To celebrate the release of GATK 4.0, we are giving away free credits for running the GATK4 Best Practices pipelines in FireCloud, our secure online analysis portal. It’s first come first serve, so sign up now to claim your free credits worth $250. Sponsored by Google Cloud. Learn more at https://software.broadinstitute.org/firecloud/documentation/freecredits
LATEST RELEASE: FireCloud's latest release was on February 13th. Release Notes can be found here.

Method permissions do not propagate across snapshots

ericco92ericco92 Cambridge, UKMember

Hi,

I'd like to make a request for change in FireCloud behavior when updating WDLs. Currently, a firecloud -u https://api.firecloud.org/api -m push ... destroys any app permissions previously granted. It would be much slicker to have app permissions persist across snapshots.

I find I often have to trial-and-error my way to a perfect WDL in FireCloud after local Cromwell testing, and often I'm sharing the workflow with others. This means that every time I push on the command line I have to go log in to FireCloud and manually add all N people previously granted permissions back to the app.

This is both time consuming and a bit odd - no other cloud systems (nor Unix) use this permissions model. Is this something that can be fixed?

Cheers,
Eric

Answers

  • esalinasesalinas BroadMember, Broadie

    @Geraldine_VdAuwera @ericco92
    One thing that would seem to be a possibility is that the permissions/sharings could be "auto-propagated" when a new WDL (same name and same namespace) is uploaded (to generate a new snapshot ID equal to 1+old_snapshot_id). However, if for some reason one would not want to propagate the permissions (for example maybe to "spare" others from numerous updated WDLs) perhaps a flag could be set to turn off "permissions auto-propagation"?

    just an idea......

    -eddie

  • Geraldine_VdAuweraGeraldine_VdAuwera Cambridge, MAMember, Administrator, Broadie

    Hi @ericco92, @esalinas

    I agree this is very annoying. The good news is that there is work underway to enable propagating permissions when you update a method through the UI. We don't yet have a plan for doing the same thing for updates made through the API, but we do plan to address that as well further down the road.

Sign In or Register to comment.