test(integrations): Add permission, IDOR, and edge case tests for bulk code mappings#109786
Merged
test(integrations): Add permission, IDOR, and edge case tests for bulk code mappings#109786
Conversation
romtsn
force-pushed
the
rz/feat/bulk-code-mappings-edge-cases
branch
from
a7c3d3c to
bba4e7d
Compare
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
tests/sentry/integrations/api/endpoints/test_organization_code_mappings_bulk.py
Show resolved
Hide resolved
romtsn
force-pushed
the
rz/feat/bulk-code-mappings-edge-cases
branch
from
bba4e7d to
fb4125f
Compare
romtsn
force-pushed
the
rz/feat/bulk-code-mappings-endpoint
branch
from
388490d to
f859e09
Compare
romtsn
force-pushed
the
rz/feat/bulk-code-mappings-edge-cases
branch
from
fb4125f to
7c50a5e
Compare
romtsn
force-pushed
the
rz/feat/bulk-code-mappings-edge-cases
branch
from
7c50a5e to
7a39daa
Compare
romtsn
force-pushed
the
rz/feat/bulk-code-mappings-edge-cases
branch
from
7a39daa to
63d0d0c
Compare
romtsn
force-pushed
the
rz/feat/bulk-code-mappings-edge-cases
branch
from
63d0d0c to
84754bc
Compare
romtsn
force-pushed
the
rz/feat/bulk-code-mappings-edge-cases
branch
from
84754bc to
7a5a034
Compare
romtsn
force-pushed
the
rz/feat/bulk-code-mappings-edge-cases
branch
from
7a5a034 to
1627b8f
Compare
romtsn
force-pushed
the
rz/feat/bulk-code-mappings-endpoint
branch
from
8a88ceb to
e78bac9
Compare
romtsn
force-pushed
the
rz/feat/bulk-code-mappings-edge-cases
branch
from
1627b8f to
2802318
Compare
romtsn
force-pushed
the
rz/feat/bulk-code-mappings-edge-cases
branch
from
2802318 to
2def8c1
Compare
3 tasks
This was referenced Mar 12, 2026
Merged
scttcper
approved these changes
Mar 12, 2026
scttcper
reviewed
Mar 12, 2026
tests/sentry/integrations/api/endpoints/test_organization_code_mappings_bulk.py
Outdated
Show resolved
Hide resolved
armenzg
reviewed
Mar 16, 2026
| instance = mock_prc.call_args[0][0] | ||
| assert instance._skip_post_save is False | ||
|
|
||
| def test_skip_post_save_does_not_leak_to_fetched_instances(self) -> None: |
Member
There was a problem hiding this comment.
Can you please explain what does this test actually test? I'm not following it.
Member
Author
There was a problem hiding this comment.
Added a docstring explaining the test: the endpoint sets _skip_post_save on in-memory instances to batch side-effects, and this test verifies that freshly fetched instances from the DB don't carry the suppressed flag.
— Claude Code
Member
Author
There was a problem hiding this comment.
To ensure the transient skip_post_save flag does not leak. added a docstring in 5401221
tests/sentry/integrations/api/endpoints/test_organization_code_mappings_bulk.py
Show resolved
Hide resolved
romtsn
force-pushed
the
rz/feat/bulk-code-mappings-endpoint
branch
3 times, most recently
from
d64c9f8 to
a042869
Compare
- Switch Repository.objects.create to self.create_repo() factory - Assert automatically_generated=False in happy path test
Suppress the per-save post_save signal during the mapping loop to avoid 300 redundant cache clears and celery task dispatches. Side effects (update_code_owners_schema + clear commit context cache) now fire once after the entire batch completes. Adds dispatch_uid to the RepositoryProjectPathConfig post_save signal connection to enable clean disconnect/reconnect.
…k code mappings Add tests for org:ci token auth, project access checks, cross-org IDOR prevention, duplicate stackRoot handling, and multiple repos with the same name.
The setUp login_as establishes a session that takes precedence over the Bearer token, so the test was passing via session auth, not the org:ci token. Adding logout ensures only token auth is exercised.
romtsn
force-pushed
the
rz/feat/bulk-code-mappings-edge-cases
branch
from
990bed3 to
3b10358
Compare
github-actions
bot
added
the
Scope: Backend
romtsn
added a commit
to getsentry/sentry-cli
that referenced
this pull request
Mar 20, 2026
_#skip-changelog_ Add the `sentry-cli code-mappings upload` subcommand group and the `upload` subcommand with file parsing and validation. This is the first in a stack of 4 PRs to support bulk uploading code mappings from a JSON file — useful for Java/Android multi-module projects that need dozens of mappings. This PR adds: - Command scaffold following the `repos`/`deploys` pattern - JSON file reading and validation (empty arrays, empty stackRoot/sourceRoot) - CLI args: positional `PATH`, `--repo`, `--default-branch` - Help and no-subcommand trycmd integration tests Stack: **#3207** → #3208 → #3209 → #3210 Backend PRs: getsentry/sentry#109783, getsentry/sentry#109785, getsentry/sentry#109786 Closes getsentry/sentry-android-gradle-plugin#1076 Closes getsentry/sentry-android-gradle-plugin#1077 --------- Co-authored-by: Claude Opus 4.6 <[email protected]>
romtsn
added a commit
to getsentry/sentry-cli
that referenced
this pull request
Mar 24, 2026
…3208) *#skip-changelog* When `--repo` or `--default-branch` are not provided, infer them from the<br>local git repository. Uses the configured VCS remote (SENTRY_VCS_REMOTE / ini)<br>first, then falls back to best-effort remote detection (upstream > origin > first). Also extracts `find_best_remote()` as a shared utility in `src/utils/vcs.rs`,<br>replacing the inline logic that was duplicated in `git_repo_base_repo_name_preserve_case`. Stack: #3207 → [#3208](<#3208>) → [#3209](<#3209>) → [#3210](<#3210>) Backend PRs: [getsentry/sentry#109783](<getsentry/sentry#109783>), [getsentry/sentry#109785](<getsentry/sentry#109785>), [getsentry/sentry#109786](<getsentry/sentry#109786>) Closes [GRADLE-79](https://linear.app/getsentry/issue/GRADLE-79/add-git-inference-for-repo-name-and-default-branch) --------- Co-authored-by: Claude Opus 4.6 <[email protected]>
romtsn
added a commit
to getsentry/sentry-cli
that referenced
this pull request
Mar 24, 2026
…#3209) _#skip-changelog_ Connect the `code-mappings upload` command to the bulk code mappings API endpoint (`POST /api/0/organizations/{org}/code-mappings/bulk/`). Adds: - `bulk_upload_code_mappings()` method on `AuthenticatedApi` - Request/response data types in `src/api/data_types/code_mappings.rs` - Summary table and error reporting in the command output - Happy-path integration test with mock endpoint Stack: #3207 → #3208 → **#3209** → #3210 Backend PRs: getsentry/sentry#109783, getsentry/sentry#109785, getsentry/sentry#109786 Closes getsentry/sentry-android-gradle-plugin#1079 --------- Co-authored-by: Claude Opus 4.6 <[email protected]>
romtsn
added a commit
to getsentry/sentry-cli
that referenced
this pull request
Mar 24, 2026
_#skip-changelog_ Split large mapping files into batches of 300 (the backend limit) per request. Each batch is sent sequentially with progress reporting, and results are merged into a single summary. Also changes the output table to only show error rows — for large uploads (hundreds of mappings), printing every row would flood the terminal. Successful mappings are reflected in the summary counts instead. Stack: #3207 → #3208 → #3209 → **#3210** Backend PRs: getsentry/sentry#109783, getsentry/sentry#109785, getsentry/sentry#109786 --------- Co-authored-by: Claude Opus 4.6 <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
org:citoken authentication (sentry-cli CI use case)Depends on #109785
Closes getsentry/sentry-android-gradle-plugin#1075
Test plan