Page MenuHomePhabricator
Create Task
Maniphest T209901

WMF Audiences engineers and analysts missing from `wmf` LDAP group
Closed, ResolvedPublic
Actions

Description

After a question, I've done a quick manual check of the 60 people in Audiences with the word "Engineer" or "Analyst" in their job title (thanks to SREers that helped), and found six people who don't seem to be in the group:

PersonPhab accountTeamuid
Alex Ezell@aezellCommunity Techaezell
Joe Walsh@JoeWalshiOSjoewalsh
Marielle Volz@MvolzEditingmvolz
Natalia Harateh@NHarateh_WMFiOSnharateh
Petar Petković@Petar.petkovicLanguagepetarpetkovic
Runa Bhattacharjee@ArrbeeLanguagearrbee

This should probably be fixed. Pinged people, please confirm. :-) Also: I probably missed some people who weren't in my original list; I didn't check for Technology people; I didn't audit the current list.

Details

SubjectRepoBranchLines +/-
admin: Add Mvolz to ldap-only usersoperations/puppetproduction+4 -0
Customize query in gerrit

Related Objects

Event Timeline

Jdforrester-WMF created this task.Nov 20 2018, 1:20 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 20 2018, 1:20 AM
RobH claimed this task.Nov 20 2018, 1:23 AM
Mvolz added a comment.Nov 20 2018, 5:23 AM

I assume this is why I can't log into grafana - ran into it a few months
ago but couldn't figure out why I didn't have access and never followed up.
If I could be added that'd be great.

jcrespo claimed this task.Nov 26 2018, 1:48 PM
jcrespo added subscribers: RobH, jcrespo.

I will definitely add anyone that justifies its need to it, starting with @Mvolz ASAP.

I think it is fair to ask for personal confirmation by posting a comment here. The policy says they need to request it as "not everybody needs it".

For the rest, @JoeWalsh @Mvolz @NHarateh_WMF @Petar.petkovic @Arrbee please, comment here yourselves requesting it with a simple one line justification and I will add you with no issue. To understand what it provides, please read https://wikitech.wikimedia.org/wiki/LDAP/Groups#Specific_groups We can close this after a month from now (e.g. 2 January) and for those that didn't request it you can always do it at a later time on a separate ticket .

jcrespo triaged this task as Medium priority.Nov 26 2018, 1:51 PM
gerritbot subscribed.Nov 27 2018, 11:43 AM

Change 475995 had a related patch set uploaded (by Jcrespo; owner: Jcrespo):
[operations/puppet@production] admin: Add Mvolz to ldap-only users

https://gerrit.wikimedia.org/r/475995

gerritbot added a project: Patch-For-Review.Nov 27 2018, 11:43 AM
gerritbot added a comment.Nov 27 2018, 12:04 PM

Change 475995 merged by Jcrespo:
[operations/puppet@production] admin: Add Mvolz to ldap-only users

https://gerrit.wikimedia.org/r/475995

jcrespo added a comment.Nov 27 2018, 12:14 PM

@Mvolz you have been added to the wmf group, please verify you can now log in into Grafana: https://grafana.wikimedia.org/login?redirect=%2F

Mvolz added a comment.Nov 27 2018, 6:18 PM
In T209901#4777257, @jcrespo wrote:

@Mvolz you have been added to the wmf group, please verify you can now log in into Grafana: https://grafana.wikimedia.org/login?redirect=%2F

Thanks, I confirmed that I can log in now.

jcrespo removed jcrespo as the assignee of this task.Nov 27 2018, 6:49 PM

Please the rest, as mentioned at T209901#4773777 feel free to request access if needed. I will leave this task open until 2 January to attend those, you can create a new ticket after that anyway.

jijiki subscribed.Dec 3 2018, 12:21 PM

@Jdforrester-WMF since this task is visible on the ops clinic board, is it ok if we mark this as "Resolved" and let whoever needs access to create a new task as @jcrespo suggested?

Jdforrester-WMF added a comment.Dec 3 2018, 6:37 PM
In T209901#4793822, @jijiki wrote:

@Jdforrester-WMF since this task is visible on the ops clinic board, is it ok if we mark this as "Resolved" and let whoever needs access to create a new task as @jcrespo suggested?

Not really. Access to these services is part of the day job of the individuals I mentioned. Making people jump through hoops is decidedly not helpful.

MoritzMuehlenhoff subscribed.Dec 7 2018, 11:15 AM
In T209901#4795036, @Jdforrester-WMF wrote:
In T209901#4793822, @jijiki wrote:

@Jdforrester-WMF since this task is visible on the ops clinic board, is it ok if we mark this as "Resolved" and let whoever needs access to create a new task as @jcrespo suggested?

Not really. Access to these services is part of the day job of the individuals I mentioned. Making people jump through hoops is decidedly not helpful.

We're not doing this to make people jump through hoops, we're just following our standard workflow, as listed https://wikitech.wikimedia.org/wiki/LDAP/Groups and https://phabricator.wikimedia.org/project/profile/1564/:

  • one access request task per person (to make them quickly actionable and not tie multiple processes together) as those are reviewed on an ongoing basis by the "SRE clinic duty"
  • to get confirmation that it works for the users and to comfirm the correct UID/username (in particular for users who also have shell access)

Going forward a similar task should be opened for new hires as well.

Dzahn subscribed.Dec 11 2018, 12:32 AM

I don't think it's unreasonable to ask for a quick "i need this for ..". Access requests should be based on a real need. It's not just an oversight in an onboarding process. They require real code changes too. We are more than happy to add people based on individual need, also with high priority. But in this form as a blanket addition based on job role i'm afraid we have to decline it.

herron closed this task as Resolved.Jan 4 2019, 3:18 PM
herron claimed this task.
herron subscribed.

Closing this since it has been idle for a month. If any of the remaining users do wish to proceed with access requests please follow-up with individual subtasks as outlined in T209901#4805591.

Petar.petkovic removed a project: Patch-For-Review.Jan 5 2019, 6:21 PM
Petar.petkovic removed a subscriber: gerritbot.
Jdforrester-WMF added a comment.Feb 8 2019, 12:28 AM
In T209901#4805591, @MoritzMuehlenhoff wrote:

we're just following our standard workflow, as listed https://wikitech.wikimedia.org/wiki/LDAP/Groups and https://phabricator.wikimedia.org/project/profile/1564/:

  • one access request task per person (to make them quickly actionable and not tie multiple processes together) as those are reviewed on an ongoing basis by the "SRE clinic duty"

Aha, sorry, didn't know that. Will open follow-up tasks.

Jdforrester-WMF mentioned this in T215572: Please add Alex Ezell to the `wmf` LDAP group.Feb 8 2019, 12:31 AM
Jdforrester-WMF mentioned this in T215573: Please add Joe Walsh to the `wmf` LDAP group.
Jdforrester-WMF mentioned this in T215574: Please add Natalia Harateh to the `wmf` LDAP group.Feb 8 2019, 12:33 AM
Jdforrester-WMF mentioned this in T215575: Please add Petar Petković to the `wmf` LDAP group.
Jdforrester-WMF mentioned this in T215576: Please add Runa Bhattacharjee to the `wmf` LDAP group.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL