Skip to content
This repository has been archived by the owner on Nov 30, 2022. It is now read-only.

Add Default Policies [#624] #654

Merged
merged 12 commits into from
Jun 16, 2022
Merged

Add Default Policies [#624] #654

merged 12 commits into from
Jun 16, 2022

Conversation

pattisdr
Copy link
Contributor

@pattisdr pattisdr commented Jun 14, 2022
edited

❗ Contains data migration; check downrev before merging

Purpose

Ship Fidesops with two default Policies: download and delete so Fidesops instances can run privacy requests right away.
The policies are created as a data migration.

Changes

Adds a data migration that:

  • Creates a local StorageConfig
  • Creates a Client with a specific fides_key
  • If a download policy does not exist, create one, with a Rule using the localstorage and the the RuleTarget looking at identifiable data, with the autogenerated client above
  • If a delete policy does not exist, create one, with a Rule that using a string masking strategy, targeting identifiable data, with the autogenerated client above
  • Reverse migration only removes the download/delete policies and their associated resources if they were created by the autogenerated client.

Note: this does not create resources in test mode (pytest)

Checklist

  • Update CHANGELOG.md file
    • Merge in main so the most recent CHANGELOG.md file is being appended to
    • Add description within the Unreleased section in an appropriate category. Add a new category from the list at the top of the file if the needed one isn't already there.
    • Add a link to this PR at the end of the description with the PR number as the text. example: #1
  • Applicable documentation updated (guides, quickstart, postman collections, tutorial, fidesdemo, database diagram.
  • If docs updated (select one):
    • documentation complete, or draft/outline provided (tag docs-team to complete/review on this branch)
    • documentation issue created (tag docs-team to complete issue separately)
  • Good unit test/integration test coverage
  • This PR contains a DB migration. If checked, the reviewer should confirm with the author that the down_revision correctly references the previous migration before merging
  • The Run Unsafe PR Checks label has been applied, and checks have passed, if this PR touches any external services

Ticket

Fixes #624

@pattisdr pattisdr marked this pull request as ready for review June 15, 2022 02:27
eastandwestwind
eastandwestwind reviewed Jun 15, 2022
View reviewed changes
Copy link
Contributor

@eastandwestwind eastandwestwind left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Couple questions related to docs:

  1. Should we add to docs somewhere that these Policies are already created by default, to avoid confusion?

Some places in docs where this might make sense- https://ethyca.github.io/fidesops/postman/using_postman/

https://ethyca.github.io/fidesops/guides/policies/

  1. test mode / dev mode do diff things and can be confusing to someone first looking at config vars. I think it would be useful to better clarify in docs what setting these vars actually do, perhaps in a separate PR.

@pattisdr
Copy link
Contributor Author

Thanks @eastandwestwind I'll look into clarifying these items in the docs

@pattisdr
Copy link
Contributor Author

@ethyca/docs-authors minor docs added to describe the two autogenerated policies that ship with Fidesops and clarify that the TESTING variable is set by Pytest for when we run unit tests.

eastandwestwind
eastandwestwind reviewed Jun 15, 2022
View reviewed changes
Copy link
Contributor

@eastandwestwind eastandwestwind left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @pattisdr , thumbs up from me!

@seanpreston seanpreston self-assigned this Jun 15, 2022
@pattisdr @conceptualshark
Update docs/fidesops/docs/guides/policies.md
8534241 
Co-authored-by: Cole Isaac <82131455+conceptualshark@users.noreply.github.com>
@seanpreston seanpreston merged commit 2955601 into main Jun 16, 2022
@seanpreston seanpreston deleted the fidesops_624_default_policies branch June 16, 2022 17:27
sanders41 pushed a commit that referenced this pull request Sep 22, 2022
@pattisdr @conceptualshark
Add Default Policies [#624] (#654)
9664c6a 
* WIP: Add a data migration that autogenerates a default 'download' and 'delete' policy.

* Bump downrev and add logging for data migration steps.

* Try importing models from db.base.

* Use the connection currently being used to emit SQL to the database.

* Skip adding default policies to test database.

* Refactor so we're querying in SQL and not relying on SQLAlchemy models.

* Add default policies to policy guides and clarify that the TESTING env variable is primarily set by pytest.

* Update docs/fidesops/docs/guides/policies.md

Co-authored-by: Cole Isaac <82131455+conceptualshark@users.noreply.github.com>

Co-authored-by: Cole Isaac <82131455+conceptualshark@users.noreply.github.com>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@eastandwestwind eastandwestwind eastandwestwind left review comments

@conceptualshark conceptualshark conceptualshark left review comments

@seanpreston seanpreston seanpreston approved these changes

Assignees

@seanpreston seanpreston

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Migration to add default access + erasure policies to Fidesops
4 participants
@pattisdr @seanpreston @eastandwestwind @conceptualshark