tencent cloud

All product documents
Cloud Object Storage
DocumentationCloud Object StorageSDK DocumentationC++ SDKCloud Access ManagementBucket Policy
Bucket Policy
Download PDF
Last updated: 2024-02-02 12:12:58
Bucket Policy
Last updated: 2024-02-02 12:12:58
Download PDF

Overview

This document provides an overview of APIs and SDK code samples related to bucket policies.
API
Operation
Description
Setting a bucket policy
Sets a permission policy for the specified bucket
Querying bucket policy
Queries the permission policy of the specified bucket
Deleting a bucket policy
Deletes the permission policy of a specified bucket

Setting a bucket policy

Feature description

This API (PUT Bucket policy) is used to write a permission policy for a bucket. The policy passed in this API will overwrite the existing one (if any) in the bucket.

Method prototype

CosResult PutBucketPolicy(const PutBucketPolicyReq& req, PutBucketPolicyResp* resp)

Sample request

qcloud_cos::CosConfig config("./config.json");
qcloud_cos::CosAPI cos(config);

std::string bucket_name = "examplebucket-1250000000"; // Replace it with your bucket name, which is in the format of BucketName-APPID (APPID is required). It can be viewed in the COS console at https://console.cloud.tencent.com/cos5/bucket.

qcloud_cos::PutBucketPolicyReq req(bucket_name);
qcloud_cos::PutBucketPolicyResp resp;
std::string bucket_policy = 
"  {"
"    \"Statement\": ["
"      {"
"        \"Principal\": {"
"          \"qcs\": ["
"            \"qcs::cam::uin/100000000001:uin/100000000011\"" // Replace with the UIN of the account to be granted the permission.
"          ]\n"
"        },\n"
"        \"Effect\": \"allow\","
"        \"Action\": ["
"          \"cos:PutObject\""
"        ],\n"
"        \"Resource\": [" // Change it to the allowed path prefix (such as "a.jpg", "a/*", or "*"). You can determine the upload path based on your login status. (Keep in mind that using asterisks (*) could bring high risks.)
"          \"qcs::cos:ap-guangzhou:uid/1250000000:examplebucket-1250000000/exampleobject\""
"        ],\n"
"        \"Condition\": {"
"          \"string_equal\": {"
"            \"cos:x-cos-mime-limit\": \"image/jpeg\""
"          }"
"        }"
"      }"
"    ],"
"    \"Version\": \"2.0\""
"  }";

req.SetBody(bucket_policy);
qcloud_cos::CosResult result = cos.PutBucketPolicy(req, &resp);

if (result.IsSucc()) {
    // ...
} else {
    // You can call the CosResult member functions to output the error information, such as requestID
}

Parameter description

Parameter
Description
Required
Statement
Specifies one or more permissions
Yes
Version
The policy syntax version. Default value: 2.0
Yes
Principal
Entity to which the permission is granted. For more information, see Access Policy Language Overview
Yes
Action
COS API. You can specify one, several, or all (*) COS APIs as needed. An example value is name/cos:GetService. Note that this parameter is case-sensitive.
Yes
Effect
allow or deny
Yes
Resource
Specific data authorized to be operated on. It can be any resource, a resource in a path with a specified prefix, a resource in a specified absolute path, or a combination thereof.
Yes
Condition
Condition (this value is optional). For more information, see Condition
No

Querying a bucket policy

Feature description

This API (GET Bucket policy) is used to read the permission policy of a bucket.

Method prototype

CosResult GetBucketPolicy(const GetBucketPolicyReq& req, GetBucketPolicyResp* resp)

Sample request

qcloud_cos::CosConfig config("./config.json");
qcloud_cos::CosAPI cos(config);

std::string bucket_name = "examplebucket-1250000000"; // Replace it with your bucket name, which is in the format of BucketName-APPID (APPID is required). It can be viewed in the COS console at https://console.cloud.tencent.com/cos5/bucket.

qcloud_cos::GetBucketPolicyReq req(bucket_name);
qcloud_cos::GetBucketPolicyResp resp;
qcloud_cos::CosResult result = cos.GetBucketPolicy(req, &resp);

// The call is successful. You can call the resp member functions to get the return content.
if (result.IsSucc()) {
    // ...
} else {
    // You can call the CosResult member functions to output the error information, such as requestID
}

Response description

GetBucketPolicyResp provides the following member functions to obtain the Policy content returned by Get Bucket Policy.
std::string resp.GetPolicy()

Deleting a bucket policy

Feature description

This API (DELETE Bucket policy) is used to delete the permission policy of a bucket.

Method prototype

CosResult DeleteBucketPolicy(const DeleteBucketPolicyReq& req, DeleteBucketPolicyResp* resp)

Sample request

qcloud_cos::CosConfig config("./config.json");
qcloud_cos::CosAPI cos(config);

std::string bucket_name = "examplebucket-1250000000"; // Replace it with your bucket name, which is in the format of BucketName-APPID (APPID is required). It can be viewed in the COS console at https://console.cloud.tencent.com/cos5/bucket.

qcloud_cos::DeleteBucketPolicyReq req(bucket_name);
qcloud_cos::DeleteBucketPolicyResp resp;
qcloud_cos::CosResult result = cos.DeleteBucketPolicy(req, &resp);

if (result.IsSucc()) {
    // ...
} else {
    // You can call the CosResult member functions to output the error information, such as requestID
} 


Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No

Feedback

Contact Us

Contact our sales team or business advisors to help your business.

Contact Us
Technical Support

Open a ticket if you're looking for further assistance. Our Ticket is 7x24 available.

Submit a Ticket
7x24 Phone Support
Hong Kong, China
+852 800 906 020 (Toll Free)
United States
+1 844 606 0804 (Toll Free)
United Kingdom
+44 808 196 4551 (Toll Free)
Canada
+1 888 605 7930 (Toll Free)
Australia
+61 1300 986 386 (Toll Free)
EdgeOne hotline
+852 300 80699
More local hotlines coming soon