Merge pull request #2191 from openedx/pwnage101/fix-pii-check

test: pii check stage actually checks PII instead of not at all

.annotation_safe_list.yml

@@ -37,3 +37,23 @@ enterprise.HistoricalPendingEnrollment:
     ".. no_pii:": ""
 moodle.HistoricalMoodleEnterpriseCustomerConfiguration:
     ".. no_pii:": ""
+enterprise.EnterpriseCourseEntitlement:
+    ".. no_pii:": ""
+enterprise.EnterpriseCustomerSsoConfiguration:
+    ".. no_pii:": ""
+enterprise.HistoricalEnterpriseCourseEntitlement:
+    ".. no_pii:": ""
+enterprise.HistoricalEnterpriseCustomerInviteKey:
+    ".. no_pii:": ""
+enterprise.HistoricalEnterpriseCustomerSsoConfiguration:
+    ".. no_pii:": ""
+enterprise.HistoricalEnterpriseCustomerUser:
+    ".. no_pii:": ""
+enterprise.HistoricalEnterpriseGroup:
+    ".. no_pii:": ""
+enterprise.HistoricalEnterpriseGroupMembership:
+    ".. no_pii:": ""
+enterprise.HistoricalLearnerCreditEnterpriseCourseEnrollment:
+    ".. no_pii:": ""
+enterprise.HistoricalSystemWideEnterpriseUserRoleAssignment:
+    ".. no_pii:": ""

.github/workflows/ci.yml

@@ -18,7 +18,7 @@ jobs:
       matrix:
         python-version:
         - '3.11'
-        toxenv: [quality, docs, django42-celery53, django42-pii-annotations]
+        toxenv: [quality, docs, django42-celery53, pii_check]
     env:
       RUNJSHINT: true
     steps:

CHANGELOG.rst

@@ -17,6 +17,10 @@ Unreleased
 ----------
 * nothing unreleased
 
+[4.23.2]
+---------
+* test: pii check stage actually checks PII instead of not at all.
+
 [4.23.1]
 ---------
 * fix: don't allow saving duplicate EnterpriseCatalogQuery content_filter

enterprise/__init__.py

@@ -2,4 +2,4 @@
 Your project description goes here.
 """
 
-__version__ = "4.23.1"
+__version__ = "4.23.2"

integrated_channels/blackboard/models.py

@@ -279,7 +279,9 @@ class BlackboardLearnerAssessmentDataTransmissionAudit(LearnerDataTransmissionAu
     The payload correlated to a courses subsection learner data we send to blackboard at a given point in time for an
     enterprise course enrollment.
 
-    .. no_pii:
+    .. pii: user_email and blackboard_user_email contain PII. Declaring "retained" because I don't know if it's retired.
+    .. pii_types: email_address
+    .. pii_retirement: retained
     """
     blackboard_user_email = models.CharField(
         max_length=255,

integrated_channels/canvas/models.py

@@ -181,7 +181,9 @@ class CanvasLearnerAssessmentDataTransmissionAudit(LearnerDataTransmissionAudit)
     The payload correlated to a courses subsection learner data we send to canvas at a given point in time for an
     enterprise course enrollment.
 
-    .. no_pii:
+    .. pii: user_email and canvas_user_email contains PII. Declaring "retained" because I don't know if it's retired.
+    .. pii_types: email_address
+    .. pii_retirement: retained
     """
     canvas_user_email = models.CharField(
         max_length=255,

integrated_channels/degreed/models.py

@@ -224,7 +224,7 @@ class DegreedLearnerDataTransmissionAudit(LearnerDataTransmissionAudit):
     """
     The payload we sent to Degreed at a given point in time for an enterprise course enrollment.
 
-    .. pii: The degreed_user_email model field contains PII.
+    .. pii: The user_email AND degreed_user_email model fields contain PII.
     .. pii_types: email_address
     .. pii_retirement: consumer_api
     """

integrated_channels/degreed2/models.py

@@ -201,7 +201,7 @@ class Degreed2LearnerDataTransmissionAudit(LearnerDataTransmissionAudit):
     The payload we sent to Degreed2 at a given point in time for an enterprise course enrollment.
     Ref: https://api.degreed.com/docs/#create-a-new-completion
 
-    .. pii: The degreed_user_email model field contains PII.
+    .. pii: The user_email AND degreed_user_email model fields contain PII.
     .. pii_types: email_address
     .. pii_retirement: consumer_api
     """

integrated_channels/integrated_channel/models.py

@@ -497,8 +497,9 @@ class LearnerDataTransmissionAudit(TimeStampedModel):
     """
     The payload we send to an integrated channel  at a given point in time for an enterprise course enrollment.
 
-    .. pii: The user_email model field contains PII
-
+    .. pii: The user_email model field contains PII. Declaring "retained" because I don't know if it's retired.
+    .. pii_types: email_address
+    .. pii_retirement: retained
     """
 
     # TODO: index customer uuid + plugin coinfig id together, with enrollment id?

integrated_channels/sap_success_factors/models.py

@@ -272,7 +272,9 @@ class SapSuccessFactorsLearnerDataTransmissionAudit(LearnerDataTransmissionAudit
     """
     The payload we sent to SuccessFactors at a given point in time for an enterprise course enrollment.
 
-    .. no_pii:
+    .. pii: The user_email model field contains PII. Declaring "retained" because I don't know if it's retired.
+    .. pii_types: email_address
+    .. pii_retirement: retained
     """
 
     sapsf_user_id = models.CharField(max_length=255, blank=False, null=False)

integrated_channels/xapi/models.py

@@ -71,7 +71,9 @@ class XAPILearnerDataTransmissionAudit(LearnerDataTransmissionAudit):
     """
     The payload we sent to XAPI at a given point in time for an enterprise course enrollment.
 
-    .. no_pii:
+    .. pii: The user_email model field contains PII. Declaring "retained" because I don't know if it's retired.
+    .. pii_types: email_address
+    .. pii_retirement: retained
     """
 
     user = models.ForeignKey(

tox.ini

@@ -1,5 +1,5 @@
 [tox]
-envlist = py{38,311}-django{42}-celery{53}, django{42}-pii-annotations
+envlist = py{38,311}-django{42}-celery{53}
 
 [doc8]
 max-line-length = 120
@@ -85,11 +85,10 @@ deps =
 commands =
     jasmine
 
-[testenv:pii-annotations]
+[testenv:pii_check]
 setenv =
     DJANGO_SETTINGS_MODULE = enterprise.settings.test
 deps =
-    django42: Django>=4.2,<4.3
     -r{toxinidir}/requirements/test.txt
 commands =
     code_annotations django_find_annotations --config_file .pii_annotations.yml --lint --report --coverage