Azure Blob
The Globus Connect Server Azure Blob Connector provides access to Azure Blob Storage via Globus Connect Server.
This document describes the data types and API routes provided by this connector.
Azure Blob Connector Virtual Filesystem
Azure Blob Storage is unstructured object storage, where each data object is accessed based on a container name and a blob name.
The Azure Blob Connector attempts to make this look like a regular filesystem, by exposing containers as directories in the root of the storage gateway’s file system.
The Azure Blob Connector then treats the /
character in blob names
as a delimiter, presenting blobs in what looks like
subdirectories.
For example, the blob projects/abc/output.txt
in container
project-data
would appear as the file 'output.txt' in the
/project-data/projects/abc
directory.
Azure Blob Connector Storage Gateway Policies
The Azure Blob Connector has policies to manage application credentials and storage account settings.
Application Credentials
The client_id and secret properties provide information for {gcs} to authenticate with Azure Blob Storage. These values must be configured in order for users to access data on collections created with the Azure Blob Connector.
By default, each user of a Azure Blob collection will authenticate to their own Azure AD account, which must have been granted permission to access blob storage via Azure’s Role-Based Access Control. Alternately, you can use {az_cred_type} to use the client_id and secret values as service principal credentials. When using service principal auth, all users of the collection will access the storage using those service credentials.
You will also need to know your Microsoft tenant ID, Azure Storage account name, and whether or not Azure Data Lake Gen2 hierarchical namespace is enabled on the storage account.
These are configured after registering the application with Microsoft as described in the Azure Blob Connector configuration guide.