vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity

OBS S3 API

Browse Source 
Reviewed-by: Sabelnikov, Dmitriy <dmitriy.sabelnikov@t-systems.com>
Co-authored-by: zhangyue <zhangyue164@huawei.com>
Co-committed-by: zhangyue <zhangyue164@huawei.com>
This commit is contained in:
zhangyue 2023-03-14 12:40:31 +00:00 committed by zuul
parent 5b28b6b590
commit 5eee175e13
11 changed files with 131 additions and 121 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/obs/s3api/en-us_topic_0125560310.html
View File

@ -117,7 +117,7 @@ x-amz-content-sha256:44ce7dd67c959e0d3524ffac1771dfbba87d2b6b4b4e99e42034a8b803f
<pre class="screen" id="EN-US_TOPIC_0125560310__screen44909216102033">DateKey = HMAC-SHA256("AWS4"+"&lt;SecretAccessKey&gt;", "&lt;yyyymmdd&gt;")
DateRegionKey = HMAC-SHA256(&lt;DateKey&gt;, "&lt;aws-region&gt;")
DateRegionServiceKey = HMAC-SHA256(&lt;DateRegionKey&gt;, "&lt;aws-service&gt;")
SigningKey = HMAC-SHA256(&lt;DateRegionServiceKey&gt;, "aws4_request"</pre>
SigningKey = HMAC-SHA256(&lt;DateRegionServiceKey&gt;, "aws4_request")</pre>
<p id="EN-US_TOPIC_0125560310__p57147330102033">Each field is described as follows:</p>
<ul id="EN-US_TOPIC_0125560310__ul11005539102033"><li id="EN-US_TOPIC_0125560310__li65206852102033"><strong id="EN-US_TOPIC_0125560310__b62479726102033">&lt;SecretAccessKey&gt;</strong>: Indicates the SK of the requester.</li></ul>
<ul id="EN-US_TOPIC_0125560310__ul64726130102033"><li id="EN-US_TOPIC_0125560310__li27387049102033"><em id="EN-US_TOPIC_0125560310__i53097589102033">&lt;yyyymmdd&gt;</em>: Indicates the period in which Signing Key obtained from Authorization in the HTTP header is valid.</li></ul>

1
docs/obs/s3api/en-us_topic_0125560369.html
View File

@ -47,6 +47,7 @@ Server: OBS
Content-Type: application/xml
Date: Fri, 06 Sep 2013 07:06:42 GMT
Content-Length: 184
{
"Id": "Policy1375342051334",
"Statement": [

4
docs/obs/s3api/en-us_topic_0125560388.html
View File

@ -172,7 +172,9 @@ Date: Tue, 07 Mar 2017 08:54:09 +0000
Authorization: AWS UDSIAMSTUBTEST000002:kaEwOixnSVuS6If3Q0Lnd6kxm5A=
Content-Length: 183
Expect: 100-continue
&lt;RestoreRequest xmlns="http://s3.amazonaws.com/doc/2006-3-01"&gt; &lt;Days&gt;3&lt;/Days&gt;
&lt;RestoreRequest xmlns="http://s3.amazonaws.com/doc/2006-3-01"&gt;
&lt;Days&gt;3&lt;/Days&gt;
&lt;GlacierJobParameters&gt;
&lt;Tier&gt;Expedited&lt;/Tier&gt;
&lt;/GlacierJobParameters&gt;

4
docs/obs/s3api/en-us_topic_0125560406.html
View File

@ -59,7 +59,9 @@
</li><li id="EN-US_TOPIC_0125560406__li984423">An anonymous user as the grantee<pre class="screen" id="EN-US_TOPIC_0125560406__screen8859811">&lt;Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="Group"&gt;
&lt;URI&gt;http://acs.amazonaws.com/groups/global/AllUsers&lt;/URI&gt;
&lt;/Grantee&gt;</pre>
</li><li id="EN-US_TOPIC_0125560406__li12629440">Log delivery user group user as the grantee<pre class="screen" id="EN-US_TOPIC_0125560406__screen43241719142820">&lt;Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="Group"&gt; &lt;URI&gt;http://acs.amazonaws.com/groups/s3/LogDelivery&lt;/URI&gt; &lt;/Grantee&gt;</pre>
</li><li id="EN-US_TOPIC_0125560406__li12629440">Log delivery user group user as the grantee<pre class="screen" id="EN-US_TOPIC_0125560406__screen43241719142820">&lt;Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="Group"&gt;
&lt;URI&gt;http://acs.amazonaws.com/groups/s3/LogDelivery&lt;/URI&gt;
&lt;/Grantee&gt;</pre>
</li></ol>
<div class="tablenoborder"><a name="EN-US_TOPIC_0125560406__table39984204"></a><a name="table39984204"></a><table cellpadding="4" cellspacing="0" summary="" id="EN-US_TOPIC_0125560406__table39984204" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Permission on an OBS bucket or object</caption><thead align="left"><tr id="EN-US_TOPIC_0125560406__row59544593"><th align="left" class="cellrowborder" valign="top" width="31.019999999999996%" id="mcps1.3.9.2.3.1.1"><p id="EN-US_TOPIC_0125560406__p58382711">Permission</p>

16
docs/obs/s3api/en-us_topic_0125560422.html
View File

@ -619,9 +619,11 @@
"Effect": "Deny",
"Principal":{"CanonicalUser":["*"]},
"Action": ["s3:*"],
"Resource":["arn:aws:s3:::bucket/*"], "Condition":{
"StringNotEquals":
{"aws:Referer":["www.example01.com","${null}"]}
"Resource": ["arn:aws:s3:::bucket/*"],
"Condition":{
"StringNotEquals":{
"aws:Referer": ["www.example01.com","${null}"]
}
}
}
]</pre>
@ -633,9 +635,11 @@
"Effect":"Deny",
"Principal":{"CanonicalUser":["*"]},
"Action":["s3: *"],
"Resource":["arn:aws:s3:::bucket/*"], "Condition":{
"StringEquals":
{"aws:Referer":["www.example01.com","www.example02.com"]}
"Resource":["arn:aws:s3:::bucket/*"],
"Condition":{
"StringEquals":{
"aws:Referer":["www.example01.com", "www.example02.com"]
}
}
}
]</pre>

2
docs/obs/s3api/en-us_topic_0125560444.html
View File

@ -10,7 +10,7 @@
<ul id="EN-US_TOPIC_0125560444__ul28349038"><li id="EN-US_TOPIC_0125560444__li52218704">Existing objects with version IDs are not affected.</li><li id="EN-US_TOPIC_0125560444__li206293">OBS creates version ID <strong id="EN-US_TOPIC_0125560444__b1856645">null</strong> to an uploaded object and the object will be overwritten after a namesake one is uploaded.</li><li id="EN-US_TOPIC_0125560444__li16709807">Objects can be downloaded by version ID. By default, the latest object is downloaded if the version ID is not specified.</li><li id="EN-US_TOPIC_0125560444__li16170542">Objects can be deleted by version ID. If an object is deleted with no version ID specified, the object is only attached with a deletion mark and version ID <strong id="EN-US_TOPIC_0125560444__b11317154">null</strong>. Objects with version ID <strong id="EN-US_TOPIC_0125560444__b34745524">null</strong> are physically deleted.</li><li id="EN-US_TOPIC_0125560444__li44274261">Except deletion marks and object metadata, storage space occupied by objects with all version IDs is billed.</li></ul>
<p class="msonormal" id="EN-US_TOPIC_0125560444__p53814755">Only the bucket owner can set the bucket versioning state.</p>
<div class="section" id="EN-US_TOPIC_0125560444__section11440597"><h4 class="sectiontitle">Request Syntax</h4><pre class="screen" id="EN-US_TOPIC_0125560444__screen1290134121014">PUT /?versioning HTTP/1.1
User-Agent: agnet
User-Agent: agent
Host: bucketname.obs.example.com
Accept: */*
Date: date

37
docs/obs/s3api/en-us_topic_0125560445.html
View File

@ -51,24 +51,25 @@
</tbody>
</table>
</div>
<p id="EN-US_TOPIC_0125560445__p61753355113454">OBS supports bucket policies. If you want to restrict server-side encryption for all objects stored in a bucket, you can use bucket policies. For example, if an object upload request does not contain <strong id="EN-US_TOPIC_0125560445__b18909286113454">x-amz-server-side-encryption:"aws:kms"</strong>, the header for requesting server-side encryption (SSE-KMS), the following bucket policy rejects the upload request:</p>
<p id="EN-US_TOPIC_0125560445__p35965848113454">{</p>
<p id="EN-US_TOPIC_0125560445__p55257178113454">"Version":"2008-10-17",</p>
<p id="EN-US_TOPIC_0125560445__p27552557113454">"Id":"PutObjPolicy",</p>
<p id="EN-US_TOPIC_0125560445__p46646427113454">"Statement":[{</p>
<p id="EN-US_TOPIC_0125560445__p17164659113454">"Sid":"DenyUnEncryptedObjectUploads",</p>
<p id="EN-US_TOPIC_0125560445__p20264208113454">"Effect":"Deny",</p>
<p id="EN-US_TOPIC_0125560445__p48160145113454">"Principal":"*",</p>
<p id="EN-US_TOPIC_0125560445__p30788129113454">"Action":"s3:PutObject",</p>
<p id="EN-US_TOPIC_0125560445__p8657712113454">"Resource":"arn:aws:s3:::YourBucket/*",</p>
<p id="EN-US_TOPIC_0125560445__p10810552113454">"Condition":{</p>
<p id="EN-US_TOPIC_0125560445__p30186104113454">"StringNotEquals":{</p>
<p id="EN-US_TOPIC_0125560445__p3239482113454">"s3:x-amz-server-side-encryption":"aws:kms"</p>
<p id="EN-US_TOPIC_0125560445__p29155344113454">}</p>
<p id="EN-US_TOPIC_0125560445__p61071505113454">}</p>
<p id="EN-US_TOPIC_0125560445__p12772640113454">}</p>
<p id="EN-US_TOPIC_0125560445__p47844901113454">]</p>
<p id="EN-US_TOPIC_0125560445__p27950929113454">}</p>
<div class="p" id="EN-US_TOPIC_0125560445__p61753355113454">OBS supports bucket policies. If you want to restrict server-side encryption for all objects stored in a bucket, you can use bucket policies. For example, if an object upload request does not contain <strong id="EN-US_TOPIC_0125560445__b18909286113454">x-amz-server-side-encryption:"aws:kms"</strong>, the header for requesting server-side encryption (SSE-KMS), the following bucket policy rejects the upload request:<pre class="screen" id="EN-US_TOPIC_0125560445__screen1626613663319">{
"Version":"2008-10-17",
"Id":"PutObjPolicy",
"Statement": [
{
"Sid": "DenyUnEncryptedObjectUploads",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::YourBucket/*",
"Condition": {
"StringNotEquals": {
"s3:x-amz-server-side-encryption": "aws:kms"
}
}
}
]
}</pre>
</div>
</div>
<div>
<div class="familylinks">

2
docs/obs/s3api/en-us_topic_0125560497.html
View File

@ -4,7 +4,7 @@
<div id="body27089021"><p class="msonormal" id="EN-US_TOPIC_0125560497__p58684749">You can use this operation to get the bucket lifecycle configuration.</p>
<p class="msonormal" id="EN-US_TOPIC_0125560497__p58400697">Only users granted the <strong id="EN-US_TOPIC_0125560497__b58396206519">s3:GetLifecycleConfiguration</strong> permission can view the bucket lifecycle configuration. By default, only the bucket owner can get the bucket lifecycle configuration. The bucket owner can allow other users to get the bucket lifecycle configuration by granting them the permission.</p>
<div class="section" id="EN-US_TOPIC_0125560497__section52483186"><h4 class="sectiontitle">Request Syntax</h4><pre class="screen" id="EN-US_TOPIC_0125560497__screen1406640212436">GET /?lifecycle HTTP/1.1
User-Agent: agnet
User-Agent: agent
Host: bucketname.obs.example.com
Accept: */*
Date: date