阅读说明：本技术 对象存储的数据保护方法、装置、设备及存储介质 (Data protection method, device and equipment for object storage and storage medium ) 是由 张健 于 2021-06-22 设计创作，主要内容包括：本公开提供一种对象存储的数据保护方法、装置、设备及存储介质,本公开方案包括：判断接收到的操作请求是否为对已存储对象的删改请求；若所述操作请求为对所述已存储对象的删改请求,则查询所述已存储对象的存储保护策略；判断所述删改请求是否符合所述存储保护策略；若所述删改请求不符合所述存储保护策略,则拒绝执行所述删改请求。此方法通过事前预防的方式,避免用户执行非法的对象删改操作,保证了数据存储的安全性。(The present disclosure provides a data protection method, device, equipment and storage medium for object storage, and the scheme of the present disclosure includes: judging whether the received operation request is a deletion request for the stored object; if the operation request is a deletion request for the stored object, inquiring a storage protection strategy of the stored object; judging whether the deletion request conforms to the storage protection strategy; and if the deletion request does not accord with the storage protection strategy, refusing to execute the deletion request. The method avoids the user from executing illegal object deleting operation in a precaution mode, and ensures the safety of data storage.)

1. A method for data protection of an object store, comprising:

judging whether the received operation request is a deletion request for the stored object;

if the operation request is a deletion request for the stored object, inquiring a storage protection strategy of the stored object;

judging whether the deletion request conforms to the storage protection strategy;

and if the deletion request does not accord with the storage protection strategy, refusing to execute the deletion request.

2. The method of claim 1, wherein the storage protection policy comprises a protection time of the stored object;

judging whether the deletion request conforms to the storage protection policy or not, including:

judging whether the time of receiving the deletion request is within the protection time;

and if the deletion request is within the protection time, determining that the deletion request does not accord with the storage protection strategy.

3. The method of claim 2, wherein the storage protection policy comprises a plurality of sub-policies, each of the sub-policies comprising a protection time of the stored object;

judging whether the time of receiving the deletion request is within the protection time or not, including:

determining the most frequent protection time in the protection times of all the sub-strategies;

and judging whether the time of receiving the deletion request is within the most frequent protection time.

4. The method of claim 3, wherein each of the sub-policies includes a validity period;

before judging whether the deletion request conforms to the storage protection policy, the method further includes:

and determining and deleting the sub-strategies which are failed according to the valid period of each sub-strategy.

5. The data protection method for the object storage according to claim 2, wherein the stored object is configured with a first storage duration; the method further comprises the following steps:

if the storage duration of the stored object reaches the first storage duration, acquiring an expiration time point;

judging whether the expiration time point is within the protection time or not;

if the expiration time point is within the protection time, prohibiting deletion of the stored object;

deleting the stored object if the expiration time point exceeds the protection time.

6. The data protection method for the object storage according to claim 5, wherein the stored object is provided with a second storage duration, and the second storage duration is shorter than the first storage duration; the method further comprises the following steps:

and if the storage duration of the stored object reaches the second storage duration and does not reach the first storage duration, performing low-frequency storage or archival storage on the stored object.

7. An apparatus for data protection of an object store, comprising:

an operation determination unit configured to determine whether the received operation request is a deletion request for the stored object;

the policy query unit is used for querying the storage protection policy of the stored object under the condition that the operation request is a deletion request of the stored object;

a compliance judging unit, configured to judge whether the deletion request conforms to the storage protection policy;

and the execution unit is used for refusing to execute the deletion request under the condition that the deletion request does not accord with the storage protection strategy.

8. The object store data protection apparatus of claim 7, wherein the storage protection policy comprises a protection time of the stored object;

and the compliance judging unit is used for determining that the deletion request does not conform to the storage protection strategy under the condition that the time point of receiving the deletion request is judged to be within the protection time.

9. The object store data protection apparatus of claim 8, wherein the storage protection policy comprises a plurality of sub-policies, each of the sub-policies comprising a protection time of the stored object; the compliance determination unit includes:

a longest time determining subunit, configured to determine the most frequent protection time among the protection times of all the sub-policies;

and the compliance judgment subunit is used for determining that the deletion request does not conform to the storage protection strategy under the condition that the time for receiving the deletion request is judged to be within the most common protection time.

10. The object store data protection apparatus of claim 9, further comprising:

and the sub-strategy deleting unit is used for determining and deleting the sub-strategies which are invalidated according to the validity period of each sub-strategy.

11. The data protection device for object storage according to claim 8, wherein the stored object is provided with a first storage duration;

the device further comprises: the expiration time calculating unit is used for acquiring an expiration time point under the condition that the storage time length of the stored object reaches the first storage time length;

the compliance judging unit is further used for judging whether the expiration time point is within the protection time;

the execution unit is further to: in the event that the expiration time point is within the protection time, refraining from deleting the stored object; and deleting the stored object if the expiration time point exceeds the protection time.

12. The data protection device for object storage according to claim 11, wherein the stored object is provided with a second storage duration, and the second storage duration is shorter than the first storage duration; the device further comprises:

and the dump unit is used for carrying out low-frequency storage or archival storage on the stored object under the condition that the storage duration of the stored object reaches the second storage duration and does not reach the first storage duration.

13. An electronic device comprising a processor and a memory;

the processor is adapted to perform the steps of the object stored data protection method of any one of claims 1 to 6 by calling a program or instructions stored in the memory.

14. A computer-readable storage medium, characterized in that it stores a program or instructions for causing a computer to execute the steps of the data protection method of an object storage according to any one of claims 1 to 6.

Technical Field

The present disclosure relates to the field of object storage technologies, and in particular, to a data protection method, apparatus, device, and storage medium for object storage.

Background

In order to ensure the security of object storage data, the currently adopted security control strategy is a set of access control mechanism and audit mechanism, which specifically includes: (1) strictly authorizing the file modification and deletion permission, and only giving the file modification and deletion permission to a person in charge who has the permission; in order to avoid data from being deleted maliciously due to key leakage, the key held by the person in charge of possessing the authority can be replaced regularly; (2) and establishing perfect database audit, and strictly recording modification and deletion operations of the storage object.

However, the foregoing access control mechanism and auditing mechanism set method only can reduce the probability of modifying or deleting a file as little as possible from the perspective of authority control, and perform operation tracing after a file is modified or deleted, and cannot prevent a stored object from being deleted.

Disclosure of Invention

In order to solve the technical problems described above or at least partially solve the technical problems, the present disclosure provides a data protection method, apparatus, device and storage medium for object storage.

In one aspect, the present disclosure provides a data protection method for object storage, including:

judging whether the received operation request is a deletion request for the stored object;

if the operation request is a deletion request for the stored object, inquiring a storage protection strategy of the stored object;

judging whether the deletion request conforms to the storage protection strategy;

and if the deletion request does not accord with the storage protection strategy, refusing to execute the deletion request.

Optionally, the storage protection policy comprises a protection time of the stored object;

judging whether the deletion request conforms to the storage protection policy or not, including:

judging whether the time of receiving the deletion request is within the protection time;

and if the deletion request is within the protection time, determining that the deletion request does not accord with the storage protection strategy.

Optionally, the storage protection policy includes a plurality of sub-policies, each of which includes a protection time of the stored object;

judging whether the time of receiving the deletion request is within the protection time or not, including:

determining the most frequent protection time in the protection times of all the sub-strategies;

and judging whether the time of receiving the deletion request is within the most frequent protection time.

Optionally, each of the sub-policies includes a validity period;

before judging whether the deletion request conforms to the storage protection policy, the method further includes:

and determining and deleting the sub-strategies which are failed according to the valid period of each sub-strategy.

Optionally, the stored object is configured with a first storage duration; the method further comprises the following steps:

if the storage duration of the stored object reaches the first storage duration, acquiring an expiration time point;

judging whether the expiration time point is within the protection time or not;

if the expiration time point is within the protection time, prohibiting deletion of the stored object;

deleting the stored object if the expiration time point exceeds the protection time.

Optionally, the stored object is provided with a second storage duration, and the second storage duration is shorter than the first storage duration; the method further comprises the following steps:

and if the storage duration of the stored object reaches the second storage duration and does not reach the first storage duration, performing low-frequency storage or archival storage on the stored object.

In another aspect, the present disclosure provides an apparatus for protecting data stored in an object, including:

an operation determination unit configured to determine whether the received operation request is a deletion request for the stored object;

the policy query unit is used for querying the storage protection policy of the stored object under the condition that the operation request is a deletion request of the stored object;

a compliance judging unit, configured to judge whether the deletion request conforms to the storage protection policy;

and the execution unit is used for refusing to execute the deletion request under the condition that the deletion request does not accord with the storage protection strategy.

Optionally, the storage protection policy comprises a protection time of the stored object;

and the compliance judging unit is used for determining that the deletion request does not conform to the storage protection strategy under the condition that the time point of receiving the deletion request is judged to be within the protection time.

Optionally, the storage protection policy includes a plurality of sub-policies, each of which includes a protection time of the stored object; the compliance determination unit includes:

a longest time determining subunit, configured to determine the most frequent protection time among the protection times of all the sub-policies;

and the compliance judgment subunit is used for determining that the deletion request does not conform to the storage protection strategy under the condition that the time for receiving the deletion request is judged to be within the most common protection time.

Optionally, the apparatus further comprises: and the sub-strategy deleting unit is used for determining and deleting the sub-strategies which are invalidated according to the validity period of each sub-strategy.

Optionally, the stored object is provided with a first storage duration;

the expiration time calculating unit is used for acquiring an expiration time point under the condition that the storage time length of the stored object reaches the first storage time length;

the compliance judging unit is further used for judging whether the expiration time point is within the protection time;

the execution unit is further to: in the event that the expiration time point is within the protection time, refraining from deleting the stored object; and deleting the stored object if the expiration time point exceeds the protection time.

Optionally, the stored object is provided with a second storage duration, and the second storage duration is shorter than the first storage duration; the device further comprises:

and the dump unit is used for carrying out low-frequency storage or archival storage on the stored object under the condition that the storage duration of the stored object reaches the second storage duration and does not reach the first storage duration.

According to the data protection method, the device, the equipment and the readable storage medium for object storage, the storage protection strategy of the stored object in the storage bucket is preset, after a deletion request for the stored object is received, the storage protection strategy of the stored object is inquired according to the deletion request, and the deletion request is refused to be executed under the condition that the deletion request does not accord with the storage protection strategy. According to the scheme, the user is prevented from executing illegal object deletion and modification operation in a precaution mode, and the safety of data storage is guaranteed.

Drawings

The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and together with the description, serve to explain the principles of the disclosure.

In order to more clearly illustrate the embodiments of the present disclosure or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly described below, and it is obvious for those skilled in the art to obtain other drawings without inventive labor;

FIG. 1 is a flow chart of a data protection method for an object store provided by an embodiment of the present disclosure;

fig. 2 is a flowchart for determining whether a deletion request conforms to a storage protection policy according to an embodiment of the present disclosure;

FIG. 3 is a partial flow chart of a data protection method for object storage according to an embodiment of the present disclosure;

FIG. 4 is a partial flow chart of a data protection method for an object store provided by an embodiment of the present disclosure;

FIG. 5 is a schematic structural diagram of a data protection apparatus for object storage according to an embodiment of the present disclosure;

fig. 6 is a schematic structural diagram of a computer device according to an embodiment of the present disclosure.

Detailed Description

In order that the above objects, features and advantages of the present disclosure may be more clearly understood, aspects of the present disclosure will be further described below. It should be noted that the embodiments and features of the embodiments of the present disclosure may be combined with each other without conflict.

The embodiment of the disclosure provides a data protection method for object storage, which configures a storage protection policy for a stored object, and determines whether a pruning operation can be performed on the stored object according to the storage protection policy.

Fig. 1 is a flowchart of a data protection method for object storage according to an embodiment of the present disclosure, and as shown in fig. 1, the data protection method for object storage according to the embodiment of the present disclosure includes steps S101 to S105.

It should be noted that the method provided by the embodiment of the present disclosure is applied to a server of a storage system to process an operation request sent from a client; the server in practical application can be a local server or a cloud server.

S101: judging whether the received operation request is a deletion request for the stored object; if yes, go to step S102.

In a specific application of the embodiment of the present disclosure, the operation request received by the server may be one of the following categories.

(1) The operation request to the bucket comprises the establishment of the bucket and the deletion of the bucket.

(2) The operation request of the object comprises the establishment of the object, the deletion of the object, the rewriting of the object or the covering of the object; wherein the rewriting of the object includes rewriting of object values, object metadata; the object value is the object itself uploaded by the client, which can be understood as the file content uploaded by the user; the object metadata is the attribute of the uploaded file, and comprises the storage type of the uploaded file, the header information of the file, a file tag, an access control list of the file and the encryption type of the file.

Among the aforementioned various possible operation requests, the operation request for the stored object includes deletion of the object, rewriting of the object, and overwriting of the object, where overwriting of the object may cause a change in the content of the object, and thus it may also be understood as rewriting of the object. In the embodiment of the present disclosure, for convenience of description, the requests for deletion of an object, rewriting of an object, and overwriting of an object are superordinate to the deletion request for a stored object.

Step S102: and if the operation request is a deletion request for the stored object, inquiring the storage protection strategy of the stored object.

In the embodiment of the disclosure, a storage protection policy of a bucket is configured in advance according to a compliance storage requirement or a security requirement of data stored in the bucket. The storage protection policy may be one of the following.

(1) A time-based storage protection policy; the time-based storage protection policy directly sets the protection time of an object. Setting a protection time for an object after the object is created in a bucket or after the object is identified as an object needing protection; within the guard time, this object is not allowed to be modified.

(2) The policy-based storage protection policy sets the list of the deletion-prohibited objects so as to distinguish the objects that can perform the deletion operation from the objects that cannot perform the deletion operation by the list of the objects. The object list is provided with a time attribute, and the protection time of each stored object in the object list can be determined through the time attribute. After the object is created, the operator determines whether to add the created object to the object list according to policy requirements, and then assigns a storage protection policy to the newly created object. In practical applications, the storage protection time can be changed by dynamically adjusting the attribute values of the time attributes of the object list as a whole.

It should be noted that the aforementioned guard time is a time interval; the starting point of the time interval can be the creation time of the object or a time specified by the user; the end of time may be a user-specified time, and in the case where the user does not specify, the end of time is set to an indefinite period.

In some embodiments of the present disclosure, according to application requirements, the stored object may configure the foregoing various storage protection policies at the same time; of course, other storage protection policies may be configured for the stored objects.

In embodiments of the present disclosure, storage protection policies may be assigned to buckets, and when an object is created within a bucket, the storage policies of the bucket are configured directly to the newly created object. Correspondingly, the storage protection strategy of the stored object is queried by searching the storage protection strategy aiming at the storage bucket arranged at the server side according to the object key of the stored object and directly taking the storage protection strategy aiming at the storage bucket as the storage protection strategy of the stored object.

S103: judging whether the deletion request conforms to a storage protection strategy or not; if yes, executing S104; if not, go to S105.

In the embodiment of the present disclosure, determining whether the modifying request meets the storage protection policy is based on the storage protection policy, and determining whether the modifying request meets the rule requirement of the storage protection policy.

Fig. 2 is a flowchart of determining whether a deletion request conforms to a storage protection policy according to an embodiment of the present disclosure, and as shown in fig. 2, determining whether a deletion request conforms to a storage protection policy in an embodiment of the present disclosure includes steps S1031 to S1033.

S1031: judging whether the time of receiving the deletion request is within the protection time; if yes, executing S1032; if not, S1033 is performed.

S1022: it is determined that the pruning request does not comply with the storage protection policy.

S1023: and determining that the pruning request conforms to the storage protection policy.

As mentioned above, in the embodiment of the present disclosure, the guard time is a time interval. In the specific application, whether the time for receiving the deletion request is within the protection time is judged, and the judgment is different according to different representation modes of forbidding the deletion request.

For example, if the guard time is represented by a start time and an end time, the time at which the erasure request is received may be compared with the start time and the end time, respectively; if the time of receiving the request for the censorship is later than the start time and earlier than the end time, determining that the time of receiving the request for the censorship is within the protection time.

For another example, if the protection time is represented by a time starting point and a time length, the actual storage duration of the stored object may be determined by subtracting the time of receiving the deletion request from the time starting point; then, comparing the actual storage time length with the time length to determine whether the deletion request is in the protection time; and if the actual storage time length is less than the time length, determining that the received deletion request is within the protection time.

Subsequently, based on whether the falsification request conforms to the storage protection policy, the following step S104 or S105 is performed.

S104: a pruning request is executed.

And executing the deletion request to perform corresponding operation on the stored object according to the deletion request. In specific applications, the following situations may be included.

(1) If the pruning request is a file overwrite write operation, the object data (i.e., object value) in the data packet associated with the pruning request is overwritten with the data value of the stored object and the object metadata of the stored object is adaptively modified.

(2) And if the deletion request is a file deletion operation, deleting the stored object.

(3) And if the deletion request is a metadata modification operation, modifying the object metadata of the stored object.

After the deletion request is completed, the server generates return information and sends the return information to the client so as to inform the client of completing the deletion operation.

S105: execution of the pruning request is denied.

After rejecting to execute the deletion request, the server may return the return information to the client according to the reason for rejecting to execute the deletion request as the return information.

The data protection method for object storage provided by the embodiment of the disclosure presets a storage protection policy of a stored object in a bucket, queries the storage protection policy of the stored object according to a deletion request after receiving the deletion request of the stored object, and refuses to execute the deletion request when the deletion request does not conform to the storage protection policy. According to the scheme, the user is prevented from executing illegal object deletion and modification operation in a precaution mode, and the safety of data storage is guaranteed.

As described above, in some applications of the embodiments of the present disclosure, for a certain stored object, a plurality of storage protection policies may be set, each storage protection policy having a corresponding protection time; in a specific application, the aforementioned storage protection policies may be compatible or contradictory, and to solve this problem, the embodiments of the disclosure may employ the following steps S103A-S103B when performing step S103.

S103A: the most frequent guard time of the guard times of all sub-policies is determined.

It should be noted that the longest protection time in the embodiment of the present disclosure refers to the time after the termination time.

For example, the data storage policy for a bucket includes: a time-based protection sub-policy, the protection time being 3 years from object creation (i.e., protection time period); based on the sub-strategy of the policy, the sub-strategy establishes a list of the objects prohibited from being deleted and modified, and the creation time of the list of the objects prohibited from being deleted and modified is zero score at 1 month and 1 zero hour of 2020.

After a deletion request for a certain stored object is acquired, the creation time of the stored object is determined to be zero point when the creation time is 2016, 1 month and 1 day zero, and the created object is located in the deletion-prohibited object list. If the current time is 2021, 4 months and 23 days, according to the protection sub-strategy based on time, the deletion request of the stored object conforms to the storage protection strategy; if the stored object is subject to a policy-based sub-policy, the pruning request for the stored object does not comply with the storage protection policy. In the embodiment of the present disclosure, in order to ensure the security of data storage, a sub-policy with the longest protection time is selected, that is, the sub-policy based on a policy is used as the sub-policy of practical application, and the protection time corresponding to the sub-policy is the longest protection time.

S103B: and judging whether the time of receiving the deletion request is within the most common protection time.

By adopting the method for determining whether the deletion request is in compliance in the foregoing steps S103A and S103B, in the case of conflict of protection time in a plurality of sub-policies, the sub-policy with the most common protection time is determined to determine whether the deletion request is in compliance, so as to avoid causing abnormal deletion of the stored object and improve data security, taking data security as a first consideration.

In other applications of the embodiment of the present disclosure, in the case that the storage protection policy has a plurality of sub-policies, priorities of the plurality of sub-policies may be further set, and the sub-policy with the highest priority is selected to determine whether the deletion request is compliant.

