Fundraising access request for Emma Hughes
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	spatton
	Nov 23 2022, 7:56 PM

Description

This is a new access request for @ehughes. They require the following access: (mark each box with an x)

Thank you!

New User Procedure / Checklist

When adding a new user to the fundraising / fr-tech ecosystem, we have a set of places where we need to create accounts and access.

Prerequisites

Before we can take any action to add a user, we need to verify that they are authorized to have such access. This requires confirmation from their manager and approval from the C level that access is approved.

[x] user_verification

Requires: user request
[x] access_rights: letter to C level (currently Lisa) verifying grant of access
[x] account name/contact info: verify on https://collab.wikimedia.org/wiki/Fundraising#Contact_List

Accounts and Services

[x] user account

Requires: user_verification
[x] Add the user to the users.yaml and group_members.yaml files as appropriate.
[x] Push out puppet changes.

[x] yubikey

Requires: useraccount and ITS request to send out yubikey to user
[x] physical: Make a request to ITS to have a key sent to the user
[x] account_setup: Get public side and add to puppet-private/manifests/passwords/yubico.pp
[x] follow_on: Make sure user can use yubikey for ssh access

[x] ssh

Requires: useraccount and yubikey
[x] key_setup: Send template/docs for generating keypair and ~/.ssh/config file
[x] account_setup: Get public side and add to puppet-private/secrets/ssh/default/$username
[x] follow_on: Verify user can ssh using correct creds and passphrases when needed.

[x] mysql

Requires: useraccount, yubikey, ssh
[x] account_setup
    [x] Create user block in ~/puppet-private/secrets/mysql_grants/fundraising_qa
    [x] Ensure user is in correct blocks for select rights on dbs.
        - Generally use another user in same group as a guide
    [x] Run the grant script to get the grants.
    [x] Copy/paste to execute the grants on appropriate dbs.
    [x] Create the user a ~/.my.cnf file with the original password from account creation.
[x] follow_on: Verify user can ssh to the required host and log in to mysql.

Event Timeline

spatton created this task.Nov 23 2022, 7:56 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 23 2022, 7:56 PM

Dwisehaupt moved this task from Triage to Up Next on the fundraising-tech-ops board.Nov 23 2022, 8:31 PM

@ehughes already has a superset account Please let me know if a password reset is needed.

Dwisehaupt updated the task description. (Show Details)Nov 23 2022, 10:10 PM

[frack::puppet] a2a65353 Adding ehughes accounts

[frack::puppet::private] c7418f9 Add ehughes yubikey pub key

Dwisehaupt updated the task description. (Show Details)Nov 23 2022, 10:21 PM

[frack::puppet::private] 60f73a1 Add ehughes mysql account and grants

Unix account created and pushed out. mysql accounts created with grants mirroring spatton. Documentation sent on how to create the ssh keypair and ssh config file.

Pcoombe awarded a token.Nov 24 2022, 2:32 PM

Hi @Dwisehaupt here's the public key for my ssh keypair:

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBGMKizxsslWM4FY5+g86i3ae7sNT30k2wqv5Ssl/5QE ehughes@wikimedia.org

Dwisehaupt moved this task from Up Next to In Progress on the fundraising-tech-ops board.Nov 28 2022, 5:51 PM

Thanks @ehughes. I'll be sending on the instructions for testing your connection in just a few minutes.

Dwisehaupt updated the task description. (Show Details)Nov 28 2022, 6:48 PM

Dwisehaupt claimed this task.Nov 28 2022, 6:57 PM