Whatever marked as to be determined (**TBD**), should not be considered by implementors.
+More info about Pithos can be found here: https://code.grnet.gr/projects/pithos
+
Document Revisions
^^^^^^^^^^^^^^^^^^
========================= ================================
Revision Description
========================= ================================
+0.9 (Feb 17, 2012) Change permissions model.
+\ Do not include user-defined metadata in account/container/object listings.
+0.8 (Jan 24, 2012) Update allowed versioning values.
+\ Change policy/meta formatting in JSON/XML replies.
+\ Document that all non-ASCII characters in headers should be URL-encoded.
+\ Support metadata-based queries when listing objects at the container level.
+\ Note Content-Type issue when using the internal django web server.
+\ Add object UUID field.
+\ Always reply with the MD5 in the ETag.
+\ Note that ``/login`` will only work if an external authentication system is defined.
+\ Include option to ignore Content-Type on ``COPY``/``MOVE``.
+\ Use format parameter for conflict (409) and uploaded hash list (container level) replies.
+0.7 (Nov 21, 2011) Suggest upload/download methods using hashmaps.
+\ Propose syncing algorithm.
+\ Support cross-account object copy and move.
+\ Pass token as a request parameter when using ``POST`` via an HTML form.
+\ Optionally use source account to update object from another object.
+\ Use container ``POST`` to upload missing blocks of data.
+\ Report policy in account headers.
+\ Add insufficient quota reply.
+\ Use special meta to always report Merkle hash.
+0.6 (Sept 13, 2011) Reply with Merkle hash as the ETag when updating objects.
+\ Include version id in object replace/change replies.
+\ Change conflict (409) replies format to text.
+\ Tags should be migrated to a meta value.
+\ Container ``PUT`` updates metadata/policy.
+\ Report allowed actions in shared object replies.
+\ Provide ``https://hostname/login`` for Shibboleth authentication.
+\ Use ``hashmap`` parameter in object ``GET``/``PUT`` to use hashmaps.
0.5 (July 22, 2011) Object update from another object's data.
\ Support object truncate.
\ Create object using a standard HTML form.
0.1 (May 17, 2011) Initial release. Based on OpenStack Object Storage Developer Guide API v1 (Apr. 15, 2011).
========================= ================================
+Pithos Users and Authentication
+-------------------------------
+
+In Pithos, each user is uniquely identified by a token. All API requests require a token and each token is internally resolved to an account string. The API uses the account string to identify the user's own files, thus whether a request is local or cross-account.
+
+Pithos does not keep a user database. For development and testing purposes, user identifiers and their corresponding tokens can be defined in the settings file. However, Pithos is designed with an external authentication service in mind. This service must handle the details of validating user credentials and communicate with Pithos via a middleware software component that, given a token, fills in the internal request account variable.
+
+Client software using Pithos, if not already knowing a user's identifier and token, should forward to the ``/login`` URI. The Pithos server, depending on its configuration will redirect to the appropriate login page.
+
+The login URI accepts the following parameters:
+
+====================== =========================
+Request Parameter Name Value
+====================== =========================
+next The URI to redirect to when the process is finished
+renew Force token renewal (no value parameter)
+force Force logout current user (no value parameter)
+====================== =========================
+
+When done with logging in, the service's login URI should redirect to the URI provided with ``next``, adding ``user`` and ``token`` parameters, which contain the account and token fields respectively.
+
+A user management service that implements a login URI according to these conventions is Astakos (https://code.grnet.gr/projects/astakos), by GRNET.
+
The Pithos API
--------------
* Container level: ``https://hostname/v1/<account>/<container>``
* Object level: ``https://hostname/v1/<account>/<container>/<object>``
-All requests must include an ``X-Auth-Token`` - as a header, or a parameter. The process of obtaining the token is still to be determined (**TBD**).
+All requests must include an ``X-Auth-Token`` - as a header, or a parameter.
The allowable request operations and respective return codes per level are presented in the remainder of this chapter. Common to all requests are the following return codes.
Return Code Description
========================= ================================
400 (Bad Request) The request is invalid
-401 (Unauthorized) Request not allowed
+401 (Unauthorized) Missing or invalid token
+403 (Forbidden) Request not allowed
404 (Not Found) The requested resource was not found
503 (Service Unavailable) The request cannot be completed because of an internal error
========================= ================================
====================== =========================
The reply is a list of account names.
-If a ``format=xml`` or ``format=json`` argument is given, extended information on the containers will be returned, serialized in the chosen format.
+If a ``format=xml`` or ``format=json`` argument is given, extended information on the accounts will be returned, serialized in the chosen format.
For each account, the information will include the following (names will be in lower case and with hyphens replaced with underscores):
=========================== ============================
Name Description
=========================== ============================
name The name of the account
-last_modified The last container modification date (regardless of ``until``)
+last_modified The last account modification date (regardless of ``until``)
=========================== ============================
Example ``format=json`` reply:
::
- [{"name": "user", "last_modified": "2011-07-19T10:48:16"}, ...]
+ [{"name": "user", "last_modified": "2011-12-02T08:10:41.565891+00:00"}, ...]
Example ``format=xml`` reply:
<accounts>
<account>
<name>user</name>
- <last_modified>2011-07-19T10:48:16</last_modified>
+ <last_modified>2011-12-02T08:10:41.565891+00:00</last_modified>
</account>
<account>...</account>
</accounts>
Return Code Description
=========================== =====================
200 (OK) The request succeeded
-204 (No Content) The account has no containers (only for non-extended replies)
+204 (No Content) The user has no access to other accounts (only for non-extended replies)
=========================== =====================
-Will use a ``200`` return code if the reply is of type json/xml.
+Will use a ``200`` return code if the reply is of type JSON/XML.
Account Level
^^^^^^^^^^^^^
Reply Header Name Value
========================== =====================
X-Account-Container-Count The total number of containers
-X-Account-Object-Count The total number of objects (**TBD**)
X-Account-Bytes-Used The total number of bytes stored
-X-Account-Bytes-Remaining The total number of bytes remaining (**TBD**)
-X-Account-Last-Login The last login (**TBD**)
X-Account-Until-Timestamp The last account modification date until the timestamp provided
X-Account-Group-* Optional user defined groups
+X-Account-Policy-* Account behavior and limits
X-Account-Meta-* Optional user defined metadata
Last-Modified The last account modification date (regardless of ``until``)
========================== =====================
Cross-user requests are not allowed to use ``until`` and only include the account/container modification dates in the reply.
If a ``format=xml`` or ``format=json`` argument is given, extended information on the containers will be returned, serialized in the chosen format.
-For each container, the information will include all container metadata (names will be in lower case and with hyphens replaced with underscores):
+For each container, the information will include all container metadata, except user-defined (names will be in lower case and with hyphens replaced with underscores):
=========================== ============================
Name Description
bytes The total size of the objects inside the container
last_modified The last container modification date (regardless of ``until``)
x_container_until_timestamp The last container modification date until the timestamp provided
-x_container_policy_* Container behavior and limits
-x_container_meta_* Optional user defined metadata
+x_container_policy Container behavior and limits
=========================== ============================
-For examples of container details returned in JSON/XML formats refer to the OOS API documentation.
+Example ``format=json`` reply:
+
+::
+
+ [{"name": "pithos",
+ "bytes": 62452,
+ "count": 8374,
+ "last_modified": "2011-12-02T08:10:41.565891+00:00",
+ "x_container_policy": {"quota": "53687091200", "versioning": "auto"}}, ...]
+
+Example ``format=xml`` reply:
+
+::
+
+ <?xml version="1.0" encoding="UTF-8"?>
+ <account name="user">
+ <container>
+ <name>pithos</name>
+ <bytes>62452</bytes>
+ <count>8374</count>
+ <last_modified>2011-12-02T08:10:41.565891+00:00</last_modified>
+ <x_container_policy>
+ <key>quota</key><value>53687091200</value>
+ <key>versioning</key><value>auto</value>
+ </x_container_policy>
+ </container>
+ <container>...</container>
+ </account>
+
+For more examples of container details returned in JSON/XML formats refer to the OOS API documentation. In addition to the OOS API, Pithos returns policy fields, grouped as key-value pairs.
=========================== =====================
Return Code Description
412 (Precondition Failed) The condition set can not be satisfied
=========================== =====================
-Will use a ``200`` return code if the reply is of type json/xml.
+Will use a ``200`` return code if the reply is of type JSON/XML.
POST
X-Container-Block-Size The block size used by the storage backend
X-Container-Block-Hash The hash algorithm used for block identifiers in object hashmaps
X-Container-Until-Timestamp The last container modification date until the timestamp provided
-X-Container-Object-Meta A list with all meta keys used by objects
+X-Container-Object-Meta A list with all meta keys used by objects (**TBD**)
X-Container-Policy-* Container behavior and limits
X-Container-Meta-* Optional user defined metadata
Last-Modified The last container modification date (regardless of ``until``)
=========================== ===============================
-The keys returned in ``X-Container-Object-Meta`` are all the unique strings after the ``X-Object-Meta-`` prefix, formatted as a comma-separated list. See container ``PUT`` for a reference of policy directives.
+The keys returned in ``X-Container-Object-Meta`` are all the unique strings after the ``X-Object-Meta-`` prefix, formatted as a comma-separated list. See container ``PUT`` for a reference of policy directives. (**TBD**)
================ ===============================
Return Code Description
delimiter Return objects up to the delimiter (discussion follows)
path Assume ``prefix=path`` and ``delimiter=/``
format Optional extended reply type (can be ``json`` or ``xml``)
-meta Return objects having the specified meta keys (can be a comma separated list)
+meta Return objects that satisfy the key queries in the specified comma separated list (use ``<key>``, ``!<key>`` for existence queries, ``<key><op><value>`` for value queries, where ``<op>`` can be one of ``=``, ``!=``, ``<=``, ``>=``, ``<``, ``>``)
shared Show only shared objects (no value parameter)
until Optional timestamp
====================== ===================================
=========================== ===============================
If a ``format=xml`` or ``format=json`` argument is given, extended information on the objects will be returned, serialized in the chosen format.
-For each object, the information will include all object metadata (names will be in lower case and with hyphens replaced with underscores):
+For each object, the information will include all object metadata, except user-defined (names will be in lower case and with hyphens replaced with underscores). User-defined metadata includes ``X-Object-Meta-*``, ``X-Object-Manifest``, ``Content-Disposition`` and ``Content-Encoding`` keys. Also, sharing directives will only be included with the actual shared objects (inherited permissions are not calculated):
========================== ======================================
Name Description
hash The ETag of the object
bytes The size of the object
content_type The MIME content type of the object
-content_encoding The encoding of the object (optional)
-content-disposition The presentation style of the object (optional)
last_modified The last object modification date (regardless of version)
+x_object_hash The Merkle hash
+x_object_uuid The object's UUID
x_object_version The object's version identifier
x_object_version_timestamp The object's version timestamp
x_object_modified_by The user that committed the object's version
-x_object_manifest Object parts prefix in ``<container>/<object>`` form (optional)
x_object_sharing Object permissions (optional)
-x_object_shared_by Object inheriting permissions (optional)
+x_object_allowed_to Allowed actions on object (optional)
x_object_public Object's publicly accessible URI (optional)
-x_object_meta_* Optional user defined metadata
========================== ======================================
+Sharing metadata and last modification timestamp will only be returned if there is no ``until`` parameter defined.
+
Extended replies may also include virtual directory markers in separate sections of the ``json`` or ``xml`` results.
Virtual directory markers are only included when ``delimiter`` is explicitly set. They correspond to the substrings up to and including the first occurrence of the delimiter.
-In JSON results they appear as dictionaries with only a ``"subdir"`` key. In XML results they appear interleaved with ``<object>`` tags as ``<subdir name="..." />``.
+In JSON results they appear as dictionaries with only a ``subdir`` key. In XML results they appear interleaved with ``<object>`` tags as ``<subdir name="..." />``.
In case there is an object with the same name as a virtual directory marker, the object will be returned.
-For examples of object details returned in JSON/XML formats refer to the OOS API documentation.
+Example ``format=json`` reply:
+
+::
+
+ [{"name": "object",
+ "bytes": 0,
+ "hash": "d41d8cd98f00b204e9800998ecf8427e",
+ "content_type": "application/octet-stream",
+ "last_modified": "2011-12-02T08:10:41.565891+00:00",
+ "x_object_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
+ "x_object_uuid": "8ed9af1b-c948-4bb6-82b0-48344f5c822c",
+ "x_object_version": 98,
+ "x_object_version_timestamp": "1322813441.565891",
+ "x_object_modified_by": "user"}, ...]
+
+Example ``format=xml`` reply:
+
+::
+
+ <?xml version="1.0" encoding="UTF-8"?>
+ <container name="pithos">
+ <object>
+ <name>object</name>
+ <bytes>0</bytes>
+ <hash>d41d8cd98f00b204e9800998ecf8427e</hash>
+ <content_type>application/octet-stream</content_type>
+ <last_modified>2011-12-02T08:10:41.565891+00:00</last_modified>
+ <x_object_hash>e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855</x_object_hash>
+ <x_object_uuid>8ed9af1b-c948-4bb6-82b0-48344f5c822c</x_object_uuid>
+ <x_object_version>98</x_object_version>
+ <x_object_version_timestamp>1322813441.565891</x_object_version_timestamp>
+ <x_object_modified_by>chazapis</x_object_modified_by>
+ </object>
+ <object>...</object>
+ </container>
+
+For more examples of container details returned in JSON/XML formats refer to the OOS API documentation. In addition to the OOS API, Pithos returns more fields that should help with synchronization.
=========================== ===============================
Return Code Description
412 (Precondition Failed) The condition set can not be satisfied
=========================== ===============================
-Will use a ``200`` return code if the reply is of type json/xml.
+Will use a ``200`` return code if the reply is of type JSON/XML.
PUT
If no policy is defined, the container will be created with the default values.
Available policy directives:
-* ``versioning``: Set to ``auto``, ``manual`` or ``none`` (default is ``manual``)
+* ``versioning``: Set to ``auto`` or ``none`` (default is ``auto``)
* ``quota``: Size limit in KB (default is ``0`` - unlimited)
-
+
+If the container already exists, the operation is equal to a ``POST`` with ``update`` defined.
+
================ ===============================
Return Code Description
================ ===============================
==================== ================================
Request Header Name Value
==================== ================================
+Content-Length The size of the supplied data (optional, to upload)
+Content-Type The MIME content type of the supplied data (optional, to upload)
+Transfer-Encoding Set to ``chunked`` to specify incremental uploading (if used, ``Content-Length`` is ignored)
X-Container-Policy-* Container behavior and limits
X-Container-Meta-* Optional user defined metadata
==================== ================================
====================== ============================================
Request Parameter Name Value
====================== ============================================
+format Optional hash list reply type (can be ``json`` or ``xml``)
update Do not replace metadata/policy (no value parameter)
====================== ============================================
-No reply content/headers.
+No reply content/headers, except when uploading data, where the reply consists of a list of hashes for the blocks received (in the format specified).
The operation will overwrite all user defined metadata, except if ``update`` is defined.
To change policy, include an ``X-Container-Policy-*`` header with the name in the key. If no ``X-Container-Policy-*`` header is present, no changes will be applied to policy. The ``update`` parameter also applies to policy - deleted values will revert to defaults. To delete/revert a specific policy directive, use ``update`` and an empty header value. See container ``PUT`` for a reference of policy directives.
+To upload blocks of data to the container, set ``Content-Type`` to ``application/octet-stream`` and ``Content-Length`` to a valid value (except if using ``chunked`` as the ``Transfer-Encoding``).
+
================ ===============================
Return Code Description
================ ===============================
Last-Modified The last object modification date (regardless of version)
Content-Encoding The encoding of the object (optional)
Content-Disposition The presentation style of the object (optional)
+X-Object-Hash The Merkle hash
+X-Object-UUID The object's UUID
X-Object-Version The object's version identifier
X-Object-Version-Timestamp The object's version timestamp
X-Object-Modified-By The user that comitted the object's version
X-Object-Manifest Object parts prefix in ``<container>/<object>`` form (optional)
X-Object-Sharing Object permissions (optional)
X-Object-Shared-By Object inheriting permissions (optional)
+X-Object-Allowed-To Allowed actions on object (optional)
X-Object-Public Object's publicly accessible URI (optional)
X-Object-Meta-* Optional user defined metadata
========================== ===============================
Request Parameter Name Value
====================== ===================================
format Optional extended reply type (can be ``json`` or ``xml``)
+hashmap Optional request for hashmap (no value parameter)
version Optional version identifier or ``list`` (specify a format if requesting a list)
====================== ===================================
-The reply is the object's data (or part of it), except if a hashmap is requested with the ``format`` parameter, or a version list with ``version=list`` (in which case an extended reply format must be specified). Object headers (as in a ``HEAD`` request) are always included.
+The reply is the object's data (or part of it), except if a hashmap is requested with ``hashmap``, or a version list with ``version=list`` (in both cases an extended reply format must be specified). Object headers (as in a ``HEAD`` request) are always included.
-Hashmaps expose the underlying storage format of the object. Note that each hash is computed after trimming trailing null bytes of the corresponding block.
+Hashmaps expose the underlying storage format of the object. Note that each hash is computed after trimming trailing null bytes of the corresponding block. The ``X-Object-Hash`` header reports the single Merkle hash of the object's hashmap (refer to http://bittorrent.org/beps/bep_0030.html for more information).
Example ``format=json`` reply:
::
- {"versions": [[23, 1307700892], [28, 1307700898], ...]}
+ {"versions": [[85, "1322734861.248469"], [86, "1322734905.009272"], ...]}
Example ``format=xml`` reply:
<?xml version="1.0" encoding="UTF-8"?>
<object name="file">
- <version timestamp="1307700892">23</version>
- <version timestamp="1307700898">28</version>
+ <version timestamp="1322734861.248469">85</version>
+ <version timestamp="1322734905.009272">86</version>
<version timestamp="...">...</version>
</object>
Last-Modified The last object modification date (regardless of version)
Content-Encoding The encoding of the object (optional)
Content-Disposition The presentation style of the object (optional)
+X-Object-Hash The Merkle hash
+X-Object-UUID The object's UUID
X-Object-Version The object's version identifier
X-Object-Version-Timestamp The object's version timestamp
X-Object-Modified-By The user that comitted the object's version
X-Object-Manifest Object parts prefix in ``<container>/<object>`` form (optional)
X-Object-Sharing Object permissions (optional)
X-Object-Shared-By Object inheriting permissions (optional)
+X-Object-Allowed-To Allowed actions on object (optional)
X-Object-Public Object's publicly accessible URI (optional)
X-Object-Meta-* Optional user defined metadata
========================== ===============================
-|
+Sharing headers (``X-Object-Sharing``, ``X-Object-Shared-By`` and ``X-Object-Allowed-To``) are only included if the request is for the object's latest version (no specific ``version`` parameter is set).
=========================== ==============================
Return Code Description
Transfer-Encoding Set to ``chunked`` to specify incremental uploading (if used, ``Content-Length`` is ignored)
X-Copy-From The source path in the form ``/<container>/<object>``
X-Move-From The source path in the form ``/<container>/<object>``
+X-Source-Account The source account to copy/move from
X-Source-Version The source version to copy from
Content-Encoding The encoding of the object (optional)
Content-Disposition The presentation style of the object (optional)
====================== ===================================
Request Parameter Name Value
====================== ===================================
-format Optional extended request type (can be ``json``) to create the object by suppling its hashmap instead
+format Optional extended request/conflict response type (can be ``json`` or ``xml``)
+hashmap Optional hashmap provided instead of data (no value parameter)
====================== ===================================
-The request is the object's data (or part of it), except if a hashmap is provided with the ``format`` parameter. If format is used and all different parts are stored in the server, the object is created, otherwise the server returns Conflict (409) with the list of the missing parts.
-
-Hashmaps expose the underlying storage format of the object.
+The request is the object's data (or part of it), except if a hashmap is provided (using ``hashmap`` and ``format`` parameters). If using a hashmap and all different parts are stored in the server, the object is created. Otherwise the server returns Conflict (409) with the list of the missing parts (in simple text format, with one hash per line, or in JSON/XML - depending on the ``format`` parameter).
