Revert "feat: Sync fork (#8)"

This reverts commit 480ee55.
KingsGambitLab · Apr 20, 2024 · 932e12e · 932e12e
1 parent 480ee55
commit 932e12e
Show file tree

Hide file tree

Showing 48 changed files with 406 additions and 1,119 deletions.
diff --git a/.env b/.env
@@ -14,6 +14,3 @@ WAL2JSON_VERSION=latest
 HEALTHCHECK_INTERVAL=30s
 HEALTHCHECK_TIMEOUT=1m30s
 HEALTHCHECK_RETRIES=10
-# Caution: Raising max connections of postgres increases CPU and RAM usage
-# see https://github.com/getsentry/self-hosted/pull/2740 for more information
-POSTGRES_MAX_CONNECTIONS=100
diff --git a/.github/ISSUE_TEMPLATE/problem-report.yml b/.github/ISSUE_TEMPLATE/problem-report.yml
@@ -36,7 +36,6 @@ body:
       placeholder: 2.6.0 ← should look like this (docker compose version)
       description: |
         What version of docker compose are you using to run self-hosted?
-        e.g: (docker compose version)
     validations:
       required: true
   - type: textarea

diff --git a/.gitignore b/.gitignore
@@ -101,6 +101,3 @@ postgres/wal2json
 # integration testing
 _integration-test/custom-ca-roots/nginx/*
 sentry/test-custom-ca-roots.py
-
-# OSX minutia
-.DS_Store
diff --git a/.platform/confighooks/prebuild/01_prebuild.sh b/.platform/confighooks/prebuild/01_prebuild.sh
@@ -2,7 +2,7 @@
 
 set -e
 /opt/elasticbeanstalk/bin/get-config environment | jq -r 'to_entries | .[] | "\(.key)=\"\(.value)\""' > .env
-printf "SENTRY_IMAGE=getsentry/sentry:24.4.1" >> .env
+printf "SENTRY_IMAGE=getsentry/sentry:23.12.1" >> .env
 set -a
 source .env
 set +a

diff --git a/.platform/confighooks/predeploy/01_loadenv.sh b/.platform/confighooks/predeploy/01_loadenv.sh
@@ -2,7 +2,7 @@
 
 set -e
 /opt/elasticbeanstalk/bin/get-config environment | jq -r 'to_entries | .[] | "\(.key)=\"\(.value)\""' > .env
-printf "SENTRY_IMAGE=getsentry/sentry:24.4.1" >> .env
+printf "SENTRY_IMAGE=getsentry/sentry:23.12.1" >> .env
 set -a
 source .env
 set +a

diff --git a/.platform/hooks/prebuild/01_prebuild.sh b/.platform/hooks/prebuild/01_prebuild.sh
@@ -2,7 +2,7 @@
 
 set -e
 /opt/elasticbeanstalk/bin/get-config environment | jq -r 'to_entries | .[] | "\(.key)=\"\(.value)\""' > .env
-printf "SENTRY_IMAGE=getsentry/sentry:24.4.1" >> .env
+printf "SENTRY_IMAGE=getsentry/sentry:23.12.1" >> .env
 set -a
 source .env
 set +a

diff --git a/.platform/hooks/predeploy/01_loadenv.sh b/.platform/hooks/predeploy/01_loadenv.sh
@@ -2,7 +2,7 @@
 
 set -e
 /opt/elasticbeanstalk/bin/get-config environment | jq -r 'to_entries | .[] | "\(.key)=\"\(.value)\""' > .env
-printf "SENTRY_IMAGE=getsentry/sentry:24.4.1" >> .env
+printf "SENTRY_IMAGE=getsentry/sentry:23.12.1" >> .env
 set -a
 source .env
 set +a

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,66 +1,5 @@
 # Changelog
 
-## 24.4.1
-
-### Various fixes & improvements
-
-- chore(deps): bump memcached and redis to latest patch versions (#2973) by @mdtro
-- Use docker compose exec to create additional kafka topics (#2904) by @saz
-- Add example to docker compose version in problem report (#2959) by @edgariscoding
-- Port last integration tests to python (#2966) by @hubertdeng123
-
-## 24.4.0
-
-### Various fixes & improvements
-
-- Use python for e2e tests (#2953) by @hubertdeng123
-- feat: adds group attributes consumer (#2927) by @scefali
-- fix(spans): Adds organizations:standalone-span-ingestion flag to default config (#2936) by @edwardgou-sentry
-- Bump ubuntu version for tests (#2923) by @hubertdeng123
-- Write Customization tests in python (#2918) by @hubertdeng123
-- feat(clickhouse): Added max_suspicious_broken_parts to the config.xml (#2853) by @victorelec14
-- Port backup tests to python (#2907) by @hubertdeng123
-- Fix defunct java processes (#2914) by @hubertdeng123
-- Integration tests in python (#2892) by @hubertdeng123
-- feat: run outcomes-billing consumer (#2909) by @lynnagara
-- Remove duplicate feature flags (#2899) by @JannKleen
-
-## 24.3.0
-
-### Various fixes & improvements
-
-- feat(spans): Ingest spans (#2861) by @phacops
-- Integration test improvements (#2858) by @hubertdeng123
-- increase postgres max_connections above 100 connections (#2740) by @erfantkerfan
-- deps: bump maxmind/geoipupdate to 6.1.0 (#2859) by @victorelec14
-- Enable proxy buffering in nginx (#2844) by @RexTim
-- Add snuba rust consumers (#2831) by @hubertdeng123
-- simplify if for open-ai-suggestion (#2732) by @LvckyAPI
-- Upgrade to FSL-1.1 (#2835) by @chadwhitacre
-- chore: provide clearer csrf url example (#2833) by @aldy505
-- chore: Use django ORM to perform sql commands (#2827) by @hubertdeng123
-- revert changes in 3067683f6c0e1c6dd9ceb72cb5155c1dbf3bf501 (#2829) by @hubertdeng123
-- use rust consumers in self-hosted (3067683f) by @hubertdeng123
-
-## 24.2.0
-
-### Various fixes & improvements
-
-- Bump nginx version (#2797) by @hubertdeng123
-- build(deps): bump pre-commit/action from 3.0.0 to 3.0.1 (#2788) by @dependabot
-- Tweak postgres indexing fix (#2792) by @hubertdeng123
-- fix: DB migration script (#2779) by @hubertdeng123
-
-## 24.1.2
-
-### Various fixes & improvements
-
-- Check memcached backend in Django (#2778) by @chadwhitacre
-- Fix groupedmessage indexing error (#2777) by @hubertdeng123
-- build(deps): bump actions/setup-python from 4 to 5 (#2644) by @dependabot
-- feat: provide csrf settings information for sentry config (#2762) by @aldy505
-- Fix apt config generation when http_proxy is set (#2725) (#2734) by @lemrouch
-
 ## 24.1.1
 
 ### Various fixes & improvements

diff --git a/LICENSE.md b/LICENSE.md
@@ -1,12 +1,12 @@
-# Functional Source License, Version 1.1, Apache 2.0 Future License
+# Functional Source License, Version 1.0, Apache 2.0 Change License
 
 ## Abbreviation
 
-FSL-1.1-Apache-2.0
+FSL-1.0-Apache-2.0
 
 ## Notice
 
-Copyright 2016-2024 Functional Software, Inc. dba Sentry
+Copyright 2016-2023 Functional Software, Inc. dba Sentry
 
 ## Terms and Conditions
 
@@ -30,15 +30,18 @@ and redistribute the Software for any Permitted Purpose identified below.
 ### Permitted Purpose
 
 A Permitted Purpose is any purpose other than a Competing Use. A Competing Use
-means making the Software available to others in a commercial product or
-service that:
+means use of the Software in or for a commercial product or service that
+competes with the Software or any other product or service we offer using the
+Software as of the date we make the Software available.
 
-1. substitutes for the Software;
+Competing Uses specifically include using the Software:
 
-2. substitutes for any other product or service we offer using the Software
-   that exists as of the date we make the Software available; or
+1. as a substitute for any of our products or services;
 
-3. offers the same or substantially similar functionality as the Software.
+2. in a way that exposes the APIs of the Software; and
+
+3. in a product or service that offers the same or substantially similar
+   functionality to the Software.
 
 Permitted Purposes specifically include using the Software:
 
@@ -48,8 +51,9 @@ Permitted Purposes specifically include using the Software:
 
 3. for non-commercial research; and
 
-4. in connection with professional services that you provide to a licensee
-   using the Software in accordance with these Terms and Conditions.
+4. in connection with software development services or managed services that
+   you provide to a licensee using the Software in accordance with these Terms
+and Conditions.
 
 ### Patents
 
@@ -84,13 +88,12 @@ Except for displaying the License Details and identifying us as the origin of
 the Software, you have no right under these Terms and Conditions to use our
 trademarks, trade names, service marks or product names.
 
-## Grant of Future License
+## Change License
 
-We hereby irrevocably grant you an additional license to use the Software under
-the Apache License, Version 2.0 that is effective on the second anniversary of
-the date we make the Software available. On or after that date, you may use the
-Software under the Apache License, Version 2.0, in which case the following
-will apply:
+On the second anniversary of the date we make the Software available, the
+Software will become available under the Apache 2.0 license. On that date, the
+Terms and Conditions above automatically terminate and the following terms
+become effective:
 
 Licensed under the Apache License, Version 2.0 (the "License"); you may not use
 this file except in compliance with the License.

diff --git a/_integration-test/conftest.py b/_integration-test/conftest.py
diff --git a/_integration-test/custom-ca-roots/setup.sh b/_integration-test/custom-ca-roots/setup.sh
@@ -0,0 +1,45 @@
+set -e
+export COMPOSE_FILE=docker-compose.yml:_integration-test/custom-ca-roots/docker-compose.test.yml
+
+TEST_NGINX_CONF_PATH=_integration-test/custom-ca-roots/nginx
+CUSTOM_CERTS_PATH=certificates
+
+# generate tightly constrained CA
+# NB: `-addext` requires LibreSSL 3.1.0+, or OpenSSL (brew install openssl)
+openssl req -x509 -new -nodes -newkey rsa:2048 -keyout $TEST_NGINX_CONF_PATH/ca.key \
+  -sha256 -days 1 -out $TEST_NGINX_CONF_PATH/ca.crt -batch \
+  -subj "/CN=TEST CA *DO NOT TRUST*" \
+  -addext "keyUsage = critical, keyCertSign, cRLSign" \
+  -addext "nameConstraints = critical, permitted;DNS:self.test"
+
+## Lines like the following are debug helpers ...
+# openssl x509 -in nginx/ca.crt -text -noout
+
+mkdir -p $CUSTOM_CERTS_PATH
+cp $TEST_NGINX_CONF_PATH/ca.crt $CUSTOM_CERTS_PATH/test-custom-ca-roots.crt
+
+# generate server certificate
+openssl req -new -nodes -newkey rsa:2048 -keyout $TEST_NGINX_CONF_PATH/self.test.key \
+  -addext "subjectAltName=DNS:self.test" \
+  -out $TEST_NGINX_CONF_PATH/self.test.req -batch -subj "/CN=Self Signed with CA Test Server"
+
+# openssl req -in nginx/self.test.req -text -noout
+
+openssl x509 -req -in $TEST_NGINX_CONF_PATH/self.test.req -CA $TEST_NGINX_CONF_PATH/ca.crt -CAkey $TEST_NGINX_CONF_PATH/ca.key \
+  -extfile <(printf "subjectAltName=DNS:self.test") \
+  -CAcreateserial -out $TEST_NGINX_CONF_PATH/self.test.crt -days 1 -sha256
+
+# openssl x509 -in nginx/self.test.crt -text -noout
+
+# sanity check that signed certificate passes OpenSSL's validation
+openssl verify -CAfile $TEST_NGINX_CONF_PATH/ca.crt $TEST_NGINX_CONF_PATH/self.test.crt
+
+# self signed certificate, for sanity check of not just accepting all certs
+openssl req -x509 -newkey rsa:2048 -nodes -days 1 -keyout $TEST_NGINX_CONF_PATH/fake.test.key \
+  -out $TEST_NGINX_CONF_PATH/fake.test.crt -addext "subjectAltName=DNS:fake.test" -subj "/CN=Self Signed Test Server"
+
+# openssl x509 -in nginx/fake.test.crt -text -noout
+
+cp _integration-test/custom-ca-roots/test.py sentry/test-custom-ca-roots.py
+
+$dc up -d fixture-custom-ca-roots
diff --git a/_integration-test/custom-ca-roots/teardown.sh b/_integration-test/custom-ca-roots/teardown.sh
@@ -0,0 +1,3 @@
+$dc rm -s -f -v fixture-custom-ca-roots
+rm -f certificates/test-custom-ca-roots.crt sentry/test-custom-ca-roots.py
+unset COMPOSE_FILE
diff --git a/_integration-test/custom-ca-roots/test.py b/_integration-test/custom-ca-roots/test.py
@@ -1,16 +1,15 @@
 import unittest
-
 import requests
 
