The stewards* production virtual machines were created (T344164) to facilitate onboarding and offboarding stewards from/their roles, see the parent task. One of the major bottlenecks when (on/off)boarding stewards is provisioning/revoking access to a number of mailing lists, such as:
- stewards-l
- global-sysops
- global-renamers
- checkuser-l
- stewards-usergroup
I would like to wire membership management for those lists to the tool that I'm working on. However, Mailman3 doesn't have an easily accessible API. According to a discussion with @Ladsgroup I had about Mailman's API, the API exists, but it is restricted to production network and requires a secret that enables the client to access anything in Mailman.
Since the onboarding tool for stewards resides in production (ATM,stewards1001 and stewards2001), I believe it might be possible to provision the secret to those machines, and make use of the API to manage those lists automatically. Is that a correct assumption? Do we need to do anything else to make that possible? Is there a different way to automate list membership management in this case?