Page MenuHomePhabricator
Create Task
Maniphest T188406

Provide access to user created databases in PAWS
Open, LowestPublic
Actions

Description

What the title says :)

We do have access to "standart" databases in PAWS, but AFAIK not to user created ones. It would be very, very nice to have access to them.

If it's already possible, then please give some example

Related Objects
Search...

StatusSubtypeAssignedTask
 OpenNoneT188406 Provide access to user created databases in PAWS
 ResolvedAndrewT212595 [Feature request] Database as a Service (Trove) for Cloud VPS projects
 ResolvedAndrewT276956 Make a plan for Trove v. rabbit
 ResolvedAndrewT276960 Questions about Trove guest images
 ResolvedtaaviT276961 Support Openstack Swift APIs via the radosgw
 ResolvedJhancock.wmT289882 Q1:(Need By: TBD) rack/setup/install cloudswift100[12]
 ResolvedAndrewT347927 Better swift error messages for projects with invalid chars
 ResolvedAndrewT348885 Horizon Object Storage UI should not display for readers
 ResolvedaborreroT278505 Prepare/import debian packages for openstack trove
 ResolvedaborreroT280310 communication on port 5672 (amqp) between guest instances and cloudcontrols
 ResolvedaborreroT280835 Wrong version of Trove (13) in Victoria osbpo
 ResolvedAndrewT281654 Trove-dashboard: web app crashes when a db instance is deleted.
 ResolvedAndrewT281655 Investigate, adjust default access policies for Trove and trove-dashboard
 ResolvedAndrewT282798 Trove: don't permit hard affinity within DB clusters
 ResolvedAndrewT282809 Allow access to Trove API endpoints (port 8779) from cloud-vps instances
 ResolvedAndrewT283299 Add postgresql datastore to Trove
 ResolvedAndrewT286720 trove: Unable to manage databases on mariadb 10.6.1
 Resolved BstormT290349 Trove configurations aren't working
 OpenAndrewT349651 Support Trove + Swift integration
 OpenAndrewT355721 Fix 'openstack database instance rebuild'
 OpenAndrewT356291 Improve trove backup/restore

Event Timeline

Edgars2007 created this task.Feb 27 2018, 5:03 PM
Chicocvenancio changed the task status from Open to Stalled.Feb 27 2018, 7:25 PM
Chicocvenancio triaged this task as High priority.
Chicocvenancio subscribed.

Indeed this is not possible at the moment. I have some idea of how to do this but I will leave this stalled until T188428 is done to prevent breaking existing use cases.

Chicocvenancio moved this task from Backlog to MVP (Most Valuable PAWS) on the PAWS board.Mar 2 2018, 12:26 AM
Chicocvenancio claimed this task.Mar 8 2018, 6:53 PM
bd808 subscribed.Mar 8 2018, 7:00 PM

Each PAWS user does not get an individual database credential pair, so the only access that really could be given in the current setup is read-only access to public user databases. Otherwise all PAWS sessions would be able to see and modify each others databases in the toolsdb server due to the shared credential setup that is used.

Edgars2007 added a comment.Mar 12 2018, 12:28 PM
In T188406#4036083, @bd808 wrote:

Each PAWS user does not get an individual database credential pair, so the only access that really could be given in the current setup is read-only access to public user databases.

Yes, sure. I was talking about simple read-only.

Chicocvenancio lowered the priority of this task from High to Lowest.Jun 10 2018, 12:11 AM
Aklapper changed the task status from Stalled to Open.May 19 2020, 1:12 PM
Aklapper subscribed.

T188428 is done hence resetting task status from stalled to open.

Aklapper removed Chicocvenancio as the assignee of this task.Jun 19 2020, 4:30 PM

This task has been assigned to the same task owner for more than two years. Resetting task assignee due to inactivity, to decrease task cookie-licking and to get a slightly more realistic overview of plans. Please feel free to assign this task to yourself again if you still realistically work or plan to work on this task - it would be welcome!

For tips how to manage individual work in Phabricator (noisy notifications, lists of task, etc.), see https://phabricator.wikimedia.org/T228575#6237124 for available options.
(For the records, two emails were sent to assignee addresses before resetting assignees. See T228575 for more info and for potential feedback. Thanks!)

Bstorm subscribed.Aug 7 2020, 7:29 PM

This ultimately has the same issue as T226110

Bstorm added a parent task: T212595: [Feature request] Database as a Service (Trove) for Cloud VPS projects.Oct 9 2020, 4:09 PM
Bstorm removed a parent task: T212595: [Feature request] Database as a Service (Trove) for Cloud VPS projects.
Bstorm added a subtask: T212595: [Feature request] Database as a Service (Trove) for Cloud VPS projects.
Bstorm added a comment.Oct 19 2020, 10:59 PM

Looking back at this, there is another piece to it: When I merge in the changes to the db proxy, it may be possible to add a redirect to toolsdb as another step.

Bstorm added a comment.May 21 2021, 12:16 AM

Strike my last comment. The dbproxy is now deprecated. Oops.

bd808 added a comment.May 21 2021, 3:09 AM
In T188406#7102143, @Bstorm wrote:

Strike my last comment. The dbproxy is now deprecated. Oops.

There are per-account db creds now however. I don't think it would be a good idea to grant write access to ToolsDB from PAWS, but another round of changes to maintain-dbusers could create r/o creds in ToolsDB for them. That would probably look nicer in the db and the code if those used role based grants rather than the legacy grant system used for r/w ToolsDB users. Am I missing a gotcha in that?

nskaggs moved this task from MVP (Most Valuable PAWS) to Planning on the PAWS board.Aug 3 2021, 2:22 PM
Andrew closed subtask T212595: [Feature request] Database as a Service (Trove) for Cloud VPS projects as Resolved.Aug 24 2021, 9:30 PM
rook subscribed.Oct 14 2022, 9:02 AM

Have there been any changes to the user created DBs to allow for read only access from things like PAWS?

bd808 added a comment.Oct 14 2022, 4:58 PM
In T188406#8316249, @rook wrote:

Have there been any changes to the user created DBs to allow for read only access from things like PAWS?

I believe my comment from May 2021 (T188406#7102341) is still true. The current maintain-dbusers.py script which provisions the accounts contains these lines in its create_accounts function (lines 614-616):

if paws_account_re.match(username) and grant_type == "legacy":
    # Skip toolsdb account creation for PAWS
    continue
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL