Updated on 2024-11-13 GMT+08:00

Configuring a Bucket Policy (SDK for Node.js)

If you have any questions during development, post them on the Issues page of GitHub.

Function

OBS provides access control over buckets. You can use an access policy to define whether a user can perform certain operations on a specific bucket. OBS access control can be implemented using IAM permissions, bucket policies, and ACLs. For more information, see Introduction to OBS Access Control.

A bucket policy is applied to a configured bucket and the objects in it. You can use a bucket policy to grant permission for the bucket and the objects in it to IAM users or other accounts. If you want IAM users to have different permissions for different buckets, you need to configure different bucket policies for those users.

This API configures a policy for a bucket.

Restrictions

  • Permissions for creating a bucket and obtaining a bucket list are service level and should be granted using IAM Permissions.
  • Due to data caching, after a bucket policy is configured, it takes up to five minutes for the policy to take effect.
  • To configure a bucket policy, you must be the bucket owner or have the required permission (obs:bucket:PutBucketPolicy in IAM or PutBucketPolicy in a bucket policy). For details, see Introduction to OBS Access Control, IAM Custom Policies, and Creating a Custom Bucket Policy.
  • To learn about the mappings between OBS regions and endpoints, see Regions and Endpoints.

Method

ObsClient.setBucketPolicy(params)

Request Parameters

Table 1 List of request parameters

Parameter

Type

Mandatory (Yes/No)

Description

Bucket

string

Yes

Explanation:

Bucket name.

Restrictions:

  • A bucket name must be unique across all accounts and regions.
  • A bucket name:
    • Must be 3 to 63 characters long and start with a digit or letter. Lowercase letters, digits, hyphens (-), and periods (.) are allowed.
    • Cannot be formatted as an IP address.
    • Cannot start or end with a hyphen (-) or period (.).
    • Cannot contain two consecutive periods (..), for example, my..bucket.
    • Cannot contain a period (.) and a hyphen (-) adjacent to each other, for example, my-.bucket or my.-bucket.
  • If you repeatedly create buckets with the same name in the same region, no error will be reported, and the bucket attributes comply with those set in the first creation request.

Value range:

The value can contain 3 to 63 characters.

Default value:

None

Policy

string

Yes

Explanation:

Policy in JSON format

Restrictions:

  • The bucket name contained in the Resource parameter of the policy must be the same as the one specified for the current bucket policy.
  • For details about the policy format, see Bucket Policy Parameters.

Value range:

See Bucket Policy Parameters.

Default value:

None

Responses

Table 2 Responses

Type

Description

Table 3

NOTE:

This API returns a Promise response, which requires the Promise or async/await syntax.

Explanation:

Returned results.

For details, see Table 3.

Table 3 Response

Parameter

Type

Description

CommonMsg

ICommonMsg

Explanation:

Common information generated after an API call is complete, including the HTTP status code and error code. For details, see Table 4.

InterfaceResult

Table 5

Explanation:

Results outputted for a successful call. For details, see Table 5.

Restrictions:

This parameter is not included if the value of Status is greater than 300.

Table 4 ICommonMsg

Parameter

Type

Description

Status

number

Explanation:

HTTP status code returned by the OBS server.

Value range:

A status code is a group of digits indicating the status of a response. It ranges from 2xx (indicating successes) to 4xx or 5xx (indicating errors). For details, see Status Codes.

Code

string

Explanation:

Error code returned by the OBS server.

Message

string

Explanation:

Error description returned by the OBS server.

HostId

string

Explanation:

Request server ID returned by the OBS server.

RequestId

string

Explanation:

Request ID returned by the OBS server.

Id2

string

Explanation:

Request ID2 returned by the OBS server.

Indicator

string

Explanation:

Error code details returned by the OBS server.

Table 5 BaseResponseOutput

Parameter

Type

Description

RequestId

string

Explanation:

Request ID returned by the OBS server

Code Examples: Specifying a Bucket Policy

You can call ObsClient.setBucketPolicy to set a bucket policy. Sample code:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
// Import the OBS library.
// Use npm to install the client.
const ObsClient = require("esdk-obs-nodejs");
// Use the source code to install the client.
// var ObsClient = require('./lib/obs');

// Create an instance of ObsClient.
const obsClient = new ObsClient({
  //Obtain an AK/SK pair using environment variables or import an AK/SK pair in other ways. Using hard coding may result in leakage.
  //Obtain an AK/SK pair on the management console. For details, see https://support.huaweicloud.com/intl/en-us/usermanual-ca/ca_01_0003.html.
  access_key_id: process.env.ACCESS_KEY_ID,
  secret_access_key: process.env.SECRET_ACCESS_KEY,
  // (Optional) If you use a temporary AK/SK pair and a security token to access OBS, you are advised not to use hard coding, which may result in information leakage. You can obtain an AK/SK pair using environment variables or import an AK/SK pair in other ways.
  // security_token: process.env.SECURITY_TOKEN,
  // Enter the endpoint corresponding to the region where the bucket is located. CN-Hong Kong is used here in this example. Replace it with the one currently in use.
  server: "https://obs.ap-southeast-1.myhuaweicloud.com"
});

async function setBucketPolicy() {
  try {
    const params = {
      // Specify the bucket name.
      Bucket: "examplebucket",
      // Specify a bucket policy.
      Policy: "{\"Statement\":[{\"Sid\":\"Custom-policy-2482\",\"Effect\":\"Allow\",\"Principal\":{\"ID\":[\"*\"]},\"Action\":[\"*\",\"ListBucket\"],\"Resource\":[\"examplebucket\"]}]}",
    };
    // Set a bucket policy.
    const result = await obsClient.setBucketPolicy(params);
    if (result.CommonMsg.Status <= 300) {
      console.log("Set bucket(%s)'s policy successful!", params.Bucket);
      console.log("RequestId: %s", result.CommonMsg.RequestId);
      return;
    };
    console.log("An ObsError was found, which means your request sent to OBS was rejected with an error response.");
    console.log("Status: %d", result.CommonMsg.Status);
    console.log("Code: %s", result.CommonMsg.Code);
    console.log("Message: %s", result.CommonMsg.Message);
    console.log("RequestId: %s", result.CommonMsg.RequestId);
  } catch (error) {
    console.log("An Exception was found, which means the client encountered an internal problem when attempting to communicate with OBS, for example, the client was unable to access the network.");
    console.log(error);
  };
};

setBucketPolicy();