Retrieve an S3 bucket for an SVM
GET /protocols/s3/services/{svm.uuid}/buckets/{uuid}
Introduced In: 9.7
Retrieves the S3 bucket configuration of an SVM. Note that in order to retrieve S3 bucket policy conditions, the 'fields' option should be set to '**'.
Related ONTAP commands
-
vserver object-store-server bucket show
-
vserver object-store-server bucket policy statement show
-
vserver object-store-server bucket policy-statement-condition show
Parameters
Name | Type | In | Required | Description |
---|---|---|---|---|
uuid |
string |
path |
True |
The unique identifier of the bucket. |
svm.uuid |
string |
path |
True |
UUID of the SVM to which this object belongs. |
fields |
array[string] |
query |
False |
Specify the fields to return. |
Response
Status: 200, Ok
Name | Type | Description |
---|---|---|
aggregates |
array[aggregates] |
A list of aggregates for FlexGroup volume constituents where the bucket is hosted. If this option is not specified, the bucket is auto-provisioned as a FlexGroup volume. |
audit_event_selector |
Event selector allows you to specify access and permission types to audit. |
|
comment |
string |
Can contain any additional information about the bucket being created or modified. |
constituents_per_aggregate |
integer |
Specifies the number of constituents or FlexVol volumes per aggregate. A FlexGroup volume consisting of all such constituents across all specified aggregates is created. This option is used along with the aggregates option and cannot be used independently. |
encryption |
||
logical_used_size |
integer |
Specifies the bucket logical used size up to this point. |
name |
string |
Specifies the name of the bucket. Bucket name is a string that can only contain the following combination of ASCII-range alphanumeric characters 0-9, a-z, ".", and "-". |
nas_path |
string |
Specifies the NAS path to which the nas bucket corresponds to. |
policy |
A policy is an object associated with a bucket. It defines resource (bucket, folder, or object) permissions. These policies get evaluated when an S3 user makes a request by executing a specific command. The user must be part of the principal (user or group) specified in the policy. Permissions in the policies determine whether the request is allowed or denied. |
|
protection_status |
Specifies attributes of bucket protection. |
|
qos_policy |
Specifes "qos_policy.max_throughput_iops" and/or "qos_policy.max_throughput_mbps" or "qos_policy.min_throughput_iops" and/or "qos_policy.min_throughput_mbps". Specifying "min_throughput_iops" or "min_throughput_mbps" is only supported on volumes hosted on a node that is flash optimized. A pre-created QoS policy can also be used by specifying "qos_policy.name" or "qos_policy.uuid" properties. Setting or assigning a QoS policy to a bucket is not supported if its containing volume or SVM already has a QoS policy attached. |
|
role |
string |
Specifies the role of the bucket. |
size |
integer |
Specifies the bucket size in bytes; ranges from 80MB to 64TB. |
storage_service_level |
string |
Specifies the storage service level of the FlexGroup volume on which the bucket should be created. Valid values are "value", "performance" or "extreme". |
svm |
||
type |
string |
Specifies the bucket type. Valid values are "s3"and "nas". |
uuid |
string |
Specifies the unique identifier of the bucket. |
versioning_state |
string |
Specifies the versioning state of the bucket. Valid values are "disabled", "enabled" or "suspended". Note that the versioning state cannot be modified to 'disabled' from any other state. |
volume |
Specifies the FlexGroup volume name and UUID where the bucket is hosted. |
Example response
{
"aggregates": [
{
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "aggr1",
"uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
}
],
"audit_event_selector": {
"access": "string",
"permission": "string"
},
"comment": "S3 bucket.",
"constituents_per_aggregate": 4,
"logical_used_size": 0,
"name": "bucket1",
"nas_path": "/",
"policy": {
"statements": [
{
"actions": [
"GetObject",
"PutObject",
"DeleteObject",
"ListBucket"
],
"conditions": [
{
"delimiters": [
"/"
],
"max_keys": [
1000
],
"operator": "ip_address",
"prefixes": [
"pref"
],
"source_ips": [
"1.1.1.1",
"1.2.2.0/24"
],
"usernames": [
"user1"
]
}
],
"effect": "allow",
"principals": [
"user1",
"group/grp1"
],
"resources": [
"bucket1",
"bucket1/*"
],
"sid": "FullAccessToUser1"
}
]
},
"qos_policy": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"max_throughput_iops": 10000,
"max_throughput_mbps": 500,
"min_throughput_iops": 2000,
"min_throughput_mbps": 500,
"name": "performance",
"uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
},
"role": "string",
"size": 1677721600,
"storage_service_level": "value",
"svm": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "svm1",
"uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
},
"type": "s3",
"uuid": "414b29a1-3b26-11e9-bd58-0050568ea055",
"versioning_state": "enabled",
"volume": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "volume1",
"uuid": "028baa66-41bd-11e9-81d5-00a0986138f7"
}
}
Error
Status: Default, Error
Name | Type | Description |
---|---|---|
error |
Example error
{
"error": {
"arguments": [
{
"code": "string",
"message": "string"
}
],
"code": "4",
"message": "entry doesn't exist",
"target": "uuid"
}
}
Definitions
See Definitions
href
Name | Type | Description |
---|---|---|
href |
string |
_links
Name | Type | Description |
---|---|---|
self |
aggregates
Name | Type | Description |
---|---|---|
_links |
||
name |
string |
|
uuid |
string |
audit_event_selector
Event selector allows you to specify access and permission types to audit.
Name | Type | Description |
---|---|---|
access |
string |
Specifies read and write access types. |
permission |
string |
Specifies allow and deny permission types. |
encryption
Name | Type | Description |
---|---|---|
enabled |
boolean |
Specifies whether encryption is enabled on the bucket. By default, encryption is disabled on a bucket. |
s3_bucket_policy_condition
Information about policy conditions based on various condition operators and condition keys.
Name | Type | Description |
---|---|---|
delimiters |
array[string] |
An array of delimiters that are compared with the delimiter value specified at the time of execution of an S3-based command, using the condition operator specified. |
max_keys |
array[integer] |
An array of maximum keys that are allowed or denied to be retrieved using an S3 list operation, based on the condition operator specified. |
operator |
string |
Condition operator that is applied to the specified condition key. |
prefixes |
array[string] |
An array of prefixes that are compared with the input prefix value specified at the time of execution of an S3-based command, using the condition operator specified. |
source_ips |
array[string] |
An array of IP address ranges that are compared with the IP address of a source command at the time of execution of an S3-based command, using the condition operator specified. |
usernames |
array[string] |
An array of usernames that a current user in the context is evaluated against using the condition operators. |
s3_bucket_policy_statement
Specifies information about a single access permission.
Name | Type | Description |
---|---|---|
actions |
array[string] |
|
conditions |
array[s3_bucket_policy_condition] |
Specifies bucket policy conditions. |
effect |
string |
Specifies whether access is allowed or denied when a user requests the specific action. If access (to allow) is not granted explicitly to a resource, access is implicitly denied. Access can also be denied explicitly to a resource, in order to make sure that a user cannot access it, even if a different policy grants access. |
principals |
array[string] |
|
resources |
array[string] |
|
sid |
string |
Specifies the statement identifier used to differentiate between statements. |
policy
A policy is an object associated with a bucket. It defines resource (bucket, folder, or object) permissions. These policies get evaluated when an S3 user makes a request by executing a specific command. The user must be part of the principal (user or group) specified in the policy. Permissions in the policies determine whether the request is allowed or denied.
Name | Type | Description |
---|---|---|
statements |
array[s3_bucket_policy_statement] |
Specifies bucket access policy statement. |
destination
Name | Type | Description |
---|---|---|
is_cloud |
boolean |
Specifies whether a bucket is protected within the Cloud. |
is_external_cloud |
boolean |
Specifies whether a bucket is protected on external Cloud providers. |
is_ontap |
boolean |
Specifies whether a bucket is protected within ONTAP.
|
protection_status
Specifies attributes of bucket protection.
Name | Type | Description |
---|---|---|
destination |
||
is_protected |
boolean |
Specifies whether a bucket is a source and if it is protected within ONTAP and/or an external cloud.
|
qos_policy
Specifes "qos_policy.max_throughput_iops" and/or "qos_policy.max_throughput_mbps" or "qos_policy.min_throughput_iops" and/or "qos_policy.min_throughput_mbps". Specifying "min_throughput_iops" or "min_throughput_mbps" is only supported on volumes hosted on a node that is flash optimized. A pre-created QoS policy can also be used by specifying "qos_policy.name" or "qos_policy.uuid" properties. Setting or assigning a QoS policy to a bucket is not supported if its containing volume or SVM already has a QoS policy attached.
Name | Type | Description |
---|---|---|
_links |
||
max_throughput_iops |
integer |
Specifies the maximum throughput in IOPS, 0 means none. This is mutually exclusive with name and UUID during POST and PATCH. |
max_throughput_mbps |
integer |
Specifies the maximum throughput in Megabytes per sec, 0 means none. This is mutually exclusive with name and UUID during POST and PATCH. |
min_throughput_iops |
integer |
Specifies the minimum throughput in IOPS, 0 means none. Setting "min_throughput" is supported on AFF platforms only, unless FabricPool tiering policies are set. This is mutually exclusive with name and UUID during POST and PATCH. |
min_throughput_mbps |
integer |
Specifies the minimum throughput in Megabytes per sec, 0 means none. This is mutually exclusive with name and UUID during POST and PATCH. |
name |
string |
The QoS policy group name. This is mutually exclusive with UUID and other QoS attributes during POST and PATCH. |
uuid |
string |
The QoS policy group UUID. This is mutually exclusive with name and other QoS attributes during POST and PATCH. |
svm
Name | Type | Description |
---|---|---|
_links |
||
name |
string |
The name of the SVM. |
uuid |
string |
The unique identifier of the SVM. |
volume
Specifies the FlexGroup volume name and UUID where the bucket is hosted.
Name | Type | Description |
---|---|---|
_links |
||
name |
string |
The name of the volume. |
uuid |
string |
Unique identifier for the volume. This corresponds to the instance-uuid that is exposed in the CLI and ONTAPI. It does not change due to a volume move.
|
error_arguments
Name | Type | Description |
---|---|---|
code |
string |
Argument code |
message |
string |
Message argument |
error
Name | Type | Description |
---|---|---|
arguments |
array[error_arguments] |
Message arguments |
code |
string |
Error code |
message |
string |
Error message |
target |
string |
The target parameter that caused the error. |