MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-02-26 04:49:16 -05:00
Code Issues Packages Projects Releases Wiki Activity

fix: reject ilm rule when bucket LockEnabled (#19785)

Browse Source
This commit is contained in:
jiuker 2024-05-22 14:50:03 +08:00 committed by GitHub
parent bf1769d3e0
commit 9906b3ade9
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 28 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
cmd/admin-bucket-handlers.go
View File

@ -837,9 +837,13 @@ func (a adminAPIHandlers) ImportBucketMetadataHandler(w http.ResponseWriter, r *
rpt.SetStatus(bucket, fileName, err)
continue
}
rcfg, err := globalBucketObjectLockSys.Get(bucket)
if err != nil {
rpt.SetStatus(bucket, fileName, err)
continue
}
// Validate the received bucket policy document
if err = bucketLifecycle.Validate(); err != nil {
if err = bucketLifecycle.Validate(rcfg); err != nil {
rpt.SetStatus(bucket, fileName, err)
continue
}

5
cmd/bucket-lifecycle-handlers.go
View File

@ -64,7 +64,8 @@ func (api objectAPIHandlers) PutBucketLifecycleHandler(w http.ResponseWriter, r
}
// Check if bucket exists.
if _, err := objAPI.GetBucketInfo(ctx, bucket, BucketOptions{}); err != nil {
rcfg, err := globalBucketObjectLockSys.Get(bucket)
if err != nil {
writeErrorResponse(ctx, w, toAPIError(ctx, err), r.URL)
return
}
@ -76,7 +77,7 @@ func (api objectAPIHandlers) PutBucketLifecycleHandler(w http.ResponseWriter, r
}
// Validate the received bucket policy document
if err = bucketLifecycle.Validate(); err != nil {
if err = bucketLifecycle.Validate(rcfg); err != nil {
writeErrorResponse(ctx, w, toAPIError(ctx, err), r.URL)
return
}

8
cmd/site-replication.go
View File

@ -6211,7 +6211,13 @@ func mergeWithCurrentLCConfig(ctx context.Context, bucket string, expLCCfg *stri
Rules: rules,
ExpiryUpdatedAt: &updatedAt,
}
if err := finalLcCfg.Validate(); err != nil {
rcfg, err := globalBucketObjectLockSys.Get(bucket)
if err != nil {
return nil, err
}
if err := finalLcCfg.Validate(rcfg); err != nil {
return []byte{}, err
}
finalConfigData, err := xml.Marshal(finalLcCfg)

9
internal/bucket/lifecycle/lifecycle.go
View File

@ -27,6 +27,7 @@ import (
"time"
"github.com/google/uuid"
"github.com/minio/minio/internal/bucket/object/lock"
xhttp "github.com/minio/minio/internal/http"
)
@ -236,7 +237,7 @@ func ParseLifecycleConfig(reader io.Reader) (*Lifecycle, error) {
}
// Validate - validates the lifecycle configuration
func (lc Lifecycle) Validate() error {
func (lc Lifecycle) Validate(lr lock.Retention) error {
// Lifecycle config can't have more than 1000 rules
if len(lc.Rules) > 1000 {
return errLifecycleTooManyRules
@ -251,6 +252,12 @@ func (lc Lifecycle) Validate() error {
if err := r.Validate(); err != nil {
return err
}
if (r.Expiration.DeleteMarker.val || // DeleteVersionAction
!r.DelMarkerExpiration.Empty() || // DelMarkerDeleteAllVersionsAction
!r.NoncurrentVersionExpiration.IsDaysNull() || // DeleteVersionAction
!r.Expiration.IsDaysNull()) && lr.LockEnabled {
return fmt.Errorf("DeleteAllVersions and DeleteMarkerDeleteAllVersions cannot be set when bucket lock is enabled")
}
}
// Make sure Rule ID is unique
for i := range lc.Rules {

7
internal/bucket/lifecycle/lifecycle_test.go
View File

@ -30,6 +30,7 @@ import (
"github.com/dustin/go-humanize"
"github.com/google/uuid"
"github.com/minio/minio/internal/bucket/object/lock"
xhttp "github.com/minio/minio/internal/http"
)
@ -144,7 +145,7 @@ func TestParseAndValidateLifecycleConfig(t *testing.T) {
// no need to continue this test.
return
}
err = lc.Validate()
err = lc.Validate(lock.Retention{})
if err != tc.expectedValidationErr {
t.Fatalf("%d: Expected %v during validation but got %v", i+1, tc.expectedValidationErr, err)
}
@ -779,7 +780,7 @@ func TestHasActiveRules(t *testing.T) {
t.Fatalf("Got unexpected error: %v", err)
}
// To ensure input lifecycle configurations are valid
if err := lc.Validate(); err != nil {
if err := lc.Validate(lock.Retention{}); err != nil {
t.Fatalf("Invalid test case: %d %v", i+1, err)
}
if got := lc.HasActiveRules(tc.prefix); got != tc.want {
@ -1365,7 +1366,7 @@ func TestFilterRules(t *testing.T) {
for i, tc := range tests {
t.Run(fmt.Sprintf("test-%d", i+1), func(t *testing.T) {
if err := tc.lc.Validate(); err != nil {
if err := tc.lc.Validate(lock.Retention{}); err != nil {
t.Fatalf("Lifecycle validation failed - %v", err)
}
rules := tc.lc.FilterRules(tc.opts)