The bucket-policy command is used to add, modify, query, or delete bucket policy configurations for a bucket.

Note
  • The commands described in this topic apply to Linux. To use the commands in other systems, replace ./ossutil in the command with the actual executable program name. For example, you can use the help command in 32-bit Windows systems by running ossutil32.exe help.
  • For more information about bucket policies, see Bucket policy.

Command syntax

  • Add or modify bucket policy configurations
    ./ossutil bucket-policy --method put oss://bucket local_json_file [options]
    ossutil reads the local_json_file configuration file. If the bucket has no bucket policy configurations, ossutil writes the configurations to this configuration file. If the bucket has bucket policy configurations, new configurations will overwrite the existing configurations.
    Note The local_json_file configuration file is in the JSON format as follows:
     {
         "Version": "1",
         "Statement": [
             {
                 "Effect": "Allow",
                 "Action": [
                     "ram:ListObjects"
                 ],
                 "Principal": [
                     "1234567"
                 ],
                 "Resource": [
                     "*"
                 ],
                 "Condition": {}
             }
         ]
    }
  • Query bucket policy configurations
    ./ossutil bucket-policy --method get oss://bucket [local_json_file] [options]
    The local_json_file parameter specifies the name of the configuration file. If this parameter is specified, bucket policy configurations will be saved as a local file. If this parameter is not specified, ossutil displays the bucket policy configurations.
  • Delete bucket policy configurations
    ./ossuitl bucket-policy --method delete oss://bucket [options]

Examples

  • Add bucket policies to allow anonymous users with specified IP addresses to access all resources in a bucket
    ./ossutil bucket-policy --method put oss://bucket1 /file/policy.json
    The content of the policy.json configuration file is as follows:
    {
    "Version": "1",
    "Statement": [
            {
                "Action": [
                    "oss:*"
                ],
                "Effect": "Allow",
                "Principal": [
                    "*"
               ],
                "Resource": [
                    "acs:oss:*:174649585760****:bucket1",
                    "acs:oss:*:174649585760****:bucket1/*"
                ],
                "Condition": {
                    "IpAddress": {
                        "acs:SourceIp": [
                            "10.10.10.10"
                        ]
                    }
                }
            }
        ]
    }
  • Query bucket policy configurations
    ./ossutil bucket-policy --method get oss://bucket1
    {
        "Version": "1",
        "Statement": [
            {
                "Action": [
                    "oss:*"
                ],
                "Effect": "Allow",
                "Principal": [
                    "*"
                ],
                "Resource": [
                    "acs:oss:*:174649585760****:bucket1",
                    "acs:oss:*:174649585760****:bucket1/*"
                ],
                "Condition": {
                    "IpAddress": {
                        "acs:SourceIp": [
                            "10.10.10.10"
                        ]
                    }
                }
            }
        ]
    }
  • Delete bucket policy configurations
    ./ossutil bucket-policy --method delete oss://bucket1

Common options

The following table describes the options you can add to the bucket-policy command.
Option Description 
--method Specifies the HTTP request method. Valid values:
  • put: adds or modifies bucket policy configurations.
  • get: queries bucket policy configurations.
  • delete: deletes bucket policy configurations.
--loglevel Specifies the log level. The default value is null, indicating that no log files are generated. Valid values:
  • info: generates prompt logs.
  • debug: generates detailed logs that contain corresponding HTTP request and response information.
--proxy-host Specifies the URL of the proxy server. HTTP, HTTPS, and SOCKS5 proxies are supported. An example of the URL is https://120.79. **.**:3128 or socks5://120.79. ***. **:1080.
--proxy-user Specifies the username for the proxy server. The default value is null.
--proxy-pwd Specifies the password for the proxy server. The default value is null.
Note For more information about common options, see View options.