feat(issues): add audit log for deletions (#68198)

JoshFerge · web-flow · commit 5890a1c0fe8e · 2024-04-03T12:25:05.000-07:00
Adds an audit log event for issue deletion. We were already sending an audit log, but it would only log, not appear in the UI as no event was registered. I think this is a good change as it is helpful to know who deleted issues. Fixes getsentry/sentry#68162
diff --git a/src/sentry/api/helpers/group_index/delete.py b/src/sentry/api/helpers/group_index/delete.py
@@ -7,7 +7,7 @@
 from rest_framework.request import Request
 from rest_framework.response import Response
 
-from sentry import eventstream
+from sentry import audit_log, eventstream
 from sentry.api.base import audit_logger
 from sentry.issues.grouptype import GroupCategory
 from sentry.models.group import Group, GroupStatus
@@ -73,6 +73,11 @@ def delete_group_list(
             logger=audit_logger,
             organization_id=project.organization_id,
             target_object=group.id,
+            event=audit_log.get_event_id("ISSUE_DELETE"),
+            data={
+                "issue_id": group.id,
+                "project_slug": project.slug,
+            },
         )
 
         delete_logger.info(
diff --git a/src/sentry/audit_log/register.py b/src/sentry/audit_log/register.py
@@ -458,3 +458,11 @@
         template="unblocked {tags} tags of metric {metric_mri} for project {project_slug}",
     )
 )
+default_manager.add(
+    AuditLogEvent(
+        event_id=186,
+        name="ISSUE_DELETE",
+        api_name="issue.delete",
+        template="Deleted issue {issue_id} for project {project_slug}",
+    )
+)
diff --git a/tests/sentry/api/endpoints/test_group_details.py b/tests/sentry/api/endpoints/test_group_details.py
@@ -4,11 +4,12 @@
 from django.test import override_settings
 from django.utils import timezone
 
-from sentry import buffer, tsdb
+from sentry import audit_log, buffer, tsdb
 from sentry.buffer.redis import RedisBuffer
 from sentry.issues.grouptype import PerformanceSlowDBQueryGroupType
 from sentry.models.activity import Activity
 from sentry.models.apikey import ApiKey
+from sentry.models.auditlogentry import AuditLogEntry
 from sentry.models.environment import Environment
 from sentry.models.group import Group, GroupStatus
 from sentry.models.groupassignee import GroupAssignee
@@ -24,9 +25,11 @@
 from sentry.notifications.types import GroupSubscriptionReason
 from sentry.plugins.base import plugins
 from sentry.silo import SiloMode
+from sentry.tasks.deletion.hybrid_cloud import schedule_hybrid_cloud_foreign_key_jobs
 from sentry.testutils.cases import APITestCase, SnubaTestCase
 from sentry.testutils.helpers.datetime import freeze_time
 from sentry.testutils.helpers.features import with_feature
+from sentry.testutils.outbox import outbox_runner
 from sentry.testutils.silo import assume_test_silo_mode
 from sentry.testutils.skips import requires_snuba
 from sentry.types.activity import ActivityType
@@ -274,8 +277,9 @@ def test_count_with_buffer(self):
         self.login_as(user=self.user)
 
         redis_buffer = RedisBuffer()
-        with mock.patch("sentry.buffer.backend.get", redis_buffer.get), mock.patch(
-            "sentry.buffer.backend.incr", redis_buffer.incr
+        with (
+            mock.patch("sentry.buffer.backend.get", redis_buffer.get),
+            mock.patch("sentry.buffer.backend.incr", redis_buffer.incr),
         ):
             event = self.store_event(
                 data={"message": "testing", "fingerprint": ["group-1"]}, project_id=self.project.id
@@ -660,7 +664,7 @@ def test_ratelimit(self):
 
 
 class GroupDeleteTest(APITestCase):
-    def test_delete(self):
+    def test_delete_deferred(self):
         self.login_as(user=self.user)
 
         group = self.create_group()
@@ -679,6 +683,13 @@ def test_delete(self):
 
         Group.objects.filter(id=group.id).update(status=GroupStatus.UNRESOLVED)
 
+    def test_delete_and_tasks_run(self):
+        self.login_as(user=self.user)
+
+        group = self.create_group()
+        hash = "x" * 32
+        GroupHash.objects.create(project=group.project, hash=hash, group=group)
+
         url = f"/api/0/issues/{group.id}/"
 
         with self.tasks():
@@ -689,6 +700,15 @@ def test_delete(self):
         # Now we killed everything with fire
         assert not Group.objects.filter(id=group.id).exists()
         assert not GroupHash.objects.filter(group_id=group.id).exists()
+        with self.tasks(), outbox_runner():
+            schedule_hybrid_cloud_foreign_key_jobs()
+        with assume_test_silo_mode(SiloMode.CONTROL):
+            assert (
+                AuditLogEntry.objects.get(
+                    event=audit_log.get_event_id("ISSUE_DELETE"),
+                ).data["issue_id"]
+                == group.id
+            )
 
     def test_delete_performance_issue(self):
         """Test that a performance issue cannot be deleted"""
diff --git a/tests/sentry/audit_log/test_register.py b/tests/sentry/audit_log/test_register.py
@@ -88,6 +88,7 @@ def test_get_api_names(self):
             "org-auth-token.remove",
             "project-team.remove",
             "project-team.add",
+            "issue.delete",
         ]
 
         assert set(audit_log.get_api_names()) == set(audit_log_api_name_list)

Original file line number	Diff line number	Diff line change
`@@ -458,3 +458,11 @@`
`458`	`458`	`template="unblocked {tags} tags of metric {metric_mri} for project {project_slug}",`
`459`	`459`	`)`
`460`	`460`	`)`
	`461`	`+default_manager.add(`
	`462`	`+ AuditLogEvent(`
	`463`	`+ event_id=186,`
	`464`	`+ name="ISSUE_DELETE",`
	`465`	`+ api_name="issue.delete",`
	`466`	`+ template="Deleted issue {issue_id} for project {project_slug}",`
	`467`	`+ )`
	`468`	`+)`
Original file line number	Diff line number	Diff line change
`@@ -88,6 +88,7 @@ def test_get_api_names(self):`
`88`	`88`	`"org-auth-token.remove",`
`89`	`89`	`"project-team.remove",`
`90`	`90`	`"project-team.add",`
	`91`	`+ "issue.delete",`
`91`	`92`	`]`
`92`	`93`
`93`	`94`	`assert set(audit_log.get_api_names()) == set(audit_log_api_name_list)`