weaveworks · waleedhammam · Nov 9, 2023 · Oct 31, 2023 · Nov 1, 2023 · Nov 7, 2023
diff --git a/cmd/gitops/app/bootstrap/cmd.go b/cmd/gitops/app/bootstrap/cmd.go
@@ -32,6 +32,12 @@ gitops bootstrap --password=hell0!
 
 # Start WGE installation using OIDC
 gitops bootstrap --client-id <client-id> --client-secret <client-secret> --discovery-url <discovery-url>
+
+# Start WGE installation with OIDC and flux bootstrap with https
+gitops bootstrap --version=<version> --password=<admin-password> --discovery-url=<oidc-discovery-url> --client-id=<oidc-client-id> --git-username=<git-username-https> --git-token=<token>--branch=<git-branch> --repo-path=<path-in-repo-for-management-cluster> --repo-url=https://<repo-url> --client-secret=<oidc-secret> -s
+
+# Start WGE installation with OIDC and flux bootstrap with ssh
+gitops bootstrap --version=<version> --password=<admin-password> --discovery-url=<oidc-discovery-url> --client-id=<oidc-client-id> --private-key-path=<private-key-path> --private-key-password=<private-key-password> --branch=<git-branch> --repo-path=<path-in-repo-for-management-cluster> --repo-url=ssh://<repo-url> --client-secret=<oidc-secret> -s
 `
 )
 
@@ -43,14 +49,26 @@ type bootstrapFlags struct {
 	domainType string
 	domain     string
 
-	// private key flags
+	// ssh git auth flags
 	privateKeyPath     string
 	privateKeyPassword string
 
+	// https git auth flags
+	gitUsername string
+	gitToken    string
+
+	// git repo flags
+	repoURL  string
+	branch   string
+	repoPath string
+
 	// oidc flags
 	discoveryURL string
 	clientID     string
 	clientSecret string
+
+	// modes flags
+	silent bool
 }
 
 var flags bootstrapFlags
@@ -65,24 +83,27 @@ func Command(opts *config.Options) *cobra.Command {
 	}
 
 	cmd.Flags().StringVarP(&flags.domainType, "domain-type", "t", "", "dashboard domain type: could be 'localhost' or 'externaldns'")
-	cmd.Flags().StringVarP(&flags.domain, "domain", "d", "", "indicate the domain to use in case of using `externaldns`")
+	cmd.Flags().StringVarP(&flags.domain, "domain", "d", "", "the domain to access the dashboard in case of using externaldns")
 	cmd.Flags().StringVarP(&flags.version, "version", "v", "", "version of Weave GitOps Enterprise (should be from the latest 3 versions)")
+	cmd.PersistentFlags().BoolVarP(&flags.silent, "bootstrap-flux", "s", false, "always choose yes for interactive questions")
+	cmd.PersistentFlags().StringVarP(&flags.gitUsername, "git-username", "", "", "git username used in https authentication type")
+	cmd.PersistentFlags().StringVarP(&flags.gitToken, "git-token", "", "", "git token used in https authentication type")
+	cmd.PersistentFlags().StringVarP(&flags.branch, "branch", "b", "", "git branch for your flux repository (example: main)")
+	cmd.PersistentFlags().StringVarP(&flags.repoPath, "repo-path", "r", "", "git path for your flux repository (example: clusters/my-cluster)")
+	cmd.PersistentFlags().StringVarP(&flags.repoURL, "repo-url", "", "", "git repo url for your flux repository (example: ssh://[email protected]/my-org-name/my-repo-name or https://github.com/my-org-name/my-repo-name)")
 	cmd.PersistentFlags().StringVarP(&flags.privateKeyPath, "private-key", "k", "", "private key path. This key will be used to push the Weave GitOps Enterprise's resources to the default cluster repository")
 	cmd.PersistentFlags().StringVarP(&flags.privateKeyPassword, "private-key-password", "c", "", "private key password. If the private key is encrypted using password")
 	cmd.PersistentFlags().StringVarP(&flags.discoveryURL, "discovery-url", "", "", "OIDC discovery URL")
 	cmd.PersistentFlags().StringVarP(&flags.clientID, "client-id", "i", "", "OIDC client ID")
-	cmd.PersistentFlags().StringVarP(&flags.clientSecret, "client-secret", "s", "", "OIDC client secret")
-
+	cmd.PersistentFlags().StringVarP(&flags.clientSecret, "client-secret", "", "", "OIDC client secret")
 	cmd.AddCommand(AuthCommand(opts))
 
