API | Operation | Description |
Setting a bucket policy | Sets a permission policy for the specified bucket | |
Querying bucket policy | Queries the permission policy of the specified bucket | |
Deleting bucket policies | Deletes the permission policies of a specified bucket |
put_bucket_policy(Bucket, Policy, **kwargs)
# -*- coding=utf-8from qcloud_cos import CosConfigfrom qcloud_cos import CosS3Clientimport sysimport osimport logging# In most cases, set the log level to INFO. If you need to debug, you can set it to DEBUG and the SDK will print information about the communication with the server.logging.basicConfig(level=logging.INFO, stream=sys.stdout)# 1. Set user attributes such as secret_id, secret_key, and region. Appid has been removed from CosConfig and thus needs to be specified in Bucket, which is formatted as BucketName-Appid.secret_id = os.environ['COS_SECRET_ID'] # User `SecretId`. We recommend you use a sub-account key and follow the principle of least privilege to reduce risks. For information about how to obtain a sub-account key, visit https://www.tencentcloud.com/document/product/598/37140?from_cn_redirect=1.secret_key = os.environ['COS_SECRET_KEY'] # User `SecretKey`. We recommend you use a sub-account key and follow the principle of least privilege to reduce risks. For information about how to obtain a sub-account key, visit https://www.tencentcloud.com/document/product/598/37140?from_cn_redirect=1.region = 'ap-beijing' # Replace it with the actual region, which can be viewed in the console at https://console.tencentcloud.com/cos5/bucket.# For the list of regions supported by COS, see https://www.tencentcloud.com/document/product/436/6224?from_cn_redirect=1.token = None # Token is required for temporary keys but not permanent keys. For more information about how to generate and use a temporary key, see https://www.tencentcloud.com/document/product/436/14048?from_cn_redirect=1.scheme = 'https' # Specify whether to use HTTP or HTTPS protocol to access COS. This field is optional and is `https` by default.config = CosConfig(Region=region, SecretId=secret_id, SecretKey=secret_key, Token=token, Scheme=scheme)client = CosS3Client(config)response = client.put_bucket_policy(Bucket='examplebucket-1250000000',Policy={"Statement":[{"Principal":{"qcs":["qcs::cam::uin/100000000001:uin/100000000011"]},"Effect": "allow","Action":["name/cos:GetBucket"],"Resource":["qcs::cos:ap-guangzhou:uid/1250000000:examplebucket-1250000000/*"],"condition":{"ip_equal":{"qcs:ip": "10.121.2.10/24"}}}],"version": "2.0"})
Parameter | Description | Type | Required |
Bucket | Bucket name in the format of BucketName-APPID | String | Yes |
Statement | Detailed information about one or more permissions | Struct | Yes |
Principal | Specifies the entity to which the permission is granted. For more information, see Access Policy Language Overview | Dict | Yes |
Effect | Allow or deny | String | Yes |
Action | COS API. You can specify one, several, or all ( * ) COS APIs as needed, e.g. name/cos:GetService . Note that this value is case-sensitive. | List | Yes |
Resource | Specifies the resource for which permission is granted. It can be any resource, a resource in a path with a specified prefix, a resource in a specified absolute path, or a combination thereof. | List | Yes |
Condition | (Optional) Specifies the rule condition. For more information, see condition | List | No |
None
.get_bucket_policy(Bucket, **kwargs)
# -*- coding=utf-8from qcloud_cos import CosConfigfrom qcloud_cos import CosS3Clientimport sysimport osimport loggingimport json# In most cases, set the log level to INFO. If you need to debug, you can set it to DEBUG and the SDK will print information about the communication with the server.logging.basicConfig(level=logging.INFO, stream=sys.stdout)# 1. Set user attributes such as secret_id, secret_key, and region. Appid has been removed from CosConfig and thus needs to be specified in Bucket, which is formatted as BucketName-Appid.secret_id = os.environ['COS_SECRET_ID'] # User `SecretId`. We recommend you use a sub-account key and follow the principle of least privilege to reduce risks. For information about how to obtain a sub-account key, visit https://www.tencentcloud.com/document/product/598/37140?from_cn_redirect=1.secret_key = os.environ['COS_SECRET_KEY'] # User `SecretKey`. We recommend you use a sub-account key and follow the principle of least privilege to reduce risks. For information about how to obtain a sub-account key, visit https://www.tencentcloud.com/document/product/598/37140?from_cn_redirect=1.region = 'ap-beijing' # Replace it with the actual region, which can be viewed in the console at https://console.tencentcloud.com/cos5/bucket.# For the list of regions supported by COS, see https://www.tencentcloud.com/document/product/436/6224?from_cn_redirect=1.token = None # Token is required for temporary keys but not permanent keys. For more information about how to generate and use a temporary key, see https://www.tencentcloud.com/document/product/436/14048?from_cn_redirect=1.scheme = 'https' # Specify whether to use HTTP or HTTPS protocol to access COS. This field is optional and is `https` by default.config = CosConfig(Region=region, SecretId=secret_id, SecretKey=secret_key, Token=token, Scheme=scheme)client = CosS3Client(config)response = client.get_bucket_policy(Bucket='examplebucket-1250000000',)policy = json.loads(response['Policy'])
Parameter | Description | Type | Required |
Bucket | Bucket name in the format of BucketName-APPID | String | Yes |
dict
type, which contains a key-value pair, where key
is the 'Policy'
string, and the value is a JSON string that represents the specific permission policy and can be converted to dict
through json.loads()
.{"Statement":[{"Principal":{"qcs":["qcs::cam::uin/100000000001:uin/100000000011"]},"Effect": "allow","Action":["name/cos:GetBucket"],"Resource":["qcs::cos:ap-guangzhou:uid/1250000000:examplebucket-1250000000/*"],"condition":{"ip_equal":{"qcs:ip": "10.121.2.10/24"}}}],"version": "2.0"}
Parameter | Description | Type |
Statement | Specifies one or more permissions | List |
Principal | Specifies the entity to which the permission is granted. For more information, see Access Policy Language Overview | Dict |
version | The policy syntax version. The default is 2.0. | String |
Effect | Allow or explicitly deny | String |
Action | COS API. You can specify one, several, or all ( * ) COS APIs as needed, e.g. name/cos:GetService . Note that this value is case-sensitive. | List |
Resource | Specifies the resource for which permission is granted. It can be any resource, a resource in a path with a specified prefix, a resource in a specified absolute path, or a combination thereof. | List |
Condition | (Optional) Specifies the rule condition. For more information, see condition | List |
delete_bucket_policy(Bucket, **kwargs)
# -*- coding=utf-8from qcloud_cos import CosConfigfrom qcloud_cos import CosS3Clientimport sysimport osimport logging# In most cases, set the log level to INFO. If you need to debug, you can set it to DEBUG and the SDK will print information about the communication with the server.logging.basicConfig(level=logging.INFO, stream=sys.stdout)# 1. Set user attributes such as secret_id, secret_key, and region. Appid has been removed from CosConfig and thus needs to be specified in Bucket, which is formatted as BucketName-Appid.secret_id = os.environ['COS_SECRET_ID'] # User `SecretId`. We recommend you use a sub-account key and follow the principle of least privilege to reduce risks. For information about how to obtain a sub-account key, visit https://www.tencentcloud.com/document/product/598/37140?from_cn_redirect=1.secret_key = os.environ['COS_SECRET_KEY'] # User `SecretKey`. We recommend you use a sub-account key and follow the principle of least privilege to reduce risks. For information about how to obtain a sub-account key, visit https://www.tencentcloud.com/document/product/598/37140?from_cn_redirect=1.region = 'ap-beijing' # Replace it with the actual region, which can be viewed in the console at https://console.tencentcloud.com/cos5/bucket.# For the list of regions supported by COS, see https://www.tencentcloud.com/document/product/436/6224?from_cn_redirect=1.token = None # Token is required for temporary keys but not permanent keys. For more information about how to generate and use a temporary key, see https://www.tencentcloud.com/document/product/436/14048?from_cn_redirect=1.scheme = 'https' # Specify whether to use HTTP or HTTPS protocol to access COS. This field is optional and is `https` by default.config = CosConfig(Region=region, SecretId=secret_id, SecretKey=secret_key, Token=token, Scheme=scheme)client = CosS3Client(config)response = client.delete_bucket_policy(Bucket='examplebucket-1250000000',)
Parameter | Description | Type | Required |
Bucket | Bucket name in the format of BucketName-APPID | String | Yes |
None
.
Was this page helpful?