ref(flags): loosen length restrictions on generic webhook secret (#94721)

aliu39 · web-flow · commit 2263a19af593 · 2025-07-01T20:23:29.000Z
See https://github.com/getsentry/sentry-docs/pull/14126/files. Providers may choose to develop their own webhooks with variable length secrets.
diff --git a/src/sentry/flags/endpoints/secrets.py b/src/sentry/flags/endpoints/secrets.py
@@ -54,6 +54,9 @@ def validate_secret(self, value):
                 )
             return serializers.CharField(min_length=32, max_length=64).run_validation(value)
 
+        if self.initial_data.get("provider") == "generic":
+            return serializers.CharField(min_length=10, max_length=64).run_validation(value)
+
         return serializers.CharField(min_length=32, max_length=32).run_validation(value)
 
 
diff --git a/tests/sentry/flags/endpoints/test_secrets.py b/tests/sentry/flags/endpoints/test_secrets.py
@@ -110,7 +110,7 @@ def test_post_invalid_provider(self):
 
     def test_post_invalid_secret(self):
         with self.feature(self.features):
-            for provider in ["launchdarkly", "generic", "unleash"]:
+            for provider in ["launchdarkly", "unleash"]:
                 response = self.client.post(
                     self.url, data={"secret": "a" * 31, "provider": provider}
                 )
@@ -127,6 +127,19 @@ def test_post_invalid_secret(self):
                     "Ensure this field has no more than 32 characters."
                 ], provider
 
+            # Generic
+            response = self.client.post(self.url, data={"secret": "a" * 9, "provider": "generic"})
+            assert response.status_code == 400, response.content
+            assert response.json()["secret"] == [
+                "Ensure this field has at least 10 characters."
+            ], "generic"
+
+            response = self.client.post(self.url, data={"secret": "a" * 65, "provider": "generic"})
+            assert response.status_code == 400, response.content
+            assert response.json()["secret"] == [
+                "Ensure this field has no more than 64 characters."
+            ], "generic"
+
             # Statsig
             response = self.client.post(self.url, data={"secret": "a" * 32, "provider": "statsig"})
             assert response.status_code == 400, response.content

Original file line number	Diff line number	Diff line change
`@@ -54,6 +54,9 @@ def validate_secret(self, value):`
`54`	`54`	`)`
`55`	`55`	`return serializers.CharField(min_length=32, max_length=64).run_validation(value)`
`56`	`56`
	`57`	`+ if self.initial_data.get("provider") == "generic":`
	`58`	`+ return serializers.CharField(min_length=10, max_length=64).run_validation(value)`
	`59`	`+`
`57`	`60`	`return serializers.CharField(min_length=32, max_length=32).run_validation(value)`
`58`	`61`
`59`	`62`