Page MenuHomePhabricator
Create Task
Maniphest T400176

Grant Access to nda & logstash for Novem Linguae
Closed, ResolvedPublic
Actions

Description

  • Do you currently have shell access (Yes/No)? no
  • Purpose (Specify which service you need to get access to, e.g. Icinga, Grafana, Superset etc): NDA toolkit + Logstash
  • The specific LDAP group that you want to be added to (optional): LDAP nda, logstash-access, Phabricator WMF-NDA

Notes

I've been doing volunteer software engineering work lately across multiple extensions (PageTriage, SecurePoll, FlaggedRevs) (list of patches) and would like to have access to good tools to help with this. Logstash access would speed me up in general, and would have sped me up in the following tickets I recently worked on:

@Samwalton9-WMF has offered to sponsor me.

If we could keep my real name out of the data.yaml file that'd be appreciated. For a previous volunteer, I think you just put realname: (known to Legal) in the data.yaml file.

Thanks for your consideration.

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Record LDAP access for novemlinguaeoperations/puppetproduction+4 -0
Customize query in gerrit

Related Objects

Event Timeline

Novem_Linguae created this task.Jul 22 2025, 3:38 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 22 2025, 3:38 PM
Samwalton9-WMF added a comment.Jul 23 2025, 2:10 PM

Novem is a productive and capable volunteer developer and I think he can be trusted with this access.

jhathaway added subscribers: KFrancis, jhathaway.Jul 24 2025, 4:39 PM

@KFrancis would you kindly confirm that @Novem_Linguae has signed the NDA?

jhathaway moved this task from Backlog to NDA Pending on the LDAP-Access-Requests board.Jul 24 2025, 4:40 PM
Novem_Linguae added a comment.Jul 24 2025, 4:40 PM

I haven't signed it yet. I'm happy to do so. Just need instructions on how to get that started.

KFrancis added a comment.Jul 24 2025, 5:42 PM

Hi @Novem_Linguae, please send your legal name, postal address, and email to kfrancis@wikimedia.org and I will put the NDA together for you to sign. Thanks!

KFrancis added a comment.Jul 25 2025, 12:02 AM

The NDA has been sent for signatures. I'll confirm when it's complete, Thanks!

Aklapper awarded a token.Jul 25 2025, 3:33 PM
Novem_Linguae added a comment.Jul 30 2025, 11:27 PM

Quick update. I e-signed the NDA on 2025-07-24. I guess next step is, when she gets a moment, for @KFrancis to confirm in this ticket?

KFrancis added a comment.Jul 31 2025, 12:10 AM

I just pinged legal counsel to counter sign. I'll confirm when it's complete.

KFrancis added a comment.Jul 31 2025, 12:19 AM

The NDA is complete. Thanks!

CDobbins changed the task status from Open to In Progress.Jul 31 2025, 8:52 PM
CDobbins claimed this task.
CDobbins triaged this task as Medium priority.
CDobbins updated the task description. (Show Details)
CDobbins updated the task description. (Show Details)Jul 31 2025, 8:54 PM
CDobbins updated the task description. (Show Details)
CDobbins added subscribers: Ahoelzl, Ottomata, Milimetric.Jul 31 2025, 9:01 PM

@Milimetric @Ahoelzl @Ottomata could any of you confirm that access should be granted access to the logstash group? Thanks!

CDobbins updated the task description. (Show Details)Aug 1 2025, 7:34 PM
Novem_Linguae added a comment.Aug 2 2025, 12:36 PM

SSH public key: https://en.wikipedia.org/w/index.php?title=User:Novem_Linguae/sandbox&oldid=1303853373

Ottomata removed subscribers: Milimetric, Ottomata, Ahoelzl.Aug 4 2025, 2:11 PM

@CDobbins Data-Platform-Engineering doesn't manage logstash access. Perhaps observability team?

Novem_Linguae added a comment.Aug 11 2025, 7:08 AM

Hello friends. Anything I can do to help to keep this moving?

  • This is currently on the "NDA Pending" column of the LDAP-Access-Requests board. That can probably be updated since the NDA is complete. Please see KFrancis' comment above about the completed NDA.
  • Should we remove the shell checklist from the original post? I don't think this ticket involves shell access.
  • Since the NDA is confirmed signed, perhaps we can write a data.yaml patch adding me to NDA, filed under the ldap_only_users section?
    • For my real name, can you please set it to realname: (known to Legal) to help preserve my privacy? I think there are 4 other people in the file that have this set as well.
  • Since the NDA is confirmed signed, perhaps I can be added to Phabricator WMF-NDA?
  • After bullet three is complete, I should be able to apply for logstash through https://idm.wikimedia.org/permissions/, I think?

Thanks a lot. Looking forward to your feedback.

tappof subscribed.Aug 11 2025, 3:30 PM

Hello @Novem_Linguae,
Yes, it’s safe to remove the shell access checklist from the original post. Moreover, I’ve just added you to the NDA group, so your request has been fulfilled.

@KFrancis, could you please confirm that the NDA signed by the user grants access to the wmf-nda tasks on Phabricator? Thank you!

tappof moved this task from NDA Pending to Backlog on the LDAP-Access-Requests board.Aug 11 2025, 3:31 PM
Novem_Linguae updated the task description. (Show Details)Aug 11 2025, 8:51 PM
Novem_Linguae added a comment.Aug 11 2025, 9:00 PM

Thanks! I just tried to log into a couple of NDA tools such as Superset and Icinga and got "Authentication Failure. Service access denied due to missing privileges." Is there perhaps another step that is needed such as adding me to data.yaml? https://wikitech.wikimedia.org/wiki/SRE/Clinic_Duty/Access_requests#NDA_Group. Thanks for all your help with this.

KFrancis added a comment.Aug 11 2025, 10:51 PM
In T400176#11074412, @tappof wrote:

Hello @Novem_Linguae,
Yes, it’s safe to remove the shell access checklist from the original post. Moreover, I’ve just added you to the NDA group, so your request has been fulfilled.

@KFrancis, could you please confirm that the NDA signed by the user grants access to the wmf-nda tasks on Phabricator? Thank you!

Hi all, yes. I'm confirming the NDA grants access to: LDAP and logstash-access

gerritbot added a comment.Aug 12 2025, 12:00 PM

Change #1177977 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Record LDAP access for novemlinguae

https://gerrit.wikimedia.org/r/1177977

gerritbot added a project: Patch-For-Review.Aug 12 2025, 12:00 PM
MoritzMuehlenhoff subscribed.Aug 12 2025, 12:03 PM
In T400176#11075795, @Novem_Linguae wrote:

Thanks! I just tried to log into a couple of NDA tools such as Superset and Icinga and got "Authentication Failure. Service access denied due to missing privileges."

Please force a fresh SSO session by accessing https://idp.wikimedia.org/logout and logging in again. If that still fails, please post the "memberof" data from https://idp.wikimedia.org/login to this task.

Is there perhaps another step that is needed such as adding me to data.yaml?

You can request the Logstash access via https://wikitech.wikimedia.org/wiki/SRE/LDAP/Groups/Request_access#Using_the_Wikimedia_Identity_Management_System

gerritbot added a comment.Aug 12 2025, 1:05 PM

Change #1177977 merged by Tiziano Fogli:

[operations/puppet@production] Record LDAP access for novemlinguae

https://gerrit.wikimedia.org/r/1177977

Maintenance_bot removed a project: Patch-For-Review.Aug 12 2025, 1:31 PM
Novem_Linguae closed this task as Resolved.Aug 12 2025, 4:40 PM

The NDA tools / idp login worked after logging out and logging back in. Thanks for that advice.

Most of this ticket is resolved now. Will apply for Logstash in idm as suggested.

Marking as resolved. Thank you everyone for your help.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits