User Management

Create User

curl -H "Content-Type:application/json" -X POST --data '{"id":"testuser","pwd":"12345","type":3}' "http://10.196.59.198:17010/user/create"

Creates a user in the cluster for accessing object storage.

Note

When the cluster starts, the root user (type value is 0x1) is automatically created.

CubeFS regards the Owner field of a volume as a user ID. For example, if the Owner value is testuser when creating a volume, the volume is automatically assigned to the user testuser.

If there is no user ID with the same value as Owner when creating a volume, a user ID with the value of Owner is automatically created when creating the volume.

Parameter List

ParameterTypeDescriptionValue RangeRequiredDefault Value
idstringUser IDConsists of letters, numbers, and underscores, and does not exceed 21 charactersYesNone
pwdstringUser passwordNo restrictionsNoCubeFSUser
akstringAccess Key for object storageConsists of 16 letters and numbersNoSystem-generated
skstringSecret Key for object storageConsists of 32 letters and numbersNoSystem-generated
typeintUser type2 (administrator)/3 (ordinary user)YesNone

Delete User

curl -v "http://10.196.59.198:17010/user/delete?user=testuser"

Deletes the specified user in the cluster.

Parameter List

ParameterTypeDescription
userstringUser ID

Query User Information

Displays basic user information, including user ID, Access Key, Secret Key, list of volumes owned by the user, list of permissions granted by other users, user type, creation time, etc.

The policy field in the user information indicates the volumes for which the user has permissions. The own_vols field indicates the volumes whose owner is the user, and the authorized_vols field indicates the volumes authorized by other users and the permission restrictions they have.

There are two ways to obtain user information:

Query by User ID

curl -v "http://10.196.59.198:17010/user/info?user=testuser" | python -m json.tool

Parameter List

ParameterTypeDescription
userstringUser ID

Query by Access Key

curl -v "http://10.196.59.198:17010/user/akInfo?ak=0123456789123456" | python -m json.tool

Parameter List

ParameterTypeDescription
akstring16-digit Access Key of the user

Response Example

{
     "user_id": "testuser",
     "access_key": "gDcKaBvqky4g8StT",
     "secret_key": "ZVY5RHlrnOrCjImW9S3MajtYZyxSegcf",
     "policy": {
         "own_vols": ["vol1"],
         "authorized_vols": {
             "ltptest": [
                 "perm:builtin:ReadOnly",
                 "perm:custom:PutObjectAction"
             ]
         }
     },
     "user_type": 3,
     "create_time": "2020-05-11 09:25:04"
}

Query User List

curl -v "http://10.196.59.198:17010/user/list?keywords=test" | python -m json.tool

Queries information about all users in the cluster whose user ID contains a certain keyword.

Parameter List

ParameterTypeDescription
keywordsstringKeyword to search for in user IDs

Update User Information

curl -H "Content-Type:application/json" -X POST --data '{"user_id":"testuser","access_key":"KzuIVYCFqvu0b3Rd","secret_key":"iaawlCchJeeuGSnmFW72J2oDqLlSqvA5","type":3}' "http://10.196.59.198:17010/user/update"

Updates the information of the specified user ID, including Access Key, Secret Key, and user type.

Parameter List

ParameterTypeDescriptionRequired
user_idstringUser ID to updateYes
access_keystringNew Access Key valueNo
secret_keystringNew Secret Key valueNo
typeintNew user typeNo

User Authorization

curl -H "Content-Type:application/json" -X POST --data '{"user_id":"testuser","volume":"vol","policy":["perm:builtin:ReadOnly","perm:custom:PutObjectAction"]}' "http://10.196.59.198:17010/user/updatePolicy"

Updates the access permissions of a specified user for a certain volume. The value of policy can be one of the following:

  • Read-only or read-write permission, with a value of perm:builtin:ReadOnly or perm:builtin:Writable
  • Permission for a specified operation, in the format of action:oss:XXX. For example, for the GetObject operation, the policy value is action:oss:GetObject
  • Custom permission, in the format of perm:custom:XXX, where XXX is defined by the user.

After specifying the permissions, the user can only access the volume within the specified permission range when using the object storage function.

Warning

If the user already has permission settings for this volume, this operation will overwrite the original permissions.

Parameter List

ParameterTypeDescriptionRequired
user_idstringUser ID to set permissions forYes
volumestringName of the volume to set permissions forYes
policystring slicePermissions to setYes

Remove User Permissions

curl -H "Content-Type:application/json" -X POST --data '{"user_id":"testuser","volume":"vol"}' "http://10.196.59.198:17010/user/removePolicy"

Removes all permissions of a specified user for a certain volume.

Parameter List

ParameterTypeDescriptionRequired
user_idstringUser ID to remove permissions forYes
volumestringName of the volume to remove permissions forYes

Transfer Volume

curl -H "Content-Type:application/json" -X POST --data '{"volume":"vol","user_src":"user1","user_dst":"user2","force":true}' "http://10.196.59.198:17010/user/transferVol"

Transfers ownership of a specified volume. This operation removes the specified volume from the source user and adds it to the target user. At the same time, the value of the Owner field in the volume structure is updated to the user ID of the target user.

Parameter List

ParameterTypeDescriptionRequired
volumestringName of the volume to transfer ownership ofYes
user_srcstringOriginal owner of the volume, which must be the same as the original value of the Owner field of the volumeYes
user_dststringTarget user ID to transfer ownership toYes
forceboolWhether to force the transfer of the volume. If set to true, the volume will be transferred to the target user even if the value of user_src is not equal to the value of the Owner field of the volumeNo
Edit on GitHub