Oracle Cloud Infrastructure Documentation

Creating a Preauthenticated Request for All Objects in a Bucket

On Private Cloud Appliance, you can create preauthenticated requests for all objects in a bucket using the OCI CLI and API.

Important

Immediately after creating the request, copy the access-uri to durable storage.

The unique access-uri provided by the system is the only way to construct a URL that a user can use to access the bucket or object specified as the request target.

The access-uri is displayed only at the time of creation and can't be retrieved later.

To construct a URL from the unique access-uri, see Constructing the Preauthenticated Request URL.

Note

Listing objects in a bucket is denied by default. If the --access-type is AnyObjectRead or AnyObjectReadWrite, you can specify the optional --bucket-listing-action ListObjects parameter when creating the preauthenticated request that lets users list the objects in the bucket.

  • This task isn't available in the Compute Web UI.

  • Use the oci os preauth-request create command and required parameters to create a preauthenticated request for all objects in a bucket.

    oci os preauth-request create --namespace-name <object_storage_namespace> --bucket-name <bucket_name> --name <preauthenticated_request_name> --access-type <access_value> --time-expires <timestamp> [OPTIONS]

    For access type, use one of these values:

    • AnyObjectRead permits reads on all objects in the bucket.

    • AnyObjectWrite permits writes to all objects in the bucket.

    • AnyObjectReadWrite permits reads and writes to all objects in the bucket.

    time-expires is a required argument and must be an RFC 3339 timestamp. For example: 2017-09-01T00:09:51.000+02:00.

    This example creates a preauthenticated request that allows reads and writes to all objects in the bucket:

     oci os preauth-request create --namespace-name examplenamespace --bucket-name MyBucket --name PAR-all-objectsRW --access-type AnyObjectWrite --time-expires '2021-07-30 23:55'
{
  "data": {
    "access-type": "AnyObjectWrite",
    "access-uri": "/p/KOCRWzqBilJmIsaBbJNelKLWcOxwRLq/n/examplenamespace/b/MyBucket/o/",
    "id": "783cd56b-9df5-4518-aacf-f523deae5102",
    "name": "PAR-all-objectsRW",
    "object-name": null,
    "time-created": "2021-06-10T20:49:11+00:00",
    "time-expires": "2021-07-30T23:54:59+00:00"
  }
}

    For a complete list of CLI commands, flags, and options, see the Command Line Reference.

  • Use the CreatePreauthenticatedRequest operation to create a preauthenticated request for all objects in a bucket.

    For information about using the API and signing requests, see REST APIs and Security Credentials. For information about SDKs, see Software Development Kits and Command Line Interface.