Create bucket
This sections describes bucket creation.
Base Command
PUT <accesser>:8338/container/{bucket.name}
A PUT issued to the container followed by a string that specifies the name of the bucket to be created. Bucket names must be unique. Bucket names must be DNS-compliant, i.e., 3 - 63 characters long and must be made of lower case letters, numbers, and dashes. Bucket names must begin and end with a lower case letter or number. Bucket names that resemble IP addresses are not allowed. This operation does not use operation-specific headers or query parameters.
Request
| Request Parameter | Style | Required | Type | Description |
|---|---|---|---|---|
| storage_location | Body | Optional | String | Corresponding to the provisioning code of a container vault; it is also referred as the location of the container in the Cloud mode; when it is not provided, the default provisioning code from container vault template would be used. When this parameter is not provided in either, the request will be rejected with 400 HTTP error. |
| service_instance | Body | Required | String | The service instance or storage account id that owns the bucket. |
| acl | Body | Optional | Object | An array of pairs of grantee and permission. If there are multiple permissions for the same
grantee, multiple entries are
required. Refer to table below called "ACL JSON (request)" |
| hard_quota | Body | Optional | String | Container hard quota in bytes, default 0 (no limit). Format BigInteger. |
| firewall | Body | Optional | Object |
The firewall restriction, includes allowed or denied IP addresses lists.
When the field is not specified in the request, it defaults to empty, i.e. no IP restriction at the bucket-level. In such a case, IP access control configured at the container vault level is applied to the bucket. If no IP access control specified for the container vault, then the bucket can be accessed from public IP. Refer to table below called "Firewall (request)" |
| notifications | Body | Optional | Object | This object is valid in on-premises cloud Container Mode when the Operator has configured the
container vault to specify the notification topic for the container using the Service API. If the
notifications object is not present, then notifications is disabled for the container. The Operator should use the Manager UI/REST API to determine the topic configuration setting for a container vault. Refer to table below called Notifications (request)" |
| Parameter | Type | Description |
|---|---|---|
| grantee | String | The Storage account ID or service instance granted to the permissions |
| permission | String | The permission for the grantee in the format of "READ", "WRITE, "READ_ACP", "WRITE_ACP" and "FULL_CONTROL" |
| Parameter | Type | Description | Format |
|---|---|---|---|
| allowed_ip | String | Array of string of allowed continuous non-overlapping IP address ranges for the container. If a request from a client IP that is not in this IP address list, the client request is rejected. When this parameter is not provided, the bucket is allowed to be accessed from IP address other than those in denied_ip list. If neither is provided, bucket is allowed to be accessed from any IP address | Array of IPv4 or IPv6 addresses in CIDR format |
| denied_ip | String | Array of string of denied continuous non-overlapping IP address ranges for the container. If a request from a client IP that is in this IP address list, the client request is rejected. Denied IP addresses might be used together with allowed IP as the “excluded sub-range of IP address” from the allowed large IP address range. When this parameter is not provided, the bucket is allowed to be accessed from IP address defined in allowed_ip list. | Array of IPv4 or IPv6 addresses in CIDR format |
| Parameter | Type | Description | Format |
|---|---|---|---|
| topic | String |
The topic on which the container's notifications shall be published. Notification of object-change events are published on this topic of the Notification Service assigned to the container vault, if the Notification Service is enabled. Only a single topic is supported for a container. Note: Required, Yes if the notifications object is present
|
1-249 characters in length. Valid characters: Alphanumeric, hyphen, period, underscore. |
Response
| Response Parameter | Style | Type | Description |
|---|---|---|---|
| X-Timestamp | Head | String | The date and time in UNIX Epoch time stamp format when the container was initially created for current version |
| storage_location | Body | String | The storage_location of the bucket or the provisioning code of the container vault. |
| name | Body | String | The name of the bucket |
| service_instance | Body | String | The service instance or storage account id that owns the bucket |
| acl | Body | Object | A JSON map of grantees and their list of permissions on the bucket. It is not visible if content is not defined. |
| retention_policy | Body | String | Bucket retention policy. Return JSON element with container vault “status” with value in format of enum of “ENABLED” | “DISABLED” |
| cors | Body | Object | The bucket's Cross-Origin Resource Sharing (CORS) configuration; when it is not defined, the object is not visible. |
| hard_quota | Body | String | Container hard quota bytes, default 0, no quota. Format BigInteger. |
| firewall | Body | Object | Container IP access control restriction information. When it is not defined the object is not visible. |
| notifications | Body | Object | Configuration of notifications for the container. This object is optional and valid in On-Prem Container Mode only. If the notifications object is not present in the request, then notifications is disabled for this container. Refer to table below called "Notifications (response) Parameter" |
| time_created | Body | String | The creation time of the bucket in RFC 3339 format. Format “date-time” |
| time_updated | Body | String | The modification time of the bucket in RFC 3339 format. Format “date-time” |
| Parameter | Type | Description | Format |
|---|---|---|---|
| topic | String |
The topic on which the container's notifications shall be published. Notification of object-change events are published on this topic of the Notification Service assigned to the container vault, if the Notification Service is enabled. Only a single topic is supported for a container. Note: Required, Yes if the notifications object is present
|
1-249 characters in length. Valid characters: Alphanumeric, hyphen, period, underscore. |
| HTTP Response Code | Description |
|---|---|
| 201 Created | The bucket was properly created |
| 400 Bad Request |
Request contains too many request element, request timeout, duplicate request header/fields, invalid argument, the bucket is a vault, invalid hard_quota, invalid storage_location, malformed acl, firewall or JSON, UnresolvableGrantByEmailAddress, metadata too large, too many buckets, missing request body, invalid format for notifications object, notifications object present when container vault is not assigned to a Notification Service or is not set to configure the topic at the container, notifications object specified in cloud mode, Notifications Service is disabled, etc. Detail error message is be provided on specific error. |
| 401 Unauthorized | The provided token is invalid or could not be verified. |
| 403 Forbidden | Access Denied |
| 404 Not Found | The specified account does not exist |
| 409 Conflict | Conflict from the ranges in IP restriction, or a conflict bucket creation is in progress. |
| 500 Internal Server Error | Internal Server Error |
Examples
- Example: Create bucket example without mutable parameters
- Request
-
PUT <accesser>:8338/container/my-bucket { "storage_location":"us-south", "service_instance":"731fc6f265cd486d900f16e84c5cb594" } - Response
-
HTTP/1.1 201 CREATED Content-Length: 263 Content-Type: application/JSON; charset=utf-8 X-Trans-Id: tx8ea13a3a835544d8bebf1-0056eb522a Date: Fri, 12 Apr 2019 00:56:10 GMT X-Timestamp: 1555083117.22774 { "storage_location":"us-south", "name":"my-bucket", "service_instance":"731fc6f265cd486d900f16e84c5cb594", "retention_policy":{ "status":"DISABLED" }, "hard_quota":0, "time_created":"2019-04-12T00:56:10Z", "time_updated":"2019-04-12T00:56:10Z" }
- Example: Create bucket command with ACL, IP, notifications, and quota Request
- Request
-
{ "storage_location":"us-south", "service_instance":"731fc6f265cd486d900f16e84c5cb594", "acl":[ { "grantee":"user1", "permission":"WRITE" } ], "hard_quota":107374182400, "firewall":{ "allowed_ip":[ "192.168.28.100/24", "192.168.25.200/32" ], "denied_ip":[ "192.169.10.100/30" ] }, "notifications":{ "topic":"my-bucket_topic" } } - Response
-
HTTP/1.1 201 CREATED Content-Length: 263 Content-Type: application/JSON; charset=utf-8 X-Trans-Id: tx8ea13a3a835544d8bebf1-0056eb522a Date: Fri, 12 Apr 2019 00:56:10 GMT X-Timestamp: 1555083117.22774 { "storage_location":"us-south", "name":"my-bucket", "service_instance":"731fc6f265cd486d900f16e84c5cb594", "acl":{ "user1":[ "WRITE" ] }, "retention_policy":{ "status":"DISABLED" }, "hard_quota":107374182400, "firewall":{ "allowed_ip":[ "192.168.28.100/24", "192.168.25.200/32" ], "denied_ip":[ "192.169.10.100/30" ] }, "notifications":{ "topic": "my-bucket_topic" }, "time_created":"2019-04-12T00:56:10Z", "time_updated":"2019-04-12T00:56:10Z" }