-
-
Notifications
You must be signed in to change notification settings - Fork 4.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ref(token): Update create user token page to use dropdowns #54651
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
github-actions
bot
added
the
Scope: Frontend
Automatically applied to PRs that change frontend components
label
Aug 11, 2023
schew2381
changed the title
Ref(api): Update create user token page to use dropdowns
Ref(tokens): Update create user token page to use dropdowns
Aug 11, 2023
schew2381
changed the title
Ref(tokens): Update create user token page to use dropdowns
Ref(token): Update create user token page to use dropdowns
Aug 11, 2023
schew2381
changed the title
Ref(token): Update create user token page to use dropdowns
ref(token): Update create user token page to use dropdowns
Aug 11, 2023
schew2381
force-pushed
the
seiji/ref/update-user-token-creation-page
branch
from
September 18, 2023 19:02
d681355
to
a10d361
Compare
schew2381
force-pushed
the
seiji/ref/update-user-token-creation-page
branch
from
September 19, 2023 20:04
a10d361
to
2c428b1
Compare
github-actions
bot
added
the
Scope: Backend
Automatically applied to PRs that change backend components
label
Sep 19, 2023
schew2381
removed
the
Scope: Backend
Automatically applied to PRs that change backend components
label
Sep 19, 2023
schew2381
commented
Sep 19, 2023
cathteng
reviewed
Sep 19, 2023
github-actions
bot
added
the
Scope: Backend
Automatically applied to PRs that change backend components
label
Sep 20, 2023
schew2381
force-pushed
the
seiji/ref/update-user-token-creation-page
branch
from
September 20, 2023 18:18
8a66fb7
to
872675f
Compare
schew2381
added
Scope: Frontend
Automatically applied to PRs that change frontend components
and removed
Scope: Frontend
Automatically applied to PRs that change frontend components
Scope: Backend
Automatically applied to PRs that change backend components
labels
Sep 20, 2023
schew2381
added a commit
that referenced
this pull request
Sep 20, 2023
This test must be deleted so #54651 can pass. It's not possible to click the Create Button anymore after switching to dropdowns. Also, this is only testing that an API is called, so it's not very useful.
cathteng
approved these changes
Sep 20, 2023
michellewzhang
pushed a commit
that referenced
this pull request
Sep 21, 2023
This test must be deleted so #54651 can pass. It's not possible to click the Create Button anymore after switching to dropdowns. Also, this is only testing that an API is called, so it's not very useful.
michellewzhang
pushed a commit
that referenced
this pull request
Sep 21, 2023
Requires #56537 ### Summary Refactor the create user token page to use existing dropdowns (like [org/integration tokens page](https://santry.sentry.io/settings/developer-settings/new-internal/)). This enforces hierarchy automatically when creating user tokens through the UI. ### Scopes Originally you could select scopes granularly, so you could check `project:admin` but not `project:read`. The dropdowns will include all weaker scopes for the same resource you're selecting. Ideally we would call each option in the dropdown: ```mdx Ideal Current - read - read - write vs. - read + write - admin - admin Note: Admin implies access to everything so includes read + write + any other special scope for that resource e.g. project:releases/org:integrations ``` and explain the hierarchy in the header description with a link to our scope docs. However we still need to overhaul our scope docs so this change will have to come after the docs are complete. ### Before <img width="1267" alt="Screenshot 2023-08-11 at 3 15 13 PM" src="https://github.com/getsentry/sentry/assets/67301797/9e590eff-f839-4678-ab55-ac41610fdc8a"> ### After https://github.com/getsentry/sentry/assets/67301797/f0c1c730-ad51-4977-8b0c-0b026cf3d8b4
schew2381
added a commit
to getsentry/sentry-docs
that referenced
this pull request
Sep 21, 2023
…ns (#7918) ### Background As part of the change to [Introduce Scope Hierarchy](https://www.notion.so/sentry/24Q3-Permission-Scope-Hierarchy-67620f99783345bbb8bc2828b1addc64), I edited the page where you create user auth tokens to use the same dropdowns as internal integrations in getsentry/sentry#54651. You can test this for yourself [here](https://sentry.io/settings/account/api/auth-tokens/new-token/). ### Changes 1. Clarify that user auth tokens are not editable after they are created. In order to change the scopes on them, you must create a new token. 2. Replace old picture of the create user auth page from box selectors to the new dropdowns 3. I moved user auth tokens to below integration tokens to hopefully have people favor integration > user tokens. In the future, we will probably look into eventually deprecating user auth tokens in favor of the other 2 tokens. 4. For the internal integration, I changed the wording from `See our docs on Internal Integrations to learn more.` to `To get started, see our docs on Internal Integrations` because it wasn't immediately clear to me which link in that section leads to the steps to create the integration.
schew2381
added a commit
that referenced
this pull request
Sep 26, 2023
### Note - User Token UI Changes should be merged beforehand #54651 - See[ Notion doc](https://www.notion.so/sentry/WIP-Permission-Scope-Hierarchy-67620f99783345bbb8bc2828b1addc64) for detailed spec on this work ### Implementation To model the hierarchy I used a simple dict of scope -> all granted scopes. I chose this approach b/c it's very simple and easy to enforce in the code. We use a pre-save signal on the `ApiKey` and `ApiToken` models to enforce scope hierarchy. The basic scope hierarchy for each resource is: - read grants nothing - write grants read - admin grants read+write When updating one of these models, there is no way to know if the scopes are enforced without fetching it from the DB. To avoid this trip, we always iterate through the hierarchy mapping.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Requires #56537
Summary
Refactor the create user token page to use existing dropdowns (like org/integration tokens page). This enforces hierarchy automatically when creating user tokens through the UI.
Scopes
Originally you could select scopes granularly, so you could check
project:admin
but notproject:read
. The dropdowns will include all weaker scopes for the same resource you're selecting. Ideally we would call each option in the dropdown:and explain the hierarchy in the header description with a link to our scope docs. However we still need to overhaul our scope docs so this change will have to come after the docs are complete.
Before
After
Screen.Recording.2023-09-19.at.2.13.03.PM.mov