The old name is
`student.send_activation_email`.
The new name is
`common.djangoapps.student.tasks.send_activation_email`.
We currently register both the old and the new task names,
such that Celery workers recognize the task by both names.
This commit switches us from the old name to the new name.
Several tasks are explicitly named as (or like)
their old, deprecated import path.
The issue here is that django-user-tasks listens for task
invocations, and attempts to import the task based on its name.
If the task name is completely wrong, user-tasks will catch
the ImportError and move on.
If the task is a valid *deprecated* import, though, then
user-tasks will choke on the raised `DeprecatedEdxPlatformImportError`.
Thus, we must rename three tasks to their new full path:
1. entitlements.expire_old_enrollments
2. third_party_auth.fetch_saml_metadata
3. student.send_activation_email
The first two are run daily, and so are safe to be
renamed in place.
The third task must be renamed using an expand-contract
pattern; otherwise, we would drop hundreds of tasks
during the App vs. Worker out-of-sync version window
that happens at deployments.
This commit is the expand phase.
- Use different attribute names for new and old versions of function
- Use a shorter name overall (for ease of analysis)
- Add monitor for fetched-existing case
- Only record computed-stored if `get_or_create` succeeds, but also
break it into created vs. fetched cases by checking return value
- Correct name of monitor in `except` clause -- that should only happen
for a race inside `get_or_create` itself. There's a different race in
the `anonymous_uid_for_user` between fetch and compute/save.
- Other name tweaks
ARCHBOM-1674
- Make it easier to rotate `SECRET_KEY` by documenting this usage
for both sensitivity and rotation process. (ARCHBOM-1676).
- Just use a hash of the secret rather than HMAC + MD5. We're not
authenticating a message, so HMAC isn't really needed -- it just needs
to be unique, deterministic, and irreversible. SHAKE allows generation
of an arbitrary length hash without needing to truncate.
Also, rename tracking session ID generator for clarity -- there's no
encryption happening here.
Add additional test for existing claim of uniqueness.
* import task decorator from celery APP instance instead of celery package in CMS
* replaced task decorator with shared_task in cms and common
* Fixed import of shared_task
* Fixed import
These changes were initially made to make it easier to do SECRET_KEY rotations. Along the way, we found it made sense to refractor the code as well.
Changes made:
- changed get_to_create to create because now the code should only get to this block when a write is necessary
- added a lookup for anonymous_user_id. This is to return an existing anonymous_user_id rather than calculating. This will mitigate the results of SECRET_KEY rotation.
- Added monitoring to help us make better decisions: should we not sue SECRET_KEY, performance considerations...
- put old function behind toggle in case something goes wrong in production with new code
- refractoring function structure for better understanding
On a platform that is configured to upload video transcripts to S3
(`DEFAULT_FILE_STORAGE = "storages.backends.s3boto3.S3Boto3Storage"`),
uploads from the studio fail with a TypeError: "Unicode-objects must be
encoded before hashing"
A full stacktrace of the issue can be found here:
https://sentry.overhang.io/share/issue/2249b6f67d794c7e986cc288758f4ebe/
This error is triggered by md5 hashing in the botocore library, which
itself is used by the S3Boto3Storage storage class. This error does not
occur with filesystem-based uploads because it does not perform checksum
verification. The reason why this error would not occur on edx.org is
unknown. Similar issues were already fixed from edxval.
To address this issue, we encode the transcript file content prior to
sending it to s3.
