The Content Management API namespace structure exists for every storage domain that is handled by the Gateway. It is a global URI mapping for all requests that come through the Gateway. The URI base for the Management API is:
Code Block | ||||
---|---|---|---|---|
| ||||
/_admin/manage/ |
Below are the URI suffixes along with the HTTP methods and the corresponding Policy actions for each. If a Policy action is blank, the method is always allowed by non-authenticated requests.
Info | ||
---|---|---|
| ||
User-defined names supplied by the application, such as a tenant or domain name, are surrounded with curly braces, such as {tenant} or {domain}. |
Management URI Methods and Policy Actions
URI Suffix | HTTP Methods | Policy Actions |
---|---|---|
Only Root Policy | ||
version | GET | |
tenants | GET | ListTenants |
meter/usage | GET | ListTenants |
meter/status | GET | |
tenants/{tenant} | PUT | CreateTenant |
Merger of Root + Tenant Policy | ||
tenants/{tenant} | GET DELETE | GetTenant DeleteTenant |
tenants/{tenant}/meter/usage | GET | GetTenant |
tenants/{tenant}/etc | GET | ListEtc |
tenants/{tenant}/etc/{document} | PUT GET DELETE | PutPolicy GetPolicy DeletePolicy |
tenants/{tenant}/tokens | GET POST | ListTokens CreateToken |
tenants/{tenant}/tokens/{token} | GET DELETE | ValidateToken DeleteToken |
tenants/{tenant}/domains | GET | ListDomains |
tenants/{tenant}/domains/{domain} | PUT (1) | CreateDomain |
Merger of Root + Tenant + Domain Policy | ||
tenants/{tenant}/domains/{domain} | PUT (1) GET DELETE | PutDomain GetDomain DeleteDomain |
tenants/{tenant}/domains/{domain}/meter/usage | GET | GetDomain |
tenants/{tenant}/domains/{domain}/etc | GET | ListEtc |
tenants/{tenant}/domains/{domain}/etc/{document} | PUT GET DELETE | PutPolicy GetPolicy DeletePolicy |
tenants/{tenant}/domains/{domain}/uuid | GET | GetDomain |
tenants/{tenant}/domains/{domainUUID}/name | GET | GetDomain |
Merger of Root + Tenant + Domain + Bucket Policy | ||
tenants/{tenant}/domains/{domain}/buckets/{bucket}/uuid | GET | GetBucket |
tenants/{tenant}/domains/{domain}/buckets/{bucketUUID}/name | GET | GetBucket |
Note 1: The policy action for the PUT method on the /_admin/manage/tenants/{tenant}/domains/{domain}
URI depends upon whether or not the storage domain already exists. If the domain is being created (does not exist), CreateDomain can only be granted at the root or tenant scope and controls who can create a new domain. If the domain already exists, PutDomain controls who may change the domain and this can be granted at the root, tenant, or domain level.
Code Block | ||
---|---|---|
| ||
GET /_admin/manage/version Host: anydomain.cloud.example.com |
The URI namespace table includes the appropriate Policy documents that are merged together when evaluating the access control policy for Management API requests. For example, to create a storage domain for a tenant, the Root and Tenant Policy documents are merged together. To manipulate a storage domain after it is already created, the Root, Tenant, and Domain Policy documents are all merged together.
Anchor | ||||
---|---|---|---|---|
|
Because the use of tenants is optional and because Swarm storage clusters may have existing storage domains created outside of Gateway, there is a concept called the SYSTEM TENANT that contains all of the storage domains in the cluster that are not assigned to a specific tenant. These are called untenanted storage domains and, for the purpose of API consistency, these storage domains are organized within a synthetic tenant named "_system
" in the Management API.
Unlike other tenants, the system tenant does not have an owner, an IDSYS definition, a Policy, or authentication tokens. All domains within the system tenant are subject to the inheritance rules for the root IDSYS and Policy. These untenanted domains fall under the /_admin/manage/tenants/_system/
URI path of the Management API.
Code Block | ||
---|---|---|
| ||
GET /_admin/manage/tenants/_system/domains/ Host: anydomain.cloud.example.com |
Anchor | ||||
---|---|---|---|---|
|
For applications that use untenanted, unnamed object content (created before the introduction of domains and named objects in Swarm), this content is accessed via the System domain. For the purpose of API consistency, this content is organized within a synthetic domain named "_system" in the Management API.
Unlike other domains, the System domain does not have an owner or authentication tokens and does not support buckets. Domain UUID and name resolution are also not applicable. The System domain falls within the /_admin/manage/tenants/_system/domains/_system URI path of the Management API.
The following Management URI Methods and Policy Actions are not available for the System domain:
URI Suffix | HTTP Methods | Policy Actions |
---|---|---|
Merger of Root + Tenant + Domain Policy | ||
tenants/{tenant}/domains/ *Domain UUID is not applicable to System domain | GET | GetDomain |
tenants/{tenant}/domains/ *Domain Name is not applicable to System domain | GET | GetDomain |
Merger of Root + Tenant + Domain + | ||
*Bucket Policy is not applicable to System domain | GET | GetBucket |