feat(shell): add Object Lock management commands (#8141)
* feat(shell): add s3.bucket.lock command for Object Lock management Add new weed shell command to view and enable S3 Object Lock on existing buckets. This allows administrators to enable Object Lock without recreating buckets, which is useful when buckets already contain data. The command: - Shows current Object Lock and Versioning status - Enables Object Lock with -enable flag (irreversible, per AWS S3 spec) - Automatically enables Versioning if not already enabled (required for Object Lock) Usage: s3.bucket.lock -name <bucket> # view status s3.bucket.lock -name <bucket> -enable # enable Object Lock Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Andrei Kvapil <kvapss@gmail.com> * feat(shell): add -withLock flag to s3.bucket.create command Add support for creating buckets with Object Lock enabled directly from weed shell. The flag automatically enables versioning as required by Object Lock. Usage: s3.bucket.create -name mybucket -withLock Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Andrei Kvapil <kvapss@gmail.com> * Apply suggestion from @gemini-code-assist[bot] Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --------- Signed-off-by: Andrei Kvapil <kvapss@gmail.com> Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: Chris Lu <chrislusf@users.noreply.github.com> Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
This commit is contained in:
@@ -31,6 +31,7 @@ func (c *commandS3BucketCreate) Help() string {
|
||||
Example:
|
||||
s3.bucket.create -name <bucket_name>
|
||||
s3.bucket.create -name <bucket_name> -owner <identity_name>
|
||||
s3.bucket.create -name <bucket_name> -withLock
|
||||
|
||||
The -owner flag sets the bucket owner identity. This is important when using
|
||||
S3 IAM authentication, as non-admin users can only access buckets they own.
|
||||
@@ -39,6 +40,10 @@ func (c *commandS3BucketCreate) Help() string {
|
||||
|
||||
The -owner value should match the identity name configured in your S3 IAM
|
||||
system (the "name" field in s3.json identities configuration).
|
||||
|
||||
The -withLock flag enables S3 Object Lock on the bucket. This provides WORM
|
||||
(Write Once Read Many) protection for objects. Once enabled, Object Lock
|
||||
cannot be disabled. Versioning is automatically enabled when using this flag.
|
||||
`
|
||||
}
|
||||
|
||||
@@ -51,6 +56,7 @@ func (c *commandS3BucketCreate) Do(args []string, commandEnv *CommandEnv, writer
|
||||
bucketCommand := flag.NewFlagSet(c.Name(), flag.ContinueOnError)
|
||||
bucketName := bucketCommand.String("name", "", "bucket name")
|
||||
bucketOwner := bucketCommand.String("owner", "", "bucket owner identity name (for S3 IAM authentication)")
|
||||
withLock := bucketCommand.Bool("withLock", false, "enable Object Lock on the bucket (requires and enables versioning)")
|
||||
if err = bucketCommand.Parse(args); err != nil {
|
||||
return nil
|
||||
}
|
||||
@@ -95,6 +101,17 @@ func (c *commandS3BucketCreate) Do(args []string, commandEnv *CommandEnv, writer
|
||||
entry.Extended[s3_constants.AmzIdentityId] = []byte(owner)
|
||||
}
|
||||
|
||||
// Enable Object Lock if specified
|
||||
if *withLock {
|
||||
if entry.Extended == nil {
|
||||
entry.Extended = make(map[string][]byte)
|
||||
}
|
||||
// Enable versioning (required for Object Lock)
|
||||
entry.Extended[s3_constants.ExtVersioningKey] = []byte(s3_constants.VersioningEnabled)
|
||||
// Enable Object Lock
|
||||
entry.Extended[s3_constants.ExtObjectLockEnabledKey] = []byte(s3_constants.ObjectLockEnabled)
|
||||
}
|
||||
|
||||
if _, err := client.CreateEntry(context.Background(), &filer_pb.CreateEntryRequest{
|
||||
Directory: filerBucketsPath,
|
||||
Entry: entry,
|
||||
@@ -106,6 +123,10 @@ func (c *commandS3BucketCreate) Do(args []string, commandEnv *CommandEnv, writer
|
||||
if owner != "" {
|
||||
fmt.Fprintln(writer, "bucket owner:", owner)
|
||||
}
|
||||
if *withLock {
|
||||
fmt.Fprintln(writer, "Object Lock: enabled")
|
||||
fmt.Fprintln(writer, "Versioning: enabled")
|
||||
}
|
||||
|
||||
return nil
|
||||
|
||||
|
||||
Reference in New Issue
Block a user