User Guide - developer-res-cbc-cn.obs.cn-north-1 ......simulate folders. By adding a slash (/) in an...

Object Storage Service

User Guide

Issue 01

Date 2017-05-20

HUAWEI TECHNOLOGIES CO., LTD.

Copyright © Huawei Technologies Co., Ltd. 2017. All rights reserved.No part of this document may be reproduced or transmitted in any form or by any means without prior writtenconsent of Huawei Technologies Co., Ltd. Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.All other trademarks and trade names mentioned in this document are the property of their respectiveholders. NoticeThe purchased products, services and features are stipulated by the contract made between Huawei and thecustomer. All or part of the products, services and features described in this document may not be within thepurchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,and recommendations in this document are provided "AS IS" without warranties, guarantees orrepresentations of any kind, either express or implied.

The information in this document is subject to change without notice. Every effort has been made in thepreparation of this document to ensure accuracy of the contents, but all statements, information, andrecommendations in this document do not constitute a warranty of any kind, express or implied.

Huawei Technologies Co., Ltd.Address: Huawei Industrial Base

Bantian, LonggangShenzhen 518129People's Republic of China

Website: http://www.huawei.com

Email: [email protected]

Issue 01 (2017-05-20) Huawei Proprietary and ConfidentialCopyright © Huawei Technologies Co., Ltd.

i

http://www.huawei.com

mailto:[email protected]

Contents

1 Basic Knowledge of OBS............................................................................................................. 11.1 Definition........................................................................................................................................................................21.2 Basic Concepts............................................................................................................................................................... 21.2.1 Object...........................................................................................................................................................................21.2.2 Bucket..........................................................................................................................................................................31.2.3 AK and SK...................................................................................................................................................................31.2.4 Region..........................................................................................................................................................................41.2.5 Fragment......................................................................................................................................................................41.3 Advantages..................................................................................................................................................................... 41.4 Application Scenarios.....................................................................................................................................................41.5 Relationship Between OBS and Other Service Products............................................................................................... 51.6 Service Tariff.................................................................................................................................................................. 6

2 Quick Start...................................................................................................................................... 82.1 Registering a Public Cloud Service Account................................................................................................................. 92.2 Enabling the OBS Service.............................................................................................................................................. 92.3 Function Description...................................................................................................................................................... 92.4 Common Operations Using OBS Console....................................................................................................................112.4.1 Browser Versions Supported by OBS Console..........................................................................................................112.4.2 Logging In to the OBS Console................................................................................................................................ 122.4.3 Creating a Bucket...................................................................................................................................................... 122.4.4 Creating a Folder....................................................................................................................................................... 132.4.5 Uploading a File........................................................................................................................................................ 142.4.6 Downloading a File................................................................................................................................................... 152.4.7 Deleting a File........................................................................................................................................................... 162.4.8 Deleting a Bucket...................................................................................................................................................... 162.5 Common Operations Using OBS Browser...................................................................................................................172.5.1 Installing OBS Browser.............................................................................................................................................172.5.2 Creating an Access Key (AK and SK)...................................................................................................................... 202.5.3 Logging In to OBS Browser......................................................................................................................................212.5.4 Creating a Bucket...................................................................................................................................................... 232.5.5 Creating a Folder....................................................................................................................................................... 252.5.6 Uploading a File or Folder.........................................................................................................................................252.5.7 Downloading a File or Folder....................................................................................................................................26

Object Storage ServiceUser Guide Contents


ii

2.5.8 Deleting a File or Folder............................................................................................................................................272.5.9 Deleting a Bucket...................................................................................................................................................... 27

3 Introduction to OBS Functions................................................................................................. 293.1 Accessing OBS Using Domain Names........................................................................................................................ 303.2 Access Control..............................................................................................................................................................303.2.1 ACL........................................................................................................................................................................... 303.2.2 Bucket Policy.............................................................................................................................................................323.2.3 Signature Verification................................................................................................................................................ 423.3 Access Log Record.......................................................................................................................................................423.4 Lifecycle Management................................................................................................................................................. 443.5 Static Website Hosting..................................................................................................................................................453.6 CORS............................................................................................................................................................................463.7 URL Validation.............................................................................................................................................................473.8 Adding External Buckets..............................................................................................................................................483.9 Fragment Management................................................................................................................................................. 483.10 Versioning...................................................................................................................................................................483.11 Server-Side Encryption...............................................................................................................................................493.12 Event Notification.......................................................................................................................................................503.13 Object URL.................................................................................................................................................................503.14 Object Metadata..........................................................................................................................................................50

4 Using OBS on OBS Console......................................................................................................524.1 Browser Versions Supported by OBS Console.............................................................................................................534.2 Bucket Management..................................................................................................................................................... 534.2.1 Creating a Bucket...................................................................................................................................................... 534.2.2 Searching for a Bucket.............................................................................................................................................. 544.2.3 Viewing Basic Information About a Bucket..............................................................................................................554.2.4 Setting ACL Permissions for Buckets....................................................................................................................... 564.2.5 Configuring a Bucket Policy..................................................................................................................................... 584.2.6 Configuring Static Website Hosting.......................................................................................................................... 684.2.7 Configuring CORS.................................................................................................................................................... 704.2.8 Configuring Logging................................................................................................................................................. 734.2.9 Configuring a Lifecycle Rule.................................................................................................................................... 744.2.10 Configuring URL Validation................................................................................................................................... 774.2.11 Configuring Versioning............................................................................................................................................784.2.12 Configuring an Event...............................................................................................................................................794.2.13 Deleting a Bucket.................................................................................................................................................... 834.3 Object Management......................................................................................................................................................844.3.1 Creating a Folder....................................................................................................................................................... 844.3.2 Uploading a File........................................................................................................................................................ 844.3.3 Uploading a File with Server-Side Encryption..........................................................................................................864.3.4 Accessing an Object Using Its Object URL.............................................................................................................. 874.3.5 Setting ACL Permissions for Objects........................................................................................................................89



iii

4.3.6 Configuring Object Metadata.................................................................................................................................... 924.3.7 Searching for a File or Folder....................................................................................................................................934.3.8 Downloading a File................................................................................................................................................... 944.3.9 Deleting a File........................................................................................................................................................... 944.3.10 Deleting a Folder..................................................................................................................................................... 954.4 Fragment Management................................................................................................................................................. 954.5 Typical Application...................................................................................................................................................... 964.5.1 Configuring an Event Notification Instance..............................................................................................................964.5.2 Isolating Permissions of a Tenant's Users by Configuring a Bucket Policy..............................................................99

5 Using OBS on OBS Browser....................................................................................................1065.1 Basic Operations on OBS Browser............................................................................................................................ 1075.1.1 OBS Browser Overview.......................................................................................................................................... 1075.1.2 Installing OBS Browser...........................................................................................................................................1085.1.3 Creating an Access Key (AK and SK).....................................................................................................................1115.1.4 Logging In to OBS Browser.................................................................................................................................... 1125.1.5 Configuring the System........................................................................................................................................... 1145.1.6 Managing Accounts................................................................................................................................................. 1185.1.7 Updating OBS Browser........................................................................................................................................... 1205.1.8 Feedback..................................................................................................................................................................1215.2 Bucket Management................................................................................................................................................... 1225.2.1 Creating a Bucket.................................................................................................................................................... 1235.2.2 Searching for a Bucket............................................................................................................................................ 1255.2.3 Viewing Basic Information About a Bucket............................................................................................................1265.2.4 Setting ACL Permissions for Buckets..................................................................................................................... 1275.2.5 Configuring a Bucket Policy................................................................................................................................... 1295.2.6 Configuring CORS.................................................................................................................................................. 1395.2.7 Configuring Logging............................................................................................................................................... 1415.2.8 Configuring a Lifecycle Rule.................................................................................................................................. 1435.2.9 Managing Fragments............................................................................................................................................... 1455.2.10 Adding External Buckets.......................................................................................................................................1465.2.11 Deleting a Bucket...................................................................................................................................................1475.3 Object Management....................................................................................................................................................1485.3.1 Creating a Folder..................................................................................................................................................... 1495.3.2 Accessing an Object Using Its Object URL............................................................................................................ 1505.3.3 Searching for a File or Folder..................................................................................................................................1515.3.4 Uploading a File or Folder.......................................................................................................................................1515.3.5 Uploading a File with Server-Side Encryption........................................................................................................1525.3.6 Downloading a File or Folder..................................................................................................................................1545.3.7 Deleting a File or Folder..........................................................................................................................................1545.4 Task Management.......................................................................................................................................................1555.4.1 Managing Upload Tasks.......................................................................................................................................... 1555.4.2 Managing Download Tasks..................................................................................................................................... 156



iv

5.4.3 Managing Deletion Tasks........................................................................................................................................ 1575.5 Typical Application.................................................................................................................................................... 158

6 Troubleshooting........................................................................................................................ 1606.1 Troubleshooting About OBS Browser........................................................................................................................1616.1.1 Objects Cannot Be Globally Searched for in a Bucket............................................................................................1616.1.2 Object URL Cannot Be Opened Using a Browser.................................................................................................. 1616.1.3 No Upload Task Is Created After a Large Number of Files Are Selected for Upload Using OBS Browser.......... 1626.1.4 Blue or Black Screen of Death Occurs When Files Are Uploaded Using OBS Browser....................................... 1626.2 Troubleshooting About OBS Console........................................................................................................................ 1636.2.1 Object URL Cannot Be Opened Using a Browser.................................................................................................. 1636.2.2 Objects Cannot Be Globally Searched for in a Bucket............................................................................................1646.2.3 An Object Fails to Be Downloaded Using Internet Explorer 11............................................................................. 1656.2.4 OBS Console Cannot Be Opened Using Internet Explorer 9..................................................................................1656.2.5 The Object Name Changes After an Object with a Long Name Is Downloaded to a Local Computer.................. 166

7 Using OBS SDKs....................................................................................................................... 167

8 Obtaining More Resources...................................................................................................... 168



v

1 Basic Knowledge of OBS

About This ChapterThis chapter contains the definition, basic concepts, and advantages of Object Storage Service(OBS). It also describes the relationship between OBS and other service products.

1.1 Definition

1.2 Basic Concepts

1.3 Advantages

1.4 Application Scenarios

1.5 Relationship Between OBS and Other Service Products

1.6 Service Tariff

Object Storage ServiceUser Guide 1 Basic Knowledge of OBS


1

1.1 DefinitionObject Storage Service (OBS) is an object-based storage service that provides customerswith massive, secure, reliable, and cost-effective data storage capabilities, such as bucketcreation, modification, and deletion, as well as object upload, download, and deletion.

OBS provides super large storage capacity that can store any type of file and is suitable forordinary subscribers, websites, enterprises, and developers. As an Internet-oriented service,OBS provides web service interfaces over Hypertext Transfer Protocol (HTTP) and HypertextTransfer Protocol Service (HTTPS). You can use OBS Console or OBS Browser to access andmanage data stored on OBS from any computer connected to the Internet anytime, anywhere.In addition, OBS provides software development kits (SDKs) with various languagesavailable, such as Java, .NET, Python, PHP, Android, C++, and Ruby, and RepresentationalState Transfer (REST) application programming interfaces (APIs) that are compatible withAmazon S3 APIs. This way, you can easily manage your data stored on OBS and develop awide range of upper-layer applications.

Public cloud services allow infrastructures to be deployed in multiple areas and deliverflexible expansion and enhanced reliability. Users can deploy OBS in specific areas to obtainfast access speeds at an affordable price.

1.2 Basic ConceptsThis section describes concepts related to OBS, including the object, bucket, Access Key ID(AK), Secret Access Key (SK), region, and fragment.

1.2.1 ObjectAn object is a basic data unit of OBS. It contains both data and metadata that describes dataattributes. Data uploaded to OBS is stored into buckets as objects.

An object consists of a key, metadata, and data.l A key specifies the name of an object. An object key is a character string ranging from 1

to 1024 characters in UTF-8 format. The object key for each object in a bucket must beunique.

l Metadata provides a description of objects. Metadata contains system metadata and usermetadata. All metadata is uploaded to OBS as name-value pairs.– System metadata is automatically generated by OBS and is used for processing

object data. System metadata includes Date, Content-length, Last-modify, andContent-MD5.

– User metadata is specified when users upload objects and is used to describeobjects.

l Data is the information contained by an object.

Generally, objects are managed as files. However, as an object-based storage service, OBSdoes not involve files or folders. For easy data management, OBS provides a method tosimulate folders. By adding a slash (/) in an object name, for example, test/123.jpg, you cansimulate test as a folder and 123.jpg as the name of a file under the test folder. However, thekey remains test/123.jpg.

On OBS Console or OBS Browser, you can use folders directly.



2

http://www.hwclouds.com/en-us/product/obs.html

1.2.2 BucketA bucket is a virtual container used to store objects on OBS. OBS provides flat storagemethods based on buckets and objects. All objects in a bucket are at the same logical layer,eliminating the traditional multi-layer directory structure of file systems.

On OBS, bucket names must be unique and cannot be changed. When a bucket is created, itsACL is generated by default. The ACL records authorized users' permissions such as theRead, Write, and Full Control permissions. Only authorized users can perform bucketoperations, such as creating, deleting, viewing, and setting the ACL for buckets. A user cancreate a maximum of 100 buckets. However, the number and total size of objects in a bucketare not restricted. Users do not need to consider system scalability.

As OBS is based on REST HTTP and HTTPS, you can use URLs to locate resources. Figure1-1 illustrates the relationship between objects and buckets.

Figure 1-1 Relationship between objects and buckets

1.2.3 AK and SKA user's account provided by OBS contains an AK and SK. The AK and SK are used for useridentity authentication. If you use a client to send a request to OBS, the request header mustcontain a signature. The signature is generated based on the SK, request time, and requesttype.

AKs and SKs are key pairs used to access OBS. When OBS APIs are used to access storeddata, AKs and SKs are used to generate authentication information.

After subscribing to OBS, you can log in to My Credential and create AKs and SKs based onsite requirements. The system identifies users who access the system by AKs, SKs are usedfor key authentication. For details, see section 5.1.3 Creating an Access Key (AK and SK).

l One AK maps to only one user but one user can have multiple AKs.

l One SK maps to one AK, forming a key pair for accessing OBS and thereby ensuringaccess security.



3

1.2.4 RegionWhen creating a bucket, you can specify a region for the bucket based on your requirementson the price, response latency, and request source. The specified region cannot be changedafter the bucket is created.

OBS is available in multiple regions. However, functions available on OBS may vary in theseregions. The actual GUI prevails.

After a bucket is created, all objects uploaded to the bucket will be stored in the data center ofthe region.

1.2.5 FragmentAn object may fail to be uploaded to the target bucket using multipart upload due to certainreasons, such as a network interruption or manual suspension and cancellation. Whenmultipart upload fails, some multipart upload task data that has not been combined exists inthe bucket, and such data is called fragments.

1.3 AdvantagesCompared with enterprise storage systems and household storage systems, OBS has thefollowing advantages:l High availability

OBS delivers high availability by using node redundancy, which ensures solid reliabilityof object data and the service node network.

l Enhanced data reliabilityOBS stores object data in multiple copies and uses the automatic repair technology thatensures the consistency of copies to improve the reliability of object data.

l Robust data securityUser data can be encrypted using Secure Sockets Layer (SSL) while being transferred toOBS. OBS employs AKs and SKs to authenticate users and uses different methods, suchas ACLs and bucket policies, to control user access, ensuring security during datatransfer and access. Object data is randomly distributed in segments onto different disksof OBS. For this reason, if data on some disks is stolen, it cannot be restored to thecomplete object data.

l Flexible expansionAll nodes work in cluster mode. All functional nodes and clusters can be independentlyand smoothly expanded. Storage space can be scaled up and out as needed, boostingservice flexibility.

l Low maintenance costData is stored on OBS, so enterprises do not need their own storage devices orprofessional maintenance personnel, reducing maintenance cost.

1.4 Application Scenariosl OBS can be used to access and store massive objects or file data in all formats. OBS is

an Internet storage service. Storage and access operations can be performed on OBSanytime at any location on the Internet. For all Internet-based application programs such



4

http://www.hwclouds.com/en-us/product/obs.html

as websites, video applications, SaaS applications, web disks, and mobile applications,developers can use OBS as the ideal choice to store data of these applications. Inaddition, OBS can be used in near-line and offline storage scenarios such as backup, BigData storage, and archiving to save the investment.

l OBS features massive storage (large capacity, linear expansion, and 5 TB ultra-large filestorage), cost effectiveness (zero initial investment, more cost-effective as the usedcapacity increases), robust reliability, and enhanced security (end-to-end security ofaccess, transfer, and storage). After using OBS, developers can just focus on serviceinnovations instead of underlying storage technologies. Developers do not need to planstorage capacity as services develop. Data can be quickly accessed and capacity can belinearly expanded. Robust reliability and enhanced security are available. Mostimportantly, IT costs can be reduced significantly.

OBS provides storage services for the following application scenarios:l Massive storage resource poolsl Enterprise cloud disksl Static website hostingl Volume Backup Servicel Video surveillance and archivingl Elastic BigData Service

1.5 Relationship Between OBS and Other Service ProductsOBS provides an ultra-large storage space. You can use storage resources provided by OBS inconjunction with other cloud service products that you purchased.

OBS can act as the storage resource pool or snapshot backup storage for the followingservices:

l Data Express Service (DES)l Relational Database Service (RDS)l Image Management Service (IMS)l Cloud Trace Service (CTS)

Depending on the following service, OBS can perform server-side encryption on objects:

l Key Management Service (KMS)

Depending on the following service, OBS can authenticate users and set permissions forspecific users:

l Identity and Access Management (IAM)

Depending on the following service, OBS can notify users that OBS is being used by themthrough a message:

l Simple Message Notification (SMN)

The following service can be used to analyze data stored on OBS:

l MapReduce Service (MRS)

OBS provides data sources of machine learning for the following service:



5

http://www.hwclouds.com/en-us/product/vbs.html

http://www.hwclouds.com/en-us/product/bigdata.html

l Machine Learning Service (MLS)

The following service can be used to accelerate data transfer outside cloud services to OBS:

l Data Transfer Acceleration (DTA)

1.6 Service TariffObject Storage Service (OBS) is charged in pay-per-use or monthly/yearly subscription mode.For details about the service fee, see Object Storage Service Purchase Guide.

Introduction to the Pay-Per-Use ModeOBS is charged in pay-per-use mode by default, based on actual service duration (in hours),without consumption threshold. In this charging mode, the settlement involves three chargingitems in total, as listed in Table 1-1:

Table 1-1 Pay-per-use charging

Category Charging Item Detail

Storage space Storage capacity (which isprice tiered, that is, the costper GB decreases as thestorage capacity increases)

Charging factors: storagecapacity and durationFormula: Fee = Cost of 1GB per hour x Storagecapacity x Service duration(in hours)

Traffic Inbound traffic of theintranet and Internet (datauploaded to OBS)

Free

Outbound traffic of theintranet (data downloadedfrom OBS using ECSs)

Free

Outbound traffic of theInternet

Charging factor: trafficFormula: Fee = Cost per GBtraffic x Outbound trafficper hour

Request Upload, download, query,and modification requests

Charging factor: number ofrequestsFormula: Fee = Cost perrequest x Number ofrequests per hour

Deletion requests Free



6

http://support.hwclouds.com/en-us/pg-obs/en-us_topic_0056596776.html

Introduction to the Monthly/Yearly Subscription ModeIn addition, OBS can also be charged in monthly/yearly subscription mode. You can purchasea monthly or yearly package according to your resource usage and duration plan. Table 1-2lists the charging details.

Table 1-2 Monthly/Yearly subscription charging

Category Charging Item Detail

Storage pack Storage pack specifications,number of requests, andvalidity period

Package of specificspecifications provided forstorage capacityPackages of differentspecifications differ inpricing. By default, eachpackage contains a quota offree requests. If yournumber of requests exceedsthe default and free quotaoffered by the storage pack,the excess requests arecharged in pay-per-usemode.

Downstream traffic pack Traffic pack specificationsand validity period

Package of specificspecifications provided foroutbound traffic on theInternet



7

2 Quick Start

About This ChapterThis chapter describes how to use OBS over OBS Browser and OBS Console.

OBS provides a browser-based visualized and unified management console named OBSConsole (browser/server architecture) and a host-based client named OBS Browser (client/server architecture) to help you manage buckets and objects.

l OBS Console provides a complete bucket management function. It enables you to uploada file with a maximum of 50 MB but does not support the batch upload of multiple filesor the upload of a folder. If you want to manage advanced functions, such as bucketcreation, bucket deletion, and permission control, use OBS Console.

l OBS Browser does not support advanced functions, such as static website hosting ofbuckets, URL validation, and versioning. However, it enables you to upload a file withup to 5 TB and supports the batch upload of multiple files and the upload of a folder. Ifyou want to perform object management operations, such as file or folder upload,download, and deletion, use OBS Browser.

2.1 Registering a Public Cloud Service Account

2.2 Enabling the OBS Service

2.3 Function Description

2.4 Common Operations Using OBS Console

2.5 Common Operations Using OBS Browser

Object Storage ServiceUser Guide 2 Quick Start


8

2.1 Registering a Public Cloud Service AccountYou must register a public cloud service account before using OBS.

Procedure

Step 1 Open a browser.

Step 2 Type www.hwclouds.com/en-us in the address box and press Enter.

Step 3 In the upper right corner of the page, click Register.

Step 4 Enter the registration information and click Submit register message.

Step 5 Enter User Name, Email Address, and Enterprise according to the information displayed,and click Finish.

----End

2.2 Enabling the OBS ServiceYou must recharge the account before using the OBS service.

Procedure

Step 1 Log in to the OBS Console.

Step 2 Click Recharge. The recharging window is displayed.

Step 3 Recharge the account as prompted.

Step 4 After the recharging, close the window.

Step 5 On the home page, click Object Storage Service to enable the OBS service and log in to theOBS Console.

----End

2.3 Function DescriptionOBS provides you with a variety of management and development platforms, such as OBSConsole, OBS Browser, SDKs (Java, .NET, Python, PHP, Android, C++, and Ruby), andREST APIs. Currently, functions of OBS Console and OBS Browser differ.

The following table describes the same functions of OBS Console and OBS Browser.



9

http://www.hwclouds.com/en-us

https://auth.hwclouds.com/authui/auth.html?locale=en-us#/register

Table 2-1 Same functions of OBS Console and OBS Browser

Function Description

Basic bucket operations Creates and deletes buckets in specificregions (service areas).

Basic object operations Manages objects by uploading (such asmultipart upload), downloading, anddeleting objects.

Server-side encryption Allows you to encrypt data on servers ondemand to enhance security of data storedon OBS.

Bucket permissions Manages bucket permissions, includingbucket policies, access control lists (ACLs),and cross-origin resource sharing (CORS).

Access log recording Records bucket access requests in logs forrequest analysis and log audit.

Lifecycle management Supports the ability to set lifecycle rules forbuckets to automatically delete expiredobjects.

Fragment management Fragments are incomplete data in bucketsgenerated due to data upload failures.Fragment management enables you to clearfragments that have been generated.

Object URL Shares data using the object URL.

The following table describes functions only supported by OBS Console.

Table 2-2 Functions only supported by OBS Console


Versioning Manages bucket versioning, allowing multipleversions of objects to exist in a bucket.

Static website hosting Supports the ability to set website attributes forbuckets, achieving static website hosting, andto set web page redirection to redirect bucketrequests to specific hosts.

URL validation Provides Uniform Resource Locator (URL)validation to prevent object links of OBS frombeing stolen by other websites.

Event Allows you to receive notifications of OBS.

Object ACL setting Enables you to set permissions for objects.



10


Object metadata Allows you to set properties for objects ondemand.

The following table describes functions only supported by OBS Browser.

Table 2-3 Functions only supported by OBS Browser


Large object upload Uploads a single file that is larger than 50MB and less than 5 TB.

Batch upload Uploads objects in batches.

External bucket adding Allows you to manage data shared by otherOBS users.

Task management Allows you to upload, download, and deletetasks.

2.4 Common Operations Using OBS ConsoleThis section describes how to perform common operations on OBS Console, such as creatingan access key, bucket, and folder, uploading, downloading, and deleting a file, as well asdeleting a bucket.

2.4.1 Browser Versions Supported by OBS ConsoleThis section describes the browser versions supported by OBS Console.

Browsers supported by OBS Console are shown in Table 2-4.

Table 2-4 Browser versions supported by OBS Console

SupportedBrowser

Supported Browser Version

Internet Explorer l Internet Explorer 9l Internet Explorer 10l Internet Explorer 11

Firefox Latest version

Chrome Latest version



11

2.4.2 Logging In to the OBS ConsoleThis section describes how to log in to the OBS Console using a web browser.

ProcedureStep 1 Open a browser.

Step 2 Type www.hwclouds.com/en-us in the address box and press Enter.

Step 3 In the upper right corner of the page, click Seller Marketplace.

The OBS Console login page is displayed.

Step 4 Enter your account and password to log in to the OBS Console.

To log in as an enterprise user, go to Step 4.1.

To log in as an individual user, go to Step 4.2.

1. Click Multitenant Login in the upper right corner and enter Domain name, Username/Email address/Mobile number, and Password. Then click Log In.To obtain the account and password, contact the enterprise administrator.

2. Click User Login in the upper right corner and enter User name/Email address/Mobilenumber, and Password. Then click Log In.If you have not registered with public cloud, click Register and register a public cloudservice account as prompted.

----End

2.4.3 Creating a BucketA bucket is a container used to store objects on OBS. This section describes how to create abucket.

ProcedureStep 1 Log in to OBS Console.

Step 2 Click Create Bucket in the upper left corner.

The following dialog box is displayed.



12


Step 3 Set Region and Bucket Name.

A user can create a maximum of 100 buckets on OBS.

NOTE

Once you create a bucket, you cannot change the name of it. Make sure the bucket name you set isappropriate.

Parameter Description

Region Region where the bucket to be created is located.

Bucket Name Name of the bucket to be created.The bucket name must be globally unique and comply with thefollowing rules:l Contains 3 to 63 characters, including lowercase letters,

digits, hyphens (-), and periods (.)l Cannot be an IP addressl Cannot start or end with a hyphen (-) or period (.)l Cannot contain two consecutive periods (.)l Cannot contain periods (.) and hyphens (-) adjacent to each

other

NOTE

When a URL is used to access a bucket, the bucket name will become a part of the URL. According to DNSstandards, URLs do not support uppercase letters and cannot be used to access a bucket whose name containsuppercase letters. Therefore, a bucket name can contain only lowercase letters, digits, hyphens (-), andperiods (.). For example, if you attempt to access bucket MyBucket using the URL, bucket mybucket will beaccessed instead, causing an access error.

Step 4 Click OK.

NOTE

In a multi-region scenario, if you create a bucket in a region, delete it from the region later, and immediatelycreate a bucket with the same name in another region, the system will show a message stating that the bucketfailed to be created. In this case, wait one hour and create a bucket with the same name again. Then, thesystem will show a message stating that the bucket has been successfully created.

----End

2.4.4 Creating a FolderThis section describes how to create a folder on OBS Console.

Contextl There are no files or folders on OBS. For easy data management, OBS provides a

method to simulate folders. On OBS, an object is simulated as a folder by adding a slash(/) to the object name on OBS Console.

l The folder cannot be downloaded on OBS Console. However, you can batch downloadfiles in the folder. Alternatively, you can use OBS Browser to download the folder.



13

Procedure

Step 1 Log in to OBS Console.

Step 2 Select the bucket for which you want to create a folder under My Bucket and click Object.

Step 3 Click Create Folder.

Step 4 In the Folder Name text box, enter a name for the folder.

l The folder name cannot contain the following special characters: \ / | : * ? " < >

l The folder name cannot start or end with a period (.).

l The folder name cannot exceed 1023 bytes. The length of a folder name is the sum of thelength of its own and the length of its upper-level directories, and cannot exceed 1023bytes. Levels of directories are automatically separated by slashes (/). For example, if theupper-level directory of folder01 is folder02, file name length is calculated based onfolder02/folder01/.

NOTE

If an access denial message is displayed when you are creating a folder, the possible causes are as follows:

l The access permission for the bucket is restricted by the ACL. For example, the user has no writepermission for the bucket.

l The access permission for the bucket is restricted by the bucket policy. For example, the user is forbiddento write data to the bucket during the current period of time, the user has no write permission for thebucket, or server-side encryption is not enabled on OBS Browser, which is against the bucket policy.

Consequently, when the message is displayed, check ACL settings and bucket policy settings to resolve theproblem.

Step 5 Click OK.

A message is displayed indicating that the folder has been successfully created.

----End

2.4.5 Uploading a FileThis section describes how to upload local files to OBS for storage.

Prerequisites

At least one bucket has been created.

Contextl You can upload a file up to 50 MB in size using OBS Console.

l You cannot batch upload files on OBS Console. To upload multiple files, use OBSBrowser or invoke APIs or SDKs.

l The file name cannot exceed 1023 bytes. The length of a file name is the sum of thelength of its own and the length of its upper-level directories, and cannot exceed 1023bytes. Levels of directories are automatically separated by slashes (/). For example, if theupper-level directory of file01 is folder01, the file name length is calculated based onfolder01/file01.



14

Procedure


Step 2 Select the bucket to which you want to upload files under My Bucket and click Object.

Step 3 Optional: Create a folder. For details, see section Creating a Folder.

Step 4 Optional: Click the folder name in the Object Name column to open the folder.

Step 5 Click the icon shown in the red box in the following figure.

Step 6 Select the file that you want to upload and click Open.

Step 7 Click Upload.

A message is displayed indicating that the file was successfully uploaded.

NOTE

1. If a message stating that the server is busy is displayed when files are being uploaded, try again later.

2. If an access denial message is displayed when you are uploading a file, the possible causes are as follows:

The access permission for the bucket is restricted by the ACL. For example, the user has no writepermission for the bucket.

The access permission for the bucket is restricted by the bucket policy. For example, the user is forbiddento write data to the bucket during the current period of time, the user has no write permission for thebucket, or server-side encryption is not enabled on OBS Browser, which is against the bucket policy.

Consequently, when the message is displayed, check ACL settings and bucket policy settings to resolvethe problem.

----End

2.4.6 Downloading a FileThis section describes how to download a file from OBS to a local computer.

Procedure




15

Step 2 Select the bucket from which you want to download files under My Bucket and click Object.

Step 3 Select the file that you want to download.

Step 4 Click Download or Download As, and proceed as prompted.

----End

2.4.7 Deleting a FileThis section describes how to delete a file.

Context

Deleting unnecessary objects saves space and costs.

You have uploaded some files to OBS that need to be periodically deleted. In such a case, youcan use lifecycle management of OBS to periodically delete these files. For details, seesection 4.2.9 Configuring a Lifecycle Rule.

Procedure


Step 2 Select the bucket from which you want to delete files under My Bucket and click Object.

Step 3 Select a file and click Delete.

You can select multiple files and click Delete in the middle of the page to batch delete thefiles.

Step 4 Click OK.

A message is displayed indicating that the file has been successfully deleted.

----End

2.4.8 Deleting a BucketThis section describes how to delete a bucket.

Prerequisitesl The bucket is empty.

l Only the bucket owner can delete a bucket.

Procedure


Step 2 In the middle of the page, select a bucket and click Delete.



16

NOTE

l A bucket and objects in the bucket can be deleted. However, before deleting a bucket, you must ensurethat all objects in the bucket have been deleted.

l The interval between deleting a bucket and creating another bucket with the same name as the deletedbucket varies in different application scenarios. For details, see section Put Bucket in the Object StorageService API Reference.

Step 3 Click OK.

A message is displayed indicating that the bucket is successfully deleted.

----End

2.5 Common Operations Using OBS Browser

2.5.1 Installing OBS Browser

Procedure

Step 1 Download the OBS Browser software package.

1. In the browser, enter www.hwclouds.com/en-us to go to the cloud service homepage.

2. Click the area in the red box. The OBS details page is displayed.3. At the bottom of the page, click OBS Browser in the red box. The OBS Browser

download page is displayed.



17

http://support.hwclouds.com/en-us/api-obs/en-us_topic_0031665901.html


4. Download the OBS Browser software package as instructed.

Step 2 Install OBS Browser.

1. Double-click the OBS Browser installation file, for example, OBS Browser.exe.

2. In the installation wizard, click Next.

3. Click Browse and select an installation path. Click Next.

4. Click Install to start installation.



18

5. Click Finish.

Step 3 Double-click the obs.exe file to start OBS Browser.

----End



19

Follow-up Procedure

By default, the OBS Browser page is automatically displayed after OBS Browser is installed.You can add your account to manage resources on OBS. Alternatively, you can close OBSBrowser and log in to OBS Browser to add your account when necessary.

2.5.2 Creating an Access Key (AK and SK)This section describes how to create an access key (AK and SK). Before logging in to OBSBrowser, create your AK and SK on OBS Console.

Context

OBS uses AKs and SKs for signature verification to ensure that only authorized accounts canaccess specific OBS resources.

When accessing OBS, an account must provide an access key, that is an AK and an SK. TheAK and SK support the authentication mechanism of Identity and Access Management(IAM). They are required when OBS is accessed using clients, APIs, or SDKs. The followingdescribes AKs and SKs:

l An AK is the Access Key ID on OBS. One AK maps to only one user but one user canhave multiple AKs. OBS recognizes the users who access the system by their AKs.

l An SK is the Secret Access Key on OBS. It is used to access OBS. Users generateauthentication information based on AKs and request header fields. SKs and AKs are inone-to-one matching.

Procedure


Step 2 In the upper right corner of the page, click the username and choose My Credential.

Step 3 On the My Credential page, click Add Access Key below the Access Keys area. A user cancreate a maximum of two valid access keys.

Step 4 Enter the related information as prompted and save the newly created access key.

NOTE

To ensure access code security, store the access key safely. If you click Cancel in the Confirm dialog box,the access key will not be downloaded and cannot be downloaded later. In this case, you must delete theaccess key and create one later when necessary.

----End

Follow-up Procedure

If an access key has a problem (for example, it is lost or leaked) or will be no longer used,click Delete in the access key list to delete the access key or contact the administrator to resetthe access key.

When deleting an access key, you must enter the login password and verification code. Adeleted access key cannot be restored.



20

2.5.3 Logging In to OBS BrowserThis section describes how to log in to OBS Browser.

Procedure

Step 1 Double-click obs.exe to start OBS Browser.

If you are starting OBS Browser for the first time, the Add Account dialog box isautomatically displayed. Go directly to Step 4.

Step 2 In the upper right corner of OBS Browser, click the account name and then click ManageAccounts.

Step 3 In the Manage Accounts dialog box that is displayed, click Add Account.

Step 4 In the Add Account dialog box, enter the account information and click OK.

The account information includes the following parameters:

l Account Name



21

The account name is used only to uniquely identify an account and can be different fromthe OBS account registered with the public cloud services. The account name cannotexceed 50 characters.

l Storage TypeOBS Browser can be connected to OBS or other storage systems compatible withAmazon S3.– When OBS Browser is connected to OBS, set Storage Type to OBS.– When OBS Browser is connected to other storage systems compatible with Amazon

S3, set Storage Type to S3 compatible storage. You need to specify the server IPaddress or domain name of the storage. The format is IP address or domainname:port (port 443 for HTTPS and port 80 for HTTP). The access requests use the

HTTPS server by default. If you want to use the HTTP server, click in theupper right corner and click System Configuration. Then deselect the EnableHTTPS option in the System Configuration dialog box that is displayed.

l Access Key ID and Secret Access KeyEnter the AK and SK created in My Credential after you register with a storage service,such as OBS. For details about how to obtain an AK and SK, see section 5.1.3 Creatingan Access Key (AK and SK).

Remember my secret access key is selected by default. If you do not select Remember mysecret access key, you must configure Secret Access Key each time you log in to OBSBrowser.

Information about the new account is displayed in the Manage Accounts dialog box.

Step 5 Click OK. You can log in to OBS Browser using the account and check bucket and objectresources owned by the account.



22

Step 6 Optional: To manage objects owned by multiple accounts on OBS Browser, click the accountname and Manage Accounts to add multiple accounts. You can click a desired account toswitch to the account.

----End


Procedure

Step 1 Log in to OBS Browser.

Step 2 In the upper left corner on the page, click Create Bucket.

Step 3 In the Create Bucket dialog box that is displayed, enter the bucket information as required.

NOTE


Table 2-5 Parameters for creating a bucket


Method Select Create bucket.




23


Bucket Name Name of the bucket to be created.The bucket name must be globally unique and comply with thefollowing rules:l Contains 3 to 63 characters, including lowercase letters, digits,

hyphens (-), and periods (.)l Cannot be an IP addressl Cannot start or end with a hyphen (-) or period (.)l Cannot contain two consecutive periods (.)l Cannot contain periods (.) and hyphens (-) adjacent to each other

You can move the pointer over behind the Bucket Name text box to view the namingrules for a bucket. A user can create a maximum of 100 buckets on OBS.

NOTE


Step 4 In the dialog box that is displayed, click OK.

NOTE


----End

Region Information Configuration

The Region information can be configured on OBS Browser. The following details theconfiguration procedure:

1. Open file region in folder OBS Browser in the installation path of OBS Browser.2. Change the value of parameter options in file region.

Enter the region information to be added to the end of parameter options in thefollowing format:{"key":"Region alias","value":"Region"}The newly added information must be in the JSON format. The following describes theparameters.– key indicates a user-defined region alias. Its value is in the Region drop-down list

in the Create Bucket dialog box. For a convenient view, you are advised to enternot more than 25 characters.

– value indicates Region. Enter its value based on Region supported by OBS.



24

Each time when a Region is added, a group of values will be added to options, thatis, {"key":"Region alias","value":"Region"}. Groups of values are separated bycommas (,). The following provides two configuration examples of newly addedregion01 and region02. Keep the values of other parameters in file regionunchanged."options":[{"key":"cn-north-1","value":"cn-north-1"},{"key":"region01_test","value":"region01"},{"key":"region02_test","value":"region02"}]

3. After file region is successfully modified, restart OBS Browser so that theconfigurations can take effect.

2.5.5 Creating a FolderThis section describes how to create a folder using OBS Browser.

Context

There are no files or folders on OBS. For easy data management, OBS provides a method tosimulate folders. On OBS, an object is simulated as a folder by adding a slash (/) to the objectname on OBS Browser.

Procedure


Step 2 Click the bucket in which you want to create a folder. Click Create Folder.

Step 3 In the dialog box that is displayed, enter a folder name and click OK.l The folder name cannot contain special characters, such as < > ? | / : \ * "l The folder name cannot start or end with a period (.).l The folder name cannot exceed 1023 bytes. The length of a folder name is the sum of the

length of its own and the length of its upper-level directories, and cannot exceed 1023bytes. Levels of directories are automatically separated by slashes (/). For example, if theupper-level directory of folder01 is folder02, file name length is calculated based onfolder02/folder01/.

NOTE





Step 4 Click OK.

----End

2.5.6 Uploading a File or FolderThis section describes how to upload local files or folders to OBS for storage.



25

Context

Files are uploaded in multiparts on OBS Browser. You can upload a single file up to 5 TB inmultiparts.

The file or folder name cannot exceed 1023 bytes. The length of a file or folder name is thesum of the length of its own and the length of its upper-level directories, and cannot exceed1023 bytes. Levels of directories are automatically separated by slashes (/). For example, ifthe upper-level directory of file01 is folder01, the file name length is calculated based onfolder01/file01.

Procedure


Step 2 Click the bucket to which you want to upload files or folders.

Step 3 Click Upload. Then click Upload File or Upload Folder.

If you use the Upload File function, it is a good practice to upload a maximum of 100 files ata time for better user experience. If you need to upload more files, place the files in a folderand use the Upload Folder function to upload the folder.

NOTE


2. If an access denial message is displayed when you are uploading a file or folder, the possible causes are asfollows:




Step 4 In the dialog box that is displayed, select the file or folder that you want to upload and clickOpen.

You can upload a folder or multiple files at a time. To upload multiple files, hold down Ctrlor Shift to select multiple files. You can also select all the files on the current page by holdingdown Ctrl+A. The operations are consistent with those on the Windows operating system.

The file or folder upload progress is displayed on the task management page. You cansuspend, run, or cancel an upload task based on site requirements. For details, see section5.4.1 Managing Upload Tasks.

----End

2.5.7 Downloading a File or FolderThis section describes how to download a file or folder from OBS to a local computer.

Procedure




26

Step 2 Click the bucket from which you want to download a file or folder. Then select a file or folderand click Download.

You can hold down Ctrl or Shift to select files or folders and batch download them. You canalso select all the files or folders on the current page by pressing Ctrl+A. The operations areconsistent with those on the Windows operating system.

Step 3 In the dialog box that is displayed, select a path to save the file or folder and click OK.

The file or folder download progress is displayed on the task management page. You cansuspend, delete, or cancel a download task based on site requirements. For details, see section5.4.2 Managing Download Tasks.

----End

2.5.8 Deleting a File or FolderThis section describes how to delete a file or folder.

Context

Deleting a folder will delete all files in the folder. Ensure that all files in a folder can bedeleted before deleting the folder.

Deleting unnecessary files or folders saves space and costs.


Procedure


Step 2 Click the bucket from which you want to delete a file or folder. Then select a file or folder andclick Delete.

You can hold down Ctrl or Shift to select multiple files or folders and batch delete them. Youcan also select all the files or folders on the current page by pressing Ctrl+A. The operationsare consistent with those on the Windows operating system.

Step 3 Click OK.

The file or folder deletion progress is displayed on the task management page. You cansuspend or cancel a deletion task based on site requirements. For details, see section 5.4.3Managing Deletion Tasks.

----End


Prerequisitesl The bucket to be deleted is empty.



27

l Only the bucket owner can delete a bucket.l Before deleting a bucket, ensure that all objects in the bucket have been deleted and no

multipart upload tasks are running in the bucket.

Procedure


Step 2 In the bucket list, click the blank area in the row of a bucket and click More > Delete.

NOTE

The interval between deleting a bucket and creating another bucket with the same name as the deleted bucketvaries in different application scenarios. For details, see section Put Bucket in the Object Storage ServiceAPI Reference.

Step 3 Click OK.

----End



28


3 Introduction to OBS Functions

About This ChapterThis chapter describes the main functions and application value of Object Storage Service(OBS).

3.1 Accessing OBS Using Domain Names

3.2 Access Control

3.3 Access Log Record

3.4 Lifecycle Management

3.5 Static Website Hosting

3.6 CORS

3.7 URL Validation

3.8 Adding External Buckets

3.9 Fragment Management

3.10 Versioning

3.11 Server-Side Encryption

3.12 Event Notification

3.13 Object URL

3.14 Object Metadata

Object Storage ServiceUser Guide 3 Introduction to OBS Functions


29

3.1 Accessing OBS Using Domain NamesOBS can be accessed using domain names. Different data centers are assigned differentdomain names. When accessing OBS using APIs or SDKs, you can use domain names tolocate resources on OBS.

Accessing OBS from the Internet

When creating a bucket, you can specify a region (a cloud service zone) for the bucket. OBSis available in multiple regions. However, functions available on OBS may vary in theseregions. The actual GUI prevails. You can specify a region for your bucket based on yourrequirements for the price, response latency, and request source.

NOTE

Ensure that the domain name used for accessing OBS from the public cloud service intranet is the same asthat used for accessing OBS from the Internet.

3.2 Access ControlAccess requests to OBS can be controlled using ACLs, bucket policies, and signatureverification.

3.2.1 ACLOBS provides account-based ACLs to assign specific access permissions to accounts.

An ACL can restrict all users' or a specific user's permissions to access a single bucket or anobject. The permissions include read-only permission, write permission, and full controlpermission. By default, only the creator of a bucket can access the objects in the bucket.However, the creator can set other access policies such as a public access policy to assign readpermission on an object to the other users. OBS enables you to set a bucket or object controlpolicy while you are creating the bucket or uploading the object. If you do not set apermission control policy when creating a bucket or uploading an object, you can obtain ormodify an ACL for the bucket or object after creating or uploading it. ACLs are only used togrant permissions.

OBS uses an ACL to enable bucket and object access permissions to be assigned to thefollowing types of authorized users, as listed in Table 3-1.

Table 3-1 Authorized users supported by OBS

Authorized User Description

Bucket Owner By default, the owner of a bucket has the ACL View and ACLEdit permissions and the two permissions cannot be modified.

