Skip to main content

Create an S3 user configuration

Contributors

POST /protocols/s3/services/{svm.uuid}/users

Introduced In: 9.7

Creates the S3 user configuration.

Important notes

  • Each SVM can have one or more user configurations.

  • If the user is a member of Active directory, the user name takes the format "user@FQDN". For example, "user1@domain1.com".

  • If user creation is successful, a user access_key and secret_key is returned as part of the response.

  • If user keys have expiry configuration, then "key_expiry_time" is also returned as part of the response.

Required properties

  • svm.uuid - Existing SVM in which to create the user configuration.

  • name - User name that is to be created.

Default property values

  • comment - ""

  • vserver object-store-server user create

Parameters

Name Type In Required Description

return_records

boolean

query

False

The default is false. If set to true, the records are returned.

  • Default value:

svm.uuid

string

path

True

UUID of the SVM to which this object belongs.

Request Body

Name Type Description

access_key

string

Specifies the access key for the user.

comment

string

Can contain any additional information about the user being created or modified.

key_expiry_time

string

Specifies the date and time after which keys expire and are no longer valid.

key_id

integer

Specifies the identifier of an S3 user key that needs to be generated or deleted. The key_id can either be '1' or '2'.

key_time_to_live

string

Indicates the time period from when this parameter is specified:

  • when creating or modifying a user or

  • when the user keys were last regenerated, after which the user keys expire and are no longer valid.

  • Valid format is: 'PnDTnHnMnS|PnW'. For example, P2DT6H3M10S specifies a time period of 2 days, 6 hours, 3 minutes, and 10 seconds.

  • If the value specified is '0' seconds, then the keys won't expire.

keys

array[keys]

Specifies the keys associated with an S3 User.

name

string

Specifies the name of the user. A user name length can range from 1 to 64 characters and can only contain the following combination of characters 0-9, A-Z, a-z, "_", "+", "=", ",", ".","@", and "-".

svm

svm

SVM, applies only to SVM-scoped objects.

Example request
{
  "access_key": "HJAKU28M3SXTE2UXUACV",
  "comment": "S3 user",
  "key_expiry_time": "2023-12-31 19:00:00 -0500",
  "key_id": 1,
  "key_time_to_live": "PT6H3M",
  "keys": [
    {
      "access_key": "HJAKU28M3SXTE2UXUACV",
      "expiry_time": "2023-12-31 19:00:00 -0500",
      "id": 1,
      "time_to_live": "PT6H3M"
    }
  ],
  "name": "user-1",
  "svm": {
    "_links": {
      "self": {
        "href": "/api/resourcelink"
      }
    },
    "name": "svm1",
    "uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
  }
}

Response

Status: 201, Created
Name Type Description

num_records

integer

Number of records

records

array[s3_service_user_post_response]

Example response
{
  "num_records": 1,
  "records": [
    {
      "_links": {
        "next": {
          "href": "/api/resourcelink"
        },
        "self": {
          "href": "/api/resourcelink"
        }
      },
      "access_key": "HJAKU28M3SXTE2UXUACV",
      "key_expiry_time": "2023-12-31 19:00:00 -0500",
      "name": "user-1",
      "secret_key": "BcA_HX6If458llhnx3n1TCO3mg4roCXG0ddYf_cJ"
    }
  ]
}

Headers

Name Description Type

Location

Useful for tracking the resource location

string

Error

Status: Default

ONTAP Error Response Codes

Error Code Description

92405787

User name "User#1" contains invalid characters. Valid characters for a user name are 0-9, A-Z, a-z, "_", "+", "=", ",", ".", "@", and "-".

92405788

User name "User0123456789012345678901234567890123456789012345678901234567890123456789012345" is not valid. User names must have between 1 and 64 characters.

92405791

Failed to create access-key and secret-key.

92405817

SVM "" is not a data SVM. Specify a data SVM. //end row //start row

//end row //start row

92406083 //end row //start row

The maximum supported value for user key expiry configuration is "1095" days. //end row //start row

//end row //start row

92406096 //end row //start row

The user does not have permission to access the requested resource "{0}". //end row //start row

//end row //start row

92406097 //end row //start row

Internal error. The operation configuration is not correct. //end row //start row

//end row //start row

92406196 //end row //start row

The specified value for the "key_time_to_live" field cannot be greater than the maximum limit specified for the "max_key_time_to_live" field in the object store server. //end row //start row

//end row //start row

92406197 //end row //start row

Object store user "user-2" must have a non-zero value for the "key_time_to_live" field because the maximum limit specified for the "max_key_time_to_live" field in the object store server is not zero. //end row

|Name |Type |Description

|error |returned_error a|

.Example error [%collapsible%closed] ==== [source,json,subs=+macros] { "error": { "arguments": [ { "code": "string", "message": "string" } ], "code": "4", "message": "entry doesn't exist", "target": "uuid" } } ====

== Definitions

[.api-def-first-level] .See Definitions [%collapsible%closed] ==== [#keys] [.api-collapsible-fifth-title] keys

Specifies a key associated with an S3 user. At most only two keys can be associated with a user. This is a private object in ONTAP 9.15.1 as the multi-key feature is dark in this release.<\private>

[cols=3*,options=header]

|Name |Type |Description

|access_key |string a|Specifies the access key for the user.

|expiry_time |string a|Specifies the date and time after which keys expire and are no longer valid.

|id |integer a|Specifies an S3 user key identifier. Each user can only have a maximum of two keys. The key_id can either be '1' or '2'.

|time_to_live |string a|Indicates the time period from when this parameter is specified:

  • when creating or modifying a user or

  • when the user keys were last regenerated, after which the user keys expire and are no longer valid.

  • Valid format is: 'PnDTnHnMnS\|PnW'. For example, P2DT6H3M10S specifies a time period of 2 days, 6 hours, 3 minutes, and 10 seconds.

  • If the value specified is '0' seconds, then the keys do not expire.

[#href] [.api-collapsible-fifth-title] href

[cols=3*,options=header]

|Name |Type |Description

|href |string a|

[#_links] [.api-collapsible-fifth-title] _links

[cols=3*,options=header]

|Name |Type |Description

|self |href a|

[#svm] [.api-collapsible-fifth-title] svm

SVM, applies only to SVM-scoped objects.

[cols=3*,options=header]

|Name |Type |Description

|_links |_links a|

|name |string a|The name of the SVM. This field cannot be specified in a PATCH method.

|uuid |string a|The unique identifier of the SVM. This field cannot be specified in a PATCH method.

[#s3_user] [.api-collapsible-fifth-title] s3_user

This is a container of S3 users.

[cols=3*,options=header]

|Name |Type |Description

|access_key |string a|Specifies the access key for the user.

|comment |string a|Can contain any additional information about the user being created or modified.

|key_expiry_time |string a|Specifies the date and time after which keys expire and are no longer valid.

|key_id |integer a|Specifies the identifier of an S3 user key that needs to be generated or deleted. The key_id can either be '1' or '2'.

|key_time_to_live |string a|Indicates the time period from when this parameter is specified:

  • when creating or modifying a user or

  • when the user keys were last regenerated, after which the user keys expire and are no longer valid.

  • Valid format is: 'PnDTnHnMnS\|PnW'. For example, P2DT6H3M10S specifies a time period of 2 days, 6 hours, 3 minutes, and 10 seconds.

  • If the value specified is '0' seconds, then the keys won't expire.

|keys |array[keys] a|Specifies the keys associated with an S3 User.

|name |string a|Specifies the name of the user. A user name length can range from 1 to 64 characters and can only contain the following combination of characters 0-9, A-Z, a-z, "_", "+", "=", ",", ".","@", and "-".

|svm |svm a|SVM, applies only to SVM-scoped objects.

[#collection_links] [.api-collapsible-fifth-title] collection_links

[cols=3*,options=header]

|Name |Type |Description

|next |href a|

|self |href a|

[#s3_service_user_post_response] [.api-collapsible-fifth-title] s3_service_user_post_response

[cols=3*,options=header]

|Name |Type |Description

|_links |collection_links a|

|access_key |string a|Specifies the access key for the user.

|key_expiry_time |string a|Specifies the date and time after which the keys expire and are no longer valid.

|name |string a|The name of the user.

|secret_key |string a|Specifies the secret key for the user.

[#error_arguments] [.api-collapsible-fifth-title] error_arguments

[cols=3*,options=header]

|Name |Type |Description

|code |string a|Argument code

|message |string a|Message argument

[#returned_error] [.api-collapsible-fifth-title] returned_error

[cols=3*,options=header]

|Name |Type |Description

|arguments |array[error_arguments] a|Message arguments

|code |string a|Error code

|message |string a|Error message

|target |string a|The target parameter that caused the error.

====