Bucket Policy（Python SDK V2）_对象存储(OSS)-阿里云帮助中心

Bucket Policy是OSS提供的一种针对存储空间（Bucket）的授权策略，使您可以精细化地授权或限制有身份的访问者（阿里云账号、RAM用户、RAM角色）或匿名访问者对指定OSS资源的访问。例如，您可以为其他阿里云账号的RAM用户授予指定OSS资源的只读权限。

注意事项

要设置Bucket Policy，您必须有oss:PutBucketPolicy权限；要获取Bucket Policy，您必须有oss:GetBucketPolicy权限；要删除Bucket Policy，您必须有oss:DeleteBucketPolicy权限。具体操作，请参见为RAM用户授予自定义的权限策略。

方法定义

设置Bucket Policy

put_bucket_policy(request: PutBucketPolicyRequest, **kwargs) → PutBucketPolicyResult

获取Bucket Policy

get_bucket_policy(request: GetBucketPolicyRequest, **kwargs) → GetBucketPolicyResult

删除Bucket Policy

delete_bucket_policy(request: DeleteBucketPolicyRequest, **kwargs) → DeleteBucketPolicyResult

参数名	类型	说明
request	PutBucketPolicyRequest	设置请求参数，具体请参见PutBucketPolicyRequest
	GetBucketPolicyRequest	设置请求参数，具体请参见GetBucketPolicyRequest
	DeleteBucketPolicyRequest	设置请求参数，具体请参见DeleteBucketPolicyRequest

返回值列表

类型	说明
PutBucketPolicyResult	返回值，具体请参见PutBucketPolicyResult
GetBucketPolicyResult	返回值，具体请参见GetBucketPolicyResult
DeleteBucketPolicyResult	返回值，具体请参见DeleteBucketPolicyResult

关于设置Bucket Policy方法的完整定义，请参见put_bucket_policy。

关于获取Bucket Policy方法的完整定义，请参见get_bucket_policy。

关于删除Bucket Policy方法的完整定义，请参见delete_bucket_policy。

示例代码

设置Bucket Policy

您可以使用以下代码设置Bucket Policy。

import argparse
import alibabacloud_oss_v2 as oss
import alibabacloud_oss_v2.vectors as oss_vectors

parser = argparse.ArgumentParser(description="vector put bucket policy sample")
parser.add_argument('--region', help='The region in which the bucket is located.', required=True)
parser.add_argument('--bucket', help='The name of the bucket.', required=True)
parser.add_argument('--endpoint', help='The domain names that other services can use to access OSS')
parser.add_argument('--account_id', help='The account id.', required=True)

def main():
    args = parser.parse_args()

    # Loading credentials values from the environment variables
    credentials_provider = oss.credentials.EnvironmentVariableCredentialsProvider()

    # Using the SDK's default configuration
    cfg = oss.config.load_default()
    cfg.credentials_provider = credentials_provider
    cfg.region = args.region
    cfg.account_id = args.account_id
    if args.endpoint is not None:
        cfg.endpoint = args.endpoint

    vector_client = oss_vectors.Client(cfg)


    policy_content = '''
        {
           "Version":"1",
           "Statement":[
               {
                 "Action":[
                   "oss:PutVectors",
                   "oss:GetVectors"
                ],
                "Effect":"Deny",
                "Principal":["1234567890"],
                "Resource":["acs:ossvector:cn-hangzhou:1234567890:*"]
               }
            ]
         }
    '''

    result = vector_client.put_bucket_policy(oss_vectors.models.PutBucketPolicyRequest(
        bucket=args.bucket,
        body=policy_content
    ))

    print(f'status code: {result.status_code},'
          f' request id: {result.request_id},'
    )

if __name__ == "__main__":
    main()

获取Bucket Policy

您可以使用以下代码获取Bucket Policy。

import argparse
import alibabacloud_oss_v2 as oss
import alibabacloud_oss_v2.vectors as oss_vectors

parser = argparse.ArgumentParser(description="vector get bucket policy sample")
parser.add_argument('--region', help='The region in which the bucket is located.', required=True)
parser.add_argument('--bucket', help='The name of the bucket.', required=True)
parser.add_argument('--endpoint', help='The domain names that other services can use to access OSS')
parser.add_argument('--account_id', help='The account id.', required=True)

def main():
    args = parser.parse_args()

    # Loading credentials values from the environment variables
    credentials_provider = oss.credentials.EnvironmentVariableCredentialsProvider()

    # Using the SDK's default configuration
    cfg = oss.config.load_default()
    cfg.credentials_provider = credentials_provider
    cfg.region = args.region
    cfg.account_id = args.account_id
    if args.endpoint is not None:
        cfg.endpoint = args.endpoint

    vector_client = oss_vectors.Client(cfg)

    result = vector_client.get_bucket_policy(oss_vectors.models.GetBucketPolicyRequest(
        bucket=args.bucket,
    ))

    print(f'status code: {result.status_code},'
          f' request id: {result.request_id},'
          )

    if result.body:
        print(f'policy content: {result.body}')


if __name__ == "__main__":
    main()

删除Bucket Policy

您可以使用以下代码删除Bucket Policy。

import argparse
import alibabacloud_oss_v2 as oss
import alibabacloud_oss_v2.vectors as oss_vectors

parser = argparse.ArgumentParser(description="vector delete bucket policy sample")
parser.add_argument('--region', help='The region in which the bucket is located.', required=True)
parser.add_argument('--bucket', help='The name of the bucket.', required=True)
parser.add_argument('--endpoint', help='The domain names that other services can use to access OSS')
parser.add_argument('--account_id', help='The account id.', required=True)

def main():
    args = parser.parse_args()

    # Loading credentials values from the environment variables
    credentials_provider = oss.credentials.EnvironmentVariableCredentialsProvider()

    # Using the SDK's default configuration
    cfg = oss.config.load_default()
    cfg.credentials_provider = credentials_provider
    cfg.region = args.region
    cfg.account_id = args.account_id
    if args.endpoint is not None:
        cfg.endpoint = args.endpoint

    vector_client = oss_vectors.Client(cfg)

    result = vector_client.delete_bucket_policy(oss_vectors.models.DeleteBucketPolicyRequest(
        bucket=args.bucket,
    ))

    print(f'status code: {result.status_code},'
          f' request id: {result.request_id},'
    )

if __name__ == "__main__":
    main()

注意事项

方法定义

设置Bucket Policy

获取Bucket Policy

删除Bucket Policy

返回值列表

示例代码

设置Bucket Policy

获取Bucket Policy

删除Bucket Policy

相关文档