feat(flags): Add /secrets resource

[cmanallen]

Adds /secrets resource which accepts signing-secrets from webhook providers. Updates the hooks endpoint to verify the signature of a provider payload.

[github-actions]

🚨 Warning: This pull request contains Frontend and Backend changes!

It's discouraged to make changes to Sentry's Frontend and Backend in a single pull request. The Frontend and Backend are not atomically deployed. If the changes are interdependent of each other, they must be separated into two pull requests and be made forward or backwards compatible, such that the Backend or Frontend can be safely deployed independently.

Have questions? Please ask in the #discuss-dev-infra channel.

[github-actions]

This PR has a migration; here is the generated SQL for src/sentry/flags/migrations/0002_add_flags_webhooksigningsecret.py ()

--
-- Create model FlagWebHookSigningSecretModel
--
CREATE TABLE "flags_webhooksigningsecret" ("id" bigint NOT NULL PRIMARY KEY GENERATED BY DEFAULT AS IDENTITY, "created_by" bigint NULL, "date_added" timestamp with time zone NOT NULL, "provider" varchar NOT NULL, "secret" varchar NOT NULL, "organization_id" bigint NOT NULL);
CREATE UNIQUE INDEX CONCURRENTLY "flags_webhooksigningsecr_organization_id_provider_b6580678_uniq" ON "flags_webhooksigningsecret" ("organization_id", "provider", "secret");
ALTER TABLE "flags_webhooksigningsecret" ADD CONSTRAINT "flags_webhooksigningsecr_organization_id_provider_b6580678_uniq" UNIQUE USING INDEX "flags_webhooksigningsecr_organization_id_provider_b6580678_uniq";
ALTER TABLE "flags_webhooksigningsecret" ADD CONSTRAINT "flags_webhooksigning_organization_id_93de3118_fk_sentry_or" FOREIGN KEY ("organization_id") REFERENCES "sentry_organization" ("id") DEFERRABLE INITIALLY DEFERRED NOT VALID;
ALTER TABLE "flags_webhooksigningsecret" VALIDATE CONSTRAINT "flags_webhooksigning_organization_id_93de3118_fk_sentry_or";
CREATE INDEX CONCURRENTLY "flags_webhooksigningsecret_created_by_c8d80bf9" ON "flags_webhooksigningsecret" ("created_by");
CREATE INDEX CONCURRENTLY "flags_webhooksigningsecret_provider_bc27ff81" ON "flags_webhooksigningsecret" ("provider");
CREATE INDEX CONCURRENTLY "flags_webhooksigningsecret_provider_bc27ff81_like" ON "flags_webhooksigningsecret" ("provider" varchar_pattern_ops);
CREATE INDEX CONCURRENTLY "flags_webhooksigningsecret_organization_id_93de3118" ON "flags_webhooksigningsecret" ("organization_id");

[codecov]

❌ 1 Tests Failed:

Tests completed	Failed	Passed	Skipped
23073	1	23072	215

View the top 1 failed tests by shortest run time

tests.sentry.flags.providers.test_launchdarkly::test_launchdarkly_delete_and_update

Stack Traces | 0.047s run time

#x1B[1m#x1B[.../flags/providers/test_launchdarkly.py#x1B[0m:386: in test_launchdarkly_delete_and_update
    assert len(res) == 2
#x1B[1m#x1B[31mE   AssertionError: assert 1 == 2#x1B[0m
#x1B[1m#x1B[31mE    +  where 1 = len([{'action': 1, 'created_at': datetime.datetime(2024, 10, 17, 0, 11, 7, 537000, tzinfo=datetime.timezone.utc), 'created_by': '[email protected]', 'created_by_type': 0, ...}])#x1B[0m

To view more test analytics, go to the Test Analytics Dashboard
Got feedback? Let us know on Github