Merge branch 'main' into secrets-pr-preview

.github/workflows/label.yaml

@@ -12,4 +12,4 @@ jobs:
         with:
           mode: exactly
           count: 1
-          labels: "bug, enhancement, ui, test, exclude from release notes"
+          labels: "bug, enhancement, dependencies, ui, test, exclude from release notes"

bin/go-lint

@@ -12,7 +12,6 @@ if [ ! -x "${GOPATH}/bin/golangci-lint" ]; then
 fi
 
 "${GOPATH}/bin/golangci-lint" run \
-    --verbose \
     --enable=misspell \
     --enable=gofmt \
     --timeout=15m \

charts/mccp/templates/clusters-service/collector.yaml

@@ -38,6 +38,9 @@ rules:
   - apiGroups: ["clusters.weave.works"]
     resources: ["automatedclusterdiscoveries"]
     verbs: ["get", "watch", "list"]
+  - apiGroups: [""]
+    resources: ["namespaces"]
+    verbs: ["list", "watch"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding

cmd/gitops/app/bootstrap/cmd.go

@@ -123,6 +123,7 @@ func getBootstrapCmdRun(opts *config.Options) func(*cobra.Command, []string) err
 			).
 			WithGitAuthentication(flags.privateKeyPath,
 				flags.privateKeyPassword,
+				cmd.Flag("private-key-password").Changed,
 				flags.gitUsername,
 				flags.gitPassword,
 			).

cmd/gitops/app/bootstrap/cmd_acceptance_test.go

@@ -110,6 +110,10 @@ func TestBootstrapCmd(t *testing.T) {
 	gitBranchFlag := fmt.Sprintf("--branch=%s", gitBranch)
 	gitRepoPathFlag := fmt.Sprintf("--repo-path=%s", gitRepoPath)
 
+	// wge version
+	wgeVersion := "0.37.0"
+	wgeVersionFlag := fmt.Sprintf("--version=%s", wgeVersion)
+
 	// oidc configuration
 	oidcClientSecret := os.Getenv("OIDC_CLIENT_SECRET")
 	g.Expect(oidcClientSecret).NotTo(BeEmpty())
@@ -131,7 +135,7 @@ func TestBootstrapCmd(t *testing.T) {
 		{
 			name: "journey flux exists: should bootstrap with valid arguments",
 			flags: []string{kubeconfigFlag,
-				"--version=0.37.0",
+				wgeVersionFlag,
 				privateKeyFlag, privateKeyPasswordFlag,
 				"--password=admin123",
 				"--discovery-url=https://dex-01.wge.dev.weave.works/.well-known/openid-configuration",
@@ -153,7 +157,7 @@ func TestBootstrapCmd(t *testing.T) {
 		{
 			name: "journey flux does not exist: should bootstrap with valid arguments",
 			flags: []string{kubeconfigFlag,
-				"--version=0.37.0",
+				wgeVersionFlag,
 				"--password=admin123",
 				"--discovery-url=https://dex-01.wge.dev.weave.works/.well-known/openid-configuration",
 				"--client-id=weave-gitops-enterprise",
@@ -176,7 +180,6 @@ func TestBootstrapCmd(t *testing.T) {
 		{
 			name: "journey flux does not exist interactive",
 			flags: []string{kubeconfigFlag,
-				"--version=0.37.0",
 				"--password=admin123",
 				"--components-extra=none",
 			},
@@ -187,6 +190,7 @@ func TestBootstrapCmd(t *testing.T) {
 				fmt.Sprintf("%s\n", gitRepoPath),  // please enter your flux path for your cluster
 				fmt.Sprintf("%s\n", gitUsername),  // please enter your git username
 				fmt.Sprintf("%s\n", gitPassword),  // please enter your git password
+				fmt.Sprintf("%s\n", wgeVersion),   // please select your wge version
 				"N\n",                             // Do you want to setup OIDC to access Weave GitOps Dashboards?
 			},
 			setup: func(t *testing.T) {

cmd/gitops/app/bootstrap/cmd_auth.go

@@ -64,16 +64,19 @@ func getAuthCmdRun(opts *config.Options) func(*cobra.Command, []string) error {
 			).
 			WithGitAuthentication(flags.privateKeyPath,
 				flags.privateKeyPassword,
+				cmd.Flag("private-key-password").Changed,
 				flags.gitUsername,
 				flags.gitPassword,
 			).
 			WithOIDCConfig(flags.discoveryURL, flags.clientID, flags.clientSecret, false).
 			WithSilent(flags.silent).
+			WithExport(flags.export).
+			WithInReader(cmd.InOrStdin()).
+			WithOutWriter(cmd.OutOrStdout()).
 			Build()
 
 		if err != nil {
 			return fmt.Errorf("cannot config bootstrap auth: %v", err)
-
 		}
 
 		err = BootstrapAuth(c)

docs/cli/bootstrap.md

@@ -246,6 +246,7 @@ Note: If you find yourself adding common behaviour in this function think on whe
 **Inputs**
 
 - We usually prefix input names with `in` prefix (short for input) to distinguish these constants from everything else.
+- Check the usage of `PrivateKeyPassword` and `PrivateKeyPasswordChanged` as example of how to handle flags with empty strings as default values.
 
 ## How configuration works ?
 

docs/workflows.md

@@ -8,6 +8,7 @@ Pull requests require exactly one label from the allowed labels:
 
  1. `ui`: New feature or request in the UI
  2. `enhancement`: New feature or request in the BE
- 3. `bug`: Bug fixes
- 4. `test`: Mark a PR as being about tests
- 5. `exclude from release notes`: Use this label to exclude a PR from the release notes ex: doc changes
+ 3. `dependencies`: Use this label for dependency management PRs (i.e. dependabot). 
+ 4. `bug`: Bug fixes
+ 5. `test`: Mark a PR as being about tests
+ 6. `exclude from release notes`: Use this label to exclude a PR from the release notes ex: doc changes

go.mod

@@ -71,7 +71,7 @@ require (
 	github.com/weaveworks/templates-controller v0.2.0
 	github.com/xanzy/go-gitlab v0.90.0
 	go.mozilla.org/sops/v3 v3.7.3
-	golang.org/x/crypto v0.16.0
+	golang.org/x/crypto v0.17.0
 	golang.org/x/exp v0.0.0-20230811145659-89c5cff77bcb
 	golang.org/x/oauth2 v0.13.0
 	google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d

go.sum

@@ -1362,8 +1362,8 @@ golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU
 golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
 golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
-golang.org/x/crypto v0.16.0 h1:mMMrFzRSCF0GvB7Ne27XVtVAaXLrPmgPC7/v0tkwHaY=
-golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
+golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k=
+golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=

pkg/bootstrap/bootstrap.go

@@ -21,18 +21,21 @@ func Bootstrap(config steps.Config) error {
 		return fmt.Errorf("cannot create check ui: %v", err)
 	}
 
+	installWge, err := steps.NewInstallWGEStep(config.WgeConfig, config.Logger)
+	if err != nil {
+		return fmt.Errorf("cannot create install WGE: %v", err)
+	}
+
 	componentsExtra := steps.NewInstallExtraComponentsStep(config.ComponentsExtra, config.ModesConfig.Silent)
 
 	// TODO have a single workflow source of truth and documented in https://docs.gitops.weave.works/docs/0.33.0/enterprise/getting-started/install-enterprise/
 	var workflow = []steps.BootstrapStep{
-		steps.VerifyFluxInstallation,
 		steps.NewAskBootstrapFluxStep(config),
 		repositoryConfig,
 		steps.NewBootstrapFlux(config),
 		steps.CheckEntitlementSecret,
-		steps.NewSelectWgeVersionStep(config),
 		adminCredentials,
-		steps.NewInstallWGEStep(),
+		installWge,
 		steps.NewInstallOIDCStep(config),
 		steps.NewOIDCConfigStep(config),
 		componentsExtra,

pkg/bootstrap/bootstrap_auth.go

@@ -24,19 +24,14 @@ func BootstrapAuth(config steps.Config) error {
 
 func bootstrapOIDC(config steps.Config) error {
 	var steps = []steps.BootstrapStep{
+		// FIXE: remove this steps after checking for WGE as it is our only dependency
 		steps.VerifyFluxInstallation,
 		steps.CheckEntitlementSecret,
 		steps.NewBootstrapFlux(config),
+
 		steps.NewInstallOIDCStep(config),
 		steps.NewOIDCConfigStep(config),
 	}
 
