ViPR S3 Object Service API Support
Table of Contents
This article applies to EMC ViPR 2.0.
Supported S3 APIs
The following table lists the supported S3 API methods.
Unsupported S3 APIs
The following table lists the unsupported S3 API methods.
In ViPR, the AWSAccessKeyId maps to the ViPR user id (UID). An AWS access key ID has 20 characters (some S3 clients, such as the S3 Browser, check this), but ViPR data service does not have this limitation.
The signature is calculated from elements of the request and the user's Secret Key as detailed in the Amazon S3 documentation:
The following notes apply:
- In the ViPR object data service, the UID can be configured (through the ViPR API or the ViPR UI) with 2 secret keys. The ViPR data service will try to use the first secret key, and if the calculated signature does not match, it will try to use the second secret key. If the second key fails, it will reject the request. When users add or change the secret key, they should wait 2 minutes so that all data service nodes can be refreshed with the new secret key before using the new secret key.
- In the ViPR data service, namespace is also taken into HMAC signature calculation.
The following topics describe the use of the Amazon S3 SDK and the use of the EMC ViPR Java SDK.
If you want to make use of the ViPR API Extensions (see Use the ViPR Object Services), support for these extensions is provided in the EMC ViPR Java SDK. If you do not need support for the ViPR extensions, or you have existing applications that use it, you can use the Amazon Java SDK.
By default the AmazonS3Client client object is coded to work directly against amazon.com. This section shows how to set up the AmazonS3Client to work against ViPR.
In order to create an instance of the AmazonS3Client object, you need to pass it credentials. This is achieved through creating an AWSCredentials object and passing it the AWS Access Key (your ViPR username) and your generated secret key for ViPR.
The following code snippet shows how to set this up.
By default the Amazon client will attempt to contact Amazon WebServices. In order to override this behavior and contact ViPR you need to set a specific endpoint.
If you intend to use the HTTPS port, the JDK of your application must be set up to validate the ViPR certificate successfully; otherwise the client will throw SSL verification errors and fail to connect.
In the snippet below, the client is being used to access ViPR over HTTP:
When using path-style addressing ( virp1.emc.com/mybucket ), you will need to set the setPathStyleAccess option, as shown below:
The complete example for communicating with the ViPR S3 data service, creating a bucket, and then manipulating an object is provided below: