Page MenuHomePhabricator

Migrate shell access request process to Phabricator
Closed, DeclinedPublic

Description

As per T72625: Migrate Tools access request process to Phabricator, it would be nice to move the shell access request process to Phabricator.

In the same manner as with T70625, we would need an extension that provides a link to the wikitech form "User rights management" with the wikitech username or an in-Phabricator solution for user group memberships. If shell rights were given from within Phabricator itself, we would need to make sure that wikitech picks up those changes and not hides them due to caching.

We would also need an equivalent to Labslogbot that at the moment creates new shell requests for newly created user accounts.

Details

Reference
bz70627

Event Timeline

bzimport raised the priority of this task from to Low.Nov 22 2014, 3:47 AM
bzimport set Reference to bz70627.
bzimport added a subscriber: Unknown Object (MLST).
scfc created this task.Sep 9 2014, 8:25 PM
Krenair updated the task description. (Show Details)Mar 18 2015, 4:08 PM
Krenair added a project: Phabricator.
Krenair set Security to None.
Krenair removed a subscriber: Unknown Object (MLST).

Hmmm. Shell access is in some level equivalent to being a member of the bastion project in LDAP, but IIRC there's some more magic happening with wikitech and OpenStack. And AFAIUI, everything's in flow with an upgrade of OpenStack on the horizon. @Andrew, @coren, @yuvipanda, can you please describe what "shell access" in the context of Labs is (and what it will be in the future)?

@Andrew, @coren, @yuvipanda, can you please describe what "shell access" in the context of Labs is (and what it will be in the future)?

Right now it is a manual user right granted that allows you access to the bastion hosts.

I personally am not sure if we need that to be a request - I don't think anyone doesn't get it, and in the cases we've had to remove it from people it's always been after the fact. We can just monitor bastions for resource usage limits and it should be ok (we can even setup cgroups based limits there if we want).

So IMO, 'shell requests' should not exist. They're a waste of user / admin time.

Qgil added a comment.Apr 27 2015, 10:40 AM

The best process is no process at all, so if this works for the Labs team, it works for me as well. :)

Restricted Application added a project: Cloud-Services. · View Herald TranscriptJun 25 2015, 8:18 PM
yuvipanda closed this task as Declined.Jun 25 2015, 8:20 PM
yuvipanda claimed this task.

Yes