From b5de1cd9e72b63d7790fa2065e61b0a05550cf7c Mon Sep 17 00:00:00 2001
From: Christian Decker <decker.christian@gmail.com>
Date: Thu, 18 Jul 2024 11:27:01 +0200
Subject: [PATCH] signer: Pass policy rejections back to the scheduler

There was a `?` that would prematurely bubble the error up, past the
point we'd send a rejection notice to the scheduler. So handle those
errors with more care, and we can see when policies fail on the server
side, to adjust, tweak and right-size the policies, and act as a
regression test suite.
---
 libs/gl-client/src/signer/mod.rs | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/libs/gl-client/src/signer/mod.rs b/libs/gl-client/src/signer/mod.rs
index ef520f451..ab3810024 100644
--- a/libs/gl-client/src/signer/mod.rs
+++ b/libs/gl-client/src/signer/mod.rs
@@ -316,7 +316,7 @@ impl Signer {
         }
 
         // Currently we only use a 0 unique_id and a pubkey field to allow
-        // for delegation in the future but we could also set the public 
+        // for delegation in the future but we could also set the public
         // key as the unique_id in the future and add a method that allows
         // to create new empty runes.
         let unique_id = rune.get_id();
@@ -527,7 +527,7 @@ impl Signer {
         log::trace!("State updated");
 
         // Match over root and client handler.
-        let response = match req.context {
+        let response = match req.context.clone() {
             Some(HsmRequestContext { dbid: 0, .. }) | None => {
                 // This is the main daemon talking to us.
                 root_handler.handle(msg)
@@ -539,15 +539,24 @@ impl Signer {
                     .for_new_client(1 as u64, pk, c.dbid)
                     .handle(msg)
             }
+        };
+
+        if let Err(e) = response {
+            report::Reporter::report(crate::pb::scheduler::SignerRejection {
+                msg: format!("{:?}", e),
+                request: Some(req.clone()),
+                git_version: GITHASH.to_string(),
+            })
+            .await;
+            return Err(Error::Other(anyhow!("processing request: {e:?}")));
         }
-        .map_err(|e| Error::Other(anyhow!("processing request: {e:?}")))?;
 
+        let response = response.unwrap();
         let signer_state: Vec<crate::pb::SignerStateEntry> = {
             debug!("Serializing state changes to report to node");
             let state = self.state.lock().unwrap();
             state.clone().into()
         };
-
         Ok(HsmResponse {
             raw: response.0.as_vec(),
             request_id: req.request_id,