-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathbuild_data_assets.py
243 lines (207 loc) · 9.4 KB
/
build_data_assets.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
from jinja2 import Template
def build_teacher_pii_data_asset() -> tuple:
data_asset_dict = {
"name": "teacher-pii",
"description": "Teachers personal information.",
"usage": "business",
"tags_list": ["teacher-pii", "database", "azure", "sensitive", "pii"],
"origin": "customer",
"owner": "DfE",
"quantity": "many",
"confidentiality": "confidential",
"integrity": "critical",
"availability": "operational",
"justification": "Teacher data might contain personally identifiable information (PII). The integrity and availability of teacher data is required for functioning of the service.",
}
with open("yaml-templates/data_assets_template.yaml") as template_file:
template_str = template_file.read()
data_asset_template = Template(template_str, autoescape=True)
data_asset_yaml = data_asset_template.render(data_asset_dict)
teacher_pii_tags = data_asset_dict["tags_list"]
return data_asset_yaml, teacher_pii_tags
def build_student_pii_data_asset() -> tuple:
data_asset_dict = {
"name": "student-pii",
"description": "Students personal information.",
"usage": "business",
"tags_list": ["student-pii", "database", "azure", "sensitive", "pii"],
"origin": "customer",
"owner": "DfE",
"quantity": "many",
"confidentiality": "confidential",
"integrity": "critical",
"availability": "operational",
"justification": "Student data might contain personally identifiable information (PII). The integrity and availability of student data is required for functioning of the service.",
}
with open("yaml-templates/data_assets_template.yaml") as template_file:
template_str = template_file.read()
data_asset_template = Template(template_str, autoescape=True)
data_asset_yaml = data_asset_template.render(data_asset_dict)
student_pii_tags = data_asset_dict["tags_list"]
return data_asset_yaml, student_pii_tags
def build_client_app_data_asset() -> tuple:
data_asset_dict = {
"name": "client-application-code",
"description": "Client application code such as JavaScript and HTML.",
"usage": "devops",
"tags_list": [
"client-application-code",
"github",
"git",
"code",
"html",
"javascript",
],
"origin": "DfE",
"owner": "DfE",
"quantity": "very-few",
"confidentiality": "public",
"integrity": "critical",
"availability": "important",
"justification": "The integrity of the application code is critical to avoid reputational damage and the availability is important on the long-term scale (but not critical) to ensure users are able to access the service.",
}
with open("yaml-templates/data_assets_template.yaml") as template_file:
template_str = template_file.read()
data_asset_template = Template(template_str, autoescape=True)
data_asset_yaml = data_asset_template.render(data_asset_dict)
client_app_tags = data_asset_dict["tags_list"]
return data_asset_yaml, client_app_tags
def build_server_app_data_asset() -> tuple:
data_asset_dict = {
"name": "server-application-code",
"description": "Server application code such as JavaScript and HTML.",
"usage": "devops",
"tags_list": ["server-application-code", "github", "git", "code", "ruby"],
"origin": "DfE",
"owner": "DfE",
"quantity": "very-few",
"confidentiality": "public",
"integrity": "mission-critical",
"availability": "important",
"justification": "The integrity of the API code is critical to avoid reputational damage and the availability is important on the long-term scale (but not critical) to ensure users are able to access the service.",
}
with open("yaml-templates/data_assets_template.yaml") as template_file:
template_str = template_file.read()
data_asset_template = Template(template_str, autoescape=True)
data_asset_yaml = data_asset_template.render(data_asset_dict)
server_app_tags = data_asset_dict["tags_list"]
return data_asset_yaml, server_app_tags
def build_vulnerable_children_data_asset() -> tuple:
data_asset_dict = {
"name": "vulnerable-children-data",
"description": "Names, addresses and sensitive details of vulnerable children.",
"usage": "business",
"tags_list": [
"vulnerable-children-data",
"database",
"azure",
"sensitive",
"pii",
],
"origin": "Customer",
"owner": "DfE",
"quantity": "many",
"confidentiality": "strictly-confidential",
"integrity": "mission-critical",
"availability": "critical",
"justification": "The data of vulnerable children is strictly confidential, and would cause serious harm if made public.",
}
with open("yaml-templates/data_assets_template.yaml") as template_file:
template_str = template_file.read()
data_asset_template = Template(template_str, autoescape=True)
data_asset_yaml = data_asset_template.render(data_asset_dict)
vulnerable_children_data_tags = data_asset_dict["tags_list"]
return data_asset_yaml, vulnerable_children_data_tags
def build_job_information_data_asset() -> tuple:
data_asset_dict = {
"name": "job-information",
"description": "Names, addresses and sensitive details of vulnerable children.",
"usage": "business",
"tags_list": ["job-information", "database", "azure", "public"],
"origin": "DfE",
"owner": "DfE",
"quantity": "many",
"confidentiality": "public",
"integrity": "important",
"availability": "operational",
"justification": "Job information is important but is public information in it's nature.",
}
with open("yaml-templates/data_assets_template.yaml") as template_file:
template_str = template_file.read()
data_asset_template = Template(template_str, autoescape=True)
data_asset_yaml = data_asset_template.render(data_asset_dict)
job_info_tags = data_asset_dict["tags_list"]
return data_asset_yaml, job_info_tags
def build_school_data_asset() -> tuple:
data_asset_dict = {
"name": "school-data",
"description": "School data, insights, statistics, and records.",
"usage": "business",
"tags_list": ["school-data", "database", "azure", "internal"],
"origin": "Schools",
"owner": "DfE",
"quantity": "very-many",
"confidentiality": "internal",
"integrity": "critical",
"availability": "operational",
"justification": "School data is collected to provide useful insights in how schools are doing from a social, financial and academic point of view, but most of this information is either already public or can be made available on request.",
}
with open("yaml-templates/data_assets_template.yaml") as template_file:
template_str = template_file.read()
data_asset_template = Template(template_str, autoescape=True)
data_asset_yaml = data_asset_template.render(data_asset_dict)
school_data_tags = data_asset_dict["tags_list"]
return data_asset_yaml, school_data_tags
def build_payment_details_asset() -> tuple:
data_asset_dict = {
"name": "payment-details",
"description": "Payment details to receive or send money to/from users.",
"usage": "business",
"tags_list": [
"payment-details",
"database",
"azure",
"sensitive",
"pci",
"bank-account-details",
],
"origin": "Customer",
"owner": "DfE",
"quantity": "many",
"confidentiality": "strictly-confidential",
"integrity": "critical",
"availability": "important",
"justification": "Payment details could be PCI or bank account details, either to take payments or to send money to/from the customer.",
}
with open("yaml-templates/data_assets_template.yaml") as template_file:
template_str = template_file.read()
data_asset_template = Template(template_str, autoescape=True)
data_asset_yaml = data_asset_template.render(data_asset_dict)
teacher_pii_tags = data_asset_dict["tags_list"]
return data_asset_yaml, teacher_pii_tags
def build_secrets_asset() -> tuple:
data_asset_dict = {
"name": "secrets-and-api-keys",
"description": "Payment details to receive or send money to/from users.",
"usage": "business",
"tags_list": [
"secrets-and-api-keys",
"keyvault",
"azure",
"sensitive",
"azure-key-vault",
],
"origin": "DfE",
"owner": "DfE",
"quantity": "many",
"confidentiality": "strictly-confidential",
"integrity": "critical",
"availability": "operational",
"justification": "Secrets and API keys are critical and would result in serious breach and reputational damage if found.",
}
with open("yaml-templates/data_assets_template.yaml") as template_file:
template_str = template_file.read()
data_asset_template = Template(template_str, autoescape=True)
data_asset_yaml = data_asset_template.render(data_asset_dict)
teacher_pii_tags = data_asset_dict["tags_list"]
return data_asset_yaml, teacher_pii_tags