Bucket Management
Bucket is not only a namespace on BOS, but also a management entity with advanced features such as billing, privilege control and logging.
-
Bucket names are globally unique in all regions and cannot be modified
Note:
Baidu AI Cloud currently has opened access to multi-region support, please refer to Region Selection Description. Currently, it supports "North China-Beijing", "South China-Guangzhou" and "East China-Suzhou".
- Each object stored on the BOS must be contained in a bucket.
- A user can create up to 100 buckets. However, there is no limit on the total number and size of objects stored in each bucket, so users do not need to consider the extensibility of data.
Bucket Privilege Management
Set Access Privileges of Bucket
The following codes set the privilege of bucket as private:
bos_client.set_bucket_canned_acl(bucket_name, canned_acl.PRIVATE)
Where canned_acl contains 3 parameters PRIVATE
, PUBLIC_READ and
PUBLIC_READ_WRITE, which respectively correspond to the following corresponding behaviors: private
, public-read
, public-read-write
. For the specific contents of privilege, please see <BOS API Document Privilege Control through CannedAcl>.
Set the Specified User's Access to the Bucket
BBOS provides set_bucket_acl method for specified users to set access privilege of bucket, which can be realized by reference to the following parameters:
bos_client.set_bucket_acl(
bucket_name,
[{'grantee': [{'id': 'b124deeaf6f641c9ac27700b41a350a8'},
{'id': 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}],
'permission': ['FULL_CONTROL']}])
'resource':['your_bucket_name/prefix/*']
Note:
1.
id
is user ID, and you can view it in user information. 2.The privilege setting inprivilege
3 values:READ
,WRITE
andFULL_CONTROL
, corresponding to respective privileges. For the specific contents, please see "BOS API Document Privilege Control through ACL File Uploading". 3.The second parameter acl ofset_bucket_acl()
does not need to contain "accessControlList" field, which has been encapsulated in interface.
Set More Bucket Access Privileges
1.Set an anti-theft chain by using refer white list
myAcl =[{"grantee":[{"id": "*"}],
"permission":["FULL_CONTROL"],
"condition":{
"referer":{"stringEquals":["http://test/index"]}
}
}]
bos_client.set_bucket_acl(bucket_name, myAcl)
2.Limit client IP access, and only allow a few client IP accesses
myAcl = [{"grantee":[{"id":"*"}],
"permission":["FULL_CONTROL"],
"condition":{"ipAddress":["192.170.0.6"]}
}]
bos_client.set_bucket_acl(bucket_name, myAcl)
Set STS Temporary Token Privilege
For the temporary access identity created by STS, the administrator also can set a special privilege. See Temporary Authorized Access for introduction of STS and the mode of setting temporary privilege.
See Access to BOS via sts mode to set STS temporary token privilege with BOS Python SDK.
View Privileges of Bucket
The following code can view the privileges of bucket:
response = bos_client.get_bucket_acl(bucket_name)
bos_client.set_bucket_acl(bucket_name, response.access_control_list)
The parameters available for calling in parsing class returned by get_bucket_acl
method include:
Parameter | Description |
---|---|
owner | bucket owner information |
+id | User ID of bucket owner |
access_control_list | Identify privilege list of bucket |
+grantee | Identify authorized person |
++id | Authorized person ID. |
+permission | Identify the privilege of the authorized person. |
+resource | Resources affected by ACL configuration items |
View the Region to Which the Bucket Belongs
Bucket Location is bucket Region. For details of each region supported by Baidu AI Cloud, please see Region Selection Description.
The following code can get the Location information of this bucket:
region = bos_client.get_bucket_location(bucket_name)
print region
Create Bucket
The following code can create bucket:
if not bos_client.does_bucket_exist(bucket_name):
bos_client.create_bucket(bucket_name)
Note: Since the name of the bucket is unique in all regions, you need to make sure that the BucketName is different from that on all other regions. bucket has the following naming specifications:
- Only lowercase letters, numbers and dashes (-) can be included.
- It must begin with a lowercase letter or number.
- The length must be between 3 and 63 bytes.
Enumerate Bucket
The following ways can be used to list all buckets of users
response = bos_client.list_buckets()
for bucket in response.buckets:
print bucket.name
The parameters available for calling in parsing class returned by list_buckets
method include:
Parameter | Description |
---|---|
owner | bucket Owner information |
+id | User ID of bucket Owner |
+display_name | Name of bucket Owner |
buckets | Container for storing information on multiple bucket |
bucket | Container for storing information on one bucket |
+name | bucket name |
+creation_date | bucket creation time |
+location | Region to which the bucket belongs. |
Delete Bucket
The following code can delete a bucket:
bos_client.delete_bucket(bucket_name)
Note:
- If the bucket is not null (i.e. bucket has object and unfinished three-step upload Parts), the bucket cannot be deleted and must be emptied to be deleted successfully.
- Before deleting bucket, you make sure that the bucket does not enable cross-region replication. It is not the source bucket or target bucket in the cross-region replication rule, otherwise it cannot be deleted.
Judge whether a Bucket Exists or Not
To judge whether a bucket exists, you need to do with the following code:
# Obtain existence information of bucket, and it is needed to introduce bucket name, with returned value of Boolean type
exists = bos_client.does_bucket_exist(bucket_name)
# Output result
if exists:
print "Bucket exists"
else:
print "Bucket not exists"
Bucket Lifecycle Management
Application Scenarios
A data has its lifecycle, and the cycle from creation to archiving, and then to deletion can be deemed to be complete. The data created at the beginning often needs to be accessed and read frequently, and later cooled rapidly for archiving, and deleted finally. Lifecycle management is that object storage service helps users manage data lifecycle automatically It generally serves the following scenes:
1.Data are archived or deleted automatically after reaching a certain life. 2.Specify time to execute operation
Create Lifecycle Configuration
The following codes create a Lifecycle configuration
rule = {}
rule['id'] = 'rule1'
rule['status'] = 'enabled'
rule['action'] = {}
rule['action']['name'] = 'Transition'
rule['action']['storageClass'] = 'STANDARD_IA'
#Take effect all objects in baidubosmty2
rule['resource'] = ['baidubosmty2/*']
rule['condition'] = {}
rule['condition']['time'] = {'dateGreaterThan': 'XXXX-XX-XXTXX:XX:XXZ'}
rules=[]
rules.append(rule)
bos_client.put_bucket_lifecycle(bucket_name, rules)
Note:
1.This operation can proceed only when the Owner of bucket owns full control. 2."resource" specifies the resources for which the rule takes effect. For example, effective to object prefixed by
prefix/
in samplebucket.samplebucket/prefix/*
; effective for all objects in samplebucket:samplebucket/*
For detailed explanation and configuration of relevant parameters of lifecycle management function, please see PutBucketLifecycle Interface.
Read Lifecycle Configuration of Bucket
The following codes enable it to read Lifecycle configuration of bucket.
response = bos_client.get_bucket_lifecycle(bucket_name)
Delete Bucket Lifecycle
The following codes enable it to delete Lifecycle configuration of bucket.
bos_client.delete_bucket_lifecycle(bucket_name)
Bucket Cross-origin Resource Access
Application Scenarios
Cross-origin resource sharing (CORS) permits application of WEB end to access to resources not belonging to the origin. BOS provides an interface for developer to control various privileges of CORS.
Set CORS Rules
The following codes set a CORS rule:
conf = {}
conf['allowedOrigins'] = ['http://www.boluor.com']
conf['allowedMethods'] = ['GET', 'HEAD', 'DELETE']
conf['allowedHeaders'] = ['Authorization', 'x-bce-test', 'x-bce-test2']
conf['allowedExposeHeaders'] = ['user-custom-expose-header']
conf['maxAgeSeconds'] = 3600
confs = []
#Each bucket allows a maximum of 100 rules
confs.append(conf)
bos_client.put_bucket_cors(bucket_name, confs)
Note:
1.If the original rule exists, it is overwrited. 2.Only bucket owner and users granted with FULL_CONTROL privilege can set CORS of bucket. When there is no privilege, return 403 Forbidden error, with error code: AccessDenied.
For detailed explanation of relevant parameters of CORS rules, please See PutbucketCors Interface.
Obtain CORS Rules of Bucket
The following codes enable it to obtain CORS configuration of bucket:
response = bos_client.get_bucket_cors(bucket_name)
Disable CORS Function of Bucket, and Clear all Rules
The following codes disable CORS function of bucket and clear all rules
bos_client.delete_bucket_cors(bucket_name)