Setting Container Metadata

Setting Container ACLs

A container has two ACLs, X-Container-Read and X-Container-Write, each of which can consist of a comma-separated list of roles or referrer designations.
  • The roles can be built-in roles or custom roles. Custom roles are defined in the My Services Security page.
    • For a role that was provisioned as part of another service instance, the format is: domainName.serviceName.roleName

    • For a custom role, the format is: domainName.roleName
  • A referrer designation indicates the host (or hosts) for which access to the container should be allowed or denied. When the server receives a request for the container, it compares the referrer designations specified in the appropriate ACL (depending on whether it is a read or write request) with the value of the Referer header in the request, and determines whether access should be allowed or denied.

    The syntax of the referrer designation is: .r:value

    • value indicates the host for which access to the container should be allowed. It can be a specific host name (example: .r:www.example.com), a domain (example: .r:.example.com), or an asterisk (.r:*) to indicate all hosts. Note that if .r:* is specified, objects in the container will be publicly readable without authentication.

    • A minus sign (-) before value (example: .r:-temp.example.com) indicates that the host specified in the value field must be denied access to the container.

    • By default, read access to a container does not include permission to list the objects in the container. To allow listing of objects as well, include the .rlistings directive in the ACL (example: .r:*,.rlistings).

For information about using the REST API to set container ACLs, see Special Metadata: Container ACLs in OpenStack Object Storage Service API Reference. For information about using the Java library to set container ACLs, see setContainerAcl in Java API Reference for Oracle Cloud Storage Service.

cURL Command Syntax

curl -v -X POST -H 'X-Auth-Token: token' —H ‘X-Container-Read: item[,item...]’ —H ‘X-Container-Write: item[,item...]’ accountURL/containerName

cURL Command Examples

The following commands set up ACLs for the container named myContainer:
  • Provide write access for any user with the predefined role, Storage_ReadWriteGroup and the custom role, myCustomRole:

    curl -v -X POST -H 'X-Auth-Token: AUTH_tkb4fdf39c92e9f62cca9b7c196f8b6e6b' -H 'X-Container-Write: myDomain.Storage.Storage_ReadWriteGroup,myDomain.myCustomRole' https://storage.us2.oraclecloud.com/v1/Storage-ORACLEGENZ138479113098/myContainer

  • Provide read access for all hosts and also allow listing of the objects in the container:

    curl -v -X POST -H 'X-Auth-Token: AUTH_tkb4fdf39c92e9f62cca9b7c196f8b6e6b' -H 'X-Container-Read: .r:*,.rlistings' https://storage.us2.oraclecloud.com/v1/Storage-myDomain/myContainer

Setting Container Quotas

For each container, you can set quotas for the maximum number of bytes the container can contain (X-Container-Meta-Quota-Bytes) and the maximum number of objects the container can contain (X-Container-Meta-Quota-Count).

For information about using the REST API to set container quotas, see Container Quotas in OpenStack Object Storage Service API Reference. The Java library does not support this.

cURL Command Syntax

curl -v -X POST -H 'X-Auth-Token: token' —H ‘X-Container-Meta-Quota-Bytes: maxBytes’ —H ‘X-Container-Meta-Quota-Count: maxObjectsaccountURL/containerName

cURL Command Example

curl -v -X POST -H 'X-Auth-Token: AUTH_tkb4fdf39c92e9f62cca9b7c196f8b6e6b' —H ‘X-Container-Meta-Quota-Bytes: 10737418240’ —H ‘X-Container-Meta-Quota-Count: 100’ https://storage.us2.oraclecloud.com/v1/Storage-ORACLEGENZ138479113098/myContainer

This command sets a quota of 10737418240 bytes (10 GB) and 100 objects for the container named myContainer.

Setting Custom Metadata for Containers

Custom metadata are arbitrary key-value pairs associated with a container. You may create any custom or arbitrary metadata you need.

  • For information about using the REST API to create custom metadata for containers, see Create or Update Container Metadata in OpenStack Object Storage Service API Reference.

    cURL command syntax

    curl -v -X POST -H 'X-Auth-Token: token' —H ‘X-Container-Meta-Name: valueaccountURL/containerName

    cURL command example

    curl -v -X POST -H 'X-Auth-Token: AUTH_tkb4fdf39c92e9f62cca9b7c196f8b6e6b' —H ‘X-Container-Meta-Category: Books’ https://storage.us2.oraclecloud.com/v1/Storage-ORACLEGENZ138479113098/myContainer

  • For information about using the Java library to create custom metadata for containers, see updateContainerMetadata in Java API Reference for Oracle Cloud Storage Service.