feat: add config generator to host cli

Author: sigilioso

Cargo.lock

@@ -36,7 +36,7 @@ chrono = { workspace = true }
 base64 = { version = "0.22.1" }
 # New Relic dependencies (private external repos)
 # IMPORTANT: GitHub deployment keys are used to access these repos on the CI/CD pipelines
-nr-auth = { git = "https://github.com/newrelic/newrelic-auth-rs.git", tag = "0.0.11" }
+nr-auth = { git = "https://github.com/newrelic/newrelic-auth-rs.git", tag = "0.1.1" }
 opamp-client = { git = "https://github.com/newrelic/newrelic-opamp-rs.git", tag = "0.0.34" }
 # local dependencies
 fs = { path = "../fs" }
@@ -91,7 +91,6 @@ fs = { path = "../fs", features = ["mocks"] }
 tokio = { version = "1.48.0", features = ["rt-multi-thread", "macros"] }
 fake = { version = "4.4.0", features = ["derive", "http"] }
 prost = "0.14.1"
-# Alpha version needed to test proxy the feature, it is safe because it is only used as dev-dependency
 httpmock = { version = "0.8.2", features = ["proxy"] }
 serial_test = "3.2.0"
 futures = "0.3.31"

agent-control/Cargo.toml

@@ -1,39 +1,37 @@
 use std::process::ExitCode;
 
 use clap::Parser;
-use newrelic_agent_control::cli::{
-    logs,
-    on_host::config_gen::{ConfigInputs, generate_config},
-};
+use newrelic_agent_control::cli::{logs, on_host::config_gen};
 use tracing::Level;
 
 #[derive(Debug, clap::Parser)]
 #[command()]
 struct Cli {
     #[command(subcommand)]
     command: Commands,
+    /// Log level for the cli command
     #[arg(long, global = true, default_value = "info")]
-    log_level: Level,
+    cli_log_level: Level,
 }
 
 /// Commands supported by the cli
 #[derive(Debug, clap::Subcommand)]
 enum Commands {
     // Generate Agent Control configuration according to the provided configuration data.
-    GenerateConfig(ConfigInputs),
+    GenerateConfig(config_gen::Args),
 }
 
 fn main() -> ExitCode {
     let cli = Cli::parse();
 
-    let tracer = logs::init(cli.log_level);
+    let tracer = logs::init(cli.cli_log_level);
     if let Err(err) = tracer {
         eprintln!("Failed to initialize tracing: {err}");
         return err.into();
     }
 
     let result = match cli.command {
-        Commands::GenerateConfig(inputs) => generate_config(inputs),
+        Commands::GenerateConfig(inputs) => config_gen::generate_config(inputs),
     };
 
     if let Err(err) = result {

agent-control/src/bin/main_agent_control_onhost_cli.rs

@@ -1,14 +1,305 @@
-use crate::cli::error::CliError;
+//! Implementation of the generate-config command for the on-host cli.
 
+use std::path::PathBuf;
+
+use tracing::info;
+
+use crate::{
+    cli::{
+        error::CliError,
+        on_host::config_gen::{
+            config::{AgentSet, AuthConfig, Config, FleetControl, Server, SignatureValidation},
+            identity::{Identity, provide_identity},
+            region::{Region, region_parser},
+        },
+    },
+    http::config::ProxyConfig,
+};
+
+pub mod config;
+pub mod identity;
+pub mod region;
+
+/// Generates the Agent Control configuration for host environments.
 #[derive(Debug, clap::Parser)]
-pub struct ConfigInputs {
+pub struct Args {
+    /// Sets where the generated configuration should be written to.
+    #[arg(long)]
+    output_path: PathBuf,
+
+    /// Defines if Fleet Control is enabled
+    #[arg(long, default_value = "true")]
+    fleet_enabled: bool,
+
+    /// New Relic region
+    #[arg(long, value_parser = region_parser())]
+    region: Region,
+
     /// Fleet identifier
     #[arg(long)]
-    fleet_id: Option<String>,
-    // TODO: add remaining inputs
+    fleet_id: String,
+
+    /// Organization identifier
+    #[arg(long)]
+    organization_id: String,
+
+    /// Set of agents to be used as local configuration.
+    #[arg(long)]
+    agent_set: AgentSet,
+
+    /// Client ID corresponding to the parent system identity (requires `auth_client_secret`).
+    #[arg(long)]
+    auth_parent_client_id: String,
+
+    /// Client Secret corresponding to the parent system identity (requires `auth_client_id`).
+    #[arg(long)]
+    auth_parent_client_secret: String,
+
+    /// Auth token corresponding to the parent system identity.
+    #[arg(long)]
+    auth_parent_token: String,
+
+    /// When (`auth_token` or `auth_client_id` + `auth_client_secret`) are set, this path is used
+    /// to store the identity key. Otherwise, the path is expected to contain the already provided
+    /// private key was already provided.
+    #[arg(long)]
+    auth_private_key_path: PathBuf,
+
+    /// Client identifier corresponding to an already provisioned identity. No identity creation is performed,
+    /// therefore setting this up also requires an existing private key pointed in `auth_private_key_path`.
+    #[arg(long)]
+    auth_client_id: String,
+
+    /// Proxy configuration
+    #[command(flatten)]
+    proxy_config: Option<ProxyConfig>,
 }
 
 /// Generates the Agent Control configuration and any requisite according to the provided inputs.
-pub fn generate_config(_inputs: ConfigInputs) -> Result<(), CliError> {
-    unimplemented!("TODO: implement config generation")
+pub fn generate_config(args: Args) -> Result<(), CliError> {
+    info!("Generating Agent Control configuration");
+    let yaml = gen_config(&args, provide_identity)?;
+
+    std::fs::write(&args.output_path, yaml).map_err(|err| {
+        CliError::Command(format!(
+            "error writing the configuration file to '{}': {}",
+            args.output_path.to_string_lossy(),
+            err
+        ))
+    })?;
+    info!(config_path=%args.output_path.to_string_lossy(), "Agent Control configuration generated successfully");
+    Ok(())
+}
+
+/// Generates the configuration according to args using the provided function to generate the identity.
+fn gen_config<F>(args: &Args, provide_identity_fn: F) -> Result<String, CliError>
+where
+    F: Fn(&Args) -> Result<Identity, CliError>,
+{
+    let fleet_control = if !args.fleet_enabled {
+        None
+    } else {
+        let Identity {
+            client_id,
+            private_key_path,
+        } = provide_identity_fn(args)?;
+
+        Some(FleetControl {
+            endpoint: args.region.opamp_endpoint().to_string(),
+            signature_validation: SignatureValidation {
+                public_key_server_url: args.region.public_key_endpoint().to_string(),
+            },
+            fleet_id: args.fleet_id.to_string(),
+            auth_config: AuthConfig {
+                token_url: args.region.token_renewal_endpoint().to_string(),
+                client_id,
+                provider: "local".to_string(),
+                private_key_path: private_key_path.to_string_lossy().to_string(),
+            },
+        })
+    };
+
+    let config = Config {
+        fleet_control,
+        server: Server { enabled: true },
+        proxy: args.proxy_config.clone(),
+        agents: args.agent_set.into(),
+    };
+
+    serde_yaml::to_string(&config)
+        .map_err(|err| CliError::Command(format!("failed to serialize configuration: {err}")))
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use rstest::rstest;
+
+    #[rstest]
+    #[case(true, Region::US, AgentSet::InfraAgent, None, EXPECTED_INFRA_US)]
+    #[case(true, Region::EU, AgentSet::Otel, None, EXPECTED_OTEL_EU)]
+    #[case(true, Region::STAGING, AgentSet::None, None, EXPECTED_NONE_STAGING)]
+    #[case(
+        false,
+        Region::US,
+        AgentSet::InfraAgent,
+        None,
+        EXPECTED_FLEET_DISABLED_INFRA
+    )]
+    #[case(
+        true,
+        Region::US,
+        AgentSet::InfraAgent,
+        some_proxy_config(),
+        EXPECTED_INFRA_US_PROXY
+    )]
+    fn test_gen_config_with_fleet_enabled(
+        #[case] fleet_enabled: bool,
+        #[case] region: Region,
+        #[case] agent_set: AgentSet,
+        #[case] proxy_config: Option<ProxyConfig>,
+        #[case] expected: &str,
+    ) {
+        let args = create_test_args(fleet_enabled, region, agent_set, proxy_config);
+
+        let yaml = gen_config(&args, identity_provider_mock).expect("result expected to be OK");
+
+        let parsed: serde_yaml::Value =
+            serde_yaml::from_str(&yaml).expect("Invalid generated YAML");
+        let expected_parsed: serde_yaml::Value =
+            serde_yaml::from_str(expected).expect("Invalid expectation");
+
+        assert_eq!(parsed, expected_parsed);
+    }
+
+    fn identity_provider_mock(_: &Args) -> Result<Identity, CliError> {
+        Ok(Identity {
+            client_id: "test-client-id".to_string(),
+            private_key_path: PathBuf::from("/path/to/private/key"),
+        })
+    }
+
+    fn create_test_args(
+        fleet_enabled: bool,
+        region: Region,
+        agent_set: AgentSet,
+        proxy_config: Option<ProxyConfig>,
+    ) -> Args {
+        Args {
+            output_path: PathBuf::from("/tmp/config.yaml"),
+            fleet_enabled,
+            region,
+            fleet_id: "test-fleet-id".to_string(),
+            organization_id: "test-org-id".to_string(),
+            agent_set,
+            auth_parent_client_id: "parent-client-id".to_string(),
+            auth_parent_client_secret: "parent-client-secret".to_string(),
+            auth_parent_token: "parent-token".to_string(),
+            auth_private_key_path: PathBuf::from("/path/to/key"),
+            auth_client_id: "client-id".to_string(),
+            proxy_config,
+        }
+    }
+
+    fn some_proxy_config() -> Option<ProxyConfig> {
+        let proxy_config: ProxyConfig = serde_yaml::from_str(
+            r#"{"url": "https://some.proxy.url/", "ca_bundle_dir": "/test/bundle/dir",
+                "ca_bundle_file": "/test/bundle/file", "ignore_system_proxy": true}"#,
+        )
+        .unwrap();
+        Some(proxy_config)
+    }
+
+    const EXPECTED_INFRA_US: &str = r#"
+fleet_control:
+  endpoint: https://opamp.service.newrelic.com/v1/opamp
+  signature_validation:
+    public_key_server_url: https://publickeys.newrelic.com/r/blob-management/global/agentconfiguration/jwks.json
+  fleet_id: test-fleet-id
+  auth_config:
+    token_url: https://system-identity-oauth.service.newrelic.com/oauth2/token
+    client_id: test-client-id
+    provider: local
+    private_key_path: /path/to/private/key
+
+server:
+  enabled: true
+
+agents:
+  nr-infra:
+    agent_type: "newrelic/com.newrelic.infrastructure:0.1.0"
+"#;
+
+    const EXPECTED_OTEL_EU: &str = r#"
+fleet_control:
+  endpoint: https://opamp.service.eu.newrelic.com/v1/opamp
+  signature_validation:
+    public_key_server_url: https://publickeys.eu.newrelic.com/r/blob-management/global/agentconfiguration/jwks.json
+  fleet_id: test-fleet-id
+  auth_config:
+    token_url: https://system-identity-oauth.service.newrelic.com/oauth2/token
+    client_id: test-client-id
+    provider: local
+    private_key_path: /path/to/private/key
+
+server:
+  enabled: true
+
+agents:
+  nrdot:
+    agent_type: "newrelic/com.newrelic.opentelemetry.collector:0.1.0"
+"#;
+
+    const EXPECTED_NONE_STAGING: &str = r#"
+fleet_control:
+  endpoint: https://staging-service.newrelic.com/v1/opamp
+  signature_validation:
+    public_key_server_url: https://staging-publickeys.newrelic.com/r/blob-management/global/agentconfiguration/jwks.json
+  fleet_id: test-fleet-id
+  auth_config:
+    token_url: https://system-identity-oauth.staging-service.newrelic.com/oauth2/token
+    client_id: test-client-id
+    provider: local
+    private_key_path: /path/to/private/key
+
+server:
+  enabled: true
+
+agents: {}
+"#;
+
+    const EXPECTED_FLEET_DISABLED_INFRA: &str = r#"
+server:
+  enabled: true
+
+agents:
+  nr-infra:
+    agent_type: "newrelic/com.newrelic.infrastructure:0.1.0"
+"#;
+
+    const EXPECTED_INFRA_US_PROXY: &str = r#"
+fleet_control:
+  endpoint: https://opamp.service.newrelic.com/v1/opamp
+  signature_validation:
+    public_key_server_url: https://publickeys.newrelic.com/r/blob-management/global/agentconfiguration/jwks.json
+  fleet_id: test-fleet-id
+  auth_config:
+    token_url: https://system-identity-oauth.service.newrelic.com/oauth2/token
+    client_id: test-client-id
+    provider: local
+    private_key_path: /path/to/private/key
+
+server:
+  enabled: true
+
+proxy:
+  url: https://some.proxy.url/
+  ca_bundle_dir: /test/bundle/dir
+  ca_bundle_file: /test/bundle/file
+  ignore_system_proxy: true
+
+agents:
+  nr-infra:
+    agent_type: "newrelic/com.newrelic.infrastructure:0.1.0"
+"#;
 }