Page MenuHomePhabricator
Create Task
Maniphest T245205

Security Readiness Review For The Security Design of Toolforge Kubernetes
Closed, DeclinedPublic
Actions

Description

Project Information

  • Name of tool/project: Toolforge Kubernetes Security Design and Controls
  • Project home page: https://tools.wmflabs.org/admin/
  • Name of team requesting review: Wikimedia Cloud Services
  • Primary contact: Brooke Storm
  • Target date for deployment: It's deployed and has been for years, but we just redesigned it. The redesigned one is also already deployed, but only for a month or so. This is for reviewing the security design before it is completely published. All puppet code, controller code and even the RBAC and pod security policy design is publicly published, really.
  • Link to code repository / patchset: https://docs.google.com/document/d/1QNbkrzE8M1HN7LR1ySN_MBjgVJhgyAN6nO_JJFCFTB0/edit# (links to the wikitech published parts are in there).

Description of the tool/project:
Toolforge is a platform-as-a-service aimed at the simplified deployment and maintenance of web tools, bots and cron jobs that are managed by their respective owners for the benefit of the Wikimedia movement. This portion of Toolforge, the Kubernetes cluster, is the primary execution layer for web services and is the focus for future service development.

Description of how the tool will be used at WMF:
It is used quite a lot already. Tools are written and deployed by community members (internal and external to the Foundation) to do everything from running IRC bots to batch editing Wikidata and tracking vandalism. Some 30%-40% of all wiki edits come from the Cloud Services IP range, and it is likely safe to say that a large proportion of that comes from Toolforge. Users range from members of the WMCS team itself to individuals online that we have never met who are approved through a cursory vetting process of asking if they have Wikimedia-related work in mind. For that reason, good controls are important.

Dependencies

Please see the linked document. There are many.

Has this project been reviewed before?

Not outside the WMCS team.

Working test environment

There is toolsbeta, which has no link, unfortunately. The cluster has a control-plane of three nodes named toolsbeta-test-k8s-control-[123].

Post-deployment

Wikimedia Cloud Services is and will be responsible for this service for the foreseeable future.

Event Timeline

Bstorm created this task.Feb 13 2020, 9:09 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 13 2020, 9:09 PM
chasemp subscribed.Feb 18 2020, 9:52 PM

Our meeting was async due to illnesses and such with no new business. But, this somewhere in the canals of our minds. Thanks for all the detail. Really :)

chasemp triaged this task as High priority.EditedFeb 19 2020, 4:53 PM
chasemp moved this task from Incoming to Back Orders on the Application Security Reviews board.

Discussed in Security-Team meeting. We don't have cycles for this week and probably not next, within the next few or maybe as a Q4 initiative. Our believe is this is already deployed and this is a post-hoc review in which case the scheduling isn't in the critical path of other work.

chasemp added a project: Toolforge.Feb 25 2020, 6:17 PM
chasemp lowered the priority of this task from High to Medium.Mar 3 2020, 6:04 PM
chasemp edited projects, added Security-Team-Services; removed Application Security Reviews.Mar 10 2020, 5:12 PM
chasemp edited projects, added Application Security Reviews; removed Security-Team-Services.Mar 10 2020, 8:41 PM
Restricted Application added a project: secscrum. · View Herald TranscriptMar 10 2020, 8:41 PM
chasemp updated the task description. (Show Details)Mar 10 2020, 8:42 PM
chasemp moved this task from Incoming to Back Orders on the secscrum board.
Krenair subscribed.Mar 10 2020, 9:01 PM

@Aklapper: Hi, I noticed you did https://phabricator.wikimedia.org/transactions/editengine/maniphest.task/view/79/#1764 (thanks!) but this task is still visible to 'All Users' instead of Public.

Aklapper changed the visibility from "All Users" to "Public (No Login Required)".Mar 11 2020, 8:29 AM
sbassett lowered the priority of this task from Medium to Low.Aug 27 2020, 7:34 PM
sbassett lowered the priority of this task from Low to Lowest.Sep 2 2020, 4:20 PM
sbassett changed the task status from Open to Stalled.Jul 1 2021, 6:26 PM
sbassett added subscribers: Jcross, JBennett, sbassett.

Given that @chasemp was set to work on this review and that the Security-Team has not hired, resourced or trained up anyone to bridge the knowledge/expertise gap since his departure, this review would likely be an excellent candidate to be outsourced to an approved vendor. I will plan to discuss this with @JBennett and @Jcross to see what, if any options, are available at this time.

sbassett moved this task from Back Orders to Upcoming Quarter Planning Queue on the secscrum board.Oct 5 2021, 5:41 PM
sbassett moved this task from Upcoming Quarter Planning Queue to Back Orders on the secscrum board.Dec 21 2021, 3:43 PM
Mstyles closed this task as Declined.Mar 16 2022, 11:45 PM
Mstyles moved this task from Back Orders to Our Part Is Done on the secscrum board.
Mstyles added subscribers: nskaggs, Andrew, Mstyles.

Declining this after discussion with @nskaggs @Andrew as the project is already in production and we will be doing some penetration tests in this area.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL