Setting Container Metadata

Setting Container ACLs

Any user with the Service Administrator role can perform this task.

A container has two ACLs, X-Container-Read and X-Container-Write, each of which can consist of a comma-separated list of roles or referrer designations.

  • The roles can be built-in roles or custom roles. Custom roles are defined in the My Services Security page.
    • For a role that was provisioned as part of another service instance, the format is domainName.serviceName.roleName
    • For a custom role, the format is domainName.roleName
  • A referrer designation indicates the host (or hosts) for which access to the container should be allowed or denied. When the server receives a request for the container, it compares the referrer designations specified in the appropriate ACL (depending on whether it is a read or write request) with the value of the Referer header in the request, and determines whether access should be allowed or denied. The syntax of the referrer designation is: .r:value
    • value indicates the host for which access to the container should be allowed. It can be a specific host name (example: .r:www.example.com), a domain (example: .r:.example.com), or an asterisk (.r:*) to indicate all hosts. Note that if .r:* is specified, objects in the container will be publicly readable without authentication.
    • A minus sign (-) before value (example: .r:-temp.example.com) indicates that the host specified in the value field must be denied access to the container.
    • By default, read access to a container does not include permission to list the objects in the container. To allow listing of objects as well, include the .rlistings directive in the ACL (example: .r:*,.rlistings).

For information about using the Java library to set container ACLs, see setContainerAcl in Java API Reference for Oracle Cloud Storage Service.

For information about using the REST API to set container ACLs, see Special Metadata: Container ACLs in OpenStack Object Storage Service API Reference.

cURL Command Syntax

curl -v -X POST \
     -H "X-Auth-Token: token" \
     –H "X-Container-Read: item[,item...]" \
     –H "X-Container-Write: item[,item...]" accountURL/containerName

cURL Command Examples

The following commands set up ACLs for the container named FirstContainer:
  • Provide write access for any user with the predefined role, Storage_ReadWriteGroup and the custom role, myCustomRole:
    curl -v -X POST \
            -H "X-Auth-Token: AUTH_tkb4fdf39c92e9f62cca9b7c196f8b6e6b" \
            -H "X-Container-Write: myDomain.Storage.Storage_ReadWriteGroup,myDomain.myCustomRole" \
            https://storage.us2.oraclecloud.com/v1/Storage-myIdentityDomain/FirstContainer
    
    The output for providing write access to a container FirstContainer is as follows:
    * About to connect() to storage.us2.oraclecloud.com port 443 (#0)
    *   Trying 160.34.0.51... connected
    * Connected to storage.us2.oraclecloud.com (160.34.0.51) port 443 (#0)
    * Initializing NSS with certpath: sql:/etc/pki/nssdb
    *   CAfile: /etc/pki/tls/certs/ca-bundle.crt
      CApath: none
    * SSL connection using TLS_RSA_WITH_AES_128_CBC_SHA
    * Server certificate:
    *       subject: CN=*.us2.oraclecloud.com,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US
    *       start date: Oct 22 00:00:00 2014 GMT
    *       expire date: Dec 21 23:59:59 2015 GMT
    *       common name: *.us2.oraclecloud.com
    *       issuer: CN=Symantec Class 3 Secure Server CA - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US
    > POST /v1/Storage-myIdentityDomain/FirstContainer HTTP/1.1
    > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.14.0.0 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
    > Host: storage.us2.oraclecloud.com
    > Accept: */*
    > X-Auth-Token: AUTH_tkb4fdf39c92e9f62cca9b7c196f8b6e6b
    > X-Container-Write:Storage-myIdentityDomain.Storage.Storage_ReadWriteGroup,Storage-myIdentityDomain.myCustomRole
    >
    < HTTP/1.1 204 No Content
    < Date: Fri, 06 Mar 2015 11:19:21 GMT
    < Content-Length: 0
    < Content-Type: text/html; charset=UTF-8
    < X-Trans-Id: txbf2c736d57494bf88e76a-0054f98d39
    < Cache-Control: no-cache
    < Pragma: no-cache
    < Content-Language: en
    <
    * Connection #0 to host storage.us2.oraclecloud.com left intact
    * Closing connection #0
    
  • Provide read access for all hosts and also allow listing of the objects in the container:
    curl -v -X POST \
         -H "X-Auth-Token: AUTH_tkb4fdf39c92e9f62cca9b7c196f8b6e6b" \
         -H "X-Container-Read: .r:*,.rlistings" \
         https://storage.us2.oraclecloud.com/v1/Storage-myDomain/FirstContainer
    

    The output for providing read access to a container FirstContainer is as follows:

    * About to connect() to storage.us2.oraclecloud.com port 443 (#0)
    *   Trying 160.34.0.51... connected
    * Connected to storage.us2.oraclecloud.com (160.34.0.51) port 443 (#0)
    * Initializing NSS with certpath: sql:/etc/pki/nssdb
    *   CAfile: /etc/pki/tls/certs/ca-bundle.crt
      CApath: none
    * SSL connection using TLS_RSA_WITH_AES_128_CBC_SHA
    * Server certificate:
    *       subject: CN=*.us2.oraclecloud.com,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US
    *       start date: Oct 22 00:00:00 2014 GMT
    *       expire date: Dec 21 23:59:59 2015 GMT
    *       common name: *.us2.oraclecloud.com
    *       issuer: CN=Symantec Class 3 Secure Server CA - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US
    > POST /v1/Storage-myIdentityDomain/FirstContainer HTTP/1.1
    > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.14.0.0 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
    > Host: storage.us2.oraclecloud.com
    > Accept: */*
    > X-Auth-Token: AUTH_tkb4fdf39c92e9f62cca9b7c196f8b6e6b
    > X-Container-Read: .r:*,.rlistings
    >
    < HTTP/1.1 204 No Content
    < Date: Fri, 06 Mar 2015 11:23:16 GMT
    < Content-Length: 0
    < Content-Type: text/html; charset=UTF-8
    < X-Trans-Id: tx9127a70f18144c17afce5-0054f98e24
    < Cache-Control: no-cache
    < Pragma: no-cache
    < Content-Language: en
    <
    * Connection #0 to host storage.us2.oraclecloud.com left intact
    * Closing connection #0

HTTP Response Codes

Setting Container Quotas

For each container, you can set quotas for the maximum number of bytes the container can contain (X-Container-Meta-Quota-Bytes) and the maximum number of objects the container can contain (X-Container-Meta-Quota-Count).

Any user with the Service Administrator role can perform this task.

For information about using the REST API to set container quotas, see Container Quotas in OpenStack Object Storage Service API Reference. The Java library does not support this task.

cURL Command Syntax

curl -v -X POST \
     -H "X-Auth-Token: token" \
     -H "X-Container-Meta-Quota-Bytes: maxBytes" \
     -H "X-Container-Meta-Quota-Count: maxObjects" accountURL/containerName

cURL Command Example

curl -v -X POST \
     -H "X-Auth-Token: AUTH_tkb4fdf39c92e9f62cca9b7c196f8b6e6b" \
     -H "X-Container-Meta-Quota-Bytes: 10737418240" \
     -H "X-Container-Meta-Quota-Count: 100" \
     https://storage.us2.oraclecloud.com/v1/Storage-myIdentityDomain/FirstContainer

This command sets a quota of 10737418240 bytes (10 GB) and 100 objects for the container named FirstContainer. The output is as follows:

* About to connect() to storage.us2.oraclecloud.com port 443 (#0)
*   Trying 160.34.0.51... connected
* Connected to storage.us2.oraclecloud.com (160.34.0.51) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLS_RSA_WITH_AES_128_CBC_SHA
* Server certificate:
*       subject: CN=*.us2.oraclecloud.com,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US
*       start date: Oct 22 00:00:00 2014 GMT
*       expire date: Dec 21 23:59:59 2015 GMT
*       common name: *.us2.oraclecloud.com
*       issuer: CN=Symantec Class 3 Secure Server CA - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US
> POST /v1/Storage-myIdentityDomain/FirstContainer HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.14.0.0 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: storage.us2.oraclecloud.com
> Accept: */*
> X-Auth-Token: AUTH_tkb4fdf39c92e9f62cca9b7c196f8b6e6b
> X-Container-Meta-Quota-Bytes: 10737418240
> X-Container-Meta-Quota-Count: 100
>
< HTTP/1.1 204 No Content
< Date: Fri, 06 Mar 2015 11:32:19 GMT
< Content-Length: 0
< Content-Type: text/html; charset=UTF-8
< X-Trans-Id: txe8869b3edea348e5b49eb-0054f99043
< Cache-Control: no-cache
< Pragma: no-cache
< Content-Language: en
<
* Connection #0 to host storage.us2.oraclecloud.com left intact
* Closing connection #0

HTTP Response Codes

Setting Custom Metadata for Containers

Custom metadata are arbitrary key-value pairs associated with a container. You may create any custom or arbitrary metadata you need.

Any user with the Service Administrator role can perform this task.

For information about using the Java library to create custom metadata for containers, see updateContainerMetadata in Java API Reference for Oracle Cloud Storage Service.

For information about using the REST API to create custom metadata for containers, see Create or Update Container Metadata in OpenStack Object Storage Service API Reference.

cURL Command Syntax

curl -v -X POST \
     -H "X-Auth-Token: token" \
     -H "X-Container-Meta-Name: value" \
     accountURL/containerName

cURL Command Example

curl -v -X POST \
     -H "X-Auth-Token: AUTH_tkb4fdf39c92e9f62cca9b7c196f8b6e6b" \
     -H "X-Container-Meta-Category: Books" \
     https://storage.us2.oraclecloud.com/v1/Storage-myIdentityDomain/FirstContainer

The output for setting custom metadata to a container FirstContainer is as follows:

* About to connect() to storage.us2.oraclecloud.com port 443 (#0)
*   Trying 160.34.0.51... connected
* Connected to storage.us2.oraclecloud.com (160.34.0.51) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLS_RSA_WITH_AES_128_CBC_SHA
* Server certificate:
*       subject: CN=*.us2.oraclecloud.com,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US
*       start date: Oct 22 00:00:00 2014 GMT
*       expire date: Dec 21 23:59:59 2015 GMT
*       common name: *.us2.oraclecloud.com
*       issuer: CN=Symantec Class 3 Secure Server CA - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US
> POST /v1/Storage-myIdentityDomain/FirstContainer HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.14.0.0 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: storage.us2.oraclecloud.com
> Accept: */*
> X-Auth-Token: AUTH_tkb4fdf39c92e9f62cca9b7c196f8b6e6b
> X-Container-Meta-Category: Books
>
< HTTP/1.1 204 No Content
< Date: Fri, 06 Mar 2015 11:35:35 GMT
< Content-Length: 0
< Content-Type: text/html; charset=UTF-8
< X-Trans-Id: tx3e77b77de39f4097a5a49-0054f99107
< Cache-Control: no-cache
< Pragma: no-cache
< Content-Language: en
<
* Connection #0 to host storage.us2.oraclecloud.com left intact
* Closing connection #0

HTTP Response Codes