Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(auth): Adding scoping_organization_id to replica #81213

Merged
merged 4 commits into from
Nov 25, 2024

Conversation

sentaur-athena
Copy link
Member

@sentaur-athena sentaur-athena commented Nov 22, 2024

Adding scoping_organization_id to both ApiTokenReplica and SystemToken. The reason is that we want to limit auth tokens that are scoped to a specific organizations to any other organization.
Context on why we need this is here: #81193

@sentaur-athena sentaur-athena requested review from a team as code owners November 22, 2024 21:16
@sentaur-athena sentaur-athena marked this pull request as draft November 22, 2024 21:16
@github-actions github-actions bot added the Scope: Backend Automatically applied to PRs that change backend components label Nov 22, 2024
Copy link

codecov bot commented Nov 22, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

✅ All tests successful. No failed tests found.

Additional details and impacted files
@@            Coverage Diff             @@
##           master   #81213      +/-   ##
==========================================
+ Coverage   80.34%   80.35%   +0.01%     
==========================================
  Files        7215     7219       +4     
  Lines      319407   319544     +137     
  Branches    20775    20775              
==========================================
+ Hits       256616   256758     +142     
+ Misses      62397    62392       -5     
  Partials      394      394              

@github-actions github-actions bot added the Scope: Frontend Automatically applied to PRs that change frontend components label Nov 22, 2024
Copy link
Contributor

🚨 Warning: This pull request contains Frontend and Backend changes!

It's discouraged to make changes to Sentry's Frontend and Backend in a single pull request. The Frontend and Backend are not atomically deployed. If the changes are interdependent of each other, they must be separated into two pull requests and be made forward or backwards compatible, such that the Backend or Frontend can be safely deployed independently.

Have questions? Please ask in the #discuss-dev-infra channel.

Copy link
Contributor

This PR has a migration; here is the generated SQL for src/sentry/hybridcloud/migrations/0017_add_scoping_organization_apitokenreplica.py ()

--
-- Add field scoping_organization_id to apitokenreplica
--
ALTER TABLE "hybridcloud_apitokenreplica" ADD COLUMN "scoping_organization_id" bigint NULL;
CREATE INDEX CONCURRENTLY "hybridcloud_apitokenreplica_scoping_organization_id_a73a089b" ON "hybridcloud_apitokenreplica" ("scoping_organization_id");

Copy link
Member

@wedamija wedamija left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Migration lgtm.

I'd recommend for https://github.com/getsentry/getsentry/pull/15812 to merge before you merge this. We've been having issues with migrations timing out during deploys

@@ -85,6 +85,7 @@ def serialize_api_token(at: ApiToken) -> RpcApiToken:
user_id=at.user_id,
application_id=at.application_id,
organization_id=at.organization_id,
scoping_organization_id=at.scoping_organization_id,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In addition to this change, you'll also need to update:

  • RpcApiToken to add scoping_organization_id with a default of None
  • DatabaseBackedRegionReplicaService.upsert_replicated_api_token to persist this attribute into the replica.

@sentaur-athena sentaur-athena requested a review from a team as a code owner November 25, 2024 20:45
@sentaur-athena sentaur-athena merged commit 89d4135 into master Nov 25, 2024
51 checks passed
@sentaur-athena sentaur-athena deleted the athena/add-scoping-org-to-all branch November 25, 2024 21:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Scope: Backend Automatically applied to PRs that change backend components Scope: Frontend Automatically applied to PRs that change frontend components
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants