search

getsentry / sentry

Developer-first error tracking and performance monitoring
https://sentry.io
Other
37.64k stars 4.05k forks source link

OpsGenie integration does not work when created via API. #59517

Open rodolfoBee opened 8 months ago

rodolfoBee commented 8 months ago

Environment

SaaS (https://sentry.io/)

Steps to Reproduce

  1. Have a sentry and opsgenie account
  2. Create a Sentry integration key in OpsGenie using the opsgenie api https://docs.opsgenie.com/docs/integration-api#create-api-based-integration
  3. Configure the OpsGenie integration in Sentry using the API key created in step2
  4. Create an alert rule to send messages to opsgenie.

Expected Result

The integration in Sentry works and alerts messages are sent to opsenie when a rule is triggered.

Actual Result

No alert messages are sent.

Issue was initially raised in: https://github.com/pulumi/pulumi-opsgenie/issues/203 Manually creating the integration in OpsGenie serves as a workaround, however there is not explanation at the moment on why the API-generated key does not.

@Dhrumil-Sentry mentions the user needs to created the integration via the UI. Is this a requirement? Is there an explanation on why this is the case?

Product Area

Settings - Integrations

Link

No response

DSN

No response

Version

No response

getsantry[bot] commented 8 months ago

Assigning to @getsentry/support for routing ⏲️

getsantry[bot] commented 8 months ago

Routing to @getsentry/product-owners-settings-integrations for triage ⏲️

Dhrumil-Sentry commented 8 months ago

Adding this to the backlog for investigating

m1n9o commented 8 months ago

Any progress on this? I tried it again, but it's still not working.

{
  "type": "Sentry",
  "name": "SentryIntegrationAPI",
  "ownerTeam": {
        "name": "[TEAM NAME]"
    },
  "allowReadAccess" : true,
    "allowWriteAccess" : true,
    "allowDeleteAccess" : false,
    "allowConfigurationAccess" : true,
  "ignoreRespondersFromPayload": false,
  "ignoreTeamsFromPayload": false,
  "suppressNotifications": false
}

This is the body I used to create the integration.

And this is the way I generate the exception.

import sentry_sdk
import random

sentry_sdk.init(
    dsn="YOUR DSN",
    # Set traces_sample_rate to 1.0 to capture 100%
    # of transactions for performance monitoring.
    traces_sample_rate=1.0,
)

def run():
    num = random.randint(5, 9)
    if num > 5:
        raise AttributeError
    if num < 5:
        raise BufferError

if __name__ == "__main__":
    run()
Dhrumil-Sentry commented 8 months ago

Hi @m1n9o we don't have an update for this yet, it's in our backlog for investigation, is there any reason why you can't just create the integration in the Opsgenie app and use that key itself?

m1n9o commented 8 months ago

Hi @m1n9o we don't have an update for this yet, it's in our backlog for investigation, is there any reason why you can't just create the integration in the Opsgenie app and use that key itself?

Since Click-ops is not encouraged in our company. So we are going to design an internal platform to provision OpsGenie (and Sentry) resources with IaC (maybe pulumi/terraform/api). For our long term goal, this is important.

martendeng commented 3 weeks ago

Are there any updates on this issue? We are currently facing the same thing.

To provide some extra information on our findings. Up until now we were using the legacy Opsgenie integration which seems to support communicating via integrations created using the Opsgenie API. Did something change where the current integration is doing some additional checks?

Additionally it seems like the Opsgenie Integration when created using the parameter allowConfigurationAccess = true actually fixes this issue. See here: https://github.com/pulumi/pulumi-opsgenie/issues/203#issuecomment-2139190383. Though it would be better to have this integration work out of the box. I'm wondering if Sentry is trying to access some data that it might not always have permission to?

mifu67 commented 1 week ago

Any progress on this? I tried it again, but it's still not working.

{
  "type": "Sentry",
  "name": "SentryIntegrationAPI",
  "ownerTeam": {
      "name": "[TEAM NAME]"
    },
  "allowReadAccess" : true,
  "allowWriteAccess" : true,
  "allowDeleteAccess" : false,
  "allowConfigurationAccess" : true,
  "ignoreRespondersFromPayload": false,
  "ignoreTeamsFromPayload": false,
  "suppressNotifications": false
}

This is the body I used to create the integration.

Hi @m1n9o and @martendeng,

I tried the code provided above, and it works for me. After investigating, it seems that allowConfigurationAccess must be set to true because the Opsgenie API requires that keys have configuration access to hit the authentication endpoint (https://api.opsgenie.com/v2/integrations/authenticate). We hit this endpoint before creating a new rule that sends Opsgenie notifications in order to verify that the keys are valid.