REST API reference
Update an S3 policy configuration
Suggest changes
-
PDF of this doc site
Collection of separate PDF docs
Creating your file...
PATCH /protocols/s3/services/{svm.uuid}/policies/{name}
Introduced In: 9.8
Updates the S3 policy configuration of an SVM.
Important notes
-
The following fields can be modified for a policy:
-
comment- Any information related to the policy. -
statements- Specifies the array of policy statements.
-
Related ONTAP commands
-
vserver object-store-server policy modify -
vserver object-store-server policy modify-statement
Parameters
| Name | Type | In | Required | Description |
|---|---|---|---|---|
name |
string |
path |
True |
Policy name |
svm.uuid |
string |
path |
True |
UUID of the SVM to which this object belongs. |
Request Body
| Name | Type | Description |
|---|---|---|
comment |
string |
Can contain any additional information about the S3 policy. |
name |
string |
Specifies the name of the policy. A policy name length can range from 1 to 128 characters and can only contain the following combination of characters 0-9, A-Z, a-z, "_", "+", "=", ",", ".","@", and "-". It cannot be specified in a PATCH method. |
read-only |
boolean |
Specifies whether or not the s3 policy is read only. This parameter should not be specified in the POST method. |
statements |
array[s3_policy_statement] |
Specifies the policy statements. |
svm |
SVM, applies only to SVM-scoped objects. |
Example request
{
"comment": "S3 policy.",
"name": "Policy1",
"statements": {
"actions": [
"*"
],
"effect": "allow",
"index": 0,
"resources": [
"bucket1",
"bucket1/*"
],
"sid": "FullAccessToBucket1"
},
"svm": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "svm1",
"uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
}
}Response
Status: 200, OkError
Status: DefaultONTAP Error Response Codes
| Error Code | Description |
|---|---|
92405906 |
The specified action name is invalid. |
92405963 |
Failed to create s3 policy statements "{policy name}". Reason: "{reason of failure}". Resolve all issues and retry the operation. |
92405953 |
Object store server read-only policies do not support create, modify, delete, add-statement, delete-statement and modify-statement operations. |
92406075 |
Failed to modify policy statement for policy "{policy name}". Reason: "{reason of failure}". Valid ways to specify a resource are "__", " |
|Name |Type |Description
|error |returned_error a|
.Example error [%collapsible%closed] ==== [source,json,subs=+macros] { "error": { "arguments": { "code": "string", "message": "string" }, "code": "4", "message": "entry doesn't exist", "target": "uuid" } } ==== == Definitions [.api-def-first-level] .See Definitions [%collapsible%closed] ==== [#s3_policy_statement] [.api-collapsible-fifth-title] s3_policy_statement Specifies information about a single access policy statement. [cols=3*,options=header] |
|Name |Type |Description
|actions |array[string] a|For each resource, S3 supports a set of operations. The resource operations allowed or denied are identified by an action list:
-
GetObject - retrieves objects from a bucket.
-
PutObject - puts objects in a bucket.
-
DeleteObject - deletes objects from a bucket.
-
ListBucket - lists the objects in a bucket.
-
GetBucketAcl - retrieves the access control list (ACL) of a bucket.
-
GetObjectAcl - retrieves the access control list (ACL) of an object.
-
ListAllMyBuckets - lists all of the buckets in a server.
-
ListBucketMultipartUploads - lists the multipart uploads in progress for a bucket.
-
ListMultipartUploadParts - lists the parts in a multipart upload.
-
CreateBucket - creates a new bucket.
-
DeleteBucket - deletes an existing bucket.
-
GetObjectTagging - retrieves the tag set of an object.
-
PutObjecttagging - sets the tag set for an object.
-
DeleteObjectTagging - deletes the tag set of an object.
-
GetBucketLocation - retrieves the location of a bucket.
-
GetBucketVersioning - retrieves the versioning configuration of a bucket.
-
PutBucketVersioning - modifies the versioning configuration of a bucket.
-
ListBucketVersions - lists the object versions in a bucket.
-
PutBucketPolicy - puts bucket policy on the bucket specified.
-
GetBucketPolicy - retrieves the bucket policy of a bucket.
-
DeleteBucketPolicy - deletes the policy created for a bucket. The wildcard character "*" can be used to form a regular expression for specifying actions.
|effect |string a|Specifies whether access is allowed or denied. If access (to allow) is not granted explicitly to a resource, access is implicitly denied. Access can also be denied explicitly to a resource, in order to make sure that a user cannot access it, even if a different policy grants access.
|index |integer a|Specifies a unique statement index used to identify a particular statement. This parameter should not be specified in the POST method. A statement index is automatically generated. It is not retrieved in the GET method.
|resources |array[string] a|
|sid |string a|Specifies the statement identifier which contains additional information about the statement.
[#href] [.api-collapsible-fifth-title] href [cols=3*,options=header] |
|Name |Type |Description
|href |string a|
[#_links] [.api-collapsible-fifth-title] _links [cols=3*,options=header] |
|Name |Type |Description
|self |href a|
[#svm] [.api-collapsible-fifth-title] svm SVM, applies only to SVM-scoped objects. [cols=3*,options=header] |
|Name |Type |Description
|_links |_links a|
|name |string a|The name of the SVM. This field cannot be specified in a PATCH method.
|uuid |string a|The unique identifier of the SVM. This field cannot be specified in a PATCH method.
[#s3_policy] [.api-collapsible-fifth-title] s3_policy An S3 policy is an object. It defines resource (bucket, folder or object) permissions. These policies get evaluated when an object store user user makes a request. Permissions in the policies determine whether the request is allowed or denied. [cols=3*,options=header] |
|Name |Type |Description
|comment |string a|Can contain any additional information about the S3 policy.
|name |string a|Specifies the name of the policy. A policy name length can range from 1 to 128 characters and can only contain the following combination of characters 0-9, A-Z, a-z, "_", "+", "=", ",", ".","@", and "-". It cannot be specified in a PATCH method.
|read-only |boolean a|Specifies whether or not the s3 policy is read only. This parameter should not be specified in the POST method.
|statements |array[s3_policy_statement] a|Specifies the policy statements.
|svm |svm a|SVM, applies only to SVM-scoped objects.
[#error_arguments] [.api-collapsible-fifth-title] error_arguments [cols=3*,options=header] |
|Name |Type |Description
|code |string a|Argument code
|message |string a|Message argument
[#returned_error] [.api-collapsible-fifth-title] returned_error [cols=3*,options=header] |
|Name |Type |Description
|arguments |array[error_arguments] a|Message arguments
|code |string a|Error code
|message |string a|Error message
|target |string a|The target parameter that caused the error.
==== |