2. Managing S3 Users via REST API¶
This section describes how to manage users via the REST API in a service provider scenario. New customers will sign up for the service during purchase in your online store and you will need to create users for them in the S3 cluster.
2.1. Creating S3 Users¶
You can create a user with the ostor-users
service and parameter emailAddress
specifying the user email address:
# s3_curl PUT "http://s3.example.com/?ostor-users&emailAddress=client@example.com"
{
"UserEmail": "client@example.com",
"UserId": "ca55631f9f3d59dc",
"AWSAccessKeys": [
{
"AWSAccessKeyId": "ca55631f9f3d59dcDF4M",
"AWSSecretAccessKey": "QCbj17BzeepyvUAdJeFNFYW9fCzbq0uFal6e5pGm"
}
]
}
2.2. Listing S3 Users¶
You can list information about all users with the ostor-users
service. Additional rows may list S3 access key pairs associated with the user. For example:
# s3_curl GET "http://s3.example.com/?ostor-users"
[
{
"UserEmail": "user@example.com",
"UserId": "a14040e0b2ef8b28",
"State": "enabled",
"OwnerId": "0000000000000000"
},
{
"UserEmail": "client@example.com",
"UserId": "ca55631f9f3d59dc",
"State": "enabled",
"OwnerId": "0000000000000000"
}
]
2.3. Querying S3 Users¶
You can display information and status of a user with the ostor-users
service and parameter emailAddress
specifying the user email address:
# s3_curl GET "http://s3.example.com/?ostor-users&emailAddress=client@example.com"
{
"UserEmail": "client@example.com",
"UserId": "ca55631f9f3d59dc",
"State": "enabled",
"OwnerId": "0000000000000000",
"Flags": [
],
"AWSAccessKeys": [
{
"AWSAccessKeyId": "ca55631f9f3d59dcDF4M",
"AWSSecretAccessKey": "QCbj17BzeepyvUAdJeFNFYW9fCzbq0uFal6e5pGm"
},
{
"AWSAccessKeyId": "ca55631f9f3d59dcZMDX",
"AWSSecretAccessKey": "ffWvnOcNiH0jkQod4huv51BMYBuSWs4zRLFVwd4d"
}
]
}
2.4. Disabling S3 Users¶
You can disable a user with the ostor-users
service and parameter emailAddress
specifying the user email address:
# s3_curl POST "http://s3.example.com/?ostor-users&emailAddress=client@example.com&disable"
2.5. Enabling S3 Users¶
You can enable a previously disabled user with the ostor-users
service and parameter emailAddress
specifying the user email address:
# s3_curl POST "http://s3.example.com/?ostor-users&emailAddress=client@example.com&enable"
2.6. Deleting S3 Users¶
You can delete existing users with the ostor-users
service and parameter emailAddress
specifying the user email address:
# s3_curl DELETE "http://s3.example.com/?ostor-users&emailAddress=client@example.com"
Users who own buckets cannot be removed until their buckets are deleted. You can get a list of user’s buckets by means of S3AccessKeyId
and S3SecretAccessKey
from user account:
# export s3_key="b81d6c5f895a8c86DYL6"
# export s3_secret="FwWe34pjLPhtGsqHxNwvnE6ECea6TfyH3pyfFZ3G"
# s3_curl GET http://s3.example.com/
<?xml version="1.0" encoding="UTF-8"?>
<ListAllMyBucketsResult xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<Owner>
<ID>b81d6c5f895a8c86</ID>
<DisplayName>client</DisplayName>
</Owner>
<Buckets>
<Bucket>
<Name>data</Name>
<CreationDate>2017-01-31T16:18:57.000Z</CreationDate>
</Bucket>
</Buckets>
</ListAllMyBucketsResult>
You can delete the buckets by their names:
# s3_curl DELETE "http://s3.example.com/data"
2.7. Generating S3 Access Keys¶
You can generate a new or additional access key pair with the ostor-users
service and the following parameters: emailAddress
specifying the user email address, genKey
:
# s3_curl POST "http://s3.example.com/?ostor-users&emailAddress=client@example.com&genKey"
{
"UserEmail": "client@example.com",
"UserId": "ca55631f9f3d59dc",
"AWSAccessKeys": [
{
"AWSAccessKeyId": "ca55631f9f3d59dcZMDX",
"AWSSecretAccessKey": "ffWvnOcNiH0jkQod4huv51BMYBuSWs4zRLFVwd4d"
}
]
}
2.8. Revoking S3 Access Keys¶
You can revoke the specified access key pair of the specified user with the ostor-users
service and the following parameters: emailAddress
specifying the user email address, revokeKey
specifying the access key in the key pair:
# s3_curl POST "http://s3.example.com/?ostor-users&emailAddress=client@example.com&revokeKey=ca55631f9f3d59dcZMDX"