From 28c3eb018fabecf039f5134569ea3c0857fd1577 Mon Sep 17 00:00:00 2001 From: Brian Sardo <1168933+bsardo@users.noreply.github.com> Date: Tue, 5 Jan 2021 10:21:33 -0500 Subject: [PATCH] Remove legacy GDPR AMP config flag used to prevent buyer ID scrub on AMP requests (#1565) --- config/config.go | 2 +- endpoints/auction_test.go | 4 --- endpoints/cookie_sync_test.go | 4 --- endpoints/setuid_test.go | 4 --- exchange/utils.go | 3 +- exchange/utils_test.go | 4 --- gdpr/gdpr.go | 3 -- gdpr/impl.go | 12 ------- privacy/enforcement.go | 12 +++---- privacy/enforcement_test.go | 64 +++-------------------------------- 10 files changed, 12 insertions(+), 100 deletions(-) diff --git a/config/config.go b/config/config.go index db9adf4f279..ef1e05245a1 100755 --- a/config/config.go +++ b/config/config.go @@ -214,7 +214,7 @@ func (cfg *GDPR) validate(errs []error) []error { glog.Warning("gdpr.host_vendor_id was not specified. Host company GDPR checks will be skipped.") } if cfg.AMPException == true { - glog.Warning("gdpr.amp_exception is deprecated and will be removed in a future version. If you need to disable GDPR for AMP, you may do so per-account (gdpr.integration_enabled.amp) or at the host level for the default account (account_defaults.gdpr.integration_enabled.amp).") + errs = append(errs, fmt.Errorf("gdpr.amp_exception has been discontinued and must be removed from your config. If you need to disable GDPR for AMP, you may do so per-account (gdpr.integration_enabled.amp) or at the host level for the default account (account_defaults.gdpr.integration_enabled.amp)")) } return errs } diff --git a/endpoints/auction_test.go b/endpoints/auction_test.go index f7f915cbaa5..b5f0989ed28 100644 --- a/endpoints/auction_test.go +++ b/endpoints/auction_test.go @@ -424,10 +424,6 @@ func (m *auctionMockPermissions) PersonalInfoAllowed(ctx context.Context, bidder return m.allowPI, m.allowGeo, m.allowID, nil } -func (m *auctionMockPermissions) AMPException() bool { - return false -} - func TestBidSizeValidate(t *testing.T) { bids := make(pbs.PBSBidSlice, 0) // bid1 will be rejected due to undefined size when adunit has multiple sizes diff --git a/endpoints/cookie_sync_test.go b/endpoints/cookie_sync_test.go index 77be25907c6..ee29125b908 100644 --- a/endpoints/cookie_sync_test.go +++ b/endpoints/cookie_sync_test.go @@ -257,7 +257,3 @@ func (g *gdprPerms) BidderSyncAllowed(ctx context.Context, bidder openrtb_ext.Bi func (g *gdprPerms) PersonalInfoAllowed(ctx context.Context, bidder openrtb_ext.BidderName, PublisherID string, consent string) (bool, bool, bool, error) { return true, true, true, nil } - -func (g *gdprPerms) AMPException() bool { - return false -} diff --git a/endpoints/setuid_test.go b/endpoints/setuid_test.go index ae0636770da..1f2c4040d59 100644 --- a/endpoints/setuid_test.go +++ b/endpoints/setuid_test.go @@ -441,10 +441,6 @@ func (g *mockPermsSetUID) PersonalInfoAllowed(ctx context.Context, bidder openrt return g.allowPI, g.allowPI, g.allowPI, nil } -func (g *mockPermsSetUID) AMPException() bool { - return false -} - func newFakeSyncer(familyName string) usersync.Usersyncer { return fakeSyncer{ familyName: familyName, diff --git a/exchange/utils.go b/exchange/utils.go index d70829ff90c..a803e4e242b 100644 --- a/exchange/utils.go +++ b/exchange/utils.go @@ -77,7 +77,6 @@ func cleanOpenRTBRequests(ctx context.Context, gdpr := extractGDPR(req.BidRequest, usersyncIfAmbiguous) consent := extractConsent(req.BidRequest) - ampGDPRException := (req.LegacyLabels.RType == metrics.ReqTypeAMP) && gDPR.AMPException() ccpaEnforcer, err := extractCCPA(req.BidRequest, privacyConfig, &req.Account, aliases, integrationTypeMap[req.LegacyLabels.RType]) if err != nil { @@ -125,7 +124,7 @@ func cleanOpenRTBRequests(ctx context.Context, privacyEnforcement.GDPRID = false } - privacyEnforcement.Apply(bidderRequest.BidRequest, ampGDPRException) + privacyEnforcement.Apply(bidderRequest.BidRequest) } return diff --git a/exchange/utils_test.go b/exchange/utils_test.go index 5fb5707c07b..757eb658222 100644 --- a/exchange/utils_test.go +++ b/exchange/utils_test.go @@ -34,10 +34,6 @@ func (p *permissionsMock) PersonalInfoAllowed(ctx context.Context, bidder openrt return p.personalInfoAllowed, p.personalInfoAllowed, p.personalInfoAllowed, nil } -func (p *permissionsMock) AMPException() bool { - return false -} - func assertReq(t *testing.T, bidderRequests []BidderRequest, applyCOPPA bool, consentedVendors map[string]bool) { // assert individual bidder requests diff --git a/gdpr/gdpr.go b/gdpr/gdpr.go index 6d447beb438..60a7cc1e2c0 100644 --- a/gdpr/gdpr.go +++ b/gdpr/gdpr.go @@ -24,9 +24,6 @@ type Permissions interface { // // If the consent string was nonsensical, the returned error will be an ErrorMalformedConsent. PersonalInfoAllowed(ctx context.Context, bidder openrtb_ext.BidderName, PublisherID string, consent string) (bool, bool, bool, error) - - // Exposes the AMP execption flag - AMPException() bool } // Versions of the GDPR TCF technical specification. diff --git a/gdpr/impl.go b/gdpr/impl.go index 2fbd9c5a07c..5b3b86fe557 100644 --- a/gdpr/impl.go +++ b/gdpr/impl.go @@ -60,10 +60,6 @@ func (p *permissionsImpl) PersonalInfoAllowed(ctx context.Context, bidder openrt return false, false, false, nil } -func (p *permissionsImpl) AMPException() bool { - return p.cfg.AMPException -} - func (p *permissionsImpl) allowSync(ctx context.Context, vendorID uint16, consent string) (bool, error) { // If we're not given a consent string, respect the preferences in the app config. if consent == "" { @@ -225,10 +221,6 @@ func (a AlwaysAllow) PersonalInfoAllowed(ctx context.Context, bidder openrtb_ext return true, true, true, nil } -func (a AlwaysAllow) AMPException() bool { - return false -} - // Exporting to allow for easy test setups type AlwaysFail struct{} @@ -243,7 +235,3 @@ func (a AlwaysFail) BidderSyncAllowed(ctx context.Context, bidder openrtb_ext.Bi func (a AlwaysFail) PersonalInfoAllowed(ctx context.Context, bidder openrtb_ext.BidderName, PublisherID string, consent string) (bool, bool, bool, error) { return false, false, false, nil } - -func (a AlwaysFail) AMPException() bool { - return false -} diff --git a/privacy/enforcement.go b/privacy/enforcement.go index 3f157329cf6..64070ae3a6a 100644 --- a/privacy/enforcement.go +++ b/privacy/enforcement.go @@ -19,14 +19,14 @@ func (e Enforcement) Any() bool { } // Apply cleans personally identifiable information from an OpenRTB bid request. -func (e Enforcement) Apply(bidRequest *openrtb.BidRequest, ampGDPRException bool) { - e.apply(bidRequest, ampGDPRException, NewScrubber()) +func (e Enforcement) Apply(bidRequest *openrtb.BidRequest) { + e.apply(bidRequest, NewScrubber()) } -func (e Enforcement) apply(bidRequest *openrtb.BidRequest, ampGDPRException bool, scrubber Scrubber) { +func (e Enforcement) apply(bidRequest *openrtb.BidRequest, scrubber Scrubber) { if bidRequest != nil && e.Any() { bidRequest.Device = scrubber.ScrubDevice(bidRequest.Device, e.getDeviceIDScrubStrategy(), e.getIPv4ScrubStrategy(), e.getIPv6ScrubStrategy(), e.getGeoScrubStrategy()) - bidRequest.User = scrubber.ScrubUser(bidRequest.User, e.getUserScrubStrategy(ampGDPRException), e.getGeoScrubStrategy()) + bidRequest.User = scrubber.ScrubUser(bidRequest.User, e.getUserScrubStrategy(), e.getGeoScrubStrategy()) } } @@ -70,7 +70,7 @@ func (e Enforcement) getGeoScrubStrategy() ScrubStrategyGeo { return ScrubStrategyGeoNone } -func (e Enforcement) getUserScrubStrategy(ampGDPRException bool) ScrubStrategyUser { +func (e Enforcement) getUserScrubStrategy() ScrubStrategyUser { if e.COPPA { return ScrubStrategyUserIDAndDemographic } @@ -79,7 +79,7 @@ func (e Enforcement) getUserScrubStrategy(ampGDPRException bool) ScrubStrategyUs return ScrubStrategyUserID } - if e.GDPRID && !ampGDPRException { + if e.GDPRID { return ScrubStrategyUserID } diff --git a/privacy/enforcement_test.go b/privacy/enforcement_test.go index 0cf36a614c4..9240aafc2c3 100644 --- a/privacy/enforcement_test.go +++ b/privacy/enforcement_test.go @@ -59,7 +59,6 @@ func TestApply(t *testing.T) { testCases := []struct { description string enforcement Enforcement - ampGDPRException bool expectedDeviceID ScrubStrategyDeviceID expectedDeviceIPv4 ScrubStrategyIPV4 expectedDeviceIPv6 ScrubStrategyIPV6 @@ -124,7 +123,6 @@ func TestApply(t *testing.T) { GDPRID: true, LMT: false, }, - ampGDPRException: false, expectedDeviceID: ScrubStrategyDeviceIDAll, expectedDeviceIPv4: ScrubStrategyIPV4Lowest8, expectedDeviceIPv6: ScrubStrategyIPV6Lowest16, @@ -132,23 +130,6 @@ func TestApply(t *testing.T) { expectedUser: ScrubStrategyUserID, expectedUserGeo: ScrubStrategyGeoReducedPrecision, }, - { - description: "GDPR Only - Full - AMP Exception", - enforcement: Enforcement{ - CCPA: false, - COPPA: false, - GDPRGeo: true, - GDPRID: true, - LMT: false, - }, - ampGDPRException: true, - expectedDeviceID: ScrubStrategyDeviceIDAll, - expectedDeviceIPv4: ScrubStrategyIPV4Lowest8, - expectedDeviceIPv6: ScrubStrategyIPV6Lowest16, - expectedDeviceGeo: ScrubStrategyGeoReducedPrecision, - expectedUser: ScrubStrategyUserNone, - expectedUserGeo: ScrubStrategyGeoReducedPrecision, - }, { description: "GDPR Only - ID Only", enforcement: Enforcement{ @@ -158,7 +139,6 @@ func TestApply(t *testing.T) { GDPRID: true, LMT: false, }, - ampGDPRException: false, expectedDeviceID: ScrubStrategyDeviceIDAll, expectedDeviceIPv4: ScrubStrategyIPV4None, expectedDeviceIPv6: ScrubStrategyIPV6None, @@ -166,23 +146,6 @@ func TestApply(t *testing.T) { expectedUser: ScrubStrategyUserID, expectedUserGeo: ScrubStrategyGeoNone, }, - { - description: "GDPR Only - ID Only - AMP Exception", - enforcement: Enforcement{ - CCPA: false, - COPPA: false, - GDPRGeo: false, - GDPRID: true, - LMT: false, - }, - ampGDPRException: true, - expectedDeviceID: ScrubStrategyDeviceIDAll, - expectedDeviceIPv4: ScrubStrategyIPV4None, - expectedDeviceIPv6: ScrubStrategyIPV6None, - expectedDeviceGeo: ScrubStrategyGeoNone, - expectedUser: ScrubStrategyUserNone, - expectedUserGeo: ScrubStrategyGeoNone, - }, { description: "GDPR Only - Geo Only", enforcement: Enforcement{ @@ -192,7 +155,6 @@ func TestApply(t *testing.T) { GDPRID: false, LMT: false, }, - ampGDPRException: false, expectedDeviceID: ScrubStrategyDeviceIDNone, expectedDeviceIPv4: ScrubStrategyIPV4Lowest8, expectedDeviceIPv6: ScrubStrategyIPV6Lowest16, @@ -217,24 +179,7 @@ func TestApply(t *testing.T) { expectedUserGeo: ScrubStrategyGeoReducedPrecision, }, { - description: "Interactions: COPPA Only + AMP Exception", - enforcement: Enforcement{ - CCPA: false, - COPPA: true, - GDPRGeo: false, - GDPRID: false, - LMT: false, - }, - ampGDPRException: true, - expectedDeviceID: ScrubStrategyDeviceIDAll, - expectedDeviceIPv4: ScrubStrategyIPV4Lowest8, - expectedDeviceIPv6: ScrubStrategyIPV6Lowest32, - expectedDeviceGeo: ScrubStrategyGeoFull, - expectedUser: ScrubStrategyUserIDAndDemographic, - expectedUserGeo: ScrubStrategyGeoFull, - }, - { - description: "Interactions: COPPA + GDPR Full + AMP Exception", + description: "Interactions: COPPA + GDPR Full", enforcement: Enforcement{ CCPA: false, COPPA: true, @@ -242,7 +187,6 @@ func TestApply(t *testing.T) { GDPRID: true, LMT: false, }, - ampGDPRException: true, expectedDeviceID: ScrubStrategyDeviceIDAll, expectedDeviceIPv4: ScrubStrategyIPV4Lowest8, expectedDeviceIPv6: ScrubStrategyIPV6Lowest32, @@ -264,7 +208,7 @@ func TestApply(t *testing.T) { m.On("ScrubDevice", req.Device, test.expectedDeviceID, test.expectedDeviceIPv4, test.expectedDeviceIPv6, test.expectedDeviceGeo).Return(replacedDevice).Once() m.On("ScrubUser", req.User, test.expectedUser, test.expectedUserGeo).Return(replacedUser).Once() - test.enforcement.apply(req, test.ampGDPRException, m) + test.enforcement.apply(req, m) m.AssertExpectations(t) assert.Same(t, replacedDevice, req.Device, "Device") @@ -284,7 +228,7 @@ func TestApplyNoneApplicable(t *testing.T) { GDPRID: false, LMT: false, } - enforcement.apply(req, false, m) + enforcement.apply(req, m) m.AssertNotCalled(t, "ScrubDevice") m.AssertNotCalled(t, "ScrubUser") @@ -294,7 +238,7 @@ func TestApplyNil(t *testing.T) { m := &mockScrubber{} enforcement := Enforcement{} - enforcement.apply(nil, false, m) + enforcement.apply(nil, m) m.AssertNotCalled(t, "ScrubDevice") m.AssertNotCalled(t, "ScrubUser")