adding logging for revoked certs

2020-05-22 17:32:44 -07:00 · 2020-05-22 17:32:44 -07:00 · c9767b3172
parent 49c4a9c3b2
commit c9767b3172
1 changed files with 19 additions and 0 deletions
--- a/lemur/certificates/cli.py
+++ b/lemur/certificates/cli.py
@ -468,6 +468,11 @@ def check_revoked():
    as `unknown`.
    """

+    log_data = {
+        "function": f"{__name__}.{sys._getframe().f_code.co_name}",
+        "message": "Checking for revoked Certificates"
+    }
+
    certs = get_all_valid_certs(current_app.config.get("SUPPORTED_REVOCATION_AUTHORITY_PLUGINS", []))
    for cert in certs:
        try:
@ -478,6 +483,20 @@ def check_revoked():

            cert.status = "valid" if status else "revoked"

+            if cert.status == "revoked":
+                log_data["valid"] = cert.status
+                log_data["certificate_name"] = cert.name
+                log_data["certificate_id"] = cert.id
+                metrics.send(
+                    "certificate_revoked",
+                    "counter",
+                    1,
+                    metric_tags={"status":  log_data["valid"],
+                                 "certificate_name": log_data["certificate_name"],
+                                 "certificate_id": log_data["certificate_id"]},
+                )
+                current_app.logger.info(log_data)
+
        except Exception as e:
            sentry.captureException()
            current_app.logger.exception(e)