]> git-server-git.apps.pok.os.sepia.ceph.com Git - ceph.git/commitdiff
projects / ceph.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1a3f085)
rgw: Honour governance retention override in multi-object delete.
authorMark Houghton <mhoughton@microfocus.com>
Tue, 20 Oct 2020 16:54:32 +0000 (17:54 +0100)
committerMark Houghton <mhoughton@microfocus.com>
Fri, 20 Nov 2020 17:40:08 +0000 (17:40 +0000)
Allow governance  retention to be overridden by a suitably privileged user.

Fixes: http://tracker.ceph.com/issues/47586
Signed-off-by: Mark Houghton <mhoughton@microfocus.com>
src/rgw/rgw_op.cc patch | blob | history
src/rgw/rgw_op.h patch | blob | history
src/rgw/rgw_rest_s3.cc patch | blob | history

diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc
index b259f0c36702698331b33b30f67674f26739f99e..edd7264e2b2d0ebc54ce88a42a48fc5baf85fba9 100644 (file)
--- a/src/rgw/rgw_op.cc
+++ b/src/rgw/rgw_op.cc
@@ -6540,12 +6540,14 @@ void RGWDeleteMultiObj::execute(optional_yield y)
         }
       }
     }
-    int object_lock_response = verify_object_lock(this, obj->get_attrs(), false, false);
-    if (object_lock_response != 0) {
-      send_partial_response(*iter, false, "", object_lock_response);
-      continue;
+
+    if (check_obj_lock) {
+      int object_lock_response = verify_object_lock(this, obj->get_attrs(), bypass_perm, bypass_governance_mode);
+      if (object_lock_response != 0) {
+        send_partial_response(*iter, false, "", object_lock_response);
+        continue;
+      }
     }
-    
     // make reservation for notification if needed
     const auto versioned_object = s->bucket->versioning_enabled();
     rgw::notify::reservation_t res(store, s, obj.get());
diff --git a/src/rgw/rgw_op.h b/src/rgw/rgw_op.h
index cbe856172413b25fd3121ebc8db9cdf013ae75fa..4b641bd2ea7c6eace2af2255d535d052bfb91af6 100644 (file)
--- a/src/rgw/rgw_op.h
+++ b/src/rgw/rgw_op.h
@@ -1928,11 +1928,16 @@ protected:
   bool quiet;
   bool status_dumped;
   bool acl_allowed = false;
+  bool bypass_perm;
+  bool bypass_governance_mode;
+
 
 public:
   RGWDeleteMultiObj() {
     quiet = false;
     status_dumped = false;
+    bypass_perm = true;
+    bypass_governance_mode = false;
   }
   int verify_permission(optional_yield y) override;
   void pre_exec() override;
diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc
index 3a6e52b507c88445cde3b14bae68c0085dec9388..cd2a045cdbd761f0ad1c4b1d1787cee0f3c74d6e 100644 (file)
--- a/src/rgw/rgw_rest_s3.cc
+++ b/src/rgw/rgw_rest_s3.cc
@@ -3870,6 +3870,12 @@ int RGWDeleteMultiObj_ObjStore_S3::get_params(optional_yield y)
     return ret;
   }
 
+  const char *bypass_gov_header = s->info.env->get("HTTP_X_AMZ_BYPASS_GOVERNANCE_RETENTION");
+  if (bypass_gov_header) {
+    std::string bypass_gov_decoded = url_decode(bypass_gov_header);
+    bypass_governance_mode = boost::algorithm::iequals(bypass_gov_decoded, "true");
+  }
+
   return do_aws4_auth_completion();
 }
 
Unnamed repository; edit this file 'description' to name the repository.