qcloud bucket task

2026-06-20 11:22:19 +08:00 · 2020-11-16 12:06:32 +08:00
parent df82c0808f
commit da4150e5ca
42 changed files with 2107 additions and 70 deletions
--- a/cmd/climc/shell/compute/buckets.go
+++ b/cmd/climc/shell/compute/buckets.go
@@ -342,4 +342,141 @@ func init() {
 		printObject(result)
 		return nil
 	})
+
+	type BucketSetWebsiteOption struct {
+		ID string `help:"ID or name of bucket" json:"-"`
+		// 主页
+		Index string `help:"main page"`
+		// 错误时返回的文档
+		ErrorDocument string `help:"error return"`
+		// http或https
+		Protocol string `help:"force https" choices:"http|https"`
+	}
+	R(&BucketSetWebsiteOption{}, "bucket-set-website", "Set bucket website", func(s *mcclient.ClientSession, args *BucketSetWebsiteOption) error {
+		conf := api.BucketWebsiteConf{
+			Index:         args.Index,
+			ErrorDocument: args.ErrorDocument,
+			Protocol:      args.Protocol,
+		}
+		result, err := modules.Buckets.PerformAction(s, args.ID, "set-website", jsonutils.Marshal(conf))
+		if err != nil {
+			return err
+		}
+		printObject(result)
+		return nil
+	})
+
+	type BucketGetWebsiteConfOption struct {
+		ID string `help:"ID or name of bucket" json:"-"`
+	}
+	R(&BucketGetWebsiteConfOption{}, "bucket-get-website", "Get bucket website", func(s *mcclient.ClientSession, args *BucketGetWebsiteConfOption) error {
+		result, err := modules.Buckets.GetSpecific(s, args.ID, "website", nil)
+		if err != nil {
+			return err
+		}
+		printObject(result)
+		return nil
+	})
+
+	type BucketDeleteWebsiteConfOption struct {
+		ID string `help:"ID or name of bucket" json:"-"`
+	}
+	R(&BucketDeleteWebsiteConfOption{}, "bucket-delete-website", "Delete bucket website", func(s *mcclient.ClientSession, args *BucketDeleteWebsiteConfOption) error {
+		result, err := modules.Buckets.PerformAction(s, args.ID, "delete-website", nil)
+		if err != nil {
+			return err
+		}
+		printObject(result)
+		return nil
+	})
+
+	type BucketSetCorsOption struct {
+		ID             string   `help:"ID or name of bucket" json:"-"`
+		AllowedMethods []string `help:"allowed http method" choices:"PUT|GET|POST|DELETE|HEAD"`
+		// 允许的源站，可以设为*
+		AllowedOrigins []string
+		AllowedHeaders []string
+		MaxAgeSeconds  int
+		ExposeHeaders  []string
+	}
+	R(&BucketSetCorsOption{}, "bucket-set-cors", "Set bucket cors", func(s *mcclient.ClientSession, args *BucketSetCorsOption) error {
+
+		rule := api.BucketCORSRule{
+			AllowedOrigins: args.AllowedOrigins,
+			AllowedMethods: args.AllowedMethods,
+			AllowedHeaders: args.AllowedHeaders,
+			MaxAgeSeconds:  args.MaxAgeSeconds,
+			ExposeHeaders:  args.ExposeHeaders,
+		}
+		rules := api.BucketCORSRules{Rules: []api.BucketCORSRule{rule}}
+		result, err := modules.Buckets.PerformAction(s, args.ID, "set-cors", jsonutils.Marshal(rules))
+		if err != nil {
+			return err
+		}
+		printObject(result)
+		return nil
+	})
+
+	type BucketGetCorsOption struct {
+		ID string `help:"ID or name of bucket" json:"-"`
+	}
+	R(&BucketGetCorsOption{}, "bucket-get-cors", "Get bucket cors", func(s *mcclient.ClientSession, args *BucketGetCorsOption) error {
+		result, err := modules.Buckets.GetSpecific(s, args.ID, "cors", nil)
+		if err != nil {
+			return err
+		}
+		printObject(result)
+		return nil
+	})
+
+	type BucketDeleteCorsOption struct {
+		ID string `help:"ID or name of bucket" json:"-"`
+	}
+	R(&BucketGetWebsiteConfOption{}, "bucket-delete-cors", "Delete bucket cors", func(s *mcclient.ClientSession, args *BucketGetWebsiteConfOption) error {
+		result, err := modules.Buckets.PerformAction(s, args.ID, "delete-cors", nil)
+		if err != nil {
+			return err
+		}
+		printObject(result)
+		return nil
+	})
+
+	type BucketSetRefererOption struct {
+		ID string `help:"ID or name of bucket" json:"-"`
+		// 是否开启防盗链
+		Enabled bool `help:"enable refer"`
+		// Black-List、White-List
+		Type string `help:"domain list type" choices:"Black-List|White-List"`
+		// 域名列表
+		DomainList []string
+		// 是否允许空referer 访问
+		AllowEmptyRefer bool `help:"all empty refer access"`
+	}
+	R(&BucketSetRefererOption{}, "bucket-set-referer", "Set bucket referer", func(s *mcclient.ClientSession, args *BucketSetRefererOption) error {
+		conf := api.BucketRefererConf{
+			Enabled:         args.Enabled,
+			Type:            args.Type,
+			DomainList:      args.DomainList,
+			AllowEmptyRefer: args.AllowEmptyRefer,
+		}
+		result, err := modules.Buckets.PerformAction(s, args.ID, "set-referer", jsonutils.Marshal(conf))
+		if err != nil {
+			return err
+		}
+		printObject(result)
+		return nil
+	})
+
+	type BucketGetRefererOption struct {
+		ID string `help:"ID or name of bucket" json:"-"`
+	}
+	R(&BucketGetRefererOption{}, "bucket-get-referer", "get bucket referer", func(s *mcclient.ClientSession, args *BucketGetRefererOption) error {
+		result, err := modules.Buckets.GetSpecific(s, args.ID, "referer", nil)
+		if err != nil {
+			return err
+		}
+		printObject(result)
+		return nil
+	})
+
 }
--- a/go.mod
+++ b/go.mod
@@ -106,7 +106,7 @@ require (
 	github.com/spaolacci/murmur3 v1.1.0 // indirect
 	github.com/stretchr/testify v1.5.1
 	github.com/tencentcloud/tencentcloud-sdk-go v3.0.135+incompatible
-	github.com/tencentyun/cos-go-sdk-v5 v0.0.0-20191108095731-8ca4b370cde4
+	github.com/tencentyun/cos-go-sdk-v5 v0.7.10
 	github.com/tinylib/msgp v1.1.0 // indirect
 	github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5 // indirect
 	github.com/tredoe/osutil v0.0.0-20161130133508-7d3ee1afa71c
--- a/go.sum
+++ b/go.sum
@@ -732,8 +732,8 @@ github.com/syncthing/syncthing v0.14.48-rc.4/go.mod h1:nw3siZwHPA6M8iSfjDCWQ402e
 github.com/syndtr/gocapability v0.0.0-20160928074757-e7cb7fa329f4/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
 github.com/tencentcloud/tencentcloud-sdk-go v3.0.135+incompatible h1:QIMoFqKCmNp4HPLiTR+couZbHsIZfoOllncHYvtqse8=
 github.com/tencentcloud/tencentcloud-sdk-go v3.0.135+incompatible/go.mod h1:0PfYow01SHPMhKY31xa+EFz2RStxIqj6JFAJS+IkCi4=
-github.com/tencentyun/cos-go-sdk-v5 v0.0.0-20191108095731-8ca4b370cde4 h1:wVKDVTKxaf0ll8ONv22Q+cazYSSmcWt7JJOeQD0LoKQ=
-github.com/tencentyun/cos-go-sdk-v5 v0.0.0-20191108095731-8ca4b370cde4/go.mod h1:wk2XFUg6egk4tSDNZtXeKfe2G6690UVyt163PuUxBZk=
+github.com/tencentyun/cos-go-sdk-v5 v0.7.10 h1:hJPLdR4RPsnubB3M9qXNBeUbcOJMVANnO/L6Att/PZU=
+github.com/tencentyun/cos-go-sdk-v5 v0.7.10/go.mod h1:wQBO5HdAkLjj2q6XQiIfDSP8DXDNrppDRw2Kp/1BODA=
 github.com/texttheater/golang-levenshtein v0.0.0-20180516184445-d188e65d659e h1:T5PdfK/M1xyrHwynxMIVMWLS7f/qHwfslZphxtGnw7s=
 github.com/texttheater/golang-levenshtein v0.0.0-20180516184445-d188e65d659e/go.mod h1:XDKHRm5ThF8YJjx001LtgelzsoaEcvnA7lVWz9EeX3g=
 github.com/thecodeteam/goscaleio v0.1.0/go.mod h1:68sdkZAsK8bvEwBlbQnlLS+xU+hvLYM/iQ8KXej1AwM=
--- a/pkg/apis/compute/bucket.go
+++ b/pkg/apis/compute/bucket.go
@@ -182,3 +182,81 @@ type BucketGetObjectsOutput struct {
 	// 下一页请求的paging_marker标识
 	NextMarker string `json:"next_marker"`
 }
+
+type BucketWebsiteRoutingRule struct {
+	ConditionErrorCode string
+	ConditionPrefix    string
+
+	RedirectProtocol         string
+	RedirectReplaceKey       string
+	RedirectReplaceKeyPrefix string
+}
+
+type BucketWebsiteConf struct {
+	// 主页
+	Index string
+	// 错误时返回的文档
+	ErrorDocument string
+	// http或https
+	Protocol string
+
+	Rules []BucketWebsiteRoutingRule
+	// 访问网站url
+	Url string
+}
+
+func (input *BucketWebsiteConf) Validate() error {
+	if len(input.Index) == 0 {
+		return httperrors.NewMissingParameterError("index")
+	}
+	if len(input.ErrorDocument) == 0 {
+		return httperrors.NewMissingParameterError("error_document")
+	}
+	if len(input.Protocol) == 0 {
+		return httperrors.NewMissingParameterError("protocol")
+	}
+	return nil
+}
+
+type BucketCORSRule struct {
+	AllowedMethods []string
+	// 允许的源站，可以是*
+	AllowedOrigins []string
+	AllowedHeaders []string
+	MaxAgeSeconds  int
+	ExposeHeaders  []string
+}
+
+type BucketCORSRules struct {
+	Rules []BucketCORSRule
+}
+
+func (input *BucketCORSRules) Validate() error {
+	for i := range input.Rules {
+		if len(input.Rules[i].AllowedOrigins) == 0 {
+			return httperrors.NewMissingParameterError("allowed_origins")
+		}
+		if len(input.Rules[i].AllowedMethods) == 0 {
+			return httperrors.NewMissingParameterError("allowed_methods")
+		}
+	}
+	return nil
+}
+
+type BucketRefererConf struct {
+	// 是否开启防盗链
+	Enabled bool
+	// Black-List、White-List
+	Type string
+	// 域名列表
+	DomainList []string
+	// 是否允许空refer 访问
+	AllowEmptyRefer bool
+}
+
+func (input *BucketRefererConf) Validate() error {
+	if len(input.DomainList) == 0 {
+		return httperrors.NewMissingParameterError("domain_list")
+	}
+	return nil
+}
--- a/pkg/cloudcommon/db/opslog_const.go
+++ b/pkg/cloudcommon/db/opslog_const.go
@@ -241,9 +241,14 @@ const (
 	ACT_HOST_MAINTENANCE                 = "host_maintenance"
 	ACT_HOST_DOWN                        = "host_down"

-	ACT_UPLOAD_OBJECT = "upload_obj"
-	ACT_DELETE_OBJECT = "delete_obj"
-	ACT_MKDIR         = "mkdir"
+	ACT_UPLOAD_OBJECT  = "upload_obj"
+	ACT_DELETE_OBJECT  = "delete_obj"
+	ACT_MKDIR          = "mkdir"
+	ACT_SET_WEBSITE    = "set_website"
+	ACT_DELETE_WEBSITE = "delete_website"
+	ACT_SET_CORS       = "set_cors"
+	ACT_DELETE_CORS    = "delete_cors"
+	ACT_SET_REFERER    = "set_referer"

 	ACT_GRANT_PRIVILEGE  = "grant_privilege"
 	ACT_REVOKE_PRIVILEGE = "revoke_privilege"
--- a/pkg/cloudprovider/objectstore.go
+++ b/pkg/cloudprovider/objectstore.go
@@ -76,6 +76,50 @@ type SBucketAccessUrl struct {
 	Primary     bool
 }

+type SBucketWebsiteRoutingRule struct {
+	ConditionErrorCode string
+	ConditionPrefix    string
+
+	RedirectProtocol         string
+	RedirectReplaceKey       string
+	RedirectReplaceKeyPrefix string
+}
+
+type SBucketWebsiteConf struct {
+	// 主页
+	Index string
+	// 错误时返回的文档
+	ErrorDocument string
+	// http或https
+	Protocol string
+
+	Rules []SBucketWebsiteRoutingRule
+	// 网站访问url,一般由bucketid，region等组成
+	Url string
+}
+
+type SBucketCORSRule struct {
+	AllowedMethods []string
+	// 允许的源站，可以设为*
+	AllowedOrigins []string
+	AllowedHeaders []string
+	MaxAgeSeconds  int
+	ExposeHeaders  []string
+}
+
+type SBucketRefererConf struct {
+	// conf id
+	Id string
+	// 是否开启防盗链
+	Enabled bool
+	// Black-List、White-List
+	Type string
+	// 域名列表
+	DomainList []string
+	// 是否允许空referer 访问
+	AllowEmptyRefer bool
+}
+
 type SBaseCloudObject struct {
 	Key          string
 	SizeBytes    int64
@@ -165,6 +209,17 @@ type ICloudBucket interface {
 	CopyPart(ctx context.Context, key string, uploadId string, partIndex int, srcBucketName string, srcKey string, srcOffset int64, srcLength int64) (string, error)
 	CompleteMultipartUpload(ctx context.Context, key string, uploadId string, partEtags []string) error
 	AbortMultipartUpload(ctx context.Context, key string, uploadId string) error
+
+	SetWebsite(conf SBucketWebsiteConf) error
+	GetWebsiteConf() (SBucketWebsiteConf, error)
+	DeleteWebSiteConf() error
+
+	SetCORS(rules []SBucketCORSRule) error
+	GetCORSRules() ([]SBucketCORSRule, error)
+	DeleteCORS() error
+
+	SetReferer(conf SBucketRefererConf) error
+	GetReferer() (SBucketRefererConf, error)
 }

 type ICloudObject interface {
--- a/pkg/compute/models/buckets.go
+++ b/pkg/compute/models/buckets.go
@@ -1230,6 +1230,292 @@ func (bucket *SBucket) GetDetailsAcl(
 	return output, nil
 }