Anonymous User A user that is not registered with OBS. If the access permissionfor a bucket and objects is assigned to an anonymous user, allusers can access the bucket and objects.



30


Registered User A user that is registered with OBS. The user employs the AK andSK to access OBS.

Log Delivery User A user that delivers bucket access logs. The user is configured forbucket log management.

Specific User A user that is assigned the permission to access a bucket by thebucket owner.

OBS supports the following types of bucket and object access permissions, as listed in Table3-2.

Table 3-2 Access permissions supported by OBS

Permission Description

Read A grantee with this permission for a bucket can obtain the list ofobjects in the bucket and the metadata of the bucket.A grantee with this permission for an object can obtain the objectcontent and metadata.

Write A grantee with this permission for a bucket can upload, overwrite,and delete any object in the bucket.This permission is not applicable to an object.

ACL View A grantee with this permission can obtain the ACL of a bucket orobject. A bucket or object owner has this permission permanently.

ACL Edit A grantee with this permission can update the ACL of a bucket orobject. A bucket or object owner has this permission permanently.A grantee with this permission can modify the access control policyand thus the grantee obtains full access permissions.

Full Control A grantee with this permission for a bucket has Read, Write, ACLView, and ACL Edit permissions for the bucket.A grantee with this permission for an object has Read, Write, ACLView, and ACL Edit permissions for the object.

NOTE

A request supports a maximum of 100 permissions.

Granting new permissions for a bucket or object overwrites the existing permissions for the bucket or objectand no permissions are added for the bucket or object.

If no ACL permission is assigned for a new bucket, OBS automatically disables the access tothe bucket and objects by other users except the bucket owner.

For details about OBS ACLs, see section ACL in the Object Storage Service API Reference.



31


3.2.2 Bucket PolicyA bucket owner can compile a bucket policy to restrict the access permission for the bucket.

Bucket policies provide centralized access control over buckets and objects based on a varietyof conditions, including OBS operations, requesters, resources, and aspects of the request(e.g., IP address). The permissions attached to a bucket apply to all of the objects in thatbucket.

Individuals as well as companies can use bucket policies. When companies register with OBSthey create an account. Thereafter, the company becomes synonymous with the account.Accounts are financially responsible for the resources they (and their employees) create.Accounts have the power to grant bucket policy permissions and assign employeespermissions based on a variety of conditions. For example, an account could create a policythat gives a user write access:

l To a particular bucketl From an account's corporate networkl From an account's custom application

Unlike access control lists (ACLs), which can add (grant) permissions only on individualobjects, policies can either add or deny permissions across all (or a subset) of objects within abucket. With one request an account can set the permissions of any number of objects in abucket. An account can use wildcard characters (similar to regular expression operators) onAmazon resource names (ARNs) and other values, so that an account can control access togroups of objects.

A bucket policy is specified by the bucket owner and it defines the access permissions for abucket. After a bucket policy is created, access requests to the bucket are controlled by thebucket policy. The bucket policy controls access requests by accepting or rejecting therequests. Bucket policies are compiled in the JSON format. The following are two examplesof bucket policy configurations.

1. Granting an OBS account a permission. In the following example, the account (whoseDomain ID is 783fc6652cf246c096ea836694f71855) is assigned the permission toobtain the log management information about bucket logging.bucket3.Table 3-3 describes an example of parameters that you need to manually modify:



32

Table 3-3 Parameters to be modified


GetBucketLogging Value of the Action field that indicatesthe operation set in the policy andperformed on the bucket. The Actionfield indicates all operations supported byOBS and contains a string of case-insensitive characters. The value supportsa wildcard character (*) that indicates alloperations, for example, "Action":["s3:List*", "s3:Get*"]. Enter a valuebased on actual conditions. For detailsabout all operations supported by OBS,see section Bucket Policy in the ObjectStorage Service API Reference.

Allow Value of the Effect field that indicateswhether the permission in the policy isallowed or denied. The value of theEffect field must be Allow or Deny.

logging.bucket3 Target bucket on which the policy works.The bucket name varies based on actualconditions.

783fc6652cf246c096ea836694f71855 Domain ID of an account. The DomainID needs to be modified based on actualconditions. You can click the username inthe upper right corner of the OBSConsole page and click My Credential.Then you can see the Domain ID on theMy Credential page.

{ "Id": "Policy1375342051334", "Statement": [ { "Sid": "Stmt1375240018061", "Action":[ "s3:GetBucketLogging" ], "Effect":"Allow", "Resource":"arn:aws:s3:::logging.bucket3", "Principal":{ "AWS": [ "arn:aws:iam::783fc6652cf246c096ea836694f71855:root" ] } } ] }

2. Granting an OBS user a permission. In the following example, the user (whose User IDis 71f3901173514e6988115ea2c26d1999) of the account (whose Domain ID is



33


219d520ceac84c5a98b237431a2cf4c2) is assigned the permission to set logmanagement for bucket logging.bucket3.Table 3-4 describes an example of parameters that you need to manually modify:



PutBucketLogging Value of the Action field that indicatesthe operation set in the policy andperformed on the bucket. The Actionfield indicates all operations supported byOBS and contains a string of case-insensitive characters. The value supportsa wildcard character (*) that indicates alloperations, for example, "Action":["s3:List*", "s3:Get*"]. Enter a valuebased on actual conditions. For detailsabout all operations supported by OBS,see section Bucket Policy in the ObjectStorage Service API Reference.



219d520ceac84c5a98b237431a2cf4c2 Domain ID of an account. The DomainID needs to be modified based on actualconditions. You can click the username inthe upper right corner of the OBSConsole page and click My Credential.Then you can see the Domain ID on theMy Credential page.

71f3901173514e6988115ea2c26d1999 User ID of a user. The User ID needs tobe modified based on actual conditions.You can click the username in the upperright corner of the OBS Console page andclick My Credential. Then you can seethe User ID on the My Credential page.

{ "Id": "Policy1375342051335", "Statement":[ { "Sid":"Stmt1375240018062", "Action":[ "s3:PutBucketLogging" ], "Effect":"Allow",



34


"Resource":"arn:aws:s3:::logging.bucket3", "Principal":{ "AWS":[ "arn:aws:iam::219d520ceac84c5a98b237431a2cf4c2:user/71f3901173514e6988115ea2c26d1999" ] } } ] }

Table 4-7 describes the parameters of bucket policies. For details about OBS bucket policies,see section Bucket Policy in the Object Storage Service API Reference.

Table 3-5 Parameters in bucket policies

Parameter Description Mandatory or Not

Version The version that is consistent with Amazon S3. Thevalue can be 2008-10-17 or 2012-10-17.

Optional

Id The ID of the bucket policy. The value must beunique.

Optional

Statement The description of the bucket policy. The statementdefines complete permission control. Each bucketpolicy can have multiple statements, and eachstatement contains the following parameters:l Sidl Effectl Principall NotPrincipall Actionl NotActionl Resourcel NotResourcel Condition

Mandatory

Effect The effect of the bucket policy. The statement canbe sent to accept or reject requests. Possible valuesare Allow and Deny.

Mandatory

Sid The statement ID. Optional

Principal/NotPrincipal

The user on whom the bucket policy statementtakes effect.Either Principal or NotPrincipal must be selectedto specify the user on whom the bucket policystatement takes effect or does not take effect.

Mandatory



35



Action/NotAction

The OBS operation on which the bucket policystatement takes effect.Either Action or NotAction must be selected tospecify whether the bucket policy statement takeseffect on the OBS operation.

Mandatory

Resource/NotResource

The object on which the bucket policy statementtakes effect.Either Resource or NotResource must be selectedto specify whether the bucket policy statementtakes effect on the OBS resources.

Mandatory

Condition Indicates the conditions for a statement to takeeffect.

Optional

After a bucket policy is created, OBS determines whether to accept or reject requests to thebucket based on the bucket policy.

l When no bucket policy statement matches with an access request, OBS rejects therequest by default.

l The priority of Deny is higher than that of Allow.

Example1. Assigning specific users the permission to obtain objects in specific buckets

In the following example, the user (whose User ID isac49fefeb80247799fbaf43249eb73ed) of the account (whose Domain ID is783fc6652cf246c096ea836694f71855) is assigned the permission to obtain all objects inbucket mybucket.

Table 3-6 describes an example of parameters that you need to manually modify:







36


ac49fefeb80247799fbaf43249eb73ed User ID of an account. The User IDneeds to be modified based on actualconditions. You can click the username inthe upper right corner of the OBSConsole page and click My Credential.Then you can see the Domain ID on theMy Credential page.

GetObject Value of the Action field that indicatesthe operation set in the policy. TheAction field indicates all operationssupported by OBS and contains a stringof case-insensitive characters. The valuesupports a wildcard character (*) thatindicates all operations, for example,"Action":["s3:List*", "s3:Get*"].Enter a value based on actual conditions.For details about all operations supportedby OBS, see section Bucket Policy in theObject Storage Service API Reference.

mybucket/* Target object on which the policy works.The object varies based on actualconditions. A wildcard character (*)indicates all objects in bucket mybucket.

{ "Version":"2008-10-17", "Id":"aaaa-bbbb-cccc-dddd", "Statement":[ { "Effect":"Allow", "Sid":"1", "Principal":{ "AWS":["arn:aws:iam::783fc6652cf246c096ea836694f71855:user/ac49fefeb80247799fbaf43249eb73ed"] }, "Action":["s3:GetObject"], "Resource":"arn:aws:s3:::mybucket/*" } ] }

2. Limiting specific addresses' permission to access specific bucketsIn the following example, the permission of address www.example.com to access allobjects in bucket mybucket is limited.Table 3-7 describes an example of parameters that you need to manually modify:



37




Deny Value of the Effect field that indicateswhether the permission in the policy isallowed or denied. The value of theEffect field must be Allow or Deny.

Wildcard character (*) in Principal Authorized user, that is, the user onwhom the policy works. A wildcardcharacter (*) indicates that the policyworks on all users.

Wildcard character (*) in Action Operation, that is, the OBS operation onwhich the policy works. A wildcardcharacter (*) indicates all OBSoperations, such as GetObject andPutObject.

mybucket/* Target object on which the policy works.The object varies with site requirements.A wildcard character (*) indicates allobjects in bucket mybucket.

www.example.com Address whose access to OBS isrestricted.

{ "Version":"2008-10-17", "Statement":[ { "Sid":"1", "Effect":"Deny", "Principal":{"CanonicalUser":["*"]}, "Action":["s3:*"], "Resource":["arn:aws:s3:::mybucket/*"], "Condition": {"StringEquals":{"aws:Referer":["www.example.com"]} } } ] }

3. Listing objects in a bucket with conditionsIn the following example, only account 219d520ceac84c5a98b237431a2cf4c2 isallowed to list objects prefixed with Obj in bucket mybucket.Table 3-8 describes an example of parameters that you need to manually modify:






38



ListBucket Value of the Action field that indicatesthe operation set in the policy. TheAction field indicates all operationssupported by OBS and contains a stringof case-insensitive characters. The valuesupports a wildcard character (*) thatindicates all operations, for example,"Action":["s3:List*", "s3:Get*"].Enter a value based on actual conditions.For details about all operations supportedby OBS, see section Bucket Policy in theObject Storage Service API Reference.

mybucket Target bucket on which the policy works.The bucket name varies based on actualconditions.

Obj Objects that are selected by prefixes forlisting. The value needs to be modifiedbased on actual conditions.

{ "Version":"2008-10-17", "Id":"aaaa-bbbb-cccc-dddd", "Statement":[ { "Effect":"Allow", "Sid":"1", "Principal":{"AWS":["arn:aws:iam::219d520ceac84c5a98b237431a2cf4c2:root"]}, "Action":["s3:ListBucket"], "Resource":"arn:aws:s3:::mybucket", "Condition":{"StringEquals":{"s3:prefix":"Obj"}} } ] }

4. Limiting the start time of accessing objects in a bucketIn the following example, the start time of accessing all objects in bucket mybucket byall users is set.Table 3-9 describes an example of parameters that you need to manually modify:



39





Wildcard character (*) in Principal Authorized user, that is, the user onwhom the policy takes effect. A wildcardcharacter (*) indicates that the policyworks on all users.



2015-09-10T12:00:00Z Start time of accessing the bucket.

2015-09-10T15:00:00Z End time of accessing the bucket.

{ "Version":"2008-10-17", "Statement":[ { "Sid":"1", "Effect":"Allow", "Principal":{"CanonicalUser":["*"]}, "Action":["s3:*"], "Resource":["arn:aws:s3:::mybucket/*"], "Condition": { "DateGreaterThan":{ "aws:CurrentTime":"2015-09-10T12:00:00Z"}, "DateLessThan":{"aws:CurrentTime":"2015-09-10T15:00:00Z"} } } ] }

5. Limiting access to OBS from specific IP addressesThe following policy grants all users the permission to perform any OBS operation onobjects in a specific bucket. However, the requests must be from the specified IP addressrange.Table 3-10 describes an example of parameters that you need to manually modify:



40






examplebucket/* Target object on which the policy works.The object varies with site requirements.A wildcard character (*) indicates allobjects in bucket mybucket.

192.168.0.25/32 IP address range that is not allowed toaccess OBS. The value needs to bemodified based on actual conditions.

192.168.1.0/24 IP address range that is allowed to accessOBS. The value needs to be modifiedbased on actual conditions.

{ "Version":"2008-10-17", "Id":"01", "Statement":[ { "Sid":"1", "Effect":"Allow", "Principal":{ "AWS":[ "*" ] }, "Action":[ "s3:*" ], "Resource":[ "arn:aws:s3:::examplebucket/*" ], "Condition":{ "NotIpAddress":{ "aws:SourceIp":[ "192.168.0.25/32" ] }, "IpAddress":{ "aws:SourceIp":[ "192.168.1.0/24"



41

] } } } ]}

3.2.3 Signature VerificationOBS uses AKs and SKs for signature verification to ensure that only authorized accounts canaccess specific OBS resources.




For details about how to obtain an AK and SK, see section Creating an Access Key (AK andSK).

The header of a request to be sent to OBS must contain the SK, request time, request type,and other information for authentication. Before authentication, OBS encodes the bucketname and object names using URLEncode and generates required information forauthentication. Accounts can access specific OBS resources only after they pass the signatureauthentication.

OBS supports Amazon V2 and V4 for authentication. In addition to using the HMAC-SHA256 algorithm, Amazon V4 introduces user data into signature computing. The headerfields introduced in signature computing can be specified by users, notably improving thesecurity of request authentication.

3.3 Access Log RecordOBS can record bucket access requests in logs for request analysis and log audit.

Logs occupy some OBS storage space rented by users, causing extra fees. For this reason,OBS does not collect bucket access logs by default.

For the analysis or audit purpose, you can enable log management. Access logs enable abucket owner to analyze the property, type, or trend of requests to the bucket in depth. Afterlog management is enabled for a bucket, OBS automatically logs access requests to the bucketand generates and writes log files into a specific target bucket.

Generated logs are named using the following format:<TargetPrefix>YYYY-mm-DD-HH-MM-SS-<UniqueString>

l <TargetPrefix> indicates the specific target prefix.

l YYYY-mm-DD-HH-MM-SS indicates the date and time when the log is generated.

l <UniqueString> indicates a character string generated by OBS.



42

On OBS Console, if configured <TargetPrefix> ends with a slash (/), logs generated in thebucket are stored in the <TargetPrefix> folder in the target bucket to facilitate management.

For example:

l If the target bucket is bucket and target prefix is bucket-log/, all logs are stored in thebucket-log/ folder in bucket. The log file is named as follows: 2015-06-29-12-22-07-N7MXLAF1BDG7MPDV.

l If the target bucket is bucket and target prefix is bucket-log, all logs are directly storedin bucket. The log file is named as follows: bucket-log2015-06-29-12-22-07-N7MXLAF1BDG7MPDV.

After log management is configured, you can view the operation logs in the target bucketthat stores the logs in about 5 minutes.

The following shows the access log of the target bucket:

787f2f92b20943998a4fe2ab75eb09b8 bucket [13/Aug/2015:01:43:42 +0000] 192.144.1.113 787f2f92b20943998a4fe2ab75eb09b8 281599BACAD9376ECE141B842B94535B REST.GET.BUCKET.LOCATION - "GET /bucket?location HTTP/1.1" 200 - 211 - 6 6 "-" "HttpClient" -

The access log of each bucket contains the information listed in Table 3-11.

Table 3-11 Bucket logging format

Name Description Example

BucketOwner ID of the bucket owner 787f2f92b20943998a4fe2ab75eb09b8

Bucket Bucket name bucket

Time Request timestamp [13/Aug/2015:01:43:42 +0000]

Remote IP Request IP address 192.144.1.113

Requester ID of the requester 787f2f92b20943998a4fe2ab75eb09b8

RequestID ID of the request 281599BACAD9376ECE141B842B94535B

Operation Operation REST.GET.BUCKET

Request-URI Request URI GET /bucket?location HTTP/1.1

HTTPStatus Return code 200

BytesSent Size of the HTTP response,expressed in bytes

211

TotalTime Processing time on the server 6

Turn-AroundTime

Total request processing time 6

For details about access logs, see section PUT Bucket logging in the Object Storage ServiceAPI Reference.



43


3.4 Lifecycle ManagementLifecycle management means periodically deleting objects in a bucket by configuring rules.

Lifecycle management applies to the following scenarios:

l Periodically uploaded log files that may need to be retained for only one week or onemonth, and you want to delete these log files after they expire.

l Documents that are seldom accessed after a certain period of time, and you want todelete these documents.

You can define lifecycle rules for identifying objects and manage lifecycles of the objectsbased on the rules. After unnecessary files are deleted, less OBS storage space is required,saving your costs.

Lifecycle rules have two key elements:

l Configuration policyYou can also specify the prefix of object names so that objects whose names have thisprefix are restricted by the rules. You can configure a lifecycle rule for a bucket so thatall objects in the bucket can be restricted by the lifecycle rule.

l Expiration timeYou can specify the number of days after which objects are automatically deleted or theday after which an object that matches with a rule is deleted.

For example, the following files are stored on OBS on January 7, 2015:

l log/test1.logl log/test2.logl doc/example.docl doc/good.txt

The following files are stored on OBS on January 10, 2015:

l log/clientlog.logl log/serverlog.logl doc/work.docl doc/travel.txt

If the expiration time of objects prefixed with log/ is set to January 11, 2015 (or one daylater) on January 10, 2015, OBS will delete objects log/test1.log, log/test2.log, log/clientlog.log, and log/serverlog.log on January 11, 2015.If the expiration time of objects prefixed with log/ is set to January 8, 2015 on January10, 2015, OBS will delete objects log/test1.log and log/test2.log that were last modifiedbefore January 8, 2015 on January 10, 2015 but will not delete objects log/clientlog.logand log/serverlog.log that were stored on OBS the same day.

NOTE

The deletion of an object may be delayed after the object expires. Generally, the delay does not exceed 48hours.

For details about how to configure lifecycle management, see section PUT Bucket lifecyclein the Object Storage Service API Reference.



44


3.5 Static Website HostingOBS allows you to configure static website hosting for your bucket on OBS.

You can upload the content files of the static website to your bucket on OBS and configure aread permission to anonymous users for these files, and then configure the static websitehosting mode for your bucket to host your static websites on OBS.

Static websites contain static web pages and some scripts that can run on clients, such asJavaScript and Flash. Different from static websites, dynamic websites rely on servers toprocess scripts, including PHP, JSP, and ASP.NET. OBS does not support scripts running onservers.

The configuration of static website hosting takes effect within 2 minutes. After the staticwebsite hosting settings take effect on OBS, you can use the following domain names toaccess the static website:

https://bucketname.OBSstaticWebsiteHostingDomainnamehttp://bucketname.OBSstaticWebsiteHostingDomainname

When configuring static website hosting, you can specify the index page and error pagereturned during website access:

l Default Home PageThe default home page specifies the default home page of the static website. When OBSConsole is used to configure static website hosting, only html web pages are supported.When APIs or SDKs are used to configure static website hosting, the Content-Type ofobjects must be specified.OBS only allows files such as index.html in the root directory of a bucket to function asthe default home page. That is to say, do not set the default home page with a multi-leveldirectory structure (for example, /page/index.html).

l Default 404 PageThe error page specifies the error page returned when an error occurs during staticwebsite access. When OBS Console is used to configure static website hosting, onlyhtml web pages are supported. When APIs or SDKs are used to configure static websitehosting, the Content-Type of objects must be specified.

When using static website hosting, you can configure request redirection to redirect specificor all requests. Typical configurations include:

l Redirecting all requests to another site.l Redirecting specific requests based on redirection rules.

NOTE

After changing the destination address for redirection, you must manually clear the browser cache so thatrequests will be redirected to the new destination address.

For example, if the original destination address for redirection is www.example.com, the systemautomatically jumps to www.example.com after you access the static website hosting address (or replicatethe address to another browser). After changing the destination address for redirection to www.test.com, youmust clear the browser cache. By doing so, when you access the static website hosting address, the systemautomatically jumps to www.test.com. Otherwise, the system will still jump to www.example.com.

For details about static website hosting, see section PUT Bucket website in the ObjectStorage Service API Reference.



45


3.6 CORSOBS supports cross-origin resource sharing (CORS) rules and allows resources on OBS to beaccessed across origins.

CORS is a browser standard mechanism provided by the World Wide Web Consortium(W3C). It defines the interaction methods between client-side web applications in one originand resources in another origin. In web page requests, website scripts and contents in oneorigin cannot interact with those in another origin because of Same Origin Policies (SOPs).

OBS supports static website hosting. For details, see section 3.5 Static Website Hosting.Static websites stored on OBS can respond to website requests from another origin only whenCORS is configured for the bucket.

OBS CORS is used in the following scenarios:

l Enables JavaScript and HTML 5 to be used to establish web applications that candirectly access resources on OBS. No proxy servers are required for transfer.

l Enables the dragging function of HTML 5 to be used to upload files to OBS (with theupload progress displayed) or update OBS contents using web applications.

l Hosts external web pages, style sheets, and HTML 5 applications in different origins.Web fonts or pictures on OBS can be shared by multiple websites.

The configuration of CORS takes effect within 2 minutes.

Table 3-12 describes parameters in CORS rules.

Table 3-12 Parameters in CORS rules

Parameter Description Mandatoryor Not

Allowed Origin Requests from this origin can access the bucket.Multiple matching rules are allowed. One ruleoccupies one line, and allows one wildcardcharacter (*) at most. For example:http://rds.example.comhttps://*.vbs.example.com

Mandatory

Allowed Method Specifies the acceptable operation type ofbuckets and objects.The methods include GET, POST, PUT,DELETE, and HEAD.

Mandatory

Allowed Header Specifies the allowed header of cross-originrequests. Only CORS requests matching theallowed header are valid.You can enter multiple allowed headers (one perline) and each line can contain one wildcardcharacter (*) at most. Spaces and specialcharacters including &:< are not allowed.

Optional



46


Exposed Header Specifies the exposed header in CORSresponses, providing additional information forclients.You can enter multiple exposed headers (oneper line). Spaces and special charactersincluding *&:< are not allowed.

Optional

Cache Duration (s) Specifies the duration that your browser cancache CORS responses, expressed in seconds.The default value is 100.

Mandatory

For details about CORS, see section PUT Bucket CORS in the Object Storage Service APIReference.

3.7 URL ValidationOBS supports URL validation based on Referrers in HTTP headers to prevent a user's dataon OBS from being stolen by other users. OBS supports both whitelists and blacklists.

To reduce costs, some websites steal links to other websites to enrich their own contents.Stealing links not only damages interests of the original websites but also increases workloadson the server. To resolve this problem, URL validation comes into being.

In HTTP, a website can detect the web page that accesses a target web page using theReferrers field. As the Referrers field can trace sources, specific techniques can be used toblock or return to specific web pages if the pages are not from the website. URL validationchecks whether the Referrers field in requests matches the whitelist or blacklist by settingReferrers. If the field matches the whitelist, the requests are allowed. Otherwise, the requestsare blocked or specific pages are displayed.

OBS supports URL validation based on Referrers in HTTP headers to prevent a user's dataon OBS from being stolen by other users. OBS supports both whitelists and blacklists.

l Referrers are separated from each other using newlines.

l When Whitelisted Referrers is empty but Blacklisted Referrers is not, all websitesexcept specified ones in the blacklist are allowed to access data in the target bucket.

l When Whitelisted Referrers is not empty and Blacklisted Referrers is empty or notempty, only specified websites in the whitelist are allowed to access data in the targetbucket.

NOTE

When Whitelisted Referrers is the same as Blacklisted Referrers, the blacklist takes effect. For example, ifthe Referrers fields of Whitelisted Referrers and Blacklisted Referrers are set to www.example.com, theaccess request from www.example.com is blocked.

l When Whitelisted Referrers and Blacklisted Referrers are empty, all websites areallowed to access data in the target bucket by default.



47


l Before determining whether a user has the five types of permissions (Full Control,Read, Write, ACL View, and ACL Edit) for a bucket or objects in the bucket, checkwhether the user complies with the URL validation principles of the Referrers field.

For example:

l If Whitelisted Referrers of bucket test-111 is set to http://example.com andBlacklisted Referrers is empty, only requests whose Referrers is http://example.comcan access data in the bucket.

l If Blacklisted Referrers of bucket test-111 is set to http://example.com andWhitelisted Referrers is empty, all requests except the requests whose Referrers ishttp://example.com can access data in the bucket.

3.8 Adding External BucketsOBS enables you to add buckets of other users if you have the access permission for thebuckets. By doing so, you can access the external buckets locally using your account.

After successfully adding an external bucket, you can see the external bucket in the bucket listusing your own account and have the ACL access permissions for the bucket.

For example, if you are assigned the Read and Write permissions for bucket test, you canadd bucket test to a local computer using your account. You can see bucket test in the bucketlist on the left and have the write permission for the bucket. That is, you can upload objectsto, overwrite objects in, and delete objects from the bucket.

3.9 Fragment ManagementFragment management enables you to clear fragments that were generated due to objectupload failures.

Fragments are incomplete data in buckets generated due to data upload failures.

The following lists examples of situations where fragments may be generated:

l The network is in poor condition, and the connection to the OBS server is interruptedfrequently.

l The upload task is manually interrupted.l The device is faulty.l The device is powered off suddenly.

The fragments need to be cleared to free up space.

3.10 VersioningOBS can store multiple versions of an object. You can quickly search for and restore differentversions or restore data in the event of misoperations or application faults.

Versioning is an effective means to restore overwritten or incorrectly deleted objects. Bydefault, versioning is disabled for new buckets on OBS. New objects will overwrite theexisting objects with the same names as the new ones in a bucket.

After versioning is enabled:



48

l When an object is uploaded, OBS automatically allocates a unique version ID for theobject. Objects with the same name are stored on OBS with different version IDs.

l Objects can be downloaded by version ID. By default, the latest object is downloaded ifthe version ID is not specified.

l Objects can be permanently deleted by specifying version IDs after Show is enabled forVersions. They cannot be restored after being deleted. If an object is deleted after Hideis enabled for Versions, the object will have a deletion mark with the unique version IDbut will not be actually deleted. If an access request is sent to the object, a message isreturned indicating that the object does not exist. If you delete this deletion mark, youwill cancel the deletion of the object.

l The latest objects in a bucket are returned by default after a GET Object request. You canalso send a request to obtain a bucket's objects with all version IDs.

l All object versions except deletion marks stored on OBS are charged.

If versions of objects in a bucket do not need to be controlled, you can suspend versioning. Ifversioning is disabled:

l Objects of the previous versions remain on OBS. You need to manually deleteunnecessary objects of the previous versions.


l All old object versions except deletion marks stored on OBS are charged.

Currently, OBS Browser does not support versioning. To use this function, use OBS Console,APIs, or SDKs to manage data on OBS.

For details about versioning, see section PUT Bucket versioning in the Object StorageService API Reference.

3.11 Server-Side EncryptionOBS allows users to encrypt objects using server-side encryption so that the objects can besecurely stored on OBS.

Key Management Service (KMS) uses Hardware Secure Modules (HSMs) to ensure keysecurity, enabling users to easily create and manage encryption keys. Keys are not displayedin plaintext outside HSMs, which effectively prevents key disclosure. All operationsperformed on keys are controlled and logged, and usage of all keys is recorded, meetingregulatory compliance requirements.

Currently, both OBS Console and OBS Browser support server-side encryption with KMS-managed keys (SSE-KMS). In SSE-KMS mode, OBS uses the keys provided by KMS forserver-side encryption.

The objects to be uploaded can be encrypted using SSE-KMS. You need to create a key usingKMS or use the default key provided by KMS. Then you can use the KMS key to performserver-side encryption when uploading objects on OBS.

After server-side encryption is enabled, objects to be uploaded will be encrypted and storedon the server. When downloading the encrypted objects, the encrypted data will be decryptedon the server and displayed in plaintext to users.

OBS supports both SSE-KMS and server-side encryption with customer-provided keys (SSE-C) by invoking APIs. In SSE-C mode, OBS uses the keys and MD5 values provided by



49


customers for server-side encryption. For details about the APIs, see section Server-SideEncryption in the Object Storage Service API Reference.

3.12 Event NotificationYou can use SMN to send alarms and notifications, and trigger workloads. OBS supportsevent notification for the following event types:

l Use PUT to upload an object.l Use POST to upload an object.l Use APIs to copy an object. OBS Console and OBS Browser do not support object copy.l Upload an object in multiparts.l Delete an object by version.l Delete an object not by version.

NOTE

Currently, you can configure an event notification policy on OBS Console only.

You can set an event notification by the prefix and suffix of an object. For example, add anevent and specify that the notification is sent only when the files suffixed with .jpg orprefixed with images/ are added to the storage bucket.

3.13 Object URLOBS allows anonymous users to access object data using object URLs.

When anonymous users are assigned the permission to read specific objects, the anonymoususers can quickly access the objects using the object URLs.

The object URL is in the format of https://domain name/bucket name/directory level/objectname. If the object is in the root directory of the bucket, the URL does not contain a directorylevel.

NOTE

l If Versioning is enabled for a bucket and Show Version is enabled for the object list, the object URLcontains a version ID and is in the format of https://domain name/bucket name/directory level/objectname?versionId=version ID.

l The method of using a browser to access objects varies depending on the object type. You can directlyopen .txt and .html files using a browser. However, when you open .exe and .dat files using a browser,the files are automatically downloaded to your local computer.

3.14 Object Metadata

Metadata is the data that mainly describes objects' attributes. Object metadata is a set ofname-value pairs that are part of object management.

NOTE

l You cannot set metadata of an object that has multiple versions.

l ContentDisposition and WebsiteRedirectLocation of object metadata are not applicable toencrypted objects.



50



Table 1 lists three kinds of system-defined metadata that OBS currently supports.

Table 3-13 Three kinds of system-defined metadata that OBS currently supports

Name Description

ContentDisposition Provides a default file name for the objectthat is being requested. When an object isbeing downloaded or accessed, the file withthe default file name is directly displayed inthe browser or a download dialog box isdisplayed if the file is being accessed.For example, select ContentDisposition asthe metadata name and enterattachment;filename="testfile.xls" as themetadata value for an object. If you accessthe object through a link, a dialog box isdirectly displayed for downloading objects,and the object name is changed totestfile.xls.

ContentLanguage Specifies the language of the object content.For example, select ContentLanguage asthe metadata name and enter en-us as themetadata value for an object. If you accessthe object, the object content is displayed inEnglish by default.

WebsiteRedirectLocation Redirects an object to another object or anexternal URL. The redirection function isimplemented using static website hosting.For example, select a bucket and clickBucket Attribute. On the page that isdisplayed, click the Static Website Hostingtab. On the page that is displayed, enterobject name testobject.txt in the DefaultHome Page text box to configure staticwebsite hosting. Go to the Object page.Select WebsiteRedirectLocation as themetadata name and enter http://www.example.com as the metadata valuefor object testobject.txt. If you accessobject testobject.txt using the Endpoint onthe Static Website Hosting page, the accessrequest is redirected to http://www.example.com.



51

4 Using OBS on OBS Console

About This ChapterOBS Console enables you to perform most basic operations.

4.1 Browser Versions Supported by OBS Console

4.2 Bucket Management

4.3 Object Management

4.4 Fragment Management

4.5 Typical Application

Object Storage ServiceUser Guide 4 Using OBS on OBS Console


52

4.1 Browser Versions Supported by OBS ConsoleThis section describes the browser versions supported by OBS Console.

Browsers supported by OBS Console are shown in Table 4-1.

Table 4-1 Browser versions supported by OBS Console

SupportedBrowser

Supported Browser Version

Internet Explorer l Internet Explorer 9l Internet Explorer 10l Internet Explorer 11

Firefox Latest version

Chrome Latest version

4.2 Bucket ManagementThis section describes a series of bucket management operations.


Procedure


Step 2 Click Create Bucket in the upper left corner.

The following dialog box is displayed.



53

Step 3 Set Region and Bucket Name.

A user can create a maximum of 100 buckets on OBS.

NOTE




Bucket Name Name of the bucket to be created.The bucket name must be globally unique and comply with thefollowing rules:l Contains 3 to 63 characters, including lowercase letters,

digits, hyphens (-), and periods (.)l Cannot be an IP addressl Cannot start or end with a hyphen (-) or period (.)l Cannot contain two consecutive periods (.)l Cannot contain periods (.) and hyphens (-) adjacent to each

other

NOTE


Step 4 Click OK.

NOTE


----End

4.2.2 Searching for a BucketThis section describes how to search for a bucket by entering characters contained in thebucket name on OBS Console.

Procedure


Step 2 In the search box in the upper right corner on the main page, enter characters contained in thename of the desired bucket.



54

Step 3 Click .

The found buckets are displayed in the bucket list.

For example, if you want to search for buckets whose names contain the test characters, youonly need to enter test in the search box in the upper right corner on the main page and click

. Then, all buckets that contain test in their names are displayed in the bucket list.

----End

4.2.3 Viewing Basic Information About a BucketThis section describes how to view basic information about a bucket, including the owner,capacity, location, and object quantity.

Procedure


Step 2 Select a desired bucket under My Bucket and click Bucket Attribute.

Step 3 On the Basic page, view basic information about the bucket.

Table 4-2 Parameter description


Owner Owner of the bucket. It indicates the current account on OBS.

Space Used Total capacity used by objects in the bucket.

Number of Objects Number of the objects stored in the bucket.

Region Region where the bucket is located.

Domain ID Unique identity of the bucket owner. It is the same as Domain IDon the My Credential page.

Created Time when the creation of a bucket is completed.

----End



55

4.2.4 Setting ACL Permissions for BucketsThis section describes how to set access control list (ACL) permissions for buckets.

Procedure


Step 2 Select the bucket for which you want to set ACL permissions under My Bucket and clickBucket Attribute.

Step 3 Click Permission.

You can set ACL permissions of Bucket Owner, Anonymous User, Registered User, andLog Delivery User on the page. Assign user ACL permissions for target buckets by selectingthe permissions or delete permissions by deselecting the permissions. You can add ACLpermissions of specific users as required or click Delete next to specific permissions to deletepermissions.

OBS enables bucket access permissions to be assigned to the following types of authorizedusers using the ACL. These users are listed and described in Table 4-3.




Anonymous User A user that is not registered with OBS. If the access permission fora bucket and objects is assigned to an anonymous user, all users canaccess the bucket and objects.



Specific User A user that is assigned the permission to access a bucket by thebucket owner.



56

OBS supports the following types of bucket access permissions, as listed and described inTable 4-4.



Read The permission to obtain the list of objects in the bucket and themetadata of the bucket.

Write The permission to write a bucket. A user with the writepermission for a bucket can upload, overwrite, and delete anyobject in the bucket.

ACL View The permission to view the ACL of a bucket.A bucket owner has this permission permanently.

ACL Edit The permission to modify the ACL of a bucket.A bucket owner has this permission permanently.NOTE

Users assigned the ACL Edit permission own the Full Controlpermission. Exercise caution when assigning this permission to otherusers.

Full Control The permission to control a bucket and objects in the bucket. Auser assigned such a permission possesses all the permissionsmentioned above.NOTE

Users assigned the Full Control permission can fully control a bucketand objects in it. Exercise caution when assigning this permission toother users.

Step 4 Optional: Click Add Permission. Enter Domain ID of a specific user and set ACLpermissions of the user.

You can obtain Domain ID on the My Credential page.




57

For details about how to use ACL permissions, see section ACL in the Object Storage ServiceAPI Reference.

Step 5 Click Save.

A message is displayed indicating that bucket permissions have been set successfully.

----End

Follow-up Procedure

Click Delete to delete permissions of specific users when necessary.

4.2.5 Configuring a Bucket PolicyA bucket policy defines the access control policy of resources (buckets and objects) on OBS.

Context

Access requests to a bucket are controlled by bucket policies. The bucket policy controlsaccess requests by accepting or rejecting the requests.



l To a particular bucket

l From an account's corporate network

l From an account's custom application


Procedure


Step 2 Select the bucket for which you want to configure a bucket policy under My Bucket and clickBucket Attribute.




58


Step 4 Click Configure Bucket Policy.

Step 5 In the Configure Bucket Policy text box, enter a specific bucket policy.

Bucket policies are compiled in the JSON format. The following are two examples of bucketpolicy configurations.









59





2. Granting an OBS user a permission. In the following example, the user (whose User IDis 71f3901173514e6988115ea2c26d1999) of the account (whose Domain ID is219d520ceac84c5a98b237431a2cf4c2) is assigned the permission to set logmanagement for bucket logging.bucket3.Table 4-6 describes an example of parameters that you need to manually modify:






60







{ "Id": "Policy1375342051335", "Statement":[ { "Sid":"Stmt1375240018062", "Action":[ "s3:PutBucketLogging" ], "Effect":"Allow", "Resource":"arn:aws:s3:::logging.bucket3", "Principal":{ "AWS":[ "arn:aws:iam::219d520ceac84c5a98b237431a2cf4c2:user/71f3901173514e6988115ea2c26d1999" ] } } ] }





Optional



61




Optional


Mandatory


Mandatory




Mandatory

Action/NotAction


Mandatory



Mandatory


Optional

Step 6 Click OK.

----End



62


In the following example, the user (whose User ID isac49fefeb80247799fbaf43249eb73ed) of the account (whose Domain ID is783fc6652cf246c096ea836694f71855) is assigned the permission to obtain all objects inbucket mybucket.Table 4-8 describes an example of parameters that you need to manually modify:








{ "Version":"2008-10-17",



63


"Id":"aaaa-bbbb-cccc-dddd", "Statement":[ { "Effect":"Allow", "Sid":"1", "Principal":{ "AWS":["arn:aws:iam::783fc6652cf246c096ea836694f71855:user/ac49fefeb80247799fbaf43249eb73ed"] }, "Action":["s3:GetObject"], "Resource":"arn:aws:s3:::mybucket/*" } ] }









{ "Version":"2008-10-17", "Statement":[ { "Sid":"1", "Effect":"Deny", "Principal":{"CanonicalUser":["*"]}, "Action":["s3:*"], "Resource":["arn:aws:s3:::mybucket/*"], "Condition": {"StringEquals":{"aws:Referer":["www.example.com"]} }



64

} ] }









{ "Version":"2008-10-17", "Id":"aaaa-bbbb-cccc-dddd", "Statement":[ { "Effect":"Allow", "Sid":"1", "Principal":{"AWS":["arn:aws:iam::219d520ceac84c5a98b237431a2cf4c2:root"]},



65


"Action":["s3:ListBucket"], "Resource":"arn:aws:s3:::mybucket", "Condition":{"StringEquals":{"s3:prefix":"Obj"}} } ] }

4. Limiting the start time of accessing objects in a bucketIn the following example, the start time of accessing all objects in bucket mybucket byall users is set.Table 4-11 describes an example of parameters that you need to manually modify:












66

5. Limiting access to OBS from specific IP addressesThe following policy grants all users the permission to perform any OBS operation onobjects in a specific bucket. However, the requests must be from the specified IP addressrange.Table 4-12 describes an example of parameters that you need to manually modify:









{ "Version":"2008-10-17", "Id":"01", "Statement":[ { "Sid":"1", "Effect":"Allow", "Principal":{ "AWS":[ "*" ] }, "Action":[ "s3:*" ], "Resource":[ "arn:aws:s3:::examplebucket/*" ],



67

"Condition":{ "NotIpAddress":{ "aws:SourceIp":[ "192.168.0.25/32" ] }, "IpAddress":{ "aws:SourceIp":[ "192.168.1.0/24" ] } } } ]}

4.2.6 Configuring Static Website HostingThis section describes how to set static website hosting for buckets and use bucket domainnames to access static websites.

PrerequisitesUpload all of the website files required by the static website have been uploaded to thespecified bucket.

NOTICETo ensure that a hosted static website can be accessed by all users, set Read for the bucketstoring static website files to anonymous users. Then set anonymous users to be able to accessstatic website files in the bucket in bucket policies, ensuring that the users have sufficientaccess permissions for desired objects. The configuration of static website hosting takes effectwithin 2 minutes.

Procedure


Step 2 Select the bucket for which you want to configure static website hosting under My Bucketand click Bucket Attribute.

Step 3 Click Static Website Hosting.

Step 4 Select Enable website hosting.



68

Step 5 Set the values of Default Home Page and Default 404 Page.

l Default Home PageOnly a file in the current bucket can serve as the home page of the static website. If thefile name is not entered, the default home page setting is disabled.OBS only allows files such as index.html in the root directory of a bucket to function asthe default home page. That is to say, do not set the default home page with a multi-leveldirectory structure (for example, /page/index.html).

l Default 404 PageOnly a file in the current bucket can serve as the default 404 (Not Found) page of thestatic website. This error page is displayed when an incorrect path is accessed. If the filename is not entered, the default 404 error page setting is disabled.

Step 6 Optional: In Redirection Rules, configure redirection rules.

Requests that comply with the redirection rules are redirected to the specific host or page.

Redirection Rules are compiled in the JSON format. Each rule contains a Condition and aRedirect.

The following example shows a redirection rule template:

[{"Condition":{"KeyPrefixEquals":"folder1/"},"Redirect":{"HostName":"www.example.com"}},{"Condition":{"KeyPrefixEquals":"folder2/"},"Redirect":{"ReplaceKeyPrefixWith":"folder3/"}}]

In the preceding template, there are two redirection rules:

l Automatically redirect requests prefixed with folder1/ to host www.example.com.

l Automatically redirect requests prefixed with folder2/ to an object prefixed withfolder3/. For example, if object folder2/work.txt on OBS is renamed as folder3/work.txt and the redirection rules are enabled, access requests to folder2/work.txt willbe automatically directed to folder3/work.txt.



69

For details about redirection rules, see section PUT Bucket website in the Object StorageService API Reference.

Step 7 Click Save.

After the static website hosting settings take effect on OBS, you can use the following domainnames to access the static website. If you successfully access the website using the followingdomain names, static website hosting is successfully configured.

https://bucketname.OBSstaticWebsiteHostingDomainnamehttp://bucketname.OBSstaticWebsiteHostingDomainname

----End

Follow-up ProcedureYou can select Disable website hosting to disable static website hosting or Redirect toanother host to redirect the page based on site requirements.

If Redirect to another host is selected, all access requests to the bucket will be redirected tospecified hosts.

NOTE

After changing the destination address for redirection, you must manually clear the browser cache sothat requests will be redirected to the new destination address.For example, if the original destination address for redirection is www.example.com, the systemautomatically jumps to www.example.com after you access the static website hosting address (orreplicate the address to another browser). After changing the destination address for redirection towww.test.com, you must clear the browser cache. By doing so, when you access the static websitehosting address, the system automatically jumps to www.test.com. Otherwise, the system will still jumpto www.example.com.

4.2.7 Configuring CORSThis section describes how to use CORS in HTML5 to implement cross-origin access.

Procedure


Step 2 Select the bucket for which you want to configure CORS under My Bucket and click BucketAttribute.

Step 3 Click CORS Rule.

NOTE

You can set a maximum of 100 CORS rules for OBS.



70


Step 4 Click Add.

Step 5 In the Add Rule dialog box, configure Allowed Origin, Allowed Method, Allowed Header,Exposed Header, and Cache Duration(s).

Table 4-13 lists and describes the parameters of CORS rules.



71




Mandatory


Mandatory


Optional


Optional


Mandatory

Step 6 Click OK.

A message is displayed indicating that CORS configuration of the bucket is successful. Theconfiguration of CORS takes effect within 2 minutes.

After CORS is successfully configured, only the addresses specified in Allowed Origin canaccess a bucket on OBS using the method specified in Allowed Method. For example, youconfigure CORS parameters of bucket testbucket as follows:

l Allowed Origin: www.examlple.coml Allowed Method: GETl Allowed Header: left blankl Exposed Header: left blankl Cache Duration (s): 100



72

Then, OBS only allows GET requests from origin www.examlple.com to access buckettestbucket without restricting the request headers. Your browser can cache the CORSrequests for 100 seconds.

----End

Follow-up ProcedureYou can click Edit or Delete to edit or delete a configured rule based on site requirements.

4.2.8 Configuring LoggingAfter logging is enabled for a bucket, OBS automatically converts bucket logs into objectsfollowing the naming rules and writes the objects into a specific bucket.

PrerequisitesThe log delivery user must have been assigned the ACL View and Write permissions on thecurrent bucket and the target bucket storing logs. For details, see section 4.2.4 Setting ACLPermissions for Buckets.

Procedure


Step 2 Select the bucket for which you want to configure logging under My Bucket and clickBucket Attribute.

Step 3 Click Log Management.

Step 4 Click the OFF button.

Step 5 Set Target Bucket to store logs.

Step 6 Set Target Prefix to specify the prefix for log names.

After logging is enabled, generated logs are named using the following format:

<TargetPrefix>YYYY-mm-DD-HH-MM-SS-<UniqueString>

l <TargetPrefix> indicates the specific target prefix.l YYYY-mm-DD-HH-MM-SS indicates the date and time when the log is generated.l <UniqueString> indicates a character string generated by OBS.

On OBS Console, if configured <TargetPrefix> ends with a slash (/), logs generated in thebucket are stored in the <TargetPrefix> folder in the target bucket to facilitate management.

For example:



73


l If the target bucket is bucket and target prefix is bucket-log, all logs are directly storedin bucket. The log file is named as follows: bucket-log2015-06-29-12-22-07-N7MXLAF1BDG7MPDV.After log management is configured, you can view the operation logs in the target bucketthat stores the logs in about 5 minutes.

Step 7 Click Save.

A message is displayed indicating that log management configuration of the bucket issuccessful.

----End

4.2.9 Configuring a Lifecycle RuleThis section describes how to define lifecycle rules for a bucket so that the rules can takeeffect on objects in the bucket.

Context

Lifecycle management means periodically deleting objects in a bucket by configuring rules.Lifecycle management applies to the following scenarios:




Procedure


Step 2 Select the bucket for which you want to configure a lifecycle rule under My Bucket and clickBucket Attribute.

Step 3 Click Lifecycle Rule.

Step 4 Click Add.

Step 5 In the Add Rule dialog box, configure a lifecycle rule.l Rule



74


Select Enable to enable the lifecycle rule.l Policy

Match lifecycle rules with the prefixes of object names so that objects with such nameprefixes can be restricted by the lifecycle rules. You can also configure a lifecycle rulefor a bucket so that all objects in the bucket can be restricted by the lifecycle rule.

NOTE

l When By Prefix is selected and the specified prefix and the prefix of an existing lifecycle rule overlap,OBS regards the two rules as one and disables your rule. For example, if a rule with prefix abc exists inthe system, another rule whose prefix contains abc cannot be configured.

l If a lifecycle rule whose Policy is set to By prefix has been configured, you cannot configure a lifecyclerule whose Policy is set to For the entire bucket.

l If a lifecycle rule whose Policy is set to For the entire bucket has been configured, you cannot configurea lifecycle rule whose Policy is set to By prefix. The Add button becomes unavailable.

l Expiration TimeSet expiration time for Current version and Historical version to meet siterequirements.– By day specifies the number of days after which an object is automatically deleted.– By date specifies the day after which objects that match with a rule are deleted.

NOTE

Current version and Historical version are two concepts for Versioning. If Versioning is enabled,uploading objects with the same name to the same path generates different versions. The object uploaded lateris called Current version, and the object uploaded earlier is called Historical version.

l Rule NameIdentify lifecycle rules. The Rule Name contains a maximum of 255 characters.



75


l log/test1.log

l log/test2.log

l doc/example.doc

l doc/good.txt


l log/clientlog.log

l log/serverlog.log

l doc/work.doc

l doc/travel.txt

If the expiration time of objects prefixed with log/ is set to January 11, 2015 (or one daylater) on January 10, 2015, OBS will delete objects log/test1.log, log/test2.log, log/clientlog.log, and log/serverlog.log on January 11, 2015.

If the expiration time of objects prefixed with log/ is set to January 8, 2015 on January10, 2015, OBS will delete objects log/test1.log and log/test2.log that were last modifiedbefore January 8, 2015 on January 10, 2015 but will not delete objects log/clientlog.logand log/serverlog.log that were stored on OBS the same day.



76

NOTE


Step 6 Click OK.

A message is displayed indicating that the lifecycle rule is successfully created.

----End

Follow-up Procedure

You can click Edit or Delete to edit or delete a configured lifecycle rule.

4.2.10 Configuring URL ValidationOBS enables blacklisted URLs to be blocked whereas whitelisted URLs are permitted toavoid link theft.

Context

In HTTP, a website can detect the web page that accesses a target web page using theReferrers field. As the Referrers field can trace sources, specific techniques can be used toblock or return to specific web pages if the pages are not from the website. URL validationchecks whether the Referrers field in requests matches the whitelist or blacklist by settingReferrers. If the field matches the whitelist, the requests are allowed. Otherwise, the requestsare blocked or specific pages are displayed.

OBS supports URL validation based on Referrers in HTTP headers to prevent a user's dataon OBS from being stolen by other users. OBS supports both whitelists and blacklists.

The following describes the principles for setting Referrers:

l Referrers are separated from each other using newlines.l When Whitelisted Referrers is empty but Blacklisted Referrers is not, all websites

except specified ones in the blacklist are allowed to access data in the target bucket.l When Whitelisted Referrers is not empty and Blacklisted Referrers is empty or not

empty, only specified websites in the whitelist are allowed to access data in the targetbucket.

NOTE

When Whitelisted Referrers is the same as Blacklisted Referrers, the blacklist takes effect. For example, ifthe Referrers fields of Whitelisted Referrers and Blacklisted Referrers are set to www.example.com, theaccess request from www.example.com is blocked.

l When Whitelisted Referrers and Blacklisted Referrers are empty, all websites areallowed to access data in the target bucket by default.

l Before determining whether a user has the five types of permissions (Full Control,Read, Write, ACL View, and ACL Edit) for a bucket or objects in the bucket, checkwhether the user complies with the URL validation principles of the Referrers field.

Procedure




77

Step 2 Select the bucket for which you want to configure URL validation under My Bucket andclick Bucket Attribute.

Step 3 Click URL Validation. For details about rules of Referrers, see Context.

Step 4 Enter values for Whitelisted Referrers and Blacklisted Referrers based on siterequirements.

For example:

l If Whitelisted Referrers of bucket test-111 is set to http://example.com andBlacklisted Referrers is empty, only requests whose Referrers is http://example.comcan access data in the bucket.

l If Blacklisted Referrers of bucket test-111 is set to http://example.com andWhitelisted Referrers is empty, all requests except the requests whose Referrers ishttp://example.com can access data in the bucket.

Step 5 Click Save.

A message is displayed indicating a successful URL validation setting.

----End

Follow-up Procedure

To delete whitelisted or blacklisted websites, delete the websites in Whitelisted Referrers orBlacklisted Referrers and click Save.

4.2.11 Configuring VersioningOBS can store multiple versions of an object. You can quickly search for and restore theversions as well as restore data in the event of misoperations or application faults.

Context

Versioning is an effective means to restore overwritten or incorrectly deleted objects. Bydefault, the function is disabled for new buckets on OBS. New objects will overwrite theexisting objects with the same names as the new ones in a bucket.

After versioning is enabled:



78

l When an object is uploaded, OBS automatically allocates a unique version ID for theobject. Objects with the same name are stored on OBS with different version IDs.


l Objects can be permanently deleted by specifying version IDs after Show is enabled forVersions. They cannot be restored after being deleted. If an object is deleted after Hideis enabled for Versions, the object will have a deletion mark with the unique version IDbut will not be actually deleted. If an access request is sent to the object, a message isreturned indicating that the object does not exist. If you delete this deletion mark, youwill cancel the deletion of the object.

l The latest objects in a bucket are returned by default after a GET Object request. You canalso send a request to obtain a bucket's objects with all version IDs.

l All object versions except deletion marks stored on OBS are charged.

If versions of objects in a bucket do not need to be controlled, you can suspend versioning. Ifversioning is disabled:

l Objects of the previous versions remain on OBS. You need to manually deleteunnecessary objects of the previous versions.


l All old object versions except deletion marks stored on OBS are charged.

NOTE

Once being enabled, versioning cannot be disabled. It can only be suspended.

Procedure


Step 2 Select a desired bucket under My Bucket and click Bucket Attribute.

Step 3 Click Versioning.

Step 4 Click Enable to enable versioning for objects in the bucket.

After enabling versioning, click Object. Then click the Hide button to view versions ofobjects with the same names.

----End

Follow-up ProcedureOn the Versioning page, you can click Suspend to suspend versioning for the objects.

4.2.12 Configuring an EventYou can use Simple Message Notification (SMN) to send alarms and notifications, and triggerworkflows.



79

ContextYou can use SMN to send alarms and notifications, and trigger workloads on OBS Console.SMN is a reliable and scalable message notification service that supports massive data andautomatically sends messages to subscribers through emails, SMS messages, and Apps,depending on their requirements. If the event is set to upload or delete for an object in abucket, SMN will send the event notification to you when you upload the object to or delete itfrom the bucket.

Procedure


Step 2 In the bucket drop-down list, select a bucket for you want to configure an event, and clickBucket Attribute.

Step 3 Click Event. The Event page is displayed.

Step 4 On the Event page, click Add to add an event.

Table 4-14 describes the event parameters.



80



Name Name of the event. The event name is self-defined. If theevent name is left blank, the system will automaticallygenerate a unique ID as the event name.

Event Event type. OBS supports event notification for thefollowing event types:l Put: Use PUT to upload an object. Only OBS Browser

supports using PUT to upload an object.l Delete: Delete an object by version.l CompleteMultipartUpload: Upload an object in

multiparts. Only OBS Browser supports multipartobject upload.

l Post: Use POST to upload an object. Only OBSConsole supports using POST to upload an object.

l Copy: Use APIs to copy an object. OBS Console andOBS Browser do not support object copy.

l DeleteMarkerCreated: Delete an object not byversion.

Multiple event types are applicable to the same object. Forexample, if you have selected Put, Copy, and Delete in theEvent check box for the same object, an event will be sentto you when you upload an object to, copy an object to, ordelete an object from the bucket where the object resides.

Prefix Specify the prefix of the object to which the event applies.Events with overlapping event types cannot apply to anobject selected by prefix and suffix at the same time. Forexample, a Put event and another event containing Putcannot apply to the same object testobject which isselected by its prefix and suffix at the same time.

Suffix Specify the suffix of the object to which the event applies.Events with overlapping event types cannot apply to anobject selected by prefix and suffix at the same time. Forexample, a Put event and another event containing Putcannot apply to the same object testobject which isselected by its prefix and suffix at the same time.



81


Topic Specify the SNM topic that authorizes OBS to publishmessages. The SMN topic is created on the SMN page.NOTE

After SMN topics are configured, do not perform the followingoperations unless necessary:

l Delete any topic related to OBS Console events.

l Cancel the authorization of the topic related to OBS Consoleevents to OBS.

If the topic related to OBS Console events is deleted, or theauthorization of the topic to OBS is canceled, the followingconditions may occur:

1. The subscriber of the topic cannot receive notification.

2. The configurations of the unavailable topics will beautomatically cleared when the event configuration of thebucket is modified.

Before using SMN for the first time, apply for the public testpermission. For details, see Applying for the Beta SMN Servicein the Simple Message Notification User Guide.

The quick start of SMN is as follows:

1. Create an SMN topic.

2. Add subscription.

3. Modify the topic policy. Select OBS of Services that canpublish messages on the Modify Topic Policy page.

For details, see sections Creating a Topic, Adding aSubscription to the Topic, and Topic Policy in the SimpleMessage Notification User Guide.

Step 5 Click OK.

Step 6 Verify whether the event notification policy is successfully configured.

Suppose that you are configuring an event notification policy for bucket testbucket. Youselect Post for Event and upload file test.txt to the bucket. After the file is successfullyuploaded, you will receive a notification similar to Figure 3 by email.

NOTE

l OBS event notifications apply to the interconnection with the tenant system and automatic analysisand processing. If you need to stop receiving such notifications, click or visit the link in thenotifications to unsubscribe.

l Please note that every time you have added a new event notification policy, you may receivenotifications of all the event notification policies that you have configured. It is a good practice toconfigure a dedicated mailbox with a large capacity for receiving them.



82

http://support.hwclouds.com/en-us/usermanual-smn/en-us_topic_0043961401.html




Figure 4-1 Notification sent after a file is uploaded

----End

Follow-up Procedure

To modify configuration of an event, click Edit after the event. To delete an event, clickDelete after the event.


Prerequisitesl The bucket is empty.


Procedure


Step 2 In the middle of the page, select a bucket and click Delete.

NOTE

l A bucket and objects in the bucket can be deleted. However, before deleting a bucket, you must ensurethat all objects in the bucket have been deleted.

l The interval between deleting a bucket and creating another bucket with the same name as the deletedbucket varies in different application scenarios. For details, see section Put Bucket in the Object StorageService API Reference.

Step 3 Click OK.

A message is displayed indicating that the bucket is successfully deleted.

----End



83


4.3 Object ManagementOn OBS, operations are performed based on objects. This chapter describes a series of objectmanagement operations.

4.3.1 Creating a FolderThis section describes how to create a folder on OBS Console.

Contextl There are no files or folders on OBS. For easy data management, OBS provides a

method to simulate folders. On OBS, an object is simulated as a folder by adding a slash(/) to the object name on OBS Console.

l The folder cannot be downloaded on OBS Console. However, you can batch downloadfiles in the folder. Alternatively, you can use OBS Browser to download the folder.

Procedure


Step 2 Select the bucket for which you want to create a folder under My Bucket and click Object.

Step 3 Click Create Folder.

Step 4 In the Folder Name text box, enter a name for the folder.l The folder name cannot contain the following special characters: \ / | : * ? " < >l The folder name cannot start or end with a period (.).l The folder name cannot exceed 1023 bytes. The length of a folder name is the sum of the

length of its own and the length of its upper-level directories, and cannot exceed 1023bytes. Levels of directories are automatically separated by slashes (/). For example, if theupper-level directory of folder01 is folder02, file name length is calculated based onfolder02/folder01/.

NOTE

If an access denial message is displayed when you are creating a folder, the possible causes are as follows:l The access permission for the bucket is restricted by the ACL. For example, the user has no write

permission for the bucket.l The access permission for the bucket is restricted by the bucket policy. For example, the user is forbidden

to write data to the bucket during the current period of time, the user has no write permission for thebucket, or server-side encryption is not enabled on OBS Browser, which is against the bucket policy.


Step 5 Click OK.

A message is displayed indicating that the folder has been successfully created.

----End

4.3.2 Uploading a FileThis section describes how to upload local files to OBS for storage.



84

PrerequisitesAt least one bucket has been created.

Contextl You can upload a file up to 50 MB in size using OBS Console.l You cannot batch upload files on OBS Console. To upload multiple files, use OBS

Browser or invoke APIs or SDKs.l The file name cannot exceed 1023 bytes. The length of a file name is the sum of the

length of its own and the length of its upper-level directories, and cannot exceed 1023bytes. Levels of directories are automatically separated by slashes (/). For example, if theupper-level directory of file01 is folder01, the file name length is calculated based onfolder01/file01.

Procedure


Step 2 Select the bucket to which you want to upload files under My Bucket and click Object.

Step 3 Optional: Create a folder. For details, see section Creating a Folder.

Step 4 Optional: Click the folder name in the Object Name column to open the folder.

Step 5 Click the icon shown in the red box in the following figure.

Step 6 Select the file that you want to upload and click Open.

Step 7 Click Upload.

A message is displayed indicating that the file was successfully uploaded.



85

NOTE


2. If an access denial message is displayed when you are uploading a file, the possible causes are as follows:

The access permission for the bucket is restricted by the ACL. For example, the user has no writepermission for the bucket.

The access permission for the bucket is restricted by the bucket policy. For example, the user is forbiddento write data to the bucket during the current period of time, the user has no write permission for thebucket, or server-side encryption is not enabled on OBS Browser, which is against the bucket policy.


----End

4.3.3 Uploading a File with Server-Side EncryptionOBS allows users to encrypt objects using server-side encryption so that the objects can besecurely stored on OBS.

Prerequisites

The KMS Administrator permission has been added in the region of OBS using Identity andAccess Management (IAM). For details about how to add the permission, see section How DoI Manage User Groups and Grant Permissions to Them? in the Identity and AccessManagement User Guide.

If you want to use a user-defined key to encrypt objects to be uploaded, create a key usingKMS. For details about how to create a key using KMS, see section Creating a Key in theKey Management Service User Guide.

Context

After server-side encryption is enabled, when uploading objects, data will be encrypted andstored on the server. When downloading the encrypted objects, the encrypted data will bedecrypted on the server and displayed in plaintext to users.

KMS is used to encrypt the objects to be uploaded.

Before performing an open beta test (OBT) for KMS, the OBT permission needs to be appliedfor. After the OBT permission is obtained and the OBT is passed, you can use KMS. KMS isautomatically enabled after commercial use.

Procedure


Step 2 Select the bucket to which you want to upload objects under My Bucket and click Object.

Step 3 Click the button shown in the red box in the following figure to select the object to beuploaded.



86

http://support.hwclouds.com/en-us/usermanual-iam/en-us_topic_0046611269.html

http://support.hwclouds.com/en-us/usermanual-iam/en-us_topic_0046611269.html

http://support.hwclouds.com/en-us/usermanual-kms/en-us_topic_0034330265.html

Step 4 Select KMS encryption.

In the Configure Key dialog box that is displayed, set Key Name and click OK to save thekey settings.

Key Name: It is created using KMS and is used for encrypting and protecting data encryptionkeys. OBS provides a default key named obs/default. You can choose to use this default key,or the user-defined key that you create using KMS to encrypt objects to be uploaded.

Key ID: indicates the identifier of the master key. This parameter is the unique identifier ofthe master key in a database.

Step 5 Optional: After the object is uploaded, click the arrow icon on the left of the object. To viewthe object encryption status, click Details.

The object encryption status cannot be changed.

----End

4.3.4 Accessing an Object Using Its Object URLOBS allows anonymous users to access object data using object URLs.



87

Procedure


Step 2 Under My Bucket, select the bucket where the object you want to share resides and clickObject.

Step 3 Click the arrow icon before the object name.

Step 4 Click Permission to assign the anonymous user the permission to read the object.

NOTE

You cannot share the objects that are encrypted using KMS.

Step 5 Click Save to save the ACL permission settings.

Step 6 Click Link.

The URL is displayed on the page. The anonymous user can access the object by clicking theURL. The object URL is in the format of https://domain name/bucket name/directory level/object name.

NOTE

l If Versioning is enabled for a bucket and Show Version is enabled for the object list, the object URLcontains a version ID and is in the format of https://domain name/bucket name/directory level/objectname?versionId=version ID.

l The method of using a browser to access objects varies depending on the object type. You can directlyopen .txt and .html files using a browser. However, when you open .exe and .dat files using a browser,the files are automatically downloaded to your local computer.

----End



88

Troubleshootingl If an error message similar to the following is displayed when you are accessing an

object using the object URL, configure the Read permission for Anonymous User. Fordetails about how to configure the permission, see Step3 to Step5. After configuring thepermission, repeat Step6.<Error> <Code>AccessDenied</Code> <Message>Access Denied</Message> <RequestId>000173811E0000015B18BC86A3FBD65I</RequestId> <HostId> bcmaSevE9j9tY/Mg646E5xkF5D2jTbHcmxXt6TEfICxLLgbauVuxjJ3hL8zfH+B2 </HostId> </Error>

l If an error message similar to the following is displayed when you are accessing anobject using the object URL, it indicates that the object has been encrypted and anencrypted object cannot be accessed using the object URL.<Error> <Code>InvalidArgument</Code> <Message> Requests specifying Server Side Encryption with KMS managed keys require Signature Version 4. </Message> <RequestId>000173811E0000015B18C601893BBEFQ</RequestId> <HostId> B8OwldJm/6tRwVx1ONJ/ilTioZnndywWyWPgs3jF/zCyOARICV+dfn0XkXTh8vjW </HostId> <ArgumentName>Authorization</ArgumentName> <ArgumentValue>null</ArgumentValue> </Error>

4.3.5 Setting ACL Permissions for ObjectsThis section describes how to set ACL permissions for objects.

Procedure


Step 2 Under My Bucket, select the bucket where the objects for which you want to set ACLpermissions reside and click Object.

Step 3 Click the arrow icon before the object name and click Permission.

You can set ACL permissions of Object Owner, Anonymous User, Registered User, andLog Delivery User on the page. You can assign the preceding user ACL permissions fortarget objects by selecting the permissions or delete permissions by deselecting thepermissions. You can add ACL permissions of specific users as required or click Delete nextto specific permissions to delete permissions.

NOTE

For the encrypted objects, you cannot set the ACL permissions of the Anonymous User, Registered User,and Log Delivery User. Meanwhile, Add Permission operation is not supported.



89

OBS enables object access permissions to be assigned to the following types of authorizedusers using the ACL, as listed in Table 4-15.



Object Owner The owner of an object. It can disable or enable read and writepermissions but cannot modify other permissions.

Anonymous User A user that is not registered with OBS. If the access permission foran object is assigned to an anonymous user, all users can access theobject.



Specific User A user that is assigned the permission to access an object by theobject owner.

OBS supports the following types of object access permissions, as shown in Table 4-16.



Read The permission to obtain the object content and metadata.

Write The permission to write an object, that is, to overwrite and changethe object.



90


ACL View The permission to view the ACL of an object.An object owner has this permission permanently.

ACL Edit The permission to modify the ACL of an object.An object owner has this permission permanently.NOTE

Users assigned the ACL Edit permission own the Full Control permission.Exercise caution when assigning this permission to other users.

Full Control The permission to control an object. A user assigned such apermission possesses all the permissions mentioned above.NOTE

Users assigned the Full Control permission can fully control a bucket andobjects in it. Exercise caution when assigning this permission to other users.

Step 4 Optional: Click Add Permission. Enter a value for Domain ID of a specific user and setACL permissions of the user.

You can obtain Domain ID on the My Credential page.

If no ACL permission is assigned for a new object, OBS automatically disables the access tothe object by other users except the object owner.


Step 5 Click Save.

A message is displayed indicating a successful object permission setting.

----End

Follow-up Procedure

Click Delete to delete permissions of specific users when necessary. Click to collapsethe permission list.



91


4.3.6 Configuring Object Metadata

ContextMetadata is the data that mainly describes objects' attributes. Object metadata is a set ofname-value pairs that are part of object management.

NOTE

l You cannot set metadata of an object that has multiple versions.

l ContentDisposition and WebsiteRedirectLocation of object metadata are not applicable toencrypted objects.

PrerequisitesYou have already been granted the read permission on objects.

Procedure


Step 2 Select the bucket for which you want to configure object metadata from the drop-down list onthe left and click Object.

Step 3 Click the arrow to the left of the object name and click Metadata.

Step 4 Click Add Metadata. Enter metadata information as required.

Table 1 lists three kinds of system-defined metadata that OBS currently supports.



92

Table 4-17 Three kinds of system-defined metadata that OBS currently supports

Name Description

ContentDisposition Provides a default file name for the object that is beingrequested. When an object is being downloaded or accessed,the file with the default file name is directly displayed in thebrowser or a download dialog box is displayed if the file isbeing accessed.For example, select ContentDisposition as the metadataname and enter attachment;filename="testfile.xls" as themetadata value for an object. If you access the object througha link, a dialog box is directly displayed for downloadingobjects, and the object name is changed to testfile.xls.

ContentLanguage Specifies the language of the object content.For example, select ContentLanguage as the metadata nameand enter en-us as the metadata value for an object. If youaccess the object, the object content is displayed in English bydefault.

WebsiteRedirectLocation Redirects an object to another object or an external URL. Theredirection function is implemented using static websitehosting.For example, you can perform the following operations toimplement object redirection:1. Set metadata of object testobject.txt in the root directory

of bucket testbucket. Select WebsiteRedirectLocationfor Name and enter http://www.example.com for Value.NOTE

OBS only supports redirection for objects in the root directory ofa bucket.

2. Select bucket testbucket and choose Bucket Attribute >Static Website Hosting. On the Static Website Hostingpage that is displayed, enter object name testobject.txt inthe Default Home Page text box to configure staticwebsite hosting.

3. If you access object testobject.txt using the Endpoint onthe Static Website Hosting page, the access request isredirected to http://www.example.com.

Step 5 Click Save.

----End

4.3.7 Searching for a File or FolderThis section describes how to search for a file or folder by name prefix on OBS Console.



93

Procedure


Step 2 Select the bucket where the target object resides.

Step 3 Click Object.

Step 4 In the search box in the upper right corner on the Object page, enter the name prefix of thedesired file or folder.

Step 5 Click .

The found files or folders are displayed in the object list.

For example, if you want to search for files or folders whose name prefix is testobject inbucket mybucket, go to the Object page, enter testobject in the search box in the upper right

corner on the page, and click . All files or folders whose name prefix is testobject aredisplayed in the object list.

----End

4.3.8 Downloading a FileThis section describes how to download a file from OBS to a local computer.

Procedure


Step 2 Select the bucket from which you want to download files under My Bucket and click Object.

Step 3 Select the file that you want to download.

Step 4 Click Download or Download As, and proceed as prompted.

----End

4.3.9 Deleting a FileThis section describes how to delete a file.

Context

Deleting unnecessary objects saves space and costs.


Procedure


Step 2 Select the bucket from which you want to delete files under My Bucket and click Object.



94

Step 3 Select a file and click Delete.

You can select multiple files and click Delete in the middle of the page to batch delete thefiles.

Step 4 Click OK.

A message is displayed indicating that the file has been successfully deleted.

----End

4.3.10 Deleting a FolderThis section describes how to delete a folder.

Procedure


Step 2 Select the bucket from which you want to delete folders and click Object.

Step 3 Select the folder you want to delete.

Step 4 Click Delete.

Step 5 Click OK.

A message is displayed indicating that the folder is successfully deleted.

----End

4.4 Fragment ManagementFragment management enables you to clear fragments that were generated due to objectupload failures.

Context

The following lists examples of situations where fragments may be generated due to dataupload failures.




Procedure


Step 2 Select the bucket for which you want to configure fragment management under My Bucketand click Fragment.



95

Step 3 Select a fragment and click Delete on the right of the object.

You can also select multiple fragments and click Delete on the top of objects list to batchdelete them.

Step 4 Click OK.

A message is displayed indicating a successful fragment deletion.

----End

4.5 Typical ApplicationThis section describes how an enterprise uses OBS on OBS Console.

4.5.1 Configuring an Event Notification Instance

ContextSuppose that an enterprise needs to store a large number of files but does not want to purchasestorage devices. Therefore, the enterprise subscribes the OBS service for storing the files andexpects that all operations performed on OBS and included in event notification can be sent toa certain employee by email.

Procedure

Step 1 Log in to OBS Console as an enterprise user.

Step 2 Create a bucket.

In the upper right corner of the page, click Create Bucket. In the dialog box that is displayed,set Region, and Bucket Name, and click OK. In the following example, testbucket is thebucket name.

Step 3 Create a folder.

Click the bucket created in Step2 to go to the Object page. Click Create Folder. In theCreate Folder dialog box, set Folder Name and click OK. In the following example, SMNis the folder name.



96

Step 4 Click and select Simple Message Notification to go the page for configuring theevent notification service. Create an SMN topic. The following uses SMN topic TestTopic asan example to detail the creation process. The notification method is email.

1. Create an SMN topic.2. Add subscription.3. Modify the topic policy. Select OBS of Services that can publish messages on the Policy

page.For details, see sections Creating a Topic, Adding a Subscription to the Topic, andTopic Policy in the Simple Message Notification User Guide.

Step 5 Click and select Object Storage Service to return to the OBS page.

Step 6 Configure an event.

In the left navigation tree, select the bucket created in Step2 and click Bucket Attribute.Choose Event > Add. In the dialog box that is displayed, configure the event notificationpolicy and click OK.

According to the configurations in the following figure, all operations performed on folderSMN in bucket testbucket and included in event notification can be sent to certain employeesby email. For details about parameters, see Table 4-14.



97




----End

Verification

Step 1 Log in to OBS Console as an enterprise user.

Step 2 Upload file test.txt to the folder created in Step3.

After the file is uploaded, an employee receives an email similar to the following figure.Keyword ObjectCreated:Post in the email indicates that the object is successfully uploaded,as shown in Figure 4-2.

Figure 4-2 Notification received after a file is successfully uploaded

Step 3 Delete file test.txt uploaded in Step2.

After the file is deleted, an employee receives an email similar to the following figure.KeywordObjectRemoved:DeleteMarkerCreated in the email indicates that the object issuccessfully deleted, as shown in Figure 4-3.



98

Figure 4-3 Notification received after a file is successfully deleted

----End

4.5.2 Isolating Permissions of a Tenant's Users by Configuring aBucket Policy

Context

Suppose that an enterprise needs to store a large number of files but does not want to purchasestorage devices. Therefore, this enterprise subscribes the OBS service for storing the files, andexpects that staff in different departments have different access permissions. For example,staff of department A can only upload, delete, and view data, while staff of department B canonly download data. By doing so, permissions of staff in different departments to access theenterprise's data are isolated.

Procedure

Step 1 Log in to OBS Console using an enterprise account.

Step 2 Click in the upper left corner and choose Identity and Access Management. Onthe IAM page that is displayed, create two users.

The enterprise account, which is the tenant account, can contain many users created onIdentity and Access Management (IAM). These users can access and manage data that theenterprise stores on OBS. For details about how to create a user, see section How Do IManage Users? in the Identity and Access Management User Guide.

Suppose that the two users created by the enterprise are User01 and User02.

Step 3 Query the Domain ID and User ID of User01.

1. Click the username in the upper right corner of the page and choose Log Out. The pagefor logging in to OBS Console is displayed. Click Multitenant Login in the upper rightcorner of the page and use User01 created in Step2 to log in to OBS Console.

2. Click the username in the upper right corner of the page and choose My Credential. Onthe My Credential page that is displayed, view the Domain ID and User ID of User01,as shown in Figure 1. Suppose that the queried Domain ID and User ID of User01 are9698542758bc422088c0c3eabfc30d12 and 84712b911a0244838fd41326945f7c87,respectively.



99

Figure 4-4 Querying the Domain ID and User ID of User01

3. Copy and save the Domain ID and User ID of User01 to the local client. These two IDsare required when you set permissions of target users by configuring a bucket policy.

Step 4 Query the Domain ID and User ID of User02 following instructions in Step3.

Suppose that the queried Domain ID and User ID of User02 are9698542758bc422088c0c3eabfc30d12 and 8e4335b72788441f9d9d345002d1a8d5,respectively.

NOTE

User01and User02 are users created under the enterprise account. Therefore, the domain IDs of bothUser01 and User02 are the same as that of the enterprise account.

Step 5 Click the username in the upper right corner of the page and choose Log Out. The page forlogging in to OBS Console is displayed. Log in to OBS Console using an enterprise account.

Step 6 Click and choose Object Storage Service. The OBS page is displayed.

Step 7 Create a bucket.

In the upper right corner of the page, click Create Bucket. In the dialog box that is displayed,set Region, and Bucket Name, and click OK. In the following example, testbucket is thebucket name.

Step 8 Set different permissions of User01 and User02 on bucket testbucket.



100

1. Select bucket testbucket and click Bucket Attribute.2. Choose Permission > Configure Bucket Policy.3. In the dialog box that is displayed, enter the following bucket policy and click OK.

Table 1-1 describes an example of parameters that you need to manually modify in apolicy.



Deny/Allow Value of the Effect field that indicateswhether the permission in the policy isallowed or denied. The value of theEffect field must be Allow or Deny.

9698542758bc422088c0c3eabfc30d12 Domain ID of an account. The DomainID needs to be modified based on actualconditions.

84712b911a0244838fd41326945f7c87 User ID of User01. The User ID needs tobe modified based on actual conditions.

8e4335b72788441f9d9d345002d1a8d5 User ID of User02. The User ID needs tobe modified based on actual conditions.

Action Value of the Action field that indicatesthe operation set in the policy. TheAction field indicates all operationssupported by OBS and contains a stringof case-insensitive characters. The valuesupports a wildcard character (*), whichindicates all operations that can beperformed on the specified resource, forexample, "Action":["s3:List*","s3:Get*"]. Enter a value based onactual conditions. For details about alloperations supported by OBS, see sectionBucket Policy in the Object StorageService API Reference.

Resource Target bucket on which this policy takeseffect. testbucket is the bucket name andneeds to be modified based on actualconditions.

{ "Version":"2012-10-17", "Id":"Policy01", "Statement":[ { "Sid":"deny_user-01_manipulate_testbucket", "Effect":"Deny", "Principal":{ "AWS":[



101


"arn:aws:iam::9698542758bc422088c0c3eabfc30d12:user/84712b911a0244838fd41326945f7c87" ] }, "Action":[ "s3:DeleteBucket*", "s3:PutBucket*", "s3:PutLifecycleConfiguration" ], "Resource":[ "arn:aws:s3:::testbucket" ] }, { "Sid":"allow_user-01_list_testbucket", "Effect":"Allow", "Principal":{ "AWS":[ "arn:aws:iam::9698542758bc422088c0c3eabfc30d12:user/84712b911a0244838fd41326945f7c87" ] }, "Action":[ "s3:ListBucket*" ], "Resource":[ "arn:aws:s3:::testbucket" ] }, { "Sid":"allow_user-01_put_delete_object_testbucket", "Effect":"Allow", "Principal":{ "AWS":[ "arn:aws:iam::9698542758bc422088c0c3eabfc30d12:user/84712b911a0244838fd41326945f7c87" ] }, "Action":[ "s3:Get*", "s3:PutObject", "s3:DeleteObject" ], "Resource":[ "arn:aws:s3:::testbucket/*" ] }, { "Sid":"deny_user-02_manipulate_testbucket", "Effect":"Deny", "Principal":{ "AWS":[ "arn:aws:iam::9698542758bc422088c0c3eabfc30d12:user/8e4335b72788441f9d9d345002d1a8d5" ] }, "Action":[ "s3:DeleteBucket*", "s3:PutBucket*", "s3:PutLifecycleConfiguration" ], "Resource":[ "arn:aws:s3:::testbucket" ] }, { "Sid":"deny_user-02_put_delete_object_testbucket", "Effect":"Deny", "Principal":{



102

"AWS":[ "arn:aws:iam::9698542758bc422088c0c3eabfc30d12:user/8e4335b72788441f9d9d345002d1a8d5" ] }, "Action":[ "s3:DeleteObject*", "s3:PutObject*" ], "Resource":[ "arn:aws:s3:::testbucket/*" ] }, { "Sid":"allow_user-02_list_testbucket", "Effect":"Allow", "Principal":{ "AWS":[ "arn:aws:iam::9698542758bc422088c0c3eabfc30d12:user/8e4335b72788441f9d9d345002d1a8d5" ] }, "Action":[ "s3:ListBucket*" ], "Resource":[ "arn:aws:s3:::testbucket" ] }, { "Sid":"allow_user-02_getobject_testbucket", "Effect":"Allow", "Principal":{ "AWS":[ "arn:aws:iam::9698542758bc422088c0c3eabfc30d12:user/8e4335b72788441f9d9d345002d1a8d5" ] }, "Action":[ "s3:GetObject*" ], "Resource":[ "arn:aws:s3:::testbucket/*" ] } ]}Table 2 describes an example of permissions set for different users in each Sid module.

Table 4-19 Permissions in each Sid module

Sid Applies To Description

deny_user-01_manipulate_testbucket

User01 Denies User01 thepermissions to delete andmodify configurations ofbucket testbucket.

allow_user-01_list_testbucket

User01 Allows User01 to listobjects in buckettestbucket.



103

Sid Applies To Description

allow_user-01_put_delete_object_testbucket

User01 Allows User01 to uploadan object to and delete anobject from buckettestbucket.

deny_user-02_manipulate_testbucket

User02 Denies User02 thepermissions to delete andmodify configurations ofbucket testbucket.

deny_user-02_put_delete_object_testbucket

User02 Denies User02 thepermissions to upload anobject to and delete anobject from buckettestbucket.

allow_user-02_list_testbucket

User02 Allows User02 to listobjects in buckettestbucket.

allow_user-02_getobject_testbucket

User02 Allows User02 to obtainobjects in buckettestbucket.

4. Click Save to save the configurations.

Step 9 Verify the permission configurations of User01 and User02.

1. Log in to OBS Console as user User01. In any of the following scenarios, permissions ofUser01 are successfully configured:– Click Delete to the right of bucket testbucket. A message stating Access Denied is

displayed.



104

– Click bucket testbucket to go to the object management page, select an appropriatelocal object, and click Upload. The object is successfully uploaded.

– Click Delete to the right of the uploaded object and the object is successfullydeleted.

2. Log in to OBS Console as user User02. In any of the following scenarios, permissions ofUser02 are successfully configured:– Click Delete to the right of bucket testbucket. A message stating Access Denied is

displayed.– Click bucket testbucket to go to the object management page, select an appropriate

local object, and click Upload. The object fails to be uploaded and the followinginformation is displayed:Upload failed. Possible causes:1.The network is abnormal.2.You have no permissions to write the bucket.3.Your account is in arrears or has insufficient balance.4.Your account has been frozen.

– Select any object in bucket testbucket and click Delete to the right of this object.The object fails to be deleted and a message stating Access Denied is displayed.

----End



105

5 Using OBS on OBS Browser

About This ChapterOBS Browser enables you to perform most basic operations.

5.1 Basic Operations on OBS Browser

5.2 Bucket Management

5.3 Object Management

5.4 Task Management

5.5 Typical Application

Object Storage ServiceUser Guide 5 Using OBS on OBS Browser


106

5.1 Basic Operations on OBS BrowserThis chapter describes basic operations on OBS Browser.

You can refresh the OBS Browser page that is currently displayed using the followingmethods:

l Click in the upper right corner of the page.l Right-click the bucket or object list and choose Refresh from the shortcut menu.

5.1.1 OBS Browser OverviewThis section describes basic functions of OBS Browser.

OBS Browser is an object storage service client that runs on a Windows operating system. Itis compatible with APIs of OBS and Amazon S3, helping you manage object storage on yourpersonal computers.

The following table provides personal computer (PC) specifications required by OBSBrowser.

Table 5-1 PC specifications required by OBS Browser

Item Specifications Remarks

Operatingsystem

l Windows XP Pro X64Edition

l Windows 7 Pro SP1 32-bitl Windows 7 Pro SP1 64-bitl Windows 8 Pro 32-bitl Windows 10 Pro 64-bitl Windows Server 2008 R2

standard SP1 64-bitl Windows Server 2012

standard SP1 64-bit

-

CPU l Minimum: 2-core 1.6 GHzCPU

l Standard: 2-core 2.4 GHzCPU

-

Memory l Minimum: 4 GBl Standard: 8 GBl Available memory: ≥ 512

MB

-



107

Item Specifications Remarks

Availablespace of theinstallationCD-ROM

≥ 512 MB Disk space required for installing OBSBrowser

Availablespace of thedata disk

≥ 3 GB Disk space required for storing datafiles in the database of OBS Browser(The data files are stored in the systemdisk in the current version.)

NOTICEWhen OBS Browser runs on a 32-bit operating system, the maximum database storage spaceis 2 GB. When the number of tasks in the task list is more than 1 million, OBS Browser maywork incorrectly. For better experience, use a 64-bit operating system.

OBS Browser has a flattened GUI, which is friendly to Windows users. For a betterexperience, use devices with a display resolution of 1280 x 1024 or higher.

If you want to query the current version of OBS Browser, click in the upper right cornerand click About.

If you want to view the help information, click in the upper right corner and clickOnline Help.

5.1.2 Installing OBS Browser

Procedure

Step 1 Download the OBS Browser software package.

1. In the browser, enter www.hwclouds.com/en-us to go to the cloud service homepage.



108


2. Click the area in the red box. The OBS details page is displayed.3. At the bottom of the page, click OBS Browser in the red box. The OBS Browser

download page is displayed.

4. Download the OBS Browser software package as instructed.


1. Double-click the OBS Browser installation file, for example, OBS Browser.exe.2. In the installation wizard, click Next.

3. Click Browse and select an installation path. Click Next.



109

4. Click Install to start installation.

5. Click Finish.



110

Step 3 Double-click the obs.exe file to start OBS Browser.

----End

Follow-up Procedure

By default, the OBS Browser page is automatically displayed after OBS Browser is installed.You can add your account to manage resources on OBS. Alternatively, you can close OBSBrowser and log in to OBS Browser to add your account when necessary.

5.1.3 Creating an Access Key (AK and SK)This section describes how to create an access key (AK and SK). Before logging in to OBSBrowser, create your AK and SK on OBS Console.

Context

OBS uses AKs and SKs for signature verification to ensure that only authorized accounts canaccess specific OBS resources.






111

Procedure


Step 2 In the upper right corner of the page, click the username and choose My Credential.

Step 3 On the My Credential page, click Add Access Key below the Access Keys area. A user cancreate a maximum of two valid access keys.

Step 4 Enter the related information as prompted and save the newly created access key.

NOTE

To ensure access code security, store the access key safely. If you click Cancel in the Confirm dialog box,the access key will not be downloaded and cannot be downloaded later. In this case, you must delete theaccess key and create one later when necessary.

----End

Follow-up Procedure

If an access key has a problem (for example, it is lost or leaked) or will be no longer used,click Delete in the access key list to delete the access key or contact the administrator to resetthe access key.

When deleting an access key, you must enter the login password and verification code. Adeleted access key cannot be restored.

5.1.4 Logging In to OBS BrowserThis section describes how to log in to OBS Browser.

Procedure

Step 1 Double-click obs.exe to start OBS Browser.

If you are starting OBS Browser for the first time, the Add Account dialog box isautomatically displayed. Go directly to Step 4.



Step 4 In the Add Account dialog box, enter the account information and click OK.



112


l Account NameThe account name is used only to uniquely identify an account and can be different fromthe OBS account registered with the public cloud services. The account name cannotexceed 50 characters.

l Storage TypeOBS Browser can be connected to OBS or other storage systems compatible withAmazon S3.– When OBS Browser is connected to OBS, set Storage Type to OBS.– When OBS Browser is connected to other storage systems compatible with Amazon

S3, set Storage Type to S3 compatible storage. You need to specify the server IPaddress or domain name of the storage. The format is IP address or domainname:port (port 443 for HTTPS and port 80 for HTTP). The access requests use the




113

l Access Key ID and Secret Access Key

Enter the AK and SK created in My Credential after you register with a storage service,such as OBS. For details about how to obtain an AK and SK, see section 5.1.3 Creatingan Access Key (AK and SK).


Information about the new account is displayed in the Manage Accounts dialog box.

Step 5 Click OK. You can log in to OBS Browser using the account and check bucket and objectresources owned by the account.

Step 6 Optional: To manage objects owned by multiple accounts on OBS Browser, click the accountname and Manage Accounts to add multiple accounts. You can click a desired account toswitch to the account.

----End

5.1.5 Configuring the SystemThis section describes how to modify system configurations.

Procedure


Step 2 In the upper right corner of OBS Browser, click and click System Configuration.



114

Step 3 In the System Configuration dialog box, modify parameters on the General tab page.

Table 5-2 describes the parameters that can be modified.

Table 5-2 General configurations on OBS Browser


Enable HTTPS If this option is selected, all communication information isencrypted and transferred to OBS over HTTPS.

Enable KMS encryption If Enable HTTPS and Enable KMS encryption areselected, KMS encryption will be implemented for all objectsuploaded to OBS.

Multipart Upload, PartSize (MB)

Objects whose size is larger than the specified part size (5MB by default) are segmented and uploaded in the OBSbackground. The size of each segment can be set in thisdialog box. The value of Part Size (MB) can range from 5MB to 5 GB. This item is selected by default.NOTE

Multipart upload is used by default. Recommended settings of PartSize (MB) are as follows:

To maximize client performance, set Part Size (MB) based on theupload speed. The optimal Part Size (MB) is larger than themaximum upload speed. For example, if the maximum upload speedis 10 MB/s, set Part Size (MB) to an integer greater than 10 MB. It isrecommended that the part size be set to a value two to three timesthe maximum upload speed.

Max Number of UploadTasks

Specifies the maximum number of upload tasks.



115


Max Number ofDownload Tasks

Specifies the maximum number of download tasks.

Language Selects the language of the display. Changes take effect afterthe software is restarted.

Step 4 Optional: Click Network and add proxy server information.

Table 5-3 Network configurations on OBS Browser


Enable proxy If this option is selected, the Authentication option is displayed.Set the following parameters to access OBS through the proxyserver:l Address: domain name or IP address of the proxy serverl Port: port of the proxy server (default port is 8080)

Authentication If this option is selected, you need to enter the username andpassword when connecting the proxy server for authentication.l Username: login username of the proxy server.l Password: login password of the proxy server.

Step 5 Optional: Click Other and add other configuration information.



116

Table 5-4 Other configurations of OBS Browser


Enable automatic Update Check If this option is selected, each time whenyou log in to OBS Browser, a check will beautomatically performed to determinewhether the current software version is thelatest.

Join in the user experience improvementproject

Before selecting Join in the userexperience improvement project, clickView details and carefully read Userexperience improvement project.

Object Count on Each Page Sets the number of objects that aredisplayed on each page. The default value is100. The value ranges from 50 to 300. After

setting the value, click the button inthe upper right corner of the page so that thesetting takes effect.

Task Count in Task List Sets the number of tasks that are displayedin the task list. The default value is 100. Thevalue ranges from 50 to 150. After setting

the value, click the button in the upperright corner of the page so that the settingtakes effect.NOTE

Tasks in the task list are displayed on only onepage. If the actual number of tasks exceeds thatyou set to display, the exceeding tasks are notdisplayed in the task list. However, the task listupdates in real time to display unfinished tasks.



117

Step 6 Click Save to save the system configuration.

----End

5.1.6 Managing AccountsThis section describes how to manage multiple accounts on OBS Browser.

Add an Account




Step 4 In the Add Account dialog box, enter the account information.


l Account Name



118

The account name is used only to uniquely identify an account and can be different fromthe OBS account registered with the public cloud services. The account name cannotexceed 50 characters.

l Storage Type

OBS Browser can be connected to OBS or other storage systems compatible withAmazon S3.

– When OBS Browser is connected to OBS, set Storage Type to OBS.

– When OBS Browser is connected to other storage systems compatible with AmazonS3, set Storage Type to S3 compatible storage. You need to specify the server IPaddress or domain name of the storage. The format is IP address or domainname:port (port 443 for HTTPS and port 80 for HTTP). The access requests use the


l Access Key ID and Secret Access Key

Enter the AK and SK created in My Credential after you register with a storage service,such as OBS. For details about how to obtain an AK and SK, see section 5.1.3 Creatingan Access Key (AK and SK).


Step 5 Click OK.

After saving the account information, you can click the account name in the upper corner ofthe page and the newly added account is displayed in the account name drop-down list. Youcan click the desired account to switch to from the current login account.

----End

Modifying an Account



Step 3 Click Edit in the row where the desired account resides.

Step 4 Modify the account information as required.



119

Step 5 Click OK to save the modification.

----End

Deleting an Account



Step 3 Click Delete in the row where the desired account resides.

Step 4 Click OK and the account is deleted.

----End

5.1.7 Updating OBS BrowserThis section describes how to update OBS Browser.

ProcedureEvery time you log in to OBS Browser, the system automatically checks for update bydefault. If the current version is not the latest, upgrade the software as instructed.

Manually upgrade OBS Browser as follows if you log in to OBS Browser, click in theupper corner of the page, select System Configuration, click Other in the SystemConfiguration dialog box that is displayed, and deselect Automatic Update Check:


Step 2 In the upper right area, click . Then click Check for Update.



120

Step 3 Update the OBS Browser version as instructed.

Click on OBS Browser. Then click Check for Update. If It is already the latestversion is displayed, the upgrade is successful.

----End

5.1.8 FeedbackThis section describes how to feed back your comments or suggestions on OBS using OBSBrowser.

ContextStatistics on user comments and suggestions as well as function usage must be collected andanalyzed to continuously improve operation experience and product performance, boostingcustomer satisfaction.

Procedure


Step 2 In the upper right corner of OBS Browser, click . Then click Feedback.



121

Step 3 In the dialog box that is displayed, enter the problems that you encounter and suggestions,your email address, and phone number.

Your contact information is used for us to reach you quickly. Your personal data will beanonymized, encrypted, and sent to our company for us to improve our products and services.The data will neither be disclosed or shared, nor be used for other products. You can capturescreenshots of problems you encounter during OBS Browser usage and send them to us.

----End

5.2 Bucket ManagementThis chapter describes a series of bucket management operations.

OBS Browser supports three methods of bucket management. This document takes the firstmethod as an example to describe bucket management operations.

1. Click the blank area in the row where the bucket to be managed resides. You can managethe bucket using the buttons displayed above the bucket list.



122

2. Click the operation buttons in the row of the bucket to be managed.

3. Right-click the blank area in the row where the bucket to be managed resides. A shortcutmenu is displayed for managing the bucket.


Procedure




123


Step 3 In the Create Bucket dialog box that is displayed, enter the bucket information as required.

NOTE


Table 5-5 Parameters for creating a bucket


Method Select Create bucket.


Bucket Name Name of the bucket to be created.The bucket name must be globally unique and comply with thefollowing rules:l Contains 3 to 63 characters, including lowercase letters, digits,

hyphens (-), and periods (.)l Cannot be an IP addressl Cannot start or end with a hyphen (-) or period (.)l Cannot contain two consecutive periods (.)l Cannot contain periods (.) and hyphens (-) adjacent to each other

You can move the pointer over behind the Bucket Name text box to view the namingrules for a bucket. A user can create a maximum of 100 buckets on OBS.



124

NOTE


Step 4 In the dialog box that is displayed, click OK.

NOTE


----End

Region Information Configuration

The Region information can be configured on OBS Browser. The following details theconfiguration procedure:

1. Open file region in folder OBS Browser in the installation path of OBS Browser.2. Change the value of parameter options in file region.

Enter the region information to be added to the end of parameter options in thefollowing format:{"key":"Region alias","value":"Region"}

The newly added information must be in the JSON format. The following describes theparameters.– key indicates a user-defined region alias. Its value is in the Region drop-down list

in the Create Bucket dialog box. For a convenient view, you are advised to enternot more than 25 characters.

– value indicates Region. Enter its value based on Region supported by OBS.Each time when a Region is added, a group of values will be added to options, thatis, {"key":"Region alias","value":"Region"}. Groups of values are separated bycommas (,). The following provides two configuration examples of newly addedregion01 and region02. Keep the values of other parameters in file regionunchanged."options":[{"key":"cn-north-1","value":"cn-north-1"},{"key":"region01_test","value":"region01"},{"key":"region02_test","value":"region02"}]

3. After file region is successfully modified, restart OBS Browser so that theconfigurations can take effect.

5.2.2 Searching for a BucketThis section describes how to search for a bucket by entering characters contained in its nameon OBS Browser.

Procedure




125

Step 2 In the search box in the upper right corner on the main page, enter characters contained in thename of the desired bucket.

Step 3 Click .

The found buckets are displayed in the bucket list. If you want to search for other buckets,

click in the search box to delete the keyword and enter the characters contained in thenames of the buckets for which you want to search.

If the object list is displayed and you want to quickly switch to another bucket, you can click

on the left to expand the bucket list and then enter the bucket name in the search boxabove the bucket list.

For example, if you want to search for buckets whose names contain the test characters, youonly need to enter test in the search box in the upper right corner on the main page and click

. Then, all buckets that contain test in their names are displayed in the bucket list.

----End

5.2.3 Viewing Basic Information About a BucketThis section describes how to view basic information about a bucket, including the owner,capacity, location, and object quantity using OBS Browser.

Procedure


Step 2 Click the blank area in the row of the bucket about which you want to query the basicinformation and click Basic.

Step 3 In the Basic dialog box that is displayed, view basic information about the bucket.



Owner Owner of the bucket. It indicates the current account on OBS.

Space Used Total capacity used by objects in the bucket.

Number of Objects Number of the objects stored in the bucket.

Region Region where the bucket is stored.

Domain ID Unique identity of the bucket owner. It is the same as Domain IDon the My Credential page.

Created Time when the creation of a bucket is completed.



126

----End

5.2.4 Setting ACL Permissions for BucketsThis section describes how to set ACL permissions for a bucket.

Procedure


Step 2 Click the blank area in the row of the bucket for which you want to set ACL permissions andclick Configure Permission.

The Configure Permission dialog box is displayed, as shown in the following figure.



127

Step 3 Set ACL permissions for the bucket and click Save.

OBS enables bucket access permissions to be assigned to the following types of authorizedusers using the ACL, as listed in Table 5-7.




Anonymous User A user that is not registered with OBS. The access permission for abucket and objects can be assigned to anonymous users. If thepermission is assigned, all users can access the bucket and objects.


Log Delivery User A user that is used to deliver bucket access logs. The user isconfigured for bucket log management.

OBS supports the following types of bucket access permissions, as listed in Table 5-8.



Read The permission to obtain the list of objects in the bucket and themetadata of the bucket.

Write The permission to write a bucket. A user with the write permissionfor a bucket can upload, overwrite, and delete any object in thebucket.

ACL View The permission to view the ACL of a bucket.A bucket owner has this permission permanently.

ACL Edit The permission to modify the ACL of a bucket.A bucket owner has this permission permanently.NOTE

Users assigned the ACL Edit permission own the Full Control permission.Exercise caution when assigning this permission to other users.

Full Control The permission to control a bucket and objects in the bucket. Auser assigned such a permission possesses all the permissionsmentioned above.NOTE

Users assigned the Full Control permission can fully control a bucket andobjects in it. Exercise caution when assigning this permission to other users.



128



----End

5.2.5 Configuring a Bucket PolicyA bucket policy defines the access control policy of resources (buckets and objects) on OBS.This section describes how to configure a bucket policy using OBS Browser.

ContextAccess requests to a bucket are controlled by bucket policies. A bucket policy controls accessrequests by allowing or denying the requests.



l To a particular bucketl From an account's corporate networkl From an account's custom application


Procedure


Step 2 Click the blank area in the row of the bucket for which you want to configure a bucket policyand choose More > Configure Bucket Policy.



129


Step 3 In the Configure Bucket Policy dialog box, enter a bucket policy. The following are twoexamples of bucket policy configurations.







783fc6652cf246c096ea836694f71855 Domain ID of an account. The DomainID needs to be modified based on actual

conditions. You can click after thetarget bucket to view the Domain ID inthe Basic dialog box that is displayed.



130



2. Granting an OBS user a permission. In the following example, the user (whose User IDis 71f3901173514e6988115ea2c26d1999) of the account (whose Domain ID is219d520ceac84c5a98b237431a2cf4c2) is assigned the permission to set logmanagement for bucket logging.bucket3.Table 5-10 describes an example of parameters that you need to manually modify:






219d520ceac84c5a98b237431a2cf4c2 Domain ID of an account. The DomainID needs to be modified based on actual

conditions. You can click after thetarget bucket to view the Domain ID inthe Basic dialog box that is displayed.



131




{ "Id": "Policy1375342051335", "Statement":[ { "Sid":"Stmt1375240018062", "Action":[ "s3:PutBucketLogging" ], "Effect":"Allow", "Resource":"arn:aws:s3:::logging.bucket3", "Principal":{ "AWS":[ "arn:aws:iam::219d520ceac84c5a98b237431a2cf4c2:user/71f3901173514e6988115ea2c26d1999" ] } } ] }





Optional


Optional



132




Mandatory


Mandatory




Mandatory

Action/NotAction


Mandatory



Mandatory


Optional

Step 4 Click Save.

----End




133

In the following example, the user (whose User ID isac49fefeb80247799fbaf43249eb73ed) of the account (whose Domain ID is783fc6652cf246c096ea836694f71855) is assigned the permission to obtain all objects inbucket mybucket.Table 5-12 describes an example of parameters that you need to manually modify:








{ "Version":"2008-10-17", "Id":"aaaa-bbbb-cccc-dddd", "Statement":[ {



134


"Effect":"Allow", "Sid":"1", "Principal":{ "AWS":["arn:aws:iam::783fc6652cf246c096ea836694f71855:user/ac49fefeb80247799fbaf43249eb73ed"] }, "Action":["s3:GetObject"], "Resource":"arn:aws:s3:::mybucket/*" } ] }









{ "Version":"2008-10-17", "Statement":[ { "Sid":"1", "Effect":"Deny", "Principal":{"CanonicalUser":["*"]}, "Action":["s3:*"], "Resource":["arn:aws:s3:::mybucket/*"], "Condition": {"StringEquals":{"aws:Referer":["www.example.com"]} } } ] }



135









{ "Version":"2008-10-17", "Id":"aaaa-bbbb-cccc-dddd", "Statement":[ { "Effect":"Allow", "Sid":"1", "Principal":{"AWS":["arn:aws:iam::219d520ceac84c5a98b237431a2cf4c2:root"]}, "Action":["s3:ListBucket"], "Resource":"arn:aws:s3:::mybucket", "Condition":{"StringEquals":{"s3:prefix":"Obj"}}



136


} ] }

4. Limiting the start time of accessing objects in a bucket

In the following example, the start time of accessing all objects in bucket mybucket byall users is set.

Table 5-15 describes an example of parameters that you need to manually modify:










5. Limiting access to OBS from specific IP addresses



137

The following policy grants all users the permission to perform any OBS operation onobjects in a specific bucket. However, the requests must be from the specified IP addressrange.Table 5-16 describes an example of parameters that you need to manually modify:









{ "Version":"2008-10-17", "Id":"01", "Statement":[ { "Sid":"1", "Effect":"Allow", "Principal":{ "AWS":[ "*" ] }, "Action":[ "s3:*" ], "Resource":[ "arn:aws:s3:::examplebucket/*" ], "Condition":{ "NotIpAddress":{



138

"aws:SourceIp":[ "192.168.0.25/32" ] }, "IpAddress":{ "aws:SourceIp":[ "192.168.1.0/24" ] } } } ]}

5.2.6 Configuring CORSThis section describes how to use CORS in HTML5 to implement cross-origin access.

Procedure


Step 2 Click the blank area in the row of the bucket for which you want to configure CORS andchoose More > Configure CORS Rule.

Step 3 Click Add.

NOTE

You can set a maximum of 100 CORS rules for OBS.

Step 4 In the Add CORS Rule dialog box that is displayed, enter CORS rules.



139

Table 5-17 describes parameters in CORS rules.




Mandatory


Mandatory


Optional



140



Optional


Mandatory

Step 5 Click OK. The Configure CORS Rule dialog box is displayed.

Step 6 Click OK to save the rules.

After CORS is successfully configured, only the addresses specified in Allowed Origin canaccess a bucket on OBS using the method specified in Allowed Method. For example, youconfigure CORS parameters of bucket testbucket as follows:

l Allowed Origin: www.examlple.coml Allowed Method: GETl Allowed Header: left blankl Exposed Header: left blankl Cache Duration (s): 100

Then, OBS only allows GET requests from origin www.examlple.com to access buckettestbucket without restricting the request headers. Your browser can cache the CORSrequests for 100 seconds.

----End

Follow-up Procedure

New rules are displayed in the Configure CORS Rule dialog box. You can select a rule andmodify or delete it.

5.2.7 Configuring LoggingAfter logging is enabled for a bucket, OBS automatically converts bucket logs into objectsfollowing the naming rules and writes the objects into a specific bucket.

Prerequisites

The log delivery user group has been assigned the Write and ACL View permissions for thetarget bucket. For details, see section 5.2.4 Setting ACL Permissions for Buckets.

Procedure




141

Step 2 Click the blank area in the row of the bucket for which you want to configure logging andchoose More > Configure Log Function.

Step 3 Select Enable, select a value for Target Bucket, and enter a value for Target Prefix. Thenclick Save.l Target Bucket indicates the bucket storing logs.l Target Prefix indicates the prefix of a log file name.

After logging is enabled, generated logs are named using the following format:

<TargetPrefix>YYYY-mm-DD-HH-MM-SS-<UniqueString>

l <TargetPrefix> indicates the specific target prefix.l YYYY-mm-DD-HH-MM-SS indicates the date and time when the log is generated.l <UniqueString> indicates a character string generated by OBS.

On OBS Browser, if configured <TargetPrefix> ends with a slash (/), logs generated in thebucket are stored in the <TargetPrefix> folder in the target bucket to facilitate management.

For example:


l If the target bucket is bucket and target prefix is bucket-log, all logs are directly storedin bucket. The log file is named as follows: bucket-log2015-06-29-12-22-07-N7MXLAF1BDG7MPDV.After log management is configured, you can view the operation logs in the target bucketthat stores the logs in about 5 minutes.



142

----End

5.2.8 Configuring a Lifecycle RuleThis section describes how to define lifecycle rules for a bucket so that the rules can takeeffect on objects in the bucket.

Context

Lifecycle management means periodically deleting objects in a bucket by configuring rules.Lifecycle management applies to the following scenarios:




Procedure


Step 2 Click the blank area in the row of the bucket for which you want to configure a lifecycle ruleand choose More > Configure Lifecycle Rule.



143


Step 3 In the Configure Lifecycle Rule dialog box, click Add.

Step 4 Select Enable and configure required parameters.l Status

Select Enable to enable the lifecycle rule.l Policy

Match lifecycle rules with the prefixes of object names so that objects with such nameprefixes can be restricted by the lifecycle rules. You can also configure a lifecycle rulefor a bucket so that all objects in the bucket can be restricted by the lifecycle rule.

NOTE

l When By Prefix is selected and the specified prefix and the prefix of an existing lifecycle rule overlap,OBS regards the two rules as one and disables your rule. For example, if a rule with prefix abc exists inthe system, another rule whose prefix contains abc cannot be configured.

l If a lifecycle rule whose Policy is set to By prefix has been configured, you cannot configure a lifecyclerule whose Policy is set to For the entire bucket.

l If a lifecycle rule whose Policy is set to For the entire bucket has been configured, you cannot configurea lifecycle rule whose Policy is set to By prefix. The Add button becomes unavailable.

l Expiration Time– By day specifies the number of days after which an object is automatically deleted.– By date specifies the day after which objects that match with a rule are deleted.

l Rule Name identifies lifecycle rules. The Rule Name contains a maximum of 255characters.


l log/test1.logl log/test2.logl doc/example.docl doc/good.txt


l log/clientlog.logl log/serverlog.logl doc/work.doc



144

l doc/travel.txtl If the expiration time of objects prefixed with log/ is set to January 11, 2015 (or one day

later) on January 10, 2015, OBS will delete objects log/test1.log, log/test2.log, log/clientlog.log, and log/serverlog.log on January 11, 2015.

l If the expiration time of objects prefixed with log/ is set to January 8, 2015 on January10, 2015, OBS will delete objects log/test1.log and log/test2.log that were last modifiedbefore January 8, 2015 on January 10, 2015 but will not delete objects log/clientlog.logand log/serverlog.log that were stored on OBS the same day.

NOTE


Step 5 In the Add Lifecycle Rule dialog box, click Save to save the lifecycle rule.

----End

Follow-up ProcedureYou can click Edit or Delete to edit or delete a configured lifecycle rule.

5.2.9 Managing FragmentsFragment management enables you to clear fragments that were generated due to objectupload failures.

ContextThe following lists examples of situations where fragments may be generated due to dataupload failures.




ProcedureStep 1 Log in to OBS Browser.

Step 2 Click the blank area in the row of the bucket and choose More > Manage Fragments.



145

Step 3 In the Manage Fragments dialog box, select a fragment and click .

You can click Clear above the object list to delete all the fragments. Click Check to refreshthe fragment list.

Step 4 In the Warning dialog box that is displayed, confirm upload task information and click OK.

Step 5 Click OK.

The Manage Fragments dialog box is displayed. You can close the dialog box to return tothe OBS Browser home page.

----End

5.2.10 Adding External BucketsOBS enables you to use the external bucket adding function to add buckets of other users ifyou have the access permission for the buckets. By doing so, you can access the externalbuckets locally using your account.

Prerequisites

The current account has been assigned the ACL permissions to access the buckets of otherusers.

For example, account A needs to add bucket bucket_share of account B to itself so thataccount A can read objects stored in bucket bucket_share. Account B needs to obtainDomain ID of account A and set the Read permission on bucket bucket_share for account Ausing OBS Console.

Account A can click after the target bucket to view the Domain ID in the Basic dialogbox that is displayed.

For details about how account B sets permissions for account A, see relevant descriptions ofhow to set ACL permissions for a specific user in section 4.2.4 Setting ACL Permissions forBuckets.

If account B has set the Read permission on bucket bucket_share for Registered User, allregistered users can add bucket bucket_share. For details about how to set permissions forRegistered User, see section 5.2.4 Setting ACL Permissions for Buckets or section 4.2.4Setting ACL Permissions for Buckets.

NOTE

Currently, you can only use OBS Console to set ACL permissions of a specific user. However, you canuse both OBS Console and OBS Browser to set ACL permissions of Registered User.

Context

If a user has been assigned the ACL permissions to access the buckets of other users, the usercan leverage external bucket adding to access the external buckets locally using its ownaccount.

By default, after account A adds a bucket of account B and uploads an object to the bucket,account B cannot download the object.



146

Procedure



Step 3 Select Add external bucket for Method. In the Bucket Name text box, enter the name of theexternal bucket to be added and click OK.

The bucket name must be globally unique and comply with the following rules:

l Contains 3 to 63 characters, starts with a digit or letter, and supports only lowercaseletters, digits, hyphens (-), and periods (.)

l Cannot be an IP addressl Cannot start or end with a hyphen (-) or period (.)l Cannot contain two consecutive periods (.)l Cannot contain periods (.) and hyphens (-) adjacent to each other

After successfully adding an external bucket, you can see the external bucket in the bucket listand have the ACL access permissions for the bucket.

----End

Example

If you are assigned the Write and Read permissions for bucket test, you can leverageexternal bucket adding to add bucket test to a local computer using your account. You can seebucket test in the bucket list on the left and have the write permission for the bucket. That is,you can upload objects to, overwrite objects in, and delete objects from the bucket.


Prerequisitesl The bucket to be deleted is empty.



147


l Before deleting a bucket, ensure that all objects in the bucket have been deleted and nomultipart upload tasks are running in the bucket.

Procedure


Step 2 In the bucket list, click the blank area in the row of a bucket and click More > Delete.

NOTE

The interval between deleting a bucket and creating another bucket with the same name as the deleted bucketvaries in different application scenarios. For details, see section Put Bucket in the Object Storage ServiceAPI Reference.

Step 3 Click OK.

----End

5.3 Object ManagementOn OBS, operations are performed based on objects which are basic data units. This chapterdescribes a series of object management operations.

Right-click the blank area in the object list and a shortcut menu is displayed. You can chooseUpload File, Upload Folder, or Create Folder to manage objects.

OBS Browser supports three methods of object management. This document takes the firstmethod as an example to describe object management operations.

1. Click the blank area in the row where the object to be managed resides. You can managethe object using the buttons displayed above the object list.

2. Click the operation buttons in the row of the object to be managed.

3. Right-click the blank area in the row where the object to be managed resides. A shortcutmenu is displayed for managing the object.



148


5.3.1 Creating a FolderThis section describes how to create a folder using OBS Browser.

Context

There are no files or folders on OBS. For easy data management, OBS provides a method tosimulate folders. On OBS, an object is simulated as a folder by adding a slash (/) to the objectname on OBS Browser.

Procedure


Step 2 Click the bucket in which you want to create a folder. Click Create Folder.

Step 3 In the dialog box that is displayed, enter a folder name and click OK.

l The folder name cannot contain special characters, such as < > ? | / : \ * "

l The folder name cannot start or end with a period (.).

l The folder name cannot exceed 1023 bytes. The length of a folder name is the sum of thelength of its own and the length of its upper-level directories, and cannot exceed 1023bytes. Levels of directories are automatically separated by slashes (/). For example, if theupper-level directory of folder01 is folder02, file name length is calculated based onfolder02/folder01/.

NOTE





Step 4 Click OK.

----End



149

5.3.2 Accessing an Object Using Its Object URLThe object uniform resource locator (URL) (object sharing) function allows anonymous usersto access object data using object URLs.

PrerequisitesAssign an anonymous user the permission to read the specified object using OBS Console.For details about how to set ACL permissions, see section 4.3.5 Setting ACL Permissionsfor Objects.

Procedure


Step 2 Click the bucket for which you want to configure the object URL function, and click next to the object to be shared to view the object URL.

l If you select S3 compatible storage when logging in to OBS Browser, the object URL isin the format of https://storage server IP address or domain name/bucket name/directorylevel/object name. If the object is in the root directory of the bucket, the URL does notcontain a directory level.

l If you select OBS when logging in to OBS Browser, the object URL is in the format ofhttps://bucket name.domain name/directory level/object name. If the object is in the rootdirectory of the bucket, the URL does not contain a directory level.

Step 3 Click Copy to copy the object URL to the browser. Then you can access the object.

NOTE

The method of using a browser to access objects varies depending on the object type. You can directlyopen .txt and .html files using a browser. However, when you open .exe and .dat files using a browser, thefiles are automatically downloaded to your local computer.

----End

Troubleshootingl If an error message similar to the following is displayed when you are accessing an

object using the object URL, configure the Read permission for Anonymous User onOBS Console. For details about how to configure the permission, see section 4.3.5Setting ACL Permissions for Objects. After configuring the permission, repeat Step3.<Error> <Code>AccessDenied</Code>



150

<Message>Access Denied</Message> <RequestId>000173811E0000015B18BC86A3FBD65I</RequestId> <HostId> bcmaSevE9j9tY/Mg646E5xkF5D2jTbHcmxXt6TEfICxLLgbauVuxjJ3hL8zfH+B2 </HostId> </Error>

l If an error message similar to the following is displayed when you are accessing anobject using the object URL, it indicates that the object has been encrypted and anencrypted object cannot be accessed using the object URL.<Error> <Code>InvalidRequest</Code> <Message> The object was stored using a form of Server Side Encryption. The correct parameters must be provided to retrieve the object. </Message> <RequestId>000173811E0000015B282B2D4D98C59P</RequestId> <HostId> heAWAu3VYmy64mS9biPT6mT37aGWb3sIFx6WJuxzyUW9+VRAcLOu4gPRquZOp+St </HostId> </Error>

5.3.3 Searching for a File or FolderThis section describes how to search for a file or folder by name prefix on OBS Browser.

Procedure


Step 2 Click the bucket where the target file or folder resides.

Step 3 In the search box in the upper right corner on the object management page that is displayed,enter the name prefix of the desired file or folder.

Step 4 Click .

The found files or folders are displayed in the object list. If you want to search for other files

or folders, click in the search box to delete the keyword and enter the characterscontained in the names of the files or folders for which you want to search.

For example, if you want to search for files or folders whose name prefix is testobject inbucket mybucket, go to the object management page, enter testobject in the search box in the

upper right corner on the page, and click . All files or folders whose name prefix istestobject are displayed in the object list.

----End

5.3.4 Uploading a File or FolderThis section describes how to upload local files or folders to OBS for storage.

ContextFiles are uploaded in multiparts on OBS Browser. You can upload a single file up to 5 TB inmultiparts.

The file or folder name cannot exceed 1023 bytes. The length of a file or folder name is thesum of the length of its own and the length of its upper-level directories, and cannot exceed



151

1023 bytes. Levels of directories are automatically separated by slashes (/). For example, ifthe upper-level directory of file01 is folder01, the file name length is calculated based onfolder01/file01.

Procedure


Step 2 Click the bucket to which you want to upload files or folders.

Step 3 Click Upload. Then click Upload File or Upload Folder.

If you use the Upload File function, it is a good practice to upload a maximum of 100 files ata time for better user experience. If you need to upload more files, place the files in a folderand use the Upload Folder function to upload the folder.

NOTE


2. If an access denial message is displayed when you are uploading a file or folder, the possible causes are asfollows:




Step 4 In the dialog box that is displayed, select the file or folder that you want to upload and clickOpen.

You can upload a folder or multiple files at a time. To upload multiple files, hold down Ctrlor Shift to select multiple files. You can also select all the files on the current page by holdingdown Ctrl+A. The operations are consistent with those on the Windows operating system.

The file or folder upload progress is displayed on the task management page. You cansuspend, run, or cancel an upload task based on site requirements. For details, see section5.4.1 Managing Upload Tasks.

----End

5.3.5 Uploading a File with Server-Side EncryptionOBS allows users to encrypt objects using server-side encryption so that the objects can besecurely stored on OBS.

Context

After server-side encryption is enabled, when uploading objects, data will be encrypted andstored on the server. When downloading the encrypted objects, the encrypted data will bedecrypted on the server and displayed in plaintext to users.

KMS is used to encrypt the objects to be uploaded.



152

Procedure


Step 2 In the upper right corner on the page, click .

Step 3 Choose System Configuration > General.

Step 4 Select Enable HTTPS and Enable KMS encryption.

After you select Enable HTTPS and Enable KMS encryption, KMS encryption will be

implemented for all objects uploaded to OBS. After objects are uploaded, click on theright of the object list. In the Properties dialog box that is displayed, view the objectencryption status. KMS encryption indicates that server-side encryption has beenimplemented for the object. No indicates that server-side encryption has not beenimplemented for the object. The object encryption status cannot be changed.

NOTE

HTTPS must be enabled when you enable KMS encryption to upload objects. Therefore, if you deselectEnable HTTPS, Enable KMS encryption is deselected automatically.



153

NOTE

Server-side encryption does not support HTTP. To use server-side encryption, enable HTTPS.

----End

5.3.6 Downloading a File or FolderThis section describes how to download a file or folder from OBS to a local computer.

Procedure


Step 2 Click the bucket from which you want to download a file or folder. Then select a file or folderand click Download.

You can hold down Ctrl or Shift to select files or folders and batch download them. You canalso select all the files or folders on the current page by pressing Ctrl+A. The operations areconsistent with those on the Windows operating system.

Step 3 In the dialog box that is displayed, select a path to save the file or folder and click OK.

The file or folder download progress is displayed on the task management page. You cansuspend, delete, or cancel a download task based on site requirements. For details, see section5.4.2 Managing Download Tasks.

----End

5.3.7 Deleting a File or FolderThis section describes how to delete a file or folder.



154

Context

Deleting a folder will delete all files in the folder. Ensure that all files in a folder can bedeleted before deleting the folder.

Deleting unnecessary files or folders saves space and costs.


Procedure


Step 2 Click the bucket from which you want to delete a file or folder. Then select a file or folder andclick Delete.

You can hold down Ctrl or Shift to select multiple files or folders and batch delete them. Youcan also select all the files or folders on the current page by pressing Ctrl+A. The operationsare consistent with those on the Windows operating system.

Step 3 Click OK.

The file or folder deletion progress is displayed on the task management page. You cansuspend or cancel a deletion task based on site requirements. For details, see section 5.4.3Managing Deletion Tasks.

----End

5.4 Task ManagementOBS supports concurrent file or folder uploads or downloads. Using OBS Browser, you caneasily manage the upload, deletion or download tasks. In the right corner of the taskmanagement page, you can view the numbers of all uncompleted tasks, completed tasks, andtotal tasks. You can manually adjust the column width of the task list.

In the lower left corner of the Completed task list, you can set the number of completed tasksdisplayed on each page. If the number of displayed items exceeds 200,000, the system willsave the first 100,000 items of tasks that are created earlier to the history directory in theinstallation path of OBS Browser. These items are saved in the historyDBData[timestamp].csv format, for example, historyDBData20170426T063744.csv.

5.4.1 Managing Upload TasksThis section describes how to manage upload tasks using OBS Browser.

Prerequisites

You have upload tasks to be managed.

Context

An upload task may be suspended or canceled, or an upload failure may occur when data isbeing uploaded to OBS. You can use upload task management to manage upload tasks.



155

Procedure



Step 3 In the upper right corner, select Upload from the drop-down list. The list of running uploadtasks is displayed.

Upload tasks may fail due to various causes. To view the causes, choose All statuses >

Failed. You can select a failed upload task and click to perform the task again.

Alternatively, you can move the pointer over in the Status column of the failed uploadtask to view the causes.

Step 4 Optional: Select an ongoing upload task and click to suspend the task. Alternatively,you can click Suspend All to suspend all tasks.

Select a suspended upload task and click to resume the task. Alternatively, you can clickRun All to resume all suspended tasks.

Step 5 Optional: Select an ongoing upload task and click to cancel the task. Alternatively, youcan click Cancel All to delete all tasks.

Step 6 Optional: Click the Completed button on the top of the page to view completed tasks. You

can also click after a completed task to delete the task or click Delete All on the top ofthe page to delete all completed tasks.

----End

5.4.2 Managing Download TasksThis section describes how to manage download tasks using OBS Browser.

PrerequisitesYou have download tasks to be managed.

Procedure





156

Step 3 In the upper right corner, select Download from the drop-down list. The list of runningdownload tasks is displayed.

Download tasks may fail due to various causes. To view the causes, choose All statuses >

Failed. You can select a failed download task and click to perform the task again.

Alternatively, you can move the pointer over in the Status column of the faileddownload task to view the causes.

Step 4 Optional: Select an ongoing download task and click to suspend the task. Alternatively,you can click Suspend All to suspend all tasks.

Step 5 Select a suspended download task and click to resume the task. Alternatively, you canclick Run All to resume all suspended tasks.

Step 6 Optional: Select an ongoing download task and click to cancel the task. Alternatively,you can click Cancel All to delete all tasks.



----End

5.4.3 Managing Deletion TasksThis section describes how to manage deletion tasks using OBS Browser.

Prerequisites

You have deletion tasks to be managed.

Procedure



Step 3 In the upper right corner, select Delete from the drop-down list. The list of running deletiontasks is displayed.



157

Deletion tasks may fail due to various causes. To view the causes, choose All statuses >

Failed. You can select a failed deletion task and click to perform the task again.

Alternatively, you can move the pointer over in the Status column of the failed deletiontask to view the causes.

Step 4 Optional: Select an ongoing deletion task and click to suspend the task. Alternatively,you can click Suspend All to suspend all tasks.

Step 5 Select a suspended deletion task and click to resume the task. Alternatively, you can clickRun All to resume all suspended tasks.

Step 6 Optional: Select an ongoing deletion task and click to cancel the task. Alternatively, youcan click Cancel All to delete all tasks.



----End

5.5 Typical ApplicationThis section describes how a user uses OBS on OBS Browser.

PrerequisitesOBS has been enabled.

ContextA user is a film lover and has a large number of videos to be stored. However, this user's diskcannot be expanded in real time. For this reason, the user hopes to use OBS to store videos.

The user needs personal data to be isolated and protected from that of other users andresumable data transfer to be available during the upload of large files.

Procedure


Step 2 In the Add Account dialog box, enter required information to create an account upon theinitial start of OBS Browser.



158

Step 3 Click Create Bucket to create a bucket for storing data.

Step 4 Select the bucket you want to manage.

Step 5 Click the created bucket.

Step 6 Click Create Folder to create a folder.

Step 7 Click Upload to upload a file or folder.

Step 8 Click Manage Tasks.

Step 9 Click Suspend, Run or Cancel to manage the file being uploaded.

----End

Follow-up ProcedureTo obtain files stored on OBS, you can start OBS Browser and download the files to a localcomputer.



159

6 Troubleshooting

About This ChapterThis chapter describes how to troubleshoot OBS Browser and OBS Console.

6.1 Troubleshooting About OBS Browser

6.2 Troubleshooting About OBS Console

Object Storage ServiceUser Guide 6 Troubleshooting


160

6.1 Troubleshooting About OBS Browser

6.1.1 Objects Cannot Be Globally Searched for in a Bucket

Question

Why cannot objects be globally searched for in a bucket?

Answer

OBS Browser does not support iterative query of objects in a bucket but supports query ofobjects in a directory only. If you want to search for an object, go to the directory where theobject resides and search for the object.

For example, if the root directory of bucket abc contains folder A and object B and folder Acontains object C, object C cannot be searched for in the root directory of bucket abc. It canbe searched for only in folder A.

6.1.2 Object URL Cannot Be Opened Using a Browser

Question

Why cannot an object URL be opened using a browser?

Answer

If the Bucket Policy rules forbid the user from accessing the object or Read is not assigned toAnonymous User in the ACL of the object, the user cannot open the object URL using abrowser.

If Read for an object is assigned to Anonymous User but the Bucket Policy rules forbid theuser from accessing the object, the user cannot open the object URL using a browser becausethe priority of Bucket Policy is higher than that of the ACL.

You can solve this problem as follows: (Perform Step 1 to Step 2 to check whether theBucket Policy rules forbid the user from accessing the object. Perform Step 3 to Step 7 toassign Read for the object to Anonymous User.)


Step 2 Choose More > Configure Bucket Policy and check whether the Bucket Policy rules forbidthe user from accessing the object. If yes, delete the Bucket Policy rules and try again.


Step 4 Select the object and click the arrow in front of the object name.


Step 6 Select Read behind Anonymous User.



161

Step 7 Click Save.

----End

6.1.3 No Upload Task Is Created After a Large Number of FilesAre Selected for Upload Using OBS Browser

QuestionWhy is no upload task created and nothing displayed on the page after a large number of filesare selected for upload using OBS Browser? For example, after a user logs in to OBSBrowser and chooses Upload > Upload File to select a large number of files from drive C forupload, no upload task is created and nothing is displayed on the page.

AnswerThe Upload File function of OBS Browser allows 100 files to be uploaded at the same time.If more files need to be uploaded, place the files in a folder and use the Upload Folderfunction to upload the folder.

Also, the total name length of all files to be uploaded cannot exceed approximately 25,500characters. If the name length exceeds this threshold, the system stops responding to theupload request.

6.1.4 Blue or Black Screen of Death Occurs When Files AreUploaded Using OBS Browser

QuestionWhy does blue or black screen of death occur when files are uploaded using OBS Browser?

AnswerWhen OBS Browser is used to upload a large number of files or a few of big files, most of thememory is used. Check whether the available memory space of the PC is greater than or equal



162

to 512 MB. If the available memory space of the PC is smaller than 512 MB, close someapplication programs to release the memory, or add new memory or virtual memory to the PC.

If the problem persists after memory is added, collect dump files based on the followingprocedure, and contact customer service personnel for locating and solving this problem.

Step 1 Right-click Computer and choose Properties from the shortcut menu. In the dialog box thatis displayed, click the Advanced tab. On the Advanced tab page, click Settings. In the dialogbox that is displayed, view the path under Dump file.

Figure 6-1 shows a screenshot of the Windows 7 Pro SP1 64-bit operating system, which isused as an example.

Figure 6-1 Viewing the Dump file path

Step 2 Go to the path, copy and compress all files of which the extension is .dump, and send thecompressed package to customer service personnel for locating and solving this problem.

----End

6.2 Troubleshooting About OBS Console

6.2.1 Object URL Cannot Be Opened Using a Browser

Question

Why cannot an object URL be opened using a browser?



163

Answer

If the Bucket Policy rules forbid the user from accessing the object or Read is not assigned toAnonymous User in the ACL of the object, the user cannot open the object URL using abrowser.

If Read for an object is assigned to Anonymous User but the Bucket Policy rules forbid theuser from accessing the object, the user cannot open the object URL using a browser becausethe priority of Bucket Policy is higher than that of the ACL.

You can solve this problem as follows: (Perform Step 1 to Step 5 to assign Read for theobject to Anonymous User. Perform Step 6 to Step 7 to check whether the Bucket Policyrules forbid the user from accessing the object.)


Step 2 Select the object and click the arrow in front of the object name.


Step 4 Select Read behind Anonymous User.

Step 5 Click Save.


Step 7 Choose Bucket Attribute > Permission > Configure Bucket Policy and check whether theBucket Policy rules forbid the user from accessing the object. If yes, delete the Bucket Policyrules and try again.

----End

6.2.2 Objects Cannot Be Globally Searched for in a Bucket

Question

Why cannot objects be globally searched for in a bucket?



164

AnswerOBS Console does not support iterative query of objects in a bucket but supports query ofobjects in a directory only. If you want to search for an object, go to the directory where theobject resides and search for the object.

For example, if the root directory of bucket abc contains folder A and object B and folder Acontains object C, object C cannot be searched for in the root directory of bucket abc. It canbe searched for only in folder A.

6.2.3 An Object Fails to Be Downloaded Using Internet Explorer11

QuestionA user logs in to OBS Console using Internet Explorer 11 and uploads an object. When theuser attempts to download the object to the original path to replace the original object withoutclosing the browser, a message is displayed indicating a download failure. Why is this?

For example, a user uploads object abc from the root directory of local drive C to a bucket onOBS Console. When the user attempts to download the object to the root directory of localdrive C to replace the original object without closing the browser, a message is displayedindicating a download failure.

AnswerThis problem is caused by browser incompatibility. It can be solved by using Google Chromeas the browser.

If this problem occurs, close the browser and try again.

6.2.4 OBS Console Cannot Be Opened Using Internet Explorer 9

QuestionWhen the address of OBS Console can be pinged, why cannot OBS Console be opened usingInternet Explorer 9?

AnswerCheck whether Use SSL and Use TLS are selected in Internet Options. If not, perform thefollowing procedure and try again:

Step 1 Open Internet Explorer 9.

Step 2 Click Tools in the upper right corner and choose Internet Options > Advanced. Then selectUse SSL 2.0, Use SSL 3.0, Use TLS 1.0, Use TLS 1.1, and Use TLS 1.2, as shown in Figure6-2.



165

Figure 6-2 Internet Options

Step 3 Click OK.

----End

6.2.5 The Object Name Changes After an Object with a LongName Is Downloaded to a Local Computer

Question

After an object with a long name is downloaded to a local computer using OBS Console, whydoes the object name change?

Answer

For Windows, a file name, including the file name extension, can contain a maximum of 255characters. When an object with a name containing more than 255 characters is downloadedto a local computer, the system automatically discards any part of the name after the first 255characters.



166

7 Using OBS SDKs

OBS SDKs enable you to use SDK APIs to invoke massive storage resources for data access,freeing you from complex underlying storage technologies, storage capacity planning, andcapacity expansion and reduction.

When developing applications based on OBS, you can use Huawei OBS SDKs. The SDKscontain underlying REST APIs and apply to multiple programming languages, includingJava, .Net, Android, Python, C++, Ruby, and PHP.

Log in to public cloud services and download the desired SDK from OBS help area.

Object Storage ServiceUser Guide 7 Using OBS SDKs


167

http://developer.hwclouds.com/en-us

8 Obtaining More Resources

This chapter describes how to obtain OBS-related resources.

You can online query and download software and documents related to OBS from publiccloud services and Help Center.

Resources described in Table 8-1 can help you better understand and use OBS.

Table 8-1 OBS-related resources

Resource Description

Object Storage ServiceUser Guide

Describes basic functions and concepts of OBS and providesbasic quick start operations.

Object Storage ServiceAPI Reference

Provides detailed information about REST APIs of OBS.

Object Storage ServiceFAQs

Provides frequently asked questions about OBS.

OBS Console The interactive web-based management console enables you toimplement most OBS functions to manage your resourceswithout programming.

OBS Browser An Amazon S3 compatible client that can be installed in yourlocal computer. Through OBS Browser, you can implementmost OBS functions to manage your resources withoutprogramming.

SDK Contains underlying REST APIs and apply to multipleprogramming languages, including Java, .Net, Android, Python,C++, Ruby, and PHP and provides related software toolpackages, demos, API documents, and development guides.

Object Storage ServiceUser Guide 8 Obtaining More Resources


168

http://www.hwclouds.com/en-us/

http://www.hwclouds.com/en-us/

http://support.hwclouds.com/en-us

User Guide - developer-res-cbc-cn.obs.cn-north-1 ......simulate folders. By adding a slash (/) in an...

Documents

Transcript of User Guide - developer-res-cbc-cn.obs.cn-north-1 ......simulate folders. By adding a slash (/) in an...