2
0

fix(ingest): Fix Relay auth issues and add e2e event ingestion test (#578)

This is a long-needed test that tests the whole pipeline from Nginx, Relay, to Kafka, and Snuba. The final missing piece is testing the Symbolicator integration.

This PR is also a follow up to #576 as it didn't solve the Relay issues fully (the earlier fix was a coincidence or is not as reliable as it seemed).

Fixes #486 (finally?).
This commit is contained in:
Burak Yigit Kaya 2020-07-13 13:07:05 +03:00 committed by GitHub
parent 1c9bfd9017
commit 75fe6c073b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 124 additions and 51 deletions

View File

@ -14,7 +14,7 @@ script:
- ./install.sh - ./install.sh
- docker-compose run --rm web createuser --superuser --email test@example.com --password test123TEST - docker-compose run --rm web createuser --superuser --email test@example.com --password test123TEST
- docker-compose up -d - docker-compose up -d
- timeout 60 bash -c 'until $(curl -Isf -o /dev/null http://localhost:9000); do printf '.'; sleep 0.5; done' - printf "Waiting for Sentry to be up"; timeout 60 bash -c 'until $(curl -Isf -o /dev/null http://localhost:9000); do printf '.'; sleep 0.5; done'
- ./test.sh - ./test.sh
after_failure: after_failure:

View File

@ -19,17 +19,31 @@ RELAY_CONFIG_YML='relay/config.yml'
RELAY_CREDENTIALS_JSON='relay/credentials.json' RELAY_CREDENTIALS_JSON='relay/credentials.json'
SENTRY_EXTRA_REQUIREMENTS='sentry/requirements.txt' SENTRY_EXTRA_REQUIREMENTS='sentry/requirements.txt'
# Courtesy of https://stackoverflow.com/a/2183063/90297
trap_with_arg() {
func="$1" ; shift
for sig ; do
trap "$func $sig" "$sig"
done
}
DID_CLEAN_UP=0 DID_CLEAN_UP=0
# the cleanup function will be the exit point # the cleanup function will be the exit point
cleanup () { cleanup () {
if [ "$DID_CLEAN_UP" -eq 1 ]; then if [ "$DID_CLEAN_UP" -eq 1 ]; then
return 0; return 0;
fi fi
echo "Cleaning up..."
$dc stop &> /dev/null
DID_CLEAN_UP=1 DID_CLEAN_UP=1
if [ "$1" != "EXIT" ]; then
echo "An error occurred, caught SIG$1";
echo "Cleaning up..."
fi
$dc stop &> /dev/null
} }
trap cleanup ERR INT TERM trap_with_arg cleanup ERR INT TERM EXIT
echo "Checking minimum requirements..." echo "Checking minimum requirements..."
@ -246,9 +260,6 @@ if [ ! -f "$RELAY_CREDENTIALS_JSON" ]; then
echo "Relay credentials written to $RELAY_CREDENTIALS_JSON" echo "Relay credentials written to $RELAY_CREDENTIALS_JSON"
fi fi
cleanup
echo "" echo ""
echo "----------------" echo "----------------"
echo "You're all done! Run the following command to get Sentry running:" echo "You're all done! Run the following command to get Sentry running:"

View File

@ -12,22 +12,22 @@ def get_internal_network():
import socket import socket
import struct import struct
iface = 'eth0' iface = "eth0"
sockfd = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) sockfd = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
ifreq = struct.pack('16sH14s', iface, socket.AF_INET, b'\x00' * 14) ifreq = struct.pack("16sH14s", iface, socket.AF_INET, b"\x00" * 14)
try: try:
ip = struct.unpack( ip = struct.unpack(
"!I", struct.unpack('16sH2x4s8x', fcntl.ioctl(sockfd, 0x8915, ifreq))[2] "!I", struct.unpack("16sH2x4s8x", fcntl.ioctl(sockfd, 0x8915, ifreq))[2]
)[0] )[0]
netmask = socket.ntohl( netmask = socket.ntohl(
struct.unpack('16sH2xI8x', fcntl.ioctl(sockfd, 0x891B, ifreq))[2] struct.unpack("16sH2xI8x", fcntl.ioctl(sockfd, 0x891B, ifreq))[2]
) )
except IOError: except IOError:
return () return ()
base = socket.inet_ntoa(struct.pack("!I", ip & netmask)) base = socket.inet_ntoa(struct.pack("!I", ip & netmask))
netmask_bits = 32 - int(round(math.log(ctypes.c_uint32(~netmask).value + 1, 2), 1)) netmask_bits = 32 - int(round(math.log(ctypes.c_uint32(~netmask).value + 1, 2), 1))
return ('{0:s}/{1:d}'.format(base, netmask_bits),) return ("{0:s}/{1:d}".format(base, netmask_bits),)
INTERNAL_IPS = get_internal_network() INTERNAL_IPS = get_internal_network()
@ -60,7 +60,7 @@ SENTRY_USE_BIG_INTS = True
SENTRY_SINGLE_ORGANIZATION = True SENTRY_SINGLE_ORGANIZATION = True
SENTRY_OPTIONS["system.event-retention-days"] = int( SENTRY_OPTIONS["system.event-retention-days"] = int(
env('SENTRY_EVENT_RETENTION_DAYS', '90') env("SENTRY_EVENT_RETENTION_DAYS", "90")
) )
######### #########
@ -185,32 +185,33 @@ SENTRY_DIGESTS = "sentry.digests.backends.redis.RedisBackend"
SENTRY_WEB_HOST = "0.0.0.0" SENTRY_WEB_HOST = "0.0.0.0"
SENTRY_WEB_PORT = 9000 SENTRY_WEB_PORT = 9000
SENTRY_WEB_OPTIONS = { SENTRY_WEB_OPTIONS = {
"http-keepalive": True, "http": "%s:%s" % (SENTRY_WEB_HOST, SENTRY_WEB_PORT),
"protocol": "uwsgi",
# This is need to prevent https://git.io/fj7Lw
"uwsgi-socket": None,
"so-keepalive": True, "so-keepalive": True,
"http-auto-chunked": True, # Keep this between 15s-75s as that's what Relay supports
"http-keepalive": 15,
"http-chunked-input": True, "http-chunked-input": True,
# the number of web workers # the number of web workers
'workers': 3, "workers": 3,
'threads': 4, "threads": 4,
# Turn off memory reporting
"memory-report": False, "memory-report": False,
# Some stuff so uwsgi will cycle workers sensibly # Some stuff so uwsgi will cycle workers sensibly
'max-requests': 100000, "max-requests": 100000,
'max-requests-delta': 500, "max-requests-delta": 500,
'max-worker-lifetime': 86400, "max-worker-lifetime": 86400,
# Duplicate options from sentry default just so we don't get # Duplicate options from sentry default just so we don't get
# bit by sentry changing a default value that we depend on. # bit by sentry changing a default value that we depend on.
'thunder-lock': True, "thunder-lock": True,
'log-x-forwarded-for': False, "log-x-forwarded-for": False,
'buffer-size': 32768, "buffer-size": 32768,
# Relay cannot authenticate without the following "limit-post": 209715200,
'post-buffering': 32768, "disable-logging": True,
'limit-post': 209715200, "reload-on-rss": 600,
'disable-logging': True, "ignore-sigpipe": True,
'reload-on-rss': 600, "ignore-write-errors": True,
'ignore-sigpipe': True, "disable-write-exception": True,
'ignore-write-errors': True,
'disable-write-exception': True,
} }
########### ###########
@ -259,7 +260,7 @@ SENTRY_FEATURES.update(
# GitHub Integration # # GitHub Integration #
###################### ######################
GITHUB_EXTENDED_PERMISSIONS = ['repo'] GITHUB_EXTENDED_PERMISSIONS = ["repo"]
######################### #########################
# Bitbucket Integration # # Bitbucket Integration #

85
test.sh
View File

@ -5,30 +5,91 @@ SENTRY_TEST_HOST="${SENTRY_TEST_HOST:-http://localhost:9000}"
TEST_USER='test@example.com' TEST_USER='test@example.com'
TEST_PASS='test123TEST' TEST_PASS='test123TEST'
COOKIE_FILE=$(mktemp) COOKIE_FILE=$(mktemp)
declare -a TEST_STRINGS=(
'"isAuthenticated":true'
'"username":"test@example.com"'
'"isSuperuser":true'
)
INITIAL_AUTH_REDIRECT=$(curl -sL -o /dev/null $SENTRY_TEST_HOST -w %{url_effective}) # Courtesy of https://stackoverflow.com/a/2183063/90297
if [ "$INITIAL_AUTH_REDIRECT" != "$SENTRY_TEST_HOST/auth/login/sentry/" ]; then trap_with_arg() {
func="$1" ; shift
for sig ; do
trap "$func $sig" "$sig"
done
}
DID_CLEAN_UP=0
# the cleanup function will be the exit point
cleanup () {
if [ "$DID_CLEAN_UP" -eq 1 ]; then
return 0;
fi
DID_CLEAN_UP=1
if [ "$1" != "EXIT" ]; then
echo "An error occurred, caught SIG$1";
fi
echo "Cleaning up..."
rm $COOKIE_FILE
echo "Done."
}
trap_with_arg cleanup ERR INT TERM EXIT
get_csrf_token () { awk '$6 == "sc" { print $7 }' $COOKIE_FILE; }
sentry_api_request () { curl -s -H 'Accept: application/json; charset=utf-8' -H "Referer: $SENTRY_TEST_HOST" -H 'Content-Type: application/json' -H "X-CSRFToken: $(get_csrf_token)" -b "$COOKIE_FILE" -c "$COOKIE_FILE" "$SENTRY_TEST_HOST/api/0/$1" ${@:2}; }
login () {
INITIAL_AUTH_REDIRECT=$(curl -sL -o /dev/null $SENTRY_TEST_HOST -w %{url_effective})
if [ "$INITIAL_AUTH_REDIRECT" != "$SENTRY_TEST_HOST/auth/login/sentry/" ]; then
echo "Initial /auth/login/ redirect failed, exiting..." echo "Initial /auth/login/ redirect failed, exiting..."
echo "$INITIAL_AUTH_REDIRECT" echo "$INITIAL_AUTH_REDIRECT"
exit -1 exit -1
fi fi
CSRF_TOKEN=$(curl $SENTRY_TEST_HOST -sL -c "$COOKIE_FILE" | awk -F "'" ' CSRF_TOKEN_FOR_LOGIN=$(curl $SENTRY_TEST_HOST -sL -c "$COOKIE_FILE" | awk -F "'" '
/csrfmiddlewaretoken/ { /csrfmiddlewaretoken/ {
print $4 "=" $6; print $4 "=" $6;
exit; exit;
}') }')
LOGIN_RESPONSE=$(curl -sL -F 'op=login' -F "username=$TEST_USER" -F "password=$TEST_PASS" -F "$CSRF_TOKEN" "$SENTRY_TEST_HOST/auth/login/" -H "Referer: $SENTRY_TEST_HOST/auth/login/" -b "$COOKIE_FILE" -c "$COOKIE_FILE")
TEST_RESULT=0 curl -sL --data-urlencode 'op=login' --data-urlencode "username=$TEST_USER" --data-urlencode "password=$TEST_PASS" --data-urlencode "$CSRF_TOKEN_FOR_LOGIN" "$SENTRY_TEST_HOST/auth/login/sentry/" -H "Referer: $SENTRY_TEST_HOST/auth/login/sentry/" -b "$COOKIE_FILE" -c "$COOKIE_FILE";
for i in "${TEST_STRINGS[@]}" }
LOGIN_RESPONSE=$(login);
declare -a LOGIN_TEST_STRINGS=(
'"isAuthenticated":true'
'"username":"test@example.com"'
'"isSuperuser":true'
)
for i in "${LOGIN_TEST_STRINGS[@]}"
do do
echo "Testing '$i'..." echo "Testing '$i'..."
echo "$LOGIN_RESPONSE" | grep "$i[,}]" >& /dev/null echo "$LOGIN_RESPONSE" | grep "$i[,}]" >& /dev/null
echo "Pass." echo "Pass."
done done
# Set up initial/required settings (InstallWizard request)
sentry_api_request "internal/options/?query=is:required" -X PUT --data '{"mail.use-tls":false,"mail.username":"","mail.port":25,"system.admin-email":"ben@byk.im","mail.password":"","mail.from":"root@localhost","system.url-prefix":"'"$SENTRY_TEST_HOST"'","auth.allow-registration":false,"beacon.anonymous":true}' > /dev/null
SENTRY_DSN=$(sentry_api_request "projects/sentry/internal/keys/" | awk 'BEGIN { RS=",|:{\n"; FS="\""; } $2 == "public" { print $4; exit; }')
TEST_EVENT_ID=$(docker run --rm --net host -e "SENTRY_DSN=$SENTRY_DSN" -v $(pwd):/work getsentry/sentry-cli send-event -m "a failure" -e task:create-user -e object:42 | tr -d '-')
echo "Created event $TEST_EVENT_ID."
EVENT_PATH="projects/sentry/internal/events/$TEST_EVENT_ID/"
export -f sentry_api_request get_csrf_token
export SENTRY_TEST_HOST COOKIE_FILE EVENT_PATH
printf "Checking its existence"
timeout 15 bash -c 'until $(sentry_api_request "$EVENT_PATH" -Isf -X GET -o /dev/null); do printf '.'; sleep 0.5; done'
echo "";
EVENT_RESPONSE=$(sentry_api_request "projects/sentry/internal/events/$TEST_EVENT_ID/")
declare -a EVENT_TEST_STRINGS=(
'"eventID":"'"$TEST_EVENT_ID"'"'
'"message":"a failure"'
'"title":"a failure"'
'"object":"42"'
)
for i in "${EVENT_TEST_STRINGS[@]}"
do
echo "Testing '$i'..."
echo "$EVENT_RESPONSE" | grep "$i[,}]" >& /dev/null
echo "Pass."
done