Changed command order execution to get the TOKEN

[davidcr01]

Description

Related: #51
Complementary PR of: #52

The aim of this PR is to change the order of the token API fetch in the manager_checkService function. Now, the function will do the following:

• Check if the API is ready to receive petitions.
• Get the TOKEN with the changed credentials when necessary

This PR was originated to fix the following behavior: if the API was not ready to receive requests, the TOKEN variable was empty, and in case the Wazuh manager node was a worker, the credentials were not changed. Then, the TOKEN could not be fetched: https://github.com/wazuh/wazuh-installation-assistant/actions/runs/10832984133/job/30058653961

api_password="wazuh-wui"
token_command="curl ..."
TOKEN=$(eval "${token_command}")

# As the API is not ready, TOKEN here would be empty 
# TOKEN=""
# As TOKEN is empty, the if block is ignored, so the credential change is not executed.
if [[ "${TOKEN}" =~ "Invalid credentials" && "${server_node_types[pos]}" == "worker" ]]; then
    api_password=$(tar ...)
    token_command="curl ..."
    TOKEN=$(eval "${token_command}")
fi

# As TOKEN is empty, the while block is executed, but with the wrong credentials. 
# TOKEN gets "Invalid Credentials" as value and the API petition can not be done
while [[ -z "${TOKEN}" && "${attempt}" -lt "${max_attempts}" ]]; do
    attempt=$((attempt+1))
    common_logger "Attempt $attempt: Checking the Wazuh API to be ready"
    sleep "${seconds}"
    TOKEN=$(eval "${token_command}")
done

# This petition fails because TOKEN is not valid
wm_error=$(curl -k -s -X GET "https://127.0.0.1:55000/agents/outdated?pretty=true" -H "Authorization: Bearer ${TOKEN}")

Note

Notice that, in the mentioned GHA run, one of the worker nodes could get the TOKEN, but the other one couldn't because of the mentioned behavior

This PR changes the order in which these commands are executed:

• First, the while loop is executed, checking that the API is ready. In case a worker node is being installed, the TOKEN would have Invalid credentials value. In another case, the TOKEN would be correctly fetched.
• Secondly, if the TOKEN has Invalid credentials value, the credentials are changed and the TOKEN is requested again, with the correct credentials, and also, ensuring that the API is ready.

# Wait for the API to be ready 
while [[ -z "${TOKEN}" && "${attempt}" -lt "${max_attempts}" ]]; do
    attempt=$((attempt+1))
    common_logger "Attempt $attempt: Checking the Wazuh API to be ready"
    sleep "${seconds}"
    TOKEN=$(eval "${token_command}")
done
common_logger "Wazuh API is ready to receive requests."

# Change curl credentials in case the master node has changed the passwords 
if [[ "${TOKEN}" =~ "Invalid credentials" && "${server_node_types[pos]}" == "worker" ]]; then
    api_password=$(tar ...)
    token_command="curl ..."
    TOKEN=$(eval "${token_command}")
fi

Testing

The testing was performed using the GHAs:

• Testing the distributed installation: https://github.com/wazuh/wazuh-installation-assistant/actions/runs/10833326420/job/30059832055
• Testing the AIO installation (CentOS, Ubuntu, RHEL): https://github.com/wazuh/wazuh-installation-assistant/actions/runs/10834008192