Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update leavers guide with correct list, contact details and fix links #5093

Merged
merged 2 commits into from
Dec 14, 2023
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
82 changes: 50 additions & 32 deletions runbooks/source/leavers-guide.html.md.erb
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
title: Leavers Guide
weight: 9100
last_reviewed_on: 2023-11-20
last_reviewed_on: 2023-12-13
review_in: 3 months
---

Expand All @@ -13,62 +13,80 @@ When CP team members leave, follow this guide, and log completion in a ticket.

### Digital Services

The Service Desk will be able to remove and revoke access from a number of different accounts outside of Cloud Platform.
#### Google account closure
This has to be ordered in advance of them leaving, by creating a ServiceNow order [Return device for Digital Mac & WTP users](https://mojprod.service-now.com/moj_sp?id=sc_cat_item&sys_id=a1f163211bb1a8507b10ca286e4bcb7a)

#### 1/ Google account closure, ordered in advance of them leaving, by creating a ServiceNow order [Return device for Digital Mac & WTP users](https://mojprod.service-now.com/moj_sp?id=sc_cat_item&sys_id=a1f163211bb1a8507b10ca286e4bcb7a)
This is not just about returning their Mac - it will do the important step of closing their Google account.

This is not just about returning their Mac - it will do the important step of closing their Google account.
This is usually raised by the line manager for civil servants.

* Note - Include details in the ServiceNow request to transfer the leaver's Google Drive to someone in their team.
* Note - Include details in the ServiceNow request to transfer the leaver's Google Drive to someone in their team.

* Note - for leavers from the cloud-platforms team - ask the service desk to transfer any slack webhook integrations to someone in the team. <br>IT IS MOST IMPORTANT THAT YOU REQUEST THIS BEFORE THE PERSON LEAVES<br>
This is because if the person has created a slack-webhook for alerting purposes, the loss of that slack-webhook can cause problems - when their profile is deleted (as the webhook link is referenced in [cloud-platform-infrastructure/blob/main/terraform/cloud-platform-components/terraform.tfvars](https://github.com/ministryofjustice/cloud-platform-infrastructure/blob/main/terraform/cloud-platform-components/terraform.tfvars).
* Note - If the leaver has created any slack apps, these will need to be transferred to someone else in the team.

#### 2/ MOJ Digital VPN removal by creating a ServiceNow order: [Digital VPN add/remove](https://mojprod.service-now.com/moj_sp?id=sc_cat_item&sys_id=6860adc01b8b6818f58d206fe54bcbe3)
Contact #digital-it-forum channel for any queries

#### MOJ Digital VPN removal
Create a ServiceNow order: [Digital VPN add/remove](https://mojprod.service-now.com/moj_sp?id=sc_cat_item&sys_id=6860adc01b8b6818f58d206fe54bcbe3)
This is usually raised by the line manager for civil servants.

#### Slack account deactivation

Cloud Platform maintain a list of webhooks for [Alertmanager Notifications](https://api.slack.com/apps/ABFSJLD8W/incoming-webhooks). When the slack account is deactivated,
these webhooks will still be active. Hence, no action is needed.

Some apps that member installed which require member-specific permissions may be atomatically deactivated.
Check in advance, if the leaver has installed any such apps and if so, transfer them to someone else in the team by creating a ServiceNow order: [Slack tasks for the D&T Workspace](https://mojprod.service-now.com/moj_sp?id=sc_cat_item&sys_id=2749c237db9c609050fbbfce3b9619bb)
Also make sure there there is atleast one other member who is collaborator for the app.

### AWS Accounts

#### 1/ Purge them from AWS accounts:
* Purge them from AWS accounts:

* [moj-cp](https://justice-cloud-platform.eu.auth0.com/samlp/bnqndz9kxf7wDge8ndCWyVwIX1OEElYf)
* [mojdsd](https://moj.awsapps.com/start#/)
* Cloud Platform Ephemeral Test
* Cloud Platform Transit Gateways
* [moj-cp](https://moj.awsapps.com/start#/)
* [mojdsd](https://moj.awsapps.com/start#/)
* Cloud Platform Ephemeral Test
* Cloud Platform Transit Gateways

To login, use the SSO links above, or use the [AWS console](https://console.aws.amazon.com/)
To login, use the SSO links above, or use the [AWS console](https://console.aws.amazon.com/)

#### 2/ Remove them from `cloud-platform-terraform-awsaccounts-iam`
* Remove them from `cloud-platform-terraform-awsaccounts-iam`

* As per [this PR](https://github.com/ministryofjustice/cloud-platform-terraform-awsaccounts-iam/pull/2/files)
* As per [this PR](https://github.com/ministryofjustice/cloud-platform-terraform-awsaccounts-iam/pull/2/files)

#### 3/ Remove them from `cloud-platform-eks`
* Remove them from `cloud-platform eks cluster`

* As per [this File](https://github.com/ministryofjustice/cloud-platform-infrastructure/blob/main/terraform/cloud-platform-eks/cluster.tf)
* As per [this File](https://github.com/ministryofjustice/cloud-platform-infrastructure/blob/main/terraform/aws-accounts/cloud-platform-aws/vpc/eks/cluster.tf#L243)

#### 4/ Request Password Management removal - [contact details here](https://docs.google.com/document/d/1Q6bHUyGEuVi81Bmvi7kOa-DvC-y-L-H3BR13DPsYiVs/edit) removal
### Other 3rd Party Accounts access removal

#### 5/ Remove their access to:
Below are the list of 3rd party accounts that need to be removed when a member leaves the team. Contact [#ask-operations-engineering channel](https://mojdt.slack.com/archives/C01BUKJSZD4) requesting the removal

* [Auth0 justice-cloud-platform](https://manage.auth0.com/dashboard/eu/justice-cloud-platform/users)
1. Request Password Management removal - [1Password](https://1password.com/)

* [Auth0 moj-cloud-platforms](https://manage.auth0.com/dashboard/eu/moj-cloud-platforms-dev/users)
2. [Auth0 justice-cloud-platform](https://manage.auth0.com/dashboard/eu/justice-cloud-platform/users)

* [Pagerduty](https://moj-digital-tools.pagerduty.com/users)
3. [Auth0 moj-cloud-platforms](https://manage.auth0.com/dashboard/eu/moj-cloud-platforms-dev/users)

* [DockerHub MoJ teams](https://cloud.docker.com/orgs/ministryofjustice/teams)
4. [Pagerduty](https://moj-digital-tools.pagerduty.com/users)

* [Pingdom](https://www.pingdom.com)
5. [DockerHub MoJ teams](https://cloud.docker.com/orgs/ministryofjustice/teams)

* [1Password](https://1password.com/)
6. [Pingdom](https://www.pingdom.com)

* [MoJ Github Organisation](https://github.com/ministryofjustice)
7. [1Password](https://1password.com/)

#### 6/ Remove them from the [PagerDuty support rota](https://moj-digital-tools.pagerduty.com/schedules#PFX6FHX/edit) (if applicable)
8. [Sentry](https://ministryofjustice.sentry.io/settings/teams/)

#### 7/ Remove them from [[email protected] Google Group](https://groups.google.com/a/digital.justice.gov.uk/g/platforms/members)
8. [MoJ Github Organisation](https://github.com/ministryofjustice)

## Line manager actions
10. [Zenhub](https://app.zenhub.com/workspaces/cloud-platform-team-5ccb0b8a81f66118c983c189/board)

9. Remove them from the [PagerDuty support rota](https://moj-digital-tools.pagerduty.com/schedules#PFX6FHX/edit) (if applicable)

#### 1/ Fill in the MOJ Digital [Leavers Form](https://leavers.form.service.justice.gov.uk/)
10.Remove them from [[email protected] Google Group](https://groups.google.com/a/digital.justice.gov.uk/g/platforms/members)

## Line manager actions

#### 2/ Complete the [Leavers Checklist for Managers](https://intranet.justice.gov.uk/documents/2015/04/leavers-checklist-for-managers.docx)
1. Fill in the MOJ Digital [Leavers Form](https://leavers.form.service.justice.gov.uk/)
2. Complete the [Leavers Checklist for Managers](https://intranet.justice.gov.uk/documents/2015/04/leavers-checklist-for-managers.docx)