In Object Storage Service (OSS), retention policies provide Write Once Read Many (WORM) protection to prevent data from being modified or deleted. If you want to prevent all users, including resource owners, from modifying or deleting objects in an OSS bucket for a specified period, you can configure a data retention policy for the bucket. Before the retention period ends, you can only upload objects to or read objects from the bucket. You can modify or delete objects only after the retention period ends.
Usage notes
Before you configure retention policies, make sure that you familiarize yourself with this feature. For more information, see Retention policies.
In this topic, the public endpoint of the China (Hangzhou) region is used. If you want to access OSS from other Alibaba Cloud services in the same region as OSS, use an internal endpoint. For more information about OSS regions and endpoints, see Regions and endpoints.
In this topic, access credentials are obtained from environment variables. For more information about how to configure access credentials, see Configure access credentials using OSS SDK for Python 1.0.
In this topic, an OSSClient instance is created by using an OSS endpoint. If you want to create an OSSClient instance by using custom domain names or Security Token Service (STS), see Initialization.
You cannot configure a data retention policy (WORM) for a bucket that has versioning enabled.
Create a retention policy
The following sample code shows how to create a retention policy:
# -*- coding: utf-8 -*-
import oss2
from oss2.credentials import EnvironmentVariableCredentialsProvider
# Obtain access credentials from environment variables. Before you run the sample code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are configured.
auth = oss2.ProviderAuthV4(EnvironmentVariableCredentialsProvider())
# Specify the endpoint. For example, if your bucket is located in the China (Hangzhou) region, set the endpoint to https://oss-cn-hangzhou.aliyuncs.com.
endpoint = "https://oss-cn-hangzhou.aliyuncs.com"
# Specify the ID of the region that maps to the endpoint. Example: cn-hangzhou. This parameter is required if you use the V4 signature algorithm.
region = "cn-hangzhou"
# Replace yourBucketName with the name of your bucket.
bucket = oss2.Bucket(auth, endpoint, "yourBucketName", region=region)
# Create a retention policy and set the retention period to 1 day.
result = bucket.init_bucket_worm(1)
# Query the ID of the retention policy.
print(result.worm_id)Cancel an unlocked retention policy
The following sample code shows how to cancel an unlocked retention policy:
# -*- coding: utf-8 -*-
import oss2
from oss2.credentials import EnvironmentVariableCredentialsProvider
# Obtain access credentials from environment variables. Before you run the sample code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are configured.
auth = oss2.ProviderAuthV4(EnvironmentVariableCredentialsProvider())
# Specify the endpoint of the region in which the bucket is located. For example, if the bucket is located in the China (Hangzhou) region, set the endpoint to https://oss-cn-hangzhou.aliyuncs.com.
endpoint = "https://oss-cn-hangzhou.aliyuncs.com"
# Specify the ID of the region that corresponds to the endpoint. Example: cn-hangzhou. This parameter is required if you use the V4 signature algorithm.
region = "cn-hangzhou"
# Replace yourBucketName with the name of your bucket.
bucket = oss2.Bucket(auth, endpoint, "yourBucketName", region=region)
# Cancel the unlocked retention policy.
bucket.abort_bucket_worm()Lock a retention policy
The following sample code shows how to lock a retention policy:
# -*- coding: utf-8 -*-
import oss2
from oss2.credentials import EnvironmentVariableCredentialsProvider
# Obtain access credentials from environment variables. Before you run the sample code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are configured.
auth = oss2.ProviderAuthV4(EnvironmentVariableCredentialsProvider())
# Specify the endpoint of the region in which the bucket is located. For example, if the bucket is located in the China (Hangzhou) region, set the endpoint to https://oss-cn-hangzhou.aliyuncs.com.
endpoint = "https://oss-cn-hangzhou.aliyuncs.com"
# Specify the ID of the region that maps to the endpoint. Example: cn-hangzhou. This parameter is required if you use the V4 signature algorithm.
region = "cn-hangzhou"
# Replace yourBucketName with the name of your bucket.
bucket = oss2.Bucket(auth, endpoint, "yourBucketName", region=region)
# Lock the retention policy.
bucket.complete_bucket_worm('<yourWormId>')Get a data retention policy
The following sample code shows how to retrieve a data retention policy:
# -*- coding: utf-8 -*-
import oss2
from oss2.credentials import EnvironmentVariableCredentialsProvider
# Obtain access credentials from environment variables. Before you run this code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are set.
auth = oss2.ProviderAuthV4(EnvironmentVariableCredentialsProvider())
# Set the endpoint for the region where the bucket is located. For example, if the bucket is in the China (Hangzhou) region, set the endpoint to https://oss-cn-hangzhou.aliyuncs.com.
endpoint = "https://oss-cn-hangzhou.aliyuncs.com"
# Set the region that corresponds to the endpoint, such as cn-hangzhou. Note: This parameter is required for Signature V4.
region = "cn-hangzhou"
# Set yourBucketName to the name of your bucket.
bucket = oss2.Bucket(auth, endpoint, "yourBucketName", region=region)
# Get the data retention policy.
result = bucket.get_bucket_worm()
# View the ID of the data retention policy.
print(result.worm_id)
# View the status of the data retention policy. The status is "InProgress" if the policy is not locked and "Locked" if the policy is locked.
print(result.state)
# View the retention period for objects.
print(result.retention_period_days)
# View the creation time of the data retention policy.
print(result.creation_date)Extend the retention period of an object
The following sample code shows how to extend the retention period of an object in a locked data retention policy:
# -*- coding: utf-8 -*-
import oss2
from oss2.credentials import EnvironmentVariableCredentialsProvider
# Obtain access credentials from environment variables. Before running this code, ensure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are set.
auth = oss2.ProviderAuthV4(EnvironmentVariableCredentialsProvider())
# Set endpoint to the endpoint of the region where the bucket is located. For example, if the bucket is in the China (Hangzhou) region, set the endpoint to https://oss-cn-hangzhou.aliyuncs.com.
endpoint = "https://oss-cn-hangzhou.aliyuncs.com"
# Specify the region that corresponds to the endpoint, such as cn-hangzhou. This parameter is required for V4 signatures.
region = "cn-hangzhou"
# Replace yourBucketName with the name of your bucket.
bucket = oss2.Bucket(auth, endpoint, "yourBucketName", region=region)
# Extend the retention period of an object in a locked data retention policy.
bucket.extend_bucket_worm('<yourWormId>', 2)References
For a complete code example of a data retention policy, see the GitHub example.
For more information about creating a data retention policy, see InitiateBucketWorm.
For more information about canceling an unlocked data retention policy, see AbortBucketWorm.
For more information about locking a data retention policy, see CompleteBucketWorm.
For more information about retrieving a data retention policy, see GetBucketWorm.
For more information about extending the retention period of an object, see ExtendBucketWorm.