All Products
Search

This Product

    Object Storage Service:Block public access to OSS resources at the access point level

    Document Center

    Object Storage Service:Block public access to OSS resources at the access point level

    Last Updated:Feb 27, 2025

    This topic describes how to manage public access blocking configurations at the access point level by using OSS SDK for Go V2.

    Notes

    • The sample code in this topic uses the region ID cn-hangzhou of the China (Hangzhou) region. By default, the public endpoint is used to access resources in a bucket. If you want to access resources in the bucket by using other Alibaba Cloud services in the same region in which the bucket is located, use an internal endpoint. For more information about the regions and endpoints supported by Object Storage Service (OSS), see OSS regions and endpoints.

    • In this topic, access credentials are obtained from environment variables. For more information about how to configure access credentials, see Configure access credentials.

    Sample code

    Enable block public access for an access point

    The following code provides an example of how to enable block public access for an access point.

    package main

import (
	"context" 
	"flag"    
	"log"    

	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss"           // Import the OSS SDK package.
	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/credentials" // Import the package for processing authentication information.
)

var (
	region     string // Define a variable to store the region information obtained from the command line.
	bucketName string // Define a variable to store the bucket name obtained from the command line.
)
 
func init() {
	// Set the command line parameter to specify the region. This parameter is left empty by default.
	flag.StringVar(&region, "region", "", "The region in which the bucket is located.")
	// Set the command line parameter to specify the name of the bucket. This parameter is left empty by default.
	flag.StringVar(&bucketName, "bucket", "", "The name of the bucket.")
}

func main() {
	flag.Parse() // Parse command line parameters.

	// Define the access point name, which is hardcoded as "access point name" in this example. In actual scenarios, this value should be set according to the actual business requirements or passed through command line parameters.
	var accessPointName = "access point name"

	// Check if the name of the bucket is specified. If not, the program prints an error message indicating that this parameter is required and terminates.
	if len(bucketName) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, bucket name required") // Log the error message and terminate the program.
	}

	// Check if the region information is provided. If not, the program prints an error message indicating that this parameter is required and terminates.
	if len(region) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, region required") // Log the error message and terminate the program.
	}

	// Create a configuration object, load the credential provider from environment variables and specify the region.
	cfg := oss.LoadDefaultConfig().
		WithCredentialsProvider(credentials.NewEnvironmentVariableCredentialsProvider()).
		WithRegion(region)

	client := oss.NewClient(cfg) // Create a new OSS client instance using the configurations.

	// Create a PutAccessPointPublicAccessBlock request to configure block public access settings for a specific access point.
	request := &oss.PutAccessPointPublicAccessBlockRequest{
		Bucket:          oss.Ptr(bucketName), // Specify the name of the bucket.
		AccessPointName: oss.Ptr(accessPointName), // Specify the name of the access point.
		PublicAccessBlockConfiguration: &oss.PublicAccessBlockConfiguration{
			oss.Ptr(true), // Enable block public access.
		},
	}
	putResult, err := client.PutAccessPointPublicAccessBlock(context.TODO(), request) // Send the request to configure block public access settings for the access point.
	if err != nil {
		log.Fatalf("failed to put access point public access block %v", err) // If an error occurs, record the error message and exit.
	}

	log.Printf("put access point public access block result:%#v\n", putResult) // Display the result.
}

    Query public access blocking configurations for an access point

    The following code provides an example of how to query public access blocking configurations for an access point.

    package main

import (
	"context" 
	"flag"   
	"log"   

	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss"           // Import the OSS SDK package.
	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/credentials" // Import the package for processing authentication information.
)

var (
	region     string // Define a variable to store the region information obtained from the command line.
	bucketName string // Define a variable to store the bucket name obtained from the command line.
)


func init() {
	// Set command line parameters to specify the region. This parameter is left empty by default.
	flag.StringVar(&region, "region", "", "The region in which the bucket is located.")
	// Set command line parameters to specify the bucket name. This parameter is left empty by default.
	flag.StringVar(&bucketName, "bucket", "", "The name of the bucket.")
}

func main() {
	flag.Parse() // Parse command line parameters.

