5 An admin API request will be done on a URI that starts with the configurable 'admin'
6 resource entry point. Authorization for the admin API duplicates the S3 authorization
7 mechanism. Some operations require that the user holds special administrative capabilities.
8 The response entity type (XML or JSON) may be specified as the 'format' option in the
9 request and defaults to JSON if not specified.
14 Request bandwidth usage information.
16 Note: this feature is disabled by default, can be enabled by setting ``rgw
17 enable usage log = true`` in the appropriate section of ceph.conf. For changes
18 in ceph.conf to take effect, radosgw process restart is needed.
27 GET /{admin}/usage?format=json HTTP/1.1
37 :Description: The user for which the information is requested. If not specified will apply to all users.
39 :Example: ``foo_user``
44 :Description: Date and (optional) time that specifies the start time of the requested data.
46 :Example: ``2012-09-25 16:00:00``
51 :Description: Date and (optional) time that specifies the end time of the requested data (non-inclusive).
53 :Example: ``2012-09-25 16:00:00``
59 :Description: Specifies whether data entries should be returned.
67 :Description: Specifies whether data summary should be returned.
77 If successful, the response contains the requested information.
81 :Description: A container for the usage information.
86 :Description: A container for the usage entries information.
91 :Description: A container for the user data information.
96 :Description: The name of the user that owns the buckets.
101 :Description: The bucket name.
106 :Description: Time lower bound for which data is being specified (rounded to the beginning of the first relevant hour).
111 :Description: The time specified in seconds since 1/1/1970.
116 :Description: A container for stats categories.
121 :Description: A container for stats entry.
126 :Description: Name of request category for which the stats are provided.
131 :Description: Number of bytes sent by the RADOS Gateway.
136 :Description: Number of bytes received by the RADOS Gateway.
141 :Description: Number of operations.
146 :Description: Number of successful operations.
151 :Description: A container for stats summary.
156 :Description: A container for stats summary aggregated total.
159 Special Error Responses
160 ~~~~~~~~~~~~~~~~~~~~~~~
167 Remove usage information. With no dates specified, removes all usage
170 Note: this feature is disabled by default, can be enabled by setting ``rgw
171 enable usage log = true`` in the appropriate section of ceph.conf. For changes
172 in ceph.conf to take effect, radosgw process restart is needed.
181 DELETE /{admin}/usage?format=json HTTP/1.1
191 :Description: The user for which the information is requested. If not specified will apply to all users.
193 :Example: ``foo_user``
198 :Description: Date and (optional) time that specifies the start time of the requested data.
200 :Example: ``2012-09-25 16:00:00``
205 :Description: Date and (optional) time that specifies the end time of the requested data (none inclusive).
207 :Example: ``2012-09-25 16:00:00``
213 :Description: Required when uid is not specified, in order to acknowledge multi user data removal.
215 :Example: True [False]
218 Special Error Responses
219 ~~~~~~~~~~~~~~~~~~~~~~~
226 Get user information.
236 GET /{admin}/user?format=json HTTP/1.1
245 :Description: The user for which the information is requested.
247 :Example: ``foo_user``
254 If successful, the response contains the user information.
258 :Description: A container for the user data information.
263 :Description: The user id.
269 :Description: Display name for the user.
275 :Description: True if the user is suspended.
281 :Description: The maximum number of buckets to be owned by the user.
287 :Description: Subusers associated with this user account.
293 :Description: S3 keys associated with this user account.
299 :Description: Swift keys associated with this user account.
305 :Description: User capabilities.
309 Special Error Responses
310 ~~~~~~~~~~~~~~~~~~~~~~~
317 Create a new user. By default, a S3 key pair will be created automatically
318 and returned in the response. If only one of ``access-key`` or ``secret-key``
319 is provided, the omitted key will be automatically generated. By default, a
320 generated key is added to the keyring without replacing an existing key pair.
321 If ``access-key`` is specified and refers to an existing key owned by the user
322 then it will be modified.
324 .. versionadded:: Luminous
326 A ``tenant`` may either be specified as a part of uid or as an additional
336 PUT /{admin}/user?format=json HTTP/1.1
346 :Description: The user ID to be created.
348 :Example: ``foo_user``
351 A tenant name may also specified as a part of ``uid``, by following the syntax
352 ``tenant$user``, refer to :ref:`Multitenancy <rgw-multitenancy>` for more details.
356 :Description: The display name of the user to be created.
358 :Example: ``foo user``
364 :Description: The email address associated with the user.
366 :Example: ``foo@bar.com``
371 :Description: Key type to be generated, options are: swift, s3 (default).
373 :Example: ``s3`` [``s3``]
378 :Description: Specify access key.
380 :Example: ``ABCD0EF12GHIJ2K34LMN``
386 :Description: Specify secret key.
388 :Example: ``0AbCDEFg1h2i34JklM5nop6QrSTUV+WxyzaBC7D8``
393 :Description: User capabilities.
395 :Example: ``usage=read, write; users=read``
400 :Description: Generate a new key pair and add to the existing keyring.
402 :Example: True [True]
407 :Description: Specify the maximum number of buckets the user can own.
414 :Description: Specify whether the user should be suspended.
416 :Example: False [False]
419 .. versionadded:: Jewel
423 :Description: the Tenant under which a user is a part of.
431 If successful, the response contains the user information.
435 :Description: A container for the user data information.
440 :Description: The tenant which user is a part of.
446 :Description: The user id.
452 :Description: Display name for the user.
458 :Description: True if the user is suspended.
464 :Description: The maximum number of buckets to be owned by the user.
470 :Description: Subusers associated with this user account.
476 :Description: S3 keys associated with this user account.
482 :Description: Swift keys associated with this user account.
488 :Description: User capabilities.
492 Special Error Responses
493 ~~~~~~~~~~~~~~~~~~~~~~~
497 :Description: Attempt to create existing user.
502 :Description: Invalid access key specified.
503 :Code: 400 Bad Request
507 :Description: Invalid key type specified.
508 :Code: 400 Bad Request
512 :Description: Invalid secret key specified.
513 :Code: 400 Bad Request
517 :Description: Invalid key type specified.
518 :Code: 400 Bad Request
522 :Description: Provided access key exists and belongs to another user.
527 :Description: Provided email address exists.
530 ``InvalidCapability``
532 :Description: Attempt to grant invalid admin capability.
533 :Code: 400 Bad Request
548 POST /{admin}/user?format=json HTTP/1.1
557 :Description: The user ID to be modified.
559 :Example: ``foo_user``
564 :Description: The display name of the user to be modified.
566 :Example: ``foo user``
571 :Description: The email address to be associated with the user.
573 :Example: ``foo@bar.com``
578 :Description: Generate a new key pair and add to the existing keyring.
580 :Example: True [False]
585 :Description: Specify access key.
587 :Example: ``ABCD0EF12GHIJ2K34LMN``
592 :Description: Specify secret key.
594 :Example: ``0AbCDEFg1h2i34JklM5nop6QrSTUV+WxyzaBC7D8``
599 :Description: Key type to be generated, options are: swift, s3 (default).
606 :Description: User capabilities.
608 :Example: ``usage=read, write; users=read``
613 :Description: Specify the maximum number of buckets the user can own.
620 :Description: Specify whether the user should be suspended.
622 :Example: False [False]
628 If successful, the response contains the user information.
632 :Description: A container for the user data information.
637 :Description: The user id.
643 :Description: Display name for the user.
650 :Description: True if the user is suspended.
657 :Description: The maximum number of buckets to be owned by the user.
664 :Description: Subusers associated with this user account.
671 :Description: S3 keys associated with this user account.
678 :Description: Swift keys associated with this user account.
685 :Description: User capabilities.
690 Special Error Responses
691 ~~~~~~~~~~~~~~~~~~~~~~~
695 :Description: Invalid access key specified.
696 :Code: 400 Bad Request
700 :Description: Invalid key type specified.
701 :Code: 400 Bad Request
705 :Description: Invalid secret key specified.
706 :Code: 400 Bad Request
710 :Description: Provided access key exists and belongs to another user.
715 :Description: Provided email address exists.
718 ``InvalidCapability``
720 :Description: Attempt to grant invalid admin capability.
721 :Code: 400 Bad Request
726 Remove an existing user.
735 DELETE /{admin}/user?format=json HTTP/1.1
744 :Description: The user ID to be removed.
746 :Example: ``foo_user``
751 :Description: When specified the buckets and objects belonging
752 to the user will also be removed.
