Namespace Structure

Owned by Rumena Zlatkova (Deactivated)
Last updated: Jan 05, 2024 by Bala Harish A(AC)
3 min read

The Content Management API namespace structure exists for every storage domain handled by the Gateway. It is a global URI mapping for all requests that come through the Gateway. The URI base for the Management API is:

URI base for Management API
/_admin/manage/

Below are the URI suffixes along with the HTTP methods and the corresponding Policy actions for each. If a Policy action is blank, the method is always allowed by non-authenticated requests.

Note

User-defined names supplied by the application, such as a tenant or domain name, are surrounded with curly braces, such as {tenant} or {domain}.

Management URI Methods and Policy Actions

URI Suffix

HTTP Methods

Policy Actions

URI Suffix

HTTP Methods

Policy Actions

Only Root Policy

version

GET



tenants

GET

ListTenants

meter/usage

GET

ListTenants

meter/status

GET



tenants/{tenant}

PUT

CreateTenant

Merger of Root + Tenant Policy

tenants/{tenant}

GET

DELETE

GetTenant

DeleteTenant

tenants/{tenant}/meter/usage

GET

GetTenant

tenants/{tenant}/etc

GET

ListEtc

tenants/{tenant}/etc/{document}

PUT

GET

DELETE

PutPolicy

GetPolicy

DeletePolicy

tenants/{tenant}/tokens

GET

POST

ListTokens

CreateToken

tenants/{tenant}/tokens/{token}

GET

DELETE

ValidateToken

DeleteToken

tenants/{tenant}/domains

GET

ListDomains

tenants/{tenant}/domains/{domain}

PUT (1)

CreateDomain

Merger of Root + Tenant + Domain Policy

tenants/{tenant}/domains/{domain}

PUT (1)

GET

DELETE

PutDomain

GetDomain

DeleteDomain

tenants/{tenant}/domains/{domain}/meter/usage

GET

GetDomain

tenants/{tenant}/domains/{domain}/etc

GET

ListEtc

tenants/{tenant}/domains/{domain}/etc/{document}

PUT

GET

DELETE

PutPolicy

GetPolicy

DeletePolicy

tenants/{tenant}/domains/{domain}/uuid

GET

GetDomain

tenants/{tenant}/domains/{domainUUID}/name

GET

GetDomain

Merger of Root + Tenant + Domain + Bucket Policy

tenants/{tenant}/domains/{domain}/buckets/{bucket}/uuid

GET

GetBucket

tenants/{tenant}/domains/{domain}/buckets/{bucketUUID}/name

GET

GetBucket

Note

The policy action for the PUT method on the /_admin/manage/tenants/{tenant}/domains/{domain} URI depends upon whether or not the storage domain already exists. If the domain is being created (does not exist), CreateDomain can only be granted at the root or tenant scope and controls who can create a new domain. If the domain already exists, PutDomain controls who may change the domain and this can be granted at the root, tenant, or domain level.

Example: Getting the Management API version
GET /_admin/manage/version Host: anydomain.cloud.example.com

The URI namespace table includes the appropriate Policy documents merged together when evaluating the access control policy for Management API requests. For example, to create a storage domain for a tenant, the Root and Tenant Policy documents are merged together. To manipulate a storage domain after it is already created, the Root, Tenant, and Domain Policy documents are all merged together.

System Tenant

Because the use of tenants is optional and because Swarm storage clusters may have existing storage domains created outside of Gateway, there is a concept called the SYSTEM TENANT containing all storage domains in the cluster not assigned to a specific tenant. These are called untenanted storage domains and, for the purpose of API consistency, these storage domains are organized within a synthetic tenant named "_system" in the Management API.

Unlike other tenants, the system tenant does not have an owner, an IDSYS definition, a Policy, or authentication tokens. All domains within the system tenant are subject to the inheritance rules for the root IDSYS and Policy. These untenanted domains fall under the /_admin/manage/tenants/_system/ URI path of the Management API.

Example: Listing untenanted storage domains
GET /_admin/manage/tenants/_system/domains/ Host: anydomain.cloud.example.com

System Domain

For applications using untenanted, unnamed object content (created before the introduction of domains and named objects in Swarm), this content is accessed using the https://perifery.atlassian.net/wiki/spaces/public/pages/2443818312. For the purpose of API consistency, this content is organized within a synthetic domain named "_system" in the Management API.

Unlike other domains, the System domain does not have an owner or authentication tokens and does not support buckets. Domain UUID and name resolution are also not applicable. The System domain falls within the /_admin/manage/tenants/_system/domains/_system URI path of the Management API.

The following Management URI Methods and Policy Actions are not available for the System domain:

URI Suffix

HTTP Methods

Policy Actions

URI Suffix

HTTP Methods

Policy Actions

Merger of Root + Tenant + Domain Policy

tenants/{tenant}/domains/_system/uuid
*Domain UUID is not applicable to System domain

GET

GetDomain

tenants/{tenant}/domains/{domainUUID}/name
*Domain Name is not applicable to System domain

GET

GetDomain

Merger of Root + Tenant + Domain + Bucket Policy

*Bucket Policy is not applicable to System domain

GET

GetBucket

 

© DataCore Software Corporation. · https://www.datacore.com · All rights reserved.