Onboarding CLI | Flux bootstrapping and git authentication credentials #3578
Conversation
There was a problem hiding this comment.
Reviewed the code with the common suggestion of adding tests for newly added functions or changed contracts.
I didn't test how it works as i could not find in the PR description indications on how to test it. Please add this information.
Last suggestion is to revisit adding integration and acceptance tests: it is an important journey with different integration points. It is likely that we would benefit from them.
pkg/bootstrap/bootstrap.go
Outdated
| steps.VerifyFluxInstallation, | ||
| steps.NewAskBootstrapFluxStep(config), | ||
| steps.NewSelectGitAuthType(config), | ||
| steps.NewBootstrapFluxUsingSSH(config), | ||
| steps.NewBootstrapFluxUsingHTTPS(config), |
There was a problem hiding this comment.
Please share the design considerations used for selecting using these steps over other design like having a single step called fluxinstall. please shar
There was a problem hiding this comment.
updated to be
steps.NewAskBootstrapFluxStep(config),
steps.NewFluxGitRepositoryConfig(config),
steps.NewBootstrapFlux(config),the currently implemented logic, process all the inputs first, then execute the step function
meanwhile some inputs rely on other inputs from the previous step and could change accordingly
for example in case of passing a repo-url with ssh scheme, we need to only ask about private key and private key password
and in case of passing a repo-url with https scheme, then we need to ask about username and token
and since we handle input first, then process, then out. if we don't pass the value to this step it'll ask all of them anyway
cmd/gitops/app/bootstrap/cmd.go
Outdated
| cmd.Flags().StringVarP(&flags.version, "version", "v", "", "version of Weave GitOps Enterprise (should be from the latest 3 versions)") | ||
| cmd.PersistentFlags().BoolVarP(&flags.silent, "bootstrap-flux", "s", false, "always choose yes for interactive questions") | ||
| cmd.PersistentFlags().StringVarP(&flags.gitUsername, "git-username", "", "", "git username used in https authentication type") | ||
| cmd.PersistentFlags().StringVarP(&flags.gitToken, "git-token", "", "", "git token used in https authentication type") |
There was a problem hiding this comment.
should be token or password? i could see https://fluxcd.io/flux/cmd/flux_bootstrap_git/ is password
There was a problem hiding this comment.
yeah in flux is password but it's very confusing as adding the git https basic auth with password doesn't work anymore and only accept token
There was a problem hiding this comment.
yes but i think that flux gets it from http where basic auth is username and password https://en.wikipedia.org/wiki/Basic_access_authentication
There was a problem hiding this comment.
but auth with username and password is no longer accepted https://docs.github.com/en/rest/overview/authenticating-to-the-rest-api?apiVersion=2022-11-28#authenticating-with-username-and-password
There was a problem hiding this comment.
ahh we add --token-auth to flux configuration so that it can handle it as a token
There was a problem hiding this comment.
i guess flux is correct calling it password
https://fluxcd.io/flux/components/source/gitrepositories/#basic-access-authentication
as it is how is defined in the standard https://datatracker.ietf.org/doc/html/rfc7617#section-2
we could review this in the catchup too
| PrivateKeyPath: cb.privateKeyPath, | ||
| PrivateKeyPassword: cb.privateKeyPassword, | ||
| GitUsername: cb.gitUsername, |
There was a problem hiding this comment.
we should work towards a more modular configuration approach ... like having just a single GitConfig struct for anything git configuration ...
There was a problem hiding this comment.
Some more feedback after manually tested with
go run cmd/gitops/main.go bootstrap --version=0.35.0 --password=admin123 --domain-type=localhost --git-username=enekofb --git-token=<valid-token>--branch=main --repo-path=clusters/management --repo-url=https://github.com/enekofb/cli-dev.git
For the scenario I dont have flux bootstrapping:
► checking crds
✗ no crds found with the label selector 'app.kubernetes.io/part-of=flux'
✗ check failed
. please bootstrap Flux in 'flux-system' namespace: more info https://fluxcd.io/flux/installation
◎ bootstrap flux
? do you want to bootstrap flux using the generic way? [y/N] █
this message might be redundant? please bootstrap Flux in 'flux-system' namespace: more info https://fluxcd.io/flux/installation when you are offered to install it after. we could remove it.
When in the bootsrapping: may be there is an inconsistent usage of ◎ given that indicates begining and end of step or so
◎ bootstrap flux
do you want to bootstrap flux using the generic way: y
◎ flux repository configuration
► detected repo scheme: https
◎ git credentials
◎ bootstrapping flux ...
it feels better actions ►
install finishes but already containers have not yet been created -> it seems that we should wait for the release to happen
…an https. leaving https cause the bootstrapped scenario already have ssh
Co-authored-by: Eneko Fernández <[email protected]>
| cmd.Flags().StringVarP(&flags.version, "version", "v", "", "version of Weave GitOps Enterprise (should be from the latest 3 versions)") | ||
| cmd.PersistentFlags().BoolVarP(&flags.silent, "bootstrap-flux", "s", false, "always choose yes for interactive questions") |
There was a problem hiding this comment.
not sure if yes as default is a safe choice. let review in the standup the list of questions and understand the side effects of it.
it also feel an important decision to record as ADR
There was a problem hiding this comment.
maybe we could add a hint that's this option is currently for testing only
There was a problem hiding this comment.
Looking into the questions of confirmyes we have:
- admin creds yes means to reuse existing ones (which makes sense as default option)
- oidc yes means to install it (where the default option makes sense to be no)
suggestion would be to change semantics for this flag from always yes to default option if not introduced input
There was a problem hiding this comment.
follow up: change the silent semantics to use default behaviour where the default behaviour for each step should be the most conservative one: dont do a state change or mutation
for now:
- we ship it in this release
- in the release notes we add a knowns saying that if cli silent is enabled it will install by default oidc.
* unify repo url variables * update doc
Co-authored-by: Eneko Fernández <[email protected]>
| steps.VerifyFluxInstallation, | ||
| steps.NewAskBootstrapFluxStep(config), | ||
| steps.NewGitRepositoryConfig(config), | ||
| steps.NewBootstrapFlux(config), |
There was a problem hiding this comment.
- git configuration is something that is discovered from flux.
- when we dont have flux, we just need to ask for it.
Closes #3295
What changed?
Why was this change made?
How was this change implemented?
How did you validate the change?
for interactive
gitops bootstrapand follow the wizardfor non-interactive 2 scenarios:
Integration tests -- what is covered, what cannot be covered;
or, explain why there are no new tests
Unit tests -- what is covered, what cannot be covered; are
there tests that fail without the change?
Release notes
Documentation Changes
Other follow ups