vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity

OBS S3 API

Browse Source 
Reviewed-by: Sabelnikov, Dmitriy <dmitriy.sabelnikov@t-systems.com>
Co-authored-by: zhangyue <zhangyue164@huawei.com>
Co-committed-by: zhangyue <zhangyue164@huawei.com>
This commit is contained in:
zhangyue 2023-03-14 12:40:31 +00:00 committed by zuul
parent 5b28b6b590
commit 5eee175e13
11 changed files with 131 additions and 121 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docs/obs/s3api/en-us_topic_0125560249.html
View File

@ -32,7 +32,7 @@ Date: date
&lt;Key&gt;TagNameJJ1&lt;/Key&gt;
&lt;Value&gt;tytttasceettt&lt;/Value&gt;
&lt;/Tag&gt;
&lt;/TagSet&gt;
&lt;/TagSet&gt;
&lt;/Tagging&gt;</pre>
</div>
<div class="section" id="EN-US_TOPIC_0125560249__section1737390614519"><h4 class="sectiontitle">Response Headers</h4><p id="EN-US_TOPIC_0125560249__p64499290104851">This response uses common headers. For details about common response headers, see section <a href="en-us_topic_0125560484.html">Common Response Headers</a>.</p>
@ -139,7 +139,7 @@ Content-Length: 441
&lt;Key&gt;TagNameJJ1&lt;/Key&gt;
&lt;Value&gt;tytttasceettt&lt;/Value&gt;
&lt;/Tag&gt;
&lt;/TagSet&gt;
&lt;/TagSet&gt;
&lt;/Tagging&gt;</pre>
</div>
</div>

2
docs/obs/s3api/en-us_topic_0125560255.html
View File

@ -326,7 +326,7 @@
&lt;HostId&gt;RkRCRDJENDc5MzdGQkQ4OUY3MTI4NTQ3NDk2Mjg0M0FB
QUFBQUFBYmJiYmJiYmJD&lt;/HostId&gt;
……
&lt;/Error&gt; </pre>
&lt;/Error&gt; </pre>
<p id="EN-US_TOPIC_0125560255__p48615844"><a href="#EN-US_TOPIC_0125560255__table127440">Table 9</a> describes the common elements contained in an error response.</p>
<div class="tablenoborder"><a name="EN-US_TOPIC_0125560255__table127440"></a><a name="table127440"></a><table cellpadding="4" cellspacing="0" summary="" id="EN-US_TOPIC_0125560255__table127440" frame="border" border="1" rules="all"><caption><b>Table 9 </b>Error response elements</caption><thead align="left"><tr id="EN-US_TOPIC_0125560255__row14347060"><th align="left" class="cellrowborder" valign="top" width="23.5%" id="mcps1.3.6.5.2.3.1.1"><p id="EN-US_TOPIC_0125560255__p21261182">Element</p>

2
docs/obs/s3api/en-us_topic_0125560310.html
View File

@ -117,7 +117,7 @@ x-amz-content-sha256:44ce7dd67c959e0d3524ffac1771dfbba87d2b6b4b4e99e42034a8b803f
<pre class="screen" id="EN-US_TOPIC_0125560310__screen44909216102033">DateKey = HMAC-SHA256("AWS4"+"&lt;SecretAccessKey&gt;", "&lt;yyyymmdd&gt;")
DateRegionKey = HMAC-SHA256(&lt;DateKey&gt;, "&lt;aws-region&gt;")
DateRegionServiceKey = HMAC-SHA256(&lt;DateRegionKey&gt;, "&lt;aws-service&gt;")
SigningKey = HMAC-SHA256(&lt;DateRegionServiceKey&gt;, "aws4_request"</pre>
SigningKey = HMAC-SHA256(&lt;DateRegionServiceKey&gt;, "aws4_request")</pre>
<p id="EN-US_TOPIC_0125560310__p57147330102033">Each field is described as follows:</p>
<ul id="EN-US_TOPIC_0125560310__ul11005539102033"><li id="EN-US_TOPIC_0125560310__li65206852102033"><strong id="EN-US_TOPIC_0125560310__b62479726102033">&lt;SecretAccessKey&gt;</strong>: Indicates the SK of the requester.</li></ul>
<ul id="EN-US_TOPIC_0125560310__ul64726130102033"><li id="EN-US_TOPIC_0125560310__li27387049102033"><em id="EN-US_TOPIC_0125560310__i53097589102033">&lt;yyyymmdd&gt;</em>: Indicates the period in which Signing Key obtained from Authorization in the HTTP header is valid.</li></ul>

64
docs/obs/s3api/en-us_topic_0125560316.html
View File

@ -42,22 +42,22 @@
Content-Length: 223
{
"Id": "Policy1375342051334",
"Statement": [
{
"Sid": "Stmt1375240018061",
"Action": [
"s3:GetBucketLogging"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::logging.bucket3",
"Principal": {
"AWS": [
"arn:aws:iam::783fc6652cf246c096ea836694f71855:root"
]
}
}
]
"Id": "Policy1375342051334",
"Statement": [
{
"Sid": "Stmt1375240018061",
"Action": [
"s3:GetBucketLogging"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::logging.bucket3",
"Principal": {
"AWS": [
"arn:aws:iam::783fc6652cf246c096ea836694f71855:root"
]
}
}
]
}</pre>
</div>
<div class="section" id="EN-US_TOPIC_0125560316__section32326581"><h4 class="sectiontitle">Sample Response: Grant OBS account permission</h4><pre class="screen" id="EN-US_TOPIC_0125560316__screen23553199115959">HTTP/1.1 204 No Content
@ -77,22 +77,22 @@ Authorization: AWS UDSIAMSTUBTEST000002:1YPpMv6hAokMd/r6Ft5/6SZANDw=
Content-Length: 256
{
"Id": "Policy1375342051335",
"Statement": [
{
"Sid": "Stmt1375240018062",
"Action": [
"s3:PutBucketLogging"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::logging.bucket3",
"Principal": {
"AWS": [
"arn:aws:iam::219d520ceac84c5a98b237431a2cf4c2:user/71f3901173514e6988115ea2c26d1999"
]
}
}
]
"Id": "Policy1375342051335",
"Statement": [
{
"Sid": "Stmt1375240018062",
"Action": [
"s3:PutBucketLogging"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::logging.bucket3",
"Principal": {
"AWS": [
"arn:aws:iam::219d520ceac84c5a98b237431a2cf4c2:user/71f3901173514e6988115ea2c26d1999"
]
}
}
]
}</pre>
</div>
<div class="section" id="EN-US_TOPIC_0125560316__section8966703165327"><h4 class="sectiontitle">Sample Response: Grant OBS user permission</h4><pre class="screen" id="EN-US_TOPIC_0125560316__screen34154268165327">HTTP/1.1 204 No Content

35
docs/obs/s3api/en-us_topic_0125560369.html
View File

@ -47,24 +47,25 @@ Server: OBS
Content-Type: application/xml
Date: Fri, 06 Sep 2013 07:06:42 GMT
Content-Length: 184
{
"Id": "Policy1375342051334",
"Statement": [
{
"Sid": "Stmt1375240018061",
"Action": [
"s3:GetBucketLogging"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::logging.bucket3",
"Principal": {
"AWS": [
"norman"
]
}
}
]
}</pre>
"Id": "Policy1375342051334",
"Statement": [
{
"Sid": "Stmt1375240018061",
"Action": [
"s3:GetBucketLogging"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::logging.bucket3",
"Principal": {
"AWS": [
"norman"
]
}
}
]
}</pre>
</div>
</div>
<div>

12
docs/obs/s3api/en-us_topic_0125560388.html
View File

@ -171,11 +171,13 @@ Accept: */*
Date: Tue, 07 Mar 2017 08:54:09 +0000
Authorization: AWS UDSIAMSTUBTEST000002:kaEwOixnSVuS6If3Q0Lnd6kxm5A=
Content-Length: 183
Expect: 100-continue
&lt;RestoreRequest xmlns="http://s3.amazonaws.com/doc/2006-3-01"&gt; &lt;Days&gt;3&lt;/Days&gt;
&lt;GlacierJobParameters&gt;
&lt;Tier&gt;Expedited&lt;/Tier&gt;
&lt;/GlacierJobParameters&gt;
Expect: 100-continue
&lt;RestoreRequest xmlns="http://s3.amazonaws.com/doc/2006-3-01"&gt;
&lt;Days&gt;3&lt;/Days&gt;
&lt;GlacierJobParameters&gt;
&lt;Tier&gt;Expedited&lt;/Tier&gt;
&lt;/GlacierJobParameters&gt;
&lt;/RestoreRequest&gt;</pre>
</div>
<div class="section" id="EN-US_TOPIC_0125560388__section4706316021116"><h4 class="sectiontitle">Sample Response</h4><pre class="screen" id="EN-US_TOPIC_0125560388__screen30285901602">HTTP/1.1 100 Continue

26
docs/obs/s3api/en-us_topic_0125560406.html
View File

@ -37,29 +37,31 @@
<p id="EN-US_TOPIC_0125560406__p65551371">The request for modifying or setting the ACL of a bucket or object must contain an ACL in the following syntax:</p>
<pre class="screen" id="EN-US_TOPIC_0125560406__screen41150262122245">&lt;AccessControlPolicy&gt;
&lt;Owner&gt;
&lt;ID&gt;id&lt;/ID&gt;
&lt;DisplayName&gt;displayname&lt;/DisplayName&gt;
&lt;ID&gt;id&lt;/ID&gt;
&lt;DisplayName&gt;displayname&lt;/DisplayName&gt;
&lt;/Owner&gt;
&lt;AccessControlList&gt;
&lt;Grant&gt;
&lt;Grantee&gt;grantee&lt;/Grantee&gt;
&lt;Permission&gt;permission&lt;/Permission&gt;
&lt;/Grant&gt;
&lt;Grant&gt;…………&lt;/Grant&gt;
&lt;Grant&gt;
&lt;Grantee&gt;grantee&lt;/Grantee&gt;
&lt;Permission&gt;permission&lt;/Permission&gt;
&lt;/Grant&gt;
&lt;Grant&gt;…………&lt;/Grant&gt;
&lt;/AccessControlList&gt;
&lt;/AccessControlPolicy&gt;</pre>
&lt;/AccessControlPolicy&gt;</pre>
<p id="EN-US_TOPIC_0125560406__p18693019">In the preceding ACL, <strong id="EN-US_TOPIC_0125560406__b56561662">permission</strong> indicates one of the five permission types supported by OBS. For details about the permission, see <a href="#EN-US_TOPIC_0125560406__table39984204">Table 2</a>. The format of content in <strong id="EN-US_TOPIC_0125560406__b18091872">Grantee</strong> varies with the grantee.</p>
<ol id="EN-US_TOPIC_0125560406__ol34019449"><li id="EN-US_TOPIC_0125560406__li28609126">An OBS user as the grantee<pre class="screen" id="EN-US_TOPIC_0125560406__screen56155543">&lt;Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser"&gt;
&lt;ID&gt;DomainId&lt;/ID&gt;
&lt;DisplayName&gt;displayname&lt;/DisplayName&gt;
&lt;/Grantee&gt;</pre>
&lt;/Grantee&gt;</pre>
</li><li id="EN-US_TOPIC_0125560406__li35637846">A registered user group user as the grantee<pre class="screen" id="EN-US_TOPIC_0125560406__screen52305163">&lt;Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="Group"&gt;
&lt;URI&gt;http://acs.amazonaws.com/groups/global/AuthenticatedUsers&lt;/URI&gt;
&lt;/Grantee&gt;</pre>
&lt;/Grantee&gt;</pre>
</li><li id="EN-US_TOPIC_0125560406__li984423">An anonymous user as the grantee<pre class="screen" id="EN-US_TOPIC_0125560406__screen8859811">&lt;Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="Group"&gt;
&lt;URI&gt;http://acs.amazonaws.com/groups/global/AllUsers&lt;/URI&gt;
&lt;/Grantee&gt;</pre>
</li><li id="EN-US_TOPIC_0125560406__li12629440">Log delivery user group user as the grantee<pre class="screen" id="EN-US_TOPIC_0125560406__screen43241719142820">&lt;Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="Group"&gt; &lt;URI&gt;http://acs.amazonaws.com/groups/s3/LogDelivery&lt;/URI&gt; &lt;/Grantee&gt;</pre>
&lt;/Grantee&gt;</pre>
</li><li id="EN-US_TOPIC_0125560406__li12629440">Log delivery user group user as the grantee<pre class="screen" id="EN-US_TOPIC_0125560406__screen43241719142820">&lt;Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="Group"&gt;
&lt;URI&gt;http://acs.amazonaws.com/groups/s3/LogDelivery&lt;/URI&gt;
&lt;/Grantee&gt;</pre>
</li></ol>
<div class="tablenoborder"><a name="EN-US_TOPIC_0125560406__table39984204"></a><a name="table39984204"></a><table cellpadding="4" cellspacing="0" summary="" id="EN-US_TOPIC_0125560406__table39984204" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Permission on an OBS bucket or object</caption><thead align="left"><tr id="EN-US_TOPIC_0125560406__row59544593"><th align="left" class="cellrowborder" valign="top" width="31.019999999999996%" id="mcps1.3.9.2.3.1.1"><p id="EN-US_TOPIC_0125560406__p58382711">Permission</p>

58
docs/obs/s3api/en-us_topic_0125560422.html
View File

@ -333,15 +333,15 @@
</div></div>
<p id="EN-US_TOPIC_0125560422__p55482381">A <strong id="EN-US_TOPIC_0125560422__b3997164419559">Condition</strong> block (element) can contain multiple key value pairs. The following example <strong id="EN-US_TOPIC_0125560422__b41511754105513">Condition</strong> block specifies requests initiated between 2009-04-16T12:00:00Z and 2009-04-16T15:00:00Z from IP addresses on network segment 192.168.176.0/24 or 192.168.143.0/24:</p>
<pre class="screen" id="EN-US_TOPIC_0125560422__screen36311305122426">"Condition" : {
"DateGreaterThan" : {
"aws:CurrentTime" : "2009-04-16T12:00:00Z"
},
"DateLessThan": {
"aws:CurrentTime" : "2009-04-16T15:00:00Z"
},
"IpAddress" : {
"aws:SourceIp" : ["192.168.176.0/24","192.168.143.0/24"]
}
"DateGreaterThan": {
"aws:CurrentTime" : "2009-04-16T12:00:00Z"
},
"DateLessThan": {
"aws:CurrentTime" : "2009-04-16T15:00:00Z"
},
"IpAddress": {
"aws:SourceIp" : ["192.168.176.0/24", "192.168.143.0/24"]
}
}</pre>
<p id="EN-US_TOPIC_0125560422__p9612155183517">A <strong id="EN-US_TOPIC_0125560422__b3531191135617">Condition</strong> block can contain two types of keys:</p>
<ul id="EN-US_TOPIC_0125560422__ul427655917355"><li id="EN-US_TOPIC_0125560422__li135681619363">General keys that have nothing to do with <strong id="EN-US_TOPIC_0125560422__b256815673610">Action</strong>.</li><li id="EN-US_TOPIC_0125560422__li92767598353">S3 service-specific keys associated with <strong id="EN-US_TOPIC_0125560422__b8530162311364">Action</strong>.</li></ul>
@ -608,35 +608,39 @@
<ul id="EN-US_TOPIC_0125560422__ul46447333"><li id="EN-US_TOPIC_0125560422__li15372815">Whitelist settings<p id="EN-US_TOPIC_0125560422__p62782511142935"><a name="EN-US_TOPIC_0125560422__li15372815"></a><a name="li15372815"></a>Users can set a whitelist to allow requests from the websites added in the whitelist and deny requests from any other website.</p>
<p id="EN-US_TOPIC_0125560422__p37429288143335">For the requests that are initialized from browsers' address boxes, that is, those HTTP requests with a blank <strong id="EN-US_TOPIC_0125560422__b84235270616856">referer</strong>, users can add the <strong id="EN-US_TOPIC_0125560422__b84235270616656">${null}</strong> field to <strong id="EN-US_TOPIC_0125560422__b84235270616720">"aws:Referer"</strong> of <strong id="EN-US_TOPIC_0125560422__b84235270616716">Condition</strong> to specify whether to allow the requests with a blank <strong id="EN-US_TOPIC_0125560422__b84235270616851">referer</strong>.</p>
<p id="EN-US_TOPIC_0125560422__p5627436792911">Set a whitelist based on the following policy setting:</p>
<pre class="screen" id="EN-US_TOPIC_0125560422__screen3670725792911">"Statement":[
<pre class="screen" id="EN-US_TOPIC_0125560422__screen3670725792911">"Statement": [
{"Sid": "1",
"Effect": "Allow",
"Principal": {"CanonicalUser":["*"]},
"Action": "s3:*",
"Resource":["arn:aws:s3:::bucket/*"],
},
{"Sid":"2",
"Effect":"Deny",
{"Sid": "2",
"Effect": "Deny",
"Principal":{"CanonicalUser":["*"]},
"Action":["s3:*"],
"Resource":["arn:aws:s3:::bucket/*"], "Condition":{
"StringNotEquals":
{"aws:Referer":["www.example01.com","${null}"]}
}
}
"Action": ["s3:*"],
"Resource": ["arn:aws:s3:::bucket/*"],
"Condition":{
"StringNotEquals":{
"aws:Referer": ["www.example01.com","${null}"]
}
}
}
]</pre>
<p id="EN-US_TOPIC_0125560422__p6192986592911">If you set a whitelist in this way, you can perform operations on resources in buckets only when the value of the <strong id="EN-US_TOPIC_0125560422__b14735440">referer</strong> parameter is <strong id="EN-US_TOPIC_0125560422__b65510096">www.example01.com</strong> or is blank.</p>
</li></ul>
<ul id="EN-US_TOPIC_0125560422__ul35976103"><li id="EN-US_TOPIC_0125560422__li55349471">Blacklist settings<p id="EN-US_TOPIC_0125560422__p28383193"><a name="EN-US_TOPIC_0125560422__li55349471"></a><a name="li55349471"></a>You can refer to the following policy settings to set a blacklist for access.</p>
<pre class="screen" id="EN-US_TOPIC_0125560422__screen54122151">"Statement":[
{"Sid":"1",
"Effect":"Deny",
"Principal":{"CanonicalUser":["*"]},
"Action":["s3:*"],
"Resource":["arn:aws:s3:::bucket/*"], "Condition":{
"StringEquals":
{"aws:Referer":["www.example01.com","www.example02.com"]}
}
<pre class="screen" id="EN-US_TOPIC_0125560422__screen54122151">"Statement": [
{"Sid":"1",
"Effect":"Deny",
"Principal":{"CanonicalUser":["*"]},
"Action":["s3: *"],
"Resource":["arn:aws:s3:::bucket/*"],
"Condition":{
"StringEquals":{
"aws:Referer":["www.example01.com", "www.example02.com"]
}
}
}
]</pre>
<p id="EN-US_TOPIC_0125560422__p17337312">If you set a blacklist in this way, you cannot perform operations on resources in buckets when the value of the <strong id="EN-US_TOPIC_0125560422__b08161047115612">referer</strong> parameter is <strong id="EN-US_TOPIC_0125560422__b19671331104418">www.example01.com</strong> or <strong id="EN-US_TOPIC_0125560422__b66717315445">www.example02.com</strong>.</p>

10
docs/obs/s3api/en-us_topic_0125560444.html
View File

@ -10,7 +10,7 @@
<ul id="EN-US_TOPIC_0125560444__ul28349038"><li id="EN-US_TOPIC_0125560444__li52218704">Existing objects with version IDs are not affected.</li><li id="EN-US_TOPIC_0125560444__li206293">OBS creates version ID <strong id="EN-US_TOPIC_0125560444__b1856645">null</strong> to an uploaded object and the object will be overwritten after a namesake one is uploaded.</li><li id="EN-US_TOPIC_0125560444__li16709807">Objects can be downloaded by version ID. By default, the latest object is downloaded if the version ID is not specified.</li><li id="EN-US_TOPIC_0125560444__li16170542">Objects can be deleted by version ID. If an object is deleted with no version ID specified, the object is only attached with a deletion mark and version ID <strong id="EN-US_TOPIC_0125560444__b11317154">null</strong>. Objects with version ID <strong id="EN-US_TOPIC_0125560444__b34745524">null</strong> are physically deleted.</li><li id="EN-US_TOPIC_0125560444__li44274261">Except deletion marks and object metadata, storage space occupied by objects with all version IDs is billed.</li></ul>
<p class="msonormal" id="EN-US_TOPIC_0125560444__p53814755">Only the bucket owner can set the bucket versioning state.</p>
<div class="section" id="EN-US_TOPIC_0125560444__section11440597"><h4 class="sectiontitle">Request Syntax</h4><pre class="screen" id="EN-US_TOPIC_0125560444__screen1290134121014">PUT /?versioning HTTP/1.1
User-Agent: agnet
User-Agent: agent
Host: bucketname.obs.example.com
Accept: */*
Date: date
@ -18,9 +18,9 @@
Content-Length: length
Expect: expect
&lt;VersioningConfiguration&gt;
&lt;VersioningConfiguration&gt;
&lt;Status&gt;status&lt;/Status&gt;
&lt;/VersioningConfiguration&gt;</pre>
&lt;/VersioningConfiguration&gt;</pre>
</div>
<div class="section" id="EN-US_TOPIC_0125560444__section35856517"><h4 class="sectiontitle">Request Parameters</h4><p id="EN-US_TOPIC_0125560444__p59271898">This request involves no parameters.</p>
</div>
@ -81,9 +81,9 @@ User-Agent: curl/7.29.0
Content-Length: 80
Expect: 100-continue
&lt;VersioningConfiguration&gt;
&lt;VersioningConfiguration&gt;
&lt;Status&gt;Enabled&lt;/Status&gt;
&lt;/VersioningConfiguration&gt;</pre>
&lt;/VersioningConfiguration&gt;</pre>
</div>
<div class="section" id="EN-US_TOPIC_0125560444__section47625841"><h4 class="sectiontitle">Sample Response</h4><pre class="screen" id="EN-US_TOPIC_0125560444__screen31587236121056">HTTP/1.1 200 OK
Server: OBS

37
docs/obs/s3api/en-us_topic_0125560445.html
View File

@ -51,24 +51,25 @@
</tbody>
</table>
</div>
<p id="EN-US_TOPIC_0125560445__p61753355113454">OBS supports bucket policies. If you want to restrict server-side encryption for all objects stored in a bucket, you can use bucket policies. For example, if an object upload request does not contain <strong id="EN-US_TOPIC_0125560445__b18909286113454">x-amz-server-side-encryption:"aws:kms"</strong>, the header for requesting server-side encryption (SSE-KMS), the following bucket policy rejects the upload request:</p>
<p id="EN-US_TOPIC_0125560445__p35965848113454">{</p>
<p id="EN-US_TOPIC_0125560445__p55257178113454">"Version":"2008-10-17",</p>
<p id="EN-US_TOPIC_0125560445__p27552557113454">"Id":"PutObjPolicy",</p>
<p id="EN-US_TOPIC_0125560445__p46646427113454">"Statement":[{</p>
<p id="EN-US_TOPIC_0125560445__p17164659113454">"Sid":"DenyUnEncryptedObjectUploads",</p>
<p id="EN-US_TOPIC_0125560445__p20264208113454">"Effect":"Deny",</p>
<p id="EN-US_TOPIC_0125560445__p48160145113454">"Principal":"*",</p>
<p id="EN-US_TOPIC_0125560445__p30788129113454">"Action":"s3:PutObject",</p>
<p id="EN-US_TOPIC_0125560445__p8657712113454">"Resource":"arn:aws:s3:::YourBucket/*",</p>
<p id="EN-US_TOPIC_0125560445__p10810552113454">"Condition":{</p>
<p id="EN-US_TOPIC_0125560445__p30186104113454">"StringNotEquals":{</p>
<p id="EN-US_TOPIC_0125560445__p3239482113454">"s3:x-amz-server-side-encryption":"aws:kms"</p>
<p id="EN-US_TOPIC_0125560445__p29155344113454">}</p>
<p id="EN-US_TOPIC_0125560445__p61071505113454">}</p>
<p id="EN-US_TOPIC_0125560445__p12772640113454">}</p>
<p id="EN-US_TOPIC_0125560445__p47844901113454">]</p>
<p id="EN-US_TOPIC_0125560445__p27950929113454">}</p>
<div class="p" id="EN-US_TOPIC_0125560445__p61753355113454">OBS supports bucket policies. If you want to restrict server-side encryption for all objects stored in a bucket, you can use bucket policies. For example, if an object upload request does not contain <strong id="EN-US_TOPIC_0125560445__b18909286113454">x-amz-server-side-encryption:"aws:kms"</strong>, the header for requesting server-side encryption (SSE-KMS), the following bucket policy rejects the upload request:<pre class="screen" id="EN-US_TOPIC_0125560445__screen1626613663319">{
"Version":"2008-10-17",
"Id":"PutObjPolicy",
"Statement": [
{
"Sid": "DenyUnEncryptedObjectUploads",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::YourBucket/*",
"Condition": {
"StringNotEquals": {
"s3:x-amz-server-side-encryption": "aws:kms"
}
}
}
]
}</pre>
</div>
</div>
<div>
<div class="familylinks">

2
docs/obs/s3api/en-us_topic_0125560497.html
View File

@ -4,7 +4,7 @@
<div id="body27089021"><p class="msonormal" id="EN-US_TOPIC_0125560497__p58684749">You can use this operation to get the bucket lifecycle configuration.</p>
<p class="msonormal" id="EN-US_TOPIC_0125560497__p58400697">Only users granted the <strong id="EN-US_TOPIC_0125560497__b58396206519">s3:GetLifecycleConfiguration</strong> permission can view the bucket lifecycle configuration. By default, only the bucket owner can get the bucket lifecycle configuration. The bucket owner can allow other users to get the bucket lifecycle configuration by granting them the permission.</p>
<div class="section" id="EN-US_TOPIC_0125560497__section52483186"><h4 class="sectiontitle">Request Syntax</h4><pre class="screen" id="EN-US_TOPIC_0125560497__screen1406640212436">GET /?lifecycle HTTP/1.1
User-Agent: agnet
User-Agent: agent
Host: bucketname.obs.example.com
Accept: */*
Date: date