-	for _, step := range steps {
-		config.Logger.Waitingf(step.Name)
-		_, err := step.Execute(&config)
-		if err != nil {
-			return err
-		}
-	}
-	return nil
+	return execute(config, steps)
 }

pkg/bootstrap/steps/ask_bootstrap_flux.go

@@ -59,5 +59,5 @@ func askBootstrapFlux(input []StepInput, c *Config) ([]StepOutput, error) {
 
 // canAskForGitConfig if fluxInstallation is false, then can ask for git config
 func canAskForFluxBootstrap(input []StepInput, c *Config) bool {
-	return !c.FluxInstalled
+	return !c.FluxConfig.IsInstalled
 }

pkg/bootstrap/steps/ask_bootstrap_flux_test.go

@@ -18,7 +18,9 @@ func TestAskBootstrapFlux(t *testing.T) {
 			name:  "check with flux installed",
 			input: []StepInput{},
 			config: &Config{
-				FluxInstalled: true,
+				FluxConfig: FluxConfig{
+					IsInstalled: true,
+				},
 			},
 			err:    false,
 			canAsk: false,
@@ -32,7 +34,9 @@ func TestAskBootstrapFlux(t *testing.T) {
 				},
 			},
 			config: &Config{
-				FluxInstalled: false,
+				FluxConfig: FluxConfig{
+					IsInstalled: false,
+				},
 			},
 			err:    true,
 			canAsk: true,
@@ -46,7 +50,9 @@ func TestAskBootstrapFlux(t *testing.T) {
 				},
 			},
 			config: &Config{
-				FluxInstalled: false,
+				FluxConfig: FluxConfig{
+					IsInstalled: false,
+				},
 			},
 			err:    false,
 			canAsk: true,
@@ -55,7 +61,9 @@ func TestAskBootstrapFlux(t *testing.T) {
 			name:  "check with silent mode and bootstrap flux flag available",
 			input: []StepInput{},
 			config: &Config{
-				FluxInstalled: false,
+				FluxConfig: FluxConfig{
+					IsInstalled: false,
+				},
 				BootstrapFlux: true,
 				ModesConfig: ModesConfig{
 					Silent: true,
@@ -73,7 +81,9 @@ func TestAskBootstrapFlux(t *testing.T) {
 				},
 			},
 			config: &Config{
-				FluxInstalled: false,
+				FluxConfig: FluxConfig{
+					IsInstalled: false,
+				},
 				ModesConfig: ModesConfig{
 					Export: true,
 				},

pkg/bootstrap/steps/bootstrap_flux.go

@@ -68,7 +68,9 @@ func NewBootstrapFlux(config Config) BootstrapStep {
 	if config.PrivateKeyPath == "" {
 		inputs = append(inputs, getKeyPath)
 	}
-	if config.PrivateKeyPassword == "" {
+
+	// we need to ask if empty password comes by default
+	if config.PrivateKeyPassword == "" && !config.PrivateKeyPasswordChanged {
 		inputs = append(inputs, getKeyPassword)
 	}
 

pkg/bootstrap/steps/bootstrap_flux_test.go

@@ -3,9 +3,54 @@ package steps
 import (
 	"testing"
 
-	"github.com/alecthomas/assert"
+	"github.com/google/go-cmp/cmp"
+	"github.com/google/go-cmp/cmp/cmpopts"
+	"github.com/stretchr/testify/assert"
 )
 
