Enhanced Resource Sharing in Seqera Platform
acknowledged
Mattia
The existing sharing mechanism in Seqera allows users to share pipelines across an organization. However, this mechanism:
- Exclusively supports the sharing of pipelines but does not yet extend to datasets, actions, or compute environments.
- It follows an all-or-nothing approach, granting access to shared pipelines to all workspaces, even when such access may not be required.
A more flexible sharing model might allow users to share:
- Compute environments.
- Pipelines.
- Datasets/data sources.
Additionally, users could have the flexibility to define the sharing in a more granular way. For instance, they can specify which workspaces should have access to the shared resources, providing greater control over resource distribution.
This enhancement would aim to make resource sharing in Seqera Platform more versatile and user-centric, allowing for a more tailored approach to collaboration and resource accessibility.
F
Flamingo pink Python
are there any updates on this?
I feel like this is such an important topic that it warrants a blog post from Seqera on how to manage shared resources on Platform across Workspaces. Both in the current state, and details of the expected future changes to resource sharing. If such a blog post does not already exist, it would be greatly appreciated :)
note that it seems you can already share a Compute Environment across workspaces by configuring it once via TowerForge in the first Workspace then entering it Manually in the rest?
would also love to have some references for
tw
cli commands to manage some of this as well.C
Continuous Squid
From an admin perspective, we could imagine the definition of pipelines and compute environment at the organisation level, with the possibility to assign it to the workspaces. Another benefit would be to be able to see all the runs for a single environment accross all workspaces.
Rob Newman
Merged in a post:
Define Org Level Compute
Rhonda Silva
Setting up new workspaces requires redefining all compute resources, credentials, container registries that pertain to our organization. However, those credentials and resources are largely shared within our group, and we'd prefer defining these once at the organization level by our admins.
Mattia
Merged in a post:
Global Management of Users, Groups, and Compute Environments
T
Tangerine yellow Ladybug
Inside the Seqera Platform/Tower, we created multiple organizations and sub-workspaces for organization of our runs. When we did this, we had to create groups in every organization.
As far as Compute Environments (CEs), we had to create them for every single workspace. This gets very tedious and is error prone in missing users or updates to CEs.
Groups should also be able to be assigned by group membership inside of the ODIC token from Okta to ease onboarding of a new user on a team.
As you can see above, if a new user comes on board, I need to go in and add that user to each group in each organization.
Mattia
This request can be split in two pieces, each of which has an open ticket as well:
- Enhanced resource sharing will cover the compute environment creation/update
- Group sync from 3rd party authorization covers the groups assignment with the OIDC token.
I will merge this issue into one of the two and add a vote on your behalf to the other one. In this way, you can contribute to both and be notified of any progress.
Rob Newman
acknowledged