ref(sentryapps): Change signature header and formalize request body (#33378)

See API-2610

This PR adds the `Sentry-Hook-Signature` header from our docs along side mentioning our intention to deprecate the `sentry-app-signature` one.

src/sentry/mediators/external_requests/alert_rule_action_requester.py

@@ -74,7 +74,9 @@ class AlertRuleActionRequester(Mediator):
         return {
             "Content-Type": "application/json",
             "Request-ID": request_uuid,
+            # TODO(Ecosystem): Deprecate this header in favor of documented 'Sentry-Hook-Signature'
             "Sentry-App-Signature": self.sentry_app.build_signature(self.body),
+            "Sentry-Hook-Signature": self.sentry_app.build_signature(self.body),
         }
 
     @memoize

src/sentry/mediators/external_requests/issue_link_requester.py

@@ -99,7 +99,9 @@ class IssueLinkRequester(Mediator):
         return {
             "Content-Type": "application/json",
             "Request-ID": request_uuid,
+            # TODO(Ecosystem): Deprecate this header in favor of documented 'Sentry-Hook-Signature'
             "Sentry-App-Signature": self.sentry_app.build_signature(self.body),
+            "Sentry-Hook-Signature": self.sentry_app.build_signature(self.body),
         }
 
     @memoize

src/sentry/mediators/external_requests/select_requester.py

@@ -58,6 +58,8 @@ class SelectRequester(Mediator):
                     self.install.organization_id,
                     "select_options.requested",
                     headers=self._build_headers(),
+                    method="GET",
+                    data=self.body,
                 )
             )
 
@@ -104,9 +106,16 @@ class SelectRequester(Mediator):
         return {
             "Content-Type": "application/json",
             "Request-ID": request_uuid,
+            # TODO(Ecosystem): Deprecate this header in favor of documented 'Sentry-Hook-Signature'
             "Sentry-App-Signature": self.sentry_app.build_signature(""),
+            "Sentry-Hook-Signature": self.sentry_app.build_signature(self.body),
         }
 
+    @memoize
+    def body(self):
+        # To ensure signature can be generated by the SentryApp we need to set the body explicitly, even if it's empty
+        return json.dumps({})
+
     @memoize
     def sentry_app(self):
         return self.install.sentry_app

tests/sentry/mediators/external_requests/test_alert_rule_action_requester.py

@@ -70,6 +70,9 @@ class TestAlertRuleActionRequester(TestCase):
         assert request.headers["Sentry-App-Signature"] == self.sentry_app.build_signature(
             json.dumps(payload)
         )
+        assert request.headers["Sentry-Hook-Signature"] == self.sentry_app.build_signature(
+            request.body
+        )
 
         buffer = SentryAppWebhookRequestsBuffer(self.sentry_app)
         requests = buffer.get_requests()
@@ -114,6 +117,9 @@ class TestAlertRuleActionRequester(TestCase):
         assert request.headers["Sentry-App-Signature"] == self.sentry_app.build_signature(
             json.dumps(payload)
         )
+        assert request.headers["Sentry-Hook-Signature"] == self.sentry_app.build_signature(
+            request.body
+        )
 
         buffer = SentryAppWebhookRequestsBuffer(self.sentry_app)
         requests = buffer.get_requests()
@@ -157,6 +163,9 @@ class TestAlertRuleActionRequester(TestCase):
         assert request.headers["Sentry-App-Signature"] == self.sentry_app.build_signature(
             json.dumps(payload)
         )
+        assert request.headers["Sentry-Hook-Signature"] == self.sentry_app.build_signature(
+            request.body
+        )
 
         buffer = SentryAppWebhookRequestsBuffer(self.sentry_app)
         requests = buffer.get_requests()

tests/sentry/mediators/external_requests/test_issue_link_requester.py

@@ -69,6 +69,9 @@ class TestIssueLinkRequester(TestCase):
         assert request.headers["Sentry-App-Signature"] == self.sentry_app.build_signature(
             json.dumps(payload)
         )
+        assert request.headers["Sentry-Hook-Signature"] == self.sentry_app.build_signature(
+            request.body
+        )
         buffer = SentryAppWebhookRequestsBuffer(self.sentry_app)
         requests = buffer.get_requests()
 

tests/sentry/mediators/external_requests/test_select_requester.py

@@ -45,6 +45,9 @@ class TestSelectRequester(TestCase):
 
         request = responses.calls[0].request
         assert request.headers["Sentry-App-Signature"] == self.sentry_app.build_signature("")
+        assert request.headers["Sentry-Hook-Signature"] == self.sentry_app.build_signature(
+            request.body
+        )
         buffer = SentryAppWebhookRequestsBuffer(self.sentry_app)
         requests = buffer.get_requests()