#7294 Add GDPR script for release-monitoring.org
Opened 5 months ago by jcline. Modified 3 months ago

  • Describe what you need us to do:

There needs to be a script for GDPR for release-monitoring.org. It now has user accounts and saves the user's email address.

  • When do you need this? (YYYY/MM/DD)

  • When is this no longer needed or useful? (YYYY/MM/DD)

When GDPR isn't a thing.

  • If we cannot complete your request, what is the impact?

Admins have to manually query release-monitoring.org for GDPR data.


Metadata Update from @bowlofeggs:
- Issue priority set to: Waiting on Assignee (was: Needs Review)
- Issue tagged with: release-monitoring

5 months ago

@zlopez Might you be able to work on this? we have a SOP about how to make the playbooks: https://fedora-infra-docs.readthedocs.io/en/latest/sysadmin-guide/sops/gdpr_sar.html

Happy to help out..

@kevin
I'm working on the script for GDPR right now and I'm not sure if we should also print informations we have from third party authorization providers (FAS, Yahoo or OpenId)?
Right now I'm dumping every information from users table about user.

On Thu, 2018-10-25 at 12:08 +0000, Michal Kone=C4=8Dn=C3=BD wrote:

I'm working on the script for GDPR right now and I'm not sure if we
should also print informations we have from third party authorization
providers (FAS, Yahoo or OpenId)?

If it's being stored in our database and it's personal information,
then we should include it, so I'd say yes.

@bowlofeggs
Thanks for answer, I will try to get it from the social_auth table.

Script is done - https://github.com/release-monitoring/anitya/pull/649

Now I need to do changes in ansible. Is there any specific place where the environment variables should be added?

@bowlofeggs
I already have this open, but I'm not sure where I should add the environ variables:
sar_script
sar_script_user
sar_output_file

Is there any specific ansible script, or should I add them where I think appropriate?

@zlopez The SOP says you need to define it in the host vars for the host you want to run it on. So, as an example, Bodhi's run on bodhi-backend02, so they are defined here:

https://infrastructure.fedoraproject.org/cgit/ansible.git/tree/inventory/host_vars/bodhi-backend02.phx2.fedoraproject.org#n17

You should be able to find a file for the host you want to run it on in that same folder.

Would you like to send a PR to the SOP to make that clearer?

@bowlofeggs
Is this same for openshift applications?

On Mon, 2018-10-29 at 16:02 +0000, Michal Kone=C4=8Dn=C3=BD wrote:

Is this same for openshift applications?

Hmmmm, that is a good question. When we designed the GDPR playbook, we
definitely didn't this situation into account. It was assumed you had a
host that could be ssh'd to by Ansible that can run the script. Is
there a way to ssh to OpenShift apps? I don't know of one, but perhaps
its possible to use oc rsh in some way to accomplish this from the
playbook?

@puiterwijk @kevin: do you have ideas on how an Ansible playbook could
run a script in an OpenShift container?

There is a 'oc exec' but it needs the full pod name, so you would need to do a 'oc get pods -n namespace' first, parse out the running one and pass that into the oc-exec.

I'm not sure if there's any other way. ;(

The GDPR script is merged and will be available in next release

Login to comment on this ticket.

Metadata