public interface RgwAdmin
Administer the Ceph Object Storage (a.k.a. Radosgw) service with user management, access controls, quotas and usage tracking among other features.
Note that to some operations needs proper configurations on radosgw, and require that the requester holds special administrative capabilities.
Created by petertc on 3/14/17.
Modifier and Type | Method and Description |
---|---|
java.util.List<Cap> |
addUserCapability(java.lang.String userId,
java.util.List<Cap> userCaps)
Add an administrative capability to a specified user.
|
java.util.Optional<java.lang.String> |
checkBucketIndex(java.lang.String bucketName,
boolean isCheckObjects,
boolean isFix)
Check the index of an existing bucket.
|
java.util.List<S3Credential> |
createS3Credential(java.lang.String userId)
Create a new S3 credential pair for the specified user.
|
java.util.List<S3Credential> |
createS3Credential(java.lang.String userId,
java.lang.String accessKey,
java.lang.String secretKey)
Create a new S3 credential for the specified user.
|
java.util.List<S3Credential> |
createS3CredentialForSubUser(java.lang.String userId,
java.lang.String subUserId)
Create a new S3 credential for the specified sub user.
|
java.util.List<S3Credential> |
createS3CredentialForSubUser(java.lang.String userId,
java.lang.String subUserId,
java.lang.String accessKey,
java.lang.String secretKey)
Create a new S3 credential for the specified subuser.
|
java.util.List<SubUser> |
createSubUser(java.lang.String userId,
java.lang.String subUserId,
java.util.Map<java.lang.String,java.lang.String> parameters)
Create a new subuser
|
SubUser |
createSubUser(java.lang.String userId,
java.lang.String subUserId,
SubUser.Permission permission,
CredentialType credentialType)
Create a new sub-user
|
SwiftCredential |
createSwiftCredentialForSubUser(java.lang.String userId,
java.lang.String subUserId)
Create a new swift credential for the specified sub user.
|
SwiftCredential |
createSwiftCredentialForSubUser(java.lang.String userId,
java.lang.String subUserId,
java.lang.String password)
Create a new swift credential for the specified sub user.
|
User |
createUser(java.lang.String userId)
Create a new user.
|
User |
createUser(java.lang.String userId,
java.util.Map<java.lang.String,java.lang.String> parameters)
Create a new user.
|
java.util.Optional<BucketInfo> |
getBucketInfo(java.lang.String bucketName)
Get information about a bucket.
|
java.util.Optional<java.lang.String> |
getBucketPolicy(java.lang.String bucketName)
Read the policy of a bucket.
|
java.util.Optional<Quota> |
getBucketQuota(java.lang.String userId)
Get bucket quota.
|
java.util.Optional<java.lang.String> |
getObjectPolicy(java.lang.String bucketName,
java.lang.String objectKey)
Read the policy of an object.
|
java.util.Optional<SubUser> |
getSubUserInfo(java.lang.String userId,
java.lang.String subUserId)
Get sub-user information.
|
java.util.Optional<UsageInfo> |
getUsage()
Request bandwidth usage information.
|
java.util.Optional<UsageInfo> |
getUsage(java.util.Map<java.lang.String,java.lang.String> parameters)
Request bandwidth usage information.
|
java.util.Optional<User> |
getUserInfo(java.lang.String userId)
Get user information.
|
java.util.Optional<Quota> |
getUserQuota(java.lang.String userId)
Get user quota.
|
java.util.Optional<UsageInfo> |
getUserUsage(java.lang.String userId)
Request bandwidth usage information for specified user.
|
java.util.Optional<UsageInfo> |
getUserUsage(java.lang.String userId,
java.util.Map<java.lang.String,java.lang.String> parameters)
Request bandwidth usage information for specified user.
|
void |
linkBucket(java.lang.String bucketName,
java.lang.String bucketId,
java.lang.String userId)
Link a bucket to a specified user, unlinking the bucket from any previous user.
|
java.util.List<java.lang.String> |
listBucket()
List all buckets.
|
java.util.List<java.lang.String> |
listBucket(java.lang.String userId)
List buckets belong to a user.
|
java.util.List<BucketInfo> |
listBucketInfo()
Get information about buckets.
|
java.util.List<BucketInfo> |
listBucketInfo(java.lang.String userId)
Get information about buckets under a given user.
|
java.util.List<java.lang.String> |
listSubUser(java.lang.String userId)
Get the subuser list under a user
|
java.util.List<SubUser> |
listSubUserInfo(java.lang.String userId)
Retrieve the sub-user information under a user
|
java.util.List<java.lang.String> |
listUser()
Get the user list
|
java.util.List<User> |
listUserInfo()
Get information about users exist in the system
|
User |
modifyUser(java.lang.String userId,
java.util.Map<java.lang.String,java.lang.String> parameters)
Modify a user.
|
void |
removeBucket(java.lang.String bucketName)
Delete an existing bucket.
|
void |
removeObject(java.lang.String bucketName,
java.lang.String objectKey)
Remove an existing object.
|
void |
removeS3Credential(java.lang.String userId,
java.lang.String accessKey)
Remove an existing S3 credential from the specified user.
|
void |
removeS3CredentialFromSubUser(java.lang.String userId,
java.lang.String subUserId,
java.lang.String accessKey)
Remove an existing S3 credential from the specified sub user.
|
void |
removeSubUser(java.lang.String userId,
java.lang.String subUserId)
Remove an existing subuser.
|
void |
removeSwiftCredentialFromSubUser(java.lang.String userId,
java.lang.String subUserId)
Remove the credential from the specified sub user.
|
void |
removeUser(java.lang.String userId)
Remove an existing user.
|
java.util.List<Cap> |
removeUserCapability(java.lang.String userId,
java.util.List<Cap> userCaps)
Remove an administrative capability from a specified user.
|
void |
setBucketQuota(java.lang.String userId,
long maxObjects,
long maxSizeKB)
Set or modify quotas on all buckets owned by a user.
|
void |
setIndividualBucketQuota(java.lang.String userId,
java.lang.String bucket,
long maxObjects,
long maxSizeKB)
Set or modify a quota on a given bucket.
|
java.util.List<SubUser> |
setSubUserPermission(java.lang.String userId,
java.lang.String subUserId,
SubUser.Permission permission)
Modify an existing subuser permission.
|
void |
setUserQuota(java.lang.String userId,
long maxObjects,
long maxSizeKB)
Set or modify a quota on a user.
|
void |
suspendUser(java.lang.String userId,
boolean suspend)
Suspend or resume a user
|
void |
trimUsage(java.util.Map<java.lang.String,java.lang.String> parameters)
Remove usage information.
|
void |
trimUserUsage(java.lang.String userId,
java.util.Map<java.lang.String,java.lang.String> parameters)
Remove usage information for specified user.
|
void |
unlinkBucket(java.lang.String bucketName,
java.lang.String userId)
Unlink a bucket from a specified user.
|
void trimUserUsage(java.lang.String userId, java.util.Map<java.lang.String,java.lang.String> parameters)
There are few parameters available to filter the query result as you wish, includes:
userId
- The user for which the information is requested.parameters
- optional parameters to filter the usage to delete.void trimUsage(java.util.Map<java.lang.String,java.lang.String> parameters)
There are few parameters available to filter the query result as you wish, includes:
parameters
- optional parameters to filter the usage to delete.java.util.Optional<UsageInfo> getUserUsage(java.lang.String userId)
See getUsage(Map)
java.util.Optional<UsageInfo> getUserUsage(java.lang.String userId, java.util.Map<java.lang.String,java.lang.String> parameters)
See getUsage(Map)
java.util.Optional<UsageInfo> getUsage()
See getUsage(Map)
java.util.Optional<UsageInfo> getUsage(java.util.Map<java.lang.String,java.lang.String> parameters)
Note that radosgw does not enable usage collection in default. To get usage, you need the following option:
rgw enable usage log = true
There are few parameters available to filter the query result as you wish, includes:
parameters
- optional parameters to filter the query result.java.util.List<Cap> addUserCapability(java.lang.String userId, java.util.List<Cap> userCaps)
Note that you can get the capability by getUserInfo(String)
userId
- The user ID to add an administrative capability to.userCaps
- The administrative capability to add to the user.java.util.List<Cap> removeUserCapability(java.lang.String userId, java.util.List<Cap> userCaps)
Note that you can get the capability by getUserInfo(String)
userId
- The user ID to remove an administrative capability from.userCaps
- The administrative capabilities to remove from the user.java.util.List<SubUser> createSubUser(java.lang.String userId, java.lang.String subUserId, java.util.Map<java.lang.String,java.lang.String> parameters)
Available parameters include:
Tips:
getUserInfo(String)
after creation.
userId
- The user ID under which a subuser is to be created.subUserId
- Specify the subuser ID to be created.parameters
- The subuser parameters.SubUser createSubUser(java.lang.String userId, java.lang.String subUserId, SubUser.Permission permission, CredentialType credentialType)
This method will create the sub-user with the automatically generated credential.
Tips:
getUserInfo(String)
after creation.
userId
- The user ID under which a subuser is to be created.subUserId
- Specify the subuser ID to be created. Should be in the relative form, i.e.,
does not contain the user id.permission
- The subuser permission.credentialType
- Specify credential type to be generated.java.util.List<SubUser> setSubUserPermission(java.lang.String userId, java.lang.String subUserId, SubUser.Permission permission)
Note that you can get the permission by getSubUserInfo(String, String)
userId
- The user ID under which a subuser is to be created.subUserId
- Specify the subuser ID to be created.permission
- Specify the subuser permission.java.util.List<SubUser> listSubUserInfo(java.lang.String userId)
userId
- The user ID under which subusers we interested tojava.util.Optional<SubUser> getSubUserInfo(java.lang.String userId, java.lang.String subUserId)
userId
- The user ID.subUserId
- The subuser IDvoid removeSubUser(java.lang.String userId, java.lang.String subUserId)
Note that the operation also removes credentials belonging to the subuser.
userId
- The user ID under which the subuser is to be removed.subUserId
- The subuser ID to be removed.java.util.List<S3Credential> createS3Credential(java.lang.String userId, java.lang.String accessKey, java.lang.String secretKey)
userId
- the specified user.accessKey
- S3 access keysecretKey
- S3 secret keyjava.util.List<S3Credential> createS3Credential(java.lang.String userId)
The credential will be automatically generated for the user. If you want to specify the
credential, please use createS3Credential(String, String, String)
userId
- the specified user.void removeS3Credential(java.lang.String userId, java.lang.String accessKey)
userId
- The specified user.accessKey
- The access key which is belonging to the credential to remove.java.util.List<S3Credential> createS3CredentialForSubUser(java.lang.String userId, java.lang.String subUserId, java.lang.String accessKey, java.lang.String secretKey)
userId
- The specified user.subUserId
- the specified sub user. Should not contain user id, i.e., bar instead of
foo:bar.accessKey
- S3 access key.secretKey
- S3 secret key.java.util.List<S3Credential> createS3CredentialForSubUser(java.lang.String userId, java.lang.String subUserId)
The credential will be automatically generated for the user. If you want to specify the
credential, please use createS3CredentialForSubUser(String, String, String, String)
userId
- the specified user.subUserId
- the specified sub user. Should not contain user id, i.e., bar instead of
foo:bar.void removeS3CredentialFromSubUser(java.lang.String userId, java.lang.String subUserId, java.lang.String accessKey)
userId
- the specified user.subUserId
- the specified sub user. Should not contain user id, i.e., bar instead of
foo:bar.accessKey
- The access key which is belonging to the credential to remove.SwiftCredential createSwiftCredentialForSubUser(java.lang.String userId, java.lang.String subUserId, java.lang.String password)
Tip: a subuser can have only one swift credential.
userId
- The specified user.subUserId
- the specified sub user. Should not contain user id, i.e., bar instead of
foo:bar.password
- The specified swift password.SwiftCredential createSwiftCredentialForSubUser(java.lang.String userId, java.lang.String subUserId)
The credential will be automatically generated for the user. If you want to specify it,
please use createSwiftCredentialForSubUser(String, String, String)
Tip: a subuser can have only one swift credential.
userId
- The specified user.subUserId
- The specified sub user. Should not contain user id, i.e., bar instead of
foo:bar.void removeSwiftCredentialFromSubUser(java.lang.String userId, java.lang.String subUserId)
userId
- the specified user.subUserId
- the specified sub user. Should not contain user id, i.e., bar instead of
foo:bar.void removeBucket(java.lang.String bucketName)
Note that the operation asks radosgw to purge objects in the bucket before deletion.
bucketName
- The bucket to remove.void linkBucket(java.lang.String bucketName, java.lang.String bucketId, java.lang.String userId)
bucketName
- The bucket name to unlink.bucketId
- The bucket id to unlink. Example: dev.6607669.420. (You can get this by getBucketInfo(String)
)userId
- The user ID to link the bucket to.void unlinkBucket(java.lang.String bucketName, java.lang.String userId)
bucketName
- The bucket to unlink.userId
- The user ID to unlink the bucket from.java.util.Optional<java.lang.String> checkBucketIndex(java.lang.String bucketName, boolean isCheckObjects, boolean isFix)
NOTE: to check multipart object accounting with check-objects, fix must be set to True.
Example response:
[ ]{ }{ "existing_header":{ "usage":{ } }, "calculated_header":{ "usage":{ } } }
bucketName
- The bucket to return info on.isCheckObjects
- Check multipart object accounting. Example: True [False]isFix
- Also fix the bucket index when checking. Example: False [False]java.util.List<java.lang.String> listBucket()
java.util.List<java.lang.String> listBucket(java.lang.String userId)
userId
- The bucket owner we interested.java.util.List<BucketInfo> listBucketInfo()
java.util.List<BucketInfo> listBucketInfo(java.lang.String userId)
userId
- The user to retrieve bucket information for.java.util.Optional<BucketInfo> getBucketInfo(java.lang.String bucketName)
bucketName
- The bucket to return info on.User createUser(java.lang.String userId)
An S3 key pair will be created automatically and returned in the response. If you want to
customize user properties or create a Swift user, use createUser(String, Map)
instead.
userId
- The user ID to be created.User createUser(java.lang.String userId, java.util.Map<java.lang.String,java.lang.String> parameters)
You can customize user properties or create a Swift user by set the parameters. Available parameters includes:
If only one of access-key or secret-key is provided, the omitted key will be automatically generated. By default, a generated key is added to the keyring without replacing an existing key pair. If access-key is specified and refers to an existing key owned by the user then it will be modified.
userId
- The user ID to be created.parameters
- The user properties.java.util.Optional<User> getUserInfo(java.lang.String userId)
userId
- The user for which the information is requested.java.util.List<java.lang.String> listUser()
java.util.List<java.lang.String> listSubUser(java.lang.String userId)
userId
- The user ID under which subusers we interested to.java.util.List<User> listUserInfo()
User modifyUser(java.lang.String userId, java.util.Map<java.lang.String,java.lang.String> parameters)
Available parameters include:
userId
- The user ID to be modified.parameters
- Optional parameters.void suspendUser(java.lang.String userId, boolean suspend)
userId
- The user ID to be suspended or resumed.suspend
- Set true to suspend the user and vice versa.void removeUser(java.lang.String userId)
Note that the buckets and objects belonging to the user will also be removed.
userId
- The user ID to be removed.java.util.Optional<Quota> getUserQuota(java.lang.String userId)
userId
- The user ID to get quota.java.util.Optional<Quota> getBucketQuota(java.lang.String userId)
userId
- The bucket owner ID to get quota.void setIndividualBucketQuota(java.lang.String userId, java.lang.String bucket, long maxObjects, long maxSizeKB)
getBucketInfo(String)
Tips: To use this feature, you need Ceph v13.0.2 (mimic) or above.
userId
- The bucket owner to set quota.bucket
- The bucket to set quota.maxObjects
- The max-objects setting allows you to specify the maximum number of objects.
A negative value disables this setting.maxSizeKB
- The max-size option allows you to specify a quota for the maximum number of
bytes. A negative value disables this setting.void setBucketQuota(java.lang.String userId, long maxObjects, long maxSizeKB)
userId
- The bucket owner to set quota.maxObjects
- The max-objects setting allows you to specify the maximum number of objects.
A negative value disables this setting.maxSizeKB
- The max-size option allows you to specify a quota for the maximum number of
bytes. A negative value disables this setting.void setUserQuota(java.lang.String userId, long maxObjects, long maxSizeKB)
userId
- The user to set quota.maxObjects
- The max-objects setting allows you to specify the maximum number of objects.
A negative value disables this setting.maxSizeKB
- The max-size option allows you to specify a quota for the maximum number of
bytes. A negative value disables this setting.void removeObject(java.lang.String bucketName, java.lang.String objectKey)
NOTE: Does not require the owner to be non-suspended.
bucketName
- The bucket containing the object to be removed.objectKey
- The object to remove.java.util.Optional<java.lang.String> getObjectPolicy(java.lang.String bucketName, java.lang.String objectKey)
Note that the term "policy" here does not stand for "S3 bucket policy". Instead, it represents S3 Access Control Policy (ACP).
We return JSON string instead of the concrete model here due to the server returns the internal data structure which is not well defined. For example:
{ "acl":{ "acl_user_map":[ { "user":"rgwAdmin4jTest-6d6a2645-0219-4e49-8493-0bdc8cb00e19", "acl":15 } ], "acl_group_map":[ ], "grant_map":[ { "id":"rgwAdmin4jTest-6d6a2645-0219-4e49-8493-0bdc8cb00e19", "grant":{ "type":{ "type":0 }, "id":"rgwAdmin4jTest-6d6a2645-0219-4e49-8493-0bdc8cb00e19", "email":"", "permission":{ "flags":15 }, "name":"rgwAdmin4jTest-6d6a2645-0219-4e49-8493-0bdc8cb00e19", "group":0, "url_spec":"" } } ] }, "owner":{ "id":"rgwAdmin4jTest-6d6a2645-0219-4e49-8493-0bdc8cb00e19", "display_name":"rgwAdmin4jTest-6d6a2645-0219-4e49-8493-0bdc8cb00e19" } }
bucketName
- The bucket to which the object belong to.objectKey
- The object to read the policy from.java.util.Optional<java.lang.String> getBucketPolicy(java.lang.String bucketName)
Note that the term "policy" here does not stand for "S3 bucket policy". Instead, it represents S3 Access Control Policy (ACP).
We return JSON string instead of the concrete model here due to the server returns the internal data structure which is not well defined. For example:
{ "acl":{ "acl_user_map":[ { "user":"rgwAdmin4jTest-6d6a2645-0219-4e49-8493-0bdc8cb00e19", "acl":15 } ], "acl_group_map":[ ], "grant_map":[ { "id":"rgwAdmin4jTest-6d6a2645-0219-4e49-8493-0bdc8cb00e19", "grant":{ "type":{ "type":0 }, "id":"rgwAdmin4jTest-6d6a2645-0219-4e49-8493-0bdc8cb00e19", "email":"", "permission":{ "flags":15 }, "name":"rgwAdmin4jTest-6d6a2645-0219-4e49-8493-0bdc8cb00e19", "group":0, "url_spec":"" } } ] }, "owner":{ "id":"rgwAdmin4jTest-6d6a2645-0219-4e49-8493-0bdc8cb00e19", "display_name":"rgwAdmin4jTest-6d6a2645-0219-4e49-8493-0bdc8cb00e19" } }
bucketName
- The bucket to read the policy from.Copyright © 2019. All rights reserved.