Requesting access to analytics-privatedata-users for Jim Maddock
Closed, ResolvedPublicRequest
Actions

Assigned To

Authored By

	jmads
	Apr 9 2020, 8:08 PM

Description

Requestor provided information and prerequisites

This section is to be completed by the individual requesting access.

Wikitech username: jmads
Preferred shell username: jmads
Email address: jmaddock-ctr@wikimedia.org
Ssh public key (must be dedicated key for wmf production): ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII7ZsgXpcVy8P3a5jyg3+hlVbxpAHFw8wuXuB0IKSWD9 klogg@Jims-MacBook-Pro-2.local
Requested group membership: analytics-privatedata-users (see also T250560: jmads requesting Kerberos password)
Reason for access: Joining Product Design as a Data Analyst
Name of approving party (hiring manager for WMF staff): @BGerdemann @MNovotny_WMF
Requestor -- Please Acknowledge that you have read and signed the L3 Wikimedia Server Access Responsibilities document: Signed
Requestor -- Please coordinate obtaining a comment of approval on this task from the approving party.

Also requesting Phabricator permissions to see WMF/NDA restricted tickets

SRE Clinic Duty Confirmation Checklist for Access Requests

This checklist should be used on all access requests to ensure that all steps are covered, including expansion to existing access. Please double check the step has been completed before checking it off.

This section is to be confirmed and completed by a member of the SRE team.

- User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
- User has a valid NDA on file with WMF legal. (This can be checked by Operations via the NDA tracking sheet & is included in all WMF Staff/Contractor hiring.)
- User has provided the following: wikitech username, preferred shell username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform)
- User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not share with any other service (this includes not sharing with WMCS access, no shared keys.)
- access request (or expansion) has sign off of WMF sponsor/manager (sponser for volunteers, manager for wmf staff)
- non-sudo requests: 3 business day wait must pass with no objections being noted on the task
- Patchset for access request

For additional details regarding access request requirements, please see https://wikitech.wikimedia.org/wiki/Requesting_shell_access

Details

	Subject	Repo	Branch	Lines +/-
	admin: re-enable Jim Maddock's account	operations/puppet	production	+9 -5
	admin: add Jim Maddock	operations/puppet	production	+11 -1

Customize query in gerrit

Related Objects

Mentioned In: T306117: Grant Access to nda for jmads
Mentioned Here: T250560: jmads requesting Kerberos password

Event Timeline

jmads created this task.Apr 9 2020, 8:08 PM

Restricted Application added a project: SRE. · View Herald TranscriptApr 9 2020, 8:08 PM

Restricted Application added a subscriber: Aklapper. · View Herald Transcript

Hi @jmads, can you please file a separate request for "WMF/NDA restricted tickets"? See WMF-NDA-Requests - thanks!

Aklapper renamed this task from Requesting access to analytics-privatedata-users and WMF/NDA restricted tickets for Jim Maddock to Requesting access to analytics-privatedata-users for Jim Maddock.Apr 10 2020, 8:52 AM

Dzahn updated the task description. (Show Details)Apr 10 2020, 9:04 AM

Hi @KFrancis Jim is a contractor and I tried to check the box "User has a valid NDA on file with WMF legal. (This can be checked by Operations via the NDA tracking sheet & is included in all WMF Staff/Contractor hiring.)" but i can't see him in the tracking sheet. Could you confirm if NDA is on file ?

Adding @Nuria for analytics private data request.

@Dzahn It looks like Jim is currently being onboarded ( please see here: https://office.wikimedia.org/wiki/Office_IT_Weekly_Meeting_Notes-_April_9,_2020 ) The NDA would be on file with T&C.

Is there anything I can do to help here?

@MNoorWMF We need the contract end date to provide access and your approval. Besides that the legal and SRE fellows need to assess NDA is been signed.

I think I was tagged by mistake. Tagging @MNovotny_WMF in case it was missed :)

Jim's contract is for 116 hours until Dec 31, 2020, whichever comes first.

@BGerdemann 116 hours seems a short period which hints that data permits will not be needed untll Dec 31st, how would we notified contract is no longer in place?

• MNoorWMF unsubscribed.Apr 10 2020, 9:17 PM

@Nuria Ruiz <nruiz@wikimedia.org> we can make a point of notifying you as
soon as the hours are used up.

ok, that sounds fine, Approved on my end.

thank you!

fgiunchedi updated the task description. (Show Details)Apr 14 2020, 8:26 AM

I'm processing this access request as part of SRE clinic duty, however I'm still unable to confirm whether there is an NDA on file (cc @RStallman-legalteam)

Also cc @KFrancis for NDA confirmation, thanks!

fgiunchedi moved this task from Untriaged to Manager/NDA Approval/Confirmation on the SRE-Access-Requests board.Apr 14 2020, 9:29 AM

In T249873#6054118, @fgiunchedi wrote:

Also cc @KFrancis for NDA confirmation, thanks!

@fgiunchedi I confirmed with T&C, an NDA for Jim Maddock is valid and on file. Cheers!

fgiunchedi updated the task description. (Show Details)Apr 15 2020, 8:03 AM

fgiunchedi updated the task description. (Show Details)Apr 15 2020, 8:10 AM

Change 588951 had a related patch set uploaded (by Filippo Giunchedi; owner: Filippo Giunchedi):
[operations/puppet@production] admin: add Jim Maddock

https://gerrit.wikimedia.org/r/588951

gerritbot added a project: Patch-For-Review.Apr 15 2020, 8:15 AM

Change 588951 merged by Filippo Giunchedi:
[operations/puppet@production] admin: add Jim Maddock

https://gerrit.wikimedia.org/r/588951

fgiunchedi updated the task description. (Show Details)Apr 15 2020, 10:09 AM

Maintenance_bot removed a project: Patch-For-Review.Apr 15 2020, 10:11 AM

@jmads shell and basic authentication (nda ldap group) access should work now, please confirm!

@fgiunchedi Contractors should be in the cn=wmf group, not cn=nda.

In T249873#6061223, @MoritzMuehlenhoff wrote:

@fgiunchedi Contractors should be in the cn=wmf group, not cn=nda.

Thank you, {{done}}

In T249873#6058417, @fgiunchedi wrote:

@jmads shell and basic authentication (nda ldap group) access should work now, please confirm!

confirmed! thanks!

fgiunchedi closed this task as Resolved.Apr 20 2020, 9:07 AM

fgiunchedi claimed this task.

re-opening this ticket to restore access to analytics-privatedata-users ldap group.

RhinosF1 removed fgiunchedi as the assignee of this task.Apr 13 2022, 5:53 PM

RhinosF1 updated the task description. (Show Details)

Restricted Application added a subscriber: RhinosF1. · View Herald TranscriptApr 13 2022, 5:53 PM

Moving back to SRE queue

In T249873#7852201, @jmads wrote:

re-opening this ticket to restore access to analytics-privatedata-users ldap group.

Is everything above still the same?

Welcome back!

RhinosF1 mentioned this in T306117: Grant Access to nda for jmads.Apr 13 2022, 5:57 PM

All info is still the same. Thanks!

Volans updated the task description. (Show Details)Apr 19 2022, 1:15 PM

Adding @BGerdemann for approval (contract side), please also provide a contract end date.
Adding @odimitrijevic for approval (analytics side).
Adding @KFrancis for confirming that there is still a valid NDA on file.

@jmads: in the meanwhile you can (re?)read https://wikitech.wikimedia.org/wiki/Analytics/Data_access#User_responsibilities

@Volans
Approved. June 30 is the contract end date. Thanks!

in the meanwhile you can (re?)read https://wikitech.wikimedia.org/wiki/Analytics/Data_access#User_responsibilities

re-read!

Hi all, as Jim Maddock is a contractor with the WMF, I am confirming the NDA. Please proceed with the access request.

Volans updated the task description. (Show Details)Apr 20 2022, 8:53 AM

Change 784637 had a related patch set uploaded (by Volans; author: Volans):

[operations/puppet@production] admin: re-enable Jim Maddock's account

https://gerrit.wikimedia.org/r/784637

gerritbot added a project: Patch-For-Review.Apr 20 2022, 9:12 AM

Volans updated the task description. (Show Details)Apr 20 2022, 9:12 AM

Change 784637 merged by Volans:

[operations/puppet@production] admin: re-enable Jim Maddock's account

https://gerrit.wikimedia.org/r/784637

@jmads the access patch has been merged, it will be deployed across the fleet within the next 30 minutes.
Feel free to close this task once verified that all is working as expected.

Volans moved this task from Untriaged to Awaiting User Input on the SRE-Access-Requests board.Apr 20 2022, 10:28 AM

Maintenance_bot removed a project: Patch-For-Review.Apr 20 2022, 10:30 AM

Boldly resolving, @jmads please reopen if something is amiss and let us know!

Requesting access to analytics-privatedata-users for Jim MaddockClosed, ResolvedPublicRequestActions