Sentry-cli v1.49.0 login failure for on-premise upon unrecognization of token option

On-Premise
1

Hello

We have setup a CI/CD procedure, in which we would automatically login to our on-premise Sentry instance by using sentry-cli for release and commit management.

And we found for sentry-cli version 1.49.0, automatic command line login seems always failed as the token passed is not able to be recognized.

We switched on the debug mode, and found following problems:

  1. token passed by auto-token is not recognized, it only accept a manual input

  2. before manual entry of token, another manual input for not-opening browser is mandatory

  3. the login takes a long time for update checking, while in our CI/CD environment there may be of no connection.

and here is the output

[root@gs-lab53]# sentry-cli --auth-token d059bc058eaa46cba2ac87d390f99472208be799c66d4f22bbd007f3400f9bb6 --url http://[masked]:44551/ --log-level DEBUG login
  INFO    2020-01-06 15:19:52.774937671 +08:00 Loaded config from /root/.sentryclirc
  DEBUG   2020-01-06 15:19:52.775233507 +08:00 sentry-cli version: 1.49.0, platform: "linux", architecture: "x86_64"
  INFO    2020-01-06 15:19:52.775254190 +08:00 sentry-cli was invoked with the following command line: "sentry-cli" "--auth-token" "d059bc058eaa46cba2ac87d390f99472208be799c66d4f22bbd007f3400f9bb6" "--url" "http://[masked]:44551/" "--log-level" "DEBUG" "login"
This helps you signing in your sentry-cli with an authentication token.
If you do not yet have a token ready we can bring up a browser for you
to create a token now.

Sentry server: [masked]
Open browser now? [y/n] n
Enter your token: d059bc058eaa46cba2ac87d390f99472208be799c66d4f22bbd007f3400f9bb6
  DEBUG   2020-01-06 15:20:09.608525578 +08:00 request GET http://[masked]:44551/api/0/
  DEBUG   2020-01-06 15:20:09.608558040 +08:00 using token authentication
  DEBUG   2020-01-06 15:20:09.608572570 +08:00 retry number 0, max retries: 0
  DEBUG   2020-01-06 15:20:09.761724134 +08:00 > GET http://[masked]:44551/api/0/ HTTP/1.1
  DEBUG   2020-01-06 15:20:09.761746846 +08:00 > Host: [masked]:44551
  DEBUG   2020-01-06 15:20:09.761755131 +08:00 > Accept: */*
  DEBUG   2020-01-06 15:20:09.761762322 +08:00 > Connection: TE
  DEBUG   2020-01-06 15:20:09.761769339 +08:00 > TE: gzip
  DEBUG   2020-01-06 15:20:09.761776674 +08:00 > Proxy-Connection: Keep-Alive
  DEBUG   2020-01-06 15:20:09.761783762 +08:00 > User-Agent: sentry-cli/1.49.0
  DEBUG   2020-01-06 15:20:09.762331860 +08:00 > Authorization: Bearer d059bc05***
  DEBUG   2020-01-06 15:20:10.717656951 +08:00 < HTTP/1.1 200 OK
  DEBUG   2020-01-06 15:20:10.717681675 +08:00 < Server: nginx/1.17.1
  DEBUG   2020-01-06 15:20:10.717691799 +08:00 < Date: Mon, 06 Jan 2020 07:25:57 GMT
  DEBUG   2020-01-06 15:20:10.717701318 +08:00 < Content-Type: application/json
  DEBUG   2020-01-06 15:20:10.717713088 +08:00 < Content-Length: 851
  DEBUG   2020-01-06 15:20:10.717721374 +08:00 < X-XSS-Protection: 1; mode=block
  DEBUG   2020-01-06 15:20:10.717729048 +08:00 < X-Content-Type-Options: nosniff
  DEBUG   2020-01-06 15:20:10.717736581 +08:00 < X-Frame-Options: deny
  DEBUG   2020-01-06 15:20:10.717744845 +08:00 < Content-Language: en
  DEBUG   2020-01-06 15:20:10.717753255 +08:00 < Vary: Accept-Language, Cookie
  DEBUG   2020-01-06 15:20:10.717761141 +08:00 < Allow: GET, HEAD, OPTIONS
  DEBUG   2020-01-06 15:20:10.717768954 +08:00 < Via: 1.1 [masked]
  DEBUG   2020-01-06 15:20:10.717831375 +08:00 response status: 200
  DEBUG   2020-01-06 15:20:10.717844939 +08:00 body: {"version": "0", "user": {"username": "[masked]", "lastLogin": "2020-01-03T08:13:16.711Z", "isSuperuser": false, "emails": [{"is_verified": true, "id": "2", "email": "[masked]"}], "isManaged": false, "lastActive": "2020-01-06T07:16:06.019Z", "identities": [], "id": "2", "isActive": true, "has2fa": false, "name": "[masked]", "avatarUrl": "https://secure.gravatar.com/avatar/[masked]", "dateJoined": "2019-07-10T06:43:41.547Z", "options": {"timezone": "Asia/Shanghai", "stacktraceOrder": -1, "language": "en", "clock24Hours": true}, "flags": {"newsletter_consent_prompt": false}, "avatar": {"avatarUuid": null, "avatarType": "letter_avatar"}, "hasPasswordAuth": true, "email": "[masked]"}, "auth": {"scopes": ["org:read", "project:read", "project:releases"]}}
Valid token for user [masked]

Stored token in /root/.sentryclirc
  INFO    2020-01-06 15:20:10.721033878 +08:00 Running update nagger update check
  DEBUG   2020-01-06 15:20:10.721900926 +08:00 request GET https://release-registry.services.sentry.io/apps/sentry-cli/latest
  DEBUG   2020-01-06 15:20:10.721924432 +08:00 retry number 0, max retries: 0

expectation:

  • token entered at auto-token can be recognized.
  • Prefer an option to disable the update in case of a closed CI/CD environment

B.R.

2

login does not take an auth-token that it persists. We can add support for that but for CI/CD it’s generally better to supply that information in environment variables. Is there a reason you’re not using that?

The update check can be disabled with SENTRY_DISABLE_UPDATE_CHECK=1 as environment variable.

3

Sorry I misunderstood the document at https://docs.sentry.io/cli/configuration/, and guess a seperate login is needed.

Actually all we need to do is to set the environment variables as described in https://docs.sentry.io/cli/configuration/ for the token, url etc and pass these environment variables to the CI/CD system for automatic sentry release creation and commit linkage operation using the command-line interface during deploy management.

Excellent!

1 Like