Page MenuHomePhabricator

Allow self-serve database credential and permissions management for Toolforge projects
Open, LowestPublic

Description

IRC conversation in Cloud-Services
<jynus> I will do some cleanup to disable accounts that have not been used for over a year
<valhallasw`cloud> that might give us a lot of 'hey, I tried to continue with a project that had been lying there for a while and the database credentials don't work anymore' bugs
<jynus> I will do something like that, not necesarily like that, or witout coordination, etc.
<tom29739> There's more attack vectors if there's accounts sitting doing nothing.
<jynus> maybe in a way that the users could reenable it somehow
<tom29739> Maybe tie into that console.wmflabs.org thingy that bd808 is making.
<tom29739> Have an 'Enable/disable db user' button.
<bd808> tom29739: write a ticket up. I can't promise anything but it sounds like something worth looking into

Task
Having database tools on this application would be very useful, it could maybe do the following:

  • Create databases
  • Delete databases
  • Change permissions on databases (can currently only be done manually, for instance sharing a db between 2 tools).
  • Enable and disable the database user (would be disabled by default)
  • Reset database password
  • Recreate replica.my.cnf
  • Recreate grants
  • SQL web terminal? (if the app is going to have a normal web terminal, then this can probably be disregarded)
  • Yet more things?

Event Timeline

Restricted Application added subscribers: Zppix, Aklapper. · View Herald Transcript
bd808 renamed this task from Add database options to console.wmflabs.org to Allow self-serve database credential and permissions management for Tool Labs projects.May 26 2016, 5:24 PM
  • Reset database password
  • recreate replica.my.cnf
  • Recreate grants
valhallasw moved this task from Triage to Backlog on the Toolforge board.
jcrespo added a subscriber: jcrespo.

I will not be working on this, but will help if someone else wants in the future (add us back). Not sure if it is still relevant with the new way of handling accounts.

Marostegui added subscribers: LSobanski, Marostegui.

Going to remove DBA from here, as the current wikireplicas are read-only, and the tools databases are managed by WMCS.
I will keep subscribed in case we are needed

This is pretty much a request for Trove in WMCS. I'll put it on the map for that. If/When we get that service set up, this will be resolved.

Nintendofan885 renamed this task from Allow self-serve database credential and permissions management for Tool Labs projects to Allow self-serve database credential and permissions management for Toolforge projects.Oct 9 2020, 4:55 PM