Globus Connect Server User Credentials S3 Create

Name

globus-connect-server user-credentials s3-create - Create S3 user credential

Synopsis

globus-connect-server user-credentials s3-create STORAGE_GATEWAY_ID [OPTIONS]…​

Description

The globus-connect-server user-credentials s3-create command creates a credential to use to access data on collections created on the S3 storage gateway indicated by the STORAGE_GATEWAY_ID argument.

By default, users can only create credentials for their own account mappings. However, if the admin_managed_credentials property is set to true on a storage gateway, then endpoint administrators may create credentials on behalf of other users.

This command has a single required parameter, --globus-identity, which can be used to specify either the value of the username or id properties of an identity document.

By default, this command assumes that an identity mapping exists which maps the requested globus identity to its username. For example, the identity in the given identity document maps to the username field user@example.org:

{
  "email": "user@example.org",
  "id": "ac63b982-d7c3-4b09-abe7-63766ff8f534",
  "identity_provider": "c523cb22-3f79-4964-91c0-9b4a13ff6b9f",
  "identity_type": "login",
  "name": "Joe User",
  "organization": "Example",
  "status": "used",
  "username": "user@example.org"
}

To override this, use the --mapped-user command-line option. Note that the credential can only be created if the identity mapping is valid for that storage gateway and the caller has permissions to create the credential.

Values for the default S3 access key and default S3 secret key can be provided on the command-line by using the --s3-access-key-id and --s3-secret-key command-line options. If the values are omitted, the command will prompt for the values.

Options

-h, --help

Show help message and exit.

--version

Show the version and exit.

--globus-identity [UUID|USERNAME]

Globus identity id or username id with which to associate the user credential.

--mapped-user USERNAME

GCSv5 mapped identity username. If not provided, defaults to the Globus identity username.

--s3-access-key-id KEY_ID

Default S3 Access Key ID. If not provided, this command will prompt for it.

--s3-secret-key SECRET_KEY

Default S3 secret key. If not provided, this command will prompt for it.

--s3-requester-pays (new in 5.4.59)

Allow using this credential to access S3 Requester Pays buckets. The AWS account owning these credentials will be charged for S3 operations.

--replace-existing

Replace a user credential that already exists. If not provided, existing credentials will not be updated.

--use-explicit-host IP_ADDRESS

IP address of the GCS node to use for this request. If not specified, any available GCS node in the endpoint will be used.

Example

This example creates the credentials using the prompt mode. This will prompt twice, with S3 access key id: and S3 secret key: and then output the created credential’s id.

globus-connect-server user-credentials s3-create --globus-identity user@example.org
S3 access key id: ASIEENGI3AARAIP2IENEEMUE7ECA
S3 secret key: ohCheul8the7Ahmochohbe9Kthu6Gue9
Created credential 9bb3d1d1-f506-41f1-b161-41c372b7da19 for user@example.org