New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ilm: Handle DeleteAllVersions action differently for DEL markers #19481
Conversation
fe03a77
to
6c264d9
Compare
6c264d9
to
fe08325
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also don't forget to update docs/bucket/lifecycle
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Few comments
fe08325
to
ad2c1da
Compare
This feature may interact poorly with replication if replication is set up as active -> passive (read only DR). Depending on the duration of ilm expiry rule above - there is a chance that replication of non current versions is not complete. Either the docs needs to warn about this possibility or it needs to be addressed by verifying all underlying versions are in COMPLETED status. |
Another q - Since this op is doing a prefix delete, there may be a window between queuing and acting upon this expiry task where a new version can be uploaded for the same object. Seems like expiry task is not actually verifying that current Objectinfo is indeed the latest before proceeding Also, seems like if one or more versions in the stack is in tiered status, clean up will not be done |
Why is this limitation there? |
DelMarkerExpiration applies exclusively to DEL markers. Tag-based filtering doesn't apply to DEL markers, since they can't have tags. Similar restrictions are present in S3's lifecycle elements too. e.g,
(ref: https://docs.aws.amazon.com/AmazonS3/latest/userguide/lifecycle-configuration-examples.html; just above Example 8) |
👍🏼 It was also my impression that it doesn't make sense. So it isn't a limitation as such - just a natural consequence of delete markers not having tags. |
latest objectInfo() must be verified first and it is already.
|
while this checks the version id that qualified for ilm exists, it doesn't verify it is the latest version |
that we should add @krisis |
i.e this rule element doesn't apply for DEL markers. This is a breaking change to how ExpiredObejctDeleteAllVersions functions today. This is necessary to avoid the following highly probable footgun scenario in the future. Scenario: User uses tags based filtering to select the time to live(TTL) for an object. Application sometimes deletes objects too, making their latest version a DEL marker. Previous implementation skipped tag based filters if latest version was DEL marker, voiding the tag based TTL. User is surprised to find objects expired sooner than expected.
This ILM action removes all versions of an object if its latest version is a DEL marker. <DelMarkerObjectExpiration> <Days> 10 </Days> </DelMarkerObjectExpiration> 1. Applies only to objects whose, • latest version is a DEL marker. • satisfies the number of days criteria 2. Deletes all versions of this object 3. Associated rule can't have tag-based filtering Includes, - New bucket event type for deletion due to DelMarkerExpiration
ad2c1da
to
962fc9c
Compare
Good catch! I have addressed this. |
Community Contribution License
All community contributions in this pull request are licensed to the project maintainers
under the terms of the Apache 2 license.
By creating this pull request I represent that I have the right to license the
contributions to the project maintainers under the Apache 2 license.
Description
This PR brings about two changes, one adds a new lifecycle action,
DelMarkerExpiration
and another modifies the behavior of an existing lifecycle configuration element,ExpiredObjectDeleteAllVersions
.Companion PRs
Addition of
DelMarkerExpiration
This ILM action removes all versions of an object if its latest version is a DEL marker.
Applies only to objects whose,
Deletes all versions of this object
Associated rule can't have tag-based filtering
Modification to
ExpiredObjectDeleteAllVersions
Will apply only to objects whose latest version is not a DEL marker.
Motivation and Context
This is a breaking change to how ExpiredObejctDeleteAllVersions functions today. This is necessary to avoid the following highly probable footgun scenario in the future.
Scenario:
User uses tags based filtering to select the time to live(TTL) for an object. Application sometimes deletes objects too, making their latest version a DEL marker. Previous implementation skipped tag based filters if latest version was DEL marker, voiding the tag based TTL. User is surprised to find objects expired sooner than expected.
How to test this PR?
Types of changes
Checklist:
commit-id
orPR #
here)