The S3 resource class has actions that are S3 service operations that pre-fill some of the parameters for you.
Actions can return three types of responses:
-
A low level response that is a python dictionary which you're responsible for handling
-
A resource
-
A list of resources
Sub-resources are actions that create new instances of child resources. The parent resource’s identifiers get passed to the child resource. The S3 service resource has several sub resources, notably bucket and object, which enable you to construct buckets and objects in the buckets.
Some resources have collections, which are groups of resources , allowing you to iterate, filter and manipulate resources. For example, a bucket can have a collection of objects that you can iterate through to access information such as which objects are in the bucket.
To connect to the S3 service using a resource, import the Boto3 module and then call Boto3's resource() method, specifying 's3' as the service name to create an instance of an S3 service resource. You must pass your VAST S3 credentials and other configurations as parameters into the resource() method. See the Boto3 resource() documentation page for a complete list and description of the configuration parameters that can be passed in the resource() method. See also S3 Service Resource page.
The following parameters must be passed in the resource() call since the endpoint URL and access key pair must be hardcoded:
-
endpoint_url (string). The endpoint URL can be any of the cluster's Virtual IPs, prefixed by http:// if you are disabling SSL or https:// if you are enabling SSL. For example,
http://198.51.100.255, in which 198.51.100.255 is one of the cluster's VIPs.Note
To retrieve the cluster's virtual lPs:
-
In the VAST Web UI, open the menu (click
), select Configuration and then select the Virtual IPs tab. The Virtual IPs list shows you which virtual IPs are configured on each CNode. -
In the VAST CLI, run the
vip listcommand.
-
-
aws_access_key_id (string) and aws_secret_access_key (string). Pass these parameters your S3 key pair values.
If you are passing signature_version=S3v4, then you must pass region_name (string). You can use any string value for the region name.
For an HTTPS connection, pass parameters as follows in the resource() call:
-
Enable HTTPS by setting
use_ssl=True. -
If the default certificate trust store does not recognize the signer of the installed certificate, you can use the
verifyparameter to specify a non default path to the certificate trust store. If you're using a self signed certificate, you can point this to the certificate itself. For example:verify="path/to/client/cert.pem"
-
Alternatively, you can use the
verifyparameter to disable verification:verify=False
In this example, some optional advanced session configurations are passed in. The endpoint URL, S3 user access key and secret key are hard coded, as needed. SSL is disabled, so the connection will be over HTTP.
# Import the boto3 module
import boto3
# Set advanced configuration parameters
boto_params = {'s3': {'addressing_style': 'path'}, 'signature_version': 's3v4'}
# Create a resource to the Amazon S3 service, passing configurations and credentials as parameters
s3_resource = boto3.resource('s3', use_ssl=False,
endpoint_url=<ENDPOINT-URL>,
aws_access_key_id=<ACCESS-KEY>,
aws_secret_access_key=<SECRET-KEY>,
region_name=<REGION>,
config=boto3.session.Config(**self.boto_params),
)
Note
All further examples on this page assume an S3 service resource named s3_resource was created.
The buckets collection is the collection of all buckets on the S3 server and it has a method all() that creates an iterable of all the bucket resources in the collection. To return all the bucket resources on the server, you can Iterate through all the buckets returned by buckets.all().
The bucket resource has an identifier name and an attribute creation_date.
Once you have an instance of the S3 service resource, you can call the create_bucket action on the resource to create a bucket. This returns a new bucket resource.
The operation is idempotent, so it will either create the bucket or return the existing bucket if it already exists.
Note
You can optionally set ACL for the bucket while creating the bucket by passing optional parameters. For details of ACL support, see Managing S3 Access Control Rules (ACLs). For request syntax details, see the boto3 documentation for create_bucket.
The collection bucket.objects is the collection of all objects in a bucket and it has a method called all() that creates an iterable of all the object resources in the collection. To list all the objects in a bucket, you can iterate through the list of objects returned by bucket.objects.all().
The object resource has several identifiers and attributes that you could access this way, listed in the object resource documentation
In this example, we instantiate an S3 bucket by its name "the bucket", and iterate through all of the objects in the bucket. We print out the name of each object, using the key identifier, and the last date each object was modified, using the last_modified attribute.
s3_resource.Bucket("the_bucket")
for s3_object in bucket.objects.all():
print(obj.key, obj.last_modified)
To delete a bucket, call the delete() action on the bucket resource.
Before setting ACL permissions, we recommend you read Managing S3 Access Control Rules (ACLs).
Call the put() action on a bucket's BucketAcl resource to set ACL permissions on the bucket.
In this example, a user with VID 3 is granted full control permission to the bucket my_bucket owned by JDoe whose VID is 2.
s3_resource.BucketAcl ('my_bucket').put( AccessControlPolicy={
'Grants': [
{
'Grantee': {
'ID': '3' ,
'Type': 'CanonicalUser'
},
'Permission':
'FULL_CONTROL'
},
],
'Owner': {
'DisplayName': 'JDoe',
'ID': '2'
}
},
)
You can use the grants attribute of the ACL resource to access grantee information, and the owner attribute of the ACL resource to access owner information.
You can call the put_object() action on the bucket resource to add an object to the bucket.
In this example, we add a file called "object_name" with a body "object data" to the "the_bucket" bucket, specifying a checksum value to store with the object. {is it correct to put that "b" in by "object data"? syntax is Body=b'bytes'|file, - check what that means}
s3_resource.Bucket("the_bucket").put_object(Key="object_name", Body=b"object data", Metadata={ 'checksum': '1234567890'})
The copy_from() action on the object resource creates a copy of an object already stored on the server.
In this example, we create a new object called file2 in bucket bucket2 by copying an object called file1 that is stored in bucket bucket1. CopySource is the only required parameter for copy_from(). In this case, we are specifying the source in string format. See copy_from() for full syntax details.
s3_resource.Object('bucket2','file2').copy_from(CopySource='bucket1/file1')
The get() action on the object resource retrieves an object.
Use the Range parameter to download a specified range of bytes of an object. For more information about the HTTP Range header, go to http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35.
In this example, we retrieve the object "my_object" from the bucket "my_bucket" by calling the get() action on the bucket. The response is a python dictionary, inside which is the 'Body', which is the body data in the format Streamingbody(). We read the content of the object by calling the read() function on the 'Body'.
s3_resource.Object("my_bucket", "my_object").get()['Body'].read()
In this example, we download only the byte range 32-64 of the object "my_object" from the bucket "my_bucket".
s3_resource.Object("my_bucket", "my_object").get(Range='bytes=32-64')['Body'].read()
To retrieve metadata from an object without returning the object itself, use the metadata attribute on the object resource.
To delete multiple objects in a bucket, call the delete_objects() action on the bucket resource.
Before setting ACL permissions, we recommend you read Managing S3 Access Control Rules (ACLs).
To learn about VAST Cluster's support for S3 ACLs, read Managing S3 Access Control Rules (ACLs).
The ObjectAcl() method on the S3 service resource creates a resource representing an S3 object's ACL. Alternatively, you can create the ObjectAcl resource by calling the Acl() method on the object resource. The put() action on an ObjectAcl resource sets the ACL permissions for an object that already exists in a bucket.
Syntax Notes
To grant permission to a user, specify the grantee with the following parameters:
To grant permission to a predefined group, specify Group as the 'Type' and pass the group's URI as the 'URI':
-
For the All Users group: 'http://acs.amazonaws.com/groups/global/AllUsers'
-
For the Authenticated Users group: 'http://acs.amazonaws.com/groups/global/AuthenticatedUsers'
In this example, a user with VID 3 is granted full control permission to the object my_object in the bucket my_bucket owned by JDoe whose VID is 2.
s3_resource.ObjectAcl('my_bucket', 'my_object').put(AccessControlPolicy = {
'Grants': [
{
'Grantee': {
'ID': '3' ,
'Type': 'CanonicalUser'
},
'Permission':
'FULL_CONTROL'
},
],
'Owner': {
'DisplayName': 'JDoe',
'ID': '2'
}
},
)
In this example, the predefined AUTHENTICATED_USERS group is granted WRITE permission to the object my_object in the bucket my_bucket owned by JDoe whose VID is 2..
#attempting group permission example - guessing to specify group name as "displayname" and that the name I used is sufficient and we don't need the long version
s3_resource.ObjectAcl('my_bucket', 'my_object').put(AccessControlPolicy = {
'Grants': [
{
'Grantee':{
'Type ':'Group'
'URI': 'http://acs.amazonaws.com/groups/global/AuthenticatedUsers'
},
'Permission':'WRITE'
},
],
'Owner': {
'DisplayName': 'JDoe',
'ID': '2'
}
},
)
You can use the grants attribute of the ACL resource to access grantee information, and the owner attribute of the ACL resource to access owner information.
Call the initiate_multipart_upload() action on the object resource to initiate a multipart upload and return an upload ID. After initiating the multipart upload, you then need to upload all parts and then complete the upload.
To abort a multipart upload after it was initiated, call the abort() action on the MultipartUpload resource.
To complete a multipart upload after it was initiated and all parts were uploaded, call the complete() action on the MultipartUpload resource. Completing a multipart upload assembles the previously uploaded parts.
To upload a part in a multipart upload that was already initiated, create a MultipartUploadPart sub resource of the MultipartUpload resource and call the upload() action on the MultipartUploadPart resource.
After uploading all parts, the upload needs to be completed.
To upload a part of a multipart upload by copying data from an existing object as data source, create a MultipartUploadPart sub resource of the MultipartUpload resource and call the copy_from() action on the MultipartUploadPart resource.
The collection parts available on a MultipartUpload resource is the collection of all parts in the multipart upload. It has a method called all() that creates an iterable of all the parts in the multipart upload. To list all parts in a multipart upload, you can iterate through the list of parts returned by multipart_upload.parts.all().
The collection multipart_uploads is the collection of all multipart uploads in a bucket and it has a method called all() that creates an iterable of all the multipart uploads in the collection. To list all currently initiated multipart uploads in a bucket, you can iterate through the list of multipart uploads returned by bucket.multipart_uploads.all().
Comments
0 comments
Article is closed for comments.