Page MenuHomePhabricator
Create Task
Maniphest T362618

Grant Access to 'wmf' ldap group for Michael to allow logstash access
Closed, ResolvedPublic
Actions

Description

Since 2024-04-08, I'm employed as developer in the WMF Growth team.

  • Do you currently have shell access? What exactly does that mean and how would I actually check? But probably: "No."
  • Purpose: Access to Logstash to be able to contribute to Growth team chores; +2 to mediawiki/* in Gerrit.

Note:

  • I filed this request previously when starting my employment for WMDE in 2018: T211128. Some rights were removed from this account when my employment there ended at 2024-03-31 (see T361266).
  • I somehow still have my Gerrit +2 rights? (wmde-mediawiki group was removed by @taavi in T361266#9716865)
  • I don't think I need all the previous rights back. +2 rights for Gerrit, access to logstash and edit rights in Grafana are what is essential right now. I do not think blanket access to security tasks is a need anymore, nor shell access to analytics machines. Permissions to create new Phabricator projects would be useful but not essential.

Details

SubjectRepoBranchLines +/-
admin: add migr to ldap_only_usersoperations/puppetproduction+4 -0
Customize query in gerrit

Related Objects

Event Timeline

Michael created this task.Tue, Apr 16, 8:58 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptTue, Apr 16, 8:58 AM
taavi renamed this task from Grant Access to 'nda' ldap group for Michael to allow logstash access to Grant Access to 'wmf' ldap group for Michael to allow logstash access.Tue, Apr 16, 9:00 AM
Urbanecm_WMF subscribed.Tue, Apr 16, 9:08 AM
Urbanecm_WMF updated the task description. (Show Details)Tue, Apr 16, 9:12 AM
Urbanecm_WMF added a subscriber: taavi.
Michael updated the task description. (Show Details)Tue, Apr 16, 1:24 PM
gerritbot added a comment.Tue, Apr 16, 2:04 PM

Change #1020225 had a related patch set uploaded (by Ssingh; author: Ssingh):

[operations/puppet@production] admin: add migr to ldap_only_users

https://gerrit.wikimedia.org/r/1020225

gerritbot added a project: Patch-For-Review.Tue, Apr 16, 2:04 PM
gerritbot added a comment.Tue, Apr 16, 2:08 PM

Change #1020225 merged by Ssingh:

[operations/puppet@production] admin: add migr to ldap_only_users

https://gerrit.wikimedia.org/r/1020225

ssingh closed this task as Resolved.Tue, Apr 16, 2:20 PM
ssingh claimed this task.
ssingh subscribed.

Added to wmf LDAP group (as well as Phabricator). Please try to access Logstash and let us know if there are any issues.

Michael added a comment.Tue, Apr 16, 3:07 PM

I now have Gerrit +2 rights again, but sadly, I still cannot access Logstash or log in to Grafana:

image.png (579×433 px, 48 KB)

Do I have to wait for a certain time?

MoritzMuehlenhoff subscribed.Tue, Apr 16, 3:24 PM

Can you try accessing https://idp.wikimedia.org/logout and then retrying a login to https://idp.wikimedia.org/? You might have still had an SSO session with your previous memberships. I just had a look at the LDAP replicas and your cn=wmf membership is present there.

If it still fails, please try accessing https://idp.wikimedia.org/login and click the "Click here to view attributes resolved and retrieved for FOOBAR" link. cn=wmf should show up under memberOf.

Michael added a comment.Tue, Apr 16, 3:43 PM
In T362618#9718814, @MoritzMuehlenhoff wrote:

Can you try accessing https://idp.wikimedia.org/logout and then retrying a login to https://idp.wikimedia.org/? You might have still had an SSO session with your previous memberships.

That was it! Thank you 🙏

(though it is quite strange behavior/UX on the part of idp.)

ssingh reopened this task as Open.Tue, Apr 16, 3:44 PM
ssingh added a subscriber: Muehlenhoff.

Thanks @Muehlenhoff! And good to know @Michael that this is resolved; closing this task.

ssingh closed this task as Resolved.Tue, Apr 16, 3:45 PM
MoritzMuehlenhoff mentioned this in T361266: Offboard Michael Grosse (WMDE) from WMF systems.Tue, Apr 16, 9:41 PM
Maintenance_bot removed a project: Patch-For-Review.Fri, Apr 26, 5:56 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL