Notice

This document is for a development version of Ceph.

Report a Documentation Bug

Admin Operations

An admin API request will be done on a URI that starts with the configurable ‘admin’ resource entry point. Authorization for the admin API duplicates the S3 authorization mechanism. Some operations require that the user holds special administrative capabilities. The response entity type (XML or JSON) may be specified as the ‘format’ option in the request and defaults to JSON if not specified.

Info

Get RGW cluster/endpoint information.

caps:

info=read

Syntax

GET /{admin}/info?format=json HTTP/1.1
Host: {fqdn}

Request Parameters

None.

Response Entities

If successful, the response contains an info section.

info

Description:

A container for all returned information.

Type:

Container

cluster_id

Description:

The (typically unique) identifier for the controlling backing store for the RGW cluster. In the typical case, this is value returned from librados::rados::cluster_fsid().

Type:

String

Parent:

info

Special Error Responses

None.

Get Usage

Request bandwidth usage information.

Note: this feature is disabled by default, can be enabled by setting rgw enable usage log = true in the appropriate section of ceph.conf. For changes in ceph.conf to take effect, radosgw process restart is needed.

caps:

usage=read

Syntax

GET /{admin}/usage?format=json HTTP/1.1
Host: {fqdn}

Request Parameters

uid

Description:

The user for which the information is requested. If not specified will apply to all users.

Type:

String

Example:

foo_user

Required:

No

start

Description:

Date and (optional) time that specifies the start time of the requested data.

Type:

String

Example:

2012-09-25 16:00:00

Required:

No

end

Description:

Date and (optional) time that specifies the end time of the requested data (non-inclusive).

Type:

String

Example:

2012-09-25 16:00:00

Required:

No

show-entries

Description:

Specifies whether data entries should be returned.

Type:

Boolean

Example:

True [True]

Required:

No

show-summary

Description:

Specifies whether data summary should be returned.

Type:

Boolean

Example:

True [True]

Required:

No

Response Entities

If successful, the response contains the requested information.

usage

Description:

A container for the usage information.

Type:

Container

entries

Description:

A container for the usage entries information.

Type:

Container

user

Description:

A container for the user data information.

Type:

Container

owner

Description:

The name of the user that owns the buckets.

Type:

String

bucket

Description:

The bucket name.

Type:

String

time

Description:

Time lower bound for which data is being specified (rounded to the beginning of the first relevant hour).

Type:

String

epoch

Description:

The time specified in seconds since 1/1/1970.

Type:

String

categories

Description:

A container for stats categories.

Type:

Container

entry

Description:

A container for stats entry.

Type:

Container

category

Description:

Name of request category for which the stats are provided.

Type:

String

bytes_sent

Description:

Number of bytes sent by the RADOS Gateway.

Type:

Integer

bytes_received

Description:

Number of bytes received by the RADOS Gateway.

Type:

Integer

ops

Description:

Number of operations.

Type:

Integer

successful_ops

Description:

Number of successful operations.

Type:

Integer

summary

Description:

A container for stats summary.

Type:

Container

total

Description:

A container for stats summary aggregated total.

Type:

Container

Special Error Responses

TBD.

Trim Usage

Remove usage information. With no dates specified, removes all usage information.

Note: this feature is disabled by default, can be enabled by setting rgw enable usage log = true in the appropriate section of ceph.conf. For changes in ceph.conf to take effect, radosgw process restart is needed.

caps:

usage=write

Syntax

DELETE /{admin}/usage?format=json HTTP/1.1
Host: {fqdn}

Request Parameters

uid

Description:

The user for which the information is requested. If not specified will apply to all users.

Type:

String

Example:

foo_user

Required:

No

start

Description:

Date and (optional) time that specifies the start time of the requested data.

Type:

String

Example:

2012-09-25 16:00:00

Required:

No

end

Description:

Date and (optional) time that specifies the end time of the requested data (none inclusive).

Type:

String

Example:

2012-09-25 16:00:00

Required:

No

remove-all

Description:

Required when uid is not specified, in order to acknowledge multi user data removal.

Type:

Boolean

Example:

True [False]

Required:

No

Special Error Responses

TBD.

Get User Info

Get user information. Cap users or user-info-without-keys must be set to read to run this operation. If cap user-info-without-keys is set to read or *, S3 keys and Swift keys will not be included in the response unless the user running this operation is the system user, an admin user, or the cap users is set to read.

Either a uid or access-key must be supplied as a request parameter. We recommend supplying uid. If both are provided but correspond to different users, the info for the user specified with uid will be returned.

caps:

users=read or user-info-without-keys=read

Syntax

GET /{admin}/user?format=json HTTP/1.1
Host: {fqdn}

Request Parameters

uid

Description:

The user for which the information is requested.

Type:

String

Example:

foo_user

Required:

Yes

access-key

Description:

The S3 access key of the user for which the information is requested.

Type:

String

Example:

ABCD0EF12GHIJ2K34LMN

Required:

No

Response Entities

If successful, the response contains the user information.

user

Description:

A container for the user data information.

Type:

Container

user_id

Description:

The user id.

Type:

String

Parent:

user

display_name

Description:

Display name for the user.

Type:

String

Parent:

user

suspended

Description:

True if the user is suspended.

Type:

Boolean

Parent:

user

max_buckets

Description:

The maximum number of buckets to be owned by the user.

Type:

Integer

Parent:

user

subusers

Description:

Subusers associated with this user account.

Type:

Container

Parent:

user

keys

Description:

S3 keys associated with this user account.

Type:

Container

Parent:

user

swift_keys

Description:

Swift keys associated with this user account.

Type:

Container

Parent:

user

caps

Description:

User capabilities.

Type:

Container

Parent:

user

Special Error Responses

None.

Create Account

New in version Squid.

Create a new account.

caps:

accounts=write

Syntax

POST /{admin}/account?format=json HTTP/1.1
Host: {fqdn}

Request Parameters

id

Description:

The ID of the account to be created.

