vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/obs/api-ref/obs_04_0027.html
Jawei, Li f1cb839979 OBS api-ref 2.0.38.SP5 
Reviewed-by: gtema <artem.goncharov@gmail.com>
Co-authored-by: Jawei, Li <lijiawei5@huawei.com>
Co-committed-by: Jawei, Li <lijiawei5@huawei.com>
2022-11-03 11:54:51 +00:00

307 lines
12 KiB
HTML
Raw Blame History

<a name="obs_04_0027"></a><a name="obs_04_0027"></a>
<h1 class="topictitle1">Configuring a Bucket Policy</h1>
<div id="body26544305"><div class="section" id="obs_04_0027__section5584184924715"><h4 class="sectiontitle">Functions</h4><p class="msonormal" id="obs_04_0027__p5987250">This operation creates or modifies policies for buckets. If the specified bucket already has a policy, the policy in the request will overwrite the existing one. There is no limit on the number of bucket policies (statements) for a bucket. However, the total size of JSON descriptions of all bucket policies in a bucket cannot exceed 20 KB.</p>
<p class="msonormal" id="obs_04_0027__p53885250">To perform this operation, the user must be the bucket owner or the bucket owner's IAM user that has permissions required for configuring bucket policies.</p>
</div>
<div class="section" id="obs_04_0027__section15205203"><h4 class="sectiontitle">Request Syntax</h4><div class="codecoloring" codetype="Xml" id="obs_04_0027__screen2605134"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre>1
2
3
4
5</pre></div></td><td class="code"><div class="highlight"><pre><span></span>PUT /?policy HTTP/1.1
Host: bucketname.obs.region.example.com
Date: date
Authorization: signatureValue
Policy written in JSON
</pre></div>
</td></tr></table></div>
</div>
<div class="section" id="obs_04_0027__section2629102"><h4 class="sectiontitle">Request Parameters</h4><p class="msonormal" id="obs_04_0027__p24922659">This request contains no parameter.</p>
</div>
<div class="section" id="obs_04_0027__section23661925"><h4 class="sectiontitle">Request Headers</h4><p class="msonormal" id="obs_04_0027__p5469531">This request uses common headers. For details, see <a href="obs_04_0007.html#obs_04_0007__table25197309">Table 3</a>.</p>
</div>
<div class="section" id="obs_04_0027__section11630735"><h4 class="sectiontitle">Request Elements</h4><p class="msonormal" id="obs_04_0027__p27865340">The request body is a JSON string containing bucket policy information.</p>
</div>
<div class="section" id="obs_04_0027__section37567759"><h4 class="sectiontitle">Response Syntax</h4><div class="codecoloring" codetype="Xml" id="obs_04_0027__screen42500096"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre>1
2
3</pre></div></td><td class="code"><div class="highlight"><pre><span></span>HTTP/1.1 status_code
Date: date
Content-Length: length
</pre></div>
</td></tr></table></div>
</div>
<div class="section" id="obs_04_0027__section2565517"><h4 class="sectiontitle">Response Headers</h4><p class="msonormal" id="obs_04_0027__p1512332591013">The response to the request uses common headers. For details, see <a href="obs_04_0013.html#obs_04_0013__d0e686">Table 1</a>.</p>
</div>
<div class="section" id="obs_04_0027__section23089658"><h4 class="sectiontitle">Response Elements</h4><p class="msonormal" id="obs_04_0027__p19036118">This response involves no elements.</p>
</div>
<div class="section" id="obs_04_0027__section6480335"><h4 class="sectiontitle">Error Responses</h4><p class="msonormal" id="obs_04_0027__p65530572">No special error responses are returned. For details, see <a href="obs_04_0115.html#obs_04_0115__d0e843">Table 2</a>.</p>
</div>
<div class="section" id="obs_04_0027__section7816985174739"><h4 class="sectiontitle">Sample Request 1</h4><p id="obs_04_0027__p06017817213"><strong id="obs_04_0027__b136120251916">Grant permissions to an OBS tenant</strong>.</p>
<p id="obs_04_0027__p53741710144436">Grant permissions to the tenant whose ID is <strong id="obs_04_0027__b2073374316920">783fc6652cf246c096ea836694f71855</strong>.</p>