-Example ``format=json`` request:
-
-::
-
- {"block_hash": "sha1", "hashes": ["7295c41da03d7f916440b98e32c4a2a39351546c", ...], "block_size": 131072, "bytes": 242}
-
-Example ``format=xml`` request:
-
-::
-
- <?xml version="1.0" encoding="UTF-8"?>
- <object name="file" bytes="24223726" block_size="131072" block_hash="sha1">
- <hash>7295c41da03d7f916440b98e32c4a2a39351546c</hash>
- <hash>...</hash>
- </object>
+Hashmaps should be formatted as outlined in ``GET``.
========================== ===============================
Reply Header Name Value
========================== ===============================
-ETag The MD5 hash of the object (on create)
+ETag The MD5 hash of the object
+X-Object-Version The object's new version
========================== ===============================
The ``X-Object-Sharing`` header may include either a ``read=...`` comma-separated user/group list, or a ``write=...`` comma-separated user/group list, or both separated by a semicolon (``;``). Groups are specified as ``<account>:<group>``. To publish the object, set ``X-Object-Public`` to ``true``. To unpublish, set to ``false``, or use an empty header value.
-=========================== ==============================
-Return Code Description
-=========================== ==============================
-201 (Created) The object has been created
-409 (Conflict) The object can not be created from the provided hashmap, or there are conflicting permissions (a list of missing hashes, or a conflicting sharing path will be included in the reply - in JSON format)
-411 (Length Required) Missing ``Content-Length`` or ``Content-Type`` in the request
-422 (Unprocessable Entity) The MD5 checksum of the data written to the storage system does not match the (optionally) supplied ETag value
-=========================== ==============================
+============================== ==============================
+Return Code Description
+============================== ==============================
+201 (Created) The object has been created
+409 (Conflict) The object can not be created from the provided hashmap (a list of missing hashes will be included in the reply)
+411 (Length Required) Missing ``Content-Length`` or ``Content-Type`` in the request
+413 (Request Entity Too Large) Insufficient quota to complete the request
+422 (Unprocessable Entity) The MD5 checksum of the data written to the storage system does not match the (optionally) supplied ETag value
+============================== ==============================
COPY
If-Match Proceed if ETags match with object
If-None-Match Proceed if ETags don't match with object
Destination The destination path in the form ``/<container>/<object>``
-Content-Type The MIME content type of the object (optional)
+Destination-Account The destination account to copy to
+Content-Type The MIME content type of the object (optional :sup:`*`)
Content-Encoding The encoding of the object (optional)
Content-Disposition The presentation style of the object (optional)
X-Source-Version The source version to copy from
X-Object-Meta-* Optional user defined metadata
==================== ================================
+:sup:`*` *When using django locally with the supplied web server, use the ignore_content_type parameter, or do provide a valid Content-Type, as a type of text/plain is applied by default to all requests. Client software should always state ignore_content_type, except when a Content-Type is explicitly defined by the user.*
+
+====================== ===================================
+Request Parameter Name Value
+====================== ===================================
+format Optional conflict response type (can be ``json`` or ``xml``)
+ignore_content_type Ignore the supplied Content-Type
+====================== ===================================
+
Refer to ``PUT``/``POST`` for a description of request headers. Metadata is also copied, updated with any values defined. Sharing/publishing options are not copied.
-No reply content/headers.
+========================== ===============================
+Reply Header Name Value
+========================== ===============================
+X-Object-Version The object's new version
+========================== ===============================
-=========================== ==============================
-Return Code Description
-=========================== ==============================
-201 (Created) The object has been created
-409 (Conflict) There are conflicting permissions (a conflicting sharing path will be included in the reply - in JSON format)
-=========================== ==============================
+|
+
+============================== ==============================
+Return Code Description
+============================== ==============================
+201 (Created) The object has been created
+413 (Request Entity Too Large) Insufficient quota to complete the request
+============================== ==============================
MOVE
Content-Encoding The encoding of the object (optional)
Content-Disposition The presentation style of the object (optional)
X-Source-Object Update with data from the object at path ``/<container>/<object>`` (optional, to update)
+X-Source-Account The source account to update from
X-Source-Version The source version to update from (optional, to update)
X-Object-Bytes The updated object's final size (optional, when updating)
X-Object-Manifest Object parts prefix in ``<container>/<object>`` form (optional)
====================== ============================================
Request Parameter Name Value
====================== ============================================
+format Optional conflict response type (can be ``json`` or ``xml``)
update Do not replace metadata (no value parameter)
====================== ============================================
Optionally, truncate the updated object to the desired length with the ``X-Object-Bytes`` header.
-A data update will trigger an ETag change. The new ETag will not correspond to the object's MD5 sum (**TBD**) and will be included in reply headers.
+A data update will trigger an ETag change. Updated ETags may happen asynchronously and appear at the server with a delay.
No reply content. No reply headers if only metadata is updated.
Reply Header Name Value
========================== ===============================
ETag The new ETag of the object (data updated)
+X-Object-Version The object's new version
========================== ===============================
|
-=========================== ==============================
-Return Code Description
-=========================== ==============================
-202 (Accepted) The request has been accepted (not a data update)
-204 (No Content) The request succeeded (data updated)
-409 (Conflict) There are conflicting permissions (a conflicting sharing path will be included in the reply - in JSON format)
-411 (Length Required) Missing ``Content-Length`` in the request
-416 (Range Not Satisfiable) The supplied range is invalid
-=========================== ==============================
+============================== ==============================
+Return Code Description
+============================== ==============================
+202 (Accepted) The request has been accepted (not a data update)
+204 (No Content) The request succeeded (data updated)
+411 (Length Required) Missing ``Content-Length`` in the request
+413 (Request Entity Too Large) Insufficient quota to complete the request
+416 (Range Not Satisfiable) The supplied range is invalid
+============================== ==============================
-The ``POST`` method can also be used for creating an object via a standard HTML form. If the request ``Content-Type`` is ``multipart/form-data``, none of the above headers will be processed. The form should have exactly two fields, as in the following example. ::
+The ``POST`` method can also be used for creating an object via a standard HTML form. If the request ``Content-Type`` is ``multipart/form-data``, none of the above headers will be processed. The form should have an ``X-Object-Data`` field, as in the following example. The token is passed as a request parameter. ::
- <form method="post" action="https://pithos.dev.grnet.gr/v1/user/folder/EXAMPLE.txt" enctype="multipart/form-data">
- <input type="hidden" name="X-Auth-Token" value="0000">
+ <form method="post" action="https://pithos.dev.grnet.gr/v1/user/folder/EXAMPLE.txt?X-Auth-Token=0000" enctype="multipart/form-data">
<input type="file" name="X-Object-Data">
<input type="submit">
</form>
-This will create/override the object with the given name, as if using ``PUT``. The ``Content-Type`` of the object will be set to the value of the corresponding header sent in the part of the request containing the data. Metadata, sharing and other object attributes can not be set this way.
+This will create/override the object with the given name, as if using ``PUT``. The ``Content-Type`` of the object will be set to the value of the corresponding header sent in the part of the request containing the data (usually, automatically handled by the browser). Metadata, sharing and other object attributes can not be set this way. The response will contain the object's ETag.
========================== ===============================
Reply Header Name Value
========================== ===============================
ETag The MD5 hash of the object
+X-Object-Version The object's new version
========================== ===============================
|
-=========================== ==============================
-Return Code Description
-=========================== ==============================
-201 (Created) The object has been created
-=========================== ==============================
+============================== ==============================
+Return Code Description
+============================== ==============================
+201 (Created) The object has been created
+413 (Request Entity Too Large) Insufficient quota to complete the request
+============================== ==============================
DELETE
Sharing and Public Objects
^^^^^^^^^^^^^^^^^^^^^^^^^^
-Read and write control in Pithos is managed by setting appropriate permissions with the ``X-Object-Sharing`` header. The permissions are applied using prefix-based inheritance. Thus, each set of authorization directives is applied to all objects sharing the same prefix with the object where the corresponding ``X-Object-Sharing`` header is defined. For simplicity, nested/overlapping permissions are not allowed. Setting ``X-Object-Sharing`` will fail, if the object is already "covered", or another object with a longer common-prefix name already has permissions. When retrieving an object, the ``X-Object-Shared-By`` header reports where it gets its permissions from. If not present, the object is the actual source of authorization directives.
+Read and write control in Pithos is managed by setting appropriate permissions with the ``X-Object-Sharing`` header. The permissions are applied using directory-based inheritance. A directory is an object with the corresponding content type. The default delimiter is ``/``. Thus, each set of authorization directives is applied to all objects in the directory object where the corresponding ``X-Object-Sharing`` header is defined. If there are nested/overlapping permissions, the closest to the object is applied. When retrieving an object, the ``X-Object-Shared-By`` header reports where it gets its permissions from. If not present, the object is the actual source of authorization directives.
-A user may ``GET`` another account or container. The result will include a limited reply, containing only the allowed containers or objects respectively. A top-level request with an authentication token, will return a list of allowed accounts, so the user can easily find out which other users share objects.
+A user may ``GET`` another account or container. The result will include a limited reply, containing only the allowed containers or objects respectively. A top-level request with an authentication token, will return a list of allowed accounts, so the user can easily find out which other users share objects. The ``X-Object-Allowed-To`` header lists the actions allowed on an object, if it does not belong to the requesting user.
Objects that are marked as public, via the ``X-Object-Public`` meta, are also available at the corresponding URI returned for ``HEAD`` or ``GET``. Requests for public objects do not need to include an ``X-Auth-Token``. Pithos will ignore request parameters and only include the following headers in the reply (all ``X-Object-*`` meta is hidden):
* Support for ``X-Account-Meta-*`` style headers at the account level. Use ``POST`` to update.
* Support for ``X-Container-Meta-*`` style headers at the container level. Can be set when creating via ``PUT``. Use ``POST`` to update.
-* Header ``X-Container-Object-Meta`` at the container level and parameter ``meta`` in container listings.
-* Container policies to manage behavior and limits.
+* Header ``X-Container-Object-Meta`` at the container level and parameter ``meta`` in container listings. (**TBD**)
+* Account and container policies to manage behavior and limits. Container behavior overrides account settings. Account quota sets the maximum bytes limit, regardless of container values.
* Headers ``X-Container-Block-*`` at the container level, exposing the underlying storage characteristics.
* All metadata replies, at all levels, include latest modification information.
* At all levels, a ``HEAD`` or ``GET`` request may use ``If-Modified-Since`` and ``If-Unmodified-Since`` headers.
-* Container/object lists include all associated metadata if the reply is of type json/xml. Some names are kept to their OOS API equivalents for compatibility.
+* Container/object lists include more fields if the reply is of type JSON/XML. Some names are kept to their OOS API equivalents for compatibility.
* Option to include only shared containers/objects in listings.
* Object metadata allowed, in addition to ``X-Object-Meta-*``: ``Content-Encoding``, ``Content-Disposition``, ``X-Object-Manifest``. These are all replaced with every update operation, except if using the ``update`` parameter (in which case individual keys can also be deleted). Deleting meta by providing empty values also works when copying/moving an object.
* Multi-range object ``GET`` support as outlined in RFC2616.
* Object hashmap retrieval through ``GET`` and the ``format`` parameter.
* Object create via hashmap through ``PUT`` and the ``format`` parameter.
+* The object's Merkle hash is always returned in the ``X-Object-Hash`` header.
+* The object's UUID is always returned in the ``X-Object-UUID`` header. The UUID remains unchanged, even when the object's data or metadata changes, or the object is moved to another path (is renamed). A new UUID is assigned when creating or copying an object.
* Object create using ``POST`` to support standard HTML forms.
* Partial object updates through ``POST``, using the ``Content-Length``, ``Content-Type``, ``Content-Range`` and ``Transfer-Encoding`` headers. Use another object's data to update with ``X-Source-Object`` and ``X-Source-Version``. Truncate with ``X-Object-Bytes``.
-* Object ``MOVE`` support.
+* Include new version identifier in replies for object replace/change requests.
+* Object ``MOVE`` support and ``ignore_content_type`` parameter in both ``COPY`` and ``MOVE``.
* Conditional object create/update operations, using ``If-Match`` and ``If-None-Match`` headers.
* Time-variant account/container listings via the ``until`` parameter.
* Object versions - parameter ``version`` in ``HEAD``/``GET`` (list versions with ``GET``), ``X-Object-Version-*`` meta in replies, ``X-Source-Version`` in ``PUT``/``COPY``.
-* Sharing/publishing with ``X-Object-Sharing``, ``X-Object-Public`` at the object level. Cross-user operations are allowed - controlled by sharing directives. Permissions may include groups defined with ``X-Account-Group-*`` at the account level. These apply to the object - not its versions.
-* Support for prefix-based inheritance when enforcing permissions. Parent object carrying the authorization directives is reported in ``X-Object-Shared-By``.
+* Sharing/publishing with ``X-Object-Sharing``, ``X-Object-Public`` at the object level. Cross-user operations are allowed - controlled by sharing directives. Available actions in cross-user requests are reported with ``X-Object-Allowed-To``. Permissions may include groups defined with ``X-Account-Group-*`` at the account level. These apply to the object - not its versions.
+* Support for directory-based inheritance when enforcing permissions. Parent object carrying the authorization directives is reported in ``X-Object-Shared-By``.
+* Copy and move between accounts with ``X-Source-Account`` and ``Destination-Account`` headers.
* Large object support with ``X-Object-Manifest``.
* Trace the user that created/modified an object with ``X-Object-Modified-By``.
* Purge container/object history with the ``until`` parameter in ``DELETE``.
Clarifications/suggestions:
+* All non-ASCII characters in headers should be URL-encoded.
* Authentication is done by another system. The token is used in the same way, but it is obtained differently. The top level ``GET`` request is kept compatible with the OOS API and allows for guest/testing operations.
* Some processing is done in the variable part of all ``X-*-Meta-*`` headers. If it includes underscores, they will be converted to dashes and the first letter of all intra-dash strings will be capitalized.
* A ``GET`` reply for a level will include all headers of the corresponding ``HEAD`` request.
* To avoid conflicts between objects and virtual directory markers in container listings, it is recommended that object names do not end with the delimiter used.
-* The ``Accept`` header may be used in requests instead of the ``format`` parameter to specify the desired reply format. The parameter overrides the header (**TBD**).
-* Container/object lists use a ``200`` return code if the reply is of type json/xml. The reply will include an empty json/xml.
+* The ``Accept`` header may be used in requests instead of the ``format`` parameter to specify the desired request/reply format. The parameter overrides the header.
+* Container/object lists use a ``200`` return code if the reply is of type JSON/XML. The reply will include an empty JSON/XML.
* In headers, dates are formatted according to RFC 1123. In extended information listings, the ``last_modified`` field is formatted according to ISO 8601 (for OOS API compatibility). All other fields (Pithos extensions) use integer tiemstamps.
* The ``Last-Modified`` header value always reflects the actual latest change timestamp, regardless of time control parameters and version requests. Time precondition checks with ``If-Modified-Since`` and ``If-Unmodified-Since`` headers are applied to this value.
* A copy/move using ``PUT``/``COPY``/``MOVE`` will always update metadata, keeping all old values except the ones redefined in the request headers.
* The ``trash`` element, which contains files that have been marked for deletion, but can still be recovered.
* The ``shared`` element, which contains all objects shared by the user to other users of the system.
* The ``others`` element, which contains all objects that other users share with the user.
-* The ``tags`` element, which lists the names of tags the user has defined. This can be an entry point to list all files that have been assigned a specific tag or manage tags in general (remove a tag completely, rename a tag etc.).
* The ``groups`` element, which contains the names of groups the user has defined. Each group consists of a user list. Group creation, deletion, and manipulation is carried out by actions originating here.
* The ``history`` element, which allows browsing past instances of ``home`` and - optionally - ``trash``.
Objects in Pithos can be:
-* Assigned custom tags.
* Moved to trash and then deleted.
* Shared with specific permissions.
* Made public (shared with non-Pithos users).
Some of these functions are performed by the client software and some by the Pithos server.
+In the first version of Pithos, objects could also be assigned custom tags. This is no longer supported. Existing deployments can migrate tags into a specific metadata value, i.e. ``X-Object-Meta-Tags``.
+
Implementation Guidelines
^^^^^^^^^^^^^^^^^^^^^^^^^
Public objects are not included in ``shared`` and ``others`` listings. It is suggested that they are marked in a visually distinctive way in ``pithos`` listings (for example using an icon overlay).
-At the object level, tags are implemented by managing metadata keys. The client software should allow the user to use any string as a tag and set the corresponding ``X-Object-Meta-<tag>`` key at the server. The API extensions provided, allow for listing all tags in a container and filtering object listings based on one or more tags. The tag list is sufficient for implementing the ``tags`` element, either as a special, virtual folder (as done in the first version of Pithos), or as an application menu.
-
A special application menu, or a section in application preferences, should be devoted to managing groups (the ``groups`` element). All group-related actions are implemented at the account level.
-Browsing past versions of objects should be available both at the object and the container level. At the object level, a list of past versions can be included in the screen showing details or more information on the object (metadata, tags, permissions, etc.). At the container level, it is suggested that clients use a ``history`` element, which presents to the user a read-only, time-variable view of ``pithos`` contents. This can be accomplished via the ``until`` parameter in listings. Optionally, ``history`` may include ``trash``.
+Browsing past versions of objects should be available both at the object and the container level. At the object level, a list of past versions can be included in the screen showing details or more information on the object (metadata, permissions, etc.). At the container level, it is suggested that clients use a ``history`` element, which presents to the user a read-only, time-variable view of ``pithos`` contents. This can be accomplished via the ``until`` parameter in listings. Optionally, ``history`` may include ``trash``.
+
+Uploading and downloading data
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+By using hashmaps to upload and download objects the corresponding operations can complete much faster.
+
+In the case of an upload, only the missing blocks will be submitted to the server:
+
+* Calculate the hash value for each block of the object to be uploaded. Use the hash algorithm and block size of the destination container.
+* Send a hashmap ``PUT`` request for the object.
+
+ * Server responds with status ``201`` (Created):
+
+ * Blocks are already on the server. The object has been created. Done.
+
+ * Server responds with status ``409`` (Conflict):
+
+ * Server's response body contains the hashes of the blocks that do not exist on the server.
+ * For each hash value in the server's response (or all hashes together):
+
+ * Send a ``POST`` request to the destination container with the corresponding data.
+
+* Repeat hashmap ``PUT``. Fail if the server's response is not ``201``.
+
+Consulting hashmaps when downloading allows for resuming partially transferred objects. The client should retrieve the hashmap from the server and compare it with the hashmap computed from the respective local file. Any missing parts can be downloaded with ``GET`` requests with the additional ``Range`` header.
+
+Syncing
+^^^^^^^
+
+Consider the following algorithm for synchronizing a local folder with the server. The "state" is the complete object listing, with the corresponding attributes.
+
+::
+
+ L: local state (stored state from last sync with the server)
+ C: current state (state computed right before sync)
+ S: server state
+
+ if C == L:
+ # No local changes
+ if S == L:
+ # No remote changes, nothing to do
+ else:
+ # Update local state to match that of the server
+ L = S
+ else:
+ # We have local changes
+ if S == L:
+ # No remote changes, update the server
+ S = C
+ L = S
+ else:
+ # Both we and server have changes
+ if C == S:
+ # We were lucky, we did the same change
+ L = S
+ else:
+ # We have conflicting changes
+ resolve conflict
+
+Notes:
+
+* States represent file hashes (it is suggested to use Merkle). Deleted or non-existing files are assumed to have a magic hash (e.g. empty string).
+* Updating a state (either local or remote) implies downloading, uploading or deleting the appropriate file.
Recommended Practices and Examples
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-Assuming an authentication token is obtained (**TBD**), the following high-level operations are available - shown with ``curl``:
+Assuming an authentication token is obtained, the following high-level operations are available - shown with ``curl``:
* Get account information ::
* List metadata keys used by objects in a container
- Will be in the ``X-Container-Object-Meta`` reply header, included in container information or object list (``HEAD`` or ``GET``).
+ Will be in the ``X-Container-Object-Meta`` reply header, included in container information or object list (``HEAD`` or ``GET``). (**TBD**)
* List objects in a container having a specific meta defined ::
curl -X PUT -D - \
-H "X-Auth-Token: 0000" \
- -H "Content-Type: application/folder" \
+ -H "Content-Type: application/directory" \
https://pithos.dev.grnet.gr/v1/user/pithos/folder
* Add a new object ::
projects / pithos / blobdiff