feat(backup): Add preprocessing relocation tasks (#59199)

These tasks deal with all of the little preparatory steps we need to complete before we can do a full-fledged, Google CloudBuild backed validation run. This includes performing some basic validation that we can do cheaply up front, as well as ensuring that all of the necessary data has been collected and moved to the correct location in GCS. Issue: getsentry/team-ospo#203
getsentry · Nov 6, 2023 · 795b976 · 795b976
1 parent 6e22caa
commit 795b976
Show file tree

Hide file tree

Showing 11 changed files with 1,026 additions and 43 deletions.
diff --git a/fixtures/backup/invalid-user.json b/fixtures/backup/invalid-user.json
@@ -0,0 +1,27 @@
+[
+    {
+        "model": "sentry.user",
+        "pk": 1,
+        "fields": {
+            "password": "pbkdf2_sha256$150000$iEvdIknqYjTr$+QsGn0tfIJ1FZLxQI37mVU1gL2KbL/wqjMtG/dFhsMA=",
+            "last_login": null,
+            "name": "",
+            "email": "maximum@example.com",
+            "is_staff": true,
+            "is_active": true,
+            "is_superuser": true,
+            "is_managed": false,
+            "is_sentry_app": null,
+            "is_password_expired": false,
+            "is_unclaimed": false,
+            "last_password_change": "2023-06-22T22:59:57.023Z",
+            "flags": "0",
+            "session_nonce": null,
+            "date_joined": "2023-06-22T22:59:55.488Z",
+            "last_active": "2023-06-22T22:59:55.489Z",
+            "avatar_type": 0,
+            "avatar_url": null,
+            "doesnotexist": "foo"
+        }
+    }
+]
diff --git a/fixtures/backup/single-option.json b/fixtures/backup/single-option.json
@@ -3,10 +3,10 @@
         "model": "sentry.option",
         "pk": 1,
         "fields": {
-        "key": "sentry:latest_version",
-        "last_updated": "2023-06-22T00:00:00.000Z",
-        "last_updated_by": "unknown",
-        "value": "\"23.6.1\""
+            "key": "sentry:latest_version",
+            "last_updated": "2023-06-22T00:00:00.000Z",
+            "last_updated_by": "unknown",
+            "value": "\"23.6.1\""
         }
     }
 ]
diff --git a/src/sentry/backup/helpers.py b/src/sentry/backup/helpers.py
@@ -18,6 +18,7 @@
 
 from sentry.backup.scopes import RelocationScope
 from sentry.utils import json
+from sentry.utils.env import gcp_project_id
 
 # Django apps we take care to never import or export from.
 EXCLUDED_APPS = frozenset(("auth", "contenttypes", "fixtures"))
@@ -180,10 +181,34 @@ class CryptoKeyVersion(NamedTuple):
     version: str
 
 
+DEFAULT_CRYPTO_KEY_VERSION = CryptoKeyVersion(
+    project_id=gcp_project_id(),
+    location="global",
+    key_ring="relocation",
+    key="relocation",
+    # TODO(getsentry/team-ospo#190): This version should be pulled from an option, rather than hard
+    # coded.
+    version="1",
+)
+
+
 class DecryptionError(Exception):
     pass
 
 
+def get_public_key_using_gcp_kms(crypto_key_version: CryptoKeyVersion) -> bytes:
+    kms_client = KeyManagementServiceClient()
+    key_name = kms_client.crypto_key_version_path(
+        project=crypto_key_version.project_id,
+        location=crypto_key_version.location,
+        key_ring=crypto_key_version.key_ring,
+        crypto_key=crypto_key_version.key,
+        crypto_key_version=crypto_key_version.version,
+    )
+    public_key = kms_client.get_public_key(request={"name": key_name})
+    return public_key.pem.encode("utf-8")
+
+
 def decrypt_data_encryption_key_using_gcp_kms(
     unwrapped: UnwrappedEncryptedExportTarball, gcp_kms_config: bytes
 ) -> bytes:

diff --git a/src/sentry/models/relocation.py b/src/sentry/models/relocation.py
@@ -161,6 +161,18 @@ class Kind(Enum):
         def get_choices(cls) -> list[tuple[int, str]]:
             return [(key.value, key.name) for key in cls]
 
+        def to_filename(self, suffix: str):
+            if self.name == "RAW_USER_DATA":
+                return f"raw-relocation-data.{suffix}"
+            elif self.name == "NORMALIZED_USER_DATA":
+                return f"normalized-relocation-data.{suffix}"
+            elif self.name == "BASELINE_CONFIG_VALIDATION_DATA":
+                return f"baseline-config.{suffix}"
+            elif self.name == "COLLIDING_USERS_VALIDATION_DATA":
+                return f"colliding-users.{suffix}"
+            else:
+                raise ValueError("Cannot extract a filename from `RelocationFile.Kind.UNKNOWN`.")
+
     relocation = FlexibleForeignKey("sentry.Relocation")
     file = FlexibleForeignKey("sentry.File")
     kind = models.SmallIntegerField(choices=Kind.get_choices())