Configuring a Bucket Policy (SDK for Go)
Function
OBS provides access control over buckets. You can use an access policy to define whether a user can perform certain operations on a specific bucket. OBS access control can be implemented using IAM permissions, bucket policies, and ACLs. For more information, see Introduction to OBS Access Control.
A bucket policy is applied to a configured bucket and the objects in it. You can use a bucket policy to grant permissions for the bucket and the objects in it to IAM users or other accounts. If you want IAM users to have different permissions for different buckets, you can configure required bucket policies.
This API configures a policy for a bucket.
Restrictions
- Permissions for creating a bucket and obtaining a bucket list are service level and should be granted using IAM Permissions.
- Due to data caching, after a bucket policy is configured, it takes 5 minutes at most for the policy to take effect.
- To configure a bucket policy, you must be the bucket owner or have the required permission (obs:bucket:PutBucketPolicy in IAM or PutBucketPolicy in a bucket policy). For details, see Introduction to OBS Access Control, IAM Custom Policies, and Creating a Custom Bucket Policy.
Method
func (obsClient ObsClient) SetBucketPolicy(input *SetBucketPolicyInput) (output *BaseModel, err error)
Request Parameters
Parameter |
Type |
Mandatory (Yes/No) |
Description |
---|---|---|---|
input |
Yes |
Explanation: Input parameters for configuring a bucket policy. For details, see Table 2. |
Parameter |
Type |
Mandatory (Yes/No) |
Description |
---|---|---|---|
Bucket |
string |
Yes |
Explanation: Bucket name Restrictions:
Default value: None |
Policy |
string |
Yes |
Explanation: Policy information in JSON format Restrictions:
Default value: None |
Responses
Parameter |
Type |
Description |
---|---|---|
output |
Explanation: Returned results. For details, see Table 4. |
|
err |
error |
Explanation: Error messages returned by the API |
Parameter |
Type |
Description |
---|---|---|
StatusCode |
int |
Explanation: HTTP status code Value range: A status code is a group of digits that can be 2xx (indicating successes) or 4xx or 5xx (indicating errors). It indicates the status of a response. For more information, see Status Code. Default value: None |
RequestId |
string |
Explanation: Request ID returned by the OBS server Default value: None |
ResponseHeaders |
map[string][]string |
Explanation: HTTP response headers Default value: None |
Code Examples
This example configures a policy for bucket examplebucket.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 |
package main import ( "fmt" "os" obs "github.com/huaweicloud/huaweicloud-sdk-go-obs/obs" ) func main() { //Obtain an AK/SK pair using environment variables or import an AK/SK pair in other ways. Using hard coding may result in leakage. //Obtain an AK/SK pair on the management console. For details, see https://support.huaweicloud.com/eu/usermanual-ca/ca_01_0003.html. ak := os.Getenv("AccessKeyID") sk := os.Getenv("SecretAccessKey") // (Optional) If you use a temporary AK/SK pair and a security token to access OBS, you are advised not to use hard coding to reduce leakage risks. You can obtain an AK/SK pair using environment variables or import an AK/SK pair in other ways. // securityToken := os.Getenv("SecurityToken") // Enter the endpoint corresponding to the bucket. EU-Dublin is used here as an example. Replace it with the one currently in use. endPoint := "https://obs.eu-west-101.myhuaweicloud.eu" // Create an obsClient instance. // If you use a temporary AK/SK pair and a security token to access OBS, use the obs.WithSecurityToken method to specify a security token when creating an instance. obsClient, err := obs.New(ak, sk, endPoint, obs.WithSignature(obs.SignatureObs)/*, obs.WithSecurityToken(securityToken)*/) if err != nil { fmt.Printf("Create obsClient error, errMsg: %s", err.Error()) } input := &obs.SetBucketPolicyInput{} // Specify a bucket name. input.Bucket = "exampleBucket" // Create a bucket policy. input.Policy = "{\"Statement\":[{\"Sid\":\"Custom policy-2482\",\"Effect\":\"Allow\",\"Principal\":{\"ID\":[\"*\"]},\"Action\":[\"*\",\"ListBucket\"],\"Resource\":[\"" + input.Bucket + "\"]}]}" // Configure the bucket policy. output, err := obsClient.SetBucketPolicy(input) if err == nil { fmt.Printf("SetBucketPolicy:%s successful!\n", input.Bucket) fmt.Printf("RequestId:%s\n", output.RequestId) return } fmt.Printf("SetBucketPolicy:%s fail!\n", input.Bucket) if obsError, ok := err.(obs.ObsError); ok { fmt.Println("An ObsError was found, which means your request sent to OBS was rejected with an error response.") fmt.Println(obsError.Error()) } else { fmt.Println("An Exception was found, which means the client encountered an internal problem when attempting to communicate with OBS, for example, the client was unable to access the network.") fmt.Println(err) } } |
Helpful Links
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.