Obtaining Bucket Policy Information

Functions

If a bucket already has a policy, you can call this API to obtain the bucket policy information. For more information about bucket policies, see Configuring a Bucket Policy.

Authorization Information

To call this API, you must be the bucket owner or have the permission to obtain bucket policies. You are advised to use IAM or bucket policies for authorization. For details about OBS authorization methods, see Differences Between OBS Permissions Control Methods.

• If you use IAM for authorization, you need to use either role/policy-based authorization or identity policy-based authorization and configure the required permissions:
  • If you use role/policy-based authorization (IAM v3 APIs in the old IAM version), you need to grant the obs:bucket:GetBucketPolicyPublicStatus permission. For details, see Creating a Custom IAM Policy.
  • If you use identity policy-based authorization (IAM v5 APIs in the new IAM version), you need to grant the obs:bucket:getBucketPolicyPublicStatus permission, as shown in the following table. For details, see Creating a Custom IAM Identity Policy.

    Action	Access Level	Resource Type (*: Required)	Condition Key	Alias	Dependencies
    obs:bucket:getBucketPolicy	Read	bucket *	g:EnterpriseProjectId g:ResourceTag/<tag-key>	-	-
    		-	obs:EpochTime obs:SourceIp obs:TlsVersion obs:CustomDomain

• If you use bucket policies for authorization, you need to grant the obs:bucket:GetBucketPolicyPublicStatus permission. For details, see Creating a Custom Bucket Policy.

Request Syntax

1
2
3
4

GET /?policy HTTP/1.1 
Host: bucketname.obs.region.myhuaweicloud.com 
Date: date
Authorization: authorization

URI Parameters

This request contains no message parameters.

Request Headers

This request uses common headers. For details, see Table 3.

Request Body

This request contains no request body parameters.

Response Syntax

1
2
3
4

HTTP/1.1 status_code
Content-Type: application/xml 
Date: date
Policy Content

Response Headers

This response uses common headers. For details, see Table 1.

Response Body

The response body is a JSON string that contains the bucket policy information. For details, see Bucket Policy Parameters.

Error Responses

No special error responses are returned. For details, see Table 2.

Sample Request

1
2
3
4

GET /?policy HTTP/1.1 
Host: examplebucket.obs.region.myhuaweicloud.com
Date: WED, 01 Jul 2015 02:35:46 GMT 
Authorization: OBS H4IPJX0TQTHTHEBQQCEC:jZiAT8Vx4azWEvPRMWi0X5BpJMA=

Sample Response

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

HTTP/1.1 200 OK 
x-obs-request-id: A603000001604A7DFE4A4AF31E301891
x-obs-id-2: BKOvGmTlt6sda5X4G89PuMO4fabObGYmnpRGkaMba1LqPt0fCACEuCMllAObRK1n
Date: WED, 01 Jul 2015 02:35:46 GMT 
Content-Length: 509
Server: OBS

{
    "Statement":[
        {
            "Sid":"Stmt1375240018061",
            "Effect":"Allow",
            "Principal":{
                "ID":[
                    "domain/domainiddomainiddomainiddo006666:user/useriduseriduseriduseridus004001",
                    "domain/domainiddomainiddomainiddo006667:user/*"
                ]
            },
            "Action":[
                "*"
            ],
            "Resource":[
                "examplebucket"
            ]
        }
    ]
}

Using SDKs to Call APIs

You are advised to use OBS SDKs to call APIs. SDKs encapsulate APIs to simplify development. You can call SDK API functions to access OBS without manually calculating signatures.

References

• To use obsutil to obtain bucket policy information, see Obtaining a Bucket Policy.
• For more information about bucket policies, see Configuring a Bucket Policy.
• For details about the billing items involved in API operations, see Billing Items.