Ceph » mgr » Dashboard

Any idea how this should be implemented from a enduser perspective? Is it enough to add a checkbox in the bucket create dialog?

I requested some infos if this feature is availabale via Admin OPS API (https://github.com/ceph/ceph/pull/26538#issuecomment-591371832). If not, then i do not see any chance to implement that in the Dashboard.

Volker Theile wrote:

Any idea how this should be implemented from a enduser perspective? Is it enough to add a checkbox in the bucket create dialog?

IMHO a checkbox would be fully sufficient.

Robert sent me the following additional information in an email:

we made progress on how to create an S3 bucket with the Object Lock feature.

s3cmd announces that it can send additional headers with the create bucket request but this seems not to work:

s3cmd --add-header=x-amz-bucket-object-lock-enabled:true mb s3://lockedbucket

Instead I created a small Python script using the boto module and this code:

conn = boto.connect_s3(…)
conn.create_bucket(bucketname, headers = {'x-amz-bucket-object-lock-enabled': 'true'})

The bucket created with create_bucket() now has the feature enabled. With this code we get the status of the enabled feature:

for bucket in conn.get_all_buckets():
    print bucket.name, bucket.get_versioning_status()

To make it correct we should support the following options for buckets (with enabled versioning):

- Enable/disable locking
- Select the locking mode: retention periods and/or legal holds
- Allow to set the retention period

Volker Theile wrote:

The locking configuration is only available after the bucket has been created because it can only be enabled when versioning is on.

I think you need to create the bucket with "x-amz-bucket-object-lock-enabled: true" because otherwise you will not be able to set the features. But I may be wrong.

It comes out that once object locking is enabled, it can NOT be disabled anymore.

The PR https://github.com/ceph/ceph/pull/26538/files#diff-fcc53db6b28c98131b0f269ddf31f6b5R38 is telling something different, but i am not able to disable locking by sending the header {'x-amz-bucket-object-lock-enabled': 'false'}.

Because of that i need to rethink how to implement that feature. Adding a checkbox in the 'Create' dialog seems to be ok because i was able to enable the locking (via sending the {'x-amz-bucket-object-lock-enabled': 'true'} header) without versioning enabled.