Applicable Products
myQNAPcloud Object
What is myQNAPcloud Object?
myQNAPcloud Object is a cloud-based object storage service designed to provide high-performance, reliable, and secure data storage for a broad range of applications and use cases. This service is built to be fully compatible with the Amazon Web Service Simple Storage Service (AWS S3) API, ensuring seamless integration with S3-compatible applications and gateway devices.
myQNAPcloud Object is tailored for individuals and organizations seeking a cost-effective and efficient data storage infrastructure. Designed to work with S3-compatible applications, myQNAPcloud Object enables users to leverage familiar tools and workflows while benefiting from the reliability and flexibility of QNAP’s ecosystem.
- Compatibility: myQNAPcloud Object is designed to be fully compatible with the AWS S3 API, ensuring that existing AWS S3-compatible applications can work seamlessly.
- Performance: myQNAPcloud Object offers a high-performance storage solution optimized for reliability and efficiency.
About myQNAPcloud Object S3 API Guide
While myQNAPcloud Object aligns closely with AWS S3, certain features may have been enhanced or implemented differently. This guide aims to clarify these nuances to help users maximize the potential of myQNAPcloud Object.
This guide uses examples involving access to buckets in specific myQNAPcloud Object regions. For more information about region-specific endpoints and service URLs, see "Service URLs for myQNAPcloud Object Storage Regions".
Note
- Regional URLs: When accessing buckets, ensure that you use URLs specific to the myQNAPcloud Object storage region where your bucket is created. Using the incorrect URL may allow GET requests but could result in errors for PUT or DELETE operations. Refer to the [Service URLs for myQNAPcloud Object Storage Regions].
- ASW IAM: Unlike AWS, myQNAPcloud Object does not include support for AWS IAM (Identity and Access Management). Therefore, this guide focuses exclusively on S3 API compatibility and does not reference IAM-related capabilities.
REST API Introduction
Host Designation
myQNAPcloud Object supports both path-style and virtual-style requests, similar to AWS S3. A unique host name is required (for example, s3.us-east-1.myqnapcloud.io versus s3.amazonaws.com). We recommend using path-style requests, as shown in all examples in this guide (e.g., http://s3.us-east-1.myqnapcloud.io/my-bucket/my-object) because path-style requests provide greater flexibility in bucket naming, avoiding domain name conflicts.
Always Consistent
Unlike the strong consistency model of AWS S3, myQNAPcloud Object provides an "always consistent" view of all operations. This ensures that any operation following another will produce consistent results. For instance, after deleting an object (DELETE operation), performing a subsequent HEAD request will always confirm the object's deletion, eliminating the need for additional programming to wait for operation completion.
Authenticating Requests
myQNAPcloud Object supports both autonomous and signature versions 2 and 4, compatible with AWS S3, for headers and query parameters. While signature version 4 offers better security, it requires more computational resources due to the overhead of calculating the SHA256 hash. If performance is critical, signature version 2 may be used, with MD5 (returned as the ETag header) ensuring data integrity.
For version 4 signing requests, all regions are supported for myQNAPcloud Object signing requests.
myQNAPcloud Object does not support signature signing for browser-based uploads or HTML form requests, as these operations are not currently supported.
For version 2 signing, the following sub-resource keys are specified as query parameters in requests:
- append
- compose
- force_delete=true
These query parameters must be included when calculating the signature for PutObject and DeleteBucket operations.
Error Responses
Wherever possible, myQNAPcloud Object uses error responses compatible with AWS S3. Additional error codes may also be provided for enhanced functionality.
HTTP Error Codes
| Error Code | myQNAPcloud Object Description | HTTP Status Code |
|---|
| Unavailable | Temporarily unavailable | 503 |
| Unrecoverable | Data Unrecoverable |
|
| Not Implemented | Not Implemented | 501 |
| DB Entity Not found | No such entity | 404 |
| DB Entity Found | Entity Already Exists | 409 |
| Disconnect Error | Connection Closed | 410 |
| Status Internal Server Error | Internal Error: We encountered an internal error. Please contact customer support. | 500 |
| Status Forbidden | Access Denied | 403 |
| Access Forbidden |
| Account Not Activated |
| Account Problem |
| Authentication Lockout: There have been too many attempts to access the account with the wrong credentials. Please try again in five minutes. |
| Invalid Access Key ID: The AWS Access Key ID you provided does not exist in our records. |
| Invalid Authentication Code: Authentication code for device is not valid. |
| Request Time Too Skewed: The difference between the request time and the current time is too large. |
| Invalid Object State: The operation is not valid for the current state of the object. |
| Status Bad Request | Authorization Header Malformed | 400 |
| Authorization Query Parameters Error |
| Bad Digest: The Content-MD5 you specified did not match what we received. |
| Bad Request: An error occurred when parsing the HTTP request. |
| Incomplete Signature: Request must contain a signature that conforms to AWS standards. |
| Invalid Action |
| Invalid Argument |
| Invalid Digest: The Content-MD5 you specified was invalid. |
| Invalid Input |
| Invalid Parameter Value: An invalid or out-of-range value was supplied for the input parameter. |
| Invalid Request |
| Malformed Policy |
| Malformed Policy Document |
| Password Policy Violation |
| Validation Error |
| X Amz Content SHA256 Mismatch: The provided 'x-amz-content-sha256' header does not match what was computed. |
| Encryption Not Allowed: User provided encryption keys are not allowed in this operation. |
| The object was stored using a form of Server Side Encryption. The correct parameters must be provided to retrieve the object. |
| Entity Too Large: Your proposed upload is larger than the maximum allowed size. |
| Entity Too Small: Your proposed upload is smaller than the minimum allowed size. |
| Illegal Compliance Request |
| Illegal Versioning Configuration Exception: The versioning configuration specified in the request is not valid. |
| Incomplete Body: You did not provide the number of bytes specified by the Content-Length HTTP header. |
| Invalid ACL Request: You must provide only one of either ACL headers or an XML body when setting ACLs. |
| Invalid Argument |
| Invalid Bucket Name: The specified bucket is not valid. |
| Invalid Encryption Algorithm Error: The Encryption request you specified is not valid. Supported value: AES256. |
| Invalid Part Order: The list of parts was not in ascending order. Parts must be ordered by part number. |
| Invalid Part: One or more of the specified parts could not be found. The part may not have been uploaded, or the specified entity tag may not match the part's entity tag. |
| Invalid Policy Document: The content of the form does not meet the conditions specified in the policy document. |
| Key Too Long Error: Your key is too long. |
| Logging Bucket Same Owner: The logging target bucket must have the same owner as the bucket being logged. |
| Malformed XML: The XML you provided was not well formed or did not validate against our published schema. |
| Meta data Too Large: Your metadata headers exceed the maximum allowed metadata size. |
| Request Timeout: Your socket connection to the server was not read from or written to within the timeout period. |
| Too Many Buckets: You have attempted to create more buckets than allowed. |
| Too Many Components: A composite object may not have more than 1024 components. |
| Unresolvable Grant By Email Address: The email address you provided does not match any account on record. |
| Storage Quota Exceeded: Your account has surpassed its storage limit. |
| Bucket Account Inactive: The account that owns this bucket is not active. |
| Status Gone | Connection Closed: Network connection was closed. | 410 |
| Status Unprocessable Entity | Data Unrecoverable: The data in the request is unrecoverable. Please contact customer support. | 422 |
| Status Conflict | Delete Conflict | 409 |
| Entity Already Exists |
| Entity Temporarily Unmodifiable: The entity is temporarily unmodifiable. Please try again later. |
| Limit Exceeded |
| Operation Aborted: A conflicting conditional operation is currently in progress against this resource. Please try again. |
| Bucket Already Exists |
| Bucket Not Empty |
| Compliance Settings Locked: The compliance settings are now locked and cannot be changed. |
| Status Not Found | No Such Entity | 404 |
| No Such Lifecycle Configuration: The lifecycle configuration does not exist. |
| No Such Bucket: The specified bucket does not exist. |
| No Such Bucket Policy: The bucket policy does not exist. |
| No Such Key: The specified key does not exist. |
| No Such Replication Configuration: The replication configuration does not exist. |
| No Such Tag Set Error: There is no tag set associated with the bucket. |
| No Such Upload: The specified upload does not exist. The upload ID may be invalid, or the upload may have been aborted or completed. |
| No Such Version: The specified version does not exist. |
| Status Not Implemented | Not Implemented: A header you provided implies functionality that is not implemented. | 501 |
| Status Service Unavailable | Temporarily Unavailable: Resources for this operation are temporarily unavailable. Please try again later. | 503 |
| Status Found | Key Already Exists | 302 |
| Status Method Not Allowed | Method Not Allowed: This method is not allowed for other than the account owner. | 405 |
| Method Not Allowed: The specified method is not allowed against this resource. |
| Status Length Required | Missing Content Length: You must provide the Content-Length HTTP header. | 411 |
TCP Error Codes
myQNAPcloud Object supports the following TCP error codes:
- Unexpected EOF
- Broken Pipe
- Connection reset by Peer
Not Supported in myQNAPcloud Object
| Operation | Description |
|---|
| SOAP | AWS S3 has deprecated support for SOAP, and myQNAPcloud Object does not support any SOAP operations. |
Operations on Buckets with myQNAPcloud Object S3 API
Operations on buckets include: deleting, renaming, and logging buckets as well as cross-origin resource sharing (CORS) support, lifecycle policy, object locking, and compliance.
Force Delete Bucket
AWS S3 will not allow you to delete a bucket if it contains objects that have not been deleted.
myQNAPcloud Object provides a force delete option that first deletes all the objects in the bucket and then deletes the bucket. The deletion of objects is subject to policy and compliance requirements on the bucket.
To use the force delte option, simply add it as a query string. For example:
DELETE http://s3.us-east-1.myqnapcloud.io/my-bucket?force_delete=true HTTP/1.1
Renaming a Bucket
AWS S3 does not support renaming of buckets. It only supports renaming of objects in a bucket.
myQNAPcloud Object supports the renaming of buckets. The new bucket name must not be in use for the renaming to be successful. The caller must have the s3:CreateBucket policy permission to rename a bucket.
To rename a bucket, use the HTTP method MOVE along with the header field “Destination” to give the new bucket name. For example:
MOVE http://s3.us-east-1.myqnapcloud.io/my_old_bucket HTTP/1.1
Destination: my_new_bucket
MFA (Multi-Factor Authentication) Delete
myQNAPcloud Object supports the “x-amz-mfa” header while:
- configuring versioning on a bucket, or
- deleting objects with object deletion requests compatible with AWS S3.
myQNAPcloud Object does not require the “x-amz-mfa” header if the user's access credentials signing the request were authenticated with MFA. myQNAPcloud Object only supports virtual MFA devices.
Maximum Number of Buckets
Standard AWS S3 supports only 100 buckets.
myQNAPcloud Object allows for a maximum of 1000 buckets per account and this number may be increased by contacting myQNAPcloud Object Customer Support.
Bucket Logging
myQNAPcloud Object supports bucket logging, which creates a text log file of all access to a bucket. The format of the log file is identical to the AWS S3 log file.
myQNAPcloud Object bucket logging does not require any ACL permission settings to store logs in a target bucket. Although you can give permission settings in the logging request or in an ACL, they are not required for logging to work in myQNAPcloud Object. However, the bucket that is a target for log files must be inside the same account as the bucket being logged.
Bucket Cross-Origin Resource Sharing (CORS) Support
For compatibility with browser access to myQNAPcloud Object as a web server, the myQNAPcloud Object server will return CORS headers when the header “Origin” is given in an HTTP request. Additionally, the server supports the HTTP method OPTIONS on either buckets or objects to return the CORS headers needed for a browser pre-flight test before accessing myQNAPcloud Object.
Different from AWS, myQNAPcloud Object returns the settings that will allow the browser full access to myQNAPcloud Object. Hence, myQNAPcloud Object does not support the AWS functions that allow a PUT and GET on a bucket with the “cors” parameter in the URL. Note that allowing browser full access to data does not affect the security of access to any objects and all access policies will still be enforced.
The following are the HTTP headers returned by default when the header “Origin” is given in an HTTP request:
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: GET, HEAD, POST, PUT, DELETE, MOVE, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: *
Access-Control-Max-Age: 86400
Lifecycle Policy
The Lifecyle feature establishes a Lifecycle policy with rules to define actions that you want myQNAPcloud Object to take during the life of an object. This feature replaces the need to manually delete an object after a retention period.
Configuring Lifecycle Settings
The lifecycle settings for a bucket are configuring with the "put-bucket-lifecycle-configuration" command. For example:
$ aws s3api put-bucket-lifecycle-configuration --bucket 1-1-1-1 --endpoint-url https://s3.us-east-1.myqnapcloud.io --lifecycle-configuration file://lifecycle.json
{
"Rules": [
{
"Expiration": {
"Days": 1
},
"ID": "lifecycle_rule_1",
"Filter": {
"And": {
"ObjectSizeGreaterThan": 1,
"ObjectSizeLessThan": 21474836480
}
},
"Status": "Enabled"
},
{
"Expiration": {
"Days": 1
},
"ID": "object_lifecycle_rule_bucket_6807766",
"Filter": {
"Prefix": "1"
},
"Status": "Enabled"
}
]
}
Here is another example:
PUT https://s3.us-east-1.myqnapcloud.io/1-1-1-1?lifecycle
<LifecycleConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<Rule>
<Expiration>
<Days>1</Days>
</Expiration>
<ID>lifecycle_rule_1</ID>
<Filter>
<And>
<ObjectSizeGreaterThan>1</ObjectSizeGreaterThan>
<ObjectSizeLessThan>21474836480</ObjectSizeLessThan>
</And>
</Filter>
<Status>Enabled</Status>
</Rule>
<Rule>
<Expiration>
<Days>1</Days>
</Expiration>
<ID>object_lifecycle_rule_bucket_6807766</ID>
<Filter>
<Prefix>1</Prefix>
</Filter>
<Status>Enabled</Status>
</Rule>
</LifecycleConfiguration>
There is no response body for this call.
Retrieving Lifecycle Settings
The lifecycle settings for a bucket can be retrieved with the "get-bucket-lifecycle-configuration" command. For example:
$ aws s3api get-bucket-lifecycle-configuration --bucket 1-1-1-1 --endpoint-url https://s3.us-east-1.myqnapcloud.io
{
"Rules": [
{
"Expiration": {
"Days": 1
},
"ID": "lifecycle_rule_1",
"Filter": {
"And": {
"ObjectSizeGreaterThan": 1,
"ObjectSizeLessThan": 21474836480
}
},
"Status": "Enabled"
},
{
"Expiration": {
"Days": 1
},
"ID": "object_lifecycle_rule_bucket_6807766",
"Filter": {
"Prefix": "1"
},
"Status": "Enabled"
}
]
}
Here is another example:
GET https://s3.us-east-1.myqnapcloud.io/1-1-1-1?lifecycle
<?xml version="1.0" encoding="UTF-8"?>
<LifecycleConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<Rule>
<Expiration>
<Days>1</Days>
</Expiration>
<ID>lifecycle_rule_1</ID>
<Filter>
<And>
<ObjectSizeGreaterThan>1</ObjectSizeGreaterThan>
<ObjectSizeLessThan>21474836480</ObjectSizeLessThan>
</And>
</Filter>
<Status>Enabled</Status>
</Rule>
<Rule>
<Expiration>
<Days>1</Days>
</Expiration>
<ID>object_lifecycle_rule_bucket_6807766</ID>
<Filter>
<Prefix>1</Prefix>
</Filter>
<Status>Enabled</Status>
</Rule>
</LifecycleConfiguration>
Deleting Lifecycle Settings
The lifecycle settings for a bucket can be deleted with the "delete-bucket-lifecycle" command. For example:
$ aws s3api delete-bucket-lifecycle --bucket 1-1-1-1 --endpoint-url https://s3.us-east-1.myqnapcloud.io
There is no response body for this call.
Object Lock
myQNAPcloud Object supports an object lock that prevents the deletion or overwrite of object versions for a fixed amount of time or indefinitely.
| Tag | Description |
|---|
| ObjectLockConfiguration | This is the mandatory root level tag for object lock configuration. |
| ObjectLockEnabled | This tag must be configured as Enabled. |
| Rule | This specifies the object lock rule for a bucket. It requires both a mode and a period. The period can be either Days or Years but you must select one. You cannot specify Days and Years at the same time.
Mode should be either COMPLIANCE or GOVERNANCE. |
The object lock settings for a bucket are specified using the “?object-lock” query string along with the object lock settings as the XML body in the request. For example:
PUT https://s3.us-east-1.myqnapcloud.io/qa.objectlock.002/?object-lock HTTP/1.1
<ObjectLockConfiguration>
<ObjectLockEnabled>Enabled</ObjectLockEnabled>
<Rule>
<DefaultRetention>
<Mode>COMPLIANCE</Mode>
<Days>10</Days>
</DefaultRetention>
</Rule>
</ObjectLockConfiguration>
The object lock settings for a bucket can be retrieved by getting the bucket with the “?object-lock” query string. For example:
GET https://s3.us-east-1.myqnapcloud.io/qa.objectlock.002/?object-lock HTTP/1.1
Response body:
<?xml version="1.0" encoding="UTF-8"?>
<ObjectLockConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<ObjectLockEnabled>Enabled</ObjectLockEnabled>
<Rule>
<DefaultRetention>
<Mode>COMPLIANCE</Mode>
<Days>10</Days>
</DefaultRetention>
</Rule>
</ObjectLockConfiguration>
There are also object lock settings for each object described in Operations on Objects.
The object lock settings for a bucket can be cleared using "?object-lock" query string. For example:
PUT https://s3.us-east-1.myqnapcloud.io/qa.objectlock.002/?object-lock HTTP/1.1
Response body:
<ObjectLockConfiguration>
<ObjectLockEnabled>Enabled</ObjectLockEnabled>
<Rule>
<DefaultRetention>
<Mode></Mode>
<Days></Days>
</DefaultRetention>
</Rule>
</ObjectLockConfiguration>
myQNAPcloud Object Compliance
myQNAPcloud Object supports a compliance policy that prevents the deletion of objects and provides additional information to prove that the original data is not modified since the time written. The compliance feature may be required for certain regulatory needs, but is also useful to prevent accidental data deletion.
Compliance is different from the object locking setting for a bucket.
You can set the compliance policy on any bucket controlling all the objects that are stored in that bucket. Specify the bucket compliance policy with the following XML tags.
| Tag | Description |
|---|
| Status | Either "enabled" or "disabled" to turn compliance on and off, respectively. Enabling will immediately apply to all objects in the bucket. |
| LockTime | The time at which the compliance settings are "locked"-the settings cannot be reduced by any API call. Once the settings are locked, they cannot be unlocked without the intervention of QNAP Customer Support. The lock time allows you to support two use cases:- Testing that your software works properly before locking the compliance feature; or
- Never locking which means that data can be deleted with an additional step of an administrator turning compliance off.
The lock time parameter may be:- An ISO date (for example, 2016-11-07T15:08:05Z),
- The string "now" to force immediate locking, or
- The string "off to not lock the compliance settings. This is the default.
|
| RetentionDays | An integer for the minimum number of days that objects are always retained after their creation date or release from conditional hold. You can extend the retention date for any individual object, but may not shorten the date. This parameter is always required. |
| ConditionalHold | A Boolean value ("true" or "false") indicating if newly created objects are placed on conditional hold, meaning that they cannot be deleted until the conditional hold is explicitly turned off. The default is false if this parameter is not given. Note that this setting may be changed even after the settings are locked. |
The compliance settings for a bucket are specified using the “?compliance” query string along with the compliance settings as the XML body in the request. For example:
PUT http://s3.us-east-1.myqnapcloud.io/my-bucket?complianceHTTP./1.1
<BucketComplianceConfiguration>
<Status>enabled</Status>
<LockTime>off</LockTime>
<RetentionDays>365</RetentionDays>
<DeleteAfterRetention>true</DeleteAfterRetention>
</BucketComplianceConfiguration>
After compliance is enabled for a bucket, the policy is immediately applied to all objects in the bucket. An attempt to delete an object before the retention period will return an error.
The compliance settings for a bucket can be retrieved by getting the bucket with the “?compliance” query string. For example:
GET http://s3.us-east-1.myqnapcloud.io/my-buck?complianceHTTP/1.1
Response body:
<BucketComplianceConfiguration xml ns="http://s3.amazonaws.com/doc/2006-03-01/">
<Status>enabled</Status>
<LockTime>2016-11-07T15:08:05Z</LockTime>
<IsLocked>false</IsLocked>
<RetentionDays>0</RetentionDays>
<ConditionalHold>false</ConditionalHold>
<DeleteAfterRetention>false</DeleteAfterRetention>
</BucketComplianceConfiguration>
There are also compliance settings for each object described in Operations on Objects.
Operations on Buckets Not Supported in myQNAPcloud Object
| Operation | Description |
|---|
| Bucket Tagging | Bucket tagging is currently unavailable in myQNAPcloud Object. |
| Bucket Website | Website configuration is unavailable in myQNAPcloud Object. Given the nature of myQNAPcloud Object as a long-term object store, we do not expect to support website operations to buckets. The header "x-amz-website-redirect-location" is ignored in any object requests. |
| Bucket Accelerate | myQNAPcloud Object does not implement the AWS S3 bucket accelerate subresource. |
| Bucket Request Payment | myQNAPcloud Object does not support the use of the "requestPayment" subresource for buckets. |
| Metrics Configuration | myQNAPcloud Object does not support the operation to receive one-minute CloudWatch metrics, set CloudWatch alarms, and access CloudWatch dashboards to view near-real-time operations and performance of your Amazon S3 storage. |
S3 Block Public Access | myQNAPcloud Object does not support the operation to centrally block existing public access (whether it is made possible via an ACL or a policy) and make sure newly created items are not inadvertently granted public access. |
| S3 Select | myQNAPcloud Object does not support the S3 Select API. |
Operations on Objects With myQNAPcloud Object S3 API
Operations on Objects include renaming, composing, appending, and deleting objects as well as encryption, storage class, object locking, and compliance.
Renaming Objects
myQNAPcloud Object supports functionality to move an object-in effect, renaming the object by changing the key. This eliminates the two-step process of first copying an object and then deleting the original object. The caller must have s3:PutObject policy permission on the bucket to rename objects.
To rename objects, use the HTTP method MOVE along with the following parameters in the request headers that affect the move operation.
|
| Overwrite | A Boolean value that, when “true,” allows overwriting destination objects with the same key. Otherwise, an error is generated and the original key is not changed. |
| X-Wasabi-Quiet | A Boolean value that, when “true,” causes the XML status return body to only display the keys that encounter errors. Otherwise, all objects renamed are given in the status. The default value is “false.” |
| X-Wasabi-Prefix | A Boolean value that, when “true,” means that the values given for the source in the URL and the destination are prefixes—they match the left-most part of keys. Conceptually, think of the prefix as a folder of objects. Otherwise, only the objects (including all versions) that exactly match the key are renamed. The default value is “false.” |
The call will return the results as an XML body of the response. The results include the following for each object renamed:
- original source key,
- renamed destination key,
- version ID of the object, and
- any error in the rename operation.
The quiet option will cause the results to list only the keys that encountered an error.
Below is an example, which renames all objects that start with the prefix “TestMove-Dir2/” to have the new prefix “TestMove-Dir2-Renamed/
MOVE http://s3.us-east-1.myqnapcloud.io/my_bucket/TestMove-Dir2/HTTP/1.1 Destination:TestMove-Dir2-Renamed/X-Wasabi-Prefix:true
Response body:
<MoveObjectResult> <SourcePrefix>TestMove-Dir2/SourcePrefix> <DestinationPrefix>TestMove-Dir2-Renamed/DestinationPrefix> <MoveObject> <SourceKey>TestMove-Dir2/SourceKey> <DestinationKey>TestMove-Dir2-Renamed/DestinationKey> MoveObject> <MoveObject> <SourceKey>TestMove-Dir2/Dir1/SourceKey> <DestinationKey>TestMove-Dir2-Renamed/Dir1/DestinationKey> MoveObject> <MoveObject> <SourceKey>TestMove-Dir2/Dir1/Obj1SourceKey> <DestinationKey>TestMove-Dir2-Renamed/Dir1/Obj1DestinationKey> MoveObject> <MoveObject> <SourceKey>TestMove-Dir2/Dir1/Obj2SourceKey> <DestinationKey>TestMove-Dir2-Renamed/Dir1/Obj2DestinationKey> MoveObject> <MoveObject> <SourceKey>TestMove-Dir2/Dir2/SourceKey> <DestinationKey>TestMove-Dir2-Renamed/Dir2/DestinationKey> MoveObject> <MoveObject> <SourceKey>TestMove-Dir2/Dir2/Obj1SourceKey> <DestinationKey>TestMove-Dir2-Renamed/Dir2/Obj1DestinationKey> MoveObject> <MoveObject> <SourceKey>TestMove-Dir2/Dir2/Obj2SourceKey> <DestinationKey>TestMove-Dir2-Renamed/Dir2/Obj2DestinationKey> MoveObject> <MoveCount>7MoveCount> MoveObjectResult>
Composing Objects
myQNAPcloud Object provides a feature to create a new object that is composed of other objects. A composed object is formed not by copying the original data objects, but rather by linking the composed object to the data objects. This is in contrast to AWS S3, which does not offer a way to compose objects. myQNAPcloud Object operation is much faster and does not require multiple copies of the original data. The original composed objects may be deleted at any time, and the system will retain the original data as long as there are any links to the data.
Composing objects is an alternative to using the multi-part upload feature for creating objects larger than 5 GB. The caller must have s3:PutObject policy permission on the bucket to compose objects. Composed objects may be created from other composed objects as well as original data objects. However, the total number of original data objects may not exceed 32 in any one composed object. Composed objects may only link to other objects in the same bucket.
The compose operation is done using the HTTP method PUT with the query string parameter “?compose” to indicate that the object is composed of objects given in the XML body. The XML body contains a list of object keys and, optionally, the version IDs that form the new object. If the version ID is not given, the latest version of the object is used. The new object will appear to be one object with all the linked data objects concatenated. The new composed object does not have an ETag (i.e, MD5) value, which is the MD5 of the concatenated objects, but rather the result of hashing all the data object MD5s together (like the calculation done when multi-part objects are completed). Composed objects may not have user provided encryption keys. However, all data is stored encrypted at rest.
There is a charge only for the metadata used in composed objects. The original data used in linked objects is charged at the normal rate until all composed objects that link to the original data object are deleted.
Below is an example that composes a new object “TestComp from three objects: “TestCompose-Data-1”, “TestCompose-Data-2”, and “TestCompose-Data-3”.
PUT http://s3.wasabisys.com/my_bucket/TestCompose-Object-1?composeHTTP/1.1Content-Type:text/xml
<ComposeRequest>
<Component>
<Key>TestCompose-Data-1</Key>
</Component>
<Component>
<Key>TestCompose-Data-2</Key>
</Component>
<Component>
<Key>TestCompose-Data-3</Key>
</Component>
</ComposeRequest>
Appending to Objects
AWS S3 does not offer a way to append to objects.
Appending to an existing object is a different form of composing an object (see Composing Objects). The call uploads the data in the body to a temporary object and then creates a new composed object consisting of the data from the original object with the newly uploaded data appended. If the bucket is versioned, a new version of the composed object is created while keeping the original data. When not versioned, the newly composed object replaces the original object. The caller must have s3:PutObject policy permission on the bucket to append to objects. Additionally for a bucket without versioning, the s3:DeleteObject policy permission may be required to replace the original object.
Like composed objects, you can append only 1023 times to any object since each creates a link to the uploaded data. Be careful not to simply append small amounts of data many times to an object since each append data uploaded creates a new object subject to minimum size charges, and can slow down the performance due to a small data read. The append operation is done using the HTTP method PUT with the query string parameter “?append”. The data to be appended is uploaded in the body of the request.
Below is an example that appends the string “<appended data>” to an existing object “TestAppend-Object”.
PUT http://s3.us-east-1.myqnapcloud.io/my-bucket/TestAppend-Object?appendHTTP/1.1Content-Length:15
PUT Object Copy Uses Link
Normally, to rename objects using AWS S3 protocol, an object is uploaded with one key value. Then, a PUT operation with the new key value copied from the original key value is given, and the object for the original key value is deleted.
myQNAPcloud Object automatically optimizes this sequence by linking the new key value object to the original data from the copy key value. This avoids making another copy of the data, which would result in higher storage charges. Because myQNAPcloud Object uses links to the original data, any size object up to the 5 TB limit may be copied and does not require the use of a multi-part upload.
Delete Object MFADelete
If the MFADelete option is turned on in the bucket versioning, the “x-amz-mfa” is not required if the access credentials were signed using MFA (see also MFA (Multi-Factor Authentication) Delete).
If bucket logging is enabled, deleting multiple objects will create a separate log entry for each object that is deleted.
GET Object Response Headers
Any header in the GET object request that starts with “response-” will be returned as a response header (minus the string “response-”).
Object Server-Side Encryption
myQNAPcloud Object encrypts all data stored at rest regardless of the requested encryption. The system will use any caller provided encryption keys when given, or generate a random key encryption key for each object if no customer key is provided. If the customer provides the encryption key, similar to AWS S3, myQNAPcloud Object will not keep a copy of the customer key in the metadata and the caller must provide the encryption key to read the data. No action on the part of the caller is needed if myQNAPcloud Object provides the encryption key.
The caller may provide the encryption key using the headers x-amz-server-side-encryption-customer-algorithm, x-amz-server-side-encryption-customer-key, and x-amz-server-side-encryption-customer-key-MD5. These parameters work identical to AWS S3.
myQNAPcloud Object does not support a key management service. Hence, the “x-amz-server-side-encryption” is not supported along with all the “aws:kms” functionality. myQNAPcloud Object stores an MD5 for the data that is always the uploaded data regardless of server-side encryption.
Object Storage Class
myQNAPcloud Object only provides a single storage class which is most like the standard AWS S3 storage class. Where the storage class is returned in any operation, myQNAPcloud Object will return the standard AWS S3 storage class.
Operations on Objects Not Supported in myQNAPcloud Object
|
| Object RESTORE | myQNAPcloud Object does not support multiple classes of storage and does not support the POST object RESTORE request used to restore objects from a different class of storage. |
| Select Object Content | myQNAPcloud Object does not support the operation to filter the contents of an Amazon S3 object based on a simple structured query language (SQL) statement. |
| S3 Batch Operations | myQNAPcloud Object does not support S3 Batch Operations for object management. |
Compliance with myQNAPcloud Object S3 API
The compliance settings for any one object in a bucket with compliance can also be changed within the limits of the compliance on the bucket. Specify the object compliance settings with the following XML tags.
|
| LegalHold | A Boolean value “true” or “false” to set the legal hold status. When an object has a legal hold status of true, the object cannot be deleted regardless of the retention period. |
| RetentionTime | An ISO time giving a new retention time for the object in which the object cannot be deleted before this time. Note that the new retention time must be past the retention period given by the bucket policy or an error is returned. |
The following is an example of setting the compliance on an object:
PUT http://s3.us-east-1.myqnapcloud.io/my-bucket/my-object?complianceHTTP/1.1
<ObjectComplianceConfiguration>
<ConditionalHold>false</ConditionalHold>
<RetentionTime>2018-03-13T10:45:00Z</RetentionTime>
</ObjectComplianceConfiguration>
The compliance settings for any specific object can also be retrieved using the “?compliance” query string. In addition to the object compliance settings above, the query returns the calculated SHA256 hash for the object, which can be used to determine that the object has not been modified. Note that the SHA256 value is only available for objects that are uploaded as a single object and is not available for multi-part or composed objects.
The following is an example of getting the compliance on an object:
GET http://s3.us-east-1.myqnapcloud.io/my-bucket/my-object?complianceHTTP/1.1
Response body:
<ObjectComplianceConfiguration xml ns="http://s3.amazonaws.com/doc/2006-03-01/">
<RetentionTime>2016-10-31T15:08:05Z</RetentionTime>
<ConditionalHold>false</ConditionalHold>
<LegalHold>false</LegalHold>
<SHA256>14b4be3894e92166b508007b6c2e4fb6e88d3d0ad652c76475089a50ebe6e33b</SHA256>
</ObjectComplianceConfiguration>
The object compliance settings also appear in the bucket listings when the bucket has compliance enabled.
Object Lock with myQNAPcloud Object S3 API
You can add or update the object lock settings for an object using the tags described below.
|
| RetainUntilDate | This defines the retention time for an object. The object cannot be deleted before this time. Note that the retention time must be in the future. |
| LegalHold | This should be either ON or OFF, which is not case-sensitive. |
The following is an example of setting the object locking configuration on an object:
PUT https://s3.us-east-1.myqnapcloud.io/qa.objectlock.002/beta_vpn.png?retention&versionId= 001617181245457483475-4ylsTbqqvP
<Retention>
<Mode>compliance</Mode>
<RetainUntilDate>2021-04-06T09:00:45Z</RetainUntilDate>
</Retention>
The following is an example of setting legal hold for an object:
PUT https://s3.us-east-1.myqnapcloud.io/qa.objectlock.002/beta_vpn.png?legal-hold&versionId=001617181245457483475-4ylsTbqqvP
<LegalHold>
<Status>ON</Status>
</LegalHold>
The following is an example of setting governance mode for an object:
PUT https://s3.us-east-1.myqnapcloud.io/qa.objectlock.002/public/ACL.PNG?retention
<Retention>
<Mode>governance</Mode>
<RetainUntilDate>2021-05-20T09:00:45Z</RetainUntilDate>
</Retention>
The “x-amz-bypass-governance-retention =true” header must be included whenever you want to override governance settings for an object.
Service URLs for myQNAPcloud Object Storage Regions
The myQNAPcloud service URLs for myQNAPcloud Object's different storage regions are:
Americas
| Region | Service URL |
|---|
| US East 1 (N. Virginia) | s3 .us-east-1.myqnapcloud.io |
| US Central 1 (Texas) | s3.us-central-1. myqnapcloud.io |
| US West 1 (Oregon) | s3.us-west-1. myqnapcloud.io |
| CA Central 1 (Toronto) | s3.ca-central-1. myqnapcloud.io |
EMEA
| EU Central 1 (Amsterdam) | s3.eu-central-1. myqnapcloud.io |
| EU Central 2 (Frankfurt) | s3.eu-central-2. myqnapcloud.io |
| EU West 1 (London) | s3.eu-west-1. myqnapcloud.io |
| EU West 2 (Paris) | s3.eu-west-2. myqnapcloud.io |
| EU West 3 (London) | s3.eu-west-3. myqnapcloud.io |
| EU South 1 (Milan) | s3.eu-south-1. myqnapcloud.io |
APAC
| AP Northeast 1 (Tokyo) | s3.ap-northeast-1. myqnapcloud.io |
| AP Northeast 2 (Osaka) | s3.ap-northeast-2. myqnapcloud.io |
| AP Southeast 1 (Singapore) | s3.ap-southeast-1. myqnapcloud.io |
| AP Southeast 2 (Sydney) | s3.ap-southeast-2. myqnapcloud.io |
The myQNAPcloud Object Management Console can be reached through myQNAPcloud Portal.
If you are looking for the correct service URL to use with your third-party storage application, you should choose the one that matches your bucket location.
When working with third-party storage applications, you should be aware that these applications have different methods to handle storage region service URLs. These methods include:
- Applications that allow you to explicitly enter in the service URL. These applications are the most flexible because you can easily configure new service URLs as they become available.
- Applications that only allow you to choose from a pre-built list of storage regions. These applications are the least flexible because, if a storage provider implements a new region, you have to wait for an application update to get access to the new region. If your storage application does not support all of the myQNAPcloud Object storage regions on their predefined region lists, contact the application vendor (not QNAP) to ask them for support.
- Applications that only allow you to enter in your API key set and then offer up all of the buckets in your account. These applications provide flexibility but do require some automatic redirects to perform at the HTTP level.
Object Replication with myQNAPcloud Object S3 API
GET Object Tagging
myQNAPcloud Object supports functionality to fetch the tag set of an object when the object:
- Does not have any tags
- Does have tags
When the Object Does Not Have Any Tags
GET https://s3.myqnapcloud.io/my_bucket/Test-object1.txt?tagging
Response body:
<?xml version="1.0" encoding="UTF-8"?>
<Tagging>
<TagSet></TagSet>
</Tagging>
Status 200 OK
When the Object Has Tags
GET https://s3.myqnapcloud.io/my_bucket/Test-object2.pdf?tagging
Response body:
<!--?xml version="1.0" encoding="UTF-8"?-->
<Tagging>
<TagSet>
<Tag>
<Key>key2</Key>
<Value>value2</Value>
</Tag>
<Tag>
<Key>key1</Key>
<Value>value1</Value>
</Tag>
</TagSet>
</Tagging>
PUT Object Tagging
myQNAPcloud Object supports functionality for:
- Adding the tag value of an existing object in a bucket
- Appending the tag value of an existing object in a bucket
Adding the Tag Value of an Existing Object in a Bucket
PUT https://s3.myqnapcloud.io/my_bucket/Test-object3.pdf?tagging
Content-Type: text/xml
Response body:
<Tagging xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<TagSet>
<Tag>
<Key>tag1</Key>
<Value>value1</Value>
</Tag>
</TagSet>
</Tagging>
Appending the Tag Value of an Existing Object in a Bucket
In this example, an existing object already has the tag value of “key5” –“value5”, You can append a new tag pairs along with the existing pair.
PUT https://s3.myqnapcloud.io/my_bucket/Test-object4.jpg?tagging
Content-Type: text/xml
Response body:
<Tagging xmlns="http://s3.myqnapcloud.io/doc/2006-03-01/">
<TagSet>
<Tag>
<Key>key5</Key>
<Value>value5</Value>
</Tag>
<Tag>
<Key>key6</Key>
<Value>value6</Value>
</Tag>
</TagSet>
</Tagging>
Status 200 OK
To PUT tags of any other version, use the versionId query parameter.
DELETE Object Tagging
This removes the entire tag set from the specified object.
DELETE https://s3.myqnapcloud.io/my_bucket/Test-object5.pdf?tagging
Response body:
<empty>
Status 204 No Content
To delete tags of any other version, use the versionId query parameter.
Object Tagging with myQNAPcloud Object API
Get Object Tagging
myQNAPcloud Object supports functionality to fetch the tag set of an object when the object:
- Does not have any tags
- Does have tags
When the object does not have any tags
GET
https://s3.myqnapcloud.io/my_bucket/Test-object1.txt?tagging
Response body:
<?xml version="1.0" encoding="UTF-8"?>
<Tagging>
<TagSet></TagSet>
</Tagging>
Status 200 OK
When the object has Tags
GET
https://s3.myqnapcloud.io/my_bucket/Test-object2.pdf?tagging
Response body:
<!--?xml version="1.0" encoding="UTF-8"?-->
<Tagging>
<TagSet>
<Tag>
<Key>key2</Key>
<Value>value2</Value>
</Tag>
<Tag>
<Key>key1</Key>
<Value>value1</Value>
</Tag>
</TagSet>
</Tagging>
PUT Object Tagging
myQNAPcloud Object supports functionality for:
- Adding the tag value of an existing object in a bucket
- Appending the tag value of an existing object in a bucket
Adding the tag value of an existing object in a bucket
PUT
https://s3.myqnapcloud.io/my_bucket/Test-object3.pdf?tagging
Content-Type: text/xml
Response body:
<Tagging xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<TagSet>
<Tag>
<Key>tag1</Key>
<Value>value1</Value>
</Tag>
</TagSet>
</Tagging>
Appending the Tag Value of an Existing Object in a Bucket
In this example, an existing object already has the tag value of “key5” –“value5”, You can append a new tag pair along with the existing pair.
PUT
https://s3.myqnapcloud.io/my_bucket/Test-object4.jpg?tagging
Content-Type: text/xml
Response body:
<Tagging xmlns="http://s3.myqnapcloud.io/doc/2006-03-01/">
<TagSet>
<Tag>
<Key>key5</Key>
<Value>value5</Value>
</Tag>
<Tag>
<Key>key6</Key>
<Value>value6</Value>
</Tag>
</TagSet>
</Tagging>
Status 200 OK
To PUT tags of any other version, use the versionId query parameter.
DELETE Object Tagging
This removes the entire tag set from the specified object.
DELETE
https://s3.myqnapcloud.io/my_bucket/Test-object5.pdf?tagging
Response body:
<empty>
Status 204 No Content
To delete tags of any other version, use the versionId query parameter.
Further Reading
Given its compatibility with AWS S3, the official AWS documentation for S3 serves as a complementary resource when working with myQNAPcloud Object. Refer to the Amazon Simple Storage Service API Reference for details on the API version 2006-03-01:
Amazon Simple Storage Service API Reference
适用产品
myQNAPcloud Object
什么是 myQNAPcloud Object?
myQNAPcloud Object 是一种基于云的对象存储服务,旨在为广泛的应用和使用场景提供高性能、可靠和安全的数据存储。该服务兼容亚马逊网络服务简单存储服务(AWS S3)API,确保与 S3 兼容的应用程序和网关设备无缝集成。
myQNAPcloud Object 专为寻求成本效益和高效数据存储基础设施的个人和组织量身定制。设计用于与 S3 兼容的应用程序一起工作,myQNAPcloud Object 使用户能够利用熟悉的工具和工作流程,同时受益于 QNAP 生态系统的可靠性和灵活性。
- 兼容性:myQNAPcloud Object 设计为兼容 AWS S3 API,确保现有的 AWS S3 兼容应用程序可以无缝工作。
- 性能:myQNAPcloud Object 提供优化的高性能存储解决方案,注重可靠性和效率。
关于 myQNAPcloud Object S3 API 指南
虽然 myQNAPcloud Object 与 AWS S3 紧密对齐,但某些功能可能已增强或以不同方式实现。本指南旨在阐明这些细微差别,以帮助用户较大化 myQNAPcloud Object 的潜力。
本指南使用涉及访问特定 myQNAPcloud Object 区域的 Bucket 的示例。有关区域特定端点和服务 URL 的更多信息,请参阅“myQNAPcloud Object 存储区域的服务 URL”。
注意
- 区域 URL:访问 Bucket 时,请确保使用特定于创建桶的 myQNAPcloud Object 存储区域的 URL。使用不正确的 URL 可能允许 GET 请求,但可能导致 PUT 或 DELETE 操作错误。请参阅 [服务 URL myQNAPcloud Object 存储区域]。
- ASW IAM:与 AWS 不同,myQNAPcloud Object 不支持 AWS IAM(身份和访问管理)。因此,本指南专注于 S3 API 兼容性,不涉及 IAM 相关功能。
REST API 简介
主机指定
myQNAPcloud Object 支持路径风格和虚拟风格请求,类似于 AWS S3。需要一个独特的主机名(例如,s3.us-east-1.myqnapcloud.io 与 s3.amazonaws.com)。我们建议使用路径风格请求,如本指南中的所有示例所示(例如,http://s3.us-east-1.myqnapcloud.io/my-bucket/my-object),因为路径风格请求在桶命名上提供更大的灵活性,避免域名冲突。
始终一致
与 AWS S3 的强一致性模型不同,myQNAPcloud Object 提供“始终一致”的操作视图。这确保任何操作后续操作将产生一致结果。例如,删除对象(DELETE 操作)后,执行后续 HEAD 请求将始终确认对象已删除,消除额外编程等待操作完成的需要。
请求认证
myQNAPcloud Object 支持自主和签名版本 2 和 4,与 AWS S3 兼容,用于头和查询参数。虽然签名版本 4 提供更好的安全性,但由于计算 SHA256 哈希的开销需要更多计算资源。如果性能至关重要,可以使用签名版本 2,MD5(作为 ETag 头返回)确保数据完整性。
对于版本 4 签名请求,所有地区都支持 myQNAPcloud Object 签名请求。
myQNAPcloud Object 不支持浏览器上传或 HTML 表单请求的签名,因为这些操作目前不支持。
对于版本 2 签名,以下子资源键在请求中指定为查询参数:
- append
- compose
- force_delete=true
在计算 PutObject 和 DeleteBucket 操作的签名时,必须包含这些查询参数。
错误响应
myQNAPcloud Object 尽可能使用与 AWS S3 兼容的错误响应。也可能提供额外的错误代码以增强功能。
HTTP 错误代码
| 错误代码 | myQNAPcloud Object 描述 | HTTP 状态代码 |
|---|
| 不可用 | 暂时不可用 | 503 |
| 不可恢复 | 数据不可恢复 |
|
| 未实现 | 未实现 | 501 |
| 数据库实体未找到 | 没有这样的实体 | 404 |
| 数据库实体已找到 | 实体已存在 | 409 |
| 断开错误 | 连接已关闭 | 410 |
| 状态内部服务器错误 | 内部错误:我们遇到了内部错误。请联系客户支持。 | 500 |
| 状态禁止访问 | 访问被拒绝 | 403 |
| 禁止访问 |
| 账户未激活 |
| 账户问题 |
| 身份验证锁定:尝试使用错误凭证访问账户的次数过多。请五分钟后再试。 |
| 无效访问密钥 ID:您提供的 AWS 访问密钥 ID 在我们的记录中不存在。 |
| 无效认证码:设备的认证码无效。 |
| 请求时间偏差过大:请求时间与当前时间的差异过大。 |
| 无效对象状态:该操作对当前对象状态无效。 |
| 状态错误请求 | 授权头格式错误 | 400 |
| 授权查询参数错误 |
| 错误摘要:您指定的 Content-MD5 与我们收到的不匹配。 |
| 错误请求:解析 HTTP 请求时发生错误。 |
| 签名不完整:请求必须包含符合 AWS 标准的签名。 |
| 无效操作 |
| 无效参数 |
| 无效摘要:您指定的 Content-MD5 无效。 |
| 无效输入 |
| 无效参数值:为输入参数提供了无效或超出范围的值。 |
| 无效请求 |
| 格式错误的策略 |
| 格式错误的策略文档 |
| 密码策略违规 |
| 验证错误 |
| X Amz Content SHA256 不匹配:提供的 'x-amz-content-sha256' 头与计算结果不匹配。 |
| 不允许加密:用户提供的加密密钥在此操作中不允许。 |
| 对象使用了一种服务器端加密形式存储。必须提供正确的参数才能检索对象。 |
| 实体过大:您提议的上传超过了允许的较大大小。 |
| 实体过小:您提议的上传小于允许的较小大小。 |
| 非法合规请求 |
| 非法版本配置异常:请求中指定的版本配置无效。 |
| 主体不完整:您未提供 Content-Length HTTP 头指定的字节数。 |
| 无效 ACL 请求:设置 ACL 时必须仅提供 ACL 头或 XML 主体之一。 |
| 无效参数 |
| 无效存储桶名称:指定的存储桶无效。 |
| 无效加密算法错误:您指定的加密请求无效。支持的值:AES256。 |
| 无效部件顺序:部件列表不是升序排列。部件必须按部件号排序。 |
| 无效部件:无法找到一个或多个指定的部件。部件可能未上传,或指定的实体标签可能与部件的实体标签不匹配。 |
| 无效策略文档:表单内容不符合策略文档中指定的条件。 |
| 密钥过长错误:您的密钥过长。 |
| 日志存储桶同一所有者:日志目标存储桶必须与被记录的存储桶拥有同一所有者。 |
| XML 格式错误:您提供的 XML 格式不正确或未通过我们发布的模式验证。 |
| 元数据过大:您的元数据头超过了允许的较大元数据大小。 |
| 请求超时:您的服务器套接字连接在超时时间内未进行读取或写入操作。 |
| 过多的 Bucket:您尝试创建的 Bucket 数量超过允许的限额。 |
| 组件过多:一个复合对象不能超过 1024 个组件。 |
| 无法通过电子邮件地址授予权限:您提供的电子邮件地址与记录中的任何账户不匹配。 |
| 存储配额超出:您的账户已超过其存储限制。 |
| 存储桶账户不活跃:拥有此存储桶的账户不活跃。 |
| 状态消失 | 连接关闭:网络连接已关闭。 | 410 |
| 状态无法处理的实体 | 数据无法恢复:请求中的数据无法恢复。请联系客户支持。 | 422 |
| 状态冲突 | 删除冲突 | 409 |
| 实体已存在 |
| 实体暂时不可修改:该实体暂时不可修改。请稍后再试。 |
| 超出限制 |
| 操作中止:当前有一个冲突的条件操作正在进行。请重试。 |
| 存储桶已存在 |
| 存储桶不为空 |
| 合规设置已锁定:合规设置现已锁定,无法更改。 |
| 状态未找到 | 无此实体 | 404 |
| 无此生命周期配置:生命周期配置不存在。 |
| 无此存储桶:指定的存储桶不存在。 |
| 无此存储桶策略:存储桶策略不存在。 |
| 无此密钥:指定的密钥不存在。 |
| 无此复制配置:复制配置不存在。 |
| 无此标签集错误:存储桶没有关联的标签集。 |
| 无此上传:指定的上传不存在。上传 ID 可能无效,或者上传可能已被中止或完成。 |
| 无此版本:指定的版本不存在。 |
| 状态未实现 | 未实现:您提供的头信息暗示了未实现的功能。 | 501 |
| 状态服务不可用 | 暂时不可用:此操作的资源暂时不可用。请稍后再试。 | 503 |
| 状态已找到 | 密钥已存在 | 302 |
| 状态方法不允许 | 方法不允许:除账户所有者外,此方法不允许使用。 | 405 |
| 方法不允许:指定的方法不允许用于此资源。 |
| 状态需要长度 | 缺少内容长度:您必须提供 Content-Length HTTP 头。 | 411 |
TCP 错误代码
myQNAPcloud Object 支持以下 TCP 错误代码:
在 myQNAPcloud Object 中不支持
| 操作 | 描述 |
|---|
| SOAP | AWS S3 已弃用对 SOAP 的支持,myQNAPcloud Object 不支持任何 SOAP 操作。 |
使用 myQNAPcloud Object S3 API 对 Bucket 进行操作
对 Bucket 的操作包括:删除、重命名和记录 Bucket,以及跨域资源共享(CORS)支持、生命周期策略、对象锁定和合规性。
强制删除存储桶
AWS S3 不允许您删除包含未删除对象的存储桶。
myQNAPcloud Object 提供强制删除选项,首先删除存储桶中的所有对象,然后删除存储桶。对象的删除受存储桶的策略和合规性要求约束。
要使用强制删除选项,只需将其添加为查询字符串。例如:
DELETE http://s3.us-east-1.myqnapcloud.io/my-bucket?force_delete=true HTTP/1.1
重命名存储桶
AWS S3 不支持重命名 Bucket。它仅支持重命名存储桶中的对象。
myQNAPcloud Object 支持重命名 Bucket。新的存储桶名称必须未被使用才能成功重命名。调用者必须具有 s3:CreateBucket 策略权限才能重命名存储桶。
要重命名存储桶,请使用 HTTP 方法 MOVE,并使用头字段“Destination”提供新的存储桶名称。例如:
移动 http://s3.us-east-1.myqnapcloud.io/my_old_bucket HTTP/1.1
目标:my_new_bucket
MFA(多因素认证)删除
myQNAPcloud Object 支持“x-amz-mfa”标头,同时:
- 配置存储桶版本控制,或
- 删除与 AWS S3 兼容的对象删除请求。
如果用户的访问凭证通过 MFA 进行身份验证,则 myQNAPcloud Object 不需要“x-amz-mfa”标头。myQNAPcloud Object 仅支持虚拟 MFA 设备。
Bucket 的较大数量
标准 AWS S3 仅支持 100 个 Bucket。
myQNAPcloud Object 每个账户允许较多 1000 个 Bucket,此数量可通过联系 myQNAPcloud Object 客户支持进行增加。
存储桶日志记录
myQNAPcloud Object 支持存储桶日志记录,该功能会创建一个文本日志文件,记录对存储桶的所有访问。日志文件的格式与 AWS S3 日志文件相同。
myQNAPcloud Object 存储桶日志记录不需要任何 ACL 权限设置即可将日志存储在目标存储桶中。虽然可以在日志请求或 ACL 中设置权限,但在 myQNAPcloud Object 中日志记录工作不需要这些设置。然而,作为日志文件目标的存储桶必须与被记录的存储桶在同一账户内。
存储桶跨域资源共享(CORS)支持
为了与浏览器访问 myQNAPcloud Object 作为 Web 服务器的兼容性,当 HTTP 请求中提供“Origin”头时,myQNAPcloud Object 服务器将返回 CORS 头。此外,服务器支持在 Bucket 或对象上使用 HTTP 方法 OPTIONS,以返回浏览器在访问 myQNAPcloud Object 之前进行预检测试所需的 CORS 头。
与 AWS 不同,myQNAPcloud Object 返回的设置将允许浏览器访问 myQNAPcloud Object。因此,myQNAPcloud Object 不支持 AWS 允许在 URL 中使用“cors”参数进行 PUT 和 GET 操作的功能。请注意,允许浏览器访问数据不会影响对任何对象的访问安全性,所有访问策略仍将被执行。
以下是当 HTTP 请求中提供“Origin”头时默认返回的 HTTP 头:
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: GET, HEAD, POST, PUT, DELETE, MOVE, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: *
Access-Control-Max-Age: 86400
生命周期策略
生命周期功能建立了一个生命周期策略,通过规则定义您希望 myQNAPcloud Object 在对象生命周期中采取的行动。此功能替代了在保留期后手动删除对象的需求。
配置生命周期设置
桶的生命周期设置通过 "put-bucket-lifecycle-configuration" 命令进行配置。例如:
$ aws s3api put-bucket-lifecycle-configuration --bucket 1-1-1-1 --endpoint-url https://s3.us-east-1.myqnapcloud.io --lifecycle-configuration file://lifecycle.json
{
"Rules": [
{
"Expiration": {"Days": 1},
"ID": "lifecycle_rule_1",
"Filter": {
"And": {
"ObjectSizeGreaterThan": 1,
"ObjectSizeLessThan": 21474836480
}
},
"Status": "Enabled"
},
{
"Expiration": {"Days": 1},
"ID": "object_lifecycle_rule_bucket_6807766",
"Filter": {"Prefix": "1"},
"Status": "Enabled"
}
]
}
这是另一个示例:
PUT https://s3.us-east-1.myqnapcloud.io/1-1-1-1?lifecycle <lifecycleconfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/"> <rule> <expiration> <days>1</days> </expiration> <id>lifecycle_rule_1</id> <filter> <and> <objectsizegreaterthan>1</objectsizegreaterthan> <objectsizelessthan>21474836480</objectsizelessthan> </and> </filter> <status>Enabled</status> </rule> <rule> <expiration> <days>1</days> </expiration> <id>object_lifecycle_rule_bucket_6807766</id> <filter> <prefix>1</prefix> </filter> <status>Enabled</status> </rule> </lifecycleconfiguration>
此调用没有响应主体。
检索生命周期设置
可以使用 "get-bucket-lifecycle-configuration" 命令检索存储桶的生命周期设置。例如:
$ aws s3api get-bucket-lifecycle-configuration --bucket 1-1-1-1 --endpoint-url https://s3.us-east-1.myqnapcloud.io
{
"Rules": [
{
"Expiration": {"Days": 1},
"ID": "lifecycle_rule_1",
"Filter": {
"And": {
"ObjectSizeGreaterThan": 1,
"ObjectSizeLessThan": 21474836480
}
},
"Status": "Enabled"
},
{
"Expiration": {"Days": 1},
"ID": "object_lifecycle_rule_bucket_6807766",
"Filter": {"Prefix": "1"},
"Status": "Enabled"
}
]
}
这是另一个例子:
GET https://s3.us-east-1.myqnapcloud.io/1-1-1-1?lifecycle <?xml version="1.0" encoding="UTF-8"?> <lifecycleconfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/"> <rule> <expiration> <days>1</days> </expiration> <id>lifecycle_rule_1</id> <filter> <and> <objectsizegreaterthan>1</objectsizegreaterthan> <objectsizelessthan>21474836480</objectsizelessthan> </and> </filter> <status>Enabled</status> </rule> <rule> <expiration> <days>1</days> </expiration> <id>object_lifecycle_rule_bucket_6807766</id> <filter> <prefix>1</prefix> </filter> <status>Enabled</status> </rule> </lifecycleconfiguration>
删除生命周期设置
可以使用 "delete-bucket-lifecycle" 命令删除存储桶的生命周期设置。例如:
$ aws s3api delete-bucket-lifecycle --bucket 1-1-1-1 --endpoint-url https://s3.us-east-1.myqnapcloud.io
此调用没有响应正文。
对象锁定
myQNAPcloud Object 支持一种对象锁定,可以在固定时间或期内防止对象版本的删除或覆盖。
| 标签 | 描述 |
|---|
| 对象锁配置 | 这是对象锁定配置的必需根级标签。 |
| 对象锁启用 | 此标签必须配置为启用。 |
| 规则 | 这指定了桶的对象锁定规则。它需要模式和期限。期限可以是天或年,但必须选择一个。不能同时指定天和年。
模式应为合规或治理。 |
桶的对象锁定设置通过使用“?object-lock”查询字符串以及请求中的 XML 主体指定。例如:
PUT https://s3.us-east-1.myqnapcloud.io/qa.objectlock.002/?object-lock HTTP/1.1 <objectlockconfiguration> <objectlockenabled>启用</objectlockenabled> <rule> <defaultretention> <mode>合规</mode> <days>10</days> </defaultretention> </rule> </objectlockconfiguration>
可以通过获取带有“?object-lock”查询字符串的桶来检索桶的对象锁定设置。例如:
GET https://s3.us-east-1.myqnapcloud.io/qa.objectlock.002/?object-lock HTTP/1.1
响应主体:
<?xml version="1.0" encoding="UTF-8"?> <objectlockconfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/"> <objectlockenabled>启用</objectlockenabled> <rule> <defaultretention> <mode>合规</mode> <days>10</days> </defaultretention> </rule> </objectlockconfiguration>
还有每个对象的对象锁定设置描述在对象操作。
可以使用“?object-lock”查询字符串清除桶的对象锁定设置。例如:
PUT https://s3.us-east-1.myqnapcloud.io/qa.objectlock.002/?object-lock HTTP/1.1
响应正文:
<objectlockconfiguration> <objectlockenabled>启用</objectlockenabled> <rule> <defaultretention> <mode></mode> <days></days> </defaultretention> </rule> </objectlockconfiguration>
myQNAPcloud Object 合规
myQNAPcloud Object 支持一种合规策略,该策略防止删除对象,并提供额外的信息以证明自写入以来原始数据未被修改。合规功能可能是某些法规需求所必需的,但也有助于防止意外的数据删除。
合规与桶的对象锁定设置不同。
您可以在任何桶上设置合规策略,控制存储在该桶中的所有对象。使用以下 XML 标签指定桶的合规策略。
| 标签 | 描述 |
|---|
| 状态 | 使用“启用”或“禁用”分别打开或关闭合规。启用后将立即应用于桶中的所有对象。 |
| 锁定时间 | 合规设置被“锁定”的时间——设置不能通过任何 API 调用减少。一旦设置被锁定,除非有 QNAP 客户支持的介入,否则无法解锁。锁定时间允许您支持两种使用情况:- 在锁定合规功能之前测试您的软件是否正常工作;或
- 永不锁定,这意味着可以通过额外步骤管理员关闭合规来删除数据。
锁定时间参数可以是:- ISO 日期(例如,2016-11-07T15:08:05Z),
- 字符串“现在”以强制立即锁定,或
- 字符串“关闭以不锁定合规设置。这是默认设置。
|
| 保留天数 | 一个整数,表示对象在创建日期或解除条件保留后始终保留的较少天数。您可以延长任何单个对象的保留日期,但不能缩短日期。此参数始终是必需的。 |
| 条件保留 | 一个布尔值(“true”或“false”),指示新创建的对象是否被置于条件保留状态,这意味着在明确关闭条件保留之前,它们不能被删除。如果未提供此参数,则默认值为 false。请注意,即使设置已锁定,此设置也可以更改。 |
桶的合规设置通过“?compliance”查询字符串以及请求中的 XML 主体来指定。例如:
PUT http://s3.us-east-1.myqnapcloud.io/my-bucket?complianceHTTP./1.1 <bucketcomplianceconfiguration> <status>enabled</status> <locktime>off</locktime> <retentiondays>365</retentiondays> <deleteafterretention>true</deleteafterretention> </bucketcomplianceconfiguration>
启用桶的合规性后,策略会立即应用于桶中的所有对象。尝试在保留期之前删除对象将返回错误。
可以通过使用“?compliance”查询字符串获取桶来检索桶的合规设置。例如:
GET http://s3.us-east-1.myqnapcloud.io/my-buck?complianceHTTP/1.1
响应主体:
<bucketcomplianceconfiguration xml ns="http://s3.amazonaws.com/doc/2006-03-01/"> <status>enabled</status> <locktime>2016-11-07T15:08:05Z</locktime> <islocked>false</islocked> <retentiondays>0</retentiondays> <conditionalhold>false</conditionalhold> <deleteafterretention>false</deleteafterretention> </bucketcomplianceconfiguration>
每个对象的合规设置也在对象操作中描述。
Bucket 上的操作在 myQNAPcloud Object 中不支持
