feat: Add dif assemble endpoint

[HazAT]

This adds POST /api/0/projects/sentry/internal/files/difs/assemble/ API endpoint to Sentry.

tl;dr
This is part 2 #7095
This enables us the upload dif (Debug Information Files) of arbitrary size.
95%+ of lines is the added crash.sym fixture for tests

This endpoint pieces together chunks that were uploaded before in the mentioned PR.
It adds a new model called FileBlobOwner which makes sure that someone who uploads a blob has access rights to it (Organization).

The request is JSON scheme validated.

Request
POST /api/0/projects/sentry/internal/files/difs/assemble/
Body:

{
	"38fbd8b2cbe56884115e324dd5f2a10c8201450c": {
		"type": "dif",
		"name": "test.dsym",
		"params": {
			"project": "java",
		},
		"chunks": [
			"38fbd8b2cbe56884115e324dd5f2a10c8201450c"
		]
	}
}

This actually tries to assemble a file if all chunks were uploaded before.
If chunks are missing (or ownership is missing) the response will be:

{
    "38fbd8b2cbe56884115e324dd5f2a10c8201450c": {
        "state": "not_found",
        "missingChunks": ["38fbd8b2cbe56884115e324dd5f2a10c8201450c"]
    }
}

If all chunks are already uploaded and the file did not exsist before response will be:

{
    "38fbd8b2cbe56884115e324dd5f2a10c8201450c": {
        "state": "created",
        "missingChunks": []
    }
}

State can be:

ChunkFileState = enum(
    OK='ok', # File in database
    NOT_FOUND='not_found', # File not found in database
    CREATED='created', # File was created in the request and send to the worker for assembling
    ASSEMBLING='assembling', # File still being processed by worker
    ERROR='error' # Error happened during assembling
)

This will trigger the task sentry.tasks.assemble.assemble_chunks to do the actual assembling.

The assemble task supports difs (Debug information files) like dsyms and so on.
It does not currently support proguard and source map files.

Legacy

**Request** `POST` `/api/0/chunk-assemble/` Body: ```json { "38fbd8b2cbe56884115e324dd5f2a10c8201450c": true } ```

This will check the File model if a file with this checksum already exists in the database.

Response:

{
    "38fbd8b2cbe56884115e324dd5f2a10c8201450c": {
        "state": "ok",
        "missingChunks": []
    }
}

[ghost]

	2 Warnings
⚠️	You should update CHANGES due to the size of this PR
⚠️	PR includes migrations

Migration Checklist

• new columns need to be nullable (unless table is new)
• migration with any new index needs to be done concurrently
• data migrations should not be done inside a transaction
• before merging, check to make sure there aren't conflicting migration ids

Generated by 🚫 danger

[HazAT]

This is the only thing that changed here.
We want to return the full url instead of just the "domain"

[mattrobenolt]

cc @JTCunning I'm not sure if we need to do anything special anymore from ops to handle a new queue.

[JTCunning]

No, we're good. If the task takes up a significant amount of resources, we'll isolate it with another pool of workers.

[mattrobenolt]

Just blocking this until we add verification to checksums like we discussed offline.

[JTCunning]

You can remove all of your log statements that are prepended with sentry.tasks.assemble since that will be in the logger name and is unnecessary.

[JTCunning]

Since you have multiple assemble_chunks error statements throughout your code, you should append them with the logical reason they're erroring, so assemble_chunks.state_error or something.

[mitsuhiko]

I think we should kill mode 1 and always require the chunks and metadata to be sent (as a file with the same checksum might exist with other parameters). Additionally we will need to org scope the chunk upload for security reasons as discussed on slack.

I'm fine storing a chunk-verified bit in cache for 12 hours which should also be our "chunk not stable" time. David also says we can keep a huge table. Either works I think.

[mitsuhiko]

What we discussed on slack:

• store org chunk ownership in a table (TODO: consider if we want to do this for internal writes too or only external chunk upload)
• later introduce shared dsym files again (separate model, shared_dsymfile) to avoid users having to upload common files multiple times. Also consider symbolserver here again
• move the endpoint to org level

Notes unrelated to above convo:

• remove sha1 only file assemble, require meta info.
• make assemble fully dsym specific (eg: move it into a project url)

[jan-auer]

Would be great if we could return the error description in /chunk-assemble/, if any. Right now, there's no convenient way to retrieve it via the new endpoint.

[HazAT]

I've added a new model called FileBlobOwner which checks if someone from the same org already uploaded the chunk.
It wasn't that trivial after all the handle all possible scenarios but the tests should cover it and we tested it in conjunction with what @jan-auer did already with sentry-cli 🎉
(see gif in the first comment)

[HazAT]

@mattrobenolt any new feedback?

[mitsuhiko]

Left some specific comments.

Generally though I think we should really make this a DIF specific endpoint for now (eg: on a dif specific url instead of generic chunk-assemble). Reason being that it seems cleaner from an access management point of view and fits better into how current code functions.

[mitsuhiko]

Can we change this loop to be a for checksum, chunk in izip(checksums, files) and then check the blob.checksum against the checksum directly?

[mitsuhiko]

typo "cotain"

[mitsuhiko]

make this into missing_chunks = set(chunks) and then remove items with missing_chunks.discard(blob[1]). Faster and easier (O(1) vs O(n something))

[mattrobenolt]

We can't run this in production.

This needs to be done with CREATE INDEX CONCURRENTLY. grep the repo for examples of other migrations adding indexes.

[mattrobenolt]

Because creating this index will take a while, especially with CONCURRENTLY, this needs to be flipped to True so we don't block deploy for however long it takes to create the index.

[mitsuhiko]

As far as I can tell this is good to go from my side. Annoyingly we can't push this to staging because of the migration.

[HazAT]

Also need @mattrobenolt seal of approval.

[mattrobenolt]

Blocking for the prefetch_related comment and make sure the migration doesn’t need to be rebased.

[mattrobenolt]

I think you’re looking for prefetch_related here. Otherwise, below you’re doing an O(n) for each file to fetch the blobs.

[mattrobenolt]

I’m not a fan of using a header here to manage the state. Is this file truly temporary?

Might I suggest a name like, __state to better signal that it’s not real?

[mattrobenolt]

Migration needs debased over #7191