ACS-OSS-PutBucketPolicy.json

{
  "FormatVersion": "OOS-2019-06-01",
  "Description": {
    "en": "Put the bucket policy",
    "zh-cn": "设置存储空间授权策略",
    "name-en": "ACS-OSS-PutBucketPolicy",
    "name-zh-cn": "设置存储空间授权策略",
    "categories": [
      "security"
    ]
  },
  "Parameters": {
    "regionId": {
      "Type": "String",
      "Label": {
        "en": "RegionId",
        "zh-cn": "地域ID"
      },
      "AssociationProperty": "RegionId",
      "Default": "{{ ACS::RegionId }}"
    },
    "bucketName": {
      "Label": {
        "en": "BucketName",
        "zh-cn": "OSS bucket 名称"
      },
      "Type": "String"
    },
    "bucketPolicy": {
      "Label": {
        "en": "BucketPolicy",
        "zh-cn": "存储空间授权策略"
      },
      "Description": {
        "en": "(for example:{\"Version\":\"1\",\"Statement\":[{\"Action\":[\"oss:PutObject\",\"oss:GetObject\"],\"Effect\":\"Deny\",\"Principal\":[\"1234567890\"],\"Resource\":[\"acs:oss:*:1234567890:*/*\"]}]}).",
        "zh-cn": "（例子：{\"Version\":\"1\",\"Statement\":[{\"Action\":[\"oss:PutObject\",\"oss:GetObject\"],\"Effect\":\"Deny\",\"Principal\":[\"1234567890\"],\"Resource\":[\"acs:oss:*:1234567890:*/*\"]}]}）。"
      },
      "Type": "Json"
    },
    "OOSAssumeRole": {
      "Label": {
        "en": "OOSAssumeRole",
        "zh-cn": "OOS扮演的RAM角色"
      },
      "Type": "String",
      "Default": ""
    }
  },
  "RamRole": "{{ OOSAssumeRole }}",
  "Tasks": [
    {
      "Name": "putBucketPolicy",
      "Action": "ACS::ExecuteAPI",
      "Description": {
        "en": "Put the bucket policy",
        "zh-cn": "设置存储空间的授权策略"
      },
      "Properties": {
        "Service": "OSS",
        "API": "PutBucketPolicy",
        "Method": "PUT",
        "URI": "?policy",
        "Headers": {
          "Content-MD5": "",
          "Content-Type": "application/json"
        },
        "Parameters": {
          "BucketName": "{{ bucketName }}",
          "RegionId": "{{ regionId }}"
        },
        "Body": "{{ bucketPolicy }}"
      }
    },
    {
      "Name": "waitBucketPolicy",
      "Action": "ACS::WaitFor",
      "Description": {
        "en": "Wait for the authorization policy of the storage space to take effect",
        "zh-cn": "等待存储空间的授权策略生效"
      },
      "Properties": {
        "Service": "OSS",
        "API": "GetBucketPolicy",
        "Method": "GET",
        "URI": "?policy",
        "Headers": {},
        "Parameters": {
          "BucketName": "{{ bucketName }}",
          "RegionId": "{{ regionId }}"
        },
        "DesiredValues": [
          "{{ bucketPolicy }}"
        ],
        "PropertySelector": "."
      }
    }
  ],
  "Outputs": {
    "policyInfo": {
      "Type": "Json",
      "Value": {
        "bucketName": "{{ bucketName }}",
        "bucketPolicy": "{{ bucketPolicy }}"
      }
    }
  }
}