From 295730408b8c6b73f210b8c83ca0109edb308ab0 Mon Sep 17 00:00:00 2001 From: Poorna Date: Mon, 24 Jan 2022 15:22:20 -0800 Subject: [PATCH] Disallow delete replication for tag based rules (#14167) --- docs/bucket/replication/README.md | 2 ++ internal/bucket/replication/rule.go | 4 ++++ 2 files changed, 6 insertions(+) diff --git a/docs/bucket/replication/README.md b/docs/bucket/replication/README.md index a2d05ae02..0ea5cdefe 100644 --- a/docs/bucket/replication/README.md +++ b/docs/bucket/replication/README.md @@ -178,6 +178,8 @@ When an object is deleted from the source bucket, the corresponding replica vers Note that due to this extension behavior, AWS SDK's may not support the extension functionality pertaining to replicating versioned deletes. +Note that just like with [AWS](https://docs.aws.amazon.com/AmazonS3/latest/userguide/delete-marker-replication.html), Delete marker replication is disallowed in MinIO when the replication rule has tags. + To add a replication rule allowing both delete marker replication, versioned delete replication or both specify the --replicate flag with comma separated values as in the example below. Additional permission of "s3:ReplicateDelete" action would need to be specified on the access key configured for the target cluster if Delete Marker replication or versioned delete replication is enabled. diff --git a/internal/bucket/replication/rule.go b/internal/bucket/replication/rule.go index 094448f28..0c6b6bd04 100644 --- a/internal/bucket/replication/rule.go +++ b/internal/bucket/replication/rule.go @@ -153,6 +153,7 @@ var ( errDeleteReplicationMissing = Errorf("Delete replication must be specified") errInvalidDeleteReplicationStatus = Errorf("Delete replication is either enable|disable") errInvalidExistingObjectReplicationStatus = Errorf("Existing object replication status is invalid") + errTagsDeleteMarkerReplicationDisallowed = Errorf("Delete marker replication is not supported if any Tag filter is specified") ) // validateID - checks if ID is valid or not. @@ -239,6 +240,9 @@ func (r Rule) Validate(bucket string, sameTarget bool) error { if r.Destination.Bucket == bucket && sameTarget { return errDestinationSourceIdentical } + if !r.Filter.Tag.IsEmpty() && (r.DeleteMarkerReplication.Status == Enabled) { + return errTagsDeleteMarkerReplicationDisallowed + } return r.ExistingObjectReplication.Validate() }