Skip to content

feat: add user/app context in controlplane sentry #2335

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
miklosbarabas wants to merge 12 commits into from
Closed

feat: add user/app context in controlplane sentry #2335

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
30c821a
feat: add user context in controlplane sentry
miklosbarabas Nov 16, 2025
2bc1941
feat: add user context in controlplane sentry
miklosbarabas Nov 16, 2025
bd1e37f
feat: add user context in controlplane sentry
miklosbarabas Nov 16, 2025
036ee65
feat: add user context in controlplane sentry
miklosbarabas Nov 16, 2025
18ce188
feat: add user context in controlplane sentry
miklosbarabas Nov 16, 2025
47c630a
feat: add user context in controlplane sentry
miklosbarabas Nov 16, 2025
db7c87c
feat: add user context in controlplane sentry
miklosbarabas Nov 16, 2025
e6d811f
feat: add user context in controlplane sentry
miklosbarabas Nov 16, 2025
5287c98
feat: add user context in controlplane sentry
miklosbarabas Nov 16, 2025
1382a46
feat: add user context in controlplane sentry
miklosbarabas Nov 16, 2025
70e97ba
feat: add user context in controlplane sentry
miklosbarabas Nov 16, 2025
ec97d98
feat: add user context in controlplane sentry
miklosbarabas Nov 17, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions controlplane/src/core/sentry.config.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
import { createRequire } from 'node:module';
import * as Sentry from '@sentry/node';
import { nodeProfilingIntegration } from '@sentry/profiling-node';
import { eventLoopBlockIntegration } from '@sentry/node-native';
Expand All @@ -16,8 +17,18 @@ const {
} = envVariables.parse(process.env);

if (SENTRY_ENABLED && SENTRY_DSN) {
const require = createRequire(import.meta.url);
let release: string | undefined;
try {
const pkg = require('../../package.json') as { version?: string };
Comment thread
miklosbarabas marked this conversation as resolved.
release = pkg.version;
} catch (error) {
console.debug('Sentry: failed to read package.json version for release', error);
}

Sentry.init({
dsn: SENTRY_DSN,
release,
integrations: [
fastifyIntegration(),
eventLoopBlockIntegration({ threshold: SENTRY_EVENT_LOOP_BLOCK_THRESHOLD_MS }),
Expand Down
40 changes: 40 additions & 0 deletions controlplane/src/core/util.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
import { randomFill } from 'node:crypto';
import * as Sentry from '@sentry/node';
import { S3ClientConfig } from '@aws-sdk/client-s3';
import { HandlerContext } from '@connectrpc/connect';
import {
Expand Down Expand Up @@ -34,13 +35,19 @@ import { isAuthenticationError, isAuthorizationError, isPublicError } from './er
import { GraphKeyAuthContext } from './services/GraphApiTokenAuthenticator.js';
import { composeFederatedContract, composeFederatedGraphWithPotentialContracts } from './composition/composition.js';
import { SubgraphsToCompose } from './repositories/FeatureFlagRepository.js';
import { envVariables } from "./env.schema.js";

const labelRegex = /^[\dA-Za-z](?:[\w.-]{0,61}[\dA-Za-z])?$/;
const organizationSlugRegex = /^[\da-z]+(?:-[\da-z]+)*$/;
const namespaceRegex = /^[\da-z]+(?:[_-][\da-z]+)*$/;
const schemaTagRegex = /^(?![/-])[\d/A-Za-z-]+(?<![/-])$/;
const graphNameRegex = /^[\dA-Za-z]+(?:[./@_-][\dA-Za-z]+)*$/;
const pluginVersionRegex = /^v\d+$/;
const {
SENTRY_ENABLED,
SENTRY_DSN,
} = envVariables.parse(process.env);


/**
* Wraps a function with a try/catch block and logs any errors that occur.
Expand Down Expand Up @@ -107,6 +114,39 @@ export const enrichLogger = (
},
});

if (SENTRY_ENABLED && SENTRY_DSN) {
Copy link
Copy Markdown
Contributor

@StarpTech StarpTech Nov 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What's the reason why we initialize Sentry within enrichLogger? How are they related?

Copy link
Copy Markdown
Contributor Author

@miklosbarabas miklosbarabas Nov 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There're couple of reasons why it was chosen:

  • enrichLogger(ctx, logger, authContext) is the first point in each Connect handler where you have:
    • authContext (user/org/api-key/graph info), and
    • ctx (request-scoped context tied to the Fastify request via contextValues in src/core/build-server.ts:493).
  • That's also the only shared helper called from all the bufservice handlers immediately after opts.authenticator.authenticate(...).

From a design/concerns perspective, conceptually, Sentry context would be better handled by a Sentry-specific helper, not a logging helper. Moving Sentry into Authentication or a Fastify hook in build-server.ts sounds attractive, but:

  • Authentication doesn't have access to HandlerContext/Fastify logger.
  • The Fastify contextValues hook in build-server.ts doesn’t have authContext (auth hasn’t run yet).
  • To do that properly we'd need a custom Connect interceptor/middleware layer, which is a more invasive change.

try {
if (authContext.userId) {
Sentry.setUser({
Copy link
Copy Markdown
Contributor

@StarpTech StarpTech Nov 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Isn't sentry a noop if disabled?

Copy link
Copy Markdown
Contributor Author

@miklosbarabas miklosbarabas Nov 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure, but would be better not to run on this code path at all if Sentry is not enabled.

id: authContext.userId,
username: authContext.userDisplayName,
});
}

if (authContext.organizationId) {
Sentry.setTag('org.id', authContext.organizationId);
}

if ('organizationSlug' in authContext && authContext.organizationSlug) {
Sentry.setTag('org.slug', authContext.organizationSlug);
}

if ('apiKeyName' in authContext && authContext.apiKeyName) {
Sentry.setTag('api.key', authContext.apiKeyName);
}

if ('federatedGraphId' in authContext && authContext.federatedGraphId) {
Sentry.setTag('graph.id', authContext.federatedGraphId);
}

if ('auth' in authContext && authContext.auth) {
Sentry.setTag('auth.kind', authContext.auth);
}
} catch (error) {
newLogger.debug({ err: error }, 'Failed to enrich Sentry context');
}
}
Comment thread
coderabbitai[bot] marked this conversation as resolved.
Outdated

ctx.values.set<FastifyBaseLogger>({ id: fastifyLoggerId, defaultValue: newLogger }, newLogger);

return newLogger;
Expand Down
Loading