Page MenuHomePhabricator
Create Task
Maniphest T72627

Migrate shell access request process to Phabricator
Closed, DeclinedPublic
Actions

Description

As per T72625: Migrate Tools access request process to Phabricator, it would be nice to move the shell access request process to Phabricator.

In the same manner as with T70625, we would need an extension that provides a link to the wikitech form "User rights management" with the wikitech username or an in-Phabricator solution for user group memberships. If shell rights were given from within Phabricator itself, we would need to make sure that wikitech picks up those changes and not hides them due to caching.

We would also need an equivalent to Labslogbot that at the moment creates new shell requests for newly created user accounts.

Details

Reference
bz70627

Related Objects

Event Timeline

bzimport raised the priority of this task from to Low.Nov 22 2014, 3:47 AM
bzimport added a project: wikitech.wikimedia.org.
bzimport set Reference to bz70627.
bzimport added a subscriber: Unknown Object (MLST).
scfc created this task.Sep 9 2014, 8:25 PM
MZMcBride subscribed.Nov 29 2014, 9:27 PM
Krenair updated the task description. (Show Details)Mar 18 2015, 4:08 PM
Krenair added a project: Phabricator.
Krenair set Security to None.
Krenair removed a subscriber: Unknown Object (MLST).
Qgil updated the task description. (Show Details)Mar 19 2015, 9:54 AM

Just checking: does this have any relation with T550: Allow group members to be managed by external service (i.e. ldap)?

scfc added subscribers: yuvipanda, coren.Mar 19 2015, 12:21 PM

Hmmm. Shell access is in some level equivalent to being a member of the bastion project in LDAP, but IIRC there's some more magic happening with wikitech and OpenStack. And AFAIUI, everything's in flow with an upgrade of OpenStack on the horizon. @Andrew, @coren, @yuvipanda, can you please describe what "shell access" in the context of Labs is (and what it will be in the future)?

Aklapper edited projects, added Project-Admins; removed Phabricator.Mar 19 2015, 2:37 PM
Aklapper added a comment.Apr 25 2015, 9:05 PM

@Andrew, @coren, @yuvipanda, can you please describe what "shell access" in the context of Labs is (and what it will be in the future)?

yuvipanda added a comment.Apr 25 2015, 9:26 PM

Right now it is a manual user right granted that allows you access to the bastion hosts.

I personally am not sure if we need that to be a request - I don't think anyone doesn't get it, and in the cases we've had to remove it from people it's always been after the fact. We can just monitor bastions for resource usage limits and it should be ok (we can even setup cgroups based limits there if we want).

So IMO, 'shell requests' should not exist. They're a waste of user / admin time.

Qgil added a comment.Apr 27 2015, 10:40 AM

The best process is no process at all, so if this works for the Labs team, it works for me as well. :)

Krenair subscribed.Jun 25 2015, 8:18 PM

Should we close this in favour of T97334: Grant shell user right with project memberships and remove autocreation of shell requests ?

Restricted Application added a project: Cloud-Services. · View Herald TranscriptJun 25 2015, 8:18 PM
yuvipanda closed this task as Declined.Jun 25 2015, 8:20 PM
yuvipanda claimed this task.

Yes

Phabricator_maintenance removed a subscriber: yuvipanda.Jun 7 2017, 6:57 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL