Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Object lock (Epic) #228

Closed
jhmarina opened this issue Nov 22, 2022 · 2 comments
Closed

Object lock (Epic) #228

jhmarina opened this issue Nov 22, 2022 · 2 comments
Assignees
@giubacc
Labels
kind/epic Umbrella issue for a group of related issues

Comments

@jhmarina
Copy link
Contributor

jhmarina commented Nov 22, 2022
edited

High level documentation

S3 Object Lock implements storing of objects using a write-once-read-many (WORM) model.
You can use S3 Object Lock to meet regulatory requirements that require WORM storage, or add an extra layer of protection against object changes and deletion.

  • Object Lock is intended for versioned buckets only.
  • You can't disable Object Lock or suspend versioning for a Object Lock enabled bucket.
  • on AWS, you can only enable Object Lock for new buckets (no public API for doing this ; but they can enable this in the backoffice probably).

Main topics

  • Retention modes
    S3 Object Lock provides two retention modes:

    • Governance mode: only authorized users can delete an object

    • Compliance mode: no-one can delete the object (until the associated retention period expires)

      Retention modes apply to Object's versions.
      Different versions of a single object can have different retention modes and periods.

  • Retention periods

    • retention period protects an object version for a fixed amount of time. It is implemented with a timestamp in the object version's metadata to indicate when the retention period expires
    • You can extend a retention period but not shrink it

  • Legal holds

    • You can also place a legal hold on an object version. Like a retention period.
    • They remain in effect until removed by any user who has the s3:PutObjectLegalHold permission.
    • Legal holds are independent from retention periods.

  • Bucket configuration

    • To use Object Lock, you must enable it for a bucket.
    • You can also optionally configure a default retention mode and period that applies to new objects that are placed in the bucket.

  • Required permissions

    • Object Lock operations require specific permissions for the user:

    • s3:BypassGovernanceRetention

    • s3:GetBucketObjectLockConfiguration

    • s3:GetObjectLegalHold

    • s3:GetObjectRetention

    • s3:PutBucketObjectLockConfiguration

    • s3:PutObjectLegalHold

    • s3:PutObjectRetention

### Tasks
- [ ] #313 
- [ ] #327 
- [ ] #312 
- [ ] https://github.com/aquarist-labs/s3gw/issues/355
@jhmarina jhmarina added the kind/epic Umbrella issue for a group of related issues label Nov 22, 2022
@jhmarina jhmarina changed the title ⛰ Object lock (Epic) ⛰ Object locks (Epic) Dec 5, 2022
@giubacc giubacc self-assigned this Jan 12, 2023
@giubacc

This comment was marked as duplicate.

Sign in to view
@votdev votdev mentioned this issue Jan 13, 2023
Closed
giubacc referenced this issue in giubacc/ceph Jan 26, 2023
rgw/sfs: Object Lock - object retention
f880a34 
- work in progress

Fixes: https://github.com/aquarist-labs/s3gw/issues/228
Signed-off-by: Giuseppe Baccini <giuseppe.baccini@suse.com>
@giubacc giubacc mentioned this issue Jan 26, 2023
Merged
14 tasks
@votdev votdev mentioned this issue Mar 2, 2023
Closed
@jhmarina
Copy link
Contributor Author

Closing this Epic as it is marked as Done

@jhmarina jhmarina mentioned this issue Jun 7, 2023
Open
3 tasks
@jhmarina jhmarina changed the title ⛰ Object locks (Epic) Object lock (Epic) Jun 7, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@giubacc giubacc

Labels
kind/epic Umbrella issue for a group of related issues
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jhmarina @giubacc