Assuming different roles when running tw CLI commands
evaluating
C
Crimson Koala
In the Seqera Platform, I am an
Owner
role. On a separate EC2 instance, I've set up the tw CLI using my personal access token so I can run things like tw launch
programatically. As an
Owner
, I was wondering if there is a way to assume a different role (among the 5 roles - Owner
, Admin
, Maintain
, Launch
, View
) with tw CLI without explicitly changing my role in the Seqera Platform? So basically, a command like:tw launch --assume-role maintain ...
This would be extremely useful because we need to verify the privileges of each role - e.g., that the
Maintain
role cannot modify Compute environment and Credentials - and it would be best if we could do this programatically with the tw CLI.If there is another method of doing this that you could suggest, that would be great as well. Otherwise, we will need to log into the Seqera Platform as each of these roles and test these privileges manually, one-by-one.
Rob Newman
evaluating
Rob Newman
acknowledged
Rob Newman
Hello Crimson Koala: This has been logged as a feature enhancement on the Tower CLI Github repository
Rob Newman
Hello Crimson Koala: The Tower CLI leverages the Seqera API functionality and currently there is no "impersonate user" or "assume role" mechanism on the Seqera API. We will investigate the feasibility of this.