Handle exceptions when CMK is misconfigured (#3238)

* return 424 FailedDependency when a request fails due to an issue with CMK set up * create consts for sql error codes * Respond to PR comments * Respond to PR comments * use cmk error methods from shared components
microsoft · Dec 7, 2023 · 621abb4 · 621abb4
1 parent 4cce40d
commit 621abb4
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 0 deletions.
diff --git a/...rosoft.Health.Dicom.Api.UnitTests/Features/Exceptions/ExceptionHandlingMiddlewareTests.cs b/...rosoft.Health.Dicom.Api.UnitTests/Features/Exceptions/ExceptionHandlingMiddlewareTests.cs
@@ -60,6 +60,10 @@ public static IEnumerable<object[]> GetExceptionToStatusCodeMapping()
         yield return new object[] { new PayloadTooLargeException(1), HttpStatusCode.RequestEntityTooLarge };
         yield return new object[] { new DataStoreException(new Exception(), isExternal: true), HttpStatusCode.FailedDependency };
         yield return new object[] { new DataStoreRequestFailedException(new RequestFailedException(String.Empty), isExternal: true), HttpStatusCode.FailedDependency };
+        yield return new object[] { new RequestFailedException(403, "The key vault key is not found to unwrap the encryption key.", "KeyVaultEncryptionKeyNotFound", new Exception()), HttpStatusCode.FailedDependency };
+        yield return new object[] { new DataStoreException(new RequestFailedException(403, "The key vault key is not found to unwrap the encryption key.", "KeyVaultEncryptionKeyNotFound", new Exception())), HttpStatusCode.FailedDependency };
+        yield return new object[] { new DataStoreRequestFailedException(new RequestFailedException(403, "The key vault key is not found to unwrap the encryption key.", "KeyVaultEncryptionKeyNotFound", new Exception())), HttpStatusCode.FailedDependency };
+        yield return new object[] { new RequestFailedException(403, "The key vault key is not found to unwrap the encryption key.", "KeyVaultEncryptionKeyNotFound", new Exception()), HttpStatusCode.FailedDependency };
     }
 
     [Theory]

diff --git a/src/Microsoft.Health.Dicom.Api/Features/Exceptions/ExceptionHandlingMiddleware.cs b/src/Microsoft.Health.Dicom.Api/Features/Exceptions/ExceptionHandlingMiddleware.cs
@@ -9,14 +9,18 @@
 using System.Runtime.ExceptionServices;
 using System.Text.Json;
 using System.Threading.Tasks;
+using Azure;
 using EnsureThat;
 using Microsoft.AspNetCore.Connections;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
+using Microsoft.Data.SqlClient;
 using Microsoft.Extensions.Logging;
 using Microsoft.Health.Abstractions.Exceptions;
 using Microsoft.Health.Api.Features.Audit;
 using Microsoft.Health.Dicom.Core.Exceptions;
+using Microsoft.Health.Encryption.Customer.Extensions;
+using Microsoft.Health.SqlServer.Features.Storage;
 using NotSupportedException = Microsoft.Health.Dicom.Core.Exceptions.NotSupportedException;
 using ComponentModelValidationException = System.ComponentModel.DataAnnotations.ValidationException;
 using System.Linq;
@@ -93,6 +97,8 @@ private IActionResult MapExceptionToResult(Exception exception)
                 statusCode = HttpStatusCode.BadRequest;
                 break;
             case ConditionalExternalException ex when ex.IsExternal == true:
+            case ConditionalExternalException cee when IsCMKException(cee.InnerException):
+            case Exception e when IsCMKException(e):
                 statusCode = HttpStatusCode.FailedDependency;
                 break;
             case ResourceNotFoundException:
@@ -161,6 +167,13 @@ private static bool IsTaskCanceledException(Exception ex)
         return ex is TaskCanceledException || (ex is AggregateException aggEx && aggEx.InnerExceptions.Any(x => x is TaskCanceledException));
     }
 
+    private static bool IsCMKException(Exception ex)
+    {
+        return ex is SqlException sqlEx && sqlEx.IsCMKError() ||
+            ex is RequestFailedException rfEx && rfEx.IsCMKError() ||
+            (ex is AggregateException aggEx && aggEx.InnerExceptions.Any(x => x is SqlException sqlEx && sqlEx.IsCMKError() || x is RequestFailedException rfEx && rfEx.IsCMKError()));
+    }
+
     private static IActionResult GetContentResult(HttpStatusCode statusCode, string message)
     {
         return new ContentResult

diff --git a/src/Microsoft.Health.Dicom.Api/Microsoft.Health.Dicom.Api.csproj b/src/Microsoft.Health.Dicom.Api/Microsoft.Health.Dicom.Api.csproj
@@ -17,12 +17,14 @@
     <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" />
     <PackageReference Include="Microsoft.AspNetCore.Mvc.Versioning" />
     <PackageReference Include="Microsoft.AspNetCore.Mvc.Versioning.ApiExplorer" />
+    <PackageReference Include="Microsoft.Data.SqlClient" />
     <PackageReference Include="Microsoft.Health.Abstractions" />
     <PackageReference Include="Microsoft.Health.Api" />
     <PackageReference Include="Microsoft.Health.Core" />
     <PackageReference Include="Microsoft.Health.Encryption" />
     <PackageReference Include="Microsoft.Health.Extensions.DependencyInjection" />
     <PackageReference Include="Microsoft.Health.Operations" />
+    <PackageReference Include="Microsoft.Health.SqlServer" />
     <PackageReference Include="Microsoft.IdentityModel.Tokens" />
     <PackageReference Include="Microsoft.IO.RecyclableMemoryStream" />
     <PackageReference Include="Microsoft.OpenApi" />