diff --git a/docs/obs/s3api/en-us_topic_0125560249.html b/docs/obs/s3api/en-us_topic_0125560249.html index 111cc8541..bcc01eed3 100644 --- a/docs/obs/s3api/en-us_topic_0125560249.html +++ b/docs/obs/s3api/en-us_topic_0125560249.html @@ -32,7 +32,7 @@ Date: date <Key>TagNameJJ1</Key> <Value>tytttasceettt</Value> </Tag> -</TagSet> + </TagSet> </Tagging>

Response Headers

This response uses common headers. For details about common response headers, see section Common Response Headers.

@@ -139,7 +139,7 @@ Content-Length: 441 <Key>TagNameJJ1</Key> <Value>tytttasceettt</Value> </Tag> -</TagSet> + </TagSet> </Tagging>
diff --git a/docs/obs/s3api/en-us_topic_0125560255.html b/docs/obs/s3api/en-us_topic_0125560255.html index 70730b3e5..ebb7fab46 100644 --- a/docs/obs/s3api/en-us_topic_0125560255.html +++ b/docs/obs/s3api/en-us_topic_0125560255.html @@ -326,7 +326,7 @@ <HostId>RkRCRDJENDc5MzdGQkQ4OUY3MTI4NTQ3NDk2Mjg0M0FB QUFBQUFBYmJiYmJiYmJD</HostId> …… - </Error> +</Error>

Table 9 describes the common elements contained in an error response.

Table 9 Error response elements

Element

diff --git a/docs/obs/s3api/en-us_topic_0125560310.html b/docs/obs/s3api/en-us_topic_0125560310.html index 773a0c41a..71cacbc55 100644 --- a/docs/obs/s3api/en-us_topic_0125560310.html +++ b/docs/obs/s3api/en-us_topic_0125560310.html @@ -117,7 +117,7 @@ x-amz-content-sha256:44ce7dd67c959e0d3524ffac1771dfbba87d2b6b4b4e99e42034a8b803f 
DateKey = HMAC-SHA256("AWS4"+"<SecretAccessKey>", "<yyyymmdd>") 
 DateRegionKey = HMAC-SHA256(<DateKey>, "<aws-region>") 
 DateRegionServiceKey = HMAC-SHA256(<DateRegionKey>, "<aws-service>") 
-SigningKey = HMAC-SHA256(<DateRegionServiceKey>, "aws4_request"
+SigningKey = HMAC-SHA256(<DateRegionServiceKey>, "aws4_request")

Each field is described as follows:

  • <SecretAccessKey>: Indicates the SK of the requester.
  • <yyyymmdd>: Indicates the period in which Signing Key obtained from Authorization in the HTTP header is valid.
diff --git a/docs/obs/s3api/en-us_topic_0125560316.html b/docs/obs/s3api/en-us_topic_0125560316.html index e5e733142..98dcd2c19 100644 --- a/docs/obs/s3api/en-us_topic_0125560316.html +++ b/docs/obs/s3api/en-us_topic_0125560316.html @@ -42,22 +42,22 @@ Content-Length: 223 { - "Id": "Policy1375342051334", - "Statement": [ - { - "Sid": "Stmt1375240018061", - "Action": [ - "s3:GetBucketLogging" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::logging.bucket3", - "Principal": { - "AWS": [ - "arn:aws:iam::783fc6652cf246c096ea836694f71855:root" - ] - } - } - ] + "Id": "Policy1375342051334", + "Statement": [ + { + "Sid": "Stmt1375240018061", + "Action": [ + "s3:GetBucketLogging" + ], + "Effect": "Allow", + "Resource": "arn:aws:s3:::logging.bucket3", + "Principal": { + "AWS": [ + "arn:aws:iam::783fc6652cf246c096ea836694f71855:root" + ] + } + } + ] }

Sample Response: Grant OBS account permission

HTTP/1.1 204 No Content 
@@ -77,22 +77,22 @@ Authorization: AWS UDSIAMSTUBTEST000002:1YPpMv6hAokMd/r6Ft5/6SZANDw=
 Content-Length: 256
 
 {
-"Id": "Policy1375342051335",
-"Statement": [
-{
-"Sid": "Stmt1375240018062",
-"Action": [
-"s3:PutBucketLogging"
-],
-"Effect": "Allow",
-"Resource": "arn:aws:s3:::logging.bucket3",
-"Principal": {
-"AWS": [
-"arn:aws:iam::219d520ceac84c5a98b237431a2cf4c2:user/71f3901173514e6988115ea2c26d1999"
-]
-}
-}
-]
+    "Id": "Policy1375342051335",
+    "Statement": [
+        {
+            "Sid": "Stmt1375240018062",
+            "Action": [
+                "s3:PutBucketLogging"
+            ],
+            "Effect": "Allow",
+            "Resource": "arn:aws:s3:::logging.bucket3",
+            "Principal": {
+                "AWS": [
+                    "arn:aws:iam::219d520ceac84c5a98b237431a2cf4c2:user/71f3901173514e6988115ea2c26d1999"
+                ]
+            }
+        }
+    ]
 }

