Lock a time-based retention policy on a bucket to make it permanent and compliant with regulations. Once locked, the policy cannot be deleted, and the retention period can only be extended—never shortened.
Prerequisites
Before you begin, ensure that you have:
The
oss:CompleteBucketWormpermission. For details, see Attach a custom policy to a RAM userA retention policy in the
InProgressstate. Policies remain in this state for 24 hours after creation
Usage notes
After you create a time-based retention policy, it enters the InProgress state for 24 hours. During this window, the policy protects bucket data, and you can still delete or lock it.
The outcome depends on whether you lock the policy before the window closes:
| State | What you can do | What you cannot do |
|---|---|---|
| Locked | Extend the retention period | Delete the policy; shorten the retention period |
| Not locked (after 24 hours) | — | The policy expires and becomes invalid |
Lock the policy after you finish testing to meet regulatory compliance requirements.
Syntax
ossutil api complete-bucket-worm --bucket <value> --worm-id <value> [flags]Parameters
| Parameter | Type | Description |
|---|---|---|
--bucket | string | The name of the bucket |
--worm-id | string | The ID of the retention policy to lock |
For available flags, see Command-line options.
Example
Lock the retention policy 123 on examplebucket:
ossutil api complete-bucket-worm --bucket examplebucket --worm-id 123