Skip to content

feat(bitbucket): add webhook secret on each repository creation #84311

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Feb 13, 2025
Merged

feat(bitbucket): add webhook secret on each repository creation #84311

merged 2 commits into from
Feb 13, 2025

Conversation

oioki
Copy link
Member

@oioki oioki commented Jan 30, 2025

@oioki oioki requested review from a team as code owners January 30, 2025 15:19
@oioki oioki mentioned this pull request Jan 30, 2025
Merged
@sentry-io Sentry.io
Copy link

sentry-io bot commented Jan 30, 2025

🔍 Existing Issues For Review

Your pull request is modifying functions with the following pre-existing issues:

📄 File: src/sentry/integrations/bitbucket/integration.py

Function Unhandled Issue
build_integration AttributeError: 'NoneType' object has no attribute 'get' /extensions/{provider_id...
Event Count: 1

Did you find this useful? React with a 👍 or 👎

@github-actions github-actions bot added the Scope: Backend Automatically applied to PRs that change backend components label Jan 30, 2025
@oioki oioki mentioned this pull request Jan 30, 2025
Closed
cathteng
cathteng reviewed Jan 30, 2025
View reviewed changes
Copy link
Member

@cathteng cathteng left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

are we planning on backfilling secrets for existing bitbucket integrations? we can do that by listing the repositories, deleting hooks for those without secrets + creating new ones with secrets

sentry/src/sentry/integrations/bitbucket/client.py

Lines 120 to 125 in e28e4b6

def get_hooks(self, repo):
return self.get(path=BitbucketAPIPath.repository_hooks.format(repo=repo))
def delete_hook(self, repo, hook_id):
return self.delete(path=BitbucketAPIPath.repository_hook.format(repo=repo, uid=hook_id))

https://developer.atlassian.com/cloud/bitbucket/rest/api-group-repositories/#api-repositories-workspace-repo-slug-hooks-get

oioki added a commit that referenced this pull request Feb 13, 2025
@oioki
feat(bitbucket): check bitbucket webhook signature if webhook_secret …
ca43d5f 
…is defined (#84309)

Preparing [Bitbucket webhook secret
validation](https://support.atlassian.com/bitbucket-cloud/docs/manage-webhooks/#Validating-webhook-deliveries).
This is actual signature header validation, but no integrations/repos
have the associated secret yet.

Follow-up PRs:
- backend endpoint to modify `webhook_secret`:
#84311

Previous attempt (#82541) had
repository-level secrets but we decided to go with integration-level
secret to align with other integrations (GitLab, GitHub).
@codecov Codecov
Copy link

codecov bot commented Feb 13, 2025
edited
Loading

❌ 1 Tests Failed:

Tests completed Failed Passed Skipped
23469 1 23468 290
View the top 1 failed test(s) by shortest run time 
tests.symbolicator.test_minidump_full.SymbolicatorMinidumpIntegrationTest::test_reprocessing
Stack Traces | 14s run time 
#x1B[1m#x1B[.../db/postgres/decorators.py#x1B[0m:91: in inner
    return func(self, sql, *args, **kwargs)
#x1B[1m#x1B[.../db/postgres/base.py#x1B[0m:84: in execute
    return self.cursor.execute(sql, clean_bad_params(params))
#x1B[1m#x1B[31mE   psycopg2.errors.UniqueViolation: duplicate key value violates unique constraint "auth_user_username_key"#x1B[0m
#x1B[1m#x1B[31mE   DETAIL:  Key (username)=(admin@localhost) already exists.#x1B[0m

#x1B[33mDuring handling of the above exception, another exception occurred:#x1B[0m
#x1B[1m#x1B[31m.venv/lib/python3.13.../db/backends/utils.py#x1B[0m:105: in _execute
    return self.cursor.execute(sql, params)
#x1B[1m#x1B[.../db/postgres/decorators.py#x1B[0m:77: in inner
    raise_the_exception(self.db, e)
#x1B[1m#x1B[.../db/postgres/decorators.py#x1B[0m:75: in inner
    return func(self, *args, **kwargs)
#x1B[1m#x1B[.../db/postgres/decorators.py#x1B[0m:18: in inner
    return func(self, *args, **kwargs)
#x1B[1m#x1B[.../db/postgres/decorators.py#x1B[0m:93: in inner
    raise type(e)(f"{e!r}\nSQL: {sql}").with_traceback(e.__traceback__)
#x1B[1m#x1B[.../db/postgres/decorators.py#x1B[0m:91: in inner
    return func(self, sql, *args, **kwargs)
#x1B[1m#x1B[.../db/postgres/base.py#x1B[0m:84: in execute
    return self.cursor.execute(sql, clean_bad_params(params))
#x1B[1m#x1B[31mE   psycopg2.errors.UniqueViolation: UniqueViolation('duplicate key value violates unique constraint "auth_user_username_key"\nDETAIL:  Key (username)=(admin@localhost) already exists.\n')#x1B[0m
#x1B[1m#x1B[31mE   SQL: INSERT INTO "auth_user" ("password", "last_login", "username", "first_name", "email", "is_staff", "is_active", "is_unclaimed", "is_superuser", "is_managed", "is_sentry_app", "is_password_expired", "last_password_change", "flags", "session_nonce", "date_joined", "last_active", "avatar_type", "avatar_url") VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s) RETURNING "auth_user"."id"#x1B[0m