Type:

String

Example:

RGW00000000000000001

Required:

No

An account ID must be 20 characters long, and in the format of the string “RGW” followed by 17 numeric characters. If not specified, a random unique one will be generated.

name

Description:

The name of the account to be created.

Type:

String

Example:

account_name

Required:

No

email

Description:

The email address associated with the account.

Type:

String

Example:

foo@bar.com

Required:

No

tenant

Description:

The Tenant under which the account exists.

Type:

string

Example:

tenant1

Required:

No

max-users

Description:

Specifies the maximum number of users the account can own. The default is 1000.

Type:

Integer

Example:

500 [1000]

Required:

No

max-roles

Description:

Specifies the maximum number of roles the account can own. The default is 1000.

Type:

Integer

Example:

500 [1000]

Required:

No

max-groups

Description:

Specifies the maximum number of groups the account can own. The default is 1000.

Type:

Integer

Example:

500 [1000]

Required:

No

max-access-keys

Description:

Specifies the maximum number of access keys the account can own. The default is 4.

Type:

Integer

Example:

1 [4]

Required:

No

max-buckets

Description:

Specifies the maximum number of buckets the account can own. The default is 1000.

Type:

Integer

Example:

500 [1000]

Required:

No

Response Entities

If successful, the response contains the following account information.

account

Description:

A container for the account information.

Type:

Container

id

Description:

The ID of the account created.

Type:

String

Parent:

account

tenant

Description:

The Tenant under which the account exists.

Type:

String

Parent:

account

name

Description:

The name of the account created.

Type:

String

Parent:

account

email

Description:

The email address associated with the account.

Type:

String

Parent:

account

max_users

Description:

The maximum number of users the account can own.

Type:

Integer

Parent:

account

max_roles

Description:

The maximum number of roles the account can own.

Type:

Integer

Parent:

account

max_groups

Description:

The maximum number of groups the account can own.

Type:

Integer

Parent:

account

max_buckets

Description:

The maximum number of buckets the account can own.

Type:

Integer

Parent:

account

max_access_keys

Description:

The maximum number of access keys the account can own.

Type:

Integer

Parent:

account

quota

Description:

A container for the account quota information.

Type:

Container

Parent:

account

enabled

Description:

Whether quota is enabled at the account level.

Type:

Bool

Parent:

quota

check_on_raw

Description:

Whether quota should be checked on raw usage instead of the 4 KiB rounded one.

Type:

Bool

Parent:

quota

max_size

Description:

The max quota size in bytes.

Type:

Integer

Parent:

quota

max_size_kb

Description:

The max quota size in kilobytes.

Type:

Integer

Parent:

quota

max_objects

Description:

The max number of objects that an account can own.

Type:

Integer

Parent:

quota

bucket_quota

Description:

A container for the account bucket-level quota information.

Type:

Container

Parent:

account

enabled

Description:

Whether quota is enabled at the bucket level for the account.

Type:

Bool

Parent:

bucket_quota

check_on_raw

Description:

Whether bucket quota for the account should be checked on raw usage instead of the 4 KiB rounded one.

Type:

Bool

Parent:

bucket_quota

max_size

Description:

The max quota size in bytes for buckets under the account.

Type:

Integer

Parent:

bucket_quota

max_size_kb

Description:

The max quota size in kilobytes for buckets under the account.

Type:

Integer

Parent:

bucket_quota

max_objects

Description:

The max number of objects that a bucket under the account can have.

Type:

Integer

Parent:

bucket_quota

Special Error Responses

AccountAlreadyExists

Description:

Attempt to create existing account. This can happen if the account ID or the email is already in use.

Code:

409 Conflict

Modify Account

New in version Squid.

Modify an account. Either id, name, or email must be provided.

caps:

accounts=write

Syntax

PUT /{admin}/account?format=json HTTP/1.1
Host: {fqdn}

Request Parameters

id

Description:

The ID of the account to be modified.

Type:

String

Example:

RGW00000000000000001

Required:

No

name

Description:

The name of the account to be modified.

Type:

String

Example:

account_name

Required:

No

email

Description:

The email address of the account to be modified.

Type:

String

Example:

foo@bar.com

Required:

No

max-users

Description:

Specifies the maximum number of users the account can own. The default is 1000.

Type:

Integer

Example:

500 [1000]

Required:

No

max-roles

Description:

Specifies the maximum number of roles the account can own. The default is 1000.

Type:

Integer

Example:

500 [1000]

Required:

No

max-groups

Description:

Specifies the maximum number of groups the account can own. The default is 1000.

Type:

Integer

Example:

500 [1000]

Required:

No

max-access-keys

Description:

Specifies the maximum number of access keys the account can own. The default is 4.

Type:

Integer

Example:

1 [4]

Required:

No

max-buckets

Description:

Specifies the maximum number of buckets the account can own. The default is 1000.

Type:

Integer

Example:

500 [1000]

Required:

No

Response Entities

If successful, the response contains the following account information.

account

Description:

A container for the account information.

Type:

Container

id

Description:

The account ID.

Type:

String

Parent:

account

tenant

Description:

The Tenant under which the account exists.

Type:

String

Parent:

account

name

Description:

The name of the account created.

Type:

String

Parent:

account

email

Description:

The email address associated with the account.

Type:

String

Parent:

account

max_users

Description:

The maximum number of users the account can own.

Type:

Integer

Parent:

account

max_roles

Description:

The maximum number of roles the account can own.

Type:

Integer

Parent:

account

max_groups

Description:

The maximum number of groups the account can own.

Type:

Integer

Parent:

account

max_buckets

Description:

The maximum number of buckets the account can own.

Type:

Integer

Parent:

account

max_access_keys

Description:

The maximum number of access keys the account can own.

Type:

Integer

Parent:

account

quota

Description:

A container for the account quota information.

Type:

Container

Parent:

account

enabled

Description:

Whether quota is enabled at the account level.

Type:

Bool

Parent:

quota

check_on_raw

Description:

Whether quota should be checked on raw usage instead of the 4 KiB rounded one.

Type:

Bool

Parent:

quota

max_size

Description:

The max quota size in bytes.

