From 562338c1a5756dce01f5251a7b7fb343b4f0932f Mon Sep 17 00:00:00 2001
From: Philip-R-Beckwith <74079252+Philip-R-Beckwith@users.noreply.github.com>
Date: Fri, 31 Jan 2025 11:24:08 -0800
Subject: [PATCH] [NR eBPF Agent] Enable lookup for existing TLS certs. 
 (#1596)

<!--
Thank you for contributing to New Relic's Helm charts. Before you submit
this PR we'd like to
make sure you are aware of our technical requirements:

*
https://github.com/newrelic-experimental/helm-charts/blob/master/CONTRIBUTING.md#technical-requirements

For a quick overview across what we will look at reviewing your PR,
please read
our review guidelines:

*
https://github.com/newrelic-experimental/helm-charts/blob/master/REVIEW_GUIDELINES.md

Following our best practices right from the start will accelerate the
review process and
help get your PR merged quicker.

When updates to your PR are requested, please add new commits and do not
squash the
history. This will make it easier to identify new changes. The PR will
be squashed
anyways when it is merged. Thanks.

For fast feedback, please @-mention maintainers that are listed in the
Chart.yaml file.

Please make sure you test your changes before you push them. Once
pushed, a Github Action
will run across your changes and do some initial checks and linting.
These checks run
very quickly. Please check the results. We would like these checks to
pass before we
even continue reviewing your changes.
-->
#### Is this a new chart
No
#### What this PR does / why we need it:
Un-commenting some code that checks for existing certs before creating
new ones.
We can do this now that the version of helm has been bumped.

#### Which issue this PR fixes
*(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)`
format, will close that issue when PR gets merged)*
  - fixes #

#### Special notes for your reviewer:

#### Checklist
[Place an '[x]' (no spaces) in all applicable fields. Please remove
unrelated fields.]
- [x] Chart Version bumped
- [x] Variables are documented in the README.md
- [x] Title of the PR starts with chart name (e.g. `[mychartname]`)
---
 charts/nr-ebpf-agent/Chart.yaml         |  3 ++-
 charts/nr-ebpf-agent/templates/_tls.tpl | 15 +++++++--------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/charts/nr-ebpf-agent/Chart.yaml b/charts/nr-ebpf-agent/Chart.yaml
index 176e8c4e8..9ecf3496d 100644
--- a/charts/nr-ebpf-agent/Chart.yaml
+++ b/charts/nr-ebpf-agent/Chart.yaml
@@ -13,7 +13,8 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.16
+version: 0.1.17
+
 dependencies:
   - name: common-library
     version: 1.3.1
diff --git a/charts/nr-ebpf-agent/templates/_tls.tpl b/charts/nr-ebpf-agent/templates/_tls.tpl
index 3c2fb4dba..624d23b12 100644
--- a/charts/nr-ebpf-agent/templates/_tls.tpl
+++ b/charts/nr-ebpf-agent/templates/_tls.tpl
@@ -8,13 +8,12 @@ a cert is loaded from an existing secret or is provided via `.Values`
 {{- $clientCert := "" }}
 {{- $clientKey := "" }}
 {{- if .Values.tls.autoGenerateCert.enabled }}
-{{/*TODO Enable this section once the helm Chart repo supports the lookup function*/}}
-{{/*    {{- $prevSecret := (lookup "v1" "Secret" "" (include "nr-ebpf-agent-certificates.certificateSecret.name" . )) }}*/}}
-{{/*    {{- if and (not .Values.tls.autoGenerateCert.recreate) $prevSecret }}*/}}
-{{/*        {{- $clientCert = index $prevSecret "data" "tls.crt" }}*/}}
-{{/*        {{- $clientKey = index $prevSecret "data" "tls.key" }}*/}}
-{{/*        {{- $caCert = index $prevSecret "data" "ca.crt" }}*/}}
-{{/*    {{- else }}*/}}
+    {{- $prevSecret := (lookup "v1" "Secret" "" (include "nr-ebpf-agent-certificates.certificateSecret.name" . )) }}
+    {{- if and (not .Values.tls.autoGenerateCert.recreate) $prevSecret }}
+        {{- $clientCert = index $prevSecret "data" "tls.crt" }}
+        {{- $clientKey = index $prevSecret "data" "tls.key" }}
+        {{- $caCert = index $prevSecret "data" "ca.crt" }}
+    {{- else }}
         {{- $certValidity := int .Values.tls.autoGenerateCert.certPeriodDays | default 365 }}
         {{- $ca := genCA "nr-ebpf-agent-certificates-ca" $certValidity }}
         {{- $domain1 := printf "%s.%s.svc"  (include "nr-ebpf-agent.service.name" .) $.Release.Namespace }}
@@ -26,7 +25,7 @@ a cert is loaded from an existing secret or is provided via `.Values`
         {{- $clientCert = b64enc $cert.Cert }}
         {{- $clientKey = b64enc $cert.Key }}
         {{- $caCert = b64enc $ca.Cert }}
-{{/*    {{- end }}*/}}
+    {{- end }}
 {{- else }}
     {{- $clientCert = .Files.Get .Values.tls.certFile | b64enc }}
     {{- $clientKey = .Files.Get .Values.tls.keyFile | b64enc }}