDir string, dockerConfigJsonSecret *qapi.DockerConfigJsonSecret) error {
 	imageNameParts := getImageNameParts(image)
 	srcDir := filepath.Join(imagesDir, imageIndexDirName, imageNameParts.name, imageNameParts.tag)

pkg/qliksense/docker_test.go

@@ -68,6 +68,9 @@ const (
 )
 
 func Test_Pull_Push_ImagesForCurrentCR(t *testing.T) {
+	if testing.Short() {
+		t.Skip("Skipping pull/push tests in short mode")
+	}
 	var testCases = []struct {
 		name              string
 		registryAuth      bool
@@ -131,7 +134,7 @@ func Test_Pull_Push_ImagesForCurrentCR(t *testing.T) {
 			}
 			q := &Qliksense{
 				QliksenseHome: tmpQlikSenseHome,
-				CrdBox:        packr.New("crds", "./crds"),
+				CrdBox:        &packr.Box{},
 			}
 			var versionOut VersionOutput
 
@@ -170,29 +173,88 @@ func Test_Pull_Push_ImagesForCurrentCR(t *testing.T) {
 	}
 }
 
-func setupQlikSenseHome(t *testing.T, tmpQlikSenseHome string, registry *testRegistryV2, clientAuth clientAuthType) error {
-	if err := ioutil.WriteFile(path.Join(tmpQlikSenseHome, "config.yaml"), []byte(`
-apiVersion: config.qlik.com/v1
-kind: QliksenseConfig
+func Test_appendAdditionalImages(t *testing.T) {
+	tmpQlikSenseHome, err := ioutil.TempDir("", "tmp-qlik-sense-home-")
+	if err != nil {
+		t.Fatalf("unexpected error creating tmp dir: %v", err)
+	}
+	defer os.RemoveAll(tmpQlikSenseHome)
+
+	setupQliksenseTestDefaultContext(t, tmpQlikSenseHome, `
+apiVersion: qlik.com/v1
+kind: Qliksense
 metadata:
-  name: QliksenseConfigMetadata
+  name: qlik-default
 spec:
-  contexts:
-  - name: qlik-default
-    crFile: contexts/qlik-default/qlik-default.yaml
-  currentContext: qlik-default
-`), os.ModePerm); err != nil {
-		return err
+  gitOps:
+    image: some-gitops-image
+`)
+
+	q := &Qliksense{
+		QliksenseHome: tmpQlikSenseHome,
+		CrdBox:        packr.New("crds", "./crds"),
 	}
 
-	defaultContextDir := path.Join(tmpQlikSenseHome, "contexts", "qlik-default")
-	if err := os.MkdirAll(defaultContextDir, os.ModePerm); err != nil {
-		return err
+	pf := api.NewPreflightConfig(q.QliksenseHome)
+	if err := pf.Initialize(); err != nil {
+		t.Fatalf("unexpected error initializing preflight: %v", err)
 	}
 
+	qConfig := api.NewQConfig(q.QliksenseHome)
+	qcr, err := qConfig.GetCurrentCR()
+	if err != nil {
+		t.Fatalf("unexpected error getting current CR: %v", err)
+	}
+
+	images := make([]string, 0)
+	if err := q.appendAdditionalImages(&images, qcr); err != nil {
+		t.Fatalf("unexpected error appending additional images: %v", err)
+	}
+
+	expectedNumberAdditionalImages := 5
+	if len(images) != expectedNumberAdditionalImages {
+		t.Fatalf("unexpected number of additional images: %v, expected: %v", len(images), expectedNumberAdditionalImages)
+	}
+
+	haveMatchingImage := func(test func(string) bool) bool {
+		for _, image := range images {
+			if test(image) {
+				return true
+			}
+		}
+		return false
+	}
+	if !haveMatchingImage(func(image string) bool {
+		return strings.Contains(image, "qlik-docker-oss.bintray.io/qliksense-operator:v")
+	}) {
+		t.Fatal("expected to find the operator image in the list, but it wasn't there")
+	}
+	if !haveMatchingImage(func(image string) bool {
+		return image == "some-gitops-image"
+	}) {
+		t.Fatal("expected to find the GitOps image in the list, but it wasn't there")
+	}
+	if !haveMatchingImage(func(image string) bool {
+		return image == "nginx"
+	}) {
+		t.Fatal("expected to find the nginx Preflight image in the list, but it wasn't there")
+	}
+	if !haveMatchingImage(func(image string) bool {
+		return image == "subfuzion/netcat"
+	}) {
+		t.Fatal("expected to find the netcat Preflight image in the list, but it wasn't there")
+	}
+	if !haveMatchingImage(func(image string) bool {
+		return image == "mongo"
+	}) {
+		t.Fatal("expected to find the mongo Preflight image in the list, but it wasn't there")
+	}
+}
+
+func setupQlikSenseHome(t *testing.T, tmpQlikSenseHome string, registry *testRegistryV2, clientAuth clientAuthType) error {
 	version := "foo"
-	manifestsRootDir := fmt.Sprintf("%s/repo/%s", defaultContextDir, version)
-	if err := ioutil.WriteFile(path.Join(defaultContextDir, "qlik-default.yaml"), []byte(fmt.Sprintf(`
+	manifestsRootDir := filepath.ToSlash(path.Join(tmpQlikSenseHome, "contexts", "qlik-default", "repo", version))
+	cr := fmt.Sprintf(`
 apiVersion: qlik.com/v1
 kind: Qliksense
 metadata:
@@ -208,9 +270,8 @@ spec:
   manifestsRoot: %s
   rotateKeys: "yes"
   releaseName: qlik-default
-`, version, registry.url, manifestsRootDir)), os.ModePerm); err != nil {
-		return err
-	}
+`, version, registry.url, manifestsRootDir)
+	setupQliksenseTestDefaultContext(t, tmpQlikSenseHome, cr)
 
 	if clientAuth == clientAuthProvided || clientAuth == clientAuthProvidedButIncorrect {
 		if registry.username == "" || clientAuth == clientAuthProvidedButIncorrect {

pkg/qliksense/fetch.go

@@ -1,13 +1,28 @@
 package qliksense
 
 import (
+	"bufio"
+	"errors"
 	"fmt"
+	"io/ioutil"
+	"os"
+	"path"
+	"strings"
 
-	"github.com/google/uuid"
 	kapis_git "github.com/qlik-oss/k-apis/pkg/git"
 	qapi "github.com/qlik-oss/sense-installer/pkg/api"
+	"github.com/src-d/go-git/plumbing/transport"
+	"gopkg.in/src-d/go-git.v4/plumbing/transport/http"
 )
 
+type FetchCommandOptions struct {
+	GitUrl      string
+	AccessToken string
+	Version     string
+	SecretName  string
+	Overwrite   bool
+}
+
 const (
 	QLIK_GIT_REPO = "https://github.com/qlik-oss/qliksense-k8s"
 )
@@ -17,24 +32,125 @@ func (q *Qliksense) FetchQK8s(version string) error {
 	return fetchAndUpdateCR(qConfig, version)
 }
 
+func (q *Qliksense) FetchK8sWithOpts(opts *FetchCommandOptions) error {
+	qConfig := qapi.NewQConfig(q.QliksenseHome)
+	cr, err := qConfig.GetCurrentCR()
+	if err != nil {
+		return err
+	}
+	if opts.AccessToken != "" {
+		encKey, err := qConfig.GetEncryptionKeyFor(cr.GetName())
+		if err != nil {
+			return err
+		}
+		if err := cr.SetFetchAccessToken(opts.AccessToken, encKey); err != nil {
+			return err
+		}
+	}
+	if opts.SecretName != "" {
+		cr.SetFetchAccessSecretName(opts.SecretName)
+	}
+	if opts.GitUrl != "" {
+		cr.SetFetchUrl(opts.GitUrl)
+	}
+	v := getVersion(opts, cr)
+	if v == "" {
+		return errors.New("Cannot find gitref/tag/branch/version to fetch")
+	}
+	if qConfig.IsRepoExistForCurrent(v) {
+		if opts.Overwrite || getVerionsOverwriteConfirmation(v) == "y" {
+			if err := qConfig.DeleteRepoForCurrent(v); err != nil {
+				return err
+			}
+		} else {
+			// nothing to do
+			return nil
+		}
+	}
+	qConfig.WriteCR(cr)
+	return fetchAndUpdateCR(qConfig, v)
+}
+
+// fetchAndUpdateCR fetch
 func fetchAndUpdateCR(qConfig *qapi.QliksenseConfig, version string) error {
 	qcr, err := qConfig.GetCurrentCR()
 	if err != nil {
 		fmt.Println("cannot get the current-context cr", err)
 		return err
 	}
-	if qConfig.IsRepoExistForCurrent(version) {
-		return nil
+	if version == "" {
+		if qcr.GetLabelFromCr("version") == "" {
+			return errors.New("Cannot find gitref/tag/branch/version to fetch")
+		}
+		version = qcr.GetLabelFromCr("version")
+	}
+	encKey, err := qConfig.GetEncryptionKeyFor(qcr.GetName())
+	if err != nil {
+		return err
+	}
+	// downlaod to temp first
+	tempDest, err := fetchToTempDir(qcr.GetFetchUrl(), version, qcr.GetFetchAccessToken(encKey))
+	if err != nil {
+		return err
 	}
-	destDir := qConfig.BuildRepoPath(version)
-	fmt.Printf("fetching version [%s] from %s\n", version, QLIK_GIT_REPO)
 
-	if repo, err := kapis_git.CloneRepository(destDir, QLIK_GIT_REPO, nil); err != nil {
-		return err
-	} else if err = kapis_git.Checkout(repo, version, fmt.Sprintf("%v-by-operator-%v", version, uuid.New().String()), nil); err != nil {
-		return err
+	destDir := qConfig.BuildRepoPath(version)
+	fmt.Printf("fetching version [%s] from %s\n", version, qcr.GetFetchUrl())
+	if err := qapi.CopyDirectory(tempDest, destDir); err != nil {
+		return nil
 	}
 	qcr.Spec.ManifestsRoot = qConfig.BuildCurrentManifestsRoot(version)
 	qcr.AddLabelToCr("version", version)
 	return qConfig.WriteCurrentContextCR(qcr)
 }
+
+func fetchToTempDir(gitUrl, gitRef, accessToken string) (string, error) {
+	tmpDir, err := ioutil.TempDir("", "")
+	if err != nil {
+		return "", err
+	}
+	downloadPath := path.Join(tmpDir, "repo")
+	var auth transport.AuthMethod
+	if accessToken != "" {
+		auth = &http.BasicAuth{
+			Username: "something",
+			Password: accessToken,
+		}
+	}
+	if repo, err := kapis_git.CloneRepository(downloadPath, gitUrl, auth); err != nil {
+		return "", err
+	} else if err := kapis_git.Checkout(repo, gitRef, "", auth); err != nil {
+		return "", err
+	} else {
+		return downloadPath, nil
+	}
+}
+
+func getVersion(opts *FetchCommandOptions, qcr *qapi.QliksenseCR) string {
+	if opts.Version == "" {
+		if qcr.GetLabelFromCr("version") != "" {
+			return qcr.GetLabelFromCr("version")
+		}
+	}
+	return opts.Version
+}
+
+func getVerionsOverwriteConfirmation(version string) string {
+	reader := bufio.NewReader(os.Stdin)
+	fmt.Println("The version  [" + version + "] already exist")
+	cfm := "n"
+	for {
+		fmt.Print("Do you want to delete and fetch again [y/N]: ")
+		cfm, _ = reader.ReadString('\n')
+		cfm = strings.Replace(cfm, "\n", "", -1)
+		cfm = strings.TrimSpace(cfm)
+		if cfm == "" {
+			cfm = "n"
+		}
+		cfm = strings.ToLower(cfm)
+		if cfm == "y" || cfm == "n" {
+			break
+		}
+	}
+	return cfm
+}

pkg/qliksense/install.go

@@ -27,11 +27,9 @@ func (q *Qliksense) InstallQK8s(version string, opts *InstallCommandOptions, kee
 	// fetch the version
 	qConfig := qapi.NewQConfig(q.QliksenseHome)
 	if !keepPatchFiles {
-		defer func() {
-			if err := q.DiscardAllUnstagedChangesFromGitRepo(qConfig); err != nil {
-				fmt.Printf("error removing temporary changes to the config: %v\n", err)
-			}
-		}()
+		if err := q.DiscardAllUnstagedChangesFromGitRepo(qConfig); err != nil {
+			fmt.Printf("error removing temporary changes to the config: %v\n", err)
+		}
 	}
 
 	qcr, err := qConfig.GetCurrentCR()
@@ -66,16 +64,11 @@ func (q *Qliksense) InstallQK8s(version string, opts *InstallCommandOptions, kee
 	//CRD will be installed outside of operator
 	//install operator controller into the namespace
 	fmt.Println("Installing operator controller")
-	operatorControllerString := q.GetOperatorControllerString()
-	if imageRegistry := qcr.GetImageRegistry(); imageRegistry != "" {
-		operatorControllerString, err = kustomizeForImageRegistry(operatorControllerString, pullSecretName,
-			"qlik/qliksense-operator", fmt.Sprintf("%v/qliksense-operator", imageRegistry))
-		if err != nil {
-			return err
-		}
-	}
-	if err := qapi.KubectlApply(operatorControllerString, ""); err != nil {
-		fmt.Println("cannot do kubectl apply on opeartor controller", err)
+	if operatorControllerString, err := q.getProcessedOperatorControllerString(qcr); err != nil {
+		fmt.Println("error extracting/transforming operator controller", err)
+		return err
+	} else if err := qapi.KubectlApply(operatorControllerString, ""); err != nil {
+		fmt.Println("cannot do kubectl apply on operator controller", err)
 		return err
 	}
 
@@ -94,11 +87,10 @@ func (q *Qliksense) InstallQK8s(version string, opts *InstallCommandOptions, kee
 			return q.applyCR(dcr)
 		}
 	}
-	if version == "" {
-		version = qcr.GetLabelFromCr("version")
-	}
-	if err := fetchAndUpdateCR(qConfig, version); err != nil {
-		return err
+	if !qcr.IsRepoExist() {
+		if err := fetchAndUpdateCR(qConfig, version); err != nil {
+			return err
+		}
 	}
 
 	qcr, err = qConfig.GetCurrentCR()
@@ -122,9 +114,19 @@ func (q *Qliksense) InstallQK8s(version string, opts *InstallCommandOptions, kee
 	}
 }
 