Type:

Integer

Parent:

quota

max_size_kb

Description:

The max quota size in kilobytes.

Type:

Integer

Parent:

quota

max_objects

Description:

The max number of objects that an account can own.

Type:

Integer

Parent:

quota

bucket_quota

Description:

A container for the account bucket-level quota information.

Type:

Container

Parent:

account

enabled

Description:

Whether quota is enabled at the bucket level for the account.

Type:

Bool

Parent:

bucket_quota

check_on_raw

Description:

Whether bucket quota for the account should be checked on raw usage instead of the 4 KiB rounded one.

Type:

Bool

Parent:

bucket_quota

max_size

Description:

The max quota size in bytes for buckets under the account.

Type:

Integer

Parent:

bucket_quota

max_size_kb

Description:

The max quota size in kilobytes for buckets under the account.

Type:

Integer

Parent:

bucket_quota

max_objects

Description:

The max number of objects that a bucket under the account can have.

Type:

Integer

Parent:

bucket_quota

Special Error Responses

None.

Get Account Info

New in version Squid.

Get account info. Either an id or a name must be provided.

caps:

accounts=write

Syntax

GET /{admin}/account?format=json HTTP/1.1
Host: {fqdn}

Request Parameters

id

Description:

The ID of the account to get info for.

Type:

String

Example:

RGW00000000000000001

Required:

No

name

Description:

The name of the account to get info for.

Type:

String

Example:

account_name

Required:

No

Response Entities

If successful, the response contains the following account information.

account

Description:

A container for the account information.

Type:

Container

id

Description:

The account ID.

Type:

String

Parent:

account

tenant

Description:

The Tenant under which the account exists.

Type:

String

Parent:

account

name

Description:

The name of the account created.

Type:

String

Parent:

account

email

Description:

The email address associated with the account.

Type:

String

Parent:

account

max_users

Description:

The maximum number of users the account can own.

Type:

Integer

Parent:

account

max_roles

Description:

The maximum number of roles the account can own.

Type:

Integer

Parent:

account

max_groups

Description:

The maximum number of groups the account can own.

Type:

Integer

Parent:

account

max_buckets

Description:

The maximum number of buckets the account can own.

Type:

Integer

Parent:

account

max_access_keys

Description:

The maximum number of access keys the account can own.

Type:

Integer

Parent:

account

quota

Description:

A container for the account quota information.

Type:

Container

Parent:

account

enabled

Description:

Whether quota is enabled at the account level.

Type:

Bool

Parent:

quota

check_on_raw

Description:

Whether quota should be checked on raw usage instead of the 4 KiB rounded one.

Type:

Bool

Parent:

quota

max_size

Description:

The max quota size in bytes.

Type:

Integer

Parent:

quota

max_size_kb

Description:

The max quota size in kilobytes.

Type:

Integer

Parent:

quota

max_objects

Description:

The max number of objects that an account can own.

Type:

Integer

Parent:

quota

bucket_quota

Description:

A container for the account bucket-level quota information.

Type:

Container

Parent:

account

enabled

Description:

Whether quota is enabled at the bucket level for the account.

Type:

Bool

Parent:

bucket_quota

check_on_raw

Description:

Whether bucket quota for the account should be checked on raw usage instead of the 4 KiB rounded one.

Type:

Bool

Parent:

bucket_quota

max_size

Description:

The max quota size in bytes for buckets under the account.

Type:

Integer

Parent:

bucket_quota

max_size_kb

Description:

The max quota size in kilobytes for buckets under the account.

Type:

Integer

Parent:

bucket_quota

max_objects

Description:

The max number of objects that a bucket under the account can have.

Type:

Integer

Parent:

bucket_quota

Special Error Responses

None.

Remove Account

New in version Squid.

Remove an existing account. Either id, name, or email must be provided.

caps:

accounts=write

Syntax

DELETE /{admin}/account?format=json HTTP/1.1
Host: {fqdn}

Request Parameters

id

Description:

The ID of the account to be removed.

Type:

String

Example:

RGW00000000000000001

Required:

No

tenant

Description:

The Tenant under which the account exists.

Type:

String

Example:

tenant

Required:

No

name

Description:

The name of the account to be removed.

Type:

String

Example:

account_name

Required:

No

email

Description:

The email address associated with the account to be removed.

Type:

String

Example:

foo@bar.com

Required:

No

Response Entities

None

Special Error Responses

None.

Create User

Create a new user. By default, a S3 key pair will be created automatically and returned in the response. If only one of access-key or secret-key is provided, the omitted key will be automatically generated. By default, a generated key is added to the keyring without replacing an existing key pair. If access-key is specified and refers to an existing key owned by the user then it will be modified.

New in version Luminous.

A tenant may either be specified as a part of uid or as an additional request param.

caps:

users=write

Syntax

PUT /{admin}/user?format=json HTTP/1.1
Host: {fqdn}

Request Parameters

uid

Description:

The user ID to be created.

Type:

String

Example:

foo_user

Required:

Yes

A tenant name may also specified as a part of uid, by following the syntax tenant$user, refer to Multitenancy for more details.

display-name

Description:

The display name of the user to be created.

Type:

String

Example:

foo user

Required:

Yes

email

Description:

The email address associated with the user.

Type:

String

Example:

foo@bar.com

Required:

No

key-type

Description:

Key type to be generated, options are: swift, s3 (default).

Type:

String

Example:

s3 [s3]

Required:

No

access-key

Description:

Specify access key.

Type:

String

Example:

ABCD0EF12GHIJ2K34LMN

Required:

No

secret-key

Description:

Specify secret key.

Type:

String

Example:

0AbCDEFg1h2i34JklM5nop6QrSTUV+WxyzaBC7D8

Required:

No

user-caps

Description:

User capabilities.

Type:

String

Example:

usage=read, write; users=read

Required:

No

generate-key

Description:

Generate a new key pair and add to the existing keyring.

Type:

Boolean

Example:

True [True]

Required:

No

max-buckets

Description:

Specify the maximum number of buckets the user can own.

