aboutsummaryrefslogtreecommitdiff
path: root/doc/drafts
diff options
context:
space:
mode:
authorAlex Auvolat <alex@adnab.me>2022-05-12 11:19:41 +0200
committerAlex Auvolat <alex@adnab.me>2022-05-12 11:19:41 +0200
commitfc2f73ddb5ecaca250daa7b034fe59fb8c47f570 (patch)
treef4287c3a90c32e2c9ea69c14085273ec32544749 /doc/drafts
parentfe399a326506a9d8870cb7783a57495849793d2c (diff)
downloadgarage-fc2f73ddb5ecaca250daa7b034fe59fb8c47f570.tar.gz
garage-fc2f73ddb5ecaca250daa7b034fe59fb8c47f570.zip
BucketAllowKey and BucketDenyKey
Diffstat (limited to 'doc/drafts')
-rw-r--r--doc/drafts/admin-api.md45
1 files changed, 45 insertions, 0 deletions
diff --git a/doc/drafts/admin-api.md b/doc/drafts/admin-api.md
index 048b77fb..5dc3f127 100644
--- a/doc/drafts/admin-api.md
+++ b/doc/drafts/admin-api.md
@@ -456,3 +456,48 @@ or no alias at all.
Deletes a storage bucket. A bucket cannot be deleted if it is not empty.
Warning: this will delete all aliases associated with the bucket!
+
+
+## Operations on permissions for keys on buckets
+
+### BucketAllowKey `POST /bucket/allow`
+
+Allows a key to do read/write/owner operations on a bucket.
+
+Request body format:
+
+```json
+{
+ "bucketId": "e6a14cd6a27f48684579ec6b381c078ab11697e6bc8513b72b2f5307e25fff9b",
+ "accessKeyId": "GK31c2f218a2e44f485b94239e",
+ "permissions": {
+ "read": true,
+ "write": true,
+ "owner": true
+ },
+}
+```
+
+Flags in `permissions` which have the value `true` will be activated.
+Other flags will remain unchanged.
+
+### BucketDenyKey `POST /bucket/deny`
+
+Denies a key from doing read/write/owner operations on a bucket.
+
+Request body format:
+
+```json
+{
+ "bucketId": "e6a14cd6a27f48684579ec6b381c078ab11697e6bc8513b72b2f5307e25fff9b",
+ "accessKeyId": "GK31c2f218a2e44f485b94239e",
+ "permissions": {
+ "read": false,
+ "write": false,
+ "owner": true
+ },
+}
+```
+
+Flags in `permissions` which have the value `true` will be deactivated.
+Other flags will remain unchanged.