govuk_app_config 4.0.0.pre.2 → 4.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b1a08f51ba88f28b8694fd0f40f94a92ac053a424b25e860b5795e96da7431b7
-  data.tar.gz: 6dd0f7061f779450c5fdc029002dc5474070306daa5acf3de5f78a9867667c93
+  metadata.gz: dec546dba47c5e140f91e24295182136a5aeaa7cd48cd9742d1aebfd09210b8a
+  data.tar.gz: 743c630cff5a8e8755864cc937309c3cc88042c9526c6ec21fb8c01497d3fc4f
 SHA512:
-  metadata.gz: 47c5d3a3da84267ef909d3de765bd60a0af8587bc6712523ee8ca44ccb9bc74f7fc76a0b21b413437f2ea7d35829acb77589b8f29c86904876dd88ad23a0845d
-  data.tar.gz: 7ebb2c404c7abde0e16c1b22c63d523491ff70465161e806c3a91a3911e6cddebb406b7b774add5668aaf793a2dab6659f1629eb2c9bc575ba0c782927544cc9
+  metadata.gz: 42d6afcd7e29cea665780034dca057062c3311e7cea2117c8d6e5e7a17224276d255dc91a7ceb918cc22a782395a63e9c3975bdd5dac9e5566ad735dffc31507
+  data.tar.gz: 8e50c7bdd187c325c76c22b1290938bbdbc84369d65b5f396730b184af5cda1549a623956bf9fa09b7b2d81edad93c60489fbb72546acc656ec265f5b8bac049

data/CHANGELOG.md

@@ -1,14 +1,45 @@
-# 4.0.0.pre-2
+# 4.0.1
+
+- Update Content Security Policy with new klick2contact.com subdomain ([#213](https://github.com/alphagov/govuk_app_config/pull/213)).
+
+# 4.0.0
+
+- BREAKING: replaces deprecated `sentry-raven` with `sentry-ruby` and `sentry-rails`. Follow the **[migration guide](https://docs.sentry.io/platforms/ruby/migration/)** before upgrading to this version of govuk_app_config to ensure full compatibility with the new gems.
+- BREAKING: `GovukError.configure` can only be called once, and non-Rails apps will have to manually call `GovukError.configure` in order to initialise Sentry.
+- BREAKING: apps will no longer increment the `error_reports_failed` statsd if events fail to get sent to Sentry.
+- BREAKING: the behaviour of `before_send` has changed, and the `should_capture` method is deprecated.
+- See pre-release notes below for details.
+- PR: [#212](https://github.com/alphagov/govuk_app_config/pull/212)
+
+# 4.0.0.pre.4
+
+- Fix Sentry client initialisation ([#205](https://github.com/alphagov/govuk_app_config/pull/205)).
+- BREAKING: non-Rails apps will need to manually call `GovukError.configure` in order to initialise Sentry.
+- BREAKING: `GovukError.configure` can only be called once by the downstream application.
+
+# 4.0.0.pre.3
+
+- Include [sentry-rails](https://github.com/getsentry/sentry-ruby/tree/master/sentry-rails) by default ([#203](https://github.com/alphagov/govuk_app_config/pull/203)).
+
+# 4.0.0.pre.2
 
 - Fix default Sentry configuration ([#202](https://github.com/alphagov/govuk_app_config/pull/202)).
 - BREAKING: this means no more `silence_ready` or `transport_failure_callback` options.
 
-# 4.0.0.pre-1
+# 4.0.0.pre.1
 
 - BREAKING: upgrades Sentry gem from `sentry-raven` to `sentry-ruby` ([#199](https://github.com/alphagov/govuk_app_config/pull/199)). There is a **[migration guide](https://docs.sentry.io/platforms/ruby/migration/)** you should follow before upgrading to this version of govuk_app_config.
-- This release also fixes the `data_sync_excluded_exceptions` behaviour that has been broken since v3.1.0.
+- This release also fixes the `data_sync_excluded_exceptions` behaviour that was broken in v3.1.0 (later fixed in v3.3.0, which was released after 4.0.0.pre.1).
 - Released as a pre-release to identify and fix any problems before a wider rollout.
 
