S3-API Commands

Shell Description
S3-API Commands - User
leofs-adm create-user <user-id> <password>
  • Register the new user
  • Generate an S3 key pair (AccessKeyID and SecretAccessKey)
leofs-adm delete-user <user-id>
  • Remove the user
leofs-adm get-users
  • Retrieve the list of users
leofs-adm update-user-role
  • Update the user’s role
  • Currently, we are supporting two kinds of roles
  • 1: General user, 9: Administrator
S3-API Commands - Endpoint
leofs-adm add-endpoint <endpoint>
  • Register a new S3 Endpoint
  • LeoFS’ domains are ruled by this rule
leofs-adm delete-endpoint <endpoint>
  • Remove the endpoint
leofs-adm get-endpoints
  • Retrieve the list of endpoints
S3-API Commands - Bucket
leofs-adm add-bucket <bucket> <access-key-id>
  • Create the new bucket
leofs-adm delete-bucket <bucket> <access-key-id>
  • Remove the bucket and all files stored in the bucket
leofs-adm get-buckets
  • Retrieve the list of the buckets registered
leofs-adm get-bucket <access-key-id>
  • Retrieve the list of the buckets owned by the specified user
leofs-adm chown-bucket <bucket> <access-key-id>
  • v0.16.5- Change the owner of the bucket
leofs-adm update-acl <bucket> <access-key-id> (private | public-read | public-read-write)
  • v0.16.0- Update the ACL (Access Control List) for the bucket
  • Available ACL list:
    • private (default) : No one except the owner has access rights
    • public-read : All users have READ access
    • public-read-write : All users have READ and WRITE access

S3-API Commands - User

create-user <user-id> <password>

  • Register the new user
  • Generate an S3 key pair (AccessKeyID and SecretAccessKey)
$ leofs-adm create-user test_account password
access-key-id: be8111173c8218aaf1c3
secret-access-key: 929b09f9b794832142c59218f2907cd1c35ac163

delete-user <user-id>

Remove the user

$ leofs-adm delete-user test
ok

get-users

Retrieve the list of users

$ leofs-adm get-users
user_id     | access_key_id          | created_at
------------+------------------------+---------------------------
_test_leofs | 05236                  | 2012-12-07 10:27:39 +0900
leo         | 39bbad4f3b837ed209fb   | 2012-12-07 10:27:39 +0900

update-user-role <user-id> <role-id>

  • Update the user’s role
  • Currently, we are supporting two kinds of roles
  • role-id:
    • 1: General user
    • 9: Administrator
$ leofs-adm update-user-role 05236 1
OK

S3-API Commands - Endpoint

add-endpoint <endpoint>

  • Register a new Endpoint

Note

LeoFS domains are ruled by this rule

$ leofs-adm add-endpoint leo-project.net
OK

delete-endpoint <endpoint>

Remove the endpoint

$ leofs-adm delete-endpoint leo-project.net
OK

get-endpoints

Retrieve the list of endpoints

$ leofs-adm get-endpoints
endpoint         | created at
-----------------+---------------------------
s3.amazonaws.com | 2012-09-12 14:09:52 +0900
localhost        | 2012-09-12 14:09:52 +0900
leo-project.net  | 2012-09-12 14:09:52 +0900

S3-API Commands - Bucket

add-bucket <bcuket> <access-key-id>

Create the bucket
$ leofs-adm add-bucket backup 05236
OK

delete-bucket <bucket> <access-key-id>

Remove the bucket and all files stored in the bucket

$ leofs-adm delete-bucket backup 05236
OK

get-buckets

Retrieve the list of the buckets registered

$ leofs-adm get-buckets
cluster id   | bucket   | owner       | permissions                            | created at
-------------+----------+-------------+----------------------------------------+---------------------------
leofs_1      | backup   | _test_leofs | Me(full_control), Everyone(read)       | 2014-04-03 11:39:01 +0900
leofs_1      | docs     | _test_leofs | Me(full_control), Everyone(read)       | 2014-04-03 11:39:25 +0900
leofs_1      | logs     | _test_leofs | Me(full_control), Everyone(read,write) | 2014-04-03 11:39:38 +0900
leofs_1      | movie    | _test_leofs | Me(full_control)                       | 2014-04-03 11:39:45 +0900

get-bucket <access-key-id>

Retrieve the list of the buckets owned by the specified user

$ leofs-adm get-bucket 05236
bucket   | permissions                            | created at
---------+----------------------------------------+---------------------------
backup   | Me(full_control), Everyone(read)       | 2014-04-03 11:39:01 +0900
docs     | Me(full_control), Everyone(read)       | 2014-04-03 11:39:25 +0900
logs     | Me(full_control), Everyone(read,write) | 2014-04-03 11:39:38 +0900
movie    | Me(full_control)                       | 2014-04-03 11:39:45 +0900

chown-bucket <bucket> <access-key-id>

v0.16.5- Change the owner of the bucket

$ leofs-adm chown-bucket backup 47ad5ca9
OK

update-acl <bucket> <access-key-id>

  • v0.16.0- Update the ACL (Access Control List) for the bucket
  • Available ACL list:
    • private (default) : No one except the owner has access rights
    • public-read : All users have READ access
    • public-read-write : All users have READ and WRITE access
$ leofs-adm update-acl photo 05236 private
ok

$ leofs-adm update-acl photo 05236 public-read
ok

$ leofs-adm update-acl photo 05236 public-read-write
ok

Canned ACL

Note

When using S3-API, LeoFS supports a set of predefined grants, known as canned ACLs. Each canned ACL has a predefined a set of grantees and permissions. The following table lists the set of canned ACLs and the associated predefined grants.

Canned ACL Applies to Permissions added to ACL
private Bucket and object Owner gets FULL_CONTROL. No one else has access rights (default).
public-read Bucket and object Owner gets FULL_CONTROL. The AllUsers group gets READ access.
public-read-write Bucket and object Owner gets FULL_CONTROL. The AllUsers group gets READ and WRITE access. Granting this on a bucket is generally not recommended.