All Products
Search

This Product

    Object Storage Service:Global Block Public Access for OSS (OSS SDK for Go V2)

    Document Center

    Object Storage Service:Global Block Public Access for OSS (OSS SDK for Go V2)

    Last Updated:Aug 05, 2025

    This topic describes how to use the OSS SDK for Go V2 to enable, query, and delete global Block Public Access configurations for OSS.

    Usage notes

    • The sample code in this topic uses the region IDcn-hangzhou for the China (Hangzhou) region. By default, a public endpoint is used to access OSS. If you want to access OSS from other Alibaba Cloud services in the same region, use an internal endpoint. For more information about the regions and endpoints that OSS supports, see OSS regions and endpoints.

    • This topic provides an example of how to read access credentials from environment variables. For more information about how to configure access credentials, see Configure access credentials.

    Sample code

    Enable global Block Public Access for OSS

    You can use the following code to enable global Block Public Access.

    package main

import (
	"context" 
	"flag"    
	"log"     

	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss"           // Import the SDK package for Alibaba Cloud OSS.
	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/credentials" // Import the package for processing authentication information.
)

var (
	region string // Define a string variable to store the region information obtained from the command line.
)

// The init function is executed before the main function to initialize the program.
func init() {
	flag.StringVar(&region, "region", "", "The region in which the bucket is located.") // Set the region variable using command-line parameters. By default, this parameter is left empty.
}

// The main function is the entry point of the program.
func main() {
	flag.Parse() // Parse command-line parameters.
	if len(region) == 0 { // If the region parameter is not provided, print the default parameters and exit the program.
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, region required") // Log the error and terminate the program.
	}

	// Create a configuration object, and use environment variables as the credential provider and the specified region.
	cfg := oss.LoadDefaultConfig().
		WithCredentialsProvider(credentials.NewEnvironmentVariableCredentialsProvider()).
		WithRegion(region)

	client := oss.NewClient(cfg) // Create a new OSS client using the configurations.

	// Create a PutPublicAccessBlock request to enable the Block Public Access feature.
	request := &oss.PutPublicAccessBlockRequest{
		PublicAccessBlockConfiguration: &oss.PublicAccessBlockConfiguration{
			oss.Ptr(true), // Set this parameter to true to enable Block Public Access.
		},
	}
	putResult, err := client.PutPublicAccessBlock(context.TODO(), request)
	if err != nil {
		log.Fatalf("failed to put public access block %v", err) // If an error occurs, record the error and exit.
	}

	log.Printf("put public access block result:%#v\n", putResult) // Print the result of enabling Block Public Access.
}

    Query the global Block Public Access configurations for OSS

    You can use the following code to query the global Block Public Access configurations for OSS.

    package main

import (
	"context" // Used to manage contexts with features such as deadlines and cancellation signals.
	"flag"    // Used to parse command-line parameters.
	"log"     // Used to print log information.

	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss"           // The SDK package for Alibaba Cloud OSS.
	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/credentials" // The package for processing authentication information.
)

var (
	region string // Stores the region information obtained from the command line.
)

// The initializer function, which is used to set up tasks that need to be completed before the program starts.
func init() {
	flag.StringVar(&region, "region", "", "The region in which the bucket is located.") // Set command-line parameters to specify the region. By default, this parameter is an empty string.
}

// The entry point of the program.
func main() {
	flag.Parse() // Parse command-line parameters.
	if len(region) == 0 { // If the region parameter is not provided, print the default parameters and exit the program.
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, region required") // Record the error and terminate the program.
	}

	// Load the default configurations, use environment variables as the credential provider, and specify the region for the operation.
	cfg := oss.LoadDefaultConfig().
		WithCredentialsProvider(credentials.NewEnvironmentVariableCredentialsProvider()).
		WithRegion(region)

	client := oss.NewClient(cfg) // Create a new OSS client instance using the configurations.

	// Create a GetPublicAccessBlock request to query the Block Public Access settings.
	request := &oss.GetPublicAccessBlockRequest{}
	getResult, err := client.GetPublicAccessBlock(context.TODO(), request) // Execute the request to query the Block Public Access status.
	if err != nil {
		log.Fatalf("failed to get public access block %v", err) // If an error occurs, record the error message and terminate the program.
	}

	log.Printf("get public access block result:%#v\n", getResult) // Print the queried Block Public Access result.
}

    Delete the global Block Public Access configurations for OSS

    You can use the following code to delete the global Block Public Access configurations for OSS.

    package main

import (
	"context" 
	"flag"    
	"log"    

	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss"           // The SDK package for Alibaba Cloud OSS.
	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/credentials" // The package for processing authentication information.
)

var (
	region string // Define a variable to store the region information obtained from the command line.
)

// The init function is executed before the main function to initialize the program.
func init() {
	flag.StringVar(&region, "region", "", "The region in which the bucket is located.") // Set command-line parameters to specify the region. By default, this parameter is an empty string.
}

// The main function is the entry point of the program.
func main() {
	flag.Parse() // Parse command-line parameters.
	if len(region) == 0 { // If the region parameter is not provided, print the default parameters and exit the program.
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, region required") // Log the error and terminate the program.
	}

	// Create a configuration object, and use environment variables as the credential provider and the specified region.
	cfg := oss.LoadDefaultConfig().
		WithCredentialsProvider(credentials.NewEnvironmentVariableCredentialsProvider()).
		WithRegion(region)

	client := oss.NewClient(cfg) // Create a new OSS client instance using the configurations.

	// Create a DeletePublicAccessBlock request to delete the Block Public Access settings.
	request := &oss.DeletePublicAccessBlockRequest{}
	result, err := client.DeletePublicAccessBlock(context.TODO(), request) // Send the request to delete the Block Public Access settings.
	if err != nil {
		log.Fatalf("failed to delete public access block %v", err) // If an error occurs, record the error message and terminate the program.
	}

	log.Printf("delete public access block result:%#v\n", result) // Print the result of deleting Block Public Access.
}

    References

    • For the complete sample code that shows how to manage global Block Public Access for OSS, see the Github example.

    • For more information about the API operation to enable global Block Public Access for OSS, see PutPublicAccessBlock.

    • For more information about the API operation to query the global Block Public Access configurations for OSS, see GetPublicAccessBlock.

    • For more information about the API operation to delete the global Block Public Access configurations for OSS, see DeletePublicAccessBlock.