-
Notifications
You must be signed in to change notification settings - Fork 73
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
LA 83 Fix Salesforce Erasure Data Flow #5452
Conversation
Including Email Format Masking Including the rest of the update endpoints
The latest updates on your projects. Learn more about Vercel for Git ↗︎ 1 Skipped Deployment
|
fides Run #10844
Run Properties:
|
Project |
fides
|
Branch Review |
refs/pull/5452/merge
|
Run status |
Passed #10844
|
Run duration | 00m 39s |
Commit |
30b8c335ed ℹ️: Merge f03cec6daaa9ecd221b5771380106cf5a9c36887 into 0234347960163e2b413a7f6ba5cf...
|
Committer | Bruno Gutierrez Rios |
View all properties for this run ↗︎ |
Test results | |
---|---|
Failures |
0
|
Flaky |
0
|
Pending |
0
|
Skipped |
0
|
Passing |
4
|
View all changes introduced in this branch ↗︎ |
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #5452 +/- ##
==========================================
- Coverage 85.42% 85.30% -0.13%
==========================================
Files 385 386 +1
Lines 24152 24206 +54
Branches 2630 2636 +6
==========================================
+ Hits 20633 20649 +16
- Misses 2966 3004 +38
Partials 553 553 ☔ View full report in Codecov by Sentry. |
CHANGELOG.md
Outdated
@@ -21,6 +21,9 @@ The types of changes are: | |||
- Added DataHub integration config [#5401](https://github.com/ethyca/fides/pull/5401) | |||
- Added keepalive settings to the Redshift integration [#5433](https://github.com/ethyca/fides/pull/5433) | |||
|
|||
### Fixed | |||
- Updating Salesforce erasure request with overrides so it properly passes validation. Removing Account endpoint since it does not represents PII [#5452](https://github.com/ethyca/fides/pull/5452) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- Updating Salesforce erasure request with overrides so it properly passes validation. Removing Account endpoint since it does not represents PII [#5452](https://github.com/ethyca/fides/pull/5452) | |
- Updating Salesforce erasure request with overrides so it properly passes validation. Removing Account endpoint since it does not contain user data [#5452](https://github.com/ethyca/fides/pull/5452) |
# using the privacy request id to have an unique id | ||
def maskEmail(masked_object_fields: Dict, email_field: str) -> Dict: | ||
if email_field in masked_object_fields: | ||
masked_object_fields[email_field] = "Masked@company.com" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
masked_object_fields[email_field] = "Masked@company.com" | |
masked_object_fields[email_field] = "masked@company.com" |
def truncateFieldsTo40Characters(masked_object_fields: Dict) -> Dict: | ||
for key in masked_object_fields: | ||
logger.info(key) | ||
logger.info((masked_object_fields[key])) | ||
if not isinstance(masked_object_fields[key], str): | ||
continue | ||
if len(masked_object_fields[key]) > 40: | ||
masked_object_fields[key] = masked_object_fields[key][:40] | ||
return masked_object_fields |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can simplify this a bit and only log a message when we need to truncate. The comment you added is helpful but it would make sense to add it as a doc string. Finally, make sure to use snake case since that's the convention for Python.
def truncateFieldsTo40Characters(masked_object_fields: Dict) -> Dict: | |
for key in masked_object_fields: | |
logger.info(key) | |
logger.info((masked_object_fields[key])) | |
if not isinstance(masked_object_fields[key], str): | |
continue | |
if len(masked_object_fields[key]) > 40: | |
masked_object_fields[key] = masked_object_fields[key][:40] | |
return masked_object_fields | |
def truncate_fields(masked_object_fields: Dict) -> Dict: | |
""" | |
Check if the masked field is over 40 characters long, if so truncate it to 40 characters. | |
""" | |
for key in masked_object_fields: | |
value = masked_object_fields[key] | |
if isinstance(value, str) and len(value) > 40: | |
logger.info("Truncating {key} field to 40 characters") | |
masked_object_fields[key] = value[:40] | |
return masked_object_fields |
# Masking Email properly so it does not breaks validation rules | ||
# using the privacy request id to have an unique id | ||
def maskEmail(masked_object_fields: Dict, email_field: str) -> Dict: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same as above
# Masking Email properly so it does not breaks validation rules | |
# using the privacy request id to have an unique id | |
def maskEmail(masked_object_fields: Dict, email_field: str) -> Dict: | |
def mask_email(masked_object_fields: Dict, email_field: str) -> Dict: | |
"""Masking email fields properly so they don't break validation rules.""" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I know we have these tests flagged as @pytest.mark.skip(reason="Currently unable to test OAuth2 connectors")
but can you try the following:
- Run the tests by hard-coding the
access_token
in your localsaas_config.toml
? - Use the
erasure_policy_string_rewrite_name_and_email
policy fixture so we can see the email being masked. - Use the new
ConnectorRunner
pattern for the task tests - Verify we have multiple users in Salesforce to verify we only return results for one user
- Verify that multiple entities can have the same email (the masked@company email we're using)
src/fides/api/service/saas_request/override_implementations/salesforce_request_overrides.py
Show resolved
Hide resolved
By the looks of the Campaings Member API docs, it looks like the Campaing Members represents a relationship between Leads and Contacts, and as such, their fields should be updated on their respective endpoints. We already have some fields on the campaign_members dataset collection as read_only, and those that are not, are throwing an 400 error as we are not able to update them. removing the Update endpoint on campaign member. We still want to read it, even if it's a bit of duplicate data, because its relevant to see if its on a campaign, but it should not be updated at all. As we can see on the Screenshots below, updating the Contact and Lead would update the campaing member view correctly |
Campaign Members are a relationship between a campaign and a lead or a contact. Updating the latter two would update user data
|
||
|
||
@pytest.mark.skip(reason="Currently unable to test OAuth2 connectors") | ||
#@pytest.mark.skip(reason="Currently unable to test OAuth2 connectors") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
#@pytest.mark.skip(reason="Currently unable to test OAuth2 connectors") | |
@pytest.mark.skip(reason="Currently unable to test OAuth2 connectors") |
fides Run #10846
Run Properties:
|
Project |
fides
|
Branch Review |
main
|
Run status |
Passed #10846
|
Run duration | 00m 38s |
Commit |
0e36182fd8: LA 83 Fix Salesforce Erasure Data Flow (#5452)
|
Committer | Bruno Gutierrez Rios |
View all properties for this run ↗︎ |
Test results | |
---|---|
Failures |
0
|
Flaky |
0
|
Pending |
0
|
Skipped |
0
|
Passing |
4
|
View all changes introduced in this branch ↗︎ |
Closes LA#83
Pairs With fidesplus#1708
Description Of Changes
Started as a removal of the Account endpoint since that was data from the Business, not a person. Ended up creating custom overrides requests so the validation rules for the other endpoints were passing.
currently the Requests Overrides do two things
masked@company.com
Code Changes
Steps to Confirm
Pre-Merge Checklist
CHANGELOG.md