Bucket is not only a namespace on BOS, but also a management entity with advanced features such as billing, privilege control and logging.

• Bucket names are globally unique in all regions and cannot be modified

  Note:

  Baidu AI Cloud currently has opened access to multi-region support, please refer to Region Selection Description. Currently, it supports "North China-Beijing", "South China-Guangzhou" and "East China-Suzhou".

• Each object stored on the BOS must be contained in a bucket.
• A user can create up to 100 buckets. However, there is no limit on the total number and size of objects stored in each bucket, so users do not need to consider the extensibility of data.

Bucket Privilege Management

Set Access Privileges of Bucket

The following codes set the privilege of bucket as private:

bos_client.set_bucket_canned_acl(bucket_name, canned_acl.PRIVATE)

Where canned_acl contains 3 parameters PRIVATE, PUBLIC_READ andPUBLIC_READ_WRITE, which respectively correspond to the following corresponding behaviors: private, public-read, public-read-write. For the specific contents of privilege, please see <BOS API Document Privilege Control through CannedAcl>.

Set the Specified User's Access to the Bucket

BBOS provides set_bucket_acl method for specified users to set access privilege of bucket, which can be realized by reference to the following parameters:

bos_client.set_bucket_acl(
    bucket_name,
    [{'grantee': [{'id': 'b124deeaf6f641c9ac27700b41a350a8'},
                  {'id': 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}],
      'permission': ['FULL_CONTROL']}])
      'resource':['your_bucket_name/prefix/*']

Note:

1.id is user ID, and you can view it in user information. 2.The privilege setting in privilege 3 values: READ, WRITE and FULL_CONTROL, corresponding to respective privileges. For the specific contents, please see "BOS API Document Privilege Control through ACL File Uploading". 3.The second parameter acl of set_bucket_acl() does not need to contain "accessControlList" field, which has been encapsulated in interface.

Set More Bucket Access Privileges

1.Set an anti-theft chain by using refer white list

myAcl =[{"grantee":[{"id": "*"}], 
		"permission":["FULL_CONTROL"], 
		"condition":{
			"referer":{"stringEquals":["http://test/index"]}
			}
		}]
bos_client.set_bucket_acl(bucket_name, myAcl)

2.Limit client IP access, and only allow a few client IP accesses

myAcl = [{"grantee":[{"id":"*"}], 
		"permission":["FULL_CONTROL"], 
		"condition":{"ipAddress":["192.170.0.6"]}
		}]
bos_client.set_bucket_acl(bucket_name, myAcl)

Set STS Temporary Token Privilege

For the temporary access identity created by STS, the administrator also can set a special privilege. See Temporary Authorized Access for introduction of STS and the mode of setting temporary privilege.

See Access to BOS via sts mode to set STS temporary token privilege with BOS Python SDK.

View Privileges of Bucket

The following code can view the privileges of bucket:

response = bos_client.get_bucket_acl(bucket_name)

bos_client.set_bucket_acl(bucket_name, response.access_control_list)

The parameters available for calling in parsing class returned by get_bucket_acl method include:

View the Region to Which the Bucket Belongs

Bucket Location is bucket Region. For details of each region supported by Baidu AI Cloud, please see Region Selection Description.

The following code can get the Location information of this bucket:

region = bos_client.get_bucket_location(bucket_name)                  
print region

Create Bucket

The following code can create bucket:

if not bos_client.does_bucket_exist(bucket_name):
    bos_client.create_bucket(bucket_name)

Note: Since the name of the bucket is unique in all regions, you need to make sure that the BucketName is different from that on all other regions. bucket has the following naming specifications:

• Only lowercase letters, numbers and dashes (-) can be included.
• It must begin with a lowercase letter or number.
• The length must be between 3 and 63 bytes.

