Help Center/ Object Storage Service/ SDK Reference/ Python/ Getting Started with OBS SDK for Python
Updated on 2024-11-26 GMT+08:00

Getting Started with OBS SDK for Python

Creating an AK and SK

OBS employs access keys (AK and SK) for signature verification to ensure that only authorized accounts can access specified OBS resources. Detailed explanations of access keys are as follows:

  • AK is short for Access Key ID. One AK maps to only one user but one user can have multiple AKs. OBS authenticates users by their AKs.
  • SK is short for Secret Access Key, which is used to access OBS. You can generate authentication information based on SKs and request headers. An SK maps to an AK, and they group into a pair.

Access keys are permanent. There are also temporary security credentials (consisting of an AK/SK pair and a security token). Each user can create a maximum of two valid AK/SK pairs. Temporary security credentials can only be used to access OBS within the specified validity period. Once they expire, they must be requested again. For security purposes, you are advised to use temporary security credentials to access OBS. If you want to use permanent access keys, periodically update them.

  • To get permanent access keys, do as follows:
    1. Log in to the management console.
    2. In the upper right corner, hover your cursor over the username and choose My Credentials.
    3. On the My Credentials page, click Access Keys in the navigation pane.
    4. On the Access Keys page, click Create Access Key.

      Each user can create a maximum of two valid AK/SK pairs.

    5. In the Create Access Key dialog box, enter a description (recommended), and click OK.

    6. (Optional) In the displayed Identity Verification dialog box, select a verification method, enter the verification code, and click OK.

    7. In the displayed dialog box, click Download to save the access keys to your browser's default download path.

    8. Open the downloaded file credentials.csv to obtain the AK and SK.
    • In the credentials.csv file, the AK is the value in the Access Key ID column, and the SK is the one in the Secret Access Key column.
    • Keep the access keys properly to prevent information leakage. If you click Cancel in the download dialog box, the access keys will not be downloaded and cannot be downloaded later. You can create new access keys if required.
  • To get temporary security credentials, refer to the following:

    Temporary security credentials are issued by the system and are only valid for 15 minutes to 24 hours. They follow the principle of least privilege. When using temporary security credentials, you must use an AK/SK pair and a security token together.

    To obtain them, see Obtaining a Temporary AK/SK and a Security Token.

    OBS is a global service. When obtaining temporary access keys, set the token scope to domain to apply the token to global services. Global services are not differentiated by any project or region.

Obtaining Endpoints

  • You can click here to view the endpoints and regions enabled for OBS.

The SDK allows you to pass endpoints with or without the protocol name. Suppose the endpoint you obtained is your-endpoint. The endpoint passed when initializing an instance of ObsClient can be http://your-endpoint, https://your-endpoint, or your-endpoint.

Initializing an Instance of ObsClient

Each time you want to send an HTTP/HTTPS request to OBS, you must create an ObsClient instance. Sample code is as follows:
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
# Import the module.
from obs import ObsClient

# Obtain an AK and SK pair using environment variables or import the AK and SK pair in other ways. Using hard coding may result in leakage.
# Obtain an AK and SK pair on the management console. For details, see https://support.huaweicloud.com/intl/en-us/usermanual-ca/ca_01_0003.html.
ak = os.getenv("AccessKeyID")
sk = os.getenv("SecretAccessKey")
# (Optional) If you use a temporary AK and SK pair and a security token to access OBS, obtain them from environment variables.
security_token = os.getenv("SecurityToken")
# Set server to the endpoint corresponding to the bucket. CN-Hong Kong is used here as an example. Replace it with the one currently in use.
server = "https://obs.ap-southeast-1.myhuaweicloud.com" 

# Create an obsClient instance.
# If you use a temporary AK and SK pair and a security token to access OBS, you must specify security_token when creating an instance.
obsClient = ObsClient(access_key_id=ak, secret_access_key=sk, server=server)
# Use the instance to access OBS.

# Close ObsClient.
obsClient.close()

For more information, see chapter Initialization.

For details about log configuration, see Log Initialization (SDK for Python).

Creating a Bucket

A bucket is a global namespace of OBS and is a data container. It functions as a root directory of a file system and can store objects.

This example creates a bucket named examplebucket and specifies its location, ACL, storage class, and redundancy type.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
from obs import CreateBucketHeader, HeadPermission
from obs import ObsClient
import os
import traceback

# Obtain an AK and SK pair using environment variables or import the AK and SK pair in other ways. Using hard coding may result in leakage.
# Obtain an AK and SK pair on the management console. For details, see https://support.huaweicloud.com/intl/en-us/usermanual-ca/ca_01_0003.html.
ak = os.getenv("AccessKeyID")
sk = os.getenv("SecretAccessKey")
# (Optional) If you use a temporary AK and SK pair and a security token to access OBS, obtain them from environment variables.
# security_token = os.getenv("SecurityToken")
# Set server to the endpoint corresponding to the bucket. CN-Hong Kong is used here as an example. Replace it with the one in use.
server = "https://obs.ap-southeast-1.myhuaweicloud.com" 

# Create an obsClient instance.
# If you use a temporary AK and SK pair and a security token to access OBS, you must specify security_token when creating an instance.
obsClient = ObsClient(access_key_id=ak, secret_access_key=sk, server=server)
try:
    # Add additional headers to specify a private bucket in the Standard storage class that supports multi-AZ storage.
    header = CreateBucketHeader(aclControl=HeadPermission.PRIVATE, storageClass="STANDARD", availableZone="3az")
    # Specify the region where the bucket is to be created. The region must be the same as that in the endpoint passed. ap-southeast-1 is used as an example.
    location = "ap-southeast-1"
    bucketName = "examplebucket"
    # Create a bucket.
    resp = obsClient.createBucket(bucketName, header, location)
    # If status code 2xx is returned, the API is called successfully. Otherwise, the API call fails.
    if resp.status < 300:
        print('Create Bucket Succeeded')
        print('requestId:', resp.requestId)
    else:
        print('Create Bucket Failed')
        print('requestId:', resp.requestId)
        print('errorCode:', resp.errorCode)
        print('errorMessage:', resp.errorMessage)
except:
    print('Create Bucket Failed')
    print(traceback.format_exc())
  • Bucket names are globally unique. Ensure that the bucket you create is named differently from any other bucket.
  • A bucket name:
    • Must be 3 to 63 characters long and start with a digit or letter. Lowercase letters, digits, hyphens (-), and periods (.) are allowed.
    • Cannot be formatted as an IP address.
    • Cannot start or end with a hyphen (-) or period (.).
    • Cannot contain two consecutive periods (..), for example, my..bucket.
    • Cannot contain periods (.) and hyphens (-) adjacent to each other, for example, my-.bucket or my.-bucket.
  • If you repeatedly create buckets of the same name, no error will be reported and the bucket attributes comply with those specified in the first creation request.
  • For more information, see Creating a Bucket.
  • This parameter is not required if the endpoint belongs to the default region (cn-north-1). If the endpoint belongs to a region other than the default one, set this parameter to the region to which the endpoint belongs. For more information about the valid regions, see Regions and Endpoints.
  • When creating a bucket, you can specify its region. For details, see Creating a Bucket.

Uploading an Object

This example uploads a text.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
from obs import ObsClient
import os
import traceback

# Obtain an AK and SK pair using environment variables or import the AK and SK pair in other ways. Using hard coding may result in leakage.
# Obtain an AK and SK pair on the management console. For details, see https://support.huaweicloud.com/intl/en-us/usermanual-ca/ca_01_0003.html.
# Before running the sample code, ensure that the environment variables AccessKeyID and SecretAccessKey have been configured.
ak = os.getenv("AccessKeyID")
sk = os.getenv("SecretAccessKey")
# (Optional) If you use a temporary AK and SK pair and a security token to access OBS, obtain them from environment variables.
# security_token = os.getenv("SecurityToken")
# Set server to the endpoint corresponding to the bucket. CN-Hong Kong is used here as an example. Replace it with the one in use.
server = "https://obs.ap-southeast-1.myhuaweicloud.com"

# Create an obsClient instance.
# If you use a temporary AK and SK pair and a security token to access OBS, you must specify security_token when creating an instance.
obsClient = ObsClient(access_key_id=ak, secret_access_key=sk, server=server)
try:
    bucketName = "examplebucket"
    objectKey = "objectname"
    # Specify a text content to be uploaded.
    content = 'Hello OBS'
    # Upload the text.
    resp = obsClient.putContent(bucketName, objectKey, content)
    # If status code 2xx is returned, the API is called successfully. Otherwise, the API call fails.
    if resp.status < 300:
        print('Put Content Succeeded')
        print('requestId:', resp.requestId)
        print('etag:', resp.body.etag)
    else:
        print('Put Content Failed')
        print('requestId:', resp.requestId)
        print('errorCode:', resp.errorCode)
        print('errorMessage:', resp.errorMessage)
except:
    print('Put Content Failed')
    print(traceback.format_exc())

For more information, see Object Upload Overview.