From c9767b3172fba9ee6043f8b6a0f3dbf8551d5e60 Mon Sep 17 00:00:00 2001
From: Hossein Shafagh <hshafagh@netflix.com>
Date: Fri, 22 May 2020 17:32:44 -0700
Subject: [PATCH] adding logging for revoked certs

---
 lemur/certificates/cli.py | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/lemur/certificates/cli.py b/lemur/certificates/cli.py
index 5ebe7e0f..b08aa0ba 100644
--- a/lemur/certificates/cli.py
+++ b/lemur/certificates/cli.py
@@ -468,6 +468,11 @@ def check_revoked():
     as `unknown`.
     """
 
+    log_data = {
+        "function": f"{__name__}.{sys._getframe().f_code.co_name}",
+        "message": "Checking for revoked Certificates"
+    }
+
     certs = get_all_valid_certs(current_app.config.get("SUPPORTED_REVOCATION_AUTHORITY_PLUGINS", []))
     for cert in certs:
         try:
@@ -478,6 +483,20 @@ def check_revoked():
 
             cert.status = "valid" if status else "revoked"
 
+            if cert.status == "revoked":
+                log_data["valid"] = cert.status
+                log_data["certificate_name"] = cert.name
+                log_data["certificate_id"] = cert.id
+                metrics.send(
+                    "certificate_revoked",
+                    "counter",
+                    1,
+                    metric_tags={"status":  log_data["valid"],
+                                 "certificate_name": log_data["certificate_name"],
+                                 "certificate_id": log_data["certificate_id"]},
+                )
+                current_app.logger.info(log_data)
+
         except Exception as e:
             sentry.captureException()
             current_app.logger.exception(e)