From d8101573be91f2c2e62d1372fbb910397110e120 Mon Sep 17 00:00:00 2001
From: Poorna <poornas@users.noreply.github.com>
Date: Tue, 24 May 2022 19:40:45 -0700
Subject: [PATCH] Disallow deletion of ARN when under active replication
 (#14972)

fixes a regression from #12880
---
 cmd/bucket-targets.go                      | 2 +-
 internal/bucket/replication/replication.go | 7 ++++---
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/cmd/bucket-targets.go b/cmd/bucket-targets.go
index 6171ddee2..776188ab0 100644
--- a/cmd/bucket-targets.go
+++ b/cmd/bucket-targets.go
@@ -201,7 +201,7 @@ func (sys *BucketTargetSys) RemoveTarget(ctx context.Context, bucket, arnStr str
 		// reject removal of remote target if replication configuration is present
 		rcfg, err := getReplicationConfig(ctx, bucket)
 		if err == nil {
-			for _, tgtArn := range rcfg.FilterTargetArns(replication.ObjectOpts{}) {
+			for _, tgtArn := range rcfg.FilterTargetArns(replication.ObjectOpts{OpType: replication.AllReplicationType}) {
 				if err == nil && (tgtArn == arnStr || rcfg.RoleArn == arnStr) {
 					sys.RLock()
 					_, ok := sys.arnRemotesMap[arnStr]
diff --git a/internal/bucket/replication/replication.go b/internal/bucket/replication/replication.go
index 94354c66b..054792e27 100644
--- a/internal/bucket/replication/replication.go
+++ b/internal/bucket/replication/replication.go
@@ -124,6 +124,7 @@ const (
 	HealReplicationType
 	ExistingObjectReplicationType
 	ResyncReplicationType
+	AllReplicationType
 )
 
 // Valid returns true if replication type is set
@@ -148,7 +149,7 @@ type ObjectOpts struct {
 // FilterActionableRules returns the rules actions that need to be executed
 // after evaluating prefix/tag filtering
 func (c Config) FilterActionableRules(obj ObjectOpts) []Rule {
-	if obj.Name == "" && obj.OpType != ResyncReplicationType {
+	if obj.Name == "" && !(obj.OpType == ResyncReplicationType || obj.OpType == AllReplicationType) {
 		return nil
 	}
 	var rules []Rule
@@ -160,8 +161,8 @@ func (c Config) FilterActionableRules(obj ObjectOpts) []Rule {
 		if obj.TargetArn != "" && rule.Destination.ARN != obj.TargetArn && c.RoleArn != obj.TargetArn {
 			continue
 		}
-		// Ignore other object level and prefix filters for resyncing target
-		if obj.OpType == ResyncReplicationType {
+		// Ignore other object level and prefix filters for resyncing target/listing bucket targets
+		if obj.OpType == ResyncReplicationType || obj.OpType == AllReplicationType {
 			rules = append(rules, rule)
 			continue
 		}