chore: remove feedback records which are beyond retention policy #2766
Conversation
|
🤖 Hasura Change Summary compared a subset of table metadata including permissions: Updated Tables (1)
|
Mike-Heneghan
force-pushed
the
mh/feedback-post-retention-deletion
branch
from
2e9b95b to
1e9d355
Compare
| @@ -247,6 +247,10 @@ const getFormattedEnvironment = (): string => { | |||
| const pizzaNumber = new URL(process.env.API_URL_EXT!).href.split(".")[1]; | |||
| environment += ` ${pizzaNumber}`; | |||
| } | |||
| // For readability redefine development as local for slack warnings | |||
| if (environment === "development") { | |||
| environment = "local"; | |||
There was a problem hiding this comment.
Context:
I didn't expect to see a Slack message when my local test of running the sanitisation failed. I think the message was very useful but my first (incorrect) instinct was that I'd triggered something in a live environment.
I was relieved when I saw "Development" although with it being the end of the day and being tired and I did wonder if it was referring to staging and if I'd misunderstood the .env setup for the webhook.
Realistically I don't think I'll make this mistake again and I'm happy to leave this as "Development" if there are any strong opinions.
There was a problem hiding this comment.
Local is more explicitly not staging, this is fine by me! All for lowering stress / blood pressure 😂
|
Removed vultr server and associated DNS entries |
- Add deleteFeedback operation - Grant delete and select permissions of the feedback table to the API - Update Hasura test with new permissions
Mike-Heneghan
force-pushed
the
mh/feedback-post-retention-deletion
branch
from
1e9d355 to
9705b7f
Compare
| const { | ||
| feedback: { returning: result }, | ||
| } = await $api.client.request<{ feedback: Result }>(mutation, { | ||
| retentionPeriod: getRetentionPeriod(), |
There was a problem hiding this comment.
Comment
I erroneously looked at the getRetentionPeriod from pay: editor.planx.uk/src/lib/pay.ts which is 28 days 🤦
At the top of the file it has the period as 6 months.
I'm wondering whether we stick to 6 months to be consistent with the rest of the sanitisation or swap it to 28 days as originally planned?
There was a problem hiding this comment.
Yep no problems here - the simpler the better 👍
Let's make sure we communicate this to George / August / Silvia and update Notion to now reflect the changes made in this PR - https://www.notion.so/opensystemslab/Data-Retention-Policy-fcd47af2a8244888b544a1e9c92c88f8
There was a problem hiding this comment.
Great shout! I didn't think to look for a data policy on Notion. The other place is https://www.planx.uk/privacy and Alastair has advised I should give him a shout when the broader feature is ready and he'll update this.
Another place would be the flow setting level privacy policy potentially.
There was a problem hiding this comment.
One small comment / question, but happy for this to go ahead as-is.
I've added a checkbox to the Trello ticket to ensure we remember to update our Data Retention Policy on Notion. This could actually be done now, or after we strip out Feeback Fish.
| @@ -247,6 +247,10 @@ const getFormattedEnvironment = (): string => { | |||
| const pizzaNumber = new URL(process.env.API_URL_EXT!).href.split(".")[1]; | |||
| environment += ` ${pizzaNumber}`; | |||
| } | |||
| // For readability redefine development as local for slack warnings | |||
| if (environment === "development") { | |||
| environment = "local"; | |||
There was a problem hiding this comment.
Local is more explicitly not staging, this is fine by me! All for lowering stress / blood pressure 😂
| const { | ||
| feedback: { returning: result }, | ||
| } = await $api.client.request<{ feedback: Result }>(mutation, { | ||
| retentionPeriod: getRetentionPeriod(), |
There was a problem hiding this comment.
Yep no problems here - the simpler the better 👍
Let's make sure we communicate this to George / August / Silvia and update Notion to now reflect the changes made in this PR - https://www.notion.so/opensystemslab/Data-Retention-Policy-fcd47af2a8244888b544a1e9c92c88f8
| test("can query feedback", () => { | ||
| expect(i.queries).toContain("feedback"); | ||
| }); | ||
|
|
||
| test("cannot create, update, or delete teams", () => { | ||
| expect(i).toHaveNoMutationsFor("feedback"); | ||
| test("cannot update feedback", () => { | ||
| expect(i.mutations).not.toContain("update_feedback"); | ||
| expect(i.mutations).not.toContain("update_feedback_by_pk"); | ||
| }); | ||
|
|
||
| test("can delete feedback", async () => { | ||
| expect(i.mutations).toContain("delete_feedback"); | ||
| }); | ||
|
|
||
| test("cannot insert feedback", async () => { | ||
| expect(i.mutations).not.toContain("insert_feedback"); |
There was a problem hiding this comment.
Thanks for picking this up 👍
| @@ -248,6 +248,29 @@ | |||
| - user_context | |||
| - user_data | |||
| comment: Allow users who want to leave feedback on their experience to write to the table | |||
| select_permissions: | |||
There was a problem hiding this comment.
nit/question: Are these select permissions needed for the mutation DeleteFeedback to work? It looks like we might need id for the returning clause but no more? Genuinely unusure on this one - this could be correct and I just have a hazy memory of how this works 😅
There was a problem hiding this comment.
Ahahahaha I also wasn't sure about this 😅
I added the full column permissions when I was having issues. I couldn't seem to get a straight answer from the docs and I saw that other sanitised tables had the full select permission.
I can work this out by restricting access and testing it not that the feature is working.
There was a problem hiding this comment.
Thanks again for picking up on this @DafyddLlyr I kind of wanted to do this testing but was worried I'd been taking too long on this piece of work. So it was a great excuse to try it out!
As discussed it seems the delete requires select permissions for any columns it references i.e. created_at for the where and id for the return value.
I've updated the permissions to reflect this: b259adc
What
feedbackrecords which were created before the retention policy datedevelopment->localfor Slack warningsWhy
feedbackcan contain personally identifiable information so needs to be sanitised or deleteddevelopmentname is easy to conflate withstagingi.e. our.devenvironmentLocalexplicits shows there's been a failure running sanitisation based on local environmentScreenshot
Rename
Testing
feedbackrecords and manually changed the dates in the hasura console