def install(
aws_profile,
aws_region,
aws_permissions_check,
aws_role_policy,
linked_account_name,
nr_account_id,
nr_api_key,
nr_region,
):
"""Install New Relic AWS Lambda Integration"""
session = boto3.Session(profile_name=aws_profile, region_name=aws_region)
if aws_permissions_check:
permissions.ensure_integration_install_permissions(session)
click.echo("Validating New Relic credentials")
gql_client = api.validate_gql_credentials(nr_account_id, nr_api_key,
nr_region)
click.echo("Retrieving integration license key")
nr_license_key = api.retrieve_license_key(gql_client)
click.echo("Checking for a pre-existing link between New Relic and AWS")
integrations.validate_linked_account(session, gql_client,
linked_account_name)
click.echo(
"Creating the AWS role for the New Relic AWS Lambda Integration")
role = integrations.create_integration_role(session, aws_role_policy,
nr_account_id)
install_success = False
if role:
click.echo("Linking New Relic account to AWS account")
api.create_integration_account(gql_client, nr_account_id,
linked_account_name, role)
click.echo(
"Enabling Lambda integration on the link between New Relic and AWS"
)
install_success = api.enable_lambda_integration(
gql_client, nr_account_id, linked_account_name)
click.echo(
"Creating newrelic-log-ingestion Lambda function in AWS account")
install_success = install_success and integrations.install_log_ingestion(
session, nr_license_key)
if install_success:
done("Install Complete")
else:
failure("Install Incomplete. See messages above for details.")
def install(ctx, **kwargs):
"""Install New Relic AWS Lambda Integration"""
input = IntegrationInstall(session=None, verbose=ctx.obj["VERBOSE"], **kwargs)
input = input._replace(
session=boto3.Session(
profile_name=input.aws_profile, region_name=input.aws_region
)
)
if not input.linked_account_name:
input = input._replace(
linked_account_name=(
"New Relic Lambda Integration - %s"
% integrations.get_aws_account_id(input.session)
)
)
if input.aws_permissions_check:
permissions.ensure_integration_install_permissions(input)
click.echo("Validating New Relic credentials")
gql_client = api.validate_gql_credentials(input)
click.echo("Retrieving integration license key")
nr_license_key = api.retrieve_license_key(gql_client)
click.echo("Checking for a pre-existing link between New Relic and AWS")
integrations.validate_linked_account(gql_client, input)
install_success = True
click.echo("Creating the AWS role for the New Relic AWS Lambda Integration")
role = integrations.create_integration_role(input)
install_success = install_success and role
if role:
click.echo("Linking New Relic account to AWS account")
res = api.create_integration_account(gql_client, input, role)
install_success = res and install_success
click.echo("Enabling Lambda integration on the link between New Relic and AWS")
res = api.enable_lambda_integration(gql_client, input)
install_success = res and install_success
if input.enable_license_key_secret:
click.echo("Creating the managed secret for the New Relic License Key")
res = integrations.install_license_key(input, nr_license_key)
install_success = install_success and res
if input.enable_cw_ingest:
click.echo("Creating newrelic-log-ingestion Lambda function in AWS account")
res = integrations.install_log_ingestion(input, nr_license_key)
install_success = res and install_success
if install_success:
done("Install Complete")
if input.verbose:
click.echo(
"\nNext steps: Add the New Relic layers to your Lambda functions with "
"the below command.\n"
)
command = [
"$",
"newrelic-lambda",
"layers",
"install",
"--function",
"all",
"--nr-account-id",
input.nr_account_id,
]
if input.aws_profile:
command.append("--aws-profile %s" % input.aws_profile)
if input.aws_region:
command.append("--aws-region %s" % input.aws_region)
click.echo(" ".join(command))
else:
failure("Install Incomplete. See messages above for details.", exit=True)
def test_enable_lambda_integration():
mock_gql = NewRelicGQL("123456789", "foobar")
mock_gql.query = Mock(
return_value={"actor": {
"account": {
"cloud": {
"linkedAccounts": []
}
}
}}, )
input = integration_install(nr_account_id=123456789,
linked_account_name="Foo Bar")
assert enable_lambda_integration(mock_gql, input, 123456789) is False
mock_gql.query = Mock(side_effect=(
{
"actor": {
"account": {
"cloud": {
"linkedAccounts": [{
"authLabel": "arn:aws:iam::123456789:role/FooBar",
"externalId": "123456789",
"id": 123456789,
"name": "Foo Bar",
}]
}
}
}
},
{
"actor": {
"account": {
"cloud": {
"linkedAccount": {
"integrations": [{
"service": {
"isEnabled": True,
"slug": "lambda"
}
}]
}
}
},
}
},
))
assert enable_lambda_integration(mock_gql, input, 123456789) is True
mock_gql.query = Mock(side_effect=(
{
"actor": {
"account": {
"cloud": {
"linkedAccounts": [{
"authLabel": "arn:aws:iam::123456789:role/FooBar",
"externalId": "123456789",
"id": 123456789,
"name": "Foo Bar",
}]
}
}
}
},
{
"actor": {
"account": {
"cloud": {
"linkedAccount": {
"integrations": []
}
}
},
}
},
{
"cloudConfigureIntegration": {
"integrations": [{
"id": 123456789,
"name": "Foo Bar",
"service": {
"isEnabled": True,
"slug": "lambda"
},
}]
}
},
))
assert enable_lambda_integration(mock_gql, input, 123456789) is True
def test_enable_lambda_integration():
mock_gql = NewRelicGQL("123456789", "foobar")
mock_gql.query = Mock(
return_value={"actor": {
"account": {
"cloud": {
"linkedAccounts": []
}
}
}}, )
input = integration_install(nr_account_id=123456789,
linked_account_name="Foo Bar")
lambda_enabled = enable_lambda_integration(mock_gql, input, 123456789)
assert (lambda_enabled is
False), "Account should be linked to enable the lambda integration"
assert mock_gql.query.call_count == 1
mock_gql.query = Mock(side_effect=({
"actor": {
"account": {
"cloud": {
"linkedAccounts": [{
"authLabel": "arn:aws:iam::123456789:role/FooBar",
"externalId": "123456789",
"id": 123456789,
"name": "Foo Bar",
"metricCollectionMode": "PUSH",
}]
}
}
}
}, ))
lambda_enabled = enable_lambda_integration(mock_gql, input, 123456789)
assert mock_gql.query.call_count == 1
assert (
lambda_enabled is True
), "Accounts in PUSH mode (using Cloudwatch Metrics stream) should already have the Lambda integration enabled"
mock_gql.query = Mock(side_effect=(
{
"actor": {
"account": {
"cloud": {
"linkedAccounts": [{
"authLabel": "arn:aws:iam::123456789:role/FooBar",
"externalId": "123456789",
"id": 123456789,
"name": "Foo Bar",
"metricCollectionMode": "PULL",
}]
}
}
}
},
{
"actor": {
"account": {
"cloud": {
"linkedAccount": {
"integrations": [{
"service": {
"isEnabled": True,
"slug": "lambda"
}
}]
}
}
},
}
},
))
lambda_enabled = enable_lambda_integration(mock_gql, input, 123456789)
assert mock_gql.query.call_count == 2
assert (
lambda_enabled is True
), "Account is linked and already has the lambda integration enabled"
mock_gql.query = Mock(side_effect=(
{
"actor": {
"account": {
"cloud": {
"linkedAccounts": [{
"authLabel": "arn:aws:iam::123456789:role/FooBar",
"externalId": "123456789",
"id": 123456789,
"name": "Foo Bar",
"metricCollectionMode": "PULL",
}]
}
}
}
},
{
"actor": {
"account": {
"cloud": {
"linkedAccount": {
"integrations": []
}
}
},
}
},
{
"cloudConfigureIntegration": {
"integrations": [{
"id": 123456789,
"name": "Foo Bar",
"service": {
"isEnabled": True,
"slug": "lambda"
},
}]
}
},
))
lambda_enabled = enable_lambda_integration(mock_gql, input, 123456789)
assert mock_gql.query.call_count == 3
assert (
lambda_enabled is True
), "Account is linked but didn't have the lambda integration enabled, so it should be configured"