Generate Storage Integration Authorization Materials (V2)
This operation generates provider-specific authorization materials that are required before creating or validating a storage integration.
The base URL for this API is in the following format:
https://api.cloud.zilliz.com
The endpoints on the control plane currently supports up to 20 requests per second per user per endpoint.
export BASE_URL="https://api.cloud.zilliz.com"
The authentication token should be an API key with appropriate privileges.
The ID of the project.
The ID of the region. The server uses this field to derive the cloud provider.
The bucket, container, or storage name used to generate policies or credentials.
export TOKEN="YOUR_API_KEY"
curl --request POST \
--url "${BASE_URL}/v2/storageIntegrations/authorizationMaterials" \
--header "Authorization: Bearer ${TOKEN}" \
--header "Content-Type: application/json" \
-d '{
"projectId": "proj-xxxxxxxxxxxxxxxxxxxxxx",
"regionId": "aws-us-west-2",
"bucketName": "my-bucket"
}'
export TOKEN="YOUR_API_KEY"
curl --request POST \
--url "${BASE_URL}/v2/storageIntegrations/authorizationMaterials" \
--header "Authorization: Bearer ${TOKEN}" \
--header "Content-Type: application/json" \
-d '{
"projectId": "proj-xxxxxxxxxxxxxxxxxxxxxx",
"regionId": "gcp-us-central1",
"bucketName": "my-gcs-bucket"
}'
export TOKEN="YOUR_API_KEY"
curl --request POST \
--url "${BASE_URL}/v2/storageIntegrations/authorizationMaterials" \
--header "Authorization: Bearer ${TOKEN}" \
--header "Content-Type: application/json" \
-d '{
"projectId": "proj-xxxxxxxxxxxxxxxxxxxxxx",
"regionId": "azure-eastus",
"bucketName": "my-blob-container"
}'
A success response for AWS S3.
Response code.
The read-only AWS S3 policy. Possible values are s3:GetObject, s3:ListBucket, and s3:GetBucketLocation.
The read-write AWS S3 policy. Possible values are s3:GetObject, s3:ListBucket, s3:GetBucketLocation, and s3:PutObject.
The AWS IAM policy used by the create workflow. Possible values are s3:GetObject, s3:ListBucket, s3:GetBucketLocation, and s3:PutObject.
The provider trust policy.
The Zilliz cloud account or RAM principal to authorize.
The generated external ID.
A success response for GCP GCS.
Response code.
The GCP bucket permissions to grant.
The Zilliz-managed Google Cloud service account email.
A success response for Azure Blob.
Response code.
Azure authorization credential information.
The cluster issuer URL for Azure federated identity.
The Kubernetes namespace used by the Zilliz service account.
The Zilliz service account name.
A success response for Alibaba Cloud OSS.
Response code.
The Alibaba Cloud OSS policy. Possible values are oss:GetObject, oss:ListObjects, oss:GetBucketLocation, and oss:HeadBucket.
The read-write Alibaba Cloud OSS policy. Possible values are oss:GetObject, oss:ListObjects, oss:GetBucketLocation, oss.HeadBucket, and oss:PutObject.
The Alibaba Cloud RAM policy used by the create workflow. Possible values are oss:GetObject, oss:ListObjects, oss:GetBucketLocation, oss.HeadBucket, and oss:PutObject.
The provider trust policy.
The Zilliz cloud account or RAM principal to authorize.
The generated external ID.
A failure response.
Response code.
Error message.
{
"code": 0,
"data": {
"readonly": "{...}",
"readwrite": "{...}",
"iamPolicy": "{...}",
"trustPolicy": "{...}",
"zillizAccount": "306787409409",
"externalId": "zilliz-external-AbCdEf12345678"
}
}