Type:

Integer

Example:

500 [1000]

Required:

No

suspended

Description:

Specify whether the user should be suspended.

Type:

Boolean

Example:

False [False]

Required:

No

New in version Jewel.

tenant

Description:

the Tenant under which a user is a part of.

Type:

string

Example:

tenant1

Required:

No

default-placement

Description:

default placement for the user.

Type:

string

Example:

default-placement

Required:

No

default-storage-class

Description:

default storage class for the user, default-placement must be defined when setting this option.

Type:

string

Example:

STANDARD-1A

Required:

No

New in version Squid.

account-id

Description:

The account under which a user should exist.

Type:

string

Example:

RGW00000000000000001

Required:

No

account-root

Description:

Whether the user should be root for its account.

Type:

Boolean

Example:

False [False]

Required:

No

Response Entities

If successful, the response contains the user information.

user

Description:

A container for the user data information.

Type:

Container

tenant

Description:

The tenant which user is a part of.

Type:

String

Parent:

user

user_id

Description:

The user id.

Type:

String

Parent:

user

display_name

Description:

Display name for the user.

Type:

String

Parent:

user

suspended

Description:

True if the user is suspended.

Type:

Boolean

Parent:

user

max_buckets

Description:

The maximum number of buckets to be owned by the user.

Type:

Integer

Parent:

user

subusers

Description:

Subusers associated with this user account.

Type:

Container

Parent:

user

keys

Description:

S3 keys associated with this user account.

Type:

Container

Parent:

user

swift_keys

Description:

Swift keys associated with this user account.

Type:

Container

Parent:

user

caps

Description:

User capabilities.

Type:

Container

Parent:

user

Special Error Responses

UserExists

Description:

Attempt to create existing user.

Code:

409 Conflict

InvalidAccessKey

Description:

Invalid access key specified.

Code:

400 Bad Request

InvalidKeyType

Description:

Invalid key type specified.

Code:

400 Bad Request

InvalidSecretKey

Description:

Invalid secret key specified.

Code:

400 Bad Request

InvalidKeyType

Description:

Invalid key type specified.

Code:

400 Bad Request

KeyExists

Description:

Provided access key exists and belongs to another user.

Code:

409 Conflict

EmailExists

Description:

Provided email address exists.

Code:

409 Conflict

InvalidCapability

Description:

Attempt to grant invalid admin capability.

Code:

400 Bad Request

Modify User

Modify a user.

caps:

users=write

Syntax

POST /{admin}/user?format=json HTTP/1.1
Host: {fqdn}

Request Parameters

uid

Description:

The user ID to be modified.

Type:

String

Example:

foo_user

Required:

Yes

display-name

Description:

The display name of the user to be modified.

Type:

String

Example:

foo user

Required:

No

email

Description:

The email address to be associated with the user.

Type:

String

Example:

foo@bar.com

Required:

No

generate-key

Description:

Generate a new key pair and add to the existing keyring.

Type:

Boolean

Example:

True [False]

Required:

No

access-key

Description:

Specify access key.

Type:

String

Example:

ABCD0EF12GHIJ2K34LMN

Required:

No

secret-key

Description:

Specify secret key.

Type:

String

Example:

0AbCDEFg1h2i34JklM5nop6QrSTUV+WxyzaBC7D8

Required:

No

key-type

Description:

Key type to be generated, options are: swift, s3 (default).

Type:

String

Example:

s3

Required:

No

max-buckets

Description:

Specify the maximum number of buckets the user can own.

Type:

Integer

Example:

500 [1000]

Required:

No

suspended

Description:

Specify whether the user should be suspended.

Type:

Boolean

Example:

False [False]

Required:

No

op-mask

Description:

The op-mask of the user to be modified.

Type:

String

Example:

read, write, delete, *

Required:

No

default-placement

Description:

default placement for the user.

Type:

string

Example:

default-placement

Required:

No

default-storage-class

Description:

default storage class for the user, default-placement must be defined when setting this option.

Type:

string

Example:

STANDARD-1A

Required:

No

New in version Squid.

account-id

Description:

The account under which a user should exist. Cannot be changed or removed once set.

Type:

string

Example:

RGW00000000000000001

Required:

No

account-root

Description:

Whether the user should be root for its account.

Type:

Boolean

Example:

False [False]

Required:

No

Response Entities

If successful, the response contains the user information.

user

Description:

A container for the user data information.

Type:

Container

user_id

Description:

The user id.

Type:

String

Parent:

user

display_name

Description:

Display name for the user.

Type:

String

Parent:

user

suspended

Description:

True if the user is suspended.

Type:

Boolean

Parent:

user

max_buckets

Description:

The maximum number of buckets to be owned by the user.

Type:

Integer

Parent:

user

subusers

Description:

Subusers associated with this user account.

Type:

Container

Parent:

user

keys

Description:

S3 keys associated with this user account.

Type:

Container

Parent:

user

swift_keys

Description:

Swift keys associated with this user account.

Type:

Container

Parent:

user

caps

Description:

User capabilities.

Type:

Container

Parent:

user

Special Error Responses

InvalidAccessKey

Description:

Invalid access key specified.

Code:

400 Bad Request

InvalidKeyType

Description:

Invalid key type specified.

Code:

400 Bad Request

InvalidSecretKey

Description:

Invalid secret key specified.

Code:

400 Bad Request

KeyExists

Description:

Provided access key exists and belongs to another user.

Code:

409 Conflict

EmailExists

Description:

Provided email address exists.

Code:

409 Conflict

InvalidCapability

Description:

Attempt to grant invalid admin capability.

Code:

400 Bad Request

Remove User

Remove an existing user.

caps:

users=write

Syntax

DELETE /{admin}/user?format=json HTTP/1.1
Host: {fqdn}

Request Parameters

uid

Description:

The user ID to be removed.

Type:

String

Example:

foo_user

Required:

Yes.

purge-data

Description:

When specified the buckets and objects belonging to the user will also be removed.

Type:

Boolean

Example:

True

Required:

No

Response Entities

None

Special Error Responses

None.

Create Subuser

Create a new subuser (primarily useful for clients using the Swift API). Note that in general for a subuser to be useful, it must be granted permissions by specifying access. As with user creation if subuser is specified without secret, then a secret key will be automatically generated.

caps:

users=write

Syntax

PUT /{admin}/user?subuser&format=json HTTP/1.1
Host: {fqdn}

Request Parameters

uid

Description:

The user ID under which a subuser is to be created.

Type:

String

Example:

foo_user

Required:

Yes

subuser

Description:

Specify the subuser ID to be created.

Type:

String

Example:

sub_foo

Required:

Yes

secret-key

Description:

Specify secret key.

Type:

String

Example:

0AbCDEFg1h2i34JklM5nop6QrSTUV+WxyzaBC7D8

Required:

No

key-type

Description:

Key type to be generated, options are: swift (default), s3.

Type:

String

Example:

swift [swift]

Required:

No

access

Description:

Set access permissions for sub-user, should be one of read, write, readwrite, full.

Type:

String

Example:

read

Required:

No

generate-secret

Description:

Generate the secret key.

Type:

Boolean

Example:

True [False]

Required:

No

Response Entities

If successful, the response contains the subuser information.

subusers

Description:

Subusers associated with the user account.

Type:

Container

id

Description:

Subuser id.

Type:

String

Parent:

subusers

permissions

Description:

Subuser access to user account.

Type:

String

Parent:

subusers

Special Error Responses

SubuserExists

Description:

Specified subuser exists.

Code:

409 Conflict

InvalidKeyType

Description:

Invalid key type specified.

Code:

400 Bad Request

InvalidSecretKey

Description:

Invalid secret key specified.

Code:

400 Bad Request

InvalidAccess

Description:

Invalid subuser access specified.

Code:

400 Bad Request

Modify Subuser

Modify an existing subuser

caps:

users=write

Syntax

POST /{admin}/user?subuser&format=json HTTP/1.1
Host: {fqdn}

Request Parameters

uid

Description:

The user ID under which the subuser is to be modified.

Type:

String

Example:

foo_user

Required:

Yes

subuser

Description:

The subuser ID to be modified.

Type:

String

Example:

sub_foo

Required:

Yes

generate-secret

Description:

Generate a new secret key for the subuser, replacing the existing key.

Type:

Boolean

Example:

True [False]

Required:

No

secret

Description:

Specify secret key.

Type:

String

Example:

0AbCDEFg1h2i34JklM5nop6QrSTUV+WxyzaBC7D8

Required:

No

key-type

Description:

Key type to be generated, options are: swift (default), s3 .

Type:

String

Example:

swift [swift]

Required:

No

access

Description:

Set access permissions for sub-user, should be one of read, write, readwrite, full.

Type:

String

Example:

read

Required:

No

Response Entities

If successful, the response contains the subuser information.

subusers

Description:

Subusers associated with the user account.

Type:

Container

id

Description:

Subuser id.

Type:

String

Parent:

subusers

permissions

Description:

Subuser access to user account.

Type:

String

Parent:

subusers

Special Error Responses

InvalidKeyType

Description:

Invalid key type specified.

Code:

400 Bad Request

InvalidSecretKey

Description:

Invalid secret key specified.

Code:

400 Bad Request

InvalidAccess

Description:

Invalid subuser access specified.

Code:

400 Bad Request

Remove Subuser

Remove an existing subuser

caps:

users=write

Syntax

DELETE /{admin}/user?subuser&format=json HTTP/1.1
Host: {fqdn}

Request Parameters

uid

Description:

The user ID under which the subuser is to be removed.

Type:

String

Example:

foo_user

Required:

Yes

subuser

Description:

The subuser ID to be removed.

Type:

String

Example:

sub_foo

Required:

Yes

purge-keys

Description:

Remove keys belonging to the subuser.

Type:

Boolean

Example:

True [True]

Required:

No

Response Entities

None.

Special Error Responses

None.

Create Key

Create a new key. If a subuser is specified then by default created keys will be swift type. If only one of access-key or secret-key is provided the committed key will be automatically generated, that is if only secret-key is specified then access-key will be automatically generated. By default, a generated key is added to the keyring without replacing an existing key pair. If access-key is specified and refers to an existing key owned by the user then it will be modified. The response is a container listing all keys of the same type as the key created. Note that when creating a swift key, specifying the option access-key will have no effect. Additionally, only one swift key may be held by each user or subuser.

caps:

users=write

Syntax

PUT /{admin}/user?key&format=json HTTP/1.1
Host: {fqdn}

Request Parameters

uid

Description:

The user ID to receive the new key.

Type:

String

Example:

foo_user

Required:

Yes

subuser

Description:

The subuser ID to receive the new key.

Type:

String

Example:

sub_foo

Required:

No

key-type

Description:

Key type to be generated, options are: swift, s3 (default).

Type:

String

Example:

s3 [s3]

Required:

No

access-key

Description:

Specify the access key.

Type:

String

Example:

AB01C2D3EF45G6H7IJ8K

Required:

No

secret-key

Description:

Specify the secret key.

Type:

String

Example:

0ab/CdeFGhij1klmnopqRSTUv1WxyZabcDEFgHij

Required:

No

generate-key

Description:

Generate a new key pair and add to the existing keyring.

Type:

Boolean

Example:

True [True]

Required:

No

active

Description:

Activate or deactivate a key.

Type:

Boolean

Example:

True [True]

Required:

No

Response Entities

keys

Description:

Keys of type created associated with this user account.

Type:

Container

user

Description:

The user account associated with the key.

Type:

String

Parent:

keys

access-key

Description:

The access key.

Type:

String

Parent:

keys

secret-key

Description:

The secret key

Type:

String

Parent:

keys

Special Error Responses

InvalidAccessKey

Description:

Invalid access key specified.

Code:

400 Bad Request

InvalidKeyType

Description:

Invalid key type specified.

Code:

400 Bad Request

InvalidSecretKey

Description:

Invalid secret key specified.

Code:

400 Bad Request

InvalidKeyType

Description:

Invalid key type specified.

Code:

400 Bad Request

KeyExists

Description:

Provided access key exists and belongs to another user.

Code:

409 Conflict

Remove Key

Remove an existing key.

caps:

users=write

Syntax

DELETE /{admin}/user?key&format=json HTTP/1.1
Host: {fqdn}

Request Parameters

access-key

Description:

The S3 access key belonging to the S3 key pair to remove.

Type:

String

Example:

AB01C2D3EF45G6H7IJ8K

Required:

Yes

uid

Description:

The user to remove the key from.

Type:

String

Example:

foo_user

Required:

No

subuser

Description:

The subuser to remove the key from.

Type:

String

Example:

sub_foo

Required:

No

key-type

Description:

Key type to be removed, options are: swift, s3. NOTE: Required to remove swift key.

Type:

String

Example:

swift

Required:

No

Special Error Responses

None.

Response Entities

None.

Get Bucket Info

Get information about a subset of the existing buckets. If uid is specified without bucket then all buckets belonging to the user will be returned. If bucket alone is specified, information for that particular bucket will be retrieved.

If max-entries is specified to limit the number of buckets returned, the response body will change and contain the keys buckets, count and truncated. If truncated is true the marker key will also be added.

caps:

buckets=read

Syntax

GET /{admin}/bucket?format=json HTTP/1.1
Host: {fqdn}

Request Parameters

bucket

Description:

The bucket to return info on.

Type:

String

Example:

foo_bucket

Required:

No

uid

Description:

The user to retrieve bucket information for.

Type:

String

Example:

foo_user

Required:

No

stats

Description:

Return bucket statistics.

Type:

Boolean

Example:

True [False]

Required:

No

max-entries

Description:

The number of bucket list entries to return.

Type:

Integer

Example:

100

Required:

No

marker

Description:

The marker to use when listing buckets.

Type:

String (bucket name)

Example:

my-bucket

Required:

No

Response Entities

If successful the request returns a buckets container containing the desired bucket information.

stats

Description:

Per bucket information.

Type:

Container

buckets

Description:

Contains a list of one or more bucket containers.

Type:

Container

bucket

Description:

Container for single bucket information.

Type:

Container

Parent:

buckets

name

Description:

The name of the bucket.

Type:

String

Parent:

bucket

pool

Description:

The pool the bucket is stored in.

Type:

String

Parent:

bucket

id

Description:

The unique bucket id.

Type:

String

Parent:

bucket

marker

Description:

Internal bucket tag.

Type:

String

Parent:

bucket

owner

Description:

The user id of the bucket owner.

Type:

String

Parent:

bucket

usage

Description:

Storage usage information.

Type:

Container

Parent:

bucket

index

Description:

Status of bucket index.

Type:

String

Parent:

bucket

count

Description:

Number of returned buckets, only if max-entries is specified.

Type:

Integer

truncated

Description:

Reported if the response is truncated when max-entries is specified.

Type:

Boolean

marker

Description:

If truncated is true the marker key is returned with the marker (bucket name) to use to continue pagination.

Type:

String

Special Error Responses

IndexRepairFailed

Description:

Bucket index repair failed.

Code:

409 Conflict

Check Bucket Index

Check the index of an existing bucket. NOTE: to check multipart object accounting with check-objects, fix must be set to True.

caps:

buckets=write

Syntax

GET /{admin}/bucket?index&format=json HTTP/1.1
Host: {fqdn}

Request Parameters

bucket

Description:

The bucket to return info on.

Type:

String

Example:

foo_bucket

Required:

Yes

check-objects

Description:

Check multipart object accounting.

Type:

Boolean

Example:

True [False]

Required:

No

fix

Description:

Also fix the bucket index when checking.

Type:

Boolean

Example:

False [False]

Required:

No

Response Entities

index

Description:

Status of bucket index.

Type:

String

Special Error Responses

IndexRepairFailed

Description:

Bucket index repair failed.

Code:

409 Conflict

Remove Bucket

Delete an existing bucket.

caps:

buckets=write

Syntax

DELETE /{admin}/bucket?format=json HTTP/1.1
Host: {fqdn}

Request Parameters

bucket

Description:

The bucket to remove.

Type:

String

Example:

foo_bucket

Required:

Yes

tenant

Description:

The tenant under which the bucket is to be removed.

Type:

String

Example:

tenant1

Required:

No

purge-objects

Description:

Remove a buckets objects before deletion.

Type:

Boolean

Example:

True [False]

Required:

No

bypass-gc

Description:

Bypass garbage collection.

Type:

Boolean

Example:

True [False]

Required:

No

Response Entities

None.

Special Error Responses

BucketNotEmpty

Description:

Attempted to delete non-empty bucket.

Code:

409 Conflict

ObjectRemovalFailed

Description:

Unable to remove objects.

Code:

409 Conflict

Unlink Bucket

Unlink a bucket from a specified user. Primarily useful for changing bucket ownership.

caps:

buckets=write

Syntax

POST /{admin}/bucket?format=json HTTP/1.1
Host: {fqdn}

Request Parameters

bucket

Description:

The bucket to unlink.

Type:

String

Example:

foo_bucket

Required:

Yes

uid

Description:

The user ID to unlink the bucket from.

Type:

String

Example:

foo_user

Required:

Yes

Response Entities

None.

Special Error Responses

BucketUnlinkFailed

Description:

Unable to unlink bucket from specified user.

Code:

409 Conflict

Link Bucket

Link a bucket to a specified user, unlinking the bucket from any previous user.

caps:

buckets=write

Syntax

PUT /{admin}/bucket?format=json HTTP/1.1
Host: {fqdn}

Request Parameters

bucket

Description:

The bucket name to unlink.

Type:

String

Example:

foo_bucket

Required:

Yes

bucket-id

Description:

The bucket id to unlink.

Type:

String

Example:

dev.6607669.420

Required:

No

uid

Description:

The user ID to link the bucket to.

Type:

String

Example:

foo_user

Required:

Yes

Response Entities

bucket

Description:

Container for single bucket information.

