Page MenuHomePhabricator
Create Task
Maniphest T110484

grafana.wikimedia.org calls out to AWS
Closed, ResolvedPublic
Actions

Description

Not on a default page load, but after clicking the "configure dashboard" icon.

default : Grafana - RelEng :: Gerrit - Iceweasel_030.png (741×1 px, 107 KB)

logstash.wikimedia.org doesn't, afaict.

Related Objects

Event Timeline

greg created this task.Aug 27 2015, 4:24 AM
greg raised the priority of this task from to Needs Triage.
greg updated the task description. (Show Details)
greg added a project: acl*sre-team.
greg subscribed.
Restricted Application added subscribers: Matanya, Aklapper. · View Herald TranscriptAug 27 2015, 4:24 AM
Krenair renamed this task from grafana.wikimedi.org calls out to AWS for JS assests to grafana.wikimedia.org calls out to AWS for JS assests.Aug 27 2015, 4:26 AM
Krenair set Security to None.
Krenair subscribed.
akosiaris triaged this task as Medium priority.Aug 27 2015, 10:29 AM
akosiaris added a project: observability.
akosiaris subscribed.Aug 27 2015, 10:32 AM

I am assuming this has been going for a long time. Questions:

  • What kind of privacy issues does it create.
  • In case AWS goes down, how much functionality do we lose ?
yuvipanda subscribed.Aug 27 2015, 10:38 AM
In T110484#1579327, @akosiaris wrote:

I am assuming this has been going for a long time. Questions:

  • What kind of privacy issues does it create.

Exposes user IPs I guess? Also possibly against our privacy policy (if it applies to grafana.wikimedia.org?!) since it doesn't ask for user consent before contacting AWS.

greg added a comment.Aug 27 2015, 4:55 PM

It violates our privacy policy for *.wikimedia.org domains, afaik (IANAL).

greg added a comment.Sep 1 2015, 10:23 PM
In T110484#1579327, @akosiaris wrote:

I am assuming this has been going for a long time. Questions:

  • What kind of privacy issues does it create.

As above, Privacy Policy violation since it's a *.wikimedia.org domain (IANAL)

  • In case AWS goes down, how much functionality do we lose ?

Nothing, as the call to AWS doesn't provide any functionality, afaict. It simply GETs https://grafanarel.s3.amazonaws.com/latest.json to see what the latest version is, presumably to complain/suggest upgrading. I want to just remove that call all together....

Stating your question in the reverse: What do we gain from calling out to AWS?
Answering my new question: Nothing, and thus we shouldn't do it.

greg renamed this task from grafana.wikimedia.org calls out to AWS for JS assests to grafana.wikimedia.org calls out to AWS.Sep 2 2015, 5:48 AM
In T110484#1595047, @greg wrote:

It simply GETs https://grafanarel.s3.amazonaws.com/latest.json to see what the latest version is, presumably to complain/suggest upgrading.

Or as a smart way tracking of install base/usage.

akosiaris added a subscriber: ori.Sep 2 2015, 11:53 AM

Nothing, as the call to AWS doesn't provide any functionality, afaict. It simply GETs https://grafanarel.s3.amazonaws.com/latest.json to see what the latest version is, presumably to complain/suggest upgrading. I want to just remove that call all together....

Stating your question in the reverse: What do we gain from calling out to AWS?
Answering my new question: Nothing, and thus we shouldn't do it.

Agreed. I am anyway trying to get involved with Grafana these days, I 'll coordinate with @ori, having in mind a possible upgrade to a newer version of grafana anyways and perhaps patching our installation with a removal of that check.

fgiunchedi subscribed.Sep 2 2015, 12:04 PM

FWIW see also T104738: Upgrade to Grafana v2.x for a related discussion on the upgrade, I don't see a way to disable this via config at least in our version in trebuchet :|

greg added a comment.Sep 2 2015, 2:50 PM
In T110484#1596556, @fgiunchedi wrote:

I don't see a way to disable this via config at least in our version in trebuchet :|

Yeah, I spent way too long yesterday poking around config files/puppet/upstream docs looking for a way to disable it, unfortunately.

akosiaris added a comment.Sep 2 2015, 3:00 PM
In T110484#1597044, @greg wrote:
In T110484#1596556, @fgiunchedi wrote:

I don't see a way to disable this via config at least in our version in trebuchet :|

Yeah, I spent way too long yesterday poking around config files/puppet/upstream docs looking for a way to disable it, unfortunately.

Yeah, I was referring to removing it, not disabling it. As in our local patch. Looking into master

https://github.com/grafana/grafana/blob/master/public/app/directives/grafanaVersionCheck.js

it could be patched with a null function, me thinks. But if we are going to upgrade, it probably does not make sense to do it for this version alone.

Krinkle added a project: Grafana.Sep 4 2015, 5:52 PM
Nemo_bis added a project: Privacy.Nov 7 2015, 4:11 PM
Nemo_bis subscribed.
ori closed this task as Resolved.Nov 7 2015, 5:25 PM
ori claimed this task.

Fixed by upgrading.

Phabricator_maintenance removed a subscriber: yuvipanda.Jun 7 2017, 6:47 PM
sbassett moved this task from Intake to Done on the Privacy board.Oct 16 2019, 5:48 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL