Nexfs Management API Documentation
Method Index
CreateRole
Create a Managment or Content (S3) New Role using the Nexfs Management API
Action: CreateRole
Creates a new Role
Permissions
To create a new managment role a requesting session must have the iam/UpdateManagementRoles role enabled.
To create a new user content (s3) role a requesting session must have the nexfs/UpdateContentRoles role enabled.
Request Parameters
A request must be made against the nexfs management console api with the CreateRole action.
The request must be signed with a valid AWS V4 style Signature using an active temporary session security token.
Action
CreateRole
AssumeRolePolicyDocument
A URI encoded json string containing a the new Role configuration
AssumeRolePolicyDocument json Format
{
"Version": string",
"Statement": [
{
"Sid": "string",
"Effect": "string",
"Action": [
"string"
,...
]
}
,...
]
}
For a description of elements, see AssumeRolePolicyDocument elements below
Enabled
0 if the role should be created but remain disabled,
1 if the role should be created and enabled
RoleID (Optional)
The unique roleid (as a integer) to assign to the new role
Defaults to the highest existing roleid+1
RoleName
A unique name (string) to attached to the new role
RoleType
A type of role (string) to be created, either "iam" or "user".
Set "iam" for nexfs managment roles or "user" for content (S3) user roles
Version
A version (as a string) to assigned to the Policy
AssumeRolePolicyDocument elements
Version
A version of the Policy
Statement
A json object with contains the roles policy statement
Sid
A string label the represents the statement
Effect
"Allow" or "Deny"
Action
A json array with contains zero or more management role permissions
Request Body
The request does not have a request body.
Response Syntax
HTTP1/1 200
<?xml version="1.0" encoding="UTF-8"?>
<RequestCompleted>
<Code>String</Code>
<CreateRoleResponse>
<CreateRoleResult>
<Role>
<RoleName> String </RoleName>
<AssumeRolePolicyDocument>
{
"Version": "String",
"Statement": [{
"Sid": "String",
"Effect": "String",
"Action": ["String"]
}]
}
</AssumeRolePolicyDocument>
<CreateDate> String </CreateDate>
<RoleId>integer</RoleId>
</Role>
</CreateRoleResult>
<ResponseMetadata>
<RequestId> integer </RequestId>
</ResponseMetadata>
</CreateRoleResponse>
<Resource>/String </Resource>
</RequestCompleted>
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in XML format by the service:
RequestCompleted
Root Level tag for the successful Revoke Session response
Code
OK
CreateRoleResponse
A section label with contains the create role response details
CreateRoleResult
A section label which contains a copy of the role that has been created, i.e. a copy of the request json
Resource
/nexfsconsoleapi
RequestId
A requestid number that identifies the request made against the management api
Errors
Also See Rest Error Responses
400 BadRequest The request was Malformed
A BadRequest will be returned if AssumeRolePolicyDocument, RoleName or Version is missing from the request
A BadRequest will also be returned if AssumeRolePolicyDocument is incorrectly formatted
401 Unauthorized The request cannot be authenticated
403 Forbidden Session does not have the rights to perform the requested action
409 EntityAlreadyExists A role already exists with the request name
500 InternalServerError An Internal Error was encountered
Example Request
The following example request includes the json statement:
{
"Version": "08/29/2022.0",
"Statement": [
{
"Sid": "Allowed Actions",
"Effect": "Allow",
"Action": [
"*:*",
"iam:ListManagementRoles",
"iam:ListUsers",
"iam:LoginMgmtReadOnly",
"iam:UpdateOwnSecret"
]
},
{
"Sid": "Deny Actions",
"Effect": "Deny",
"Action": [
"iam:DeleteManagementRoles",
"iam:UpdateManagementRoles",
"iam:UpdateOtherUserSecret",
"iam:UpdateUsers",
"nexfs:UpdateConfiguration",
"nexfs:UpdateLicense",
"nfs:GetConfiguration",
"nfs:GetSubSystem",
"nfs:ManageSubSystem",
"nfs:UpdateConfiguration"
]
}
]
}
GET http://dev01kedavpn:9200/nexfsconsoleapi?Action=CreateRole&AssumeRolePolicyDocument={%22Version%22:%2208/29/2022.0%22,%22Statement%22:[{%22Sid%22:%20%22Allowed%20Actions%22,%22Effect%22:%20%22Allow%22,%22Action%22:%20[%22*:*%22,%22iam:ListManagementRoles%22,%22iam:ListUsers%22,%22iam:LoginMgmtReadOnly%22,%22iam:UpdateOwnSecret%22]},{%22Sid%22:%20%22Deny%20Actions%22,%22Effect%22:%20%22Deny%22,%22Action%22:%20[%22iam:DeleteManagementRoles%22,%22iam:UpdateManagementRoles%22,%22iam:UpdateOtherUserSecret%22,%22iam:UpdateUsers%22,%22nexfs:UpdateConfiguration%22,%22nexfs:UpdateLicense%22,%22nfs:GetConfiguration%22,%22nfs:GetSubSystem%22,%22nfs:ManageSubSystem%22,%22nfs:UpdateConfiguration%22]}]}&Enabled=1&RoleId=50001&RoleName=Example%20Role&RoleType=user&Version=08/29/2022.0
content-type: application/x-www-form-urlencoded; charset=utf-8
host: nexfs.example.com
x-amz-date: 20220829T132007Z
Example Response
<?xml version="1.0" encoding="UTF-8"?>
<RequestCompleted>
<Code>Ok</Code>
<CreateRoleResponse>
<CreateRoleResult>
<Role>
<RoleName>Example Role</RoleName>
<AssumeRolePolicyDocument>
{
"Version": "08/29/2022.0",
"Statement": [{
"Sid": "Allowed Actions",
"Effect": "Allow",
"Action": ["*:*", "iam:ListManagementRoles", "iam:ListUsers", "iam:LoginMgmtReadOnly", "iam:UpdateOwnSecret"]
}, {
"Sid": "Deny Actions",
"Effect": "Deny",
"Action": ["iam:DeleteManagementRoles", "iam:UpdateManagementRoles", "iam:UpdateOtherUserSecret", "iam:UpdateUsers", "nexfs:UpdateConfiguration", "nexfs:UpdateLicense", "nfs:GetConfiguration", "nfs:GetSubSystem", "nfs:ManageSubSystem", "nfs:UpdateConfiguration"]
}]
}
</AssumeRolePolicyDocument>
<CreateDate>2022-08-29T13:20:08.000Z</CreateDate>
<RoleId>50001</RoleId>
</Role>
</CreateRoleResult>
<ResponseMetadata>
<RequestId>118</RequestId>
</ResponseMetadata>
</CreateRoleResponse>
<Resource>/nexfsconsoleapi</Resource>
</RequestCompleted>