Page MenuHomePhabricator
Create Task
Maniphest T355267

Add extension NetworkSession to all wmf wikis
Closed, ResolvedPublic
Actions

Description

Feature summary (what you would like to be able to do and where):

Provide a method for internal services to run read-only api requests on private wikis

Use case(s)

As a developer of a supporting application to mediawiki I need to be able to make read-only api calls against private wikis.

The CirrusSearch streaming updater, due to replace the existing job-based search updater, needs to perform a specific api call to collect the information that needs to be indexed into the search engine. For the majority of wikis, such as mediawiki.org, we could query the public api. But that would fail on the private wikis.

See T345185 for initial design planning of the access method.

Needed for deployment of the extensions:

  • A review from the product owner for the affected area, if applicable. General concept reviewed by multiple members of core platform, who own Authentication and Authorization. Code review from Gergő Tisza, documented individual maintainer of same.
  • Application security review – T357353: Application Security Review Request : NetworkSession MediaWiki extension
  • Add to the json make-wmf-branch release tool
  • Wait until wmf.15 and wmf.16 are the branches in prod (or later)
  • Add to extension-list
  • Add loading flag to InitialiseSettings.php, default false, and use flag in CommonSettings.php with other config as appropriate
  • Set live in InitialiseSettings-labs.php to test on Beta Cluster
  • Set live in InitialiseSettings.php

Details

SubjectRepoBranchLines +/-
zuul: promote NetworkSession to wikimedia prodintegration/configmaster+0 -1
Enable NetworkSession extension for most wikisoperations/mediawiki-configmaster+2 -1
beta: Enable NetworkSession extensionoperations/mediawiki-configmaster+50 -0
Add NetworkSession extensionoperations/mediawiki-configmaster+1 -0
Customize query in gerrit

Related Objects
Search...

Event Timeline

EBernhardson created this task.Jan 17 2024, 10:08 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 17 2024, 10:08 PM
EBernhardson added a project: Discovery-Search (Current work).Jan 17 2024, 10:08 PM
Gehel moved this task from Incoming to Blocked/Waiting on the Discovery-Search (Current work) board.Jan 22 2024, 4:17 PM
EBernhardson added a parent task: T345185: Provide a method for internal services to run api requests for private wikis.Feb 12 2024, 9:19 PM
EBernhardson mentioned this in T354976: Create new NetworkSession mediawiki extension.
EBernhardson added a subtask: T357353: Application Security Review Request : NetworkSession MediaWiki extension .Feb 12 2024, 9:55 PM
acooper changed the status of subtask T357353: Application Security Review Request : NetworkSession MediaWiki extension from Open to In Progress.Apr 16 2024, 9:15 AM
sbassett closed subtask T357353: Application Security Review Request : NetworkSession MediaWiki extension as Resolved.Jun 12 2024, 4:09 PM
Gehel moved this task from Blocked/Waiting to In Progress on the Discovery-Search (Current work) board.Jul 15 2024, 3:12 PM
EBernhardson added a comment.Jul 19 2024, 7:34 PM

The code has been deployed (but not loaded) to the beta cluster since Idea47a43d9fb.

gerritbot added a comment.Jul 19 2024, 7:54 PM

Change #1055484 had a related patch set uploaded (by Ebernhardson; author: Ebernhardson):

[operations/mediawiki-config@master] beta: Enable NetworkSession extension

https://gerrit.wikimedia.org/r/1055484

gerritbot added a project: Patch-For-Review.Jul 19 2024, 7:54 PM
gerritbot added a comment.Jul 22 2024, 3:05 PM

Change #1055958 had a related patch set uploaded (by Ebernhardson; author: Ebernhardson):

[integration/config@master] zuul: promote NetworkSession to wikimedia prod

https://gerrit.wikimedia.org/r/1055958

EBernhardson claimed this task.Jul 22 2024, 3:22 PM
Zabe subscribed.Jul 22 2024, 3:41 PM
In T355267#9999457, @EBernhardson wrote:

The code has been deployed (but not loaded) to the beta cluster since Idea47a43d9fb.

The extension actually also needs to be added to extension-list before beta cluster deployment since that is used to build the CDB database.

See https://www.mediawiki.org/wiki/Writing_an_extension_for_deployment#Deploy_to_Beta_Cluster.

EBernhardson added a comment.Jul 22 2024, 4:08 PM
In T355267#10003092, @Zabe wrote:
In T355267#9999457, @EBernhardson wrote:

The code has been deployed (but not loaded) to the beta cluster since Idea47a43d9fb.

The extension actually also needs to be added to extension-list before beta cluster deployment since that is used to build the CDB database.

See https://www.mediawiki.org/wiki/Writing_an_extension_for_deployment#Deploy_to_Beta_Cluster.

Thanks for catching that, i had read through it but i guess that detail didn't quite click. Will do.

CodeReviewBot added a comment.Jul 22 2024, 4:25 PM

ebernhardson opened https://gitlab.wikimedia.org/repos/releng/release/-/merge_requests/92

make-release: Start branching NetworkSession

CodeReviewBot added a comment.Jul 22 2024, 5:09 PM

jforrester merged https://gitlab.wikimedia.org/repos/releng/release/-/merge_requests/92

make-release: Start branching NetworkSession

Jdforrester-WMF updated the task description. (Show Details)Jul 22 2024, 5:20 PM
gerritbot added a comment.Jul 30 2024, 1:46 PM

Change #1058167 had a related patch set uploaded (by Ebernhardson; author: Ebernhardson):

[operations/mediawiki-config@master] Add NetworkSession extension

https://gerrit.wikimedia.org/r/1058167

gerritbot added a comment.Jul 30 2024, 8:03 PM

Change #1058167 merged by jenkins-bot:

[operations/mediawiki-config@master] Add NetworkSession extension

https://gerrit.wikimedia.org/r/1058167

Stashbot added a comment.Jul 30 2024, 8:03 PM

Mentioned in SAL (#wikimedia-operations) [2024-07-30T20:03:46Z] <cjming@deploy1003> Started scap sync-world: Backport for [[gerrit:rECNO1058167597c1|Add NetworkSession extension (T355267)]]

Stashbot added a comment.Jul 30 2024, 8:38 PM

Mentioned in SAL (#wikimedia-operations) [2024-07-30T20:38:07Z] <cjming@deploy1003> ebernhardson, cjming: Backport for [[gerrit:rECNO1058167597c1|Add NetworkSession extension (T355267)]] synced to the testservers (https://wikitech.wikimedia.org/wiki/Mwdebug)

Stashbot added a comment.Jul 30 2024, 8:48 PM

Mentioned in SAL (#wikimedia-operations) [2024-07-30T20:48:55Z] <cjming@deploy1003> Finished scap: Backport for [[gerrit:rECNO1058167597c1|Add NetworkSession extension (T355267)]] (duration: 45m 08s)

EBernhardson updated the task description. (Show Details)Jul 31 2024, 5:55 PM
gerritbot added a comment.Jul 31 2024, 8:36 PM

Change #1055484 merged by jenkins-bot:

[operations/mediawiki-config@master] beta: Enable NetworkSession extension

https://gerrit.wikimedia.org/r/1055484

Stashbot added a comment.Jul 31 2024, 8:37 PM

Mentioned in SAL (#wikimedia-operations) [2024-07-31T20:37:05Z] <cjming@deploy1003> Started scap sync-world: Backport for [[gerrit:1055484|beta: Enable NetworkSession extension (T355267)]]

Stashbot added a comment.Jul 31 2024, 8:39 PM

Mentioned in SAL (#wikimedia-operations) [2024-07-31T20:39:22Z] <cjming@deploy1003> ebernhardson, cjming: Backport for [[gerrit:1055484|beta: Enable NetworkSession extension (T355267)]] synced to the testservers (https://wikitech.wikimedia.org/wiki/Mwdebug)

Stashbot added a comment.Jul 31 2024, 8:44 PM

Mentioned in SAL (#wikimedia-operations) [2024-07-31T20:44:52Z] <cjming@deploy1003> Finished scap: Backport for [[gerrit:1055484|beta: Enable NetworkSession extension (T355267)]] (duration: 07m 47s)

EBernhardson updated the task description. (Show Details)EditedJul 31 2024, 8:49 PM

Extension is now live on beta cluster, verified that it works as expected. Specifically:

Fails everwhere:

curl -H 'Authorization: NetworkSession wrongtoken' 'https://en.wikipedia.beta.wmflabs.org/w/api.php?action=query&format=json&prop=cirrusbuilddoc&pageids=1&formatversion=2'

Fails from outside cloud, works inside cloud:

curl -H 'Authorization: NetworkSession networksession-testuser-token' 'https://en.wikipedia.beta.wmflabs.org/w/api.php? action=query&format=json&prop=cirrusbuilddoc&pageids=1&formatversion=2'

Current intent is to ship to prod early next week.

dr0ptp4kt moved this task from In Progress to To Be Deployed on the Discovery-Search (Current work) board.Aug 5 2024, 3:15 PM
gerritbot added a comment.Aug 6 2024, 3:03 PM

Change #1060123 had a related patch set uploaded (by Ebernhardson; author: Ebernhardson):

[operations/mediawiki-config@master] Enable NetworkSession extension for most wikis

https://gerrit.wikimedia.org/r/1060123

gerritbot added a comment.Aug 6 2024, 8:10 PM

Change #1060123 merged by jenkins-bot:

[operations/mediawiki-config@master] Enable NetworkSession extension for most wikis

https://gerrit.wikimedia.org/r/1060123

Stashbot added a comment.Aug 6 2024, 8:47 PM

Mentioned in SAL (#wikimedia-operations) [2024-08-06T20:47:48Z] <kindrobot@deploy1003> Started scap sync-world: Backport for [[gerrit:1060152|Promote dark mode for anons on various wikis - take 2 (T371070 T371084)]], [[gerrit:1060123|Enable NetworkSession extension for most wikis (T355267)]], [[gerrit:1060139|fix(i18n): adjust broken mentorship eligibility copy (T371775 T370318)]], [[gerrit:1060136|fix(i18n): adjust broken mentorship eligibility copy (T371775 T370318)]]

Stashbot mentioned this in T371775: Permission error when attempting to enroll as mentor on Turkish Wikipedia.Aug 6 2024, 8:47 PM
Stashbot mentioned this in T371070: Re-evaluate tier 3 wikis that are ready for dark mode.
Stashbot mentioned this in T370318: GEMentorshipAutomaticEligibility description is wrong.
Stashbot mentioned this in T371084: Deploy dark mode to eswiki and other "ready" wikis.
Stashbot added a comment.Aug 6 2024, 9:21 PM

Mentioned in SAL (#wikimedia-operations) [2024-08-06T21:21:27Z] <kindrobot@deploy1003> toyofuku, ebernhardson, kindrobot, migr: Backport for [[gerrit:1060152|Promote dark mode for anons on various wikis - take 2 (T371070 T371084)]], [[gerrit:1060123|Enable NetworkSession extension for most wikis (T355267)]], [[gerrit:1060139|fix(i18n): adjust broken mentorship eligibility copy (T371775 T370318)]], [[gerrit:1060136|fix(i18n): adjust broken mentorship eligibility copy (T371775 T37031

Stashbot mentioned this in T37031: Change decimal separators for numbers in Kurdish.Aug 6 2024, 9:21 PM
Stashbot added a comment.Aug 6 2024, 9:34 PM

Mentioned in SAL (#wikimedia-operations) [2024-08-06T21:34:53Z] <kindrobot@deploy1003> Finished scap: Backport for [[gerrit:1060152|Promote dark mode for anons on various wikis - take 2 (T371070 T371084)]], [[gerrit:1060123|Enable NetworkSession extension for most wikis (T355267)]], [[gerrit:1060139|fix(i18n): adjust broken mentorship eligibility copy (T371775 T370318)]], [[gerrit:1060136|fix(i18n): adjust broken mentorship eligibility copy (T371775 T370318)]] (duration: 47m 05s)

EBernhardson updated the task description. (Show Details)Aug 8 2024, 4:00 PM

This is mostly complete, but not closing it out since https://gerrit.wikimedia.org/r/c/integration/config/+/1055958 is still open.

gerritbot added a comment.Aug 9 2024, 7:42 AM

Change #1055958 merged by jenkins-bot:

[integration/config@master] zuul: promote NetworkSession to wikimedia prod

https://gerrit.wikimedia.org/r/1055958

Stashbot added a comment.Aug 9 2024, 7:43 AM

Mentioned in SAL (#wikimedia-releng) [2024-08-09T07:43:11Z] <James_F> Zuul: Note that NetworkSession is now in Wikimedia prod, for T355267

Maintenance_bot removed a project: Patch-For-Review.Aug 9 2024, 8:30 AM
Aklapper added a project: NetworkSession.Aug 12 2024, 2:02 PM
EBernhardson moved this task from To Be Deployed to Needs Reporting on the Discovery-Search (Current work) board.Aug 12 2024, 2:34 PM
Gehel closed this task as Resolved.Aug 16 2024, 9:13 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits