Add other backends (HTTP/WebDAV, Globus, S3/blob) to internal Pelican

docs/parameters.yaml

@@ -1651,6 +1651,24 @@ type: string
 default: path
 components: ["origin"]
 ---
+name: Origin.ObjectProviderURL
+description: |+
+  A gocloud.dev/blob-compatible URL that specifies the object store provider and bucket/container to use for the s3v2 storage type.
+  When set, this takes precedence over Origin.S3ServiceUrl, Origin.S3Region, and Origin.S3UrlStyle, allowing a single parameter to
+  configure S3, GCS, or Azure Object Storage.
+
+  Examples:
+    - S3: "s3://my-bucket?region=us-east-1&endpoint=https://s3.us-east-1.amazonaws.com"
+    - GCS: "gs://my-bucket"
+    - Azure: "azblob://my-container"
+
+  The Origin.StoragePrefix is still applied on top of this URL.
+  S3 credentials are still read from Origin.S3AccessKeyfile/S3SecretKeyfile when using s3:// URLs.
+  GCS and Azure use application default credentials from the environment.
+type: string
+default: none
+components: ["origin"]
+---
 name: Origin.HttpServiceUrl
 description: |+
   If Origin.StorageType is set to `https`, the service URL is used as the base for requests to the backend.  To generate the
@@ -1672,6 +1690,40 @@ type: filename
 default: none
 components: ["origin"]
 ---
+name: Origin.HttpAuthTokenPassthrough
+description: |+
+  When set to true for httpsv2 backends, the client's bearer token is forwarded to the upstream HTTP server
+  instead of using a static token.
+  This is mutually exclusive with Origin.HttpAuthTokenFile.
+type: bool
+default: false
+components: ["origin"]
+---
+name: Origin.HttpAuthOAuth2ClientID
+description: |+
+  When set for httpsv2 backends, configures OAuth2 client credentials for automatic token management
+  to the upstream HTTP server.
+  Requires Origin.HttpAuthOAuth2ClientSecretFile and Origin.HttpAuthOAuth2Issuer to also be set.
+type: string
+default: none
+components: ["origin"]
+---
+name: Origin.HttpAuthOAuth2ClientSecretFile
+description: |+
+  Path to a file containing the OAuth2 client secret for automatic token management to the upstream HTTP server.
+  The file should contain the secret as plain text (leading/trailing whitespace is trimmed).
+type: filename
+default: none
+components: ["origin"]
+---
+name: Origin.HttpAuthOAuth2Issuer
+description: |+
+  The OAuth2/OIDC issuer URL for automatic token management to the upstream HTTP server.
+  The token endpoint is discovered automatically via the issuer's `/.well-known/openid-configuration` metadata.
+type: string
+default: none
+components: ["origin"]
+---
 name: Origin.XRootServiceUrl
 description: |+
   When the origin is configured to export another XRootD storage backend by setting `Origin.StorageType = xroot`, the `XRootServiceUrl`
@@ -1750,6 +1802,34 @@ type: filename
 default: none
 components: ["origin"]
 ---
+name: Origin.GlobusIssuerURL
+description: |+
+  The OIDC issuer URL for Globus authentication.
+  This is used for OIDC discovery and constructing OAuth2 endpoints.
+  Only override this for testing with a mock Globus server.
+type: url
+default: https://auth.globus.org/
+hidden: true
+components: ["origin"]
+---
+name: Origin.GlobusTransferAPIBaseUrl
+description: |+
+  The base URL for the Globus Transfer API, used to look up collection endpoint information.
+  Only override this for testing with a mock Globus server.
+type: url
+default: https://transfer.api.globusonline.org/v0.10/
+hidden: true
+components: ["origin"]
+---
+name: Origin.Globusv2TokenRefreshInterval
+description: |+
+  The interval between periodic token refreshes for native Globus v2 backends.
+  Only override this for testing.
+type: duration
+default: 5m
+hidden: true
+components: ["origin"]
+---
 name: Origin.FedTokenLocation
 description: |+
   A path to the file containing a token issued by the federation's issuer. This token may be consumed by other federation services