Description
Problem Statement
Description
The current method for configuring repositories in Sentry requires manual intervention by a user with Admin or higher privileges in Sentry and Owner or Maintainer access in the corresponding GitLab repositories. This reliance on manual configuration is cumbersome, especially in organizations that follow the principle of least privilege. To improve the efficiency, scalability, and automation of Sentry integrations, we propose enabling repository integration configuration via the Sentry API using admin credentials or service accounts.
Problem Statement
Currently, there is no way to programmatically configure repository integrations in Sentry. This limitation results in the following challenges:
- Observability teams often lack direct Admin access to all repositories in GitLab or Sentry, adhering to the principle of least privilege.
- Team members with the "Member" role in Sentry cannot configure repositories in their own projects.
- The lack of automation support for repository integrations leads to repetitive manual tasks, increasing time-to-delivery for Sentry setup.
This also introduces a significant dependency on users with specific permissions.
For example:
- An Observability team without Admin privileges cannot integrate GitLab repositories with Sentry.
- Even if a GitLab repository service account with suitable credentials is used, it cannot meet all permissions requirements, and integrations fail (e.g., "403 Forbidden" or "400 Bad Request" errors).
- The only current workaround is manual intervention by a user with proper permissions, which is neither scalable nor aligned with automation-first principles.
Proposed Solution
- Extend Sentry's API to allow programmatic repository integration configuration using Admin accounts or service accounts.
- Create API endpoints that support:
- Adding repositories to Sentry projects.
- Assigning proper repository roles to users in Sentry during the integration process.
- Ensure API calls respect security policies and include proper validation and error handling to prevent misuse.
This capability will enable contributions to Sentry's environment in a way that respects security and permissions while supporting automation and scalability for large organizations.
Expected Benefits
- Automation: Support for API-driven workflows will reduce the need for manual intervention, accelerating setup and configuration.
- Scalability: Large organizations with many repositories can easily integrate them without process bottlenecks caused by manual intervention.
- Alignment with DevOps Principles: Enhances collaboration and self-service, empowering teams to manage their repositories in Sentry without relying on admins.
- Reduced Dependencies: Minimize the need for users with specific privileges to complete repository setups.
Example Use Case
An Observability team wants to set up error monitoring for a GitLab repository across multiple Sentry projects. Using the proposed API capabilities:
- The team’s service account could programmatically integrate the repository with required scopes.
- Configuration will no longer depend on permissions of individual users, making it easier to scale setups for new projects or repositories automatically.
References
The current issue is documented in a [Sentry support conversation], where existing permissions and workflows were reviewed. Highlights include:
- Integration failure due to insufficient permissions.
- Manual configuration (with correct permissions) as the only current workaround.
- Related issue waiting for the API: Gitlab Integration: How to add all repositories #85928
Solution Brainstorm
No response
Product Area
Settings - Integrations
Metadata
Metadata
Assignees
Type
Projects
Status