how to use oss go sdk v2 to manage block public access at the access point level - Object Storage Service

This topic describes how to use OSS SDK for Go V2 to manage the Block Public Access feature at the access point level.

Notes

The sample code in this topic is for the China (Hangzhou) region and uses the region ID cn-hangzhou. By default, a public endpoint is used to access resources in a bucket. If you want to access resources in the bucket from other Alibaba Cloud services in the same region, use an internal endpoint. For more information about the regions and endpoints supported by Object Storage Service (OSS), see OSS regions and endpoints.
In this topic, access credentials are retrieved from environment variables. For more information about how to configure access credentials, see Configure access credentials.

Sample code

Enable Block Public Access for an access point

You can use the following code to enable Block Public Access for an access point.

package main

import (
	"context" 
	"flag"    
	"log"    

	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss"           // Import the SDK package for Alibaba Cloud OSS.
	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/credentials" // Import the package for processing authentication information.
)

var (
	region     string // Define a variable to store the region information obtained from the command line.
	bucketName string // Define a variable to store the bucket name obtained from the command line.
)
 
func init() {
	// Set the command line parameter to specify the region. This parameter is left empty by default.
	flag.StringVar(&region, "region", "", "The region in which the bucket is located.")
	// Set the command line parameter to specify the name of the bucket. This parameter is left empty by default.
	flag.StringVar(&bucketName, "bucket", "", "The name of the bucket.")
}

func main() {
	flag.Parse() // Parse command line parameters.

	// Define the access point name, which is hardcoded as "access point name" in this example. In actual scenarios, this value should be set as needed or passed through command line parameters.
	var accessPointName = "access point name"

	// Check whether the name of the bucket is specified. If not, the program prints the default parameters and terminates.
	if len(bucketName) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, bucket name required") // Log the fatal error and terminate the program.
	}

	// Check whether the region information is provided. If not, the program prints the default parameters and terminates.
	if len(region) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, region required") // Log the fatal error and terminate the program.
	}

	// Create a configuration object, and use environment variables as the credential provider and specify the region.
	cfg := oss.LoadDefaultConfig().
		WithCredentialsProvider(credentials.NewEnvironmentVariableCredentialsProvider()).
		WithRegion(region)

	client := oss.NewClient(cfg) // Create a new OSS client instance using the configuration.

	// Create a PutAccessPointPublicAccessBlock request to set the Block Public Access configuration for a specific access point.
	request := &oss.PutAccessPointPublicAccessBlockRequest{
		Bucket:          oss.Ptr(bucketName), // Specify the name of the bucket.
		AccessPointName: oss.Ptr(accessPointName), // Specify the name of the access point.
		PublicAccessBlockConfiguration: &oss.PublicAccessBlockConfiguration{
			oss.Ptr(true), // Enable the Block Public Access configuration.
		},
	}
	putResult, err := client.PutAccessPointPublicAccessBlock(context.TODO(), request) // Send the request to set Block Public Access for the access point.
	if err != nil {
		log.Fatalf("failed to put access point public access block %v", err) // If an error occurs, record the error message and terminate the program.
	}

	log.Printf("put access point public access block result:%#v\n", putResult) // Print the result of setting Block Public Access for the access point.
}

Query the Block Public Access configuration for a specific access point

You can use the following code to query the Block Public Access configuration for an access point.

package main

import (
	"context" 
	"flag"   
	"log"   

	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss"           // Import the SDK package for Alibaba Cloud OSS.
	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/credentials" // Import the package for processing authentication information.
)

var (
	region     string // Define a variable to store the region information obtained from the command line.
	bucketName string // Define a variable to store the bucket name obtained from the command line.
)


func init() {
	// Set the command line parameter to specify the region. This parameter is left empty by default.
	flag.StringVar(&region, "region", "", "The region in which the bucket is located.")
	// Set the command line parameter to specify the name of the bucket. This parameter is left empty by default.
	flag.StringVar(&bucketName, "bucket", "", "The name of the bucket.")
}

func main() {
	flag.Parse() // Parse command line parameters.

