Configuring a Bucket ACL (SDK for Go)
Function
Access control lists (ACLs) allow resource owners to grant other accounts the permissions to access resources. By default, only the resource owner has full control over resources when a bucket or object is created. That is, the bucket creator has full control over the bucket, and the object uploader has full control over the object. Other accounts do not have the permissions to access resources. If resource owners want to grant other accounts the read and write permissions on resources, they can use ACLs. ACLs grant permissions to accounts. After an account is granted permissions, both the account and its IAM users can access the resources. For more information, see ACLs.
This API modifies a bucket ACL.
Restrictions
- A bucket can have up to 100 ACL rules.
- To configure an ACL for a bucket, you must be the bucket owner or have the required permission (obs:bucket:PutBucketAcl in IAM or PutBucketAcl in a bucket policy). For details, see Introduction to OBS Access Control, IAM Custom Policies, and Creating a Custom Bucket Policy.
- The mapping between OBS regions and endpoints must comply with what is listed in Regions and Endpoints.
Method
func (obsClient ObsClient) SetBucketAcl(input *SetBucketAclInput) (output *BaseModel, err error)
Request Parameters
Parameter |
Type |
Mandatory (Yes/No) |
Description |
---|---|---|---|
input |
Yes |
Explanation: Input parameters for configuring a bucket ACL. For details, see Table 2. |
Parameter |
Type |
Mandatory (Yes/No) |
Description |
---|---|---|---|
Bucket |
string |
Yes |
Explanation: Bucket name Restrictions:
Default value: None |
ACL |
No |
Explanation: Pre-defined ACL. Value range: See Table 3. Default value: None |
|
Owner |
No |
Explanation: ID of the bucket owner. For details, see Table 4. Restrictions: Owner and Grants must be used together and they cannot be used with ACL. |
|
Grants |
No |
Explanation: Grantees' permission information. For details, see Table 5. |
Constant |
Default Value |
Description |
---|---|---|
AclPrivate |
private |
Private read/write A bucket or object can only be accessed by its owner. |
AclPublicRead |
public-read |
Public read and private write If this permission is granted on a bucket, anyone can read the object list, multipart tasks, metadata, and object versions in the bucket. If it is granted on an object, anyone can read the content and metadata of the object. |
AclPublicReadWrite |
public-read-write |
Public read/write If this permission is granted on a bucket, anyone can read the object list, multipart tasks, metadata, and object versions in the bucket, and can upload or delete objects, initiate multipart upload tasks, upload parts, assemble parts, copy parts, and abort multipart upload tasks. If it is granted on an object, anyone can read the content and metadata of the object. |
AclPublicReadDelivered |
public-read-delivered |
Public read on a bucket as well as objects in the bucket If this permission is granted on a bucket, anyone can read the object list, multipart tasks, metadata, and object versions, and read the content and metadata of objects in the bucket.
NOTE:
AclPublicReadDelivered does not apply to objects. |
AclPublicReadWriteDelivered |
public-read-write-delivered |
Public read/write on a bucket as well as objects in the bucket If this permission is granted on a bucket, anyone can read the object list, multipart uploads, metadata, and object versions in the bucket, and can upload or delete objects, initiate multipart upload tasks, upload parts, assemble parts, copy parts, and abort multipart uploads. They can also read the content and metadata of objects in the bucket.
NOTE:
AclPublicReadWriteDelivered does not apply to objects. |
AclBucketOwnerFullControl |
bucket-owner-full-control |
If this permission is granted on an object, only the bucket and object owners have the full control over the object. By default, if you upload an object to a bucket of any other user, the bucket owner does not have the permissions on your object. After you grant this permission to the bucket owner, the bucket owner can have full control over your object. |
Parameter |
Type |
Mandatory (Yes/No) |
Description |
---|---|---|---|
ID |
string |
Yes if used as a request parameter |
Explanation: Account (domain) ID of the owner Value range: To obtain the account ID, see How Do I Get My Account ID and User ID? Default value: None |
Parameter |
Type |
Mandatory (Yes/No) |
Description |
---|---|---|---|
Grantee |
Yes if used as a request parameter |
Explanation: Grantee information. For details, see Table 6. |
|
Permission |
Yes if used as a request parameter |
Explanation: Granted permission Value range: See Table 8. Default value: None |
Parameter |
Type |
Mandatory (Yes/No) |
Description |
---|---|---|---|
Type |
Yes if used as a request parameter |
Explanation: Grantee type Value range: See Table 7. Default value: None |
|
ID |
string |
Yes if this parameter is used as a request parameter and Type is set to GranteeUser |
Explanation: Account (domain) ID of the grantee Value range: To obtain an account ID, see Obtaining the Account ID. Default value: None |
DisplayName |
string |
No if used as a request parameter |
Explanation: Account name of the grantee Restrictions:
Default value: None |
Constant |
Default Value |
Description |
---|---|---|
GranteeGroup |
Group |
User group |
GranteeUser |
CanonicalUser |
Individual user |
Constant |
Default Value |
Description |
---|---|---|
PermissionRead |
READ |
Read permission |
PermissionWrite |
WRITE |
Write permission |
PermissionReadAcp |
READ_ACP |
Permission to read ACL configurations |
PermissionWriteAcp |
WRITE_ACP |
Permission to modify ACL configurations |
PermissionFullControl |
FULL_CONTROL |
Full control access, including read and write permissions for a bucket and its ACL, or for an object and its ACL. |
Responses
Parameter |
Type |
Description |
---|---|---|
output |
Explanation: Returned results. For details, see Table 10. |
|
err |
error |
Explanation: Error messages returned by the API |
Parameter |
Type |
Description |
---|---|---|
StatusCode |
int |
Explanation: HTTP status code Value range: A status code is a group of digits that can be 2xx (indicating successes) or 4xx or 5xx (indicating errors). It indicates the status of a response. For more information, see Status Code. Default value: None |
RequestId |
string |
Explanation: Request ID returned by the OBS server Default value: None |
ResponseHeaders |
map[string][]string |
Explanation: HTTP response headers Default value: None |
Code Examples
This example sets the ACL of bucket examplebucket to Private.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 |
package main import ( "fmt" "os" obs "github.com/huaweicloud/huaweicloud-sdk-go-obs/obs" ) func main() { //Obtain an AK/SK pair using environment variables or import an AK/SK pair in other ways. Using hard coding may result in leakage. //Obtain an AK/SK pair on the management console. For details, see https://support.huaweicloud.com/intl/en-us/usermanual-ca/ca_01_0003.html. ak := os.Getenv("AccessKeyID") sk := os.Getenv("SecretAccessKey") // (Optional) If you use a temporary AK/SK pair and a security token to access OBS, you are advised not to use hard coding to reduce leakage risks. You can obtain an AK/SK pair using environment variables or import an AK/SK pair in other ways. //securityToken := os.Getenv("SecurityToken") // Enter the endpoint corresponding to the bucket. CN-Hong Kong is used here as an example. Replace it with the one currently in use. endPoint := "https://obs.ap-southeast-1.myhuaweicloud.com" // Create an obsClient instance. // If you use a temporary AK/SK pair and a security token to access OBS, use the obs.WithSecurityToken method to specify a security token when creating an instance. obsClient, err := obs.New(ak, sk, endPoint, obs.WithSecurityToken(securityToken)) if err != nil { fmt.Printf("Create obsClient error, errMsg: %s", err.Error()) } input := &obs.SetBucketAclInput{} // Specify a bucket name. input.Bucket = "examplebucket" // Set the bucket ACL to be private. input.ACL = obs.AclPrivate // Configure the bucket ACL. output, err := obsClient.SetBucketAcl(input) if err == nil { fmt.Printf("Set bucket(%s)'s acl successful!\n", input.Bucket) fmt.Printf("RequestId:%s\n", output.RequestId) return } fmt.Printf("Set bucket(%s)'s acl fail!\n", input.Bucket) if obsError, ok := err.(obs.ObsError); ok { fmt.Println("An ObsError was found, which means your request sent to OBS was rejected with an error response.") fmt.Println(obsError.Error()) } else { fmt.Println("An Exception was found, which means the client encountered an internal problem when attempting to communicate with OBS, for example, the client was unable to access the network.") fmt.Println(err) } } |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot