From 357807c429b58c59e2b64cdb44c18259e8662b6f Mon Sep 17 00:00:00 2001 From: James Hochadel Date: Tue, 23 Jan 2024 11:58:04 -0500 Subject: [PATCH 1/6] Remove unused onboarding authorization ticket All onboarding tickets have instructions for properly creating them, and this ticket is no longer part of the process --- .github/ISSUE_TEMPLATE/onboard-authorize.md | 48 --------------------- 1 file changed, 48 deletions(-) delete mode 100644 .github/ISSUE_TEMPLATE/onboard-authorize.md diff --git a/.github/ISSUE_TEMPLATE/onboard-authorize.md b/.github/ISSUE_TEMPLATE/onboard-authorize.md deleted file mode 100644 index 2e07a38..0000000 --- a/.github/ISSUE_TEMPLATE/onboard-authorize.md +++ /dev/null @@ -1,48 +0,0 @@ ---- -name: System Owner Authorize Onboarding -title: System Owner Authorization for Onboarding a New Team Member -about: INTERNAL ONLY - CAN ONLY BE CREATED BY THE SYSTEM OWNER -labels: compliance -assignees: '' - ---- - -# Formal Authorization Request to Onboard a new cloud.gov Team Member - -**NOTE: Only the System Owner can create these issues.** - -If anyone else creates this type of issue, it will be considered invalid and closed with no further action taken. - -## Instructions - -As the System Owner, use this issue template to create a new issue to formally authorize the onboarding of a new cloud.gov team member. Please fill in the `keywords` with the appropriate information so that the follow up onboarding ticket can be created correctly. - -These are the roles we can onboard folks into currently (please refer to the System Security Plan for the full list): - -- Cloud Compliance -- Cloud Development / Customer / Design -- Cloud Operations -- Pages Operator -- System Owner - -These are the teams we currently have: - -- Business Unit -- Compliance -- Pages -- Platform Operators -- Support - -Once you create the issue, delete everything from this line and above when you're finished editing so the issue is complete and ready to be acted upon. It should contain just the message below, with the correct information filled in for the `keywords`. - -**NOTE: Please only use first names when referencing individuals.** - ---- - -@cloud-gov/platform-ops: - -Please create a `Role` onboarding ticket for `New Person` as a new member of the `Team` team within cloud.gov. Thank you. - -Sincerely, - -`System Owner Name`, System Owner From 9aa50878d01a54140d97fa532542daf192989fe2 Mon Sep 17 00:00:00 2001 From: James Hochadel Date: Tue, 23 Jan 2024 11:59:54 -0500 Subject: [PATCH 2/6] Team members should install cf CLI v8, which is approved and current --- .github/ISSUE_TEMPLATE/onboard-compliance.md | 2 +- .github/ISSUE_TEMPLATE/onboard-platform-ops.md | 2 +- .github/ISSUE_TEMPLATE/onboard-support.md | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/onboard-compliance.md b/.github/ISSUE_TEMPLATE/onboard-compliance.md index 61b8946..bf187e0 100644 --- a/.github/ISSUE_TEMPLATE/onboard-compliance.md +++ b/.github/ISSUE_TEMPLATE/onboard-compliance.md @@ -159,7 +159,7 @@ Your onboarding buddy will create a separate ticket tied to this one to track th - [ ] Install [Homebrew (`brew`)](https://brew.sh/) - [ ] Install [CloudFoundry for mac per their docs](https://docs.cloudfoundry.org/cf-cli/install-go-cli.html#pkg-mac): - `brew tap cloudfoundry/tap` - - `brew install cf-cli@7` + - `brew install cf-cli@8` - `brew install openssl` - [ ] Verify CloudFoundry Installation via the CLI (once an existing cloud.gov teammate has [made your cloud.gov admin account](https://cloud.gov/docs/ops/managing-users/#creating-admins)) - `cf login -a api.fr.cloud.gov --sso` diff --git a/.github/ISSUE_TEMPLATE/onboard-platform-ops.md b/.github/ISSUE_TEMPLATE/onboard-platform-ops.md index 01a3090..0f3718f 100644 --- a/.github/ISSUE_TEMPLATE/onboard-platform-ops.md +++ b/.github/ISSUE_TEMPLATE/onboard-platform-ops.md @@ -172,7 +172,7 @@ Your onboarding buddy will create a separate ticket tied to this one to track th - [ ] Install [Homebrew (`brew`)](https://brew.sh/) - [ ] Install [CloudFoundry for mac per their docs](https://docs.cloudfoundry.org/cf-cli/install-go-cli.html#pkg-mac): - `brew tap