initial implementation of privacy notice CRUD endpoints

[adamsachs]

❗ Contains migration; check if downrev needs to be bumped before merging.

Closes #2832

Code Changes

• new privacynotice and privacynoticehistory DB tables (and corresponding SQL alchemy classes) to store details about privacy notices, and an "audit trail" for each privacy notice record, respectively
• new privacy_notice:[create|update|read\ scopes added to our scope registry
  • owner and contributor roles have all these scopes
  • viewer (and viewer+approver) roles have privacy_notice:read scope
• GET /api/v1/privacy-notice endpoint to retrieve a list of privacy notices on the system
  • show_disabled param (optional, default =True) determines whether disabled privacy notice records should be returned
  • region param (optional, single-value) allows filtering of privacy notices to show only those associated with the given region
  • systems_applicable param (optional, default=True) determines whether to return only privacy notices that have a data use that is associated with a system
• GET /api/v1/privacy-notice/{privacy_notice_id} endpoint to retrieve details about a specific privacy notice
• POST /api/v1/privacy-notice to create one or more new privacy notice
  • ensures that only valid data uses are provided, and also ensures that the update causes no data use/region conflicts. specifically, for any region, there cannot be multiple privacy notices associated with that region that have an overlapping data use (data uses are hierarchical, so e.g. the data uses of advertisting and advertising.first_party are considered overlapping)
  • if the above validations fail for any new privacy notice specified, an error is thrown and the entire operation is void
• PATCH /api/v1/privacy-notice to update details about one or more new privacy notices
  • an id must be provided on each object in the request body, to indicate which privacy notice the update applies to. the id must point to a valid, existing privacy notice id
  • similar validation behavior on the updated data as the endpoint above

Steps to Confirm

• nothing specific, but spinning up your local fides environment in any normal way should expose these endpoints and allow for some manual testing

Pre-Merge Checklist

• All CI Pipelines Succeeded
• Documentation:
  • documentation complete, PR opened in fidesdocs
  • documentation issue created in fidesdocs
• Issue Requirements are Met
• Relevant Follow-Up Issues Created
• Update CHANGELOG.md
• For API changes, the Postman collection has been updated

Description Of Changes

Foundational APIs for creating, reading, updating privacy notices (and their history/audit records) on Fides. I tried to stick as close to the (very thorough and clear!) spec in confluence.

[cypress]

Passing run #1080 ↗︎

0	3	0	0	0
⚠️ You've recorded test results over your free plan limit. Upgrade your plan to view test results.

Details:

Merge a8828f2 into 057c29e...
Project: fides	Commit: 1b80a8a5b5 ℹ️
Status: Passed	Duration: 00:56 💡
Started: Mar 29, 2023 6:32 PM	Ended: Mar 29, 2023 6:33 PM

_{This comment has been generated by cypress-bot as a result of this project's GitHub integration settings.}

[codecov]

Codecov Report

Patch coverage: 99.62% and project coverage change: +19.61 🎉

Comparison is base (057c29e) 67.24% compared to head (a8828f2) 86.86%.

Additional details and impacted files

@@             Coverage Diff             @@
##             main    #2928       +/-   ##
===========================================
+ Coverage   67.24%   86.86%   +19.61%     
===========================================
  Files         300      303        +3     
  Lines       16922    17177      +255     
  Branches     2162     2195       +33     
===========================================
+ Hits        11380    14921     +3541     
+ Misses       5138     1844     -3294     
- Partials      404      412        +8     

Impacted Files	Coverage Δ
src/fides/lib/oauth/roles.py	100.00% <ø> (ø)
src/fides/api/ctl/sql_models.py	98.09% <91.66%> (-0.40%)	⬇️
src/fides/api/ops/api/v1/api.py	100.00% <100.00%> (ø)
...i/ops/api/v1/endpoints/privacy_notice_endpoints.py	100.00% <100.00%> (ø)
src/fides/api/ops/api/v1/scope_registry.py	100.00% <100.00%> (ø)
src/fides/api/ops/api/v1/urn_registry.py	100.00% <100.00%> (ø)
src/fides/api/ops/db/base.py	100.00% <100.00%> (ø)
src/fides/api/ops/models/policy.py	86.81% <100.00%> (+16.48%)	⬆️
src/fides/api/ops/models/privacy_notice.py	100.00% <100.00%> (ø)
src/fides/api/ops/models/privacy_request.py	96.00% <100.00%> (+23.73%)	⬆️
... and 3 more

... and 130 files with indirect coverage changes

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

[pattisdr]

Starting review now -

[pattisdr]

I think this is great work @adamsachs: your code was clear and easy to follow, and you'd taken time to add good code comments where why certain logic was added was necessary. The check_conflicting_data_uses was the main place that felt a little tricky to trace through but you documented it well. I'd suggest adding some tests on that method specifically and make sure all edge cases are covered.

My comments are minor.

[adamsachs]

@pattisdr i think this is good for another look, hopefully we can get this merged today before the release train leaves the station!

let me know if there's anything else you think i need to address. since your last review, i mainly added test coverage and i also adjusted to create a history entry during privacy notice creation/with each update, not "lagging behind" as i'd had it initially. we can easily revert that if you see problems with the rather hasty adjustment there.

[pattisdr]

looking now @adamsachs thanks for all these changes

[pattisdr]

Thanks for this huge amount of work - this is a great foundation that really sets us up for the rest of the backend consent changes. Really appreciate the extra care that went into the testing on this one. Just a couple of things and we're good to go.