Upgrade Sentry gem to version 4.4.0 (!62387) · Merge requests · GitLab.org / GitLab

Quang-Minh Nguyen requested to merge qmnguyen0711/849-sentry-upgrade-sentry-raven-gem into master May 24, 2021

What does this MR do?

This MR is to upgrade Sentry gem to version 4.4.0, as a apart of gitlab-com/gl-infra/scalability#849 (closed). Sentry introduced many major breaking changes since our current version (3.1.x). This MR consists of:

Replace sentry-raven (3.1.x) by sentry-ruby (4.4.0), sentry-sidekiq (4.4.0), sentry-rails (4.4.0)
Rename all occurrences of Raven to Sentry.
Fix interface changes, for example, Raven.context has been changed to Sentry.get_current_scope.context.
Sentry 4.4.0 sends the events in a background thread pool. This change needs some times for us to test on staging and production before fully rolling out. Hence, this feature is disable, all events are sent synchronously.
Implement sanitizer processor as Sentry removes sanitize_fields and sanitize_http_headers configurations.

The full list of breaking changes can be found at https://docs.sentry.io/platforms/ruby/migration/

Screenshots (strongly suggested)

Exception captured in web. Feature category is not available (mentioned in gitlab-com/gl-infra&396 (closed))

Exception captured in API. Feature category is captured, Authorization header is filtered

Exception captured in GraphQL. Feature category is always not_owned, Authorization header is filtered

Exception captured in Sidekiq. Feature category is not captured, sensitive fields in the job payload is filtered

Manually captured an exception in Web.

Manually capture an exception in API.

Manually capture an exception in GraphQL.

Manually capture an exception in Sidekiq.

Manually capture with sensitive information

Gitlab::ErrorTracking.track_exception(StandardError.new('Event with sensitive information'), {deep: {inside: {a_hash: {password: '1234'}}}})

Does this MR meet the acceptance criteria?

Conformity

I have included a changelog entry, or it's not needed. (Does this MR need a changelog?)
I have added/updated documentation, or it's not needed. (Is documentation required?)
I have properly separated EE content from FOSS, or this MR is FOSS only. (Where should EE code go?)
I have added information for database reviewers in the MR description, or it's not needed. (Does this MR have database related changes?)
I have self-reviewed this MR per code review guidelines.
This MR does not harm performance, or I have asked a reviewer to help assess the performance impact. (Merge request performance guidelines)
I have followed the style guides.

Availability and Testing

I have added/updated tests following the Testing Guide, or it's not needed. (Consider all test levels. See the Test Planning Process.)
I have tested this MR in all supported browsers, or it's not needed.
I have informed the Infrastructure department of a default or new setting change per definition of done, or it's not needed.

Security

Does this MR contain changes to processing or storing of credentials or tokens, authorization and authentication methods or other items described in the security review guidelines? If not, then delete this Security section.

Label as security and @ mention @gitlab-com/gl-security/appsec
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
Security reports checked/validated by a reviewer from the AppSec team

Edited Aug 03, 2023 by Katrin Leinweber

Upgrade Sentry gem to version 4.4.0