feat(migration): Add missing org:integrations api scope (#58021)

## Objective:

We use the `org:integrations` scope used for endpoints, but it is
missing in the ApiScopes Mixin model.

---------

Co-authored-by: schew2381 <seiji.chew@sentry.io>
Co-authored-by: Seiji Chew <67301797+schew2381@users.noreply.github.com>

migrations_lockfile.txt

@@ -6,8 +6,8 @@ To resolve this, rebase against latest master and regenerate your migration. Thi
 will then be regenerated, and you should be able to merge without conflicts.
 
 feedback: 0003_feedback_add_env
-hybridcloud: 0004_add_cache_version
+hybridcloud: 0005_add_missing_org_integration_scope
 nodestore: 0002_nodestore_no_dictfield
 replays: 0003_add_size_to_recording_segment
-sentry: 0575_incident_date_added_index
+sentry: 0576_add_missing_org_integration_scope
 social_auth: 0002_default_auto_field

src/sentry/hybridcloud/migrations/0005_add_missing_org_integration_scope.py

@@ -0,0 +1,53 @@
+# Generated by Django 3.2.20 on 2023-10-13 19:09
+
+from django.db import migrations
+
+import bitfield.models
+from sentry.new_migrations.migrations import CheckedMigration
+
+
+class Migration(CheckedMigration):
+    # This flag is used to mark that a migration shouldn't be automatically run in production. For
+    # the most part, this should only be used for operations where it's safe to run the migration
+    # after your code has deployed. So this should not be used for most operations that alter the
+    # schema of a table.
+    # Here are some things that make sense to mark as dangerous:
+    # - Large data migrations. Typically we want these to be run manually by ops so that they can
+    #   be monitored and not block the deploy for a long period of time while they run.
+    # - Adding indexes to large tables. Since this can take a long time, we'd generally prefer to
+    #   have ops run this and not block the deploy. Note that while adding an index is a schema
+    #   change, it's completely safe to run the operation after the code has deployed.
+    is_dangerous = False
+
+    dependencies = [
+        ("hybridcloud", "0004_add_cache_version"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="apikeyreplica",
+            name="scopes",
+            field=bitfield.models.BitField(
+                [
+                    "project:read",
+                    "project:write",
+                    "project:admin",
+                    "project:releases",
+                    "team:read",
+                    "team:write",
+                    "team:admin",
+                    "event:read",
+                    "event:write",
+                    "event:admin",
+                    "org:read",
+                    "org:write",
+                    "org:admin",
+                    "member:read",
+                    "member:write",
+                    "member:admin",
+                    "org:integrations",
+                ],
+                default=None,
+            ),
+        ),
+    ]

src/sentry/migrations/0576_add_missing_org_integration_scope.py

@@ -0,0 +1,131 @@
+# Generated by Django 3.2.20 on 2023-10-17 22:31
+
+from django.db import migrations
+
+import bitfield.models
+from sentry.new_migrations.migrations import CheckedMigration
+
+
+class Migration(CheckedMigration):
+    # This flag is used to mark that a migration shouldn't be automatically run in production. For
+    # the most part, this should only be used for operations where it's safe to run the migration
+    # after your code has deployed. So this should not be used for most operations that alter the
+    # schema of a table.
+    # Here are some things that make sense to mark as dangerous:
+    # - Large data migrations. Typically we want these to be run manually by ops so that they can
+    #   be monitored and not block the deploy for a long period of time while they run.
+    # - Adding indexes to large tables. Since this can take a long time, we'd generally prefer to
+    #   have ops run this and not block the deploy. Note that while adding an index is a schema
+    #   change, it's completely safe to run the operation after the code has deployed.
+    is_dangerous = False
+
+    dependencies = [
+        ("sentry", "0575_incident_date_added_index"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="apiauthorization",
+            name="scopes",
+            field=bitfield.models.BitField(
+                [
+                    "project:read",
+                    "project:write",
+                    "project:admin",
+                    "project:releases",
+                    "team:read",
+                    "team:write",
+                    "team:admin",
+                    "event:read",
+                    "event:write",
+                    "event:admin",
+                    "org:read",
+                    "org:write",
+                    "org:admin",
+                    "member:read",
+                    "member:write",
+                    "member:admin",
+                    "org:integrations",
+                ],
+                default=None,
+            ),
+        ),
+        migrations.AlterField(
+            model_name="apikey",
+            name="scopes",
+            field=bitfield.models.BitField(
+                [
+                    "project:read",
+                    "project:write",
+                    "project:admin",
+                    "project:releases",
+                    "team:read",
+                    "team:write",
+                    "team:admin",
+                    "event:read",
+                    "event:write",
+                    "event:admin",
+                    "org:read",
+                    "org:write",
+                    "org:admin",
+                    "member:read",
+                    "member:write",
+                    "member:admin",
+                    "org:integrations",
+                ],
+                default=None,
+            ),
+        ),
+        migrations.AlterField(
+            model_name="apitoken",
+            name="scopes",
+            field=bitfield.models.BitField(
+                [
+                    "project:read",
+                    "project:write",
+                    "project:admin",
+                    "project:releases",
+                    "team:read",
+                    "team:write",
+                    "team:admin",
+                    "event:read",
+                    "event:write",
+                    "event:admin",
+                    "org:read",
+                    "org:write",
+                    "org:admin",
+                    "member:read",
+                    "member:write",
+                    "member:admin",
+                    "org:integrations",
+                ],
+                default=None,
+            ),
+        ),
+        migrations.AlterField(
+            model_name="sentryapp",
+            name="scopes",
+            field=bitfield.models.BitField(
+                [
+                    "project:read",
+                    "project:write",
+                    "project:admin",
+                    "project:releases",
+                    "team:read",
+                    "team:write",
+                    "team:admin",
+                    "event:read",
+                    "event:write",
+                    "event:admin",
+                    "org:read",
+                    "org:write",
+                    "org:admin",
+                    "member:read",
+                    "member:write",
+                    "member:admin",
+                    "org:integrations",
+                ],
+                default=None,
+            ),
+        ),
+    ]

src/sentry/models/apiscopes.py

@@ -14,7 +14,7 @@ class ApiScopes(Sequence):
 
     event = (("event:read"), ("event:write"), ("event:admin"))
 
-    org = (("org:read"), ("org:write"), ("org:admin"))
+    org = (("org:read"), ("org:write"), ("org:integrations"), ("org:admin"))
 
     member = (("member:read"), ("member:write"), ("member:admin"))
 
@@ -65,6 +65,7 @@ class HasApiScopes(models.Model):
             "member:read": bool,
             "member:write": bool,
             "member:admin": bool,
+            "org:integrations": bool,
         },
     )
     assert set(ScopesDict.__annotations__) == set(ApiScopes())