Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add documentation how to avoid data modification by tools #14239

Merged
merged 6 commits into from
Jul 4, 2022
Merged

Add documentation how to avoid data modification by tools #14239

merged 6 commits into from
Jul 4, 2022

Conversation

bernt-matthias
Copy link
Contributor

While working on #14235 I thought this might be a nice addition to the docs.

Not entirely sure if real_system_username will work for non DRMAA job runners?

How to test the changes?

(Select all options that apply)

  • I've included appropriate automated tests.
  • This is a refactoring of components with existing test coverage.
  • Instructions for manual testing are as follows:
    1. [add testing steps and prerequisites here if you didn't write automated tests covering all your changes]

License

  • I agree to license these contributions under Galaxy's current license.
  • I agree to allow the Galaxy committers to license these and all my past contributions to the core galaxy codebase under the MIT license. If this condition is an issue, uncheck and just let us know why with an e-mail to [email protected].

@mvdbeek mvdbeek requested a review from natefoo July 1, 2022 09:32
@bernt-matthias @mvdbeek
Update doc/source/admin/production.md
d4473a9 
Co-authored-by: Marius van den Beek <[email protected]>
hexylena
hexylena reviewed Jul 1, 2022
View reviewed changes
doc/source/admin/production.md Outdated
- Configure Galaxy to run jobs in a container and enable ``outputs_to_working_directory``. Then the tool will in an environment that allows write access only for the job working dir. All other paths will be accessible read only.
- Use pulsar to stage inputs and outputs

For both more information can be found in the [job configuration](jobs.md) documentatiion and see also [using a compute cluster](cluster.md).
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
For both more information can be found in the [job configuration](jobs.md) documentatiion and see also [using a compute cluster](cluster.md).
More information on pulsar configuration can be found in the [job configuration](jobs.md) documentation, and the other two are explained in [using a compute cluster](cluster.md).

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure it's enough information for the pulsar option, jobs.md doesn't really cover much right? Would it maybe be useful to link to https://training.galaxyproject.org/training-material/topics/admin/tutorials/interactive-tools/tutorial.html#securing-interactive-tools (or better, have us extract that pulsar bit and link to that?)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm fine with both, but don't feel competent wrt pulsar to move the pulsar bit from GTN.

@natefoo
Copy link
Member

natefoo commented Jul 1, 2022

It might be good to have a top level "Security Considerations" page that this goes on to? Otherwise, I like this a lot, it's something that some admins eventually learn but that we definitely should have been more explicit about up front.

nsoranzo
nsoranzo reviewed Jul 4, 2022
View reviewed changes
@nsoranzo nsoranzo added this to the 22.09 milestone Jul 4, 2022
@nsoranzo nsoranzo merged commit 5e08fd1 into galaxyproject:dev Jul 4, 2022
@github-actions
Copy link

github-actions bot commented Jul 4, 2022

This PR was merged without a "kind/" label, please correct.

@bernt-matthias bernt-matthias deleted the doc/data-loss-protection branch July 4, 2022 15:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@martenson martenson martenson left review comments

@mvdbeek mvdbeek mvdbeek left review comments

@hexylena hexylena hexylena approved these changes

@nsoranzo nsoranzo nsoranzo approved these changes

@natefoo natefoo Awaiting requested review from natefoo

Assignees
No one assigned
Labels
area/admin area/documentation kind/enhancement
Projects
None yet
Milestone
23.0
Development

Successfully merging this pull request may close these issues.
6 participants
@bernt-matthias @natefoo @hexylena @martenson @nsoranzo @mvdbeek