Bucket Policy (Python SDK V2)

更新时间:
复制 MD 格式

A bucket policy is an authorization policy for Object Storage Service (OSS) buckets. It allows you to grant or restrict fine-grained access to specific OSS resources to principals, such as Alibaba Cloud accounts, Resource Access Management (RAM) users, RAM roles, or anonymous users. For example, you can grant a RAM user from another Alibaba Cloud account read-only permission to your OSS resources.

Usage notes

Setting, getting, and deleting a bucket policy require the oss:PutBucketPolicy, oss:GetBucketPolicy, and oss:DeleteBucketPolicy permissions, respectively. For details, see Grant custom access policies to a RAM user.

Method definitions

Set a bucket policy

put_bucket_policy(request: PutBucketPolicyRequest, **kwargs) → PutBucketPolicyResult

Get a bucket policy

get_bucket_policy(request: GetBucketPolicyRequest, **kwargs) → GetBucketPolicyResult

Delete a bucket policy

delete_bucket_policy(request: DeleteBucketPolicyRequest, **kwargs) → DeleteBucketPolicyResult

Parameter

Type

Description

request

PutBucketPolicyRequest

The request parameters. For more information, see PutBucketPolicyRequest.

GetBucketPolicyRequest

The request parameters. For more information, see GetBucketPolicyRequest.

DeleteBucketPolicyRequest

The request parameters. For more information, see DeleteBucketPolicyRequest.

Return values

Type

Description

PutBucketPolicyResult

The return value. For more information, see PutBucketPolicyResult.

GetBucketPolicyResult

The return value. For more information, see GetBucketPolicyResult.

DeleteBucketPolicyResult

The return value. For more information, see DeleteBucketPolicyResult.

For the complete definition of the put_bucket_policy method, see put_bucket_policy.

For the complete definition of the get_bucket_policy method, see get_bucket_policy.

For the complete definition of the delete_bucket_policy method, see delete_bucket_policy.

Code examples

Set bucket policy

Use the following code to set a bucket policy.

import argparse
import alibabacloud_oss_v2 as oss
import alibabacloud_oss_v2.vectors as oss_vectors

parser = argparse.ArgumentParser(description="vector put bucket policy sample")
parser.add_argument('--region', help='The region in which the bucket is located.', required=True)
parser.add_argument('--bucket', help='The name of the bucket.', required=True)
parser.add_argument('--endpoint', help='The endpoint to use for accessing OSS.')
parser.add_argument('--account_id', help='The account id.', required=True)

def main():
    args = parser.parse_args()

    # Load credentials from environment variables
    credentials_provider = oss.credentials.EnvironmentVariableCredentialsProvider()

    # Use the SDK's default configuration
    cfg = oss.config.load_default()
    cfg.credentials_provider = credentials_provider
    cfg.region = args.region
    cfg.account_id = args.account_id
    cfg.use_internal_endpoint = True  # To access OSS over the public network, set this to False or delete this line.
    if args.endpoint is not None:
        cfg.endpoint = args.endpoint

    vector_client = oss_vectors.Client(cfg)


    policy_content = '''
        {
           "Version":"1",
           "Statement":[
               {
                 "Action":[
                   "oss:PutVectors",
                   "oss:GetVectors"
                ],
                "Effect":"Deny",
                "Principal":["1234567890"],
                "Resource":["acs:ossvector:cn-hangzhou:1234567890:*/*"]
               }
            ]
         }
    '''

    result = vector_client.put_bucket_policy(oss_vectors.models.PutBucketPolicyRequest(
        bucket=args.bucket,
        body=policy_content
    ))

    print(f'status code: {result.status_code},'
          f' request id: {result.request_id},'
    )

if __name__ == "__main__":
    main()

Get bucket policy

Use the following code to get a bucket policy.

import argparse
import alibabacloud_oss_v2 as oss
import alibabacloud_oss_v2.vectors as oss_vectors

parser = argparse.ArgumentParser(description="vector get bucket policy sample")
parser.add_argument('--region', help='The region in which the bucket is located.', required=True)
parser.add_argument('--bucket', help='The name of the bucket.', required=True)
parser.add_argument('--endpoint', help='The endpoint to use for accessing OSS.')
parser.add_argument('--account_id', help='The account id.', required=True)

def main():
    args = parser.parse_args()

    # Load credentials from environment variables
    credentials_provider = oss.credentials.EnvironmentVariableCredentialsProvider()

    # Use the SDK's default configuration
    cfg = oss.config.load_default()
    cfg.credentials_provider = credentials_provider
    cfg.region = args.region
    cfg.account_id = args.account_id
    cfg.use_internal_endpoint = True  # To access OSS over the public network, set this to False or delete this line.
    if args.endpoint is not None:
        cfg.endpoint = args.endpoint

    vector_client = oss_vectors.Client(cfg)

    result = vector_client.get_bucket_policy(oss_vectors.models.GetBucketPolicyRequest(
        bucket=args.bucket,
    ))

    print(f'status code: {result.status_code},'
          f' request id: {result.request_id},'
          )

    if result.body:
        print(f'policy content: {result.body}')


if __name__ == "__main__":
    main()

Delete bucket policy

Use the following code to delete a bucket policy.

import argparse
import alibabacloud_oss_v2 as oss
import alibabacloud_oss_v2.vectors as oss_vectors

parser = argparse.ArgumentParser(description="vector delete bucket policy sample")
parser.add_argument('--region', help='The region in which the bucket is located.', required=True)
parser.add_argument('--bucket', help='The name of the bucket.', required=True)
parser.add_argument('--endpoint', help='The endpoint to use for accessing OSS.')
parser.add_argument('--account_id', help='The account id.', required=True)

def main():
    args = parser.parse_args()

    # Load credentials from environment variables
    credentials_provider = oss.credentials.EnvironmentVariableCredentialsProvider()

    # Use the SDK's default configuration
    cfg = oss.config.load_default()
    cfg.credentials_provider = credentials_provider
    cfg.region = args.region
    cfg.account_id = args.account_id
    cfg.use_internal_endpoint = True  # To access OSS over the public network, set this to False or delete this line.
    if args.endpoint is not None:
        cfg.endpoint = args.endpoint

    vector_client = oss_vectors.Client(cfg)

    result = vector_client.delete_bucket_policy(oss_vectors.models.DeleteBucketPolicyRequest(
        bucket=args.bucket,
    ))

    print(f'status code: {result.status_code},'
          f' request id: {result.request_id},'
    )

if __name__ == "__main__":
    main()

Related documents