docs: User retirement extensibility ADR #36030
Conversation
| Decisions | ||
| ========= | ||
|
|
||
| #. We will use Stevedore extensions to enable adding new retirement APIs and steps to an organization's workflow without modifying the core retirement pipeline code. This will allow organizations to extend user retirement by simply installing their custom code as a Stevedore extension and changing `their configuration`_ to take advantage of the new capabilities. There should be no need to fork the edx-platform / user_retirement codebase. |
There was a problem hiding this comment.
Could we use Django settings for this? There's no need to be independent of Django, is there?
There was a problem hiding this comment.
I'm not sure why we'd pull in a web framework / ORM for a standalone command line script. What would the benefit of using Django settings be here?
There was a problem hiding this comment.
I had actually assumed that Django was already an assumed dependency. If not, I agree that Stevedore is fine.
This ADR proposes a method of adding extensibility to the retirement pipeline, with a minimum amount of disruption to existing pipelines.
bmtcril
force-pushed
the
bmtcril/retirement_plugin_adr
branch
from
9056b5d to
605aea7
Compare
|
|
||
| Scoping driver configuration | ||
| ---------------------------- | ||
| Refactoring the retirement configuration to be more secure by scoping the configuration passed in to each driver was considered. This would provide better isolation of secrets between drivers and the default services, but would also make it more difficult to share configuration. For instance some drivers need to access LMS APIs, and doing so would require copying the LMS URL, client id, and client secret for each driver that needed them. |
There was a problem hiding this comment.
From the perspective of an operator, if I need to pass all my secrets to a pipeline driver that someone else in the community wrote, I would be more reticent to use it. One response to this is that any retirement code you're running you should understand. However, this seems like it goes against the principal of least privilege. If you still think this is the best idea, can you say some more about what kind of errors could happen and mention that we're choosing to go intentionally go against the principal of least privilege here.
Description
This ADR proposes a method of adding extensibility to the retirement pipeline, with a minimum amount of disruption to existing pipelines. It has developed from conversations with 2U and others interested in customizing the existing retirement capabilities.