Obtaining Object ACL Information (SDK for Go)

Function

This API returns information about the ACL of an object.

Restrictions

To obtain an object ACL, you must be the bucket owner or have the required permission (obs:object:GetObjectAcl in IAM or GetObjectAcl in a bucket policy). For details, see Introduction to OBS Access Control, IAM Custom Policies, and Configuring an Object Policy.
You can perform this operation to view the ACL of an object, as long as you have the READ_ACP permission for the object.

Method

func (obsClient ObsClient) GetObjectAcl(input *GetObjectAclInput) (output *GetObjectAclOutput, err error)

Method (with a Signed URL Used)

func (obsClient ObsClient) GetObjectAclWithSignedUrl(signedUrl string, actualSignedRequestHeaders http.Header) (output *GetObjectAclOutput, err error)

Request Parameters

**Table 1** List of request parameters
Parameter	Type	Mandatory (Yes/No)	Description
input	*GetObjectAclInput	Yes	Explanation: Input parameters for obtaining the ACL of an object. For details, see Table 2.

**Table 2** GetObjectAclInput
Parameter	Type	Mandatory (Yes/No)	Description
Bucket	string	Yes	Explanation: Bucket name Restrictions: A bucket name must be unique across all accounts and regions. A bucket name: Must be 3 to 63 characters long and start with a digit or letter. Lowercase letters, digits, hyphens (-), and periods (.) are allowed. Cannot be formatted as an IP address. Cannot start or end with a hyphen (-) or period (.). Cannot contain two consecutive periods (..), for example, my..bucket. Cannot contain a period (.) and a hyphen (-) adjacent to each other, for example, my-.bucket or my.-bucket. If you repeatedly create buckets of the same name in the same region, no error will be reported and the bucket attributes comply with those set in the first creation request. Default value: None
Key	string	Yes	Explanation: Object name. An object is uniquely identified by an object name in a bucket. An object name is a complete path that does not contain the bucket name. For example, if the address for accessing the object is examplebucket.obs.eu-west-101.myhuaweicloud.com/folder/test.txt, the object name is folder/test.txt. Value range: The value must contain 1 to 1,024 characters. Default value: None
VersionId	string	No	Explanation: Object version ID, for example, G001117FCE89978B0000401205D5DC9A Value range: The value must contain 32 characters. Default value: None

Responses

**Table 3** List of returned results
Parameter	Type	Description
output	*GetObjectAclOutput	Explanation: Returned results. For details, see Table 4.
err	error	Explanation: Error messages returned by the API

**Table 4** GetObjectAclOutput
Parameter	Type	Description
StatusCode	int	Explanation: HTTP status code Value range: A status code is a group of digits that can be 2xx (indicating successes) or 4xx or 5xx (indicating errors). It indicates the status of a response. For more information, see Status Code. Default value: None
RequestId	string	Explanation: Request ID returned by the OBS server Default value: None
ResponseHeaders	map[string][]string	Explanation: HTTP response headers Default value: None
VersionId	string	Explanation: Object version ID, for example, G001117FCE89978B0000401205D5DC9A Value range: The value must contain 32 characters. Default value: None
Owner	Owner	Explanation: Account ID of the object owner. For details, see Table 5. Restrictions: Owner and Grants must be used together and they cannot be used with ACL.
Grants	[]Grant	Explanation: Grantees' permission information. For details, see Table 6. Default value: None

**Table 5** Owner
Parameter	Type	Mandatory (Yes/No)	Description
ID	string	Yes if used as a request parameter	Explanation: Account (domain) ID of the owner Value range: To obtain the account ID, see How Do I Get My Account ID and User ID? Default value: None

**Table 6** Grant
Parameter	Type	Mandatory (Yes/No)	Description
Grantee	Grantee	Yes if used as a request parameter	Explanation: Grantee information. For details, see Table 7.
Permission	PermissionType	Yes if used as a request parameter	Explanation: Granted permission Value range: See Table 8. Default value: None

**Table 7** Grantee
Parameter	Type	Mandatory (Yes/No)	Description
Type	GranteeType	Yes if used as a request parameter	Explanation: Grantee type. For details, see Table 9.
ID	string	Yes if this parameter is used as a request parameter and Type is set to GranteeUser	Explanation: Account (domain) ID of the grantee Value range: To obtain the account ID, see How Do I Get My Account ID and User ID? Default value: None
DisplayName	string	No if used as a request parameter	Explanation: Account name of the grantee Restrictions: Starts with a letter. Contains 6 to 32 characters. Contains only letters, digits, hyphens (-), and underscores (_). Default value: None
URI	GroupUriType	Yes if this parameter is used as a request parameter and Type is set to GranteeGroup	Explanation: Authorized user group Value range: See Table 10. Default value: None

**Table 8** PermissionType
Constant	Default Value	Description
PermissionRead	READ	Read permission
PermissionWrite	WRITE	Write permission
PermissionReadAcp	READ_ACP	Permission to read ACL configurations
PermissionWriteAcp	WRITE_ACP	Permission to modify ACL configurations
PermissionFullControl	FULL_CONTROL	Full control access, including read and write permissions for a bucket and its ACL, or for an object and its ACL.

**Table 9** GranteeType
Constant	Default Value	Description
GranteeGroup	Group	User group
GranteeUser	CanonicalUser	Individual user

**Table 10** GroupUriType
Constant	Default Value	Description
GroupAllUsers	AllUsers	All users

Code Examples

This example returns the ACL information of object example/objectname.

