-
Notifications
You must be signed in to change notification settings - Fork 72
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Updating custom integrations to support multiple identities #5318
Changes from 1 commit
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -433,24 +433,6 @@ def map_param_values( | |
) | ||
|
||
|
||
def get_identity(privacy_request: Optional[PrivacyRequest]) -> Optional[str]: | ||
""" | ||
Returns a single identity or raises an exception if more than one identity is defined | ||
""" | ||
|
||
if not privacy_request: | ||
return None | ||
|
||
identity_data: Dict[str, Any] = privacy_request.get_cached_identity_data() | ||
# filters out keys where associated value is None or empty str | ||
identities = list({k for k, v in identity_data.items() if v}) | ||
if len(identities) > 1: | ||
raise FidesopsException( | ||
"Only one identity can be specified for SaaS connector traversal" | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This is the error we're currently seeing, but this isn't accurate since we support multiple identities now |
||
) | ||
return identities[0] if identities else None | ||
|
||
|
||
def get_identities(privacy_request: Optional[PrivacyRequest]) -> Set[str]: | ||
""" | ||
Returns a set of cached identity names for the provided privacy request. | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -158,6 +158,7 @@ async def strict_erasure_request( | |
erasure_policy: Policy, | ||
identities: Dict[str, Any], | ||
privacy_request_id: Optional[str] = None, | ||
skip_access_results_check: Optional[bool] = False, | ||
) -> Tuple[Dict, Dict]: | ||
""" | ||
Erasure request with masking_strict set to true, | ||
|
@@ -182,6 +183,7 @@ async def non_strict_erasure_request( | |
erasure_policy: Policy, | ||
identities: Dict[str, Any], | ||
privacy_request_id: Optional[str] = None, | ||
skip_access_results_check: Optional[bool] = False, | ||
) -> Tuple[Dict, Dict]: | ||
""" | ||
Erasure request with masking_strict set to false, | ||
|
@@ -194,7 +196,11 @@ async def non_strict_erasure_request( | |
CONFIG.execution.masking_strict = False | ||
|
||
access_results, erasure_results = await self._base_erasure_request( | ||
access_policy, erasure_policy, identities, privacy_request_id | ||
access_policy, | ||
erasure_policy, | ||
identities, | ||
privacy_request_id, | ||
skip_access_results_check, | ||
) | ||
|
||
# reset masking_strict value | ||
|
@@ -295,6 +301,7 @@ async def _base_erasure_request( | |
erasure_policy: Policy, | ||
identities: Dict[str, Any], | ||
privacy_request_id: Optional[str] = None, | ||
skip_access_results_check: Optional[bool] = False, | ||
) -> Tuple[Dict, Dict]: | ||
from tests.conftest import access_runner_tester, erasure_runner_tester | ||
|
||
|
@@ -340,15 +347,16 @@ async def _base_erasure_request( | |
self.db, | ||
) | ||
|
||
if ( | ||
ActionType.access | ||
in SaaSConfig(**self.connection_config.saas_config).supported_actions | ||
): | ||
# verify we returned at least one row for each collection in the dataset | ||
for collection in self.dataset["collections"]: | ||
assert len( | ||
access_results[f"{fides_key}:{collection['name']}"] | ||
), f"No rows returned for collection '{collection['name']}'" | ||
if not skip_access_results_check: | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Quick fix to avoid checking for access data. This is necessary since our test account for Responsys isn't going to return access data for every collection. |
||
if ( | ||
ActionType.access | ||
in SaaSConfig(**self.connection_config.saas_config).supported_actions | ||
): | ||
# verify we returned at least one row for each collection in the dataset | ||
for collection in self.dataset["collections"]: | ||
assert len( | ||
access_results[f"{fides_key}:{collection['name']}"] | ||
), f"No rows returned for collection '{collection['name']}'" | ||
|
||
erasure_results = erasure_runner_tester( | ||
privacy_request, | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We could extract the code fragment for retrieving the query_ids and query_attributes into its own method for readability, now that we are one level deeper with a for loop. It would help readability