-
Notifications
You must be signed in to change notification settings - Fork 17
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
BC-5628 cyclic data deletion #4557
Conversation
…eletion-mechanism
… for sending a deletion request
…or many references at once
…urned errors to meet current project's convention
…se, but in the console app's command
ansible/roles/schulcloud-server-core/templates/data-deletion-trigger-cronjob.yml.j2
Outdated
Show resolved
Hide resolved
ansible/roles/schulcloud-server-core/templates/data-deletion-trigger-cronjob.yml.j2
Outdated
Show resolved
Hide resolved
ansible/roles/schulcloud-server-core/templates/data-deletion-trigger-cronjob.yml.j2
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why do not the deletion cronjob execute the deletion and why do it call the api?
Form me it's look like the code base has all what you need to delete the data at database and so on.
From my view the cyclic data deletion cron job should work without an server api call and execute the delition self, it's more secure.
Co-authored-by: mamutmk5 <[email protected]>
Co-authored-by: mamutmk5 <[email protected]>
@mamutmk5 It shouldn't be like that as it's an anti-pattern: this way the CronJob would get a "side access" to the main schulcloud-server's database. According to the best standards only the schulcloud-server should have access to its own database, no other apps/jobs should have a direct access and manipulate the main schulcloud-server database's data. That's why we've only put the trigger to delete the data in the CronJob, but the main operation execution remains in the schulcloud-server's deployment responsibility (which is exposed through the Admin API). |
Co-authored-by: Sergej Hoffmann <[email protected]>
Kudos, SonarCloud Quality Gate passed! |
Description
Links to Tickets or other pull requests
https://ticketsystem.dbildungscloud.de/browse/BC-5628
Changes
Datasecurity
Deployment
New Repos, NPM pakages or vendor scripts
Approval for review
generate-client:server
was executed in vue frontend and changes were tested and put in a PR with the same branch name.