Storage Gateways
Storage Gateways
The Storage Gateway API allows administrators to manage storage gateways.
Each Storage Gateway contains information about the connector it interfaces with as well as policies that determine who may manage or access collections on the Storage Gateway as well as how that Storage Gateway interacts with the connector.
Operations which modify a storage gateway, or inspect private policies
require an administrator role.
Storage Gateways Overview
| Method | API Path | Description |
|---|---|---|
|
List storage gateways |
|
|
Create a storage gateway |
|
|
Get a storage gateway |
|
|
Delete a storage gateway |
|
|
Update a storage gateway |
|
|
Update a storage gateway |
Details
List storage gateways
GET /api/storage_gateways
List the storage gateways on an endpoint.
The include query parameter controls what additional information is
included in the Result document. This operation requires either the
endpoint to have the public property set to true, the caller to have a
role that allows viewing this Endpoint, the user to have an identity which
is allowed by the individual Storage Gateway policies, or an identity which
has a permission for a collection created on this Storage Gateway.
Authorization
-
PublicAuthorizer
-
RoleAuthorizer:
-
endpoint:owner
-
endpoint:administrator
-
endpoint:activity_manager
-
endpoint:activity_monitor
-
collection:administrator:*
-
collection:activity_manager:*
-
collection:activity_monitor:*
-
collection:access_manager:*
-
-
StorageGatewayAuthorizer
-
*
-
Query Parameters
| Parameter | Type | Description |
|---|---|---|
page_size |
integer <int> |
Maximum page size for a paginated response |
marker |
string |
Pagination marker for a paginated response |
include |
array of string |
Responses
200 - List storage gateways response
This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.
Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors
One of the following schemas:
{
"code": "string",
"data": [
{
"DATA_TYPE": "storage_gateway#1.0.0",
"allowed_domains": [
"string"
],
"authentication_assurance_timeout": 1,
"authentication_timeout_mins": 1,
"connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
"deleted": true,
"display_name": "string",
"high_assurance": true,
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"identity_mappings": [
{
"DATA_TYPE": "external_identity_mapping#1.0.0",
"command": [
"string"
]
}
],
"load_dsi_module": "string",
"policies": {
"DATA_TYPE": "s3_storage_policies#1.0.0",
"s3_buckets": [
"string"
],
"s3_endpoint": "https://s3.amazonaws.com",
"s3_user_credential_required": true
},
"process_user": "string",
"require_high_assurance": true,
"restrict_paths": {},
"users_allow": [
"string"
],
"users_deny": [
"string"
]
}
],
"DATA_TYPE": "result#1.0.0",
"detail": null,
"has_next_page": false,
"http_response_code": 100,
"marker": "string",
"message": "string"
}Create a storage gateway
POST /api/storage_gateways
Create a storage gateway on an endpoint. On success, this operation returns a copy of the created storage gateway with the system generated id added.
Request body
A storage gateway provides the access policies for the endpoint’s connected storage systems. It is a named interface by which authorized users can create and manage collections on the connected storage system. A single storage system may be associated with multiple storage gateways, each with its own policies.
Storage gateway policies describe what type connector the storage gateway uses, the paths it allows access to, the login requirements are for the storage gateway, and the algorithm to map Globus identities to the user namespace of the storage gateway (e.g. local accounts).
Version 1.1.0 includes support for multi-factor authentication requirements for high assurance storage gateways.
Version 1.2.0 includes support for admin managed credentials.
Version 1.3.0 includes support for overriding the endpoint’s network use parameters on a storage gateway.
One of the following schemas:
Example
{
"DATA_TYPE": "storage_gateway#1.0.0",
"allowed_domains": [
"string"
],
"authentication_assurance_timeout": 1,
"authentication_timeout_mins": 1,
"connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
"deleted": true,
"display_name": "string",
"high_assurance": true,
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"identity_mappings": [
{
"DATA_TYPE": "external_identity_mapping#1.0.0",
"command": [
"string"
]
}
],
"load_dsi_module": "string",
"policies": {
"DATA_TYPE": "s3_storage_policies#1.0.0",
"s3_buckets": [
"string"
],
"s3_endpoint": "https://s3.amazonaws.com",
"s3_user_credential_required": true
},
"process_user": "string",
"require_high_assurance": true,
"restrict_paths": {},
"users_allow": [
"string"
],
"users_deny": [
"string"
]
}Responses
201 - Post storage gateways response
This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.
Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors
One of the following schemas:
{
"code": "string",
"data": [
{
"DATA_TYPE": "storage_gateway#1.0.0",
"allowed_domains": [
"string"
],
"authentication_assurance_timeout": 1,
"authentication_timeout_mins": 1,
"connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
"deleted": true,
"display_name": "string",
"high_assurance": true,
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"identity_mappings": [
{
"DATA_TYPE": "external_identity_mapping#1.0.0",
"command": [
"string"
]
}
],
"load_dsi_module": "string",
"policies": {
"DATA_TYPE": "s3_storage_policies#1.0.0",
"s3_buckets": [
"string"
],
"s3_endpoint": "https://s3.amazonaws.com",
"s3_user_credential_required": true
},
"process_user": "string",
"require_high_assurance": true,
"restrict_paths": {},
"users_allow": [
"string"
],
"users_deny": [
"string"
]
}
],
"DATA_TYPE": "result#1.0.0",
"detail": null,
"has_next_page": false,
"http_response_code": 100,
"marker": "string",
"message": "string"
}403 - Permission denied
This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.
Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors
One of the following schemas:
{
"code": "string",
"http_response_code": 100,
"detail": null,
"DATA_TYPE": "result#1.0.0",
"data": [
{}
],
"has_next_page": false,
"marker": "string",
"message": "string"
}Details
Get a storage gateway
GET /api/storage_gateways/{storage_gateway_id}
Get a storage gateway’s definition.
The include query parameter controls what additional information is
included in the Result document. This operation requires either the
endpoint to have the public property set to true, the caller to have a
role that allows viewing this Endpoint, the user to have an identity which
is allowed by the individual storage gateway policies, or an identity which
has a permission for a collection created on this storage gateway.
Authorization
-
PublicAuthorizer
-
RoleAuthorizer:
-
endpoint:owner
-
endpoint:administrator
-
endpoint:activity_manager
-
endpoint:activity_monitor
-
collection:administrator:*
-
collection:activity_manager:*
-
collection:activity_monitor:*
-
collection:access_manager:*
-
-
StorageGatewayAuthorizer
-
*
-
Responses
200 - Get storage gateways response
This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.
Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors
One of the following schemas:
{
"code": "string",
"data": [
{
"DATA_TYPE": "storage_gateway#1.0.0",
"allowed_domains": [
"string"
],
"authentication_assurance_timeout": 1,
"authentication_timeout_mins": 1,
"connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
"deleted": true,
"display_name": "string",
"high_assurance": true,
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"identity_mappings": [
{
"DATA_TYPE": "external_identity_mapping#1.0.0",
"command": [
"string"
]
}
],
"load_dsi_module": "string",
"policies": {
"DATA_TYPE": "s3_storage_policies#1.0.0",
"s3_buckets": [
"string"
],
"s3_endpoint": "https://s3.amazonaws.com",
"s3_user_credential_required": true
},
"process_user": "string",
"require_high_assurance": true,
"restrict_paths": {},
"users_allow": [
"string"
],
"users_deny": [
"string"
]
}
],
"DATA_TYPE": "result#1.0.0",
"detail": null,
"has_next_page": false,
"http_response_code": 100,
"marker": "string",
"message": "string"
}Delete a storage gateway
DELETE /api/storage_gateways/{storage_gateway_id}
Delete a storage gateway.
Responses
200 - Get storage gateways response
This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.
Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors
One of the following schemas:
{
"DATA_TYPE": "result#1.0.0",
"code": "string",
"data": [
{}
],
"detail": null,
"has_next_page": false,
"http_response_code": 100,
"marker": "string",
"message": "string"
}403 - Permission denied
This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.
Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors
One of the following schemas:
{
"code": "string",
"http_response_code": 100,
"detail": null,
"DATA_TYPE": "result#1.0.0",
"data": [
{}
],
"has_next_page": false,
"marker": "string",
"message": "string"
}Update a storage gateway
PATCH /api/storage_gateways/{storage_gateway_id}
Update a storage gateway, change only the properties included in the input document. It returns a document containing the storage gateway after the changes have been applied. Items explicitly set to null in the input are removed from the storage gateway.
Some properties are immutable, in general, the id, connector_id, and
high_assurance properties cannot be changed, though storage
gateways may enforce additional restrictions.
This operation may return a Conflict error if any collections exist which would be not be consistent with the change in Storage Gateway policies.
Request body
A storage gateway provides the access policies for the endpoint’s connected storage systems. It is a named interface by which authorized users can create and manage collections on the connected storage system. A single storage system may be associated with multiple storage gateways, each with its own policies.
Storage gateway policies describe what type connector the storage gateway uses, the paths it allows access to, the login requirements are for the storage gateway, and the algorithm to map Globus identities to the user namespace of the storage gateway (e.g. local accounts).
Version 1.1.0 includes support for multi-factor authentication requirements for high assurance storage gateways.
Version 1.2.0 includes support for admin managed credentials.
Version 1.3.0 includes support for overriding the endpoint’s network use parameters on a storage gateway.
One of the following schemas:
Example
{
"DATA_TYPE": "storage_gateway#1.0.0",
"allowed_domains": [
"string"
],
"authentication_assurance_timeout": 1,
"authentication_timeout_mins": 1,
"connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
"deleted": true,
"display_name": "string",
"high_assurance": true,
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"identity_mappings": [
{
"DATA_TYPE": "external_identity_mapping#1.0.0",
"command": [
"string"
]
}
],
"load_dsi_module": "string",
"policies": {
"DATA_TYPE": "s3_storage_policies#1.0.0",
"s3_buckets": [
"string"
],
"s3_endpoint": "https://s3.amazonaws.com",
"s3_user_credential_required": true
},
"process_user": "string",
"require_high_assurance": true,
"restrict_paths": {},
"users_allow": [
"string"
],
"users_deny": [
"string"
]
}Responses
200 - Update storage gateway response
This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.
Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors
One of the following schemas:
{
"code": "string",
"data": [
{
"DATA_TYPE": "storage_gateway#1.0.0",
"allowed_domains": [
"string"
],
"authentication_assurance_timeout": 1,
"authentication_timeout_mins": 1,
"connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
"deleted": true,
"display_name": "string",
"high_assurance": true,
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"identity_mappings": [
{
"DATA_TYPE": "external_identity_mapping#1.0.0",
"command": [
"string"
]
}
],
"load_dsi_module": "string",
"policies": {
"DATA_TYPE": "s3_storage_policies#1.0.0",
"s3_buckets": [
"string"
],
"s3_endpoint": "https://s3.amazonaws.com",
"s3_user_credential_required": true
},
"process_user": "string",
"require_high_assurance": true,
"restrict_paths": {},
"users_allow": [
"string"
],
"users_deny": [
"string"
]
}
],
"DATA_TYPE": "result#1.0.0",
"detail": null,
"has_next_page": false,
"http_response_code": 100,
"marker": "string",
"message": "string"
}403 - Permission denied
This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.
Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors
One of the following schemas:
{
"code": "string",
"http_response_code": 100,
"detail": null,
"DATA_TYPE": "result#1.0.0",
"data": [
{}
],
"has_next_page": false,
"marker": "string",
"message": "string"
}Update a storage gateway
PUT /api/storage_gateways/{storage_gateway_id}
Update a storage gateway, completely replacing its definition with the new document. It returns a document containing the storage gateway after the update has been applied.
This operation may return a Conflict error if any collections exist which would be not be consistent with the change in Storage Gateway policies.
The high_assurance property cannot be changed.
Request body
A storage gateway provides the access policies for the endpoint’s connected storage systems. It is a named interface by which authorized users can create and manage collections on the connected storage system. A single storage system may be associated with multiple storage gateways, each with its own policies.
Storage gateway policies describe what type connector the storage gateway uses, the paths it allows access to, the login requirements are for the storage gateway, and the algorithm to map Globus identities to the user namespace of the storage gateway (e.g. local accounts).
Version 1.1.0 includes support for multi-factor authentication requirements for high assurance storage gateways.
Version 1.2.0 includes support for admin managed credentials.
Version 1.3.0 includes support for overriding the endpoint’s network use parameters on a storage gateway.
One of the following schemas:
Example
{
"DATA_TYPE": "storage_gateway#1.0.0",
"allowed_domains": [
"string"
],
"authentication_assurance_timeout": 1,
"authentication_timeout_mins": 1,
"connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
"deleted": true,
"display_name": "string",
"high_assurance": true,
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"identity_mappings": [
{
"DATA_TYPE": "external_identity_mapping#1.0.0",
"command": [
"string"
]
}
],
"load_dsi_module": "string",
"policies": {
"DATA_TYPE": "s3_storage_policies#1.0.0",
"s3_buckets": [
"string"
],
"s3_endpoint": "https://s3.amazonaws.com",
"s3_user_credential_required": true
},
"process_user": "string",
"require_high_assurance": true,
"restrict_paths": {},
"users_allow": [
"string"
],
"users_deny": [
"string"
]
}Responses
200 - Update storage gateway response
This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.
Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors
One of the following schemas:
{
"code": "string",
"data": [
{
"DATA_TYPE": "storage_gateway#1.0.0",
"allowed_domains": [
"string"
],
"authentication_assurance_timeout": 1,
"authentication_timeout_mins": 1,
"connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
"deleted": true,
"display_name": "string",
"high_assurance": true,
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"identity_mappings": [
{
"DATA_TYPE": "external_identity_mapping#1.0.0",
"command": [
"string"
]
}
],
"load_dsi_module": "string",
"policies": {
"DATA_TYPE": "s3_storage_policies#1.0.0",
"s3_buckets": [
"string"
],
"s3_endpoint": "https://s3.amazonaws.com",
"s3_user_credential_required": true
},
"process_user": "string",
"require_high_assurance": true,
"restrict_paths": {},
"users_allow": [
"string"
],
"users_deny": [
"string"
]
}
],
"DATA_TYPE": "result#1.0.0",
"detail": null,
"has_next_page": false,
"http_response_code": 100,
"marker": "string",
"message": "string"
}403 - Permission denied
This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.
Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors
One of the following schemas:
{
"code": "string",
"http_response_code": 100,
"detail": null,
"DATA_TYPE": "result#1.0.0",
"data": [
{}
],
"has_next_page": false,
"marker": "string",
"message": "string"
}