cloudfoundry/tap` - - `brew install cf-cli@7` + - `brew install cf-cli@8` - `brew install openssl` - [ ] Verify CloudFoundry Installation via the CLI (once an existing cloud.gov teammate has [made your cloud.gov admin account](https://cloud.gov/docs/ops/managing-users/#creating-admins)) - `cf login -a api.fr.cloud.gov --sso` diff --git a/.github/ISSUE_TEMPLATE/onboard-support.md b/.github/ISSUE_TEMPLATE/onboard-support.md index 6038f39..0d96088 100644 --- a/.github/ISSUE_TEMPLATE/onboard-support.md +++ b/.github/ISSUE_TEMPLATE/onboard-support.md @@ -123,9 +123,9 @@ Your onboarding buddy will create a separate ticket tied to this one to track th - [ ] Install [Homebrew (`brew`)](https://brew.sh/) - [ ] Install [CloudFoundry for mac per their docs](https://docs.cloudfoundry.org/cf-cli/install-go-cli.html#pkg-mac): - `brew tap cloudfoundry/tap` - - `brew install cf-cli@7` + - `brew install cf-cli@8` - `brew install openssl` - [ ] Verify CloudFoundry Installation via the CLI (once an existing cloud.gov teammate has [made your cloud.gov admin account](https://cloud.gov/docs/ops/managing-users/#creating-admins)) - `cf login -a api.fr.cloud.gov --sso` - `cf orgs` - - As a cloud.gov support team member, you should have access to your sandbox; if yoou don't, please reach out to your onboarding buddy + - As a cloud.gov support team member, you should have access to your sandbox; if you don't, please reach out to your onboarding buddy From b706be61f20cd3cbcc2a95791021cd14e1819622 Mon Sep 17 00:00:00 2001 From: James Hochadel Date: Tue, 23 Jan 2024 12:00:21 -0500 Subject: [PATCH 3/6] Fix links for configuring aws-vault --- .github/ISSUE_TEMPLATE/onboard-compliance.md | 2 +- .github/ISSUE_TEMPLATE/onboard-platform-ops.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/onboard-compliance.md b/.github/ISSUE_TEMPLATE/onboard-compliance.md index bf187e0..7f7ba7c 100644 --- a/.github/ISSUE_TEMPLATE/onboard-compliance.md +++ b/.github/ISSUE_TEMPLATE/onboard-compliance.md @@ -175,7 +175,7 @@ Your onboarding buddy will create a separate ticket tied to this one to track th - `brew install jq` - [ ] Verify Terraform installed and is in your path: run `terraform` and helper text should display - [ ] Verify AWS CLI installed and is in your path: run `aws` and helper text should display -- [ ] Install and configure `aws-vault` by [following our directions](https://cloud.gov/docs/ops/secrets/#install-aws-vault-for-aws-credentials-and-create-a-profile) +- [ ] Install and configure `aws-vault` by [following our directions](https://cloud.gov/docs/ops/secrets/#aws-credentials) - [ ] Install the Concourse `fly` CLI - Download the `fly` binary zip for MacOS from https://concourse-ci.org/ - Extract the binary and move it to `/usr/local/bin/fly` so it's in your path diff --git a/.github/ISSUE_TEMPLATE/onboard-platform-ops.md b/.github/ISSUE_TEMPLATE/onboard-platform-ops.md index 0f3718f..5a24a46 100644 --- a/.github/ISSUE_TEMPLATE/onboard-platform-ops.md +++ b/.github/ISSUE_TEMPLATE/onboard-platform-ops.md @@ -188,7 +188,7 @@ Your onboarding buddy will create a separate ticket tied to this one to track th - `brew install jq` - [ ] Verify Terraform installed and is in your path: run `terraform` and helper text should display - [ ] Verify AWS CLI installed and is in your path: run `aws` and helper text should display -- [ ] Install and configure `aws-vault` by [following our directions](https://cloud.gov/docs/ops/secrets/#install-aws-vault-for-aws-credentials-and-create-a-profile) +- [ ] Install and configure `aws-vault` by [following our directions](https://cloud.gov/docs/ops/secrets/#aws-credentials) - [ ] Install the Concourse `fly` CLI - `brew install fly` - [ ] Verify by running `fly -h` in your command line From 872132409f04a9ee91ffb22f41d37914e7eba2fd Mon Sep 17 00:00:00 2001 From: James Hochadel Date: Tue, 23 Jan 2024 12:02:09 -0500 Subject: [PATCH 4/6] Use version-independent path for Apple Silicon Homebrew install of fly --- .github/ISSUE_TEMPLATE/onboard-platform-ops.