Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents

...

A retention period can always be extended after it has been is set with the following steps:

...

Gateway refuses to enable object locking when versioning is not enabled. Gateway refuses to disable versioning once object locking is enabled. In both cases an error message is displayed.

Info

Administrators are advised against disabling versioning once object locking

has been

is enabled anywhere in the cluster

The ability to disable versioning at the cluster level via SNMP does not pass via Gateway so it cannot protect against disabling object locking in the cluster.
Administrators are advised against disabling versioning at the cluster level to avoid the risk of auto-deleting locked object versions after object locking has been is enabled in individual domains or buckets.

...

  • 412 Precondition Failed is displayed if the Swarm cluster does not support all features necessary to perform the operation.

  • 412 Precondition Failed is displayed if the bucket does not have versioning enabled.

  • 403 Forbidden if the user does not have the PutBucketObjectLocking permission.

...

The defaults can be modified or removed at any time via additional PUT commands. This does not affect the object locking status of the bucket – once it is enabled, it stays enabled.

Object Locking Cannot be Disabled After it

...

is Enabled

Info

Object locking cannot be disabled

Object locking cannot be disabled once enabled on a bucket.

...

Differences Between S3 and Swarm's Implementation of Object Locking

In S3, a DELETE request results in a delete marker, shadowing the locked object version. Swarm's implementation deviates from this logic – it rejects any DELETE requests for indelible objects with an HTTP 403 Forbidden error.

Gateway checks if the object is locked when it receives an HTTP 403 Forbidden error from Swarm. Gateway simulates the S3 behavior creating a new (unlocked) object version, immediately followed by a DELETE, thus creating a delete marker.

For SCSP, use a configuration flag to pick the desired behavior:

...

The following new policy actions related to object locking have been are introduced:

  • PutBucketObjectLocking: to enable/disable object locking on a bucket

  • GetBucketObjectLocking: to query bucket object locking status

  • PutObjectRetention: to set or extend object retention

  • GetObjectRetention: to query object retention

  • BypassGovernanceRetention: to shorten/remove a retention in governance mode

  • PutObjectLegalHold: to set/remove a legal hold

  • GetObjectLegalHold: to query legal hold

...