| 操作 | 描述 |
|---|
| 存储桶标签 | 存储桶标签在 myQNAPcloud Object 中当前不可用。 |
| 存储桶网站 | 网站配置在 myQNAPcloud Object 中不可用。鉴于 myQNAPcloud Object 作为长期对象存储的性质,我们不期望支持网站操作到 Bucket。在任何对象请求中,头信息 "x-amz-website-redirect-location" 会被忽略。 |
| 存储桶加速 | myQNAPcloud Object 未实现 AWS S3 存储桶加速子资源。 |
| 存储桶请求付款 | myQNAPcloud Object 不支持对 Bucket 使用 "requestPayment" 子资源。 |
| 指标配置 | myQNAPcloud Object 不支持接收一分钟 CloudWatch 指标、设置 CloudWatch 警报以及访问 CloudWatch 仪表板以查看您的 Amazon S3 存储的近实时操作和性能的操作。 |
S3 阻止公共访问 | myQNAPcloud Object 不支持集中阻止现有公共访问(无论是通过 ACL 还是策略实现)并确保新创建的项目不会被意外授予公共访问的操作。 |
| S3 选择 | myQNAPcloud Object 不支持 S3 Select API。 |
使用 myQNAPcloud Object S3 API 对对象进行操作
对象操作包括重命名、合并、追加和删除对象,以及加密、存储类、对象锁定和合规性。
重命名对象
myQNAPcloud Object 支持移动对象的功能,实际上是通过更改键来重命名对象。这消除了先复制对象然后删除原始对象的两步过程。调用者必须在桶上具有 s3:PutObject 策略权限才能重命名对象。
要重命名对象,请使用 HTTP 方法 MOVE,并在请求头中使用以下参数来影响移动操作。
|
| 覆盖 | 一个布尔值,当为“true”时,允许覆盖具有相同键的目标对象。否则,会生成错误,原始键不会更改。 |
| X-Wasabi-Quiet | 一个布尔值,当为“true”时,XML 状态返回体仅显示遇到错误的键。否则,状态中会给出所有重命名的对象。默认值为“false”。 |
| X-Wasabi-Prefix | 一个布尔值,当为“true”时,表示 URL 中给出的源和目标是前缀——它们匹配键的较左部分。从概念上讲,前缀就像是对象的文件夹。否则,只有匹配键的对象(包括所有版本)会被重命名。默认值为“false”。 |
调用将返回结果作为响应的 XML 体。结果包括每个重命名对象的以下信息:
- 原始源键,
- 重命名目标键,
- 对象的版本 ID,以及
- 重命名操作中的任何错误。
静默选项将导致结果仅列出遇到错误的键。
下面是一个示例,将所有以前缀“TestMove-Dir2/”开头的对象重命名为新前缀“TestMove-Dir2-Renamed/
MOVE http://s3.us-east-1.myqnapcloud.io/my_bucket/TestMove-Dir2/HTTP/1.1 目标:TestMove-Dir2-Renamed/X-Wasabi-Prefix:true
响应正文:
<moveobjectresult> <sourceprefix>TestMove-Dir2/SourcePrefix> <destinationprefix>TestMove-Dir2-Renamed/DestinationPrefix> <moveobject> <sourcekey>TestMove-Dir2/SourceKey> <destinationkey>TestMove-Dir2-Renamed/DestinationKey> MoveObject> <moveobject> <sourcekey>TestMove-Dir2/Dir1/SourceKey> <destinationkey>TestMove-Dir2-Renamed/Dir1/DestinationKey> MoveObject> <moveobject> <sourcekey>TestMove-Dir2/Dir1/Obj1SourceKey> <destinationkey>TestMove-Dir2-Renamed/Dir1/Obj1DestinationKey> MoveObject> <moveobject> <sourcekey>TestMove-Dir2/Dir1/Obj2SourceKey> <destinationkey>TestMove-Dir2-Renamed/Dir1/Obj2DestinationKey> MoveObject> <moveobject> <sourcekey>TestMove-Dir2/Dir2/SourceKey> <destinationkey>TestMove-Dir2-Renamed/Dir2/DestinationKey> MoveObject> <moveobject> <sourcekey>TestMove-Dir2/Dir2/Obj1SourceKey> <destinationkey>TestMove-Dir2-Renamed/Dir2/Obj1DestinationKey> MoveObject> <moveobject> <sourcekey>TestMove-Dir2/Dir2/Obj2SourceKey> <destinationkey>TestMove-Dir2-Renamed/Dir2/Obj2DestinationKey> MoveObject> <movecount>7MoveCount> MoveObjectResult>
组合对象
myQNAPcloud Object 提供了一项功能,可以创建由其他对象组成的新对象。组合对象不是通过复制原始数据对象来形成的,而是通过将组合对象链接到数据对象来形成的。这与 AWS S3 不同,后者不提供组合对象的方法。myQNAPcloud Object 操作速度更快,并且不需要多次复制原始数据。原始组合对象可以随时删除,系统将保留原始数据,只要还有任何链接到数据。
组合对象是使用多部分上传功能创建大于 5 GB 对象的替代方案。调用者必须在桶上具有 s3:PutObject 策略权限才能组合对象。 组合对象可以由其他组合对象以及原始数据对象创建。然而,在任何一个组合对象中,原始数据对象的总数不得超过 32 个。组合对象只能链接到同一存储桶中的其他对象。
组合操作是通过 HTTP 方法 PUT 完成的,使用查询字符串参数“?compose”来指示对象是由 XML 主体中给出的对象组成的。XML 主体包含对象键的列表,以及可选的形成新对象的版本 ID。如果未提供版本 ID,则使用对象的全新版本。新对象将显示为一个对象,所有链接的数据对象被连接在一起。新的组合对象没有 ETag(即 MD5)值,这不是连接对象的 MD5,而是将所有数据对象的 MD5 一起进行哈希的结果(类似于完成多部分对象时的计算)。组合对象可能没有用户提供的加密密钥。然而,所有数据在静止时都是加密存储的。
只有组合对象中使用的元数据会产生费用。链接对象中使用的原始数据在所有链接到原始数据对象的组合对象被删除之前,按正常费率收费。
下面是一个示例,组合一个新的对象“TestComp”,由三个对象组成:“TestCompose-Data-1”、“TestCompose-Data-2”和“TestCompose-Data-3”。
PUT http://s3.wasabisys.com/my_bucket/TestCompose-Object-1?composeHTTP/1.1Content-Type:text/xml <composerequest> <component> <key>TestCompose-Data-1</key> </component> <component> <key>TestCompose-Data-2</key> </component> <component> <key>TestCompose-Data-3</key> </component> </composerequest>
追加到对象
AWS S3 不提供追加到对象的方法。
追加到现有对象是构建对象的另一种形式(参见构建对象)。调用会将主体中的数据上传到临时对象,然后创建一个新的组合对象,该对象由原始对象的数据和新上传的数据组成。如果存储桶启用了版本控制,则会创建新版本的组合对象,同时保留原始数据。如果未启用版本控制,新组合对象将替换原始对象。调用者必须在存储桶上拥有 s3:PutObject 策略权限才能追加到对象。此外,对于没有版本控制的存储桶,可能需要 s3:DeleteObject 策略权限来替换原始对象。
与组合对象类似,您只能向任何对象追加 1023 次,因为每次都会创建一个到上传数据的链接。请注意不要简单地多次向对象追加少量数据,因为每次追加的数据上传都会创建一个新的对象,可能会产生较低大小费用,并且由于小数据读取而降低性能。追加操作使用 HTTP 方法 PUT 和查询字符串参数“?append”完成。要追加的数据在请求的主体中上传。
下面是一个示例,将字符串“”追加到现有对象“TestAppend-Object”。
PUT http://s3.us-east-1.myqnapcloud.io/my-bucket/TestAppend-Object?appendHTTP/1.1Content-Length:15
PUT 对象复制使用链接
通常,要使用 AWS S3 协议重命名对象,首先使用一个键值上传对象。然后,使用从原始键值复制的新键值进行 PUT 操作,并删除原始键值的对象。
myQNAPcloud Object 自动优化此序列,通过将新键值对象链接到复制键值的原始数据来避免再次复制数据,这样可以避免更高的存储费用。因为 myQNAPcloud Object 使用链接到原始数据,任何大小的对象较多可达 5 TB 限制都可以复制,并且不需要使用多部分上传。
删除对象 MFADelete
如果在存储桶版本控制中启用了 MFADelete 选项,并且访问凭证是使用 MFA 签名的,则不需要“x-amz-mfa”(另请参见 MFA(多因素认证)删除)。
如果启用了存储桶日志记录,删除多个对象将为每个被删除的对象创建一个单独的日志条目。
获取对象响应头
任何在获取对象请求中以“response-”开头的头都会作为响应头返回(去掉字符串“response-”)。
对象服务器端加密
myQNAPcloud Object 加密所有静态存储的数据,无论请求的加密方式如何。系统将在提供时使用调用者提供的加密密钥,或者如果没有提供客户密钥,则为每个对象生成一个随机密钥加密密钥。如果客户提供了加密密钥,类似于 AWS S3,myQNAPcloud Object 不会在元数据中保留客户密钥的副本,调用者必须提供加密密钥才能读取数据。如果 myQNAPcloud Object 提供加密密钥,则调用者无需采取任何行动。
调用者可以使用头 x-amz-server-side-encryption-customer-algorithm、x-amz-server-side-encryption-customer-key 和 x-amz-server-side-encryption-customer-key-MD5 提供加密密钥。这些参数与 AWS S3 相同。
myQNAPcloud Object 不支持密钥管理服务。因此,“x-amz-server-side-encryption”以及所有“aws:kms”功能都不支持。 myQNAPcloud Object 存储数据的 MD5,无论服务器端加密如何,始终是上传的数据。
对象存储类
myQNAPcloud Object 仅提供一个存储类,与标准 AWS S3 存储类较为相似。在任何操作中返回存储类时,myQNAPcloud Object 将返回标准 AWS S3 存储类。
myQNAPcloud Object 中不支持的对象操作
|
| 对象恢复 | myQNAPcloud Object 不支持多个存储类,也不支持用于从不同存储类恢复对象的 POST 对象恢复请求。 |
| 选择对象内容 | myQNAPcloud Object 不支持基于简单结构化查询语言(SQL)语句过滤 Amazon S3 对象内容的操作。 |
| S3 批量操作 | myQNAPcloud Object 不支持用于对象管理的 S3 批量操作。 |
符合 myQNAPcloud Object S3 API
在符合性桶中,任何一个对象的符合性设置也可以在桶的符合性限制内进行更改。使用以下 XML 标签指定对象的符合性设置。
|
| 法律保留 | 一个布尔值“true”或“false”用于设置法律保留状态。当对象的法律保留状态为 true 时,无论保留期如何,该对象都不能被删除。 |
| 保留时间 | 一个 ISO 时间,用于为对象设置新的保留时间,在此时间之前对象不能被删除。请注意,新保留时间必须超过桶策略规定的保留期,否则会返回错误。 |
以下是设置对象符合性的示例:
PUT http://s3.us-east-1.myqnapcloud.io/my-bucket/my-object?complianceHTTP/1.1 <objectcomplianceconfiguration> <conditionalhold>false</conditionalhold> <retentiontime>2018-03-13T10:45:00Z</retentiontime> </objectcomplianceconfiguration>
可以使用“?compliance”查询字符串检索任何特定对象的符合性设置。除了上述对象符合性设置外,查询还返回对象的计算 SHA256 哈希值,可用于确定对象未被修改。请注意,SHA256 值仅适用于作为单个对象上传的对象,不适用于多部分或组合对象。
以下是获取对象符合性的示例:
GET http://s3.us-east-1.myqnapcloud.io/my-bucket/my-object?complianceHTTP/1.1
响应正文:
<objectcomplianceconfiguration xml ns="http://s3.amazonaws.com/doc/2006-03-01/"> <retentiontime>2016-10-31T15:08:05Z</retentiontime> <conditionalhold>false</conditionalhold> <legalhold>false</legalhold> <sha256>14b4be3894e92166b508007b6c2e4fb6e88d3d0ad652c76475089a50ebe6e33b</sha256> </objectcomplianceconfiguration>
当桶启用符合性时,对象符合性设置也会出现在桶列表中。
对象锁定与 myQNAPcloud Object S3 API
您可以使用下面描述的标签为对象添加或更新对象锁定设置。
|
| 保留至日期 | 这定义了对象的保留时间。在此时间之前,无法删除该对象。请注意,保留时间必须是未来的时间。 |
| 法律保留 | 这应该是 ON 或 OFF,不区分大小写。 |
以下是设置对象锁定配置的示例:
PUT https://s3.us-east-1.myqnapcloud.io/qa.objectlock.002/beta_vpn.png?retention&versionId= 001617181245457483475-4ylsTbqqvP <retention> <mode>合规</mode> <retainuntildate>2021-04-06T09:00:45Z</retainuntildate> </retention>
以下是设置对象法律保留的示例:
PUT https://s3.us-east-1.myqnapcloud.io/qa.objectlock.002/beta_vpn.png?legal-hold&versionId=001617181245457483475-4ylsTbqqvP <legalhold> <status>ON</status> </legalhold>
以下是设置对象治理模式的示例:
PUT https://s3.us-east-1.myqnapcloud.io/qa.objectlock.002/public/ACL.PNG?retention <retention> <mode>治理</mode> <retainuntildate>2021-05-20T09:00:45Z</retainuntildate> </retention>
每当您想要覆盖对象的治理设置时,必须包含“x-amz-bypass-governance-retention =true”头。
myQNAPcloud Object 存储地区的服务 URL
myQNAPcloud Object 的不同存储地区的 myQNAPcloud 服务 URL 如下:
美洲
| 地区 | 服务 URL |
|---|
| 美国东部 1(弗吉尼亚州北部) | s3 .us-east-1.myqnapcloud.io |
| 美国中部 1(德克萨斯州) | s3.us-central-1. myqnapcloud.io |
| 美国西部 1(俄勒冈州) | s3.us-west-1. myqnapcloud.io |
| 加拿大中部 1(多伦多) | s3.ca-central-1. myqnapcloud.io |
EMEA
| 欧盟中部 1(阿姆斯特丹) | s3.eu-central-1. myqnapcloud.io |
| 欧盟中部 2(法兰克福) | s3.eu-central-2. myqnapcloud.io |
| 欧盟西部 1(伦敦) | s3.eu-west-1. myqnapcloud.io |
| 欧盟西部 2(巴黎) | s3.eu-west-2. myqnapcloud.io |
| 欧盟西部 3(伦敦) | s3.eu-west-3. myqnapcloud.io |
| 欧盟南部 1(米兰) | s3.eu-south-1. myqnapcloud.io |
亚太地区
| 亚太东北 1(东京) | s3.ap-northeast-1. myqnapcloud.io |
| 亚太东北 2(大阪) | s3.ap-northeast-2. myqnapcloud.io |
| 亚太东南 1(新加坡) | s3.ap-southeast-1. myqnapcloud.io |
| 亚太东南 2(悉尼) | s3.ap-southeast-2. myqnapcloud.io |
myQNAPcloud Object 管理控制台可以通过 myQNAPcloud 门户访问。
如果您正在寻找与您的第三方存储应用程序一起使用的正确服务 URL,您应该选择与您的存储桶位置匹配的 URL。
在使用第三方存储应用程序时,您应该注意这些应用程序有不同的方法来处理存储区域服务 URL。这些方法包括:
- 允许您明确输入服务 URL 的应用程序。这些应用程序较灵活,因为您可以轻松配置新的服务 URL。
- 仅允许您从预设的存储区域列表中选择的应用程序。这些应用程序灵活性较低,因为如果存储提供商实施了新的区域,您必须等待应用程序更新才能访问新的区域。如果您的存储应用程序不支持其预定义区域列表中的所有 myQNAPcloud Object 存储区域,请联系应用程序供应商(而不是 QNAP)请求支持。
- 仅允许您输入 API 密钥集,然后提供您账户中所有 Bucket 的应用程序。这些应用程序提供灵活性,但需要一些自动重定向在 HTTP 级别执行。
使用 myQNAPcloud Object S3 API 进行对象复制
获取对象标签
myQNAPcloud Object 支持在对象满足以下条件时获取对象的标签集功能:
当对象没有任何标签时
获取 https://s3.myqnapcloud.io/my_bucket/Test-object1.txt?tagging
响应正文:
<?xml version="1.0" encoding="UTF-8"?> <tagging> <tagset></tagset> </tagging>
状态 200 OK
当对象有标签时
获取 https://s3.myqnapcloud.io/my_bucket/Test-object2.pdf?tagging
响应正文:
<!--?xml version="1.0" encoding="UTF-8"?--> <tagging> <tagset> <tag> <key>key2</key> <value>value2</value> </tag> <tag> <key>key1</key> <value>value1</value> </tag> </tagset> </tagging>
设置对象标签
myQNAPcloud Object 支持以下功能:
- 添加存储桶中现有对象的标签值
- 追加存储桶中现有对象的标签值
添加存储桶中现有对象的标签值
PUT https://s3.myqnapcloud.io/my_bucket/Test-object3.pdf?tagging
Content-Type: text/xml
响应正文:
<tagging xmlns="http://s3.amazonaws.com/doc/2006-03-01/"> <tagset> <tag> <key>tag1</key> <value>value1</value> </tag> </tagset> </tagging>
追加存储桶中现有对象的标签值
在此示例中,现有对象已经具有标签值“key5”–“value5”,您可以在现有对中追加新的标签对。
PUT https://s3.myqnapcloud.io/my_bucket/Test-object4.jpg?tagging
Content-Type: text/xml
响应正文:
<tagging xmlns="http://s3.myqnapcloud.io/doc/2006-03-01/"> <tagset> <tag> <key>key5</key> <value>value5</value> </tag> <tag> <key>key6</key> <value>value6</value> </tag> </tagset> </tagging>
状态 200 OK
要 PUT 其他版本的标签,请使用 versionId 查询参数。
删除对象标签
这将从指定对象中移除整个标签集。
DELETE https://s3.myqnapcloud.io/my_bucket/Test-object5.pdf?tagging
响应正文:
<empty>
状态 204 无内容
要删除其他版本的标签,请使用 versionId 查询参数。
使用 myQNAPcloud Object API 进行对象标签
获取对象标签
myQNAPcloud Object 支持在对象满足以下条件时获取标签集的功能:
当对象没有任何标签时
GET
https://s3.myqnapcloud.io/my_bucket/Test-object1.txt?tagging
响应正文:
<?xml version="1.0" encoding="UTF-8"?> <tagging> <tagset></tagset> </tagging>
状态 200 OK
当对象有标签时
GET
https://s3.myqnapcloud.io/my_bucket/Test-object2.pdf?tagging
响应体:
<!--?xml version="1.0" encoding="UTF-8"?--> <tagging> <tagset> <tag> <key>key2</key> <value>value2</value> </tag> <tag> <key>key1</key> <value>value1</value> </tag> </tagset> </tagging>
PUT 对象标签
myQNAPcloud Object 支持以下功能:
添加桶中现有对象的标签值
PUT
https://s3.myqnapcloud.io/my_bucket/Test-object3.pdf?tagging
Content-Type: text/xml
响应体:
<tagging xmlns="http://s3.amazonaws.com/doc/2006-03-01/"> <tagset> <tag> <key>tag1</key> <value>value1</value> </tag> </tagset> </tagging>
追加桶中现有对象的标签值
在此示例中,现有对象已经有标签值“key5”–“value5”,您可以在现有对中追加新的标签对。
PUT
https://s3.myqnapcloud.io/my_bucket/Test-object4.jpg?tagging
内容类型:text/xml
响应正文:
<tagging xmlns="http://s3.myqnapcloud.io/doc/2006-03-01/"> <tagset> <tag> <key>key5</key> <value>value5</value> </tag> <tag> <key>key6</key> <value>value6</value> </tag> </tagset> </tagging>
状态 200 OK
要 PUT 其他版本的标签,请使用 versionId 查询参数。
删除对象标签
这将从指定对象中移除整个标签集。
DELETE
https://s3.myqnapcloud.io/my_bucket/Test-object5.pdf?tagging
响应正文:
<empty>
状态 204 无内容
要删除其他版本的标签,请使用 versionId 查询参数。
进一步阅读
鉴于其与 AWS S3 的兼容性,官方 AWS S3 文档在使用 myQNAPcloud Object 时可作为补充资源。有关 API 版本 2006-03-01 的详细信息,请参阅 Amazon Simple 存储 Service API 参考:
Amazon Simple 存储 Service API 参考
