Hello! I'm trying to access a Jenkins job configuration page and @hashar kindly informed me my groups aren't configured properly for my account, sniedzielski. This ticket is too add me to the wmf and nda groups.
Background from https://phabricator.wikimedia.org/T62720#1384115
Since you are a WMF staff your labs account should be in the ldap groups 'wmf' and 'nda' , the 'wmf' group would grant you full admin rights on jenkins :}
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Declined | None | T108737 Add code coverage report for Android app code | |||
| Resolved | • Niedzielski | T62720 Jenkins should run tests for the Wikipedia app before merge | |||
| Resolved | • Niedzielski | T103192 Request Jenkins shell access for account "sniedzielski" | |||
| Resolved | Dzahn | T103191 Request "wmf" group assignments for account "sniedzielski" |
That will let @Niedzielski get access to the Jenkins configuration which rely on users being in the wmf LDAP group :-}
I don't think you need the 'nda' group, just the 'wmf' one? I think 'nda' is only really for people who signed the volunteer NDA... (Although I'm not in it, because I'm already in the 'wmf' one)
refs: https://wikimediafoundation.org/wiki/User:SNiedzielski_%28WMF%29
https://wikimediafoundation.org/w/index.php?title=Staff_and_contractors&oldid=102044
caveat here:
Sniedzielski is the WMF account:
mail: sniedzielski@wikimedia
cn: Sniedzielski
uidNumber: 12119
Niedzielski is the private one:
mail: stephen@niedzielski
cn: Niedzielski
uidNumber: 11833
I added Sniedzielski, as requested, and checked, to see:
[terbium:~] $ ldaplist -l group wmf | grep niedzielski
member: uid=niedzielski,ou=people,dc=wikimedia,dc=org
member: uid=sniedzielski,ou=people,dc=wikimedia,dc=org
both accounts were member in WMF, so it looks the wrong one was added by mistake in the past
so:
modify-ldap-group --deletemembers niedzielski wmf
modify-ldap-group --addmembers Sniedzielski wmf
and now it is as it should have been in the first place.
(Sorry, reopening.) @Dzahn, would you mind leaving my niedzielski membership? It allows me to +2 in Gerrit which is part of certain Android release processes.
@Niedzielski I would prefer if we can just add the @wikimedia.org user into the WMF group, could you use that one on Gerrit or would that be a big problem?
@Dzahn, it's not a problem but a strong preference. I have ~50 patches in Gerrit already under my niedzielski account and it's the same handle I use on IRC.
Can we rename your Gerrit user instead?
It would require some steps but is documented on
I'll add that this isn't just Daniel's suggestion; this was discussed during the operations meeting and having a personal user account of a staff user have those rights in the first place seems to have been a mistake. (Unless you were granted those rights as a volunteer on said account; and said rights had nothing to do with your role as staff.)
We realize it stinks to have to deal with having to migrate over to using the staff account, and apologize for the inconvenience. Having a single user one-off policy exception gets very unwieldy, as its never just one.
@Niedzielski Thanks for understanding. Sorry, it was our fault to do it wrong in the first place.