Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Onboarding Chiaka (compliance) #1700

Closed
43 of 73 tasks
LindsayYoung opened this issue Mar 15, 2022 · 6 comments
Closed
43 of 73 tasks

Onboarding Chiaka (compliance) #1700

LindsayYoung opened this issue Mar 15, 2022 · 6 comments
Assignees

Comments

@LindsayYoung
Copy link
Contributor

LindsayYoung commented Mar 15, 2022

Chiaka Onboarding Checklist

NOTE: Do not create this issue until the System Owner has formally authorized and requested it.

In order to get New Person productively contributing to the cloud.gov team, Buddy should help New Person complete a prescribed set of tasks that will bring them up to speed and get them setup with cloud.gov.

Instructions

  1. Try to go through the checklists in order.
  2. If Buddy can’t complete any of the items on their checklist personally, they are responsible for ensuring that someone with the correct access completes that item.

Onboarding Checklist

Required items for all team members

These items help us fulfill security and compliance requirements (including for FedRAMP). If you get stuck, or if these requirements are confusing, ask for help from your buddy or in a cloud.gov channel.

  • Take judicious notes on what about this onboarding process or cloud.gov is confusing or frustrating. If you notice a problem (especially with things like documentation), you are more than welcome to fix it! At the very least, please share this information with your onboarding buddy (or someone) at some point so we can make the team/platform better. (You can also file issues and pull requests on the template Onboarding checklist.
  • Be sure to introduce yourself and follow up with your onboarding buddy (they should have reached out to you at this point; if they haven't, please let the team know) and make sure this issue is assigned to them in our Github Project Planning Board. We use this board to organize, prioritize, and track our work.

Pre-requisites

  • Complete GSA OLU GSA Mandatory Cyber Security and Privacy Training, including accepting the GSA IT Rules of Behavior, which is required before we can give you access to any cloud.gov systems. If you joined GSA more than two months ago, you've already completed this task and can just check the box.

Fulfill security and compliance requirements (including for FedRAMP) - Completed by onboarding buddy

Learn our policies and procedures

For the three trainings list at the top, your onboarding buddy will create a separate ticket to track the trainings once scheduling has been finished. This will help consolidate trainings for multiple new members to the team and prevent them from blocking progress on this onboarding ticket. Once the trainings are scheduled, they can be marked as complete here.

Getting to know cloud.gov

These items will help you come up to speed on cloud.gov and what it is, how it works, why it exists, etc. While you
should take the time to go through them, please do not try and tackle it all in one shot! It can become overwhelming
very quickly, so your onboarding buddy will walk through this list with you at a high level with you to help manage the work.

  • Read the team onboarding document for more context about cloud.gov.
  • Bookmark the pertinent links listed here.
  • Read through the Overview section of our site for a broader understanding of cloud.gov, especially how we present it to potential customers and users.
  • Sign up for a cloud.gov sandbox using your GSA email address and start experimenting to get familiar with the basics of the PaaS from a user's perspective.
    • This is also required in order to make you a platform admin once you've completed the Cybersecurity and Privacy training.
  • Read the Delivery Process document to learn about how we work.
  • Read our service disruption guide to learn how we handle customer-facing service disruptions.
  • Add the cloud.gov Google Drive folder to your Google Drive -- that's where we put cloud.gov docs. If you create or move a doc there, it'll get the right access permissions for team members to be able to view and edit it.
  • Subscribe to the cloud.gov team calendar (click the + in the bottom right) so you know when assorted team meetings are happening in the various squads. Tip: When you plan Out of Office time, make a calendar event for that on the cloud.gov calendar so that your teammates know you'll be away

Slack channels

Your onboarding buddy will add you to these Slack channels:

  • #cloud-gov - bots post announcements here
  • #cg-billing - private business development channel (if applicable)
  • #cg-business - business development (if applicable)
  • #cg-compliance - compliance-related information and discussion
  • #cg-offtopic - off-topic team sharing
  • #cg-platform - platform operations
  • #cg-platform-news - bots post platform alerts
  • #cg-general - program-level information and discusion
  • #cg-support - support requests and assistance within TTS
  • #cg-incidents - private channel for incident response
  • #cg-supportstream - notification channel from our support system, ZenDesk
  • #cg-priv-all - private channel for in-team discussion
  • #cg-priv-gov (Federal employees only) - may contain discussion of contracting-related or other private, federal-employee-only comms

Once you're added to these channels, you probably want to mute these channels until you're on support rotation:

  • #cg-supportstream - notification channel from our support system, ZenDesk
  • #cg-support - support requests and assistance within TTS
  • #cg-platform-news - platform alerts

Compliance-role specific items

You should already have admin rights on your machine as a part of its original setup. If for whatever reason you don't,
Please let your onboarding buddy know and they will help you request local admin rights on your GFE Mac using this justification.

