(Tcl) S3 Get Bucket Policy

Demonstrates how to send a GET request to fetch the policy of a specified bucket. The following information is quoted from the AWS REST API reference documentation at http://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETpolicy.html

To use this operation, you must have GetPolicy permissions on the specified bucket, and you must be the bucket owner.

If you don't have GetPolicy permissions, Amazon S3 returns a 403 Access Denied error. If you have the correct permissions, but you're not the bucket owner, Amazon S3 returns a 405 Method Not Allowed error. If the bucket does not have a policy, Amazon S3 returns a 404 Policy Not found error. There are restrictions about who can create bucket policies and which objects in a bucket they can apply to. For more information, go to Using Bucket Policies.

Important: This example requires Chilkat v9.5.0.66 or greater.

Chilkat Tcl Extension Downloads Chilkat Tcl Extension Downloads

load ./chilkat.dll

# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

# Important: This example requires Chilkat v9.5.0.66 or greater.

set rest [new_CkRest]

# Connect to the Amazon AWS REST server in the desired region.
set bTls 1
set port 443
set bAutoReconnect 1
set success [CkRest_Connect $rest "s3-us-west-2.amazonaws.com" $port $bTls $bAutoReconnect]

# Provide AWS credentials.
set authAws [new_CkAuthAws]

CkAuthAws_put_AccessKey $authAws "AWS_ACCESS_KEY"
CkAuthAws_put_SecretKey $authAws "AWS_SECRET_KEY"
CkAuthAws_put_ServiceName $authAws "s3"

# This particular bucket is in the Oregon region, as opposed to the US Standard,
# therefore the Region must be set appropriately.
# Also note that we connected to "s3-us-west-2.amazonaws.com".
CkAuthAws_put_Region $authAws "us-west-2"

set success [CkRest_SetAuthAws $rest $authAws]

# Note: The above REST connection and setup of the AWS credentials
# can be done once.  After connecting, any number of REST calls can be made.
# The "auto reconnect" property passed to rest.Connect indicates that if
# the connection is lost, a REST method call will automatically reconnect
# if needed.
# --------------------------------------------------------------------------

# Set the bucket name via the HOST header.
# In this case, the bucket name is "chilkat.ocean".
# Note that the Host header should use "bucketName.s3.amazonaws.com", not "bucketName.s3-us-west-2.amazonaws.com"
CkRest_put_Host $rest "chilkat.ocean.s3.amazonaws.com"

# Get the policy.
set responseJsonStr [CkRest_fullRequestNoBody $rest "GET" "/?policy"]
if {[CkRest_get_LastMethodSuccess $rest] != 1} then {
    puts [CkRest_lastErrorText $rest]
    delete_CkRest $rest
    delete_CkAuthAws $authAws
    exit
}

# When successful, the S3 Storage service will respond with a 200 response code,
# with an XML body.  
if {[CkRest_get_ResponseStatusCode $rest] != 200} then {
    # Examine the request/response to see what happened.
    puts "response status code = [CkRest_get_ResponseStatusCode $rest]"
    puts "response status text = [CkRest_responseStatusText $rest]"
    puts "response header: [CkRest_responseHeader $rest]"
    puts "response body: $responseJsonStr"
    puts "---"
    puts "LastRequestStartLine: [CkRest_lastRequestStartLine $rest]"
    puts "LastRequestHeader: [CkRest_lastRequestHeader $rest]"
}

puts "response body: $responseJsonStr"

# Load the JSON and display in a more human-readable manner:
set json [new_CkJsonObject]

CkJsonObject_Load $json $responseJsonStr
CkJsonObject_put_EmitCompact $json 0
puts [CkJsonObject_emit $json]

# Sample output:

# 	{ 
# 	  "Version": "2012-10-17",
# 	  "Statement": [
# 	    { 
# 	      "Effect": "Allow",
# 	      "Resource": "arn:aws:s3.asp">chilkat.ocean/",
# 	      "Principal": "*"
# 	    }
# 	  ]
# 	}
# 

delete_CkRest $rest
delete_CkAuthAws $authAws
delete_CkJsonObject $json