Skip to main content

Operations on objects

Contributors netapp-lhalbert

This section describes how the StorageGRID system implements S3 REST API operations for objects.

The following conditions apply to all object operations:

  • StorageGRID consistency controls are supported by all operations on objects, with the exception of the following:

    • GET Object ACL

    • OPTIONS /

    • PUT Object legal hold

    • PUT Object retention

  • Conflicting client requests, such as two clients writing to the same key, are resolved on a “latest-wins” basis. The timing for the "`latest-wins`"evaluation is based on when the StorageGRID system completes a given request, and not on when S3 clients begin an operation.

  • All objects in a StorageGRID bucket are owned by the bucket owner, including objects created by an anonymous user, or by another account.

  • Data objects ingested to the StorageGRID system through Swift cannot be accessed through S3.

The following table describes how StorageGRID implements S3 REST API object operations.

Operation Implementation

DELETE Object

Multi-Factor Authentication (MFA) and the response header x-amz-mfa are not supported.

When processing a DELETE Object request, StorageGRID attempts to immediately remove all copies of the object from all stored locations. If successful, StorageGRID returns a response to the client immediately. If all copies cannot be removed within 30 seconds (for example, because a location is temporarily unavailable), StorageGRID queues the copies for removal and then indicates success to the client.

Versioning

To remove a specific version, the requestor must be the bucket owner and use the versionId subresource. Using this subresource permanently deletes the version. If the versionId corresponds to a delete marker, the response header x-amz-delete-marker is returned set to true.

  • If an object is deleted without the versionId subresource on a version enabled bucket, it results in the generation of a delete marker. The versionId for the delete marker is returned using the x-amz-version-id response header, and the x-amz-delete-marker response header is returned set to true.

  • If an object is deleted without the versionId subresource on a version suspended bucket, it results in a permanent deletion of an already existing 'null' version or a 'null' delete marker, and the generation of a new 'null' delete marker. The x-amz-delete-marker response header is returned set to true.

Note: In certain cases, multiple delete markers might exist for an object.

DELETE Multiple Objects

Multi-Factor Authentication (MFA) and the response header x-amz-mfa are not supported.

Multiple objects can be deleted in the same request message.

DELETE Object tagging

Uses the tagging subresource to remove all tags from an object. Implemented with all Amazon S3 REST API behavior.

Versioning

If the versionId query parameter is not specified in the request, the operation deletes all tags from the most recent version of the object in a versioned bucket. If the current version of the object is a delete marker, a “MethodNotAllowed” status is returned with the x-amz-delete-marker response header set to true.

GET Object

GET Object ACL

If the necessary access credentials are provided for the account, the operation returns a positive response and the ID, DisplayName, and Permission of the object owner, indicating that the owner has full access to the object.

GET Object legal hold

GET Object retention

GET Object tagging

Uses the tagging subresource to return all tags for an object. Implemented with all Amazon S3 REST API behavior

Versioning

If the versionId query parameter is not specified in the request, the operation returns all tags from the most recent version of the object in a versioned bucket. If the current version of the object is a delete marker, a “MethodNotAllowed” status is returned with the x-amz-delete-marker response header set to true.

HEAD Object

POST Object restore

PUT Object

PUT Object - Copy

PUT Object legal hold

PUT Object retention

PUT Object tagging

Uses the tagging subresource to add a set of tags to an existing object. Implemented with all Amazon S3 REST API behavior

Tag updates and ingest behavior

When you use PUT Object tagging to update an object's tags, StorageGRID does not re-ingest the object. This means that the option for Ingest Behavior specified in the matching ILM rule is not used. Any changes to object placement that are triggered by the update are made when ILM is re-evaluated by normal background ILM processes.

This means that if the ILM rule uses the Strict option for ingest behavior, no action is taken if the required object placements cannot be made (for example, because a newly required location is unavailable). The updated object retains its current placement until the required placement is possible.

Resolving conflicts

Conflicting client requests, such as two clients writing to the same key, are resolved on a “latest-wins” basis. The timing for the "`latest-wins`"evaluation is based on when the StorageGRID system completes a given request, and not on when S3 clients begin an operation.

Versioning

If the versionId query parameter is not specified in the request, the operation add tags to the most recent version of the object in a versioned bucket. If the current version of the object is a delete marker, a “MethodNotAllowed” status is returned with the x-amz-delete-marker response header set to true.

Related information

Consistency controls