From a443689b5a29d4051e24194edb6040ddab99ebe7 Mon Sep 17 00:00:00 2001
From: jjllee <jjllee@amazon.com>
Date: Mon, 25 Nov 2024 13:03:46 -0800
Subject: [PATCH] wip additions

---
 .github/workflows/java-eks-otlp-ocb-test.yml  | 10 +--
 .../util/enable-app-signals-ocb.sh            | 68 +++++++++++++++++++
 2 files changed, 69 insertions(+), 9 deletions(-)
 create mode 100755 terraform/java/eks-otlp-ocb/util/enable-app-signals-ocb.sh

diff --git a/.github/workflows/java-eks-otlp-ocb-test.yml b/.github/workflows/java-eks-otlp-ocb-test.yml
index cac1edbf..64fc92f2 100644
--- a/.github/workflows/java-eks-otlp-ocb-test.yml
+++ b/.github/workflows/java-eks-otlp-ocb-test.yml
@@ -90,14 +90,6 @@ jobs:
           max_retry: 3
           sleep_time: 60
 
-      - name: Download enablement script
-        uses: ./.github/workflows/actions/execute_and_retry
-        with:
-          pre-command: "mkdir enablement-script && cd enablement-script"
-          command: "wget https://raw.githubusercontent.com/jj22ee/application-signals-demo/refs/heads/ocb/scripts/eks/appsignals/enable-app-signals-ocb.sh"
-          cleanup: "rm -f enable-app-signals-ocb.sh"
-          post-command: "chmod +x enable-app-signals-ocb.sh"
-
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v4
         with:
@@ -192,7 +184,7 @@ jobs:
       - name: Install OTel Operator using enablement script
         uses: ./.github/workflows/actions/execute_and_retry
         with:
-          command: "${{ env.TEST_RESOURCES_FOLDER }}/enablement-script/enable-app-signals-ocb.sh \
+          command: "${{ env.TEST_RESOURCES_FOLDER }}/terraform/java/eks-otlp-ocb/util/enable-app-signals-ocb.sh \
             ${{ env.CLUSTER_NAME }} \
             ${{ env.E2E_TEST_AWS_REGION }} \
             ${{ env.SAMPLE_APP_NAMESPACE }}"
diff --git a/terraform/java/eks-otlp-ocb/util/enable-app-signals-ocb.sh b/terraform/java/eks-otlp-ocb/util/enable-app-signals-ocb.sh
new file mode 100755
index 00000000..71a38a4f
--- /dev/null
+++ b/terraform/java/eks-otlp-ocb/util/enable-app-signals-ocb.sh
@@ -0,0 +1,68 @@
+#!/usr/bin/env bash
+
+cd "$(dirname "$0")"
+
+CLUSTER_NAME=$1
+REGION=$2
+NAMESPACE=${3:-default}
+echo "Enabling Application Signals for EKS Cluster ${CLUSTER_NAME} in ${REGION} for namespace ${NAMESPACE}"
+
+# Check if the current context points to the new cluster in the correct region
+kub_config=$(kubectl config current-context)
+if [[ $kub_config != *"$CLUSTER_NAME"* ]] || [[ $kub_config != *"$REGION"* ]]; then
+    echo "Your current cluster context is not set to $CLUSTER_NAME $REGION. Please switch to the correct context first before running this script"
+    exit 1
+fi
+
+check_if_step_failed_and_exit() {
+  if [ $? -ne 0 ]; then
+    echo $1
+    exit 1
+  fi
+}
+
+check_if_loop_failed_and_exit() {
+  if [ $1 -ne 0 ]; then
+    echo $2
+    exit 1
+  fi
+}
+
+# Check if the namespace exists
+kubectl get namespace $NAMESPACE > /dev/null 2>&1
+
+# $? is a special variable that stores the exit status of the last command
+if [ $? -ne 0 ]; then
+  # If namespace does not exist, create it
+  echo "Namespace '$NAMESPACE' does not exist. Creating it..."
+  kubectl create namespace $NAMESPACE
+else
+  # If namespace exists, print a message
+  echo "Namespace '$NAMESPACE' already exists."
+fi
+
+# Create service linked role in the account
+aws iam create-service-linked-role --aws-service-name application-signals.cloudwatch.amazonaws.com
+
+# Enable OIDC to allow IAM role authN/Z with service account
+eksctl utils associate-iam-oidc-provider --cluster ${CLUSTER_NAME} --region ${REGION} --approve
+check_if_step_failed_and_exit "There was an error enabling the OIDC, exiting"
+
+# Create Service Account with the proper IAM permissions
+echo "Creating ServiceAccount"
+eksctl create iamserviceaccount \
+      --name appsignals-collector \
+      --namespace ${NAMESPACE} \
+      --cluster ${CLUSTER_NAME} \
+      --region ${REGION} \
+      --attach-policy-arn arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess \
+      --attach-policy-arn arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy \
+      --attach-policy-arn arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy \
+      --approve \
+      --override-existing-serviceaccounts
+check_if_step_failed_and_exit "There was an error creating the ServiceAccount, exiting"
+
+
+# Install OpenTelemetry Operator
+kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.12.0/cert-manager.yaml
+kubectl apply -f https://github.com/open-telemetry/opentelemetry-operator/releases/latest/download/opentelemetry-operator.yaml