 	return cmd
 }
 
 func getBootstrapCmdRun(opts *config.Options) func(*cobra.Command, []string) error {
 	return func(cmd *cobra.Command, args []string) error {
-
 		cliLogger := logger.NewCLILogger(os.Stdout)
-
 		// create config from flags
 		c, err := steps.NewConfigBuilder().
 			WithLogWriter(cliLogger).
@@ -91,8 +112,17 @@ func getBootstrapCmdRun(opts *config.Options) func(*cobra.Command, []string) err
 			WithVersion(flags.version).
 			WithDomainType(flags.domainType).
 			WithDomain(flags.domain).
-			WithPrivateKey(flags.privateKeyPath, flags.privateKeyPassword).
+			WithGitRepository(flags.repoURL,
+				flags.branch,
+				flags.repoPath,
+			).
+			WithGitAuthentication(flags.privateKeyPath,
+				flags.privateKeyPassword,
+				flags.gitUsername,
+				flags.gitToken,
+			).
 			WithOIDCConfig(flags.discoveryURL, flags.clientID, flags.clientSecret, true).
+			WithSilentFlag(flags.silent).
 			Build()
 
 		if err != nil {

diff --git a/cmd/gitops/app/bootstrap/cmd_acceptance_test.go b/cmd/gitops/app/bootstrap/cmd_acceptance_test.go
@@ -74,9 +74,31 @@ func TestBootstrapCmd(t *testing.T) {
 
 	privateKeyFile := os.Getenv("GIT_PRIVATEKEY_PATH")
 	g.Expect(privateKeyFile).NotTo(BeEmpty())
+
+	repoURLSSH := os.Getenv("GIT_REPO_URL_SSH")
+	g.Expect(repoURLSSH).NotTo(BeEmpty())
+	repoURLHTTPS := os.Getenv("GIT_REPO_URL_HTTPS")
+	g.Expect(repoURLHTTPS).NotTo(BeEmpty())
+	gitUsername := os.Getenv("GIT_USERNAME")
+	g.Expect(gitUsername).NotTo(BeEmpty())
+	gitToken := os.Getenv("GIT_TOKEN")
+	g.Expect(gitToken).NotTo(BeEmpty())
+	gitBranch := os.Getenv("GIT_BRANCH")
+	g.Expect(gitBranch).NotTo(BeEmpty())
+	gitRepoPath := os.Getenv("GIT_REPO_PATH")
+	g.Expect(gitRepoPath).NotTo(BeEmpty())
+
 	privateKeyFlag := fmt.Sprintf("--private-key=%s", privateKeyFile)
 	kubeconfigFlag := fmt.Sprintf("--kubeconfig=%s", kubeconfigPath)
 
+	repoHTTPSURLFlag := fmt.Sprintf("--repo-url=%s", repoURLHTTPS)
+
+	gitUsernameFlag := fmt.Sprintf("--git-username=%s", gitUsername)
+	gitTokenFlag := fmt.Sprintf("--git-token=%s", gitToken)
+
+	gitBranchFlag := fmt.Sprintf("--branch=%s", gitBranch)
+	gitRepoPathFlag := fmt.Sprintf("--repo-path=%s", gitRepoPath)
+
 	oidcClientSecret := os.Getenv("OIDC_CLIENT_SECRET")
 	g.Expect(oidcClientSecret).NotTo(BeEmpty())
 	oidcClientSecretFlag := fmt.Sprintf("--client-secret=%s", oidcClientSecret)
@@ -91,7 +113,7 @@ func TestBootstrapCmd(t *testing.T) {
 		reset            func(t *testing.T)
 	}{
 		{
-			name: "should bootstrap non-interactive with valid arguments",
+			name: "journey flux exists: should bootstrap with valid arguments",
 			flags: []string{kubeconfigFlag,
 				"--version=0.35.0",
 				privateKeyFlag, "--private-key-password=\"\"",
@@ -112,6 +134,28 @@ func TestBootstrapCmd(t *testing.T) {
 			},
 			expectedErrorStr: "",
 		},
+		{
+			name: "journey flux does not exist: should bootstrap with valid arguments",
+			flags: []string{kubeconfigFlag,
+				"--version=0.35.0",
+				"--password=admin123",
+				"--domain-type=localhost",
+				"--discovery-url=https://dex-01.wge.dev.weave.works/.well-known/openid-configuration",
+				"--client-id=weave-gitops-enterprise",
+				gitUsernameFlag, gitTokenFlag, gitBranchFlag, gitRepoPathFlag,
+				repoHTTPSURLFlag,
+				oidcClientSecretFlag, "-s",
+			},
+			setup: func(t *testing.T) {
+				createEntitlements(t, testLog)
+			},
+			reset: func(t *testing.T) {
+				deleteEntitlements(t, testLog)
+				deleteClusterUser(t, testLog)
+				uninstallFlux(g, kubeconfigFlag)
+			},
+			expectedErrorStr: "",
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
@@ -144,7 +188,7 @@ func TestBootstrapCmd(t *testing.T) {
 func bootstrapFluxSsh(g *WithT, kubeconfigFlag string) {
 	var runner runner.CLIRunner
 
