Send config events #75
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -260,6 +260,18 @@ DfE::Analytics.config.anonymise_web_request_user_id = false | |
|
|
||
| Anonymisation of `user_id` would be required if the source field in the schema is in `analytics_pii.yml` so that analysts can join the IDs together. If the `user_id` is not in `analytics_pii.yml` but is in `analytics.yml` then `user_id` anonymisation would *not* be required so that the IDs could still be joined together. | ||
|
|
||
| ### Data Anonymisation Algorithm | ||
|
|
||
| Generally all PII data should be anonymised, including data that directly or indirect references PII, for example database IDs. | ||
|
|
||
| The `dfe-analytics` gem also anonymises such data, if it is configured to do so. If you are anonymising database IDs in your code (in custom events for example), then you should uses the same hashing algorithm for anonymisation that the gem uses. | ||
|
|
||
| The following method should be used in your code for anonymisation: | ||
|
There was a problem hiding this comment. @asatwal worth explaining why? i.e. "... to ensure that pseudonymised data can still be joined to other pseudonymised data" |
||
|
|
||
| ```ruby | ||
| DfE::Analytics.anonymise(value) | ||
| ``` | ||
|
|
||
|
There was a problem hiding this comment. @asatwal worth adding a note here to say that the GoogleSQL equivalent of this is There was a problem hiding this comment. I think that could usefully go into a comment in the There was a problem hiding this comment. Agree. I'm trying to keep too much technical details out of the READ.me anyway as it's getting very long. |
||
| ### Adding specs | ||
|
|
||
| #### Testing modes | ||
|
|
@@ -432,8 +444,11 @@ Please note that page caching is project specific and each project must carefull | |
| > It could be nice to have tests to prove that connectivity to GCP still works after an update, but we aren't setup for that yet. | ||
| 3. (Optional) Verify committed `CHANGELOG.md` changes and alter if necessary: `git show` | ||
| 4. Push the branch: `git push origin v${NEW_VERSION}-release`, e.g. `git push origin v1.3.0-release` | ||
| 5. Cut a PR on GitHub with the label `version-release`, and wait for approval | ||
| 6. Once the PR is approved push the tags, immediately prior to merging: `git push --tags` | ||
|
There was a problem hiding this comment. Thank you — that was bugging me! |
||
| 7. Merge the PR. | ||
|
|
||
| IMPORTANT: Pushing the tags will immediately make the release available even on a unmerged branch. Therefore, push the tags to Github only when the PR is approved and immediately prior to merging the PR. | ||
|
|
||
| ## License | ||
|
|
||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -5,7 +5,14 @@ | |
| module DfE | ||
| module Analytics | ||
| class Event | ||
| EVENT_TYPES = %w[ | ||
| web_request | ||
| create_entity | ||
| update_entity | ||
| delete_entity | ||
| import_entity | ||
| analytics_initialise | ||
|
There was a problem hiding this comment. @asatwal maybe ignore this (!) but given we've used verb_noun form for the entity event types what would you think of using There was a problem hiding this comment. @stevenleggdfe yes |
||
| ].freeze | ||
|
|
||
| def initialize | ||
| time_zone = 'London' | ||
|
|
@@ -24,9 +31,7 @@ def with_type(type) | |
| allowed_types = EVENT_TYPES + DfE::Analytics.custom_events | ||
| raise 'Invalid analytics event type' unless allowed_types.include?(type.to_s) | ||
|
|
||
| @event_hash.merge!(event_type: type) | ||
|
|
||
| self | ||
| end | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,34 @@ | ||
| # frozen_string_literal: true | ||
|
|
||
| module DfE | ||
| module Analytics | ||
| # Send event on dfe analytics startup during initialisation | ||
| # - Event contains the dfe analytics version, config and other items | ||
| class Initialise | ||
| def self.trigger_initialise_event | ||
| new.send_initialise_event | ||
| end | ||
|
|
||
| def send_initialise_event | ||
| return unless DfE::Analytics.enabled? | ||
|
|
||
| initialise_event = DfE::Analytics::Event.new | ||
| .with_type('analytics_initialise') | ||
| .with_data(initialise_data) | ||
|
|
||
| DfE::Analytics::SendEvents.do([initialise_event.as_json]) | ||
| end | ||
|
|
||
| private | ||
|
|
||
| def initialise_data | ||
|
There was a problem hiding this comment. is this |
||
| { | ||
| analytics_version: DfE::Analytics::VERSION, | ||
| config: { | ||
| anonymise_web_request_user_id: DfE::Analytics.config.anonymise_web_request_user_id | ||
| } | ||
| } | ||
| end | ||
| end | ||
| end | ||
| end | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,24 @@ | ||
| # frozen_string_literal: true | ||
|
|
||
| RSpec.describe DfE::Analytics::Initialise do | ||
| before do | ||
| allow(DfE::Analytics::SendEvents).to receive(:perform_later) | ||
| allow(DfE::Analytics).to receive(:enabled?).and_return(true) | ||
| end | ||
|
|
||
| describe 'trigger_initialise_event ' do | ||
| it 'includes the expected attributes' do | ||
| described_class.trigger_initialise_event | ||
|
|
||
| expect(DfE::Analytics::SendEvents).to have_received(:perform_later) | ||
| .with([a_hash_including({ | ||
| 'event_type' => 'analytics_initialise', | ||
| 'data' => [ | ||
| { 'key' => 'analytics_version', 'value' => [DfE::Analytics::VERSION] }, | ||
| { 'key' => 'config', | ||
| 'value' => ['{"anonymise_web_request_user_id":false}'] } | ||
| ] | ||
| })]) | ||
| end | ||
| end | ||
| end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@asatwal should we label this pseudonymisation rather than anonymisation to match ICO terminology? Technically the approach we take is not true anonymisation, so under GDPR is still PII. The advantage is masking which helps with security, rather than eliminating the need for it.
And also in other places where we've used the term.
See https://ico.org.uk/media/about-the-ico/consultations/4019579/chapter-3-anonymisation-guidance.pdf for more info
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
TIL!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@stevenleggdfe agree that pseudonymisation would be better terminology. However, historically it's been called anonymisation in the gem and there are methods such as
DfE::Analytics.anonymisethat are used externally and config variables that would need to be updated as well as all the other documentation. For consistency we would have to update all these and this would be part of a bigger change with external dependencies, so I don't want to tackle this just yet.Strictly speaking, this is just a hashing algorithm, so I would say it's more correct to call this "hashing" rather than "anonymisation", but that's a different story.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@stevenleggdfe I decided to action this review comment in the end as this is a sensitive and important area.
The only item I didn't change is the
anonymised_user_agent_and_ipfield in event data for web requests. I thought this item would require a big migration and also this data doesn't identify a user right ? Only a user session ?I've kept the
DfE:Analytics.anonymisefor backwards compatibility. We can deprecate in future releases. I believe the only team that use this is tv, although I think it's best to send out deprecation warnings and remove in a more release friendly way.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sounds good to me - thank you!