Page MenuHomePhabricator
Create Task
Maniphest T375384

📡 Automate QueryService Allowlist updates
Closed, ResolvedPublic
Actions

Description

We added current existing wikibase.cloud wikis to the QueryService Allowlist

This update process can be automated, for example by querying the discovery API in an GitHub action and adding new wiki domains to the text file once per day: https://www.wikibase.cloud/api/wiki?sort=pages&direction=desc&is_active=1&page=1&per_page=999, where 999 is an arbitrary large number (this would not be the ideal request form, just an example).

ACs:

  • updating allowlist.txt is automated

Patches:

Related Objects

Event Timeline

dena created this task.Sep 23 2024, 1:33 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 23 2024, 1:33 PM
Anton.Kokh subscribed.Sep 25 2024, 11:37 AM

Related to T357106

Anton.Kokh moved this task from Backlog (incoming) to Product prioritized backlog on the Wikibase Cloud board.Sep 25 2024, 11:37 AM
Anton.Kokh renamed this task from Automate QueryService Allowlist updates to 📡 Automate QueryService Allowlist updates.Oct 13 2024, 6:18 PM
Anton.Kokh edited projects, added Wikibase Cloud (Kanban Board Q4 2024); removed Wikibase Cloud.
Andrew-WMDE claimed this task.Oct 14 2024, 8:01 AM
Andrew-WMDE moved this task from To do to Doing on the Wikibase Cloud (Kanban Board Q4 2024) board.
Tarrow subscribed.Oct 14 2024, 11:20 AM

Quick chat with Andrew where we concluded that:

  • adjusting the java code to fetch this at runtime was a lot of effort and a high amount of uncertainty about the complexity
  • that having github actions regularly run to update the allowlist would work but our previous experience with not merging dependabot PRs suggests we'd still be slow to deploy
  • two main options remain:
    • run curl or similar at container start time to download a valid list from the API
    • write to a ConfigMap from the API and pass that into the container
  • we would then rely on the the queryservice restarting semi-regularly e.g. due to node updates to trigger the re-reading of the allowlist
  • we don't want to schedule this more regularly because we're worried about very regular restarts disrupting users and also the chance of corrupting and then needed to rebuild the internal blazegraph data
Andrew-WMDE updated the task description. (Show Details)Oct 15 2024, 1:56 PM
Andrew-WMDE updated the task description. (Show Details)Oct 17 2024, 1:15 PM
Andrew-WMDE moved this task from Doing to In Review on the Wikibase Cloud (Kanban Board Q4 2024) board.Oct 17 2024, 3:00 PM
Rosalie_WMDE moved this task from In Review to Waiting for Deploy to Staging on the Wikibase Cloud (Kanban Board Q4 2024) board.Oct 22 2024, 2:58 PM
Andrew-WMDE updated the task description. (Show Details)Oct 24 2024, 11:18 AM
Andrew-WMDE updated the task description. (Show Details)Oct 24 2024, 1:15 PM
Andrew-WMDE updated the task description. (Show Details)Oct 28 2024, 11:35 AM
Andrew-WMDE updated the task description. (Show Details)Oct 28 2024, 2:48 PM
Andrew-WMDE updated the task description. (Show Details)Oct 29 2024, 12:33 PM
Andrew-WMDE updated the task description. (Show Details)Oct 29 2024, 3:43 PM
Andrew-WMDE moved this task from Waiting for Deploy to Staging to Done on the Wikibase Cloud (Kanban Board Q4 2024) board.
Anton.Kokh closed this task as Resolved.Oct 30 2024, 2:40 PM
Anton.Kokh mentioned this in T357106: QueryService: Use wildcard allow for federation.Nov 20 2024, 12:05 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits