A bucket is a container used to store objects in Object Storage Service (OSS). This topic describes how to use Go SDK V2 to set and retrieve the access control list (ACL) of a bucket.
Usage notes
The sample code in this topic uses the region ID
cn-hangzhoufor the China (Hangzhou) region. By default, a public endpoint is used. If you want to access OSS from other Alibaba Cloud services in the same region, use an internal endpoint. For more information about the regions and endpoints supported by OSS, see OSS regions and endpoints.This topic provides an example of how to use access credentials that are obtained from environment variables. For more information about how to configure access credentials, see Configure access credentials.
To set the ACL of a bucket, you must have the
oss:PutBucketAclpermission. To retrieve the ACL of a bucket, you must have theoss:GetBucketAclpermission. For more information, see Grant custom policy to RAM users.
Types of ACLs
The following three types of ACLs are available for buckets:
ACL | Description | Method |
Private | Only the owner or authorized users of this bucket can read and write the objects. Other users cannot access the objects in the bucket. | oss.BucketACLPrivate |
Public-read | Only the owner or authorized users of this bucket can read and write the objects. Other users, including anonymous users, can only read objects in the bucket. Exercise caution when you set the ACL to this value. | oss.BucketACLPublicRead |
Public-read-write | Any users, including anonymous users can read and write the objects. Exercise caution when you set the ACL to this value. | oss.BucketACLPublicReadWrite |
Sample code
You can use the following code to set and retrieve the ACL of a bucket.
package main
import (
"context"
"flag"
"log"
"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss"
"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/credentials"
)
// Define global variables.
var (
region string // The storage region.
bucketName string // The bucket name.
)
// The init function is used to initialize command-line parameters.
func init() {
flag.StringVar(®ion, "region", "", "The region in which the bucket is located.")
flag.StringVar(&bucketName, "bucket", "", "The name of the bucket.")
}
func main() {
// Parse command-line parameters.
flag.Parse()
// Check whether the bucket name is empty.
if len(bucketName) == 0 {
flag.PrintDefaults()
log.Fatalf("invalid parameters, bucket name required")
}
// Check whether the region is empty.
if len(region) == 0 {
flag.PrintDefaults()
log.Fatalf("invalid parameters, region required")
}
// Load the default configurations and set the credential provider and region.
cfg := oss.LoadDefaultConfig().
WithCredentialsProvider(credentials.NewEnvironmentVariableCredentialsProvider()).
WithRegion(region)
// Create an OSS client.
client := oss.NewClient(cfg)
// Create a request to set the bucket ACL.
putRequest := &oss.PutBucketAclRequest{
Bucket: oss.Ptr(bucketName), // The bucket name.
Acl: oss.BucketACLPrivate, // Set the access permission to private.
}
// Execute the operation to set the bucket ACL.
putResult, err := client.PutBucketAcl(context.TODO(), putRequest)
if err != nil {
log.Fatalf("failed to put bucket acl %v", err)
}
// Print the result of setting the bucket ACL.
log.Printf("put bucket acl result: %#v\n", putResult)
// Create a request to get the bucket ACL.
getRequest := &oss.GetBucketAclRequest{
Bucket: oss.Ptr(bucketName), // The bucket name.
}
// Execute the operation to get the bucket ACL.
getResult, err := client.GetBucketAcl(context.TODO(), getRequest)
if err != nil {
log.Fatalf("failed to get bucket acl %v", err)
}
// Print the result of getting the bucket ACL.
log.Printf("get bucket acl result:%#v\n", getResult)
}
References
For the complete sample code for setting the ACL of a bucket, see GitHub sample.
For more information about the API operation for setting the ACL of a bucket, see PutBucketAcl.
For the complete sample code for retrieving the ACL of a bucket, see GitHub sample.
For more information about the API operation for retrieving the ACL of a bucket, see GetBucketACL.