mirror of
https://github.com/minio/minio.git
synced 2024-12-24 22:25:54 -05:00
fix: allow overwriting objects under lock after retention period (#9232)
fixes #9230
This commit is contained in:
parent
7b732b566f
commit
90c365a174
@ -160,7 +160,7 @@ func checkPutObjectLockAllowed(ctx context.Context, r *http.Request, bucket, obj
|
|||||||
var retainDate objectlock.RetentionDate
|
var retainDate objectlock.RetentionDate
|
||||||
var legalHold objectlock.ObjectLegalHold
|
var legalHold objectlock.ObjectLegalHold
|
||||||
|
|
||||||
retention, isWORMBucket := globalBucketObjectLockConfig.Get(bucket)
|
retentionCfg, isWORMBucket := globalBucketObjectLockConfig.Get(bucket)
|
||||||
|
|
||||||
retentionRequested := objectlock.IsObjectLockRetentionRequested(r.Header)
|
retentionRequested := objectlock.IsObjectLockRetentionRequested(r.Header)
|
||||||
legalHoldRequested := objectlock.IsObjectLockLegalHoldRequested(r.Header)
|
legalHoldRequested := objectlock.IsObjectLockLegalHoldRequested(r.Header)
|
||||||
@ -170,10 +170,16 @@ func checkPutObjectLockAllowed(ctx context.Context, r *http.Request, bucket, obj
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return mode, retainDate, legalHold, toAPIErrorCode(ctx, err)
|
return mode, retainDate, legalHold, toAPIErrorCode(ctx, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
t, err := objectlock.UTCNowNTP()
|
||||||
|
if err != nil {
|
||||||
|
logger.LogIf(ctx, err)
|
||||||
|
return mode, retainDate, legalHold, ErrObjectLocked
|
||||||
|
}
|
||||||
if objInfo, err := getObjectInfoFn(ctx, bucket, object, opts); err == nil {
|
if objInfo, err := getObjectInfoFn(ctx, bucket, object, opts); err == nil {
|
||||||
objExists = true
|
objExists = true
|
||||||
r := objectlock.GetObjectRetentionMeta(objInfo.UserDefined)
|
r := objectlock.GetObjectRetentionMeta(objInfo.UserDefined)
|
||||||
if globalWORMEnabled || r.Mode == objectlock.Compliance {
|
if globalWORMEnabled || ((r.Mode == objectlock.Compliance) && r.RetainUntilDate.After(t)) {
|
||||||
return mode, retainDate, legalHold, ErrObjectLocked
|
return mode, retainDate, legalHold, ErrObjectLocked
|
||||||
}
|
}
|
||||||
mode = r.Mode
|
mode = r.Mode
|
||||||
@ -205,12 +211,6 @@ func checkPutObjectLockAllowed(ctx context.Context, r *http.Request, bucket, obj
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return mode, retainDate, legalHold, toAPIErrorCode(ctx, err)
|
return mode, retainDate, legalHold, toAPIErrorCode(ctx, err)
|
||||||
}
|
}
|
||||||
// AWS S3 just creates a new version of object when an object is being overwritten.
|
|
||||||
t, err := objectlock.UTCNowNTP()
|
|
||||||
if err != nil {
|
|
||||||
logger.LogIf(ctx, err)
|
|
||||||
return mode, retainDate, legalHold, ErrObjectLocked
|
|
||||||
}
|
|
||||||
if objExists && retainDate.After(t) {
|
if objExists && retainDate.After(t) {
|
||||||
return mode, retainDate, legalHold, ErrObjectLocked
|
return mode, retainDate, legalHold, ErrObjectLocked
|
||||||
}
|
}
|
||||||
@ -224,9 +224,6 @@ func checkPutObjectLockAllowed(ctx context.Context, r *http.Request, bucket, obj
|
|||||||
}
|
}
|
||||||
|
|
||||||
if !retentionRequested && isWORMBucket {
|
if !retentionRequested && isWORMBucket {
|
||||||
if retention.IsEmpty() && (mode == objectlock.Compliance || mode == objectlock.Governance) {
|
|
||||||
return mode, retainDate, legalHold, ErrObjectLocked
|
|
||||||
}
|
|
||||||
if retentionPermErr != ErrNone {
|
if retentionPermErr != ErrNone {
|
||||||
return mode, retainDate, legalHold, retentionPermErr
|
return mode, retainDate, legalHold, retentionPermErr
|
||||||
}
|
}
|
||||||
@ -239,10 +236,11 @@ func checkPutObjectLockAllowed(ctx context.Context, r *http.Request, bucket, obj
|
|||||||
if objExists && retainDate.After(t) {
|
if objExists && retainDate.After(t) {
|
||||||
return mode, retainDate, legalHold, ErrObjectLocked
|
return mode, retainDate, legalHold, ErrObjectLocked
|
||||||
}
|
}
|
||||||
if !legalHoldRequested {
|
if !legalHoldRequested && !retentionCfg.IsEmpty() {
|
||||||
// inherit retention from bucket configuration
|
// inherit retention from bucket configuration
|
||||||
return retention.Mode, objectlock.RetentionDate{Time: t.Add(retention.Validity)}, legalHold, ErrNone
|
return retentionCfg.Mode, objectlock.RetentionDate{Time: t.Add(retentionCfg.Validity)}, legalHold, ErrNone
|
||||||
}
|
}
|
||||||
|
return objectlock.Mode(""), objectlock.RetentionDate{}, legalHold, ErrNone
|
||||||
}
|
}
|
||||||
return mode, retainDate, legalHold, ErrNone
|
return mode, retainDate, legalHold, ErrNone
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user