Bucket Management
Bucket is not only a namespace on BOS, but also a management entity with advanced features such as billing, privilege control and logging.
-
Buckets names are globally unique in all regions and cannot be modified
Note:
- Baidu AI Cloud currently has opened access to multi-region support, please refer to Region Selection Description.
- Currently, it supports "North China-Beijing", "South China-Guangzhou" and "East China-Suzhou". Beijing:
http://bj.bcebos.com
; Guangzhou:http://gz.bcebos.com
; Suzhou:http://su.bcebos.com
- Each object stored on the BOS must be contained in a bucket.
- A user can create up to 100 buckets. However, there is no limit on the total number and size of objects stored in each bucket, so users do not need to consider the extensibility of data.
Bucket Privilege Management
Set Access Privileges of Bucket
The following codes set the privilege of bucket as private:
client.set_bucket_canned_acl(bucket_name, "private")
The canned acl supports three authorities, including respectively: private
, public-read
, public-read-write
, For the specific contents of privilege, please see <BOS API Document Privilege Control through CannedAcl>.
Set the Specified User's Access to the Bucket
BBOS provides set_bucket_acl method for specified users to set access privilege of bucket, which can be realized by reference to the following parameters:
acl = [{'grantee' => [{'id' => 'b124deeaf6f641c9ac27700b41a350a8'},
{'id' => 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}],
'permission' => ['FULL_CONTROL']
}]
client.set_bucket_acl(bucket_name, acl)
Note:
1.The privilege setting of privilege contains 3 values:
READ
,WRITE
andFULL_CONTROL
, corresponding to respective privileges. For the specific contents, please see BOS API Document Privilege Control through ACL File Uploading. 2.When setting above 2 (inclusive) authorized persons, please see format of the example above, and if data are combined, an error is returned.
Set More Bucket Sccess Privileges
1.Set an anti-theft chain by using referrer whitelist.
acl = [{'grantee' => [{'id' => 'b124deeaf6f641c9ac27700b41a350a8'},
{'id' => 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}],
'permission' => ['FULL_CONTROL'],
'condition' => {
'referer' => {
'stringLike' => ['http://www.abc.com/*'],
'stringEquals' => ['http://www.abc.com']
}
}
}]
client.set_bucket_acl(bucket_name, acl)
2.Limit client IP access, and only allow a few client IP accesses.
acl = [{'grantee' => [{'id' => 'b124deeaf6f641c9ac27700b41a350a8'},
{'id' => 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}],
'permission' => ['FULL_CONTROL'],
'condition' => {
"ipAddress" => [
'192.168.0.0/16',
'192.169.0.*',
'192.170.0.5'
]
}
}]
client.set_bucket_acl(bucket_name, acl)
Set STS Temporary Token Privilege
For the temporary access identity created by STS, the administrator also can set a special privilege. See Temporary Authorized Access for introduction of STS and the mode of setting temporary privilege.
Refer to Use STS to Create BosClient for using BOS Ruby SDK to set the temporary token privilege of STS
View Privileges of Bucket
The following code can view the privileges of bucket:
client.get_bucket_acl(bucket_name)
The parameters available for calling in parsing class returned by get_bucket_acl
method include:
Parameter | Description |
---|---|
owner | bucket owner information |
id | User ID of bucket owner |
acl | Identify privilege list of bucket |
grantee | Identify authorized person |
-id | Authorized person ID. |
privilege | Identify the privilege of the authorized person. |
View the Region to Which the Bucket Belongs
bucket Location is bucket Region. For details of each region supported by Baidu AI Cloud, please see Region Selection Description.
The following code can get the Location information of this bucket:
client.get_bucket_location(bucket_name)
Create Bucket
The following code can create bucket:
bucketName = "your_bucket";
# Whether bucket exists, if not, create bucket
client.create_bucket(bucket_name) unless client.does_bucket_exist(bucket_name)
Note: Since the name of the bucket is unique in all regions, you need to make sure that the BucketName is different from that on all other regions.
bucket has the following naming specifications:
- Only lowercase letters, numbers and dashes (-) can be included.
- It must begin with a lowercase letter or number.
- The length must be between 3 and 63 bytes.
The bucket created by the above code has private read and write privileges and the storage type is Standard. Users can specify bucket privilege and storage type when creating bucket in console.
Enumerate Bucket
The following code can list all the users' buckets:
buckets = client.list_buckets()
Delete Bucket
Delete Specified Bucket
The following code can delete a bucket:
bucketName = "your_bucket";
client.delete_bucket(bucketName)
Note:
- Before deleting, you need to make sure that all objects under this bucket and the unfinished three-step upload Parts have been deleted, otherwise, the deletion will fail.
- Before deleting bucket, you make sure that the bucket does not enable cross-region replication. It is not the source bucket or target bucket in the cross-region replication rule, otherwise it cannot be deleted.
Delete All Buckets
Combine the function of delete_bucket
and list_buckets
to delete all buckets, with the reference code as follows:
# List all buckets
buckets = client.list_buckets()['buckets']
# Transverse to delete all buckets
buckets.each do |bucket|
while true
options = {}
res = client.list_objects(bucket['name'], options)
res['contents'].each do |object|
client.delete_object(bucket['name'], object['key'])
end
if res['isTruncated']
options[:marker] = res['nextMarker']
else
break
end
end
client.delete_bucket(bucket['name'])
end
Judge whether a Bucket Exists or Not
To judge whether a bucket exists, you need to do with the following code:
client.does_bucket_exist(bucketName)