设置桶策略
功能介绍
该接口的实现使用policy子资源创建或者修改一个桶的策略。如果桶已经存在一个策略,那么当前请求中的策略将完全覆盖桶中现存的策略。单个桶的桶策略条数(statement)没有限制,但一个桶中所有桶策略的JSON描述总大小不能超过20KB。
要使用该接口,使用者要求必须是桶的所有者,或者是桶所有者的子用户且具有设置桶策略的权限。
请求消息样式
1 2 3 4 5 |
PUT /?policy HTTP/1.1
Host: bucketname.obs.region.example.com
Date: date
Authorization: signatureValue
Policy written in JSON
|
请求消息参数
该请求消息中不使用消息参数。
请求消息头
该请求使用公共消息头,具体请参见表3。
请求消息元素
请求消息体是一个符合JSON格式的字符串,包含了桶策略的信息。
响应消息样式
1 2 3 |
HTTP/1.1 status_code
Date: date
Content-Length: length
|
响应消息头
该请求的响应消息使用公共消息头,具体请参考表1。
响应消息元素
该请求的响应消息中不带有响应元素。
错误响应消息
无特殊错误,所有错误已经包含在表2中。
请求示例 1
向OBS租户授予权限
给租户ID为783fc6652cf246c096ea836694f71855的租户授权。
如何获取租户ID请参考获取账号ID和用户ID。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
PUT /?policy HTTP/1.1
Host: examplebucket.obs.region.example.com
Date: WED, 01 Jul 2015 02:32:25 GMT
Authorization: OBS H4IPJX0TQTHTHEBQQCEC:jZiAT8Vx4azWEvPRMWi0X5BpJMA=
{
"Statement": [
{
"Sid": "Stmt1375240018061",
"Action": [
"GetBucketLogging"
],
"Effect": "Allow",
"Resource": "logging.bucket",
"Principal": {
"ID": [
"domain/783fc6652cf246c096ea836694f71855:user/*"
]
}
}
]
}
|
响应示例 1
1 2 3 4 5 6 |
HTTP/1.1 204 No Content
x-obs-request-id: 7B6DFC9BC71DD58B061285551605709
x-obs-id-2: N0I2REZDOUJDNzFERDU4QjA2MTI4NTU1MTYwNTcwOUFBQUFBQUFBYmJiYmJiYmJD
Date: WED, 01 Jul 2015 02:32:25 GMT
Content-Length: 0
Server: OBS
|
请求示例 2
向OBS用户授予权限
用户ID为71f3901173514e6988115ea2c26d1999,用户所属租户ID为783fc6652cf246c096ea836694f71855。
如何获取租户ID和用户ID请参考获取账号ID和用户ID。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
PUT /?policy HTTP/1.1
Host: examplebucket.obs.region.example.com
Date: WED, 01 Jul 2015 02:33:28 GMT
Authorization: OBS H4IPJX0TQTHTHEBQQCEC:jZiAT8Vx4azWEvPRMWi0X5BpJMA=
{
"Statement": [
{
"Sid": "Stmt1375240018062",
"Action": [
"PutBucketLogging"
],
"Effect": "Allow",
"Resource": "examplebucket",
"Principal": {
"ID": [
"domain/783fc6652cf246c096ea836694f71855:user/71f3901173514e6988115ea2c26d1999"
]
}
}
]
}
|
响应示例 2
1 2 3 4 5 6 |
HTTP/1.1 204 No Content
x-obs-request-id: 7B6DFC9BC71DD58B061285551605709
x-obs-id-2: N0I2REZDOUJDNzFERDU4QjA2MTI4NTU1MTYwNTcwOUFBQUFBQUFBYmJiYmJiYmJD
Date: WED, 01 Jul 2015 02:33:28 GMT
Content-Length: 0
Server: OBS
|
请求示例 3
拒绝除了某个指定OBS用户的其他用户执行所有操作
用户ID为71f3901173514e6988115ea2c26d1999,用户所属租户ID为783fc6652cf246c096ea836694f71855。
如何获取租户ID和用户ID请参考获取账号ID和用户ID。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
PUT /?policy HTTP/1.1
Host: examplebucket.obs.region.example.com
Date: WED, 01 Jul 2015 02:34:34 GMT
Authorization: OBS H4IPJX0TQTHTHEBQQCEC:jZiAT8Vx4azWEvPRMWi0X5BpJMA=
{
"Statement": [
{
"Effect": "Deny",
"Action": ["*"],
"Resource": [
"examplebucket/*",
"examplebucket"
],
"NotPrincipal": {
"ID": [
"domain/783fc6652cf246c096ea836694f71855:user/71f3901173514e6988115ea2c26d1999",
"domain/783fc6652cf246c096ea836694f71855"
]
}
}
]
}
|
响应示例 3
1 2 3 4 5 6 |
HTTP/1.1 204 No Content
x-obs-request-id: A603000001604A7DFE4A4AF31E301891
x-obs-id-2: BKOvGmTlt6sda5X4G89PuMO4fabObGYmnpRGkaMba1LqPt0fCACEuCMllAObRK1n
Date: WED, 01 Jul 2015 02:34:34 GMT
Content-Length: 0
Server: OBS
|
请求示例 4
拒绝除了某个指定的域名和不带referer头域的外链请求以实现防盗链白名单
防盗链白名单:http://storage.example.com
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
PUT /?policy HTTP/1.1
Host: examplebucket.obs.region.example.com
Date: WED, 01 Jul 2015 02:34:34 GMT
Authorization: OBS H4IPJX0TQTHTHEBQQCEC:jZiAT8Vx4azWEvPRMWi0X5BpJMA=
{
"Statement": [{
"Effect": "Deny",
"Action": [
"GetObject",
"GetObjectVersion"
],
"Principal": {
"ID": ["*"]
},
"Resource": ["examplebucket/*"],
"Condition": {
"StringNotLike": {
"Referer": [
"http://storage.example.com*",
"${null}"
]
}
}
}]
}
|
响应示例 4
1 2 3 4 5 6 |
HTTP/1.1 204 No Content
x-obs-request-id: A603000001604A7DFE4A4AF31E301891
x-obs-id-2: BKOvGmTlt6sda5X4G89PuMO4fabObGYmnpRGkaMba1LqPt0fCACEuCMllAObRK1n
Date: WED, 01 Jul 2015 02:34:34 GMT
Content-Length: 0
Server: OBS
|