Adding support for configuring enabled actions

[galvana]

Description Of Changes

⚠️ Requires the corresponding branch in fidesplus to test https://github.com/ethyca/fidesplus/pull/1205

Adding the ability to specify which privacy actions (access, erasure, consent) to enable for a system integration. The new Enabled actions field is a multi-select with the options being the actions supported by the integration.

Code Changes

• Updated the ConnectorParamaters component to call the fidesplus versions of the system integration endpoints if fidesplus is available
• Updated the ConnectorParameterForm to conditionally render the Enabled actions field if fidesplus is enabled AND there is more than one action to choose from. The option to disable an action won't be available if it's the only action.
• Added fidesplus versions of patchSystemConnectionConfigs and createSaasConnectionConfig to plus.slice.ts
• Updated select models with supported_actions and enabled_actions fields
• Refactored the has_access, has_erasure, has_consent logic in connection_type.py and moved it to saas_config.py
• Minor cleanup of the connector_registry_service.py
• Minor field name fixes (SSH required)

Steps to Confirm

• Start fidesplus
• Start the Admin UI
• Create a new system
• Select a new integration from the integration search
• Note the default values for the Enabled actions
  • Database connectors should have access and erasure
  • SaaS connectors will vary based on the supported actions
  • Not available for email connectors since they only support one action, either erasure or consent
  • Manual connectors should have access and erasure
• For the integrations with the Enabled actions field enabled, make a change and verify the change persists
• Shut down fidesplus and start fides, verify the field is not available for any of the broad connector types (DB, SaaS, email, manual)

Pre-Merge Checklist

• All CI Pipelines Succeeded
• Documentation:
  • documentation complete, PR opened in fidesdocs
• Issue Requirements are Met
• Update CHANGELOG.md

[galvana]

Refactoring to use a SaaSConfig instead of a Dict this way it's more consistent with the way it's done in other places in this file.

[adamsachs]

that seems good 👍

[galvana]

This logic was simplified and moved to the SaaSConfig https://github.com/ethyca/fides/pull/4374/files#diff-e02882cee5e6ee2325e4d613abed561b386e3e15064d0a1cbb41785a5d3f6d1aR483

[adamsachs]

nice! like the refactor here 👍

[galvana]

DB connectors will support access and erasure by default

[galvana]

Changing SSH required to use sentence-case to be consistent with the other field labels.

[adamsachs]

how dare you!

[galvana]

This function is used by both fides and fidesplus endpoints so we need to perform this attribute check to map the enabled_actions attribute which is only found in fidesplus.

[adamsachs]

yeah, this is an interesting pattern. i can't say i love it, it feels like a development footgun moving forward - we're implying (in a pretty cryptic manner) that someone developing here in fides knows about something defined over in fidesplus. i'm wouldn't be surprised if we do that in some other places already, but my gut-instinct tells me it's something we should try to avoid if possible.

i'll make a broader comment on the PR at this point, since i think this is a holistic concern - not tied to this particular code block, even though this is where it's manifested

[galvana]

These two model changes were generated by openapi:generate but I didn't keep the other changes to avoid a huge diff.

[cypress]

Passing run #5175 ↗︎

0	4	0	0	0
⚠️ You've recorded test results over your free plan limit. Upgrade your plan to view test results.

Details:

Merge 796bf00 into 1e6d9fb...
Project: fides	Commit: cfc8d136ef ℹ️
Status: Passed	Duration: 00:54 💡
Started: Nov 10, 2023 3:38 AM	Ended: Nov 10, 2023 3:38 AM

Review all test suite changes for PR #4374 ↗︎

[adamsachs]

@galvana broadly this looks good, i just get concerned with any sort of reverse dependency of OSS on plus. i know it's not a hard dependency, but see my inline comment for the concern - basically it's a maintainability/development concern. having an expectation within the BE OSS codebase that we need to be aware of things defined in plus sets a bad precedent. we may do it in other places, but i don't think it should be encouraged.

i know we're trying to layer in a plus-only feature on top of a lot of OSS plumbing that i'm sure needs to stay in OSS, or at least can't be quickly moved out. so if we need to do this here, i'm not going to totally hold this up. i know we're not purists on this, nor should we be - i just want to see if there's anything we can think of to untangle this.

what's first popping into my head - how about some sort of override/extension of create_connection_config_from_template_no_save in plus that has the enabled action handling tacked on top of the rest of the function defined in OSS? basically just keeping all enabled_action logic in plus...

happy to talk this one over. maybe my concern's misplaced/overblown. in any case, i don't think this path forward is totally unviable -- if we need to do it, we can. it just adds some tech debt and feels to me like an antipattern we should strive to avoid, if we can.

edit: i've got a tweak that would address the main point of my concern, and i think it'd be cleaner code generally. still untested though! let me know what you think... #4386 and https://github.com/ethyca/fidesplus/pull/1210

[adamsachs]

yeah, this is an interesting pattern. i can't say i love it, it feels like a development footgun moving forward - we're implying (in a pretty cryptic manner) that someone developing here in fides knows about something defined over in fidesplus. i'm wouldn't be surprised if we do that in some other places already, but my gut-instinct tells me it's something we should try to avoid if possible.

i'll make a broader comment on the PR at this point, since i think this is a holistic concern - not tied to this particular code block, even though this is where it's manifested

[adamsachs]

how dare you!

[adamsachs]

nice! like the refactor here 👍

[adamsachs]

that seems good 👍

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

1 Ignored Deployment

Name	Status	Preview	Comments	Updated (UTC)
fides-plus-nightly	⬜️ Ignored (Inspect)	Visit Preview		Nov 10, 2023 3:23am

[codecov]

Codecov Report

Attention: 5 lines in your changes are missing coverage. Please review.

Comparison is base (1e6d9fb) 87.08% compared to head (796bf00) 87.09%.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #4374   +/-   ##
=======================================
  Coverage   87.08%   87.09%           
=======================================
  Files         329      329           
  Lines       20309    20354   +45     
  Branches     2610     2621   +11     
=======================================
+ Hits        17687    17728   +41     
- Misses       2160     2163    +3     
- Partials      462      463    +1     

Files	Coverage Δ
src/fides/api/common_exceptions.py	91.48% <100.00%> (+0.09%)	⬆️
src/fides/api/models/manual_webhook.py	100.00% <100.00%> (ø)
...emas/connection_configuration/connection_config.py	100.00% <100.00%> (ø)
...nnection_configuration/connection_secrets_mysql.py	100.00% <ø> (ø)
...ction_configuration/connection_secrets_postgres.py	100.00% <ø> (ø)
...ction_configuration/connection_secrets_redshift.py	100.00% <ø> (ø)
...ection_configuration/connection_type_system_map.py	100.00% <100.00%> (ø)
...ction_configuration/saas_config_template_values.py	100.00% <100.00%> (ø)
src/fides/api/schemas/saas/connector_template.py	84.61% <100.00%> (+1.28%)	⬆️
src/fides/api/schemas/saas/saas_config.py	95.88% <100.00%> (+0.19%)	⬆️
... and 5 more

... and 1 file with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[adamsachs]

ok from a BE perspective this is looking good to me! i had a few comments on the plus PR of things you may look to tweak, but i don't think any of those would require updates here.

a couple of notes that we just need to consider before merging:

• reminder to update the readme :)
• i haven't done any code review on the FE pieces, so it may be good to have a FE dev specifically review those?
• i haven't gotten a chance to perform any UAT on this - and that feels like that'd probably be a good idea, particularly if there hasn't been any FE code review! i can get to that tomorrow if that's OK?

[allisonking]

taking a look! getting an error once I select an integration:

[allisonking]

taking a look! getting an error once I select an integration:

Never mind, I think I needed to run fidesplus with dev_prerelease to get this working!

[allisonking]

this is looking good! the only thing that might be odd is when I try to autogenerate TS types off of your fidesplus branch, the enabled_actions field gets deleted from CreateConnectionConfigurationWithSecrets—is that expected?

[allisonking]

thanks for adding these tests! 💯

[allisonking]

normally it'd be better to do this as part of a validation schema, but I don't think this form has one... it does validation pretty oddly, so this is in line with the component, just making a note!

[galvana]

this is looking good! the only thing that might be odd is when I try to autogenerate TS types off of your fidesplus branch, the enabled_actions field gets deleted from CreateConnectionConfigurationWithSecrets—is that expected?

Yes @allisonking, that's expected, enabled_actions was moved to the fidesplus model CreateConnectionConfigurationWithSecretsExtended

[adamsachs]

UAT tested this piece on RC, looks good! still haven't yet confirmed the effect of enabled actions but the form functionality (including saving/persisting changes) looks good 👍