Fix bug preventing overwrite of object if (#8796)

object lock config is enabled for a bucket.

Creating a bucket with object lock configuration
enabled does not automatically cause WORM protection
to be applied. PUT operation needs to specifically
request object locking or bucket has to have default
retention settings configured.

Fixes regression introduced in #8657
master
poornas 5 years ago committed by Harshavardhana
parent 37b32199e3
commit 30922148fb
  1. 2
      cmd/fs-v1-multipart.go
  2. 2
      cmd/fs-v1.go
  3. 2
      cmd/object-handlers.go
  4. 5
      cmd/object-lock.go
  5. 9
      cmd/utils.go
  6. 2
      cmd/xl-v1-multipart.go
  7. 2
      cmd/xl-v1-object.go

@ -683,7 +683,7 @@ func (fs *FSObjects) CompleteMultipartUpload(ctx context.Context, bucket string,
} }
// Deny if WORM is enabled // Deny if WORM is enabled
if _, ok := isWORMEnabled(bucket); ok { if isWORMEnabled(bucket) {
if _, err := fsStatFile(ctx, pathJoin(fs.fsPath, bucket, object)); err == nil { if _, err := fsStatFile(ctx, pathJoin(fs.fsPath, bucket, object)); err == nil {
return ObjectInfo{}, ObjectAlreadyExists{Bucket: bucket, Object: object} return ObjectInfo{}, ObjectAlreadyExists{Bucket: bucket, Object: object}
} }

@ -1032,7 +1032,7 @@ func (fs *FSObjects) putObject(ctx context.Context, bucket string, object string
// Entire object was written to the temp location, now it's safe to rename it to the actual location. // Entire object was written to the temp location, now it's safe to rename it to the actual location.
fsNSObjPath := pathJoin(fs.fsPath, bucket, object) fsNSObjPath := pathJoin(fs.fsPath, bucket, object)
// Deny if WORM is enabled // Deny if WORM is enabled
if _, ok := isWORMEnabled(bucket); ok { if isWORMEnabled(bucket) {
if _, err := fsStatFile(ctx, fsNSObjPath); err == nil { if _, err := fsStatFile(ctx, fsNSObjPath); err == nil {
return ObjectInfo{}, ObjectAlreadyExists{Bucket: bucket, Object: object} return ObjectInfo{}, ObjectAlreadyExists{Bucket: bucket, Object: object}
} }

@ -2563,7 +2563,7 @@ func (api objectAPIHandlers) PutObjectRetentionHandler(w http.ResponseWriter, r
writeErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrInvalidDigest), r.URL, guessIsBrowserReq(r)) writeErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrInvalidDigest), r.URL, guessIsBrowserReq(r))
return return
} }
if _, isWORMBucket := isWORMEnabled(bucket); !isWORMBucket { if _, ok := globalBucketObjectLockConfig.Get(bucket); !ok {
writeErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrInvalidBucketObjectLockConfiguration), r.URL, guessIsBrowserReq(r)) writeErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrInvalidBucketObjectLockConfiguration), r.URL, guessIsBrowserReq(r))
return return
} }

@ -477,8 +477,7 @@ func enforceRetentionBypassForPut(ctx context.Context, r *http.Request, bucket,
ret := getObjectRetentionMeta(oi.UserDefined) ret := getObjectRetentionMeta(oi.UserDefined)
// no retention metadata on object // no retention metadata on object
if ret.Mode == Invalid { if ret.Mode == Invalid {
_, isWORMBucket := isWORMEnabled(bucket) if _, isWORMBucket := globalBucketObjectLockConfig.Get(bucket); !isWORMBucket {
if !isWORMBucket {
return oi, ErrInvalidBucketObjectLockConfiguration return oi, ErrInvalidBucketObjectLockConfiguration
} }
return oi, ErrNone return oi, ErrNone
@ -527,7 +526,7 @@ func checkPutObjectRetentionAllowed(ctx context.Context, r *http.Request, bucket
var mode RetentionMode var mode RetentionMode
var retainDate RetentionDate var retainDate RetentionDate
retention, isWORMBucket := isWORMEnabled(bucket) retention, isWORMBucket := globalBucketObjectLockConfig.Get(bucket)
retentionRequested := isObjectLockRequested(r.Header) retentionRequested := isObjectLockRequested(r.Header)

@ -579,12 +579,9 @@ func iamPolicyClaimName() string {
return globalOpenIDConfig.ClaimPrefix + globalOpenIDConfig.ClaimName return globalOpenIDConfig.ClaimPrefix + globalOpenIDConfig.ClaimName
} }
func isWORMEnabled(bucket string) (Retention, bool) { func isWORMEnabled(bucket string) bool {
if isMinioMetaBucketName(bucket) { if isMinioMetaBucketName(bucket) {
return Retention{}, false return false
}
if globalWORMEnabled {
return Retention{}, true
} }
return globalBucketObjectLockConfig.Get(bucket) return globalWORMEnabled
} }

@ -708,7 +708,7 @@ func (xl xlObjects) CompleteMultipartUpload(ctx context.Context, bucket string,
if xl.isObject(bucket, object) { if xl.isObject(bucket, object) {
// Deny if WORM is enabled // Deny if WORM is enabled
if _, ok := isWORMEnabled(bucket); ok { if isWORMEnabled(bucket) {
if _, err := xl.getObjectInfo(ctx, bucket, object); err == nil { if _, err := xl.getObjectInfo(ctx, bucket, object); err == nil {
return ObjectInfo{}, ObjectAlreadyExists{Bucket: bucket, Object: object} return ObjectInfo{}, ObjectAlreadyExists{Bucket: bucket, Object: object}
} }

@ -611,7 +611,7 @@ func (xl xlObjects) putObject(ctx context.Context, bucket string, object string,
if xl.isObject(bucket, object) { if xl.isObject(bucket, object) {
// Deny if WORM is enabled // Deny if WORM is enabled
if _, ok := isWORMEnabled(bucket); ok { if isWORMEnabled(bucket) {
if _, err := xl.getObjectInfo(ctx, bucket, object); err == nil { if _, err := xl.getObjectInfo(ctx, bucket, object); err == nil {
return ObjectInfo{}, ObjectAlreadyExists{Bucket: bucket, Object: object} return ObjectInfo{}, ObjectAlreadyExists{Bucket: bucket, Object: object}
} }

Loading…
Cancel
Save