Hello Cylcerists,
I’ve been working on the Bureau of Meteorology’s Cylc8 migration, and there’s one key area of functionality that I’d like some advice on.
The Bureau has used a modified version of gscan in the past to view all running workflows across our Cylc7 instances. I’m attempting to do this for Cylc8.
Is there a way to query the GraphQL API to get ALL USERS workflows that I have access to?
As far as I can tell, Cylc8 doesn’t expose this in an easy to consume format. I could query each known user’s endpoint for their workflows, but this seems unnecessarily messy.
We’ve successfully managed to deploy a multi-user deployment of Cylc8. I’ve got an account that is configured to have READ access to all other user’s UI servers.
I’ve tried to be brief here, but please ask for more detail if needed!
Thanks,
Jez
Hi,
The security model of Cylc keeps all of the Cylc components in userspace. The cylc-uiserver application runs as the user. If you configure authorisation, then other users may also contact it to view the user’s workflows. One user, one server, potentially many observers.
In order to view workflows running under multiple accounts, you need to start a cylc-uiserver for each of the accounts you want to view, then issue the same query to each server. I.E. to do this, you need to issue multiple requests to multiple servers.
Presently the cylc-ui (the web application bit) only opens one connection to one server so cannot list multiple user’s workflows.
You may also want to talk to @jarich who is familiar with the context.
@oliver.sanders has explained the reason for this. As a decentralized system, there is no Cylc component that knows “all the users”, so in fact that information simply does not exist.
Generally this is a great advantage of Cylc, in terms of security, admin burden, usability, and scalability, over more cumbersome central-server workflow managers. But of course there are some scenarios - such as multiple production accounts - where it would be nice to see multiple users at once.
The Cylc 8 hub is “central”, but it still can’t know who “all the users” are (or, more particularly, which ones you want to see) unless you tell it somehow. For the moment, we support targeting specific others users, which you as the user have to ask for. I think there is scope for configuring groups of users at the hub in some way, but that’s yet to be done (you might be considering that, as I recall!).