New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ref(relay): Remove PK and rely on INTERNAL_IPS #572
Conversation
This patch adds INTERNAL_IPS definition to sentry.conf.py by sniffing the network from eth0 and relies on this for trusted Relays instead of the ALLOWLISTED PKs. This removes the necessity of generating and syncing Relay PKs.
`settings.INTERNAL_IPS` is meant to be a list of IP networks, not individual IPs, hence the `is_internal_relay` check was not working (see getsentry/self-hosted#572). This PR fixes the issue by borrowing some IP checking code from https://github.com/getsentry/sentry/blob/95767d455b8004ec4b4c5026d84b64b6348e6d37/src/sentry/auth/superuser.py#L64
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
in that case we might as well hardcode credentials.json as it serves no purpose
Good idea. Will consider this. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🍪 (provided your copy pasta works, I haven't run it)
`settings.INTERNAL_IPS` is meant to be a list of IP networks, not individual IPs, hence the `is_internal_relay` check was not working (see getsentry/self-hosted#572). This PR fixes the issue by replacing the manual and incorrect check with `sentry.auth.system.is_internal_ip`. This also means we are now checking against `INTERNAL_SYSTEM_IPS` instead of `INTERNAL_IPS` which is more accurate.
This patch adds
INTERNAL_IPS
definition tosentry.conf.py
by sniffing the network from eth0 and relies on this for trusted Relays instead of the ALLOWLISTED PKs. This removes the necessity of syncing Relay PKs tosentry.conf.py
.This PR needs getsentry/sentry#19798 to work.