Last modified by alexisdurieux on 2022/03/25 08:38
From version 6.1
edited by alexisdurieux
on 2021/01/06 11:32
Change comment: There is no comment for this version
To version 20.1
edited by mmorgan
on 2021/04/12 16:58
Change comment: There is no comment for this version

Summary

Details

Page properties
Author
... ... @@ -1,1 +1,1 @@
1 -XWiki.alexisdurieux
1 +XWiki.mmorgan
Content
... ... @@ -2,40 +2,60 @@
2 2  (((
3 3  (% class="container" %)
4 4  (((
5 +(% style="text-align: justify;" %)
5 5  = Data Proxy =
6 6  
7 -Documentation
8 +The data proxy allows you to access object storage (Swift) on the Fenix infrastructure as an authenticated EBRAINS user without a Fenix user account.
8 8  )))
9 9  )))
10 10  
11 11  (% class="row" %)
12 12  (((
13 -(% class="col-xs-12 col-sm-4" %)
14 14  (((
15 -The data proxy core is the application that acts as a proxy to the CSCS Swift storage.
15 +(% style="text-align: justify;" %)
16 +The data proxy core is the application that acts as a proxy to the object storage (Swift).
16 16  
17 -==== Authentication ====
18 +(% style="text-align: justify;" %)
19 +=== Object Storage ===
18 18  
19 -The application itself is connected to the CSCS storage. The user is authenticated against the data-proxy application using an authorization headers. The user is then authenticated against the EBRAINS platform. That means the user only needs to have a ebrains account to access the data proxy and the swift storage capabilities
21 +The documentation of Swift object storage can be found here:
20 20  
21 -=== Bucket system ===
23 +[[https:~~/~~/docs.openstack.org/swift/pike/admin/objectstorage-intro.html>>https://docs.openstack.org/swift/pike/admin/objectstorage-intro.html]]
22 22  
23 -We use the collaboratory authorization system for the buckets.
25 +(% style="text-align: justify;" %)
26 +=== Authentication ===
24 24  
25 -For every collab, it is possible to access a swift container as a user. The action the user can perform on the buckets depend on the rights the user has in the collab
28 +(% style="text-align: justify;" %)
29 +The Data Proxy authenticates its users with the EBRAINS (Collaboratory) IAM service.
26 26  
31 +(% style="text-align: justify;" %)
32 +Prior to the availability of the Data Proxy, EBRAINS users had to request a Fenix user account in order to access object storage capabilities on the Fenix infrastructure. With the Data Proxy, a user only needs to have an EBRAINS account to access the data stored on the same Fenix object storage. Data stored in this way is held in the name of the data proxy service account on Fenix, and the Data Proxy tracks who has access to which data.
33 +
34 +(% style="text-align: justify;" %)
35 +=== Permissions ===
36 +
37 +(% style="text-align: justify;" %)
38 +We use the Collaboratory authorization system to manage permissions in the Data Proxy.
39 +
40 +(% style="text-align: justify;" %)
41 +A Swift object container can be associated to each collab. Object containers are also known as "buckets"  to avoid confusion with other containers (e.g. Docker containers). An EBRAINS user can perform the following actions on a bucket depending on the user's permissions (as defined by the collab's Team) in the collab associated with the bucket.
42 +
27 27  (% border="3" %)
28 -|=Collab Right|=Available actions on bucket
29 -|Viewer|Read
30 -|Editor|Create, Read, Update, Delete
31 -|Admin|Create, Read, Update, Delete
32 -|Not a collab member|No actions
44 +|=(% style="text-align: justify;" %)Team permissions of a collab|=(% style="text-align: justify;" %)Available actions on that collab's bucket
45 +|(% style="text-align:justify" %)Viewer|(% style="text-align:justify" %)Read
46 +|(% style="text-align:justify" %)Editor|(% style="text-align:justify" %)Create, Read, Update, Delete
47 +|(% style="text-align:justify" %)Admin|(% style="text-align:justify" %)Create, Read, Update, Delete
48 +|(% style="text-align:justify" %)Not a collab member|(% style="text-align:justify" %)No actions
33 33  
34 -**Should the editor be able to create the bucket in the first place ?**
50 +(% class="wikigeneratedid" %)
51 +You can access the buckets in the "Bucket" navigation element in every collab.
35 35  
53 +=== Collaboratory bucket vs drive ===
36 36  
37 -=== **Api description** ===
55 +A collab offers 2 main locations to store files: a drive and a bucket. The drive offers more advanced features like recognition of file formats (Office, Markdown, PDF) with applications specific to each, simplified version control, smart links. The bucket on the other hand offers larger storage capacity and better bandwidth. The bucket is recommended for datasets (brain scans, EEG, derived data) and videos (including for streaming).
38 38  
39 -
57 +=== API ===
58 +
59 +The API is self-documented using Swagger UI. You can access it here: [[https:~~/~~/data-proxy.ebrains.eu/api/docs>>https://data-proxy.ebrains.eu/api/docs]] or in the [[API Documentation>>doc:API Documentation]] wiki page of this collab.
40 40  )))
41 41  )))
Collaboratory.Apps.Collab.Code.CollabClass[0]
Public
... ... @@ -1,1 +1,1 @@
1 -No
1 +Yes
XWiki.XWikiRights[3]
Allow/Deny
... ... @@ -1,0 +1,1 @@
1 +Allow
Levels
... ... @@ -1,0 +1,1 @@
1 +view
Users
... ... @@ -1,0 +1,1 @@
1 +XWiki.XWikiGuest
XWiki.XWikiRights[4]
Allow/Deny
... ... @@ -1,0 +1,1 @@
1 +Allow
Groups
... ... @@ -1,0 +1,1 @@
1 +XWiki.XWikiAllGroup
Levels
... ... @@ -1,0 +1,1 @@
1 +view