All Products
Search

This Product

    Object Storage Service:Manage public access blocking configurations for buckets

    Document Center

    Object Storage Service:Manage public access blocking configurations for buckets

    Last Updated:Feb 27, 2025

    This topic describes how to manage public access blocking configurations for buckets by using OSS SDK for Go V2.

    Notes

    • The sample code in this topic uses the region ID cn-hangzhou of the China (Hangzhou) region. By default, the public endpoint is used to access resources in a bucket. If you want to access resources in the bucket by using other Alibaba Cloud services in the same region in which the bucket is located, use an internal endpoint. For more information about the regions and endpoints supported by Object Storage Service (OSS), see OSS regions and endpoints.

    • In this topic, access credentials are obtained from environment variables. For more information about how to configure access credentials, see Configure access credentials.

    Sample code

    Enable block public access for a bucket

    The following code provides an example of how to enable block public access for a bucket.

    package main

import (
	"context" 
	"flag"    
	"log"     

	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss"           // Import the OSS SDK package.
	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/credentials" // Import the package for processing authentication information.
)

var (
	region     string // Define a variable to store the region information obtained from the command line.
	bucketName string // Define a variable to store the bucket name obtained from the command line.
)

// The init function is executed before the main function to initialize the program.
func init() {
	// Set the command line parameter to specify the region. This parameter is left empty by default.
	flag.StringVar(&region, "region", "", "The region in which the bucket is located.")
	// Set the command line parameter to specify the bucket name. This parameter is left empty by default.
	flag.StringVar(&bucketName, "bucket", "", "The name of the bucket.")
}

func main() {
	flag.Parse() // Parse command line parameters.

	// Check if the bucket name is specified. If not, the program outputs default parameters and terminates.
	if len(bucketName) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, bucket name required") // Log the error message and terminate the program.
	}

	// Check if the region information is specified. If not, the program outputs default parameters and terminates.
	if len(region) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, region required") // Log the error message and terminate the program.
	}

	// Create a configuration object, load the credential provider from environment variables and specify the region.
	cfg := oss.LoadDefaultConfig().
		WithCredentialsProvider(credentials.NewEnvironmentVariableCredentialsProvider()).
		WithRegion(region)

	client := oss.NewClient(cfg) // Create a new OSS client using the configurations.

	// Create a PutBucketPublicAccessBlock request to configure block public access for a bucket.
	request := &oss.PutBucketPublicAccessBlockRequest{
		Bucket: oss.Ptr(bucketName), // Specify the name of the bucket.
		PublicAccessBlockConfiguration: &oss.PublicAccessBlockConfiguration{
			oss.Ptr(true), // Enable block public access.
		},
	}
	putResult, err := client.PutBucketPublicAccessBlock(context.TODO(), request) // Process the request.
	if err != nil {
		log.Fatalf("failed to put bucket public access block %v", err) // If an error occurs, record the error message and terminate the program.
	}

	log.Printf("put bucket public access block result:%#v\n", putResult) // Display the result.
}

    Query public access blocking configurations for a bucket

    The following code provides an example of how to query public access blocking configurations for a bucket.

    package main

import (
	"context" 
	"flag"    
	"log"     

	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss"           // Import the OSS SDK package.
	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/credentials" // Import the package for processing authentication information.
)

var (
	region     string // Define a variable to store the region information obtained from the command line.
	bucketName string // Define a variable to store the bucket name obtained from the command line.
)

// The init function is executed before the main function to initialize the program.
func init() {
	// Set command line parameters to specify the region. This parameter is left empty by default.
	flag.StringVar(&region, "region", "", "The region in which the bucket is located.")
	// Set command line parameters to specify the bucket name. This parameter is left empty by default.
	flag.StringVar(&bucketName, "bucket", "", "The name of the bucket.")
}

func main() {
	flag.Parse() // Parse command line parameters.

	// Check if the bucket name is specified. If not, the program outputs default parameters and terminates.
	if len(bucketName) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, bucket name required") // Log the error message and terminate the program.
	}

	// Check if the region information is specified. If not, the program outputs default parameters and terminates.
	if len(region) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, region required") // Log the error message and terminate the program.
	}

	// Create a configuration object, load the credential provider from environment variables and specify the region.
	cfg := oss.LoadDefaultConfig().
		WithCredentialsProvider(credentials.NewEnvironmentVariableCredentialsProvider()).
		WithRegion(region)

	client := oss.NewClient(cfg) // Create a new OSS client instance using the configurations.

	// Create a GetBucketPublicAccessBlock request to query block public access configurations.
	request := &oss.GetBucketPublicAccessBlockRequest{
		Bucket: oss.Ptr(bucketName), // Specify the name of the bucket.
	}
	getResult, err := client.GetBucketPublicAccessBlock(context.TODO(), request) // Process the request.
	if err != nil {
		log.Fatalf("failed to get bucket public access block %v", err) // If an error occurs, record the error message and terminate the program.
	}

	log.Printf("get bucket public access block result:%#v\n", getResult) // Display the result.
}

    Delete public access blocking configurations for a bucket

    The following code provides an example of how to delete public access blocking configurations for a bucket.

    package main

import (
	"context" 
	"flag"   
	"log"  

	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss"           // Import the OSS SDK package.
	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/credentials" // Import the package for processing authentication information.
)

var (
	region     string // Define a variable to store the region information obtained from the command line.
	bucketName string // Define a variable to store the bucket name obtained from the command line.
)

// The init function is executed before the main function to initialize the program.
func init() {
	// Set command line parameters to specify the region. This parameter is left empty by default.
	flag.StringVar(&region, "region", "", "The region in which the bucket is located.")
	// Set command line parameters to specify the bucket name. This parameter is left empty by default.
	flag.StringVar(&bucketName, "bucket", "", "The name of the bucket.")
}


func main() {
	flag.Parse() // Parse command line parameters.

	// Check if the bucket name is specified. If not, the program outputs default parameters and terminates.
	if len(bucketName) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, bucket name required") // Log the error message and terminate the program.
	}

	// Check if the region information is specified. If not, the program outputs default parameters and terminates.
	if len(region) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, region required") // Log the error message and terminate the program.
	}

	// Create a configuration object, load the credential provider from environment variables and specify the region.
	cfg := oss.LoadDefaultConfig().
		WithCredentialsProvider(credentials.NewEnvironmentVariableCredentialsProvider()).
		WithRegion(region)

	client := oss.NewClient(cfg) // Create a new OSS client instance using the configurations.

	// Create a DeleteBucketPublicAccessBlock request to delete the block public access configurations.
	request := &oss.DeleteBucketPublicAccessBlockRequest{
		Bucket: oss.Ptr(bucketName), // Specify the name of the bucket.
	}
	result, err := client.DeleteBucketPublicAccessBlock(context.TODO(), request) // Process the request.
	if err != nil {
		log.Fatalf("failed to delete bucket public access block %v", err) // If an error occurs, record the error message and terminate the program.
	}

	log.Printf("delete bucket public access block result:%#v\n", result) // Display the result.
}

    References

    • For the complete sample code used to manage public access blocking configurations, see Github example.

    • For more information about the API operation that you can call to enable block public access for a bucket, see PutBucketPublicAccessBlock.

    • For more information about the API operation that you can call to query public access blocking configurations for a bucket, see GetBucketPublicAccessBlock.

    • For more information about the API operation that you can call to delete public access blocking configurations for a bucket, see DeleteBucketPublicAccessBlock.