phavekes
commented
2 days ago Preferably we would utilize a Doctrine migration for this. Some changes that are required:
- Update the Events and SensitiveData concepts in the places where the sensitive data is used. For example: move the NameId in the IdentityCreated event to the SensitiveData. Are new versions of the events required?
- Run the data migration. This should update the payload data of the events and move the data to the matching sensitive data entry. Verify: are there events that currently not have sensitive data but would have after this change? In that case. Sensitive data entry might need to be created for that identity.
- This migration is hard to test programatically, but as a test, at least an event replay should be performed. To test if everything works afterwards. And all data is stored correctly in the new situation.
An example of an event rewrite added last year: https://github.com/OpenConext/Stepup-Middleware/blob/07cf406e8f872c3b57dc43ac2c02ae359129b003/src/Surfnet/Migrations/Version20210610131957.php
https://github.com/OpenConext/Stepup-Middleware/pull/329 (Michiel Kodde - Apr 13, 2022)
This issue is imported from pivotal - Originaly created at Apr 13, 2022 by Pieter van der Meulen
The colabpersonID should be removed when a user is deprovisioned. Therefore this element should be moved to the sensitive data stream. This requires a rewrite of the evenstream in de database