Statsig access and erasure

CHANGELOG.md

@@ -19,6 +19,7 @@ The types of changes are:
 
 ### Added
 - Tooltip and styling for disabled rows in add multiple vendor view [#4498](https://github.com/ethyca/fides/pull/4498)
+- Access and erasure support for Statsig Enterprise [#4429](https://github.com/ethyca/fides/pull/4429)
 
 ### Fixed
 - Fixed incorrect Compass button behavior in system form [#4508](https://github.com/ethyca/fides/pull/4508)

data/saas/config/slack_enterprise_config.yml

@@ -3,7 +3,7 @@ saas_config:
   name: Slack Enterprise
   type: slack_enterprise
   description: A sample schema representing the Slack Enterprise connector for Fides
-  user_guide: https://docs.ethyca.com/user-guides/integrations/saas-integrations/square
+  user_guide: https://docs.ethyca.com/user-guides/integrations/saas-integrations/slack-enterprise
   version: 0.0.2
 
   connector_params:

data/saas/config/statsig_enterprise_config.yml

@@ -0,0 +1,69 @@
+saas_config:
+  fides_key: <instance_fides_key>
+  name: Statsig Enterprise
+  type: statsig_enterprise
+  description: A sample schema representing the Statsig connector for Fides
+  user_guide: https://docs.ethyca.com/user-guides/integrations/saas-integrations/statsig-enterprise
+  version: 0.1.0
+
+  connector_params:
+    - name: domain
+      label: Domain
+      default_value: api.statsig.com
+      description: Your Statsig URL
+    - name: server_secret_key
+      label: Server secret key
+      description: The server secret key available at console.statsig.com/api_keys
+      sensitive: True
+
+  external_references:
+    - name: statsig_user_id
+      label: Statsig user ID field
+      description: Dataset reference to the location of Statsig user IDs
+
+  client_config:
+    protocol: https
+    host: <domain>
+    authentication:
+      strategy: api_key
+      configuration:
+        headers:
+          - name: STATSIG-API-KEY
+            value: <server_secret_key>
+
+  test_request:
+    method: POST
+    path: /v1/log_event
+    body: |
+      {
+        "events": [
+          {
+            "eventName": "fides_test_connection"
+          }
+        ]
+      }
+
+  endpoints:
+    - name: user
+      requests:
+        read:
+          request_override: statsig_enterprise_user_read
+          param_values:
+            - name: user_id
+              references:
+                - statsig_user_id
+        delete:
+          method: POST
+          path: /v1/delete_user_data
+          body: |
+            {
+              "unit_type": "user_id",
+              "ids": "<user_id>",
+              "request_id": "<privacy_request_id>"
+            }
+          param_values:
+            - name: user_id
+              references:
+                - dataset: <instance_fides_key>
+                  field: user.id
+                  direction: from

data/saas/dataset/statsig_enterprise_dataset.yml

@@ -0,0 +1,12 @@
+dataset:
+  - fides_key: <instance_fides_key>
+    name: Statsig Enterprise Dataset
+    description: A sample dataset representing the Statsig Enterprise connector for Fides
+    collections:
+      - name: user
+        fields:
+          - name: id
+            data_categories: [system.operations]
+            fidesops_meta:
+              primary_key: True
+              data_type: string

src/fides/api/service/saas_request/override_implementations/statsig_enterprise_request_overrides.py

@@ -0,0 +1,33 @@
+from typing import Any, Dict, List
+
+from fides.api.graph.traversal import TraversalNode
+from fides.api.models.policy import Policy
+from fides.api.models.privacy_request import PrivacyRequest
+from fides.api.service.connectors.saas.authenticated_client import AuthenticatedClient
+from fides.api.service.saas_request.saas_request_override_factory import (
+    SaaSRequestType,
+    register,
+)
+from fides.api.util.collection_util import Row
+
+
+@register("statsig_enterprise_user_read", [SaaSRequestType.READ])
+def statsig_enterprise_user_read(
+    client: AuthenticatedClient,
+    node: TraversalNode,
+    policy: Policy,
+    privacy_request: PrivacyRequest,
+    input_data: Dict[str, List[Any]],
+    secrets: Dict[str, Any],
+) -> List[Row]:
+    """
+    Convert the statsig_user_ids from the input_data into rows. We do this because erasure
+    requests only receive input data that the access request received, or data returned from
+    the access request. Erasure requests can't specify data in other datasets as dependencies.
+    """
+
+    statsig_user_ids = input_data.get("user_id", [])
+    results = []
+    for statsig_user_id in statsig_user_ids:
+        results.append({"id": statsig_user_id})
+    return results

tests/fixtures/saas/statsig_enterprise_fixtures.py

@@ -0,0 +1,50 @@
+from typing import Any, Dict
+
+import pydash
+import pytest
+
+from tests.ops.integration_tests.saas.connector_runner import (
+    ConnectorRunner,
+    generate_random_email,
+)
+from tests.ops.test_helpers.vault_client import get_secrets
+
+secrets = get_secrets("statsig_enterprise")
+
+
+@pytest.fixture(scope="session")
+def statsig_enterprise_secrets(saas_config) -> Dict[str, Any]:
+    return {
+        "domain": pydash.get(saas_config, "statsig_enterprise.domain")
+        or secrets["domain"],
+        "server_secret_key": pydash.get(
+            saas_config, "statsig_enterprise.server_secret_key"
+        )
+        or secrets["server_secret_key"],
+    }
+
+
+@pytest.fixture
+def statsig_enterprise_erasure_identity_email() -> str:
+    return generate_random_email()
+
+
+@pytest.fixture
+def statsig_enterprise_erasure_external_references() -> Dict[str, Any]:
+    return {"statsig_user_id": "123"}
+
+
+@pytest.fixture
+def statsig_enterprise_runner(
+    db,
+    cache,
+    statsig_enterprise_secrets,
+    statsig_enterprise_erasure_external_references,
+) -> ConnectorRunner:
+    return ConnectorRunner(
+        db,
+        cache,
+        "statsig_enterprise",
+        statsig_enterprise_secrets,
+        erasure_external_references=statsig_enterprise_erasure_external_references,
+    )

tests/ops/integration_tests/saas/test_statsig_enterprise_task.py

@@ -0,0 +1,28 @@
+import pytest
+
+from fides.api.models.policy import Policy
+from tests.ops.integration_tests.saas.connector_runner import ConnectorRunner
+
+
+@pytest.mark.integration_saas
+class TestStatsigEnterpriseConnector:
+    def test_connection(self, statsig_enterprise_runner: ConnectorRunner):
+        statsig_enterprise_runner.test_connection()
+
+    @pytest.mark.skip("Enterprise account only")
+    async def test_non_strict_erasure_request(
+        self,
+        statsig_enterprise_runner: ConnectorRunner,
+        policy: Policy,
+        erasure_policy_string_rewrite: Policy,
+        statsig_enterprise_erasure_identity_email: str,
+    ):
+        (
+            _,
+            erasure_results,
+        ) = await statsig_enterprise_runner.non_strict_erasure_request(
+            access_policy=policy,
+            erasure_policy=erasure_policy_string_rewrite,
+            identities={"email": statsig_enterprise_erasure_identity_email},
+        )
+        assert erasure_results == {"statsig_enterprise_instance:user": 1}