For contractors only:
| Project | Branch | Lines +/- | Subject | |
|---|---|---|---|---|
| operations/puppet | production | +6 -0 | admin: Add SimoneThisDot to the list of ldap-only-users (wmf) |
Hi, Adam, can you formaly confirm the signed contractual relationship with WMF @dr0ptp4kt, sadly contractors don't appear on namely or ldap-crop, so we have to ask the manager.
When done, we will add SimoneThisDot to the wmf group, with includes logstash access.
User account "SimoneThisDot" is not registered. on wikitech, I am assuming you mean the one on your Phab profile: "Simone Cuomo" :-)
@jcrespo Yes, confirmed on the contract with This Dot (Simone is a This Dot consultant working on WMF projects).
Change 715204 had a related patch set uploaded (by Jcrespo; author: Jcrespo):
[operations/puppet@production] admin: Add SimoneThisDot to the list of ldap-only-users (wmf)
Change 715204 merged by Jcrespo:
[operations/puppet@production] admin: Add SimoneThisDot to the list of ldap-only-users (wmf)
The grants have been deployed, https://ldap.toolforge.org/user/simone-this-dot @SimoneThisDot you should have now acceess to logstash, please test it and reopen if you see any issue with access.
@SimoneThisDot by any chance, do you have a @wikimedia.org email that was provided to you? An alert has been fired about this access on production, and we would like to know if maybe an address was created but not used or it wasn't processed, as apparently it is typical to create an alias for contractors. CC @dr0ptp4kt.
@jcrespo we have not allocated a wikimedia.org email address. Is that required? If so, I'll ask ITS to provision one. I'm out the rest of the day, heads up.
I was asked by SRE Infrastructure Foundations to ask you this, as a production alert has gone off because of this.
cc @Muehlenhoff and @jbond for input on what the correct action is here, namely to either add the @wikimedia.org email or tweak cross-validate-accounts to account for this condition (I think, there might be other solutions I'm missing)
@fgiunchedi as they don't have a wikimedia.org email we should move them out of the WMF group and add them to the NDA group. As the yare a contractor they should have an NDA (cc: @KFrancis to in case that's not the case) and both the nda and wmf groups give similar permissions so this shouldn't cause any observable difference to @SimoneThisDot
Mentioned in SAL (#wikimedia-operations) [2021-09-01T14:04:34Z] <godog> move simone-this-dot from wmf to nda ldap group - T289783
@fgiunchedi @dr0ptp4kt I have not been able to find Simone Cuomo on our current contractors list or under their name in Coupa. Is Simone working as a consultant under a business entity?
@jcrespo Hi all, I am confirming Simone does not need a separate NDA. Please proceed with any needed access request. Thanks!
I believe this task can be resolved (user is in nda group)! Feel free to reopen if sth is amiss