New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Setting cleanArtifacts: true
fails with a 403
#481
Comments
Thanks for reporting this! We need to adjust the endpoint in sentry to work with the |
@Wedvich could you please try again, but without the We think that the upload might work without the option, since the endpoint should simply overwrite any existing files with the same name. |
Without Is this intentional behavior? I tried reading the docs on Artifact Bundles but it doesn't say anything about multiple bundles with the same files for the same release? |
@Wedvich I believe the files that were uploaded last take priority in our resolving logic. But I'll have @Swatinem confirm that! |
The logic is indeed very complex and there is way too many moving parts, but we should always prefer the most recently uploaded bundle that contains the file being requested. If there is some problem with this, can you point me to a specific event and the release with bundles so I can take a closer look? |
@lforst your comment really seems to be the root cause, IMO. The suggested method for creating an Auth Token for use in this plugin will only have the Here are some extra logs showing the command: sentry-cli was invoked with the following command line: "/app/node_modules/@sentry/cli-linux-x64/bin/sentry-cli" "releases" "files" "some:release-name-here" "delete" "--all"
error: API request failed
caused by: sentry reported an error: You do not have permission to perform this action. (http status: 403) It appears that the Hoping for a fix...thanks! |
then we need to check if we can adjust the permissions for deleting so that this works with the org based auth token. If you use an old user auth token (Settings -> Account -> API -> User Auth Tokens), does it work then? |
I/we don't use any User Auth Tokens in these scenarios, so I can't tell you about that specifically, but we do have an organization |
Hmm yes, afaik these integration tokens and user tokens work very similarly, so that makes sense. Thanks for testing! |
Ok so after some pondering we decided to deprecate and delete |
Lemme know if you think this is stupid or not 😄 |
If what you said is true - that overwritten files will just be picked up/prioritized as one might expect - then I think you're right that this sounds fine for me and probably most users who don't actually really care whether the old files are deleted, as long as having them around:
I personally don't feel like we need our files deleted before a new set of maps are pushed up. Others may disagree but sounds unlikely to me. Curious as to why the choice to remove/deprecate vs fix? Seems like there are some issues between the various tokens being supported. I have seen (and experienced) some other issues with tokens being rejected by the CLI for not having a valid format sometimes...but for us right now our Custom Integration token seems to work everywhere we need it to. |
It should not cause problems (very generic I know 😄) and sourcemaps also don't count towards any quota and we also do not have plans to make them count towards quota. Enjoy the free storage lol 😄
Exactly. So recently we introduced organization auth tokens with very limited scope to drastically reduce the complexity when setting up source maps. In our documentation, we now heavily tell you to use these new auth tokens because they are much simpler to set up and also have upsides like encoding the org and your self-hosted instance. The thing is, we didn't consider the full capabilities of our bundler plugins, meaning for some features the limited scope of these tokens was not enough. We thought about widening the permissions of the tokens but didn't really want to do that for security reasons, so we instead opted to remove the unnecessary feature. |
Gotcha...makes sense. This will be in some upcoming release then? Thank you for your support and explanations! |
@newhouse Yep this will land soon. For now, please just remove the |
Environment
Steps to Reproduce
I added
cleanArtifacts: true
to my config, and tried to overwrite the same release name.Expected Result
The existing artifact bundle should be deleted, and the new artifacts should be uploaded. When Webpack is done I expect to only see one artifact bundle under the release.
Actual Result
The upload with the new artifact bundle succeeds, but the old artifacts aren't deleted, and I get the following error in the logs:
I have the Manager role in my Sentry org, and I can manually delete artifact bundles and releases in the Sentry UI.
The text was updated successfully, but these errors were encountered: