Skip to main content

Update an S3 user configuration

Contributors

PATCH /protocols/s3/services/{svm.uuid}/users/{name}

Introduced In: 9.7

Updates the S3 user configuration of an SVM.

Important notes

  • User access_key and secret_key pair can be regenerated using the PATCH operation.

  • User access_key and secret_key is returned in a PATCH operation if the "regenerate_keys" field is specified as true.

  • If "regenerate_keys" is true and user keys have expiry configuration, then "key_expiry_time" is also returned as part of response.

  • User access_key and secret_key pair can be deleted using the PATCH operation.

  • regenerate_keys - Specifies if secret_key and access_key need to be regenerated.

  • delete_keys - Specifies if secret_key and access_key need to be deleted.

  • comment - Any information related to the S3 user.

  • vserver object-store-server user show

  • vserver object-store-server user regenerate-keys

  • vserver object-store-server user delete-keys

Parameters

Name Type In Required Description

name

string

path

True

User name

regenerate_keys

boolean

query

False

Specifies whether or not to regenerate the user keys.

  • Default value:

delete_keys

boolean

query

False

Specifies whether or not to delete the user keys.

  • Introduced in: 9.14

  • Default value:

svm.uuid

string

path

True

UUID of the SVM to which this object belongs.

Request Body

Name Type Description

access_key

string

Specifies the access key for the user.

comment

string

Can contain any additional information about the user being created or modified.

key_expiry_time

string

Specifies the date and time after which keys expire and are no longer valid.

key_id

integer

Specifies the identifier of an S3 user key that needs to be generated or deleted. The key_id can either be '1' or '2'.

key_time_to_live

string

Indicates the time period from when this parameter is specified:

  • when creating or modifying a user or

  • when the user keys were last regenerated, after which the user keys expire and are no longer valid.

  • Valid format is: 'PnDTnHnMnS|PnW'. For example, P2DT6H3M10S specifies a time period of 2 days, 6 hours, 3 minutes, and 10 seconds.

  • If the value specified is '0' seconds, then the keys won't expire.

keys

array[keys]

Specifies the keys associated with an S3 User.

name

string

Specifies the name of the user. A user name length can range from 1 to 64 characters and can only contain the following combination of characters 0-9, A-Z, a-z, "_", "+", "=", ",", ".","@", and "-".

svm

svm

SVM, applies only to SVM-scoped objects.

Example request
{
  "access_key": "HJAKU28M3SXTE2UXUACV",
  "comment": "S3 user",
  "key_expiry_time": "2023-12-31 19:00:00 -0500",
  "key_id": 1,
  "key_time_to_live": "PT6H3M",
  "keys": [
    {
      "access_key": "HJAKU28M3SXTE2UXUACV",
      "expiry_time": "2023-12-31 19:00:00 -0500",
      "id": 1,
      "time_to_live": "PT6H3M"
    }
  ],
  "name": "user-1",
  "svm": {
    "_links": {
      "self": {
        "href": "/api/resourcelink"
      }
    },
    "name": "svm1",
    "uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
  }
}

Response

Status: 200, Ok
Name Type Description

num_records

integer

Number of records

records

array[s3_service_user_post_response]

Example response
{
  "num_records": 1,
  "records": [
    {
      "_links": {
        "next": {
          "href": "/api/resourcelink"
        },
        "self": {
          "href": "/api/resourcelink"
        }
      },
      "access_key": "HJAKU28M3SXTE2UXUACV",
      "key_expiry_time": "2023-12-31 19:00:00 -0500",
      "name": "user-1",
      "secret_key": "BcA_HX6If458llhnx3n1TCO3mg4roCXG0ddYf_cJ"
    }
  ]
}

Error

Status: Default

ONTAP Error Response Codes

Error Code Description

92405792

Failed to regenerate access-key and secret-key for user.

92406082

Cannot perform "regenerate_keys" and "delete_keys" operations simultaneously on an S3 user.

92406081

The "regenerate_keys" operation on S3 User "user-2" in SVM "vs1" succeeded. However, modifying all of the other S3 user properties failed. Reason: resource limit exceeded. Retry the operation again without specifying the "regenerate_keys" parameter.

92406080

Cannot delete root user keys because there exists at least one S3 SnapMirror relationship that is using these keys.

92406083

The maximum supported value for user key expiry configuration is "1095" days.

92406088

The "key_time_to_live" parameter can only be used when the "regenerate_keys" operation is performed.

92406096

The user does not have permission to access the requested resource "{0}".

92406097

Internal error. The operation configuration is not correct.

92406108

The "key_id" field must be used with either the "regenerate_keys" or "delete_keys" operation.

92406196

The specified value for the "key_time_to_live" field cannot be greater than the maximum limit specified for the "max_key_time_to_live" field in the object store server.

92406197

Name Type Description

error

returned_error

Example error
{
  "error": {
    "arguments": [
      {
        "code": "string",
        "message": "string"
      }
    ],
    "code": "4",
    "message": "entry doesn't exist",
    "target": "uuid"
  }
}

Definitions

See Definitions

keys

Specifies a key associated with an S3 user. At most only two keys can be associated with a user. This is a private object in ONTAP 9.15.1 as the multi-key feature is dark in this release.<\private>

Name Type Description

access_key

string

Specifies the access key for the user.

expiry_time

string

Specifies the date and time after which keys expire and are no longer valid.

id

integer

Specifies an S3 user key identifier. Each user can only have a maximum of two keys. The key_id can either be '1' or '2'.

time_to_live

string

Indicates the time period from when this parameter is specified:

  • when creating or modifying a user or

  • when the user keys were last regenerated, after which the user keys expire and are no longer valid.

  • Valid format is: 'PnDTnHnMnS|PnW'. For example, P2DT6H3M10S specifies a time period of 2 days, 6 hours, 3 minutes, and 10 seconds.

  • If the value specified is '0' seconds, then the keys do not expire.

href

Name Type Description

href

string

Name Type Description

self

href

svm

SVM, applies only to SVM-scoped objects.

Name Type Description

_links

_links

name

string

The name of the SVM. This field cannot be specified in a PATCH method.

uuid

string

The unique identifier of the SVM. This field cannot be specified in a PATCH method.

s3_user

This is a container of S3 users.

Name Type Description

access_key

string

Specifies the access key for the user.

comment

string

Can contain any additional information about the user being created or modified.

key_expiry_time

string

Specifies the date and time after which keys expire and are no longer valid.

key_id

integer

Specifies the identifier of an S3 user key that needs to be generated or deleted. The key_id can either be '1' or '2'.

key_time_to_live

string

Indicates the time period from when this parameter is specified:

  • when creating or modifying a user or

  • when the user keys were last regenerated, after which the user keys expire and are no longer valid.

  • Valid format is: 'PnDTnHnMnS|PnW'. For example, P2DT6H3M10S specifies a time period of 2 days, 6 hours, 3 minutes, and 10 seconds.

  • If the value specified is '0' seconds, then the keys won't expire.

keys

array[keys]

Specifies the keys associated with an S3 User.

name

string

Specifies the name of the user. A user name length can range from 1 to 64 characters and can only contain the following combination of characters 0-9, A-Z, a-z, "_", "+", "=", ",", ".","@", and "-".

svm

svm

SVM, applies only to SVM-scoped objects.

Name Type Description

next

href

self

href

s3_service_user_post_response

Name Type Description

_links

collection_links

access_key

string

Specifies the access key for the user.

key_expiry_time

string

Specifies the date and time after which the keys expire and are no longer valid.

name

string

The name of the user.

secret_key

string

Specifies the secret key for the user.

error_arguments

Name Type Description

code

string

Argument code

message