Add bootstrap CLI controllers configurations (#3647)

* add controllers configurations with acceptance and unit tests

* silent mode doesn't ask for extra controllers

* use components-extra instead of extra-controllers

* install components before check ui domain

* remove example

* use empty quotes instead of none value

* remove creation timestamp

* add flag to bootstrap flux to ensure the default behaviour

* remove all of above option

* add case for one or more controllers

* add case for silent mode

* fix terraform controller test

* fix target namespace

* handle update scenario

* rename extra components to componetes extra to align with flag

* fix flags

* add test case for bootstrap flux in silent mode

* don't use yes as default and fail if no defaults set

* remove capi controller and refactor configuration

* add case for silent mode

* add test case for silent mode

* rename comment

* remove capi leftovers

* use policy agent from url in the repository

* fix comment

* add update logic to extra components

* update acceptance testing wge version

* restore empty input instead of nil

* fix flux bootstrap

* some wording suggestions

* using none instead of empty string

* update messages

---------

Co-authored-by: Eneko Fernandez <[email protected]>

Author: waleedhammam

cmd/gitops/app/bootstrap/cmd.go

@@ -34,10 +34,13 @@ gitops bootstrap --password=hell0!
 gitops bootstrap --client-id <client-id> --client-secret <client-secret> --discovery-url <discovery-url>
 
 # Start WGE installation with OIDC and flux bootstrap with https
-gitops bootstrap --version=<version> --password=<admin-password> --discovery-url=<oidc-discovery-url> --client-id=<oidc-client-id> --git-username=<git-username-https> -gitPassword=<gitPassword>--branch=<git-branch> --repo-path=<path-in-repo-for-management-cluster> --repo-url=https://<repo-url> --client-secret=<oidc-secret> -s
+gitops bootstrap --version=<version> --password=<admin-password> --discovery-url=<oidc-discovery-url> --client-id=<oidc-client-id> --git-username=<git-username-https> --gitPassword=<gitPassword> --bootstrap-flux --branch=<git-branch> --repo-path=<path-in-repo-for-management-cluster> --repo-url=https://<repo-url> --client-secret=<oidc-secret> -s
 
 # Start WGE installation with OIDC and flux bootstrap with ssh
 gitops bootstrap --version=<version> --password=<admin-password> --discovery-url=<oidc-discovery-url> --client-id=<oidc-client-id> --private-key-path=<private-key-path> --private-key-password=<private-key-password> --branch=<git-branch> --repo-path=<path-in-repo-for-management-cluster> --repo-url=ssh://<repo-url> --client-secret=<oidc-secret> -s
+
+# Start WGE installation with more than one extra controller 
+gitops bootstrap --components-extra="policy-agent,tf-controller"
 `
 )
 
@@ -65,6 +68,12 @@ type bootstrapFlags struct {
 
 	// modes flags
 	silent bool
+
+	// flux flag
+	bootstrapFlux bool
+
+	// extra controllers
+	componentsExtra []string
 }
 
 var flags bootstrapFlags
@@ -79,7 +88,9 @@ func Command(opts *config.Options) *cobra.Command {
 	}
 
 	cmd.Flags().StringVarP(&flags.version, "version", "v", "", "version of Weave GitOps Enterprise (should be from the latest 3 versions)")
-	cmd.PersistentFlags().BoolVarP(&flags.silent, "bootstrap-flux", "s", false, "always choose yes for interactive questions")
+	cmd.Flags().StringSliceVar(&flags.componentsExtra, "components-extra", nil, "extra components to be installed. Supported components: none, policy-agent, tf-controller")
+	cmd.PersistentFlags().BoolVarP(&flags.silent, "silent", "s", false, "non-interactive session: it will not ask questions but rather to use default values to complete the introduced flags")
+	cmd.PersistentFlags().BoolVarP(&flags.bootstrapFlux, "bootstrap-flux", "", false, "flags that you want to bootstrap Flux in case is not detected")
 	cmd.PersistentFlags().StringVarP(&flags.gitUsername, "git-username", "", "", "git username used in https authentication type")
 	cmd.PersistentFlags().StringVarP(&flags.gitPassword, "git-password", "", "", "git password/token used in https authentication type")
 	cmd.PersistentFlags().StringVarP(&flags.branch, "branch", "b", "", "git branch for your flux repository (example: main)")
@@ -115,6 +126,8 @@ func getBootstrapCmdRun(opts *config.Options) func(*cobra.Command, []string) err
 			).
 			WithOIDCConfig(flags.discoveryURL, flags.clientID, flags.clientSecret, true).
 			WithSilentFlag(flags.silent).
+			WithBootstrapFluxFlag(flags.bootstrapFlux).
+			WithComponentsExtra(flags.componentsExtra).
 			Build()
 
 		if err != nil {

cmd/gitops/app/bootstrap/cmd_acceptance_test.go

@@ -75,8 +75,6 @@ func TestBootstrapCmd(t *testing.T) {
 	privateKeyFile := os.Getenv("GIT_PRIVATEKEY_PATH")
 	g.Expect(privateKeyFile).NotTo(BeEmpty())
 
-	privateKeyPassword := os.Getenv("GIT_PRIVATEKEY_PASSWORD")
-
 	repoURLSSH := os.Getenv("GIT_REPO_URL_SSH")
 	g.Expect(repoURLSSH).NotTo(BeEmpty())
 	repoURLHTTPS := os.Getenv("GIT_REPO_URL_HTTPS")
@@ -89,6 +87,10 @@ func TestBootstrapCmd(t *testing.T) {
 	g.Expect(gitBranch).NotTo(BeEmpty())
 	gitRepoPath := os.Getenv("GIT_REPO_PATH")
 	g.Expect(gitRepoPath).NotTo(BeEmpty())
+	privateKeyPassword := os.Getenv("GIT_PRIVATEKEY_PASSWORD")
+	g.Expect(privateKeyPassword).NotTo(BeEmpty())
+	oidcClientSecret := os.Getenv("OIDC_CLIENT_SECRET")
+	g.Expect(oidcClientSecret).NotTo(BeEmpty())
 
 	privateKeyFlag := fmt.Sprintf("--private-key=%s", privateKeyFile)
 	privateKeyPasswordFlag := fmt.Sprintf("--private-key-password=%s", privateKeyPassword)
@@ -103,8 +105,6 @@ func TestBootstrapCmd(t *testing.T) {
 	gitBranchFlag := fmt.Sprintf("--branch=%s", gitBranch)
 	gitRepoPathFlag := fmt.Sprintf("--repo-path=%s", gitRepoPath)
 
-	oidcClientSecret := os.Getenv("OIDC_CLIENT_SECRET")
-	g.Expect(oidcClientSecret).NotTo(BeEmpty())
 	oidcClientSecretFlag := fmt.Sprintf("--client-secret=%s", oidcClientSecret)
 
 	_ = k8sClient.Create(context.Background(), &fluxSystemNamespace)
@@ -119,12 +119,13 @@ func TestBootstrapCmd(t *testing.T) {
 		{
 			name: "journey flux exists: should bootstrap with valid arguments",
 			flags: []string{kubeconfigFlag,
-				"--version=0.35.0",
+				"--version=0.37.0",
 				privateKeyFlag, privateKeyPasswordFlag,
 				"--password=admin123",
 				"--discovery-url=https://dex-01.wge.dev.weave.works/.well-known/openid-configuration",
 				"--client-id=weave-gitops-enterprise",
 				oidcClientSecretFlag,
+				"-s",
 			},
 			setup: func(t *testing.T) {
 				bootstrapFluxSsh(g, kubeconfigFlag)
@@ -140,14 +141,15 @@ func TestBootstrapCmd(t *testing.T) {
 		{
 			name: "journey flux does not exist: should bootstrap with valid arguments",
 			flags: []string{kubeconfigFlag,
-				"--version=0.35.0",
-				privateKeyFlag, privateKeyPasswordFlag,
+				"--version=0.37.0",
 				"--password=admin123",
 				"--discovery-url=https://dex-01.wge.dev.weave.works/.well-known/openid-configuration",
 				"--client-id=weave-gitops-enterprise",
 				gitUsernameFlag, gitPasswordFlag, gitBranchFlag, gitRepoPathFlag,
 				repoHTTPSURLFlag,
 				oidcClientSecretFlag, "-s",
+				"--components-extra=policy-agent,tf-controller",
+				"--bootstrap-flux",
 			},
 			setup: func(t *testing.T) {
 				createEntitlements(t, testLog)
@@ -162,7 +164,6 @@ func TestBootstrapCmd(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-
 			if tt.setup != nil {
 				tt.setup(t)
 			}
@@ -200,8 +201,9 @@ func bootstrapFluxSsh(g *WithT, kubeconfigFlag string) {
 	fmt.Println(privateKeyFile)
 
 	privateKeyPassword := os.Getenv("GIT_PRIVATEKEY_PASSWORD")
+	g.Expect(privateKeyFile).NotTo(BeEmpty())
 
-	args := []string{"bootstrap", "git", kubeconfigFlag, "-s", fmt.Sprintf("--url=%s", repoUrl), fmt.Sprintf("--password=%s", privateKeyPassword), fmt.Sprintf("--private-key-file=%s", privateKeyFile), "--path=clusters/management"}
+	args := []string{"bootstrap", "git", kubeconfigFlag, "-s", fmt.Sprintf("--url=%s", repoUrl), fmt.Sprintf("--private-key-file=%s", privateKeyFile), fmt.Sprintf("--password=%s", privateKeyPassword), "--path=clusters/management"}
 	fmt.Println(args)
 
 	s, err := cliRunner.Run("flux", args...)

docs/cli/bootstrap.md

@@ -274,9 +274,16 @@ func selectWgeVersion(input []StepInput, c *Config) ([]StepOutput, error) {
 
 ```
 
+## Default Behaviours (default value in inputs)
 
+CLI take the decisions that considered safe to user by using the information provided by user in which no mutation could happen on the user's cluster.
 
+The default values in the step input will be used while silent mode is on by providing `-s`, `--silent`
 
+Examples:
+- Using existing credentials this will not replace the user's data and it's safe
+- Not to install extra controllers unless provided otherwise
+- Not to install OIDC unless provided otherwise
 
 ## Error management 
 

pkg/bootstrap/bootstrap.go

@@ -16,6 +16,8 @@ func Bootstrap(config steps.Config) error {
 
 	repositoryConfig := steps.NewGitRepositoryConfigStep(config.GitRepository)
 
+	componentesExtra := steps.NewInstallExtraComponentsStep(config.ComponentsExtra, config.Silent)
+
 	// TODO have a single workflow source of truth and documented in https://docs.gitops.weave.works/docs/0.33.0/enterprise/getting-started/install-enterprise/
 	var steps = []steps.BootstrapStep{
 		steps.VerifyFluxInstallation,
@@ -28,6 +30,7 @@ func Bootstrap(config steps.Config) error {
 		steps.NewInstallWGEStep(),
 		steps.NewInstallOIDCStep(config),
 		steps.NewOIDCConfigStep(config),
+		componentesExtra,
 		steps.CheckUIDomainStep,
 	}
 

pkg/bootstrap/steps/admin_password.go

@@ -13,13 +13,12 @@ import (
 const (
 	adminPasswordMsg                = "dashboard admin password (minimum characters: 6)"
 	secretConfirmationMsg           = "admin login credentials has been created successfully!"
-	adminSecretExistsErrorMsgFormat = "admin login credentials already exist on the cluster. To reset admin credentials please remove secret '%s' in namespace '%s'."
-	useExistingMessageFormat        = "using existing admin login credentials from secret '%s' in namespace '%s'. To reset admin credentials please remove the secret."
+	adminSecretExistsErrorMsgFormat = "admin login credentials already exist on the cluster. To reset admin credentials please remove secret '%s' in namespace '%s'"
+	useExistingMessageFormat        = " using existing admin login credentials from secret '%s' in namespace '%s'. To reset admin credentials please remove the secret"
 )
 
 const (
 	adminSecretName      = "cluster-user-auth"
-	confirmYes           = "y"
 	defaultAdminUsername = "wego-admin"
 )
 

pkg/bootstrap/steps/admin_password_test.go

@@ -78,7 +78,7 @@ func TestNewAskAdminCredsSecretStep(t *testing.T) {
 				Password:         "password123",
 			},
 			want:    BootstrapStep{},
-			wantErr: "admin login credentials already exist on the cluster. To reset admin credentials please remove secret 'cluster-user-auth' in namespace 'flux-system'.",
+			wantErr: "admin login credentials already exist on the cluster. To reset admin credentials please remove secret 'cluster-user-auth' in namespace 'flux-system'",
 		},
 	}
 	for _, tt := range tests {

pkg/bootstrap/steps/ask_bootstrap_flux.go

@@ -7,20 +7,24 @@ const (
 )
 
 var (
-	bootstrapFLuxQuestion = StepInput{
-		Name:    inBootstrapFlux,
-		Type:    confirmInput,
-		Msg:     bootstrapFluxMsg,
-		Enabled: canAskForFluxBootstrap,
+	bootstrapFluxQuestion = StepInput{
+		Name:         inBootstrapFlux,
+		Type:         confirmInput,
+		Msg:          bootstrapFluxMsg,
+		Enabled:      canAskForFluxBootstrap,
+		DefaultValue: confirmNo,
 	}
 )
 
 // NewAskBootstrapFluxStep step for asking if user want to install flux using generic method
 func NewAskBootstrapFluxStep(config Config) BootstrapStep {
+	if config.BootstrapFlux {
+		bootstrapFluxQuestion.DefaultValue = confirmYes
+	}
 	return BootstrapStep{
 		Name: "bootstrap flux",
 		Input: []StepInput{
-			bootstrapFLuxQuestion,
+			bootstrapFluxQuestion,
 		},
 		Step: askBootstrapFlux,
 	}
@@ -30,12 +34,16 @@ func askBootstrapFlux(input []StepInput, c *Config) ([]StepOutput, error) {
 	if !canAskForFluxBootstrap(input, c) {
 		return []StepOutput{}, nil
 	}
+	if c.BootstrapFlux && c.Silent {
