Globus Connect Server Collection Check

Name

globus-connect-server collection check - Check collections for consistency

Synopsis

globus-connect-server collection check [OPTIONS]…​ [COLLECTION_ID]

Description

The globus-connect-server collection check command checks a collection or filtered list of all collections on an endpoint for consistency. This command detects a number of errors related to deleted or misconfigured resources. If multiple errors are detected, then they are grouped by error type.

The following sections describe the types of errors and the approach to resolving the error.

Error Conditions Detected

Deleted Storage Gateway 

Collection <UUID> is no longer valid. It was created using a storage gateway
<UUID> which has been deleted.

The collection cannot be repaired. It should be deleted with the globus-connect-server collection delete command.

Deleted Mapped Collection 

Collection <UUID> is no longer valid. It is associated with the mapped
collection <UUID> which has been deleted.

The guest collection cannot be repaired. It should be deleted with the globus-connect-server collection delete command.

Invalid Guest Collection Credential 

Collection <UUID> is invalid. It is a guest collection but it is not
associated with a user credential.

The guest collection can be repaired by first repairing the user credential associated with it. This must be done by the owner of the collection, unless the storage gateway policy supports admin-managed credentials.

Deleted Guest Collection Credential 

Collection <UUID> is not currently valid. It is associated with a user
credential which has been deleted. The collection owner must register
a new credential to allow this collection to be used again.

The guest collection can be repaired by first repairing the user credential associated with it. This must be done by the owner of the collection, unless the storage gateway policy supports admin-managed credentials.

Owner Identity not from an Allowed Domain 

Collection <UUID> is not currently valid. The Globus username <USERNAME>
associated with the collection's credential is not from a domain in the
allowed_domains set (<DOMAINS>) of the collection's storage gateway.

The guest collection can be repaired by modifying the allowed domains of the storage gateway used to create the collection to include the domain of the <USERNAME> in the error message.

Invalid user 

Collection <UUID> is not currently valid. The local username "<USERNAME>"
associated with the collection's credential no longer exists.

The connector-specific username which the identity used to create the guest collection maps to no longer exists. This usually means the local user has been deleted. If this is intentional, then the collection can not be repaired and should be deleted with the globus-connect-server collection delete command. If not, perform the site-specific task to recreate the user on that system.

Disallowed user 

Collection <UUID> is not currently valid. The local username
"<USERNAME>" associated with the collection's credential is
not allowed by the storage gateway policies.

The connector-specific username which the identity used to create the guest collection maps to exists, but is disallowed because of some policy on the storage gateway associated with that collection. This is typically caused by one of the following:

  • A user_allow policy not including that user name.

  • A user_deny policy including that user name.

  • A group_allow policy not including any group that user belongs to.

  • A group_deny policy including a group that user belongs to.

If this is intentional, then the collection can not be repaired and should be deleted with the globus-connect-server collection delete command. If not, modify the storage gateway policies to allow that user to access the resource.

Invalid Mapping 

Collection <UUID> is invalid. No mapping exists from the identity
<GLOBUS-IDENTITY-UUID> <GLOBUS-IDENTITY-USERNAME> to the account "<USERNAME>"
used to create the collection.

The storage gateway’s identity mapping does not map the identity of the collection owner to the connector-specific username associated with the credential used with the collection. This could be because the mapping changed. If the new mapping is correct, delete the collection with the globus-connect-server collection delete command. If not, check the mapping configuration on the storage gateway and update it to include an entry for this identity and local username.

Filters

By default, this command displays a list of collections with configuration problems, grouped by the type of problem.

You can filter the list of collections that are checked and displayed in two different ways. You can filter guest collections by the ID of the mapped collection that they are sharing data from by using the --mapped-collection-id COLLECTION_ID parameter. You can also use the --filter FILTER_LIST parameter to apply one or more of the following filters to the results:

mapped-collections

Only include collections which have the collection_type property set to "mapped".

guest-collections

Only include collections which have the collection_type property set to "guest".

managed-by-me

Only include collections where at least on of the caller’s identities have a role association for the collection.

created-by-me

Only include collections where at least one of the caller’s identities match the identity_id property of the collection.

last-access < YYYY-MM-DD
last-access <= YYYY-MM-DD
last-access = YYYY-MM-DD
last-access >= YYYY-MM-DD
last-access > YYYY-MM-DD

Only collections accessed before or after the given date.

created-at < YYYY-MM-DD
created-at <= YYYY-MM-DD
created-at = YYYY-MM-DD
created-at >= YYYY-MM-DD
created-at > YYYY-MM-DD

Only collections created before or after the given date.

Note
Multiple filters may be specified on the command-line, but certain combinations (such as filtering only mapped collections and only guest collections) will always yield an empty result.

Options

-h, --help

Show help message and exit.

--version

Show the version and exit.

-F, --format "text"|"json"|"list"

Output format for this command. If the format is json, then the collection document is displayed.

--mapped-collection-id UUID

Filter results to Guest Collections on a specific Mapped Collection. This is the ID of the Mapped Collection.

--storage-gateway-id UUID

Filter results to Collections on a specific Storage Gateway. This is the ID of the Storage Gateway.

--use-explicit-host IP_ADDRESS

IP address of the GCS node to use for this request. If not specified, any available GCS node in the endpoint will be used.

--filter "mapped-collections"
--filter "guest-collections"
--filter "managed-by-me"
--filter "created-by-me"
--filter "last-access < YYYY-MM-DD"
--filter "last-access ⇐ YYYY-MM-DD"
--filter "last-access = YYYY-MM-DD"
--filter "last-access >= YYYY-MM-DD"
--filter "last-access > YYYY-MM-DD"
--filter "created-at < YYYY-MM-DD"
--filter "created-at ⇐ YYYY-MM-DD"
--filter "created-at = YYYY-MM-DD"
--filter "created-at >= YYYY-MM-DD"
--filter "created-at > YYYY-MM-DD"

Filter output as described above. This may be passed multiple times to apply several filters to the reduce results.