newrelic · paologallinaharbur · Sep 25, 2025 · Sep 24, 2025 · Sep 24, 2025 · Sep 24, 2025
@@ -178,9 +178,8 @@ helm_resource(
   pod_readiness='ignore',
   flags=ac_flags,
   image_deps=['tilt.local/agent-control-dev', 'tilt.local/agent-control-cli-dev'],
-  image_keys=[('agent-control-deployment.image.registry', 'agent-control-deployment.image.repository', 'agent-control-deployment.image.tag'),
-              [('toolkitImage.registry', 'toolkitImage.repository', 'toolkitImage.tag'),
-              ('agent-control-cd.installer.image.registry', 'agent-control-cd.installer.image.repository', 'agent-control-cd.installer.image.tag')]],
+  image_keys=[('agentControlDeployment.chartValues.image.registry', 'agentControlDeployment.chartValues.image.repository', 'agentControlDeployment.chartValues.image.tag'),
+              [('toolkitImage.registry', 'toolkitImage.repository', 'toolkitImage.tag')]],
   resource_deps=ac_chart_deps
 )
 

@@ -13,7 +13,7 @@ pub mod signature;
 pub mod validators;
 
 /// Identifier key for the primary agent configuration within the OpAMP [opamp_client::opamp::proto::AgentConfigMap].
-pub const DEFAULT_AGENT_CONFIG_IDENTIFIER: &str = "configAgent";
+pub const DEFAULT_AGENT_CONFIG_IDENTIFIER: &str = "agentConfig";
 
 /// This structure represents the remote configuration that we would retrieve from a server via OpAMP.
 /// Contains identifying metadata and the actual configuration values

@@ -49,15 +49,13 @@ impl TryFrom<&str> for SigningAlgorithm {
         if let Some(rsa_algorithm) = parse_rsa_algorithm(s) {
             return Ok(rsa_algorithm);
         }
-        match s {
+        match s.to_uppercase().as_str() {
             ECDSA_P256_SHA256 => Ok(Self::ECDSA_P256_SHA256),
             ECDSA_P256_SHA384 => Ok(Self::ECDSA_P256_SHA384),
             ECDSA_P384_SHA256 => Ok(Self::ECDSA_P384_SHA256),
             ECDSA_P384_SHA384 => Ok(Self::ECDSA_P384_SHA384),
             ED25519 => Ok(Self::ED25519),
-            unsupported_algorithm => Err(SignatureError::UnsupportedAlgorithm(
-                unsupported_algorithm.to_string(),
-            )),
+            _unsupported_algorithm => Err(SignatureError::UnsupportedAlgorithm(s.to_string())),
         }
     }
 }
@@ -577,7 +575,7 @@ mod tests {
                                 },
                                 {
                                     "signature":  "fake",
-                                    "signingAlgorithm": "ED25519",
+                                    "signingAlgorithm": "Ed25519",
                                     "keyId":  "fake"
                                 },
                                 {

@@ -1,6 +1,7 @@
 use ring::digest;
 use std::fmt::Write;
 use thiserror::Error;
+use tracing::debug;
 use webpki::EndEntityCert;
 use x509_parser::prelude::{FromDer, X509Certificate};
 
@@ -40,7 +41,10 @@ impl Verifier for Certificate {
 
         certificate
             .verify_signature(signature_algorithm, msg, signature)
-            .map_err(|e| CertificateError::VerifySignature(e.to_string()))
+            .map_err(|e| CertificateError::VerifySignature(e.to_string()))?;
+        debug!("signature verification succeeded");
+
+        Ok(())
     }
 
     fn key_id(&self) -> &str {

@@ -1,3 +1,4 @@
+use crate::opamp::remote_config::signature;
 use crate::opamp::remote_config::signature::SigningAlgorithm;
 use crate::opamp::remote_config::validators::signature::public_key_fetcher::KeyData;
 use crate::opamp::remote_config::validators::signature::verifier::Verifier;
@@ -6,6 +7,7 @@ use base64::{Engine, prelude::BASE64_STANDARD};
 use ring::digest;
 use ring::signature::{ED25519, UnparsedPublicKey};
 use thiserror::Error;
+use tracing::debug;
 
 #[derive(Error, Debug)]
 pub enum PubKeyError {
@@ -23,7 +25,6 @@ pub struct PublicKey {
 
 const SUPPORTED_USE: &str = "sig";
 const SUPPORTED_KTY: &str = "OKP";
-const SUPPORTED_CRV: &str = "Ed25519";
 
 impl PublicKey {
     pub fn try_new(data: &KeyData) -> Result<Self, PubKeyError> {
@@ -36,7 +37,7 @@ impl PublicKey {
             ));
         }
 