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/ISSUE_TEMPLATE/onboard-platform-ops.md b/.github/ISSUE_TEMPLATE/onboard-platform-ops.md index 5a24a46..57677e6 100644 --- a/.github/ISSUE_TEMPLATE/onboard-platform-ops.md +++ b/.github/ISSUE_TEMPLATE/onboard-platform-ops.md @@ -194,7 +194,7 @@ Your onboarding buddy will create a separate ticket tied to this one to track th - [ ] Verify by running `fly -h` in your command line - This may fail due to app security policy on your mac rejecting apps from unidentified developers. To fix it (replace `` with your installed version of `fly`): - `xattr -d com.apple.quarantine /usr/local/Caskroom/fly//fly` + `xattr -d com.apple.quarantine /opt/homebrew/bin/fly` - [ ] Install cloud.gov dev tools by cloning the [`cg-scripts` repo](https://github.com/cloud-gov/cg-scripts/): run `git clone https://github.com/cloud-gov/cg-scripts.git` in your command line ### Figure out your first tasks From 56e14ff65d1841bd47d744f18f7f2fc54ba51bb5 Mon Sep 17 00:00:00 2001 From: James Hochadel Date: Tue, 23 Jan 2024 15:36:47 -0500 Subject: [PATCH 5/6] Simplify `fly` installation --- .github/ISSUE_TEMPLATE/onboard-platform-ops.md | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/onboard-platform-ops.md b/.github/ISSUE_TEMPLATE/onboard-platform-ops.md index 57677e6..a2a527a 100644 --- a/.github/ISSUE_TEMPLATE/onboard-platform-ops.md +++ b/.github/ISSUE_TEMPLATE/onboard-platform-ops.md @@ -189,12 +189,9 @@ Your onboarding buddy will create a separate ticket tied to this one to track th - [ ] Verify Terraform installed and is in your path: run `terraform` and helper text should display - [ ] Verify AWS CLI installed and is in your path: run `aws` and helper text should display - [ ] Install and configure `aws-vault` by [following our directions](https://cloud.gov/docs/ops/secrets/#aws-credentials) -- [ ] Install the Concourse `fly` CLI - - `brew install fly` +- [ ] Install the Concourse `fly` CLI. Concourse does not sign `fly` with an Apple Developer account, so you must use `xattr` to manually remove the binary from quarantine: + - `brew install fly && xattr -d com.apple.quarantine /opt/homebrew/bin/fly`. - [ ] Verify by running `fly -h` in your command line - - This may fail due to app security policy on your mac rejecting apps from unidentified developers. To fix it (replace `` with your installed version of `fly`): - - `xattr -d com.apple.quarantine /opt/homebrew/bin/fly` - [ ] Install cloud.gov dev tools by cloning the [`cg-scripts` repo](https://github.com/cloud-gov/cg-scripts/): run `git clone https://github.com/cloud-gov/cg-scripts.git` in your command line ### Figure out your first tasks From 4b93fa6e1f770ead54dda40db79ebdad0423040c Mon Sep 17 00:00:00 2001 From: James Hochadel Date: Wed, 24 Jan 2024 13:16:06 -0500 Subject: [PATCH 6/6] Adapt engineer onboarding for project contractors * Rename to "engineer" to clarify that onboarding applies to all engineers, not just members of the platform operations team * Simplify and clarify a variety of sections See https://github.com/cloud-gov/product/issues/2834 --- ...rd-platform-ops.md => onboard-engineer.md} | 168 ++++++++++++------ 1 file changed, 116 insertions(+), 52 deletions(-) rename .github/ISSUE_TEMPLATE/{onboard-platform-ops.md => onboard-engineer.md} (64%) diff --git a/.github/ISSUE_TEMPLATE/onboard-platform-ops.md b/.github/ISSUE_TEMPLATE/onboard-engineer.md similarity index 64% rename from .github/ISSUE_TEMPLATE/onboard-platform-ops.md rename to .github/ISSUE_TEMPLATE/onboard-engineer.md index a2a527a..d38e486 100644 --- a/.github/ISSUE_TEMPLATE/onboard-platform-ops.md +++ b/.github/ISSUE_TEMPLATE/onboard-engineer.md @@ -1,13 +1,13 @@ --- -name: Onboard New cloud.gov Platform Operations Team Member -title: Checklist for Onboarding a New Platform Operator -about: This is the checklist and requirements for onboarding a new platform operator to the cloud.gov team +name: Onboard New cloud.gov Engineer +title: Checklist for Onboarding a New Engineer +about: This is the checklist and requirements for onboarding a new Engineer to the cloud.gov team labels: '' assignees: '' --- -# New Platform Operator Onboarding Checklist +# New Engineer Onboarding Checklist ## Special Notes @@ -28,51 +28,65 @@ In order to get `New Person` productively contributing to the cloud.gov team, `B 1. Try to go through the checklists in order. 2. If `Buddy` can’t complete any of the items on their checklist personally, _they are responsible for ensuring that someone with the correct access completes that item_. -## Onboarding Checklist - -### Required items for all team members +## Required items for all team members These items help us fulfill security and compliance requirements (including for FedRAMP). If you get stuck, or if these requirements are confusing, ask for help from your buddy or in a cloud.gov channel. - [ ] Take judicious notes on what about this onboarding process or cloud.gov is confusing or frustrating. If you notice a problem (especially with things like documentation), you are more than welcome to fix it! At the very least, please share this information with your onboarding buddy (or someone) at some point so we can make the team/platform better. (You can also file issues and pull requests on [the template Onboarding checklist](https://github.com/cloud-gov/product/blob/main/.github/ISSUE_TEMPLATE/onboard-platform-ops.md). - [ ] Be sure to introduce yourself and follow up with your onboarding buddy (they should have reached out to you at this point; if they haven't, please let the team know) and make sure this issue is assigned to them in our [Github Project Planning Board](https://github.com/orgs/cloud-gov/projects/27/views/1). We use this board to organize, prioritize, and track our work. -#### Pre-requisites +### Pre-requisites -- [ ] Complete [GSA OLU](https://gsaolu.gsa.gov/) GSA Mandatory Cyber Security and Privacy Training, including accepting the GSA IT Rules of Behavior, which is required before we can give you access to any cloud.gov systems. If you joined GSA more than two months ago, you've already completed this task and can just check the box. +- [ ] Complete [GSA OLU](https://gsaolu.gsa.gov/) IT Security & Privacy Awareness Training, which includes accepting the GSA IT Rules of Behavior. This is required before we can give you access to any cloud.gov systems. If you joined GSA more than two months ago, you've already completed this task and can check the box. -#### Fulfill security and compliance requirements (including for FedRAMP) - Completed by onboarding buddy +### Fulfill security and compliance requirements (including for FedRAMP) - Completed by onboarding buddy -- [ ] Make sure they're in [the list of people working on the project](https://docs.google.com/spreadsheets/d/187663k5MYJBNlKExLu_nhuovcZQfIbqYCu2n4noNY1o/edit#gid=0). -- [ ] Add their name, whether they're Cloud Ops (Platform), and the date they joined the team to the [training tracker](https://docs.google.com/spreadsheets/d/1hqU6cNeEB293OT0j3OvbdAFRkrf2zDOrPVxGfnr4sSw/edit#gid=0). Copy the formulas for the due dates from an existing row (grab the "corner" of the cells and pull down). -- [ ] As they complete training, fill out their completion dates in the [training tracker](https://docs.google.com/spreadsheets/d/1hqU6cNeEB293OT0j3OvbdAFRkrf2zDOrPVxGfnr4sSw/edit#gid=0). +- [ ] Make sure they're in the [Team Roster](https://docs.google.com/spreadsheets/d/187663k5MYJBNlKExLu_nhuovcZQfIbqYCu2n4noNY1o/edit#gid=0). +- [ ] Add their name, whether they're Cloud Operations, and the date they joined the team to the [training tracker](https://docs.google.com/spreadsheets/d/1hqU6cNeEB293OT0j3OvbdAFRkrf2zDOrPVxGfnr4sSw/edit#gid=0). + - Copy the formulas for the due dates from an existing row (grab the "corner" of the cells and pull down). + - As they complete training, fill out their completion dates in the [training tracker](https://docs.google.com/spreadsheets/d/1hqU6cNeEB293OT0j3OvbdAFRkrf2zDOrPVxGfnr4sSw/edit#gid=0). - [ ] Add them to the @cloud-gov-team [in Slack’s Team Directory](https://get.slack.help/hc/en-us/articles/212906697-User-Groups#edit-a-user-group). -- [ ] Review the recurring cloud.gov meetings that are relevant for them in [the team calendar](https://calendar.google.com/calendar/embed?src=gsa.gov_0samf7guodi7o2jhdp0ec99aks@group.calendar.google.com&ctz=America/Los_Angeles) (they will get access to this when added to the cloud.gov Team Google Group). -- [ ] Add them to the [`cloud-gov`](https://github.com/orgs/cloud-gov/people) organization in GitHub, and the [`cloud-gov-team`](https://github.com/orgs/cloud-gov/teams/cloud-gov-team) team. +- [ ] Inform them of recurring cloud.gov meetings that are relevant for them in [the team calendar](https://calendar.google.com/calendar/embed?src=gsa.gov_0samf7guodi7o2jhdp0ec99aks@group.calendar.google.com&ctz=America/Los_Angeles) (they will get access to this when added to the cloud.gov Team Google Group). +- [ ] Add them on GitHub to the [`cloud-gov-team`](https://github.com/orgs/cloud-gov/teams/cloud-gov-team) team, which will automatically invite them to our [`cloud-gov`](https://github.com/orgs/cloud-gov/people) organization. -#### Learn our policies and procedures +### Complete cloud.gov trainings -For the three trainings list at the top, your onboarding buddy will create a separate ticket to track the trainings once scheduling has been finished. This will help consolidate trainings for multiple new members to the team and prevent them from blocking progress on this onboarding ticket. Once the trainings are scheduled, they can be marked as complete here. +Onboarding buddy: Contact the compliance team in [#cg-compliance](https://gsa.enterprise.slack.com/archives/C0A1Z7L2U) to schedule training(s). -- [ ] Coordinate with your onboarding buddy to go through Contingency Planning training within 60 days (and annually after that). This will cover the following document, which you should also review before or after training: - - [ ] Read the [Contingency Plan](https://docs.cloud.gov/ops/contingency-plan/). -- [ ] Coordinate with your onboarding buddy to go through [Incident Response Training](https://docs.google.com/presentation/d/1AZjQE8zBzMRWZIFUuJPkJLted1ykGtALrLPoPRx5Vls/edit#slide=id.p) within 60 days of joining the team (and annually after that). This will cover the following document, which you should also review before or after training: - - [ ] Read the [Incident Response Guide](https://cloud.gov/docs/ops/security-ir/). -- [ ] Coordinate with your onboarding buddy to go through [nonpublic information training](https://docs.google.com/presentation/d/1uB4MlGCu8ZYUxjKVZKwicQ95MvLxaT4Mh93y6w79GPw/edit#slide=id.p) within 60 days of joining the team (and annually after that). This will cover the following documents, which you should also review before or after training: +All team members: + +- [ ] Coordinate with your onboarding buddy to schedule [nonpublic information training](https://docs.google.com/presentation/d/1uB4MlGCu8ZYUxjKVZKwicQ95MvLxaT4Mh93y6w79GPw/edit#slide=id.p) within 60 days of joining the team (and annually after that). This will cover the following documents, which you should also review before or after training: - [ ] Review the [cloud.gov open source policy guidance about protecting sensitive information](https://github.com/18F/open-source-policy/blob/master/practice.md#protecting-sensitive-information). - [ ] Read our [sharing secret keys](https://cloud.gov/docs/ops/secrets/#sharing-secret-keys) policy. - [ ] Review the [TTS requirements for password management](https://handbook.tts.gsa.gov/general-information-and-resources/tech-policies/password-requirements/). + +
+ + Federal employees and staff contractors, expand this section: + + +Engineers who are federal employees and staff contractors have a Contingency Plan role and may participate in Incident Response, so they must complete the CP and IR trainings. Project contractors do not need to complete these trainings. Check one of the following: + +- [ ] Coordinate with your onboarding buddy to schedule Contingency Planning training within 60 days. (and annually after that). This will cover the following document, which you should also review before or after training: + - [ ] Read the [Contingency Plan](https://docs.cloud.gov/ops/contingency-plan/). +- [ ] Coordinate with your onboarding buddy to schedule [Incident Response Training](https://docs.google.com/presentation/d/1AZjQE8zBzMRWZIFUuJPkJLted1ykGtALrLPoPRx5Vls/edit#slide=id.p) within 60 days of joining the team (and annually after that). This will cover the following document, which you should also review before or after training: + - [ ] Read the [Incident Response Guide](https://cloud.gov/docs/ops/security-ir/). + +
