Skip to content

chore: Add billingetl and atlantis service account wg to bugzilla_met…#9633

Open
jasonthomas wants to merge 1 commit into
mainfrom
MZCLD-2515-1
Open

chore: Add billingetl and atlantis service account wg to bugzilla_met…#9633
jasonthomas wants to merge 1 commit into
mainfrom
MZCLD-2515-1

Conversation

@jasonthomas

@jasonthomas jasonthomas commented Jun 24, 2026

Copy link
Copy Markdown
Member

…rics.user table

Description

Enable billingetl scheduled jobs and atlantis to read these tables. Related to https://github.com/mozilla/private-bigquery-etl/pull/1416

Related Tickets & Documents

Reviewer, please follow this checklist

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This PR adds two workgroups (finops/billingetl-bq-scheduled and platform/platform-tf) to the roles/bigquery.dataViewer access list of bugzilla_metrics.users so that billingetl scheduled jobs and Atlantis can read the table. The change itself is a small, well-scoped access grant. My one comment concerns keeping the access list in sync with the downstream authorized view person_mozilla_com, per the maintenance note that already exists in that view's metadata.

members:
- workgroup:finops/billingetl-bq-scheduled
- workgroup:platform/access-events
- workgroup:platform/platform-tf

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

issue: taskclusteretl/person_mozilla_com/metadata.yaml selects from this view and carries an explicit note that "workgroup_access updates to bugzilla_metrics.users need to match the access here" because the authorization logic only resolves one layer of references. With this change users grants three members (finops/billingetl-bq-scheduled, platform/access-events, platform/platform-tf) while person_mozilla_com still grants only platform/access-events, so the two lists no longer match. If billingetl-bq-scheduled and platform-tf need to read through person_mozilla_com, add them to taskclusteretl/person_mozilla_com/metadata.yaml as well; if they only need direct access to users, that's consistent but worth confirming against the sync note.

@scholtzan

Copy link
Copy Markdown
Collaborator

Integration report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants