9999 key : {{ include "newrelic-agent-control.auth.l1IdentityCredentialsKey.clientSecretKeyName" . }}
100100 {{- end }}
101101 command :
102- - ash
102+ - bash
103103 args :
104104 - -c
105105 - |
@@ -111,180 +111,60 @@ spec:
111111 exit 0
112112 fi
113113
114- echo Generating the Keys...
115- TEMPORAL_FOLDER=gen-folder
116- mkdir $TEMPORAL_FOLDER
117- openssl genrsa -out "$TEMPORAL_FOLDER/key" 4096
118- openssl rsa -in "$TEMPORAL_FOLDER/key" -pubout -out "$TEMPORAL_FOLDER/pub"
119-
120- echo Key generated, creating the identity...
121- if [ "${NEW_RELIC_AUTH_CLIENT_ID:-}" != "" ] && [ "${NEW_RELIC_AUTH_CLIENT_SECRET:-}" != "" ]; then
122- echo Starting with L1 System Identity...
123- ############################################################
124- # Get the L1 Access Token
125- ############################################################
126- RESPONSE_FILE=$TEMPORAL_FOLDER/response_token.json
127- for RETRY in 1 2 3; do
128- HTTP_CODE=$(echo '{"client_id": "'$NEW_RELIC_AUTH_CLIENT_ID'", "client_secret": "'$NEW_RELIC_AUTH_CLIENT_SECRET'", "grant_type": "client_credentials"}' | tr -d $'\n' | curl \
129- -s -S -w "%{http_code}" \
130- -H "Content-Type: application/json" \
131- -o "$RESPONSE_FILE" \
132- --data-binary @- \
133- --max-time 60 \
134- "{{ include "newrelic-agent-control.config.endpoints.tokenRenewal" . }}")
114+ echo "Secret not present, creating a new System Identity..."
135115
136- if [ $HTTP_CODE -eq 200 ]; then
137- break
138- fi
116+ REGION={{ include "newrelic.common.region" . }}
117+ echo "Authenticating with New Relic ($REGION)..."
139118
140- if [ -z "$HTTP_CODE" ] || [ "$HTTP_CODE" -eq 0 ]; then
141- echo "Network error occurred or no HTTP response was received. Retrying ($RETRY/3)..."
142- sleep 2
143- continue
144- else
145- if jq empty "$TEMPORAL_FOLDER/response_token.json" > /dev/null 2>&1; then
146- ERROR_MESSAGE=$(jq '.error_description // "invalid_request"' < "$TEMPORAL_FOLDER/response_token.json" | tr -d '"')
147- echo "Error getting system identity auth token. The API endpoint returned $HTTP_CODE: $ERROR_MESSAGE. Retrying ($RETRY/3)..."
148- sleep 2
149- else
150- echo -n "Error getting system identity auth token. The API endpoint returned $HTTP_CODE: " && cat "$TEMPORAL_FOLDER/response_token.json" | tr -d '\n' && echo " Retrying ($RETRY/3)..."
151- sleep 2
152- continue
153- fi
154- fi
155- done
119+ ACCESS_TOKEN=""
120+ for RETRY in 1 2 3; do
121+ ACCESS_TOKEN=$(newrelic-auth-cli authenticate --client-id "$NEW_RELIC_AUTH_CLIENT_ID" --client-secret "$NEW_RELIC_AUTH_CLIENT_SECRET" --environment "$REGION" --output-token-format Plain)
156122
157- if [ $HTTP_CODE -ne 200 ]; then
158- echo "Error getting system identity auth token "
159- exit 99
123+ if [ -n "$ACCESS_TOKEN" ]; then
124+ echo "Access token obtained successfully "
125+ break
160126 fi
161127
162- ACCESS_TOKEN=$(jq '.access_token' < "$RESPONSE_FILE" | tr -d '"' )
163-
164- echo Starting with L2 System Identity...
165- ############################################################
166- # Create System Identity (L1/L2 System Identities)
167- ############################################################
168- DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
169- NAME="System Identity for $(hostname) - $DATE"
170-
171- for RETRY in 1 2 3; do
172- HTTP_CODE=$(echo '{ "query":
173- "mutation {
174- systemIdentityCreate(
175- name: \"'$NAME'\",
176- organizationId: \"{{ include "newrelic-agent-control.auth.organizationId" . }}\",
177- publicKey: \"'$(openssl enc -base64 -A -in "$TEMPORAL_FOLDER/pub")'\"
178- ) {
179- clientId,
180- name
181- }
182- }"
183- }' | tr -d $'\n' | curl \
184- -s -S -w "%{http_code}" \
185- -H "Content-Type: application/json" \
186- -H "Authorization: Bearer $ACCESS_TOKEN" \
187- -o "$TEMPORAL_FOLDER/response.json" \
188- --data-binary @- \
189- --max-time 60 \
190- "{{ include "newrelic-agent-control.config.endpoints.systemIdentityCreation" . }}"
191- )
192-
193- if [ $HTTP_CODE -eq 200 ]; then
194- break
195- fi
196-
197- if [ -z "$HTTP_CODE" ] || [ "$HTTP_CODE" -eq 0 ]; then
198- echo "Network error occurred or no HTTP response was received during L2 identity creation. Retrying ($RETRY/3)..."
199- sleep 2
200- continue
201- else
202- if jq empty "$TEMPORAL_FOLDER/response_token.json" > /dev/null 2>&1; then
203- ERROR_MESSAGE=$(jq '.errors[0].message // "invalid_request"' < "$TEMPORAL_FOLDER/response_token.json" | tr -d '"')
204- echo "Error creating L2 system identity. The API endpoint returned $HTTP_CODE: $ERROR_MESSAGE. Retrying ($RETRY/3)..."
205- sleep 2
206- else
207- echo -n "Error creating L2 system identity. The API endpoint returned $HTTP_CODE: " && cat "$TEMPORAL_FOLDER/response_token.json" | tr -d '\n' && echo " Retrying ($RETRY/3)..."
208- sleep 2
209- continue
210- fi
211- fi
212- done
213-
214- if [ $HTTP_CODE -ne 200 ]; then
215- echo "Error: The API endpoint returned HTTP code $HTTP_CODE."
216- exit 99
128+ if [ -z $ACCESS_TOKEN ]; then
129+ echo "Network error occurred or no HTTP response was received. Retrying ($RETRY/3)..."
130+ sleep 2
131+ continue
217132 fi
133+ done
218134
219- if jq empty "$TEMPORAL_FOLDER/response_token.json" > /dev/null 2>&1; then
220- ERROR_MESSAGE=$(jq '.errors[0].message // "NOERROR"' < "$TEMPORAL_FOLDER/response.json" | tr -d '"')
221- if [ "$ERROR_MESSAGE" != "NOERROR" ]; then
222- echo "Failed to create a New Relic System Identity L2 for Fleet Control communication authentication. Please verify that your User Key is valid and that your Account Organization has the necessary permissions to create a System Identity: $ERROR_MESSAGE"
223- exit 100
224- fi
225- fi
226-
227- CLIENT_ID=$(jq '.data.systemIdentityCreate.clientId' < "$TEMPORAL_FOLDER/response.json" | tr -d '"' )
228- else
229- echo Starting with Legacy UserApiKey System Identity...
230- ############################################################
231- # Create System Identity (Legacy)
232- ############################################################
233- for RETRY in 1 2 3; do
234- HTTP_CODE=$(echo '{ "query":
235- "mutation {
236- systemIdentityCreate(
237- name: \"System Identity for Kubernetes cluster '{{ include "newrelic.common.cluster" . }}'\",
238- organizationId: \"{{ include "newrelic-agent-control.auth.organizationId" . }}\",
239- publicKey: \"'$(openssl enc -base64 -A -in "$TEMPORAL_FOLDER/pub")'\"
240- ) {
241- clientId,
242- name
243- }
244- }"
245- }' | tr -d $'\n' | \
246- curl \
247- -s -S -w "%{http_code}" \
248- -H "Content-Type: application/json" \
249- -H "API-Key: $USER_KEY" \
250- -o "$TEMPORAL_FOLDER/response.json" \
251- --data @- \
252- --max-time 60 \
253- "{{ include "newrelic-agent-control.config.endpoints.systemIdentityRegistration" . }}"
254- )
255- if [ $HTTP_CODE -eq 200 ]; then
256- break
257- fi
258-
259- if [ -z "$HTTP_CODE" ] || [ "$HTTP_CODE" -eq 0 ]; then
260- echo "Network error occurred or no HTTP response was received during legacy identity creation. Retrying ($RETRY/3)..."
261- sleep 2
262- continue
263- else
264- if jq empty "$TEMPORAL_FOLDER/response_token.json" > /dev/null 2>&1; then
265- ERROR_MESSAGE=$(jq '.errors[0].message // "invalid_request"' < "$TEMPORAL_FOLDER/response_token.json" | tr -d '"')
266- echo "Error creating the new legacy system identity. The API endpoint returned $HTTP_CODE: $ERROR_MESSAGE. Retrying ($RETRY/3)..."
267- sleep 2
268- else
269- echo -n "Error creating the new legacy system identity. The API endpoint returned $HTTP_CODE: " && cat "$TEMPORAL_FOLDER/response_token.json" | tr -d '\n' && echo " Retrying ($RETRY/3)..."
270- sleep 2
271- continue
272- fi
273- fi
274- done
135+ if [ -z "$ACCESS_TOKEN" ]; then
136+ echo "Error getting system identity auth token"
137+ exit 99
138+ fi
275139
276- if [ $HTTP_CODE -ne 200 ]; then echo HTTP_CODE=$HTTP_CODE ;exit 1; fi
140+ echo "Authenticated successfully"
141+ echo "Creating System Identity..."
277142
278- if jq empty "$TEMPORAL_FOLDER/response_token.json" > /dev/null 2>&1; then
279- ERROR_MESSAGE=$(jq '.errors[0].message // "NOERROR"' < "$TEMPORAL_FOLDER/response.json" | tr -d '"')
280- if [ "$ERROR_MESSAGE" != "NOERROR" ]; then
281- echo "Failed to create a New Relic Legacy System Identity for Fleet Control communication authentication. Please verify that your User Key is valid and that your Account Organization has the necessary permissions to create a System Identity: $ERROR_MESSAGE"
282- exit 100
283- fi
143+ ORG_ID={{ include "newrelic-agent-control.auth.organizationId" . }}
144+ TEMPORAL_FOLDER=gen-folder
145+ mkdir $TEMPORAL_FOLDER
146+ CLIENT_ID=""
147+ DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
148+ NAME="System Identity for $(hostname) - $DATE"
149+ for RETRY in 1 2 3; do
150+ OUTPUT=$(newrelic-auth-cli create-identity key --name "$NAME" --organization-id "$ORG_ID" --client-id "$NEW_RELIC_AUTH_CLIENT_ID" --environment "$REGION" --bearer-access-token "$ACCESS_TOKEN" --output-platform "local-file" --output-local-filepath "$TEMPORAL_FOLDER/key")
151+ CLIENT_ID=$(echo "$OUTPUT" | jq -r '.client_id // empty')
152+
153+ if [ -n "$CLIENT_ID" ]; then
154+ echo "System identity created successfully"
155+ break
284156 fi
285-
286- CLIENT_ID=$(jq -r '.data.systemIdentityCreate.clientId' "$TEMPORAL_FOLDER/response.json")
157+ if [ -z "$CLIENT_ID" ]; then
158+ echo "Network error occurred or no HTTP response was received. Retrying ($RETRY/3)..."
159+ sleep 2
160+ continue
161+ fi
162+ done
163+ if [ -z "$CLIENT_ID" ]; then
164+ echo "Error creating system identity"
165+ exit 99
287166 fi
167+
288168 echo Creating the secret '{{ include "newrelic-agent-control.auth.secret.name" . }}'...
289169 kubectl create secret generic --dry-run=client -o json \
290170 {{ include "newrelic-agent-control.auth.secret.name" . }} \
0 commit comments