+func (bucket *SBucket) AllowPerformSetWebsite(
+	userCred mcclient.TokenCredential,
+	query jsonutils.JSONObject,
+	input api.BucketWebsiteConf,
+) bool {
+	return bucket.IsOwner(userCred)
+}
+
+func (bucket *SBucket) PerformSetWebsite(
+	ctx context.Context,
+	userCred mcclient.TokenCredential,
+	query jsonutils.JSONObject,
+	input api.BucketWebsiteConf,
+) (jsonutils.JSONObject, error) {
+	err := input.Validate()
+	if err != nil {
+		return nil, err
+	}
+	iBucket, err := bucket.GetIBucket()
+	if err != nil {
+		return nil, errors.Wrap(err, "GetIBucket")
+	}
+	bucketWebsiteConf := cloudprovider.SBucketWebsiteConf{
+		Index:         input.Index,
+		ErrorDocument: input.ErrorDocument,
+		Protocol:      input.Protocol,
+	}
+	for i := range input.Rules {
+		bucketWebsiteConf.Rules = append(bucketWebsiteConf.Rules, cloudprovider.SBucketWebsiteRoutingRule{
+			ConditionErrorCode: input.Rules[i].ConditionErrorCode,
+			ConditionPrefix:    input.Rules[i].ConditionPrefix,
+
+			RedirectProtocol:         input.Rules[i].RedirectProtocol,
+			RedirectReplaceKey:       input.Rules[i].RedirectReplaceKey,
+			RedirectReplaceKeyPrefix: input.Rules[i].RedirectReplaceKeyPrefix,
+		})
+	}
+	err = iBucket.SetWebsite(bucketWebsiteConf)
+	if err != nil {
+		return nil, httperrors.NewInternalServerError("iBucket.SetWebsite error %s", err)
+	}
+	db.OpsLog.LogEvent(bucket, db.ACT_SET_WEBSITE, bucketWebsiteConf, userCred)
+	logclient.AddActionLogWithContext(ctx, bucket, logclient.ACT_SET_WEBSITE, bucketWebsiteConf, userCred, true)
+	return nil, nil
+}
+
+func (bucket *SBucket) AllowPerformDeleteWebsite(
+	userCred mcclient.TokenCredential,
+	query jsonutils.JSONObject,
+	input api.BucketWebsiteConf,
+) bool {
+	return bucket.IsOwner(userCred)
+}
+
+func (bucket *SBucket) PerformDeleteWebsite(
+	ctx context.Context,
+	userCred mcclient.TokenCredential,
+	query jsonutils.JSONObject,
+	input jsonutils.JSONObject,
+) (jsonutils.JSONObject, error) {
+	iBucket, err := bucket.GetIBucket()
+	if err != nil {
+		return nil, errors.Wrap(err, "GetIBucket")
+	}
+	err = iBucket.DeleteWebSiteConf()
+	if err != nil {
+		return nil, httperrors.NewInternalServerError("iBucket.DeleteWebSiteConf error %s", err)
+	}
+	db.OpsLog.LogEvent(bucket, db.ACT_DELETE_WEBSITE, "", userCred)
+	logclient.AddActionLogWithContext(ctx, bucket, logclient.ACT_DELETE_WEBSITE, "", userCred, true)
+	return nil, nil
+}
+
+func (bucket *SBucket) AllowGetDetailsWebsite(
+	ctx context.Context,
+	userCred mcclient.TokenCredential,
+	query jsonutils.JSONObject,
+) bool {
+	return bucket.IsOwner(userCred)
+}
+
+func (bucket *SBucket) GetDetailsWebsite(
+	ctx context.Context,
+	userCred mcclient.TokenCredential,
+	input jsonutils.JSONObject,
+) (api.BucketWebsiteConf, error) {
+	websiteConf := api.BucketWebsiteConf{}
+	iBucket, err := bucket.GetIBucket()
+	if err != nil {
+		return websiteConf, errors.Wrap(err, "GetIBucket")
+	}
+	conf, err := iBucket.GetWebsiteConf()
+	if err != nil {
+		return websiteConf, httperrors.NewInternalServerError("iBucket.GetWebsiteConf error %s", err)
+	}
+
+	websiteConf.Index = conf.Index
+	websiteConf.ErrorDocument = conf.ErrorDocument
+	websiteConf.Protocol = conf.Protocol
+	websiteConf.Url = conf.Url
+
+	for i := range conf.Rules {
+		websiteConf.Rules = append(websiteConf.Rules, api.BucketWebsiteRoutingRule{
+			ConditionErrorCode: conf.Rules[i].ConditionErrorCode,
+			ConditionPrefix:    conf.Rules[i].ConditionPrefix,
+
+			RedirectProtocol:         conf.Rules[i].RedirectProtocol,
+			RedirectReplaceKey:       conf.Rules[i].RedirectReplaceKey,
+			RedirectReplaceKeyPrefix: conf.Rules[i].RedirectReplaceKeyPrefix,
+		})
+	}
+	return websiteConf, nil
+}
+
+func (bucket *SBucket) AllowPerformSetCors(
+	userCred mcclient.TokenCredential,
+	query jsonutils.JSONObject,
+	input api.BucketCORSRules,
+) bool {
+	return bucket.IsOwner(userCred)
+}
+
+func (bucket *SBucket) PerformSetCors(
+	ctx context.Context,
+	userCred mcclient.TokenCredential,
+	query jsonutils.JSONObject,
+	input api.BucketCORSRules,
+) (jsonutils.JSONObject, error) {
+	err := input.Validate()
+	if err != nil {
+		return nil, err
+	}
+	iBucket, err := bucket.GetIBucket()
+	if err != nil {
+		return nil, errors.Wrap(err, "GetIBucket")
+	}
+	rules := []cloudprovider.SBucketCORSRule{}
+	for i := range input.Rules {
+		rules = append(rules, cloudprovider.SBucketCORSRule{
+			AllowedOrigins: input.Rules[i].AllowedOrigins,
+			AllowedMethods: input.Rules[i].AllowedMethods,
+			AllowedHeaders: input.Rules[i].AllowedHeaders,
+			MaxAgeSeconds:  input.Rules[i].MaxAgeSeconds,
+			ExposeHeaders:  input.Rules[i].ExposeHeaders,
+		})
+	}
+	err = iBucket.SetCORS(rules)
+	if err != nil {
+		return nil, httperrors.NewInternalServerError("iBucket.SetCORS error %s", err)
+	}
+	db.OpsLog.LogEvent(bucket, db.ACT_SET_CORS, rules, userCred)
+	logclient.AddActionLogWithContext(ctx, bucket, logclient.ACT_SET_CORS, rules, userCred, true)
+	return nil, nil
+}
+
+func (bucket *SBucket) AllowPerformDeleteCors(
+	userCred mcclient.TokenCredential,
+	query jsonutils.JSONObject,
+	input jsonutils.JSONObject,
+) bool {
+	return bucket.IsOwner(userCred)
+}
+
+func (bucket *SBucket) PerformDeleteCors(
+	ctx context.Context,
+	userCred mcclient.TokenCredential,
+	query jsonutils.JSONObject,
+	input jsonutils.JSONObject,
+) (jsonutils.JSONObject, error) {
+	iBucket, err := bucket.GetIBucket()
+	if err != nil {
+		return nil, errors.Wrap(err, "GetIBucket")
+	}
+	err = iBucket.DeleteCORS()
+	if err != nil {
+		return nil, httperrors.NewInternalServerError("iBucket.DeleteCORS error %s", err)
+	}
+	db.OpsLog.LogEvent(bucket, db.ACT_DELETE_CORS, "", userCred)
+	logclient.AddActionLogWithContext(ctx, bucket, logclient.ACT_DELETE_CORS, "", userCred, true)
+	return nil, nil
+}
+
+func (bucket *SBucket) AllowGetDetailsCors(
+	ctx context.Context,
+	userCred mcclient.TokenCredential,
+	query jsonutils.JSONObject,
+) bool {
+	return bucket.IsOwner(userCred)
+}
+
+func (bucket *SBucket) GetDetailsCors(
+	ctx context.Context,
+	userCred mcclient.TokenCredential,
+	input jsonutils.JSONObject,
+) (api.BucketCORSRules, error) {
+	rules := api.BucketCORSRules{}
+	iBucket, err := bucket.GetIBucket()
+	if err != nil {
+		return rules, errors.Wrap(err, "GetIBucket")
+	}
+	corsRules, err := iBucket.GetCORSRules()
+	if err != nil {
+		return rules, httperrors.NewInternalServerError("iBucket.GetCORSRules error %s", err)
+	}
+
+	for i := range corsRules {
+		rules.Rules = append(rules.Rules, api.BucketCORSRule{
+			AllowedOrigins: corsRules[i].AllowedOrigins,
+			AllowedMethods: corsRules[i].AllowedMethods,
+			AllowedHeaders: corsRules[i].AllowedHeaders,
+			MaxAgeSeconds:  corsRules[i].MaxAgeSeconds,
+			ExposeHeaders:  corsRules[i].ExposeHeaders,
+		})
+	}
+
+	return rules, nil
+}
+
+func (bucket *SBucket) AllowPerformSetReferer(
+	userCred mcclient.TokenCredential,
+	query jsonutils.JSONObject,
+	input api.BucketRefererConf,
+) bool {
+	return bucket.IsOwner(userCred)
+}
+
+func (bucket *SBucket) PerformSetReferer(
+	ctx context.Context,
+	userCred mcclient.TokenCredential,
+	query jsonutils.JSONObject,
+	input api.BucketRefererConf,
+) (jsonutils.JSONObject, error) {
+	err := input.Validate()
+	if err != nil {
+		return nil, err
+	}
+	iBucket, err := bucket.GetIBucket()
+	if err != nil {
+		return nil, errors.Wrap(err, "GetIBucket")
+	}
+	conf := cloudprovider.SBucketRefererConf{
+		Enabled:         input.Enabled,
+		Type:            input.Type,
+		DomainList:      input.DomainList,
+		AllowEmptyRefer: input.AllowEmptyRefer,
+	}
+
+	err = iBucket.SetReferer(conf)
+	if err != nil {
+		return nil, httperrors.NewInternalServerError("iBucket.SetRefer error %s", err)
+	}
+	db.OpsLog.LogEvent(bucket, db.ACT_SET_REFERER, conf, userCred)
+	logclient.AddActionLogWithContext(ctx, bucket, logclient.ACT_SET_REFERER, conf, userCred, true)
+	return nil, nil
+}
+
+func (bucket *SBucket) AllowGetDetailsReferer(
+	ctx context.Context,
+	userCred mcclient.TokenCredential,
+	query jsonutils.JSONObject,
+) bool {
+	return bucket.IsOwner(userCred)
+}
+
+func (bucket *SBucket) GetDetailsReferer(
+	ctx context.Context,
+	userCred mcclient.TokenCredential,
+	input jsonutils.JSONObject,
+) (api.BucketRefererConf, error) {
+	conf := api.BucketRefererConf{}
+	iBucket, err := bucket.GetIBucket()
+	if err != nil {
+		return conf, errors.Wrap(err, "GetIBucket")
+	}
+	referConf, err := iBucket.GetReferer()
+	if err != nil {
+		return conf, httperrors.NewInternalServerError("iBucket.GetRefer error %s", err)
+	}
+	conf.Enabled = referConf.Enabled
+	conf.Type = referConf.Type
+	conf.DomainList = referConf.DomainList
+	conf.AllowEmptyRefer = referConf.AllowEmptyRefer
+
+	return conf, nil
+}
+
 func (manager *SBucketManager) usageQByCloudEnv(q *sqlchemy.SQuery, providers []string, brands []string, cloudEnv string) *sqlchemy.SQuery {
 	return CloudProviderFilter(q, q.Field("manager_id"), providers, brands, cloudEnv)
 }
--- a/pkg/multicloud/bucket_base.go
+++ b/pkg/multicloud/bucket_base.go
@@ -73,3 +73,35 @@ func (b *SBaseBucket) GetLimit() cloudprovider.SBucketStats {
 func (b *SBaseBucket) SetLimit(limit cloudprovider.SBucketStats) error {
 	return nil
 }
+
+func (b *SBaseBucket) SetWebsite(conf cloudprovider.SBucketWebsiteConf) error {
+	return cloudprovider.ErrNotImplemented
+}
+
+func (b *SBaseBucket) GetWebsiteConf() (cloudprovider.SBucketWebsiteConf, error) {
+	return cloudprovider.SBucketWebsiteConf{}, cloudprovider.ErrNotImplemented
+}
+
+func (b *SBaseBucket) DeleteWebSiteConf() error {
+	return cloudprovider.ErrNotImplemented
+}
+
+func (b *SBaseBucket) SetCORS(rules []cloudprovider.SBucketCORSRule) error {
+	return cloudprovider.ErrNotImplemented
+}
+
+func (b *SBaseBucket) GetCORSRules() ([]cloudprovider.SBucketCORSRule, error) {
+	return nil, cloudprovider.ErrNotImplemented
+}
+
+func (b *SBaseBucket) DeleteCORS() error {
+	return cloudprovider.ErrNotImplemented
+}
+
+func (b *SBaseBucket) SetReferer(conf cloudprovider.SBucketRefererConf) error {
+	return cloudprovider.ErrNotImplemented
+}
+
+func (b *SBaseBucket) GetReferer() (cloudprovider.SBucketRefererConf, error) {
+	return cloudprovider.SBucketRefererConf{}, cloudprovider.ErrNotImplemented
+}
--- a/pkg/multicloud/objectstore/shell.go
+++ b/pkg/multicloud/objectstore/shell.go
@@ -75,6 +75,14 @@ func (args ObjectHeaderOptions) Options2Header() http.Header {
 	return meta
 }

+func printList(data interface{}, columns []string) {
+	printutils.PrintGetterList(data, columns)
+}
+
+func printObject(obj interface{}) {
+	printutils.PrintInterfaceObject(obj)
+}
+
 func S3Shell() {
 	type BucketListOptions struct {
 	}
@@ -376,6 +384,173 @@ func S3Shell() {
 		return nil
 	})

+	type BucketSetWebsiteOption struct {
+		BUCKET string `help:"name of bucket to put object"`
+		// 主页
+		Index string `help:"main page"`
+		// 错误时返回的文档
+		ErrorDocument string `help:"error return"`
+		// http或https
+		Protocol string `help:"force https" choices:"http|https"`
+	}
+	shellutils.R(&BucketSetWebsiteOption{}, "bucket-set-website", "Set bucket website", func(cli cloudprovider.ICloudRegion, args *BucketSetWebsiteOption) error {
+		bucket, err := cli.GetIBucketById(args.BUCKET)
+		if err != nil {
+			return err
+		}
+		conf := cloudprovider.SBucketWebsiteConf{
+			Index:         args.Index,
+			ErrorDocument: args.ErrorDocument,
+			Protocol:      args.Protocol,
+		}
+		err = bucket.SetWebsite(conf)
+		if err != nil {
+			return err
+		}
+		fmt.Println("Success!")
+		return nil
+	})
+
+	type BucketGetWebsiteConfOption struct {
+		BUCKET string `help:"name of bucket to put object"`
+	}
+	shellutils.R(&BucketGetWebsiteConfOption{}, "bucket-get-website", "Get bucket website", func(cli cloudprovider.ICloudRegion, args *BucketGetWebsiteConfOption) error {
+		bucket, err := cli.GetIBucketById(args.BUCKET)
+		if err != nil {
+			return err
+		}
+		conf, err := bucket.GetWebsiteConf()
+		if err != nil {
+			return err
+		}
+		printObject(conf)
+		return nil
+	})
+
+	type BucketDeleteWebsiteConfOption struct {
+		BUCKET string `help:"name of bucket to put object"`
+	}
+	shellutils.R(&BucketDeleteWebsiteConfOption{}, "bucket-delete-website", "Delete bucket website", func(cli cloudprovider.ICloudRegion, args *BucketDeleteWebsiteConfOption) error {
+		bucket, err := cli.GetIBucketById(args.BUCKET)
+		if err != nil {
+			return err
+		}
+		err = bucket.DeleteWebSiteConf()
+		if err != nil {
+			return err
+		}
+		fmt.Println("Success!")
+		return nil
+	})
+
+	type BucketSetCorsOption struct {
+		BUCKET         string `help:"name of bucket to put object"`
+		AllowedMethods []string
+		// 允许的源站，可以设为*
+		AllowedOrigins []string
+		AllowedHeaders []string
+		MaxAgeSeconds  int
+		ExposeHeaders  []string
+	}
+	shellutils.R(&BucketSetCorsOption{}, "bucket-set-cors", "Set bucket cors", func(cli cloudprovider.ICloudRegion, args *BucketSetCorsOption) error {
+		bucket, err := cli.GetIBucketById(args.BUCKET)
+		if err != nil {
+			return err
+		}
+		rule := cloudprovider.SBucketCORSRule{
+			AllowedOrigins: args.AllowedOrigins,
+			AllowedMethods: args.AllowedMethods,
+			AllowedHeaders: args.AllowedHeaders,
+			MaxAgeSeconds:  args.MaxAgeSeconds,
+			ExposeHeaders:  args.ExposeHeaders,
+		}
+		err = bucket.SetCORS([]cloudprovider.SBucketCORSRule{rule})
+		if err != nil {
+			return err
+		}
+		fmt.Println("Success!")
+		return nil
+	})
+
+	type BucketGetCorsOption struct {
+		BUCKET string `help:"name of bucket to put object"`
+	}
+	shellutils.R(&BucketGetCorsOption{}, "bucket-get-cors", "Get bucket cors", func(cli cloudprovider.ICloudRegion, args *BucketGetCorsOption) error {
+		bucket, err := cli.GetIBucketById(args.BUCKET)
+		if err != nil {
+			return err
+		}
+		rules, err := bucket.GetCORSRules()
+		if err != nil {
+			return err
+		}
+		printList(rules, []string{"AllowedOrigins", "AllowedMethods", "AllowedHeaders", "MaxAgeSeconds", "ExposeHeaders"})
+		return nil
+	})
+
+	type BucketDeleteCorsOption struct {
+		BUCKET string `help:"name of bucket to put object"`
+	}
+	shellutils.R(&BucketGetWebsiteConfOption{}, "bucket-delete-cors", "Delete bucket cors", func(cli cloudprovider.ICloudRegion, args *BucketGetWebsiteConfOption) error {
+		bucket, err := cli.GetIBucketById(args.BUCKET)
+		if err != nil {
+			return err
+		}
+		err = bucket.DeleteCORS()
+		if err != nil {
+			return err
+		}
+		fmt.Println("Success!")
+		return nil
+	})
+
+	type BucketSetRefererOption struct {
+		BUCKET string `help:"name of bucket to put object"`
+		// 是否开启防盗链
+		Enabled bool `help:"enable refer"`
+		// Black-List、White-List
+		Type string `help:"domain list type" choices:"Black-List|White-List"`
+		// 域名列表
+		DomainList []string
+		// 是否允许空refer 访问
+		AllowEmptyRefer bool `help:"all empty refer access"`
+	}
+	shellutils.R(&BucketSetRefererOption{}, "bucket-set-referer", "Set bucket referer", func(cli cloudprovider.ICloudRegion, args *BucketSetRefererOption) error {
+		bucket, err := cli.GetIBucketById(args.BUCKET)
+		if err != nil {
+			return err
+		}
+		conf := cloudprovider.SBucketRefererConf{
+			Enabled:         args.Enabled,
+			Type:            args.Type,
+			DomainList:      args.DomainList,
+			AllowEmptyRefer: args.AllowEmptyRefer,
+		}
+		err = bucket.SetReferer(conf)
+		if err != nil {
+			return err
+		}
+		fmt.Println("Success!")
+		return nil
+
+	})
+
+	type BucketGetRefererOption struct {
+		BUCKET string `help:"name of bucket to put object"`
+	}
+	shellutils.R(&BucketGetRefererOption{}, "bucket-get-referer", "get bucket referer", func(cli cloudprovider.ICloudRegion, args *BucketGetRefererOption) error {
+		bucket, err := cli.GetIBucketById(args.BUCKET)
+		if err != nil {
+			return err
+		}
+		conf, err := bucket.GetReferer()
+		if err != nil {
+			return err
+		}
+		printObject(conf)
+		return nil
+	})
+
 	type BucketObjectDownloadOptions struct {
 		BUCKET string `help:"name of bucket"`
 		KEY    string `help:"Key of object"`
--- a/pkg/multicloud/qcloud/bucket.go
+++ b/pkg/multicloud/qcloud/bucket.go
@@ -19,6 +19,7 @@ import (
 	"fmt"
 	"io"
 	"net/http"
+	"strings"
 	"time"

 	"github.com/tencentyun/cos-go-sdk-v5"
@@ -157,6 +158,14 @@ func (b *SBucket) getBucketUrl() string {
 	return fmt.Sprintf("https://%s", b.getBucketUrlHost())
 }

+func (b *SBucket) getWebsiteUrl() string {
+	if b.zone != nil {
+		return fmt.Sprintf("https://%s.%s", b.getFullName(), b.zone.getCosWebsiteEndpoint())
+	} else {
+		return fmt.Sprintf("https://%s.%s", b.getFullName(), b.region.getCosWebsiteEndpoint())
+	}
+}
+
 func (b *SBucket) GetAccessUrls() []cloudprovider.SBucketAccessUrl {
 	return []cloudprovider.SBucketAccessUrl{
 		{
@@ -501,3 +510,210 @@ func (b *SBucket) CopyPart(ctx context.Context, key string, uploadId string, par
 	}
 	return result.ETag, nil
 }
+
+func (b *SBucket) SetWebsite(websitConf cloudprovider.SBucketWebsiteConf) error {
+	if len(websitConf.Index) == 0 {
+		return errors.Wrap(cloudprovider.ErrNotSupported, "missing Index")
+	}
+	if len(websitConf.ErrorDocument) == 0 {
+		return errors.Wrap(cloudprovider.ErrNotSupported, "missing ErrorDocument")
+	}
+	if websitConf.Protocol != "http" && websitConf.Protocol != "https" {
+		return errors.Wrap(cloudprovider.ErrNotSupported, "missing Protocol")
+	}
+
+	coscli, err := b.region.GetCosClient(b)
+	if err != nil {
+		return errors.Wrap(err, "b.region.GetCosClient")
+	}
+
+	rulesOpts := []cos.WebsiteRoutingRule{}
+	for i := range websitConf.Rules {
+		rulesOpts = append(rulesOpts, cos.WebsiteRoutingRule{
+			ConditionErrorCode: websitConf.Rules[i].ConditionErrorCode,
+			ConditionPrefix:    websitConf.Rules[i].ConditionPrefix,
+
+			RedirectProtocol:         websitConf.Rules[i].RedirectProtocol,
+			RedirectReplaceKey:       websitConf.Rules[i].RedirectReplaceKey,
+			RedirectReplaceKeyPrefix: websitConf.Rules[i].ConditionPrefix,
+		})
+	}
+	opts := &cos.BucketPutWebsiteOptions{
+		Index:            websitConf.Index,
+		Error:            &cos.ErrorDocument{Key: websitConf.ErrorDocument},
+		RedirectProtocol: &cos.RedirectRequestsProtocol{Protocol: websitConf.Protocol},
+	}
+	if len(rulesOpts) > 0 {
+		opts.RoutingRules = &cos.WebsiteRoutingRules{Rules: rulesOpts}
+	}
+
+	_, err = coscli.Bucket.PutWebsite(context.Background(), opts)
+	if err != nil {
+		return errors.Wrap(err, "PutWebsite")
+	}
+	return nil
+}
+
+func (b *SBucket) GetWebsiteConf() (cloudprovider.SBucketWebsiteConf, error) {
+	coscli, err := b.region.GetCosClient(b)
+	if err != nil {
+		return cloudprovider.SBucketWebsiteConf{}, errors.Wrap(err, "b.region.GetCosClient")
+	}
+	websiteResult, _, err := coscli.Bucket.GetWebsite(context.Background())
+	if err != nil {
+		if strings.Contains(err.Error(), "NoSuchWebsiteConfiguration") {
+			return cloudprovider.SBucketWebsiteConf{}, nil
+		}
+		return cloudprovider.SBucketWebsiteConf{}, errors.Wrap(err, "coscli.Bucket.GetWebsite")
+	}
+
+	result := cloudprovider.SBucketWebsiteConf{
+		Index: websiteResult.Index,
+	}
+	if websiteResult.Error != nil {
+		result.ErrorDocument = websiteResult.Error.Key
+	}
+	if websiteResult.RedirectProtocol != nil {
+		result.Protocol = websiteResult.RedirectProtocol.Protocol
+	}
+	routingRules := []cloudprovider.SBucketWebsiteRoutingRule{}
+	if websiteResult.RoutingRules != nil {
+		for i := range websiteResult.RoutingRules.Rules {
+			routingRules = append(routingRules, cloudprovider.SBucketWebsiteRoutingRule{
+				ConditionErrorCode: websiteResult.RoutingRules.Rules[i].ConditionErrorCode,
+				ConditionPrefix:    websiteResult.RoutingRules.Rules[i].ConditionPrefix,
+
+				RedirectProtocol:         websiteResult.RoutingRules.Rules[i].RedirectProtocol,
+				RedirectReplaceKey:       websiteResult.RoutingRules.Rules[i].RedirectReplaceKey,
+				RedirectReplaceKeyPrefix: websiteResult.RoutingRules.Rules[i].RedirectReplaceKeyPrefix,
+			})
+		}
+	}
+	result.Rules = routingRules
+	result.Url = b.getWebsiteUrl()
+	return result, nil
+}
+
+func (b *SBucket) DeleteWebSiteConf() error {
+	coscli, err := b.region.GetCosClient(b)
+	if err != nil {
+		return errors.Wrap(err, "b.region.GetCosClient")
+	}
+	_, err = coscli.Bucket.DeleteWebsite(context.Background())
+	if err != nil {
+		return errors.Wrap(err, "coscli.Bucket.DeleteWebsite")
+	}
+	return nil
+}
+
+func (b *SBucket) SetCORS(rules []cloudprovider.SBucketCORSRule) error {
+	for i := range rules {
+		if len(rules[i].AllowedOrigins) == 0 {
+			return errors.Wrap(cloudprovider.ErrNotSupported, "missing AllowedOrigins")
+		}
+		if len(rules[i].AllowedMethods) == 0 {
+			return errors.Wrap(cloudprovider.ErrNotSupported, "missing AllowedMethods")
+		}
+	}
+	coscli, err := b.region.GetCosClient(b)
+	if err != nil {
+		return errors.Wrap(err, "b.region.GetCosClient")
+	}
+	opts := cos.BucketPutCORSOptions{}
+	for i := range rules {
+		opts.Rules = append(opts.Rules, cos.BucketCORSRule{
+			AllowedOrigins: rules[i].AllowedOrigins,
+			AllowedMethods: rules[i].AllowedMethods,
+			AllowedHeaders: rules[i].AllowedHeaders,
+			MaxAgeSeconds:  rules[i].MaxAgeSeconds,
+			ExposeHeaders:  rules[i].ExposeHeaders,
+		})
+	}
+	_, err = coscli.Bucket.PutCORS(context.Background(), &opts)
+	if err != nil {
+		return errors.Wrap(err, "coscli.Bucket.PutCORS")
+	}
+	return nil
+}
+
+func (b *SBucket) GetCORSRules() ([]cloudprovider.SBucketCORSRule, error) {
+	coscli, err := b.region.GetCosClient(b)
+	if err != nil {
+		return nil, errors.Wrap(err, "b.region.GetCosClient")
+	}
+	conf, _, err := coscli.Bucket.GetCORS(context.Background())
+	result := []cloudprovider.SBucketCORSRule{}
+	for i := range conf.Rules {
+		result = append(result, cloudprovider.SBucketCORSRule{
+			AllowedOrigins: conf.Rules[i].AllowedOrigins,
+			AllowedMethods: conf.Rules[i].AllowedMethods,
+			AllowedHeaders: conf.Rules[i].AllowedHeaders,
+			MaxAgeSeconds:  conf.Rules[i].MaxAgeSeconds,
+			ExposeHeaders:  conf.Rules[i].ExposeHeaders,
+		})
+	}
+	return result, nil
+}
+
+func (b *SBucket) DeleteCORS() error {
+	coscli, err := b.region.GetCosClient(b)
+	if err != nil {
+		return errors.Wrap(err, "b.region.GetCosClient")
+	}
+	_, err = coscli.Bucket.DeleteCORS(context.Background())
+	if err != nil {
+		return errors.Wrap(err, "coscli.Bucket.DeleteCORS")
+	}
+	return nil
+}
+
+func (b *SBucket) SetReferer(conf cloudprovider.SBucketRefererConf) error {
+	coscli, err := b.region.GetCosClient(b)
+	if err != nil {
+		return errors.Wrap(err, "b.region.GetCosClient")
+	}
+	opts := cos.BucketPutRefererOptions{
+		Status:                  "Enabled",
+		RefererType:             "White-List",
+		EmptyReferConfiguration: "Deny",
+	}
+	if !conf.Enabled {
+		opts.Status = "Disabled"
+	}
+	if conf.Type != "White-List" {
+		opts.RefererType = "Black-List"
+	}
+	if conf.AllowEmptyRefer {
+		opts.EmptyReferConfiguration = "Allow"
+	}
+	opts.DomainList = conf.DomainList
+	_, err = coscli.Bucket.PutReferer(context.Background(), &opts)
+	if err != nil {
+		return errors.Wrap(err, "coscli.Bucket.PutReferer")
+	}
+	return nil
+}
+func (b *SBucket) GetReferer() (cloudprovider.SBucketRefererConf, error) {
+	result := cloudprovider.SBucketRefererConf{}
+	coscli, err := b.region.GetCosClient(b)
+	if err != nil {
+		return result, errors.Wrap(err, "b.region.GetCosClient")
+	}
+	referResult, _, err := coscli.Bucket.GetReferer(context.Background())
+
+	result.Enabled = true
+	result.Type = "White-List"
+	result.AllowEmptyRefer = false
+
+	if referResult.Status == "Disabled" {
+		result.Enabled = false
+	}
+	if referResult.RefererType == "Black-List" {
+		result.Type = "Black-List"
+	}
+	if referResult.EmptyReferConfiguration == "Allow" {
+		result.AllowEmptyRefer = true
+	}
+	result.DomainList = referResult.DomainList
+	return result, nil
+}
--- a/pkg/multicloud/qcloud/cdn.go
+++ b/pkg/multicloud/qcloud/cdn.go
@@ -0,0 +1,38 @@
+// Copyright 2019 Yunion
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package qcloud
+
+import (
+	"fmt"
+
+	"yunion.io/x/jsonutils"
+	"yunion.io/x/pkg/errors"
+)
+
+func (client *SQcloudClient) AddCdnDomain(domain string, originType string, origins []string, cosPrivateAccess string) error {
+	params := map[string]string{}
+	params["Domain"] = domain
+	params["ServiceType"] = "web"
+	for i := range origins {
+		params[fmt.Sprintf("Origin.Origins.%d", i)] = origins[i]
+	}
+	params["Origin.OriginType"] = originType
+	params["Origin.CosPrivateAccess"] = cosPrivateAccess
+	_, err := client.cdnRequest("AddCdnDomain", params)
+	if err != nil {
+		return errors.Wrapf(err, ` client.cdnRequest("AddCdnDomain", %s)`, jsonutils.Marshal(params).String())
+	}
+	return nil
+}
--- a/pkg/multicloud/qcloud/qcloud.go
+++ b/pkg/multicloud/qcloud/qcloud.go
@@ -58,6 +58,7 @@ const (
 	QCLOUD_SQLSERVER_API_VERSION = "2018-03-28"
 	QCLOUD_REDIS_API_VERSION     = "2018-04-12"
 	QCLOUD_SSL_API_VERSION       = "2019-12-05"
+	QCLOUD_CDN_API_VERSION       = "2018-06-06"
 )

 type QcloudClientConfig struct {
@@ -244,6 +245,12 @@ func monitorRequest(client *common.Client, apiName string, params map[string]str
 	return _jsonRequest(client, domain, QCLOUD_API_VERSION_METRICS, apiName, params, debug, true)
 }

+func cdnRequest(client *common.Client, apiName string, params map[string]string,
+	debug bool) (jsonutils.JSONObject, error) {
+	domain := "cdn.tencentcloudapi.com"
+	return _jsonRequest(client, domain, QCLOUD_CDN_API_VERSION, apiName, params, debug, true)
+}
+
 // ============phpJsonRequest============
 type qcloudResponse interface {
 	tchttp.Response
@@ -647,6 +654,14 @@ func (client *SQcloudClient) camRequest(apiName string, params map[string]string
 	return camRequest(cli, apiName, params, client.debug)
 }

+func (client *SQcloudClient) cdnRequest(apiName string, params map[string]string) (jsonutils.JSONObject, error) {
+	cli, err := client.getDefaultClient()
+	if err != nil {
+		return nil, err
+	}
+	return cdnRequest(cli, apiName, params, client.debug)
+}
+
 func (client *SQcloudClient) jsonRequest(apiName string, params map[string]string, retry bool) (jsonutils.JSONObject, error) {
 	cli, err := client.getDefaultClient()
 	if err != nil {
--- a/pkg/multicloud/qcloud/region.go
+++ b/pkg/multicloud/qcloud/region.go
@@ -842,6 +842,10 @@ func (self *SRegion) getCosEndpoint() string {
 	return fmt.Sprintf("cos.%s.myqcloud.com", self.GetId())
 }

+func (self *SRegion) getCosWebsiteEndpoint() string {
+	return fmt.Sprintf("cos-website.%s.myqcloud.com", self.GetId())
+}
+
 func (region *SRegion) GetIBuckets() ([]cloudprovider.ICloudBucket, error) {
 	iBuckets, err := region.client.getIBuckets()
 	if err != nil {
--- a/pkg/multicloud/qcloud/shell/cdn.go
+++ b/pkg/multicloud/qcloud/shell/cdn.go
@@ -0,0 +1,37 @@
+// Copyright 2019 Yunion
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package shell
+
+import (
+	"yunion.io/x/onecloud/pkg/multicloud/qcloud"
+	"yunion.io/x/onecloud/pkg/util/shellutils"
+)
+
+func init() {
+	type CdnDomainCreateOption struct {
+		Domain           string
+		OriginType       string
+		Origins          []string
+		CosPrivateAccess string
+	}
+
+	shellutils.R(&CdnDomainCreateOption{}, "cdn-domain-create", "create cdn domain", func(cli *qcloud.SRegion, args *CdnDomainCreateOption) error {
+		err := cli.GetClient().AddCdnDomain(args.Domain, args.OriginType, args.Origins, args.CosPrivateAccess)
+		if err != nil {
+			return err
+		}
+		return nil
+	})
+}
--- a/pkg/multicloud/qcloud/zone.go
+++ b/pkg/multicloud/qcloud/zone.go
@@ -295,3 +295,7 @@ func refreshHours() float64 {
 func (self *SZone) getCosEndpoint() string {
 	return fmt.Sprintf("cos.%s.myqcloud.com", self.GetId())
 }
+
+func (self *SZone) getCosWebsiteEndpoint() string {
+	return fmt.Sprintf("cos-website.%s.myqcloud.com", self.GetId())
+}
--- a/pkg/util/logclient/consts.go
+++ b/pkg/util/logclient/consts.go
@@ -126,9 +126,14 @@ const (
 	ACT_GUEST_PANICKED              = "guest_panicked"
 	ACT_HOST_MAINTAINING            = "host_maintaining"

-	ACT_MKDIR         = "mkdir"
-	ACT_DELETE_OBJECT = "delete_object"
-	ACT_UPLOAD_OBJECT = "upload_object"
+	ACT_MKDIR          = "mkdir"
+	ACT_DELETE_OBJECT  = "delete_object"
+	ACT_UPLOAD_OBJECT  = "upload_object"
+	ACT_SET_WEBSITE    = "set_website"
+	ACT_DELETE_WEBSITE = "delete_website"
+	ACT_SET_CORS       = "set_cors"
+	ACT_DELETE_CORS    = "delete_cors"
+	ACT_SET_REFERER    = "set_referer"

 	ACT_NAT_CREATE_SNAT = "nat_create_snat"
 	ACT_NAT_CREATE_DNAT = "nat_create_dnat"
--- a/vendor/github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/http/response.go
+++ b/vendor/github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/http/response.go
@@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
+
 	//"log"
 	"net/http"

--- a/vendor/github.com/tencentyun/cos-go-sdk-v5/.travis.yml
+++ b/vendor/github.com/tencentyun/cos-go-sdk-v5/.travis.yml
@@ -1,11 +1,5 @@
 language: go
 go:
- '1.7'
- '1.8'
- '1.9'
- 1.10.x
- 1.11.x
- 1.12.x
 - master
 sudo: false
 before_install:
--- a/vendor/github.com/tencentyun/cos-go-sdk-v5/auth.go
+++ b/vendor/github.com/tencentyun/cos-go-sdk-v5/auth.go
@@ -125,6 +125,7 @@ func newAuthorization(secretID, secretKey string, req *http.Request, authTime *A
 	keyTime := authTime.keyString()
 	signKey := calSignKey(secretKey, keyTime)

+	req.Header.Set("Host", req.Host)
 	formatHeaders := *new(string)
 	signedHeaderList := *new([]string)
 	formatHeaders, signedHeaderList = genFormatHeaders(req.Header)
--- a/vendor/github.com/tencentyun/cos-go-sdk-v5/batch.go
+++ b/vendor/github.com/tencentyun/cos-go-sdk-v5/batch.go
@@ -0,0 +1,269 @@
+package cos
+
+import (
+	"context"
+	"encoding/xml"
+	"fmt"
+	"net/http"
+)
+
+type BatchService service
+
+type BatchRequestHeaders struct {
+	XCosAppid     int          `header:"x-cos-appid" xml:"-" url:"-"`
+	ContentLength string       `header:"Content-Length,omitempty" xml:"-" url:"-"`
+	ContentType   string       `header:"Content-Type,omitempty" xml:"-" url:"-"`
+	Headers       *http.Header `header:"-" xml:"-", url:"-"`
+}
+
+// BatchProgressSummary
+type BatchProgressSummary struct {
+	NumberOfTasksFailed    int `xml:"NumberOfTasksFailed" header:"-" url:"-"`
+	NumberOfTasksSucceeded int `xml:"NumberOfTasksSucceeded" header:"-" url:"-"`
+	TotalNumberOfTasks     int `xml:"TotalNumberOfTasks" header:"-" url:"-"`
+}
+
+// BatchJobReport
+type BatchJobReport struct {
+	Bucket      string `xml:"Bucket" header:"-" url:"-"`
+	Enabled     string `xml:"Enabled" header:"-" url:"-"`
+	Format      string `xml:"Format" header:"-" url:"-"`
+	Prefix      string `xml:"Prefix,omitempty" header:"-" url:"-"`
+	ReportScope string `xml:"ReportScope" header:"-" url:"-"`
+}
+
+// BatchJobOperationCopy
+type BatchMetadata struct {
+	Key   string `xml:"Key" header:"-" url:"-"`
+	Value string `xml:"Value" header:"-" url:"-"`
+}
+type BatchNewObjectMetadata struct {
+	CacheControl       string          `xml:"CacheControl,omitempty" header:"-" url:"-"`
+	ContentDisposition string          `xml:"ContentDisposition,omitempty" header:"-" url:"-"`
+	ContentEncoding    string          `xml:"ContentEncoding,omitempty" header:"-" url:"-"`
+	ContentType        string          `xml:"ContentType,omitempty" header:"-" url:"-"`
+	HttpExpiresDate    string          `xml:"HttpExpiresDate,omitempty" header:"-" url:"-"`
+	SSEAlgorithm       string          `xml:"SSEAlgorithm,omitempty" header:"-" url:"-"`
+	UserMetadata       []BatchMetadata `xml:"UserMetadata>member,omitempty" header:"-" url:"-"`
+}
+type BatchGrantee struct {
+	DisplayName    string `xml:"DisplayName,omitempty" header:"-" url:"-"`
+	Identifier     string `xml:"Identifier" header:"-" url:"-"`
+	TypeIdentifier string `xml:"TypeIdentifier" header:"-" url:"-"`
+}
+type BatchCOSGrant struct {
+	Grantee    *BatchGrantee `xml:"Grantee" header:"-" url:"-"`
+	Permission string        `xml:"Permission" header:"-" url:"-"`
+}
+type BatchAccessControlGrants struct {
+	COSGrants *BatchCOSGrant `xml:"COSGrant,omitempty" header:"-" url:"-"`
+}
+type BatchJobOperationCopy struct {
+	AccessControlGrants       *BatchAccessControlGrants `xml:"AccessControlGrants,omitempty" header:"-" url:"-"`
+	CannedAccessControlList   string                    `xml:"CannedAccessControlList,omitempty" header:"-" url:"-"`
+	MetadataDirective         string                    `xml:"MetadataDirective,omitempty" header:"-" url:"-"`
+	ModifiedSinceConstraint   int64                     `xml:"ModifiedSinceConstraint,omitempty" header:"-" url:"-"`
+	UnModifiedSinceConstraint int64                     `xml:"UnModifiedSinceConstraint,omitempty" header:"-" url:"-"`
+	NewObjectMetadata         *BatchNewObjectMetadata   `xml:"NewObjectMetadata,omitempty" header:"-" url:"-"`
+	StorageClass              string                    `xml:"StorageClass,omitempty" header:"-" url:"-"`
+	TargetResource            string                    `xml:"TargetResource" header:"-" url:"-"`
+}
+
+// BatchInitiateRestoreObject
+type BatchInitiateRestoreObject struct {
+	ExpirationInDays int    `xml:"ExpirationInDays"`
+	JobTier          string `xml:"JobTier"`
+}
+
+// BatchJobOperation
+type BatchJobOperation struct {
+	PutObjectCopy *BatchJobOperationCopy      `xml:"COSPutObjectCopy,omitempty" header:"-" url:"-"`
+	RestoreObject *BatchInitiateRestoreObject `xml:"COSInitiateRestoreObject,omitempty" header:"-" url:"-"`
+}
+
+// BatchJobManifest
+type BatchJobManifestLocation struct {
+	ETag            string `xml:"ETag" header:"-" url:"-"`
+	ObjectArn       string `xml:"ObjectArn" header:"-" url:"-"`
+	ObjectVersionId string `xml:"ObjectVersionId,omitempty" header:"-" url:"-"`
+}
+type BatchJobManifestSpec struct {
+	Fields []string `xml:"Fields>member,omitempty" header:"-" url:"-"`
+	Format string   `xml:"Format" header:"-" url:"-"`
+}
+type BatchJobManifest struct {
+	Location *BatchJobManifestLocation `xml:"Location" header:"-" url:"-"`
+	Spec     *BatchJobManifestSpec     `xml:"Spec" header:"-" url:"-"`
+}
+
+type BatchCreateJobOptions struct {
+	XMLName              xml.Name           `xml:"CreateJobRequest" header:"-" url:"-"`
+	ClientRequestToken   string             `xml:"ClientRequestToken" header:"-" url:"-"`
+	ConfirmationRequired string             `xml:"ConfirmationRequired,omitempty" header:"-" url:"-"`
+	Description          string             `xml:"Description,omitempty" header:"-" url:"-"`
+	Manifest             *BatchJobManifest  `xml:"Manifest" header:"-" url:"-"`
+	Operation            *BatchJobOperation `xml:"Operation" header:"-" url:"-"`
+	Priority             int                `xml:"Priority" header:"-" url:"-"`
+	Report               *BatchJobReport    `xml:"Report" header:"-" url:"-"`
+	RoleArn              string             `xml:"RoleArn" header:"-" url:"-"`
+}
+
+type BatchCreateJobResult struct {
+	XMLName xml.Name `xml:"CreateJobResult"`
+	JobId   string   `xml:"JobId,omitempty"`
+}
+
+func processETag(opt *BatchCreateJobOptions) *BatchCreateJobOptions {
+	if opt != nil && opt.Manifest != nil && opt.Manifest.Location != nil {
+		opt.Manifest.Location.ETag = "<ETag>" + opt.Manifest.Location.ETag + "</ETag>"
+	}
+	return opt
+}
+
+func (s *BatchService) CreateJob(ctx context.Context, opt *BatchCreateJobOptions, headers *BatchRequestHeaders) (*BatchCreateJobResult, *Response, error) {
+	var res BatchCreateJobResult
+	sendOpt := sendOptions{
+		baseURL:   s.client.BaseURL.BatchURL,
+		uri:       "/jobs",
+		method:    http.MethodPost,
+		optHeader: headers,
+		body:      opt,
+		result:    &res,
+	}
+
+	resp, err := s.client.send(ctx, &sendOpt)
+	return &res, resp, err
+}
+
+type BatchJobFailureReasons struct {
+	FailureCode   string `xml:"FailureCode" header:"-" url:"-"`
+	FailureReason string `xml:"FailureReason" header:"-" url:"-"`
+}
+
+type BatchDescribeJob struct {
+	ConfirmationRequired string                  `xml:"ConfirmationRequired,omitempty" header:"-" url:"-"`
+	CreationTime         string                  `xml:"CreationTime,omitempty" header:"-" url:"-"`
+	Description          string                  `xml:"Description,omitempty" header:"-" url:"-"`
+	FailureReasons       *BatchJobFailureReasons `xml:"FailureReasons>JobFailure,omitempty" header:"-" url:"-"`
+	JobId                string                  `xml:"JobId" header:"-" url:"-"`
+	Manifest             *BatchJobManifest       `xml:"Manifest" header:"-" url:"-"`
+	Operation            *BatchJobOperation      `xml:"Operation" header:"-" url:"-"`
+	Priority             int                     `xml:"Priority" header:"-" url:"-"`
+	ProgressSummary      *BatchProgressSummary   `xml:"ProgressSummary" header:"-" url:"-"`
+	Report               *BatchJobReport         `xml:"Report,omitempty" header:"-" url:"-"`
+	RoleArn              string                  `xml:"RoleArn,omitempty" header:"-" url:"-"`
+	Status               string                  `xml:"Status,omitempty" header:"-" url:"-"`
+	StatusUpdateReason   string                  `xml:"StatusUpdateReason,omitempty" header:"-" url:"-"`
+	SuspendedCause       string                  `xml:"SuspendedCause,omitempty" header:"-" url:"-"`
+	SuspendedDate        string                  `xml:"SuspendedDate,omitempty" header:"-" url:"-"`
+	TerminationDate      string                  `xml:"TerminationDate,omitempty" header:"-" url:"-"`
+}
+type BatchDescribeJobResult struct {
+	XMLName xml.Name          `xml:"DescribeJobResult"`
+	Job     *BatchDescribeJob `xml:"Job,omitempty"`
+}
+
+func (s *BatchService) DescribeJob(ctx context.Context, id string, headers *BatchRequestHeaders) (*BatchDescribeJobResult, *Response, error) {
+	var res BatchDescribeJobResult
+	u := fmt.Sprintf("/jobs/%s", id)
+	sendOpt := sendOptions{
+		baseURL:   s.client.BaseURL.BatchURL,
+		uri:       u,
+		method:    http.MethodGet,
+		optHeader: headers,
+		result:    &res,
+	}
+	resp, err := s.client.send(ctx, &sendOpt)
+	return &res, resp, err
+}
+
+type BatchListJobsOptions struct {
+	JobStatuses string `url:"jobStatuses,omitempty" header:"-" xml:"-"`
+	MaxResults  int    `url:"maxResults,omitempty" header:"-" xml:"-"`
+	NextToken   string `url:"nextToken,omitempty" header:"-" xml:"-"`
+}
+
+type BatchListJobsMember struct {
+	CreationTime    string                `xml:"CreationTime,omitempty" header:"-" url:"-"`
+	Description     string                `xml:"Description,omitempty" header:"-" url:"-"`
+	JobId           string                `xml:"JobId,omitempty" header:"-" url:"-"`
+	Operation       string                `xml:"Operation,omitempty" header:"-" url:"-"`
+	Priority        int                   `xml:"Priority,omitempty" header:"-" url:"-"`
+	ProgressSummary *BatchProgressSummary `xml:"ProgressSummary,omitempty" header:"-" url:"-"`
+	Status          string                `xml:"Status,omitempty" header:"-" url:"-"`
+	TerminationDate string                `xml:"TerminationDate,omitempty" header:"-" url:"-"`
+}
+type BatchListJobs struct {
+	Members []BatchListJobsMember `xml:"member,omitempty" header:"-" url:"-"`
+}
+type BatchListJobsResult struct {
+	XMLName   xml.Name       `xml:"ListJobsResult"`
+	Jobs      *BatchListJobs `xml:"Jobs,omitempty"`
+	NextToken string         `xml:"NextToken,omitempty"`
+}
+
+func (s *BatchService) ListJobs(ctx context.Context, opt *BatchListJobsOptions, headers *BatchRequestHeaders) (*BatchListJobsResult, *Response, error) {
+	var res BatchListJobsResult
+	sendOpt := sendOptions{
+		baseURL:   s.client.BaseURL.BatchURL,
+		uri:       "/jobs",
+		method:    http.MethodGet,
+		optQuery:  opt,
+		optHeader: headers,
+		result:    &res,
+	}
+	resp, err := s.client.send(ctx, &sendOpt)
+	return &res, resp, err
+}
+
+type BatchUpdatePriorityOptions struct {
+	JobId    string `url:"-" header:"-" xml:"-"`
+	Priority int    `url:"priority" header:"-" xml:"-"`
+}
+type BatchUpdatePriorityResult struct {
+	XMLName  xml.Name `xml:"UpdateJobPriorityResult"`
+	JobId    string   `xml:"JobId,omitempty"`
+	Priority int      `xml:"Priority,omitempty"`
+}
+
+func (s *BatchService) UpdateJobPriority(ctx context.Context, opt *BatchUpdatePriorityOptions, headers *BatchRequestHeaders) (*BatchUpdatePriorityResult, *Response, error) {
+	u := fmt.Sprintf("/jobs/%s/priority", opt.JobId)
+	var res BatchUpdatePriorityResult
+	sendOpt := sendOptions{
+		baseURL:   s.client.BaseURL.BatchURL,
+		uri:       u,
+		method:    http.MethodPost,
+		optQuery:  opt,
+		optHeader: headers,
+		result:    &res,
+	}
+	resp, err := s.client.send(ctx, &sendOpt)
+	return &res, resp, err
+}
+
+type BatchUpdateStatusOptions struct {
+	JobId              string `header:"-" url:"-" xml:"-"`
+	RequestedJobStatus string `url:"requestedJobStatus" header:"-" xml:"-"`
+	StatusUpdateReason string `url:"statusUpdateReason,omitempty" header:"-", xml:"-"`
+}
+type BatchUpdateStatusResult struct {
+	XMLName            xml.Name `xml:"UpdateJobStatusResult"`
+	JobId              string   `xml:"JobId,omitempty"`
+	Status             string   `xml:"Status,omitempty"`
+	StatusUpdateReason string   `xml:"StatusUpdateReason,omitempty"`
+}
+
+func (s *BatchService) UpdateJobStatus(ctx context.Context, opt *BatchUpdateStatusOptions, headers *BatchRequestHeaders) (*BatchUpdateStatusResult, *Response, error) {
+	u := fmt.Sprintf("/jobs/%s/status", opt.JobId)
+	var res BatchUpdateStatusResult
+	sendOpt := sendOptions{
+		baseURL:   s.client.BaseURL.BatchURL,
+		uri:       u,
+		method:    http.MethodPost,
+		optQuery:  opt,
+		optHeader: headers,
+		result:    &res,
+	}
+	resp, err := s.client.send(ctx, &sendOpt)
+	return &res, resp, err
+}
--- a/vendor/github.com/tencentyun/cos-go-sdk-v5/bucket.go
+++ b/vendor/github.com/tencentyun/cos-go-sdk-v5/bucket.go
@@ -102,3 +102,61 @@ type Bucket struct {
 	Region       string `xml:"Location,omitempty"`
 	CreationDate string `xml:",omitempty"`
 }
+
+type BucketGetObjectVersionsOptions struct {
+	Prefix          string `url:"prefix,omitempty"`
+	Delimiter       string `url:"delimiter,omitempty"`
+	EncodingType    string `url:"encoding-type,omitempty"`
+	KeyMarker       string `url:"key-marker,omitempty"`
+	VersionIdMarker string `url:"version-id-marker,omitempty"`
+	MaxKeys         int    `url:"max-keys,omitempty"`
+}
+
+type BucketGetObjectVersionsResult struct {
+	XMLName             xml.Name                         `xml:"ListVersionsResult"`
+	Name                string                           `xml:"Name,omitempty"`
+	EncodingType        string                           `xml:"EncodingType,omitempty"`
+	Prefix              string                           `xml:"Prefix,omitempty"`
+	KeyMarker           string                           `xml:"KeyMarker,omitempty"`
+	VersionIdMarker     string                           `xml:"VersionIdMarker,omitempty"`
+	MaxKeys             int                              `xml:"MaxKeys,omitempty"`
+	Delimiter           string                           `xml:"Delimiter,omitempty"`
+	IsTruncated         bool                             `xml:"IsTruncated,omitempty"`
+	NextKeyMarker       string                           `xml:"NextKeyMarker,omitempty"`
+	NextVersionIdMarker string                           `xml:"NextVersionIdMarker,omitempty"`
+	CommonPrefixes      []string                         `xml:"CommonPrefixes>Prefix,omitempty"`
+	Version             []ListVersionsResultVersion      `xml:"Version,omitempty"`
+	DeleteMarker        []ListVersionsResultDeleteMarker `xml:"DeleteMarker,omitempty"`
+}
+
+type ListVersionsResultVersion struct {
+	Key          string `xml:"Key,omitempty"`
+	VersionId    string `xml:"VersionId,omitempty"`
+	IsLatest     bool   `xml:"IsLatest,omitempty"`
+	LastModified string `xml:"LastModified,omitempty"`
+	ETag         string `xml:"ETag,omitempty"`
+	Size         int    `xml:"Size,omitempty"`
+	StorageClass string `xml:"StorageClass,omitempty"`
+	Owner        *Owner `xml:"Owner,omitempty"`
+}
+
+type ListVersionsResultDeleteMarker struct {
+	Key          string `xml:"Key,omitempty"`
+	VersionId    string `xml:"VersionId,omitempty"`
+	IsLatest     bool   `xml:"IsLatest,omitempty"`
+	LastModified string `xml:"LastModified,omitempty"`
+	Owner        *Owner `xml:"Owner,omitempty"`
+}
+
+func (s *BucketService) GetObjectVersions(ctx context.Context, opt *BucketGetObjectVersionsOptions) (*BucketGetObjectVersionsResult, *Response, error) {
+	var res BucketGetObjectVersionsResult
+	sendOpt := sendOptions{
+		baseURL:  s.client.BaseURL.BucketURL,
+		uri:      "/?versions",
+		method:   http.MethodGet,
+		optQuery: opt,
+		result:   &res,
+	}
+	resp, err := s.client.send(ctx, &sendOpt)
+	return &res, resp, err
+}
--- a/vendor/github.com/tencentyun/cos-go-sdk-v5/bucket_acl.go
+++ b/vendor/github.com/tencentyun/cos-go-sdk-v5/bucket_acl.go
@@ -6,7 +6,7 @@ import (
 )

 // BucketGetACLResult is same to the ACLXml
-type BucketGetACLResult ACLXml
+type BucketGetACLResult = ACLXml

 // GetACL 使用API读取Bucket的ACL表，只有所有者有权操作。
 //
@@ -20,6 +20,9 @@ func (s *BucketService) GetACL(ctx context.Context) (*BucketGetACLResult, *Respo
 		result:  &res,
 	}
 	resp, err := s.client.send(ctx, &sendOpt)
+	if err == nil {
+		decodeACL(resp, &res)
+	}
 	return &res, resp, err
 }

--- a/vendor/github.com/tencentyun/cos-go-sdk-v5/bucket_domain.go
+++ b/vendor/github.com/tencentyun/cos-go-sdk-v5/bucket_domain.go
@@ -0,0 +1,39 @@
+package cos
+
+import (
+	"context"
+	"encoding/xml"
+	"net/http"
+)
+
+type BucketPutDomainOptions struct {
+	XMLName           xml.Name `xml:"DomainConfiguration"`
+	Status            string   `xml:"DomainRule>Status"`
+	Name              string   `xml:"DomainRule>Name"`
+	Type              string   `xml:"DomainRule>Type"`
+	ForcedReplacement string   `xml:"DomainRule>ForcedReplacement,omitempty"`
+}
+type BucketGetDomainResult BucketPutDomainOptions
+
+func (s *BucketService) PutDomain(ctx context.Context, opt *BucketPutDomainOptions) (*Response, error) {
+	sendOpt := &sendOptions{
+		baseURL: s.client.BaseURL.BucketURL,
+		uri:     "/?domain",
+		method:  http.MethodPut,
+		body:    opt,
+	}
+	resp, err := s.client.send(ctx, sendOpt)
+	return resp, err
+}
+
+func (s *BucketService) GetDomain(ctx context.Context) (*BucketGetDomainResult, *Response, error) {
+	var res BucketGetDomainResult
+	sendOpt := &sendOptions{
+		baseURL: s.client.BaseURL.BucketURL,
+		uri:     "/?domain",
+		method:  http.MethodGet,
+		result:  &res,
+	}
+	resp, err := s.client.send(ctx, sendOpt)
+	return &res, resp, err
+}
--- a/vendor/github.com/tencentyun/cos-go-sdk-v5/bucket_encryption.go
+++ b/vendor/github.com/tencentyun/cos-go-sdk-v5/bucket_encryption.go
@@ -0,0 +1,51 @@
+package cos
+
+import (
+	"context"
+	"encoding/xml"
+	"net/http"
+)
+
+type BucketEncryptionConfiguration struct {
+	SSEAlgorithm string `xml:"SSEAlgorithm"`
+}
+
+type BucketPutEncryptionOptions struct {
+	XMLName xml.Name                       `xml:"ServerSideEncryptionConfiguration"`
+	Rule    *BucketEncryptionConfiguration `xml:"Rule>ApplyServerSideEncryptionByDefault"`
+}
+
+type BucketGetEncryptionResult BucketPutEncryptionOptions
+
+func (s *BucketService) PutEncryption(ctx context.Context, opt *BucketPutEncryptionOptions) (*Response, error) {
+	sendOpt := &sendOptions{
+		baseURL: s.client.BaseURL.BucketURL,
+		uri:     "/?encryption",
+		method:  http.MethodPut,
+		body:    opt,
+	}
+	resp, err := s.client.send(ctx, sendOpt)
+	return resp, err
+}
+
+func (s *BucketService) GetEncryption(ctx context.Context) (*BucketGetEncryptionResult, *Response, error) {
+	var res BucketGetEncryptionResult
+	sendOpt := &sendOptions{
+		baseURL: s.client.BaseURL.BucketURL,
+		uri:     "/?encryption",
+		method:  http.MethodGet,
+		result:  &res,
+	}
+	resp, err := s.client.send(ctx, sendOpt)
+	return &res, resp, err
+}
+
+func (s *BucketService) DeleteEncryption(ctx context.Context) (*Response, error) {
+	sendOpt := &sendOptions{
+		baseURL: s.client.BaseURL.BucketURL,
+		uri:     "/?encryption",
+		method:  http.MethodDelete,
+	}
+	resp, err := s.client.send(ctx, sendOpt)
+	return resp, err
+}
--- a/vendor/github.com/tencentyun/cos-go-sdk-v5/bucket_intelligenttiering.go
+++ b/vendor/github.com/tencentyun/cos-go-sdk-v5/bucket_intelligenttiering.go
@@ -0,0 +1,47 @@
+package cos
+
+import (
+	"context"
+	"encoding/xml"
+	"net/http"
+)
+
+type BucketIntelligentTieringTransition struct {
+	Days            int `xml:"Days,omitempty"`
+	RequestFrequent int `xml:"RequestFrequent,omitempty"`
+}
+
+type BucketPutIntelligentTieringOptions struct {
+	XMLName    xml.Name                            `xml:"IntelligentTieringConfiguration"`
+	Status     string                              `xml:"Status,omitempty"`
+	Transition *BucketIntelligentTieringTransition `xml:"Transition,omitempty"`
+}
+
+type BucketGetIntelligentTieringResult BucketPutIntelligentTieringOptions
+
+func (s *BucketService) PutIntelligentTiering(ctx context.Context, opt *BucketPutIntelligentTieringOptions) (*Response, error) {
+	if opt != nil && opt.Transition != nil {
+		opt.Transition.RequestFrequent = 1
+	}
+	sendOpt := sendOptions{
+		baseURL: s.client.BaseURL.BucketURL,
+		uri:     "/?intelligenttiering",
+		method:  http.MethodPut,
+		body:    opt,
+	}
+	resp, err := s.client.send(ctx, &sendOpt)
+	return resp, err
+}
+
+func (s *BucketService) GetIntelligentTiering(ctx context.Context) (*BucketGetIntelligentTieringResult, *Response, error) {
+	var res BucketGetIntelligentTieringResult
+	sendOpt := sendOptions{
+		baseURL: s.client.BaseURL.BucketURL,
+		uri:     "/?intelligenttiering",
+		method:  http.MethodGet,
+		result:  &res,
+	}
+	resp, err := s.client.send(ctx, &sendOpt)
+	return &res, resp, err
+
+}
--- a/vendor/github.com/tencentyun/cos-go-sdk-v5/bucket_inventory.go
+++ b/vendor/github.com/tencentyun/cos-go-sdk-v5/bucket_inventory.go
@@ -22,7 +22,6 @@ type BucketInventoryFilter struct {

 // BucketInventoryOptionalFields ...
 type BucketInventoryOptionalFields struct {
-	XMLName               xml.Name `xml:"OptionalFields,omitempty"`
 	BucketInventoryFields []string `xml:"Field,omitempty"`
 }

@@ -33,12 +32,11 @@ type BucketInventorySchedule struct {

 // BucketInventoryEncryption ...
 type BucketInventoryEncryption struct {
-	XMLName xml.Name `xml:"Encryption"`
-	SSECOS  string   `xml:"SSE-COS,omitempty"`
+	SSECOS string `xml:"SSE-COS"`
 }

-// BucketInventoryDestinationContent ...
-type BucketInventoryDestinationContent struct {
+// BucketInventoryDestination ...
+type BucketInventoryDestination struct {
 	Bucket     string                     `xml:"Bucket"`
 	AccountId  string                     `xml:"AccountId,omitempty"`
 	Prefix     string                     `xml:"Prefix,omitempty"`
@@ -46,12 +44,6 @@ type BucketInventoryDestinationContent struct {
 	Encryption *BucketInventoryEncryption `xml:"Encryption,omitempty"`
 }

-// BucketInventoryDestination ...
-type BucketInventoryDestination struct {
-	XMLName           xml.Name                           `xml:"Destination"`
-	BucketDestination *BucketInventoryDestinationContent `xml:"COSBucketDestination"`
-}
-
 // BucketPutInventoryOptions ...
 type BucketPutInventoryOptions struct {
 	XMLName                xml.Name                       `xml:"InventoryConfiguration"`
@@ -61,7 +53,7 @@ type BucketPutInventoryOptions struct {
 	Filter                 *BucketInventoryFilter         `xml:"Filter,omitempty"`
 	OptionalFields         *BucketInventoryOptionalFields `xml:"OptionalFields,omitempty"`
 	Schedule               *BucketInventorySchedule       `xml:"Schedule"`
-	Destination            *BucketInventoryDestination    `xml:"Destination"`
+	Destination            *BucketInventoryDestination    `xml:"Destination>COSBucketDestination"`
 }

 // ListBucketInventoryConfigResult result of ListBucketInventoryConfiguration
@@ -74,7 +66,7 @@ type ListBucketInventoryConfigResult struct {
 }

 // PutBucketInventory https://cloud.tencent.com/document/product/436/33707
-func (s *BucketService) PutBucketInventoryTest(ctx context.Context, id string, opt *BucketPutInventoryOptions) (*Response, error) {
+func (s *BucketService) PutInventory(ctx context.Context, id string, opt *BucketPutInventoryOptions) (*Response, error) {
 	u := fmt.Sprintf("/?inventory&id=%s", id)
 	sendOpt := sendOptions{
 		baseURL: s.client.BaseURL.BucketURL,
@@ -88,7 +80,7 @@ func (s *BucketService) PutBucketInventoryTest(ctx context.Context, id string, o
 }

 // GetBucketInventory https://cloud.tencent.com/document/product/436/33705
-func (s *BucketService) GetBucketInventoryTest(ctx context.Context, id string) (*BucketGetInventoryResult, *Response, error) {
+func (s *BucketService) GetInventory(ctx context.Context, id string) (*BucketGetInventoryResult, *Response, error) {
 	u := fmt.Sprintf("/?inventory&id=%s", id)
 	var res BucketGetInventoryResult
 	sendOpt := sendOptions{
@@ -102,7 +94,7 @@ func (s *BucketService) GetBucketInventoryTest(ctx context.Context, id string) (
 }

 // DeleteBucketInventory https://cloud.tencent.com/document/product/436/33704
-func (s *BucketService) DeleteBucketInventoryTest(ctx context.Context, id string) (*Response, error) {
+func (s *BucketService) DeleteInventory(ctx context.Context, id string) (*Response, error) {
 	u := fmt.Sprintf("/?inventory&id=%s", id)
 	sendOpt := sendOptions{
 		baseURL: s.client.BaseURL.BucketURL,
@@ -114,7 +106,7 @@ func (s *BucketService) DeleteBucketInventoryTest(ctx context.Context, id string
 }

 // ListBucketInventoryConfigurations https://cloud.tencent.com/document/product/436/33706
-func (s *BucketService) ListBucketInventoryConfigurationsTest(ctx context.Context, token string) (*ListBucketInventoryConfigResult, *Response, error) {
+func (s *BucketService) ListInventoryConfigurations(ctx context.Context, token string) (*ListBucketInventoryConfigResult, *Response, error) {
 	var res ListBucketInventoryConfigResult
 	var u string
 	if token == "" {
--- a/vendor/github.com/tencentyun/cos-go-sdk-v5/bucket_logging.go
+++ b/vendor/github.com/tencentyun/cos-go-sdk-v5/bucket_logging.go
@@ -17,17 +17,14 @@ type BucketLoggingEnabled struct {
 // BucketPutLoggingOptions is the options of PutBucketLogging
 type BucketPutLoggingOptions struct {
 	XMLName        xml.Name              `xml:"BucketLoggingStatus"`
-	LoggingEnabled *BucketLoggingEnabled `xml:"LoggingEnabled"`
+	LoggingEnabled *BucketLoggingEnabled `xml:"LoggingEnabled,omitempty"`
 }

 // BucketGetLoggingResult is the result of GetBucketLogging
-type BucketGetLoggingResult struct {
-	XMLName        xml.Name              `xml:"BucketLoggingStatus"`
-	LoggingEnabled *BucketLoggingEnabled `xml:"LoggingEnabled"`
-}
+type BucketGetLoggingResult BucketPutLoggingOptions

 // PutBucketLogging https://cloud.tencent.com/document/product/436/17054
-func (s *BucketService) PutBucketLoggingTest(ctx context.Context, opt *BucketPutLoggingOptions) (*Response, error) {
+func (s *BucketService) PutLogging(ctx context.Context, opt *BucketPutLoggingOptions) (*Response, error) {
 	sendOpt := sendOptions{
 		baseURL: s.client.BaseURL.BucketURL,
 		uri:     "/?logging",
@@ -39,7 +36,7 @@ func (s *BucketService) PutBucketLoggingTest(ctx context.Context, opt *BucketPut
 }

 // GetBucketLogging https://cloud.tencent.com/document/product/436/17053
-func (s *BucketService) GetBucketLoggingTest(ctx context.Context) (*BucketGetLoggingResult, *Response, error) {
+func (s *BucketService) GetLogging(ctx context.Context) (*BucketGetLoggingResult, *Response, error) {
 	var res BucketGetLoggingResult
 	sendOpt := sendOptions{
 		baseURL: s.client.BaseURL.BucketURL,
--- a/vendor/github.com/tencentyun/cos-go-sdk-v5/bucket_origin.go
+++ b/vendor/github.com/tencentyun/cos-go-sdk-v5/bucket_origin.go
@@ -0,0 +1,90 @@
+package cos
+
+import (
+	"context"
+	"encoding/xml"
+	"net/http"
+)
+
+type BucketPutOriginOptions struct {
+	XMLName xml.Name           `xml:"OriginConfiguration"`
+	Rule    []BucketOriginRule `xml:"OriginRule"`
+}
+
+type BucketOriginRule struct {
+	OriginType      string                 `xml:"OriginType"`
+	OriginCondition *BucketOriginCondition `xml:"OriginCondition"`
+	OriginParameter *BucketOriginParameter `xml:"OriginParameter"`
+	OriginInfo      *BucketOriginInfo      `xml:"OriginInfo"`
+}
+
+type BucketOriginCondition struct {
+	HTTPStatusCode string `xml:"HTTPStatusCode,omitempty"`
+	Prefix         string `xml:"Prefix,omitempty"`
+}
+
+type BucketOriginParameter struct {
+	Protocol          string                  `xml:"Protocol,omitempty"`
+	FollowQueryString bool                    `xml:"FollowQueryString,omitempty"`
+	HttpHeader        *BucketOriginHttpHeader `xml:"HttpHeader,omitempty"`
+	FollowRedirection bool                    `xml:"FollowRedirection,omitempty"`
+	HttpRedirectCode  string                  `xml:"HttpRedirectCode,omitempty"`
+	CopyOriginData    bool                    `xml:"CopyOriginData,omitempty"`
+}
+
+type BucketOriginHttpHeader struct {
+	// 目前还不支持 FollowAllHeaders
+	// FollowAllHeaders  bool              `xml:"FollowAllHeaders,omitempty"`
+	NewHttpHeaders    []OriginHttpHeader `xml:"NewHttpHeaders>Header,omitempty"`
+	FollowHttpHeaders []OriginHttpHeader `xml:"FollowHttpHeaders>Header,omitempty"`
+}
+
+type OriginHttpHeader struct {
+	Key   string `xml:"Key,omitempty"`
+	Value string `xml:"Value,omitempty"`
+}
+
+type BucketOriginInfo struct {
+	HostInfo string                `xml:"HostInfo>HostName,omitempty"`
+	FileInfo *BucketOriginFileInfo `xml:"FileInfo,omitempty"`
+}
+type BucketOriginFileInfo struct {
+	PrefixDirective bool   `xml:"PrefixDirective,omitempty"`
+	Prefix          string `xml:"Prefix,omitempty"`
+	Suffix          string `xml:"Suffix,omitempty"`
+}
+
+type BucketGetOriginResult BucketPutOriginOptions
+
+func (s *BucketService) PutOrigin(ctx context.Context, opt *BucketPutOriginOptions) (*Response, error) {
+	sendOpt := &sendOptions{
+		baseURL: s.client.BaseURL.BucketURL,
+		uri:     "/?origin",
+		method:  http.MethodPut,
+		body:    opt,
+	}
+	resp, err := s.client.send(ctx, sendOpt)
+	return resp, err
+}
+
+func (s *BucketService) GetOrigin(ctx context.Context) (*BucketGetOriginResult, *Response, error) {
+	var res BucketGetOriginResult
+	sendOpt := &sendOptions{
+		baseURL: s.client.BaseURL.BucketURL,
+		uri:     "/?origin",
+		method:  http.MethodGet,
+		result:  &res,
+	}
+	resp, err := s.client.send(ctx, sendOpt)
+	return &res, resp, err
+}
+
+func (s *BucketService) DeleteOrigin(ctx context.Context) (*Response, error) {
+	sendOpt := &sendOptions{
+		baseURL: s.client.BaseURL.BucketURL,
+		uri:     "/?origin",
+		method:  http.MethodDelete,
+	}
+	resp, err := s.client.send(ctx, sendOpt)
+	return resp, err
+}
--- a/vendor/github.com/tencentyun/cos-go-sdk-v5/bucket_policy.go
+++ b/vendor/github.com/tencentyun/cos-go-sdk-v5/bucket_policy.go
@@ -0,0 +1,71 @@
+package cos
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"net/http"
+	"strings"
+)
+
+type BucketStatement struct {
+	Principal map[string][]string               `json:"principal,omitempty"`
+	Action    []string                          `json:"action,omitempty"`
+	Effect    string                            `json:"effect,omitempty"`
+	Resource  []string                          `json:"resource,omitempty"`
+	Condition map[string]map[string]interface{} `json:"condition,omitempty"`
+}
+
+type BucketPutPolicyOptions struct {
+	Statement []BucketStatement   `json:"statement,omitempty"`
+	Version   string              `json:"version,omitempty"`
+	Principal map[string][]string `json:"principal,omitempty"`
+}
+
+type BucketGetPolicyResult BucketPutPolicyOptions
+
+func (s *BucketService) PutPolicy(ctx context.Context, opt *BucketPutPolicyOptions) (*Response, error) {
+	var f *strings.Reader
+	if opt != nil {
+		bs, err := json.Marshal(opt)
+		if err != nil {
+			return nil, err
+		}
+		body := string(bs)
+		f = strings.NewReader(body)
+	}
+	sendOpt := &sendOptions{
+		baseURL: s.client.BaseURL.BucketURL,
+		uri:     "/?policy",
+		method:  http.MethodPut,
+		body:    f,
+	}
+	resp, err := s.client.send(ctx, sendOpt)
+	return resp, err
+}
+
+func (s *BucketService) GetPolicy(ctx context.Context) (*BucketGetPolicyResult, *Response, error) {
+	var bs bytes.Buffer
+	var res BucketGetPolicyResult
+	sendOpt := &sendOptions{
+		baseURL: s.client.BaseURL.BucketURL,
+		uri:     "/?policy",
+		method:  http.MethodGet,
+		result:  &bs,
+	}
+	resp, err := s.client.send(ctx, sendOpt)
+	if err == nil {
+		err = json.Unmarshal(bs.Bytes(), &res)
+	}
+	return &res, resp, err
+}
+
+func (s *BucketService) DeletePolicy(ctx context.Context) (*Response, error) {
+	sendOpt := &sendOptions{
+		baseURL: s.client.BaseURL.BucketURL,
+		uri:     "/?policy",
+		method:  http.MethodDelete,
+	}
+	resp, err := s.client.send(ctx, sendOpt)
+	return resp, err
+}
--- a/vendor/github.com/tencentyun/cos-go-sdk-v5/bucket_referer.go
+++ b/vendor/github.com/tencentyun/cos-go-sdk-v5/bucket_referer.go
@@ -0,0 +1,40 @@
+package cos
+
+import (
+	"context"
+	"encoding/xml"
+	"net/http"
+)
+
+type BucketPutRefererOptions struct {
+	XMLName                 xml.Name `xml:"RefererConfiguration"`
+	Status                  string   `xml:"Status"`
+	RefererType             string   `xml:"RefererType"`
+	DomainList              []string `xml:"DomainList>Domain"`
+	EmptyReferConfiguration string   `xml:"EmptyReferConfiguration,omitempty"`
+}
+
+type BucketGetRefererResult BucketPutRefererOptions
+
+func (s *BucketService) PutReferer(ctx context.Context, opt *BucketPutRefererOptions) (*Response, error) {
+	sendOpt := &sendOptions{
+		baseURL: s.client.BaseURL.BucketURL,
+		uri:     "/?referer",
+		method:  http.MethodPut,
+		body:    opt,
+	}
+	resp, err := s.client.send(ctx, sendOpt)
+	return resp, err
+}
+
+func (s *BucketService) GetReferer(ctx context.Context) (*BucketGetRefererResult, *Response, error) {
+	var res BucketGetRefererResult
+	sendOpt := &sendOptions{
+		baseURL: s.client.BaseURL.BucketURL,
+		uri:     "/?referer",
+		method:  http.MethodGet,
+		result:  &res,
+	}
+	resp, err := s.client.send(ctx, sendOpt)
+	return &res, resp, err
+}
--- a/vendor/github.com/tencentyun/cos-go-sdk-v5/bucket_replication.go
+++ b/vendor/github.com/tencentyun/cos-go-sdk-v5/bucket_replication.go
@@ -28,11 +28,7 @@ type PutBucketReplicationOptions struct {
 }

 //  GetBucketReplicationResult is the result of GetBucketReplication
-type GetBucketReplicationResult struct {
-	XMLName xml.Name                `xml:"ReplicationConfiguration"`
-	Role    string                  `xml:"Role"`
-	Rule    []BucketReplicationRule `xml:"Rule"`
-}
+type GetBucketReplicationResult PutBucketReplicationOptions

 // PutBucketReplication https://cloud.tencent.com/document/product/436/19223
 func (s *BucketService) PutBucketReplication(ctx context.Context, opt *PutBucketReplicationOptions) (*Response, error) {
--- a/vendor/github.com/tencentyun/cos-go-sdk-v5/bucket_version.go
+++ b/vendor/github.com/tencentyun/cos-go-sdk-v5/bucket_version.go
@@ -13,10 +13,7 @@ type BucketPutVersionOptions struct {
 }

 // BucketGetVersionResult is the result of GetBucketVersioning
-type BucketGetVersionResult struct {
-	XMLName xml.Name `xml:"VersioningConfiguration"`
-	Status  string   `xml:"Status"`
-}
+type BucketGetVersionResult BucketPutVersionOptions

 // PutVersion https://cloud.tencent.com/document/product/436/19889
 // Status has Suspended\Enabled
--- a/vendor/github.com/tencentyun/cos-go-sdk-v5/bucket_website.go
+++ b/vendor/github.com/tencentyun/cos-go-sdk-v5/bucket_website.go
@@ -0,0 +1,71 @@
+package cos
+
+import (
+	"context"
+	"encoding/xml"
+	"net/http"
+)
+
+type WebsiteRoutingRule struct {
+	ConditionErrorCode string `xml:"Condition>HttpErrorCodeReturnedEquals,omitempty"`
+	ConditionPrefix    string `xml:"Condition>KeyPrefixEquals,omitempty"`
+
+	RedirectProtocol         string `xml:"Redirect>Protocol,omitempty"`
+	RedirectReplaceKey       string `xml:"Redirect>ReplaceKeyWith,omitempty"`
+	RedirectReplaceKeyPrefix string `xml:"Redirect>ReplaceKeyPrefixWith,omitempty"`
+}
+
+type WebsiteRoutingRules struct {
+	Rules []WebsiteRoutingRule `xml:"RoutingRule,omitempty"`
+}
+
+type ErrorDocument struct {
+	Key string `xml:"Key,omitempty"`
+}
+
+type RedirectRequestsProtocol struct {
+	Protocol string `xml:"Protocol,omitempty"`
+}
+
+type BucketPutWebsiteOptions struct {
+	XMLName          xml.Name                  `xml:"WebsiteConfiguration"`
+	Index            string                    `xml:"IndexDocument>Suffix"`
+	RedirectProtocol *RedirectRequestsProtocol `xml:"RedirectAllRequestsTo,omitempty"`
+	Error            *ErrorDocument            `xml:"ErrorDocument,omitempty"`
+	RoutingRules     *WebsiteRoutingRules      `xml:"RoutingRules,omitempty"`
+}
+
+type BucketGetWebsiteResult BucketPutWebsiteOptions
+
+func (s *BucketService) PutWebsite(ctx context.Context, opt *BucketPutWebsiteOptions) (*Response, error) {
+	sendOpt := &sendOptions{
+		baseURL: s.client.BaseURL.BucketURL,
+		uri:     "/?website",
+		method:  http.MethodPut,
+		body:    opt,
+	}
+	resp, err := s.client.send(ctx, sendOpt)
+	return resp, err
+}
+
+func (s *BucketService) GetWebsite(ctx context.Context) (*BucketGetWebsiteResult, *Response, error) {
+	var res BucketGetWebsiteResult
+	sendOpt := &sendOptions{
+		baseURL: s.client.BaseURL.BucketURL,
+		uri:     "/?website",
+		method:  http.MethodGet,
+		result:  &res,
+	}
+	resp, err := s.client.send(ctx, sendOpt)
+	return &res, resp, err
+}
+
+func (s *BucketService) DeleteWebsite(ctx context.Context) (*Response, error) {
+	sendOpt := &sendOptions{
+		baseURL: s.client.BaseURL.BucketURL,
+		uri:     "/?website",
+		method:  http.MethodDelete,
+	}
+	resp, err := s.client.send(ctx, sendOpt)
+	return resp, err
+}
--- a/vendor/github.com/tencentyun/cos-go-sdk-v5/ci.go
+++ b/vendor/github.com/tencentyun/cos-go-sdk-v5/ci.go
@@ -0,0 +1,24 @@
+package cos
+
+import (
+	"encoding/json"
+)
+
+type PicOperations struct {
+	IsPicInfo int                  `json:"is_pic_info,omitempty"`
+	Rules     []PicOperationsRules `json:"rules,omitemtpy"`
+}
+
+type PicOperationsRules struct {
+	Bucket string `json:"bucket,omitempty"`
+	FileId string `json:"fileid"`
+	Rule   string `json:"rule"`
+}
+
+func EncodePicOperations(pic *PicOperations) string {
+	bs, err := json.Marshal(pic)
+	if err != nil {
+		return ""
+	}
+	return string(bs)
+}
--- a/vendor/github.com/tencentyun/cos-go-sdk-v5/cos.go
+++ b/vendor/github.com/tencentyun/cos-go-sdk-v5/cos.go
@@ -11,6 +11,7 @@ import (
 	"net/http"
 	"net/url"
 	"reflect"
+	"strings"
 	"text/template"

 	"strconv"
@@ -21,7 +22,7 @@ import (

 const (
 	// Version current go sdk version
-	Version               = "0.7.3"
+	Version               = "0.7.10"
 	userAgent             = "cos-go-sdk-v5/" + Version
 	contentTypeXML        = "application/xml"
 	defaultServiceBaseURL = "http://service.cos.myqcloud.com"
@@ -39,6 +40,8 @@ type BaseURL struct {
 	BucketURL *url.URL
 	// 访问 service API 的基础 URL（不包含 path 部分）: http://example.com
 	ServiceURL *url.URL
+	// 访问 job API 的基础 URL （不包含 path 部分）: http://example.com
+	BatchURL *url.URL
 }

 // NewBucketURL 生成 BaseURL 所需的 BucketURL
@@ -69,6 +72,7 @@ func NewBucketURL(bucketName, region string, secure bool) *url.URL {
 type Client struct {
 	client *http.Client

+	Host      string
 	UserAgent string
 	BaseURL   *BaseURL

@@ -77,6 +81,7 @@ type Client struct {
 	Service *ServiceService
 	Bucket  *BucketService
 	Object  *ObjectService
+	Batch   *BatchService
 }

 type service struct {
@@ -93,6 +98,7 @@ func NewClient(uri *BaseURL, httpClient *http.Client) *Client {
 	if uri != nil {
 		baseURL.BucketURL = uri.BucketURL
 		baseURL.ServiceURL = uri.ServiceURL
+		baseURL.BatchURL = uri.BatchURL
 	}
 	if baseURL.ServiceURL == nil {
 		baseURL.ServiceURL, _ = url.Parse(defaultServiceBaseURL)
@@ -107,6 +113,7 @@ func NewClient(uri *BaseURL, httpClient *http.Client) *Client {
 	c.Service = (*ServiceService)(&c.common)
 	c.Bucket = (*BucketService)(&c.common)
 	c.Object = (*ObjectService)(&c.common)
+	c.Batch = (*BatchService)(&c.common)
 	return c
 }

@@ -158,6 +165,9 @@ func (c *Client) newRequest(ctx context.Context, baseURL *url.URL, uri, method s
 	if req.Header.Get("Content-Type") == "" && contentType != "" {
 		req.Header.Set("Content-Type", contentType)
 	}
+	if c.Host != "" {
+		req.Host = c.Host
+	}
 	return
 }

@@ -320,6 +330,8 @@ type ACLHeaderOptions struct {
 	XCosGrantRead        string `header:"x-cos-grant-read,omitempty" url:"-" xml:"-"`
 	XCosGrantWrite       string `header:"x-cos-grant-write,omitempty" url:"-" xml:"-"`
 	XCosGrantFullControl string `header:"x-cos-grant-full-control,omitempty" url:"-" xml:"-"`
+	XCosGrantReadACP     string `header:"x-cos-grant-read-acp,omitempty" url:"-" xml:"-"`
+	XCosGrantWriteACP    string `header:"x-cos-grant-write-acp,omitempty" url:"-" xml:"-"`
 }

 // ACLGrantee is the param of ACLGrant
@@ -344,3 +356,53 @@ type ACLXml struct {
 	Owner             *Owner
 	AccessControlList []ACLGrant `xml:"AccessControlList>Grant,omitempty"`
 }
+
+func decodeACL(resp *Response, res *ACLXml) {
+	ItemMap := map[string]string{
+		"ACL":          "x-cos-acl",
+		"READ":         "x-cos-grant-read",
+		"WRITE":        "x-cos-grant-write",
+		"READ_ACP":     "x-cos-grant-read-acp",
+		"WRITE_ACP":    "x-cos-grant-write-acp",
+		"FULL_CONTROL": "x-cos-grant-full-control",
+	}
+	publicACL := make(map[string]int)
+	resACL := make(map[string][]string)
+	for _, item := range res.AccessControlList {
+		if item.Grantee == nil {
+			continue
+		}
+		if item.Grantee.ID == "qcs::cam::anyone:anyone" || item.Grantee.URI == "http://cam.qcloud.com/groups/global/AllUsers" {
+			publicACL[item.Permission] = 1
+		} else if item.Grantee.ID != res.Owner.ID {
+			resACL[item.Permission] = append(resACL[item.Permission], "id=\""+item.Grantee.ID+"\"")
+		}
+	}
+	if publicACL["FULL_CONTROL"] == 1 || (publicACL["READ"] == 1 && publicACL["WRITE"] == 1) {
+		resACL["ACL"] = []string{"public-read-write"}
+	} else if publicACL["READ"] == 1 {
+		resACL["ACL"] = []string{"public-read"}
+	} else {
+		resACL["ACL"] = []string{"private"}
+	}
+
+	for item, header := range ItemMap {
+		if len(resp.Header.Get(header)) > 0 || len(resACL[item]) == 0 {
+			continue
+		}
+		resp.Header.Set(header, uniqueGrantID(resACL[item]))
+	}
+}
+
+func uniqueGrantID(grantIDs []string) string {
+	res := []string{}
+	filter := make(map[string]int)
+	for _, id := range grantIDs {
+		if filter[id] != 0 {
+			continue
+		}
+		filter[id] = 1
+		res = append(res, id)
+	}
+	return strings.Join(res, ",")
+}
--- a/vendor/github.com/tencentyun/cos-go-sdk-v5/error.go
+++ b/vendor/github.com/tencentyun/cos-go-sdk-v5/error.go
@@ -16,7 +16,7 @@ type ErrorResponse struct {
 	Code      string
 	Message   string
 	Resource  string
-	RequestID string `header:"x-cos-request-id,omitempty" url:"-" xml:"-"`
+	RequestID string `header:"x-cos-request-id,omitempty" url:"-" xml:"RequestId,omitempty"`
 	TraceID   string `xml:"TraceId,omitempty"`
 }

@@ -47,3 +47,25 @@ func checkResponse(r *http.Response) error {
 	}
 	return errorResponse
 }
+
+func IsNotFoundError(e error) bool {
+	if e == nil {
+		return false
+	}
+	err, ok := e.(*ErrorResponse)
+	if !ok {
+		return false
+	}
+	if err.Response != nil && err.Response.StatusCode == 404 {
+		return true
+	}
+	return false
+}
+
+func IsCOSError(e error) (*ErrorResponse, bool) {
+	if e == nil {
+		return nil, false
+	}
+	err, ok := e.(*ErrorResponse)
+	return err, ok
+}
--- a/vendor/github.com/tencentyun/cos-go-sdk-v5/go.mod
+++ b/vendor/github.com/tencentyun/cos-go-sdk-v5/go.mod
@@ -5,6 +5,7 @@ go 1.12
 require (
 	github.com/QcloudApi/qcloud_sign_golang v0.0.0-20141224014652-e4130a326409
 	github.com/google/go-querystring v1.0.0
+	github.com/google/uuid v1.1.1
 	github.com/mozillazg/go-httpheader v0.2.1
 	github.com/stretchr/testify v1.3.0
 )
--- a/vendor/github.com/tencentyun/cos-go-sdk-v5/go.sum
+++ b/vendor/github.com/tencentyun/cos-go-sdk-v5/go.sum
@@ -4,6 +4,8 @@ github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/google/go-querystring v1.0.0 h1:Xkwi/a1rcvNg1PPYe5vI8GbeBY/jrVuDX5ASuANWTrk=
 github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
+github.com/google/uuid v1.1.1 h1:Gkbcsh/GbpXz7lPftLA3P6TYMwjCLYm83jiFQZF/3gY=
+github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/mozillazg/go-httpheader v0.2.1 h1:geV7TrjbL8KXSyvghnFm+NyTux/hxwueTSrwhe88TQQ=
 github.com/mozillazg/go-httpheader v0.2.1/go.mod h1:jJ8xECTlalr6ValeXYdOF8fFUISeBAdw6E61aqQma60=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
--- a/vendor/github.com/tencentyun/cos-go-sdk-v5/object.go
+++ b/vendor/github.com/tencentyun/cos-go-sdk-v5/object.go
@@ -10,6 +10,7 @@ import (
 	"net/url"
 	"os"
 	"sort"
+	"strings"
 	"time"
 )

@@ -129,6 +130,7 @@ type ObjectPutHeaderOptions struct {
 	ContentType        string `header:"Content-Type,omitempty" url:"-"`
 	ContentMD5         string `header:"Content-MD5,omitempty" url:"-"`
 	ContentLength      int    `header:"Content-Length,omitempty" url:"-"`
+	ContentLanguage    string `header:"Content-Language,omitempty" url:"-"`
 	Expect             string `header:"Expect,omitempty" url:"-"`
 	Expires            string `header:"Expires,omitempty" url:"-"`
 	XCosContentSHA1    string `header:"x-cos-content-sha1,omitempty" url:"-"`
@@ -188,6 +190,7 @@ type ObjectCopyHeaderOptions struct {
 	CacheControl                    string `header:"Cache-Control,omitempty" url:"-"`
 	ContentDisposition              string `header:"Content-Disposition,omitempty" url:"-"`
 	ContentEncoding                 string `header:"Content-Encoding,omitempty" url:"-"`
+	ContentLanguage                 string `header:"Content-Language,omitempty" url:"-"`
 	ContentType                     string `header:"Content-Type,omitempty" url:"-"`
 	Expires                         string `header:"Expires,omitempty" url:"-"`
 	Expect                          string `header:"Expect,omitempty" url:"-"`
@@ -208,6 +211,8 @@ type ObjectCopyHeaderOptions struct {
 	XCosCopySourceSSECustomerAglo   string `header:"x-cos-copy-source-server-side-encryption-customer-algorithm,omitempty" url:"-" xml:"-"`
 	XCosCopySourceSSECustomerKey    string `header:"x-cos-copy-source-server-side-encryption-customer-key,omitempty" url:"-" xml:"-"`
 	XCosCopySourceSSECustomerKeyMD5 string `header:"x-cos-copy-source-server-side-encryption-customer-key-MD5,omitempty" url:"-" xml:"-"`
+	//兼容其他自定义头部
+	XOptionHeader *http.Header `header:"-,omitempty" url:"-" xml:"-"`
 }

 // ObjectCopyOptions is the option of Copy, choose header or body
@@ -232,11 +237,15 @@ type ObjectCopyResult struct {
 //
 // https://cloud.tencent.com/document/product/436/10881
 func (s *ObjectService) Copy(ctx context.Context, name, sourceURL string, opt *ObjectCopyOptions, id ...string) (*ObjectCopyResult, *Response, error) {
+	surl := strings.SplitN(sourceURL, "/", 2)
+	if len(surl) < 2 {
+		return nil, nil, errors.New(fmt.Sprintf("x-cos-copy-source format error: %s", sourceURL))
+	}
 	var u string
 	if len(id) == 1 {
-		u = fmt.Sprintf("%s?versionId=%s", encodeURIComponent(sourceURL), id[0])
+		u = fmt.Sprintf("%s/%s?versionId=%s", surl[0], encodeURIComponent(surl[1]), id[0])
 	} else if len(id) == 0 {
-		u = encodeURIComponent(sourceURL)
+		u = fmt.Sprintf("%s/%s", surl[0], encodeURIComponent(surl[1]))
 	} else {
 		return nil, nil, errors.New("wrong params")
 	}
@@ -268,19 +277,35 @@ func (s *ObjectService) Copy(ctx context.Context, name, sourceURL string, opt *O
 	return &res, resp, err
 }

+type ObjectDeleteOptions struct {
+	// SSE-C
+	XCosSSECustomerAglo   string `header:"x-cos-server-side-encryption-customer-algorithm,omitempty" url:"-" xml:"-"`
+	XCosSSECustomerKey    string `header:"x-cos-server-side-encryption-customer-key,omitempty" url:"-" xml:"-"`
+	XCosSSECustomerKeyMD5 string `header:"x-cos-server-side-encryption-customer-key-MD5,omitempty" url:"-" xml:"-"`
+	//兼容其他自定义头部
+	XOptionHeader *http.Header `header:"-,omitempty" url:"-" xml:"-"`
+	VersionId     string       `header:"-" url:"VersionId,omitempty" xml:"-"`
+}
+
 // Delete Object请求可以将一个文件（Object）删除。
 //
 // https://www.qcloud.com/document/product/436/7743
-func (s *ObjectService) Delete(ctx context.Context, name string) (*Response, error) {
+func (s *ObjectService) Delete(ctx context.Context, name string, opt ...*ObjectDeleteOptions) (*Response, error) {
+	var optHeader *ObjectDeleteOptions
 	// When use "" string might call the delete bucket interface
 	if len(name) == 0 {
 		return nil, errors.New("empty object name")
 	}
+	if len(opt) > 0 {
+		optHeader = opt[0]
+	}

 	sendOpt := sendOptions{
-		baseURL: s.client.BaseURL.BucketURL,
-		uri:     "/" + encodeURIComponent(name),
-		method:  http.MethodDelete,
+		baseURL:   s.client.BaseURL.BucketURL,
+		uri:       "/" + encodeURIComponent(name),
+		method:    http.MethodDelete,
+		optHeader: optHeader,
+		optQuery:  optHeader,
 	}
 	resp, err := s.client.send(ctx, &sendOpt)
 	return resp, err
@@ -417,9 +442,10 @@ type ObjectDeleteMultiResult struct {
 	XMLName        xml.Name `xml:"DeleteResult"`
 	DeletedObjects []Object `xml:"Deleted,omitempty"`
 	Errors         []struct {
-		Key     string
-		Code    string
-		Message string
+		Key       string `xml:",omitempty"`
+		Code      string `xml:",omitempty"`
+		Message   string `xml:",omitempty"`
+		VersionId string `xml:",omitempty"`
 	} `xml:"Error,omitempty"`
 }

@@ -449,6 +475,7 @@ type Object struct {
 	LastModified string `xml:",omitempty"`
 	StorageClass string `xml:",omitempty"`
 	Owner        *Owner `xml:",omitempty"`
+	VersionId    string `xml:",omitempty"`
 }

 // MultiUploadOptions is the option of the multiupload,
@@ -574,19 +601,43 @@ func SplitFileIntoChunks(filePath string, partSize int64) ([]Chunk, int, error)

 }

-// MultiUpload 为高级upload接口，并发分块上传
+// MultiUpload/Upload 为高级upload接口，并发分块上传
 // 注意该接口目前只供参考
 //
 // 当 partSize > 0 时，由调用者指定分块大小，否则由 SDK 自动切分，单位为MB
 // 由调用者指定分块大小时，请确认分块数量不超过10000
 //
-
 func (s *ObjectService) MultiUpload(ctx context.Context, name string, filepath string, opt *MultiUploadOptions) (*CompleteMultipartUploadResult, *Response, error) {
+	return s.Upload(ctx, name, filepath, opt)
+}
+
+func (s *ObjectService) Upload(ctx context.Context, name string, filepath string, opt *MultiUploadOptions) (*CompleteMultipartUploadResult, *Response, error) {
+	if opt == nil {
+		opt = &MultiUploadOptions{}
+	}
 	// 1.Get the file chunk
 	chunks, partNum, err := SplitFileIntoChunks(filepath, opt.PartSize)
 	if err != nil {
 		return nil, nil, err
 	}
+	if partNum == 0 {
+		var opt0 *ObjectPutOptions
+		if opt.OptIni != nil {
+			opt0 = &ObjectPutOptions{
+				opt.OptIni.ACLHeaderOptions,
+				opt.OptIni.ObjectPutHeaderOptions,
+			}
+		}
+		rsp, err := s.PutFromFile(ctx, name, filepath, opt0)
+		if err != nil {
+			return nil, rsp, err
+		}
+		result := &CompleteMultipartUploadResult{
+			Key:  name,
+			ETag: rsp.Header.Get("ETag"),
+		}
+		return result, rsp, nil
+	}

 	// 2.Init
 	optini := opt.OptIni
@@ -652,3 +703,69 @@ func (s *ObjectService) MultiUpload(ctx context.Context, name string, filepath s

 	return v, resp, err
 }
+
+type ObjectPutTaggingOptions struct {
+	XMLName xml.Name           `xml:"Tagging"`
+	TagSet  []ObjectTaggingTag `xml:"TagSet>Tag,omitempty"`
+}
+type ObjectTaggingTag BucketTaggingTag
+type ObjectGetTaggingResult ObjectPutTaggingOptions
+
+func (s *ObjectService) PutTagging(ctx context.Context, name string, opt *ObjectPutTaggingOptions, id ...string) (*Response, error) {
+	var u string
+	if len(id) == 1 {
+		u = fmt.Sprintf("/%s?tagging&versionId=%s", encodeURIComponent(name), id[0])
+	} else if len(id) == 0 {
+		u = fmt.Sprintf("/%s?tagging", encodeURIComponent(name))
+	} else {
+		return nil, errors.New("wrong params")
+	}
+	sendOpt := &sendOptions{
+		baseURL: s.client.BaseURL.BucketURL,
+		uri:     u,
+		method:  http.MethodPut,
+		body:    opt,
+	}
+	resp, err := s.client.send(ctx, sendOpt)
+	return resp, err
+}
+
+func (s *ObjectService) GetTagging(ctx context.Context, name string, id ...string) (*ObjectGetTaggingResult, *Response, error) {
+	var u string
+	if len(id) == 1 {
+		u = fmt.Sprintf("/%s?tagging&versionId=%s", encodeURIComponent(name), id[0])
+	} else if len(id) == 0 {
+		u = fmt.Sprintf("/%s?tagging", encodeURIComponent(name))
+	} else {
+		return nil, nil, errors.New("wrong params")
+	}
+
+	var res ObjectGetTaggingResult
+	sendOpt := &sendOptions{
+		baseURL: s.client.BaseURL.BucketURL,
+		uri:     u,
+		method:  http.MethodGet,
+		result:  &res,
+	}
+	resp, err := s.client.send(ctx, sendOpt)
+	return &res, resp, err
+}
+
+func (s *ObjectService) DeleteTagging(ctx context.Context, name string, id ...string) (*Response, error) {
+	var u string
+	if len(id) == 1 {
+		u = fmt.Sprintf("/%s?tagging&versionId=%s", encodeURIComponent(name), id[0])
+	} else if len(id) == 0 {
+		u = fmt.Sprintf("/%s?tagging", encodeURIComponent(name))
+	} else {
+		return nil, errors.New("wrong params")
+	}
+
+	sendOpt := &sendOptions{
+		baseURL: s.client.BaseURL.BucketURL,
+		uri:     u,
+		method:  http.MethodDelete,
+	}
+	resp, err := s.client.send(ctx, sendOpt)
+	return resp, err
+}
--- a/vendor/github.com/tencentyun/cos-go-sdk-v5/object_acl.go
+++ b/vendor/github.com/tencentyun/cos-go-sdk-v5/object_acl.go
@@ -6,7 +6,7 @@ import (
 )

 // ObjectGetACLResult is the result of GetObjectACL
-type ObjectGetACLResult ACLXml
+type ObjectGetACLResult = ACLXml

 // GetACL Get Object ACL接口实现使用API读取Object的ACL表，只有所有者有权操作。
 //
@@ -20,6 +20,9 @@ func (s *ObjectService) GetACL(ctx context.Context, name string) (*ObjectGetACLR
 		result:  &res,
 	}
 	resp, err := s.client.send(ctx, &sendOpt)
+	if err == nil {
+		decodeACL(resp, &res)
+	}
 	return &res, resp, err
 }

--- a/vendor/github.com/tencentyun/cos-go-sdk-v5/object_part.go
+++ b/vendor/github.com/tencentyun/cos-go-sdk-v5/object_part.go
@@ -114,8 +114,9 @@ func (s *ObjectService) ListParts(ctx context.Context, name, uploadID string, op

 // CompleteMultipartUploadOptions is the option of CompleteMultipartUpload
 type CompleteMultipartUploadOptions struct {
-	XMLName xml.Name `xml:"CompleteMultipartUpload"`
-	Parts   []Object `xml:"Part"`
+	XMLName       xml.Name     `xml:"CompleteMultipartUpload" header:"-" url:"-"`
+	Parts         []Object     `xml:"Part" header:"-" url:"-"`
+	XOptionHeader *http.Header `header:"-,omitempty" xml:"-" url:"-"`
 }

 // CompleteMultipartUploadResult is the result CompleteMultipartUpload
@@ -161,11 +162,12 @@ func (s *ObjectService) CompleteMultipartUpload(ctx context.Context, name, uploa
 	u := fmt.Sprintf("/%s?uploadId=%s", encodeURIComponent(name), uploadID)
 	var res CompleteMultipartUploadResult
 	sendOpt := sendOptions{
-		baseURL: s.client.BaseURL.BucketURL,
-		uri:     u,
-		method:  http.MethodPost,
-		body:    opt,
-		result:  &res,
+		baseURL:   s.client.BaseURL.BucketURL,
+		uri:       u,
+		method:    http.MethodPost,
+		optHeader: opt,
+		body:      opt,
+		result:    &res,
 	}
 	resp, err := s.client.send(ctx, &sendOpt)
 	// If the error occurs during the copy operation, the error response is embedded in the 200 OK response. This means that a 200 OK response can contain either a success or an error.
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -584,7 +584,7 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/errors
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/http
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile
-# github.com/tencentyun/cos-go-sdk-v5 v0.0.0-20191108095731-8ca4b370cde4
+# github.com/tencentyun/cos-go-sdk-v5 v0.7.10
 github.com/tencentyun/cos-go-sdk-v5
 github.com/tencentyun/cos-go-sdk-v5/debug
 # github.com/texttheater/golang-levenshtein v0.0.0-20180516184445-d188e65d659e