Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
minLevel1
maxLevel2
outlinefalse
typelist
printablefalse

...

Gateway refuses to enable object locking when versioning is not enabled. Gateway refuses to disable versioning once object locking is enabled. In both cases, an error message is displayed.

...

The user must have the PutBucketObjectLocking permission to enable/disable object locking on a bucket. A user must have the GetBucketObjectLocking permission to query the current object locking status.

The command to enable policy versioning on a bucket is:

Code Block
curl -i --location-trusted -XPUT --post301--data-binary '' -H "Policy-Versioning: enabled"
"http://<hostname>/<bucket-name>?domain=<domain-name>&replicate=immediate"

See Enabling Policy Versioning for the Swarm Cluster to enable policy versioning from the UI.

Object Locking and Versioning Inheritance Rules

Versioning can :

  • Can be disabled for another bucket or domain in the cluster unrelated if a bucket in one domain has object locking (and therefore versioning) enabled.

  • Cannot be disabled at the bucket, domain, or cluster level if object locking (and versioning) is enabled at a bucket level.

  • Can be disabled for individual buckets if enabled at a domain level.

  • Can be disabled for individual domains and/or buckets if enabled at the cluster level.

It does not matter if versioning was enabled on the bucket itself, or whether it was inherited from cluster or domain level. Gateway refuses to disable versioning at the domain or bucket level if object locking is in effect anywhere within it.

...

Differences Between S3 and Swarm's Implementation of Object Locking

In S3, a DELETE request results in a delete marker, shadowing the locked object version. Swarm's implementation deviates from this logic – it rejects any DELETE requests for indelible objects with an HTTP 403 Forbidden error.

Gateway checks if the object is locked when it receives an HTTP 403 Forbidden error from Swarm. Gateway simulates the S3 behavior creating a new (unlocked) object version, immediately followed by a DELETE, thus creating a delete marker.

For SCSP, use a configuration flag to pick the desired behavior:

...