tencent cloud

PrevNext

Feedback

search by keyword

Recent Pages

Documentation
Cloud Object Storage
    Documentation
    Download PDF

    Bucket Policy

    Last updated: 2024-02-02 15:51:37
    Download PDF

      Overview

      This document provides an overview of APIs and SDK code samples related to bucket policies.
      API
      Operation
      Description
      Setting a bucket policy
      Sets a permission policy for a specified bucket
      Querying a bucket policy
      Queries the permission policy of a bucket
      Deleting a bucket policy
      Deletes the permission policy of a bucket

      Setting a bucket policy

      Feature description

      This API is used to write a permission policy for a bucket. The policy passed in this API will overwrite the existing one (if any) in the bucket.

      Method prototype

      func (s *BucketService) PutPolicy(ctx context.Context, opt *BucketPutPolicyOptions) (*Response, error)

      Sample request

      package main
      
      import (
          "context"
          "github.com/tencentyun/cos-go-sdk-v5"
          "net/http"
          "net/url"
          "os"
      )
      
      func main(){
          // Bucket name in the format of `BucketName-APPID` (`APPID` is required), which can be viewed in the COS console at https://console.tencentcloud.com/cos5/bucket.
          // Replace it with your region, which can be viewed in the COS console at https://console.tencentcloud.com/. For more information about regions, visit https://www.tencentcloud.com/document/product/436/6224.
          u, _ := url.Parse("https://examplebucket-1250000000.cos.ap-guangzhou.myqcloud.com")
          b := &cos.BaseURL{BucketURL: u}
          client := cos.NewClient(b, &http.Client{
              Transport: &cos.AuthorizationTransport{
                  // Get the key from environment variables
                  // Environment variable `SECRETID` refers to the user's `SecretId`, which can be viewed in the CAM console at https://console.tencentcloud.com/cam/capi.
                  SecretID: os.Getenv("SECRETID"),  // User `SecretId`. We recommend you use a sub-account key and follow the principle of least privilege to reduce risks. For information about how to obtain a sub-account key, visit https://www.tencentcloud.com/document/product/598/37140?from_cn_redirect=1.
                  // Environment variable `SECRETKEY` refers to the user's `SecretKey`, which can be viewed in the CAM console at https://console.tencentcloud.com/cam/capi.
                  SecretKey: os.Getenv("SECRETKEY"),  // User `SecretKey`. We recommend you use a sub-account key and follow the principle of least privilege to reduce risks. For information about how to obtain a sub-account key, visit  https://www.tencentcloud.com/document/product/598/37140?from_cn_redirect=1.
              },
          })
          opt := &cos.BucketPutPolicyOptions{
              Version: "2.0",
              Statement: []cos.BucketStatement{
                  {
                      Principal: map[string][]string{
                          "qcs": []string{
                              "qcs::cam::uin/100000000001:uin/100000000011", // Replace with the uin of the account to be granted the permission.
                          },
                      },
                      Action: []string{
                          "name/cos:GetObject",
                      },
                      Effect: "allow",
                      Resource: []string{
                          // Change it to the allowed path prefix (such as "a.jpg", "a/*", or "*"). You can determine the upload path based on your login status. (Keep in mind that using asterisks (*) could bring high risks.)
                          "qcs::cos:ap-guangzhou:uid/1250000000:examplebucket-1250000000/exampleobject",
                      },
                      Condition: map[string]map[string]interface{}{
                          "ip_not_equal": map[string]interface{}{
                              "qcs:ip": []string{
                                  "192.168.1.1",
                              },
                          },
                      },
                  },
              },
          }
          _, err := client.Bucket.PutPolicy(context.Background(), opt)
          if err != nil{
              // ERROR
          }
      }

      Field description

      type BucketStatement struct {
          Principal map[string][]string
          Action    []string
          Effect    string
          Resource  []string
          Condition map[string]map[string]interface{}
      }
      
      type BucketPutPolicyOptions struct {
          Statement []BucketStatement
          Version   string
          Principal map[string][]string
      }
      Parameter
      Description
      Type
      Statement
      Detailed information about one or more permissions
      Struct
      Version
      Policy syntax version
      Struct
      Principal
      Entity to which the permission is granted. For more information, please see Access Policy Language Overview
      String
      action
      COS API. You can specify one, several, or all (*) COS APIs as needed, e.g., set action to name/cos:GetService. Note that this parameter is case-sensitive.
      
      Effect
      Allow or explicitly deny
      String
      resource
      Specific data authorized to be operated on. It can be any resource, a resource whose path prefix is specified, a resource with a specified absolute path, or a combination thereof.
      Array
      condition
      Condition (optional). For more information, please see Condition
      Struct

      Querying a bucket policy

      Feature description

      This API is used to read the permission policy of a bucket.

      Method prototype

      func (s *BucketService) GetPolicy(ctx context.Context) (*BucketGetPolicyResult, *Response, error)

      Sample request

      package main
      
      import (
          "context"
          "github.com/tencentyun/cos-go-sdk-v5"
          "net/http"
          "net/url"
          "os"
      )
      
      func main(){
          // Bucket name in the format of `BucketName-APPID` (`APPID` is required), which can be viewed in the COS console at https://console.tencentcloud.com/cos5/bucket.
          // Replace it with your region, which can be viewed in the COS console at https://console.tencentcloud.com/. For more information about regions, visit https://www.tencentcloud.com/document/product/436/6224.
          u, _ := url.Parse("https://examplebucket-1250000000.cos.ap-guangzhou.myqcloud.com")
          b := &cos.BaseURL{BucketURL: u}
          client := cos.NewClient(b, &http.Client{
              Transport: &cos.AuthorizationTransport{
                  // Get the key from environment variables
                  // Environment variable `SECRETID` refers to the user's `SecretId`, which can be viewed in the CAM console at https://console.tencentcloud.com/cam/capi.
                  SecretID: os.Getenv("SECRETID"),  // User `SecretId`. We recommend you use a sub-account key and follow the principle of least privilege to reduce risks. For information about how to obtain a sub-account key, visit https://www.tencentcloud.com/document/product/598/37140?from_cn_redirect=1.
                  // Environment variable `SECRETKEY` refers to the user's `SecretKey`, which can be viewed in the CAM console at https://console.tencentcloud.com/cam/capi.
                  SecretKey: os.Getenv("SECRETKEY"),  // User `SecretKey`. We recommend you use a sub-account key and follow the principle of least privilege to reduce risks. For information about how to obtain a sub-account key, visit  https://www.tencentcloud.com/document/product/598/37140?from_cn_redirect=1.
              },
          })
          res, _, err := client.Bucket.GetPolicy(context.Background())
          if err != nil{
              // ERROR
          }
          fmt.Println(res)
      }

      Response description

      type BucketGetPolicyResult BucketPutPolicyOptions
      // For details, see `BucketPutPolicyOptions`.

      Deleting a bucket policy

      Feature description

      This API (DELETE Bucket policy) is used to delete the permission policy of a bucket.

      Method prototype

      func (s *BucketService) DeletePolicy(ctx context.Context) (*Response, error)

      Sample request

      package main
      
      import (
          "context"
          "github.com/tencentyun/cos-go-sdk-v5"
          "net/http"
          "net/url"
          "os"
      )
      
      func main(){
          // Bucket name in the format of `BucketName-APPID` (`APPID` is required), which can be viewed in the COS console at https://console.tencentcloud.com/cos5/bucket.
          // Replace it with your region, which can be viewed in the COS console at https://console.tencentcloud.com/. For more information about regions, visit https://www.tencentcloud.com/document/product/436/6224.
          u, _ := url.Parse("https://examplebucket-1250000000.cos.ap-guangzhou.myqcloud.com")
          b := &cos.BaseURL{BucketURL: u}
          client := cos.NewClient(b, &http.Client{
              Transport: &cos.AuthorizationTransport{
                  // Get the key from environment variables
                  // Environment variable `SECRETID` refers to the user's `SecretId`, which can be viewed in the CAM console at https://console.tencentcloud.com/cam/capi.
                  SecretID: os.Getenv("SECRETID"),  // User `SecretId`. We recommend you use a sub-account key and follow the principle of least privilege to reduce risks. For information about how to obtain a sub-account key, visit https://www.tencentcloud.com/document/product/598/37140?from_cn_redirect=1.
                  // Environment variable `SECRETKEY` refers to the user's `SecretKey`, which can be viewed in the CAM console at https://console.tencentcloud.com/cam/capi.
                  SecretKey: os.Getenv("SECRETKEY"),  // User `SecretKey`. We recommend you use a sub-account key and follow the principle of least privilege to reduce risks. For information about how to obtain a sub-account key, visit  https://www.tencentcloud.com/document/product/598/37140?from_cn_redirect=1.
              },
          })
          _, err := client.Bucket.DeletePolicy(context.Background())
          if err != nil{
              // ERROR
          }
      }
      
      Contact Us

      Contact our sales team or business advisors to help your business.

      Contact Us
      Technical Support

      Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

      Submit a Ticket
      7x24 Phone Support
      Copyright © 2013-2024 Tencent Cloud. All Rights Reserved.
      Privacy PolicyLegalCookie Policy