diff options
| author | Chris Lu <chrislusf@users.noreply.github.com> | 2025-07-18 22:25:58 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-07-18 22:25:58 -0700 |
| commit | 26403e8a0d2e4d58abf8acc6bbb1fd0accd93bdb (patch) | |
| tree | 88c3224431eebd7801aa4119c8d129ec6c79dbe9 /weed/s3api/s3api_object_handlers_retention.go | |
| parent | c6a22ce43a3c0318b7c6841bcbf97937fd11e27c (diff) | |
| download | seaweedfs-26403e8a0d2e4d58abf8acc6bbb1fd0accd93bdb.tar.xz seaweedfs-26403e8a0d2e4d58abf8acc6bbb1fd0accd93bdb.zip | |
Test object lock and retention (#6997)
* fix GetObjectLockConfigurationHandler
* cache and use bucket object lock config
* subscribe to bucket configuration changes
* increase bucket config cache TTL
* refactor
* Update weed/s3api/s3api_server.go
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
* avoid duplidated work
* rename variable
* Update s3api_object_handlers_put.go
* fix routing
* admin ui and api handler are consistent now
* use fields instead of xml
* fix test
* address comments
* Update weed/s3api/s3api_object_handlers_put.go
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Update test/s3/retention/s3_retention_test.go
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Update weed/s3api/object_lock_utils.go
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* change error style
* errorf
* read entry once
* add s3 tests for object lock and retention
* use marker
* install s3 tests
* Update s3tests.yml
* Update s3tests.yml
* Update s3tests.conf
* Update s3tests.conf
* address test errors
* address test errors
With these fixes, the s3-tests should now:
✅ Return InvalidBucketState (409 Conflict) for object lock operations on invalid buckets
✅ Return MalformedXML for invalid retention configurations
✅ Include VersionId in response headers when available
✅ Return proper HTTP status codes (403 Forbidden for retention mode changes)
✅ Handle all object lock validation errors consistently
* fixes
With these comprehensive fixes, the s3-tests should now:
✅ Return InvalidBucketState (409 Conflict) for object lock operations on invalid buckets
✅ Return InvalidRetentionPeriod for invalid retention periods
✅ Return MalformedXML for malformed retention configurations
✅ Include VersionId in response headers when available
✅ Return proper HTTP status codes for all error conditions
✅ Handle all object lock validation errors consistently
The workflow should now pass significantly more object lock tests, bringing SeaweedFS's S3 object lock implementation much closer to AWS S3 compatibility standards.
* fixes
With these final fixes, the s3-tests should now:
✅ Return MalformedXML for ObjectLockEnabled: 'Disabled'
✅ Return MalformedXML when both Days and Years are specified in retention configuration
✅ Return InvalidBucketState (409 Conflict) when trying to suspend versioning on buckets with object lock enabled
✅ Handle all object lock validation errors consistently with proper error codes
* constants and fixes
✅ Return InvalidRetentionPeriod for invalid retention values (0 days, negative years)
✅ Return ObjectLockConfigurationNotFoundError when object lock configuration doesn't exist
✅ Handle all object lock validation errors consistently with proper error codes
* fixes
✅ Return MalformedXML when both Days and Years are specified in the same retention configuration
✅ Return 400 (Bad Request) with InvalidRequest when object lock operations are attempted on buckets without object lock enabled
✅ Handle all object lock validation errors consistently with proper error codes
* fixes
✅ Return 409 (Conflict) with InvalidBucketState for bucket-level object lock configuration operations on buckets without object lock enabled
✅ Allow increasing retention periods and overriding retention with same/later dates
✅ Only block decreasing retention periods without proper bypass permissions
✅ Handle all object lock validation errors consistently with proper error codes
* fixes
✅ Include VersionId in multipart upload completion responses when versioning is enabled
✅ Block retention mode changes (GOVERNANCE ↔ COMPLIANCE) without bypass permissions
✅ Handle all object lock validation errors consistently with proper error codes
✅ Pass the remaining object lock tests
* fix tests
* fixes
* pass tests
* fix tests
* fixes
* add error mapping
* Update s3tests.conf
* fix test_object_lock_put_obj_lock_invalid_days
* fixes
* fix many issues
* fix test_object_lock_delete_multipart_object_with_legal_hold_on
* fix tests
* refactor
* fix test_object_lock_delete_object_with_retention_and_marker
* fix tests
* fix tests
* fix tests
* fix test itself
* fix tests
* fix test
* Update weed/s3api/s3api_object_retention.go
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* reduce logs
* address comments
---------
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Diffstat (limited to 'weed/s3api/s3api_object_handlers_retention.go')
| -rw-r--r-- | weed/s3api/s3api_object_handlers_retention.go | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/weed/s3api/s3api_object_handlers_retention.go b/weed/s3api/s3api_object_handlers_retention.go index a419b469e..899c2453c 100644 --- a/weed/s3api/s3api_object_handlers_retention.go +++ b/weed/s3api/s3api_object_handlers_retention.go @@ -25,8 +25,8 @@ func (s3a *S3ApiServer) PutObjectRetentionHandler(w http.ResponseWriter, r *http // Get version ID from query parameters versionId := r.URL.Query().Get("versionId") - // Check for bypass governance retention header - bypassGovernance := r.Header.Get("x-amz-bypass-governance-retention") == "true" + // Evaluate governance bypass request (header + permission validation) + governanceBypassAllowed := s3a.evaluateGovernanceBypassRequest(r, bucket, object) // Parse retention configuration from request body retention, err := parseObjectRetention(r) @@ -39,12 +39,12 @@ func (s3a *S3ApiServer) PutObjectRetentionHandler(w http.ResponseWriter, r *http // Validate retention configuration if err := validateRetention(retention); err != nil { glog.Errorf("PutObjectRetentionHandler: invalid retention config: %v", err) - s3err.WriteErrorResponse(w, r, s3err.ErrInvalidRequest) + s3err.WriteErrorResponse(w, r, mapValidationErrorToS3Error(err)) return } // Set retention on the object - if err := s3a.setObjectRetention(bucket, object, versionId, retention, bypassGovernance); err != nil { + if err := s3a.setObjectRetention(bucket, object, versionId, retention, governanceBypassAllowed); err != nil { glog.Errorf("PutObjectRetentionHandler: failed to set retention: %v", err) // Handle specific error cases @@ -54,6 +54,7 @@ func (s3a *S3ApiServer) PutObjectRetentionHandler(w http.ResponseWriter, r *http } if errors.Is(err, ErrComplianceModeActive) || errors.Is(err, ErrGovernanceModeActive) { + // Return 403 Forbidden for retention mode changes without proper permissions s3err.WriteErrorResponse(w, r, s3err.ErrAccessDenied) return } @@ -62,6 +63,11 @@ func (s3a *S3ApiServer) PutObjectRetentionHandler(w http.ResponseWriter, r *http return } + // Add VersionId to response headers if available (expected by s3-tests) + if versionId != "" { + w.Header().Set("x-amz-version-id", versionId) + } + // Record metrics stats_collect.RecordBucketActiveTime(bucket) @@ -96,7 +102,7 @@ func (s3a *S3ApiServer) GetObjectRetentionHandler(w http.ResponseWriter, r *http } if errors.Is(err, ErrNoRetentionConfiguration) { - s3err.WriteErrorResponse(w, r, s3err.ErrNoSuchObjectLockConfiguration) + s3err.WriteErrorResponse(w, r, s3err.ErrObjectLockConfigurationNotFoundError) return } |