rgw: Honour governance retention override in multi-object delete.

Allow governance  retention to be overridden by a suitably privileged user.

Fixes: http://tracker.ceph.com/issues/47586
Signed-off-by: Mark Houghton <mhoughton@microfocus.com>
(cherry picked from commit 6989da1bcbe59e4d561c9d16f0ff891f6c6ef567)
Signed-off-by: Matt Benjamin <mbenjamin@redhat.com>
 Conflicts:
	src/rgw/rgw_op.cc

diff --git a/src/rgw/rgw_op.h b/src/rgw/rgw_op.h
index e76b12581f96c6a251aa82a9a5652b2a07006acb..90b4b84c46335436467f25f9f98266fbaca62fc4 100644 (file)
--- a/src/rgw/rgw_op.h
+++ b/src/rgw/rgw_op.h
@@ -1849,11 +1849,16 @@ protected:
   bool quiet;
   bool status_dumped;
   bool acl_allowed = false;
+  bool bypass_perm;
+  bool bypass_governance_mode;
+
 
 public:
   RGWDeleteMultiObj() {
     quiet = false;
     status_dumped = false;
+    bypass_perm = true;
+    bypass_governance_mode = false;
   }
   int verify_permission() override;
   void pre_exec() override;

diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc
index f25890f527ab8a8a6ce7c72d870d7fd9bd54ceef..a92383b688abda3509a84377e3512516bb3c674a 100644 (file)
--- a/src/rgw/rgw_rest_s3.cc
+++ b/src/rgw/rgw_rest_s3.cc
@@ -3188,6 +3188,12 @@ int RGWDeleteMultiObj_ObjStore_S3::get_params()
     return ret;
   }
 
+  const char *bypass_gov_header = s->info.env->get("HTTP_X_AMZ_BYPASS_GOVERNANCE_RETENTION");
+  if (bypass_gov_header) {
+    std::string bypass_gov_decoded = url_decode(bypass_gov_header);
+    bypass_governance_mode = boost::algorithm::iequals(bypass_gov_decoded, "true");
+  }
+
   return do_aws4_auth_completion();
 }