Configuring Logging for a Bucket (SDK for Python)
Function
This API enables logging for a bucket (source) and configures another bucket (target) to store the log files. When a bucket is created, logging is not enabled by default. You can call this API to enable logging for the bucket. With logging enabled, a log message is generated for each operation on the bucket. Multiple log messages are packed into a file. The bucket for storing log files must be specified when logging is enabled. It can be the bucket logging is enabled for, or any other bucket you have access to. If you specify another bucket for storing logs, the bucket must be in the same region as the logged bucket. You can also configure access to log files and the name prefix of log files.
Restrictions
- OBS creates log files and uploads them to the bucket. Before enabling logging for a bucket, you need to create an IAM agency to delegate OBS to upload log files to the specified bucket. For details about how to create an agency, see Cloud Service Delegation.
- To configure logging for a bucket, you must be the bucket owner or have the required permission (obs:bucket:PutBucketLogging in IAM or PutBucketLogging in a bucket policy). For details, see Introduction to OBS Access Control, IAM Custom Policies, and Creating a Custom Bucket Policy.
Method
ObsClient.setBucketLogging(bucketName, logstatus, extensionHeaders)
Request Parameters
Parameter |
Type |
Mandatory (Yes/No) |
Description |
---|---|---|---|
bucketName |
str |
Yes |
Explanation: Bucket name Restrictions:
Default value: None |
logstatus |
No |
Explanation: Logging configuration information For details, see Table 1. Default value: None |
|
extensionHeaders |
dict |
No |
Explanation: Extension headers. Value range: See User-defined Header (SDK for Python). Default value: None |
Parameter |
Type |
Mandatory (Yes/No) |
Description |
---|---|---|---|
targetBucket |
str |
No |
Explanation: Name of the bucket for storing log files Restrictions:
Default value: None |
targetPrefix |
str |
No |
Explanation: Name prefix for log files stored in the log storage bucket Value range: The value must contain 1 to 1,024 characters. Default value: None |
targetGrants |
list of Grant |
No |
Explanation: Permission information list of grantees, which defines grantees and their permissions for log files. For details, see Table 2. Default value: None |
agency |
str |
Yes when configuring bucket logging |
Explanation: Name of the IAM agency created by the owner of the target bucket for OBS. You can select an existing IAM agency or create one. For details about how to create an agency, see Creating an IAM Agency. Restrictions: By default, the IAM agency only requires the PutObject permission to upload logs to the target bucket. If default encryption is enabled for the target bucket, the agency also requires the KMS Administrator permission in the region where the target bucket is located. Default value: None |
Parameter |
Type |
Mandatory (Yes/No) |
Description |
---|---|---|---|
grantee |
Yes |
Explanation: Grantee information. For details, see Table 3. |
|
permission |
str |
Yes |
Explanation: Granted permission Value range: See Table 4. Default value: None |
delivered |
bool |
No |
Explanation: Whether the bucket ACL is applied to all objects in the bucket Value range: True: The bucket ACL is applied to all objects in the bucket. False: The bucket ACL is not applied to all objects in the bucket. Default value: False |
Parameter |
Type |
Mandatory (Yes/No) |
Description |
---|---|---|---|
grantee_id |
str |
Yes if group is left blank. |
Explanation: Account (domain) ID of the grantee. Value range: To obtain an account ID, see Obtaining the Account ID. Default value: None |
grantee_name |
str |
No |
Explanation: Username of the grantee. Restrictions:
Default value: None |
group |
str |
Yes if grantee_id is left blank. |
Explanation: Authorized user group Value range: See Table 5. Default value: None |
The authorized entity can be an individual user or a user group. grantee_id and grantee_name must be used together and they cannot be used with group.
Constant |
Description |
---|---|
READ |
Read permission A grantee with this permission for a bucket can obtain the list of objects, multipart uploads, bucket metadata, and object versions in the bucket. A grantee with this permission for an object can obtain the object content and metadata. |
WRITE |
Write permission A grantee with this permission for a bucket can upload, overwrite, and delete any object or part in the bucket. Such permission for an object is not applicable. |
READ_ACP |
Permission to read ACL configurations A grantee with this permission can obtain the ACL of a bucket or object. A bucket or object owner has this permission for the bucket or object permanently. |
WRITE_ACP |
Permission to modify ACL configurations A grantee with this permission can update the ACL of a bucket or object. A bucket or object owner has this permission for the bucket or object permanently. A grantee with this permission can modify the access control policy and thus the grantee obtains full access permissions. |
FULL_CONTROL |
Full control access, including read and write permissions for a bucket and its ACL, or for an object and its ACL. A grantee with this permission for a bucket has READ, WRITE, READ_ACP, and WRITE_ACP permissions for the bucket. A grantee with this permission for an object has READ, READ_ACP, and WRITE_ACP permissions for the object. |
Responses
Type |
Description |
---|---|
Explanation: SDK common results |
Parameter |
Type |
Description |
---|---|---|
status |
int |
Explanation: HTTP status code Value range: A status code is a group of digits ranging from 2xx (indicating successes) to 4xx or 5xx (indicating errors). It indicates the status of a response. For more information, see Status Code. Default value: None |
reason |
str |
Explanation: Reason description. Default value: None |
errorCode |
str |
Explanation: Error code returned by the OBS server. If the value of status is less than 300, this parameter is left blank. Default value: None |
errorMessage |
str |
Explanation: Error message returned by the OBS server. If the value of status is less than 300, this parameter is left blank. Default value: None |
requestId |
str |
Explanation: Request ID returned by the OBS server Default value: None |
indicator |
str |
Explanation: Error indicator returned by the OBS server. Default value: None |
hostId |
str |
Explanation: Requested server ID. If the value of status is less than 300, this parameter is left blank. Default value: None |
resource |
str |
Explanation: Error source (a bucket or an object). If the value of status is less than 300, this parameter is left blank. Default value: None |
header |
list |
Explanation: Response header list, composed of tuples. Each tuple consists of two elements, respectively corresponding to the key and value of a response header. Default value: None |
body |
object |
Explanation: Result content returned after the operation is successful. If the value of status is larger than 300, the value of body is null. The value varies with the API being called. For details, see Bucket-Related APIs (SDK for Python) and Object-Related APIs (SDK for Python). Default value: None |
Code Examples
This example configures logging for bucket examplebucket and store log files in bucket targetbucket.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 |
from obs import ObsClient from obs import Grantee from obs import Grant from obs import Logging from obs import Permission import os import traceback # Obtain an AK and SK pair using environment variables or import the AK and SK pair in other ways. Using hard coding may result in leakage. # Obtain an AK and SK pair on the management console. For details, see https://support.huaweicloud.com/eu/usermanual-ca/ca_01_0003.html. ak = os.getenv("AccessKeyID") sk = os.getenv("SecretAccessKey") # (Optional) If you use a temporary AK and SK pair and a security token to access OBS, obtain them from environment variables. # security_token = os.getenv("SecurityToken") # Set server to the endpoint corresponding to the bucket. EU-Dublin is used here as an example. Replace it with the one in use. server = "https://obs.eu-west-101.myhuaweicloud.eu" # Create an obsClient instance. # If you use a temporary AK and SK pair and a security token to access OBS, you must specify security_token when creating an instance. obsClient = ObsClient(access_key_id=ak, secret_access_key=sk, server=server) try: # Grant the read permission for the bucket logging to a specified user (userid). grantee1 = Grantee(grantee_id='userid') grant1 = Grant(grantee=grantee1, permission=Permission.READ) grantList = [grant1] # Specify a bucket name for storing generated log files. targetBucket = "targetBucket" # Specify an object prefix, indicating the path for storing log files. targetPrefix = 'test/' # Specify an agency name. agency = 'your agency' # Specify the logging configuration information. logstatus = Logging(targetBucket, targetPrefix, grantList, agency) bucketName = "examplebucket" # Configure logging for the bucket. resp = obsClient.setBucketLogging(bucketName, logstatus) # If status code 2xx is returned, the API is called successfully. Otherwise, the API call fails. if resp.status < 300: print('Set Bucket Logging Succeeded') print('requestId:', resp.requestId) else: print('Set Bucket Logging Failed') print('requestId:', resp.requestId) print('errorCode:', resp.errorCode) print('errorMessage:', resp.errorMessage) except: print('Set Bucket Logging Failed') print(traceback.format_exc()) |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.