Configuring BPA for a Bucket (SDK for Java)

Function

This API creates or modifies the public access block configuration of an OBS bucket by enabling or disabling the feature.

If you have any questions during development, post them on the Issues page of GitHub.

Restrictions

To configure BPA for a bucket, you must be the bucket owner or have the required permission (obs:bucket:PutBucketPublicAccessBlock in IAM or PutBucketPublicAccessBlock in a bucket policy). For details, see Introduction to OBS Access Control, IAM Custom Policies, and Creating a Custom Bucket Policy.
The mapping between OBS regions and endpoints must comply with what is listed in Regions and Endpoints.
If public access block is enabled, existing public access permissions are ignored and new public access permissions cannot be configured. If public access block is disabled, existing public access permissions continue to apply and new public access permissions can be configured.
By default, BPA is disabled for new POSIX buckets but is enabled for new object buckets.

Method

obsClient.putBucketPublicAccessBlock(PutBucketPublicAccessBlockRequest request)

Request Parameters

**Table 1** List of request parameters
Parameter	Type	Mandatory (Yes/No)	Description
request	PutBucketPublicAccessBlockRequest	Yes	Explanation: Request parameters for setting PublicAccessBlock for a bucket. For details, see Table 2.

**Table 2** PutBucketPublicAccessBlockRequest
Parameter	Type	Mandatory (Yes/No)	Description
bucketName	String	Yes	Explanation: Bucket name. Restrictions: A bucket name must be unique across all accounts and regions. A bucket name: Must be 3 to 63 characters long and start with a digit or letter. Lowercase letters, digits, hyphens (-), and periods (.) are allowed. Cannot be formatted as an IP address. Cannot start or end with a hyphen (-) or period (.). Cannot contain two consecutive periods (..), for example, my..bucket. Cannot contain periods (.) and hyphens (-) adjacent to each other, for example, my-.bucket or my.-bucket. If you repeatedly create buckets with the same name in the same region, no error will be reported and the bucket attributes comply with those set in the first creation request. Default value: None
bucketPublicAccessBlock	BucketPublicAccessBlock	No	Explanation: PublicAccessBlock configuration of a bucket Restrictions: None Value range: None Default value: None

**Table 3** BucketPublicAccessBlock
Parameter	Type	Mandatory (Yes/No)	Description
blockPublicAcls	Boolean	No	Explanation: Whether to block public ACLs. If this parameter is set to True, objects cannot be uploaded when the request includes a public ACL. Requests for modifying bucket or object ACLs fail if the requests include public ACLs. Restrictions: None Value range: True: The public ACL is blocked. False: The public ACL is not blocked. Default value: None
ignorePublicAcls	Boolean	No	Explanation: Whether to ignore public ACLs. If this parameter is set to True, the public ACL does not take effect during OpenAPI permissions checks. Restrictions: None Value range: True: The public ACL is ignored. False: The public ACL is not ignored. Default value: None
blockPublicPolicy	Boolean	No	Explanation: Whether to block the public policy. If this parameter is set to True, OBS rejects calls to modify bucket policies if the specified bucket policy allows public access. Restrictions: None Value range: True: The public policy is blocked. False: The public policy is not blocked. Default value: None
restrictPublicBuckets	Boolean	No	Explanation: Whether to restrict account access. If this parameter is set to True, only cloud service accounts and this account can access the bucket if a public bucket policy is found during the OpenAPI permissions check. Restrictions: None Value range: True: The account access is restricted. False: The account access is not restricted. Default value: None

Responses

**Table 4** Common response headers
Parameter	Type	Description
statusCode	int	Explanation: HTTP status code. Value range: A status code is a group of digits that can be 2xx (indicating successes) or 4xx or 5xx (indicating errors). It indicates the status of a response. For more information, see Status Code. Default value: None
responseHeaders	Map<String, Object>	Explanation: HTTP response header list, composed of tuples. In a tuple, the String key indicates the name of the header, and the Object value indicates the value of the header. Default value: None

Code Examples

import com.obs.services.ObsClient;
import com.obs.services.exception.ObsException;
import com.obs.services.model.bpa.BucketPublicAccessBlock;
import com.obs.services.model.bpa.PutBucketPublicAccessBlockRequest;

import java.util.Map;

public class PutBucketPublicAccessBlockDemo {
    public static void main(String[] args) {
        // Obtain an AK/SK pair using environment variables or import the AK/SK pair in other ways. Using hard coding may result in leakage.
        // Obtain an AK/SK pair on the management console.
        String ak = System.getenv("ACCESS_KEY_ID");
        String sk = System.getenv("SECRET_ACCESS_KEY_ID");
        // (Optional) If you are using a temporary AK/SK pair and a security token to access OBS, you are advised not to use hard coding, which may result in information leakage.
        // Obtain an AK/SK pair and a security token using environment variables or import them in other ways.
        // String securityToken = System.getenv("SECURITY_TOKEN");
        // Enter the endpoint corresponding to the bucket. CN-Hong Kong is used here as an example. Replace it with the one currently in use.
        String endPoint = "https://obs.ap-southeast-1.myhuaweicloud.com";
        // Obtain an endpoint using environment variables or import it in other ways.
        // String endPoint = System.getenv("ENDPOINT");
        
        // Create an ObsClient instance.
        // Use a permanent AK/SK pair to initialize the client.
        ObsClient obsClient = new ObsClient(ak, sk,endPoint);
        // Use a temporary AK/SK pair and security token to initialize the client.
        // ObsClient obsClient = new ObsClient(ak, sk, securityToken, endPoint);

        try {
            String bucketName = "example-bucket-name";
            BucketPublicAccessBlock bucketPublicAccessBlock = new BucketPublicAccessBlock();
            bucketPublicAccessBlock.setBlockPublicPolicy(false);
            PutBucketPublicAccessBlockRequest putBucketPublicAccessBlockRequest =
                new PutBucketPublicAccessBlockRequest(bucketName,bucketPublicAccessBlock);
            obsClient.putBucketPublicAccessBlock(putBucketPublicAccessBlockRequest);
            System.out.println("PutBucketPublicAccessBlock successfully");
        } catch (ObsException e) {
            System.out.println("PutBucketPublicAccessBlock failed");
            // Request failed. Print the HTTP status code.
            System.out.println("HTTP Code:" + e.getResponseCode());
            // Request failed. Print the server-side error code.
            System.out.println("Error Code:" + e.getErrorCode());
            // Request failed. Print the error details.
            System.out.println("Error Message:" + e.getErrorMessage());
            // Request failed. Print the request ID.
            System.out.println("Request ID:" + e.getErrorRequestId());
            System.out.println("Host ID:" + e.getErrorHostId());
            Map<String, String> headers = e.getResponseHeaders();// Check Map entries and print all headers associated with the error.
            if(headers != null){
                for (Map.Entry<String, String> header : headers.entrySet()) {
                    System.out.println(header.getKey()+":"+header.getValue());
                }
            }
            e.printStackTrace();
        } catch (Exception e) {
            System.out.println("PutBucketPublicAccessBlock failed");
            // Print other error details.
            e.printStackTrace();
        }
    }
}