Merge branch 'master' into rjo100/remove-monitor-status-backend

.github/workflows/backend.yml

@@ -462,6 +462,7 @@ jobs:
         backend-test,
         backend-migration-tests,
         cli,
+        files-changed,
         lint,
         requirements,
         migration,

.github/workflows/codeql.yml

@@ -49,7 +49,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@3e7e3b32d0fb8283594bb0a76cc60a00918b0969 # v2
+        uses: github/codeql-action/init@9a866ed4524fc3422c3af1e446dab8efa3503411 # v2.12.7
         with:
           config-file: ./.github/codeql/codeql-config.yml
           languages: ${{ matrix.language }}
@@ -61,7 +61,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@3e7e3b32d0fb8283594bb0a76cc60a00918b0969 # v2
+        uses: github/codeql-action/autobuild@9a866ed4524fc3422c3af1e446dab8efa3503411 # v2.12.7
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -75,6 +75,6 @@ jobs:
       #   make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@3e7e3b32d0fb8283594bb0a76cc60a00918b0969 # v2
+        uses: github/codeql-action/analyze@9a866ed4524fc3422c3af1e446dab8efa3503411 # v2.12.7
         with:
           category: '/language:${{matrix.language}}'

.github/workflows/enforce-license-compliance.yml

@@ -9,6 +9,6 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: 'Enforce License Compliance'
-        uses: getsentry/action-enforce-license-compliance@693b4f5a92ea8629db875f0226b05e8af43c95ae  # main
+        uses: getsentry/action-enforce-license-compliance@6599a041195852debba3417e069829060d671e76  # main
         with:
           fossa_api_key: ${{ secrets.FOSSA_API_KEY }}

.github/workflows/frontend.yml

@@ -208,7 +208,7 @@ jobs:
   # It symbolizes that all required Frontend checks have succesfully passed (Or skipped)
   # This check is the only required Github check
   frontend-required-check:
-    needs: [typescript-and-lint, frontend-jest-tests]
+    needs: [files-changed, frontend-jest-tests, typescript-and-lint]
     name: Frontend
     # This is necessary since a failed/skipped dependent job would cause this job to be skipped
     if: always()

fixtures/js-stubs/eventEntryExceptionGroup.tsx

@@ -0,0 +1,112 @@
+export function EventEntryExceptionGroup() {
+  return {
+    type: 'exception',
+    data: {
+      values: [
+        {
+          type: 'ValueError',
+          value: 'test',
+          mechanism: {
+            exception_id: 4,
+            is_exception_group: false,
+            parent_id: 3,
+            source: 'exceptions[2]',
+          },
+          stacktrace: {
+            frames: [
+              {
+                function: 'func4',
+                module: 'helpers',
+                filename: 'file4.py',
+                absPath: 'file4.py',
+                lineNo: 50,
+                colNo: null,
+                context: [[50, 'raise ValueError("test")']],
+                inApp: true,
+                data: {},
+              },
+            ],
+          },
+          rawStacktrace: null,
+        },
+        {
+          type: 'ExceptionGroup 2',
+          value: 'child',
+          mechanism: {
+            exception_id: 3,
+            is_exception_group: true,
+            parent_id: 1,
+            source: 'exceptions[1]',
+          },
+          stacktrace: {
+            frames: [
+              {
+                function: 'func3',
+                module: 'helpers',
+                filename: 'file3.py',
+                absPath: 'file3.py',
+                lineNo: 50,
+                colNo: null,
+                context: [],
+                inApp: true,
+                data: {},
+              },
+            ],
+          },
+          rawStacktrace: null,
+        },
+        {
+          type: 'TypeError',
+          value: 'nested',
+          mechanism: {
+            exception_id: 2,
+            is_exception_group: false,
+            parent_id: 1,
+            source: 'exceptions[0]',
+          },
+          stacktrace: {
+            frames: [
+              {
+                function: 'func2',
+                module: 'helpers',
+                filename: 'file2.py',
+                absPath: 'file2.py',
+                lineNo: 50,
+                colNo: null,
+                context: [[50, 'raise TypeError("int")']],
+                inApp: true,
+                data: {},
+              },
+            ],
+          },
+          rawStacktrace: null,
+        },
+        {
+          type: 'ExceptionGroup 1',
+          value: 'parent',
+          mechanism: {
+            exception_id: 1,
+            is_exception_group: true,
+            source: '__context__',
+          },
+          stacktrace: {
+            frames: [
+              {
+                function: 'func1',
+                module: 'helpers',
+                filename: 'file1.py',
+                absPath: 'file1.py',
+                lineNo: 50,
+                colNo: null,
+                context: [[50, 'raise ExceptionGroup("parent")']],
+                inApp: true,
+                data: {},
+              },
+            ],
+          },
+          rawStacktrace: null,
+        },
+      ],
+    },
+  };
+}

fixtures/js-stubs/types.tsx

@@ -1,3 +1,4 @@
+import {EntryException} from 'sentry/types';
 import type {ReplayListRecord, ReplayRecord} from 'sentry/views/replays/types';
 
 type SimpleStub<T = any> = () => T;
@@ -43,6 +44,7 @@ type TestStubFixtures = {
   EventAttachment: OverridableStub;
   EventEntry: OverridableStub;
   EventEntryDebugMeta: OverridableStub;
+  EventEntryExceptionGroup: SimpleStub<EntryException>;
   EventEntryStacktrace: OverridableStub;
   EventIdQueryResult: OverridableStub;
   EventStacktraceException: OverridableStub;

migrations_lockfile.txt

@@ -6,5 +6,5 @@ To resolve this, rebase against latest master and regenerate your migration. Thi
 will then be regenerated, and you should be able to merge without conflicts.
 
 nodestore: 0002_nodestore_no_dictfield
-sentry: 0427_add_org_member_id_to_organizationmembermapping_table
+sentry: 0428_backfill_denormalize_notification_actor
 social_auth: 0001_initial

mypy.ini

@@ -109,6 +109,7 @@ files = fixtures/mypy-stubs,
         src/sentry/replays/consumers/,
         src/sentry/replays/usecases/,
         src/sentry/replays/endpoints/organization_replay_count.py,
+        src/sentry/replays/endpoints/organization_replay_details.py,
         src/sentry/replays/post_process.py,
         src/sentry/roles/manager.py,
         src/sentry/rules/,

src/sentry/analytics/events/__init__.py

@@ -24,6 +24,7 @@
 from .integration_serverless_setup import *  # noqa: F401,F403
 from .internal_integration_created import *  # noqa: F401,F403
 from .issue_alert_fired import *  # noqa: F401,F403
+from .issue_archived import *  # noqa: F401,F403
 from .issue_assigned import *  # noqa: F401,F403
 from .issue_deleted import *  # noqa: F401,F403
 from .issue_ignored import *  # noqa: F401,F403

src/sentry/analytics/events/issue_archived.py

@@ -0,0 +1,16 @@
+from sentry import analytics
+
+
+class IssueArchivedEvent(analytics.Event):
+    type = "issue.archived"
+
+    attributes = (
+        analytics.Attribute("user_id", type=int, required=False),
+        analytics.Attribute("default_user_id", type=int),
+        analytics.Attribute("organization_id", type=int),
+        analytics.Attribute("group_id"),
+        analytics.Attribute("until_escalating", type=bool, required=False),
+    )
+
+
+analytics.register(IssueArchivedEvent)

src/sentry/api/bases/sentryapps.py

@@ -13,9 +13,12 @@
 from sentry.auth.superuser import is_active_superuser
 from sentry.coreapi import APIError
 from sentry.middleware.stats import add_request_metric_tags
-from sentry.models import Organization, SentryApp, SentryAppInstallation
+from sentry.models import Organization, SentryAppInstallation
+from sentry.models.integrations.sentry_app import SentryApp
 from sentry.models.organization import OrganizationStatus
+from sentry.services.hybrid_cloud.app import app_service
 from sentry.services.hybrid_cloud.organization import organization_service
+from sentry.silo.base import SiloMode
 from sentry.utils.sdk import configure_scope
 from sentry.utils.strings import to_single_line_str
 
@@ -186,9 +189,17 @@ def has_object_permission(self, request: Request, view, sentry_app):
         if is_active_superuser(request):
             return True
 
+        org_ids = [
+            org.id
+            for org in organization_service.get_organizations(
+                user_id=request.user.id,
+                only_visible=False,
+                scope=None,
+            )
+        ]
         # if app is unpublished, user must be in the Org who owns the app.
         if not sentry_app.is_published:
-            if sentry_app.owner_id not in {o.id for o in request.user.get_orgs()}:
+            if sentry_app.owner_id not in {id for id in org_ids}:
                 raise Http404
 
         # TODO(meredith): make a better way to allow for public
@@ -212,10 +223,15 @@ class SentryAppBaseEndpoint(IntegrationPlatformEndpoint):
     permission_classes = (SentryAppPermission,)
 
     def convert_args(self, request: Request, sentry_app_slug, *args, **kwargs):
-        try:
-            sentry_app = SentryApp.objects.get(slug=sentry_app_slug)
-        except SentryApp.DoesNotExist:
-            raise Http404
+        if SiloMode.get_current_mode() in [SiloMode.MONOLITH, SiloMode.CONTROL]:
+            try:
+                sentry_app = SentryApp.objects.get(slug=sentry_app_slug)
+            except SentryApp.DoesNotExist:
+                raise Http404
+        else:
+            sentry_app = app_service.get_sentry_app_by_slug(slug=sentry_app_slug)
+            if sentry_app is None:
+                raise Http404
 
         self.check_object_permissions(request, sentry_app)
 
@@ -241,7 +257,16 @@ def has_object_permission(self, request: Request, view, organization):
         if is_active_superuser(request):
             return True
 
