Page MenuHomePhabricator
Create Task
Maniphest T384549

Create a per-user flag for enabling SUL3
Closed, ResolvedPublic
Actions

Description

When we opt a user into the SUL3 rollout, we'd like that to be consistent across wikis and authentication attempts. This is tricky because at the beginning of authentication, when we have to decide whether to start the SUL2 or SUL3 flow, we don't know who the user is. Getting it wrong is not the end of the world but we should minimize how often it happens.

We'll do that by relying on the UserName cookie (which is used by MediaWiki to pre-fill the username field, is set on login with 30 / 365 days expiry and does not get unset on logout):

  • add a GlobalPreferences hidden preference for preferring SUL2 over SUL3;
  • add some logic to SharedDomainUtils::isSul3Enabled() (as a new $wgCentralAuthEnableSul3 type) that checks the UserName cookie, looks up the global preference of the relevant user, and returns whether it is enabled;
  • add an in-process cache since isSul3Enabled() is called a lot;
  • add some helper method for setting the flag.

GlobalPreferences should be a soft dependency for CentralAuth, but can be a hard dependency for this feature (ie. wikis which don't have it just shouldn't set the relevant $wgCentralAuthEnableSul3 type).

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Use UserOptionsManager for SUL3 rollout flagmediawiki/extensions/CentralAuthwmf/1.44.0-wmf.18+118 -147
Use UserOptionsManager for SUL3 rollout flagmediawiki/extensions/CentralAuthmaster+118 -147
add a hook to assist with SUL3 rollout for login/signupmediawiki/coremaster+39 -0
Make sure isSul3Enabled() is a booleanmediawiki/extensions/CentralAuthwmf/1.44.0-wmf.17+80 -74
Make sure isSul3Enabled() is a booleanmediawiki/extensions/CentralAuthwmf/1.44.0-wmf.16+80 -74
Make sure isSul3Enabled() is a booleanmediawiki/extensions/CentralAuthmaster+80 -74
Add configuration options and global preference for the SUL3 rollloutmediawiki/extensions/CentralAuthmaster+530 -38
Add configuration options and global preference for the SUL3 rollloutmediawiki/extensions/CentralAuthwmf/1.44.0-wmf.17+530 -38
Add configuration options and global preference for the SUL3 rollloutmediawiki/extensions/CentralAuthwmf/1.44.0-wmf.16+530 -38
Tests for CentralAuth will need GlobalPreferences availableintegration/configmaster+2 -0
Customize query in gerrit

Related Objects
Search...

Event Timeline

Tgr created this task.Jan 22 2025, 10:36 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 22 2025, 10:36 PM
Tgr mentioned this in T384215: Create method for staged opt-in of existing users into SUL3 rollout.Jan 22 2025, 10:39 PM
Tgr mentioned this in T377144: Create method for deterministically opting new users into SUL3 rollout.Jan 22 2025, 10:53 PM
Tgr added a project: MediaWiki-extensions-CentralAuth.Jan 23 2025, 4:41 PM
Tgr added parent tasks: T384552: Create method for staged opt-in of new users into SUL3 rollout, T377144: Create method for deterministically opting new users into SUL3 rollout, T384215: Create method for staged opt-in of existing users into SUL3 rollout.
gerritbot added a comment.Jan 30 2025, 8:17 PM

Change #1115497 had a related patch set uploaded (by ArielGlenn; author: ArielGlenn):

[mediawiki/extensions/CentralAuth@master] add configurations options and a global preference for the SUL3 rolllout

https://gerrit.wikimedia.org/r/1115497

gerritbot added a project: Patch-For-Review.Jan 30 2025, 8:17 PM
gerritbot added a comment.Jan 31 2025, 9:34 AM

Change #1115782 had a related patch set uploaded (by ArielGlenn; author: ArielGlenn):

