Connector-specific storage gateway policies for the AzureBlob connector
account: null|string
Description
Azure Storage account to access with this storage gateway
adls: null|boolean
Description
Flag indicating the Azure storage account has enabled Azure Data
Lake Gen2 hierarchical namespace support.
OptionalReadonlyauth_callback?: string
Description
URL of the auth callback that must be registered on the Microsoft
API console for the application client_id in order to process
Microsoft credentials.
auth_type: null|string
Description
The method of authentication to Azure. "user" prompts the user to
log in to their Microsoft account via an oauth2 flow.
"service_principal" uses the configured client_id and client_secret
values to authenticate as an Azure service principal.
client_id: null|string
Description
Client ID registered with the Azure console to access Azure Blob.
DATA_TYPE: "azure_blob_storage_policies#1.0.0"
Description
Type of this document
Default
azure_blob_storage_policies#1.0.0 @enum {string}
secret: null|string
Description
Secret created in the Azure console to access Azure Blob with the
client_id in this policy.
Flag indicating whether users must register a credential. If true
(or if this property is missing), this storage gateway is
configured for OAuth2 user authentication. If false,
authentication is configured by the admin.
Connector-specific storage gateway policies for the AzureBlob connector
account: null|string
Description
Azure Storage account to access with this storage gateway
adls: null|boolean
Description
Flag indicating the Azure storage account has enabled Azure Data
Lake Gen2 hierarchical namespace support.
Optionalallow_any_account?: boolean
Description
If true, allow users to access personal or external Microsoft accounts.
If false (the default), users must use the Microsoft account which
matches the username their Globus credential maps to.
OptionalReadonlyauth_callback?: string
Description
URL of the auth callback that must be registered on the Microsoft
API console for the application client_id in order to process
Microsoft credentials.
auth_type: null|string
Description
The method of authentication to Azure. "user" prompts the user to
log in to their Microsoft account via an oauth2 flow.
"service_principal" uses the configured client_id and client_secret
values to authenticate as an Azure service principal.
client_id: null|string
Description
Client ID registered with the Azure console to access Azure Blob.
DATA_TYPE: "azure_blob_storage_policies#1.1.0"
Description
Type of this document
Default
azure_blob_storage_policies#1.1.0 @enum {string}
secret: null|string
Description
Secret created in the Azure console to access Azure Blob with the
client_id in this policy.
Flag indicating whether users must register a credential. If true
(or if this property is missing), this storage gateway is
configured for OAuth2 user authentication. If false,
authentication is configured by the admin.
Connector-specific storage gateway policies for the Blackpearl connector
Optionalbp_access_id_file?: string
Description
Path to the file which provides mappings from usernames within the
configured identity domain to the ID and secret associated with the
user's BlackPearl account
DATA_TYPE: "blackpearl_storage_policies#1.0.0"
Description
Type of this document
Default
blackpearl_storage_policies#1.0.0 @enum {string}
Optionals3_endpoint?: string
Description
The URL of the S3 endpoint of the BlackPearl appliance
to use to access collections on this Storage Gateway.
Connector-specific storage gateway policies for the Blackpearl connector
Optionalbp_access_id_file?: string
Description
Path to the file which provides mappings from usernames within the
configured identity domain to the ID and secret associated with the
user's BlackPearl account
DATA_TYPE: "blackpearl_storage_policies#1.0.0"
Description
Type of this document
Default
blackpearl_storage_policies#1.0.0 @enum {string}
Optionals3_endpoint?: string
Description
The URL of the S3 endpoint of the BlackPearl appliance
to use to access collections on this Storage Gateway.
Values from the Box JWT client configuration that the storage gateway uses
to identify and authenticate with the Box API. This is only set when
configuring the storage gateway for Box enterprise authentication.
Identifies which Box Enterprise this storage gateway is authorized
access to. This is only set when configuring the storage gateway
for Box enterprise authentication.
Client ID of the Box OAuth2 application registered on the Box developer
console. This is only set when configuring the storage gateway for
OAuth2 user authentication.
DATA_TYPE: "box_storage_policies#1.1.0"
Description
Type of this document
Default
box_storage_policies#1.1.0 @enum {string}
OptionalenterpriseID?: string
Description
Identifies which Box Enterprise this storage gateway is authorized
access to. This is only set when configuring the storage gateway for
Box enterprise authentication.
Optionalsecret?: string
Description
Secret associated with the client_id set in this policy. This is only
set when configuring the storage gateway for OAuth2 user
authentication.
Optionaluser_api_rate_limit?: number
Description
User API Rate Limit associated with this client ID in operations per
second per user.
Flag indicating whether users must register a credential. If true,
this storage gateway is configured for OAuth2 user authentication. If
false (and for older DATA_TYPE where this property is missing), this
storage gateway is configured for enterprise authentication.
Connector-specific storage gateway policies for the Box connector.
Optionalallow_any_account?: boolean
Description
If true, allow users to access personal or external Box accounts.
If false (the default), users must use the Box account which
matches the username their Globus credential maps to.
OptionalReadonlyauth_callback?: string
Description
URL of the auth callback that must be set on the Box developer
console for the Box application of client_id.
Client ID of the Box OAuth2 application registered on the Box developer
console. This is only set when configuring the storage gateway for
OAuth2 user authentication.
DATA_TYPE: "box_storage_policies#1.2.0"
Description
Type of this document
Default
box_storage_policies#1.2.0 @enum {string}
OptionalenterpriseID?: string
Description
Identifies which Box Enterprise this storage gateway is authorized
access to. This is only set when configuring the storage gateway for
Box enterprise authentication.
Optionalsecret?: string
Description
Secret associated with the client_id set in this policy. This is only
set when configuring the storage gateway for OAuth2 user
authentication.
Optionaluser_api_rate_limit?: number
Description
User API Rate Limit associated with this client ID in operations per
second per user.
Flag indicating whether users must register a credential. If true,
this storage gateway is configured for OAuth2 user authentication. If
false (and for older DATA_TYPE where this property is missing), this
storage gateway is configured for enterprise authentication.
A collection consists of metadata about the collection, a DNS
domain for accessing data on the collection, and configuration on
the Data Transfer Nodes to access the collection data. Globus
Connect Server version 5 supports two types of collections:
mapped and guest.
Version 1.1.0 adds support for enabling or disabling https access for
individual collections, as well as the ability for collection
administrators to add an optional message and web link to be shown on
the Globus Web App when users visit the collection.
Version 1.2.0 adds the ability to enable or disable sharing by specific
users.
Version 1.3.0 add support for custom DNS domains on collections.
Version 1.4.0 allows optional multi-factor authentication requirements to
high assurance collections and the ability to require checksums when
transferring data on this collection.
Version 1.5.0 allows administrators to disable permissions that would allow
anonymous users to have write access to an endpoint.
Version 1.6.0 allows administrators of mapped collections to associate
policies that users accessing guest collections must meet beyond the
guest collection permissions.
Version 1.7.0 increases the maximum allowed length of the user_message
property.
Version 1.8.0 adds the delete_protected property. While it is set to true
on a mapped collection, the collection may not be deleted. As of GCS 5.4.69,
this is true by default.
Version 1.9.0 adds the read-only last_access and created_at properties.
Version 1.10.0 adds the acl_expiration_mins property to HA mapped collections.
Version 1.11.0 adds the acl_expiration_mins property to HA guest collection.
Version 1.12.0 adds the restrict_transfers_to_high_assurance property to HA
collections.
Version 1.13.0 adds the auto_delete_timeout property to mapped collections
and the skip_auto_delete property to guest collections.
Version 1.14.0 adds the subscription_admin_verified property to collections
and activity_notification_policy to guest collections.
Version 1.15.0 adds the associated_flow_policy property to the collection.
A collection consists of metadata about the collection, a DNS
domain for accessing data on the collection, and configuration on
the Data Transfer Nodes to access the collection data. Globus
Connect Server version 5 supports two types of collections:
mapped and guest.
Optionalallow_guest_collections?: boolean
Description
Flag indicating if this Collection allows users to create guest
collections on it. This is always false if this is a guest
collection. If this is changed to false on a mapped collection with
associated guest collections, those collections will no longer be
accessible.
OptionalReadonlyauthentication_timeout_mins?: number
Description
Timeout (in minutes) during which a user is required to have
authenticated in a session to access this storage gateway.
collection_base_path: string
Description
Path to be interpreted as the base path when creating a new
collection. It is interpreted differently depending on the
collection type being created. For a mapped collection, this is an
absolute path on the storage system named by the
storage_gateway_id. For a guest collection, this is a relative
path relative to the value of the root_path attribute on the
mapped collection with the same Id as the mapped_collection_id
property. This may not be changed once the collection is created.
Support for `~` was added in API version 1.21.0.
collection_type: "mapped"|"guest"
Description
Type of collection. A mapped collection requires an account on
the system to access the administrator-defined collection. A
guest collection allows users to share access to their data on a
Storage Gateway by registering a credential with the GCS Manager.
OptionalReadonlyconnector_id?: string
Format: uuid
Description
Id of the connector type that is used by this collection.
Optionalcontact_email?: null|string
Description
Email address of the support contact for this collection. This is visible
to end users so that they may contact your organization for support.
Optionalcontact_info?: null|string
Description
Other non-email contact information for the collection, e.g. phone and
mailing address. This is visible to end users for support.
DATA_TYPE: "collection#1.0.0"
Description
Type of this document
Default
collection#1.0.0 @enum {string}
Optionaldefault_directory?: string
Description
Default directory when accessing the collection. This may include
the special string $USER which is evaluated at access time to be
the connector-specific username accessing the data.
If the collection is mapped collection with a
**collection_base_path** value of `/`, this value can also begin
with the values `/~/` and `$HOME`, which are replaced by the user's
home directory, or `/` if the connector does not support the
concept of a home directory.
OptionalReadonlydeleted?: boolean
Description
Flag indicating that this collection has been deleted
Optionaldepartment?: null|string
Description
Department within organization that runs the server(s).
Searchable. Optional. Unicode string, max 1024
characters, no new lines.
Optionaldescription?: null|string
Description
A description of the collection.
Optionaldisable_verify?: boolean
Description
Flag indicating that this endpoint does not support computing
checksums, needed for the verify_checksum option of transfer.
display_name: string
Description
Friendly name for the collection. Unicode string, max 128
characters, no new lines (\r or \n).
Optionaldomain_name?: string
Description
DNS name of the virtual host serving this collection. For mapped
collections which do not have a custom domain, this may be specified as
part of the input document to create the collection, otherwise this is
a read-only property. When included in the input, the name is
restricted to be a subdomain of the endpoint, and the input name label
may not start with m- or g-.
Optionalforce_encryption?: boolean
Description
Flag indicating whether all data transfers to and from this
collection are always encrypted.
__New in v5.4.17__: If a mapped collection forces encryption, all
of its guest collections must as well. If this option is used on a
mapped collection, the value is propagated to its guest
collections.
OptionalReadonlyhigh_assurance?: boolean
Description
Flag indicating if this collection is created on a high assurance
Storage Gateway.
OptionalReadonlyhttps_url?: string
Description
HTTPS URL for the data on this collection.
OptionalReadonlyid?: string
Format: uuid
Description
Unique identifier for this collection. This is assigned
by the GCS manager when creating a collection.
Optionalidentity_id?: string
Format: uuid
Description
Globus Auth identity to who acts as the owner of this collection.
This identity is an administrator on the collection.
Optionalinfo_link?: null|string
Description
Link to a web page with more information about the collection
Optionalkeywords?: string[]
Description
List of search keywords for the
endpoint. Optional. Unicode string, max 1024
characters total across all strings.
OptionalReadonlymanager_url?: string
Description
URL of the GCS Manager API service for the endpoint hosting this
collection.
Optionalmapped_collection_id?: string
Format: uuid
Description
Unique ID of the Mapped Collection which this guest collection is
associated with. This is set on creation and may not be changed.
For a Guest Collection, this must be set, and policies related
sharing (allow_guest_collections, sharing_restrict_paths) will
always reflect the values in the Mapped Collection definition and
may not be changed on this Guest Collection.
Optionalorganization?: string
Description
Organization that runs the server(s) represented by the endpoint.
Optional to preserve backward compatibility, but will eventually be
required and all clients are encouraged to require users to specify
it. Unicode string, max 1024 characters, no new lines.
Flag indicating whether this collection is visible to other Globus
users.
OptionalReadonlyroot_path?: string
Description
Absolute root path of the collection. All data access
is done relative to this path. On a guest collection,
this value is only visible if the caller has an
administrator role on both the guest collection and the
mapped collection it is created on.
Optionalsharing_restrict_paths?: unknown
Description
Restrictions on which paths may be shared in guest collections related
to this mapped collection. On the mapped collection, these paths are
relative to the root_path property of the mapped collection. On a guest
collection, they are absolute paths from the storage root.
Optionalstorage_gateway_id?: string
Format: uuid
Description
Unique ID of the Storage Gateway which this collection provides
access to. This value can not change after the collection is
created.
OptionalReadonlytlsftp_url?: string
Description
TLSFTP URL for the data on this collection.
Optionaluser_credential_id?: string
Format: uuid
Description
The ID of the User Credential which is used to access data on this
collection. This credential must be owned by the collection's
identity_id.
A collection consists of metadata about the collection, a DNS
domain for accessing data on the collection, and configuration on
the Data Transfer Nodes to access the collection data. Globus
Connect Server version 5 supports two types of collections:
mapped and guest.
Version 1.1.0 adds support for enabling or disabling https access for
individual collections, as well as the ability for collection
administrators to add an optional message and web link to be shown on
the Globus Web App when users visit the collection.
Optionalallow_guest_collections?: boolean
Description
Flag indicating if this Collection allows users to create guest
collections on it. This is always false if this is a guest
collection. If this is changed to false on a mapped collection with
associated guest collections, those collections will no longer be
accessible.
OptionalReadonlyauthentication_timeout_mins?: number
Description
Timeout (in minutes) during which a user is required to have
authenticated in a session to access this storage gateway.
collection_base_path: string
Description
Path to be interpreted as the base path when creating a new
collection. It is interpreted differently depending on the
collection type being created. For a mapped collection, this is an
absolute path on the storage system named by the
storage_gateway_id. For a guest collection, this is a relative
path relative to the value of the root_path attribute on the
mapped collection with the same Id as the mapped_collection_id
property. This may not be changed once the collection is created.
Support for `~` was added in API version 1.21.0.
collection_type: "mapped"|"guest"
Description
Type of collection. A mapped collection requires an account on
the system to access the administrator-defined collection. A
guest collection allows users to share access to their data on a
Storage Gateway by registering a credential with the GCS Manager.
OptionalReadonlyconnector_id?: string
Format: uuid
Description
Id of the connector type that is used by this collection.
Optionalcontact_email?: null|string
Description
Email address of the support contact for this collection. This is visible
to end users so that they may contact your organization for support.
Optionalcontact_info?: null|string
Description
Other non-email contact information for the collection, e.g. phone and
mailing address. This is visible to end users for support.
DATA_TYPE: "collection#1.1.0"
Description
Type of this document
Default
collection#1.1.0 @enum {string}
Optionaldefault_directory?: string
Description
Default directory when accessing the collection. This may include
the special string $USER which is evaluated at access time to be
the connector-specific username accessing the data.
If the collection is mapped collection with a
**collection_base_path** value of `/`, this value can also begin
with the values `/~/` and `$HOME`, which are replaced by the user's
home directory, or `/` if the connector does not support the
concept of a home directory.
OptionalReadonlydeleted?: boolean
Description
Flag indicating that this collection has been deleted
Optionaldepartment?: null|string
Description
Department within organization that runs the server(s).
Searchable. Optional. Unicode string, max 1024
characters, no new lines.
Optionaldescription?: null|string
Description
A description of the collection.
Optionaldisable_verify?: boolean
Description
Flag indicating that this endpoint does not support computing
checksums, needed for the verify_checksum option of transfer.
display_name: string
Description
Friendly name for the collection. Unicode string, max 128
characters, no new lines (\r or \n).
Optionaldomain_name?: string
Description
DNS name of the virtual host serving this collection. For mapped
collections which do not have a custom domain, this may be specified as
part of the input document to create the collection, otherwise this is
a read-only property. When included in the input, the name is
restricted to be a subdomain of the endpoint, and the input name label
may not start with m- or g-.
Optionalenable_https?: boolean
Description
Boolean flag indicating whether this collection should support
HTTPS. This value can be set on mapped collections or guest
collections. However, it may not be set to true on a guest
collection if the value on the related mapped collection is false.
Optionalforce_encryption?: boolean
Description
Flag indicating whether all data transfers to and from this
collection are always encrypted.
__New in v5.4.17__: If a mapped collection forces encryption, all
of its guest collections must as well. If this option is used on a
mapped collection, the value is propagated to its guest
collections.
OptionalReadonlyhigh_assurance?: boolean
Description
Flag indicating if this collection is created on a high assurance
Storage Gateway.
OptionalReadonlyhttps_url?: string
Description
HTTPS URL for the data on this collection.
OptionalReadonlyid?: string
Format: uuid
Description
Unique identifier for this collection. This is assigned
by the GCS manager when creating a collection.
Optionalidentity_id?: string
Format: uuid
Description
Globus Auth identity to who acts as the owner of this collection.
This identity is an administrator on the collection.
Optionalinfo_link?: null|string
Description
Link to a web page with more information about the collection
Optionalkeywords?: string[]
Description
List of search keywords for the
endpoint. Optional. Unicode string, max 1024
characters total across all strings.
OptionalReadonlymanager_url?: string
Description
URL of the GCS Manager API service for the endpoint hosting this
collection.
Optionalmapped_collection_id?: string
Format: uuid
Description
Unique ID of the Mapped Collection which this guest collection is
associated with. This is set on creation and may not be changed.
For a Guest Collection, this must be set, and policies related
sharing (allow_guest_collections, sharing_restrict_paths) will
always reflect the values in the Mapped Collection definition and
may not be changed on this Guest Collection.
Optionalorganization?: string
Description
Organization that runs the server(s) represented by the endpoint.
Optional to preserve backward compatibility, but will eventually be
required and all clients are encouraged to require users to specify
it. Unicode string, max 1024 characters, no new lines.
Flag indicating whether this collection is visible to other Globus
users.
OptionalReadonlyroot_path?: string
Description
Absolute root path of the collection. All data access
is done relative to this path. On a guest collection,
this value is only visible if the caller has an
administrator role on both the guest collection and the
mapped collection it is created on.
Optionalsharing_restrict_paths?: unknown
Description
Restrictions on which paths may be shared in guest collections related
to this mapped collection. On the mapped collection, these paths are
relative to the root_path property of the mapped collection. On a guest
collection, they are absolute paths from the storage root.
Optionalstorage_gateway_id?: string
Format: uuid
Description
Unique ID of the Storage Gateway which this collection provides
access to. This value can not change after the collection is
created.
OptionalReadonlytlsftp_url?: string
Description
TLSFTP URL for the data on this collection.
Optionaluser_credential_id?: string
Format: uuid
Description
The ID of the User Credential which is used to access data on this
collection. This credential must be owned by the collection's
identity_id.
Optionaluser_message?: null|string
Description
A message for clients to display to users when interacting with
this collection. For guest collections, this property is read-only
and is the same as the value of its related mapped collection. The
message may be up to 64 characters long.
Optionaluser_message_link?: null|string
Description
Link to additional messaging for clients to display to users
when interacting with this endpoint, linked to an
HTTP or HTTPS URL. For guest collections, this property is
read-only and is the same as the value of its related mapped
collection.
A collection consists of metadata about the collection, a DNS
domain for accessing data on the collection, and configuration on
the Data Transfer Nodes to access the collection data. Globus
Connect Server version 5 supports two types of collections:
mapped and guest.
Version 1.1.0 adds support for enabling or disabling https access for
individual collections, as well as the ability for collection
administrators to add an optional message and web link to be shown on
the Globus Web App when users visit the collection.
Version 1.2.0 adds the ability to enable or disable sharing by specific
users.
Version 1.3.0 add support for custom DNS domains on collections.
Version 1.4.0 allows optional multi-factor authentication requirements to
high assurance collections and the ability to require checksums when
transferring data on this collection.
Version 1.5.0 allows administrators to disable permissions that would allow
anonymous users to have write access to an endpoint.
Version 1.6.0 allows administrators of mapped collections to associate
policies that users accessing guest collections must meet beyond the
guest collection permissions.
Version 1.7.0 increases the maximum allowed length of the user_message
property.
Version 1.8.0 adds the delete_protected property. While it is set to true
on a mapped collection, the collection may not be deleted. As of GCS 5.4.69,
this is true by default.
Version 1.9.0 adds the read-only last_access and created_at properties.
Version 1.10.0 adds the acl_expiration_mins property to HA mapped collections.
Optionalacl_expiration_mins?: null|number
Description
Length of time that guest collection permissions are valid. Only settable on HA mapped collections and used by the guest collections attached to it. Set to null to delete any previously set value.
Optionalallow_guest_collections?: boolean
Description
Flag indicating if this Collection allows users to create guest
collections on it. This is always false if this is a guest
collection. If this is changed to false on a mapped collection with
associated guest collections, those collections will no longer be
accessible.
OptionalReadonlyauthentication_timeout_mins?: number
Description
Timeout (in minutes) during which a user is required to have
authenticated in a session to access this storage gateway.
collection_base_path: string
Description
Path to be interpreted as the base path when creating a new
collection. It is interpreted differently depending on the
collection type being created. For a mapped collection, this is an
absolute path on the storage system named by the
storage_gateway_id. For a guest collection, this is a relative
path relative to the value of the root_path attribute on the
mapped collection with the same Id as the mapped_collection_id
property. This may not be changed once the collection is created.
Support for `~` was added in API version 1.21.0.
collection_type: "mapped"|"guest"
Description
Type of collection. A mapped collection requires an account on
the system to access the administrator-defined collection. A
guest collection allows users to share access to their data on a
Storage Gateway by registering a credential with the GCS Manager.
OptionalReadonlyconnector_id?: string
Format: uuid
Description
Id of the connector type that is used by this collection.
Optionalcontact_email?: null|string
Description
Email address of the support contact for this collection. This is visible
to end users so that they may contact your organization for support.
Optionalcontact_info?: null|string
Description
Other non-email contact information for the collection, e.g. phone and
mailing address. This is visible to end users for support.
OptionalReadonlycreated_at?: null|string
Format: date
Description
Date on which this collection was created
DATA_TYPE: "collection#1.10.0"
Description
Type of this document
Default
collection#1.10.0 @enum {string}
Optionaldefault_directory?: string
Description
Default directory when accessing the collection. This may include
the special string $USER which is evaluated at access time to be
the connector-specific username accessing the data.
If the collection is mapped collection with a
**collection_base_path** value of `/`, this value can also begin
with the values `/~/` and `$HOME`, which are replaced by the user's
home directory, or `/` if the connector does not support the
concept of a home directory.
Optionaldelete_protected?: boolean
Description
If set to true, this collection can not be deleted. This property
is available only on mapped collections. As of GCS 5.4.69, this is
true by default.
OptionalReadonlydeleted?: boolean
Description
Flag indicating that this collection has been deleted
Optionaldepartment?: null|string
Description
Department within organization that runs the server(s).
Searchable. Optional. Unicode string, max 1024
characters, no new lines.
Optionaldescription?: null|string
Description
A description of the collection.
Optionaldisable_anonymous_writes?: boolean
Description
Flag indicating if guest collections on this mapped collection
allow anonymous write permissions or not. This flag is always true for high
assurance collections. For non-high assurance mapped collections, the
default value is false.
Optionaldisable_verify?: boolean
Description
Flag indicating that this endpoint does not support computing
checksums, needed for the verify_checksum option of transfer.
display_name: string
Description
Friendly name for the collection. Unicode string, max 128
characters, no new lines (\r or \n).
PEM-Encoded X.509 certificate chain for this domain. Only needed if
there are intermediate certificates that must also be sent to
clients to allow them to verify the certificate.
Optionalcertificate_chain_path?: null|string
Description
Path to a file containing the X.509 certificate chain for this
domain. This file path must contain a sequence of valid
certificate and be present on each data transfer node.
Optionalcertificate_path?: null|string
Description
Path to a file containing the X.509 certificate for this domain.
This file path must contain a valid certificate and be present on
each data transfer node.
DATA_TYPE: "domain#1.0.0"
Description
Type of this document
Default
domain#1.0.0 @enum {string}
domain_name: string
Description
Domain name
Optionalprivate_key?: null|string
Description
PEM-Encoded private key for the certificate
Optionalprivate_key_path?: null|string
Description
Path to a file containing the private key for this domain. This
file path must contain a valid key and be present on each data
transfer node.
wildcard: boolean
Description
Flag indicating whether this is a wildcard domain or not.
When setting a custom domain for a mapped collection, the domain
may optionally be a wildcard domain. If it is a wildcard domain,
the guest collections will be created as subdomains of the mapped
collection domain; if not, guest collections will be created as
subdomains of the endpoint domain.
Optionaldomain_name?: string
Description
DNS name of the virtual host serving this collection. For mapped
collections which do not have a custom domain, this may be specified as
part of the input document to create the collection, otherwise this is
a read-only property. When included in the input, the name is
restricted to be a subdomain of the endpoint, and the input name label
may not start with m- or g-.
Optionalenable_https?: boolean
Description
Boolean flag indicating whether this collection should support
HTTPS. This value can be set on mapped collections or guest
collections. However, it may not be set to true on a guest
collection if the value on the related mapped collection is false.
Optionalforce_encryption?: boolean
Description
Flag indicating whether all data transfers to and from this
collection are always encrypted.
__New in v5.4.17__: If a mapped collection forces encryption, all
of its guest collections must as well. If this option is used on a
mapped collection, the value is propagated to its guest
collections.
Optionalforce_verify?: boolean
Description
Flag indicating that this endpoint requires computing checksums,
needed for the verify_checksum option of transfer.
Optionalguest_auth_policy_id?: null|string
Format: uuid
Description
Authentication policy set on mapped collections and inherited by its
guest collections. During authorization, the authentication policy must
be satisfied before permissions are considered. Read-only on guest
collections. (Added in API 1.15.0)
OptionalReadonlyhigh_assurance?: boolean
Description
Flag indicating if this collection is created on a high assurance
Storage Gateway.
OptionalReadonlyhttps_url?: string
Description
HTTPS URL for the data on this collection.
OptionalReadonlyid?: string
Format: uuid
Description
Unique identifier for this collection. This is assigned
by the GCS manager when creating a collection.
Optionalidentity_id?: string
Format: uuid
Description
Globus Auth identity to who acts as the owner of this collection.
This identity is an administrator on the collection.
Optionalinfo_link?: null|string
Description
Link to a web page with more information about the collection
Optionalkeywords?: string[]
Description
List of search keywords for the
endpoint. Optional. Unicode string, max 1024
characters total across all strings.
OptionalReadonlylast_access?: null|string
Format: date
Description
Date on which this collection was last accessed
OptionalReadonlymanager_url?: string
Description
URL of the GCS Manager API service for the endpoint hosting this
collection.
Optionalmapped_collection_id?: string
Format: uuid
Description
Unique ID of the Mapped Collection which this guest collection is
associated with. This is set on creation and may not be changed.
For a Guest Collection, this must be set, and policies related
sharing (allow_guest_collections, sharing_restrict_paths) will
always reflect the values in the Mapped Collection definition and
may not be changed on this Guest Collection.
Optionalorganization?: string
Description
Organization that runs the server(s) represented by the endpoint.
Optional to preserve backward compatibility, but will eventually be
required and all clients are encouraged to require users to specify
it. Unicode string, max 1024 characters, no new lines.
Flag indicating whether this collection is visible to other Globus
users.
OptionalReadonlyrequire_mfa?: boolean
Description
Flag indicating if the storage_gateway requires multi-factor
authentication. Only applies to high assurance storage gateways.
OptionalReadonlyroot_path?: string
Description
Absolute root path of the collection. All data access
is done relative to this path. On a guest collection,
this value is only visible if the caller has an
administrator role on both the guest collection and the
mapped collection it is created on.
Optionalsharing_restrict_paths?: unknown
Description
Restrictions on which paths may be shared in guest collections related
to this mapped collection. On the mapped collection, these paths are
relative to the root_path property of the mapped collection. On a guest
collection, they are absolute paths from the storage root.
Optionalsharing_users_allow?: null|string[]
Description
List of connector-specific usernames allowed to create new guest
collections on this mapped collection.
Optionalsharing_users_deny?: null|string[]
Description
List of connector-specific usernames denied access to
create new guest collections on this mapped collection.
Optionalstorage_gateway_id?: string
Format: uuid
Description
Unique ID of the Storage Gateway which this collection provides
access to. This value can not change after the collection is
created.
OptionalReadonlytlsftp_url?: string
Description
TLSFTP URL for the data on this collection.
Optionaluser_credential_id?: string
Format: uuid
Description
The ID of the User Credential which is used to access data on this
collection. This credential must be owned by the collection's
identity_id.
Optionaluser_message?: null|string
Description
A message for clients to display to users when interacting with
this collection. For guest collections, this property is read-only
and is the same as the value of its related mapped collection. The
message may be up to 256 characters long.
Optionaluser_message_link?: null|string
Description
Link to additional messaging for clients to display to users
when interacting with this endpoint, linked to an
HTTP or HTTPS URL. For guest collections, this property is
read-only and is the same as the value of its related mapped
collection.
A collection consists of metadata about the collection, a DNS
domain for accessing data on the collection, and configuration on
the Data Transfer Nodes to access the collection data. Globus
Connect Server version 5 supports two types of collections:
mapped and guest.
Version 1.1.0 adds support for enabling or disabling https access for
individual collections, as well as the ability for collection
administrators to add an optional message and web link to be shown on
the Globus Web App when users visit the collection.
Version 1.2.0 adds the ability to enable or disable sharing by specific
users.
Version 1.3.0 add support for custom DNS domains on collections.
Version 1.4.0 allows optional multi-factor authentication requirements to
high assurance collections and the ability to require checksums when
transferring data on this collection.
Version 1.5.0 allows administrators to disable permissions that would allow
anonymous users to have write access to an endpoint.
Version 1.6.0 allows administrators of mapped collections to associate
policies that users accessing guest collections must meet beyond the
guest collection permissions.
Version 1.7.0 increases the maximum allowed length of the user_message
property.
Version 1.8.0 adds the delete_protected property. While it is set to true
on a mapped collection, the collection may not be deleted. As of GCS 5.4.69,
this is true by default.
Version 1.9.0 adds the read-only last_access and created_at properties.
Version 1.10.0 adds the acl_expiration_mins property to HA mapped collections.
Version 1.11.0 adds the acl_expiration_mins property to HA guest collection.
Optionalacl_expiration_mins?: null|number
Description
Length of time that guest collection permissions are valid. Only settable on HA guest collections and HA mapped collections and used by guest collections attached to it. When set on both the mapped and guest collections, the lesser value is in effect. Set to null to delete any previously set value.
Optionalallow_guest_collections?: boolean
Description
Flag indicating if this Collection allows users to create guest
collections on it. This is always false if this is a guest
collection. If this is changed to false on a mapped collection with
associated guest collections, those collections will no longer be
accessible.
OptionalReadonlyauthentication_timeout_mins?: number
Description
Timeout (in minutes) during which a user is required to have
authenticated in a session to access this storage gateway.
collection_base_path: string
Description
Path to be interpreted as the base path when creating a new
collection. It is interpreted differently depending on the
collection type being created. For a mapped collection, this is an
absolute path on the storage system named by the
storage_gateway_id. For a guest collection, this is a relative
path relative to the value of the root_path attribute on the
mapped collection with the same Id as the mapped_collection_id
property. This may not be changed once the collection is created.
Support for `~` was added in API version 1.21.0.
collection_type: "mapped"|"guest"
Description
Type of collection. A mapped collection requires an account on
the system to access the administrator-defined collection. A
guest collection allows users to share access to their data on a
Storage Gateway by registering a credential with the GCS Manager.
OptionalReadonlyconnector_id?: string
Format: uuid
Description
Id of the connector type that is used by this collection.
Optionalcontact_email?: null|string
Description
Email address of the support contact for this collection. This is visible
to end users so that they may contact your organization for support.
Optionalcontact_info?: null|string
Description
Other non-email contact information for the collection, e.g. phone and
mailing address. This is visible to end users for support.
OptionalReadonlycreated_at?: null|string
Format: date
Description
Date on which this collection was created
DATA_TYPE: "collection#1.11.0"
Description
Type of this document
Default
collection#1.11.0 @enum {string}
Optionaldefault_directory?: string
Description
Default directory when accessing the collection. This may include
the special string $USER which is evaluated at access time to be
the connector-specific username accessing the data.
If the collection is mapped collection with a
**collection_base_path** value of `/`, this value can also begin
with the values `/~/` and `$HOME`, which are replaced by the user's
home directory, or `/` if the connector does not support the
concept of a home directory.
Optionaldelete_protected?: boolean
Description
If set to true, this collection can not be deleted. This property
is available only on mapped collections. As of GCS 5.4.69, this is
true by default.
OptionalReadonlydeleted?: boolean
Description
Flag indicating that this collection has been deleted
Optionaldepartment?: null|string
Description
Department within organization that runs the server(s).
Searchable. Optional. Unicode string, max 1024
characters, no new lines.
Optionaldescription?: null|string
Description
A description of the collection.
Optionaldisable_anonymous_writes?: boolean
Description
Flag indicating if guest collections on this mapped collection
allow anonymous write permissions or not. This flag is always true for high
assurance collections. For non-high assurance mapped collections, the
default value is false.
Optionaldisable_verify?: boolean
Description
Flag indicating that this endpoint does not support computing
checksums, needed for the verify_checksum option of transfer.
display_name: string
Description
Friendly name for the collection. Unicode string, max 128
characters, no new lines (\r or \n).
PEM-Encoded X.509 certificate chain for this domain. Only needed if
there are intermediate certificates that must also be sent to
clients to allow them to verify the certificate.
Optionalcertificate_chain_path?: null|string
Description
Path to a file containing the X.509 certificate chain for this
domain. This file path must contain a sequence of valid
certificate and be present on each data transfer node.
Optionalcertificate_path?: null|string
Description
Path to a file containing the X.509 certificate for this domain.
This file path must contain a valid certificate and be present on
each data transfer node.
DATA_TYPE: "domain#1.0.0"
Description
Type of this document
Default
domain#1.0.0 @enum {string}
domain_name: string
Description
Domain name
Optionalprivate_key?: null|string
Description
PEM-Encoded private key for the certificate
Optionalprivate_key_path?: null|string
Description
Path to a file containing the private key for this domain. This
file path must contain a valid key and be present on each data
transfer node.
wildcard: boolean
Description
Flag indicating whether this is a wildcard domain or not.
When setting a custom domain for a mapped collection, the domain
may optionally be a wildcard domain. If it is a wildcard domain,
the guest collections will be created as subdomains of the mapped
collection domain; if not, guest collections will be created as
subdomains of the endpoint domain.
Optionaldomain_name?: string
Description
DNS name of the virtual host serving this collection. For mapped
collections which do not have a custom domain, this may be specified as
part of the input document to create the collection, otherwise this is
a read-only property. When included in the input, the name is
restricted to be a subdomain of the endpoint, and the input name label
may not start with m- or g-.
Optionalenable_https?: boolean
Description
Boolean flag indicating whether this collection should support
HTTPS. This value can be set on mapped collections or guest
collections. However, it may not be set to true on a guest
collection if the value on the related mapped collection is false.
Optionalforce_encryption?: boolean
Description
Flag indicating whether all data transfers to and from this
collection are always encrypted.
__New in v5.4.17__: If a mapped collection forces encryption, all
of its guest collections must as well. If this option is used on a
mapped collection, the value is propagated to its guest
collections.
Optionalforce_verify?: boolean
Description
Flag indicating that this endpoint requires computing checksums,
needed for the verify_checksum option of transfer.
Optionalguest_auth_policy_id?: null|string
Format: uuid
Description
Authentication policy set on mapped collections and inherited by its
guest collections. During authorization, the authentication policy must
be satisfied before permissions are considered. Read-only on guest
collections. (Added in API 1.15.0)
OptionalReadonlyhigh_assurance?: boolean
Description
Flag indicating if this collection is created on a high assurance
Storage Gateway.
OptionalReadonlyhttps_url?: string
Description
HTTPS URL for the data on this collection.
OptionalReadonlyid?: string
Format: uuid
Description
Unique identifier for this collection. This is assigned
by the GCS manager when creating a collection.
Optionalidentity_id?: string
Format: uuid
Description
Globus Auth identity to who acts as the owner of this collection.
This identity is an administrator on the collection.
Optionalinfo_link?: null|string
Description
Link to a web page with more information about the collection
Optionalkeywords?: string[]
Description
List of search keywords for the
endpoint. Optional. Unicode string, max 1024
characters total across all strings.
OptionalReadonlylast_access?: null|string
Format: date
Description
Date on which this collection was last accessed
OptionalReadonlymanager_url?: string
Description
URL of the GCS Manager API service for the endpoint hosting this
collection.
Optionalmapped_collection_id?: string
Format: uuid
Description
Unique ID of the Mapped Collection which this guest collection is
associated with. This is set on creation and may not be changed.
For a Guest Collection, this must be set, and policies related
sharing (allow_guest_collections, sharing_restrict_paths) will
always reflect the values in the Mapped Collection definition and
may not be changed on this Guest Collection.
Optionalorganization?: string
Description
Organization that runs the server(s) represented by the endpoint.
Optional to preserve backward compatibility, but will eventually be
required and all clients are encouraged to require users to specify
it. Unicode string, max 1024 characters, no new lines.
Flag indicating whether this collection is visible to other Globus
users.
OptionalReadonlyrequire_mfa?: boolean
Description
Flag indicating if the storage_gateway requires multi-factor
authentication. Only applies to high assurance storage gateways.
OptionalReadonlyroot_path?: string
Description
Absolute root path of the collection. All data access
is done relative to this path. On a guest collection,
this value is only visible if the caller has an
administrator role on both the guest collection and the
mapped collection it is created on.
Optionalsharing_restrict_paths?: unknown
Description
Restrictions on which paths may be shared in guest collections related
to this mapped collection. On the mapped collection, these paths are
relative to the root_path property of the mapped collection. On a guest
collection, they are absolute paths from the storage root.
Optionalsharing_users_allow?: null|string[]
Description
List of connector-specific usernames allowed to create new guest
collections on this mapped collection.
Optionalsharing_users_deny?: null|string[]
Description
List of connector-specific usernames denied access to
create new guest collections on this mapped collection.
Optionalstorage_gateway_id?: string
Format: uuid
Description
Unique ID of the Storage Gateway which this collection provides
access to. This value can not change after the collection is
created.
OptionalReadonlytlsftp_url?: string
Description
TLSFTP URL for the data on this collection.
Optionaluser_credential_id?: string
Format: uuid
Description
The ID of the User Credential which is used to access data on this
collection. This credential must be owned by the collection's
identity_id.
Optionaluser_message?: null|string
Description
A message for clients to display to users when interacting with
this collection. For guest collections, this property is read-only
and is the same as the value of its related mapped collection. The
message may be up to 256 characters long.
Optionaluser_message_link?: null|string
Description
Link to additional messaging for clients to display to users
when interacting with this endpoint, linked to an
HTTP or HTTPS URL. For guest collections, this property is
read-only and is the same as the value of its related mapped
collection.
A collection consists of metadata about the collection, a DNS
domain for accessing data on the collection, and configuration on
the Data Transfer Nodes to access the collection data. Globus
Connect Server version 5 supports two types of collections:
mapped and guest.
Version 1.1.0 adds support for enabling or disabling https access for
individual collections, as well as the ability for collection
administrators to add an optional message and web link to be shown on
the Globus Web App when users visit the collection.
Version 1.2.0 adds the ability to enable or disable sharing by specific
users.
Version 1.3.0 add support for custom DNS domains on collections.
Version 1.4.0 allows optional multi-factor authentication requirements to
high assurance collections and the ability to require checksums when
transferring data on this collection.
Version 1.5.0 allows administrators to disable permissions that would allow
anonymous users to have write access to an endpoint.
Version 1.6.0 allows administrators of mapped collections to associate
policies that users accessing guest collections must meet beyond the
guest collection permissions.
Version 1.7.0 increases the maximum allowed length of the user_message
property.
Version 1.8.0 adds the delete_protected property. While it is set to true
on a mapped collection, the collection may not be deleted. As of GCS 5.4.69,
this is true by default.
Version 1.9.0 adds the read-only last_access and created_at properties.
Version 1.10.0 adds the acl_expiration_mins property to HA mapped collections.
Version 1.11.0 adds the acl_expiration_mins property to HA guest collection.
Version 1.12.0 adds the restrict_transfers_to_high_assurance property to HA
collections.
Optionalacl_expiration_mins?: null|number
Description
Length of time that guest collection permissions are valid. Only settable on HA guest collections and HA mapped collections and used by guest collections attached to it. When set on both the mapped and guest collections, the lesser value is in effect. Set to null to delete any previously set value.
Optionalallow_guest_collections?: boolean
Description
Flag indicating if this Collection allows users to create guest
collections on it. This is always false if this is a guest
collection. If this is changed to false on a mapped collection with
associated guest collections, those collections will no longer be
accessible.
OptionalReadonlyauthentication_timeout_mins?: number
Description
Timeout (in minutes) during which a user is required to have
authenticated in a session to access this storage gateway.
collection_base_path: string
Description
Path to be interpreted as the base path when creating a new
collection. It is interpreted differently depending on the
collection type being created. For a mapped collection, this is an
absolute path on the storage system named by the
storage_gateway_id. For a guest collection, this is a relative
path relative to the value of the root_path attribute on the
mapped collection with the same Id as the mapped_collection_id
property. This may not be changed once the collection is created.
Support for `~` was added in API version 1.21.0.
collection_type: "mapped"|"guest"
Description
Type of collection. A mapped collection requires an account on
the system to access the administrator-defined collection. A
guest collection allows users to share access to their data on a
Storage Gateway by registering a credential with the GCS Manager.
OptionalReadonlyconnector_id?: string
Format: uuid
Description
Id of the connector type that is used by this collection.
Optionalcontact_email?: null|string
Description
Email address of the support contact for this collection. This is visible
to end users so that they may contact your organization for support.
Optionalcontact_info?: null|string
Description
Other non-email contact information for the collection, e.g. phone and
mailing address. This is visible to end users for support.
OptionalReadonlycreated_at?: null|string
Format: date
Description
Date on which this collection was created
DATA_TYPE: "collection#1.12.0"
Description
Type of this document
Default
collection#1.12.0 @enum {string}
Optionaldefault_directory?: string
Description
Default directory when accessing the collection. This may include
the special string $USER which is evaluated at access time to be
the connector-specific username accessing the data.
If the collection is mapped collection with a
**collection_base_path** value of `/`, this value can also begin
with the values `/~/` and `$HOME`, which are replaced by the user's
home directory, or `/` if the connector does not support the
concept of a home directory.
Optionaldelete_protected?: boolean
Description
If set to true, this collection can not be deleted. This property
is available only on mapped collections. As of GCS 5.4.69, this is
true by default.
OptionalReadonlydeleted?: boolean
Description
Flag indicating that this collection has been deleted
Optionaldepartment?: null|string
Description
Department within organization that runs the server(s).
Searchable. Optional. Unicode string, max 1024
characters, no new lines.
Optionaldescription?: null|string
Description
A description of the collection.
Optionaldisable_anonymous_writes?: boolean
Description
Flag indicating if guest collections on this mapped collection
allow anonymous write permissions or not. This flag is always true for high
assurance collections. For non-high assurance mapped collections, the
default value is false.
Optionaldisable_verify?: boolean
Description
Flag indicating that this endpoint does not support computing
checksums, needed for the verify_checksum option of transfer.
display_name: string
Description
Friendly name for the collection. Unicode string, max 128
characters, no new lines (\r or \n).
PEM-Encoded X.509 certificate chain for this domain. Only needed if
there are intermediate certificates that must also be sent to
clients to allow them to verify the certificate.
Optionalcertificate_chain_path?: null|string
Description
Path to a file containing the X.509 certificate chain for this
domain. This file path must contain a sequence of valid
certificate and be present on each data transfer node.
Optionalcertificate_path?: null|string
Description
Path to a file containing the X.509 certificate for this domain.
This file path must contain a valid certificate and be present on
each data transfer node.
DATA_TYPE: "domain#1.0.0"
Description
Type of this document
Default
domain#1.0.0 @enum {string}
domain_name: string
Description
Domain name
Optionalprivate_key?: null|string
Description
PEM-Encoded private key for the certificate
Optionalprivate_key_path?: null|string
Description
Path to a file containing the private key for this domain. This
file path must contain a valid key and be present on each data
transfer node.
wildcard: boolean
Description
Flag indicating whether this is a wildcard domain or not.
When setting a custom domain for a mapped collection, the domain
may optionally be a wildcard domain. If it is a wildcard domain,
the guest collections will be created as subdomains of the mapped
collection domain; if not, guest collections will be created as
subdomains of the endpoint domain.
Optionaldomain_name?: string
Description
DNS name of the virtual host serving this collection. For mapped
collections which do not have a custom domain, this may be specified as
part of the input document to create the collection, otherwise this is
a read-only property. When included in the input, the name is
restricted to be a subdomain of the endpoint, and the input name label
may not start with m- or g-.
Optionalenable_https?: boolean
Description
Boolean flag indicating whether this collection should support
HTTPS. This value can be set on mapped collections or guest
collections. However, it may not be set to true on a guest
collection if the value on the related mapped collection is false.
Optionalforce_encryption?: boolean
Description
Flag indicating whether all data transfers to and from this
collection are always encrypted.
__New in v5.4.17__: If a mapped collection forces encryption, all
of its guest collections must as well. If this option is used on a
mapped collection, the value is propagated to its guest
collections.
Optionalforce_verify?: boolean
Description
Flag indicating that this endpoint requires computing checksums,
needed for the verify_checksum option of transfer.
Optionalguest_auth_policy_id?: null|string
Format: uuid
Description
Authentication policy set on mapped collections and inherited by its
guest collections. During authorization, the authentication policy must
be satisfied before permissions are considered. Read-only on guest
collections. (Added in API 1.15.0)
OptionalReadonlyhigh_assurance?: boolean
Description
Flag indicating if this collection is created on a high assurance
Storage Gateway.
OptionalReadonlyhttps_url?: string
Description
HTTPS URL for the data on this collection.
OptionalReadonlyid?: string
Format: uuid
Description
Unique identifier for this collection. This is assigned
by the GCS manager when creating a collection.
Optionalidentity_id?: string
Format: uuid
Description
Globus Auth identity to who acts as the owner of this collection.
This identity is an administrator on the collection.
Optionalinfo_link?: null|string
Description
Link to a web page with more information about the collection
Optionalkeywords?: string[]
Description
List of search keywords for the
endpoint. Optional. Unicode string, max 1024
characters total across all strings.
OptionalReadonlylast_access?: null|string
Format: date
Description
Date on which this collection was last accessed
OptionalReadonlymanager_url?: string
Description
URL of the GCS Manager API service for the endpoint hosting this
collection.
Optionalmapped_collection_id?: string
Format: uuid
Description
Unique ID of the Mapped Collection which this guest collection is
associated with. This is set on creation and may not be changed.
For a Guest Collection, this must be set, and policies related
sharing (allow_guest_collections, sharing_restrict_paths) will
always reflect the values in the Mapped Collection definition and
may not be changed on this Guest Collection.
Optionalorganization?: string
Description
Organization that runs the server(s) represented by the endpoint.
Optional to preserve backward compatibility, but will eventually be
required and all clients are encouraged to require users to specify
it. Unicode string, max 1024 characters, no new lines.
Flag indicating whether all data transfers to and from this
collection require the remote collection be HA. This can only be
assigned on high assurance mapped collections. High assurance
guest collections inherit the restriction from their associated
mapped collections. This may be set to null to disable this feature.
If a restriction is in place for a collection, then HTTPS access to
it is disabled.
OptionalReadonlyroot_path?: string
Description
Absolute root path of the collection. All data access
is done relative to this path. On a guest collection,
this value is only visible if the caller has an
administrator role on both the guest collection and the
mapped collection it is created on.
Optionalsharing_restrict_paths?: unknown
Description
Restrictions on which paths may be shared in guest collections related
to this mapped collection. On the mapped collection, these paths are
relative to the root_path property of the mapped collection. On a guest
collection, they are absolute paths from the storage root.
Optionalsharing_users_allow?: null|string[]
Description
List of connector-specific usernames allowed to create new guest
collections on this mapped collection.
Optionalsharing_users_deny?: null|string[]
Description
List of connector-specific usernames denied access to
create new guest collections on this mapped collection.
Optionalstorage_gateway_id?: string
Format: uuid
Description
Unique ID of the Storage Gateway which this collection provides
access to. This value can not change after the collection is
created.
OptionalReadonlytlsftp_url?: string
Description
TLSFTP URL for the data on this collection.
Optionaluser_credential_id?: string
Format: uuid
Description
The ID of the User Credential which is used to access data on this
collection. This credential must be owned by the collection's
identity_id.
Optionaluser_message?: null|string
Description
A message for clients to display to users when interacting with
this collection. For guest collections, this property is read-only
and is the same as the value of its related mapped collection. The
message may be up to 256 characters long.
Optionaluser_message_link?: null|string
Description
Link to additional messaging for clients to display to users
when interacting with this endpoint, linked to an
HTTP or HTTPS URL. For guest collections, this property is
read-only and is the same as the value of its related mapped
collection.
A collection consists of metadata about the collection, a DNS
domain for accessing data on the collection, and configuration on
the Data Transfer Nodes to access the collection data. Globus
Connect Server version 5 supports two types of collections:
mapped and guest.
Version 1.1.0 adds support for enabling or disabling https access for
individual collections, as well as the ability for collection
administrators to add an optional message and web link to be shown on
the Globus Web App when users visit the collection.
Version 1.2.0 adds the ability to enable or disable sharing by specific
users.
Version 1.3.0 add support for custom DNS domains on collections.
Version 1.4.0 allows optional multi-factor authentication requirements to
high assurance collections and the ability to require checksums when
transferring data on this collection.
Version 1.5.0 allows administrators to disable permissions that would allow
anonymous users to have write access to an endpoint.
Version 1.6.0 allows administrators of mapped collections to associate
policies that users accessing guest collections must meet beyond the
guest collection permissions.
Version 1.7.0 increases the maximum allowed length of the user_message
property.
Version 1.8.0 adds the delete_protected property. While it is set to true
on a mapped collection, the collection may not be deleted. As of GCS 5.4.69,
this is true by default.
Version 1.9.0 adds the read-only last_access and created_at properties.
Version 1.10.0 adds the acl_expiration_mins property to HA mapped collections.
Version 1.11.0 adds the acl_expiration_mins property to HA guest collection.
Version 1.12.0 adds the restrict_transfers_to_high_assurance property to HA
collections.
Version 1.13.0 adds the auto_delete_timeout property to mapped collections
and the skip_auto_delete property to guest collections.
Optionalacl_expiration_mins?: null|number
Description
Length of time that guest collection permissions are valid. Only settable on HA guest collections and HA mapped collections and used by guest collections attached to it. When set on both the mapped and guest collections, the lesser value is in effect. Set to null to delete any previously set value.
Optionalallow_guest_collections?: boolean
Description
Flag indicating if this Collection allows users to create guest
collections on it. This is always false if this is a guest
collection. If this is changed to false on a mapped collection with
associated guest collections, those collections will no longer be
accessible.
OptionalReadonlyauthentication_timeout_mins?: number
Description
Timeout (in minutes) during which a user is required to have
authenticated in a session to access this storage gateway.
Optionalauto_delete_timeout?: null|number
Description
Number of days before unused guest collections will be automatically
deleted. Only settable on mapped collections. Values must be an integer
greater than 0. Set to null to disable automatic guest collection deletion
for the mapped collection. Defaults to disabled.
collection_base_path: string
Description
Path to be interpreted as the base path when creating a new
collection. It is interpreted differently depending on the
collection type being created. For a mapped collection, this is an
absolute path on the storage system named by the
storage_gateway_id. For a guest collection, this is a relative
path relative to the value of the root_path attribute on the
mapped collection with the same Id as the mapped_collection_id
property. This may not be changed once the collection is created.
Support for `~` was added in API version 1.21.0.
collection_type: "mapped"|"guest"
Description
Type of collection. A mapped collection requires an account on
the system to access the administrator-defined collection. A
guest collection allows users to share access to their data on a
Storage Gateway by registering a credential with the GCS Manager.
OptionalReadonlyconnector_id?: string
Format: uuid
Description
Id of the connector type that is used by this collection.
Optionalcontact_email?: null|string
Description
Email address of the support contact for this collection. This is visible
to end users so that they may contact your organization for support.
Optionalcontact_info?: null|string
Description
Other non-email contact information for the collection, e.g. phone and
mailing address. This is visible to end users for support.
OptionalReadonlycreated_at?: null|string
Format: date
Description
Date on which this collection was created
DATA_TYPE: "collection#1.13.0"
Description
Type of this document
Default
collection#1.13.0 @enum {string}
Optionaldefault_directory?: string
Description
Default directory when accessing the collection. This may include
the special string $USER which is evaluated at access time to be
the connector-specific username accessing the data.
If the collection is mapped collection with a
**collection_base_path** value of `/`, this value can also begin
with the values `/~/` and `$HOME`, which are replaced by the user's
home directory, or `/` if the connector does not support the
concept of a home directory.
Optionaldelete_protected?: boolean
Description
If set to true, this collection can not be deleted. This property
is available only on mapped collections. As of GCS 5.4.69, this is
true by default.
OptionalReadonlydeleted?: boolean
Description
Flag indicating that this collection has been deleted
Optionaldepartment?: null|string
Description
Department within organization that runs the server(s).
Searchable. Optional. Unicode string, max 1024
characters, no new lines.
Optionaldescription?: null|string
Description
A description of the collection.
Optionaldisable_anonymous_writes?: boolean
Description
Flag indicating if guest collections on this mapped collection
allow anonymous write permissions or not. This flag is always true for high
assurance collections. For non-high assurance mapped collections, the
default value is false.
Optionaldisable_verify?: boolean
Description
Flag indicating that this endpoint does not support computing
checksums, needed for the verify_checksum option of transfer.
display_name: string
Description
Friendly name for the collection. Unicode string, max 128
characters, no new lines (\r or \n).
PEM-Encoded X.509 certificate chain for this domain. Only needed if
there are intermediate certificates that must also be sent to
clients to allow them to verify the certificate.
Optionalcertificate_chain_path?: null|string
Description
Path to a file containing the X.509 certificate chain for this
domain. This file path must contain a sequence of valid
certificate and be present on each data transfer node.
Optionalcertificate_path?: null|string
Description
Path to a file containing the X.509 certificate for this domain.
This file path must contain a valid certificate and be present on
each data transfer node.
DATA_TYPE: "domain#1.0.0"
Description
Type of this document
Default
domain#1.0.0 @enum {string}
domain_name: string
Description
Domain name
Optionalprivate_key?: null|string
Description
PEM-Encoded private key for the certificate
Optionalprivate_key_path?: null|string
Description
Path to a file containing the private key for this domain. This
file path must contain a valid key and be present on each data
transfer node.
wildcard: boolean
Description
Flag indicating whether this is a wildcard domain or not.
When setting a custom domain for a mapped collection, the domain
may optionally be a wildcard domain. If it is a wildcard domain,
the guest collections will be created as subdomains of the mapped
collection domain; if not, guest collections will be created as
subdomains of the endpoint domain.
Optionaldomain_name?: string
Description
DNS name of the virtual host serving this collection. For mapped
collections which do not have a custom domain, this may be specified as
part of the input document to create the collection, otherwise this is
a read-only property. When included in the input, the name is
restricted to be a subdomain of the endpoint, and the input name label
may not start with m- or g-.
Optionalenable_https?: boolean
Description
Boolean flag indicating whether this collection should support
HTTPS. This value can be set on mapped collections or guest
collections. However, it may not be set to true on a guest
collection if the value on the related mapped collection is false.
Optionalforce_encryption?: boolean
Description
Flag indicating whether all data transfers to and from this
collection are always encrypted.
__New in v5.4.17__: If a mapped collection forces encryption, all
of its guest collections must as well. If this option is used on a
mapped collection, the value is propagated to its guest
collections.
Optionalforce_verify?: boolean
Description
Flag indicating that this endpoint requires computing checksums,
needed for the verify_checksum option of transfer.
Optionalguest_auth_policy_id?: null|string
Format: uuid
Description
Authentication policy set on mapped collections and inherited by its
guest collections. During authorization, the authentication policy must
be satisfied before permissions are considered. Read-only on guest
collections. (Added in API 1.15.0)
OptionalReadonlyhigh_assurance?: boolean
Description
Flag indicating if this collection is created on a high assurance
Storage Gateway.
OptionalReadonlyhttps_url?: string
Description
HTTPS URL for the data on this collection.
OptionalReadonlyid?: string
Format: uuid
Description
Unique identifier for this collection. This is assigned
by the GCS manager when creating a collection.
Optionalidentity_id?: string
Format: uuid
Description
Globus Auth identity to who acts as the owner of this collection.
This identity is an administrator on the collection.
Optionalinfo_link?: null|string
Description
Link to a web page with more information about the collection
Optionalkeywords?: string[]
Description
List of search keywords for the
endpoint. Optional. Unicode string, max 1024
characters total across all strings.
OptionalReadonlylast_access?: null|string
Format: date
Description
Date on which this collection was last accessed
OptionalReadonlymanager_url?: string
Description
URL of the GCS Manager API service for the endpoint hosting this
collection.
Optionalmapped_collection_id?: string
Format: uuid
Description
Unique ID of the Mapped Collection which this guest collection is
associated with. This is set on creation and may not be changed.
For a Guest Collection, this must be set, and policies related
sharing (allow_guest_collections, sharing_restrict_paths) will
always reflect the values in the Mapped Collection definition and
may not be changed on this Guest Collection.
Optionalorganization?: string
Description
Organization that runs the server(s) represented by the endpoint.
Optional to preserve backward compatibility, but will eventually be
required and all clients are encouraged to require users to specify
it. Unicode string, max 1024 characters, no new lines.
Flag indicating whether all data transfers to and from this
collection require the remote collection be HA. This can only be
assigned on high assurance mapped collections. High assurance
guest collections inherit the restriction from their associated
mapped collections. This may be set to null to disable this feature.
If a restriction is in place for a collection, then HTTPS access to
it is disabled.
OptionalReadonlyroot_path?: string
Description
Absolute root path of the collection. All data access
is done relative to this path. On a guest collection,
this value is only visible if the caller has an
administrator role on both the guest collection and the
mapped collection it is created on.
Optionalsharing_restrict_paths?: unknown
Description
Restrictions on which paths may be shared in guest collections related
to this mapped collection. On the mapped collection, these paths are
relative to the root_path property of the mapped collection. On a guest
collection, they are absolute paths from the storage root.
Optionalsharing_users_allow?: null|string[]
Description
List of connector-specific usernames allowed to create new guest
collections on this mapped collection.
Optionalsharing_users_deny?: null|string[]
Description
List of connector-specific usernames denied access to
create new guest collections on this mapped collection.
Optionalskip_auto_delete?: boolean
Description
Flag indicating whether the guest collection is subject to automatic
deletion if auto_delete_timeout is set on its mapped collection. Only
settable on guest collections. Defaults to false.
Optionalstorage_gateway_id?: string
Format: uuid
Description
Unique ID of the Storage Gateway which this collection provides
access to. This value can not change after the collection is
created.
OptionalReadonlytlsftp_url?: string
Description
TLSFTP URL for the data on this collection.
Optionaluser_credential_id?: string
Format: uuid
Description
The ID of the User Credential which is used to access data on this
collection. This credential must be owned by the collection's
identity_id.
Optionaluser_message?: null|string
Description
A message for clients to display to users when interacting with
this collection. For guest collections, this property is read-only
and is the same as the value of its related mapped collection. The
message may be up to 256 characters long.
Optionaluser_message_link?: null|string
Description
Link to additional messaging for clients to display to users
when interacting with this endpoint, linked to an
HTTP or HTTPS URL. For guest collections, this property is
read-only and is the same as the value of its related mapped
collection.
A collection consists of metadata about the collection, a DNS
domain for accessing data on the collection, and configuration on
the Data Transfer Nodes to access the collection data. Globus
Connect Server version 5 supports two types of collections:
mapped and guest.
Version 1.1.0 adds support for enabling or disabling https access for
individual collections, as well as the ability for collection
administrators to add an optional message and web link to be shown on
the Globus Web App when users visit the collection.
Version 1.2.0 adds the ability to enable or disable sharing by specific
users.
Version 1.3.0 add support for custom DNS domains on collections.
Version 1.4.0 allows optional multi-factor authentication requirements to
high assurance collections and the ability to require checksums when
transferring data on this collection.
Version 1.5.0 allows administrators to disable permissions that would allow
anonymous users to have write access to an endpoint.
Version 1.6.0 allows administrators of mapped collections to associate
policies that users accessing guest collections must meet beyond the
guest collection permissions.
Version 1.7.0 increases the maximum allowed length of the user_message
property.
Version 1.8.0 adds the delete_protected property. While it is set to true
on a mapped collection, the collection may not be deleted. As of GCS 5.4.69,
this is true by default.
Version 1.9.0 adds the read-only last_access and created_at properties.
Version 1.10.0 adds the acl_expiration_mins property to HA mapped collections.
Version 1.11.0 adds the acl_expiration_mins property to HA guest collection.
Version 1.12.0 adds the restrict_transfers_to_high_assurance property to HA
collections.
Version 1.13.0 adds the auto_delete_timeout property to mapped collections
and the skip_auto_delete property to guest collections.
Version 1.14.0 adds the subscription_admin_verified property to collections
and activity_notification_policy to guest collections.
Optionalacl_expiration_mins?: null|number
Description
Length of time that guest collection permissions are valid. Only settable on HA guest collections and HA mapped collections and used by guest collections attached to it. When set on both the mapped and guest collections, the lesser value is in effect. Set to null to delete any previously set value.
Flag indicating if this Collection allows users to create guest
collections on it. This is always false if this is a guest
collection. If this is changed to false on a mapped collection with
associated guest collections, those collections will no longer be
accessible.
OptionalReadonlyauthentication_timeout_mins?: number
Description
Timeout (in minutes) during which a user is required to have
authenticated in a session to access this storage gateway.
Optionalauto_delete_timeout?: null|number
Description
Number of days before unused guest collections will be automatically
deleted. Only settable on mapped collections. Values must be an integer
greater than 0. Set to null to disable automatic guest collection deletion
for the mapped collection. Defaults to disabled.
collection_base_path: string
Description
Path to be interpreted as the base path when creating a new
collection. It is interpreted differently depending on the
collection type being created. For a mapped collection, this is an
absolute path on the storage system named by the
storage_gateway_id. For a guest collection, this is a relative
path relative to the value of the root_path attribute on the
mapped collection with the same Id as the mapped_collection_id
property. This may not be changed once the collection is created.
Support for `~` was added in API version 1.21.0.
collection_type: "mapped"|"guest"
Description
Type of collection. A mapped collection requires an account on
the system to access the administrator-defined collection. A
guest collection allows users to share access to their data on a
Storage Gateway by registering a credential with the GCS Manager.
OptionalReadonlyconnector_id?: string
Format: uuid
Description
Id of the connector type that is used by this collection.
Optionalcontact_email?: null|string
Description
Email address of the support contact for this collection. This is visible
to end users so that they may contact your organization for support.
Optionalcontact_info?: null|string
Description
Other non-email contact information for the collection, e.g. phone and
mailing address. This is visible to end users for support.
OptionalReadonlycreated_at?: null|string
Format: date
Description
Date on which this collection was created
DATA_TYPE: "collection#1.14.0"
Description
Type of this document
Default
collection#1.14.0 @enum {string}
Optionaldefault_directory?: string
Description
Default directory when accessing the collection. This may include
the special string $USER which is evaluated at access time to be
the connector-specific username accessing the data.
If the collection is mapped collection with a
**collection_base_path** value of `/`, this value can also begin
with the values `/~/` and `$HOME`, which are replaced by the user's
home directory, or `/` if the connector does not support the
concept of a home directory.
Optionaldelete_protected?: boolean
Description
If set to true, this collection can not be deleted. This property
is available only on mapped collections. As of GCS 5.4.69, this is
true by default.
OptionalReadonlydeleted?: boolean
Description
Flag indicating that this collection has been deleted
Optionaldepartment?: null|string
Description
Department within organization that runs the server(s).
Searchable. Optional. Unicode string, max 1024
characters, no new lines.
Optionaldescription?: null|string
Description
A description of the collection.
Optionaldisable_anonymous_writes?: boolean
Description
Flag indicating if guest collections on this mapped collection
allow anonymous write permissions or not. This flag is always true for high
assurance collections. For non-high assurance mapped collections, the
default value is false.
Optionaldisable_verify?: boolean
Description
Flag indicating that this endpoint does not support computing
checksums, needed for the verify_checksum option of transfer.
display_name: string
Description
Friendly name for the collection. Unicode string, max 128
characters, no new lines (\r or \n).
PEM-Encoded X.509 certificate chain for this domain. Only needed if
there are intermediate certificates that must also be sent to
clients to allow them to verify the certificate.
Optionalcertificate_chain_path?: null|string
Description
Path to a file containing the X.509 certificate chain for this
domain. This file path must contain a sequence of valid
certificate and be present on each data transfer node.
Optionalcertificate_path?: null|string
Description
Path to a file containing the X.509 certificate for this domain.
This file path must contain a valid certificate and be present on
each data transfer node.
DATA_TYPE: "domain#1.0.0"
Description
Type of this document
Default
domain#1.0.0 @enum {string}
domain_name: string
Description
Domain name
Optionalprivate_key?: null|string
Description
PEM-Encoded private key for the certificate
Optionalprivate_key_path?: null|string
Description
Path to a file containing the private key for this domain. This
file path must contain a valid key and be present on each data
transfer node.
wildcard: boolean
Description
Flag indicating whether this is a wildcard domain or not.
When setting a custom domain for a mapped collection, the domain
may optionally be a wildcard domain. If it is a wildcard domain,
the guest collections will be created as subdomains of the mapped
collection domain; if not, guest collections will be created as
subdomains of the endpoint domain.
Optionaldomain_name?: string
Description
DNS name of the virtual host serving this collection. For mapped
collections which do not have a custom domain, this may be specified as
part of the input document to create the collection, otherwise this is
a read-only property. When included in the input, the name is
restricted to be a subdomain of the endpoint, and the input name label
may not start with m- or g-.
Optionalenable_https?: boolean
Description
Boolean flag indicating whether this collection should support
HTTPS. This value can be set on mapped collections or guest
collections. However, it may not be set to true on a guest
collection if the value on the related mapped collection is false.
Optionalforce_encryption?: boolean
Description
Flag indicating whether all data transfers to and from this
collection are always encrypted.
__New in v5.4.17__: If a mapped collection forces encryption, all
of its guest collections must as well. If this option is used on a
mapped collection, the value is propagated to its guest
collections.
Optionalforce_verify?: boolean
Description
Flag indicating that this endpoint requires computing checksums,
needed for the verify_checksum option of transfer.
Optionalguest_auth_policy_id?: null|string
Format: uuid
Description
Authentication policy set on mapped collections and inherited by its
guest collections. During authorization, the authentication policy must
be satisfied before permissions are considered. Read-only on guest
collections. (Added in API 1.15.0)
OptionalReadonlyhigh_assurance?: boolean
Description
Flag indicating if this collection is created on a high assurance
Storage Gateway.
OptionalReadonlyhttps_url?: string
Description
HTTPS URL for the data on this collection.
OptionalReadonlyid?: string
Format: uuid
Description
Unique identifier for this collection. This is assigned
by the GCS manager when creating a collection.
Optionalidentity_id?: string
Format: uuid
Description
Globus Auth identity to who acts as the owner of this collection.
This identity is an administrator on the collection.
Optionalinfo_link?: null|string
Description
Link to a web page with more information about the collection
Optionalkeywords?: string[]
Description
List of search keywords for the
endpoint. Optional. Unicode string, max 1024
characters total across all strings.
OptionalReadonlylast_access?: null|string
Format: date
Description
Date on which this collection was last accessed
OptionalReadonlymanager_url?: string
Description
URL of the GCS Manager API service for the endpoint hosting this
collection.
Optionalmapped_collection_id?: string
Format: uuid
Description
Unique ID of the Mapped Collection which this guest collection is
associated with. This is set on creation and may not be changed.
For a Guest Collection, this must be set, and policies related
sharing (allow_guest_collections, sharing_restrict_paths) will
always reflect the values in the Mapped Collection definition and
may not be changed on this Guest Collection.
Optionalorganization?: string
Description
Organization that runs the server(s) represented by the endpoint.
Optional to preserve backward compatibility, but will eventually be
required and all clients are encouraged to require users to specify
it. Unicode string, max 1024 characters, no new lines.
Flag indicating whether all data transfers to and from this
collection require the remote collection be HA. This can only be
assigned on high assurance mapped collections. High assurance
guest collections inherit the restriction from their associated
mapped collections. This may be set to null to disable this feature.
If a restriction is in place for a collection, then HTTPS access to
it is disabled.
OptionalReadonlyroot_path?: string
Description
Absolute root path of the collection. All data access
is done relative to this path. On a guest collection,
this value is only visible if the caller has an
administrator role on both the guest collection and the
mapped collection it is created on.
Optionalsharing_restrict_paths?: unknown
Description
Restrictions on which paths may be shared in guest collections related
to this mapped collection. On the mapped collection, these paths are
relative to the root_path property of the mapped collection. On a guest
collection, they are absolute paths from the storage root.
Optionalsharing_users_allow?: null|string[]
Description
List of connector-specific usernames allowed to create new guest
collections on this mapped collection.
Optionalsharing_users_deny?: null|string[]
Description
List of connector-specific usernames denied access to
create new guest collections on this mapped collection.
Optionalskip_auto_delete?: boolean
Description
Flag indicating whether the guest collection is subject to automatic
deletion if auto_delete_timeout is set on its mapped collection. Only
settable on guest collections. Defaults to false.
Optionalstorage_gateway_id?: string
Format: uuid
Description
Unique ID of the Storage Gateway which this collection provides
access to. This value can not change after the collection is
created.
Flag indicating whether the collection has been marked as
verified by the administrator of the subscription associated
with this endpoint.
OptionalReadonlytlsftp_url?: string
Description
TLSFTP URL for the data on this collection.
Optionaluser_credential_id?: string
Format: uuid
Description
The ID of the User Credential which is used to access data on this
collection. This credential must be owned by the collection's
identity_id.
Optionaluser_message?: null|string
Description
A message for clients to display to users when interacting with
this collection. For guest collections, this property is read-only
and is the same as the value of its related mapped collection. The
message may be up to 256 characters long.
Optionaluser_message_link?: null|string
Description
Link to additional messaging for clients to display to users
when interacting with this endpoint, linked to an
HTTP or HTTPS URL. For guest collections, this property is
read-only and is the same as the value of its related mapped
collection.
A collection consists of metadata about the collection, a DNS
domain for accessing data on the collection, and configuration on
the Data Transfer Nodes to access the collection data. Globus
Connect Server version 5 supports two types of collections:
mapped and guest.
Version 1.1.0 adds support for enabling or disabling https access for
individual collections, as well as the ability for collection
administrators to add an optional message and web link to be shown on
the Globus Web App when users visit the collection.
Version 1.2.0 adds the ability to enable or disable sharing by specific
users.
Version 1.3.0 add support for custom DNS domains on collections.
Version 1.4.0 allows optional multi-factor authentication requirements to
high assurance collections and the ability to require checksums when
transferring data on this collection.
Version 1.5.0 allows administrators to disable permissions that would allow
anonymous users to have write access to an endpoint.
Version 1.6.0 allows administrators of mapped collections to associate
policies that users accessing guest collections must meet beyond the
guest collection permissions.
Version 1.7.0 increases the maximum allowed length of the user_message
property.
Version 1.8.0 adds the delete_protected property. While it is set to true
on a mapped collection, the collection may not be deleted. As of GCS 5.4.69,
this is true by default.
Version 1.9.0 adds the read-only last_access and created_at properties.
Version 1.10.0 adds the acl_expiration_mins property to HA mapped collections.
Version 1.11.0 adds the acl_expiration_mins property to HA guest collection.
Version 1.12.0 adds the restrict_transfers_to_high_assurance property to HA
collections.
Version 1.13.0 adds the auto_delete_timeout property to mapped collections
and the skip_auto_delete property to guest collections.
Version 1.14.0 adds the subscription_admin_verified property to collections
and activity_notification_policy to guest collections.
Version 1.15.0 adds the associated_flow_policy property to the collection.
Optionalacl_expiration_mins?: null|number
Description
Length of time that guest collection permissions are valid. Only settable on HA guest collections and HA mapped collections and used by guest collections attached to it. When set on both the mapped and guest collections, the lesser value is in effect. Set to null to delete any previously set value.
Flag indicating if this Collection allows users to create guest
collections on it. This is always false if this is a guest
collection. If this is changed to false on a mapped collection with
associated guest collections, those collections will no longer be
accessible.
Optionalassociated_flow_policy?: unknown
Description
Policy describing Globus flows to run when the collection is accessed.
OptionalReadonlyauthentication_timeout_mins?: number
Description
Timeout (in minutes) during which a user is required to have
authenticated in a session to access this storage gateway.
Optionalauto_delete_timeout?: null|number
Description
Number of days before unused guest collections will be automatically
deleted. Only settable on mapped collections. Values must be an integer
greater than 0. Set to null to disable automatic guest collection deletion
for the mapped collection. Defaults to disabled.
collection_base_path: string
Description
Path to be interpreted as the base path when creating a new
collection. It is interpreted differently depending on the
collection type being created. For a mapped collection, this is an
absolute path on the storage system named by the
storage_gateway_id. For a guest collection, this is a relative
path relative to the value of the root_path attribute on the
mapped collection with the same Id as the mapped_collection_id
property. This may not be changed once the collection is created.
Support for `~` was added in API version 1.21.0.
collection_type: "mapped"|"guest"
Description
Type of collection. A mapped collection requires an account on
the system to access the administrator-defined collection. A
guest collection allows users to share access to their data on a
Storage Gateway by registering a credential with the GCS Manager.
OptionalReadonlyconnector_id?: string
Format: uuid
Description
Id of the connector type that is used by this collection.
Optionalcontact_email?: null|string
Description
Email address of the support contact for this collection. This is visible
to end users so that they may contact your organization for support.
Optionalcontact_info?: null|string
Description
Other non-email contact information for the collection, e.g. phone and
mailing address. This is visible to end users for support.
OptionalReadonlycreated_at?: null|string
Format: date
Description
Date on which this collection was created
DATA_TYPE: "collection#1.15.0"
Description
Type of this document
Default
collection#1.15.0 @enum {string}
Optionaldefault_directory?: string
Description
Default directory when accessing the collection. This may include
the special string $USER which is evaluated at access time to be
the connector-specific username accessing the data.
If the collection is mapped collection with a
**collection_base_path** value of `/`, this value can also begin
with the values `/~/` and `$HOME`, which are replaced by the user's
home directory, or `/` if the connector does not support the
concept of a home directory.
Optionaldelete_protected?: boolean
Description
If set to true, this collection can not be deleted. This property
is available only on mapped collections. As of GCS 5.4.69, this is
true by default.
OptionalReadonlydeleted?: boolean
Description
Flag indicating that this collection has been deleted
Optionaldepartment?: null|string
Description
Department within organization that runs the server(s).
Searchable. Optional. Unicode string, max 1024
characters, no new lines.
Optionaldescription?: null|string
Description
A description of the collection.
Optionaldisable_anonymous_writes?: boolean
Description
Flag indicating if guest collections on this mapped collection
allow anonymous write permissions or not. This flag is always true for high
assurance collections. For non-high assurance mapped collections, the
default value is false.
Optionaldisable_verify?: boolean
Description
Flag indicating that this endpoint does not support computing
checksums, needed for the verify_checksum option of transfer.
display_name: string
Description
Friendly name for the collection. Unicode string, max 128
characters, no new lines (\r or \n).
PEM-Encoded X.509 certificate chain for this domain. Only needed if
there are intermediate certificates that must also be sent to
clients to allow them to verify the certificate.
Optionalcertificate_chain_path?: null|string
Description
Path to a file containing the X.509 certificate chain for this
domain. This file path must contain a sequence of valid
certificate and be present on each data transfer node.
Optionalcertificate_path?: null|string
Description
Path to a file containing the X.509 certificate for this domain.
This file path must contain a valid certificate and be present on
each data transfer node.
DATA_TYPE: "domain#1.0.0"
Description
Type of this document
Default
domain#1.0.0 @enum {string}
domain_name: string
Description
Domain name
Optionalprivate_key?: null|string
Description
PEM-Encoded private key for the certificate
Optionalprivate_key_path?: null|string
Description
Path to a file containing the private key for this domain. This
file path must contain a valid key and be present on each data
transfer node.
wildcard: boolean
Description
Flag indicating whether this is a wildcard domain or not.
When setting a custom domain for a mapped collection, the domain
may optionally be a wildcard domain. If it is a wildcard domain,
the guest collections will be created as subdomains of the mapped
collection domain; if not, guest collections will be created as
subdomains of the endpoint domain.
Optionaldomain_name?: string
Description
DNS name of the virtual host serving this collection. For mapped
collections which do not have a custom domain, this may be specified as
part of the input document to create the collection, otherwise this is
a read-only property. When included in the input, the name is
restricted to be a subdomain of the endpoint, and the input name label
may not start with m- or g-.
Optionalenable_https?: boolean
Description
Boolean flag indicating whether this collection should support
HTTPS. This value can be set on mapped collections or guest
collections. However, it may not be set to true on a guest
collection if the value on the related mapped collection is false.
Optionalforce_encryption?: boolean
Description
Flag indicating whether all data transfers to and from this
collection are always encrypted.
__New in v5.4.17__: If a mapped collection forces encryption, all
of its guest collections must as well. If this option is used on a
mapped collection, the value is propagated to its guest
collections.
Optionalforce_verify?: boolean
Description
Flag indicating that this endpoint requires computing checksums,
needed for the verify_checksum option of transfer.
Optionalguest_auth_policy_id?: null|string
Format: uuid
Description
Authentication policy set on mapped collections and inherited by its
guest collections. During authorization, the authentication policy must
be satisfied before permissions are considered. Read-only on guest
collections. (Added in API 1.15.0)
OptionalReadonlyhigh_assurance?: boolean
Description
Flag indicating if this collection is created on a high assurance
Storage Gateway.
OptionalReadonlyhttps_url?: string
Description
HTTPS URL for the data on this collection.
OptionalReadonlyid?: string
Format: uuid
Description
Unique identifier for this collection. This is assigned
by the GCS manager when creating a collection.
Optionalidentity_id?: string
Format: uuid
Description
Globus Auth identity to who acts as the owner of this collection.
This identity is an administrator on the collection.
Optionalinfo_link?: null|string
Description
Link to a web page with more information about the collection
Optionalkeywords?: string[]
Description
List of search keywords for the
endpoint. Optional. Unicode string, max 1024
characters total across all strings.
OptionalReadonlylast_access?: null|string
Format: date
Description
Date on which this collection was last accessed
OptionalReadonlymanager_url?: string
Description
URL of the GCS Manager API service for the endpoint hosting this
collection.
Optionalmapped_collection_id?: string
Format: uuid
Description
Unique ID of the Mapped Collection which this guest collection is
associated with. This is set on creation and may not be changed.
For a Guest Collection, this must be set, and policies related
sharing (allow_guest_collections, sharing_restrict_paths) will
always reflect the values in the Mapped Collection definition and
may not be changed on this Guest Collection.
Optionalorganization?: string
Description
Organization that runs the server(s) represented by the endpoint.
Optional to preserve backward compatibility, but will eventually be
required and all clients are encouraged to require users to specify
it. Unicode string, max 1024 characters, no new lines.
Flag indicating whether all data transfers to and from this
collection require the remote collection be HA. This can only be
assigned on high assurance mapped collections. High assurance
guest collections inherit the restriction from their associated
mapped collections. This may be set to null to disable this feature.
If a restriction is in place for a collection, then HTTPS access to
it is disabled.
OptionalReadonlyroot_path?: string
Description
Absolute root path of the collection. All data access
is done relative to this path. On a guest collection,
this value is only visible if the caller has an
administrator role on both the guest collection and the
mapped collection it is created on.
Optionalsharing_restrict_paths?: unknown
Description
Restrictions on which paths may be shared in guest collections related
to this mapped collection. On the mapped collection, these paths are
relative to the root_path property of the mapped collection. On a guest
collection, they are absolute paths from the storage root.
Optionalsharing_users_allow?: null|string[]
Description
List of connector-specific usernames allowed to create new guest
collections on this mapped collection.
Optionalsharing_users_deny?: null|string[]
Description
List of connector-specific usernames denied access to
create new guest collections on this mapped collection.
Optionalskip_auto_delete?: boolean
Description
Flag indicating whether the guest collection is subject to automatic
deletion if auto_delete_timeout is set on its mapped collection. Only
settable on guest collections. Defaults to false.
Optionalstorage_gateway_id?: string
Format: uuid
Description
Unique ID of the Storage Gateway which this collection provides
access to. This value can not change after the collection is
created.
Flag indicating whether the collection has been marked as
verified by the administrator of the subscription associated
with this endpoint.
OptionalReadonlytlsftp_url?: string
Description
TLSFTP URL for the data on this collection.
Optionaluser_credential_id?: string
Format: uuid
Description
The ID of the User Credential which is used to access data on this
collection. This credential must be owned by the collection's
identity_id.
Optionaluser_message?: null|string
Description
A message for clients to display to users when interacting with
this collection. For guest collections, this property is read-only
and is the same as the value of its related mapped collection. The
message may be up to 256 characters long.
Optionaluser_message_link?: null|string
Description
Link to additional messaging for clients to display to users
when interacting with this endpoint, linked to an
HTTP or HTTPS URL. For guest collections, this property is
read-only and is the same as the value of its related mapped
collection.
A collection consists of metadata about the collection, a DNS
domain for accessing data on the collection, and configuration on
the Data Transfer Nodes to access the collection data. Globus
Connect Server version 5 supports two types of collections:
mapped and guest.
Version 1.1.0 adds support for enabling or disabling https access for
individual collections, as well as the ability for collection
administrators to add an optional message and web link to be shown on
the Globus Web App when users visit the collection.
Version 1.2.0 adds the ability to enable or disable sharing by specific
users.
Optionalallow_guest_collections?: boolean
Description
Flag indicating if this Collection allows users to create guest
collections on it. This is always false if this is a guest
collection. If this is changed to false on a mapped collection with
associated guest collections, those collections will no longer be
accessible.
OptionalReadonlyauthentication_timeout_mins?: number
Description
Timeout (in minutes) during which a user is required to have
authenticated in a session to access this storage gateway.
collection_base_path: string
Description
Path to be interpreted as the base path when creating a new
collection. It is interpreted differently depending on the
collection type being created. For a mapped collection, this is an
absolute path on the storage system named by the
storage_gateway_id. For a guest collection, this is a relative
path relative to the value of the root_path attribute on the
mapped collection with the same Id as the mapped_collection_id
property. This may not be changed once the collection is created.
Support for `~` was added in API version 1.21.0.
collection_type: "mapped"|"guest"
Description
Type of collection. A mapped collection requires an account on
the system to access the administrator-defined collection. A
guest collection allows users to share access to their data on a
Storage Gateway by registering a credential with the GCS Manager.
OptionalReadonlyconnector_id?: string
Format: uuid
Description
Id of the connector type that is used by this collection.
Optionalcontact_email?: null|string
Description
Email address of the support contact for this collection. This is visible
to end users so that they may contact your organization for support.
Optionalcontact_info?: null|string
Description
Other non-email contact information for the collection, e.g. phone and
mailing address. This is visible to end users for support.
DATA_TYPE: "collection#1.2.0"
Description
Type of this document
Default
collection#1.2.0 @enum {string}
Optionaldefault_directory?: string
Description
Default directory when accessing the collection. This may include
the special string $USER which is evaluated at access time to be
the connector-specific username accessing the data.
If the collection is mapped collection with a
**collection_base_path** value of `/`, this value can also begin
with the values `/~/` and `$HOME`, which are replaced by the user's
home directory, or `/` if the connector does not support the
concept of a home directory.
OptionalReadonlydeleted?: boolean
Description
Flag indicating that this collection has been deleted
Optionaldepartment?: null|string
Description
Department within organization that runs the server(s).
Searchable. Optional. Unicode string, max 1024
characters, no new lines.
Optionaldescription?: null|string
Description
A description of the collection.
Optionaldisable_verify?: boolean
Description
Flag indicating that this endpoint does not support computing
checksums, needed for the verify_checksum option of transfer.
display_name: string
Description
Friendly name for the collection. Unicode string, max 128
characters, no new lines (\r or \n).
Optionaldomain_name?: string
Description
DNS name of the virtual host serving this collection. For mapped
collections which do not have a custom domain, this may be specified as
part of the input document to create the collection, otherwise this is
a read-only property. When included in the input, the name is
restricted to be a subdomain of the endpoint, and the input name label
may not start with m- or g-.
Optionalenable_https?: boolean
Description
Boolean flag indicating whether this collection should support
HTTPS. This value can be set on mapped collections or guest
collections. However, it may not be set to true on a guest
collection if the value on the related mapped collection is false.
Optionalforce_encryption?: boolean
Description
Flag indicating whether all data transfers to and from this
collection are always encrypted.
__New in v5.4.17__: If a mapped collection forces encryption, all
of its guest collections must as well. If this option is used on a
mapped collection, the value is propagated to its guest
collections.
OptionalReadonlyhigh_assurance?: boolean
Description
Flag indicating if this collection is created on a high assurance
Storage Gateway.
OptionalReadonlyhttps_url?: string
Description
HTTPS URL for the data on this collection.
OptionalReadonlyid?: string
Format: uuid
Description
Unique identifier for this collection. This is assigned
by the GCS manager when creating a collection.
Optionalidentity_id?: string
Format: uuid
Description
Globus Auth identity to who acts as the owner of this collection.
This identity is an administrator on the collection.
Optionalinfo_link?: null|string
Description
Link to a web page with more information about the collection
Optionalkeywords?: string[]
Description
List of search keywords for the
endpoint. Optional. Unicode string, max 1024
characters total across all strings.
OptionalReadonlymanager_url?: string
Description
URL of the GCS Manager API service for the endpoint hosting this
collection.
Optionalmapped_collection_id?: string
Format: uuid
Description
Unique ID of the Mapped Collection which this guest collection is
associated with. This is set on creation and may not be changed.
For a Guest Collection, this must be set, and policies related
sharing (allow_guest_collections, sharing_restrict_paths) will
always reflect the values in the Mapped Collection definition and
may not be changed on this Guest Collection.
Optionalorganization?: string
Description
Organization that runs the server(s) represented by the endpoint.
Optional to preserve backward compatibility, but will eventually be
required and all clients are encouraged to require users to specify
it. Unicode string, max 1024 characters, no new lines.
Flag indicating whether this collection is visible to other Globus
users.
OptionalReadonlyroot_path?: string
Description
Absolute root path of the collection. All data access
is done relative to this path. On a guest collection,
this value is only visible if the caller has an
administrator role on both the guest collection and the
mapped collection it is created on.
Optionalsharing_restrict_paths?: unknown
Description
Restrictions on which paths may be shared in guest collections related
to this mapped collection. On the mapped collection, these paths are
relative to the root_path property of the mapped collection. On a guest
collection, they are absolute paths from the storage root.
Optionalsharing_users_allow?: null|string[]
Description
List of connector-specific usernames allowed to create new guest
collections on this mapped collection.
Optionalsharing_users_deny?: null|string[]
Description
List of connector-specific usernames denied access to
create new guest collections on this mapped collection.
Optionalstorage_gateway_id?: string
Format: uuid
Description
Unique ID of the Storage Gateway which this collection provides
access to. This value can not change after the collection is
created.
OptionalReadonlytlsftp_url?: string
Description
TLSFTP URL for the data on this collection.
Optionaluser_credential_id?: string
Format: uuid
Description
The ID of the User Credential which is used to access data on this
collection. This credential must be owned by the collection's
identity_id.
Optionaluser_message?: null|string
Description
A message for clients to display to users when interacting with
this collection. For guest collections, this property is read-only
and is the same as the value of its related mapped collection. The
message may be up to 64 characters long.
Optionaluser_message_link?: null|string
Description
Link to additional messaging for clients to display to users
when interacting with this endpoint, linked to an
HTTP or HTTPS URL. For guest collections, this property is
read-only and is the same as the value of its related mapped
collection.
A collection consists of metadata about the collection, a DNS
domain for accessing data on the collection, and configuration on
the Data Transfer Nodes to access the collection data. Globus
Connect Server version 5 supports two types of collections:
mapped and guest.
Version 1.1.0 adds support for enabling or disabling https access for
individual collections, as well as the ability for collection
administrators to add an optional message and web link to be shown on
the Globus Web App when users visit the collection.
Version 1.2.0 adds the ability to enable or disable sharing by specific
users.
Version 1.3.0 add support for custom DNS domains on collections.
Optionalallow_guest_collections?: boolean
Description
Flag indicating if this Collection allows users to create guest
collections on it. This is always false if this is a guest
collection. If this is changed to false on a mapped collection with
associated guest collections, those collections will no longer be
accessible.
OptionalReadonlyauthentication_timeout_mins?: number
Description
Timeout (in minutes) during which a user is required to have
authenticated in a session to access this storage gateway.
collection_base_path: string
Description
Path to be interpreted as the base path when creating a new
collection. It is interpreted differently depending on the
collection type being created. For a mapped collection, this is an
absolute path on the storage system named by the
storage_gateway_id. For a guest collection, this is a relative
path relative to the value of the root_path attribute on the
mapped collection with the same Id as the mapped_collection_id
property. This may not be changed once the collection is created.
Support for `~` was added in API version 1.21.0.
collection_type: "mapped"|"guest"
Description
Type of collection. A mapped collection requires an account on
the system to access the administrator-defined collection. A
guest collection allows users to share access to their data on a
Storage Gateway by registering a credential with the GCS Manager.
OptionalReadonlyconnector_id?: string
Format: uuid
Description
Id of the connector type that is used by this collection.
Optionalcontact_email?: null|string
Description
Email address of the support contact for this collection. This is visible
to end users so that they may contact your organization for support.
Optionalcontact_info?: null|string
Description
Other non-email contact information for the collection, e.g. phone and
mailing address. This is visible to end users for support.
DATA_TYPE: "collection#1.3.0"
Description
Type of this document
Default
collection#1.3.0 @enum {string}
Optionaldefault_directory?: string
Description
Default directory when accessing the collection. This may include
the special string $USER which is evaluated at access time to be
the connector-specific username accessing the data.
If the collection is mapped collection with a
**collection_base_path** value of `/`, this value can also begin
with the values `/~/` and `$HOME`, which are replaced by the user's
home directory, or `/` if the connector does not support the
concept of a home directory.
OptionalReadonlydeleted?: boolean
Description
Flag indicating that this collection has been deleted
Optionaldepartment?: null|string
Description
Department within organization that runs the server(s).
Searchable. Optional. Unicode string, max 1024
characters, no new lines.
Optionaldescription?: null|string
Description
A description of the collection.
Optionaldisable_verify?: boolean
Description
Flag indicating that this endpoint does not support computing
checksums, needed for the verify_checksum option of transfer.
display_name: string
Description
Friendly name for the collection. Unicode string, max 128
characters, no new lines (\r or \n).
PEM-Encoded X.509 certificate chain for this domain. Only needed if
there are intermediate certificates that must also be sent to
clients to allow them to verify the certificate.
Optionalcertificate_chain_path?: null|string
Description
Path to a file containing the X.509 certificate chain for this
domain. This file path must contain a sequence of valid
certificate and be present on each data transfer node.
Optionalcertificate_path?: null|string
Description
Path to a file containing the X.509 certificate for this domain.
This file path must contain a valid certificate and be present on
each data transfer node.
DATA_TYPE: "domain#1.0.0"
Description
Type of this document
Default
domain#1.0.0 @enum {string}
domain_name: string
Description
Domain name
Optionalprivate_key?: null|string
Description
PEM-Encoded private key for the certificate
Optionalprivate_key_path?: null|string
Description
Path to a file containing the private key for this domain. This
file path must contain a valid key and be present on each data
transfer node.
wildcard: boolean
Description
Flag indicating whether this is a wildcard domain or not.
When setting a custom domain for a mapped collection, the domain
may optionally be a wildcard domain. If it is a wildcard domain,
the guest collections will be created as subdomains of the mapped
collection domain; if not, guest collections will be created as
subdomains of the endpoint domain.
Optionaldomain_name?: string
Description
DNS name of the virtual host serving this collection. For mapped
collections which do not have a custom domain, this may be specified as
part of the input document to create the collection, otherwise this is
a read-only property. When included in the input, the name is
restricted to be a subdomain of the endpoint, and the input name label
may not start with m- or g-.
Optionalenable_https?: boolean
Description
Boolean flag indicating whether this collection should support
HTTPS. This value can be set on mapped collections or guest
collections. However, it may not be set to true on a guest
collection if the value on the related mapped collection is false.
Optionalforce_encryption?: boolean
Description
Flag indicating whether all data transfers to and from this
collection are always encrypted.
__New in v5.4.17__: If a mapped collection forces encryption, all
of its guest collections must as well. If this option is used on a
mapped collection, the value is propagated to its guest
collections.
OptionalReadonlyhigh_assurance?: boolean
Description
Flag indicating if this collection is created on a high assurance
Storage Gateway.
OptionalReadonlyhttps_url?: string
Description
HTTPS URL for the data on this collection.
OptionalReadonlyid?: string
Format: uuid
Description
Unique identifier for this collection. This is assigned
by the GCS manager when creating a collection.
Optionalidentity_id?: string
Format: uuid
Description
Globus Auth identity to who acts as the owner of this collection.
This identity is an administrator on the collection.
Optionalinfo_link?: null|string
Description
Link to a web page with more information about the collection
Optionalkeywords?: string[]
Description
List of search keywords for the
endpoint. Optional. Unicode string, max 1024
characters total across all strings.
OptionalReadonlymanager_url?: string
Description
URL of the GCS Manager API service for the endpoint hosting this
collection.
Optionalmapped_collection_id?: string
Format: uuid
Description
Unique ID of the Mapped Collection which this guest collection is
associated with. This is set on creation and may not be changed.
For a Guest Collection, this must be set, and policies related
sharing (allow_guest_collections, sharing_restrict_paths) will
always reflect the values in the Mapped Collection definition and
may not be changed on this Guest Collection.
Optionalorganization?: string
Description
Organization that runs the server(s) represented by the endpoint.
Optional to preserve backward compatibility, but will eventually be
required and all clients are encouraged to require users to specify
it. Unicode string, max 1024 characters, no new lines.
Flag indicating whether this collection is visible to other Globus
users.
OptionalReadonlyroot_path?: string
Description
Absolute root path of the collection. All data access
is done relative to this path. On a guest collection,
this value is only visible if the caller has an
administrator role on both the guest collection and the
mapped collection it is created on.
Optionalsharing_restrict_paths?: unknown
Description
Restrictions on which paths may be shared in guest collections related
to this mapped collection. On the mapped collection, these paths are
relative to the root_path property of the mapped collection. On a guest
collection, they are absolute paths from the storage root.
Optionalsharing_users_allow?: null|string[]
Description
List of connector-specific usernames allowed to create new guest
collections on this mapped collection.
Optionalsharing_users_deny?: null|string[]
Description
List of connector-specific usernames denied access to
create new guest collections on this mapped collection.
Optionalstorage_gateway_id?: string
Format: uuid
Description
Unique ID of the Storage Gateway which this collection provides
access to. This value can not change after the collection is
created.
OptionalReadonlytlsftp_url?: string
Description
TLSFTP URL for the data on this collection.
Optionaluser_credential_id?: string
Format: uuid
Description
The ID of the User Credential which is used to access data on this
collection. This credential must be owned by the collection's
identity_id.
Optionaluser_message?: null|string
Description
A message for clients to display to users when interacting with
this collection. For guest collections, this property is read-only
and is the same as the value of its related mapped collection. The
message may be up to 64 characters long.
Optionaluser_message_link?: null|string
Description
Link to additional messaging for clients to display to users
when interacting with this endpoint, linked to an
HTTP or HTTPS URL. For guest collections, this property is
read-only and is the same as the value of its related mapped
collection.
A collection consists of metadata about the collection, a DNS
domain for accessing data on the collection, and configuration on
the Data Transfer Nodes to access the collection data. Globus
Connect Server version 5 supports two types of collections:
mapped and guest.
Version 1.1.0 adds support for enabling or disabling https access for
individual collections, as well as the ability for collection
administrators to add an optional message and web link to be shown on
the Globus Web App when users visit the collection.
Version 1.2.0 adds the ability to enable or disable sharing by specific
users.
Version 1.3.0 add support for custom DNS domains on collections.
Version 1.4.0 allows optional multi-factor authentication requirements to
high assurance collections and the ability to require checksums when
transferring data on this collection.
Optionalallow_guest_collections?: boolean
Description
Flag indicating if this Collection allows users to create guest
collections on it. This is always false if this is a guest
collection. If this is changed to false on a mapped collection with
associated guest collections, those collections will no longer be
accessible.
OptionalReadonlyauthentication_timeout_mins?: number
Description
Timeout (in minutes) during which a user is required to have
authenticated in a session to access this storage gateway.
collection_base_path: string
Description
Path to be interpreted as the base path when creating a new
collection. It is interpreted differently depending on the
collection type being created. For a mapped collection, this is an
absolute path on the storage system named by the
storage_gateway_id. For a guest collection, this is a relative
path relative to the value of the root_path attribute on the
mapped collection with the same Id as the mapped_collection_id
property. This may not be changed once the collection is created.
Support for `~` was added in API version 1.21.0.
collection_type: "mapped"|"guest"
Description
Type of collection. A mapped collection requires an account on
the system to access the administrator-defined collection. A
guest collection allows users to share access to their data on a
Storage Gateway by registering a credential with the GCS Manager.
OptionalReadonlyconnector_id?: string
Format: uuid
Description
Id of the connector type that is used by this collection.
Optionalcontact_email?: null|string
Description
Email address of the support contact for this collection. This is visible
to end users so that they may contact your organization for support.
Optionalcontact_info?: null|string
Description
Other non-email contact information for the collection, e.g. phone and
mailing address. This is visible to end users for support.
DATA_TYPE: "collection#1.4.0"
Description
Type of this document
Default
collection#1.4.0 @enum {string}
Optionaldefault_directory?: string
Description
Default directory when accessing the collection. This may include
the special string $USER which is evaluated at access time to be
the connector-specific username accessing the data.
If the collection is mapped collection with a
**collection_base_path** value of `/`, this value can also begin
with the values `/~/` and `$HOME`, which are replaced by the user's
home directory, or `/` if the connector does not support the
concept of a home directory.
OptionalReadonlydeleted?: boolean
Description
Flag indicating that this collection has been deleted
Optionaldepartment?: null|string
Description
Department within organization that runs the server(s).
Searchable. Optional. Unicode string, max 1024
characters, no new lines.
Optionaldescription?: null|string
Description
A description of the collection.
Optionaldisable_verify?: boolean
Description
Flag indicating that this endpoint does not support computing
checksums, needed for the verify_checksum option of transfer.
display_name: string
Description
Friendly name for the collection. Unicode string, max 128
characters, no new lines (\r or \n).
PEM-Encoded X.509 certificate chain for this domain. Only needed if
there are intermediate certificates that must also be sent to
clients to allow them to verify the certificate.
Optionalcertificate_chain_path?: null|string
Description
Path to a file containing the X.509 certificate chain for this
domain. This file path must contain a sequence of valid
certificate and be present on each data transfer node.
Optionalcertificate_path?: null|string
Description
Path to a file containing the X.509 certificate for this domain.
This file path must contain a valid certificate and be present on
each data transfer node.
DATA_TYPE: "domain#1.0.0"
Description
Type of this document
Default
domain#1.0.0 @enum {string}
domain_name: string
Description
Domain name
Optionalprivate_key?: null|string
Description
PEM-Encoded private key for the certificate
Optionalprivate_key_path?: null|string
Description
Path to a file containing the private key for this domain. This
file path must contain a valid key and be present on each data
transfer node.
wildcard: boolean
Description
Flag indicating whether this is a wildcard domain or not.
When setting a custom domain for a mapped collection, the domain
may optionally be a wildcard domain. If it is a wildcard domain,
the guest collections will be created as subdomains of the mapped
collection domain; if not, guest collections will be created as
subdomains of the endpoint domain.
Optionaldomain_name?: string
Description
DNS name of the virtual host serving this collection. For mapped
collections which do not have a custom domain, this may be specified as
part of the input document to create the collection, otherwise this is
a read-only property. When included in the input, the name is
restricted to be a subdomain of the endpoint, and the input name label
may not start with m- or g-.
Optionalenable_https?: boolean
Description
Boolean flag indicating whether this collection should support
HTTPS. This value can be set on mapped collections or guest
collections. However, it may not be set to true on a guest
collection if the value on the related mapped collection is false.
Optionalforce_encryption?: boolean
Description
Flag indicating whether all data transfers to and from this
collection are always encrypted.
__New in v5.4.17__: If a mapped collection forces encryption, all
of its guest collections must as well. If this option is used on a
mapped collection, the value is propagated to its guest
collections.
Optionalforce_verify?: boolean
Description
Flag indicating that this endpoint requires computing checksums,
needed for the verify_checksum option of transfer.
OptionalReadonlyhigh_assurance?: boolean
Description
Flag indicating if this collection is created on a high assurance
Storage Gateway.
OptionalReadonlyhttps_url?: string
Description
HTTPS URL for the data on this collection.
OptionalReadonlyid?: string
Format: uuid
Description
Unique identifier for this collection. This is assigned
by the GCS manager when creating a collection.
Optionalidentity_id?: string
Format: uuid
Description
Globus Auth identity to who acts as the owner of this collection.
This identity is an administrator on the collection.
Optionalinfo_link?: null|string
Description
Link to a web page with more information about the collection
Optionalkeywords?: string[]
Description
List of search keywords for the
endpoint. Optional. Unicode string, max 1024
characters total across all strings.
OptionalReadonlymanager_url?: string
Description
URL of the GCS Manager API service for the endpoint hosting this
collection.
Optionalmapped_collection_id?: string
Format: uuid
Description
Unique ID of the Mapped Collection which this guest collection is
associated with. This is set on creation and may not be changed.
For a Guest Collection, this must be set, and policies related
sharing (allow_guest_collections, sharing_restrict_paths) will
always reflect the values in the Mapped Collection definition and
may not be changed on this Guest Collection.
Optionalorganization?: string
Description
Organization that runs the server(s) represented by the endpoint.
Optional to preserve backward compatibility, but will eventually be
required and all clients are encouraged to require users to specify
it. Unicode string, max 1024 characters, no new lines.
Flag indicating whether this collection is visible to other Globus
users.
OptionalReadonlyrequire_mfa?: boolean
Description
Flag indicating if the storage_gateway requires multi-factor
authentication. Only applies to high assurance storage gateways.
OptionalReadonlyroot_path?: string
Description
Absolute root path of the collection. All data access
is done relative to this path. On a guest collection,
this value is only visible if the caller has an
administrator role on both the guest collection and the
mapped collection it is created on.
Optionalsharing_restrict_paths?: unknown
Description
Restrictions on which paths may be shared in guest collections related
to this mapped collection. On the mapped collection, these paths are
relative to the root_path property of the mapped collection. On a guest
collection, they are absolute paths from the storage root.
Optionalsharing_users_allow?: null|string[]
Description
List of connector-specific usernames allowed to create new guest
collections on this mapped collection.
Optionalsharing_users_deny?: null|string[]
Description
List of connector-specific usernames denied access to
create new guest collections on this mapped collection.
Optionalstorage_gateway_id?: string
Format: uuid
Description
Unique ID of the Storage Gateway which this collection provides
access to. This value can not change after the collection is
created.
OptionalReadonlytlsftp_url?: string
Description
TLSFTP URL for the data on this collection.
Optionaluser_credential_id?: string
Format: uuid
Description
The ID of the User Credential which is used to access data on this
collection. This credential must be owned by the collection's
identity_id.
Optionaluser_message?: null|string
Description
A message for clients to display to users when interacting with
this collection. For guest collections, this property is read-only
and is the same as the value of its related mapped collection. The
message may be up to 64 characters long.
Optionaluser_message_link?: null|string
Description
Link to additional messaging for clients to display to users
when interacting with this endpoint, linked to an
HTTP or HTTPS URL. For guest collections, this property is
read-only and is the same as the value of its related mapped
collection.
A collection consists of metadata about the collection, a DNS
domain for accessing data on the collection, and configuration on
the Data Transfer Nodes to access the collection data. Globus
Connect Server version 5 supports two types of collections:
mapped and guest.
Version 1.1.0 adds support for enabling or disabling https access for
individual collections, as well as the ability for collection
administrators to add an optional message and web link to be shown on
the Globus Web App when users visit the collection.
Version 1.2.0 adds the ability to enable or disable sharing by specific
users.
Version 1.3.0 add support for custom DNS domains on collections.
Version 1.4.0 allows optional multi-factor authentication requirements to
high assurance collections and the ability to require checksums when
transferring data on this collection.
Version 1.5.0 allows administrators to disable permissions that would allow
anonymous users to have write access to an endpoint.
Optionalallow_guest_collections?: boolean
Description
Flag indicating if this Collection allows users to create guest
collections on it. This is always false if this is a guest
collection. If this is changed to false on a mapped collection with
associated guest collections, those collections will no longer be
accessible.
OptionalReadonlyauthentication_timeout_mins?: number
Description
Timeout (in minutes) during which a user is required to have
authenticated in a session to access this storage gateway.
collection_base_path: string
Description
Path to be interpreted as the base path when creating a new
collection. It is interpreted differently depending on the
collection type being created. For a mapped collection, this is an
absolute path on the storage system named by the
storage_gateway_id. For a guest collection, this is a relative
path relative to the value of the root_path attribute on the
mapped collection with the same Id as the mapped_collection_id
property. This may not be changed once the collection is created.
Support for `~` was added in API version 1.21.0.
collection_type: "mapped"|"guest"
Description
Type of collection. A mapped collection requires an account on
the system to access the administrator-defined collection. A
guest collection allows users to share access to their data on a
Storage Gateway by registering a credential with the GCS Manager.
OptionalReadonlyconnector_id?: string
Format: uuid
Description
Id of the connector type that is used by this collection.
Optionalcontact_email?: null|string
Description
Email address of the support contact for this collection. This is visible
to end users so that they may contact your organization for support.
Optionalcontact_info?: null|string
Description
Other non-email contact information for the collection, e.g. phone and
mailing address. This is visible to end users for support.
DATA_TYPE: "collection#1.5.0"
Description
Type of this document
Default
collection#1.5.0 @enum {string}
Optionaldefault_directory?: string
Description
Default directory when accessing the collection. This may include
the special string $USER which is evaluated at access time to be
the connector-specific username accessing the data.
If the collection is mapped collection with a
**collection_base_path** value of `/`, this value can also begin
with the values `/~/` and `$HOME`, which are replaced by the user's
home directory, or `/` if the connector does not support the
concept of a home directory.
OptionalReadonlydeleted?: boolean
Description
Flag indicating that this collection has been deleted
Optionaldepartment?: null|string
Description
Department within organization that runs the server(s).
Searchable. Optional. Unicode string, max 1024
characters, no new lines.
Optionaldescription?: null|string
Description
A description of the collection.
Optionaldisable_anonymous_writes?: boolean
Description
Flag indicating if guest collections on this mapped collection
allow anonymous write permissions or not. This flag is always true for high
assurance collections. For non-high assurance mapped collections, the
default value is false.
Optionaldisable_verify?: boolean
Description
Flag indicating that this endpoint does not support computing
checksums, needed for the verify_checksum option of transfer.
display_name: string
Description
Friendly name for the collection. Unicode string, max 128
characters, no new lines (\r or \n).
PEM-Encoded X.509 certificate chain for this domain. Only needed if
there are intermediate certificates that must also be sent to
clients to allow them to verify the certificate.
Optionalcertificate_chain_path?: null|string
Description
Path to a file containing the X.509 certificate chain for this
domain. This file path must contain a sequence of valid
certificate and be present on each data transfer node.
Optionalcertificate_path?: null|string
Description
Path to a file containing the X.509 certificate for this domain.
This file path must contain a valid certificate and be present on
each data transfer node.
DATA_TYPE: "domain#1.0.0"
Description
Type of this document
Default
domain#1.0.0 @enum {string}
domain_name: string
Description
Domain name
Optionalprivate_key?: null|string
Description
PEM-Encoded private key for the certificate
Optionalprivate_key_path?: null|string
Description
Path to a file containing the private key for this domain. This
file path must contain a valid key and be present on each data
transfer node.
wildcard: boolean
Description
Flag indicating whether this is a wildcard domain or not.
When setting a custom domain for a mapped collection, the domain
may optionally be a wildcard domain. If it is a wildcard domain,
the guest collections will be created as subdomains of the mapped
collection domain; if not, guest collections will be created as
subdomains of the endpoint domain.
Optionaldomain_name?: string
Description
DNS name of the virtual host serving this collection. For mapped
collections which do not have a custom domain, this may be specified as
part of the input document to create the collection, otherwise this is
a read-only property. When included in the input, the name is
restricted to be a subdomain of the endpoint, and the input name label
may not start with m- or g-.
Optionalenable_https?: boolean
Description
Boolean flag indicating whether this collection should support
HTTPS. This value can be set on mapped collections or guest
collections. However, it may not be set to true on a guest
collection if the value on the related mapped collection is false.
Optionalforce_encryption?: boolean
Description
Flag indicating whether all data transfers to and from this
collection are always encrypted.
__New in v5.4.17__: If a mapped collection forces encryption, all
of its guest collections must as well. If this option is used on a
mapped collection, the value is propagated to its guest
collections.
Optionalforce_verify?: boolean
Description
Flag indicating that this endpoint requires computing checksums,
needed for the verify_checksum option of transfer.
OptionalReadonlyhigh_assurance?: boolean
Description
Flag indicating if this collection is created on a high assurance
Storage Gateway.
OptionalReadonlyhttps_url?: string
Description
HTTPS URL for the data on this collection.
OptionalReadonlyid?: string
Format: uuid
Description
Unique identifier for this collection. This is assigned
by the GCS manager when creating a collection.
Optionalidentity_id?: string
Format: uuid
Description
Globus Auth identity to who acts as the owner of this collection.
This identity is an administrator on the collection.
Optionalinfo_link?: null|string
Description
Link to a web page with more information about the collection
Optionalkeywords?: string[]
Description
List of search keywords for the
endpoint. Optional. Unicode string, max 1024
characters total across all strings.
OptionalReadonlymanager_url?: string
Description
URL of the GCS Manager API service for the endpoint hosting this
collection.
Optionalmapped_collection_id?: string
Format: uuid
Description
Unique ID of the Mapped Collection which this guest collection is
associated with. This is set on creation and may not be changed.
For a Guest Collection, this must be set, and policies related
sharing (allow_guest_collections, sharing_restrict_paths) will
always reflect the values in the Mapped Collection definition and
may not be changed on this Guest Collection.
Optionalorganization?: string
Description
Organization that runs the server(s) represented by the endpoint.
Optional to preserve backward compatibility, but will eventually be
required and all clients are encouraged to require users to specify
it. Unicode string, max 1024 characters, no new lines.
Flag indicating whether this collection is visible to other Globus
users.
OptionalReadonlyrequire_mfa?: boolean
Description
Flag indicating if the storage_gateway requires multi-factor
authentication. Only applies to high assurance storage gateways.
OptionalReadonlyroot_path?: string
Description
Absolute root path of the collection. All data access
is done relative to this path. On a guest collection,
this value is only visible if the caller has an
administrator role on both the guest collection and the
mapped collection it is created on.
Optionalsharing_restrict_paths?: unknown
Description
Restrictions on which paths may be shared in guest collections related
to this mapped collection. On the mapped collection, these paths are
relative to the root_path property of the mapped collection. On a guest
collection, they are absolute paths from the storage root.
Optionalsharing_users_allow?: null|string[]
Description
List of connector-specific usernames allowed to create new guest
collections on this mapped collection.
Optionalsharing_users_deny?: null|string[]
Description
List of connector-specific usernames denied access to
create new guest collections on this mapped collection.
Optionalstorage_gateway_id?: string
Format: uuid
Description
Unique ID of the Storage Gateway which this collection provides
access to. This value can not change after the collection is
created.
OptionalReadonlytlsftp_url?: string
Description
TLSFTP URL for the data on this collection.
Optionaluser_credential_id?: string
Format: uuid
Description
The ID of the User Credential which is used to access data on this
collection. This credential must be owned by the collection's
identity_id.
Optionaluser_message?: null|string
Description
A message for clients to display to users when interacting with
this collection. For guest collections, this property is read-only
and is the same as the value of its related mapped collection. The
message may be up to 64 characters long.
Optionaluser_message_link?: null|string
Description
Link to additional messaging for clients to display to users
when interacting with this endpoint, linked to an
HTTP or HTTPS URL. For guest collections, this property is
read-only and is the same as the value of its related mapped
collection.
A collection consists of metadata about the collection, a DNS
domain for accessing data on the collection, and configuration on
the Data Transfer Nodes to access the collection data. Globus
Connect Server version 5 supports two types of collections:
mapped and guest.
Version 1.1.0 adds support for enabling or disabling https access for
individual collections, as well as the ability for collection
administrators to add an optional message and web link to be shown on
the Globus Web App when users visit the collection.
Version 1.2.0 adds the ability to enable or disable sharing by specific
users.
Version 1.3.0 add support for custom DNS domains on collections.
Version 1.4.0 allows optional multi-factor authentication requirements to
high assurance collections and the ability to require checksums when
transferring data on this collection.
Version 1.5.0 allows administrators to disable permissions that would allow
anonymous users to have write access to an endpoint.
Version 1.6.0 allows administrators of mapped collections to associate
policies that users accessing guest collections must meet beyond the
guest collection permissions.
Optionalallow_guest_collections?: boolean
Description
Flag indicating if this Collection allows users to create guest
collections on it. This is always false if this is a guest
collection. If this is changed to false on a mapped collection with
associated guest collections, those collections will no longer be
accessible.
OptionalReadonlyauthentication_timeout_mins?: number
Description
Timeout (in minutes) during which a user is required to have
authenticated in a session to access this storage gateway.
collection_base_path: string
Description
Path to be interpreted as the base path when creating a new
collection. It is interpreted differently depending on the
collection type being created. For a mapped collection, this is an
absolute path on the storage system named by the
storage_gateway_id. For a guest collection, this is a relative
path relative to the value of the root_path attribute on the
mapped collection with the same Id as the mapped_collection_id
property. This may not be changed once the collection is created.
Support for `~` was added in API version 1.21.0.
collection_type: "mapped"|"guest"
Description
Type of collection. A mapped collection requires an account on
the system to access the administrator-defined collection. A
guest collection allows users to share access to their data on a
Storage Gateway by registering a credential with the GCS Manager.
OptionalReadonlyconnector_id?: string
Format: uuid
Description
Id of the connector type that is used by this collection.
Optionalcontact_email?: null|string
Description
Email address of the support contact for this collection. This is visible
to end users so that they may contact your organization for support.
Optionalcontact_info?: null|string
Description
Other non-email contact information for the collection, e.g. phone and
mailing address. This is visible to end users for support.
DATA_TYPE: "collection#1.6.0"
Description
Type of this document
Default
collection#1.6.0 @enum {string}
Optionaldefault_directory?: string
Description
Default directory when accessing the collection. This may include
the special string $USER which is evaluated at access time to be
the connector-specific username accessing the data.
If the collection is mapped collection with a
**collection_base_path** value of `/`, this value can also begin
with the values `/~/` and `$HOME`, which are replaced by the user's
home directory, or `/` if the connector does not support the
concept of a home directory.
OptionalReadonlydeleted?: boolean
Description
Flag indicating that this collection has been deleted
Optionaldepartment?: null|string
Description
Department within organization that runs the server(s).
Searchable. Optional. Unicode string, max 1024
characters, no new lines.
Optionaldescription?: null|string
Description
A description of the collection.
Optionaldisable_anonymous_writes?: boolean
Description
Flag indicating if guest collections on this mapped collection
allow anonymous write permissions or not. This flag is always true for high
assurance collections. For non-high assurance mapped collections, the
default value is false.
Optionaldisable_verify?: boolean
Description
Flag indicating that this endpoint does not support computing
checksums, needed for the verify_checksum option of transfer.
display_name: string
Description
Friendly name for the collection. Unicode string, max 128
characters, no new lines (\r or \n).
PEM-Encoded X.509 certificate chain for this domain. Only needed if
there are intermediate certificates that must also be sent to
clients to allow them to verify the certificate.
Optionalcertificate_chain_path?: null|string
Description
Path to a file containing the X.509 certificate chain for this
domain. This file path must contain a sequence of valid
certificate and be present on each data transfer node.
Optionalcertificate_path?: null|string
Description
Path to a file containing the X.509 certificate for this domain.
This file path must contain a valid certificate and be present on
each data transfer node.
DATA_TYPE: "domain#1.0.0"
Description
Type of this document
Default
domain#1.0.0 @enum {string}
domain_name: string
Description
Domain name
Optionalprivate_key?: null|string
Description
PEM-Encoded private key for the certificate
Optionalprivate_key_path?: null|string
Description
Path to a file containing the private key for this domain. This
file path must contain a valid key and be present on each data
transfer node.
wildcard: boolean
Description
Flag indicating whether this is a wildcard domain or not.
When setting a custom domain for a mapped collection, the domain
may optionally be a wildcard domain. If it is a wildcard domain,
the guest collections will be created as subdomains of the mapped
collection domain; if not, guest collections will be created as
subdomains of the endpoint domain.
Optionaldomain_name?: string
Description
DNS name of the virtual host serving this collection. For mapped
collections which do not have a custom domain, this may be specified as
part of the input document to create the collection, otherwise this is
a read-only property. When included in the input, the name is
restricted to be a subdomain of the endpoint, and the input name label
may not start with m- or g-.
Optionalenable_https?: boolean
Description
Boolean flag indicating whether this collection should support
HTTPS. This value can be set on mapped collections or guest
collections. However, it may not be set to true on a guest
collection if the value on the related mapped collection is false.
Optionalforce_encryption?: boolean
Description
Flag indicating whether all data transfers to and from this
collection are always encrypted.
__New in v5.4.17__: If a mapped collection forces encryption, all
of its guest collections must as well. If this option is used on a
mapped collection, the value is propagated to its guest
collections.
Optionalforce_verify?: boolean
Description
Flag indicating that this endpoint requires computing checksums,
needed for the verify_checksum option of transfer.
Optionalguest_auth_policy_id?: null|string
Format: uuid
Description
Authentication policy set on mapped collections and inherited by its
guest collections. During authorization, the authentication policy must
be satisfied before permissions are considered. Read-only on guest
collections. (Added in API 1.15.0)
OptionalReadonlyhigh_assurance?: boolean
Description
Flag indicating if this collection is created on a high assurance
Storage Gateway.
OptionalReadonlyhttps_url?: string
Description
HTTPS URL for the data on this collection.
OptionalReadonlyid?: string
Format: uuid
Description
Unique identifier for this collection. This is assigned
by the GCS manager when creating a collection.
Optionalidentity_id?: string
Format: uuid
Description
Globus Auth identity to who acts as the owner of this collection.
This identity is an administrator on the collection.
Optionalinfo_link?: null|string
Description
Link to a web page with more information about the collection
Optionalkeywords?: string[]
Description
List of search keywords for the
endpoint. Optional. Unicode string, max 1024
characters total across all strings.
OptionalReadonlymanager_url?: string
Description
URL of the GCS Manager API service for the endpoint hosting this
collection.
Optionalmapped_collection_id?: string
Format: uuid
Description
Unique ID of the Mapped Collection which this guest collection is
associated with. This is set on creation and may not be changed.
For a Guest Collection, this must be set, and policies related
sharing (allow_guest_collections, sharing_restrict_paths) will
always reflect the values in the Mapped Collection definition and
may not be changed on this Guest Collection.
Optionalorganization?: string
Description
Organization that runs the server(s) represented by the endpoint.
Optional to preserve backward compatibility, but will eventually be
required and all clients are encouraged to require users to specify
it. Unicode string, max 1024 characters, no new lines.
Flag indicating whether this collection is visible to other Globus
users.
OptionalReadonlyrequire_mfa?: boolean
Description
Flag indicating if the storage_gateway requires multi-factor
authentication. Only applies to high assurance storage gateways.
OptionalReadonlyroot_path?: string
Description
Absolute root path of the collection. All data access
is done relative to this path. On a guest collection,
this value is only visible if the caller has an
administrator role on both the guest collection and the
mapped collection it is created on.
Optionalsharing_restrict_paths?: unknown
Description
Restrictions on which paths may be shared in guest collections related
to this mapped collection. On the mapped collection, these paths are
relative to the root_path property of the mapped collection. On a guest
collection, they are absolute paths from the storage root.
Optionalsharing_users_allow?: null|string[]
Description
List of connector-specific usernames allowed to create new guest
collections on this mapped collection.
Optionalsharing_users_deny?: null|string[]
Description
List of connector-specific usernames denied access to
create new guest collections on this mapped collection.
Optionalstorage_gateway_id?: string
Format: uuid
Description
Unique ID of the Storage Gateway which this collection provides
access to. This value can not change after the collection is
created.
OptionalReadonlytlsftp_url?: string
Description
TLSFTP URL for the data on this collection.
Optionaluser_credential_id?: string
Format: uuid
Description
The ID of the User Credential which is used to access data on this
collection. This credential must be owned by the collection's
identity_id.
Optionaluser_message?: null|string
Description
A message for clients to display to users when interacting with
this collection. For guest collections, this property is read-only
and is the same as the value of its related mapped collection. The
message may be up to 64 characters long.
Optionaluser_message_link?: null|string
Description
Link to additional messaging for clients to display to users
when interacting with this endpoint, linked to an
HTTP or HTTPS URL. For guest collections, this property is
read-only and is the same as the value of its related mapped
collection.
A collection consists of metadata about the collection, a DNS
domain for accessing data on the collection, and configuration on
the Data Transfer Nodes to access the collection data. Globus
Connect Server version 5 supports two types of collections:
mapped and guest.
Version 1.1.0 adds support for enabling or disabling https access for
individual collections, as well as the ability for collection
administrators to add an optional message and web link to be shown on
the Globus Web App when users visit the collection.
Version 1.2.0 adds the ability to enable or disable sharing by specific
users.
Version 1.3.0 add support for custom DNS domains on collections.
Version 1.4.0 allows optional multi-factor authentication requirements to
high assurance collections and the ability to require checksums when
transferring data on this collection.
Version 1.5.0 allows administrators to disable permissions that would allow
anonymous users to have write access to an endpoint.
Version 1.6.0 allows administrators of mapped collections to associate
policies that users accessing guest collections must meet beyond the
guest collection permissions.
Version 1.7.0 increases the maximum allowed length of the user_message
property.
Optionalallow_guest_collections?: boolean
Description
Flag indicating if this Collection allows users to create guest
collections on it. This is always false if this is a guest
collection. If this is changed to false on a mapped collection with
associated guest collections, those collections will no longer be
accessible.
OptionalReadonlyauthentication_timeout_mins?: number
Description
Timeout (in minutes) during which a user is required to have
authenticated in a session to access this storage gateway.
collection_base_path: string
Description
Path to be interpreted as the base path when creating a new
collection. It is interpreted differently depending on the
collection type being created. For a mapped collection, this is an
absolute path on the storage system named by the
storage_gateway_id. For a guest collection, this is a relative
path relative to the value of the root_path attribute on the
mapped collection with the same Id as the mapped_collection_id
property. This may not be changed once the collection is created.
Support for `~` was added in API version 1.21.0.
collection_type: "mapped"|"guest"
Description
Type of collection. A mapped collection requires an account on
the system to access the administrator-defined collection. A
guest collection allows users to share access to their data on a
Storage Gateway by registering a credential with the GCS Manager.
OptionalReadonlyconnector_id?: string
Format: uuid
Description
Id of the connector type that is used by this collection.
Optionalcontact_email?: null|string
Description
Email address of the support contact for this collection. This is visible
to end users so that they may contact your organization for support.
Optionalcontact_info?: null|string
Description
Other non-email contact information for the collection, e.g. phone and
mailing address. This is visible to end users for support.
DATA_TYPE: "collection#1.7.0"
Description
Type of this document
Default
collection#1.7.0 @enum {string}
Optionaldefault_directory?: string
Description
Default directory when accessing the collection. This may include
the special string $USER which is evaluated at access time to be
the connector-specific username accessing the data.
If the collection is mapped collection with a
**collection_base_path** value of `/`, this value can also begin
with the values `/~/` and `$HOME`, which are replaced by the user's
home directory, or `/` if the connector does not support the
concept of a home directory.
OptionalReadonlydeleted?: boolean
Description
Flag indicating that this collection has been deleted
Optionaldepartment?: null|string
Description
Department within organization that runs the server(s).
Searchable. Optional. Unicode string, max 1024
characters, no new lines.
Optionaldescription?: null|string
Description
A description of the collection.
Optionaldisable_anonymous_writes?: boolean
Description
Flag indicating if guest collections on this mapped collection
allow anonymous write permissions or not. This flag is always true for high
assurance collections. For non-high assurance mapped collections, the
default value is false.
Optionaldisable_verify?: boolean
Description
Flag indicating that this endpoint does not support computing
checksums, needed for the verify_checksum option of transfer.
display_name: string
Description
Friendly name for the collection. Unicode string, max 128
characters, no new lines (\r or \n).
PEM-Encoded X.509 certificate chain for this domain. Only needed if
there are intermediate certificates that must also be sent to
clients to allow them to verify the certificate.
Optionalcertificate_chain_path?: null|string
Description
Path to a file containing the X.509 certificate chain for this
domain. This file path must contain a sequence of valid
certificate and be present on each data transfer node.
Optionalcertificate_path?: null|string
Description
Path to a file containing the X.509 certificate for this domain.
This file path must contain a valid certificate and be present on
each data transfer node.
DATA_TYPE: "domain#1.0.0"
Description
Type of this document
Default
domain#1.0.0 @enum {string}
domain_name: string
Description
Domain name
Optionalprivate_key?: null|string
Description
PEM-Encoded private key for the certificate
Optionalprivate_key_path?: null|string
Description
Path to a file containing the private key for this domain. This
file path must contain a valid key and be present on each data
transfer node.
wildcard: boolean
Description
Flag indicating whether this is a wildcard domain or not.
When setting a custom domain for a mapped collection, the domain
may optionally be a wildcard domain. If it is a wildcard domain,
the guest collections will be created as subdomains of the mapped
collection domain; if not, guest collections will be created as
subdomains of the endpoint domain.
Optionaldomain_name?: string
Description
DNS name of the virtual host serving this collection. For mapped
collections which do not have a custom domain, this may be specified as
part of the input document to create the collection, otherwise this is
a read-only property. When included in the input, the name is
restricted to be a subdomain of the endpoint, and the input name label
may not start with m- or g-.
Optionalenable_https?: boolean
Description
Boolean flag indicating whether this collection should support
HTTPS. This value can be set on mapped collections or guest
collections. However, it may not be set to true on a guest
collection if the value on the related mapped collection is false.
Optionalforce_encryption?: boolean
Description
Flag indicating whether all data transfers to and from this
collection are always encrypted.
__New in v5.4.17__: If a mapped collection forces encryption, all
of its guest collections must as well. If this option is used on a
mapped collection, the value is propagated to its guest
collections.
Optionalforce_verify?: boolean
Description
Flag indicating that this endpoint requires computing checksums,
needed for the verify_checksum option of transfer.
Optionalguest_auth_policy_id?: null|string
Format: uuid
Description
Authentication policy set on mapped collections and inherited by its
guest collections. During authorization, the authentication policy must
be satisfied before permissions are considered. Read-only on guest
collections. (Added in API 1.15.0)
OptionalReadonlyhigh_assurance?: boolean
Description
Flag indicating if this collection is created on a high assurance
Storage Gateway.
OptionalReadonlyhttps_url?: string
Description
HTTPS URL for the data on this collection.
OptionalReadonlyid?: string
Format: uuid
Description
Unique identifier for this collection. This is assigned
by the GCS manager when creating a collection.
Optionalidentity_id?: string
Format: uuid
Description
Globus Auth identity to who acts as the owner of this collection.
This identity is an administrator on the collection.
Optionalinfo_link?: null|string
Description
Link to a web page with more information about the collection
Optionalkeywords?: string[]
Description
List of search keywords for the
endpoint. Optional. Unicode string, max 1024
characters total across all strings.
OptionalReadonlymanager_url?: string
Description
URL of the GCS Manager API service for the endpoint hosting this
collection.
Optionalmapped_collection_id?: string
Format: uuid
Description
Unique ID of the Mapped Collection which this guest collection is
associated with. This is set on creation and may not be changed.
For a Guest Collection, this must be set, and policies related
sharing (allow_guest_collections, sharing_restrict_paths) will
always reflect the values in the Mapped Collection definition and
may not be changed on this Guest Collection.
Optionalorganization?: string
Description
Organization that runs the server(s) represented by the endpoint.
Optional to preserve backward compatibility, but will eventually be
required and all clients are encouraged to require users to specify
it. Unicode string, max 1024 characters, no new lines.
Flag indicating whether this collection is visible to other Globus
users.
OptionalReadonlyrequire_mfa?: boolean
Description
Flag indicating if the storage_gateway requires multi-factor
authentication. Only applies to high assurance storage gateways.
OptionalReadonlyroot_path?: string
Description
Absolute root path of the collection. All data access
is done relative to this path. On a guest collection,
this value is only visible if the caller has an
administrator role on both the guest collection and the
mapped collection it is created on.
Optionalsharing_restrict_paths?: unknown
Description
Restrictions on which paths may be shared in guest collections related
to this mapped collection. On the mapped collection, these paths are
relative to the root_path property of the mapped collection. On a guest
collection, they are absolute paths from the storage root.
Optionalsharing_users_allow?: null|string[]
Description
List of connector-specific usernames allowed to create new guest
collections on this mapped collection.
Optionalsharing_users_deny?: null|string[]
Description
List of connector-specific usernames denied access to
create new guest collections on this mapped collection.
Optionalstorage_gateway_id?: string
Format: uuid
Description
Unique ID of the Storage Gateway which this collection provides
access to. This value can not change after the collection is
created.
OptionalReadonlytlsftp_url?: string
Description
TLSFTP URL for the data on this collection.
Optionaluser_credential_id?: string
Format: uuid
Description
The ID of the User Credential which is used to access data on this
collection. This credential must be owned by the collection's
identity_id.
Optionaluser_message?: null|string
Description
A message for clients to display to users when interacting with
this collection. For guest collections, this property is read-only
and is the same as the value of its related mapped collection. The
message may be up to 256 characters long.
Optionaluser_message_link?: null|string
Description
Link to additional messaging for clients to display to users
when interacting with this endpoint, linked to an
HTTP or HTTPS URL. For guest collections, this property is
read-only and is the same as the value of its related mapped
collection.
A collection consists of metadata about the collection, a DNS
domain for accessing data on the collection, and configuration on
the Data Transfer Nodes to access the collection data. Globus
Connect Server version 5 supports two types of collections:
mapped and guest.
Version 1.1.0 adds support for enabling or disabling https access for
individual collections, as well as the ability for collection
administrators to add an optional message and web link to be shown on
the Globus Web App when users visit the collection.
Version 1.2.0 adds the ability to enable or disable sharing by specific
users.
Version 1.3.0 add support for custom DNS domains on collections.
Version 1.4.0 allows optional multi-factor authentication requirements to
high assurance collections and the ability to require checksums when
transferring data on this collection.
Version 1.5.0 allows administrators to disable permissions that would allow
anonymous users to have write access to an endpoint.
Version 1.6.0 allows administrators of mapped collections to associate
policies that users accessing guest collections must meet beyond the
guest collection permissions.
Version 1.7.0 increases the maximum allowed length of the user_message
property.
Version 1.8.0 adds the delete_protected property. While it is set to true
on a mapped collection, the collection may not be deleted. As of GCS 5.4.69,
this is true by default.
Optionalallow_guest_collections?: boolean
Description
Flag indicating if this Collection allows users to create guest
collections on it. This is always false if this is a guest
collection. If this is changed to false on a mapped collection with
associated guest collections, those collections will no longer be
accessible.
OptionalReadonlyauthentication_timeout_mins?: number
Description
Timeout (in minutes) during which a user is required to have
authenticated in a session to access this storage gateway.
collection_base_path: string
Description
Path to be interpreted as the base path when creating a new
collection. It is interpreted differently depending on the
collection type being created. For a mapped collection, this is an
absolute path on the storage system named by the
storage_gateway_id. For a guest collection, this is a relative
path relative to the value of the root_path attribute on the
mapped collection with the same Id as the mapped_collection_id
property. This may not be changed once the collection is created.
Support for `~` was added in API version 1.21.0.
collection_type: "mapped"|"guest"
Description
Type of collection. A mapped collection requires an account on
the system to access the administrator-defined collection. A
guest collection allows users to share access to their data on a
Storage Gateway by registering a credential with the GCS Manager.
OptionalReadonlyconnector_id?: string
Format: uuid
Description
Id of the connector type that is used by this collection.
Optionalcontact_email?: null|string
Description
Email address of the support contact for this collection. This is visible
to end users so that they may contact your organization for support.
Optionalcontact_info?: null|string
Description
Other non-email contact information for the collection, e.g. phone and
mailing address. This is visible to end users for support.
DATA_TYPE: "collection#1.8.0"
Description
Type of this document
Default
collection#1.8.0 @enum {string}
Optionaldefault_directory?: string
Description
Default directory when accessing the collection. This may include
the special string $USER which is evaluated at access time to be
the connector-specific username accessing the data.
If the collection is mapped collection with a
**collection_base_path** value of `/`, this value can also begin
with the values `/~/` and `$HOME`, which are replaced by the user's
home directory, or `/` if the connector does not support the
concept of a home directory.
Optionaldelete_protected?: boolean
Description
If set to true, this collection can not be deleted. This property
is available only on mapped collections. As of GCS 5.4.69, this is
true by default.
OptionalReadonlydeleted?: boolean
Description
Flag indicating that this collection has been deleted
Optionaldepartment?: null|string
Description
Department within organization that runs the server(s).
Searchable. Optional. Unicode string, max 1024
characters, no new lines.
Optionaldescription?: null|string
Description
A description of the collection.
Optionaldisable_anonymous_writes?: boolean
Description
Flag indicating if guest collections on this mapped collection
allow anonymous write permissions or not. This flag is always true for high
assurance collections. For non-high assurance mapped collections, the
default value is false.
Optionaldisable_verify?: boolean
Description
Flag indicating that this endpoint does not support computing
checksums, needed for the verify_checksum option of transfer.
display_name: string
Description
Friendly name for the collection. Unicode string, max 128
characters, no new lines (\r or \n).
PEM-Encoded X.509 certificate chain for this domain. Only needed if
there are intermediate certificates that must also be sent to
clients to allow them to verify the certificate.
Optionalcertificate_chain_path?: null|string
Description
Path to a file containing the X.509 certificate chain for this
domain. This file path must contain a sequence of valid
certificate and be present on each data transfer node.
Optionalcertificate_path?: null|string
Description
Path to a file containing the X.509 certificate for this domain.
This file path must contain a valid certificate and be present on
each data transfer node.
DATA_TYPE: "domain#1.0.0"
Description
Type of this document
Default
domain#1.0.0 @enum {string}
domain_name: string
Description
Domain name
Optionalprivate_key?: null|string
Description
PEM-Encoded private key for the certificate
Optionalprivate_key_path?: null|string
Description
Path to a file containing the private key for this domain. This
file path must contain a valid key and be present on each data
transfer node.
wildcard: boolean
Description
Flag indicating whether this is a wildcard domain or not.
When setting a custom domain for a mapped collection, the domain
may optionally be a wildcard domain. If it is a wildcard domain,
the guest collections will be created as subdomains of the mapped
collection domain; if not, guest collections will be created as
subdomains of the endpoint domain.
Optionaldomain_name?: string
Description
DNS name of the virtual host serving this collection. For mapped
collections which do not have a custom domain, this may be specified as
part of the input document to create the collection, otherwise this is
a read-only property. When included in the input, the name is
restricted to be a subdomain of the endpoint, and the input name label
may not start with m- or g-.
Optionalenable_https?: boolean
Description
Boolean flag indicating whether this collection should support
HTTPS. This value can be set on mapped collections or guest
collections. However, it may not be set to true on a guest
collection if the value on the related mapped collection is false.
Optionalforce_encryption?: boolean
Description
Flag indicating whether all data transfers to and from this
collection are always encrypted.
__New in v5.4.17__: If a mapped collection forces encryption, all
of its guest collections must as well. If this option is used on a
mapped collection, the value is propagated to its guest
collections.
Optionalforce_verify?: boolean
Description
Flag indicating that this endpoint requires computing checksums,
needed for the verify_checksum option of transfer.
Optionalguest_auth_policy_id?: null|string
Format: uuid
Description
Authentication policy set on mapped collections and inherited by its
guest collections. During authorization, the authentication policy must
be satisfied before permissions are considered. Read-only on guest
collections. (Added in API 1.15.0)
OptionalReadonlyhigh_assurance?: boolean
Description
Flag indicating if this collection is created on a high assurance
Storage Gateway.
OptionalReadonlyhttps_url?: string
Description
HTTPS URL for the data on this collection.
OptionalReadonlyid?: string
Format: uuid
Description
Unique identifier for this collection. This is assigned
by the GCS manager when creating a collection.
Optionalidentity_id?: string
Format: uuid
Description
Globus Auth identity to who acts as the owner of this collection.
This identity is an administrator on the collection.
Optionalinfo_link?: null|string
Description
Link to a web page with more information about the collection
Optionalkeywords?: string[]
Description
List of search keywords for the
endpoint. Optional. Unicode string, max 1024
characters total across all strings.
OptionalReadonlymanager_url?: string
Description
URL of the GCS Manager API service for the endpoint hosting this
collection.
Optionalmapped_collection_id?: string
Format: uuid
Description
Unique ID of the Mapped Collection which this guest collection is
associated with. This is set on creation and may not be changed.
For a Guest Collection, this must be set, and policies related
sharing (allow_guest_collections, sharing_restrict_paths) will
always reflect the values in the Mapped Collection definition and
may not be changed on this Guest Collection.
Optionalorganization?: string
Description
Organization that runs the server(s) represented by the endpoint.
Optional to preserve backward compatibility, but will eventually be
required and all clients are encouraged to require users to specify
it. Unicode string, max 1024 characters, no new lines.
Flag indicating whether this collection is visible to other Globus
users.
OptionalReadonlyrequire_mfa?: boolean
Description
Flag indicating if the storage_gateway requires multi-factor
authentication. Only applies to high assurance storage gateways.
OptionalReadonlyroot_path?: string
Description
Absolute root path of the collection. All data access
is done relative to this path. On a guest collection,
this value is only visible if the caller has an
administrator role on both the guest collection and the
mapped collection it is created on.
Optionalsharing_restrict_paths?: unknown
Description
Restrictions on which paths may be shared in guest collections related
to this mapped collection. On the mapped collection, these paths are
relative to the root_path property of the mapped collection. On a guest
collection, they are absolute paths from the storage root.
Optionalsharing_users_allow?: null|string[]
Description
List of connector-specific usernames allowed to create new guest
collections on this mapped collection.
Optionalsharing_users_deny?: null|string[]
Description
List of connector-specific usernames denied access to
create new guest collections on this mapped collection.
Optionalstorage_gateway_id?: string
Format: uuid
Description
Unique ID of the Storage Gateway which this collection provides
access to. This value can not change after the collection is
created.
OptionalReadonlytlsftp_url?: string
Description
TLSFTP URL for the data on this collection.
Optionaluser_credential_id?: string
Format: uuid
Description
The ID of the User Credential which is used to access data on this
collection. This credential must be owned by the collection's
identity_id.
Optionaluser_message?: null|string
Description
A message for clients to display to users when interacting with
this collection. For guest collections, this property is read-only
and is the same as the value of its related mapped collection. The
message may be up to 256 characters long.
Optionaluser_message_link?: null|string
Description
Link to additional messaging for clients to display to users
when interacting with this endpoint, linked to an
HTTP or HTTPS URL. For guest collections, this property is
read-only and is the same as the value of its related mapped
collection.
A collection consists of metadata about the collection, a DNS
domain for accessing data on the collection, and configuration on
the Data Transfer Nodes to access the collection data. Globus
Connect Server version 5 supports two types of collections:
mapped and guest.
Version 1.1.0 adds support for enabling or disabling https access for
individual collections, as well as the ability for collection
administrators to add an optional message and web link to be shown on
the Globus Web App when users visit the collection.
Version 1.2.0 adds the ability to enable or disable sharing by specific
users.
Version 1.3.0 add support for custom DNS domains on collections.
Version 1.4.0 allows optional multi-factor authentication requirements to
high assurance collections and the ability to require checksums when
transferring data on this collection.
Version 1.5.0 allows administrators to disable permissions that would allow
anonymous users to have write access to an endpoint.
Version 1.6.0 allows administrators of mapped collections to associate
policies that users accessing guest collections must meet beyond the
guest collection permissions.
Version 1.7.0 increases the maximum allowed length of the user_message
property.
Version 1.8.0 adds the delete_protected property. While it is set to true
on a mapped collection, the collection may not be deleted. As of GCS 5.4.69,
this is true by default.
Version 1.9.0 adds the read-only last_access and created_at properties.
Optionalallow_guest_collections?: boolean
Description
Flag indicating if this Collection allows users to create guest
collections on it. This is always false if this is a guest
collection. If this is changed to false on a mapped collection with
associated guest collections, those collections will no longer be
accessible.
OptionalReadonlyauthentication_timeout_mins?: number
Description
Timeout (in minutes) during which a user is required to have
authenticated in a session to access this storage gateway.
collection_base_path: string
Description
Path to be interpreted as the base path when creating a new
collection. It is interpreted differently depending on the
collection type being created. For a mapped collection, this is an
absolute path on the storage system named by the
storage_gateway_id. For a guest collection, this is a relative
path relative to the value of the root_path attribute on the
mapped collection with the same Id as the mapped_collection_id
property. This may not be changed once the collection is created.
Support for `~` was added in API version 1.21.0.
collection_type: "mapped"|"guest"
Description
Type of collection. A mapped collection requires an account on
the system to access the administrator-defined collection. A
guest collection allows users to share access to their data on a
Storage Gateway by registering a credential with the GCS Manager.
OptionalReadonlyconnector_id?: string
Format: uuid
Description
Id of the connector type that is used by this collection.
Optionalcontact_email?: null|string
Description
Email address of the support contact for this collection. This is visible
to end users so that they may contact your organization for support.
Optionalcontact_info?: null|string
Description
Other non-email contact information for the collection, e.g. phone and
mailing address. This is visible to end users for support.
OptionalReadonlycreated_at?: null|string
Format: date
Description
Date on which this collection was created
DATA_TYPE: "collection#1.9.0"
Description
Type of this document
Default
collection#1.9.0 @enum {string}
Optionaldefault_directory?: string
Description
Default directory when accessing the collection. This may include
the special string $USER which is evaluated at access time to be
the connector-specific username accessing the data.
If the collection is mapped collection with a
**collection_base_path** value of `/`, this value can also begin
with the values `/~/` and `$HOME`, which are replaced by the user's
home directory, or `/` if the connector does not support the
concept of a home directory.
Optionaldelete_protected?: boolean
Description
If set to true, this collection can not be deleted. This property
is available only on mapped collections. As of GCS 5.4.69, this is
true by default.
OptionalReadonlydeleted?: boolean
Description
Flag indicating that this collection has been deleted
Optionaldepartment?: null|string
Description
Department within organization that runs the server(s).
Searchable. Optional. Unicode string, max 1024
characters, no new lines.
Optionaldescription?: null|string
Description
A description of the collection.
Optionaldisable_anonymous_writes?: boolean
Description
Flag indicating if guest collections on this mapped collection
allow anonymous write permissions or not. This flag is always true for high
assurance collections. For non-high assurance mapped collections, the
default value is false.
Optionaldisable_verify?: boolean
Description
Flag indicating that this endpoint does not support computing
checksums, needed for the verify_checksum option of transfer.
display_name: string
Description
Friendly name for the collection. Unicode string, max 128
characters, no new lines (\r or \n).
PEM-Encoded X.509 certificate chain for this domain. Only needed if
there are intermediate certificates that must also be sent to
clients to allow them to verify the certificate.
Optionalcertificate_chain_path?: null|string
Description
Path to a file containing the X.509 certificate chain for this
domain. This file path must contain a sequence of valid
certificate and be present on each data transfer node.
Optionalcertificate_path?: null|string
Description
Path to a file containing the X.509 certificate for this domain.
This file path must contain a valid certificate and be present on
each data transfer node.
DATA_TYPE: "domain#1.0.0"
Description
Type of this document
Default
domain#1.0.0 @enum {string}
domain_name: string
Description
Domain name
Optionalprivate_key?: null|string
Description
PEM-Encoded private key for the certificate
Optionalprivate_key_path?: null|string
Description
Path to a file containing the private key for this domain. This
file path must contain a valid key and be present on each data
transfer node.
wildcard: boolean
Description
Flag indicating whether this is a wildcard domain or not.
When setting a custom domain for a mapped collection, the domain
may optionally be a wildcard domain. If it is a wildcard domain,
the guest collections will be created as subdomains of the mapped
collection domain; if not, guest collections will be created as
subdomains of the endpoint domain.
Optionaldomain_name?: string
Description
DNS name of the virtual host serving this collection. For mapped
collections which do not have a custom domain, this may be specified as
part of the input document to create the collection, otherwise this is
a read-only property. When included in the input, the name is
restricted to be a subdomain of the endpoint, and the input name label
may not start with m- or g-.
Optionalenable_https?: boolean
Description
Boolean flag indicating whether this collection should support
HTTPS. This value can be set on mapped collections or guest
collections. However, it may not be set to true on a guest
collection if the value on the related mapped collection is false.
Optionalforce_encryption?: boolean
Description
Flag indicating whether all data transfers to and from this
collection are always encrypted.
__New in v5.4.17__: If a mapped collection forces encryption, all
of its guest collections must as well. If this option is used on a
mapped collection, the value is propagated to its guest
collections.
Optionalforce_verify?: boolean
Description
Flag indicating that this endpoint requires computing checksums,
needed for the verify_checksum option of transfer.
Optionalguest_auth_policy_id?: null|string
Format: uuid
Description
Authentication policy set on mapped collections and inherited by its
guest collections. During authorization, the authentication policy must
be satisfied before permissions are considered. Read-only on guest
collections. (Added in API 1.15.0)
OptionalReadonlyhigh_assurance?: boolean
Description
Flag indicating if this collection is created on a high assurance
Storage Gateway.
OptionalReadonlyhttps_url?: string
Description
HTTPS URL for the data on this collection.
OptionalReadonlyid?: string
Format: uuid
Description
Unique identifier for this collection. This is assigned
by the GCS manager when creating a collection.
Optionalidentity_id?: string
Format: uuid
Description
Globus Auth identity to who acts as the owner of this collection.
This identity is an administrator on the collection.
Optionalinfo_link?: null|string
Description
Link to a web page with more information about the collection
Optionalkeywords?: string[]
Description
List of search keywords for the
endpoint. Optional. Unicode string, max 1024
characters total across all strings.
OptionalReadonlylast_access?: null|string
Format: date
Description
Date on which this collection was last accessed
OptionalReadonlymanager_url?: string
Description
URL of the GCS Manager API service for the endpoint hosting this
collection.
Optionalmapped_collection_id?: string
Format: uuid
Description
Unique ID of the Mapped Collection which this guest collection is
associated with. This is set on creation and may not be changed.
For a Guest Collection, this must be set, and policies related
sharing (allow_guest_collections, sharing_restrict_paths) will
always reflect the values in the Mapped Collection definition and
may not be changed on this Guest Collection.
Optionalorganization?: string
Description
Organization that runs the server(s) represented by the endpoint.
Optional to preserve backward compatibility, but will eventually be
required and all clients are encouraged to require users to specify
it. Unicode string, max 1024 characters, no new lines.
Flag indicating whether this collection is visible to other Globus
users.
OptionalReadonlyrequire_mfa?: boolean
Description
Flag indicating if the storage_gateway requires multi-factor
authentication. Only applies to high assurance storage gateways.
OptionalReadonlyroot_path?: string
Description
Absolute root path of the collection. All data access
is done relative to this path. On a guest collection,
this value is only visible if the caller has an
administrator role on both the guest collection and the
mapped collection it is created on.
Optionalsharing_restrict_paths?: unknown
Description
Restrictions on which paths may be shared in guest collections related
to this mapped collection. On the mapped collection, these paths are
relative to the root_path property of the mapped collection. On a guest
collection, they are absolute paths from the storage root.
Optionalsharing_users_allow?: null|string[]
Description
List of connector-specific usernames allowed to create new guest
collections on this mapped collection.
Optionalsharing_users_deny?: null|string[]
Description
List of connector-specific usernames denied access to
create new guest collections on this mapped collection.
Optionalstorage_gateway_id?: string
Format: uuid
Description
Unique ID of the Storage Gateway which this collection provides
access to. This value can not change after the collection is
created.
OptionalReadonlytlsftp_url?: string
Description
TLSFTP URL for the data on this collection.
Optionaluser_credential_id?: string
Format: uuid
Description
The ID of the User Credential which is used to access data on this
collection. This credential must be owned by the collection's
identity_id.
Optionaluser_message?: null|string
Description
A message for clients to display to users when interacting with
this collection. For guest collections, this property is read-only
and is the same as the value of its related mapped collection. The
message may be up to 256 characters long.
Optionaluser_message_link?: null|string
Description
Link to additional messaging for clients to display to users
when interacting with this endpoint, linked to an
HTTP or HTTPS URL. For guest collections, this property is
read-only and is the same as the value of its related mapped
collection.
Error details when a user has attempted to use a credential when creating a
collection or logging in, but there are multiple mapped identities and none
of them have a valid credential.
Error details when a user has attempted to use a credential when creating a
collection or logging in, but there are multiple mapped identities and none
of them have a valid credential.
PEM-Encoded X.509 certificate chain for this domain. Only needed if
there are intermediate certificates that must also be sent to
clients to allow them to verify the certificate.
Optionalcertificate_chain_path?: null|string
Description
Path to a file containing the X.509 certificate chain for this
domain. This file path must contain a sequence of valid
certificate and be present on each data transfer node.
Optionalcertificate_path?: null|string
Description
Path to a file containing the X.509 certificate for this domain.
This file path must contain a valid certificate and be present on
each data transfer node.
DATA_TYPE: "domain#1.0.0"
Description
Type of this document
Default
domain#1.0.0 @enum {string}
domain_name: string
Description
Domain name
Optionalprivate_key?: null|string
Description
PEM-Encoded private key for the certificate
Optionalprivate_key_path?: null|string
Description
Path to a file containing the private key for this domain. This
file path must contain a valid key and be present on each data
transfer node.
wildcard: boolean
Description
Flag indicating whether this is a wildcard domain or not.
When setting a custom domain for a mapped collection, the domain
may optionally be a wildcard domain. If it is a wildcard domain,
the guest collections will be created as subdomains of the mapped
collection domain; if not, guest collections will be created as
subdomains of the endpoint domain.
PEM-Encoded X.509 certificate chain for this domain. Only needed if
there are intermediate certificates that must also be sent to
clients to allow them to verify the certificate.
Optionalcertificate_chain_path?: null|string
Description
Path to a file containing the X.509 certificate chain for this
domain. This file path must contain a sequence of valid
certificate and be present on each data transfer node.
Optionalcertificate_path?: null|string
Description
Path to a file containing the X.509 certificate for this domain.
This file path must contain a valid certificate and be present on
each data transfer node.
DATA_TYPE: "domain#1.0.0"
Description
Type of this document
Default
domain#1.0.0 @enum {string}
domain_name: string
Description
Domain name
Optionalprivate_key?: null|string
Description
PEM-Encoded private key for the certificate
Optionalprivate_key_path?: null|string
Description
Path to a file containing the private key for this domain. This
file path must contain a valid key and be present on each data
transfer node.
wildcard: boolean
Description
Flag indicating whether this is a wildcard domain or not.
When setting a custom domain for a mapped collection, the domain
may optionally be a wildcard domain. If it is a wildcard domain,
the guest collections will be created as subdomains of the mapped
collection domain; if not, guest collections will be created as
subdomains of the endpoint domain.
Connector-specific storage gateway policies for the Dropbox connector
Optionalallow_any_account?: boolean
Description
If true, allow users to access personal or external Dropbox accounts.
If false (the default), users must use the Dropbox account which
matches the username their Globus credential maps to.
OptionalReadonlyauth_callback?: string
Description
URL of the auth callback that must be registered on the Dropbox App
Console for the associated client_id in order to process Dropbox
credentials.
client_id: null|string
Description
Client ID (App key) of the app created in the Dropbox App Console
DATA_TYPE: "dropbox_storage_policies#1.0.0"
Description
Type of this document
Default
dropbox_storage_policies#1.0.0 @enum {string}
secret: null|string
Description
App secret of the app from the Dropbox App Console
policy.
Optionaluser_api_rate_limit?: number
Description
User API Rate Limit associated with this client ID in operations per
second per user.
Connector-specific storage gateway policies for the Dropbox connector
Optionalallow_any_account?: boolean
Description
If true, allow users to access personal or external Dropbox accounts.
If false (the default), users must use the Dropbox account which
matches the username their Globus credential maps to.
OptionalReadonlyauth_callback?: string
Description
URL of the auth callback that must be registered on the Dropbox App
Console for the associated client_id in order to process Dropbox
credentials.
client_id: null|string
Description
Client ID (App key) of the app created in the Dropbox App Console
DATA_TYPE: "dropbox_storage_policies#1.0.0"
Description
Type of this document
Default
dropbox_storage_policies#1.0.0 @enum {string}
secret: null|string
Description
App secret of the app from the Dropbox App Console
policy.
Optionaluser_api_rate_limit?: number
Description
User API Rate Limit associated with this client ID in operations per
second per user.
A Globus Connect Server endpoint is a deployment of Globus Connect Server
version 5. A single endpoint may optionally include multiple data transfer
nodes. The endpoint provides a link between a Globus Connect Server
deployment and the Globus Transfer service. The endpoint describes services
for accessing data via GridFTP and HTTPS and also for configuring and
managing the policies associated with that access.
Version 1.1.0 of the endpoint includes support for customizing the TCP port
that the GridFTP listens on.
Version 1.2.0 of the endpoint includes read-only earliest_last_access
to put a limit on collections which are missing a last_access value.
A Globus Connect Server endpoint is a deployment of Globus Connect Server
version 5. A single endpoint may optionally include multiple data transfer
nodes. The endpoint provides a link between a Globus Connect Server
deployment and the Globus Transfer service. The endpoint describes services
for accessing data via GridFTP and HTTPS and also for configuring and
managing the policies associated with that access.
Optionalallow_udt?: boolean
Description
Allow data transfer on this endpoint using the UDT protocol
Optionalcontact_email?: string
Description
Email address of the support contact for this endpoint. This is visible to end users so that they may contact your organization for support.
Optionalcontact_info?: string
Description
Other non-email contact information for the endpoint, e.g. phone and mailing address. This is visible to end users for support.
DATA_TYPE: "endpoint#1.0.0"
Description
Type of this document
Default
endpoint#1.0.0 @enum {string}
Optionaldepartment?: string
Description
Department within organization that runs the server(s).
Searchable. Unicode string, max 1024 characters, no new lines.
Optionaldescription?: string
Description
A description of the endpoint
display_name: string
Description
Friendly name for the endpoint, not unique. Unicode string, no new
lines (\r or \n). Searchable.
OptionalReadonlygcs_manager_url?: string
Description
URL of the GCS Manager API service for this endpoint
Optionalid?: string
Format: uuid
Description
Unique identifier for this endpoint
Optionalinfo_link?: string
Description
Link to a web page with more information about the endpoint. The
administrator is responsible for running a website at this URL and
verifying that it is accepting public connections.
Optionalkeywords?: string[]
Description
List of search keywords for the endpoint. Unicode
string, max 1024 characters total across all strings.
Optionalmax_concurrency?: number
Description
Admin-specified value when the network_use property's value is
custom; otherwise the preset value for the specified
network_use.
Optionalmax_parallelism?: number
Description
Admin-specified value when the network_use property's value is
custom; otherwise the preset value for the specified
network_use.
Control how Globus interacts with this endpoint over the network.
Allowed values for **network_use** are:
* `normal`
- The default setting. Uses an average level of concurrency and
parallelism. The levels depend on the number of physical
servers in the endpoint.
* `minimal`
- Uses a minimal level of concurrency and parallelism.
* `aggressive`
- Uses a high level of concurrency and parallelism.
* `custom`
- Uses custom values of concurrency and parallelism set by the
endpoint admin. When setting this level, you must also set
the **max_concurrency**, **preferred_concurrency**,
**max_parallelism**, and **preferred_parallelism** properties.
Default
normal @enum {string}
Optionalorganization?: string
Description
Organization that runs the server(s) represented by the endpoint.
Unicode string, max 1024 characters, no new lines.
Optionalpreferred_concurrency?: number
Description
Admin-specified value when the network_use property's value is
custom; otherwise the preset value for the specified
network_use.
Optionalpreferred_parallelism?: number
Description
Admin-specified value when the network_use property's value is
custom; otherwise the preset value for the specified
network_use.
public: boolean
Description
Flag indicating whether this endpoint is visible to all other
Globus users. If false, only users which have been granted a role
on the endpoint or one of its collections, or belong to a domain
allowed access to any of its storage gateways may view it.
Default
true
Optionalsubscription_id?: null|string
Description
The id of the subscription that is managing this endpoint. This may be
the special value DEFAULT when using this as input to PATCH or PUT to
use the caller's default subscription id.
A Globus Connect Server endpoint is a deployment of Globus Connect Server
version 5. A single endpoint may optionally include multiple data transfer
nodes. The endpoint provides a link between a Globus Connect Server
deployment and the Globus Transfer service. The endpoint describes services
for accessing data via GridFTP and HTTPS and also for configuring and
managing the policies associated with that access.
Version 1.1.0 of the endpoint includes support for customizing the TCP port
that the GridFTP listens on.
Optionalallow_udt?: boolean
Description
Allow data transfer on this endpoint using the UDT protocol
Optionalcontact_email?: string
Description
Email address of the support contact for this endpoint. This is visible to end users so that they may contact your organization for support.
Optionalcontact_info?: string
Description
Other non-email contact information for the endpoint, e.g. phone and mailing address. This is visible to end users for support.
DATA_TYPE: "endpoint#1.1.0"
Description
Type of this document
Default
endpoint#1.1.0 @enum {string}
Optionaldepartment?: string
Description
Department within organization that runs the server(s).
Searchable. Unicode string, max 1024 characters, no new lines.
Optionaldescription?: string
Description
A description of the endpoint
display_name: string
Description
Friendly name for the endpoint, not unique. Unicode string, no new
lines (\r or \n). Searchable.
OptionalReadonlygcs_manager_url?: string
Description
URL of the GCS Manager API service for this endpoint
TCP port for the Globus control channel to listen on. By default,
the control channel is passed through 443 with an ALPN header
containing the value "ftp".
Optionalid?: string
Format: uuid
Description
Unique identifier for this endpoint
Optionalinfo_link?: string
Description
Link to a web page with more information about the endpoint. The
administrator is responsible for running a website at this URL and
verifying that it is accepting public connections.
Optionalkeywords?: string[]
Description
List of search keywords for the endpoint. Unicode
string, max 1024 characters total across all strings.
Optionalmax_concurrency?: number
Description
Admin-specified value when the network_use property's value is
custom; otherwise the preset value for the specified
network_use.
Optionalmax_parallelism?: number
Description
Admin-specified value when the network_use property's value is
custom; otherwise the preset value for the specified
network_use.
Control how Globus interacts with this endpoint over the network.
Allowed values for **network_use** are:
* `normal`
- The default setting. Uses an average level of concurrency and
parallelism. The levels depend on the number of physical
servers in the endpoint.
* `minimal`
- Uses a minimal level of concurrency and parallelism.
* `aggressive`
- Uses a high level of concurrency and parallelism.
* `custom`
- Uses custom values of concurrency and parallelism set by the
endpoint admin. When setting this level, you must also set
the **max_concurrency**, **preferred_concurrency**,
**max_parallelism**, and **preferred_parallelism** properties.
Default
normal @enum {string}
Optionalorganization?: string
Description
Organization that runs the server(s) represented by the endpoint.
Unicode string, max 1024 characters, no new lines.
Optionalpreferred_concurrency?: number
Description
Admin-specified value when the network_use property's value is
custom; otherwise the preset value for the specified
network_use.
Optionalpreferred_parallelism?: number
Description
Admin-specified value when the network_use property's value is
custom; otherwise the preset value for the specified
network_use.
public: boolean
Description
Flag indicating whether this endpoint is visible to all other
Globus users. If false, only users which have been granted a role
on the endpoint or one of its collections, or belong to a domain
allowed access to any of its storage gateways may view it.
Default
true
Optionalsubscription_id?: null|string
Description
The id of the subscription that is managing this endpoint. This may be
the special value DEFAULT when using this as input to PATCH or PUT to
use the caller's default subscription id.
A Globus Connect Server endpoint is a deployment of Globus Connect Server
version 5. A single endpoint may optionally include multiple data transfer
nodes. The endpoint provides a link between a Globus Connect Server
deployment and the Globus Transfer service. The endpoint describes services
for accessing data via GridFTP and HTTPS and also for configuring and
managing the policies associated with that access.
Version 1.1.0 of the endpoint includes support for customizing the TCP port
that the GridFTP listens on.
Version 1.2.0 of the endpoint includes read-only earliest_last_access
to put a limit on collections which are missing a last_access value.
Optionalallow_udt?: boolean
Description
Allow data transfer on this endpoint using the UDT protocol
Optionalcontact_email?: string
Description
Email address of the support contact for this endpoint. This is visible to end users so that they may contact your organization for support.
Optionalcontact_info?: string
Description
Other non-email contact information for the endpoint, e.g. phone and mailing address. This is visible to end users for support.
DATA_TYPE: "endpoint#1.2.0"
Description
Type of this document
Default
endpoint#1.2.0 @enum {string}
Optionaldepartment?: string
Description
Department within organization that runs the server(s).
Searchable. Unicode string, max 1024 characters, no new lines.
Optionaldescription?: string
Description
A description of the endpoint
display_name: string
Description
Friendly name for the endpoint, not unique. Unicode string, no new
lines (\r or \n). Searchable.
OptionalReadonlyearliest_last_access?: string
Format: date
Description
Earliest date when this endpoint began tracking last_access for
collections
OptionalReadonlygcs_manager_url?: string
Description
URL of the GCS Manager API service for this endpoint
TCP port for the Globus control channel to listen on. By default,
the control channel is passed through 443 with an ALPN header
containing the value "ftp".
Optionalid?: string
Format: uuid
Description
Unique identifier for this endpoint
Optionalinfo_link?: string
Description
Link to a web page with more information about the endpoint. The
administrator is responsible for running a website at this URL and
verifying that it is accepting public connections.
Optionalkeywords?: string[]
Description
List of search keywords for the endpoint. Unicode
string, max 1024 characters total across all strings.
Optionalmax_concurrency?: number
Description
Admin-specified value when the network_use property's value is
custom; otherwise the preset value for the specified
network_use.
Optionalmax_parallelism?: number
Description
Admin-specified value when the network_use property's value is
custom; otherwise the preset value for the specified
network_use.
Control how Globus interacts with this endpoint over the network.
Allowed values for **network_use** are:
* `normal`
- The default setting. Uses an average level of concurrency and
parallelism. The levels depend on the number of physical
servers in the endpoint.
* `minimal`
- Uses a minimal level of concurrency and parallelism.
* `aggressive`
- Uses a high level of concurrency and parallelism.
* `custom`
- Uses custom values of concurrency and parallelism set by the
endpoint admin. When setting this level, you must also set
the **max_concurrency**, **preferred_concurrency**,
**max_parallelism**, and **preferred_parallelism** properties.
Default
normal @enum {string}
Optionalorganization?: string
Description
Organization that runs the server(s) represented by the endpoint.
Unicode string, max 1024 characters, no new lines.
Optionalpreferred_concurrency?: number
Description
Admin-specified value when the network_use property's value is
custom; otherwise the preset value for the specified
network_use.
Optionalpreferred_parallelism?: number
Description
Admin-specified value when the network_use property's value is
custom; otherwise the preset value for the specified
network_use.
public: boolean
Description
Flag indicating whether this endpoint is visible to all other
Globus users. If false, only users which have been granted a role
on the endpoint or one of its collections, or belong to a domain
allowed access to any of its storage gateways may view it.
Default
true
Optionalsubscription_id?: null|string
Description
The id of the subscription that is managing this endpoint. This may be
the special value DEFAULT when using this as input to PATCH or PUT to
use the caller's default subscription id.
The ExpressionIdentityMapping defines a set of identity mapping expressions
to map Globus Auth identity data to a connector-specific list of account
names.
The ExternalIdentityMapping defines the path and arguments of an external
program to map an identity to a storage-gateway specific user account name.
The specified command will be called to map Globus Auth identity data to a
connector-specific list of account names.
Optionalcommand?: string[]
Description
The mapping command and its command-line arguments. In addition to
these arguments, the following will also be passed to the program.
<dl><dt>-c <em>CONNECTOR_ID</em></dt>
<dd>
The ID of the connector that the mapping is being
done in the context of.
</dd>
<dt>-s <em>STORAGE_GATEWAY_ID</em></dt>
<dd>
The ID of the storage gateway that the mapping is being done in
the context of.
</dd>
<dt>-a</dt>
<dd>This option is a flag that indicates that the GCS Manager wants to
receive output containing all mappings for the given identity set. If
not present, the program will receive exactly one object in the
identities array and may only return a single mapping for that
identity.
</dd>
</dl>
Google Cloud Platform project ID value that is associated with this
collection. If set, users must be a member of this project to access
the collection. If the storage gateway 'projects' property is set
to exactly one project, that will be the default value for this property.
Google Cloud Platform project ID value that is associated with this
collection. If set, users must be a member of this project to access
the collection. If the storage gateway 'projects' property is set
to exactly one project, that will be the default value for this property.
Connector-specific storage gateway policies for the Google Cloud Storage
connector
OptionalReadonlyauth_callback?: string
Description
URL of the auth callback that must be registered on the Google API
console for the application client_id in order to process "
Google credentials.
Optionalbuckets?: null|string[]
Description
The list of Google Cloud Storage buckets which the Storage Gateway is
allowed to access, as well as the list of buckets that will be shown in
root level directory listings. If this list is unset, bucket access is
unrestricted and all non public credential accessible buckets will be
shown in root level directory listings. The value is a list of bucket
names.
client_id: null|string
Description
Client ID registered with the Google Application console to access
Google Cloud Storage.
The list of Google Cloud Storage project ids which the Storage Gateway
is allowed to access. If this list is unset, project access is
unrestricted. The value is a list of project id strings.
secret: null|string
Description
Secret created to access access Google Cloud Storage with the client_id
in this policy.
Flag indicating whether users must register a credential. If true (or
if this property is missing), this storage gateway is configured for
OAuth2 user authentication. If false, authentication is configured by
the admin.
Connector-specific storage gateway policies for the Google Cloud Storage
connector
Optionalallow_any_account?: boolean
Description
If true, allow users to access personal or external Google accounts.
If false (the default), users must use the Google account which
matches the username their Globus credential maps to.
OptionalReadonlyauth_callback?: string
Description
URL of the auth callback that must be registered on the Google API
console for the application client_id in order to process "
Google credentials.
Optionalbuckets?: null|string[]
Description
The list of Google Cloud Storage buckets which the Storage Gateway is
allowed to access, as well as the list of buckets that will be shown in
root level directory listings. If this list is unset, bucket access is
unrestricted and all non public credential accessible buckets will be
shown in root level directory listings. The value is a list of bucket
names.
client_id: null|string
Description
Client ID registered with the Google Application console to access
Google Cloud Storage.
The list of Google Cloud Storage project ids which the Storage Gateway
is allowed to access. If this list is unset, project access is
unrestricted. The value is a list of project id strings.
secret: null|string
Description
Secret created to access access Google Cloud Storage with the client_id
in this policy.
Flag indicating whether users must register a credential. If true (or
if this property is missing), this storage gateway is configured for
OAuth2 user authentication. If false, authentication is configured by
the admin.
Connector-specific storage gateway policies for the Google Drive connector
Optionalallow_any_account?: boolean
Description
If true, allow users to access personal or external Google accounts.
If false (the default), users must use the Google account which
matches the username their Globus credential maps to.
OptionalReadonlyauth_callback?: string
Description
URL of the auth callback that must be registered on the Google API
console for the application client_id in order to process Google
credentials.
client_id: null|string
Description
Client ID registered with the Google Application console to access
Google Drive.
Connector-specific storage gateway policies for the HPSS connector
authentication_mech: "krb5"|"unix"
Description
The type of authentication the connector will perform when logging into HPSS
authenticator: string
Description
Authenticator used with authentication mech to perform authentication
to HPSS. Format is: "<auth_type>:<auth_file>" where <auth_type> is one
of "auth_keytab" or "auth_keyfile".
Example
auth_keytab:/var/hpss/etc/gridftp.keytab
DATA_TYPE: "hpss_storage_policies#1.0.0"
Description
Type of this document
Default
hpss_storage_policies#1.0.0 @enum {string}
uda_checksum: boolean
Description
Flag that indicates if checksums should be stored within UDAs so that
sync-by-checksum transfers can verify the file without staging the file
from tape.
The type of authentication the connector will perform when logging into HPSS
authenticator: string
Description
Authenticator used with authentication mech to perform authentication
to HPSS. Format is: "<auth_type>:<auth_file>" where <auth_type> is one
of "auth_keytab" or "auth_keyfile".
Example
auth_keytab:/var/hpss/etc/gridftp.keytab
DATA_TYPE: "hpss_storage_policies#1.1.0"
Description
Type of this document
Default
hpss_storage_policies#1.1.0 @enum {string}
Optionallogin_name?: string
Description
Name of the HPSS user in the keytab file that the GridFTP server will use
to authenticate to HPSS. This user must have the ability to switch to another
HPSS user. Defaults to 'hpssftp' which is also handled special by HPSS with
regards to the gate keeper.
uda_checksum: boolean
Description
Flag that indicates if checksums should be stored within UDAs so that
sync-by-checksum transfers can verify the file without staging the file
from tape.
Globus Connect Server provides two ways for you to implement a custom
Globus identity to account mapping: expression-based and external program
With expression-based mapping you can write rules that extract data from
fields in the Globus identity document to form storage gateway-specific
usernames. If there is a regular relationship between most of your users'
Identity information to their account names, this is probably the most
direct way to accomplish the mapping.
With external program mappings you can use any mechanism you like (static
mapping, ldap, database, etc) to look up account information and return the
mapped account user name. If you have an account system that has usernames
without a simple relationship to your users' Globus identities, or that
requires interfacing with an accounting system, this may be necessary.
The MappingExpression document type contains information about a mapping
expression, including the input, match, output, and flags used to process
this expression.
Optionalignore_case?: boolean
Description
Flag indicating the match should be executed as a case insensitive
comparison. If not present, this defaults to false.
Optionalliteral?: boolean
Description
Flag indicating the match expression should be done as a literal
match, ignoring any special regular characters. If not present,
this defaults to false.
Optionalmatch?: string
Description
An expression which is applied to the output performing
interpolation on source for determining if this mapping applies.
This requires a full string match on the source.
Optionaloutput?: string
Description
A string representing the result of the mapping if the match
succeeded. References to the original identity_set data can be
interpolated as in the source property. References to match
groups from the match property can be interpolated with numbers
(indices starting with 0) surrounded by curly brackets {}.
Optionalsource?: string
Description
A string comprised of text plus identity set data field names
surrounded by curly brackets {} which are interpolated into the
text.
Services for Globus Connect Server endpoints may be deployed on multiple
different physical resources, referred to as data transfer nodes. Each node
may have one or more IP addresses, TCP incoming and outgoing port ranges,
and a status value indicating whether it is configured to actively
respond to requests or is in maintenance mode.
Version 1.1.0 adds support for setting the data interface on a node.
Version 1.2.0 adds support for setting an IPv6 data interface on a node.
Services for Globus Connect Server endpoints may be deployed on multiple
different physical resources, referred to as data transfer nodes. Each node
may have one or more IP addresses, TCP incoming and outgoing port ranges,
and a status value indicating whether it is configured to actively
respond to requests or is in maintenance mode.
DATA_TYPE: "node#1.0.0"
Description
Type of this document
Default
node#1.0.0 @enum {string}
Optionalid?: string
Format: uuid
Description
Unique id string this node. This is system generated and may not
be included in create requests.
Optionalincoming_port_range?: number[]
Description
Allowed port range for incoming TCP data connections
ip_addresses: string[]
Description
List of IP addresses for this node
Optionaloutgoing_port_range?: number[]
Description
Port range used as the source for outgoing TCP data connections
status: "active"|"inactive"
Description
Current status of the Node. If a Node is marked inactive, it will
be removed from the DNS entries for this endpoint and will return
an error on any attempt to use the Manager API or attempt a
Transfer using this node.
Services for Globus Connect Server endpoints may be deployed on multiple
different physical resources, referred to as data transfer nodes. Each node
may have one or more IP addresses, TCP incoming and outgoing port ranges,
and a status value indicating whether it is configured to actively
respond to requests or is in maintenance mode.
Version 1.1.0 adds support for setting the data interface on a node.
Optionaldata_interface?: null|string
Description
IP address on which this node listens for data transfers
DATA_TYPE: "node#1.1.0"
Description
Type of this document
Default
node#1.1.0 @enum {string}
Optionalid?: string
Format: uuid
Description
Unique id string this node. This is system generated and may not
be included in create requests.
Optionalincoming_port_range?: number[]
Description
Allowed port range for incoming TCP data connections
ip_addresses: string[]
Description
List of IP addresses for this node
Optionaloutgoing_port_range?: number[]
Description
Port range used as the source for outgoing TCP data connections
status: "active"|"inactive"
Description
Current status of the Node. If a Node is marked inactive, it will
be removed from the DNS entries for this endpoint and will return
an error on any attempt to use the Manager API or attempt a
Transfer using this node.
Services for Globus Connect Server endpoints may be deployed on multiple
different physical resources, referred to as data transfer nodes. Each node
may have one or more IP addresses, TCP incoming and outgoing port ranges,
and a status value indicating whether it is configured to actively
respond to requests or is in maintenance mode.
Version 1.1.0 adds support for setting the data interface on a node.
Version 1.2.0 adds support for setting an IPv6 data interface on a node.
Optionaldata_interface?: null|string
Description
IP address on which this node listens for data transfers
Optionaldata_interface6?: null|string
Description
IPv6 address on which this node listens for data transfers
DATA_TYPE: "node#1.2.0"
Description
Type of this document
Default
node#1.2.0 @enum {string}
Optionalid?: string
Format: uuid
Description
Unique id string this node. This is system generated and may not
be included in create requests.
Optionalincoming_port_range?: number[]
Description
Allowed port range for incoming TCP data connections
ip_addresses: string[]
Description
List of IP addresses for this node
Optionaloutgoing_port_range?: number[]
Description
Port range used as the source for outgoing TCP data connections
status: "active"|"inactive"
Description
Current status of the Node. If a Node is marked inactive, it will
be removed from the DNS entries for this endpoint and will return
an error on any attempt to use the Manager API or attempt a
Transfer using this node.
Globus Auth identity id that this credential is associated with
Optionallogin_hint?: string
Description
Mapped account username on the storage gateway
redirect_uri: string
Description
URL to redirect to once the credential registration flow is complete. This should be a maximum of 220 characters to avoid conflicts with connector state limits.
Connector-specific storage gateway policies for the OneDrive connector
Optionalallow_any_account?: boolean
Description
If true, allow users to access personal or external Microsoft accounts.
If false (the default), users must use the Microsoft account which
matches the username their Globus credential maps to.
OptionalReadonlyauth_callback?: string
Description
URL of the auth callback that must be registered on the Microsoft
API console for the application client_id in order to process
Microsoft credentials.
client_id: null|string
Description
Client ID registered with the Azure console to access OneDrive
DATA_TYPE: "onedrive_storage_policies#1.1.0"
Description
Type of this document
Default
onedrive_storage_policies#1.1.0 @enum {string}
secret: null|string
Description
Secret created in the Azure console to access OneDrive with the
client_id in this policy.
Optionaltenant?: null|string
Description
Tenant ID of the Microsoft organization. Required when Supported
Account Types of the Azure application is set to Single tenant.
Optionaluser_api_rate_limit?: number
Description
User API Rate Limit associated with this client ID in operations per
second per user.
This object represents the path restrictions for a storage gateway
or a sharing path restrictions for a mapped collection.
The values of each of the path lists in this object are interpreted using
the POSIX pattern matching notation as described in
https://pubs.opengroup.org/onlinepubs/9699919799/functions/fnmatch.html[fnmatch(3)]
with flags set to `0` with additional support for some special
user-specific value interpolation:
`~`, `$HOME`::
The user's home directory if the storage gateway supports such a concept,
`/` otherwise
`$USER`::
The effective Storage Gateway-specific username that is being used for data
access. For a Guest Collection, this is the username of the identity that
created the Guest Collection.
These restrictions are evaluated at every data access. When
evaluating restrictions, the user-specific interpolation is
applied before the file name matching is evaluated.
Globus Connect Server evaluates its path restrictions from
longest leading expression match to shortest. When pattern
matching characters are present, they are considered as a lower
priority match than a literal character, with more specific
pattern characters given precedence. The precedence is thus
literal character, bracket expression, `?` (single-character
wildcard), `*` (wildcard).
If multiple path restrictions apply, all matches are applied
from longest to shortest, with the following rules for
overriding values:
### Path Restriction Override Precedence
++++
<table>
<tr>
<th>longer restriction</th>
<th>shorter restriction</th>
<th>result</th>
</tr>
<tr>
<td> <pre>read_write</pre> </td><td> <pre>read</pre> </td><td> <pre>read_write</pre></td>
</tr>
<tr>
<td> <pre>read_write</pre> </td><td> <pre>none</pre> </td><td> <pre>read_write</pre></td>
</tr>
<tr>
<td> <pre>read</pre> </td><td> <pre>read_write</pre> </td><td> <pre>read_write</pre></td>
</tr>
<tr>
<td> <pre>read</pre> </td><td> <pre>none</pre> </td><td> <pre>read</pre></td>
</tr>
<tr>
<td> <pre>none</pre> </td><td> <pre>read_write</pre> </td><td> <pre>none</pre></td>
</tr>
<tr>
<td> <pre>none</pre> </td><td> <pre>read</pre> </td><td> <pre>none</pre></td>
</tr>
</table>
++++
This object represents the path restrictions for a storage gateway
or a sharing path restrictions for a mapped collection.
The values of each of the path lists in this object are interpreted using
the POSIX pattern matching notation as described in
https://pubs.opengroup.org/onlinepubs/9699919799/functions/fnmatch.html[fnmatch(3)]
with flags set to `0` with additional support for some special
user-specific value interpolation:
`~`, `$HOME`::
The user's home directory if the storage gateway supports such a concept,
`/` otherwise
`$USER`::
The effective Storage Gateway-specific username that is being used for data
access. For a Guest Collection, this is the username of the identity that
created the Guest Collection.
These restrictions are evaluated at every data access. When
evaluating restrictions, the user-specific interpolation is
applied before the file name matching is evaluated.
Globus Connect Server evaluates its path restrictions from
longest leading expression match to shortest. When pattern
matching characters are present, they are considered as a lower
priority match than a literal character, with more specific
pattern characters given precedence. The precedence is thus
literal character, bracket expression, `?` (single-character
wildcard), `*` (wildcard).
If multiple path restrictions apply, all matches are applied
from longest to shortest, with the following rules for
overriding values:
### Path Restriction Override Precedence
++++
<table>
<tr>
<th>longer restriction</th>
<th>shorter restriction</th>
<th>result</th>
</tr>
<tr>
<td> <pre>read_write</pre> </td><td> <pre>read</pre> </td><td> <pre>read_write</pre></td>
</tr>
<tr>
<td> <pre>read_write</pre> </td><td> <pre>none</pre> </td><td> <pre>read_write</pre></td>
</tr>
<tr>
<td> <pre>read</pre> </td><td> <pre>read_write</pre> </td><td> <pre>read_write</pre></td>
</tr>
<tr>
<td> <pre>read</pre> </td><td> <pre>none</pre> </td><td> <pre>read</pre></td>
</tr>
<tr>
<td> <pre>none</pre> </td><td> <pre>read_write</pre> </td><td> <pre>none</pre></td>
</tr>
<tr>
<td> <pre>none</pre> </td><td> <pre>read</pre> </td><td> <pre>none</pre></td>
</tr>
</table>
++++
This is the result envelope returned from all operations in this API. Each
operation may add properties to this base document type with additional
operation-specific data values.
Version 1.1.0 adds optional authorization_parameters to help process
authorization or authentication errors
This is the result envelope returned from all operations in this API. Each
operation may add properties to this base document type with additional
operation-specific data values.
code: string
Description
String response code
Optionaldata?: Record<string,unknown>[]
DATA_TYPE: "result#1.0.0"
Description
Type of this document
Default
result#1.0.0 @enum {string}
Optionaldetail?: unknown
has_next_page: boolean
Description
Boolean flag indicating whether or not additional pages of response
data may be requested by passing the marker to the same operation.
Default
false
http_response_code: number
Description
Numeric HTTP response code
Optionalmarker?: null|string
Description
Opaque marker that may be passed to this API call to fetch the next
page of results if the returned document has has_next_page set to
true.
This is the result envelope returned from all operations in this API. Each
operation may add properties to this base document type with additional
operation-specific data values.
Version 1.1.0 adds optional authorization_parameters to help process
authorization or authentication errors
A list of matching prefix strings. When a S3 object is being accessed its virtual
path /
Optionals3_key_id?: null|string
Description
Access Key ID to use with the S3 API to access your buckets and
objects.
Optionals3_secret_key?: null|string
Description
Secret key to use with the S3 API to access your buckets and objects.
If set to null when calling PATCH it indicates that this entry should be
deleted.
Connector-specific storage gateway policies for the S3 connector
Version 1.1.0 adds support for the s3_requester_pays property
DATA_TYPE: "s3_storage_policies#1.1.0"
Description
Type of this document
Default
s3_storage_policies#1.1.0 @enum {string}
Optionals3_buckets?: string[]
Description
List of buckets not owned by the collection owner that will be shown in
the root of collections created at the base of this storage gateway.
Optionals3_endpoint?: string
Description
URL of the S3 API endpoint
Example
https://s3.amazonaws.com
Optionals3_requester_pays?: boolean
Description
Flag indicating that S3 operations will be charged to the account of
the registered credentials. Credentials used with a storage gateway
that has the s3_requester_pays property set to true are invalid unless
they also have this property set to true as an acknowledgement.
Optionals3_user_credential_required?: boolean
Description
Flag indicating if a Globus User must register a user credential in
order to create a guest collection on this storage gateway.
Connector-specific storage gateway policies for the S3 connector
Version 1.1.0 adds support for the s3_requester_pays property
Version 1.2.0 adds support for the s3_allow_multi_keys property
DATA_TYPE: "s3_storage_policies#1.2.0"
Description
Type of this document
Default
s3_storage_policies#1.2.0 @enum {string}
Optionals3_allow_multi_keys?: boolean
Description
Allow users of this gateway to add multiple s3 IAM keys to their credentials
Optionals3_buckets?: string[]
Description
List of buckets not owned by the collection owner that will be shown in
the root of collections created at the base of this storage gateway.
Optionals3_endpoint?: string
Description
URL of the S3 API endpoint
Example
https://s3.amazonaws.com
Optionals3_requester_pays?: boolean
Description
Flag indicating that S3 operations will be charged to the account of
the registered credentials. Credentials used with a storage gateway
that has the s3_requester_pays property set to true are invalid unless
they also have this property set to true as an acknowledgement.
Optionals3_user_credential_required?: boolean
Description
Flag indicating if a Globus User must register a user credential in
order to create a guest collection on this storage gateway.
Connector-specific user credential policies for the S3 connector
Version 1.1.0 adds support for the s3_requester_pays property.
DATA_TYPE: "s3_user_credential_policies#1.1.0"
Description
Type of this document
Default
s3_user_credential_policies#1.1.0 @enum {string}
Optionals3_key_id?: null|string
Description
Access Key ID to use with the S3 API to access your buckets and
objects.
Optionals3_requester_pays?: boolean
Description
Flag indicating the user acknowledges S3 operations will be charged to
the account of this credential. If this flag is true in the storage
gateway policy, this must also be true or the credential will be invalid.
Optionals3_secret_key?: null|string
Description
Secret key to use with the S3 API to access your buckets and objects.
A list of path prefixes and S3 key pairs to use with them.
Optionals3_requester_pays?: boolean
Description
Flag indicating the user acknowledges S3 operations will be charged to
the account of this credential. If this flag is true in the storage
gateway policy, this must also be true or the credential will be invalid.
Optionals3_secret_key?: null|string
Description
Secret key to use with the S3 API to access your buckets and objects.
This document type allows endpoint and collection administrators to
optionally constrain sharing path policies for particular users. The
**sharing_restrict_paths** property has a similar meaning to that of the
**sharing_restrict_paths** in the collection document; however, it is in
effect only for specific users.
If the **users** property is null, then the restriction applies to all
users. If it is non-null, then this restriction applies only to accounts
which have been mapped to the enumerated storage gateway user accounts.
Multiple sharing policies can be defined for a mapped collection. When a
guest collection is created or accessed, only the policies relevant to the
user which created the account are enforced.
collection_id: string
Format: uuid
Description
Id of the mapped collection which this policy is associated with
Restrictions on which paths may be shared in guest collections
related to this mapped collection. These paths are relative to the
root_path property of the mapped collection.
DATA_TYPE: "path_restrictions#1.0.0"
Description
Type of this document
Default
path_restrictions#1.0.0 @enum {string}
Optionalnone?: string[]
Description
List of paths which are denied any access
Optionalread?: string[]
Description
List of paths which are allowed read-only access
Optionalread_write?: string[]
Description
List of paths which are allowed read-write access
Optionalusers?: string[]
Description
List of local user accounts that this policy applies to. If omitted
or null, this restriction applies to all local user accounts.
This document type allows endpoint and collection administrators to
optionally constrain sharing path policies for particular users. The
**sharing_restrict_paths** property has a similar meaning to that of the
**sharing_restrict_paths** in the collection document; however, it is in
effect only for specific users.
If the **users** property is null, then the restriction applies to all
users. If it is non-null, then this restriction applies only to accounts
which have been mapped to the enumerated storage gateway user accounts.
Multiple sharing policies can be defined for a mapped collection. When a
guest collection is created or accessed, only the policies relevant to the
user which created the account are enforced.
collection_id: string
Format: uuid
Description
Id of the mapped collection which this policy is associated with
Restrictions on which paths may be shared in guest collections
related to this mapped collection. These paths are relative to the
root_path property of the mapped collection.
DATA_TYPE: "path_restrictions#1.0.0"
Description
Type of this document
Default
path_restrictions#1.0.0 @enum {string}
Optionalnone?: string[]
Description
List of paths which are denied any access
Optionalread?: string[]
Description
List of paths which are allowed read-only access
Optionalread_write?: string[]
Description
List of paths which are allowed read-write access
Optionalusers?: string[]
Description
List of local user accounts that this policy applies to. If omitted
or null, this restriction applies to all local user accounts.
A storage gateway provides the access policies for the endpoint's
connected storage systems. It is a named interface by which
authorized users can create and manage collections on the
connected storage system. A single storage system may be
associated with multiple storage gateways, each with its own
policies.
Storage gateway policies describe what type connector the storage
gateway uses, the paths it allows access to, the login
requirements are for the storage gateway, and the algorithm to
map Globus identities to the user namespace of the storage
gateway (e.g. local accounts).
Version 1.1.0 includes support for multi-factor authentication requirements
for high assurance storage gateways.
Version 1.2.0 includes support for admin managed credentials.
Version 1.3.0 includes support for overriding the endpoint's network use
parameters on a storage gateway.
A storage gateway provides the access policies for the endpoint's
connected storage systems. It is a named interface by which
authorized users can create and manage collections on the
connected storage system. A single storage system may be
associated with multiple storage gateways, each with its own
policies.
Storage gateway policies describe what type connector the storage
gateway uses, the paths it allows access to, the login
requirements are for the storage gateway, and the algorithm to
map Globus identities to the user namespace of the storage
gateway (e.g. local accounts).
Optionalallowed_domains?: string[]
Description
List of allowed domains. Users creating credentials or collections
on this storage gateway must have an identity in one of these domains.
Timeout (in minutes) during which a user is required to have
authenticated to access files or create user credentials on this
storage gateway.
For a high assurance storage gateway, this must be done within the
current Globus Auth session, otherwise, the caller can perform the
authentication with any application which uses Globus Auth.
Optionalconnector_id?: string
Format: uuid
Description
Id of the connector type that this storage gateway interacts with.
DATA_TYPE: "storage_gateway#1.0.0"
Description
Type of this document
Default
storage_gateway#1.0.0 @enum {string}
Optionaldeleted?: boolean
Description
Flag indicating that this storage gateway has been deleted
Optionaldisplay_name?: string
Description
Name of the storage gateway
Optionalhigh_assurance?: null|boolean
Description
Flag indicating if the storage_gateway requires high
assurance features.
A storage gateway provides the access policies for the endpoint's
connected storage systems. It is a named interface by which
authorized users can create and manage collections on the
connected storage system. A single storage system may be
associated with multiple storage gateways, each with its own
policies.
Storage gateway policies describe what type connector the storage
gateway uses, the paths it allows access to, the login
requirements are for the storage gateway, and the algorithm to
map Globus identities to the user namespace of the storage
gateway (e.g. local accounts).
Version 1.1.0 includes support for multi-factor authentication requirements
for high assurance storage gateways.
Optionalallowed_domains?: string[]
Description
List of allowed domains. Users creating credentials or collections
on this storage gateway must have an identity in one of these domains.
Timeout (in minutes) during which a user is required to have
authenticated to access files or create user credentials on this
storage gateway.
For a high assurance storage gateway, this must be done within the
current Globus Auth session, otherwise, the caller can perform the
authentication with any application which uses Globus Auth.
Optionalconnector_id?: string
Format: uuid
Description
Id of the connector type that this storage gateway interacts with.
DATA_TYPE: "storage_gateway#1.1.0"
Description
Type of this document
Default
storage_gateway#1.1.0 @enum {string}
Optionaldeleted?: boolean
Description
Flag indicating that this storage gateway has been deleted
Optionaldisplay_name?: string
Description
Name of the storage gateway
Optionalhigh_assurance?: null|boolean
Description
Flag indicating if the storage_gateway requires high
assurance features.
A storage gateway provides the access policies for the endpoint's
connected storage systems. It is a named interface by which
authorized users can create and manage collections on the
connected storage system. A single storage system may be
associated with multiple storage gateways, each with its own
policies.
Storage gateway policies describe what type connector the storage
gateway uses, the paths it allows access to, the login
requirements are for the storage gateway, and the algorithm to
map Globus identities to the user namespace of the storage
gateway (e.g. local accounts).
Version 1.1.0 includes support for multi-factor authentication requirements
for high assurance storage gateways.
Version 1.2.0 includes support for admin managed credentials.
admin_managed_credentials: boolean
Description
Flag indicating if the storage_gateway allows endpoint
administrators to manage user credentials on behalf of other users.
Default
false
Optionalallowed_domains?: string[]
Description
List of allowed domains. Users creating credentials or collections
on this storage gateway must have an identity in one of these domains.
Timeout (in minutes) during which a user is required to have
authenticated to access files or create user credentials on this
storage gateway.
For a high assurance storage gateway, this must be done within the
current Globus Auth session, otherwise, the caller can perform the
authentication with any application which uses Globus Auth.
Optionalconnector_id?: string
Format: uuid
Description
Id of the connector type that this storage gateway interacts with.
DATA_TYPE: "storage_gateway#1.2.0"
Description
Type of this document
Default
storage_gateway#1.2.0 @enum {string}
Optionaldeleted?: boolean
Description
Flag indicating that this storage gateway has been deleted
Optionaldisplay_name?: string
Description
Name of the storage gateway
Optionalhigh_assurance?: null|boolean
Description
Flag indicating if the storage_gateway requires high
assurance features.
A storage gateway provides the access policies for the endpoint's
connected storage systems. It is a named interface by which
authorized users can create and manage collections on the
connected storage system. A single storage system may be
associated with multiple storage gateways, each with its own
policies.
Storage gateway policies describe what type connector the storage
gateway uses, the paths it allows access to, the login
requirements are for the storage gateway, and the algorithm to
map Globus identities to the user namespace of the storage
gateway (e.g. local accounts).
Version 1.1.0 includes support for multi-factor authentication requirements
for high assurance storage gateways.
Version 1.2.0 includes support for admin managed credentials.
Version 1.3.0 includes support for overriding the endpoint's network use
parameters on a storage gateway.
admin_managed_credentials: boolean
Description
Flag indicating if the storage_gateway allows endpoint
administrators to manage user credentials on behalf of other users.
Default
false
Optionalallowed_domains?: string[]
Description
List of allowed domains. Users creating credentials or collections
on this storage gateway must have an identity in one of these domains.
Timeout (in minutes) during which a user is required to have
authenticated to access files or create user credentials on this
storage gateway.
For a high assurance storage gateway, this must be done within the
current Globus Auth session, otherwise, the caller can perform the
authentication with any application which uses Globus Auth.
Optionalconnector_id?: string
Format: uuid
Description
Id of the connector type that this storage gateway interacts with.
DATA_TYPE: "storage_gateway#1.3.0"
Description
Type of this document
Default
storage_gateway#1.3.0 @enum {string}
Optionaldeleted?: boolean
Description
Flag indicating that this storage gateway has been deleted
Optionaldisplay_name?: string
Description
Name of the storage gateway
Optionalhigh_assurance?: null|boolean
Description
Flag indicating if the storage_gateway requires high
assurance features.
Control how Globus interacts with this endpoint over the network.
Allowed values for **network_use** are:
* `normal`
- The default setting. Uses an average level of concurrency and
parallelism. The levels depend on the number of physical
servers in the endpoint.
* `minimal`
- Uses a minimal level of concurrency and parallelism.
* `aggressive`
- Uses a high level of concurrency and parallelism.
* `custom`
- Uses custom values of concurrency and parallelism set by the
endpoint admin. When setting this level, you must also set
the **max_concurrency**, **preferred_concurrency**,
**max_parallelism**, and **preferred_parallelism** properties.
Flag indicating that this credential has been fully provisioned. If
this is false and the invalid property is true, then the credential
was created during login and patching it to add the missing data
should be presented to the user as initializing the credential.
Optionalstorage_gateway_id?: string
Format: uuid
Description
Storage Gateway this credential is associated with
Optionalusername?: string
Description
Connector-specific username that this credential is associated
with. If the connector supports identity mapping, this matches the
result of the mapping applied to identity_id.
Flag indicating that this credential has been fully provisioned. If
this is false and the invalid property is true, then the credential
was created during login and patching it to add the missing data
should be presented to the user as initializing the credential.
Optionalstorage_gateway_id?: string
Format: uuid
Description
Storage Gateway this credential is associated with
Optionalusername?: string
Description
Connector-specific username that this credential is associated
with. If the connector supports identity mapping, this matches the
result of the mapping applied to identity_id.
Description
ID of the collection