Help Center/ Object Storage Service/ SDK Reference/ Go/ Buckets (SDK for Go)/ Configuring Logging for a Bucket (SDK for Go)
Updated on 2024-09-05 GMT+08:00

Configuring Logging for a Bucket (SDK for Go)

Function

This API enables logging for a bucket (source) and configures another bucket (target) to store the log files. When a bucket is created, logging is not enabled by default. You can call this API to enable logging for the bucket. With logging enabled, a log message is generated for each operation on the bucket. Multiple log messages are packed into a file. The bucket for storing log files must be specified when logging is enabled. It can be the bucket logging is enabled for, or any other bucket you have access to. If you specify another bucket for storing logs, the bucket must be in the same region as the logged bucket. You can also configure access to log files and the name prefix of log files.

Restrictions

  • OBS creates log files and uploads them to the bucket. Before enabling logging for a bucket, you need to create an IAM agency to delegate OBS to upload log files to the specified bucket. For details about how to create an agency, see Cloud Service Delegation.
  • To configure logging for a bucket, you must be the bucket owner or have the required permission (obs:bucket:PutBucketLogging in IAM or PutBucketLogging in a bucket policy). For details, see Introduction to OBS Access Control, IAM Custom Policies, and Creating a Custom Bucket Policy.

Method

func (obsClient ObsClient) SetBucketLoggingConfiguration(input *SetBucketLoggingConfigurationInput) (output *BaseModel, err error)

Request Parameters

Table 1 List of request parameters

Parameter

Type

Mandatory (Yes/No)

Description

input

*SetBucketLoggingConfigurationInput

Yes

Explanation:

Input parameters for configuring bucket logging. For details, see Table 2.

Table 2 SetBucketLoggingConfigurationInput

Parameter

Type

Mandatory (Yes/No)

Description

Bucket

string

Yes

Explanation:

Bucket name

Restrictions:

  • A bucket name must be unique across all accounts and regions.
  • A bucket name:
    • Must be 3 to 63 characters long and start with a digit or letter. Lowercase letters, digits, hyphens (-), and periods (.) are allowed.
    • Cannot be formatted as an IP address.
    • Cannot start or end with a hyphen (-) or period (.).
    • Cannot contain two consecutive periods (..), for example, my..bucket.
    • Cannot contain a period (.) and a hyphen (-) adjacent to each other, for example, my-.bucket or my.-bucket.
  • If you repeatedly create buckets of the same name in the same region, no error will be reported and the bucket attributes comply with those set in the first creation request.

Default value:

None

Agency

string

Yes if the parameter is in a request to enable bucket logging

Explanation:

Name of the IAM agency created by the owner of the target bucket for OBS.

You can select an existing IAM agency or create one. For details about how to create an agency, see Creating an IAM Agency.

Restrictions:

By default, the IAM agency only requires the PutObject permission to upload logs to the target bucket. If default encryption is enabled for the target bucket, the agency also requires the KMS Administrator permission in the region where the target bucket is located.

Default value:

None

TargetBucket

string

Yes if you enable logging for the bucket

Do not set this parameter when you disable logging for the bucket.

Explanation:

Name of the bucket for storing log files

Restrictions:

  • This bucket must be in the same region as the bucket with logging enabled.
  • A bucket name must be unique across all accounts and regions.
  • A bucket name:
    • Must be 3 to 63 characters long and start with a digit or letter. Lowercase letters, digits, hyphens (-), and periods (.) are allowed.
    • Cannot be formatted as an IP address.
    • Cannot start or end with a hyphen (-) or period (.).
    • Cannot contain two consecutive periods (..), for example, my..bucket.
    • Cannot contain a period (.) and a hyphen (-) adjacent to each other, for example, my-.bucket or my.-bucket.
  • If you repeatedly create buckets of the same name in the same region, no error will be reported and the bucket attributes comply with those set in the first creation request.

Default value:

None

TargetPrefix

string

Yes if you enable logging for the bucket

Do not set this parameter when you disable logging for the bucket.

Explanation:

Name prefix for log files stored in the log storage bucket

Value range:

The value must contain 1 to 1,024 characters.

Default value:

None

TargetGrants

[]Grant

No

Explanation:

Permission information list of grantees, which defines grantees and their permissions for log files. For details, see Table 3.

Table 3 Grant

Parameter

Type

Mandatory (Yes/No)

Description

Grantee

Grantee

Yes if used as a request parameter

Explanation:

Grantee information. For details, see Table 4.

Permission

PermissionType

Yes if used as a request parameter

Explanation:

Granted permission

Value range:

See Table 7.

Default value:

None

Table 4 Grantee

Parameter

Type

Mandatory (Yes/No)

Description

Type

GranteeType

Yes

Explanation:

Grantee type

Value range:

See Table 5.

Default value:

None

ID

string

Yes if Type is set to GranteeUser

Explanation:

Account (domain) ID of the grantee

Value range:

To obtain an account ID, see Obtaining the Account ID.

Default value:

None

DisplayName

string

No

Explanation:

Account name of the grantee

Restrictions:

  • Starts with a letter. Contains 6 to 32 characters.
  • Contains only letters, digits, hyphens (-), and underscores (_).

Default value:

None

URI

GroupUriType

Yes if Type is set to GranteeGroup

Explanation:

Authorized user group

Value range:

See Table 6.

Default value:

None

Table 5 GranteeType

Constant

Default Value

Description

GranteeGroup

Group

User group

GranteeUser

CanonicalUser

Individual user

Table 6 GroupUriType

Constant

Default Value

Description

GroupAllUsers

AllUsers

All users

Table 7 PermissionType

Constant

Default Value

Description

PermissionRead

READ

Read permission

PermissionWrite

WRITE

Write permission

PermissionReadAcp

READ_ACP

Permission to read ACL configurations

PermissionWriteAcp

WRITE_ACP

Permission to modify ACL configurations

PermissionFullControl

FULL_CONTROL

Full control access, including read and write permissions for a bucket and its ACL, or for an object and its ACL.

Responses

Table 8 List of returned results

Parameter

Type

Description

output

*BaseModel

Explanation:

Returned results. For details, see Table 9.

err

error

Explanation:

Error messages returned by the API

Table 9 BaseModel

Parameter

Type

Description

StatusCode

int

Explanation:

HTTP status code

Value range:

A status code is a group of digits that can be 2xx (indicating successes) or 4xx or 5xx (indicating errors). It indicates the status of a response. For more information, see Status Code.

Default value:

None

RequestId

string

Explanation:

Request ID returned by the OBS server

Default value:

None

ResponseHeaders

map[string][]string

Explanation:

HTTP response headers

Default value:

None

Code Examples

This example configures logging for bucket examplebucket, with obs_test_agency as the agency, TargetPrefixtest/ as the prefix for generated log files, and TargetBucketname as the bucket for storing log files.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
package main
import (
    "fmt"
    "os"
    obs "github.com/huaweicloud/huaweicloud-sdk-go-obs/obs"
)
func main() {
    //Obtain an AK/SK pair using environment variables or import an AK/SK pair in other ways. Using hard coding may result in leakage.
    //Obtain an AK/SK pair on the management console. For details, see https://support.huaweicloud.com/eu/usermanual-ca/ca_01_0003.html.
    ak := os.Getenv("AccessKeyID")
    sk := os.Getenv("SecretAccessKey")
    // (Optional) If you use a temporary AK/SK pair and a security token to access OBS, you are advised not to use hard coding to reduce leakage risks. You can obtain an AK/SK pair using environment variables or import an AK/SK pair in other ways.
    // securityToken := os.Getenv("SecurityToken")
    // Enter the endpoint corresponding to the bucket. EU-Dublin is used here as an example. Replace it with the one currently in use.
    endPoint := "https://obs.eu-west-101.myhuaweicloud.eu" 
    // Create an obsClient instance.
    // If you use a temporary AK/SK pair and a security token to access OBS, use the obs.WithSecurityToken method to specify a security token when creating an instance.
    obsClient, err := obs.New(ak, sk, endPoint, obs.WithSignature(obs.SignatureObs)/*, obs.WithSecurityToken(securityToken)*/)
    if err != nil {
        fmt.Printf("Create obsClient error, errMsg: %s", err.Error())
    }
    input := &obs.SetBucketLoggingConfigurationInput{}
    // Specify a bucket name.
    input.Bucket = "examplebucket"
    // Specify an agency name (obs_test_agency as an example).
    input.Agency = "obs_test_agency"
    // Specify a bucket (TargetBucketname as an example) for storing generated log files.
    input.TargetBucket = "TargetBucketname"
    // Specify a prefix (TargetPrefixtest/ as an example) for log files to be generated.
    input.TargetPrefix = "TargetPrefixtest/"
    // Configure logging for the bucket.
    output, err := obsClient.SetBucketLoggingConfiguration(input)
    if err == nil {
        fmt.Printf("Set bucket(%s)'s logging configuration successful!\n", input.Bucket)
        fmt.Printf("RequestId:%s\n", output.RequestId)
        return
    }
    fmt.Printf("Set bucket(%s)'s logging configuration fail!\n", input.Bucket)
    if obsError, ok := err.(obs.ObsError); ok {
        fmt.Println("An ObsError was found, which means your request sent to OBS was rejected with an error response.")
        fmt.Println(obsError.Error())
    } else {
        fmt.Println("An Exception was found, which means the client encountered an internal problem when attempting to communicate with OBS, for example, the client was unable to access the network.")
        fmt.Println(err)
    }
}