Initiate rolling migration, phase 2 #7598
Assignees
Milestone
Comments
This was referenced Apr 23, 2024
This was referenced Aug 15, 2024
|
Remaining work:
|
|
Update from eng sync: continue to update roles + groups in Okta even when the feature flag is enabled |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Background
We would like to migrate user roles, org membership, and facility membership to be stored within the SimpleReport app, as opposed to managing it in Okta. This will increase stability of the app and improve code readability and extensibility, among other benefits. The goal of this ticket is to continue moving authorization data we access in Okta to our tables and also compare the data we've collected with our source of truth (Okta) to check for discrepancies.
Change requested
Change the code that accesses user role and facility/org membership from Okta to instead get this data from our tables if the feature flag is on.
If the feature flag is off, we continue to retrieve from Okta but we also update our data. Create entries in the ApiUserFacility and ApiUserRole tables or update existing entries.
When retrieving the data from Okta, compare to what we have in our tables and alert if they are not in sync.
Acceptance criteria
Dependencies
Open questions
Do we want an alert if the data was absent or just if it was already in our table and doesn't match?
Question from earlier discussion: Do we want to do the comparison and alert when the flag is on?
Question from earlier discussion: For testing, any prod-specific corner cases we want to talk about that require special testing outside of testing in lowers?
Notes
Test auth in lowers with non-superadmin (since superadmin still managed within Okta)
Additional context
Main design doc
Design doc - backend
Design doc - data migration plan
Okta migration tickets plan
Okta tech talk
Okta tech talk part 2
The text was updated successfully, but these errors were encountered: