From 41200b79a6fe94f7a994d5f0bcd9562201687a47 Mon Sep 17 00:00:00 2001 From: David Cramer Date: Mon, 15 Apr 2019 10:01:10 -0700 Subject: [PATCH 1/3] feat: Improve configuration to be less Docker-specific This removes auto-binding of various values (specified in config.yaml) when they're not actually configured. It ensures that these values can then be configured from the web UI as Sentry has intended. --- sentry.conf.py | 85 +++++++++++++++++++++++++++++--------------------- 1 file changed, 50 insertions(+), 35 deletions(-) diff --git a/sentry.conf.py b/sentry.conf.py index 78d96b1..8572e33 100644 --- a/sentry.conf.py +++ b/sentry.conf.py @@ -40,6 +40,7 @@ from sentry.conf.server import * # NOQA import os import os.path +import six CONF_ROOT = os.path.dirname(__file__) @@ -250,46 +251,54 @@ SENTRY_WEB_OPTIONS = { # 'workers': 3, # the number of web workers } -############### -# Mail Server # -############### -email = env('SENTRY_EMAIL_HOST') or (env('SMTP_PORT_25_TCP_ADDR') and 'smtp') -if email: - SENTRY_OPTIONS['mail.backend'] = 'smtp' - SENTRY_OPTIONS['mail.host'] = email - SENTRY_OPTIONS['mail.password'] = env('SENTRY_EMAIL_PASSWORD') or '' - SENTRY_OPTIONS['mail.username'] = env('SENTRY_EMAIL_USER') or '' - SENTRY_OPTIONS['mail.port'] = int(env('SENTRY_EMAIL_PORT') or 25) - SENTRY_OPTIONS['mail.use-tls'] = env('SENTRY_EMAIL_USE_TLS', False) -else: - SENTRY_OPTIONS['mail.backend'] = 'dummy' +########## +# Docker # +########## -# The email address to send on behalf of -SENTRY_OPTIONS['mail.from'] = env('SENTRY_SERVER_EMAIL') or 'root@localhost' +# Docker's environment configuration needs to happen +# prior to anything that might rely on these values to +# enable more "smart" configuration. -# If you're using mailgun for inbound mail, set your API key and configure a -# route to forward to /api/hooks/mailgun/inbound/ -SENTRY_OPTIONS['mail.mailgun-api-key'] = env('SENTRY_MAILGUN_API_KEY') or '' +ENV_CONFIG_MAPPING = { + 'SENTRY_EMAIL_PASSWORD': 'mail.password', + 'SENTRY_EMAIL_USER': 'mail.username', + 'SENTRY_EMAIL_PORT': ('mail.port', int), + 'SENTRY_EMAIL_USE_TLS': ('mail.use-tls', bool), + 'SENTRY_EMAIL_HOST': 'mail.host', + 'SENTRY_SERVER_EMAIL': 'mail.from', + 'SENTRY_ENABLE_EMAIL_REPLIES': 'mail.enable-replies', + 'SENTRY_SMTP_HOSTNAME': 'mail.reply-hostname', -# If you specify a MAILGUN_API_KEY, you definitely want EMAIL_REPLIES -if SENTRY_OPTIONS['mail.mailgun-api-key']: - SENTRY_OPTIONS['mail.enable-replies'] = True -else: - SENTRY_OPTIONS['mail.enable-replies'] = env('SENTRY_ENABLE_EMAIL_REPLIES', False) + # If you're using mailgun for inbound mail, set your API key and configure a + # route to forward to /api/hooks/mailgun/inbound/ + 'SENTRY_MAILGUN_API_KEY': 'mail.mailgun-api-key', -if SENTRY_OPTIONS['mail.enable-replies']: - SENTRY_OPTIONS['mail.reply-hostname'] = env('SENTRY_SMTP_HOSTNAME') or '' + 'SLACK_CLIENT_ID': 'slack.client-id', + 'SLACK_CLIENT_SECRET': 'slack.client-secret', + 'SLACK_VERIFICATION_TOKEN': 'slack.verification-token', -##################### -# SLACK INTEGRATION # -##################### -slack = env('SLACK_CLIENT_ID') and env('SLACK_CLIENT_SECRET') -if slack: - SENTRY_OPTIONS['slack.client-id'] = env('SLACK_CLIENT_ID') - SENTRY_OPTIONS['slack.client-secret'] = env('SLACK_CLIENT_SECRET') - SENTRY_OPTIONS['slack.verification-token'] = env('SLACK_VERIFICATION_TOKEN') or '' + 'SECRET_KEY': 'system.secret-key', +} + + +def bind_env_config(config=SENTRY_OPTIONS, mapping=ENV_CONFIG_MAPPING): + """ + Automatically bind SENTRY_OPTIONS from a set of environment variables. + """ + for env_var, item in six.iteritems(mapping): + value = env(env_var) + if value is None: + continue + if isinstance(item, tuple): + opt_key, type_ = item + # only coerce the value if its not falsey (e.g. '') + if value: + value = type_(value) + else: + opt_key = item + config[opt_key] = value # If this value ever becomes compromised, it's important to regenerate your # SENTRY_SECRET_KEY. Changing this value will result in all current sessions @@ -306,7 +315,13 @@ if 'SENTRY_RUNNING_UWSGI' not in os.environ and len(secret_key) < 32: print('!! Regenerate with `generate-secret-key`. !!') print('!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!') -SENTRY_OPTIONS['system.secret-key'] = secret_key +# Grab the easy configuration first - these are all fixed +# key=value with no logic behind them +bind_env_config() + +# If you specify a MAILGUN_API_KEY, you definitely want EMAIL_REPLIES +if SENTRY_OPTIONS.get('mail.mailgun-api-key'): + SENTRY_OPTIONS.setdefault('mail.enable-replies', True) if 'GITHUB_APP_ID' in os.environ: GITHUB_EXTENDED_PERMISSIONS = ['repo'] @@ -315,4 +330,4 @@ if 'GITHUB_APP_ID' in os.environ: if 'BITBUCKET_CONSUMER_KEY' in os.environ: BITBUCKET_CONSUMER_KEY = env('BITBUCKET_CONSUMER_KEY') - BITBUCKET_CONSUMER_SECRET = env('BITBUCKET_CONSUMER_SECRET') \ No newline at end of file + BITBUCKET_CONSUMER_SECRET = env('BITBUCKET_CONSUMER_SECRET') From d469fb8135e6f78f01e1c8c23ebd5ac02b1d93da Mon Sep 17 00:00:00 2001 From: David Cramer Date: Wed, 17 Apr 2019 12:29:53 -0700 Subject: [PATCH 2/3] feat: Add VSTS and GitHub integration config from env vars --- sentry.conf.py | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/sentry.conf.py b/sentry.conf.py index 8572e33..f52638c 100644 --- a/sentry.conf.py +++ b/sentry.conf.py @@ -29,11 +29,23 @@ # SENTRY_MAILGUN_API_KEY # SENTRY_SINGLE_ORGANIZATION # SENTRY_SECRET_KEY +# (slack integration) # SLACK_CLIENT_ID # SLACK_CLIENT_SECRET # SLACK_VERIFICATION_TOKEN +# (github plugin, sso) # GITHUB_APP_ID # GITHUB_API_SECRET +# (github integration) +# GITHUB_APP_ID +# GITHUB_CLIENT_ID +# GITHUB_CLIENT_SECRET +# GITHUB_WEBHOOK_SECRET +# GITHUB_PRIVATE_KEY +# (azure devops integration) +# VSTS_CLIENT_ID +# VSTS_CLIENT_SECRET +# (bitbucket plugin) # BITBUCKET_CONSUMER_KEY # BITBUCKET_CONSUMER_SECRET from sentry.conf.server import * # NOQA @@ -279,6 +291,15 @@ ENV_CONFIG_MAPPING = { 'SLACK_CLIENT_SECRET': 'slack.client-secret', 'SLACK_VERIFICATION_TOKEN': 'slack.verification-token', + 'GITHUB_APP_ID': 'github-app.id', + 'GITHUB_CLIENT_ID': 'github-app.client-id', + 'GITHUB_CLIENT_SECRET': 'github-app.client-secret', + 'GITHUB_WEBHOOK_SECRET': 'github-app.webhook-secret', + 'GITHUB_PRIVATE_KEY': 'github-app.private-key', + + 'VSTS_CLIENT_ID': 'vsts.client-id', + 'VSTS_CLIENT_SECRET': 'vsts.client-secret', + 'SECRET_KEY': 'system.secret-key', } From 82aa12b88655ffa846304318eede2e8921f792f1 Mon Sep 17 00:00:00 2001 From: Matt Robenolt Date: Fri, 19 Apr 2019 12:02:55 -0700 Subject: [PATCH 3/3] I think fixed stuff up --- sentry.conf.py | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/sentry.conf.py b/sentry.conf.py index f52638c..0a0fde1 100644 --- a/sentry.conf.py +++ b/sentry.conf.py @@ -49,6 +49,7 @@ # BITBUCKET_CONSUMER_KEY # BITBUCKET_CONSUMER_SECRET from sentry.conf.server import * # NOQA +from sentry.utils.types import Bool, Int import os import os.path @@ -276,12 +277,13 @@ SENTRY_WEB_OPTIONS = { ENV_CONFIG_MAPPING = { 'SENTRY_EMAIL_PASSWORD': 'mail.password', 'SENTRY_EMAIL_USER': 'mail.username', - 'SENTRY_EMAIL_PORT': ('mail.port', int), - 'SENTRY_EMAIL_USE_TLS': ('mail.use-tls', bool), + 'SENTRY_EMAIL_PORT': ('mail.port', Int), + 'SENTRY_EMAIL_USE_TLS': ('mail.use-tls', Bool), 'SENTRY_EMAIL_HOST': 'mail.host', 'SENTRY_SERVER_EMAIL': 'mail.from', 'SENTRY_ENABLE_EMAIL_REPLIES': 'mail.enable-replies', 'SENTRY_SMTP_HOSTNAME': 'mail.reply-hostname', + 'SENTRY_SECRET_KEY': 'system.secret-key', # If you're using mailgun for inbound mail, set your API key and configure a # route to forward to /api/hooks/mailgun/inbound/ @@ -299,8 +301,6 @@ ENV_CONFIG_MAPPING = { 'VSTS_CLIENT_ID': 'vsts.client-id', 'VSTS_CLIENT_SECRET': 'vsts.client-secret', - - 'SECRET_KEY': 'system.secret-key', } @@ -309,14 +309,13 @@ def bind_env_config(config=SENTRY_OPTIONS, mapping=ENV_CONFIG_MAPPING): Automatically bind SENTRY_OPTIONS from a set of environment variables. """ for env_var, item in six.iteritems(mapping): - value = env(env_var) - if value is None: + try: + value = os.environ[env_var] + except KeyError: continue if isinstance(item, tuple): opt_key, type_ = item - # only coerce the value if its not falsey (e.g. '') - if value: - value = type_(value) + value = type_(value) else: opt_key = item config[opt_key] = value