-
-
Notifications
You must be signed in to change notification settings - Fork 4.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(auth): Adding scoping_organization_id to replica #81213
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅ ✅ All tests successful. No failed tests found. Additional details and impacted files@@ Coverage Diff @@
## master #81213 +/- ##
==========================================
+ Coverage 80.34% 80.35% +0.01%
==========================================
Files 7215 7219 +4
Lines 319407 319544 +137
Branches 20775 20775
==========================================
+ Hits 256616 256758 +142
+ Misses 62397 62392 -5
Partials 394 394 |
🚨 Warning: This pull request contains Frontend and Backend changes! It's discouraged to make changes to Sentry's Frontend and Backend in a single pull request. The Frontend and Backend are not atomically deployed. If the changes are interdependent of each other, they must be separated into two pull requests and be made forward or backwards compatible, such that the Backend or Frontend can be safely deployed independently. Have questions? Please ask in the |
This PR has a migration; here is the generated SQL for --
-- Add field scoping_organization_id to apitokenreplica
--
ALTER TABLE "hybridcloud_apitokenreplica" ADD COLUMN "scoping_organization_id" bigint NULL;
CREATE INDEX CONCURRENTLY "hybridcloud_apitokenreplica_scoping_organization_id_a73a089b" ON "hybridcloud_apitokenreplica" ("scoping_organization_id"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Migration lgtm.
I'd recommend for https://github.com/getsentry/getsentry/pull/15812 to merge before you merge this. We've been having issues with migrations timing out during deploys
@@ -85,6 +85,7 @@ def serialize_api_token(at: ApiToken) -> RpcApiToken: | |||
user_id=at.user_id, | |||
application_id=at.application_id, | |||
organization_id=at.organization_id, | |||
scoping_organization_id=at.scoping_organization_id, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In addition to this change, you'll also need to update:
RpcApiToken
to addscoping_organization_id
with a default of NoneDatabaseBackedRegionReplicaService.upsert_replicated_api_token
to persist this attribute into the replica.
4c748c7
to
7a791c3
Compare
Adding scoping_organization_id to both ApiTokenReplica and SystemToken. The reason is that we want to limit auth tokens that are scoped to a specific organizations to any other organization.
Context on why we need this is here: #81193