Page MenuHomePhabricator
Create Task
Maniphest T187822

Have Thumbor use a different Swift user when dealing with private containers
Closed, ResolvedPublic
Actions

Description

This should avoid potential thumbnail access leaks when a private wiki is created but not added to swift::proxy::private_container_list

Details

SubjectRepoBranchLines +/-
Add new Thumbor config keys for private swift usermediawiki/vagrantmaster+0 -0
Add Thumbor private container user configuration keysoperations/puppetproduction+11 -4
hieradata: rename thumbor-private useroperations/puppetproduction+2 -2
hieradata: add private wikis thumbor swift useroperations/puppetproduction+12 -0
Separate additional swift users for public and privatemediawiki/coremaster+24 -10
Upgrade to 1.15operations/debs/python-thumbor-wikimediamaster+57 -16
Set up separate Thumbor Swift user for private containersoperations/mediawiki-configmaster+13 -4
Customize query in gerrit

Revisions and Commits

rTHMBREXT Thumbor Plugins
rTHMBREXT533a40fe206b Version bump
Restricted Differential RevisionrTHMBREXT798a6782a4b1 Add extra swift user for private containers

Related Objects
Search...

Event Timeline

Gilles triaged this task as Low priority.Feb 20 2018, 7:05 PM
Gilles created this task.
gerritbot added a comment.Feb 26 2018, 9:26 AM

Change 414629 had a related patch set uploaded (by Gilles; owner: Gilles):
[mediawiki/core@master] Separate additional swift users for public and private

https://gerrit.wikimedia.org/r/414629

gerritbot added a project: Patch-For-Review.Feb 26 2018, 9:26 AM
gerritbot added a comment.Feb 26 2018, 9:28 AM

Change 414630 had a related patch set uploaded (by Gilles; owner: Gilles):
[mediawiki/vagrant@master] Add new Thumbor config keys for private swift user

https://gerrit.wikimedia.org/r/414630

gerritbot added a comment.Feb 26 2018, 9:31 AM

Change 414631 had a related patch set uploaded (by Gilles; owner: Gilles):
[operations/puppet@production] Add Thumbor private container user configuration keys

https://gerrit.wikimedia.org/r/414631

Gilles added a revision: Restricted Differential Revision.Feb 26 2018, 10:10 AM
Gilles moved this task from Inbox, needs triage to Doing (old) on the Performance-Team board.Feb 26 2018, 9:13 PM
gerritbot added a comment.Feb 27 2018, 8:26 AM

Change 414965 had a related patch set uploaded (by Gilles; owner: Gilles):
[operations/mediawiki-config@master] Set up separate Thumbor Swift user for private containers

https://gerrit.wikimedia.org/r/414965

Gilles added a commit: rTHMBREXT798a6782a4b1: Add extra swift user for private containers.Feb 27 2018, 1:54 PM
gerritbot added a comment.Feb 27 2018, 1:56 PM

Change 415006 had a related patch set uploaded (by Gilles; owner: Gilles):
[operations/debs/python-thumbor-wikimedia@master] Upgrade to 1.15

https://gerrit.wikimedia.org/r/415006

Gilles added a commit: rTHMBREXT533a40fe206b: Version bump.Feb 27 2018, 2:00 PM
gerritbot added a comment.Feb 27 2018, 2:56 PM

Change 414965 merged by jenkins-bot:
[operations/mediawiki-config@master] Set up separate Thumbor Swift user for private containers

https://gerrit.wikimedia.org/r/414965

Stashbot added a comment.Feb 27 2018, 3:00 PM

Mentioned in SAL (#wikimedia-operations) [2018-02-27T15:00:02Z] <gilles@tin> Synchronized wmf-config/filebackend.php: Thumbor private wiki support deployment: [[gerrit:414965| (T187822)]] (duration: 00m 56s)

Stashbot added a comment.Feb 27 2018, 3:02 PM

Mentioned in SAL (#wikimedia-operations) [2018-02-27T15:02:19Z] <gilles@tin> Synchronized private/PrivateSettings.php.example: Thumbor private wiki support deployment: [[gerrit:414965| Set up separate Thumbor Swit user for private containers (T187822)]] (duration: 00m 55s)

gerritbot added a comment.Feb 28 2018, 9:58 AM

Change 415006 merged by Filippo Giunchedi:
[operations/debs/python-thumbor-wikimedia@master] Upgrade to 1.15

https://gerrit.wikimedia.org/r/415006

Stashbot added a comment.Feb 28 2018, 10:59 AM

Mentioned in SAL (#wikimedia-operations) [2018-02-28T10:59:53Z] <godog> upload python-thumbor-wikimedia 1.15 - T187822 T187350

Stashbot mentioned this in T187350: Add thumbor and thumbor-plugins versions to log entries/errors.Feb 28 2018, 10:59 AM
gerritbot added a comment.Feb 28 2018, 11:43 AM

Change 415263 had a related patch set uploaded (by Filippo Giunchedi; owner: Filippo Giunchedi):
[operations/puppet@production] hieradata: add private wikis thumbor swift user

https://gerrit.wikimedia.org/r/415263

gerritbot added a comment.Feb 28 2018, 6:19 PM

Change 414629 merged by jenkins-bot:
[mediawiki/core@master] Separate additional swift users for public and private

https://gerrit.wikimedia.org/r/414629

gerritbot added a comment.Mar 5 2018, 9:27 AM

Change 415263 merged by Filippo Giunchedi:
[operations/puppet@production] hieradata: add private wikis thumbor swift user

https://gerrit.wikimedia.org/r/415263

gerritbot added a comment.Mar 5 2018, 9:42 AM

Change 416403 had a related patch set uploaded (by Filippo Giunchedi; owner: Filippo Giunchedi):
[operations/puppet@production] hieradata: rename thumbor-private user

https://gerrit.wikimedia.org/r/416403

gerritbot added a comment.Mar 5 2018, 9:44 AM

Change 416403 merged by Filippo Giunchedi:
[operations/puppet@production] hieradata: rename thumbor-private user

https://gerrit.wikimedia.org/r/416403

ReleaseTaggerBot added a project: MW-1.31-release-notes (WMF-deploy-2018-03-06 (1.31.0-wmf.24)).Mar 6 2018, 11:01 AM
Stashbot added a comment.Mar 12 2018, 3:28 PM

Mentioned in SAL (#wikimedia-operations) [2018-03-12T15:28:22Z] <gilles@tin> Synchronized private/PrivateSettings.php.example: Thumbor private wiki support deployment: [[gerrit:414631| Set up separate Thumbor Swift user for private containers (T187822)]] (duration: 00m 54s)

Gilles moved this task from Backlog to Doing on the Thumbor board.Mar 14 2018, 10:23 AM
gerritbot added a comment.Mar 15 2018, 8:42 AM

Change 414631 merged by Filippo Giunchedi:
[operations/puppet@production] Add Thumbor private container user configuration keys

https://gerrit.wikimedia.org/r/414631

Gilles closed this task as Resolved.Mar 15 2018, 8:53 AM
gerritbot added a comment.Nov 27 2018, 2:35 PM

Change 414630 abandoned by Gilles:
Add new Thumbor config keys for private swift user

Reason:
Seems like it was a dupe of some kind, or I subsequently included those changes in another commit

https://gerrit.wikimedia.org/r/414630

fgiunchedi mentioned this in T292322: Support large files in Shellbox.Oct 6 2021, 12:28 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits