Tighten enforcement of object retention (#14993)

Ref issue#14991 - in the rare case that object in bucket under
retention has null version, make sure to enforce retention
rules.
This commit is contained in:
Poorna 2022-05-28 02:21:19 -07:00 committed by GitHub
parent ccbf65c8e8
commit 5e3010d455
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 11 additions and 13 deletions

View File

@ -527,7 +527,7 @@ func (api objectAPIHandlers) DeleteMultipleObjectsHandler(w http.ResponseWriter,
VersionSuspended: vc.Suspended(), VersionSuspended: vc.Suspended(),
} }
if replicateDeletes || object.VersionID != "" && hasLockEnabled || !globalTierConfigMgr.Empty() { if replicateDeletes || hasLockEnabled || !globalTierConfigMgr.Empty() {
if !globalTierConfigMgr.Empty() && object.VersionID == "" && opts.VersionSuspended { if !globalTierConfigMgr.Empty() && object.VersionID == "" && opts.VersionSuspended {
opts.VersionID = nullVersionID opts.VersionID = nullVersionID
} }
@ -556,7 +556,7 @@ func (api objectAPIHandlers) DeleteMultipleObjectsHandler(w http.ResponseWriter,
object.ReplicateDecisionStr = dsc.String() object.ReplicateDecisionStr = dsc.String()
} }
} }
if object.VersionID != "" && hasLockEnabled { if hasLockEnabled {
if apiErrCode := enforceRetentionBypassForDelete(ctx, r, bucket, object, goi, gerr); apiErrCode != ErrNone { if apiErrCode := enforceRetentionBypassForDelete(ctx, r, bucket, object, goi, gerr); apiErrCode != ErrNone {
apiErr := errorCodes.ToAPIErr(apiErrCode) apiErr := errorCodes.ToAPIErr(apiErrCode)
deleteResults[index].errInfo = DeleteError{ deleteResults[index].errInfo = DeleteError{

View File

@ -3453,17 +3453,15 @@ func (api objectAPIHandlers) DeleteObjectHandler(w http.ResponseWriter, r *http.
writeErrorResponse(ctx, w, toAPIError(ctx, errors.New("force-delete is forbidden in a locked-enabled bucket")), r.URL) writeErrorResponse(ctx, w, toAPIError(ctx, errors.New("force-delete is forbidden in a locked-enabled bucket")), r.URL)
return return
} }
if vID != "" { apiErr = enforceRetentionBypassForDelete(ctx, r, bucket, ObjectToDelete{
apiErr = enforceRetentionBypassForDelete(ctx, r, bucket, ObjectToDelete{ ObjectV: ObjectV{
ObjectV: ObjectV{ ObjectName: object,
ObjectName: object, VersionID: vID,
VersionID: vID, },
}, }, goi, gerr)
}, goi, gerr) if apiErr != ErrNone && apiErr != ErrNoSuchKey {
if apiErr != ErrNone && apiErr != ErrNoSuchKey { writeErrorResponse(ctx, w, errorCodes.ToAPIErr(apiErr), r.URL)
writeErrorResponse(ctx, w, errorCodes.ToAPIErr(apiErr), r.URL) return
return
}
} }
} }