Managing UbiOps storage buckets¶
This page will show you how you can create a new bucket in your project, and manage its permissions.
You can create and interact with your buckets via the WebApp, Python Client Library and Command Line Interface (CLI).
Deleting buckets
If you delete a bucket that is managed by UbiOps, the files in the bucket will be deleted together with the bucket. For other storage providers the files in the bucket are not removed but the connection from UbiOps to the bucket will be removed.
Creating buckets¶
New storage buckets are created on project level. In the WebApp you can create a new bucket on the storage page, that you can find in the side menu.
On the storage page, click Create new bucket to either create a new UbiOps hosted bucket, or to connect to an existing bucket from another provider.
Using UbiOps hosted buckets as persistent storage
UbiOps managed buckets primarily serve to facilitate dataprocessing tasks in deployments and pipelines. They are not recommended to be used as persistent storage. In that case, we recommend connecting your self-managed bucket to UbiOps.
The ttl (time to live) parameter determines how long your files will be kept inside your bucket before they are automatically deleted. It must be a multiple of 604800 seconds (one week). If you don't want your files to be auto deleted after a certain time, you need to pass null as the ttl.
To connect an existing storage bucket in your own cloud environment, check the respective how-to's:
- How to connect to an existing Google Cloud Storage bucket
- How to connect to an existing Amazon S3 bucket
- How to connect to an existing Azure blob storage bucket
- How to connect to any existing S3-compatible bucket
Managing bucket permissions¶
You can manage access to any bucket, except the default bucket, for the following user types:
- Project members
- Service users (API tokens)
- Deployments
The default bucket is accessible to every project member, deployment or pipeline in the project with read and write access. However, service users need to be granted permissions to use this bucket.
Permissions can be granted by assigning file-related roles. There are four default roles for working with files:
files-reader: this role has read only permissions for filesfiles-writer: this role can read and write filesfiles-reader-restricted: this role has read only permissions and cannot list files. If users interacting with your deployment should only be able to view the specific files related to a request they made, you should use this role. This role is particularly useful for publicly exposed deployments.files-writer-restricted: same as above, but then also with write permissions.
Deployments need to be explicitly granted permissions to read from and write to buckets, except the default bucket. In case that your deployment has an input/output field of datatype file or array of files and you want to access another bucket, make sure to grant the deployment permissions to do so.
For more information on assigning roles, see the permissions page.