Configuring Logging for a Bucket (SDK for Go)
Function
This API enables logging for a bucket (source) and configures another bucket (target) to store the log files. When a bucket is created, logging is not enabled by default. You can call this API to enable logging for the bucket. With logging enabled, a log message is generated for each operation on the bucket. Multiple log messages are packed into a file. The bucket for storing log files must be specified when logging is enabled. It can be the bucket logging is enabled for, or any other bucket you have access to. If you specify another bucket for storing logs, the bucket must be in the same region as the logged bucket. You can also configure access to log files and the name prefix of log files.
Restrictions
- OBS creates log files and uploads them to the bucket. Before enabling logging for a bucket, you need to create an IAM agency to delegate OBS to upload log files to the specified bucket. For details about how to create an agency, see Cloud Service Delegation.
- To configure logging for a bucket, you must be the bucket owner or have the required permission (obs:bucket:PutBucketLogging in IAM or PutBucketLogging in a bucket policy). For details, see Introduction to OBS Access Control, IAM Custom Policies, and Creating a Custom Bucket Policy.
Method
func (obsClient ObsClient) SetBucketLoggingConfiguration(input *SetBucketLoggingConfigurationInput) (output *BaseModel, err error)
Request Parameters
Parameter |
Type |
Mandatory (Yes/No) |
Description |
---|---|---|---|
input |
Yes |
Explanation: Input parameters for configuring bucket logging. For details, see Table 2. |
Parameter |
Type |
Mandatory (Yes/No) |
Description |
---|---|---|---|
Bucket |
string |
Yes |
Explanation: Bucket name Restrictions:
Default value: None |
Agency |
string |
Yes if the parameter is in a request to enable bucket logging |
Explanation: Name of the IAM agency created by the owner of the target bucket for OBS. You can select an existing IAM agency or create one. For details about how to create an agency, see Creating an IAM Agency. Restrictions: By default, the IAM agency only requires the PutObject permission to upload logs to the target bucket. If default encryption is enabled for the target bucket, the agency also requires the KMS Administrator permission in the region where the target bucket is located. Default value: None |
TargetBucket |
string |
Yes if you enable logging for the bucket Do not set this parameter when you disable logging for the bucket. |
Explanation: Name of the bucket for storing log files Restrictions:
Default value: None |
TargetPrefix |
string |
Yes if you enable logging for the bucket Do not set this parameter when you disable logging for the bucket. |
Explanation: Name prefix for log files stored in the log storage bucket Value range: The value must contain 1 to 1,024 characters. Default value: None |
TargetGrants |
[]Grant |
No |
Explanation: Permission information list of grantees, which defines grantees and their permissions for log files. For details, see Table 3. |
Parameter |
Type |
Mandatory (Yes/No) |
Description |
---|---|---|---|
Grantee |
Yes if used as a request parameter |
Explanation: Grantee information. For details, see Table 4. |
|
Permission |
Yes if used as a request parameter |
Explanation: Granted permission Value range: See Table 7. Default value: None |
Parameter |
Type |
Mandatory (Yes/No) |
Description |
---|---|---|---|
Type |
Yes |
Explanation: Grantee type Value range: See Table 5. Default value: None |
|
ID |
string |
Yes if Type is set to GranteeUser |
Explanation: Account (domain) ID of the grantee Value range: To obtain an account ID, see Obtaining the Account ID. Default value: None |
DisplayName |
string |
No |
Explanation: Account name of the grantee Restrictions:
Default value: None |
URI |
Yes if Type is set to GranteeGroup |
Explanation: Authorized user group Value range: See Table 6. Default value: None |
Constant |
Default Value |
Description |
---|---|---|
GranteeGroup |
Group |
User group |
GranteeUser |
CanonicalUser |
Individual user |
Constant |
Default Value |
Description |
---|---|---|
PermissionRead |
READ |
Read permission |
PermissionWrite |
WRITE |
Write permission |
PermissionReadAcp |
READ_ACP |
Permission to read ACL configurations |
PermissionWriteAcp |
WRITE_ACP |
Permission to modify ACL configurations |
PermissionFullControl |
FULL_CONTROL |
Full control access, including read and write permissions for a bucket and its ACL, or for an object and its ACL. |
Responses
Parameter |
Type |
Description |
---|---|---|
output |
Explanation: Returned results. For details, see Table 9. |
|
err |
error |
Explanation: Error messages returned by the API |
Parameter |
Type |
Description |
---|---|---|
StatusCode |
int |
Explanation: HTTP status code Value range: A status code is a group of digits that can be 2xx (indicating successes) or 4xx or 5xx (indicating errors). It indicates the status of a response. For more information, see Status Code. Default value: None |
RequestId |
string |
Explanation: Request ID returned by the OBS server Default value: None |
ResponseHeaders |
map[string][]string |
Explanation: HTTP response headers Default value: None |
Code Examples
This example configures logging for bucket examplebucket, with obs_test_agency as the agency, TargetPrefixtest/ as the prefix for generated log files, and TargetBucketname as the bucket for storing log files.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 |
package main import ( "fmt" "os" obs "github.com/huaweicloud/huaweicloud-sdk-go-obs/obs" ) func main() { //Obtain an AK/SK pair using environment variables or import an AK/SK pair in other ways. Using hard coding may result in leakage. //Obtain an AK/SK pair on the management console. For details, see https://support.huaweicloud.com/eu/usermanual-ca/ca_01_0003.html. ak := os.Getenv("AccessKeyID") sk := os.Getenv("SecretAccessKey") // (Optional) If you use a temporary AK/SK pair and a security token to access OBS, you are advised not to use hard coding to reduce leakage risks. You can obtain an AK/SK pair using environment variables or import an AK/SK pair in other ways. // securityToken := os.Getenv("SecurityToken") // Enter the endpoint corresponding to the bucket. EU-Dublin is used here as an example. Replace it with the one currently in use. endPoint := "https://obs.eu-west-101.myhuaweicloud.eu" // Create an obsClient instance. // If you use a temporary AK/SK pair and a security token to access OBS, use the obs.WithSecurityToken method to specify a security token when creating an instance. obsClient, err := obs.New(ak, sk, endPoint, obs.WithSignature(obs.SignatureObs)/*, obs.WithSecurityToken(securityToken)*/) if err != nil { fmt.Printf("Create obsClient error, errMsg: %s", err.Error()) } input := &obs.SetBucketLoggingConfigurationInput{} // Specify a bucket name. input.Bucket = "examplebucket" // Specify an agency name (obs_test_agency as an example). input.Agency = "obs_test_agency" // Specify a bucket (TargetBucketname as an example) for storing generated log files. input.TargetBucket = "TargetBucketname" // Specify a prefix (TargetPrefixtest/ as an example) for log files to be generated. input.TargetPrefix = "TargetPrefixtest/" // Configure logging for the bucket. output, err := obsClient.SetBucketLoggingConfiguration(input) if err == nil { fmt.Printf("Set bucket(%s)'s logging configuration successful!\n", input.Bucket) fmt.Printf("RequestId:%s\n", output.RequestId) return } fmt.Printf("Set bucket(%s)'s logging configuration fail!\n", input.Bucket) if obsError, ok := err.(obs.ObsError); ok { fmt.Println("An ObsError was found, which means your request sent to OBS was rejected with an error response.") fmt.Println(obsError.Error()) } else { fmt.Println("An Exception was found, which means the client encountered an internal problem when attempting to communicate with OBS, for example, the client was unable to access the network.") fmt.Println(err) } } |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.