feat(org-tokens): Track creation/deletion of tokens (#51438)

mydea · web-flow · commit 3f1576ce9ef1 · 2023-06-22T14:46:49.000+02:00
This adds analytics for when tokens are created/deleted:

New tracking added:

* `api_token.created`
* `api_token.deleted`
* `org_auth_token.created`
* `org_auth_token.deleted`
diff --git a/src/sentry/analytics/events/__init__.py b/src/sentry/analytics/events/__init__.py
@@ -2,6 +2,8 @@
 from .alert_created import *  # noqa: F401,F403
 from .alert_edited import *  # noqa: F401,F403
 from .alert_rule_ui_component_webhook_sent import *  # noqa: F401,F403
+from .api_token_created import *  # noqa: F401,F403
+from .api_token_deleted import *  # noqa: F401,F403
 from .codeowners_assignment import *  # noqa: F401,F403
 from .codeowners_created import *  # noqa: F401,F403
 from .codeowners_updated import *  # noqa: F401,F403
@@ -43,6 +45,8 @@
 from .monitor_mark_failed import *  # noqa: F401,F403
 from .notifications_settings_updated import *  # noqa: F401,F403
 from .onboarding_continuation_sent import *  # noqa: F401,F403
+from .org_auth_token_created import *  # noqa: F401,F403
+from .org_auth_token_deleted import *  # noqa: F401,F403
 from .organization_created import *  # noqa: F401,F403
 from .organization_joined import *  # noqa: F401,F403
 from .plugin_enabled import *  # noqa: F401,F403
diff --git a/src/sentry/analytics/events/api_token_created.py b/src/sentry/analytics/events/api_token_created.py
@@ -0,0 +1,10 @@
+from sentry import analytics
+
+
+class ApiTokenCreated(analytics.Event):
+    type = "api_token.created"
+
+    attributes = (analytics.Attribute("user_id"),)
+
+
+analytics.register(ApiTokenCreated)
diff --git a/src/sentry/analytics/events/api_token_deleted.py b/src/sentry/analytics/events/api_token_deleted.py
@@ -0,0 +1,10 @@
+from sentry import analytics
+
+
+class ApiTokenDeleted(analytics.Event):
+    type = "api_token.deleted"
+
+    attributes = (analytics.Attribute("user_id"),)
+
+
+analytics.register(ApiTokenDeleted)
diff --git a/src/sentry/analytics/events/org_auth_token_created.py b/src/sentry/analytics/events/org_auth_token_created.py
@@ -0,0 +1,13 @@
+from sentry import analytics
+
+
+class OrgAuthTokenCreated(analytics.Event):
+    type = "org_auth_token.created"
+
+    attributes = (
+        analytics.Attribute("user_id"),
+        analytics.Attribute("organization_id"),
+    )
+
+
+analytics.register(OrgAuthTokenCreated)
diff --git a/src/sentry/analytics/events/org_auth_token_deleted.py b/src/sentry/analytics/events/org_auth_token_deleted.py
@@ -0,0 +1,13 @@
+from sentry import analytics
+
+
+class OrgAuthTokenDeleted(analytics.Event):
+    type = "org_auth_token.deleted"
+
+    attributes = (
+        analytics.Attribute("user_id"),
+        analytics.Attribute("organization_id"),
+    )
+
+
+analytics.register(OrgAuthTokenDeleted)
diff --git a/src/sentry/api/endpoints/api_tokens.py b/src/sentry/api/endpoints/api_tokens.py
@@ -5,6 +5,7 @@
 from rest_framework.request import Request
 from rest_framework.response import Response
 
+from sentry import analytics
 from sentry.api.base import Endpoint, SessionAuthentication, control_silo_endpoint
 from sentry.api.fields import MultipleChoiceField
 from sentry.api.serializers import serialize
@@ -59,6 +60,8 @@ def post(self, request: Request) -> Response:
                 send_email=True,
             )
 
+            analytics.record("api_token.created", user_id=request.user.id)
+
             return Response(serialize(token, request.user), status=201)
         return Response(serializer.errors, status=400)
 
@@ -73,4 +76,6 @@ def delete(self, request: Request):
 
         ApiToken.objects.filter(user_id=user_id, token=token, application__isnull=True).delete()
 
+        analytics.record("api_token.deleted", user_id=request.user.id)
+
         return Response(status=204)
diff --git a/src/sentry/api/endpoints/org_auth_token_details.py b/src/sentry/api/endpoints/org_auth_token_details.py
@@ -2,7 +2,7 @@
 from rest_framework.request import Request
 from rest_framework.response import Response
 
-from sentry import audit_log
+from sentry import analytics, audit_log
 from sentry.api.base import control_silo_endpoint
 from sentry.api.bases.organization import OrganizationEndpoint, OrgAuthTokenPermission
 from sentry.api.exceptions import ResourceDoesNotExist
@@ -60,4 +60,10 @@ def delete(self, request: Request, organization, token_id):
             data=instance.get_audit_log_data(),
         )
 
+        analytics.record(
+            "org_auth_token.deleted",
+            user_id=request.user.id,
+            organization_id=organization.id,
+        )
+
         return Response(status=204)
diff --git a/src/sentry/api/endpoints/org_auth_tokens.py b/src/sentry/api/endpoints/org_auth_tokens.py
@@ -8,7 +8,7 @@
 from rest_framework.request import Request
 from rest_framework.response import Response
 
-from sentry import audit_log
+from sentry import analytics, audit_log
 from sentry.api.base import control_silo_endpoint
 from sentry.api.bases.organization import OrganizationEndpoint, OrgAuthTokenPermission
 from sentry.api.serializers import serialize
@@ -71,6 +71,12 @@ def post(self, request: Request, organization: Organization) -> Response:
             data=token.get_audit_log_data(),
         )
 
+        analytics.record(
+            "org_auth_token.created",
+            user_id=request.user.id,
+            organization_id=organization.id,
+        )
+
         # This is THE ONLY TIME that the token is available
         serialized_token = serialize(token, request.user, token=jwt_token)
 
