ref: upgrade django to 3.2 (#52713)

same as #52269 -- but I ran out of time to deploy it

requirements-base.txt

@@ -13,7 +13,7 @@ datadog>=0.29.3
 django-crispy-forms>=1.14.0
 django-csp>=3.7
 django-pg-zero-downtime-migrations>=0.11
-Django>=2.2.28
+Django>=3.2.20,<4
 djangorestframework>=3.12.4
 drf-spectacular>=0.22.1
 email-reply-parser>=0.5.12

requirements-dev-frozen.txt

@@ -9,6 +9,7 @@
 aiohttp==3.8.4
 aiosignal==1.3.1
 amqp==2.6.1
+asgiref==3.7.2
 async-generator==1.10
 async-timeout==4.0.2
 attrs==19.2.0
@@ -38,7 +39,7 @@ datadog==0.29.3
 decorator==5.1.1
 dictpath==0.1.3
 distlib==0.3.4
-django==2.2.28
+django==3.2.20
 django-crispy-forms==1.14.0
 django-csp==3.7
 django-pg-zero-downtime-migrations==0.11

requirements-frozen.txt

@@ -9,6 +9,7 @@
 aiohttp==3.8.4
 aiosignal==1.3.1
 amqp==2.6.1
+asgiref==3.7.2
 async-generator==1.10
 async-timeout==4.0.2
 attrs==19.2.0
@@ -31,7 +32,7 @@ cssselect==1.0.3
 cssutils==2.4.0
 datadog==0.29.3
 decorator==5.1.1
-django==2.2.28
+django==3.2.20
 django-crispy-forms==1.14.0
 django-csp==3.7
 django-pg-zero-downtime-migrations==0.11

src/sentry/new_migrations/monkey/__init__.py

@@ -4,7 +4,7 @@
 from sentry.new_migrations.monkey.executor import SentryMigrationExecutor
 from sentry.new_migrations.monkey.fields import deconstruct
 
-LAST_VERIFIED_DJANGO_VERSION = (2, 2)
+LAST_VERIFIED_DJANGO_VERSION = (3, 2)
 CHECK_MESSAGE = """Looks like you're trying to upgrade Django! Since we monkeypatch
 the Django migration library in several places, please verify that we have the latest
 code, and that the monkeypatching still works as expected. Currently the main things

src/sentry/silo/patches/silo_aware_transaction_patch.py

@@ -1,6 +1,5 @@
 from typing import TYPE_CHECKING, Any, Callable, Optional, Type
 
-from django import get_version
 from django.db import router, transaction
 from django.db.backends.base.base import BaseDatabaseWrapper
 from django.db.transaction import Atomic
@@ -26,9 +25,11 @@ def _get_db_for_model_if_available(model: Type["Model"]) -> Optional[str]:
         return None
 
 
-def siloed_atomic(using: Optional[str] = None, savepoint: bool = True) -> Atomic:
+def siloed_atomic(
+    using: Optional[str] = None, savepoint: bool = True, durable: bool = False
+) -> Atomic:
     using = determine_using_by_silo_mode(using)
-    return _default_atomic_impl(using=using, savepoint=savepoint)
+    return _default_atomic_impl(using=using, savepoint=savepoint, durable=durable)
 
 
 def siloed_get_connection(using: Optional[str] = None) -> BaseDatabaseWrapper:
@@ -72,12 +73,6 @@ def determine_using_by_silo_mode(using: Optional[str]) -> str:
 def patch_silo_aware_atomic():
     global _default_on_commit, _default_get_connection, _default_atomic_impl
 
-    current_django_version = get_version()
-    assert current_django_version.startswith("2.2."), (
-        "Newer versions of Django have an additional 'durable' parameter in atomic,"
-        + " verify the signature before updating the version check."
-    )
-
     _default_atomic_impl = transaction.atomic
     _default_on_commit = transaction.on_commit
     _default_get_connection = transaction.get_connection

src/sentry/utils/email/signer.py

@@ -1,3 +1,7 @@
+from __future__ import annotations
+
+from typing import Any
+
 from django.core.signing import BadSignature, Signer
 from django.utils.crypto import constant_time_compare
 from django.utils.encoding import force_str
@@ -17,6 +21,10 @@ class _CaseInsensitiveSigner(Signer):
     and sends the value as all lowercase.
     """
 
+    def __init__(self, *args: Any, **kwargs: Any) -> None:
+        kwargs.setdefault("algorithm", "sha1")
+        super().__init__(*args, **kwargs)
+
     def signature(self, value: str) -> str:
         return super().signature(value).lower()
 

tests/sentry/api/endpoints/test_api_tokens.py

@@ -26,7 +26,10 @@ def test_never_cache(self):
         url = reverse("sentry-api-0-api-tokens")
         response = self.client.get(url)
         assert response.status_code == 200, response.content
-        assert response.get("cache-control") == "max-age=0, no-cache, no-store, must-revalidate"
+        assert (
+            response.get("cache-control")
+            == "max-age=0, no-cache, no-store, must-revalidate, private"
+        )
 
 
 @control_silo_test(stable=True)
@@ -52,7 +55,10 @@ def test_never_cache(self):
         url = reverse("sentry-api-0-api-tokens")
         response = self.client.post(url, data={"scopes": ["event:read"]})
         assert response.status_code == 201
-        assert response.get("cache-control") == "max-age=0, no-cache, no-store, must-revalidate"
+        assert (
+            response.get("cache-control")
+            == "max-age=0, no-cache, no-store, must-revalidate, private"
+        )
 
 
 @control_silo_test(stable=True)
@@ -71,7 +77,10 @@ def test_never_cache(self):
         url = reverse("sentry-api-0-api-tokens")
         response = self.client.delete(url, data={"token": token.token})
         assert response.status_code == 204
-        assert response.get("cache-control") == "max-age=0, no-cache, no-store, must-revalidate"
+        assert (
+            response.get("cache-control")
+            == "max-age=0, no-cache, no-store, must-revalidate, private"
+        )
 
 
 @control_silo_test(stable=True)

tests/sentry/api/endpoints/test_org_auth_tokens.py

@@ -91,7 +91,10 @@ def test_never_cache(self):
         self.login_as(self.user)
         response = self.get_success_response(self.organization.slug, status_code=status.HTTP_200_OK)
         assert response.content
-        assert response.get("cache-control") == "max-age=0, no-cache, no-store, must-revalidate"
+        assert (
+            response.get("cache-control")
+            == "max-age=0, no-cache, no-store, must-revalidate, private"
+        )
 
     def test_no_auth(self):
         response = self.get_error_response(self.organization.slug)