You need to enable JavaScript to run this app.
导航
对象存储
  • 文档首页
    • /
  • 对象存储

管理桶 ACL(Go SDK)

最近更新时间2024.02.04 18:31:01

首次发布时间2023.01.18 16:55:21

我的收藏

您可以通过 TOS SDK 提供的接口设置桶 ACL。权限设置可以通过请求头和请求体两种方式。

前提条件

  • 配置桶 ACL 的账号必须是该桶的创建者,或拥有该桶 ACL 的写权限。
  • 仅支持对主账号 ID 配置 ACL,不支持子账号。

桶 ACL 说明

访问权限

描述

枚举类型

READ

允许被授权者列出桶中的对象,分片任务。

enum.PermissionRead

WRITE

允许被授权者创建、覆盖和删除桶中的任意对象,初始化分片任务,上传分片,合并分片,取消分片任务。

enum.PermissionWrite

READ_ACP

允许被授权者读取存储桶 ACL。

enum.PermissionReadAcp

WRITE_ACP

允许被授权者为适用的存储桶设置 ACL。

enum.PermissionWriteAcp

FULL_CONTROL

允许被授权者在存储桶上的 READ、WRITE、READ_ACP 和 WRITE_ACP 权限。

enum.PermissionFullControl

示例代码

通过请求体设置 ACL 权限

注意

设置桶的 ACL 权限前,您必须具有 tos:PutBucketACL 权限,或具有 WRITE_ACP 桶 ACL 权限。具体操作,请参见权限配置指南

package main

import (
   "context"
   "fmt"

   "github.com/volcengine/ve-tos-golang-sdk/v2/tos"
   "github.com/volcengine/ve-tos-golang-sdk/v2/tos/enum"
)

func checkErr(err error) {
   if err != nil {
      if serverErr, ok := err.(*tos.TosServerError); ok {
         fmt.Println("Error:", serverErr.Error())
         fmt.Println("Request ID:", serverErr.RequestID)
         fmt.Println("Response Status Code:", serverErr.StatusCode)
         fmt.Println("Response Header:", serverErr.Header)
         fmt.Println("Response Err Code:", serverErr.Code)
         fmt.Println("Response Err Msg:", serverErr.Message)
      } else if clientErr, ok := err.(*tos.TosClientError); ok {
         fmt.Println("Error:", clientErr.Error())
         fmt.Println("Client Cause Err:", clientErr.Cause.Error())
      } else {
         fmt.Println("Error:", err)
      }
      panic(err)
   }
}

func main() {
   var (
      accessKey = os.Getenv("TOS_ACCESS_KEY")
      secretKey = os.Getenv("TOS_SECRET_KEY")
      // Bucket 对应的 Endpoint,以华北2(北京)为例:https://tos-cn-beijing.volces.com
      endpoint = "https://tos-cn-beijing.volces.com"
      region   = "cn-beijing"
      // 填写 BucketName
      bucketName = "*** Provide your bucket name ***"
      ctx        = context.Background()
   )
   // 初始化客户端
   client, err := tos.NewClientV2(endpoint, tos.WithRegion(region), tos.WithCredentials(tos.NewStaticCredentials(accessKey, secretKey)))
   checkErr(err)
   
   input := &tos.PutBucketACLInput{
      Bucket: bucketName,
      Owner: tos.Owner{
         // 获取 Bucket Owner ID
         ID: "ownerid",
      },
      Grants: []tos.GrantV2{
         {
            GranteeV2: tos.GranteeV2{
               ID:   "userId",
               Type: enum.GranteeUser,
            },
            Permission: enum.PermissionWrite,
         },
      },
   }
   // 通过请求体设置请求数据
   putAclOutput, err := client.PutBucketACL(ctx, input)
   checkErr(err)
   fmt.Println("PutBucketACL Request ID: ", putAclOutput.RequestID)

   getAclOutput, err := client.GetBucketACL(ctx, &tos.GetBucketACLInput{Bucket: bucketName})
   checkErr(err)
   fmt.Println("GetBucketACL Request ID:", getAclOutput.RequestID)
   // 获取 Bucket Owner 信息
   fmt.Println("GetBucketACL Owner:", getAclOutput.Owner)
   for _, grant := range getAclOutput.Grants {
      // 授予者所拥有的 Bucket 权限
      fmt.Println("Grant Permission:", grant.Permission)
      // 当 Type 为 CanonicalUser 时,表示权限授予者的 ID
      fmt.Println("Grant GranteeV2 ID", grant.GranteeV2.ID)
      // 权限被授予者的名称
      fmt.Println("Grant GranteeV2 DisplayName", grant.GranteeV2.DisplayName)
      // 被授权的用户组
      fmt.Println("Grant GranteeV2 Canned", grant.GranteeV2.Canned)
      // 权限授予者的类型
      fmt.Println("Grant GranteeV2 Type", grant.GranteeV2.Type)
   }

}

通过请求头设置权限

注意

设置桶的 ACL 权限前,您必须具有 tos:PutBucketACL 权限,或具有 WRITE_ACP 桶 ACL 权限。具体操作,请参见权限配置指南

package main

import (
   "context"
   "fmt"

   "github.com/volcengine/ve-tos-golang-sdk/v2/tos"
   "github.com/volcengine/ve-tos-golang-sdk/v2/tos/enum"
)
func checkErr(err error) {
   if err != nil {
      if serverErr, ok := err.(*tos.TosServerError); ok {
         fmt.Println("Error:", serverErr.Error())
         fmt.Println("Request ID:", serverErr.RequestID)
         fmt.Println("Response Status Code:", serverErr.StatusCode)
         fmt.Println("Response Header:", serverErr.Header)
         fmt.Println("Response Err Code:", serverErr.Code)
         fmt.Println("Response Err Msg:", serverErr.Message)
      } else if clientErr, ok := err.(*tos.TosClientError); ok {
         fmt.Println("Error:", clientErr.Error())
         fmt.Println("Client Cause Err:", clientErr.Cause.Error())
      } else {
         fmt.Println("Error:", err)
      }
      panic(err)
   }
}

func main() {
   var (
      accessKey = os.Getenv("TOS_ACCESS_KEY")
      secretKey = os.Getenv("TOS_SECRET_KEY")
      // Bucket 对应的 Endpoint,以华北2(北京)为例:https://tos-cn-beijing.volces.com
      endpoint = "https://tos-cn-beijing.volces.com"
      region   = "cn-beijing"
      // 填写 BucketName
      bucketName = "*** Provide your bucket name ***"
      ctx        = context.Background()
   )
   // 初始化客户端
   client, err := tos.NewClientV2(endpoint, tos.WithRegion(region), tos.WithCredentials(tos.NewStaticCredentials(accessKey, secretKey)))
   checkErr(err)
   
    // 通过请求头设置 Bucket ACL
    putAclOutput, err := client.PutBucketACL(ctx, &tos.PutBucketACLInput{
       Bucket:  bucketName,
       ACLType: enum.ACLPrivate,
    })
    checkErr(err)
}

获取存储桶权限

注意

获取桶的访问权限前,您必须具有 tos:GetBucketACL 权限,或具有 READ_ACP 桶 ACL 权限。具体操作,请参见权限配置指南

package main

import (
   "context"
   "fmt"

   "github.com/volcengine/ve-tos-golang-sdk/v2/tos"
   "github.com/volcengine/ve-tos-golang-sdk/v2/tos/enum"
)

func checkErr(err error) {
   if err != nil {
      if serverErr, ok := err.(*tos.TosServerError); ok {
         fmt.Println("Error:", serverErr.Error())
         fmt.Println("Request ID:", serverErr.RequestID)
         fmt.Println("Response Status Code:", serverErr.StatusCode)
         fmt.Println("Response Header:", serverErr.Header)
         fmt.Println("Response Err Code:", serverErr.Code)
         fmt.Println("Response Err Msg:", serverErr.Message)
      } else if clientErr, ok := err.(*tos.TosClientError); ok {
         fmt.Println("Error:", clientErr.Error())
         fmt.Println("Client Cause Err:", clientErr.Cause.Error())
      } else {
         fmt.Println("Error:", err)
      }
      panic(err)
   }
}

func main() {
   var (
      accessKey = os.Getenv("TOS_ACCESS_KEY")
      secretKey = os.Getenv("TOS_SECRET_KEY")
      // Bucket 对应的 Endpoint,以华北2(北京)为例:https://tos-cn-beijing.volces.com
      endpoint = "https://tos-cn-beijing.volces.com"
      region   = "cn-beijing"
      // 填写 BucketName
      bucketName = "*** Provide your bucket name ***"
      ctx        = context.Background()
   )
   // 初始化客户端
   client, err := tos.NewClientV2(endpoint, tos.WithRegion(region), tos.WithCredentials(tos.NewStaticCredentials(accessKey, secretKey)))
   checkErr(err)

   getAclOutput, err := client.GetBucketACL(ctx, &tos.GetBucketACLInput{Bucket: bucketName})
   checkErr(err)
   fmt.Println("GetBucketACL Request ID:", getAclOutput.RequestID)
   // 获取 Bucket Owner 信息
   fmt.Println("GetBucketACL Owner:", getAclOutput.Owner)
   for _, grant := range getAclOutput.Grants {
      // 授予者所拥有的 Bucket 权限
      fmt.Println("Grant Permission:", grant.Permission)
      // 当 Type 为 CanonicalUser 时,表示权限授予者的 ID
      fmt.Println("Grant GranteeV2 ID", grant.GranteeV2.ID)
      // 权限被授予者的名称
      fmt.Println("Grant GranteeV2 DisplayName", grant.GranteeV2.DisplayName)
      // 被授权的用户组
      fmt.Println("Grant GranteeV2 Canned", grant.GranteeV2.Canned)
      // 权限授予者的类型
      fmt.Println("Grant GranteeV2 Type", grant.GranteeV2.Type)
   }

}

相关文档

管理桶的权限,请参见桶 ACLs