Page MenuHomeDevCentral
Differential D2920

Integrate Sentry and GitHub
ClosedPublic
Actions

Authored by dereckson on Mar 25 2023, 16:22.
Tags
None
Referenced Files
F3749177: D2920.id7439.diff
Sat, Nov 16, 13:26
F3748942: D2920.diff
Sat, Nov 16, 11:35
Unknown Object (File)
Wed, Nov 13, 03:06
Unknown Object (File)
Tue, Nov 12, 13:20
Unknown Object (File)
Tue, Nov 12, 00:53
Unknown Object (File)
Sat, Nov 9, 04:20
Unknown Object (File)
Mon, Nov 4, 20:31
Unknown Object (File)
Sun, Nov 3, 01:54
View All Files
Subscribers
None

Details

Reviewers
dereckson
Maniphest Tasks
T1806: Integrate Sentry and GitHub
Commits
rOPS640de07abfce: Integrate Sentry and GitHub
Summary

A custom GitHub application has been created in the Nasqueron account,
and credentials published to Vault under apps/sentry/github key.

The keys under apps/sentry/github match the expected settings names,
that allows the use of the for loop instead of querying the 6 of them.

Those credentials are in apps/ and not ops/secrets/ as they don't need
to be deployed by Salt, they can directly been fetched by Sentry config.
As such, the updated Vault policy is the one used by Sentry config.

Reference: https://develop.sentry.dev/integrations/github/

Ref T1806

Test Plan

Deploy on docker-002 for sentry_web

Diff Detail

Repository
rOPS Nasqueron Operations
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

dereckson requested review of this revision.Mar 25 2023, 16:22
dereckson created this revision.
Harbormaster completed remote builds in B4601: Diff 7438.Mar 25 2023, 16:22
dereckson added a comment.Mar 25 2023, 16:26

⚠ A little tricky to test this as it will be deployed to live container. ⚠

I'd suggest to first deploy the Vault policy, then spin a new test container
and see if it has correctly the settings: the web container is only a client,
any automated write occurs in other containers, so that should be safe, and
won't disrupt our instance.

dereckson added a comment.Mar 25 2023, 16:33

Test container:

+    sentry_web_test:
+      app_port: 26081
+      host: sentry.nasqueron.org
+      command: run web
+      realm: nasqueron
+      network: sentry
+
dereckson planned changes to this revision.Mar 25 2023, 16:36
dereckson added inline comments.
roles/vault/policies/files/sentry.hcl
16

!! Configuration error: ConfigurationError('Forbidden: 1 error occurred:\n\t* permission denied\n\n, on get https://172.27.27.7:8200/v1/apps/data/sentry/github')

dereckson updated this revision to Diff 7439.Mar 25 2023, 16:37

s/app/apps

Harbormaster completed remote builds in B4602: Diff 7439.Mar 25 2023, 16:37
dereckson updated this revision to Diff 7440.Mar 25 2023, 17:25

Fix integer for GitHub application ID

dereckson accepted this revision.Mar 25 2023, 17:26
This revision is now accepted and ready to land.Mar 25 2023, 17:26
Harbormaster completed remote builds in B4603: Diff 7440.Mar 25 2023, 17:27
This revision was landed with ongoing or failed builds.Mar 25 2023, 17:27
Closed by commit rOPS640de07abfce: Integrate Sentry and GitHub (authored by dereckson). · Explain Why
This revision was automatically updated to reflect the committed changes.
dereckson added a commit: rOPS640de07abfce: Integrate Sentry and GitHub.

Revision Contents
Changeset List

PathSize
roles/
paas-docker/
containers/
files/
sentry/
etc/
30 lines
vault/
policies/
files/
4 lines

Diff 7441

View Options

roles/paas-docker/containers/files/sentry/etc/sentry.conf.py

Loading...
View Options

roles/vault/policies/files/sentry.hcl

Loading...
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator