Skip to main content

Module object_lock

s4_server

Module object_lock 

Source
Expand description

Object Lock (WORM) enforcement layer (v0.5 #30).

AWS S3 Object Lock holds objects in a “Write Once Read Many” state by attaching a retention configuration (mode + retain-until date) and/or a legal hold flag to each version. While locked, DELETE / overwrite must be refused with HTTP 403 AccessDenied. Two retention modes exist:

  • Governance — a privileged caller can override the lock by sending x-amz-bypass-governance-retention: true (paired in real AWS with the s3:BypassGovernanceRetention IAM permission; in S4 we honour the header alone because policy gating is the operator’s responsibility).
  • Compliance — never overridable until the retain-until date has passed. Even root/admin cannot delete, including via the bypass header.

Legal hold is independent of either mode: while legal_hold_on == true the object is locked, regardless of retain-until / mode. Setting it back to false is permitted at any time.

§scope (v0.5 #30)

  • in-memory only (single-instance scope) with optional JSON snapshot for restart-recoverable state — same shape as versioning.rs’s --versioning-state-file.
  • per-object lock state is keyed by (bucket, key) — version-id granular locking is deferred (current behaviour: a lock on a key blocks DELETE regardless of version-id; v0.6+ may attach state per (bucket, key, version-id) to mirror AWS exactly).
  • per-bucket default config, when set, auto-applies to new objects on PUT (existing key with state already present is left alone).

Structs§

BucketObjectLockDefault
Per-bucket default retention. Applied automatically to new objects on PUT (only when no explicit per-object retention was supplied and no state already exists for the (bucket, key)).
ObjectLockManager
Top-level manager. Owns per-(bucket, key) lock state and per-bucket default configuration. All read / write operations go through RwLock for thread safety; clones are cheap (Arc<ObjectLockManager> is the expected handle shape).
ObjectLockState
Per-object lock state. All fields are optional so a “legal hold only” state (mode = None, retain_until = None, legal_hold_on = true) is representable, matching S3 semantics where a legal hold can exist without any retention.

Enums§

LockMode
Retention mode for an object lock. Mirrors AWS S3 (GOVERNANCE / COMPLIANCE).