How to create, obtain, and lock retention policies - Object Storage Service

You can configure a time-based retention policy for an Object Storage Service (OSS) bucket. The retention policy has a retention period that ranges from 1 day to 70 years. This topic describes how to create, query, and lock a retention policy.

Usage notes

In this topic, the public endpoint of the China (Hangzhou) region is used. If you want to access OSS from other Alibaba Cloud services in the same region as OSS, use an internal endpoint. For more information about OSS regions and endpoints, see Regions and endpoints.
In this topic, access credentials are obtained from environment variables. For more information about how to configure access credentials, see Configure access credentials.
In this topic, an OSSClient instance is created by using an OSS endpoint. If you want to create an OSSClient instance by using custom domain names or Security Token Service (STS), see Configure OSSClient instances.

Sample code

Create a retention policy

Important

You cannot configure both versioning and a retention policy for the same bucket. Before you create a retention policy for a bucket, make sure that versioning is disabled for that bucket.

The following code shows how to create a retention policy:

package main

import (
	"log"

	"github.com/aliyun/aliyun-oss-go-sdk/oss"
)

func main() {
	// Obtain access credentials from environment variables. Before you run this sample code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are set.
	provider, err := oss.NewEnvironmentVariableCredentialsProvider()
	if err != nil {
		log.Fatalf("Error creating credentials provider: %v", err)
	}

	// Create an OSSClient instance.
	// Set yourEndpoint to the Endpoint of the bucket. For example, for the China (Hangzhou) region, set the Endpoint to https://oss-cn-hangzhou.aliyuncs.com. For other regions, use the actual Endpoint.
	// Set yourRegion to the region where the bucket is located. For example, for the China (Hangzhou) region, set the region to cn-hangzhou. For other regions, use the actual region.
	clientOptions := []oss.ClientOption{oss.SetCredentialsProvider(&provider)}
	clientOptions = append(clientOptions, oss.Region("yourRegion"))
	// Set the signature version.
	clientOptions = append(clientOptions, oss.AuthVersion(oss.AuthV4))
	client, err := oss.New("yourEndpoint", "", "", clientOptions...)
	if err != nil {
		log.Fatalf("Error creating OSS client: %v", err)
	}

	// Specify the name of the bucket for which you want to configure a retention policy.
	bucketName := "<yourBucketName>"

	// Set the retention period for objects to 60 days.
	result, err := client.InitiateBucketWorm(bucketName, 60)
	if err != nil {
		log.Fatalf("Error initiating bucket WORM: %v", err)
	}

	log.Println("WORM policy initiated successfully:", result)
}

Cancel an unlocked retention policy

The following code shows how to cancel an unlocked retention policy:

package main

import (
	"log"

	"github.com/aliyun/aliyun-oss-go-sdk/oss"
)

func main() {
	// Obtain access credentials from environment variables. Before you run this sample code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are set.
	provider, err := oss.NewEnvironmentVariableCredentialsProvider()
	if err != nil {
		log.Fatalf("Error creating credentials provider: %v", err)
	}

	// Create an OSSClient instance.
	// Set yourEndpoint to the Endpoint of the bucket. For example, for the China (Hangzhou) region, set the Endpoint to https://oss-cn-hangzhou.aliyuncs.com. For other regions, use the actual Endpoint.
	// Set yourRegion to the region where the bucket is located. For example, for the China (Hangzhou) region, set the region to cn-hangzhou. For other regions, use the actual region.
	clientOptions := []oss.ClientOption{oss.SetCredentialsProvider(&provider)}
	clientOptions = append(clientOptions, oss.Region("yourRegion"))
	// Set the signature version.
	clientOptions = append(clientOptions, oss.AuthVersion(oss.AuthV4))
	client, err := oss.New("yourEndpoint", "", "", clientOptions...)
	if err != nil {
		log.Fatalf("Error creating OSS client: %v", err)
	}

	// Specify the name of the bucket whose retention policy you want to cancel.
	bucketName := "<yourBucketName>"

	// Cancel the retention policy.
	err = client.AbortBucketWorm(bucketName)
	if err != nil {
		log.Fatalf("Error aborting bucket WORM: %v", err)
	}

	log.Println("Bucket WORM policy aborted successfully")
}

Lock a retention policy

The following code shows how to lock a retention policy:

package main

import (
	"log"

	"github.com/aliyun/aliyun-oss-go-sdk/oss"
)

func main() {
	// Obtain access credentials from environment variables. Before you run this sample code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are set.
	provider, err := oss.NewEnvironmentVariableCredentialsProvider()
	if err != nil {
		log.Fatalf("Error creating credentials provider: %v", err)
	}

	// Create an OSSClient instance.
	// Set yourEndpoint to the Endpoint of the bucket. For example, for the China (Hangzhou) region, set the Endpoint to https://oss-cn-hangzhou.aliyuncs.com. For other regions, use the actual Endpoint.
	// Set yourRegion to the region where the bucket is located. For example, for the China (Hangzhou) region, set the region to cn-hangzhou. For other regions, use the actual region.
	clientOptions := []oss.ClientOption{oss.SetCredentialsProvider(&provider)}
	clientOptions = append(clientOptions, oss.Region("yourRegion"))
	// Set the signature version.
	clientOptions = append(clientOptions, oss.AuthVersion(oss.AuthV4))
	client, err := oss.New("yourEndpoint", "", "", clientOptions...)
	if err != nil {
		log.Fatalf("Error creating OSS client: %v", err)
	}

	// Specify the name of the bucket whose retention policy you want to lock.
	bucketName := "<yourBucketName>"

	// Obtain the current WORM configuration.
	wormConfig, err := client.GetBucketWorm(bucketName)
	if err != nil {
		log.Fatalf("Error getting bucket WORM configuration: %v", err)
	}

	// Lock the retention policy.
	err = client.CompleteBucketWorm(bucketName, wormConfig.WormId)
	if err != nil {
		log.Fatalf("Error completing bucket WORM: %v", err)
	}

	log.Println("Bucket WORM policy locked successfully")
}

Obtain a retention policy

The following code shows how to obtain the configuration of a retention policy:

package main

import (
	"log"

	"github.com/aliyun/aliyun-oss-go-sdk/oss"
)

func main() {
	// Obtain access credentials from environment variables. Before you run this sample code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are set.
	provider, err := oss.NewEnvironmentVariableCredentialsProvider()
	if err != nil {
		log.Fatalf("Error creating credentials provider: %v", err)
	}

	// Create an OSSClient instance.
	// Set yourEndpoint to the Endpoint of the bucket. For example, for the China (Hangzhou) region, set the Endpoint to https://oss-cn-hangzhou.aliyuncs.com. For other regions, use the actual Endpoint.
	// Set yourRegion to the region where the bucket is located. For example, for the China (Hangzhou) region, set the region to cn-hangzhou. For other regions, use the actual region.
	clientOptions := []oss.ClientOption{oss.SetCredentialsProvider(&provider)}
	clientOptions = append(clientOptions, oss.Region("yourRegion"))
	// Set the signature version.
	clientOptions = append(clientOptions, oss.AuthVersion(oss.AuthV4))
	client, err := oss.New("yourEndpoint", "", "", clientOptions...)
	if err != nil {
		log.Fatalf("Error creating OSS client: %v", err)
	}

	// Specify the name of the bucket whose retention policy configuration you want to obtain.
	bucketName := "<yourBucketName>"

	// Obtain the retention policy configuration.
	wormConfig, err := client.GetBucketWorm(bucketName)
	if err != nil {
		log.Fatalf("Error getting bucket WORM configuration: %v", err)
	}

	// View the retention policy ID.
	log.Printf("WORM Policy ID: %d", wormConfig.WormId)

	// View the creation time of the retention policy.
	log.Printf("Creation Date: %s", wormConfig.CreationDate)

	// View the status of the retention policy. The status is "InProgress" if the policy is not locked, and "Locked" if the policy is locked.
	log.Printf("State: %s", wormConfig.State)

	// View the retention period for objects in days.
	log.Printf("Retention Period (days): %d", wormConfig.RetentionPeriodInDays)
}

Extend the retention period for objects

The following code shows how to extend the retention period for objects in a locked retention policy:

package main

import (
	"log"

	"github.com/aliyun/aliyun-oss-go-sdk/oss"
)

func main() {
	// Obtain access credentials from environment variables. Before you run this sample code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are set.
	provider, err := oss.NewEnvironmentVariableCredentialsProvider()
	if err != nil {
		log.Fatalf("Error creating credentials provider: %v", err)
	}

	// Create an OSSClient instance.
	// Set yourEndpoint to the Endpoint of the bucket. For example, for the China (Hangzhou) region, set the Endpoint to https://oss-cn-hangzhou.aliyuncs.com. For other regions, use the actual Endpoint.
	// Set yourRegion to the region where the bucket is located. For example, for the China (Hangzhou) region, set the region to cn-hangzhou. For other regions, use the actual region.
	clientOptions := []oss.ClientOption{oss.SetCredentialsProvider(&provider)}
	clientOptions = append(clientOptions, oss.Region("yourRegion"))
	// Set the signature version.
	clientOptions = append(clientOptions, oss.AuthVersion(oss.AuthV4))
	client, err := oss.New("yourEndpoint", "", "", clientOptions...)
	if err != nil {
		log.Fatalf("Error creating OSS client: %v", err)
	}

	// Specify the name of the bucket that contains the objects whose retention period you want to extend.
	bucketName := "<yourBucketName>"

	// Obtain the current WORM configuration.
	wormConfig, err := client.GetBucketWorm(bucketName)
	if err != nil {
		log.Fatalf("Error getting bucket WORM configuration: %v", err)
	}

	// Extend the retention period for objects in the locked retention policy to 30 days.
	err = client.ExtendBucketWorm(bucketName, 30, wormConfig.WormId)
	if err != nil {
		log.Fatalf("Error extending bucket WORM: %v", err)
	}

	log.Println("Bucket WORM protection period extended successfully")
}

References

For the complete sample code for retention policies, see GitHub examples.
For more information about how to create a retention policy, see InitiateBucketWorm.
For more information about how to cancel an unlocked retention policy, see AbortBucketWorm.
For more information about how to lock a retention policy, see CompleteBucketWorm.
For more information about how to obtain the configuration of a retention policy, see GetBucketWorm.
For more information about how to extend the retention period for objects, see ExtendBucketWorm.