diff --git a/atst/domain/authnid/crl/__init__.py b/atst/domain/authnid/crl/__init__.py index 6a5addd2..7865ef14 100644 --- a/atst/domain/authnid/crl/__init__.py +++ b/atst/domain/authnid/crl/__init__.py @@ -33,7 +33,7 @@ class CRLInterface: def _log(self, message, level=logging.INFO): if self.logger: - self.logger.log(level, message, extras={"tags": ["authorization", "crl"]}) + self.logger.log(level, message, extra={"tags": ["authorization", "crl"]}) def crl_check(self, cert): raise NotImplementedError() diff --git a/atst/domain/authnid/crl/util.py b/atst/domain/authnid/crl/util.py index 408a0d63..e9bc74fb 100644 --- a/atst/domain/authnid/crl/util.py +++ b/atst/domain/authnid/crl/util.py @@ -4,6 +4,11 @@ import os import pendulum import requests + +class CRLNotFoundError(Exception): + pass + + MODIFIED_TIME_BUFFER = 15 * 60 @@ -54,9 +59,9 @@ CRL_LIST = [ "http://crl.disa.mil/crl/DODEMAILCA_51.crl", "http://crl.disa.mil/crl/DODEMAILCA_52.crl", "http://crl.disa.mil/crl/DODEMAILCA_59.crl", - "http://crl.disa.mil/crl/DODINTEROPERABILITYROOTCA1.crl ", - "http://crl.disa.mil/crl/DODINTEROPERABILITYROOTCA2.crl ", - "http://crl.disa.mil/crl/USDODCCEBINTEROPERABILITYROOTCA1.crl ", + "http://crl.disa.mil/crl/DODINTEROPERABILITYROOTCA1.crl", + "http://crl.disa.mil/crl/DODINTEROPERABILITYROOTCA2.crl", + "http://crl.disa.mil/crl/USDODCCEBINTEROPERABILITYROOTCA1.crl", "http://crl.disa.mil/crl/USDODCCEBINTEROPERABILITYROOTCA2.crl", "http://crl.disa.mil/crl/DODNIPRINTERNALNPEROOTCA1.crl", "http://crl.disa.mil/crl/DODNPEROOTCA1.crl", @@ -92,6 +97,9 @@ def write_crl(out_dir, target_dir, crl_location): options["headers"] = {"If-Modified-Since": mod_time} with requests.get(crl_location, **options) as response: + if response.status_code > 399: + raise CRLNotFoundError() + if response.status_code == 304: return False @@ -108,6 +116,15 @@ def remove_bad_crl(out_dir, crl_location): os.remove(crl) +def log_error(logger, crl_location): + if logger: + logger.error( + "Error downloading {}, removing file and continuing anyway".format( + crl_location + ) + ) + + def refresh_crls(out_dir, target_dir, logger): for crl_location in CRL_LIST: logger.info("updating CRL from {}".format(crl_location)) @@ -117,13 +134,10 @@ def refresh_crls(out_dir, target_dir, logger): else: logger.info("no updates for CRL from {}".format(crl_location)) except requests.exceptions.ChunkedEncodingError: - if logger: - logger.error( - "Error downloading {}, removing file and continuing anyway".format( - crl_location - ) - ) + log_error(logger, crl_location) remove_bad_crl(out_dir, crl_location) + except CRLNotFoundError: + log_error(logger, crl_location) if __name__ == "__main__": diff --git a/k8s/aws/atst-envvars-configmap.yml b/k8s/aws/atst-envvars-configmap.yml index fc65df51..ed2c5c1c 100644 --- a/k8s/aws/atst-envvars-configmap.yml +++ b/k8s/aws/atst-envvars-configmap.yml @@ -10,3 +10,4 @@ data: OVERRIDE_CONFIG_FULLPATH: /opt/atat/atst/atst-overrides.ini UWSGI_CONFIG_FULLPATH: /opt/atat/atst/uwsgi.ini CRL_STORAGE_PROVIDER: CLOUDFILES + LOG_JSON: "true" diff --git a/k8s/azure/atst-envvars-configmap.yml b/k8s/azure/atst-envvars-configmap.yml index fc65df51..ed2c5c1c 100644 --- a/k8s/azure/atst-envvars-configmap.yml +++ b/k8s/azure/atst-envvars-configmap.yml @@ -10,3 +10,4 @@ data: OVERRIDE_CONFIG_FULLPATH: /opt/atat/atst/atst-overrides.ini UWSGI_CONFIG_FULLPATH: /opt/atat/atst/uwsgi.ini CRL_STORAGE_PROVIDER: CLOUDFILES + LOG_JSON: "true"