[Feature Request] Enable checksum/md5 headers when backing up to S3 with object lock

[danfoley1991]

May be something that has been raised before but didn't managed to find anything.
When an S3 bucket has object lock enabled, the backup using rancher backup fails due to missing headers. (see error below).

Content-MD5 OR x-amz-checksum- HTTP header is required for Put Object requests with Object Lock parameters

Is this something that has been intentionally excluded?

[ericpromislow]

I don't believe this has ever been tested. Are you able to create and specify a separate S3 bucket that doesn't have object-locking enabled on it?

[danfoley1991]

I don't believe this has ever been tested. Are you able to create and specify a separate S3 bucket that doesn't have object-locking enabled on it?

Yep. It works perfectly if object lock is not enabled, but with it enabled, a checksum/md5 header is required.

[github-actions]

This repository uses an automated workflow to automatically label issues which have not had any activity (commit/comment/label) for 60 days. This helps us manage the community issues better. If the issue is still relevant, please add a comment to the issue so the workflow can remove the label and we know it is still valid. If it is no longer relevant (or possibly fixed in the latest release), the workflow will automatically close the issue in 14 days. Thank you for your contributions.

[danfoley1991]

I intend on making the code change here to enable this functionality

[mrlindblom]

Is it possible to add support for different retention time and mode for each backup job?

In AWS you can configure a default retention time and mode however each put object request can have its own retention and mode which is not same as the default setting.

Also when doing a restore it would be nice to be able to specify version-id as well.

Use case for Object lock support is to protect backup from tampering. For example during a ransomware attack the bad guys is often trying to destroy or delete the backups. Object lock would prevent this.

[mallardduck]

@mrlindblom That seems like a different set of features than this issue covers. Please open a new Feature Request with the additional features you would like to see. If they require this one be implemented first, then you can reference that in your request.

[mrlindblom]

Is it possible to add support for different retention time and mode for each backup job?

In AWS you can configure a default retention time and mode however each put object request can have its own retention and mode which is not same as the default setting.

Also when doing a restore it would be nice to be able to specify version-id as well.

Use case for Object lock support is to protect backup from tampering. For example during a ransomware attack the bad guys is often trying to destroy or delete the backups. Object lock would prevent this.

Agree, i'll fix two new issue. One for retention and one support of the version-id