tencent cloud

Feedback

Bucket Policy

Last updated: 2022-02-09 14:56:09

    Overview

    This document provides an overview of APIs and SDK code samples related to bucket policies.

    API Operation Description
    PUT Bucket policy Setting a bucket policy Sets a permission policy for a specified bucket
    GET Bucket policy Querying a bucket policy Queries the permission policy of a bucket
    DELETE Bucket policy Deleting a bucket policy Deletes the permission policy of a bucket

    Setting a bucket policy

    Description

    This API is used to write a permission policy for a bucket. The policy passed in this API will overwrite the existing one (if any) in the bucket.

    Method prototype

    func (s *BucketService) PutPolicy(ctx context.Context, opt *BucketPutPolicyOptions) (*Response, error)
    

    Sample request

    package main
    import (
       "context"
       "github.com/tencentyun/cos-go-sdk-v5"
       "net/http"
       "net/url"
       "os"
    )
    func main() {
       // Bucket name in the format of BucketName-APPID (APPID is required), which can be viewed in the COS console at https://console.intl.cloud.tencent.com/cos5/bucket
       // Replace it with your region, which can be viewed in the COS console at https://console.intl.cloud.tencent.com/. For more information about regions, see https://intl.cloud.tencent.com/document/product/436/6224.
       u, _ := url.Parse("https://examplebucket-1250000000.cos.ap-guangzhou.myqcloud.com")
       b := &cos.BaseURL{BucketURL: u}
       client := cos.NewClient(b, &http.Client{
           Transport: &cos.AuthorizationTransport{
               // Get the key from environment variables
               // Environment variable `SECRETID` refers to the user's SecretId, which can be viewed at https://console.intl.cloud.tencent.com/cam/capi
               SecretID: os.Getenv("SECRETID"),
               // Environment variable `SECRETKEY` refers to the user's SecretId, which can be viewed at https://console.intl.cloud.tencent.com/cam/capi
               SecretKey: os.Getenv("SECRETKEY"),
           },
       })
       opt := &cos.BucketPutPolicyOptions{
           Version: "2.0",
           Statement: []cos.BucketStatement{
               {
                   Principal: map[string][]string{
                       "qcs": []string{
                           "qcs::cam::uin/100000000001:uin/100000000011", // Replace with the uin of the account to be granted the permission.
                       },
                   },
                   Action: []string{
                       "name/cos:GetObject",
                   },
                   Effect: "allow",
                   Resource: []string{
                       // Change it to the allowed path prefix (such as "a.jpg", "a/*", or "*"). You can determine the upload path based on your login status. (Keep in mind that using asterisks (*) could bring high risks.)
                       "qcs::cos:ap-guangzhou:uid/1250000000:examplebucket-1250000000/exampleobject",
                   },
                   Condition: map[string]map[string]interface{}{
                       "ip_not_equal": map[string]interface{}{
                           "qcs:ip": []string{
                               "192.168.1.1",
                           },
                       },
                   },
               },
           },
       }
       _, err := client.Bucket.PutPolicy(context.Background(), opt)
       if err != nil {
           // ERROR
       }
    }
    

    Parameter description

    type BucketStatement struct {
      Principal map[string][]string
      Action    []string
      Effect    string
      Resource  []string
      Condition map[string]map[string]interface{}
    }
    type BucketPutPolicyOptions struct {
      Statement []BucketStatement
      Version   string
      Principal map[string][]string
    }
    
    Parameter Description Type
    Statement Detailed information about one or more permissions Struct
    Version Policy syntax version Struct
    Principal Entity to which the permission is granted. For more information, please see Access Policy Language Overview String
    action COS API. You can specify one, several, or all (*) COS APIs as needed, e.g., set action to name/cos:GetService. Note that this parameter is case-sensitive. Array
    Effect Allow or explicitly deny String
    resource Specific data authorized to be operated on. It can be any resource, a resource whose path prefix is specified, a resource with a specified absolute path, or a combination thereof. Array
    condition Condition (optional). For more information, please see Condition Struct

    Querying a bucket policy

    Description

    This API is used to read the permission policy of a bucket.

    Method prototype

    func (s *BucketService) GetPolicy(ctx context.Context) (*BucketGetPolicyResult, *Response, error)
    

    Sample request

    package main
    import (
       "context"
       "github.com/tencentyun/cos-go-sdk-v5"
       "net/http"
       "net/url"
       "os"
    )
    func main() {
       // Bucket name in the format of BucketName-APPID (APPID is required), which can be viewed in the COS console at https://console.intl.cloud.tencent.com/cos5/bucket
       // Replace it with your region, which can be viewed in the COS console at https://console.intl.cloud.tencent.com/. For more information about regions, see https://intl.cloud.tencent.com/document/product/436/6224.
       u, _ := url.Parse("https://examplebucket-1250000000.cos.ap-guangzhou.myqcloud.com")
       b := &cos.BaseURL{BucketURL: u}
       client := cos.NewClient(b, &http.Client{
           Transport: &cos.AuthorizationTransport{
               // Get the key from environment variables
               // Environment variable `SECRETID` refers to the user's SecretId, which can be viewed at https://console.intl.cloud.tencent.com/cam/capi
               SecretID: os.Getenv("SECRETID"),
               // Environment variable `SECRETKEY` refers to the user's SecretId, which can be viewed at https://console.intl.cloud.tencent.com/cam/capi
               SecretKey: os.Getenv("SECRETKEY"),
           },
       })
       res, _, err := client.Bucket.GetPolicy(context.Background())
       if err != nil {
           // ERROR
       }
       fmt.Println(res)
    }
    

    Response description

    type BucketGetPolicyResult BucketPutPolicyOptions
    // For details, please see `BucketPutPolicyOptions`.
    

    Deleting a bucket policy

    Description

    This API (DELETE Bucket policy) is used to delete the permission policy of a bucket.

    Method prototype

    func (s *BucketService) DeletePolicy(ctx context.Context) (*Response, error)
    

    Sample request

    package main
    import (
      "context"
      "github.com/tencentyun/cos-go-sdk-v5"
      "net/http"
      "net/url"
      "os"
    )
    func main() {
      // Bucket name in the format of BucketName-APPID (APPID is required), which can be viewed in the COS console at https://console.intl.cloud.tencent.com/cos5/bucket
      // Replace it with your region, which can be viewed in the COS console at https://console.intl.cloud.tencent.com/. For more information about regions, see https://intl.cloud.tencent.com/document/product/436/6224.
      u, _ := url.Parse("https://examplebucket-1250000000.cos.ap-guangzhou.myqcloud.com")
      b := &cos.BaseURL{BucketURL: u}
      client := cos.NewClient(b, &http.Client{
          Transport: &cos.AuthorizationTransport{
              // Get the key from environment variables
              // Environment variable `SECRETID` refers to the user's SecretId, which can be viewed at https://console.intl.cloud.tencent.com/cam/capi
              SecretID: os.Getenv("SECRETID"),
              // Environment variable `SECRETKEY` refers to the user's SecretId, which can be viewed at https://console.intl.cloud.tencent.com/cam/capi
              SecretKey: os.Getenv("SECRETKEY"),
          },
      })
      _, err := client.Bucket.DeletePolicy(context.Background())
      if err != nil {
          // ERROR
      }
    }
    
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support