Incomplete internal integration audit logs

[rodolfoBee]

Environment

SaaS (https://sentry.io/)

Steps to Reproduce

1. Create a new internal integration
2. Add and remove auth-tokens in this integration
3. Remove the integration

Expected Result

All operations to be recorded in the audit logs. Specially the auth-token add and removal.

Actual Result

The actions recorded in the audit logs are incomplete and confusing:

• No records at all for add and remove, although the actions are listed in the options.
• When the integration is created, there are three actions: sentry-app.add, sentry-app.install and internal-integration.create. When the integration is removed only sentry-app.remove is created. It is not big issue, but if there are 3 actions for creating, i expect to see the opposite three actions when the integration is removed.

Available options:

Solutions:

• Properly record the internal-integration.add-token and internal-integration.remove-token actions in the logs. Include the scopes used when adding a new token.
• Add a record for internal-integration.edit-token listing any scope change when the permissions of an internal integration are change.
• Add internal-integration.edit action that record other changes in the integration (name, webhooks, alert-action)
• Add the two "missing" internal-integration.remove action and record it.

Product Area

Settings - Integrations

Link

No response

DSN

No response

Version

No response

[getsantry]

Assigning to @getsentry/support for routing ⏲️

[getsantry]

Routing to @getsentry/product-owners-settings-integrations for triage ⏲️