Configuring Logging for a Bucket (SDK for Java)
Function
This API enables logging for a bucket (source) and configures another bucket (target) to store the log files. When a bucket is created, logging is not enabled by default. You can call this API to enable logging for the bucket. With logging enabled, a log message is generated for each operation on the bucket. Multiple log messages are packed into a file. The target bucket for storing log files must be specified when logging is enabled. It can be the bucket logging is enabled for, or any other bucket you have access to. If you specify another bucket for storing logs, the bucket must be in the same region as the logged bucket. You can also specify access permissions and name prefixes for log files.
If you have any questions during development, post them on the Issues page of GitHub.
Restrictions
- The source and target buckets must be in the same region.
- A bucket in the Infrequent Access or Archive storage class cannot be used as a target bucket.
- OBS creates log files and uploads them to the bucket. Before enabling logging for a bucket, you need to create an IAM agency to delegate OBS to upload log files to the specified bucket. For details about how to create an agency, see Cloud Service Delegation.
- To configure logging for a bucket, you must be the bucket owner or have the required permission (obs:bucket:PutBucketLogging in IAM or PutBucketLogging in a bucket policy). For details, see Introduction to OBS Access Control, IAM Custom Policies, and Creating a Custom Bucket Policy.
- The mapping between OBS regions and endpoints must comply with what is listed in Regions and Endpoints.
Method
obsClient.setBucketLogging(final SetBucketLoggingRequest request)
Request Parameters
Parameter |
Type |
Mandatory (Yes/No) |
Description |
---|---|---|---|
request |
Yes |
Explanation: Request parameters for configuring logging for a bucket. For details, see Table 2. |
Parameter |
Type |
Mandatory (Yes/No) |
Description |
---|---|---|---|
bucketName |
String |
Yes |
Explanation: Name of the source bucket. Restrictions:
Default value: None |
loggingConfiguration |
Yes |
Explanation: Bucket logging configurations. For details, see Table 3. |
Parameter |
Type |
Mandatory (Yes/No) |
Description |
---|---|---|---|
agency |
String |
Yes if you configure bucket logging |
Explanation: Name of the IAM agency created by the owner of the target bucket for OBS. You can select an existing IAM agency or create one. For details about how to create an agency, see Creating an IAM Agency. Restrictions: By default, the IAM agency only requires the PutObject permission to upload logs to the target bucket. If default encryption is enabled for the target bucket, the agency also requires the KMS Administrator permission in the region where the target bucket is located. Default value: None |
targetBucketName |
String |
No |
Explanation: Name of the bucket for storing log files. Restrictions:
Default value: None |
logfilePrefix |
String |
No |
Explanation: Name prefix for log files stored in the target bucket. Value range: The value must contain 1 to 1,024 characters. Default value: None |
targetGrantsList |
List<GrantAndPermission> |
No |
Explanation: Permission information list of grantees, which defines grantees and their permissions for log files. For details, see Table 4. |
Parameter |
Type |
Mandatory (Yes/No) |
Description |
---|---|---|---|
grantee |
Yes |
Explanation: Grantees (users or user groups). For details, see Table 5. |
|
permission |
Yes |
Explanation: Permissions to grant. Value range: See Table 8. Default value: None |
|
delivered |
boolean |
No |
Explanation: Whether the bucket ACL is applied to all objects in the bucket. Value range: true: The bucket ACL is applied to all objects in the bucket. false: The bucket ACL is not applied to any objects in the bucket. Default value: false |
Parameter |
Type |
Mandatory (Yes/No) |
Description |
---|---|---|---|
Yes |
Explanation: Grantee (user) information. For details, see Table 6. |
||
Yes |
Explanation: Grantee (user group) information. Value range: See Table 7. Default value: None |
Parameter |
Type |
Mandatory (Yes/No) |
Description |
---|---|---|---|
grantId |
String |
Yes if Type is set to GranteeUser |
Explanation: Account (domain) ID of the grantee. Value range: To obtain the account ID, see How Do I Get My Account ID and User ID? Default value: None |
displayName |
String |
No |
Parameter description: Account name of the grantee. Value range: To obtain the account name, see How Do I Get My Account ID and User ID? Default value: None |
Constant |
Description |
---|---|
ALL_USERS |
All users. |
AUTHENTICATED_USERS |
Authorized users. This constant is deprecated. |
LOG_DELIVERY |
Log delivery group. This constant is deprecated. |
Constant |
Default Value |
Description |
---|---|---|
PERMISSION_READ |
READ |
Read permission. A grantee with this permission for a bucket can obtain the list of objects, multipart uploads, bucket metadata, and object versions in the bucket. A grantee with this permission for an object can obtain the object content and metadata. |
PERMISSION_WRITE |
WRITE |
Write permission. A grantee with this permission for a bucket can upload, overwrite, and delete any object or part in the bucket. This permission is not available for objects. |
PERMISSION_READ_ACP |
READ_ACP |
Permission to read an ACL. A grantee with this permission can obtain the ACL of a bucket or object. A bucket or object owner has this permission for their bucket or object by default. |
PERMISSION_WRITE_ACP |
WRITE_ACP |
Permission to modify an ACL. A grantee with this permission can update the ACL of a bucket or object. A bucket or object owner has this permission for their bucket or object by default. This permission allows the grantee to change the access control policies, meaning the grantee has full control over a bucket or object. |
PERMISSION_FULL_CONTROL |
FULL_CONTROL |
Full control access, including read and write permissions for a bucket and its ACL, or for an object and its ACL. A grantee with this permission for a bucket has READ, WRITE, READ_ACP, and WRITE_ACP permissions for the bucket. A grantee with this permission for an object has READ, READ_ACP, and WRITE_ACP permissions for the object. |
Responses
Parameter |
Type |
Description |
---|---|---|
statusCode |
int |
Explanation: HTTP status code. Value range: A status code is a group of digits that can be 2xx (indicating successes) or 4xx or 5xx (indicating errors). It indicates the status of a response. For more information, see Status Code. Default value: None |
responseHeaders |
Map<String, Object> |
Explanation: HTTP response header list, composed of tuples. In a tuple, the String key indicates the name of the header, and the Object value indicates the value of the header. Default value: None |
Code Example: Enabling Bucket Logging
This example configures logging for bucket examplebucket, with your agency as the agency, targetprefix as the prefix for generated log files, and targetbucketname as the bucket for storing log files.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 |
import com.obs.services.ObsClient; import com.obs.services.exception.ObsException; import com.obs.services.model.BucketLoggingConfiguration; public class SetBucketLogging001 { public static void main(String[] args) { // Obtain an AK/SK pair using environment variables or import the AK/SK pair in other ways. Using hard coding may result in leakage. // Obtain an AK/SK pair on the management console. String ak = System.getenv("ACCESS_KEY_ID"); String sk = System.getenv("SECRET_ACCESS_KEY_ID"); // (Optional) If you are using a temporary AK/SK pair and a security token to access OBS, you are advised not to use hard coding, which may result in information leakage. // Obtain an AK/SK pair and a security token using environment variables or import them in other ways. // String securityToken = System.getenv("SECURITY_TOKEN"); // Enter the endpoint corresponding to the bucket. CN-Hong Kong is used here as an example. Replace it with the one in your actual situation. String endPoint = "https://obs.ap-southeast-1.myhuaweicloud.com"; // Obtain an endpoint using environment variables or import it in other ways. //String endPoint = System.getenv("ENDPOINT"); // Create an ObsClient instance. // Use the permanent AK/SK pair to initialize the client. ObsClient obsClient = new ObsClient(ak, sk,endPoint); // Use the temporary AK/SK pair and security token to initialize the client. // ObsClient obsClient = new ObsClient(ak, sk, securityToken, endPoint); try { // Enable bucket logging. BucketLoggingConfiguration config = new BucketLoggingConfiguration(); // Set an agency. You need to create one on IAM. config.setAgency("your agency"); config.setTargetBucketName("targetbucketname"); config.setLogfilePrefix("targetprefix"); obsClient.setBucketLogging("examplebucket", config); System.out.println("setBucketLogging successfully"); } catch (ObsException e) { System.out.println("setBucketLogging failed"); // Request failed. Print the HTTP status code. System.out.println("HTTP Code:" + e.getResponseCode()); // Request failed. Print the server-side error code. System.out.println("Error Code:" + e.getErrorCode()); // Request failed. Print the error details. System.out.println("Error Message:" + e.getErrorMessage()); // Request failed. Print the request ID. System.out.println("Request ID:" + e.getErrorRequestId()); System.out.println("Host ID:" + e.getErrorHostId()); e.printStackTrace(); } catch (Exception e) { System.out.println("setBucketLogging failed"); // Print other error information. e.printStackTrace(); } } } |
Code Example: Granting the Read Permission on a Log Object
This example configures logging for bucket examplebucket, with your agency as the agency, targetprefix as the prefix for generated log files, and targetbucketname as the bucket for storing log files, and then grants all users the read permission for the logs.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 |
import com.obs.services.ObsClient; import com.obs.services.exception.ObsException; import com.obs.services.model.BucketLoggingConfiguration; import com.obs.services.model.GrantAndPermission; import com.obs.services.model.GroupGrantee; import com.obs.services.model.Permission; public class SetBucketLogging002 { public static void main(String[] args) { // Obtain an AK/SK pair using environment variables or import the AK/SK pair in other ways. Using hard coding may result in leakage. // Obtain an AK/SK pair on the management console. String ak = System.getenv("ACCESS_KEY_ID"); String sk = System.getenv("SECRET_ACCESS_KEY_ID"); // (Optional) If you are using a temporary AK/SK pair and a security token to access OBS, you are advised not to use hard coding, which may result in information leakage. // Obtain an AK/SK pair and a security token using environment variables or import them in other ways. // String securityToken = System.getenv("SECURITY_TOKEN"); // Enter the endpoint corresponding to the bucket. CN-Hong Kong is used here as an example. Replace it with the one in your actual situation. String endPoint = "https://obs.ap-southeast-1.myhuaweicloud.com"; // Obtain an endpoint using environment variables or import it in other ways. //String endPoint = System.getenv("ENDPOINT"); // Create an ObsClient instance. // Use the permanent AK/SK pair to initialize the client. ObsClient obsClient = new ObsClient(ak, sk,endPoint); // Use the temporary AK/SK pair and security token to initialize the client. // ObsClient obsClient = new ObsClient(ak, sk, securityToken, endPoint); try { // Configure access to logs. String targetBucket = "targetbucketname"; // Configure logging for the bucket. BucketLoggingConfiguration config = new BucketLoggingConfiguration(); // Set an agency. You need to create one on IAM. config.setAgency("your agency"); config.setTargetBucketName(targetBucket); config.setLogfilePrefix("prefix"); // Grant all users the READ permission for the logs. GrantAndPermission grant1 = new GrantAndPermission(GroupGrantee.ALL_USERS, Permission.PERMISSION_READ); config.setTargetGrants(new GrantAndPermission[]{grant1}); obsClient.setBucketLogging("examplebucket", config); System.out.println("setBucketLogging successfully"); } catch (ObsException e) { System.out.println("setBucketLogging failed"); // Request failed. Print the HTTP status code. System.out.println("HTTP Code:" + e.getResponseCode()); // Request failed. Print the server-side error code. System.out.println("Error Code:" + e.getErrorCode()); // Request failed. Print the error details. System.out.println("Error Message:" + e.getErrorMessage()); // Request failed. Print the request ID. System.out.println("Request ID:" + e.getErrorRequestId()); System.out.println("Host ID:" + e.getErrorHostId()); e.printStackTrace(); } catch (Exception e) { System.out.println("setBucketLogging failed"); // Print other error information. e.printStackTrace(); } } } |
Code Example: Disabling Bucket Logging
This example disables the logging for bucket examplebucket by clearing the logging configurations of the bucket using ObsClient.setBucketLogging.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 |
import com.obs.services.ObsClient; import com.obs.services.exception.ObsException; import com.obs.services.model.BucketLoggingConfiguration; public class SetBucketLogging003 { public static void main(String[] args) { // Obtain an AK/SK pair using environment variables or import the AK/SK pair in other ways. Using hard coding may result in leakage. // Obtain an AK/SK pair on the management console. String ak = System.getenv("ACCESS_KEY_ID"); String sk = System.getenv("SECRET_ACCESS_KEY_ID"); // (Optional) If you are using a temporary AK/SK pair and a security token to access OBS, you are advised not to use hard coding, which may result in information leakage. // Obtain an AK/SK pair and a security token using environment variables or import them in other ways. // String securityToken = System.getenv("SECURITY_TOKEN"); // Enter the endpoint corresponding to the bucket. CN-Hong Kong is used here as an example. Replace it with the one in your actual situation. String endPoint = "https://obs.ap-southeast-1.myhuaweicloud.com"; // Obtain an endpoint using environment variables or import it in other ways. //String endPoint = System.getenv("ENDPOINT"); // Create an ObsClient instance. // Use the permanent AK/SK pair to initialize the client. ObsClient obsClient = new ObsClient(ak, sk,endPoint); // Use the temporary AK/SK pair and security token to initialize the client. // ObsClient obsClient = new ObsClient(ak, sk, securityToken, endPoint); try { // Leave the logging configurations in blank. obsClient.setBucketLogging("examplebucket", new BucketLoggingConfiguration()); System.out.println("setBucketLogging successfully"); } catch (ObsException e) { System.out.println("setBucketLogging failed"); // Request failed. Print the HTTP status code. System.out.println("HTTP Code:" + e.getResponseCode()); // Request failed. Print the server-side error code. System.out.println("Error Code:" + e.getErrorCode()); // Request failed. Print the error details. System.out.println("Error Message:" + e.getErrorMessage()); // Request failed. Print the request ID. System.out.println("Request ID:" + e.getErrorRequestId()); System.out.println("Host ID:" + e.getErrorHostId()); e.printStackTrace(); } catch (Exception e) { System.out.println("setBucketLogging failed"); // Print other error information. e.printStackTrace(); } } } |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot