Retrieve S3 bucket configurations for an SVM
GET /protocols/s3/services/{svm.uuid}/buckets
Introduced In: 9.7
Retrieves the S3 bucket's configuration of an SVM. Note that in order to retrieve S3 bucket policy conditions, the 'fields' option should be set to '**'.
Related ONTAP commands
-
vserver object-store-server bucket show
-
vserver object-store-server bucket policy statement show
-
vserver object-store-server bucket policy-statement-condition show
-
vserver object-store-server bucket lifecycle-management-rule show
Parameters
Name | Type | In | Required | Description |
---|---|---|---|---|
protection_status.is_protected |
boolean |
query |
False |
Filter by protection_status.is_protected
|
protection_status.destination.is_cloud |
boolean |
query |
False |
Filter by protection_status.destination.is_cloud
|
protection_status.destination.is_external_cloud |
boolean |
query |
False |
Filter by protection_status.destination.is_external_cloud
|
protection_status.destination.is_ontap |
boolean |
query |
False |
Filter by protection_status.destination.is_ontap
|
logical_used_size |
integer |
query |
False |
Filter by logical_used_size |
svm.name |
string |
query |
False |
Filter by svm.name |
encryption.enabled |
boolean |
query |
False |
Filter by encryption.enabled |
size |
integer |
query |
False |
Filter by size
|
volume.uuid |
string |
query |
False |
Filter by volume.uuid |
volume.name |
string |
query |
False |
Filter by volume.name |
comment |
string |
query |
False |
Filter by comment
|
audit_event_selector.permission |
string |
query |
False |
Filter by audit_event_selector.permission
|
audit_event_selector.access |
string |
query |
False |
Filter by audit_event_selector.access
|
versioning_state |
string |
query |
False |
Filter by versioning_state
|
policy.statements.sid |
string |
query |
False |
Filter by policy.statements.sid
|
policy.statements.principals |
string |
query |
False |
Filter by policy.statements.principals
|
policy.statements.conditions.usernames |
string |
query |
False |
Filter by policy.statements.conditions.usernames
|
policy.statements.conditions.max_keys |
integer |
query |
False |
Filter by policy.statements.conditions.max_keys
|
policy.statements.conditions.delimiters |
string |
query |
False |
Filter by policy.statements.conditions.delimiters
|
policy.statements.conditions.prefixes |
string |
query |
False |
Filter by policy.statements.conditions.prefixes
|
policy.statements.conditions.source_ips |
string |
query |
False |
Filter by policy.statements.conditions.source_ips
|
policy.statements.conditions.operator |
string |
query |
False |
Filter by policy.statements.conditions.operator
|
policy.statements.effect |
string |
query |
False |
Filter by policy.statements.effect
|
policy.statements.actions |
string |
query |
False |
Filter by policy.statements.actions
|
policy.statements.resources |
string |
query |
False |
Filter by policy.statements.resources
|
type |
string |
query |
False |
Filter by type
|
qos_policy.name |
string |
query |
False |
Filter by qos_policy.name
|
qos_policy.min_throughput_mbps |
integer |
query |
False |
Filter by qos_policy.min_throughput_mbps
|
qos_policy.min_throughput_iops |
integer |
query |
False |
Filter by qos_policy.min_throughput_iops
|
qos_policy.max_throughput_mbps |
integer |
query |
False |
Filter by qos_policy.max_throughput_mbps
|
qos_policy.uuid |
string |
query |
False |
Filter by qos_policy.uuid
|
qos_policy.max_throughput_iops |
integer |
query |
False |
Filter by qos_policy.max_throughput_iops
|
nas_path |
string |
query |
False |
Filter by nas_path
|
uuid |
string |
query |
False |
Filter by uuid |
lifecycle_management.rules.expiration.expired_object_delete_marker |
boolean |
query |
False |
Filter by lifecycle_management.rules.expiration.expired_object_delete_marker
|
lifecycle_management.rules.expiration.object_age_days |
integer |
query |
False |
Filter by lifecycle_management.rules.expiration.object_age_days
|
lifecycle_management.rules.expiration.object_expiry_date |
string |
query |
False |
Filter by lifecycle_management.rules.expiration.object_expiry_date
|
lifecycle_management.rules.object_filter.size_less_than |
integer |
query |
False |
Filter by lifecycle_management.rules.object_filter.size_less_than
|
lifecycle_management.rules.object_filter.tags |
string |
query |
False |
Filter by lifecycle_management.rules.object_filter.tags
|
lifecycle_management.rules.object_filter.size_greater_than |
integer |
query |
False |
Filter by lifecycle_management.rules.object_filter.size_greater_than
|
lifecycle_management.rules.object_filter.prefix |
string |
query |
False |
Filter by lifecycle_management.rules.object_filter.prefix
|
lifecycle_management.rules.name |
string |
query |
False |
Filter by lifecycle_management.rules.name
|
lifecycle_management.rules.non_current_version_expiration.non_current_days |
integer |
query |
False |
Filter by lifecycle_management.rules.non_current_version_expiration.non_current_days
|
lifecycle_management.rules.non_current_version_expiration.new_non_current_versions |
integer |
query |
False |
Filter by lifecycle_management.rules.non_current_version_expiration.new_non_current_versions
|
lifecycle_management.rules.abort_incomplete_multipart_upload.after_initiation_days |
integer |
query |
False |
Filter by lifecycle_management.rules.abort_incomplete_multipart_upload.after_initiation_days
|
lifecycle_management.rules.enabled |
boolean |
query |
False |
Filter by lifecycle_management.rules.enabled
|
role |
string |
query |
False |
Filter by role
|
name |
string |
query |
False |
Filter by name
|
svm.uuid |
string |
path |
True |
UUID of the SVM to which this object belongs. |
fields |
array[string] |
query |
False |
Specify the fields to return. |
max_records |
integer |
query |
False |
Limit the number of records returned. |
return_records |
boolean |
query |
False |
The default is true for GET calls. When set to false, only the number of records is returned.
|
return_timeout |
integer |
query |
False |
The number of seconds to allow the call to execute before returning. When iterating over a collection, the default is 15 seconds. ONTAP returns earlier if either max records or the end of the collection is reached.
|
order_by |
array[string] |
query |
False |
Order results by specified fields and optional [asc |
Response
Status: 200, Ok
Name | Type | Description |
---|---|---|
_links |
||
num_records |
integer |
Number of records |
records |
array[s3_bucket_svm] |
Example response
{
"_links": {
"next": {
"href": "/api/resourcelink"
},
"self": {
"href": "/api/resourcelink"
}
},
"num_records": 1,
"records": [
{
"aggregates": [
{
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "aggr1",
"uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
}
],
"audit_event_selector": {
"access": "string",
"permission": "string"
},
"comment": "S3 bucket.",
"constituents_per_aggregate": 4,
"lifecycle_management": {
"rules": [
{
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"abort_incomplete_multipart_upload": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
}
},
"expiration": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"object_expiry_date": "string"
},
"name": "string",
"non_current_version_expiration": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
}
},
"object_filter": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"prefix": "/logs",
"size_greater_than": 10485760,
"size_less_than": 10240,
"tags": [
"project1=projA",
"project2=projB"
]
}
}
]
},
"logical_used_size": 0,
"name": "bucket1",
"nas_path": "/",
"policy": {
"statements": [
{
"actions": [
"GetObject",
"PutObject",
"DeleteObject",
"ListBucket"
],
"conditions": [
{
"delimiters": [
"/"
],
"max_keys": [
1000
],
"operator": "ip_address",
"prefixes": [
"pref"
],
"source_ips": [
"1.1.1.1",
"1.2.2.0/24"
],
"usernames": [
"user1"
]
}
],
"effect": "allow",
"principals": [
"user1",
"group/grp1"
],
"resources": [
"bucket1",
"bucket1/*"
],
"sid": "FullAccessToUser1"
}
]
},
"qos_policy": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"max_throughput_iops": 10000,
"max_throughput_mbps": 500,
"min_throughput_iops": 2000,
"min_throughput_mbps": 500,
"name": "performance",
"uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
},
"role": "string",
"size": 1677721600,
"storage_service_level": "value",
"svm": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "svm1",
"uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
},
"type": "s3",
"uuid": "414b29a1-3b26-11e9-bd58-0050568ea055",
"versioning_state": "enabled",
"volume": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "volume1",
"uuid": "028baa66-41bd-11e9-81d5-00a0986138f7"
}
}
]
}
Error
Status: Default, Error
Name | Type | Description |
---|---|---|
error |
Example error
{
"error": {
"arguments": [
{
"code": "string",
"message": "string"
}
],
"code": "4",
"message": "entry doesn't exist",
"target": "uuid"
}
}
Definitions
See Definitions
href
Name | Type | Description |
---|---|---|
href |
string |
collection_links
Name | Type | Description |
---|---|---|
next |
||
self |
_links
Name | Type | Description |
---|---|---|
self |
aggregates
Name | Type | Description |
---|---|---|
_links |
||
name |
string |
|
uuid |
string |
audit_event_selector
Event selector allows you to specify access and permission types to audit.
Name | Type | Description |
---|---|---|
access |
string |
Specifies read and write access types. |
permission |
string |
Specifies allow and deny permission types. |
encryption
Name | Type | Description |
---|---|---|
enabled |
boolean |
Specifies whether encryption is enabled on the bucket. By default, encryption is disabled on a bucket. |
abort_incomplete_multipart_upload
Specifies a way to perform abort_incomplete_multipart_upload action on filtered objects within a bucket.
Name | Type | Description |
---|---|---|
_links |
||
after_initiation_days |
integer |
Number of days of initiation after which uploads can be aborted. |
expiration
Specifies a way to perform expiration action on filtered objects within a bucket.
Name | Type | Description |
---|---|---|
_links |
||
expired_object_delete_marker |
boolean |
Cleanup object delete markers. |
object_age_days |
integer |
Number of days since creation after which objects can be deleted. |
object_expiry_date |
string |
Specific date from when objects can expire. |
non_current_version_expiration
Specifies a way to perform non_current_version_expiration action on filtered objects within a bucket.
Name | Type | Description |
---|---|---|
_links |
||
new_non_current_versions |
integer |
Number of latest non-current versions to be retained. |
non_current_days |
integer |
Number of days after which non-current versions can be deleted. |
object_filter
Specifies a way to filter objects within a bucket.
Name | Type | Description |
---|---|---|
_links |
||
prefix |
string |
A prefix that is matched against object-names within a bucket. |
size_greater_than |
integer |
Size of the object greater than specified for which the corresponding lifecycle rule is to be applied. |
size_less_than |
integer |
Size of the object smaller than specified for which the corresponding lifecycle rule is to be applied. |
tags |
array[string] |
An array of key-value paired tags of the form |
rules
Information about the lifecycle management rule of a bucket.
Name | Type | Description |
---|---|---|
_links |
||
abort_incomplete_multipart_upload |
Specifies a way to perform abort_incomplete_multipart_upload action on filtered objects within a bucket. |
|
enabled |
boolean |
Specifies whether or not the associated rule is enabled. |
expiration |
Specifies a way to perform expiration action on filtered objects within a bucket. |
|
name |
string |
Bucket lifecycle management rule identifier. |
non_current_version_expiration |
Specifies a way to perform non_current_version_expiration action on filtered objects within a bucket. |
|
object_filter |
Specifies a way to filter objects within a bucket. |
lifecycle_management
Lifecycle management is implemented as an object associated with a bucket. It defines rules to be applied against objects within a bucket. These rules are applied in the background and can delete objects.
Name | Type | Description |
---|---|---|
rules |
array[rules] |
Specifies an object store lifecycle management policy. |
s3_bucket_policy_condition
Information about policy conditions based on various condition operators and condition keys.
Name | Type | Description |
---|---|---|
delimiters |
array[string] |
An array of delimiters that are compared with the delimiter value specified at the time of execution of an S3-based command, using the condition operator specified. |
max_keys |
array[integer] |
An array of maximum keys that are allowed or denied to be retrieved using an S3 list operation, based on the condition operator specified. |
operator |
string |
Condition operator that is applied to the specified condition key. |
prefixes |
array[string] |
An array of prefixes that are compared with the input prefix value specified at the time of execution of an S3-based command, using the condition operator specified. |
source_ips |
array[string] |
An array of IP address ranges that are compared with the IP address of a source command at the time of execution of an S3-based command, using the condition operator specified. |
usernames |
array[string] |
An array of usernames that a current user in the context is evaluated against using the condition operators. |
s3_bucket_policy_statement
Specifies information about a single access permission.
Name | Type | Description |
---|---|---|
actions |
array[string] |
|
conditions |
array[s3_bucket_policy_condition] |
Specifies bucket policy conditions. |
effect |
string |
Specifies whether access is allowed or denied when a user requests the specific action. If access (to allow) is not granted explicitly to a resource, access is implicitly denied. Access can also be denied explicitly to a resource, in order to make sure that a user cannot access it, even if a different policy grants access. |
principals |
array[string] |
|
resources |
array[string] |
|
sid |
string |
Specifies the statement identifier used to differentiate between statements. |
policy
A policy is an object associated with a bucket. It defines resource (bucket, folder, or object) permissions. These policies get evaluated when an S3 user makes a request by executing a specific command. The user must be part of the principal (user or group) specified in the policy. Permissions in the policies determine whether the request is allowed or denied.
Name | Type | Description |
---|---|---|
statements |
array[s3_bucket_policy_statement] |
Specifies bucket access policy statement. |
destination
Name | Type | Description |
---|---|---|
is_cloud |
boolean |
Specifies whether a bucket is protected within the Cloud. |
is_external_cloud |
boolean |
Specifies whether a bucket is protected on external Cloud providers. |
is_ontap |
boolean |
Specifies whether a bucket is protected within ONTAP.
|
protection_status
Specifies attributes of bucket protection.
Name | Type | Description |
---|---|---|
destination |
||
is_protected |
boolean |
Specifies whether a bucket is a source and if it is protected within ONTAP and/or an external cloud.
|
qos_policy
Specifes "qos_policy.max_throughput_iops" and/or "qos_policy.max_throughput_mbps" or "qos_policy.min_throughput_iops" and/or "qos_policy.min_throughput_mbps". Specifying "min_throughput_iops" or "min_throughput_mbps" is only supported on volumes hosted on a node that is flash optimized. A pre-created QoS policy can also be used by specifying "qos_policy.name" or "qos_policy.uuid" properties. Setting or assigning a QoS policy to a bucket is not supported if its containing volume or SVM already has a QoS policy attached.
Name | Type | Description |
---|---|---|
_links |
||
max_throughput_iops |
integer |
Specifies the maximum throughput in IOPS, 0 means none. This is mutually exclusive with name and UUID during POST and PATCH. |
max_throughput_mbps |
integer |
Specifies the maximum throughput in Megabytes per sec, 0 means none. This is mutually exclusive with name and UUID during POST and PATCH. |
min_throughput_iops |
integer |
Specifies the minimum throughput in IOPS, 0 means none. Setting "min_throughput" is supported on AFF platforms only, unless FabricPool tiering policies are set. This is mutually exclusive with name and UUID during POST and PATCH. |
min_throughput_mbps |
integer |
Specifies the minimum throughput in Megabytes per sec, 0 means none. This is mutually exclusive with name and UUID during POST and PATCH. |
name |
string |
The QoS policy group name. This is mutually exclusive with UUID and other QoS attributes during POST and PATCH. |
uuid |
string |
The QoS policy group UUID. This is mutually exclusive with name and other QoS attributes during POST and PATCH. |
svm
Name | Type | Description |
---|---|---|
_links |
||
name |
string |
The name of the SVM. |
uuid |
string |
The unique identifier of the SVM. |
volume
Specifies the FlexGroup volume name and UUID where the bucket is hosted.
Name | Type | Description |
---|---|---|
_links |
||
name |
string |
The name of the volume. |
uuid |
string |
Unique identifier for the volume. This corresponds to the instance-uuid that is exposed in the CLI and ONTAPI. It does not change due to a volume move.
|
s3_bucket_svm
A bucket is a container of objects. Each bucket defines an object namespace. S3 requests specify objects using a bucket-name and object-name pair. An object resides within a bucket.
Name | Type | Description |
---|---|---|
aggregates |
array[aggregates] |
A list of aggregates for FlexGroup volume constituents where the bucket is hosted. If this option is not specified, the bucket is auto-provisioned as a FlexGroup volume. |
audit_event_selector |
Event selector allows you to specify access and permission types to audit. |
|
comment |
string |
Can contain any additional information about the bucket being created or modified. |
constituents_per_aggregate |
integer |
Specifies the number of constituents or FlexVol volumes per aggregate. A FlexGroup volume consisting of all such constituents across all specified aggregates is created. This option is used along with the aggregates option and cannot be used independently. |
encryption |
||
lifecycle_management |
Lifecycle management is implemented as an object associated with a bucket. It defines rules to be applied against objects within a bucket. These rules are applied in the background and can delete objects. |
|
logical_used_size |
integer |
Specifies the bucket logical used size up to this point. |
name |
string |
Specifies the name of the bucket. Bucket name is a string that can only contain the following combination of ASCII-range alphanumeric characters 0-9, a-z, ".", and "-". |
nas_path |
string |
Specifies the NAS path to which the nas bucket corresponds to. |
policy |
A policy is an object associated with a bucket. It defines resource (bucket, folder, or object) permissions. These policies get evaluated when an S3 user makes a request by executing a specific command. The user must be part of the principal (user or group) specified in the policy. Permissions in the policies determine whether the request is allowed or denied. |
|
protection_status |
Specifies attributes of bucket protection. |
|
qos_policy |
Specifes "qos_policy.max_throughput_iops" and/or "qos_policy.max_throughput_mbps" or "qos_policy.min_throughput_iops" and/or "qos_policy.min_throughput_mbps". Specifying "min_throughput_iops" or "min_throughput_mbps" is only supported on volumes hosted on a node that is flash optimized. A pre-created QoS policy can also be used by specifying "qos_policy.name" or "qos_policy.uuid" properties. Setting or assigning a QoS policy to a bucket is not supported if its containing volume or SVM already has a QoS policy attached. |
|
role |
string |
Specifies the role of the bucket. |
size |
integer |
Specifies the bucket size in bytes; ranges from 80MB to 64TB. |
storage_service_level |
string |
Specifies the storage service level of the FlexGroup volume on which the bucket should be created. Valid values are "value", "performance" or "extreme". |
svm |
||
type |
string |
Specifies the bucket type. Valid values are "s3"and "nas". |
uuid |
string |
Specifies the unique identifier of the bucket. |
versioning_state |
string |
Specifies the versioning state of the bucket. Valid values are "disabled", "enabled" or "suspended". Note that the versioning state cannot be modified to 'disabled' from any other state. |
volume |
Specifies the FlexGroup volume name and UUID where the bucket is hosted. |
error_arguments
Name | Type | Description |
---|---|---|
code |
string |
Argument code |
message |
string |
Message argument |
error
Name | Type | Description |
---|---|---|
arguments |
array[error_arguments] |
Message arguments |
code |
string |
Error code |
message |
string |
Error message |
target |
string |
The target parameter that caused the error. |