Add ability to install HCP self-managed clusters (#1540)

* Add Ability to install an HCP self-managed cluster (#8)

* Add global.cloud to values.yaml

* Map global.cloud.secreeName to environment variables and hcl in command for server container.

* Adding cloud preset and validation for it.

* add parsing gnm response to struct.

* Added functionality and unit tests for SaveSecretsFromBootstrapConfig()

* Added functionality and unit tests for GetHelmConfigWithMapSecretNames

* Added functionality and unit tests for FetchAgentBootstrapConfig()

* Rename cloud_preset_installer to cloud_preset_helper

* hooked preset installer helper to install command.  have unit test that works like acceptance test.  passing.

* changing code to work with the certs that get generated from HCP.  affects setting -tls-server-name on get-auto-encrypt-client-ca, server-acl-init, and the acl-init init containers for clients.

* Adding CLI Output changes.

* Moving and consolidating cloud preset files

* Moved preset templates to implementations of a Preset interface

* removing upgrade tests

* change context.TODO() to context.Background()

* docstrings

* fixing description for preset flag to properly show the list ofvalid presets.

* Renaming coud_prset.go to cloud_set.go

* refactor out common logic from the local getPreset functions in install and uninstall commands.

* upgrade helm and k8s deps related to customize error.

* refactor to use hcp-sdk

* removing unused vars

* updated based on latest specs.

* Refactor usage of sdk client so that it properly picks up environment variables and starts oauth flow.

* Make proper use of the resourceid to supply the BootstrapParams.  Add the ability to pass in an http client to the install command and the CloudPreset so that TLS can be used with httptest mock server since tls is enforced for the oauth request in the hcp-sdk.

* updated to latest hcp-sdk-go-internal version

* include HCP_AUTH_URL and HCP_API_HOST in configuring server-statefulset

* Adding comment to server-statefulset and commenting out test

* update comment to correct hcp-go-sdk

* update bats test comments for -tls-server-name

* get rid of cli lint error

* removing manual test

* Apply suggestions from code review

Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>

* updating new secrets to not have quotes. using os.Unsetenv in tests

* adding global.cloud.enabled

* adding space in values.yaml

* Apply suggestions from code review

Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>

* fixing test in install_test.go to have cleaner simpler logic around expecting errors.

* update function comments in cloud_preset.go

* updated conditional logic on server-statefulset.yaml to also look for cloud secret name in addition to cloud enabled when setting the cloud stanza

* updated getDeepyCopyOfValidBootstrapConfig() to get DeepCopy....

* removing unused test logic

Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>
Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>

* Enable HashiCups to be installed via the consul-k8s CLI (#6)

* Add Ability to install an HCP self-managed cluster (#8)

* Add global.cloud to values.yaml

* Map global.cloud.secreeName to environment variables and hcl in command for server container.

* Adding cloud preset and validation for it.

* add parsing gnm response to struct.

* Added functionality and unit tests for SaveSecretsFromBootstrapConfig()

* Added functionality and unit tests for GetHelmConfigWithMapSecretNames

* Added functionality and unit tests for FetchAgentBootstrapConfig()

* Rename cloud_preset_installer to cloud_preset_helper

* hooked preset installer helper to install command.  have unit test that works like acceptance test.  passing.

* changing code to work with the certs that get generated from HCP.  affects setting -tls-server-name on get-auto-encrypt-client-ca, server-acl-init, and the acl-init init containers for clients.

* Adding CLI Output changes.

* Moving and consolidating cloud preset files

* Moved preset templates to implementations of a Preset interface

* removing upgrade tests

* change context.TODO() to context.Background()

* docstrings

* fixing description for preset flag to properly show the list ofvalid presets.

* Renaming coud_prset.go to cloud_set.go

* refactor out common logic from the local getPreset functions in install and uninstall commands.

* upgrade helm and k8s deps related to customize error.

* refactor to use hcp-sdk

* removing unused vars

* updated based on latest specs.

* Refactor usage of sdk client so that it properly picks up environment variables and starts oauth flow.

* Make proper use of the resourceid to supply the BootstrapParams.  Add the ability to pass in an http client to the install command and the CloudPreset so that TLS can be used with httptest mock server since tls is enforced for the oauth request in the hcp-sdk.

* updated to latest hcp-sdk-go-internal version

* include HCP_AUTH_URL and HCP_API_HOST in configuring server-statefulset

* Adding comment to server-statefulset and commenting out test

* update comment to correct hcp-go-sdk

* update bats test comments for -tls-server-name

* get rid of cli lint error

* removing manual test

* Apply suggestions from code review

Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>

* updating new secrets to not have quotes. using os.Unsetenv in tests

* adding global.cloud.enabled

* adding space in values.yaml

* Apply suggestions from code review

Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>

* fixing test in install_test.go to have cleaner simpler logic around expecting errors.

* update function comments in cloud_preset.go

* updated conditional logic on server-statefulset.yaml to also look for cloud secret name in addition to cloud enabled when setting the cloud stanza

* updated getDeepyCopyOfValidBootstrapConfig() to get DeepCopy....

* removing unused test logic

Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>
Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>

* Add global.cloud to values.yaml

* Map global.cloud.secreeName to environment variables and hcl in command for server container.

* Adding cloud preset and validation for it.

* add parsing gnm response to struct.

* Added functionality and unit tests for SaveSecretsFromBootstrapConfig()

* Added functionality and unit tests for GetHelmConfigWithMapSecretNames

* Added functionality and unit tests for FetchAgentBootstrapConfig()

* Rename cloud_preset_installer to cloud_preset_helper

* hooked preset installer helper to install command.  have unit test that works like acceptance test.  passing.

* changing code to work with the certs that get generated from HCP.  affects setting -tls-server-name on get-auto-encrypt-client-ca, server-acl-init, and the acl-init init containers for clients.

* Adding CLI Output changes.

* Moving and consolidating cloud preset files

* Moved preset templates to implementations of a Preset interface

* removing upgrade tests

* change context.TODO() to context.Background()

* docstrings

* fixing description for preset flag to properly show the list ofvalid presets.

* Renaming coud_prset.go to cloud_set.go

* refactor out common logic from the local getPreset functions in install and uninstall commands.

* upgrade helm and k8s deps related to customize error.

* refactor to use hcp-sdk

* removing unused vars

* updated based on latest specs.

* Refactor usage of sdk client so that it properly picks up environment variables and starts oauth flow.

* Make proper use of the resourceid to supply the BootstrapParams.  Add the ability to pass in an http client to the install command and the CloudPreset so that TLS can be used with httptest mock server since tls is enforced for the oauth request in the hcp-sdk.

* updated to latest hcp-sdk-go-internal version

* include HCP_AUTH_URL and HCP_API_HOST in configuring server-statefulset

* Adding comment to server-statefulset and commenting out test

* update comment to correct hcp-go-sdk

* update bats test comments for -tls-server-name

* get rid of cli lint error

* removing manual test

* Apply suggestions from code review

Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>

* updating new secrets to not have quotes. using os.Unsetenv in tests

* adding global.cloud.enabled

* adding space in values.yaml

* Apply suggestions from code review

Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>

* fixing test in install_test.go to have cleaner simpler logic around expecting errors.

* update function comments in cloud_preset.go

* updated conditional logic on server-statefulset.yaml to also look for cloud secret name in addition to cloud enabled when setting the cloud stanza

* updated getDeepyCopyOfValidBootstrapConfig() to get DeepCopy....

* removing unused test logic

* Adding upgrade functionality for cloud preset.

* remove manual upgrade test

* Embed hashicups demo helm chart and expose demo falg to install it.

* fixing rebase conflicts in install.go

* rename demo preset to quickstart preset

* adding missing quickstart.go file

* enable handling dry runof both consul and consul demo app.

* modify hashicups deployments so that theyhave the consul.hashicorp.com/connect-inject annotation set to true so that they are automatically opted into the service mesh

* making namespace dynamic in demo helm charts.

* name for demo helm chart to consul-demo

* basic uninstall working

* refactor install and uninstall to re-use functions and components.

* replace instance of Consul Demo with use of constant.

* using --namespace instead of -n on port forwad command.  capitalizing Accessing Consul Demo Applidation UI.

* removing remnant test

* correcting mergeconflict

* removing temporary test

* tests for install

* fix issue bypassing the correct release name for consul-demo

* use interface and mocks for helm actions and add tests.

* Adding tests for install and uninstall

* Add Ability to install an HCP self-managed cluster (#8)

* Add global.cloud to values.yaml

* Map global.cloud.secreeName to environment variables and hcl in command for server container.

* Adding cloud preset and validation for it.

* add parsing gnm response to struct.

* Added functionality and unit tests for SaveSecretsFromBootstrapConfig()

* Added functionality and unit tests for GetHelmConfigWithMapSecretNames

* Added functionality and unit tests for FetchAgentBootstrapConfig()

* Rename cloud_preset_installer to cloud_preset_helper

* hooked preset installer helper to install command.  have unit test that works like acceptance test.  passing.

* changing code to work with the certs that get generated from HCP.  affects setting -tls-server-name on get-auto-encrypt-client-ca, server-acl-init, and the acl-init init containers for clients.

* Adding CLI Output changes.

* Moving and consolidating cloud preset files

* Moved preset templates to implementations of a Preset interface

* removing upgrade tests

* change context.TODO() to context.Background()

* docstrings

* fixing description for preset flag to properly show the list ofvalid presets.

