Bug #55766
closedS3 Object Lock not Working
0%
Description
Hi,
We have a cluster with 15.2.16 and one with 16.2.7. The S3 Object Lock works fine for 15.2.16 but seems to be broken for 16.2.7.
I have not tested any other 16.2.x releases yet.
The only reference to changes in object log I found was https://github.com/ceph/ceph/pull/40693/files for 16.2.6.
Did I miss something with a 16.2.x release that changed intentially? Any option we need set to make Object Lock work?
Steps to reproduce:
```
❯ aws-cli/1.18.106 Python/3.8.10 Linux/5.13.0-44-generic botocore/1.17.29
❯ alias aws="aws --profile $profile --endpoint-url $endpoint"
❯ aws s3api create-bucket --object-lock-enabled-for-bucket --bucket $bucket
❯ aws s3api put-object-lock-configuration --bucket $bucket --object-lock-configuration '{ "ObjectLockEnabled": "Enabled", "Rule": { "DefaultRetention": { "Mode": "COMPLIANCE", "Days": 1 }}}' # create bucket
❯ aws s3api get-object-lock-configuration --bucket $bucket # check bucket
{
"ObjectLockConfiguration": {
"ObjectLockEnabled": "Enabled",
"Rule": {
"DefaultRetention": {
"Mode": "COMPLIANCE",
"Days": 1
}
}
}
}
❯ aws s3 cp /etc/services s3://$bucket # put exampe file into bucket
upload: ../../etc/services to s3://test-locking-bucket/services
❯ aws s3 ls s3://$bucket
2022-05-25 16:50:00 14464 services
❯ aws s3api list-object-versions --bucket $bucket
{
"Versions": [
{
"ETag": "\"00060e37207f950bf0ebfd25810c19b9\"",
"Size": 14464,
"StorageClass": "STANDARD",
"Key": "services",
"VersionId": "TCNmYeOcJxcnaYH3b0f1h8vIj5.Y1MX",
"IsLatest": true,
"LastModified": "2022-05-25T14:50:00.538Z",
"Owner": {
"DisplayName": "chkugler",
"ID": "chkugler"
}
}
]
}
❯ aws s3 rm s3://$bucket/services
delete: s3://locking-test-bucket/services
❯ aws s3api list-object-versions --bucket $bucket
{
"Versions": [
{
"ETag": "\"00060e37207f950bf0ebfd25810c19b9\"",
"Size": 14464,
"StorageClass": "STANDARD",
"Key": "services",
"VersionId": "TCNmYeOcJxcnaYH3b0f1h8vIj5.Y1MX",
"IsLatest": false,
"LastModified": "2022-05-25T14:50:00.538Z",
"Owner": {
"DisplayName": "chkugler",
"ID": "chkugler"
}
}
],
"DeleteMarkers": [
{
"Owner": {
"DisplayName": "chkugler",
"ID": "chkugler"
},
"Key": "services",
"VersionId": "UGwXee--iZPQH3krIDR1xGi.d81p4YX",
"IsLatest": true,
"LastModified": "2022-05-25T14:53:37.988Z"
}
]
}
❯ aws s3api delete-object --bucket $bucket --key services --version-id='TCNmYeOcJxcnaYH3b0f1h8vIj5.Y1MX' # this must not work, but it does
{
"VersionId": "TCNmYeOcJxcnaYH3b0f1h8vIj5.Y1MX"
}
❯ aws s3api delete-object --bucket $bucket --key services --version-id='UGwXee--iZPQH3krIDR1xGi.d81p4YX' # this would restore the object
{
"DeleteMarker": true,
"VersionId": "UGwXee--iZPQH3krIDR1xGi.d81p4YX"
}
❯ aws s3api list-object-versions --bucket $bucket # returns empty instead of having the object
❯ aws s3 ls s3://$bucket # returns empty instead of having the object
```
Ill try to test with 16.2.5 and 16.2.6 as well to find out if it is a recent development