One post tagged with "enterprise"

Significant integration, troubleshooting, and management improvements.

Feature updates and improvements​

Studios​

• Improved Studios session management and stability.
• Updated Studios micromamba builds to use conda/micromamba:v2 and Wave 1.33.0.
• Added nameStrategy configuration option to Studios workspace settings.
• Renamed Studios settings route from data-studios to studios.
• Added ability to edit stopped Studios without restarting them.
• Container registry improvements:
  • Configurable container repository path for custom image builds.
  • Configurable container image naming strategy (default, tag prefix, image suffix, none).
• Studios work with Wine/XFCE/VNC (Windows compatible OS).

Compute environments​

• Added separate head and worker pool support for Azure Batch compute environments in both Forge and manual modes.
• Added ability to disable a compute environment.
• Improved Seqera Compute integration.
• Improved compute environment form warning display with individual stacked alerts.

Azure​

• Changed default Azure Batch job timeout to 7 days and exposed it as a new configuration item.
• Updated default Azure termination policy in compute environment creation form.
• Added VNet and subnet support for Azure Batch compute environments.
• Added support for separate managed identity client IDs for head and compute jobs in Azure Batch.
• Enabled Entra (service principal) credentials for Azure Batch Forge pool creation and Fusion v2.

AWS​

• Added AWS credential modes with support for key-based and role-based access.
• Added AWS External ID support for role-based credentials.

GCP​

• Added Workload Identity Federation (WIF) credential support for Google Batch and Google Cloud compute environments.
• Added support for network tagging in Google Batch.
• Added boot disk image selection for Google Batch compute environments.
• Added support for multiple machine types in Google Batch compute environments.
• Configurable retry behavior for tasks with null exit codes in Google Batch compute environments.

Pipelines​

• Redesigned workflow notification email templates with updated styling.
• Added GitHub App manifest flow for credential creation.
• Improved clipboard UX in workflow details header.
• Updated schema radio control copy.
• Redesigned report preview modal header layout and modal.
• Registered Nextflow CLI as a static OIDC client for authorization code with PKCE flow.
• Enriched the POST /trace/create response with platform metadata to reduce downstream API calls from Nextflow. (link needed)

Datasets​

• Added preview support for linked (URL-referenced) dataset versions.

Data Explorer​

• Added data lake support in Data Explorer.
• Added Molstar 3D viewer for PDB and CIF file preview.
• Added extensible view mode selection for JSON files in Data Explorer (JSON, IGV, and plain text).
• Updated Data Explorer to display non-native browser files as text when opened in a new tab.
• Added Fusion symlink resolution to the Data Explorer API.
• Increased the maximum data link name length to 512 characters.

Access control​

• Added required description field to custom role creation.
• Exposed roles API endpoints in the OpenAPI specification.
• Added SSO domain-based redirect for the login guard.

Monitoring and observability​

• Added real-time active user count display in the admin panel.
• Added workspace usage metrics.
• Added CSV export for audit logs v2 with configurable maximum record limit.
• Added audit event metadata (owner ID, workspace ID) to Studios audit events.
• Switched audit logs v2 to token-based pagination for improved performance.
• Added comprehensive audit logging for SSO lifecycle events.
• Migrated telemetry usage queries to use the audit logs v2 table.
• Updated the audit log cleaner to handle both v1 and v2 audit log tables.
• Added CSV export button to the admin audit logs v2 table.
• Added descriptions and documentation metadata to audit event types.
• Added audit event metadata to the remaining Studios session audit events.
• Added audit event metadata (owner ID, workspace ID) to all data link audit events.
• Added target_name field to the audit log v2 data model.
• Renamed outdated audit event types to use consistent naming conventions.
• Deprecated the legacy /admin/audit-logs (v1) endpoint.
• Added target resource names to all audit event emission points.
• Refined audit log v2 target resource context labels in API, UI, and CSV export.
• Added a TOWER_AUDIT_LOG_V2_WRITE_MODE setting supporting v1, v2, and dual modes.
• Removed unused instanceId and instanceName columns from the audit log v2 table.
• Updated the audit log v2 admin table to display resource names alongside target IDs.
• Added target organization, workspace, and user context to audit log v2 interfaces.

General​

• Bumped Micronaut from 4.7.6 to 4.8.3.
• Improved admin workspace list toolbar responsiveness.
• Applied updated status icons across platform components.
• Redesigned page header layout with improved toolbar and breadcrumb integration.
• Added automatic breadcrumb navigation to page headers.
• Updated delete workspace confirmation modal text to clarify the impact of deletion.
• Removed the unused Containers page.
• Removed the dynamic resource labels feature toggle (feature is now always active).

New environment variables in 26.1​

The following environment variables are new or changed in 26.1. See the Configuration overview for the full descriptions and defaults:

• TOWER_DATA_STUDIO_ALLOWED_WORKSPACES — control which workspaces have Studios enabled.
• TOWER_AUDIT_LOG_V2_WRITE_MODE — switch between v1, v2, and dual-write audit log tables.
• TOWER_AUDIT_LOG_V2_CSV_EXPORT_MAX_LOGS — cap the number of records in a CSV export.
• TOWER_AUDIT_LOG_V2_PRE_POST_CHANGE_ENABLED — capture pre/post change state images.
• TOWER_CRON_AUDIT_LOG_CLEAN_UP_* — tune the audit log cleanup cron job.
• TOWER_COMPUTE_ENV_CLEANUP_* — tune the cron job that transitions compute environments stuck in CREATING or DELETING states.
• New Studios family variables for default lifespan, privacy default, list page size, feature manifest URL, Connect iframe scoping, Wave build status checks, disallowed registries, and startup metrics. See Data features.

Bug fixes​

Studios​

• Added workspace existence check before creating Studios workspace settings.
• Fixed R-IDE icon styling.
• Added validation of git repository configuration files when creating a Studio.
• Fixed broken navigation from Studio details page for private Studios.

Compute environments​

• Fixed Google Batch machine type migration to be portable across MySQL and MariaDB.
• Removed hardcoded prediction model configuration from AWS Cloud platform provider.
• Fixed metering event handling to batch events when more than 100 events are received, preventing silent data loss.
• Removed default terminateAsync implementation to enforce explicit provider implementations.
• Fixed Workload Identity Federation (WIF) log retrieval by setting the project ID on the Cloud Logging client.
• Fixed WIF log retrieval by resolving GCP project numbers to project names for Cloud Logging filters.
• Fixed WIF credential context propagation for log retrieval and data link operations.
• Propagated AWS Forge disposal failures instead of silently swallowing exceptions.
• Pinned google-cloud-storage to a compatible version to fix NoClassDefFoundError on GCS data link access.
• Returned an actionable error message when an Azure Batch pool is missing during job submission.
• Propagated GCP Forge disposal failures instead of silently ignoring resource deletion errors.
• Enabled cloud cache for Kubernetes compute environments with local PVC paths.
• Reverted unintended cloud cache change for Kubernetes compute environments.

Pipelines​

• Fixed pipeline implicit default version resolution.
• Removed logs from AI debug button URL to prevent URI too large errors.
• Replaced document.write with client-side form submission in GitHub App manifest flow to fix Firefox blank page issue.
• Made workflow job cancellation idempotent to prevent 500 errors on concurrent cancel requests.
• Fixed parallel requests to pipeline info in the launch form.

Datasets​

• Fixed LazyInitializationException in avatar resolution during dataset creation.
• Fixed dataset name field to apply input normalization (spaces converted to underscores).
• Fixed column order preservation in dataset preview for TSV files.

Data Explorer​

• Fixed IGV MIME type detection in Data Explorer.

Access control​

• Fixed refresh token JWT secret configuration for enterprise deployments.
• Hardened the Auth0 OAuth2 flow with retries against ResponseClosedException errors.
• Fixed auth0org_id column naming to align with Hibernate naming strategy.
• Fixed erroneous @QueryValue annotations on SSO controller path variables causing 404 errors.
• Fixed @PermissionRequired interceptor binding with @Type annotation.
• Fixed @JWTAuthRequired interceptor binding with @Type annotation to prevent silent bypass.

Monitoring and observability​

• Fixed dashboard drop-down scrolling and character overflow.
• Fixed task logging to use populated taskId instead of empty id.
• Fixed user_sign_in audit events to correctly populate the actor field with the signing user's ID.

General​

• Fixed side navigation width not updating in Safari when toggling the collapsed state.
• Fixed credits banner appearing during page load.
• Fixed oversized icon on the forbidden access page.

Upgrade notes​

No breaking changes. Standard upgrade procedure applies.

Configuration changes​

• TOWER_AUDIT_LOG_V2_ENABLED and TOWER_AUDIT_LOG_V2_WRITE_MODE added as configuration options.

  • TOWER_AUDIT_LOG_V2_WRITE_MODE: Turns on the v2 Audit Log for parallel writes with v1 Audit Log.
  • TOWER_AUDIT_LOG_V2_ENABLED: Turns on or off the v2 Audit Log view from the Admin Panel.

Database migrations​

Database migrations run automatically during upgrade. No manual steps required.