Shell access: Yes
Purpose: I'd like to access Superset for my work as a Product Manager at WMF
Group: (The specific group you want to be added to - optional).
as far as I know for Superset access only the shell access is not required
Oh, sure, it wasn't clear to me if the 'shell access' question was about whether I already had a shell account or needed access :)
Looks like you already have an account on wikitech (Samwalton), so I've given that account membership in the wmf group. You should have Superset access with it now.
(I don't believe @Nuria's signoff is necessary for access, rather simply that she receive a notification of new users.)
Ah, sorry, I hadn't realized you had multiple wikitech accounts. There's also a Samwalton (not samwalton) on wikitech. The uppercased one is the one I added to the wmf group (since that's the one I found using your WMF email address as the key).
Make sure you can log into wikitech using Samwalton, and then those same credentials should work for superset (just note the capitalization in the username).
Do you want to retain both wikitech accounts? (I've also asked around some other SREs if we have any usual policies here.)
For reference, here's the set of groups and permissions and other data about each wikitech account:
Oh, yep, the fun that comes with the overlaps of your volunteer and staff accounts :)
samwalton9 is the ideal account to have set here, since that's the login I use for Horizon. Is that OK?
That makes sense, I'll use my staff account then.
I'm a little confused about that, though, since I can't find any Wikitech login details for my staff account. https://tools.wmflabs.org/ldap/user/samwalton implies I should have a User:Samwalton at Wikitech, but that account (https://wikitech.wikimedia.org/wiki/User:Samwalton) doesn't exist. I tried resetting the password on it but received nothing.
This looks like a legit bug. The user samwalton is definitely in LDAP ( using ldapsearch on mwmaint1002) and it's even listed as member of various toolforge groups and project-bastion. It should not be possible to be the case while the user is also "not registered" on Wikitech. Adding @bd808
This has been possible for nearly four years. T144710: Create Wikitech/LDAP accounts via a new user friendly guided workflow added the ability to create new Wikimedia Developer accounts via Striker. Striker asks Wikitech to help validate some bits (TitleBlacklist, etc), but then creates the account directly in the LDAP directory. MediaWiki's MediaWiki-extensions-LdapAuthentication integration does not poll LDAP for accounts. Instead local MediaWiki accounts are created ad hoc when an authentication check against LDAP succeeds and no matching local user is found. There are actually numerically many Developer accounts in LDAP which are not local users on Wikitech.
One related thing to this that should be documented somewhere is the attachLdapUser.php maintenance script which lives in MediaWiki-extensions-OpenStackManager. This script can be used to force creation of a local Wikitech user account for any Developer account in the LDAP directory that does not have one. It was invented as a bandaid for T174469: LDAP account that is not attached on wikitech has no means for password reset so that a user who has lost their password can use Special:PasswordReset to get a new one even if they had not previously attached their account to Wikitech by logging in.