diff --git a/weed/s3api/s3api_bucket_handlers_object_lock_config.go b/weed/s3api/s3api_bucket_handlers_object_lock_config.go
new file mode 100644
index 000000000..ddfa0ee0f
--- /dev/null
+++ b/weed/s3api/s3api_bucket_handlers_object_lock_config.go
@@ -0,0 +1,132 @@
+package s3api
+
+import (
+ "encoding/xml"
+ "net/http"
+
+ "github.com/seaweedfs/seaweedfs/weed/glog"
+ "github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants"
+ "github.com/seaweedfs/seaweedfs/weed/s3api/s3err"
+ stats_collect "github.com/seaweedfs/seaweedfs/weed/stats"
+)
+
+// PutObjectLockConfigurationHandler Put object Lock configuration
+// https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectLockConfiguration.html
+func (s3a *S3ApiServer) PutObjectLockConfigurationHandler(w http.ResponseWriter, r *http.Request) {
+ bucket, _ := s3_constants.GetBucketAndObject(r)
+ glog.V(3).Infof("PutObjectLockConfigurationHandler %s", bucket)
+
+ // Check if Object Lock is available for this bucket (requires versioning)
+ if !s3a.handleObjectLockAvailabilityCheck(w, r, bucket, "PutObjectLockConfigurationHandler") {
+ return
+ }
+
+ // Parse object lock configuration from request body
+ config, err := parseObjectLockConfiguration(r)
+ if err != nil {
+ glog.Errorf("PutObjectLockConfigurationHandler: failed to parse object lock config: %v", err)
+ s3err.WriteErrorResponse(w, r, s3err.ErrMalformedXML)
+ return
+ }
+
+ // Validate object lock configuration
+ if err := validateObjectLockConfiguration(config); err != nil {
+ glog.Errorf("PutObjectLockConfigurationHandler: invalid object lock config: %v", err)
+ s3err.WriteErrorResponse(w, r, s3err.ErrInvalidRequest)
+ return
+ }
+
+ // Set object lock configuration on the bucket
+ errCode := s3a.updateBucketConfig(bucket, func(bucketConfig *BucketConfig) error {
+ // Set the cached Object Lock configuration
+ bucketConfig.ObjectLockConfig = config
+ return nil
+ })
+
+ if errCode != s3err.ErrNone {
+ glog.Errorf("PutObjectLockConfigurationHandler: failed to set object lock config: %v", errCode)
+ s3err.WriteErrorResponse(w, r, errCode)
+ return
+ }
+
+ // Record metrics
+ stats_collect.RecordBucketActiveTime(bucket)
+
+ // Return success (HTTP 200 with no body)
+ w.WriteHeader(http.StatusOK)
+ glog.V(3).Infof("PutObjectLockConfigurationHandler: successfully set object lock config for %s", bucket)
+}
+
+// GetObjectLockConfigurationHandler Get object Lock configuration
+// https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectLockConfiguration.html
+func (s3a *S3ApiServer) GetObjectLockConfigurationHandler(w http.ResponseWriter, r *http.Request) {
+ bucket, _ := s3_constants.GetBucketAndObject(r)
+ glog.V(3).Infof("GetObjectLockConfigurationHandler %s", bucket)
+
+ // Get bucket configuration
+ bucketConfig, errCode := s3a.getBucketConfig(bucket)
+ if errCode != s3err.ErrNone {
+ glog.Errorf("GetObjectLockConfigurationHandler: failed to get bucket config: %v", errCode)
+ s3err.WriteErrorResponse(w, r, errCode)
+ return
+ }
+
+ var configXML []byte
+
+ // Check if we have cached Object Lock configuration
+ if bucketConfig.ObjectLockConfig != nil {
+ // Use cached configuration and marshal it to XML for response
+ configXML, err := xml.Marshal(bucketConfig.ObjectLockConfig)
+ if err != nil {
+ glog.Errorf("GetObjectLockConfigurationHandler: failed to marshal cached Object Lock config: %v", err)
+ s3err.WriteErrorResponse(w, r, s3err.ErrInternalError)
+ return
+ }
+
+ // Write XML response
+ w.Header().Set("Content-Type", "application/xml")
+ w.WriteHeader(http.StatusOK)
+ w.Write(configXML)
+ glog.V(3).Infof("GetObjectLockConfigurationHandler: successfully retrieved cached object lock config for %s", bucket)
+ return
+ }
+
+ // Fallback: check for legacy storage in extended attributes
+ if bucketConfig.Entry.Extended != nil {
+ // Check if Object Lock is enabled via boolean flag
+ if enabledBytes, exists := bucketConfig.Entry.Extended[s3_constants.ExtObjectLockEnabledKey]; exists {
+ enabled := string(enabledBytes)
+ if enabled == s3_constants.ObjectLockEnabled || enabled == "true" {
+ // Generate minimal XML configuration for enabled Object Lock without retention policies
+ minimalConfig := `Enabled`
+ configXML = []byte(minimalConfig)
+ }
+ }
+ }
+
+ // If no Object Lock configuration found, return error
+ if len(configXML) == 0 {
+ s3err.WriteErrorResponse(w, r, s3err.ErrNoSuchObjectLockConfiguration)
+ return
+ }
+
+ // Set response headers
+ w.Header().Set("Content-Type", "application/xml")
+ w.WriteHeader(http.StatusOK)
+
+ // Write XML response
+ if _, err := w.Write([]byte(xml.Header)); err != nil {
+ glog.Errorf("GetObjectLockConfigurationHandler: failed to write XML header: %v", err)
+ return
+ }
+
+ if _, err := w.Write(configXML); err != nil {
+ glog.Errorf("GetObjectLockConfigurationHandler: failed to write config XML: %v", err)
+ return
+ }
+
+ // Record metrics
+ stats_collect.RecordBucketActiveTime(bucket)
+
+ glog.V(3).Infof("GetObjectLockConfigurationHandler: successfully retrieved object lock config for %s", bucket)
+}
diff --git a/weed/s3api/s3api_object_handlers_legal_hold.go b/weed/s3api/s3api_object_handlers_legal_hold.go
new file mode 100644
index 000000000..9cf523477
--- /dev/null
+++ b/weed/s3api/s3api_object_handlers_legal_hold.go
@@ -0,0 +1,126 @@
+package s3api
+
+import (
+ "encoding/xml"
+ "errors"
+ "net/http"
+
+ "github.com/seaweedfs/seaweedfs/weed/glog"
+ "github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants"
+ "github.com/seaweedfs/seaweedfs/weed/s3api/s3err"
+ stats_collect "github.com/seaweedfs/seaweedfs/weed/stats"
+)
+
+// PutObjectLegalHoldHandler Put object Legal Hold
+// https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectLegalHold.html
+func (s3a *S3ApiServer) PutObjectLegalHoldHandler(w http.ResponseWriter, r *http.Request) {
+ bucket, object := s3_constants.GetBucketAndObject(r)
+ glog.V(3).Infof("PutObjectLegalHoldHandler %s %s", bucket, object)
+
+ // Check if Object Lock is available for this bucket (requires versioning)
+ if !s3a.handleObjectLockAvailabilityCheck(w, r, bucket, "PutObjectLegalHoldHandler") {
+ return
+ }
+
+ // Get version ID from query parameters
+ versionId := r.URL.Query().Get("versionId")
+
+ // Parse legal hold configuration from request body
+ legalHold, err := parseObjectLegalHold(r)
+ if err != nil {
+ glog.Errorf("PutObjectLegalHoldHandler: failed to parse legal hold config: %v", err)
+ s3err.WriteErrorResponse(w, r, s3err.ErrMalformedXML)
+ return
+ }
+
+ // Validate legal hold configuration
+ if err := validateLegalHold(legalHold); err != nil {
+ glog.Errorf("PutObjectLegalHoldHandler: invalid legal hold config: %v", err)
+ s3err.WriteErrorResponse(w, r, s3err.ErrInvalidRequest)
+ return
+ }
+
+ // Set legal hold on the object
+ if err := s3a.setObjectLegalHold(bucket, object, versionId, legalHold); err != nil {
+ glog.Errorf("PutObjectLegalHoldHandler: failed to set legal hold: %v", err)
+
+ // Handle specific error cases
+ if errors.Is(err, ErrObjectNotFound) || errors.Is(err, ErrVersionNotFound) {
+ s3err.WriteErrorResponse(w, r, s3err.ErrNoSuchKey)
+ return
+ }
+
+ s3err.WriteErrorResponse(w, r, s3err.ErrInternalError)
+ return
+ }
+
+ // Record metrics
+ stats_collect.RecordBucketActiveTime(bucket)
+
+ // Return success (HTTP 200 with no body)
+ w.WriteHeader(http.StatusOK)
+ glog.V(3).Infof("PutObjectLegalHoldHandler: successfully set legal hold for %s/%s", bucket, object)
+}
+
+// GetObjectLegalHoldHandler Get object Legal Hold
+// https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectLegalHold.html
+func (s3a *S3ApiServer) GetObjectLegalHoldHandler(w http.ResponseWriter, r *http.Request) {
+ bucket, object := s3_constants.GetBucketAndObject(r)
+ glog.V(3).Infof("GetObjectLegalHoldHandler %s %s", bucket, object)
+
+ // Check if Object Lock is available for this bucket (requires versioning)
+ if !s3a.handleObjectLockAvailabilityCheck(w, r, bucket, "GetObjectLegalHoldHandler") {
+ return
+ }
+
+ // Get version ID from query parameters
+ versionId := r.URL.Query().Get("versionId")
+
+ // Get legal hold configuration for the object
+ legalHold, err := s3a.getObjectLegalHold(bucket, object, versionId)
+ if err != nil {
+ glog.Errorf("GetObjectLegalHoldHandler: failed to get legal hold: %v", err)
+
+ // Handle specific error cases
+ if errors.Is(err, ErrObjectNotFound) || errors.Is(err, ErrVersionNotFound) {
+ s3err.WriteErrorResponse(w, r, s3err.ErrNoSuchKey)
+ return
+ }
+
+ if errors.Is(err, ErrNoLegalHoldConfiguration) {
+ s3err.WriteErrorResponse(w, r, s3err.ErrNoSuchObjectLegalHold)
+ return
+ }
+
+ s3err.WriteErrorResponse(w, r, s3err.ErrInternalError)
+ return
+ }
+
+ // Marshal legal hold configuration to XML
+ legalHoldXML, err := xml.Marshal(legalHold)
+ if err != nil {
+ glog.Errorf("GetObjectLegalHoldHandler: failed to marshal legal hold: %v", err)
+ s3err.WriteErrorResponse(w, r, s3err.ErrInternalError)
+ return
+ }
+
+ // Set response headers
+ w.Header().Set("Content-Type", "application/xml")
+ w.WriteHeader(http.StatusOK)
+
+ // Write XML response
+ if _, err := w.Write([]byte(xml.Header)); err != nil {
+ glog.Errorf("GetObjectLegalHoldHandler: failed to write XML header: %v", err)
+ return
+ }
+
+ if _, err := w.Write(legalHoldXML); err != nil {
+ glog.Errorf("GetObjectLegalHoldHandler: failed to write legal hold XML: %v", err)
+ return
+ }
+
+ // Record metrics
+ stats_collect.RecordBucketActiveTime(bucket)
+
+ glog.V(3).Infof("GetObjectLegalHoldHandler: successfully retrieved legal hold for %s/%s", bucket, object)
+}
diff --git a/weed/s3api/s3api_object_handlers_retention.go b/weed/s3api/s3api_object_handlers_retention.go
index 54059cdd9..a419b469e 100644
--- a/weed/s3api/s3api_object_handlers_retention.go
+++ b/weed/s3api/s3api_object_handlers_retention.go
@@ -132,238 +132,3 @@ func (s3a *S3ApiServer) GetObjectRetentionHandler(w http.ResponseWriter, r *http
glog.V(3).Infof("GetObjectRetentionHandler: successfully retrieved retention for %s/%s", bucket, object)
}
-
-// PutObjectLegalHoldHandler Put object Legal Hold
-// https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectLegalHold.html
-func (s3a *S3ApiServer) PutObjectLegalHoldHandler(w http.ResponseWriter, r *http.Request) {
- bucket, object := s3_constants.GetBucketAndObject(r)
- glog.V(3).Infof("PutObjectLegalHoldHandler %s %s", bucket, object)
-
- // Check if Object Lock is available for this bucket (requires versioning)
- if !s3a.handleObjectLockAvailabilityCheck(w, r, bucket, "PutObjectLegalHoldHandler") {
- return
- }
-
- // Get version ID from query parameters
- versionId := r.URL.Query().Get("versionId")
-
- // Parse legal hold configuration from request body
- legalHold, err := parseObjectLegalHold(r)
- if err != nil {
- glog.Errorf("PutObjectLegalHoldHandler: failed to parse legal hold config: %v", err)
- s3err.WriteErrorResponse(w, r, s3err.ErrMalformedXML)
- return
- }
-
- // Validate legal hold configuration
- if err := validateLegalHold(legalHold); err != nil {
- glog.Errorf("PutObjectLegalHoldHandler: invalid legal hold config: %v", err)
- s3err.WriteErrorResponse(w, r, s3err.ErrInvalidRequest)
- return
- }
-
- // Set legal hold on the object
- if err := s3a.setObjectLegalHold(bucket, object, versionId, legalHold); err != nil {
- glog.Errorf("PutObjectLegalHoldHandler: failed to set legal hold: %v", err)
-
- // Handle specific error cases
- if errors.Is(err, ErrObjectNotFound) || errors.Is(err, ErrVersionNotFound) {
- s3err.WriteErrorResponse(w, r, s3err.ErrNoSuchKey)
- return
- }
-
- s3err.WriteErrorResponse(w, r, s3err.ErrInternalError)
- return
- }
-
- // Record metrics
- stats_collect.RecordBucketActiveTime(bucket)
-
- // Return success (HTTP 200 with no body)
- w.WriteHeader(http.StatusOK)
- glog.V(3).Infof("PutObjectLegalHoldHandler: successfully set legal hold for %s/%s", bucket, object)
-}
-
-// GetObjectLegalHoldHandler Get object Legal Hold
-// https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectLegalHold.html
-func (s3a *S3ApiServer) GetObjectLegalHoldHandler(w http.ResponseWriter, r *http.Request) {
- bucket, object := s3_constants.GetBucketAndObject(r)
- glog.V(3).Infof("GetObjectLegalHoldHandler %s %s", bucket, object)
-
- // Check if Object Lock is available for this bucket (requires versioning)
- if !s3a.handleObjectLockAvailabilityCheck(w, r, bucket, "GetObjectLegalHoldHandler") {
- return
- }
-
- // Get version ID from query parameters
- versionId := r.URL.Query().Get("versionId")
-
- // Get legal hold configuration for the object
- legalHold, err := s3a.getObjectLegalHold(bucket, object, versionId)
- if err != nil {
- glog.Errorf("GetObjectLegalHoldHandler: failed to get legal hold: %v", err)
-
- // Handle specific error cases
- if errors.Is(err, ErrObjectNotFound) || errors.Is(err, ErrVersionNotFound) {
- s3err.WriteErrorResponse(w, r, s3err.ErrNoSuchKey)
- return
- }
-
- if errors.Is(err, ErrNoLegalHoldConfiguration) {
- s3err.WriteErrorResponse(w, r, s3err.ErrNoSuchObjectLegalHold)
- return
- }
-
- s3err.WriteErrorResponse(w, r, s3err.ErrInternalError)
- return
- }
-
- // Marshal legal hold configuration to XML
- legalHoldXML, err := xml.Marshal(legalHold)
- if err != nil {
- glog.Errorf("GetObjectLegalHoldHandler: failed to marshal legal hold: %v", err)
- s3err.WriteErrorResponse(w, r, s3err.ErrInternalError)
- return
- }
-
- // Set response headers
- w.Header().Set("Content-Type", "application/xml")
- w.WriteHeader(http.StatusOK)
-
- // Write XML response
- if _, err := w.Write([]byte(xml.Header)); err != nil {
- glog.Errorf("GetObjectLegalHoldHandler: failed to write XML header: %v", err)
- return
- }
-
- if _, err := w.Write(legalHoldXML); err != nil {
- glog.Errorf("GetObjectLegalHoldHandler: failed to write legal hold XML: %v", err)
- return
- }
-
- // Record metrics
- stats_collect.RecordBucketActiveTime(bucket)
-
- glog.V(3).Infof("GetObjectLegalHoldHandler: successfully retrieved legal hold for %s/%s", bucket, object)
-}
-
-// PutObjectLockConfigurationHandler Put object Lock configuration
-// https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectLockConfiguration.html
-func (s3a *S3ApiServer) PutObjectLockConfigurationHandler(w http.ResponseWriter, r *http.Request) {
- bucket, _ := s3_constants.GetBucketAndObject(r)
- glog.V(3).Infof("PutObjectLockConfigurationHandler %s", bucket)
-
- // Check if Object Lock is available for this bucket (requires versioning)
- if !s3a.handleObjectLockAvailabilityCheck(w, r, bucket, "PutObjectLockConfigurationHandler") {
- return
- }
-
- // Parse object lock configuration from request body
- config, err := parseObjectLockConfiguration(r)
- if err != nil {
- glog.Errorf("PutObjectLockConfigurationHandler: failed to parse object lock config: %v", err)
- s3err.WriteErrorResponse(w, r, s3err.ErrMalformedXML)
- return
- }
-
- // Validate object lock configuration
- if err := validateObjectLockConfiguration(config); err != nil {
- glog.Errorf("PutObjectLockConfigurationHandler: invalid object lock config: %v", err)
- s3err.WriteErrorResponse(w, r, s3err.ErrInvalidRequest)
- return
- }
-
- // Set object lock configuration on the bucket
- errCode := s3a.updateBucketConfig(bucket, func(bucketConfig *BucketConfig) error {
- // Set the cached Object Lock configuration
- bucketConfig.ObjectLockConfig = config
- return nil
- })
-
- if errCode != s3err.ErrNone {
- glog.Errorf("PutObjectLockConfigurationHandler: failed to set object lock config: %v", errCode)
- s3err.WriteErrorResponse(w, r, errCode)
- return
- }
-
- // Record metrics
- stats_collect.RecordBucketActiveTime(bucket)
-
- // Return success (HTTP 200 with no body)
- w.WriteHeader(http.StatusOK)
- glog.V(3).Infof("PutObjectLockConfigurationHandler: successfully set object lock config for %s", bucket)
-}
-
-// GetObjectLockConfigurationHandler Get object Lock configuration
-// https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectLockConfiguration.html
-func (s3a *S3ApiServer) GetObjectLockConfigurationHandler(w http.ResponseWriter, r *http.Request) {
- bucket, _ := s3_constants.GetBucketAndObject(r)
- glog.V(3).Infof("GetObjectLockConfigurationHandler %s", bucket)
-
- // Get bucket configuration
- bucketConfig, errCode := s3a.getBucketConfig(bucket)
- if errCode != s3err.ErrNone {
- glog.Errorf("GetObjectLockConfigurationHandler: failed to get bucket config: %v", errCode)
- s3err.WriteErrorResponse(w, r, errCode)
- return
- }
-
- var configXML []byte
-
- // Check if we have cached Object Lock configuration
- if bucketConfig.ObjectLockConfig != nil {
- // Use cached configuration and marshal it to XML for response
- configXML, err := xml.Marshal(bucketConfig.ObjectLockConfig)
- if err != nil {
- glog.Errorf("GetObjectLockConfigurationHandler: failed to marshal cached Object Lock config: %v", err)
- s3err.WriteErrorResponse(w, r, s3err.ErrInternalError)
- return
- }
-
- // Write XML response
- w.Header().Set("Content-Type", "application/xml")
- w.WriteHeader(http.StatusOK)
- w.Write(configXML)
- glog.V(3).Infof("GetObjectLockConfigurationHandler: successfully retrieved cached object lock config for %s", bucket)
- return
- }
-
- // Fallback: check for legacy storage in extended attributes
- if bucketConfig.Entry.Extended != nil {
- // Check if Object Lock is enabled via boolean flag
- if enabledBytes, exists := bucketConfig.Entry.Extended[s3_constants.ExtObjectLockEnabledKey]; exists {
- enabled := string(enabledBytes)
- if enabled == s3_constants.ObjectLockEnabled || enabled == "true" {
- // Generate minimal XML configuration for enabled Object Lock without retention policies
- minimalConfig := `Enabled`
- configXML = []byte(minimalConfig)
- }
- }
- }
-
- // If no Object Lock configuration found, return error
- if len(configXML) == 0 {
- s3err.WriteErrorResponse(w, r, s3err.ErrNoSuchObjectLockConfiguration)
- return
- }
-
- // Set response headers
- w.Header().Set("Content-Type", "application/xml")
- w.WriteHeader(http.StatusOK)
-
- // Write XML response
- if _, err := w.Write([]byte(xml.Header)); err != nil {
- glog.Errorf("GetObjectLockConfigurationHandler: failed to write XML header: %v", err)
- return
- }
-
- if _, err := w.Write(configXML); err != nil {
- glog.Errorf("GetObjectLockConfigurationHandler: failed to write config XML: %v", err)
- return
- }
-
- // Record metrics
- stats_collect.RecordBucketActiveTime(bucket)
-
- glog.V(3).Infof("GetObjectLockConfigurationHandler: successfully retrieved object lock config for %s", bucket)
-}