feat: sentry integration (#1944)

* initial sentry variables and secrets * feat: sentry monitoring * fix typo * feat(sentry version): sentry capability * fix(sentry include): included sentry import 4 zitadel * usage flag for sentry * improve sentry flag * merge main * fix sentry config * add sentry dsn to secret env vars * fix test * log sentry start * add sentry grpc interceptor and recover * add sentry http interceptor to asset api * fix interceptor order * try improve sentry recover * fix i18n interception * panic Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2025-02-25 18:55:27 -06:00 · 2021-07-05 10:58:58 +02:00
parent beb1c1604a
commit b024cda4e5
16 changed files with 218 additions and 11 deletions
--- a/operator/zitadel/kinds/iam/zitadel/adapt.go
+++ b/operator/zitadel/kinds/iam/zitadel/adapt.go
@@ -114,6 +114,7 @@ func AdaptFunc(
 			certPath,
 			secretName,
 			secretPath,
+			version,
 			consoleCMName,
 			secretVarsName,
 			secretPasswordName,
--- a/operator/zitadel/kinds/iam/zitadel/configuration/adapt.go
+++ b/operator/zitadel/kinds/iam/zitadel/configuration/adapt.go
@@ -38,6 +38,7 @@ func AdaptFunc(
 	certPath string,
 	secretName string,
 	secretPath string,
+	version *string,
 	consoleCMName string,
 	secretVarsName string,
 	secretPasswordName string,
@@ -148,6 +149,7 @@ func AdaptFunc(
 						secretPath,
 						googleServiceAccountJSONPath,
 						zitadelKeysPath,
+						version,
 						queried,
 					),
 				)
@@ -194,6 +196,7 @@ func AdaptFunc(
 						secretPath,
 						googleServiceAccountJSONPath,
 						zitadelKeysPath,
+						version,
 						queried,
 					),
 				),
--- a/operator/zitadel/kinds/iam/zitadel/configuration/adapt_test.go
+++ b/operator/zitadel/kinds/iam/zitadel/configuration/adapt_test.go
@@ -23,6 +23,7 @@ func SetConfigMap(
 	labels map[string]string,
 	queried map[string]interface{},
 	desired *Configuration,
+	version *string,
 	users map[string]string,
 	certPath, secretPath, googleServiceAccountJSONPath, zitadelKeysPath string,
 ) {
@@ -33,7 +34,7 @@ func SetConfigMap(
 			Name:      cmName,
 			Labels:    labels,
 		},
-		Data: literalsConfigMap(desired, users, certPath, secretPath, googleServiceAccountJSONPath, zitadelKeysPath, queried),
+		Data: literalsConfigMap(desired, users, certPath, secretPath, googleServiceAccountJSONPath, zitadelKeysPath, version, queried),
 	})
 }

@@ -133,6 +134,7 @@ func TestConfiguration_Adapt(t *testing.T) {
 	getClientID := func() string { return "test" }
 	certPath := "test"
 	secretPath := "test"
+	version := "test"
 	users := map[string]string{
 		"migration":    "migration",
 		"management":   "management",
@@ -162,6 +164,7 @@ func TestConfiguration_Adapt(t *testing.T) {
 		labels.MustForNameK8SMap(componentLabels, cmName),
 		queried,
 		desiredEmpty,
+		&version,
 		users,
 		certPath,
 		secretPath,
@@ -212,6 +215,7 @@ func TestConfiguration_Adapt(t *testing.T) {
 		certPath,
 		secretName,
 		secretPath,
+		&version,
 		consoleCMName,
 		secretVarsName,
 		secretPasswordName,
@@ -240,6 +244,7 @@ func TestConfiguration_AdaptFull(t *testing.T) {
 	getClientID := func() string { return "test2" }
 	certPath := "test2"
 	secretPath := "test2"
+	version := "test"
 	users := map[string]string{
 		"migration":    "migration",
 		"management":   "management",
@@ -269,6 +274,7 @@ func TestConfiguration_AdaptFull(t *testing.T) {
 		labels.MustForNameK8SMap(componentLabels, cmName),
 		queried,
 		desiredFull,
+		&version,
 		users,
 		certPath,
 		secretPath,
@@ -319,6 +325,7 @@ func TestConfiguration_AdaptFull(t *testing.T) {
 		certPath,
 		secretName,
 		secretPath,
+		&version,
 		consoleCMName,
 		secretVarsName,
 		secretPasswordName,
--- a/operator/zitadel/kinds/iam/zitadel/configuration/desired.go
+++ b/operator/zitadel/kinds/iam/zitadel/configuration/desired.go
@@ -19,6 +19,7 @@ type Configuration struct {
 	DNS                 *DNS           `yaml:"dns"`
 	ClusterDNS          string         `yaml:"clusterdns"`
 	AssetStorage        *AssetStorage  `yaml:"assetStorage,omitempty"`
+	Sentry              *Sentry        `yaml:"sentry,omitempty"`
 }

 func (c *Configuration) Validate() (err error) {
@@ -142,3 +143,11 @@ type Cache struct {
 	ShortMaxAge       string `yaml:"shortMaxAge,omitempty"`
 	ShortSharedMaxAge string `yaml:"shortSharedMaxAge,omitempty"`
 }
+
+type Sentry struct {
+	SentryDSN         *secret.Secret   `yaml:"sentryDSN,omitempty"`
+	ExistingSentryDSN *secret.Existing `yaml:"existingSentryDSN,omitempty"`
+	Environment       string           `yaml:"environment,omitempty"`
+	Version           string           `yaml:"version,omitempty"`
+	Usage             string           `yaml:"usage,omitempty"`
+}
--- a/operator/zitadel/kinds/iam/zitadel/configuration/literals.go
+++ b/operator/zitadel/kinds/iam/zitadel/configuration/literals.go
@@ -19,6 +19,7 @@ func literalsConfigMap(
 	desired *Configuration,
 	users map[string]string,
 	certPath, secretPath, googleServiceAccountJSONPath, zitadelKeysPath string,
+	version *string,
 	queried map[string]interface{},
 ) map[string]string {

@@ -109,6 +110,11 @@ func literalsConfigMap(
 			literalsConfigMap["ZITADEL_ASSET_STORAGE_BUCKET_PREFIX"] = desired.AssetStorage.BucketPrefix
 			literalsConfigMap["ZITADEL_ASSET_STORAGE_MULTI_DELETE"] = strconv.FormatBool(desired.AssetStorage.MultiDelete)
 		}
+		if desired.Sentry != nil {
+			literalsConfigMap["SENTRY_ENVIRONMENT"] = desired.Sentry.Environment
+			literalsConfigMap["SENTRY_RELEASE"] = *version
+			literalsConfigMap["SENTRY_USAGE"] = desired.Sentry.Usage
+		}
 	}

 	db, err := database.GetDatabaseInQueried(queried)
@@ -191,6 +197,16 @@ func literalsSecretVars(k8sClient kubernetes.ClientInt, desired *Configuration)
 				literalsSecretVars["ZITADEL_ASSET_STORAGE_SECRET_ACCESS_KEY"] = value
 			}
 		}
+		if desired.Sentry != nil {
+			as := desired.Sentry
+			if as.SentryDSN != nil || as.ExistingSentryDSN != nil {
+				value, err := read.GetSecretValue(k8sClient, as.SentryDSN, as.ExistingSentryDSN)
+				if err != nil {
+					return nil, err
+				}
+				literalsSecretVars["SENTRY_DSN"] = value
+			}
+		}
 	}
 	return literalsSecretVars, nil
 }
--- a/operator/zitadel/kinds/iam/zitadel/configuration/literals_test.go
+++ b/operator/zitadel/kinds/iam/zitadel/configuration/literals_test.go
@@ -222,6 +222,7 @@ func TestConfiguration_LiteralsConfigMap(t *testing.T) {
 	secretPath := "test"
 	googleSA := "test"
 	zitadelKeyPath := "test"
+	version := "test"
 	users := map[string]string{
 		"migration":    "migration",
 		"management":   "management",
@@ -297,7 +298,7 @@ func TestConfiguration_LiteralsConfigMap(t *testing.T) {
 		"ZITADEL_ASSET_STORAGE_MULTI_DELETE":  "false",
 	}

