Page MenuHomePhabricator
Create Task
Maniphest T380574

Add SUL3 authentication domain to deploy canary checks
Closed, ResolvedPublic
Actions

Description

We are adding a new special domain that can be used to access any wiki while sharing cookies (T363695: Create a Wikimedia login domain that can be served by any wiki). For security reasons, there will be some differences in the configuration used while using this domain (T373737: Disable irrelevant extensions on SUL3 login domain). This means it's possible to break the authentication domain while making a change that's not in any obvious way related to it (most likely, by deploying a new extension that depends on an existing extension; if that extension is disabled on the authentication domain, the new extension needs to be disabled as well).

It's unreasonable to expect the people involved in a deployment to pay attention to this, so we should make sure the tooling checks for breakage, by adding some authentication URL (e.g. https://auth.wikimedia.org/enwiki/wiki/Special:Userlogin) to the canary URLs.

(Blocked on T377187: Set up auth.wikimedia.org for now, the authentication domain only exists in Beta.)

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
SUL3: Add auth domain to URL testsoperations/mediawiki-configmaster+1 -0
SUL3: Add auth domain to httpbb URL testsoperations/puppetproduction+8 -0
Customize query in gerrit

Related Objects
Search...

Event Timeline

Tgr created this task.Nov 22 2024, 10:40 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 22 2024, 10:40 AM
Tgr added a subtask: T377187: Set up auth.wikimedia.org.Nov 22 2024, 10:40 AM
Tgr added a project: MediaWiki-Platform-Team.Nov 24 2024, 3:55 PM
Tgr moved this task from Backlog to Blocked / External on the SUL3 board.
Tgr mentioned this in T373737: Disable irrelevant extensions on SUL3 login domain.Nov 25 2024, 10:16 AM
Tgr removed a subtask: T377187: Set up auth.wikimedia.org.Nov 27 2024, 12:07 PM
Tgr added a parent task: T377187: Set up auth.wikimedia.org.
gerritbot added a comment.Dec 1 2024, 10:37 AM

Change #1099338 had a related patch set uploaded (by Gergő Tisza; author: Gergő Tisza):

[operations/mediawiki-config@master] SUL3: Add auth domain to URL tests

https://gerrit.wikimedia.org/r/1099338

gerritbot added a project: Patch-For-Review.Dec 1 2024, 10:37 AM

Change #1099339 had a related patch set uploaded (by Gergő Tisza; author: Gergő Tisza):

[operations/puppet@production] SUL3: Add auth domain to httpbb URL tests

https://gerrit.wikimedia.org/r/1099339

Tgr claimed this task.Dec 1 2024, 10:43 AM
Tgr moved this task from Inbox, needs triage to In progress (DO NOT USE) on the MediaWiki-Platform-Team board.
Tgr moved this task from In progress (DO NOT USE) to Waiting on the MediaWiki-Platform-Team board.Dec 17 2024, 9:32 PM
Tgr moved this task from Waiting to In progress (DO NOT USE) on the MediaWiki-Platform-Team board.Jan 10 2025, 2:03 PM
gerritbot added a comment.Jan 14 2025, 5:42 PM

Change #1099339 merged by Kamila Součková:

[operations/puppet@production] SUL3: Add auth domain to httpbb URL tests

https://gerrit.wikimedia.org/r/1099339

Tgr closed this task as Resolved.Jan 14 2025, 7:58 PM
gerritbot added a comment.Jan 14 2025, 9:09 PM

Change #1099338 merged by jenkins-bot:

[operations/mediawiki-config@master] SUL3: Add auth domain to URL tests

https://gerrit.wikimedia.org/r/1099338

Stashbot added a comment.Jan 14 2025, 9:10 PM

Mentioned in SAL (#wikimedia-operations) [2025-01-14T21:10:29Z] <cjming@deploy2002> Started scap sync-world: Backport for [[gerrit:1099338|SUL3: Add auth domain to URL tests (T380574)]]

Stashbot added a comment.Jan 14 2025, 9:17 PM

Mentioned in SAL (#wikimedia-operations) [2025-01-14T21:17:20Z] <cjming@deploy2002> cjming, tgr: Backport for [[gerrit:1099338|SUL3: Add auth domain to URL tests (T380574)]] synced to the testservers (https://wikitech.wikimedia.org/wiki/Mwdebug)

Stashbot added a comment.Jan 14 2025, 9:28 PM

Mentioned in SAL (#wikimedia-operations) [2025-01-14T21:28:29Z] <cjming@deploy2002> Finished scap sync-world: Backport for [[gerrit:1099338|SUL3: Add auth domain to URL tests (T380574)]] (duration: 18m 00s)

Maintenance_bot removed a project: Patch-For-Review.Jan 14 2025, 9:30 PM
Tgr mentioned this in T383729: SUL3 Phase 0: Account creation and login on test wikis.Jan 14 2025, 10:29 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits