Page MenuHomePhabricator
Create Task
Maniphest T314827

Fundraising access request for dbu
Closed, ResolvedPublic
Actions

Description

This is a new access request for Danny Bu. They require the following access: (mark each box with an x)

  • civicrm web access
    • standard access
    • donor services access
  • ssh access - if specific hosts: list here
  • mysql - if specific hosts or databases: list here
  • superset
  • other: please explain

New User Procedure / Checklist

When adding a new user to the fundraising / fr-tech ecosystem, we have a set of places where we need to create accounts and access.

Prerequisites

Before we can take any action to add a user, we need to verify that they are authorized to have such access. This requires confirmation from their manager and approval from the C level that access is approved.

[x] user_verification
Requires: user request
[x] access_rights: letter to C level (currently Lisa) verifying grant of access
[x] account name/contact info: verify on https://collab.wikimedia.org/wiki/Fundraising#Contact_List

Accounts and Services

[ ] user account
Requires: user_verification
[ ] Add the user to the users.yaml and group_members.yaml files as appropriate.
[ ] Push out puppet changes.
[x] client_ssl_cert
Requires: user_verification
[x] cert_setup: generate cert on frpm1001 using ssl_user_admin
[x] account_setup: sms the user the password for the key
[x] follow_on: assist with certificate installation
[ ] yubikey
Requires: useraccount and ITS request to send out yubikey to user
[ ] physical: Make a request to ITS to have a key sent to the user
[ ] account_setup: Get public side and add to puppet-private/manifests/passwords/yubico.pp
[ ] follow_on: Make sure user can use yubikey for ssh access
[ ] ssh
Requires: useraccount and yubikey
[ ] key_setup: Send template/docs for generating keypair and ~/.ssh/config file
[ ] account_setup: Get public side and add to puppet-private/secrets/ssh/default/$username
[ ] follow_on: Verify user can ssh using correct creds and passphrases when needed.
[ ] mysql
Requires: useraccount, yubikey, ssh
[ ] account_setup
    [ ] Create user block in ~/puppet-private/secrets/mysql_grants/fundraising_qa
    [ ] Ensure user is in correct blocks for select rights on dbs.
        - Generally use another user in same group as a guide
    [ ] Run the grant script to get the grants.
    [ ] Copy/paste to execute the grants on appropriate dbs.
    [ ] Create the user a ~/.my.cnf file with the original password from account creation.
[ ] follow_on: Verify user can ssh to the required host and log in to mysql.
[x] civicrm
Requires: client_ssl_cert
[x] account_setup: Create user account. This will notify the user via email to update their password.
[x] follow_on: Verify user can log in to https://civicrm.wikimedia.org
[x] superset
Requires: client_ssl_cert
[x] account_setup: Create user account. Notify the user of their account name and password.
[x] follow_on: Verify user can log in to https://analytics.frdev.wikimedia.org
[x] archive_access: Add to google drive archive group. https://drive.google.com/drive/folders/0ADWGPlZtksGdUk9PVA

Event Timeline

Dwisehaupt created this task.Aug 8 2022, 11:02 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 8 2022, 11:02 PM
Jgreen moved this task from Triage to Up Next on the fundraising-tech-ops board.Aug 11 2022, 12:50 PM
Dwisehaupt added a comment.Aug 23 2022, 6:22 PM

Approval from Lisa.

Date: Tue, 23 Aug 2022 11:19:44
From: Lisa Seitz Gruwell
To: Dallas Wisehaupt
Cc: Megan Hernandez, Greg Grossmeier
Subject: Re: Access for Danny Bu -- request & approval
----------------------------------------

Approved

On Tue, Aug 23, 2022 at 11:16 AM Dallas Wisehaupt wrote:
      Lisa,

Could you please approve this request for fundraising access for Danny? Thanks!

Dallas

On Mon, Aug 8, 2022 at 2:35 PM Megan Hernandez wrote:
      Hi Dallas, 
I'm working on onboarding materials for Danny Bu. Would you be able to set him up with Yubikey SSH access, civi,
superset, and phabricator access? 
Lisa - please approve. 

Thank you! 

Megan 
Dwisehaupt updated the task description. (Show Details)Aug 23 2022, 9:04 PM
Dwisehaupt updated the task description. (Show Details)Aug 23 2022, 9:30 PM
Dwisehaupt added a comment.Aug 23 2022, 9:33 PM

Created SSL client cert and sent via email. Password sent via SMS. Civicrm account created and set with random password. Superset account created and set with random password. Password reset instructions sent for civicrm and superset.

Documentation link sent with instructions on how to generate an ssh keypair and config file.

Dwisehaupt updated the task description. (Show Details)Sep 6 2022, 9:33 PM
Dwisehaupt added a subscriber: DBu-WMF.

@DBu-WMF I just wanted to check back in and see if you needed assistance with the SSH setup of if that was not access you needed at this point?

DBu-WMF added a comment.Sep 7 2022, 3:10 PM

I now have access to both Superset and Civi. Thank you for your assistance.

Dwisehaupt closed this task as Resolved.Sep 28 2022, 6:47 PM
Dwisehaupt claimed this task.
Dwisehaupt moved this task from Up Next to Done on the fundraising-tech-ops board.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL