sentry icon indicating copy to clipboard operation
sentry copied to clipboard
Published 3 weeks ago verified publisher icon getsentry

fix(deploys): Fix permissions for deploy endpoint projects

Open szokeasaurusrex opened this issue 1 year ago • 5 comments

Currently, in order to link specific projects to a deploy, e.g. via the sentry-cli deploys new command, users must provide a token with the project:read scope. This is inconsistent with the sentry-cli releases new command, which allows users to create a new release associated with only some projects by using the org:read and project:release scopes.

This PR proposes allowing specifying projects for a deploy using a token with project:releases scope.

Fixes #78025

szokeasaurusrex avatar Sep 24 '24 15:09 szokeasaurusrex

Will this break a corresponding endpoint calls for tokens that have project:read scope?

oioki avatar Sep 25 '24 11:09 oioki

@oioki, a token that only has project:read (and org:read) will not be able to access the endpoint at all, but a token with project:write can and such a token will break with this change.

I think it would be possible to make this change in a way which would be backwards compatible. Should I do that?

szokeasaurusrex avatar Sep 25 '24 12:09 szokeasaurusrex

@oioki, I changed the code so it should now remain backwards-compatible with tokens that have project:read but not project:releases

szokeasaurusrex avatar Sep 27 '24 11:09 szokeasaurusrex

Codecov Report

:white_check_mark: All modified and coverable lines are covered by tests. :white_check_mark: All tests successful. No failed tests found.

Additional details and impacted files 
@@           Coverage Diff           @@
##           master   #78026   +/-   ##
=======================================
  Coverage   80.62%   80.62%           
=======================================
  Files        8560     8560           
  Lines      376911   376913    +2     
  Branches    24538    24538           
=======================================
+ Hits       303877   303882    +5     
+ Misses      72664    72661    -3     
  Partials      370      370

codecov[bot] avatar Sep 27 '24 12:09 codecov[bot]

@getsentry/security Can I get a review here?

szokeasaurusrex avatar Oct 04 '24 09:10 szokeasaurusrex

Mind creating a test that covers this case?

oioki avatar Oct 16 '24 10:10 oioki

Mind creating a test that covers this case?

I am not really sure how to test this @oioki. I have already spent more than an hour trying to figure it out without making much progress, so it is probably more productive if someone more familiar with this code adds the test

@iamrajjoshi or @snigdhas, would either of you know how to test this change? Looks like you all edited the code most recently. If you need time to investigate, we can merge this change and open an issue to add tests.

szokeasaurusrex avatar Oct 16 '24 14:10 szokeasaurusrex

@szokeasaurusrex this test looks like it might mimic similar behavior of setting a specific scope and using the API token to test behavior

snigdhas avatar Oct 30 '24 17:10 snigdhas

This pull request has gone three weeks without activity. In another week, I will close it.

But! If you comment or otherwise update it, I will reset the clock, and if you add the label WIP, I will leave it alone unless WIP is removed ... forever!

"A weed is but an unloved flower." ― Ella Wheeler Wilcox 🥀

getsantry[bot] avatar Nov 21 '24 08:11 getsantry[bot]

This pull request has gone three weeks without activity. In another week, I will close it.

But! If you comment or otherwise update it, I will reset the clock, and if you add the label WIP, I will leave it alone unless WIP is removed ... forever!

"A weed is but an unloved flower." ― Ella Wheeler Wilcox 🥀

getsantry[bot] avatar Dec 14 '24 08:12 getsantry[bot]

This pull request has gone three weeks without activity. In another week, I will close it.

But! If you comment or otherwise update it, I will reset the clock, and if you add the label WIP, I will leave it alone unless WIP is removed ... forever!

"A weed is but an unloved flower." ― Ella Wheeler Wilcox 🥀

getsantry[bot] avatar Jan 06 '25 08:01 getsantry[bot]

This pull request has gone three weeks without activity. In another week, I will close it.

But! If you comment or otherwise update it, I will reset the clock, and if you add the label WIP, I will leave it alone unless WIP is removed ... forever!

"A weed is but an unloved flower." ― Ella Wheeler Wilcox 🥀

getsantry[bot] avatar Jan 29 '25 08:01 getsantry[bot]

@oioki I added the test – better late than never 😅

Could I get a re-review please?

szokeasaurusrex avatar Jun 24 '25 14:06 szokeasaurusrex

This issue has gone three weeks without activity. In another week, I will close it.

But! If you comment or otherwise update it, I will reset the clock, and if you remove the label Waiting for: Community, I will leave it alone ... forever!

"A weed is but an unloved flower." ― Ella Wheeler Wilcox 🥀

getsantry[bot] avatar Jul 16 '25 07:07 getsantry[bot]

This issue has gone three weeks without activity. In another week, I will close it.

But! If you comment or otherwise update it, I will reset the clock, and if you remove the label Waiting for: Community, I will leave it alone ... forever!

"A weed is but an unloved flower." ― Ella Wheeler Wilcox 🥀

getsantry[bot] avatar Aug 08 '25 07:08 getsantry[bot]