From: wangzhong <wangzhong@cmss.chinamobile.com>
Date: Tue, 27 Jul 2021 09:52:44 +0000 (-0700)
Subject: rgw: add the condition of lock mode conversion to PutObjRentention
X-Git-Tag: v16.2.8~92^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=188dac061268ea574aed3422c23329a0b2c588ff;p=ceph.git

rgw: add the condition of lock mode conversion to PutObjRentention

Signed-off-by: wangzhong <wangzhong@cmss.chinamobile.com>
(cherry picked from commit 585eae46a2bb7ed39ca2f3213801e0f77642c9d4)
---

diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc
index f022bc376f93..7ffa2e07d728 100644
--- a/src/rgw/rgw_op.cc
+++ b/src/rgw/rgw_op.cc
@@ -8257,10 +8257,20 @@ void RGWPutObjRetention::execute(optional_yield y)
     }
     if (ceph::real_clock::to_time_t(obj_retention.get_retain_until_date()) < ceph::real_clock::to_time_t(old_obj_retention.get_retain_until_date())) {
       if (old_obj_retention.get_mode().compare("GOVERNANCE") != 0 || !bypass_perm || !bypass_governance_mode) {
-	s->err.message = "proposed retain-until date shortens an existing retention period and governance bypass check failed";
+	  s->err.message = "proposed retain-until date shortens an existing retention period and governance bypass check failed";
         op_ret = -EACCES;
         return;
       }
+    } else if (old_obj_retention.get_mode() == obj_retention.get_mode()) {
+      // ok if retention mode doesn't change
+    } else if (obj_retention.get_mode() == "GOVERNANCE") {
+      s->err.message = "can't change retention mode from COMPLIANCE to GOVERNANCE";
+      op_ret = -EACCES;
+      return;
+    } else if (!bypass_perm || !bypass_governance_mode) {
+      s->err.message = "can't change retention mode from GOVERNANCE without governance bypass";
+      op_ret = -EACCES;
+      return;
     }
   }