-
Notifications
You must be signed in to change notification settings - Fork 73
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Data Migration for Fideslang 2.0 #4030
Data Migration for Fideslang 2.0 #4030
Conversation
Passing run #4100 ↗︎
Details:
This comment has been generated by cypress-bot as a result of this project's GitHub integration settings. |
…fideslang-2-migration
Codecov ReportPatch coverage:
Additional details and impacted files@@ Coverage Diff @@
## ThomasLaPiana-update-fideslang-200 #4030 +/- ##
======================================================================
- Coverage 87.39% 87.35% -0.05%
======================================================================
Files 320 319 -1
Lines 19602 19602
Branches 2512 2510 -2
======================================================================
- Hits 17132 17124 -8
- Misses 2033 2040 +7
- Partials 437 438 +1
☔ View full report in Codecov by Sentry. |
Moving my last comment over from the previous PR so it doesn't get lost! Thanks for your changes @ThomasLaPiana. The migration was crashing so I added some changes here: 9308569 to move this forward, but there's still more work to do. Let's all continue to test and figure out where the gaps are. Here's some current TODO items I'm seeing after another round of testing:
|
@ThomasLaPiana @adamsachs in addition to the above, I wanted to discuss if we also need to migrate This came up while I was hunting for additional places that use We may not need to modify old records. But it seems like the most pressing thing would be to make sure whatever |
|
@pattisdr can you give me some guidance on how to get at those programmatically? I'm really struggling to use the APIs, as the privacy request api needs that information for creation but doesn't return it on a I've updated it directly in the database for |
This isn't returned in the API, that was intentional! This is more of an internal detail that takes a snapshot of the preferences for the user at that point in time and propagates these to third party systems. Your testing script might just query the privacy request directly with sqlalchemy and verify that the consent_preferences resource has been updated.
Yes, this seems right but I would expect everything to be updated directly, including the PrivacyRequest and ConsentRequest. I'm not sure what you mean by calling out this one location directly! Testing instructions are below. You can use the "Get previously-saved consent preferences" endpoint to check after a migration.
I'm not sure what you mean. This is useful going forward but existing privacy requests still need to be migrated, if we're going to do that. Also, these tables are potentially large - worth pointing this out. This is something we shouldn't be migrating live - Old Consent Testing DetailsCreate a Consent Requestcurl -X 'POST' \
'http://localhost:8080/api/v1/consent-request' \
-H 'accept: application/json' \
-H 'Content-Type: application/json' \
-d '{
"email": "user@example.com"
}'
Set Consent Preferences
curl -X 'PATCH' \
'http://localhost:8080/api/v1/consent-request/con_bcec68e1-ae0f-494d-8be6-a07d296083bb/preferences' \
-H 'accept: application/json' \
-H 'Content-Type: application/json' \
-d '{
"code": "1234",
"consent": [
{
"data_use": "improve",
"opt_in": true,
"has_gpc_flag": false,
"conflicts_with_gpc": false
}
],
"executable_options": [
{
"data_use": "improve",
"executable": true
}
]
}' Get previously-saved consent preferences
curl -X 'POST' \
'http://localhost:8080/api/v1/consent-request/con_bcec68e1-ae0f-494d-8be6-a07d296083bb/verify' \
-H 'accept: application/json' \
-H 'Content-Type: application/json' \
-d '{
"code": "1234"
}' SQL Queries for double checking migrationView created privacy requestfides=# select id, status, consent_preferences from privacyrequest;
id | status | consent_preferences
------------------------------------------+----------+-----------------------------------------------------------------------------------------------------------------------------
pri_b926282f-9679-40d5-9d03-b239ddf6207b | complete | [{"opt_in": true, "data_use": "improve", "has_gpc_flag": false, "conflicts_with_gpc": false, "data_use_description": null}]
(1 row) View updated consent requestfides=# select id, preferences, privacy_request_id from consentrequest;
id | preferences | privacy_request_id
------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------+------------------------------------------
con_03c926d1-6840-43ba-8757-d5f06590ddf9 | |
con_bcec68e1-ae0f-494d-8be6-a07d296083bb | [{"opt_in": true, "data_use": "improve", "has_gpc_flag": false, "conflicts_with_gpc": false, "data_use_description": null}] | pri_b926282f-9679-40d5-9d03-b239ddf6207b
View Consent resourcefides=# select id, data_use, opt_in from consent;
id | data_use | opt_in
------------------------------------------+----------+--------
con_2573d315-b6f8-42e2-9018-f18b4322b71c | improve | t |
…fideslang-2-migration
@pattisdr amazing testing directions/context, thank you so much! I'll get these translated into the script and hopefully we'll be off to the races 🙂 Also, what did you mean by "migrating live"? I'm not sure there's any other way? It would happen upon version bump and restart, which means startup would take longer which means longer downtime |
…com/ethyca/fides into ThomasLaPiana-fideslang-2-migration
…script working repeatably
using the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is looking great @ThomasLaPiana, I reviewed and have been testing this evening. I appreciate the extra effort on the migration test script to build confidence here: I'll test a little more in the AM. None of the comments below affect the migration itself.
Also, what did you mean by "migrating live"? I'm not sure there's any other way?
I just meant the application isn't up and running, no one is writing or reading from the db while this migration is performed. Just double checking, given the potential size of consent/consent request/privacy request.
src/fides/api/alembic/migrations/versions/1ea164cee8bc_fideslang_2_data_migrations.py
Show resolved
Hide resolved
src/fides/api/alembic/migrations/versions/1ea164cee8bc_fideslang_2_data_migrations.py
Outdated
Show resolved
Hide resolved
src/fides/api/alembic/migrations/versions/1ea164cee8bc_fideslang_2_data_migrations.py
Outdated
Show resolved
Hide resolved
src/fides/api/alembic/migrations/versions/1ea164cee8bc_fideslang_2_data_migrations.py
Outdated
Show resolved
Hide resolved
src/fides/api/alembic/migrations/versions/1ea164cee8bc_fideslang_2_data_migrations.py
Outdated
Show resolved
Hide resolved
src/fides/api/alembic/migrations/versions/1ea164cee8bc_fideslang_2_data_migrations.py
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Going back through the other PR, there's a comment about the RuleTarget table?
https://github.com/ethyca/fides/pull/3933/files#r1309338648
Working on a commit for RuleTarget migration |
ea631b5
to
5f6c4a7
Compare
5f6c4a7
to
fe360b2
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK! take a look at my RuleTarget work please before merge! I added another small commit for backend tests while I was here too
…fideslang-2-migration
@pattisdr verified the changes! Thank you! |
failure is a flaky test, merging |
3d3a67e
into
ThomasLaPiana-update-fideslang-200
Builds on top of #3933
Description Of Changes
For ease of PR reviewing, this PR is focused solely on writing and testing a migration for current users to Fideslang 2.0
The following are the objects that need updating:
Dataset
(categories onfields
,collections
, and top levelSystems.PrivacyDeclarations
(data_use
,data_categories
,shared_categories
)Systems.Ingress/Egress
(data_categories
)Policy.Rules
(data_uses
,data_categories
)DataCategory/DataUse
(fides_key
,parent_key
)PrivacyNotice/PrivacyNoticeHistory/PrivacyNoticeTemplate
PrivacyRequest.consent_preferences
Consent.data_use
ConsentRequest.preferences
Code Changes
scripts/verify_fideslang_2_data_migration.py
)Steps to Confirm
nox -s dev
nox -s shell
fides user login
fides db reset -y ; python scripts/verify_fideslang_2_data_migration.py --reload ; python scripts/verify_fideslang_2_data_migration.py --reload
- the script will probably break on System push, so run it again to pass (seriously I'm not sure why, something with the order of how things are getting pushed I guess?)Pre-Merge Checklist
CHANGELOG.md