Cloud Operations account management

Note: These are all contingent on completing the GSA Mandatory Cyber Security and Privacy Training first. AWS user names should be identical across accounts so that permissions can be correctly managed by Terraform.

  • Create AWS Accounts via the AWS web console (not Terraform) and provide one-time credentials - these will be setup with read-only/auditor permissions, and once the 3 mandatory cloud.gov trainings are complete they will be added to the audit input file:
    • AWS Commercial accounts
    • AWS GovCloud accounts
  • Add them to Nessus Manager via the GUI
  • Make them an admin of the platform.
  • Add them to the platform-ops team in GitHub.
  • Add them as an admin on the cg-django-uaa docs
  • Add them to the cloud.gov team Google Group so they can participate in team-wide internal communication.
  • Add them to our dockerhub org and ensure we're not over our license count
  • Business Unit Only - Add them to the cloud.gov inquiries Google Group so they can keep apprised of prospective new clients.

Your onboarding buddy will create a separate ticket tied to this one to track the AWS accounts being granted full admin access.

Additional compliance setup/review

  • Install caulking git leak prevention by following the README
  • Verify caulking by running make audit and pasting a screenshot as a comment on this GitHub issue
  • Set GPG signing set up for GitHub (instructions here)

Install a development environment for cloud.gov

  • Install Homebrew (brew)
  • Install CloudFoundry for mac per their docs:
    • brew tap cloudfoundry/tap
    • brew install cf-cli@7
    • brew install openssl
  • Verify CloudFoundry Installation via the CLI (once an existing cloud.gov teammate has made your cloud.gov admin account)
    • cf login -a api.fr.cloud.gov --sso
    • cf orgs
      • As a cloud.gov compliance team member, you should have a very giant list of organizations
      • If you have none or one (e.g. sandbox) org, please reach out to your onboarding buddy
  • Install the Bosh CLI using their instructions for MacOS
    • brew install cloudfoundry/tap/bosh-cli
    • Verify the installation by running bosh -v in the command line
  • Install Terraform and other tools per cg-provision
    • brew install terraform
    • brew install awscli
    • brew install jq
    • Verify Terraform installed and is in your path: run terraform and helper text should display
    • Verify AWS CLI installed and is in your path: run aws and helper text should display
  • Install and configure aws-vault by following our directions
  • Install the Concourse fly CLI
    • Download the fly binary zip for MacOS from https://concourse-ci.org/
    • Extract the binary and move it to /usr/local/bin/fly so it's in your path
      • cd ~/Downloads
      • mv fly /usr/local/bin/fly
    • Verify by running fly -h in your command line
      • This may fail due to app security policy on your mac rejecting apps from unidentified developers.
      • You can try the procedure here to change the app's security settings.
  • Install cloud.gov dev tools by cloning the cg-scripts repo: run git clone https://github.com/cloud-gov/cg-scripts.git in your command line

These are items that are only necessary for someone stepping into a compliance role, but you can still subscribe to the alerts and mailing lists if you're interested:

@mogul mogul changed the title Checklist for Onboarding a New Compliance Team Member Onboarding Chiaka (compliance) Apr 4, 2022
@pburkholder pburkholder self-assigned this Apr 12, 2022
@pburkholder
Copy link
Contributor

Update this checklist so compliance also requests microsoft office

@Chiakao
Copy link
Contributor

Chiakao commented Apr 12, 2022

Test comment - Chiaka Opara

@pburkholder
Copy link
Contributor

I've not added Chiaka to:

#cg-priv-gov (Federal employees only) - may contain discussion of contracting-related or other private, federal-employee-only comms 
#cg-platform-news - bots post platform alerts
#cg-billing - private business development channel (if applicable)
#cg-business - business development (if applicable)

@pburkholder
Copy link
Contributor

Since we need to set up windows, most of the development env. steps are now in cloud-gov/private#986

@pburkholder
Copy link
Contributor

PR #1729 has updates to onboarding process for compliance.

@pburkholder
Copy link
Contributor

@Chiakao and I are closing this ticket as she's now onboarded enough to be a contributing team member. There are issues cloud-gov/private#986 and #1729 for follow on to this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants