From c25b3a2a36d9b72cd0cacf539d91ce7256d8990c Mon Sep 17 00:00:00 2001 From: Jenn Mueng <30991498+jennmueng@users.noreply.github.com> Date: Wed, 28 Aug 2024 12:06:27 -0700 Subject: [PATCH] fix(autofix): Sign the update call with rpc secret (#76687) --- .../api/endpoints/group_autofix_update.py | 34 +++++++---- .../endpoints/test_group_autofix_update.py | 57 ++++++++++--------- 2 files changed, 51 insertions(+), 40 deletions(-) diff --git a/src/sentry/api/endpoints/group_autofix_update.py b/src/sentry/api/endpoints/group_autofix_update.py index 638f8668612d6..9074138222e21 100644 --- a/src/sentry/api/endpoints/group_autofix_update.py +++ b/src/sentry/api/endpoints/group_autofix_update.py @@ -13,6 +13,7 @@ from sentry.api.base import region_silo_endpoint from sentry.api.bases.group import GroupEndpoint from sentry.models.group import Group +from sentry.seer.signed_seer_api import sign_with_seer_secret logger = logging.getLogger(__name__) @@ -42,20 +43,29 @@ def post(self, request: Request, group: Group) -> Response: ) path = "/v1/automation/autofix/update" + + body = orjson.dumps( + { + **request.data, + "invoking_user": ( + { + "id": user.id, + "display_name": user.get_display_name(), + } + ), + } + ) + response = requests.post( f"{settings.SEER_AUTOFIX_URL}{path}", - data=orjson.dumps( - { - **request.data, - "invoking_user": ( - { - "id": user.id, - "display_name": user.get_display_name(), - } - ), - } - ), - headers={"content-type": "application/json;charset=utf-8"}, + data=body, + headers={ + "content-type": "application/json;charset=utf-8", + **sign_with_seer_secret( + url=f"{settings.SEER_AUTOFIX_URL}{path}", + body=body, + ), + }, ) response.raise_for_status() diff --git a/tests/sentry/api/endpoints/test_group_autofix_update.py b/tests/sentry/api/endpoints/test_group_autofix_update.py index 4fe79a8dc7c32..5acccf492eec5 100644 --- a/tests/sentry/api/endpoints/test_group_autofix_update.py +++ b/tests/sentry/api/endpoints/test_group_autofix_update.py @@ -4,6 +4,7 @@ from django.conf import settings from rest_framework import status +from sentry.seer.signed_seer_api import sign_with_seer_secret from sentry.testutils.cases import APITestCase @@ -32,22 +33,28 @@ def test_autofix_update_successful(self, mock_post): ) assert response.status_code == status.HTTP_202_ACCEPTED + expected_body = orjson.dumps( + { + "run_id": 123, + "payload": { + "type": "select_root_cause", + "cause_id": 456, + }, + "invoking_user": { + "id": self.user.id, + "display_name": self.user.get_display_name(), + }, + } + ) + expected_url = f"{settings.SEER_AUTOFIX_URL}/v1/automation/autofix/update" + expected_headers = { + "content-type": "application/json;charset=utf-8", + **sign_with_seer_secret(url=expected_url, body=expected_body), + } mock_post.assert_called_once_with( - f"{settings.SEER_AUTOFIX_URL}/v1/automation/autofix/update", - data=orjson.dumps( - { - "run_id": 123, - "payload": { - "type": "select_root_cause", - "cause_id": 456, - }, - "invoking_user": { - "id": self.user.id, - "display_name": self.user.get_display_name(), - }, - } - ), - headers={"content-type": "application/json;charset=utf-8"}, + expected_url, + data=expected_body, + headers=expected_headers, ) @patch("sentry.api.endpoints.group_autofix_update.requests.post") @@ -56,19 +63,13 @@ def test_autofix_update_failure(self, mock_post): response = self.client.post( self.url, - data=orjson.dumps( - { - "run_id": 123, - "payload": { - "type": "select_root_cause", - "cause_id": 456, - }, - "invoking_user": { - "id": self.user.id, - "display_name": self.user.get_display_name(), - }, - } - ), + data={ + "run_id": 123, + "payload": { + "type": "select_root_cause", + "cause_id": 456, + }, + }, format="json", )