Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(trace_related): Use global_views whitelist for events endpoint #75174

Closed
wants to merge 9 commits into from
Closed

fix(trace_related): Use global_views whitelist for events endpoint #75174

wants to merge 9 commits into from

Conversation

armenzg
Copy link
Member

@armenzg armenzg commented Jul 29, 2024
edited
Loading

In #72961 I added a change to a base class which I should have not.

This PR reverts my original change and only adjusts the events endpoint and requires a referrer whitelist.

@armenzg armenzg self-assigned this Jul 29, 2024
@github-actions github-actions bot added the Scope: Backend Automatically applied to PRs that change backend components label Jul 29, 2024
@armenzg armenzg changed the title fix(events API): fix(trace_related): Only change events endpoint Jul 29, 2024
armenzg
armenzg commented Jul 29, 2024
View reviewed changes
src/sentry/api/bases/organization_events.py Outdated Show resolved Hide resolved
src/sentry/api/endpoints/organization_events.py Outdated Show resolved Hide resolved
tests/snuba/api/endpoints/test_organization_events.py
@@ -165,6 +165,17 @@ def test_performance_view_feature(self):
assert response.status_code == 200
assert len(response.data["data"]) == 1

def test_multi_project_feature_gate_rejection(self):
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This adds the original test back.

@armenzg armenzg marked this pull request as ready for review July 29, 2024 17:40
@armenzg armenzg requested a review from a team as a code owner July 29, 2024 17:40
@armenzg armenzg requested a review from wmak July 29, 2024 17:40
@armenzg armenzg marked this pull request as draft July 29, 2024 18:11
@codecov Codecov
Copy link

codecov bot commented Jul 29, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 78.05%. Comparing base (268aa81) to head (4fef2dc).
Report is 1106 commits behind head on master.

Additional details and impacted files 
@@             Coverage Diff             @@
##           master   #75174       +/-   ##
===========================================
+ Coverage   57.02%   78.05%   +21.03%     
===========================================
  Files        6749     6759       +10     
  Lines      301279   301671      +392     
  Branches    51856    51910       +54     
===========================================
+ Hits       171809   235477    +63668     
+ Misses     124697    59848    -64849     
- Partials     4773     6346     +1573
Files Coverage Δ
src/sentry/api/bases/organization_events.py 95.39% <ø> (+32.20%) ⬆️
src/sentry/api/endpoints/organization_events.py 85.02% <100.00%> (+38.56%) ⬆️

... and 2018 files with indirect coverage changes

wmak added a commit that referenced this pull request Jul 29, 2024
@wmak
ref(querybuilder): Change events-meta to use snuba params
7e97b30 
- This updates events-meta to use the snuba params dataclass instead of
  the dict
- Tests failing until #75174
  merges
@wmak wmak mentioned this pull request Jul 29, 2024
Merged
wmak
wmak reviewed Jul 29, 2024
View reviewed changes
Copy link
Member

@wmak wmak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As discussed, since there's currently a DACI to change this behaviour lets not go with the original suggestion to add new endpoints yet.

Instead please add (with a TODO to remove and a comment explaining why its a bad pattern to use more) a check that the referrer is in an allowlist before allowing global-views

armenzg
armenzg commented Jul 29, 2024
View reviewed changes
src/sentry/api/bases/organization_events.py
@@ -130,9 +130,6 @@ def get_snuba_dataclass(
has_global_views,
len(params.projects) <= 1,
fetching_replay_data,
# If a developer can view issues of a project they do not belong to
# via open membership, we will also allow the endpoint to return events for it
organization.flags.allow_joinleave,
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was added to my original PR.

This has been moved down below:
image

@armenzg armenzg requested a review from wmak July 29, 2024 19:50
@armenzg armenzg marked this pull request as ready for review July 29, 2024 19:50
@armenzg armenzg changed the title fix(trace_related): Only change events endpoint fix(trace_related): Use global_views whitelist for events endpoint Jul 29, 2024
wmak
wmak reviewed Jul 29, 2024
View reviewed changes
Copy link
Member

@wmak wmak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor comments but this looks like its on the right track

src/sentry/api/endpoints/organization_events.py Outdated Show resolved Hide resolved
src/sentry/api/endpoints/organization_events.py Outdated Show resolved Hide resolved
armenzg and others added 2 commits July 29, 2024 15:53
@armenzg armenzg requested a review from wmak July 29, 2024 19:56
wmak
wmak approved these changes Jul 29, 2024
View reviewed changes
Copy link
Member

@wmak wmak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good

@wmak
Copy link
Member

wmak commented Jul 29, 2024

let's make sure we revisit this within a few weeks since that's the current expectation for the DACI to have a decision

wmak added a commit that referenced this pull request Aug 7, 2024
@wmak
ref(querybuilder): Change events-meta to use snuba params (#75183)
208a337 
- This updates events-meta to use the snuba params dataclass instead of
the dict
- Tests failing until #75174
merges
@getsantry
Copy link
Contributor

getsantry bot commented Aug 20, 2024

This issue has gone three weeks without activity. In another week, I will close it.

But! If you comment or otherwise update it, I will reset the clock, and if you remove the label Waiting for: Community, I will leave it alone ... forever!

"A weed is but an unloved flower." ― Ella Wheeler Wilcox 🥀

@getsantry getsantry bot added the Stale label Aug 20, 2024
@getsantry getsantry bot closed this Aug 28, 2024
@github-actions github-actions bot locked and limited conversation to collaborators Sep 12, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@wmak wmak wmak approved these changes

Assignees

@armenzg armenzg

Labels
Scope: Backend Automatically applied to PRs that change backend components Stale
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@armenzg @wmak