Fix a few bugs in CRL handling.

- Don't write a CRL to the cache if the response code is above 399. (We were getting HTML files as CRLs, d'oh). - Fix a kwarg in the CRL logger (extras -> extra). - Set Kubernetes clusters to log output as JSON.
2019-08-06 12:59:02 -04:00 · 2019-08-06 12:59:02 -04:00 · 0468d5353a
commit 0468d5353a
parent bd3662e8ce
4 changed files with 26 additions and 10 deletions
--- a/atst/domain/authnid/crl/init.py
+++ b/atst/domain/authnid/crl/init.py
@ -33,7 +33,7 @@ class CRLInterface:

    def _log(self, message, level=logging.INFO):
        if self.logger:
-            self.logger.log(level, message, extras={"tags": ["authorization", "crl"]})
+            self.logger.log(level, message, extra={"tags": ["authorization", "crl"]})

    def crl_check(self, cert):
        raise NotImplementedError()
--- a/atst/domain/authnid/crl/util.py
+++ b/atst/domain/authnid/crl/util.py
@ -4,6 +4,11 @@ import os
 import pendulum
 import requests

+
+class CRLNotFoundError(Exception):
+    pass
+
+
 MODIFIED_TIME_BUFFER = 15 * 60


@ -92,6 +97,9 @@ def write_crl(out_dir, target_dir, crl_location):
        options["headers"] = {"If-Modified-Since": mod_time}

    with requests.get(crl_location, **options) as response:
+        if response.status_code > 399:
+            raise CRLNotFoundError()
+
        if response.status_code == 304:
            return False

@ -108,6 +116,15 @@ def remove_bad_crl(out_dir, crl_location):
    os.remove(crl)


+def log_error(logger, crl_location):
+    if logger:
+        logger.error(
+            "Error downloading {}, removing file and continuing anyway".format(
+                crl_location
+            )
+        )
+
+
 def refresh_crls(out_dir, target_dir, logger):
    for crl_location in CRL_LIST:
        logger.info("updating CRL from {}".format(crl_location))
@ -117,13 +134,10 @@ def refresh_crls(out_dir, target_dir, logger):
            else:
                logger.info("no updates for CRL from {}".format(crl_location))
        except requests.exceptions.ChunkedEncodingError:
-            if logger:
-                logger.error(
-                    "Error downloading {}, removing file and continuing anyway".format(
-                        crl_location
-                    )
-                )
+            log_error(logger, crl_location)
            remove_bad_crl(out_dir, crl_location)
+        except CRLNotFoundError:
+            log_error(logger, crl_location)


 if __name__ == "__main__":
--- a/k8s/aws/atst-envvars-configmap.yml
+++ b/k8s/aws/atst-envvars-configmap.yml
@ -10,3 +10,4 @@ data:
  OVERRIDE_CONFIG_FULLPATH: /opt/atat/atst/atst-overrides.ini
  UWSGI_CONFIG_FULLPATH: /opt/atat/atst/uwsgi.ini
  CRL_STORAGE_PROVIDER: CLOUDFILES
+  LOG_JSON: "true"
--- a/k8s/azure/atst-envvars-configmap.yml
+++ b/k8s/azure/atst-envvars-configmap.yml
@ -10,3 +10,4 @@ data:
  OVERRIDE_CONFIG_FULLPATH: /opt/atat/atst/atst-overrides.ini
  UWSGI_CONFIG_FULLPATH: /opt/atat/atst/uwsgi.ini
  CRL_STORAGE_PROVIDER: CLOUDFILES
+  LOG_JSON: "true"