Merge branch 'master' into scraps/kbd

Author: natemoo-re

src/sentry/api/bases/organization_events.py

@@ -831,6 +831,7 @@ def get_additional_queries(self, request: Request) -> AdditionalQueries:
             span=request.GET.getlist("spanQuery"),
             log=request.GET.getlist("logQuery"),
             metric=request.GET.getlist("metricQuery"),
+            occurrences=request.GET.getlist("occurrencesQuery"),
         )
 
 

src/sentry/api/endpoints/organization_trace_item_attributes.py

@@ -818,7 +818,7 @@ def string_autocomplete_function(self) -> list[TagValue]:
 
         values: Sequence[str] = rpc_response.values
         if self.context_definition:
-            context = self.context_definition.constructor(self.snuba_params)
+            context = self.context_definition.constructor(self.snuba_params, self.resolver)
             values = [context.value_map.get(value, value) for value in values]
 
         return [

src/sentry/deletions/models/scheduleddeletion.py

@@ -33,7 +33,7 @@ class BaseScheduledDeletion(Model):
     the tasks/deletion/scheduled.py job in the future.  They are cancellable, and provide automatic, batched cascade
     in an async way for performance reasons.
 
-    Note that BOTH region AND control silos need to be able to schedule deletions of different records that will be
+    Note that BOTH cell AND control silos need to be able to schedule deletions of different records that will be
     reconciled in different places.  For that reason, the ScheduledDeletion model is split into two identical models
     representing this split.  Use the corresponding ScheduledDeletion based on the silo of the model being scheduled
     for deletion.
@@ -139,9 +139,9 @@ def get_actor(self) -> RpcUser | None:
 class ScheduledDeletion(BaseScheduledDeletion):
     """
     This model schedules deletions to be processed in control and monolith silo modes.  All historic schedule deletions
-    occur in this table.  In the future, when RegionScheduledDeletions have proliferated for the appropriate models,
-    we will allow any region models scheduled in this table to finish processing before ensuring that all models discretely
-    process in either this table or the region table.
+    occur in this table.  In the future, when CellScheduledDeletions have proliferated for the appropriate models,
+    we will allow any cell models scheduled in this table to finish processing before ensuring that all models discretely
+    process in either this table or the cell table.
     """
 
     class Meta:
@@ -165,7 +165,7 @@ class Meta:
         db_table = "sentry_regionscheduleddeletion"
 
 
-def get_regional_scheduled_deletion(mode: SiloMode) -> type[BaseScheduledDeletion]:
+def get_cell_scheduled_deletion(mode: SiloMode) -> type[BaseScheduledDeletion]:
     if mode != SiloMode.CONTROL:
         return CellScheduledDeletion
     return ScheduledDeletion

src/sentry/incidents/endpoints/serializers/workflow_engine_detector.py

@@ -257,7 +257,7 @@ def get_attrs(
                 for detector_trigger in detector_trigger_data_conditions
             ],
             condition_group__in=Subquery(workflow_dcg_ids),
-        )
+        ).select_related("condition_group")
 
         dcgas = DataConditionGroupAction.objects.filter(
             condition_group__in=[

src/sentry/integrations/base.py

@@ -27,7 +27,7 @@
     organization_service,
 )
 from sentry.pipeline.provider import PipelineProvider
-from sentry.pipeline.views.base import PipelineView
+from sentry.pipeline.views.base import ApiPipelineSteps, PipelineView
 from sentry.shared_integrations.constants import (
     ERR_INTERNAL,
     ERR_UNAUTHORIZED,
@@ -312,6 +312,14 @@ def get_pipeline_views(
         """
         raise NotImplementedError
 
+    def get_pipeline_api_steps(self) -> ApiPipelineSteps[IntegrationPipeline]:
+        """
+        Return API step objects for this provider's pipeline, or None if API
+        mode is not supported. Override to enable the pipeline API for this
+        integration.
+        """
+        return None
+
     def build_integration(self, state: Mapping[str, Any]) -> IntegrationData:
         """
         Given state captured during the setup pipeline, return a dictionary

src/sentry/integrations/gitlab/client.py

@@ -690,6 +690,18 @@ def get_pr_diffs(self, repo: Repository, pr: PullRequest) -> list[dict[str, Any]
         path = GitLabApiClientPath.build_pr_diffs(project=project_id, pr_key=pr.key, unidiff=True)
         return self.get(path)
 
+    def get_repository_tree(
+        self, project_id: str, ref: str, recursive: bool = True
+    ) -> list[dict[str, Any]]:
+        """List repository tree at a given ref.
+
+        See https://docs.gitlab.com/ee/api/repositories.html#list-repository-tree
+        """
+        params: dict[str, str] = {"ref": ref, "per_page": "100"}
+        if recursive:
+            params["recursive"] = "true"
+        return self.get(GitLabApiClientPath.tree.format(project=project_id), params=params)
+
     def get_merge_request_diffs(self, project_id: str, pr_key: str) -> list[dict[str, Any]]:
         return self.get(GitLabApiClientPath.pr_diffs.format(project=project_id, pr_key=pr_key))
 

src/sentry/integrations/gitlab/utils.py

@@ -74,6 +74,7 @@ class GitLabApiClientPath:
     statuses = "/projects/{project}/statuses/{sha}"
     commit_statuses = "/projects/{project}/repository/commits/{sha}/statuses"
     archive = "/projects/{project}/repository/archive{format}"
+    tree = "/projects/{project}/repository/tree"
     branches = "/projects/{project_id}/repository/branches"
     branch = "/projects/{project_id}/repository/branches/{branch}"
     user = "/user"

src/sentry/integrations/pipeline.py

@@ -4,16 +4,20 @@
 from collections.abc import Callable, Sequence
 from typing import Any, Never, TypedDict
 
+import sentry_sdk
 from django.db import IntegrityError
+from django.http.request import HttpRequest
 from django.http.response import HttpResponseBase, HttpResponseRedirect
 from django.utils import timezone
 from django.utils.translation import gettext as _
+from sentry_sdk.tracing import TransactionSource
 
 from sentry import analytics, features
 from sentry.analytics.events.integration_pipeline_step import IntegrationPipelineStep
 from sentry.api.serializers import serialize
 from sentry.auth.superuser import superuser_has_permission
 from sentry.constants import ObjectStatus
+from sentry.features.exceptions import FeatureNotRegistered
 from sentry.integrations.base import IntegrationData, IntegrationDomain, IntegrationProvider
 from sentry.integrations.manager import default_manager
 from sentry.integrations.models.integration import Integration
@@ -22,25 +26,76 @@
     IntegrationPipelineViewEvent,
     IntegrationPipelineViewType,
 )
+from sentry.models.organization import Organization
 from sentry.models.organizationmapping import OrganizationMapping
 from sentry.organizations.absolute_url import generate_organization_url
 from sentry.organizations.services.organization import organization_service
 from sentry.organizations.services.organization.model import RpcOrganization
 from sentry.pipeline.base import Pipeline
 from sentry.pipeline.store import PipelineSessionStore
-from sentry.pipeline.views.base import PipelineView
+from sentry.pipeline.types import PipelineStepResult
+from sentry.pipeline.views.base import ApiPipelineSteps, PipelineView
 from sentry.shared_integrations.exceptions import IntegrationError, IntegrationProviderError
 from sentry.silo.base import SiloMode
 from sentry.users.models.identity import Identity, IdentityProvider, IdentityStatus
 from sentry.utils import metrics
 from sentry.web.helpers import render_to_response
 from sentry.workflow_engine.service.action import action_service
 
-__all__ = ["IntegrationPipeline"]
+__all__ = ["IntegrationPipeline", "IntegrationPipelineError", "initialize_integration_pipeline"]
 
 logger = logging.getLogger(__name__)
 