In a specific embodiment of the present disclosure, each sub-policy is provided with a validity period, and before the foregoing step S103, the following step S106 may be further performed.

S106: and determining and deleting the sub-strategies which are failed according to the validity period of each sub-strategy.

By deleting the sub-strategy which is already invalid, the judgment steps when the data protection is executed again can be reduced, and the subsequent judgment execution efficiency is improved.

In some embodiments of the present disclosure, in addition to the aforementioned storage protection policy, the stored object may be configured with a lifecycle management policy, which is used for storage management of the stored object in the bucket.

In some embodiments, the lifecycle pipeline policy comprises a deletion policy, the deletion policy being to delete the stored object after the storage duration of the stored object reaches the first storage duration; the foregoing deletion policy may or may not be compatible with the storage protection policy, which may cause unreasonable deletion of stored objects if directly executed.

Fig. 3 is a partial flowchart of a data protection method for object storage according to an embodiment of the present disclosure. As shown in fig. 3, to avoid unreasonable deletion of stored objects. The data protection method for object storage provided by the embodiment of the disclosure may further include steps S106-S110.

S106: judging whether the storage duration of the stored object reaches a first storage duration or not; if yes, go to step S107.

In the embodiment of the disclosure, the server periodically scans the object metadata of the object in the bucket, and determines whether the storage duration of the object reaches the first storage duration according to the current time of the setup time in the object metadata.

S107: an expiration time point is obtained.

In the embodiment of the present disclosure, the expiration time point is a time point when the stored object storage duration reaches the first storage duration.

S108: judging whether the expiration time point is within the protection time or not; if yes, executing S109; if not, go to S110.

S109: deletion of stored objects is prohibited.

S110: the stored object is deleted.

If the expiration time point is within the protection time, the deletion strategy and the security protection strategy conflict; for data security, no deletion policy is implemented, i.e. deletion of stored objects is prohibited.

In the specific application of the embodiment of the present disclosure, if the deletion policy does not conflict with the storage protection policy, the server executes the deletion policy and then generates a return prompt message; and if the deletion strategy conflicts with the storage protection strategy, the server refuses to execute the deletion strategy and returns the refusal reason to the client.

In some applications in embodiments of the present disclosure, the lifecycle management policy further includes a policy for low frequency storage or a policy for archival storage; the strategy of low-frequency storage is to convert an object adopting standard storage into an object adopting low-frequency storage; the strategy of archival storage is to convert low frequency or standard storage objects into offline cold data storage.

In order to execute the low-frequency storage strategy or the filing storage strategy, the stored object is also provided with a second storage duration, and the second storage duration is shorter than the first storage duration.

FIG. 4 is a partial flow chart of a data protection method for an object store provided by an embodiment of the present disclosure; as shown in fig. 4, the data protection method for object storage provided by the present disclosure may further include steps S111-S112.

S111: judging whether the storage duration of the stored object reaches the second storage duration and does not reach the first storage duration; if yes, go to step S112.

S111: and carrying out low-frequency storage or archival storage on the stored objects.

In practical application, the low-frequency storage and the archival storage only change the storage mode of the object, and do not change the data content of the object, so that the low-frequency storage and the archival storage do not conflict with the storage protection policy, and therefore the low-frequency storage or the archival storage can be directly performed on the stored object.

The following description will be made in conjunction with a specific application to comprehensively describe the object storage protection method provided by the embodiment of the present disclosure. In one application of the present disclosure, a user configures a plurality of data protection policies for a bucket, the data protection policies including time-based protection policies and data compliance-based protection policies. The state of the time-based protection strategy is effective, and the rule creation time is zero point at 1 month and 1 zero hour in 2019; the data compliance based protection policy state is also valid, with a creation time of zero minutes at 1 month 1 time zero 2020. Because of the multiple storage protection policies, the priority of the longer data protection time rule is better than the priority of the shorter time. At this time, the data in the bucket is protected by adopting a protection strategy based on data compliance.

