Got it

【FusionCloud V100R006C10 】Solution Description Object Storage Service (OBS) II

Latest reply: Jan 19, 2022 10:50:54 1481 25 21 0 1

Hello, everyone!

This post will share with you the object storage service.

Common Concepts

This section describes common concepts in OBS.

Object

An object is a basic data unit of OBS. It contains both data and metadata that describes data attributes. Data uploaded to OBS is stored into buckets as objects.

An object consists of a key, metadata, and data.

· A key specifies the name of an object. An object key is a character string ranging from 1 to 1024 characters in UTF-8 format. The object key for each object in a bucket must be unique.

· Metadata provides a description of objects. Metadata contains system metadata and user metadata. All metadata is uploaded to OBS as name-value pairs.

  • System metadata is automatically generated by OBS and is used for processing object data. System metadata includes Date, Content-length, Last-modify, and Content-MD5.

  • User metadata is specified when users upload objects and is used to describe objects.

· Data is the information contained by an object.

Generally, objects are managed as files. However, as an object-based storage service, OBS does not involve files or folders. For easy data management, OBS provides a method to simulate folders. By adding a slash (/) in an object name, for example, test/123.jpg, you can simulate test as a folder and 123.jpg as the name of a file under the test folder. However, the key remains test/123.jpg.

On OBS Console, you can use folders directly.

Bucket

A bucket stores objects on OBS. OBS provides flat storage methods based on buckets and objects. All objects in a bucket are on the same logical layer, eliminating multi-layer directory structures in file systems.

OBS has three storage classes: OBS Standard, OBS Nearline, and OBS Coldline. In such a manner, OBS comprehensively meets customers' requirements on storage performance and costs. When creating a bucket, you can specify the storage class for the bucket. The storage class of all objects in a bucket is the same as that of the bucket on OBS.

On OBS, the bucket name must be unique and cannot be changed. When a bucket is created, its access control list (ACL) is generated by default. The items in the ACL include permissions of authorized users such as the read (READ), write (WRITE), and full control (FULL_CONTROL) permissions. Only authorized users can perform operations related to buckets, including creating, deleting, and viewing a bucket as well as setting the ACL of a bucket. A user can create a maximum of 100 buckets. However, the number and total size of objects in a bucket are not restricted. Users do not need to consider data expandability.

As OBS is based on REST HTTP and HTTPS, you can use uniform resource locators (URLs) to locate resources.

Figure 1 Buckets and Objects illustrates the relationship between objects and buckets on OBS.


Figure1Buckets and Objects


20180731161029589001.png

 

Region

When creating a bucket, you can specify a region (an Amazon region) for the bucket based on your requirements for the price, response latency, and request source. The specified region cannot be changed after the bucket is created.

After a bucket is created, all objects uploaded to the bucket will be stored in the data center.

Function Description

This section describes main functions and application values of OBS.

Bucket Policy

A bucket owner can compile a bucket policy to restrict the access permission for the bucket.

A bucket policy provides centralized access control over buckets and objects based on a variety of conditions, including OBS operations, applicants, resources, and other elements of a request (for example, IP address). Permissions attached to a bucket apply to all the objects in the bucket.

Individuals as well as companies can use bucket policies. When a company registers with OBS, it creates an account. Thereafter, the company becomes synonymous with the account on OBS. The account is financially responsible for the resources created by the company and its employees. The account has the power to grant bucket policy permissions and assign employees permissions based on a variety of conditions. For example, an account could create a policy that gives a user write access:

· To a particular bucket.

· From an account's specified network.

Unlike access control lists (ACLs), which can add permissions only on individual objects, bucket policies can either add or deny permissions across all objects within a bucket. With one request an account can set the permissions of any number of objects in a bucket. An account can use wildcard characters (similar to regular expression operators) on Amazon resource names (ARNs) and other values, so that an account can control access to groups of objects.

A bucket policy defines the access permission for a bucket assigned by the bucket owner. After a bucket policy is created, access requests to the bucket are controlled by the bucket policy. The bucket policy controls access requests by accepting or rejecting the requests.

Bucket policies are compiled in the JSON format.

1. Assigning specific users the permission to obtain objects in specific buckets.

In the following example, the user (whoseUser ID is ac49fefeb80247799fbaf43249eb73ed) of the account (whose Domain ID is 783fc6652cf246c096ea836694f71855) is assigned the permission to obtain all objects in bucket mybucket.

Table 1 Parameters to be modified describes the parameters that need to be manually modified in the example.

Table1 Parameters to be modified

Parameter

Description

Allow

Value of the Effect parameter, which indicates whether the permission defined in the policy is allowed or denied. The value of the Effect parameter must be Allow or Deny.

783fc6652cf246c096ea836694f71855

Domain ID. Change it based on site requirements. You can click the user name in the upper-right corner of the ServiceCenter tenant portal interface and choose My Account to view the domain ID.

NOTE:      

The domain ID is Tenant ID on the My Account page.

ac49fefeb80247799fbaf43249eb73ed

User ID. Change it based on site requirements. You can click the user name in the upper-right corner of the ServiceCenter tenant portal interface and choose My Account to view the User ID.

GetObject

Value of the Action field that indicates the operation set in the policy. The Action field indicates all operations supported by OBS and contains a string of case-insensitive characters. The value can be a wildcard character (*) that indicates all operations. For example, "Action":["s3:List*",      "s3:Get*"]. Enter a value based on site requirements.

mybucket/*

Target object on which the policy works. The object varies with site requirements. A wildcard character (*) indicates all objects in bucket mybucket.

    "Version":"2008-10-17", 

    "Id":"aaaa-bbbb-cccc-dddd", 

    "Statement":[ 

        { 

        "Effect":"Allow", 

        "Sid":"1", 

        "Principal":{ 

            "AWS":["arn:aws:iam::783fc6652cf246c096ea836694f71855:user/ac49fefeb80247799fbaf43249eb73ed"] 

        }, 

        "Action":["s3:GetObject"], 

        "Resource":"arn:aws:s3:::mybucket/*" 

        } 

    ] 

}

2. Listing objects in a bucket with conditions

In the following example, only account 219d520ceac84c5a98b237431a2cf4c2 is allowed to list objects prefixed with Obj in bucket mybucket.

Table 2 Parameters to be modified describes the parameters that need to be manually modified in the example.

Table1 Parameters to be modified

Parameter

Description

Allow

Value of the Effect parameter, which indicates whether the permission defined in the policy is allowed or denied. The value of the Effect parameter must be Allow or Deny.

219d520ceac84c5a98b237431a2cf4c2

Domain ID. Change it based on site requirements. You can click the user name in the upper-right corner of the ServiceCenter tenant portal interface and choose My Account to view the domain ID.

NOTE:      

The domain ID is Tenant ID on the My Account page.

ListBucket

Value of the Action field that indicates the operation set in the policy. The Action field indicates all operations supported by OBS and contains a string of case-insensitive characters. The value can be a wildcard character (*) that indicates all operations. For example, "Action":["s3:List*",      "s3:Get*"]. Enter a value based on site requirements.

mybucket

Target bucket on which the policy works. The bucket name varies with site requirements.

Obj

Objects that are selected by prefixes for listing. The value needs to be modified based on actual conditions.

    "Version":"2008-10-17", 

    "Id":"aaaa-bbbb-cccc-dddd", 

    "Statement":[ 

        { 

            "Effect":"Allow", 

            "Sid":"1", 

            "Principal":{"AWS":["arn:aws:iam::219d520ceac84c5a98b237431a2cf4c2:root"]}, 

            "Action":["s3:ListBucket"], 

            "Resource":"arn:aws:s3:::mybucket", 

            "Condition":{"StringEquals":{"s3:prefix":"Obj"}} 

        } 

    ] 

}

Table 3 Parameters in a bucket policy describes parameters in a bucket policy.

Table1 Parameters in a bucket policy

Parameter

Description

Mandatory or Optional

Version

The value must be consistent with that of Amazon S3. Currently, only 2008-10-17 is supported.

Optional

Id

Unique ID of the bucket policy.

Optional

Statement

Bucket policy description, which      defines complete permission control. Each bucket policy can have multiple statements, and each statement contains the following parameters:

·  Sid

·  Effect

·  Principal

·  NotPrincipal

·  Action

·  NotAction

·  Resource

·  NotResource

·  Condition

Mandatory

Effect

Whether the permission in the bucket policy statement is to accept or reject requests. The value is Allow or Deny.

Mandatory

Sid

Statement ID.

Optional

Principal/NotPrincipal

User on whom the bucket policy statement takes effect.

Select either Principal or NotPrincipalto specify the user on whom the bucket policy statement takes effect or does not take effect.

Mandatory

Action/NotAction

OBS operations on which the bucket policy statement takes effect.

Select either Action or NotAction to specify whether the bucket policy statement takes effect on the OBS      operations.

Mandatory

Resource/NotResource

Resources on which the bucket policy statement takes effect.

Select either Resource or NotResource to specify whether the bucket policy statement takes effect on the OBS resources.

Mandatory

Condition

Conditions for a statement to take effect.

Optional

That's all, thanks! 

The post is synchronized to: Surprising Cloud Computing

  • x
  • convention:

faysalji
Moderator Author Created Jul 31, 2018 08:40:24

Good explanation 【FusionCloud V100R006C10 】Solution Description Object Storage Service (OBS) II-2711195-1
View more
  • x
  • convention:

olive.zhao
Admin Created May 27, 2021 02:44:16

Summary:

Solution Description Object Storage Service (OBS)

https://forum.huawei.com/enterprise/thread-461877.html

Solution Description Object Storage Service (OBS) II 

https://forum.huawei.com/enterprise/thread-462475.html

Solution Description Object Storage Service (OBS) III 

https://forum.huawei.com/enterprise/thread-462681.html

Introduction to object storage

https://forum.huawei.com/enterprise/en/introduction-to-object-storage/thread/649673-893

HCS object storage service: HDFS

https://forum.huawei.com/enterprise/en/hcs-object-storage-service-hdfs/thread/710957-893

Differences between EVS, OBS and SFS

https://forum.huawei.com/enterprise/en/differences-between-evs-obs-and-sfs/thread/553975-893

That's all, thanks!


View more
  • x
  • convention:

Sokrin
Sokrin Created Aug 9, 2021 13:50:04 (0) (0)
 
Unicef
Unicef Created Jan 10, 2022 10:00:46 (0) (0)
 
Unicef
Unicef Created Jan 10, 2022 10:07:42 (0) (0)
 
thibay
Created May 27, 2021 08:50:52

Thanks for sharing
View more
  • x
  • convention:

Unicef
MVE Created Aug 9, 2021 13:23:59

Great
View more
  • x
  • convention:

Sokrin
Created Aug 9, 2021 13:50:11

Good links
View more
  • x
  • convention:

olive.zhao
olive.zhao Created Aug 10, 2021 00:48:51 (0) (0)
Thanks, bro!  
hugu
Created Jan 10, 2022 10:54:07

Good share
View more
  • x
  • convention:

TuanNg
Created Jan 10, 2022 12:03:16

Thanks for sharing
View more
  • x
  • convention:

bobi
Created Jan 10, 2022 12:17:41

Good one
View more
  • x
  • convention:

hanhcao
Created Jan 10, 2022 13:34:30

Great share
View more
  • x
  • convention:

123
Back to list

Comment

You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.
Information Protection Guide
Thanks for using Huawei Enterprise Support Community! We will help you learn how we collect, use, store and share your personal information and the rights you have in accordance with Privacy Policy and User Agreement.