Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Feature Request] Enable checksum/md5 headers when backing up to S3 with object lock #468

Open
danfoley1991 opened this issue May 10, 2024 · 8 comments

Comments

@danfoley1991
Copy link

May be something that has been raised before but didn't managed to find anything.
When an S3 bucket has object lock enabled, the backup using rancher backup fails due to missing headers. (see error below).

Content-MD5 OR x-amz-checksum- HTTP header is required for Put Object requests with Object Lock parameters

Is this something that has been intentionally excluded?

@ericpromislow
Copy link
Collaborator

I don't believe this has ever been tested. Are you able to create and specify a separate S3 bucket that doesn't have object-locking enabled on it?

@danfoley1991
Copy link
Author

I don't believe this has ever been tested. Are you able to create and specify a separate S3 bucket that doesn't have object-locking enabled on it?

Yep. It works perfectly if object lock is not enabled, but with it enabled, a checksum/md5 header is required.

Copy link

This repository uses an automated workflow to automatically label issues which have not had any activity (commit/comment/label) for 60 days. This helps us manage the community issues better. If the issue is still relevant, please add a comment to the issue so the workflow can remove the label and we know it is still valid. If it is no longer relevant (or possibly fixed in the latest release), the workflow will automatically close the issue in 14 days. Thank you for your contributions.

@danfoley1991
Copy link
Author

I intend on making the code change here to enable this functionality

@mrlindblom
Copy link

mrlindblom commented Oct 18, 2024

Is it possible to add support for different retention time and mode for each backup job?

In AWS you can configure a default retention time and mode however each put object request can have its own retention and mode which is not same as the default setting.

Also when doing a restore it would be nice to be able to specify version-id as well.

Use case for Object lock support is to protect backup from tampering. For example during a ransomware attack the bad guys is often trying to destroy or delete the backups. Object lock would prevent this.

@mallardduck
Copy link
Member

@mrlindblom That seems like a different set of features than this issue covers. Please open a new Feature Request with the additional features you would like to see. If they require this one be implemented first, then you can reference that in your request.

@mrlindblom
Copy link

Is it possible to add support for different retention time and mode for each backup job?

In AWS you can configure a default retention time and mode however each put object request can have its own retention and mode which is not same as the default setting.

Also when doing a restore it would be nice to be able to specify version-id as well.

Use case for Object lock support is to protect backup from tampering. For example during a ransomware attack the bad guys is often trying to destroy or delete the backups. Object lock would prevent this.

Agree, i'll fix two new issue. One for retention and one support of the version-id

Copy link

This repository uses an automated workflow to automatically label issues which have not had any activity (commit/comment/label) for 60 days. This helps us manage the community issues better. If the issue is still relevant, please add a comment to the issue so the workflow can remove the label and we know it is still valid. If it is no longer relevant (or possibly fixed in the latest release), the workflow will automatically close the issue in 14 days. Thank you for your contributions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

4 participants