AI 助理
文档备案控制台
官方文档
首页

Bucket Policy(Go SDK V2)

更新时间:
复制 MD 格式
产品详情
我的收藏

Bucket PolicyOSS提供的一种针对存储空间(Bucket)的授权策略,使您可以精细化地授权或限制有身份的访问者(阿里云账号、RAM用户、RAM角色)或匿名访问者对指定OSS资源的访问。例如,您可以为其他阿里云账号的RAM用户授予指定OSS资源的只读权限。

注意事项

要设置Bucket Policy,您必须有oss:PutBucketPolicy权限;要获取Bucket Policy,您必须有oss:GetBucketPolicy权限;要删除Bucket Policy,您必须有oss:DeleteBucketPolicy权限。具体操作,请参见RAM用户授予自定义的权限策略

示例代码

设置Bucket Policy

您可以使用以下代码设置Bucket Policy。

package main

import (
	"context"
	"flag"
	"log"
	"strings"

	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss"
	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/credentials"
	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/vectors"
)

var (
	region     string
	bucketName string
	accountId  string
)

func init() {
	flag.StringVar(&region, "region", "", "The region in which the vector bucket is located.")
	flag.StringVar(&bucketName, "bucket", "", "The name of the vector bucket.")
	flag.StringVar(&accountId, "account-id", "", "The id of vector account.")
}

func main() {
	flag.Parse()
	if len(bucketName) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, bucket name required")
	}

	if len(region) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, region required")
	}

	if len(accountId) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, accounId required")
	}

	cfg := oss.LoadDefaultConfig().
		WithCredentialsProvider(credentials.NewEnvironmentVariableCredentialsProvider()).
		WithRegion(region).WithAccountId(accountId).
		// 如需通过公网访问,请将此处设置为false或删除此行
		WithUseInternalEndpoint(true)

	client := vectors.NewVectorsClient(cfg)

	request := &vectors.PutBucketPolicyRequest{
		Bucket: oss.Ptr(bucketName),
		Body: strings.NewReader(`{
			   "Version":"1",
			   "Statement":[
			   {
				 "Action":[
				   "oss:PutVectors",
				   "oss:GetVectors"
				],
				"Effect":"Deny",
				"Principal":["1234567890"],
				"Resource":["acs:ossvector:cn-hangzhou:1234567890:*/*"]
			   }
			  ]
			 }`),
	}
	result, err := client.PutBucketPolicy(context.TODO(), request)
	if err != nil {
		log.Fatalf("failed to put vector bucket policy %v", err)
	}

	log.Printf("put vector bucket policy result:%#v\n", result)
}

获取Bucket Policy

您可以使用以下代码获取Bucket Policy。

package main

import (
	"context"
	"flag"
	"log"

	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss"
	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/credentials"
	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/vectors"
)

var (
	region     string
	bucketName string
	accountId  string
)

func init() {
	flag.StringVar(&region, "region", "", "The region in which the vector bucket is located.")
	flag.StringVar(&bucketName, "bucket", "", "The name of the vector bucket.")
	flag.StringVar(&accountId, "account-id", "", "The id of vector account.")
}

func main() {
	flag.Parse()
	if len(bucketName) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, bucket name required")
	}

	if len(region) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, region required")
	}

	if len(accountId) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, accounId required")
	}

	cfg := oss.LoadDefaultConfig().
		WithCredentialsProvider(credentials.NewEnvironmentVariableCredentialsProvider()).
		WithRegion(region).WithAccountId(accountId).
		// 如需通过公网访问,请将此处设置为false或删除此行
		WithUseInternalEndpoint(true)

	client := vectors.NewVectorsClient(cfg)

	request := &vectors.GetBucketPolicyRequest{
		Bucket: oss.Ptr(bucketName),
	}
	result, err := client.GetBucketPolicy(context.TODO(), request)
	if err != nil {
		log.Fatalf("failed to get vector bucket policy %v", err)
	}

	log.Printf("get vector bucket policy result:%#v\n", result)
}

删除Bucket Policy

您可以使用以下代码删除Bucket Policy。

package main

import (
	"context"
	"flag"
	"log"

	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss"
	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/credentials"
	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/vectors"
)

var (
	region     string
	bucketName string
	accountId  string
)

func init() {
	flag.StringVar(&region, "region", "", "The region in which the vector bucket is located.")
	flag.StringVar(&bucketName, "bucket", "", "The name of the vector bucket.")
	flag.StringVar(&accountId, "account-id", "", "The id of vector account.")
}

func main() {
	flag.Parse()
	if len(bucketName) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, bucket name required")
	}

	if len(region) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, region required")
	}

	if len(accountId) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, accounId required")
	}

	cfg := oss.LoadDefaultConfig().
		WithCredentialsProvider(credentials.NewEnvironmentVariableCredentialsProvider()).
		WithRegion(region).WithAccountId(accountId).
		// 如需通过公网访问,请将此处设置为false或删除此行
		WithUseInternalEndpoint(true)

	client := vectors.NewVectorsClient(cfg)

	request := &vectors.DeleteBucketPolicyRequest{
		Bucket: oss.Ptr(bucketName),
	}
	result, err := client.DeleteBucketPolicy(context.TODO(), request)
	if err != nil {
		log.Fatalf("failed to delete vector bucket policy %v", err)
	}

	log.Printf("delete vector bucket policy result:%#v\n", result)
}

相关文档

  • 关于向量Bucket设置Bucket Policy的完整示例代码,请参见GitHub示例

  • 关于向量Bucket获取Bucket Policy的完整示例代码,请参见GitHub示例

  • 关于向量Bucket删除Bucket Policy的完整示例代码,请参见GitHub示例

  • 关于设置Bucket PolicyAPI接口,请参见PutBucketPolicy

  • 关于获取Bucket PolicyAPI接口,请参见GetBucketPolicy

  • 关于删除Bucket PolicyAPI接口,请参见DeleteBucketPolicy

上一篇:删除Vectors(Go SDK V2)下一篇:日志转存(Go SDK V2)