+func (q *Qliksense) getProcessedOperatorControllerString(qcr *qapi.QliksenseCR) (string, error) {
+	operatorControllerString := q.GetOperatorControllerString()
+	if imageRegistry := qcr.GetImageRegistry(); imageRegistry != "" {
+		return kustomizeForImageRegistry(operatorControllerString, pullSecretName,
+			fmt.Sprintf("%v/%v", qliksenseOperatorImageRepo, qliksenseOperatorImageName),
+			fmt.Sprintf("%v/%v", imageRegistry, qliksenseOperatorImageName))
+	}
+	return operatorControllerString, nil
+}
+
 func installOrRemoveImagePullSecret(qConfig *qapi.QliksenseConfig) error {
 	if pullDockerConfigJsonSecret, err := qConfig.GetPullDockerConfigJsonSecret(); err == nil {
-		if dockerConfigJsonSecretYaml, err := pullDockerConfigJsonSecret.ToYaml(nil); err != nil {
+		if dockerConfigJsonSecretYaml, err := pullDockerConfigJsonSecret.ToYaml(""); err != nil {
 			return err
 		} else if err := qapi.KubectlApply(string(dockerConfigJsonSecretYaml), ""); err != nil {
 			return err
@@ -133,7 +135,7 @@ func installOrRemoveImagePullSecret(qConfig *qapi.QliksenseConfig) error {
 		deleteDockerConfigJsonSecret := qapi.DockerConfigJsonSecret{
 			Name: pullSecretName,
 		}
-		if deleteDockerConfigJsonSecretYaml, err := deleteDockerConfigJsonSecret.ToYaml(nil); err != nil {
+		if deleteDockerConfigJsonSecretYaml, err := deleteDockerConfigJsonSecret.ToYaml(""); err != nil {
 			return err
 		} else if err := qapi.KubectlDelete(string(deleteDockerConfigJsonSecretYaml), ""); err != nil {
 			qapi.LogDebugMessage("failed deleting %v, error: %v\n", pullSecretName, err)

pkg/qliksense/install_test.go

@@ -1,11 +1,20 @@
 package qliksense
 
 import (
+	"fmt"
 	"io/ioutil"
 	"os"
+	"path"
 	"path/filepath"
+	"strings"
 	"testing"
 
+	"sigs.k8s.io/kustomize/api/k8sdeps/kunstruct"
+	"sigs.k8s.io/kustomize/api/resid"
+	"sigs.k8s.io/kustomize/api/resmap"
+	"sigs.k8s.io/kustomize/api/resource"
+
+	"github.com/gobuffalo/packr/v2"
 	qapi "github.com/qlik-oss/sense-installer/pkg/api"
 )
 
@@ -63,3 +72,106 @@ spec:
 	}
 	td()
 }
+
+func setupQliksenseTestDefaultContext(t *testing.T, tmpQlikSenseHome, CR string) {
+	if err := ioutil.WriteFile(path.Join(tmpQlikSenseHome, "config.yaml"), []byte(`
+apiVersion: config.qlik.com/v1
+kind: QliksenseConfig
+metadata:
+  name: QliksenseConfigMetadata
+spec:
+  contexts:
+  - name: qlik-default
+    crFile: contexts/qlik-default/qlik-default.yaml
+  currentContext: qlik-default
+`), os.ModePerm); err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+
+	defaultContextDir := path.Join(tmpQlikSenseHome, "contexts", "qlik-default")
+	if err := os.MkdirAll(defaultContextDir, os.ModePerm); err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+
+	if err := ioutil.WriteFile(path.Join(defaultContextDir, "qlik-default.yaml"), []byte(CR), os.ModePerm); err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+}
+
+func Test_getProcessedOperatorControllerString(t *testing.T) {
+	tmpQlikSenseHome, err := ioutil.TempDir("", "tmp-qlik-sense-home-")
+	if err != nil {
+		t.Fatalf("unexpected error creating tmp dir: %v", err)
+	}
+	defer os.RemoveAll(tmpQlikSenseHome)
+
+	registry := "registryFoo"
+	setupQliksenseTestDefaultContext(t, tmpQlikSenseHome, fmt.Sprintf(`
+apiVersion: qlik.com/v1
+kind: Qliksense
+metadata:
+  name: qlik-default
+spec:
+  configs:
+    qliksense:
+    - name: imageRegistry
+      value: %v
+`, registry))
+
+	q := &Qliksense{
+		QliksenseHome: tmpQlikSenseHome,
+		CrdBox:        packr.New("crds", "./crds"),
+	}
+
+	qConfig := qapi.NewQConfig(q.QliksenseHome)
+	qcr, err := qConfig.GetCurrentCR()
+	if err != nil {
+		t.Fatalf("unexpected error getting current CR: %v", err)
+	}
+
+	originalOperatorString := q.GetOperatorControllerString()
+
+	processedOperatorString, err := q.getProcessedOperatorControllerString(qcr)
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+
+	controllerImageChecks := map[string]func(t *testing.T, controllerImage string){
+		originalOperatorString: func(t *testing.T, controllerImage string) {
+			expectedControllerImagePrefix := fmt.Sprintf("%v/%v:", qliksenseOperatorImageRepo, qliksenseOperatorImageName)
+			if !strings.HasPrefix(controllerImage, expectedControllerImagePrefix) {
+				t.Fatalf("expected controller image: %v to have prefix: %v", controllerImage, expectedControllerImagePrefix)
+			}
+		},
+		processedOperatorString: func(t *testing.T, controllerImage string) {
+			expectedControllerImagePrefix := fmt.Sprintf("%v/%v:", registry, qliksenseOperatorImageName)
+			if !strings.HasPrefix(controllerImage, expectedControllerImagePrefix) {
+				t.Fatalf("expected controller image: %v to have prefix: %v", controllerImage, expectedControllerImagePrefix)
+			}
+		},
+	}
+
+	resourceFactory := resmap.NewFactory(resource.NewFactory(kunstruct.NewKunstructuredFactoryImpl()), nil)
+	for operatorString, controllerImageCheck := range controllerImageChecks {
+		resMap, err := resourceFactory.NewResMapFromBytes([]byte(operatorString))
+		if err != nil {
+			t.Fatalf("unexpected error: %v", err)
+		}
+
+		res, err := resMap.GetById(resid.NewResId(resid.Gvk{
+			Group:   "apps",
+			Version: "v1",
+			Kind:    "Deployment",
+		}, "qliksense-operator"))
+		if err != nil {
+			t.Fatalf("unexpected error: %v", err)
+		}
+
+		controllerImage, err := res.GetString("spec.template.spec.containers[0].image")
+		if err != nil {
+			t.Fatalf("unexpected error: %v", err)
+		}
+
+		controllerImageCheck(t, controllerImage)
+	}
+}