-	literals := literalsConfigMap(desiredEmpty, users, certPath, secretPath, googleSA, zitadelKeyPath, queried)
+	literals := literalsConfigMap(desiredEmpty, users, certPath, secretPath, googleSA, zitadelKeyPath, &version, queried)

 	assert.Equal(t, equals, literals)
 }
@@ -307,6 +308,7 @@ func TestConfiguration_LiteralsConfigMapFull(t *testing.T) {
 	secretPath := "test"
 	googleSA := "test"
 	zitadelKeyPath := "test"
+	version := "test"
 	users := map[string]string{
 		"migration":    "migration2",
 		"management":   "management2",
@@ -381,7 +383,7 @@ func TestConfiguration_LiteralsConfigMapFull(t *testing.T) {
 		"ZITADEL_ASSET_STORAGE_BUCKET_PREFIX": "bucketprefix",
 		"ZITADEL_ASSET_STORAGE_MULTI_DELETE":  "false",
 	}
-	literals := literalsConfigMap(desiredFull, users, certPath, secretPath, googleSA, zitadelKeyPath, queried)
+	literals := literalsConfigMap(desiredFull, users, certPath, secretPath, googleSA, zitadelKeyPath, &version, queried)

 	assert.EqualValues(t, equals, literals)
 }
--- a/operator/zitadel/kinds/iam/zitadel/deployment/container.go
+++ b/operator/zitadel/kinds/iam/zitadel/deployment/container.go
@@ -79,6 +79,13 @@ func GetContainer(
 					Key:                  "ZITADEL_ASSET_STORAGE_SECRET_ACCESS_KEY",
 				},
 			}},
+		{Name: "SENTRY_DSN",
+			ValueFrom: &corev1.EnvVarSource{
+				SecretKeyRef: &corev1.SecretKeySelector{
+					LocalObjectReference: corev1.LocalObjectReference{Name: secretVarsName},
+					Key:                  "SENTRY_DSN",
+				},
+			}},
 	}

 	sort.Strings(users)
--- a/operator/zitadel/kinds/iam/zitadel/deployment/container_test.go
+++ b/operator/zitadel/kinds/iam/zitadel/deployment/container_test.go
@@ -7,11 +7,12 @@ import (
 	"github.com/caos/zitadel/operator/common"

 	"github.com/caos/orbos/pkg/kubernetes/k8s"
-	"github.com/caos/zitadel/operator/helpers"
 	"github.com/stretchr/testify/assert"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/resource"
 	"k8s.io/apimachinery/pkg/util/intstr"
+
+	"github.com/caos/zitadel/operator/helpers"
 )

 func TestDeployment_GetContainer(t *testing.T) {
@@ -85,6 +86,14 @@ func TestDeployment_GetContainer(t *testing.T) {
 					Key:                  "ZITADEL_ASSET_STORAGE_SECRET_ACCESS_KEY",
 				},
 			}},
+		{Name: "SENTRY_DSN",
+			ValueFrom: &corev1.EnvVarSource{
+				SecretKeyRef: &corev1.SecretKeySelector{
+					LocalObjectReference: corev1.LocalObjectReference{Name: secretVarsName},
+					Key:                  "SENTRY_DSN",
+				},
+			},
+		},
 		{
 			Name: "CR_TEST_PASSWORD",
 			ValueFrom: &corev1.EnvVarSource{
--- a/operator/zitadel/kinds/iam/zitadel/secrets.go
+++ b/operator/zitadel/kinds/iam/zitadel/secrets.go
@@ -124,5 +124,20 @@ func getSecretsMap(desiredKind *DesiredV0) (
 	secretKey := "secretaccesskey"
 	secrets[secretKey] = conf.AssetStorage.SecretAccessKey
 	existing[secretKey] = conf.AssetStorage.ExistingSecretAccessKey
+
+	if conf.Sentry == nil {
+		conf.Sentry = &configuration.Sentry{}
+	}
+	if conf.Sentry.SentryDSN == nil {
+		conf.Sentry.SentryDSN = &secret.Secret{}
+	}
+	if conf.Sentry.ExistingSentryDSN == nil {
+		conf.Sentry.ExistingSentryDSN = &secret.Existing{}
+	}
+
+	SentryDSN := "sentrydsn"
+	secrets[SentryDSN] = conf.Sentry.SentryDSN
+	existing[SentryDSN] = conf.Sentry.ExistingSentryDSN
+
 	return secrets, existing
 }