Lyve Cloud Object Storage API User Guide

Credentials Management (STS)

The STS endpoint (https://sts.example.lyve.seagate.com) allows managing temporary user tokens and performing login with username and password. Requests to the STS endpoint must be signed specifying "sts" as service.

AssumeRole

Get a set of temporary keys for a user with access/secret keys:

POST /?Action=AssumeRole

POST Parameters

Parameter	Description
Action	must be set to AssumeRole
Version	must be set to 2011-06-15
DurationSeconds	token validity in seconds, between 15 minutes and 12 hours. Defaults to 15 minutes
RoleSessionName	required but ignored
RoleArn	required but ignored

Example Request

    POST / HTTP/1.1
    Host: sts.example.rstorcloud.io
    Content-Length: 80
    Content-Type: application/x-www-form-urlencoded; charset=utf-8
    Authorization: [...]
    X-Amz-Date: [...]

    Action=AssumeRole&RoleArn=Required1&RoleSessionName=Required2&Version=2011-06-15

Response

On success, an XML document containing the requested credentials at AssumeRoleResult/Credentials is returned. An error status code is returned otherwise.

    <AssumeRoleResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
    <AssumeRoleResult>
        <Credentials>
            <SessionToken>42</SessionToken>
            <SecretAccessKey>EXAMPLESECRETACCESSKEYXXXXXXXXXXXXXXXXXXXXXXXXI6GGPQ</SecretAccessKey>
            <Expiration>2019-02-25T14:40:05.410Z</Expiration>
            <AccessKeyId>AWS4XXXEXAMPLEACCESSKEYID4UYJN3RQWFVFXBOP7FMOQLIXYZXYZ</AccessKeyId>
        </Credentials>
        <AssumedRoleUser>
            <Arn>arn:aws:sts::42:assumed-role/demo/Test</Arn>
            <AssumeRoleId>AWS4XXXEXAMPLEACCESSKEYID4UYJN3RQWFVFXBOP7FMOQLIDNXYZXYZ:Jim</AssumeRoleId>
        </AssumedRoleUser>
        <PackedPolicySize>42</PackedPolicySize>
    </AssumeRoleResult>
    <ResponseMetadata>
        <RequestId>42</RequestId>
    </ResponseMetadata>
</AssumeRoleResponse>

Perform a login retrieving the credential and the user details.

Parameter	Description
Customer	the name of the customer
UserName	the username (can be the email) of the user
Password	the current user password
OTP	a valid One Time Password (if needed)
DurationSeconds	specify the duration of the session (the validity time for the key)

Extra headers used to authenticate the request when whitelisting is enabled:

Header	Description
x-rstor-customer	specify the customer name

Example request

    POST / HTTP/1.1
    Host: sts.lyve.seagate.com
    User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0
    Accept: application/json, text/plain, */*
    Accept-Language: en,it-IT;q=0.8,it;q=0.5,en-US;q=0.3
    Accept-Encoding: gzip, deflate, br
    Content-Type: application/x-www-form-urlencoded;charset=UTF-8
    Content-Length: 123
    Connection: keep-alive
    Pragma: no-cache
    Cache-Control: no-cache
    x-lyve-customer: fastvideo

    Action=RSLogin&Version=2011-06-15&DurationSeconds=300&Customer=fastvideo&UserName=super@fastvideo.com&Password=Hg27TxBBfOzZntb&OTP=

Example response

{
    "RequestId":"050517212914402dd8aedfc50bb0dad0",
    "Credentials": {
        "SessionToken":"",
        "SecretAccessKey":"I/Ki9fZqmLkdWrAgIrKVdp6amEu9Q40CoRPVNpSeKVS",
        "Expiration":"2019-10-14T14:13:03.500533224Z",
        "AccessKeyId":"STX09VFCSKU9OZJY5Y4PLWD9"
    },
    "UserInfo": {
        "Id":"100000000209",
        "Name":"super@fastvideo.com",
        "PwdMustChange":false,
        "Email":"super@fastvideo.com",
        "Firstname":"Clark",
        "Lastname":"Kent",
        "Type":"user",
        "CreatedOn":"2019-10-03T15:37:52.635Z",
        "LastAccess":"2019-10-14T13:13:03.500533224Z",
        "Path":"",
        "Root":"lyve:fastvideo",
        "TFAEnabled":false
    }
}

RSAssumeCustomerRole

Retrieve credential to manage a Customer with AssumeRole enabled. In order to perform this action a specific account is used for security reason. Only a reseller account can perform this action.

Parameter	Description
Customer	the name of the customer
DurationSeconds	specify the duration of the session (the validity time for the key)

Example request

    POST / HTTP/1.1
    Host: sts.lyve.seagate.com
    User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0
    Accept: application/json, text/plain, */*
    Accept-Language: en,it-IT;q=0.8,it;q=0.5,en-US;q=0.3
    Accept-Encoding: gzip, deflate, br
    Content-Type: application/x-www-form-urlencoded;charset=UTF-8
    Content-Length: 83
    Connection: keep-alive
    Pragma: no-cache
    Cache-Control: no-cache

    Action=RSAssumeCustomerRole&Version=2011-06-15&Customer=newcorp&DurationSeconds=300

Example response

{
    "Ok":true,
    "AccessKeyId":"STX06MSKQJCRTS4SJHHQJWOP",
    "SecretAccessKey":"RQTcszgc4xkZkmYXRJJLYR7adksTn8SBIalTP7rrpKa",
    "Expiration":"2019-10-14T14:29:43.919Z"
}

Klik hier om een bijgewerkte online versie te bekijkenvan dit document. Ook de meest recente content, uitvergrote afbeeldingen, betere navigatie en het zoekvenster zijn hier te vinden.