Disallow delete replication for tag based rules (#14167)

This commit is contained in:
Poorna 2022-01-24 15:22:20 -08:00 committed by GitHub
parent 5a9f133491
commit 295730408b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 0 deletions

View File

@ -178,6 +178,8 @@ When an object is deleted from the source bucket, the corresponding replica vers
Note that due to this extension behavior, AWS SDK's may not support the extension functionality pertaining to replicating versioned deletes.
Note that just like with [AWS](https://docs.aws.amazon.com/AmazonS3/latest/userguide/delete-marker-replication.html), Delete marker replication is disallowed in MinIO when the replication rule has tags.
To add a replication rule allowing both delete marker replication, versioned delete replication or both specify the --replicate flag with comma separated values as in the example below.
Additional permission of "s3:ReplicateDelete" action would need to be specified on the access key configured for the target cluster if Delete Marker replication or versioned delete replication is enabled.

View File

@ -153,6 +153,7 @@ var (
errDeleteReplicationMissing = Errorf("Delete replication must be specified")
errInvalidDeleteReplicationStatus = Errorf("Delete replication is either enable|disable")
errInvalidExistingObjectReplicationStatus = Errorf("Existing object replication status is invalid")
errTagsDeleteMarkerReplicationDisallowed = Errorf("Delete marker replication is not supported if any Tag filter is specified")
)
// validateID - checks if ID is valid or not.
@ -239,6 +240,9 @@ func (r Rule) Validate(bucket string, sameTarget bool) error {
if r.Destination.Bucket == bucket && sameTarget {
return errDestinationSourceIdentical
}
if !r.Filter.Tag.IsEmpty() && (r.DeleteMarkerReplication.Status == Enabled) {
return errTagsDeleteMarkerReplicationDisallowed
}
return r.ExistingObjectReplication.Validate()
}