diff --git a/lib/policyEvaluator/RequestContext.ts b/lib/policyEvaluator/RequestContext.ts index 056f26589..7d1be103a 100644 --- a/lib/policyEvaluator/RequestContext.ts +++ b/lib/policyEvaluator/RequestContext.ts @@ -171,6 +171,7 @@ export default class RequestContext { _needTagEval: boolean; _foundAction?: string; _foundResource?: string; + _objectLockRetentionDays?: number | null; constructor( headers: { [key: string]: string | string[] }, @@ -192,6 +193,7 @@ export default class RequestContext { requestObjTags?: string, existingObjTag?: string, needTagEval?: false, + objectLockRetentionDays?: number, ) { this._headers = headers; this._query = query; @@ -224,6 +226,7 @@ export default class RequestContext { this._requestObjTags = requestObjTags || null; this._existingObjTag = existingObjTag || null; this._needTagEval = needTagEval || false; + this._objectLockRetentionDays = objectLockRetentionDays || null; return this; } @@ -255,6 +258,7 @@ export default class RequestContext { requestObjTags: this._requestObjTags, existingObjTag: this._existingObjTag, needTagEval: this._needTagEval, + objectLockRetentionDays: this._objectLockRetentionDays, }; return JSON.stringify(requestInfo); } @@ -295,6 +299,7 @@ export default class RequestContext { obj.requestObjTags, obj.existingObjTag, obj.needTagEval, + obj.objectLockRetentionDays, ); } @@ -698,4 +703,24 @@ export default class RequestContext { getNeedTagEval() { return this._needTagEval; } + + /** + * Get object lock retention days + * + * @returns objectLockRetentionDays - object lock retention days + */ + getObjectLockRetentionDays() { + return this._objectLockRetentionDays; + } + + /** + * Set object lock retention days + * + * @param objectLockRetentionDays - object lock retention days + * @returns itself + */ + setObjectLockRetentionDays(objectLockRetentionDays: number) { + this._objectLockRetentionDays = objectLockRetentionDays; + return this; + } } diff --git a/lib/policyEvaluator/utils/conditions.ts b/lib/policyEvaluator/utils/conditions.ts index 81162ac47..d99533e42 100644 --- a/lib/policyEvaluator/utils/conditions.ts +++ b/lib/policyEvaluator/utils/conditions.ts @@ -166,6 +166,9 @@ export function findConditionKey( return requestContext.getNeedTagEval() && requestContext.getRequestObjTags() ? getTagKeys(requestContext.getRequestObjTags()!) : undefined; + // The maximum retention period is 100 years. + case 's3:object-lock-remaining-retention-days': + return requestContext.getObjectLockRetentionDays() || undefined; default: return undefined; } diff --git a/package.json b/package.json index 7aa191e90..b6e42a797 100644 --- a/package.json +++ b/package.json @@ -3,7 +3,7 @@ "engines": { "node": ">=16" }, - "version": "7.10.51", + "version": "7.10.52", "description": "Common utilities for the S3 project components", "main": "build/index.js", "repository": { diff --git a/tests/unit/policyEvaluator/RequestContext.spec.js b/tests/unit/policyEvaluator/RequestContext.spec.js index 3676bf996..9a41521c1 100644 --- a/tests/unit/policyEvaluator/RequestContext.spec.js +++ b/tests/unit/policyEvaluator/RequestContext.spec.js @@ -111,6 +111,7 @@ describe('RequestContext', () => { specificResource: 'specific-resource', sslEnabled: true, tokenIssueTime: null, + objectLockRetentionDays: null, }; it('serialize()', () => { assert.deepStrictEqual(JSON.parse(rc.serialize()), SerializedFields);