Page MenuHomePhabricator
Create Task
Maniphest T376188

OAuth consumers registered locally at Wikitech are no longer configured to be used
Closed, ResolvedPublicBUG REPORT
Actions

Description

Removing Wikitech's override of $wgMWOAuthCentralWiki has orphaned the local consumers in the labswiki.oauth_registered_consumer table. Bots that were using these consumers need to have new grants created in the central metawiki consumer repository to start working again.

wikiadmin2023@10.192.21.14(labswiki)> select user_name, oarc_name, oarc_owner_only from oauth_registered_consumer join user on oarc_user_id=user_id where oarc_stage = 1;
+------------------------------+----------------------------------------+-----------------+
| user_name                    | oarc_name                              | oarc_owner_only |
+------------------------------+----------------------------------------+-----------------+
| Stashbot                     | stashbot                               |               1 |
| Strainu                      | ROSEdu challenge                       |               0 |
| StrikerBot                   | Striker                                |               1 |
| MarcoAurelio                 | marcoaurelio-adminbot                  |               1 |
| BryanDavis                   | BryanDavis                             |               1 |
| Labslogbot                   | wmfkeystonehooks                       |               1 |
| MABot                        | MABot                                  |               1 |
| DeploymentCalendarTool       | DeploymentCalendarTool                 |               1 |
| DeploymentCalendarTool       | DeploymentCalendar                     |               1 |
| MABot                        | MABot                                  |               1 |
| Toolforge Image Bot          | tf-image-bot                           |               1 |
| Toolforge Image Bot          | tf-image-bot-self                      |               1 |
| Samtar                       | make-deployments-calendar (Samtar)     |               1 |
| Phabbanbot                   | Phabbanbot                             |               1 |
| Wikitech double redirect bot | Wikitech double redirect bot Pywikibot |               1 |
| Gitlabaccountapprovalbot     | Gitlabaccountapprovalbot               |               1 |
| David Caro                   | dcaro-pywikibot                        |               1 |
| ScheduleDeploymentBot        | ScheduleDeploymentBot                  |               1 |
| Gergő Tisza                  | schedule-deployment personal test      |               1 |
| Gergő Tisza                  | schedule-deployment personal test      |               1 |
+------------------------------+----------------------------------------+-----------------+
20 rows in set (0.001 sec)

Related Objects
Search...

Event Timeline

bd808 created this task.Oct 1 2024, 5:20 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 1 2024, 5:20 PM
bd808 mentioned this in T376176: Stashbot needs new owner-only OAuth grant following Wikitech config change.Oct 1 2024, 5:21 PM
bd808 mentioned this in T376190: toolsadmin.wikimedia.org login fails because of missing OAuth grant at Wikitech .Oct 1 2024, 5:54 PM
bd808 added a subtask: T376190: toolsadmin.wikimedia.org login fails because of missing OAuth grant at Wikitech .
bd808 added a subtask: T376176: Stashbot needs new owner-only OAuth grant following Wikitech config change.Oct 1 2024, 6:10 PM
bd808 closed subtask T376176: Stashbot needs new owner-only OAuth grant following Wikitech config change as Resolved.Oct 1 2024, 6:12 PM
jijiki added a parent task: T292707: ☂ Migrate Wikitech to Kubernetes.Oct 1 2024, 7:33 PM
bd808 added a comment.Oct 1 2024, 7:59 PM

The general fix is to:

bd808 closed subtask T376190: toolsadmin.wikimedia.org login fails because of missing OAuth grant at Wikitech as Resolved.Oct 1 2024, 9:01 PM
bd808 changed the status of subtask T376214: Gitlabaccountapprovalbot needs new SUL OAuth credentials after Wikitech authn changes from Open to In Progress.Oct 1 2024, 9:26 PM
bd808 closed subtask T376214: Gitlabaccountapprovalbot needs new SUL OAuth credentials after Wikitech authn changes as Resolved.Oct 1 2024, 9:35 PM
bd808 changed the status of subtask T376216: Phabbanbot needs new SUL OAuth credentials after Wikitech authn changes from Open to In Progress.Oct 1 2024, 9:42 PM
bd808 closed subtask T376216: Phabbanbot needs new SUL OAuth credentials after Wikitech authn changes as Resolved.Oct 1 2024, 9:50 PM
bd808 changed the status of subtask T376217: ScheduleDeploymentBot needs new SUL OAuth credentials after Wikitech authn changes from Open to In Progress.Oct 1 2024, 9:56 PM
bd808 closed subtask T376217: ScheduleDeploymentBot needs new SUL OAuth credentials after Wikitech authn changes as Resolved.Oct 1 2024, 10:14 PM
bd808 added subscribers: Strainu, MarcoAurelio, thcipriani and 4 others.Oct 1 2024, 10:36 PM
bd808 added a comment.Oct 1 2024, 10:39 PM

I made subtasks for the accounts that seemed mostly likely to still be in use. I also have tried to subscribe all of the humans behind these grants to this task so they at least know about what has happened. New subtasks with the basic checklist can be created with this template link if desired.

bd808 moved this task from Backlog to Authn/Authz on the wikitech.wikimedia.org board.Oct 1 2024, 11:13 PM
Tgr added a comment.Oct 2 2024, 1:49 PM

Could just copy the relevant database rows, there isn't anything wiki-specific in them (other than the user ID). Although if there are only twenty-ish of them, might not be worth the effort.

taavi closed subtask T376223: Toolforge Image Bot needs new SUL OAuth credentials after Wikitech authn changes as Resolved.Oct 2 2024, 2:19 PM
bd808 added a comment.Oct 2 2024, 3:44 PM
In T376188#10196015, @Tgr wrote:

Could just copy the relevant database rows, there isn't anything wiki-specific in them (other than the user ID). Although if there are only twenty-ish of them, might not be worth the effort.

I thought about that briefly yesterday, but I think we would have had to map the user id to a SUL user to do that copy. Since there was no guarantee that these accounts had a SUL equivalent it seemed easiest to let the grant owners handle things manually. If there had been a lot more grants to fix up it probably would be worth some deeper backend help.

Umherirrender subscribed.Oct 2 2024, 6:56 PM

Maybe empty the local oauth tables when no longer used to avoid orphaned rows (maybe as part of T376129: Database clean ups after migration of wikitech to production)

Ladsgroup subscribed.Oct 3 2024, 9:54 AM
MarcoAurelio changed the status of subtask T376222: MABot needs new SUL OAuth credentials after Wikitech authn changes from Open to In Progress.Oct 4 2024, 11:45 AM
MarcoAurelio closed subtask T376222: MABot needs new SUL OAuth credentials after Wikitech authn changes as Resolved.Oct 4 2024, 11:58 AM
Ladsgroup added a comment.Oct 7 2024, 3:02 PM
In T376188#10197509, @Umherirrender wrote:

Maybe empty the local oauth tables when no longer used to avoid orphaned rows (maybe as part of T376129: Database clean ups after migration of wikitech to production)

I'm actually planning to drop them once people here are comfortable they are not needed anymore.

thcipriani closed subtask T376221: DeploymentCalendarTool needs new SUL OAuth credentials after Wikitech authn changes as Resolved.Oct 8 2024, 11:42 PM
taavi closed subtask T376220: Labslogbot needs new SUL OAuth credentials after Wikitech authn changes as Resolved.Oct 22 2024, 3:11 PM
Umherirrender unsubscribed.Oct 26 2024, 9:06 AM
jijiki edited parent tasks, added: T161859: Make Wikitech an SUL wiki; removed: T292707: ☂ Migrate Wikitech to Kubernetes.Feb 3 2025, 3:00 PM
Ladsgroup added a comment.Feb 25 2025, 6:23 PM

I just dropped the whole table.

bd808 closed this task as Resolved.Feb 25 2025, 6:24 PM
bd808 assigned this task to Ladsgroup.
taavi closed subtask T376224: Wikitech double redirect bot needs new SUL OAuth credentials after Wikitech authn changes as Resolved.Jun 19 2025, 8:16 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits