Assume different roles when running commands

[robnewman]

In the Seqera Platform, I am an Owner role. On a separate EC2 instance, I've set up the tw CLI using my personal access token so I can run things like tw launch programatically.

As an Owner, I was wondering if there is a way to assume a different role (among the 5 roles - Owner, Admin, Maintain, Launch, View) with tw CLI without explicitly changing my role in the Seqera Platform? So basically, a command like:

tw launch --assume-role maintain ...

This would be extremely useful because we need to verify the privileges of each role - e.g., that the Maintain role cannot modify Compute environment and Credentials - and it would be best if we could do this programatically with the tw CLI.

If there is another method of doing this that you could suggest, that would be great as well. Otherwise, we will need to log into the Seqera Platform as each of these roles and test these privileges manually, one-by-one.

Source: https://feedback.seqera.io/feature-requests/p/assuming-different-roles-when-running-tw-cli-commands

[jordeu]

The CLI mainly leverages what the Seqera API allows it to do. As far as I know, there is no impersonate user or role mechanism on the Seqera API (I'm pinging @tcrespog to confirm that). So, this request should first be moved into a Seqera API request.

[tcrespog]

As far as I know, there is no impersonate user or role mechanism on the Seqera API (I'm pinging @tcrespog to confirm that). So, this request should first be moved into a Seqera API request.

No, there's is no role impersonation mechanism and this would make part of a wider feature request indeed.