use super::*;
impl BucketWarden {
pub fn set_legal_hold(
&mut self,
principal: &str,
bucket: &str,
key: &str,
enabled: bool,
) -> Result<(), RuntimeError> {
let resource = object_resource(bucket, key);
self.authorize(principal, S3Action::SetLegalHold, &resource)?;
self.current_version_mut(bucket, key)?
.lock
.set_legal_hold(enabled);
self.audit_allowed(
principal,
S3Action::SetLegalHold,
&resource,
Some(enabled.to_string()),
);
let version_id = self.current_version(bucket, key)?.version_id.clone();
self.emit_notification_event("s3:ObjectLock:LegalHoldUpdated", bucket, key, &version_id);
Ok(())
}
pub fn set_retention(
&mut self,
principal: &str,
bucket: &str,
key: &str,
mode: RetentionMode,
retain_until_epoch_seconds: u64,
bypass_governance: bool,
) -> Result<(), RuntimeError> {
let resource = object_resource(bucket, key);
self.authorize(principal, S3Action::SetRetention, &resource)?;
let version = self.current_version_mut(bucket, key)?;
version.lock.assert_retention_updatable(
mode,
retain_until_epoch_seconds,
bypass_governance,
)?;
version.lock.set_retention(mode, retain_until_epoch_seconds);
self.audit_allowed(
principal,
S3Action::SetRetention,
&resource,
Some(retain_until_epoch_seconds.to_string()),
);
let version_id = self.current_version(bucket, key)?.version_id.clone();
self.emit_notification_event("s3:ObjectLock:RetentionUpdated", bucket, key, &version_id);
Ok(())
}
}