ref(vsts): Remove legacy web setup views in favor of API pipeline steps

VSTS installs now run through `get_pipeline_api_steps()`
(`OAuth2ApiStep` + `VstsAccountSelectionApiStep`), which the frontend
pipeline modal already drives. `VstsAccountSelectionApiStep` is a direct
replacement for the old `AccountConfigView`, and in API mode the OAuth
callback returns via the popup -> pipeline endpoint rather than the web
`PipelineAdvancerView`, so the server-rendered views are dead.

Drop the `AccountConfigView`/`AccountForm` classes and the
`NestedPipelineView`-based `get_pipeline_views()` (now an empty list), and
migrate the install tests/fixtures to the API pipeline flow.

`get_pipeline_views()` still returns an empty list because the base
provider requires it; removing it across all providers is a follow-up.

Author: evanpurkhiser

fixtures/vsts.py

@@ -1,10 +1,11 @@
 from __future__ import annotations
 
 from typing import Any
-from urllib.parse import parse_qs, urlencode, urlparse
+from urllib.parse import parse_qs, urlparse
 
 import pytest
 import responses
+from django.urls import reverse
 
 from sentry.integrations.models.integration import Integration
 from sentry.integrations.vsts import VstsIntegrationProvider
@@ -194,49 +195,45 @@ def _stub_vsts(self):
                 },
             )
 
-    def make_init_request(self, path=None, body=None):
-        return self.client.get(path or self.init_path, body or {})
-
-    def make_oauth_redirect_request(self, state):
-        return self.client.get(
-            "{}?{}".format(self.setup_path, urlencode({"code": "oauth-code", "state": state}))
+    def _pipeline_url(self):
+        return reverse(
+            "sentry-api-0-organization-pipeline",
+            kwargs={
+                "organization_id_or_slug": self.organization.slug,
+                "pipeline_name": "integration_pipeline",
+            },
         )
 
-    def assert_vsts_oauth_redirect(self, redirect):
-        assert redirect.scheme == "https"
-        assert redirect.netloc == "app.vssps.visualstudio.com"
-        assert redirect.path == "/oauth2/authorize"
-
     def assert_vsts_new_oauth_redirect(self, redirect):
         assert redirect.scheme == "https"
         assert redirect.netloc == "login.microsoftonline.com"
         assert redirect.path == "/common/oauth2/v2.0/authorize"
 
-    def assert_account_selection(self, response, account_id=None):
+    @assume_test_silo_mode(SiloMode.CONTROL)
+    def assert_installation(self, account_id=None):
+        # Drives the API pipeline: initialize -> oauth -> account selection.
         account_id = account_id or self.vsts_account_id
-        assert response.status_code == 200
-        assert f'<option value="{account_id}"'.encode() in response.content
+        pipeline_url = self._pipeline_url()
 
-    @assume_test_silo_mode(SiloMode.CONTROL)
-    def assert_installation(self):
-        # Initial request to the installation URL for VSTS
-        resp = self.make_init_request()
-        redirect = urlparse(resp["Location"])
+        resp: Any = self.client.post(
+            pipeline_url, data={"action": "initialize", "provider": "vsts"}, format="json"
+        )
+        assert resp.status_code == 200, resp.content
 
-        assert resp.status_code == 302
+        # The OAuth authorize URL carries the pipeline state signature, which is
+        # echoed back to the advance step to verify the callback.
+        oauth_url = resp.data["data"]["oauthUrl"]
+        redirect = urlparse(oauth_url)
         self.assert_vsts_new_oauth_redirect(redirect)
+        state = parse_qs(redirect.query)["state"][0]
 
-        query = parse_qs(redirect.query)
-
-        # OAuth redirect back to Sentry (identity_pipeline_view)
-        resp = self.make_oauth_redirect_request(query["state"][0])
-        self.assert_account_selection(resp)
-
-        # User choosing which VSTS Account to use (AccountConfigView)
-        # Final step.
         resp = self.client.post(
-            self.setup_path, {"account": self.vsts_account_id, "provider": "vsts"}
+            pipeline_url, data={"code": "oauth-code", "state": state}, format="json"
         )
+        assert resp.status_code == 200, resp.content
+        assert resp.data["step"] == "account_selection"
+
+        resp = self.client.post(pipeline_url, data={"account": account_id}, format="json")
         return resp
 
 

src/sentry/integrations/vsts/integration.py

@@ -7,9 +7,7 @@
 from typing import Any, TypedDict
 from urllib.parse import parse_qs, quote, unquote, urlencode, urlparse
 
-from django import forms
 from django.http.request import HttpRequest
-from django.http.response import HttpResponseBase
 from django.utils.translation import gettext as _
 from rest_framework import serializers
 from rest_framework.fields import CharField
@@ -20,7 +18,6 @@
 from sentry.auth.exceptions import IdentityNotValid
 from sentry.constants import ObjectStatus
 from sentry.identity.oauth2 import OAuth2ApiStep
-from sentry.identity.pipeline import IdentityPipeline
 from sentry.identity.services.identity.model import RpcIdentity
 from sentry.identity.vsts.provider import VSTSNewIdentityProvider, get_user_info
 from sentry.integrations.base import (
@@ -55,7 +52,6 @@
 from sentry.organizations.services.organization.model import RpcOrganization
 from sentry.pipeline.types import PipelineStepResult
 from sentry.pipeline.views.base import ApiPipelineSteps, PipelineView
-from sentry.pipeline.views.nested import NestedPipelineView
 from sentry.shared_integrations.exceptions import (
     ApiError,
     IntegrationError,
@@ -64,7 +60,6 @@
 from sentry.silo.base import SiloMode
 from sentry.utils import metrics
 from sentry.utils.http import absolute_uri
-from sentry.web.helpers import render_to_response
 
 from .client import VstsApiClient, VstsSetupApiClient
 from .repository import VstsRepositoryProvider
@@ -611,20 +606,7 @@ def get_scopes(self) -> Sequence[str]:
         return VstsIntegrationProvider.NEW_SCOPES
 
     def get_pipeline_views(self) -> Sequence[PipelineView[IntegrationPipeline]]:
-        identity_pipeline_config = {
-            "redirect_url": absolute_uri(self.oauth_redirect_url),
-            "oauth_scopes": self.get_scopes(),
-        }
-
-        return [
-            NestedPipelineView(
-                bind_key="identity",
-                provider_key=self.key,
-                pipeline_cls=IdentityPipeline,
-                config=identity_pipeline_config,
-            ),
-            AccountConfigView(),
-        ]
+        return []
 
     def get_pipeline_api_steps(self) -> ApiPipelineSteps[IntegrationPipeline]:
         return [
@@ -650,13 +632,7 @@ def _make_oauth_api_step(self) -> OAuth2ApiStep:
         )
 
     def build_integration(self, state: Mapping[str, Any]) -> IntegrationData:
-        # TODO: legacy views write token data to state["identity"]["data"] via
-        # NestedPipelineView. API steps write directly to state["oauth_data"].
-        # Remove the legacy path once the old views are retired.
-        if "oauth_data" in state:
-            data = state["oauth_data"]
-        else:
-            data = state["identity"]["data"]
+        data = state["oauth_data"]
         oauth_data = self.get_oauth_data(data)
         account = state["account"]
         user = get_user_info(data["access_token"])
@@ -834,57 +810,3 @@ def setup(self) -> None:
         bindings.add(
             "integration-repository.provider", VstsRepositoryProvider, id="integrations:vsts"
         )
-
-
-class AccountConfigView:
-    def dispatch(self, request: HttpRequest, pipeline: IntegrationPipeline) -> HttpResponseBase:
-        with IntegrationPipelineViewEvent(
-            IntegrationPipelineViewType.ACCOUNT_CONFIG,
-            IntegrationDomain.SOURCE_CODE_MANAGEMENT,
-            VstsIntegrationProvider.key,
-        ).capture() as lifecycle:
-            account_id = request.POST.get("account")
-            if account_id is not None:
-                state_accounts: Sequence[Mapping[str, Any]] | None = pipeline.fetch_state(
-                    key="accounts"
-                )
-                account = get_account_from_id(account_id, state_accounts or [])
-                if account is not None:
-                    pipeline.bind_state("account", account)
-                    return pipeline.next_step()
-
-            state: Mapping[str, Any] | None = pipeline.fetch_state(key="identity")
-            access_token = (state or {}).get("data", {}).get("access_token")
-            user = get_user_info(access_token)
-
-            accounts = get_accounts(access_token, user["uuid"])
-            extra = {
-                "organization_id": pipeline.organization.id if pipeline.organization else None,
-                "user_id": request.user.id,
-                "accounts": accounts,
-            }
-            if not accounts or not accounts.get("value"):
-                lifecycle.record_halt(IntegrationPipelineHaltReason.NO_ACCOUNTS, extra=extra)
-                return render_to_response(
-                    template="sentry/integrations/vsts-config.html",
-                    context={"no_accounts": True},
-                    request=request,
-                )
-            accounts = accounts["value"]
-            pipeline.bind_state("accounts", accounts)
-            account_form = AccountForm(accounts)
-            return render_to_response(
-                template="sentry/integrations/vsts-config.html",
-                context={"form": account_form, "no_accounts": False},
-                request=request,
-            )
-
-
-class AccountForm(forms.Form):
-    def __init__(self, accounts: Sequence[Mapping[str, str]], *args: Any, **kwargs: Any) -> None:
-        super().__init__(*args, **kwargs)
-        self.fields["account"] = forms.ChoiceField(
-            choices=[(acct["accountId"], acct["accountName"]) for acct in accounts],
-            label="Account",
-            help_text="Azure DevOps organization.",
-        )