Page MenuHomePhabricator
Create Task
Maniphest T173963

Unable to add new LDAP user as maintainer of a tool
Closed, ResolvedPublic
Actions

Description

Here's what I did:

  • Created new LDAP account using striker (strikertest2017-08-23)
  • Requested membership in Toolforge
  • Approved membership request using a privileged account
  • Logged out of the new account's session (T144943: Groups and tools only refreshed at login)
  • Logged in with new account
  • Created tool (https://toolsadmin.wikimedia.org/tools/id/strikertest2017-08-23)
  • New tool shows in user's list of tools
  • Edit maintainers for tool
    • User does not show in list of maintainers
    • Added another user as maintainer
  • Got notification that new user had removed new user as maintainer of tool
  • Tried to add new account as maintainer from another session
    • New account shows up in autocomplete list for adding maintainers
    • On form submission, validation says "Select a valid choice. strikertest2017-08-23 is not one of the available choices." on submission

Details

SubjectRepoBranchLines +/-
Break in-process cache of model choice fieldslabs/strikermaster+13 -5
striker.tools.models.Maintainer: fix __str__labs/strikermaster+1 -1
Customize query in gerrit

Related Objects

Event Timeline

bd808 created this task.Aug 23 2017, 5:43 PM
Restricted Application added a project: User-bd808. · View Herald TranscriptAug 23 2017, 5:43 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
bd808 added a comment.Aug 23 2017, 5:43 PM

New LDAP account:

$ ldap uid=strikertest2017-08-23 '*' '+'
dn: uid=strikertest2017-08-23,ou=people,dc=wikimedia,dc=org
objectClass: person
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: ldapPublicKey
objectClass: posixAccount
objectClass: shadowAccount
uid: strikertest2017-08-23
cn: Striker test 2017-08-23
uidNumber: 17774
gidNumber: 500
homeDirectory: /home/strikertest2017-08-23
loginShell: /bin/bash
sn: Striker test 2017-08-23
mail: bd808+test@wikimedia.org
structuralObjectClass: inetOrgPerson
entryUUID: eaa02dbe-1c71-1037-8b68-8f084541145b
creatorsName: uid=novaadmin,ou=people,dc=wikimedia,dc=org
createTimestamp: 20170823171158Z
entryCSN: 20170823171158.733392Z#000000#001#000000
modifyTimestamp: 20170823171158Z
memberOf: cn=project-tools,ou=groups,dc=wikimedia,dc=org
modifiersName: cn=admin,dc=wikimedia,dc=org
entryDN: uid=strikertest2017-08-23,ou=people,dc=wikimedia,dc=org
subschemaSubentry: cn=Subschema
hasSubordinates: FALSE

New tool group:

$ ldap '(&(objectClass=posixGroup)(cn=tools.strikertest2017-08-23))' '*' '+'
dn: cn=tools.strikertest2017-08-23,ou=servicegroups,dc=wikimedia,dc=org
objectClass: posixGroup
objectClass: groupOfNames
cn: tools.strikertest2017-08-23
gidNumber: 53482
structuralObjectClass: groupOfNames
entryUUID: 6d2b1f6e-1c72-1037-8b69-8f084541145b
creatorsName: uid=novaadmin,ou=people,dc=wikimedia,dc=org
createTimestamp: 20170823171537Z
member: uid=bd808,ou=people,dc=wikimedia,dc=org
entryCSN: 20170823172921.811077Z#000000#001#000000
modifiersName: uid=novaadmin,ou=people,dc=wikimedia,dc=org
modifyTimestamp: 20170823172921Z
entryDN: cn=tools.strikertest2017-08-23,ou=servicegroups,dc=wikimedia,dc=org
subschemaSubentry: cn=Subschema
hasSubordinates: FALSE

New tool account:

$ ldap uid=tools.strikertest2017-08-23 '*' '+'
dn: uid=tools.strikertest2017-08-23,ou=people,ou=servicegroups,dc=wikimedia,dc=org
objectClass: shadowAccount
objectClass: posixAccount
objectClass: person
objectClass: top
uid: tools.strikertest2017-08-23
cn: tools.strikertest2017-08-23
sn: tools.strikertest2017-08-23
uidNumber: 53482
gidNumber: 53482
homeDirectory: /data/project/strikertest2017-08-23
structuralObjectClass: person
entryUUID: 6d2cbda6-1c72-1037-8b6a-8f084541145b
creatorsName: uid=novaadmin,ou=people,dc=wikimedia,dc=org
createTimestamp: 20170823171537Z
entryCSN: 20170823171537.758393Z#000000#001#000000
modifiersName: uid=novaadmin,ou=people,dc=wikimedia,dc=org
modifyTimestamp: 20170823171537Z
entryDN: uid=tools.strikertest2017-08-23,ou=people,ou=servicegroups,dc=wikimedia,dc=org
subschemaSubentry: cn=Subschema
hasSubordinates: FALSE
bd808 added a comment.Aug 23 2017, 10:00 PM

I was able to add "Striker test 2017-08-23" as a maintainer via https://wikitech.wikimedia.org/wiki/Special:NovaServiceGroup so this looks like some Striker specific lookup problem.

bd808 added a comment.Aug 24 2017, 12:36 AM

Screen Shot 2017-08-23 at 18.35.42.png (125×632 px, 25 KB)

Screen Shot 2017-08-23 at 18.35.57.png (201×463 px, 17 KB)

bd808 triaged this task as High priority.Aug 24 2017, 12:59 AM
bd808 moved this task from Inbox to Soon! on the cloud-services-team (Kanban) board.
bd808 moved this task from Backlog to Ready on the Striker board.
gerritbot subscribed.Aug 24 2017, 6:44 PM

Change 373644 had a related patch set uploaded (by BryanDavis; owner: Bryan Davis):
[labs/striker@master] striker.tools.models.Maintainer: fix str

https://gerrit.wikimedia.org/r/373644

gerritbot added a project: Patch-For-Review.Aug 24 2017, 6:44 PM
bd808 moved this task from Soon! to Doing on the cloud-services-team (Kanban) board.Aug 24 2017, 6:47 PM
bd808 moved this task from Ready to Doing on the Striker board.Aug 24 2017, 6:56 PM
gerritbot added a comment.Aug 24 2017, 6:58 PM

Change 373644 merged by jenkins-bot:
[labs/striker@master] striker.tools.models.Maintainer: fix str

https://gerrit.wikimedia.org/r/373644

bd808 added a comment.Aug 24 2017, 10:13 PM

This really feels like an in-process cache bug the more I work on it. Each time the wsgi container in either of my testing environments is restarted then all the accounts created since the last restart will begin to work as expected. Creating a new account will reproduce the problem.

gerritbot added a comment.Aug 24 2017, 10:58 PM

Change 373708 had a related patch set uploaded (by BryanDavis; owner: Bryan Davis):
[labs/striker@master] Break in-process cache of model choice fields

https://gerrit.wikimedia.org/r/373708

gerritbot added a comment.Aug 25 2017, 12:07 AM

Change 373708 merged by jenkins-bot:
[labs/striker@master] Break in-process cache of model choice fields

https://gerrit.wikimedia.org/r/373708

bd808 closed this task as Resolved.Aug 28 2017, 8:36 PM
bd808 moved this task from Doing to Done on the cloud-services-team (Kanban) board.Aug 28 2017, 8:42 PM
bd808 moved this task from Doing to Done on the Striker board.Sep 5 2017, 11:54 PM
bd808 moved this task from To Do to Done on the User-bd808 board.Jul 15 2020, 9:17 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits