authentik/authentik/lib/sentry.py

"""authentik sentry integration"""
from typing import Optional

from aioredis.errors import ConnectionClosedError, ReplyError
from billiard.exceptions import SoftTimeLimitExceeded, WorkerLostError
from celery.exceptions import CeleryError
from channels.middleware import BaseMiddleware
from channels_redis.core import ChannelFull
from django.conf import settings
from django.core.exceptions import ImproperlyConfigured, SuspiciousOperation, ValidationError
from django.db import InternalError, OperationalError, ProgrammingError
from django.http.response import Http404
from django_redis.exceptions import ConnectionInterrupted
from docker.errors import DockerException
from h11 import LocalProtocolError
from ldap3.core.exceptions import LDAPException
from redis.exceptions import ConnectionError as RedisConnectionError
from redis.exceptions import RedisError, ResponseError
from rest_framework.exceptions import APIException
from sentry_sdk import Hub
from sentry_sdk.tracing import Transaction
from structlog.stdlib import get_logger
from websockets.exceptions import WebSocketException

from authentik.lib.utils.reflection import class_to_path

LOGGER = get_logger()


class SentryWSMiddleware(BaseMiddleware):
    """Sentry Websocket middleweare to set the transaction name based on
    consumer class path"""

    async def __call__(self, scope, receive, send):
        transaction: Optional[Transaction] = Hub.current.scope.transaction
        class_path = class_to_path(self.inner.consumer_class)
        if transaction:
            transaction.name = class_path
        return await self.inner(scope, receive, send)


class SentryIgnoredException(Exception):
    """Base Class for all errors that are suppressed, and not sent to sentry."""


def before_send(event: dict, hint: dict) -> Optional[dict]:
    """Check if error is database error, and ignore if so"""
    # pylint: disable=no-name-in-module
    from psycopg2.errors import Error

    ignored_classes = (
        # Inbuilt types
        KeyboardInterrupt,
        ConnectionResetError,
        OSError,
        PermissionError,
        # Django Errors
        Error,
        ImproperlyConfigured,
        OperationalError,
        InternalError,
        ProgrammingError,
        SuspiciousOperation,
        ValidationError,
        # Redis errors
        RedisConnectionError,
        ConnectionInterrupted,
        RedisError,
        ResponseError,
        ReplyError,
        ConnectionClosedError,
        # websocket errors
        ChannelFull,
        WebSocketException,
        LocalProtocolError,
        # rest_framework error
        APIException,
        # celery errors
        WorkerLostError,
        CeleryError,
        SoftTimeLimitExceeded,
        # custom baseclass
        SentryIgnoredException,
        # ldap errors
        LDAPException,
        # Docker errors
        DockerException,
        # End-user errors
        Http404,
    )
    exc_value = None
    if "exc_info" in hint:
        _, exc_value, _ = hint["exc_info"]
        if isinstance(exc_value, ignored_classes):
            LOGGER.debug("dropping exception", exc=exc_value)
            return None
    if "logger" in event:
        if event["logger"] in [
            "kombu",
            "asyncio",
            "multiprocessing",
            "django_redis",
            "django.security.DisallowedHost",
            "django_redis.cache",
            "celery.backends.redis",
            "celery.worker",
            "paramiko.transport",
        ]:
            return None
    LOGGER.debug("sending event to sentry", exc=exc_value, source_logger=event.get("logger", None))
    if settings.DEBUG or settings.TEST:
        return None
    return event
wip: rename to authentik (#361) * root: initial rename * web: rename custom element prefix * root: rename external functions with pb_ prefix * root: fix formatting * root: replace domain with goauthentik.io * proxy: update path * root: rename remaining prefixes * flows: rename file extension * root: pbadmin -> akadmin * docs: fix image filenames * lifecycle: ignore migration files * ci: copy default config from current source before loading last tagged * : new sentry dsn tests: fix missing python3.9-dev package * root: add additional migrations for service accounts created by outposts * core: mark system-created service accounts with attribute * policies/expression: fix pb_ replacement not working * web: fix last linting errors, add lit-analyse * policies/expressions: fix lint errors * web: fix sidebar display on screens where not all items fit * proxy: attempt to fix proxy pipeline * proxy: use go env GOPATH to get gopath * lib: fix user_default naming inconsistency * docs: add upgrade docs * docs: update screenshots to use authentik * admin: fix create button on empty-state of outpost * web: fix modal submit not refreshing SiteShell and Table * web: fix height of app-card and height of generic icon * web: fix rendering of subtext * admin: fix version check error not being caught * web: fix worker count not being shown * docs: update screenshots * root: new icon * web: fix lint error * admin: fix linting error * root: migrate coverage config to pyproject 2020-12-05 21:08:42 +00:00			`"""authentik sentry integration"""`
core: consider never consider expiring models with self.expiring set to false expired Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-04-10 21:42:42 +00:00			`from typing import Optional`

root: fix asgi import order 2020-11-11 21:35:40 +00:00			`from aioredis.errors import ConnectionClosedError, ReplyError`
lib: ignore installation specific errors Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-08-21 12:14:13 +00:00			`from billiard.exceptions import SoftTimeLimitExceeded, WorkerLostError`
lib: improve error handling for sentry 2020-09-15 09:29:43 +00:00			`from celery.exceptions import CeleryError`
root: add middleware to properly report websocket connection to sentry Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-04-27 14:21:44 +00:00			`from channels.middleware import BaseMiddleware`
lib: re-add Websockets error 2020-09-30 13:55:59 +00:00			`from channels_redis.core import ChannelFull`
lib: drop all sentry exceptions when debug enabled Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-11-15 21:18:56 +00:00			`from django.conf import settings`
root: reformat to 100 line width Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-08-03 15:45:16 +00:00			`from django.core.exceptions import ImproperlyConfigured, SuspiciousOperation, ValidationError`
lib: add more errors to sentry ignore 2020-02-23 18:48:14 +00:00			`from django.db import InternalError, OperationalError, ProgrammingError`
lib: don't send 404 errors to sentry Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-04-29 13:25:54 +00:00			`from django.http.response import Http404`
lib: add more errors to sentry ignore 2020-02-23 18:48:14 +00:00			`from django_redis.exceptions import ConnectionInterrupted`
lib: don't send DockerException to sentry Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-04-08 20:03:10 +00:00			`from docker.errors import DockerException`
lifecycle: revert to non-h11 worker Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-11-04 12:16:10 +00:00			`from h11 import LocalProtocolError`
sources/ldap: add status display to show last sync 2020-09-19 13:25:17 +00:00			`from ldap3.core.exceptions import LDAPException`
asgi: ignore lifespan requests, remove healthcheck events from sentry 2020-09-06 14:51:50 +00:00			`from redis.exceptions import ConnectionError as RedisConnectionError`
lib: improve error ignore list 2020-10-28 18:00:11 +00:00			`from redis.exceptions import RedisError, ResponseError`
lib: add more errors to sentry ignore 2020-02-23 18:48:14 +00:00			`from rest_framework.exceptions import APIException`
root: add middleware to properly report websocket connection to sentry Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-04-27 14:21:44 +00:00			`from sentry_sdk import Hub`
			`from sentry_sdk.tracing import Transaction`
build(deps): bump structlog from 20.1.0 to 20.2.0 (#445) * build(deps): bump structlog from 20.1.0 to 20.2.0 Bumps [structlog](https://github.com/hynek/structlog) from 20.1.0 to 20.2.0. - [Release notes](https://github.com/hynek/structlog/releases) - [Changelog](https://github.com/hynek/structlog/blob/master/CHANGELOG.rst) - [Commits](https://github.com/hynek/structlog/compare/20.1.0...20.2.0) Signed-off-by: dependabot[bot] <support@github.com> * *: use structlog.stdlib instead of structlog for type-hints Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-01-01 14:39:43 +00:00			`from structlog.stdlib import get_logger`
lib: re-add Websockets error 2020-09-30 13:55:59 +00:00			`from websockets.exceptions import WebSocketException`
separate passbook.core into passbook.root and passbook.core Move Main Django Project into passbook.root while passbook.core holds core functionality. passbook.root contains main settings, ASGI & WSGI, celery and URLs. 2019-06-25 16:00:54 +00:00
root: add middleware to properly report websocket connection to sentry Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-04-27 14:21:44 +00:00			`from authentik.lib.utils.reflection import class_to_path`

*(minor): remove __name__ param from get_logger 2019-10-04 08:08:53 +00:00			`LOGGER = get_logger()`
filter out connection errors for sentry 2019-04-29 17:16:49 +00:00

root: add middleware to properly report websocket connection to sentry Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-04-27 14:21:44 +00:00			`class SentryWSMiddleware(BaseMiddleware):`
			`"""Sentry Websocket middleweare to set the transaction name based on`
			`consumer class path"""`

			`async def __call__(self, scope, receive, send):`
			`transaction: Optional[Transaction] = Hub.current.scope.transaction`
			`class_path = class_to_path(self.inner.consumer_class)`
			`if transaction:`
			`transaction.name = class_path`
			`return await self.inner(scope, receive, send)`


lib: add SentryIgnoredException, to easily ignore exceptions from sentry 2020-02-20 20:37:14 +00:00			`class SentryIgnoredException(Exception):`
providers/saml: fix users being able to authenticate without audit logs being created 2020-02-24 13:40:12 +00:00			`"""Base Class for all errors that are suppressed, and not sent to sentry."""`
lib: add SentryIgnoredException, to easily ignore exceptions from sentry 2020-02-20 20:37:14 +00:00

core: consider never consider expiring models with self.expiring set to false expired Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-04-10 21:42:42 +00:00			`def before_send(event: dict, hint: dict) -> Optional[dict]:`
filter out connection errors for sentry 2019-04-29 17:16:49 +00:00			`"""Check if error is database error, and ignore if so"""`
sources/oauth2: migrate to microsoft graph instead of azure graph Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-08-21 13:12:18 +00:00			`# pylint: disable=no-name-in-module`
			`from psycopg2.errors import Error`

