diff --git a/app/jobs/multi_region_kms_migration/profile_migration_job.rb b/app/jobs/multi_region_kms_migration/profile_migration_job.rb deleted file mode 100644 index c334aced307..00000000000 --- a/app/jobs/multi_region_kms_migration/profile_migration_job.rb +++ /dev/null @@ -1,62 +0,0 @@ -module MultiRegionKmsMigration - class ProfileMigrationJob < ApplicationJob - queue_as :long_running - - MAXIMUM_ERROR_TOLERANCE = 10 - - include ::NewRelic::Agent::MethodTracer - - def perform(statement_timeout: 120, profile_count: 1000) - return unless IdentityConfig.store.multi_region_kms_migration_jobs_enabled - - error_count = 0 - success_count = 0 - - profiles = find_profiles_to_migrate(statement_timeout:, profile_count:) - profiles.each do |profile| - return if error_count >= MAXIMUM_ERROR_TOLERANCE # rubocop:disable Lint/NonLocalExitFromIterator - - Encryption::MultiRegionKmsMigration::ProfileMigrator.new(profile).migrate! - success_count += 1 - analytics.multi_region_kms_migration_profile_migrated( - success: true, - profile_id: profile.id, - exception: nil, - ) - rescue => err - error_count += 1 - analytics.multi_region_kms_migration_profile_migrated( - success: false, - profile_id: profile.id, - exception: err.inspect, - ) - end - analytics.multi_region_kms_migration_profile_migration_summary( - profile_count: profiles.size, - success_count: success_count, - error_count: error_count, - ) - end - - def find_profiles_to_migrate(statement_timeout:, profile_count:) - Profile.transaction do - quoted_timeout = Profile.connection.quote(statement_timeout * 1000) - Profile.connection.execute("SET LOCAL statement_timeout = #{quoted_timeout}") - - Profile.where( - encrypted_pii_multi_region: nil, - encrypted_pii_recovery_multi_region: nil, - ).where( - 'encrypted_pii IS NOT NULL', - 'encrypted_pii_recovery IS NOT NULL', - ).limit(profile_count).to_a - end - end - - def analytics - @analytics ||= Analytics.new(user: AnonymousUser.new, request: nil, session: {}, sp: nil) - end - - add_method_tracer :find_profiles_to_migrate, "Custom/#{name}/find_profiles_to_migrate" - end -end diff --git a/app/services/analytics_events.rb b/app/services/analytics_events.rb index f4357a1a2b5..07fefd8f68f 100644 --- a/app/services/analytics_events.rb +++ b/app/services/analytics_events.rb @@ -2907,44 +2907,6 @@ def multi_factor_auth_setup( ) end - # @param [Boolean] success - # @param [String] exception - # @param [Integer] profile_id - # A profile was migrated from a single-region key to a multi-region key - def multi_region_kms_migration_profile_migrated( - success:, - exception:, - profile_id:, - **extra - ) - track_event( - 'Multi-region KMS migration: Profile migrated', - success: success, - exception: exception, - profile_id: profile_id, - **extra, - ) - end - - # @param [Integer] profile_count - # @param [Integer] success_count - # @param [Integer] error_count - # The profile migration job finished running - def multi_region_kms_migration_profile_migration_summary( - profile_count:, - success_count:, - error_count:, - **extra - ) - track_event( - 'Multi-region KMS migration: Profile migration summary', - profile_count: profile_count, - success_count: success_count, - error_count: error_count, - **extra, - ) - end - # @param [Boolean] success # @param [String] exception # @param [Integer] user_id diff --git a/config/initializers/job_configurations.rb b/config/initializers/job_configurations.rb index bdb591d68be..5c76dd70d6f 100644 --- a/config/initializers/job_configurations.rb +++ b/config/initializers/job_configurations.rb @@ -194,15 +194,6 @@ cron: cron_24h, args: -> { [Time.zone.today] }, }, - # Job to backfill encrypted_pii_recovery_multi_region on profiles - multi_region_kms_migration_profile_migration: { - class: 'MultiRegionKmsMigration::ProfileMigrationJob', - cron: cron_12m, - kwargs: { - profile_count: IdentityConfig.store.multi_region_kms_migration_jobs_profile_count, - statement_timeout: IdentityConfig.store.multi_region_kms_migration_jobs_profile_timeout, - }, - }, # Job to backfill encrypted_pii_recovery_multi_region on users multi_region_kms_migration_user_migration: { class: 'MultiRegionKmsMigration::UserMigrationJob', diff --git a/spec/jobs/multi_region_kms_migration/profile_migration_job_spec.rb b/spec/jobs/multi_region_kms_migration/profile_migration_job_spec.rb deleted file mode 100644 index aa7880b5c0b..00000000000 --- a/spec/jobs/multi_region_kms_migration/profile_migration_job_spec.rb +++ /dev/null @@ -1,107 +0,0 @@ -require 'rails_helper' - -RSpec.describe MultiRegionKmsMigration::ProfileMigrationJob do - let!(:profiles) { create_list(:profile, 4, :with_pii) } - let!(:single_region_ciphertext_profiles) do - single_region_profiles = profiles[2..3] - single_region_profiles.each do |profile| - profile.update!( - encrypted_pii_multi_region: nil, - encrypted_pii_recovery_multi_region: nil, - ) - end - single_region_profiles - end - let!(:multi_region_ciphertext_profiles) { profiles[0..1] } - - describe '#perform' do - it 'does not modify records that do have multi-region ciphertexts' do - profile = multi_region_ciphertext_profiles.first - - original_encrypted_pii_multi_region = profile.encrypted_pii_multi_region - original_encrypted_pii_recovery_multi_region = profile.encrypted_pii_recovery_multi_region - - described_class.perform_now - - expect(profile.reload.encrypted_pii_multi_region).to eq( - original_encrypted_pii_multi_region, - ) - expect(profile.encrypted_pii_recovery_multi_region).to eq( - original_encrypted_pii_recovery_multi_region, - ) - end - - it 'migrates records that do not have multi-region ciphertexts' do - described_class.perform_now - - aggregate_failures do - single_region_ciphertext_profiles.each do |profile| - expect(profile.reload.encrypted_pii_multi_region).to_not be_blank - expect(profile.encrypted_pii_recovery_multi_region).to_not be_blank - end - end - end - - context 'when errors occur' do - let(:profile_migrator) { double(Encryption::MultiRegionKmsMigration::ProfileMigrator) } - - before do - allow(profile_migrator).to receive(:migrate!).and_raise(RuntimeError, 'test error') - allow( - Encryption::MultiRegionKmsMigration::ProfileMigrator, - ).to receive(:new).and_return(profile_migrator) - end - - it 'logs the error' do - analytics = subject.analytics - - expect(analytics).to receive(:track_event).twice.with( - 'Multi-region KMS migration: Profile migrated', - success: false, - profile_id: instance_of(Integer), - exception: instance_of(String), - ) - expect(analytics).to receive(:track_event).with( - 'Multi-region KMS migration: Profile migration summary', - profile_count: 2, - success_count: 0, - error_count: 2, - ) - - subject.perform_now - end - - it 'aborts after it encounters too many errors' do - # rubocop:disable Rails/SkipsModelValidations - create_list(:profile, 11, :with_pii) - Profile.update_all( - encrypted_pii_multi_region: nil, - encrypted_pii_recovery_multi_region: nil, - ) - # rubocop:enable Rails/SkipsModelValidations - - subject.perform_now - - expect(profile_migrator).to have_received(:migrate!).exactly(10).times - end - end - end - - describe '#find_profiles_to_migrate' do - it 'returns the profiles that need to be migrated' do - results = subject.find_profiles_to_migrate(statement_timeout: 120, profile_count: 2) - - expect(results).to match_array(single_region_ciphertext_profiles) - end - - context 'when a profile does not include PII' do - let(:profiles) { create_list(:profile, 4) } - - it 'does not return the profile' do - results = subject.find_profiles_to_migrate(statement_timeout: 120, profile_count: 2) - - expect(results).to be_empty - end - end - end -end