Object Storage Service:Manage the ACL of buckets

Usage notes

• The sample code in this topic uses the region ID cn-hangzhou of the China (Hangzhou) region. By default, the public endpoint is used to access resources in a bucket. If you want to access resources in the bucket by using other Alibaba Cloud services in the same region in which the bucket is located, use an internal endpoint. For more information about the regions and endpoints supported by OSS, see OSS regions and endpoints.

• In this topic, access credentials are obtained from environment variables. For more information about how to configure access credentials, see Configure access credentials.

• The oss:PutBucketAcl permission is required for configuring the ACL of a bucket. The oss:GetBucketAcl permission is required for querying the ACL of a bucket. For more information, see Grant custom policy to RAM users.

Types of ACLs

The following table describes the ACLs of buckets.

Sample code

The following sample code provides an example of how to configure and query the ACL of a bucket.

package main

import (
	"context"
	"flag"
	"log"

	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss"
	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/credentials"
)

// Define global variables.
var (
	region     string // The region in which your bucket is located.
	bucketName string // The name of the bucket.
)

// Specify the init function used to initialize command line parameters.
func init() {
	flag.StringVar(&region, "region", "", "The region in which the bucket is located.")
	flag.StringVar(&bucketName, "bucket", "", "The name of the bucket.")
}

func main() {
	// Parse command line parameters.
	flag.Parse()

	// Check whether the name of the bucket is specified.
	if len(bucketName) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, bucket name required")
	}

	// Check whether the region is specified.
	if len(region) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, region required")
	}

	// Load the default configurations and specify the credential provider and region.
	cfg := oss.LoadDefaultConfig().
		WithCredentialsProvider(credentials.NewEnvironmentVariableCredentialsProvider()).
		WithRegion(region)

	// Create an OSS client.
	client := oss.NewClient(cfg)

	// Create a request to configure the ACL of the bucket.
	putRequest := &oss.PutBucketAclRequest{
		Bucket: oss.Ptr(bucketName),  // The name of the bucket.
		Acl:    oss.BucketACLPrivate, // Set the ACL to private.
	}

	// Perform the operation to configure the ACL.
	putResult, err := client.PutBucketAcl(context.TODO(), putRequest)
	if err != nil {
		log.Fatalf("failed to put bucket acl %v", err)
	}

	// Display the result.
	log.Printf("put bucket acl result: %#v\n", putResult)

	// Create a request to query the ACL.
	getRequest := &oss.GetBucketAclRequest{
		Bucket: oss.Ptr(bucketName), // The name of the bucket
	}

	// Perform the operation to query the ACL.
	getResult, err := client.GetBucketAcl(context.TODO(), getRequest)
	if err != nil {
		log.Fatalf("failed to get bucket acl %v", err)
	}

	// Display the result.
	log.Printf("get bucket acl result:%#v\n", getResult)
}

References

• For the complete sample code that is used to configure the ACL of a bucket, visit GitHub sample.

• For more information about the API operation that you can call to configure the ACL of a bucket, see PutBucketAcl.

• For the complete sample code that is used to query the ACL of a bucket, visit GitHub sample.

• For more information about the API operation that you can call to query the ACL of a bucket, see GetBucketACL.