Storage Gateways
Storage Gateways
The Storage Gateway API allows administrators to manage storage gateways, and also allows Globus users to determine what storage gateways they may use to create Guest Collections.
Each Storage Gateway contains information about the connector it interfaces with as well as policies that determine who may manage or access collections on the Storage Gateway as well as how that Storage Gateway interacts with the connector.
Operations which modify a storage gateway, or inspect private policies
require an administrator role.
Storage Gateways Overview
| Method | API Path | Description |
|---|---|---|
|
List storage gateways |
|
|
Create a storage gateway |
|
|
Get a storage gateway |
|
|
Delete a storage gateway |
|
|
Update a storage gateway |
|
|
Update a storage gateway |
Details
List storage gateways
GET /api/storage_gateways
List the storage gateways on an endpoint.
The include query parameter controls what additional information is
included in the Result document. This operation requires either the
endpoint to have the public property set to true, the caller to have a
role that allows viewing this Endpoint, the user to have an identity which
is allowed by the individual Storage Gateway policies, or an identity which
has an ACL for a collection created on this Storage Gateway.
Authorization
-
PublicAuthorizer
-
RoleAuthorizer:
-
endpoint:owner
-
endpoint:administrator
-
endpoint:activity_manager
-
endpoint:activity_monitor
-
collection:administrator:*
-
collection:activity_manager:*
-
collection:activity_monitor:*
-
collection:access_manager:*
-
-
StorageGatewayAuthorizer
-
*
-
Query Parameters
| Parameter | Type | Description |
|---|---|---|
page_size |
integer <int> |
Maximum page size for a paginated response |
marker |
string |
Pagination marker for a paginated response |
include |
array of string |
Responses
200 - List storage gateways response
This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
code |
string |
String response code |
data |
array of object StorageGateway |
|
detail |
any type |
|
has_next_page |
boolean |
Boolean flag indicating whether or not additional pages of response data may be requested by passing the marker to the same operation. |
http_response_code |
integer |
Numeric HTTP response code |
marker |
string |
Opaque marker that may be passed to this API call to fetch the next
page of results if the returned document has |
message |
string |
Message describing this result |
{
"code": "string",
"data": [
{
"DATA_TYPE": "storage_gateway#1.0.0",
"allowed_domains": [
"string"
],
"authentication_assurance_timeout": 1,
"authentication_timeout_mins": 1,
"connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
"deleted": true,
"display_name": "string",
"high_assurance": true,
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"identity_mappings": [
{
"DATA_TYPE": "external_identity_mapping#1.0.0",
"command": [
"string"
]
}
],
"load_dsi_module": "string",
"policies": {
"DATA_TYPE": "s3_storage_policies#1.0.0",
"s3_buckets": [
"string"
],
"s3_endpoint": "https://s3.amazonaws.com",
"s3_user_credential_required": true
},
"process_user": "string",
"require_high_assurance": true,
"restrict_paths": {},
"users_allow": [
"string"
],
"users_deny": [
"string"
]
}
],
"DATA_TYPE": "result#1.0.0",
"detail": null,
"has_next_page": false,
"http_response_code": 100,
"marker": "string",
"message": "string"
}Create a storage gateway
POST /api/storage_gateways
Create a storage gateway on an endpoint. On success, this operation returns a copy of the created storage gateway with the system generated id added.
Request body
A storage gateway provides the access policies for the endpoint’s connected storage systems. It is a named interface by which authorized users can create and manage collections on the connected storage system. A single storage system may be associated with multiple storage gateways, each with its own policies.
Storage gateway policies describe what type connector the storage gateway uses, the paths it allows access to, the login requirements are for the storage gateway, and the algorithm to map Globus identities to the user namespace of the storage gateway (e.g. local accounts).
Version 1.1.0 includes support for multi-factor authentication requirements for high assurance storage gateways.
Version 1.2.0 includes support for admin managed credentials.
One of the following schemas:
Example
{
"DATA_TYPE": "storage_gateway#1.0.0",
"allowed_domains": [
"string"
],
"authentication_assurance_timeout": 1,
"authentication_timeout_mins": 1,
"connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
"deleted": true,
"display_name": "string",
"high_assurance": true,
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"identity_mappings": [
{
"DATA_TYPE": "external_identity_mapping#1.0.0",
"command": [
"string"
]
}
],
"load_dsi_module": "string",
"policies": {
"DATA_TYPE": "s3_storage_policies#1.0.0",
"s3_buckets": [
"string"
],
"s3_endpoint": "https://s3.amazonaws.com",
"s3_user_credential_required": true
},
"process_user": "string",
"require_high_assurance": true,
"restrict_paths": {},
"users_allow": [
"string"
],
"users_deny": [
"string"
]
}Responses
201 - Post storage gateways response
This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
code |
string |
String response code |
data |
array of object StorageGateway |
|
detail |
any type |
|
has_next_page |
boolean |
Boolean flag indicating whether or not additional pages of response data may be requested by passing the marker to the same operation. |
http_response_code |
integer |
Numeric HTTP response code |
marker |
string |
Opaque marker that may be passed to this API call to fetch the next
page of results if the returned document has |
message |
string |
Message describing this result |
{
"code": "string",
"data": [
{
"DATA_TYPE": "storage_gateway#1.0.0",
"allowed_domains": [
"string"
],
"authentication_assurance_timeout": 1,
"authentication_timeout_mins": 1,
"connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
"deleted": true,
"display_name": "string",
"high_assurance": true,
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"identity_mappings": [
{
"DATA_TYPE": "external_identity_mapping#1.0.0",
"command": [
"string"
]
}
],
"load_dsi_module": "string",
"policies": {
"DATA_TYPE": "s3_storage_policies#1.0.0",
"s3_buckets": [
"string"
],
"s3_endpoint": "https://s3.amazonaws.com",
"s3_user_credential_required": true
},
"process_user": "string",
"require_high_assurance": true,
"restrict_paths": {},
"users_allow": [
"string"
],
"users_deny": [
"string"
]
}
],
"DATA_TYPE": "result#1.0.0",
"detail": null,
"has_next_page": false,
"http_response_code": 100,
"marker": "string",
"message": "string"
}403 - Permission denied
This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
code |
string |
String response code |
data |
array of object |
|
detail |
string or MissingRequiredRole |
|
has_next_page |
boolean |
Boolean flag indicating whether or not additional pages of response data may be requested by passing the marker to the same operation. |
http_response_code |
integer |
Numeric HTTP response code |
marker |
string |
Opaque marker that may be passed to this API call to fetch the next
page of results if the returned document has |
message |
string |
Message describing this result |
{
"code": "string",
"http_response_code": 100,
"detail": null,
"DATA_TYPE": "result#1.0.0",
"data": [
{}
],
"has_next_page": false,
"marker": "string",
"message": "string"
}Details
Get a storage gateway
GET /api/storage_gateways/{storage_gateway_id}
Get a storage gateway’s definition.
The include query parameter controls what additional information is
included in the Result document. This operation requires either the
endpoint to have the public property set to true, the caller to have a
role that allows viewing this Endpoint, the user to have an identity which
is allowed by the individual storage gateway policies, or an identity which
has an ACL for a collection created on this storage gateway.
Authorization
-
PublicAuthorizer
-
RoleAuthorizer:
-
endpoint:owner
-
endpoint:administrator
-
endpoint:activity_manager
-
endpoint:activity_monitor
-
collection:administrator:*
-
collection:activity_manager:*
-
collection:activity_monitor:*
-
collection:access_manager:*
-
-
StorageGatewayAuthorizer
-
*
-
Responses
200 - Get storage gateways response
This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
code |
string |
String response code |
data |
array of object StorageGateway |
|
detail |
any type |
|
has_next_page |
boolean |
Boolean flag indicating whether or not additional pages of response data may be requested by passing the marker to the same operation. |
http_response_code |
integer |
Numeric HTTP response code |
marker |
string |
Opaque marker that may be passed to this API call to fetch the next
page of results if the returned document has |
message |
string |
Message describing this result |
{
"code": "string",
"data": [
{
"DATA_TYPE": "storage_gateway#1.0.0",
"allowed_domains": [
"string"
],
"authentication_assurance_timeout": 1,
"authentication_timeout_mins": 1,
"connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
"deleted": true,
"display_name": "string",
"high_assurance": true,
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"identity_mappings": [
{
"DATA_TYPE": "external_identity_mapping#1.0.0",
"command": [
"string"
]
}
],
"load_dsi_module": "string",
"policies": {
"DATA_TYPE": "s3_storage_policies#1.0.0",
"s3_buckets": [
"string"
],
"s3_endpoint": "https://s3.amazonaws.com",
"s3_user_credential_required": true
},
"process_user": "string",
"require_high_assurance": true,
"restrict_paths": {},
"users_allow": [
"string"
],
"users_deny": [
"string"
]
}
],
"DATA_TYPE": "result#1.0.0",
"detail": null,
"has_next_page": false,
"http_response_code": 100,
"marker": "string",
"message": "string"
}Delete a storage gateway
DELETE /api/storage_gateways/{storage_gateway_id}
Delete a storage gateway.
Responses
200 - Get storage gateways response
This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
code |
string |
String response code |
data |
array of object |
|
detail |
any type |
|
has_next_page |
boolean |
Boolean flag indicating whether or not additional pages of response data may be requested by passing the marker to the same operation. |
http_response_code |
integer |
Numeric HTTP response code |
marker |
string |
Opaque marker that may be passed to this API call to fetch the next
page of results if the returned document has |
message |
string |
Message describing this result |
{
"DATA_TYPE": "result#1.0.0",
"code": "string",
"data": [
{}
],
"detail": null,
"has_next_page": false,
"http_response_code": 100,
"marker": "string",
"message": "string"
}403 - Permission denied
This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
code |
string |
String response code |
data |
array of object |
|
detail |
string or MissingRequiredRole |
|
has_next_page |
boolean |
Boolean flag indicating whether or not additional pages of response data may be requested by passing the marker to the same operation. |
http_response_code |
integer |
Numeric HTTP response code |
marker |
string |
Opaque marker that may be passed to this API call to fetch the next
page of results if the returned document has |
message |
string |
Message describing this result |
{
"code": "string",
"http_response_code": 100,
"detail": null,
"DATA_TYPE": "result#1.0.0",
"data": [
{}
],
"has_next_page": false,
"marker": "string",
"message": "string"
}Update a storage gateway
PATCH /api/storage_gateways/{storage_gateway_id}
Update a storage gateway, change only the properties included in the input document. It returns a document containing the storage gateway after the changes have been applied. Items explicitly set to null in the input are removed from the storage gateway.
Some properties are immutable, in general, the id, connector_id, and
high_assurance properties cannot be changed, though storage
gateways may enforce additional restrictions.
This operation may return a Conflict error if any collections exist which would be not be consistent with the change in Storage Gateway policies.
Request body
A storage gateway provides the access policies for the endpoint’s connected storage systems. It is a named interface by which authorized users can create and manage collections on the connected storage system. A single storage system may be associated with multiple storage gateways, each with its own policies.
Storage gateway policies describe what type connector the storage gateway uses, the paths it allows access to, the login requirements are for the storage gateway, and the algorithm to map Globus identities to the user namespace of the storage gateway (e.g. local accounts).
Version 1.1.0 includes support for multi-factor authentication requirements for high assurance storage gateways.
Version 1.2.0 includes support for admin managed credentials.
One of the following schemas:
Example
{
"DATA_TYPE": "storage_gateway#1.0.0",
"allowed_domains": [
"string"
],
"authentication_assurance_timeout": 1,
"authentication_timeout_mins": 1,
"connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
"deleted": true,
"display_name": "string",
"high_assurance": true,
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"identity_mappings": [
{
"DATA_TYPE": "external_identity_mapping#1.0.0",
"command": [
"string"
]
}
],
"load_dsi_module": "string",
"policies": {
"DATA_TYPE": "s3_storage_policies#1.0.0",
"s3_buckets": [
"string"
],
"s3_endpoint": "https://s3.amazonaws.com",
"s3_user_credential_required": true
},
"process_user": "string",
"require_high_assurance": true,
"restrict_paths": {},
"users_allow": [
"string"
],
"users_deny": [
"string"
]
}Responses
200 - Update storage gateway response
This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
code |
string |
String response code |
data |
array of object StorageGateway |
|
detail |
any type |
|
has_next_page |
boolean |
Boolean flag indicating whether or not additional pages of response data may be requested by passing the marker to the same operation. |
http_response_code |
integer |
Numeric HTTP response code |
marker |
string |
Opaque marker that may be passed to this API call to fetch the next
page of results if the returned document has |
message |
string |
Message describing this result |
{
"code": "string",
"data": [
{
"DATA_TYPE": "storage_gateway#1.0.0",
"allowed_domains": [
"string"
],
"authentication_assurance_timeout": 1,
"authentication_timeout_mins": 1,
"connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
"deleted": true,
"display_name": "string",
"high_assurance": true,
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"identity_mappings": [
{
"DATA_TYPE": "external_identity_mapping#1.0.0",
"command": [
"string"
]
}
],
"load_dsi_module": "string",
"policies": {
"DATA_TYPE": "s3_storage_policies#1.0.0",
"s3_buckets": [
"string"
],
"s3_endpoint": "https://s3.amazonaws.com",
"s3_user_credential_required": true
},
"process_user": "string",
"require_high_assurance": true,
"restrict_paths": {},
"users_allow": [
"string"
],
"users_deny": [
"string"
]
}
],
"DATA_TYPE": "result#1.0.0",
"detail": null,
"has_next_page": false,
"http_response_code": 100,
"marker": "string",
"message": "string"
}403 - Permission denied
This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
code |
string |
String response code |
data |
array of object |
|
detail |
string or MissingRequiredRole |
|
has_next_page |
boolean |
Boolean flag indicating whether or not additional pages of response data may be requested by passing the marker to the same operation. |
http_response_code |
integer |
Numeric HTTP response code |
marker |
string |
Opaque marker that may be passed to this API call to fetch the next
page of results if the returned document has |
message |
string |
Message describing this result |
{
"code": "string",
"http_response_code": 100,
"detail": null,
"DATA_TYPE": "result#1.0.0",
"data": [
{}
],
"has_next_page": false,
"marker": "string",
"message": "string"
}Update a storage gateway
PUT /api/storage_gateways/{storage_gateway_id}
Update a storage gateway, completely replacing its definition with the new document. It returns a document containing the storage gateway after the update has been applied.
This operation may return a Conflict error if any collections exist which would be not be consistent with the change in Storage Gateway policies.
The high_assurance property cannot be changed.
Request body
A storage gateway provides the access policies for the endpoint’s connected storage systems. It is a named interface by which authorized users can create and manage collections on the connected storage system. A single storage system may be associated with multiple storage gateways, each with its own policies.
Storage gateway policies describe what type connector the storage gateway uses, the paths it allows access to, the login requirements are for the storage gateway, and the algorithm to map Globus identities to the user namespace of the storage gateway (e.g. local accounts).
Version 1.1.0 includes support for multi-factor authentication requirements for high assurance storage gateways.
Version 1.2.0 includes support for admin managed credentials.
One of the following schemas:
Example
{
"DATA_TYPE": "storage_gateway#1.0.0",
"allowed_domains": [
"string"
],
"authentication_assurance_timeout": 1,
"authentication_timeout_mins": 1,
"connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
"deleted": true,
"display_name": "string",
"high_assurance": true,
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"identity_mappings": [
{
"DATA_TYPE": "external_identity_mapping#1.0.0",
"command": [
"string"
]
}
],
"load_dsi_module": "string",
"policies": {
"DATA_TYPE": "s3_storage_policies#1.0.0",
"s3_buckets": [
"string"
],
"s3_endpoint": "https://s3.amazonaws.com",
"s3_user_credential_required": true
},
"process_user": "string",
"require_high_assurance": true,
"restrict_paths": {},
"users_allow": [
"string"
],
"users_deny": [
"string"
]
}Responses
200 - Update storage gateway response
This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
code |
string |
String response code |
data |
array of object StorageGateway |
|
detail |
any type |
|
has_next_page |
boolean |
Boolean flag indicating whether or not additional pages of response data may be requested by passing the marker to the same operation. |
http_response_code |
integer |
Numeric HTTP response code |
marker |
string |
Opaque marker that may be passed to this API call to fetch the next
page of results if the returned document has |
message |
string |
Message describing this result |
{
"code": "string",
"data": [
{
"DATA_TYPE": "storage_gateway#1.0.0",
"allowed_domains": [
"string"
],
"authentication_assurance_timeout": 1,
"authentication_timeout_mins": 1,
"connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
"deleted": true,
"display_name": "string",
"high_assurance": true,
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"identity_mappings": [
{
"DATA_TYPE": "external_identity_mapping#1.0.0",
"command": [
"string"
]
}
],
"load_dsi_module": "string",
"policies": {
"DATA_TYPE": "s3_storage_policies#1.0.0",
"s3_buckets": [
"string"
],
"s3_endpoint": "https://s3.amazonaws.com",
"s3_user_credential_required": true
},
"process_user": "string",
"require_high_assurance": true,
"restrict_paths": {},
"users_allow": [
"string"
],
"users_deny": [
"string"
]
}
],
"DATA_TYPE": "result#1.0.0",
"detail": null,
"has_next_page": false,
"http_response_code": 100,
"marker": "string",
"message": "string"
}403 - Permission denied
This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
code |
string |
String response code |
data |
array of object |
|
detail |
string or MissingRequiredRole |
|
has_next_page |
boolean |
Boolean flag indicating whether or not additional pages of response data may be requested by passing the marker to the same operation. |
http_response_code |
integer |
Numeric HTTP response code |
marker |
string |
Opaque marker that may be passed to this API call to fetch the next
page of results if the returned document has |
message |
string |
Message describing this result |
{
"code": "string",
"http_response_code": 100,
"detail": null,
"DATA_TYPE": "result#1.0.0",
"data": [
{}
],
"has_next_page": false,
"marker": "string",
"message": "string"
}