+func TestNewBootstrapFlux(t *testing.T) {
+	tests := []struct {
+		name      string
+		config    Config
+		wantInput []StepInput
+	}{
+		{
+			name: "should not ask for key password if user introduced empty flag",
+			config: MakeTestConfig(t, Config{
+				PrivateKeyPassword:        "",
+				PrivateKeyPasswordChanged: true,
+			}),
+			wantInput: []StepInput{
+				getKeyPath,
+				getGitUsername,
+				getGitPassword,
+			},
+		},
+		{
+			name: "should ask for key password if user not introduced",
+			config: MakeTestConfig(t, Config{
+				PrivateKeyPassword:        "",
+				PrivateKeyPasswordChanged: false,
+			}),
+			wantInput: []StepInput{
+				getKeyPath,
+				getKeyPassword,
+				getGitUsername,
+				getGitPassword,
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got := NewBootstrapFlux(tt.config)
+			opts := cmpopts.IgnoreFields(StepInput{}, "Enabled")
+			if diff := cmp.Diff(tt.wantInput, got.Input, opts); diff != "" {
+				t.Fatalf("unpected step inputs:\n%s", diff)
+			}
+		})
+	}
+}
+
 func TestConfigureFluxCreds(t *testing.T) {
 
 	tests := []struct {
@@ -29,7 +74,9 @@ func TestConfigureFluxCreds(t *testing.T) {
 				},
 			},
 			config: &Config{
-				FluxInstalled: true,
+				FluxConfig: FluxConfig{
+					IsInstalled: true,
+				},
 				GitRepository: GitRepositoryConfig{
 					Scheme: sshScheme,
 				},
@@ -51,7 +98,9 @@ func TestConfigureFluxCreds(t *testing.T) {
 				},
 			},
 			config: &Config{
-				FluxInstalled: true,
+				FluxConfig: FluxConfig{
+					IsInstalled: true,
+				},
 				GitRepository: GitRepositoryConfig{
 					Scheme: httpsScheme,
 				},

pkg/bootstrap/steps/bootstrap_git_repo_config.go

@@ -34,7 +34,7 @@ var (
 		Enabled:      canAskForFluxBootstrap,
 	}
 
-	getRepoPath = StepInput{
+	getRepoPathIn = StepInput{
 		Name:         inRepoPath,
 		Type:         stringInput,
 		Msg:          gitRepoPathMsg,
@@ -56,11 +56,21 @@ type GitRepositoryConfig struct {
 }
 
 // NewGitRepositoryConfig creates new Git repository configuration from valid input parameters.
-func NewGitRepositoryConfig(url string, branch string, path string) (GitRepositoryConfig, error) {
+func NewGitRepositoryConfig(url string, branch string, path string, fluxConfig FluxConfig) (GitRepositoryConfig, error) {
 	var scheme string
 	var err error
 	var normalisedUrl string
 
+	// using flux config as we dont support updates
+	if fluxConfig.IsInstalled {
+		return GitRepositoryConfig{
+			Url:    fluxConfig.Url,
+			Scheme: fluxConfig.Scheme,
+			Branch: fluxConfig.Branch,
+			Path:   fluxConfig.Path,
+		}, nil
+	}
+
 	if url != "" {
 		normalisedUrl, scheme, err = normaliseUrl(url)
 		if err != nil {
@@ -115,7 +125,7 @@ func NewGitRepositoryConfigStep(config GitRepositoryConfig) BootstrapStep {
 	}
 
 	if config.Path == "" {
-		inputs = append(inputs, getRepoPath)
+		inputs = append(inputs, getRepoPathIn)
 	}
 
 	return BootstrapStep{
@@ -127,7 +137,7 @@ func NewGitRepositoryConfigStep(config GitRepositoryConfig) BootstrapStep {
 
 func createGitRepositoryConfig(input []StepInput, c *Config) ([]StepOutput, error) {
 
-	if c.FluxInstalled {
+	if c.FluxConfig.IsInstalled {
 		return []StepOutput{}, nil
 	}
 
@@ -157,7 +167,7 @@ func createGitRepositoryConfig(input []StepInput, c *Config) ([]StepOutput, erro
 		}
 	}
 
-	repoConfig, err := NewGitRepositoryConfig(repoURL, repoBranch, repoPath)
+	repoConfig, err := NewGitRepositoryConfig(repoURL, repoBranch, repoPath, c.FluxConfig)
 	if err != nil {
 		return nil, fmt.Errorf("error creating git repository configuration: %v", err)
 	}