fix(ACI): Validate and allow updating project id for detector#109135
fix(ACI): Validate and allow updating project id for detector#109135
Conversation
github-actions
bot
added
the
Scope: Backend
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
![sentry-warden[bot]](https://avatars.githubusercontent.com/in/2755838?s=60&v=4){kind=small}
![sentry[bot]](https://avatars.githubusercontent.com/in/12637?s=60&v=4){kind=small}
| raise serializers.ValidationError({"config": [str(error)]}) | ||
|
|
||
| if "project_id" in validated_data: | ||
| instance.project_id = validated_data["project_id"] |
There was a problem hiding this comment.
Old project config not invalidated on update
High Severity
When a detector's project_id is updated, only the new project's configuration is invalidated by schedule_update_project_config in the MetricIssueValidator. The old project's configuration still references the detector, causing stale data. Both the old and new project configs need invalidation to maintain consistency.
| raise serializers.ValidationError({"config": [str(error)]}) | ||
|
|
||
| if "project_id" in validated_data: | ||
| instance.project_id = validated_data["project_id"] |
There was a problem hiding this comment.
Error detector project options not cleared
Medium Severity
When an error detector's project_id is updated, ErrorDetectorValidator.update() applies configuration to the new project's options (like sentry:fingerprinting_rules) but doesn't clear these values from the old project. The old project retains stale configuration that should have been removed when the detector moved away.
| raise serializers.ValidationError({"config": [str(error)]}) | ||
|
|
||
| if "project_id" in validated_data: | ||
| instance.project_id = validated_data["project_id"] |
There was a problem hiding this comment.
Monitor project not updated with detector
High Severity
When a cron monitor detector's project_id is updated, the underlying Monitor object's project_id field is not updated to match. This creates an inconsistency where the detector and its associated monitor reference different projects, breaking the relationship between these tightly coupled objects.
| raise serializers.ValidationError({"config": [str(error)]}) | ||
|
|
||
| if "project_id" in validated_data: | ||
| instance.project_id = validated_data["project_id"] |
There was a problem hiding this comment.
Detector cache not invalidated on project change
Medium Severity
When a detector's project_id is updated, the cached detector lookups for both old and new projects are not invalidated. The get_default_detector_for_project cache uses (project_id, detector_type) as the key, so the old project's cache still points to a detector that has moved away, while the new project's cache may not reflect the moved detector.
src/sentry/workflow_engine/endpoints/validators/base/detector.py
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.
1 participant
Allow for project updates on a detector and validate that the project belongs to the target organization.
TODO:
Monitorproject for cron detectors