Obtaining a Bucket ACL (SDK for Node.js)
Function
OBS provides access control over buckets. You can use an access policy to define whether a user can perform certain operations on a specific bucket. OBS access control can be implemented using IAM permissions, bucket policies, and ACLs (including bucket and object ACLs). For more information, see Introduction to OBS Access Control.
A bucket ACL applies permissions to another account and its IAM users, rather than the current account and its IAM users. It can grant access to both a bucket (including the objects in it) and the bucket ACL. The granted access includes view and edit permissions. You must specify a bucket name when configuring a bucket ACL. For more information, see ACLs.
This API returns the ACL of a bucket.
Restrictions
- To obtain the ACL of a bucket, you must be the bucket owner or have the required permission (obs:bucket:GetBucketAcl in IAM or GetBucketAcl in a bucket policy). For details, see Introduction to OBS Access Control, IAM Custom Policies, and Creating a Custom Bucket Policy.
- To learn about the mappings between OBS regions and endpoints, see Regions and Endpoints.
Method
ObsClient.getBucketAcl(params)
Request Parameters
Parameter |
Type |
Mandatory (Yes/No) |
Description |
---|---|---|---|
Bucket |
string |
Yes |
Explanation: Bucket name. Restrictions:
Value range: The value can contain 3 to 63 characters. Default value: None |
Responses
Type |
Description |
---|---|
NOTE:
This API returns a Promise response, which requires the Promise or async/await syntax. |
Explanation: Returned results. For details, see Table 3. |
Parameter |
Type |
Description |
---|---|---|
CommonMsg |
Explanation: Common information generated after an API call is complete, including the HTTP status code and error code. For details, see Table 4. |
|
InterfaceResult |
Explanation: Results outputted for a successful call. For details, see Table 5. Restrictions: This parameter is not included if the value of Status is greater than 300. |
Parameter |
Type |
Description |
Status |
number |
Explanation: HTTP status code returned by the OBS server. Value range: A status code is a group of digits indicating the status of a response. It ranges from 2xx (indicating successes) to 4xx or 5xx (indicating errors). For details, see Status Codes. |
Code |
string |
Explanation: Error code returned by the OBS server. |
Message |
string |
Explanation: Error description returned by the OBS server. |
HostId |
string |
Explanation: Request server ID returned by the OBS server. |
RequestId |
string |
Explanation: Request ID returned by the OBS server. |
Id2 |
string |
Explanation: Request ID2 returned by the OBS server. |
Indicator |
string |
Explanation: Error code details returned by the OBS server. |
Parameter |
Type |
Description |
---|---|---|
RequestId |
string |
Explanation: Request ID returned by the OBS server |
Owner |
Explanation: Account ID of the bucket owner. For details, see Table 6. |
|
Grants |
Grant[] |
Explanation: Grantees' permission information. For details, see Table 7. |
Parameter |
Type |
Mandatory (Yes/No) |
Description |
---|---|---|---|
ID |
string |
Yes if used as a request parameter |
Explanation: Account (domain) ID of the owner Value range: To obtain the account ID, see How Do I Get My Account ID and User ID? (SDK for Node.js). Default value: None |
DisplayName |
string |
No |
Explanation: Account name of the owner Default value: None |
Parameter |
Type |
Description |
---|---|---|
Grantee |
Explanation: Grantee information. For details, see Table 8. |
|
Permission |
string |
Explanation: Granted permissions. For details, see Table 11. |
Parameter |
Type |
Description |
---|---|---|
Type |
string |
Explanation: Grantee type. For details, see Table 9. |
ID |
string |
Explanation: Account (domain) ID of the grantee. |
Name |
string |
Explanation: Account name of the grantee |
URI |
string |
Explanation: Authorized user group. For details, see Table 10. |
Constant |
Description |
---|---|
Group |
Grants permissions to user groups. |
CanonicalUser |
Grants permissions to individual users. |
Constant |
Default Value |
Description |
---|---|---|
ObsClient.enums.GroupAllUsers |
AllUsers |
All users. |
ObsClient.enums.GroupAuthenticatedUsers |
AuthenticatedUsers |
Authorized users. This constant is deprecated. |
ObsClient.enums.GroupLogDelivery |
LogDelivery |
Log delivery group. This constant is deprecated. |
Constant |
Default Value |
Description |
---|---|---|
ObsClient.enums.PermissionRead |
READ |
A grantee with this permission for a bucket can obtain the list of objects, multipart uploads, bucket metadata, and object versions in the bucket. A grantee with this permission for an object can obtain the object content and metadata. |
ObsClient.enums.PermissionWrite |
WRITE |
A grantee with this permission for a bucket can upload, overwrite, and delete any object or part in the bucket. This permission is not applicable to objects. |
ObsClient.enums.PermissionReadAcp |
READ_ACP |
A grantee with this permission can obtain the ACL of a bucket or object. A bucket or object owner has this permission for their bucket or object by default. |
ObsClient.enums.PermissionWriteAcp |
WRITE_ACP |
A grantee with this permission can update the ACL of a bucket or object. A bucket or object owner has this permission for their bucket or object by default. This permission allows the grantee to change the access control policies, meaning the grantee has full control over a bucket or object. |
ObsClient.enums.PermissionFullControl |
FULL_CONTROL |
A grantee with this permission for a bucket has PermissionRead, PermissionWrite, PermissionReadAcp, and PermissionWriteAcp permissions for the bucket. A grantee with this permission for an object has PermissionRead, PermissionReadAcp, and PermissionWriteAcp permissions for the object. |
Code Examples
This example returns the ACL of bucket examplebucket.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 |
// Import the OBS library. // Use npm to install the client. const ObsClient = require("esdk-obs-nodejs"); // Use the source code to install the client. // var ObsClient = require('./lib/obs'); // Create an instance of ObsClient. const obsClient = new ObsClient({ //Obtain an AK/SK pair using environment variables or import an AK/SK pair in other ways. Using hard coding may result in leakage. //Obtain an AK/SK pair on the management console. For details, see https://support.huaweicloud.com/intl/en-us/usermanual-ca/ca_01_0003.html. access_key_id: process.env.ACCESS_KEY_ID, secret_access_key: process.env.SECRET_ACCESS_KEY, // (Optional) If you use a temporary AK/SK pair and a security token to access OBS, you are advised not to use hard coding, which may result in information leakage. You can obtain an AK/SK pair using environment variables or import an AK/SK pair in other ways. // security_token: process.env.SECURITY_TOKEN, // Enter the endpoint corresponding to the region where the bucket is located. CN-Hong Kong is used here in this example. Replace it with the one currently in use. server: "https://obs.ap-southeast-1.myhuaweicloud.com" }); async function getBucketAcl() { try { const params = { // Specify the bucket name. Bucket: "examplebucket" }; // Obtain the bucket ACL. const result = await obsClient.getBucketAcl(params); if (result.CommonMsg.Status <= 300) { console.log("Get bucket(%s)'s acl rules successful!", params.Bucket); console.log('RequestId: %s', result.InterfaceResult.RequestId); console.log('Owner[ID]: %s', result.InterfaceResult.Owner.ID); console.log('Grants:'); for (let i = 0; i < result.InterfaceResult.Grants.length; i++) { const grant = result.InterfaceResult.Grants[i]; console.log("Grant[%d]-Type:%s, ID:%s, URI:%s, Permission:%s", i, grant.Grantee.Type, grant.Grantee.ID, grant.Grantee.URI, grant.Permission ); }; return; }; console.log("An ObsError was found, which means your request sent to OBS was rejected with an error response."); console.log("Status: %d", result.CommonMsg.Status); console.log("Code: %s", result.CommonMsg.Code); console.log("Message: %s", result.CommonMsg.Message); console.log("RequestId: %s", result.CommonMsg.RequestId); } catch (error) { console.log("An Exception was found, which means the client encountered an internal problem when attempting to communicate with OBS, for example, the client was unable to access the network."); console.log(error); }; }; getBucketAcl(); |
Helpful Links
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot