Page MenuHomePhabricator
Create Task
Maniphest T344199

Grant Access to analytics-privatedata-users for ATsay-WMF
Closed, ResolvedPublic
Actions

Description

Requestor provided information and prerequisites

This section is to be completed by the individual requesting access.

  • Wikitech username: ATsay-WMF
  • Email address: atsay@wikimedia.org
  • SSH public key (must be a separate key from Wikimedia cloud SSH access): N/A
  • Requested group membership: analytics-privatedata-users
  • Reason for access: Superset
  • Name of approving party (manager for WMF/WMDE staff): @SDeckelmann-WMF
  • Ensure you have read the Analytics Data Access User Responsibilities.
  • Please coordinate obtaining a comment of approval on this task from the approving party.

SRE Clinic Duty Confirmation Checklist for Access Requests

This checklist should be used on all access requests to ensure that all steps are covered, including expansion to existing access. Please double check the step has been completed before checking it off.

This section is to be confirmed and completed by a member of the SRE team.

  • - User has read the Analytics Data Access User Responsibilities.
  • - User has a valid NDA on file with WMF legal. (All WMF Staff/Contractor hiring are covered by NDA. Other users can be validated via the NDA tracking sheet)
  • - User has provided the following: wikitech username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform)
  • - User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not shared with any other service (this includes not sharing with WMCS access, no shared keys.)
  • - The provided SSH key has been confirmed out of band and is verified not being used in WMCS.
  • - access request (or expansion) has sign off of WMF sponsor/manager (sponsor for volunteers, manager for wmf staff)
  • - access request (or expansion) has sign off of group approver indicated by the approval field in data.yaml

For additional details regarding access request requirements, please see https://wikitech.wikimedia.org/wiki/Requesting_shell_access

Details

SubjectRepoBranchLines +/-
admin: add amyt to analytics-privatedata-usersoperations/puppetproduction+8 -5
admin: add amyt to ldap_only_usersoperations/puppetproduction+4 -0
Customize query in gerrit

Related Objects

Event Timeline

ATsay-WMF created this task.Aug 14 2023, 9:37 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 14 2023, 9:37 PM
Maintenance_bot added a project: SRE.Aug 14 2023, 9:45 PM
colewhite assigned this task to ATsay-WMF.Aug 14 2023, 10:56 PM
colewhite subscribed.

Hi!

Currently there is no ldap account associated with your work email. First thing to try is to create a wikitech account here and confirm the email.

colewhite removed a project: SRE-Access-Requests.Aug 14 2023, 10:56 PM
colewhite moved this task from Backlog to Awaiting User Input on the LDAP-Access-Requests board.
ATsay-WMF added a comment.Aug 14 2023, 11:15 PM

Got it -- does this work? https://wikitech.wikimedia.org/wiki/User:Amy_T

gerritbot added a comment.Aug 14 2023, 11:21 PM

Change 948686 had a related patch set uploaded (by Cwhite; author: Cwhite):

[operations/puppet@production] admin: add amyt to ldap_only_users

https://gerrit.wikimedia.org/r/948686

gerritbot added a project: Patch-For-Review.Aug 14 2023, 11:21 PM
colewhite moved this task from Awaiting User Input to Code Review Pending on the LDAP-Access-Requests board.Aug 15 2023, 8:09 PM
Clement_Goubert updated the task description. (Show Details)Aug 16 2023, 11:16 AM
Clement_Goubert added a subscriber: SDeckelmann-WMF.
Clement_Goubert moved this task from Code Review Pending to Manager Approval Pending on the LDAP-Access-Requests board.Aug 16 2023, 11:20 AM
Clement_Goubert added subscribers: odimitrijevic, Milimetric, Clement_Goubert.

Hi,

While we add your user to the base group, can you make sure you have:

Tagging @odimitrijevic and @Milimetric for analytics-privatedata-users group approval.

Clement_Goubert added a comment.Aug 16 2023, 11:31 AM

We would also need clarification on whether this request is also for SSH access or only via superset.

Clement_Goubert changed the task status from Open to In Progress.Aug 17 2023, 9:01 AM
SDeckelmann-WMF added a comment.Aug 17 2023, 11:17 AM

I approve.

Clement_Goubert updated the task description. (Show Details)Aug 17 2023, 11:23 AM
ATsay-WMF updated the task description. (Show Details)Aug 17 2023, 8:35 PM
odimitrijevic added a comment.Aug 18 2023, 10:27 PM

I approve

Clement_Goubert unsubscribed.Aug 21 2023, 8:05 AM
jbond closed this task as Resolved.Aug 21 2023, 1:50 PM
jbond subscribed.

@ATsay-WMF i have added you to the ldap wmf group which should give you access to superset. If you need additional access please reopen this task thanks

gerritbot added a comment.Aug 21 2023, 10:37 PM

Change 948686 merged by Cwhite:

[operations/puppet@production] admin: add amyt to ldap_only_users

https://gerrit.wikimedia.org/r/948686

Maintenance_bot removed a project: Patch-For-Review.Aug 21 2023, 11:10 PM
ATsay-WMF reopened this task as Open.Oct 5 2023, 9:44 PM

Hello, I'd like to request access to analytics-privatedata-users as well. Thanks!

jbond closed this task as Resolved.Oct 6 2023, 9:43 AM
This comment was removed by jbond.
jbond added a comment.Oct 6 2023, 9:48 AM
In T344199#9229747, @ATsay-WMF wrote:

Hello, I'd like to request access to analytics-privatedata-users as well. Thanks!

Please disregard my last comment however can you describe what it is you need to access. There are 3 different ways to add users to the analytics-privatedata-users group so knowing specifically what you need to access is usefull

jbond reopened this task as Open.Oct 6 2023, 9:49 AM
Jelto triaged this task as Medium priority.Oct 6 2023, 11:49 AM
Jelto subscribed.

We have approval from manager and group owner already for analytics-privatedata-users. So we can proceed with adding amyt to analytics-privatedata-users.

gerritbot added a comment.Oct 6 2023, 11:49 AM

Change 964000 had a related patch set uploaded (by Jelto; author: Jelto):

[operations/puppet@production] admin: add amyt to analytics-privatedata-users

https://gerrit.wikimedia.org/r/964000

gerritbot added a project: Patch-For-Review.Oct 6 2023, 11:49 AM
Jelto updated the task description. (Show Details)Oct 6 2023, 11:49 AM
Jelto added a project: SRE-Access-Requests.Oct 6 2023, 12:20 PM

Per discussion in https://gerrit.wikimedia.org/r/c/operations/puppet/+/964000/1#message-e8640992dffe84a96eb65107b8dcfbff5728927b it would be good to get another formal approval for adding amyt to analytics-privatedata-users (as the initial request was ldap only).

@odimitrijevic or @Milimetric may I ask you for another approval to add amyt to analytics-privatedata-users (which includes superset with private data).

Jelto updated the task description. (Show Details)Oct 6 2023, 12:20 PM
odimitrijevic added a comment.Oct 25 2023, 8:00 PM

Approved!

JMeybohm subscribed.Nov 1 2023, 10:04 AM
In T344199#9229747, @ATsay-WMF wrote:

Hello, I'd like to request access to analytics-privatedata-users as well. Thanks!

Hi @ATsay-WMF, there are multiple types of analytics-privatedata-users access - depending on what service/data you actually want to access (see https://wikitech.wikimedia.org/wiki/Analytics/Data_access#What_access_should_I_request?). I will assume it's just about the superset/hive access with PII and go with the change @Jelto prepared. If you need SSH/Kerberos access as well, please let us know.

gerritbot added a comment.Nov 1 2023, 10:06 AM

Change 964000 merged by JMeybohm:

[operations/puppet@production] admin: add amyt to analytics-privatedata-users

https://gerrit.wikimedia.org/r/964000

JMeybohm closed this task as Resolved.Nov 1 2023, 10:06 AM
JMeybohm updated the task description. (Show Details)
Maintenance_bot removed a project: Patch-For-Review.Nov 1 2023, 10:10 AM
ATsay-WMF added a comment.Nov 1 2023, 5:57 PM

I just needed to see the superset dashboard, and it's working now--thank you!

mpopov mentioned this in T356917: Requesting access to analytics-privatedata-users for JTanner.Feb 8 2024, 6:28 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits