Bucket Policy
S3-style access control on a bucket. See Core Concepts → Policy for the BucketPolicy type signature. Applying a non-empty policy implies BucketAccessMode.CUSTOM on the bucket.
| RPC | HTTP |
|---|---|
SetBucketPolicy | PUT /admin/buckets/:name/policy |
GetBucketPolicy | GET /admin/buckets/:name/policy |
DeleteBucketPolicy | DELETE /admin/buckets/:name/policy |
gRPC setup —
grpcurl, endpoints, reflection, and field-name casing — is covered once in Conventions → Using gRPC.
SetBucketPolicy
The HTTP body is the BucketPolicy value (the proto’s body: "policy" mapping makes the policy the top-level body, not a wrapper).
Request
HTTP
curl -sS -X PUT "https://k3.dev.dodil.io/admin/buckets/kb-prod/policy" \
-H "Authorization: Bearer $DODIL_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"version": "2024-01-01",
"statements": [
{
"sid": "allow-public-read",
"effect": "POLICY_EFFECT_ALLOW",
"principal": { "aws": ["*"] },
"actions": ["s3:GetObject"],
"resources": ["arn:aws:s3:::kb-prod/public/*"]
}
]
}'Response
A BucketPolicy — see Core Concepts → Policy.
GetBucketPolicy
Request
HTTP
curl -sS "https://k3.dev.dodil.io/admin/buckets/kb-prod/policy" \
-H "Authorization: Bearer $DODIL_TOKEN"Response
A BucketPolicy — see Core Concepts → Policy.
DeleteBucketPolicy
Request
HTTP
curl -sS -X DELETE "https://k3.dev.dodil.io/admin/buckets/kb-prod/policy" \
-H "Authorization: Bearer $DODIL_TOKEN"Response
Empty (DeleteBucketPolicyResponse {}).
See also
- Core Concepts → Policy —
BucketPolicytype - Buckets · CORS · Objects
- Conventions — auth, headers, error envelope
grpcurlreference — full flag set + reflection-disabled fallbacks