feat: enrich sentry

hm-edu · Nov 26, 2024 · 7658697 · 7658697
1 parent b78e306
commit 7658697
Show file tree

Hide file tree

Showing 3 changed files with 47 additions and 24 deletions.
diff --git a/acme/api/handler.go b/acme/api/handler.go
@@ -17,6 +17,7 @@ import (
 	pb "github.com/hm-edu/portal-apis"
 	"github.com/smallstep/certificates/cas/sectigocas/eab"
 	"github.com/smallstep/certificates/logging"
+	"github.com/smallstep/certificates/monitoring"
 
 	"github.com/smallstep/certificates/acme"
 	"github.com/smallstep/certificates/api"
@@ -467,6 +468,8 @@ func checkPermission(ctx context.Context, identifiers []acme.Identifier, eak *ac
 	if !ok {
 		return nil, errors.New("no external account client available")
 	}
+
+	ctx, _ = monitoring.WrapSentryTrace(ctx)
 	result, err := client.CheckEABPermissions(ctx, &pb.CheckEABPermissionRequest{Domains: domains, EabKey: eak.ID})
 	if err != nil {
 		return nil, err

diff --git a/cas/sectigocas/sectigocas.go b/cas/sectigocas/sectigocas.go
@@ -11,6 +11,7 @@ import (
 	"github.com/smallstep/certificates/acme"
 	"github.com/smallstep/certificates/acme/api"
 	"github.com/smallstep/certificates/authority/provisioner"
+	"github.com/smallstep/certificates/monitoring"
 
 	pb "github.com/hm-edu/portal-apis"
 	"github.com/pkg/errors"
@@ -34,9 +35,6 @@ func init() {
 
 const defaultClientOperationName = "grpc.client"
 
-type sentryTrace struct{}
-type sentryBaggage struct{}
-
 func sentryInterceptor(ctx context.Context,
 	method string,
 	req, reply interface{},
@@ -52,13 +50,9 @@ func sentryInterceptor(ctx context.Context,
 
 	operationName := defaultClientOperationName
 
-	trace, okTrace := ctx.Value(sentryTrace{}).(string)
-	baggage, okBaggage := ctx.Value(sentryBaggage{}).(string)
-
 	options := []sentry.SpanOption{sentry.WithTransactionName(method), sentry.WithDescription(method)}
-	if okTrace && okBaggage {
-		options = append(options, sentry.ContinueFromHeaders(trace, baggage))
-	}
+
+	options = append(options, monitoring.GetSpanOptions(ctx)...)
 
 	span := sentry.StartSpan(ctx, operationName, options...)
 	span.SetData("grpc.request.method", method)
@@ -170,17 +164,20 @@ func (s *SectigoCAS) signCertificate(ctx context.Context, cr *x509.CertificateRe
 			if acc == nil {
 				return nil, nil, errors.New("No account passed!")
 			}
-			ctxResolve := wrapSentryTrace(ctx)
+			ctxResolve, hub := monitoring.WrapSentryTrace(ctx)
 			user, err := s.eabClient.ResolveAccountId(ctxResolve, &pb.ResolveAccountIdRequest{AccountId: acc.ID})
 			if err != nil {
 				return nil, nil, errors.WithMessage(err, "Error resolving user account!")
 			}
 			issuer = fmt.Sprintf("%v (EAB: %v)", user.User, user.EabKey)
+			hub.ConfigureScope(func(scope *sentry.Scope) {
+				scope.SetUser(sentry.User{Email: issuer})
+			})
 		}
 
 	}
 
-	ctxSign := wrapSentryTrace(ctx)
+	ctxSign, _ := monitoring.WrapSentryTrace(ctx)
 	certificates, err := s.sslServiceClient.IssueCertificate(ctxSign, &pb.IssueSslRequest{
 		Issuer:                  issuer,
 		SubjectAlternativeNames: sans,
@@ -199,18 +196,6 @@ func (s *SectigoCAS) signCertificate(ctx context.Context, cr *x509.CertificateRe
 	return certs[0], certs[1:], nil
 }
 
-func wrapSentryTrace(ctx context.Context) context.Context {
-	hub := sentry.GetHubFromContext(ctx)
-	span := sentry.SpanFromContext(ctx)
-	ctx = context.Background()
-	ctx = sentry.SetHubOnContext(ctx, hub)
-	if span != nil {
-		ctx = context.WithValue(ctx, sentryTrace{}, span.ToSentryTrace())
-		ctx = context.WithValue(ctx, sentryBaggage{}, span.ToBaggage())
-	}
-	return ctx
-}
-
 func (s *SectigoCAS) CreateCertificate(ctx context.Context, req *apiv1.CreateCertificateRequest) (*apiv1.CreateCertificateResponse, error) {
 	cert, chain, err := s.signCertificate(ctx, req.CSR)
 	if err != nil {
@@ -234,7 +219,7 @@ func (s *SectigoCAS) RenewCertificate(ctx context.Context, req *apiv1.RenewCerti
 }
 
 func (s *SectigoCAS) RevokeCertificate(ctx context.Context, req *apiv1.RevokeCertificateRequest) (*apiv1.RevokeCertificateResponse, error) {
-	ctx = wrapSentryTrace(ctx)
+	ctx, _ = monitoring.WrapSentryTrace(ctx)
 	_, err := s.sslServiceClient.RevokeCertificate(ctx, &pb.RevokeSslRequest{
 		Identifier: &pb.RevokeSslRequest_Serial{Serial: req.SerialNumber},
 		Reason:     req.Reason,

diff --git a/monitoring/sentry.go b/monitoring/sentry.go
@@ -0,0 +1,35 @@
+package monitoring
+
+import (
+	"context"
+
+	"github.com/getsentry/sentry-go"
+)
+
+type sentryTrace struct{}
+type sentryBaggage struct{}
+
+func WrapSentryTrace(ctx context.Context) (context.Context, *sentry.Hub) {
+	hub := sentry.GetHubFromContext(ctx)
+	if hub == nil {
+		hub = sentry.CurrentHub().Clone()
+	}
+	span := sentry.SpanFromContext(ctx)
+	ctx = context.Background()
+	ctx = sentry.SetHubOnContext(ctx, hub)
+	if span != nil {
+		ctx = context.WithValue(ctx, sentryTrace{}, span.ToSentryTrace())
+		ctx = context.WithValue(ctx, sentryBaggage{}, span.ToBaggage())
+	}
+	return ctx, hub
+}
+
+func GetSpanOptions(ctx context.Context) []sentry.SpanOption {
+	var opts []sentry.SpanOption
+	trace, okTrace := ctx.Value(sentryTrace{}).(string)
+	baggage, okBaggage := ctx.Value(sentryBaggage{}).(string)
+	if okTrace && okBaggage {
+		opts = append(opts, sentry.ContinueFromHeaders(trace, baggage))
+	}
+	return opts
+}