Set storage bucket retention periods for projects

This page shows you how to set retention periods for Google Distributed Cloud (GDC) air-gapped storage buckets.

Before you begin

A project namespace manages bucket resources in the org admin cluster. You must have a project to work with buckets and objects.

You must also have the appropriate bucket permissions to perform the following operation. See Grant bucket access.

Set a bucket retention period

Console

  1. In the navigation menu, click Object Storage.
  2. Click the name of the bucket that you want to update.
  3. Click the Configuration tab.
  4. In the Security section, next to the Retention policy field, click Edit.
  5. Edit the number of days with a value higher than the existing number of days and click Save.

CLI

By default, you can delete objects at any time. You can enable object locking with a retention period to prevent all objects in the bucket from deletion for the specified number of days. You cannot delete a bucket until you delete all objects after the retention period.

You must enable object locking when creating the bucket. You cannot enable or disable object locking after you create a bucket. However, you can modify the default object retention period.

You can create a bucket with or without enabling object locking. If you've enabled object locking, specifying a default retention period is optional.

To modify the retention period, update the Bucket.spec.buckePolicy.lockingPolicy.defaultObjectRetentionDays field in the Bucket resource.

The following is an example of updating the field in the Bucket resource:

apiVersion: object.gdc.goog/v1
kind: Bucket
metadata:
  name: BUCKET_NAME
  namespace: NAMESPACE_NAME
spec:
  description: "This bucket has a default retention period specified."
  storageClass: Standard
  bucketPolicy :
    lockingPolicy :
      defaultObjectRetentionDays: RETENTION_DAY_COUNT
----------
apiVersion: object.gdc.goog/v1
kind: Bucket
metadata:
  name: BUCKET_NAME
  namespace: NAMESPACE_NAME
spec:
  description: "This would enable object locking but not specify a default retention period."
  storageClass: Standard
  bucketPolicy :
    lockingPolicy :
----------
apiVersion: object.gdc.goog/v1
kind: Bucket
metadata:
  name: BUCKET_NAME
  namespace: NAMESPACE_NAME
spec:
  description: "This bucket does not have locking or retention enabled."
  storageClass: Standard

Any updates to the retention period apply to objects created in the bucket after the update. For pre-existing objects, the retention period does not change.

When you've enabled object locking, if you attempt to overwrite an object, you add a new version of the object. You can retrieve both object versions. To retrieve object versions, see List storage objects.

To create a write-once, read-many (WORM) bucket, refer to the WORM Bucket section.