fix(dig): dig not working #1246
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This stack of pull requests is managed by Graphite. Learn more about stacking. Join @kishore03109 and the rest of your teammates on |
kishore03109
force-pushed
the
03-27-fix_dig_dig_not_working
branch
5 times, most recently
from
2281bcd to
f00c2db
Compare
kishore03109
force-pushed
the
03-27-fix_dig_dig_not_working
branch
from
f00c2db to
23f90dc
Compare
seaerchin
reviewed
Apr 2, 2024
Comment on lines
247
to
253
| } catch (e: any) { | ||
| if (e.code && e.code === "ENODATA") { | ||
| logger.info( | ||
| `Unable to get dig response for domain: ${launchResult.primaryDomainSource}. Skipping check for AAAA records` | ||
| ) | ||
| } |
There was a problem hiding this comment.
could we change the any? separately, why are we not logging the error here? should it be info or should we set to warn?
There was a problem hiding this comment.
added type guard 5e7d5e9
Comment on lines
306
to
321
| } catch (e: any) { | ||
| if (e.code && e.code === "ENODATA") { | ||
| logger.info( | ||
| `Unable to get dig response for domain: ${launchResult.primaryDomainSource}. Skipping check for CAA records` | ||
| ) | ||
| return null | ||
| }) | ||
| } | ||
| throw e | ||
| } |
kishore03109
force-pushed
the
03-27-fix_dig_dig_not_working
branch
from
61f077a to
5e7d5e9
Compare
seaerchin
approved these changes
Apr 2, 2024
src/types/nodeError.ts
Outdated
Comment on lines
1
to
11
| export function isErrnoException(obj: any): obj is NodeJS.ErrnoException { | ||
| return ( | ||
| obj && | ||
| (typeof obj.errno === "number" || obj.errno === undefined) && | ||
| (typeof obj.code === "string" || obj.code === undefined) && | ||
| (typeof obj.path === "string" || obj.path === undefined) && | ||
| (typeof obj.syscall === "string" || obj.syscall === undefined) | ||
| ) | ||
| } |
There was a problem hiding this comment.
Suggested change
| export function isErrnoException(obj: any): obj is NodeJS.ErrnoException { | |
| return ( | |
| obj && | |
| (typeof obj.errno === "number" || obj.errno === undefined) && | |
| (typeof obj.code === "string" || obj.code === undefined) && | |
| (typeof obj.path === "string" || obj.path === undefined) && | |
| (typeof obj.syscall === "string" || obj.syscall === undefined) | |
| ) | |
| } | |
| export function isErrnoException(obj: unknown): obj is NodeJS.ErrnoException { | |
| const err = obj as NodeJS.ErrnoException | |
| return ( | |
| err && | |
| (typeof err.errno === "number" || err.errno === undefined) && | |
| (typeof err.code === "string" || err.code === undefined) && | |
| (typeof err.path === "string" || err.path === undefined) && | |
| (typeof err.syscall === "string" || err.syscall === undefined) | |
| ) | |
| } |
kishore03109
force-pushed
the
03-27-fix_dig_dig_not_working
branch
from
d4920d2 to
59db516
Compare
alexanderleegs
added a commit
that referenced
this pull request
Apr 4, 2024
* fix(server): server should die if unable to connect to db (#1265) ## Problem something in me wanted to check if we indeed exit if we fail to connect to db, and the answer is... no [node.js](https://nodejs.org/docs/latest-v18.x/api/process.html#processexitcode_1) states that > A number which will be the process exit code, when the process either exits gracefully, or is exited via process.exit() without specifying a code. so it does not actually do the exiting, which leads to silent failures * fix(dig): dig not working (#1246) ## Problem We do have some checks in the backend to check prior to any site launch that there are AAAA records/CAA records present. In this case, the dig commands to check the AAAA records [failed](https://ogp.datadoghq.com/logs?query=service%3Aisomer%20env%3Aproduction%20%22An%20error%20occurred%20while%20performing%20dig%20for%20domain%3A%22%20&cols=host%2Cservice&fromUser=true&index=%2A&messageDisplay=inline&refresh_mode=sliding&storage=hot&stream_sort=desc&viz=stream&from_ts=1711457521321&to_ts=1711543921321&live=true). The reason for above is that we were using a library called `node-dig-dns`. This called the dig command [directly](https://github.com/StephanGeorg/node-dig-dns/blob/master/src/index.js#L78) at a system level. However, our docker container does not have the dig command out of the box. This resulted in the existence of AAAA records not being caught. We are also codifying a check for CAA records and ensuring that if there exist at least one caa record and it uses our redirection service, it should have letsencrypt as one of the caa record. To prevent accidental commits to live indirection repo during dev, also adding a check to only commit to the indirection repository iff it is in prod environment. ## Solution just use node's dns resolver directly. this way we dont have to depend on an external library's implementation of node and dont have to install unnecessary deps in the docker. remove dep introduced in #1244 **Breaking Changes** <!-- Does this PR contain any backward incompatible changes? If so, what are they and should there be special considerations for release? --> - [ ] Yes - this PR contains breaking changes - Details ... - [x] No - this PR is backwards compatible with ALL of the following feature flags in this [doc](https://www.notion.so/opengov/Existing-feature-flags-518ad2cdc325420893a105e88c432be5) **Features**: <img width="1493" alt="Screenshot 2024-03-27 at 11 21 44 PM" src="https://github.com/isomerpages/isomercms-backend/assets/42832651/73edd437-492b-4bff-86c9-3392cb40fe49"> ### Manual test (not to be copied over to deployment notes) - [ ] add these lines of code at the end of server.js ``` const formResponses = [ { submissionId: "", requesterEmail: "[email protected]", repoName: "kishore-test-dev-emil", primaryDomain: "google.com", redirectionDomain: "www.google.com", agencyEmail: "[email protected]", }, ] formsgSiteLaunchRouter.handleSiteLaunchResults(formResponses, "test") ``` - [ ] Assert that the email comes out to * fix: remove unecessary join and site retrieval (#1268) * Improve APM spans (no more <anonymous>) (#1267) * refactor: rename wrapper based on original function, only when original.name exists * feat: utility to name all methods of an object * feat: ensure all route handlers are named * feat: drop the bound prefix in span names * chore: remove unused eslint rule disabling --------- Co-authored-by: Alexander Lee <[email protected]> * fix: external links in top level nav (#1272) * chore: bump version to v0.76.0 --------- Co-authored-by: Timothee Groleau <[email protected]> Co-authored-by: Kishore <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Problem
We do have some checks in the backend to check prior to any site launch that there are AAAA records/CAA records present. In this case, the dig commands to check the AAAA records failed.
The reason for above is that we were using a library called
node-dig-dns. This called the dig command directly at a system level. However, our docker container does not have the dig command out of the box. This resulted in the existence of AAAA records not being caught.We are also codifying a check for CAA records and ensuring that if there exist at least one caa record and it uses our redirection service, it should have letsencrypt as one of the caa record.
To prevent accidental commits to live indirection repo during dev, also adding a check to only commit to the indirection repository iff it is in prod environment.
Solution
just use node's dns resolver directly. this way we dont have to depend on an external library's implementation of node and dont have to install unnecessary deps in the docker.
remove dep introduced in #1244
Breaking Changes
Features:
Manual test (not to be copied over to deployment notes)