From 5cbfb7d7d69470f51a5a6738c1ddd2b4accd1621 Mon Sep 17 00:00:00 2001 From: "andrew.duthie" Date: Thu, 30 Jan 2025 16:46:51 +0000 Subject: [PATCH] Log URL and response body for failed issuer request * Log URL and response body for failed issuer request * Sync Rubocop TargetRubyVersion to .ruby-version See merge request lg/identity-pki!64 --- .rubocop.yml | 2 +- app/services/issuing_ca_service.rb | 18 ++++++++++-- spec/services/issuing_ca_service_spec.rb | 35 +++++++++++++++++++++--- 3 files changed, 47 insertions(+), 8 deletions(-) diff --git a/.rubocop.yml b/.rubocop.yml index 214f826eb..fdfc0f024 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -19,7 +19,7 @@ AllCops: - "lib/deploy/*" - "node_modules/**/*" - "vendor/**/*" - TargetRubyVersion: 3.0 + TargetRubyVersion: 3.3 TargetRailsVersion: 6.1 UseCache: true DisabledByDefault: true diff --git a/app/services/issuing_ca_service.rb b/app/services/issuing_ca_service.rb index bba8cef32..7a32ef399 100644 --- a/app/services/issuing_ca_service.rb +++ b/app/services/issuing_ca_service.rb @@ -67,11 +67,23 @@ def self.fetch_certificates(issuer_uri) if response.kind_of?(Net::HTTPSuccess) OpenSSL::PKCS7.new(response.body).certificates || [] else - NewRelic::Agent.notice_error(UnexpectedPKCS7Response.new(response.body)) + NewRelic::Agent.notice_error( + UnexpectedPKCS7Response.new(response.body), + custom_params: { issuer_uri: issuer_uri.to_s }, + ) + [] end - rescue OpenSSL::PKCS7::PKCS7Error, ArgumentError, Errno::ECONNREFUSED, Net::ReadTimeout, Net::OpenTimeout => e - NewRelic::Agent.notice_error(e) + rescue OpenSSL::PKCS7::PKCS7Error, + ArgumentError, + Errno::ECONNREFUSED, + Net::ReadTimeout, + Net::OpenTimeout => error + NewRelic::Agent.notice_error( + error, + custom_params: { issuer_uri: issuer_uri.to_s, response_body: response&.body }, + ) + [] end diff --git a/spec/services/issuing_ca_service_spec.rb b/spec/services/issuing_ca_service_spec.rb index 319cfb1fd..d5f8242fb 100644 --- a/spec/services/issuing_ca_service_spec.rb +++ b/spec/services/issuing_ca_service_spec.rb @@ -56,11 +56,32 @@ context 'when there is an HTTP error fetching the certificate' do it 'returns nil and logs the error' do - stub_request(:get, 'http://example.com').to_return(status: [500, 'Internal Server Error']) + stub_request(:get, 'http://example.com/').to_return( + status: [500, 'Internal Server Error'], + body: 'Internal Server Error', + ) certificate = certificates_in_collection(certificate_set, :type, :leaf).first expect(NewRelic::Agent).to receive(:notice_error).with( - IssuingCaService::UnexpectedPKCS7Response + IssuingCaService::UnexpectedPKCS7Response.new('Internal Server Error'), + custom_params: { issuer_uri: 'http://example.com/' }, + ) + fetched_cert = described_class.fetch_signing_key_for_cert(certificate) + expect(fetched_cert).to eq nil + end + end + + context 'when there is an HTTP timeout fetching the certificate' do + it 'returns nil and logs the error' do + stub_request(:get, 'http://example.com/').to_timeout + + certificate = certificates_in_collection(certificate_set, :type, :leaf).first + expect(NewRelic::Agent).to receive(:notice_error).with( + Net::OpenTimeout, + custom_params: { + issuer_uri: 'http://example.com/', + response_body: nil, + }, ) fetched_cert = described_class.fetch_signing_key_for_cert(certificate) expect(fetched_cert).to eq nil @@ -69,10 +90,16 @@ context 'when the PKCS7 response is invalid' do it 'returns nil and logs the error' do - stub_request(:get, 'http://example.com').to_return(body: 'bad pkcs7 response') + stub_request(:get, 'http://example.com/').to_return(body: 'bad pkcs7 response') certificate = certificates_in_collection(certificate_set, :type, :leaf).first - expect(NewRelic::Agent).to receive(:notice_error).with(ArgumentError) + expect(NewRelic::Agent).to receive(:notice_error).with( + ArgumentError, + custom_params: { + issuer_uri: 'http://example.com/', + response_body: 'bad pkcs7 response', + }, + ) fetched_cert = described_class.fetch_signing_key_for_cert(certificate) expect(fetched_cert).to eq nil end