Bucket Policy(Java SDK V2)

更新时间:
复制 MD 格式

通过 Bucket Policy,您可以授权其他用户访问您指定的向量Bucket。本文介绍如何使用 OSS Java SDK V2 设置、查看和删除向量Bucket的授权策略(Bucket Policy)。

说明

说明:向量Bucket的 Bucket Policy 需通过向量客户端(OSSVectorsClient)操作,并配置账号 ID(accountId)。Java SDK V2 暂未提供向量 Bucket Policy 的强类型接口,以下示例通过通用的 invokeOperation 调用。授权策略中的 Resource 使用向量专属格式 acs:ossvector:{region}:{accountId}:*/*Action 使用向量操作(如 oss:PutVectorsoss:GetVectors)。

权限说明

阿里云账号默认拥有全部权限。RAM 用户或 RAM 角色需通过 RAM Policy 或 Bucket Policy 授予以下操作权限。

API

Action

说明

PutBucketPolicy

oss:PutBucketPolicy

设置向量Bucket的授权策略。

GetBucketPolicy

oss:GetBucketPolicy

查看向量Bucket的授权策略。

DeleteBucketPolicy

oss:DeleteBucketPolicy

删除向量Bucket的授权策略。

设置授权策略

为向量Bucket设置授权策略。以下示例拒绝指定账号对该向量Bucket执行 PutVectorsGetVectors 操作。

import com.aliyun.sdk.service.oss2.credentials.CredentialsProvider;
import com.aliyun.sdk.service.oss2.credentials.EnvironmentVariableCredentialsProvider;
import com.aliyun.sdk.service.oss2.OperationInput;
import com.aliyun.sdk.service.oss2.OperationOptions;
import com.aliyun.sdk.service.oss2.OperationOutput;
import com.aliyun.sdk.service.oss2.transport.BinaryData;
import java.util.HashMap;
import java.util.Map;
import com.aliyun.sdk.service.oss2.vectors.OSSVectorsClient;

public class PutBucketPolicySample {
    public static void main(String[] args) throws Exception {
        CredentialsProvider provider = new EnvironmentVariableCredentialsProvider();
        try (OSSVectorsClient client = OSSVectorsClient.newBuilder()
                .region("cn-hangzhou")
                .accountId("1234567890")
                .credentialsProvider(provider)
                .build()) {
            String policy = "{\n"
                    + "  \"Version\": \"1\",\n"
                    + "  \"Statement\": [\n"
                    + "    {\n"
                    + "      \"Action\": [\"oss:PutVectors\", \"oss:GetVectors\"],\n"
                    + "      \"Effect\": \"Deny\",\n"
                    + "      \"Principal\": [\"1234567890\"],\n"
                    + "      \"Resource\": [\"acs:ossvector:cn-hangzhou:1234567890:*/*\"]\n"
                    + "    }\n"
                    + "  ]\n"
                    + "}";
            Map<String, String> headers = new HashMap<>();
            headers.put("Content-Type", "application/json");
            Map<String, String> parameters = new HashMap<>();
            parameters.put("policy", "");
            OperationInput input = OperationInput.newBuilder()
                    .opName("PutBucketPolicy")
                    .method("PUT")
                    .bucket("examplebucket")
                    .parameters(parameters)
                    .headers(headers)
                    .body(BinaryData.fromString(policy))
                    .build();
            OperationOutput output = client.invokeOperation(input, OperationOptions.defaults());
            System.out.println("status code: " + output.statusCode()
                    + ", request id: " + output.headers().get("x-oss-request-id"));
        }
    }
}

查看授权策略

查看向量Bucket当前的授权策略,策略内容包含在返回结果的 body 中。

import com.aliyun.sdk.service.oss2.credentials.CredentialsProvider;
import com.aliyun.sdk.service.oss2.credentials.EnvironmentVariableCredentialsProvider;
import com.aliyun.sdk.service.oss2.OperationInput;
import com.aliyun.sdk.service.oss2.OperationOptions;
import com.aliyun.sdk.service.oss2.OperationOutput;
import com.aliyun.sdk.service.oss2.transport.BinaryData;
import java.util.HashMap;
import java.util.Map;
import com.aliyun.sdk.service.oss2.vectors.OSSVectorsClient;

public class GetBucketPolicySample {
    public static void main(String[] args) throws Exception {
        CredentialsProvider provider = new EnvironmentVariableCredentialsProvider();
        try (OSSVectorsClient client = OSSVectorsClient.newBuilder()
                .region("cn-hangzhou")
                .accountId("1234567890")
                .credentialsProvider(provider)
                .build()) {
            Map<String, String> parameters = new HashMap<>();
            parameters.put("policy", "");
            OperationInput input = OperationInput.newBuilder()
                    .opName("GetBucketPolicy")
                    .method("GET")
                    .bucket("examplebucket")
                    .parameters(parameters)
                    .build();
            OperationOutput output = client.invokeOperation(input, OperationOptions.defaults());
            System.out.println("status code: " + output.statusCode()
                    + ", request id: " + output.headers().get("x-oss-request-id"));
        }
    }
}

删除授权策略

删除向量Bucket的授权策略。

import com.aliyun.sdk.service.oss2.credentials.CredentialsProvider;
import com.aliyun.sdk.service.oss2.credentials.EnvironmentVariableCredentialsProvider;
import com.aliyun.sdk.service.oss2.OperationInput;
import com.aliyun.sdk.service.oss2.OperationOptions;
import com.aliyun.sdk.service.oss2.OperationOutput;
import com.aliyun.sdk.service.oss2.transport.BinaryData;
import java.util.HashMap;
import java.util.Map;
import com.aliyun.sdk.service.oss2.vectors.OSSVectorsClient;

public class DeleteBucketPolicySample {
    public static void main(String[] args) throws Exception {
        CredentialsProvider provider = new EnvironmentVariableCredentialsProvider();
        try (OSSVectorsClient client = OSSVectorsClient.newBuilder()
                .region("cn-hangzhou")
                .accountId("1234567890")
                .credentialsProvider(provider)
                .build()) {
            Map<String, String> parameters = new HashMap<>();
            parameters.put("policy", "");
            OperationInput input = OperationInput.newBuilder()
                    .opName("DeleteBucketPolicy")
                    .method("DELETE")
                    .bucket("examplebucket")
                    .parameters(parameters)
                    .build();
            OperationOutput output = client.invokeOperation(input, OperationOptions.defaults());
            System.out.println("status code: " + output.statusCode()
                    + ", request id: " + output.headers().get("x-oss-request-id"));
        }
    }
}

相关文档

  • 向量 Bucket Policy 的策略语法与 Action/Resource 取值,请参见 OSS Vectors 的访问控制文档。