Thanks to visit codestin.com
Credit goes to github.com

Skip to content

S3: add validation around Retention Mode & consider COMPLIANCE when updating #12782

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

S3: add validation around Retention Mode & consider COMPLIANCE when updating #12782

wants to merge 3 commits into from

Conversation

bentsku
Copy link
Contributor

@bentsku bentsku commented Jun 20, 2025

Motivation

We got a report from a user that setting the Object Lock Mode to COMPLIANCE did not work. This ended up being a user misunderstanding about the behavior of Versioned buckets adding delete markers on top of versions, same as this post: https://repost.aws/questions/QUyamFMI7QQy2zmIkF_0IxwQ/s3-object-lock-in-compliance-mode-file-uploaded-thru-cli-file-properties-shows-compliance-mode-i-can-still-delete-it

However, while looking at the issue, I realized we didn't consider the COMPLIANCE value when trying to reduce or remove the effective locking on the object via PutObjectRetention, which this PR fixes.
I've also added validation around the Mode value

I've also added validation for the Lock Mode in operation where it is possible to pass it, like PutObject and CreateMultipartUpload.

Also added validation around behavior with missing values around object lock, which was wrong.

Changes

  • add tests for Mode validation and add that validation in the provider
  • add test for the COMPLIANCE value when trying to override existing object retention configuration
  • fix the behavior in PutObjectRetention
  • add test for direct passing of Object Lock values in operation that are creating objects (PutObject, etc)
  • fix behavior in util function to validate the Object lock values and update default value behavior when retention is configured on the bucket

@bentsku bentsku added this to the 4.6 milestone Jun 20, 2025
@bentsku bentsku self-assigned this Jun 20, 2025
@bentsku bentsku added aws:s3 Amazon Simple Storage Service semver: patch Non-breaking changes which can be included in patch releases labels Jun 20, 2025
@github-actions GitHub Actions
Copy link

S3 Image Test Results (AMD64 / ARM64)

    2 files    2 suites   8m 56s ⏱️
  508 tests 458 ✅  50 💤 0 ❌
1 016 runs  916 ✅ 100 💤 0 ❌

Results for commit efcaf8a.

@github-actions GitHub Actions
Copy link

Test Results - Preflight, Unit

21 635 tests  ±0   19 978 ✅ ±0   6m 29s ⏱️ +15s
     1 suites ±0    1 657 💤 ±0 
     1 files   ±0        0 ❌ ±0 

Results for commit efcaf8a. ± Comparison against base commit 6348947.

@bentsku bentsku marked this pull request as ready for review June 20, 2025 18:38
@bentsku bentsku requested a review from k-a-il June 20, 2025 18:38
@github-actions GitHub Actions
Copy link

Test Results (amd64) - Acceptance

7 tests  ±0   5 ✅ ±0   3m 12s ⏱️ +3s
1 suites ±0   2 💤 ±0 
1 files   ±0   0 ❌ ±0 

Results for commit efcaf8a. ± Comparison against base commit 6348947.

@github-actions GitHub Actions
Copy link

Test Results - Alternative Providers

988 tests   621 ✅  33m 50s ⏱️
  4 suites  367 💤
  4 files      0 ❌

Results for commit efcaf8a.

@github-actions GitHub Actions
Copy link

Test Results (amd64) - Integration, Bootstrap

    5 files      5 suites   1h 25m 13s ⏱️
2 250 tests 1 637 ✅ 613 💤 0 ❌
2 256 runs  1 637 ✅ 619 💤 0 ❌

Results for commit efcaf8a.

@github-actions GitHub Actions
Copy link

LocalStack Community integration with Pro

    2 files  ±    0      2 suites  ±0   1h 3m 53s ⏱️ - 39m 32s
2 226 tests  - 2 664  1 610 ✅  - 2 506  616 💤  - 158  0 ❌ ±0 
2 228 runs   - 2 664  1 610 ✅  - 2 506  618 💤  - 158  0 ❌ ±0 

Results for commit efcaf8a. ± Comparison against base commit 6348947.

This pull request removes 2666 and adds 2 tests. Note that renamed tests count towards both. 
tests.aws.scenario.bookstore.test_bookstore.TestBookstoreApplication ‑ test_lambda_dynamodb
tests.aws.scenario.bookstore.test_bookstore.TestBookstoreApplication ‑ test_opensearch_crud
tests.aws.scenario.bookstore.test_bookstore.TestBookstoreApplication ‑ test_search_books
tests.aws.scenario.bookstore.test_bookstore.TestBookstoreApplication ‑ test_setup
tests.aws.scenario.kinesis_firehose.test_kinesis_firehose.TestKinesisFirehoseScenario ‑ test_kinesis_firehose_s3
tests.aws.scenario.lambda_destination.test_lambda_destination_scenario.TestLambdaDestinationScenario ‑ test_destination_sns
tests.aws.scenario.lambda_destination.test_lambda_destination_scenario.TestLambdaDestinationScenario ‑ test_infra
tests.aws.scenario.loan_broker.test_loan_broker.TestLoanBrokerScenario ‑ test_prefill_dynamodb_table
tests.aws.scenario.loan_broker.test_loan_broker.TestLoanBrokerScenario ‑ test_stepfunctions_input_recipient_list[step_function_input0-SUCCEEDED]
tests.aws.scenario.loan_broker.test_loan_broker.TestLoanBrokerScenario ‑ test_stepfunctions_input_recipient_list[step_function_input1-SUCCEEDED]
…

tests.aws.services.s3.test_s3.TestS3ObjectLockRetention ‑ test_s3_object_lock_mode_validation
tests.aws.services.s3.test_s3.TestS3ObjectLockRetention ‑ test_s3_object_retention_compliance_mode

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@k-a-il k-a-il Awaiting requested review from k-a-il

Assignees

@bentsku bentsku

Labels
aws:s3 Amazon Simple Storage Service semver: patch Non-breaking changes which can be included in patch releases
Projects
None yet
Milestone
4.6
Development

Successfully merging this pull request may close these issues.
1 participant
@bentsku