 
 class CustomCATests(unittest.TestCase):
     def test_valid_self_signed(self):
-        self.assertEqual(requests.get("https://self.test").text, "ok")
+        self.assertEqual(requests.get("https://self.test").text, 'ok')
 
     def test_invalid_self_signed(self):
         with self.assertRaises(requests.exceptions.SSLError):
             requests.get("https://fail.test")
 
 
-if __name__ == "__main__":
+if __name__ == '__main__':
     unittest.main()
diff --git a/_integration-test/ensure-backup-restore-works.sh b/_integration-test/ensure-backup-restore-works.sh
@@ -0,0 +1,36 @@
+#!/usr/bin/env bash
+set -ex
+
+source install/_lib.sh
+source install/dc-detect-version.sh
+
+echo "${_group}Test that backup/restore works..."
+echo "Creating backup..."
+# Docker was giving me permissioning issues when trying to create this file and write to it even after giving read + write access
+# to group and owner. Instead, try creating the empty file and then give everyone write access to the backup file
+touch $(pwd)/sentry/backup.json
+chmod 666 $(pwd)/sentry/backup.json
+SENTRY_DOCKER_IO_DIR=$(pwd)/sentry /bin/bash $(pwd)/sentry-admin.sh export global /sentry-admin/backup.json --no-prompt
+if [ ! -s "$(pwd)/sentry/backup.json" ]; then
+  echo "Backup file is empty"
+  exit 1
+fi
+
+# Print backup.json contents
+echo "Backup file contents:\n\n"
+cat "$(pwd)/sentry/backup.json"
+
+# Bring postgres down and recreate the docker volume
+$dc stop postgres
+sleep 5
+$dc rm -f -v postgres
+docker volume rm sentry-postgres
+export SKIP_USER_CREATION=1
+source install/create-docker-volumes.sh
+source install/set-up-and-migrate-database.sh
+$dc up -d
+
+echo "Importing backup..."
+SENTRY_DOCKER_IO_DIR=$(pwd)/sentry /bin/bash $(pwd)/sentry-admin.sh import global /sentry-admin/backup.json --no-prompt
+
+rm $(pwd)/sentry/backup.json
diff --git a/_integration-test/ensure-customizations-not-present.sh b/_integration-test/ensure-customizations-not-present.sh
@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+set -ex
+
+source install/_lib.sh
+source install/dc-detect-version.sh
+
+# Negated version of ensure-customizations-work.sh, make changes in sync
+echo "${_group}Ensure customizations not present"
+! $dcr --no-deps web bash -c "if [ ! -e /created-by-enhance-image ]; then exit 1; fi"
+! $dcr --no-deps --entrypoint=/etc/sentry/entrypoint.sh sentry-cleanup bash -c "if [ ! -e /created-by-enhance-image ]; then exit 1; fi"
+! $dcr --no-deps web python -c "import ldap"
+! $dcr --no-deps --entrypoint=/etc/sentry/entrypoint.sh sentry-cleanup python -c "import ldap"
+echo "${_endgroup}"