From: Mark Houghton <mhoughton@microfocus.com>
Date: Tue, 20 Oct 2020 16:54:32 +0000 (+0100)
Subject: rgw: Honour governance retention override in multi-object delete.
X-Git-Tag: v16.1.0~425^2~4
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=6989da1bcbe59e4d561c9d16f0ff891f6c6ef567;p=ceph.git

rgw: Honour governance retention override in multi-object delete.

Allow governance  retention to be overridden by a suitably privileged user.

Fixes: http://tracker.ceph.com/issues/47586
Signed-off-by: Mark Houghton <mhoughton@microfocus.com>
---

diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc
index b259f0c3670..edd7264e2b2 100644
--- a/src/rgw/rgw_op.cc
+++ b/src/rgw/rgw_op.cc
@@ -6540,12 +6540,14 @@ void RGWDeleteMultiObj::execute(optional_yield y)
         }
       }
     }
-    int object_lock_response = verify_object_lock(this, obj->get_attrs(), false, false);
-    if (object_lock_response != 0) {
-      send_partial_response(*iter, false, "", object_lock_response);
-      continue;
+
+    if (check_obj_lock) {
+      int object_lock_response = verify_object_lock(this, obj->get_attrs(), bypass_perm, bypass_governance_mode);
+      if (object_lock_response != 0) {
+        send_partial_response(*iter, false, "", object_lock_response);
+        continue;
+      }
     }
-    
     // make reservation for notification if needed
     const auto versioned_object = s->bucket->versioning_enabled();
     rgw::notify::reservation_t res(store, s, obj.get());
diff --git a/src/rgw/rgw_op.h b/src/rgw/rgw_op.h
index cbe85617241..4b641bd2ea7 100644
--- a/src/rgw/rgw_op.h
+++ b/src/rgw/rgw_op.h
@@ -1928,11 +1928,16 @@ protected:
   bool quiet;
   bool status_dumped;
   bool acl_allowed = false;
+  bool bypass_perm;
+  bool bypass_governance_mode;
+
 
 public:
   RGWDeleteMultiObj() {
     quiet = false;
     status_dumped = false;
+    bypass_perm = true;
+    bypass_governance_mode = false;
   }
   int verify_permission(optional_yield y) override;
   void pre_exec() override;
diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc
index 3a6e52b507c..cd2a045cdbd 100644
--- a/src/rgw/rgw_rest_s3.cc
+++ b/src/rgw/rgw_rest_s3.cc
@@ -3870,6 +3870,12 @@ int RGWDeleteMultiObj_ObjStore_S3::get_params(optional_yield y)
     return ret;
   }
 
+  const char *bypass_gov_header = s->info.env->get("HTTP_X_AMZ_BYPASS_GOVERNANCE_RETENTION");
+  if (bypass_gov_header) {
+    std::string bypass_gov_decoded = url_decode(bypass_gov_header);
+    bypass_governance_mode = boost::algorithm::iequals(bypass_gov_decoded, "true");
+  }
+
   return do_aws4_auth_completion();
 }