使用存储分区级层 IAM 政策将存储分区设为公开。
深入探索
如需查看包含此代码示例的详细文档,请参阅以下内容:
代码示例
C#
如需了解详情,请参阅 Cloud Storage C# API 参考文档。
using Google.Apis.Storage.v1.Data;
using Google.Cloud.Storage.V1;
using System;
using System.Collections.Generic;
public class MakePublicSample
{
public string MakePublic(
string bucketName = "your-unique-bucket-name",
string objectName = "your-object-name")
{
var storage = StorageClient.Create();
var storageObject = storage.GetObject(bucketName, objectName);
storageObject.Acl ??= new List<ObjectAccessControl>();
storage.UpdateObject(storageObject, new UpdateObjectOptions { PredefinedAcl = PredefinedObjectAcl.PublicRead });
Console.WriteLine(objectName + " is now public and can be fetched from " + storageObject.MediaLink);
return storageObject.MediaLink;
}
}
C++
如需了解详情,请参阅 Cloud Storage C++ API 参考文档。
namespace gcs = ::google::cloud::storage;
using ::google::cloud::StatusOr;
[](gcs::Client client, std::string const& bucket_name) {
auto current_policy = client.GetNativeBucketIamPolicy(
bucket_name, gcs::RequestedPolicyVersion(3));
if (!current_policy) {
throw std::runtime_error(current_policy.status().message());
}
current_policy->set_version(3);
current_policy->bindings().emplace_back(
gcs::NativeIamBinding("roles/storage.objectViewer", {"allUsers"}));
auto updated =
client.SetNativeBucketIamPolicy(bucket_name, *current_policy);
if (!updated) throw std::runtime_error(updated.status().message());
std::cout << "Policy successfully updated: " << *updated << "\n";
}
Go
如需了解详情,请参阅 Cloud Storage Go API 参考文档。
import (
"context"
"fmt"
"io"
"cloud.google.com/go/iam"
"cloud.google.com/go/storage"
iampb "google.golang.org/genproto/googleapis/iam/v1"
)
// setBucketPublicIAM makes all objects in a bucket publicly readable.
func setBucketPublicIAM(w io.Writer, bucketName string) error {
// bucketName := "bucket-name"
ctx := context.Background()
client, err := storage.NewClient(ctx)
if err != nil {
return fmt.Errorf("storage.NewClient: %v", err)
}
defer client.Close()
policy, err := client.Bucket(bucketName).IAM().V3().Policy(ctx)
if err != nil {
return fmt.Errorf("Bucket(%q).IAM().V3().Policy: %v", bucketName, err)
}
role := "roles/storage.objectViewer"
policy.Bindings = append(policy.Bindings, &iampb.Binding{
Role: role,
Members: []string{iam.AllUsers},
})
if err := client.Bucket(bucketName).IAM().V3().SetPolicy(ctx, policy); err != nil {
return fmt.Errorf("Bucket(%q).IAM().SetPolicy: %v", bucketName, err)
}
fmt.Fprintf(w, "Bucket %v is now publicly readable\n", bucketName)
return nil
}
Java
如需了解详情,请参阅 Cloud Storage Java API 参考文档。
import com.google.cloud.Identity;
import com.google.cloud.Policy;
import com.google.cloud.storage.Storage;
import com.google.cloud.storage.StorageOptions;
import com.google.cloud.storage.StorageRoles;
public class MakeBucketPublic {
public static void makeBucketPublic(String projectId, String bucketName) {
// The ID of your GCP project
// String projectId = "your-project-id";
// The ID of your GCS bucket
// String bucketName = "your-unique-bucket-name";
Storage storage = StorageOptions.newBuilder().setProjectId(projectId).build().getService();
Policy originalPolicy = storage.getIamPolicy(bucketName);
storage.setIamPolicy(
bucketName,
originalPolicy
.toBuilder()
.addIdentity(StorageRoles.objectViewer(), Identity.allUsers()) // All users can view
.build());
System.out.println("Bucket " + bucketName + " is now publicly readable");
}
}
Node.js
如需了解详情,请参阅 Cloud Storage Node.js API 参考文档。
/**
* TODO(developer): Uncomment the following lines before running the sample.
*/
// The ID of your GCS bucket
// const bucketName = 'your-unique-bucket-name';
// Imports the Google Cloud client library
const {Storage} = require('@google-cloud/storage');
// Creates a client
const storage = new Storage();
async function makeBucketPublic() {
await storage.bucket(bucketName).makePublic();
console.log(`Bucket ${bucketName} is now publicly readable`);
}
makeBucketPublic().catch(console.error);
PHP
如需了解详情,请参阅 Cloud Storage PHP API 参考文档。
use Google\Cloud\Storage\StorageClient;
/**
* Update the specified bucket's IAM configuration to make it publicly accessible.
*
* @param string $bucketName The name of your Cloud Storage bucket.
*/
function set_bucket_public_iam($bucketName)
{
// $bucketName = 'my-bucket';
$storage = new StorageClient();
$bucket = $storage->bucket($bucketName);
$policy = $bucket->iam()->policy(['requestedPolicyVersion' => 3]);
$policy['version'] = 3;
$role = 'roles/storage.objectViewer';
$members = ['allUsers'];
$policy['bindings'][] = [
'role' => $role,
'members' => $members
];
$bucket->iam()->setPolicy($policy);
printf('Bucket %s is now public', $bucketName);
}
Python
如需了解详情,请参阅 Cloud Storage Python API 参考文档。
from typing import List
from google.cloud import storage
def set_bucket_public_iam(
bucket_name: str = "your-bucket-name",
members: List[str] = ["allUsers"],
):
"""Set a public IAM Policy to bucket"""
# bucket_name = "your-bucket-name"
storage_client = storage.Client()
bucket = storage_client.bucket(bucket_name)
policy = bucket.get_iam_policy(requested_policy_version=3)
policy.bindings.append(
{"role": "roles/storage.objectViewer", "members": members}
)
bucket.set_iam_policy(policy)
print(f"Bucket {bucket.name} is now publicly readable")
Ruby
如需了解详情,请参阅 Cloud Storage Ruby API 参考文档。
def set_bucket_public_iam bucket_name:
# The ID of your GCS bucket
# bucket_name = "your-unique-bucket-name"
require "google/cloud/storage"
storage = Google::Cloud::Storage.new
bucket = storage.bucket bucket_name
bucket.policy do |p|
p.add "roles/storage.objectViewer", "allUsers"
end
puts "Bucket #{bucket_name} is now publicly readable"
end
后续步骤
如需搜索和过滤其他 Google Cloud 产品的代码示例,请参阅 Google Cloud 示例浏览器。