Page MenuHomePhabricator
Create Task
Maniphest T310341

Add some columns of `renameuser_queue` to the replica
Open, Needs TriagePublic
Actions

Description

The renameuser_queue table doesn't appear to be replicated to the Labsdb replicas — this makes sense, as these requests often contain private information.

However, it would be useful to have access to the following, non-sensitive, columns in the table:

  • rq_id
  • rq_requested_ts
  • rq_status
  • rq_completed_ts
  • rq_performer

The initial usecase I can think of is checking global renamer's activity (i.e. to see if the right needs to be revoked for inactivity) — we're unable to check queue rejections as these aren't searchable.

I have a patch almost ready to submit which adds

renameuser_queue,req_id,K
renameuser_queue,rq_name,F
renameuser_queue,rq_wiki,F
renameuser_queue,rq_newname,F
renameuser_queue,rq_reason,F
renameuser_queue,rq_requested_ts,K
renameuser_queue,rq_status,K
renameuser_queue,rq_completed_ts,K
renameuser_queue,rq_deleted,F
renameuser_queue,rq_performer,K
renameuser_queue,rq_comments,F

to modules/role/files/mariadb/filtered_tables.txt, which I think is correct per the Labsdb redaction page (though I think I'm missing "step 2"?)

I'm not really sure who "looks after" this, nor if we need to get Legal's approval — guidance there would be appreciated 🙂

Event Timeline

TheresNoTime created this task.Jun 10 2022, 9:48 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 10 2022, 9:48 AM
TheresNoTime updated the task description. (Show Details)Jun 10 2022, 9:50 AM
TheresNoTime added a subscriber: Bawolff.Jun 10 2022, 10:14 AM

Just found T103011#3536648 in which @Bawolff lists renameuser_queue under a heading of "Safe to replicate but requires view-based redaction" — I think that's what modules/profile/templates/wmcs/db/wikireplicas/maintain-views.yaml does?

RhinosF1 subscribed.Jun 10 2022, 3:04 PM
Ladsgroup added subscribers: Htriedman, sguebo_WMF, Ladsgroup.Jun 10 2022, 9:54 PM

Yes and after that we need to run maintain-views on the cloud replicas and will be done but before that I'd like a sign off from privacy team for example @Htriedman or @sguebo_WMF

Marostegui subscribed.Jun 13 2022, 5:26 AM

The table is indeed replicated to the clouddb* hosts, but it is missing a proper view creation and deployment. This is done by cloud-services-team

Marostegui edited projects, added Data-Services; removed DBA.Jun 13 2022, 5:26 AM
Htriedman added a comment.Jun 22 2022, 6:38 PM

Hi all!

Sorry for the late-ish response, just got back from vacation and am catching up on this. @Marostegui seems to be correct, that there is no view creation for renameuser_queue within maintain-views.yaml.

From a privacy perspective, I don't think there's much to worry about here as long as we're only publishing rq_id, rq_requested_ts, rq_status, rq_completed_ts, and rq_performer.

taavi moved this task from Backlog to Wiki replicas on the Data-Services board.Jun 28 2022, 5:26 PM
TheresNoTime removed a subscriber: RhinosF1.Dec 15 2022, 11:35 PM
fnegri edited projects, added cloud-services-team; removed cloud-services-team (Kanban).Jan 18 2023, 6:39 PM
fnegri moved this task from Kanban to Inbox on the cloud-services-team board.
MdsShakil subscribed.Mar 20 2023, 6:22 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL