Console
    Contact Us Start free

    Lock a bucket's retention policy

    Provides an example of how to lock a bucket's retention policy.

    Explore further

    For detailed documentation that includes this code sample, see the following:

    Code sample

    C++

    For more information, see the Cloud Storage C++ API reference documentation .

    To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries .

      namespace 
  
 gcs 
  
 = 
  
 :: 
 google 
 :: 
 cloud 
 :: 
 storage 
 ; 
 using 
  
 :: 
 google 
 :: 
 cloud 
 :: 
 StatusOr 
 ; 
 []( 
 gcs 
 :: 
 Client 
  
 client 
 , 
  
 std 
 :: 
 string 
  
 const 
&  
 bucket_name 
 ) 
  
 { 
  
 StatusOr<gcs 
 :: 
 BucketMetadata 
>  
 original 
  
 = 
  
 client 
 . 
 GetBucketMetadata 
 ( 
 bucket_name 
 ); 
  
 if 
  
 ( 
 ! 
 original 
 ) 
  
 throw 
  
 std 
 :: 
 move 
 ( 
 original 
 ). 
 status 
 (); 
  
 StatusOr<gcs 
 :: 
 BucketMetadata 
>  
 updated_metadata 
  
 = 
  
 client 
 . 
 LockBucketRetentionPolicy 
 ( 
 bucket_name 
 , 
  
 original 
 - 
> metageneration 
 ()); 
  
 if 
  
 ( 
 ! 
 updated_metadata 
 ) 
  
 throw 
  
 std 
 :: 
 move 
 ( 
 updated_metadata 
 ). 
 status 
 (); 
  
 if 
  
 ( 
 ! 
 updated_metadata 
 - 
> has_retention_policy 
 ()) 
  
 { 
  
 std 
 :: 
 cerr 
 << 
 "The bucket " 
 << 
 updated_metadata 
 - 
> name 
 () 
 << 
 " does not have a retention policy, even though the" 
 << 
 " operation to set it was successful. 
 \n 
 " 
 << 
 "This is unexpected, and may indicate that another" 
 << 
 " application has modified the bucket concurrently. 
 \n 
 " 
 ; 
  
 return 
 ; 
  
 } 
  
 std 
 :: 
 cout 
 << 
 "Retention policy successfully locked for bucket " 
 << 
 updated_metadata 
 - 
> name 
 () 
 << 
 " 
 \n 
 New retention policy is: " 
 << 
 updated_metadata 
 - 
> retention_policy 
 () 
 << 
 " 
 \n 
 Full metadata: " 
 << 
 * 
 updated_metadata 
 << 
 " 
 \n 
 " 
 ; 
 }

    C#

    For more information, see the Cloud Storage C# API reference documentation .

    To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries .

      using 
  
  Google.Cloud.Storage.V1 
 
 ; 
 using 
  
 System 
 ; 
 public 
  
 class 
  
 LockRetentionPolicySample 
 { 
  
 /// <summary> 
  
 /// Locks the retention policy of a bucket. This is a one-way process: once a retention 
  
 /// policy is locked, it cannot be shortened, removed or unlocked, although it can 
  
 /// be increased in duration. The lock persists until the bucket is deleted. 
  
 /// </summary> 
  
 /// <param name="bucketName">The name of the bucket whose retention policy should be locked.</param> 
  
 public 
  
 bool? 
  
 LockRetentionPolicy 
 ( 
 string 
  
 bucketName 
  
 = 
  
 "your-unique-bucket-name" 
 ) 
  
 { 
  
 var 
  
 storage 
  
 = 
  
  StorageClient 
 
 . 
  Create 
 
 (); 
  
 var 
  
 bucket 
  
 = 
  
 storage 
 . 
 GetBucket 
 ( 
 bucketName 
 ); 
  
 storage 
 . 
 LockBucketRetentionPolicy 
 ( 
 bucketName 
 , 
  
 bucket 
 . 
 Metageneration 
 . 
 Value 
 ); 
  
 bucket 
  
 = 
  
 storage 
 . 
 GetBucket 
 ( 
 bucketName 
 ); 
  
 Console 
 . 
 WriteLine 
 ( 
 $"Retention policy for {bucketName} is now locked" 
 ); 
  
 Console 
 . 
 WriteLine 
 ( 
 $"Retention policy effective as of {bucket.RetentionPolicy.EffectiveTime}" 
 ); 
  
 return 
  
 bucket 
 . 
 RetentionPolicy 
 . 
 IsLocked 
 ; 
  
 } 
 }

    Go

    For more information, see the Cloud Storage Go API reference documentation .

    To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries .

      import 
  
 ( 
  
 "context" 
  
 "fmt" 
  
 "io" 
  
 "time" 
  
 "cloud.google.com/go/storage" 
 ) 
 // lockRetentionPolicy locks bucket retention policy. 
 func 
  
 lockRetentionPolicy 
 ( 
 w 
  
 io 
 . 
  Writer 
 
 , 
  
 bucketName 
  
 string 
 ) 
  
 error 
  
 { 
  
 // bucketName := "bucket-name" 
  
 ctx 
  
 := 
  
 context 
 . 
 Background 
 () 
  
 client 
 , 
  
 err 
  
 := 
  
 storage 
 . 
 NewClient 
 ( 
 ctx 
 ) 
  
 if 
  
 err 
  
 != 
  
 nil 
  
 { 
  
 return 
  
 fmt 
 . 
 Errorf 
 ( 
 "storage.NewClient: %w" 
 , 
  
 err 
 ) 
  
 } 
  
 defer 
  
 client 
 . 
 Close 
 () 
  
 ctx 
 , 
  
 cancel 
  
 := 
  
 context 
 . 
 WithTimeout 
 ( 
 ctx 
 , 
  
 time 
 . 
 Second 
 * 
 50 
 ) 
  
 defer 
  
 cancel 
 () 
  
 bucket 
  
 := 
  
 client 
 . 
  Bucket 
 
 ( 
 bucketName 
 ) 
  
 attrs 
 , 
  
 err 
  
 := 
  
 bucket 
 . 
 Attrs 
 ( 
 ctx 
 ) 
  
 if 
  
 err 
  
 != 
  
 nil 
  
 { 
  
 return 
  
 fmt 
 . 
 Errorf 
 ( 
 "Bucket(%q).Attrs: %w" 
 , 
  
 bucketName 
 , 
  
 err 
 ) 
  
 } 
  
 conditions 
  
 := 
  
 storage 
 . 
  BucketConditions 
 
 { 
  
 MetagenerationMatch 
 : 
  
 attrs 
 . 
 MetaGeneration 
 , 
  
 } 
  
 if 
  
 err 
  
 := 
  
 bucket 
 . 
 If 
 ( 
 conditions 
 ). 
  LockRetentionPolicy 
 
 ( 
 ctx 
 ); 
  
 err 
  
 != 
  
 nil 
  
 { 
  
 return 
  
 fmt 
 . 
 Errorf 
 ( 
 "Bucket(%q).LockRetentionPolicy: %w" 
 , 
  
 bucketName 
 , 
  
 err 
 ) 
  
 } 
  
 lockedAttrs 
 , 
  
 err 
  
 := 
  
 bucket 
 . 
 Attrs 
 ( 
 ctx 
 ) 
  
 if 
  
 err 
  
 != 
  
 nil 
  
 { 
  
 return 
  
 fmt 
 . 
 Errorf 
 ( 
 "Bucket(%q).Attrs: lockedAttrs: %w" 
 , 
  
 bucketName 
 , 
  
 err 
 ) 
  
 } 
  
 fmt 
 . 
 Fprintf 
 ( 
 w 
 , 
  
 "Retention policy for %v is now locked\n" 
 , 
  
 bucketName 
 ) 
  
 fmt 
 . 
 Fprintf 
 ( 
 w 
 , 
  
 "Retention policy effective as of %v\n" 
 , 
  
 lockedAttrs 
 . 
  RetentionPolicy 
 
 . 
 EffectiveTime 
 ) 
  
 return 
  
 nil 
 }

    Java

    For more information, see the Cloud Storage Java API reference documentation .

    To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries .

      import 
  
 com.google.cloud.storage. Bucket 
 
 ; 
 import 
  
 com.google.cloud.storage. Storage 
 
 ; 
 import 
  
 com.google.cloud.storage. StorageException 
 
 ; 
 import 
  
 com.google.cloud.storage. StorageOptions 
 
 ; 
 import 
  
 java.util.Date 
 ; 
 public 
  
 class 
 LockRetentionPolicy 
  
 { 
  
 public 
  
 static 
  
 void 
  
 lockRetentionPolicy 
 ( 
 String 
  
 projectId 
 , 
  
 String 
  
 bucketName 
 ) 
  
 throws 
  
  StorageException 
 
  
 { 
  
 // The ID of your GCP project 
  
 // String projectId = "your-project-id"; 
  
 // The ID of your GCS bucket 
  
 // String bucketName = "your-unique-bucket-name"; 
  
  Storage 
 
  
 storage 
  
 = 
  
  StorageOptions 
 
 . 
 newBuilder 
 (). 
 setProjectId 
 ( 
 projectId 
 ). 
 build 
 (). 
  getService 
 
 (); 
  
  Bucket 
 
  
 bucket 
  
 = 
  
 storage 
 . 
  get 
 
 ( 
 bucketName 
 , 
  
 Storage 
 . 
 BucketGetOption 
 . 
 fields 
 ( 
 Storage 
 . 
 BucketField 
 . 
 METAGENERATION 
 )); 
  
  Bucket 
 
  
 lockedBucket 
  
 = 
  
 bucket 
 . 
  lockRetentionPolicy 
 
 ( 
 Storage 
 . 
 BucketTargetOption 
 . 
 metagenerationMatch 
 ()); 
  
 System 
 . 
 out 
 . 
 println 
 ( 
 "Retention period for " 
  
 + 
  
 bucketName 
  
 + 
  
 " is now locked" 
 ); 
  
 System 
 . 
 out 
 . 
 println 
 ( 
  
 "Retention policy effective as of " 
  
 + 
  
 new 
  
 Date 
 ( 
 lockedBucket 
 . 
  getRetentionEffectiveTime 
 
 ())); 
  
 } 
 }

    Node.js

    For more information, see the Cloud Storage Node.js API reference documentation .

    To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries .

      /** 
 * TODO(developer): Uncomment the following lines before running the sample. 
 */ 
 // The ID of your GCS bucket 
 // const bucketName = 'your-unique-bucket-name'; 
 // Imports the Google Cloud client library 
 const 
  
 { 
 Storage 
 } 
  
 = 
  
 require 
 ( 
 ' @google-cloud/storage 
' 
 ); 
 // Creates a client 
 const 
  
 storage 
  
 = 
  
 new 
  
 Storage 
 (); 
 async 
  
 function 
  
 lockRetentionPolicy 
 () 
  
 { 
  
 // Gets the current metageneration value for the bucket, required by 
  
 // lock_retention_policy 
  
 const 
  
 [ 
 unlockedMetadata 
 ] 
  
 = 
  
 await 
  
 storage 
 . 
 bucket 
 ( 
 bucketName 
 ). 
 getMetadata 
 (); 
  
 // Warning: Once a retention policy is locked, it cannot be unlocked. The 
  
 // retention period can only be increased 
  
 const 
  
 [ 
 lockedMetadata 
 ] 
  
 = 
  
 await 
  
 storage 
  
 . 
 bucket 
 ( 
 bucketName 
 ) 
  
 . 
  lock 
 
 ( 
 unlockedMetadata 
 . 
 metageneration 
 ); 
  
 console 
 . 
 log 
 ( 
 `Retention policy for 
 ${ 
 bucketName 
 } 
 is now locked` 
 ); 
  
 console 
 . 
 log 
 ( 
  
 `Retention policy effective as of 
 ${ 
 lockedMetadata 
 . 
  retentionPolicy 
 
 . 
 effectiveTime 
 } 
 ` 
  
 ); 
  
 return 
  
 lockedMetadata 
 ; 
 } 
 lockRetentionPolicy 
 (). 
 catch 
 ( 
 console 
 . 
 error 
 );

    PHP

    For more information, see the Cloud Storage PHP API reference documentation .

    To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries .

      use Google\Cloud\Storage\StorageClient; 
 /** 
 * Locks a bucket's retention policy. 
 * 
 * @param string $bucketName The name of your Cloud Storage bucket. 
 *        (e.g. 'my-bucket') 
 */ 
 function lock_retention_policy(string $bucketName): void 
 { 
 $storage = new StorageClient(); 
 $bucket = $storage->bucket($bucketName); 
 $bucket->reload(); 
 $bucket->lockRetentionPolicy(); 
 printf('Bucket %s retention policy locked' . PHP_EOL, $bucketName); 
 }

    Python

    For more information, see the Cloud Storage Python API reference documentation .

    To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries .

      from 
  
 google.cloud 
  
 import 
  storage 
 
 def 
  
 lock_retention_policy 
 ( 
 bucket_name 
 ): 
  
 """Locks the retention policy on a given bucket""" 
 # bucket_name = "my-bucket" 
 storage_client 
 = 
  storage 
 
 . 
  Client 
 
 () 
 # get_bucket gets the current metageneration value for the bucket, 
 # required by lock_retention_policy. 
 bucket 
 = 
 storage_client 
 . 
  get_bucket 
 
 ( 
 bucket_name 
 ) 
 # Warning: Once a retention policy is locked it cannot be unlocked 
 # and retention period can only be increased. 
 bucket 
 . 
  lock_retention_policy 
 
 () 
 print 
 ( 
 f 
 "Retention policy for 
 { 
 bucket_name 
 } 
 is now locked" 
 ) 
 print 
 ( 
 f 
 "Retention policy effective as of 
 { 
 bucket 
 . 
  retention_policy_effective_time 
 
 } 
 " 
 )

    Ruby

    For more information, see the Cloud Storage Ruby API reference documentation .

    To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries .

      def 
  
 lock_retention_policy 
  
 bucket_name 
 : 
  
 # The ID of your GCS bucket 
  
 # bucket_name = "your-unique-bucket-name" 
  
 require 
  
 "google/cloud/storage" 
  
 storage 
  
 = 
  
 Google 
 :: 
 Cloud 
 :: 
  Storage 
 
 . 
  new 
 
  
 bucket 
  
 = 
  
 storage 
 . 
 bucket 
  
 bucket_name 
  
 # Warning: Once a retention policy is locked it cannot be unlocked 
  
 # and retention period can only be increased. 
  
 # Uses Bucket#metageneration as a precondition. 
  
 bucket 
 . 
  lock_retention_policy! 
 
  
 puts 
  
 "Retention policy for 
 #{ 
 bucket_name 
 } 
 is now locked." 
  
 puts 
  
 "Retention policy effective as of 
 #{ 
 bucket 
 . 
  retention_effective_at 
 
 } 
 ." 
 end

    What's next

    To search and filter code samples for other Google Cloud products, see the Google Cloud sample browser .
    Design a Mobile Site
    View Site in Mobile | Classic
    Share by: