Managing UbiOps storage buckets¶
This page will show you how you can create a new bucket in your project, and manage its permissions.
If you delete a bucket that is managed by UbiOps, the files in the bucket will be deleted together with the bucket. For other storage providers the files in the bucket are not removed but the connection from UbiOps to the bucket will be removed.
New storage buckets are created on project level. In the WebApp you can create a new bucket on the storage page, that you can find in the side menu.
On the storage page, click Create new bucket to either create a new UbiOps hosted bucket, or to connect to an existing bucket from another provider.
To connect an existing storage bucket in your own cloud environment, check the respective how-to's:
- How to connect to an existing Google Cloud Storage bucket
- How to connect to an existing Amazon S3 bucket
- How to connect to an existing Azure blob storage bucket
import ubiops core_api = ubiops.CoreApi() project_name = 'project_name_example' # str data = ubiops.BucketCreate('name': 'example-bucket', 'ttl' = 604800) # BucketCreate # Create bucket api_response = core_api.buckets_create(project_name, data) print(api_response) # Close the connection core_api.api_client.close()
import ubiops configuration = ubiops.Configuration() # Configure API token authorization configuration.api_key['Authorization'] = "Token <YOUR_API_TOKEN>" # Defining host is optional and default to "https://api.ubiops.com/v2.1" configuration.host = "https://api.ubiops.com/v2.1" api_client = ubiops.ApiClient(configuration) core_api = ubiops.CoreApi(api_client) project_name = 'project_name_example' # str data = ubiops.BucketCreate('name': 'example-bucket', 'ttl' = 604800) # BucketCreate # Create bucket api_response = core_api.buckets_create(project_name, data) print(api_response) # Close the connection api_client.close()
ttl (time to live) parameter determines how long your files will be kept inside your bucket before they are automatically deleted. It must be a multiple of 604800 seconds (one week). If you don't want your files to be autodeleted after a certain time, you need to pass
null as the
Managing bucket permissions¶
You can manage access to any bucket, except the
default bucket, for the following user types:
- Project members
- Service users (API tokens)
default bucket is accessible to every project member, deployment or pipeline in the project with read and write access. However, service users need to be granted permissions to use this bucket.
Permissions can be granted by assigning file-related roles. There are four default roles for working with files:
files-reader: this role has read only permissions for files
files-writer: this role can read and write files
files-reader-restricted: this role has read only permissions and cannot list files. If users interacting with your deployment should only be able to view the specific files related to a request they made, you should use this role. This role is particularly useful for publicly exposed deployments.
files-writer-restricted: same as above, but then also with write permissions.
Deployments need to be explicitly granted permissions to read from and write to buckets, except the
default bucket. In case that your deployment has an input/output field of datatype
array of files and you want to access another bucket, make sure to grant the deployment permissions to do so.
For more information on assigning roles, see the permissions page.