Updates one S3-compatible storage blockstore configuration. The v2.0 resource adds the
keyVault object. With this object, the S3-compatible storage blockstore reads its
AWS credentials from HashiCorp Vault. To learn more, see
HashiCorp Vault for Snapshot Store Credentials.
Base URL: https://{OPSMANAGER-HOST}:{PORT}/api/public/v2.0/admin/backup
Resource
PUT /snapshot/s3Configs/{S3-BLOCKSTORE-CONFIG-ID}
Request Path Parameters
Name | Type | Description |
|---|---|---|
S3-BLOCKSTORE-CONFIG-ID | string | The unique name that labels this S3-compatible storage blockstore configuration. |
Request Query Parameters
The following query parameters are optional:
Name | Type | Necessity | Description | Default |
|---|---|---|---|---|
pretty | boolean | Optional | Flag indicating whether the response body is in a prettyprint format. |
|
envelope | boolean | Optional | Flag that indicates whether to wrap the response in an envelope. Some API clients cannot access the HTTP response headers or status code. To remediate this, set envelope=true in the query. For endpoints that return one result, the response body includes:
|
|
Request Body Parameters
Name | Type | Necessity | Description | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
acceptedTos | boolean | Required | Flag that indicates whether or not you accepted the terms of
service for using S3-compatible storage stores with Ops Manager. You must
set this to If you set this to | |||||||||
assignmentEnabled | boolean | Optional | Flag that indicates whether you can assign backup jobs to this data store. | |||||||||
awsAccessKey | string | Conditional | AWS Access Key ID that can access the S3-compatible storage bucket specified in s3BucketName. If | |||||||||
awsSecretKey | string | Conditional | AWS Secret Access Key that can access the S3-compatible storage bucket
specified in If | |||||||||
customCertificates | array | Optional | List of valid Certificate Authority certificates that apply to the associated S3-compatible storage bucket. | |||||||||
customCertificates[n].filename | string | Optional | Name that identifies the Certificate Authority PEM file. | |||||||||
customCertificates[n].certString | string | Optional | Contents of the Certificate Authority PEM file that comprise your Certificate Authority chain. | |||||||||
disableProxyS3 | boolean | Optional | Flag that indicates whether the HTTP proxy should be used when connecting to S3-compatible storage. You don't need to set this value unless you configured Ops Manager to use the HTTP proxy. | |||||||||
encryptedCredentials | boolean | Optional | Flag that indicates whether the username and password for this S3-compatible storage blockstore were encrypted using the credentialstool. | |||||||||
labels | array of strings | Optional | Array of tags to manage which backup jobs Ops Manager can assign to which S3 blockstores. Setting these tags limits which backup jobs this S3-compatible storage blockstore can process. If omitted, this S3-compatible storage blockstore can only process backup jobs for projects that do not use labels to filter their jobs. | |||||||||
loadFactor | number | Optional | Positive, non-zero integer that expresses how much backup work this snapshot store performs compared to another snapshot store. This option is needed only if more than one snapshot store is in use. To learn more about Load Factor, see Edit One Existing Blockstore. | |||||||||
objectLockEnabled | boolean | Optional | Flag that indicates whether object lock is enabled to prevent the objects in an S3 bucket from being deleted. | |||||||||
pathStyleAccessEnabled | boolean | Required | Flag that indicates the style of this endpoint.
To review the S3-compatible storage bucket URL conventions, see the AWS S3 documentation. | |||||||||
s3AuthMethod | string | Optional | Method used to authorize access to the S3-compatible storage bucket specified in s3BucketName. Ops Manager accepts the following values:
| |||||||||
s3BucketEndpoint | string | Required | URL used to access this S3-compatible storage bucket. | |||||||||
s3BucketName | string | Required | Name of the S3-compatible storage bucket that hosts the S3-compatible storage blockstore. | |||||||||
s3MaxConnections | number | Required | Positive integer indicating the maximum number of connections to this S3-compatible storage blockstore. | |||||||||
s3RegionOverride | string | Conditional | Region where your S3-compatible storage bucket resides. Use this field only if your S3-compatible storage store's s3BucketEndpoint doesn't support region scoping. Don't use this field with AWS S3 buckets. | |||||||||
sseEnabled | boolean | Required | Flag that indicates whether this S3-compatible storage blockstore enables server-side encryption. | |||||||||
uri | string | Required | Comma-separated list of hosts in the | |||||||||
ssl | boolean | Optional | Flag that indicates whether this S3-compatible storage blockstore only accepts connections encrypted using TLS. | |||||||||
writeConcern | string | Optional | Write concern used for this blockstore. Ops Manager accepts the following values:
To learn about write acknowledgement levels in MongoDB, see Write Concern. |
Note
When s3AuthMethod is KEYS, provide exactly one of the
following credential sources: the keyVault object, or both
awsAccessKey and awsSecretKey. When s3AuthMethod is
IAM_ROLE, don't provide the keyVault object. Ops Manager
returns an error if you do, and ignores any awsAccessKey and
awsSecretKey values.
The v2.0 resource adds the following key vault parameters:
Name | Type | Necessity | Description |
|---|---|---|---|
keyVault | object | Conditional | Vault-backed credential source for this S3-compatible snapshot store.
When |
keyVault.vaultId | string | Conditional | Unique identifier of the key vault configuration that stores the
credentials. This value matches the |
keyVault.awsAccessKeyPath | string | Conditional | Path to the AWS access key in the key vault, in the form
|
keyVault.awsSecretKeyPath | string | Conditional | Path to the AWS secret key in the key vault. Uses the same
|
Response
Name | Type | Description | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
acceptedTos | boolean | Flag that indicates whether or not you accepted the terms of
service for using S3-compatible storage with Ops Manager. You
must set this to | |||||||||
assignmentEnabled | boolean | Flag that indicates whether you can assign backup jobs to this data store. | |||||||||
awsAccessKey | string | AWS Access Key ID that can access the S3-compatible storage bucket specified in s3BucketName. | |||||||||
awsSecretKey | string | AWS Secret Access Key that can access the S3-compatible storage bucket specified in s3BucketName. | |||||||||
customCertificates | array | List of valid Certificate Authority certificates that apply to the associated S3-compatible storage bucket. | |||||||||
customCertificates[n].filename | string | Name that identifies the Certificate Authority PEM file. | |||||||||
customCertificates[n].certString | string | Contents of the Certificate Authority PEM file that comprise your Certificate Authority chain. | |||||||||
disableProxyS3 | boolean | Flag that indicates whether the HTTP proxy should be used when connecting to S3-compatible storage. | |||||||||
encryptedCredentials | boolean | Flag that indicates whether the username and password for this S3-compatible storage blockstore were encrypted using the credentialstool. | |||||||||
id | string | Name that uniquely identifies this S3-compatible storage blockstore. | |||||||||
labels | array of strings | Array of tags to manage which backup jobs Ops Manager can assign to which S3 blockstores. | |||||||||
links | object array | One or more links to sub-resources or related resources. All
| |||||||||
loadFactor | integer | Positive, non-zero integer that expresses how much backup work this snapshot store performs compared to another snapshot store. This option is needed only if more than one snapshot store is in use. To learn more about Load Factor, see Edit One Existing Blockstore. | |||||||||
objectLockEnabled | boolean | Flag that indicates whether object lock is enabled to prevent the objects in an S3 bucket from being deleted. | |||||||||
pathStyleAccessEnabled | boolean | Flag that indicates the style of this endpoint.
To review the S3-compatible storage bucket URL conventions, see the AWS S3 documentation. | |||||||||
s3AuthMethod | string | Method used to authorize access to the S3-compatible storage bucket specified in Accepted values for this option are:
| |||||||||
s3BucketEndpoint | string | URL that Ops Manager uses to access this S3-compatible storage bucket. | |||||||||
s3BucketName | string | Name of the S3-compatible storage bucket that hosts the S3-compatible storage blockstore. | |||||||||
s3MaxConnections | integer | Positive integer indicating the maximum number of connections to this S3-compatible storage blockstore. | |||||||||
s3RegionOverride | string | ||||||||||
sseEnabled | boolean | Flag that indicates whether this S3-compatible storage blockstore enables server-side encryption. | |||||||||
ssl | boolean | Flag that indicates whether this S3-compatible storage blockstore only accepts connections encrypted using TLS. | |||||||||
uri | string | Connection String that connects to the metadata database for this S3-compatible storage blockstore. This database stores the locations of the blocks in the AWS S3-compatible storage bucket. | |||||||||
writeConcern | string | Write concern used for this blockstore. Ops Manager returns one of the following values:
To learn about write acknowledgement levels in MongoDB, see Write Concern. |
The v2.0 resource adds the following key vault field:
Name | Type | Description |
|---|---|---|
keyVault | object | Vault-backed credential source for this S3-compatible snapshot store. Ops Manager returns this object only when the snapshot store reads its credentials from a key vault. |
keyVault.vaultId | string | Unique identifier of the key vault configuration that stores the credentials. |
keyVault.awsAccessKeyPath | string | Path in the key vault to the AWS access key. |
keyVault.awsSecretKeyPath | string | Path in the key vault to the AWS secret key. |
Example Request
curl --user '{PUBLIC-KEY}:{PRIVATE-KEY}' --digest \ --header 'Accept: application/json' \ --header 'Content-Type: application/json' \ --include \ --request PUT 'https://<OpsManagerHost>:<Port>/api/public/v2.0/admin/backup/snapshot/s3Configs/{S3-BLOCKSTORE-CONFIG-ID}?pretty=true' \ --data '{ "assignmentEnabled": true, "pathStyleAccessEnabled": false, "acceptedTos": true, "encryptedCredentials": false, "loadFactor": 1, "s3AuthMethod": "KEYS", "s3BucketEndpoint": "s3.amazonaws.com", "s3BucketName": "bucketname", "s3MaxConnections": 50, "sseEnabled": true, "uri": "mongodb://127.0.0.1:27017", "ssl": false, "writeConcern": "ACKNOWLEDGED", "keyVault": { "vaultId": "{KEY-VAULT-ID}", "awsAccessKeyPath": "path/to/awsAccessKey", "awsSecretKeyPath": "path/to/awsSecretKey" } }'
Example Response
Response Header
401 Unauthorized Content-Type: application/json;charset=ISO-8859-1 Date: {dateInUnixFormat} WWW-Authenticate: Digest realm="MMS Public API", domain="", nonce="{nonce}", algorithm=MD5, op="auth", stale=false Content-Length: {requestLengthInBytes} Connection: keep-alive
200 OK Vary: Accept-Encoding Content-Type: application/json Strict-Transport-Security: max-age=300 Date: {dateInUnixFormat} Connection: keep-alive Content-Length: {requestLengthInBytes} X-MongoDB-Service-Version: gitHash={gitHash}; versionString={ApplicationVersion}
Response Body
{ "acceptedTos": true, "assignmentEnabled": true, "encryptedCredentials": false, "id": "{S3-BLOCKSTORE-CONFIG-ID}", "keyVault": { "vaultId": "{KEY-VAULT-ID}", "awsAccessKeyPath": "path/to/awsAccessKey", "awsSecretKeyPath": "path/to/awsSecretKey" }, "links": [ { "href": "https://<OpsManagerHost>:<Port>/api/public/v2.0/admin/backup/snapshot/s3Configs/{S3-BLOCKSTORE-CONFIG-ID}", "rel": "self" } ], "loadFactor": 1, "pathStyleAccessEnabled": false, "s3AuthMethod": "KEYS", "s3BucketEndpoint": "s3.amazonaws.com", "s3BucketName": "bucketname", "s3MaxConnections": 50, "sseEnabled": true, "ssl": false, "uri": "mongodb://127.0.0.1:27017", "writeConcern": "ACKNOWLEDGED" }