Grant Access to analytics-privatedata-users, wmf for Sonja Perry
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	SonjaPerry
	May 23 2024, 9:57 PM

Description

Requestor provided information and prerequisites

Complete ALL items below as the individual person who is requesting access:

Wikimedia developer account username: sperry-wmf
Email address: sperry@wikimedia.org
SSH public key (must be a separate key from Wikimedia cloud SSH access): NA
Requested group membership: analytics-privatedata-users, wmf
Reason for access: I'm a Group Product Manager under Core Experiences (full-time employee) and need access to all common data tools, including Superset, Logstash, Turnilo etc.
Name of approving party (manager for WMF/WMDE staff):
Ensure you have signed the L3 Wikimedia Server Access Responsibilities document:
Please coordinate obtaining a comment of approval on this task from the approving party.

SRE Clinic Duty Confirmation Checklist for Access Requests

This checklist should be used on all access requests to ensure that all steps are covered, including expansion to existing access. Please double check the step has been completed before checking it off.

This section is to be confirmed and completed by a member of the SRE team.

- User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
- User has a valid NDA on file with WMF legal. (All WMF Staff/Contractor hiring are covered by NDA. Other users can be validated via the NDA tracking sheet)
- User has provided the following: developer account username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform)
- User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not shared with any other service (this includes not sharing with WMCS access, no shared keys.)
- The provided SSH key has been confirmed out of band and is verified not being used in WMCS.
- access request (or expansion) has sign off of WMF sponsor/manager (sponsor for volunteers, manager for wmf staff)
- access request (or expansion) has sign off of group approver indicated by the approval field in data.yaml

For additional details regarding access request requirements, please see https://wikitech.wikimedia.org/wiki/Requesting_shell_access

Details

Related Changes in Gerrit:

	Subject	Repo	Branch	Lines +/-
	admin: add sperry-wmf to analytics-privatedata-users	operations/puppet	production	+8 -1

Customize query in gerrit

Related Objects

Mentioned Here: T290605: When WMF staff requests to be added to ldap/wmf, also add their Phabricator account to #WMF-NDA

Event Timeline

SonjaPerry created this task.May 23 2024, 9:57 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMay 23 2024, 9:57 PM

SonjaPerry renamed this task from Grant Access to <INSERT LDAP GROUP> for <INSERT USERNAME> to Grant Access to analytics-privatedata-users, wmf for Sonja Perry.May 23 2024, 9:58 PM

Maintenance_bot added a project: SRE.May 23 2024, 10:29 PM

Welcome to WMF!

We can handle the access to the wmf group here fairly quickly.

analytics-privatedata-users isn't an LDAP group though.

That would be a separate process that has more steps like additional approvals by manager and group owner. And we need to find out which of these types you are requesting:

a) analytics-privatedata-users (no kerberos, no ssh)

b) analytics-privatedata-users (no kerberos)

c) analytics-privatedata-users (with kerberos)

https://wikitech.wikimedia.org/wiki/Analytics/Data_access#Analytics_shell_(posix)_groups_explained

Maybe you can ask your new manager about that? Cheers

Dzahn moved this task from Backlog to Awaiting User Input on the LDAP-Access-Requests board.May 24 2024, 12:17 AM

Hello -- Sonja needs to be in the groups that give her access to Superset and Turnilo, but not more tools beyond that. Reading the page you linked, I think that's the "(no kerberos, no ssh)" group. If we need more access beyond that, we can let you know when that comes up. Thank you!

colewhite updated the task description. (Show Details)May 28 2024, 10:55 PM

Change #1036595 had a related patch set uploaded (by Cwhite; author: Cwhite):

[operations/puppet@production] admin: add sperry-wmf to analytics-privatedata-users

https://gerrit.wikimedia.org/r/1036595

gerritbot added a project: Patch-For-Review.May 28 2024, 10:59 PM

@SonjaPerry You'll want to read and sign L3 when you get a chance.

Pinging one of @odimitrijevic, @Milimetric, @WDoranWMF, @Ahoelzl for Analytics team approval.

colewhite moved this task from Untriaged to Manager/NDA Approval/Confirmation on the SRE-Access-Requests board.May 28 2024, 11:04 PM

L3 signed, thank you!

colewhite updated the task description. (Show Details)May 29 2024, 10:30 PM

Approved.

I am Sonja's manager and I approve.

colewhite updated the task description. (Show Details)May 31 2024, 8:02 PM

Change #1036595 merged by Cwhite:

[operations/puppet@production] admin: add sperry-wmf to analytics-privatedata-users

https://gerrit.wikimedia.org/r/1036595

The group membership and ldap change has been deployed.

Please feel free to reopen if you encounter any related issue.

Added Sonja to the WMF-NDA group here in Phabricator for access to private tickets (https://phabricator.wikimedia.org/project/members/61/)

This is tied to being added to "wmf" LDAP group per T290605 (https://wikitech.wikimedia.org/wiki/SRE/Clinic_Duty/Access_requests#WMF_Group)

Maintenance_bot removed a project: Patch-For-Review.May 31 2024, 9:30 PM