Enumerate Bucket

The following ways can be used to list all buckets of users

response = bos_client.list_buckets()
for bucket in response.buckets:
	 print bucket.name

The parameters available for calling in parsing class returned by list_buckets method include:

Delete Bucket

The following code can delete a bucket:

bos_client.delete_bucket(bucket_name)

Note:

• If the bucket is not null (i.e. bucket has object and unfinished three-step upload Parts), the bucket cannot be deleted and must be emptied to be deleted successfully.
• Before deleting bucket, you make sure that the bucket does not enable cross-region replication. It is not the source bucket or target bucket in the cross-region replication rule, otherwise it cannot be deleted.

Judge whether a Bucket Exists or Not

To judge whether a bucket exists, you need to do with the following code:

# Obtain existence information of bucket, and it is needed to introduce bucket name, with returned value of Boolean type 
exists = bos_client.does_bucket_exist(bucket_name)
# Output result
if exists:
    print "Bucket exists"
else:
    print "Bucket not exists"

Bucket Lifecycle Management

Application Scenarios

A data has its lifecycle, and the cycle from creation to archiving, and then to deletion can be deemed to be complete. The data created at the beginning often needs to be accessed and read frequently, and later cooled rapidly for archiving, and deleted finally. Lifecycle management is that object storage service helps users manage data lifecycle automatically It generally serves the following scenes:

1.Data are archived or deleted automatically after reaching a certain life. 2.Specify time to execute operation

Create Lifecycle Configuration

The following codes create a Lifecycle configuration

rule = {}
rule['id'] = 'rule1'
rule['status'] = 'enabled'
rule['action'] = {}
rule['action']['name'] = 'Transition'
rule['action']['storageClass'] = 'STANDARD_IA'
#Take effect all objects in baidubosmty2
rule['resource'] = ['baidubosmty2/*']
rule['condition'] = {}
rule['condition']['time'] = {'dateGreaterThan': 'XXXX-XX-XXTXX:XX:XXZ'}
rules=[]
rules.append(rule)
bos_client.put_bucket_lifecycle(bucket_name, rules)

Note:

1.This operation can proceed only when the Owner of bucket owns full control. 2."resource" specifies the resources for which the rule takes effect. For example, effective to object prefixed by prefix/ in samplebucket. samplebucket/prefix/*; effective for all objects in samplebucket: samplebucket/*

For detailed explanation and configuration of relevant parameters of lifecycle management function, please see PutBucketLifecycle Interface.

Read Lifecycle Configuration of Bucket

The following codes enable it to read Lifecycle configuration of bucket.

response = bos_client.get_bucket_lifecycle(bucket_name)

Delete Bucket Lifecycle

The following codes enable it to delete Lifecycle configuration of bucket.

bos_client.delete_bucket_lifecycle(bucket_name)

Bucket Cross-origin Resource Access

Application Scenarios

Cross-origin resource sharing (CORS) permits application of WEB end to access to resources not belonging to the origin. BOS provides an interface for developer to control various privileges of CORS.

Set CORS Rules

The following codes set a CORS rule:

conf = {}
conf['allowedOrigins'] = ['http://www.boluor.com']
conf['allowedMethods'] = ['GET', 'HEAD', 'DELETE']
conf['allowedHeaders'] = ['Authorization', 'x-bce-test', 'x-bce-test2']
conf['allowedExposeHeaders'] = ['user-custom-expose-header']
conf['maxAgeSeconds'] = 3600
confs = []
#Each bucket allows a maximum of 100 rules
confs.append(conf)
bos_client.put_bucket_cors(bucket_name, confs)

Note:

1.If the original rule exists, it is overwrited. 2.Only bucket owner and users granted with FULL_CONTROL privilege can set CORS of bucket. When there is no privilege, return 403 Forbidden error, with error code: AccessDenied.

For detailed explanation of relevant parameters of CORS rules, please See PutbucketCors Interface.

Obtain CORS Rules of Bucket

The following codes enable it to obtain CORS configuration of bucket:

response = bos_client.get_bucket_cors(bucket_name)

Disable CORS Function of Bucket, and Clear all Rules

The following codes disable CORS function of bucket and clear all rules

bos_client.delete_bucket_cors(bucket_name)