Google Cloud Storage

The Google Cloud Storage key-value store is a root key-value store for accessing Google Cloud Storage buckets.

URL syntax

  • gs://bucket/path

  • gs+ngauth+http://nguath-host/bucket/path

  • gs+ngauth+https://nguath-host/bucket/path

Capabilities

Supported capabilities

Byte range reads

Supported

Key listing

Supported with storage.objects.list permission.

Authentication

When not using the Python API:

  • The gs://bucket/path syntax implies anonymous access, meaning the bucket must allow public read access without requester pays. Refer to the GCS documentation for details on making buckets publicly accessible.

  • To access private buckets, the gs+ngauth+http://nguath-host/bucket/path syntax may be used to authenticate using credentials obtained from an ngauth server.

When using the Python API with credentials enabled:

  • The gs://bucket/path syntax uses the Google Application Default Credentials, if available.

  • The gs+ngauth+http://nguath-host/bucket/path behaves the same as gs://bucket/path and also uses the Google Application Default Credentials. The specified ngauth-server is not used.

Another method for keeping data private while still allowing Neuroglancer to access it without the need for an ngauth server is to include a long, random string as a suffix of the bucket name, such that the bucket name itself serves as a capability URL.

Required permissions

  • The storage.objects.get permission is required for reading.

  • Additionally, the storage.objects.list permission is required for listing directories.

CORS

Neuroglancer uses the Google Cloud Storage JSON API, which does not require any CORS configuration on the bucket.