Namespace Structure
The Content Management API namespace structure exists for every storage domain handled by the Gateway. It is a global URI mapping for all requests that come through the Gateway. The URI base for the Management API is:
URI base for Management API
/_admin/manage/
Below are the URI suffixes along with the HTTP methods and the corresponding Policy actions for each. If a Policy action is blank, the method is always allowed by non-authenticated requests.
Note
User-defined names supplied by the application, such as a tenant or domain name, are surrounded with curly braces, such as {tenant} or {domain}.
Management URI Methods and Policy Actions
URI Suffix | HTTP Methods | Policy Actions |
---|---|---|
Only Root Policy | ||
version | GET | |
tenants | GET | ListTenants |
meter/usage | GET | ListTenants |
meter/status | GET | |
tenants/{tenant} | PUT | CreateTenant |
Merger of Root + Tenant Policy | ||
tenants/{tenant} | GET DELETE | GetTenant DeleteTenant |
tenants/{tenant}/meter/usage | GET | GetTenant |
tenants/{tenant}/etc | GET | ListEtc |
tenants/{tenant}/etc/{document} | PUT GET DELETE | PutPolicy GetPolicy DeletePolicy |
tenants/{tenant}/tokens | GET POST | ListTokens CreateToken |
tenants/{tenant}/tokens/{token} | GET DELETE | ValidateToken DeleteToken |
tenants/{tenant}/domains | GET | ListDomains |
tenants/{tenant}/domains/{domain} | PUT (1) | CreateDomain |
Merger of Root + Tenant + Domain Policy | ||
tenants/{tenant}/domains/{domain} | PUT (1) GET DELETE | PutDomain GetDomain DeleteDomain |
tenants/{tenant}/domains/{domain}/meter/usage | GET | GetDomain |
tenants/{tenant}/domains/{domain}/etc | GET | ListEtc |
tenants/{tenant}/domains/{domain}/etc/{document} | PUT GET DELETE | PutPolicy GetPolicy DeletePolicy |
tenants/{tenant}/domains/{domain}/uuid | GET | GetDomain |
tenants/{tenant}/domains/{domainUUID}/name | GET | GetDomain |
Merger of Root + Tenant + Domain + Bucket Policy | ||
tenants/{tenant}/domains/{domain}/buckets/{bucket}/uuid | GET | GetBucket |
tenants/{tenant}/domains/{domain}/buckets/{bucketUUID}/name | GET | GetBucket |
Note
The policy action for the PUT method on the /_admin/manage/tenants/{tenant}/domains/{domain}
URI depends upon whether or not the storage domain already exists. If the domain is being created (does not exist), CreateDomain can only be granted at the root or tenant scope and controls who can create a new domain. If the domain already exists, PutDomain controls who may change the domain and this can be granted at the root, tenant, or domain level.
Example: Getting the Management API version
GET /_admin/manage/version
Host: anydomain.cloud.example.com
The URI namespace table includes the appropriate Policy documents merged together when evaluating the access control policy for Management API requests. For example, to create a storage domain for a tenant, the Root and Tenant Policy documents are merged together. To manipulate a storage domain after it is already created, the Root, Tenant, and Domain Policy documents are all merged together.
System Tenant
Because the use of tenants is optional and because Swarm storage clusters may have existing storage domains created outside of Gateway, there is a concept called the SYSTEM TENANT containing all storage domains in the cluster not assigned to a specific tenant. These are called untenanted storage domains and, for the purpose of API consistency, these storage domains are organized within a synthetic tenant named "_system
" in the Management API.
Unlike other tenants, the system tenant does not have an owner, an IDSYS definition, a Policy, or authentication tokens. All domains within the system tenant are subject to the inheritance rules for the root IDSYS and Policy. These untenanted domains fall under the /_admin/manage/tenants/_system/
URI path of the Management API.
Example: Listing untenanted storage domains
GET /_admin/manage/tenants/_system/domains/
Host: anydomain.cloud.example.com
System Domain
For applications using untenanted, unnamed object content (created before the introduction of domains and named objects in Swarm), this content is accessed using the System Domain and Legacy Mode for Gateway. For the purpose of API consistency, this content is organized within a synthetic domain named "_system" in the Management API.
Unlike other domains, the System domain does not have an owner or authentication tokens and does not support buckets. Domain UUID and name resolution are also not applicable. The System domain falls within the /_admin/manage/tenants/_system/domains/_system URI path of the Management API.
The following Management URI Methods and Policy Actions are not available for the System domain:
URI Suffix | HTTP Methods | Policy Actions |
---|---|---|
Merger of Root + Tenant + Domain Policy | ||
tenants/{tenant}/domains/_system/uuid | GET | GetDomain |
tenants/{tenant}/domains/{domainUUID}/name | GET | GetDomain |
Merger of Root + Tenant + Domain + Bucket Policy | ||
*Bucket Policy is not applicable to System domain | GET | GetBucket |
© DataCore Software Corporation. · https://www.datacore.com · All rights reserved.