Enable sentry logging (#460)

* add sentry

* first commit

* fix tests

* revert change

* revert

* add sentry dsn to config

* fix configmap

* fix configmap

* fix dep

* fix status test

* remove line

* Simplify config

* More tests

* More tests

Gopkg.toml

@@ -111,6 +111,11 @@ required = [
   name = "github.com/pilu/fresh"
   revision = "9c0092493eff2825c3abf64e087b3383dec939c3"
 
+[[constraint]]
+  name = "github.com/getsentry/raven-go"
+  revision = "563b81fc02b75d664e54da31f787c2cc2186780b"
+
+
 [prune]
   go-tests = true
   unused-packages = true

configuration/configuration.go

@@ -125,6 +125,10 @@ const (
 	varTenantServiceURL       = "tenant.serviceurl"
 	varWITURL                 = "wit.url"
 	varNotificationServiceURL = "notification.serviceurl"
+
+	// sentry
+	varEnvironment = "environment"
+	varSentryDSN   = "sentry.dsn"
 )
 
 type serviceAccountConfig struct {
@@ -300,6 +304,12 @@ func NewConfigurationData(mainConfigFile string, serviceAccountConfigFile string
 	if c.GetOSORegistrationAppAdminToken() == "" {
 		c.appendDefaultConfigErrorMessage("OSO Reg App admin token is empty")
 	}
+	if c.GetEnvironment() == "local" || c.GetEnvironment() == "" {
+		c.appendDefaultConfigErrorMessage("Environment is empty or set to local")
+	}
+	if c.GetSentryDSN() == "" {
+		c.appendDefaultConfigErrorMessage("Sentry DSN is empty")
+	}
 	c.checkClusterConfig()
 	if c.defaultConfigurationError != nil {
 		log.WithFields(map[string]interface{}{
@@ -594,6 +604,9 @@ func (c *ConfigurationData) setConfigDefaults() {
 
 	// Regex to be used to check if the user with such email should be ignored during account provisioning
 	c.v.SetDefault(varIgnoreEmailInProd, ".+\\+preview.*\\@redhat\\.com")
+
+	// prod-preview or prod
+	c.v.SetDefault(varEnvironment, "local")
 }
 
 // GetEmailVerifiedRedirectURL returns the url where the user would be redirected to after clicking on email
@@ -880,6 +893,11 @@ func (c *ConfigurationData) GetNotificationServiceURL() string {
 	return c.v.GetString(varNotificationServiceURL)
 }
 
+// GetSentryDSN returns the secret needed to securely communicate with https://errortracking.prod-preview.openshift.io/openshift_io/fabric8-auth/
+func (c *ConfigurationData) GetSentryDSN() string {
+	return c.v.GetString(varSentryDSN)
+}
+
 // GetKeycloakEndpointAdmin returns the <keycloak>/realms/admin/<realm> endpoint
 // set via config file or environment variable.
 // If nothing set then in Dev environment the default endpoint will be returned.
@@ -1124,6 +1142,13 @@ func (c *ConfigurationData) GetIgnoreEmailInProd() string {
 	return c.v.GetString(varIgnoreEmailInProd)
 }
 
+// GetEnvironment returns the current environment application is deployed in
+// like 'production', 'prod-preview', 'local', etc as the value of environment variable
+// `AUTH_ENVIRONMENT` is set.
+func (c *ConfigurationData) GetEnvironment() string {
+	return c.v.GetString(varEnvironment)
+}
+
 const (
 	defaultHeaderMaxLength = 5000 // bytes
 

configuration/configuration_blackbox_test.go

@@ -244,6 +244,44 @@ func TestGetWITURLNotDevModeOK(t *testing.T) {
 	assert.Equal(t, "http://myauthsubdomain.service.domain.org", computedWITURL)
 }
 
