Prevent users from modifying or deleting data in a bucket within a specific period of time by configuring retention policies for the bucket by using OSS SDK for Go - Object Storage Service

The Write Once Read Many (WORM) feature of retention policies in Object Storage Service (OSS) allows you to prevent users from modifying or deleting data. If you do not want anyone, including resource owners, to modify or delete objects in a bucket within a specific period of time, you can configure a retention policy for the bucket. After you configure a retention policy, users can only read the objects in or upload objects to the bucket until the retention period ends. Users can modify or delete objects in the bucket only after the retention period ends.

Usage notes

Before you configure retention policies, make sure that you familiarize yourself with this feature. For more information, see Retention policies.

In this topic, the public endpoint of the China (Hangzhou) region is used. If you want to access OSS from other Alibaba Cloud services in the same region as OSS, use an internal endpoint. For more information about OSS regions and endpoints, see Regions and endpoints.
In this topic, access credentials are obtained from environment variables. For more information about how to configure access credentials, see Configure access credentials.
In this topic, an OSSClient instance is created by using an OSS endpoint. If you want to create an OSSClient instance by using custom domain names or Security Token Service (STS), see Initialization.

Create a retention policy

The following sample code provides an example on how to create a retention policy:

package main

import (
    "fmt"
    "github.com/aliyun/aliyun-oss-go-sdk/oss"
    "os"
)

func HandleError(err error) {
    fmt.Println("Error:", err)
    os.Exit(-1)
}

func main() {
	// Obtain access credentials from environment variables. Before you run the sample code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are configured. 
	provider, err := oss.NewEnvironmentVariableCredentialsProvider()
	if err != nil {
		fmt.Println("Error:", err)
		os.Exit(-1)
	}
	// Create an OSSClient instance. 
	// Specify the endpoint of the region in which the bucket is located. For example, if the bucket is located in the China (Hangzhou) region, set the endpoint to https://oss-cn-hangzhou.aliyuncs.com. Specify your actual endpoint. 
	client, err := oss.New("yourEndpoint", "", "", oss.SetCredentialsProvider(&provider))
	if err != nil {
		fmt.Println("Error:", err)
		os.Exit(-1)
	}

    // Specify the name of the bucket for which you want to configure a retention policy. 
    bucketname := "<yourBucketName>"
    // Set the retention period of the retention policy to 60 days. 
    result,err := client.InitiateBucketWorm(bucketname,60)
    if err != nil {
        HandleError(err)
    }

    fmt.Println(result)
}

Cancel an unlocked retention policy

The following sample code provides an example on how to cancel an unlocked retention policy:

package main

import (
    "fmt"
    "github.com/aliyun/aliyun-oss-go-sdk/oss"
    "os"
)

func HandleError(err error) {
    fmt.Println("Error:", err)
    os.Exit(-1)
}

func main() {
	// Obtain access credentials from environment variables. Before you run the sample code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are configured. 
	provider, err := oss.NewEnvironmentVariableCredentialsProvider()
	if err != nil {
		fmt.Println("Error:", err)
		os.Exit(-1)
	}
	// Create an OSSClient instance. 
	// Specify the endpoint of the region in which the bucket is located. For example, if the bucket is located in the China (Hangzhou) region, set the endpoint to https://oss-cn-hangzhou.aliyuncs.com. Specify your actual endpoint. 
	client, err := oss.New("yourEndpoint", "", "", oss.SetCredentialsProvider(&provider))
	if err != nil {
		fmt.Println("Error:", err)
		os.Exit(-1)
	}

    // Specify the name of the bucket from which you want to delete the retention policy. 
    bucketname := "<yourBucketName>"
    err = client.AbortBucketWorm(bucketname)
    if err != nil {
        HandleError(err)
    }
}

Lock a retention policy

The following sample code provides an example on how to lock a retention policy:

package main

import (
    "fmt"
    "github.com/aliyun/aliyun-oss-go-sdk/oss"
    "os"
)

func HandleError(err error) {
    fmt.Println("Error:", err)
    os.Exit(-1)
}

func main() {
	// Obtain access credentials from environment variables. Before you run the sample code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are configured. 
	provider, err := oss.NewEnvironmentVariableCredentialsProvider()
	if err != nil {
		fmt.Println("Error:", err)
		os.Exit(-1)
	}
	// Create an OSSClient instance. 
	// Specify the endpoint of the region in which the bucket is located. For example, if the bucket is located in the China (Hangzhou) region, set the endpoint to https://oss-cn-hangzhou.aliyuncs.com. Specify your actual endpoint. 
	client, err := oss.New("yourEndpoint", "", "", oss.SetCredentialsProvider(&provider))
	if err != nil {
		fmt.Println("Error:", err)
		os.Exit(-1)
	}

    // Specify the name of the bucket whose retention policy you want to lock. 
    bucketname := "<yourBucketName>"
    wormConfig,err := client.GetBucketWorm(bucketname)
    err = client.CompleteBucketWorm(bucketName,wormConfig.WormId)

    if err != nil {
        HandleError(err)
    }
}

Query retention policies

The following sample code provides an example on how to query the retention policies of a bucket:

package main

import (
    "fmt"
    "github.com/aliyun/aliyun-oss-go-sdk/oss"
    "os"
)

func HandleError(err error) {
    fmt.Println("Error:", err)
    os.Exit(-1)
}

func main() {
	// Obtain access credentials from environment variables. Before you run the sample code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are configured. 
	provider, err := oss.NewEnvironmentVariableCredentialsProvider()
	if err != nil {
		fmt.Println("Error:", err)
		os.Exit(-1)
	}
	// Create an OSSClient instance. 
	// Specify the endpoint of the region in which the bucket is located. For example, if the bucket is located in the China (Hangzhou) region, set the endpoint to https://oss-cn-hangzhou.aliyuncs.com. Specify your actual endpoint. 
	client, err := oss.New("yourEndpoint", "", "", oss.SetCredentialsProvider(&provider))
	if err != nil {
		fmt.Println("Error:", err)
		os.Exit(-1)
	}
    // Specify the name of the bucket whose retention policies you want to query. 
    bucketname := "<yourBucketName>"
    wormConfig,err := client.GetBucketWorm(bucketname)

    if err != nil {
        HandleError(err)
    }
    // Query the IDs of the retention policies. 
    fmt.Println(wormConfig.WormId)
    // Query the time when the retention policies were created. 
    fmt.Println(wormConfig.CreationDate)
    // Query the status of the retention policies. InProgress indicates that a retention policy is unlocked, and Locked indicates that a retention policy is locked. 
    fmt.Println(wormConfig.State)
    // Query the retention period of the retention policies. 
    fmt.Println(wormConfig.RetentionPeriodInDays)

}

Extend the retention period of a retention policy

The following sample code provides an example on how to extend the retention period of a locked retention policy:

package main

import (
    "fmt"
    "github.com/aliyun/aliyun-oss-go-sdk/oss"
    "os"
)

func HandleError(err error) {
    fmt.Println("Error:", err)
    os.Exit(-1)
}

func main() {
	// Obtain access credentials from environment variables. Before you run the sample code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are configured. 
	provider, err := oss.NewEnvironmentVariableCredentialsProvider()
	if err != nil {
		fmt.Println("Error:", err)
		os.Exit(-1)
	}
	// Create an OSSClient instance. 
	// Specify the endpoint of the region in which the bucket is located. For example, if the bucket is located in the China (Hangzhou) region, set the endpoint to https://oss-cn-hangzhou.aliyuncs.com. Specify your actual endpoint. 
	client, err := oss.New("yourEndpoint", "", "", oss.SetCredentialsProvider(&provider))
	if err != nil {
		fmt.Println("Error:", err)
		os.Exit(-1)
	}

    // Specify the name of the bucket whose retention policy you want to extend the retention period. 
    bucketname := "<yourBucketName>"
    wormConfig,err := client.GetBucketWorm(bucketname)
    // Extend the retention period of the locked retention policy to 30 days. 
    err = client.ExtendBucketWorm(bucketName,30,wormConfig.WormId)

    if err != nil {
        HandleError(err)
    }
}

References

For the complete sample code that is used to manage a retention policy, visit GitHub.
For more information about the API operation that you can call to create a retention policy, see InitiateBucketWorm.
For more information about the API operation that you can call to cancel an unlocked retention policy, see AbortBucketWorm.
For more information about the API operation that you can call to lock a retention policy, see CompleteBucketWorm.
For more information about the API operation that you can call to query retention policies, see GetBucketWorm.
For more information about the API operation that you can call to extend the retention period of a retention policy, see ExtendBucketWorm.