Table of Contents | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|
|
...
Gateway refuses to enable object locking when versioning is not enabled. Gateway refuses to disable versioning once object locking is enabled. In both cases, an error message is displayed.
...
The user must have the PutBucketObjectLocking
permission to enable/disable object locking on a bucket. A user must have the GetBucketObjectLocking
permission to query the current object locking status.
The command to enable policy versioning on a bucket is:
Code Block |
---|
curl -i --location-trusted -XPUT --post301--data-binary '' -H "Policy-Versioning: enabled"
"http://<hostname>/<bucket-name>?domain=<domain-name>&replicate=immediate" |
See Enabling Policy Versioning for the Swarm Cluster to enable policy versioning from the UI.
Object Locking and Versioning Inheritance Rules
Versioning can :
Can be disabled for another bucket or domain in the cluster unrelated if a bucket in one domain has object locking (and therefore versioning) enabled.
Cannot be disabled at the bucket, domain, or cluster level if object locking (and versioning) is enabled at a bucket level.
Can be disabled for individual buckets if enabled at a domain level.
Can be disabled for individual domains and/or buckets if enabled at the cluster level.
It does not matter if versioning was enabled on the bucket itself, or whether it was inherited from cluster or domain level. Gateway refuses to disable versioning at the domain or bucket level if object locking is in effect anywhere within it.
...
Differences Between S3 and Swarm's Implementation of Object Locking
In S3, a DELETE request results in a delete marker, shadowing the locked object version. Swarm's implementation deviates from this logic – it rejects any DELETE
requests for indelible objects with an HTTP 403 Forbidden
error.
Gateway checks if the object is locked when it receives an HTTP 403 Forbidden
error from Swarm. Gateway simulates the S3 behavior creating a new (unlocked) object version, immediately followed by a DELETE
, thus creating a delete marker.
For SCSP, use a configuration flag to pick the desired behavior:
...