Bucket Policy是OSS提供的一种针对存储空间(Bucket)的授权策略,使您可以精细化地授权或限制有身份的访问者(阿里云账号、RAM用户、RAM角色)或匿名访问者对指定OSS资源的访问。例如,您可以为其他阿里云账号的RAM用户授予指定OSS资源的只读权限。
注意事项
要设置Bucket Policy,您必须有oss:PutBucketPolicy权限;要获取Bucket Policy,您必须有oss:GetBucketPolicy权限;要删除Bucket Policy,您必须有oss:DeleteBucketPolicy权限。具体操作,请参见为RAM用户授予自定义的权限策略。
示例代码
设置Bucket Policy
您可以使用以下代码设置Bucket Policy。
package main
import (
"context"
"flag"
"log"
"strings"
"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss"
"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/credentials"
"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/vectors"
)
var (
region string
bucketName string
accountId string
)
func init() {
flag.StringVar(®ion, "region", "", "The region in which the vector bucket is located.")
flag.StringVar(&bucketName, "bucket", "", "The name of the vector bucket.")
flag.StringVar(&accountId, "account-id", "", "The id of vector account.")
}
func main() {
flag.Parse()
if len(bucketName) == 0 {
flag.PrintDefaults()
log.Fatalf("invalid parameters, bucket name required")
}
if len(region) == 0 {
flag.PrintDefaults()
log.Fatalf("invalid parameters, region required")
}
if len(accountId) == 0 {
flag.PrintDefaults()
log.Fatalf("invalid parameters, accounId required")
}
cfg := oss.LoadDefaultConfig().
WithCredentialsProvider(credentials.NewEnvironmentVariableCredentialsProvider()).
WithRegion(region).WithAccountId(accountId)
client := vectors.NewVectorsClient(cfg)
request := &vectors.PutBucketPolicyRequest{
Bucket: oss.Ptr(bucketName),
Body: strings.NewReader(`{
"Version":"1",
"Statement":[
{
"Action":[
"oss:PutVectors",
"oss:GetVectors"
],
"Effect":"Deny",
"Principal":["1234567890"],
"Resource":["acs:ossvector:cn-hangzhou:1234567890:*"]
}
]
}`),
}
result, err := client.PutBucketPolicy(context.TODO(), request)
if err != nil {
log.Fatalf("failed to put vector bucket policy %v", err)
}
log.Printf("put vector bucket policy result:%#v\n", result)
}
获取Bucket Policy
您可以使用以下代码获取Bucket Policy。
package main
import (
"context"
"flag"
"log"
"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss"
"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/credentials"
"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/vectors"
)
var (
region string
bucketName string
accountId string
)
func init() {
flag.StringVar(®ion, "region", "", "The region in which the vector bucket is located.")
flag.StringVar(&bucketName, "bucket", "", "The name of the vector bucket.")
flag.StringVar(&accountId, "account-id", "", "The id of vector account.")
}
func main() {
flag.Parse()
if len(bucketName) == 0 {
flag.PrintDefaults()
log.Fatalf("invalid parameters, bucket name required")
}
if len(region) == 0 {
flag.PrintDefaults()
log.Fatalf("invalid parameters, region required")
}
if len(accountId) == 0 {
flag.PrintDefaults()
log.Fatalf("invalid parameters, accounId required")
}
cfg := oss.LoadDefaultConfig().
WithCredentialsProvider(credentials.NewEnvironmentVariableCredentialsProvider()).
WithRegion(region).WithAccountId(accountId)
client := vectors.NewVectorsClient(cfg)
request := &vectors.GetBucketPolicyRequest{
Bucket: oss.Ptr(bucketName),
}
result, err := client.GetBucketPolicy(context.TODO(), request)
if err != nil {
log.Fatalf("failed to get vector bucket policy %v", err)
}
log.Printf("get vector bucket policy result:%#v\n", result)
}删除Bucket Policy
您可以使用以下代码删除Bucket Policy。
package main
import (
"context"
"flag"
"log"
"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss"
"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/credentials"
"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/vectors"
)
var (
region string
bucketName string
accountId string
)
func init() {
flag.StringVar(®ion, "region", "", "The region in which the vector bucket is located.")
flag.StringVar(&bucketName, "bucket", "", "The name of the vector bucket.")
flag.StringVar(&accountId, "account-id", "", "The id of vector account.")
}
func main() {
flag.Parse()
if len(bucketName) == 0 {
flag.PrintDefaults()
log.Fatalf("invalid parameters, bucket name required")
}
if len(region) == 0 {
flag.PrintDefaults()
log.Fatalf("invalid parameters, region required")
}
if len(accountId) == 0 {
flag.PrintDefaults()
log.Fatalf("invalid parameters, accounId required")
}
cfg := oss.LoadDefaultConfig().
WithCredentialsProvider(credentials.NewEnvironmentVariableCredentialsProvider()).
WithRegion(region).WithAccountId(accountId)
client := vectors.NewVectorsClient(cfg)
request := &vectors.DeleteBucketPolicyRequest{
Bucket: oss.Ptr(bucketName),
}
result, err := client.DeleteBucketPolicy(context.TODO(), request)
if err != nil {
log.Fatalf("failed to delete vector bucket policy %v", err)
}
log.Printf("delete vector bucket policy result:%#v\n", result)
}
相关文档
关于向量Bucket设置Bucket Policy的完整示例代码,请参见GitHub示例。
关于向量Bucket获取Bucket Policy的完整示例代码,请参见GitHub示例。
关于向量Bucket删除Bucket Policy的完整示例代码,请参见GitHub示例。
关于设置Bucket Policy的API接口,请参见PutBucketPolicy。
关于获取Bucket Policy的API接口,请参见GetBucketPolicy。
关于删除Bucket Policy的API接口,请参见DeleteBucketPolicy。
该文章对您有帮助吗?