* Renaming coud_prset.go to cloud_set.go

* refactor out common logic from the local getPreset functions in install and uninstall commands.

* upgrade helm and k8s deps related to customize error.

* refactor to use hcp-sdk

* removing unused vars

* updated based on latest specs.

* Refactor usage of sdk client so that it properly picks up environment variables and starts oauth flow.

* Make proper use of the resourceid to supply the BootstrapParams.  Add the ability to pass in an http client to the install command and the CloudPreset so that TLS can be used with httptest mock server since tls is enforced for the oauth request in the hcp-sdk.

* updated to latest hcp-sdk-go-internal version

* include HCP_AUTH_URL and HCP_API_HOST in configuring server-statefulset

* Adding comment to server-statefulset and commenting out test

* update comment to correct hcp-go-sdk

* update bats test comments for -tls-server-name

* get rid of cli lint error

* removing manual test

* Apply suggestions from code review

Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>

* updating new secrets to not have quotes. using os.Unsetenv in tests

* adding global.cloud.enabled

* adding space in values.yaml

* Apply suggestions from code review

Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>

* fixing test in install_test.go to have cleaner simpler logic around expecting errors.

* update function comments in cloud_preset.go

* updated conditional logic on server-statefulset.yaml to also look for cloud secret name in addition to cloud enabled when setting the cloud stanza

* updated getDeepyCopyOfValidBootstrapConfig() to get DeepCopy....

* removing unused test logic

Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>
Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>

* CHANGELOG: formatting and missing links (#1467)

* release 0.48.0 (#1473)

* release 0.48.0
* update envoy version to 1.23.1

* put main back into dev (#1476)

* added notes hashicup helm docs

* CHANGELOG: formatting and missing links (#1467)

* release 0.48.0 (#1473)

* release 0.48.0
* update envoy version to 1.23.1

* put main back into dev (#1476)

Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>
Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
Co-authored-by: David Yu <dyu@hashicorp.com>

* remove duplicated flag registering (#11)

* Add hashicups to upgrade functionality (#9)

* Add Ability to install an HCP self-managed cluster (#8)

* Add global.cloud to values.yaml

* Map global.cloud.secreeName to environment variables and hcl in command for server container.

* Adding cloud preset and validation for it.

* add parsing gnm response to struct.

* Added functionality and unit tests for SaveSecretsFromBootstrapConfig()

* Added functionality and unit tests for GetHelmConfigWithMapSecretNames

* Added functionality and unit tests for FetchAgentBootstrapConfig()

* Rename cloud_preset_installer to cloud_preset_helper

* hooked preset installer helper to install command.  have unit test that works like acceptance test.  passing.

* changing code to work with the certs that get generated from HCP.  affects setting -tls-server-name on get-auto-encrypt-client-ca, server-acl-init, and the acl-init init containers for clients.

* Adding CLI Output changes.

* Moving and consolidating cloud preset files

* Moved preset templates to implementations of a Preset interface

* removing upgrade tests

* change context.TODO() to context.Background()

* docstrings

* fixing description for preset flag to properly show the list ofvalid presets.

* Renaming coud_prset.go to cloud_set.go

* refactor out common logic from the local getPreset functions in install and uninstall commands.

* upgrade helm and k8s deps related to customize error.

* refactor to use hcp-sdk

* removing unused vars

* updated based on latest specs.

* Refactor usage of sdk client so that it properly picks up environment variables and starts oauth flow.

* Make proper use of the resourceid to supply the BootstrapParams.  Add the ability to pass in an http client to the install command and the CloudPreset so that TLS can be used with httptest mock server since tls is enforced for the oauth request in the hcp-sdk.

* updated to latest hcp-sdk-go-internal version

* include HCP_AUTH_URL and HCP_API_HOST in configuring server-statefulset

* Adding comment to server-statefulset and commenting out test

* update comment to correct hcp-go-sdk

* update bats test comments for -tls-server-name

* get rid of cli lint error

* removing manual test

* Apply suggestions from code review

Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>

* updating new secrets to not have quotes. using os.Unsetenv in tests

* adding global.cloud.enabled

* adding space in values.yaml

* Apply suggestions from code review

Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>

* fixing test in install_test.go to have cleaner simpler logic around expecting errors.

* update function comments in cloud_preset.go

* updated conditional logic on server-statefulset.yaml to also look for cloud secret name in addition to cloud enabled when setting the cloud stanza

* updated getDeepyCopyOfValidBootstrapConfig() to get DeepCopy....

* removing unused test logic

Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>
Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>

* CHANGELOG: formatting and missing links (#1467)

* Omit non-IP defined endpoints from clusters (#1452)

* Omit non-IP defined endpoints from clusters

* Improve perf with regex

* Use ParseIP instead of RegEx

* Add test for parseClusters

* Update the reference to cni package to the current on main. (#1472)

* update Kubernetes versions throughout CI (#1460)

* update Kube versions throughout CI so nightlies run against supported versions of Kubernetes.

* release 0.48.0 (#1473)

* release 0.48.0
* update envoy version to 1.23.1

* put main back into dev (#1476)

* Add Ability to install an HCP self-managed cluster (#8)

* Add global.cloud to values.yaml

* Map global.cloud.secreeName to environment variables and hcl in command for server container.

* Adding cloud preset and validation for it.

* add parsing gnm response to struct.

* Added functionality and unit tests for SaveSecretsFromBootstrapConfig()

* Added functionality and unit tests for GetHelmConfigWithMapSecretNames

* Added functionality and unit tests for FetchAgentBootstrapConfig()

* Rename cloud_preset_installer to cloud_preset_helper

* hooked preset installer helper to install command.  have unit test that works like acceptance test.  passing.

* changing code to work with the certs that get generated from HCP.  affects setting -tls-server-name on get-auto-encrypt-client-ca, server-acl-init, and the acl-init init containers for clients.

* Adding CLI Output changes.

* Moving and consolidating cloud preset files

* Moved preset templates to implementations of a Preset interface

* removing upgrade tests

* change context.TODO() to context.Background()

* docstrings

* fixing description for preset flag to properly show the list ofvalid presets.

* Renaming coud_prset.go to cloud_set.go

* refactor out common logic from the local getPreset functions in install and uninstall commands.

* upgrade helm and k8s deps related to customize error.

* refactor to use hcp-sdk

* removing unused vars

* updated based on latest specs.

* Refactor usage of sdk client so that it properly picks up environment variables and starts oauth flow.

* Make proper use of the resourceid to supply the BootstrapParams.  Add the ability to pass in an http client to the install command and the CloudPreset so that TLS can be used with httptest mock server since tls is enforced for the oauth request in the hcp-sdk.

* updated to latest hcp-sdk-go-internal version

* include HCP_AUTH_URL and HCP_API_HOST in configuring server-statefulset

* Adding comment to server-statefulset and commenting out test

* update comment to correct hcp-go-sdk

* update bats test comments for -tls-server-name

* get rid of cli lint error

* removing manual test

* Apply suggestions from code review

Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>

* updating new secrets to not have quotes. using os.Unsetenv in tests

* adding global.cloud.enabled

* adding space in values.yaml

* Apply suggestions from code review

Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>

* fixing test in install_test.go to have cleaner simpler logic around expecting errors.

* update function comments in cloud_preset.go

* updated conditional logic on server-statefulset.yaml to also look for cloud secret name in addition to cloud enabled when setting the cloud stanza

* updated getDeepyCopyOfValidBootstrapConfig() to get DeepCopy....

* removing unused test logic

Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>
Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>

* Add global.cloud to values.yaml

* Map global.cloud.secreeName to environment variables and hcl in command for server container.

* Adding cloud preset and validation for it.

* add parsing gnm response to struct.

* Added functionality and unit tests for SaveSecretsFromBootstrapConfig()

* Added functionality and unit tests for GetHelmConfigWithMapSecretNames

* Added functionality and unit tests for FetchAgentBootstrapConfig()

* Rename cloud_preset_installer to cloud_preset_helper

* hooked preset installer helper to install command.  have unit test that works like acceptance test.  passing.

* changing code to work with the certs that get generated from HCP.  affects setting -tls-server-name on get-auto-encrypt-client-ca, server-acl-init, and the acl-init init containers for clients.

* Adding CLI Output changes.

* Moving and consolidating cloud preset files

* Moved preset templates to implementations of a Preset interface

* removing upgrade tests

* change context.TODO() to context.Background()

* docstrings

* fixing description for preset flag to properly show the list ofvalid presets.

* Renaming coud_prset.go to cloud_set.go

* refactor out common logic from the local getPreset functions in install and uninstall commands.

* upgrade helm and k8s deps related to customize error.

* refactor to use hcp-sdk

* removing unused vars

* updated based on latest specs.

* Refactor usage of sdk client so that it properly picks up environment variables and starts oauth flow.

* Make proper use of the resourceid to supply the BootstrapParams.  Add the ability to pass in an http client to the install command and the CloudPreset so that TLS can be used with httptest mock server since tls is enforced for the oauth request in the hcp-sdk.

* updated to latest hcp-sdk-go-internal version

* include HCP_AUTH_URL and HCP_API_HOST in configuring server-statefulset

* Adding comment to server-statefulset and commenting out test

* update comment to correct hcp-go-sdk

* update bats test comments for -tls-server-name

* get rid of cli lint error

* removing manual test

* Apply suggestions from code review

Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>

* updating new secrets to not have quotes. using os.Unsetenv in tests

* adding global.cloud.enabled

* adding space in values.yaml

* Apply suggestions from code review

Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>

* fixing test in install_test.go to have cleaner simpler logic around expecting errors.

* update function comments in cloud_preset.go

* updated conditional logic on server-statefulset.yaml to also look for cloud secret name in addition to cloud enabled when setting the cloud stanza

* updated getDeepyCopyOfValidBootstrapConfig() to get DeepCopy....

* removing unused test logic

* Adding upgrade functionality for cloud preset.

* remove manual upgrade test

* Embed hashicups demo helm chart and expose demo falg to install it.

* fixing rebase conflicts in install.go

* rename demo preset to quickstart preset

* adding missing quickstart.go file

* enable handling dry runof both consul and consul demo app.

* modify hashicups deployments so that theyhave the consul.hashicorp.com/connect-inject annotation set to true so that they are automatically opted into the service mesh

* making namespace dynamic in demo helm charts.

* name for demo helm chart to consul-demo

* basic uninstall working

* refactor install and uninstall to re-use functions and components.

* replace instance of Consul Demo with use of constant.

* using --namespace instead of -n on port forwad command.  capitalizing Accessing Consul Demo Applidation UI.

* removing remnant test

* correcting mergeconflict

* removing temporary test

* tests for install

* fix issue bypassing the correct release name for consul-demo

* use interface and mocks for helm actions and add tests.

* Adding tests for install and uninstall

* fixing rebasing loss of paren

* added notes hashicup helm docs

* Add tests for upgrade command

* got basic upgrade tests passing needs refactoring

* logic works with lots of duplications that need to be refactored.

* updating install and uninstall test with mock assertions.

* test terminal output.  refactor tests into sub tests

* refactored uninstall tests in sub tests

* added tests for install errors

* adding error tests to uninstall

* adding error tests to upgrade

* making header output consistent across install, upgrade, and uninstall

* moving functionality to release.go so that install and upgrade commands can both install demo app if needed.

* adding docstrings to structs and functions.

* add docstring to InstallHelmReleaseOptions.

* Adding tests for helm install and helm upgrade.

* adding test for successful consul upgrade but failed demo upgrade.

* adding helm install error tests.

* adding helm upgrade error tests.

* fixing linting error

* Add Ability to install an HCP self-managed cluster (#8)

* Add global.cloud to values.yaml

* Map global.cloud.secreeName to environment variables and hcl in command for server container.

* Adding cloud preset and validation for it.

* add parsing gnm response to struct.

* Added functionality and unit tests for SaveSecretsFromBootstrapConfig()

* Added functionality and unit tests for GetHelmConfigWithMapSecretNames

* Added functionality and unit tests for FetchAgentBootstrapConfig()

* Rename cloud_preset_installer to cloud_preset_helper

* hooked preset installer helper to install command.  have unit test that works like acceptance test.  passing.

* changing code to work with the certs that get generated from HCP.  affects setting -tls-server-name on get-auto-encrypt-client-ca, server-acl-init, and the acl-init init containers for clients.

* Adding CLI Output changes.

* Moving and consolidating cloud preset files

* Moved preset templates to implementations of a Preset interface

* removing upgrade tests

* change context.TODO() to context.Background()

* docstrings

* fixing description for preset flag to properly show the list ofvalid presets.

* Renaming coud_prset.go to cloud_set.go

* refactor out common logic from the local getPreset functions in install and uninstall commands.

* upgrade helm and k8s deps related to customize error.

* refactor to use hcp-sdk

* removing unused vars

* updated based on latest specs.

* Refactor usage of sdk client so that it properly picks up environment variables and starts oauth flow.

* Make proper use of the resourceid to supply the BootstrapParams.  Add the ability to pass in an http client to the install command and the CloudPreset so that TLS can be used with httptest mock server since tls is enforced for the oauth request in the hcp-sdk.

* updated to latest hcp-sdk-go-internal version

* include HCP_AUTH_URL and HCP_API_HOST in configuring server-statefulset

* Adding comment to server-statefulset and commenting out test

* update comment to correct hcp-go-sdk

* update bats test comments for -tls-server-name

* get rid of cli lint error

* removing manual test

* Apply suggestions from code review

Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>

* updating new secrets to not have quotes. using os.Unsetenv in tests

* adding global.cloud.enabled

* adding space in values.yaml

* Apply suggestions from code review

Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>

* fixing test in install_test.go to have cleaner simpler logic around expecting errors.

* update function comments in cloud_preset.go

* updated conditional logic on server-statefulset.yaml to also look for cloud secret name in addition to cloud enabled when setting the cloud stanza

* updated getDeepyCopyOfValidBootstrapConfig() to get DeepCopy....

* removing unused test logic

Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>
Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>

* Add global.cloud to values.yaml

* Map global.cloud.secreeName to environment variables and hcl in command for server container.

* Adding cloud preset and validation for it.

* add parsing gnm response to struct.

* Added functionality and unit tests for SaveSecretsFromBootstrapConfig()

* Added functionality and unit tests for GetHelmConfigWithMapSecretNames

* Added functionality and unit tests for FetchAgentBootstrapConfig()

* Rename cloud_preset_installer to cloud_preset_helper

* hooked preset installer helper to install command.  have unit test that works like acceptance test.  passing.

* changing code to work with the certs that get generated from HCP.  affects setting -tls-server-name on get-auto-encrypt-client-ca, server-acl-init, and the acl-init init containers for clients.

* Adding CLI Output changes.

* Moving and consolidating cloud preset files

* Moved preset templates to implementations of a Preset interface

* removing upgrade tests

* change context.TODO() to context.Background()

* docstrings

* fixing description for preset flag to properly show the list ofvalid presets.

* Renaming coud_prset.go to cloud_set.go

* refactor out common logic from the local getPreset functions in install and uninstall commands.

* upgrade helm and k8s deps related to customize error.

* refactor to use hcp-sdk

* removing unused vars

* updated based on latest specs.

* Refactor usage of sdk client so that it properly picks up environment variables and starts oauth flow.

* Make proper use of the resourceid to supply the BootstrapParams.  Add the ability to pass in an http client to the install command and the CloudPreset so that TLS can be used with httptest mock server since tls is enforced for the oauth request in the hcp-sdk.

* updated to latest hcp-sdk-go-internal version

* include HCP_AUTH_URL and HCP_API_HOST in configuring server-statefulset

* Adding comment to server-statefulset and commenting out test

* update comment to correct hcp-go-sdk

* update bats test comments for -tls-server-name

* get rid of cli lint error

* removing manual test

* Apply suggestions from code review

Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>

* updating new secrets to not have quotes. using os.Unsetenv in tests

* adding global.cloud.enabled

* adding space in values.yaml

* Apply suggestions from code review

Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>

* fixing test in install_test.go to have cleaner simpler logic around expecting errors.

* update function comments in cloud_preset.go

* updated conditional logic on server-statefulset.yaml to also look for cloud secret name in addition to cloud enabled when setting the cloud stanza

* updated getDeepyCopyOfValidBootstrapConfig() to get DeepCopy....

* removing unused test logic

* Adding upgrade functionality for cloud preset.

* remove manual upgrade test

* Embed hashicups demo helm chart and expose demo falg to install it.

* fixing rebase conflicts in install.go

* rename demo preset to quickstart preset

* adding missing quickstart.go file

* enable handling dry runof both consul and consul demo app.

* modify hashicups deployments so that theyhave the consul.hashicorp.com/connect-inject annotation set to true so that they are automatically opted into the service mesh

* making namespace dynamic in demo helm charts.

* name for demo helm chart to consul-demo

* basic uninstall working

* refactor install and uninstall to re-use functions and components.

* replace instance of Consul Demo with use of constant.

* using --namespace instead of -n on port forwad command.  capitalizing Accessing Consul Demo Applidation UI.

* removing remnant test

* correcting mergeconflict

* removing temporary test

* tests for install

* fix issue bypassing the correct release name for consul-demo

* use interface and mocks for helm actions and add tests.

* Adding tests for install and uninstall

* Add Ability to install an HCP self-managed cluster (#8)

* Add global.cloud to values.yaml

* Map global.cloud.secreeName to environment variables and hcl in command for server container.

* Adding cloud preset and validation for it.

* add parsing gnm response to struct.

* Added functionality and unit tests for SaveSecretsFromBootstrapConfig()

* Added functionality and unit tests for GetHelmConfigWithMapSecretNames

* Added functionality and unit tests for FetchAgentBootstrapConfig()

* Rename cloud_preset_installer to cloud_preset_helper

* hooked preset installer helper to install command.  have unit test that works like acceptance test.  passing.

* changing code to work with the certs that get generated from HCP.  affects setting -tls-server-name on get-auto-encrypt-client-ca, server-acl-init, and the acl-init init containers for clients.

* Adding CLI Output changes.

* Moving and consolidating cloud preset files

* Moved preset templates to implementations of a Preset interface

* removing upgrade tests

* change context.TODO() to context.Background()

* docstrings

* fixing description for preset flag to properly show the list ofvalid presets.

* Renaming coud_prset.go to cloud_set.go

* refactor out common logic from the local getPreset functions in install and uninstall commands.

* upgrade helm and k8s deps related to customize error.

* refactor to use hcp-sdk

* removing unused vars

* updated based on latest specs.

* Refactor usage of sdk client so that it properly picks up environment variables and starts oauth flow.

* Make proper use of the resourceid to supply the BootstrapParams.  Add the ability to pass in an http client to the install command and the CloudPreset so that TLS can be used with httptest mock server since tls is enforced for the oauth request in the hcp-sdk.

* updated to latest hcp-sdk-go-internal version

* include HCP_AUTH_URL and HCP_API_HOST in configuring server-statefulset

* Adding comment to server-statefulset and commenting out test

* update comment to correct hcp-go-sdk

* update bats test comments for -tls-server-name

* get rid of cli lint error

* removing manual test

* Apply suggestions from code review

Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>

* updating new secrets to not have quotes. using os.Unsetenv in tests

* adding global.cloud.enabled

* adding space in values.yaml

* Apply suggestions from code review

Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>

* fixing test in install_test.go to have cleaner simpler logic around expecting errors.

* update function comments in cloud_preset.go

* updated conditional logic on server-statefulset.yaml to also look for cloud secret name in addition to cloud enabled when setting the cloud stanza

* updated getDeepyCopyOfValidBootstrapConfig() to get DeepCopy....

* removing unused test logic

Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>
Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>

* CHANGELOG: formatting and missing links (#1467)

* release 0.48.0 (#1473)

* release 0.48.0
* update envoy version to 1.23.1

* put main back into dev (#1476)

* added notes hashicup helm docs

* fixing failing test

* Apply suggestions from code review

Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>

* Add Ability to install an HCP self-managed cluster (#8)

* Add global.cloud to values.yaml

* Map global.cloud.secreeName to environment variables and hcl in command for server container.

* Adding cloud preset and validation for it.

* add parsing gnm response to struct.

* Added functionality and unit tests for SaveSecretsFromBootstrapConfig()

* Added functionality and unit tests for GetHelmConfigWithMapSecretNames

* Added functionality and unit tests for FetchAgentBootstrapConfig()

* Rename cloud_preset_installer to cloud_preset_helper

* hooked preset installer helper to install command.  have unit test that works like acceptance test.  passing.

* changing code to work with the certs that get generated from HCP.  affects setting -tls-server-name on get-auto-encrypt-client-ca, server-acl-init, and the acl-init init containers for clients.

* Adding CLI Output changes.

* Moving and consolidating cloud preset files

* Moved preset templates to implementations of a Preset interface

* removing upgrade tests

* change context.TODO() to context.Background()

* docstrings

* fixing description for preset flag to properly show the list ofvalid presets.

* Renaming coud_prset.go to cloud_set.go

* refactor out common logic from the local getPreset functions in install and uninstall commands.

* upgrade helm and k8s deps related to customize error.

* refactor to use hcp-sdk

* removing unused vars

* updated based on latest specs.

* Refactor usage of sdk client so that it properly picks up environment variables and starts oauth flow.

* Make proper use of the resourceid to supply the BootstrapParams.  Add the ability to pass in an http client to the install command and the CloudPreset so that TLS can be used with httptest mock server since tls is enforced for the oauth request in the hcp-sdk.

* updated to latest hcp-sdk-go-internal version

* include HCP_AUTH_URL and HCP_API_HOST in configuring server-statefulset

* Adding comment to server-statefulset and commenting out test

* update comment to correct hcp-go-sdk

* update bats test comments for -tls-server-name

* get rid of cli lint error

* removing manual test

* Apply suggestions from code review

Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>

* updating new secrets to not have quotes. using os.Unsetenv in tests

* adding global.cloud.enabled

* adding space in values.yaml

* Apply suggestions from code review

Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>

* fixing test in install_test.go to have cleaner simpler logic around expecting errors.

* update function comments in cloud_preset.go

* updated conditional logic on server-statefulset.yaml to also look for cloud secret name in addition to cloud enabled when setting the cloud stanza

* updated getDeepyCopyOfValidBootstrapConfig() to get DeepCopy....

* removing unused test logic

Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>
Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>

* Add Ability to install an HCP self-managed cluster (#8)

* Add global.cloud to values.yaml

* Map global.cloud.secreeName to environment variables and hcl in command for server container.

* Adding cloud preset and validation for it.

* add parsing gnm response to struct.

* Added functionality and unit tests for SaveSecretsFromBootstrapConfig()

* Added functionality and unit tests for GetHelmConfigWithMapSecretNames

* Added functionality and unit tests for FetchAgentBootstrapConfig()

* Rename cloud_preset_installer to cloud_preset_helper

* hooked preset installer helper to install command.  have unit test that works like acceptance test.  passing.

* changing code to work with the certs that get generated from HCP.  affects setting -tls-server-name on get-auto-encrypt-client-ca, server-acl-init, and the acl-init init containers for clients.

* Adding CLI Output changes.

* Moving and consolidating cloud preset files

* Moved preset templates to implementations of a Preset interface

* removing upgrade tests

* change context.TODO() to context.Background()

* docstrings

* fixing description for preset flag to properly show the list ofvalid presets.

* Renaming coud_prset.go to cloud_set.go

* refactor out common logic from the local getPreset functions in install and uninstall commands.

* upgrade helm and k8s deps related to customize error.

* refactor to use hcp-sdk

* removing unused vars

* updated based on latest specs.

* Refactor usage of sdk client so that it properly picks up environment variables and starts oauth flow.

* Make proper use of the resourceid to supply the BootstrapParams.  Add the ability to pass in an http client to the install command and the CloudPreset so that TLS can be used with httptest mock server since tls is enforced for the oauth request in the hcp-sdk.

* updated to latest hcp-sdk-go-internal version

* include HCP_AUTH_URL and HCP_API_HOST in configuring server-statefulset

* Adding comment to server-statefulset and commenting out test

* update comment to correct hcp-go-sdk

* update bats test comments for -tls-server-name

* get rid of cli lint error

* removing manual test

* Apply suggestions from code review

Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>

* updating new secrets to not have quotes. using os.Unsetenv in tests

* adding global.cloud.enabled

* adding space in values.yaml

* Apply suggestions from code review

Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>

* fixing test in install_test.go to have cleaner simpler logic around expecting errors.

* update function comments in cloud_preset.go

* updated conditional logic on server-statefulset.yaml to also look for cloud secret name in addition to cloud enabled when setting the cloud stanza

* updated getDeepyCopyOfValidBootstrapConfig() to get DeepCopy....

* removing unused test logic

Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>
Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>

* Add global.cloud to values.yaml

* Map global.cloud.secreeName to environment variables and hcl in command for server container.

* Adding cloud preset and validation for it.

* add parsing gnm response to struct.

* Added functionality and unit tests for SaveSecretsFromBootstrapConfig()

* Added functionality and unit tests for GetHelmConfigWithMapSecretNames

* Added functionality and unit tests for FetchAgentBootstrapConfig()

* Rename cloud_preset_installer to cloud_preset_helper

* hooked preset installer helper to install command.  have unit test that works like acceptance test.  passing.

* changing code to work with the certs that get generated from HCP.  affects setting -tls-server-name on get-auto-encrypt-client-ca, server-acl-init, and the acl-init init containers for clients.

* Adding CLI Output changes.

* Moving and consolidating cloud preset files

* Moved preset templates to implementations of a Preset interface

* removing upgrade tests

* change context.TODO() to context.Background()

* docstrings

* fixing description for preset flag to properly show the list ofvalid presets.

* Renaming coud_prset.go to cloud_set.go

* refactor out common logic from the local getPreset functions in install and uninstall commands.

* upgrade helm and k8s deps related to customize error.

* refactor to use hcp-sdk

* removing unused vars

* updated based on latest specs.

* Refactor usage of sdk client so that it properly picks up environment variables and starts oauth flow.

* Make proper use of the resourceid to supply the BootstrapParams.  Add the ability to pass in an http client to the install command and the CloudPreset so that TLS can be used with httptest mock server since tls is enforced for the oauth request in the hcp-sdk.

* updated to latest hcp-sdk-go-internal version

* include HCP_AUTH_URL and HCP_API_HOST in configuring server-statefulset

* Adding comment to server-statefulset and commenting out test

* update comment to correct hcp-go-sdk

* update bats test comments for -tls-server-name

* get rid of cli lint error

* removing manual test

* Apply suggestions from code review

Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>

* updating new secrets to not have quotes. using os.Unsetenv in tests

* adding global.cloud.enabled

* adding space in values.yaml

* Apply suggestions from code review

Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>

* fixing test in install_test.go to have cleaner simpler logic around expecting errors.

* update function comments in cloud_preset.go

* updated conditional logic on server-statefulset.yaml to also look for cloud secret name in addition to cloud enabled when setting the cloud stanza

* updated getDeepyCopyOfValidBootstrapConfig() to get DeepCopy....

* removing unused test logic

* Adding upgrade functionality for cloud preset.

* remove manual upgrade test

* Embed hashicups demo helm chart and expose demo falg to install it.

* fixing rebase conflicts in install.go

* rename demo preset to quickstart preset

* adding missing quickstart.go file

* enable handling dry runof both consul and consul demo app.

* modify hashicups deployments so that theyhave the consul.hashicorp.com/connect-inject annotation set to true so that they are automatically opted into the service mesh

* making namespace dynamic in demo helm charts.

* name for demo helm chart to consul-demo

* basic uninstall working

* refactor install and uninstall to re-use functions and components.

* replace instance of Consul Demo with use of constant.

* using --namespace instead of -n on port forwad command.  capitalizing Accessing Consul Demo Applidation UI.

* removing remnant test

* correcting mergeconflict

* removing temporary test

* tests for install

* fix issue bypassing the correct release name for consul-demo

* use interface and mocks for helm actions and add tests.

* Adding tests for install and uninstall

* Add Ability to install an HCP self-managed cluster (#8)

* Add global.cloud to values.yaml

* Map global.cloud.secreeName to environment variables and hcl in command for server container.

* Adding cloud preset and validation for it.

* add parsing gnm response to struct.

* Added functionality and unit tests for SaveSecretsFromBootstrapConfig()

* Added functionality and unit tests for GetHelmConfigWithMapSecretNames

* Added functionality and unit tests for FetchAgentBootstrapConfig()

* Rename cloud_preset_installer to cloud_preset_helper

* hooked preset installer helper to install command.  have unit test that works like acceptance test.  passing.

* changing code to work with the certs that get generated from HCP.  affects setting -tls-server-name on get-auto-encrypt-client-ca, server-acl-init, and the acl-init init containers for clients.

* Adding CLI Output changes.

* Moving and consolidating cloud preset files

* Moved preset templates to implementations of a Preset interface

* removing upgrade tests

* change context.TODO() to context.Background()

* docstrings

* fixing description for preset flag to properly show the list ofvalid presets.

* Renaming coud_prset.go to cloud_set.go

* refactor out common logic from the local getPreset functions in install and uninstall commands.

* upgrade helm and k8s deps related to customize error.

* refactor to use hcp-sdk

* removing unused vars

* updated based on latest specs.

* Refactor usage of sdk client so that it properly picks up environment variables and starts oauth flow.

* Make proper use of the resourceid to supply the BootstrapParams.  Add the ability to pass in an http client to the install command and the CloudPreset so that TLS can be used with httptest mock server since tls is enforced for the oauth request in the hcp-sdk.

* updated to latest hcp-sdk-go-internal version

* include HCP_AUTH_URL and HCP_API_HOST in configuring server-statefulset

* Adding comment to server-statefulset and commenting out test

* update comment to correct hcp-go-sdk

* update bats test comments for -tls-server-name

* get rid of cli lint error

* removing manual test

* Apply suggestions from code review

Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>

* updating new secrets to not have quotes. using os.Unsetenv in tests

* adding global.cloud.enabled

* adding space in values.yaml

* Apply suggestions from code review

Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>

* fixing test in install_test.go to have cleaner simpler logic around expecting errors.

* update function comments in cloud_preset.go

* updated conditional logic on server-statefulset.yaml to also look for cloud secret name in addition to cloud enabled when setting the cloud stanza

* updated getDeepyCopyOfValidBootstrapConfig() to get DeepCopy....

* removing unused test logic

Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>
Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>

* CHANGELOG: formatting and missing links (#1467)

* release 0.48.0 (#1473)

* release 0.48.0
* update envoy version to 1.23.1

* put main back into dev (#1476)

* added notes hashicup helm docs

* CHANGELOG: formatting and missing links (#1467)

* release 0.48.0 (#1473)

* release 0.48.0
* update envoy version to 1.23.1

* put main back into dev (#1476)

* changing InstallHelmReleaseOptions to InstallHelmReleaseOptions

* Enable HashiCups to be installed via the consul-k8s CLI (#6)

* Add Ability to install an HCP self-managed cluster (#8)

* Add global.cloud to values.yaml

* Map global.cloud.secreeName to environment variables and hcl in command for server container.

* Adding cloud preset and validation for it.

* add parsing gnm response to struct.

* Added functionality and unit tests for SaveSecretsFromBootstrapConfig()

* Added functionality and unit tests for GetHelmConfigWithMapSecretNames

* Added functionality and unit tests for FetchAgentBootstrapConfig()

* Rename cloud_preset_installer to cloud_preset_helper

* hooked preset installer helper to install command.  have unit test that works like acceptance test.  passing.

* changing code to work with the certs that get generated from HCP.  affects setting -tls-server-name on get-auto-encrypt-client-ca, server-acl-init, and the acl-init init containers for clients.

* Adding CLI Output changes.

* Moving and consolidating cloud preset files

* Moved preset templates to implementations of a Preset interface

* removing upgrade tests

* change context.TODO() to context.Background()

* docstrings

* fixing description for preset flag to properly show the list ofvalid presets.

* Renaming coud_prset.go to cloud_set.go

* refactor out common logic from the local getPreset functions in install and uninstall commands.

* upgrade helm and k8s deps related to customize error.

* refactor to use hcp-sdk

* removing unused vars

* updated based on latest specs.

* Refactor usage of sdk client so that it properly picks up environment variables and starts oauth flow.

* Make proper use of the resourceid to supply the BootstrapParams.  Add the ability to pass in an http client to the install command and the CloudPreset so that TLS can be used with httptest mock server since tls is enforced for the oauth request in the hcp-sdk.

* updated to latest hcp-sdk-go-internal version

* include HCP_AUTH_URL and HCP_API_HOST in configuring server-statefulset

* Adding comment to server-statefulset and commenting out test

* update comment to correct hcp-go-sdk

* update bats test comments for -tls-server-name

* get rid of cli lint error

* removing manual test

* Apply suggestions from code review

Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>

* updating new secrets to not have quotes. using os.Unsetenv in tests

* adding global.cloud.enabled

* adding space in values.yaml

* Apply suggestions from code review

Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>

* fixing test in install_test.go to have cleaner simpler logic around expecting errors.

* update function comments in cloud_preset.go

* updated conditional logic on server-statefulset.yaml to also look for cloud secret name in addition to cloud enabled when setting the cloud stanza

* updated getDeepyCopyOfValidBootstrapConfig() to get DeepCopy....

* removing unused test logic

Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>
Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>

* Add global.cloud to values.yaml

* Map global.cloud.secreeName to environment variables and hcl in command for server container.

* Adding cloud preset and validation for it.

* add parsing gnm response to struct.

* Added functionality and unit tests for SaveSecretsFromBootstrapConfig()

* Added functionality and unit tests for GetHelmConfigWithMapSecretNames

* Added functionality and unit tests for FetchAgentBootstrapConfig()

* Rename cloud_preset_installer to cloud_preset_helper

* hooked preset installer helper to install command.  have unit test that works like acceptance test.  passing.

* changing code to work with the certs that get generated from HCP.  affects setting -tls-server-name on get-auto-encrypt-client-ca, server-acl-init, and the acl-init init containers for clients.

* Adding CLI Output changes.

* Moving and consolidating cloud preset files

* Moved preset templates to implementations of a Preset interface

* removing upgrade tests

* change context.TODO() to context.Background()

* docstrings

* fixing description for preset flag to properly show the list ofvalid presets.

* Renaming coud_prset.go to cloud_set.go

* refactor out common logic from the local getPreset functions in install and uninstall commands.

* upgrade helm and k8s deps related to customize error.

* refactor to use hcp-sdk

* removing unused vars

* updated based on latest specs.

* Refactor usage of sdk client so that it properly picks up environment variables and starts oauth flow.

* Make proper use of the resourceid to supply the BootstrapParams.  Add the ability to pass in an http client to the install command and the CloudPreset so that TLS can be used with httptest mock server since tls is enforced for the oauth request in the hcp-sdk.

* updated to latest hcp-sdk-go-internal version

* include HCP_AUTH_URL and HCP_API_HOST in configuring server-statefulset

* Adding comment to server-statefulset and commenting out test

* update comment to correct hcp-go-sdk

* update bats test comments for -tls-server-name

* get rid of cli lint error

* removing manual test

* Apply suggestions from code review

Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>

* updating new secrets to not have quotes. using os.Unsetenv in tests

* adding global.cloud.enabled

* adding space in values.yaml

* Apply suggestions from code review

Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>

* fixing test in install_test.go to have cleaner simpler logic around expecting errors.

* update function comments in cloud_preset.go

* updated conditional logic on server-statefulset.yaml to also look for cloud secret name in addition to cloud enabled when setting the cloud stanza

* updated getDeepyCopyOfValidBootstrapConfig() to get DeepCopy....

* removing unused test logic

* Adding upgrade functionality for cloud preset.

* remove manual upgrade test

* Embed hashicups demo helm chart and expose demo falg to install it.

* fixing rebase conflicts in install.go

* rename demo preset to quickstart preset

* adding missing quickstart.go file

* enable handling dry runof both consul and consul demo app.

* modify hashicups deployments so that theyhave the consul.hashicorp.com/connect-inject annotation set to true so that they are automatically opted into the service mesh

* making namespace dynamic in demo helm charts.

* name for demo helm chart to consul-demo

* basic uninstall working

* refactor install and uninstall to re-use functions and components.

* replace instance of Consul Demo with use of constant.

* using --namespace instead of -n on port forwad command.  capitalizing Accessing Consul Demo Applidation UI.

* removing remnant test

* correcting mergeconflict

* removing temporary test

* tests for install

* fix issue bypassing the correct release name for consul-demo

* use interface and mocks for helm actions and add tests.

* Adding tests for install and uninstall

* Add Ability to install an HCP self-managed cluster (#8)

* Add global.cloud to values.yaml

* Map global.cloud.secreeName to environment variables and hcl in command for server container.

* Adding cloud preset and validation for it.

* add parsing gnm response to struct.

* Added functionality and unit tests for SaveSecretsFromBootstrapConfig()

* Added functionality and unit tests for GetHelmConfigWithMapSecretNames

* Added functionality and unit tests for FetchAgentBootstrapConfig()

* Rename cloud_preset_installer to cloud_preset_helper

* hooked preset installer helper to install command.  have unit test that works like acceptance test.  passing.

* changing code to work with the certs that get generated from HCP.  affects setting -tls-server-name on get-auto-encrypt-client-ca, server-acl-init, and the acl-init init containers for clients.

* Adding CLI Output changes.

* Moving and consolidating cloud preset files

* Moved preset templates to implementations of a Preset interface

* removing upgrade tests

* change context.TODO() to context.Background()

* docstrings

* fixing description for preset flag to properly show the list ofvalid presets.

* Renaming coud_prset.go to cloud_set.go

* refactor out common logic from the local getPreset functions in install and uninstall commands.

* upgrade helm and k8s deps related to customize error.

* refactor to use hcp-sdk

* removing unused vars

* updated based on latest specs.

* Refactor usage of sdk client so that it properly picks up environment variables and starts oauth flow.

* Make proper use of the resourceid to supply the BootstrapParams.  Add the ability to pass in an http client to the install command and the CloudPreset so that TLS can be used with httptest mock server since tls is enforced for the oauth request in the hcp-sdk.

* updated to latest hcp-sdk-go-internal version

* include HCP_AUTH_URL and HCP_API_HOST in configuring server-statefulset

* Adding comment to server-statefulset and commenting out test

* update comment to correct hcp-go-sdk

* update bats test comments for -tls-server-name

* get rid of cli lint error

* removing manual test

* Apply suggestions from code review

Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>

* updating new secrets to not have quotes. using os.Unsetenv in tests

* adding global.cloud.enabled

* adding space in values.yaml

* Apply suggestions from code review

Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>

* fixing test in install_test.go to have cleaner simpler logic around expecting errors.

* update function comments in cloud_preset.go

* updated conditional logic on server-statefulset.yaml to also look for cloud secret name in addition to cloud enabled when setting the cloud stanza

* updated getDeepyCopyOfValidBootstrapConfig() to get DeepCopy....

* removing unused test logic

Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>
Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>

* CHANGELOG: formatting and missing links (#1467)

* release 0.48.0 (#1473)

* release 0.48.0
* update envoy version to 1.23.1

* put main back into dev (#1476)

* added notes hashicup helm docs

* CHANGELOG: formatting and missing links (#1467)

* release 0.48.0 (#1473)

* release 0.48.0
* update envoy version to 1.23.1

* put main back into dev (#1476)

Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>
Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
Co-authored-by: David Yu <dyu@hashicorp.com>

* fixing rebase issue

Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>
Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
Co-authored-by: David Yu <dyu@hashicorp.com>
Co-authored-by: Thomas Eckert <teckert@hashicorp.com>

* Adding tests for CLI status command (#10)

* Add Ability to install an HCP self-managed cluster (#8)

* Add global.cloud to values.yaml

* Map global.cloud.secreeName to environment variables and hcl in command for server container.

* Adding cloud preset and validation for it.

* add parsing gnm response to struct.

* Added functionality and unit tests for SaveSecretsFromBootstrapConfig()

* Added functionality and unit tests for GetHelmConfigWithMapSecretNames

* Added functionality and unit tests for FetchAgentBootstrapConfig()

* Rename cloud_preset_installer to cloud_preset_helper

* hooked preset installer helper to install command.  have unit test that works like acceptance test.  passing.

* changing code to work with the certs that get generated from HCP.  affects setting -tls-server-name on get-auto-encrypt-client-ca, server-acl-init, and the acl-init init containers for clients.

* Adding CLI Output changes.

* Moving and consolidating cloud preset files

* Moved preset templates to implementations of a Preset interface

* removing upgrade tests

* change context.TODO() to context.Background()

* docstrings

* fixing description for preset flag to properly show the list ofvalid presets.

* Renaming coud_prset.go to cloud_set.go

* refactor out common logic from the local getPreset functions in install and uninstall commands.

* upgrade helm and k8s deps related to customize error.

* refactor to use hcp-sdk

* removing unused vars

* updated based on latest specs.

* Refactor usage of sdk client so that it properly picks up environment variables and starts oauth flow.

* Make proper use of the resourceid to supply the BootstrapParams.  Add the ability to pass in an http client to the install command and the CloudPreset so that TLS can be used with httptest mock server since tls is enforced for the oauth request in the hcp-sdk.

* updated to latest hcp-sdk-go-internal version

* include HCP_AUTH_URL and HCP_API_HOST in configuring server-statefulset

* Adding comment to server-statefulset and commenting out test

* update comment to correct hcp-go-sdk

* update bats test comments for -tls-server-name

* get rid of cli lint error

* removing manual test

* Apply suggestions from code review

Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>

* updating new secrets to not have quotes. using os.Unsetenv in tests

* adding global.cloud.enabled

* adding space in values.yaml

* Apply suggestions from code review

Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>

* fixing test in install_test.go to have cleaner simpler logic around expecting errors.

* update function comments in cloud_preset.go

* updated conditional logic on server-statefulset.yaml to also look for cloud secret name in addition to cloud enabled when setting the cloud stanza

* updated getDeepyC…

CHANGELOG.md

@@ -1,4 +1,8 @@
 ## UNRELEASED
+FEATURES:
+* CLI:
+  * Add the ability to install installing HCP self-managed clusters.  [[GH-1540](https://github.com/hashicorp/consul-k8s/pull/1540)]
+  * Add the ability to install the HashiCups demo application via the -demo flag. [[GH-1540](https://github.com/hashicorp/consul-k8s/pull/1540)]
 
 ## 0.49.0 (September 29, 2022)
 

charts/consul/templates/_helpers.tpl

@@ -236,6 +236,9 @@ This template is for an init container.
       consul-k8s-control-plane get-consul-client-ca \
         -output-file=/consul/tls/client/ca/tls.crt \
         -consul-api-timeout={{ .Values.global.consulAPITimeout }} \
+        {{- if .Values.global.cloud.enabled }}
+        -tls-server-name=server.{{.Values.global.datacenter}}.{{.Values.global.domain}} \
+        {{- end}}
         {{- if .Values.externalServers.enabled }}
         {{- if and .Values.externalServers.enabled (not .Values.externalServers.hosts) }}{{ fail "externalServers.hosts must be set if externalServers.enabled is true" }}{{ end -}}
         -server-addr={{ quote (first .Values.externalServers.hosts) }} \
@@ -370,3 +373,15 @@ Consul server environment variables for consul-k8s commands.
 {{- end }}
 {{- end }}
 {{- end -}}
+
+{{/*
+Fails global.cloud.enabled is true and global.cloud.secretName is nil or tempty.
+
+Usage: {{ template "consul.validateCloudConfiguration" . }}
+
+*/}}
+{{- define "consul.validateCloudConfiguration" -}}
+{{- if and .Values.global.cloud.enabled (not .Values.global.cloud.secretName) }}
+{{fail "When global.cloud.enabled is true, global.cloud.secretName must also be set."}}
+{{ end }}
+{{- end -}}

charts/consul/templates/api-gateway-controller-deployment.yaml

@@ -2,6 +2,7 @@
 {{- if not .Values.client.grpc }}{{ fail "client.grpc must be true for api gateway" }}{{ end }}
 {{- if not .Values.apiGateway.image}}{{ fail "apiGateway.image must be set to enable api gateway" }}{{ end }}
 {{- if and .Values.global.adminPartitions.enabled (not .Values.global.enableConsulNamespaces) }}{{ fail "global.enableConsulNamespaces must be true if global.adminPartitions.enabled=true" }}{{ end }}
+{{ template "consul.validateCloudConfiguration" . }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:

charts/consul/templates/client-daemonset.yaml

@@ -10,6 +10,7 @@
 {{- if (and .Values.global.enterpriseLicense.secretName (not .Values.global.enterpriseLicense.secretKey)) }}{{fail "enterpriseLicense.secretKey and secretName must both be specified." }}{{ end -}}
 {{- if (and (not .Values.global.enterpriseLicense.secretName) .Values.global.enterpriseLicense.secretKey) }}{{fail "enterpriseLicense.secretKey and secretName must both be specified." }}{{ end -}}
 {{- if and .Values.externalServers.enabled (not .Values.externalServers.hosts) }}{{ fail "externalServers.hosts must be set if externalServers.enabled is true" }}{{ end -}}
+{{ template "consul.validateCloudConfiguration" . }}
 # DaemonSet to run the Consul clients on every node.
 apiVersion: apps/v1
 kind: DaemonSet
@@ -525,6 +526,8 @@ spec:
               {{- if .Values.externalServers.tlsServerName }}
               -tls-server-name={{ .Values.externalServers.tlsServerName }} \
               {{- end }}
+              {{- else if .Values.global.cloud.enabled }}
+              -tls-server-name=server.{{ .Values.global.datacenter}}.{{ .Values.global.domain}} \
               {{- end }}
               -consul-api-timeout={{ .Values.global.consulAPITimeout }} \
               -init-type="client"