[integration/config@master] Tests for CentralAuth will need GlobalPreferences available

https://gerrit.wikimedia.org/r/1115782

Tgr assigned this task to ArielGlenn.Feb 3 2025, 12:31 PM
gerritbot added a comment.Feb 3 2025, 12:33 PM

Change #1115782 merged by jenkins-bot:

[integration/config@master] Tests for CentralAuth will need GlobalPreferences available

https://gerrit.wikimedia.org/r/1115782

Tgr moved this task from Inbox, needs triage to In progress (DO NOT USE) on the MediaWiki-Platform-Team board.Feb 3 2025, 3:15 PM
gerritbot added a comment.Feb 9 2025, 8:02 PM

Change #1118245 had a related patch set uploaded (by ArielGlenn; author: ArielGlenn):

[mediawiki/core@master] add a hook to assist with SUL3 rollout for login/signup

https://gerrit.wikimedia.org/r/1118245

Tgr mentioned this in T386592: There should be a way to set a global preference programmatically.Feb 17 2025, 9:57 AM
gerritbot added a comment.Feb 19 2025, 2:45 PM

Change #1115497 merged by jenkins-bot:

[mediawiki/extensions/CentralAuth@master] Add configuration options and global preference for the SUL3 rolllout

https://gerrit.wikimedia.org/r/1115497

gerritbot added a comment.Feb 19 2025, 2:46 PM

Change #1120977 had a related patch set uploaded (by Gergő Tisza; author: ArielGlenn):

[mediawiki/extensions/CentralAuth@wmf/1.44.0-wmf.16] Add configuration options and global preference for the SUL3 rolllout

https://gerrit.wikimedia.org/r/1120977

gerritbot added a comment.Feb 19 2025, 2:46 PM

Change #1120978 had a related patch set uploaded (by Gergő Tisza; author: ArielGlenn):

[mediawiki/extensions/CentralAuth@wmf/1.44.0-wmf.17] Add configuration options and global preference for the SUL3 rolllout

https://gerrit.wikimedia.org/r/1120978

gerritbot added a comment.Feb 19 2025, 3:22 PM

Change #1120977 merged by jenkins-bot:

[mediawiki/extensions/CentralAuth@wmf/1.44.0-wmf.16] Add configuration options and global preference for the SUL3 rolllout

https://gerrit.wikimedia.org/r/1120977

gerritbot added a comment.Feb 19 2025, 3:22 PM

Change #1120978 merged by jenkins-bot:

[mediawiki/extensions/CentralAuth@wmf/1.44.0-wmf.17] Add configuration options and global preference for the SUL3 rolllout

https://gerrit.wikimedia.org/r/1120978

Stashbot mentioned this in T384552: Create method for staged opt-in of new users into SUL3 rollout.Feb 19 2025, 3:29 PM

Mentioned in SAL (#wikimedia-operations) [2025-02-19T15:29:02Z] <tgr@deploy2002> Started scap sync-world: Backport for [[gerrit:1120977|Add configuration options and global preference for the SUL3 rolllout (T384549 T377144 T384552 T384215)]], [[gerrit:1120978|Add configuration options and global preference for the SUL3 rolllout (T384549 T377144 T384552 T384215)]]

gerritbot added a comment.Feb 19 2025, 10:52 PM

Change #1121103 had a related patch set uploaded (by Gergő Tisza; author: Gergő Tisza):

[mediawiki/extensions/CentralAuth@master] Make sure isSul3Enabled() is a boolean

https://gerrit.wikimedia.org/r/1121103

gerritbot added a comment.Feb 20 2025, 2:17 AM

Change #1121103 merged by jenkins-bot:

[mediawiki/extensions/CentralAuth@master] Make sure isSul3Enabled() is a boolean

https://gerrit.wikimedia.org/r/1121103

ReleaseTaggerBot added a project: MW-1.44-notes (1.44.0-wmf.18; 2025-02-25).Feb 20 2025, 3:00 AM
gerritbot added a comment.Feb 20 2025, 11:02 AM

Change #1121333 had a related patch set uploaded (by Gergő Tisza; author: Gergő Tisza):

[mediawiki/extensions/CentralAuth@wmf/1.44.0-wmf.16] Make sure isSul3Enabled() is a boolean

https://gerrit.wikimedia.org/r/1121333

gerritbot added a comment.Feb 20 2025, 11:03 AM

Change #1121334 had a related patch set uploaded (by Gergő Tisza; author: Gergő Tisza):

[mediawiki/extensions/CentralAuth@wmf/1.44.0-wmf.17] Make sure isSul3Enabled() is a boolean

https://gerrit.wikimedia.org/r/1121334

gerritbot added a comment.Feb 20 2025, 2:47 PM

Change #1121333 merged by jenkins-bot:

[mediawiki/extensions/CentralAuth@wmf/1.44.0-wmf.16] Make sure isSul3Enabled() is a boolean

https://gerrit.wikimedia.org/r/1121333

gerritbot added a comment.Feb 20 2025, 2:51 PM

Change #1121334 merged by jenkins-bot:

[mediawiki/extensions/CentralAuth@wmf/1.44.0-wmf.17] Make sure isSul3Enabled() is a boolean

https://gerrit.wikimedia.org/r/1121334

ReleaseTaggerBot edited projects, added MW-1.44-notes (1.44.0-wmf.16; 2025-02-11); removed MW-1.44-notes (1.44.0-wmf.18; 2025-02-25).Feb 20 2025, 3:00 PM
Tgr added a comment.Feb 20 2025, 3:31 PM

This doesn't work in production and the log has Couldn't find a global ID for user <username> warnings, which makes me think we are running into T380500: CentralAuthUser returning outdated data after user creation.

Tgr added a comment.Feb 20 2025, 4:07 PM

Deployed some between 15:21-15:28 UTC. MySQL dashboards: s7 primary, a random s7 replica, s7 query rate, s7 aggregated. All seems normal so far.

wikiadmin2023@10.192.23.13(centralauth)> select count(*) from global_preferences where gp_property = 'centralauth-use-sul3';
+----------+
| count(*) |
+----------+
|        0 |
+----------+
Tgr mentioned this in T380500: CentralAuthUser returning outdated data after user creation.Feb 21 2025, 4:41 PM
Tgr added a comment.Feb 21 2025, 8:31 PM

After doing some live debugging, it seems CentralAuthUser is working correctly, but GlobalPreferencesFactory::getUserID() uses a replica CentralIdLookup so it doesn't see the freshly created central user record. After changing it to use READ_LATEST, it works as expected.

While looking into this, I discovered rEGPRb72fdbfce7fd: Call parent::execute() after SpecialGlobalPreferences checks (merged but not in production yet) which might also cause problems for our use of GlobalPreferencesFactory.

gerritbot added a comment.Feb 24 2025, 3:46 PM

Change #1118245 abandoned by ArielGlenn:

[mediawiki/core@master] add a hook to assist with SUL3 rollout for login/signup

Reason:

in favour of I241872237a8b27bc4261e6231b55b068bd3ac428

https://gerrit.wikimedia.org/r/1118245

Maintenance_bot removed a project: Patch-For-Review.Feb 24 2025, 4:30 PM
gerritbot added a comment.Feb 25 2025, 1:01 PM

Change #1122571 had a related patch set uploaded (by Gergő Tisza; author: Gergő Tisza):

[mediawiki/extensions/CentralAuth@master] Use UserOptionsManager for SUL3 rollout flag

https://gerrit.wikimedia.org/r/1122571

gerritbot added a project: Patch-For-Review.Feb 25 2025, 1:01 PM
gerritbot added a comment.Feb 26 2025, 6:05 PM

Change #1122571 merged by jenkins-bot:

[mediawiki/extensions/CentralAuth@master] Use UserOptionsManager for SUL3 rollout flag

https://gerrit.wikimedia.org/r/1122571

Maintenance_bot removed a project: Patch-For-Review.Feb 26 2025, 6:30 PM
ReleaseTaggerBot edited projects, added MW-1.44-notes (1.44.0-wmf.19; 2025-03-04); removed MW-1.44-notes (1.44.0-wmf.16; 2025-02-11).Feb 26 2025, 7:00 PM
matmarex subscribed.Feb 27 2025, 3:45 AM
gerritbot added a comment.Mar 5 2025, 1:17 PM

Change #1124783 had a related patch set uploaded (by Gergő Tisza; author: Gergő Tisza):

[mediawiki/extensions/CentralAuth@wmf/1.44.0-wmf.18] Use UserOptionsManager for SUL3 rollout flag

https://gerrit.wikimedia.org/r/1124783

gerritbot added a project: Patch-For-Review.Mar 5 2025, 1:17 PM
gerritbot added a comment.Mar 5 2025, 4:19 PM

Change #1124783 merged by jenkins-bot:

[mediawiki/extensions/CentralAuth@wmf/1.44.0-wmf.18] Use UserOptionsManager for SUL3 rollout flag

https://gerrit.wikimedia.org/r/1124783

Stashbot mentioned this in T379909: Define where to add code that needs to run after a new central user has been created.Mar 5 2025, 4:19 PM
Stashbot mentioned this in T387106: CentralAuthIdLookup should use a cache.

Mentioned in SAL (#wikimedia-operations) [2025-03-05T16:19:50Z] <tgr@deploy2002> Started scap sync-world: Backport for [[gerrit:1124781|CentralAuthIdLookup: Reuse cached object on single-value lookup (T379909 T380500 T387106)]], [[gerrit:1124782|CentralAuthIdLookup: Use primary DB after writes (T379909 T380500)]], [[gerrit:1124783|Use UserOptionsManager for SUL3 rollout flag (T384549)]], [[gerrit:1124784|Make SUL3 global preference optional and simplify logic]], [[gerrit:1124785|Ad

Stashbot added a comment.Mar 5 2025, 4:22 PM

Mentioned in SAL (#wikimedia-operations) [2025-03-05T16:22:50Z] <tgr@deploy2002> tgr: Backport for [[gerrit:1124781|CentralAuthIdLookup: Reuse cached object on single-value lookup (T379909 T380500 T387106)]], [[gerrit:1124782|CentralAuthIdLookup: Use primary DB after writes (T379909 T380500)]], [[gerrit:1124783|Use UserOptionsManager for SUL3 rollout flag (T384549)]], [[gerrit:1124784|Make SUL3 global preference optional and simplify logic]], [[gerrit:1124785|Add passive central do

Maintenance_bot removed a project: Patch-For-Review.Mar 5 2025, 4:31 PM
Stashbot added a comment.Mar 5 2025, 4:54 PM

Mentioned in SAL (#wikimedia-operations) [2025-03-05T16:54:47Z] <tgr@deploy2002> Finished scap sync-world: Backport for [[gerrit:1124781|CentralAuthIdLookup: Reuse cached object on single-value lookup (T379909 T380500 T387106)]], [[gerrit:1124782|CentralAuthIdLookup: Use primary DB after writes (T379909 T380500)]], [[gerrit:1124783|Use UserOptionsManager for SUL3 rollout flag (T384549)]], [[gerrit:1124784|Make SUL3 global preference optional and simplify logic]], [[gerrit:1124785|A

Tgr closed this task as Resolved.Mar 5 2025, 5:25 PM

This seems to be working fine. I backported the UserOptionsManager patch so we don't have two different access mechanisms in production in parallel.

ReleaseTaggerBot edited projects, added MW-1.44-notes (1.44.0-wmf.18; 2025-02-25); removed MW-1.44-notes (1.44.0-wmf.19; 2025-03-04).Mar 5 2025, 6:00 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits