If you have a storage domain that was created outside the Content Management API (such as a replication cluster), it is possible to have a tenant adopt it so you can access it through the Content Portal. However, if that storage domain was created with Swarm's legacy auth/auth, there is a special variation to the domain adoption procedure, noted below.
Verify the following for domain adoption:
The tenant exists.
The cluster administrator executes these actions directly against the storage cluster and not through the Gateway.
Note
This is a highly privileged operation that has no equivalent request within the Gateway.
To adopt a domain
Get all of the custom metadata that is attached to the domain.
Update the domain providing all custom metadata and an
x-tenant-meta-nameheader.
This is an example of the commands. The strings {tenant} and {domain} are substituted for the actual tenant name and storage domain name.
The first step is to retrieve all of the current, custom metadata name/value pairs for the domain:
HEAD /?domain={domain}
If the domain has Swarm's legacy auth/auth on it, there will be a Castor-Authorization header in the response or you may receive a "401 Unauthorized" response to the previous request. See the section below for instructions to remove the legacy auth/auth.
Deprecated
The native Swarm auth/auth feature is deprecated and will be removed after June 2017.
Only certain field names are valid as custom metadata. In general, you can use Castor-* (except for Castor-System-*), Content-*, X-*-Meta, and X-*-Meta-* headers in the HEAD response as custom metadata for the storage domain. With the exception of Castor-Authorization, these are the fields that you will want to preserve.
For details about headers, see SCSP Headers and SCSP COPY.
After getting all of the custom metadata name/value pairs (denoted as {mdName#} and {mdValue#}) from the HEAD request, use the COPY request to replace all of the storage domain object's metadata and include the adoptive tenant's name:
COPY /?domain={domain}&replicate=immediate
x-tenant-meta-name: {tenant}
{mdName1}: {mdValue1}
{mdName2}: {mdValue2}
...
The x-tenant-meta-name must match the name of an existing tenant that was created through the Gateway Management API or Content Portal.
Upon completion of the domain adoption procedure, the storage domain will now be subject to the tenant access control policy in addition to the root and domain policies. Additionally, if the storage domain does not define its own IDSYS, was previously using the root IDSYS, and the adoptive tenant defines an IDSYS, the storage domain will switch to using the tenant IDSYS instead of the root IDSYS.
Removing legacy auth/auth
If the storage domain has the legacy auth/auth on it, you need to remove it so the domain can be used correctly through Gateway. These examples will use the curl command line utility since it is able to perform HTTP digest authentication. You can adapt these examples for use with another tool or library in order to issue the HEAD and COPY commands. Since this process is very similar to the previous one for domains without legacy auth/auth, references will be made to the instructions from the previous section. The {adminUser} username in these examples must be for one of the Swarm administrators defined in the storage cluster's configuration. The {storageNode} string is the host or IP for any node in the storage cluster.
Get the current metadata for the storage domain.
curl -I --digest -u {adminUser}
--location-trusted
'http://{storageNode}/?domain={domain}'
You need all of the custom metadata name/value pairs with the exception of the Castor-Authorization header.
The previously described COPY request will be performed using HTTP digest authentication.
curl -X COPY --digest -u {adminUser}
--location-trusted
-H 'x-tenant-meta-name: {tenant}'
-H '{mdName1}: {mdValue1}'
-H '{mdName2}: {mdValue2}'
...
'http://{storageNode}/?domain={domain}&replicate=immediate'
All prior discussion about the x-tenant-meta-name value and post-creation domain behavior apply.