refactor: simplify helm prompts (#115)

## Issue
Resolves #100

## Description
Add support for configuring helm via the new `helmConfig` and updated
`helmRelease` structs from validator. This greatly reduces the amount of
prompts users need to make their way through to actually deploy the
validator with any plugin.

## Tests
- Deployed validator and plugins with the default helm and image
registries.
- Deployed validator and plugins on a private harbor registry

## Out of scope
I've intentionally _NOT_ implemented changes to handle PLT-1300. There
are some TODO's littered throughout the codebase still that relate to
that issue.

go.mod

@@ -16,7 +16,7 @@ require (
 	github.com/spectrocloud-labs/prompts-tui v0.1.0
 	github.com/spf13/cobra v1.8.1
 	github.com/spf13/viper v1.19.0
-	github.com/validator-labs/validator v0.0.50
+	github.com/validator-labs/validator v0.1.0
 	github.com/validator-labs/validator-plugin-aws v0.1.2
 	github.com/validator-labs/validator-plugin-azure v0.0.14
 	github.com/validator-labs/validator-plugin-network v0.0.22-0.20240801153219-c280e896939b

go.sum

@@ -698,8 +698,8 @@ github.com/tjfoc/gmsm v1.4.1 h1:aMe1GlZb+0bLjn+cKTPEvvn9oUEBlJitaZiiBwsbgho=
 github.com/tjfoc/gmsm v1.4.1/go.mod h1:j4INPkHWMrhJb38G+J6W4Tw0AbuN8Thu3PbdVYhVcTE=
 github.com/transparency-dev/merkle v0.0.2 h1:Q9nBoQcZcgPamMkGn7ghV8XiTZ/kRxn1yCG81+twTK4=
 github.com/transparency-dev/merkle v0.0.2/go.mod h1:pqSy+OXefQ1EDUVmAJ8MUhHB9TXGuzVAT58PqBoHz1A=
-github.com/validator-labs/validator v0.0.50 h1:8h0Dy1Hl0818WuTF8hgZ3HaNxUtGSm130Zrp7f7vjGw=
-github.com/validator-labs/validator v0.0.50/go.mod h1:YxUKAXuSR6fIAi7WCQV/Wbrzf9szf8aCTeYWEA+JyIY=
+github.com/validator-labs/validator v0.1.0 h1:GVekIT5sG+kcyUbT04qb/pURmd9eE6NNKnSR9yJ1sQk=
+github.com/validator-labs/validator v0.1.0/go.mod h1:OeJMHGKW3pWGkvKxHLN7HzjelSILJg2k8w3Z9SdML1g=
 github.com/validator-labs/validator-plugin-aws v0.1.2 h1:wonvgg9DICxu2fPO3HCTZzC4wJEJBLdS26pt+s50JhI=
 github.com/validator-labs/validator-plugin-aws v0.1.2/go.mod h1:oh1xveiGhOgAtlI/okU/sHsOmr4mBbHSLCIoD5essLs=
 github.com/validator-labs/validator-plugin-azure v0.0.14 h1:/PVhAw3Ug4oJz5iRy+Qw8vKYYHd+gOBbXI5AH6GyYHg=

hack/validator.tmpl

@@ -1,21 +1,36 @@
+helmConfig:
+  registry: https://validator-labs.github.io
+  insecureSkipVerify: false
 helmRelease:
   chart:
     name: validator
-    repository: https://validator-labs.github.io/validator
+    repository: validator
     version: v${VALIDATOR_VERSION}
-    insecureSkipVerify: true
   values: ""
 helmReleaseSecret:
-  name: ""
-  caCertFile: ""
+  name: validator-helm-release-validator
+  basicAuth:
+    username: ""
+    password: ""
   exists: false
-imageRegistry: quay.io/validator-labs
-useFixedVersion: false
-registryConfig:
-  enabled: false
 kindConfig:
   useKindCluster: true
   kindClusterName: "<kind_cluster_name>"
+registryConfig:
+  enabled: false
+  registry:
+    host: ""
+    port: 0
+    basicAuth:
+      username: ""
+      password: ""
+    insecureSkipTLSVerify: false
+    caCert:
+      data: ""
+      name: ""
+      path: ""
+    baseContentPath: ""
+    isAirgapped: false
 sinkConfig:
   enabled: true
   createSecret: true
@@ -30,25 +45,22 @@ sinkConfig:
 proxyConfig:
   enabled: false
   env:
+    podCIDR: 172.16.0.0/20
     proxyCaCert:
       data: ""
       name: ""
       path: ""
-    podCIDR: 172.16.0.0/20
     serviceIPRange: 10.155.0.0/24
+imageRegistry: quay.io/validator-labs
+useFixedVersions: false
 awsPlugin:
   enabled: true
   helmRelease:
     chart:
       name: validator-plugin-aws
-      repository: https://validator-labs.github.io/validator-plugin-aws
+      repository: validator-plugin-aws
       version: v${AWS_VERSION}
-      insecureSkipVerify: true
     values: ""
-  helmReleaseSecret:
-    name: ""
-    caCertFile: ""
-    exists: false
   accessKeyId: a0XCQd+Emx7/bwAaTyY13ipTRychb4MiQw==
   secretAccessKey: IrGIW8FPVuOxVDRWQUdTa22SDf1MQ2PBw0kdngVq+w==
   validator:
@@ -160,14 +172,9 @@ networkPlugin:
   helmRelease:
     chart:
       name: validator-plugin-network
-      repository: https://validator-labs.github.io/validator-plugin-network
+      repository: validator-plugin-network
       version: v${NETWORK_VERSION}
-      insecureSkipVerify: true
     values: ""
-  helmReleaseSecret:
-    name: ""
-    caCertFile: ""
-    exists: false
   validator:
     dnsRules:
     - name: resolve foo
@@ -193,14 +200,9 @@ ociPlugin:
   helmRelease:
     chart:
       name: validator-plugin-oci
-      repository: https://validator-labs.github.io/validator-plugin-oci
+      repository: validator-plugin-oci
       version: v${OCI_VERSION}
-      insecureSkipVerify: true
     values: ""
-  helmReleaseSecret:
-    name: ""
-    caCertFile: ""
-    exists: false
   secrets:
   - name: oci-creds
     username: user1
@@ -228,14 +230,9 @@ vspherePlugin:
   helmRelease:
     chart:
       name: validator-plugin-vsphere
-      repository: https://validator-labs.github.io/validator-plugin-vsphere
+      repository: validator-plugin-vsphere
       version: v${VSPHERE_VERSION}
-      insecureSkipVerify: true
     values: ""
-  helmReleaseSecret:
-    name: ""
-    caCertFile: ""
-    exists: false
   account:
     insecure: true
     password: vn0cCP3U08iqDUwwCgBFWBbfekA+4TTe
@@ -526,14 +523,10 @@ azurePlugin:
   helmRelease:
     chart:
       name: validator-plugin-azure
-      repository: https://validator-labs.github.io/validator-plugin-azure
+      repository: validator-plugin-azure
       version: v${AZURE_VERSION}
       insecureSkipVerify: true
     values: ""
-  helmReleaseSecret:
-    name: ""
-    caCertFile: ""
-    exists: false
   tenantId: d551b7b1-78ae-43df-9d61-4935c843a454
   clientId: d551b7b1-78ae-43df-9d61-4935c843a454
   clientSecret: qC9aFbiDg/O2Ef31aqEBrbYXb/I+t+qXA4swfguuEBRRAQ==

pkg/cmd/validator/validator.go

@@ -385,7 +385,12 @@ func applyValidator(c *cfg.Config, vc *components.ValidatorConfig) error {
 
