Object Deletion

This page summarizes how a DELETE operation affects objects depending on the configuration of the bucket that contains the object.

Any combination of the following factors may impact how DELETE operations function:

• Bucket versioning
• Object locking rules
• Object Lifecycle Management rules
• Object tiering
• Site or bucket replication
• Scanner

AIStor uses a policy based access control system for access management. The user or service account must provide the correct policy action and conditions to allow a DELETE for the bucket and object.

When performing a DELETE operation on an object in a bucket that does not have versioning enabled, the operation is straightforward. After verifying the user or service account has permission to perform the DELETE operation, AIStor permanently removes the object.

The user or service account requesting the delete action the action must have the s3:DeleteObject action permission for the bucket and object.

DELETE operations work differently when an object is versioned.

The user or service account must have the s3:DeleteObjectVersion action permission for the bucket and object.

A DELETE operation on a versioned object that does not specify a version UUID results in the creation of a DeleteMarker placed as the head of the object.

In this scenario, AIStor does not actually remove the object or any of its versions from the disk. All existing versions of the object remain available to access by specifying the version’s UUID. When a DeleteMarker is the head for the object, AIStor does not serve the object for GET requests that do not specify a version ID. Instead, AIStor returns a 404-like response.

You can find the UUID of object versions with mc ls --versions.

To remove the current version of the object from the drive, find the UUID of the version, and then use mc rm --version-id=UUID ... to delete the current version. In this scenario, the immediately preceding version of the object then becomes the current version of the object served for GET requests of the object with no UUID specified.

To delete prior versions of an object, specify the version’s UUID. You can retrieve the version UUID with mc ls --versions. When the DELETE request specifies a version-id and the user has the correct permissions to delete the object version, AIStor permanently removes the specified version from the drive.

Use mc rm --versions to delete all versions of an object. This is irreversible.

You can define one or more lifecycle management expiration rule(s) to expire objects after a certain version number count or a certain period of time. When more versions exist than the rule specifies, or when a version is older than specified, AIStor permanently removes the object version from the drive.

These rules rely on the scanner to process the rule on the bucket. The scanner operates as a lower priority continuous process where READ and WRITE actions are preferred. Because of this, object versions that meet the requirements for expiration may not immediately be removed from AIStor.

See the scanner page for more details on how the scanner works and configuration options.

DeleteMarkers are their own objects. Lifecycle rules can remove DeleteMarkers that are the only remaining versions of their objects.

AIStor protects objects subject to a locking rule from being overwritten or deleted. These rules require that objects be retained until either the rule expires or is removed.

DELETE operations on locked objects without a specified version result in the creation of a DeleteMarker for the object. However, the object versions themselves are retained as required by the lock.

DELETE operations that specify an object version are subject to the retention rules. AIStor protects object versions subject to a lock from being overwritten or deleted until the lock expires or is removed.

Replication duplicates objects from one location to another. AIStor supports replication at the bucket level or the cluster (“site”) level.

Delete operations may or may not replicate, depending on the type of replication and how the replication is configured.

For clusters with multi-site replication enabled, AIStor replicates all delete operations performed on any cluster to each of the other clusters in the peer group.

Delete behavior on any single peer follows the same processes as any AIStor deployment.

With bucket replication, AIStor supports replicating delete operations between a source bucket and a configured remote bucket. AIStor synchronizes deleting specific object versions and new delete markers. Delete operation replication uses the same replication process as all other replication operations.

AIStor requires explicitly enabling versioned deletes and delete marker replication. Use the mc replicate add --replicate field to specify either delete and delete-marker or both to enable versioned deletes and delete marker replication, respectively. To enable both, specify both strings using a comma separator: delete,delete-marker.

For delete marker replication, AIStor begins the replication process after a delete operation creates the delete marker. AIStor uses the X-Minio-Replication-DeleteMarker-Status metadata field for tracking delete marker replication status. In active-active replication configurations, AIStor may produce duplicate delete markers if both clusters concurrently create a delete marker for an object or if one or both clusters were down before the replication event synchronized.

For replicating the deletion of a specific object version, AIStor marks the object version as PENDING until replication completes. Once the remote target deletes that object version, AIStor deletes the object version on the source. While this process ensures near-synchronized version deletion, it may result in listing operations returning the object version after the initial delete operation. AIStor uses the X-Minio-Replication-Delete-Status for tracking delete version replication status.

AIStor only replicates explicit client-driven delete operations. AIStor does not replicate objects deleted by lifecycle management expiration rules. For active-active configurations, set the same expiration rules on all of of the replication buckets to ensure consistent application of object expiration.