Improved Dry Run Option on `generate`

[nrdevau]

I think this would be seen as a feature request?

It would be great to be able to get a sense of the amount that would change, specific to my codebase before actually changing it, that way we can plan downtime windows as accurately as possible.

This is more of a nice to have, but it would be nice to have ;)

[convenient]

Hello @nrdevau

All functions except generate are dry run mode by default and require --force.

The generate one is bit more fun, because we fall back to the magento core to handle the crypt key generation and application. It is tightly coupled to the process of redoing core_config data and sales_order_payment data.

Figuring something out to make generate actually give you an indication of what its going to do, before it does it would be nice.

Thoughts

• Can we override changeEncryptionKey and go down a completley different journey in dry run mode, not do any key handling but only the db queries?
• Maybe we need to override _reEncryptSystemConfigurationValues more fully, so that we can do the querying of data without the manipulation? same for _reEncryptCreditCardNumbers

[nrdevau]

Ok, so it's dry run by default, nice! I just get used to the --dry-run flag, but I too prefer the --force mentality :+1:

[convenient]

Yeah it flips it around in this way, to ensure no side effects by default.

None of the documentation includes --force to ensure no copy/paste mess ups

[nrdevau]

For the dry run, maybe it's going to be better as some gene:analyse command. That could be pretty nice.

For now I am using the following to understand what I'm working with

echo "core config values that will change"
php bin/magento gene:encryption-key-manager:reencrypt-unhandled-core-config-data | grep path
echo "TFA Values to change $(php bin/magento gene:encryption-key-manager:reencrypt-tfa-data | grep config_id | wc -l)"
echo "db tables to look at"
zgrep -P "VALUES\s*\(.*\d:\d:...*'" /not/public_html/please/database.sql | awk '{print $3}' | uniq