我的书签
添加书签
移除书签使用URL进行授权访问
更新时间: 2019-03-14 10:05
OBS客户端支持通过访问密钥、请求方法类型、请求参数等信息生成一个在Query参数中携带鉴权信息的URL,可将该URL提供给其他用户进行临时访问。在生成URL时,您需要指定URL的有效期来限制访客用户的访问时长。
如果您想授予其他用户对桶或对象临时进行其他操作的权限(例如上传或下载对象),则需要生成带对应请求的URL后(例如使用生成PUT请求的URL上传对象),将该URL提供给其他用户。
通过该方式可支持的操作以及相关信息见下表:
操作名 | HTTP请求方法 | 特殊操作符**(子资源) |
是否需要桶名 |
是否需要对象名** |
|---|---|---|---|---|
创建桶 | PUT | N/A | 是 | 否 |
获取桶列表 | GET | N/A | 否 | 否 |
删除桶 | DELETE | N/A | 是 | 否 |
列举桶内对象 | GET | N/A | 是 | 否 |
列举桶内多版本对象 | GET | versions | 是 | 否 |
列举分段上传任务 | GET | uploads | 是 | 否 |
获取桶元数据 | HEAD | N/A | 是 | 否 |
获取桶区域位置 | GET | location | 是 | 否 |
获取桶存量信息 | GET | storageinfo | 是 | 否 |
设置桶配额 | PUT | quota | 是 | 否 |
获取桶配额 | GET | quota | 是 | 否 |
设置桶存储类型 | PUT | storagePolicy | 是 | 否 |
获取桶存储类型 | GET | storagePolicy | 是 | 否 |
设置桶访问权限 | PUT | acl | 是 | 否 |
获取桶访问权限 | GET | acl | 是 | 否 |
开启/关闭桶日志 | PUT | logging | 是 | 否 |
查看桶日志 | GET | logging | 是 | 否 |
设置桶策略 | PUT | policy | 是 | 否 |
查看桶策略 | GET | policy | 是 | 否 |
删除桶策略 | DELETE | policy | 是 | 否 |
设置生命周期规则 | PUT | lifecycle | 是 | 否 |
查看生命周期规则 | GET | lifecycle | 是 | 否 |
删除生命周期规则 | DELETE | lifecycle | 是 | 否 |
设置托管配置 | PUT | website | 是 | 否 |
查看托管配置 | GET | website | 是 | 否 |
清除托管配置 | DELETE | website | 是 | 否 |
设置桶多版本状态 | PUT | versioning | 是 | 否 |
查看桶多版本状态 | GET | versioning | 是 | 否 |
设置跨域规则 | PUT | cors | 是 | 否 |
查看跨域规则 | GET | cors | 是 | 否 |
删除跨域规则 | DELETE | cors | 是 | 否 |
设置/关闭事件通知 | PUT | notification | 是 | 否 |
查看事件通知 | GET | notification | 是 | 否 |
OPTIONS桶 | OPTIONS | N/A | 是 | 否 |
设置桶标签 | PUT | tagging | 是 | 否 |
查看桶标签 | GET | tagging | 是 | 否 |
删除桶标签 | DELETE | tagging | 是 | 否 |
上传对象 | PUT | N/A | 是 | 是 |
下载对象 | GET | N/A | 是 | 是 |
复制对象 | PUT | N/A | 是 | 是 |
删除对象 | DELETE | N/A | 是 | 是 |
批量删除对象 | POST | delete | 是 | 是 |
获取对象属性 | HEAD | N/A | 是 | 是 |
设置对象访问权限 | PUT | acl | 是 | 是 |
查看对象访问权限 | GET | acl | 是 | 是 |
初始化分段上传任务 | POST | uploads | 是 | 是 |
上传段 | PUT | N/A | 是 | 是 |
复制段 | PUT | N/A | 是 | 是 |
列举已上传的段 | GET | N/A | 是 | 是 |
合并段 | POST | N/A | 是 | 是 |
取消分段上传任务 | DELETE | N/A | 是 | 是 |
OPTIONS对象 | OPTIONS | N/A | 是 | 是 |
取回归档存储对象 | POST | restore | 是 | 是 |
通过OBS Go SDK实现URL授权访问的步骤如下:
- 通过ObsClient.CreateSignedUrl生成带签名信息的URL。
- 使用任意HTTP库发送HTTP/HTTPS请求,访问OBS服务。
以下代码展示了如何使用URL进行授权访问,包括:创建桶、上传对象、下载对象、列举对象、删除对象。
创建桶
- // 引入依赖包
- import (
- "fmt"
- "obs"
- "strings"
- )
- var ak = "*** Provide your Access Key ***"
- var sk = "*** Provide your Secret Key ***"
- var endpoint = "https://your-endpoint"
- // 创建ObsClient结构体
- var obsClient, _ = obs.New(ak, sk, endpoint)
- func main() {
- input := &obs.CreateSignedUrlInput{}
- input.Expires = 3600
- // 创建桶
- input.Method = obs.HttpMethodPut
- input.Bucket = "bucketname"
- output, _ := obsClient.CreateSignedUrl(input)
- fmt.Printf("SignedUrl:%s\n", output.SignedUrl)
- fmt.Printf("ActualSignedRequestHeaders:%v\n", output.ActualSignedRequestHeaders)
- createBucketOutput, err := obsClient.CreateBucketWithSignedUrl(output.SignedUrl, output.ActualSignedRequestHeaders, strings.NewReader("<CreateBucketConfiguration><LocationConstraint>your-location</LocationConstraint></CreateBucketConfiguration>"))
- if err == nil {
- fmt.Printf("RequestId:%s\n", createBucketOutput.RequestId)
- } else if obsError, ok := err.(obs.ObsError); ok {
- fmt.Println("Code:%s\n", obsError.Code)
- fmt.Println("Message:%s\n", obsError.Message)
- }
- // 上传对象
- input.Method = obs.HttpMethodPut
- input.Bucket = "bucketname"
- input.Key = "objectkey"
- output, _ = obsClient.CreateSignedUrl(input)
- fmt.Printf("SignedUrl:%s\n", output.SignedUrl)
- fmt.Printf("ActualSignedRequestHeaders:%v\n", output.ActualSignedRequestHeaders)
- putObjectOutput, err := obsClient.PutObjectWithSignedUrl(output.SignedUrl, output.ActualSignedRequestHeaders, strings.NewReader("Hello OBS"))
- if err == nil {
- fmt.Printf("ETag:%s\n", putObjectOutput.ETag)
- } else if obsError, ok := err.(obs.ObsError); ok {
- fmt.Println("Code:%s\n", obsError.Code)
- fmt.Println("Message:%s\n", obsError.Message)
- }
- // 下载对象
- input.Method = obs.HttpMethodGet
- input.Bucket = "bucketname"
- input.Key = "objectkey"
- output, _ = obsClient.CreateSignedUrl(input)
- fmt.Printf("SignedUrl:%s\n", output.SignedUrl)
- fmt.Printf("ActualSignedRequestHeaders:%v\n", output.ActualSignedRequestHeaders)
- getObjectOutput, err := obsClient.GetObjectWithSignedUrl(output.SignedUrl, output.ActualSignedRequestHeaders)
- if err == nil {
- defer getObjectOutput.Body.Close()
- fmt.Printf("ETag:%s\n", getObjectOutput.ETag)
- } else if obsError, ok := err.(obs.ObsError); ok {
- fmt.Println("Code:%s\n", obsError.Code)
- fmt.Println("Message:%s\n", obsError.Message)
- }
- // 列举对象
- input.Method = obs.HttpMethodGet
- input.Bucket = "bucketname"
- input.Key = ""
- output, _ = obsClient.CreateSignedUrl(input)
- fmt.Printf("SignedUrl:%s\n", output.SignedUrl)
- fmt.Printf("ActualSignedRequestHeaders:%v\n", output.ActualSignedRequestHeaders)
- listObjectsOutput, err := obsClient.ListObjectsWithSignedUrl(output.SignedUrl, output.ActualSignedRequestHeaders)
- if err == nil {
- for index, val := range listObjectsOutput.Contents {
- fmt.Printf("Content[%d]-OwnerId:%s, OwnerName:%s, ETag:%s, Key:%s, LastModified:%s, Size:%d, StorageClass:%s\n",
- index, val.Owner.ID, val.Owner.DisplayName, val.ETag, val.Key, val.LastModified, val.Size, val.StorageClass)
- }
- } else if obsError, ok := err.(obs.ObsError); ok {
- fmt.Println("Code:%s\n", obsError.Code)
- fmt.Println("Message:%s\n", obsError.Message)
- }
- // 删除对象
- input.Method = obs.HttpMethodDelete
- input.Bucket = "bucketname"
- input.Key = "objectkey"
- output, _ = obsClient.CreateSignedUrl(input)
- fmt.Printf("SignedUrl:%s\n", output.SignedUrl)
- fmt.Printf("ActualSignedRequestHeaders:%v\n", output.ActualSignedRequestHeaders)
- deleteObjectOutput, err := obsClient.DeleteObjectWithSignedUrl(output.SignedUrl, output.ActualSignedRequestHeaders)
- if err == nil {
- fmt.Printf("RequestId:%s\n", deleteObjectOutput.RequestId)
- } else if obsError, ok := err.(obs.ObsError); ok {
- fmt.Println("Code:%s\n", obsError.Code)
- fmt.Println("Message:%s\n", obsError.Message)
- }
- }
上传对象
- // 引入依赖包
- import (
- "fmt"
- "obs"
- "strings"
- )
- var ak = "*** Provide your Access Key ***"
- var sk = "*** Provide your Secret Key ***"
- var endpoint = "https://your-endpoint"
- // 创建ObsClient结构体
- var obsClient, _ = obs.New(ak, sk, endpoint)
- func main() {
- input := &obs.CreateSignedUrlInput{}
- input.Expires = 3600
- // 上传对象
- input.Method = obs.HttpMethodPut
- input.Bucket = "bucketname"
- input.Key = "objectkey"
- output, _ = obsClient.CreateSignedUrl(input)
- fmt.Printf("SignedUrl:%s\n", output.SignedUrl)
- fmt.Printf("ActualSignedRequestHeaders:%v\n", output.ActualSignedRequestHeaders)
- putObjectOutput, err := obsClient.PutObjectWithSignedUrl(output.SignedUrl, output.ActualSignedRequestHeaders, strings.NewReader("Hello OBS"))
- if err == nil {
- fmt.Printf("ETag:%s\n", putObjectOutput.ETag)
- } else if obsError, ok := err.(obs.ObsError); ok {
- fmt.Println("Code:%s\n", obsError.Code)
- fmt.Println("Message:%s\n", obsError.Message)
- }
- }
下载对象
- // 引入依赖包
- import (
- "fmt"
- "obs"
- "strings"
- )
- var ak = "*** Provide your Access Key ***"
- var sk = "*** Provide your Secret Key ***"
- var endpoint = "https://your-endpoint"
- // 创建ObsClient结构体
- var obsClient, _ = obs.New(ak, sk, endpoint)
- func main() {
- input := &obs.CreateSignedUrlInput{}
- input.Expires = 3600
- // 下载对象
- input.Method = obs.HttpMethodGet
- input.Bucket = "bucketname"
- input.Key = "objectkey"
- output, _ = obsClient.CreateSignedUrl(input)
- fmt.Printf("SignedUrl:%s\n", output.SignedUrl)
- fmt.Printf("ActualSignedRequestHeaders:%v\n", output.ActualSignedRequestHeaders)
- getObjectOutput, err := obsClient.GetObjectWithSignedUrl(output.SignedUrl, output.ActualSignedRequestHeaders)
- if err == nil {
- defer getObjectOutput.Body.Close()
- fmt.Printf("ETag:%s\n", getObjectOutput.ETag)
- } else if obsError, ok := err.(obs.ObsError); ok {
- fmt.Println("Code:%s\n", obsError.Code)
- fmt.Println("Message:%s\n", obsError.Message)
- }
- }
列举对象
- // 引入依赖包
- import (
- "fmt"
- "obs"
- "strings"
- )
- var ak = "*** Provide your Access Key ***"
- var sk = "*** Provide your Secret Key ***"
- var endpoint = "https://your-endpoint"
- // 创建ObsClient结构体
- var obsClient, _ = obs.New(ak, sk, endpoint)
- func main() {
- input := &obs.CreateSignedUrlInput{}
- input.Expires = 3600
- // 列举对象
- input.Method = obs.HttpMethodGet
- input.Bucket = "bucketname"
- output, _ = obsClient.CreateSignedUrl(input)
- fmt.Printf("SignedUrl:%s\n", output.SignedUrl)
- fmt.Printf("ActualSignedRequestHeaders:%v\n", output.ActualSignedRequestHeaders)
- listObjectsOutput, err := obsClient.ListObjectsWithSignedUrl(output.SignedUrl, output.ActualSignedRequestHeaders)
- if err == nil {
- for index, val := range listObjectsOutput.Contents {
- fmt.Printf("Content[%d]-OwnerId:%s, OwnerName:%s, ETag:%s, Key:%s, LastModified:%s, Size:%d, StorageClass:%s\n",
- index, val.Owner.ID, val.Owner.DisplayName, val.ETag, val.Key, val.LastModified, val.Size, val.StorageClass)
- }
- } else if obsError, ok := err.(obs.ObsError); ok {
- fmt.Println("Code:%s\n", obsError.Code)
- fmt.Println("Message:%s\n", obsError.Message)
- }
- }
删除对象
- // 引入依赖包
- import (
- "fmt"
- "obs"
- "strings"
- )
- var ak = "*** Provide your Access Key ***"
- var sk = "*** Provide your Secret Key ***"
- var endpoint = "https://your-endpoint"
- // 创建ObsClient结构体
- var obsClient, _ = obs.New(ak, sk, endpoint)
- func main() {
- input := &obs.CreateSignedUrlInput{}
- input.Expires = 3600
- // 删除对象
- input.Method = obs.HttpMethodDelete
- input.Bucket = "bucketname"
- input.Key = "objectkey"
- output, _ = obsClient.CreateSignedUrl(input)
- fmt.Printf("SignedUrl:%s\n", output.SignedUrl)
- fmt.Printf("ActualSignedRequestHeaders:%v\n", output.ActualSignedRequestHeaders)
- deleteObjectOutput, err := obsClient.DeleteObjectWithSignedUrl(output.SignedUrl, output.ActualSignedRequestHeaders)
- if err == nil {
- fmt.Printf("RequestId:%s\n", deleteObjectOutput.RequestId)
- } else if obsError, ok := err.(obs.ObsError); ok {
- fmt.Println("Code:%s\n", obsError.Code)
- fmt.Println("Message:%s\n", obsError.Message)
- }
- }
父主题:授权访问
