Managing UbiOps storage buckets¶
This page will show you how you can create a new bucket in your project, and manage its permissions.
If you need more functionality, like listing all buckets in your project or deleting buckets, have a look at our Python client library or API specification.
Deleting buckets
If you delete a bucket that is managed by UbiOps, the files in the bucket will be deleted together with the bucket. For other storage providers the files in the bucket are not removed but the connection from UbiOps to the bucket will be removed.
Creating buckets¶
New storage buckets are created on project level. In the WebApp you can create a new bucket on the storage page, that you can find in the side menu.
On the storage page, click Create new bucket to either create a new UbiOps hosted bucket, or to connect to an existing bucket from another provider.
To connect an existing storage bucket in your own cloud environment, check the respective how-to's:
- How to connect to an existing Google Cloud Storage bucket
- How to connect to an existing Amazon S3 bucket
- How to connect to an existing Azure blob storage bucket
- How to connect to any existing S3-compatible bucket
You can also use our Python client library to create a bucket using either environment variables or authorization parameters:
import ubiops
core_api = ubiops.CoreApi()
project_name = 'project_name_example' # str
data = ubiops.BucketCreate('name': 'example-bucket', 'ttl' = 604800) # BucketCreate
# Create bucket
api_response = core_api.buckets_create(project_name, data)
print(api_response)
# Close the connection
core_api.api_client.close()
import ubiops
configuration = ubiops.Configuration()
# Configure API token authorization
configuration.api_key['Authorization'] = "Token <YOUR_API_TOKEN>"
# Defining host is optional and default to "https://api.ubiops.com/v2.1"
configuration.host = "https://api.ubiops.com/v2.1"
api_client = ubiops.ApiClient(configuration)
core_api = ubiops.CoreApi(api_client)
project_name = 'project_name_example' # str
data = ubiops.BucketCreate('name': 'example-bucket', 'ttl' = 604800) # BucketCreate
# Create bucket
api_response = core_api.buckets_create(project_name, data)
print(api_response)
# Close the connection
api_client.close()
The ttl
(time to live) parameter determines how long your files will be kept inside your bucket before they are automatically deleted. It must be a multiple of 604800 seconds (one week). If you don't want your files to be autodeleted after a certain time, you need to pass null
as the ttl
.
Managing bucket permissions¶
You can manage access to any bucket, except the default
bucket, for the following user types:
- Project members
- Service users (API tokens)
- Deployments
The default
bucket is accessible to every project member, deployment or pipeline in the project with read and write access. However, service users need to be granted permissions to use this bucket.
Permissions can be granted by assigning file-related roles. There are four default roles for working with files:
files-reader
: this role has read only permissions for filesfiles-writer
: this role can read and write filesfiles-reader-restricted
: this role has read only permissions and cannot list files. If users interacting with your deployment should only be able to view the specific files related to a request they made, you should use this role. This role is particularly useful for publicly exposed deployments.files-writer-restricted
: same as above, but then also with write permissions.
Deployments need to be explicitly granted permissions to read from and write to buckets, except the default
bucket. In case that your deployment has an input/output field of datatype file
or array of files
and you want to access another bucket, make sure to grant the deployment permissions to do so.
For more information on assigning roles, see the permissions page.