#x1B[33mThe above exception was the direct cause of the following exception:#x1B[0m
#x1B[1m#x1B[31mtests/symbolicator/test_minidump_full.py#x1B[0m:37: in initialize
    self.project.update_option("sentry:builtin_symbol_sources", [])
#x1B[1m#x1B[31m.venv/lib/python3.13.../django/utils/functional.py#x1B[0m:47: in __get__
    res = instance.__dict__[self.name] = self.func(instance)
#x1B[1m#x1B[.../sentry/testutils/fixtures.py#x1B[0m:97: in project
    name="Bar", slug="bar", teams=[self.team], fire_project_created=True
#x1B[1m#x1B[31m.venv/lib/python3.13.../django/utils/functional.py#x1B[0m:47: in __get__
    res = instance.__dict__[self.name] = self.func(instance)
#x1B[1m#x1B[.../hostedtoolcache/Python/3.13.1....../x64/lib/python3.13/contextlib.py#x1B[0m:85: in inner
    return func(*args, **kwds)
#x1B[1m#x1B[.../sentry/testutils/fixtures.py#x1B[0m:87: in team
    team = self.create_team(organization=self.organization, name="foo", slug="foo")
#x1B[1m#x1B[31m.venv/lib/python3.13.../django/utils/functional.py#x1B[0m:47: in __get__
    res = instance.__dict__[self.name] = self.func(instance)
#x1B[1m#x1B[.../sentry/testutils/fixtures.py#x1B[0m:82: in organization
    return self.create_organization(name="baz", slug="baz", owner=self.user)
#x1B[1m#x1B[31m.venv/lib/python3.13.../django/utils/functional.py#x1B[0m:47: in __get__
    res = instance.__dict__[self.name] = self.func(instance)
#x1B[1m#x1B[.../sentry/testutils/fixtures.py#x1B[0m:71: in user
    return self.create_user(
#x1B[1m#x1B[.../sentry/testutils/fixtures.py#x1B[0m:269: in create_user
    return Factories.create_user(*args, **kwargs)
#x1B[1m#x1B[.../hostedtoolcache/Python/3.13.1....../x64/lib/python3.13/contextlib.py#x1B[0m:85: in inner
    return func(*args, **kwds)
#x1B[1m#x1B[.../sentry/testutils/factories.py#x1B[0m:903: in create_user
    user.save()
#x1B[1m#x1B[.../sentry/silo/base.py#x1B[0m:158: in override
    return original_method(*args, **kwargs)
#x1B[1m#x1B[.../users/models/user.py#x1B[0m:225: in save
    result = super().save(*args, **kwargs)
#x1B[1m#x1B[31m.venv/lib/python3.13.../contrib/auth/base_user.py#x1B[0m:62: in save
    super().save(*args, **kwargs)
#x1B[1m#x1B[31m.venv/lib/python3.13.../db/models/base.py#x1B[0m:892: in save
    self.save_base(
#x1B[1m#x1B[.../sentry/silo/base.py#x1B[0m:158: in override
    return original_method(*args, **kwargs)
#x1B[1m#x1B[31m.venv/lib/python3.13.../db/models/base.py#x1B[0m:998: in save_base
    updated = self._save_table(
#x1B[1m#x1B[31m.venv/lib/python3.13.../db/models/base.py#x1B[0m:1161: in _save_table
    results = self._do_insert(
#x1B[1m#x1B[31m.venv/lib/python3.13.../db/models/base.py#x1B[0m:1202: in _do_insert
    return manager._insert(
#x1B[1m#x1B[31m.venv/lib/python3.13.../db/models/manager.py#x1B[0m:87: in manager_method
    return getattr(self.get_queryset(), name)(*args, **kwargs)
#x1B[1m#x1B[31m.venv/lib/python3.13.../db/models/query.py#x1B[0m:1847: in _insert
    return query.get_compiler(using=using).execute_sql(returning_fields)
#x1B[1m#x1B[31m.venv/lib/python3.13.../models/sql/compiler.py#x1B[0m:1836: in execute_sql
    cursor.execute(sql, params)
#x1B[1m#x1B[31m.venv/lib/python3.13.../db/backends/utils.py#x1B[0m:122: in execute
    return super().execute(sql, params)
#x1B[1m#x1B[31m.venv/lib/python3.13.../site-packages/sentry_sdk/utils.py#x1B[0m:1858: in runner
    return original_function(*args, **kwargs)
#x1B[1m#x1B[31m.venv/lib/python3.13.../db/backends/utils.py#x1B[0m:79: in execute
    return self._execute_with_wrappers(
#x1B[1m#x1B[31m.venv/lib/python3.13.../db/backends/utils.py#x1B[0m:92: in _execute_with_wrappers
    return executor(sql, params, many, context)
#x1B[1m#x1B[.../sentry/testutils/hybrid_cloud.py#x1B[0m:133: in __call__
    return execute(*params)
#x1B[1m#x1B[31m.venv/lib/python3.13.../db/backends/utils.py#x1B[0m:100: in _execute
    with self.db.wrap_database_errors:
#x1B[1m#x1B[31m.venv/lib/python3.13.../django/db/utils.py#x1B[0m:91: in __exit__
    raise dj_exc_value.with_traceback(traceback) from exc_value
#x1B[1m#x1B[31m.venv/lib/python3.13.../db/backends/utils.py#x1B[0m:105: in _execute
    return self.cursor.execute(sql, params)
#x1B[1m#x1B[.../db/postgres/decorators.py#x1B[0m:77: in inner
    raise_the_exception(self.db, e)
#x1B[1m#x1B[.../db/postgres/decorators.py#x1B[0m:75: in inner
    return func(self, *args, **kwargs)
#x1B[1m#x1B[.../db/postgres/decorators.py#x1B[0m:18: in inner
    return func(self, *args, **kwargs)
#x1B[1m#x1B[.../db/postgres/decorators.py#x1B[0m:93: in inner
    raise type(e)(f"{e!r}\nSQL: {sql}").with_traceback(e.__traceback__)
#x1B[1m#x1B[.../db/postgres/decorators.py#x1B[0m:91: in inner
    return func(self, sql, *args, **kwargs)
#x1B[1m#x1B[.../db/postgres/base.py#x1B[0m:84: in execute
    return self.cursor.execute(sql, clean_bad_params(params))
#x1B[1m#x1B[31mE   django.db.utils.IntegrityError: UniqueViolation('duplicate key value violates unique constraint "auth_user_username_key"\nDETAIL:  Key (username)=(admin@localhost) already exists.\n')#x1B[0m
#x1B[1m#x1B[31mE   SQL: INSERT INTO "auth_user" ("password", "last_login", "username", "first_name", "email", "is_staff", "is_active", "is_unclaimed", "is_superuser", "is_managed", "is_sentry_app", "is_password_expired", "last_password_change", "flags", "session_nonce", "date_joined", "last_active", "avatar_type", "avatar_url") VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s) RETURNING "auth_user"."id"#x1B[0m

To view more test analytics, go to the Test Analytics Dashboard
📋 Got 3 mins? Take this short survey to help us improve Test Analytics.

@oioki oioki merged commit c22d87b into master Feb 13, 2025
48 checks passed
@oioki oioki deleted the feat/bitbucket-signed-webhooks-2 branch February 13, 2025 15:33
@github-actions github-actions bot locked and limited conversation to collaborators Mar 1, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@cathteng cathteng cathteng approved these changes

Assignees
No one assigned
Labels
Scope: Backend Automatically applied to PRs that change backend components
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@oioki @cathteng