fix: redacting user retirement data in lms

Author: ktyagiapphelix2u

openedx/core/djangoapps/user_api/accounts/views.py

@@ -1025,15 +1025,19 @@ def cleanup(self, request):
         ```
         {
             'usernames': ['user1', 'user2', ...],
-            'redacted_value': 'Value to store in PII'
+            'redacted_username': 'Value to store in username field',
+            'redacted_email': 'Value to store in email field',
+            'redacted_name': 'Value to store in name field'
         }
         ```
 
-        Redacts a batch of retirement requests by redacting PII fields and username.
+        Redacts a batch of retirement requests by redacting PII fields.
         """
         try:
             usernames = request.data["usernames"]
-            redacted_value = request.data.get("redacted_value", "redacted")
+            redacted_username = request.data.get("redacted_username", "redacted")
+            redacted_email = request.data.get("redacted_email", "redacted")
+            redacted_name = request.data.get("redacted_name", "redacted")
 
             if not isinstance(usernames, list):
                 raise TypeError("Usernames should be an array.")
@@ -1050,9 +1054,9 @@ def cleanup(self, request):
             # Redact PII fields instead of deleting records to prevent ETL tools
             # from creating soft deletes with visible PII in downstream data warehouses
             for retirement in retirements:
-                retirement.original_username = redacted_value
-                retirement.original_email = redacted_value
-                retirement.original_name = redacted_value
+                retirement.original_username = redacted_username
+                retirement.original_email = redacted_email
+                retirement.original_name = redacted_name
                 retirement.save()
 
             return Response(status=status.HTTP_204_NO_CONTENT)

scripts/user_retirement/retirement_archive_and_cleanup.py

@@ -196,16 +196,16 @@ def _archive_retirements_or_exit(config, learners, dry_run=False):
         FAIL_EXCEPTION(ERR_ARCHIVING, 'Unexpected error occurred archiving retirements!', exc)
 
 
-def _cleanup_retirements_or_exit(config, learners):
+def _cleanup_retirements_or_exit(config, learners, redacted_username='redacted', redacted_email='redacted', redacted_name='redacted'):
     """
-    Bulk deletes the retirements for this run
+    Bulk redacts the retirements for this run
     """
     LOG('Cleaning up retirements for {} learners'.format(len(learners)))
     try:
         usernames = [l['original_username'] for l in learners]
-        config['LMS'].bulk_cleanup_retirements(usernames)
+        config['LMS'].bulk_cleanup_retirements(usernames, redacted_username, redacted_email, redacted_name)
     except Exception as exc:  # pylint: disable=broad-except
-        FAIL_EXCEPTION(ERR_DELETING, 'Unexpected error occurred deleting retirements!', exc)
+        FAIL_EXCEPTION(ERR_DELETING, 'Unexpected error occurred redacting retirements!', exc)
 
 
 def _get_utc_now():
@@ -222,7 +222,7 @@ def _get_utc_now():
 )
 @click.option(
     '--cool_off_days',
-    help='Number of days a retirement should exist before being archived and deleted.',
+    help='Number of days a retirement should exist before being archived and redacted.',
     type=int,
     default=37  # 7 days before retirement, 30 after
 )
@@ -259,7 +259,25 @@ def _get_utc_now():
     help='Number of user retirements to process',
     type=int
 )
-def archive_and_cleanup(config_file, cool_off_days, dry_run, start_date, end_date, batch_size):
+@click.option(
+    '--redacted_username',
+    help='Value to redact username field with',
+    type=str,
+    default='redacted'
+)
+@click.option(
+    '--redacted_email',
+    help='Value to redact email field with',
+    type=str,
+    default='redacted'
+)
+@click.option(
+    '--redacted_name',
+    help='Value to redact name field with',
+    type=str,
+    default='redacted'
+)
+def archive_and_cleanup(config_file, cool_off_days, dry_run, start_date, end_date, batch_size, redacted_username, redacted_email, redacted_name):
     """
     Cleans up UserRetirementStatus rows in LMS by:
     1- Getting all rows currently in COMPLETE that were created --cool_off_days ago or more,
@@ -314,7 +332,7 @@ def archive_and_cleanup(config_file, cool_off_days, dry_run, start_date, end_dat
                 if dry_run:
                     LOG('This is a dry-run. Exiting before any retirements are cleaned up')
                 else:
-                    _cleanup_retirements_or_exit(config, batch)
+                    _cleanup_retirements_or_exit(config, batch, redacted_username, redacted_email, redacted_name)
                     LOG('Archive and cleanup complete for batch #{}'.format(str(index + 1)))
                     time.sleep(DELAY)
         else:

scripts/user_retirement/utils/edx_api.py

@@ -352,11 +352,18 @@ def retirement_retire_proctoring_backend_data(self, learner):
         return self._request("POST", api_url)
 
     @_retry_lms_api()
-    def bulk_cleanup_retirements(self, usernames):
+    def bulk_cleanup_retirements(self, usernames, redacted_username=None, redacted_email=None, redacted_name=None):
         """
-        Deletes the retirements for all given usernames
+        Redacts the retirements for all given usernames.
+        Optionally pass caller-defined redacted values for each PII field.
         """
         data = {"usernames": usernames}
+        if redacted_username is not None:
+            data['redacted_username'] = redacted_username
+        if redacted_email is not None:
+            data['redacted_email'] = redacted_email
+        if redacted_name is not None:
+            data['redacted_name'] = redacted_name
         api_url = self.get_api_url("api/user/v1/accounts/retirement_cleanup")
         return self._request("POST", api_url, json=data)