How to manage Ceph RADOS Gateway (RGW) users, buckets, and quotas programmatically from Node.js?

Question Body

I'm running a Ceph cluster with RADOS Gateway for S3-compatible object storage (deployed via Rook-Ceph on Kubernetes), and I need to automate admin operations from a Node.js backend service:

Create and delete S3 users Set per-user and per-bucket storage quotas Generate and rotate access keys Transfer bucket ownership between users Get usage statistics Set rate limits per user or bucket

I know I can shell out to the radosgw-admin CLI inside the Ceph toolbox pod, but that's not practical from application code. Ceph exposes an Admin Ops REST API for these operations, but it requires AWS SigV4 request signing which makes raw fetch() calls complicated.

I found two existing npm packages but they are outdated and not being maintained.

Is there a maintained Node.js library for the RGW Admin Ops API that supports modern Node.js (18+) with TypeScript?

---

Answer Body

radosgw-admin is a zero-dependency Node.js SDK for the full Ceph RGW Admin Ops API. It handles SigV4 signing internally using only node:crypto, supports TypeScript with strict types, and ships as dual ESM + CJS.

Install

npm install radosgw-admin

Setup

import { RadosGWAdminClient } from 'radosgw-admin'; const rgw = new RadosGWAdminClient({ host: 'http://rook-ceph-rgw-my-store.rook-ceph.svc', port: 80, accessKey: process.env.RGW_ACCESS_KEY, secretKey: process.env.RGW_SECRET_KEY, });

The admin user needs users=* and buckets=* capabilities. If you're on Rook-Ceph, get the credentials from the Kubernetes secret:

kubectl get secret rook-ceph-dashboard-admin-gateway -n rook-ceph \ -o jsonpath='{.data.accessKey}' | base64 -d

Create a user and set quota

const user = await rgw.users.create({ uid: 'alice', displayName: 'Alice', email: '[email protected]', maxBuckets: 10, }); await rgw.quota.setUserQuota({ uid: 'alice', maxSize: '10G', // accepts human-readable sizes maxObjects: 50000, enabled: true, });

Rotate access keys

const newKeys = await rgw.keys.generate({ uid: 'alice' }); console.log(newKeys[0].accessKey, newKeys[0].secretKey); // Revoke the old key await rgw.keys.revoke({ uid: 'alice', accessKey: oldAccessKey });

Set rate limits

await rgw.rateLimit.setUserLimit({ uid: 'alice', maxReadOps: 100, maxWriteOps: 50, });

Error handling

Errors are mapped to typed classes with the actual RGW error code preserved:

import { RGWNotFoundError, RGWConflictError } from 'radosgw-admin'; try { await rgw.users.get('nonexistent'); } catch (err) { if (err instanceof RGWNotFoundError) { console.log(err.code); // "NoSuchUser" } else if (err instanceof RGWConflictError) { console.log(err.code); // "UserAlreadyExists" } }

Other operations

await rgw.users.list(); // List all user UIDs await rgw.users.suspend('alice'); // Suspend account await rgw.buckets.list(); // List all buckets await rgw.buckets.transferOwnership({ bucket: 'b1', uid: 'bob' }); await rgw.usage.get({ uid: 'alice' }); // Usage stats const ok = await rgw.healthCheck(); // Connectivity check

It covers 8 modules (users, keys, subusers, buckets, quotas, rate limits, usage, cluster info) with 45+ methods. Tested against Ceph Quincy (v17) and Reef (v18). Works with Rook-Ceph and OpenShift Data Foundation.

Documentation GitHub npm

Disclosure: I'm the author of this package.