Skip to content

Latest commit

 

History

History
168 lines (128 loc) · 12.1 KB

asset-ownership-transfer.md

File metadata and controls

168 lines (128 loc) · 12.1 KB

Asset Ownership Transfer

{% hint style="info" %} This feature is released under inQuiry 8.0.0 release. {% endhint %}

Overview

The user deletion requirement in inQuiry has been originated from the below requirement.

PRD: [PRD] Delete Account functionality

BE Design Lern - [Design] Delete Account Functionality

FE Design Lern - [Design] [Front-end]Delete User Functionality

What is changing?

The user can request for deletion of their account in Sunbird, this means two primary actions to happen.

  1. User's Personal Identifiable Information (PII) needs to be removed
  2. The assets (like questions, questionSets, content etc) that was created by this user needs to be transferred to an identified user.

Changes for Learn:

  1. Learn BB provided ownership transfer api which produces a kafka event on <env>.user.ownership.transfer topic.
  2. For more details on these api's, please visit

Changes for inQuiry:

  1. Asset Ownership Transfer feature released under inQuiry 8.0.0 release.

  2. inQuiry provided a flink job user-pii-data-updater for Asset Ownership Transfer.

  3. The flink job listen to both kafka topic and process the data accordingly.

  4. The job works for all object type (including Content, Collection, Assets) which are configured.

  5. The flink job search for all objects (configured with flink job) owned by deleted user and update the ownership field (createdBy) to the new user specified in the event.

  6. If specific asset is mentioned while making ownership transfer api call, only that asset ownership will be transferred.

  7. The job also update the pii field value by combining firstName and lastName of the new user who is going to own the asset.

  8. The job validates the role of new user against pre-configured roles in the job. If any value matches, then only it proceeds with further processing.

  9. Sample PII Config is as below:
    Sample File Reference: schemas/question/1.1/config.json

    "PII_Fields": { "user": { "createdBy": ["creator"] }, "org": { } }

Release Tags:

ComponentService to be BuildBuild TagDeploy JobDeployment TagComment
InquiryKafkaSetupNANADeploy/job/dev/job/KnowledgePlatform/job/InquiryKafkaSetup/release-8.0.0_RC1A new kafka topic <env>.user.ownership.transfer has to be created for user-pii-data-updater flink job
InQuiryFlink JobBuild/job/KnowledgePlatform/job/InquiryFlinkJobrelease-8.0.0_RC1Deploy/job/dev/job/KnowledgePlatform/job/InquiryFlinkJob/release-8.0.0_RC1Flink Job user-pii-data-updater is modified to support ownership transfer use case

Config File Reference For Above Job: https://github.com/Sunbird-inQuiry/data-pipeline/blob/c30fd964c440b62afcabde8ce896cc1ce1b15f89/kubernetes/helm_charts/datapipeline_jobs/values.j2#L264

Variables:

Existing Variables of user-pii-data-updater flink job (for PII Cleanup Use case):

Variable Name Description Default Value
user_pii_updater_kafka_topic_name Input Kafka Topic Name for pii cleanup {{ env_name }}.delete.user
user_pii_updater_group Group Name For The Flink Job {{ env_name }}-user-pii-updater-group
user_pii_target_object_types Target Object Type and Schema Version should be configured as value . e.g: If you want to process 5 different objects for deleted user, then all 5 object types should be part of this configuration along with corresponding schema versions. '{ "Question": ["1.0", "1.1"], "QuestionSet": ["1.0", "1.1"] }'
user_pii_replacement_value The value which need to be inserted for target pii fields. "Deleted User"
admin_email_notification_enable This falg is used to enable/disable email notification for admin true
user_org_service_base_url Base Url of userorg service for sending notification "http://{{private_ingressgateway_ip}}/userorg"
email_notification_subject Subject Line for Email Notification "User Account Deletion Notification"
email_notification_regards Value For Regards in Email Notification "Team"

New Variables Added to user-pii-data-updater flink job for Ownership Transfer Use case:

Variable Name Description Default Value
ownership_transfer_kafka_topic_name Input Kafka Topic Name for asset ownership transfer {{ env_name }}.user.ownership.transfer
ownership_transfer_user_roles valid roles for new user who is going to take ownership ["CONTENT_CREATOR", "BOOK_CREATOR"]

Code And Configuration Changes:

If you are interested in adopting this feature by making code changes in your forked repository of sunbird, then please checkout below code and configuration changes:

Code Changes:



For user-pii-data-updater flink job code, please checkout the link below:

{% embed url="https://github.com/Sunbird-inQuiry/data-pipeline/tree/release-8.0.0/user-pii-data-updater" %}

Configuration Changes:

Below changes need to be done for creating kafka topic needed by user-pii-data-updater-job:
ansible/roles/inquiry-setup-kafka/defaults/main.yml

- name: user.ownership.transfer
    num_of_partitions: 1
    replication_factor: 1
    
- name: user.ownership.transfer
    retention_time: 172800000
    replication_factor: 1

If the above topic already exists, you can skip this change.

Configuration Changes:
Add below configuration in kubernetes/helm_charts/datapipeline_jobs/values.j2 file:

For Variables used in below configuration, please refer to Variables Section Above.

user-pii-data-updater:
  user-pii-data-updater: |+
    include file("/data/flink/conf/base-config.conf")
    kafka {
      input {
        user_pii_topic = "{{ user_pii_updater_kafka_topic_name }}"
        ownership_transfer_topic = "{{ ownership_transfer_kafka_topic_name }}"
      }
      groupId = "{{ user_pii_updater_group }}"
    }
    task {
      consumer.parallelism = 1
      parallelism = 1
      router.parallelism = 1
    }
    target_object_types={{ user_pii_target_object_types }}
    user_pii_replacement_value="{{ user_pii_replacement_value }}"
    admin_email_notification_enable={{ enable_admin_email_notification | default('true') }}
    userorg_service_base_url="{{ user_org_service_base_url }}"
    notification {
      email {
        subject: "{{ email_notification_subject }}",
        regards: "{{ email_notification_regards }}"
      }
    },
    ownership_transfer_roles={{ ownership_transfer_user_roles }}
  flink-conf: |+
    jobmanager.memory.flink.size: {{ flink_job_names['user-pii-data-updater'].jobmanager_memory }}
    taskmanager.memory.flink.size: {{ flink_job_names['user-pii-data-updater'].taskmanager_memory }}
    taskmanager.numberOfTaskSlots: {{ flink_job_names['user-pii-data-updater'].taskslots }}
    parallelism.default: 1
    jobmanager.execution.failover-strategy: region
    taskmanager.memory.network.fraction: 0.1

Add below configuration in kubernetes/ansible/roles/flink-jobs-deploy/defaults/main.yml file:

flink_job_names:
  user-pii-data-updater:
    job_class_name: 'org.sunbird.job.user.pii.updater.task.UserPiiUpdaterStreamTask'
    replica: 1
    jobmanager_memory: 2048m
    taskmanager_memory: 2048m
    taskslots: 1
    cpu_requests: 0.3


### user-pii-data-updater config
user_pii_updater_kafka_topic_name: "{{ env_name }}.delete.user"
ownership_transfer_kafka_topic_name: "{{ env_name }}.user.ownership.transfer"
user_pii_updater_group: "{{ env_name }}-user-pii-updater-group"
user_pii_target_object_types: '{
  "Question": ["1.0", "1.1"],
  "QuestionSet": ["1.0", "1.1"]
}'
user_pii_replacement_value: "Deleted User"
user_org_service_base_url: "http://{{private_ingressgateway_ip}}/userorg"
email_notification_subject: "User Account Deletion Notification"
email_notification_regards: "Team"

ownership_transfer_user_roles: '["CONTENT_CREATOR", "BOOK_CREATOR"]'