桶(Bucket)是 TOS 的全局唯一的命名空间,相当于数据的容器,用来储存对象(Object)数据。TOS针对桶(Bucket)资源的权限控制包括桶授权策略(Bucket Policy)和桶访问控制(Bucket ACL)。本文介绍如何通过 TOS Java SDK 管理桶的授权策略(Policy)。有关桶的访问控制管理请参考读写权限配置。
您可以通过 TOS Java SDK 的 putBucketPolicy 接口设置指定桶的授权策略。
注意
tos:PutBucketPolicy 权限。具体操作,请参见权限配置概述。tos:PutBucketPolicy 权限的用户可以任意更改桶策略,并可以通过此权限获取其他权限,建议您谨慎配置。以下代码展示如何设置桶的桶策略。
import com.volcengine.tos.TOSV2; import com.volcengine.tos.TOSV2ClientBuilder; import com.volcengine.tos.TosClientException; import com.volcengine.tos.TosServerException; import com.volcengine.tos.model.bucket.PutBucketPolicyInput; import com.volcengine.tos.model.bucket.PutBucketPolicyOutput; public class PutBucketPolicyExample { public static void main(String[] args) { String endpoint = "your endpoint"; String region = "your region"; String accessKey = System.getenv("TOS_ACCESS_KEY"); String secretKey = System.getenv("TOS_SECRET_KEY"); String bucketName = "your bucket name"; TOSV2 tos = new TOSV2ClientBuilder().build(region, endpoint, accessKey, secretKey); try{ // 如下 policy 中的 bucketName 需要替换为您的桶名 String policy = "{\"Statement\":[{\"Sid\":\"test\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Action\":[\"tos:Get*\",\"tos:List*\",\"tos:HeadBucket\"],\"Resource\":\"trn:tos:::bucketName\"}]}"; PutBucketPolicyInput input = new PutBucketPolicyInput().setBucket(bucketName).setPolicy(policy); PutBucketPolicyOutput output = tos.putBucketPolicy(input); System.out.println("putBucketPolicy succeed"); } catch (TosClientException e) { // 操作失败,捕获客户端异常,一般情况是请求参数错误,此时请求并未发送 System.out.println("putBucketPolicy failed"); System.out.println("Message: " + e.getMessage()); if (e.getCause() != null) { e.getCause().printStackTrace(); } } catch (TosServerException e) { // 操作失败,捕获服务端异常,可以获取到从服务端返回的详细错误信息 System.out.println("putBucketPolicy failed"); System.out.println("StatusCode: " + e.getStatusCode()); System.out.println("Code: " + e.getCode()); System.out.println("Message: " + e.getMessage()); System.out.println("RequestID: " + e.getRequestID()); } catch (Throwable t) { // 作为兜底捕获其他异常,一般不会执行到这里 System.out.println("putBucketPolicy failed"); System.out.println("unexpected exception, message: " + t.getMessage()); } } }
您可以通过 TOS Java SDK 的 getBucketPolicy 接口获取指定桶当前配置的桶策略。
注意
获取桶策略,您的账号必须具备 tos:GetBucketPolicy 权限,具体操作,请参见权限配置概述。
以下代码展示如何获取桶的桶策略。
import com.volcengine.tos.TOSV2; import com.volcengine.tos.TOSV2ClientBuilder; import com.volcengine.tos.TosClientException; import com.volcengine.tos.TosServerException; import com.volcengine.tos.model.bucket.GetBucketPolicyInput; import com.volcengine.tos.model.bucket.GetBucketPolicyOutput; public class GetBucketPolicyExample { public static void main(String[] args) { String endpoint = "your endpoint"; String region = "your region"; String accessKey = System.getenv("TOS_ACCESS_KEY"); String secretKey = System.getenv("TOS_SECRET_KEY"); String bucketName = "your bucket name"; TOSV2 tos = new TOSV2ClientBuilder().build(region, endpoint, accessKey, secretKey); try{ GetBucketPolicyInput input = new GetBucketPolicyInput().setBucket(bucketName); GetBucketPolicyOutput output = tos.getBucketPolicy(input); System.out.println("getBucketPolicy succeed, policy is " + output.getPolicy()); } catch (TosClientException e) { // 操作失败,捕获客户端异常,一般情况是请求参数错误,此时请求并未发送 System.out.println("getBucketPolicy failed"); System.out.println("Message: " + e.getMessage()); if (e.getCause() != null) { e.getCause().printStackTrace(); } } catch (TosServerException e) { // 操作失败,捕获服务端异常,可以获取到从服务端返回的详细错误信息 System.out.println("getBucketPolicy failed"); System.out.println("StatusCode: " + e.getStatusCode()); System.out.println("Code: " + e.getCode()); System.out.println("Message: " + e.getMessage()); System.out.println("RequestID: " + e.getRequestID()); } catch (Throwable t) { // 作为兜底捕获其他异常,一般不会执行到这里 System.out.println("getBucketPolicy failed"); System.out.println("unexpected exception, message: " + t.getMessage()); } } }
您可以通过 TOS Java SDK 的 deleteBucketPolicy 接口删除指定桶当前配置的桶策略。
注意
删除策略,您的账号必须具备 tos:DeleteBucketPolicy 权限,具体操作,请参见权限配置概述。
以下代码展示如何删除桶的桶策略。
import com.volcengine.tos.TOSV2; import com.volcengine.tos.TOSV2ClientBuilder; import com.volcengine.tos.TosClientException; import com.volcengine.tos.TosServerException; import com.volcengine.tos.model.bucket.DeleteBucketPolicyInput; import com.volcengine.tos.model.bucket.DeleteBucketPolicyOutput; public class DeleteBucketPolicyExample { public static void main(String[] args) { String endpoint = "your endpoint"; String region = "your region"; String accessKey = System.getenv("TOS_ACCESS_KEY"); String secretKey = System.getenv("TOS_SECRET_KEY"); String bucketName = "your bucket name"; TOSV2 tos = new TOSV2ClientBuilder().build(region, endpoint, accessKey, secretKey); try{ DeleteBucketPolicyInput input = new DeleteBucketPolicyInput().setBucket(bucketName); DeleteBucketPolicyOutput output = tos.deleteBucketPolicy(input); System.out.println("deleteBucketPolicy succeed, " + output); } catch (TosClientException e) { // 操作失败,捕获客户端异常,一般情况是请求参数错误,此时请求并未发送 System.out.println("deleteBucketPolicy failed"); System.out.println("Message: " + e.getMessage()); if (e.getCause() != null) { e.getCause().printStackTrace(); } } catch (TosServerException e) { // 操作失败,捕获服务端异常,可以获取到从服务端返回的详细错误信息 System.out.println("deleteBucketPolicy failed"); System.out.println("StatusCode: " + e.getStatusCode()); System.out.println("Code: " + e.getCode()); System.out.println("Message: " + e.getMessage()); System.out.println("RequestID: " + e.getRequestID()); } catch (Throwable t) { // 作为兜底捕获其他异常,一般不会执行到这里 System.out.println("deleteBucketPolicy failed"); System.out.println("unexpected exception, message: " + t.getMessage()); } } }
关于存储桶策略的更多信息,请参见存储桶授权策略管理。