 	// build validator plugin spec
 	validatorSpec := vapi.ValidatorConfigSpec{
-		Plugins: make([]vapi.HelmRelease, 0),
+		HelmConfig: *vc.HelmConfig,
+		Plugins:    make([]vapi.HelmRelease, 0),
+	}
+
+	if vc.ReleaseSecret != nil && vc.ReleaseSecret.ShouldCreate() {
+		kubecommandsPre = append(kubecommandsPre, createReleaseSecretCmd(vc.ReleaseSecret))
 	}
 
 	if vc.AWSPlugin.Enabled {
@@ -401,9 +406,6 @@ func applyValidator(c *cfg.Config, vc *components.ValidatorConfig) error {
 			Chart:  vc.AWSPlugin.Release.Chart,
 			Values: string(values),
 		})
-		if vc.AWSPlugin.ReleaseSecret != nil && vc.AWSPlugin.ReleaseSecret.ShouldCreate() {
-			kubecommandsPre = append(kubecommandsPre, createReleaseSecretCmd(vc.AWSPlugin.ReleaseSecret))
-		}
 		pluginCount++
 	}
 
@@ -420,9 +422,6 @@ func applyValidator(c *cfg.Config, vc *components.ValidatorConfig) error {
 			Chart:  vc.AzurePlugin.Release.Chart,
 			Values: string(values),
 		})
-		if vc.AzurePlugin.ReleaseSecret != nil && vc.AzurePlugin.ReleaseSecret.ShouldCreate() {
-			kubecommandsPre = append(kubecommandsPre, createReleaseSecretCmd(vc.AzurePlugin.ReleaseSecret))
-		}
 		pluginCount++
 	}
 
@@ -439,9 +438,6 @@ func applyValidator(c *cfg.Config, vc *components.ValidatorConfig) error {
 			Chart:  vc.NetworkPlugin.Release.Chart,
 			Values: string(values),
 		})
-		if vc.NetworkPlugin.ReleaseSecret != nil && vc.NetworkPlugin.ReleaseSecret.ShouldCreate() {
-			kubecommandsPre = append(kubecommandsPre, createReleaseSecretCmd(vc.NetworkPlugin.ReleaseSecret))
-		}
 		pluginCount++
 	}
 
@@ -458,9 +454,6 @@ func applyValidator(c *cfg.Config, vc *components.ValidatorConfig) error {
 			Chart:  vc.OCIPlugin.Release.Chart,
 			Values: string(values),
 		})
-		if vc.OCIPlugin.ReleaseSecret != nil && vc.OCIPlugin.ReleaseSecret.ShouldCreate() {
-			kubecommandsPre = append(kubecommandsPre, createReleaseSecretCmd(vc.OCIPlugin.ReleaseSecret))
-		}
 		pluginCount++
 	}
 
@@ -477,9 +470,6 @@ func applyValidator(c *cfg.Config, vc *components.ValidatorConfig) error {
 			Chart:  vc.VspherePlugin.Release.Chart,
 			Values: string(values),
 		})
-		if vc.VspherePlugin.ReleaseSecret != nil && vc.VspherePlugin.ReleaseSecret.ShouldCreate() {
-			kubecommandsPre = append(kubecommandsPre, createReleaseSecretCmd(vc.VspherePlugin.ReleaseSecret))
-		}
 		pluginCount++
 	}
 
@@ -541,8 +531,9 @@ func applyValidator(c *cfg.Config, vc *components.ValidatorConfig) error {
 	opts := helm.Options{
 		Chart:                 vc.Release.Chart.Name,
 		Repo:                  vc.Release.Chart.Repository,
-		CaFile:                vc.Release.Chart.CAFile,
-		InsecureSkipTLSVerify: vc.Release.Chart.InsecureSkipTLSVerify,
+		Registry:              vc.HelmConfig.Registry,
+		CaFile:                vc.HelmConfig.CAFile,
+		InsecureSkipTLSVerify: vc.HelmConfig.InsecureSkipTLSVerify,
 		Version:               vc.Release.Chart.Version,
 		Values:                finalValues,
 		CreateNamespace:       true,
@@ -553,8 +544,8 @@ func applyValidator(c *cfg.Config, vc *components.ValidatorConfig) error {
 	}
 
 	var cleanupLocalChart bool
-	if strings.HasPrefix(opts.Repo, oci.Scheme) {
-		log.InfoCLI("\n==== Pulling validator Helm chart from OCI repository %s ====", opts.Repo)
+	if strings.HasPrefix(opts.Registry, oci.Scheme) {
+		log.InfoCLI("\n==== Pulling validator Helm chart from OCI registry %s ====", opts.Registry)
 
 		opts.Path = fmt.Sprintf("%s/%s", c.RunLoc, opts.Chart)
 		opts.Version = strings.TrimPrefix(opts.Version, "v")
@@ -567,7 +558,7 @@ func applyValidator(c *cfg.Config, vc *components.ValidatorConfig) error {
 			return fmt.Errorf("failed to create OCI client: %w", err)
 		}
 		ociOpts := oci.ImageOptions{
-			Ref:     fmt.Sprintf("%s/%s:%s", strings.TrimPrefix(opts.Repo, oci.Scheme), opts.Chart, opts.Version),
+			Ref:     fmt.Sprintf("%s/%s:%s", strings.TrimPrefix(opts.Registry, oci.Scheme), opts.Chart, opts.Version),
 			OutDir:  opts.Path,
 			OutFile: opts.Chart,
 		}

pkg/components/network.go

@@ -1,8 +1,6 @@
 package components
 
 import (
-	"fmt"
-
 	network_api "github.com/validator-labs/validator-plugin-network/api/v1alpha1"
 	vapi "github.com/validator-labs/validator/api/v1alpha1"
 
@@ -18,21 +16,16 @@ type NetworkConfig struct {
 
 // ConfigureNetworkPlugin configures the network plugin.
 func ConfigureNetworkPlugin(vc *ValidatorConfig, config NetworkConfig) {
-	// TODO: properly handle TLS, helm, and air-gap config
+	// TODO: prompt for chart version if !vc.UseFixedVersions
 	vc.NetworkPlugin = &NetworkPluginConfig{
 		Enabled: true,
 		Release: &vapi.HelmRelease{
 			Chart: vapi.HelmChart{
-				Name:                  cfg.ValidatorPluginNetwork,
-				Repository:            fmt.Sprintf("%s/%s", cfg.ValidatorHelmRepository, cfg.ValidatorPluginNetwork),
-				Version:               cfg.ValidatorChartVersions[cfg.ValidatorPluginNetwork],
-				InsecureSkipTLSVerify: true,
+				Name:       cfg.ValidatorPluginNetwork,
+				Repository: cfg.ValidatorPluginNetwork,
+				Version:    cfg.ValidatorChartVersions[cfg.ValidatorPluginNetwork],
 			},
 		},
-		ReleaseSecret: &Secret{
-			Name:      fmt.Sprintf("validator-helm-release-%s", cfg.ValidatorPluginNetwork),
-			BasicAuth: &BasicAuth{},
-		},
 		Validator: &network_api.NetworkValidatorSpec{
 			IPRangeRules: config.IPRangeRules,
 			TCPConnRules: config.TCPConnRules,

pkg/components/oci.go

@@ -17,21 +17,16 @@ type OciConfig struct {
 
 // ConfigureOciPlugin configures the OCI plugin.
 func ConfigureOciPlugin(vc *ValidatorConfig, config OciConfig) {
-	// TODO: properly handle TLS, helm, and air-gap config
+	// TODO: prompt for chart version if !vc.UseFixedVersions
 	vc.OCIPlugin = &OCIPluginConfig{
 		Enabled: true,
 		Release: &vapi.HelmRelease{
 			Chart: vapi.HelmChart{
-				Name:                  cfg.ValidatorPluginOci,
-				Repository:            fmt.Sprintf("%s/%s", cfg.ValidatorHelmRepository, cfg.ValidatorPluginOci),
-				Version:               cfg.ValidatorChartVersions[cfg.ValidatorPluginOci],
-				InsecureSkipTLSVerify: true,
+				Name:       cfg.ValidatorPluginOci,
+				Repository: cfg.ValidatorPluginOci,
+				Version:    cfg.ValidatorChartVersions[cfg.ValidatorPluginOci],
 			},
 		},
-		ReleaseSecret: &Secret{
-			Name:      fmt.Sprintf("validator-helm-release-%s", cfg.ValidatorPluginOci),
-			BasicAuth: &BasicAuth{},
-		},
 		Validator: &oci_api.OciValidatorSpec{
 			OciRegistryRules: generateOciRegistryRules(config.HostRefs),
 		},