Bucket Management
Bucket is not only a namespace on BOS, but also a management entity with advanced features such as billing, privilege control and logging.
-
Bucket names are globally unique in all regions and cannot be modified
Note: Baidu AI Cloud currently has opened access to multi-region support, please refer to Region Selection Description.
Currently, it supports "North China-Beijing", "South China-Guangzhou" and "East China-Suzhou". Beijing:
http://bj.bcebos.com
; Guangzhou:http://gz.bcebos.com
; Suzhou:http://su.bcebos.com
. - Each object stored on the BOS must be contained in a bucket.
- A user can create up to 100 buckets. However, there is no limit on the total number and size of objects stored in each bucket, so users do not need to consider the extensibility of data.
Bucket Privilege management
Set Access Privilege of Bucket
The following code sets the privilege of bucket private.
public void setBucketPrivate (BosClient client, String bucketName) {
client.setBucketAcl(<bucketName>, CannedAccessControlList.Private);
}
CannedAccessControlList is an enumeration type that contains three values: Private
, PublicRead
, PublicReadWrite
. They correspond to the respective privilege. For specific contents, Please see BOS API Document Privilege Control through CannedAcl.
Set the Specified User's Access to the Bucket
BOS can also set the access privilege of specified users to bucket, see the following codes:
List<Grant> accessControlList = new ArrayList<Grant>();
List<Grantee> grantees = new ArrayList<Grantee>();
List<Permission> privilege = new ArrayList<Permission>();
List<String> ipAddress = new ArrayList<String>();
List<String> stringLike = new ArrayList<String>();
List<String> stringEquals = new ArrayList<String>();
List<String> resource = new ArrayList<String>();
List<String> notResource = new ArrayList<String>();
Referer referer = new Referer();
Condition condition = new Condition();
// privilegeto specific users
grantees.add(new Grantee("user_id1"));
grantees.add(new Grantee("user_id2"));
grantees.add(new Grantee("user_id3"));
//privilegeto Everyone
grantee.add(new Grantee("*"));
//privilegesetting
privilege.add(Permission.WRITE);
privilege.add(Permission.READ);
privilege.add(Permission.LIST);
// Set ip
ipAddress.add("ipAddress1");
ipAddress.add("ipAddress2");
ipAddress.add("ipAddress3");
condition.setIpAddress(ipAddress);
//Set refer stringLike
stringLike.add("http://www.example1.com/");
stringLike.add("http://www.example2.com/");
stringLike.add("http://www.example3.com/");
referer.setStringLike(stringLike);
condition.setReferer(referer);
// Set refer stringEquals
stringEquals.add("http://www.baidu.com");
stringEquals.add("http://www.xiaomi.com");
stringEquals.add("http://www.google.com");
referer.setStringEquals(stringEquals);
condition.setReferer(referer);
// Set resource
resource.add("yourBucketName");
//Set notResource
List<String> notResouce = new ArrayList<String>();
notResouce.add("yourBucketName");
notResouce.add("yourBucketName/*");
Grant grant = new Grant();
grant.setGrantee(grantees);
grant.setPermission(privilege);
grant.setCondition(condition);
grant.setResource(resource);
List<Grantee> grantees1 = new ArrayList<Grantee>();
List<Permission> privilege1 = new ArrayList<Permission>();
List<String> ipAddress1 = new ArrayList<String>();
List<String> stringLike1 = new ArrayList<String>();
List<String> stringEquals1 = new ArrayList<String>();
List<String> resource1 = new ArrayList<String>();
List<String> notResource1 = new ArrayList<String>();
Referer referer1 = new Referer();
Condition condition1 = new Condition();
// privilegeto specific users
grantees1.add(new Grantee("user_id4"));
grantees1.add(new Grantee("user_id5"));
grantees1.add(new Grantee("user_id6"));
//privilegeto Everyone
grantee.add(new Grantee("*"));
//privilegesetting
privilege.add(Permission.FULL_CONTROL);
privilege1.add(Permission.WRITE);
privilege1.add(Permission.READ);
privilege1.add(Permission.LIST);
// Set ip
ipAddress1.add("ipAddress4");
ipAddress1.add("ipAddress5");
ipAddress1.add("ipAddress6");
condition1.setIpAddress(ipAddress1);
//Set refer stringLike
stringLike1.add("http://www.example4.com/");
stringLike1.add("http://www.example5.com/");
stringLike1.add("http://www.example6.com/");
referer1.setStringLike(stringLike1);
condition1.setReferer(referer1);
// Set refer stringEquals
stringEquals1.add("http://www.baidu1.com");
stringEquals1.add("http://www.xiaomi1.com");
stringEquals1.add("http://www.google1.com");
referer1.setStringEquals(stringEquals1);
condition1.setReferer(referer1);
// Set resource
resource1.add("yourBucketName");
// Set notResource
List<String> notResouce = new ArrayList<String>();
notResouce.add("yourBucketName");
notResouce.add("yourBucketName/*");
Grant grant1 = new Grant();
grant1.setGrantee(grantees1);
grant1.setPermission(privilege1);
grant1.setCondition(condition1);
grant1.setResource(resource1);
accessControlList.add(grant);
accessControlList.add(grant1);
SetBucketAclRequest request = new SetBucketAclRequest("yourBucketName",accessControlList);
client.setBucketAcl(request);
Note: resource and notResource cannot be set simultaneously The privilege setting in permission contains 3 values:
READ
,WRITE
andFULL_CONTROL
, corresponding to respective privilege. For the specific contents, please see BOS API Document Privilege Control through ACL File Uploading.
Set More Bucket Access Privilege
1.Set an anti-theft chain by using refer whitelist
String jsonAcl = "";
client.setBucketAcl("BucketName", jsonAcl)
Where jsonAcl is {\"accessControlList\":["+ "{\"grantee\":[{\"id\":\"*\"}], "+ "\"permission\":[\"FULL_CONTROL\"], "+ "\"condition\":{\"referer\":{\"stringEquals\":[\"http://test/index\"]}" + "}}]}
2.Limit client IP access, and only allow a few client IP accesses
String jsonAcl = "";
client.setBucketAcl("BucketName", jsonAcl)
Where jsonAcl is {\"accessControlList\":["+ "{\"grantee\":[{\"id\":\"*\"}], "+ "\"permission\":[\"FULL_CONTROL\"], "+ "\"condition\":{\"ipAddress\":[\"192.170.0.6\"]" + "}}]}")
Set STS Temporary Token Privilege
For the temporary access identity created by STS, the administrator also can set a special permission. See Temporary Authorized Access for introduction of STS and the mode of setting temporary permission.
For setting of STS temporary token privilege with BOS JAVA SDK, please see Create BosClient with STS
View Privilege of Bucket
The following code can view the privilege of bucket:
GetBucketAclResponse aclResponse = client.getBucketAcl("bucketName");
System.out.println(aclResponse.getAccessControlList().toString());
The parameters available for calling in parsing class returned by getBucketAcl
method include:
Parameter | Description |
---|---|
owner | bucket owner information |
id | User ID of bucket owner |
acl | Identify privilege list of bucket |
grantee | Identify authorized person |
-id | Authorized person ID. |
permission | Identify the privilege of the authorized person. |
View the Region to Which the Bucket Belongs
Bucket Location is bucket Region. For details of each region supported by Baidu AI Cloud, please see Region Selection Description.
The following code can get the Location information of this bucket:
BosClient client = new BosClient(config);
ListBucketsResponse listBucketsResponse = client.listBuckets();
List<BucketSummary> bucketSummaryList = listBucketsResponse.getBuckets();
for(BucketSummary bs : bucketSummaryList){
System.out.println( bs.getLocation());
}
System.out.println(client.getBucketLocation("bucket-test").getLocationConstraint());
Create Bucket
The following code can create bucket:
public void createbucket (BosClient client, String BucketName) {
// Create a bucket.
client.createbucket(<BucketName>); //Designate the name of the bucket:
}
Note: Since the name of the bucket is unique in all regions, you need to make sure that the BucketName is different from that on all other regions.
bucket has the following naming specifications:
- Only lowercase letters, numbers and dashes (-) can be included.
- It must begin with a lowercase letter or number.
- The length must be between 3 and 63 bytes.
The bucket created by the above code has private read and write privilege and the storage type is Standard.
Enumerate Bucket
The following code can list all the users' buckets:
public void listbuckets (BosClient client) {
// Get the user's bucket list.
List<BucketSummary> buckets = client.listbuckets().getbuckets();
// Traverse all buckets.
for (BucketSummary bucket : buckets) {
System.out.println(bucket.getName());
}
}
Delete Bucket
The following code can delete a bucket:
public void deleteBucket (BosClient client, String bucketName) {
// Delete bucket
client.deleteBucket(<bucketName>); //指定Bucket名称
}
Note:
- Before deleting, you need to make sure that all objects under this bucket and the unfinished three-step upload Parts have been deleted, otherwise, the deletion will fail.
- Before deleting bucket, you make sure that the bucket does not enable cross-region replication. It is not the source bucket or target bucket in the cross-region replication rule, otherwise it cannot be deleted.
Judge whether a Bucket Exists or Not
To judge whether a bucket exists, you need to do with the following code:
public void doesBucketExist (BosClient client, String bucketName) {
// Obtain the presence information of the bucket
boolean exists = client.doesBucketExist(<bucketName>); //指定Bucket名称
// Output result
if (exists) {
System.out.println("Bucket exists");
} else {
System.out.println("Bucket not exists");
}
}
Note: If the bucket is not null (i.e. bucket has object), the bucket cannot be deleted and must be emptied to be deleted successfully.
Set Bucket Server Encryption
If you need to enable bucket server encryption, the following codes are available:
Parameter | Description |
---|---|
encryptionAlgorithm | specify the server end encryption class of bucket; currently, only AES256 encryption is supported. |
public void PutBucketEncryptionByEncryption(BosClient client, String bucketName, String encryptionAlgorithm ) {
SetBucketEncryptionRequest setBucketEncryptionRequest = new SetBucketEncryptionRequest();
setBucketEncryptionRequest.setBucketName(bucketName);
BucketEncryption encryption = new BucketEncryption();
encryption.setEncryptionAlgorithm(encryptionAlgorithm);
setBucketEncryptionRequest.setBucketEncryption(encryption);
client.setBucketEncryption(setBucketEncryptionRequest);
}
If you want to view bucket server encryption, the following codes are available:
public GetBucketEncryptionResponse GetBucketEncryption(BosClient client, String bucketName) {
GetBucketEncryptionRequest getBucketEncryptionRequest = new GetBucketEncryptionRequest();
getBucketEncryptionRequest.withBucketName(bucketName);
GetBucketEncryptionResponse resp = new GetBucketEncryptionResponse();
resp = client.getBucketEncryption(getBucketEncryptionRequest);
return resp;
}
If you want to delete bucket server encryption, the following codes are available:
public void DeleteBucketEncryption(BosClient client, String bucketName) {
DeleteBucketEncryptionRequest deleteBucketEncryptionRequest = new DeleteBucketEncryptionRequest();
deleteBucketEncryptionRequest.withBucketName(bucketName);
client.deleteBucketEncryption(deleteBucketEncryptionRequest);
}
Bucket Static Website Hosting
Host website in bucket for light-weighted operation and maintenance, and the following codes are available:
Parameter | Description |
---|---|
index | Index file name |
notFound | 404 file name |
public void PutBucketStaticWebsite(BosClient client, String bucketName, String index, String notFound) {
SetBucketStaticWebsiteRequest setBucketStaticWebsiteRequest = new SetBucketStaticWebsiteRequest();
setBucketStaticWebsiteRequest.setBucketName(bucketName);
setBucketStaticWebsiteRequest.setIndex(index);
setBucketStaticWebsiteRequest.setNotFound(notFound);
client.setBucketStaticWebSite(setBucketStaticWebsiteRequest);
}
If you want to view static website hosting information, the following codes are available:
public void PutBucketStaticWebsite(BosClient client, String bucketName, String index, String notFound) {
SetBucketStaticWebsiteRequest setBucketStaticWebsiteRequest = new SetBucketStaticWebsiteRequest();
setBucketStaticWebsiteRequest.setBucketName(bucketName);
setBucketStaticWebsiteRequest.setIndex(index);
setBucketStaticWebsiteRequest.setNotFound(notFound);
client.setBucketStaticWebSite(setBucketStaticWebsiteRequest);
}
If you want to disable static website hosting, the following codes are available:
public void DeleteBucketStaticWebsite(BosClient client, String bucketName) {
DeleteBucketStaticWebsiteRequest deleteBucketStaticWebsiteRequest = new DeleteBucketStaticWebsiteRequest();
deleteBucketStaticWebsiteRequest.withBucketName(bucketName);
client.deleteBucketStaticWebSite(deleteBucketStaticWebsiteRequest);
}
Original Photo Protection
If you want to enable the original photo protection of bucket, the following codes are available:
Parameter | Description |
---|---|
resource | represent the range of effective resources |
public void PutBucketCopyrightProtection(BosClient client, String bucketName, List<String> resource) {
SetBucketCopyrightProtectionRequest request = new SetBucketCopyrightProtectionRequest();
request.setBucketName(bucketName);
request.setResource(resource);
client.setBucketCopyrightProtection(request);
}
If you want to obtain the original photo protection configuration of a bucket, the following codes are available:
public void GetBucketCopyrightProtection(BosClient client, String bucketName) {
GetBucketCopyrightProtectionRequest getBucketCopyrightProtectionRequest =
new GetBucketCopyrightProtectionRequest();
getBucketCopyrightProtectionRequest.withBucketName(bucketName);
GetBucketCopyrightProtectionResponse resp = new GetBucketCopyrightProtectionResponse();
resp = client.getBucketCopyrightProtection(getBucketCopyrightProtectionRequest);
return resp;
}
If you want to disable the original photo protection function of bucket, the following codes are available:
public void DeleteBucketCopyrightProtection(BosClient client, String bucketName) {
DeleteBucketCopyrightProtectionRequest deleteBucketCopyrightProtectionRequest =
new DeleteBucketCopyrightProtectionRequest();
deleteBucketCopyrightProtectionRequest.withBucketName(bucketName);
client.deleteBucketCopyrightProtection(deleteBucketCopyrightProtectionRequest);
}