-        if organization not in request.user.get_orgs():
+        # TODO(hybrid-cloud): replace this with a local silo lookup once org member work is done
+        org_ids = [
+            org.id
+            for org in organization_service.get_organizations(
+                user_id=request.user.id,
+                only_visible=False,
+                scope=None,
+            )
+        ]
+        if organization.id not in org_ids:
             raise Http404
 
         return ensure_scoped_permission(request, self.scope_map.get(request.method))
@@ -252,13 +277,13 @@ class SentryAppInstallationsBaseEndpoint(IntegrationPlatformEndpoint):
 
     def convert_args(self, request: Request, organization_slug, *args, **kwargs):
         if is_active_superuser(request):
-            organizations = Organization.objects.all()
+            organization = organization_service.get_org_by_slug(slug=organization_slug)
         else:
-            organizations = request.user.get_orgs()
+            organization = organization_service.get_org_by_slug(
+                slug=organization_slug, user_id=request.user.id
+            )
 
-        try:
-            organization = organizations.get(slug=organization_slug)
-        except Organization.DoesNotExist:
+        if organization is None:
             raise Http404
         self.check_object_permissions(request, organization)
 

src/sentry/api/endpoints/api_application_details.py

@@ -38,7 +38,7 @@ class ApiApplicationDetailsEndpoint(Endpoint):
     def get(self, request: Request, app_id) -> Response:
         try:
             instance = ApiApplication.objects.get(
-                owner=request.user, client_id=app_id, status=ApiApplicationStatus.active
+                owner_id=request.user.id, client_id=app_id, status=ApiApplicationStatus.active
             )
         except ApiApplication.DoesNotExist:
             raise ResourceDoesNotExist
@@ -48,7 +48,7 @@ def get(self, request: Request, app_id) -> Response:
     def put(self, request: Request, app_id) -> Response:
         try:
             instance = ApiApplication.objects.get(
-                owner=request.user, client_id=app_id, status=ApiApplicationStatus.active
+                owner_id=request.user.id, client_id=app_id, status=ApiApplicationStatus.active
             )
         except ApiApplication.DoesNotExist:
             raise ResourceDoesNotExist
@@ -78,7 +78,7 @@ def put(self, request: Request, app_id) -> Response:
     def delete(self, request: Request, app_id) -> Response:
         try:
             instance = ApiApplication.objects.get(
-                owner=request.user, client_id=app_id, status=ApiApplicationStatus.active
+                owner_id=request.user.id, client_id=app_id, status=ApiApplicationStatus.active
             )
         except ApiApplication.DoesNotExist:
             raise ResourceDoesNotExist

src/sentry/api/endpoints/auth_index.py

@@ -70,7 +70,6 @@ def _verify_user_via_inputs(validator, request):
         # See if we have a u2f challenge/response
         if "challenge" in validator.validated_data and "response" in validator.validated_data:
             try:
-                metrics.incr("2fa.login_attempt", sample_rate=1.0, skip_internal=False)
                 interface = Authenticator.objects.get_interface(request.user, "u2f")
                 if not interface.is_enrolled():
                     raise LookupError()
@@ -82,6 +81,8 @@ def _verify_user_via_inputs(validator, request):
                         "u2f_authentication.verification_failed",
                         extra={"user": request.user.id},
                     )
+                else:
+                    metrics.incr("auth.2fa.success", sample_rate=1.0, skip_internal=False)
                 return authenticated
             except ValueError as err:
                 logger.warning(
@@ -95,10 +96,11 @@ def _verify_user_via_inputs(validator, request):
                 )
         # attempt password authentication
         elif "password" in validator.validated_data:
-            metrics.incr("password.login_attempt", sample_rate=1.0, skip_internal=False)
             authenticated = promote_request_rpc_user(request).check_password(
                 validator.validated_data["password"]
             )
+            if authenticated:
+                metrics.incr("auth.password.success", sample_rate=1.0, skip_internal=False)
             return authenticated
         return False
 

src/sentry/api/endpoints/broadcast_index.py

@@ -129,13 +129,13 @@ def put(self, request: Request):
                 unseen_queryset = queryset
             else:
                 unseen_queryset = queryset.exclude(
-                    id__in=queryset.filter(broadcastseen__user=request.user).values("id")
+                    id__in=queryset.filter(broadcastseen__user_id=request.user.id).values("id")
                 )
 
             for broadcast in unseen_queryset:
                 try:
                     with transaction.atomic():
-                        BroadcastSeen.objects.create(broadcast=broadcast, user=request.user)
+                        BroadcastSeen.objects.create(broadcast=broadcast, user_id=request.user.id)
                 except IntegrityError:
                     pass
 
@@ -172,7 +172,7 @@ def post(self, request: Request) -> Response:
         if result.get("hasSeen"):
             try:
                 with transaction.atomic():
-                    BroadcastSeen.objects.create(broadcast=broadcast, user=request.user)
+                    BroadcastSeen.objects.create(broadcast=broadcast, user_id=request.user.id)
             except IntegrityError:
                 pass