+ +### Learn more policies and procedures + +In addition to the topics in [the trainings section](#complete-cloudgov-trainings), review the following documents: + - [ ] Read the [Continuous Monitoring Strategy](https://cloud.gov/docs/ops/continuous-monitoring/), particularly the [cloud.gov team responsibilities](https://cloud.gov/docs/ops/continuous-monitoring/#cloud-gov-team). - [ ] Read the [Configuration Management Plan](https://cloud.gov/docs/ops/configuration-management/). - [ ] Read the [cloud.gov Security Policies and Procedures](https://github.com/cloud-gov/cg-compliance-docs). These documents explain the high-level policies and procedures we must comply with while running cloud.gov, sorted into security control "families" They explain that we follow GSA IT security policy, and they provide a summary of the procedures in our System Security Plan. - [ ] Review the System Security Plan (the latest version lives on [Google Drive](https://drive.google.com/drive/u/0/folders/0B6fPl5s12igNX3JwR2xFZVpmek0); look for "cloud.gov System Security Plan (SSP)" as a _.docx_ file). Of particular note for onboarding: Section 9 (System Description) and Section 10 (System Environment) -* [ ] Review the team's [Engineering Practices](https://github.com/cloud-gov/internal-docs/tree/main/docs/resources/Engineering-Practices). Some of these are mandatory because they fulfill FedRAMP requirements. +- [ ] Review the team's [Engineering Practices](https://github.com/cloud-gov/internal-docs/tree/main/docs/resources/Engineering-Practices). Some of these are mandatory because they fulfill FedRAMP requirements. ### Getting to know cloud.gov -These items will help you come up to speed on cloud.gov and what it is, how it works, why it exists, etc. While you -should take the time to go through them, please do not try and tackle it all in one shot! It can become overwhelming -very quickly, so your onboarding buddy will walk through this list with you at a high level with you to help manage the work. +These items will help you come up to speed on cloud.gov and what it is, how it works, why it exists, etc. While you should take the time to go through them, please do not try and tackle it all in one shot! It can become overwhelming very quickly, so your onboarding buddy will walk through this list with you at a high level with you to help manage the work. Resources on cloud.gov: @@ -95,39 +109,60 @@ Getting hands-on with cloud.gov: - [ ] [Sign up for a cloud.gov sandbox](https://cloud.gov/sign-up/#get-trial-access-and-a-free-sandbox-space) using your GSA email address and start experimenting to get familiar with the basics of the PaaS from a user's perspective. - This is also required in order to make you a platform admin once you've completed the Cybersecurity and Privacy training. -Add yourself to team resources: +Team resources: + +You will automatically be added to one or more Google Drives: the [Cloud.gov All Staff Drive](https://drive.google.com/drive/folders/0ANH-Bql6mXGBUk9PVA) and, for federal employees, the [Cloud.gov Federal Employees Drive](https://drive.google.com/drive/folders/0AE_c0OLGmVIgUk9PVA). Put all documents related to cloud.gov in the appropriate shared drive so the team can access them and meet federal records requirements. Each drive contains a folder for each squad, and each squad folder contains a "wiki" that explains how the sub-folders are structured. + +
+ + Federal employees and staff contractors, expand this section: + -- [ ] Add the [cloud.gov Google Drive folder](https://drive.google.com/drive/folders/0Bx6EvBXVDWwheUtVckVnOE1pRzA) to your Google Drive -- that's where we put cloud.gov docs. If you create or move a doc there, it'll get the right access permissions for team members to be able to view and edit it. - [ ] Subscribe to [the cloud.gov team calendar](https://calendar.google.com/calendar/embed?src=gsa.gov_0samf7guodi7o2jhdp0ec99aks@group.calendar.google.com&ctz=America/Los_Angeles) (click the + in the bottom right) so you know when assorted team meetings are happening in the various squads. Tip: When you plan Out of Office time, make a calendar event for that on the cloud.gov calendar so that your teammates know you'll be away +
