Obtaining the Encryption Configuration of a Bucket
Function
If encryption has been configured for a bucket, you can call this API to obtain its encryption configuration. For more information about bucket encryption configuration, see Server-Side Encryption.
OBS uses the GET method to obtain the encryption configuration of a specified bucket.
Authorization
To call this API, you must be the bucket owner or have the permission to obtain the encryption configuration of a bucket. You are advised to use IAM or bucket policies for authorization. For details about OBS authorization methods, see Differences Between OBS Permissions Control Methods.
- If you use IAM for authorization, you need to use either role/policy-based authorization or identity policy-based authorization and configure the required permissions:
- If you use role/policy-based authorization (IAM v3 APIs in the old IAM version), you must have the obs:bucket:GetEncryptionConfiguration permission. For details, see Creating a Custom IAM Policy.
- If you use identity policy-based authorization (IAM v5 APIs in the new IAM version), you must have the obs:bucket:getEncryptionConfiguration permission, as shown in the following table. For details, see Creating a Custom IAM Identity Policy.
Action
Access Level
Resource Type (*: Required)
Dependencies
obs:bucket:getEncryptionConfiguration
Read
bucket *
-
-
-
- obs:EpochTime
- obs:SourceIp
- obs:TlsVersion
- obs:CustomDomain
- If you use bucket policies for authorization, you must have the obs:bucket:GetEncryptionConfiguration permission. For details, see Creating a Custom Bucket Policy.
URI
GET /
Calling Method
For details, see Calling APIs. Before calling this API, calculate the API signature and add it to the request.
You can debug this API in API Explorer.
Request Syntax
1 2 3 4 5 6 | GET /?encryption HTTP/1.1 User-Agent: curl/7.29.0 Host: bucketname.obs.region.myhuaweicloud.com Accept: */* Date: date Authorization: authorization string |
URI Parameters
This request contains no URI parameters.
Request Headers
This request uses common headers. For details, see Table 3.
Request Body
This request contains no request body parameters.
Response Syntax
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 | HTTP/1.1 status_code x-obs-request-id: request id x-obs-id-2: id Content-Type: application/xml Content-Length: length Date: date <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <ServerSideEncryptionConfiguration xmlns="http://obs.region.myhuaweicloud.com/doc/2015-06-30/"> <Rule> <ApplyServerSideEncryptionByDefault> <SSEAlgorithm>kms</SSEAlgorithm> <KMSMasterKeyID>kmskeyid-value</KMSMasterKeyID> <ProjectID>projectid</ProjectID> </ApplyServerSideEncryptionByDefault> <BucketKeyEnabled>true</BucketKeyEnabled> </Rule> </ServerSideEncryptionConfiguration> |
Response Headers
This response uses common headers. For details, see Table 1.
Response Body
This response contains the following elements to detail bucket encryption configuration:
| Parameter | Type | Description |
|---|---|---|
| ServerSideEncryptionConfiguration | Container | Definition Root element of the default encryption configuration of a bucket. ServerSideEncryptionConfiguration is the parent node of Rule. Range N/A |
| Rule | Container | Definition Child element of the default bucket encryption configuration. Rule is the parent node of ApplyServerSideEncryptionByDefault. Range For details, see Table 2. |
| Parameter | Type | Description |
|---|---|---|
| ApplyServerSideEncryptionByDefault | Container | Definition Child element of the default encryption configuration of a bucket. Range For details, see Table 3. |
| Parameter | Type | Description |
|---|---|---|
| SSEAlgorithm | String | Definition Server-side encryption algorithm used for the default encryption configuration of a bucket. Range
|
| KMSMasterKeyID | String | Definition KMS master key ID used in SSE-KMS encryption. Range
In the preceding formats:
|
| ProjectID | String | Definition ID of the project where the KMS master key belongs when SSE-KMS is used. Range Project ID that matches KMSMasterKeyID, that is, the ID of the project to which the master key with the specified KMSMasterKeyID belongs |
Error Responses
In addition to common error codes, this API also returns some special error codes. Table 4 lists the special error codes and their possible causes.
Sample Request
1 2 3 4 5 6 | GET /?encryption HTTP/1.1 User-Agent: curl/7.29.0 Host: examplebucket.obs.region.myhuaweicloud.com Accept: */* Date: Thu, 21 Feb 2019 03:05:34 GMT Authorization: OBS H4IPJX0TQTHTHEBQQCEC:DpSAlmLX/BTdjxU5HOEwflhM0WI= |
Sample Response
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 | HTTP/1.1 200 OK Server: OBS x-obs-request-id: BF26000001643670AC06E7B9A7767921 x-obs-id-2: 32AAAQAAEAABSAAgAAEAABAAAQAAEAABCSvK6z8HV6nrJh49gsB5vqzpgtohkiFm Date: Thu, 21 Feb 2019 03:05:34 GMT Content-Length: 788 <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <ServerSideEncryptionConfiguration xmlns="http://obs.region.myhuaweicloud.com/doc/2015-06-30/"> <Rule> <ApplyServerSideEncryptionByDefault> <SSEAlgorithm>kms</SSEAlgorithm> <KMSMasterKeyID>4f1cd4de-ab64-4807-920a-47fc42e7f0d0</KMSMasterKeyID> </ApplyServerSideEncryptionByDefault> <BucketKeyEnabled>true</BucketKeyEnabled> </Rule> </ServerSideEncryptionConfiguration> |
Helpful Links
- For more information about server-side encryption, see Server-Side Encryption.
- For details about the billing items involved in API operations, see Billing Items.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
