File: guest_collection_creation.rst

package info (click to toggle)
python-globus-sdk 3.54.0-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 5,032 kB
  • sloc: python: 34,226; sh: 44; makefile: 31
file content (72 lines) | stat: -rw-r--r-- 3,240 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
 
.. _example_guest_collection_creation:

Guest Collection Creation Script
--------------------------------

The following is a script for a Globus client identity to create a GCSv5 guest
collection on an existing mapped collection that it has a valid mapping for.
The constants defined do not refer to a real GCSv5 installation, or client
identity, so the script cannot be run as is.

This script can be tweaked to use a human user identity instead of a client
by changing the authorizer from a ClientCredentialsAuthorizer to an
AccessTokenAuthorizer or RefreshTokenAuthorizer using a user token.

The script assumes the mapped collection is on a storage gateway using
the POSIX connector. Other connectors may need to have connector specific
policy documents passed to create the user credential.

.. code-block:: python

    import globus_sdk
    from globus_sdk import scopes

    # constants
    endpoint_hostname = "abc.xyz.data.globus.org"
    endpoint_id = "59544bb0-8aa3-4c73-9ce4-06d66887bc89"
    mapped_collection_id = "a1c2f515-254a-48a1-a5de-3ea51d783638"
    storage_gateway_id = "1b949deb-d608-403c-a226-a533892789c6"

    # client credentials
    # This client identity must have the needed permissions to create a guest
    # collection on the mapped collection, and a valid mapping to a local account
    # on the storage gateway that matches the local_username
    # If using user tokens, the user must be the one with the correct permissions
    # and identity mapping.
    client_id = "4de65cd7-4363-4510-b652-f8d15a43a0af"
    client_secret = "*redacted*"
    local_username = "local-username"

    # The scope the client will need, note that primary scope is for the endpoint,
    # but it has a dependency on the mapped collection's data_access scope
    scope = scopes.GCSEndpointScopeBuilder(endpoint_id).make_mutable("manage_collections")
    scope.add_dependency(scopes.GCSCollectionScopeBuilder(mapped_collection_id).data_access)

    # Build a GCSClient to act as the client by using a ClientCredentialsAuthorizor
    confidential_client = globus_sdk.ConfidentialAppAuthClient(
        client_id=client_id, client_secret=client_secret
    )
    authorizer = globus_sdk.ClientCredentialsAuthorizer(confidential_client, scopes=scope)
    client = globus_sdk.GCSClient(endpoint_hostname, authorizer=authorizer)

    # The identity creating the guest collection must have a user credential on
    # the mapped collection.
    # Note that this call is connector specific. Most connectors will require
    # connector specific policies to be passed here, but POSIX does not.
    credential_document = globus_sdk.UserCredentialDocument(
        storage_gateway_id=storage_gateway_id,
        identity_id=client_id,
        username=local_username,
    )
    client.create_user_credential(credential_document)

    # Create the collection
    collection_document = globus_sdk.GuestCollectionDocument(
        public="True",
        collection_base_path="/",
        display_name="guest_collection",
        mapped_collection_id=mapped_collection_id,
    )
    response = client.create_collection(collection_document)
    guest_collection_id = response["id"]
    print(f"guest collection {guest_collection_id} created")