Managing S3 Users and Listing Buckets via REST API -------------------------------------------------- This section describes how to manage users via the REST API in a service provider scenario. New customers will sign up for the service during purchase in your online store and you will need to create users for them in the S3 cluster. Creating S3 Users ~~~~~~~~~~~~~~~~~ You can create an S3 user by sending a PUT request to the ``ostor-users`` service along with an email address: :: # s3_curl PUT "http://s3.example.com/?ostor-users&emailAddress=user@example.com" { "UserEmail": "user@example.com", "UserId": "ca55631f9f3d59dc", "AWSAccessKeys": [ { "AWSAccessKeyId": "ca55631f9f3d59dcDF4M", "AWSSecretAccessKey": "QCbj17BzeepyvUAdJeFNFYW9fCzbq0uFal6e5pGm" } ] } Listing S3 Users ~~~~~~~~~~~~~~~~ You can list information about all users by sending a GET request to the ``ostor-users`` service. Additional rows may list S3 access key pairs associated with each user. For example: :: # s3_curl GET "http://s3.example.com/?ostor-users" [ { "UserEmail": "user@example.com", "UserId": "a14040e0b2ef8b28", "State": "enabled", "OwnerId": "0000000000000000" }, { "UserEmail": "user@example.com", "UserId": "ca55631f9f3d59dc", "State": "enabled", "OwnerId": "0000000000000000" } ] Querying S3 Users ~~~~~~~~~~~~~~~~~ You can display information and status of a user by sending a GET request to the ``ostor-users`` service along with a user's email address: :: # s3_curl GET "http://s3.example.com/?ostor-users&emailAddress=user@example.com" { "UserEmail": "user@example.com", "UserId": "ca55631f9f3d59dc", "State": "enabled", "OwnerId": "0000000000000000", "Flags": [ ], "AWSAccessKeys": [ { "AWSAccessKeyId": "ca55631f9f3d59dcDF4M", "AWSSecretAccessKey": "QCbj17BzeepyvUAdJeFNFYW9fCzbq0uFal6e5pGm" }, { "AWSAccessKeyId": "ca55631f9f3d59dcZMDX", "AWSSecretAccessKey": "ffWvnOcNiH0jkQod4huv51BMYBuSWs4zRLFVwd4d" } ] } Disabling and Enabling S3 Users ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ You can disable a user (users are enabled by default) by sending a POST request to the ``ostor-users`` service along with a user's email address and the ``disable`` parameter: :: # s3_curl POST "http://s3.example.com/?ostor-users&emailAddress=user@example.com&disable" You can enable a previously disabled user by sending a POST request to the ``ostor-users`` service along with a user's email address and the ``enable`` parameter: :: # s3_curl POST "http://s3.example.com/?ostor-users&emailAddress=user@example.com&enable" Deleting S3 Users ~~~~~~~~~~~~~~~~~ You can delete an existing user by sending a DELETE request to the ``ostor-users`` service along with a user's email address: :: # s3_curl DELETE "http://s3.example.com/?ostor-users&emailAddress=user@example.com" Users who own buckets cannot be removed until their buckets are deleted. To get a list of user's buckets, send a GET request to the ``ostor-buckets`` service along with a user's email address: :: # s3_curl GET "http://s3.example.com/?ostor-buckets&emailAddress=user@example.com" { "Buckets": [ { "size": { "current": 12288, "h_integral": 7360512, "hmax": 12288, "last_ts": 424241 }, "epoch": 0, "owner_id": "ba7eba06129464c5", "name": "bucketname", "creation_date": "2018-05-25T17:12:00.000Z" }] { .. By ``S3AccessKeyId`` and ``S3SecretAccessKey`` from user account: :: # export s3_key="b81d6c5f895a8c86DYL6" # export s3_secret="FwWe34pjLPhtGsqHxNwvnE6ECea6TfyH3pyfFZ3G" # s3_curl GET http://s3.example.com/ b81d6c5f895a8c86 client data 2017-01-31T16:18:57.000Z You can then delete buckets by name: :: # s3_curl DELETE "http://s3.example.com/bucketname" Generating S3 Access Keys ~~~~~~~~~~~~~~~~~~~~~~~~~ You can generate a new or additional access key pair with the ``ostor-users`` service and the following parameters: ``emailAddress`` specifying the user email address, ``genKey``: :: # s3_curl POST "http://s3.example.com/?ostor-users&emailAddress=user@example.com&genKey" { "UserEmail": "user@example.com", "UserId": "ca55631f9f3d59dc", "AWSAccessKeys": [ { "AWSAccessKeyId": "ca55631f9f3d59dcZMDX", "AWSSecretAccessKey": "ffWvnOcNiH0jkQod4huv51BMYBuSWs4zRLFVwd4d" } ] } Revoking S3 Access Keys ~~~~~~~~~~~~~~~~~~~~~~~ You can revoke the specified access key pair of the specified user with the ``ostor-users`` service and the following parameters: ``emailAddress`` specifying the user email address, ``revokeKey`` specifying the access key in the key pair: .. only:: html :: # s3_curl POST "http://s3.example.com/?ostor-users&emailAddress=user@example.com&revokeKey=ca55631f9f3d59dcZMDX" .. only:: latex :: # s3_curl POST "http://s3.example.com/?ostor-users&emailAddress=user@example.com\ &revokeKey=ca55631f9f3d59dcZMDX" Listing User Buckets ~~~~~~~~~~~~~~~~~~~~ You can list all buckets in S3 with the ``ostor-buckets`` service: :: # s3_curl GET "http://s3.example.com/?ostor-buckets" { "Buckets": [ { "size": { "current": 12288, "h_integral": 7360512, "hmax": 12288, "last_ts": 424241 }, "epoch": 0, "owner_id": "ba7eba06129464c5", "name": "bucket1", "creation_date": "2018-05-25T17:12:00.000Z" }, { "size": { "current": 46700160, "h_integral": 28160196480, "hmax": 46700160, "last_ts": 424237 }, "epoch": 0, "owner_id": "ccbec013d9fd3918", "name": "bucket2", "creation_date": "2018-05-25T13:51:55.000Z" }, { "size": { "current": 12288, "h_integral": 8036352, "hmax": 12288, "last_ts": 424186 }, "epoch": 0, "owner_id": "9d80d59edbe2862a", "name": "bucket3", "creation_date": "2018-05-23T10:30:49.000Z" } ]}