Object Storage Service (OSS) retention policies provide Write Once, Read Many (WORM) protection to prevent data from being modified or deleted. If you want to prevent all users, including resource owners, from modifying or deleting objects in an OSS bucket for a specified period, you can configure a retention policy for the bucket. Before the retention period expires, you can only upload and read objects in the bucket. After the retention period expires, you can modify or delete the objects.
Notes
Before you configure retention policies, make sure that you familiarize yourself with this feature. For more information, see Retention policies.
In this topic, the public endpoint of the China (Hangzhou) region is used. If you want to access OSS from other Alibaba Cloud services in the same region as OSS, use an internal endpoint. For more information about OSS regions and endpoints, see Regions and endpoints.
In this topic, access credentials are obtained from environment variables. For more information about how to configure access credentials, see Configure access credentials using OSS SDK for Python 1.0.
This topic demonstrates creating an OSSClient instance with an OSS endpoint. For alternative configurations, such as using a custom domain or authenticating with credentials from Security Token Service (STS), see Initialization.
Create a retention policy
The following code shows how to create a retention policy:
# -*- coding: utf-8 -*-
import oss2
from oss2.credentials import EnvironmentVariableCredentialsProvider
# Get access credentials from environment variables. Before you run this code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are set.
auth = oss2.ProviderAuthV4(EnvironmentVariableCredentialsProvider())
# Specify the endpoint of the region where the bucket is located. For example, if the bucket is in the China (Hangzhou) region, set the endpoint to https://oss-cn-hangzhou.aliyuncs.com.
endpoint = "https://oss-cn-hangzhou.aliyuncs.com"
# Specify the region that corresponds to the endpoint, such as cn-hangzhou. This parameter is required for V4 signatures.
region = "cn-hangzhou"
# Set yourBucketName to the name of your bucket.
bucket = oss2.Bucket(auth, endpoint, "yourBucketName", region=region)
# Create a retention policy and set the object retention period to 1 day.
result = bucket.init_bucket_worm(1)
# View the retention policy ID.
print(result.worm_id)Cancel an unlocked retention policy
The following code shows how to cancel an unlocked retention policy:
# -*- coding: utf-8 -*-
import oss2
from oss2.credentials import EnvironmentVariableCredentialsProvider
# Get access credentials from environment variables. Before you run this code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are set.
auth = oss2.ProviderAuthV4(EnvironmentVariableCredentialsProvider())
# Specify the endpoint of the region where the bucket is located. For example, if the bucket is in the China (Hangzhou) region, set the endpoint to https://oss-cn-hangzhou.aliyuncs.com.
endpoint = "https://oss-cn-hangzhou.aliyuncs.com"
# Specify the region that corresponds to the endpoint, such as cn-hangzhou. This parameter is required for V4 signatures.
region = "cn-hangzhou"
# Set yourBucketName to the name of your bucket.
bucket = oss2.Bucket(auth, endpoint, "yourBucketName", region=region)
# Cancel the unlocked retention policy.
bucket.abort_bucket_worm()Lock a retention policy
The following code shows how to lock a retention policy:
# -*- coding: utf-8 -*-
import oss2
from oss2.credentials import EnvironmentVariableCredentialsProvider
# Get access credentials from environment variables. Before you run this code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are set.
auth = oss2.ProviderAuthV4(EnvironmentVariableCredentialsProvider())
# Specify the endpoint of the region where the bucket is located. For example, if the bucket is in the China (Hangzhou) region, set the endpoint to https://oss-cn-hangzhou.aliyuncs.com.
endpoint = "https://oss-cn-hangzhou.aliyuncs.com"
# Specify the region that corresponds to the endpoint, such as cn-hangzhou. This parameter is required for V4 signatures.
region = "cn-hangzhou"
# Set yourBucketName to the name of your bucket.
bucket = oss2.Bucket(auth, endpoint, "yourBucketName", region=region)
# Lock the retention policy.
bucket.complete_bucket_worm('<yourWormId>')Get a retention policy
The following code shows how to retrieve a retention policy:
# -*- coding: utf-8 -*-
import oss2
from oss2.credentials import EnvironmentVariableCredentialsProvider
# Get access credentials from environment variables. Before you run this code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are set.
auth = oss2.ProviderAuthV4(EnvironmentVariableCredentialsProvider())
# Specify the endpoint of the region where the bucket is located. For example, if the bucket is in the China (Hangzhou) region, set the endpoint to https://oss-cn-hangzhou.aliyuncs.com.
endpoint = "https://oss-cn-hangzhou.aliyuncs.com"
# Specify the region that corresponds to the endpoint, such as cn-hangzhou. This parameter is required for V4 signatures.
region = "cn-hangzhou"
# Set yourBucketName to the name of your bucket.
bucket = oss2.Bucket(auth, endpoint, "yourBucketName", region=region)
# Get the retention policy.
result = bucket.get_bucket_worm()
# View the retention policy ID.
print(result.worm_id)
# View the retention policy status. The status is "InProgress" if the policy is not locked and "Locked" if the policy is locked.
print(result.state)
# View the retention period of objects.
print(result.retention_period_days)
# View the creation time of the retention policy.
print(result.creation_date)Extend the retention period of objects
The following code shows how to extend the retention period of objects in a locked retention policy:
# -*- coding: utf-8 -*-
import oss2
from oss2.credentials import EnvironmentVariableCredentialsProvider
# Get access credentials from environment variables. Before you run this code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are set.
auth = oss2.ProviderAuthV4(EnvironmentVariableCredentialsProvider())
# Specify the endpoint of the region where the bucket is located. For example, if the bucket is in the China (Hangzhou) region, set the endpoint to https://oss-cn-hangzhou.aliyuncs.com.
endpoint = "https://oss-cn-hangzhou.aliyuncs.com"
# Specify the region that corresponds to the endpoint, such as cn-hangzhou. This parameter is required for V4 signatures.
region = "cn-hangzhou"
# Set yourBucketName to the name of your bucket.
bucket = oss2.Bucket(auth, endpoint, "yourBucketName", region=region)
# Extend the retention period of objects in the locked retention policy.
bucket.extend_bucket_worm('<yourWormId>', 2)References
For a complete code example of retention policies, see the GitHub example.
For more information about the API operation to create a retention policy, see InitiateBucketWorm.
For more information about the API operation to cancel an unlocked retention policy, see AbortBucketWorm.
For more information about the API operation to lock a retention policy, see CompleteBucketWorm.
For more information about the API operation to retrieve a retention policy, see GetBucketWorm.
For more information about the API operation to extend the retention period of objects, see ExtendBucketWorm.