Manage global Block Public Access using PHP SDK V2 - Object Storage Service

Use PHP SDK V2 to enable, retrieve, or delete the global Block Public Access configuration for Object Storage Service (OSS).

How it works

All three operations share the same client setup:

Load credentials from environment variables using EnvironmentVariableCredentialsProvider.
Create an Oss\Config with the credentials and target region.
Instantiate Oss\Client with that config.
Call the relevant method: putPublicAccessBlock, getPublicAccessBlock, or deletePublicAccessBlock.

Note: The sample code uses the China (Hangzhou) region (cn-hangzhou) with the public endpoint by default. To access OSS from another Alibaba Cloud service in the same region, pass the internal endpoint via --endpoint. For a full list of regions and endpoints, see OSS regions and endpoints.

Enable global Block Public Access

Set blockPublicAccess: true in a PutPublicAccessBlockRequest and call putPublicAccessBlock.

<?php

require_once __DIR__ . '/../vendor/autoload.php';

use AlibabaCloud\Oss\V2 as Oss;

$optsdesc = [
    "region"   => ['help' => 'The region in which the bucket is located.', 'required' => True],
    "endpoint" => ['help' => 'The domain names that other services can use to access OSS.', 'required' => False],
];

$longopts = \array_map(function ($key) {
    return "$key:";
}, array_keys($optsdesc));

$options = getopt("", $longopts);

foreach ($optsdesc as $key => $value) {
    if ($value['required'] === True && empty($options[$key])) {
        $help = $value['help'];
        echo "Error: the following arguments are required: --$key, $help";
        exit(1);
    }
}

$region = $options["region"];

// Load credentials from environment variables.
$credentialsProvider = new Oss\Credentials\EnvironmentVariableCredentialsProvider();

$cfg = Oss\Config::loadDefault();
$cfg->setCredentialsProvider($credentialsProvider);
$cfg->setRegion($region);

if (isset($options["endpoint"])) {
    $cfg->setEndpoint($options["endpoint"]);
}

$client = new Oss\Client($cfg);

// Build a PutPublicAccessBlock request with blockPublicAccess set to true.
$request = new Oss\Models\PutPublicAccessBlockRequest(
    publicAccessBlockConfiguration: new Oss\Models\PublicAccessBlockConfiguration(blockPublicAccess: true)
);

$result = $client->putPublicAccessBlock($request);

printf(
    'status code:' . $result->statusCode . PHP_EOL .
    'request id:' . $result->requestId
);

Get the global Block Public Access configuration

Call getPublicAccessBlock with an empty GetPublicAccessBlockRequest. The response includes the current publicAccessBlockConfiguration.

<?php

require_once __DIR__ . '/../vendor/autoload.php';

use AlibabaCloud\Oss\V2 as Oss;

$optsdesc = [
    "region"   => ['help' => 'The region in which the bucket is located.', 'required' => True],
    "endpoint" => ['help' => 'The domain names that other services can use to access OSS.', 'required' => False],
];

$longopts = \array_map(function ($key) {
    return "$key:";
}, array_keys($optsdesc));

$options = getopt("", $longopts);

foreach ($optsdesc as $key => $value) {
    if ($value['required'] === True && empty($options[$key])) {
        $help = $value['help'];
        echo "Error: the following arguments are required: --$key, $help";
        exit(1);
    }
}

$region = $options["region"];

// Load credentials from environment variables.
$credentialsProvider = new Oss\Credentials\EnvironmentVariableCredentialsProvider();

$cfg = Oss\Config::loadDefault();
$cfg->setCredentialsProvider($credentialsProvider);
$cfg->setRegion($region);

if (isset($options["endpoint"])) {
    $cfg->setEndpoint($options["endpoint"]);
}

$client = new Oss\Client($cfg);

$request = new Oss\Models\GetPublicAccessBlockRequest();

$result = $client->getPublicAccessBlock($request);

printf(
    'status code:' . $result->statusCode . PHP_EOL .
    'request id:' . $result->requestId . PHP_EOL .
    'public access block config:' . var_export($result->publicAccessBlockConfiguration, true)
);

Delete the global Block Public Access configuration

Call deletePublicAccessBlock with an empty DeletePublicAccessBlockRequest to remove the configuration.

<?php

require_once __DIR__ . '/../vendor/autoload.php';

use AlibabaCloud\Oss\V2 as Oss;

$optsdesc = [
    "region"   => ['help' => 'The region in which the bucket is located.', 'required' => True],
    "endpoint" => ['help' => 'The domain names that other services can use to access OSS.', 'required' => False],
];

$longopts = \array_map(function ($key) {
    return "$key:";
}, array_keys($optsdesc));

$options = getopt("", $longopts);

foreach ($optsdesc as $key => $value) {
    if ($value['required'] === True && empty($options[$key])) {
        $help = $value['help'];
        echo "Error: the following arguments are required: --$key, $help";
        exit(1);
    }
}

$region = $options["region"];

// Load credentials from environment variables.
$credentialsProvider = new Oss\Credentials\EnvironmentVariableCredentialsProvider();

$cfg = Oss\Config::loadDefault();
$cfg->setCredentialsProvider($credentialsProvider);
$cfg->setRegion($region);

if (isset($options["endpoint"])) {
    $cfg->setEndpoint($options["endpoint"]);
}

$client = new Oss\Client($cfg);

$request = new Oss\Models\DeletePublicAccessBlockRequest();

$result = $client->deletePublicAccessBlock($request);

printf(
    'status code:' . $result->statusCode . PHP_EOL .
    'request id:' . $result->requestId
);

References

For the complete sample code, see GitHub sample.
For the API operation that enables global Block Public Access, see PutPublicAccessBlock.
For the API operation that retrieves the configuration, see GetPublicAccessBlock.
For the API operation that deletes the configuration, see DeletePublicAccessBlock.