762 Special Error Responses
763 ~~~~~~~~~~~~~~~~~~~~~~~
770 Create a new subuser (primarily useful for clients using the Swift API).
771 Note that in general for a subuser to be useful, it must be granted
772 permissions by specifying ``access``. As with user creation if
773 ``subuser`` is specified without ``secret``, then a secret key will
774 be automatically generated.
783 PUT /{admin}/user?subuser&format=json HTTP/1.1
792 :Description: The user ID under which a subuser is to be created.
794 :Example: ``foo_user``
800 :Description: Specify the subuser ID to be created.
802 :Example: ``sub_foo``
807 :Description: Specify secret key.
809 :Example: ``0AbCDEFg1h2i34JklM5nop6QrSTUV+WxyzaBC7D8``
814 :Description: Key type to be generated, options are: swift (default), s3.
816 :Example: ``swift`` [``swift``]
821 :Description: Set access permissions for sub-user, should be one
822 of ``read, write, readwrite, full``.
829 :Description: Generate the secret key.
831 :Example: True [False]
837 If successful, the response contains the subuser information.
842 :Description: Subusers associated with the user account.
847 :Description: Subuser id.
849 :Parent: ``subusers``
853 :Description: Subuser access to user account.
855 :Parent: ``subusers``
857 Special Error Responses
858 ~~~~~~~~~~~~~~~~~~~~~~~
862 :Description: Specified subuser exists.
867 :Description: Invalid key type specified.
868 :Code: 400 Bad Request
872 :Description: Invalid secret key specified.
873 :Code: 400 Bad Request
877 :Description: Invalid subuser access specified.
878 :Code: 400 Bad Request
883 Modify an existing subuser
892 POST /{admin}/user?subuser&format=json HTTP/1.1
901 :Description: The user ID under which the subuser is to be modified.
903 :Example: ``foo_user``
908 :Description: The subuser ID to be modified.
910 :Example: ``sub_foo``
915 :Description: Generate a new secret key for the subuser,
916 replacing the existing key.
918 :Example: True [False]
923 :Description: Specify secret key.
925 :Example: ``0AbCDEFg1h2i34JklM5nop6QrSTUV+WxyzaBC7D8``
930 :Description: Key type to be generated, options are: swift (default), s3 .
932 :Example: ``swift`` [``swift``]
937 :Description: Set access permissions for sub-user, should be one
938 of ``read, write, readwrite, full``.
947 If successful, the response contains the subuser information.
952 :Description: Subusers associated with the user account.
957 :Description: Subuser id.
959 :Parent: ``subusers``
963 :Description: Subuser access to user account.
965 :Parent: ``subusers``
967 Special Error Responses
968 ~~~~~~~~~~~~~~~~~~~~~~~
972 :Description: Invalid key type specified.
973 :Code: 400 Bad Request
977 :Description: Invalid secret key specified.
978 :Code: 400 Bad Request
982 :Description: Invalid subuser access specified.
983 :Code: 400 Bad Request
988 Remove an existing subuser
997 DELETE /{admin}/user?subuser&format=json HTTP/1.1
1006 :Description: The user ID under which the subuser is to be removed.
1008 :Example: ``foo_user``
1014 :Description: The subuser ID to be removed.
1016 :Example: ``sub_foo``
1021 :Description: Remove keys belonging to the subuser.
1023 :Example: True [True]
1031 Special Error Responses
1032 ~~~~~~~~~~~~~~~~~~~~~~~
1038 Create a new key. If a ``subuser`` is specified then by default created keys
1039 will be swift type. If only one of ``access-key`` or ``secret-key`` is provided the
1040 committed key will be automatically generated, that is if only ``secret-key`` is
1041 specified then ``access-key`` will be automatically generated. By default, a
1042 generated key is added to the keyring without replacing an existing key pair.
1043 If ``access-key`` is specified and refers to an existing key owned by the user
1044 then it will be modified. The response is a container listing all keys of the same
1045 type as the key created. Note that when creating a swift key, specifying the option
1046 ``access-key`` will have no effect. Additionally, only one swift key may be held by
1047 each user or subuser.
1057 PUT /{admin}/user?key&format=json HTTP/1.1
1066 :Description: The user ID to receive the new key.
1068 :Example: ``foo_user``
1073 :Description: The subuser ID to receive the new key.
1075 :Example: ``sub_foo``
1080 :Description: Key type to be generated, options are: swift, s3 (default).
1082 :Example: ``s3`` [``s3``]
1087 :Description: Specify the access key.
1089 :Example: ``AB01C2D3EF45G6H7IJ8K``
1094 :Description: Specify the secret key.
1096 :Example: ``0ab/CdeFGhij1klmnopqRSTUv1WxyZabcDEFgHij``
1101 :Description: Generate a new key pair and add to the existing keyring.
1103 :Example: True [``True``]
1112 :Description: Keys of type created associated with this user account.
1117 :Description: The user account associated with the key.
1123 :Description: The access key.
1129 :Description: The secret key
1134 Special Error Responses
1135 ~~~~~~~~~~~~~~~~~~~~~~~
1137 ``InvalidAccessKey``
1139 :Description: Invalid access key specified.
1140 :Code: 400 Bad Request
1144 :Description: Invalid key type specified.
1145 :Code: 400 Bad Request
1147 ``InvalidSecretKey``
1149 :Description: Invalid secret key specified.
1150 :Code: 400 Bad Request
1154 :Description: Invalid key type specified.
1155 :Code: 400 Bad Request
1159 :Description: Provided access key exists and belongs to another user.
1165 Remove an existing key.
1174 DELETE /{admin}/user?key&format=json HTTP/1.1
1183 :Description: The S3 access key belonging to the S3 key pair to remove.
1185 :Example: ``AB01C2D3EF45G6H7IJ8K``
1190 :Description: The user to remove the key from.
1192 :Example: ``foo_user``
1197 :Description: The subuser to remove the key from.
1199 :Example: ``sub_foo``
1204 :Description: Key type to be removed, options are: swift, s3.
1205 NOTE: Required to remove swift key.
1210 Special Error Responses
1211 ~~~~~~~~~~~~~~~~~~~~~~~
1223 Get information about a subset of the existing buckets. If ``uid`` is specified
1224 without ``bucket`` then all buckets belonging to the user will be returned. If
1225 ``bucket`` alone is specified, information for that particular bucket will be
1235 GET /{admin}/bucket?format=json HTTP/1.1
1244 :Description: The bucket to return info on.
1246 :Example: ``foo_bucket``
1251 :Description: The user to retrieve bucket information for.
1253 :Example: ``foo_user``
1258 :Description: Return bucket statistics.
1260 :Example: True [False]
1266 If successful the request returns a buckets container containing
1267 the desired bucket information.
1271 :Description: Per bucket information.
1276 :Description: Contains a list of one or more bucket containers.
1281 :Description: Container for single bucket information.
1283 :Parent: ``buckets``
1287 :Description: The name of the bucket.
1293 :Description: The pool the bucket is stored in.
1299 :Description: The unique bucket id.
1305 :Description: Internal bucket tag.
1311 :Description: The user id of the bucket owner.
1317 :Description: Storage usage information.
1323 :Description: Status of bucket index.
1327 Special Error Responses
1328 ~~~~~~~~~~~~~~~~~~~~~~~
1330 ``IndexRepairFailed``
1332 :Description: Bucket index repair failed.
1338 Check the index of an existing bucket. NOTE: to check multipart object
1339 accounting with ``check-objects``, ``fix`` must be set to True.
1341 :caps: buckets=write
1348 GET /{admin}/bucket?index&format=json HTTP/1.1
1357 :Description: The bucket to return info on.
1359 :Example: ``foo_bucket``
1364 :Description: Check multipart object accounting.
1366 :Example: True [False]
1371 :Description: Also fix the bucket index when checking.
1373 :Example: False [False]
1381 :Description: Status of bucket index.
1384 Special Error Responses
1385 ~~~~~~~~~~~~~~~~~~~~~~~
1387 ``IndexRepairFailed``
1389 :Description: Bucket index repair failed.
1395 Delete an existing bucket.
1397 :caps: buckets=write
1404 DELETE /{admin}/bucket?format=json HTTP/1.1
1414 :Description: The bucket to remove.
1416 :Example: ``foo_bucket``
1421 :Description: Remove a buckets objects before deletion.
1423 :Example: True [False]
1431 Special Error Responses
1432 ~~~~~~~~~~~~~~~~~~~~~~~
1436 :Description: Attempted to delete non-empty bucket.
1439 ``ObjectRemovalFailed``
1441 :Description: Unable to remove objects.
1447 Unlink a bucket from a specified user. Primarily useful for changing
1450 :caps: buckets=write
1457 POST /{admin}/bucket?format=json HTTP/1.1
1466 :Description: The bucket to unlink.
1468 :Example: ``foo_bucket``
1473 :Description: The user ID to unlink the bucket from.
1475 :Example: ``foo_user``
1483 Special Error Responses
1484 ~~~~~~~~~~~~~~~~~~~~~~~
1486 ``BucketUnlinkFailed``
1488 :Description: Unable to unlink bucket from specified user.
1494 Link a bucket to a specified user, unlinking the bucket from
1497 :caps: buckets=write
1504 PUT /{admin}/bucket?format=json HTTP/1.1
1513 :Description: The bucket name to unlink.
1515 :Example: ``foo_bucket``
1520 :Description: The bucket id to unlink.
1522 :Example: ``dev.6607669.420``
1527 :Description: The user ID to link the bucket to.
1529 :Example: ``foo_user``
1537 :Description: Container for single bucket information.
1542 :Description: The name of the bucket.
1548 :Description: The pool the bucket is stored in.
1554 :Description: The unique bucket id.
1560 :Description: Internal bucket tag.
1566 :Description: The user id of the bucket owner.
1572 :Description: Storage usage information.
1578 :Description: Status of bucket index.
1582 Special Error Responses
1583 ~~~~~~~~~~~~~~~~~~~~~~~
1585 ``BucketUnlinkFailed``
1587 :Description: Unable to unlink bucket from specified user.
1590 ``BucketLinkFailed``
1592 :Description: Unable to link bucket to specified user.
1598 Remove an existing object. NOTE: Does not require owner to be non-suspended.
1600 :caps: buckets=write
1607 DELETE /{admin}/bucket?object&format=json HTTP/1.1
1615 :Description: The bucket containing the object to be removed.
1617 :Example: ``foo_bucket``
1622 :Description: The object to remove.
1624 :Example: ``foo.txt``
1632 Special Error Responses
1633 ~~~~~~~~~~~~~~~~~~~~~~~
1637 :Description: Specified object does not exist.
1638 :Code: 404 Not Found
1640 ``ObjectRemovalFailed``
1642 :Description: Unable to remove objects.
1647 Get Bucket or Object Policy
1648 ===========================
1650 Read the policy of an object or bucket.
1659 GET /{admin}/bucket?policy&format=json HTTP/1.1
1668 :Description: The bucket to read the policy from.
1670 :Example: ``foo_bucket``
1675 :Description: The object to read the policy from.
1677 :Example: ``foo.txt``
1683 If successful, returns the object or bucket policy
1687 :Description: Access control policy.
1690 Special Error Responses
1691 ~~~~~~~~~~~~~~~~~~~~~~~
1695 :Description: Either bucket was not specified for a bucket policy request or bucket
1696 and object were not specified for an object policy request.
1697 :Code: 400 Bad Request
1699 Add A User Capability
1700 =====================
1702 Add an administrative capability to a specified user.
1711 PUT /{admin}/user?caps&format=json HTTP/1.1
1719 :Description: The user ID to add an administrative capability to.
1721 :Example: ``foo_user``
1726 :Description: The administrative capability to add to the user.
1728 :Example: ``usage=read,write;user=write``
1734 If successful, the response contains the user's capabilities.
1738 :Description: A container for the user data information.
1744 :Description: The user id.
1750 :Description: User capabilities.
1755 Special Error Responses
1756 ~~~~~~~~~~~~~~~~~~~~~~~
1758 ``InvalidCapability``
1760 :Description: Attempt to grant invalid admin capability.
1761 :Code: 400 Bad Request
1768 PUT /{admin}/user?caps&user-caps=usage=read,write;user=write&format=json HTTP/1.1
1770 Content-Type: text/plain
1771 Authorization: {your-authorization-token}
1775 Remove A User Capability
1776 ========================
1778 Remove an administrative capability from a specified user.
1787 DELETE /{admin}/user?caps&format=json HTTP/1.1
1795 :Description: The user ID to remove an administrative capability from.
1797 :Example: ``foo_user``
1802 :Description: The administrative capabilities to remove from the user.
1804 :Example: ``usage=read, write``
1810 If successful, the response contains the user's capabilities.
1814 :Description: A container for the user data information.
1820 :Description: The user id.
1826 :Description: User capabilities.
1831 Special Error Responses
1832 ~~~~~~~~~~~~~~~~~~~~~~~
1834 ``InvalidCapability``
1836 :Description: Attempt to remove an invalid admin capability.
1837 :Code: 400 Bad Request
1841 :Description: User does not possess specified capability.
1842 :Code: 404 Not Found
1848 The Admin Operations API enables you to set quotas on users and on bucket owned
1849 by users. See `Quota Management`_ for additional details. Quotas include the
1850 maximum number of objects in a bucket and the maximum storage size in megabytes.
1852 To view quotas, the user must have a ``users=read`` capability. To set,
1853 modify or disable a quota, the user must have ``users=write`` capability.
1854 See the `Admin Guide`_ for details.
1856 Valid parameters for quotas include:
1858 - **Bucket:** The ``bucket`` option allows you to specify a quota for
1859 buckets owned by a user.
1861 - **Maximum Objects:** The ``max-objects`` setting allows you to specify
1862 the maximum number of objects. A negative value disables this setting.
1864 - **Maximum Size:** The ``max-size`` option allows you to specify a quota
1865 for the maximum number of bytes. The ``max-size-kb`` option allows you
1866 to specify it in KiB. A negative value disables this setting.
1868 - **Quota Type:** The ``quota-type`` option sets the scope for the quota.
1869 The options are ``bucket`` and ``user``.
1871 - **Enable/Disable Quota:** The ``enabled`` option specifies whether the
1872 quota should be enabled. The value should be either 'True' or 'False'.
1877 To get a quota, the user must have ``users`` capability set with ``read``
1880 GET /admin/user?quota&uid=<uid>"a-type=user
1886 To set a quota, the user must have ``users`` capability set with ``write``
1889 PUT /admin/user?quota&uid=<uid>"a-type=user
1892 The content must include a JSON representation of the quota settings
1893 as encoded in the corresponding read operation.
1899 To get a quota, the user must have ``users`` capability set with ``read``
1902 GET /admin/user?quota&uid=<uid>"a-type=bucket
1908 To set a quota, the user must have ``users`` capability set with ``write``
1911 PUT /admin/user?quota&uid=<uid>"a-type=bucket
1913 The content must include a JSON representation of the quota settings
1914 as encoded in the corresponding read operation.
1917 Set Quota for an Individual Bucket
1918 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1920 To set a quota, the user must have ``buckets`` capability set with ``write``
1923 PUT /admin/bucket?quota&uid=<uid>&bucket=<bucket-name>"a
1925 The content must include a JSON representation of the quota settings
1926 as mentioned in Set Bucket Quota section above.
1930 Standard Error Responses
1931 ========================
1935 :Description: Access denied.
1936 :Code: 403 Forbidden
1940 :Description: Internal server error.
1941 :Code: 500 Internal Server Error
1945 :Description: User does not exist.
1946 :Code: 404 Not Found
1950 :Description: Bucket does not exist.
1951 :Code: 404 Not Found
1955 :Description: No such access key.
1956 :Code: 404 Not Found
1962 ========================
1966 - `IrekFasikhov/go-rgwadmin`_
1967 - `QuentinPerez/go-radosgw`_
1971 - `twonote/radosgw-admin4j`_
1975 - `UMIACS/rgwadmin`_
1976 - `valerytschopp/python-radosgw-admin`_
1980 .. _Admin Guide: ../admin
1981 .. _Quota Management: ../admin#quota-management
1982 .. _IrekFasikhov/go-rgwadmin: https://github.com/IrekFasikhov/go-rgwadmin
1983 .. _QuentinPerez/go-radosgw: https://github.com/QuentinPerez/go-radosgw
1984 .. _twonote/radosgw-admin4j: https://github.com/twonote/radosgw-admin4j
1985 .. _UMIACS/rgwadmin: https://github.com/UMIACS/rgwadmin
1986 .. _valerytschopp/python-radosgw-admin: https://github.com/valerytschopp/python-radosgw-admin