Versions Compared

Old Version 5

changes.mady.by.user Gopesh Yadav

Saved on

compared with

New Version 6

changes.mady.by.user Gopesh Yadav

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Promotion Steps:

  • Promotion of encryption service

    • Choose values for following fields

      • master-password: choose any string of any length (can contain alphanumerics and special characters)

      • master-salt: choose any string of length 8 (can contain alphanumerics and special characters)

      • master-initialvector: choose any string of length 12 (can contain alphanumerics and special characters)

      • Ask Devops to generate keys for above selected values,

      • In environment secrets.yml file, add “egov-enc-service” subsection under “secrets” section and provide values for above three fields. For ex:- for Dev environment https://github.com/egovernments/eGov-infraOps/blob/master/helm/environments/dev-secrets.yaml#L29 (Ask Devops to do it)

    • Promote egov-enc-service:4-master-f47bff2

    • Make sure “egov-enc-service“ entry is present in “egov-service-host” in environment yml ,ex:- for dev https://github.com/egovernments/eGov-infraOps/blob/master/helm/environments/dev.yaml#L65 . If not, make changes and build and deploy zuul from master branch.

  • Data migration steps (migration script and config in attachment):-

    • Provide DB details in following environment variables

      • DB_PASSWORD

      • DB_HOST

      • DB_PORT

      • DB_USERNAME

      • DB_NAME'

    • Backup old tables

      • create table eg_user_backup_plaintext as (select * from eg_user);

      • create table eg_user_address_backup_plaintext as (select * from eg_user_address);

    • Delete foreign key referenced on ‘eg_user’ from ‘eg_userrole_v1’ temporarily until the data is transformed

      • ALTER TABLE eg_userrole_v1 DROP CONSTRAINT fk_user_role_v1;

    • Deploy user service build with encryption to run flyway migration (egov-user:11-user_changes_MT-800f319)

    • Clean tables of all plain text data

      • delete from eg_user_address;

      • delete from eg_user;

    • run migration

      • Script python package dependencies

        • import psycopg2

        • import sys

        • import json

        • import requests

        • import configparser

        • import logging

        • import os

      • Commands to run for migration

        • python3 user_migration.py config_user_encryption.txt

        • python3 user_migration.py config_address_encryption.txt

    • Restore earlier deleted foreign key constraint

      • ALTER TABLE eg_userrole_v1 ADD CONSTRAINT fk_user_role_v1 FOREIGN KEY (user_id, user_tenantid) REFERENCES eg_user(id, tenantid) MATCH SIMPLE ON UPDATE NO ACTION ON DELETE NO ACTION;

  • Service Builds:-

    • User service:-  egov-user:11-user_changes_MT-800f319

      • Set environment variable “DECRYPTION_ABAC_ENABLED” to false

    • User service copy for chatbot:- egov-user-chatbot:4-user_changes_MT-621fe60

...

  • Report service:- report:22-report-encryption-changes-e92c8ae

  • Encryption

    enc-service:- egov-enc-service:4-master-f47bff2

...