Local Testing

This document describes how to set up a testing environment where Transfer and GCS are not needed. The GridFTP server is run without TLS on the control channel and thus simple telnet based clients can connect to it and issue commands.

Manager Login

In a production deployment, when Transfer logs into GridFTP, GridFTP connects to Manager and passes in the login information. Manager replies with a JSON document with the results of the authentication. The --test-config-file option can be used to bypass this. It is given a path to a JSON document that will be used for the login process. In this way we can mock out the login process for testing.

Example Login Document

The following is an example login document that is returned from Manger to GridFTP when a user is logging into a Tunnel connector. This document can be used as the value passed to --test-config-file.

{
  "DATA_TYPE": "result#1.1.0",
  "code": "success",
  "data": [
    {
      "DATA_TYPE": "user_credential#1.0.0",
      "connector_id": "e40d2c2c-728d-4b99-ab21-5216f56071b7",
      "display_name": "ubuntu",
      "home_directory": "/",
      "id": "ada6597b-01f5-5193-a6f7-9041ecca1606",
      "identity_id": "5897a9be-0101-4105-8b71-3f93d56b11a9",
      "invalid": false,
      "policies": {
        "DATA_TYPE": "tunnel_user_credential_policies#1.0.0"
      },
      "provisioned": true,
      "storage_gateway_id": "95da3565-bbd9-48fd-8f33-f30f80556f13",
      "username": "ubuntu"
    },
    {
      "DATA_TYPE": "collection#1.15.0",
      "allow_guest_collections": false,
      "authentication_timeout_mins": 15840,
      "collection_base_path": "/",
      "collection_type": "mapped",
      "connector_id": "e40d2c2c-728d-4b99-ab21-5216f56071b7",
      "contact_email": "john@globus.org",
      "created_at": "2025-04-16",
      "delete_protected": true,
      "deleted": false,
      "disable_anonymous_writes": false,
      "disable_verify": false,
      "display_name": "GW Tunnel Connector",
      "domain_name": "m-dc989d.af969.03c0.sandbox2.zones.dnsteam.globuscs.info",
      "enable_https": true,
      "force_encryption": false,
      "force_verify": false,
      "high_assurance": false,
      "https_url": null,
      "id": "de3b5fef-7ae5-4faa-ba42-e1d0ab737826",
      "identity_id": "5897a9be-0101-4105-8b71-3f93d56b11a9",
      "last_access": "2025-05-22",
      "manager_url": "https://af969.03c0.sandbox2.zones.dnsteam.globuscs.info",
      "policies": {
        "DATA_TYPE": "tunnel_collection_policies#1.0.0"
      },
      "public": true,
      "require_mfa": false,
      "restrict_transfers_to_high_assurance": null,
      "root_path": "/",
      "sharing_restrict_paths": {
        "DATA_TYPE": "path_restrictions#1.0.0",
        "none": [],
        "read": [],
        "read_write": [
          "/"
        ]
      },
      "storage_gateway_id": "95da3565-bbd9-48fd-8f33-f30f80556f13",
      "subscription_admin_verified": false,
      "tlsftp_url": "tlsftp://m-dc989d.af969.03c0.sandbox2.zones.dnsteam.globuscs.info:443"
    },
    {
      "DATA_TYPE": "storage_gateway#1.3.0",
      "admin_managed_credentials": false,
      "allowed_domains": [
        "globus.org",
        "clients.auth.globus.org"
      ],
      "authentication_timeout_mins": 15840,
      "connector_id": "e40d2c2c-728d-4b99-ab21-5216f56071b7",
      "deleted": false,
      "display_name": "Buzz Tunnel Destination 2",
      "high_assurance": false,
      "id": "95da3565-bbd9-48fd-8f33-f30f80556f13",
      "identity_mappings": [
        {
          "DATA_TYPE": "expression_identity_mapping#1.0.0",
          "mappings": [
            {
              "match": "(.*)@globus\\.org",
              "output": "ubuntu",
              "source": "{username}"
            },
            {
              "match": "(.*)@clients\\.auth\\.globus\\.org",
              "output": "ubuntu",
              "source": "{username}"
            }
          ]
        }
      ],
      "load_dsi_module": "awai",
      "network_use": null,
      "policies": {
        "DATA_TYPE": "tunnel_storage_policies#1.0.0"
      },
      "require_high_assurance": false,
      "require_mfa": false
    }
  ],
  "detail": "success",
  "has_next_page": false,
  "http_response_code": 200,
  "message": "Login ok"
}

Compile

In order to enable this testing feature, the option --enable-localdev must be passed into the configure command. An example is below:

./configure --prefix=/usr --libdir=/usr/lib/aarch64-linux-gnu --sbindir=/usr/sbin --includedir=/usr/include/globus CFLAGS=-g --enable-localdev

Start GridFTP

The GridFTP server needs to be run with a few specific options that are shown below:

globus-gridftp-server -p 50000 -debug -auth-level 5 -aa -sharing-dn on -threads 1 --test-config-file /workspace/login.json  --config-uri DUMMY -allow-root

A dummy value to --config-uri is required. It can be anything. The value of the port can also be anything. The remaining arguments should be used as shown.

Login Protocol

Once the server is running a connection to it can be formed with the telnet program, or anything else that will fom a TCP connection and send \r\n after every command. The login sequence requires a USER command with a specific value followed by a PASS command that can have any value. And example follows:

USER :globus-mapped-collection:endpoint_id=de3b5fef-7ae5-4faa-ba42-e1d0ab737826;identity_ids=5897a9be-0101-4105-8b71-3f93d56b11a9;identity_names=john%40globus.org;high_assurance=0;
PASS DUMMY

The user command tells GridFTP about the user logging in, but also about the collection that they are logging into. The endpoint_id value should match the "id" value in the login document, and the identity_ids should match the identity_id in the login document.