Schemas
Result Document
This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values. In some responses to GET requests, the has_next_page value will be set to true, and the marker value will be present. In those cases, repeat the original call, passing in the marker query parameter to retrieve the next page of response data.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document. |
http_response_code |
integer |
Numeric HTTP response code |
code |
string |
String response code |
detail |
Machine readable response details |
|
message |
string |
Message describing this result. |
data |
array (object) |
|
has_next_page |
boolean |
Boolean flag indicating whether or not additional pages of response data may be requested by passing the marker to the same operation. |
marker |
string |
Opaque marker that may be passed to this API call to
fetch the next page of results if the returned document
has |
{
"code": "bad_request",
"message": "Invalid input",
"DATA_TYPE": "result#1.0.0",
"has_next_page": false
}
PathRestrictions Document
This object represents the path restrictions for a storage gateway or a sharing path restrictions for a mapped collection.
The values of each of the path lists in this object are interpreted
using the POSIX pattern matching notation as described in
fnmatch(3)
with flags set to 0
with additional support for some
special user-specific
value interpolation:
~
$HOME
-
The user’s home directory if the storage gateway supports such a concept,
/
otherwise $USER
-
The effective Storage Gateway-specific username that is being used for data access. For a Guest Collection, this is the username of the identity that created the Guest Collection.
These restrictions are evaluated at every data access. When evaluating restrictions, the user-specific interpolation is applied before the file name matching is evaluated.
Globus Connect Server evaluates its path restrictions from
longest leading expression match to shortest. When pattern
matching characters are present, they are considered as a lower
priority match than a literal character, with more specific
pattern characters given precedence. The precedence is thus
literal character, bracket expression, ?
(single-character
wildcard), *
(wildcard).
If multiple path restrictions apply, all matches are applied from longest to shortest, with the following rules for overriding values:
longer restriction | shorter restriction | result |
---|---|---|
read_write |
read |
read_write |
read_write |
none |
read_write |
read |
read_write |
read_write |
read |
none |
read |
none |
read_write |
none |
none |
read |
none |
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document. |
read |
array (string) |
List of paths which are allowed read-only access. |
read_write |
array (string) |
List of paths which are allowed read-write access. |
none |
array (string) |
List of paths which are denied any access. |
{
"DATA_TYPE": "path_restrictions#1.0.0",
"read": [
"/public"
],
"read_write": [
"/home",
"/projects"
],
"none": [
"/private"
]
}
Info Document
This document contains information about the Globus Connect Server, including its software and supported API version number.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
manager_version |
string |
Globus Connect Server Manager Software version. |
api_version |
string |
Semantic version of the Globus Connect Server API. |
client_id |
string <uuid> |
Client ID which created the endpoint. |
endpoint_id |
string <uuid> |
Transfer endpoint ID managed by this GCS Manager. |
domain_name |
string <hostname> |
DNS Domain name for the GCS Manager service. |
{
"DATA_TYPE": "info#1.0.0",
"manager_version": "5.4.0",
"api_version": "1.0.0",
"client_id": "8668e52f-7e2b-4f84-a03d-945a5ad15e38",
"endpoint_id": "a0708a2f-6ccf-491f-a0a1-02db5f397cc3",
"domain_name": "123f2.data.globus.org"
}
Connector Document
Connector extension definition object
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
display_name |
string |
Friendly name for the connector. |
id |
string <uuid> |
UUID of this connector type. |
version |
string |
Semantic version of this connector implementation. |
{
"DATA_TYPE": "connector#1.0.0",
"display_name": "POSIX",
"id": "145812c8-decc-41f1-83cf-bb2a85a2a70b",
"version": "1.0.0"
}
Endpoint Document
A Globus Connect Server endpoint is a deployment of Globus Connect Server version 5. A single endpoint may optionally include multiple data transfer nodes. The endpoint provides a link between a Globus Connect Server deployment and the Globus Transfer service. The endpoint describes services for accessing data via GridFTP and HTTPS and also for configuring and managing the policies associated with that access.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
public |
boolean |
Flag indicating whether this endpoint is visible to all other Globus users. If false, only users which have been granted a role on the endpoint or one of its collections, or belong to a domain allowed access to any of its storage gateways may view it. |
id |
string <uuid> |
Unique identifier string for the endpoint. |
display_name |
string |
Friendly name for the endpoint, not unique. Unicode
string, no new lines ( |
gcs_manager_url |
string <uri> |
URL of the GCS Manager API service for this endpoint. |
subscription_id |
string anyOf {
<uuid>, |
The UUID of the subscription that is managing this endpoint.
This may be the special value |
network_use |
string |
Allowed values for network_use are:
|
max_concurrency |
integer |
Admin-specified value when the network_use
property’s value is |
preferred_concurrency |
integer |
Admin-specified value when the network_use
property’s value is |
max_parallelism |
integer |
Admin-specified value when the network_use
property’s value is |
preferred_parallelism |
integer |
Admin-specified value when the network_use
property’s value is |
organization |
string |
Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines. |
department |
string |
Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines. |
keywords |
array (string) |
List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings. |
description |
string |
A description of the endpoint. |
contact_email |
string <email> |
Email address of the support contact for the server(s) represented by the endpoint. |
contact_info |
string |
Other non-email contact information for the endpoint, e.g. phone and mailing address. |
info_link |
string <uri> |
Link to a web page with more information about the endpoint. The administrator is responsible for running a website at this URL and verifying that it is accepting public connections. |
allow_udt |
boolean |
Allow data transfer on this endpoint using the UDT protocol. |
{
"DATA_TYPE": "endpoint#1.0.0",
"public": true,
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"display_name": "string",
"gcs_manager_url": "https://gcs.data.globus.org/",
"subscription_id": "2d99530d-3b20-44cb-94d3-61d8f85cd896",
"network_use": "normal",
"max_concurrency": 1,
"preferred_concurrency": 1,
"max_parallelism": 1,
"preferred_parallelism": 1,
"organization": "string",
"department": "string",
"keywords": [
"string"
],
"description": "string",
"contact_email": "user@example.com",
"contact_info": "string",
"info_link": "http://example.com",
"allow_udt": false
}
Role Document
The "Role" document type represents the assignment of a role on an Endpoint or Collection to a Globus identity or group.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
id |
string <uuid> |
Unique id string for this role assignment. This is system generated and should not be included in create requests. |
collection |
string <uuid> |
Collection Id. This value is omitted when creating an endpoint role or when creating role definitions when creating collections. |
principal |
string |
Auth identity or group id URN. |
role |
string |
Role assigned to the principal. |
{
"DATA_TYPE": "role#1.0.0",
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"collection": "65986b24-c0b1-41fa-b21f-4a319273f511",
"principal": "string",
"role": "owner"
}
Node (v1.0.0) Properties Document
Name |
Type |
Description |
id |
string <uuid> |
Unique id string for this node. This is system generated and should not be included in create requests. |
ip_addresses |
array (string) |
IP addresses of the node. |
status |
string |
Current status of the Node. If a Node is marked inactive, it will be removed from the DNS entries for this endpoint and will return an error on any attempt to use the Manager API or attempt a Transfer using this node. |
incoming_port_range |
array (integer) |
Allowed port range for incoming TCP data connections. |
outgoing_port_range |
array (integer) |
Port range used as the source for outgoing TCP data connections. |
{
"id": "5a91ee5a-b28f-44b8-b0cb-2adbd5beee2c",
"ip_addresses": [
"192.168.44.2"
],
"status": "active",
"incoming_port_range": [
50000,
51000
],
"outgoing_port_range": [
50000,
51000
]
}
Node (v1.1.0) Properties Document
Name |
Type |
Description |
data_interface |
string One of { <ipv4>, <ipv6> } |
IP address for data transfers. |
{
"data_interface": "192.168.44.2"
}
Node 1.0.0 Document
Name |
Type |
Description |
id |
string <uuid> |
Unique id string for this node. This is system generated and should not be included in create requests. |
ip_addresses |
array (string) |
IP addresses of the node. |
status |
string |
Current status of the Node. If a Node is marked inactive, it will be removed from the DNS entries for this endpoint and will return an error on any attempt to use the Manager API or attempt a Transfer using this node. |
incoming_port_range |
array (integer) |
Allowed port range for incoming TCP data connections. |
outgoing_port_range |
array (integer) |
Port range used as the source for outgoing TCP data connections. |
DATA_TYPE |
string |
Type of this document |
{
"id": "5a91ee5a-b28f-44b8-b0cb-2adbd5beee2c",
"ip_addresses": [
"192.168.44.2"
],
"status": "active",
"incoming_port_range": [
50000,
51000
],
"outgoing_port_range": [
50000,
51000
],
"DATA_TYPE": "node#1.0.0"
}
Node 1.1.0 Document
Name |
Type |
Description |
id |
string <uuid> |
Unique id string for this node. This is system generated and should not be included in create requests. |
ip_addresses |
array (string) |
IP addresses of the node. |
status |
string |
Current status of the Node. If a Node is marked inactive, it will be removed from the DNS entries for this endpoint and will return an error on any attempt to use the Manager API or attempt a Transfer using this node. |
incoming_port_range |
array (integer) |
Allowed port range for incoming TCP data connections. |
outgoing_port_range |
array (integer) |
Port range used as the source for outgoing TCP data connections. |
data_interface |
string One of { <ipv4>, <ipv6> } |
IP address for data transfers. |
DATA_TYPE |
string |
Type of this document |
{
"id": "5a91ee5a-b28f-44b8-b0cb-2adbd5beee2c",
"ip_addresses": [
"192.168.44.2"
],
"status": "active",
"incoming_port_range": [
50000,
51000
],
"outgoing_port_range": [
50000,
51000
],
"data_interface": "192.168.44.2",
"DATA_TYPE": "node#1.1.0"
}
Node Document
Services for Globus Connect Server endpoints may be deployed on multiple different physical resources, referred to as Data Transfer Nodes. Each node may have one or more IP addresses, TCP incoming and outgoing port ranges, and a status value indicating whether it is configured to actively respond to requests or is in maintenance mode.
Name |
Type |
Description |
Node |
Node One of { Node 1.0.0 , Node 1.1.0 } |
Services for Globus Connect Server endpoints may be deployed on multiple different physical resources, referred to as Data Transfer Nodes. Each node may have one or more IP addresses, TCP incoming and outgoing port ranges, and a status value indicating whether it is configured to actively respond to requests or is in maintenance mode. |
{
"id": "5a91ee5a-b28f-44b8-b0cb-2adbd5beee2c",
"ip_addresses": [
"192.168.44.2"
],
"status": "active",
"incoming_port_range": [
50000,
51000
],
"outgoing_port_range": [
50000,
51000
],
"DATA_TYPE": "node#1.0.0"
}
StorageGateway (v1.0.0) Properties Document
Name |
Type |
Description |
id |
string <uuid> |
Unique id string for this Storage Gateway. |
display_name |
string |
Name of the Storage Gateway. |
connector_id |
string <uuid> |
Id of the connector type that this Storage Gateway interacts with. |
high_assurance |
boolean |
Flag indicating if the storage_gateway requires high assurance features. |
require_high_assurance (deprecated) |
boolean |
Alias for high_assurance. |
authentication_timeout_mins |
integer |
Timeout (in minutes) during which a user is required to have authenticated to access files or create user credentials on this Storage Gateway. For a high assurance Storage Gateway, this must be done within the current Globus Auth session, otherwise, the caller can perform the authentication with any application which uses Globus Auth. |
authentication_assurance_timeout (deprecated) |
integer |
Alias for authentication_timeout_mins. |
allowed_domains |
array (string) |
List of allowed domains. Users creating credentials or collections on this storage_gateway must have an identity in one of these domains. |
identity_mappings |
array ( IdentityMapping ) |
List of identity mappings to attempt to apply to user identities to determine what accounts are available for access.[Private] |
users_allow |
array (string) |
List of connector-specific usernames allowed to access this Storage Gateway.[Private] |
users_deny |
array (string) |
List of connector-specific usernames denied access to this Storage Gateway.[Private] |
restrict_paths |
One of { object PathRestrictions } |
Path restrictions within this Storage Gateway. paths are interpreted as absolute paths in the file namespace of the connector.[Private] |
process_user |
string |
Local POSIX user the GridFTP server should run as when accessing this Storage Gateway.[Private] |
load_dsi_module |
string |
NAme of the DSI module to load by the GridFTP server when accessing this Storage Gateway.[Private] |
policies |
One of { AzureBlobStoragePolicies , BlackPearlStoragePolicies , object BoxStoragePolicies , object CephStoragePolicies , GoogleDriveStoragePolicies , GoogleCloudStoragePolicies , HpssStoragePolicies , IrodsStoragePolicies , OneDriveStoragePolicies , PosixStoragePolicies , PosixStagingStoragePolicies , object S3StoragePolicies , object } |
Connector-specific storage policies. |
{
"id": "fc1f3ba0-1fa4-42b2-8bb3-53983774fa5f",
"display_name": "Posix Storage Gateway",
"connector_id": "145812c8-decc-41f1-83cf-bb2a85a2a70b",
"high_assurance": true,
"require_high_assurance": true,
"authentication_timeout_mins": 30,
"authentication_assurance_timeout": 30,
"allowed_domains": [
"example.com"
],
"identity_mappings": [
{
"DATA_TYPE": "external_identity_mapping#1.0.0",
"command": [
"/opt/globus/bin/python",
"/opt/globus/map-globus-identity-data"
]
}
],
"users_allow": [
"user1"
],
"users_deny": [
"user2"
],
"restrict_paths": {
"DATA_TYPE": "path_restrictions#1.0.0",
"read": [
"/public"
],
"read_write": [
"/home",
"/projects"
],
"none": [
"/private"
]
},
"process_user": "gcsweb",
"load_dsi_module": "google_drive",
"policies": {
"DATA_TYPE": "azure_blob_storage_policies#1.0.0",
"client_id": "string",
"secret": "string",
"tenant": "string",
"auth_type": "string",
"account": "string",
"adls": true,
"auth_callback": "https://example.globus.org/api/v1/authcallback"
}
}
StorageGateway (v1.1.0) Properties Document
Name |
Type |
Description |
require_mfa |
boolean |
Flag indicating if the storage_gateway requires multi- factor authentication. Only usable on high assurance storage gateways. |
{
"require_mfa": true
}
StorageGateway 1.0.0 Document
Name |
Type |
Description |
id |
string <uuid> |
Unique id string for this Storage Gateway. |
display_name |
string |
Name of the Storage Gateway. |
connector_id |
string <uuid> |
Id of the connector type that this Storage Gateway interacts with. |
high_assurance |
boolean |
Flag indicating if the storage_gateway requires high assurance features. |
require_high_assurance (deprecated) |
boolean |
Alias for high_assurance. |
authentication_timeout_mins |
integer |
Timeout (in minutes) during which a user is required to have authenticated to access files or create user credentials on this Storage Gateway. For a high assurance Storage Gateway, this must be done within the current Globus Auth session, otherwise, the caller can perform the authentication with any application which uses Globus Auth. |
authentication_assurance_timeout (deprecated) |
integer |
Alias for authentication_timeout_mins. |
allowed_domains |
array (string) |
List of allowed domains. Users creating credentials or collections on this storage_gateway must have an identity in one of these domains. |
identity_mappings |
array ( IdentityMapping ) |
List of identity mappings to attempt to apply to user identities to determine what accounts are available for access.[Private] |
users_allow |
array (string) |
List of connector-specific usernames allowed to access this Storage Gateway.[Private] |
users_deny |
array (string) |
List of connector-specific usernames denied access to this Storage Gateway.[Private] |
restrict_paths |
One of { object PathRestrictions } |
Path restrictions within this Storage Gateway. paths are interpreted as absolute paths in the file namespace of the connector.[Private] |
process_user |
string |
Local POSIX user the GridFTP server should run as when accessing this Storage Gateway.[Private] |
load_dsi_module |
string |
NAme of the DSI module to load by the GridFTP server when accessing this Storage Gateway.[Private] |
policies |
One of { AzureBlobStoragePolicies , BlackPearlStoragePolicies , object BoxStoragePolicies , object CephStoragePolicies , GoogleDriveStoragePolicies , GoogleCloudStoragePolicies , HpssStoragePolicies , IrodsStoragePolicies , OneDriveStoragePolicies , PosixStoragePolicies , PosixStagingStoragePolicies , object S3StoragePolicies , object } |
Connector-specific storage policies. |
DATA_TYPE |
string |
Type of this document |
{
"id": "fc1f3ba0-1fa4-42b2-8bb3-53983774fa5f",
"display_name": "Posix Storage Gateway",
"connector_id": "145812c8-decc-41f1-83cf-bb2a85a2a70b",
"high_assurance": true,
"require_high_assurance": true,
"authentication_timeout_mins": 30,
"authentication_assurance_timeout": 30,
"allowed_domains": [
"example.com"
],
"identity_mappings": [
{
"DATA_TYPE": "external_identity_mapping#1.0.0",
"command": [
"/opt/globus/bin/python",
"/opt/globus/map-globus-identity-data"
]
}
],
"users_allow": [
"user1"
],
"users_deny": [
"user2"
],
"restrict_paths": {
"DATA_TYPE": "path_restrictions#1.0.0",
"read": [
"/public"
],
"read_write": [
"/home",
"/projects"
],
"none": [
"/private"
]
},
"process_user": "gcsweb",
"load_dsi_module": "google_drive",
"policies": {
"DATA_TYPE": "azure_blob_storage_policies#1.0.0",
"client_id": "string",
"secret": "string",
"tenant": "string",
"auth_type": "string",
"account": "string",
"adls": true,
"auth_callback": "https://example.globus.org/api/v1/authcallback"
},
"DATA_TYPE": "storage_gateway#1.0.0"
}
StorageGateway 1.1.0 Document
Name |
Type |
Description |
id |
string <uuid> |
Unique id string for this Storage Gateway. |
display_name |
string |
Name of the Storage Gateway. |
connector_id |
string <uuid> |
Id of the connector type that this Storage Gateway interacts with. |
high_assurance |
boolean |
Flag indicating if the storage_gateway requires high assurance features. |
require_high_assurance (deprecated) |
boolean |
Alias for high_assurance. |
authentication_timeout_mins |
integer |
Timeout (in minutes) during which a user is required to have authenticated to access files or create user credentials on this Storage Gateway. For a high assurance Storage Gateway, this must be done within the current Globus Auth session, otherwise, the caller can perform the authentication with any application which uses Globus Auth. |
authentication_assurance_timeout (deprecated) |
integer |
Alias for authentication_timeout_mins. |
allowed_domains |
array (string) |
List of allowed domains. Users creating credentials or collections on this storage_gateway must have an identity in one of these domains. |
identity_mappings |
array ( IdentityMapping ) |
List of identity mappings to attempt to apply to user identities to determine what accounts are available for access.[Private] |
users_allow |
array (string) |
List of connector-specific usernames allowed to access this Storage Gateway.[Private] |
users_deny |
array (string) |
List of connector-specific usernames denied access to this Storage Gateway.[Private] |
restrict_paths |
One of { object PathRestrictions } |
Path restrictions within this Storage Gateway. paths are interpreted as absolute paths in the file namespace of the connector.[Private] |
process_user |
string |
Local POSIX user the GridFTP server should run as when accessing this Storage Gateway.[Private] |
load_dsi_module |
string |
NAme of the DSI module to load by the GridFTP server when accessing this Storage Gateway.[Private] |
policies |
One of { AzureBlobStoragePolicies , BlackPearlStoragePolicies , object BoxStoragePolicies , object CephStoragePolicies , GoogleDriveStoragePolicies , GoogleCloudStoragePolicies , HpssStoragePolicies , IrodsStoragePolicies , OneDriveStoragePolicies , PosixStoragePolicies , PosixStagingStoragePolicies , object S3StoragePolicies , object } |
Connector-specific storage policies. |
require_mfa |
boolean |
Flag indicating if the storage_gateway requires multi- factor authentication. Only usable on high assurance storage gateways. |
DATA_TYPE |
string |
Type of this document |
{
"id": "fc1f3ba0-1fa4-42b2-8bb3-53983774fa5f",
"display_name": "Posix Storage Gateway",
"connector_id": "145812c8-decc-41f1-83cf-bb2a85a2a70b",
"high_assurance": true,
"require_high_assurance": true,
"authentication_timeout_mins": 30,
"authentication_assurance_timeout": 30,
"allowed_domains": [
"example.com"
],
"identity_mappings": [
{
"DATA_TYPE": "external_identity_mapping#1.0.0",
"command": [
"/opt/globus/bin/python",
"/opt/globus/map-globus-identity-data"
]
}
],
"users_allow": [
"user1"
],
"users_deny": [
"user2"
],
"restrict_paths": {
"DATA_TYPE": "path_restrictions#1.0.0",
"read": [
"/public"
],
"read_write": [
"/home",
"/projects"
],
"none": [
"/private"
]
},
"process_user": "gcsweb",
"load_dsi_module": "google_drive",
"policies": {
"DATA_TYPE": "azure_blob_storage_policies#1.0.0",
"client_id": "string",
"secret": "string",
"tenant": "string",
"auth_type": "string",
"account": "string",
"adls": true,
"auth_callback": "https://example.globus.org/api/v1/authcallback"
},
"require_mfa": true,
"DATA_TYPE": "storage_gateway#1.1.0"
}
StorageGateway Document
A storage gateway provides the access policies for the endpoint’s connected storage systems. It is a named interface by which authorized users can create and manage collections on the connected storage system. A single storage system may be associated with multiple storage gateways, each with its own policies.
Storage gateway policies describe what type connector the storage gateway uses, the paths it allows access to, the login requirements are for the storage gateway, and the algorithm to map Globus identities to the user namespace of the storage gateway (e.g. local accounts).
Name |
Type |
Description |
StorageGateway |
StorageGateway One of { StorageGateway 1.0.0 , StorageGateway 1.1.0 } |
A storage gateway provides the access policies for the endpoint’s connected storage systems. It is a named interface by which authorized users can create and manage collections on the connected storage system. A single storage system may be associated with multiple storage gateways, each with its own policies. Storage gateway policies describe what type connector the storage gateway uses, the paths it allows access to, the login requirements are for the storage gateway, and the algorithm to map Globus identities to the user namespace of the storage gateway (e.g. local accounts). |
{
"id": "fc1f3ba0-1fa4-42b2-8bb3-53983774fa5f",
"display_name": "Posix Storage Gateway",
"connector_id": "145812c8-decc-41f1-83cf-bb2a85a2a70b",
"high_assurance": true,
"require_high_assurance": true,
"authentication_timeout_mins": 30,
"authentication_assurance_timeout": 30,
"allowed_domains": [
"example.com"
],
"identity_mappings": [
{
"DATA_TYPE": "external_identity_mapping#1.0.0",
"command": [
"/opt/globus/bin/python",
"/opt/globus/map-globus-identity-data"
]
}
],
"users_allow": [
"user1"
],
"users_deny": [
"user2"
],
"restrict_paths": {
"DATA_TYPE": "path_restrictions#1.0.0",
"read": [
"/public"
],
"read_write": [
"/home",
"/projects"
],
"none": [
"/private"
]
},
"process_user": "gcsweb",
"load_dsi_module": "google_drive",
"policies": {
"DATA_TYPE": "azure_blob_storage_policies#1.0.0",
"client_id": "string",
"secret": "string",
"tenant": "string",
"auth_type": "string",
"account": "string",
"adls": true,
"auth_callback": "https://example.globus.org/api/v1/authcallback"
},
"DATA_TYPE": "storage_gateway#1.0.0"
}
UserCredential Document
Credential information for an identity on a particular Storage Gateway and its related collections.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
id |
string <uuid> |
Unique id string for this User Credential |
identity_id |
string <uuid> |
Globus Auth identity id that this credential is associated with. |
connector_id |
string <uuid> |
Connector that this credential is used with. |
username |
string |
Connector-specific username that this credential is associated with. If the connector supports identity mapping, this matches the result of the mapping applied to identity_id. |
display_name |
string |
Display name of the credential. |
storage_gateway_id |
string |
Storage Gateway this credential is associated with. |
home_directory |
string |
The home directory of this account associated with this credential.[Private] |
invalid |
boolean |
Flag indicating that this credential is no longer valid. |
provisioned |
boolean |
Flag indicating that this credential has been fully provisioned. If this is false and the invalid property is true, then the credential was created during login and patching it to add the missing data should be presented to the user as initializing the credential. |
policies |
One of { object AzureBlobUserCredentialPolicies , BlackPearlUserCredentialPolicies , object BoxUserCredentialPolicies , object CephUserCredentialPolicies , object GoogleDriveUserCredentialPolicies , GoogleCloudStorageUserCredentialPolicies , object HpssUserCredentialPolicies , IrodsUserCredentialPolicies , object OneDriveUserCredentialPolicies , PosixUserCredentialPolicies , PosixStagingUserCredentialPolicies , object S3UserCredential , object } |
Connector-specific user credential policies. |
{
"DATA_TYPE": "user_credential#1.0.0",
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"identity_id": "c8b7ab5c-595c-43c9-8e43-9e8a3debfe4c",
"connector_id": "145812c8-decc-41f1-83cf-bb2a85a2a70b",
"username": "testuser",
"display_name": "Test User",
"storage_gateway_id": "fc1f3ba0-1fa4-42b2-8bb3-53983774fa5f",
"home_directory": "/home/user",
"invalid": true,
"provisioned": true,
"policies": {
"DATA_TYPE": "azure_blob_user_credential_policies#1.0.0",
"sub": "string",
"email": "user@example.com",
"access_token": "string",
"refresh_token": "string",
"scopes": [
"openid",
"email",
"profile",
"offline_access",
"user_impersonation"
],
"token_expiry": "2020-02-04T21:44:12Z"
}
}
Account Document
User account information for a particular Storage Gateway.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document. |
username |
string |
Connector-specific local username. |
storage_gateway_id |
string <uuid> |
Storage Gateway for which this account is valid. |
identity_id |
string <uuid> |
Globus Auth identity which maps to this account. |
{
"DATA_TYPE": "account#1.0.0",
"username": "testuser",
"storage_gateway_id": "fc1f3ba0-1fa4-42b2-8bb3-53983774fa5f",
"identity_id": "c8b7ab5c-595c-43c9-8e43-9e8a3debfe4c"
}
Owner Document
Owner document.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
identity_id |
string <uuid> |
Auth identity ID of the endpoint owner |
{
"DATA_TYPE": "endpoint_owner#1.0.0",
"identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1"
}
Owner string Document
Owner string document.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
identity_id |
string <uuid> |
Auth identity username |
{
"DATA_TYPE": "owner_string#1.0.0",
"identity_id": "2574c430-0c01-4695-92fa-4bad3c21f6ab"
}
EndpointSubscription Document
Endpoint subscription request document
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
subscription_id |
One of {
string
<uuid>,
string
|
Either the UUID of a Globus subscription or the special value "DEFAULT" if the caller has only one subscription associated with their identity set. |
{
"DATA_TYPE": "endpoint_subscription#1.0.0",
"subscription_id": "2d99530d-3b20-44cb-94d3-61d8f85cd896"
}
Collection (v1.0.0) Properties Document
Common data for both mapped and guest collection documents.
Name |
Type |
Description |
id |
string <uuid> |
Unique identifier for this collection. This is assigned by the GCS manager when creating a collection. |
manager_url |
string <uri> |
URL of the GCS Manager API service for the endpoint hosting this collection. |
domain_name |
string <hostname> |
DNS name of the virtual host serving this collection. For
mapped collections with do not have a custom domain,
this may be specified as part of the input
document to create the collection, otherwise this is a
read-only property. When included in the input, the
name is restricted to be a subdomain of the endpoint, and
the input name label may not start
with |
high_assurance |
boolean |
Flag indicating if this collection is created on a high assurance Storage Gateway. |
https_url |
string <uri> |
HTTPS URL for the data on this collection. |
tlsftp_url |
string <uri> |
TLSFTP URL for the data on this collection. |
collection_type |
string |
Type of collection. A |
display_name |
string |
Friendly name for the collection. Unicode
string, max 128 characters, no new lines ( |
connector_id |
string <uuid> |
Id of the connector type that is used by this collection. |
identity_id |
string <uuid> |
Globus Auth identity to who acts as the owner of this
collection. This identity is an |
storage_gateway_id |
string <uuid> |
Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created. |
root_path |
string |
Absolute root path of the collection. All data access is done relative to this path.[Private] |
collection_base_path |
string |
Path to be interpreted as the base path when creating a
new collection. It is interpreted differently depending
on the collection type being created. For a mapped
collection, this is an absolute path on the storage
system named by the storage_gateway_id. For a guest
collection, this is a relative path relative to the
value of the |
default_directory |
string |
Default directory when accessing the
collection. This may include the special string
If the collection is mapped collection with a
collection_base_path value of |
public |
boolean |
Flag indicating whether this collection is visible to other Globus users. |
force_encryption |
boolean |
Flag indicating whether all data transfers to and from this collection are always encrypted. New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections. |
disable_verify |
boolean |
Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer. |
organization |
string |
Organization that maintains the collection. |
department |
string |
Department within organization that runs the server(s). |
keywords |
array (string) |
List of search keywords for the collection. |
description |
string |
A description of the endpoint. |
contact_email |
string <email> |
Email address of the support contact for the collection. |
contact_info |
string |
Other non-email contact information for the collection, e.g. phone and mailing address. |
info_link |
string <uri> |
Link to a web page with more information about the endpoint. |
authentication_timeout_mins |
integer |
Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway. |
policies |
object |
Connector-specific collection policies. |
{
"id": "18d367d5-45cf-4724-a53e-5a685e45c942",
"manager_url": "https://gcs.data.globus.org/",
"domain_name": "i-f3c83.123.globus.org",
"high_assurance": true,
"https_url": "https://i-f3c83.123.globus.org",
"tlsftp_url": "tlsftp://i-f3c83.123.globus.org",
"collection_type": "string",
"display_name": "Project Foo Research Data",
"connector_id": "c8b7ab5c-595c-43c9-8e43-9e8a3debfe4c",
"identity_id": "c8b7ab5c-595c-43c9-8e43-9e8a3debfe4c",
"storage_gateway_id": "fc1f3ba0-1fa4-42b2-8bb3-53983774fa5f",
"root_path": "/",
"collection_base_path": "/",
"default_directory": "/projects",
"public": true,
"force_encryption": false,
"disable_verify": false,
"organization": "University of Example",
"department": "Data Science",
"keywords": [
"Project Foo",
"Data Intensive Science"
],
"description": "Information related to the \"Foo\" project.",
"contact_email": "project-foo@example.edu",
"contact_info": "+1 (555) 555-1234",
"info_link": "https://project-foo.example.edu/info",
"authentication_timeout_mins": 30,
"policies": {}
}
Collection (v1.1.0) Properties Document
Added in API v1.1.0, this adds support for user_message, user_message_link, and conditionally disabling the HTTPS service for managed endpoints.
Name |
Type |
Description |
enable_https |
boolean |
Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to True on a guest collection if the value on the related mapped collection is False. (Added in API 1.1.0) |
user_message |
string |
A message for clients to display to users when interacting with this collection, max length 64 characters. For guest collections, this property is read-only and is the same as the value of its related mapped collection. (Added in API 1.1.0) |
user_message_link |
string <uri> |
Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection. (Added in API 1.1.0) |
{
"enable_https": true,
"user_message": "System maintenance scheduled 10pm-11pm CDT Friday",
"user_message_link": "https://example.org/maintenance-schedule/"
}
Collection (v1.4.0) Properties Document
Added in API v1.7.0, this adds support for require_mfa.
Name |
Type |
Description |
require_mfa |
boolean |
Flag indicating if the storage_gateway requires multi- factor authentication. Only applies to high assurance storage gateways. |
force_verify |
boolean |
Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer. |
{
"require_mfa": true,
"force_verify": false
}
Collection 1.5.0 Properties Document
Added in API v1.8.0, this adds support for disabling anonymous write acls.
Name |
Type |
Description |
disable_anonymous_writes |
boolean |
Flag indicating if guest collections on this mapped collection will allow anonymous write ACLs. This defaults to true for high assurance collections and false for non high assurance collections. This flag can only be set on non high assurance mapped collections and is read-only on all other collection types. (Added in API 1.8.0) |
{
"disable_anonymous_writes": false
}
BaseCollection 1.0.0 Document
Name |
Type |
Description |
id |
string <uuid> |
Unique identifier for this collection. This is assigned by the GCS manager when creating a collection. |
manager_url |
string <uri> |
URL of the GCS Manager API service for the endpoint hosting this collection. |
domain_name |
string <hostname> |
DNS name of the virtual host serving this collection. For
mapped collections with do not have a custom domain,
this may be specified as part of the input
document to create the collection, otherwise this is a
read-only property. When included in the input, the
name is restricted to be a subdomain of the endpoint, and
the input name label may not start
with |
high_assurance |
boolean |
Flag indicating if this collection is created on a high assurance Storage Gateway. |
https_url |
string <uri> |
HTTPS URL for the data on this collection. |
tlsftp_url |
string <uri> |
TLSFTP URL for the data on this collection. |
collection_type |
string |
Type of collection. A |
display_name |
string |
Friendly name for the collection. Unicode
string, max 128 characters, no new lines ( |
connector_id |
string <uuid> |
Id of the connector type that is used by this collection. |
identity_id |
string <uuid> |
Globus Auth identity to who acts as the owner of this
collection. This identity is an |
storage_gateway_id |
string <uuid> |
Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created. |
root_path |
string |
Absolute root path of the collection. All data access is done relative to this path.[Private] |
collection_base_path |
string |
Path to be interpreted as the base path when creating a
new collection. It is interpreted differently depending
on the collection type being created. For a mapped
collection, this is an absolute path on the storage
system named by the storage_gateway_id. For a guest
collection, this is a relative path relative to the
value of the |
default_directory |
string |
Default directory when accessing the
collection. This may include the special string
If the collection is mapped collection with a
collection_base_path value of |
public |
boolean |
Flag indicating whether this collection is visible to other Globus users. |
force_encryption |
boolean |
Flag indicating whether all data transfers to and from this collection are always encrypted. New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections. |
disable_verify |
boolean |
Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer. |
organization |
string |
Organization that maintains the collection. |
department |
string |
Department within organization that runs the server(s). |
keywords |
array (string) |
List of search keywords for the collection. |
description |
string |
A description of the endpoint. |
contact_email |
string <email> |
Email address of the support contact for the collection. |
contact_info |
string |
Other non-email contact information for the collection, e.g. phone and mailing address. |
info_link |
string <uri> |
Link to a web page with more information about the endpoint. |
authentication_timeout_mins |
integer |
Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway. |
policies |
object |
Connector-specific collection policies. |
DATA_TYPE |
string |
{
"id": "18d367d5-45cf-4724-a53e-5a685e45c942",
"manager_url": "https://gcs.data.globus.org/",
"domain_name": "i-f3c83.123.globus.org",
"high_assurance": true,
"https_url": "https://i-f3c83.123.globus.org",
"tlsftp_url": "tlsftp://i-f3c83.123.globus.org",
"collection_type": "string",
"display_name": "Project Foo Research Data",
"connector_id": "c8b7ab5c-595c-43c9-8e43-9e8a3debfe4c",
"identity_id": "c8b7ab5c-595c-43c9-8e43-9e8a3debfe4c",
"storage_gateway_id": "fc1f3ba0-1fa4-42b2-8bb3-53983774fa5f",
"root_path": "/",
"collection_base_path": "/",
"default_directory": "/projects",
"public": true,
"force_encryption": false,
"disable_verify": false,
"organization": "University of Example",
"department": "Data Science",
"keywords": [
"Project Foo",
"Data Intensive Science"
],
"description": "Information related to the \"Foo\" project.",
"contact_email": "project-foo@example.edu",
"contact_info": "+1 (555) 555-1234",
"info_link": "https://project-foo.example.edu/info",
"authentication_timeout_mins": 30,
"policies": {},
"DATA_TYPE": "collection#1.0.0"
}
BaseCollection 1.1.0 Document
Name |
Type |
Description |
id |
string <uuid> |
Unique identifier for this collection. This is assigned by the GCS manager when creating a collection. |
manager_url |
string <uri> |
URL of the GCS Manager API service for the endpoint hosting this collection. |
domain_name |
string <hostname> |
DNS name of the virtual host serving this collection. For
mapped collections with do not have a custom domain,
this may be specified as part of the input
document to create the collection, otherwise this is a
read-only property. When included in the input, the
name is restricted to be a subdomain of the endpoint, and
the input name label may not start
with |
high_assurance |
boolean |
Flag indicating if this collection is created on a high assurance Storage Gateway. |
https_url |
string <uri> |
HTTPS URL for the data on this collection. |
tlsftp_url |
string <uri> |
TLSFTP URL for the data on this collection. |
collection_type |
string |
Type of collection. A |
display_name |
string |
Friendly name for the collection. Unicode
string, max 128 characters, no new lines ( |
connector_id |
string <uuid> |
Id of the connector type that is used by this collection. |
identity_id |
string <uuid> |
Globus Auth identity to who acts as the owner of this
collection. This identity is an |
storage_gateway_id |
string <uuid> |
Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created. |
root_path |
string |
Absolute root path of the collection. All data access is done relative to this path.[Private] |
collection_base_path |
string |
Path to be interpreted as the base path when creating a
new collection. It is interpreted differently depending
on the collection type being created. For a mapped
collection, this is an absolute path on the storage
system named by the storage_gateway_id. For a guest
collection, this is a relative path relative to the
value of the |
default_directory |
string |
Default directory when accessing the
collection. This may include the special string
If the collection is mapped collection with a
collection_base_path value of |
public |
boolean |
Flag indicating whether this collection is visible to other Globus users. |
force_encryption |
boolean |
Flag indicating whether all data transfers to and from this collection are always encrypted. New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections. |
disable_verify |
boolean |
Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer. |
organization |
string |
Organization that maintains the collection. |
department |
string |
Department within organization that runs the server(s). |
keywords |
array (string) |
List of search keywords for the collection. |
description |
string |
A description of the endpoint. |
contact_email |
string <email> |
Email address of the support contact for the collection. |
contact_info |
string |
Other non-email contact information for the collection, e.g. phone and mailing address. |
info_link |
string <uri> |
Link to a web page with more information about the endpoint. |
authentication_timeout_mins |
integer |
Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway. |
policies |
object |
Connector-specific collection policies. |
enable_https |
boolean |
Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to True on a guest collection if the value on the related mapped collection is False. (Added in API 1.1.0) |
user_message |
string |
A message for clients to display to users when interacting with this collection, max length 64 characters. For guest collections, this property is read-only and is the same as the value of its related mapped collection. (Added in API 1.1.0) |
user_message_link |
string <uri> |
Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection. (Added in API 1.1.0) |
DATA_TYPE |
string |
{
"id": "18d367d5-45cf-4724-a53e-5a685e45c942",
"manager_url": "https://gcs.data.globus.org/",
"domain_name": "i-f3c83.123.globus.org",
"high_assurance": true,
"https_url": "https://i-f3c83.123.globus.org",
"tlsftp_url": "tlsftp://i-f3c83.123.globus.org",
"collection_type": "string",
"display_name": "Project Foo Research Data",
"connector_id": "c8b7ab5c-595c-43c9-8e43-9e8a3debfe4c",
"identity_id": "c8b7ab5c-595c-43c9-8e43-9e8a3debfe4c",
"storage_gateway_id": "fc1f3ba0-1fa4-42b2-8bb3-53983774fa5f",
"root_path": "/",
"collection_base_path": "/",
"default_directory": "/projects",
"public": true,
"force_encryption": false,
"disable_verify": false,
"organization": "University of Example",
"department": "Data Science",
"keywords": [
"Project Foo",
"Data Intensive Science"
],
"description": "Information related to the \"Foo\" project.",
"contact_email": "project-foo@example.edu",
"contact_info": "+1 (555) 555-1234",
"info_link": "https://project-foo.example.edu/info",
"authentication_timeout_mins": 30,
"policies": {},
"enable_https": true,
"user_message": "System maintenance scheduled 10pm-11pm CDT Friday",
"user_message_link": "https://example.org/maintenance-schedule/",
"DATA_TYPE": "collection#1.1.0"
}
BaseCollection 1.2.0 Document
Name |
Type |
Description |
id |
string <uuid> |
Unique identifier for this collection. This is assigned by the GCS manager when creating a collection. |
manager_url |
string <uri> |
URL of the GCS Manager API service for the endpoint hosting this collection. |
domain_name |
string <hostname> |
DNS name of the virtual host serving this collection. For
mapped collections with do not have a custom domain,
this may be specified as part of the input
document to create the collection, otherwise this is a
read-only property. When included in the input, the
name is restricted to be a subdomain of the endpoint, and
the input name label may not start
with |
high_assurance |
boolean |
Flag indicating if this collection is created on a high assurance Storage Gateway. |
https_url |
string <uri> |
HTTPS URL for the data on this collection. |
tlsftp_url |
string <uri> |
TLSFTP URL for the data on this collection. |
collection_type |
string |
Type of collection. A |
display_name |
string |
Friendly name for the collection. Unicode
string, max 128 characters, no new lines ( |
connector_id |
string <uuid> |
Id of the connector type that is used by this collection. |
identity_id |
string <uuid> |
Globus Auth identity to who acts as the owner of this
collection. This identity is an |
storage_gateway_id |
string <uuid> |
Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created. |
root_path |
string |
Absolute root path of the collection. All data access is done relative to this path.[Private] |
collection_base_path |
string |
Path to be interpreted as the base path when creating a
new collection. It is interpreted differently depending
on the collection type being created. For a mapped
collection, this is an absolute path on the storage
system named by the storage_gateway_id. For a guest
collection, this is a relative path relative to the
value of the |
default_directory |
string |
Default directory when accessing the
collection. This may include the special string
If the collection is mapped collection with a
collection_base_path value of |
public |
boolean |
Flag indicating whether this collection is visible to other Globus users. |
force_encryption |
boolean |
Flag indicating whether all data transfers to and from this collection are always encrypted. New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections. |
disable_verify |
boolean |
Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer. |
organization |
string |
Organization that maintains the collection. |
department |
string |
Department within organization that runs the server(s). |
keywords |
array (string) |
List of search keywords for the collection. |
description |
string |
A description of the endpoint. |
contact_email |
string <email> |
Email address of the support contact for the collection. |
contact_info |
string |
Other non-email contact information for the collection, e.g. phone and mailing address. |
info_link |
string <uri> |
Link to a web page with more information about the endpoint. |
authentication_timeout_mins |
integer |
Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway. |
policies |
object |
Connector-specific collection policies. |
enable_https |
boolean |
Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to True on a guest collection if the value on the related mapped collection is False. (Added in API 1.1.0) |
user_message |
string |
A message for clients to display to users when interacting with this collection, max length 64 characters. For guest collections, this property is read-only and is the same as the value of its related mapped collection. (Added in API 1.1.0) |
user_message_link |
string <uri> |
Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection. (Added in API 1.1.0) |
DATA_TYPE |
string |
{
"id": "18d367d5-45cf-4724-a53e-5a685e45c942",
"manager_url": "https://gcs.data.globus.org/",
"domain_name": "i-f3c83.123.globus.org",
"high_assurance": true,
"https_url": "https://i-f3c83.123.globus.org",
"tlsftp_url": "tlsftp://i-f3c83.123.globus.org",
"collection_type": "string",
"display_name": "Project Foo Research Data",
"connector_id": "c8b7ab5c-595c-43c9-8e43-9e8a3debfe4c",
"identity_id": "c8b7ab5c-595c-43c9-8e43-9e8a3debfe4c",
"storage_gateway_id": "fc1f3ba0-1fa4-42b2-8bb3-53983774fa5f",
"root_path": "/",
"collection_base_path": "/",
"default_directory": "/projects",
"public": true,
"force_encryption": false,
"disable_verify": false,
"organization": "University of Example",
"department": "Data Science",
"keywords": [
"Project Foo",
"Data Intensive Science"
],
"description": "Information related to the \"Foo\" project.",
"contact_email": "project-foo@example.edu",
"contact_info": "+1 (555) 555-1234",
"info_link": "https://project-foo.example.edu/info",
"authentication_timeout_mins": 30,
"policies": {},
"enable_https": true,
"user_message": "System maintenance scheduled 10pm-11pm CDT Friday",
"user_message_link": "https://example.org/maintenance-schedule/",
"DATA_TYPE": "collection#1.2.0"
}
BaseCollection 1.4.0 Document
Name |
Type |
Description |
id |
string <uuid> |
Unique identifier for this collection. This is assigned by the GCS manager when creating a collection. |
manager_url |
string <uri> |
URL of the GCS Manager API service for the endpoint hosting this collection. |
domain_name |
string <hostname> |
DNS name of the virtual host serving this collection. For
mapped collections with do not have a custom domain,
this may be specified as part of the input
document to create the collection, otherwise this is a
read-only property. When included in the input, the
name is restricted to be a subdomain of the endpoint, and
the input name label may not start
with |
high_assurance |
boolean |
Flag indicating if this collection is created on a high assurance Storage Gateway. |
https_url |
string <uri> |
HTTPS URL for the data on this collection. |
tlsftp_url |
string <uri> |
TLSFTP URL for the data on this collection. |
collection_type |
string |
Type of collection. A |
display_name |
string |
Friendly name for the collection. Unicode
string, max 128 characters, no new lines ( |
connector_id |
string <uuid> |
Id of the connector type that is used by this collection. |
identity_id |
string <uuid> |
Globus Auth identity to who acts as the owner of this
collection. This identity is an |
storage_gateway_id |
string <uuid> |
Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created. |
root_path |
string |
Absolute root path of the collection. All data access is done relative to this path.[Private] |
collection_base_path |
string |
Path to be interpreted as the base path when creating a
new collection. It is interpreted differently depending
on the collection type being created. For a mapped
collection, this is an absolute path on the storage
system named by the storage_gateway_id. For a guest
collection, this is a relative path relative to the
value of the |
default_directory |
string |
Default directory when accessing the
collection. This may include the special string
If the collection is mapped collection with a
collection_base_path value of |
public |
boolean |
Flag indicating whether this collection is visible to other Globus users. |
force_encryption |
boolean |
Flag indicating whether all data transfers to and from this collection are always encrypted. New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections. |
disable_verify |
boolean |
Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer. |
organization |
string |
Organization that maintains the collection. |
department |
string |
Department within organization that runs the server(s). |
keywords |
array (string) |
List of search keywords for the collection. |
description |
string |
A description of the endpoint. |
contact_email |
string <email> |
Email address of the support contact for the collection. |
contact_info |
string |
Other non-email contact information for the collection, e.g. phone and mailing address. |
info_link |
string <uri> |
Link to a web page with more information about the endpoint. |
authentication_timeout_mins |
integer |
Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway. |
policies |
object |
Connector-specific collection policies. |
enable_https |
boolean |
Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to True on a guest collection if the value on the related mapped collection is False. (Added in API 1.1.0) |
user_message |
string |
A message for clients to display to users when interacting with this collection, max length 64 characters. For guest collections, this property is read-only and is the same as the value of its related mapped collection. (Added in API 1.1.0) |
user_message_link |
string <uri> |
Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection. (Added in API 1.1.0) |
require_mfa |
boolean |
Flag indicating if the storage_gateway requires multi- factor authentication. Only applies to high assurance storage gateways. |
force_verify |
boolean |
Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer. |
DATA_TYPE |
string |
{
"id": "18d367d5-45cf-4724-a53e-5a685e45c942",
"manager_url": "https://gcs.data.globus.org/",
"domain_name": "i-f3c83.123.globus.org",
"high_assurance": true,
"https_url": "https://i-f3c83.123.globus.org",
"tlsftp_url": "tlsftp://i-f3c83.123.globus.org",
"collection_type": "string",
"display_name": "Project Foo Research Data",
"connector_id": "c8b7ab5c-595c-43c9-8e43-9e8a3debfe4c",
"identity_id": "c8b7ab5c-595c-43c9-8e43-9e8a3debfe4c",
"storage_gateway_id": "fc1f3ba0-1fa4-42b2-8bb3-53983774fa5f",
"root_path": "/",
"collection_base_path": "/",
"default_directory": "/projects",
"public": true,
"force_encryption": false,
"disable_verify": false,
"organization": "University of Example",
"department": "Data Science",
"keywords": [
"Project Foo",
"Data Intensive Science"
],
"description": "Information related to the \"Foo\" project.",
"contact_email": "project-foo@example.edu",
"contact_info": "+1 (555) 555-1234",
"info_link": "https://project-foo.example.edu/info",
"authentication_timeout_mins": 30,
"policies": {},
"enable_https": true,
"user_message": "System maintenance scheduled 10pm-11pm CDT Friday",
"user_message_link": "https://example.org/maintenance-schedule/",
"require_mfa": true,
"force_verify": false,
"DATA_TYPE": "collection#1.4.0"
}
BaseCollection 1.5.0 Document
Name |
Type |
Description |
id |
string <uuid> |
Unique identifier for this collection. This is assigned by the GCS manager when creating a collection. |
manager_url |
string <uri> |
URL of the GCS Manager API service for the endpoint hosting this collection. |
domain_name |
string <hostname> |
DNS name of the virtual host serving this collection. For
mapped collections with do not have a custom domain,
this may be specified as part of the input
document to create the collection, otherwise this is a
read-only property. When included in the input, the
name is restricted to be a subdomain of the endpoint, and
the input name label may not start
with |
high_assurance |
boolean |
Flag indicating if this collection is created on a high assurance Storage Gateway. |
https_url |
string <uri> |
HTTPS URL for the data on this collection. |
tlsftp_url |
string <uri> |
TLSFTP URL for the data on this collection. |
collection_type |
string |
Type of collection. A |
display_name |
string |
Friendly name for the collection. Unicode
string, max 128 characters, no new lines ( |
connector_id |
string <uuid> |
Id of the connector type that is used by this collection. |
identity_id |
string <uuid> |
Globus Auth identity to who acts as the owner of this
collection. This identity is an |
storage_gateway_id |
string <uuid> |
Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created. |
root_path |
string |
Absolute root path of the collection. All data access is done relative to this path.[Private] |
collection_base_path |
string |
Path to be interpreted as the base path when creating a
new collection. It is interpreted differently depending
on the collection type being created. For a mapped
collection, this is an absolute path on the storage
system named by the storage_gateway_id. For a guest
collection, this is a relative path relative to the
value of the |
default_directory |
string |
Default directory when accessing the
collection. This may include the special string
If the collection is mapped collection with a
collection_base_path value of |
public |
boolean |
Flag indicating whether this collection is visible to other Globus users. |
force_encryption |
boolean |
Flag indicating whether all data transfers to and from this collection are always encrypted. New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections. |
disable_verify |
boolean |
Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer. |
organization |
string |
Organization that maintains the collection. |
department |
string |
Department within organization that runs the server(s). |
keywords |
array (string) |
List of search keywords for the collection. |
description |
string |
A description of the endpoint. |
contact_email |
string <email> |
Email address of the support contact for the collection. |
contact_info |
string |
Other non-email contact information for the collection, e.g. phone and mailing address. |
info_link |
string <uri> |
Link to a web page with more information about the endpoint. |
authentication_timeout_mins |
integer |
Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway. |
policies |
object |
Connector-specific collection policies. |
enable_https |
boolean |
Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to True on a guest collection if the value on the related mapped collection is False. (Added in API 1.1.0) |
user_message |
string |
A message for clients to display to users when interacting with this collection, max length 64 characters. For guest collections, this property is read-only and is the same as the value of its related mapped collection. (Added in API 1.1.0) |
user_message_link |
string <uri> |
Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection. (Added in API 1.1.0) |
require_mfa |
boolean |
Flag indicating if the storage_gateway requires multi- factor authentication. Only applies to high assurance storage gateways. |
force_verify |
boolean |
Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer. |
disable_anonymous_writes |
boolean |
Flag indicating if guest collections on this mapped collection will allow anonymous write ACLs. This defaults to true for high assurance collections and false for non high assurance collections. This flag can only be set on non high assurance mapped collections and is read-only on all other collection types. (Added in API 1.8.0) |
DATA_TYPE |
string |
{
"id": "18d367d5-45cf-4724-a53e-5a685e45c942",
"manager_url": "https://gcs.data.globus.org/",
"domain_name": "i-f3c83.123.globus.org",
"high_assurance": true,
"https_url": "https://i-f3c83.123.globus.org",
"tlsftp_url": "tlsftp://i-f3c83.123.globus.org",
"collection_type": "string",
"display_name": "Project Foo Research Data",
"connector_id": "c8b7ab5c-595c-43c9-8e43-9e8a3debfe4c",
"identity_id": "c8b7ab5c-595c-43c9-8e43-9e8a3debfe4c",
"storage_gateway_id": "fc1f3ba0-1fa4-42b2-8bb3-53983774fa5f",
"root_path": "/",
"collection_base_path": "/",
"default_directory": "/projects",
"public": true,
"force_encryption": false,
"disable_verify": false,
"organization": "University of Example",
"department": "Data Science",
"keywords": [
"Project Foo",
"Data Intensive Science"
],
"description": "Information related to the \"Foo\" project.",
"contact_email": "project-foo@example.edu",
"contact_info": "+1 (555) 555-1234",
"info_link": "https://project-foo.example.edu/info",
"authentication_timeout_mins": 30,
"policies": {},
"enable_https": true,
"user_message": "System maintenance scheduled 10pm-11pm CDT Friday",
"user_message_link": "https://example.org/maintenance-schedule/",
"require_mfa": true,
"force_verify": false,
"disable_anonymous_writes": false,
"DATA_TYPE": "collection#1.5.0"
}
Mapped Collection Properties Document
Name |
Type |
Description |
collection_type |
|
|
allow_guest_collections |
boolean |
Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible. |
sharing_restrict_paths |
One of { object PathRestrictions } |
Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root.[Private] |
{
"collection_type": "mapped",
"allow_guest_collections": true,
"sharing_restrict_paths": {
"DATA_TYPE": "path_restrictions#1.0.0",
"read": [
"/public"
],
"read_write": [
"/home",
"/projects"
],
"none": [
"/private"
]
}
}
Mapped Collection 1.2.0 Properties Document
Added in API v1.2.0, this adds support for sharing_users_allow and sharing_users_deny.
Name |
Type |
Description |
sharing_users_allow |
array (string) |
List of connector-specific usernames allowed to create new guest collections on this mapped collection. (Added in API 1.2.0)[Private] |
sharing_users_deny |
array (string) |
List of connector-specific usernames denied access to create new guest collections on this mapped collection. (Added in API 1.2.0)[Private] |
{
"sharing_users_allow": [
"user1"
],
"sharing_users_deny": [
"user2"
]
}
Mapped Collection 1.0.0 Document
Name |
Type |
Description |
id |
string <uuid> |
Unique identifier for this collection. This is assigned by the GCS manager when creating a collection. |
manager_url |
string <uri> |
URL of the GCS Manager API service for the endpoint hosting this collection. |
domain_name |
string <hostname> |
DNS name of the virtual host serving this collection. For
mapped collections with do not have a custom domain,
this may be specified as part of the input
document to create the collection, otherwise this is a
read-only property. When included in the input, the
name is restricted to be a subdomain of the endpoint, and
the input name label may not start
with |
high_assurance |
boolean |
Flag indicating if this collection is created on a high assurance Storage Gateway. |
https_url |
string <uri> |
HTTPS URL for the data on this collection. |
tlsftp_url |
string <uri> |
TLSFTP URL for the data on this collection. |
collection_type |
string |
Type of collection. A |
display_name |
string |
Friendly name for the collection. Unicode
string, max 128 characters, no new lines ( |
connector_id |
string <uuid> |
Id of the connector type that is used by this collection. |
identity_id |
string <uuid> |
Globus Auth identity to who acts as the owner of this
collection. This identity is an |
storage_gateway_id |
string <uuid> |
Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created. |
root_path |
string |
Absolute root path of the collection. All data access is done relative to this path.[Private] |
collection_base_path |
string |
Path to be interpreted as the base path when creating a
new collection. It is interpreted differently depending
on the collection type being created. For a mapped
collection, this is an absolute path on the storage
system named by the storage_gateway_id. For a guest
collection, this is a relative path relative to the
value of the |
default_directory |
string |
Default directory when accessing the
collection. This may include the special string
If the collection is mapped collection with a
collection_base_path value of |
public |
boolean |
Flag indicating whether this collection is visible to other Globus users. |
force_encryption |
boolean |
Flag indicating whether all data transfers to and from this collection are always encrypted. New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections. |
disable_verify |
boolean |
Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer. |
organization |
string |
Organization that maintains the collection. |
department |
string |
Department within organization that runs the server(s). |
keywords |
array (string) |
List of search keywords for the collection. |
description |
string |
A description of the endpoint. |
contact_email |
string <email> |
Email address of the support contact for the collection. |
contact_info |
string |
Other non-email contact information for the collection, e.g. phone and mailing address. |
info_link |
string <uri> |
Link to a web page with more information about the endpoint. |
authentication_timeout_mins |
integer |
Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway. |
policies |
object |
Connector-specific collection policies. |
DATA_TYPE |
string |
|
allow_guest_collections |
boolean |
Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible. |
sharing_restrict_paths |
One of { object PathRestrictions } |
Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root.[Private] |
{
"id": "18d367d5-45cf-4724-a53e-5a685e45c942",
"manager_url": "https://gcs.data.globus.org/",
"domain_name": "i-f3c83.123.globus.org",
"high_assurance": true,
"https_url": "https://i-f3c83.123.globus.org",
"tlsftp_url": "tlsftp://i-f3c83.123.globus.org",
"collection_type": "mapped",
"display_name": "Project Foo Research Data",
"connector_id": "c8b7ab5c-595c-43c9-8e43-9e8a3debfe4c",
"identity_id": "c8b7ab5c-595c-43c9-8e43-9e8a3debfe4c",
"storage_gateway_id": "fc1f3ba0-1fa4-42b2-8bb3-53983774fa5f",
"root_path": "/",
"collection_base_path": "/",
"default_directory": "/projects",
"public": true,
"force_encryption": false,
"disable_verify": false,
"organization": "University of Example",
"department": "Data Science",
"keywords": [
"Project Foo",
"Data Intensive Science"
],
"description": "Information related to the \"Foo\" project.",
"contact_email": "project-foo@example.edu",
"contact_info": "+1 (555) 555-1234",
"info_link": "https://project-foo.example.edu/info",
"authentication_timeout_mins": 30,
"policies": {},
"DATA_TYPE": "collection#1.0.0",
"allow_guest_collections": true,
"sharing_restrict_paths": {
"DATA_TYPE": "path_restrictions#1.0.0",
"read": [
"/public"
],
"read_write": [
"/home",
"/projects"
],
"none": [
"/private"
]
}
}
Mapped Collection 1.1.0 Document
Name |
Type |
Description |
id |
string <uuid> |
Unique identifier for this collection. This is assigned by the GCS manager when creating a collection. |
manager_url |
string <uri> |
URL of the GCS Manager API service for the endpoint hosting this collection. |
domain_name |
string <hostname> |
DNS name of the virtual host serving this collection. For
mapped collections with do not have a custom domain,
this may be specified as part of the input
document to create the collection, otherwise this is a
read-only property. When included in the input, the
name is restricted to be a subdomain of the endpoint, and
the input name label may not start
with |
high_assurance |
boolean |
Flag indicating if this collection is created on a high assurance Storage Gateway. |
https_url |
string <uri> |
HTTPS URL for the data on this collection. |
tlsftp_url |
string <uri> |
TLSFTP URL for the data on this collection. |
collection_type |
string |
Type of collection. A |
display_name |
string |
Friendly name for the collection. Unicode
string, max 128 characters, no new lines ( |
connector_id |
string <uuid> |
Id of the connector type that is used by this collection. |
identity_id |
string <uuid> |
Globus Auth identity to who acts as the owner of this
collection. This identity is an |
storage_gateway_id |
string <uuid> |
Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created. |
root_path |
string |
Absolute root path of the collection. All data access is done relative to this path.[Private] |
collection_base_path |
string |
Path to be interpreted as the base path when creating a
new collection. It is interpreted differently depending
on the collection type being created. For a mapped
collection, this is an absolute path on the storage
system named by the storage_gateway_id. For a guest
collection, this is a relative path relative to the
value of the |
default_directory |
string |
Default directory when accessing the
collection. This may include the special string
If the collection is mapped collection with a
collection_base_path value of |
public |
boolean |
Flag indicating whether this collection is visible to other Globus users. |
force_encryption |
boolean |
Flag indicating whether all data transfers to and from this collection are always encrypted. New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections. |
disable_verify |
boolean |
Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer. |
organization |
string |
Organization that maintains the collection. |
department |
string |
Department within organization that runs the server(s). |
keywords |
array (string) |
List of search keywords for the collection. |
description |
string |
A description of the endpoint. |
contact_email |
string <email> |
Email address of the support contact for the collection. |
contact_info |
string |
Other non-email contact information for the collection, e.g. phone and mailing address. |
info_link |
string <uri> |
Link to a web page with more information about the endpoint. |
authentication_timeout_mins |
integer |
Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway. |
policies |
object |
Connector-specific collection policies. |
enable_https |
boolean |
Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to True on a guest collection if the value on the related mapped collection is False. (Added in API 1.1.0) |
user_message |
string |
A message for clients to display to users when interacting with this collection, max length 64 characters. For guest collections, this property is read-only and is the same as the value of its related mapped collection. (Added in API 1.1.0) |
user_message_link |
string <uri> |
Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection. (Added in API 1.1.0) |
DATA_TYPE |
string |
|
allow_guest_collections |
boolean |
Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible. |
sharing_restrict_paths |
One of { object PathRestrictions } |
Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root.[Private] |
{
"id": "18d367d5-45cf-4724-a53e-5a685e45c942",
"manager_url": "https://gcs.data.globus.org/",
"domain_name": "i-f3c83.123.globus.org",
"high_assurance": true,
"https_url": "https://i-f3c83.123.globus.org",
"tlsftp_url": "tlsftp://i-f3c83.123.globus.org",
"collection_type": "mapped",
"display_name": "Project Foo Research Data",
"connector_id": "c8b7ab5c-595c-43c9-8e43-9e8a3debfe4c",
"identity_id": "c8b7ab5c-595c-43c9-8e43-9e8a3debfe4c",
"storage_gateway_id": "fc1f3ba0-1fa4-42b2-8bb3-53983774fa5f",
"root_path": "/",
"collection_base_path": "/",
"default_directory": "/projects",
"public": true,
"force_encryption": false,
"disable_verify": false,
"organization": "University of Example",
"department": "Data Science",
"keywords": [
"Project Foo",
"Data Intensive Science"
],
"description": "Information related to the \"Foo\" project.",
"contact_email": "project-foo@example.edu",
"contact_info": "+1 (555) 555-1234",
"info_link": "https://project-foo.example.edu/info",
"authentication_timeout_mins": 30,
"policies": {},
"enable_https": true,
"user_message": "System maintenance scheduled 10pm-11pm CDT Friday",
"user_message_link": "https://example.org/maintenance-schedule/",
"DATA_TYPE": "collection#1.1.0",
"allow_guest_collections": true,
"sharing_restrict_paths": {
"DATA_TYPE": "path_restrictions#1.0.0",
"read": [
"/public"
],
"read_write": [
"/home",
"/projects"
],
"none": [
"/private"
]
}
}
Mapped Collection 1.2.0 Document
Name |
Type |
Description |
id |
string <uuid> |
Unique identifier for this collection. This is assigned by the GCS manager when creating a collection. |
manager_url |
string <uri> |
URL of the GCS Manager API service for the endpoint hosting this collection. |
domain_name |
string <hostname> |
DNS name of the virtual host serving this collection. For
mapped collections with do not have a custom domain,
this may be specified as part of the input
document to create the collection, otherwise this is a
read-only property. When included in the input, the
name is restricted to be a subdomain of the endpoint, and
the input name label may not start
with |
high_assurance |
boolean |
Flag indicating if this collection is created on a high assurance Storage Gateway. |
https_url |
string <uri> |
HTTPS URL for the data on this collection. |
tlsftp_url |
string <uri> |
TLSFTP URL for the data on this collection. |
collection_type |
string |
Type of collection. A |
display_name |
string |
Friendly name for the collection. Unicode
string, max 128 characters, no new lines ( |
connector_id |
string <uuid> |
Id of the connector type that is used by this collection. |
identity_id |
string <uuid> |
Globus Auth identity to who acts as the owner of this
collection. This identity is an |
storage_gateway_id |
string <uuid> |
Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created. |
root_path |
string |
Absolute root path of the collection. All data access is done relative to this path.[Private] |
collection_base_path |
string |
Path to be interpreted as the base path when creating a
new collection. It is interpreted differently depending
on the collection type being created. For a mapped
collection, this is an absolute path on the storage
system named by the storage_gateway_id. For a guest
collection, this is a relative path relative to the
value of the |
default_directory |
string |
Default directory when accessing the
collection. This may include the special string
If the collection is mapped collection with a
collection_base_path value of |
public |
boolean |
Flag indicating whether this collection is visible to other Globus users. |
force_encryption |
boolean |
Flag indicating whether all data transfers to and from this collection are always encrypted. New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections. |
disable_verify |
boolean |
Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer. |
organization |
string |
Organization that maintains the collection. |
department |
string |
Department within organization that runs the server(s). |
keywords |
array (string) |
List of search keywords for the collection. |
description |
string |
A description of the endpoint. |
contact_email |
string <email> |
Email address of the support contact for the collection. |
contact_info |
string |
Other non-email contact information for the collection, e.g. phone and mailing address. |
info_link |
string <uri> |
Link to a web page with more information about the endpoint. |
authentication_timeout_mins |
integer |
Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway. |
policies |
object |
Connector-specific collection policies. |
enable_https |
boolean |
Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to True on a guest collection if the value on the related mapped collection is False. (Added in API 1.1.0) |
user_message |
string |
A message for clients to display to users when interacting with this collection, max length 64 characters. For guest collections, this property is read-only and is the same as the value of its related mapped collection. (Added in API 1.1.0) |
user_message_link |
string <uri> |
Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection. (Added in API 1.1.0) |
DATA_TYPE |
string |
|
allow_guest_collections |
boolean |
Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible. |
sharing_restrict_paths |
One of { object PathRestrictions } |
Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root.[Private] |
sharing_users_allow |
array (string) |
List of connector-specific usernames allowed to create new guest collections on this mapped collection. (Added in API 1.2.0)[Private] |
sharing_users_deny |
array (string) |
List of connector-specific usernames denied access to create new guest collections on this mapped collection. (Added in API 1.2.0)[Private] |
{
"id": "18d367d5-45cf-4724-a53e-5a685e45c942",
"manager_url": "https://gcs.data.globus.org/",
"domain_name": "i-f3c83.123.globus.org",
"high_assurance": true,
"https_url": "https://i-f3c83.123.globus.org",
"tlsftp_url": "tlsftp://i-f3c83.123.globus.org",
"collection_type": "mapped",
"display_name": "Project Foo Research Data",
"connector_id": "c8b7ab5c-595c-43c9-8e43-9e8a3debfe4c",
"identity_id": "c8b7ab5c-595c-43c9-8e43-9e8a3debfe4c",
"storage_gateway_id": "fc1f3ba0-1fa4-42b2-8bb3-53983774fa5f",
"root_path": "/",
"collection_base_path": "/",
"default_directory": "/projects",
"public": true,
"force_encryption": false,
"disable_verify": false,
"organization": "University of Example",
"department": "Data Science",
"keywords": [
"Project Foo",
"Data Intensive Science"
],
"description": "Information related to the \"Foo\" project.",
"contact_email": "project-foo@example.edu",
"contact_info": "+1 (555) 555-1234",
"info_link": "https://project-foo.example.edu/info",
"authentication_timeout_mins": 30,
"policies": {},
"enable_https": true,
"user_message": "System maintenance scheduled 10pm-11pm CDT Friday",
"user_message_link": "https://example.org/maintenance-schedule/",
"DATA_TYPE": "collection#1.2.0",
"allow_guest_collections": true,
"sharing_restrict_paths": {
"DATA_TYPE": "path_restrictions#1.0.0",
"read": [
"/public"
],
"read_write": [
"/home",
"/projects"
],
"none": [
"/private"
]
},
"sharing_users_allow": [
"user1"
],
"sharing_users_deny": [
"user2"
]
}
Mapped Collection 1.4.0 Document
Name |
Type |
Description |
id |
string <uuid> |
Unique identifier for this collection. This is assigned by the GCS manager when creating a collection. |
manager_url |
string <uri> |
URL of the GCS Manager API service for the endpoint hosting this collection. |
domain_name |
string <hostname> |
DNS name of the virtual host serving this collection. For
mapped collections with do not have a custom domain,
this may be specified as part of the input
document to create the collection, otherwise this is a
read-only property. When included in the input, the
name is restricted to be a subdomain of the endpoint, and
the input name label may not start
with |
high_assurance |
boolean |
Flag indicating if this collection is created on a high assurance Storage Gateway. |
https_url |
string <uri> |
HTTPS URL for the data on this collection. |
tlsftp_url |
string <uri> |
TLSFTP URL for the data on this collection. |
collection_type |
string |
Type of collection. A |
display_name |
string |
Friendly name for the collection. Unicode
string, max 128 characters, no new lines ( |
connector_id |
string <uuid> |
Id of the connector type that is used by this collection. |
identity_id |
string <uuid> |
Globus Auth identity to who acts as the owner of this
collection. This identity is an |
storage_gateway_id |
string <uuid> |
Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created. |
root_path |
string |
Absolute root path of the collection. All data access is done relative to this path.[Private] |
collection_base_path |
string |
Path to be interpreted as the base path when creating a
new collection. It is interpreted differently depending
on the collection type being created. For a mapped
collection, this is an absolute path on the storage
system named by the storage_gateway_id. For a guest
collection, this is a relative path relative to the
value of the |
default_directory |
string |
Default directory when accessing the
collection. This may include the special string
If the collection is mapped collection with a
collection_base_path value of |
public |
boolean |
Flag indicating whether this collection is visible to other Globus users. |
force_encryption |
boolean |
Flag indicating whether all data transfers to and from this collection are always encrypted. New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections. |
disable_verify |
boolean |
Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer. |
organization |
string |
Organization that maintains the collection. |
department |
string |
Department within organization that runs the server(s). |
keywords |
array (string) |
List of search keywords for the collection. |
description |
string |
A description of the endpoint. |
contact_email |
string <email> |
Email address of the support contact for the collection. |
contact_info |
string |
Other non-email contact information for the collection, e.g. phone and mailing address. |
info_link |
string <uri> |
Link to a web page with more information about the endpoint. |
authentication_timeout_mins |
integer |
Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway. |
policies |
object |
Connector-specific collection policies. |
enable_https |
boolean |
Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to True on a guest collection if the value on the related mapped collection is False. (Added in API 1.1.0) |
user_message |
string |
A message for clients to display to users when interacting with this collection, max length 64 characters. For guest collections, this property is read-only and is the same as the value of its related mapped collection. (Added in API 1.1.0) |
user_message_link |
string <uri> |
Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection. (Added in API 1.1.0) |
require_mfa |
boolean |
Flag indicating if the storage_gateway requires multi- factor authentication. Only applies to high assurance storage gateways. |
force_verify |
boolean |
Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer. |
DATA_TYPE |
string |
|
allow_guest_collections |
boolean |
Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible. |
sharing_restrict_paths |
One of { object PathRestrictions } |
Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root.[Private] |
sharing_users_allow |
array (string) |
List of connector-specific usernames allowed to create new guest collections on this mapped collection. (Added in API 1.2.0)[Private] |
sharing_users_deny |
array (string) |
List of connector-specific usernames denied access to create new guest collections on this mapped collection. (Added in API 1.2.0)[Private] |
{
"id": "18d367d5-45cf-4724-a53e-5a685e45c942",
"manager_url": "https://gcs.data.globus.org/",
"domain_name": "i-f3c83.123.globus.org",
"high_assurance": true,
"https_url": "https://i-f3c83.123.globus.org",
"tlsftp_url": "tlsftp://i-f3c83.123.globus.org",
"collection_type": "mapped",
"display_name": "Project Foo Research Data",
"connector_id": "c8b7ab5c-595c-43c9-8e43-9e8a3debfe4c",
"identity_id": "c8b7ab5c-595c-43c9-8e43-9e8a3debfe4c",
"storage_gateway_id": "fc1f3ba0-1fa4-42b2-8bb3-53983774fa5f",
"root_path": "/",
"collection_base_path": "/",
"default_directory": "/projects",
"public": true,
"force_encryption": false,
"disable_verify": false,
"organization": "University of Example",
"department": "Data Science",
"keywords": [
"Project Foo",
"Data Intensive Science"
],
"description": "Information related to the \"Foo\" project.",
"contact_email": "project-foo@example.edu",
"contact_info": "+1 (555) 555-1234",
"info_link": "https://project-foo.example.edu/info",
"authentication_timeout_mins": 30,
"policies": {},
"enable_https": true,
"user_message": "System maintenance scheduled 10pm-11pm CDT Friday",
"user_message_link": "https://example.org/maintenance-schedule/",
"require_mfa": true,
"force_verify": false,
"DATA_TYPE": "collection#1.4.0",
"allow_guest_collections": true,
"sharing_restrict_paths": {
"DATA_TYPE": "path_restrictions#1.0.0",
"read": [
"/public"
],
"read_write": [
"/home",
"/projects"
],
"none": [
"/private"
]
},
"sharing_users_allow": [
"user1"
],
"sharing_users_deny": [
"user2"
]
}
Mapped Collection 1.5.0 Document
Name |
Type |
Description |
id |
string <uuid> |
Unique identifier for this collection. This is assigned by the GCS manager when creating a collection. |
manager_url |
string <uri> |
URL of the GCS Manager API service for the endpoint hosting this collection. |
domain_name |
string <hostname> |
DNS name of the virtual host serving this collection. For
mapped collections with do not have a custom domain,
this may be specified as part of the input
document to create the collection, otherwise this is a
read-only property. When included in the input, the
name is restricted to be a subdomain of the endpoint, and
the input name label may not start
with |
high_assurance |
boolean |
Flag indicating if this collection is created on a high assurance Storage Gateway. |
https_url |
string <uri> |
HTTPS URL for the data on this collection. |
tlsftp_url |
string <uri> |
TLSFTP URL for the data on this collection. |
collection_type |
string |
Type of collection. A |
display_name |
string |
Friendly name for the collection. Unicode
string, max 128 characters, no new lines ( |
connector_id |
string <uuid> |
Id of the connector type that is used by this collection. |
identity_id |
string <uuid> |
Globus Auth identity to who acts as the owner of this
collection. This identity is an |
storage_gateway_id |
string <uuid> |
Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created. |
root_path |
string |
Absolute root path of the collection. All data access is done relative to this path.[Private] |
collection_base_path |
string |
Path to be interpreted as the base path when creating a
new collection. It is interpreted differently depending
on the collection type being created. For a mapped
collection, this is an absolute path on the storage
system named by the storage_gateway_id. For a guest
collection, this is a relative path relative to the
value of the |
default_directory |
string |
Default directory when accessing the
collection. This may include the special string
If the collection is mapped collection with a
collection_base_path value of |
public |
boolean |
Flag indicating whether this collection is visible to other Globus users. |
force_encryption |
boolean |
Flag indicating whether all data transfers to and from this collection are always encrypted. New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections. |
disable_verify |
boolean |
Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer. |
organization |
string |
Organization that maintains the collection. |
department |
string |
Department within organization that runs the server(s). |
keywords |
array (string) |
List of search keywords for the collection. |
description |
string |
A description of the endpoint. |
contact_email |
string <email> |
Email address of the support contact for the collection. |
contact_info |
string |
Other non-email contact information for the collection, e.g. phone and mailing address. |
info_link |
string <uri> |
Link to a web page with more information about the endpoint. |
authentication_timeout_mins |
integer |
Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway. |
policies |
object |
Connector-specific collection policies. |
enable_https |
boolean |
Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to True on a guest collection if the value on the related mapped collection is False. (Added in API 1.1.0) |
user_message |
string |
A message for clients to display to users when interacting with this collection, max length 64 characters. For guest collections, this property is read-only and is the same as the value of its related mapped collection. (Added in API 1.1.0) |
user_message_link |
string <uri> |
Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection. (Added in API 1.1.0) |
require_mfa |
boolean |
Flag indicating if the storage_gateway requires multi- factor authentication. Only applies to high assurance storage gateways. |
force_verify |
boolean |
Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer. |
disable_anonymous_writes |
boolean |
Flag indicating if guest collections on this mapped collection will allow anonymous write ACLs. This defaults to true for high assurance collections and false for non high assurance collections. This flag can only be set on non high assurance mapped collections and is read-only on all other collection types. (Added in API 1.8.0) |
DATA_TYPE |
string |
|
allow_guest_collections |
boolean |
Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible. |
sharing_restrict_paths |
One of { object PathRestrictions } |
Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root.[Private] |
sharing_users_allow |
array (string) |
List of connector-specific usernames allowed to create new guest collections on this mapped collection. (Added in API 1.2.0)[Private] |
sharing_users_deny |
array (string) |
List of connector-specific usernames denied access to create new guest collections on this mapped collection. (Added in API 1.2.0)[Private] |
{
"id": "18d367d5-45cf-4724-a53e-5a685e45c942",
"manager_url": "https://gcs.data.globus.org/",
"domain_name": "i-f3c83.123.globus.org",
"high_assurance": true,
"https_url": "https://i-f3c83.123.globus.org",
"tlsftp_url": "tlsftp://i-f3c83.123.globus.org",
"collection_type": "mapped",
"display_name": "Project Foo Research Data",
"connector_id": "c8b7ab5c-595c-43c9-8e43-9e8a3debfe4c",
"identity_id": "c8b7ab5c-595c-43c9-8e43-9e8a3debfe4c",
"storage_gateway_id": "fc1f3ba0-1fa4-42b2-8bb3-53983774fa5f",
"root_path": "/",
"collection_base_path": "/",
"default_directory": "/projects",
"public": true,
"force_encryption": false,
"disable_verify": false,
"organization": "University of Example",
"department": "Data Science",
"keywords": [
"Project Foo",
"Data Intensive Science"
],
"description": "Information related to the \"Foo\" project.",
"contact_email": "project-foo@example.edu",
"contact_info": "+1 (555) 555-1234",
"info_link": "https://project-foo.example.edu/info",
"authentication_timeout_mins": 30,
"policies": {},
"enable_https": true,
"user_message": "System maintenance scheduled 10pm-11pm CDT Friday",
"user_message_link": "https://example.org/maintenance-schedule/",
"require_mfa": true,
"force_verify": false,
"disable_anonymous_writes": false,
"DATA_TYPE": "collection#1.5.0",
"allow_guest_collections": true,
"sharing_restrict_paths": {
"DATA_TYPE": "path_restrictions#1.0.0",
"read": [
"/public"
],
"read_write": [
"/home",
"/projects"
],
"none": [
"/private"
]
},
"sharing_users_allow": [
"user1"
],
"sharing_users_deny": [
"user2"
]
}
Mapped Collection Document
A mapped collection allows access to data for users who have accounts in the storage gateway’s user space (or local account). The collection uses the identity mapping method configured on the storage gateway to map the Globus account of the user accessing the collection to an account in the Storage Gateway’s user space. All accesses to the data on the collection are performed using the local account and (if needed for the storage gateway) the account’s credentials.
Mapped collections can only be created by those with an
administrator
or owner
role on the Endpoint, and can be created
against any storage gateway that exists on the endpoint.
In addition, a mapped collection has optional properties to allow users to share data. The properties allow_guest_collections and sharing_restrict_paths configure the sharing option. These options are only allowed on endpoints covered under a subscription.
Globus Connect Server v5.4.18 introduces APIs to manage user-specific sharing path restrictions.
Name |
Type |
Description |
MappedCollection |
Mapped Collection One of { Mapped Collection 1.0.0 , Mapped Collection 1.1.0 , Mapped Collection 1.2.0 , Mapped Collection 1.4.0 , Mapped Collection 1.5.0 } |
A mapped collection allows access to data for users who have accounts in the storage gateway’s user space (or local account). The collection uses the identity mapping method configured on the storage gateway to map the Globus account of the user accessing the collection to an account in the Storage Gateway’s user space. All accesses to the data on the collection are performed using the local account and (if needed for the storage gateway) the account’s credentials. Mapped collections can only be created by those with an
In addition, a mapped collection has optional properties to allow users to share data. The properties allow_guest_collections and sharing_restrict_paths configure the sharing option. These options are only allowed on endpoints covered under a subscription. Globus Connect Server v5.4.18 introduces APIs to manage user-specific sharing path restrictions. |
{
"id": "18d367d5-45cf-4724-a53e-5a685e45c942",
"manager_url": "https://gcs.data.globus.org/",
"domain_name": "i-f3c83.123.globus.org",
"high_assurance": true,
"https_url": "https://i-f3c83.123.globus.org",
"tlsftp_url": "tlsftp://i-f3c83.123.globus.org",
"collection_type": "mapped",
"display_name": "Project Foo Research Data",
"connector_id": "c8b7ab5c-595c-43c9-8e43-9e8a3debfe4c",
"identity_id": "c8b7ab5c-595c-43c9-8e43-9e8a3debfe4c",
"storage_gateway_id": "fc1f3ba0-1fa4-42b2-8bb3-53983774fa5f",
"root_path": "/",
"collection_base_path": "/",
"default_directory": "/projects",
"public": true,
"force_encryption": false,
"disable_verify": false,
"organization": "University of Example",
"department": "Data Science",
"keywords": [
"Project Foo",
"Data Intensive Science"
],
"description": "Information related to the \"Foo\" project.",
"contact_email": "project-foo@example.edu",
"contact_info": "+1 (555) 555-1234",
"info_link": "https://project-foo.example.edu/info",
"authentication_timeout_mins": 30,
"policies": {
"DATA_TYPE": "azure_blob_collection_policies#1.0.0"
},
"DATA_TYPE": "collection#1.0.0",
"allow_guest_collections": true,
"sharing_restrict_paths": {
"DATA_TYPE": "path_restrictions#1.0.0",
"read": [
"/public"
],
"read_write": [
"/home",
"/projects"
],
"none": [
"/private"
]
}
}
Guest Collection Properties Document
Name |
Type |
Description |
collection_type |
|
|
user_credential_id |
string <uuid> |
The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id. |
mapped_collection_id |
string <uuid> |
Unique ID of the Mapped
Collection which this guest collection is associated
with. This is set on creation and may not be changed.
For a Guest Collection, this must be set, and policies
related sharing ( |
policies |
One of { BlackPearlCollectionPolicies , object BoxCollectionPolicies , object CephCollectionPolicies , object GoogleDriveCollectionPolicies , object GoogleCloudStorageCollectionPolicies , object HpssCollectionPolicies , IrodsCollectionPolicies , PosixGuestCollectionPolicies , PosixStagingGuestCollectionPolicies , object S3CollectionPolicies , object } |
{
"collection_type": "guest",
"user_credential_id": "1ce95432-73c7-4060-8fb2-5d61d627f164",
"mapped_collection_id": "14326300-5a33-4387-9bb0-7f85c3dc3185",
"policies": {
"DATA_TYPE": "blackpearl_collection_policies#1.0.0"
}
}
Guest Collection 1.0.0 Document
Name |
Type |
Description |
id |
string <uuid> |
Unique identifier for this collection. This is assigned by the GCS manager when creating a collection. |
manager_url |
string <uri> |
URL of the GCS Manager API service for the endpoint hosting this collection. |
domain_name |
string <hostname> |
DNS name of the virtual host serving this collection. For
mapped collections with do not have a custom domain,
this may be specified as part of the input
document to create the collection, otherwise this is a
read-only property. When included in the input, the
name is restricted to be a subdomain of the endpoint, and
the input name label may not start
with |
high_assurance |
boolean |
Flag indicating if this collection is created on a high assurance Storage Gateway. |
https_url |
string <uri> |
HTTPS URL for the data on this collection. |
tlsftp_url |
string <uri> |
TLSFTP URL for the data on this collection. |
collection_type |
string |
Type of collection. A |
display_name |
string |
Friendly name for the collection. Unicode
string, max 128 characters, no new lines ( |
connector_id |
string <uuid> |
Id of the connector type that is used by this collection. |
identity_id |
string <uuid> |
Globus Auth identity to who acts as the owner of this
collection. This identity is an |
storage_gateway_id |
string <uuid> |
Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created. |
root_path |
string |
Absolute root path of the collection. All data access is done relative to this path.[Private] |
collection_base_path |
string |
Path to be interpreted as the base path when creating a
new collection. It is interpreted differently depending
on the collection type being created. For a mapped
collection, this is an absolute path on the storage
system named by the storage_gateway_id. For a guest
collection, this is a relative path relative to the
value of the |
default_directory |
string |
Default directory when accessing the
collection. This may include the special string
If the collection is mapped collection with a
collection_base_path value of |
public |
boolean |
Flag indicating whether this collection is visible to other Globus users. |
force_encryption |
boolean |
Flag indicating whether all data transfers to and from this collection are always encrypted. New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections. |
disable_verify |
boolean |
Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer. |
organization |
string |
Organization that maintains the collection. |
department |
string |
Department within organization that runs the server(s). |
keywords |
array (string) |
List of search keywords for the collection. |
description |
string |
A description of the endpoint. |
contact_email |
string <email> |
Email address of the support contact for the collection. |
contact_info |
string |
Other non-email contact information for the collection, e.g. phone and mailing address. |
info_link |
string <uri> |
Link to a web page with more information about the endpoint. |
authentication_timeout_mins |
integer |
Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway. |
policies |
object |
Connector-specific collection policies. |
DATA_TYPE |
string |
|
user_credential_id |
string <uuid> |
The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id. |
mapped_collection_id |
string <uuid> |
Unique ID of the Mapped
Collection which this guest collection is associated
with. This is set on creation and may not be changed.
For a Guest Collection, this must be set, and policies
related sharing ( |
{
"id": "18d367d5-45cf-4724-a53e-5a685e45c942",
"manager_url": "https://gcs.data.globus.org/",
"domain_name": "i-f3c83.123.globus.org",
"high_assurance": true,
"https_url": "https://i-f3c83.123.globus.org",
"tlsftp_url": "tlsftp://i-f3c83.123.globus.org",
"collection_type": "guest",
"display_name": "Project Foo Research Data",
"connector_id": "c8b7ab5c-595c-43c9-8e43-9e8a3debfe4c",
"identity_id": "c8b7ab5c-595c-43c9-8e43-9e8a3debfe4c",
"storage_gateway_id": "fc1f3ba0-1fa4-42b2-8bb3-53983774fa5f",
"root_path": "/",
"collection_base_path": "/",
"default_directory": "/projects",
"public": true,
"force_encryption": false,
"disable_verify": false,
"organization": "University of Example",
"department": "Data Science",
"keywords": [
"Project Foo",
"Data Intensive Science"
],
"description": "Information related to the \"Foo\" project.",
"contact_email": "project-foo@example.edu",
"contact_info": "+1 (555) 555-1234",
"info_link": "https://project-foo.example.edu/info",
"authentication_timeout_mins": 30,
"policies": {},
"DATA_TYPE": "collection#1.0.0",
"user_credential_id": "1ce95432-73c7-4060-8fb2-5d61d627f164",
"mapped_collection_id": "14326300-5a33-4387-9bb0-7f85c3dc3185"
}
Guest Collection 1.1.0 Document
Name |
Type |
Description |
id |
string <uuid> |
Unique identifier for this collection. This is assigned by the GCS manager when creating a collection. |
manager_url |
string <uri> |
URL of the GCS Manager API service for the endpoint hosting this collection. |
domain_name |
string <hostname> |
DNS name of the virtual host serving this collection. For
mapped collections with do not have a custom domain,
this may be specified as part of the input
document to create the collection, otherwise this is a
read-only property. When included in the input, the
name is restricted to be a subdomain of the endpoint, and
the input name label may not start
with |
high_assurance |
boolean |
Flag indicating if this collection is created on a high assurance Storage Gateway. |
https_url |
string <uri> |
HTTPS URL for the data on this collection. |
tlsftp_url |
string <uri> |
TLSFTP URL for the data on this collection. |
collection_type |
string |
Type of collection. A |
display_name |
string |
Friendly name for the collection. Unicode
string, max 128 characters, no new lines ( |
connector_id |
string <uuid> |
Id of the connector type that is used by this collection. |
identity_id |
string <uuid> |
Globus Auth identity to who acts as the owner of this
collection. This identity is an |
storage_gateway_id |
string <uuid> |
Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created. |
root_path |
string |
Absolute root path of the collection. All data access is done relative to this path.[Private] |
collection_base_path |
string |
Path to be interpreted as the base path when creating a
new collection. It is interpreted differently depending
on the collection type being created. For a mapped
collection, this is an absolute path on the storage
system named by the storage_gateway_id. For a guest
collection, this is a relative path relative to the
value of the |
default_directory |
string |
Default directory when accessing the
collection. This may include the special string
If the collection is mapped collection with a
collection_base_path value of |
public |
boolean |
Flag indicating whether this collection is visible to other Globus users. |
force_encryption |
boolean |
Flag indicating whether all data transfers to and from this collection are always encrypted. New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections. |
disable_verify |
boolean |
Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer. |
organization |
string |
Organization that maintains the collection. |
department |
string |
Department within organization that runs the server(s). |
keywords |
array (string) |
List of search keywords for the collection. |
description |
string |
A description of the endpoint. |
contact_email |
string <email> |
Email address of the support contact for the collection. |
contact_info |
string |
Other non-email contact information for the collection, e.g. phone and mailing address. |
info_link |
string <uri> |
Link to a web page with more information about the endpoint. |
authentication_timeout_mins |
integer |
Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway. |
policies |
object |
Connector-specific collection policies. |
enable_https |
boolean |
Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to True on a guest collection if the value on the related mapped collection is False. (Added in API 1.1.0) |
user_message |
string |
A message for clients to display to users when interacting with this collection, max length 64 characters. For guest collections, this property is read-only and is the same as the value of its related mapped collection. (Added in API 1.1.0) |
user_message_link |
string <uri> |
Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection. (Added in API 1.1.0) |
DATA_TYPE |
string |
|
user_credential_id |
string <uuid> |
The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id. |
mapped_collection_id |
string <uuid> |
Unique ID of the Mapped
Collection which this guest collection is associated
with. This is set on creation and may not be changed.
For a Guest Collection, this must be set, and policies
related sharing ( |
{
"id": "18d367d5-45cf-4724-a53e-5a685e45c942",
"manager_url": "https://gcs.data.globus.org/",
"domain_name": "i-f3c83.123.globus.org",
"high_assurance": true,
"https_url": "https://i-f3c83.123.globus.org",
"tlsftp_url": "tlsftp://i-f3c83.123.globus.org",
"collection_type": "guest",
"display_name": "Project Foo Research Data",
"connector_id": "c8b7ab5c-595c-43c9-8e43-9e8a3debfe4c",
"identity_id": "c8b7ab5c-595c-43c9-8e43-9e8a3debfe4c",
"storage_gateway_id": "fc1f3ba0-1fa4-42b2-8bb3-53983774fa5f",
"root_path": "/",
"collection_base_path": "/",
"default_directory": "/projects",
"public": true,
"force_encryption": false,
"disable_verify": false,
"organization": "University of Example",
"department": "Data Science",
"keywords": [
"Project Foo",
"Data Intensive Science"
],
"description": "Information related to the \"Foo\" project.",
"contact_email": "project-foo@example.edu",
"contact_info": "+1 (555) 555-1234",
"info_link": "https://project-foo.example.edu/info",
"authentication_timeout_mins": 30,
"policies": {},
"enable_https": true,
"user_message": "System maintenance scheduled 10pm-11pm CDT Friday",
"user_message_link": "https://example.org/maintenance-schedule/",
"DATA_TYPE": "collection#1.1.0",
"user_credential_id": "1ce95432-73c7-4060-8fb2-5d61d627f164",
"mapped_collection_id": "14326300-5a33-4387-9bb0-7f85c3dc3185"
}
Guest Collection 1.2.0 Document
Name |
Type |
Description |
id |
string <uuid> |
Unique identifier for this collection. This is assigned by the GCS manager when creating a collection. |
manager_url |
string <uri> |
URL of the GCS Manager API service for the endpoint hosting this collection. |
domain_name |
string <hostname> |
DNS name of the virtual host serving this collection. For
mapped collections with do not have a custom domain,
this may be specified as part of the input
document to create the collection, otherwise this is a
read-only property. When included in the input, the
name is restricted to be a subdomain of the endpoint, and
the input name label may not start
with |
high_assurance |
boolean |
Flag indicating if this collection is created on a high assurance Storage Gateway. |
https_url |
string <uri> |
HTTPS URL for the data on this collection. |
tlsftp_url |
string <uri> |
TLSFTP URL for the data on this collection. |
collection_type |
string |
Type of collection. A |
display_name |
string |
Friendly name for the collection. Unicode
string, max 128 characters, no new lines ( |
connector_id |
string <uuid> |
Id of the connector type that is used by this collection. |
identity_id |
string <uuid> |
Globus Auth identity to who acts as the owner of this
collection. This identity is an |
storage_gateway_id |
string <uuid> |
Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created. |
root_path |
string |
Absolute root path of the collection. All data access is done relative to this path.[Private] |
collection_base_path |
string |
Path to be interpreted as the base path when creating a
new collection. It is interpreted differently depending
on the collection type being created. For a mapped
collection, this is an absolute path on the storage
system named by the storage_gateway_id. For a guest
collection, this is a relative path relative to the
value of the |
default_directory |
string |
Default directory when accessing the
collection. This may include the special string
If the collection is mapped collection with a
collection_base_path value of |
public |
boolean |
Flag indicating whether this collection is visible to other Globus users. |
force_encryption |
boolean |
Flag indicating whether all data transfers to and from this collection are always encrypted. New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections. |
disable_verify |
boolean |
Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer. |
organization |
string |
Organization that maintains the collection. |
department |
string |
Department within organization that runs the server(s). |
keywords |
array (string) |
List of search keywords for the collection. |
description |
string |
A description of the endpoint. |
contact_email |
string <email> |
Email address of the support contact for the collection. |
contact_info |
string |
Other non-email contact information for the collection, e.g. phone and mailing address. |
info_link |
string <uri> |
Link to a web page with more information about the endpoint. |
authentication_timeout_mins |
integer |
Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway. |
policies |
object |
Connector-specific collection policies. |
enable_https |
boolean |
Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to True on a guest collection if the value on the related mapped collection is False. (Added in API 1.1.0) |
user_message |
string |
A message for clients to display to users when interacting with this collection, max length 64 characters. For guest collections, this property is read-only and is the same as the value of its related mapped collection. (Added in API 1.1.0) |
user_message_link |
string <uri> |
Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection. (Added in API 1.1.0) |
DATA_TYPE |
string |
|
user_credential_id |
string <uuid> |
The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id. |
mapped_collection_id |
string <uuid> |
Unique ID of the Mapped
Collection which this guest collection is associated
with. This is set on creation and may not be changed.
For a Guest Collection, this must be set, and policies
related sharing ( |
{
"id": "18d367d5-45cf-4724-a53e-5a685e45c942",
"manager_url": "https://gcs.data.globus.org/",
"domain_name": "i-f3c83.123.globus.org",
"high_assurance": true,
"https_url": "https://i-f3c83.123.globus.org",
"tlsftp_url": "tlsftp://i-f3c83.123.globus.org",
"collection_type": "guest",
"display_name": "Project Foo Research Data",
"connector_id": "c8b7ab5c-595c-43c9-8e43-9e8a3debfe4c",
"identity_id": "c8b7ab5c-595c-43c9-8e43-9e8a3debfe4c",
"storage_gateway_id": "fc1f3ba0-1fa4-42b2-8bb3-53983774fa5f",
"root_path": "/",
"collection_base_path": "/",
"default_directory": "/projects",
"public": true,
"force_encryption": false,
"disable_verify": false,
"organization": "University of Example",
"department": "Data Science",
"keywords": [
"Project Foo",
"Data Intensive Science"
],
"description": "Information related to the \"Foo\" project.",
"contact_email": "project-foo@example.edu",
"contact_info": "+1 (555) 555-1234",
"info_link": "https://project-foo.example.edu/info",
"authentication_timeout_mins": 30,
"policies": {},
"enable_https": true,
"user_message": "System maintenance scheduled 10pm-11pm CDT Friday",
"user_message_link": "https://example.org/maintenance-schedule/",
"DATA_TYPE": "collection#1.2.0",
"user_credential_id": "1ce95432-73c7-4060-8fb2-5d61d627f164",
"mapped_collection_id": "14326300-5a33-4387-9bb0-7f85c3dc3185"
}
Guest Collection 1.4.0 Document
Name |
Type |
Description |
id |
string <uuid> |
Unique identifier for this collection. This is assigned by the GCS manager when creating a collection. |
manager_url |
string <uri> |
URL of the GCS Manager API service for the endpoint hosting this collection. |
domain_name |
string <hostname> |
DNS name of the virtual host serving this collection. For
mapped collections with do not have a custom domain,
this may be specified as part of the input
document to create the collection, otherwise this is a
read-only property. When included in the input, the
name is restricted to be a subdomain of the endpoint, and
the input name label may not start
with |
high_assurance |
boolean |
Flag indicating if this collection is created on a high assurance Storage Gateway. |
https_url |
string <uri> |
HTTPS URL for the data on this collection. |
tlsftp_url |
string <uri> |
TLSFTP URL for the data on this collection. |
collection_type |
string |
Type of collection. A |
display_name |
string |
Friendly name for the collection. Unicode
string, max 128 characters, no new lines ( |
connector_id |
string <uuid> |
Id of the connector type that is used by this collection. |
identity_id |
string <uuid> |
Globus Auth identity to who acts as the owner of this
collection. This identity is an |
storage_gateway_id |
string <uuid> |
Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created. |
root_path |
string |
Absolute root path of the collection. All data access is done relative to this path.[Private] |
collection_base_path |
string |
Path to be interpreted as the base path when creating a
new collection. It is interpreted differently depending
on the collection type being created. For a mapped
collection, this is an absolute path on the storage
system named by the storage_gateway_id. For a guest
collection, this is a relative path relative to the
value of the |
default_directory |
string |
Default directory when accessing the
collection. This may include the special string
If the collection is mapped collection with a
collection_base_path value of |
public |
boolean |
Flag indicating whether this collection is visible to other Globus users. |
force_encryption |
boolean |
Flag indicating whether all data transfers to and from this collection are always encrypted. New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections. |
disable_verify |
boolean |
Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer. |
organization |
string |
Organization that maintains the collection. |
department |
string |
Department within organization that runs the server(s). |
keywords |
array (string) |
List of search keywords for the collection. |
description |
string |
A description of the endpoint. |
contact_email |
string <email> |
Email address of the support contact for the collection. |
contact_info |
string |
Other non-email contact information for the collection, e.g. phone and mailing address. |
info_link |
string <uri> |
Link to a web page with more information about the endpoint. |
authentication_timeout_mins |
integer |
Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway. |
policies |
object |
Connector-specific collection policies. |
enable_https |
boolean |
Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to True on a guest collection if the value on the related mapped collection is False. (Added in API 1.1.0) |
user_message |
string |
A message for clients to display to users when interacting with this collection, max length 64 characters. For guest collections, this property is read-only and is the same as the value of its related mapped collection. (Added in API 1.1.0) |
user_message_link |
string <uri> |
Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection. (Added in API 1.1.0) |
require_mfa |
boolean |
Flag indicating if the storage_gateway requires multi- factor authentication. Only applies to high assurance storage gateways. |
force_verify |
boolean |
Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer. |
DATA_TYPE |
string |
|
user_credential_id |
string <uuid> |
The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id. |
mapped_collection_id |
string <uuid> |
Unique ID of the Mapped
Collection which this guest collection is associated
with. This is set on creation and may not be changed.
For a Guest Collection, this must be set, and policies
related sharing ( |
{
"id": "18d367d5-45cf-4724-a53e-5a685e45c942",
"manager_url": "https://gcs.data.globus.org/",
"domain_name": "i-f3c83.123.globus.org",
"high_assurance": true,
"https_url": "https://i-f3c83.123.globus.org",
"tlsftp_url": "tlsftp://i-f3c83.123.globus.org",
"collection_type": "guest",
"display_name": "Project Foo Research Data",
"connector_id": "c8b7ab5c-595c-43c9-8e43-9e8a3debfe4c",
"identity_id": "c8b7ab5c-595c-43c9-8e43-9e8a3debfe4c",
"storage_gateway_id": "fc1f3ba0-1fa4-42b2-8bb3-53983774fa5f",
"root_path": "/",
"collection_base_path": "/",
"default_directory": "/projects",
"public": true,
"force_encryption": false,
"disable_verify": false,
"organization": "University of Example",
"department": "Data Science",
"keywords": [
"Project Foo",
"Data Intensive Science"
],
"description": "Information related to the \"Foo\" project.",
"contact_email": "project-foo@example.edu",
"contact_info": "+1 (555) 555-1234",
"info_link": "https://project-foo.example.edu/info",
"authentication_timeout_mins": 30,
"policies": {},
"enable_https": true,
"user_message": "System maintenance scheduled 10pm-11pm CDT Friday",
"user_message_link": "https://example.org/maintenance-schedule/",
"require_mfa": true,
"force_verify": false,
"DATA_TYPE": "collection#1.4.0",
"user_credential_id": "1ce95432-73c7-4060-8fb2-5d61d627f164",
"mapped_collection_id": "14326300-5a33-4387-9bb0-7f85c3dc3185"
}
Guest Collection 1.5.0 Document
Name |
Type |
Description |
id |
string <uuid> |
Unique identifier for this collection. This is assigned by the GCS manager when creating a collection. |
manager_url |
string <uri> |
URL of the GCS Manager API service for the endpoint hosting this collection. |
domain_name |
string <hostname> |
DNS name of the virtual host serving this collection. For
mapped collections with do not have a custom domain,
this may be specified as part of the input
document to create the collection, otherwise this is a
read-only property. When included in the input, the
name is restricted to be a subdomain of the endpoint, and
the input name label may not start
with |
high_assurance |
boolean |
Flag indicating if this collection is created on a high assurance Storage Gateway. |
https_url |
string <uri> |
HTTPS URL for the data on this collection. |
tlsftp_url |
string <uri> |
TLSFTP URL for the data on this collection. |
collection_type |
string |
Type of collection. A |
display_name |
string |
Friendly name for the collection. Unicode
string, max 128 characters, no new lines ( |
connector_id |
string <uuid> |
Id of the connector type that is used by this collection. |
identity_id |
string <uuid> |
Globus Auth identity to who acts as the owner of this
collection. This identity is an |
storage_gateway_id |
string <uuid> |
Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created. |
root_path |
string |
Absolute root path of the collection. All data access is done relative to this path.[Private] |
collection_base_path |
string |
Path to be interpreted as the base path when creating a
new collection. It is interpreted differently depending
on the collection type being created. For a mapped
collection, this is an absolute path on the storage
system named by the storage_gateway_id. For a guest
collection, this is a relative path relative to the
value of the |
default_directory |
string |
Default directory when accessing the
collection. This may include the special string
If the collection is mapped collection with a
collection_base_path value of |
public |
boolean |
Flag indicating whether this collection is visible to other Globus users. |
force_encryption |
boolean |
Flag indicating whether all data transfers to and from this collection are always encrypted. New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections. |
disable_verify |
boolean |
Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer. |
organization |
string |
Organization that maintains the collection. |
department |
string |
Department within organization that runs the server(s). |
keywords |
array (string) |
List of search keywords for the collection. |
description |
string |
A description of the endpoint. |
contact_email |
string <email> |
Email address of the support contact for the collection. |
contact_info |
string |
Other non-email contact information for the collection, e.g. phone and mailing address. |
info_link |
string <uri> |
Link to a web page with more information about the endpoint. |
authentication_timeout_mins |
integer |
Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway. |
policies |
object |
Connector-specific collection policies. |
enable_https |
boolean |
Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to True on a guest collection if the value on the related mapped collection is False. (Added in API 1.1.0) |
user_message |
string |
A message for clients to display to users when interacting with this collection, max length 64 characters. For guest collections, this property is read-only and is the same as the value of its related mapped collection. (Added in API 1.1.0) |
user_message_link |
string <uri> |
Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection. (Added in API 1.1.0) |
require_mfa |
boolean |
Flag indicating if the storage_gateway requires multi- factor authentication. Only applies to high assurance storage gateways. |
force_verify |
boolean |
Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer. |
disable_anonymous_writes |
boolean |
Flag indicating if guest collections on this mapped collection will allow anonymous write ACLs. This defaults to true for high assurance collections and false for non high assurance collections. This flag can only be set on non high assurance mapped collections and is read-only on all other collection types. (Added in API 1.8.0) |
DATA_TYPE |
string |
|
user_credential_id |
string <uuid> |
The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id. |
mapped_collection_id |
string <uuid> |
Unique ID of the Mapped
Collection which this guest collection is associated
with. This is set on creation and may not be changed.
For a Guest Collection, this must be set, and policies
related sharing ( |
{
"id": "18d367d5-45cf-4724-a53e-5a685e45c942",
"manager_url": "https://gcs.data.globus.org/",
"domain_name": "i-f3c83.123.globus.org",
"high_assurance": true,
"https_url": "https://i-f3c83.123.globus.org",
"tlsftp_url": "tlsftp://i-f3c83.123.globus.org",
"collection_type": "guest",
"display_name": "Project Foo Research Data",
"connector_id": "c8b7ab5c-595c-43c9-8e43-9e8a3debfe4c",
"identity_id": "c8b7ab5c-595c-43c9-8e43-9e8a3debfe4c",
"storage_gateway_id": "fc1f3ba0-1fa4-42b2-8bb3-53983774fa5f",
"root_path": "/",
"collection_base_path": "/",
"default_directory": "/projects",
"public": true,
"force_encryption": false,
"disable_verify": false,
"organization": "University of Example",
"department": "Data Science",
"keywords": [
"Project Foo",
"Data Intensive Science"
],
"description": "Information related to the \"Foo\" project.",
"contact_email": "project-foo@example.edu",
"contact_info": "+1 (555) 555-1234",
"info_link": "https://project-foo.example.edu/info",
"authentication_timeout_mins": 30,
"policies": {},
"enable_https": true,
"user_message": "System maintenance scheduled 10pm-11pm CDT Friday",
"user_message_link": "https://example.org/maintenance-schedule/",
"require_mfa": true,
"force_verify": false,
"disable_anonymous_writes": false,
"DATA_TYPE": "collection#1.5.0",
"user_credential_id": "1ce95432-73c7-4060-8fb2-5d61d627f164",
"mapped_collection_id": "14326300-5a33-4387-9bb0-7f85c3dc3185"
}
Guest Collection Document
A guest collection is a collection that uses an existing mapped collection and adds the ability of a user to share access to their data on that collection. All access to the data is performed using the account of the user who created the guest collection. That user can also add entries to an access control list to allow others to access some parts of the guest collection owner’s data.
A guest collection document has additional properties mapped_collection_id and user_credential_id to describe the relationship between the collection and a mapped collection where it was created and the credential used for data access.
Name |
Type |
Description |
GuestCollection |
Guest Collection One of { Guest Collection 1.0.0 , Guest Collection 1.1.0 , Guest Collection 1.2.0 , Guest Collection 1.4.0 , Guest Collection 1.5.0 } |
A guest collection is a collection that uses an existing mapped collection and adds the ability of a user to share access to their data on that collection. All access to the data is performed using the account of the user who created the guest collection. That user can also add entries to an access control list to allow others to access some parts of the guest collection owner’s data. A guest collection document has additional properties mapped_collection_id and user_credential_id to describe the relationship between the collection and a mapped collection where it was created and the credential used for data access. |
{
"id": "18d367d5-45cf-4724-a53e-5a685e45c942",
"manager_url": "https://gcs.data.globus.org/",
"domain_name": "i-f3c83.123.globus.org",
"high_assurance": true,
"https_url": "https://i-f3c83.123.globus.org",
"tlsftp_url": "tlsftp://i-f3c83.123.globus.org",
"collection_type": "guest",
"display_name": "Project Foo Research Data",
"connector_id": "c8b7ab5c-595c-43c9-8e43-9e8a3debfe4c",
"identity_id": "c8b7ab5c-595c-43c9-8e43-9e8a3debfe4c",
"storage_gateway_id": "fc1f3ba0-1fa4-42b2-8bb3-53983774fa5f",
"root_path": "/",
"collection_base_path": "/",
"default_directory": "/projects",
"public": true,
"force_encryption": false,
"disable_verify": false,
"organization": "University of Example",
"department": "Data Science",
"keywords": [
"Project Foo",
"Data Intensive Science"
],
"description": "Information related to the \"Foo\" project.",
"contact_email": "project-foo@example.edu",
"contact_info": "+1 (555) 555-1234",
"info_link": "https://project-foo.example.edu/info",
"authentication_timeout_mins": 30,
"policies": {
"DATA_TYPE": "blackpearl_collection_policies#1.0.0"
},
"DATA_TYPE": "collection#1.0.0",
"user_credential_id": "1ce95432-73c7-4060-8fb2-5d61d627f164",
"mapped_collection_id": "14326300-5a33-4387-9bb0-7f85c3dc3185"
}
Collection Document
Collections are discoverable access points that allow data to be transferred through GridFTP or HTTPS.
A collection consists of metadata about the collection, a DNS domain for accessing data on the collection, and configuration on the Data Transfer Nodes to access the collection data. Globus Connect Server version 5 supports two types of collections: mapped and guest.
Name |
Type |
Description |
Collection |
anyOf { |
Collections are discoverable access points that allow data to be transferred through GridFTP or HTTPS. A collection consists of metadata about the collection, a DNS domain for accessing data on the collection, and configuration on the Data Transfer Nodes to access the collection data. Globus Connect Server version 5 supports two types of collections: mapped and guest. |
{
"id": "18d367d5-45cf-4724-a53e-5a685e45c942",
"manager_url": "https://gcs.data.globus.org/",
"domain_name": "i-f3c83.123.globus.org",
"high_assurance": true,
"https_url": "https://i-f3c83.123.globus.org",
"tlsftp_url": "tlsftp://i-f3c83.123.globus.org",
"collection_type": "guest",
"display_name": "Project Foo Research Data",
"connector_id": "c8b7ab5c-595c-43c9-8e43-9e8a3debfe4c",
"identity_id": "c8b7ab5c-595c-43c9-8e43-9e8a3debfe4c",
"storage_gateway_id": "fc1f3ba0-1fa4-42b2-8bb3-53983774fa5f",
"root_path": "/",
"collection_base_path": "/",
"default_directory": "/projects",
"public": true,
"force_encryption": false,
"disable_verify": false,
"organization": "University of Example",
"department": "Data Science",
"keywords": [
"Project Foo",
"Data Intensive Science"
],
"description": "Information related to the \"Foo\" project.",
"contact_email": "project-foo@example.edu",
"contact_info": "+1 (555) 555-1234",
"info_link": "https://project-foo.example.edu/info",
"authentication_timeout_mins": 30,
"policies": {
"DATA_TYPE": "blackpearl_collection_policies#1.0.0"
},
"DATA_TYPE": "collection#1.0.0",
"user_credential_id": "1ce95432-73c7-4060-8fb2-5d61d627f164",
"mapped_collection_id": "14326300-5a33-4387-9bb0-7f85c3dc3185"
}
ExternalIdentityMapping Document
The ExternalIdentityMapping defines the path and arguments of an external program to map an identity to a storage-gateway specific user account name. The specified command will be called to map Globus Auth identity data to a connector-specific list of account names.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
command |
array (string) |
The mapping command and its command-line arguments. In addition to these arguments, the following will also be passed to the program.
|
{
"DATA_TYPE": "external_identity_mapping#1.0.0",
"command": [
"/opt/globus/bin/python",
"/opt/globus/map-globus-identity-data"
]
}
ExpressionIdentityMapping Document
The ExpressionIdentityMapping defines a set of identity mapping expressions to map Globus Auth identity data to a connector-specific list of account names.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
mappings |
array (object) ( MappingExpression ) |
Array of expression-based identity mapping values. |
{
"DATA_TYPE": "expression_identity_mapping#1.0.0",
"mappings": [
{
"source": "{username}",
"match": "(.*)@globus\\.org",
"output": "{0}",
"ignore_case": false,
"literal": false
}
]
}
MappingExpression Document
The MappingExpression document type contains information about a mapping expression, including the input, match, output, and flags used to process this expression.
Name |
Type |
Description |
source |
string |
A string comprised of text plus identity set
data field names surrounded by curly brackets
|
match |
string <regex> |
An expression which is applied to the output performing interpolation on source for determining if this mapping applies. This requires a full string match on the source. |
output |
string |
A string representing the result of the
mapping if the match succeeded. References
to the original identity_set data can be
interpolated as in the source property.
References to match groups from the match
property can be interpolated with numbers
(indices starting with 0) surrounded by
curly brackets |
ignore_case |
boolean |
Flag indicating the match should be executed as a case insensitive comparison. If not present, this defaults to false. |
literal |
boolean |
Flag indicating the match expression should be done as a literal match, ignoring any special regular characters. If not present, this defaults to false. |
{
"source": "{username}",
"match": "(.*)@globus\\.org",
"output": "{0}",
"ignore_case": false,
"literal": false
}
IdentityMapping Document
Globus Connect Server provides two ways for you to implement a custom Globus identity to account mapping: expression-based and external program
With expression-based mapping you can write rules that extract data from fields in the Globus identity document to form storage gateway-specific usernames. If there is a regular relationship between most of your users' Identity information to their account names, this is probably the most direct way to accomplish the mapping.
With external program mappings you can use any mechanism you like (static mapping, ldap, database, etc) to look up account information and return the mapped account user name. If you have an account system that has usernames without a simple relationship to your users' Globus identities, or that requires interfacing with an accounting system, this may be necessary.
Name |
Type |
Description |
IdentityMapping |
IdentityMapping One of { object ExternalIdentityMapping , object ExpressionIdentityMapping , object } |
Globus Connect Server provides two ways for you to implement a custom Globus identity to account mapping: expression-based and external program With expression-based mapping you can write rules that extract data from fields in the Globus identity document to form storage gateway-specific usernames. If there is a regular relationship between most of your users' Identity information to their account names, this is probably the most direct way to accomplish the mapping. With external program mappings you can use any mechanism you like (static mapping, ldap, database, etc) to look up account information and return the mapped account user name. If you have an account system that has usernames without a simple relationship to your users' Globus identities, or that requires interfacing with an accounting system, this may be necessary. |
{
"DATA_TYPE": "external_identity_mapping#1.0.0",
"command": [
"/opt/globus/bin/python",
"/opt/globus/map-globus-identity-data"
]
}
AuthenticationTimeout (v1.0.0) Properties Document
Name |
Type |
Description |
identities |
array (string) |
List of identities that would have otherwise been authorized except that the authentication has timed out. |
high_assurance |
boolean |
Boolean flag indicating whether the new authentication must be done within the same auth session as the application making the request. |
{
"identities": [
"c8b7ab5c-595c-43c9-8e43-9e8a3debfe4c"
],
"high_assurance": true
}
AuthenticationTimeout (v1.1.0) Properties Document
Name |
Type |
Description |
require_mfa |
boolean |
Flag indicating that multi-factor authentication is required. Only occurs on high assurance storage gateways. |
{
"require_mfa": true
}
AuthenticationTimeout 1.0.0 Document
Name |
Type |
Description |
identities |
array (string) |
List of identities that would have otherwise been authorized except that the authentication has timed out. |
high_assurance |
boolean |
Boolean flag indicating whether the new authentication must be done within the same auth session as the application making the request. |
DATA_TYPE |
string |
Type of this document |
{
"identities": [
"c8b7ab5c-595c-43c9-8e43-9e8a3debfe4c"
],
"high_assurance": true,
"DATA_TYPE": "authentication_timeout#1.0.0"
}
AuthenticationTimeout 1.1.0 Document
Name |
Type |
Description |
identities |
array (string) |
List of identities that would have otherwise been authorized except that the authentication has timed out. |
high_assurance |
boolean |
Boolean flag indicating whether the new authentication must be done within the same auth session as the application making the request. |
require_mfa |
boolean |
Flag indicating that multi-factor authentication is required. Only occurs on high assurance storage gateways. |
DATA_TYPE |
string |
Type of this document |
{
"identities": [
"c8b7ab5c-595c-43c9-8e43-9e8a3debfe4c"
],
"high_assurance": true,
"require_mfa": true,
"DATA_TYPE": "authentication_timeout#1.1.0"
}
AuthenticationTimeout Document
Error details when a user must reauthenticate an identity in order to perform this operation.
Name |
Type |
Description |
AuthenticationTimeout |
AuthenticationTimeout One of { AuthenticationTimeout 1.0.0 , AuthenticationTimeout 1.1.0 } |
Error details when a user must reauthenticate an identity in order to perform this operation. |
{
"identities": [
"c8b7ab5c-595c-43c9-8e43-9e8a3debfe4c"
],
"high_assurance": true,
"DATA_TYPE": "authentication_timeout#1.0.0"
}
ResourceConflict Document
Error details when the caller has attempted to update an object that results in a conflict with some other object.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
resources |
array (string) |
List of other resources which conflict with this proposed change. |
{
"DATA_TYPE": "resource_conflict#1.0.0",
"resources": [
"c8b7ab5c-595c-43c9-8e43-9e8a3debfe4c"
]
}
CredentialNotFound Document
Error details when a user has attempted to use a credential when creating a collection or logging in, but there are multiple mapped identities and none of them have a valid credential.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
accounts |
array ( Account ) |
List of available accounts that do not have credentials registered. |
{
"DATA_TYPE": "credential_not_found#1.0.0",
"accounts": [
{
"DATA_TYPE": "account#1.0.0",
"username": "testuser",
"storage_gateway_id": "fc1f3ba0-1fa4-42b2-8bb3-53983774fa5f",
"identity_id": "c8b7ab5c-595c-43c9-8e43-9e8a3debfe4c"
}
]
}
IdNotInIdentitySet Document
Error details when a user has authenticated but has requested to act as an identity not in the current identity set.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
id |
string |
Requested identity ID. |
{
"DATA_TYPE": "id_not_in_identity_set#1.0.0",
"id": "c8b7ab5c-595c-43c9-8e43-9e8a3debfe4c"
}
LimitExceeded Document
Error details when a user would be authorized, but the endpoint has reached a hard resource limit on the type of object being created.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
{
"DATA_TYPE": "limit_exceeded#1.0.0"
}
MissingRequiredRole Document
Error details when a user has authenticated but lacks a role to be able to perform the requested operation.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
roles |
array (object) |
{
"DATA_TYPE": "missing_required_role#1.0.0",
"roles": [
{
"role": "administrator",
"collection": "18d367d5-45cf-4724-a53e-5a685e45c942"
}
]
}
MissingRequiredScopes Document
Error details when a user has authenticated but lacks an OAuth scope to be able to perform the requested operation.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
required_scopes |
array (string) |
{
"DATA_TYPE": "missing_required_scopes#1.0.0",
"required_scopes": [
"https://auth.globus.org/scopes/7f862724-3cb1-4006-8744-d71bc8acf518/data_access"
]
}
NotFromAllowedDomain Document
Error details when a user has authenticated but does not have an identity from the required domain to perform the requested action.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
allowed_domains |
array (string) |
{
"DATA_TYPE": "not_from_allowed_domain#1.0.0",
"allowed_domains": [
"example.edu",
"example.org"
]
}
NotResourceOwner Document
Error details when a user has authenticated but is not the owner of the resource being acted upon.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
id |
string <uuid> |
Identity ID of the owner of the resource. |
{
"DATA_TYPE": "not_resource_owner#1.0.0",
"id": "d65768d9-f00a-4921-93be-a16c8f20200d"
}
InvalidInput Document
Error details when the caller has sent an invalid input document.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
errors |
array (object) |
Optional list of input schema violations, such as missing or unknown properties, or properties with invalid values. |
{
"DATA_TYPE": "invalid_input#1.0.0",
"errors": [
{
"message": "Missing data for required field.",
"property": "authentication_timeout_mins"
}
]
}
InvalidCredential Document
Error details when the caller’s identity maps to an account with a user credential that is in an invalid state.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
user_credential_id |
string <uuid> |
The ID of the User Credential which needs to be fixed before this resource can be accessed. |
{
"DATA_TYPE": "invalid_credential#1.0.0",
"user_credential_id": "1ce95432-73c7-4060-8fb2-5d61d627f164"
}
InvalidUser Document
Error details when the caller’s identity does not map to valid local account.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
usernames |
array (string) |
{
"DATA_TYPE": "invalid_user#1.0.0",
"usernames": [
"username@example.edu"
]
}
SubscriptionRequired Document
Error details when the caller has attempted to access a feature not supported by the endpoint’s subscription.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
subscription_level |
string |
Level of subscription required for this feature. |
add_ons |
array (string) |
Subscription add-ons required for this feature. |
{
"DATA_TYPE": "subscription_required#1.0.0",
"subscription_level": "standard",
"add_ons": [
"Google Drive"
]
}
Domain Properties Document
Base Domain
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
domain_name |
string |
DNS Domain name. |
wildcard |
boolean |
Flag indicating whether this is a wildcard domain or not. When setting a custom domain for an endpoint a wildcard domain must be used. When setting a custom domain for a mapped collection, the domain may optionally be a wildcard domain. If it is a wildcard domain, the guest collections will be created as subdomains of the mapped collection domain; if not, guest collections will be created as subdomains of the endpoint domain. |
{
"DATA_TYPE": "string",
"domain_name": "custom.domain.org",
"wildcard": true
}
Managed Domain 1.0.0 Properties Document
Name |
Type |
Description |
certificate |
string |
PEM-Encoded X.509 certificate for this domain. |
certificate_chain |
string |
PEM-Encoded X.509 certificate chain for this domain. Only needed if there are intermediate certificates that must also be sent to clients to allow them to verify the certificate. |
private_key |
string |
PEM-Encoded private key for the certificate. |
{
"certificate": "string",
"certificate_chain": "string",
"private_key": "string"
}
Unmanaged Domain 1.0.0 Properties Document
Name |
Type |
Description |
certificate_path |
string |
Path to a file containing the X.509 certificate for this domain. This file path must contain a valid certificate and be present on each data transfer node. |
certificate_chain_path |
string |
Path to a file containing the X.509 certificate chain for this domain. This file path must contain a sequence of valid certificate and be present on each data transfer node. |
private_key_path |
string |
Path to a file containing the private key for this domain. This file path must contain a valid key and be present on each data transfer node. |
{
"certificate_path": "string",
"certificate_chain_path": "string",
"private_key_path": "string"
}
Managed domain 1.0.0 Document
Custom managed domain
Name |
Type |
Description |
DATA_TYPE |
|
|
domain_name |
string |
DNS Domain name. |
wildcard |
boolean |
Flag indicating whether this is a wildcard domain or not. When setting a custom domain for an endpoint a wildcard domain must be used. When setting a custom domain for a mapped collection, the domain may optionally be a wildcard domain. If it is a wildcard domain, the guest collections will be created as subdomains of the mapped collection domain; if not, guest collections will be created as subdomains of the endpoint domain. |
certificate |
string |
PEM-Encoded X.509 certificate for this domain. |
certificate_chain |
string |
PEM-Encoded X.509 certificate chain for this domain. Only needed if there are intermediate certificates that must also be sent to clients to allow them to verify the certificate. |
private_key |
string |
PEM-Encoded private key for the certificate. |
{
"DATA_TYPE": "domain#1.0.0",
"domain_name": "custom.domain.org",
"wildcard": true,
"certificate": "string",
"certificate_chain": "string",
"private_key": "string"
}
Unmanaged domain 1.0.0 Document
Custom unmanaged domain
Name |
Type |
Description |
DATA_TYPE |
|
|
domain_name |
string |
DNS Domain name. |
wildcard |
boolean |
Flag indicating whether this is a wildcard domain or not. When setting a custom domain for an endpoint a wildcard domain must be used. When setting a custom domain for a mapped collection, the domain may optionally be a wildcard domain. If it is a wildcard domain, the guest collections will be created as subdomains of the mapped collection domain; if not, guest collections will be created as subdomains of the endpoint domain. |
certificate_path |
string |
Path to a file containing the X.509 certificate for this domain. This file path must contain a valid certificate and be present on each data transfer node. |
certificate_chain_path |
string |
Path to a file containing the X.509 certificate chain for this domain. This file path must contain a sequence of valid certificate and be present on each data transfer node. |
private_key_path |
string |
Path to a file containing the private key for this domain. This file path must contain a valid key and be present on each data transfer node. |
{
"DATA_TYPE": "domain#1.0.0",
"domain_name": "custom.domain.org",
"wildcard": true,
"certificate_path": "string",
"certificate_chain_path": "string",
"private_key_path": "string"
}
Domain 1.0.0 Document
Custom domain definition.
Name |
Type |
Description |
Domain_1_0_0 |
Domain 1.0.0 One of { object Managed domain 1.0.0 , object Unmanaged domain 1.0.0 } |
Custom domain definition. |
{
"DATA_TYPE": "string",
"domain_name": "custom.domain.org",
"wildcard": true,
"certificate": "string",
"certificate_chain": "string",
"private_key": "string"
}
Domain Document
Custom domain definition.
Name |
Type |
Description |
Domain |
Domain One of { object Domain 1.0.0 } |
Custom domain definition. |
{
"DATA_TYPE": "domain#1.0.0",
"domain_name": "custom.domain.org",
"wildcard": true,
"certificate_path": "/etc/grid-security/endpoint_cert.pem",
"private_key_path": "/etc/grid-security/endpoint_key.pem"
}
AzureBlobStoragePolicies Document
This type describes the public and private policies for a Azure Blob Storage Gateway.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
client_id |
string |
Client ID registered with the Azure console to access Azure Blob.[Private] |
secret |
string |
Secret created in the Azure console to access Azure Blob with the client_id in this policy.[Private] |
tenant |
string |
Tenant ID of the Microsoft organization.[Private] |
auth_type |
string |
The method of authentication to Azure. 'user' prompts the user to log in to their Microsoft account via an oauth2 flow. 'service_principal' uses the configured client_id and client_secret values to authenticate as an Azure service principal. |
account |
string |
Azure Storage account to access with this storage gateway.[Private] |
adls |
boolean |
Flag indicating the Azure storage account has enabled Azure Data Lake Gen2 hierarchical namespace support.[Private] |
auth_callback |
string <uri> |
URL of the auth callback that must be registered on the Azure console for the application client_id in order to process Microsoft credentials. |
{
"DATA_TYPE": "azure_blob_storage_policies#1.0.0",
"client_id": "string",
"secret": "string",
"tenant": "string",
"auth_type": "string",
"account": "string",
"adls": true,
"auth_callback": "https://example.globus.org/api/v1/authcallback"
}
AzureBlobCollectionPolicies Document
The AzureBlobCollectionPolicies document describes Azure Blob-specific configuration policies. Currently this document type contains no connector-specific policy information.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
{
"DATA_TYPE": "azure_blob_collection_policies#1.0.0"
}
AzureBlobUserCredentialPolicies Document
The AzureBlobUserCredentialPolicies document describes the Azure Blob-specific policy information included in a UserCredential. This document contains read-only data about the user’s credentials.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
sub |
string |
OAuth subject identifier claim. |
string <email> |
OAuth email claim. |
|
access_token |
string |
OAuth access token. |
refresh_token |
string |
OAuth refresh token. |
scopes |
array (string) |
OAuth scopes associated with this access token. |
token_expiry |
string <date-time> |
OAuth access token expiration time. |
{
"DATA_TYPE": "azure_blob_user_credential_policies#1.0.0",
"sub": "string",
"email": "user@example.com",
"access_token": "string",
"refresh_token": "string",
"scopes": [
"openid",
"email",
"profile",
"offline_access",
"user_impersonation"
],
"token_expiry": "2020-02-04T21:44:12Z"
}
BlackPearlStoragePolicies Document
The BlackPearlStoragePolicies document describes Black Pearl-specific policies. This document contains policies to locate the Black Pearl S3 endpoint and map account names to API keys.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
s3_endpoint |
string <uri> |
The URL of the S3 endpoint of the BlackPearl appliance to use to access collections on this Storage Gateway. |
bp_access_id_file |
string |
Path to the file which provides mappings from usernames within the configured identity domain to the ID and secret associated with the user’s BlackPearl account |
{
"DATA_TYPE": "blackpearl_storage_policies#1.0.0",
"s3_endpoint": "http://blackpearl.example.org:8080",
"bp_access_id_file": "/etc/blackpearl/access-id-file"
}
BlackPearlCollectionPolicies Document
The BlackPearlCollectionPolicies document describes Black Pearl-specific policies. Currently this document contains no connector-specific policy information.
Name |
Type |
Description |
DATA_TYPE |
string |
{
"DATA_TYPE": "blackpearl_collection_policies#1.0.0"
}
BlackPearlUserCredentialPolicies Document
The BlackPearlUserCredentialPolicies document describes Black Pearl-specific policies. Currently this document contains read-only information about the access_id and key associated with an account.
Name |
Type |
Description |
DATA_TYPE |
string |
|
access_id |
string |
BlackPearl access ID |
secret_key |
string |
BlackPearl secret key[Private] |
{
"DATA_TYPE": "blackpearl_user_credential_policies#1.0.0",
"access_id": "amFzb25hbHQ=",
"secret_key": "K9YxrEaj"
}
BoxStoragePolicies Document
The BoxStoragePolicies document describes box-specific configuration policies. These contain data needed to interact with the Box service via its API.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
enterpriseID |
string |
Identifies which Box Enterprise this Storage Gateway is authorized access to.[Private] |
boxAppSettings |
object |
Values that the Storage Gateway uses to identify and authenticate the with the Box API.[Private] |
{
"DATA_TYPE": "box_storage_policies#1.0.0",
"enterpriseID": "123456",
"boxAppSettings": {
"clientID": "pahZae7RaiX8thooOu2ooquo",
"clientSecret": "ahNgik3uveiW4uiZYuquee3IFune6goo",
"appAuth": {
"publicKeyID": "xa6Ecas0",
"privateKey": "-----BEGIN ENCRYPTED PRIVATE KEY-----\nMIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQItFqhI7c+9m0CAggA\nMAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBBollBX+MTwIorhEBGMAGUYBIIE\n0PyvnRMb3diA+wB1GIJqLzBk4KqyKcWbP4NukwxWYvr8ZmC5MuaZQKsC0YqjZNMw\niTYaOUmjoA6HQYJr+Yt7wuU9g07N2isl+RnlZEUSrTUYVMu1NLb7A4zkCKFlV/dC\nTSb3IED//ne+i3+oaQImrO86ppGcNoaYmx4kCf9o9Etre040a7lLNQs9SB5ukHMZ\nfXGb1X5n0jXCqfJ4SYcSefK3fOVawbIg0ocMg99TZaBWvWb0C3w/+cn8MqT5FmOW\ncqMZSHtqq8/DdfNpfA7CLd6e5st2yKEnbYma2m7HR+SsCAhhOYligiMlwGCKw/JT\nYmKIB2wRu54dJOdvZVF/7kJkw5igooGxrBKXmlxVO+2TDs8fjx7F42W00XoOLTIy\nGGabLkAPQXOO5XOJsMaX/A3u9YUezoG7BZKsuPHlIxsJjylJqM0uA1nUObRxI77W\nyWEz1aHvDnEEvF/rBrNGV8ARiTNo02AKtvMLiW8H4d+G+8tlwCUB8CAkgOXwQpP5\nnqeibn4Y88GqE1z2EF7YGTjrTre/qvPJOIvYDYVONmc9DblitOMLerQdodgNC+3q\nrTDxPET9xGJ2Gg+TYWXYiEkQJMotpWR+zDB0uJVsBqfAVFvn6WFa8hp1m4Il2vNK\nCSFi8yUegK3vJiw1ZFUx42v9m8nyTiVJ/LvZYVkr2SxjI4mk2jCEP7YctTpT2Fpd\nYCXe6LGxzIh1QcEsz6ETaBtcQ2ZGoZYqURIoH3OoJ+Bqp2tsK8E/JJ5A5rSWRfeb\nssIG62iy/nDseq9sp1J5LfdOE45k5AQ0+48Box+b/j1Gdn30ckT+ffjO2HwGwAbG\nNpwgC/yJ8xyrgHGlRRULeu2zRndCcSsrRr0l9hYPiD4+JYPvaVPNf1O/Ry/OIFQZ\n+0VeWEHOziS4sheMTp6rof68zdND9NabhrUL/bjMnu6jZxFfLjj8ecVIq4TNoPRL\nHfnIEYb8z2bfMzv3raOa49Z6hgbkrQwmt/aAwp2tk9gx7FmIWghS4EktgXKYaYiG\ndPJWWnFSXOSYveF5otryISbwqZU4EDsPk8S/Yd9VTF9t/YxWpMGfsP/UKWILR3Lq\nF86JpuKgSB8eMrKDX4zTxgOqpPFaoxQYcQcM1X8BaYlfnHTtOS9gDYXyfVbxmnu9\nXTOjPdwI+enqWYADZ0HDsEghujxFOQKtefBq0isgzvMNmIB/II/09eCSPqk38oKO\nDIVPVrYqB1FtGMINDzyljCI5q9Z1Duw+9M0IYCv4k1v0fVsowNHfTGc1PcMHGZXs\nudejICJ02UZjvhW9GCE0Gswk1Td64f8afqDYvXviCI3545HZy3UZqMGNNT7nx2zY\n9Vih8pl0027MXj1IScCuC90YZr0TyhpfZadfQJB27Bh8bBaS+Jal3+vfgXTNwXLm\nTGN9EdRKaSZS7CFAmgwDEQ1wkO5v0yvOBWVgw9QcFigu9y7hPAGu91bDb8t5EEMR\nsIklo0H7U2yx2eiEB5aFbb6ufKC4+WShDvYkSEhpalqUL7wplV7lR4ZyuwLa4PG/\nShgYXEgibyksa7ggI7wJwe85laWkycrOn5/lvRUNrvSvDoQJlMsQD5h/Bscvw1K8\nNWXaierPdI1GtR0zWujxbVi29fafqwJSP6V3dTSLLbAI\n-----END ENCRYPTED PRIVATE KEY-----",
"passphrase": "Aip4eengaeQuoib2Eme3thei"
}
}
}
BoxCollectionPolicies Document
The BoxCollectionPolicies document describes box-specific configuration policies. Currently this document type contains no connector-specific policy information.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
{
"DATA_TYPE": "box_collection_policies#1.0.0"
}
BoxUserCredentialPolicies Document
The BoxUserCredentialPolicies document describes box-specific configuration policies. Currently this document type contains no connector-specific policy information.
Name |
Type |
Description |
DATA_TYPE |
string |
{
"DATA_TYPE": "box_user_credential_policies#1.0.0"
}
CephStoragePolicies Document
The CephStoragePolicies document describes ceph-specific configuration policies. These policies contain information about how to contact the Ceph storage API and also restrictions on which Ceph buckets are available for access via this storage gateway.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
s3_endpoint |
string <uri> |
URL of the S3 API endpoint |
s3_buckets |
array (string) |
List of buckets not owned by the collection owner that will be shown in the root of collections created at the base of this Storage Gateway. |
ceph_admin_key_id |
string |
Administrator key id used to authenticate with the ceph admin service to obtain user credentials.[Private] |
ceph_admin_secret_key |
string |
Administrator secret key used to authenticate with the ceph admin service to obtain user credentials.[Private] |
{
"DATA_TYPE": "ceph_storage_policies#1.0.0",
"s3_endpoint": "https://s3.amazonaws.com",
"s3_buckets": [
"publicbucket1"
],
"ceph_admin_key_id": "string",
"ceph_admin_secret_key": "string"
}
CephCollectionPolicies Document
The CephCollectionPolicies document describes ceph-specific configuration policies. Currently this document type contains no connector-specific policy information.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
{
"DATA_TYPE": "ceph_collection_policies#1.0.0"
}
CephUserCredentialPolicies Document
The CephCollectionPolicies document describes ceph-specific configuration policies. Currently this document type contains no connector-specific policy information.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
{
"DATA_TYPE": "ceph_user_credential_policies#1.0.0"
}
GoogleCloudStorageProject Document
A Google Cloud Platform project resource.
Name |
Type |
Description |
projectId |
string |
Google-issued id of a Google Cloud Platform project. |
name |
string |
The name of the project. |
{
"projectId": "strawberry-delta-129193",
"name": "Globus Data Project"
}
GoogleCloudStoragePolicies Document
This type describes the public and private policies for a Google Cloud Storage Gateway.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
client_id |
string |
Client ID registered with the Google Application console to access Google Cloud Storage.[Private] |
secret |
string |
Secret created to access access Google Cloud Storage with the client_id in this policy.[Private] |
service_account_key |
object |
Service account key to use when authenticating all storage access.[Private] |
buckets |
array (string) |
The list of Google Cloud Storage buckets which the Storage Gateway is allowed to access, as well as the list of buckets that will be shown in root level directory listings. If this list is unset, bucket access is unrestricted and all non public credential accessible buckets will be shown in root level directory listings. The value is a list of bucket names. |
auth_callback |
string <uri> |
URL of the auth callback that must be registered on the Google API console for the application client_id in order to process Google credentials. |
projects |
array (string) |
The list of Google Cloud Storage project ids which the Storage Gateway is allowed to access. If this list is unset, project access is unrestricted. The value is a list of project id strings. |
{
"DATA_TYPE": "google_cloud_storage_policies#1.0.0",
"client_id": "string",
"secret": "string",
"service_account_key": {},
"buckets": [
"string"
],
"auth_callback": "https://example.globus.org/api/v1/authcallback_google",
"projects": [
"strawberry-delta-129193"
]
}
GoogleCloudStorageCollectionPolicies Document
The GoogleCloudStorageCollectionPolicies document describes google-specific policies for a collection.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
project |
string |
Google Cloud Platform project ID value that is associated with this collection. |
{
"DATA_TYPE": "google_cloud_storage_collection_policies#1.0.0",
"project": "strawberry-delta-129193"
}
GoogleCloudStorageUserCredentialPolicies Document
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
sub |
string |
OpenID Connect subject property of this credential. [read-only] |
string <email> |
OpenID Connect email property of this credential. [read-only] |
|
access_token |
string |
Access token to interact with the Google Cloud Storage API. [read-only][Private] |
refresh_token |
string |
Refresh token to generate new access tokens to use with the Google Cloud Storage API. [read-only][Private] |
scopes |
array (string) |
List of OAuth 2 scopes associated with the tokens in this credential. [read-only] |
projects |
array ( GoogleCloudStorageProject ) |
List of Google Cloud Platform projects available for use with this credential. [read-only] |
token_expiry |
string <date-time> |
Time when he access token expires. [read-only] |
{
"DATA_TYPE": "google_cloud_storage_user_credential_policies#1.0.0",
"sub": "string",
"email": "user@example.com",
"access_token": "string",
"refresh_token": "string",
"scopes": [
"string"
],
"projects": [
{
"projectId": "strawberry-delta-129193",
"name": "Globus Data Project"
}
],
"token_expiry": "2020-02-04T21:44:12Z"
}
GoogleDriveStoragePolicies Document
This type describes the public and private policies for a Google Drive Storage Gateway.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
client_id |
string |
Client ID registered with the Google Application console to access Google Drive.[Private] |
secret |
string |
Secret created to access access Google Drive with the client_id in this policy.[Private] |
user_api_rate_quota |
integer |
User API Rate quota associated with this client ID.[Private] |
auth_callback |
string <uri> |
URL of the auth callback that must be registered on the Google API console for the application client_id in order to process Google credentials. |
{
"DATA_TYPE": "google_drive_storage_policies#1.0.0",
"client_id": "string",
"secret": "string",
"user_api_rate_quota": 1000,
"auth_callback": "https://example.globus.org/api/v1/authcallback_google"
}
GoogleDriveCollectionPolicies Document
The GoogleDriveCollectionPolicies document describes Google drive -specific configuration policies. Currently this document type contains no connector-specific policy information.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
{
"DATA_TYPE": "google_drive_collection_policies#1.0.0"
}
GoogleDriveUserCredentialPolicies Document
The GoogleDriveUserCredentialPolicies document describes the google-specific policy information included in a UserCredential. This document contains read-only data about the user’s Google OAuth tokens.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
sub |
string |
OAuth subject identifier claim. |
string <email> |
OAuth email claim. |
|
access_token |
string |
OAuth access token. |
refresh_token |
string |
OAuth refresh token. |
scopes |
array (string) |
OAuth scopes associated with this access token. |
token_expiry |
string <date-time> |
OAuth access token expiration time. |
{
"DATA_TYPE": "google_drive_user_credential_policies#1.0.0",
"sub": "string",
"email": "user@example.com",
"access_token": "string",
"refresh_token": "string",
"scopes": [
"email",
"profile",
"https://www.googleapis.com/auth/drive",
"https://www.googleapis.com/auth/drive.appfolder"
],
"token_expiry": "2020-02-04T21:44:12Z"
}
HpssStoragePolicies Document
This type describes the public and private policies for a HPSS Storage Gateway.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
authentication_mech |
string |
Defines the type of authentication the connector will perform when logging into HPSS. |
authenticator |
string |
Authenticator used with --authentication-mech to perform authentication to HPSS. Format is: "<auth_type>:<auth_file>" where <auth_type> is one of "auth_keytab" or "auth_keyfile". For example, "auth_keytab:/var/hpss/etc/gridftp.keytab".[Private] |
uda_checksum |
boolean |
Flag that indicates if checksums should be stored within UDAs so that sync-by-checksum transfers can verify the file without staging the file from tape. |
{
"DATA_TYPE": "hpss_storage_policies#1.0.0",
"authentication_mech": "unix",
"authenticator": "string",
"uda_checksum": true
}
HpssCollectionPolicies Document
The HpssCollectionPolicies document describes HPSS-specific configuration policies. Currently this document type contains no connector-specific policy information.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
{
"DATA_TYPE": "hpss_collection_policies#1.0.0"
}
HpssUserCredentialPolicies Document
The HpssUserCredentialPolicies document describes the HPSS-specific policy information included in a UserCredential. This document contains read-only data about the user’s credentials.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
{
"DATA_TYPE": "hpss_user_credential_policies#1.0.0"
}
IrodsStoragePolicies Document
This document contains one of the versioned iRODS specific storage gateway policies.
Name |
Type |
Description |
IrodsStoragePolicies |
IrodsStoragePolicies One of { IrodsStoragePolicies 1.0.0 } |
This document contains one of the versioned iRODS specific storage gateway policies. |
{
"irods_environment_file": "/var/irods/irods_environment.json",
"irods_authentication_file": "/var/irods/.irodsA",
"environment": [
{
"name": "VOLUME",
"value": "/vol/0"
}
],
"DATA_TYPE": "irods_storage_policies#1.0.0"
}
IrodsStoragePolicies 1.0.0 Document
This document contains version 1.0.0 of the iRODS storage gateway policies with an explicit DATA_TYPE value.
Name |
Type |
Description |
irods_environment_file |
string |
Path to the irods environment file.[Private] |
irods_authentication_file |
string |
Path to the irods authentication file.[Private] |
environment |
array (object) |
Variables to set in the iRODS client environment.[Private] |
DATA_TYPE |
string |
Type of this document |
{
"irods_environment_file": "/var/irods/irods_environment.json",
"irods_authentication_file": "/var/irods/.irodsA",
"environment": [
{
"name": "VOLUME",
"value": "/vol/0"
}
],
"DATA_TYPE": "irods_storage_policies#1.0.0"
}
IrodsStoragePolicies_1_0_0_Properties Document
The IrodsStoragePolicies document describes the extensions to support the iRODS connector’s configuration policies.
Name |
Type |
Description |
irods_environment_file |
string |
Path to the irods environment file.[Private] |
irods_authentication_file |
string |
Path to the irods authentication file.[Private] |
environment |
array (object) |
Variables to set in the iRODS client environment.[Private] |
{
"irods_environment_file": "/var/irods/irods_environment.json",
"irods_authentication_file": "/var/irods/.irodsA",
"environment": [
{
"name": "VOLUME",
"value": "/vol/0"
}
]
}
IrodsUserCredentialPolicies Document
This document contains one of the versioned iRODS-specific user credential policies.
Name |
Type |
Description |
IrodsUserCredentialPolicies |
IrodsUserCredentialPolicies One of { object IrodsUserCredential 1.0.0 Policies } |
This document contains one of the versioned iRODS-specific user credential policies. |
{
"DATA_TYPE": "irods_user_credential_policies#1.0.0"
}
IrodsUserCredential 1.0.0 Policies Document
This document contains version 1.0.0 of the iRODS user credential policies with an explicit DATA_TYPE value.
Name |
Type |
Description |
DATA_TYPE |
string |
{
"DATA_TYPE": "irods_user_credential_policies#1.0.0"
}
IrodsCollectionPolicies 1.0.0 Document
This document contains version 1.0.0 of the iRODS collection policies with an explicit DATA_TYPE value.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
{
"DATA_TYPE": "irods_collection_policies#1.0.0"
}
IrodsCollectionPolicies Document
This document contains one of the versioned iRODS-specific collection policies.
Name |
Type |
Description |
IrodsCollectionPolicies |
IrodsCollectionPolicies One of { IrodsCollectionPolicies 1.0.0 } |
This document contains one of the versioned iRODS-specific collection policies. |
{
"DATA_TYPE": "irods_collection_policies#1.0.0"
}
OneDriveStoragePolicies Document
This type describes the public and private policies for a OneDrive Storage Gateway.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
client_id |
string |
Client ID registered with the Azure console to access OneDrive.[Private] |
secret |
string |
Secret created in the Azure console to access OneDrive with the client_id in this policy.[Private] |
tenant |
string |
Tenant ID of the Microsoft organization. Required when Supported Account Types of the Azure application is set to Single tenant.[Private] |
user_api_rate_limit |
integer |
User API Rate Limit associated with this client ID in operations per second per user.[Private] |
auth_callback |
string <uri> |
URL of the auth callback that must be registered on the Azure console for the application client_id in order to process Microsoft credentials. |
{
"DATA_TYPE": "onedrive_storage_policies#1.0.0",
"client_id": "string",
"secret": "string",
"tenant": "string",
"user_api_rate_limit": 1000,
"auth_callback": "https://example.globus.org/api/v1/authcallback"
}
OneDriveUserCredentialPolicies Document
The OneDriveUserCredentialPolicies document describes the OneDrive-specific policy information included in a UserCredential. This document contains read-only data about the user’s credentials.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
sub |
string |
OAuth subject identifier claim. |
string <email> |
OAuth email claim. |
|
access_token |
string |
OAuth access token. |
refresh_token |
string |
OAuth refresh token. |
scopes |
array (string) |
OAuth scopes associated with this access token. |
token_expiry |
string <date-time> |
OAuth access token expiration time. |
{
"DATA_TYPE": "onedrive_user_credential_policies#1.0.0",
"sub": "string",
"email": "user@example.com",
"access_token": "string",
"refresh_token": "string",
"scopes": [
"openid",
"email",
"profile",
"offline_access",
"files.readwrite.all"
],
"token_expiry": "2020-02-04T21:44:12Z"
}
OneDriveCollectionPolicies Document
The OneDriveCollectionPolicies document describes OneDrive-specific configuration policies. Currently this document type contains no connector-specific policy information.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
{
"DATA_TYPE": "onedrive_collection_policies#1.0.0"
}
PosixStoragePolicies Document
This document contains one of the versioned POSIX-specific storage gateway policies. This document includes settings for access restrictions for based on POSIX group membership.
Name |
Type |
Description |
PosixStoragePolicies |
PosixStoragePolicies One of { PosixStoragePolicies_1_0_0 } |
This document contains one of the versioned POSIX-specific storage gateway policies. This document includes settings for access restrictions for based on POSIX group membership. |
{
"DATA_TYPE": "posix_storage_policies#1.0.0",
"groups_allow": [
"globus"
],
"groups_deny": [
"nonglobus"
]
}
PosixStoragePolicies_1_0_0 Document
This document contains version 1.0.0 of the POSIX storage gateway policies with an explicit DATA_TYPE value.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
groups_allow |
array (string) |
List of POSIX group IDs allowed to access this Storage Gateway.[Private] |
groups_deny |
array (string) |
List of POSIX group IDs denied access this Storage Gateway.[Private] |
{
"DATA_TYPE": "posix_storage_policies#1.0.0",
"groups_allow": [
"globus"
],
"groups_deny": [
"nonglobus"
]
}
PosixStoragePolicies 1.0.0 Properties Document
This document contains the properties for version 1.0.0 of the POSIX storage gateway policy document.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
groups_allow |
array (string) |
List of POSIX group IDs allowed to access this Storage Gateway.[Private] |
groups_deny |
array (string) |
List of POSIX group IDs denied access this Storage Gateway.[Private] |
{
"DATA_TYPE": "string",
"groups_allow": [
"globus"
],
"groups_deny": [
"nonglobus"
]
}
PosixUserCredentialPolicies Document
This document contains one of the versioned POSIX-specific user credential policies.
Name |
Type |
Description |
PosixUserCredentialPolicies |
PosixUserCredentialPolicies One of { object PosixUserCredential 1.0.0 Policies } |
This document contains one of the versioned POSIX-specific user credential policies. |
{
"DATA_TYPE": "posix_user_credential_policies#1.0.0"
}
PosixUserCredential 1.0.0 Policies Document
This document contains version 1.0.0 of the POSIX storage gateway policies with an explicit DATA_TYPE value.
Name |
Type |
Description |
DATA_TYPE |
string |
{
"DATA_TYPE": "posix_user_credential_policies#1.0.0"
}
PosixGuestCollectionPolicies Document
This document contains one of the versioned POSIX-specific guest collection policies.
Name |
Type |
Description |
PosixGuestCollectionPolicies |
PosixGuestCollectionPolicies One of { object PosixCollectionPolicies 1.0.0 , PosixGuestCollectionPolicies 1.1.0 } |
This document contains one of the versioned POSIX-specific guest collection policies. |
{
"DATA_TYPE": "posix_collection_policies#1.0.0"
}
PosixMappedCollectionPolicies Document
This document contains one of the versioned POSIX-specific guest collection policies.
Name |
Type |
Description |
PosixMappedCollectionPolicies |
PosixMappedCollectionPolicies One of { object PosixCollectionPolicies 1.0.0 , PosixMappedCollectionPolicies 1.1.0 } |
This document contains one of the versioned POSIX-specific guest collection policies. |
{
"DATA_TYPE": "posix_collection_policies#1.0.0"
}
PosixCollectionPolicies 1.0.0 Document
This document contains version 1.0.0 of the POSIX collection policies with an explicit DATA_TYPE value. There are no differences between policies supported by mapped and guest collections.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
{
"DATA_TYPE": "posix_collection_policies#1.0.0"
}
PosixGuestCollectionPolicies 1.1.0 Document
This document contains version 1.1.0 of the POSIX collection policies with an explicit DATA_TYPE value.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
{
"DATA_TYPE": "posix_collection_policies#1.1.0"
}
PosixMappedCollectionPolicies 1.1.0 Document
This document contains version 1.1.0 of the POSIX collection policies with an explicit DATA_TYPE value. This document type contains policies to perform group-level sharing restrictions.
Name |
Type |
Description |
sharing_groups_allow |
array (string) |
List of POSIX group IDs allowed to create shares on this collection.[Private] |
sharing_groups_deny |
array (string) |
List of POSIX group IDs denied access to create shares on this collection.[Private] |
DATA_TYPE |
string |
Type of this document |
{
"sharing_groups_allow": [
"globus"
],
"sharing_groups_deny": [
"nonglobus"
],
"DATA_TYPE": "posix_collection_policies#1.1.0"
}
PosixMappedCollectionPolicies 1.1.0 Properties Document
This document contains the POSIX-specific properties for version 1.1.0 of the POSIX mapped collection policies document. This document type contains policies to perform group-level sharing restrictions.
Name |
Type |
Description |
sharing_groups_allow |
array (string) |
List of POSIX group IDs allowed to create shares on this collection.[Private] |
sharing_groups_deny |
array (string) |
List of POSIX group IDs denied access to create shares on this collection.[Private] |
{
"sharing_groups_allow": [
"globus"
],
"sharing_groups_deny": [
"nonglobus"
]
}
PosixStagingStoragePolicies Document
This document contains one of the versioned POSIX staging specific storage gateway policies.
Name |
Type |
Description |
PosixStagingStoragePolicies |
PosixStagingStoragePolicies One of { PosixStagingStoragePolicies 1.0.0 } |
This document contains one of the versioned POSIX staging specific storage gateway policies. |
{
"DATA_TYPE": "posix_staging_storage_policies#1.0.0",
"groups_allow": [
"globus"
],
"groups_deny": [
"nonglobus"
],
"stage_app": "/usr/local/bin/globus-stage-data",
"environment": [
{
"name": "VOLUME",
"value": "/vol/0"
}
]
}
PosixStagingStoragePolicies 1.0.0 Document
This document contains version 1.0.0 of the POSIX staging storage gateway policies with an explicit DATA_TYPE value.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
groups_allow |
array (string) |
List of POSIX group IDs allowed to access this Storage Gateway.[Private] |
groups_deny |
array (string) |
List of POSIX group IDs denied access this Storage Gateway.[Private] |
stage_app |
string |
Path to the stage app.[Private] |
environment |
array (object) |
Variables to set in the environment when executing the stage_app.[Private] |
{
"DATA_TYPE": "posix_staging_storage_policies#1.0.0",
"groups_allow": [
"globus"
],
"groups_deny": [
"nonglobus"
],
"stage_app": "/usr/local/bin/globus-stage-data",
"environment": [
{
"name": "VOLUME",
"value": "/vol/0"
}
]
}
PosixStagingStoragePolicies_1_0_0_Properties Document
The PosixStagingStoragePolicies document describes the extensions to support the posix staging connector’s configuration policies.
Name |
Type |
Description |
stage_app |
string |
Path to the stage app.[Private] |
environment |
array (object) |
Variables to set in the environment when executing the stage_app.[Private] |
{
"stage_app": "/usr/local/bin/globus-stage-data",
"environment": [
{
"name": "VOLUME",
"value": "/vol/0"
}
]
}
PosixStagingUserCredentialPolicies Document
This document contains one of the versioned POSIX staging-specific user credential policies.
Name |
Type |
Description |
PosixStagingUserCredentialPolicies |
PosixStagingUserCredentialPolicies One of { object PosixStagingUserCredential 1.0.0 Policies } |
This document contains one of the versioned POSIX staging-specific user credential policies. |
{
"DATA_TYPE": "posix_staging_user_credential_policies#1.0.0"
}
PosixStagingUserCredential 1.0.0 Policies Document
This document contains version 1.0.0 of the POSIX staging user credential policies with an explicit DATA_TYPE value.
Name |
Type |
Description |
DATA_TYPE |
string |
{
"DATA_TYPE": "posix_staging_user_credential_policies#1.0.0"
}
PosixStagingMappedCollectionPolicies 1.0.0 Document
This document contains version 1.0.0 of the POSIX staging mapped collection policies with an explicit DATA_TYPE value.
Name |
Type |
Description |
sharing_groups_allow |
array (string) |
List of POSIX group IDs allowed to create shares on this collection.[Private] |
sharing_groups_deny |
array (string) |
List of POSIX group IDs denied access to create shares on this collection.[Private] |
DATA_TYPE |
string |
Type of this document |
{
"sharing_groups_allow": [
"globus"
],
"sharing_groups_deny": [
"nonglobus"
],
"DATA_TYPE": "posix_staging_collection_policies#1.0.0"
}
PosixStagingGuestCollectionPolicies 1.0.0 Document
This document contains version 1.0.0 of the POSIX staging mapped collection policies with an explicit DATA_TYPE value.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
{
"DATA_TYPE": "posix_staging_collection_policies#1.0.0"
}
PosixStagingGuestCollectionPolicies Document
This document contains one of the versioned POSIX staging-specific guest collection policies.
Name |
Type |
Description |
PosixStagingGuestCollectionPolicies |
PosixStagingGuestCollectionPolicies One of { PosixStagingGuestCollectionPolicies 1.0.0 } |
This document contains one of the versioned POSIX staging-specific guest collection policies. |
{
"DATA_TYPE": "posix_staging_collection_policies#1.0.0"
}
PosixStagingMappedCollectionPolicies Document
This document contains one of the versioned POSIX staging-specific guest collection policies.
Name |
Type |
Description |
PosixStagingMappedCollectionPolicies |
PosixStagingMappedCollectionPolicies One of { PosixStagingMappedCollectionPolicies 1.0.0 } |
This document contains one of the versioned POSIX staging-specific guest collection policies. |
{
"sharing_groups_allow": [
"globus"
],
"sharing_groups_deny": [
"nonglobus"
],
"DATA_TYPE": "posix_staging_collection_policies#1.0.0"
}
S3StoragePolicies Document
The S3StoragePolicies document describes S3-specific configuration policies. These policies contain information about how to contact the S3 API and also restrictions on which S3 buckets are available for access via this storage gateway.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
s3_endpoint |
string <uri> |
URL of the S3 API endpoint |
s3_buckets |
array (string) |
List of buckets not owned by the collection owner that will be shown in the root of collections created at the base of this Storage Gateway. |
s3_user_credential_required |
boolean |
Flag indicating if a Globus User must register a user credential in order to create a Guest Collection on this Storage Gateway. |
{
"DATA_TYPE": "s3_storage_policies#1.0.0",
"s3_endpoint": "https://s3.amazonaws.com",
"s3_buckets": [
"awsexamplebucket1"
],
"s3_user_credential_required": true
}
S3CollectionPolicies Document
The S3CollectionPolicies document describes s3-specific configuration policies. Currently this document type contains no connector-specific policy information.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
{
"DATA_TYPE": "s3_collection_policies#1.0.0"
}
S3UserCredential Document
The S3UserCredential document describes s3-specific configuration policies. Currently this contains the key information needed to contact the S3 API for this account.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
s3_key_id |
string |
Access Key ID to use with the S3 API to access your buckets and objects. |
s3_secret_key |
string |
Secret Key to use with the S3 API to access your buckets and objects. |
{
"DATA_TYPE": "s3_user_credential_policies#1.0.0",
"s3_key_id": "AKIAIOSFODNN7EXAMPLE",
"s3_secret_key": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
}
Sharing Policies Document
Sharing policies for a mapped collection. This document type allows endpoint and collection administrators to optionally constrain sharing path policies for particular users. The sharing_restrict_paths property has a similar meaning to that of the sharing_restrict_paths in the collection document; however, it is in effect only for specific users.
If the users property is null, then the restriction applies to all users. If it is non-null, then this restriction applies only to accounts which have been mapped to the enumerated storage gateway user accounts.
Multiple sharing policies can be defined for a mapped collection. When a guest collection is created or accessed, only the policies relevant to the user which created the account are enforced.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
id |
string <uuid> |
ID for this sharing policy |
collection_id |
string <uuid> |
ID of the mapped collection which this policy is associated with. |
sharing_restrict_paths |
One of { object PathRestrictions } |
Restrictions on which paths may be shared in guest collections related to this mapped collection. These paths are relative to the root_path property of the mapped collection. |
users |
array (string) |
List of local user accounts that this policy applies to. If omitted or null, this restriction applies to all local user accounts. |
{
"DATA_TYPE": "sharing_policy#1.0.0",
"id": "97d6ec0b-a3c2-4723-a1a0-285b2b8f015a",
"collection_id": "14326300-5a33-4387-9bb0-7f85c3dc3185",
"sharing_restrict_paths": {
"DATA_TYPE": "path_restrictions#1.0.0",
"read": [
"/public"
],
"read_write": [
"/home",
"/projects"
],
"none": [
"/private"
]
},
"users": [
"username"
]
}