Revert "Tighten enforcement of object retention (#14993)"

This reverts commit 5e3010d455.

This commit causes regression on object locked buckets causine
delete-markers to be not created.
This commit is contained in:
Minio Trusted 2022-06-30 12:57:54 -07:00
parent 9004d69c6f
commit e60b67d246
2 changed files with 13 additions and 11 deletions

View File

@ -525,7 +525,7 @@ func (api objectAPIHandlers) DeleteMultipleObjectsHandler(w http.ResponseWriter,
VersionSuspended: vc.Suspended(), VersionSuspended: vc.Suspended(),
} }
if replicateDeletes || hasLockEnabled || !globalTierConfigMgr.Empty() { if replicateDeletes || object.VersionID != "" && hasLockEnabled || !globalTierConfigMgr.Empty() {
if !globalTierConfigMgr.Empty() && object.VersionID == "" && opts.VersionSuspended { if !globalTierConfigMgr.Empty() && object.VersionID == "" && opts.VersionSuspended {
opts.VersionID = nullVersionID opts.VersionID = nullVersionID
} }
@ -554,7 +554,7 @@ func (api objectAPIHandlers) DeleteMultipleObjectsHandler(w http.ResponseWriter,
object.ReplicateDecisionStr = dsc.String() object.ReplicateDecisionStr = dsc.String()
} }
} }
if hasLockEnabled { if object.VersionID != "" && hasLockEnabled {
if apiErrCode := enforceRetentionBypassForDelete(ctx, r, bucket, object, goi, gerr); apiErrCode != ErrNone { if apiErrCode := enforceRetentionBypassForDelete(ctx, r, bucket, object, goi, gerr); apiErrCode != ErrNone {
apiErr := errorCodes.ToAPIErr(apiErrCode) apiErr := errorCodes.ToAPIErr(apiErrCode)
deleteResults[index].errInfo = DeleteError{ deleteResults[index].errInfo = DeleteError{

View File

@ -3458,15 +3458,17 @@ func (api objectAPIHandlers) DeleteObjectHandler(w http.ResponseWriter, r *http.
writeErrorResponse(ctx, w, toAPIError(ctx, errors.New("force-delete is forbidden in a locked-enabled bucket")), r.URL) writeErrorResponse(ctx, w, toAPIError(ctx, errors.New("force-delete is forbidden in a locked-enabled bucket")), r.URL)
return return
} }
apiErr = enforceRetentionBypassForDelete(ctx, r, bucket, ObjectToDelete{ if vID != "" {
ObjectV: ObjectV{ apiErr = enforceRetentionBypassForDelete(ctx, r, bucket, ObjectToDelete{
ObjectName: object, ObjectV: ObjectV{
VersionID: vID, ObjectName: object,
}, VersionID: vID,
}, goi, gerr) },
if apiErr != ErrNone && apiErr != ErrNoSuchKey { }, goi, gerr)
writeErrorResponse(ctx, w, errorCodes.ToAPIErr(apiErr), r.URL) if apiErr != ErrNone && apiErr != ErrNoSuchKey {
return writeErrorResponse(ctx, w, errorCodes.ToAPIErr(apiErr), r.URL)
return
}
} }
} }