mirror of
https://github.com/minio/minio.git
synced 2024-12-24 06:05:55 -05:00
lifecycle: Disallow delete when the object is locked (#9272)
This commit is contained in:
parent
6bb693488c
commit
1b45be0d60
@ -51,6 +51,11 @@ func startDailyLifecycle(ctx context.Context, objAPI ObjectLayer) {
|
||||
}
|
||||
|
||||
func lifecycleRound(ctx context.Context, objAPI ObjectLayer) error {
|
||||
// No action is expected when WORM is enabled
|
||||
if globalWORMEnabled {
|
||||
return nil
|
||||
}
|
||||
|
||||
buckets, err := objAPI.ListBuckets(ctx)
|
||||
if err != nil {
|
||||
return err
|
||||
@ -63,6 +68,8 @@ func lifecycleRound(ctx context.Context, objAPI ObjectLayer) error {
|
||||
continue
|
||||
}
|
||||
|
||||
_, bucketHasLockConfig := globalBucketObjectLockConfig.Get(bucket.Name)
|
||||
|
||||
// Calculate the common prefix of all lifecycle rules
|
||||
var prefixes []string
|
||||
for _, rule := range l.Rules {
|
||||
@ -85,9 +92,11 @@ func lifecycleRound(ctx context.Context, objAPI ObjectLayer) error {
|
||||
// Reached maximum delete requests, attempt a delete for now.
|
||||
break
|
||||
}
|
||||
|
||||
// Find the action that need to be executed
|
||||
if l.ComputeAction(obj.Name, obj.UserTags, obj.ModTime) == lifecycle.DeleteAction {
|
||||
if bucketHasLockConfig && enforceRetentionForLifecycle(ctx, obj) {
|
||||
continue
|
||||
}
|
||||
objects = append(objects, obj.Name)
|
||||
}
|
||||
}
|
||||
|
@ -98,6 +98,28 @@ func enforceRetentionBypassForDeleteWeb(ctx context.Context, r *http.Request, bu
|
||||
return ErrNone
|
||||
}
|
||||
|
||||
// enforceRetentionForLifecycle checks if it is appropriate to remove an
|
||||
// object according to locking configuration when this is lifecycle asking.
|
||||
func enforceRetentionForLifecycle(ctx context.Context, objInfo ObjectInfo) (locked bool) {
|
||||
lhold := objectlock.GetObjectLegalHoldMeta(objInfo.UserDefined)
|
||||
if lhold.Status.Valid() && lhold.Status == objectlock.LegalHoldOn {
|
||||
return true
|
||||
}
|
||||
|
||||
ret := objectlock.GetObjectRetentionMeta(objInfo.UserDefined)
|
||||
if ret.Mode.Valid() && (ret.Mode == objectlock.RetCompliance || ret.Mode == objectlock.RetGovernance) {
|
||||
t, err := objectlock.UTCNowNTP()
|
||||
if err != nil {
|
||||
logger.LogIf(ctx, err)
|
||||
return true
|
||||
}
|
||||
if ret.RetainUntilDate.After(t) {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
// enforceRetentionBypassForDelete enforces whether an existing object under governance can be deleted
|
||||
// with governance bypass headers set in the request.
|
||||
// Objects under site wide WORM can never be overwritten.
|
||||
|
Loading…
Reference in New Issue
Block a user