The bucket-policy command is used to add, modify, query, or delete bucket policy configurations for a bucket.

Note For more information about bucket policies, see Bucket policy.

Command syntax

  • Add or modify bucket policy configurations
    ./ossutil bucket-policy --method put oss://bucket local_json_file [options]
    ossutil reads the local_json_file configuration file. If the bucket has no bucket policy configurations, ossutil writes the configurations to this configuration file. If the bucket has bucket policy configurations, new configurations will overwrite the existing configurations.
    Note The local_json_file configuration file is in the JSON format as follows:
     {
         "Version": "1",
         "Statement": [
             {
                 "Effect": "Allow",
                 "Action": [
                     "ram:ListObjects"
                 ],
                 "Principal": [
                     "1234567"
                 ],
                 "Resource": [
                     "*"
                 ],
                 "Condition": {}
             }
         ]
    }
  • Obtain bucket policy configurations
    ./ossutil bucket-policy --method get oss://bucket [local_json_file] [options]
    The local_json_file parameter specifies the name of the configuration file. If this parameter is specified, bucket policy configurations will be saved as a local file. If this parameter is not specified, ossutil displays the bucket policy configurations.
  • Delete bucket policy configurations
    ./ossuitl bucket-policy --method delete oss://bucket [options]

Examples

  • Add bucket policies to allow anonymous users with specified IP addresses to access all resources in a bucket
    ./ossutil bucket-policy --method put oss://bucket1 /file/policy.json
    The content of the policy.json configuration file is as follows:
    {
    "Version": "1",
    "Statement": [
            {
                "Action": [
                    "oss:*"
                ],
                "Effect": "Allow",
                "Principal": [
                    "*"
               ],
                "Resource": [
                    "acs:oss:*:174649585760****:bucket1",
                    "acs:oss:*:174649585760****:bucket1/*"
                ],
                "Condition": {
                    "IpAddress": {
                        "acs:SourceIp": [
                            "10.10.10.10"
                        ]
                    }
                }
            }
        ]
    }
  • Obtain bucket policy configurations
    ./ossutil.exe bucket-policy --method get oss://bucket1
    {
        "Version": "1",
        "Statement": [
            {
                "Action": [
                    "oss:*"
                ],
                "Effect": "Allow",
                "Principal": [
                    "*"
                ],
                "Resource": [
                    "acs:oss:*:174649585760****:bucket1",
                    "acs:oss:*:174649585760****:bucket1/*"
                ],
                "Condition": {
                    "IpAddress": {
                        "acs:SourceIp": [
                            "10.10.10.10"
                        ]
                    }
                }
            }
        ]
    }
  • Delete bucket policy configurations
    ./ossutil.exe bucket-policy --method delete oss://bucket1

Common options

The following table describes the options you can add to the bucket-policy command.
Option Description
--method Specifies the HTTP request method. Valid values:
  • put: adds or modifies bucket policy configurations.
  • get: obtains bucket policy configurations.
  • delete: deletes bucket policy configurations.
--loglevel Specifies the log level. The default value is null, indicating that no log files are generated. Valid values:
  • info: generates prompt logs.
  • debug: generates detailed logs that contain corresponding HTTP request and response information.
--proxy-host Specifies the URL of the proxy server. HTTP, HTTPS, and SOCKS5 are supported. An example of the URL is https://120.79.**.**:3128 or socks5://120.79.**.**:1080.
--proxy-user Specifies the username of the proxy server. The default value is null.
--proxy-pwd Specifies the password of the proxy server. The default value is null.
Note For more information about common options, see View all supported options.