Update the S3 server configuration for an SVM
PATCH /protocols/s3/services/{svm.uuid}
Introduced In: 9.7
Updates the S3 Server configuration of an SVM.
Related ONTAP commands
-
vserver object-store-server modify
Learn more
Parameters
Name | Type | In | Required | Description |
---|---|---|---|---|
svm.uuid |
string |
path |
True |
UUID of the SVM to which this object belongs. |
Request Body
Name | Type | Description |
---|---|---|
_links |
||
buckets |
array[s3_bucket] |
|
certificate |
Specifies the certificate that will be used for creating HTTPS connections to the S3 server. |
|
comment |
string |
Can contain any additional information about the server being created or modified. |
default_unix_user |
string |
Specifies the default UNIX user for NAS Access. |
default_win_user |
string |
Specifies the default Windows user for NAS Access. |
enabled |
boolean |
Specifies whether the S3 server being created or modified should be up or down. |
is_http_enabled |
boolean |
Specifies whether HTTP is enabled on the S3 server being created or modified. By default, HTTP is disabled on the S3 server. |
is_https_enabled |
boolean |
Specifies whether HTTPS is enabled on the S3 server being created or modified. By default, HTTPS is enabled on the S3 server. |
metric |
Performance numbers, such as IOPS latency and throughput, for SVM protocols. |
|
name |
string |
Specifies the name of the S3 server. A server name can contain 1 to 253 characters using only the following combination of characters':' 0-9, A-Z, a-z, ".", and "-". |
port |
integer |
Specifies the HTTP listener port for the S3 server. By default, HTTP is enabled on port 80. |
secure_port |
integer |
Specifies the HTTPS listener port for the S3 server. By default, HTTPS is enabled on port 443. |
statistics |
These are raw performance numbers, such as IOPS latency and throughput for SVM protocols. These numbers are aggregated across all nodes in the cluster and increase with the uptime of the cluster. |
|
svm |
||
users |
array[s3_user] |
Example request
{
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"buckets": [
{
"aggregates": [
{
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "aggr1",
"uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
}
],
"audit_event_selector": {
"access": "string",
"permission": "string"
},
"comment": "S3 bucket.",
"constituents_per_aggregate": 4,
"lifecycle_management": {
"rules": [
{
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"abort_incomplete_multipart_upload": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
}
},
"expiration": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"object_expiry_date": "string"
},
"name": "string",
"non_current_version_expiration": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
}
},
"object_filter": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"prefix": "/logs",
"size_greater_than": 10485760,
"size_less_than": 10240,
"tags": [
"project1=projA",
"project2=projB"
]
}
}
]
},
"logical_used_size": 0,
"name": "bucket1",
"nas_path": "/",
"policy": {
"statements": [
{
"actions": [
"GetObject",
"PutObject",
"DeleteObject",
"ListBucket"
],
"conditions": [
{
"delimiters": [
"/"
],
"max_keys": [
1000
],
"operator": "ip_address",
"prefixes": [
"pref"
],
"source_ips": [
"1.1.1.1",
"1.2.2.0/24"
],
"usernames": [
"user1"
]
}
],
"effect": "allow",
"principals": [
"user1",
"group/grp1"
],
"resources": [
"bucket1",
"bucket1/*"
],
"sid": "FullAccessToUser1"
}
]
},
"qos_policy": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"max_throughput_iops": 10000,
"max_throughput_mbps": 500,
"min_throughput_iops": 2000,
"min_throughput_mbps": 500,
"name": "performance",
"uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
},
"role": "string",
"size": 1677721600,
"storage_service_level": "value",
"svm": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "svm1",
"uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
},
"type": "s3",
"uuid": "414b29a1-3b26-11e9-bd58-0050568ea055",
"versioning_state": "enabled",
"volume": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "volume1",
"uuid": "028baa66-41bd-11e9-81d5-00a0986138f7"
}
}
],
"certificate": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "cert1",
"uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
},
"comment": "S3 server",
"default_unix_user": "string",
"default_win_user": "string",
"metric": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"duration": "PT15S",
"iops": {
"read": 200,
"total": 1000,
"write": 100
},
"latency": {
"read": 200,
"total": 1000,
"write": 100
},
"status": "ok",
"throughput": {
"read": 200,
"total": 1000,
"write": 100
},
"timestamp": "2017-01-25 06:20:13 -0500"
},
"name": "Server-1",
"statistics": {
"iops_raw": {
"read": 200,
"total": 1000,
"write": 100
},
"latency_raw": {
"read": 200,
"total": 1000,
"write": 100
},
"status": "ok",
"throughput_raw": {
"read": 200,
"total": 1000,
"write": 100
},
"timestamp": "2017-01-25 06:20:13 -0500"
},
"svm": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "svm1",
"uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
},
"users": [
{
"access_key": "Pz3SB54G2B_6dsXQPrA5HrTPcf478qoAW6_Xx6qyqZ948AgZ_7YfCf_9nO87YoZmskxx3cq41U2JAH2M3_fs321B4rkzS3a_oC5_8u7D8j_45N8OsBCBPWGD_1d_ccfq",
"comment": "S3 user",
"name": "user-1",
"svm": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "svm1",
"uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
}
}
]
}
Response
Status: 200, Ok
Error
Status: Default
ONTAP Error Response Codes
Error Code | Description |
---|---|
92405789 |
The specified object server name contains invalid characters. Valid characters for an object store server name are 0-9, A-Z, a-z, ".", and "-". |
92405790 |
Object store server names must have between 1 and 15 characters. |
Name | Type | Description |
---|---|---|
error |
Example error
{
"error": {
"arguments": [
{
"code": "string",
"message": "string"
}
],
"code": "4",
"message": "entry doesn't exist",
"target": "uuid"
}
}
Definitions
See Definitions
href
Name | Type | Description |
---|---|---|
href |
string |
self_link
Name | Type | Description |
---|---|---|
self |
_links
Name | Type | Description |
---|---|---|
self |
aggregates
Name | Type | Description |
---|---|---|
_links |
||
name |
string |
|
uuid |
string |
audit_event_selector
Audit event selector allows you to specify access and permission types to audit.
Name | Type | Description |
---|---|---|
access |
string |
Specifies read and write access types. |
permission |
string |
Specifies allow and deny permission types. |
encryption
Name | Type | Description |
---|---|---|
enabled |
boolean |
Specifies whether encryption is enabled on the bucket. By default, encryption is disabled on a bucket. |
abort_incomplete_multipart_upload
Specifies a way to perform abort_incomplete_multipart_upload action on filtered objects within a bucket.
Name | Type | Description |
---|---|---|
_links |
||
after_initiation_days |
integer |
Number of days of initiation after which uploads can be aborted. |
expiration
Specifies a way to perform expiration action on filtered objects within a bucket.
Name | Type | Description |
---|---|---|
_links |
||
expired_object_delete_marker |
boolean |
Cleanup object delete markers. |
object_age_days |
integer |
Number of days since creation after which objects can be deleted. |
object_expiry_date |
string |
Specific date from when objects can expire. |
non_current_version_expiration
Specifies a way to perform non_current_version_expiration action on filtered objects within a bucket.
Name | Type | Description |
---|---|---|
_links |
||
new_non_current_versions |
integer |
Number of latest non-current versions to be retained. |
non_current_days |
integer |
Number of days after which non-current versions can be deleted. |
object_filter
Specifies a way to filter objects within a bucket.
Name | Type | Description |
---|---|---|
_links |
||
prefix |
string |
A prefix that is matched against object-names within a bucket. |
size_greater_than |
integer |
Size of the object greater than specified for which the corresponding lifecycle rule is to be applied. |
size_less_than |
integer |
Size of the object smaller than specified for which the corresponding lifecycle rule is to be applied. |
tags |
array[string] |
An array of key-value paired tags of the form |
rules
Information about the lifecycle management rule of a bucket.
Name | Type | Description |
---|---|---|
_links |
||
abort_incomplete_multipart_upload |
Specifies a way to perform abort_incomplete_multipart_upload action on filtered objects within a bucket. |
|
enabled |
boolean |
Specifies whether or not the associated rule is enabled. |
expiration |
Specifies a way to perform expiration action on filtered objects within a bucket. |
|
name |
string |
Bucket lifecycle management rule identifier. |
non_current_version_expiration |
Specifies a way to perform non_current_version_expiration action on filtered objects within a bucket. |
|
object_filter |
Specifies a way to filter objects within a bucket. |
lifecycle_management
Lifecycle management is implemented as an object associated with a bucket. It defines rules to be applied against objects within a bucket. These rules are applied in the background and can delete objects.
Name | Type | Description |
---|---|---|
rules |
array[rules] |
Specifies an object store lifecycle management policy. |
s3_bucket_policy_condition
Information about policy conditions based on various condition operators and condition keys.
Name | Type | Description |
---|---|---|
delimiters |
array[string] |
An array of delimiters that are compared with the delimiter value specified at the time of execution of an S3-based command, using the condition operator specified. |
max_keys |
array[integer] |
An array of maximum keys that are allowed or denied to be retrieved using an S3 list operation, based on the condition operator specified. |
operator |
string |
Condition operator that is applied to the specified condition key. |
prefixes |
array[string] |
An array of prefixes that are compared with the input prefix value specified at the time of execution of an S3-based command, using the condition operator specified. |
source_ips |
array[string] |
An array of IP address ranges that are compared with the IP address of a source command at the time of execution of an S3-based command, using the condition operator specified. |
usernames |
array[string] |
An array of usernames that a current user in the context is evaluated against using the condition operators. |
s3_bucket_policy_statement
Specifies information about a single access permission.
Name | Type | Description |
---|---|---|
actions |
array[string] |
|
conditions |
array[s3_bucket_policy_condition] |
Specifies bucket policy conditions. |
effect |
string |
Specifies whether access is allowed or denied when a user requests the specific action. If access (to allow) is not granted explicitly to a resource, access is implicitly denied. Access can also be denied explicitly to a resource, in order to make sure that a user cannot access it, even if a different policy grants access. |
principals |
array[string] |
|
resources |
array[string] |
|
sid |
string |
Specifies the statement identifier used to differentiate between statements. |
policy
A policy is an object associated with a bucket. It defines resource (bucket, folder, or object) permissions. These policies get evaluated when an S3 user makes a request by executing a specific command. The user must be part of the principal (user or group) specified in the policy. Permissions in the policies determine whether the request is allowed or denied.
Name | Type | Description |
---|---|---|
statements |
array[s3_bucket_policy_statement] |
Specifies bucket access policy statement. |
destination
Name | Type | Description |
---|---|---|
is_cloud |
boolean |
Specifies whether a bucket is protected within the Cloud. |
is_external_cloud |
boolean |
Specifies whether a bucket is protected on external Cloud providers. |
is_ontap |
boolean |
Specifies whether a bucket is protected within ONTAP.
|
protection_status
Specifies attributes of bucket protection.
Name | Type | Description |
---|---|---|
destination |
||
is_protected |
boolean |
Specifies whether a bucket is a source and if it is protected within ONTAP and/or an external cloud.
|
qos_policy
Specifes "qos_policy.max_throughput_iops" and/or "qos_policy.max_throughput_mbps" or "qos_policy.min_throughput_iops" and/or "qos_policy.min_throughput_mbps". Specifying "min_throughput_iops" or "min_throughput_mbps" is only supported on volumes hosted on a node that is flash optimized. A pre-created QoS policy can also be used by specifying "qos_policy.name" or "qos_policy.uuid" properties. Setting or assigning a QoS policy to a bucket is not supported if its containing volume or SVM already has a QoS policy attached.
Name | Type | Description |
---|---|---|
_links |
||
max_throughput_iops |
integer |
Specifies the maximum throughput in IOPS, 0 means none. This is mutually exclusive with name and UUID during POST and PATCH. |
max_throughput_mbps |
integer |
Specifies the maximum throughput in Megabytes per sec, 0 means none. This is mutually exclusive with name and UUID during POST and PATCH. |
min_throughput_iops |
integer |
Specifies the minimum throughput in IOPS, 0 means none. Setting "min_throughput" is supported on AFF platforms only, unless FabricPool tiering policies are set. This is mutually exclusive with name and UUID during POST and PATCH. |
min_throughput_mbps |
integer |
Specifies the minimum throughput in Megabytes per sec, 0 means none. This is mutually exclusive with name and UUID during POST and PATCH. |
name |
string |
The QoS policy group name. This is mutually exclusive with UUID and other QoS attributes during POST and PATCH. |
uuid |
string |
The QoS policy group UUID. This is mutually exclusive with name and other QoS attributes during POST and PATCH. |
svm
Name | Type | Description |
---|---|---|
_links |
||
name |
string |
The name of the SVM. |
uuid |
string |
The unique identifier of the SVM. |
volume
Specifies the FlexGroup volume name and UUID where the bucket is hosted.
Name | Type | Description |
---|---|---|
_links |
||
name |
string |
The name of the volume. |
uuid |
string |
Unique identifier for the volume. This corresponds to the instance-uuid that is exposed in the CLI and ONTAPI. It does not change due to a volume move.
|
s3_bucket
A bucket is a container of objects. Each bucket defines an object namespace. S3 requests specify objects using a bucket-name and object-name pair. An object resides within a bucket.
Name | Type | Description |
---|---|---|
aggregates |
array[aggregates] |
A list of aggregates for FlexGroup volume constituents where the bucket is hosted. If this option is not specified, the bucket is auto-provisioned as a FlexGroup volume. |
allowed |
boolean |
If this is set to true, an SVM administrator can manage the S3 service. If it is false, only the cluster administrator can manage the service. |
audit_event_selector |
Audit event selector allows you to specify access and permission types to audit. |
|
comment |
string |
Can contain any additional information about the bucket being created or modified. |
constituents_per_aggregate |
integer |
Specifies the number of constituents or FlexVol volumes per aggregate. A FlexGroup volume consisting of all such constituents across all specified aggregates is created. This option is used along with the aggregates option and cannot be used independently. |
encryption |
||
lifecycle_management |
Lifecycle management is implemented as an object associated with a bucket. It defines rules to be applied against objects within a bucket. These rules are applied in the background and can delete objects. |
|
logical_used_size |
integer |
Specifies the bucket logical used size up to this point. |
name |
string |
Specifies the name of the bucket. Bucket name is a string that can only contain the following combination of ASCII-range alphanumeric characters 0-9, a-z, ".", and "-". |
nas_path |
string |
Specifies the NAS path to which the nas bucket corresponds to. |
policy |
A policy is an object associated with a bucket. It defines resource (bucket, folder, or object) permissions. These policies get evaluated when an S3 user makes a request by executing a specific command. The user must be part of the principal (user or group) specified in the policy. Permissions in the policies determine whether the request is allowed or denied. |
|
protection_status |
Specifies attributes of bucket protection. |
|
qos_policy |
Specifes "qos_policy.max_throughput_iops" and/or "qos_policy.max_throughput_mbps" or "qos_policy.min_throughput_iops" and/or "qos_policy.min_throughput_mbps". Specifying "min_throughput_iops" or "min_throughput_mbps" is only supported on volumes hosted on a node that is flash optimized. A pre-created QoS policy can also be used by specifying "qos_policy.name" or "qos_policy.uuid" properties. Setting or assigning a QoS policy to a bucket is not supported if its containing volume or SVM already has a QoS policy attached. |
|
role |
string |
Specifies the role of the bucket. |
size |
integer |
Specifies the bucket size in bytes; ranges from 80MB to 64TB. |
storage_service_level |
string |
Specifies the storage service level of the FlexGroup volume on which the bucket should be created. Valid values are "value", "performance" or "extreme". |
svm |
||
type |
string |
Specifies the bucket type. Valid values are "s3"and "nas". |
uuid |
string |
Specifies the unique identifier of the bucket. |
versioning_state |
string |
Specifies the versioning state of the bucket. Valid values are "disabled", "enabled" or "suspended". Note that the versioning state cannot be modified to 'disabled' from any other state. |
volume |
Specifies the FlexGroup volume name and UUID where the bucket is hosted. |
certificate
Specifies the certificate that will be used for creating HTTPS connections to the S3 server.
Name | Type | Description |
---|---|---|
_links |
||
name |
string |
Certificate name |
uuid |
string |
Certificate UUID |
iops
The rate of I/O operations observed at the storage object.
Name | Type | Description |
---|---|---|
other |
integer |
Performance metric for other I/O operations. Other I/O operations can be metadata operations, such as directory lookups and so on. |
read |
integer |
Performance metric for read I/O operations. |
total |
integer |
Performance metric aggregated over all types of I/O operations. |
write |
integer |
Peformance metric for write I/O operations. |
latency
The round trip latency in microseconds observed at the storage object.
Name | Type | Description |
---|---|---|
other |
integer |
Performance metric for other I/O operations. Other I/O operations can be metadata operations, such as directory lookups and so on. |
read |
integer |
Performance metric for read I/O operations. |
total |
integer |
Performance metric aggregated over all types of I/O operations. |
write |
integer |
Peformance metric for write I/O operations. |
throughput
The rate of throughput bytes per second observed at the storage object.
Name | Type | Description |
---|---|---|
read |
integer |
Performance metric for read I/O operations. |
total |
integer |
Performance metric aggregated over all types of I/O operations. |
write |
integer |
Peformance metric for write I/O operations. |
metric
Performance numbers, such as IOPS latency and throughput, for SVM protocols.
Name | Type | Description |
---|---|---|
_links |
||
duration |
string |
The duration over which this sample is calculated. The time durations are represented in the ISO-8601 standard format. Samples can be calculated over the following durations: |
iops |
The rate of I/O operations observed at the storage object. |
|
latency |
The round trip latency in microseconds observed at the storage object. |
|
status |
string |
Any errors associated with the sample. For example, if the aggregation of data over multiple nodes fails then any of the partial errors might be returned, "ok" on success, or "error" on any internal uncategorized failure. Whenever a sample collection is missed but done at a later time, it is back filled to the previous 15 second timestamp and tagged with "backfilled_data". "Inconsistent_ delta_time" is encountered when the time between two collections is not the same for all nodes. Therefore, the aggregated value might be over or under inflated. "Negative_delta" is returned when an expected monotonically increasing value has decreased in value. "Inconsistent_old_data" is returned when one or more nodes do not have the latest data. |
throughput |
The rate of throughput bytes per second observed at the storage object. |
|
timestamp |
string |
The timestamp of the performance data. |
iops_raw
The number of I/O operations observed at the storage object. This should be used along with delta time to calculate the rate of I/O operations per unit of time.
Name | Type | Description |
---|---|---|
other |
integer |
Performance metric for other I/O operations. Other I/O operations can be metadata operations, such as directory lookups and so on. |
read |
integer |
Performance metric for read I/O operations. |
total |
integer |
Performance metric aggregated over all types of I/O operations. |
write |
integer |
Peformance metric for write I/O operations. |
latency_raw
The raw latency in microseconds observed at the storage object. This should be divided by the raw IOPS value to calculate the average latency per I/O operation.
Name | Type | Description |
---|---|---|
other |
integer |
Performance metric for other I/O operations. Other I/O operations can be metadata operations, such as directory lookups and so on. |
read |
integer |
Performance metric for read I/O operations. |
total |
integer |
Performance metric aggregated over all types of I/O operations. |
write |
integer |
Peformance metric for write I/O operations. |
throughput_raw
Throughput bytes observed at the storage object. This should be used along with delta time to calculate the rate of throughput bytes per unit of time.
Name | Type | Description |
---|---|---|
read |
integer |
Performance metric for read I/O operations. |
total |
integer |
Performance metric aggregated over all types of I/O operations. |
write |
integer |
Peformance metric for write I/O operations. |
statistics
These are raw performance numbers, such as IOPS latency and throughput for SVM protocols. These numbers are aggregated across all nodes in the cluster and increase with the uptime of the cluster.
Name | Type | Description |
---|---|---|
iops_raw |
The number of I/O operations observed at the storage object. This should be used along with delta time to calculate the rate of I/O operations per unit of time. |
|
latency_raw |
The raw latency in microseconds observed at the storage object. This should be divided by the raw IOPS value to calculate the average latency per I/O operation. |
|
status |
string |
Any errors associated with the sample. For example, if the aggregation of data over multiple nodes fails then any of the partial errors might be returned, "ok" on success, or "error" on any internal uncategorized failure. Whenever a sample collection is missed but done at a later time, it is back filled to the previous 15 second timestamp and tagged with "backfilled_data". "Inconsistent_delta_time" is encountered when the time between two collections is not the same for all nodes. Therefore, the aggregated value might be over or under inflated. "Negative_delta" is returned when an expected monotonically increasing value has decreased in value. "Inconsistent_old_data" is returned when one or more nodes do not have the latest data. |
throughput_raw |
Throughput bytes observed at the storage object. This should be used along with delta time to calculate the rate of throughput bytes per unit of time. |
|
timestamp |
string |
The timestamp of the performance data. |
s3_user
This is a container of S3 users.
Name | Type | Description |
---|---|---|
access_key |
string |
Specifies the access key for the user. |
comment |
string |
Can contain any additional information about the user being created or modified. |
name |
string |
Specifies the name of the user. A user name length can range from 1 to 64 characters and can only contain the following combination of characters 0-9, A-Z, a-z, "_", "+", "=", ",", ".","@", and "-". |
svm |
s3_service
Specifies the S3 server configuration.
Name | Type | Description |
---|---|---|
_links |
||
buckets |
array[s3_bucket] |
|
certificate |
Specifies the certificate that will be used for creating HTTPS connections to the S3 server. |
|
comment |
string |
Can contain any additional information about the server being created or modified. |
default_unix_user |
string |
Specifies the default UNIX user for NAS Access. |
default_win_user |
string |
Specifies the default Windows user for NAS Access. |
enabled |
boolean |
Specifies whether the S3 server being created or modified should be up or down. |
is_http_enabled |
boolean |
Specifies whether HTTP is enabled on the S3 server being created or modified. By default, HTTP is disabled on the S3 server. |
is_https_enabled |
boolean |
Specifies whether HTTPS is enabled on the S3 server being created or modified. By default, HTTPS is enabled on the S3 server. |
metric |
Performance numbers, such as IOPS latency and throughput, for SVM protocols. |
|
name |
string |
Specifies the name of the S3 server. A server name can contain 1 to 253 characters using only the following combination of characters':' 0-9, A-Z, a-z, ".", and "-". |
port |
integer |
Specifies the HTTP listener port for the S3 server. By default, HTTP is enabled on port 80. |
secure_port |
integer |
Specifies the HTTPS listener port for the S3 server. By default, HTTPS is enabled on port 443. |
statistics |
These are raw performance numbers, such as IOPS latency and throughput for SVM protocols. These numbers are aggregated across all nodes in the cluster and increase with the uptime of the cluster. |
|
svm |
||
users |
array[s3_user] |
error_arguments
Name | Type | Description |
---|---|---|
code |
string |
Argument code |
message |
string |
Message argument |
error
Name | Type | Description |
---|---|---|
arguments |
array[error_arguments] |
Message arguments |
code |
string |
Error code |
message |
string |
Error message |
target |
string |
The target parameter that caused the error. |