+# 3.3.0
+
+- Revert the `should_capture`/`before_send` consolidation introduced in 3.1.0. This fixes the `data_sync_excluded_exceptions` behaviour that has been broken since v3.1.0. ([#211](https://github.com/alphagov/govuk_app_config/pull/211))
+
+# 3.2.0
+
+- Add Speedcurve's LUX to connect-src policy ([#206](https://github.com/alphagov/govuk_app_config/pull/206))
+
 # 3.1.1
 
 - Fix the new before_send behaviour & tests, and add documentation ([#197](https://github.com/alphagov/govuk_app_config/pull/197))

data/README.md

@@ -87,7 +87,7 @@ You can add your environment to the list of active Sentry environments like so:
 
 ```ruby
 GovukError.configure do |config|
-  config.active_sentry_environments << "my-test-environment"
+  config.enabled_environments << "my-test-environment"
 end
 ```
 

data/govuk_app_config.gemspec

@@ -21,6 +21,7 @@ Gem::Specification.new do |spec|
   spec.require_paths = %w[lib]
 
   spec.add_dependency "logstasher", ">= 1.2.2", "< 2.2.0"
+  spec.add_dependency "sentry-rails", "~> 4.5.0"
   spec.add_dependency "sentry-ruby", "~> 4.5.0"
   spec.add_dependency "statsd-ruby", "~> 1.5.0"
   spec.add_dependency "unicorn", ">= 5.4", "< 5.9"

data/lib/govuk_app_config/govuk_content_security_policy.rb

@@ -76,9 +76,15 @@ module GovukContentSecurityPolicy
                        # Allow JSON call to Nuance - HMRC web chat provider
                        "hmrc-uk.digital.nuance.com",
                        # Allow JSON call to klick2contact - HMPO web chat provider
-                       "gov.klick2contact.com",
+                       "hmpowebchat.klick2contact.com",
                        # Allow connecting to Verify to check whether the user is logged in
-                       "www.signin.service.gov.uk"
+                       "www.signin.service.gov.uk",
+                       # Allow connection to Speedcurve's CDN for LUX - used for
+                       # real user metrics on GOV.UK. This loads using an image
+                       # (see image policy), but returns a JavaScript file -
+                       # which is why this has to be added to the `connect-src`
+                       # policy as well.
+                       "lux.speedcurve.com"
 
     # Disallow all <object>, <embed>, and <applet> elements
     #

data/lib/govuk_app_config/govuk_error/configuration.rb

@@ -3,20 +3,82 @@ require "govuk_app_config/govuk_error/govuk_data_sync"
 
 module GovukError
   class Configuration < SimpleDelegator
-    attr_reader :data_sync, :sentry_environment
-    attr_accessor :active_sentry_environments, :data_sync_excluded_exceptions
+    attr_reader :data_sync
+    attr_accessor :data_sync_excluded_exceptions
 
     def initialize(_sentry_configuration)
       super
-      @sentry_environment = ENV["SENTRY_CURRENT_ENV"]
       @data_sync = GovukDataSync.new(ENV["GOVUK_DATA_SYNC_PERIOD"])
-      self.active_sentry_environments = []
-      self.data_sync_excluded_exceptions = []
+      set_up_defaults
+    end
+
+    def set_up_defaults
+      # These are the environments (described by the `SENTRY_CURRENT_ENV`
+      # ENV variable) where we want to capture Sentry errors. If
+      # `SENTRY_CURRENT_ENV` isn't in this list, or isn't defined, then
+      # don't capture the error.
+      self.enabled_environments = %w[
+        integration-blue-aws
+        staging
+        production
+      ]
+
+      self.excluded_exceptions = [
+        # Default ActionDispatch rescue responses
+        "ActionController::RoutingError",
+        "AbstractController::ActionNotFound",
+        "ActionController::MethodNotAllowed",
+        "ActionController::UnknownHttpMethod",
+        "ActionController::NotImplemented",
+        "ActionController::UnknownFormat",
+        "Mime::Type::InvalidMimeType",
+        "ActionController::MissingExactTemplate",
+        "ActionController::InvalidAuthenticityToken",
+        "ActionController::InvalidCrossOriginRequest",
+        "ActionDispatch::Http::Parameters::ParseError",
+        "ActionController::BadRequest",
+        "ActionController::ParameterMissing",
+        "Rack::QueryParser::ParameterTypeError",
+        "Rack::QueryParser::InvalidParameterError",
+        # Default ActiveRecord rescue responses
+        "ActiveRecord::RecordNotFound",
+        "ActiveRecord::StaleObjectError",
+        "ActiveRecord::RecordInvalid",
+        "ActiveRecord::RecordNotSaved",
+        # Additional items
+        "ActiveJob::DeserializationError",
+        "CGI::Session::CookieStore::TamperedWithCookie",
+        "GdsApi::HTTPIntermittentServerError",
+        "GdsApi::TimedOutException",
+        "Mongoid::Errors::DocumentNotFound",
+        "Sinatra::NotFound",
+        "Slimmer::IntermittentRetrievalError",
+      ]
+
+      # This will exclude exceptions that are triggered by one of the ignored
+      # exceptions. For example, when any exception occurs in a template,
+      # Rails will raise a ActionView::Template::Error, instead of the original error.
+      self.inspect_exception_causes_for_exclusion = true
+
+      # List of exceptions to ignore if they take place during the data sync.
+      # Some errors are transient in nature, e.g. PostgreSQL databases being
+      # unavailable, and add little value. In fact, their presence can greatly
+      # increase the number of errors being sent and risk genuine errors being
+      # rate-limited by Sentry.
+      self.data_sync_excluded_exceptions = [
+        "PG::Error",
+        "GdsApi::ContentStore::ItemNotFound",
+      ]
+
       @before_send_callbacks = [
-        ignore_exceptions_if_not_in_active_sentry_env,
         ignore_excluded_exceptions_in_data_sync,
         increment_govuk_statsd_counters,
       ]
+      # Need to invoke an arbitrary `before_send=` in order to trigger the
+      # `before_send_callbacks` behaviour
+      self.before_send = lambda { |error_or_event, _hint|
+        error_or_event
+      }
     end
 
     def before_send=(closure)
@@ -26,10 +88,6 @@ module GovukError
 
   protected
 
-    def ignore_exceptions_if_not_in_active_sentry_env
-      ->(event, _hint) { event if active_sentry_environments.include?(sentry_environment) }
-    end
-
     def ignore_excluded_exceptions_in_data_sync
       lambda { |event, hint|
         data_sync_ignored_error = data_sync_excluded_exceptions.any? do |exception_to_ignore|

data/lib/govuk_app_config/govuk_error.rb

@@ -1,9 +1,16 @@
 require "sentry-ruby"
+require "sentry-rails"
 require "govuk_app_config/govuk_statsd"
 require "govuk_app_config/govuk_error/configuration"
 require "govuk_app_config/version"
 
 module GovukError
+  class AlreadyInitialised < StandardError
+    def initialize(msg = "You can only call GovukError.configure once!")
+      super
+    end
+  end
+
   def self.notify(exception_or_message, args = {})
     # Allow users to use `parameters` as a key like the Airbrake
     # client, allowing easy upgrades.
@@ -13,11 +20,23 @@ module GovukError
     args[:tags] ||= {}
     args[:tags][:govuk_app_config_version] = GovukAppConfig::VERSION
 
-    Sentry.capture_exception(exception_or_message, args)
+    if exception_or_message.is_a?(String)
+      Sentry.capture_message(exception_or_message, args)
+    else
+      Sentry.capture_exception(exception_or_message, args)
+    end
+  end
+
+  def self.is_configured?
+    Sentry.get_current_client != nil
   end
 
   def self.configure
-    @configuration ||= Configuration.new(Sentry::Configuration.new)
-    yield @configuration
+    raise GovukError::AlreadyInitialised if is_configured?
+
+    Sentry.init do |sentry_config|
+      config = Configuration.new(sentry_config)
+      yield config if block_given?
+    end
   end
 end

data/lib/govuk_app_config/railtie.rb

@@ -3,5 +3,9 @@ module GovukAppConfig
     config.before_initialize do
       GovukLogging.configure if Rails.env.production?
     end
+
+    config.after_initialize do
+      GovukError.configure unless GovukError.is_configured?
+    end
   end
 end

data/lib/govuk_app_config/version.rb

@@ -1,3 +1,3 @@
 module GovukAppConfig
-  VERSION = "4.0.0.pre.2".freeze
+  VERSION = "4.0.1".freeze
 end

data/lib/govuk_app_config.rb

@@ -1,7 +1,6 @@
 require "govuk_app_config/version"
 require "govuk_app_config/govuk_statsd"
 require "govuk_app_config/govuk_error"
-require "govuk_app_config/govuk_error/configure"
 require "govuk_app_config/govuk_healthcheck"
 require "govuk_app_config/govuk_i18n"
 # This require is deprecated and should be removed on next major version bump

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: govuk_app_config
 version: !ruby/object:Gem::Version
-  version: 4.0.0.pre.2
+  version: 4.0.1
 platform: ruby
 authors:
 - GOV.UK Dev
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-06-04 00:00:00.000000000 Z
+date: 2021-10-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: logstasher
@@ -30,6 +30,20 @@ dependencies:
     - - "<"
       - !ruby/object:Gem::Version
         version: 2.2.0
+- !ruby/object:Gem::Dependency
+  name: sentry-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 4.5.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 4.5.0
 - !ruby/object:Gem::Dependency
   name: sentry-ruby
   requirement: !ruby/object:Gem::Requirement
@@ -230,7 +244,6 @@ files:
 - lib/govuk_app_config/govuk_content_security_policy.rb
 - lib/govuk_app_config/govuk_error.rb
 - lib/govuk_app_config/govuk_error/configuration.rb
-- lib/govuk_app_config/govuk_error/configure.rb
 - lib/govuk_app_config/govuk_error/govuk_data_sync.rb
 - lib/govuk_app_config/govuk_healthcheck.rb
 - lib/govuk_app_config/govuk_healthcheck/active_record.rb
@@ -261,9 +274,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '2.6'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">"
+  - - ">="
     - !ruby/object:Gem::Version
-      version: 1.3.1
+      version: '0'
 requirements: []
 rubygems_version: 3.0.3
 signing_key: 

data/lib/govuk_app_config/govuk_error/configure.rb

@@ -1,62 +0,0 @@
-GovukError.configure do |config|
-  # These are the environments (described by the `SENTRY_CURRENT_ENV`
-  # ENV variable) where we want to capture Sentry errors. If
-  # `SENTRY_CURRENT_ENV` isn't in this list, or isn't defined, then
-  # don't capture the error.
-  config.active_sentry_environments = %w[
-    integration-blue-aws
-    staging
-    production
-  ]
-
-  config.excluded_exceptions = [
-    # Default ActionDispatch rescue responses
-    "ActionController::RoutingError",
-    "AbstractController::ActionNotFound",
-    "ActionController::MethodNotAllowed",
-    "ActionController::UnknownHttpMethod",
-    "ActionController::NotImplemented",
-    "ActionController::UnknownFormat",
-    "Mime::Type::InvalidMimeType",
-    "ActionController::MissingExactTemplate",
-    "ActionController::InvalidAuthenticityToken",
-    "ActionController::InvalidCrossOriginRequest",
-    "ActionDispatch::Http::Parameters::ParseError",
-    "ActionController::BadRequest",
-    "ActionController::ParameterMissing",
-    "Rack::QueryParser::ParameterTypeError",
-    "Rack::QueryParser::InvalidParameterError",
-    # Default ActiveRecord rescue responses
-    "ActiveRecord::RecordNotFound",
-    "ActiveRecord::StaleObjectError",
-    "ActiveRecord::RecordInvalid",
-    "ActiveRecord::RecordNotSaved",
-    # Additional items
-    "ActiveJob::DeserializationError",
-    "CGI::Session::CookieStore::TamperedWithCookie",
-    "GdsApi::HTTPIntermittentServerError",
-    "GdsApi::TimedOutException",
-    "Mongoid::Errors::DocumentNotFound",
-    "Sinatra::NotFound",
-    "Slimmer::IntermittentRetrievalError",
-  ]
-
-  # This will exclude exceptions that are triggered by one of the ignored
-  # exceptions. For example, when any exception occurs in a template,
-  # Rails will raise a ActionView::Template::Error, instead of the original error.
-  config.inspect_exception_causes_for_exclusion = true
-
-  # List of exceptions to ignore if they take place during the data sync.
-  # Some errors are transient in nature, e.g. PostgreSQL databases being
-  # unavailable, and add little value. In fact, their presence can greatly
-  # increase the number of errors being sent and risk genuine errors being
-  # rate-limited by Sentry.
-  config.data_sync_excluded_exceptions = [
-    "PG::Error",
-    "GdsApi::ContentStore::ItemNotFound",
-  ]
-
-  config.before_send = lambda { |error_or_event, _hint|
-    error_or_event
-  }
-end