Blobs / Objects

Create / interact with Google Cloud Storage blobs.

class google.cloud.storage.blob.Blob(name, bucket, chunk_size=None, encryption_key=None, kms_key_name=None, generation=None)

Bases: google.cloud.storage._helpers._PropertyMixin

A wrapper around Cloud Storage’s concept of an Object.

  • Parameters

    • name (str) – The name of the blob. This corresponds to the unique path of the object in the bucket. If bytes, will be converted to a unicode object. Blob / object names can contain any sequence of valid unicode characters, of length 1-1024 bytes when UTF-8 encoded.

    • bucket (google.cloud.storage.bucket.Bucket) – The bucket to which this blob belongs.

    • chunk_size (int) – The size of a chunk of data whenever iterating (in bytes). This must be a multiple of 256 KB per the API specification.

    • encryption_key (bytes) – Optional 32 byte encryption key for customer-supplied encryption. See https://cloud.google.com/storage/docs/encryption#customer-supplied.

    • kms_key_name (str) – Optional resource name of Cloud KMS key used to encrypt the blob’s contents.

property acl()

Create our ACL on demand.

property bucket()

Bucket which contains the object.

  • Return type

    Bucket

  • Returns

    The object’s bucket.

property cache_control()

HTTP ‘Cache-Control’ header for this object.

See RFC 7234 and API reference docs.

  • Return type

    str or NoneType

property chunk_size()

Get the blob’s default chunk size.

  • Return type

    int or NoneType

  • Returns

    The current blob’s chunk size, if it is set.

property client()

The client bound to this blob.

property component_count()

Number of underlying components that make up this object.

See https://cloud.google.com/storage/docs/json_api/v1/objects

  • Return type

    int or NoneType

  • Returns

    The component count (in case of a composed object) or None if the blob’s resource has not been loaded from the server. This property will not be set on objects not created via compose.

compose(sources, client=None)

Concatenate source blobs into this one.

If user_project is set on the bucket, bills the API request to that project.

  • Parameters

    • sources (list of Blob) – blobs whose contents will be composed into this blob.

    • client (Client or NoneType) – Optional. The client to use. If not passed, falls back to the client stored on the blob’s bucket.

property content_disposition()

HTTP ‘Content-Disposition’ header for this object.

See RFC 6266 and API reference docs.

  • Return type

    str or NoneType

property content_encoding()

HTTP ‘Content-Encoding’ header for this object.

See RFC 7231 and API reference docs.

  • Return type

    str or NoneType

property content_language()

HTTP ‘Content-Language’ header for this object.

See BCP47 and API reference docs.

  • Return type

    str or NoneType

property content_type()

HTTP ‘Content-Type’ header for this object.

See RFC 2616 and API reference docs.

  • Return type

    str or NoneType

property crc32c()

CRC32C checksum for this object.

See RFC 4960 and API reference docs.

If not set before upload, the server will compute the hash.

  • Return type

    str or NoneType

create_resumable_upload_session(content_type=None, size=None, origin=None, client=None)

Create a resumable upload session.

Resumable upload sessions allow you to start an upload session from one client and complete the session in another. This method is called by the initiator to set the metadata and limits. The initiator then passes the session URL to the client that will upload the binary data. The client performs a PUT request on the session URL to complete the upload. This process allows untrusted clients to upload to an access-controlled bucket. For more details, see the documentation on signed URLs.

The content type of the upload will be determined in order of precedence:

  • The value passed in to this method (if not None)

  • The value stored on the current blob

  • The default value (‘application/octet-stream’)

NOTE: The effect of uploading to an existing blob depends on the “versioning” and “lifecycle” policies defined on the blob’s bucket. In the absence of those policies, upload will overwrite any existing contents.

See the object versioning and lifecycle API documents for details.

If encryption_key is set, the blob will be encrypted with a customer-supplied encryption key.

If user_project is set on the bucket, bills the API request to that project.

  • Parameters

    • size (int) – (Optional). The maximum number of bytes that can be uploaded using this session. If the size is not known when creating the session, this should be left blank.

    • content_type (str) – (Optional) Type of content being uploaded.

    • origin (str) – (Optional) If set, the upload can only be completed by a user-agent that uploads from the given origin. This can be useful when passing the session to a web client.

    • client (Client) – (Optional) The client to use. If not passed, falls back to the client stored on the blob’s bucket.

  • Return type

    str

  • Returns

    The resumable upload session URL. The upload can be completed by making an HTTP PUT request with the file’s contents.

  • Raises

    google.cloud.exceptions.GoogleCloudError if the session creation response returns an error status.

delete(client=None)

Deletes a blob from Cloud Storage.

If user_project is set on the bucket, bills the API request to that project.

  • Parameters

    client (Client or NoneType) – Optional. The client to use. If not passed, falls back to the client stored on the blob’s bucket.

  • Return type

    Blob

  • Returns

    The blob that was just deleted.

  • Raises

    google.cloud.exceptions.NotFound (propagated from google.cloud.storage.bucket.Bucket.delete_blob()).

download_as_string(client=None, start=None, end=None)

Download the contents of this blob as a string.

If user_project is set on the bucket, bills the API request to that project.

  • Parameters

    • client (Client or NoneType) – Optional. The client to use. If not passed, falls back to the client stored on the blob’s bucket.

    • start (int) – Optional, the first byte in a range to be downloaded.

    • end (int) – Optional, The last byte in a range to be downloaded.

  • Return type

    bytes

  • Returns

    The data stored in this blob.

  • Raises

    google.cloud.exceptions.NotFound

download_to_file(file_obj, client=None, start=None, end=None)

Download the contents of this blob into a file-like object.

NOTE: If the server-set property, media_link, is not yet initialized, makes an additional API request to load it.

Downloading a file that has been encrypted with a customer-supplied encryption key:

from google.cloud.storage import Blob

client = storage.Client(project="my-project")
bucket = client.get_bucket("my-bucket")
encryption_key = "c7f32af42e45e85b9848a6a14dd2a8f6"
blob = Blob("secure-data", bucket, encryption_key=encryption_key)
blob.upload_from_string("my secret message.")
with open("/tmp/my-secure-file", "wb") as file_obj:
    blob.download_to_file(file_obj)

The encryption_key should be a str or bytes with a length of at least 32.

For more fine-grained control over the download process, check out google-resumable-media. For example, this library allows downloading parts of a blob rather than the whole thing.

If user_project is set on the bucket, bills the API request to that project.

  • Parameters

    • file_obj (file) – A file handle to which to write the blob’s data.

    • client (Client or NoneType) – Optional. The client to use. If not passed, falls back to the client stored on the blob’s bucket.

    • start (int) – Optional, the first byte in a range to be downloaded.

    • end (int) – Optional, The last byte in a range to be downloaded.

  • Raises

    google.cloud.exceptions.NotFound

download_to_filename(filename, client=None, start=None, end=None)

Download the contents of this blob into a named file.

If user_project is set on the bucket, bills the API request to that project.

  • Parameters

    • filename (str) – A filename to be passed to open.

    • client (Client or NoneType) – Optional. The client to use. If not passed, falls back to the client stored on the blob’s bucket.

    • start (int) – Optional, the first byte in a range to be downloaded.

    • end (int) – Optional, The last byte in a range to be downloaded.

  • Raises

    google.cloud.exceptions.NotFound

property etag()

Retrieve the ETag for the object.

See RFC 2616 (etags) and API reference docs.

  • Return type

    str or NoneType

  • Returns

    The blob etag or None if the blob’s resource has not been loaded from the server.

property event_based_hold()

Is an event-based hold active on the object?

See API reference docs.

If the property is not set locally, returns None.

  • Return type

    bool or NoneType

exists(client=None)

Determines whether or not this blob exists.

If user_project is set on the bucket, bills the API request to that project.

  • Parameters

    client (Client or NoneType) – Optional. The client to use. If not passed, falls back to the client stored on the blob’s bucket.

  • Return type

    bool

  • Returns

    True if the blob exists in Cloud Storage.

generate_signed_url(expiration=None, api_access_endpoint='https://storage.googleapis.com', method='GET', content_md5=None, content_type=None, response_disposition=None, response_type=None, generation=None, headers=None, query_parameters=None, client=None, credentials=None, version=None)

Generates a signed URL for this blob.

NOTE: If you are on Google Compute Engine, you can’t generate a signed URL using GCE service account. Follow Issue 50 for updates on this. If you’d like to be able to generate a signed URL from GCE, you can use a standard service account from a JSON file rather than a GCE service account.

If you have a blob that you want to allow access to for a set amount of time, you can use this method to generate a URL that is only valid within a certain time period.

This is particularly useful if you don’t want publicly accessible blobs, but don’t want to require users to explicitly log in.

  • Parameters

    • expiration (Union[Integer, *[datetime.datetime](https://python.readthedocs.io/en/latest/library/datetime.html#datetime.datetime), [datetime.timedelta](https://python.readthedocs.io/en/latest/library/datetime.html#datetime.timedelta)]*) – Point in time when the signed URL should expire.

    • api_access_endpoint (str) – Optional URI base.

    • method (str) – The HTTP verb that will be used when requesting the URL.

    • content_md5 (str) – (Optional) The MD5 hash of the object referenced by resource.

    • content_type (str) – (Optional) The content type of the object referenced by resource.

    • response_disposition (str) – (Optional) Content disposition of responses to requests for the signed URL. For example, to enable the signed URL to initiate a file of blog.png, use the value 'attachment; filename=blob.png'.

    • response_type (str) – (Optional) Content type of responses to requests for the signed URL. Ignored if content_type is set on object/blob metadata.

    • generation (str) – (Optional) A value that indicates which generation of the resource to fetch.

    • headers (dict) – (Optional) Additional HTTP headers to be included as part of the signed URLs. See: https://cloud.google.com/storage/docs/xml-api/reference-headers Requests using the signed URL must pass the specified header (name and value) with each request for the URL.

    • query_parameters (dict) – (Optional) Additional query paramtersto be included as part of the signed URLs. See: https://cloud.google.com/storage/docs/xml-api/reference-headers#query

    • client (Client or NoneType) – (Optional) The client to use. If not passed, falls back to the client stored on the blob’s bucket.

    • credentials (oauth2client.client.OAuth2Credentials or NoneType) – (Optional) The OAuth2 credentials to use to sign the URL. Defaults to the credentials stored on the client used.

    • version (str) – (Optional) The version of signed credential to create. Must be one of ‘v2’ | ‘v4’.

  • Raises

    ValueError when version is invalid.

  • Raises

    TypeError when expiration is not a valid type.

  • Raises

    AttributeError if credentials is not an instance of google.auth.credentials.Signing.

  • Return type

    str

  • Returns

    A signed URL you can use to access the resource until expiration.

property generation()

Retrieve the generation for the object.

See https://cloud.google.com/storage/docs/json_api/v1/objects

  • Return type

    int or NoneType

  • Returns

    The generation of the blob or None if the blob’s resource has not been loaded from the server.

get_iam_policy(client=None)

Retrieve the IAM policy for the object.

If user_project is set on the bucket, bills the API request to that project.

  • Parameters

    client (Client or NoneType) – Optional. The client to use. If not passed, falls back to the client stored on the current object’s bucket.

  • Return type

    google.api_core.iam.Policy

  • Returns

    the policy instance, based on the resource returned from the getIamPolicy API request.

property id()

Retrieve the ID for the object.

See https://cloud.google.com/storage/docs/json_api/v1/objects

The ID consists of the bucket name, object name, and generation number.

  • Return type

    str or NoneType

  • Returns

    The ID of the blob or None if the blob’s resource has not been loaded from the server.

property kms_key_name()

Resource name of Cloud KMS key used to encrypt the blob’s contents.

  • Return type

    str or NoneType

  • Returns

    The resource name or None if no Cloud KMS key was used, or the blob’s resource has not been loaded from the server.

make_private(client=None)

Update blob’s ACL, revoking read access for anonymous users.

  • Parameters

    client (Client or NoneType) – Optional. The client to use. If not passed, falls back to the client stored on the blob’s bucket.

make_public(client=None)

Update blob’s ACL, granting read access to anonymous users.

  • Parameters

    client (Client or NoneType) – Optional. The client to use. If not passed, falls back to the client stored on the blob’s bucket.

property md5_hash()

MD5 hash for this object.

See RFC 1321 and API reference docs.

If not set before upload, the server will compute the hash.

  • Return type

    str or NoneType

Retrieve the media download URI for the object.

See https://cloud.google.com/storage/docs/json_api/v1/objects

  • Return type

    str or NoneType

  • Returns

    The media link for the blob or None if the blob’s resource has not been loaded from the server.

property metadata()

Retrieve arbitrary/application specific metadata for the object.

See https://cloud.google.com/storage/docs/json_api/v1/objects

  • Setter

    Update arbitrary/application specific metadata for the object.

  • Getter

    Retrieve arbitrary/application specific metadata for the object.

  • Return type

    dict or NoneType

  • Returns

    The metadata associated with the blob or None if the property is not set.

property metageneration()

Retrieve the metageneration for the object.

See https://cloud.google.com/storage/docs/json_api/v1/objects

  • Return type

    int or NoneType

  • Returns

    The metageneration of the blob or None if the blob’s resource has not been loaded from the server.

property owner()

Retrieve info about the owner of the object.

See https://cloud.google.com/storage/docs/json_api/v1/objects

  • Return type

    dict or NoneType

  • Returns

    Mapping of owner’s role/ID, or None if the blob’s resource has not been loaded from the server.

patch(client=None)

Sends all changed properties in a PATCH request.

Updates the _properties with the response from the backend.

If user_project is set, bills the API request to that project.

  • Parameters

    client (Client or NoneType) – the client to use. If not passed, falls back to the client stored on the current object.

property path()

Getter property for the URL path to this Blob.

  • Return type

    str

  • Returns

    The URL path to this Blob.

static path_helper(bucket_path, blob_name)

Relative URL path for a blob.

  • Parameters

    • bucket_path (str) – The URL path for a bucket.

    • blob_name (str) – The name of the blob.

  • Return type

    str

  • Returns

    The relative URL path for blob_name.

property public_url()

The public URL for this blob.

Use make_public() to enable anonymous access via the returned URL.

  • Return type

    string

  • Returns

    The public URL for this blob.

reload(client=None)

Reload properties from Cloud Storage.

If user_project is set, bills the API request to that project.

  • Parameters

    client (Client or NoneType) – the client to use. If not passed, falls back to the client stored on the current object.

property retention_expiration_time()

Retrieve timestamp at which the object’s retention period expires.

See https://cloud.google.com/storage/docs/json_api/v1/objects

  • Return type

    datetime.datetime or NoneType

  • Returns

    Datetime object parsed from RFC3339 valid timestamp, or None if the property is not set locally.

rewrite(source, token=None, client=None)

Rewrite source blob into this one.

If user_project is set on the bucket, bills the API request to that project.

  • Parameters

    • source (Blob) – blob whose contents will be rewritten into this blob.

    • token (str) – Optional. Token returned from an earlier, not-completed call to rewrite the same source blob. If passed, result will include updated status, total bytes written.

    • client (Client or NoneType) – Optional. The client to use. If not passed, falls back to the client stored on the blob’s bucket.

  • Return type

    tuple

  • Returns

    (token, bytes_rewritten, total_bytes), where token is a rewrite token (None if the rewrite is complete), bytes_rewritten is the number of bytes rewritten so far, and total_bytes is the total number of bytes to be rewritten.

Retrieve the URI for the object.

See https://cloud.google.com/storage/docs/json_api/v1/objects

  • Return type

    str or NoneType

  • Returns

    The self link for the blob or None if the blob’s resource has not been loaded from the server.

set_iam_policy(policy, client=None)

Update the IAM policy for the bucket.

If user_project is set on the bucket, bills the API request to that project.

  • Parameters

    • policy (google.api_core.iam.Policy) – policy instance used to update bucket’s IAM policy.

    • client (Client or NoneType) – Optional. The client to use. If not passed, falls back to the client stored on the current bucket.

  • Return type

    google.api_core.iam.Policy

  • Returns

    the policy instance, based on the resource returned from the setIamPolicy API request.

property size()

Size of the object, in bytes.

See https://cloud.google.com/storage/docs/json_api/v1/objects

  • Return type

    int or NoneType

  • Returns

    The size of the blob or None if the blob’s resource has not been loaded from the server.

property storage_class()

Retrieve the storage class for the object.

This can only be set at blob / object creation time. If you’d like to change the storage class after the blob / object already exists in a bucket, call update_storage_class() (which uses rewrite()).

See https://cloud.google.com/storage/docs/storage-classes

  • Return type

    str or NoneType

  • Returns

    If set, one of “MULTI_REGIONAL”, “REGIONAL”, “NEARLINE”, “COLDLINE”, “STANDARD”, or “DURABLE_REDUCED_AVAILABILITY”, else None.

property temporary_hold()

Is a temporary hold active on the object?

See API reference docs.

If the property is not set locally, returns None.

  • Return type

    bool or NoneType

test_iam_permissions(permissions, client=None)

API call: test permissions

If user_project is set on the bucket, bills the API request to that project.

  • Parameters

    • permissions (list of string) – the permissions to check

    • client (Client or NoneType) – Optional. The client to use. If not passed, falls back to the client stored on the current bucket.

  • Return type

    list of string

  • Returns

    the permissions returned by the testIamPermissions API request.

property time_created()

Retrieve the timestamp at which the object was created.

See https://cloud.google.com/storage/docs/json_api/v1/objects

  • Return type

    datetime.datetime or NoneType

  • Returns

    Datetime object parsed from RFC3339 valid timestamp, or None if the blob’s resource has not been loaded from the server (see reload()).

property time_deleted()

Retrieve the timestamp at which the object was deleted.

See https://cloud.google.com/storage/docs/json_api/v1/objects

  • Return type

    datetime.datetime or NoneType

  • Returns

    Datetime object parsed from RFC3339 valid timestamp, or None if the blob’s resource has not been loaded from the server (see reload()). If the blob has not been deleted, this will never be set.

update(client=None)

Sends all properties in a PUT request.

Updates the _properties with the response from the backend.

If user_project is set, bills the API request to that project.

  • Parameters

    client (Client or NoneType) – the client to use. If not passed, falls back to the client stored on the current object.

update_storage_class(new_class, client=None)

Update blob’s storage class via a rewrite-in-place. This helper will wait for the rewrite to complete before returning, so it may take some time for large files.

See https://cloud.google.com/storage/docs/per-object-storage-class

If user_project is set on the bucket, bills the API request to that project.

  • Parameters

    • new_class (str) – new storage class for the object

    • client (Client) – Optional. The client to use. If not passed, falls back to the client stored on the blob’s bucket.

property updated()

Retrieve the timestamp at which the object was updated.

See https://cloud.google.com/storage/docs/json_api/v1/objects

  • Return type

    datetime.datetime or NoneType

  • Returns

    Datetime object parsed from RFC3339 valid timestamp, or None if the blob’s resource has not been loaded from the server (see reload()).

upload_from_file(file_obj, rewind=False, size=None, content_type=None, num_retries=None, client=None, predefined_acl=None)

Upload the contents of this blob from a file-like object.

The content type of the upload will be determined in order of precedence:

  • The value passed in to this method (if not None)

  • The value stored on the current blob

  • The default value (‘application/octet-stream’)

NOTE: The effect of uploading to an existing blob depends on the “versioning” and “lifecycle” policies defined on the blob’s bucket. In the absence of those policies, upload will overwrite any existing contents.

See the object versioning and lifecycle API documents for details.

Uploading a file with a customer-supplied encryption key:

from google.cloud.storage import Blob

client = storage.Client(project="my-project")
bucket = client.get_bucket("my-bucket")
encryption_key = "aa426195405adee2c8081bb9e7e74b19"
blob = Blob("secure-data", bucket, encryption_key=encryption_key)
with open("my-file", "rb") as my_file:
    blob.upload_from_file(my_file)

The encryption_key should be a str or bytes with a length of at least 32.

For more fine-grained over the upload process, check out google-resumable-media.

If user_project is set on the bucket, bills the API request to that project.

  • Parameters

    • file_obj (file) – A file handle open for reading.

    • rewind (bool) – If True, seek to the beginning of the file handle before writing the file to Cloud Storage.

    • size (int) – The number of bytes to be uploaded (which will be read from file_obj). If not provided, the upload will be concluded once file_obj is exhausted.

    • content_type (str) – Optional type of content being uploaded.

    • num_retries (int) – Number of upload retries. (Deprecated: This argument will be removed in a future release.)

    • client (Client) – (Optional) The client to use. If not passed, falls back to the client stored on the blob’s bucket.

    • predefined_acl (str) – (Optional) predefined access control list

  • Raises

    GoogleCloudError if the upload response returns an error status.

upload_from_filename(filename, content_type=None, client=None, predefined_acl=None)

Upload this blob’s contents from the content of a named file.

The content type of the upload will be determined in order of precedence:

  • The value passed in to this method (if not None)

  • The value stored on the current blob

  • The value given by mimetypes.guess_type

  • The default value (‘application/octet-stream’)

NOTE: The effect of uploading to an existing blob depends on the “versioning” and “lifecycle” policies defined on the blob’s bucket. In the absence of those policies, upload will overwrite any existing contents.

See the object versioning and lifecycle API documents for details.

If user_project is set on the bucket, bills the API request to that project.

  • Parameters

    • filename (str) – The path to the file.

    • content_type (str) – Optional type of content being uploaded.

    • client (Client) – (Optional) The client to use. If not passed, falls back to the client stored on the blob’s bucket.

    • predefined_acl (str) – (Optional) predefined access control list

upload_from_string(data, content_type='text/plain', client=None, predefined_acl=None)

Upload contents of this blob from the provided string.

NOTE: The effect of uploading to an existing blob depends on the “versioning” and “lifecycle” policies defined on the blob’s bucket. In the absence of those policies, upload will overwrite any existing contents.

See the object versioning and lifecycle API documents for details.

If user_project is set on the bucket, bills the API request to that project.

  • Parameters

    • data (bytes* or [str*](https://python.readthedocs.io/en/latest/library/stdtypes.html#str)) – The data to store in this blob. If the value is text, it will be encoded as UTF-8.

    • content_type (str) – Optional type of content being uploaded. Defaults to 'text/plain'.

    • client (Client or NoneType) – Optional. The client to use. If not passed, falls back to the client stored on the blob’s bucket.

    • predefined_acl (str) – (Optional) predefined access control list

property user_project()

Project ID billed for API requests made via this blob.

Derived from bucket’s value.

  • Return type

    str