charts/consul/templates/client-snapshot-agent-deployment.yaml

@@ -2,6 +2,7 @@
 {{- if or (and .Values.client.snapshotAgent.configSecret.secretName (not .Values.client.snapshotAgent.configSecret.secretKey)) (and (not .Values.client.snapshotAgent.configSecret.secretName) .Values.client.snapshotAgent.configSecret.secretKey) }}{{fail "client.snapshotAgent.configSecret.secretKey and client.snapshotAgent.configSecret.secretName must both be specified." }}{{ end -}}
 {{- if .Values.client.snapshotAgent.enabled }}
 {{- if or (and .Values.client.snapshotAgent.configSecret.secretName (not .Values.client.snapshotAgent.configSecret.secretKey)) (and (not .Values.client.snapshotAgent.configSecret.secretName) .Values.client.snapshotAgent.configSecret.secretKey) }}{{fail "client.snapshotAgent.configSecret.secretKey and client.snapshotAgent.configSecret.secretName must both be specified." }}{{ end -}}
+{{ template "consul.validateCloudConfiguration" . }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:

charts/consul/templates/connect-inject-deployment.yaml

@@ -8,6 +8,7 @@
 {{- $serverExposeServiceEnabled := (or (and (ne (.Values.server.exposeService.enabled | toString) "-") .Values.server.exposeService.enabled) (and (eq (.Values.server.exposeService.enabled | toString) "-") (or .Values.global.peering.enabled .Values.global.adminPartitions.enabled))) -}}
 {{- if not (or (eq .Values.global.peering.tokenGeneration.serverAddresses.source "") (or (eq .Values.global.peering.tokenGeneration.serverAddresses.source "static") (eq .Values.global.peering.tokenGeneration.serverAddresses.source "consul"))) }}{{ fail "global.peering.tokenGeneration.serverAddresses.source must be one of empty string, 'consul' or 'static'" }}{{ end }}
 {{- if and .Values.externalServers.enabled (not .Values.externalServers.hosts) }}{{ fail "externalServers.hosts must be set if externalServers.enabled is true" }}{{ end -}}
+{{ template "consul.validateCloudConfiguration" . }}
 # The deployment for running the Connect sidecar injector
 apiVersion: apps/v1
 kind: Deployment

charts/consul/templates/controller-deployment.yaml

@@ -2,6 +2,7 @@
 {{- if and .Values.global.adminPartitions.enabled (not .Values.global.enableConsulNamespaces) }}{{ fail "global.enableConsulNamespaces must be true if global.adminPartitions.enabled=true" }}{{ end }}
 {{- if and .Values.externalServers.enabled (not .Values.externalServers.hosts) }}{{ fail "externalServers.hosts must be set if externalServers.enabled is true" }}{{ end -}}
 {{ template "consul.validateVaultWebhookCertConfiguration" . }}
+{{ template "consul.validateCloudConfiguration" . }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:

charts/consul/templates/create-federation-secret-job.yaml

@@ -2,6 +2,7 @@
 {{- if not .Values.global.federation.enabled }}{{ fail "global.federation.enabled must be true when global.federation.createFederationSecret is true" }}{{ end }}
 {{- if and (not .Values.global.acls.createReplicationToken) .Values.global.acls.manageSystemACLs }}{{ fail "global.acls.createReplicationToken must be true when global.acls.manageSystemACLs is true because the federation secret must include the replication token" }}{{ end }}
 {{- if eq (int .Values.server.updatePartition) 0 }}
+{{ template "consul.validateCloudConfiguration" . }}
 apiVersion: batch/v1
 kind: Job
 metadata:

charts/consul/templates/ingress-gateways-deployment.yaml

@@ -2,6 +2,7 @@
 {{- if not .Values.connectInject.enabled }}{{ fail "connectInject.enabled must be true" }}{{ end -}}
 {{- if and .Values.global.adminPartitions.enabled (not .Values.global.enableConsulNamespaces) }}{{ fail "global.enableConsulNamespaces must be true if global.adminPartitions.enabled=true" }}{{ end }}
 {{- if .Values.global.lifecycleSidecarContainer }}{{ fail "global.lifecycleSidecarContainer has been renamed to global.consulSidecarContainer. Please set values using global.consulSidecarContainer." }}{{ end }}
+{{ template "consul.validateCloudConfiguration" . }}
 
 {{- $root := . }}
 {{- $defaults := .Values.ingressGateways.defaults }}

charts/consul/templates/mesh-gateway-deployment.yaml

@@ -5,6 +5,7 @@
 {{- if and .Values.global.adminPartitions.enabled (not .Values.global.enableConsulNamespaces) }}{{ fail "global.enableConsulNamespaces must be true if global.adminPartitions.enabled=true" }}{{ end }}
 {{- if and (eq .Values.meshGateway.wanAddress.source "Static") (eq .Values.meshGateway.wanAddress.static "") }}{{ fail "if meshGateway.wanAddress.source=Static then meshGateway.wanAddress.static cannot be empty" }}{{ end }}
 {{- if and (eq .Values.meshGateway.wanAddress.source "Service") (eq .Values.meshGateway.service.type "NodePort") (not .Values.meshGateway.service.nodePort) }}{{ fail "if meshGateway.wanAddress.source=Service and meshGateway.service.type=NodePort, meshGateway.service.nodePort must be set" }}{{ end }}
+{{ template "consul.validateCloudConfiguration" . }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:

charts/consul/templates/server-acl-init-job.yaml

@@ -7,6 +7,7 @@
 {{- if or (and .Values.global.acls.bootstrapToken.secretName (not .Values.global.acls.bootstrapToken.secretKey))  (and .Values.global.acls.bootstrapToken.secretKey (not .Values.global.acls.bootstrapToken.secretName))}}{{ fail "both global.acls.bootstrapToken.secretKey and global.acls.bootstrapToken.secretName must be set if one of them is provided" }}{{ end -}}
 {{- if or (and .Values.global.acls.replicationToken.secretName (not .Values.global.acls.replicationToken.secretKey))  (and .Values.global.acls.replicationToken.secretKey (not .Values.global.acls.replicationToken.secretName))}}{{ fail "both global.acls.replicationToken.secretKey and global.acls.replicationToken.secretName must be set if one of them is provided" }}{{ end -}}
 {{- if (and .Values.global.secretsBackend.vault.enabled (and (not .Values.global.acls.bootstrapToken.secretName) (not .Values.global.acls.replicationToken.secretName ))) }}{{fail "global.acls.bootstrapToken or global.acls.replicationToken must be provided when global.secretsBackend.vault.enabled and global.acls.manageSystemACLs are true" }}{{ end -}}
+{{ template "consul.validateCloudConfiguration" . }}
 {{- if (and .Values.global.secretsBackend.vault.enabled (not .Values.global.secretsBackend.vault.manageSystemACLsRole)) }}{{fail "global.secretsBackend.vault.manageSystemACLsRole is required when global.secretsBackend.vault.enabled and global.acls.manageSystemACLs are true" }}{{ end -}}
   {{- /* We don't render this job when server.updatePartition > 0 because that
     means a server rollout is in progress and this job won't complete unless
@@ -148,6 +149,9 @@ spec:
                 -resource-prefix=${CONSUL_FULLNAME} \
                 -k8s-namespace={{ .Release.Namespace }} \
                 -set-server-tokens={{ $serverEnabled }} \
+                {{- if .Values.global.cloud.enabled }}
+                -consul-tls-server-name=server.{{ .Values.global.datacenter}}.{{ .Values.global.domain}} \
+                {{- end}}
                 -consul-api-timeout={{ .Values.global.consulAPITimeout }} \
 
                 {{- if .Values.externalServers.enabled }}

charts/consul/templates/server-statefulset.yaml

@@ -15,6 +15,7 @@
 {{- if (and (not .Values.global.enterpriseLicense.secretName) .Values.global.enterpriseLicense.secretKey) }}{{fail "enterpriseLicense.secretKey and secretName must both be specified." }}{{ end -}}
 {{- if (and .Values.global.acls.bootstrapToken.secretName (not .Values.global.acls.bootstrapToken.secretKey)) }}{{fail "both global.acls.bootstrapToken.secretKey and global.acls.bootstrapToken.secretName must be set if one of them is provided." }}{{ end -}}
 {{- if (and (not .Values.global.acls.bootstrapToken.secretName) .Values.global.acls.bootstrapToken.secretKey) }}{{fail "both global.acls.bootstrapToken.secretKey and global.acls.bootstrapToken.secretName must be set if one of them is provided." }}{{ end -}}
+{{ template "consul.validateCloudConfiguration" . }}
 # StatefulSet to run the actual Consul server cluster.
 apiVersion: apps/v1
 kind: StatefulSet
@@ -253,6 +254,43 @@ spec:
                   name: {{ .Values.global.acls.replicationToken.secretName | quote }}
                   key: {{ .Values.global.acls.replicationToken.secretKey | quote }}
             {{- end }}
+            {{- if and .Values.global.cloud.enabled .Values.global.cloud.secretName }}
+            # These are mounted as secrets so that the consul server agent can use them.
+            # - the hcp-go-sdk in consul agent will already look for HCP_CLIENT_ID, HCP_CLIENT_SECRET, HCP_AUTH_URL, 
+            #   HCP_SCADA_ADDRESS, and HCP_API_HOST.  so nothing more needs to be done.
+            # - HCP_RESOURCE_ID is created for use in the 
+            #   `-hcl="cloud { resource_id = \"${HCP_RESOURCE_ID}\" }"` logic in the command below.
+            - name: HCP_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.global.cloud.secretName }}
+                  key: client-id
+            - name: HCP_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.global.cloud.secretName }}
+                  key: client-secret
+            - name: HCP_RESOURCE_ID
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.global.cloud.secretName }}
+                  key: resource-id
+            - name: HCP_AUTH_URL
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.global.cloud.secretName }}
+                  key: auth-url
+            - name: HCP_API_HOST
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.global.cloud.secretName }}
+                  key: api-hostname            
+            - name: HCP_SCADA_ADDRESS
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.global.cloud.secretName }}
+                  key: scada-address            
+            {{- end }}
             {{- include "consul.extraEnvironmentVars" .Values.server | nindent 12 }}
           command:
             - "/bin/sh"
@@ -298,6 +336,9 @@ spec:
                 {{- end }}
                 {{- end }}
                 -config-file=/consul/extra-config/extra-from-values.json
+                {{- if and .Values.global.cloud.enabled .Values.global.cloud.secretName }}
+                -hcl="cloud { resource_id = \"${HCP_RESOURCE_ID}\" }"
+                {{- end }}
           volumeMounts:
             - name: data-{{ .Release.Namespace | trunc 58 | trimSuffix "-" }}
               mountPath: /consul/data