     
      
        
        
          package main
import (
    "fmt"
    "os"
    obs "github.com/huaweicloud/huaweicloud-sdk-go-obs/obs"
)
func main() {
    //Obtain an AK/SK pair using environment variables or import an AK/SK pair in other ways. Using hard coding may result in leakage.
    //Obtain an AK/SK pair on the management console. For details, see https://support.huaweicloud.com/eu/usermanual-ca/ca_01_0003.html.
    ak := os.Getenv("AccessKeyID")
    sk := os.Getenv("SecretAccessKey")
    // (Optional) If you use a temporary AK/SK pair and a security token to access OBS, you are advised not to use hard coding to reduce leakage risks. You can obtain an AK/SK pair using environment variables or import an AK/SK pair in other ways.
    // securityToken := os.Getenv("SecurityToken")
    // Enter the endpoint corresponding to the bucket. EU-Dublin is used here as an example. Replace it with the one currently in use.
    endPoint := "https://obs.eu-west-101.myhuaweicloud.eu" 
    // Create an obsClient instance.
    // If you use a temporary AK/SK pair and a security token to access OBS, use the obs.WithSecurityToken method to specify a security token when creating an instance.
    obsClient, err := obs.New(ak, sk, endPoint/*, obs.WithSecurityToken(securityToken)*/)
    if err != nil {
        fmt.Printf("Create obsClient error, errMsg: %s", err.Error())
    }
    input := &obs.GetObjectAclInput{}
    // Specify a bucket name.
    input.Bucket = "examplebucket"
    // Specify an object (example/objectname as an example).
    input.Key = "example/objectname"
    // Obtain the object ACL.
    output, err := obsClient.GetObjectAcl(input)
    if err == nil {
        fmt.Printf("Get object(%s)'s acl successful with bucket(%s)!\n", input.Key, input.Bucket)
        fmt.Printf("Owner.ID:%s\n", output.Owner.ID)
        for index, grant := range output.Grants {
            fmt.Printf("Grant[%d]-Type:%s, ID:%s, URI:%s, Permission:%s\n",
                index, grant.Grantee.Type, grant.Grantee.ID, grant.Grantee.URI, grant.Permission)
        }
        return
    }
    fmt.Printf("Get object(%s)'s acl fail with bucket(%s)!\n", input.Key, input.Bucket)
    if obsError, ok := err.(obs.ObsError); ok {
        fmt.Println("An ObsError was found, which means your request sent to OBS was rejected with an error response.")
        fmt.Println(obsError.Error())
    } else {
        fmt.Println("An Exception was found, which means the client encountered an internal problem when attempting to communicate with OBS, for example, the client was unable to access the network.")
        fmt.Println(err)
    }
}

         

       

     
    

    
     
       
       
         package main
import (
    "fmt"
    "os"
    obs "github.com/huaweicloud/huaweicloud-sdk-go-obs/obs"
)
func main() {
    //Obtain an AK/SK pair using environment variables or import an AK/SK pair in other ways. Using hard coding may result in leakage.
    //Obtain an AK/SK pair on the management console. For details, see https://support.huaweicloud.com/eu/usermanual-ca/ca_01_0003.html.
    ak := os.Getenv("AccessKeyID")
    sk := os.Getenv("SecretAccessKey")
    // (Optional) If you use a temporary AK/SK pair and a security token to access OBS, you are advised not to use hard coding to reduce leakage risks. You can obtain an AK/SK pair using environment variables or import an AK/SK pair in other ways.
    // securityToken := os.Getenv("SecurityToken")
    // Enter the endpoint corresponding to the bucket. EU-Dublin is used here as an example. Replace it with the one currently in use.
    endPoint := "https://obs.eu-west-101.myhuaweicloud.eu" 
    // Create an obsClient instance.
    // If you use a temporary AK/SK pair and a security token to access OBS, use the obs.WithSecurityToken method to specify a security token when creating an instance.
    obsClient, err := obs.New(ak, sk, endPoint/*, obs.WithSecurityToken(securityToken)*/)
    if err != nil {
        fmt.Printf("Create obsClient error, errMsg: %s", err.Error())
    }
    input := &obs.GetObjectAclInput{}
    // Specify a bucket name.
    input.Bucket = "examplebucket"
    // Specify an object (example/objectname as an example).
    input.Key = "example/objectname"
    // Obtain the object ACL.
    output, err := obsClient.GetObjectAcl(input)
    if err == nil {
        fmt.Printf("Get object(%s)'s acl successful with bucket(%s)!\n", input.Key, input.Bucket)
        fmt.Printf("Owner.ID:%s\n", output.Owner.ID)
        for index, grant := range output.Grants {
            fmt.Printf("Grant[%d]-Type:%s, ID:%s, URI:%s, Permission:%s\n",
                index, grant.Grantee.Type, grant.Grantee.ID, grant.Grantee.URI, grant.Permission)
        }
        return
    }
    fmt.Printf("Get object(%s)'s acl fail with bucket(%s)!\n", input.Key, input.Bucket)
    if obsError, ok := err.(obs.ObsError); ok {
        fmt.Println("An ObsError was found, which means your request sent to OBS was rejected with an error response.")
        fmt.Println(obsError.Error())
    } else {
        fmt.Println("An Exception was found, which means the client encountered an internal problem when attempting to communicate with OBS, for example, the client was unable to access the network.")
        fmt.Println(err)
    }
}

        

      

    
   