Mirror
/
seaweedfs
mirror of https://github.com/seaweedfs/seaweedfs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

s3api: skip object lock check for buckets without object lock 

Optimize DELETE and PUT operations by skipping the object lock
protection check for buckets that don't have object lock enabled.

Previously, enforceObjectLockProtections was always called, which
performed an expensive entry lookup even for buckets without object lock.

This optimization:
- Adds isObjectLockEnabled() helper that uses cached bucket config
- Skips enforceObjectLockProtections for buckets without object lock
- Applies to both versioned and non-versioned DELETE paths
- Applies to PUT operations on non-versioned buckets

Performance impact: For buckets without object lock (the common case),
this eliminates one filer lookup per DELETE/PUT operation.
optimize-delete-lookups
chrislu 6 days ago
parent
acd7f1a4d5
commit
4e5e8db431
3 changed files with 47 additions and 29 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 9
      weed/s3api/s3api_bucket_config.go
  2. 32
      weed/s3api/s3api_object_handlers_delete.go
  3. 5
      weed/s3api/s3api_object_handlers_put.go

9
weed/s3api/s3api_bucket_config.go
View File

@ -548,6 +548,15 @@ func (s3a *S3ApiServer) getBucketVersioningStatus(bucket string) (string, s3err.
return config.Versioning, s3err.ErrNone
}
// isObjectLockEnabled checks if object lock is enabled for a bucket (cached check)
func (s3a *S3ApiServer) isObjectLockEnabled(bucket string) bool {
config, errCode := s3a.getBucketConfig(bucket)
if errCode != s3err.ErrNone {
return false
}
return config.ObjectLockConfig != nil
}
// setBucketVersioningStatus sets the versioning status for a bucket
func (s3a *S3ApiServer) setBucketVersioningStatus(bucket, status string) s3err.ErrorCode {
errCode := s3a.updateBucketConfig(bucket, func(config *BucketConfig) error {

32
weed/s3api/s3api_object_handlers_delete.go
View File

@ -53,17 +53,20 @@ func (s3a *S3ApiServer) DeleteObjectHandler(w http.ResponseWriter, r *http.Reque
// Handle versioned delete based on specific versioning state
if versionId != "" {
// Delete specific version (same for both enabled and suspended)
// Check object lock permissions before deleting specific version
// The returned entry is reused to avoid duplicate filer lookups
// Only check object lock if enabled for this bucket (avoids expensive entry lookup)
var prefetchedEntry *filer_pb.Entry
if s3a.isObjectLockEnabled(bucket) {
governanceBypassAllowed := s3a.evaluateGovernanceBypassRequest(r, bucket, object)
prefetchedEntry, lockErr := s3a.enforceObjectLockProtections(r, bucket, object, versionId, governanceBypassAllowed)
var lockErr error
prefetchedEntry, lockErr = s3a.enforceObjectLockProtections(r, bucket, object, versionId, governanceBypassAllowed)
if lockErr != nil {
glog.V(2).Infof("DeleteObjectHandler: object lock check failed for %s/%s: %v", bucket, object, lockErr)
s3err.WriteErrorResponse(w, r, s3err.ErrAccessDenied)
return
}
}
// Delete specific version, passing prefetched entry to avoid duplicate lookup
// Delete specific version, passing prefetched entry if available
err := s3a.deleteSpecificObjectVersion(bucket, object, versionId, prefetchedEntry)
if err != nil {
glog.Errorf("Failed to delete specific version %s: %v", versionId, err)
@ -93,17 +96,20 @@ func (s3a *S3ApiServer) DeleteObjectHandler(w http.ResponseWriter, r *http.Reque
// Suspended versioning: Actually delete the "null" version object
glog.V(2).Infof("DeleteObjectHandler: deleting null version for suspended versioning %s/%s", bucket, object)
// Check object lock permissions before deleting "null" version
// The returned entry is reused to avoid duplicate filer lookups
// Only check object lock if enabled for this bucket (avoids expensive entry lookup)
var prefetchedEntry *filer_pb.Entry
if s3a.isObjectLockEnabled(bucket) {
governanceBypassAllowed := s3a.evaluateGovernanceBypassRequest(r, bucket, object)
prefetchedEntry, lockErr := s3a.enforceObjectLockProtections(r, bucket, object, "null", governanceBypassAllowed)
var lockErr error
prefetchedEntry, lockErr = s3a.enforceObjectLockProtections(r, bucket, object, "null", governanceBypassAllowed)
if lockErr != nil {
glog.V(2).Infof("DeleteObjectHandler: object lock check failed for %s/%s: %v", bucket, object, lockErr)
s3err.WriteErrorResponse(w, r, s3err.ErrAccessDenied)
return
}
}
// Delete the "null" version (the regular file), passing prefetched entry
// Delete the "null" version (the regular file)
err := s3a.deleteSpecificObjectVersion(bucket, object, "null", prefetchedEntry)
if err != nil {
glog.Errorf("Failed to delete null version: %v", err)
@ -117,13 +123,16 @@ func (s3a *S3ApiServer) DeleteObjectHandler(w http.ResponseWriter, r *http.Reque
}
} else {
// Handle regular delete (non-versioned)
// Check object lock permissions before deleting object
// Only check object lock permissions if object lock is enabled for the bucket
// This avoids an expensive entry lookup for buckets without object lock
if s3a.isObjectLockEnabled(bucket) {
governanceBypassAllowed := s3a.evaluateGovernanceBypassRequest(r, bucket, object)
if _, lockErr := s3a.enforceObjectLockProtections(r, bucket, object, "", governanceBypassAllowed); lockErr != nil {
glog.V(2).Infof("DeleteObjectHandler: object lock check failed for %s/%s: %v", bucket, object, lockErr)
s3err.WriteErrorResponse(w, r, s3err.ErrAccessDenied)
return
}
}
target := util.FullPath(fmt.Sprintf("%s/%s%s", s3a.option.BucketsPath, bucket, object))
dir, name := target.DirAndName()
@ -238,10 +247,9 @@ func (s3a *S3ApiServer) DeleteMultipleObjectsHandler(w http.ResponseWriter, r *h
continue
}
// Check object lock permissions before deletion (only for versioned buckets)
// The returned entry is reused to avoid duplicate filer lookups
// Only check object lock if enabled for this bucket (avoids expensive entry lookup)
var prefetchedEntry *filer_pb.Entry
if versioningConfigured {
if versioningConfigured && s3a.isObjectLockEnabled(bucket) {
// Validate governance bypass for this specific object
governanceBypassAllowed := s3a.evaluateGovernanceBypassRequest(r, bucket, object.Key)
var lockErr error

5
weed/s3api/s3api_object_handlers_put.go
View File

@ -166,9 +166,10 @@ func (s3a *S3ApiServer) PutObjectHandler(w http.ResponseWriter, r *http.Request)
return
}
// For non-versioned buckets, check if existing object has object lock protections
// For non-versioned buckets with object lock enabled, check if existing object has protections
// that would prevent overwrite (PUT operations overwrite existing objects in non-versioned buckets)
if !versioningConfigured {
// Skip this check for buckets without object lock to avoid expensive entry lookup
if !versioningConfigured && s3a.isObjectLockEnabled(bucket) {
governanceBypassAllowed := s3a.evaluateGovernanceBypassRequest(r, bucket, object)
// Note: We ignore the returned entry since PUT creates a new entry anyway
if _, lockErr := s3a.enforceObjectLockProtections(r, bucket, object, "", governanceBypassAllowed); lockErr != nil {

Write Preview
Loading…
Cancel
Save