See :ref:`versioning` for our versioning policy.
The :ref:`upgrading <upgrading>` doc is a good reference if you are upgrading to a major new version of the SDK.
- Add
filter_entity_type
keyword argument onTransferClient.endpoint_search()
. (:pr:`1109`) - Added the
ComputeClientV3.register_endpoint()
,ComputeClientV3.update_endpoint()
ComputeClientV3.lock_endpoint()
, andComputeClientV3.get_endpoint_allowlist()
methods. (:pr:`1113`) - Added the
ComputeClientV2.get_version()
andComputeClientV2.get_result_amqp_url()
methods. (:pr:`1114`)
- Added the
ComputeClientV2.register_endpoint()
,ComputeClientV2.get_endpoint()
ComputeClientV2.get_endpoint_status()
,ComputeClientV2.get_endpoints()
,ComputeClientV2.delete_endpoint()
, andComputeClientV2.lock_endpoint()
methods. (:pr:`1110`)
- Removed identity ID consistency validation from
ClientApp
. (:pr:`1111`)
- Fixed a bug that would cause
ClientApp
token refreshes to fail. (:pr:`1111`)
- Add
TimersClient.add_app_transfer_data_access_scope
forTimersClient
instances which are integrated withGlobusApp
. This method registers the nested scope dependency for adata_access
requirement for a transfer timer. (:pr:`1074`) SearchQueryV1
is a new class for submitting complex queries replacing the legacySearchQuery
class. A deprecation warning has been added to theSearchQuery
class. (:pr:`1079`)- Created
ComputeClientV2
andComputeClientV3
classes to support Globus Compute API versions 2 and 3, respectively. The canonicalComputeClient
is now a subclass ofComputeClientV2
, preserving backward compatibility. (:pr:`1096`) - Added the
ComputeClientV3.submit()
,ComputeClientV2.submit()
,ComputeClientV2.get_task()
,ComputeClientV2.get_task_batch()
, andComputeClientV2.get_task_group()
methods. (:pr:`1094`)
- Improved error messaging around EOF errors when prompting for code during a command line login flow (:pr:`1093`)
- Deprecated the
ComputeFunctionDocument
andComputeFunctionMetadata
classes. This change reflects an early design adjustment to better align with the existing Globus Compute SDK. (:pr:`1092`)
- Introduce a
toxfile.py
to ensure clean builds during development. (:pr:`1098`) - The lazy importer used for the top-level
globus_sdk
module has been rewritten. It produces identical results to the previous system. (:pr:`1100`)
- Support Python 3.13. (:pr:`1058`)
- Added an initial Globus Compute client class, :class:`globus_sdk.ComputeClient`.
(:pr:`1071`)
- Application errors are raised as a :class:`globus_sdk.ComputeAPIError`.
- A single method,
ComputeClient.get_function
is included initially to get information about a registered function. - Compute scopes are defined at
globus_sdk.scopes.ComputeScopes
orglobus_sdk.ComputeClient.scopes
.
- Added the
ComputeClient.register_function()
andComputeClient.delete_function()
methods. (:pr:`1085`)ComputeClient.register_function()
introduces new data model classes:ComputeFunctionDocument
andComputeFunctionMetadata
.
- Added the
TransferClient.set_subscription_id()
method. (:pr:`1073`) - Added a new error type,
globus_sdk.ValidationError
, used in certain cases ofValueError
s caused by invalid content. (:pr:`1044`)
- Removed the
skip_error_handling
optional kwarg from theGlobusApp.get_authorizer(...)
method interface. (:pr:`1060`)
All previously experimental modules have been moved into main module namespaces and are no longer experimental. Aliases will remain in the experimental namespaces with a deprecation warning until SDKv4.
- :ref:`gares` have been moved from
globus_sdk.experimental.auth_requirements_error
toglobus_sdk.gare
. (:pr:`1048`)- The primary document type has been renamed from
GlobusAuthRequirementsError
toGARE
. - The functions provided by this interface have been renamed to use
gare
in their naming:to_gare
,is_gare
,has_gares
, andto_gares
.
- The primary document type has been renamed from
- :ref:`globus_apps` have been moved from
globus_sdk.experimental.globus_app
toglobus_sdk
andglobus_sdk.globus_app
. (:pr:`1085`) - :ref:`login_flow_managers` have been moved from
globus_sdk.experimental.login_flow_managers
toglobus_sdk.login_flows
. (:pr:`1057`) - :ref:`token_storages` have been moved from
globus_sdk.experimental.tokenstorage
toglobus_sdk.tokenstorage
. (:pr:`1065`) - :ref:`consents` have been moved from
globus_sdk.experimental.consents
toglobus_sdk.scopes.consents
. (:pr:`1047`)
- :ref:`gares` have been moved from
The response classes for OAuth2 token grants now vary by the grant type. For example, a
refresh_token
-type grant now produces a :class:`globus_sdk.OAuthRefreshTokenResponse`. This allows code handling responses to more easily identify which grant type produced a response. (:pr:`1051`)- The following new classes have been introduced: :class:`globus_sdk.OAuthRefreshTokenResponse`, :class:`globus_sdk.OAuthAuthorizationCodeResponse`, and :class:`globus_sdk.OAuthClientCredentialsResponse`.
- The
RenewingAuthorizer
class is now a generic over the response type which it handles, and the subtypes of authorizers are specialized for their types of responses. e.g.,class RefreshTokenAuthorizer(RenewingAuthorizer[OAuthRefreshTokenResponse])
.
The mechanisms of token data validation inside of
GlobusApp
are now more modular and extensible. TheValidatingTokenStorage
class does not define built-in validation behaviors, but instead contains a list of validator objects, which can be extended and otherwise altered. (:pr:`1061`)- These changes allow more validation criteria around token data to be
handled within the
ValidatingTokenStorage
. This changes error behaviors to avoid situations in which multiple errors are raised serially by different layers of GlobusApp.
- These changes allow more validation criteria around token data to be
handled within the
LoginFlowManager
s built withGlobusApp
now generate a more appropriate value forprefill_named_grant
, using the current hostname if possible. (:pr:`1075`)Imports of
globus_sdk.exc
now defer importingrequests
so as to reduce import-time performance impact the library is not needed. (:pr:`1044`)The following error classes are now lazily loaded even when
globus_sdk.exc
is imported:GlobusConnectionError
,GlobusConnectionTimeoutError
,GlobusTimeoutError
, andNetworkError
.
- Fixed the typing-time attributes of
globus_sdk
so thatmypy
and other type checkers won't erroneously suppress errors about missing attributes. (:pr:`1052`) - Fixed the handling of Dependent Token and Refresh Token responses in
TokenStorage
andValidatingTokenStorage
such thatid_token
is only parsed when appropriate. (:pr:`1055`) - Fixed a bug where upgrading from access token to refresh token mode in a
GlobusApp
could result in multiple login prompts. (:pr:`1060`)
- The scope builder for
SpecificFlowClient
is now available for direct access and use viaglobus_sdk.scopes.SpecificFlowScopeBuilder
. Callers can initialize this class with aflow_id
to get a scope builder for a specific flow, e.g.,SpecificFlowScopeBuilder(flow_id).user
.SpecificFlowClient
now uses this class internally. (:pr:`1030`) TransferClient.add_app_data_access_scope
now accepts iterables of collection IDs as an alternative to individual collection IDs. (:pr:`1034`)
Experimental
- Added
login(...)
,logout(...)
, andlogin_required(...)
to the experimentalGlobusApp
construct. (:pr:`1041`)login(...)
initiates a login flow if:- the current entity requires a login to satisfy local scope requirements or
auth_params
/force=True
is passed to the method.
logout(...)
remove and revokes the current entity's app-associated tokens.login_required(...)
returns a boolean indicating whether the app believes a login is required to satisfy local scope requirements.
Experimental
Made
run_login_flow
private in the experimentalGlobusApp
construct. Usage sites should be replaced with eitherapp.login()
orapp.login(force=True)
. (:pr:`1041`)Old Usage
app = UserApp("my-app", client_id="<my-client-id>") app.run_login_flow()
New Usage
app = UserApp("my-app", client_id="<my-client-id>") app.login(force=True)
- The client for Globus Timers has been renamed to
TimersClient
. The prior name,TimerClient
, has been retained as an alias. (:pr:`1032`)- Similarly, the error and scopes classes have been renamed and aliased:
TimersAPIError
replacesTimerAPIError
andTimersScopes
replacesTimerScopes
. - Internal module names have been changed to
timers
fromtimer
where possible. - The
service_name
attribute is left astimer
for now, as it is integrated into URL and_testing
logic.
- Similarly, the error and scopes classes have been renamed and aliased:
Experimental
The experimental
TokenStorageProvider
andLoginFlowManagerProvider
protocols have been updated to require keyword-only arguments for theirfor_globus_app
methods. This protects against potential ordering confusion for their arguments. (:pr:`1028`)The
default_scope_requirements
forglobus_sdk.FlowsClient
has been updated to list the Flowsall
scope. (:pr:`1029`)The
CommandLineLoginFlowManager
now exposesprint_authorize_url
andprompt_for_code
as methods, which replace thelogin_prompt
andcode_prompt
parameters. Users who wish to customize prompting behavior now have a greater degree of control, and can effect this by subclassing theCommandLineLoginFlowManager
. (:pr:`1039`)Example usage, which uses the popular
click
library to handle the prompts:import click from globus_sdk.experimental.login_flow_manager import CommandLineLoginFlowManager class ClickLoginFlowManager(CommandLineLoginFlowManager): def print_authorize_url(self, authorize_url: str) -> None: click.echo(click.style("Login here for a code:", fg="yellow")) click.echo(authorize_url) def prompt_for_code(self) -> str: return click.prompt("Enter the code here:")
GlobusApp.token_storage
is now a public property, allowing users direct access to theValidatingTokenStorage
used by the app to build authorizers. (:pr:`1040`)The experimental
GlobusApp
construct's scope exploration interface has changed fromapp.get_scope_requirements(resource_server: str) -> tuple[Scope]
toapp.scope_requirements
. The new property will return a deep copy of the internal requirements dictionary mapping resource server to a list of Scopes. (:pr:`1042`)
TimerScopes
is now a deprecated name. UseTimersScopes
instead. (:pr:`1032`)
Experimental
- Container types in
GlobusApp
function argument annotations are now generally covariant collections likeMapping
rather than invariant types likedict
. (:pr:`1035`)
- The Globus Timers examples have been significantly enhanced and now leverage more modern usage patterns. (:pr:`1032`)
- Added a reference to the new Flows all scope under
globus_sdk.scopes.FlowsScopes.all
. (:pr:`1016`)
Experimental
- Added support for
ScopeCollectionType
to GlobusApp's__init__
andadd_scope_requirements
methods. (:pr:`1020`)
- Updated
ScopeCollectionType
to be defined recursively. (:pr:`1020`) TransferClient.add_app_data_access_scope
now raises an error if it is given an invalid collection ID. (:pr:`1022`)
Experimental
- Changed the experimental
GlobusApp
class in the following way (:pr:`1017`):app_name
is no longer required (defaults to "Unnamed Globus App")- Token storage now defaults to including the client id in the path.
- Old (unix) :
~/.globus/app/{app_name}/tokens.json
- New (unix):
~/.globus/app/{client_id}/{app_name}/tokens.json
- Old (win):
~\AppData\Local\globus\app\{app_name}\tokens.json
- New (win):
~\AppData\Local\globus\app\{client_id}\{app_name}\tokens.json
- Old (unix) :
GlobusAppConfig.token_storage
now accepts shorthand string references:"json"
to use aJSONTokenStorage
,"sqlite"
to use aSQLiteTokenStorage
and"memory"
to use aMemoryTokenStorage
.GlobusAppConfig.token_storage
also now accepts aTokenStorageProvider
, a class with afor_globus_app(...) -> TokenStorage
class method.- Renamed the experimental
FileTokenStorage
attribute.filename
to.filepath
.
- Changed the experimental
GlobusApp
class in the following ways (:pr:`1018`):LoginFlowManagers
now insertGlobusApp.app_name
into any native client login flows as theprefill_named_grant
.GlobusAppConfig
now accepts alogin_redirect_uri
parameter to specify the redirect URI for a login flow.- Invalid when used with a
LocalServerLoginFlowManager
. - Defaults to
"https://auth.globus.org/v2/web/auth-code"
for native client flows. Raises an error if not set for confidential ones.
- Invalid when used with a
UserApp
now allows for the use of confidential client flows with the use of either aLocalServerLoginFlowManager
or a configuredlogin_redirect_uri
.GlobusAppConfig.login_flow_manager
now accepts shorthand string references"command-line"
to use aCommandLineLoginFlowManager
and"local-server"
to use aLocalServerLoginFlowManager
.GlobusAppConfig.login_flow_manager
also now accepts aLoginFlowManagerProvider
, a class with afor_globus_app(...) -> LoginFlowManager
class method.
- Added a scope normalization function
globus_sdk.scopes.scopes_to_scope_list
to translate fromScopeCollectionType
to a list ofScope
objects. (:pr:`1020`)
- The
TransferClient.task_list
method now supportsorderby
as a parameter. (:pr:`1011`)
- The
SQLiteTokenStorage
component inglobus_sdk.experimental
has been changed in several ways to improve its interface. (:pr:`1004`) :memory:
is no longer accepted as a database name. Attempts to use it will trigger errors directing users to useMemoryTokenStorage
instead.- Parent directories for a target file are automatically created, and this
behavior is inherited from the
FileTokenStorage
base class. (This was previously a feature only of theJSONTokenStorage
.) - The
config_storage
table has been removed from the generated database schema, the schema version number has been incremented to2
, and methods and parameters related to manipulation ofconfig_storage
have been removed.
- Added a new experimental "Updated Examples" section which rewrites and reorders many examples to aid in discovery. (:pr:`1008`)
GlobusApp
,UserApp`, and ``ClientApp
class reference docs. (:pr:`1013`)- Added a narrative example titled
Using a GlobusApp
detailing the basics of constructing and using a GlobusApp. (:pr:`1013`) - Remove unwritten example updates from toctree. (:pr:`1014`)
- Remove support for Python 3.7. (:pr:`997`)
- Add
globus_sdk.ConnectorTable
which provides information on supported Globus Connect Server connectors. This object maps names to IDs and vice versa. (:pr:`955`) - Support adding query parameters to
ConfidentialAppAuthClient.oauth2_token_introspect
via aquery_params
argument. (:pr:`984`) - Add
get_gcs_info
as a helper method toGCSClient
for getting information from a Globus Connect Server'sinfo
API route. - Add
endpoint_client_id
as a property toGCSClient
. - Clients will now emit a
X-Globus-Client-Info
header which reports the version of theglobus-sdk
which was used to send a request. Users may customize this header further by modifying theglobus_client_info
object attached to the transport object. (:pr:`990`)
Experimental
Add a new abstract class,
TokenStorage
, toexperimental
.TokenStorage
expands the functionality ofStorageAdapter
but is not fully backwards compatible. (:pr:`980`)FileTokenStorage
,JSONTokenStorage
,MemoryTokenStorage
andSQLiteTokenStorage
are new concrete implementations ofTokenStorage
.
Add
ValidatingStorageAdapter
toexperimental
, which validates that identity is maintained and scope requirements are met on token storage/retrieval. (:pr:`978`, :pr:`980`)Add a new abstract class,
AuthorizerFactory
toexperimental
.AuthorizerFactory
provides an interface for getting aGlobusAuthorizer
from aValidatingTokenStorage
. (:pr:`985`)AccessTokenAuthorizerFactory
,RefreshTokenAuthorizerFactory
, andClientCredentialsAuthorizerFactory
are new concrete implementations ofAuthorizerFactory
.
Add a new abstract class,
GlobusApp
toexperimental
. AGlobusApp
is an abstraction which allows users to define their authorization requirements implicitly and explicitly, attach that state to their various clients, and drive login flows. (:pr:`986`)UserApp
andClientApp
are new implementations ofGlobusApp
which handle authentications for user-login and client-credentials.
GlobusAppConfig
is an object which can be used to controlGlobusApp
behaviors.