separate passbook.core into passbook.root and passbook.core Move Main Django Project into passbook.root while passbook.core holds core functionality. passbook.root contains main settings, ASGI & WSGI, celery and URLs. 2019-06-25 16:00:54 +00:00			`ignored_classes = (`
lib: improve error ignore list 2020-10-28 18:00:11 +00:00			`# Inbuilt types`
			`KeyboardInterrupt,`
			`ConnectionResetError,`
			`OSError,`
lib: don't send DockerException to sentry Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-04-08 20:03:10 +00:00			`PermissionError,`
lib: don't send ImproperlyConfigured to sentry Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-05-20 17:18:35 +00:00			`# Django Errors`
lib: ignore installation specific errors Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-08-21 12:14:13 +00:00			`Error,`
lib: don't send ImproperlyConfigured to sentry Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-05-20 17:18:35 +00:00			`ImproperlyConfigured,`
filter out connection errors for sentry 2019-04-29 17:16:49 +00:00			`OperationalError,`
lib: add more errors to sentry ignore 2020-02-23 18:48:14 +00:00			`InternalError,`
			`ProgrammingError,`
lib: don't send SuspiciousOperation to sentry Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-04-22 18:17:00 +00:00			`SuspiciousOperation,`
lib: improve error ignore list 2020-10-28 18:00:11 +00:00			`ValidationError,`
			`# Redis errors`
			`RedisConnectionError,`
filter out connection errors for sentry 2019-04-29 17:16:49 +00:00			`ConnectionInterrupted,`
lib: improve error ignore list 2020-10-28 18:00:11 +00:00			`RedisError,`
			`ResponseError,`
			`ReplyError,`
root: fix websockets not working correctly 2020-11-11 13:48:19 +00:00			`ConnectionClosedError,`
lib: improve error ignore list 2020-10-28 18:00:11 +00:00			`# websocket errors`
			`ChannelFull,`
			`WebSocketException,`
lifecycle: revert to non-h11 worker Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-11-04 12:16:10 +00:00			`LocalProtocolError,`
lib: improve error ignore list 2020-10-28 18:00:11 +00:00			`# rest_framework error`
separate passbook.core into passbook.root and passbook.core Move Main Django Project into passbook.root while passbook.core holds core functionality. passbook.root contains main settings, ASGI & WSGI, celery and URLs. 2019-06-25 16:00:54 +00:00			`APIException,`
lib: improve error ignore list 2020-10-28 18:00:11 +00:00			`# celery errors`
separate passbook.core into passbook.root and passbook.core Move Main Django Project into passbook.root while passbook.core holds core functionality. passbook.root contains main settings, ASGI & WSGI, celery and URLs. 2019-06-25 16:00:54 +00:00			`WorkerLostError,`
lib: improve error ignore list 2020-10-28 18:00:11 +00:00			`CeleryError,`
lib: ignore installation specific errors Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-08-21 12:14:13 +00:00			`SoftTimeLimitExceeded,`
lib: improve error ignore list 2020-10-28 18:00:11 +00:00			`# custom baseclass`
providers/saml: fix CannotHandleAssertion Error still being sent to sentry 2020-02-24 18:14:43 +00:00			`SentryIgnoredException,`
lib: improve error ignore list 2020-10-28 18:00:11 +00:00			`# ldap errors`
policies: improve wording on denied tempaltes 2020-09-19 13:24:52 +00:00			`LDAPException,`
lib: don't send DockerException to sentry Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-04-08 20:03:10 +00:00			`# Docker errors`
			`DockerException,`
lib: don't send 404 errors to sentry Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-04-29 13:25:54 +00:00			`# End-user errors`
			`Http404,`
separate passbook.core into passbook.root and passbook.core Move Main Django Project into passbook.root while passbook.core holds core functionality. passbook.root contains main settings, ASGI & WSGI, celery and URLs. 2019-06-25 16:00:54 +00:00			`)`
lib: add improved log to sentry events being sent Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-11-29 20:37:29 +00:00			`exc_value = None`
all: implement black as code formatter 2019-12-31 11:51:16 +00:00			`if "exc_info" in hint:`
root: fix API requests erroring 2020-07-07 12:02:20 +00:00			`_, exc_value, _ = hint["exc_info"]`
providers/saml: fix CannotHandleAssertion Error still being sent to sentry 2020-02-24 18:14:43 +00:00			`if isinstance(exc_value, ignored_classes):`
*: don't use exception keyword with structlog Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2022-01-03 20:33:52 +00:00			`LOGGER.debug("dropping exception", exc=exc_value)`
filter out connection errors for sentry 2019-04-29 17:16:49 +00:00			`return None`
lib: discard all log messages from dbbackup Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-04-10 21:20:20 +00:00			`if "logger" in event:`
lib: improve sentry integration Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-05-18 09:29:36 +00:00			`if event["logger"] in [`
			`"kombu",`
			`"asyncio",`
			`"multiprocessing",`
			`"django_redis",`
lib: add improved log to sentry events being sent Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-11-29 20:37:29 +00:00			`"django.security.DisallowedHost",`
root: drop redis cache sentry errors Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-12-20 12:12:14 +00:00			`"django_redis.cache",`
outposts: fix error when getting state for non-existent outpost Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-12-20 18:44:08 +00:00			`"celery.backends.redis",`
lib: add additional celery logger to sentry ignore Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-12-20 20:04:45 +00:00			`"celery.worker",`
lib: ignore paramiko logger Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2022-01-21 09:46:33 +00:00			`"paramiko.transport",`
lib: improve sentry integration Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-05-18 09:29:36 +00:00			`]:`
lib: discard all log messages from dbbackup Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-04-10 21:20:20 +00:00			`return None`
lib: add improved log to sentry events being sent Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-11-29 20:37:29 +00:00			`LOGGER.debug("sending event to sentry", exc=exc_value, source_logger=event.get("logger", None))`
lib: dont send any sentry events when testing Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2022-01-01 17:56:14 +00:00			`if settings.DEBUG or settings.TEST:`
lib: drop all sentry exceptions when debug enabled Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-11-15 21:18:56 +00:00			`return None`
filter out connection errors for sentry 2019-04-29 17:16:49 +00:00			`return event`