Skip to content

Release v23.5.0

Latest
Latest
Compare
Choose a tag to compare
@dolittle-build dolittle-build released this 23 Oct 07:30
v23.5.0
6368abb
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

Summary

This adds support for retroactively redacting personal data details from previously committed events. Redactions are scoped to a single EventSourceId, and a single event type, and allow you to overwrite or remove specific fields.

This feature requires runtime version 9.7.0

How to use it

Events that should be redacted must be annotated to target the fields that should be updated or removed

[EventType("24e3a119-57d5-45d7-b7ef-a736fe6331e7")]
public class CustomerRegistered
{
    // The generic type will replace the value
    [RedactablePersonalData<string>("<redacted>")]
    public string Name { get; init; }
    
    //  The non-generic one will remove the field altogether
    [RedactablePersonalData]
    public Address? CustomerAddress { get; init; }
}

They can then be redacted by committing a targeted redaction event on the same eventsourceId as the redacted events.

It can either be done with the built-in event

    public void GdprForget(string reason, string performedBy)
    {
        Apply(Redactions.Create<CustomerRegistered>(reason, performedBy));
    }

or a user-created event

[EventType("de1e7e17-bad5-da7a-a4f7-e409ae1785dc")]
public class CustomerDetailsForgotten : PersonalDataRedactedForEvent<CustomerRegistered>
{
}

Applied like this

    public void GdprForget(string reason, string performedBy)
    {
        Apply(Redactions.Create<CustomerRegistered, CustomerDetailsForgotten>(reason, performedBy));
    }

What about read models and aggregate state ?

Aggregates and read models should handle the redactions as normal events, and update state accordingly.

Ex

    public void On(CustomerDetailsForgotten evt)
    {
        _address = null;
        _name = null;
        _gdprRedacted = true;
    }

Read models are not automagically updated, but should handle the redaction events themselves. Redaction events after being committed behave exactly as any other event, and can be processed by both eventhandlers and projections.

Since you would want the eventhandlers to only handle as few events as needed, user defined redaction events are the suggested way to perform redactions.

How does it work?

The runtime will recognize the redaction event type with the redaction prefix "de1e7e17-bad5-da7a", and if the events have the correctly formatted structure, it will perform the redactions in the same transaction as the new events are being added.

It will replace overridden properties as specified in RedactedProperties, and remove properties that are defined with null values.

Redaction events themselves cannot be redacted, to ensure auditability of the system.

Added

  • Dolittle.SDK.Events.Redaction.PersonalDataRedactedForEvent - Built in event that can redact any event type
  • Dolittle.SDK.Events.Redaction.PersonalDataRedactedForEvent<TEvent> - Class to extend in order to create redactions for specific events
  • Dolittle.SDK.Events.Redaction - Use this to simplify creation of redaction events

Updated

Assets 2
Loading