<p id="obs_04_0027__p924568111514">For details about how to obtain the tenant ID, see <a href="obs_04_0117.html">Obtaining the Domain ID and User ID</a>.</p>
<div class="codecoloring" codetype="Xml" id="obs_04_0027__screen7883203144447"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre> 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22</pre></div></td><td class="code"><div class="highlight"><pre><span></span>PUT /?policy HTTP/1.1
Host: examplebucket.obs.region.example.com
Date: WED, 01 Jul 2015 02:32:25 GMT
Authorization: OBS H4IPJX0TQTHTHEBQQCEC:jZiAT8Vx4azWEvPRMWi0X5BpJMA=
{
&quot;Statement&quot;: [
{
&quot;Sid&quot;: &quot;Stmt1375240018061&quot;,
&quot;Action&quot;: [
&quot;GetBucketLogging&quot;
],
&quot;Effect&quot;: &quot;Allow&quot;,
&quot;Resource&quot;: &quot;logging.bucket&quot;,
&quot;Principal&quot;: {
&quot;ID&quot;: [
&quot;domain/783fc6652cf246c096ea836694f71855:user/*&quot;
]
}
}
]
}
</pre></div>
</td></tr></table></div>
</div>
<div class="section" id="obs_04_0027__section52513512174842"><h4 class="sectiontitle">Sample Response 1</h4><div class="codecoloring" codetype="Xml" id="obs_04_0027__screen20225955175838"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre>1
2
3
4
5
6</pre></div></td><td class="code"><div class="highlight"><pre><span></span>HTTP/1.1 204 No Content
x-obs-request-id: 7B6DFC9BC71DD58B061285551605709
x-obs-id-2: N0I2REZDOUJDNzFERDU4QjA2MTI4NTU1MTYwNTcwOUFBQUFBQUFBYmJiYmJiYmJD
Date: WED, 01 Jul 2015 02:32:25 GMT
Content-Length: 0
Server: OBS
</pre></div>
</td></tr></table></div>
</div>
<div class="section" id="obs_04_0027__section62420254162610"><h4 class="sectiontitle">Sample Request 2</h4><p id="obs_04_0027__p960291982112"><strong id="obs_04_0027__b842352706103715">Grant permissions to an OBS user</strong>.</p>
<p id="obs_04_0027__p16263207144548">The user ID is <strong id="obs_04_0027__b649711143112">71f3901173514e6988115ea2c26d1999</strong>, and the account ID is <strong id="obs_04_0027__b149814146116">783fc6652cf246c096ea836694f71855</strong>.</p>
<p id="obs_04_0027__p95111020229">For details about how to obtain the account ID and user ID, see <a href="obs_04_0117.html">Obtaining the Domain ID and User ID</a>.</p>
<div class="codecoloring" codetype="Xml" id="obs_04_0027__screen43469162144559"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre> 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22</pre></div></td><td class="code"><div class="highlight"><pre><span></span>PUT /?policy HTTP/1.1
Host: examplebucket.obs.region.example.com
Date: WED, 01 Jul 2015 02:33:28 GMT
Authorization: OBS H4IPJX0TQTHTHEBQQCEC:jZiAT8Vx4azWEvPRMWi0X5BpJMA=
{
&quot;Statement&quot;: [
{
&quot;Sid&quot;: &quot;Stmt1375240018062&quot;,
&quot;Action&quot;: [
&quot;PutBucketLogging&quot;
],
&quot;Effect&quot;: &quot;Allow&quot;,
&quot;Resource&quot;: &quot;examplebucket&quot;,
&quot;Principal&quot;: {
&quot;ID&quot;: [
&quot;domain/783fc6652cf246c096ea836694f71855:user/71f3901173514e6988115ea2c26d1999&quot;
]
}
}
]
}
</pre></div>
</td></tr></table></div>
</div>
<div class="section" id="obs_04_0027__section4555671162610"><h4 class="sectiontitle">Sample Response 2</h4><div class="codecoloring" codetype="Xml" id="obs_04_0027__screen33465077162610"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre>1
2
3
4
5
6</pre></div></td><td class="code"><div class="highlight"><pre><span></span>HTTP/1.1 204 No Content
x-obs-request-id: 7B6DFC9BC71DD58B061285551605709
x-obs-id-2: N0I2REZDOUJDNzFERDU4QjA2MTI4NTU1MTYwNTcwOUFBQUFBQUFBYmJiYmJiYmJD
Date: WED, 01 Jul 2015 02:33:28 GMT
Content-Length: 0
Server: OBS
</pre></div>
</td></tr></table></div>
</div>
<div class="section" id="obs_04_0027__section18012296430"><h4 class="sectiontitle">Sample Request 3</h4><p id="obs_04_0027__p765843452119"><strong id="obs_04_0027__b12901747191618">Deny all users except the specified one all the operation permissions</strong>.</p>
<p id="obs_04_0027__p7510155920435">The user ID is <strong id="obs_04_0027__b12262652153511">71f3901173514e6988115ea2c26d1999</strong>, and the account ID is <strong id="obs_04_0027__b17417817368">783fc6652cf246c096ea836694f71855</strong>.</p>
<p id="obs_04_0027__p19354162619221">For details about how to obtain the account ID and user ID, see <a href="obs_04_0117.html">Obtaining the Domain ID and User ID</a>.</p>
<div class="codecoloring" codetype="Xml" id="obs_04_0027__screen92591418114414"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre> 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23</pre></div></td><td class="code"><div class="highlight"><pre><span></span>PUT /?policy HTTP/1.1
Host: examplebucket.obs.region.example.com
Date: WED, 01 Jul 2015 02:34:34 GMT
Authorization: OBS H4IPJX0TQTHTHEBQQCEC:jZiAT8Vx4azWEvPRMWi0X5BpJMA=
{
&quot;Statement&quot;: [
{
&quot;Effect&quot;: &quot;Deny&quot;,
&quot;Action&quot;: [&quot;*&quot;],
&quot;Resource&quot;: [
&quot;examplebucket/*&quot;,
&quot;examplebucket&quot;
],
&quot;NotPrincipal&quot;: {
&quot;ID&quot;: [
&quot;domain/783fc6652cf246c096ea836694f71855:user/71f3901173514e6988115ea2c26d1999&quot;,
&quot;domain/783fc6652cf246c096ea836694f71855&quot;
]
}
}
]
}
</pre></div>
</td></tr></table></div>
</div>
<div class="section" id="obs_04_0027__section582262994311"><h4 class="sectiontitle">Sample Response 3</h4><div class="codecoloring" codetype="Xml" id="obs_04_0027__screen1769816556557"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre>1
2
3
4
5
6</pre></div></td><td class="code"><div class="highlight"><pre><span></span>HTTP/1.1 204 No Content
x-obs-request-id: A603000001604A7DFE4A4AF31E301891
x-obs-id-2: BKOvGmTlt6sda5X4G89PuMO4fabObGYmnpRGkaMba1LqPt0fCACEuCMllAObRK1n
Date: WED, 01 Jul 2015 02:34:34 GMT
Content-Length: 0
Server: OBS
</pre></div>
</td></tr></table></div>
</div>
<div class="section" id="obs_04_0027__section14686142085618"><h4 class="sectiontitle">Sample Request 4</h4><p id="obs_04_0027__p535914011568"><strong id="obs_04_0027__b1027820223524">Request to allow only the specified domain name and external link requests that have no referer headers by using the URL validation whitelist.</strong></p>
<p id="obs_04_0027__p26421231122611">URL validation whitelist: <strong id="obs_04_0027__b842352706161230">http://storage.example.com</strong></p>
<div class="codecoloring" codetype="Xml" id="obs_04_0027__screen125857101416"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre> 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26</pre></div></td><td class="code"><div class="highlight"><pre><span></span>PUT /?policy HTTP/1.1
Host: examplebucket.obs.region.example.com
Date: WED, 01 Jul 2015 02:34:34 GMT
Authorization: OBS H4IPJX0TQTHTHEBQQCEC:jZiAT8Vx4azWEvPRMWi0X5BpJMA=
{
&quot;Statement&quot;: [{
&quot;Effect&quot;: &quot;Deny&quot;,
&quot;Action&quot;: [
&quot;GetObject&quot;,
&quot;GetObjectVersion&quot;
],
&quot;Principal&quot;: {
&quot;ID&quot;: [&quot;*&quot;]
},
&quot;Resource&quot;: [&quot;examplebucket/*&quot;],
&quot;Condition&quot;: {
&quot;StringNotLike&quot;: {
&quot;Referer&quot;: [
&quot;http://storage.example.com*&quot;,
&quot;${null}&quot;
]
}
}
}]
}
</pre></div>
</td></tr></table></div>
</div>
<div class="section" id="obs_04_0027__section1062116195156"><h4 class="sectiontitle">Sample Response 4</h4><div class="codecoloring" codetype="Xml" id="obs_04_0027__screen20823429184315"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre>1
2
3
4
5
6</pre></div></td><td class="code"><div class="highlight"><pre><span></span>HTTP/1.1 204 No Content
x-obs-request-id: A603000001604A7DFE4A4AF31E301891
x-obs-id-2: BKOvGmTlt6sda5X4G89PuMO4fabObGYmnpRGkaMba1LqPt0fCACEuCMllAObRK1n
Date: WED, 01 Jul 2015 02:34:34 GMT
Content-Length: 0
Server: OBS
</pre></div>
</td></tr></table></div>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="obs_04_0026.html">Advanced Bucket Settings</a></div>
</div>
</div>
View Git Blame Copy Permalink