Open alexvanin opened 2 years ago
Determine who can create legal holds
AWS allows create legal hold users that have s3:PutObjectLegalHold
persmission (it's related to revising ACL in s3-gw) https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectLegalHold.html. So we can either:
s3:PutObjectLegalHold
permission.service records
(if they will be introduced) in eACL. PoC of using the service records
can be found in this old draft PRTry hold containers, check if it plays nicely with S3 spec I don't see any appropriate S3 API method that can be used to hold the bucket/container. There is only one method to change legal hold PutObjectLegalHold and it's per object version. Besides the bucket cannot be deleted if it isn't empty. So it's strange to introduce method to hold bucket in AWS mind.
There is one option though. Using https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectLockConfiguration.html. We can extend body to accept param to hold bucket. But this will be incompatible with S3 protocol so I don't like it.
Is your feature request related to a problem? Please describe.
S3 protocol defines Object Lock legal hold operation. This operation locks object for indefinite period of time. This lock can be removed.
As we decided here, NeoFS locks cannot be removed and must have expiration, see https://github.com/nspcc-dev/neofs-api/pull/221. This is suitable for retention locks in compliance mode, but it does not work with legal holds.
Describe the solution you'd like
As we discussed this with @realloc some time ago, there was a proposal to implement legal holds as a smart contract. This way we avoid API changes.
Q: Who has the right to trigger legal hold? A: In public network -- nobody. In private network -- some set of keys defined in legal hold contract.
Q: How storage node stores legal hold information? A: In metabase. Maybe we can ask contract on every
DELETE
request.Q: What if metabase is lost in SN? A: Resync the list of legal hold objects from contract at startup.