Closed Bug 1133792 Opened 10 years ago Closed 10 years ago

Change persona@mozilla.com from an alias to an account

Categories

(Infrastructure & Operations Graveyard :: Account Requests, task)

Product:
Infrastructure & Operations Graveyard
Component:
Account Requests
Platform:
x86_64
Linux
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: relud, Assigned: jen)

Details

Right now persona@mozilla.com is an alias for infra-services@mozilla.com. I need to make persona@mozilla.com the owner for two projects in the google developer console ( https://console.developers.google.com/project ), but because google can tell persona@mozilla.com is an alias for a group, it will only add members of the group to a project, and not the group email itself. By changing persona@mozilla.com to an account, I hope to be able to make it the owner of persona projects, so that those projects are not bound to an individual employee. The developer console is being used to get OAuth 2.0 api keys for use with the persona gmail bridge. Having an actual user as the owner (ie dthornton@mozilla.com) isn't acceptable, because the api key owner email is shown to end users in production.
:jabba what's the best way to do this ? Create a new account in LDAP ?
Assignee: server-ops → ludovic
Flags: needinfo?(jdow)
Will anyone need to log into this account? Also, I want to make sure we are talking about @mozilla.com, since the bug summary says mozilla.org. If anyone needs to log into the account, I'll have to create it in LDAP under the shared_accounts OU. If it just needs to exist, but no login, then we can create it in the gads_exceptions OU in google directory. Also CC'ing jen, as the owner of google apps.
Assignee: ludovic → jdow
Flags: needinfo?(jdow)
yes it's @mozilla.com, my bad, fixed summary. if emails are forwarded to infra-services@mozilla.com, then no login is required.
Summary: Change persona@mozilla.org from an alias to an account → Change persona@mozilla.com from an alias to an account
jen - can you create an account in google apps in the gads_exceptions OU and set up the forwarding and remove the DL?
Assignee: jdow → jhayashi
Yup. Let me create that now. I may need the LDAP to get the forwarding working, but let me see how far I can get.
Removed the alias and created the account in gads_exception. It took awhile for it to show up correctly in the directory. Sent a test message with the forward on the account. Can someone confirm that they received it at infra-services?
Flags: needinfo?(dthornton)
It worked, thanks!
Flags: needinfo?(dthornton)
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Apparently it needs a login to do what I need in the developer console. I didn't think it would. My bad. Can this account get a login?
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Daniel - will you need permanent access? Or is this a one time thing?
Permanent access, I suspect.
Ok - jabba will need to created a shared ldap account so you can log in. With SSO - you'll need to open a different browser or profile to log into the shared ldap successfully since you are already logged into Google with your account. Since it is a shared account - please open a bug to have the password changed anytime a team member changes. I don't think we currently have the ability to reset the passwords on shared accounts through the normal password reset tool.
Gave password to daniel.
Status: REOPENED → RESOLVED
Closed: 10 years ago10 years ago
Resolution: --- → FIXED
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in before you can comment on or make changes to this bug.