minIO

The minio commandline tool is a lightweight application for connecting to S3 Storage. Information about installation and configuration can be found on the official webpage.

Use Case: Object-Lock basic commands

# Create a Bucket with Object Lock enabled
$ mc mb --with-lock myProfile/myBucket/
Bucket created successfully `myProfile/myBucket/`.

# Set a global Bucket policy which keeps every uploaded Object locked for 1 Day.
$ mc retention set --default GOVERNANCE 1d myProfile/myBucket/
GOVERNANCE mode is enabled for 1DAYS.

$ mc cp testfile.txt myProfile/myBucket/
testfile.txt:                        8 B / 8 B ┃ ===============┃ 406 B/s 0s

# Query the remaining retention period of a single Object.
$ mc retention info myProfile/myBucket/testfile.txt
GOVERNANCE mode is enabled for 1DAYS.

# Set a delete marker for the locked Obejct (object itself won't be deleted).
$ mc rm --force myProfile/myBucket/testfile.txt
Removing `myProfile/myBucket/testfile.txt`.

# Check the Versions in the Object Lock Bucket (testfile.txt is still there, but with a delete marker)
$ mc ls --versions myProfile/myBucket/
[2023-05-24 15:44:07 CEST]     0B 1684935847296 v2 DEL testfile.txt
[2023-05-24 15:40:48 CEST]     8B 1684935611009 v1 PUT testfile.txt

# Prove that there is no possiblity to delete the locked Object Version.
$ mc rm --version-id 1684935611009 --force myProfile/myBucket/testfile.txt
Removing `myProfile/myBucket/testfile.txt` (versionId=1684935611009).
mc: <ERROR> Failed to remove `myProfile/myBucket/testfile.txt`. ERROR_OBJECT_LOCK_ACCESS_DENIED

This is an information message

Why can I delete objects even after I turned on Object Lock for my Amazon S3 bucket?

This Guide helps to understand why a simple delete on a locked Object is still working.