Meanwhile, the storage bucket is configured with a life cycle management strategy, the creation time of the life cycle management strategy is zero-point and zero-point in 1 month and 1 day in 2018, and the rule content is as follows: for all objects in the storage bucket, designating 1 year as low-frequency storage duration, 2 years as filing storage duration and 3 years as deletion duration; that is, after an object is stored in a bucket, 1 year is converted into low frequency storage, 2 years is converted into archival storage, and 3 years is spent deleting the object.

After receiving an operation request sent by a user side, the server firstly judges the type of the operation request, and if the operation request is the operation request for the storage bucket, whether corresponding operation can be executed is judged according to corresponding rules; if the operation is the rewriting operation of the object, the data protection strategy of the object is inquired if the operation is the rewriting operation of the object, the data protection strategy of the object is determined to be a protection strategy based on the compliance according to the configuration rule of the data protection strategy, the rewriting operation of the object is prohibited, and therefore the rewriting operation is refused to be executed.

For example, after an object is uploaded on 1/2/2018, the object is not rewritten, it can be determined that the object is converted into low-frequency storage on 1/2/2019, the object is converted into archive storage on 1/2/2020, and the object is converted into deletion from archive storage on 1/2/2021; however, since the data protection policy of the object is a protection policy based on data compliance, deletion of data is prohibited, and thus, a deletion operation of data is not performed on 1, 2 and 2021, but the object is retained.

In addition to providing the foregoing data protection method for object storage, an embodiment of the present disclosure also provides a data protection device for object storage.

FIG. 5 is a schematic structural diagram of a data protection apparatus for object storage according to an embodiment of the present disclosure; as shown in fig. 5, the data protection apparatus of the object storage includes an operation determination unit 11, a policy inquiry unit 12, a compliance judgment unit 13, and an execution unit 14.

The operation determining unit 11 is configured to determine whether the received operation request is a deletion request for the stored object; the policy query unit 12 is configured to query a storage protection policy of the stored object if the operation request is a deletion request for the stored object; the compliance judging unit 13 is configured to judge whether the deletion request conforms to the storage protection policy; the execution unit 14 is configured to reject to execute the pruning request in case the pruning request does not comply with the storage protection policy.

In some embodiments of the present disclosure, the storage protection policy includes a protection time of the stored object; the compliance judging unit 13 determines that the falsification request does not comply with the storage protection policy in a case where it is judged that the time point at which the falsification request is received is within the protection time.

In some embodiments of the present disclosure, the storage protection policy comprises a plurality of sub-policies, each sub-policy comprising a protection time of a stored object; the compliance judging unit 13 includes a longest time determining subunit and a compliance judging subunit. The longest time determining subunit is used for determining the most frequent protection time in the protection times of all the sub-strategies; and the compliance judgment subunit is used for determining that the deletion request does not conform to the storage protection strategy under the condition that the time of receiving the deletion request is judged to be within the most common protection time.

In some embodiments of the present disclosure, the data protection apparatus for object storage further includes a sub-policy deletion unit; and the sub-strategy deleting unit is used for determining and deleting the sub-strategies which are failed according to the valid period of each sub-strategy.

In some embodiments of the present disclosure, the stored object is provided with a first storage duration; the device still includes: the expiration time calculating unit is used for acquiring an expiration time point under the condition that the storage time length of the stored object reaches the first storage time length; the compliance judging unit 13 is further configured to judge whether the expiration time point is within the protection time; the execution unit 14 is further configured to prohibit deletion of the stored object if the expiration time point is within the protection time; and deleting the stored object if the expiration time point exceeds the protection time.

In some embodiments of the present disclosure, the stored object is provided with a second storage duration, the second storage duration being less than the first storage duration; the device further comprises a transfer unit, wherein the transfer unit is used for carrying out low-frequency storage or filing storage on the stored object under the condition that the storage duration of the stored object reaches the second storage duration and does not reach the first storage duration.

The embodiment of the present disclosure further provides a computer device, which includes a processor and a memory, where the memory stores a computer program, and when the computer program is executed by the processor, the data synchronization method of any of the above embodiments can be implemented.

For example, fig. 6 is a schematic structural diagram of a computer device provided in an embodiment of the present disclosure. Referring now in particular to fig. 6, there is shown a schematic block diagram of a computer device 600 suitable for use in implementing embodiments of the present disclosure. The computer device shown in fig. 6 is only an example and should not bring any limitation to the function and scope of use of the embodiments of the present disclosure.

As shown in fig. 6, the computer device 600 may include a processing means (e.g., a central processing unit, a graphics processor, etc.) 601 that may perform various appropriate actions and processes in accordance with a program stored in a read only memory ROM602 or a program loaded from a storage means 608 into a random access memory RAM 603. In the RAM603, various programs and data necessary for the operation of the computer apparatus 600 are also stored. The processing device 601, the ROM602, and the RAM603 are connected to each other via a bus 604. An input/output I/O interface 605 is also connected to bus 604.

Generally, the following devices may be connected to the I/O interface 605: input devices 606 including, for example, a touch screen, touch pad, keyboard, mouse, camera, microphone, accelerometer, gyroscope, etc.; output devices 607 including, for example, a Liquid Crystal Display (LCD), a speaker, a vibrator, and the like; storage 608 including, for example, tape, hard disk, etc.; and a communication device 609. The communication means 609 may allow the computer device 600 to communicate with other devices wirelessly or by wire to exchange data. While fig. 6 illustrates a computer device 600 having various means, it is to be understood that not all illustrated means are required to be implemented or provided. More or fewer devices may alternatively be implemented or provided.

In particular, according to an embodiment of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program carried on a non-transitory computer readable medium, the computer program containing program code for performing the method illustrated by the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network via the communication means 609, or may be installed from the storage means 608, or may be installed from the ROM 602. The computer program, when executed by the processing device 601, performs the above-described functions defined in the methods of the embodiments of the present disclosure.

It should be noted that the computer readable medium in the present disclosure can be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In contrast, in the present disclosure, a computer readable signal medium may comprise a propagated data signal with computer readable program code embodied therein, either in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: electrical wires, optical cables, RF (radio frequency), etc., or any suitable combination of the foregoing.

In some embodiments, the clients, servers may communicate using any currently known or future developed network Protocol, such as HTTP (HyperText Transfer Protocol), and may interconnect with any form or medium of digital data communication (e.g., a communications network). Examples of communication networks include a local area network ("LAN"), a wide area network ("WAN"), the Internet (e.g., the Internet), and peer-to-peer networks (e.g., ad hoc peer-to-peer networks), as well as any currently known or future developed network.

The computer readable medium may be embodied in the computer device; or may exist separately and not be incorporated into the computer device.

The computer readable medium carries one or more programs which, when executed by the computing device, cause the computing device to: judging whether the received operation request is a deletion request for the stored object; if the operation request is a deletion request for the stored object, inquiring a storage protection strategy of the stored object; judging whether the deletion request conforms to the storage protection strategy; and if the deletion request does not accord with the storage protection strategy, refusing to execute the deletion request.

Computer program code for carrying out operations for the present disclosure may be written in any combination of one or more programming languages, including but not limited to an object oriented programming language such as Java, Smalltalk, C + +, and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).

The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems that perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.

The units described in the embodiments of the present disclosure may be implemented by software or hardware. Where the name of an element does not in some cases constitute a limitation on the element itself.

The functions described herein above may be performed, at least in part, by one or more hardware logic components. For example, without limitation, exemplary types of hardware logic components that may be used include: field Programmable Gate Arrays (FPGAs), Application Specific Integrated Circuits (ASICs), Application Specific Standard Products (ASSPs), systems on a chip (SOCs), Complex Programmable Logic Devices (CPLDs), and the like.

In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. A machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection according to one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.

The embodiments of the present disclosure also provide a computer-readable storage medium, where a computer program is stored in the storage medium, and when the computer program is executed by a processor, the method of any of the above method embodiments can be implemented, and the execution manner and the beneficial effect are similar, and are not described herein again.

It is noted that, in this document, relational terms such as "first" and "second," and the like, may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.

The foregoing are merely exemplary embodiments of the present disclosure, which enable those skilled in the art to understand or practice the present disclosure. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the disclosure. Thus, the present disclosure is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.