Talk:Wikimedia Cloud Services team/EnhancementProposals/DNS domain setup

re: cloudinfra project owning parent domains

Historically the domain was owned by a project that existed only for that purpose, 'wmflabsdotorg'; transferring <project> subdomains involves some acrobatics that requires authing as the wmflabsdotorg project.

I just reviewed the code that does this, and it already uses the novaadmin credentials for auth in wmflabsdotorg. So I am pretty sure that there's no additional risk to switching that code over so that it uses the cloudinfra domain. It still feels like a bit of a risk piling additional privileged workflows into cloudinfra, but I am at times a proponent of the "eggs in one basket and then guard that basket" approach so in this case I'm fine with moving ownership to cloudinfra if that makes other things easier/simpler to understand. andrew (talk) 18:05, 3 February 2020 (UTC)