When a webhook fails, to determine the exact reason for failure, you have to change the compute engine log level to DEBUG and then run a new analysis and then download the logs and look for the webhook failure line. We see this happen often as we test and help customers work with webhooks, especially because of certificate errors.
1.) Maybe bubble up the webhook error to the webhook UI. At the very least log the webhook error at INFO level… it is an error after all, so seems like it should be higher than DEBUG level? This would at least make it so that the log level doesn’t need changed and an analysis rerun, and also avoid loss of information if a system restart knocks DEBUG back to INFO. Surfacing details at the webhook UI would be even better though.
2.) Provide more detail about certificate errors. Make it more clear why the certificate is failing. Not in trust store, host name miss-match, etc.?
3.) Provide a “Test Webhook” button to see if the target URL is good to receive data (maybe a server was down, network error, or something). This could be resending a previously failed payload, or sending a test or no data payload.
Could you help me understand what you expect to see bubbled up? I’m looking at some webhook failures on our dogfood server and I see the response code on the delivery: 400. After that, I’m not sure I need the rest of the response…?
Unreachable/Server Down
2020.07.10 18:48:44 DEBUG ce[abc123][o.s.s.w.WebHooksImpl] Failed to send webhook ‘Test-1’ | url=https://test1/callback | message=Connection refused (Connection refused)
Unknown Certificate
2020.07.10 18:48:44 DEBUG ce[abc123][o.s.s.w.WebHooksImpl] Failed to send webhook ‘Test-1’ | url= https://test1/callback | message=unable to find valid certification path to requested target
Invalid Certificate Signature
2020.07.10 19:34:23 DEBUG ce[abc123][o.s.s.w.WebHooksImpl] Failed to send webhook ‘Test-1’ | url= https://test1/callback | message=Signature does not match.
Feature request, in other words…
It’d be nice to see this line at the INFO level in the logs, rather than DEBUG, and better yet to see it from the UI where it shows if a webhook failed but does not provide system details.
Is there anyway we could get more information or maybe clarify generic wording? This is a more open ended question but what I’m getting at is maybe something like diagnostic suggestions to accompany specific errors like “… message=unable to find valid certification path to requested target, diagnostics=Verify that the certificate is trusted. For instance, from a certificate authority (CA) or the Java trust store”
A button to test the webhook would be very useful for setting up webhooks and working through webhook errors. This is a stretch, but maybe even a liveliness option for webhooks, like a heartbeat, that could be used to respond quicker to failed webhooks on both the SonarQube and target server side of things.