Page MenuHomePhabricator

Grant Access to Logstash for SimoneThisDot
Closed, ResolvedPublic

Description

  • The username of your existing account on wikitech.wikimedia.org: SimoneThisDot
  • Do you currently have shell access (Yes/No)? No
  • Purpose (Specify which service you need to get access to, e.g. Icinga, Grafana, Superset etc): Logstash (To support Structure Data - MediaSearch)
  • The specific LDAP group that you want to be added to (optional):

For contractors only:

  • Contract end date: 30/06/2022
  • Contract contact person: Adam Baso

Event Timeline

Hi, Adam, can you formaly confirm the signed contractual relationship with WMF @dr0ptp4kt, sadly contractors don't appear on namely or ldap-crop, so we have to ask the manager.

When done, we will add SimoneThisDot to the wmf group, with includes logstash access.

jcrespo triaged this task as High priority.
jcrespo added a subscriber: jcrespo.

User account "SimoneThisDot" is not registered. on wikitech, I am assuming you mean the one on your Phab profile: "Simone Cuomo" :-)

@jcrespo Yes, confirmed on the contract with This Dot (Simone is a This Dot consultant working on WMF projects).

jcrespo moved this task from Backlog to Acknowledged on the SRE board.

Change 715204 had a related patch set uploaded (by Jcrespo; author: Jcrespo):

[operations/puppet@production] admin: Add SimoneThisDot to the list of ldap-only-users (wmf)

https://gerrit.wikimedia.org/r/715204

Change 715204 merged by Jcrespo:

[operations/puppet@production] admin: Add SimoneThisDot to the list of ldap-only-users (wmf)

https://gerrit.wikimedia.org/r/715204

The grants have been deployed, https://ldap.toolforge.org/user/simone-this-dot @SimoneThisDot you should have now acceess to logstash, please test it and reopen if you see any issue with access.

@SimoneThisDot by any chance, do you have a @wikimedia.org email that was provided to you? An alert has been fired about this access on production, and we would like to know if maybe an address was created but not used or it wasn't processed, as apparently it is typical to create an alias for contractors. CC @dr0ptp4kt.

@jcrespo we have not allocated a wikimedia.org email address. Is that required? If so, I'll ask ITS to provision one. I'm out the rest of the day, heads up.

I was asked by SRE Infrastructure Foundations to ask you this, as a production alert has gone off because of this.

cc @Muehlenhoff and @jbond for input on what the correct action is here, namely to either add the @wikimedia.org email or tweak cross-validate-accounts to account for this condition (I think, there might be other solutions I'm missing)

@fgiunchedi as they don't have a wikimedia.org email we should move them out of the WMF group and add them to the NDA group. As the yare a contractor they should have an NDA (cc: @KFrancis to in case that's not the case) and both the nda and wmf groups give similar permissions so this shouldn't cause any observable difference to @SimoneThisDot

Mentioned in SAL (#wikimedia-operations) [2021-09-01T14:04:34Z] <godog> move simone-this-dot from wmf to nda ldap group - T289783

@fgiunchedi as they don't have a wikimedia.org email we should move them out of the WMF group and add them to the NDA group. As the yare a contractor they should have an NDA (cc: @KFrancis to in case that's not the case) and both the nda and wmf groups give similar permissions so this shouldn't cause any observable difference to @SimoneThisDot

Good point, I did the move just now, thank you !

@fgiunchedi @dr0ptp4kt I have not been able to find Simone Cuomo on our current contractors list or under their name in Coupa. Is Simone working as a consultant under a business entity?

@KFrancis I believe your understanding is correct, as per this comment:

@jcrespo Yes, confirmed on the contract with This Dot (Simone is a This Dot consultant working on WMF projects).

@jcrespo Hi all, I am confirming Simone does not need a separate NDA. Please proceed with any needed access request. Thanks!

fgiunchedi closed this task as Resolved.EditedSep 2 2021, 3:00 PM

I believe this task can be resolved (user is in nda group)! Feel free to reopen if sth is amiss