Description

Requestor provided information and prerequisites

This section is to be completed by the individual requesting access.

Wikitech username: Aranyap
Email address: aprum-ctr@wikimedia.org
SSH public key (must be a separate key from Wikimedia cloud SSH access): AAAAC3NzaC1lZDI1NTE5AAAAIEwEOsCJll6xPBlcACRHbdvKWUtn97AVvEGvDK9A9SkL (ED25519 key)
Requested group membership: analytics-privatedata-users, with LDAP and kerberos
Reason for access: Internship project, working with intern buddy Hal Triedman (@Htriedman), Privacy Engineer
Name of approving party (manager for WMF/WMDE staff): Jennifer Cross (@Jcross), Security Manager
Ensure you have signed the L3 Wikimedia Server Access Responsibilities document: Yes
Please coordinate obtaining a comment of approval on this task from the approving party.
Contract end date: June 30, 2023
Contract contact: @Jcross

SRE Clinic Duty Confirmation Checklist for Access Requests

This checklist should be used on all access requests to ensure that all steps are covered, including expansion to existing access. Please double check the step has been completed before checking it off.

This section is to be confirmed and completed by a member of the SRE team.

- User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
- User has a valid NDA on file with WMF legal. (All WMF Staff/Contractor hiring are covered by NDA. Other users can be validated via the NDA tracking sheet)
- User has provided the following: wikitech username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform)
- User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not shared with any other service (this includes not sharing with WMCS access, no shared keys.)
- access request (or expansion) has sign off of WMF sponsor/manager (sponsor for volunteers, manager for wmf staff) @Jcross
- access request (or expansion) has sign off of group approver indicated by the approval field in data.yaml @odimitrijevic || @Ottomata

For additional details regarding access request requirements, please see https://wikitech.wikimedia.org/wiki/Requesting_shell_access

	Subject	Repo	Branch	Lines +/-
	Add user aranyap (analytics-privatedata-users, krb)	operations/puppet	production	+12 -1

Event Timeline

aranyap created this task.Mar 2 2023, 9:32 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 2 2023, 9:32 PM

Approved

aranyap renamed this task from Requesting access to RESOURCE for USER[S] to Requesting access to analytics-privatedata-users group (LDAP and kerberos), for AranyaP.Mar 2 2023, 9:46 PM

JMeybohm updated the task description. (Show Details)Mar 3 2023, 10:42 AM

JMeybohm added subscribers: odimitrijevic, Ottomata.

Welcome @aranyap! Please add the ssh key type to your request as well (assuming it's a ed25519 key, but just to be precise about it).

@Jcross from the mail address this looks like a contractor hiring. In that case we'd need:

Contract end date:
Contract contact person:

As well as @KFrancis confirming NDA, thanks!

JMeybohm moved this task from Untriaged to Manager/NDA Approval/Confirmation on the SRE-Access-Requests board.Mar 3 2023, 10:46 AM

Approved.

@JMeybohm Confirming the NDA is on file. Please proceed with the access request. Thanks!

aranyap updated the task description. (Show Details)Mar 3 2023, 6:56 PM

In T331067#8663266, @JMeybohm wrote:

Welcome @aranyap! Please add the ssh key type to your request as well (assuming it's a ed25519 key, but just to be precise about it).

@Jcross from the mail address this looks like a contractor hiring. In that case we'd need:

Contract end date:

Contract contact person:

Updated the key type to ED25519

Should I fill in the contract end date and contact info myself or do I need confirmation from @Jcross ?

Thank you!

I am the contract contact person, and the end date can be listed as June 30, 2023. Thanks!

aranyap updated the task description. (Show Details)Mar 3 2023, 7:21 PM

MatthewVernon updated the task description. (Show Details)Mar 6 2023, 11:25 AM

Change 894603 had a related patch set uploaded (by MVernon; author: MVernon):

[operations/puppet@production] Add user aranyap (analytics-privatedata-users, krb)

https://gerrit.wikimedia.org/r/894603

gerritbot added a project: Patch-For-Review.Mar 6 2023, 11:51 AM

Change 894603 merged by MVernon:

[operations/puppet@production] Add user aranyap (analytics-privatedata-users, krb)

https://gerrit.wikimedia.org/r/894603

Hi @aranyap this is all done for you now.

Maintenance_bot removed a project: Patch-For-Review.Mar 6 2023, 12:10 PM

Hi @MatthewVernon! We're currently running into some weird errors with Aranya's permissions, specifically regarding access to Turnilo and Superset. Is there any way of addressing that on this thread? Or should we start a new ticket? Thanks so much.

I think the right thing would be to open a new ticket; but I note it's SRE Sprint Week, so I'm not sure whether clinic duty tasks will get much attention this week unless flagged as urgent, I'm afraid.

Probably makes sense to reach out to SREs in analytics.

Requesting access to analytics-privatedata-users group (LDAP and kerberos), for AranyaPClosed, ResolvedPublicRequestActions

Description

Requestor provided information and prerequisites

SRE Clinic Duty Confirmation Checklist for Access Requests

Details

Event Timeline

Requesting access to analytics-privatedata-users group (LDAP and kerberos), for AranyaP
Closed, ResolvedPublicRequest
Actions