	// Define the access point name, which is hardcoded as "access point name" in this example. In actual scenarios, this value should be set according to the actual business requirements or by other means.
	var accessPointName = "access point name"

	// Check if the name of the bucket is specified. If not, the program prints an error message indicating that this parameter is required and terminates.
	if len(bucketName) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, bucket name required") // Log the error message and terminate the program.
	}

	// Check if the region information is specified. If not, the program prints an error message indicating that this parameter is required and terminates.
	if len(region) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, region required") // Log the error message and terminate the program.
	}

	// Create a configuration object, load the credential provider from environment variables and specify the region.
	cfg := oss.LoadDefaultConfig().
		WithCredentialsProvider(credentials.NewEnvironmentVariableCredentialsProvider()).
		WithRegion(region)

	client := oss.NewClient(cfg) // Create a new OSS client instance using the configurations.

	// Create a GetAccessPointPublicAccessBlock request to query public access blocking configurations for the specific access point.
	request := &oss.GetAccessPointPublicAccessBlockRequest{
		Bucket:          oss.Ptr(bucketName), // Specify the name of the bucket.
		AccessPointName: oss.Ptr(accessPointName), // Specify the name of the access point.
	}
	getResult, err := client.GetAccessPointPublicAccessBlock(context.TODO(), request) // Make the query request.
	if err != nil {
		log.Fatalf("failed to get access point public access block %v", err) // If an error occurs, record the error message and terminate the program.
	}

	log.Printf("get access point public access block result:%#v\n", getResult) // Display the result.
}

    Delete public access blocking configurations for an access point

    The following code provides an example of how to delete public access blocking configurations for an access point.

    package main

import (
	"context" // Used to manage contexts with features such as deadlines and cancellation signals.
	"flag"    // Used to parse command line parameters.
	"log"     // Used to print log information.

	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss"           // Import the OSS SDK package.
	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/credentials" // Import the package for processing authentication information.
)

var (
	region     string // Define a variable to store the region information obtained from the command line.
	bucketName string // Define a variable to store the bucket name obtained from the command line.
)

// The init function is executed before the main function to initialize the program.
func init() {
	// Set command line parameters to specify the region. This parameter is left empty by default.
	flag.StringVar(&region, "region", "", "The region in which the bucket is located.")
	// Set command line parameters to specify the name of the bucket. This parameter is left empty by default.
	flag.StringVar(&bucketName, "bucket", "", "The name of the bucket.")
}

// The main function serves as the entry point of the program.
func main() {
	flag.Parse() // Parse command line parameters.

	// Define the access point name, which is hardcoded as "access point name" in this example. In actual scenarios, this value should be set according to the actual business requirements or by other means.
	var accessPointName = "access point name"

	// Check if the name of the bucket is specified. If not, the program prints an error message indicating that this parameter is required and terminates.
	if len(bucketName) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, bucket name required") // Log the error message and terminate the program.
	}

	// Check if the region information is specified. If not, the program outputs default parameters and terminates.
	if len(region) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, region required") // Log the error message and terminate the program.
	}

	// Create a configuration object, load the credential provider from environment variables and specify the region.
	cfg := oss.LoadDefaultConfig().
		WithCredentialsProvider(credentials.NewEnvironmentVariableCredentialsProvider()).
		WithRegion(region)

	client := oss.NewClient(cfg) // Create a new OSS client instance using the configurations.

	// Create a DeleteAccessPointPublicAccessBlock request to delete the public access blocking configurations for the specific access point.
	request := &oss.DeleteAccessPointPublicAccessBlockRequest{
		Bucket:          oss.Ptr(bucketName), // Specify the name of the bucket.
		AccessPointName: oss.Ptr(accessPointName), // Specify the name of the access point.
	}
	deleteResult, err := client.DeleteAccessPointPublicAccessBlock(context.TODO(), request) // Send the request to delete the public access blocking configurations.
	if err != nil {
		log.Fatalf("failed to delete access point public access block %v", err) // If an error occurs, record the error message and terminate the program.
	}

	log.Printf("delete access point public access block result:%#v\n", deleteResult) // Display the result.
}

    References

    • For the complete sample code used to manage public access blocking configurations for access points, see Github example.

    • For more information about the API operation that you can call to enable block public access for an access point, see PutAccessPointPublicAccessBlock.

    • For more information about the API operation that you can call to query public access blocking configurations for an access point, see GetAccessPointPublicAccessBlock.

    • For more information about the API operation that you can call to delete public access blocking configurations for an access point, see DeleteAccessPointPublicAccessBlock.