Sample Response: Grant OBS user permission

HTTP/1.1 204 No Content
diff --git a/docs/obs/s3api/en-us_topic_0125560369.html b/docs/obs/s3api/en-us_topic_0125560369.html
index 94fef2743..292be2943 100644
--- a/docs/obs/s3api/en-us_topic_0125560369.html
+++ b/docs/obs/s3api/en-us_topic_0125560369.html
@@ -47,24 +47,25 @@ Server: OBS
  Content-Type: application/xml 
  Date: Fri, 06 Sep 2013 07:06:42 GMT
  Content-Length: 184
+
 { 
- "Id": "Policy1375342051334", 
- "Statement": [ 
- { 
- "Sid": "Stmt1375240018061", 
- "Action": [ 
- "s3:GetBucketLogging" 
- ], 
- "Effect": "Allow", 
- "Resource": "arn:aws:s3:::logging.bucket3", 
- "Principal": { 
- "AWS": [ 
- "norman" 
- ] 
- } 
- } 
- ] 
- }
+ "Id": "Policy1375342051334", + "Statement": [ + { + "Sid": "Stmt1375240018061", + "Action": [ + "s3:GetBucketLogging" + ], + "Effect": "Allow", + "Resource": "arn:aws:s3:::logging.bucket3", + "Principal": { + "AWS": [ + "norman" + ] + } + } + ] +}
diff --git a/docs/obs/s3api/en-us_topic_0125560388.html b/docs/obs/s3api/en-us_topic_0125560388.html index 880e81c79..c4918eb7d 100644 --- a/docs/obs/s3api/en-us_topic_0125560388.html +++ b/docs/obs/s3api/en-us_topic_0125560388.html @@ -171,11 +171,13 @@ Accept: */* Date: Tue, 07 Mar 2017 08:54:09 +0000 Authorization: AWS UDSIAMSTUBTEST000002:kaEwOixnSVuS6If3Q0Lnd6kxm5A= Content-Length: 183 -Expect: 100-continue -<RestoreRequest xmlns="http://s3.amazonaws.com/doc/2006-3-01"> <Days>3</Days> -<GlacierJobParameters> - <Tier>Expedited</Tier> - </GlacierJobParameters> +Expect: 100-continue + +<RestoreRequest xmlns="http://s3.amazonaws.com/doc/2006-3-01"> + <Days>3</Days> + <GlacierJobParameters> + <Tier>Expedited</Tier> + </GlacierJobParameters> </RestoreRequest>

Sample Response

HTTP/1.1 100 Continue   
diff --git a/docs/obs/s3api/en-us_topic_0125560406.html b/docs/obs/s3api/en-us_topic_0125560406.html
index 8bbe3ca41..b585d8d0f 100644
--- a/docs/obs/s3api/en-us_topic_0125560406.html
+++ b/docs/obs/s3api/en-us_topic_0125560406.html
@@ -37,29 +37,31 @@
 
The request for modifying or setting the ACL of a bucket or object must contain an ACL in the following syntax:

 
<AccessControlPolicy> 
  <Owner>
- <ID>id</ID>
- <DisplayName>displayname</DisplayName>
+  <ID>id</ID>
+  <DisplayName>displayname</DisplayName>
  </Owner>
  <AccessControlList>
- <Grant>
- <Grantee>grantee</Grantee>
- <Permission>permission</Permission>
- </Grant>
- <Grant>…………</Grant>
+  <Grant>
+   <Grantee>grantee</Grantee>
+   <Permission>permission</Permission>
+  </Grant>
+  <Grant>…………</Grant>
  </AccessControlList>
- </AccessControlPolicy>

+</AccessControlPolicy>

In the preceding ACL, permission indicates one of the five permission types supported by OBS. For details about the permission, see Table 2. The format of content in Grantee varies with the grantee.

  1. An OBS user as the grantee
    <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser">
  <ID>DomainId</ID>
  <DisplayName>displayname</DisplayName>
- </Grantee>
    +</Grantee>
  2. A registered user group user as the grantee
    <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="Group">
  <URI>http://acs.amazonaws.com/groups/global/AuthenticatedUsers</URI>
- </Grantee>
    +</Grantee>
  3. An anonymous user as the grantee
    <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="Group">
  <URI>http://acs.amazonaws.com/groups/global/AllUsers</URI>
- </Grantee>
    -
  4. Log delivery user group user as the grantee
    <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="Group">   <URI>http://acs.amazonaws.com/groups/s3/LogDelivery</URI>   </Grantee>
    +</Grantee> +
  5. Log delivery user group user as the grantee
    <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="Group">   
+ <URI>http://acs.amazonaws.com/groups/s3/LogDelivery</URI>   
+</Grantee>
Table 2 Permission on an OBS bucket or object

Permission

diff --git a/docs/obs/s3api/en-us_topic_0125560422.html b/docs/obs/s3api/en-us_topic_0125560422.html index d364ae471..dbb274578 100644 --- a/docs/obs/s3api/en-us_topic_0125560422.html +++ b/docs/obs/s3api/en-us_topic_0125560422.html @@ -333,15 +333,15 @@

A Condition block (element) can contain multiple key value pairs. The following example Condition block specifies requests initiated between 2009-04-16T12:00:00Z and 2009-04-16T15:00:00Z from IP addresses on network segment 192.168.176.0/24 or 192.168.143.0/24:

"Condition" : { 
-   "DateGreaterThan" : { 
-   "aws:CurrentTime" : "2009-04-16T12:00:00Z" 
-   },
-   "DateLessThan": { 
-   "aws:CurrentTime" : "2009-04-16T15:00:00Z" 
-   },
-   "IpAddress" : { 
-   "aws:SourceIp" : ["192.168.176.0/24","192.168.143.0/24"] 
-   } 
+    "DateGreaterThan": { 
+        "aws:CurrentTime" : "2009-04-16T12:00:00Z" 
+    },
+    "DateLessThan": { 
+        "aws:CurrentTime" : "2009-04-16T15:00:00Z" 
+    },
+    "IpAddress": { 
+        "aws:SourceIp" : ["192.168.176.0/24", "192.168.143.0/24"] 
+    } 
  }

A Condition block can contain two types of keys:

  • General keys that have nothing to do with Action.
  • S3 service-specific keys associated with Action.
@@ -608,35 +608,39 @@
  • Whitelist settings

    Users can set a whitelist to allow requests from the websites added in the whitelist and deny requests from any other website.

    For the requests that are initialized from browsers' address boxes, that is, those HTTP requests with a blank referer, users can add the ${null} field to "aws:Referer" of Condition to specify whether to allow the requests with a blank referer.

    Set a whitelist based on the following policy setting:

    -
    "Statement":[
+
    "Statement": [
     {"Sid": "1",
      "Effect": "Allow",
      "Principal": {"CanonicalUser":["*"]},
      "Action": "s3:*",
      "Resource":["arn:aws:s3:::bucket/*"],
     },
-    {"Sid":"2",
-     "Effect":"Deny",
+    {"Sid": "2",
+     "Effect": "Deny",
      "Principal":{"CanonicalUser":["*"]},
-     "Action":["s3:*"],
-     "Resource":["arn:aws:s3:::bucket/*"],                             "Condition":{
-         "StringNotEquals":
-         {"aws:Referer":["www.example01.com","${null}"]}
-      }
-    }
+     "Action": ["s3:*"],
+     "Resource": ["arn:aws:s3:::bucket/*"],                             
+     "Condition":{
+         "StringNotEquals":{
+              "aws:Referer": ["www.example01.com","${null}"]
+             }
+         }
+     }
 ]
    
 
    If you set a whitelist in this way, you can perform operations on resources in buckets only when the value of the referer parameter is www.example01.com or is blank.
  • Blacklist settings

    You can refer to the following policy settings to set a blacklist for access.

    -
    "Statement":[ 
-     {"Sid":"1", 
-      "Effect":"Deny", 
-      "Principal":{"CanonicalUser":["*"]}, 
-      "Action":["s3:*"], 
-      "Resource":["arn:aws:s3:::bucket/*"],                             "Condition":{ 
-          "StringEquals": 
-          {"aws:Referer":["www.example01.com","www.example02.com"]} 
-       } 
+
    "Statement": [ 
+    {"Sid":"1", 
+     "Effect":"Deny", 
+     "Principal":{"CanonicalUser":["*"]}, 
+     "Action":["s3: *"], 
+     "Resource":["arn:aws:s3:::bucket/*"],                             
+     "Condition":{ 
+         "StringEquals":{
+             "aws:Referer":["www.example01.com", "www.example02.com"]
+             } 
+         } 
      } 
  ]
    
 
    If you set a blacklist in this way, you cannot perform operations on resources in buckets when the value of the referer parameter is www.example01.com or www.example02.com.
    
diff --git a/docs/obs/s3api/en-us_topic_0125560444.html b/docs/obs/s3api/en-us_topic_0125560444.html
index 51ede603b..40c99f684 100644
--- a/docs/obs/s3api/en-us_topic_0125560444.html
+++ b/docs/obs/s3api/en-us_topic_0125560444.html
@@ -10,7 +10,7 @@
 
    • Existing objects with version IDs are not affected.
    • OBS creates version ID null to an uploaded object and the object will be overwritten after a namesake one is uploaded.
    • Objects can be downloaded by version ID. By default, the latest object is downloaded if the version ID is not specified.
    • Objects can be deleted by version ID. If an object is deleted with no version ID specified, the object is only attached with a deletion mark and version ID null. Objects with version ID null are physically deleted.
    • Except deletion marks and object metadata, storage space occupied by objects with all version IDs is billed.
    
 
    Only the bucket owner can set the bucket versioning state.
    
 
    Request Syntax
    PUT /?versioning HTTP/1.1 
- User-Agent: agnet
+ User-Agent: agent
  Host: bucketname.obs.example.com
  Accept: */* 
  Date: date 
@@ -18,9 +18,9 @@
  Content-Length: length 
  Expect: expect
 
- <VersioningConfiguration> 
+<VersioningConfiguration> 
  <Status>status</Status> 
- </VersioningConfiguration>
    
+</VersioningConfiguration>

    Request Parameters

    This request involves no parameters.

    @@ -81,9 +81,9 @@ User-Agent: curl/7.29.0 Content-Length: 80 Expect: 100-continue - <VersioningConfiguration> +<VersioningConfiguration> <Status>Enabled</Status> - </VersioningConfiguration> +</VersioningConfiguration>

    Sample Response

    HTTP/1.1 200 OK 
  Server: OBS 
diff --git a/docs/obs/s3api/en-us_topic_0125560445.html b/docs/obs/s3api/en-us_topic_0125560445.html
index 8d5d4efa9..ea64369a4 100644
--- a/docs/obs/s3api/en-us_topic_0125560445.html
+++ b/docs/obs/s3api/en-us_topic_0125560445.html
@@ -51,24 +51,25 @@
-

OBS supports bucket policies. If you want to restrict server-side encryption for all objects stored in a bucket, you can use bucket policies. For example, if an object upload request does not contain x-amz-server-side-encryption:"aws:kms", the header for requesting server-side encryption (SSE-KMS), the following bucket policy rejects the upload request:

-

{

-

"Version":"2008-10-17",

-

"Id":"PutObjPolicy",

-

"Statement":[{

-

"Sid":"DenyUnEncryptedObjectUploads",

-

"Effect":"Deny",

-

"Principal":"*",

-

"Action":"s3:PutObject",

-

"Resource":"arn:aws:s3:::YourBucket/*",

-

"Condition":{

-

"StringNotEquals":{

-

"s3:x-amz-server-side-encryption":"aws:kms"

-

}

-

}

-

}

-

]

-

}

+
OBS supports bucket policies. If you want to restrict server-side encryption for all objects stored in a bucket, you can use bucket policies. For example, if an object upload request does not contain x-amz-server-side-encryption:"aws:kms", the header for requesting server-side encryption (SSE-KMS), the following bucket policy rejects the upload request:
{
+"Version":"2008-10-17",
+"Id":"PutObjPolicy",
+"Statement": [
+        {
+            "Sid": "DenyUnEncryptedObjectUploads",
+            "Effect": "Deny",
+            "Principal": "*",
+            "Action": "s3:PutObject",
+            "Resource": "arn:aws:s3:::YourBucket/*",
+            "Condition": {
+                "StringNotEquals": {
+                    "s3:x-amz-server-side-encryption": "aws:kms"
+                }
+            }
+        }
+    ]
+}
+
diff --git a/docs/obs/s3api/en-us_topic_0125560497.html b/docs/obs/s3api/en-us_topic_0125560497.html index f2f2faa0f..1535ebc92 100644 --- a/docs/obs/s3api/en-us_topic_0125560497.html +++ b/docs/obs/s3api/en-us_topic_0125560497.html @@ -4,7 +4,7 @@

You can use this operation to get the bucket lifecycle configuration.

Only users granted the s3:GetLifecycleConfiguration permission can view the bucket lifecycle configuration. By default, only the bucket owner can get the bucket lifecycle configuration. The bucket owner can allow other users to get the bucket lifecycle configuration by granting them the permission.

Request Syntax

GET /?lifecycle HTTP/1.1
-User-Agent: agnet
+User-Agent: agent
  Host: bucketname.obs.example.com
 Accept: */*
 Date: date