diff --git a/qa/rgw/store/sfs/tests/test-sfs-object-locking.py b/qa/rgw/store/sfs/tests/test-sfs-object-locking.py index 7b2b6b0049845..970734db2b663 100644 --- a/qa/rgw/store/sfs/tests/test-sfs-object-locking.py +++ b/qa/rgw/store/sfs/tests/test-sfs-object-locking.py @@ -33,6 +33,7 @@ class ObjectLockingTests(unittest.TestCase): BUCKET_NAME_3 = "bobjlockenabled3" BUCKET_NAME_4 = "bobjlockenabled4" BUCKET_NAME_5 = "bobjlockenabled5" + BUCKET_NAME_6 = "bobjlockenabled6" ObjVersions = {} @@ -462,6 +463,55 @@ def test_object_locking_legal_hold(self): self.assertTrue(response["ResponseMetadata"]["HTTPStatusCode"] == 204) + def test_multipart_upload_has_default_retention(self): + self.ensure_bucket(ObjectLockingTests.BUCKET_NAME_6, True) + + self.s3_client.put_object_lock_configuration( + Bucket=ObjectLockingTests.BUCKET_NAME_6, + ObjectLockConfiguration={ + "ObjectLockEnabled": "Enabled", + "Rule": {"DefaultRetention": {"Mode": "COMPLIANCE", "Years": 7}}, + }, + ) + + res = self.s3_client.create_multipart_upload( + Bucket=ObjectLockingTests.BUCKET_NAME_6, Key="key.1" + ) + + upload_id = res["UploadId"] + parts_lst = [] + res = self.s3_client.upload_part( + Body="data", + Bucket=ObjectLockingTests.BUCKET_NAME_6, + Key="key.1", + UploadId=upload_id, + PartNumber=1, + ) + parts_lst.append({"ETag": res["ETag"], "PartNumber": 1}) + self.s3_client.complete_multipart_upload( + Bucket=ObjectLockingTests.BUCKET_NAME_6, + Key="key.1", + UploadId=upload_id, + MultipartUpload={"Parts": parts_lst}, + ) + + response = self.s3_client.list_object_versions( + Bucket=ObjectLockingTests.BUCKET_NAME_6, Prefix="key.1" + ) + + for version in response["Versions"]: + if version["Key"] == "key.1" and version["IsLatest"] == True: + self.ObjVersions["key.1.6"] = version["VersionId"] + print(self.ObjVersions["key.1.6"]) + + response = self.s3_client.get_object_retention( + Bucket=ObjectLockingTests.BUCKET_NAME_6, + Key="key.1", + VersionId=self.ObjVersions["key.1.6"], + ) + + self.check_object_retention(response, "COMPLIANCE", 7, "Years") + if __name__ == "__main__": if len(sys.argv) == 2: diff --git a/src/rgw/driver/sfs/multipart.cc b/src/rgw/driver/sfs/multipart.cc index 0bf31bad92e94..c2cba78426ac9 100644 --- a/src/rgw/driver/sfs/multipart.cc +++ b/src/rgw/driver/sfs/multipart.cc @@ -481,6 +481,22 @@ int SFSMultipartUploadV2::complete( return -ERR_INTERNAL_ERROR; } + // for object-locking enabled buckets, set the bucket's object-locking + // profile when not defined on the MP part + if (bucketref->get_info().obj_lock_enabled() && + bucketref->get_info().obj_lock.has_rule()) { + auto iter = mp->attrs.find(RGW_ATTR_OBJECT_RETENTION); + if (iter == mp->attrs.end()) { + ceph::real_time lock_until_date = + bucketref->get_info().obj_lock.get_lock_until_date( + ceph::real_clock::now() + ); + std::string mode = bucketref->get_info().obj_lock.get_mode(); + RGWObjectRetention obj_retention(mode, lock_until_date); + encode(obj_retention, mp->attrs[RGW_ATTR_OBJECT_RETENTION]); + } + } + // Server-side encryption: The decryptor needs a manifest to // identify encrypted chunks. Each MP part corresponds to a chunk. if (mp->attrs.find(RGW_ATTR_CRYPT_MODE) != mp->attrs.end()) { diff --git a/src/rgw/driver/sfs/writer.cc b/src/rgw/driver/sfs/writer.cc index f0058bbcbe745..6bd49cc459108 100644 --- a/src/rgw/driver/sfs/writer.cc +++ b/src/rgw/driver/sfs/writer.cc @@ -328,13 +328,11 @@ int SFSAtomicWriter::complete( bucketref->get_info().obj_lock.has_rule()) { auto iter = attrs.find(RGW_ATTR_OBJECT_RETENTION); if (iter == attrs.end()) { - real_time lock_until_date = + ceph::real_time lock_until_date = bucketref->get_info().obj_lock.get_lock_until_date(now); - string mode = bucketref->get_info().obj_lock.get_mode(); + std::string mode = bucketref->get_info().obj_lock.get_mode(); RGWObjectRetention obj_retention(mode, lock_until_date); - bufferlist bl; - obj_retention.encode(bl); - attrs[RGW_ATTR_OBJECT_RETENTION] = bl; + encode(obj_retention, attrs[RGW_ATTR_OBJECT_RETENTION]); } }