Model refactor: move IdG config to EligibilityVerifier

[thekaveman]

Depends on #2233 being done first.

Acceptance criteria

• ClaimsProvider.scope moved to EligibilityVerifier.claims_scope
• ClaimsProvider.claim moved to EligibilityVerifier.claims_claim
• ClaimsProvider.supports_claims_verification moved to EligibilityVerifier.supports_claims_verification Conditions in ClaimsProvider.supports_claims_verification moved to EligibilityVerifier.uses_claims_verification inline
• EligibilityVerifier.claims_scheme added as optional (leave the field as required on ClaimsProvider); default to using the value on ClaimsProvider if no value on EligibilityVerifier
• Existing Django config data is migrated
• Docs are updated

Impact on the code

• Code search for claim in the repo
• Code search for scheme in the repo
• Code search for scope in the repo

Impact on existing data

• Data migrations needed to move field data from ClaimsProvider instances to EligibilityVerifier instances

Impact on analytics

• These fields are not logged in analytics

Impact on Admin permissions

• Read only fields need to be updated for the moved fields

[lalver1]

@thekaveman , would it also make sense to add

• ClaimsProvider.supports_claims_verification moved to EligibilityVerifier.supports_claims_verification

to the acceptance criteria since it is a model attribute (managed, but I guess still technically an attribute)? Also, since scope and claim have been moved to EligibilityVerifier, it seems that supports_claims_verification should also move to EligibilityVerifier?

If not, I think it is possible to keep ClaimsProvider.supports_claims_verification by adding a eligibility_verifiers = models.OneToOneField("EligibilityVerifier", null=True, on_delete=models.CASCADE) attribute to ClaimsProvider (or something similar to get scope and claim from EligibilityVerifier) but I have a feeling this is not too logical since scope and claim have been moved to EligibilityVerifier and the better solution is the one described above?

[thekaveman]

@lalver1 yes you are absolutely right -- since that attribute is calculated from the others that are moving, it should be moved too.

And it looks like the same goes for ClaimsProvider.client_id which is calculating from ClaimsProvider.client_id_secret_name which is also moving.

Remember the ultimate goal here is #2236 where all the details relevant to the specific flow are going to be on the EnrollmentFlow model. So that will include these fields/attributes we're discussing here.

[lalver1]

Perfect, I'll edit the acceptance criteria whenever it is helpful to track these changes, thanks!

[thekaveman]

@lalver1 when you have a branch with a migration file, can you push that up please? I want to start #2282 from your work.

[thekaveman]

@lalver1 I was partially wrong here, sorry about that:

@lalver1 yes you are absolutely right -- since that attribute is calculated from the others that are moving, it should be moved too.

And it looks like the same goes for ClaimsProvider.client_id which is calculating from ClaimsProvider.client_id_secret_name which is also moving.

Remember the ultimate goal here is #2236 where all the details relevant to the specific flow are going to be on the EnrollmentFlow model. So that will include these fields/attributes we're discussing here.

This is wrong:

And it looks like the same goes for ClaimsProvider.client_id which is calculating from ClaimsProvider.client_id_secret_name which is also moving.

client_id_secret_name is not moving.

[lalver1]

Thanks @thekaveman , yep I was wondering about that second part so that makes sense that client_id_secret_name is not moving.

In case it helps, I created a draft PR with the first part of this refactor, moving scope and claim from ClaimsProvider to EligibilityVerifier. But the migration file is not finished since I'm missing the parts below. You'll see comments in parts of the code I am still working on:

• scope and claim data migration ✅
• admin permissions update
• add EligibilityVerifier.claims_scheme as optional (leave as required on ClaimsProvider) ✅
• updating tests ✅
• updating documentation

[lalver1]

Quick update on this ticket @thekaveman, the draft PR is almost ready for a review. I still need to update:

• model fixtures
• documentation
• take one more look at the admin permissions update. Since scheme is still in ClaimsProvider the scheme read only field will not change but I think I need to set EligibilityVerifier.claims_scheme as another read only field in the admin permissions.