charts/consul/templates/sync-catalog-deployment.yaml

@@ -1,6 +1,7 @@
 {{- $clientEnabled := (or (and (ne (.Values.client.enabled | toString) "-") .Values.client.enabled) (and (eq (.Values.client.enabled | toString) "-") .Values.global.enabled)) }}
 {{- if (or (and (ne (.Values.syncCatalog.enabled | toString) "-") .Values.syncCatalog.enabled) (and (eq (.Values.syncCatalog.enabled | toString) "-") .Values.global.enabled)) }}
 {{- template "consul.reservedNamesFailer" (list .Values.syncCatalog.consulNamespaces.consulDestinationNamespace "syncCatalog.consulNamespaces.consulDestinationNamespace") }}
+{{ template "consul.validateCloudConfiguration" . }}
 # The deployment for running the sync-catalog pod
 apiVersion: apps/v1
 kind: Deployment

charts/consul/templates/terminating-gateways-deployment.yaml

@@ -1,6 +1,7 @@
 {{- if .Values.terminatingGateways.enabled }}
 {{- if not .Values.connectInject.enabled }}{{ fail "connectInject.enabled must be true" }}{{ end -}}
 {{- if and .Values.global.adminPartitions.enabled (not .Values.global.enableConsulNamespaces) }}{{ fail "global.enableConsulNamespaces must be true if global.adminPartitions.enabled=true" }}{{ end }}
+{{ template "consul.validateCloudConfiguration" . }}
 
 {{- $root := . }}
 {{- $defaults := .Values.terminatingGateways.defaults }}

charts/consul/test/unit/api-gateway-controller-deployment.bats

@@ -904,3 +904,23 @@ load _helpers
       yq -r '.spec.template.metadata.annotations.foo' | tee /dev/stderr)
   [ "${actual}" = "bar" ]
 }
+
+#--------------------------------------------------------------------
+# global.cloud
+
+@test "apiGateway/Deployment: fails when global.cloud.enabled is set and global.cloud.secretName is not set" {
+  cd `chart_dir`
+  run helm template \
+      -s templates/api-gateway-controller-deployment.yaml  \
+      --set 'apiGateway.enabled=true' \
+      --set 'apiGateway.image=foo' \
+      --set 'global.tls.enabled=true' \
+      --set 'global.tls.enableAutoEncrypt=true' \
+      --set 'global.datacenter=dc-foo' \
+      --set 'global.domain=bar' \
+      --set 'global.cloud.enabled=true' \
+      .
+
+  [ "$status" -eq 1 ]
+  [[ "$output" =~ "When global.cloud.enabled is true, global.cloud.secretName must also be set." ]]
+}

charts/consul/test/unit/client-daemonset.bats

@@ -2622,3 +2622,22 @@ rollingUpdate:
   [ "$status" -eq 1 ]
   [[ "$output" =~ "global.imageK8s is not a valid key, use global.imageK8S (note the capital 'S')" ]]
 }
+
+#--------------------------------------------------------------------
+# global.cloud
+
+@test "client/DaemonSet: fails when global.cloud.enabled is set and global.cloud.secretName is not set" {
+  cd `chart_dir`
+  run helm template \
+      -s templates/client-daemonset.yaml  \
+      --set 'global.acls.manageSystemACLs=true' \
+      --set 'global.tls.enabled=true' \
+      --set 'global.tls.enableAutoEncrypt=true' \
+      --set 'global.datacenter=dc-foo' \
+      --set 'global.domain=bar' \
+      --set 'global.cloud.enabled=true' \
+      .
+
+  [ "$status" -eq 1 ]
+  [[ "$output" =~ "When global.cloud.enabled is true, global.cloud.secretName must also be set." ]]
+}

charts/consul/test/unit/client-snapshot-agent-deployment.bats

@@ -1153,3 +1153,22 @@ MIICFjCCAZsCCQCdwLtdjbzlYzAKBggqhkjOPQQDAjB0MQswCQYDVQQGEwJDQTEL' \
       yq -r '.spec.template.spec.containers[0].command[2] | contains("-interval=10h34m5s")' | tee /dev/stderr)
   [ "${actual}" = "true" ]
 }
+
+#--------------------------------------------------------------------
+# global.cloud
+
+@test "client/SnapshotAgentDeployment: fails when global.cloud.enabled is set and global.cloud.secretName is not set" {
+  cd `chart_dir`
+  run helm template \
+      -s templates/client-snapshot-agent-deployment.yaml  \
+      --set 'client.snapshotAgent.enabled=true' \
+      --set 'global.tls.enabled=true' \
+      --set 'global.tls.enableAutoEncrypt=true' \
+      --set 'global.datacenter=dc-foo' \
+      --set 'global.domain=bar' \
+      --set 'global.cloud.enabled=true' \
+      .
+
+  [ "$status" -eq 1 ]
+  [[ "$output" =~ "When global.cloud.enabled is true, global.cloud.secretName must also be set." ]]
+}

charts/consul/test/unit/connect-inject-deployment.bats

@@ -830,7 +830,6 @@ load _helpers
   local actual=$(echo "$env" |
     jq -r '. | select( .name == "CONSUL_LOGIN_DATACENTER").value' | tee /dev/stderr)
   [ "${actual}" = "dc1" ]
-
   local actual=$(echo "$env" |
     jq -r '. | select( .name == "CONSUL_LOGIN_META").value' | tee /dev/stderr)
   [ "${actual}" = 'component=connect-injector,pod=$(NAMESPACE)/$(POD_NAME)' ]
@@ -2334,3 +2333,22 @@ reservedNameTest() {
   local actual=$(echo "$spec" | yq '.volumes[] | select(.name == "consul-ca-cert")' | tee /dev/stderr)
   [ "${actual}" = "" ]
 }
+
+#--------------------------------------------------------------------
+# global.cloud
+
+@test "connectInject/Deployment: fails when global.cloud.enabled is set and global.cloud.secretName is not set" {
+  cd `chart_dir`
+  run helm template \
+      -s templates/connect-inject-deployment.yaml  \
+      --set 'connectInject.enabled=true' \
+      --set 'global.tls.enabled=true' \
+      --set 'global.tls.enableAutoEncrypt=true' \
+      --set 'global.datacenter=dc-foo' \
+      --set 'global.domain=bar' \
+      --set 'global.cloud.enabled=true' \
+      .
+
+  [ "$status" -eq 1 ]
+  [[ "$output" =~ "When global.cloud.enabled is true, global.cloud.secretName must also be set." ]]
+}

charts/consul/test/unit/controller-deployment.bats

@@ -841,4 +841,21 @@ load _helpers
   [ "${actual}" = "" ]
 }
 
+#--------------------------------------------------------------------
+# global.cloud
 
+@test "controller/Deployment: fails when global.cloud.enabled is set and global.cloud.secretName is not set" {
+  cd `chart_dir`
+  run helm template \
+      -s templates/controller-deployment.yaml  \
+      --set 'controller.enabled=true' \
+      --set 'global.tls.enabled=true' \
+      --set 'global.tls.enableAutoEncrypt=true' \
+      --set 'global.datacenter=dc-foo' \
+      --set 'global.domain=bar' \
+      --set 'global.cloud.enabled=true' \
+      .
+
+  [ "$status" -eq 1 ]
+  [[ "$output" =~ "When global.cloud.enabled is true, global.cloud.secretName must also be set." ]]
+}

charts/consul/test/unit/ingress-gateways-deployment.bats

@@ -1145,3 +1145,23 @@ key2: value2' \
       yq -s -r '.[0].spec.template.spec.terminationGracePeriodSeconds' | tee /dev/stderr)
   [ "${actual}" = "30" ]
 }
+
+#--------------------------------------------------------------------
+# global.cloud
+
+@test "ingressGateways/Deployment: fails when global.cloud.enabled is set and global.cloud.secretName is not set" {
+  cd `chart_dir`
+  run helm template \
+      -s templates/ingress-gateways-deployment.yaml  \
+      --set 'ingressGateways.enabled=true' \
+      --set 'connectInject.enabled=true' \
+      --set 'global.tls.enabled=true' \
+      --set 'global.tls.enableAutoEncrypt=true' \
+      --set 'global.datacenter=dc-foo' \
+      --set 'global.domain=bar' \
+      --set 'global.cloud.enabled=true' \
+      .
+
+  [ "$status" -eq 1 ]
+  [[ "$output" =~ "When global.cloud.enabled is true, global.cloud.secretName must also be set." ]]
+}