+		c.Logger.Actionf("bootstrapping flux in the generic way")
+		return []StepOutput{}, nil
+	}
 	for _, param := range input {
 		if param.Name == inBootstrapFlux {
 			fluxBootstrapRes, ok := param.Value.(string)
 			if ok {
 				if fluxBootstrapRes != "y" {
-					return []StepOutput{}, fmt.Errorf("flux bootstrapped error: %s", fluxFatalErrorMsg)
+					return []StepOutput{}, fmt.Errorf("flux error: %s", fluxFatalErrorMsg)
 				}
 
 			}

pkg/bootstrap/steps/ask_bootstrap_flux_test.go

@@ -28,7 +28,7 @@ func TestAskBootstrapFlux(t *testing.T) {
 			input: []StepInput{
 				{
 					Name:  inBootstrapFlux,
-					Value: "n",
+					Value: confirmNo,
 				},
 			},
 			config: &Config{
@@ -51,6 +51,17 @@ func TestAskBootstrapFlux(t *testing.T) {
 			err:    false,
 			canAsk: true,
 		},
+		{
+			name:  "check with silent mode and bootstrap flux flag available",
+			input: []StepInput{},
+			config: &Config{
+				FluxInstallated: false,
+				BootstrapFlux:   true,
+				Silent:          true,
+			},
+			err:    false,
+			canAsk: true,
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {

pkg/bootstrap/steps/common_tests.go

@@ -1,9 +1,16 @@
 package steps
 
 import (
+	"encoding/json"
+	"fmt"
 	"testing"
+	"time"
 
+	helmv2 "github.com/fluxcd/helm-controller/api/v2beta1"
+	sourcev1beta2 "github.com/fluxcd/source-controller/api/v1beta2"
 	"github.com/weaveworks/weave-gitops-enterprise/test/utils"
+	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
@@ -56,5 +63,84 @@ func makeTestConfig(t *testing.T, config Config, objects ...runtime.Object) Conf
 		ClientSecret:            config.ClientSecret,
 		RedirectURL:             config.RedirectURL,
 		PromptedForDiscoveryURL: config.PromptedForDiscoveryURL,
+		Silent:                  config.Silent,
+		ComponentsExtra:         config.ComponentsExtra,
 	}
 }
+
+func createWGEHelmReleaseFakeObject(version string) (helmv2.HelmRelease, error) {
+	values := valuesFile{
+		TLS: map[string]interface{}{
+			"enabled": false,
+		},
+		GitOpsSets: map[string]interface{}{
+			"enabled": true,
+			"controllerManager": map[string]interface{}{
+				"manager": map[string]interface{}{
+					"args": []string{
+						fmt.Sprintf("--health-probe-bind-address=%s", gitopssetsHealthBindAddress),
+						fmt.Sprintf("--metrics-bind-address=%s", gitopssetsBindAddress),
+						"--leader-elect",
+						fmt.Sprintf("--enabled-generators=%s", gitopssetsEnabledGenerators),
+					},
+				},
+			},
+		},
+		EnablePipelines: true,
+		ClusterController: clusterController{
+			Enabled:          true,
+			FullNameOverride: clusterControllerFullOverrideName,
+			ControllerManager: clusterControllerManager{
+				Manager: clusterControllerManagerManager{
+					Image: clusterControllerImage{
+						Repository: clusterControllerImageName,
+						Tag:        clusterControllerImageTag,
+					},
+				},
+			}},
+	}
+
+	valuesBytes, err := json.Marshal(values)
+	if err != nil {
+		return helmv2.HelmRelease{}, err
+	}
+
+	wgeHRObject := helmv2.HelmRelease{
+		ObjectMeta: v1.ObjectMeta{
+			Name:      WgeHelmReleaseName,
+			Namespace: WGEDefaultNamespace,
+		}, Spec: helmv2.HelmReleaseSpec{
+			Chart: helmv2.HelmChartTemplate{
+				Spec: helmv2.HelmChartTemplateSpec{
+					Chart:             wgeChartName,
+					ReconcileStrategy: sourcev1beta2.ReconcileStrategyChartVersion,
+					SourceRef: helmv2.CrossNamespaceObjectReference{
+						Name:      wgeHelmRepositoryName,
+						Namespace: WGEDefaultNamespace,
+					},
+					Version: version,
+				},
+			},
+			Install: &helmv2.Install{
+				CRDs: helmv2.CreateReplace,
+			},
+			Upgrade: &helmv2.Upgrade{
+				CRDs: helmv2.CreateReplace,
+			},
+			Interval: v1.Duration{
+				Duration: time.Hour,
+			},
+			Values: &apiextensionsv1.JSON{Raw: valuesBytes},
+		},
+	}
+	return wgeHRObject, nil
+}
+
+func getControllerHelmReleaseTestFile(url string) string {
+	tfHelmFile, err := doBasicAuthGetRequest(url, "", "")
+	if err != nil {
+		fmt.Printf("error getting: %s HelmRelease: %v", url, err)
+		return ""
+	}
+	return string(tfHelmFile)
+}