5 An admin API request will be done on a URI that starts with the configurable 'admin'
6 resource entry point. Authorization for the admin API duplicates the S3 authorization
7 mechanism. Some operations require that the user holds special administrative capabilities.
8 The response entity type (XML or JSON) may be specified as the 'format' option in the
9 request and defaults to JSON if not specified.
14 Request bandwidth usage information.
16 Note: this feature is disabled by default, can be enabled by setting ``rgw
17 enable usage log = true`` in the appropriate section of ceph.conf. For changes
18 in ceph.conf to take effect, radosgw process restart is needed.
27 GET /{admin}/usage?format=json HTTP/1.1
37 :Description: The user for which the information is requested. If not specified will apply to all users.
39 :Example: ``foo_user``
44 :Description: Date and (optional) time that specifies the start time of the requested data.
46 :Example: ``2012-09-25 16:00:00``
51 :Description: Date and (optional) time that specifies the end time of the requested data (non-inclusive).
53 :Example: ``2012-09-25 16:00:00``
59 :Description: Specifies whether data entries should be returned.
67 :Description: Specifies whether data summary should be returned.
77 If successful, the response contains the requested information.
81 :Description: A container for the usage information.
86 :Description: A container for the usage entries information.
91 :Description: A container for the user data information.
96 :Description: The name of the user that owns the buckets.
101 :Description: The bucket name.
106 :Description: Time lower bound for which data is being specified (rounded to the beginning of the first relevant hour).
111 :Description: The time specified in seconds since 1/1/1970.
116 :Description: A container for stats categories.
121 :Description: A container for stats entry.
126 :Description: Name of request category for which the stats are provided.
131 :Description: Number of bytes sent by the RADOS Gateway.
136 :Description: Number of bytes received by the RADOS Gateway.
141 :Description: Number of operations.
146 :Description: Number of successful operations.
151 :Description: A container for stats summary.
156 :Description: A container for stats summary aggregated total.
159 Special Error Responses
160 ~~~~~~~~~~~~~~~~~~~~~~~
167 Remove usage information. With no dates specified, removes all usage
170 Note: this feature is disabled by default, can be enabled by setting ``rgw
171 enable usage log = true`` in the appropriate section of ceph.conf. For changes
172 in ceph.conf to take effect, radosgw process restart is needed.
181 DELETE /{admin}/usage?format=json HTTP/1.1
191 :Description: The user for which the information is requested. If not specified will apply to all users.
193 :Example: ``foo_user``
198 :Description: Date and (optional) time that specifies the start time of the requested data.
200 :Example: ``2012-09-25 16:00:00``
205 :Description: Date and (optional) time that specifies the end time of the requested data (none inclusive).
207 :Example: ``2012-09-25 16:00:00``
213 :Description: Required when uid is not specified, in order to acknowledge multi user data removal.
215 :Example: True [False]
218 Special Error Responses
219 ~~~~~~~~~~~~~~~~~~~~~~~
226 Get user information.
236 GET /{admin}/user?format=json HTTP/1.1
245 :Description: The user for which the information is requested.
247 :Example: ``foo_user``
254 If successful, the response contains the user information.
258 :Description: A container for the user data information.
263 :Description: The user id.
269 :Description: Display name for the user.
275 :Description: True if the user is suspended.
281 :Description: The maximum number of buckets to be owned by the user.
287 :Description: Subusers associated with this user account.
293 :Description: S3 keys associated with this user account.
299 :Description: Swift keys associated with this user account.
305 :Description: User capabilities.
309 Special Error Responses
310 ~~~~~~~~~~~~~~~~~~~~~~~
317 Create a new user. By default, a S3 key pair will be created automatically
318 and returned in the response. If only one of ``access-key`` or ``secret-key``
319 is provided, the omitted key will be automatically generated. By default, a
320 generated key is added to the keyring without replacing an existing key pair.
321 If ``access-key`` is specified and refers to an existing key owned by the user
322 then it will be modified.
324 .. versionadded:: Luminous
326 A ``tenant`` may either be specified as a part of uid or as an additional
336 PUT /{admin}/user?format=json HTTP/1.1
346 :Description: The user ID to be created.
348 :Example: ``foo_user``
350 A tenant name may also specified as a part of ``uid``, by following the syntax ``tenant$user``, refer to `Multitenancy`_ for more details.
354 :Description: The display name of the user to be created.
356 :Example: ``foo user``
362 :Description: The email address associated with the user.
364 :Example: ``foo@bar.com``
369 :Description: Key type to be generated, options are: swift, s3 (default).
371 :Example: ``s3`` [``s3``]
376 :Description: Specify access key.
378 :Example: ``ABCD0EF12GHIJ2K34LMN``
384 :Description: Specify secret key.
386 :Example: ``0AbCDEFg1h2i34JklM5nop6QrSTUV+WxyzaBC7D8``
391 :Description: User capabilities.
393 :Example: ``usage=read, write; users=read``
398 :Description: Generate a new key pair and add to the existing keyring.
400 :Example: True [True]
405 :Description: Specify the maximum number of buckets the user can own.
412 :Description: Specify whether the user should be suspended.
414 :Example: False [False]
417 .. versionadded:: Jewel
420 :Description: the Tenant under which a user is a part of.
428 If successful, the response contains the user information.
432 :Description: A container for the user data information.
436 :Description: The tenant which user is a part of
442 :Description: The user id.
448 :Description: Display name for the user.
454 :Description: True if the user is suspended.
460 :Description: The maximum number of buckets to be owned by the user.
466 :Description: Subusers associated with this user account.
472 :Description: S3 keys associated with this user account.
478 :Description: Swift keys associated with this user account.
484 :Description: User capabilities.
488 Special Error Responses
489 ~~~~~~~~~~~~~~~~~~~~~~~
493 :Description: Attempt to create existing user.
498 :Description: Invalid access key specified.
499 :Code: 400 Bad Request
503 :Description: Invalid key type specified.
504 :Code: 400 Bad Request
508 :Description: Invalid secret key specified.
509 :Code: 400 Bad Request
513 :Description: Invalid key type specified.
514 :Code: 400 Bad Request
518 :Description: Provided access key exists and belongs to another user.
523 :Description: Provided email address exists.
526 ``InvalidCapability``
528 :Description: Attempt to grant invalid admin capability.
529 :Code: 400 Bad Request
544 POST /{admin}/user?format=json HTTP/1.1
553 :Description: The user ID to be modified.
555 :Example: ``foo_user``
560 :Description: The display name of the user to be modified.
562 :Example: ``foo user``
567 :Description: The email address to be associated with the user.
569 :Example: ``foo@bar.com``
574 :Description: Generate a new key pair and add to the existing keyring.
576 :Example: True [False]
581 :Description: Specify access key.
583 :Example: ``ABCD0EF12GHIJ2K34LMN``
588 :Description: Specify secret key.
590 :Example: ``0AbCDEFg1h2i34JklM5nop6QrSTUV+WxyzaBC7D8``
595 :Description: Key type to be generated, options are: swift, s3 (default).
602 :Description: User capabilities.
604 :Example: ``usage=read, write; users=read``
609 :Description: Specify the maximum number of buckets the user can own.
616 :Description: Specify whether the user should be suspended.
618 :Example: False [False]
624 If successful, the response contains the user information.
628 :Description: A container for the user data information.
633 :Description: The user id.
639 :Description: Display name for the user.
646 :Description: True if the user is suspended.
653 :Description: The maximum number of buckets to be owned by the user.
660 :Description: Subusers associated with this user account.
667 :Description: S3 keys associated with this user account.
674 :Description: Swift keys associated with this user account.
681 :Description: User capabilities.
686 Special Error Responses
687 ~~~~~~~~~~~~~~~~~~~~~~~
691 :Description: Invalid access key specified.
692 :Code: 400 Bad Request
696 :Description: Invalid key type specified.
697 :Code: 400 Bad Request
701 :Description: Invalid secret key specified.
702 :Code: 400 Bad Request
706 :Description: Provided access key exists and belongs to another user.
711 :Description: Provided email address exists.
714 ``InvalidCapability``
716 :Description: Attempt to grant invalid admin capability.
717 :Code: 400 Bad Request
722 Remove an existing user.
731 DELETE /{admin}/user?format=json HTTP/1.1
740 :Description: The user ID to be removed.
742 :Example: ``foo_user``
747 :Description: When specified the buckets and objects belonging
748 to the user will also be removed.
758 Special Error Responses
759 ~~~~~~~~~~~~~~~~~~~~~~~
766 Create a new subuser (primarily useful for clients using the Swift API).
767 Note that in general for a subuser to be useful, it must be granted
768 permissions by specifying ``access``. As with user creation if
769 ``subuser`` is specified without ``secret``, then a secret key will
770 be automatically generated.
779 PUT /{admin}/user?subuser&format=json HTTP/1.1
788 :Description: The user ID under which a subuser is to be created.
790 :Example: ``foo_user``
796 :Description: Specify the subuser ID to be created.
798 :Example: ``sub_foo``
803 :Description: Specify secret key.
805 :Example: ``0AbCDEFg1h2i34JklM5nop6QrSTUV+WxyzaBC7D8``
810 :Description: Key type to be generated, options are: swift (default), s3.
812 :Example: ``swift`` [``swift``]
817 :Description: Set access permissions for sub-user, should be one
818 of ``read, write, readwrite, full``.
825 :Description: Generate the secret key.
827 :Example: True [False]
833 If successful, the response contains the subuser information.
838 :Description: Subusers associated with the user account.
843 :Description: Subuser id.
845 :Parent: ``subusers``
849 :Description: Subuser access to user account.
851 :Parent: ``subusers``
853 Special Error Responses
854 ~~~~~~~~~~~~~~~~~~~~~~~
858 :Description: Specified subuser exists.
863 :Description: Invalid key type specified.
864 :Code: 400 Bad Request
868 :Description: Invalid secret key specified.
869 :Code: 400 Bad Request
873 :Description: Invalid subuser access specified.
874 :Code: 400 Bad Request
879 Modify an existing subuser
888 POST /{admin}/user?subuser&format=json HTTP/1.1
897 :Description: The user ID under which the subuser is to be modified.
899 :Example: ``foo_user``
904 :Description: The subuser ID to be modified.
906 :Example: ``sub_foo``
911 :Description: Generate a new secret key for the subuser,
912 replacing the existing key.
914 :Example: True [False]
919 :Description: Specify secret key.
921 :Example: ``0AbCDEFg1h2i34JklM5nop6QrSTUV+WxyzaBC7D8``
926 :Description: Key type to be generated, options are: swift (default), s3 .
928 :Example: ``swift`` [``swift``]
933 :Description: Set access permissions for sub-user, should be one
934 of ``read, write, readwrite, full``.
943 If successful, the response contains the subuser information.
948 :Description: Subusers associated with the user account.
953 :Description: Subuser id.
955 :Parent: ``subusers``
959 :Description: Subuser access to user account.
961 :Parent: ``subusers``
963 Special Error Responses
964 ~~~~~~~~~~~~~~~~~~~~~~~
968 :Description: Invalid key type specified.
969 :Code: 400 Bad Request
973 :Description: Invalid secret key specified.
974 :Code: 400 Bad Request
978 :Description: Invalid subuser access specified.
979 :Code: 400 Bad Request
984 Remove an existing subuser
993 DELETE /{admin}/user?subuser&format=json HTTP/1.1
1002 :Description: The user ID under which the subuser is to be removed.
1004 :Example: ``foo_user``
1010 :Description: The subuser ID to be removed.
1012 :Example: ``sub_foo``
1017 :Description: Remove keys belonging to the subuser.
1019 :Example: True [True]
1027 Special Error Responses
1028 ~~~~~~~~~~~~~~~~~~~~~~~
1034 Create a new key. If a ``subuser`` is specified then by default created keys
1035 will be swift type. If only one of ``access-key`` or ``secret-key`` is provided the
1036 committed key will be automatically generated, that is if only ``secret-key`` is
1037 specified then ``access-key`` will be automatically generated. By default, a
1038 generated key is added to the keyring without replacing an existing key pair.
1039 If ``access-key`` is specified and refers to an existing key owned by the user
1040 then it will be modified. The response is a container listing all keys of the same
1041 type as the key created. Note that when creating a swift key, specifying the option
1042 ``access-key`` will have no effect. Additionally, only one swift key may be held by
1043 each user or subuser.
1053 PUT /{admin}/user?key&format=json HTTP/1.1
1062 :Description: The user ID to receive the new key.
1064 :Example: ``foo_user``
1069 :Description: The subuser ID to receive the new key.
1071 :Example: ``sub_foo``
1076 :Description: Key type to be generated, options are: swift, s3 (default).
1078 :Example: ``s3`` [``s3``]
1083 :Description: Specify the access key.
1085 :Example: ``AB01C2D3EF45G6H7IJ8K``
1090 :Description: Specify the secret key.
1092 :Example: ``0ab/CdeFGhij1klmnopqRSTUv1WxyZabcDEFgHij``
1097 :Description: Generate a new key pair and add to the existing keyring.
1099 :Example: True [``True``]
1108 :Description: Keys of type created associated with this user account.
1113 :Description: The user account associated with the key.
1119 :Description: The access key.
1125 :Description: The secret key
1130 Special Error Responses
1131 ~~~~~~~~~~~~~~~~~~~~~~~
1133 ``InvalidAccessKey``
1135 :Description: Invalid access key specified.
1136 :Code: 400 Bad Request
1140 :Description: Invalid key type specified.
1141 :Code: 400 Bad Request
1143 ``InvalidSecretKey``
1145 :Description: Invalid secret key specified.
1146 :Code: 400 Bad Request
1150 :Description: Invalid key type specified.
1151 :Code: 400 Bad Request
1155 :Description: Provided access key exists and belongs to another user.
1161 Remove an existing key.
1170 DELETE /{admin}/user?key&format=json HTTP/1.1
1179 :Description: The S3 access key belonging to the S3 key pair to remove.
1181 :Example: ``AB01C2D3EF45G6H7IJ8K``
1186 :Description: The user to remove the key from.
1188 :Example: ``foo_user``
1193 :Description: The subuser to remove the key from.
1195 :Example: ``sub_foo``
1200 :Description: Key type to be removed, options are: swift, s3.
1201 NOTE: Required to remove swift key.
1206 Special Error Responses
1207 ~~~~~~~~~~~~~~~~~~~~~~~
1219 Get information about a subset of the existing buckets. If ``uid`` is specified
1220 without ``bucket`` then all buckets beloning to the user will be returned. If
1221 ``bucket`` alone is specified, information for that particular bucket will be
1231 GET /{admin}/bucket?format=json HTTP/1.1
1240 :Description: The bucket to return info on.
1242 :Example: ``foo_bucket``
1247 :Description: The user to retrieve bucket information for.
1249 :Example: ``foo_user``
1254 :Description: Return bucket statistics.
1256 :Example: True [False]
1262 If successful the request returns a buckets container containing
1263 the desired bucket information.
1267 :Description: Per bucket information.
1272 :Description: Contains a list of one or more bucket containers.
1277 :Description: Container for single bucket information.
1279 :Parent: ``buckets``
1283 :Description: The name of the bucket.
1289 :Description: The pool the bucket is stored in.
1295 :Description: The unique bucket id.
1301 :Description: Internal bucket tag.
1307 :Description: The user id of the bucket owner.
1313 :Description: Storage usage information.
1319 :Description: Status of bucket index.
1323 Special Error Responses
1324 ~~~~~~~~~~~~~~~~~~~~~~~
1326 ``IndexRepairFailed``
1328 :Description: Bucket index repair failed.
1334 Check the index of an existing bucket. NOTE: to check multipart object
1335 accounting with ``check-objects``, ``fix`` must be set to True.
1337 :caps: buckets=write
1344 GET /{admin}/bucket?index&format=json HTTP/1.1
1353 :Description: The bucket to return info on.
1355 :Example: ``foo_bucket``
1360 :Description: Check multipart object accounting.
1362 :Example: True [False]
1367 :Description: Also fix the bucket index when checking.
1369 :Example: False [False]
1377 :Description: Status of bucket index.
1380 Special Error Responses
1381 ~~~~~~~~~~~~~~~~~~~~~~~
1383 ``IndexRepairFailed``
1385 :Description: Bucket index repair failed.
1391 Delete an existing bucket.
1393 :caps: buckets=write
1400 DELETE /{admin}/bucket?format=json HTTP/1.1
1410 :Description: The bucket to remove.
1412 :Example: ``foo_bucket``
1417 :Description: Remove a buckets objects before deletion.
1419 :Example: True [False]
1427 Special Error Responses
1428 ~~~~~~~~~~~~~~~~~~~~~~~
1432 :Description: Attempted to delete non-empty bucket.
1435 ``ObjectRemovalFailed``
1437 :Description: Unable to remove objects.
1443 Unlink a bucket from a specified user. Primarily useful for changing
1446 :caps: buckets=write
1453 POST /{admin}/bucket?format=json HTTP/1.1
1462 :Description: The bucket to unlink.
1464 :Example: ``foo_bucket``
1469 :Description: The user ID to unlink the bucket from.
1471 :Example: ``foo_user``
1479 Special Error Responses
1480 ~~~~~~~~~~~~~~~~~~~~~~~
1482 ``BucketUnlinkFailed``
1484 :Description: Unable to unlink bucket from specified user.
1490 Link a bucket to a specified user, unlinking the bucket from
1493 :caps: buckets=write
1500 PUT /{admin}/bucket?format=json HTTP/1.1
1509 :Description: The bucket name to unlink.
1511 :Example: ``foo_bucket``
1516 :Description: The bucket id to unlink.
1518 :Example: ``dev.6607669.420``
1523 :Description: The user ID to link the bucket to.
1525 :Example: ``foo_user``
1533 :Description: Container for single bucket information.
1538 :Description: The name of the bucket.
1544 :Description: The pool the bucket is stored in.
1550 :Description: The unique bucket id.
1556 :Description: Internal bucket tag.
1562 :Description: The user id of the bucket owner.
1568 :Description: Storage usage information.
1574 :Description: Status of bucket index.
1578 Special Error Responses
1579 ~~~~~~~~~~~~~~~~~~~~~~~
1581 ``BucketUnlinkFailed``
1583 :Description: Unable to unlink bucket from specified user.
1586 ``BucketLinkFailed``
1588 :Description: Unable to link bucket to specified user.
1594 Remove an existing object. NOTE: Does not require owner to be non-suspended.
1596 :caps: buckets=write
1603 DELETE /{admin}/bucket?object&format=json HTTP/1.1
1611 :Description: The bucket containing the object to be removed.
1613 :Example: ``foo_bucket``
1618 :Description: The object to remove.
1620 :Example: ``foo.txt``
1628 Special Error Responses
1629 ~~~~~~~~~~~~~~~~~~~~~~~
1633 :Description: Specified object does not exist.
1634 :Code: 404 Not Found
1636 ``ObjectRemovalFailed``
1638 :Description: Unable to remove objects.
1643 Get Bucket or Object Policy
1644 ===========================
1646 Read the policy of an object or bucket.
1655 GET /{admin}/bucket?policy&format=json HTTP/1.1
1664 :Description: The bucket to read the policy from.
1666 :Example: ``foo_bucket``
1671 :Description: The object to read the policy from.
1673 :Example: ``foo.txt``
1679 If successful, returns the object or bucket policy
1683 :Description: Access control policy.
1686 Special Error Responses
1687 ~~~~~~~~~~~~~~~~~~~~~~~
1691 :Description: Either bucket was not specified for a bucket policy request or bucket
1692 and object were not specified for an object policy request.
1693 :Code: 400 Bad Request
1695 Add A User Capability
1696 =====================
1698 Add an administrative capability to a specified user.
1707 PUT /{admin}/user?caps&format=json HTTP/1.1
1715 :Description: The user ID to add an administrative capability to.
1717 :Example: ``foo_user``
1722 :Description: The administrative capability to add to the user.
1724 :Example: ``usage=read,write;user=write``
1730 If successful, the response contains the user's capabilities.
1734 :Description: A container for the user data information.
1740 :Description: The user id.
1746 :Description: User capabilities.
1751 Special Error Responses
1752 ~~~~~~~~~~~~~~~~~~~~~~~
1754 ``InvalidCapability``
1756 :Description: Attempt to grant invalid admin capability.
1757 :Code: 400 Bad Request
1764 PUT /{admin}/user?caps&user-caps=usage=read,write;user=write&format=json HTTP/1.1
1766 Content-Type: text/plain
1767 Authorization: {your-authorization-token}
1771 Remove A User Capability
1772 ========================
1774 Remove an administrative capability from a specified user.
1783 DELETE /{admin}/user?caps&format=json HTTP/1.1
1791 :Description: The user ID to remove an administrative capability from.
1793 :Example: ``foo_user``
1798 :Description: The administrative capabilities to remove from the user.
1800 :Example: ``usage=read, write``
1806 If successful, the response contains the user's capabilities.
1810 :Description: A container for the user data information.
1816 :Description: The user id.
1822 :Description: User capabilities.
1827 Special Error Responses
1828 ~~~~~~~~~~~~~~~~~~~~~~~
1830 ``InvalidCapability``
1832 :Description: Attempt to remove an invalid admin capability.
1833 :Code: 400 Bad Request
1837 :Description: User does not possess specified capability.
1838 :Code: 404 Not Found
1844 The Admin Operations API enables you to set quotas on users and on bucket owned
1845 by users. See `Quota Management`_ for additional details. Quotas include the
1846 maximum number of objects in a bucket and the maximum storage size in megabytes.
1848 To view quotas, the user must have a ``users=read`` capability. To set,
1849 modify or disable a quota, the user must have ``users=write`` capability.
1850 See the `Admin Guide`_ for details.
1852 Valid parameters for quotas include:
1854 - **Bucket:** The ``bucket`` option allows you to specify a quota for
1855 buckets owned by a user.
1857 - **Maximum Objects:** The ``max-objects`` setting allows you to specify
1858 the maximum number of objects. A negative value disables this setting.
1860 - **Maximum Size:** The ``max-size`` option allows you to specify a quota
1861 for the maximum number of bytes. A negative value disables this setting.
1863 - **Quota Type:** The ``quota-type`` option sets the scope for the quota.
1864 The options are ``bucket`` and ``user``.
1866 - **Enable/Disable Quota:** The ``enabled`` option specifies whether the
1867 quota should be enabled. The value should be either 'True' or 'False'.
1872 To get a quota, the user must have ``users`` capability set with ``read``
1875 GET /admin/user?quota&uid=<uid>"a-type=user
1881 To set a quota, the user must have ``users`` capability set with ``write``
1884 PUT /admin/user?quota&uid=<uid>"a-type=user
1887 The content must include a JSON representation of the quota settings
1888 as encoded in the corresponding read operation.
1894 To get a quota, the user must have ``users`` capability set with ``read``
1897 GET /admin/user?quota&uid=<uid>"a-type=bucket
1903 To set a quota, the user must have ``users`` capability set with ``write``
1906 PUT /admin/user?quota&uid=<uid>"a-type=bucket
1908 The content must include a JSON representation of the quota settings
1909 as encoded in the corresponding read operation.
1914 Standard Error Responses
1915 ========================
1919 :Description: Access denied.
1920 :Code: 403 Forbidden
1924 :Description: Internal server error.
1925 :Code: 500 Internal Server Error
1929 :Description: User does not exist.
1930 :Code: 404 Not Found
1934 :Description: Bucket does not exist.
1935 :Code: 404 Not Found
1939 :Description: No such access key.
1940 :Code: 404 Not Found
1944 .. _Admin Guide: ../admin
1945 .. _Quota Management: ../admin#quota-management
1946 .. _Multitenancy: ./multitenancy