Page MenuHomePhabricator
Create Task
Maniphest T328015

Requesting access to analytics-privatedata-users for Abhas
Closed, ResolvedPublicRequest
Actions

Description

Requestor provided information and prerequisites

This section is to be completed by the individual requesting access.

  • Wikitech username: Abhas
  • Email address: atripathi@wikimedia.org
  • SSH public key (must be a separate key from Wikimedia cloud SSH access): ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM/UXerh39d7MLuBg/tSVk/W3FbqxIbSl5VE03IvahKI atripathi@wikimedia.org
  • Requested group membership: Shell (posix) membership in the analytics-privatedata-users group
  • Reason for access: I'm the Disinformation Manager in the Trust & Safety team, and my work involves port data collection for law enforcement requests, which are approved by the Deputy Legal Counsel. This includes accessing the 'wmf' schema on the 'presto_analytics_hive' database. I need access to search and collect port data for such requests.
  • Name of approving party (manager for WMF/WMDE staff): Jan Eissfeldt
  • Ensure you have signed the L3 Wikimedia Server Access Responsibilities document: YES
  • Please coordinate obtaining a comment of approval on this task from the approving party.

SRE Clinic Duty Confirmation Checklist for Access Requests

This checklist should be used on all access requests to ensure that all steps are covered, including expansion to existing access. Please double check the step has been completed before checking it off.

This section is to be confirmed and completed by a member of the SRE team.

  • - User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
  • - User has a valid NDA on file with WMF legal. (All WMF Staff/Contractor hiring are covered by NDA. Other users can be validated via the NDA tracking sheet)
  • - User has provided the following: wikitech username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform)
  • - User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not shared with any other service (this includes not sharing with WMCS access, no shared keys.)
  • - access request (or expansion) has sign off of WMF sponsor/manager (sponsor for volunteers, manager for wmf staff)
  • - access request (or expansion) has sign off of group approver indicated by the approval field in data.yaml

For additional details regarding access request requirements, please see https://wikitech.wikimedia.org/wiki/Requesting_shell_access

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
admin: Add abhas to analytics-privatedata-usersoperations/puppetproduction+7 -2
Customize query in gerrit

Event Timeline

Abhas created this task.Jan 26 2023, 12:37 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 26 2023, 12:37 PM
Clement_Goubert changed the task status from Open to In Progress.Jan 26 2023, 12:53 PM
Clement_Goubert claimed this task.
Clement_Goubert triaged this task as Medium priority.
Clement_Goubert updated the task description. (Show Details)
Clement_Goubert added subscribers: odimitrijevic, JanWMF, Ottomata.EditedJan 26 2023, 12:56 PM
Ottomata added a comment.Jan 26 2023, 12:59 PM

Approved. I'm not certain this will need kerberos access, but I'd go ahead and give it for good measure. I'd expect there to be times when it will just be easier to have it than not have it for this request.

Clement_Goubert updated the task description. (Show Details)Jan 26 2023, 1:05 PM
Clement_Goubert moved this task from Untriaged to Manager/NDA Approval/Confirmation on the SRE-Access-Requests board.
gerritbot added a comment.Jan 26 2023, 1:14 PM

Change 883933 had a related patch set uploaded (by Clément Goubert; author: Clément Goubert):

[operations/puppet@production] admin: Add abhas to analytics-privatedata-users

https://gerrit.wikimedia.org/r/883933

gerritbot added a project: Patch-For-Review.Jan 26 2023, 1:14 PM
JanWMF added a comment.Jan 28 2023, 9:30 AM

approved

Clement_Goubert reassigned this task from Clement_Goubert to herron.Jan 30 2023, 9:23 AM
Clement_Goubert updated the task description. (Show Details)
Clement_Goubert added subscribers: herron, Clement_Goubert.

Handing off to this week's Clinic Duty SRE.
@herron you should just have to merge the CR and create the kerberos principal.

gerritbot added a comment.Jan 30 2023, 2:47 PM

Change 883933 merged by Herron:

[operations/puppet@production] admin: Add abhas to analytics-privatedata-users

https://gerrit.wikimedia.org/r/883933

herron closed this task as Resolved.Jan 30 2023, 2:57 PM

Hi @Abhas, the requested access has been provisioned and will fully propagate across the fleet within 30 minutes.

Additionally a kerberos principal has been created, with initial login instructions sent via email from the system.

I'll transition this to resolved now, but please don't hesitate to re-open if any followup is needed. Thanks!

Maintenance_bot removed a project: Patch-For-Review.Jan 30 2023, 3:32 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits