search
Search
Login
Unlock 100+ guides
menu
menu
web
search toc
close
Comments
Log in or sign up
Cancel
Post
account_circle
Profile
exit_to_app
Sign out
What does this mean?
Why is this true?
Give me some examples!
search
keyboard_voice
close
Searching Tips
Search for a recipe:
"Creating a table in MySQL"
Search for an API documentation: "@append"
Search for code: "!dataframe"
Apply a tag filter: "#python"
Useful Shortcuts
/ to open search panel
Esc to close search panel
to navigate between search results
d to clear all current filters
Enter to expand content preview
icon_star
Doc Search
icon_star
Code Search Beta
SORRY NOTHING FOUND!
mic
Start speaking...
Voice search is only supported in Safari and Chrome.
Navigate to

Checking access control of bucket in Google Cloud Storage using Python

schedule Aug 12, 2023
Last updated
local_offer
Cloud Computing
Tags
tocTable of Contents
expand_more
mode_heat
Master the mathematics behind data science with 100+ top-tier guides
Start your free 7-days trial now!

Prerequisites

To follow along with this guide, please make sure to have:

  • created a service account and downloaded the private key (JSON file) for authentication (please check out my detailed guide)

  • installed the Python client library for Google Cloud Storage:

    pip install --upgrade google-cloud-storage

Checking access control of bucket

To check the access control of a bucket in Google Cloud Storage (GCS) using Python, use the bucket's iam_configuration property:

from google.cloud import storage
# Authorize ourselves using the private key of our service account
path_to_private_key = './gcs-project-354207-099ef6796af6.json'
client = storage.Client.from_service_account_json(json_credentials_path=path_to_private_key)
bucket = client.get_bucket('example-bucket-skytowner')
bucket.iam_configuration
{'uniformBucketLevelAccess': {'enabled': True,
'lockedTime': '2022-09-21T08:20:39.627Z'},
'publicAccessPrevention': 'inherited',
'bucketPolicyOnly': {'enabled': True,
'lockedTime': '2022-09-21T08:20:39.627Z'}}

Note the following:

  • make sure to use the method client.get_bucket(~) instead of client.bucket(~) since get_bucket(~) will fetch the meta-information (e.g. iam_configuration property) about the bucket from GCS while bucket(~) will not.

  • iam_configuration is of type dictionary.

  • we can see that the uniformBucketLevelAccess is enabled, which means that ACL is disabled for this bucket.

  • the publicAccessPrevention is not enforced, meaning we did not manually enable the Public Access Prevention setting for this bucket. Note that if the Public Access Prevention setting was turned on, then this value would equal the string 'enforced'.

robocat
Published by Isshin Inada
Edited by 0 others
Did you find this page useful?
thumb_up
thumb_down
Comment
Citation
Ask a question or leave a feedback...
thumb_up
1
thumb_down
0
chat_bubble_outline
0
settings
Enjoy our search
Hit / to insta-search docs and recipes!