Page MenuHomePhabricator

Create top level 'cloud' group on Gitlab
Open, In Progress, MediumPublic1 Estimated Story Points

Description

We have a 'cloud' namespace on gerrit that would be good to replicate on Gitlab.

This group, if possible, would host other subgroups later on:

  • cloud/toolforge/*
  • cloud/paws/*
  • cloud/quarry/*
  • etc

Event Timeline

brennen edited projects, added GitLab (Auth & Access); removed GitLab.
brennen changed the task status from Open to Stalled.Oct 22 2021, 6:58 PM
brennen added a subscriber: brennen.

Pending some decisions about top-level group under T292094#7442275.

brennen changed the task status from Stalled to Open.Nov 10 2021, 6:39 PM
brennen set the point value for this task to 1.

I've created:

wmf-team-cloud-services currently grants ownership of /repos/cloud; @aborrero and other folks from Cloud Services who I could find existing GitLab accounts for are owners of the people group. You should be able to self-serve repository creation and group membership, but please let me know if there's anything I can help with.

I've created:

wmf-team-cloud-services currently grants ownership of /repos/cloud; @aborrero and other folks from Cloud Services who I could find existing GitLab accounts for are owners of the people group. You should be able to self-serve repository creation and group membership, but please let me know if there's anything I can help with.

What about us who have advanced access on WMCS but don't work for the WMF? Which group should we be in?

brennen moved this task from Done or Declined to Doing on the User-brennen board.

What about us who have advanced access on WMCS but don't work for the WMF? Which group should we be in?

In the scheme we sketched out at Policy#User_Groups, I think that should probably be volunteer-group-cloud-admin. I've created that and given it Maintainer-level access to repos/cloud. Does that seem about right to everybody?

brennen triaged this task as Medium priority.Nov 19 2021, 1:39 AM

Thanks!

I tried creating a subgroup:

https://gitlab.wikimedia.org/repos/cloud/toolforge

I was able to add the WMCS staff group wmf-team-cloud-services to this subgroup:

https://gitlab.wikimedia.org/groups/repos/cloud/toolforge/-/group_members?tab=groups

Perhaps out of scope for this particular ticket, but I was unable to give permissions to volunteer-group-cloud-admin.

Or is there some kind of inheritance from the parent group?

Or is there some kind of inheritance from the parent group?

One thing that's non-obvious - and that we should probably try to make extremely clear to folks - is that if you're a member of a parent group, you're a member of all groups it contains. (This is why we aren't using something with hierarchy like people/wmf/team-cloud-services to model things.)

I had expected that this worked the same for groups, and that anyone in both people/wmf-team-cloud-services and people/volunteer-group-cloud-admin should already have been an owner in cloud/toolforge, but I guess maybe this only holds for direct members of a group:

https://docs.gitlab.com/ee/user/group/#share-a-group-with-another-group

Similar to how you share a project with a group, you can share a group with another group. Members get direct access to the shared group.

Impersonating your user, I can reproduce not being able to autocomplete people/volunteer-group-cloud-admin in the group invite field. I'm guessing this is because you're not a member of it.

I'll need to dig into this a bit more.

(Added people/volunteer-group-cloud-admin as maintainers in the meanwhile.)