Configuring BPA for a Bucket (SDK for Go)
Function
This API creates or modifies the public access block configuration of an OBS bucket by enabling or disabling the feature.
Restrictions
- To configure BPA for a bucket, you must be the bucket owner or have the required permission (obs:bucket:PutBucketPublicAccessBlock in IAM or PutBucketPublicAccessBlock in a bucket policy). For details, see Introduction to OBS Access Control, IAM Custom Policies, and Creating a Custom Bucket Policy.
- The mapping between OBS regions and endpoints must comply with what is listed in Regions and Endpoints.
- If public access block is enabled, existing public access permissions are ignored and new public access permissions cannot be configured. If public access block is disabled, existing public access permissions continue to apply and new public access permissions can be configured.
- By default, BPA is disabled for new POSIX buckets but is enabled for new object buckets.
Method
func (obsClient ObsClient) PutBucketPublicAccessBlock(input *PutBucketPublicAccessBlockInput) (output *BaseModel, err error)
Request Parameters
|
Parameter |
Type |
Mandatory (Yes/No) |
Description |
|---|---|---|---|
|
input |
Yes |
Explanation: Request parameters for setting the BPA configuration for a bucket. For details, see PutBucketPublicAccessBlockInput. |
|
Parameter |
Type |
Mandatory (Yes/No) |
Description |
|---|---|---|---|
|
Bucket |
string |
Yes |
Explanation: Bucket name. Restrictions:
Default value: None |
|
blockPublicAcls |
bool |
No |
Explanation: Whether to block public ACLs. If this parameter is set to True, objects cannot be uploaded when the request includes a public ACL. Requests for modifying bucket or object ACLs fail if the requests include public ACLs. Restrictions: None Value range:
Default value: None |
|
ignorePublicAcls |
bool |
No |
Explanation: Whether to ignore public ACLs. If this parameter is set to True, the public ACL does not take effect during OpenAPI permissions checks. Restrictions: None Value range:
Default value: None |
|
blockPublicPolicy |
bool |
No |
Explanation: Whether to block the public policy. If this parameter is set to True, OBS rejects calls to modify bucket policies if the specified bucket policy allows public access. Restrictions: None Value range:
Default value: None |
|
restrictPublicBuckets |
bool |
No |
Explanation: Whether to restrict account access. If this parameter is set to True, only cloud service accounts and this account can access the bucket if a public bucket policy is found during the OpenAPI permissions check. Restrictions: None Value range:
Default value: None |
Responses
|
Parameter |
Type |
Description |
|---|---|---|
|
output |
Explanation: Returned results. For details, see Table 4. |
|
|
err |
error |
Explanation: Error messages returned by the API |
|
Parameter |
Type |
Description |
|---|---|---|
|
StatusCode |
int |
Explanation: HTTP status code Value range: A status code is a group of digits that can be 2xx (indicating successes) or 4xx or 5xx (indicating errors). It indicates the status of a response. For more information, see Status Code. Default value: None |
|
RequestId |
string |
Explanation: Request ID returned by the OBS server Default value: None |
|
ResponseHeaders |
map[string][]string |
Explanation: HTTP response headers Default value: None |
Code Examples
This example configures PublicAccessBlock for bucket examplebucket.
package main
import (
"fmt"
"os"
obs "github.com/huaweicloud/huaweicloud-sdk-go-obs/obs"
)
func main() {
//Obtain an AK/SK pair using environment variables or import an AK/SK pair in other ways. Using hard coding may result in leakage.
//Obtain an AK/SK pair on the management console. For details, see https://support.huaweicloud.com/intl/en-us/usermanual-ca/ca_01_0003.html.
ak := os.Getenv("AccessKeyID")
sk := os.Getenv("SecretAccessKey")
// (Optional) If you use a temporary AK/SK pair and a security token to access OBS, you are advised not to use hard coding, which may result in information leakage. You can obtain an AK/SK pair using environment variables or import an AK/SK pair in other ways.
securityToken := os.Getenv("SecurityToken")
// Enter the endpoint corresponding to the region where the bucket is located. CN-Hong Kong is used here as an example. Replace it with the one currently in use.
endPoint := "https://obs.ap-southeast-1.myhuaweicloud.com"
// Create an obsClient instance.
// If you use a temporary AK/SK pair and a security token to access OBS, use the obs.WithSecurityToken method to specify a security token when creating an instance.
// obsClient, err := obs.New(ak, sk, endPoint, obs.WithSecurityToken(securityToken))
obsClient, err := "https://your-endpoint"
if err != nil {
fmt.Printf("Create obsClient error, errMsg: %s", err.Error())
}
input := &obs.PutBucketPublicAccessBlockInput{}
// Specify the bucket name.
input.Bucket = "examplebucket"
// Specify the PublicAccessBlock configuration items of the bucket.
input.BlockPublicAcls = true
input.BlockPublicPolicy = true
input.IgnorePublicAcls = true
input.RestrictPublicBuckets = true
// Set PublicAccessBlock for the bucket.
output, err := obsClient.PutBucketPublicAccessBlock(input)
if err == nil {
fmt.Printf("Set bucket(%s)'s PublicAccessBlock successful!\n", input.Bucket)
fmt.Printf("RequestId:%s\n", output.RequestId)
return
}
fmt.Printf("Set bucket(%s)'s PublicAccessBlock fail!\n", input.Bucket)
if obsError, ok := err.(obs.ObsError); ok {
fmt.Println("An ObsError was found, which means your request sent to OBS was rejected with an error response.")
fmt.Println(obsError.Error())
} else {
fmt.Println("An Exception was found, which means the client encountered an internal problem when attempting to communicate with OBS, for example, the client was unable to access the network.")
fmt.Println(err)
}
}
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