 
+class IntegrationPipelineError(Exception):
+    """Raised when an integration pipeline cannot be initialized."""
+
+    def __init__(self, message: str, not_found: bool = False) -> None:
+        self.not_found = not_found
+        super().__init__(message)
+
+
+def initialize_integration_pipeline(
+    request: HttpRequest,
+    organization: Organization | RpcOrganization,
+    provider_id: str,
+) -> IntegrationPipeline:
+    """
+    Creates, validates, and initializes an IntegrationPipeline for the given
+    organization and provider. Raises IntegrationPipelineError if any pre-checks
+    fail (feature flags disabled or provider cannot be added).
+    """
+    scope = sentry_sdk.get_current_scope()
+    scope.set_transaction_name(f"integration.{provider_id}", source=TransactionSource.VIEW)
+
+    pipeline = IntegrationPipeline(
+        request=request, organization=organization, provider_key=provider_id
+    )
+
+    assert isinstance(pipeline.provider, IntegrationProvider)
+
+    is_feature_enabled: dict[str, bool] = {}
+    for feature in pipeline.provider.features:
+        feature_flag_name = "organizations:integrations-%s" % feature.value
+        try:
+            features.get(feature_flag_name, None)
+            is_feature_enabled[feature_flag_name] = features.has(feature_flag_name, organization)
+        except FeatureNotRegistered:
+            is_feature_enabled[feature_flag_name] = True
+
+    if not any(is_feature_enabled.values()):
+        raise IntegrationPipelineError(
+            "At least one feature from this list has to be enabled in order to setup the integration:\n%s"
+            % "\n".join(is_feature_enabled)
+        )
+
+    if not pipeline.provider.can_add:
+        raise IntegrationPipelineError("Integration cannot be added.", not_found=True)
+
+    pipeline.initialize()
+    return pipeline
+
+
 class _IntegrationDefaults(TypedDict):
     metadata: dict[str, Any]
     name: str
@@ -117,6 +172,9 @@ def get_pipeline_views(
     ]:
         return self.provider.get_pipeline_views()
 
+    def get_pipeline_api_steps(self) -> ApiPipelineSteps[IntegrationPipeline]:
+        return self.provider.get_pipeline_api_steps()
+
     def get_analytics_event(self) -> analytics.Event | None:
         pipeline_type = "reauth" if self.fetch_state("integration_id") else "install"
         return IntegrationPipelineStep(
@@ -146,9 +204,8 @@ def finish_pipeline(self) -> HttpResponseBase:
                 id=self.organization.id, user_id=self.request.user.id
             )
 
-            if (
-                org_context
-                and (not org_context.member or "org:integrations" not in org_context.member.scopes)
+            if not org_context or (
+                (not org_context.member or "org:integrations" not in org_context.member.scopes)
                 and not superuser_has_permission(self.request, ["org:integrations"])
             ):
                 error_message = "You must be an organization owner, manager or admin to install this integration."
@@ -188,14 +245,17 @@ def finish_pipeline(self) -> HttpResponseBase:
                 )
                 return self.render_warning(str(e))
 
-            response = self._finish_pipeline(data)
+            try:
+                response = self._finish_pipeline(data)
+            except IntegrationError as e:
+                lifecycle.record_failure(e)
+                return self._dialog_response({"error": str(e)}, False)
 
             extra = data.get("post_install_data", {})
 
             self.provider.create_audit_log_entry(
                 self.integration, self.organization, self.request, "install", extra=extra
             )
-            # Enable all actions for the organization installing the integration
             self._enable_actions()
             self.provider.post_install(self.integration, self.organization, extra=extra)
             self.clear_session()
@@ -208,7 +268,13 @@ def finish_pipeline(self) -> HttpResponseBase:
 
         return response
 
-    def _finish_pipeline(self, data: IntegrationData) -> HttpResponseBase:
+    def _install_integration(self, data: IntegrationData) -> OrganizationIntegration:
+        """
+        Core model operations for finishing the pipeline: create/update
+        Integration, link identity, create OrganizationIntegration.
+
+        Raises IntegrationError on failure. Returns the created OrganizationIntegration.
+        """
         if "expect_exists" in data:
             self.integration = Integration.objects.get(
                 provider=self.provider.integration_key, external_id=data["external_id"]
@@ -229,7 +295,6 @@ def _finish_pipeline(self, data: IntegrationData) -> HttpResponseBase:
             idp_external_id = data.get("idp_external_id", data["external_id"])
             idp_config = data.get("idp_config", {})
 
-            # Create identity provider for this integration if necessary
             idp, created = IdentityProvider.objects.get_or_create(
                 external_id=idp_external_id, type=identity["type"], defaults={"config": idp_config}
             )
@@ -278,19 +343,15 @@ def _finish_pipeline(self, data: IntegrationData) -> HttpResponseBase:
                             "provider_key": self.provider.key,
                         },
                     )
-                    # if we don't need a default identity, we don't have to throw an error
+                    # If we don't need a default identity, we don't have to throw an error
                     if self.provider.needs_default_identity:
-                        # The external_id is linked to a different user.
                         proper_name = idp.get_provider().name
-                        return self._dialog_response(
-                            {
-                                "error": _(
-                                    "The provided %(proper_name)s account is linked to a different Sentry user. "
-                                    "To continue linking the current Sentry user, please use a different %(proper_name)s account."
-                                )
-                                % ({"proper_name": proper_name})
-                            },
-                            False,
+                        raise IntegrationError(
+                            _(
+                                "The provided %(proper_name)s account is linked to a different Sentry user. "
+                                "To continue linking the current Sentry user, please use a different %(proper_name)s account."
+                            )
+                            % ({"proper_name": proper_name})
                         )
 
         default_auth_id = None
@@ -309,16 +370,23 @@ def _finish_pipeline(self, data: IntegrationData) -> HttpResponseBase:
                     "integration_id": self.integration.id,
                 },
             )
-            return self.error(
+            raise IntegrationError(
                 "This integration has already been installed on another Sentry organization which resides in a different cell. Installation could not be completed."
             )
 
         org_integration = self.integration.add_organization(
             self.organization, self.request.user, default_auth_id=default_auth_id
         )
 
+        if org_integration is None:
+            raise IntegrationError("Could not create the integration for this organization.")
+
+        return org_integration
+
+    def _finish_pipeline(self, data: IntegrationData) -> HttpResponseBase:
+        org_integration = self._install_integration(data)
+
         extra = data.get("post_install_data", {})
-        # If a particular provider has a redirect for a successful install, use that instead of the generic success
         redirect_url_format = extra.get("redirect_url_format", None)
         if redirect_url_format is not None:
             return self._get_redirect_response(redirect_url_format=redirect_url_format)
@@ -360,6 +428,57 @@ def _enable_actions(self) -> None:
             status=ObjectStatus.ACTIVE,
         )
 
+    def api_finish_pipeline(self) -> PipelineStepResult:
+        with IntegrationPipelineViewEvent(
+            interaction_type=IntegrationPipelineViewType.FINISH_PIPELINE,
+            domain=IntegrationDomain.GENERAL,
+            provider_key=self.provider.key,
+        ).capture() as lifecycle:
+            org_context = organization_service.get_organization_by_id(
+                id=self.organization.id, user_id=self.request.user.id
+            )
+
+            if not org_context or (
+                (not org_context.member or "org:integrations" not in org_context.member.scopes)
+                and not superuser_has_permission(self.request, ["org:integrations"])
+            ):
+                return PipelineStepResult.error(
+                    "You must be an organization owner, manager or admin to install this integration."
+                )
+
+            try:
+                data = self.provider.build_integration(self.state.data)
+            except IntegrationError as e:
+                lifecycle.record_failure(e)
+                return PipelineStepResult.error(str(e))
+            except IntegrationProviderError as e:
+                return PipelineStepResult.error(str(e))
+
+            try:
+                org_integration = self._install_integration(data)
+            except IntegrationError as e:
+                lifecycle.record_failure(e)
+                return PipelineStepResult.error(str(e))
+
+            extra = data.get("post_install_data", {})
+
+            self.provider.create_audit_log_entry(
+                self.integration, self.organization, self.request, "install", extra=extra
+            )
+            self._enable_actions()
+            self.provider.post_install(self.integration, self.organization, extra=extra)
+            self.clear_session()
+
+        metrics.incr(
+            "sentry.integrations.installation_finished",
+            tags={"integration_name": self.provider.key},
+            sample_rate=1.0,
+        )
+
+        return PipelineStepResult.complete(
+            data=serialize(org_integration, self.request.user),
+        )
+
     def _get_redirect_response(self, redirect_url_format: str) -> HttpResponseRedirect:
         redirect_url = redirect_url_format.format(org_slug=self.organization.slug)
         return HttpResponseRedirect(redirect_url)