Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

The Content Management API namespace structure exists for every storage domain that is handled by the Gateway. It is a global URI mapping for all requests that come through the Gateway. The URI base for the Management API is:

URI base for Management API
/_admin/manage/

Below are the URI suffixes along with the HTTP methods and the corresponding Policy actions for each. If a Policy action is blank, the method is always allowed by non-authenticated requests.

Note

User-defined names supplied by the application, such as a tenant or domain name, are surrounded with curly braces, such as {tenant} or {domain}.

Management URI Methods and Policy Actions

URI Suffix

HTTP Methods

Policy Actions

Only Root Policy

version

GET


tenants

GET

ListTenants

meter/usageGETListTenants
meter/statusGET

tenants/{tenant}

PUT

CreateTenant

Merger of Root + Tenant Policy

tenants/{tenant}

GET

DELETE

GetTenant

DeleteTenant

tenants/{tenant}/meter/usageGETGetTenant

tenants/{tenant}/etc

GET

ListEtc

tenants/{tenant}/etc/{document}

PUT

GET

DELETE

PutPolicy

GetPolicy

DeletePolicy

tenants/{tenant}/tokens

GET

POST

ListTokens

CreateToken

tenants/{tenant}/tokens/{token}

GET

DELETE

ValidateToken

DeleteToken

tenants/{tenant}/domains

GET

ListDomains

tenants/{tenant}/domains/{domain}

PUT (1)

CreateDomain

Merger of Root + Tenant + Domain Policy

tenants/{tenant}/domains/{domain}

PUT (1)

GET

DELETE

PutDomain

GetDomain

DeleteDomain

tenants/{tenant}/domains/{domain}/meter/usage

GET

GetDomain

tenants/{tenant}/domains/{domain}/etc

GET

ListEtc

tenants/{tenant}/domains/{domain}/etc/{document}

PUT

GET

DELETE

PutPolicy

GetPolicy

DeletePolicy

tenants/{tenant}/domains/{domain}/uuidGETGetDomain
tenants/{tenant}/domains/{domainUUID}/nameGETGetDomain
Merger of Root + Tenant + Domain + Bucket Policy
tenants/{tenant}/domains/{domain}/buckets/{bucket}/uuidGETGetBucket
tenants/{tenant}/domains/{domain}/buckets/{bucketUUID}/nameGETGetBucket

Note 1: The policy action for the PUT method on the /_admin/manage/tenants/{tenant}/domains/{domain} URI depends upon whether or not the storage domain already exists. If the domain is being created (does not exist), CreateDomain can only be granted at the root or tenant scope and controls who can create a new domain. If the domain already exists, PutDomain controls who may change the domain and this can be granted at the root, tenant, or domain level.

Example: Getting the Management API version
GET /_admin/manage/version
Host: anydomain.cloud.example.com

The URI namespace table includes the appropriate Policy documents that are merged together when evaluating the access control policy for Management API requests. For example, to create a storage domain for a tenant, the Root and Tenant Policy documents are merged together. To manipulate a storage domain after it is already created, the Root, Tenant, and Domain Policy documents are all merged together.

System Tenant

Because the use of tenants is optional and because Swarm storage clusters may have existing storage domains created outside of Gateway, there is a concept called the SYSTEM TENANT that contains all of the storage domains in the cluster that are not assigned to a specific tenant. These are called untenanted storage domains and, for the purpose of API consistency, these storage domains are organized within a synthetic tenant named "_system" in the Management API.

Unlike other tenants, the system tenant does not have an owner, an IDSYS definition, a Policy, or authentication tokens. All domains within the system tenant are subject to the inheritance rules for the root IDSYS and Policy. These untenanted domains fall under the /_admin/manage/tenants/_system/ URI path of the Management API.

Example: Listing untenanted storage domains
GET /_admin/manage/tenants/_system/domains/
Host: anydomain.cloud.example.com

System Domain

For applications that use untenanted, unnamed object content (created before the introduction of domains and named objects in Swarm), this content is accessed via the System domain. For the purpose of API consistency, this content is organized within a synthetic domain named "_system" in the Management API.

Unlike other domains, the System domain does not have an owner or authentication tokens and does not support buckets. Domain UUID and name resolution are also not applicable. The System domain falls within the /_admin/manage/tenants/_system/domains/_system URI path of the Management API.

The following Management URI Methods and Policy Actions are not available for the System domain:

URI Suffix

HTTP Methods

Policy Actions

Merger of Root + Tenant + Domain Policy

tenants/{tenant}/domains/_system/uuid
*Domain UUID is not applicable to System domain		GETGetDomain
tenants/{tenant}/domains/{domainUUID}/name
*Domain Name is not applicable to System domain		GETGetDomain
Merger of Root + Tenant + Domain + Bucket Policy
*Bucket Policy is not applicable to System domainGETGetBucket
  • No labels

© DataCore Software Corporation. · https://www.datacore.com · All rights reserved.