Bucket Policy(Python SDK V2)

更新時間:
Copy as MD

Bucket PolicyOSS提供的一種針對儲存空間(Bucket)的授權策略,使您可以精細化地授權或限制有身份的訪問者(阿里雲帳號、RAM使用者、RAM角色)或匿名訪問者對指定OSS資源的訪問。例如,您可以為其他阿里雲帳號的RAM使用者授予指定OSS資源的唯讀許可權。

注意事項

要設定Bucket Policy,您必須有oss:PutBucketPolicy許可權;要擷取Bucket Policy,您必須有oss:GetBucketPolicy許可權;要刪除Bucket Policy,您必須有oss:DeleteBucketPolicy許可權。具體操作,請參見RAM使用者授予自訂的權限原則

方法定義

設定Bucket Policy

put_bucket_policy(request: PutBucketPolicyRequest, **kwargs) → PutBucketPolicyResult

擷取Bucket Policy

get_bucket_policy(request: GetBucketPolicyRequest, **kwargs) → GetBucketPolicyResult

刪除Bucket Policy

delete_bucket_policy(request: DeleteBucketPolicyRequest, **kwargs) → DeleteBucketPolicyResult

參數名

類型

說明

request

PutBucketPolicyRequest

佈建要求參數,具體請參見PutBucketPolicyRequest

GetBucketPolicyRequest

佈建要求參數,具體請參見GetBucketPolicyRequest

DeleteBucketPolicyRequest

佈建要求參數,具體請參見DeleteBucketPolicyRequest

傳回值列表

類型

說明

PutBucketPolicyResult

傳回值,具體請參見PutBucketPolicyResult

GetBucketPolicyResult

傳回值,具體請參見GetBucketPolicyResult

DeleteBucketPolicyResult

傳回值,具體請參見DeleteBucketPolicyResult

關於設定Bucket Policy方法的完整定義,請參見put_bucket_policy

關於擷取Bucket Policy方法的完整定義,請參見get_bucket_policy

關於刪除Bucket Policy方法的完整定義,請參見delete_bucket_policy

範例程式碼

設定Bucket Policy

您可以使用以下代碼設定Bucket Policy。

import argparse
import alibabacloud_oss_v2 as oss
import alibabacloud_oss_v2.vectors as oss_vectors

parser = argparse.ArgumentParser(description="vector put bucket policy sample")
parser.add_argument('--region', help='The region in which the bucket is located.', required=True)
parser.add_argument('--bucket', help='The name of the bucket.', required=True)
parser.add_argument('--endpoint', help='The domain names that other services can use to access OSS')
parser.add_argument('--account_id', help='The account id.', required=True)

def main():
    args = parser.parse_args()

    # Loading credentials values from the environment variables
    credentials_provider = oss.credentials.EnvironmentVariableCredentialsProvider()

    # Using the SDK's default configuration
    cfg = oss.config.load_default()
    cfg.credentials_provider = credentials_provider
    cfg.region = args.region
    cfg.account_id = args.account_id
    cfg.use_internal_endpoint = True  # 如需通過公網訪問,請將此處設定為False或刪除此行
    if args.endpoint is not None:
        cfg.endpoint = args.endpoint

    vector_client = oss_vectors.Client(cfg)


    policy_content = '''
        {
           "Version":"1",
           "Statement":[
               {
                 "Action":[
                   "oss:PutVectors",
                   "oss:GetVectors"
                ],
                "Effect":"Deny",
                "Principal":["1234567890"],
                "Resource":["acs:ossvector:cn-hangzhou:1234567890:*/*"]
               }
            ]
         }
    '''

    result = vector_client.put_bucket_policy(oss_vectors.models.PutBucketPolicyRequest(
        bucket=args.bucket,
        body=policy_content
    ))

    print(f'status code: {result.status_code},'
          f' request id: {result.request_id},'
    )

if __name__ == "__main__":
    main()

擷取Bucket Policy

您可以使用以下代碼擷取Bucket Policy。

import argparse
import alibabacloud_oss_v2 as oss
import alibabacloud_oss_v2.vectors as oss_vectors

parser = argparse.ArgumentParser(description="vector get bucket policy sample")
parser.add_argument('--region', help='The region in which the bucket is located.', required=True)
parser.add_argument('--bucket', help='The name of the bucket.', required=True)
parser.add_argument('--endpoint', help='The domain names that other services can use to access OSS')
parser.add_argument('--account_id', help='The account id.', required=True)

def main():
    args = parser.parse_args()

    # Loading credentials values from the environment variables
    credentials_provider = oss.credentials.EnvironmentVariableCredentialsProvider()

    # Using the SDK's default configuration
    cfg = oss.config.load_default()
    cfg.credentials_provider = credentials_provider
    cfg.region = args.region
    cfg.account_id = args.account_id
    cfg.use_internal_endpoint = True  # 如需通過公網訪問,請將此處設定為False或刪除此行
    if args.endpoint is not None:
        cfg.endpoint = args.endpoint

    vector_client = oss_vectors.Client(cfg)

    result = vector_client.get_bucket_policy(oss_vectors.models.GetBucketPolicyRequest(
        bucket=args.bucket,
    ))

    print(f'status code: {result.status_code},'
          f' request id: {result.request_id},'
          )

    if result.body:
        print(f'policy content: {result.body}')


if __name__ == "__main__":
    main()

刪除Bucket Policy

您可以使用以下代碼刪除Bucket Policy。

import argparse
import alibabacloud_oss_v2 as oss
import alibabacloud_oss_v2.vectors as oss_vectors

parser = argparse.ArgumentParser(description="vector delete bucket policy sample")
parser.add_argument('--region', help='The region in which the bucket is located.', required=True)
parser.add_argument('--bucket', help='The name of the bucket.', required=True)
parser.add_argument('--endpoint', help='The domain names that other services can use to access OSS')
parser.add_argument('--account_id', help='The account id.', required=True)

def main():
    args = parser.parse_args()

    # Loading credentials values from the environment variables
    credentials_provider = oss.credentials.EnvironmentVariableCredentialsProvider()

    # Using the SDK's default configuration
    cfg = oss.config.load_default()
    cfg.credentials_provider = credentials_provider
    cfg.region = args.region
    cfg.account_id = args.account_id
    cfg.use_internal_endpoint = True  # 如需通過公網訪問,請將此處設定為False或刪除此行
    if args.endpoint is not None:
        cfg.endpoint = args.endpoint

    vector_client = oss_vectors.Client(cfg)

    result = vector_client.delete_bucket_policy(oss_vectors.models.DeleteBucketPolicyRequest(
        bucket=args.bucket,
    ))

    print(f'status code: {result.status_code},'
          f' request id: {result.request_id},'
    )

if __name__ == "__main__":
    main()

相關文檔