Change 486843 had a related patch set uploaded (by Rxy; owner: Rxy):
[operations/mediawiki-config@master] Enable CheckUser at Beta Cluster

https://gerrit.wikimedia.org/r/486843

Checkuser is purposely disabled on beta due to privacy reasons, see T175197#3587005 and T104883#1431147

if needed, I can disabled for using checkuser for non specified users.
Your pointed tasks are both is targeted to antispam. but this task is not so. I need a testing for Global CheckUser function before directly deploying to production.

Also I can view the User IP address, User Agent , and salted hash password via accessing from ssh.

Yeah but to SSH in you would've had to agree to the labs TOU at some point. I don't think that's needed to hold on-wiki flags.

In T214820#4914357, @Krenair wrote:

Yeah but to SSH in you would've had to agree to the labs TOU at some point. I don't think that's needed to hold on-wiki flags.

sure. Ok, I'm now added setting for use CheckUser tool restriction.

Krenair is correct, and I also think that enabling CU on Beta is not a great strategy.

There may be other reasons that I am not aware of, but the main reason behind this request is perhaps to have a test platform with some diverse CU data. That, indeed, signifies how poorly the CU code is right now, in terms of unit tests, as well as the need for a maintenance-type script that could populate fake CU data on a test wiki. Instead of working around these, I think the right solution is to augment the code and make it easier for you and future developers to have the ability to test CU without needing to collect real-world data on a test wiki.

While I trust @Rxy in this case, as @Huji brings up in the future something else like populating fake CU data would be ideal. Perhaps for this one time, we can allow it, but then we should make an effort in finding another way for the future.

In T214820#4914419, @Huji wrote:

Krenair is correct, and I also think that enabling CU on Beta is not a great strategy.

There may be other reasons that I am not aware of, but the main reason behind this request is perhaps to have a test platform with some diverse CU data. That, indeed, signifies how poorly the CU code is right now, in terms of unit tests, as well as the need for a maintenance-type script that could populate fake CU data on a test wiki. Instead of working around these, I think the right solution is to augment the code and make it easier for you and future developers to have the ability to test CU without needing to collect real-world data on a test wiki.

Thanks for comment. yeah, we need that. but for now, that solution is not exist and I need a testing in beta site before deploying production.

In my plan, Global CheckUser tool is depends to CentralAuth for finding local user account. WMF setting is not reproducible for easily. I have CentralAuth installed wikis cluster in my development environment, but not complitely reproduce for WMF settings.

On one hand, this is a project management question. Do we want to make an exception (as @Zppix suggested and @Rxy desires), and let this get to the production faster, or do we want to use this bottleneck and require @Rxy to solve this issue (of inability to test CU code easily) once and for all.

I think this issue is chronic enough, and finding an interested and capable programmer (like Rxy) to work on CheckUser is rare enough, that we should not lose the opportunity to solve the testing issue. If we let this one pass by as an exception, it will probably take years until another interest user is stuck in this situation and would realize the importance of creating a script to generate fake data.

On the other hand, it is a privacy consideration. I personally think "we need test data" is not a legitimate use for someone to be given sensitive permissions, as trustworthy as they might be.

@Rxy are you looking for test data to use while testing, or just an environment to test it on?

For the former, could we manufacture test data. We already have makeTestEdits.php, we could modify it to use random IP/XFF info. For the latter, we can set up a cloud VPS project with multiple wikis instead of relying on beta cluster. It wouldn't be identical, but we could install enough extensions to make it close enough for testing purposes. Would that meet your needs?

In T214820#4915381, @Legoktm wrote:

@Rxy are you looking for test data to use while testing, or just an environment to test it on?

For the former, could we manufacture test data. We already have makeTestEdits.php, we could modify it to use random IP/XFF info. For the latter, we can set up a cloud VPS project with multiple wikis instead of relying on beta cluster. It wouldn't be identical, but we could install enough extensions to make it close enough for testing purposes. Would that meet your needs?

I need the latter, Similar or close settings with WMF production environment.

Can this be closed as declined since T215072: Request creation of globalcu VPS project was done?

Change 486843 abandoned by Rxy:
[operations/mediawiki-config@master] Enable CheckUser at Beta Cluster

Reason:

https://gerrit.wikimedia.org/r/486843