Skip to main content
REST API reference

Update an S3 user configuration

PDFs

PATCH /protocols/s3/services/{svm.uuid}/users/{name}

Introduced In: 9.7

Updates the S3 user configuration of an SVM.

Important notes

  • User access_key and secret_key pair can be regenerated using the PATCH operation.

  • User access_key and secret_key is returned in a PATCH operation if the "regenerate_keys" field is specified as true.

  • If "regenerate_keys" is true and user keys have expiry configuration, then "key_expiry_time" is also returned as part of response.

  • User access_key and secret_key pair can be deleted using the PATCH operation.

  • regenerate_keys - Specifies if secret_key and access_key need to be regenerated.

  • delete_keys - Specifies if secret_key and access_key need to be deleted.

  • comment - Any information related to the S3 user.

  • vserver object-store-server user show

  • vserver object-store-server user regenerate-keys

  • vserver object-store-server user delete-keys

Learn more

Parameters

Name Type In Required Description

name

string

path

True

User name

regenerate_keys

boolean

query

False

Specifies whether or not to regenerate the user keys.

  • Default value:

delete_keys

boolean

query

False

Specifies whether or not to delete the user keys.

  • Introduced in: 9.14

  • Default value:

svm.uuid

string

path

True

UUID of the SVM to which this object belongs.

Request Body

Name Type Description

access_key

string

Specifies the access key for the user.

comment

string

Can contain any additional information about the user being created or modified.

key_expiry_time

string

Specifies the date and time after which keys expire and are no longer valid.

key_time_to_live

string

Indicates the time period from when this parameter is specified:

  • when creating or modifying a user or

  • when the user keys were last regenerated, after which the user keys expire and are no longer valid.

  • Valid format is: 'PnDTnHnMnS|PnW'. For example, P2DT6H3M10S specifies a time period of 2 days, 6 hours, 3 minutes, and 10 seconds.

  • If the value specified is '0' seconds, then the keys won't expire.

secret_key

string

Specifies the secret key for the user.

svm

svm

SVM, applies only to SVM-scoped objects.
Example request 
{
  "access_key": "HJAKU28M3SXTE2UXUACV",
  "comment": "S3 user",
  "key_expiry_time": "2023-12-31 19:00:00 -0500",
  "key_time_to_live": "PT6H3M",
  "secret_key": "dummy_secret_key_1234_abcd_ldjf",
  "svm": {
    "name": "svm1",
    "uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
  }
}

Response

Status: 200, Ok
Name Type Description

num_records

integer

Number of records

records

array[s3_service_user_post_response]
Example response 
{
  "num_records": 1,
  "records": [
    {
      "access_key": "HJAKU28M3SXTE2UXUACV",
      "key_expiry_time": "2023-12-31 19:00:00 -0500",
      "name": "user-1",
      "secret_key": "BcA_HX6If458llhnx3n1TCO3mg4roCXG0ddYf_cJ"
    }
  ]
}

Error

Status: Default

ONTAP Error Response Codes

Error Code Description

92405792

Failed to regenerate access-key and secret-key for user.

92406082

Cannot perform "regenerate_keys" and "delete_keys" operations simultaneously on an S3 user.

92406081

The "regenerate_keys" operation on S3 User "user-2" in SVM "vs1" succeeded. However, modifying all of the other S3 user properties failed. Reason: resource limit exceeded. Retry the operation again without specifying the "regenerate_keys" parameter.

92406080

Cannot delete root user keys because there exists at least one S3 SnapMirror relationship that is using these keys.

92406083

The maximum supported value for user key expiry configuration is "1095" days.

92406088

The "key_time_to_live" parameter can only be used when the "regenerate_keys" operation is performed.

92406096

The user does not have permission to access the requested resource \"{0}\".

92406097

Internal error. The operation configuration is not correct.

92406196

The specified value for the "key_time_to_live" field cannot be greater than the maximum limit specified for the "max_key_time_to_live" field in the object store server.

92406197

Object store user "user-2" must have a non-zero value for the "key_time_to_live" field because the maximum limit specified for the "max_key_time_to_live" field in the object store server is not zero.

92406200

An object store user with the same access-key already exists.

92406201

Missing access-key or secret-key. Either provide both of the keys or none. If not provided, keys are generated automatically.

92406202

The "delete_keys" operation must be performed without specifying the user keys.

92406205

The object store user access key contains invalid characters. Valid characters are 0-9 and A-Z.

92406308

Cannot disable user "user1" in SVM "vs1" because the user belongs to at least one object store group. Remove the user from all groups before disabling the user.

Definitions

See Definitions

href

Name Type Description

href

string

_links

svm

SVM, applies only to SVM-scoped objects.

Name Type Description

name

string

The name of the SVM. This field cannot be specified in a PATCH method.

uuid

string

The unique identifier of the SVM. This field cannot be specified in a PATCH method.

s3_user

This is a container of S3 users.

Name Type Description

access_key

string

Specifies the access key for the user.

comment

string

Can contain any additional information about the user being created or modified.

key_expiry_time

string

Specifies the date and time after which keys expire and are no longer valid.

key_time_to_live

string

Indicates the time period from when this parameter is specified:

  • when creating or modifying a user or

  • when the user keys were last regenerated, after which the user keys expire and are no longer valid.

  • Valid format is: 'PnDTnHnMnS|PnW'. For example, P2DT6H3M10S specifies a time period of 2 days, 6 hours, 3 minutes, and 10 seconds.

  • If the value specified is '0' seconds, then the keys won't expire.

secret_key

string

Specifies the secret key for the user.

svm

svm

SVM, applies only to SVM-scoped objects.

s3_service_user_post_response

Name Type Description

access_key

string

Specifies the access key for the user.

key_expiry_time

string

Specifies the date and time after which the keys expire and are no longer valid.

name

string

The name of the user.

secret_key

string

Specifies the secret key for the user.

error_arguments

Name Type Description

code

string

Argument code

message

string

Message argument

returned_error

Name Type Description

arguments

array[error_arguments]

Message arguments

code

string

Error code

message

string

Error message

target

string

The target parameter that caused the error.