Obtaining Bucket Policy Information
Function
If a bucket already has a policy, you can call this API to obtain the bucket policy information. For more information about bucket policies, see Configuring a Bucket Policy.
Authorization
This API cannot be used in cross-account scenarios. Assume there are two Huawei Cloud accounts, account A and account B. Account A cannot set, obtain, or delete the bucket policy of account B.
Within the same account, to call this API, you must be the bucket owner or have the permission to obtain bucket policies. You are advised to use IAM or bucket policies for authorization. For details about OBS authorization methods, see Differences Between OBS Permissions Control Methods.
- If you use IAM for authorization, you need to use either role/policy-based authorization or identity policy-based authorization and configure the required permissions:
- If you use role/policy-based authorization (IAM v3 APIs in the old IAM version), you must have the obs:bucket:GetBucketPolicyPublicStatus permission. For details, see Creating a Custom IAM Policy.
- If you use identity policy-based authorization (IAM v5 APIs in the new IAM version), you must have the obs:bucket:getBucketPolicyPublicStatus permission, as shown in the following table. For details, see Creating a Custom IAM Identity Policy.
Action
Access Level
Resource Type (*: Required)
Dependencies
obs:bucket:getBucketPolicy
Read
bucket *
-
-
-
- obs:EpochTime
- obs:SourceIp
- obs:TlsVersion
- obs:CustomDomain
- If you use bucket policies for authorization, you must have the obs:bucket:GetBucketPolicyPublicStatus permission. For details, see Creating a Custom Bucket Policy.
URI
GET /
Calling Method
For details, see Calling APIs. Before calling this API, calculate the API signature and add it to the request.
You can debug this API in API Explorer.
Request Syntax
1 2 3 4 | GET /?policy HTTP/1.1 Host: bucketname.obs.region.myhuaweicloud.com Date: date Authorization: authorization |
URI Parameters
This request contains no URI parameters.
Request Headers
This request uses common headers. For details, see Table 3.
Request Body
This request contains no request body parameters.
Response Syntax
1 2 3 4 | HTTP/1.1 status_code Content-Type: application/xml Date: date Policy Content |
Response Headers
This response uses common headers. For details, see Table 1.
Response Body
The response body is a JSON string that contains the bucket policy information. For details, see Bucket Policy Parameters.
Error Responses
No special errors. You can find all errors in Table 2.
Sample Request
1 2 3 4 | GET /?policy HTTP/1.1 Host: examplebucket.obs.region.myhuaweicloud.com Date: WED, 01 Jul 2015 02:35:46 GMT Authorization: OBS H4IPJX0TQTHTHEBQQCEC:jZiAT8Vx4azWEvPRMWi0X5BpJMA= |
Sample Response
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 | HTTP/1.1 200 OK x-obs-request-id: A603000001604A7DFE4A4AF31E301891 x-obs-id-2: BKOvGmTlt6sda5X4G89PuMO4fabObGYmnpRGkaMba1LqPt0fCACEuCMllAObRK1n Date: WED, 01 Jul 2015 02:35:46 GMT Content-Length: 509 Server: OBS { "Statement":[ { "Sid":"Stmt1375240018061", "Effect":"Allow", "Principal":{ "ID":[ "domain/domainiddomainiddomainiddo006666:user/useriduseriduseriduseridus004001", "domain/domainiddomainiddomainiddo006667:user/*" ] }, "Action":[ "*" ], "Resource":[ "examplebucket" ] } ] } |
Using SDKs to Call APIs
You are advised to use OBS SDKs to call APIs. SDKs encapsulate APIs to simplify development. You can call SDK API functions to access OBS without manually calculating signatures.
Helpful Links
- To use obsutil to obtain bucket policy information, see Obtaining a Bucket Policy.
- For more information about bucket policies, see Configuring a Bucket Policy.
- For details about the billing items involved in API operations, see Billing Items.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