pkg/qliksense/kuz.go

@@ -57,7 +57,7 @@ func GetYamlsFromMultiDoc(multiYaml string, kind string) string {
 	for _, doc := range yamlDocs {
 		scanner := bufio.NewScanner(strings.NewReader(doc))
 		for scanner.Scan() {
-			if strings.HasPrefix(scanner.Text(), "kind: "+kind) {
+			if scanner.Text() == "kind: "+kind {
 				resultDocs = resultDocs + "\n---\n" + doc
 				break
 			}

pkg/qliksense/load_cr.go

@@ -51,7 +51,7 @@ func (q *Qliksense) loadCrStringIntoFileSystem(crstr string, overwriteExistingCo
 	}
 
 	// encrypt the secrets and do base64 then update the CR
-	rsaPublicKey, _, err := qConfig.GetContextEncryptionKeyPair(cr.GetName())
+	encryptionKey, err := qConfig.GetEncryptionKeyFor(cr.GetName())
 	if err != nil {
 		return "", err
 	}
@@ -63,13 +63,17 @@ func (q *Qliksense) loadCrStringIntoFileSystem(crstr string, overwriteExistingCo
 					Value:   nv.Value,
 					SvcName: svc,
 				}
-				if err := q.processSecret(skv, rsaPublicKey, cr, false); err != nil {
+				if err := q.processSecret(skv, encryptionKey, cr, false); err != nil {
 					return cr.GetName(), err
 				}
 			}
 		}
 	}
-
+	if cr.Spec.FetchSource != nil && cr.Spec.FetchSource.AccessToken != "" {
+		if err := cr.SetFetchAccessToken(cr.Spec.FetchSource.AccessToken, encryptionKey); err != nil {
+			return "", err
+		}
+	}
 	// update manifestsRoot in case already exist
 	if existingCr, err := qConfig.GetCR(cr.GetName()); err == nil {
 		// cr exists, so update the manifestsRoot if version exist