update enrichOneTrustAssessment to enrich creator

transcend-io · Jan 21, 2025 · 6a1d610 · 6a1d610
1 parent 8ab3780
commit 6a1d610
Show file tree

Hide file tree

Showing 5 changed files with 55 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -580,7 +580,7 @@ Note: This command will overwrite the existing transcend.yml file that you have
 
 ### tr-sync-ot
 
-Pulls resources from a OneTrust and syncs them to a Transcend instance. For now, it only supports retrieving OneTrust Assessments. It sends a request to the [Get List of Assessments](https://developer.onetrust.com/onetrust/reference/getallassessmentbasicdetailsusingget) endpoint to fetch a list of all Assessments in your account. Then, it queries the [Get Assessment](https://developer.onetrust.com/onetrust/reference/exportassessmentusingget) and [Get Risk](https://developer.onetrust.com/onetrust/reference/getriskusingget) endpoints to enrich these assessments with more details such as respondents, approvers, assessment questions and responses, and assessment risks. Finally, it syncs the enriched resources to disk in the specified file and format.
+Pulls resources from a OneTrust and syncs them to a Transcend instance. For now, it only supports retrieving OneTrust Assessments. It sends a request to the [Get List of Assessments](https://developer.onetrust.com/onetrust/reference/getallassessmentbasicdetailsusingget) endpoint to fetch a list of all Assessments in your account. Then, it queries the [Get Assessment](https://developer.onetrust.com/onetrust/reference/exportassessmentusingget), [Get Risk](https://developer.onetrust.com/onetrust/reference/getriskusingget), and [Get User](https://developer.onetrust.com/onetrust/reference/getuserbyid) endpoints to enrich these assessments with more details such as respondents, approvers, assessment questions and responses, and assessment risks. Finally, it syncs the enriched resources to disk in the specified file and format.
 
 This command can be helpful if you are looking to:
 
@@ -594,6 +594,7 @@ In order to use this command, you will need to generate a OneTrust OAuth Token w
 - [GET /v2/assessments](https://developer.onetrust.com/onetrust/reference/getallassessmentbasicdetailsusingget)
 - [GET /v2/assessments/{assessmentId}/export](https://developer.onetrust.com/onetrust/reference/exportassessmentusingget)
 - [GET /risks/{riskId}](https://developer.onetrust.com/onetrust/reference/getriskusingget)
+- [GET /v2/Users/{userId}](https://developer.onetrust.com/onetrust/reference/getuserusingget)
 
 To learn how to generate the token, see the [OAuth 2.0 Scopes](https://developer.onetrust.com/onetrust/reference/oauth-20-scopes) and [Generate Access Token](https://developer.onetrust.com/onetrust/reference/getoauthtoken) pages.
 

diff --git a/src/oneTrust/codecs.ts b/src/oneTrust/codecs.ts
@@ -9,6 +9,9 @@ import {
   OneTrustGetRiskResponse,
 } from '@transcend-io/privacy-types';
 import * as t from 'io-ts';
+import { OneTrustGetUserResponse } from './endpoints';
+
+// FIXME: some some of these to privacy-types (the ones shared with main)
 
 /**  OneTrustAssessmentNestedQuestion without nested options */
 export const OneTrustAssessmentNestedQuestionFlat = t.type({
@@ -148,8 +151,32 @@ export type OneTrustEnrichedAssessmentSection = t.TypeOf<
   typeof OneTrustEnrichedAssessmentSection
 >;
 
+// FIXME: add to OneTrustGetAssessmentResponse
+const OneTrustAssessmentCreatedBy = t.type({
+  /** The ID of the creator */
+  id: t.string,
+  /** The name of the creator */
+  name: t.string,
+  /** The name key of the template */
+  nameKey: t.union([t.string, t.null]),
+});
+
+/** Type override */
+export type OneTrustAssessmentCreatedBy = t.TypeOf<
+  typeof OneTrustAssessmentCreatedBy
+>;
+
+export const OneTrustEnrichedUser = t.type({
+  ...OneTrustAssessmentCreatedBy.props,
+  ...OneTrustGetUserResponse.props,
+});
+
+/** Type override */
+export type OneTrustEnrichedUser = t.TypeOf<typeof OneTrustEnrichedUser>;
+
 export const OneTrustEnrichedAssessmentResponse = t.type({
   ...OneTrustGetAssessmentResponse.props,
+  createdBy: OneTrustEnrichedUser,
   sections: t.array(OneTrustEnrichedAssessmentSection),
 });
 /** Type override */

diff --git a/src/oneTrust/endpoints/index.ts b/src/oneTrust/endpoints/index.ts
@@ -1,3 +1,4 @@
 export * from './getListOfOneTrustAssessments';
 export * from './getOneTrustAssessment';
 export * from './getOneTrustRisk';
+export * from './getOneTrustUser';
diff --git a/src/oneTrust/helpers/enrichOneTrustAssessment.ts b/src/oneTrust/helpers/enrichOneTrustAssessment.ts
@@ -5,6 +5,7 @@ import {
 } from '@transcend-io/privacy-types';
 import keyBy from 'lodash/keyBy';
 import { OneTrustEnrichedAssessment } from '../codecs';
+import { OneTrustGetUserResponse } from '../endpoints';
 
 /**
  * Merge the assessment, assessmentDetails, and riskDetails into one object.
@@ -16,16 +17,19 @@ export const enrichOneTrustAssessment = ({
   assessment,
   assessmentDetails,
   riskDetails,
+  creatorDetails,
 }: {
   /** The OneTrust risk details */
   riskDetails: OneTrustGetRiskResponse[];
   /** The OneTrust assessment as returned from Get List of Assessments endpoint */
   assessment: OneTrustAssessment;
   /** The OneTrust assessment details */
   assessmentDetails: OneTrustGetAssessmentResponse;
+  /** The OneTrust assessment creator details */
+  creatorDetails: OneTrustGetUserResponse;
 }): OneTrustEnrichedAssessment => {
   const riskDetailsById = keyBy(riskDetails, 'id');
-  const { sections, ...restAssessmentDetails } = assessmentDetails;
+  const { sections, createdBy, ...restAssessmentDetails } = assessmentDetails;
   const sectionsWithEnrichedRisk = sections.map((section) => {
     const { questions, ...restSection } = section;
     const enrichedQuestions = questions.map((question) => {
@@ -57,11 +61,17 @@ export const enrichOneTrustAssessment = ({
     };
   });
 
+  const enrichedCreatedBy = {
+    ...createdBy,
+    ...creatorDetails,
+  };
+
   // combine the two assessments into a single enriched result
 
   return {
     ...assessment,
     ...restAssessmentDetails,
+    createdBy: enrichedCreatedBy,
     sections: sectionsWithEnrichedRisk,
   };
 };
diff --git a/src/oneTrust/helpers/syncOneTrustAssessments.ts b/src/oneTrust/helpers/syncOneTrustAssessments.ts
@@ -3,6 +3,7 @@ import {
   getListOfOneTrustAssessments,
   getOneTrustAssessment,
   getOneTrustRisk,
+  getOneTrustUser,
 } from '../endpoints';
 import { map, mapSeries } from 'bluebird';
 import { logger } from '../../logger';
@@ -62,6 +63,18 @@ export const syncOneTrustAssessments = async ({
       assessmentId: assessment.assessmentId,
     });
 
+    // enrich assessments with user information
+    const creator = await getOneTrustUser({
+      oneTrust,
+      creatorId: assessmentDetails.createdBy.id,
+    });
+
+    /**
+     * FIXME: enrich rootRequestInformationIds
+     */
+
+    // console.log({ creator });
+
     // enrich assessments with risk information
     let riskDetails: OneTrustGetRiskResponse[] = [];
     const riskIds = uniq(
@@ -91,6 +104,7 @@ export const syncOneTrustAssessments = async ({
       assessment,
       assessmentDetails,
       riskDetails,
+      creatorDetails: creator,
     });
 
     if (dryRun && file && fileFormat) {