[Zero Silent Failures SPIKE] VA.gov home page "GovDelivery"

[FranECross]

Description

The following feature needs to be evaluated to determine if it meets the standards for 'zero silent failures': VA.gov Homepage > email to GovDelivery, which is a user-facing transaction that is submitted to the back-end system. If we identify any missing monitoring, etc. from evaluating the checklist, we will file tickets to update implementation.

OCTODE guidance states:

• Does your application have a user-facing transaction that is submitted to a back-end system?
  • NOTE: This is not limited to online forms! Other examples can include:
  • Uploads of documents and/or attachments
  • Performing an action (Such as refilling a prescription or ordering supplies)
• Are you using any of the listed APIs?
  • Lighthouse Appeals Status
  • Lighthouse Benefits Documents API
  • Lighthouse Benefits Intake API / Central Mail
  • Lighthouse Decision Reviews
  • EVSS Document Upload
• Does your application submit to an API that relies on Sidekiq (or another background job processor)?

Problem Statement:

• See Canvas in Slack

Artifacts

• Audit ticket
• Guidance document
• Sitewide Silent failures assessment
• Sitewide Silent Failure Assessment pre-screen

User story

AS A I WANT SO THAT

Engineering notes / background

If you need to set up monitoring in DataDog:

Set up monitoring in Datadog

Follow this guidance on endpoint monitoring to get going. Then following the guidance on monitoring performance to get up to speed with Datadog.

Examples

• Benefits Intake API Form Submission Tracking
• Banana Peels (Lighthouse Appeals/Forms/Benefits Intake APIs)
• Benefits Sidekiq Death Queue view - shows recently exhausted Sidekiq jobs.

Additional examples

Analytics considerations

Quality / testing notes

Acceptance criteria

Checklist

Start

• [x] Do you know when your application shipped to production?
  • June 2023. PR below was merged in December 2022, but it was added to the new homepage design working template, which was not cut over to production until June 2023.
  • Ticket: https://github.com/department-of-veterans-affairs/va.gov-cms/issues/11389
  • Pull request: https://github.com/department-of-veterans-affairs/content-build/pull/1386
• [x] Did your application use the same APIs when it shipped as it does today? Yes

Monitoring

• [x] Do you monitor the API that you submit to via Datadog? No
  • Ticket: https://github.com/department-of-veterans-affairs/va.gov-cms/issues/19312
• [x] Does your Datadog monitoring use the appropriate tagging? N/A
  • AC has been added to https://github.com/department-of-veterans-affairs/va.gov-cms/issues/19312 to capture recommended tagging
• [x] Do errors detected by Datadog go into a Slack notifications channel? N/A
  • Datadog monitoring for this interaction does not currently exist. ACs in https://github.com/department-of-veterans-affairs/va.gov-cms/issues/19312 include making sure any new monitors direct to the #public-websites-monitoring channel
• [x] Does more than one person look at the Slack notifications channel containing errors on a daily basis? Yes
• [x] Do the team members monitoring the Slack channel have a system for acknowledging and responding to the errors that appear there? Yes, monitoring rotation is set up and we have a Slack canvas detailing how to respond to errors

⚠️ Failure to have endpoint monitoring in place is a blocking QA standard at Staging review as of 9/10/24. If you answered no to any of the questions above, you will be blocked from shipping at the Staging review touchpoint in Collab Cycle.

Reporting errors

• [x] Have you filed issues for errors that are appearing in Datadog / Slack? N/A
  • Datadog monitoring does not currently exist, but will after we complete this ticket: https://github.com/department-of-veterans-affairs/va.gov-cms/issues/19312
• [x] Do all fatal errors thrown in your application end up visible to the end user either in the user interface or via email? No
  • Some UX input is needed to determine the proper error state of the email address form
  • Ticket created for UX to decide how to display errors to user: https://github.com/department-of-veterans-affairs/va.gov-cms/issues/19314

Documentation

• [x] Do you have a diagram of the submission path that user data your application accepts takes to reach a system of record? Yes
  • Mural created on 9/24/2024: https://app.mural.co/t/departmentofveteransaffairs9999/m/departmentofveteransaffairs9999/1727206992082/616a153da68cc4ed22bf47ea8dd0f9d070e68487?sender=u4859598b6fe2a44cd3c44235
• [x] Do you understand how the error is handled when each system in the submission path fails, is down for maintenance, or is completely down? Not completely
  • Based on the GovDelivery (owned by Granicus) documentation for hitting their APIs, there are some very basic error codes that apply to all APIs. For our purposes, the ones that are important are the server error codes (5xx HTTP responses) and 404s resulting from the GovDelivery URL changing or our engineers inadvertently changing it.
• [ ] Has the owner of the system of record receiving the user's data indicated in writing that their system notifies or resolves 100% of fatal errors once in their custody?
  • If not, notify @jilladams , @FranECross , @mmiddaugh to work with OCTO to meet with the owner of the system and get their agreement in writing.
  • Please document the outcome of this conversation in your product's documentation in Github.

User experience

• [x] Do you capture all of the potential points of failure and make those errors known to the user via email notification and/or through the application on VA.gov or the mobile application? No

  • Ticket is created to review the experience from a UX perspective and create an error state for the form: https://github.com/department-of-veterans-affairs/va.gov-cms/issues/19314

• [x] Create a user data flow diagram

  • [x] Create a ticket to create a user flow based on the requirement noted below:
    • Creating a user data flow diagram is a requirement of the Zero silent errors initiative and will be a required asset at the Architecture Intent touchpoint of the Engineering and Security track of Collaboration Cycle.
    • Mural user data flow diagram: https://app.mural.co/t/departmentofveteransaffairs9999/m/departmentofveteransaffairs9999/1727206992082/616a153da68cc4ed22bf47ea8dd0f9d070e68487?sender=u4859598b6fe2a44cd3c44235

Learn how to create a user data flow diagram

File silent errors issues in Github

• [ ] Create a ticket to file silent error issues in Github We want to know about your silent errors so that we can help you to fix them. To do this, follow the process in the Managing Errors document.

We don't have any silent errors!

Great! Please let us know that you went through the checklist above as a team and did not find any silent failures in our Slack channel: #zero-silent-failures. You don't have to hang out in there once you have notified us. Just pop in, tell us who you are (which team and in which portfolio) and that no failures were found. Thanks!

[randimays]

@FranECross I've updated the checklist in the ticket description with some information regarding this feature and my recommendations on where we should go from here.

There is one item in the ticket description that I wasn't sure what to do with:

Has the owner of the system of record receiving the user's data indicated in writing that their system notifies or resolves 100% of fatal errors once in their custody?

I am pretty sure the answer to this is "No," but I'm not sure how to verify. We have plenty of other products across the org that use GovDelivery in more complex ways, but I couldn't find any documentation anywhere that outlines GovDelivery error handling for our specific use case.

Otherwise, I've gathered all the info below for easier readability and clarity on probable next steps.

Email signup on the homepage

Form setup

The code for the email sign up form at the bottom of the home page lives in content build in email-update-signup.drupal.liquid as a raw HTML form. The <form> element uses a POST HTTP request to submit several values to GovDelivery at this URL:

https://public.govdelivery.com/accounts/USVACHOOSE/subscribers/qualify

The data we send via this POST request is:

• utf8: (a checkmark icon - common Ruby on Rails convention for forms, not significant here)
• category_id: USVACHOOSE_C1
• email: [email address entered by the user]

Screenshots

Error handling

The email address form field does not validate user input and can be submitted even if the field is blank. In that case, the user is redirected to the GovDelivery URL with an error at the top of that page that says “Can’t save subscriber because of the following 2 errors.” The user can then enter their email address and proceed with signup successfully.

Once the GovDelivery page is reached, there is some validation on the email that is passed through, but we don't have any handling on our side to prevent the submission.

If the utf8 and category_id values are missing from the POST request but the email address is filled out, the form still successfully redirects to the GovDelivery URL as though those values are present.

In short, it's hard for the client side (front end) to create a bad request to send to GovDelivery without malicious interference or some strange network / routing issue.

What happens if the GovDelivery URL gets changed?

If an engineer inadvertently changes the GovDelivery URL the form is pointing to, or if the GovDelivery page itself moves or is otherwise taken down, the user will still be taken to that broken page when the form is submitted from VA.gov.

Scenarios I tested in production

All of these assume the GovDelivery page / services are working as expected on their own.

The only scenarios that can actually be affected by the user are scenarios 1 and 4. The other two scenarios would result from a data transmission error via the POST request or some other kind of client-side error.

1. Email address, utf8 and category_id values are all sent

• GovDelivery page loads with no errors and email prefilled
• User can finish the form and is successfully subscribed

2. Only email address is sent; no utf8 or category_id

• GovDelivery page loads with no errors and email prefilled
• User can finish the form and is successfully subscribed

3. No email address is sent (field is blank), no utf8 or category_id

• GovDelivery page loads with an error at the top of the page that says “Can’t save subscriber because of the following 2 errors”
• User can fill out the form normally and is successfully subscribed

4. No email address is sent (field is blank), but utf8 or category_id are included

• GovDelivery page loads with an error at the top of the page that says “Can’t save subscriber because of the following 2 errors”
• User can fill out the form normally and is successfully subscribed

Next steps

I created two tickets to start with:

1. Create monitoring and add a synthetic in Datadog for this flow: https://github.com/department-of-veterans-affairs/va.gov-cms/issues/19312 (front end work)
2. Create an error state UX for this flow: https://github.com/department-of-veterans-affairs/va.gov-cms/issues/19314 (UX work)

The error handling code implementation is going to depend on how we want to handle the errors from a visual perspective. We should definitely move the email signup form out of content-build and into vets-website as a React widget. This will give us more flexibility making use of field validation and error handling while allowing us to dynamically add or remove elements in error states.

We will need a ticket for any code changes to this form once we agree as a team how to handle the errors both in concept and UX.

@jilladams @dsasser @chriskim2311: feel free to weigh in here about thoughts re: next steps.

@FranECross I'll assign this ticket to you as I think I'm finished with it for the purposes of the audit; please let me know if I missed anything.

[FranECross]

@randimays Thanks so much! I'll see if I can track down who might be able to provide either documentation or direction regarding GovDelivery error handling for our specific use case. Thanks for all your hard work on this. I'll review and take next steps.

[jilladams]

@randimays could you move your Mural flow into the Homepage room here: https://app.mural.co/t/departmentofveteransaffairs9999/r/1568899091707?folderUuid=e23f6282-0491-4c5e-89e2-cb756dfa5f27

[randimays]

@jilladams done. Thanks!

[randimays]

@FranECross Just doing an end-of-sprint check: is there any action I need to take on this ticket?

[FranECross]

@randimays No other actions for you on this ticket. Okay to close.

[randimays]

Closing per Fran's comment above.