2. Managing S3 Users via REST API

This section describes how to manage users via the REST API in a service provider scenario. New customers will sign up for the service during purchase in your online store and you will need to create users for them in the S3 cluster.

2.1. Creating S3 Users

You can create a user with the ostor-users service and parameter emailAddress specifying the user email address:

# s3_curl PUT "http://s3.example.com/?ostor-users&emailAddress=client@example.com"
{
    "UserEmail": "client@example.com",
    "UserId": "ca55631f9f3d59dc",
    "AWSAccessKeys": [
        {
            "AWSAccessKeyId": "ca55631f9f3d59dcDF4M",
            "AWSSecretAccessKey": "QCbj17BzeepyvUAdJeFNFYW9fCzbq0uFal6e5pGm"
        }
    ]
}

2.2. Listing S3 Users

You can list information about all users with the ostor-users service. Additional rows may list S3 access key pairs associated with the user. For example:

# s3_curl GET "http://s3.example.com/?ostor-users"
[
    {
        "UserEmail": "user@example.com",
        "UserId": "a14040e0b2ef8b28",
        "State": "enabled",
        "OwnerId": "0000000000000000"
    },
    {
        "UserEmail": "client@example.com",
        "UserId": "ca55631f9f3d59dc",
        "State": "enabled",
        "OwnerId": "0000000000000000"
    }
]

2.3. Querying S3 Users

You can display information and status of a user with the ostor-users service and parameter emailAddress specifying the user email address:

# s3_curl GET "http://s3.example.com/?ostor-users&emailAddress=client@example.com"
{
    "UserEmail": "client@example.com",
    "UserId": "ca55631f9f3d59dc",
    "State": "enabled",
    "OwnerId": "0000000000000000",
    "Flags": [

    ],
    "AWSAccessKeys": [
        {
            "AWSAccessKeyId": "ca55631f9f3d59dcDF4M",
            "AWSSecretAccessKey": "QCbj17BzeepyvUAdJeFNFYW9fCzbq0uFal6e5pGm"
        },
        {
            "AWSAccessKeyId": "ca55631f9f3d59dcZMDX",
            "AWSSecretAccessKey": "ffWvnOcNiH0jkQod4huv51BMYBuSWs4zRLFVwd4d"
        }
    ]
}

2.4. Disabling S3 Users

You can disable a user with the ostor-users service and parameter emailAddress specifying the user email address:

# s3_curl POST "http://s3.example.com/?ostor-users&emailAddress=client@example.com&disable"

2.5. Enabling S3 Users

You can enable a previously disabled user with the ostor-users service and parameter emailAddress specifying the user email address:

# s3_curl POST "http://s3.example.com/?ostor-users&emailAddress=client@example.com&enable"

2.6. Deleting S3 Users

You can delete existing users with the ostor-users service and parameter emailAddress specifying the user email address:

# s3_curl DELETE "http://s3.example.com/?ostor-users&emailAddress=client@example.com"

Users who own buckets cannot be removed until their buckets are deleted. You can get a list of user’s buckets by means of S3AccessKeyId and S3SecretAccessKey from user account:

# export s3_key="b81d6c5f895a8c86DYL6"
# export s3_secret="FwWe34pjLPhtGsqHxNwvnE6ECea6TfyH3pyfFZ3G"
# s3_curl GET http://s3.example.com/
<?xml version="1.0" encoding="UTF-8"?>
<ListAllMyBucketsResult xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
  <Owner>
    <ID>b81d6c5f895a8c86</ID>
    <DisplayName>client</DisplayName>
  </Owner>
  <Buckets>
    <Bucket>
      <Name>data</Name>
      <CreationDate>2017-01-31T16:18:57.000Z</CreationDate>
    </Bucket>
  </Buckets>
</ListAllMyBucketsResult>

You can delete the buckets by their names:

# s3_curl DELETE "http://s3.example.com/data"

2.7. Generating S3 Access Keys

You can generate a new or additional access key pair with the ostor-users service and the following parameters: emailAddress specifying the user email address, genKey:

# s3_curl POST "http://s3.example.com/?ostor-users&emailAddress=client@example.com&genKey"
{
    "UserEmail": "client@example.com",
    "UserId": "ca55631f9f3d59dc",
    "AWSAccessKeys": [
        {
            "AWSAccessKeyId": "ca55631f9f3d59dcZMDX",
            "AWSSecretAccessKey": "ffWvnOcNiH0jkQod4huv51BMYBuSWs4zRLFVwd4d"
        }
    ]
}

2.8. Revoking S3 Access Keys

You can revoke the specified access key pair of the specified user with the ostor-users service and the following parameters: emailAddress specifying the user email address, revokeKey specifying the access key in the key pair:

# s3_curl POST "http://s3.example.com/?ostor-users&emailAddress=client@example.com&revokeKey=ca55631f9f3d59dcZMDX"