	// Define the access point name. This parameter is hardcoded as "access point name" in this example. In actual applications, you should set this parameter as needed or by other means.
	var accessPointName = "access point name"

	// Check whether the name of the bucket is specified. If not, the program prints the default parameters and terminates.
	if len(bucketName) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, bucket name required") // Log the fatal error and terminate the program.
	}

	// Check whether the region information is provided. If not, the program prints the default parameters and terminates.
	if len(region) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, region required") // Log the fatal error and terminate the program.
	}

	// Create a configuration object, and use environment variables as the credential provider and specify the region.
	cfg := oss.LoadDefaultConfig().
		WithCredentialsProvider(credentials.NewEnvironmentVariableCredentialsProvider()).
		WithRegion(region)

	client := oss.NewClient(cfg) // Create a new OSS client instance using the configuration.

	// Create a GetAccessPointPublicAccessBlock request to query the Block Public Access settings for a specific access point.
	request := &oss.GetAccessPointPublicAccessBlockRequest{
		Bucket:          oss.Ptr(bucketName), // Specify the name of the bucket to query.
		AccessPointName: oss.Ptr(accessPointName), // Specify the name of the access point to query.
	}
	getResult, err := client.GetAccessPointPublicAccessBlock(context.TODO(), request) // Execute the request to query the Block Public Access configuration for the access point.
	if err != nil {
		log.Fatalf("failed to get access point public access block %v", err) // If an error occurs, record the error message and terminate the program.
	}

	log.Printf("get access point public access block result:%#v\n", getResult) // Print the result of querying the Block Public Access configuration for the access point.
}

Delete the Block Public Access configuration for a specific access point

You can use the following code to delete the Block Public Access configuration for an access point.

package main

import (
	"context" // Used to manage contexts with features such as deadlines and cancellation signals.
	"flag"    // Used to parse command line parameters.
	"log"     // Used to print log information.

	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss"           // Import the SDK package for Alibaba Cloud OSS.
	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/credentials" // Import the package for processing authentication information.
)

var (
	region     string // Define a variable to store the region information obtained from the command line.
	bucketName string // Define a variable to store the bucket name obtained from the command line.
)

// The init function is executed before the main function to initialize the program.
func init() {
	// Set the command line parameter to specify the region. This parameter is left empty by default.
	flag.StringVar(&region, "region", "", "The region in which the bucket is located.")
	// Set the command line parameter to specify the name of the bucket. This parameter is left empty by default.
	flag.StringVar(&bucketName, "bucket", "", "The name of the bucket.")
}

// The main function serves as the entry point of the program.
func main() {
	flag.Parse() // Parse command line parameters.

	// Define the access point name. This parameter is hardcoded as "access point name" in this example. In actual applications, you should set this parameter as needed or by other means.
	var accessPointName = "access point name"

	// Check whether the name of the bucket is specified. If not, the program prints the default parameters and terminates.
	if len(bucketName) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, bucket name required") // Log the fatal error and terminate the program.
	}

	// Check whether the region information is provided. If not, the program prints the default parameters and terminates.
	if len(region) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, region required") // Log the fatal error and terminate the program.
	}

	// Create a configuration object, and use environment variables as the credential provider and specify the region.
	cfg := oss.LoadDefaultConfig().
		WithCredentialsProvider(credentials.NewEnvironmentVariableCredentialsProvider()).
		WithRegion(region)

	client := oss.NewClient(cfg) // Create a new OSS client instance using the configuration.

	// Create a DeleteAccessPointPublicAccessBlock request to delete the Block Public Access settings for a specific access point.
	request := &oss.DeleteAccessPointPublicAccessBlockRequest{
		Bucket:          oss.Ptr(bucketName), // Specify the name of the bucket.
		AccessPointName: oss.Ptr(accessPointName), // Specify the name of the access point.
	}
	deleteResult, err := client.DeleteAccessPointPublicAccessBlock(context.TODO(), request) // Send the request to delete the Block Public Access settings for the access point.
	if err != nil {
		log.Fatalf("failed to delete access point public access block %v", err) // If an error occurs, record the error message and terminate the program.
	}

	log.Printf("delete access point public access block result:%#v\n", deleteResult) // Print the result of deleting the Block Public Access settings for the access point.
}

References

For the complete sample code for managing Block Public Access for access points, see Github example.
For more information about the API operation to enable Block Public Access for an access point, see PutAccessPointPublicAccessBlock.
For more information about the API operation to query the Block Public Access configuration for an access point, see GetAccessPointPublicAccessBlock.
For more information about the API operation to delete the Block Public Access configuration for an access point, see DeleteAccessPointPublicAccessBlock.