Add
app
as an optional argument toBaseClient
which will accept aGlobusApp
to handle authentication, token validation, and token storage when using the client.Add
default_scope_requirements
as a property toBaseClient
for subclasses to define scopes to automatically be used with aGlobusApp
. The default implementation raises aNotImplementedError
.Add
add_app_scope
toBaseClient
as an interface for adding additional scope requirements to itsapp
.AuthClient
,FlowsClient
,GCSClient
,GroupsClient
,SearchClient
,TimerClient
, andTransferClient
all addapp
as an optional argument and definedefault_scope_requirements
so that they can be used with aGlobusApp
.Add
add_app_data_access_scope
toTransferClient
as an interface for adding a dependent data access scope requirements needed for interacting with standard Globus Connect Server mapped collections to itsapp
.Auto-login (overridable in config) GlobusApp login retry on token validation error. (:pr:`994`)
Added the configuration parameter
GlobusAppConfig.environment
. (:pr:`1001`)
GCSClient
instances now have a non-Noneresource_server
property.GlobusAuthorizationParameters
no longer enforces that at least one field is set. (:pr:`989`)- Improved the validation and checking used inside of
globus_sdk.tokenstorage.SimpleJSONFileAdapter
andglobus_sdk.experimental.tokenstorage.JSONTokenStorage
. (:pr:`997`)
GCSClient.connector_id_to_name
has been deprecated. UseConnectorTable.lookup
instead. (:pr:`955`)
Experimental
- When a
JSONTokenStorage
is used, the containing directory will be automatically be created if it doesn't exist. (:pr:`998`) GlobusApp.add_scope_requirements
now has the side effect of clearing the authorizer cache for any referenced resource servers. (:pr:`1000`)GlobusAuthorizer.scope_requirements
was made private and a new method for accessing scope requirements was added atGlobusAuthorizer.get_scope_requirements
. (:pr:`1000`)- A
GlobusApp
will now auto-create an Auth consent client for dependent scope evaluation against consents as a part of instantiation. (:pr:`1000`) - Fixed a bug where specifying dependent tokens in a new
GlobusApp
would cause the app to infinitely prompt for log in. (:pr:`1002`) - Fixed a
GlobusApp
bug which would cause LocalServerLoginFlowManager to error on MacOS when versions earlier than Python 3.11. (:pr:`1003`)
- Document how to manage Globus SDK warnings. (:pr:`988`)
- Added a new AuthClient method
get_consents
and supporting local data objects. These allows a client to poll and interact with the current Globus Auth consent state of a particular identity rooted at their client. (:pr:`971`) - Added
LoginFlowManager
andCommandLineLoginFLowManager
to experimental (:pr:`972`) - Added
LocalServerLoginFlowManager
to experimental (:pr:`977`) - Added support to
FlowsClient
for thevalidate_flow
operation of the Globus Flows service. (:pr:`979`)
- Add
globus_sdk.tokenstorage.MemoryAdapter
for the simplest possible in-memory token storage mechanism. (:pr:`964`) ConfidentialAppAuthClient.oauth2_get_dependent_tokens
now supports thescope
parameter as a string or iterable of strings. (:pr:`965`)- Moved scope parsing out of experimental. The
Scope
construct is now importable from the top levelglobus_sdk
module. (:pr:`966`) - Support updating subscriptions assigned to flows in the Flows service. (:pr:`974`)
- Fix concurrency problems in the test suite caused by isort's
.isorted
temporary files. (:pr:`973`)
- Added
TransferClient.operation_stat
helper method for getting the status of a path on a collection (:pr:`961`)
IterableGCSResponse
andUnpackingGCSResponse
are now available as top-level exported names. (:pr:`956`)- Add
GroupsClient.get_group_by_subscription_id
for resolving subscriptions to groups. This also expands the_testing
data forget_group
to include a subscription group case. (:pr:`957`) - Added
prompt
to the recognized Globus Authorization Requirements Errorauthorization_parameters
fields. (:pr:`958`)
- All of the basic HTTP methods of
BaseClient
and its derived classes which accept adata
parameter for a request body, e.g.TransferClient.post
orGroupsClient.put
, now allow thedata
to be passed in the form of already encodedbytes
. (:pr:`951`)
- Update
ensure_datatype
to work with documents that setDATA_TYPE
toMISSING
instead of omitting it (:pr:`952`)
- Added support for GCS endpoint get & update operations (:pr:`933`)
gcs_client.get_endpoint()
gcs_client.update_endpoint(EndpointDocument(...))
TransferClient.endpoint_manager_task_list()
now supportsfilter_endpoint_use
as a parameter. (:pr:`948`)FlowsClient.create_flow
now supportssubscription_id
as a parameter. (:pr:`949`)
- Added a
session_required_mfa
parameter to theAuthorizationParameterInfo
error info object andoauth2_get_authorize_url
method (:pr:`939`)
- The argument specification for
AuthClient.create_policy
was incorrect. The corrected method will emit deprecation warnings if called with positional arguments, as the corrected version uses keyword-only arguments. (:pr:`936`)
TransferClient.operation_symlink
is now officially deprecated and will emit aRemovedInV4Warning
if used. (:pr:`942`)
- Included documentation in
AuthorizationParameterInfo
forsession_required_policies
(:pr:`939`)
- Add the
delete_protected
field toMappedCollectionDocument
. (:pr:`920`)
- Minor improvements to handling of paths and URLs. (:pr:`922`)
- Request paths which start with the
base_path
of a client are now normalized to avoid duplicating thebase_path
. - When a
GCSClient
is initialized with an HTTPS URL, if the URL does not end with the/api
suffix, that suffix will automatically be appended. This allows thegcs_manager_url
field from Globus Transfer to be used verbatim as the address for aGCSClient
.
- Request paths which start with the
NativeAppAuthClient.oauth2_validate_token
andConfidentialAppAuthClient.oauth2_validate_token
have been deprecated, as their usage is discouraged by the Auth service. (:pr:`921`)
- Migrate from a CHANGELOG symlink to the RST
.. include
directive. (:pr:`918`) - Tutorial endpoint references are removed from tests and replaced with bogus values. (:pr:`919`)
- Remove references to the Tutorial Endpoints from documentation. (:pr:`915`)
Support custom CA certificate bundles. (:pr:`903`)
Previously, SSL/TLS verification allowed only a boolean
True
orFalse
value. It is now possible to specify a CA certificate bundle file using the existingverify_ssl
parameter orGLOBUS_SDK_VERIFY_SSL
environment variable.This may be useful for interacting with Globus through certain proxy firewalls.
- Fix the type annotation for
globus_sdk.IdentityMap
init, which incorrectly rejectedConfidentialAppAuthClient
. (:pr:`912`)
Note
These changes pertain to methods of the client objects in the SDK which interact with Globus Auth client registration. To disambiguate, we refer to the Globus Auth entities below as "Globus Auth clients" or specify "in Globus Auth", as appropriate.
- Globus Auth clients objects now have methods for interacting with client and
project APIs. (:pr:`884`)
NativeAppAuthClient.create_native_app_instance
creates a new native app instance in Globus Auth for a client.ConfidentialAppAuthClient.create_child_client
creates a child client in Globus Auth for a confidential app.AuthClient.get_project
looks up a project.AuthClient.get_policy
looks up a policy document.AuthClient.get_policies
lists all policies in all projects for which the current user is an admin.AuthClient.create_policy
creates a new policy.AuthClient.update_policy
updates an existing policy.AuthClient.delete_policy
deletes a policy.AuthClient.get_client
looks up a Globus Auth client by ID or FQDN.AuthClient.get_clients
lists all Globus Auth clients for which the current user is an admin.AuthClient.create_client
creates a new client in Globus Auth.AuthClient.update_client
updates an existing client in Globus Auth.AuthClient.delete_client
deletes a client in Globus Auth.AuthClient.get_client_credentials
lists all client credentials for a given Globus Auth client.AuthClient.create_client_credential
creates a new client credential for a given Globus Auth client.AuthClient.delete_client_credential
deletes a client credential.AuthClient.get_scope
looks up a scope.AuthClient.get_scopes
lists all scopes in all projects for which the current user is an admin.AuthClient.create_scope
creates a new scope.AuthClient.update_scope
updates an existing scope.AuthClient.delete_scope
deletes a scope.
- A helper object has been defined for dependent scope manipulation via the
scopes APIs,
globus_sdk.DependentScopeSpec
(:pr:`884`)
- When serializing
TransferTimer
data, do not convert to UTC if the input was a valid datetime with an offset. (:pr:`900`)
- Add support for the new Transfer Timer creation method, in the form of a
client method,
TimerClient.create_timer
, and a payload builder type,TransferTimer
(:pr:`887`)create_timer
only supports dict data andTransferTimer
, not the previousTimerJob
type- Additional helper classes,
RecurringTimerSchedule
andOneceTimerSchedule
, are provided to help build theTransferTimer
payload
- Request encoding in the SDK will now automatically convert any
uuid.UUID
objects into strings. Previously this was functionality provided by certain methods, but now it is universal. (:pr:`892`)
- Creation of timers to run transfers using
TimerJob
is now deprecated (:pr:`887`)
TransferClient.operation_ls
now supports thelimit
andoffset
parameters (:pr:`868`)- A new sentinel value,
globus_sdk.MISSING
, has been introduced. It is used for method calls which need to distinguish missing parameters from an explicitNone
used to signifynull
(:pr:`885`)globus_sdk.MISSING
is now supported in payload data for all methods, and will be automatically removed from the payload before sending to the server
GroupPolicies
objects now treat an explicit instantiation withhigh_assurance_timeout=None
as setting the timeout tonull
(:pr:`885`)
- The inheritance structure used for Globus Auth client classes has changed.
(:pr:`849`)
- A new class,
AuthLoginClient
, is the base forNativeAppAuthClient
andConfidentialAppAuthClient
. These classes no longer inherit fromAuthClient
, and therefore no longer inherit certain methods which would never succeed if called. AuthClient
is now the only class which provides functionality for accessing Globus Auth APIs.AuthClient
no longer includes methods for OAuth 2 login flows which would only be valid to call onAuthLoginClient
subclasses.
- A new class,
- Several features of Auth client classes are now deprecated. (:pr:`849`)
- Setting
AuthClient.client_id
or accessing it as an attribute is deprecated and will emit a warning. ConfidentialAppAuthClient.get_identities
has been preserved as a valid call, but will emit a warning. Users wishing to access this API via client credentials should prefer to get an access token using a client credential callout, and then use that token to callAuthClient.get_identities()
.
- Setting
- The
AuthClient.oauth2_userinfo
method has been deprecated in favor ofAuthClient.userinfo
. Callers should prefer the new method name. (:pr:`865`)
- Add support for Python 3.12. (:pr:`808`)
Add a
prompt
keyword parameter toAuthClient.oauth2_get_authorize_url()
. (:pr:`813`)Setting this parameter requires users to authenticate with an identity provider, even if they are already logged in. Doing so can help avoid errors caused by unexpected session required policies, which would otherwise require a second, follow-up login flow.
prompt
could previously only be set via thequery_params
keyword parameter. It is now more discoverable.Add
TimerClient.pause_job
andTimerClient.resume_job
for pausing and resuming timers. (:pr:`827`)
- Add an example script which handles creating and running a flow. (:pr:`826`)
- Added responses to
_testing
reflecting an inactive Timers job (:pr:`828`)
- Add a
FlowsClient.get_run_definition()
method. (:pr:`799`)
FlowsClient.get_run_logs()
now uses anIterableRunLogsResponse
. (:pr:`797`)
- New components are introduced to the experimental subpackage. See the SDK
Experimental documentation for more details.
- Add tools which manipulate Globus Auth Requirements error data.
globus_sdk.experimental.auth_requirements_error
provides a data container class,GlobusAuthRequirementsError
, and functions for converting and validating data against this shape. (:pr:`768`) - Introduce an experimental Globus Auth scope parser in
globus_sdk.experimental.scope_parser
(:pr:`752`)
- Add tools which manipulate Globus Auth Requirements error data.
- The
scopes
class attribute ofSpecificFlowClient
is now specialized to ensure that type checkers will allow access toSpecificFlowClient
scopes andresource_server
values withoutcast
ing. The value used is a specialized stub which raises useful errors when class-based access is performed. Thescopes
instance attribute is unchanged. (:pr:`793`)
- The
jwt_params
argument todecode_id_token()
now allows"leeway"
to be included to pass aleeway
parameter to pyjwt. (:pr:`790`)
decode_id_token()
defaulted to having no tolerance for clock drift. Slight clock drift could lead to JWT claim validation errors. The new default is 0.5s which should be sufficient for most cases. (:pr:`790`)
- New scripts in the example gallery demonstrate usage of the Globus Auth Developer APIs to List, Create, Delete, and Update Projects. (:pr:`777`)
- Add
FlowsClient.list_runs
as a method for listing all runs for the current user, with support for pagination. (:pr:`782`) - Add
SearchClient
methods for managing search index lifecycle:create_index
,delete_index
, andreopen_index
(:pr:`785`)
- The enforcement logic for URLs in
BaseClient
instantiation has been improved to only require thatservice_name
be set ifbase_url
is not provided. (:pr:`786`)- This change primarily impacts subclasses, which no longer need to set the
service_name
class variable if they ensure that thebase_url
is always passed with a non-null value. - Direct instantiation of
BaseClient
is now possible, although not recommended for most use-cases.
- This change primarily impacts subclasses, which no longer need to set the
- Add
AuthClient
methods to support the Projects APIs for listing, creating, updating, and deleting projects. globus_sdk._testing
now exposes a method,construct_error
which makes it simpler to explicitly construct and return a Globus SDK error object for testing. This is used in the SDK's own testsuite and is available for_testing
users. (:pr:`770`)AuthClient.oauth2_get_authorize_url
now supports the following parameters for session management:session_required_identities
,session_required_single_domain
, andsession_required_policies
. Each of these accept list inputs, as returned byErrorInfo.authorization_parameters
. (:pr:`773`)
AuthClient
,NativeAppAuthClient
, andConfidentialAppAuthClient
have had their init signatures updated to explicitly list available parameters. (:pr:`764`)- Type annotations for these classes are now more accurate
- The
NativeAppAuthClient
andConfidentialAppAuthClient
classes do not acceptauthorizer
in their init signatures. Previously this was accepted but raised aGlobusSDKUsageError
. Attempting to pass anauthorizer
will now result in aTypeError
.
session_required_policies
parsing inAuthorizationParameterInfo
now supports the policies being returned as alist[str]
in addition to supportingstr
(:pr:`769`)
AuthorizationParameterInfo
is now more type-safe, and will not return parsed data from a response without checking that the data has correct types (:pr:`769`)- Adjust the
FlowsClient.get_run()
include_flow_description
parameter so it is submitted only when it has a value. (:pr:`778`)
- The
_testing
documentation has been expanded with a dropdown view of the response contents for each method. In support of this, client method testing docs have been reorganized into a page per service. (:pr:`767`)
- Add support for
AuthClient.get_identity_providers
for looking up Identity Providers by domain or ID in Globus Auth (:pr:`757`) - Add a method to the Globus Search client,
SearchClient.batch_delete_by_subject
(:pr:`760`) - Add
AuthScopes.manage_projects
to scope data. This is also accessible asAuthClient.scopes.manage_projects
(:pr:`761`)
- Alpha features of globus-sdk are now documented in the "Unstable" doc section (:pr:`753`)
AuthAPIError
will now parse a uniqueid
found in the error subdocuments as therequest_id
attribute (:pr:`749`)- Add a
FlowsClient.update_run()
method. (:pr:`744`) - Add a
FlowsClient.delete_run()
method. (:pr:`747`) - Add a
FlowsClient.cancel_run()
method. (:pr:`747`) - Add an
experimental
subpackage. (:pr:`751`)
- Fix
TransferClient.operation_mkdir
andTransferClient.operation_rename
to no longer send nulllocal_user
by default (:pr:`741`)
- Implemented
FlowsClient.get_run(...)
(:pr:`721`) - Implemented
FlowsClient.get_run_logs(...)
(:pr:`722`) - Implemented
SpecificFlowClient.resume_run(...)
(:pr:`723`) ConsentRequiredInfo
now acceptsrequired_scope
(singular) containing a single string as an alternative torequired_scopes
. However, it will parse both formats into arequired_scopes
list. (:pr:`726`)FlowsClient.list_flows
now supports passing a non-string iterable of strings toorderby
in order to indicate multiple orderings (:pr:`730`)- Support
pathlib.Path
objects as filenames for the JSON and sqlite token storage adapters. (:pr:`734`) - Several
TransferClient
methods,TransferData
, andDeleteData
now support thelocal_user
,source_local_user
, anddestination_local_user
parameters (:pr:`736`)
- Behavior has changed slightly specifically for
TimerAPIError
. When parsing fails, thecode
will beError
and themessages
will be empty. Thedetail
field will be treated as theerrors
array for these errors when it is present and contains an array of objects. - Error parsing in the SDK has been enhanced to better support JSON:API and
related error formats with multiple sub-errors. Several attributes are
added or changed. For most SDK users, the changes will be completely
transparent or a minor improvement. (:pr:`725`)
- Error parsing now attempts to detect the format of the error data and will parse JSON:API data differently from non-JSON:API data. Furthermore, parsing is stricter about the expectations about fields and their types. JSON:API parsing now has its own distinct parsing path, followed only when the JSON:API mimetype is present.
- A new attribute is added to API error objects,
errors
. This is a list of subdocuments parsed from the error data, especially relevant for JSON:API errors and similar formats. See the :ref:`ErrorSubdocument documentation <error_subdocuments>` for details. - A new attribute is now present on API error objects,
messages
. This is a list of messages parsed from the error data, for errors with multiple messages. When there is only one message,messages
will only contain one item. - The
message
field is now an alias for a joined string ofmessages
. Assigning a string tomessage
is supported for error subclasses, but is deprecated. message
will now beNone
when no messages can be parsed from the error data. Previously, the default formessage
would be an alias fortext
.- All error types now support
request_id
as an attribute, but it will default toNone
for errors which do not include arequest_id
. - An additional field is checked by default for error message data,
title
. This is useful when errors containtitle
but nodetail
field. The extraction of messages from errors has been made stricter, especially in the JSON:API case. - The
code
field of errors will no longer attempt to parse only the firstcode
from multiple sub-errors. Instead,code
will first parse a top-levelcode
field, and then fallback to checking if all sub-errors have the samecode
value. The result is that certain errors which would populate a non-defaultcode
value no longer will, but thecode
will also no longer be misleading when multiple errors with different codes are present in an error object. - The
code
field of an error may now beNone
. This is specifically possible when the error format is detected to be known as JSON:API and there is nocode
present in any responses.
- The TransferRequestsTransport will no longer automatically retry errors with a code of EndpointError
- Fix pagination on iterable gcs client routes (:pr:`738`, :pr:`739`)
GCSClient.get_storage_gateway_list
GCSClient.get_role_list
GCSClient.get_collection_list
GCSClient.get_user_credential_list
- Added
FlowsClient.update_flow(...)
(:pr:`710`) - Support passing "include" as a transfer
filter_rule
method (:pr:`712`) - Make the request-like interface for response objects and errors more uniform. (:pr:`715`)
- Both
GlobusHTTPResponse
andGlobusAPIError
are updated to ensure that they have the following properties in common:http_status
,http_reason
,headers
,content_type
,text
GlobusHTTPResponse
andGlobusAPIError
have both gained a new property,binary_content
, which returns the unencoded response data as bytes
- Both
GlobusAPIError.raw_text
is deprecated in favor oftext
- The return type of
AuthClient.get_identities
is now correctly annotated as an iterable type,globus_sdk.GetIdentitiesResponse
(:pr:`716`)
- Documentation for client methods has been improved to more consistently format and display examples and other information (:pr:`714`)
ConfidentialAppAuthClient.oauth2_get_dependent_tokens
now supports therefresh_tokens
parameter to enable requests for dependent refresh tokens (:pr:`698`)
- Behaviors which will change in version 4.0.0 of the
globus-sdk
now emit deprecation warnings. TransferData.add_item
now defaults to omittingrecursive
rather than setting its value toFalse
. This change better matches new Transfer API behaviors which treat the absence of therecursive
flag as meaning autodetect, rather than the previous default ofFalse
. Setting the recursive flag can still have beneficial behaviors, but should not be necessary for many use-cases (:pr:`696`)
- Omitting
requested_scopes
or specifying it asNone
is now deprecated and will emit a warning. In version 4, users will always be required to specify their scopes when performing login flows. This applies to the following methods:ConfidentialAppAuthClient.oauth2_client_credentials_tokens
AuthClient.oauth2_start_flow
SearchClient.update_entry
andSearchClient.create_entry
are officially deprecated and will emit a warning. These APIs are aliases ofSearchClient.ingest
, but their existence has caused confusion. Users are encouraged to switch toSearchClient.ingest
instead (:pr:`695`)
- When users input empty
requested_scopes
values, these are now rejected with a usage error instead of being translated into the default set ofrequested_scopes
- Fix the type annotation for
max_sleep
on client transports to allowfloat
values (:pr:`697`)
- Remove support for python3.6 (:pr:`681`)
MutableScope
objects can now be used in theoauth2_start_flow
andoauth2_client_credentials_tokens
methods ofAuthClient
classes as part ofrequested_scopes
(:pr:`689`)
- Make
MutableScope.scope_string
a public instance attribute (was_scope_string
) (:pr:`687`) - Globus Groups methods which required enums as arguments now also accept
a variety of
Literal
strings in their annotations as well. This is coupled with changes to ensure that strings and enums are always serialized correctly in these cases. (:pr:`691`)
- Fix a typo in
TransferClient.endpoint_manager_task_successful_transfers
which prevented calls from being made correctly (:pr:`683`)
- Allow UUID values for the
client_id
parameter toAuthClient
and its subclasses (:pr:`676`)
- Improved GCS Collection datatype detection to support
collection#1.6.0
andcollection#1.7.0
documents (:pr:`675`)guest_auth_policy_id
is now supported onMappedCollectionDcoument
user_message
strings over 64 characters are now supported
- The
session_required_policies
attribute ofAuthorizationInfo
is now parsed as a list of strings when present, andNone
when absent. (:pr:`678`) globus_sdk.ArrayResponse
andglobus_sdk.IterableResponse
are now available as names. Previously, these were only importable fromglobus_sdk.response
(:pr:`680`)
ArrayResponse
andIterableResponse
have better error behaviors when the API data does not match their expected types (:pr:`680`)
- Fix the Timer code example (:pr:`672`)
- New documentation examples for Transfer Task submission in the presence of
ConsentRequired
errors (:pr:`673`)
- AuthorizationParameterInfo now exposes session_required_policies (:pr:`658`)
- Fix a bug where
TransferClient.endpoint_manager_task_list
didn't handle thelast_key
argument when paginated (:pr:`662`)
- Scope Names can be set explicitly in a
ScopeBuilder
(:pr:`641`) - Introduced
ScopeBuilder.scope_names
property (:pr:`641`) - Add support for
interpret_globs
andignore_missing
toDeleteData
(:pr:`646`) - A new object,
globus_sdk.LocalGlobusConnectServer
can be used to inspect the local installation of Globus Connect Server (:pr:`647`)- The object supports properties for
endpoint_id
anddomain_name
- This only supports Globus Connect Server version 5
- The object supports properties for
- The filter argument to TransferClient.operation_ls now accepts a list to pass multiple filter params (:pr:`652`)
- Improvements to
MutableScope
objects (:pr:`654`)MutableScope(...).serialize()
is added, andstr(MutableScope(...))
uses itMutableScope.add_dependency
now supportsMutableScope
objects as inputsScopeBuilder.make_mutable
now accepts a keyword argumentoptional
. This allows, for example,TransferScopes.make_mutable("all", optional=True)
- Improve the
__str__
implementation forOAuthTokenResponse
(:pr:`640`) - When
GlobusHTTPResponse
contains a list, calls toget()
will no longer fail with anAttributeError
but will return the default value (None
if unspecified) instead (:pr:`644`)
- The
optional
argument toadd_dependency
is deprecated.MutableScope(...).add_dependency(MutableScope("foo", optional=True))
can be used to add an optional dependency
- Fixed SpecificFlowClient scope string (:pr:`641`)
- Fix a bug in the type annotations for transport objects which restricted the size of status code tuples set as classvars (:pr:`651`)
- Python 3.11 is now officially supported (:pr:`628`)
- Add support for
FlowsClient.get_flow
andFlowsClient.delete_flow
(:pr:`631`, :pr:`626`) - Add a
close()
method toSQLiteAdapter
which closes the underlying connection (:pr:`628`)
- Add
connect_params
toSQLiteAdapter
, enabling customization of the sqlite connection (:pr:`613`) - Add
FlowsClient.create_flow(...)
(:pr:`614`) - Add
globus_sdk.SpecificFlowClient
to manage interactions performed against a specific flow (:pr:`616`) - Add support to
FlowsClient.list_flows
for pagination and theorderby
parameter (:pr:`621`, :pr:`622`)
- Fix rst formatting for a few nested bullet points in existing changelog (:pr:`619`)
- Add Mapped Collection policy helper types for constructing
policies
data. (:pr:`607`) The following new types are introduced:CollectionPolicies
(the base class for these types)POSIXCollectionPolicies
POSIXStagingCollectionPolicies
GoogleCloudStorageCollectionPolicies
- Fix bug where
UserCredential
policies were being converted to a string (:pr:`608`) - Corrected the Flows service
resource_server
string toflows.globus.org
(:pr:`612`)
- Implement
__dir__
for the lazy importer inglobus_sdk
. This enables tab completion in the interpreter and other features with rely upondir(globus_sdk)
(:pr:`603`) - Add an initial Globus Flows client class,
globus_sdk.FlowsClient
(:pr:`604`)globus_sdk.FlowsAPIError
is the error class for this clientFlowsClient.list_flows
is implemented as a method for listing deployed flows, with some of the filtering parameters of this API supported as keyword arguments- The scopes for the Globus Flows API can be accessed via
globus_sdk.scopes.FlowsScopes
orglobus_sdk.FlowsClient.scopes
- Adjust behaviors of
TransferData
andTimerJob
to makeTimerJob.from_transfer_data
work and to defer requesting thesubmission_id
until the task submission call (:pr:`602`)TransferData
avoids passingnull
for several values when they are omitted, ranging from optional parameters toadd_item
toskip_activation_check
TransferData
andDeleteData
now support usage in which thetransfer_client
parameters isNone
. In these cases, ifsubmission_id
is omitted, it will be omitted from the document, allowing the creation of a partial task submsision document with nosubmission_id
TimerJob.from_transfer_data
will now raise aValueError
if the input document containssubmission_id
orskip_activation_check
TransferClient.submit_transfer
andTransferClient.submit_delete
now check to see if the data being sent contains asubmission_id
. If it does not,get_submission_id
is called automatically and set as thesubmission_id
on the payload. The newsubmission_id
is set on the object passed to these methods, meaning that these methods are now side-effecting.
The newly recommended usage for TransferData
and DeleteData
is to pass
the endpoints as named parameters:
# -- for TransferData --
# old usage
transfer_client = TransferClient()
transfer_data = TransferData(transfer_client, ep1, ep2)
# new (recommended) usage
transfer_data = TransferData(source_endpoint=ep1, destination_endpoint=ep2)
# -- for DeleteData --
# old usage
transfer_client = TransferClient()
delete_data = TransferData(transfer_client, ep)
# new (recommended) usage
delete_data = DeleteData(endpoint=ep)
- Use
setattr
in the lazy-importer. This makes attribute access after imports faster by several orders of magnitude. (:pr:`591`)
- Add guest collection example script to docs (:pr:`590`)
- Remove nonexistent
monitor_ongoing
scope fromTransferScopes
(:pr:`583`)
- Add User Credential methods to
GCSClient
(:pr:`582`)get_user_credential_list
get_user_credential
create_user_credential
update_user_credential
delete_user_credential
- Add
connector_id_to_name
helper toGCSClient
to resolve GCS Connector UUIDs to human readable Connector display names (:pr:`582`)
- Add helper objects and methods for interacting with Globus Connect Server
Storage Gateways (:pr:`554`)
- New methods on
GCSClient
:create_storage_gateway
,get_storage_gateway
,get_storage_gateway_list
,update_storage_gateway
,delete_storage_gateway
- New helper classes for constructing storage gateway documents.
StorageGatewayDocument
is the main one, but alsoPOSIXStoragePolicies
andPOSIXStagingStoragePolicies
are added for declaring the storage gatewaypolicies
field. More policy helpers will be added in future versions.
- New methods on
- Add support for more
StorageGatewayPolicies
documents. (:pr:`562`) The following types are now available:BlackPearlStoragePolicies
BoxStoragePolicies
CephStoragePolicies
GoogleDriveStoragePolicies
GoogleCloudStoragePolicies
OneDriveStoragePolicies
AzureBlobStoragePolicies
S3StoragePolicies
ActiveScaleStoragePolicies
IrodsStoragePolicies
HPSSStoragePolicies
- Add
https
scope toGCSCollectionScopeBuilder
(:pr:`563`) ScopeBuilder
objects now implement__str__
for easy viewing. For example,print(globus_sdk.TransferClient.scopes)
(:pr:`568`)- Several improvements to Transfer helper objects (:pr:`573`)
- Add
TransferData.add_filter_rule
for adding filter rules (exclude rules) to transfers - Add
skip_activation_check
as an argument toDeleteData
andTransferData
- The
sync_level
argument toTransferData
is now annotated more accurately to reject bad strings
- Add
- Update the fields used to extract
AuthAPIError
messages (:pr:`566`) - Imports from
globus_sdk
are now evaluated lazily via module-level__getattr__
on python 3.7+ (:pr:`571`)- This improves the performance of imports for almost all use-cases, in some cases by over 80%
- The method
globus_sdk._force_eager_imports()
can be used to force non-lazy imports, for latency sensitive applications which wish to control when the time cost of import evaluation is paid. This method is private and is therefore is not covered under theglobus-sdk
's SemVer guarantees, but it is expected to remain stable for the foreseeable future.
- Improve handling of array-style API responses (:pr:`575`)
- Response objects now define
__bool__
asbool(data)
. This means thatbool(response)
could beFalse
if the data is{}
,[]
,0
, or other falsey-types. Previously,__bool__
was not defined, meaning it was alwaysTrue
globus_sdk.response.ArrayResponse
is a new class which describes responses which are expected to hold a top-level array. It satisfies the sequence protocol, allowing indexing with integers and slices, iteration over the array data, and length checking withlen(response)
globus_sdk.GroupsClient.get_my_groups
returns anArrayResponse
, meaning the response data can now be iterated and otherwise used
- Response objects now define
- Several changes expose more details of HTTP requests (:pr:`551`)
GlobusAPIError
has a new propertyheaders
which provides the case-insensitive mapping of header values from the responseGlobusAPIError
andGlobusHTTPResponse
now includehttp_reason
, a string property containing the "reason" from the responseBaseClient.request
andRequestsTransport.request
now have options for setting boolean optionsallow_redirects
andstream
, controlling how requests are processed
- New tools for working with optional and dependent scope strings (:pr:`553`)
- A new class is provided for constructing optional and dependent scope
strings,
MutableScope
. Import as infrom globus_sdk.scopes import MutableScope
ScopeBuilder
objects provide a method,make_mutable
, which converts from a scope name to aMutableScope
object. See documentation on scopes for usage details
- A new class is provided for constructing optional and dependent scope
strings,
- Add a client for the Timer service (:pr:`548`)
- Add
TimerClient
class, along withTimerJob
for constructing data to pass to the Timer service for job creation, andTimerAPIError
- Modify
globus_sdk.config
utilities to provide URLs for Actions and Timer services
- Add
- Fix annotations to allow request data to be a string. This is supported at runtime but was missing from annotations. (:pr:`549`)
ScopeBuilder
objects now supportknown_url_scopes
, and known scope arguments to aScopeBuilder
may now be of typestr
in addition tolist[str]
(:pr:`536`)- Add the
RequestsTransport.tune
contextmanager to the transport layer, allowing the settings on the transport to be set temporarily (:pr:`540`)
globus_sdk.IdentityMap
can now take a cache as an input. This allows multipleIdentityMap
instances to share the same storage cache. Any mutable mapping type is valid, so the cache can be backed by a database or other storage (:pr:`500`)- Add support for
include
as a parameter toGroupsClient.get_group
.include
can be a string or iterable of strings (:pr:`528`) - Add a new method to tokenstorage,
SQLiteAdapter.iter_namespaces
, which iterates over all namespaces visible in the token database (:pr:`529`)
- Add
TransferRequestsTransport
class that does not retry ExternalErrors. This fixes cases in which theTransferClient
incorrectly retried requests (:pr:`522`) - Use the "reason phrase" as a failover for stringified API errors with no body (:pr:`524`)
- Enhance documentation for all of the parameters on methods of
GroupsClient
- Fix the pagination behavior for
TransferClient
ontask_skipped_errors
andtask_successful_transfers
, and apply the same fix to the endpoint manager variants of these methods. Prior to the fix, paginated calls would return a single page of results and then stop (:pr:`520`)
- The
typing_extensions
requirement in package metadata now sets a lower bound of4.0
, to force upgrades of installations to get a new enough version (:pr:`518`)
- Support pagination on
SearchClient.post_search
(:pr:`507`) - Add support for scroll queries to
SearchClient
.SearchClient.scroll
andSearchClient.paginated.scroll
are now available as methods, and a new helper class,SearchScrollQuery
, can be used to easily construct scrolling queries. (:pr:`507`) - Add methods to
SearchClient
for managing index roles.create_role
,delete_role
, andget_role_list
(:pr:`507`) - Add
mapped_collection
andfilter
query arguments toGCSClient.get_collection_list
(:pr:`510`) - Add role methods to
GCSClient
(:pr:`513`)GCSClient.get_role_list
lists endpoint or collection rolesGCSClient.create_role
creates a roleGCSClient.get_role
gets a single roleGCSClient.delete_role
deletes a role
- The response from
AuthClient.get_identities
now supports iteration, returning results from the"identities"
array (:pr:`514`)
- Packaging bugfix.
globus-sdk
is now built with pypa'sbuild
tool, to resolve issues with wheel builds.
- Add
update_group
method toGroupsClient
(:pr:`506`) - The
TransferData
andDeleteData
helper objects now accept the following parameters:notify_on_succeeded
,notify_on_failed
, andnotify_on_inactive
. All three are boolean parameters with a default ofTrue
. (:pr:`502`) - Add
Paginator.wrap
as a method for getting a paginated methods. This interface is more verbose than the existingpaginated
methods, but correctly preserves type annotations. It is therefore preferable for users who are usingmypy
to do type checking. (:pr:`494`)
Paginator
objects are now generics over a type var for their page type. The page type is bounded byGlobusHTTPResponse
, and most type-checker behaviors will remain unchanged (:pr:`495`)
- Several minor bugs have been found and fixed (:pr:`504`)
- Exceptions raised in the SDK always use
raise ... from
syntax where appropriate. This corrects exception chaining in the local endpoint and several response objects. - The encoding of files opened by the SDK is now always
UTF-8
TransferData
will now reject unsupportedsync_level
values with aValueError
on initialization, rather than erroring at submission time. Thesync_level
has also had its type annotation fixed to allow forint
values.- Several instances of undocumented parameters have been discovered, and these are now rectified.
- Exceptions raised in the SDK always use
- Document
globus_sdk.config.get_service_url
andglobus_sdk.config.get_webapp_url
(:pr:`496`)- Internally, these are updated to be able to default to the
GLOBUS_SDK_ENVIRONMENT
setting, so specifying an environment is no longer required
- Internally, these are updated to be able to default to the
- Update to avoid deprecation warnings on python 3.10 (:pr:`499`)
- Add
iter_items
as a method onTransferData
andDeleteData
(:pr:`488`) - Add the
resource_server
property to client classes and objects. For example,TransferClient.resource_server
andGroupsClient().resource_server
are now usable to get the resource server string for the relevant services.resource_server
is documented as part ofglobus_sdk.BaseClient
and may beNone
. (:pr:`489`) - The implementation of several properties of
GlobusHTTPResponse
has changed (:pr:`497`)- Responses have a new property,
headers
, a case-insensitive dict of headers from the response - Responses now implement
http_status
andcontent_type
as properties without setters
- Responses have a new property,
- ClientCredentialsAuthorizer now accepts
Union[str, Iterable[str]]
as the type for scopes (:pr:`498`)
- Fix type annotations on client methods with paginated variants (:pr:`491`)
- Add
filter
as a supported parameter toTransferClient.task_list
(:pr:`484`) - The
filter
parameter toTransferClient.task_list
andTransferClient.operation_ls
can now be passed as aDict[str, str | List[str]]
. Documentation on theTransferClient
explains how this will be formatted, and is linked from the param docs forfilter
on each method (:pr:`484`)
- Adjust package metadata for
cryptography
dependency, specifyingcryptography>=3.3.1
and no upper bound. This is meant to help mitigate issues in which an oldercryptography
version is installed gets used in spite of it being incompatible withpyjwt[crypto]>=2.0
(:pr:`486`)
- Fix several internal decorators which were destroying type information about decorated functions. Type signatures of many methods are therefore corrected (:pr:`485`)
- Produce more debug logging when SDK logs are enabled (:pr:`480`)
- Update the minimum dependency versions to lower bounds which are verified to work with the testsuite (:pr:`482`)
ScopeBuilder
objects now define the type of__getattr__
formypy
to know that dynamic attributes are strings (:pr:`472`)
- Fix malformed PEP508
python_version
bound in dev dependencies (:pr:`474`)
- Fix remaining
type: ignore
usages in globus-sdk (:pr:`473`)
- Remove support for
bytes
values for fields consuming UUIDs (:pr:`471`)
- Add
filter_is_error
parameter to advanced task list (:pr:`467`) - Add a
LocalGlobusConnectPersonal.get_owner_info()
for looking up local user information from gridmap (:pr:`466`) - Add support for GCS collection create and update. This includes new data
helpers,
MappedCollectionDcoument
andGuestCollectionDocument
(:pr:`468`) - Add support for specifying
config_dir
toLocalGlobusConnectPersonal
(:pr:`470`)
- Remove
BaseClient.qjoin_path
(:pr:`452`)
- Add a new
GCSClient
class for interacting with GCS Manager APIs (:pr:`447`) GCSClient
supportsget_collection
anddelete_collection
.get_collection
uses a newUnpackingGCSResponse
response type (:pr:`451`, :pr:`464`)- Add
delete_destination_extra
param toTransferData
(:pr:`456`) TransferClient.endpoint_manager_task_list
now takes filters as named keyword arguments, not only inquery_params
(:pr:`460`)
- Rename
GCSScopeBuilder
toGCSCollectionScopeBuilder
and addGCSEndpointScopeBuilder
. TheGCSClient
includes helpers for instantiating these scope builders (:pr:`448`) - The
additional_params
parameter toAuthClient.oauth2_get_authorize_url
has been renamed toquery_params
for consistency with other methods (:pr:`453`) - Enforce keyword-only arguments for most SDK-provided APIs (:pr:`453`)
- All type annotations for
Sequence
which could be relaxed toIterable
have been updated (:pr:`465`)
- Minor fix to wheel builds: do not declare wheels as universal (:pr:`444`)
- Fix annotations for
server_id
onTransferClient
methods (:pr:`455`) - Fix
visibility
typo inGroupsClient
(:pr:`463`)
- Ensure all
TransferClient
method parameters are documented (:pr:`449`, :pr:`454`, :pr:`457`, :pr:`458`, :pr:`459`, :pr:`461`, :pr:`462`)
- Flesh out the
GroupsClient
and add helpers for interacting with the Globus Groups service, including enumerated constants, payload builders, and a high-level client for doing non-batch operations called theGroupsManager
(:pr:`435`, :pr:`443`) - globus-sdk now provides much more complete type annotations coverage,
allowing type checkers like
mypy
to catch a much wider range of usage errors (:pr:`442`)
- Add scope constants and scope construction helpers. See new documentation on :ref:`scopes and ScopeBuilders <scopes>` for details (:pr:`437`, :pr:`440`)
- API Errors now have an attached
info
object with parsed error data where applicable. See the :ref:`ErrorInfo documentation <error_info>` for details (:pr:`441`)
- Improve the rendering of API exceptions in stack traces to include the method, URI, and authorization scheme (if recognized) (:pr:`439`)
- Payload helper objects (
TransferData
,DeleteData
, andSearchQuery
) now inherit from a custom object, notdict
, but they are still dict-like in behavior (:pr:`438`)
- Add support for
TransferClient.get_shared_endpoint_list
(:pr:`434`)
- Passthrough parameters to SDK methods for query params and body params are no
longer accepted as extra keyword arguments. Instead, they must be passed
explicitly in a
query_params
,body_params
, oradditional_fields
dictionary, depending on the context (:pr:`433`) - The interface for retry parameters has been simplified.
RetryPolicy
objects have been merged into the transport object, and retry parameters likemax_retries
may now be supplied directly astransport_params
(:pr:`430`)
- Add
BaseClient
to the top-level exports ofglobus_sdk
, so it can now be accessed under the nameglobus_sdk.BaseClient
- Fix several paginators which were broken in
3.0.0a3
(:pr:`431`)
- Autodocumentation of paginated methods (:pr:`432`)
- Pagination has changed significantly. (:pr:`418`)
- Methods which support pagination like
TransferClient.endpoint_search
no longer return an iterablePaginatedResource
type. Instead, these client methods returnGlobusHTTPResponse
objects with a single page of results. - Paginated variants of these methods are available by renaming a call from
client.<method>
toclient.paginated.<method>
. So, for example, aTransferClient
now supportsclient.paginated.endpoint_search()
. The arguments to this function are the same as the original method. client.paginated.<method>
calls returnPaginator
objects, which support two types of iteration: bypages()
and byitems()
. To replicate the same behavior as SDK v1.x and v2.xPaginatedResource
types, useitems()
, as inclient.paginated.endpoint_search("query").items()
- Methods which support pagination like
- A new subpackage is available for public use,
globus_sdk.tokenstorage
(:pr:`405`) - Add client for Globus Groups API,
globus_sdk.GroupsClient
. Includes a dedicated error class,globus_sdk.GroupsAPIError
- Refactor response classes (:pr:`425`)
- Remove
allowed_authorizer_types
restriction fromBaseClient
(:pr:`407`) - Remove
auth_client=...
parameter toOAuthTokenResponse.decode_id_token
(:pr:`400`)
globus-sdk
now provides PEP561 typing data (:pr:`420`)OAuthTokenResponse.decode_id_token
can now be provided a JWK and openid configuration as parameters.AuthClient
implements methods for fetching these data, so that they can be fetched and stored outside of this call. There is no automatic caching of these data. (:pr:`403`)
- The interface for
GlobusAuthorizer
now definesget_authorization_header
instead ofset_authorization_header
, and additional keyword arguments are not allowed (:pr:`422`) - New Transport layer handles HTTP details, variable payload encodings, and automatic request retries (:pr:`417`)
- Instead of
json_body=...
andtext_body=...
, usedata=...
combined withencoding="json"
,encoding="form"
, orencoding="text"
to format payload data.encoding="json"
is the default whendata
is a dict. - By default, requests are retried automatically on potentially transient
error codes (e.g.
http_status=500
) and network errors with exponential backoff globus_sdk.BaseClient
and its subclasses defineretry_policy
andtransport_class
class attributes which can be used to customize the retry behavior used- The JWT dependency has been updated to
pyjwt>=2,<3
(:pr:`416`) - The config files in
~/.globus.cfg
and/etc/globus.cfg
are no longer used. Configuration can now be done via environment variables (:pr:`409`) BaseClient.app_name
is a property with a custom setter, replacingset_app_name
(:pr:`415`)
- Update documentation site style and layout (:pr:`423`)
Note
globus-sdk version 2.0.0 was yanked due to a release issue. Version 2.0.1 is the first 2.x version.
- Add support for task skipped errors via
TransferClient.task_skipped_errors
andTransferClient.endpoint_manager_task_skipped_errors
(:pr:`393`)
- Add support for pyinstaller installation of globus-sdk (:pr:`387`)
- Fix
GlobusHTTPResponse
to handle responses with noContent-Type
header (:pr:`375`)
- Add
globus_sdk.IdentityMap
, a mapping-like object for Auth ID lookups (:pr:`367`) - Add
external_checksum
andchecksum_algorithm
toTransferData.add_item()
named arguments (:pr:`365`)
- Don't append trailing slashes when no path is given to a low-level client method like
get()
(:pr:`364`)
- Add a property to paginated results which shows if more results are available (:pr:`346`)
- Fix
RefreshTokenAuthorizer
to handle a newrefresh_token
being sent back by Auth (:pr:`359`) - Fix typo in endpoint_search log message (:pr:`355`)
- Fix Globus Web App activation links in docs (:pr:`356`)
- Update docs to state that Globus SDK uses semver (:pr:`357`)
- Allow arbitrary keyword args to
TransferData.add_item()
andDeleteData.add_item()
, which passthrough to the item bodies (:pr:`339`)
- Replace egg distribution format with wheels (:pr:`314`)
- Internal maintenance
- Officially add support for python 3.7 (:pr:`300`)
- RenewingAuthorizer and its subclasses now expose the check_expiration_time method (:pr:`309`)
- Allow parameters to be passed to customize the request body of ConfidentialAppAuthClient.oauth2_get_dependent_tokens (:pr:`308`)
- Add the patch() method to BaseClient and its subclasses, sending an HTTP PATCH request (:pr:`302`)
- Use sha256 hashes of tokens (instead of last 5 chars) in debug logging (:pr:`305`)
- Make pickling SDK objects safer (but still not officially supported!) (:pr:`284`)
- Malformed SDK usage may now raise GlobusSDKUsageError instead of ValueError. GlobusSDKUsageError inherits from ValueError (:pr:`281`)
- Correct handling of environment="production" as an argument to client construction (:pr:`307`)
- Add support for retrieving a local Globus Connect Personal endpoint's UUID (:pr:`276`)
- Fix bug in search client parameter handling (:pr:`274`)
- Support connection timeouts. Default timeout of 60 seconds (:pr:`264`)
- Send
Content-Type: application/json
on requests with JSON request bodies (:pr:`266`)
- Access token response data by way of scope name (:pr:`261`)
- Add (beta) SearchClient class (:pr:`259`)
- Make
cryptography
a strict requirement, globus-sdk[jwt] is no longer necessary (:pr:`257`, :pr:`260`) - Simplify OAuthTokenResponse.decode_id_token to not require the client as an argument (:pr:`255`)
- Improve error message when installation onto python2.6 is attempted (:pr:`245`)
- Raise errors on client instantiation when
GLOBUS_SDK_ENVIRONMENT
appears to be invalid, supportGLOBUS_SDK_ENVIRONMENT=preview
(:pr:`247`)
- Allow client classes to accept
base_url
as an argument to_init__()
(:pr:`241`)
- Fix packaging to not include testsuite (:pr:`232`)
- Use PyJWT instead of python-jose for JWT support (:pr:`227`)
- Add Transfer symlink support (:pr:`218`)
- Doc Updates & Minor Improvements
- Use correct paging style when making
endpoint_manager_task_list
calls (:pr:`210`)
- Add python 3.6 to supported platforms (:pr:`180`)
- Add endpoint_manager methods to TransferClient (:pr:`191`, :pr:`199`, :pr:`200`, :pr:`201`, :pr:`203`)
- Support iterable requested_scopes everywhere (:pr:`185`)
- Change "identities_set" to "identity_set" for token introspection (:pr:`163`)
- Update dev status classifier to 5, prod (:pr:`178`)
- Numerous improvements to testsuite
- Adds
AuthAPIError
with more flexible error payload handling (:pr:`175`)
- Add
AuthClient.validate_token
(:pr:`172`)
- Bugfix for
on_refresh
users ofRefreshTokenAuthorizer
andClientCredentialsAuthorizer
(:pr:`173`)
- Remove deprecated
oauth2_start_flow_*
methods (:pr:`170`)
- Add the
ClientCredentialsAuthorizer
(:pr:`164`) - Add
jwt
extra install target.pip install "globus_sdk[jwt]"
installspython-jose
(:pr:`169`)
- Remove all properties of
OAuthTokenResponse
other thanby_resource_server
(:pr:`162`)
- Make
OAuthTokenResponse.decode_id_token()
respectssl_verify=no
configuration (:pr:`161`)
- Add
deadline
support toTransferData
andDeleteData
(:pr:`159`)
- Opt out of the Globus Auth behavior where a
GET
of an identity username will provision that identity (:pr:`145`) - Wrap some
requests
network-related errors in custom exceptions (:pr:`155`)
- Fixup OAuth2 PKCE to be spec-compliant (:pr:`154`)
- Add support for the
prefill_named_grant
option to the Native App authorization flow (:pr:`143`)