From 3f13598f70495e490ded43054c2d0d36063acd3e Mon Sep 17 00:00:00 2001 From: Ryan Ahearn Date: Tue, 2 May 2023 15:26:57 -0400 Subject: [PATCH 1/3] Instrument JS with copy/pasted snippet this avoids having to set `unsafe-inline` in our CSP header --- app/config.py | 6 ++++++ app/templates/main_template.html | 3 ++- app/templates/partials/newrelic.html | 7 +++++++ deploy-config/demo.yml | 2 ++ deploy-config/production.yml | 2 ++ deploy-config/sandbox.yml | 3 +++ deploy-config/staging.yml | 2 ++ manifest.yml | 6 ++++++ newrelic.ini | 2 +- sample.env | 5 +++++ 10 files changed, 36 insertions(+), 2 deletions(-) create mode 100644 app/templates/partials/newrelic.html diff --git a/app/config.py b/app/config.py index 3487c370c..3f4cd1964 100644 --- a/app/config.py +++ b/app/config.py @@ -28,6 +28,12 @@ class Config(object): BASIC_AUTH_USERNAME = getenv('BASIC_AUTH_USERNAME') BASIC_AUTH_PASSWORD = getenv('BASIC_AUTH_PASSWORD') + NR_ACCOUNT_ID = getenv('NR_ACCOUNT_ID') + NR_TRUST_KEY = getenv('NR_TRUST_KEY') + NR_AGENT_ID = getenv('NR_AGENT_ID') + NR_APP_ID = getenv('NR_APP_ID') + NR_BROWSER_KEY = getenv('NR_BROWSER_KEY') + TEMPLATE_PREVIEW_API_HOST = getenv('TEMPLATE_PREVIEW_API_HOST', 'http://localhost:9999') TEMPLATE_PREVIEW_API_KEY = getenv('TEMPLATE_PREVIEW_API_KEY', 'my-secret-key') diff --git a/app/templates/main_template.html b/app/templates/main_template.html index 970d146b4..6eb124ca4 100644 --- a/app/templates/main_template.html +++ b/app/templates/main_template.html @@ -7,9 +7,10 @@ - {% block pageTitle %}GOV.UK - The best place to find government services and information{% endblock %} + {% block pageTitle %}U.S. Notify{% endblock %} {# Hardcoded value of $govuk-black #} + {% include "partials/newrelic.html" -%} {# Ensure that older IE versions always render with the correct rendering engine #} diff --git a/app/templates/partials/newrelic.html b/app/templates/partials/newrelic.html new file mode 100644 index 000000000..8d671077c --- /dev/null +++ b/app/templates/partials/newrelic.html @@ -0,0 +1,7 @@ + diff --git a/deploy-config/demo.yml b/deploy-config/demo.yml index 2f82ea6e6..d8cd8e2b0 100644 --- a/deploy-config/demo.yml +++ b/deploy-config/demo.yml @@ -2,3 +2,5 @@ env: demo instances: 1 memory: 1G public_admin_route: notify-demo.app.cloud.gov +nr_agent_id: "1134302465" +nr_app_id: "1083160688" diff --git a/deploy-config/production.yml b/deploy-config/production.yml index add5bbef2..9b9249bfd 100644 --- a/deploy-config/production.yml +++ b/deploy-config/production.yml @@ -2,3 +2,5 @@ env: production instances: 2 memory: 1G public_admin_route: notify.app.cloud.gov +nr_agent_id: "" +nr_app_id: "" diff --git a/deploy-config/sandbox.yml b/deploy-config/sandbox.yml index d19f62493..0bd9ddd03 100644 --- a/deploy-config/sandbox.yml +++ b/deploy-config/sandbox.yml @@ -9,3 +9,6 @@ SECRET_KEY: sandbox-notify-secret-key BASIC_AUTH_USERNAME: sandbox BASIC_AUTH_PASSWORD: sandbox REDIS_ENABLED: 1 +nr_agent_id: "" +nr_app_id: "" +NR_BROWSER_KEY: "" diff --git a/deploy-config/staging.yml b/deploy-config/staging.yml index 9478a72a2..e16b81f4b 100644 --- a/deploy-config/staging.yml +++ b/deploy-config/staging.yml @@ -2,3 +2,5 @@ env: staging instances: 1 memory: 1G public_admin_route: notify-staging.app.cloud.gov +nr_agent_id: "1134291385" +nr_app_id: "1031640326" diff --git a/manifest.yml b/manifest.yml index 804ca9c59..ba416939a 100644 --- a/manifest.yml +++ b/manifest.yml @@ -26,6 +26,12 @@ applications: NEW_RELIC_CONFIG_FILE: newrelic.ini NEW_RELIC_ENVIRONMENT: ((env)) + NR_ACCOUNT_ID=3389907 + NR_TRUST_KEY=562946 + NR_AGENT_ID=((nr_agent_id)) + NR_APP_ID=((nr_app_id)) + NR_BROWSER_KEY=((NR_BROWSER_KEY)) + REDIS_ENABLED: ((REDIS_ENABLED)) ADMIN_BASE_URL: https://((public_admin_route)) API_HOST_NAME: https://notify-api-((env)).apps.internal:61443 diff --git a/newrelic.ini b/newrelic.ini index 63ee1ea2c..f3436dd73 100644 --- a/newrelic.ini +++ b/newrelic.ini @@ -177,7 +177,7 @@ error_collector.ignore_errors = # For those Python web frameworks that are supported, this # setting enables the auto-insertion of the browser monitoring # JavaScript fragments. -browser_monitoring.auto_instrument = true +browser_monitoring.auto_instrument = false # A thread profiling session can be scheduled via the UI when # this option is enabled. The thread profiler will periodically diff --git a/sample.env b/sample.env index 2f83e2c20..78956aa09 100644 --- a/sample.env +++ b/sample.env @@ -27,3 +27,8 @@ REDIS_URL=redis://localhost:6379/0 # New Relic NEW_RELIC_CONFIG_FILE=newrelic.ini NEW_RELIC_LICENSE_KEY="don't write secrets to the sample file" +NR_ACCOUNT_ID=3389907 +NR_TRUST_KEY=562946 +NR_AGENT_ID=1134289521 +NR_APP_ID=1013682065 +NR_BROWSER_KEY="don't write secrets to the sample file" From f42acc6fb4e2773b9051d24a76690e177386dcd6 Mon Sep 17 00:00:00 2001 From: Ryan Ahearn Date: Tue, 2 May 2023 16:05:09 -0400 Subject: [PATCH 2/3] Enable turning off browser monitoring when new relic is disabled --- app/config.py | 3 +++ app/templates/main_template.html | 5 ++++- newrelic.ini | 2 +- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/app/config.py b/app/config.py index 3f4cd1964..34da3b1a8 100644 --- a/app/config.py +++ b/app/config.py @@ -1,6 +1,7 @@ import json from os import getenv +import newrelic.agent import pytz from app.cloudfoundry_config import cloud_config @@ -33,6 +34,8 @@ class Config(object): NR_AGENT_ID = getenv('NR_AGENT_ID') NR_APP_ID = getenv('NR_APP_ID') NR_BROWSER_KEY = getenv('NR_BROWSER_KEY') + settings = newrelic.agent.global_settings() + NR_MONITOR_ON = settings and settings.monitor_mode TEMPLATE_PREVIEW_API_HOST = getenv('TEMPLATE_PREVIEW_API_HOST', 'http://localhost:9999') TEMPLATE_PREVIEW_API_KEY = getenv('TEMPLATE_PREVIEW_API_KEY', 'my-secret-key') diff --git a/app/templates/main_template.html b/app/templates/main_template.html index 6eb124ca4..c6f6fbbc6 100644 --- a/app/templates/main_template.html +++ b/app/templates/main_template.html @@ -10,7 +10,10 @@ {% block pageTitle %}U.S. Notify{% endblock %} {# Hardcoded value of $govuk-black #} - {% include "partials/newrelic.html" -%} + {% if config['NR_MONITOR_ON'] %} + {% include "partials/newrelic.html" -%} + {% endif %} + {# Ensure that older IE versions always render with the correct rendering engine #} diff --git a/newrelic.ini b/newrelic.ini index f3436dd73..8d8df6f36 100644 --- a/newrelic.ini +++ b/newrelic.ini @@ -45,7 +45,7 @@ distributed_tracing.enabled = true # application and reports this data to the New Relic UI at # newrelic.com. This global switch is normally overridden for # each environment below. -monitor_mode = true +monitor_mode = false # Sets the name of a file to log agent messages to. Useful for # debugging any issues with the agent. This is not set by From c2216d34496f75456eea0f1af6844d6a9d15decd Mon Sep 17 00:00:00 2001 From: Ryan Ahearn Date: Tue, 2 May 2023 16:08:04 -0400 Subject: [PATCH 3/3] Pass NR_BROWSER_KEY to deploy scripts --- .github/workflows/deploy-demo.yml | 2 ++ .github/workflows/deploy.yml | 2 ++ 2 files changed, 4 insertions(+) diff --git a/.github/workflows/deploy-demo.yml b/.github/workflows/deploy-demo.yml index 8fc3b8819..8dfe9905c 100644 --- a/.github/workflows/deploy-demo.yml +++ b/.github/workflows/deploy-demo.yml @@ -55,6 +55,7 @@ jobs: BASIC_AUTH_PASSWORD: ${{ secrets.BASIC_AUTH_PASSWORD }} REDIS_ENABLED: ${{ secrets.REDIS_ENABLED }} NEW_RELIC_LICENSE_KEY: ${{ secrets.NEW_RELIC_LICENSE_KEY }} + NR_BROWSER_KEY: ${{ secrets.NR_BROWSER_KEY }} with: cf_username: ${{ secrets.CLOUDGOV_USERNAME }} cf_password: ${{ secrets.CLOUDGOV_PASSWORD }} @@ -70,6 +71,7 @@ jobs: --var BASIC_AUTH_USERNAME="curiousabout" --var BASIC_AUTH_PASSWORD="$BASIC_AUTH_PASSWORD" --var NEW_RELIC_LICENSE_KEY="$NEW_RELIC_LICENSE_KEY" + --var NR_BROWSER_KEY="$NR_BROWSER_KEY" - name: Check for changes to egress config id: changed-egress-config diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 16f146bad..e496fd1ec 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -60,6 +60,7 @@ jobs: BASIC_AUTH_PASSWORD: ${{ secrets.BASIC_AUTH_PASSWORD }} REDIS_ENABLED: ${{ secrets.REDIS_ENABLED }} NEW_RELIC_LICENSE_KEY: ${{ secrets.NEW_RELIC_LICENSE_KEY }} + NR_BROWSER_KEY: ${{ secrets.NR_BROWSER_KEY }} with: cf_username: ${{ secrets.CLOUDGOV_USERNAME }} cf_password: ${{ secrets.CLOUDGOV_PASSWORD }} @@ -75,6 +76,7 @@ jobs: --var BASIC_AUTH_USERNAME="curiousabout" --var BASIC_AUTH_PASSWORD="$BASIC_AUTH_PASSWORD" --var NEW_RELIC_LICENSE_KEY="$NEW_RELIC_LICENSE_KEY" + --var NR_BROWSER_KEY="$NR_BROWSER_KEY" - name: Check for changes to egress config id: changed-egress-config