StorageGateway_1_2_0

StorageGateway_1_2_0 Document

A storage gateway provides the access policies for the endpoint’s connected storage systems. It is a named interface by which authorized users can create and manage collections on the connected storage system. A single storage system may be associated with multiple storage gateways, each with its own policies.

Storage gateway policies describe what type connector the storage gateway uses, the paths it allows access to, the login requirements are for the storage gateway, and the algorithm to map Globus identities to the user namespace of the storage gateway (e.g. local accounts).

Version 1.1.0 includes support for multi-factor authentication requirements for high assurance storage gateways.

Version 1.2.0 includes support for admin managed credentials.

Name

Type

Description

DATA_TYPE

string storage_gateway#1.2.0

Type of this document

admin_managed_credentials

boolean

Flag indicating if the storage_gateway allows endpoint administrators to manage user credentials on behalf of other users.

allowed_domains

array of string

List of allowed domains. Users creating credentials or collections on this storage gateway must have an identity in one of these domains.

authentication_assurance_timeout (deprecated)

integer

Alias for authentication_timeout_mins[Private]

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated to access files or create user credentials on this storage gateway.

For a high assurance storage gateway, this must be done within the current Globus Auth session, otherwise, the caller can perform the authentication with any application which uses Globus Auth.

connector_id

string <uuid>

Id of the connector type that this storage gateway interacts with.

deleted

boolean

Flag indicating that this storage gateway has been deleted[Private]

display_name

string

Name of the storage gateway

high_assurance

boolean

Flag indicating if the storage_gateway requires high assurance features.

id

string <uuid>

Unique id for this storage gateway

identity_mappings

array ( IdentityMapping )

List of identity mappings to apply to user identities to determine what connector-specific accounts are available for access. [Private]

load_dsi_module

string

Name of the DSI module to load by the GridFTP server when accessing this storage gateway. [Private]

policies

S3StoragePolicies_1_0_0 or S3StoragePolicies_1_1_0 or S3StoragePolicies_1_2_0 or S3StoragePolicies_1_3_0 or AzureBlobStoragePolicies_1_0_0 or AzureBlobStoragePolicies_1_1_0 or BlackPearlStoragePolicies_1_0_0 or BoxStorage_1_0_0 or BoxStorage_1_1_0 or BoxStorage_1_2_0 or CephStoragePolicies_1_0_0 or DropboxStoragePolicies_1_0_0 or GoogleCloudStoragePolicies_1_0_0 or GoogleCloudStoragePolicies_1_1_0 or GoogleDriveStoragePolicies_1_0_0 or GoogleDriveStoragePolicies_1_1_0 or HPSSStoragePolicies_1_0_0 or HPSSStoragePolicies_1_1_0 or IrodsStoragePolicies_1_0_0 or OneDriveStoragePolicies_1_0_0 or OneDriveStoragePolicies_1_1_0 or PosixStoragePolicies_1_0_0 or PosixStagingStoragePolicies_1_0_0

Connector-specific storage policies

process_user

string

Local POSIX user the GridFTP server should run as when accessing this storage gateway. [Private]

require_high_assurance (deprecated)

boolean

Alias for high_assurance

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only usable on high assurance storage gateways.

restrict_paths

null or PathRestrictions

Path restrictions within this storage gateway. Paths are interpreted as absolute paths in the file namespace of the connector. [Private]

users_allow

array of string

List of connector-specific usernames allowed to access this storage gateway. [Private]

users_deny

array of string

List of connector-specific usernames denied access to this storage gateway. [Private]

 
{
  "DATA_TYPE": "storage_gateway#1.2.0",
  "admin_managed_credentials": false,
  "allowed_domains": [
    "string"
  ],
  "authentication_assurance_timeout": 1,
  "authentication_timeout_mins": 1,
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "deleted": true,
  "display_name": "string",
  "high_assurance": true,
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_mappings": [
    {
      "DATA_TYPE": "external_identity_mapping#1.0.0",
      "command": [
        "string"
      ]
    }
  ],
  "load_dsi_module": "string",
  "policies": {
    "DATA_TYPE": "s3_storage_policies#1.0.0",
    "s3_buckets": [
      "string"
    ],
    "s3_endpoint": "https://s3.amazonaws.com",
    "s3_user_credential_required": true
  },
  "process_user": "string",
  "require_high_assurance": true,
  "require_mfa": false,
  "restrict_paths": {},
  "users_allow": [
    "string"
  ],
  "users_deny": [
    "string"
  ]
}