Type:

Container

name

Description:

The name of the bucket.

Type:

String

Parent:

bucket

pool

Description:

The pool the bucket is stored in.

Type:

String

Parent:

bucket

id

Description:

The unique bucket id.

Type:

String

Parent:

bucket

marker

Description:

Internal bucket tag.

Type:

String

Parent:

bucket

owner

Description:

The user id of the bucket owner.

Type:

String

Parent:

bucket

usage

Description:

Storage usage information.

Type:

Container

Parent:

bucket

index

Description:

Status of bucket index.

Type:

String

Parent:

bucket

Special Error Responses

BucketUnlinkFailed

Description:

Unable to unlink bucket from specified user.

Code:

409 Conflict

BucketLinkFailed

Description:

Unable to link bucket to specified user.

Code:

409 Conflict

Remove Object

Remove an existing object. NOTE: Does not require owner to be non-suspended.

caps:

buckets=write

Syntax

DELETE /{admin}/bucket?object&format=json HTTP/1.1
Host: {fqdn}

Request Parameters

bucket

Description:

The bucket containing the object to be removed.

Type:

String

Example:

foo_bucket

Required:

Yes

object

Description:

The object to remove.

Type:

String

Example:

foo.txt

Required:

Yes

Response Entities

None.

Special Error Responses

NoSuchObject

Description:

Specified object does not exist.

Code:

404 Not Found

ObjectRemovalFailed

Description:

Unable to remove objects.

Code:

409 Conflict

Get Bucket or Object Policy

Read the policy of an object or bucket.

caps:

buckets=read

Syntax

GET /{admin}/bucket?policy&format=json HTTP/1.1
Host: {fqdn}

Request Parameters

bucket

Description:

The bucket to read the policy from.

Type:

String

Example:

foo_bucket

Required:

Yes

object

Description:

The object to read the policy from.

Type:

String

Example:

foo.txt

Required:

No

Response Entities

If successful, returns the object or bucket policy

policy

Description:

Access control policy.

Type:

Container

Special Error Responses

IncompleteBody

Description:

Either bucket was not specified for a bucket policy request or bucket and object were not specified for an object policy request.

Code:

400 Bad Request

Add A User Capability

Add an administrative capability to a specified user.

caps:

users=write

Syntax

PUT /{admin}/user?caps&format=json HTTP/1.1
Host: {fqdn}

Request Parameters

uid

Description:

The user ID to add an administrative capability to.

Type:

String

Example:

foo_user

Required:

Yes

user-caps

Description:

The administrative capability to add to the user.

Type:

String

Example:

usage=read,write;user=write

Required:

Yes

Response Entities

If successful, the response contains the user’s capabilities.

user

Description:

A container for the user data information.

Type:

Container

Parent:

user

user_id

Description:

The user id.

Type:

String

Parent:

user

caps

Description:

User capabilities.

Type:

Container

Parent:

user

Special Error Responses

InvalidCapability

Description:

Attempt to grant invalid admin capability.

Code:

400 Bad Request

Example Request

PUT /{admin}/user?caps&user-caps=usage=read,write;user=write&format=json HTTP/1.1
Host: {fqdn}
Content-Type: text/plain
Authorization: {your-authorization-token}

Remove A User Capability

Remove an administrative capability from a specified user.

caps:

users=write

Syntax

DELETE /{admin}/user?caps&format=json HTTP/1.1
Host: {fqdn}

Request Parameters

uid

Description:

The user ID to remove an administrative capability from.

Type:

String

Example:

foo_user

Required:

Yes

user-caps

Description:

The administrative capabilities to remove from the user.

Type:

String

Example:

usage=read, write

Required:

Yes

Response Entities

If successful, the response contains the user’s capabilities.

user

Description:

A container for the user data information.

Type:

Container

Parent:

user

user_id

Description:

The user id.

Type:

String

Parent:

user

caps

Description:

User capabilities.

Type:

Container

Parent:

user

Special Error Responses

InvalidCapability

Description:

Attempt to remove an invalid admin capability.

Code:

400 Bad Request

NoSuchCap

Description:

User does not possess specified capability.

Code:

404 Not Found

Quotas

The Admin Operations API enables you to set quotas on users and on buckets owned by users, and on accounts and on buckets owned by accounts. See Quota Management for additional details. Quotas include the maximum number of objects in a bucket and the maximum storage size in megabytes.

To view quotas for users, the user must have a users=read capability. To set, modify or disable a quota, the user must have users=write capability.

To view quotas for accounts, the user must have a accounts=read capability. To set, modify or disable a quota, the user must have accounts=write capability. See the Admin Guide for details.

Valid parameters for quotas include:

• Bucket: The bucket option allows you to specify a quota for buckets owned by a user.

• Maximum Objects: The max-objects setting allows you to specify the maximum number of objects. A negative value disables this setting.

• Maximum Size: The max-size option allows you to specify a quota for the maximum number of bytes. The max-size-kb option allows you to specify it in KiB. A negative value disables this setting.

• Quota Type: The quota-type option sets the scope for the quota. The options are bucket and user for user-level quota. The options are bucket and account for account-level quota.

• Enable/Disable Quota: The enabled option specifies whether the quota should be enabled. The value should be either ‘True’ or ‘False’.

Get User Quota

To get a quota, the user must have users capability set with read permission.

GET /admin/user?quota&uid=<uid>&quota-type=user

Set User Quota

To set a quota, the user must have users capability set with write permission.

PUT /admin/user?quota&uid=<uid>&quota-type=user

The content must include a JSON representation of the quota settings as encoded in the corresponding read operation.

Get Bucket Quota

To get a quota, the user must have users capability set with read permission.

GET /admin/user?quota&uid=<uid>&quota-type=bucket

Set Bucket Quota

To set a quota, the user must have users capability set with write permission.

PUT /admin/user?quota&uid=<uid>&quota-type=bucket

The content must include a JSON representation of the quota settings as encoded in the corresponding read operation.

Set Quota for an Individual Bucket

To set a quota, the user must have buckets capability set with write permission.

PUT /admin/bucket?quota&uid=<uid>&bucket=<bucket-name>

The content must include a JSON representation of the quota settings as mentioned in Set Bucket Quota section above.

Set Account Quota

To set a quota, the user must have accounts capability set with write permission.

PUT /admin/account?quota&id=<account_id>&quota-type=account

Set Bucket Quota under an Account

To set a quota, the user must have accounts capability set with write permission.

PUT /admin/account?quota&id=<account_id>&quota-type=bucket

Rate Limit

The Admin Operations API enables you to set and get ratelimit configurations on users and on bucket and global rate limit configurations. See Rate Limit Management for additional details. Rate Limit includes the maximum number of operations and/or bytes per accumulation interval, separated by read and/or write (Additionally list and get operations), to a bucket and/or by a user and the maximum storage size in megabytes.

To view rate limit, the user must have a ratelimit=read capability. To set, modify or disable a ratelimit, the user must have ratelimit=write capability. See the Admin Guide for details.

Valid parameters for quotas include:

• Bucket: The bucket option allows you to specify a rate limit for a bucket.

• User: The uid option allows you to specify a rate limit for a user.

• Maximum Read Bytes: The max-read-bytes setting allows you to specify the maximum number of read bytes per accumulation interval. A 0 value disables this setting.

• Maximum Write Bytes: The max-write-bytes setting allows you to specify the maximum number of write bytes per accumulation interval. A 0 value disables this setting.

• Maximum Read Ops: The max-read-ops setting allows you to specify the maximum number of read ops per accumulation interval. A 0 value disables this setting.

• Maximum Write Ops: The max-write-ops setting allows you to specify the maximum number of write ops per accumulation interval. A 0 value disables this setting.

• Maximum List Ops: The max-list-ops setting allows you to specify the maximum number of bucket listing requests per accumulation interval. A 0 value disables this setting.

• Maximum Delete Ops: The max-delete-ops setting allows you to specify the maximum number of delete operations per accumulation interval. A 0 value disables throttling.

• Global: The global option allows you to specify a global rate limit. The value should be either ‘True’ or ‘False’.

• Rate Limit Scope: The ratelimit-scope option sets the scope for the rate limit. The options are bucket , user and anonymous. anonymous is only valid for setting global configuration

• Enable/Disable Rate Limit: The enabled option specifies whether the rate limit should be enabled. The value should be either ‘True’ or ‘False’.

Get User Rate Limit

To get a rate limit, the user must have ratelimit capability set with read permission.

GET /{admin}/ratelimit?ratelimit-scope=user&uid=<uid>

Set User Rate Limit

To set a rate limit, the user must have ratelimit capability set with write permission.

POST /{admin}/ratelimit?ratelimit-scope=user&uid=<uid><[&max-read-bytes=<bytes>][&max-write-bytes=<bytes>][&max-read-ops=<ops>][&max-write-ops=<ops>][&max-list-ops=<ops>][&max-delete-ops=<ops>][&enabled=<True|False>]>

Get Bucket Rate Limit

To get a rate limit, the user must have users capability set with read permission.

GET /{admin}/ratelimit?bucket=<bucket>&ratelimit-scope=bucket

Set Rate Limit for an Individual Bucket

To set a rate limit, the user must have ratelimit capability set with write permission.

POST /{admin}/ratelimit?bucket=<bucket-name>&ratelimit-scope=bucket<[&max-read-bytes=<bytes>][&max-write-bytes=<bytes>][&max-read-ops=<ops>][&max-write-ops=<ops>][&max-list-ops=<ops>][&max-delete-ops=<ops>][&enabled=<True|False>]>

Get Global Rate Limit

To get a global rate limit, the user must have ratelimit capability set with read permission.

GET /{admin}/ratelimit?global=<True|False>

Set Global User Rate Limit

To set a rate limit, the user must have ratelimit capability set with write permission.

POST /{admin}/ratelimit?ratelimit-scope=user&global=<True|False><[&max-read-bytes=<bytes>][&max-write-bytes=<bytes>][&max-read-ops=<ops>][&max-write-ops=<ops>][&max-list-ops=<ops>][&max-delete-ops=<ops>][&enabled=<True|False>]>

Set Global Rate Limit Bucket

To set a rate limit, the user must have ratelimit capability set with write permission.

POST /{admin}/ratelimit?ratelimit-scope=bucket&global=<True|False><[&max-read-bytes=<bytes>][&max-write-bytes=<bytes>][&max-read-ops=<ops>][&max-write-ops=<ops>][&max-list-ops=<ops>][&max-delete-ops=<ops>][&enabled=<True|False>]>

Set Global Anonymous User Rate Limit

To set a rate limit, the user must have ratelimit capability set with write permission.

POST /{admin}/ratelimit?ratelimit-scope=anon&global=<True|False><[&max-read-bytes=<bytes>][&max-write-bytes=<bytes>][&max-read-ops=<ops>][&max-write-ops=<ops>][&max-list-ops=<ops>][&max-delete-ops=<ops>][&enabled=<True|False>]>

Standard Error Responses

AccessDenied

Description:

Access denied.

Code:

403 Forbidden

InternalError

Description:

Internal server error.

Code:

500 Internal Server Error

NoSuchUser

Description:

User does not exist.

Code:

404 Not Found

NoSuchBucket

Description:

Bucket does not exist.

Code:

404 Not Found

NoSuchKey

Description:

No such access key.

Code:

404 Not Found

Binding libraries

Golang

• ceph/go-ceph

• IrekFasikhov/go-rgwadmin

• QuentinPerez/go-radosgw

Java

• twonote/radosgw-admin4j

PHP

• lbausch/php-ceph-radosgw-admin

• myENA/php-rgw-api

Python

• UMIACS/rgwadmin

• valerytschopp/python-radosgw-admin

Brought to you by the Ceph Foundation

The Ceph Documentation is a community resource funded and hosted by the non-profit Ceph Foundation. If you would like to support this and our other efforts, please consider joining now.