sentry-javascript-bundler-plugins: Setting `cleanArtifacts: true` fails with a 403
Environment
@sentry/webpack-plugin@2.10.3
Steps to Reproduce
I added cleanArtifacts: true to my config, and tried to overwrite the same release name.
release: {
cleanArtifacts: true,
name: sentryReleaseId,
setCommits: {
auto: true,
},
},
Expected Result
The existing artifact bundle should be deleted, and the new artifacts should be uploaded. When Webpack is done I expect to only see one artifact bundle under the release.
Actual Result
The upload with the new artifact bundle succeeds, but the old artifacts aren’t deleted, and I get the following error in the logs:
DEBUG 2024-02-06 11:53:05.136196 +01:00 > DELETE /api/0/projects/<redacted>/<redacted>/files/source-maps/?name=local-tmp HTTP/1.1
DEBUG 2024-02-06 11:53:05.136216 +01:00 > Host: sentry.io
DEBUG 2024-02-06 11:53:05.136221 +01:00 > Accept: */*
DEBUG 2024-02-06 11:53:05.136225 +01:00 > Connection: TE
DEBUG 2024-02-06 11:53:05.136228 +01:00 > TE: gzip
DEBUG 2024-02-06 11:53:05.136231 +01:00 > User-Agent: sentry-cli/2.26.0 webpack-plugin/2.10.3
DEBUG 2024-02-06 11:53:05.136975 +01:00 > Authorization: Bearer sntrys_e***
DEBUG 2024-02-06 11:53:05.292127 +01:00 < HTTP/1.1 403 Forbidden
DEBUG 2024-02-06 11:53:05.292146 +01:00 < server: nginx
DEBUG 2024-02-06 11:53:05.292150 +01:00 < date: Tue, 06 Feb 2024 10:53:05 GMT
DEBUG 2024-02-06 11:53:05.292153 +01:00 < content-type: application/json
DEBUG 2024-02-06 11:53:05.292156 +01:00 < Content-Length: 63
DEBUG 2024-02-06 11:53:05.292159 +01:00 < allow: GET, DELETE, HEAD, OPTIONS
DEBUG 2024-02-06 11:53:05.292162 +01:00 < access-control-allow-methods: GET, DELETE, HEAD, OPTIONS
DEBUG 2024-02-06 11:53:05.292170 +01:00 < access-control-allow-headers: X-Sentry-Auth, X-Requested-With, Origin, Accept, Content-Type, Authentication, Authorization, Con
tent-Encoding, sentry-trace, baggage, X-CSRFToken
DEBUG 2024-02-06 11:53:05.292173 +01:00 < access-control-expose-headers: X-Sentry-Error, X-Sentry-Direct-Hit, X-Hits, X-Max-Hits, Endpoint, Retry-After, Link
DEBUG 2024-02-06 11:53:05.292177 +01:00 < access-control-allow-origin: *
DEBUG 2024-02-06 11:53:05.292179 +01:00 < x-sentry-rate-limit-remaining: 39
DEBUG 2024-02-06 11:53:05.292182 +01:00 < x-sentry-rate-limit-limit: 40
DEBUG 2024-02-06 11:53:05.292184 +01:00 < x-sentry-rate-limit-reset: 1707216786
DEBUG 2024-02-06 11:53:05.292187 +01:00 < x-sentry-rate-limit-concurrentremaining: 24
DEBUG 2024-02-06 11:53:05.292223 +01:00 < x-sentry-rate-limit-concurrentlimit: 25
DEBUG 2024-02-06 11:53:05.292226 +01:00 < vary: Accept-Language, Cookie
DEBUG 2024-02-06 11:53:05.292228 +01:00 < content-language: en
DEBUG 2024-02-06 11:53:05.292231 +01:00 < x-frame-options: deny
DEBUG 2024-02-06 11:53:05.292233 +01:00 < x-content-type-options: nosniff
DEBUG 2024-02-06 11:53:05.292236 +01:00 < x-xss-protection: 1; mode=block
DEBUG 2024-02-06 11:53:05.292244 +01:00 < content-security-policy: frame-ancestors 'self' *.sentry.io; object-src 'self'; connect-src 'self' *.algolia.net *.algolianet.c
om *.algolia.io sentry.io *.sentry.io s1.sentry-cdn.com o1.ingest.sentry.io api2.amplitude.com app.pendo.io data.pendo.io reload.getsentry.net t687h3m0nh65.statuspage.io sen
try.zendesk.com ekr.zdassets.com maps.googleapis.com; img-src blob: data: *; script-src 'self' 'unsafe-inline' 'report-sample' 'unsafe-eval' s1.sentry-cdn.com js.sentry-cdn.
com browser.sentry-cdn.com statuspage-production.s3.amazonaws.com static.zdassets.com aui-cdn.atlassian.com connect-cdn.atl-paas.net js.stripe.com 'strict-dynamic' cdn.pendo
.io data.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5634074999128064.storage.googleapis.com; style-src 'unsafe-inline' *; default-src 'none'; media-src *;
base-uri 'none'; font-src * data:; frame-src app.pendo.io demo.arcade.software js.stripe.com sentry.io; report-uri https://o1.ingest.sentry.io/api/54785/security/?sentry_key
=f724a8a027db45f5b21507e7142ff78e&sentry_release=68fefd51e8c0a3cc6d9e7f584ec72790f09f72e7
DEBUG 2024-02-06 11:53:05.292279 +01:00 < x-envoy-attempt-count: 1
DEBUG 2024-02-06 11:53:05.292282 +01:00 < x-envoy-upstream-service-time: 23
DEBUG 2024-02-06 11:53:05.292284 +01:00 < x-served-by: getsentry-web-default-common-production-579846cdcd-tnmb7
DEBUG 2024-02-06 11:53:05.292287 +01:00 < x-served-by: frontend-default-8677bf596b-7krcw
DEBUG 2024-02-06 11:53:05.292290 +01:00 < strict-transport-security: max-age=31536000; includeSubDomains; preload
DEBUG 2024-02-06 11:53:05.292292 +01:00 < via: 1.1 google
DEBUG 2024-02-06 11:53:05.292294 +01:00 < Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DEBUG 2024-02-06 11:53:05.292315 +01:00 response status: 403
DEBUG 2024-02-06 11:53:05.292347 +01:00 body: {"detail":"You do not have permission to perform this action."}
error: API request failed
caused by: sentry reported an error: You do not have permission to perform this action. (http status: 403)
I have the Manager role in my Sentry org, and I can manually delete artifact bundles and releases in the Sentry UI.
About this issue
- Original URL
- State: open
- Created 5 months ago
- Reactions: 5
- Comments: 15 (10 by maintainers)
Thanks for reporting this! We need to adjust the endpoint in sentry to work with the
org:ciscope.