Attention: Data Proxy will be migrated from SWIFT to S3 storage at Friday, the 9th of May 2025 starting from 9pm CEST (my timezone). For more details, please join the rocket chat channel https://chat.ebrains.eu/channel/data-proxy-user-group


Last modified by alexisdurieux on 2022/03/25 08:38
From version 20.1
edited by mmorgan
on 2021/04/12 16:58
Change comment: There is no comment for this version
To version 6.1
edited by alexisdurieux
on 2021/01/06 11:32
Change comment: There is no comment for this version

Summary

Details

Page properties
Author
... ... @@ -1,1 +1,1 @@
1 -XWiki.mmorgan
1 +XWiki.alexisdurieux
Content
... ... @@ -2,60 +2,40 @@
2 2  (((
3 3  (% class="container" %)
4 4  (((
5 -(% style="text-align: justify;" %)
6 6  = Data Proxy =
7 7  
8 -The data proxy allows you to access object storage (Swift) on the Fenix infrastructure as an authenticated EBRAINS user without a Fenix user account.
7 +Documentation
9 9  )))
10 10  )))
11 11  
12 12  (% class="row" %)
13 13  (((
13 +(% class="col-xs-12 col-sm-4" %)
14 14  (((
15 -(% style="text-align: justify;" %)
16 -The data proxy core is the application that acts as a proxy to the object storage (Swift).
15 +The data proxy core is the application that acts as a proxy to the CSCS Swift storage.
17 17  
18 -(% style="text-align: justify;" %)
19 -=== Object Storage ===
17 +==== Authentication ====
20 20  
21 -The documentation of Swift object storage can be found here:
19 +The application itself is connected to the CSCS storage. The user is authenticated against the data-proxy application using an authorization headers. The user is then authenticated against the EBRAINS platform. That means the user only needs to have a ebrains account to access the data proxy and the swift storage capabilities
22 22  
23 -[[https:~~/~~/docs.openstack.org/swift/pike/admin/objectstorage-intro.html>>https://docs.openstack.org/swift/pike/admin/objectstorage-intro.html]]
21 +=== Bucket system ===
24 24  
25 -(% style="text-align: justify;" %)
26 -=== Authentication ===
23 +We use the collaboratory authorization system for the buckets.
27 27  
28 -(% style="text-align: justify;" %)
29 -The Data Proxy authenticates its users with the EBRAINS (Collaboratory) IAM service.
25 +For every collab, it is possible to access a swift container as a user. The action the user can perform on the buckets depend on the rights the user has in the collab
30 30  
31 -(% style="text-align: justify;" %)
32 -Prior to the availability of the Data Proxy, EBRAINS users had to request a Fenix user account in order to access object storage capabilities on the Fenix infrastructure. With the Data Proxy, a user only needs to have an EBRAINS account to access the data stored on the same Fenix object storage. Data stored in this way is held in the name of the data proxy service account on Fenix, and the Data Proxy tracks who has access to which data.
33 -
34 -(% style="text-align: justify;" %)
35 -=== Permissions ===
36 -
37 -(% style="text-align: justify;" %)
38 -We use the Collaboratory authorization system to manage permissions in the Data Proxy.
39 -
40 -(% style="text-align: justify;" %)
41 -A Swift object container can be associated to each collab. Object containers are also known as "buckets"  to avoid confusion with other containers (e.g. Docker containers). An EBRAINS user can perform the following actions on a bucket depending on the user's permissions (as defined by the collab's Team) in the collab associated with the bucket.
42 -
43 43  (% border="3" %)
44 -|=(% style="text-align: justify;" %)Team permissions of a collab|=(% style="text-align: justify;" %)Available actions on that collab's bucket
45 -|(% style="text-align:justify" %)Viewer|(% style="text-align:justify" %)Read
46 -|(% style="text-align:justify" %)Editor|(% style="text-align:justify" %)Create, Read, Update, Delete
47 -|(% style="text-align:justify" %)Admin|(% style="text-align:justify" %)Create, Read, Update, Delete
48 -|(% style="text-align:justify" %)Not a collab member|(% style="text-align:justify" %)No actions
28 +|=Collab Right|=Available actions on bucket
29 +|Viewer|Read
30 +|Editor|Create, Read, Update, Delete
31 +|Admin|Create, Read, Update, Delete
32 +|Not a collab member|No actions
49 49  
50 -(% class="wikigeneratedid" %)
51 -You can access the buckets in the "Bucket" navigation element in every collab.
34 +**Should the editor be able to create the bucket in the first place ?**
52 52  
53 -=== Collaboratory bucket vs drive ===
54 54  
55 -A collab offers 2 main locations to store files: a drive and a bucket. The drive offers more advanced features like recognition of file formats (Office, Markdown, PDF) with applications specific to each, simplified version control, smart links. The bucket on the other hand offers larger storage capacity and better bandwidth. The bucket is recommended for datasets (brain scans, EEG, derived data) and videos (including for streaming).
37 +=== **Api description** ===
56 56  
57 -=== API ===
58 -
59 -The API is self-documented using Swagger UI. You can access it here: [[https:~~/~~/data-proxy.ebrains.eu/api/docs>>https://data-proxy.ebrains.eu/api/docs]] or in the [[API Documentation>>doc:API Documentation]] wiki page of this collab.
39 +
60 60  )))
61 61  )))
Collaboratory.Apps.Collab.Code.CollabClass[0]
Public
... ... @@ -1,1 +1,1 @@
1 -Yes
1 +No
XWiki.XWikiRights[3]
Allow/Deny
... ... @@ -1,1 +1,0 @@
1 -Allow
Levels
... ... @@ -1,1 +1,0 @@
1 -view
Users
... ... @@ -1,1 +1,0 @@
1 -XWiki.XWikiGuest
XWiki.XWikiRights[4]
Allow/Deny
... ... @@ -1,1 +1,0 @@
1 -Allow
Groups
... ... @@ -1,1 +1,0 @@
1 -XWiki.XWikiAllGroup
Levels
... ... @@ -1,1 +1,0 @@
1 -view