API | Operation | Description |
Setting a bucket policy | Sets a permission policy for a specified bucket | |
Querying a bucket policy | Queries the permission policy of a bucket | |
Deleting a bucket policy | Deletes the permission policy of a bucket |
func (s *BucketService) PutPolicy(ctx context.Context, opt *BucketPutPolicyOptions) (*Response, error)
package mainimport ("context""github.com/tencentyun/cos-go-sdk-v5""net/http""net/url""os")func main(){// Bucket name in the format of `BucketName-APPID` (`APPID` is required), which can be viewed in the COS console at https://console.tencentcloud.com/cos5/bucket.// Replace it with your region, which can be viewed in the COS console at https://console.tencentcloud.com/. For more information about regions, visit https://www.tencentcloud.com/document/product/436/6224.u, _ := url.Parse("https://examplebucket-1250000000.cos.ap-guangzhou.myqcloud.com")b := &cos.BaseURL{BucketURL: u}client := cos.NewClient(b, &http.Client{Transport: &cos.AuthorizationTransport{// Get the key from environment variables// Environment variable `SECRETID` refers to the user's `SecretId`, which can be viewed in the CAM console at https://console.tencentcloud.com/cam/capi.SecretID: os.Getenv("SECRETID"), // User `SecretId`. We recommend you use a sub-account key and follow the principle of least privilege to reduce risks. For information about how to obtain a sub-account key, visit https://www.tencentcloud.com/document/product/598/37140?from_cn_redirect=1.// Environment variable `SECRETKEY` refers to the user's `SecretKey`, which can be viewed in the CAM console at https://console.tencentcloud.com/cam/capi.SecretKey: os.Getenv("SECRETKEY"), // User `SecretKey`. We recommend you use a sub-account key and follow the principle of least privilege to reduce risks. For information about how to obtain a sub-account key, visit https://www.tencentcloud.com/document/product/598/37140?from_cn_redirect=1.},})opt := &cos.BucketPutPolicyOptions{Version: "2.0",Statement: []cos.BucketStatement{{Principal: map[string][]string{"qcs": []string{"qcs::cam::uin/100000000001:uin/100000000011", // Replace with the uin of the account to be granted the permission.},},Action: []string{"name/cos:GetObject",},Effect: "allow",Resource: []string{// Change it to the allowed path prefix (such as "a.jpg", "a/*", or "*"). You can determine the upload path based on your login status. (Keep in mind that using asterisks (*) could bring high risks.)"qcs::cos:ap-guangzhou:uid/1250000000:examplebucket-1250000000/exampleobject",},Condition: map[string]map[string]interface{}{"ip_not_equal": map[string]interface{}{"qcs:ip": []string{"192.168.1.1",},},},},},}_, err := client.Bucket.PutPolicy(context.Background(), opt)if err != nil{// ERROR}}
type BucketStatement struct {Principal map[string][]stringAction []stringEffect stringResource []stringCondition map[string]map[string]interface{}}type BucketPutPolicyOptions struct {Statement []BucketStatementVersion stringPrincipal map[string][]string}
Parameter | Description | Type |
Statement | Detailed information about one or more permissions | Struct |
Version | Policy syntax version | Struct |
Principal | Entity to which the permission is granted. For more information, please see Access Policy Language Overview | String |
action | COS API. You can specify one, several, or all ( * ) COS APIs as needed, e.g., set action to name/cos:GetService . Note that this parameter is case-sensitive. | |
Effect | Allow or explicitly deny | String |
resource | Specific data authorized to be operated on. It can be any resource, a resource whose path prefix is specified, a resource with a specified absolute path, or a combination thereof. | Array |
condition | Condition (optional). For more information, please see Condition | Struct |
func (s *BucketService) GetPolicy(ctx context.Context) (*BucketGetPolicyResult, *Response, error)
package mainimport ("context""github.com/tencentyun/cos-go-sdk-v5""net/http""net/url""os")func main(){// Bucket name in the format of `BucketName-APPID` (`APPID` is required), which can be viewed in the COS console at https://console.tencentcloud.com/cos5/bucket.// Replace it with your region, which can be viewed in the COS console at https://console.tencentcloud.com/. For more information about regions, visit https://www.tencentcloud.com/document/product/436/6224.u, _ := url.Parse("https://examplebucket-1250000000.cos.ap-guangzhou.myqcloud.com")b := &cos.BaseURL{BucketURL: u}client := cos.NewClient(b, &http.Client{Transport: &cos.AuthorizationTransport{// Get the key from environment variables// Environment variable `SECRETID` refers to the user's `SecretId`, which can be viewed in the CAM console at https://console.tencentcloud.com/cam/capi.SecretID: os.Getenv("SECRETID"), // User `SecretId`. We recommend you use a sub-account key and follow the principle of least privilege to reduce risks. For information about how to obtain a sub-account key, visit https://www.tencentcloud.com/document/product/598/37140?from_cn_redirect=1.// Environment variable `SECRETKEY` refers to the user's `SecretKey`, which can be viewed in the CAM console at https://console.tencentcloud.com/cam/capi.SecretKey: os.Getenv("SECRETKEY"), // User `SecretKey`. We recommend you use a sub-account key and follow the principle of least privilege to reduce risks. For information about how to obtain a sub-account key, visit https://www.tencentcloud.com/document/product/598/37140?from_cn_redirect=1.},})res, _, err := client.Bucket.GetPolicy(context.Background())if err != nil{// ERROR}fmt.Println(res)}
type BucketGetPolicyResult BucketPutPolicyOptions// For details, see `BucketPutPolicyOptions`.
func (s *BucketService) DeletePolicy(ctx context.Context) (*Response, error)
package mainimport ("context""github.com/tencentyun/cos-go-sdk-v5""net/http""net/url""os")func main(){// Bucket name in the format of `BucketName-APPID` (`APPID` is required), which can be viewed in the COS console at https://console.tencentcloud.com/cos5/bucket.// Replace it with your region, which can be viewed in the COS console at https://console.tencentcloud.com/. For more information about regions, visit https://www.tencentcloud.com/document/product/436/6224.u, _ := url.Parse("https://examplebucket-1250000000.cos.ap-guangzhou.myqcloud.com")b := &cos.BaseURL{BucketURL: u}client := cos.NewClient(b, &http.Client{Transport: &cos.AuthorizationTransport{// Get the key from environment variables// Environment variable `SECRETID` refers to the user's `SecretId`, which can be viewed in the CAM console at https://console.tencentcloud.com/cam/capi.SecretID: os.Getenv("SECRETID"), // User `SecretId`. We recommend you use a sub-account key and follow the principle of least privilege to reduce risks. For information about how to obtain a sub-account key, visit https://www.tencentcloud.com/document/product/598/37140?from_cn_redirect=1.// Environment variable `SECRETKEY` refers to the user's `SecretKey`, which can be viewed in the CAM console at https://console.tencentcloud.com/cam/capi.SecretKey: os.Getenv("SECRETKEY"), // User `SecretKey`. We recommend you use a sub-account key and follow the principle of least privilege to reduce risks. For information about how to obtain a sub-account key, visit https://www.tencentcloud.com/document/product/598/37140?from_cn_redirect=1.},})_, err := client.Bucket.DeletePolicy(context.Background())if err != nil{// ERROR}}
Was this page helpful?