def install(
aws_profile,
aws_region,
aws_permissions_check,
aws_role_policy,
linked_account_name,
nr_account_id,
nr_api_key,
nr_region,
):
"""Install New Relic AWS Lambda Integration"""
session = boto3.Session(profile_name=aws_profile, region_name=aws_region)
if aws_permissions_check:
permissions.ensure_integration_install_permissions(session)
click.echo("Validating New Relic credentials")
gql_client = api.validate_gql_credentials(nr_account_id, nr_api_key,
nr_region)
click.echo("Retrieving integration license key")
nr_license_key = api.retrieve_license_key(gql_client)
click.echo("Checking for a pre-existing link between New Relic and AWS")
integrations.validate_linked_account(session, gql_client,
linked_account_name)
click.echo(
"Creating the AWS role for the New Relic AWS Lambda Integration")
role = integrations.create_integration_role(session, aws_role_policy,
nr_account_id)
install_success = False
if role:
click.echo("Linking New Relic account to AWS account")
api.create_integration_account(gql_client, nr_account_id,
linked_account_name, role)
click.echo(
"Enabling Lambda integration on the link between New Relic and AWS"
)
install_success = api.enable_lambda_integration(
gql_client, nr_account_id, linked_account_name)
click.echo(
"Creating newrelic-log-ingestion Lambda function in AWS account")
install_success = install_success and integrations.install_log_ingestion(
session, nr_license_key)
if install_success:
done("Install Complete")
else:
failure("Install Incomplete. See messages above for details.")
def install(input, function_arn):
assert isinstance(input, LayerInstall)
client = input.session.client("lambda")
config = get_function(input.session, function_arn)
if not config:
failure("Could not find function: %s" % function_arn)
return False
policy_arn = _get_license_key_policy_arn(input.session)
if input.enable_extension and not policy_arn and not input.nr_api_key:
raise click.UsageError(
"In order to use `--enable-extension`, you must first run "
"`newrelic-lambda integrations install` with the "
"`--enable-license-key-secret` flag. This uses AWS Secrets Manager "
"to securely store your New Relic license key in your AWS account. "
"If you are unable to use AWS Secrets Manager, re-run this command with "
"`--nr-api-key` argument with your New Relic API key to set your license "
"key in a NEW_RELIC_LICENSE_KEY environment variable instead.")
nr_license_key = None
if not policy_arn and input.nr_api_key and input.nr_region:
gql = api.validate_gql_credentials(input)
nr_license_key = api.retrieve_license_key(gql)
update_kwargs = _add_new_relic(input, config, nr_license_key)
if not update_kwargs or not isinstance(update_kwargs, dict):
return False
try:
res = client.update_function_configuration(**update_kwargs)
except botocore.exceptions.ClientError as e:
failure("Failed to update configuration for '%s': %s" %
(config["Configuration"]["FunctionArn"], e))
return False
else:
if input.enable_extension and policy_arn:
_attach_license_key_policy(input.session,
config["Configuration"]["Role"],
policy_arn)
if input.enable_extension_function_logs:
subscriptions.remove_log_subscription(input, function_arn)
if input.verbose:
click.echo(json.dumps(res, indent=2))
success("Successfully installed layer on %s" % function_arn)
return True
def install(ctx, **kwargs):
"""Install New Relic AWS Lambda Integration"""
input = IntegrationInstall(session=None, verbose=ctx.obj["VERBOSE"], **kwargs)
input = input._replace(
session=boto3.Session(
profile_name=input.aws_profile, region_name=input.aws_region
)
)
if not input.linked_account_name:
input = input._replace(
linked_account_name=(
"New Relic Lambda Integration - %s"
% integrations.get_aws_account_id(input.session)
)
)
if input.aws_permissions_check:
permissions.ensure_integration_install_permissions(input)
click.echo("Validating New Relic credentials")
gql_client = api.validate_gql_credentials(input)
click.echo("Retrieving integration license key")
nr_license_key = api.retrieve_license_key(gql_client)
click.echo("Checking for a pre-existing link between New Relic and AWS")
integrations.validate_linked_account(gql_client, input)
install_success = True
click.echo("Creating the AWS role for the New Relic AWS Lambda Integration")
role = integrations.create_integration_role(input)
install_success = install_success and role
if role:
click.echo("Linking New Relic account to AWS account")
res = api.create_integration_account(gql_client, input, role)
install_success = res and install_success
click.echo("Enabling Lambda integration on the link between New Relic and AWS")
res = api.enable_lambda_integration(gql_client, input)
install_success = res and install_success
if input.enable_license_key_secret:
click.echo("Creating the managed secret for the New Relic License Key")
res = integrations.install_license_key(input, nr_license_key)
install_success = install_success and res
if input.enable_cw_ingest:
click.echo("Creating newrelic-log-ingestion Lambda function in AWS account")
res = integrations.install_log_ingestion(input, nr_license_key)
install_success = res and install_success
if install_success:
done("Install Complete")
if input.verbose:
click.echo(
"\nNext steps: Add the New Relic layers to your Lambda functions with "
"the below command.\n"
)
command = [
"$",
"newrelic-lambda",
"layers",
"install",
"--function",
"all",
"--nr-account-id",
input.nr_account_id,
]
if input.aws_profile:
command.append("--aws-profile %s" % input.aws_profile)
if input.aws_region:
command.append("--aws-region %s" % input.aws_region)
click.echo(" ".join(command))
else:
failure("Install Incomplete. See messages above for details.", exit=True)
def install(input, function_arn):
assert isinstance(input, LayerInstall)
client = input.session.client("lambda")
config = get_function(input.session, function_arn)
if not config:
failure("Could not find function: %s" % function_arn)
return False
nr_account_id, policy_arn = _get_license_key_outputs(input.session)
# If a managed secret exists but it was created with a different NR account
# id and license key We want to notify the user and point them to
# documentation on how to proceed.
if (policy_arn and nr_account_id
and nr_account_id != str(input.nr_account_id)
and not input.nr_api_key):
raise click.UsageError(
"A managed secret already exists in this region for New Relic account {0}. "
"Creating one managed secret per region is currently supported via "
"the cli. To set up an additional secret for New Relic account {1} "
"see our docs:\n{2}.\n"
"Or you can re-run this command with "
"`--nr-api-key` argument with your New Relic API key to set your license "
"key in a NEW_RELIC_LICENSE_KEY environment variable instead.".
format(nr_account_id, input.nr_account_id,
utils.NR_DOCS_ACT_LINKING_URL))
if input.enable_extension and not policy_arn and not input.nr_api_key:
raise click.UsageError(
"In order to use `--enable-extension`, you must first run "
"`newrelic-lambda integrations install` with the "
"`--enable-license-key-secret` flag. This uses AWS Secrets Manager "
"to securely store your New Relic license key in your AWS account. "
"If you are unable to use AWS Secrets Manager, re-run this command with "
"`--nr-api-key` argument with your New Relic API key to set your license "
"key in a NEW_RELIC_LICENSE_KEY environment variable instead.")
nr_license_key = None
if (not policy_arn or nr_account_id != str(input.nr_account_id)
and input.nr_api_key and input.nr_region):
gql = api.validate_gql_credentials(input)
nr_license_key = api.retrieve_license_key(gql)
update_kwargs = _add_new_relic(input, config, nr_license_key)
if isinstance(update_kwargs, bool):
return update_kwargs
try:
res = client.update_function_configuration(**update_kwargs)
except botocore.exceptions.ClientError as e:
failure("Failed to update configuration for '%s': %s" %
(config["Configuration"]["FunctionArn"], e))
return False
else:
if input.enable_extension and policy_arn:
_attach_license_key_policy(input.session,
config["Configuration"]["Role"],
policy_arn)
if input.enable_extension_function_logs:
subscriptions.remove_log_subscription(input, function_arn)
if input.verbose:
click.echo(json.dumps(res, indent=2))
success("Successfully installed layer on %s" % function_arn)
return True
