chore(hybrid-cloud): Add using to various transaction.atomic blocks (#54465)

dashed · web-flow · commit 6e6e69e9e897 · 2023-08-09T16:54:45.000-04:00
diff --git a/src/sentry/api/endpoints/organization_member/__init__.py b/src/sentry/api/endpoints/organization_member/__init__.py
@@ -2,7 +2,7 @@
 
 from typing import Collection, List, Tuple
 
-from django.db import transaction
+from django.db import router, transaction
 from rest_framework import status
 from rest_framework.request import Request
 
@@ -22,7 +22,6 @@ class InvalidTeam(SentryAPIException):
     message = "The team slug does not match a team in the organization"
 
 
-@transaction.atomic
 def save_team_assignments(
     organization_member: OrganizationMember,
     teams: List[Team] | None,
@@ -46,13 +45,16 @@ def save_team_assignments(
 
         new_assignments = [(team, team_role_map.get(team.slug, None)) for team in target_teams]
 
-        OrganizationMemberTeam.objects.filter(organizationmember=organization_member).delete()
-        OrganizationMemberTeam.objects.bulk_create(
-            [
-                OrganizationMemberTeam(organizationmember=organization_member, team=team, role=role)
-                for team, role in new_assignments
-            ]
-        )
+        with transaction.atomic(router.db_for_write(OrganizationMemberTeam)):
+            OrganizationMemberTeam.objects.filter(organizationmember=organization_member).delete()
+            OrganizationMemberTeam.objects.bulk_create(
+                [
+                    OrganizationMemberTeam(
+                        organizationmember=organization_member, team=team, role=role
+                    )
+                    for team, role in new_assignments
+                ]
+            )
 
 
 def can_set_team_role(access: Access, team: Team, new_role: TeamRole) -> bool:
diff --git a/src/sentry/auth/helper.py b/src/sentry/auth/helper.py
@@ -967,31 +967,31 @@ def disable_2fa_required(self) -> None:
         )
 
 
-@transaction.atomic
 def EnablePartnerSSO(provider_key, sentry_org, provider_config):
     """
     Simplified abstraction from AuthHelper for enabling an SSO AuthProvider for a Sentry organization.
     Fires appropriate Audit Log and signal emitter for SSO Enabled
     """
-    provider_model = AuthProvider.objects.create(
-        organization_id=sentry_org.id, provider=provider_key, config=provider_config
-    )
-
-    # TODO: Analytics requires a user id
-    # At provisioning time, no user is available so we cannot provide any user
-    # sso_enabled.send_robust(
-    #     organization=sentry_org,
-    #     provider=provider_key,
-    #     sender="EnablePartnerSSO",
-    # )
-
-    AuditLogEntry.objects.create(
-        organization_id=sentry_org.id,
-        actor_label=f"partner_provisioning_api:{provider_key}",
-        target_object=provider_model.id,
-        event=audit_log.get_event_id("SSO_ENABLE"),
-        data=provider_model.get_audit_log_data(),
-    )
+    with transaction.atomic(router.db_for_write(AuthProvider)):
+        provider_model = AuthProvider.objects.create(
+            organization_id=sentry_org.id, provider=provider_key, config=provider_config
+        )
+
+        # TODO: Analytics requires a user id
+        # At provisioning time, no user is available so we cannot provide any user
+        # sso_enabled.send_robust(
+        #     organization=sentry_org,
+        #     provider=provider_key,
+        #     sender="EnablePartnerSSO",
+        # )
+
+        AuditLogEntry.objects.create(
+            organization_id=sentry_org.id,
+            actor_label=f"partner_provisioning_api:{provider_key}",
+            target_object=provider_model.id,
+            event=audit_log.get_event_id("SSO_ENABLE"),
+            data=provider_model.get_audit_log_data(),
+        )
 
 
 CHANNEL_PROVIDER_MAP = {ChannelName.FLY_IO.value: FlyOAuth2Provider}
diff --git a/src/sentry/web/frontend/accounts.py b/src/sentry/web/frontend/accounts.py
@@ -227,7 +227,6 @@ def confirm_email(request, user_id, hash):
 @csrf_protect
 @never_cache
 @signed_auth_required
-@transaction.atomic
 def email_unsubscribe_project(request, project_id):
     # For now we only support getting here from the signed link.
     if not request.user_from_signed_request:
@@ -239,13 +238,14 @@ def email_unsubscribe_project(request, project_id):
 
     if request.method == "POST":
         if "cancel" not in request.POST:
-            NotificationSetting.objects.update_settings(
-                ExternalProviders.EMAIL,
-                NotificationSettingTypes.ISSUE_ALERTS,
-                NotificationSettingOptionValues.NEVER,
-                user_id=request.user.id,
-                project=project,
-            )
+            with transaction.atomic(router.db_for_write(NotificationSetting)):
+                NotificationSetting.objects.update_settings(
+                    ExternalProviders.EMAIL,
+                    NotificationSettingTypes.ISSUE_ALERTS,
+                    NotificationSettingOptionValues.NEVER,
+                    user_id=request.user.id,
+                    project=project,
+                )
         return HttpResponseRedirect(auth.get_login_url())
 
     context = csrf(request)
