We've moved!
You can find our new documentation site and support forum for posting questions here.

Public method fails when submitted by non-Broad email from Broad-owned project

I am doing some testing on the Unity service, and I ran into an issue with submissions that I have not been able to deduce what the problem is.

Background: I'm adding methods to the method repo as user-owned, and setting them to be 'public' so that I can import them into 'orchestration' WDLs that will run the user-owned analysis, and then pipe the output to a benchmarking script.

However, every submission by my testing account ([email protected]) fails with no errors whatsoever. I get a submission ID, but there's nothing inside the submission directory in the bucket, and no errors at all from the API/FireCloud UI. Furthermore, it never even allocates a workflow ID as something upstream fails. The submission returns almost immediately as 'failed'. However, if I submit as my Broad account, everything works just fine. Same method/configuration/inputs. This is using a billing project called 'unity-benchmark-test' that both users are the project owner of, and is mapped to a Broad Institute cost object. The only thing that I can think of is that since this is a Broad CO, there's a permission check somewhere that this test user account fails on.

Here's the workspace I'm trying this out in: https://portal.firecloud.org/#workspaces/unity-benchmark-test/gcs-share-test-analysis-5 (I shared it with the support group to let you look at it).

The analysis that I was trying to test was this: https://portal.firecloud.org/#methods/gcs-share-test-analysis-5-analysis/my-analysis/1

Hopefully someone can look at some logs somewhere and figure out what the permission (or other) issue is. Thanks.

Best Answer

  • bistlinebistline
    Accepted Answer

    So this is now fixed - apparently the issue was that normal API calls were working fine, but the calls to Sam/Cromwell behind the scenes were rejecting the access token for this user. Updating the offline credentials (refresh token) fixed the issue. I hadn't noticed the prompt until just now, but I don't remember seeing it before. So this is either user error, or the notice wasn't displaying correctly. Either way, it probably needs to be more obvious after you register that offline credentials need to be updated


Sign In or Register to comment.