Tools to replicate sanitized real cases in dev/test environment

[yoomlam]

Innovation Idea: Create a tool to replicate sanitized real cases in dev/test environment

Slack channel: #appeals-ip-replicate-data

Details: Many engineers desire a way to test solutions on real data without affecting prod data. The approach is to create a tool that can export an appeal and associated records, sanitize them of PII, then import them into a dev/test environment.

Hypothesis: If realistic appeals can be replicated in our dev/test environment, then we can test solutions locally and be more confident in the outcome of the solution. This can also be a building block to import more realistic cases into the default dev environment.

User Story: As a developer, I want to recreate sanitized instances of prod data in my dev (or testing) environment so that I can experiment with realistic data.

• The data can be imported to be part of our seed data in the dev DB.
• The data can be imported into the test DB for individual Rspec tests.

Description

Tools to replicate sanitized real cases in dev/test environment

Acceptance Criteria

• Code compiles correctly
• Able to export and import AMA appeals with tasks, issues, hearings, and associated users and orgs

Testing Plan

1. Copy files to prod (or ask Yoom to do it)

INSTANCE=i-06b8441957026bb62
scp lib/helpers/sanit*.rb  lib/helpers/association_wrapper.rb $INSTANCE:/tmp

2. ssm into the instance and move the new files to the Caseflow folder and start a Rails console in prod

sudo bash
cd /opt/caseflow-certification/src
mv -vf /tmp/sanit*.rb /tmp/association_wrapper.rb lib/helpers/

source /opt/caseflow-certification/caseflow-certification_env.sh
IRBRC=/tmp/my_repl.rb bin/rails c

3. In the Rails console, do the following

require "faker"
require "helpers/sanitized_json_configuration.rb"
require "helpers/sanitized_json_exporter.rb"

# Choose a random appeal
appeal=Appeal.find(rand(Appeal.count))
# Examine the appeal
appeal.treee
pp appeal.hearings
IntakeRenderer.patch_intake_classes
puts appeal.render_intake

# Export to a file
sje=SanitizedJsonExporter.new(appeal, verbosity: 5) # Maximize verbosity to see what it's doing
# scroll up to view the verbose output
# Save to file
sje.save('/tmp/appeal1.json', purpose: 'test1')

Note: Multiple appeals can be exported at one time: SanitizedJsonExporter.new(appeal1, appeal2)
4. Exit Rails console and examine the file for PII and sensitive data
5. Once satisfied that there is no sensitive data, copy the file locally. Back on your computer, copy the file:

scp $INSTANCE:'/tmp/appeal*.json' .

6. Then start a local Rails console and import the file.

sji = SanitizedJsonImporter.from_file('appeal1.json', verbosity: 5) # Maximize verbosity to see what it's doing
sji.import
# scroll up to view the verbose output

# Examine results
sji.imported_records # Hash of records imported into the database
sji.reused_records # Existing ActiveRecords that are not imported because they already exist in the database

# Compare appeal to the original in prod
IntakeRenderer.patch_intake_classes
sji.imported_records["appeals"].map{|appeal|
  appeal.treee
  pp appeal.hearings
  puts appeal.render_intake
}

Code Documentation Updates

• Add or update code comments at the top of the class, module, and/or component.

[va-bot]

	1 Warning
⚠️	This is a Big PR. Try to break this down if possible. Stacked pull requests encourage more detailed and thorough code reviews

Generated by 🚫 Danger

[codeclimate]

Code Climate has analyzed commit c7af906 and detected 0 issues on this pull request.

View more on Code Climate.

[yoomlam]

These last 4 methods are used by SanitizedJsonConfiguration

[yoomlam]

This SanitizedJsonConfiguration is specific to the Caseflow domain, while SanitizedJsonExporter/Importer are meant to be domain-independent.

[yoomlam]

These methods are only used by the retrieval: lines above.

[yoomlam]

This will be set to true later when we update Organization singletons in our seed data to have the same id as in prod to avoid problems with MailTeam.singleton returning the wrong record when a MailTeam org with a different id is imported.

[yoomlam]

This only happens when a new field is added for sanitizing and none of the transforms return a non-nil.

[yoomlam]

Demo plan:

• present slide
• show export output in prod, explaining that CAVC remand appeal is associated with a source appeal

# CAVC remand with several issues
Appeal.where(stream_type: "court_remand", docket_type: "hearing").map{|a| [a.id, a.request_issues.count]}
=> [[133016, 4] ...]
appeal=Appeal.find(133016)
appeals=[appeal]
appeals.map &:treee
appeals.map{|a| puts a.render_intake}
sje=SanitizedJsonExporter.new(appeal, verbosity: 5);
sje.save('/tmp/appeal15.json', purpose: 'Mar 19th Demo')

• scan through appeal15.json, noting obviously fake veteran_file_number/ssn/full_name/email and record ids are retained
• describe rspec; run import within rspec, comparing task trees and intake trees (note similar record ids and css_ids for easy referencing with prod data (and consistency across many imports); timestamps are the same); note the source appeal for the CAVC remand is also imported

      sji = SanitizedJsonImporter.from_file('appeal15.json')
      imp_appeal1 = sji.import
      IntakeRenderer.patch_intake_classes  
      sji.imported_records[Appeal.table_name].map{|appeal|
        appeal.treee
        pp appeal.hearings
        puts appeal.render_intake
      }

• describe SanitizedJsonConfiguration: @configuration
• describe how SanitizationTransforms is applied to sanitize field values
• SanitizedJsonExporter (~200 lines) and SanitizedJsonImporter (~300 lines) are domain-independent, which means they can be reused for other databases.

[yoomlam]

The User class has this curious index:

ActiveRecord::Base.connection.indexes(User.table_name).select(&:unique).first.columns
=> "upper((css_id)::text)"

instead of the typical Array:

ActiveRecord::Base.connection.indexes(Organization.table_name).select(&:unique).first.columns
=> ["url"]

[yoomlam]

I'd like to update the column comments in schema.rb so that these PII fields can be automatically identified, so we don't have to specify sanitize_fields manually here.

[tomas-nava]

Not quite done reviewing, but wanted to give you something to respond to.

I followed the testing plan and successfully exported & imported a relatively complex record. Most of my comments are minor. I will continue reviewing this week.

Something that occurred to me while using: you could put a check on SanitizedJsonImporter that stops it from importing if Rails.env.production?

[yoomlam]

Added documentation: https://github.com/department-of-veterans-affairs/caseflow/wiki/Exporting-and-Importing-Appeals

[tomas-nava]

approve! with non-blocking questions/suggestions

[tomas-nava]

what happens if it's still not unique after 10 tries?

[yoomlam]

It uses the last generated value and moves on. The user can rerun the export as well.