Fix error on deleting non-empty bucket (#8376)

* Move check for non-empty bucket deletion out of `WithFilerClient` call * Added proper checking if a bucket has "user" objects
2026-02-20 07:56:50 +01:00
parent 36c469e34e
commit 2f837c4780
3 changed files with 95 additions and 22 deletions
--- a/.github/workflows/s3-example-integration-tests.yml
+++ b/.github/workflows/s3-example-integration-tests.yml
@@ -39,6 +39,14 @@ jobs:
          echo "=== Running S3 Integration Tests ==="
          go test -v -timeout=60s -run TestS3Integration ./...
      - name: Run S3 DeleteBucketNotEmpty Tests
        timeout-minutes: 15
        working-directory: test/s3/normal
        run: |
          set -x
          echo "=== Running S3 DeleteBucketNotEmpty Tests ==="
          go test -v -timeout=60s -run TestS3DeleteBucketNotEmpty ./...
      - name: Run IAM Integration Tests
        timeout-minutes: 15
        working-directory: test/s3/normal
--- a/test/s3/normal/s3_integration_test.go
+++ b/test/s3/normal/s3_integration_test.go
@@ -116,8 +116,9 @@ func findAvailablePort() (int, error) {
 	return addr.Port, nil
 }
-// startMiniCluster starts a weed mini instance directly without exec
+// startMiniCluster starts a weed mini instance directly without exec.
-func startMiniCluster(t *testing.T) (*TestCluster, error) {
+// Extra flags (e.g. "-s3.allowDeleteBucketNotEmpty=false") can be appended via extraArgs.
 func startMiniCluster(t *testing.T, extraArgs ...string) (*TestCluster, error) {
 	// Find available ports
 	masterPort, err := findAvailablePort()
 	if err != nil {
@@ -192,7 +193,7 @@ func startMiniCluster(t *testing.T) (*TestCluster, error) {
 		// Configure args for mini command
 		// Note: When running via 'go test', os.Args[0] is the test binary
 		// We need to make it look like we're running 'weed mini'
-		os.Args = []string{
+		os.Args = append([]string{
 			"weed",
 			"-dir=" + testDir,
 			"-master.port=" + strconv.Itoa(masterPort),
@@ -205,7 +206,7 @@ func startMiniCluster(t *testing.T) (*TestCluster, error) {
 			"-ip=127.0.0.1",
 			"-master.peers=none",     // Faster startup
 			"-s3.iam.readOnly=false", // Enable IAM write operations for tests
-		}
+		}, extraArgs...)
 		// Suppress most logging during tests
 		glog.MaxSize = 1024 * 1024
@@ -779,6 +780,49 @@ func testDeleteBucket(t *testing.T, cluster *TestCluster) {
 	t.Logf("✓ Deleted bucket: %s", bucketName)
 }
 func TestS3DeleteBucketNotEmpty(t *testing.T) {
 	if testing.Short() {
 		t.Skip("Skipping integration test in short mode")
 	}
 	cluster, err := startMiniCluster(t, "-s3.allowDeleteBucketNotEmpty=false")
 	require.NoError(t, err)
 	defer cluster.Stop()
 	t.Run("DeleteNonEmptyBucketFails", func(t *testing.T) {
 		bucketName := createTestBucket(t, cluster, "test-notempty-")
 		objectKey := "keep-me.txt"
 		// Put an object so the bucket is non-empty
 		_, err := cluster.s3Client.PutObject(&s3.PutObjectInput{
 			Bucket: aws.String(bucketName),
 			Key:    aws.String(objectKey),
 			Body:   bytes.NewReader([]byte("data")),
 		})
 		require.NoError(t, err)
 		// Attempt to delete the non-empty bucket — must fail with BucketNotEmpty (409)
 		_, err = cluster.s3Client.DeleteBucket(&s3.DeleteBucketInput{
 			Bucket: aws.String(bucketName),
 		})
 		require.Error(t, err, "deleting a non-empty bucket should fail")
 		var awsErr awserr.Error
 		require.ErrorAs(t, err, &awsErr)
 		assert.Equal(t, "BucketNotEmpty", awsErr.Code(),
 			"expected BucketNotEmpty error code, got %s: %s", awsErr.Code(), awsErr.Message())
 	})
 	t.Run("DeleteEmptyBucketSucceeds", func(t *testing.T) {
 		bucketName := createTestBucket(t, cluster, "test-empty-")
 		// Delete the empty bucket — should succeed even with the flag
 		_, err := cluster.s3Client.DeleteBucket(&s3.DeleteBucketInput{
 			Bucket: aws.String(bucketName),
 		})
 		require.NoError(t, err, "deleting an empty bucket should succeed")
 	})
 }
 // randomString generates a random string for unique naming
 func randomString(length int) string {
 	const charset = "abcdefghijklmnopqrstuvwxyz0123456789"
--- a/weed/s3api/s3api_bucket_handlers.go
+++ b/weed/s3api/s3api_bucket_handlers.go
@@ -371,20 +371,18 @@ func (s3a *S3ApiServer) DeleteBucketHandler(w http.ResponseWriter, r *http.Reque
 		}
 	}
-	err := s3a.WithFilerClient(false, func(client filer_pb.SeaweedFilerClient) error {
+	if !s3a.option.AllowDeleteBucketNotEmpty {
-		if !s3a.option.AllowDeleteBucketNotEmpty {
+		if hasUserObjects, err := s3a.bucketHasUserObjects(bucket); err != nil {
-			entries, _, err := s3a.list(s3a.option.BucketsPath+"/"+bucket, "", "", false, 2)
+			glog.Errorf("failed to list bucket %s: %v", bucket, err)
-			if err != nil {
+			s3err.WriteErrorResponse(w, r, s3err.ErrInternalError)
-				return fmt.Errorf("failed to list bucket %s: %v", bucket, err)
+			return
-			}
+		} else if hasUserObjects {
-			for _, entry := range entries {
+			s3err.WriteErrorResponse(w, r, s3err.ErrBucketNotEmpty)
-				// Allow bucket deletion if only special directories remain
+			return
 				if entry.Name != s3_constants.MultipartUploadsFolder &&
 					!strings.HasSuffix(entry.Name, s3_constants.VersionsFolder) {
 					return errors.New(s3err.GetAPIError(s3err.ErrBucketNotEmpty).Code)
 				}
 			}
 		}
 	}
 	err := s3a.WithFilerClient(false, func(client filer_pb.SeaweedFilerClient) error {
 		// delete collection
 		deleteCollectionRequest := &filer_pb.DeleteCollectionRequest{
@@ -400,11 +398,7 @@ func (s3a *S3ApiServer) DeleteBucketHandler(w http.ResponseWriter, r *http.Reque
 	})
 	if err != nil {
-		s3ErrorCode := s3err.ErrInternalError
+		s3err.WriteErrorResponse(w, r, s3err.ErrInternalError)
 		if err.Error() == s3err.GetAPIError(s3err.ErrBucketNotEmpty).Code {
 			s3ErrorCode = s3err.ErrBucketNotEmpty
 		}
 		s3err.WriteErrorResponse(w, r, s3ErrorCode)
 		return
 	}
@@ -421,6 +415,33 @@ func (s3a *S3ApiServer) DeleteBucketHandler(w http.ResponseWriter, r *http.Reque
 	s3err.WriteEmptyResponse(w, r, http.StatusNoContent)
 }
 // bucketHasUserObjects checks whether a bucket contains any non-special entries.
 // Special entries (.uploads, *.versions) are internal to S3 and don't count as user objects.
 func (s3a *S3ApiServer) bucketHasUserObjects(bucket string) (bool, error) {
 	bucketPath := s3a.option.BucketsPath + "/" + bucket
 	startFrom := ""
 	// Start with a small batch — most non-empty buckets have a real object early.
 	// If we only find special entries, switch to larger batches to page through quickly.
 	limit := uint32(10)
 	for {
 		entries, isLast, err := s3a.list(bucketPath, "", startFrom, false, limit)
 		if err != nil {
 			return false, err
 		}
 		for _, entry := range entries {
 			if entry.Name != s3_constants.MultipartUploadsFolder &&
 				!strings.HasSuffix(entry.Name, s3_constants.VersionsFolder) {
 				return true, nil
 			}
 			startFrom = entry.Name
 		}
 		if isLast {
 			return false, nil
 		}
 		limit = 1000
 	}
 }
 // hasObjectsWithActiveLocks checks if any objects in the bucket have active retention or legal hold
 // Delegates to the shared HasObjectsWithActiveLocks function in object_lock_utils.go
 func (s3a *S3ApiServer) hasObjectsWithActiveLocks(ctx context.Context, bucket string) (bool, error) {