-	repoUrl := os.Getenv("GIT_URL_SSH")
+	repoUrl := os.Getenv("GIT_REPO_URL_SSH")
 	g.Expect(repoUrl).NotTo(BeEmpty())
 	fmt.Println(repoUrl)
 

diff --git a/cmd/gitops/app/bootstrap/cmd_auth.go b/cmd/gitops/app/bootstrap/cmd_auth.go
@@ -58,8 +58,17 @@ func getAuthCmdRun(opts *config.Options) func(*cobra.Command, []string) error {
 		c, err := steps.NewConfigBuilder().
 			WithLogWriter(cliLogger).
 			WithKubeconfig(opts.Kubeconfig).
-			WithPrivateKey(flags.privateKeyPath, flags.privateKeyPassword).
+			WithGitRepository(flags.repoURL,
+				flags.branch,
+				flags.repoPath,
+			).
+			WithGitAuthentication(flags.privateKeyPath,
+				flags.privateKeyPassword,
+				flags.gitUsername,
+				flags.gitToken,
+			).
 			WithOIDCConfig(flags.discoveryURL, flags.clientID, flags.clientSecret, false).
+			WithSilentFlag(flags.silent).
 			Build()
 
 		if err != nil {

diff --git a/docs/cli/bootstrap.md b/docs/cli/bootstrap.md
@@ -110,6 +110,13 @@ type Config struct {
 
 ```
 
+### Style sugestions for steps
+
+**Inputs**
+
+- We usually prefix input names with `in` prefix (short for input) to distinguish these constants from everything else. 
+
+
 ## Error management 
 
 A bootstrapping error received by the platform engineer shoudl allow:
@@ -141,6 +148,20 @@ These messages will provide extra information that's not provided by errors like
 
 Use custom errors when required for better handling like [this](https://github.com/weaveworks/weave-gitops-enterprise/blob/6b1c1db9dc0512a9a5c8dd03ddb2811a897849e6/pkg/bootstrap/steps/entitlement.go#L65)
 
+3) Special case for cases where we could recover from the error and don't need to terminate
+
+for example [here](https://github.com/weaveworks/weave-gitops-enterprise/blob/80667a419c286ee7d45178b639e36a2015533cb6/pkg/bootstrap/steps/flux.go#L39)
+
+flux is not bootstrapped, but in the process we can bootstrap flux. in this case we could log the failure and continue the execution
+
+```go
+	out, err := runner.Run("flux", "check")
+	if err != nil {
+		c.Logger.Failuref("flux installed error: %v. %s", string(out), fluxRecoverMsg)
+		return []StepOutput{}, nil
+	}
+```
+
 ## Logging Actions
 
 For sharing progress with the user, the following levels are used:
@@ -182,8 +203,15 @@ Entitlement stage
 - `WGE_ENTITLEMENT_USERNAME`: entitlements username  to use for creating the entitlement before running the test.
 - `WGE_ENTITLEMENT_PASSWORD`: entitlements password  to use for creating the entitlement before running the test.
 - `WGE_ENTITLEMENT_ENTITLEMENT`: valid entitlements token to use for creating the entitlement before running the test.
+- `OIDC_CLIENT_SECRET`: client secret for oidc flag
 - `GIT_PRIVATEKEY_PATH`: path to the private key to do the git operations.
-- `GIT_URL_SSH`: git ssh url for the repo wge configuration repo.
+- `GIT_REPO_URL_SSH`: git ssh url for the repo wge configuration repo.
+- `GIT_REPO_URL_HTTPS`: git https url for the repo wge configuration repo.
+- `GIT_USERNAME`: git username for testing https auth
+- `GIT_TOKEN`: git token for testing https auth
+- `GIT_BRANCH`: git branch for testing with flux bootstrap
+- `GIT_REPO_PATH`: git repo path for default cluster for testing with flux bootstrap
+
 
 Run it via `make cli-acceptance-tests`
 
@@ -204,4 +232,31 @@ See the following examples:
 
 This will be addressed in the following [ticket](https://github.com/weaveworks/weave-gitops-enterprise/issues/3405)
 
+## Enable/Disable one or more input from step inputs
+
+Field [`Enabled`](https://github.com/weaveworks/weave-gitops-enterprise/blob/80667a419c286ee7d45178b639e36a2015533cb6/pkg/bootstrap/steps/ask_bootstrap_flux.go#L14) is added to the step input to allow/disallow this input from being processd
+
+This field should receive a function that takes the step input, config object and returns boolean value 
+
+example:
+
+- step input
+
+	```go
+	var bootstrapFLuxQuestion = StepInput{
+		Name:    inBootstrapFlux,
+		Type:    confirmInput,
+		Msg:     bootstrapFluxMsg,
+		Enabled: canAskForFluxBootstrap,
+	}
+	```
+
+- function
+
+	```go
+	func canAskForFluxBootstrap(input []StepInput, c *Config) bool {
+		return !c.FluxInstallated
+	}
+	```
 
+This input will be processed only if `Enabled` field is equal to `true`
diff --git a/pkg/bootstrap/bootstrap.go b/pkg/bootstrap/bootstrap.go
@@ -9,8 +9,10 @@ func Bootstrap(config steps.Config) error {
 	// TODO have a single workflow source of truth and documented in https://docs.gitops.weave.works/docs/0.33.0/enterprise/getting-started/install-enterprise/
 	var steps = []steps.BootstrapStep{
 		steps.VerifyFluxInstallation,
+		steps.NewAskBootstrapFluxStep(config),
+		steps.NewGitRepositoryConfig(config),
+		steps.NewBootstrapFlux(config),
 		steps.CheckEntitlementSecret,
-		steps.NewAskPrivateKeyStep(config),
 		steps.NewSelectWgeVersionStep(config),
 		steps.NewAskAdminCredsSecretStep(config),
 		steps.NewSelectDomainType(config),

diff --git a/pkg/bootstrap/bootstrap_auth.go b/pkg/bootstrap/bootstrap_auth.go
@@ -26,7 +26,7 @@ func bootstrapOIDC(config steps.Config) error {
 	var steps = []steps.BootstrapStep{
 		steps.VerifyFluxInstallation,
 		steps.CheckEntitlementSecret,
-		steps.NewAskPrivateKeyStep(config),
+		steps.NewBootstrapFlux(config),
 		steps.NewInstallOIDCStep(config),
 		steps.NewOIDCConfigStep(config),
 	}

diff --git a/pkg/bootstrap/steps/admin_password.go b/pkg/bootstrap/steps/admin_password.go
@@ -24,11 +24,11 @@ const (
 )
 
 var getPasswordInput = StepInput{
-	Name:         Password,
+	Name:         inPassword,
 	Type:         passwordInput,
 	Msg:          adminPasswordMsg,
 	DefaultValue: defaultAdminPassword,
-	Valuesfn:     canAskForCreds,
+	Enabled:      canAskForCreds,
 	Required:     true,
 }
 
@@ -41,11 +41,11 @@ var getPasswordInput = StepInput{
 func NewAskAdminCredsSecretStep(config Config) BootstrapStep {
 	inputs := []StepInput{
 		{
-			Name:            existingCreds,
+			Name:            inExistingCreds,
 			Type:            confirmInput,
 			Msg:             existingCredsMsg,
 			DefaultValue:    "",
-			Valuesfn:        isExistingAdminSecret,
+			Enabled:         isExistingAdminSecret,
 			StepInformation: fmt.Sprintf(adminSecretExistsMsgFormat, adminSecretName, WGEDefaultNamespace),
 		},
 	}
@@ -65,21 +65,21 @@ func createCredentials(input []StepInput, c *Config) ([]StepOutput, error) {
 	// search for existing admin credentials in secret cluster-user-auth
 	continueWithExistingCreds := confirmYes
 	for _, param := range input {
-		if param.Name == Password {
+		if param.Name == inPassword {
 			password, ok := param.Value.(string)
 			if ok {
 				c.Password = password
 			}
 		}
-		if param.Name == existingCreds {
+		if param.Name == inExistingCreds {
 			existing, ok := param.Value.(string)
 			if ok {
 				continueWithExistingCreds = existing
 			}
 		}
 	}
 
-	if existing, _ := isExistingAdminSecret(input, c); existing.(bool) {
+	if existing := isExistingAdminSecret(input, c); existing {
 		if continueWithExistingCreds != confirmYes {
 			return []StepOutput{}, fmt.Errorf(existingCredsExitMsg, adminSecretName, WGEDefaultNamespace)
 		} else {
@@ -120,17 +120,11 @@ func createCredentials(input []StepInput, c *Config) ([]StepOutput, error) {
 // isExistingAdminSecret checks for admin secret on management cluster
 // returns true if admin secret is already on the cluster
 // returns false if no admin secret on the cluster
-func isExistingAdminSecret(input []StepInput, c *Config) (interface{}, error) {
+func isExistingAdminSecret(input []StepInput, c *Config) bool {
 	_, err := utils.GetSecret(c.KubernetesClient, adminSecretName, WGEDefaultNamespace)
-	if err != nil {
-		return false, nil
-	}
-	return true, nil
+	return err == nil
 }
 
-func canAskForCreds(input []StepInput, c *Config) (interface{}, error) {
-	if ask, _ := isExistingAdminSecret(input, c); ask.(bool) {
-		return false, nil
-	}
-	return true, nil
+func canAskForCreds(input []StepInput, c *Config) bool {
+	return !isExistingAdminSecret(input, c)
 }