+func TestGetEnvironmentOK(t *testing.T) {
+	resource.Require(t, resource.UnitTest)
+
+	constAuthEnvironment := "AUTH_ENVIRONMENT"
+	constAuthSentryDSN := "AUTH_SENTRY_DSN"
+	constLocalEnv := "local"
+
+	existingEnvironmentName := os.Getenv(constAuthEnvironment)
+	existingSentryDSN := os.Getenv(constAuthSentryDSN)
+	defer func() {
+		os.Setenv(constAuthEnvironment, existingEnvironmentName)
+		os.Setenv(constAuthSentryDSN, existingSentryDSN)
+		resetConfiguration()
+	}()
+
+	os.Unsetenv(constAuthEnvironment)
+	assert.Equal(t, constLocalEnv, config.GetEnvironment())
+
+	os.Setenv(constAuthEnvironment, "prod-preview")
+	assert.Equal(t, "prod-preview", config.GetEnvironment())
+}
+
+func TestGetSentryDSNOK(t *testing.T) {
+	resource.Require(t, resource.UnitTest)
+	constSentryDSN := "AUTH_SENTRY_DSN"
+	existingDSN := os.Getenv(constSentryDSN)
+	defer func() {
+		os.Setenv(constSentryDSN, existingDSN)
+		resetConfiguration()
+	}()
+
+	os.Unsetenv(constSentryDSN)
+	assert.Equal(t, "", config.GetSentryDSN())
+
+	os.Setenv(constSentryDSN, "something")
+	assert.Equal(t, "something", config.GetSentryDSN())
+}
+
 func TestGetWITURLDevModeOK(t *testing.T) {
 	resource.Require(t, resource.UnitTest)
 	existingWITprefix := os.Getenv("AUTH_WIT_DOMAIN_PREFIX")

controller/status_test.go

@@ -19,8 +19,8 @@ import (
 )
 
 const (
-	expectedDefaultConfDevModeErrorMessage  = "Error: /etc/fabric8/service-account-secrets.conf is not used; /etc/fabric8/oso-clusters.conf is not used; developer Mode is enabled; default service account private key is used; default service account private key ID is used; default user account private key is used; default user account private key ID is used; default DB password is used; default Keycloak client secret is used; default GitHub client secret is used; no restrictions for valid redirect URLs; notification service url is empty; OSO Reg App url is empty; OSO Reg App admin username is empty; OSO Reg App admin token is empty"
-	expectedDefaultConfProdModeErrorMessage = "Error: /etc/fabric8/service-account-secrets.conf is not used; /etc/fabric8/oso-clusters.conf is not used; default service account private key is used; default service account private key ID is used; default user account private key is used; default user account private key ID is used; default DB password is used; default Keycloak client secret is used; default GitHub client secret is used; notification service url is empty; OSO Reg App url is empty; OSO Reg App admin username is empty; OSO Reg App admin token is empty"
+	expectedDefaultConfDevModeErrorMessage  = "Error: /etc/fabric8/service-account-secrets.conf is not used; /etc/fabric8/oso-clusters.conf is not used; developer Mode is enabled; default service account private key is used; default service account private key ID is used; default user account private key is used; default user account private key ID is used; default DB password is used; default Keycloak client secret is used; default GitHub client secret is used; no restrictions for valid redirect URLs; notification service url is empty; OSO Reg App url is empty; OSO Reg App admin username is empty; OSO Reg App admin token is empty; Environment is empty or set to local; Sentry DSN is empty"
+	expectedDefaultConfProdModeErrorMessage = "Error: /etc/fabric8/service-account-secrets.conf is not used; /etc/fabric8/oso-clusters.conf is not used; default service account private key is used; default service account private key ID is used; default user account private key is used; default user account private key ID is used; default DB password is used; default Keycloak client secret is used; default GitHub client secret is used; notification service url is empty; OSO Reg App url is empty; OSO Reg App admin username is empty; OSO Reg App admin token is empty; Environment is empty or set to local; Sentry DSN is empty"
 )
 
 type TestStatusREST struct {

jsonapi/jsonapi_utility.go

@@ -8,6 +8,7 @@ import (
 	"github.com/fabric8-services/fabric8-auth/app"
 	"github.com/fabric8-services/fabric8-auth/errors"
 	"github.com/fabric8-services/fabric8-auth/log"
+	"github.com/fabric8-services/fabric8-auth/sentry"
 
 	"github.com/goadesign/goa"
 	errs "github.com/pkg/errors"
@@ -165,5 +166,7 @@ func JSONErrorResponse(ctx InternalServerError, err error) error {
 			return errs.WithStack(ctx.Conflict(jsonErr))
 		}
 	}
+
+	sentry.Sentry().CaptureError(ctx, err)
 	return errs.WithStack(ctx.InternalServerError(jsonErr))
 }

log/context.go

@@ -24,8 +24,8 @@ func extractIdentityID(ctx context.Context) (string, error) {
 	return id.(string), nil
 }
 
-// extractRequestID obtains the request ID either from a goa client or middleware
-func extractRequestID(ctx context.Context) string {
+// ExtractRequestID obtains the request ID either from a goa client or middleware
+func ExtractRequestID(ctx context.Context) string {
 	reqID := middleware.ContextRequestID(ctx)
 	if reqID == "" {
 		return client.ContextRequestID(ctx)

log/log.go

@@ -79,7 +79,7 @@ func Error(ctx context.Context, fields map[string]interface{}, format string, ar
 		}
 
 		if ctx != nil {
-			entry = entry.WithField("req_id", extractRequestID(ctx))
+			entry = entry.WithField("req_id", ExtractRequestID(ctx))
 			identityID, err := extractIdentityID(ctx)
 			if err == nil {
 				entry = entry.WithField("identity_id", identityID)
@@ -148,7 +148,7 @@ func Warn(ctx context.Context, fields map[string]interface{}, format string, arg
 		}
 
 		if ctx != nil {
-			entry = entry.WithField("req_id", extractRequestID(ctx))
+			entry = entry.WithField("req_id", ExtractRequestID(ctx))
 			identityID, err := extractIdentityID(ctx)
 			if err == nil { // Otherwise we don't use the identityID
 				entry = entry.WithField("identity_id", identityID)
@@ -177,7 +177,7 @@ func Info(ctx context.Context, fields map[string]interface{}, format string, arg
 		}
 
 		if ctx != nil {
-			entry = entry.WithField("req_id", extractRequestID(ctx))
+			entry = entry.WithField("req_id", ExtractRequestID(ctx))
 			identityID, err := extractIdentityID(ctx)
 			if err == nil { // Otherwise we don't use the identityID
 				entry = entry.WithField("identity_id", identityID)
@@ -202,7 +202,7 @@ func Panic(ctx context.Context, fields map[string]interface{}, format string, ar
 		entry := log.WithField("pid", os.Getpid())
 
 		if ctx != nil {
-			entry = entry.WithField("req_id", extractRequestID(ctx))
+			entry = entry.WithField("req_id", ExtractRequestID(ctx))
 			identityID, err := extractIdentityID(ctx)
 			if err == nil { // Otherwise we don't use the identityID
 				entry = entry.WithField("identity_id", identityID)
@@ -231,7 +231,7 @@ func Debug(ctx context.Context, fields map[string]interface{}, format string, ar
 		}
 
 		if ctx != nil {
-			entry = entry.WithField("req_id", extractRequestID(ctx))
+			entry = entry.WithField("req_id", ExtractRequestID(ctx))
 			identityID, err := extractIdentityID(ctx)
 			if err == nil {
 				entry = entry.WithField("identity_id", identityID)

main.go

@@ -23,6 +23,7 @@ import (
 	keycloaklink "github.com/fabric8-services/fabric8-auth/login/link"
 	"github.com/fabric8-services/fabric8-auth/migration"
 	"github.com/fabric8-services/fabric8-auth/notification"
+	"github.com/fabric8-services/fabric8-auth/sentry"
 	"github.com/fabric8-services/fabric8-auth/space/authz"
 	"github.com/fabric8-services/fabric8-auth/token"
 	"github.com/fabric8-services/fabric8-auth/token/keycloak"
@@ -93,6 +94,19 @@ func main() {
 		}
 	}
 
+	// Initialize sentry client
+	haltSentry, err := sentry.InitializeSentryClient(
+		config.GetSentryDSN(),
+		sentry.WithRelease(controller.Commit),
+		sentry.WithEnvironment(config.GetEnvironment()),
+	)
+	if err != nil {
+		log.Panic(nil, map[string]interface{}{
+			"err": err,
+		}, "failed to setup the sentry client")
+	}
+	defer haltSentry()
+
 	if config.IsPostgresDeveloperModeEnabled() && log.IsDebug() {
 		db = db.Debug()
 	}

openshift/auth.app.yaml

@@ -89,7 +89,7 @@ objects:
               secretKeyRef:
                 name: auth
                 key: github.client.secret
-          - name: SENTRY_DSN
+          - name: AUTH_SENTRY_DSN
             valueFrom:
               secretKeyRef:
                 name: auth
@@ -159,6 +159,11 @@ objects:
               configMapKeyRef:
                 name: auth
                 key: email.verify.url
+          - name: AUTH_ENVIRONMENT
+            valueFrom:
+              configMapKeyRef:
+                name: auth
+                key: environment
           imagePullPolicy: Always
           name: auth
           ports:

openshift/auth.config.yaml

@@ -51,4 +51,5 @@ objects:
     keycloak.url: https://sso.openshift.io
     notification.serviceurl: ""
     email.verify.url: https://prod-preview.openshift.io/_home
+    environment: prod-preview