feat(tempest): Endpoint for creating tempest credentials (#82224)

Endpoint for creating tempest credentials.

There will be another PR which handles deletion of credentials.

Part of getsentry/team-gdx#52

---------

Signed-off-by: Vjeran Grozdanic <[email protected]>

Author: vgrozdanic

src/sentry/tempest/endpoints/tempest_credentials.py

@@ -1,3 +1,4 @@
+from django.db import IntegrityError
 from rest_framework.exceptions import NotFound
 from rest_framework.request import Request
 from rest_framework.response import Response
@@ -12,13 +13,14 @@
 from sentry.models.project import Project
 from sentry.tempest.models import TempestCredentials
 from sentry.tempest.permissions import TempestCredentialsPermission
-from sentry.tempest.serializers import TempestCredentialsSerializer
+from sentry.tempest.serializers import DRFTempestCredentialsSerializer, TempestCredentialsSerializer
 
 
 @region_silo_endpoint
 class TempestCredentialsEndpoint(ProjectEndpoint):
     publish_status = {
         "GET": ApiPublishStatus.PRIVATE,
+        "POST": ApiPublishStatus.PRIVATE,
     }
     owner = ApiOwner.GDX
 
@@ -40,3 +42,17 @@ def get(self, request: Request, project: Project) -> Response:
             on_results=lambda x: serialize(x, request.user, TempestCredentialsSerializer()),
             paginator_cls=OffsetPaginator,
         )
+
+    def post(self, request: Request, project: Project) -> Response:
+        if not self.has_feature(request, project):
+            raise NotFound
+
+        serializer = DRFTempestCredentialsSerializer(data=request.data)
+        serializer.is_valid(raise_exception=True)
+        try:
+            serializer.save(created_by_id=request.user.id, project=project)
+        except IntegrityError:
+            return Response(
+                {"detail": "A credential with this client ID already exists."}, status=400
+            )
+        return Response(serializer.data, status=201)

src/sentry/tempest/serializers.py

@@ -1,3 +1,5 @@
+from rest_framework import serializers
+
 from sentry.api.serializers.base import Serializer, register
 from sentry.tempest.models import TempestCredentials
 
@@ -17,3 +19,24 @@ def serialize(self, obj, attrs, user, **kwargs):
             "latestFetchedItemId": obj.latest_fetched_item_id,
             "createdById": obj.created_by_id,
         }
+
+
+class DRFTempestCredentialsSerializer(serializers.ModelSerializer):
+    clientId = serializers.CharField(source="client_id")
+    clientSecret = serializers.CharField(source="client_secret")
+    message = serializers.CharField(read_only=True)
+    messageType = serializers.CharField(source="message_type", read_only=True)
+    latestFetchedItemId = serializers.CharField(source="latest_fetched_item_id", read_only=True)
+    createdById = serializers.CharField(source="created_by_id", read_only=True)
+
+    class Meta:
+        model = TempestCredentials
+        fields = [
+            "id",
+            "clientId",
+            "clientSecret",
+            "message",
+            "messageType",
+            "latestFetchedItemId",
+            "createdById",
+        ]

tests/sentry/tempest/endpoints/test_tempest_credentials.py

@@ -1,11 +1,14 @@
+from sentry.tempest.models import TempestCredentials
 from sentry.testutils.cases import APITestCase
 from sentry.testutils.helpers.features import Feature
 
 
 class TestTempestCredentials(APITestCase):
     endpoint = "sentry-api-0-project-tempest-credentials"
 
-    def test_create_tempest_credentials(self):
+    valid_credentials_data = {"clientId": "test", "clientSecret": "test"}
+
+    def test_get_tempest_credentials(self):
         with Feature({"organizations:tempest-access": True}):
             credentials = [self.create_tempest_credentials(self.project) for _ in range(5)]
 
@@ -34,3 +37,88 @@ def test_client_secret_is_obfuscated(self):
 
     def test_unauthenticated_user_cant_access_endpoint(self):
         self.get_error_response(self.project.organization.slug, self.project.slug)
+
+    def test_create_tempest_credentials(self):
+        with Feature({"organizations:tempest-access": True}):
+            self.login_as(self.user)
+            response = self.get_success_response(
+                self.project.organization.slug,
+                self.project.slug,
+                method="POST",
+                **self.valid_credentials_data,
+            )
+            assert response.status_code == 201
+            creds_obj = TempestCredentials.objects.get(project=self.project)
+            assert creds_obj.client_id == self.valid_credentials_data["clientId"]
+            assert creds_obj.client_secret == self.valid_credentials_data["clientSecret"]
+            assert creds_obj.project == self.project
+            assert creds_obj.created_by_id == self.user.id
+
+    def test_create_tempest_credentials_without_feature_flag(self):
+        self.login_as(self.user)
+        response = self.get_error_response(
+            self.project.organization.slug,
+            self.project.slug,
+            method="POST",
+            **self.valid_credentials_data,
+        )
+        assert response.status_code == 404
+
+    def test_create_tempest_credentials_as_unauthenticated_user(self):
+        response = self.get_error_response(
+            self.project.organization.slug,
+            self.project.slug,
+            method="POST",
+            **self.valid_credentials_data,
+        )
+        assert response.status_code == 401
+
+    def test_non_admin_cant_create_tempest_credentials(self):
+        non_admin_user = self.create_user()
+        self.create_member(
+            user=non_admin_user, organization=self.project.organization, role="member"
+        )
+        with Feature({"organizations:tempest-access": True}):
+            self.login_as(non_admin_user)
+            response = self.get_error_response(
+                self.project.organization.slug,
+                self.project.slug,
+                method="POST",
+                **self.valid_credentials_data,
+            )
+            assert response.status_code == 403
+
+    def test_create_tempest_credentials_with_invalid_data(self):
+        with Feature({"organizations:tempest-access": True}):
+            self.login_as(self.user)
+            response = self.get_error_response(
+                self.project.organization.slug,
+                self.project.slug,
+                method="POST",
+                **{"clientId": "test"},
+            )
+            assert response.status_code == 400
+
+            response2 = self.get_error_response(
+                self.project.organization.slug,
+                self.project.slug,
+                method="POST",
+                **{"clientSecret": "test"},
+            )
+            assert response2.status_code == 400
+
+    def test_cant_create_tempest_credentials_with_duplicate_client_id(self):
+        with Feature({"organizations:tempest-access": True}):
+            self.login_as(self.user)
+            self.create_tempest_credentials(
+                self.project, client_id=self.valid_credentials_data["clientId"]
+            )
+            response = self.get_error_response(
+                self.project.organization.slug,
+                self.project.slug,
+                method="POST",
+                **self.valid_credentials_data,
+            )
+            # database constraint violation
+            assert response.status_code == 400
+            assert response.data["detail"] == "A credential with this client ID already exists."