oyd
/
minio
6
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

lifecycle: Disallow delete when the object is locked (#9272)

Browse Source
master
Anis Elleuch 5 years ago committed by GitHub
parent 6bb693488c
commit 1b45be0d60
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 32 additions and 1 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 11
      cmd/daily-lifecycle-ops.go
  2. 22
      cmd/object-lock.go

11
cmd/daily-lifecycle-ops.go
Unescape View File

@ -51,6 +51,11 @@ func startDailyLifecycle(ctx context.Context, objAPI ObjectLayer) {
} }
func lifecycleRound(ctx context.Context, objAPI ObjectLayer) error { func lifecycleRound(ctx context.Context, objAPI ObjectLayer) error {
// No action is expected when WORM is enabled
if globalWORMEnabled {
return nil
}
buckets, err := objAPI.ListBuckets(ctx) buckets, err := objAPI.ListBuckets(ctx)
if err != nil { if err != nil {
return err return err
@ -63,6 +68,8 @@ func lifecycleRound(ctx context.Context, objAPI ObjectLayer) error {
continue continue
} }
_, bucketHasLockConfig := globalBucketObjectLockConfig.Get(bucket.Name)
// Calculate the common prefix of all lifecycle rules // Calculate the common prefix of all lifecycle rules
var prefixes []string var prefixes []string
for _, rule := range l.Rules { for _, rule := range l.Rules {
@ -85,9 +92,11 @@ func lifecycleRound(ctx context.Context, objAPI ObjectLayer) error {
// Reached maximum delete requests, attempt a delete for now. // Reached maximum delete requests, attempt a delete for now.
break break
} }
// Find the action that need to be executed // Find the action that need to be executed
if l.ComputeAction(obj.Name, obj.UserTags, obj.ModTime) == lifecycle.DeleteAction { if l.ComputeAction(obj.Name, obj.UserTags, obj.ModTime) == lifecycle.DeleteAction {
if bucketHasLockConfig && enforceRetentionForLifecycle(ctx, obj) {
continue
}
objects = append(objects, obj.Name) objects = append(objects, obj.Name)
} }
} }

22
cmd/object-lock.go
Unescape View File

@ -98,6 +98,28 @@ func enforceRetentionBypassForDeleteWeb(ctx context.Context, r *http.Request, bu
return ErrNone return ErrNone
} }
// enforceRetentionForLifecycle checks if it is appropriate to remove an
// object according to locking configuration when this is lifecycle asking.
func enforceRetentionForLifecycle(ctx context.Context, objInfo ObjectInfo) (locked bool) {
lhold := objectlock.GetObjectLegalHoldMeta(objInfo.UserDefined)
if lhold.Status.Valid() && lhold.Status == objectlock.LegalHoldOn {
return true
}
ret := objectlock.GetObjectRetentionMeta(objInfo.UserDefined)
if ret.Mode.Valid() && (ret.Mode == objectlock.RetCompliance || ret.Mode == objectlock.RetGovernance) {
t, err := objectlock.UTCNowNTP()
if err != nil {
logger.LogIf(ctx, err)
return true
}
if ret.RetainUntilDate.After(t) {
return true
}
}
return false
}
// enforceRetentionBypassForDelete enforces whether an existing object under governance can be deleted // enforceRetentionBypassForDelete enforces whether an existing object under governance can be deleted
// with governance bypass headers set in the request. // with governance bypass headers set in the request.
// Objects under site wide WORM can never be overwritten. // Objects under site wide WORM can never be overwritten.

Write Preview
Loading…
Cancel
Save