-        if data.crv != SUPPORTED_CRV {
+        if data.crv.to_uppercase().as_str() != signature::ED25519 {
             return Err(PubKeyError::ParsePubKey(
                 "The only supported crv is Ed25519".to_string(),
             ));
@@ -81,7 +82,10 @@ impl Verifier for PublicKey {
             .verify(msg.as_bytes(), signature)
             .map_err(|_| {
                 PubKeyError::ValidatingSignature("signature verification failed".to_string())
-            })
+            })?;
+        debug!(%self.key_id, "signature verification succeeded");
+
+        Ok(())
     }
 
     fn key_id(&self) -> &str {

@@ -5,6 +5,7 @@ custom_test_key: appName
 scenarios:
   - description: Deploy SA with APM operator and Java, Python and Node.js agents
     before:
+      - echo The cluster name of the test is ${SCENARIO_TAG}
       - cd ../../../ && SA_CHART_VALUES_FILE="test/k8s-e2e/apm/ac-values-apm.yml" CLUSTER=${SCENARIO_TAG} USE_LATEST_FLUX=${USE_LATEST_FLUX} tilt ci
       # we need wait and retry since the resource might me not created yet
       - timeout 600s bash -c "until kubectl wait --for=jsonpath='{.status.readyReplicas}'=1 deploy/operator-k8s-agents-operator -n newrelic-agents; do sleep 5; echo waiting on operator ; done"
@@ -30,7 +31,7 @@ scenarios:
     after:
       - kubectl logs --tail=-1 -l app.kubernetes.io/name=agent-control --all-containers --prefix=true
       - kubectl logs --tail=-1 -l app.kubernetes.io/instance=operator --all-containers --prefix=true -n newrelic-agents
-      - kubectl get all -o wide
+      - kubectl get all -o wide --all-namespaces --show-labels
       - cd ../../../ && tilt down
     tests:
       nrqls:

@@ -5,13 +5,13 @@ custom_test_key: k8s.cluster.name
 scenarios:
   - description: Deploy SA with single k8s otel-collector
     before:
+      - echo The cluster name of the test is ${SCENARIO_TAG}
       - cd ../../../ && SA_CHART_VALUES_FILE="test/k8s-e2e/collector/ac-values-collector.yml" CLUSTER=${SCENARIO_TAG} USE_LATEST_FLUX=${USE_LATEST_FLUX} tilt ci
     after:
       - kubectl logs --tail=-1 -l app.kubernetes.io/name=agent-control --all-containers --prefix=true
       - kubectl logs --tail=-1 -l app.kubernetes.io/name=nr-k8s-otel-collector --all-containers --prefix=true -n newrelic-agents
-      - kubectl get all -o wide
+      - kubectl get all -o wide --all-namespaces --show-labels
       - kubectl get secrets --show-labels
-      - kubectl get all -o wide
       - kubectl get helmrelease
       - kubectl get helmchart
       - helm list -a -A

@@ -7,12 +7,13 @@ custom_test_key: cluster_name
 scenarios:
   - description: Asserts custom helm chart repo configuration works as expected
     before:
+      - echo The cluster name of the test is ${SCENARIO_TAG}
       - cd ../../../ && CHARTMUSEUM_BASIC_AUTH=true SA_CHART_VALUES_FILE="test/k8s-e2e/custom-repo/ac-values-custom-repo.yml" CLUSTER=${SCENARIO_TAG} USE_LATEST_FLUX=${USE_LATEST_FLUX} tilt ci
     after:
       - kubectl logs --tail=-1 -l app.kubernetes.io/name=agent-control --all-containers --prefix=true
       - kubectl logs --tail=-1 -l app.kubernetes.io/instance=prometheus --all-containers --prefix=true -n newrelic-agents
       - kubectl get secrets --show-labels
-      - kubectl get all -o wide
+      - kubectl get all -o wide --all-namespaces --show-labels
       - kubectl get helmrelease
       - kubectl get helmchart
       - helm list -a -A

@@ -5,13 +5,14 @@ custom_test_key: cluster_name
 scenarios:
   - description: Deploy all infra agents
     before:
+      - echo The cluster name of the test is ${SCENARIO_TAG}
       - kubectl create configmap dynamic-agent --from-file=logging=./dynamic-agent-type-logging.yml
       - cd ../../../ && SA_CHART_VALUES_FILE="test/k8s-e2e/dynamic/ac-values-dynamic.yml" CLUSTER=${SCENARIO_TAG} USE_LATEST_FLUX=${USE_LATEST_FLUX} tilt ci
     after:
       - kubectl logs --tail=-1 -l app.kubernetes.io/name=agent-control --all-containers --prefix=true
       - kubectl logs --tail=-1 -l app.kubernetes.io/name=newrelic-logging --all-containers --prefix=true -n newrelic-agents
       - kubectl get secrets --show-labels
-      - kubectl get all -o wide
+      - kubectl get all -o wide --all-namespaces --show-labels
       - kubectl get helmrelease
       - kubectl get gitrepository
       - kubectl get helmchart

@@ -5,6 +5,7 @@ custom_test_key: k8s.cluster.name
 scenarios:
   - description: Deploy eBPF Agent
     before:
+      - echo The cluster name of the test is ${SCENARIO_TAG}
       - cd ../../../ && SA_CHART_VALUES_FILE="test/k8s-e2e/ebpf/ac-values-ebpf.yml" CLUSTER=${SCENARIO_TAG} USE_LATEST_FLUX=${USE_LATEST_FLUX} tilt ci
     after:
       - kubectl logs --tail=-1 -l app.kubernetes.io/name=agent-control --all-containers --prefix=true

@@ -5,15 +5,15 @@ custom_test_key: cluster_name
 scenarios:
   - description: Deploy all infra agents
     before:
+      - echo The cluster name of the test is ${SCENARIO_TAG}
       - kubectl get secret sys-identity || kubectl create secret generic sys-identity --from-literal=CLIENT_ID="${NR_SYSTEM_IDENTITY_CLIENT_ID}" --from-literal=private_key="${NR_SYSTEM_IDENTITY_PRIVATE_KEY}"
       - cd ../../../ && SA_CHART_VALUES_FILE="test/k8s-e2e/fleet-control/ac-values-fleet-control.yml" CLUSTER=${SCENARIO_TAG} USE_LATEST_FLUX=${USE_LATEST_FLUX} tilt ci
     after:
       - kubectl logs --tail=-1 -l app.kubernetes.io/name=agent-control --all-containers --prefix=true
-      - kubectl logs --tail=-1 -l app.kubernetes.io/instance=infra --all-containers --prefix=true -n newrelic-agents
-      - kubectl logs --tail=-1 -l app.kubernetes.io/instance=prometheus --all-containers --prefix=true -n newrelic-agents
-      - kubectl logs --tail=-1 -l app.kubernetes.io/name=newrelic-logging --all-containers --prefix=true -n newrelic-agents
+      - kubectl logs --tail=-1 -l app.kubernetes.io/instance=nr-infra --all-containers --prefix=true -n newrelic-agents
       - kubectl get secrets --show-labels
-      - kubectl get all -o wide
+      - kubectl get configmap
+      - kubectl get all -o wide --all-namespaces --show-labels
       - kubectl get helmrelease
       - kubectl get helmchart
       - helm list -a -A

@@ -5,14 +5,15 @@ custom_test_key: cluster_name
 scenarios:
   - description: Deploy all infra agents
     before:
+      - echo The cluster name of the test is ${SCENARIO_TAG}
       - cd ../../../ && SA_CHART_VALUES_FILE="test/k8s-e2e/infra/ac-values-infra.yml" CLUSTER=${SCENARIO_TAG} USE_LATEST_FLUX=${USE_LATEST_FLUX} tilt ci
     after:
       - kubectl logs --tail=-1 -l app.kubernetes.io/name=agent-control --all-containers --prefix=true
-      - kubectl logs --tail=-1 -l app.kubernetes.io/instance=infra --all-containers --prefix=true -n newrelic-agents
+      - kubectl logs --tail=-1 -l app.kubernetes.io/instance=nr-infra --all-containers --prefix=true -n newrelic-agents
       - kubectl logs --tail=-1 -l app.kubernetes.io/instance=prometheus --all-containers --prefix=true -n newrelic-agents
       - kubectl logs --tail=-1 -l app.kubernetes.io/name=newrelic-logging --all-containers --prefix=true -n newrelic-agents
       - kubectl get secrets --show-labels
-      - kubectl get all -o wide
+      - kubectl get all -o wide --all-namespaces --show-labels
       - kubectl get helmrelease
       - kubectl get helmchart
       - helm list -a -A

@@ -5,6 +5,7 @@ custom_test_key: cluster_name
 scenarios:
   - description: Deploy all infra agents
     before:
+      - echo The cluster name of the test is ${SCENARIO_TAG}
       # Deploys a Networkpolicy that forces all external req to go through the proxy in the current namespace.
       - kubectl apply -f ./proxy.yaml
       - kubectl wait --for=condition=complete --timeout=60s job/assert-policy-proxy
@@ -22,7 +23,7 @@ scenarios:
       - kubectl logs --tail=-1 -l job-name=agent-control-generate-system-identity --all-containers --prefix=true
       - kubectl get secrets --show-labels
       - kubectl get pods -o yaml
-      - kubectl get all -o wide  --show-labels
+      - kubectl get all -o wide --all-namespaces  --show-labels
       - kubectl get helmrelease
       - kubectl get helmchart
       - helm list -a -A