mirror of
https://github.com/minio/minio.git
synced 2025-07-08 08:32:18 -04:00
Add tags to NewerNoncurrentVersions audit event (#17110)
This commit is contained in:
Krishnan Parthasarathi
GitHub
parent
4640b13c66
commit
0ec722bc54
@ -131,11 +131,11 @@ func (es *expiryState) enqueueByDays(oi ObjectInfo, event lifecycle.Event) {
|
|||||||
|
|
||||||
// enqueueByNewerNoncurrent enqueues object versions expired by
|
// enqueueByNewerNoncurrent enqueues object versions expired by
|
||||||
// NewerNoncurrentVersions limit for expiry.
|
// NewerNoncurrentVersions limit for expiry.
|
||||||
func (es *expiryState) enqueueByNewerNoncurrent(bucket string, versions []ObjectToDelete) {
|
func (es *expiryState) enqueueByNewerNoncurrent(bucket string, versions []ObjectToDelete, lcEvent lifecycle.Event) {
|
||||||
select {
|
select {
|
||||||
case <-GlobalContext.Done():
|
case <-GlobalContext.Done():
|
||||||
es.close()
|
es.close()
|
||||||
case es.byNewerNoncurrentCh <- newerNoncurrentTask{bucket: bucket, versions: versions}:
|
case es.byNewerNoncurrentCh <- newerNoncurrentTask{bucket: bucket, versions: versions, event: lcEvent}:
|
||||||
default:
|
default:
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -183,7 +183,7 @@ func initBackgroundExpiry(ctx context.Context, objectAPI ObjectLayer) {
|
|||||||
nwk.Take()
|
nwk.Take()
|
||||||
go func(t newerNoncurrentTask) {
|
go func(t newerNoncurrentTask) {
|
||||||
defer nwk.Give()
|
defer nwk.Give()
|
||||||
deleteObjectVersions(ctx, objectAPI, t.bucket, t.versions)
|
deleteObjectVersions(ctx, objectAPI, t.bucket, t.versions, t.event)
|
||||||
}(t)
|
}(t)
|
||||||
}
|
}
|
||||||
nwk.Wait()
|
nwk.Wait()
|
||||||
@ -195,6 +195,7 @@ func initBackgroundExpiry(ctx context.Context, objectAPI ObjectLayer) {
|
|||||||
type newerNoncurrentTask struct {
|
type newerNoncurrentTask struct {
|
||||||
bucket string
|
bucket string
|
||||||
versions []ObjectToDelete
|
versions []ObjectToDelete
|
||||||
|
event lifecycle.Event
|
||||||
}
|
}
|
||||||
|
|
||||||
type transitionTask struct {
|
type transitionTask struct {
|
||||||
@ -872,13 +873,28 @@ func auditLifecycleTags(event lifecycle.Event) map[string]interface{} {
|
|||||||
ilmDue = "ilm-due"
|
ilmDue = "ilm-due"
|
||||||
ilmRuleID = "ilm-rule-id"
|
ilmRuleID = "ilm-rule-id"
|
||||||
ilmTier = "ilm-tier"
|
ilmTier = "ilm-tier"
|
||||||
|
ilmNewerNoncurrentVersions = "ilm-newer-noncurrent-versions"
|
||||||
|
ilmNoncurrentDays = "ilm-noncurrent-days"
|
||||||
)
|
)
|
||||||
tags := make(map[string]interface{}, 4)
|
tags := make(map[string]interface{}, 4)
|
||||||
tags[ilmAction] = event.Action.String()
|
tags[ilmAction] = event.Action.String()
|
||||||
tags[ilmDue] = event.Due
|
|
||||||
tags[ilmRuleID] = event.RuleID
|
tags[ilmRuleID] = event.RuleID
|
||||||
|
|
||||||
|
if !event.Due.IsZero() {
|
||||||
|
tags[ilmDue] = event.Due
|
||||||
|
}
|
||||||
|
|
||||||
|
// rule with Transition/NoncurrentVersionTransition in effect
|
||||||
if event.StorageClass != "" {
|
if event.StorageClass != "" {
|
||||||
tags[ilmTier] = event.StorageClass
|
tags[ilmTier] = event.StorageClass
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// rule with NewernoncurrentVersions in effect
|
||||||
|
if event.NewerNoncurrentVersions > 0 {
|
||||||
|
tags[ilmNewerNoncurrentVersions] = event.NewerNoncurrentVersions
|
||||||
|
}
|
||||||
|
if event.NoncurrentDays > 0 {
|
||||||
|
tags[ilmNoncurrentDays] = event.NoncurrentDays
|
||||||
|
}
|
||||||
return tags
|
return tags
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1011,7 +1011,8 @@ func (i *scannerItem) applyNewerNoncurrentVersionLimit(ctx context.Context, _ Ob
|
|||||||
return objectInfos, nil
|
return objectInfos, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
_, days, lim := i.lifeCycle.NoncurrentVersionsExpirationLimit(lifecycle.ObjectOpts{Name: i.objectPath()})
|
event := i.lifeCycle.NoncurrentVersionsExpirationLimit(lifecycle.ObjectOpts{Name: i.objectPath()})
|
||||||
|
lim := event.NewerNoncurrentVersions
|
||||||
if lim == 0 || len(fivs) <= lim+1 { // fewer than lim _noncurrent_ versions
|
if lim == 0 || len(fivs) <= lim+1 { // fewer than lim _noncurrent_ versions
|
||||||
for _, fi := range fivs {
|
for _, fi := range fivs {
|
||||||
objectInfos = append(objectInfos, fi.ToObjectInfo(i.bucket, i.objectPath(), versioned))
|
objectInfos = append(objectInfos, fi.ToObjectInfo(i.bucket, i.objectPath(), versioned))
|
||||||
@ -1040,7 +1041,7 @@ func (i *scannerItem) applyNewerNoncurrentVersionLimit(ctx context.Context, _ Ob
|
|||||||
}
|
}
|
||||||
|
|
||||||
// NoncurrentDays not passed yet.
|
// NoncurrentDays not passed yet.
|
||||||
if time.Now().UTC().Before(lifecycle.ExpectedExpiryTime(obj.SuccessorModTime, days)) {
|
if time.Now().UTC().Before(lifecycle.ExpectedExpiryTime(obj.SuccessorModTime, event.NoncurrentDays)) {
|
||||||
// add this version back to remaining versions for
|
// add this version back to remaining versions for
|
||||||
// subsequent lifecycle policy applications
|
// subsequent lifecycle policy applications
|
||||||
fivs = append(fivs, fi)
|
fivs = append(fivs, fi)
|
||||||
@ -1055,7 +1056,7 @@ func (i *scannerItem) applyNewerNoncurrentVersionLimit(ctx context.Context, _ Ob
|
|||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
globalExpiryState.enqueueByNewerNoncurrent(i.bucket, toDel)
|
globalExpiryState.enqueueByNewerNoncurrent(i.bucket, toDel, event)
|
||||||
return objectInfos, nil
|
return objectInfos, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -25,6 +25,7 @@ import (
|
|||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/minio/minio/internal/amztime"
|
"github.com/minio/minio/internal/amztime"
|
||||||
|
"github.com/minio/minio/internal/bucket/lifecycle"
|
||||||
"github.com/minio/minio/internal/event"
|
"github.com/minio/minio/internal/event"
|
||||||
"github.com/minio/minio/internal/hash"
|
"github.com/minio/minio/internal/hash"
|
||||||
xhttp "github.com/minio/minio/internal/http"
|
xhttp "github.com/minio/minio/internal/http"
|
||||||
@ -343,7 +344,7 @@ func setPutObjHeaders(w http.ResponseWriter, objInfo ObjectInfo, delete bool) {
|
|||||||
hash.AddChecksumHeader(w, objInfo.decryptChecksums(0))
|
hash.AddChecksumHeader(w, objInfo.decryptChecksums(0))
|
||||||
}
|
}
|
||||||
|
|
||||||
func deleteObjectVersions(ctx context.Context, o ObjectLayer, bucket string, toDel []ObjectToDelete) {
|
func deleteObjectVersions(ctx context.Context, o ObjectLayer, bucket string, toDel []ObjectToDelete, lcEvent lifecycle.Event) {
|
||||||
for remaining := toDel; len(remaining) > 0; toDel = remaining {
|
for remaining := toDel; len(remaining) > 0; toDel = remaining {
|
||||||
if len(toDel) > maxDeleteList {
|
if len(toDel) > maxDeleteList {
|
||||||
remaining = toDel[maxDeleteList:]
|
remaining = toDel[maxDeleteList:]
|
||||||
@ -373,8 +374,8 @@ func deleteObjectVersions(ctx context.Context, o ObjectLayer, bucket string, toD
|
|||||||
VersionID: dobj.VersionID,
|
VersionID: dobj.VersionID,
|
||||||
}
|
}
|
||||||
traceFn := globalLifecycleSys.trace(oi)
|
traceFn := globalLifecycleSys.trace(oi)
|
||||||
tags := make(map[string]interface{}, 1)
|
tags := auditLifecycleTags(lcEvent)
|
||||||
tags["newer-noncurrent-versions"] = true
|
|
||||||
// Send audit for the lifecycle delete operation
|
// Send audit for the lifecycle delete operation
|
||||||
auditLogLifecycle(
|
auditLogLifecycle(
|
||||||
ctx,
|
ctx,
|
||||||
|
|||||||
@ -290,6 +290,8 @@ type Event struct {
|
|||||||
Action Action
|
Action Action
|
||||||
RuleID string
|
RuleID string
|
||||||
Due time.Time
|
Due time.Time
|
||||||
|
NoncurrentDays int
|
||||||
|
NewerNoncurrentVersions int
|
||||||
StorageClass string
|
StorageClass string
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -480,15 +482,17 @@ func (lc Lifecycle) SetPredictionHeaders(w http.ResponseWriter, obj ObjectOpts)
|
|||||||
|
|
||||||
// NoncurrentVersionsExpirationLimit returns the number of noncurrent versions
|
// NoncurrentVersionsExpirationLimit returns the number of noncurrent versions
|
||||||
// to be retained from the first applicable rule per S3 behavior.
|
// to be retained from the first applicable rule per S3 behavior.
|
||||||
func (lc Lifecycle) NoncurrentVersionsExpirationLimit(obj ObjectOpts) (string, int, int) {
|
func (lc Lifecycle) NoncurrentVersionsExpirationLimit(obj ObjectOpts) Event {
|
||||||
var lim int
|
|
||||||
var days int
|
|
||||||
var ruleID string
|
|
||||||
for _, rule := range lc.FilterRules(obj) {
|
for _, rule := range lc.FilterRules(obj) {
|
||||||
if rule.NoncurrentVersionExpiration.NewerNoncurrentVersions == 0 {
|
if rule.NoncurrentVersionExpiration.NewerNoncurrentVersions == 0 {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
return rule.ID, int(rule.NoncurrentVersionExpiration.NoncurrentDays), rule.NoncurrentVersionExpiration.NewerNoncurrentVersions
|
return Event{
|
||||||
|
Action: DeleteVersionAction,
|
||||||
|
RuleID: rule.ID,
|
||||||
|
NoncurrentDays: int(rule.NoncurrentVersionExpiration.NoncurrentDays),
|
||||||
|
NewerNoncurrentVersions: rule.NoncurrentVersionExpiration.NewerNoncurrentVersions,
|
||||||
}
|
}
|
||||||
return ruleID, days, lim
|
}
|
||||||
|
return Event{}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -854,8 +854,8 @@ func TestNoncurrentVersionsLimit(t *testing.T) {
|
|||||||
lc := Lifecycle{
|
lc := Lifecycle{
|
||||||
Rules: rules,
|
Rules: rules,
|
||||||
}
|
}
|
||||||
if ruleID, days, lim := lc.NoncurrentVersionsExpirationLimit(ObjectOpts{Name: "obj"}); ruleID != "1" || days != 1 || lim != 1 {
|
if event := lc.NoncurrentVersionsExpirationLimit(ObjectOpts{Name: "obj"}); event.RuleID != "1" || event.NoncurrentDays != 1 || event.NewerNoncurrentVersions != 1 {
|
||||||
t.Fatalf("Expected (ruleID, days, lim) to be (\"1\", 1, 1) but got (%s, %d, %d)", ruleID, days, lim)
|
t.Fatalf("Expected (ruleID, days, lim) to be (\"1\", 1, 1) but got (%s, %d, %d)", event.RuleID, event.NoncurrentDays, event.NewerNoncurrentVersions)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user