From af00298e7f2d0725343c9a78cffe0b3d9ca30f46 Mon Sep 17 00:00:00 2001 From: Troy Sankey Date: Wed, 31 Jul 2024 18:26:33 -0700 Subject: [PATCH] test: pii check stage actually checks PII instead of not at all. --- .annotation_safe_list.yml | 20 +++++++++++++++++++ .github/workflows/ci.yml | 2 +- CHANGELOG.rst | 4 ++++ enterprise/__init__.py | 2 +- integrated_channels/blackboard/models.py | 4 +++- integrated_channels/canvas/models.py | 4 +++- integrated_channels/degreed/models.py | 2 +- integrated_channels/degreed2/models.py | 2 +- .../integrated_channel/models.py | 5 +++-- .../sap_success_factors/models.py | 4 +++- integrated_channels/xapi/models.py | 4 +++- tox.ini | 5 ++--- 12 files changed, 45 insertions(+), 13 deletions(-) diff --git a/.annotation_safe_list.yml b/.annotation_safe_list.yml index 5282288060..c41bde6af8 100644 --- a/.annotation_safe_list.yml +++ b/.annotation_safe_list.yml @@ -37,3 +37,23 @@ enterprise.HistoricalPendingEnrollment: ".. no_pii:": "" moodle.HistoricalMoodleEnterpriseCustomerConfiguration: ".. no_pii:": "" +enterprise.EnterpriseCourseEntitlement: + ".. no_pii:": "" +enterprise.EnterpriseCustomerSsoConfiguration: + ".. no_pii:": "" +enterprise.HistoricalEnterpriseCourseEntitlement: + ".. no_pii:": "" +enterprise.HistoricalEnterpriseCustomerInviteKey: + ".. no_pii:": "" +enterprise.HistoricalEnterpriseCustomerSsoConfiguration: + ".. no_pii:": "" +enterprise.HistoricalEnterpriseCustomerUser: + ".. no_pii:": "" +enterprise.HistoricalEnterpriseGroup: + ".. no_pii:": "" +enterprise.HistoricalEnterpriseGroupMembership: + ".. no_pii:": "" +enterprise.HistoricalLearnerCreditEnterpriseCourseEnrollment: + ".. no_pii:": "" +enterprise.HistoricalSystemWideEnterpriseUserRoleAssignment: + ".. no_pii:": "" diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f7be57ec72..c89822915d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -18,7 +18,7 @@ jobs: matrix: python-version: - '3.11' - toxenv: [quality, docs, django42-celery53, django42-pii-annotations] + toxenv: [quality, docs, django42-celery53, pii_check] env: RUNJSHINT: true steps: diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 8ef5f4cd2d..f1396120e0 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -17,6 +17,10 @@ Unreleased ---------- * nothing unreleased +[4.23.2] +--------- +* test: pii check stage actually checks PII instead of not at all. + [4.23.1] --------- * fix: don't allow saving duplicate EnterpriseCatalogQuery content_filter diff --git a/enterprise/__init__.py b/enterprise/__init__.py index 6a8c5b9ed9..762c496dc8 100644 --- a/enterprise/__init__.py +++ b/enterprise/__init__.py @@ -2,4 +2,4 @@ Your project description goes here. """ -__version__ = "4.23.1" +__version__ = "4.23.2" diff --git a/integrated_channels/blackboard/models.py b/integrated_channels/blackboard/models.py index 7c906909d3..b4b4f89f38 100644 --- a/integrated_channels/blackboard/models.py +++ b/integrated_channels/blackboard/models.py @@ -279,7 +279,9 @@ class BlackboardLearnerAssessmentDataTransmissionAudit(LearnerDataTransmissionAu The payload correlated to a courses subsection learner data we send to blackboard at a given point in time for an enterprise course enrollment. - .. no_pii: + .. pii: user_email and blackboard_user_email contain PII. Declaring "retained" because I don't know if it's retired. + .. pii_types: email_address + .. pii_retirement: retained """ blackboard_user_email = models.CharField( max_length=255, diff --git a/integrated_channels/canvas/models.py b/integrated_channels/canvas/models.py index a9ad17af20..791e1b6af5 100644 --- a/integrated_channels/canvas/models.py +++ b/integrated_channels/canvas/models.py @@ -181,7 +181,9 @@ class CanvasLearnerAssessmentDataTransmissionAudit(LearnerDataTransmissionAudit) The payload correlated to a courses subsection learner data we send to canvas at a given point in time for an enterprise course enrollment. - .. no_pii: + .. pii: user_email and canvas_user_email contains PII. Declaring "retained" because I don't know if it's retired. + .. pii_types: email_address + .. pii_retirement: retained """ canvas_user_email = models.CharField( max_length=255, diff --git a/integrated_channels/degreed/models.py b/integrated_channels/degreed/models.py index 30a1719ce1..2f790a6649 100644 --- a/integrated_channels/degreed/models.py +++ b/integrated_channels/degreed/models.py @@ -224,7 +224,7 @@ class DegreedLearnerDataTransmissionAudit(LearnerDataTransmissionAudit): """ The payload we sent to Degreed at a given point in time for an enterprise course enrollment. - .. pii: The degreed_user_email model field contains PII. + .. pii: The user_email AND degreed_user_email model fields contain PII. .. pii_types: email_address .. pii_retirement: consumer_api """ diff --git a/integrated_channels/degreed2/models.py b/integrated_channels/degreed2/models.py index f5456ddd96..59ba2ad7f5 100644 --- a/integrated_channels/degreed2/models.py +++ b/integrated_channels/degreed2/models.py @@ -201,7 +201,7 @@ class Degreed2LearnerDataTransmissionAudit(LearnerDataTransmissionAudit): The payload we sent to Degreed2 at a given point in time for an enterprise course enrollment. Ref: https://api.degreed.com/docs/#create-a-new-completion - .. pii: The degreed_user_email model field contains PII. + .. pii: The user_email AND degreed_user_email model fields contain PII. .. pii_types: email_address .. pii_retirement: consumer_api """ diff --git a/integrated_channels/integrated_channel/models.py b/integrated_channels/integrated_channel/models.py index 37e8999f5b..5ddaa37c36 100644 --- a/integrated_channels/integrated_channel/models.py +++ b/integrated_channels/integrated_channel/models.py @@ -497,8 +497,9 @@ class LearnerDataTransmissionAudit(TimeStampedModel): """ The payload we send to an integrated channel at a given point in time for an enterprise course enrollment. - .. pii: The user_email model field contains PII - + .. pii: The user_email model field contains PII. Declaring "retained" because I don't know if it's retired. + .. pii_types: email_address + .. pii_retirement: retained """ # TODO: index customer uuid + plugin coinfig id together, with enrollment id? diff --git a/integrated_channels/sap_success_factors/models.py b/integrated_channels/sap_success_factors/models.py index 9956f95103..79d49d584b 100644 --- a/integrated_channels/sap_success_factors/models.py +++ b/integrated_channels/sap_success_factors/models.py @@ -272,7 +272,9 @@ class SapSuccessFactorsLearnerDataTransmissionAudit(LearnerDataTransmissionAudit """ The payload we sent to SuccessFactors at a given point in time for an enterprise course enrollment. - .. no_pii: + .. pii: The user_email model field contains PII. Declaring "retained" because I don't know if it's retired. + .. pii_types: email_address + .. pii_retirement: retained """ sapsf_user_id = models.CharField(max_length=255, blank=False, null=False) diff --git a/integrated_channels/xapi/models.py b/integrated_channels/xapi/models.py index ad138af39e..679aed89fd 100644 --- a/integrated_channels/xapi/models.py +++ b/integrated_channels/xapi/models.py @@ -71,7 +71,9 @@ class XAPILearnerDataTransmissionAudit(LearnerDataTransmissionAudit): """ The payload we sent to XAPI at a given point in time for an enterprise course enrollment. - .. no_pii: + .. pii: The user_email model field contains PII. Declaring "retained" because I don't know if it's retired. + .. pii_types: email_address + .. pii_retirement: retained """ user = models.ForeignKey( diff --git a/tox.ini b/tox.ini index 6a3f5f5634..ae17d89b0a 100644 --- a/tox.ini +++ b/tox.ini @@ -1,5 +1,5 @@ [tox] -envlist = py{38,311}-django{42}-celery{53}, django{42}-pii-annotations +envlist = py{38,311}-django{42}-celery{53} [doc8] max-line-length = 120 @@ -85,11 +85,10 @@ deps = commands = jasmine -[testenv:pii-annotations] +[testenv:pii_check] setenv = DJANGO_SETTINGS_MODULE = enterprise.settings.test deps = - django42: Django>=4.2,<4.3 -r{toxinidir}/requirements/test.txt commands = code_annotations django_find_annotations --config_file .pii_annotations.yml --lint --report --coverage