As discussed in the parent RFC, we want to move the code that executes posted job from a tacky /rpc/RunSingleJob.php script located in mediawiki-config repo to a REST endpoint.
The RFC T175146 suggests a special page as a solution, but it was proposed before MW core had REST capabilities, and really a REST endpoint is what we need.
The endpoint will be protected from arbitrary code execution by signing events with MW secret key and verifying the signature.
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Resolved | • Pchelolo | T157088 [EPIC] Develop a JobQueue backend based on EventBus | |||
| Open | None | T175146 JobQueue: Unify JobRunner entry points | |||
| Resolved | • Clarakosi | T244826 Create rest endpoint for executing jobs instead of /rpc/RunSingleJob | |||
| Resolved | • Pchelolo | T244770 Enable RunSingleJobHandler endpoint on Job Runner Cluster | |||
| Resolved | • Clarakosi | T244828 Investigate alternatives to MEDIAWIKI_JOB_RUNNER global | |||
| Open | None | T247128 Remove usage of MEDIAWIKI_JOB_RUNNER from Translate extension | |||
| Resolved | EBernhardson | T247129 Remove usage of MEDIAWIKI_JOB_RUNNER from CirrusSearch extension | |||
| Resolved | Krinkle | T247130 Remove usage of MEDIAWIKI_JOB_RUNNER from WikimediaEvents extension | |||
| Resolved | • Pchelolo | T246156 Convert JobRunner into a service class | |||
| Resolved | Umherirrender | T246369 JobRunner - clean up deprecations |
Change 571816 had a related patch set uploaded (by Clarakosi; owner: Clarakosi):
[mediawiki/extensions/EventBus@master] REST endpoint for executing jobs
Question: wouldn't it be better if we just had a configuration swtich that either allows or disallows access to this endpoint (set to false by default)?
In general, I'd expect it to be more straighforward to implement and it prevents casual users to leave the door open to job execution from the internet if they happen to leak their configuration.
Question: wouldn't it be better if we just had a configuration swtich that either allows or disallows access to this endpoint (set to false by default)?
Yeah, that's the plan. See T244770 where I'm even wondering whether it's possible to only turn it on on the JobRunner cluster of MW.
Summary from T175146#5882126:
As of Feb 2020, the following are at play:
- MediaWiki core: Special:RunJobs (default for MW)
- Protected at run-time by HMAC/SHA1
- MediaWiki-EventBus extension: Special:RunSingleJob (unused?)
- Protected at run-time by JWT/sha256
- WMF: rpc/RunJobs.php (unused?)
- Protected at run-time by REMOTE_ADDR check (localhost-only).
- Protected structurally as it is only exposed on a non-public pool of app servers.
- WMF: rpc/RunSingleJob.php
- Not protected at run-time.
- Protected structurally as it is only exposed on a non-public pool of app servers.
Change 575316 had a related patch set uploaded (by Clarakosi; owner: Clarakosi):
[integration/config@master] Enable api-testing in EventBus
Change 575316 merged by jenkins-bot:
[integration/config@master] Enable api-testing in EventBus
Change 571816 merged by jenkins-bot:
[mediawiki/extensions/EventBus@master] REST endpoint for executing jobs
Change 575334 had a related patch set uploaded (by Ppchelko; owner: Ppchelko):
[mediawiki/extensions/EventBus@master] REST Api-Testing: Fix job definition to awoid PHP warnings.
Change 575334 merged by jenkins-bot:
[mediawiki/extensions/EventBus@master] REST Api-Testing: Fix job definition to avoid PHP warnings