Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents

...

Swarm Storage 12.0 or above must be running in order to use this feature because it relies on the Swarm lifepoints feature to prevent deletion of locked objects until a certain date has passed. Object locking is fully implemented starting with Gateway 7.6.

Whenever When an object gets is locked until a certain date, it gets obtains a deletable=no lifepoint protecting it from deletion until the date.

...

Introducing or extending a retention period is always possible, but there are restrictions to shortening or removing a retention period on an object already under retention:

  • In compliance mode this is never not permitted

  • In governance mode, the user needs to have the special BypassGovernanceRetention permission.
    Also, an S3 request must explicitly include x-amz-bypass-governance-retention:true as a request header with any request requiring overriding governance mode.

...

Differences Between S3 and Swarm's Implementation of Object Locking

In S3, a DELETE request results in a delete marker, shadowing the locked object version. Swarm's implementation deviates from this logic – it rejects any DELETE requests for indelible objects with an HTTP 403 Forbidden error.

Gateway checks if the object is locked when it gets a HTTP 403 Forbidden error from Swarm. Gateway simulates the S3 behavior creating a new (unlocked) object version, immediately followed by a DELETE, thus creating a delete marker.

For SCSP, use a configuration flag to pick the desired behavior:

...