Page Comparison

Promotion Steps:

• Promotion of encryption service

  • Choose values for following fields

    • master-password: choose any string of any length (can contain alphanumerics and special characters)

    • master-salt: choose any string of length 8 (can contain alphanumerics and special characters)

    • master-initialvector: choose any string of length 12 (can contain alphanumerics and special characters)

    • Ask Devops to generate keys for above selected values,

    • In environment secrets.yml file, add “egov-enc-service” subsection under “secrets” section and provide values for above three fields. For ex:- for Dev environment https://github.com/egovernments/eGov-infraOps/blob/master/helm/environments/dev-secrets.yaml#L29 (Ask Devops to do it)

  • add field “state-level-tenant-id“ under “egov-enc-service:” section for state level tenantId in environment yml. ex:- https://github.com/egovernments/eGov-infraOps/blob/master/helm/environments/qa.yaml#L525

  • Promote egov-enc-service:4-master-f47bff2

  • Make sure “egov-enc-service“ entry is present in “egov-service-host” in environment yml ,ex:- for dev https://github.com/egovernments/eGov-infraOps/blob/master/helm/environments/dev.yaml#L65 . If not, make changes and build and deploy zuul from master branch.

• Data migration steps (migration script and config in attachment):-

  • Provide DB details in following environment variables

    • DB_PASSWORD

    • DB_HOST

    • DB_PORT

    • DB_USERNAME

    • DB_NAME'

  • Backup old tables

    • create table eg_user_backup_plaintext as (select * from eg_user);

    • create table eg_user_address_backup_plaintext as (select * from eg_user_address);

  • Delete foreign key referenced on ‘eg_user’ from ‘eg_userrole_v1’ temporarily until the data is transformed

    • ALTER TABLE eg_userrole_v1 DROP CONSTRAINT fk_user_role_v1;

  • Deploy user service build with encryption to run flyway migration (egov-user:11-user_changes_MT-800f319)

  • Clean tables of all plain text data

    • delete from eg_user_address;

    • delete from eg_user;

  • run migration

    • Script python package dependencies

      • import psycopg2

      • import sys

      • import json

      • import requests

      • import configparser

      • import logging

      • import os

    • Commands to run for migration

      • python3 user_migration.py config_user_encryption.txt

      • python3 user_migration.py config_address_encryption.txt

  • Restore earlier deleted foreign key constraint

    • ALTER TABLE eg_userrole_v1 ADD CONSTRAINT fk_user_role_v1 FOREIGN KEY (user_id, user_tenantid) REFERENCES eg_user(id, tenantid) MATCH SIMPLE ON UPDATE NO ACTION ON DELETE NO ACTION;
      

• Service Builds:-

  • User service:-  egov-user:11-user_changes_MT-800f319

    • Set environment variable “DECRYPTION_ABAC_ENABLED” to false

  • User service copy for chatbot:- egov-user-chatbot:4-user_changes_MT-621fe60

Note: Promote only if whatsapp chatbot is already running in the system, it uses another copy of user service named “egov-user-chatbot“. Not needed if whatsapp- chatbot is not in the system.

• Report service:- report:22-report-encryption-changes-e92c8ae

• Encryption

  enc-service:- egov-enc-service:4-master-f47bff2

• MDMS:

  • Copy mdms folder https://github.com/egovernments/egov-mdms-data/tree/master/data/pb/DataSecurity

...