fix(eco): Addresses ApiForbidden errors, IntegrationConfigurationError noise (#109711)

Author: GabeVillalobos

src/sentry/integrations/gitlab/integration.py

@@ -39,6 +39,8 @@
 from sentry.pipeline.views.nested import NestedPipelineView
 from sentry.shared_integrations.exceptions import (
     ApiError,
+    ApiForbiddenError,
+    ApiUnauthorized,
     IntegrationConfigurationError,
     IntegrationProviderError,
 )
@@ -159,10 +161,15 @@ def has_repo_access(self, repo: RpcRepository) -> bool:
     def get_repositories(
         self, query: str | None = None, page_number_limit: int | None = None
     ) -> list[dict[str, Any]]:
-        # Note: gitlab projects are the same things as repos everywhere else
-        group = self.get_group_id()
-        resp = self.get_client().search_projects(group, query)
-        return [{"identifier": repo["id"], "name": repo["name_with_namespace"]} for repo in resp]
+        try:
+            # Note: gitlab projects are the same things as repos everywhere else
+            group = self.get_group_id()
+            resp = self.get_client().search_projects(group, query)
+            return [
+                {"identifier": repo["id"], "name": repo["name_with_namespace"]} for repo in resp
+            ]
+        except (ApiForbiddenError, ApiUnauthorized) as e:
+            raise IntegrationConfigurationError(self.message_from_error(e)) from e
 
     def source_url_matches(self, url: str) -> bool:
         return url.startswith("https://{}".format(self.model.metadata["domain_name"]))

src/sentry/integrations/source_code_management/repository.py

@@ -133,6 +133,10 @@ def check_file(self, repo: Repository, filepath: str, branch: str | None = None)
             filepath = filepath.lstrip("/")
             try:
                 client = self.get_client()
+            except IntegrationConfigurationError:
+                # This is likely due to access being revoked by the user, or
+                # some other misconfiguration on the integration's side.
+                return None
             except (Identity.DoesNotExist, IntegrationError):
                 sentry_sdk.capture_exception()
                 return None

tests/sentry/integrations/gitlab/test_integration.py

@@ -4,6 +4,7 @@
 from urllib.parse import parse_qs, quote, urlencode, urlparse
 
 import orjson
+import pytest
 import responses
 from django.core.cache import cache
 from django.test import override_settings
@@ -21,6 +22,7 @@
 )
 from sentry.integrations.types import ExternalProviders
 from sentry.models.repository import Repository
+from sentry.shared_integrations.exceptions import ApiForbiddenError, IntegrationConfigurationError
 from sentry.silo.base import SiloMode
 from sentry.silo.util import PROXY_BASE_PATH, PROXY_OI_HEADER, PROXY_SIGNATURE_HEADER
 from sentry.testutils.cases import IntegrationTestCase
@@ -29,6 +31,7 @@
 from sentry.testutils.silo import assume_test_silo_mode, control_silo_test
 from sentry.users.models.identity import Identity, IdentityProvider, IdentityStatus
 from sentry.users.services.user.serial import serialize_rpc_user
+from sentry.utils import json
 from tests.sentry.integrations.test_helpers import add_control_silo_proxy_response
 
 
@@ -1126,3 +1129,16 @@ def test_create_comment_attribution(self) -> None:
         result = installation.create_comment_attribution(self.user.id, comment_text)
 
         assert result == "**Test User** wrote:\n\n> This is a comment\n> With multiple lines"
+
+    def test_get_repositories_unauthorized_raises_integration_configuration_error(self) -> None:
+        installation = self.installation
+
+        with patch.object(installation, "get_client") as mock_get_client:
+            mock_get_client.return_value.search_projects.side_effect = ApiForbiddenError(
+                text=json.dumps({"message": "unauthorized"})
+            )
+            with pytest.raises(IntegrationConfigurationError) as exception_info:
+                installation.get_repositories()
+        assert (
+            str(exception_info.value) == "Error Communicating with GitLab (HTTP 403): unauthorized"
+        )