+ ### Slack channels -Your onboarding buddy will add you to these Slack channels: +The following cloud.gov channels are public and all team members are welcome to join: -- [ ] `#cloud-gov` - bots post announcements here -- [ ] `#cg-aws-security` - private channel where bots post security notices - [ ] `#cg-aws-status` - bots post announcements about AWS service outages/incidents -- [ ] `#cg-billing` - private business development channel (if applicable) - [ ] `#cg-business` - business development (if applicable) - [ ] `#cg-compliance` - compliance-related information and discussion +- [ ] `#cg-customer-success` - customer success squad channel +- [ ] `#cg-general` - program-level information and discussion - [ ] `#cg-offtopic` - off-topic team sharing -- [ ] `#cg-ops-banter` - private channel for operations/engineering banter +- [ ] `#cg-platform-news` (🗣️) - bots post platform alerts (mostly CI job notifications) - [ ] `#cg-platform` - platform operations -- [ ] `#cg-platform-news` - bots post platform alerts (mostly CI job notifications) -- [ ] `#cg-general` - program-level information and discusion -- [ ] `#cg-support` - support requests and assistance within TTS -- [ ] `#cg-supportstream` - stream of activity on Zendesk tickets +- [ ] `#cg-support` (🗣️) - support requests and assistance within TTS +- [ ] `#cg-supportstream` (🗣️) - stream of activity on Zendesk tickets +- [ ] `#cloud-gov` (🗣️) - bots post announcements here + +Channels marked with (🗣️) receive a lot of messages, either from customers or bots, and you may want to mute them. + +Project contractors: Your buddy will add you to the private channel for your project. + +
+ + Federal employees and staff contractors, expand this section: + + +Your onboarding buddy will add you to these Slack channels: + +- [ ] `#cg-aws-security` - private channel where bots post security notices +- [ ] `#cg-billing` - private business development channel (if applicable) - [ ] `#cg-incidents` - private channel for incident response +- [ ] `#cg-ops-banter` - private channel for operations/engineering banter - [ ] `#cg-priv-all` - private channel for in-team discussion -- [ ] `#cg-priv-gov` (Federal employees only) - may contain discussion of contracting-related or other private, federal-employee-only comms +- [ ] `#cg-priv-compliance` - private channel for security and compliance discussions + +Lastly, for federal employees only: -Once you're added to these channels, you probably want to mute these channels until you're on a support rotation: +- [ ] `#cg-priv-gov` - may contain discussion of contracting-related or other private, federal-employee-only comms -- [ ] `#cg-support` -- [ ] `#cg-supportstream` -- [ ] `#cg-platform-news` +
-## Platform-Ops-specific items +## Engineering-specific items ### Machine admin rights @@ -150,15 +185,38 @@ AWS user names should be identical across accounts so that permissions can be co - [ ] [Make them an admin](https://cloud.gov/docs/ops/managing-users/#managing-admins) of the platform. - [ ] Add them to the [`platform-ops`](https://github.com/orgs/cloud-gov/teams/platform-ops) team in GitHub. - [ ] Add them as an admin on the cg-django-uaa [docs](https://readthedocs.org/projects/cg-django-uaa/) -- [ ] Add them to [the cloud.gov team Google Group](https://groups.google.com/a/gsa.gov/forum/?hl=en#!forum/cloud-gov) so they can participate in team-wide internal communication. -- [ ] Add them to the [CG-PRIV Google Space](https://mail.google.com/mail/u/0/#chat/space/AAAAr60JXAc), a fallback team communication channel in the event Slack is down. - [ ] Add them to [our dockerhub org](https://hub.docker.com/orgs/cloudgov) and ensure we're not over our license count - [ ] Add them as an `agent` to the cloud.gov support Zendesk (Ask a cloud.gov member with admin access to Zendesk to add them). - [ ] Add them as Technical users to [Ubuntu Advantage](https://ubuntu.com/pro/users) (Admin users for leads and supervisors) -- [ ] Business Unit Only - Add them to the [cloud.gov inquiries Google Group](https://groups.google.com/a/gsa.gov/forum/#!forum/cloud-gov-inquiries) so they can keep apprised of prospective new clients. Your onboarding buddy will create a separate ticket tied to this one to track the AWS accounts being granted full admin access. +### Google Groups and Spaces + +We manage calendar invites and Google Drive access using Google Groups. Some groups can also receive message from outside emails. + +- [ ] Project contractors: Add them to the [cloud.gov Project Contractors Google Group]() for access to the All Staff Google Drive. + +
+ + Federal employees and staff contractors, expand this section: + + +Add them to the following Google Groups: + +- [ ] [cloud.gov Team](https://groups.google.com/a/gsa.gov/forum/?hl=en#!forum/cloud-gov) so they can participate in team-wide internal communication. +- [ ] Business Unit Only - Add them to the [cloud.gov inquiries Google Group](https://groups.google.com/a/gsa.gov/forum/#!forum/cloud-gov-inquiries) so they can keep apprised of prospective new clients. + +And the following Google Space: + +- [ ] [CG-PRIV](https://mail.google.com/mail/u/0/#chat/space/AAAAr60JXAc), a fallback team communication channel in the event Slack is down. + +Lastly, for federal employees only: + +- [ ] [cloud.gov Federal Employees](https://groups.google.com/a/gsa.gov/g/cloud-gov-federal-employees/members) + +
+ ### Additional compliance setup/review - [ ] Install `caulking` git leak prevention by following the [README](https://github.com/cloud-gov/caulking/blob/master/README.md) @@ -167,7 +225,7 @@ Your onboarding buddy will create a separate ticket tied to this one to track th ### Install a development environment for cloud.gov -> **Note:** Make sure you have followed the instructions at the top of this section to get local admin rights on your machine before moving forward +> **Note:** Make sure you have followed the instructions in [Machine admin rights](#machine-admin-rights) at the top of this section to get local admin rights on your machine before moving forward - [ ] Install [Homebrew (`brew`)](https://brew.sh/) - [ ] Install [CloudFoundry for mac per their docs](https://docs.cloudfoundry.org/cf-cli/install-go-cli.html#pkg-mac): @@ -196,11 +254,14 @@ Your onboarding buddy will create a separate ticket tied to this one to track th ### Figure out your first tasks -Please work with your onboarding buddy to determine a platform component to work on first. -Once you've identified the component you're going to focus on, your onboarding buddy will introduce -you to someone who can onboard you to that project in specific. For the next few sprints, work on features, -bugs, and improvements on this component. Reach out to your onboarding buddy or anyone else on the team -if you need any help. Here are some easily-separated pieces to consider: +Project contractors: Check in with your project lead about first tasks. + +
+ + Federal employees and staff contractors, expand this for instructions. + + +Please work with your onboarding buddy and your squad to determine a platform component to work on first. Once you've identified the component you're going to focus on, your onboarding buddy will introduce you to someone who can onboard you to that project in specific. For the next few sprints, work on features, bugs, and improvements on this component. Reach out to your onboarding buddy or anyone else on the team if you need any help. Here are some easily-separated pieces to consider: - S3 broker (Golang, Open Service Broker API) - Aws broker (Golang, Open Service Broker API) @@ -214,6 +275,9 @@ if you need any help. Here are some easily-separated pieces to consider: - uaa-extras (python + OIDC) - shibboleth (Java, OIDC) +
+ + ## Compliance items These are items that are only necessary for someone stepping into a compliance role, but you can still subscribe to the alerts and mailing lists if you're interested: