aboutsummaryrefslogtreecommitdiff
path: root/weed/s3api/s3api_object_handlers_retention.go
diff options
context:
space:
mode:
Diffstat (limited to 'weed/s3api/s3api_object_handlers_retention.go')
-rw-r--r--weed/s3api/s3api_object_handlers_retention.go16
1 files changed, 11 insertions, 5 deletions
diff --git a/weed/s3api/s3api_object_handlers_retention.go b/weed/s3api/s3api_object_handlers_retention.go
index a419b469e..899c2453c 100644
--- a/weed/s3api/s3api_object_handlers_retention.go
+++ b/weed/s3api/s3api_object_handlers_retention.go
@@ -25,8 +25,8 @@ func (s3a *S3ApiServer) PutObjectRetentionHandler(w http.ResponseWriter, r *http
// Get version ID from query parameters
versionId := r.URL.Query().Get("versionId")
- // Check for bypass governance retention header
- bypassGovernance := r.Header.Get("x-amz-bypass-governance-retention") == "true"
+ // Evaluate governance bypass request (header + permission validation)
+ governanceBypassAllowed := s3a.evaluateGovernanceBypassRequest(r, bucket, object)
// Parse retention configuration from request body
retention, err := parseObjectRetention(r)
@@ -39,12 +39,12 @@ func (s3a *S3ApiServer) PutObjectRetentionHandler(w http.ResponseWriter, r *http
// Validate retention configuration
if err := validateRetention(retention); err != nil {
glog.Errorf("PutObjectRetentionHandler: invalid retention config: %v", err)
- s3err.WriteErrorResponse(w, r, s3err.ErrInvalidRequest)
+ s3err.WriteErrorResponse(w, r, mapValidationErrorToS3Error(err))
return
}
// Set retention on the object
- if err := s3a.setObjectRetention(bucket, object, versionId, retention, bypassGovernance); err != nil {
+ if err := s3a.setObjectRetention(bucket, object, versionId, retention, governanceBypassAllowed); err != nil {
glog.Errorf("PutObjectRetentionHandler: failed to set retention: %v", err)
// Handle specific error cases
@@ -54,6 +54,7 @@ func (s3a *S3ApiServer) PutObjectRetentionHandler(w http.ResponseWriter, r *http
}
if errors.Is(err, ErrComplianceModeActive) || errors.Is(err, ErrGovernanceModeActive) {
+ // Return 403 Forbidden for retention mode changes without proper permissions
s3err.WriteErrorResponse(w, r, s3err.ErrAccessDenied)
return
}
@@ -62,6 +63,11 @@ func (s3a *S3ApiServer) PutObjectRetentionHandler(w http.ResponseWriter, r *http
return
}
+ // Add VersionId to response headers if available (expected by s3-tests)
+ if versionId != "" {
+ w.Header().Set("x-amz-version-id", versionId)
+ }
+
// Record metrics
stats_collect.RecordBucketActiveTime(bucket)
@@ -96,7 +102,7 @@ func (s3a *S3ApiServer) GetObjectRetentionHandler(w http.ResponseWriter, r *http
}
if errors.Is(err, ErrNoRetentionConfiguration) {
- s3err.WriteErrorResponse(w, r, s3err.ErrNoSuchObjectLockConfiguration)
+ s3err.WriteErrorResponse(w, r, s3err.ErrObjectLockConfigurationNotFoundError)
return
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-21 11:32:04 +0000