Page MenuHomePhabricator
Create Task
Maniphest T165337

Add new users to 'bastion' project via a Keystone hook
Closed, ResolvedPublic
Actions

Description

Currently new users are added to Bastion via wikitech. That's fine, but as we move to user creation via Striker (or tool-to-be-named-later) this will have to be done elsewhere, probably by Keystone. It's easy, I think.

Details

SubjectRepoBranchLines +/-
keystonehooks: only add users to bastion if they have the 'user' roleoperations/puppetproduction+8 -5
keystonehooks: Add any new project member to bastionoperations/puppetproduction+32 -2
Customize query in gerrit

Related Objects
Search...

Event Timeline

Andrew created this task.May 15 2017, 3:08 PM
bd808 added a comment.May 15 2017, 3:22 PM

We probably don't want to add them to bastion on account creation. I think the equivalent of the OSM logic would be to check for bastion membership when changing project roles and grant the user role in the bastion project if it doesn't exist.

Andrew added a parent task: T165343: Reconsider WMCS user creation workflow w/out OSM.May 15 2017, 3:27 PM
bd808 added a project: cloud-services-team (Kanban).Jun 6 2017, 8:57 PM
Addshore unsubscribed.Jun 7 2017, 10:12 AM
chasemp added subscribers: aborrero, chasemp.Oct 24 2017, 12:53 PM

Seems likely this hit @aborrero and I fixed it by adding him to chasetest project via wikitech:

uid=18194(aborrero) gid=500(wikidev) groups=50380(project-tools),500(wikidev)

then

uid=18194(aborrero) gid=500(wikidev) groups=50062(project-bastion),50380(project-tools),52223(project-chasetest),500(wikidev)

gerritbot subscribed.May 31 2018, 3:29 PM

Change 436570 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[operations/puppet@production] keystonehooks: Add any new project member to bastion

https://gerrit.wikimedia.org/r/436570

gerritbot added a project: Patch-For-Review.May 31 2018, 3:29 PM
gerritbot added a comment.Jun 1 2018, 3:25 PM

Change 436570 merged by Andrew Bogott:
[operations/puppet@production] keystonehooks: Add any new project member to bastion

https://gerrit.wikimedia.org/r/436570

gerritbot added a comment.Jun 1 2018, 10:48 PM

Change 436955 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[operations/puppet@production] keystonehooks: only add users to bastion if they have the 'user' role

https://gerrit.wikimedia.org/r/436955

gerritbot added a comment.Jun 2 2018, 10:02 PM

Change 436955 merged by Andrew Bogott:
[operations/puppet@production] keystonehooks: only add users to bastion if they have the 'user' role

https://gerrit.wikimedia.org/r/436955

bd808 moved this task from Inbox to Doing on the cloud-services-team (Kanban) board.Jun 4 2018, 12:03 AM
Liuxinyu970226 subscribed.Jul 15 2018, 1:11 PM
bd808 closed this task as Resolved.Aug 31 2018, 12:19 AM

I'm pretty sure this was fixed. Please reopen if the bug can be reproduced.

Liuxinyu970226 unsubscribed.Sep 1 2018, 4:27 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL